Links

Flow log record

A flow log record is a record of a network flow in your virtual data center (VDC). By default, each record captures a network internet protocol (IP) traffic flow, groups it, and is enhanced with the following information:
  • Account ID of the resource
  • Unique identifier of the network interface
  • The flow's status, indicating whether it was accepted or rejected by the software-defined networking (SDN) layer
The flow log record is in the following format:
<version> <account-id> <interface-id> <srcaddr> <dstaddr> <srcport> <dstport> <protocol> <packets> <bytes> <start> <end> <action> <log-status>

Available Fields

The following table describes all of the available fields for a flow log record.
Field
Type
Description
Example Value
version
string
The flow log version. Version 2 is the default.
2
account-id
string
The IONOS Cloud account ID of the owner of the resource containing the interface for which flow logs are collected.
12345678
interface_id
string
The interface unique identifier (UUID) for which flow logs are collected.
7ffd6527-ce80-4e57-a949-f9a45824ebe2
srcaddr
string
The source address for incoming traffic, or the IPv4 address of the network interface for outgoing traffic.
172.17.1.100
dstaddr
string
The destination address for outgoing traffic, or the IPv4 address of the network interface for incoming traffic.
172.17.1.101
srcport
uint16
The source port from which the network flow originated.
59113
dstport
uint16
The destination port for the network flow.
20756
protocol
uin8
The Internet Assigned Numbers Authority (IANA) protocol number of the traffic. For more information, see Assigned Internet Protocol Numbers
6
packets
uint64
The number of packets transferred during the network flow capture window.
17
bytes
uint64
The number of bytes transferred during the network flow capture window.
1325
start
string
The timestamp, in UNIX EPOCH format, of when the first packet of the flow was received within the grouping interval.
1587983051
end
string
The timestamp, in UNIX EPOCH format, of when the last packet of the flow was received within the grouping interval.
1587983052
action
string
The action associated with the traffic:
ACCEPT: traffic accepted by the firewall
REJECT: traffic rejected by the firewall
ACCEPT
log-status
string
The flow log logging status:
OK: normal flow logging
SKIPDATA: Some flow log records were skipped during the grouping interval
OK

Flow log record example

The following are examples of flow log records that capture specific traffic flows. For information on how to create flow logs, see configure flow logs

Accepted record

In this example, traffic to the network interface 7ffd6527-ce80-4e57-a949-f9a45824ebe2 for the account 12345678 was accepted.
2 12345678 7ffd6527-ce80-4e57-a949-f9a45824ebe2 172.17.1.100 172.17.1.101 59113 20756 6 17 1325 1587983051 1587983052 ACCEPT OK

Rejected record

In this example, traffic to the network interface 7ffd6527-ce80-4e57-a949-f9a45824ebe2 for the account 12345678 was rejected.
2 12345678 7ffd6527-ce80-4e57-a949-f9a45824ebe2 172.17.1.100 172.17.1.101 59113 20756 6 17 1325 1587983051 1587983052 REJECT OK