Configuring the Service Flow Information Recording Function

Context

You can enable the function of recording information such as 5-tuples, discard cause, session creation, and forcible aging for TCP or SCTP packets as well as session creation and forcible aging information in the service flows that match ACLs.

V600R007C20SPC500 and later versions support the function of recording service flow information.

After you enable this function, ACL match shall be performed for connection establishment and termination packets, affecting the performance. The degree to which the performance is affected increases with the number of referenced ACL rules. Do not enable this function when the number of referenced ACL rules exceeds 10 or the CPU usage exceeds 70%.

Procedure

Access the system view.
```
system-view
```
Run the firewall monitor session acl acl-number command to enable the function of recording IPv4 ACL-matching service flow information.
Run the firewall monitor session ipv6 acl acl-number command to enable the function of recording IPv6 ACL-matching service flow information.

Follow-up Procedure

Run the display firewall monitor session [ ipv6 | all ] command to check ACL-matching service flow monitoring records.
After you run the reset firewall monitor session [ ipv6 | all ] command, the latest record information about the ACL service flow status in the reset firewall monitor session [ ipv6 | all ] command output is cleared. The records are automatically dumped to the log file.
- The IPv4 log file of the FW is stored in the hda1:/monlog/sess_mon.log directory. To view the detailed information, run the display logfile hda1:/monlog/sess_mon.log command.
- The IPv6 log file of the FW is stored in the hda1:/monlog/sess_mon_ipv6.log. To view the detailed information, run the display logfile hda1:/monlog/sess_mon_ipv6.log command.