Skip to content
Networking Observability
VPC Flow Logs
VPC Flow Logs records a sample of packets sent from and received by , including instances used as , and packets sent through VLAN attachments for and tunnels ().
Flow logs are aggregated by IP connection (5-tuple). These logs can be used for network monitoring, forensics, security analysis, and expense optimization.
You can view flow logs in , and you can export logs to any destination that Cloud Logging export supports.
Use cases
Network monitoring
VPC Flow Logs provides you with visibility into network throughput and performance. You can:
Understanding network usage and optimizing network traffic expenses
You can analyze network usage with VPC Flow Logs to optimize network traffic expenses. For example, you can analyze the network flows for the following:
Network forensics
You can use VPC Flow Logs for network forensics. For example, if an incident occurs, you can examine the following:
Firewall Rules Logging
Firewall Rules Logging lets you audit, verify, and analyze the effects of your firewall rules. For example, you can determine if a firewall rule designed to deny traffic is functioning as intended. Firewall Rules Logging is also useful if you need to determine how many connections are affected by a given firewall rule.
You enable Firewall Rules Logging individually for each firewall rule whose connections you need to log. Firewall Rules Logging is an option for any firewall rule, regardless of the action (allow or deny) or direction (ingress or egress) of the rule.
Firewall Rules Logging logs traffic to and from . This includes Google Cloud products built on Compute Engine VMs, such as and instances.
When you enable logging for a firewall rule, Google Cloud creates an entry called a connection record each time the rule allows or denies traffic. You can view these records in , and you can export logs to any destination that Cloud Logging export supports.
Each connection record contains the source and destination IP addresses, the protocol and ports, date and time, and a reference to the firewall rule that applied to the traffic.
Firewall Rules Logging is available for both VPC firewall rules and hierarchical firewall policies.
Packet Mirroring
Packet Mirroring clones the traffic of specified instances in your Virtual Private Cloud (VPC) network and forwards it for examination. Packet Mirroring captures all traffic and packet data, including payloads and headers. The capture can be configured for both egress and ingress traffic, only ingress traffic, or only egress traffic.
The mirroring happens on the virtual machine (VM) instances, not on the network. Consequently, Packet Mirroring consumes additional bandwidth on the VMs.
Packet Mirroring is useful when you need to monitor and analyze your security status. It exports all traffic, not only the traffic between sampling periods. For example, you can use security software that analyzes mirrored traffic to detect all threats or anomalies. Additionally, you can inspect the full traffic flow to detect application performance issues. For more information, see the example .
Want to print your doc?
This is not the way.
This is not the way.
Try clicking the ⋯ next to your doc name or using a keyboard shortcut (
CtrlP
) instead.