R3303-HP HSR6800 Routers Security Configuration Guide
363
Task Command
Remarks
Clear sessions.
• In standalone mode:
reset session [ slot slot-number ] [ source-ip
source-ip ] [ destination-ip destination-ip ]
[ protocol-type { icmp | raw-ip | tcp | udp } ]
[ source-port source-port ] [ destination-port
destination-port ] [ vpn-instance
vpn-instance-name ]
• In IRF mode:
reset session [ chassis chassis-number slot
slot-number ] [ source-ip source-ip ] [ destination-ip
destination-ip ] [ protocol-type { icmp | raw-ip | tcp
| udp } ] [ source-port source-port ]
[ destination-port destination-port ] [ vpn-instance
vpn-instance-name ]
Available in user
view.
Configuring session logging
Session logs help track information about user access, IP address translation, and traffic, and can be sent
to the log server or exported to the information center in flow log format. It can help network
administrators in security auditing.
VLAN interfaces do not support session logging.
Enabling session logging
Ste
p
Command
Remarks
1. Enter system view.
system-view N/A
2. Enter interface view.
interface interface-type interface-number N/A
3. Enable session logging.
session log enable [ acl acl-number ]
{ inbound | outbound }
Disabled by default.
Only basic and advanced IPv4
ACLs are supported.
Setting session logging thresholds
You can set thresholds to trigger recording and outputting session logs. The thresholds include:
• Holdtime threshold—The system outputs a session log when the holdtime of a session reaches the
preset threshold.
• Traffic threshold—The system outputs a session log when the number of packets or byte count of a
session reaches the preset threshold.
If you specify both the holdtime threshold and traffic threshold, the system performs session logging
according to the threshold that is first reached, and then clears all statistics.
If you specify both the packet count threshold and byte count threshold, only the one specified last takes
effect.