Network Telemetry

In-depth network telemetry to keep your services secure.

Try It Free
VPC Flow Logs

Network Telemetry: VPC Flow Logs

Identify traffic and access patterns that may impose security or operational risks to your organization in near real time. Network Telemetry provides both network and security operations with in-depth, responsive VPC Flow Logs for Google Cloud Platform networking services.

Firewall Logging

Firewall Logging

VPC Firewall Logs allows users to log firewall access and deny events with the same responsiveness of VPC Flow Logs.

Monitoring At Peak Performance

Monitoring at peak performance

VPC Flow Logs allow you to monitor your deployments with no impact to your system performance. With our unique implementation, enabling VPC Flow Logs provides you in-depth visibility with no performance overhead.

Rich Annotation Support

Rich annotation support

With VPC Flow Logs, you can log flows based on a rich set of annotations, such as geolocation, BGP (Border Gateway Protocol) AS (Autonomous System) Numbers, project, network or subnetwork names, regions or zones, all the way down to VM instance names. This enables you to choose the granularity that is right for your deployment.

Exporting Logs

Exporting logs

VPC Flow Logs is very flexible and supports exporting of logs to many of our partner products. You can either choose to use Stackdriver to ingest your logs and analyze them, or you could choose to export them to your existing partner of choice.

Network Telemetry features

Traffic coverage

Monitor network traffic to and from Compute Engine VMs, including internal VPC traffic, flows leaving the VPC network through Cloud VPN or Cloud Interconnect, flows from an endpoint on the internet to the Compute Engine VMs, and flows between Compute Engine VMs and Google services in production.

No performance impact

VPC Flow Logs is natively built in the networking stack of the VPC network infrastructure. There is no extra delay and no performance penalty to route the original IP packets to the destination.

Annotations

Annotates network and subnetwork name, region and zone (if within the VPC), VM instance name, and Geo annotations such as continent, country, region, and city.

Protocols

You will be able to monitor the network flows for TCP and UDP.

Metrics

Supports metrics such as number of packets, number of bytes, and RTT (Round Trip Time) for TCP flows.

Flow definition parameters

Define flows based on 5-tuple: source and destination IP addresses, ports, and the IANA protocol number.

Filters

Selectively export flow logs to logging storage/APIs, using the filters.

Partners

Network Telemetry supports exporting of logs to supported Partners.

Network Telemetry pricing

For Google Cloud Platform pricing, visit our pricing page.

VPC network logs, including VPC flow logs and firewall logs, generate charges.
You will be charged for VPC flow logs, but charges for firewall logs will start on February 1, 2019.

VPC Flow Log and Firewall Log generation Price
0–10 TB per month 0.50/GB
10–30 TB per month 0.25/GB
30–50 TB per month 0.10/GB
>50 TB per month 0.05/GB

Log generation can be exported to Stackdriver Logging, Cloud Pub/Sub, Cloud Storage, or BigQuery. Cloud Pub/Sub, Cloud Storage, or BigQuery charges apply in addition to Log generation charges.

If you send your Log generation to Stackdriver Logging, Log generation charges are waived, and only Stackdriver Logging charges apply. If you send and then exclude your Log generation from Stackdriver Logging, Log generation charges apply.

Resources

Explore tutorials, launch quickstarts, and reviews.

VPC Flow Logs — network transparency in near real-time

Read Blog arrow_forward

Using VPC Flow Logs

View Documentation arrow_forward
Google Cloud

Get started

Learn and build

New to GCP? Get started with any GCP product for free with a $300 credit.

Need more help?

Our experts will help you build the right solution or find the right partner for your needs.