blacklist global enable
blacklist ip
blacklist logging enable
Use blacklist logging enable to enable logging for the blacklist feature.
Use undo blacklist logging enable to disable logging for the blacklist feature.
Syntax
blacklist logging enable
undo blacklist logging enable
Default
Logging is disabled for the blacklist feature.
Views
System view
Predefined user roles
network-admin
Usage guidelines
With logging enabled for the blacklist feature, the system outputs logs in the following situations:
•
A blacklist entry is manually added.
•
A blacklist entry is dynamically added by the scanning attack detection feature.
•
A blacklist entry is manually deleted.
•
A blacklist entry ages out.
A blacklist log records the following information:
•
Source IP address of the blacklist entry.
•
Remote IP address of the DS-Lite tunnel.
•
VPN instance name.
•
Reason for adding or deleting the blacklist entry.
•
Aging time for the blacklist entry.
Examples
# Enable logging for the blacklist feature.
<Sysname> system-view
[Sysname] blacklist logging enable
# Add 192.168.1.2 to the blacklist. A log is output for the adding event.
[Sysname] blacklist ip 192.168.100.12
%Mar 13 03:47:49:736 2013 Sysname BLS/5/BLS_ENTRY_ADD:SrcIPAddr(1003)=192.168.100.12;
DSLiteTunnelPeer(1040)=--; RcvVPNInstance(1041)=--; TTL(1051)=;
Reason(1052)=Configuration.
# Delete 192.168.1.2 from the blacklist. A log is output for the deletion event.
[Sysname] undo blacklist ip 192.168.100.12
%Mar 13 03:49:52:737 2013 Sysname BLS/5/BLS_ENTRY_DEL:SrcIPAddr(1003)=192.168.100.12;
DSLiteTunnelPeer(1040)=--; RcvVPNInstance(1041)=--; Reason(1052)=Configuration.
983