No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

NE40E V800R010C00 Feature Description - NAT and IPv6 Transition 01

Rate and give feedback :
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Flow Syslogs Format

Flow Syslogs Format

Flow syslogs are sent in text format by the NAT device in centralized and distributed NAT deployment modes.

Example Flow Syslog in cn format

Table 7-17  Log syntax

Scenario

Log Syntax

NAT444

<PRI> VERSION TIMESTAMP HOSTNAME APPNAME - MSGID [L4 INNERIP - OUTERIP INNERPORT OUTERPORT -]

DS-Lite

<PRI> VERSION TIMESTAMP HOSTNAME APPNAME - MSGID [L4 - INNERIP OUTERIP INNERPORT OUTERPORT -]

NAT64

<PRI> VERSION TIMESTAMP HOSTNAME APPNAME - MSGID [L4 - INNERIP OUTERIP INNERPORT OUTERPORT -]

Table 7-18  Description of log syntax fields

Field

Description

PRI

Priority. The value is fixed to 134.

VERSION

Version number. The value is fixed to 1.

TIMESTAMP

Timestamp of a packet and the format is YEAR MONTH DAY HOUR:MINUTE:SECOND.

HOSTNAME

IP address of a device sending flow syslogs.

APPNAME

Name of a device sending flow syslogs.

SCENARIO

NAT scenario:

  • NAT444
  • DS-Lite
  • NAT64

MSGID

Message ID in the format of device-type:message-type.
  • Device type: NAT444,DSLITEor NAT64
  • Message type: SessionbasedA or SessionbasedW
NOTE:
  • In a flow table creation scenario, the message type must be set to SessionbasedA.
  • In a flow table aging scenario, the message type must be set to SessionbasedW.

L4

ID of an application.
  • 1: ICMP
  • 6: TCP
  • 17: UDP

INNERIP

Private IP address:
  • In a NAT444 scenarioor a DSLITE scenario, the value of this field is a private IPv4 address.
  • In a NAT64 scenario, the value of this field is a private IPv6 address.

OUTERIP

Public IPv4 address after NAT is implemented.

INNERPORT

Private port number

OUTERPORT

Public port number after NAT is implemented.

Example flow syslog in cn format:

  • <134> 1 2014 Oct 8 14:04:17 10.1.1.31 cnelog - NAT444:SessionbasedW [17 172.16.178.228 - 10.20.17.234 1024 4097 -]

Example Flow Syslog in Type 2 format

Table 7-19  Log syntax

Scenario

String Formatting

NAT444

Flow table creation

<PRI>VERSION TIMESTAMP HOSTNAME APPNAME - MSGID STARTTIME|-|INNERIP|OUTERIP|OUTERPORT|DESTINATIONIP|DESTINATIONPORT|L4

Flow table aging

<PRI>VERSION TIMESTAMP HOSTNAME APPNAME - MSGID STARTTIME|ENDTIME|INNERIP|OUTERIP|OUTERPORT|DESTINATIONIP|DESTINATIONPORT|L4

Table 7-20  Description of log syntax fields

Field

Description

PRI

The value is fixed to 142.

VERSION

The value is fixed to 1.

TIMESTAMP

Timestamp of a packet and the format is <YEAR> <MONTH> <DAY> <HOUR:MINUTE:SECOND>.

HOSTNAME

IP address of a device sending flow syslogs.

APPNAME

Name of a device sending flow syslogs.

MSGID

Message ID in the format of <device-type>:<message-type>.
  • Device type: NAT444,DSLITEor NAT64
  • Message type: SessionA and SessionW
NOTE:
  • In a flow table creation scenario, the message type is SessionbasedA.
  • In a flow table aging scenario, the message type is SessionbasedW.

STARTTIME

Time elapsed since a flow table starts being created. It is expressed in UTC seconds.

ENDTIME

Time elapsed since a flow table ages. This field is displayed as - when a flow table is being created. It is expressed in UTC seconds.

INNERIP

Source private IP address:

  • In a NAT444 scenario, the value of this field is a private IPv4 address.

OUTERIP

Public IPv4 address after NAT is implemented.

OUTERPORT

Public port number after NAT is implemented.

DESTINATIONIP

Destination IP address.

DESTINATIONPORT

Destination port number.

L4

Identifier of the protocol of packets.

