firewall log im enable

Function

The firewall log im enable command enables the FW to log the online and offline activities of instant messaging (IM) users.

The undo firewall log im enable command disables the FW from logging the online and offline activities of IM users.

Format

firewall log im enable

undo firewall log im enable

Parameters

None

Views

System view

Default Level

2: Configuration level

Usage Guidelines

The function is disabled by default.

Usage Scenario

After you enable this function and IM users, such as QQ users, get online or offline, the system generates logs. IM user login and logout logs can be output in both the binary and syslog formats. The default format is binary. Usingfirewall log session log-typecommond can be output in syslog formats.

Prerequisites

Before using this function, IM logs must be generated. To generate IM logs, the following conditions must be met:

A security policy is configured, the session logging command is run to log sessions that match the security policy, and there is traffic matching the security policy.
Because the device records IM logs only when the application type of traffic is QQ or WeChat, traffic needs to be sent to the IAE for application identification. When one of the following conditions is met, traffic is sent to the IAE for application identification:
- The content security profile to be referenced by an application or the security policy is set in the security policy rule.
- The sa force-detection enable command is run to configure the application identification mode to full Identification.

Precautions

This command takes effect only on IM software (QQ and WeChat) versions in service awareness signature database.

You are advised to enable IM logs for the purpose and in the scope permitted by the applicable laws, and you need to take necessary measures to secure users' account information.

Example

# Enable the FW to log the online and offline activities of IM users.

<sysname> system-view
[sysname] firewall log im enable