17-Network Management and Monitoring Command Reference

HomeSupportResource CenterTechnical DocumentsReference GuidesCommand ReferencesH3C MSR810[830][2600][3600] Routers Command Reference(V7)-R0821-6W50017-Network Management and Monitoring Command Reference
19-Flow log commands
Title Size Download
19-Flow log commands 86.91 KB

Flow log commands

The following compatibility matrixes show the support of hardware platforms for flow log:

 

Hardware

Flow log compatibility

MSR810, MSR810-W, MSR810-W-DB, MSR810-LM, MSR810-W-LM, MSR810-10-PoE, MSR810-LM-HK, MSR810-W-LM-HK, MSR810-LM-CNDE-SJK, MSR810-CNDE-SJK

Yes

MSR810-LMS, MSR810-LUS

No

MSR810-LMS-EA, MSR810-LME

Yes

MSR2600-6-X1, MSR2600-10-X1

Yes

MSR 2630

Yes

MSR3600-28, MSR3600-51

Yes

MSR3600-28-SI, MSR3600-51-SI

No

MSR3600-28-X1, MSR3600-28-X1-DP, MSR3600-51-X1, MSR3600-51-X1-DP

Yes

MSR3610-I-DP, MSR3610-IE-DP, MSR3610-IE-ES, MSR3610-IE-EAD, MSR3610-I-IG, MSR3610-IE-IG

Yes

MSR3610-X1, MSR3610-X1-DP, MSR3610-X1-DC, MSR3610-X1-DP-DC

Yes

MSR 3610, MSR 3620, MSR 3620-DP, MSR 3640, MSR 3660

Yes

MSR3610-G, MSR3620-G

Yes

Hardware

Flow log compatibility

MSR810-W-WiNe, MSR810-LM-WiNet

Yes

MSR830-4LM-WiNet

Yes

MSR830-5BEI-WiNet, MSR830-6EI-WiNet, MSR830-10BEI-WiNet

Yes

MSR830-6BHI-WiNet, MSR830-10BHI-WiNet

Yes

MSR2600-6-WiNet, MSR2600-10-X1-WiNet

Yes

MSR2630-WiNet

Yes

MSR3600-28-WiNet

Yes

MSR3610-X1-WiNet

Yes

MSR3610-WiNet, MSR3620-10-WiNet, MSR3620-DP-WiNet, MSR3620-WiNet, MSR3660-WiNet

Yes

Hardware

Flow log compatibility

MSR2630-XS

Yes

MSR3600-28-XS

Yes

MSR3610-XS

Yes

MSR3620-XS

Yes

MSR3610-I-XS

Yes

MSR3610-IE-XS

Yes

Hardware

Flow log compatibility

MSR810-LM-GL

Yes

MSR810-W-LM-GL

Yes

MSR830-6EI-GL

Yes

MSR830-10EI-GL

Yes

MSR830-6HI-GL

Yes

MSR830-10HI-GL

Yes

MSR2600-6-X1-GL

Yes

MSR3600-28-SI-GL

No

display userlog export

Use display userlog export to display flow log configuration and statistics.

Syntax

display userlog export

Views

Any view

Predefined user roles

network-admin

network-operator

Examples

# Display flow log configuration and statistics.

<Sysname> display userlog export

Flow:

  Export flow log as UDP Packet.

  Version: 3.0

  Source ipv4 address: 2.2.2.2

  Source ipv6 address:

  Log load balance function: Disabled

  Local time stamp: Disabled

  Number of log hosts: 2

 

  Log host 1:

    Host/Port: 1.2.3.6/2000

    Total logs/UDP packets exported: 112/87

 

  Log host 2:

    VPN instance:abc

    Host/Port:1.1.1.1/2000

    Total logs/UDP packets exported: 6553665536/409597846

Table 1 Command output

Field

Description

Flow

Flow log configuration and statistics.

Export flow log as UDP Packet

Flow log entries were sent to log hosts in UDP.

