beautypg.com

Exporting nat logs to log server, Network requirements, Configuration procedure – H3C Technologies H3C S12500 Series Switches User Manual

Page 129

background image

115

Field Description

2.2.2.2:768

Destination IP address and port number.

2005/07/07 04:20:03
2005/07/07 04:20:29

Start time of the NAT session. In this example, the time displayed is the switch's
system time. When the logs are exported in UDP packet, the UDP packet records
the interval in seconds between the current system time and Greenwich time 0

AM, Jan 1

st

, 1970. The log server, based on its own system time, converts this

interval and exports it.

2005/07/07 04:20:09
0000/00/00 00:00:00

End time of the NAT session.
0000/00/00 00:00:00 means that this time is uncertain.

Operator

Reasons for generating NAT logs come from:

Aged for reset or config-change refers to logs generated due to

configuration change or manual session deletion.

Aged for no-pat of NAT refers to logs generated when the no-pat session is

aged out.

Active data flow timeout refers to logs generated when the duration of NAT

session exceeds the active data flow time.

Data flow created refers to logs generated when a NAT session is

established.

Normal over refers to logs generated when the session is aged out.

Exporting NAT logs to log server

Network requirements

A PC in the private network accesses Device B on the public network through Device A, which is

enabled with NAT.

Device A sends NAT logs to the information center in UDP packets.

Figure 54 Network diagram

Configuration procedure

The following only lists configurations pertinent to NAT logs.
Details of configurations regarding the IP addresses of the switches and NAT function are not shown.
# Specify IP addresses for the interfaces, as shown in

Figure 54

. (Details not shown.)

Host

192.168.1.6/24

Vlan-int1

192.168.1.5/24

GE3/0/3

GE3/0/1
1.1.1.1/24

GE3/0/2

1.1.1.4/24

Device A

Device B

Loop1

2.2.2.2/24

NAT log server/system log server

3.3.3.7/24

GE3/0/2