I now manage multiple public cloud platforms with over 50 cloud servers deployed on each. Multiple servers communicate with each other, or a single server provides services directly. Due to changes in services due to uncontrollable factors, some cloud servers no longer provide external services (and do not communicate with other internal cloud servers), that is, no business traffic exists. Now I want to find this part of the inactive host through the traffic log, but do not know how to filter the traffic.
The important thing to note is that these hosts deploy services such as NTP, and they regularly send traffic to the Internet, which should be excluded from the business traffic.