{OCI ネットワーキング} フロー・ログ

OCI

{OCI ネットワーキング} フロー・ログhttps://qiita.com/captain-sadami/items/783b60e1ec9528e3954f

https://docs.public.oneportal.content.oci.oraclecloud.com/ja-jp/iaas/Content/Network/Concepts/vcn-flow-logs.htm


有効化ポイント
①Virtual Cloud Network (VCN)
②サブネット
③リソース(特定のインスタンス、ネットワーク・ロード・バランサまたは1つ以上のVNIC)

※③は画面から実行したところ、「データをフェッチ中にエラーが発生しました」のエラーとなり作成不可

 


前提: コンピュートインスタンス作成済

 

-- 1. ロググループ作成

oci logging log-group list \
--compartment-id ocid1.compartment.oc1..000000000000000000000000000000000000000000000000000000000000 

 

oci logging log-group create \
--compartment-id ocid1.compartment.oc1..000000000000000000000000000000000000000000000000000000000000 \
--display-name lg01 


oci logging log-group list \
--compartment-id ocid1.compartment.oc1..000000000000000000000000000000000000000000000000000000000000 \
--query 'data.{"display-name":"display-name","id":"id","lifecycle-state":"lifecycle-state"}' \
--output table


oci logging log-group delete \
--log-group-id ocid1.loggroup.oc1.iad.000000000000000000000000000000000000000000000000000000000000 \
--force

 

-- 2. 取得フィルタ作成
oci network capture-filter list \
--compartment-id ocid1.compartment.oc1..000000000000000000000000000000000000000000000000000000000000 

 

oci network capture-filter create \
--compartment-id ocid1.compartment.oc1..000000000000000000000000000000000000000000000000000000000000 \
--filter-type FLOWLOG \
--display-name cp01 \
--flow-log-capture-filter-rules '[
  {
    "destination-cidr": "10.0.1.0/24",
    "flow-log-type": "ALL",
    "icmp-options": null,
    "is-enabled": true,
    "priority": 0,
    "protocol": "all",
    "rule-action": "INCLUDE",
    "sampling-rate": 1,
    "source-cidr": null,
    "tcp-options": null,
    "udp-options": null
  }
]' 

 

oci network capture-filter list \
--compartment-id ocid1.compartment.oc1..000000000000000000000000000000000000000000000000000000000000 \
--query 'data.{"display-name":"display-name","id":"id","lifecycle-state":"lifecycle-state"}' \
--output table

oci network capture-filter delete \
--capture-filter-id ocid1.capturefilter.oc1.iad.000000000000000000000000000000000000000000000000000000000000 \
--force 

 

 

-- 3. フロー・ログ有効化

 

oci logging log list \
--log-group-id ocid1.loggroup.oc1.iad.000000000000000000000000000000000000000000000000000000000000 

 


oci logging log create \
--display-name fl01 \
--log-group-id ocid1.loggroup.oc1.iad.000000000000000000000000000000000000000000000000000000000000 \
--log-type SERVICE \
--is-enabled true \
--configuration '{
  "archiving": {
    "is-enabled": false
  },
  "compartment-id": "ocid1.compartment.oc1..000000000000000000000000000000000000000000000000000000000000",
  "source": {
    "category": "subnet",
    "parameters": {
      "capture_filter": "ocid1.capturefilter.oc1.iad.000000000000000000000000000000000000000000000000000000000000",
      "enablementPointType": "Subnet"
    },
    "resource": "ocid1.subnet.oc1.iad.000000000000000000000000000000000000000000000000000000000000",
    "service": "flowlogs",
    "source-type": "OCISERVICE"
  }
}' 


oci logging log list \
--log-group-id ocid1.loggroup.oc1.iad.000000000000000000000000000000000000000000000000000000000000 \
--query 'data[].{"display-name":"display-name","id":"id","lifecycle-state":"lifecycle-state"}' \
--output table


oci logging log delete \
--log-group-id ocid1.loggroup.oc1.iad.000000000000000000000000000000000000000000000000000000000000 \
--log-id ocid1.log.oc1.iad.000000000000000000000000000000000000000000000000000000000000 \
--force 

 

-- 4. ログ確認


ssh -i $HOME/.ssh/id_rsa ubuntu@192.0.2.1