Configuring session logging
Session logs provide information about user access, IP address translation, and network traffic for security auditing. These logs are sent to the log server or the information center.
The device supports time-based or traffic-based logging:
Time-based logging—The device outputs session logs regularly.
Traffic-based logging—The device outputs a session log when the traffic amount of a session reaches a threshold. After outputting a session log, the device resets the traffic counter for the session. The traffic-based thresholds can be byte-based and packet-based. If you set both thresholds, the last configuration takes effect.
If you set both time-based and traffic-based logging, the device outputs a session log when whichever is reached. After outputting a session log, the device resets the traffic counter and restarts the interval for the session.
If you enable session logging but do not enable logging for session creation or deletion, the device does not output a session log when a session entry is created or removed..
To configure session logging:
Step | Command | Remarks |
|---|---|---|
1. Enter system view. | system-view | N/A |
2. (Optional.) Set a time-based logging type. | session log time-active time-value | By default, the device does not output session logs. |
3. (Optional.) Set a traffic-based logging type. |
| The device does not output session logs based on the packet-based or byte-based threshold. |
4. (Optional.) Enable logging for session creation. | session log flow-begin | By default, logging for session creation is disabled. |
5. (Optional.) Enable logging for session deletion. | session log flow-end | By default, logging for session deletion is disabled. |
6. Enter interface view. | interface interface-type interface-number | N/A |
7. Enable session logging. | session log enable { ipv4 | ipv6 } [ acl acl-number ] { inbound | outbound } | By default, session logging is disabled. |
![[NOTE: ]](images/note.png) | NOTE: To configure session logging, you must use a minimum of one command from the following commands: session log time-active. session log packets-active. session log bytes-active. session log flow-begin. session log flow-end. | |