H3C Technologies H3C SecPath F1000-E User Manual

5

Figure 2 Flow logging

Table 4

describes the configuration items of flow logging.

Table 4 Flow logging configuration items

Item Description

Version

Set the version of flow logging, including 1.0 and 3.0.

IMPORTANT:

Configure the flow logging version according to the capacity of the log receiving
device. If the log receiving device does not support flow logging of a certain
version, the device cannot resolve the logs received.

Source IP Address of
Packets

Set the source IP address of flow logging packets.
After the source IP address is specified, when Device A sends flow logs to Device B,
it uses the specified IP address instead of the actual egress address as the source IP

address of the packets. In this way, although Device A sends out packets to Device
B through different ports, Device B can judge whether the packets are sent from

Device A according to their source IP addresses. This function also simplifies the

configurations of ACL and security policy: If you specify the same source address as
the source or destination address in the rule command in ACL, the IP address

variance and the influence of interface status can be masked, thus filtering flow
logging packets.
You are recommended to use the IP address of the loopback interface as the source
IP address of flow logging packets.

Log Host
Configura

tion

Log Host 1

Set the IPv4/IPv6 addresses, and port number and the VPN instance (this option is
available only when you specify a log host with an IPv4 address) of the Userlog log

host to encapsulate flow logs in UDP packets and send them to the specified userlog