Verifying the configuration, Troubleshooting user logging, Symptom 1: no flow log is exported – H3C Technologies H3C SecPath F1000-E User Manual
Page 99: Configuring session logging
88
# Export User's user logs to the log server with IP address 1.2.3.6:2000.
[SecPath] userlog flow export host 1.2.3.6 2000
# Configure the source IP address of UDP packets carrying user logs as 2.2.2.2, so that the log server can
identify that the actions described in the log were on SecPath or on other devices.
[SecPath] userlog flow export source-ip 2.2.2.2
Verifying the configuration
# Display the configuration and statistics about user logs.
nat:
No userlog export is enabled
flow:
Export Version 3 logs to log server : enabled
Source address of exported logs : 2.2.2.2
Address of log server : 1.2.3.6 (port: 2000)
total Logs/UDP packets exported : 112/87
Logs in buffer : 6
Troubleshooting user logging
Symptom 1: No flow log is exported
•
Analysis: Neither of the export approach is specified.
•
Solution: Configure to export the flow logs to the information center or to the log server.
Symptom 2: Flow logs cannot be exported to log server
•
Analysis: Both of the export approaches are configured.
•
Solution: Restore to the default, and then configure the IP address and UDP port number of the log
server.
Configuring session logging
This section describes how to configure session logging in the Web interface. For information about
configuring session logging at the CLI, see Access Control Configuration Guide
Session logging records users’ access information, IP address translation information, and traffic
information, and can output the records in a specific format to a log host, allowing administrators to
perform security auditing.
Session logging records an entry for a session if it reaches the specified threshold. Session logging
supports two categories of thresholds:
•
Time threshold—When the lifetime of a session reaches this threshold, a log entry is output for the
session.
•
Traffic threshold—The traffic threshold can be in units of the number of bytes or the number of
packets. When the traffic of a session reaches the specified number of bytes or packets, a log entry
is output for the session.
For more information about session management, see Access Control Configuration Guide.
- H3C SecPath F5000-A5 Firewall H3C SecPath F1000-A-EI H3C SecPath F1000-E-SI H3C SecPath F1000-S-AI H3C SecPath F5000-S Firewall H3C SecPath F5000-C Firewall H3C SecPath F100-C-SI H3C SecPath F1000-C-SI H3C SecPath F100-A-SI H3C SecBlade FW Cards H3C SecBlade FW Enhanced Cards H3C SecPath U200-A U200-M U200-S H3C SecPath U200-CA U200-CM U200-CS