firewall log packet-discard
Function
The firewall log packet-discard command sets the type of packet discarding logs.
The undo firewall log packet-discard command clears the setting of the type of packet discarding logs.
Format
firewall log packet-discard { session-miss | packet-filter | default-packet-filter | ip-mac | others } [ sample-rate sample-rate ]
undo firewall log packet-discard { session-miss | packet-filter | default-packet-filter | ip-mac | others }
Parameters
| Parameter | Description | Value |
|---|---|---|
session-miss |
Indicates the log on packet discarding when the packet does not match the session table. |
- |
packet-filter |
Indicates the log on packet discarding when the packet is denied by security policy. |
- |
default-packet-filter |
Indicates the log on packet discarding when the packet is denied by the default packet filtering. |
- |
ip-mac |
Indicates the log on packet discarding when the packet is discarded because it fails to match an IP-MAC binding entry. NOTE:
This parameter is supported only in V600R007C20SPC501, and V600R007C20SPC601 and its later versions . |
- |
others |
Indicates the packet discarding log in other types. |
- |
sample-rate sample-rate |
Specifies the sampling ratio for sending packet discarding logs. |
The value is an integer ranging from 1 to 1000000. The default sampling ratio for packet discarding logs is 1000. That is, a packet discarding log is sent for every 1000 packet discarding messages. Packet discarding logs of the session-miss, ip-mac and others types are sent based on the sampling ratio. For packet discarding logs of the packet-filter and default-packet-filter types, when the number of packets discarded per second does not exceed the fixed threshold, a packet discarding log is sent for each discarded packet; when the number of packets discarded per second exceeds the fixed threshold, packet discarding logs are sent based on the sampling ratio. The threshold for the number of packets discarded per second varies according to the model.
|
