Skip to main content
Version: 3.18 (latest)

Configure flow logs for workloads

Big picture

Configure Calico Enterprise for Windows flow log data for visibility and troubleshooting Windows workloads in Kubernetes clusters.


Calico Enterprise for Windows includes a fully-integrated deployment of Elasticsearch to collect flow log data that drives key features like Flow Visualizer, metrics in the dashboard and Policy Board, policy automation and testing features, and security.

Before you begin


Calico Enterprise for Windows provides the same support for flow logs as Linux, with these exceptions:

  • No packet/bytes stats for denied traffic
  • No DNS stats
  • No HTTP stats
  • No RuleTrace for tiers
  • No BGP logs
  • No support for syslog archiving

How to

Calico Enterprise for Windows flow logs are enabled and configured the same way as Flow logs for Linux. Use the following Windows-specific parameters for specifying file directories and paths.

Felix configurations

FieldDescriptionAccepted ValuesSchemaDefault
windowsFlowLogsFileDirectorySet the directory where flow logs files are stored on Windows nodes. This parameter takes effect only when flowLogsFileEnabled is set to true.stringstringc:\\TigeraCalico\\flowlogs
windowsFlowLogsPositionFilePathSpecify the position of the external pipeline that reads flow logs on Windows nodes. This parameter takes effect only when FlowLogsDynamicAggregationEnabled is set to true.stringstringc:\\TigeraCalico\\flowlogs\\flows.log.pos
windowsStatsDumpFilePathSpecify the position of the file used for dumping flow log statistics on Windows nodes. Note this is an internal setting that you should not need to modify.stringstringc:\\TigeraCalico\\stats\\dump

Additional resources