firewall log host

Function

The firewall log host command configures log hosts of session logs or service logs in Dataflow format.

The undo firewall log host command cancels the above configuration.

Format

firewall log host host-id ip-address port [ vpn-instance vpn-instance-name ] [ secondary ] [ track ip-link link-name ]

undo firewall log host host-id [ secondary ]

Parameters

Parameter	Description	Value
host-id	Specifies the ID of the log host.	It is an integer that ranges from 1 to 16.
ip-address	Specifies the IP address of the flow log host. NOTE: The IP address of a log host can be an IPv6 address, which takes effect only when the device connects to a third-party log host.	IPv4 address: The value is in dotted decimal notation. IPv6 address: The value is a 32-bit hexadecimal number, in the format of X:X:X:X:X:X:X:X.
port	Specifies the port number of the flow log host.	It is an integer that ranges from 1 to 65535. In a scenario where the log host is the eLog log server: If session logs are in binary format, it is recommended that you set the port value to 9002. This port needs to be consistent with the port configured on the eLog, and the actual configuration shall prevail. If session logs are in syslog format, it is recommended that you set the port value to 514. This port needs to be consistent with the port configured on the eLog, and the actual configuration shall prevail. If the logs are in Netflow format, it is recommended that you set the port value to 9996. This port needs to be consistent with the port configured on the eLog, and the actual configuration shall prevail. If service logs are in Dataflow format, you cannot set the port value to 9903. The log hosts of service logs in Dataflow format and session logs are configured with the firewall log host host-id ip-address port command. When service logs are outputted in Dataflow format, the FW uses port 9903 to send logs by default, regardless of the port configured in the log host. To satisfy the needs of sending both service logs in Dataflow format and session logs, you are advised to set the port of the log host to be the same as that of the session log in a specified format. For example, to send session logs in binary format and service logs in Dataflow format, you are advised to set the port to 9002.
vpn-instance-name	Specifies the name of the VPN instance to which the log host belongs. The VPN instance here indicates one configured with the ip vpn-instance vpn-instance-name command for route isolation. In a virtual system scenario, this command does not allow binding a VPN instance with the same name as the virtual system.	It is a string of 1 to 31 case insensitive characters, starting with a letter from a to z or A to Z.
secondary	Indicates that the log host belongs to the secondary log host group.	-
ip-link link-name	Specifies the IP-Link name.	It is a string of 1 to 31 characters.

Views

System view

Default Level

2: Configuration level

Usage Guidelines

You can configure two groups of log hosts on the FW. Each group contains a maximum of 16 log hosts. These two groups can back up each other.

If multiple log hosts are configured, the FW repeatedly sends binary logs to log hosts in turn according to the IDs of the log hosts. If two groups of log hosts are configured, the FW sends logs to the two groups circularly. Specifically, each log is sent to a log host in each of the two groups. The two log hosts to implement backup.

When configuring a log host, you can specify the track ip-link link-name parameter to bind an IPv4 or IPv6 IP-link to detect the link status using the IP-link function. If the IP link is Up, the FW sends logs to the log host. If the IP link is Down, the FW does not send logs to the log host.

Example

# Configure the log host.

<sysname> system-view
[sysname] firewall log host 1 10.10.10.1 9002
[sysname] firewall log host 2 10.10.10.2 9002