No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

NE40E V800R010C00 Feature Description - NAT and IPv6 Transition 01

Rate and give feedback :
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
User Syslog Format

User Syslog Format

User syslogs in text format are sent by a NAT device working in centralized and distributed NAT deployment modes to log servers.

Example User Syslog in cn Format

Table 7-2  Log syntax

Scenario

Log Syntax

NAT444

<PRI> VERSION TIMESTAMP HOSTNAME APPNAME - NAT444:MSGID [- INNERIP - OUTERIP - STARTPORT ENDPORT]

DS-lite

<PRI> VERSION TIMESTAMP HOSTNAME APPNAME - DSLITE:MSGID [- - INNERIP OUTERIP - STARTPORT ENDPORT]

NAT64(NO-PAT)

<PRI> VERSION TIMESTAMP HOSTNAME APPNAME - NAT64:MSGID [- - INNERIP OUTERIP - - -]

NAT64(PAT)

<PRI> VERSION TIMESTAMP HOSTNAME APPNAME - NAT64:MSGID [- - INNERIP OUTERIP - STARTPORT ENDPORT]

Table 7-3  Description of log syntax fields

Field

Description

PRI

Priority. It is fixed at 134.

VERSION

Version number. It is fixed at 1.

TIMESTAMP

Formatted timestamp defined in relevant standards and the format is YEAR MONTH DAY HOUR:MINUTE:SECOND.

HOSTNAME

Source IP address of the device sending user syslog packets.

APPNAME

Name of the device sending user syslog packets.

MSGID

Packet type

INNERIP

Private network address of a subscriber

OUTERIP

Public IP address of a subscriber

STARTPORT

Start port number.

ENDPORT

End port number.

Example NAT444–based user syslog in cn format:

  • <134> 1 2014 Aug 11 10:50:39 10.93.11.225 _nohostname - NAT444:SessionA [- 192.168.100.11 - 10.0.101.2 -1024 1103]

Example User Syslog in type2 Format

Table 7-4  Log syntax

Scenario

Log Syntax

NAT444/DS-Lite/NAT64

<PRI> VERSION TIMESTAMP HOSTNAME APPNAME - SCENARIO:MSGID STARTTIME |INNERIP|OUTERIP|STARTPORT|ENDPORT

Table 7-5  Description of log syntax fields

Field

Description

PRI

Priority. It is fixed at 142.

VERSION

Version number. It is fixed at 1.

TIMESTAMP

Formatted timestamp defined in relevant standards and the format is <YEAR> <MONTH> <DAY> <HOUR:MINUTE:SECOND>.

HOSTNAME

Source IP address of the device sending user syslog packets.

APPNAME

Name of the device sending user syslog packets.

SCENARIO

NAT scenario:

  • NAT444
  • DS-Lite
  • NAT64

MSGID

Packet type:

  • PortA: The user is applying for a public IP address and port.
  • PortW: The user is releasing a public IP address and port.

STARTTIME

Number of seconds since January 1, 1970, 00:00 (UTC).

INNERIP

Private IP address of a user.

OUTERIP

Public IP address of a subscriber.

STARTPORT

Start port number. In a NAT64 (no-PAT) scenario, the value is 0.

ENDPORT

End port number. In a NAT64 (no-PAT) scenario, the value is 0.

Example NAT444–based user syslog in type2 format:

  • <142> 1 <2012> <May> <05> <12:05:01> 15.15.15.1 _nohostname - <NAT444>:<PortA> 1336190701|172.16.1.250|10.33.11.2|1088|2111

Example User Syslog in type3 Format

Table 7-6  Log syntax

Scenario

Log Syntax

NAT444

<PRI>VERSION TIMESTAMP1 HOSTNAME - - NAT444userbased - %%SYSLOGVERMODULENAME/LOGLEVEL/LOGINFOMNEM(LOGTYPE): USERORINCTYPE, in SCENARIO scene. privateip='PRIVATEIP' srcvrfid='VRFID' publicip='PUBLICIP' publicportrange='STARTPORT~ENDPORT' time='TIMESTAMP2'

DS-Lite

<PRI>VERSION TIMESTAMP1 HOSTNAME - - DS-LITEuserbased - %%SYSLOGVERMODULENAME/LOGLEVEL/LOGINFOMNEM(LOGTYPE): USERORINCTYPE, in SCENARIO scene. privateip='PRIVATEIP/LEN' srcvrfid='VRFID' publicip='PUBLICIP' publicportrange='STARTPORT~ENDPORT' time='TIMESTAMP2'

NAT64

<PRI>VERSION TIMESTAMP1 HOSTNAME - - NAT64userbased - %%SYSLOGVERMODULENAME/LOGLEVEL/LOGINFOMNEM(LOGTYPE): USERORINCTYPE, in SCENARIO scene. privateip='PRIVATEIP/128' srcvrfid='VRFID' publicip='PUBLICIP' publicportrange='STARTPORT~ENDPORT' time='TIMESTAMP2'

Table 7-7  Description of log syntax fields

Field

Description

PRI

Priority. It is fixed at 134.

