R3166-R3206-HP High-End Firewalls System Management and Maintenance Configuration Guide-6PW101
73
Symptom 2: Flow logs cannot be exported to log server
• Analysis: Both of the export approaches are configured.
• Solution: Restore to the default, and then configure the IP address and UDP port number of the log
server.
Configuring session logging
Session logging overview
Session logging records users’ access information, IP address translation information, and traffic
information, and can output the records in a specific format to a log host, allowing administrators to
perform security auditing.
Session logging records an entry for a session if it reaches the specified threshold. Session logging
supports two categories of thresholds:
• Time threshold: When the lifetime of a session reaches this threshold, a log entry is output for the
session.
• Traffic threshold: The traffic threshold can be in units of the number of bytes or the number of packets.
When the traffic of a session reaches the specified number of bytes or packets, a log entry is output
for the session.
NOTE:
• For information about session management, see
Access Control Configuration Guide
.
• Session logs are output in the format of flow logs. To view session logs, you also need to configure flo
w
logging.
Table 15 Session logging configuration task list
Task Remarks
Configuring a session logging
policy
Required
Configure a session logging policy, specifying the source zone and
destination zone of the sessions and the ACL for filtering log entries.
By default, no session logging policy exists.
Setting session logging
thresholds
Required
Configure the time threshold or/and traffic threshold for session logging.
By default, both the time threshold and traffic threshold are 0, meaning that
no session logging entries should be output.
IMPORTANT:
If both the time threshold and traffic threshold are configured, a log entry is
output for the session when it reaches whichever threshold and the statistics of
the session will be cleared.