R3721-F3210-F3171-HP High-End Firewalls System Management and Maintenance Configuration Guide-6PW101
82
Configuring user logging version
Configure the user logging version according to the receiver capability. A receiver cannot resolve user
logs correctly if it does not support the version of the user logs.
To configure user logging version:
Ste
p
Command
Remarks
1. Enter system view.
system-view N/A
2. Configure user logging
version.
userlog flow export version
version-number
Optional.
The default user logging version is 1.0.
NOTE:
A
lthou
g
h the device supports both of the two versions, only one can be active at one time. Therefore, if you
configure the user logging version multiple times, the latest configuration takes effect.
Configuring the source address for user logging packets
A source IP address is usually used to uniquely identify the sender of a packet. If the source IP address is
specified, when Device A, for example, sends user logs to Device B, it uses the specified IP address
instead of the actual egress address as the source IP address of the packets. In this way, although Device
A sends out packets to Device B through different ports, Device B can judge whether the packets are sent
from Device A according to their source IP addresses. This function also simplifies the configurations of
ACL and security policy: If you specify the same source address as the source or destination address in
the rule command in ACL, the IP address variance and the influence of interface status can be masked,
thus filtering user logging packets.
To configure the source address for user logging packets:
Ste
p
Command
Remarks
1. Enter system view.
system-view N/A
2. Specify the source IP address
of user logging packets.
userlog flow export
source-ip ip-address
Optional.
By default, the source IP address of user
logging packets is the IP address of the egress
interface of the packets.
Exporting user logs
User logs can be exported in two ways:
• User logs are encapsulated into UDP packets and are sent to a log server of the network. The log
server analyzes user logs and displays them by class, thus realizing remote monitoring.
• User logs in the format of system information are exported to the information center of the device.
You can set the output destinations of the user logs by setting the output parameters of the system
information. For more information about information center, see "Configuring the information
center."
NOTE:
The two export approaches of user logs are mutually exclusive. If you configure two approaches
simultaneously, the system automatically exports the user logs to the information center.
1. Exporting user logs to a log server