After a flow log is created for the ENI, you can store and analyze the network traffic in real time, making FL fit for troubleshooting, compliance audit, security and other use cases. This document describes how to create a flow log in the private network.
CVM A (10.16.0.22) and CVM B (10.16.0.40) reside in the same VPC. If you log in to the CVM A and run the ping command to connect the CVM B, the CVM A will receive the following response. If a flow log is created for the ENI on the CVM A, the flow log also records the response to the ping operation.
|Name||The name of the flow log to be created|
|Collection Range||Only **ENI** is supported currently|
|VPC||VPC where the source CVM resides|
|Subnet||Subnet where the source CVM resides|
|Collection Type||Specifies the type of traffic to be collected by the flow log: all traffic, or the traffic rejected or accepted by security groups or ACL.|
|Logset||Specifies the storage location in CLS for flow logs. Select an existing logset, or click **Create** to add a logset in the CLS console.|
|Log topic||Specifies the minimum dimension of log storage, which is used to distinguish log types, such as `Accept` log. Select an existing log topic, or go to the CLS console to add a log topic.|
|Tag key||You can enter or select a tag key for the identification and management of the flow log.|
|Key value||You can enter or select a key value, or leave it empty.|
- You can view the record of a newly created flow log in CLS after 15 minutes upon the creation (10 minutes for the capture window and 5 minutes for data publishing).
- FL is free of charge, but the data stored in CLS is charged at standard prices.
After 15 minutes, locate the flow log you’ve created on the Flow Log page and click Check to access the Search Analysis page. Select a time range and enter the IP of the CVM B in the search bar to search. The result is the same as the response received by the CVM A.