Flow Logs

A full-time, full-flow and non-intrusive traffic collection service that enhances the stability, security and intelligence of your networks

Overview

Tencent Cloud Flow Logs (FL) provides you with a full-time, full-flow and non-intrusive traffic collection service, enabling you to store and analyze network traffic in real time for assistance with troubleshooting, architecture optimization, security detection and compliance auditing. With FL, your cloud networks will become more stable, secure and intelligent.

Benefits

Zero Performance Loss

Non-intrusive collection fundamentally circumvents the issue of high consumption of CVM bandwidth and CPU resources by traditional collection methods, helping you build an efficient and stable network monitoring system in the cloud.

Security

Bypass collection eliminates the need to install any plug-ins on the CVMs, effectively clearing off your security concerns and removing the collecting party from any liability in case of failures.

Full-time and Full-flow Service

Powerful packet processing collects the ENI traffic across the entire network, enabling full-time and network-wide flow rewinding for tracking purposes and making it easy to implement security auditing and troubleshooting measures.

Strong Real-timeness

Real-time data collection of high volumes of network flows helps you analyze business networks in real time, allowing for prompt decision-making and strategic response and reducing network downtime.

Ease of Management

FL can be activated in just seconds and is easy to manage, helping you improve OPS efficiency and enabling you to focus more on core business innovations and enhance corporate competitiveness.

Features

Flow logs can be created for VPCs, subnets and EINs and delivered to the specified Cloud Log Service (CLS) for storage and analysis.
Flow Log Collection

Flow logs can be created for VPCs, subnets and EINs. When created for VPCs or subnets, the flow logs of every single EIN on the VPCs or subnets will be collected. A flow log consists of multiple records with the following fields: source IP, destination IP, protocol, packet size, traffic, collection time window and security group or ACL permission.

Scenarios

Network Failure Troubleshooting

Network quality is the cornerstone of business stability. With the ability to snapshot failure sites, FL helps you quickly locate failures, rewind the network for tracking purposes and reduce network downtime. Specifically, FL can be used to quickly locate:
1. The CVMs at the root of the issue in cases such as broadcast storms or CVMs with bandwidth overuse;
2. Whether the inaccessibility of the CVMs is due to inappropriate security group or ACL settings.

Network Architecture Optimization

FL collects network-wide, full-time and full-flow EIN traffic which, through big data analytics and visualization, helps you improve data-driven network OPS capability and optimize network architecture to:
1. Analyze historical network data to build business network benchmarks;
2. Promptly identify performance bottlenecks to reasonably scale up or down;
3. Analyze end users' access regions to appropriately expand business coverage;
4. Analyze network traffic to optimize network security policies.

Network Threat Alarming

Adding more traditional traffic checkpoints will degrade the performance of CVMs. In contrast, FL's full-time, full-flow and non-intrusive collection method helps you identify the following network threats, among others, in a timely manner to improve system security without affecting CVM performance:
1. Attempts to connect to a wide range of IPs
2. Communications with known threating IPs
3. Uncommon protocols