R3166-R3206-HP High-End Firewalls System Management and Maintenance Configuration Guide-6PW101

Configuring flow logging in the web interface

Configuring flow logging

Select Log Report > Userlog from the navigation tree to enter the page as shown in Figure 23.

Figure 23 Flow logging

Table 14 Flow logging configuration items

Item Descri

tion

Version

Set the version of flow logging, including 1.0 and 3.0.

IMPORTANT:

Configure the flow logging version according to the capacity of the log receiving

device. If the log receiving device does not support flow logging of a certain version,

the device cannot resolve the logs received.

Source IP Address of

Packets

Set the source IP address of flow logging packets.

After the source IP address is specified, when Device A sends flow logs to Device B,

it uses the specified IP address instead of the actual egress address as the source IP

address of the packets. In this way, although Device A sends out packets to Device

B through different ports, Device B can judge whether the packets are sent from

Device A according to their source IP addresses. This function also simplifies the

configurations of ACL and security policy: If you specify the same source address as

the source or destination address in the rule command in ACL, the IP address

variance and the influence of interface status can be masked, thus filtering flow

logging packets.

HP recommends that you use the IP address of the loopback interface as the source

IP address of flow logging packets.

Loghost 1

Set the VPN instance, IP address and port number of the Userlog log host to

encapsulate flow logs in UDP packets and send them to the specified userlog log

host. The log host can analyze and display the flow logs to remotely monitor the

device. Up to two different userlog log hosts can be specified.

IMPORTANT:

To avoid collision with the common UDP port numbers, HP recommends that you use a

UDP port number in the range from 1025 to 65535.

Loghost 2