Contents

Data analysis center commands· 1

dac email-server client-authentication enable· 1

dac email-server dns-server 1

dac email-server password· 2

dac email-server secure-authentication enable· 3

dac email-server sender 3

dac email-server server-address· 4

dac email-server username· 5

dac log-collect enable· 5

dac log-display enable· 6

dac report 7

dac storage· 8

dac traffic-statistics enable· 9

display dac email-server 10

display dac log-collect 11

display dac log-display· 12

display dac report 13

display dac storage· 14

display dac traffic-statistics· 15

Data analysis center commands

dac email-server client-authentication enable

Use dac email-server client-authentication enable to enable email client authentication.

Use undo dac email-server client-authentication enable to disable email client authentication.

Syntax

dac email-server client-authentication enable

undo dac email-server client-authentication enable

Default

Email client authentication is disabled.

Views

System view

Predefined user roles

network-admin

mdc-admin

Usage guidelines

Enable email client authentication on the device if the email server (specified by the dac email-server server-address command) requires client identity authentication.

For successful email client authentication, you must configure the correct username and password for connecting to the email server.

Examples

# Enable email client authentication.

<Sysname> system-view

[Sysname] dac email-server client-authentication enable

Related commands

dac email-server server-address

dac email-server username

dac email-server password

dac email-server dns-server

Use dac email-server dns-server to specify the DNS server address.

Use unto dac email-server dns-server to restore the default.

Syntax

dac email-server dns-server ip-address

undo dac email-server dns-server

Default

No DNS server address is specified.

Views

System view

Predefined user roles

network-admin

mdc-admin

Parameters

ip-address: Specifies the IPv4 address of the DNS server, in dotted decimal notation.

Usage guidelines

The DNS server is required if you specify the host name of the email server. The DNS server resolves the host name into the IP address before the device sends emails through the email server.

Examples

# Set the DNS server address to 192.168.0.1.

<Sysname> system-view

[Sysname] dac email-server dns-server 192.168.0.1

dac email-server password

Use dac email-server password to set the password for connecting to the email server.

Use unto dac email-server password to restore the default.

Syntax

dac email-server password { cipher | simple } string

undo dac email-server password

Default

The password for connecting to the email server is not specified.

Views

System view

Predefined user roles

network-admin

mdc-admin

Parameters

cipher: Specifies a password in encrypted form.

simple: Specifies a password in plaintext form. For security purposes, the password specified in plaintext form will be stored in encrypted form.

string: Specifies the password. Its plaintext form is a case-sensitive string of 1 to 63 characters. Its encrypted form is a case-sensitive string of 1 to 117 characters.

Usage guidelines

Both the username and password for connecting to the email server are required if email client authentication is enabled.

If you configure this command multiple times, the most recent configuration takes effect.

Examples

# Specify abc123 as the password for connecting to the email server.

<Sysname> system-view

[Sysname] dac email-server password simple abc123

Related commands

dac email-server client-authentication enable

dac email-server username

dac email-server secure-authentication enable

Use dac email-server secure-authentication enable to enable secure transmission of authentication credentials.

Use undo dac email-server secure-authentication enable to disable secure transmission of authentication credentials.

Syntax

dac email-server secure-authentication enable

undo dac email-server secure-authentication enable

Default

Secure transmission of authentication credentials is disabled.

Views

System view

Predefined user roles

network-admin

mdc-admin

Usage guidelines

This command enables the device to transmit email client authentication credentials to the email server over a secure channel.

This command takes effect only after email client authentication is enabled.

Examples

# Enable secure transmission of authentication credentials.

<Sysname> system-view

[Sysname] dac email-server secure-authentication enable

Related commands

dac email-server client-authentication enable

dac email-server sender

Use dac email-server sender to specify the email sender address.

Use undo dac email-server sender to restore the default.

Syntax

dac email-server sender address-string

undo dac email-server sender

Default

The email sender address is not specified.

Views

System view

Predefined user roles

network-admin

mdc-admin

Parameters

address-string: Specifies the email sender address, as case-sensitive string of 3 to 63 characters.

Usage guidelines

The data analysis center (DAC) uses the specified email sender address send emails.

Examples

# Specify mailto:abc@123.com as the email sender address.

<Sysname> system-view

[Sysname] dac email-server sender abc@123.com

Related commands

dac email-server server-address

dac email-server server-address

Use dac email-server server-address to specify the email server address for the DAC.

Use undo dac email-server server-address to restore the default.

Syntax

dac email-server server-address address-string

undo dac email-server server-address

Default

No email server is specified for the DAC.

Views

System view

Predefined user roles

network-admin

mdc-admin

Parameters

address-string: Specifies the IP address or host name of the email server. The host name is a case-sensitive string of 3 to 63 characters.

