No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

USG9310 virtual firewall domain session log can't be sent

Publication Date:  2012-10-29 Views:  102 Downloads:  0
Issue Description
USG9310 configuration log send function, including SYSLOG log and session log, eLog server side can receive SYSLOG log normally but cannot receive session log.
Alarm Information
None.
Handling Process
1, eLog server can receive SYSLOG log normally, namely eLog server side should be no problem, check the network, the SYSLOG port 514 and the 9002 port used by session log are opened, locate the cause of the problem in USG9310;
2, check USG9310 configuration, as follows:
 info-center source NATPT channel 2 trap level informational
info-center source IP channel 2 log level warnings trap level warnings
info-center loghost source GigabitEthernet0/0/0
info-center loghost 202.114.111.74
firewall session log-type binary send-type concurrent
firewall session log-type binary source 172.16.20.61 9003
firewall session log-type binary host 1 202.114.111.74 9002
acl number 2000  vpn-instance vfw1
  rule 5 permit ip
acl number 2001  vpn-instance vfw2
  rule 5 permit ip
firewall interzone vpn-instance vfw1 neiwang1 cnc1
  session log enable 2000 outbound
firewall interzone vpn-instance vfw2 neiwang2 cnc2
  session log enable 2001 outbound
There is no problems.
3, check the log sent source port GigabitEthernet0/0/0 (172.16.20.61), contract rate is small, because the USG9310 has millions conversations, namely the log hasn’t been sent out, checking careful revealed that when configuring log host need to configure the virtual firewall’s parameters, changing the configuration as follows:
firewall session log-type binary send-type concurrent
firewall session log-type binary source 172.16.20.61 9003
firewall session log-type binary host 1 202.114.111.74 9002 vpn-instance vfw1
firewall session log-type binary host 2 202.114.111.74 9002 vpn-instance vfw2
After completed the configuration, eLog server can inquire session log normally.
Root Cause
To ensure the eLog server receives the log normally must satisfy the conditions: USG9310 send out logs normally, network transmission is normal, eLog server operating normally. Using segmentation analysis method check the fault regularly.
Suggestions
The communication (routing) between USG9310 virtual firewalls or between virtual firewall and root firewall is isolated, but the virtual firewall is not completely independent, when doing some configurations need to take virtual firewall’s identification.

END