Setting The Log Parameters - Huawei AR1200-S Configuration Manual

Huawei AR1200-S Series Enterprise Routers
Configuration Guide - Security
By default, the log function is disabled on a firewall.
Step 3 Run:
firewall log session nat enable
The NAT session log is enabled.
Before running the firewall log session nat enable command, you must run the firewall log
session enable command.
By default, the NAT session log is disabled.
----End

3.12.3 Setting the Log Parameters

The log parameters include the session log host, conditions for recording session logs, and
interval for exporting logs.
Context
The session logs are exported to a log host in real time; therefore, you need to configure the log
host first. To configure the log host, you need to configure the IP address and port number of
the log host and the IP address and port number that the AR1200-S uses to communicate with
the log host.
An ACL is referenced in the interzone view to determine the sessions to be recorded in the logs.
The ACLs can be configured for incoming and outgoing traffic.
Procedure
Step 1 Run:
system-view
The system view is displayed.
Step 2 Run:
firewall log binary-log host host-ip-address host-port source source-ip-address
source-port [ vpn-instance vpn-instance-name ]
The session log host is configured.
By default, no session log host is configured.
Step 3 (Optional) Run:
firewall log { blacklist | defend | session | statistics } log-interval time
The interval for exporting logs is set.
By default, logs are exported every 30 seconds.
Step 4 Run:
firewall interzone zone-name1 zone-name2
The interzone view is displayed.
Step 5 Run:
session-log acl-number { inbound | outbound }
The conditions for recording session logs are configured.
Issue 02 (2012-03-30) Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
3 Firewall Configuration
78