Configure Flow Logs
Last updated
Last updated
The information and assistance available in this category make it easier for you to work with flow logs using the DCD. For the time being, you have the option of doing either of the following.
You can create flow logs for your network interfaces as well as the public interfaces of the Managed Network Load Balancer (NLB) and Managed (NAT Gateway). Flow logs can publish data to your buckets in the IONOS S3 Object Storage.
After you have created and configured your bucket in the IONOS S3 Object Storage, you can create flow logs for your network interfaces.
Prerequisites:
Only contract administrators, owners, and users with the Create Flow logs permission can create a flow log. Ensure that you have the necessary permission and sufficient memory available.
Make sure you have the corresponding privilege to enable IONOS S3 Object Storage. Only contract administrators and owners can enable Object Storage.
In the DCD, go to the Menu > Data Center Designer. Select a Data Center.
Go to the Server or Cubes element and select the Network tab. Open the properties of the Network Interface Controller (NIC).
Open the Flow Log drop-down list and fill in the fields. Provide an appropriate name for the flow log rule in the Name field. The name will also be the first part of the object name prefix.
To create flow logs for all traffic, choose a Direction from the drop-down list. Choose either of the following to capture the traffic:
Ingress: To capture flow logs for incoming traffic.
Egress: To capture flow logs for outgoing traffic.
Bidirectional: To capture flow logs in both directions, inbound and outbound.
Select an Action that will be taken on a network packet or flow as observed by the flow logging system from the drop-down list. Choose either of the following actions:
Rejected: To capture only traffic blocked by the firewall.
Accepted: To capture only traffic allowed by the firewall.
Any: To capture all of the traffic.
Enter a valid existing IONOS S3 Object Storage bucket name in the Target S3 bucket field. This is an optional object name prefix where flow log records should be written.
Select Add flow log to complete the configuration of the flow log. Once you provision your changes, it will be available .
Note:
Characters / (slash) and %2F are not supported as object prefix characters.
You cannot edit fields of a flow log rule after activating it.
There is a limit of one flow log created per NIC, Managed NAT Gateway, and Managed NLB.
Result: You can view the activated flow log rule indicated by a green light on the NIC properties. The green light indicates that the configuration has been validated and is valid for provisioning.
Select the Flow Log drop-down list and choose the name of the flow log rule for which you want to view the summary.
(Optional) At this point, you may make further changes to your data center.
Once ready, select Provision changes. After provisioning is complete, the network interface's flow logs are activated.
Note: Flow logs can be provisioned on both new and previously provisioned instances.
