Network Telemetry: VPC flow logs
Identify traffic and access patterns that may impose security or operational risks to your organization in near real time. Network Telemetry provides both network and security operations with in-depth, responsive VPC flow logs for Google Cloud networking services.
VPC Firewall Logs allows users to log firewall access and deny events with the same responsiveness of VPC flow logs.
Monitoring at peak performance
VPC flow logs allow you to monitor your deployments with no impact to your system performance. With our unique implementation, enabling VPC flow logs provides you in-depth visibility with no performance overhead.
Rich annotation support
With VPC flow logs, you can log flows based on a rich set of annotations, such as geolocation, BGP (Border Gateway Protocol) AS (Autonomous System) Numbers, project, network or subnetwork names, regions or zones, all the way down to VM instance names. This enables you to choose the granularity that is right for your deployment.
VPC flow logs is very flexible and supports exporting of logs to many of our partner products. You can either choose to use Cloud Logging to ingest your logs and analyze them, or you could choose to export them to your existing partner of choice.
Monitor network traffic to and from Compute Engine VMs, including internal VPC traffic, flows leaving the VPC network through Cloud VPN or Cloud Interconnect, flows from an endpoint on the internet to the Compute Engine VMs, and flows between Compute Engine VMs and Google services in production.
No performance impact
VPC flow logs is natively built in the networking stack of the VPC network infrastructure. There is no extra delay and no performance penalty to route the original IP packets to the destination.
Annotates network and subnetwork name, region and zone (if within the VPC), VM instance name, and Geo annotations such as continent, country, region, and city.
You will be able to monitor the network flows for TCP and UDP.
Supports metrics such as number of packets, number of bytes, and RTT (round trip time) for TCP flows.
Flow definition parameters
Define flows based on 5-tuple: source and destination IP addresses, ports, and the IANA protocol number.
Selectively export flow logs to logging storage/APIs, using the filters.
Network Telemetry supports exporting of logs to supported partners.
For Google Cloud pricing, visit our pricing page.
VPC network logs, including VPC flow logs and firewall logs, generate charges.You will be charged for VPC flow logs, but charges for firewall logs will start on February 1, 2019.
|VPC FLOW LOG AND FIREWALL LOG GENERATION||PRICE|
|0–10 TB per month||0.50/GB|
|10–30 TB per month||0.25/GB|
|30–50 TB per month||0.10/GB|
|>50 TB per month||0.05/GB|