Usage guidelines

The DAC can send emails only after the both email server address and email sender address are configured.

If you configure this command multiple times, the most recent configuration takes effect.

Examples

# Specify 101.1.1.255 as email server address for the DAC.

<Sysname> system-view

[Sysname] dac email-server server-address 101.1.1.225

Related commands

dac email-server sender

dac email-server username

Use dac email-server username to set the username for connecting to the email server.

Use undo dac email-server username to restore the default.

Syntax

dac email-server username username

undo dac email-server username

Default

The username for connecting to the email server is not specified.

Views

System view

Predefined user roles

network-admin

mdc-admin

Parameters

username: Specifies the username, a case-sensitive string of 1 to 63 characters.

Usage guidelines

If you configure this command multiple times, the most recent configuration takes effect.

Examples

# Specify admin as the username for connecting to the email server.

<Sysname> system-view

[Sysname] dac email-server username admin

Related commands

dac email-server client-authentication enable

dac email-server password

dac log-collect enable

Use dac log-collect enable to enable the log collection for a service that is registered to the DAC.

Use undo dac log-collect enable to disable the log collection for a service.

Syntax

dac log-collect service service-type service-name enable

undo dac log-collect service service-type service-name enable

Default

The log collection status for each service varies by service setting when the service module is registered to the DAC.

Views

System view

Predefined user roles

network-admin

mdc-admin

Parameters

service-type: Specifies the type of a service that is registered to the DAC. The service type name is a case-insensitive string. To view the supported service type, enter a question mark (?) for this argument.

service-name: Specifies the name of a service that is registered to the DAC. The service name is a case-insensitive string. To view the supported service name, enter a question mark (?) for this argument.

Usage guidelines

This command enables the log collection for a specific service. To collect the log messages for the traffic service, first enable the session statistics collection and then enable the log collection.

Repeat this command to enable log collection for multiple services.

Examples

# Enable the log collection for the DPI traffic service.

<Sysname> system-view

[Sysname] dac log-collet service dpi traffic enable

Related commands

display dac log-collect

dac log-display enable

Use dac log-display enable to enable the real-time log display.

Use undo dac log-collect enable to disable the real-time log display.

Syntax

dac log-display service service-type service-name enable

undo dac log-display service service-type service-name enable

Default

The real-time log display for all services is disabled.

Views

System view

Predefined user roles

network-admin

mdc-admin

Parameters

service-type: Specifies the type of a service that is registered with the DAC. The service type name is a case-insensitive string. To view the supported service type, enter a question mark (?) for this argument.

service-name: Specifies the name of a service that is registered with the DAC. The service name is a case-insensitive string. To view the supported service name, enter a question mark (?) for this argument.

Usage guidelines

This command for a service takes effect only after the log collection for the service is enabled by the dac log-collect enable command.

With this feature enabled, you can see the real-time log messages displayed on the Web interface.

Repeat this command to enable real-time log display for multiple services.

DPI do not support this feature in the current software version.

Examples

# Enable the real-time display for system logs.

<Sysname> system-view

[Sysname] dac log-display service syslog syslog enable

Related commands

dac log-collect enable

display dac log-display

dac report

Use dac report to configure the subscription parameters for a report type.

Use undo dac report to remove the subscription parameters for a report type.

Syntax

dac report type { comparison | integrated | intelligent | summary } subscriber mail-address [ language { chinese | english } ]

undo dac report type { comparison | integrated | intelligent | summary } [ subscriber mail-address ]

Default

No report subscription parameters are configured.

Views

System view

Predefined user roles

network-admin

mdc-admin

Parameters

comparison: Specifies the comparison report.

integrated: Specifies the integrated report.

intelligent: Specifies the intelligent report.

summary: Specifies the summary report.

subscriber mail-address: Specifies the email address of the report subscriber, a case-sensitive string of 3 to 63 characters.

language: Specifies a language for the reports. If you do not specify this keyword, Chinese is used in the reports.

chinese: Uses Chinese in the reports.

english: Uses English in the reports.

Usage guidelines

You can configure a maximum of 50 subscribers for each report type.

If you do not specify a subscriber, the undo command removes all subscribers for the specified report type.

Examples

# Specify admin@qq.com and English as the subscriber address and language for the summary report, respectively.

<Sysname> system-view

[Sysname] dac report type summary subscriber admin@qq.com language english

# Remove subscriber address admin@qq.com for the summary report.

<Sysname> system-view

[Sysname] undo dac report type summary subscriber admin@qq.com

Related commands

display dac report

dac storage

Use dac storage to configure the data storage limits for a service.

Use undo dac storage to restore the default.

Syntax

dac storage service service-type service-name limit { hold-time time-value | usage usage-value | action { delete | log-only } }

undo dac storage service service-type service-name limit { hold-time | usage | action }

Default

The service data can be saved for a maximum of 365 days.