Version

Flow log feature version.

Source ipv4/ipv6 address

Source IP address of the flow log packets.

Log load balance function

Load balancing status for flow log packets:

·     Enabled—Flow log packets are distributed among available log hosts.

·     Disabled—Every flow log packet is copied and sent to all available log hosts.

Local time stamp

Whether the use of the local time in the flow log timestamp is enabled or disabled.

Number of log hosts

Total number of log hosts.

Log host

Information about the log host.

VPN instance

VPN instance to which the log host belongs.

Host/port

IP address and port number of the log host.

Total logs

Total number of flow log entries successfully exported and those failed to be exported to the log hosts.

UDP packets exported

Total number of UDP packets successfully sent and those failed to be sent to the log hosts.

The UDP packets are used to export flow log entries. A UDP packet can contain multiple flow log entries.

Related commands

userlog flow export

display userlog host-group

Use display userlog host-group to display flow log host group information.

Syntax

display userlog host-group [ ipv6 ] [ host-group-name ]

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

ipv6: Specifies an IPv6 flow log host group. Do not configure this keyword if you want to specify an IPv4 flow log host group.

host-group-name: Specify a flow log host group by its name, a case-sensitive string of 1 to 63 characters. If you do not specify a log host group, this command displays information about all log host groups.

Examples

# Display information about IPv4 flow log host group test.

<Sysname> display userlog host-group test

Userlog host-group test:

  ACL number: 2000

 

  Flow log host numbers: 1

 

    Log host 1:

      VPN-instance: test

      Host/port: 1.1.1.2/2000

# Display information about all IPv4 flow log host groups.

<Sysname> display userlog host-group

There are 2 IPv4 host groups.

 

Userlog host-group test:

  ACL number: 2000

 

  Flow log host numbers: 1

 

    Log host 1:

      VPN-instance: test

      Host/Port: 1.2.3.6/0

 

Userlog host-group test2:

  ACL name: test

 

  Flow log host numbers: 1

 

    Log host 1:

      Host/Port: 1.1.1.1/0

Table 2 Command output

Field

Description

Userlog host-group test

Information about a flow log host group.

ACL number/ACL name

ACL used by the log host group to match flow log entries.

Flow log host numbers

Number of flow log hosts in the group.

Log host

Information about a flow log host.

VPN-instance

VPN instance to which the log host belongs.

This field is not displayed if no VPN instance is specified for the log host.

Host/Port

IP address and port number of the log host.

 

Related commands

userlog host-group

userlog host-group host flow

reset userlog flow export

Use reset userlog flow export to clear flow log statistics.

Syntax

reset userlog flow export

Views

User view

Predefined user roles

network-admin

Examples

# Clear flow log statistics.

<Sysname> reset userlog flow export

Related commands

userlog flow export

userlog flow export host

Use userlog flow export host to specify a log host to receive flow log entries.

Use undo userlog flow export host to remove a log host.

Syntax

userlog flow export [ vpn-instance vpn-instance-name ] host { hostname | ipv4-address | ipv6 ipv6-address } port udp-port

undo userlog flow export [ vpn-instance vpn-instance-name ] host { hostname | ipv4-address | ipv6 ipv6-address }

Default

No log hosts are specified.

Views

System view

Predefined user roles

network-admin

Parameters

vpn-instance vpn-instance-name: Specifies an MPLS L3VPN instance by its name, a case-sensitive string of 1 to 31 characters. If the log host is on the public network, do not specify this option.

hostname: Specifies a log host by its name, a case-insensitive string of 1 to 253 characters. The host name can contain letters, digits, and special characters including hyphen (-), underscore (_), and dot (.).

ipv4-address: Specifies a log host by its IPv4 address. The address must be a valid unicast address and cannot be a loopback address.

ipv6 ipv6-address: Specifies a log host by its IPv6 address.

port udp-port: Specifies the UDP port number of the log host, in the range of 1 to 65535. As a best practice, use UDP port numbers in the range 1025 to 65535 to avoid collision with well-known UDP port numbers.

