We’re pleased to announce the Limited Availability (LA) release of VCN Flow Logs for Oracle Cloud Infrastructure. With it, you can view connection information for traffic within your virtual cloud network (VCN).
Note: To use this feature, your cloud tenancy must be added to the LA program, which you can request. After you’re added to the program, you’ll receive an e-mail within in 3-5 days with usage instructions.
VCN Flow Logs keeps detailed records of every flow that passes through your VCN and presents this data for analysis in the Oracle Cloud Infrastructure Logging service. The data includes information about the source and destination of the traffic, along with the quantity of traffic and the "permit" or "deny" action taken, based on your network security rules. You can use this information for network monitoring, troubleshooting, and compliance. Through integration with the Logging service, you can view, search, and retrieve log files.
<version> <srcaddr> <dstaddr> <srcport> <dstport> <protocol> <packets> <bytes> <start_time> <end_time> <action> <status>
2 172.16.2.139 172.16.1.107 73 89 11 102 349 1557424462 1557424510 ALLOW OK
2 172.16.2.145 172.16.2.179 82 64 13 112 441 1557424462 1557424486 REJECT OK
Use VCN Flow Logs in the following use cases:
You can use flows logs for troubleshooting and monitoring. Flow logs show attempts to connect to your database from your on-premises environment, as illustrated in the following figure. Logs also show whether security rules allow or deny the traffic. You can use this information to make quick, informed decisions about managing your network resources.
You can now achieve regulatory, compliance, and other governance requirements previously only achievable through third-party network virtual appliances or host-based agents. Through the visibility afforded by VCN Flow Logs and flexible data-retention policies provided by the Logging service, you can meet requirements in financial, healthcare, and other regulated industries.
VCN Flow Logs provides a flexible framework for using, managing, and viewing flow logs. Through the Logging service, you can enable, view, and manage your flow log configuration. During the LA release, you can view flow logs in the Oracle Cloud Infrastructure Console and export them to Object Storage. We’ll announce more data export options and integrations later this year.
In the navigation menu in the Console, go to Logging and click Log Management.
Create a log group to contain your flow logs.
On the Log Groups tab, click Create Log Group. Enter a name and a description, and then click Create.
Enable VCN flow logging on your subnet.
On the Logs tab, click Enable Log. Select the Flow Logs service, and select your subnet as the resource. Enter a name for the log, and click Enable Log.
That's it! Within 15 minutes, your logs should become available.
You can access flow logs from Logging or Object Storage.
You can view and search VCN flow logs directly within the Logging service’s console-based viewer. This view provides an easy-to-use indexed repository of your recent logs. To access the Logging viewer, navigate to Logging and then Log Search in the Console.
VCN flow logs are also available via Object Storage. You can retrieve the files from the Logging service’s Object Storage bucket on your account and keep logs in this location as long as you want.
As part of the Splunk Technical Alliance Partnership, we have published integrations to allow customers to use VCN Flow Logs in their log management solution. We previously published solutions for retrieving log files from Logging and transferring them to Splunk.
VCN Flow Logs provides visibility into communications within your network. If you want to be added to the LA program, you can request access. We encourage you to share any product feedback that you have in the comments.