R3303-HP HSR6800 Routers Network Management and Monitoring Configuration Guide
176
Configuring Flow Logging
Configuring flow logging
Flow logging records users' access to external networks. The device classifies flows by 5-tuple
information and generates flow logs. The 5-tuple information includes source IP address, destination IP
address, source port, destination port, and protocol number. The flow logs contain the 5-tuple
information of flows and the numbers of received and sent bytes.
Flow logging has two versions: version 1.0 and version 3.0. They are slightly different in log format, as
show in Table 12 and Table 13.
Table 12 Lo
g format for flow logging 1.0
Field Descri
p
tion
SIP Source IP address.
DIP Destination IP address.
SPORT TCP/UDP source port number.
DPORT TCP/UDP destination port number.
STIME Start time of the flow, in seconds, counted from 1970/1/1 0:0.
ETIME End time of the flow, in seconds, counted from 1970/1/1 0:0.
PROT Protocol number.
OPERATOR Indicates the reason why the flow ended.
RESERVED For future applications.
Table 13 Log format for flow logging version 3.0
Field Descri
p
tion
Prot Protocol number.
Operator Indicates the reason why the flow ended.
IpVersion IP packet version.
TosIPv4 ToS field of the IPv4 packet.
SourceIP Source IP address.
SrcNatIP Source IP address after Network Address Translation (NAT).
DestIP Destination IP address.
DestNatIP Destination IP address after NAT.
SrcPort TCP/UDP source port number.
SrcNatPort TCP/UDP source port number after NAT.
DestPort TCP/UDP destination port number.
DestNatPort TCP/UDP destination port number after NAT.