# Enable VPC Flow Logs (Network Management API) The Network Management API lets you configure VPC Flow Logs for organizations, Virtual Private Cloud (VPC) networks, subnets, VLAN attachments for Cloud Interconnect, and Cloud VPN tunnels. {% hint style="info" %} **📘Before you begin:** This guide assumes you have permissions with the `Network Management Admin` role (`roles/networkmanagement.admin`), granted as follows: * Organization level (required if you want to configure VPC Flow Logs for an organization) * Project level (required if you want to configure VPC Flow Logs for a VPC network, subnet, VLAN attachment, or Cloud VPN tunnel) {% endhint %} *The following instructions are based on Google documentation here, which may be useful to refer to if needed:* [*https://docs.cloud.google.com/vpc/docs/using-flow-logs*](https://docs.cloud.google.com/vpc/docs/using-flow-logs) ## Prerequisites 1. Navigate to [\](https://console.cloud.google.com/apis/api/networkmanagement.googleapis.com), and click "Enable". ![](/files/jbpmQAEOGPyHgiUxIgyj) 2. In the Google Cloud console, go to the [VPC networks page](https://console.cloud.google.com/networking/networks/list). ![](/files/whSe9WEXIiTuGFUTZXfs) {% hint style="info" %} **📘Options for Flow Log Enablement** VPC Flow logs can be enabled at the following levels: 1. Subnet 2. VPC 3. Organization (requires the `resourcemanager.organizations.get` permission.) The lowest level policy configured will supercede the higher policy. {% endhint %} ## Option 1. Enabling VPC Flow Logs at the Subnet Level 1. On the **Subnets in current project** tab, select one or more subnets and then click **Manage flow logs**. ![](/files/NAPbILGTGGXbuwqFi3Jh) 2. In **Manage flow logs**, click **Add new configuration.** This will configure a new VPC flow log configuration. 3. Do one of the following: 1. If you selected one subnet, in the **Configurations — Subnets** section, click **Add a configuration**. ![](/files/mNjzrRozvK0eGWHN9i9H) 2. If you selected multiple subnets, in the **Configure VPC Flow Logs** section, select **Network Management API**. ![](/files/57JCZMRqznp1V7i7wzCG) 4. For **Name**, enter a name for the new VPC Flow Logs configuration. 5. Change the **Aggregation Interval** to `1 minute`. 6. Optional: Adjust the **Description** and any of the settings in the **Advanced settings** section: 1. **Log filtering**: By default, **Keep only logs that match a filter** is deselected. 2. **Include metadata in the final log entries**: By default, **Metadata annotations** includes all fields. 3. **Secondary sampling rate**: `100%` means that all entries generated by the primary flow log sampling process are kept. 7. Click **Save**. ## Option 2. Enabling VPC Flow Logs for VPC Networks 1. On the **Networks in current project** tab, select one or more networks and then click **Manage flow logs**. ![](/files/gCdZDooG301utGv7E2eD) 2. In **Manage flow logs**, click **Add new configuration.** This will configure a new VPC flow log configuration. ![](/files/90TCNiiKsskm7NWN0MD4) 3. In the popup window, under **Configurations - VPC networks** click on **Add a configuration**. ![](/files/RQKNtTa4DTcyyyILNoyy) 4. For **Name**, enter a name for the new VPC Flow Logs configuration. 5. Change the **Aggregation Interval** to `1 minute`. 6. Optional: Adjust the **Description** and any of the settings in the **Advanced settings** section: 1. **Log filtering**: By default, **Keep only logs that match a filter** is deselected. 2. **Include metadata in the final log entries**: By default, **Metadata annotations** includes all fields. 3. **Secondary sampling rate**: `100%` means that all entries generated by the primary flow log sampling process are kept. 7. Click **Save**. ## Option 3. Configuring VPC Flow Logs at the Organization Level Configurations created at an organizational level will apply to all VPCs within that organization. 1. Navigate to the [VPC Flow Logs](https://console.cloud.google.com/networking/vpc-flow-logs) configuration page. ![](/files/QNPYAnlr1SPF4c2ZAWY8) 2. Click **Add VPC Flow Logs configuration** and then click **Add a configuration for the organization**. ![](/files/btXjXwsz6wPBZiouB38i) 3. For **Name**, enter a name for the new VPC Flow Logs configuration. 4. Change the **Aggregation Interval** to `1 minute`. 5. Optional: Adjust the **Description** and any of the settings in the **Advanced settings** section: 6. Optional: Adjust the **Description** and any of the settings in the **Advanced settings** section: 1. **Log filtering**: By default, **Keep only logs that match a filter** is deselected. 2. **Include metadata in the final log entries**: By default, **Metadata annotations** includes all fields. 3. **Secondary sampling rate**: `100%` means that all entries generated by the primary flow log sampling process are kept. 7. Click **Save**. --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.fusion.vectra.ai/quick-start/quickstart-gcp/enable-network-management-api-flow-logs.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.