Enable Flow Logs

Flow logs is a feature that allows you to capture data related to IPv4 network traffic flows. Flow logs can be enabled for each network interface of a virtual machine (VM) instance, as well as the public interfaces of the Network Load Balancer and Network Address Translation (NAT) Gateway.
Flow logs can help you with a number of tasks such as:
  • Debugging connectivity and security issues
  • Monitoring network throughput and performance
  • Logging data to ensure that firewall rules are working as expected
Flow logs are stored in a customer’s IONOS Cloud S3 bucket, which you configure when you create a flow log collector.

A network traffic flow is a sequence of packets sent from a specific source to a specific unicast, anycast, or multicast destination. A flow could be made up of all packets in a specific transport connection or a media stream. However, a flow is not always mapped to a transport connection one-to-one.
A flow consists of the following network information:
  • Source IP address
  • Destination IP address
  • Source port
  • Destination port
  • Internet protocol
  • Number of packets
  • Bytes
  • Capture start time
  • Capture end time

  • Flow log data for a monitored network interface is stored as flow log records, which are log events that contain fields that describe the traffic flow. For more information, see flow log record
  • Flow log records are written to flow logs, which are then stored in a user-defined IONOS Cloud S3 Object Storage bucket from where they can be accessed.
  • You can export, process, analyze, and visualize flow logs using tools, such as Security Information and Event Management (SIEM) systems, Intrusion Detection Systems (IDS), Cyberduck, Logstash, etc.
  • Traffic flows in your network are captured in accordance with the defined rules.
  • Flow logs are collected at a 10-minute rotation interval and have no impact on customer resources or network performance. Statistics about a traffic flow are collected and aggregated during this time period to create a flow log record.
No flow log file will be created if no flows for a particular bucket are received during the log rotation interval. This prevents empty objects from being uploaded to S3.
  • The flow log file's name is prefixed with an optional object prefix, followed by a Unix timestamp and the file extension .log.gz, for example, flowlogs/webserver01-1629810635.log.gz.
  • Flow logs are retained in the S3 bucket until they are manually deleted. Alternatively, you can configure objects to be deleted automatically after a predefined time period using an S3 object Lifecycle Policy.
  • The S3 Object Storage owner of the object is an IONOS Cloud internal technical user named [email protected] (Canonical ID 31721881|65b95d54-8b1b-459c-9d46-364296d9beaf).
Never delete the IONOS Cloud internal technical user from your bucket as this disables the flow log service. The bucket owner also receives full permissions to the flow log objects per default.

To use flow logs, you need to be aware of the following limitations:
  • You can't change the configuration of a flow log or the flow log record format after it's been created. In the flow log record, for example, you can't add or remove fields. Instead, delete the flow log and create a new one with the necessary settings.
  • There is a limit of one flow log created per NIC, NAT Gateway, and Network Load Balancer.
Export as PDF
Copy link
On this page
Network traffic flows
Flow log basics