# Configure Flow Logs

You can create flow logs using the [<mark style="color:blue;">DCD</mark>](https://docs.ionos.com/cloud/support/general-information/glossary-of-terms#data-center-designer-dcd) for your network interfaces and the public interfaces of the [<mark style="color:blue;">Managed Network Load Balancer (NLB)</mark>](/cloud/network-services/network-load-balancer.md) and Managed [<mark style="color:blue;">NAT Gateway</mark>](/cloud/network-services/nat-gateway.md). Flow logs can publish data to your buckets in the [<mark style="color:blue;">IONOS Cloud Object Storage</mark>](/cloud/backup-and-storage/ionos-object-storage.md).

After you have created and configured your bucket in the IONOS Cloud Object Storage, you can create flow logs for your network interfaces.

{% hint style="info" %}
**Prerequisites:**

* Only contract administrators, owners, and users with the **Create Flow logs** permission can create a flow log. Ensure that you have the necessary permission and sufficient memory available.
* Make sure you have the corresponding privilege to enable **IONOS Cloud Object Storage**. Only contract administrators and owners can enable Object Storage.
  {% endhint %}

## Activate flow logs

To activate flow logs, follow these steps:

1\. In the **DCD**, go to **Menu** > **Virtual Data Centers**.

2\. Open the required data center.

{% tabs %}
{% tab title="Server and Cubes" %}
3\. Go to the [<mark style="color:blue;">Server</mark>](/cloud/compute-services/compute-engine.md) or [<mark style="color:blue;">Cubes</mark>](/cloud/compute-services/cubes.md) element and select the **Network** tab. Open the properties of the Network Controller (NIC).

![Accessing flow logs](/files/SR7DV7bMT55CbyoOoUtc)

4\. Select the **Flow Log** drop-down list and fill in the fields. Provide an appropriate name for the flow log rule in the **Name** field. The name will also be the first part of the object name prefix.

![Configure flow logs](/files/g1wStWC9Cduv0gRSsI3D)
{% endtab %}

{% tab title="Managed NAT Gateway and Managed NLB" %}
3\. Go to the [<mark style="color:blue;">Managed NAT Gateway</mark>](/cloud/network-services/nat-gateway.md) or [<mark style="color:blue;">Managed Network Load Balancer</mark>](/cloud/network-services/network-load-balancer.md) element and select the **Settings** tab.

![View of the Setting tab](/files/MLfN3f7njf63jTXB4ntU)

4\. Provide an appropriate name for the flow log rule in the **Name** field. The name will also be the first part of the objects’ name prefix.

![View of the Flow Log drop-down list](/files/NP0osliPIB6yJ7dO8H3G)
{% endtab %}
{% endtabs %}

5\. To create flow logs for all traffic, choose a **Direction** from the drop-down list:

* **Ingress:** Captures flow logs for incoming traffic.
* **Egress:** Captures flow logs for outgoing traffic.
* **Bidirectional:** Captures flow logs for both incoming and outgoing traffic.

6\. Select an **Action** from the drop-down list to determine which traffic the system logs:

* **Rejected:** Captures only traffic that the firewall blocks.
* **Accepted:** Captures only traffic that the firewall allows.
* **Any:** Captures all traffic.

7\. Enter a valid existing IONOS Cloud Object Storage bucket name in the **Target Object Storage bucket** field. This is an optional object name prefix where flow log records are written.

8\. Select **Add flow log** to complete the configuration of the flow log. Once you provision your changes, it will be available .

{% hint style="info" %}
**Note:**

* Characters **/** (slash) and **%2F** are not supported as object prefix characters.
* You cannot edit fields of a flow log rule after activating it.
* There is a limit of one flow log created per NIC, Managed NAT Gateway, and Managed NLB.
  {% endhint %}

{% hint style="success" %}
**Result:** You can view the activated flow log rule indicated by a **green light** on the NIC properties. The green light indicates that the configuration has been validated and is valid for provisioning.
{% endhint %}

![Valid flow log rule](/files/BKMdQf6MPtxqlIWUKfS8)

9\. Select the **Flow Log** drop-down list and choose the name of the flow log rule for which you want to view the summary.

![Flow log summary](/files/E53e8nlHocyNJkxWrtN1)

10\. *(Optional)* At this point, you may make further changes to your data center.

11\. Once ready, select **Provision changes**. After provisioning is complete, the flow logs on the NIC are activated.

{% hint style="info" %}
**Note:** Flow logs can be provisioned on both new and previously provisioned instances.
{% endhint %}


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.ionos.com/cloud/network-services/flow-logs/how-tos/configure-flow-logs.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.