The template id command sets fields in netflow session logs and determines the sequence of the fields.
The undo template id command cancels the setting of fields in netflow session logs and the sequence of the fields.
template id id-name ipv4 content { source-ip | source-nat-ip | source-port | source-nat-port | destination-ip | destination-nat-ip | destination-port | destination-nat-port | protocol | direction | event | originate | egress-vrf | ingress-vrf | start-time | end-time | out-packets [ length { 4 | 8 } ] | out-bytes [ length { 4 | 8 } ] | in-packets [ length { 4 | 8 } ] in-bytes [ length { 4 | 8 } ] | start-sysuptime | end-sysuptime } *
template id id-name ipv6 content { source-ip | source-nat-ip | source-port | source-nat-port | destination-ip | destination-nat-ip | destination-port | destination-nat-port | protocol | direction | event | originate | egress-vrf | ingress-vrf | source-ip6 | source-nat-ip6 | destination-ip6 | destination-nat-ip6 | start-time | end-time | out-packets [ length { 4 | 8 } ] | out-bytes [ length { 4 | 8 } ] | in-packets [ length { 4 | 8 } ] in-bytes [ length { 4 | 8 } ] | start-sysuptime | end-sysuptime } *
undo template id id-name
| Parameter | Description | Value |
|---|---|---|
| id id-name | Specifies a template ID. The IPv4 and IPv6 IDs in the same template cannot be the same, and the IPv4 and IPv6 IDs in different templates can be the same. |
The value is an integer ranging from 256 to 65535. |
| ipv4 | Indicates IPv4 sessions. |
- |
| ipv6 | Indicates IPv6 sessions. |
- |
| content | Indicates log content. |
- |
| source-ip | Indicates the source IP address of a session. |
- |
| source-nat-ip | Indicates the Source NAT IP address of a session. |
- |
| source-port | Indicates the source port of a session. |
- |
| source-nat-port | Indicates the Source NAT port of a session. |
- |
| destination-ip | Indicates the destination IP address of a session. |
- |
| destination-nat-ip | Indicates the Destination NAT IP address of a session. |
- |
| destination-port | Indicates the destination port of a session. |
- |
| destination-nat-port | Indicates the Destination NAT port of a session. |
- |
| protocol | Indicates the protocol of a session. |
- |
| direction | Indicates the direction of a session. |
- |
| event | Indicates the event type of a session. |
- |
| originate | Indicates the origin of a session. |
- |
| egress-vrf | Indicates the destination VPN of a session. |
- |
| ingress-vrf | Indicates the source VPN of a session. |
- |
| begin-time | Indicates the start time of a session. |
- |
| end-time | Indicates the end time of a session. |
- |
| out-packets | Indicates the number of packets sent based on the session. |
- |
| out-bytes | Indicates the number of bytes sent based on the session. |
- |
| in-packets | Indicates the number of packets received based on the session. |
- |
| in-bytes | Indicates the number of bytes received based on the session. |
- |
| length { 4 | 8 } | Indicates the field length. |
The value is determined based on negotiation with the third-party log server. |
| start-sysuptime | Indicates the start time compared with the device startup time. |
- |
| end-sysuptime | Indicates the end time compared with the device startup time. |
- |
| source-ip6 | Indicates the source IPv6 address of a session. |
- |
| source-nat-ip6 | Indicates the Source NAT IPv6 address of a session. |
- |
| destination-ip6 | Indicates the destination IPv6 address of a session. |
- |
| destination-nat-ip6 | Indicates the Destination NAT IPv6 address of a session. |
- |
This command is executed in the netflow session log template view. Before running this command, run the session-log template template-name type netflow command to create a template and enter the netflow session log template view.
Application ScenariosBy default, netflow session logs contain all log fields and the field sequence is fixed. You can run this command to customize the template ID and content of netflow IPv4 or IPv6 session logs based on the log format requirements of the third-party log server. The FW sends netflow session logs to the third-party log server based on the customized log content.
Follow-Up ConfigurationRun the firewall log session log-type netflow template template-name command to reference the created template. Then, the FW sends logs to the third-party log server based on the log content configured in the template.
PrecautionsThe customized netflow session log content can be parsed only by the third-party log server.