Once logging is enabled, you can view the logs in the CloudWatch Logs console. Here is a summary of the type of information that you will see in the flow-log (in order):
- The VPC flow-logs version
- The AWS account ID
- The ID of the network interface
- The source IPv4 or IPv6 address
- The destination IPv4 or IPv6 address
- The source port of the traffic
- The destination port of the traffic
- The Internet Assigned Numbers Authority (IANA) protocol number of the traffic
- The number of packets transferred
- The number of bytes transferred
- The start time of the capture window (in Unix seconds)
- The end time of the capture window (in Unix seconds)
- The action associated with the traffic; for example, ACCEPT or REJECT
- The logging status of the flow-log; for example, OK, NODATA, or SKIPDATA
To identify the protocol, check the protocol number field against the IANA protocol numbers list at http://www.iana.org/assignments/protocol-numbers/protocol-numbers.xhtml.