VERSION

Version number. It is fixed at 1.

TIMESTAMP1

Formatted timestamp defined in relevant standards and the format is YEAR-MONTH -DAYTHOUR:MINUTE:SECONDZ.

HOSTNAME

Source IP address of the device sending user syslog packets.

SYSLOGVER

The fixed value is 1.

MODULENAME

The fixed value is SEC.

LOGLEVEL

Log level. It is fixed at 6.

LOGINFOMNEM

The value is fixed at BIND.

LOGTYPE

The value is fixed at L.

USERORINCTYPE

The available options are as follows:

  • An initial port range is assigned
  • An initial port range is freed
  • An increase port range is assigned
  • An increase port range is freed

SCENARIO

NAT scenario:

  • NAT444
  • DS-Lite
  • NAT64

INNERIP

Private IP address of a user.

LEN

Length of an IPv6 prefix.

VRFID

VRF index.

OUTERIP

Public IP address of a subscriber.

STARTPORT

Start port number.

ENDPORT

End port number.

TIMESTAMP2

Formatted timestamp defined in relevant standards and the format is YEAR-MONTH-DAY HOUR:MINUTE:SECOND. The default value is UTC time. If the local-timezone command is specified in the nat syslog descriptive format type3 command, this parameter specifies the local device time.

Example NAT444–based user syslog in type3 format:

  • <134>1 2012-10-22T15:55:03Z 10.21.1.2- - NAT444userbased - - %%01SEC/6/BIND(L):An increase portrange is freed, in nat444 scene.privateip='192.85.1.2' srcvrfid='0' publicip='10.11.11.1' publicportrange='1152~1279' time='2012-10-22 15:55:03'

Example User Syslog in Type4 Format

Table 7-8  Log syntax

Scenario

Log Syntax

NAT444/DS-Lite/NAT64

Port allocation

<PRI>TIMESTAMP [FWNAT]:MSGID: INNERIP -> OUTERIP:STARTPORT-ENDPORT\n

Port reclaiming

<PRI>TIMESTAMP [FWNAT]:MSGID: INNERIP -> OUTERIP:STARTPORT-ENDPORT STARTTIME\n

Table 7-9  Description of log syntax fields

Field

Description

PRI

Priority. It is fixed at 150.

TIMESTAMP

Timestamp defined in relevant standards in the format of <year>-<month>-<day> <hour:minute:second>.

FWNAT

Packet type

  • ASP_NAT_PORT_BLOCK_ALLOC: A user applies for the outer IP address and port number.

  • ASP_NAT_PORT_BLOCK_RELEASE: A user releases the outer IP address and port number.

MSGID

Mesage ID. It is fixed at 1.

INNERIP

User private IP address.

OUTERIP

User public IP address.

STARTPORT

Start interface number.

ENDPORT

End interface number.

STARTTIME

Number of seconds started from January 1, 1970. The time indicates when an address or port number was assigned. The value is in the hexadecimal format.

Example NAT444-based user syslog in type4 format:
  • <150>2015-01-11 15:09:11 [FWNAT]:ASP_NAT_PORT_BLOCK_ALLOC: 100.118.72.212 -> 213.24.126.212:35008-35071\n

  • <150>2015-01-11 15:16:39 [FWNAT]:ASP_NAT_PORT_BLOCK_RELEASE: 100.118.72.212 -> 213.24.126.212:35008-35071 0x54b29217\n

Example User Syslog in Type5 Format

Table 7-10  Log syntax

Scenario

Log Syntax

NAT444/DS-Lite

PRI VERSION HOSTNAME TIMESTAMP APPNAME PROCID MSGID STARTTIME|INNERIP|OUTERIP|STARTPORT|ENDPORT|CGNIP

Table 7-11  Description of log syntax fields

Field

Description

PRI

Priority. It is fixed at 142.

VERSION

Version number. It is fixed at 1.

HOSTNAME

IP address of a device that sends logs.

TIMESTAMP

Timestamp in the format of YEAR MONTH DAY HOUR:MINUTE:SECOND.

APPNAME

Name of a device that sends logs

PROCID

Mandatory. ID of a log group. The ID consists of digits and letters. This field identifies associated logs on the same device, for example, when an entry is created to assign a port range and another entry is created to reclaim this port range. It is fixed at 0000000000.

