A command line tool for retrieving and analyzing IBM Cloud flow logs, developed by the Global Cloud Acceleration Team (GCAT) Interns:
When traffic is denied to a VPC by ACLs or security groups, the only way to investigate is to look at flow logs. Currently, flow logs are hard to read and manage. We are going to build a tool that runs SQL queries on the logs to generate important information in a readable format.
Please note that this is still in the EXPERIMENTAL phase and there is no official support at the moment, nor are the current command structures going to be around for very long as they are being constantly modified and tweaked for optimal results before pulling them into our CLI.
Capture information about the IP traffic going to and from network interfaces in your VPC and are stored in a Cloud Object Storage(COS) bucket
With this information you are able to:
- Troubleshoot why specific traffic isn't reaching an instance, which helps to diagnose restrictive security group rules.
- Monitor the traffic that is reaching your instance.
- Adhere to compliance regulations
- Determine the overall health of network monitoring
- Assist with root cause analysis.
Prior to creating a flow log collector, ensure that you have met the following prerequisites:
-Make sure that at least one VPC, a subnet, and a virtual server instance exist. -Make sure that a COS instance with a bucket exists for your flow logs.
For more details, see our [Resources](#resources) section for a detailed IBM Cloud documentation on IBM Cloud VPCs and Flow Logs.
Make sure to note the region of the COS that contains your flow logs, considering that is what you are prompted for when the CLI pulls them to your local depository.
- Must have node js installed.
- Install node js with brew install node.
- After cloning the repo, run cd acl-logsto change your directory to the project directory.
- Run npm installin the project directory.
- Run sudo npm install -g .to package the program as a global command
- In the package.json file, under scripts, set thetestattribute value tojest
- run npm testin terminal to execute tests
- Use flowlog getto pull the newest flowlogs
- Use flowlog parseto parse the flowlogs
- Use flowlog scanto scan logs for errors
- Alternatively, use flowlogto choose from any of the above
- Log in to to cloud.ibm.com
- Click "Manage" in the top right menu bar
- Select "Access (IAM)"
- Select "API keys" on the left menu
- You can create a API key in this page, and make sure to store it securely