Enable Flow Logging for VCN Subnets

01 Sign in to your Oracle Cloud Infrastructure (OCI) account.

02 Navigate to Networking console available at https://cloud.oracle.com/networking/.

03 In the left navigation panel, under Overview, choose Virtual cloud networks.

04 Choose the OCI compartment that you want to access from the Compartment dropdown menu, to list the Virtual Cloud Networks (VCNs) available in the selected OCI compartment.

05 Click on the name (link) of the Virtual Cloud Network (VCN) that you want to examine.

06 In the left navigation panel, under Resources, choose Subnets to list the subnets created for the selected Virtual Cloud Network.

07 Click on the name (link) of the subnet that you want to examine, listed in the Name column.

08 In the Resources navigation panel, choose Logs, and check the Flow Logs feature status, listed in the Status column. If the Flow Logs feature status is not set to Active, flow logging is not enabled for the selected Virtual Cloud Networks (VCN) subnet.

09 Repeat steps no. 7 and 8 for each VCN subnet created for your Virtual Cloud Network (VCN).

10 Repeat steps no. 5 - 9 for each VCN deployed within the selected Oracle Cloud Infrastructure (OCI) compartment.

01 Run iam compartment list command (Windows/macOS/Linux) with output query filters to list the ID of each compartment available in your Oracle Cloud Infrastructure (OCI) account:

oci iam compartment list
	--all
	--include-root
	--query 'data[]."id"'

02 The command output should return the requested OCI compartment identifiers (OCIDs):

[
	"ocid1.tenancy.oc1..aaaabbbbccccddddabcd1234abcd1234abcd1234abcd1234abcd1234abcd",
	"ocid1.compartment.oc1..abcd1234abcd1234abcd1234abcd1234abcd1234abcd1234abcd1234abcd"
]

03 Run network vcn list command (Windows/macOS/Linux) with the ID of the OCI compartment that you want to examine as the identifier parameter, the list the name of each Virtual Cloud Network (VCN) available in the selected OCI compartment:

oci network vcn list
	--compartment-id 'ocid1.tenancy.oc1..aaaabbbbccccddddabcd1234abcd1234abcd1234abcd1234abcd1234abcd'
	--all
	--query 'data[]."id"'

04 The command output should return the requested VCN identifiers (names):

[
	"ocid1.vcn.oc1.ap-sydney-1.aaaabbbbccccddddabcdabcd1234abcd1234abcd1234abcd1234abcd1234",
	"ocid1.vcn.oc1.ap-sydney-1.aaaa1234ccccddddabcd1234abcd1234abcd1234abcd1234abcd1234abcd"
]

05 Run network subnet list command (Windows/macOS/Linux) to list the ID of each subnet provisioned for the specified OCI Virtual Cloud Network (VCN):

oci network subnet list
	--compartment-id 'ocid1.tenancy.oc1..aaaabbbbccccddddabcd1234abcd1234abcd1234abcd1234abcd1234abcd'
	--vcn-id 'ocid1.vcn.oc1.ap-sydney-1.aaaabbbbccccddddabcdabcd1234abcd1234abcd1234abcd1234abcd1234'
	--query 'data[]."id"'

06 The command output should return the requested VCN subnet IDs:

[
	"ocid1.subnet.oc1.ap-sydney-1.aaaabbbbccccddddabcd1234abcd1234abcd1234abcd1234abcd1234abcd",
	"ocid1.subnet.oc1.ap-sydney-1.aaaabbbb1234ddddabcdabcd1234abcd1234abcd1234abcd1234abcd1234"
]

07 Run logging log-group list command (Windows/macOS/Linux) to list the ID of each log group created for the specified OCI compartment:

oci logging log-group list
	--compartment-id 'ocid1.tenancy.oc1..aaaabbbbccccddddabcd1234abcd1234abcd1234abcd1234abcd1234abcd'
	--query 'data[]."id"'

08 The command output should return the requested log group IDs:

[
	"ocid1.loggroup.oc1.ap-sydney-1.aaaabbbbcccc1234abcdabcd1234abcd1234abcd1234abcd1234abcd1234",
	"ocid1.loggroup.oc1.ap-sydney-1.aaaabbbbccccddddabcdabcd1234abcd1234abcd1234abcd1234abcd1234"
]

09 Run logging log list command (Windows/macOS/Linux) to determine if there is a flow logging stream created for the specified subnet, within the selected log group. Replace \<subnet-id\> with the ID of the subnet that you want to examine, returned in step no. 6:

oci logging log list
	--log-group-id 'ocid1.loggroup.oc1.ap-sydney-1.aaaabbbbcccc1234abcdabcd1234abcd1234abcd1234abcd1234abcd1234'
	--query "data[?configuration.source.resource=='ocid1.subnet.oc1.ap-sydney-1.aaaabbbbccccddddabcd1234abcd1234abcd1234abcd1234abcd1234abcd']"

10 The command output should return the flow logging object configured for the specified subnet. If the command output returns an empty array, as shown in the example below, no logging configuration data was found for the specified subnet:

[]

11 Repeat steps no. 9 and 10 for every log group available in the selected OCI compartment. If the logging log list command returns an empty array (i.e. []) for each log group, flow logging is not enabled for the selected Virtual Cloud Networks (VCN) subnet.

