beautypg.com

User logging (flow logging) overview – H3C Technologies H3C SecBlade LB Cards User Manual

Page 45

background image

36

Item Description

Log Host
IP Address

Log Host 1

Set the address (IPv4 address, host name, or IPv6 address), port number and the
VPN instance.
You can report log information to log hosts in the format of syslog. You can specify
up to four syslog log hosts.
You can specify up to four syslog log hosts.

Log Host 2

Log Host 3

Log Host 4

Refresh Period

Set the refresh period on the log information displayed on the log report Web
interface.
You can select manual refresh or automatic refresh:

Manual—Click Refresh to refresh the Web interface.

Automatic—Select to refresh the webpage every 10 seconds, 30 seconds, 1

minute, 5 minutes, or 10 minutes.

To clear syslogs:

1.

Select Log Report > Syslog from the navigation tree to enter the page as shown in

Figure 10

.

2.

Click Clear Log.
The system clears all syslogs, including system logs, connection limit logs, attack prevention logs,
and blacklist logs.

User logging (flow logging) overview

To generate user logs, configure session logging (see "

Configuring session logging

").

User logging records users' access information to the external network. The device classifies flows based

on 5-tuple information, including the source IP address, destination IP address, source port, destination

port, and protocol number. User logging records the 5-tuple information of the packets and numbers of

the bytes received and sent. With user logging, administrators can track and record accesses to the
network.
You can output user logs in one of the following formats:

Output logs to the information center in the format of system information. The information center
determines the output destination.

Output logs to a log host in UDP packets in binary format.

Two versions are available with user logging: version 1.0 and version 3.0, which are slightly different in

packet format. For more information about packet formats, see

Table 8

and

Table 9

.

Table 8 Packet format in user logging version 1.0

Field Description

SourceIP

Source IP address.

DestIP

Destination IP address.

SrcPort

TCP/UDP source port number.

DestPort

TCP/UDP destination port number.

StartTime

Start time of the flow, in seconds, counted from 1970/1/1 0:0.

EndTime

End time of the flow, in seconds, counted from 1970/1/1 0:0.

This manual is related to the following products:
See also other documents in the category H3C Technologies Safety: