VCN Flow Logs Example

The following are sample logging commands related to VCN Flow Logs.

To create a log group

As a required prerequisite, run the oci session authenticate command first:

oci session authenticate
Enter a region by index or name(e.g.
1: af-johannesburg-1, 2: ap-chiyoda-1, 3: ap-chuncheon-1, 4: ap-dcc-canberra-1, 5: ap-hyderabad-1,
6: ap-ibaraki-1, 7: ap-melbourne-1, 8: ap-mumbai-1, 9: ap-osaka-1, 10: ap-seoul-1,
11: ap-singapore-1, 12: ap-sydney-1, 13: ap-tokyo-1, 14: ca-montreal-1, 15: ca-toronto-1,
16: eu-amsterdam-1, 17: eu-frankfurt-1, 18: eu-marseille-1, 19: eu-milan-1, 20: eu-paris-1,
21: eu-stockholm-1, 22: eu-zurich-1, 23: il-jerusalem-1, 24: me-abudhabi-1, 25: me-dcc-muscat-1,
26: me-dubai-1, 27: me-jeddah-1, 28: sa-santiago-1, 29: sa-saopaulo-1, 30: sa-vinhedo-1,
31: uk-cardiff-1, 32: uk-gov-cardiff-1, 33: uk-gov-london-1, 34: uk-london-1, 35: us-ashburn-1,
36: us-gov-ashburn-1, 37: us-gov-chicago-1, 38: us-gov-phoenix-1, 39: us-langley-1, 40: us-luke-1,
41: us-phoenix-1, 42: us-sanjose-1): 15
    Please switch to newly opened browser window to log in!
    You can also open the following URL in a web browser window to continue:
https://login.ca-toronto-1.oraclecloud.com/v1/oauth2/authorize?action=login&client_id=iaas_console&response_type
 =token+id_token&nonce=<id>&scope=openid&public_key=<key>&redirect_uri=http%3A%2F%2Flocalhost%3A8181
    Completed browser authentication process!
Enter the name of the profile you would like to create: <profile_name>
Config written to: /Users/<user_name>/.oci/config

    Try out your newly created session credentials with the following example command:

    oci iam region list --config-file /Users/<user_name>/.oci/config --profile <profile_name> --auth security_token

Next, execute the oci logging command using the --profile <profile_name> and --auth security_token options:

oci logging log-group create --compartment-id ocid1.compartment.oc1..<compartment_OCID> --display-name <log_group_name>
 --profile <profile_name> --auth security_token
{
  "opc-work-request-id": "ocid1.logworkrequest.oc1.ca-toronto-1.<compartment_OCID>"
}

To create a flowlogs log object (enable Flow Logs)

Run the oci session authenticate command:

oci session authenticate
Enter a region by index or name(e.g.
1: af-johannesburg-1, 2: ap-chiyoda-1, 3: ap-chuncheon-1, 4: ap-dcc-canberra-1, 5: ap-hyderabad-1,
6: ap-ibaraki-1, 7: ap-melbourne-1, 8: ap-mumbai-1, 9: ap-osaka-1, 10: ap-seoul-1,
11: ap-singapore-1, 12: ap-sydney-1, 13: ap-tokyo-1, 14: ca-montreal-1, 15: ca-toronto-1,
16: eu-amsterdam-1, 17: eu-frankfurt-1, 18: eu-marseille-1, 19: eu-milan-1, 20: eu-paris-1,
21: eu-stockholm-1, 22: eu-zurich-1, 23: il-jerusalem-1, 24: me-abudhabi-1, 25: me-dcc-muscat-1,
26: me-dubai-1, 27: me-jeddah-1, 28: sa-santiago-1, 29: sa-saopaulo-1, 30: sa-vinhedo-1,
31: uk-cardiff-1, 32: uk-gov-cardiff-1, 33: uk-gov-london-1, 34: uk-london-1, 35: us-ashburn-1,
36: us-gov-ashburn-1, 37: us-gov-chicago-1, 38: us-gov-phoenix-1, 39: us-langley-1, 40: us-luke-1,
41: us-phoenix-1, 42: us-sanjose-1): 15
    Please switch to newly opened browser window to log in!
    You can also open the following URL in a web browser window to continue:
https://login.ca-toronto-1.oraclecloud.com/v1/oauth2/authorize?action=login&client_id=iaas_console&response_type
 =token+id_token&nonce=<id>&scope=openid&public_key=<key>&redirect_uri=http%3A%2F%2Flocalhost%3A8181
    Completed browser authentication process!
Enter the name of the profile you would like to create: <profile_name>
Config written to: /Users/<user_name>/.oci/config

    Try out your newly created session credentials with the following example command:

    oci iam region list --config-file /Users/<user_name>/.oci/config --profile <profile_name> --auth security_token
Next, execute the oci logging command using the --profile <profile_name> and --auth security_token options:
oci logging log create --display-name <log_display_name> --log-group-id <log_group_OCID> 
 --description <description> --log-type SERVICE --is-enabled <Boolean>
--profile <profile_name> --auth security_token --configuration file://input.json

Sample configuration file:

