VPC Flow Logs is a feature in AWS that enables you to capture information about the IP traffic going to and from network interfaces in your VPC. Flow logs can help you with a number of tasks; for example, to troubleshoot why specific traffic is not reaching an instance, which in turn can help you diagnose overly restrictive security group rules. You can also use flow logs as a security tool to monitor the traffic that is reaching your instance. Location of Logs Flow log data is stored using Amazon CloudWatch Logs.After you've created a flow log, you can view and retrieve its data in Amazon CloudWatch Logs.
Key VPC Flow Logs: You can create a flow log for a VPC, a subnet, or a network interface. If you create a flow log for a subnet or VPC, each network interface in the VPC or subnet is monitored. Flow log data is published to a log group in CloudWatch Logs, and each network interface has a unique log stream. Log streams contain flow log records, which are log events consisting of fields that describe the traffic for that network interface.
VPC Flow Log Records: A flow log record represents a network flow in your flow log. It is a space-separated string that has the following format:
-version account-id interface-id srcaddr dstaddr srcport dstport protocol packets bytes start end action log-status
Note: If a field is not applicable for a specific record, the record displays a '-' symbol for that entry.
Please sign in to leave a comment.