4000 Router Series Security Command Reference

ManualsBrandsHP ManualsNetwork HardwareHP MSR3024 TAA-compliant AC Router

381

382

383

384

385

386

387

388

389

390

373

• session log time-active

session log enable

Use session log enable to enable session logging.

Use undo session log enable to disable session logging.

Syntax

session log enable { ipv4 | ipv6 } [ acl acl-number ] { inbound | outbound }

undo session log enable { ipv4 | ipv6 } [ acl acl-number ] { inbound | outbound }

Default

Session logging is disabled.

Views

Interface view

Predefined user roles

network-admin

Parameters

ipv4: Logs IPv4 sessions.

ipv6: Logs IPv6 sessions.

acl acl-number: Specifies an ACL by its number in the range of 2000 to 3999.

inbound: Specifies the inbound direction.

outbound: Specifies the outbound direction.

Usage guidelines

Support for this command depends on your device model.

If no ACL is specified, this command enables session logging for all IPv4 or IPv6 sessions on the

interface.

If neither inbound nor outbound keyword is specified, you enable session logging on both directions.

Up to one IPv4 ACL and one IPv6 ACL can be applied to each direction.

If the traffic threshold and the interval are not specified but session logging is enabled, the device outputs

a session log when a session entry is created or removed.

Examples

# Enable IPv4 session logging in the inbound direction of GigabitEthernet 1/1.

<Sysname> system-view

[Sysname] interface gigabitethernet 1/1

[Sysname-GigabitEthernet1/1] session log enable ipv4 inbound

# Enable session logging on GigabitEthernet 1/2 for IPv4 sessions that match ACL 2050 in the

outbound direction.

<Sysname> system-view

[Sysname] interface gigabitethernet 1/2

[Sysname-GigabitEthernet1/2] session log enable ipv4 acl 2050 outbound