Exporting flow logs, Exporting flow logs to log server, Exporting flow logs to an ipv4 log server – H3C Technologies H3C SR8800 User Manual

193

NOTE:

Although the router supports both of the two versions, only one can be active at one time. Therefore, if you
configure the flow logging version multiple times, the latest configuration will take effect.

Configuring the source address for flow logging

packets

A source IP address is usually used to uniquely identify the sender of a packet. If the source IP address is

specified, when Device A, for example, sends flow logs to Device B, it uses the specified IP address

instead of the actual egress address as the source IP address of the packets. In this way, although Device

A sends out packets to Device B through different ports, Device B can judge whether the packets are sent
from Device A according to their source IP addresses. This function also simplifies the configurations of

ACL and security policy: If you specify the same source address as the source or destination address in

the rule command in ACL, the IP address variance and the influence of interface status can be masked,

thus filtering flow logging packets.
To configure the source address for flow logging packets:

Step Command

Remarks

1.

Enter system view.

system-view

N/A

2.

Specify the source IP
address of flow logging

packets.

userlog flow export source-ip
ip-address

Optional
By default, the source IP address of flow
logging packets is the IP address of the

egress interface of the packets.

Exporting flow logs

Flow logs can be exported in two ways:

•

Flow logs are encapsulated into UDP packets and are sent to a log server of the network, as shown
in

Figure 64

. The log server analyzes flow logs and displays them by class, thus realizing remote

monitoring.

•

Flow logs in the format of system information are exported to the information center of the router.
You can set the output destinations of the flow logs by setting the output parameters of the system

information. For more information about information center, see the chapter “Information center

configuration.”

NOTE:

The two export approaches of flow logs are mutually exclusive. If you configure two approaches
simultaneously, the system automatically exports the flow logs to the information center.

Exporting flow logs to log server

Exporting flow logs to an IPv4 log server

To export flow logs to an IPv4 log server: