R3166-R3206-HP High-End Firewalls System Management and Maintenance Configuration Guide-6PW101
70
To do … Use the command…
Remarks
Configure flow logging version
userlog flow export version
version-number
Optional
The default flow logging version is
1.0
NOTE:
A
lthou
g
h the device supports both of the two versions, only one can be active at one time. Therefore, if you
configure the flow logging version multiple times, the latest configuration takes effect.
Configuring the source address for flow logging packets
A source IP address is usually used to uniquely identify the sender of a packet. If the source IP address is
specified, when Device A, for example, sends flow logs to Device B, it uses the specified IP address
instead of the actual egress address as the source IP address of the packets. In this way, although Device
A sends out packets to Device B through different ports, Device B can judge whether the packets are sent
from Device A according to their source IP addresses. This function also simplifies the configurations of
ACL and security policy: If you specify the same source address as the source or destination address in
the rule command in ACL, the IP address variance and the influence of interface status can be masked,
thus filtering flow logging packets.
Follow these steps to configure the source address for flow logging packets:
To do … Use the command…
Remarks
Enter system view system-view —
Specify the source IP address of flow
logging packets
userlog flow export source-ip
ip-address
Optional
By default, the source IP address of
flow logging packets is the IP
address of the egress interface of
the packets.
Exporting flow logs
Flow logs can be exported in two ways:
• Flow logs are encapsulated into UDP packets and are sent to a log server of the network. The log
server analyzes flow logs and displays them by class, thus realizing remote monitoring.
• Flow logs in the format of system information are exported to the information center of the device.
You can set the output destinations of the flow logs by setting the output parameters of the system
information. For more information about information center, see the chapter “Information center
configuration.”
NOTE:
The two export approaches of flow logs are mutually exclusive. If you configure two approaches
simultaneously, the system automatically exports the flow logs to the information center.
1. Exporting flow logs to an IPv4 log server
Follow these steps to export flow logs to an IPv4 log server:
To do … Use the command…
Remarks
Enter system view system-view —