IBM Cloud Docs
FAQs for flow log collectors

FAQs for flow log collectors

You might encounter the following questions when you use IBM Cloud Flow Logs for VPC.

Why don't I see any IBM Cloud Object Storage buckets as options when I create a flow log collector?

The most likely reasons why you might not see your Object Storage buckets when you order a flow log collector:

  • an IBM Cloud® Object Storage service instance isn't provisioned or a destination bucket to collect flow logs.
  • An IAM authorization that grants the flow logs service permission to write flow logs to their bucket isn't configured. In this case, you receive prompts to create an Object Storage service instance and bucket, and add the required Identity and Access Management (IAM) authorization when you are creating a flow log collector. See Creating flow log collectors for information on how to remedy this issue.

Why am I getting a 403 error when I provision a flow log collector?

Likely causes of this error include:

  • Your user is not authorized to access the specified target of the flow log collector.
  • Your IBM Cloud® Object Storage bucket is missing the Identity Authorization Management (IAM) authorization to allow the flow logs service to write flow logs to your bucket.

Can I create multiple flow log collectors?

You can create multiple flow log collectors on the condition that they are on different targets. Keep in mind that flow log collectors with different target scopes might overlap. You cannot create multiple flow log collectors on one single target.

Can I modify the IBM Cloud Object Storage location for a flow log collector?

You cannot change the Object Storage bucket location for an existing flow log collector. You can delete the existing collector and create a new one with the Object Storage bucket location that you want to use.

Are virtual appliances (IKS workers, ROKS, LBaaS, VPN gateway) included in the flow log collector data output?

Flow Logs for VPC supports:

  • IBM Cloud Kubernetes Service (IKS) workers
  • RedHat OpenShift Kubernetes Service (ROKS)
  • Load Balancer as a Service (LBaaS)

VPN gateway is also available at a VPC and subnet level.

At this time, flow log collection does not include support for bare metal server network interfaces and endpoint gateways.

Is there a viewer or filter for flow logs?

Flow Logs for VPC does not have a native viewer or filter. However, SQL Query is a viable option.

Can I modify the target scope for a flow log collector?

You cannot change the target scope for an existing flow log collector. You can delete the existing collector and create a new one with the target scope that you want to use.

Do I need to suspend a flow log collector before I delete it?

No, you can delete a flow log collector at any time, whether it is active or not.