R3303-HP 6600/HSR6600 Routers Security Configuration Guide
461
Configuring session logging
Session logs help track information about user access, IP address translation, and traffic, and can be sent
to the log server or exported to the information center in flow log format. It can help network
administrators in security auditing.
VLAN interfaces do not support session logging.
Enabling session logging
Ste
p
Command
Remarks
1. Enter system view.
system-view N/A
2. Enter interface view.
interface interface-type interface-number N/A
3. Enable session logging.
session log enable [ acl acl-number ]
{ inbound | outbound }
Disabled by default.
Only basic and advanced IPv4
ACLs are supported.
Setting session logging thresholds
You can set thresholds to trigger recording and outputting session logs. The thresholds include:
• Holdtime threshold—The system outputs a session log when the holdtime of a session reaches the
preset threshold.
• Traffic threshold—The system outputs a session log when the number of packets or byte count of a
session reaches the preset threshold.
If you specify both the holdtime threshold and traffic threshold, the system performs session logging
according to the threshold that is first reached, and then clears all statistics.
If you specify both the packet count threshold and byte count threshold, only the one specified last takes
effect.
To set session logging thresholds:
Ste
p
Command
Remarks
1. Enter system view.
system-view N/A
2. Set the holdtime threshold
for session logging.
session log time-active time-value
Optional.
0 by default, which means that
the system does not output
session logs based on session
holdtime threshold.
3. Configure the traffic
threshold for session
logging.
• Set the packet count threshold:
session log packets-active
packets-value
• Set the byte count threshold:
session log bytes-active bytes-value
Optional.
0 by default, which means that
the system does not output
session logs based on packet
count threshold or byte count
threshold.