Configuring the Enhanced Session Log Function
Viewing Key Information About Policy Matching and Traffic Logs Through Session Logs
The FW supports the function of intelligently adding fields such as virtual system name and security policy name to binary session aging logs. You can configure this function to obtain traffic logs and policy matching logs from binary session aging logs. You do not need to view traffic logs and policy matching logs separately. This helps you quickly view key log information.
After you enable this function, traffic logs and policy matching logs in dataflow format are not sent to the log server. Instead, only binary session logs are sent to the log server.
You can view these logs only on a log server that can parse this intelligent format.
- Access the system view.
system-view
- Enable the function of sending session creation logs.
firewall log session aging enable
The function of sending session creation logs is enabled by default.
- Optional: Enable the function of intelligently adding such fields as the virtual system name and security policy name to binary session aging logs to facilitate the comprehensive display of key log information.
firewall log session log-type binary content smart-append[ ipv4 | ipv6 ] Enable the function of intelligently adding fields such as virtual system names and security policy names to binary session aging logs.
By default, the virtual system name and security policy name are not automatically added to binary session aging logs. That is, binary session aging logs are in the default format.
This section describes only the commands that are closely related to this function. To implement this function, you need also to configure the log output format and log host, and enable the function of recording session logs in the security policy, in addition to executing the preceding commands. For details, see Configuring Session Logs.
Viewing Key Information About Packet Discard Logs in Session Logs
The FW supports the display of key information about packet discard logs in binary format through binary session logs. When traffic matches the deny action in the security policy and the session log function is enabled in the security policy, the recorded binary session logs contain the packet discard information, such as the packet discard cause.
- Run the system-view command to access the system view.
- Run the security-policy command to access the security policy view.
- Run the rule name rule-name command to access the rule view.
- Define the match conditions of the security policy.
The configuration details are omitted.
- Run the action deny command to set the action of the security policy rule to deny.
- Run the session logging command to enable the session log function.
This section describes only the commands that are closely related to this function. To implement this function, you need also to configure the log output format and log host, in addition to executing the preceding commands. For details, see Configuring Session Logs.
Binary packet discard logs contain only logs about packets discarded by security policies but not about packets discarded due to failure to match sessions or other reasons. To view logs about these packets, run the firewall log packet-discard enable, firewall log packet-discard session-miss, firewall log packet-discard ip-mac, or firewall log packet-discard others command. For details, see CLI: Example for Outputting Packet Loss Logs to a Third-Party Log Host.