Summary
References
Highlights
VCN flow logs show details about traffic that passes through a VCN. VCN flow logs help you audit traffic and troubleshoot security lists. Enable and manage flow logs from the Network Command Center. Use capture filters to evaluate and select traffic to include in the flow log. Flow logs leverage the Logging service to send log information to a specified log group. For more information, see Logging Overview. Enable flow logs for all VNICs in a VCN or subnet, or target specific instances, network load balancers, or resource VNICs as enablement points.
Enablement Points
There are four (4) points at which flow logs can be enabled:
- VCN (includes all existing and future VNICs)
- Subnet (includes all existing and future VNICs)
- VNIC
- Resources (targeted instance or network load balancer)
Even though the flow log can be enabled at the VCN or subnet level, the log record is generated for an individual VNIC.
Capture Filters
A capture filter has one (1) to ten (10) rules. These rules can specify:
- Sampling rate (percentage of network flows to capture)
- Inclusion/exclusion of packets
Flow logs are batched before being sent to the logging service.