{
    "compartment-id":"...",               # CompartmentId of where the subnet resource is present.
    "source": {
        "resource": "ocid1.subnet.....",  # OCID of subnet for which flowlogs is enabled.
        "service": "flowlogs",            # "flowlogs" is the official service name and it should be all lowercase.
        "source-type": "OCISERVICE",      # OCISERVICE is the name of the Logging source-type.
        "category": "all"
    }
}

To disable a flowlogs log object (disable Flow Logs)

Run the oci session authenticate command:

oci session authenticate
Enter a region by index or name(e.g.
1: af-johannesburg-1, 2: ap-chiyoda-1, 3: ap-chuncheon-1, 4: ap-dcc-canberra-1, 5: ap-hyderabad-1,
6: ap-ibaraki-1, 7: ap-melbourne-1, 8: ap-mumbai-1, 9: ap-osaka-1, 10: ap-seoul-1,
11: ap-singapore-1, 12: ap-sydney-1, 13: ap-tokyo-1, 14: ca-montreal-1, 15: ca-toronto-1,
16: eu-amsterdam-1, 17: eu-frankfurt-1, 18: eu-marseille-1, 19: eu-milan-1, 20: eu-paris-1,
21: eu-stockholm-1, 22: eu-zurich-1, 23: il-jerusalem-1, 24: me-abudhabi-1, 25: me-dcc-muscat-1,
26: me-dubai-1, 27: me-jeddah-1, 28: sa-santiago-1, 29: sa-saopaulo-1, 30: sa-vinhedo-1,
31: uk-cardiff-1, 32: uk-gov-cardiff-1, 33: uk-gov-london-1, 34: uk-london-1, 35: us-ashburn-1,
36: us-gov-ashburn-1, 37: us-gov-chicago-1, 38: us-gov-phoenix-1, 39: us-langley-1, 40: us-luke-1,
41: us-phoenix-1, 42: us-sanjose-1): 15
    Please switch to newly opened browser window to log in!
    You can also open the following URL in a web browser window to continue:
https://login.ca-toronto-1.oraclecloud.com/v1/oauth2/authorize?action=login&client_id=iaas_console&response_type
 =token+id_token&nonce=<id>&scope=openid&public_key=<key>&redirect_uri=http%3A%2F%2Flocalhost%3A8181
    Completed browser authentication process!
Enter the name of the profile you would like to create: <profile_name>
Config written to: /Users/<user_name>/.oci/config

    Try out your newly created session credentials with the following example command:

    oci iam region list --config-file /Users/<user_name>/.oci/config --profile <profile_name> --auth security_token
Next, execute the oci logging command using the --profile <profile_name> and --auth security_token options:
oci logging log update --log-group-id <log_group_OCID> --log-id <log_OCID> --is-enabled false
 --profile <profile_name> --auth security_token

To delete the log object

Run the oci session authenticate command:

oci session authenticate
Enter a region by index or name(e.g.
1: af-johannesburg-1, 2: ap-chiyoda-1, 3: ap-chuncheon-1, 4: ap-dcc-canberra-1, 5: ap-hyderabad-1,
6: ap-ibaraki-1, 7: ap-melbourne-1, 8: ap-mumbai-1, 9: ap-osaka-1, 10: ap-seoul-1,
11: ap-singapore-1, 12: ap-sydney-1, 13: ap-tokyo-1, 14: ca-montreal-1, 15: ca-toronto-1,
16: eu-amsterdam-1, 17: eu-frankfurt-1, 18: eu-marseille-1, 19: eu-milan-1, 20: eu-paris-1,
21: eu-stockholm-1, 22: eu-zurich-1, 23: il-jerusalem-1, 24: me-abudhabi-1, 25: me-dcc-muscat-1,
26: me-dubai-1, 27: me-jeddah-1, 28: sa-santiago-1, 29: sa-saopaulo-1, 30: sa-vinhedo-1,
31: uk-cardiff-1, 32: uk-gov-cardiff-1, 33: uk-gov-london-1, 34: uk-london-1, 35: us-ashburn-1,
36: us-gov-ashburn-1, 37: us-gov-chicago-1, 38: us-gov-phoenix-1, 39: us-langley-1, 40: us-luke-1,
41: us-phoenix-1, 42: us-sanjose-1): 15
    Please switch to newly opened browser window to log in!
    You can also open the following URL in a web browser window to continue:
https://login.ca-toronto-1.oraclecloud.com/v1/oauth2/authorize?action=login&client_id=iaas_console&response_type
 =token+id_token&nonce=<id>&scope=openid&public_key=<key>&redirect_uri=http%3A%2F%2Flocalhost%3A8181
    Completed browser authentication process!
Enter the name of the profile you would like to create: <profile_name>
Config written to: /Users/<user_name>/.oci/config

    Try out your newly created session credentials with the following example command:

    oci iam region list --config-file /Users/<user_name>/.oci/config --profile <profile_name> --auth security_token
Next, execute the oci logging command using the --profile <profile_name> and --auth security_token options:
oci logging log delete --log-id <log_OCID> --profile <profile_name> --auth security_token