CCN provides the flow log collection feature to collect and analyze cross-region traffic and generate logs and analysis charts. This helps you stay informed of cross-region communication and quickly locate and solve problems based on the logs, thus improving the business availability and Ops efficiency.
Log in to the VPC console and click Diagnostic Tools > Flow Logs on the left sidebar.
Select the region in the top-left corner of the Flow Logs page and click +Create.
Configure the following parameters in the Create Flow Log window.
|Name||Enter a name for the flow log to be created.|
|Collection Range||Multiple collection ranges are supported currently. Cross-region CCN traffic is selected here.|
|CCN||CCN instance ID.|
|Collection Type||Select the type of traffic to be collected by the flow log: all traffic, or the traffic rejected or accepted by security groups or ACL.|
|Logset||Specify the storage location in CLS for flow logs. If you already have a logset, select it directly; otherwise, keep Created by System selected, so that the system will create one for you. You can also click Create to create one in the CLS console.|
|Log Topic||Specify the minimum dimension of log storage, which is used to distinguish between different types of logs, such as `Accept` log. If you already have a log topic, select it directly; otherwise, keep Created by System selected, so that the system will create one for you. You can also go to the CLS console to create one.
Note: For more information on how to configure a logset, log topic, and index, see Creating Logsets and Log Topics.
|Tag Key||Click Advanced Options to enter or select a tag key for the identification and management of flow logs.|
|Tag Value||Click Advanced Options to enter or select a tag value. It can also be left empty.|
You can view the record of a newly created flow log in CLS after six minutes upon the creation (one minute for the capture window and five minutes for data publishing).
After about six minutes, click Storage Location or View to enter the Search and Analysis page of the CLS service, select the region and time period for which to view logs, and click Search and Analyze to view the logs.
The flow logs of cross-region CCN traffic record the network flows filtered by the "quintuple + traffic source region + traffic destination region" rule in a specific capture window; that is, only flow logs that meet the rule in the capture window can be recorded as flow logs of cross-region CCN traffic.
srcaddr dstregionid dstport start dstaddr version packets ccnid protocol srcregionid bytes action region-id srcport end log-status
|dstregionid||text||Traffic destination region.|
|dstport||long||Traffic destination port. This field will take effect only for UDP/TCP protocols and will be displayed as "-" for other protocols.|
|start||long||The timestamp when the first packet is received in the current capture window. If there are no packets in the capture window, it will be displayed as the start time of the capture window in Unix seconds.|
|version||text||Flow log version.|
|packets||long||Number of packets transferred in the capture window. This field will be displayed as "-" when
|ccnid||text||Unique CCN instance ID. To get the information of your CCN instance, contact us.|
|protocol||long||IANA protocol number of the traffic. For more information, see Assigned Internet Protocol Numbers.|
|srcregionid||text||Traffic source region.|
|bytes||long||Number of bytes transferred in the capture window. This field will be displayed as "-" when
|action||text||Operation associated with the traffic:
ACCEPT: Cross-region traffic normally forwarded over CCN.
REJECT: Cross-region traffic prevented from being forwarded due to traffic throttling.
|region-id||text||Region where logs are recorded.|
|srcport||text||Traffic source port. This field will take effect only for UDP/TCP protocols and will be displayed as "-" for other protocols.|
|end||long||The timestamp when the last packet is received in the current capture window. If there are no packets in the capture window, it will be displayed as the end time of the capture window in Unix seconds.|
|log-status||text||Logging status of the flow log. Valid values:
OK: Data is normally logged to the specified destination.
NODATA: There was no inbound or outbound network flow in the capture window, in which case both the
If the flow log feature is enabled in the Shanghai region, all outbound traffic from Shanghai and inbound traffic to Shanghai will be collected. To collect the flow logs between two regions, you can filter out the expected flow logs by
dstregion in CLS. For more information, see Context Search and Analysis.