VCN Flow Logs Example
The following are sample logging commands related to VCN Flow Logs.
To create a log group
As a required prerequisite, run the oci session authenticate command first:
oci session authenticate
Enter a region by index or name(e.g.
1: af-johannesburg-1, 2: ap-chiyoda-1, 3: ap-chuncheon-1, 4: ap-dcc-canberra-1, 5: ap-hyderabad-1,
6: ap-ibaraki-1, 7: ap-melbourne-1, 8: ap-mumbai-1, 9: ap-osaka-1, 10: ap-seoul-1,
11: ap-singapore-1, 12: ap-sydney-1, 13: ap-tokyo-1, 14: ca-montreal-1, 15: ca-toronto-1,
16: eu-amsterdam-1, 17: eu-frankfurt-1, 18: eu-marseille-1, 19: eu-milan-1, 20: eu-paris-1,
21: eu-stockholm-1, 22: eu-zurich-1, 23: il-jerusalem-1, 24: me-abudhabi-1, 25: me-dcc-muscat-1,
26: me-dubai-1, 27: me-jeddah-1, 28: sa-santiago-1, 29: sa-saopaulo-1, 30: sa-vinhedo-1,
31: uk-cardiff-1, 32: uk-gov-cardiff-1, 33: uk-gov-london-1, 34: uk-london-1, 35: us-ashburn-1,
36: us-gov-ashburn-1, 37: us-gov-chicago-1, 38: us-gov-phoenix-1, 39: us-langley-1, 40: us-luke-1,
41: us-phoenix-1, 42: us-sanjose-1): 15
Please switch to newly opened browser window to log in!
You can also open the following URL in a web browser window to continue:
https://login.ca-toronto-1.oraclecloud.com/v1/oauth2/authorize?action=login&client_id=iaas_console&response_type
=token+id_token&nonce=<id>&scope=openid&public_key=<key>&redirect_uri=http%3A%2F%2Flocalhost%3A8181
Completed browser authentication process!
Enter the name of the profile you would like to create: <profile_name>
Config written to: /Users/<user_name>/.oci/config
Try out your newly created session credentials with the following example command:
oci iam region list --config-file /Users/<user_name>/.oci/config --profile <profile_name> --auth security_token
Next, execute the oci logging command using the --profile <profile_name> and --auth security_token options:
oci logging log-group create --compartment-id ocid1.compartment.oc1..<compartment_OCID> --display-name <log_group_name>
--profile <profile_name> --auth security_token
{
"opc-work-request-id": "ocid1.logworkrequest.oc1.ca-toronto-1.<compartment_OCID>"
}
To create a flowlogs
log object (enable Flow Logs)
Run the oci session authenticate command:
oci session authenticate
Enter a region by index or name(e.g.
1: af-johannesburg-1, 2: ap-chiyoda-1, 3: ap-chuncheon-1, 4: ap-dcc-canberra-1, 5: ap-hyderabad-1,
6: ap-ibaraki-1, 7: ap-melbourne-1, 8: ap-mumbai-1, 9: ap-osaka-1, 10: ap-seoul-1,
11: ap-singapore-1, 12: ap-sydney-1, 13: ap-tokyo-1, 14: ca-montreal-1, 15: ca-toronto-1,
16: eu-amsterdam-1, 17: eu-frankfurt-1, 18: eu-marseille-1, 19: eu-milan-1, 20: eu-paris-1,
21: eu-stockholm-1, 22: eu-zurich-1, 23: il-jerusalem-1, 24: me-abudhabi-1, 25: me-dcc-muscat-1,
26: me-dubai-1, 27: me-jeddah-1, 28: sa-santiago-1, 29: sa-saopaulo-1, 30: sa-vinhedo-1,
31: uk-cardiff-1, 32: uk-gov-cardiff-1, 33: uk-gov-london-1, 34: uk-london-1, 35: us-ashburn-1,
36: us-gov-ashburn-1, 37: us-gov-chicago-1, 38: us-gov-phoenix-1, 39: us-langley-1, 40: us-luke-1,
41: us-phoenix-1, 42: us-sanjose-1): 15
Please switch to newly opened browser window to log in!
You can also open the following URL in a web browser window to continue:
https://login.ca-toronto-1.oraclecloud.com/v1/oauth2/authorize?action=login&client_id=iaas_console&response_type
=token+id_token&nonce=<id>&scope=openid&public_key=<key>&redirect_uri=http%3A%2F%2Flocalhost%3A8181
Completed browser authentication process!
Enter the name of the profile you would like to create: <profile_name>
Config written to: /Users/<user_name>/.oci/config
Try out your newly created session credentials with the following example command:
oci iam region list --config-file /Users/<user_name>/.oci/config --profile <profile_name> --auth security_token
Next, execute the oci logging command using the --profile <profile_name> and --auth security_token options:oci logging log create --display-name <log_display_name> --log-group-id <log_group_OCID>
--description <description> --log-type SERVICE --is-enabled <Boolean>
--profile <profile_name> --auth security_token --configuration file://input.json
Sample configuration file:
{
"compartment-id":"...", # CompartmentId of where the subnet resource is present.
