IBM Cloud VPC Flow Logs via Cloud Object Storage Setup
This document provides instructions for configuring the collection of IBM Cloud VPC Flow Logs with IBM Cloud Object Storage.Note: VPC Flow Logs are only available on VPC Infrastructure Gen 2
Console Steps
Create Cloud Object Storage Service
-
First create the cloud object storage service.
-
Using the search bar type "cloud object storage" to be brought to the configuration page.
-
Select your desired storage plan, name your server, and select your resource group then click create.
Create Object Storage Bucket
-
From the Cloud Object Storage page click Buckets to create a storage bucket.
-
Choose a bucket name and add an expiration rule for as many days as you'd like to keep the raw logs.
Create Service credentials
-
Click service credentials on the Cloud Object Service page to create credentials Netography will use to access the flow logs.
-
Give it a name and use the reader role.
-
Click the chevron next to the key name as it will have the necessary information for the Netography Portal.
Grant Service Authorizations
-
From the main menu bar click Manage > Access (IAM)
-
The VPC Flow Logs need the ability to write to the Cloud Object Storage Bucket.
-
Click Authorizations in the left navigation.
-
Use Infrastructure Service for Source service.
-
This will then reveal the Resource Type drop down, select Flow Logs for VPC.
-
Then select Cloud Object Storage for Target service.
-
Select the Cloud Object Storage service we created earlier for the Service instance.
-
Select Write for the Service access.
Create Flow Logs
-
In the main search bar type 'flow logs' and click Flow Logs for VPC.
-
Provide a name for the flow log collector.
-
Select your resource group.
-
Attach it to the VPC
-
Select your VPC, Cloud Object Storage Service, and Bucket.
-
Click Create flow log
-
You should now see the flow log collector.
-
Click on the Object Storage Bucket to see the flow logs in the buck.
Netography Portal Steps
Navigate to Traffic Sources, and click "Add Traffic Source", then select IBM COS
Configuration
The following fields are specific to the IBM COS configuration.
Field | Required | Description | Examples |
---|---|---|---|
Region | yes | Location of the flow source | us-east |
Bucket | yes | The COS bucket name | |
Prefix | Optional folder prefix |
Authentication
The following fields are necessary for the integration to authenticate with IBM.
Field | Required | Description |
---|---|---|
API Key | yes | The API key that is associated for the Service ID |
Service Instance ID | yes | Unique identifier for the instance of Object Storage the credential accesses. This is also referred to as a service credential |
Updated 3 months ago