How to resolve Sprinto check for enabling GCP VPC flow log

About

Sprinto Check: GCP VPC Subnet flow logs should be captured

Sprinto has introduced a specialized check to ensure the activation of VPC flow logs on the Google Cloud Platform (GCP). Enabling VPC flow logs is crucial for gaining visibility into network traffic, enhancing security monitoring, and aiding in troubleshooting network-related issues.

Purpose

Enabling VPC flow logs on GCP lets you capture and analyze network traffic data within your Virtual Private Cloud (VPC). This information is invaluable for understanding network behavior, detecting anomalies, and meeting security and compliance requirements.

How to Enable VPC Flow Logs

Follow the steps below to enable VPC flow logs on Google Cloud Platform:

Video Guide

Step 1 — Confirm Required APIs Are Enabled

Before enabling Flow Logs, ensure these APIs are enabled in the project:

To check: Navigation menu → APIs & Services → Enabled APIs & Services

Step 2 — Navigate to the Subnet

1. Go to the GCP Console.

2. Open the project where the check is failing.

3. In the sidebar, go to: VPC Network → VPC networks

4. Select the relevant VPC.

5. Select the Subnets tab.

6. Choose the subnet that appears in the Sprinto monitor (or apply to all subnets).

Step 3 — Enable Flow Logs Using Compute Engine API

1. Click Edit on the subnet page.

2. Scroll to Flow logs.

3. Set Flow logs → On.

4. Under Choose Log Generation Method, select:

1. Click Advanced settings.

2. Use the following recommended values:

1. Click Save.

Step 4 — Verify Flow Logs Are Enabled Correctly (Optional but recommended)

You can verify using gcloud:

gcloud compute networks subnets describe <SUBNET-NAME> --region=<REGION>

Ensure output contains:

enableFlowLogs: true

If the value is not present → Flow Logs were not applied using the Compute Engine API.

Step 5 — Re-evaluate Monitor in Sprinto

After enabling Flow Logs:

1. Return to Sprinto.

2. Open the failing monitor.

3. Click Re-evaluate.

If you do nothing, Sprinto will update automatically during the next scheduled monitor sweep.

Troubleshooting

1. Flow Logs Enabled but Still Failing

Check the following:

• The Compute Engine API method was used

• Sampling rate ≥ 10%

• Aggregation interval = 15 minutes

• Subnet is the correct one referenced in the Sprinto monitor

• Re-evaluate was triggered or the system is waiting for next monitoring cycle

2. Flow Log Settings Are Greyed Out

Enable:

• Network Management API

• Compute Engine API

Then refresh the subnet page.

3. Multiple Subnets in the Same Project Are Failing

Flow Logs need to be enabled for each subnet individually.

4. Cost Consideration

Flow Logs may generate additional logs; recommended settings (15-minute interval + 10% sampling) minimize cost while meeting compliance requirements.

Expected Outcome

Once Flow Logs are correctly enabled:

• Subnet will return enableFlowLogs: true

• Sprinto will detect the configuration

• Monitor will move to Passing after re-evaluation

For any assistance or inquiries related to the Sprinto check for GCP VPC Flowlogs, please get in touch with Sprinto support. We're here to assist you!