Class LogFormat
The following table describes all of the available fields for a flow log record.
Namespace: Amazon.CDK.AWS.EC2
Assembly: Amazon.CDK.Lib.dll
Syntax (csharp)
public class LogFormat : DeputyBaseSyntax (vb)
Public Class LogFormat Inherits DeputyBaseRemarks
ExampleMetadata: infused
Examples
var vpc = new Vpc(this, "Vpc");
vpc.AddFlowLog("FlowLog", new FlowLogOptions {
LogFormat = new [] { LogFormat.DST_PORT, LogFormat.SRC_PORT }
});
// If you just want to add a field to the default field
vpc.AddFlowLog("FlowLog", new FlowLogOptions {
LogFormat = new [] { LogFormat.VERSION, LogFormat.ALL_DEFAULT_FIELDS }
});
// If AWS CDK does not support the new fields
vpc.AddFlowLog("FlowLog", new FlowLogOptions {
LogFormat = new [] { LogFormat.SRC_PORT, LogFormat.Custom("${new-field}") }
});Synopsis
Constructors
| LogFormat(string) | The following table describes all of the available fields for a flow log record. |
Properties
| ACCOUNT_ID | The AWS account ID of the owner of the source network interface for which traffic is recorded. |
| ACTION | The action that is associated with the traffic. |
| ALL_DEFAULT_FIELDS | The default format. |
| AZ_ID | The ID of the Availability Zone that contains the network interface for which traffic is recorded. |
| BYTES | The number of bytes transferred during the flow. |
| DST_ADDR | The destination address for outgoing traffic, or the IPv4 or IPv6 address of the network interface for incoming traffic on the network interface. |
| DST_PORT | The destination port of the traffic. |
| ECS_CLUSTER_ARN | AWS Resource Name (ARN) of the ECS cluster if the traffic is from a running ECS task. |
| ECS_CLUSTER_NAME | Name of the ECS cluster if the traffic is from a running ECS task. |
| ECS_CONTAINER_ID | Docker runtime ID of the container if the traffic is from a running ECS task. |
| ECS_CONTAINER_INSTANCE_ARN | ARN of the ECS container instance if the traffic is from a running ECS task on an EC2 instance. |
| ECS_CONTAINER_INSTANCE_ID | ID of the ECS container instance if the traffic is from a running ECS task on an EC2 instance. |
| ECS_SECOND_CONTAINER_ID | Docker runtime ID of the container if the traffic is from a running ECS task. |
| ECS_SERVICE_NAME | Name of the ECS service if the traffic is from a running ECS task and the ECS task is started by an ECS service. |
| ECS_TASK_ARN | ARN of the ECS task if the traffic is from a running ECS task. |
| ECS_TASK_DEFINITION_ARN | ARN of the ECS task definition if the traffic is from a running ECS task. |
| ECS_TASK_ID | ID of the ECS task if the traffic is from a running ECS task. |
| END_TIMESTAMP | The time, in Unix seconds, when the last packet of the flow was received within the aggregation interval. |
| FLOW_DIRECTION | The direction of the flow with respect to the interface where traffic is captured. |
| INSTANCE_ID | The ID of the instance that's associated with network interface for which the traffic is recorded, if the instance is owned by you. |
| INTERFACE_ID | The ID of the network interface for which the traffic is recorded. |
| LOG_STATUS | The logging status of the flow log. |
| PACKETS | The number of packets transferred during the flow. |
| PKT_DST_ADDR | The packet-level (original) destination IP address for the traffic. |
| PKT_DST_AWS_SERVICE | The name of the subset of IP address ranges for the pkt-dstaddr field, if the destination IP address is for an AWS service. |
| PKT_SRC_ADDR | The packet-level (original) source IP address of the traffic. |
| PKT_SRC_AWS_SERVICE | The name of the subset of IP address ranges for the pkt-srcaddr field, if the source IP address is for an AWS service. |
| PROTOCOL | The IANA protocol number of the traffic. |
| REGION | The Region that contains the network interface for which traffic is recorded. |
| SRC_ADDR | The source address for incoming traffic, or the IPv4 or IPv6 address of the network interface for outgoing traffic on the network interface. |
| SRC_PORT | The source port of the traffic. |
| START_TIMESTAMP | The time, in Unix seconds, when the first packet of the flow was received within the aggregation interval. |
| SUBLOCATION_ID | The ID of the sublocation that contains the network interface for which traffic is recorded. |
| SUBLOCATION_TYPE | The type of sublocation that's returned in the sublocation-id field. |
| SUBNET_ID | The ID of the subnet that contains the network interface for which the traffic is recorded. |
| TCP_FLAGS | The bitmask value for TCP flags. |
| TRAFFIC_PATH | The path that egress traffic takes to the destination. |
| TRAFFIC_TYPE | The type of traffic. |
| VERSION | The VPC Flow Logs version. |
| VPC_ID | The ID of the VPC that contains the network interface for which the traffic is recorded. |
| Value | The following table describes all of the available fields for a flow log record. |
Methods
| Custom(string) | A custom format string. |
| Field(string) | A custom field name. |
Constructors
LogFormat(string)
The following table describes all of the available fields for a flow log record.
