No relevant resource is found in the selected language.
Enterprise
Worldwide
Search
Support Documentation
NetEngine AR V300R019 CLI-based Configuration Guide - IP Service
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Configuring the NAT Log Function

Configuring the NAT Log Function

Context

NAT logs are generated when a device performs address translation. The logs record the original source IP addresses, source port numbers, destination IP addresses, destination port numbers, and translated source IP addresses and source port numbers, as well as user actions and timestamps. Network administrators can view NAT logs to learn about information about users who have accessed a network using NAT, enhancing network security. Router can send NAT logs to a specified log server, as shown in Figure 5-28.
Figure 5-28 Sending NAT logs to a specified log server

Procedure

  1. Run system-view

    The system view is displayed.

  2. Run firewall log session enable

    The session log function is enabled.

    By default, the firewall log function is disabled.

  3. Run firewall log session nat enable

    The NAT session log function is enabled.

    By default, the NAT session log function is enabled.

  4. (Optional) Run nat log-format elog

    The NAT log format is set to eLog. The logs are generated in the format specified by the eLog server.

    By default, NAT logs are in a common format.

  5. Configure the device to export logs to a log host in the information center or session log host.

    • Export logs to a log host in the information center.

      1. Run info-center enable

        The information center is enabled.

      2. Run info-center loghost ip-address [ channel { channel-number | channel-name } | facility local-number | language language-name | transport { udp | tcp ssl-policy policy-name [ verify-dns-name dns-name | verify-revocation-status ] } | { vpn-instance vpn-instance-name | public-net } | local-time | port port-id ] *

        The channel through which logs are exported to the log host is configured.

        By default, the device does not export information to a log host.

        A maximum of eight log hosts are supported to implement backup among log hosts.

        For details on how to configure the device to send logs to a log host, see Example for Outputting Log Information to a Log Host in "Information Center Configuration" of the Huawei AR Series V300R019 Configuration Guide - Device Management.

    • Export logs to a session log host.

      Run firewall log binary-log host host-ip-address host-port source source-ip-address source-port [ vpn-instance vpn-instance-name ]

      A binary log server is configured, including the server's IP address and port number, and the IP address and port number used by the device to communicate with the log server.

  6. (Optional) Run firewall log session log-interval time

    The interval at which NAT logs are exported is configured.

    By default, the device export logs at an interval of 30 seconds.

Translation
简体中文
Download
Updated: 2023-05-18

Document ID: EDOC1100112351

Views: 519966

Downloads: 755

Average rating:
This Document Applies to these Products

Related Version

Related Documents

Digital Signature File

Digital Signature Authentication Mode
Share
Previous Next

Copyright © 2023 Huawei Technologies Co., Ltd. All rights reserved.

You are going to visit :