R2511-HP MSR Router Series Layer 3 - IP Services Configuration Guide(V5)
138
Field Description
Operator
Reasons for generating NAT logs come from:
• Aged for reset or config-change—Refers to logs generated due to
configuration change or manual session deletion.
• Aged for no-pat of NAT—Refers to logs generated when the no-pat session is
aged out.
• Active data flow timeout—Refers to logs generated when the duration of
NAT session exceeds the active data flow time.
• Data flow created—Refers to logs generated when a NAT session is
established.
• Normal over—Refers to logs generated when the session is aged out.
Exporting NAT logs to log server
Network requirements
As shown in Figure 63, a PC in the private network accesses Device B on the public network through
Device A, which is enabled with NAT.
Device A sends NAT logs to the information center in UDP packets.
Figure 63 Network diagram
Configuration procedure
The following only lists configurations pertinent to NAT logs. Details of the configurations regarding the
IP addresses of the devices and NAT function are not shown.
# As shown in Figure 63, conf
igure IP addresses for the interfaces. (Details not shown.)
# Export the NAT logs of Device A to the NAT log server.
<DeviceA> system-view
[DeviceA] userlog nat export host 3.3.3.7 9021
# Set the source IP address of NAT log packets for Device A to 9.9.9.9.
[DeviceA] userlog nat export source-ip 9.9.9.9
# Enable the NAT log function on Device A.
[DeviceA] nat log enable
Host
192.168.1.6/24
Vlan-int1
192.168.1.5/24
Eth1/3
Eth1/1
1.1.1.1/24
Eth1/2
1.1.1.4/24
Device A
Device B
Loop1
2.2.2.2/24
NAT log server/system log server
3.3.3.7/24
Eth1/2