  • 1: ICMP
  • 6: TCP
  • 17: UDP

Example flow syslog in type2 format:

  • <142> 1 <2014> <Oct> <08> <14:00:14> 10.1.1.31 cnelog - <NAT444>:<SessionW> 1412804760|1412805614|172.16.252.153|10.20.2.160|2048|10.36.1.2|1024|17

Example Flow Syslog in type5 Format

Table 7-21  Log syntax

Scenario

Log Syntax

NAT444/DS-Lite

PRI VERSION HOSTNAME TIMESTAMP APPNAME PROCID MSGID STARTTIME|ENDTIME|INNERIP|OUTERIP|OUTERPORT|DESTINATIONIP|DESTINATIONPORT|L4|CGNIP

Table 7-22  Description of log syntax fields

Field

Description

PRI

Priority. It is fixed to 142.

VERSION

Version number. It is fixed to 1.

HOSTNAME

IP address of the device sending flow syslogs

TIMESTAMP

Timestamp in the format of YEAR MONTH DAY HOUR:MINUTE:SECOND

APPNAME

Name of the device sending flow syslogs

PROCID

ID of a log group, which consists of digits and characters. This field is mandatory and specifies the interworking logs in a device, such as the logs for assigning ports and the logs for reclaiming ports.

MSGID

Device type: message type
  • Device type: NAT444, DS-Lite
  • Message type: SessionA, SessionW
NOTE:
  • In NAT444 scenarios, the device type is NAT444.
  • In DS-Lite scenario, the device type is DS-Lite.
  • For flow table creation, the message type is SessionA.
  • For flow table aging, the message type is SessionW.

STARTTIME

Time when NAT starts, number of seconds since January 1, 1970, 00:00 (UTC)

ENDTIME

Time when NAT ends, number of seconds since January 1, 1970, 00:00 (UTC)

NOTE:

This field is displayed as - when a flow table is being created.

INNERIP

Private network address of a subscriber

OUTERIP

Public IPv4 address

OUTERPORT

Number of the public port converted from the source port

DESTINATIONIP

Destination IP address for user access

DESTINATIONPORT

Destination port for user access

L4

Application identifier

  • 1: ICMP
  • 6: TCP
  • 17: UDP

CGNIP

Management IP address of the CGN device.

Example NAT444–based flow syslog in type5 format:

  • 142 1 6.6.6.6 2015 May 1 16:51:22 ne40elog NAT444:SessionA 1430470282|-|5.5.4.6|104.3.0.22|1024|6.6.6.7|1024|17|6.6.6.6
  • 142 1 6.6.6.6 2015 May 1 16:51:22 ne40elog NAT444:SessionW 1430470249|1430470282|5.5.4.6|104.3.0.22|1024|6.6.6.7|1024|17|6.6.6.6

Flexible Flow Syslog Format

Table 7-23  Log syntax

Usage Scenario

Log Syntax

Description

NAT444/DS-Lite/NAT64

<PRI> VERSION TIMESTAMP HOSTNAME APPNAME – MSGID MSG

The MSG is customized and consists of flexible combinations of fields. A command line is used to determine fields carried in the flow syslog information. The command can also be used to specify the field sequence and separator between fields. The separator between fields can be black space, vertical bar (|), slash (/), or backslash (\).
Table 7-24  Description of log syntax fields

