Verifying the configuration, Troubleshooting user logging, Symptom 1: no flow log is exported – H3C Technologies H3C SecPath F1000-E User Manual

Page 99: Configuring session logging

Advertising
background image

88

# Export User's user logs to the log server with IP address 1.2.3.6:2000.

[SecPath] userlog flow export host 1.2.3.6 2000

# Configure the source IP address of UDP packets carrying user logs as 2.2.2.2, so that the log server can
identify that the actions described in the log were on SecPath or on other devices.

[SecPath] userlog flow export source-ip 2.2.2.2

Verifying the configuration

# Display the configuration and statistics about user logs.

<SecPath> display userlog export

nat:

No userlog export is enabled

flow:

Export Version 3 logs to log server : enabled

Source address of exported logs : 2.2.2.2

Address of log server : 1.2.3.6 (port: 2000)

total Logs/UDP packets exported : 112/87

Logs in buffer : 6

Troubleshooting user logging

Symptom 1: No flow log is exported

Analysis: Neither of the export approach is specified.

Solution: Configure to export the flow logs to the information center or to the log server.

Symptom 2: Flow logs cannot be exported to log server

Analysis: Both of the export approaches are configured.

Solution: Restore to the default, and then configure the IP address and UDP port number of the log
server.

Configuring session logging

This section describes how to configure session logging in the Web interface. For information about

configuring session logging at the CLI, see Access Control Configuration Guide
Session logging records users’ access information, IP address translation information, and traffic
information, and can output the records in a specific format to a log host, allowing administrators to

perform security auditing.
Session logging records an entry for a session if it reaches the specified threshold. Session logging

supports two categories of thresholds:

Time threshold—When the lifetime of a session reaches this threshold, a log entry is output for the
session.

Traffic threshold—The traffic threshold can be in units of the number of bytes or the number of
packets. When the traffic of a session reaches the specified number of bytes or packets, a log entry

is output for the session.

For more information about session management, see Access Control Configuration Guide.

Advertising
This manual is related to the following products:

H3C SecPath F5000-A5 Firewall, H3C SecPath F1000-A-EI, H3C SecPath F1000-E-SI, H3C SecPath F1000-S-AI, H3C SecPath F5000-S Firewall, H3C SecPath F5000-C Firewall, H3C SecPath F100-C-SI, H3C SecPath F1000-C-SI, H3C SecPath F100-A-SI, H3C SecBlade FW Cards, H3C SecBlade FW Enhanced Cards, H3C SecPath U200-A U200-M U200-S, H3C SecPath U200-CA U200-CM U200-CS

Popular Brands
Popular manuals