The session-log send-to-public command enables the sending of session logs, packet discard logs, and dataflow service logs of a virtual system to the log server in the public system.
| Parameter | Description | Value |
|---|---|---|
all |
Sends common session logs, NATed session logs, packet discard logs and dataflow service logs to the public system. |
- |
nat |
Sends NATed session logs to the public system. |
- |
none |
Indicates that no log is sent to the public system. |
- |
By default, common session logs, NATed session logs, packet discard logs, and dataflow service logs are sent to the log server in the public system.
Application Scenarios
If there are multiple virtual systems, the session logs, packet discard logs, or dataflow service logs of all virtual systems need to be sent to the public system, and each virtual system has a log host, you must plan the interface for each virtual system to communicate with its log host and configure each virtual system to interwork with its log host. This configuration occupies interface resources and increases workload and difficulties. The FW can send session logs, packet discard logs, or dataflow service logs to the log host in the public system, resolving the preceding problems.
If the interface through which the FW communicates with the log host is in the public system, you must run the session-log send-to-public command in each virtual system to allow the log sending from virtual systems to the public system.
Configuration Impact
When the all parameter is specified:
All session logs in the virtual system (including common session logs and NATed session logs) are sent to the log host of the public system. If a log host is specified for the virtual system, the logs are also sent to the log host of the virtual system.
Packet discard logs in the virtual system are sent to the log host of the public system only after the packet discard log function is enabled in the public system. If the packet discard log function is also enabled in the virtual system, the logs are also sent to the log host of the virtual system.
Dataflow service logs in virtual systems will be sent to the log host in the public system if the corresponding service log sending function is enabled in the public system. If the virtual systems have their own log hosts, the logs are also sent to the log hosts.
When the nat parameter is specified:
Only NATed session logs in the virtual system are sent to the log host of the public system. If a log host is specified for the virtual system, common session logs are sent to the log host of the virtual system.
Packet discard logs in the virtual system are not sent to the log host of the public system. If the packet discard log function is enabled in the virtual system, the packet discard logs are sent to the log host of the virtual system.
Follow-up procedure
To enable a virtual system to generate session logs, you must enable session logging in the security policy. Then if traffic matches the security policy, a session log will be generated.
If session logs and packet discard logs need to be sent to the log host of the public system, the corresponding log functions must be enabled in both the public system and virtual system. For example, to enable log sending to the log host of the public system when the virtual system creates sessions, run the firewall log session new-session enable in both the virtual and public system.
To send syslog service logs in virtual systems to the log host in the public system, run the info-center loghost vsys-to-public enable command.