< Home

expression

Function

The expression command sets fields in a session log in syslog format and their sequence.

The undo expression command restores the default fields in a session log in syslog format and their default sequence.

Format

expression { ip-version | protocol | source-ip | destination-ip | source-port | destination-port | source-nat-ip | source-nat-port | destination-nat-ip | destination-nat-port | begin-time | end-time | send-packets | send-bytes | receive-packets | receive-bytes | source-vpn-id | destination-vpn-id | security-policy | user | user-group | source-zone | destination-zone | vsys | close-reason | application } *

undo expression

Parameters

Parameter Description Value
ip-version

Indicates the IP version of a session.

-
protocol

Indicates the protocol type of a session.

-
source-ip

Indicates the source IP address of a session.

-
destination-ip

Indicates the destination IP address of a session.

-
source-port

Indicates the source port of a session.

-
destination-port

Indicates the destination port of a session.

-
source-nat-ip

Indicates the source NAT IP address of a session.

-
source-nat-port

Indicates the source NAT port of a session.

-
destination-nat-ip

Indicates the destination NAT IP address of a session.

-
destination-nat-port

Indicates the destination NAT port of a session.

-
begin-time

Indicates the start time of a session.

-
end-time

Indicates the end time of a session.

-
send-packets

Indicates the number of sent packets during the session.

-
send-bytes

Indicates the number of sent bytes during the session.

-
receive-packets

Indicates the number of received packets during the session.

-
receive-bytes

Indicates the number of received bytes during the session.

-
source-vpn-id

Indicates the source VPN ID of a session.

-
destination-vpn-id

Indicates the destination VPN ID of a session.

-
security-policy

Indicates the name of the policy that a session matches.

NOTE:
Only the logs on session aging in the syslog format supports this parameter.

-
user

Indicates the user to which the session belongs.

-
user-group

Indicates the user group to which the session belongs.

-
source-zone

Indicates the source security zone of the session.

-
destination-zone

Indicates the destination security zone of the session.

-
vsys

Indicates the virtual system to which the session belongs.

-
close-reason

Session termination cause

-
application

Indicates the application name (configured in a security policy) that the session matches.

-

Views

Template view

Default Level

2: Configuration level

Usage Guidelines

By default, all fields of a session log in syslog format are sent and their sequence is fixed. You can use the expression command to set fields in a session log in syslog format and their sequence.

Example

# Set fields in a session log in syslog format and their sequence.

<sysname> system-view
[sysname] session-log template test type syslog 
[sysname-test] expression ip-version protocol source-ip source-port source-nat-ip source-nat-port source-vpn-id
Parent Topic: Log Configuration Commands
Copyright © Huawei Technologies Co., Ltd.
Copyright © Huawei Technologies Co., Ltd.
< Previous topic Next topic >