Oracle Cloud VCN Flow Logs via Cloud Object Storage Setup

Suggest Edits

Console Steps

Create User Group

  1. Using the search bar type "identity" and click "Groups" under Services to be brought to the configuration page.
  2. Click "Create Group"
  3. Fill in the name and description. You can optionally add your desired tags.

Create Access Policy

  1. Using the search bar type "identity" and click "Groups" under Services to be brought to the configuration page.
  2. Click "Create Policy"
  3. Fill in the name and description. You can optionally add your desired tags under advanced.
  4. Choose the compartment to limit the policy to.
  5. Next to Policy Builder click "Customize"
  6. Fill in the following policies. Replace groupname with the group we created. Replace region with the region the object storage being used is in. Tenancy can be replaced with a stricter scope such as a compartment. 
allow group <groupname> to read object-family in tenancy

allow group <groupname> to read virtual-network-family in tenancy

allow group <groupname> to read instance-family in tenancy

allow service objectstorage-<region> to manage object-family in tenancy

Create User

  1. Using the search bar type "identity" and click "Users" under Services to be brought to the configuration page.
  2. Click "Create User"
  3. Fill in the name and description. 
  4. You can optionally add an email address and your desired tags under advanced.
  5. Click on the user you just created and click "Add User to Group" then select the group we created. Click "Add"
  6. In the User Information tab click "copy" next to "OCID". Make note of this as it will be used in the Netography portal.

Create Flow Logs

You can enable flow logs for a given subnet, which means traffic is logged for all the existing and future VNICs in that subnet. Each flow log record contains information about traffic for a single VNIC. After flow logs are enabled for a subnet, a batch of flow logs for each VNIC is collected in one-minute capture windows. It takes under eight minutes to process a batch, after which the flow logs are available for viewing.

  1. Using the search bar type "virtual" and click "Virtual Cloud Networks" under Services to be brought to the configuration page.
  2. Select the subnet you wish to turn flow logs on.
  3. Click the toggle under "Enable Log"
  4. Select the proper compartment
  5. Select your log group or click "Create New Group"
  6. Enter the desired log name
  7. Leave retention period default
  8. Check "Enable Legacy Archival Logs"
  9. Click "Enable Log"

Create Service Connector

  1. Go to the Logging section and select the Service Connectors option
  2. Click Create Service Connector
  3. Populate details for Connector name and the description
  4. Click Create.


Setup Object Lifecycle

To reduce the amount of flow logs in object storage you can configure an object lifecycle to expire objects after a number of days.

  1. In the bucket you just created click "Lifecycle Policy Rules"
  2. Enter a name for your policy
  3. Ensure "Objects" is the target.
  4. Select "Delete" for Lifecycle Action
  5. Enter your desired days after which the objects expire.
  6. Ensure state is enabled

Obtain Tenancy OCID

  1. Click on your profile icon in the upper right.

  2. Click on Tenancy.

  3. Under Tenancy Information click copy next to OCID.

Netography Portal Steps

Navigate to Flow Sources, and click "Add Flow Source", then select Oracle COS

Configuration

The following fields are specific to the Oracle COS configuration.

FieldRequiredDescriptionExample
RegionyesLocation of the flow sourceus-sanjose-1
BucketyesThe COS bucket name
PrefixOptional folder prefix

Authentication

The following fields are necessary for the integration to authenticate with Oracle COS.

Account NameyesThe account name to use for this stream
User OCIDyesOracle assigns each user a unique ID called an Oracle Cloud ID (OCID)
Tenancy OCIDyesEvery Oracle Cloud Infrastructure resource has an Oracle-assigned unique ID called an Oracle Cloud Identifier (OCID)

To complete the authentication setup, you will need to obtain the public key and fingerprint that will be generated automatically after the form is submitted. Once the integration is created in the Netography Portal, return to edit the Flow Source that was just created.

Make note of the public key and fingerprint. This information will be used in the post configuration step within COS.

Console Steps (Continued)

📘

This step uses the public key generated after configuring the Cloud Provider in the Netography Portal.

Add API Key to User

  1. Click "API Keys" and Add Public Key

  2. Select paste public keys and paste the public key.

  3. You should now see a fingerprint and it should match the fingerprint for the public key.

Updated 4 months ago