public LogFormat(string value)Parameters
- value string
Remarks
ExampleMetadata: infused
Examples
var vpc = new Vpc(this, "Vpc");
vpc.AddFlowLog("FlowLog", new FlowLogOptions {
LogFormat = new [] { LogFormat.DST_PORT, LogFormat.SRC_PORT }
});
// If you just want to add a field to the default field
vpc.AddFlowLog("FlowLog", new FlowLogOptions {
LogFormat = new [] { LogFormat.VERSION, LogFormat.ALL_DEFAULT_FIELDS }
});
// If AWS CDK does not support the new fields
vpc.AddFlowLog("FlowLog", new FlowLogOptions {
LogFormat = new [] { LogFormat.SRC_PORT, LogFormat.Custom("${new-field}") }
});Properties
ACCOUNT_ID
The AWS account ID of the owner of the source network interface for which traffic is recorded.
public static LogFormat ACCOUNT_ID { get; }Property Value
Remarks
ExampleMetadata: infused
ACTION
The action that is associated with the traffic.
public static LogFormat ACTION { get; }Property Value
Remarks
ExampleMetadata: infused
ALL_DEFAULT_FIELDS
The default format.
public static LogFormat ALL_DEFAULT_FIELDS { get; }Property Value
Remarks
ExampleMetadata: infused
AZ_ID
The ID of the Availability Zone that contains the network interface for which traffic is recorded.
public static LogFormat AZ_ID { get; }Property Value
Remarks
ExampleMetadata: infused
BYTES
The number of bytes transferred during the flow.
public static LogFormat BYTES { get; }Property Value
Remarks
ExampleMetadata: infused
DST_ADDR
The destination address for outgoing traffic, or the IPv4 or IPv6 address of the network interface for incoming traffic on the network interface.
public static LogFormat DST_ADDR { get; }Property Value
Remarks
ExampleMetadata: infused
DST_PORT
The destination port of the traffic.
public static LogFormat DST_PORT { get; }Property Value
Remarks
ExampleMetadata: infused
ECS_CLUSTER_ARN
AWS Resource Name (ARN) of the ECS cluster if the traffic is from a running ECS task.
public static LogFormat ECS_CLUSTER_ARN { get; }Property Value
Remarks
ExampleMetadata: infused
ECS_CLUSTER_NAME
Name of the ECS cluster if the traffic is from a running ECS task.
public static LogFormat ECS_CLUSTER_NAME { get; }Property Value
Remarks
ExampleMetadata: infused
ECS_CONTAINER_ID
Docker runtime ID of the container if the traffic is from a running ECS task.
public static LogFormat ECS_CONTAINER_ID { get; }Property Value
Remarks
If there is one container or more in the ECS task, this will be the docker runtime ID of the first container.
ECS_CONTAINER_INSTANCE_ARN
ARN of the ECS container instance if the traffic is from a running ECS task on an EC2 instance.
public static LogFormat ECS_CONTAINER_INSTANCE_ARN { get; }Property Value
Remarks
ExampleMetadata: infused
ECS_CONTAINER_INSTANCE_ID
ID of the ECS container instance if the traffic is from a running ECS task on an EC2 instance.
public static LogFormat ECS_CONTAINER_INSTANCE_ID { get; }Property Value
Remarks
ExampleMetadata: infused
ECS_SECOND_CONTAINER_ID
Docker runtime ID of the container if the traffic is from a running ECS task.
public static LogFormat ECS_SECOND_CONTAINER_ID { get; }Property Value
Remarks
If there is more than one container in the ECS task, this will be the Docker runtime ID of the second container.
ECS_SERVICE_NAME
Name of the ECS service if the traffic is from a running ECS task and the ECS task is started by an ECS service.
public static LogFormat ECS_SERVICE_NAME { get; }Property Value
Remarks
ExampleMetadata: infused
ECS_TASK_ARN
ARN of the ECS task if the traffic is from a running ECS task.
public static LogFormat ECS_TASK_ARN { get; }Property Value
Remarks
ExampleMetadata: infused
ECS_TASK_DEFINITION_ARN
ARN of the ECS task definition if the traffic is from a running ECS task.
public static LogFormat ECS_TASK_DEFINITION_ARN { get; }Property Value
Remarks
ExampleMetadata: infused
ECS_TASK_ID
ID of the ECS task if the traffic is from a running ECS task.
public static LogFormat ECS_TASK_ID { get; }Property Value
Remarks
ExampleMetadata: infused
END_TIMESTAMP
The time, in Unix seconds, when the last packet of the flow was received within the aggregation interval.
public static LogFormat END_TIMESTAMP { get; }Property Value
Remarks
This might be up to 60 seconds after the packet was transmitted or received on the network interface.
