Configure flow logs for workloads
Big picture
Configure Calico Enterprise for Windows flow log data for visibility and troubleshooting Windows workloads in Kubernetes clusters.
Value
Calico Enterprise for Windows includes a fully-integrated deployment of Elasticsearch to collect flow log data that drives key features like Flow Visualizer, metrics in the dashboard and Policy Board, policy automation and testing features, and security.
Before you begin
Limitations
Calico Enterprise for Windows provides the same support for flow logs as Linux, with these exceptions:
- No packet/bytes stats for denied traffic
- No DNS stats
- No HTTP stats
- No RuleTrace for tiers
- No BGP logs
- No support for syslog archiving
How to
Calico Enterprise for Windows flow logs are enabled and configured the same way as Flow logs for Linux. Use the following Windows-specific parameters for specifying file directories and paths.
Felix configurations
Field | Description | Accepted Values | Schema | Default |
---|---|---|---|---|
windowsFlowLogsFileDirectory | Set the directory where flow logs files are stored on Windows nodes. This parameter takes effect only when flowLogsFileEnabled is set to true . | string | string | c:\\TigeraCalico\\flowlogs |
windowsFlowLogsPositionFilePath | Specify the position of the external pipeline that reads flow logs on Windows nodes. This parameter takes effect only when FlowLogsDynamicAggregationEnabled is set to true . | string | string | c:\\TigeraCalico\\flowlogs\\flows.log.pos |
windowsStatsDumpFilePath | Specify the position of the file used for dumping flow log statistics on Windows nodes. Note this is an internal setting that you should not need to modify. | string | string | c:\\TigeraCalico\\stats\\dump |