Flow Logs

A full-time, full-flow and non-intrusive traffic collection service


Tencent Cloud Flow Logs (FL) provides you with a full-time, full-flow and non-intrusive traffic collection service, enabling you to store and analyze network traffic in real time for assistance with troubleshooting, architecture optimization, security detection and compliance auditing. With FL, your cloud networks will become more stable, secure and intelligent.


Zero Performance Loss

Non-intrusive collection fundamentally circumvents the issue of high CVM bandwidth and CPU resource consumption by traditional collection methods, helping you build an efficient and stable network monitoring system in the cloud.


Bypass collection eliminates the need to install any plug-ins on CVMs, effectively relieving you from any security concerns and the collecting party from any liability in case of failures.

Full-time and Full-flow Service

Powerful packet processing collects the ENI traffic across the entire network, enabling full-time and network-wide flow rewinding for tracking purposes and making it easy to implement security auditing and troubleshooting measures.

Real-time Data Collection

Real-time data collection of high volumes of network flows helps you analyze business networks in real time, allowing for prompt decision-making and strategic responses and reducing network downtime.

Easy Management

FL can be activated in just seconds and is easy to manage, helping you improve OPS efficiency and enabling you to focus more on core business innovations to enhance corporate competitiveness.


Flow logs can be created for VPCs, subnets and ENIs and delivered to the specified Cloud Log Service (CLS) for storage and analysis.
Flow Log Collection

Flow logs can be created for VPCs, subnets and ENIs. When created for VPCs or subnets, the flow logs of every single ENI on the VPCs or subnets will be collected. A flow log consists of multiple records with the following fields: source IP, destination IP, protocol, packet size, traffic, collection time window and security group or ACL permission.


Network Failure Troubleshooting

Network quality is the cornerstone of business stability. With the ability to snapshot failure sites, FL helps you quickly locate failures, rewind the network for tracking purposes and reduce network downtime. Specifically, FL can be used to quickly determine:

1. The CVMs at the root of issues such as broadcast storms or CVMs with overused bandwidth.

2. Whether the inaccessibility of the CVMs is due to inappropriate security group or ACL settings.

Network Architecture Optimization

FL collects network-wide, full-time and full-flow ENI traffic, which, through big data analytics and visualization, helps you improve your data-driven network OPS capability and optimize your network architecture to:

1. Analyze historical network data to build business network benchmarks.

2. Promptly identify performance bottlenecks to reasonably scale up or down.

3. Analyze end users' access regions to appropriately expand business coverage.

4. Analyze network traffic to optimize network security policies.

Network Threat Alarms

Adding more traditional traffic checkpoints will degrade the performance of CVMs. In contrast, FL's full-time, full-flow and non-intrusive collection method helps you identify the following network threats in a timely manner to improve system security without affecting CVM performance:

1. Attempts to connect to a wide range of IPs.

2. Communications with known threatening IPs.

3. Uncommon protocols.


Cloud Flow Logs (FL) is free of charge. However, when using FL, fees for other related products such as Cloud Log Service (CLS) may be incurred.

Developer Resources