[New Update] Oracle VCN Flow Logs now available in the commercial realm
Ever wondered what goes in and out of your network in the cloud and how? VCN Flow Logs allows you to view connection information for traffic within, and in and out of your VCN in Oracle Cloud.
In this blog post, we cover VCN Flow logs, integration options with other services, their use cases, and how to configure and manage VCN flow logs in OCI.
Want to know more about networking in OCI? Read our blog on Networking In Oracle Cloud (OCI): VCN, Subnet, Gateways, Peering, Transit Routing.
- What’s New in VCN Flow Logs?
- What Is VCN Flow Logs?
- Integration Options with Data export & OCI streaming service
- Use cases of VCN Flow logs
- Configure VCN Flow Logs
- Accessing Flow Logs
- Export Flow Logs To OCI Object Storage
A few months back, Oracle announced the Limited Availability (LA) release of VCN Flow Logs for Oracle Cloud Infrastructure. To use this feature, your cloud tenancy has to be added to the LA program first, which you have to request. After you’ve added to the program, you’ll receive an e-mail within 3-5 days with usage instructions.
Now the VCN flow logs are made available with general availability for Oracle Cloud Infrastructure. Although VCN flow logs are still not available in the Government Cloud realms.
What Is VCN Flow Logs?
Virtual Cloud Network or VCN in Oracle Cloud Infrastructure can have one or more Virtual Network Interface Cards (VNICs) for each instance, for communication within and outside of the VCN. OCI Networking uses security lists and network security groups to determine what traffic is allowed in and out of a given VNIC.
VCN flow logs can be set up to help you troubleshoot your security lists or audit the traffic in and out of your VNICs. Flow logs record details about the traffic that has been accepted or rejected based on the security list rules. All the traffic passing through your VCN in Oracle Cloud can be seen and analyzed by the use of VCN flow logs. The information provided by flow logs can be used for network monitoring, troubleshooting, and compliance.
VCN Flow Logs keeps a detailed record of every flow that passes through the VCN and presents that data for analysis in the Oracle Cloud Infrastructure Logging service. The data includes information about:
- the source and destination of the traffic,
- the volume of traffic
- the accept or reject policy action taken, based on your network security rules
The VCN Flow logs integration with the Logging service, allows you to view, search, export, and stream log files. Oracle also provides integration of VCN Flow logs with data export and streaming options for the ingestion of your flow logs.
Flow logs can be archived to object storage bucket for data retention needs or you can stream the logs in under 10 minutes to your SIEM or log management platform.
There are different use cases where these VCN flow logs can be helpful. VCN Flow logs can be used for the following:
Troubleshooting and Monitoring
Flow logs can be used for troubleshooting and monitoring. The logs show whether security rules “allow” or “deny” the traffic and it also shows attempts to connect to the database from the on-premises environment as shown in the below figure.
Regulatory and Compliance
Regulatory, compliance, and other governance requirements were previously only achievable through third-party network virtual tools or host-based agents. VCN flow logs and data-retention options now provide visibility to meet financial, healthcare, and other regulated industry requirements.
Configure VCN Flow Logs
Integration with the Logging service allows you to enable, view, and manage your flow log configuration. Flow logs are enabled and managed using the Logging service. Flow logs enabled for a given subnet allows the traffic to be logged for all the existing and future VNICs in that subnet.
Enable flow logs
1. In the cloud console navigation menu, go to Logging and click on Log Groups.
2. Click on Create Log Group. Enter a name and description and click Create.
3. Go to logs tab, click on Enable Service Log.
4. Enable flow logs on your subnet by clicking on the navigation menu, then go to Logging, click on Logs.
5. On the Logs tab, click Enable Service Log.
6. Select the Flow Logs service, and select your subnet as the resource. Enter a value in Log Name, field, and click Enable Log.
Let’s say there is traffic for the given subnet, it can take up to 10 minutes for the first flow logs to be available. After that, you will receive batches of flow logs every minute.
7. You can also enable flow logs through the Logging tab on your subnet, which will walk you through the same process.
Accessing Flow Logs
Flow logs can be easily accessed from Oracle Cloud Logging Service Search.
Logging Console Viewer
You can view and search VCN flow logs from the Logging service’s console-based viewer which provides easy to run console and flexible indexing of your recent logs. This provides different search parameters to filter the flow logs.
To access the logs, go to the navigation menu, click on Logging, and then click on Search.
You can also visualize the search results using the Visualize tab as shown below.
Export Flow Logs To Object Storage
Oracle Logging Service Connector Hub provides a feature that enables you to export your flow logs to the Object Storage bucket using service connectors, taking full advantage of retention based on life-cycle policies.
When a service connector runs, it receives data from the source service, completes optional tasks on the data (such as filtering), and then moves the data to the target service.
VCN Flow Logs provides visibility into communications within your network. They are helpful in monitoring the traffic going in and out of your virtual cloud networks. In this post, I have covered a brief overview of VCN flow logs, their use cases, and how to configure VCN flow logs for your subnet and export the logs to object storage.
- 1Z0-1072-20 | Oracle Cloud Infrastructure 2020 Architect Associate
- Object Storage Service in Oracle Cloud Infrastructure (OCI)
- Network Security Groups (NSGs) Vs. Security List (SL): When to use What?
- Oracle Cloud Infrastructure (OCI): Region, AD, FD, Tenancy, Compartment, VCN, IAM, Storage Service
- Networking In Oracle Cloud (OCI): VCN, Subnet, Gateways, Peering, Transit Routing
- Announcing VCN flow logs general availability for Oracle Cloud Infrastructure
Next Task For You
Begin your journey towards becoming an Oracle Cloud Architect by Joining the FREE Masterclass on How To Become Oracle Cloud Architect in 8 Weeks.
Click on the image below to Register for the FREE Masterclass NOW!