> For the complete documentation index, see [llms.txt](https://docs.sprinto.com/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://docs.sprinto.com/monitors/audit-logs-and-evidence-trails/how-to-resolve-sprinto-check-for-enabling-gcp-vpc-flow-log.md).

# How to resolve Sprinto check for enabling GCP VPC flow log

### About

Sprinto Check: GCP VPC Subnet flow logs should be captured

Sprinto has introduced a specialized check to ensure the activation of VPC flow logs on the Google Cloud Platform (GCP). Enabling VPC flow logs is crucial for gaining visibility into network traffic, enhancing security monitoring, and aiding in troubleshooting network-related issues.

### Purpose

Enabling VPC flow logs on GCP lets you capture and analyze network traffic data within your Virtual Private Cloud (VPC). This information is invaluable for understanding network behavior, detecting anomalies, and meeting security and compliance requirements.

### How to Enable VPC Flow Logs

Follow the steps below to enable VPC flow logs on Google Cloud Platform:

#### Video Guide

{% embed url="<https://youtu.be/BLA19ZgnkUQ?si=67TbpaRY7B8VlLM3>" %}

#### Step 1 — Confirm Required APIs Are Enabled

Before enabling Flow Logs, ensure these APIs are enabled in the project:

<table><thead><tr><th width="229.44140625">API</th><th width="122.9765625">Required</th><th>Purpose</th></tr></thead><tbody><tr><td><strong>Compute Engine API</strong></td><td>Yes</td><td>Writes <code>"enableFlowLogs": true</code>, which Sprinto reads</td></tr><tr><td>Network Management API</td><td>Optional</td><td>Needed only if UI options are greyed out</td></tr></tbody></table>

To check:\
**Navigation menu → APIs & Services → Enabled APIs & Services**

***

#### Step 2 — Navigate to the Subnet

1. Go to the **GCP Console**.
2. Open the project where the check is failing.
3. In the sidebar, go to:\
   **VPC Network → VPC networks**
4. Select the relevant VPC.
5. Select the **Subnets** tab.
6. Choose the subnet that appears in the Sprinto monitor (or apply to all subnets).

***

#### Step 3 — Enable Flow Logs Using Compute Engine API

1. Click **Edit** on the subnet page.
2. Scroll to **Flow logs**.
3. Set **Flow logs → On**.
4. Under **Choose Log Generation Method**, select:

{% hint style="info" %}
**This is the only method that sets `enableFlowLogs: true`**
{% endhint %}

5. Click **Advanced settings**.
6. Use the following recommended values:

<table><thead><tr><th width="186.640625">Setting</th><th width="154.75">Value</th><th width="300.48046875">Reason</th></tr></thead><tbody><tr><td><strong>Aggregation interval</strong></td><td>15 minutes</td><td>GCP minimum; Sprinto compatible</td></tr><tr><td><strong>Metadata Sampling (or Sampling Rate)</strong></td><td><strong>≥ 10%</strong></td><td>Sprinto requires minimum 10%</td></tr><tr><td>Metadata</td><td>Include metadata</td><td>Recommended for completeness</td></tr></tbody></table>

7. Click **Save**.

***

#### Step 4 — Verify Flow Logs Are Enabled Correctly (Optional but recommended)

You can verify using gcloud:

```
gcloud compute networks subnets describe <SUBNET-NAME> --region=<REGION>
```

Ensure output contains:

```
enableFlowLogs: true
```

If the value is not present → Flow Logs were not applied using the Compute Engine API.

***

### Step 5 — Re-evaluate Monitor in Sprinto

After enabling Flow Logs:

1. Return to Sprinto.
2. Open the failing monitor.
3. Click **Re-evaluate**.

If you do nothing, Sprinto will update automatically during the next scheduled monitor sweep.

***

### Troubleshooting

#### 1. Flow Logs Enabled but Still Failing

Check the following:

* The **Compute Engine API** method was used
* Sampling rate ≥ 10%
* Aggregation interval = 15 minutes
* Subnet is the correct one referenced in the Sprinto monitor
* Re-evaluate was triggered or the system is waiting for next monitoring cycle

#### 2. Flow Log Settings Are Greyed Out

Enable:

* **Network Management API**
* **Compute Engine API**

Then refresh the subnet page.

#### 3. Multiple Subnets in the Same Project Are Failing

Flow Logs need to be enabled **for each subnet individually**.

#### 4. Cost Consideration

Flow Logs may generate additional logs; recommended settings (15-minute interval + 10% sampling) minimize cost while meeting compliance requirements.

***

### Expected Outcome

Once Flow Logs are correctly enabled:

* Subnet will return `enableFlowLogs: true`
* Sprinto will detect the configuration
* Monitor will move to **Passing** after re-evaluation

For any assistance or inquiries related to the Sprinto check for GCP VPC Flowlogs, please get in touch with [Sprinto support](mailto:www.support@sprinto.com). We're here to assist you!


---

# Agent Instructions
This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com.

## Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter, and the optional `goal` query parameter:

```
GET https://docs.sprinto.com/monitors/audit-logs-and-evidence-trails/how-to-resolve-sprinto-check-for-enabling-gcp-vpc-flow-log.md?ask=<question>&goal=<endgoal>
```

`ask` is the immediate question: it should be specific, self-contained, and written in natural language.
`goal` is optional and describes the broader end goal you are ultimately trying to accomplish on behalf of the user. GitBook uses it to tailor the answer towards what is most useful for that goal.

The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.