12 Repeat steps no. 7 - 11 for each subnet provisioned in the selected Virtual Cloud Network.

13 Repeat steps no. 5 - 12 for each Virtual Cloud Networks (VCN) available in the selected OCI compartment.

14 Repeat steps no. 3 – 13 for each OCI compartment available in your Oracle Cloud Infrastructure (OCI) account.

01 Sign in to your Oracle Cloud Infrastructure (OCI) account.

02 Navigate to Logging console available at https://cloud.oracle.com/logging/.

03 In the left navigation panel, choose Log Groups, and select the OCI compartment where you want to deploy your new log group, from the Compartment dropdown menu.

04 Choose Create Log Group and perform the following actions to create the log group that will manage your bucket's write logs:

1. For Name, enter a unique name for the new log group.
2. For Description, provide a short description for the log group usage.
3. (Optional) Choose Show advanced options and use the Tag key and Tag value fields to improve resource management by adding tags.
4. Choose Create to deploy your new OCI log group.

05 Navigate to Networking console available at https://cloud.oracle.com/networking/.

06 In the left navigation panel, under Overview, choose Virtual cloud networks.

07 Choose the OCI compartment that you want to access from the Compartment dropdown menu, to list the Virtual Cloud Networks (VCNs) available in the selected OCI compartment.

08 Click on the name (link) of the Virtual Cloud Network (VCN) that you want to access.

09 In the left navigation panel, under Resources, choose Subnets to list the subnets created for the selected Virtual Cloud Network.

10 Click on the name (link) of the subnet that you want to configure, listed in the Name column.

11 In the Resources navigation panel, select Logs, and perform the following actions to enable flow logging for the selected subnet:

1. Click on the Actions menu (i.e., 3-dot icon) available for the Flow Logs feature, and choose Enable log.
2. For Log group, select the OCI log group created in step no. 4.
3. (Optional) For Log name, you can edit or change the log name provided by default.
4. For Capture filter, provide the OCID of the appropriate capture filter (e.g., ocid1.capturefilter.oc1.ap-sydney-1.abcd1234abcd1234abcd1234abcd1234abcd1234abcd1234abcd1234abcd).
5. (Optional) Choose Show advanced options, and configure log retention, log properties, and resource tags.
6. Choose Enable log to enable flow logs for the selected Virtual Cloud Networks (VCN) subnet.

12 Repeat steps no. 10 and 11 for each VCN subnet created for your Virtual Cloud Network (VCN).

13 Repeat steps no. 8 - 12 for each VCN deployed within the selected Oracle Cloud Infrastructure (OCI) compartment.

01 Run logging log-group create command (Windows/macOS/Linux) to create the OCI log group that will manage your subnet's flow logs:

oci logging log-group create
	--display-name 'cc-project5-flow-log-group'
	--description "Log Group for Subnet Flow Logs"
	--compartment-id 'ocid1.tenancy.oc1..aaaabbbbccccddddabcd1234abcd1234abcd1234abcd1234abcd1234abcd'
	--query 'data'

02 The command output should return the work request ID:

{
	"opc-work-request-id": "ocid1.logworkrequest.oc1.ap-sydney-1.abcdbbbbccccddddabcdabcd1234abcd1234abcd1234abcd1234abcd1234"
}

03 Run logging work-request get command (Windows/macOS/Linux) to describe the identifier (ID) of the newly created log group:

oci logging work-request get
	--work-request-id 'ocid1.logworkrequest.oc1.ap-sydney-1.abcdbbbbccccddddabcdabcd1234abcd1234abcd1234abcd1234abcd1234'
	--query 'data.resources[].identifier'

04 The command output should return the requested log group ID:

[
	"ocid1.loggroup.oc1.ap-sydney-1.aaaabbbbcccc1234abcdabcd1234abcd1234abcd1234abcd1234abcd1234"
]

05 Specify the parameters and settings for the required flow logs object. Save this configuration to a JSON file named cc-flow-logging-config.json. Replace \<compartment-id\> with the ID of your OCI compartment and \<subnet-id\> with the ID of the subnet that you want to configure for logging:

{
	"archiving": {
		"isEnabled": false
	},
	"compartment-id": "<compartment-id>",
	"source": {
		"category": "all",
		"parameters": {},
		"resource": "<subnet-id>",
		"service": "flowlogs",
		"source-type": "OCISERVICE"
	}
}

06 Run logging log create command (Windows/macOS/Linux) to enable flow logging for your Virtual Cloud Networks (VCN) subnet by creating the necessary log resource. For --configuration, use the JSON configuration file defined in the previous step (i.e., cc-flow-logging-config.json):

oci logging log create
	--display-name 'cc-project5-subnet-flow-logs'
	--log-group-id 'ocid1.loggroup.oc1.ap-sydney-1.aaaabbbbcccc1234abcdabcd1234abcd1234abcd1234abcd1234abcd1234'
	--log-type 'SERVICE'
	--is-enabled true
	--configuration file://cc-flow-logging-config.json

07 The command output should return the work request ID:

{
	"opc-work-request-id": "ocid1.logworkrequest.oc1.ap-sydney-1.aaaabbbbccccddddabcdabcd1234abcd1234abcd1234abcd1234abcd1234"
}

08 Repeat steps no. 5 - 7 for each VCN subnet provisioned in the selected Oracle Cloud Infrastructure (OCI) compartment.

09 Repeat steps no. 1 – 8 for each OCI compartment available in your Oracle Cloud Infrastructure (OCI) account.