FL provides you with a full-time, full-flow, non-intrusive traffic collection service, so you can store and analyze network traffic in real time. For example, you can use VPC flow logs to capture incoming/outgoing ENI, NAT Gateway, or cross-region CCN traffic to help you troubleshoot issues.
The FL service for NAT Gateway and cross-region CCN traffic is currently in beta. To try it out, submit a ticket.
A flow log record represents a network flow in your flow logs. Each record captures a specific quintuple network flow within a capture window. For more information, see Flow Log Record.
FL will capture all traffic except the following:
For more information, see Use Cases.
After a flow log is created, only its name and tag can be modified, while its storage location, collection type, and other configuration information cannot. To modify the configuration, delete the flow log and create a new one with the desired configuration.
FL is free of charge, but the data stored in CLS is charged according CLS' billing rules.
For more information, see Getting Started.
First, as flow log data is stored in CLS, make sure that you have granted FL the access to CLS. Secondly, when creating the flow log, if you select a log topic created in the CLS console without the "Flowlog" flag, then you need to go to the Index Configuration tab on the log topic details page, and confirm that Index Status is Enabled. Otherwise, you cannot find the log data in CLS.
A log topic without the "Flowlog" flag:
The Index Status needs to be "Enabled":