Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Alibaba Cloud VPC Flow Logs data.
Table attributes
| Attribute | Value |
|---|---|
| Resource types | - |
| Categories | Security |
| Solutions | SecurityInsights |
| Basic log | Yes |
| Ingestion-time DCR support | No |
| Lake-only ingestion | Yes |
| Sample Queries | - |
Columns
| Column | Type | Description |
|---|---|---|
| AccountId | string | The Alibaba Cloud account ID |
| Action | string | Indicates whether the traffic was permitted or denied by a security group or network ACL: ACCEPT (traffic was permitted) or REJECT (traffic was denied) |
| _BilledSize | real | The record size in bytes |
| Bytes | string | The number of bytes |
| Direction | string | The direction of the traffic: in (Inbound traffic to the ENI) or out (Outbound traffic from the ENI) |
| DstAddr | string | The destination IP address |
| DstPort | string | The destination port |
| DstType | string | The CIDR block information of the destination IP address after enabling the inter-domain analysis feature. This field is included only if you enable the inter-domain analysis feature. |
| End | string | For a persistent connection, this is the end time of the capture window. For a short-lived connection, this is the time when the connection was closed. The value is a Unix timestamp |
| EniId | string | The ID of the ENI |
| _IsBillable | string | Specifies whether ingesting the data is billable. When _IsBillable is false ingestion isn't billed to your Azure account |
| LogProject | string | The name of the log project where the logs are stored. |
| LogRegion | string | The region where the log store is located. |
| LogStatus | string | The logging status of the flow log: OK (Data is recorded normally), NODATA (No network traffic), SKIPDATA (Some flow log records are skipped) |
| LogStore | string | The name of the log store where the logs are stored. |
| Packets | string | The number of packets |
| Protocol | string | The Internet Assigned Numbers Authority (IANA) protocol number of the traffic. Common protocol numbers include 1 for ICMP, 6 for TCP, and 17 for UDP |
| Region | string | The region where the VPC resides, Not included in all records |
| SourceSystem | string | The type of agent the event was collected by. For example, OpsManager for Windows agent, either direct connect or Operations Manager, Linux for all Linux agents, or Azure for Azure Diagnostics |
| SrcAddr | string | The source IP address |
| SrcPort | string | The source port |
| SrcType | string | The CIDR block information of the source IP address after enabling the inter-domain analysis feature. This field is included only if you enable the inter-domain analysis feature. |
| Start | string | The time when the first packet was received in the capture window. The value is a Unix timestamp |
| TcpFlags | string | The TCP flag, represented in decimal, which reflects a combination of flags from the TCP protocol, such as SYN, ACK, and FIN |
| TenantId | string | The Log Analytics workspace ID |
| TimeGenerated | datetime | The time when the log entry was generated |
| TrafficPath | string | The scenario where the traffic occurs (0-22): 0=Other scenarios, 1=Traffic through other resources in same VPC, 2=Private traffic to ECS instance in same VPC, etc. |
| Type | string | The name of the table |
| Version | string | The version of the flow log. The version of all current flow log entries is 1 |
| VmId | string | The ID of the ECS instance to which the ENI is attached |
| VpcId | string | The ID of the VPC to which the ENI belongs |
| VswitchId | string | The ID of the vSwitch to which the elastic network interface (ENI) is attached |