Examples

# Export flow log entries to UDP port 2000 on the log host at 1.2.3.6.

<Sysname> system-view

[Sysname] userlog flow export host 1.2.3.6 port 2000

Related commands

display userlog export

userlog flow export load-balancing

Use userlog flow export load-balancing to enable load balancing for flow log entries.

Use undo userlog flow export load-balancing to restore the default.

Syntax

userlog flow export load-balancing

undo userlog flow export load-balancing

Default

Load balancing is disabled. The device sends a copy of each flow log entry to all available log hosts.

Views

System view

Predefined user roles

network-admin

Usage guidelines

In load balancing mode, flow log entries are distributed among log hosts based on the source IP addresses (before NAT) that are recorded in the entries. The flow log entries generated for the same source IP address are sent to the same log host. If a log host goes down, the flow logs sent to it will be lost.

Examples

# Enable load balancing for flow logging.

<Sysname> system-view

[Sysname] userlog flow export load-balancing

Related commands

userlog flow export host

userlog flow export source-ip

Use userlog flow export source-ip to specify a source IP address for flow log packets.

Use undo userlog flow export source-ip to restore the default.

Syntax

userlog flow export source-ip { ipv4-address | ipv6 ipv6-address }

undo userlog flow export source-ip [ ipv6 ]

Default

The source IP address of flow log packets is the IP address of their outgoing interface.

Views

System view

Predefined user roles

network-admin

Parameters

ipv4-address: Specifies an IPv4 address.

ipv6 ipv6-address: Specifies an IPv6 address.

Examples

# Specify 1.2.1.2 as the source IP address for flow log packets.

<Sysname> system-view

[Sysname] userlog flow export source-ip 1.2.1.2

Related commands

userlog flow export host

userlog flow export timestamp localtime

Use userlog flow export timestamp localtime to configure the device to use the local time in the timestamp of flow logs.

Use undo userlog flow export timestamp localtime to restore the default.

Syntax

userlog flow export timestamp localtime

undo userlog flow export timestamp localtime

Default

The device uses the UTC time in the timestamp of flow logs.

Views

System view

Predefined user roles

network-admin

Usage guidelines

The device uses either the local time or the UTC time in the timestamp of flow logs.

·     UTC time—Standard Greenwich Mean Time (GMT).

·     Local time—Standard GMT plus or minus the time zone offset.

The time zone offset can be configured by using the clock timezone command. For more information, see Fundamentals Command Reference.

Examples

# Configure the device to use the local time in the timestamp of flow logs.

<Sysname> system-view

[Sysname] userlog flow export timestamp localtime

userlog flow export version

Use userlog flow export version to set the flow log version.

Use undo userlog flow export version to restore the default.

Syntax

userlog flow export version version-number

undo userlog flow export version

Default

The flow log version is 1.0.

Views

System view

Predefined user roles

network-admin

Parameters

version-number: Specifies a flow log version. Available options are 1, 3, and 5, which represent version 1.0, version 3.0, and version 5.0.

Usage guidelines

If you execute this command multiple times, the most recent configuration takes effect.

Examples

# Set the flow log version to 3.0.

<Sysname> system-view

[Sysname] userlog flow export version 3

Related commands

userlog flow export host

userlog flow syslog

Use userlog flow syslog to specify the information center as the destination for flow log export.

Use undo userlog flow syslog to restore the default.

Syntax

userlog flow syslog

undo userlog flow syslog

Default

Flow log entries are not exported.

Views

System view

Predefined user roles

network-admin

Usage guidelines

You can export flow log entries to log hosts or the information center, but not both. If both methods are configured, the system exports flow log entries to the information center.

Flow log entries are converted to the syslog format when they are exported to the information center. Their severity level is informational. With the information center, you can specify multiple log output destinations, including the console, log host, and log file.

Log entries in ASCII format are human readable. However, the log data volume is higher in ASCII format than in binary format.

