< Home

dataflow cache-send time

Function

The dataflow cache-send time command enables the scheduled log sending function and sets the sending period.

The undo dataflow cache-send time command restores the real-time log sending function.

Format

dataflow cache-send time from start-time to end-time

undo dataflow cache-send time

Parameters

Parameter Description Value

start-time

Specifies the start time for scheduled log sending.

The value is in HH: MM format. The value ranges from 00:00 to 23:59.

end-time

Specifies the end time for scheduled log sending.

The value is in HH: MM format. The value ranges from 00:00 to 23:59.

Views

System view

Default Level

2: Configuration level

Usage Guidelines

By default, scheduled log sending is disabled.

Application Scenarios

There are many dataflow traffic logs, binary session logs, and dataflow URL audit logs. Sending such logs to a log server greatly consumes link bandwidth resources and affects services. To resolve this problem, you can configure the scheduled log sending function, so that the FW caches logs locally during service peak hours and sends them to the log server when service traffic is light.

The following types of logs can be cached locally: dataflow traffic logs, binary session logs, and dataflow URL audit logs. When the specified sending period starts, the FW begins to send the logs to the log server. After the scheduled log sending function is enabled, for the first time, the logs generated in the last 24 hours are sent; for a subsequent time, the logs generated since the previous sending period ends are sent. Upon a scheduled log sending success, the system generates the NLOG/6/NLGSOK log. If scheduled log sending fails, the system generates the NLOG/4/NLGSFAL logs.

Configuration Impact
  • After scheduled log sending is enabled, the FW sends dataflow traffic logs, binary session logs, and dataflow URL audit logs with the specified period and will not send other dataflow logs. If the function of intelligently adding such fields as the virtual system name and security policy name to binary session aging logs is enabled using the firewall log session log-type binary content smart-append, traffic logs and policy matching logs in the dataflow format will not be sent to the log server, and only binary session logs are sent to the log server.
  • If the network is interrupted during the sending period (for example, the sending period is from 18:00 to 23:00, but the network is interrupted at 22:00), the dataflow traffic logs, binary session logs, and dataflow URL audit logs will not be sent after 22:00.
  • If the FW generates a lot of dataflow traffic logs, binary session logs, and dataflow URL audit logs, a longer sending period is preferred.
  • The log server is busy processing services from 00:00 to 03:00. Therefore, the sending rate in this period is reduced by half.
  • For example, if the periodical log upload time is set to 17:00-22:00, logs uploaded are those generated after 17:00 of the last day. If the upload of logs generated between 17:00 and 18:00 of the last day is not complete at 18:00 of the current day, logs that have not been uploaded are discarded, and the FW continues to upload logs generated between 18:00 and 19:00.

Restrictions

This function is supported only when the USG6510E/6510E-POE/6530E SD card is in use.

Example

# Set the FW to send cached logs from 18:00 to 23:00.

<sysname> system-view
[sysname] dataflow cache-send time from 18:00 to 23:00
Parent Topic: Log Configuration Commands
Copyright © Huawei Technologies Co., Ltd.
Copyright © Huawei Technologies Co., Ltd.
< Previous topic Next topic >