Exporting user logs, Exporting user logs to log servers – H3C Technologies H3C SecBlade LB Cards User Manual
Page 50
41
Configuring the source address for user logging packets
A source IP address is usually used to uniquely identify the sender of a packet. Suppose Device A sends
flow logs to Device B. Device A uses the specified IP address instead of the actual egress address as the
source IP address of the packets. In this way, although Device A sends out packets to Device B through
different ports, Device B can judge whether the packets are sent from Device A according to their source
IP addresses. This function also simplifies the configurations of ACLs and security policies. You only need
to specify one address to filter packets from or to a device.
To configure the source address for user logging packets:
Step Command
Remarks
1.
Enter system view.
system-view
N/A
2.
Specify the source IP address
of user logging packets.
userlog flow export source-ip
ip-address
Optional.
By default, the source IP address of
user logging packets is the IP
address of the egress interface.
Exporting user logs
User logs can be exported in the following ways:
•
User logs can be encapsulated into UDP packets and sent to an IPv4 log server or an IPv6 log server
(see
). The log server analyzes user logs and displays them by class, thus realizing remote
monitoring.
•
User logs in the format of system information are exported to the information center of the device.
You can set the output destinations of the user logs by setting the output parameters of the system
information. For more information about the information center, see "Configuring the information
center."
The two export approaches are mutually exclusive. If you configure both approaches, the system
automatically exports user logs to the information center.
Exporting user logs to log servers
You can specify at most two log servers of the same type or different types for a device. There are three
types of log servers, the VPN user logging server, the IPv4 user logging server, and the IPv6 user logging
server. If you have already specified two servers, you need to delete one to specify a new one. If you
specify a new server that has the same IP address as but has other information different from the current
server, the new configuration overwrites the current one.
To export user logs to an IPv4 log server:
Step Command
Remarks
1.
Enter system view.
system-view
N/A
2.
Configure the IPv4 address
and UDP port number of the
log server.
userlog flow export [ vpn-instance
vpn-instance-name ] host
ipv4-address udp-port
Not configured by default.
To export user logs to an IPv6 log server: