It can be created through the Create flow log in the NHN Cloud console. For flow logs to work correctly, the flow log system must have access to storage. For more information, see Granting storage access for flow logs below.
After you click the Create Flow Log button, you can set basic information about the flow log. The settings require the following items.
VPC, Subnet, network interface units. Here you can see VPC, subnet, a list of network interfaces that exist in your project, and select the collection unit type you want to collect.Type of Traffic Collected: You can select Allow, Block, or both. If you select Allow, only packets allowed to Security Groups are collected; if you click Block, only blocked packets are collected. If you select both, both allowed and blocked packets are collected and aggregated.
Collect only connection attempt packets: If checked, packets after the connection is established are not collected. For TCP, packets with the TCP state established are not collected, and for UDP/ICMP, response packets are not collected.
Collection Item: Select an item to collect. If basic item is selected, only required items are collected and logged in files. More items can be selected in custom items. For supported items, see Statistics Information Items in Flow Log Overview.
File Storage Path: Currently, only Object Storage is supported. For Object Storage, enter the OBS endpoint, AUTH_tenant, container, and path at once.
{OBS_https_endpoint}/{AUTH_OBS_TENANT}/{Container}/{Path}
https://kr1-api-object-storage.nhncloudservice.com/v1, your AUTH_OBS_TENANT is AUTH_e670167936434f85a03694184000ffe6, your Container name is flowlog_container, and your desired save path is example/my/folder, the file save path would look like thisExample File Storage Path: https://kr1-api-object-storage.nhncloudservice.com/v1/AUTH_e670167936434f85a03694184000ffe6/flowlog_container/example/my/folder
[Caution] If the container specified does not exist in Object Storage, or if permissions are not set correctly, the flow log enters an error state. You can see the error by hovering over the status on the Flow Log List screen.
[Note] If the path specified does not exist within Object Storage, it will be created.
Save split files: A folder cycle for sorting out files generated by flow logs. If you set it to Per Hour, flow logs will be written to a single folder every hour under the user-defined file storage path. If you set it to Per Day, a folder will be created every day. If you select Custom Path, you can write the folder path directly.
YEAR=#{year}/MONTH=#{month}/DAY=#{day}, flow log files for September 1st, 2024, are saved under the folder example/my/folder/YEAR=2024/MONTH=09/DAY=01File Format: The format of the file to save to the storage. CSV and PARQUET file formats are supported. PARQUET allows you to compress large files into smaller sizes.
File Compression: You can choose to compress files in gzip format when archiving them to storage.
File Name: If you save the file generated by flow logs, the format of the file name is defined. If you select Basic File Name, the file is created in the #{logger_id}_#{year}-#{month}-#{day}T#{hour}:#{minute}:#{second} format. If you specify Custom File Name, you can write the file name directly by using template variables.
Template variables provided from Custom File Name are #{logger_id}, #{year}, #{month}, #{day}, #{hour}, #{minute}, and #{second}. Each of the variables can be used once.
You can modify the name and description of the flow log by clicking the Change Flow Log button.
You can delete a flow log by clicking the Delete Flow Log button.
[Caution] If the network interface on which the flow logs are being collected is deleted, the flow logs are not deleted. Instead, the Deleted resource message is displayed and you must delete the flow logs yourself. If the resource being collected is deleted, you will not be charged because the data being collected does not exist.
Click Flow Log System Account Information to display the Flow Log Tenant ID and Flow Log API User ID used by the Flow Log system. To use flow logs, you must grant write access to your storage to the corresponding Flow Log tenant ID and Flow Log API user ID. For more information, see Granting storage access for flow logs below.
If you created a flow log with the storage type specified as object storage (OBS), the flow log system account must have write access to that OBS. If you don't grant write permissions correctly, the flow log system account can't write data to the OBS.
Access the NHN Cloud > Object Storage console.
Select a container to store flow log data in.
At the bottom, click Basic Information > Change Access Policy Settings.
Under Role-based Access Policy, click Use.
[Note] When a flow log is created, it sends a 0 Bytes file (dummy file) to the first-time user's OBS storage. This verifies that access permissions are set correctly. This dummy file is deleted after a short period of time. [Note] If the number of lines in a file stored in Object Storage exceeds 20,000 lines, the lines are split and stored. 20,000 lines or less: Save as a single file More than 20,000 lines: Split into multiple files suffixed with _part1, _part2, etc.