Source: Introducing VPC Flow Logs—network transparency in near real-time from Google Cloud Platform
By Ines Envid, Product Manager, GCP
Logging and monitoring are the cornerstones of network and security operations. Whether it’s performance analysis or network forensics, logging and monitoring let you identify traffic and access patterns that may present security or operational risks to the organization. Today, we’re upping the ante for network operations on Google Cloud Platform (GCP) with the introduction of VPC Flow Logs, increasing transparency into your network and allowing you to track network flows all the way down to an individual virtual interface, in near-real-time.
If you’re familiar with network operations, think of VPC Flow Logs like NetFlow, but with additional features. VPC Flow Logs provides responsive flow-level network telemetry for GCP environments, creating logs in five-second intervals. It also allows you to collect network telemetry at various levels. You can choose to collect telemetry for a particular VPC network or subnet or drill down further to monitor a specific VM Instance or virtual interface.
VPC Flow Logs can capture telemetry data from a wide variety of sources. It can track:
The logs generated by this process include a variety of data points, including a 5-tuple definition and timestamps, performance metrics such as throughput and RTT, and endpoint definitions such as VPC and geo annotations. VPC Flow Logs natively lets you export this data in a highly secure manner to Stackdriver Logging or BigQuery. Or using Cloud Pub/Sub, you can export these logs to any number of real-time analytics or SIEM platforms.
Having VPC Flow Logs in your toolbox can help you with a wide range of operational tasks. Here are just a few.
All this happens with near real-time accuracy (updates every 5 seconds vs. minutes), with absolutely no performance impact on your deployment.
One of our key goals with VPC Flow Logs was to allow you to export your flow logs to partner systems for real-time analysis and notifications. At launch, we integrate with two leading logging and analytics platforms: Cisco Stealthwatch and Sumo Logic.
“Our integration with VPC Flow Logs lets customers send their network and security telemetry into Cisco Stealthwatch Cloud without deploying agents or collectors, thereby providing exceptionally fast and easy access to Stealthwatch multicloud security services and a holistic security view across on-premises and public cloud. This integration provides customers with excellent security visibility and threat detection in their GCP environment, and is the latest example of how we are partnering with Google to deliver great value to our joint customers.”
— Jeremy Oakey, Senior Director, Product Management, Cisco Cloud Platform and Solutions Group.