beautypg.com

Configuring user logging, Configuring flow logging, Introduction – H3C Technologies H3C SecPath F1000-E User Manual

Page 925

background image

3

Item Description

Refresh Period

Set the refresh period on the log information displayed on the log report Web
interface.
You can select manual refresh or automatic refresh:

Manual: You need to refresh the Web interface when displaying log report
information.

Automatic: You can select to refresh the Web page every 10 seconds, 30
seconds, 1 minute, 5 minutes, or 10 minutes.

Configuring User Logging

User logs can be output in the following two formats, and you can select either one:

Output to the information center of the device in the format of system information, and the
information center then decides the output destination.

Output to the specified userlog log host in UDP packets in binary format.

Configuring Flow Logging

NOTE:

At present, flow logs refer to session logs only. To generate flow logs, you need to configure session
logging.

Introduction

Flow logging records users’ access information to the external network. The device classifies and

calculates flows through the 5-tuple information, which includes source IP address, destination IP address,
source port, destination port, and protocol number, and generates user flow logs. Flow logging records

the 5-tuple information of the packets and number of the bytes received and sent. With flow logging,

administrators can track and record accesses to the network, facilitating the availability and security of

the network.
Two versions are available with flow logging: version 1.0 and version 3.0, which are slightly different in

packet format. For details, see the following two tables.

Table 2 Packet format in flow logging version 1.0

Field Description

SourceIP

Source IP address

DestIP

Destination IP address

SrcPort

TCP/UDP source port number

DestPort

TCP/UDP destination port number

StartTime

Start time of a flow, in seconds, counted from 1970/1/1 0:0

EndTime

End time of a flow, in seconds, counted from 1970/1/1 0:0

Prot

Protocol carried over IP

Operator

Indicates the reason why a flow has ended

This manual is related to the following products:
See also other documents in the category H3C Technologies Safety: