# Configure Flow Logs
You can create flow logs using the [DCD](https://docs.ionos.com/cloud/support/general-information/glossary-of-terms#data-center-designer-dcd) for your network interfaces as well as the public interfaces of the [Managed Network Load Balancer (NLB)](https://docs.ionos.com/sections-test/guides/network-services/network-load-balancer) and Managed [NAT Gateway](https://docs.ionos.com/sections-test/guides/network-services/nat-gateway). Flow logs can publish data to your buckets in the [IONOS Cloud Object Storage](https://docs.ionos.com/sections-test/guides/storage-and-backup/ionos-object-storage).
After you have created and configured your bucket in the IONOS Cloud Object Storage, you can create flow logs for your network interfaces.
{% hint style="info" %}
**Prerequisites:**
* Only contract administrators, owners, and users with the **Create Flow logs** permission can create a flow log. Ensure that you have the necessary permission and sufficient memory available.
* Make sure you have the corresponding privilege to enable **IONOS Cloud Object Storage**. Only contract administrators and owners can enable Object Storage.
{% endhint %}
## Activate flow logs
{% tabs %}
{% tab title="Server & Cubes" %}
1\. In the **DCD**, go to **Menu** > **Virtual Data Centers**.
2\. Open the required data center.
3\. Go to the Server or Cubes element and select the **Network** tab. Open the properties of the Network Interface Controller (NIC).
4\. Open the **Flow Log** drop-down list and fill in the fields. Provide an appropriate name for the flow log rule in the **Name** field. The name will also be the first part of the object name prefix.
5\. To create flow logs for all traffic, choose a **Direction** from the drop-down list. Choose either of the following to capture the traffic: \* **Ingress:** To capture flow logs for incoming traffic. \* **Egress:** To capture flow logs for outgoing traffic. \* **Bidirectional:** To capture flow logs in both directions, **inbound** and **outbound**. 6. Select an **Action** that will be taken on a network packet or flow as observed by the flow logging system from the drop-down list. Choose either of the following actions: \* **Rejected:** To capture only traffic blocked by the firewall. \* **Accepted:** To capture only traffic allowed by the firewall. \* **Any:** To capture all of the traffic. 7. Enter a valid existing IONOS Cloud Object Storage bucket name in the **Target Object Storage bucket** field. This is an optional object name prefix where flow log records should be written.
8\. Select **Add flow log** to complete the configuration of the flow log. Once you provision your changes, it will be available .
{% hint style="info" %}
**Note:**
* Characters **/** (slash) and **%2F** are not supported as object prefix characters.
* You cannot edit fields of a flow log rule after activating it.
* There is a limit of one flow log created per NIC, Managed NAT Gateway, and Managed NLB.
{% endhint %}
{% hint style="success" %}
**Result:** You can view the activated flow log rule indicated by a **green light** on the NIC properties. The green light indicates that the configuration has been validated and is valid for provisioning.
{% endhint %}
!\[Valid flow log rule]\(../../../images/flowlog\_green.png)
Select the **Flow Log** drop-down list and choose the name of the flow log rule for which you want to view the summary.
*(Optional)* At this point, you may make further changes to your data center.
Once ready, select **Provision changes**. After provisioning is complete, the network interface's flow logs are activated.
{% hint style="info" %}
**Note:** Flow logs can be provisioned on both new and previously provisioned instances.
{% endhint %}
{% endtab %}
{% tab title="Managed NAT Gateway & Managed NLB" %}
1\. In the **DCD**, go to **Menu** > **Virtual Data Centers**.
2\. Open the required data center.
3\. Go to the Managed NAT Gateway or Managed Network Load Balancer element and select the **Settings** tab.
4\. Provide an appropriate name for the flow log rule in the **Name** field. The name will also be the first part of the objects’ name prefix.
5\. To create flow logs for all traffic, choose a **Direction** from the drop-down list. Choose either of the following to capture the traffic: \* **Ingress:** To capture flow logs for incoming traffic. \* **Egress:** To capture flow logs for outgoing traffic. \* **Bidirectional:** To capture flow logs in both directions, **inbound** and **outbound**. 6. Select an **Action** to be performed on a network packet or flow as observed by the flow logging system from the drop-down list. Choose either of the following actions: \* **Rejected:** To capture only traffic blocked by the firewall. \* **Accepted:** To capture only traffic allowed by the firewall. \* **Any:** To capture all of the traffic. 7. Enter a valid existing IONOS Cloud Object Storage bucket name in the **Target Object Storage bucket** field. This is an optional object name prefix where flow log records should be written.
8\. Select **Add flow log** to complete the configuration of the flow log. Once you provision your changes, it will be available.
{% hint style="success" %}
**Result:** You can view the activated flow log rule indicated by a **green light** on the NIC properties. The green light indicates that the configuration has been validated and is valid for provisioning.
{% endhint %}
{% endtab %}
{% endtabs %}