The firewall log host heartbeat enable command enables the FW to send heartbeat detection packets to a log host.
The undo firewall log host heartbeat enable command disables the FW from sending heartbeat detection packets to a log host.
By default, the function of sending heartbeat detection packets to a log host is disabled.
Application scenario
When the FW sends logs to the eLog log host, users cannot perceive the collector status of the eLog log host. If the eLog collector status is abnormal, a large number of logs will be discarded. The FW can be enabled to periodically send heartbeat detection packets to a log host through heartbeat port (UDP port 32202) to monitor the collector status of the log host. When detecting that the log host does not respond for several consecutive times, the FW perceives that the connected log host is unavailable. Then it immediately stops sending logs to the log host and continues to send logs to this log host again after heartbeat recovers, enhancing log sending reliability. By default, the FW sends heartbeat detection packets to the log host every one second and stops sending logs to this log host after failing to receive any heartbeat response packets from it for three consecutive times. You can run the firewall log host heartbeat tx-internal command to set the interval for sending heartbeat detection packets and the number of times that the log host does not respond to heartbeat detection packets.
Precautions
The function of sending heartbeat detection packets to a log host is supported in a virtual system scenario.
The FW can be enabled to send heartbeat detection packets to the eLog log host but not to a third-party log host.
This function is supported only when the FW directly sends logs to the eLog log host but not when it sends logs to the log host through the information center.