Configuring the Log Function for Security Policies

This section describes how to enable or disable the function of recording logs when security policy rules are matched.

Configuration on the Web UI

Choose Policy > Security Policy > Security Policy.
Click Add Security Policy or enter the view of an existing security policy rule.
Configure the function for recording logs when security policy rules are matched.

For the default security policy, click default in the security policy list. On the default security policy configuration page, you can configure the log function.
- Enable the function of recording traffic logs.
  Under Record Traffic Logs:
  - If you select Enable, traffic logging is enabled for traffic that matches the security policy.
  - If you select Disable, traffic logging is disabled for traffic that matches the security policy.
  - If you select NONE, the traffic logging function in the security policy is invalid. You can run the log type traffic enable command to specify whether to log the traffic that matches the security policy.
- Enable the function of recording policy matching logs.
  
  Select Enable under Record Policy Matching Log. The device records policy matching logs.
- Enable the function of recording session logs.
  
  Select Enable under Record Session Log. The device records session logs after security policy rules are matched.
Click OK.

Configuration on the CLI

Access the security policy view from the system view.
security-policy
Create a security policy rule and access the security policy rule view.
rule name rule-name
Configure the function for recording logs when security policy rules are matched.
- Enable the function of recording traffic logs.
  For non-default security policies:
  - Run the traffic logging enable command to enable the function of recording traffic logs when security policy rules are matched.
  - Run the traffic logging disable command to disable the function of recording traffic logs when security policy rules are matched.
  For the default security policy:
  - Run the default traffic logging enable command to enable the function of recording traffic logs when the default security policy is matched.
  - Run the default traffic logging disable command to disable the function of recording traffic logs when the default security policy is matched.
- Enable the function of recording policy matching logs.
  - For non-default security policies:
    
    policy logging
  - For the default security policy:
    
    default policy logging
  For policy matching logs in syslog format, you can run the policy syslog rate-limit command in the security policy view to configure a specific limiting rate.
  
  For policy matching logs in dataflow format, the device limits the rate based on the default specifications.
- Enable the function of recording session logs.
  - For non-default security policies:
    
    session logging
  - For the default security policy:
    
    default session logging

Configuration Example

<sysname> system-view
[sysname] security-policy
[sysname-policy-security] rule name policy_sec_marketing
[sysname-policy-security-rule-policy_sec_marketing] action deny
[sysname-policy-security-rule-policy_sec_marketing] traffic logging enable
[sysname-policy-security-rule-policy_sec_marketing] policy logging
[sysname-policy-security-rule-policy_sec_marketing] session logging