FLOW_DIRECTION
The direction of the flow with respect to the interface where traffic is captured.
public static LogFormat FLOW_DIRECTION { get; }Property Value
Remarks
ExampleMetadata: infused
INSTANCE_ID
The ID of the instance that's associated with network interface for which the traffic is recorded, if the instance is owned by you.
public static LogFormat INSTANCE_ID { get; }Property Value
Remarks
Returns a '-' symbol for a requester-managed network interface; for example, the network interface for a NAT gateway
INTERFACE_ID
The ID of the network interface for which the traffic is recorded.
public static LogFormat INTERFACE_ID { get; }Property Value
Remarks
ExampleMetadata: infused
LOG_STATUS
The logging status of the flow log.
public static LogFormat LOG_STATUS { get; }Property Value
Remarks
ExampleMetadata: infused
PACKETS
The number of packets transferred during the flow.
public static LogFormat PACKETS { get; }Property Value
Remarks
ExampleMetadata: infused
PKT_DST_ADDR
The packet-level (original) destination IP address for the traffic.
public static LogFormat PKT_DST_ADDR { get; }Property Value
Remarks
ExampleMetadata: infused
PKT_DST_AWS_SERVICE
The name of the subset of IP address ranges for the pkt-dstaddr field, if the destination IP address is for an AWS service.
public static LogFormat PKT_DST_AWS_SERVICE { get; }Property Value
Remarks
ExampleMetadata: infused
PKT_SRC_ADDR
The packet-level (original) source IP address of the traffic.
public static LogFormat PKT_SRC_ADDR { get; }Property Value
Remarks
ExampleMetadata: infused
PKT_SRC_AWS_SERVICE
The name of the subset of IP address ranges for the pkt-srcaddr field, if the source IP address is for an AWS service.
public static LogFormat PKT_SRC_AWS_SERVICE { get; }Property Value
Remarks
ExampleMetadata: infused
PROTOCOL
The IANA protocol number of the traffic.
public static LogFormat PROTOCOL { get; }Property Value
Remarks
ExampleMetadata: infused
REGION
The Region that contains the network interface for which traffic is recorded.
public static LogFormat REGION { get; }Property Value
Remarks
ExampleMetadata: infused
SRC_ADDR
The source address for incoming traffic, or the IPv4 or IPv6 address of the network interface for outgoing traffic on the network interface.
public static LogFormat SRC_ADDR { get; }Property Value
Remarks
ExampleMetadata: infused
SRC_PORT
The source port of the traffic.
public static LogFormat SRC_PORT { get; }Property Value
Remarks
ExampleMetadata: infused
START_TIMESTAMP
The time, in Unix seconds, when the first packet of the flow was received within the aggregation interval.
public static LogFormat START_TIMESTAMP { get; }Property Value
Remarks
This might be up to 60 seconds after the packet was transmitted or received on the network interface.
SUBLOCATION_ID
The ID of the sublocation that contains the network interface for which traffic is recorded.
public static LogFormat SUBLOCATION_ID { get; }Property Value
Remarks
ExampleMetadata: infused
SUBLOCATION_TYPE
The type of sublocation that's returned in the sublocation-id field.
public static LogFormat SUBLOCATION_TYPE { get; }Property Value
Remarks
ExampleMetadata: infused
SUBNET_ID
The ID of the subnet that contains the network interface for which the traffic is recorded.
public static LogFormat SUBNET_ID { get; }Property Value
Remarks
ExampleMetadata: infused
TCP_FLAGS
The bitmask value for TCP flags.
public static LogFormat TCP_FLAGS { get; }Property Value
Remarks
If no supported flags are recorded, the TCP flag value is 0.
TCP flags can be OR-ed during the aggregation interval. For short connections, the flags might be set on the same line in the flow log record, for example, 19 for SYN-ACK and FIN, and 3 for SYN and FIN.
TRAFFIC_PATH
The path that egress traffic takes to the destination.
public static LogFormat TRAFFIC_PATH { get; }Property Value
Remarks
ExampleMetadata: infused
TRAFFIC_TYPE
The type of traffic.
public static LogFormat TRAFFIC_TYPE { get; }Property Value
Remarks
The possible values are IPv4, IPv6, or EFA.
VERSION
The VPC Flow Logs version.
public static LogFormat VERSION { get; }Property Value
Remarks
ExampleMetadata: infused
VPC_ID
The ID of the VPC that contains the network interface for which the traffic is recorded.
public static LogFormat VPC_ID { get; }Property Value
Remarks
ExampleMetadata: infused
Value
The following table describes all of the available fields for a flow log record.
public virtual string Value { get; }Property Value
Remarks
ExampleMetadata: infused
Examples
var vpc = new Vpc(this, "Vpc");
vpc.AddFlowLog("FlowLog", new FlowLogOptions {
LogFormat = new [] { LogFormat.DST_PORT, LogFormat.SRC_PORT }
});
// If you just want to add a field to the default field
vpc.AddFlowLog("FlowLog", new FlowLogOptions {
LogFormat = new [] { LogFormat.VERSION, LogFormat.ALL_DEFAULT_FIELDS }
});
// If AWS CDK does not support the new fields
vpc.AddFlowLog("FlowLog", new FlowLogOptions {
LogFormat = new [] { LogFormat.SRC_PORT, LogFormat.Custom("${new-field}") }
});Methods
Custom(string)
A custom format string.
public static LogFormat Custom(string formatString)Parameters
- formatString string
Returns
Remarks
Gives full control over the format string fragment.