Skip to main content
Version: 2.10.1

Configure NFO GCP VPC Flow Logs Modules

There are two NFO Modules reporting GCP VPC Flow Logs ingested from Google Cloud Platform:

  • GCP VPC Flow Logs - reports VPC Flow Logs, translating them one-to-one in syslog or JSON formats, and enriching them with GCP data such as VM names, not reported in basic VPC Flow Logs natively
  • GCP Top Traffic Monitor – reports hosts with the most traffic. It consolidates VPC Flow Logs records over a period of time (the Data Collection Interval you choose) which all have the same combination of the following fields: Source IP, Destination IP, Source port, Destination port, and Layer 3 protocol. This information is provided per Project/Subnetwork. The Module also enriches flows with GCP data not reported in basic VPC Flow Logs natively.

Modules Configuration​

In Modules Summary, click on GCP VPC Flow Logs.

Click on to enable one or both Modules you want. Click on enabled Module to configure it further.

Both Modules are integrated with EDFN Agent - GCP VPC flow logs. The Agent is configured in NFO Input panel, or from NFO Modules configuration. Click on the Agent name to open its configuration.

You will be presented with the the following configuration screen.

Please see GCP VPC Flow Logs Input Configuration section for more details.