It can be created through the Create flow log in the NHN Cloud console. For flow logs to work correctly, the flow log system must have access to storage. For more information, see Granting storage access for flow logs below.
After you click the Create Flow Log button, you can set basic information about the flow log. The settings require the following items.
network interface
units. Here you can see a list of network interfaces that exist in your project, and select the one you want to collect.Type of Traffic Collected: You can select Allow, Block, or both. If you select Allow, only packets allowed to Security Groups are collected; if you click Block, only blocked packets are collected. If you select both, both allowed and blocked packets are collected and aggregated.
Collect only connection attempt packets: If checked, packets after the connection is established are not collected. For TCP, packets with the TCP state established are not collected, and for UDP/ICMP, response packets are not collected.
File Storage Path: Currently, only Object Storage is supported. For Object Storage, enter the OBS endpoint, AUTH_tenant, container, and path at once.
For example, if the OBS https endpoint is https://api-storage.cloud.toast.com/v1,
the AUTH_OBS_TENANT is AUTH_e670167936434f85a03694184000ffe6
, the Container is named flowlog_container
, and the desired save path is example/my/folder,
then File Storage Path you need to enter would look like as below.
Example File Storage Path: https://api-storage.cloud.toast.com/v1/AUTH_e670167936434f85a03694184000ffe6/flowlog_container/example/my/folder
[Caution] If the container specified does not exist in Object Storage, or if permissions are not set correctly, the flow log enters an error state. You can see the error by hovering over the status on the Flow Log List screen.
[Note] If the path specified does not exist within Object Storage, it will be created.
File Format: The format of the file to save to the storage. CSV and PARQUET file formats are supported. PARQUET
allows you to compress large files into smaller sizes.
File Compression: You can choose to compress files in gzip format when archiving them to storage.
Save split files: The folder frequency at which the flow log categorizes the files it generates. If you specify Per Hour, the flow log writes to one folder every hour under the file storage path set. If you specify Per Day, it creates a folder every 1 day.
You can modify the name and description of the flow log by clicking the Change Flow Log button.
You can delete a flow log by clicking the Delete Flow Log button.
[Caution] If the network interface on which the flow logs are being collected is deleted, the flow logs are not deleted. Instead, the Deleted resource message is displayed and you must delete the flow logs yourself. If the resource being collected is deleted, you will not be charged because the data being collected does not exist.
Click Flow Log System Account Information to display the Flow Log Tenant ID and Flow Log API User ID used by the Flow Log system. To use flow logs, you must grant write access to your storage to the corresponding Flow Log tenant ID and Flow Log API user ID. For more information, see Granting storage access for flow logs below.
If you created a flow log with the storage type specified as object storage (OBS), the flow log system account must have write access to that OBS. If you don't grant write permissions correctly, the flow log system account can't write data to the OBS.
Access the NHN Cloud > Object Storage console.
Select a container to store flow log data in.
At the bottom, click Basic Information > Change Access Policy Settings.
Under Role-based Access Policy, click Use.
[Note] When a flow log is created, it sends a 0 Bytes file (dummy file) to the first-time user's OBS storage. This verifies that access permissions are set correctly. This dummy file is deleted after a short period of time.