< Home

display firewall log

Function

The display firewall log command displays the configuration and statistics of session logs, packet discard logs, and service logs.

Format

display firewall log { configuration [ vsys vsys-name ] | statistic [ verbose ] [ vsys vsys-name ] [ host host-id [ secondary ] ] }

Parameters

Parameter Description Value

configuration

Displays the configuration of binary logs.

-

statistic

Displays statistics about session logs, packet discard logs, and service logs.

-

verbose

Displays details on statistics about session logs, packet discard logs, and service logs.

-

vsys vsys-name

Specifies the name of a virtual system.

-

host host-id

Specifies the ID of a log host.

The value is an integer ranging from 1 to 16.

secondary

Indicates that the log server belongs to the second log host group.

-

Views

All views

Default Level

1: Monitoring level

Usage Guidelines

None

Example

# Display the configuration of session logs, packet discard logs, and service logs.
<sysname> display firewall log configuration
 Session  log state:   Enable
 Session  log type:  Netflow
 Session  log send-type:  concurrent
 Session  log periodically:  Disable
 Session  log time-interval: 180 (m)
 IM-log:  Disable 
 Url-log:  Disable
 Log send-type:  default
 Log source:  10.10.10.1:1617
 Session aged log:  Enable
 New session established log:  Disable
 Packet-discard log:  Disable
 Packet-discard log record-to-logbuffer: Disable
 Packet-discard packet-filter log:  Disable
 Packet-discard default-packet-filter log:  Disable
 Packet-discard session-miss log:  Disable
 Packet-discard others log:  Disable
 Packet-discard ip-mac log:  Enable  sample-rate:  1
 Session log-type binary version: 8
 Session IPV4 log-type binary content smart-append :  Disable
 Session IPV6 log-type binary content smart-append :  Disable
 Log host  1: 192.168.2.1:9002 heartbeat state: UP 
 Netflow template local timestamp include :  Disable
 Netflow template tlv format :  Disable
 Binary nat-nopat:  Disable
 Heartbeat:  Enable
 Heartbeat interval:  1
 Heartbeat max-time:  3
Table 1 Description of the display firewall log configuration command output

Item

Description

Session log state

Status of session logging function

  • Enable

  • Disable

Session log type

Type of session logs

Session log send-type

Mode for sending session logs

  • default: Concurrent log sending is disabled.

  • concurrent: Concurrent log sending is enabled.

Session log periodically

Status of the function of sending session logs periodically

  • Enable

  • Disable

Session log time-interval

Interval for sending session logs periodically

IM-log

Status of IM logging function

  • Enable

  • Disable

Url-log

Status of URL logging function

  • Enable

  • Disable

The Url-log can be displayed only after the content security package is dynamically loaded. For details about the component package, see Dynamic Loading.

Session log source

Source IP address and port that send logs

Session aged log
Status of session aging log sending, which can be:

  • Enable

  • Disable

New session established log

Status of the function of logging new sessions

  • Enable

  • Disable

Packet-discard log

Status of packet discard logging function

  • Enable

  • Disable

Packet-discard session-miss log

Status of logging function of discarding the packets that do not match the session table

  • Enable

  • Disable

Packet-discard packet-filter log

Status of logging function of discarding the packets that discarded by security policies

  • Enable

  • Disable

Packet-discard default-packet-filter log

Status of logging function of discarding the packets that discarded by default packet filtering

  • Enable

  • Disable

Packet-discard others log

Status of logging function of discarding the packets that discarded by other types

  • Enable

  • Disable

Packet-discard ip-mac log

Status of logging function of discarding the packets because of failure to match IP-MAC binding entries

  • Enable

  • Disable

sample-rate

Sampling ratio for sending packet loss logs

Session log-type binary version
Version of binary session logs
  • 3:V3
  • 8:V8 (Default version)

netflow template local timestamp include
Whether the netflow log template contains the start_sysuptime and end_sysuptime fields, which can be:

  • Enable: The log template contains the fields.

  • Disable: The log template does not contain the fields.

binary nat-nopat
Status of binary NO-PAT session log sending, which can be:

  • Enable

  • Disable

Heartbeat

Status of the function of sending heartbeat packets to a log host

NOTE:

This parameter is displayed only after the firewall log host heartbeat enable command is run to enable the function of sending heartbeat packets to a log host.

Heartbeat interval

Interval for sending heartbeat packets to a log host

NOTE:

This parameter is displayed only after the firewall log host heartbeat tx-internal max-time command is run to set an interval for sending heartbeat packets to a log host and set the maximum number of heartbeat packets sent to the log host before timeout.

