flowlogs

Flowlogs are records produced by network devices or cloud platforms that describe the traffic that flows between endpoints over a period of time. A typical flowlog entry represents a unidirectional stream of packets and may include information such as start and end times, source and destination IP addresses and ports, protocol, the number of packets and bytes transmitted, the interface or network segment involved, and whether the traffic was allowed or denied. Some implementations also capture additional metadata such as the direction of traffic, subnet or VPC identifiers, and accounting details.

Flowlogs can originate from physical routers, switches, firewalls, and load balancers, as well as from cloud

Uses of flowlogs include network monitoring, security analysis, incident response, compliance auditing, performance troubleshooting, and capacity

Best practices involve enabling flowlogs for critical network segments, controlling data retention, applying thoughtful sampling, securing