A flow log record is a record of a network flow in your . By default, each record captures a network Internet Protocol (IP) Address traffic flow, groups it, and is enhanced with the following information:
Account ID of the resource
Unique identifier of the network interface
The flow status, indicating whether it was accepted or rejected by the Software Defined Network (SDN) layer
The flow log record is in the following format:
The following table describes all of the available fields for a flow log record.
The following are the examples of flow log records that capture specific traffic flows. For information on how to create flow logs, see Configure Flow Logs.
In this example, traffic to the network interface 7ffd6527-ce80-4e57-a949-f9a45824ebe2 for the account 12345678 is accepted.
In this example, traffic to the network interface 7ffd6527-ce80-4e57-a949-f9a45824ebe2 for the account 12345678 is rejected.
Field
Type
Description
Example Value
version
string
The flow log version. Version 2 is the default.
2
account-id
string
The IONOS Cloud account ID of the owner of the resource containing the interface for which flow logs are collected.
12345678
interface_id
string
The interface unique identifier (UUID) for which flow logs are collected.
7ffd6527-ce80-4e57-a949-f9a45824ebe2
srcaddr
string
The source address for incoming traffic, or the IPv4 address of the network interface for outgoing traffic.
172.17.1.100
dstaddr
string
The destination address for outgoing traffic, or the IPv4 address of the network interface for incoming traffic.
172.17.1.101
srcport
uint16
The source port from which the network flow originated.
59113
dstport
uint16
The destination port for the network flow.
20756
protocol
uin8
The Internet Assigned Numbers Authority (IANA) protocol number of the traffic. For more information, see Assigned Internet Protocol Numbers.
6
packets
uint64
The number of packets transferred during the network flow capture window.
17
bytes
uint64
The number of bytes transferred during the network flow capture window.
1325
start
string
The timestamp, in UNIX EPOCH format, of when the first packet of the flow was received within the grouping interval.
1587983051
end
string
The timestamp, in UNIX EPOCH format, of when the last packet of the flow was received within the grouping interval.
1587983052
action
string
The action associated with the traffic:
ACCEPT: traffic accepted by the firewall
REJECT: traffic rejected by the firewall
ACCEPT
log-status
string
The flow log logging status:
OK: normal flow logging
SKIPDATA: Some flow log records were skipped during the grouping interval
OK