Field

Description

Data Output Example

timestamp-year Year in a timestamp (indicates the time when logs were sent). 2015/1/11 15:09
timestamp-month Month in a timestamp (indicates the time when logs were sent). 2015/1/11 15:09
timestamp-date Date in a timestamp (indicates the time when logs were sent). 2015/1/11 15:09
timestamp-hour Hours in a timestamp (indicates the time when logs were sent). 2015/1/11 15:09
timestamp-minute Minutes in a timestamp (indicates the time when logs were sent). 2015/1/11 15:09
timestamp-second Seconds in a timestamp (indicates the time when logs were sent). 2015/1/11 15:09
starttime-year Year in the start time (when a port was assigned or a flow table was created). time='2015-02-05 11:55:48'
starttime-month Month in the start time (when a port was assigned or a flow table was created). time='2015-02-05 11:55:48'
starttime-date Date in the start time (when a port was assigned or a flow table was created). time='2015-02-05 11:55:48'
starttime-hour Hours in the start time (when a port was assigned or a flow table was created). time='2015-02-05 11:55:48'
starttime-minute Minutes in the start time (when a port was assigned or a flow table was created). time='2015-02-05 11:55:48'
starttime-second Seconds in the start time (when a port was assigned or a flow table was created). time='2015-02-05 11:55:48'
timestamp-month-en Month (English letters) in a timestamp. September 10
timestamp-month- abbreviation Month (English abbreviation) in a timestamp. Sep 10
timestamp-second-dec Seconds (a decimal number) in a timestamp 1430470249
timestamp-second-hex Seconds (a hexadecimal number) in a timestamp. 0x54b29217
starttime-month-en Month (English letters) in the start time. September 10
starttime-month-abbreviation Month (English abbreviation) in the start time. Sep 10
starttime-second-dec Seconds (a decimal number) in the start time. 1430470249
starttime-second-hex Seconds (a hexadecimal number) in the start time. 0x54b29217
endtime-second-dec Seconds (a decimal number) in the end time when a port was released or a flow table aged. 1430470249
endtime-second-hex Seconds (a hexadecimal number) in the end time when a port was released or a flow table aged. 0x54b29217
host-ip Device IP address (configured using the nat log host command in a NAT instance). 2.0.0.1
app-name Configured log server name. ne40elog
scene Scenario. NAT444
source-ip Source IP address, used only in NAT444 and DS-Lite scenarios:
  • A reverse packet's IP address in a user log before NAT processing is performed
  • A source IP address of a packet in a flow log
192.85.1.2;
destination-ip Destination IP address. 10.11.11.1
start-port (user) Sart public port included in a log. Start port number of a pre-allocated port range of 1152 to 1279
end-port (user) End public port included in a log. End port number of a pre-allocated port range of 1152 to 1279
vpn-id User VPN index. srcvrfid='0'
session-id Session ID. The value is the timestamp assigned when a user goes online. The session ID uniquely identifies a user. sessionid='0x0000000'
Protocol Packet protocol. ICMP:1 TCP:6 UDP:17
nat-source- ip Source IP address after NAT processing is performed. 172.100.252.153
source-port Source port number. 20
nat-source- port Public port number after NAT processing. 1024
destination-port Destination port number. 20
instance-id Instance ID. 0
pool-id Address pool ID. 1
slot-id Slot ID. 1
cpu-id CPU ID. 0
sequence-hex Log sequence number, in hexadecimal notation. sequence='0x0000106f00000002'
sequence-dec Log sequence number, in decimal notation. sequence='123456789'
utc UTC time. UTC time used to send log information.
local Local time. Local time used to send log information.
cgn-ip CGN device's management IP address. If a CGN device forwards a log to a local device, this field does not need to be specified. If an intermediate device forwards a log to a local device, this field must be specified. 10.6.6.6
fixed-string A fixed string. It can be used to deliver only the location and separator information. The forwarding plane only reads the separator information.
extend-first Reserved field 1. Reserved field for a forwarding patch
extend-second Reserved field 2. Reserved field for a forwarding patch
extend-third Reserved field 3. Reserved field for a forwarding patch
extend-fourth Reserved field 4. Reserved field for a forwarding patch
extend-fifth Reserved field 5. Reserved field for a forwarding patch
Source-ipv6 Source IPv6 address, supported only by NAT64 and DS-Lite. 2001:db8::1:1
Prefix-length Prefix length, supported by NAT64 and DS-Lite.
  • DS-Lite: The value is an integer ranging from 0 to 128.
  • NAT64: The value is fixed at 128.
extend eighth Reserved field 8. Reserved field for a forwarding patch

Example of the flexible DS-Lite flow syslog format:

  • 2017sessionlog : 1-4|19:11:16|1-4|19:11:16|host1 dslite 192.85.1.2 10.11.11.2 0 0x586d48d4 17 10.18.18.53 3333 4444 0 8193 1 0 0xa 10 192.85.1.2 2001:db8:9:1
Example of the flexible NAT64 flow syslog format:
  • 2016-12-24-14|27|28|2016|12|24|14|27|28|December|Dec|27|0x1b|December|Dec|27|0x1b|27|0x1b|10.190.157.32|server|nat64|0.0.0.0|20.20.20.20|0|0x585e85d0|17|60.0.0.0|0|1728|0|0|16384|
Download
Updated: 2018-07-04

Document ID: EDOC1100027155

Views: 22455

Downloads: 76

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next