tencent cloud

Flow Logs
A full-time, full-flow and non-intrusive traffic collection service

Tencent Cloud Flow Logs (FL) provides you with a full-time, full-flow and non-intrusive traffic collection service, enabling you to store and analyze network traffic in real time for assistance with troubleshooting, architecture optimization, security detection and compliance auditing. With FL, your cloud networks will become more stable, secure and intelligent.

Zero Performance Loss

Non-intrusive collection fundamentally circumvents the issue of high CVM bandwidth and CPU resource consumption by traditional collection methods, helping you build an efficient and stable network monitoring system in the cloud.


Bypass collection eliminates the need to install any plug-ins on CVMs, effectively relieving you from any security concerns and the collecting party from any liability in case of failures.

Full-time and Full-flow Service

Powerful packet processing collects the ENI traffic across the entire network, enabling full-time and network-wide flow rewinding for tracking purposes and making it easy to implement security auditing and troubleshooting measures.

Real-time Data Collection

Real-time data collection of high volumes of network flows helps you analyze business networks in real time, allowing for prompt decision-making and strategic responses and reducing network downtime.

Easy Management

FL can be activated in just seconds and is easy to manage, helping you improve OPS efficiency and enabling you to focus more on core business innovations to enhance corporate competitiveness.

Flow Log Collection

Flow logs can be created for VPCs, subnets and ENIs. When created for VPCs or subnets, the flow logs of every single ENI on the VPCs or subnets will be collected. A flow log consists of multiple records with the following fields: source IP, destination IP, protocol, packet size, traffic, collection time window and security group or ACL permission.

Flow Log Query

The collected flow log data can be delivered to CLS for storage and analysis, which supports flow log viewing and multi-keyword querying of hundreds of millions of data entries and returns results in seconds.

Flow Log Delivery

If CLS fails to meet your log storage and analysis needs due to capacity limitations, you can use CLS to deliver the logs to:

• COS: The COS bucket under your account for storage and management.

• CAS (coming soon): The CAS archive bucket under your account for backup storage, satisfying your log auditing needs.

• TDF (coming soon): TDF to meet your data analytics needs for log data customization.


Network quality is the cornerstone of business stability. With the ability to snapshot failure sites, FL helps you quickly locate failures, rewind the network for tracking purposes and reduce network downtime. Specifically, FL can be used to quickly determine:

1. The CVMs at the root of issues such as broadcast storms or CVMs with overused bandwidth.

2. Whether the inaccessibility of the CVMs is due to inappropriate security group or ACL settings.

FL collects network-wide, full-time and full-flow ENI traffic, which, through big data analytics and visualization, helps you improve your data-driven network OPS capability and optimize your network architecture to:

1. Analyze historical network data to build business network benchmarks.

2. Promptly identify performance bottlenecks to reasonably scale up or down.

3. Analyze end users' access regions to appropriately expand business coverage.

4. Analyze network traffic to optimize network security policies.

Adding more traditional traffic checkpoints will degrade the performance of CVMs. In contrast, FL's full-time, full-flow and non-intrusive collection method helps you identify the following network threats in a timely manner to improve system security without affecting CVM performance:

1. Attempts to connect to a wide range of IPs.

2. Communications with known threatening IPs.

3. Uncommon protocols.


Cloud Flow Logs (FL) is free of charge. However, when using FL, fees for other related products such as Cloud Log Service (CLS) may be incurred.