No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search


To have a better experience, please upgrade your IE browser.


CLI-based Configuration Guide - Security

AR100, AR120, AR150, AR160, AR200, AR1200, AR2200, AR3200, and AR3600 V200R010

This document provides the basic concepts, configuration procedures, and configuration examples in different application scenarios of the network management feature supported by the device.
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Firewall Log

Firewall Log

A firewall device records the actions and status of the firewall in real time. For example, the measures taken against IP address spoofing and the detected malicious attacks are recorded in firewall logs.

These logs help you find out the security risks, detect the attempts to violate the security policies, and learn the type of a network attack. The real-time logs are also used to detect the intrusion that is underway.

You can configure the firewall logging function to monitor behaviors and status of the firewall, find security risks, and detect the network attacks and intrusions.

Firewall Logs Supported by the Device

The device supports the following firewall logs:

  • Blacklist logs

    When detecting attacks such as an IP sweeping attack and port scanning attack, the device generates blacklist logs if the blacklist function is enabled.

    A blacklist log is also generated when you add an entry to the blacklist, or when an entry in the blacklist expires.

  • Attack logs

    When detecting an attack, the device generates an attack log to record the attack type and parameters.

  • Traffic monitoring logs

    When the number of inbound and outbound sessions of the entire system or a zone exceeds the upper threshold or is smaller than the lower threshold, the device generates a log.

  • Packet-filter log

    Records information about packet filtering.

  • Session logs

    When an entry in the session table expires, the device sends a log to the log server.

Updated: 2019-08-07

Document ID: EDOC1100034077

Views: 126251

Downloads: 231

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Previous Next