< Home

Outputting Logs to a Log Host

If you want to view logs generated on the FW on the log host, you can configure the FW to output logs to the log host.

Context

The FW can output logs to a maximum of eight log hosts. The log hosts back up each other.

Procedure

  1. Access the system view. 

    system-view

  2. Add log information to the information channel. 

    info-center source { module-name | default } channel { channel-number | channel-name } log { state { off | on } | level severity } *

  3. Configure the channel through which logs are output to the log host.

    The FW can output service logs to a log host in either dataflow or syslog format. If service logs are output in dataflow format, use the configured log host to output service logs. When the eLog host is used to receive logs, the configured port must be the same as the port used by the eLog host to receive logs. Currently, the eLog host uses port 514 to receive non-encrypted service logs and certificate-encrypted service logs, and therefore the port number must be set to 514.

    • On an IPv4 network, configure the channel for outputting logs to a log host and specify the port number of the log host.

      info-center loghost ip-address [ channel { channel-number | channel-name } | facility local-number | language language-name | { vpn-instance vpn-instance-name | public-net } | port ] *

      By default, logs are not output to the log host.

      Before information is sent to a log host over a UDP connection by default, run the info-center loghost ip-address transport tcp ssl-policy policy-name command to change the log transfer mode to TCP SSL encryption.

    • On an IPv6 network, configure the channel for outputting logs to a log host and specify the port number of the log host.

      info-center loghost ipv6 ipv6-address [ channel { channel-number | channel-name } | facility local-number | language language-name | port ] *

      By default, logs are not output to the log host.

      Before information is sent to a log host over a UDP connection by default, run the info-center loghost ipv6 ipv6-address transport tcp ssl-policy policy-name command to change the log transfer mode to TCP SSL encryption.

    • For a log host with a domain name specified, configure the channel for outputting logs to a log host and specify the port number of the log host.

      info-center loghost domain domain-name [ channel { channel-number | channel-name } | facility local-number | language language-name | log-counter { disable | enable } | local-time | port ] *

      By default, logs are not output to the log host.

      Before information is sent to a log host over a UDP connection by default, run the info-center loghost domain domain-name transport tcp ssl-policy policy-name command to change the log transfer mode to TCP SSL encryption.

  4. Optional: Set the source interface. 

    info-center loghost source { interface-type interface-number | ip-address }

    This interface is recognized by the log host as the log sending interface.

  5. Optional: Configure a CA certificate for the log host. 

    log ca-certificate cert-filename

    The FW can output encrypted service logs to the log host in syslog format. Therefore, you need to configure a CA certificate for the log host on the FW.

  6. Optional: Switch the encoding style of syslogs output by the FW to UTF-8.

    The default encoding style of output syslogs is GBK. If the encoding style of the log host is UTF-8, switch the encoding style of syslogs output by the FW to UTF-8.

    firewall log charset utf-8

Parent Topic: Sending System Logs to the Log Host Through the Information Center
Copyright © Huawei Technologies Co., Ltd.
Copyright © Huawei Technologies Co., Ltd.
< Previous topic