Configuring Flow Log - H3C SR6600-X Configuration Manual

Configuring flow log

Flow log records users' access to external networks based on flows. Each flow is identified by a 5-tuple
of the source IP address, destination IP address, source port, destination port, and protocol number.
Flow log creates entries based on NAT sessions. You can export these entries to the information center or
log hosts.
Flow log has two versions: version 1.0 and version 3.0. Compared to version 1.0, version 3.0 of flow log
provides flow statistics.
Table 25 Flow log 1.0 fields
Field
SrcIP
DestIP
SrcPort
DestPort
StartTime
EndTime
Protocol
Operator
Reserved
Table 26 Flow log 3.0 fields
Field
Protocol
Table 25 and Table 26
Description
Source IP address before NAT.
Destination IP address before NAT.
Source TCP/UDP port number before NAT.
Destination TCP/UDP port number before NAT.
Start time of the flow, in seconds.
End time of the flow, in seconds.
This field is 0 if the Operator field is 6 (regular connectivity check record for the active
flow).
Protocol number.
Reasons why a flow log entry was generated:
•
0—Reserved.
•
1—Flow was ended normally.
•
2—Flow was aged out because of aging timer expiration.
•
3—Flow was aged out because of configuration change or manual deletion.
•
4—Flow was aged out because of insufficient resources.
•
5—Reserved.
•
6—Regular connectivity check record for the active flow.
•
7—Flow was deleted because a new flow was created when the flow table was full.
•
8—Flow was created.
•
FE—Other reasons.
•
10-FE-1—Reserved for future use.
Reserved for future use.
Description
Protocol number.
show the fields available in the versions.
259