"source": {
"resource": "ocid1.subnet.....", # OCID of subnet for which flowlogs is enabled.
"service": "flowlogs", # "flowlogs" is the official service name and it should be all lowercase.
"source-type": "OCISERVICE", # OCISERVICE is the name of the Logging source-type.
"category": "all"
}
}
To disable a flowlogs
log object (disable Flow Logs)
Run the oci session authenticate command:
oci session authenticate
Enter a region by index or name(e.g.
1: af-johannesburg-1, 2: ap-chiyoda-1, 3: ap-chuncheon-1, 4: ap-dcc-canberra-1, 5: ap-hyderabad-1,
6: ap-ibaraki-1, 7: ap-melbourne-1, 8: ap-mumbai-1, 9: ap-osaka-1, 10: ap-seoul-1,
11: ap-singapore-1, 12: ap-sydney-1, 13: ap-tokyo-1, 14: ca-montreal-1, 15: ca-toronto-1,
16: eu-amsterdam-1, 17: eu-frankfurt-1, 18: eu-marseille-1, 19: eu-milan-1, 20: eu-paris-1,
21: eu-stockholm-1, 22: eu-zurich-1, 23: il-jerusalem-1, 24: me-abudhabi-1, 25: me-dcc-muscat-1,
26: me-dubai-1, 27: me-jeddah-1, 28: sa-santiago-1, 29: sa-saopaulo-1, 30: sa-vinhedo-1,
31: uk-cardiff-1, 32: uk-gov-cardiff-1, 33: uk-gov-london-1, 34: uk-london-1, 35: us-ashburn-1,
36: us-gov-ashburn-1, 37: us-gov-chicago-1, 38: us-gov-phoenix-1, 39: us-langley-1, 40: us-luke-1,
41: us-phoenix-1, 42: us-sanjose-1): 15
Please switch to newly opened browser window to log in!
You can also open the following URL in a web browser window to continue:
https://login.ca-toronto-1.oraclecloud.com/v1/oauth2/authorize?action=login&client_id=iaas_console&response_type
=token+id_token&nonce=<id>&scope=openid&public_key=<key>&redirect_uri=http%3A%2F%2Flocalhost%3A8181
Completed browser authentication process!
Enter the name of the profile you would like to create: <profile_name>
Config written to: /Users/<user_name>/.oci/config
Try out your newly created session credentials with the following example command:
oci iam region list --config-file /Users/<user_name>/.oci/config --profile <profile_name> --auth security_token
Next, execute the oci logging command using the --profile <profile_name> and --auth security_token options:oci logging log update --log-group-id <log_group_OCID> --log-id <log_OCID> --is-enabled false
--profile <profile_name> --auth security_token
To delete the log object
Run the oci session authenticate command:
oci session authenticate
Enter a region by index or name(e.g.
1: af-johannesburg-1, 2: ap-chiyoda-1, 3: ap-chuncheon-1, 4: ap-dcc-canberra-1, 5: ap-hyderabad-1,
6: ap-ibaraki-1, 7: ap-melbourne-1, 8: ap-mumbai-1, 9: ap-osaka-1, 10: ap-seoul-1,
11: ap-singapore-1, 12: ap-sydney-1, 13: ap-tokyo-1, 14: ca-montreal-1, 15: ca-toronto-1,
16: eu-amsterdam-1, 17: eu-frankfurt-1, 18: eu-marseille-1, 19: eu-milan-1, 20: eu-paris-1,
21: eu-stockholm-1, 22: eu-zurich-1, 23: il-jerusalem-1, 24: me-abudhabi-1, 25: me-dcc-muscat-1,
26: me-dubai-1, 27: me-jeddah-1, 28: sa-santiago-1, 29: sa-saopaulo-1, 30: sa-vinhedo-1,
31: uk-cardiff-1, 32: uk-gov-cardiff-1, 33: uk-gov-london-1, 34: uk-london-1, 35: us-ashburn-1,
36: us-gov-ashburn-1, 37: us-gov-chicago-1, 38: us-gov-phoenix-1, 39: us-langley-1, 40: us-luke-1,
41: us-phoenix-1, 42: us-sanjose-1): 15
Please switch to newly opened browser window to log in!
You can also open the following URL in a web browser window to continue:
https://login.ca-toronto-1.oraclecloud.com/v1/oauth2/authorize?action=login&client_id=iaas_console&response_type
=token+id_token&nonce=<id>&scope=openid&public_key=<key>&redirect_uri=http%3A%2F%2Flocalhost%3A8181
Completed browser authentication process!
Enter the name of the profile you would like to create: <profile_name>
Config written to: /Users/<user_name>/.oci/config
Try out your newly created session credentials with the following example command:
oci iam region list --config-file /Users/<user_name>/.oci/config --profile <profile_name> --auth security_token
Next, execute the oci logging command using the --profile <profile_name> and --auth security_token options:oci logging log delete --log-id <log_OCID> --profile <profile_name> --auth security_token