Examples

# Specify the information center as the destination for flow log export.

<Sysname> system-view

[Sysname] userlog flow syslog

Related commands

userlog flow export host

userlog host-group

Use userlog host-group to create a flow log host group and enter its view, or enter the view of an existing flow log host group.

Use undo userlog host-group to delete a flow log host group.

Syntax

userlog host-group [ ipv6 ] host-group-name acl { name acl-name | number acl-number }

undo userlog host-group [ ipv6 ] host-group-name

Default

No flow log host groups exist.

Views

System view

Predefined user roles

network-admin

Parameters

ipv6: Creates an IPv6 flow log host group. Do not configure this keyword if you want to create an IPv4 flow log host group.

host-group-name: Specify a name for the flow log host group, a case-sensitive string of 1 to 63 characters.

acl: Specify an ACL to match the flow log entries to be sent to the flow log host group.

name acl-name: Specifies the ACL name, a case-insensitive string of 1 to 63 characters. The ACL name must start with a letter and cannot be all.

number acl-number: Specifies the ACL number, in the range of 2000 to 3999.

Usage guidelines

The flow log host group feature enables the device to send specific flow logs to specific group of log hosts. This facilitates log filtering and reduces the log sending and processing workload of the device.

A flow log host group uses an ACL to match the flow logs to be sent to it. Make sure the ACL exists and the ACL rules can identify the designated flow logs.

A flow log matches a log host group if it matches the group's ACL, and it is sent only to the log hosts in the matching group.

If a flow log matches multiple log host groups, the device sends the log to the group that comes first in alphabetical order of the matching group names.

If a flow log does not match any log host groups, the device ignores the log host group configuration and sends the log to all configured log hosts.

Examples

# Create an IPv4 flow log host group named test and specify ACL 2000 for it.

<Sysname> system-view

[Sysname] userlog host-group test acl number 2000

[Sysname-userlog-host-group-test]

Related commands

display userlog host-group

userlog host-group host flow

userlog host-group host flow

Use userlog host-group host flow to assign a log host to a flow log host group.

Use undo userlog host-group host flow to remove a log host from a flow log host group.

Syntax

IPv4 flow log host group view:

userlog host-group [ vpn-instance vpn-instance-name ] host flow { hostname | ipv4-address }

undo userlog host-group [ vpn-instace vpn-instance-name ] host flow { hostname | ipv4-address }

IPv6 flow log host group view:

userlog host-group [ vpn-instance vpn-instance-name ] host flow ipv6 { hostname | ipv6-address }

undo userlog host-group [ vpn-instance vpn-instance-name ] host flow ipv6 { hostname | ipv6-address }

Default

No log hosts exist in a flow log host group.

Views

IPv4 flow log host group view

IPv6 flow log host group view

Predefined user roles

network-admin

Parameters

vpn-instance vpn-instance-name: Specifies an MPLS L3VPN instance by its name, a case-sensitive string of 1 to 31 characters. If the log host is on the public network, do not specify this option.

hostname: Specifies a log host by its name, a case-insensitive string of 1 to 253 characters. The host name can contain letters, digits, hyphens (-), underscores (_), and dots (.).

ipv4-address: Specifies a log host by its IPv4 address. The address must be a valid IPv4 unicast address and cannot be a loopback address.

ipv6 ipv6-address: Specifies a log host by its IPv6 address. The address must be a valid IPv6 unicast address and cannot be a loopback address or all zeros.

Usage guidelines

A flow log host group can contain multiple log hosts, and a log host can be assigned to multiple flow log host groups.

Before you assign a log host to a flow log host group, make sure the log host has been configured on the device by using userlog flow export host the command.

Examples

# Assign a log host to flow log host group test.

<Sysname> system-view

[Sysname] userlog host-group test acl number 2000

[Sysname-userlog-host-group-test] userlog host-group host flow 1.2.3.6

Related commands

display userlog host-group

userlog flow export host

userlog host-group