VCN subnets should have flow logs enabled
このページは日本語には対応しておりません。随時翻訳に取り組んでいます。
翻訳に関してご質問やご意見ございましたら、
お気軽にご連絡ください。
Description
Oracle Cloud Infrastructure (OCI) VCN subnets should have flow logs enabled to capture detailed information about IP traffic flowing through network interfaces. Flow logs provide visibility into network traffic patterns, help detect suspicious activity, and support security investigations and compliance requirements. Flow logs can be enabled at either the subnet level or the VCN level to cover all subnets within the VCN.
To enable flow logs for your OCI VCN subnets, create a network capture filter and flow log in Network Command Center.
The capture filter must have the following configuration:
- The filter type must be
Flow log capture filter - The sampling rate must be set to 100%
- The filter must contain at least one rule that captures all traffic (Traffic disposition:
All, Include/Exclude: Include, Source CIDR: <blank>, Destination CIDR: <blank>, IP Protocol: All) - The filter must not contain any enabled
EXCLUDE rules
The flow log must have the following configuration:
- The destination can be a new or existing log group
- The capture filter must meet the criteria above
- The enablement point must be the subnet for subnet-level logging or VCN for VCN-level logging
For detailed guidance on enabling VCN flow logs, refer to the Capture Filters and VCN Flow Logs sections of the Oracle Cloud Infrastructure Documentation.
