Flow logging configuration, Flow logging overview, Introduction to flow logging – H3C Technologies H3C SR8800 User Manual

191

Flow logging configuration

Flow logging overview

Introduction to flow logging

Flow logging records users’ access to the extranet. The device classifies and calculates flows through the

5-tuple information, which includes source IP address, destination IP address, source port, destination

port, and protocol number, and generates user flow logs. Flow logging records the 5-tuple information

of the packets and number of the bytes received and sent. With flow logs, administrators can track and
record accesses to the network, facilitating the availability and security of the network.

Flow logging versions

Two versions are available with flow logging: version 1.0 and version 3.0, which are slightly different in

packet format. For more information, see the following two tables.

Table 10 UDP packet format in flow logging version 1.0

Field Description

SIP

Source IP address

DIP

Destination IP address

SPORT

TCP/UDP source port number

DPORT

TCP/UDP destination port number

STIME

Start time of a flow, in seconds, counted from 1970/1/1 0:0

ETIME

End time of a flow, in seconds, counted from 1970/1/1 0:0

PROT

Protocol carried over IP

OPERATOR

Indicates the reason why a flow ended

RESERVED

For future applications

Table 11 Packet format in flow logging version 3.0

Field Description

Prot

Protocol carried over IP

Operator

Indicates the reason why a flow ended

IpVersion

IP packet version

TosIPv4

ToS field of the IPv4 packet

SourceIP

Source IP address

SrcNatIP

Source IP address after Network Address Translation (NAT)

DestIP

Destination IP address