Elog cannot inquire the P2P traffic report

Publication Date:  2012-10-17 Views:  140 Downloads:  0
Issue Description
 In “Secoway eLog” log management system can’t inquires the P2P protocol traffic reports. The firewall operates normally and the network connection with log collector is normal.In the firewall side already has the configuration which sent the the binary log to log collector, in “Secoway eLog” log management system can query to the firewall session log. But when select the “Eudemon/USG firewall > depth message detection > real-time flow statistics" in “Secoway eLog” log management system’s left navigation tree and inquire the P2P protocol traffic reports, there is no data.
Alarm Information
Handling Process
1, if the reason is that the firewall side hasn’t imported mode file, please from huawei technologies co., LTD. Web site to download and import mode files, detailed please contact huawei engineer.
2, if the reason is the firewall side doesn’t configure P2P detection strategy, please follow the following steps configure P2P detection strategy in the firewall side, take USG5300 for example.
A, executive command “system-view”, enter the system view.
B, executive command “firewall p2p-detect default-permit”, enable the global p2p depth detection function.
C, executive command firewall “firewall p2p-detect behavior enable”, enable global p2p behavior detection function.
Two detection mode can be equipped with one or both:
Only configured “firewall p2p-detect default-permit”, global using depth detecting way.
Only configured “firewall p2p-detect behavior enable”, global adoption behavior detection way.
Two kinds of detection methods are both configured, first do depth testing, if detected P2P message, then need not to do the behavior testing. If hasn’t detected P2P message, continue to do behavior detection.
D, executive command “firewall dpi packet-number number”, configure the most detection message numbers of the firewalls to each session.
According to the different needs of P2P recognition rate, configure different number of P2P message detection. Increase the number of detection, can improve the P2P recognition rate, but will reduce the performance of firewall, reduce the number of detection, will reduce the P2P recognition rate, but can improve the performance of the firewall.
By default, the message detection number is 16. When configured P2P behavior detection, it is suggested that the configuration message detection number is greater than 5.
Root Cause
Select the "Eudemon/USG firewall > depth message detection > traffic statistics log inquires ", inquires the P2P protocol log.
1, if can’t query the P2P protocol log, the possible reason is that firewall side hasn’t imported mode file.
2, if can query the P2P protocol log, the possible reason is that firewall side hasn’t configured P2P detection policy.