MSGID

Device type:message type:
  • Device type: NAT444 or DS-Lite
  • Message type: PortA or PortW
NOTE:
  • In a NAT444 scenario, the device type is NAT444.
  • In a DS-Lite scenario, the device type is DS-Lite.
  • If a port range is assigned to a user, the message type is PortA.
  • If a port range is reclaimed, the message type is PortW.

STARTTIME

Time when a port range was assigned. The value is the number of seconds started from GMT 00:00:00, on January 1, 1970.

INNERIP

Source address before translation (private address allocated to a user)

OUTERIP

Public IPv4 address after translation.

STARTPORT

Start public port number.

ENDPORT

End public port number.

CGNIP

CGN device's management IP address.

Example of NAT444 user syslog in type5:

  • 142 1 6.6.6.6 2015 May 1 16:51:22 ne40elog 0000000000 NAT444:PortA 1430499082|5.5.4.6|104.3.0.22|1024|2047|6.6.6.6

Example User Syslog in type6 Format

Table 7-12  Log syntax

Usage Scenario

Log Syntax

NAT444

<PRI>VERSION TIMESTAMP1 HOSTNAME - - NAT444userbased - %%SYSLOGVERMODULENAME/LOGLEVEL/LOGINFOMNEM(LOGTYPE): USERORINCTYPE, in SCENARIO scene. sequence ='SEQUENCE' sessionid =' SESSSIONID' privateip='PRIVATEIP' srcvrfid='VRFID' publicip='PUBLICIP' publicportrange='STARTPORT ~ENDPORT ' time='TIMESTAMP2'

Table 7-13  Description of log syntax fields

Field

Description

PRI

Priority. It is fixed at 134.

VERSION

Version number. It is fixed at 1.

TIMESTAMP1

Timestamp defined in relevant standards in the format of <year> <month> <day> <hour:minute:second>.

HOSTNAME

IP address of a source device that sends syslog packets.

SYSLOGVER

Syslog version. It is fixed at 1.

MODULENAME

Module name. The value is fixed at SEC.

LOGLEVEL

Log level. It is fixed at 6.

LOGINFOMNEM

The value is fixed at BIND.

LOGTYPE

The value is fixed at L.

USERORINCTYPE

Port range operation:
  • An initial portrange is assigned.
  • An initial portrange is freed.
  • An increase portrange is assigned.
  • An increase portrange is freed.
  • An initial portrange keepalive.
  • An increase portrange keepalive.

SCENARIO

NAT scenario:

  • nat444

SEQUENCE

Sequence number of a syslog packet. This field is 64 bits.

  • Among 32 high-order bits, the 16 high-order bits are reserved, and the 16 low-order bits indicate the instance type (4 high-order bits) and instance ID (12 low-order bits). The instance type value is fixed at 1, indicating NAT444. The instance ID is an integer ranging from 1 to 4095.
  • The 32 low-order bits are the sequence number of a log packet related to a specified NAT instance.

A log server parses 32 high- and then low-order bits in the SEQUENCE field.

SESSSIONID

Session ID. The value is the timestamp assigned when a user goes online. The session ID uniquely identifies a user.

privateip

User private IP address.

LEN

Inner IPv6 prefix length.

VRFID

VRF index.

publicip

User public IP address.

STARTPORT

Start public port number. The value is 0 in a NAT64 (no-PAT) scenario. The value is 0 if the nat server-mode enable command is run to support only the internal NAT server services in a NAT instance.

ENDPORT

End public port number. The value is 0 in a NAT64 (no-PAT) scenario. The value is 65535 if the nat server-mode enable command is run to support only the internal NAT server services in a NAT instance.

TIMESTAMP2

Timestamp defined in relevant standards in the format of <year>-<month>-<day> <hour:minute:second>. The default value is UTC time.

Example NAT444-based user syslog in type6 format:

  • <134>1 2015-02-05T11:55:48Z 2.0.0.1 - - NAT444userbased - %%01SEC/6/BIND(L): An initial portrange is assigned, in nat444 scene. sequence='0x0000106f00000002' sessionid='0x00000005' privateip='10.1.1.2' srcvrfid='0' publicip='10.2.1.10' publicportrange='1024~65535' time='2015-02-05 11:55:48'

