Flow log record

A flow log record is a record of a network flow in your virtual data center (). By default, each record captures a network internet protocol (IP) traffic flow, groups it, and is enhanced with the following information:

Account ID of the resource
Unique identifier of the network interface
The flow's status, indicating whether it was accepted or rejected by the software-defined networking (SDN) layer

The flow log record is in the following format:

<version> <account-id> <interface-id> <srcaddr> <dstaddr> <srcport> <dstport> <protocol> <packets> <bytes> <start> <end> <action> <log-status>

Available Fields

The following table describes all of the available fields for a flow log record.

Field Type Description Example Value

Field	Type	Description	Example Value
`version`	string	The flow log version. Version 2 is the default.	2
`account-id`	string	The IONOS Cloud account ID of the owner of the resource containing the interface for which flow logs are collected.	12345678
`interface_id`	string	The interface unique identifier (UUID) for which flow logs are collected.	7ffd6527-ce80-4e57-a949-f9a45824ebe2
`srcaddr`	string	The source address for incoming traffic, or the IPv4 address of the network interface for outgoing traffic.	172.17.1.100
`dstaddr`	string	The destination address for outgoing traffic, or the IPv4 address of the network interface for incoming traffic.	172.17.1.101
`srcport`	uint16	The source port from which the network flow originated.	59113
`dstport`	uint16	The destination port for the network flow.	20756
`protocol`	uin8	The Internet Assigned Numbers Authority (IANA) protocol number of the traffic. For more information, see Assigned Internet Protocol Numbers	6
`packets`	uint64	The number of packets transferred during the network flow capture window.	17
`bytes`	uint64	The number of bytes transferred during the network flow capture window.	1325
`start`	string	The timestamp, in UNIX EPOCH format, of when the first packet of the flow was received within the grouping interval.	1587983051
`end`	string	The timestamp, in UNIX EPOCH format, of when the last packet of the flow was received within the grouping interval.	1587983052
`action`	string	The action associated with the traffic: ACCEPT: traffic accepted by the firewall REJECT: traffic rejected by the firewall	ACCEPT
`log-status`	string	The flow log logging status: OK: normal flow logging SKIPDATA: Some flow log records were skipped during the grouping interval	OK

version

string

The flow log version. Version 2 is the default.

account-id

string

The IONOS Cloud account ID of the owner of the resource containing the interface for which flow logs are collected.

12345678

interface_id

string

The interface unique identifier (UUID) for which flow logs are collected.

7ffd6527-ce80-4e57-a949-f9a45824ebe2

srcaddr

string

The source address for incoming traffic, or the IPv4 address of the network interface for outgoing traffic.

172.17.1.100

dstaddr

string

The destination address for outgoing traffic, or the IPv4 address of the network interface for incoming traffic.

172.17.1.101

srcport

uint16

The source port from which the network flow originated.

59113

dstport

uint16

The destination port for the network flow.

20756

protocol

uin8

The Internet Assigned Numbers Authority (IANA) protocol number of the traffic. For more information, see Assigned Internet Protocol Numbers

packets

uint64

The number of packets transferred during the network flow capture window.

bytes

uint64

The number of bytes transferred during the network flow capture window.

1325

start

string

The timestamp, in UNIX EPOCH format, of when the first packet of the flow was received within the grouping interval.

1587983051

end

string

The timestamp, in UNIX EPOCH format, of when the last packet of the flow was received within the grouping interval.

1587983052

action

string

The action associated with the traffic:

ACCEPT: traffic accepted by the firewall

REJECT: traffic rejected by the firewall

log-status

string

The flow log logging status:

OK: normal flow logging

SKIPDATA: Some flow log records were skipped during the grouping interval

Flow log record example

The following are examples of flow log records that capture specific traffic flows. For information on how to create flow logs, see configure flow logs

Accepted record

In this example, traffic to the network interface 7ffd6527-ce80-4e57-a949-f9a45824ebe2 for the account 12345678 was accepted.

2 12345678 7ffd6527-ce80-4e57-a949-f9a45824ebe2 172.17.1.100 172.17.1.101 59113 20756 6 17 1325 1587983051 1587983052 ACCEPT OK

Rejected record

In this example, traffic to the network interface 7ffd6527-ce80-4e57-a949-f9a45824ebe2 for the account 12345678 was rejected.

2 12345678 7ffd6527-ce80-4e57-a949-f9a45824ebe2 172.17.1.100 172.17.1.101 59113 20756 6 17 1325 1587983051 1587983052 REJECT OK

PreviousEnable Flow Logs NextConfigure Flow Logs

Last updated 2 years ago

Field	Type	Description	Example Value
`version`	string	The flow log version. Version 2 is the default.	2
`account-id`	string	The IONOS Cloud account ID of the owner of the resource containing the interface for which flow logs are collected.	12345678
`interface_id`	string	The interface unique identifier (UUID) for which flow logs are collected.	7ffd6527-ce80-4e57-a949-f9a45824ebe2
`srcaddr`	string	The source address for incoming traffic, or the IPv4 address of the network interface for outgoing traffic.	172.17.1.100
`dstaddr`	string	The destination address for outgoing traffic, or the IPv4 address of the network interface for incoming traffic.	172.17.1.101
`srcport`	uint16	The source port from which the network flow originated.	59113
`dstport`	uint16	The destination port for the network flow.	20756
`protocol`	uin8	The Internet Assigned Numbers Authority (IANA) protocol number of the traffic. For more information, see Assigned Internet Protocol Numbers	6
`packets`	uint64	The number of packets transferred during the network flow capture window.	17
`bytes`	uint64	The number of bytes transferred during the network flow capture window.	1325
`start`	string	The timestamp, in UNIX EPOCH format, of when the first packet of the flow was received within the grouping interval.	1587983051
`end`	string	The timestamp, in UNIX EPOCH format, of when the last packet of the flow was received within the grouping interval.	1587983052
`action`	string	The action associated with the traffic: ACCEPT: traffic accepted by the firewall REJECT: traffic rejected by the firewall	ACCEPT
`log-status`	string	The flow log logging status: OK: normal flow logging SKIPDATA: Some flow log records were skipped during the grouping interval	OK

Field

Type

Description

Example Value

version

string

The flow log version. Version 2 is the default.

account-id

string

The IONOS Cloud account ID of the owner of the resource containing the interface for which flow logs are collected.

12345678

interface_id

string

The interface unique identifier (UUID) for which flow logs are collected.

7ffd6527-ce80-4e57-a949-f9a45824ebe2

srcaddr

string

The source address for incoming traffic, or the IPv4 address of the network interface for outgoing traffic.

172.17.1.100

dstaddr

string

The destination address for outgoing traffic, or the IPv4 address of the network interface for incoming traffic.

172.17.1.101

srcport

uint16

The source port from which the network flow originated.

59113

dstport

uint16

The destination port for the network flow.

20756

protocol

uin8

The Internet Assigned Numbers Authority (IANA) protocol number of the traffic. For more information, see Assigned Internet Protocol Numbers

packets

uint64

The number of packets transferred during the network flow capture window.

bytes

uint64

The number of bytes transferred during the network flow capture window.

1325

start

string

The timestamp, in UNIX EPOCH format, of when the first packet of the flow was received within the grouping interval.

1587983051

end

string

The timestamp, in UNIX EPOCH format, of when the last packet of the flow was received within the grouping interval.

1587983052

action

string

The action associated with the traffic:

ACCEPT: traffic accepted by the firewall

REJECT: traffic rejected by the firewall

log-status

string

The flow log logging status:

OK: normal flow logging

SKIPDATA: Some flow log records were skipped during the grouping interval