Displaying And Maintaining Session Management - HP VSR1000 Security Configuration Manual

The device supports time-based or traffic-based logging:
• Time-based logging—The device outputs session logs at an interval.
Traffic-based logging—The device outputs a session log when the traffic amount of a session
•
reaches a threshold. After outputting a session log, the device resets the traffic counter for the
session. The traffic-based thresholds can be byte-based and packet-based. If you set both thresholds,
the last configuration takes effect.
If you set both time-based and traffic-based logging, the device outputs a session log when whichever is
reached. After outputting a session log, the device resets the traffic counter and restarts the interval for the
session.
If you enable session logging but specify neither the traffic-based nor the time-based type, the device
outputs a session log when a session entry is created or removed.
To configure session logging:
Step
1. Enter system view.
2. (Optional.) Set a
time-based logging
type.
3. (Optional.) Set a
traffic-based logging
type.
4. Enter interface view.
5. Enable session logging.

Displaying and maintaining session management

Execute display commands in any view and reset commands in user view.
Task
Display the aging time for sessions of
different application layer protocols.
Display the aging time for sessions in
different protocol states.
Display session table entries.
Display session statistics.
Display relation table entries.
Clear IPv4 session table entries.
Command
system-view
session log time-active time-value
•
Set the packet-based threshold:
session log packets-active packets-value
•
Set the byte-based threshold:
session log bytes-active bytes-value
interface interface-type interface-number
session log enable { ipv4 | ipv6 } [ acl
acl-number ] { inbound | outbound }
Command
display session aging-time application
display session aging-time state
display session table { ipv4 | ipv6 } [ source-ip source-ip ]
[ destination-ip destination-ip ] [ verbose ]
display session statistics
display session relation-table { ipv4 | ipv6 }
reset session table ipv4 [ source-ip source-ip ] [ destination-ip
destination-ip ] [ protocol { dccp | icmp | raw-ip | sctp | tcp |
udp | udp-lite } ] [ source-port source-port ] [ destination-port
destination-port ] [ vpn-instance vpn-instance-name ]
305
Remarks
N/A
By default, the device does not
output session logs.
The device does not output
session logs based on the
packet-based or byte-based
threshold.
N/A
By default, session logging is
disabled.