Recording Logs
Logs record information such as the service running status, traffic distribution, and application distribution on the network. They are the basis of network visibility and facilitate fault locating, source tracing, and policy optimization. Table 4-2 lists the logs that are closely related to security policies.
Log Type |
Configuration Suggestion |
Configuration Method |
|---|---|---|
Traffic logs Traffic logs record information about traffic that arrives at or passes through the firewall. You can learn about all traffic information related to a specified security policy from traffic logs. The traffic reports generated based on traffic logs provide traffic trends and top rankings in terms of source addresses, applications, users, and security policies. Traffic logs and reports help analyze network traffic composition for further security policy adjustment. |
You can configure the traffic logging function on the firewall for a specified security policy or for all security policies. By default, this function is disabled. You are advised to enable the traffic log function for a specified security policy. |
Web UI: On the security policy editing page, set Record Traffic Logs to Enable. CLI: Run the traffic logging enable command in the security policy rule view. To record traffic logs for the default security policy, run the default traffic logging enable command. |
Session logs Session logs record all network activities on the firewall, including the access permitted and denied by security policies. Such logs are mainly used for fault locating and source tracing. Session logs must be exported to the log server for display. |
Session logs are classified into session aging logs, session creation logs, and periodic session logs. By default, the firewall only records session aging logs, which are generated at the end of a session and contain detailed session information. Such logs facilitate fault diagnosis. |
Web UI: On the security policy editing page, set Record Session Logs to Enable. CLI: Run the session logging command in the security policy rule view. |
Policy matching log Policy matching logs record security policy matching information. You can learn about the traffic that matches the specified security policy based on the logs to evaluate the validity of this security policy. |
The firewall provides the global and security policy-specific policy matching log functions. By default, the firewall records policy matching logs for all security policies. You are advised to enable the policy matching log function for a specified security policy. |
Web UI: On the security policy editing page, set Record Policy Matching Logs to Enable. CLI: Run the policy logging command in the security policy rule view. |
Ensure that the retention period of logs meets management requirements and comply with local laws and regulations. You are advised to configure the firewall to forward logs to the eLog or other professional log management systems for centralized storage.