gcloud beta network-management vpc-flow-logs-configs create - creates a new VPC Flow Logs configuration

gcloud beta network-management vpc-flow-logs-configs create(VPC_FLOW_LOGS_CONFIG :--location=LOCATION--organization=ORGANIZATION)[--aggregation-interval=AGGREGATION_INTERVAL][--async][--cross-project-metadata=CROSS_PROJECT_METADATA][--description=DESCRIPTION][--filter-expr=FILTER_EXPR][--flow-sampling=FLOW_SAMPLING][--labels=[LABELS,…]][--metadata=METADATA][--metadata-fields=[METADATA_FIELDS,…]][--state=STATE][--interconnect-attachment=INTERCONNECT_ATTACHMENT    |--network=NETWORK    |--subnet=SUBNET    |--vpn-tunnel=VPN_TUNNEL][GCLOUD_WIDE_FLAG …]

Project-level configuration: Specify a target resource, either: --subnet,--network, --interconnect-attachment, or --vpn-tunnel

Organization-level configuration: Specify the --organization flag without atarget resource to apply the configuration across an entire organization.

The --location=global flag is always required.

gcloudbetanetwork-managementvpc-flow-logs-configscreatemy-config--location=global--organization=<my-org-number>

To create a new VPC Flow Logs configurationmy-config in projectmy-project for a VLAN attachment for Cloud Interconnect, run:

gcloudbetanetwork-managementvpc-flow-logs-configscreatemy-config--location=global--interconnect-attachment="projects/{project_id}/regions/{region}/interconnectAttachments/{interconnect_attachment_id}"

To create a new VPC Flow Logs configurationmy-config in projectmy-project for a Cloud VPN tunnel, run:

gcloudbetanetwork-managementvpc-flow-logs-configscreatemy-config--location=global--subnet="projects/{project_id}/regions/{region}/vpnTunnels/{vpn_tunnel_id}"

To create a new VPC Flow Logs configurationmy-config in projectmy-project for a subnet, run:

gcloudbetanetwork-managementvpc-flow-logs-configscreatemy-config--location=global--subnet="projects/{project_id}/regions/{region}/subnets/{subnet_id}"

To create a new VPC Flow Logs configurationmy-config in projectmy-project for a VPC network, run:

gcloudbetanetwork-managementvpc-flow-logs-configscreatemy-config--location=global--network="projects/{project_id}/global/networks/{network_id}"

VpcFlowLogsConfig resource - Identifier. Unique name of the configuration. Thename can have one of the following forms:

• For project-level configurations:projects/{project_id}/locations/global/vpcFlowLogsConfigs/{vpc_flow_logs_config_id}

• For organization-level configurations:organizations/{organization_id}/locations/global/vpcFlowLogsConfigs/{vpc_flow_logs_config_id}The arguments in this group can be used to specify the attributes of thisresource. (NOTE) Some attributes are not given arguments in this group but canbe set in other ways.

To set theproject attribute:

• provide the argumentvpc_flow_logs_config on the command line witha fully specified name;
• provide the argument--project on the command line;
• set the propertycore/project. This resource can be one of thefollowing types: [networkmanagement.organizations.locations.vpcFlowLogsConfigs,networkmanagement.projects.locations.vpcFlowLogsConfigs].

This must be specified.

VPC_FLOW_LOGS_CONFIG

ID of the vpcFlowLogsConfig or fully qualified identifier for thevpcFlowLogsConfig.

To set thevpc_flow_logs_config attribute:

• provide the argumentvpc_flow_logs_config on the command line.

This positional argument must be specified if any of the other arguments in thisgroup are specified.

--location=LOCATION

The location id of the vpcFlowLogsConfig resource.

To set thelocation attribute:

• provide the argumentvpc_flow_logs_config on the command line witha fully specified name;
• provide the argument--location on the command line.

--organization=ORGANIZATION

The organization id of the vpcFlowLogsConfig resource.

To set theorganization attribute:

• provide the argumentvpc_flow_logs_config on the command line witha fully specified name;
• provide the argument--organization on the command line. Must bespecified for resource of type[networkmanagement.organizations.locations.vpcFlowLogsConfigs].

