R3303-HP HSR6800 Routers Network Management and Monitoring Configuration Guide

ManualsBrandsHP ManualsNetwork HardwareHP HSR6804 Router Chassis

181

182

183

184

185

186

187

188

189

190

178

Configuring the source address for flow log packets

A source IP address is usually used to uniquely identify the sender of a packet. Suppose Device A sends

flow logs to Device B. Device A uses the specified IP address instead of the actual egress address as the

source IP address of the packets. In this way, although Device A sends out packets to Device B through

different ports, Device B can judge whether the packets are sent from Device A according to their source

IP addresses. This function also simplifies the configurations of ACLs and security policies. You only need

to specify one address to filter packets from or to a device.

To configure the source address for flow log packets:

Ste

Command

Remarks

1. Enter system view.

system-view N/A

2. Specify the source IP address

of flow log packets.

userlog flow export source-ip

ip-address

Optional.

By default, the source IP address of

flow log packets is the IP address of

the egress interface.

Exporting flow logs

Flow logs can be exported in two ways:

• Flow logs are encapsulated into UDP packets and are sent to a remote log server, as shown

in Figure 62. T

he log server analyzes flow logs and displays them by class, thus realizing remote

monitoring.

• Flow logs in the format of system information are exported to the information center of the device.

You can set system information output parameters for the information center to control the output

destinations of the flow logs. For more information about information center, see "Configuring the

Information center."

The two export approaches are mutually exclusive. If you configure both approaches, the system

automatically exports flow logs to the information center.

Exporting flow logs to a log server

On the 6602 router:

You can specify at most two log servers of the same type or different types. There are three types of log

servers, the VPN flow logging server, the IPv4 flow logging server, and the IPv6 flow logging server. If

you have already specified two servers, you need to delete one to specify a new one. If you specify a

new server that has the same IP address as but has other information different from the current server, the

new configuration overwrites the previous one.

On the HSR6602/6604/6608/6616 router:

You must specify flow logging servers for interface cards separately. The router supports at most two log

servers of the same type or different types. There are three types of log servers, the VPN flow logging

server, the IPv4 flow logging server, and the IPv6 flow logging server. If you have already specified two

servers for an interface card, you must delete one to specify a new one. If you specify a new server that