Flow-logging is an EVE feature that allows to collect information
about every application network flow. This includes attributes like
src/dst IP, src/dst port, ACL rule applied, packet/byte counters, etc.
However, this feature is always enabled for every network instance and
can produce lot of data which are then uploaded to the cloud.
We have seen cases where this amounted to hundreds of GB each week,
which was a burden for the controller's database.
Another drawback of flow-logging is that the iptables rules that EVE
installs for network instances are considerably more complicated because
of this feature and thus introduce additional packet processing overhead.
This API change introduced a new boolean option to disable flow logging
for a given Network Instance.
It is recommended that the controller disables flow logging unless it is
explicitly enabled by the user.
Flow-logging is an EVE feature that allows to collect information about every application network flow. This includes attributes like src/dst IP, src/dst port, ACL rule applied, packet/byte counters, etc.
However, this feature is always enabled for every network instance and can produce lot of data which are then uploaded to the cloud. We have seen cases where this amounted to hundreds of GB each week, which was a burden for the controller's database.
Another drawback of flow-logging is that the iptables rules that EVE installs for network instances are considerably more complicated because of this feature and thus introduce additional packet processing overhead.
This API change introduced a new boolean option to disable flow logging for a given Network Instance. It is recommended that the controller disables flow logging unless it is explicitly enabled by the user.