No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

CLI-based Configuration Guide - Security

AR500, AR510, and AR530 V200R007

This document describes the configurations of Security, including AAA, DAA,NAC, BRAS Access, ACL, Firewall, Deep Security Defense, Local Attack Defense;Attack Defense, Traffic Suppression, ARP Security, Port Security, DHCP Snooping, IPSG, URPF, PKI, SSL, HTTPS, Keychain, separating the management plane from the service plane, security risks.
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Configuring the Firewall Log Function

Configuring the Firewall Log Function

Firewall logs include session logs, statistics logs, attack defense logs, packet filtering logs and blacklist logs.

Context

The session logs are exported to a log host in real time; therefore, you need to configure the log host first. To configure the log host, configure the IP address and port number of the log host as well as the source IP address and source port number that the Router uses to communicate with the log host.

An ACL is referenced in the interzone view to determine the sessions to be recorded in the logs. The ACLs can be configured for incoming and outgoing traffic.

Procedure

  1. Run:

    system-view

    The system view is displayed.

  2. Run:

    firewall log binary-log host host-ip-address host-port source source-ip-address source-port [ vpn-instance vpn-instance-name ]

    A session log host is configured.

    By default, no session log host is configured.

  3. (Optional) Run:

    firewall log { blacklist | defend | session | statistics } log-interval time

    The interval for exporting logs is set.

    By default, logs are exported every 30 seconds.

  4. Run:

    firewall log { all | blacklist | defend | session | statistics | packet-filter } enable

    The log function is enabled on the firewall.

    By default, the log function is disabled on a firewall.

    NOTE:

    To improve configuration efficiency, run the firewall log all enable command to enable the firewall log function. After the command is executed, the traffic statistics, attack, and blacklist log functions take effect on the firewall. To enable the packet filtering log function, you also need to perform Configuring packet filtering log in the interzone; to enable the flow log function, you also need to perform Configuring flow log in the interzone.

    • Configuring packet filtering log in the interzone

      1. Run:
        firewall interzone zone-name1 zone-name2

        The interzone view is displayed.

      2. Run:

        packet-filter logging

        The packet filtering log is enabled in the interzone.

        By default, the packet filtering log is disabled in the interzone.

      3. Run:
        quit

        Return to the system view.

    • Configuring flow log in the interzone

      1. Run:
        firewall interzone zone-name1 zone-name2

        The interzone view is displayed.

      2. Run:

        session-log acl-number { inbound | outbound }

        The conditions of recording flow logs are configured.

        By default, no condition is configured in an interzone for recording flow logs.

      3. Run:
        quit

        Return to the system view.

Checking the Configuration

  • Run the display firewall log configuration command to check logs on the firewall.
Translation
Download
Updated: 2019-05-25

Document ID: EDOC1000097287

Views: 13541

Downloads: 40

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next