Flexible User Syslog Format

Table 7-14  Log syntax

Usage Scenario

Log Syntax

Description

NAT444/DS-Lite/NAT64

<PRI> VERSION TIMESTAMP HOSTNAME APPNAME – MSGID MSG

The MSG is customized and consists of flexible combinations of fields. A command line is used to determine fields carried in the flow syslog information. The command can also be used to specify the field sequence and separator between fields. The separator between fields can be black space, vertical bar (|), slash (/), or backslash (\).
Table 7-15  Description of log syntax fields
Field Description Data Output Example
timestamp-year Year in a timestamp (indicates the time when logs were sent). 2015/1/11 15:09
timestamp-month Month in a timestamp (indicates the time when logs were sent). 2015/1/11 15:09
timestamp-date Day in a timestamp (indicates the time when logs were sent). 2015/1/11 15:09
timestamp-hour Hours in a timestamp (indicates the time when logs were sent). 2015/1/11 15:09
timestamp-minute Minutes in a timestamp (indicates the time when logs were sent). 2015/1/11 15:09
timestamp-second Seconds in a timestamp (indicates the time when logs were sent). 2015/1/11 15:09
starttime-year Year in the start time (when a port was assigned or a flow table was created). time='2015-02-05 11:55:48'
starttime-month Month in the start time (when a port was assigned or a flow table was created). time='2015-02-05 11:55:48'
starttime-date Date in the start time (when a port was assigned or a flow table was created). time='2015-02-05 11:55:48'
starttime-hour Hours in the start time (when a port was assigned or a flow table was created). time='2015-02-05 11:55:48'
starttime-minute Minutes in the start time (when a port was assigned or a flow table was created). time='2015-02-05 11:55:48'
starttime-second Seconds in the start time (when a port was assigned or a flow table was created). time='2015-02-05 11:55:48'
timestamp-month-en Month (English letters) in a timestamp. September 10
timestamp-month- abbreviation Month (English abbreviation) in a timestamp. Sep 10
timestamp-second-dec Seconds (a decimal number) in a timestamp. 1430470249
timestamp-second-hex Seconds (a hexadecimal number) in a timestamp. 0x54b29217
starttime-month-en Month (English letters) in the start time. September 10
starttime-month-abbreviation Month (English abbreviation) in the start time. Sep 10
starttime-second-dec Seconds (a decimal number) in the start time. 1430470249
starttime-second-hex Seconds (a hexadecimal number) in the start time. 0x54b29217
endtime-second-dec Seconds (a decimal number) in the end time when a port was released or a flow table aged. 1430470249
endtime-second-hex Seconds (a hexadecimal number) in the end time when a port was released or a flow table aged. 0x54b29217
host-ip Device IP address (configured using the nat log host command in a NAT instance). 2.0.0.1
app-name Name of a configured log server. ne40elog
scene Scenario NAT444
source-ip Source IP address, used only in a NAT444 scenario:
  • A reverse packet's IP address in a user log before NAT processing is performed
  • A source IP address of a packet in a flow log
192.85.1.2
start-port Start public port number included in a log. Start port number of a pre-allocated port range of 1152 to 1279
end-port End public port number included in a log. End port number of a pre-allocated port range of 1152 to 1279
vpn-id User VPN index. srcvrfid='0'
session-id Session ID. The value is the timestamp assigned when a user goes online. The session ID uniquely identifies a user. sessionid='0x0000000'
nat-source- ip Source IP address after NAT processing is performed. 172.100.252.153
instance-id Instance ID. 0
pool-id Address pool ID. 1
slot-id Slot ID. 1
cpu-id CPU ID. 0
sequence-hex Log sequence number, in hexadecimal notation. sequence='0x0000106f00000002'
sequence-dec og sequence number, in decimal notation. sequence='123456789'
log-type-description Description of a created user log type. The forwarding plane obtains a value based on the triggered log:
  • An initial portrange is assigned
  • An initial portrange is freed
  • An increase portrange is assigned
  • An increase portrange is freed
  • An initial portrange keepalive
  • An increase portrange keepalive
utc UTC time used to send log information. -
local Local time used to send log information. -
cgn-ip CGN device's management IP address. If a CGN device forwards a log to a local device, this field does not need to be specified. If an intermediate device forwards a log to a local device, this field must be specified. 10.6.6.6
fixed-string A fixed string. It can be used to deliver only the location and separator information. The forwarding plane only reads the separator information.
extend-first Reserved field 1. Not used
extend-second Reserved field 2. Not used
extend-third Reserved field 3. Not used
extend-fourth Reserved field 4. Not used
extend-fifth Reserved field 5. Not used
Source-ipv6 Source IPv6 address, supported only by NAT64 and DS-Lite. 2001:db8::1:1
Prefix-length Prefix length, supported by NAT64 and DS-Lite:
  • DS-Lite: The value is an integer ranging from 0 to 128.
  • NAT64: The value is fixed at 128.
extend eighth Reserved field 8. Not used

Example of the flexible DS-Lite user syslog format:

  • 2016userlog create: 12-30|15:45:58|12-30|15:45:58|11.11.11.2 host1 dslite 1024 1087 0 0x58668136 0 8193 1 0 0x1d 29 An initial portrange is assigned 192.85.1.2 2001:db8::5 128
Download
Updated: 2018-07-04

Document ID: EDOC1100027155

Views: 22470

Downloads: 76

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next