Enable VPC Flow Logs (Network Management API)
The Network Management API lets you configure VPC Flow Logs for organizations, Virtual Private Cloud (VPC) networks, subnets, VLAN attachments for Cloud Interconnect, and Cloud VPN tunnels.
Before you begin:
This guide assumes you have permissions with the
Network Management Adminrole (roles/networkmanagement.admin), granted as follows:
- Organization level (required if you want to configure VPC Flow Logs for an organization)
- Project level (required if you want to configure VPC Flow Logs for a VPC network, subnet, VLAN attachment, or Cloud VPN tunnel)
The following instructions are based on Google documentation here, which may be useful to refer to if needed: https://docs.cloud.google.com/vpc/docs/using-flow-logs
Prerequisites
- Navigate to <https://console.cloud.google.com/apis/api/networkmanagement.googleapis.com>, and click "Enable".
- In the Google Cloud console, go to the VPC networks page.
Options for Flow Log Enablement
VPC Flow logs can be enabled at the following levels:
- Subnet
- VPC
- Organization (requires the
resourcemanager.organizations.getpermission.)The lowest level policy configured will supercede the higher policy.
Option 1. Enabling VPC Flow Logs at the Subnet Level
- On the Subnets in current project tab, select one or more subnets and then click Manage flow logs.
-
In Manage flow logs, click Add new configuration. This will configure a new VPC flow log configuration.
-
Do one of the following:
-
If you selected one subnet, in the Configurations — Subnets section, click Add a configuration.
-
If you selected multiple subnets, in the Configure VPC Flow Logs section, select Network Management API.
-
-
For Name, enter a name for the new VPC Flow Logs configuration.
-
Change the Aggregation Interval to
1 minute. -
Optional: Adjust the Description and any of the settings in the Advanced settings section:
- Log filtering: By default, Keep only logs that match a filter is deselected.
- Include metadata in the final log entries: By default, Metadata annotations includes all fields.
- Secondary sampling rate:
100%means that all entries generated by the primary flow log sampling process are kept.
-
Click Save.
Option 2. Enabling VPC Flow Logs for VPC Networks
-
On the Networks in current project tab, select one or more networks and then click Manage flow logs.
-
In Manage flow logs, click Add new configuration. This will configure a new VPC flow log configuration.
-
In the popup window, under Configurations - VPC networks click on Add a configuration.
-
For Name, enter a name for the new VPC Flow Logs configuration.
-
Change the Aggregation Interval to
1 minute. -
Optional: Adjust the Description and any of the settings in the Advanced settings section:
- Log filtering: By default, Keep only logs that match a filter is deselected.
- Include metadata in the final log entries: By default, Metadata annotations includes all fields.
- Secondary sampling rate:
100%means that all entries generated by the primary flow log sampling process are kept.
-
Click Save.
Option 3. Configuring VPC Flow Logs at the Organization Level
Configurations created at an organizational level will apply to all VPCs within that organization.
-
Navigate to the VPC Flow Logs configuration page.
-
Click Add VPC Flow Logs configuration and then click Add a configuration for the organization.
-
For Name, enter a name for the new VPC Flow Logs configuration.
-
Change the Aggregation Interval to
1 minute. -
Optional: Adjust the Description and any of the settings in the Advanced settings section:
-
Optional: Adjust the Description and any of the settings in the Advanced settings section:
- Log filtering: By default, Keep only logs that match a filter is deselected.
- Include metadata in the final log entries: By default, Metadata annotations includes all fields.
- Secondary sampling rate:
100%means that all entries generated by the primary flow log sampling process are kept.
-
Click Save.
Updated 4 days ago