Arguments for the aggregation interval.

--aggregation-interval=AGGREGATION_INTERVAL

The aggregation interval for the logs. Default value is INTERVAL_5_SEC.AGGREGATION_INTERVAL must be one of:

interval-1-min

Aggregate logs in 1m intervals.

interval-10-min

Aggregate logs in 10m intervals.

interval-15-min

Aggregate logs in 15m intervals.

interval-30-sec

Aggregate logs in 30s intervals.

interval-5-min

Aggregate logs in 5m intervals.

interval-5-sec

Aggregate logs in 5s intervals.

--async

Return immediately, without waiting for the operation in progress to complete.

Arguments for the cross project metadata.

--cross-project-metadata=CROSS_PROJECT_METADATA

Determines whether to include cross project annotations in the logs. This fieldis available only for organization configurations. If not specified in orgconfigs will be set to CROSS_PROJECT_METADATA_ENABLED.CROSS_PROJECT_METADATA must be one of:

cross-project-metadata-disabled

When CROSS_PROJECT_METADATA_DISABLED, metadata from other projects will not beincluded in the logs.

cross-project-metadata-enabled

When CROSS_PROJECT_METADATA_ENABLED, metadata from other projects will beincluded in the logs.

Arguments for the description.

--description=DESCRIPTION

The user-supplied description of the VPC Flow Logs configuration. Maximum of 512characters.

Arguments for the filter expr.

--filter-expr=FILTER_EXPR

Export filter used to define which VPC Flow Logs should be logged.

Arguments for the flow sampling.

--flow-sampling=FLOW_SAMPLING

The value of the field must be in (0, 1]. The sampling rate of VPC Flow Logswhere 1.0 means all collected logs are reported. Setting the sampling rate to0.0 is not allowed. If you want to disable VPC Flow Logs, use the state fieldinstead. Default value is 1.0.

--labels=[LABELS,…]

Resource labels to represent user-provided metadata.

KEY

Keys must start with a lowercase character and contain only hyphens(-), underscores (_), lowercase characters, andnumbers.

VALUE

Values must contain only hyphens (-), underscores (_),lowercase characters, and numbers.

Shorthand Example:

--labels=string=string

JSON Example:

--labels='{"string": "string"}'

File Example:

--labels=path_to_file.(yaml|json)

Arguments for the metadata.

--metadata=METADATA

Configures whether all, none or a subset of metadata fields should be added tothe reported VPC flow logs. Default value is INCLUDE_ALL_METADATA.METADATA must be one of:

custom-metadata

Include only custom fields (specified in metadata_fields).

exclude-all-metadata

Exclude all metadata fields.

include-all-metadata

Include all metadata fields.

--metadata-fields=[METADATA_FIELDS,…]

Custom metadata fields to include in the reported VPC flow logs. Can only bespecified if "metadata" was set to CUSTOM_METADATA.

Arguments for the state.

--state=STATE

The state of the VPC Flow Log configuration. Default value is ENABLED. Whencreating a new configuration, it must be enabled. Setting state=DISABLED willpause the log generation for this config.STATE must beone of:

disabled

When DISABLED, this configuration will not generate logs.

enabled

When ENABLED, this configuration will generate logs.

Arguments for the target resource.

At most one of these can be specified:

--interconnect-attachment=INTERCONNECT_ATTACHMENT

Traffic will be logged from the Interconnect Attachment. Format:projects/{project_id}/regions/{region}/interconnectAttachments/{name}

--network=NETWORK

Traffic will be logged from VMs, VPN tunnels and Interconnect Attachments withinthe network. Format: projects/{project_id}/global/networks/{name}

--subnet=SUBNET

Traffic will be logged from VMs within the subnetwork. Format:projects/{project_id}/regions/{region}/subnetworks/{name}

--vpn-tunnel=VPN_TUNNEL

Traffic will be logged from the VPN Tunnel. Format:projects/{project_id}/regions/{region}/vpnTunnels/{name}

Run$gcloud help for details.