- The Flow Logs (FL) service is only available to the ENI in VPC, while the flow logs of classic network-based CVM, database, gateway, peering connection and other services cannot be collected.
- The configurations of a flow log cannot be modified after creation. For example, the cloud log service (CLS) to which the flow log is published cannot be modified.
- FL does not support capturing the following IP traffic:
- Traffic generated by Windows instances for activation of Windows license.
- DHCP traffic.
- FL collects the original outbound traffic and limited inbound traffic of the ENI on a CVM.
For example, the CVM limits the traffic by the NAT Gateway, accesses the public network through a cloud load balancer, and receives the response traffic, as shown below. If a flow log is created for the ENI on a CVM instance, the “1” traffic will be collected for the outbound direction, while the “6” traffic will be collected for the inbound direction.
FL supports collecting the traffic of the ENI on the following CVM instances in regions listed below.
||Beijing, Shanghai, Guangzhou, Chengdu, India, Thailand, Russia, Jinan EC, and Hangzhou EC.
||Standard S1, Standard S2, Standard S3, MEM optimized M1, MEM optimized M2, MEM optimized M3, High IO I1, High IO I2, High IO I3, Compute C2, Compute C3, Compute Network-optimized CN3, and Big Data D1