Network Telemetry

In-depth network telemetry to keep your services secure.

Network Telemetry: VPC flow logs

Identify traffic and access patterns that may impose security or operational risks to your organization in near real time. Network Telemetry provides both network and security operations with in-depth, responsive VPC flow logs for Google Cloud networking services.

Firewall Logging

VPC Firewall Logs allows users to log firewall access and deny events with the same responsiveness of VPC flow logs.

Monitoring at peak performance

VPC flow logs allow you to monitor your deployments with no impact to your system performance. With our unique implementation, enabling VPC flow logs provides you in-depth visibility with no performance overhead.

Rich annotation support

With VPC flow logs, you can log flows based on a rich set of annotations, such as geolocation, BGP (Border Gateway Protocol) AS (Autonomous System) Numbers, project, network or subnetwork names, regions or zones, all the way down to VM instance names. This enables you to choose the granularity that is right for your deployment.

Exporting logs

VPC flow logs is very flexible and supports exporting of logs to many of our partner products. You can either choose to use Cloud Logging to ingest your logs and analyze them, or you could choose to export them to your existing partner of choice.

Features

Traffic coverage

Monitor network traffic to and from Compute Engine VMs, including internal VPC traffic, flows leaving the VPC network through Cloud VPN or Cloud Interconnect, flows from an endpoint on the internet to the Compute Engine VMs, and flows between Compute Engine VMs and Google services in production.

No performance impact

VPC flow logs is natively built in the networking stack of the VPC network infrastructure. There is no extra delay and no performance penalty to route the original IP packets to the destination.

Annotations

Annotates network and subnetwork name, region and zone (if within the VPC), VM instance name, and Geo annotations such as continent, country, region, and city.

Protocols

You will be able to monitor the network flows for TCP and UDP.

Metrics

Supports metrics such as number of packets, number of bytes, and RTT (round trip time) for TCP flows.

Flow definition parameters

Define flows based on 5-tuple: source and destination IP addresses, ports, and the IANA protocol number.

Filters

Selectively export flow logs to logging storage/APIs, using the filters.

Partners

Network Telemetry supports exporting of logs to supported partners.

Technical resources

VPC flow logs—network transparency in near real time

Using VPC flow logs

For Google Cloud pricing, visit our pricing page.

VPC network logs, including VPC flow logs and firewall logs, generate charges.You will be charged for VPC flow logs, but charges for firewall logs will start on February 1, 2019.

VPC FLOW LOG AND FIREWALL LOG GENERATION	PRICE
0–10 TB per month	0.50/GB
10–30 TB per month	0.25/GB
30–50 TB per month	0.10/GB
>50 TB per month	0.05/GB

Log generation can be exported to Cloud Logging, Pub/Sub, Cloud Storage, or BigQuery. Pub/Sub, Cloud Storage, or BigQuery charges apply in addition to log generation charges.

If you send your log generation to Cloud Logging, log generation charges are waived, and only Cloud Logging charges apply. If you send and then exclude your log generation from Cloud Logging, log generation charges apply.

Take the next step

Start building on Google Cloud with $300 in free credits and 20+ always free products.

Try it free

Need help getting started?

Contact sales

Work with a trusted partner

Find a partner

Continue browsing

See all products