Heartbeat max-time

Maximum number of heartbeat packets sent to the log host before timeout
# Display details on statistics about session logs, packet discard logs, and service logs sent by the public system to log host 1 in group 1.
<sysname> display firewall log statistic verbose host 1
 Session log group 1 host 1 :
 Total send packets:                    136
 Total send Items:                      161
   Type Detail:
     Session :                          100
     Discard :                            1
     Policy match:                      100
     Anti-virus:                         60
     URL audit:                          20
 Total drop packets:                      0
 Total drop Items:                        0
 Total send Items during last minute:     0
 Acl 3000 send items:                   100
 Acl 3000 drop items:                    20
 Acl ipv6 3000  send items:               0 
 Acl ipv6 3000  drop items:               0
Table 2 Description of the display firewall log statistic verbose host 1 command output

Item

Description

Session log group 1 host 1

Statistics on session logs sent to the log server with host ID 1 in group 1

Total send packets

Total number of packets sent to the log server

Total send Items

Total number of sessions sent to the log server

Type Detail
Detailed information about various types of logs:
  • Policy Match: number of policy matching logs sent to the log server
  • Mail Filtering: number of email logs sent to the log server
  • URL Audit: number of URL audit logs sent to the log server
  • Content Filtering: number of content filtering logs sent to the log server
  • Attack Defense: number of attack defense logs sent to the log server
  • IPS: number of IPS logs sent to the log server
  • BWT: number of botnet, Trojan horse, and worm logs sent to the log server
  • Anti-Virus: number of antivirus logs sent to the log server
  • URL Filtering: number of URL filtering logs sent to the log server
  • Traffic: number of traffic logs sent to the log server
  • Content Audit: number of content audit logs sent to the log server
  • IM Audit: number of IM audit logs sent to the log server
  • Session: number of session logs sent to the log server
    NOTE:

    When packet discarding logs are in binary format, the number of session logs includes the number of discarded logs.

  • Sandbox Detection: number of sandbox detection logs sent to the log server
  • FTP Audit: number of FTP audit logs sent to the log server
  • Mail Audit: number of mail audit logs sent to the log server
  • Keyword Audit: number of keyword audit logs sent to the log server
  • File Audit: number of file audit logs sent to the log server
  • Discard: number of packet discarding syslogs sent to the log server
NOTE:

If a type of service log is not displayed, it is possible that the service is not configured or generated on the device. The actual service logs displayed are subject to statistics collected by the device.

Total drop packets

Total number of discarded packets sent to the log server

Total drop Items

Total number of sessions sent to the log server with discarded packets

Total send Items during last minute

Total number of sessions sent to the log server in the last minute

Session

Total number of sessions logs sent to the log server

NOTE:

When packet discard logs are in binary format, the number of session logs includes the number of packet discard logs.

Discard

Total number of syslog discard packets sent to the log server

Policy match

Total number of policy matching logs sent to the log server

Anti-virus

Total number of virus logs sent to the log server

URL audit

Total number of URL audit logs sent to the log server

Total drop packets

Total number of discarded packets of session logs, packet discard logs, and service logs sent to the log server

Total drop Items

Total number of sessions of discarded packets of session logs, packet discard logs, and service logs sent to the log server

Total send Items during last minute

Total number of session logs, packet discard logs, and service logs sent to the log server in the last minute

Acl 3000 send items
Total number of sent sessions about ACL3000 reported to the log server
NOTE:

If the function of collecting ACL-based statistics on sent and discarded session logs is configured, the ACL information is displayed. Otherwise, the ACL information is not displayed.

Acl 3000 drop items

Total number of discarded sessions about ACL3000 reported to the log server

Acl ipv6 3000 send items

Total number of sent sessions about IPv6 ACL3000 reported to the log server

Acl ipv6 3000 drop items

Total number of discarded sessions about IPv6 ACL3000 reported to the log server

# Display statistics about session logs, packet discard logs, and service logs in the public system.

<sysname> display firewall log statistic
 Total send packets:                          18
 Total send Items:                           100
 Total drop packets:                           2
 Total drop items:                            20
 Total send items during last minute:          0
 Drop detail:
   Session log group 1 host 1:
     ARP miss packets discarded                  2
 Acl 3000 send items:                           100
 Acl 3000 drop items:                            20
 Acl ipv6 3000  send items:                             0
 Acl ipv6 3000  drop items:                             0
Table 3 Description of the display firewall log statistic command output

Item

Description

Total send packets

Total number of sent packets reported to the log server

Total send items

Total number of sent sessions reported to the log server

Total drop packets

Total number of discarded packets reported to the log server

Total drop items

Total number of discarded sessions reported to the log server

Total send items during last minute

Total number of sent sessions in the last minute reported to the log server

Drop detail

Detailed information about discarded packets

Acl 3000 send items
Total number of sent sessions about ACL3000 reported to the log server
NOTE:

If the function of collecting ACL-based statistics on sent and discarded session logs is configured, the ACL information is displayed. Otherwise, the ACL information is not displayed.

Acl 3000 drop items

Total number of discarded sessions about ACL3000 reported to the log server

Acl ipv6 3000 send items

Total number of sent sessions about IPv6 ACL3000 reported to the log server

Acl ipv6 3000 drop items

Total number of discarded sessions about IPv6 ACL3000 reported to the log server
Parent Topic: Log Configuration Commands
Copyright © Huawei Technologies Co., Ltd.
Copyright © Huawei Technologies Co., Ltd.
< Previous topic Next topic >