beautypg.com

Configuring user logging – H3C Technologies H3C SecPath F1000-E User Manual

Page 92

background image

81

Item

Description

Log Host
IP Address

Log Host 1 Set the IPv4/IPv6 addresses, port number and the VPN instance (this option is

available only when you specify a log host with an IPv4 address) of the syslog log
hosts.
The log information can be reported to the specified remote log hosts in the format
of syslog, and you can specify up to four syslog log hosts.

IMPORTANT:

If you specify an IPv6 address or a VPN instance for a log host, logs generated by the

functions in the advanced security policy module will not be output to the log host.

Log Host 2

Log Host 3

Log Host 4

Refresh Period

Set the refresh period on the log information displayed on the log report Web
interface.
You can select manual refresh or automatic refresh:

Manual—You need to refresh the Web interface when displaying log report

information.

Automatic—You can select to refresh the web page every 10 seconds, 30

seconds, 1 minute, 5 minutes, or 10 minutes.

Configuring user logging

To generate user logs, you must configure session logging (see

Configuring session logging

).

User logs record information about flows based on 5-tuple information, including the source IP address,

destination IP address, source port, destination port, and protocol number. With user logs,

administrators can track and record accesses to the network.
You can output user logs by using one of the following methods:

Output logs to the information center in the format of system information. The information center
determines the output destination.

Output logs to a log host in UDP packets in binary format.

Two versions are available with user logging: version 1.0 and version 3.0, which are slightly different in

packet format. For more information about packet formats, see

Table 12

and

Table 13

.

Table 12 Packet format in user logging version 1.0

Field Description

SourceIP

Source IP address.

DestIP

Destination IP address.

SrcPort

TCP/UDP source port number.

DestPort

TCP/UDP destination port number.

StartTime

Start time of a flow, in seconds, counted from 1970/1/1 0:0.

EndTime

End time of a flow, in seconds, counted from 1970/1/1 0:0.

Prot

Protocol carried over IP.

Operator

Indicates the reason why a flow has ended.

Reserved

For future applications.

This manual is related to the following products:
See also other documents in the category H3C Technologies Safety: