- The Flow Logs (FL) service is only available to the ENI in VPC, while the flow logs of classic network-based CVM, database, gateway, peering connection and other services cannot be collected.
- The configurations of a flow log cannot be modified after creation. For example, the cloud log service (CLS) to which the flow log is published cannot be modified.
- FL does not support capturing the following IP traffic:
- Traffic generated by Windows instances for activation of Windows license.
- DHCP traffic.
- FL collects the original outbound traffic and limited inbound traffic of the ENI on a CVM.
Assume you create a flow log for the ENI on a CVM:
- When the CVM accesses the public network through a cloud load balancer, the “1” traffic will be collected for the outbound direction and the “2” traffic will be collected for the inbound direction.
- When the CVM accesses the public network through a NAT Gateway, the “3” traffic will be collected for the outbound direction and the “4” traffic will be collected for the inbound direction.
FL supports collecting ENI traffic on the following CVM instances in regions listed below.
||Guangzhou, Shanghai, Beijing, Chengdu and Western US
||Standard S1, Standard S2, Standard S3, MEM optimized M1, MEM optimized M2, MEM optimized M3, High IO I1, High IO I2, High IO I3, Compute C2, Compute C3, Compute Network-optimized CN3, and Big Data D1