The data of each service can occupy up to 20% of the total storage space.

If the storage time or storage space usage limit is exceeded, the system deletes the expired or the oldest data.

Views

System view

Predefined user roles

network-admin

Parameters

service-type: Specifies the type of a service that is registered with the DAC. The service type name is a case-insensitive string. To view the supported service type, enter a question mark (?) for this argument.

service-name: Specifies the name of a service that is registered with the DAC. The service name is a case-insensitive string. To view the supported service name, enter a question mark (?) for this argument.

limit: Configures the data storage limits for a service.

hold-time time-value: Specifies the storage time limit in days. The value range is 1 to 65535. The storage time limit should be longer than the number of days that the oldest service data has been stored for.

usage usage-value: Specifies the percentage of the total storage space the service data can occupy. The value range is 1 to 100. The storage usage limit should be higher than the current storage usage of the service.

action: Specifies the action to take when a data storage limit is exceeded.

delete: Deletes data collected on the oldest dates and generates a log message. The data of the current date cannot be deleted.

log-only: Generates a log message only. When a storage limit is exceeded, old data are not deleted and new data cannot be saved.

Usage guidelines

The DAC periodically checks the data of each service to determine if the storage time or storage space usage limit is exceeded.

·     If a storage limit is exceeded and the action is delete, the system deletes the expired or the oldest service data. A log will be generated to report the event.

·     If a storage limit is exceeded and the action is log-only, the system generates a log message. New data will not be saved.

If you configure this command to set the storage time limit for a service multiple times, the most recent configuration takes effect. The same is true for setting the storage space limit or storage limit-violated action for a service. You can view the storage space usage of each service on the Web interface.

This command is supported only on the default MDC. For more information about MDC, see MDC configuration in Virtual Technologies Configuration Guide.

Examples

# Set the storage time limit, storage space limit, and the action to take when the limits are exceeded for the traffic service.

<Sysname> system-view

[Sysname] dac storage service dpi traffic limit hold-time 60

[Sysname] dac storage service dpi traffic limit usage 30

[Sysname] dac storage service dpi traffic limit action delete

dac traffic-statistics enable

Use dac traffic-statistics enable to enable real-time traffic statistics collection.

Use undo dac traffic-statistics enable to disable real-time traffic statistics collection.

Syntax

dac traffic-statistics { application | user } enable [ verbose ]

undo dac traffic-statistics { application | user } enable

Default

The real-time traffic statistics collection is disabled.

Views

System view

Predefined user roles

network-admin

mdc-admin

Parameters

application: Collects application traffic statistics in real time.

user: Collects user traffic statistics in real time.

verbose: Collects detailed traffic information in real time. If you do not specify this keyword, this command collects brief traffic information in real time.

Usage guidelines

To collect the traffic statistics in real time, you must first enable the session statistics collection. For more information about the collected session statistics, see session management in Security Configuration Guide.

The detailed information about user traffic that is collected in real time provides used applications on a per-user basis.

The detailed information about application traffic that is collected in real time provides user information on a per-application basis.

Repeat this command to enable multiple collections of real-time traffic statistics.

Examples

# Enable the collection of detailed user traffic statistics in real time.

<Sysname> system-view

[Sysname] dac traffic-statistics user enable verbose

Related commands

display dac traffic-statistics

display dac email-server

Use display dac email-server to display the email server configuration of the DAC.

Syntax

display dac email-server

Views

Any view

Predefined user roles

network-admin

network-operator

mdc-admin

mdc-operator

Examples

# Display the email server configuration of the DAC.

<Sysname> display dac email-server

Mail server address : 2.2.2.2

        Mail sender address : qqq@11.com

         DNS server address : 1.1.1.1

             Authentication : Enable

      secure-authentication : Enable

                   Username : lkx

                   password : ******

Table 1 Command output

Field	Description
Authentication	Enabling status of the email client authentication.
Secure-authentication	Enabling status of the secure transmission of authentication credentials.
Username	Username for connecting to the email server.
Password	Password for connecting to the email server.

 

display dac log-collect

Use display dac log-collect to display the log collection configuration for a service.

Syntax

display dac log-collect { all | service service-type service-name }

Views

Any view

Predefined user roles

network-admin

network-operator

mdc-admin

mdc-operator

Parameters

all: Specifies all types of services that are registered with the DAC. The DAC provides functions only for services that have registered with the DAC.

service-type: Specifies the type of a service that is registered with the DAC. The service type name is a case-insensitive string. To view the supported service type, enter a question mark (?) for this argument.

service-name: Specifies the name of a service that is registered with the DAC. The service name is a case-insensitive string. To view the supported service name, enter a question mark (?) for this argument.

Examples

# Display the log collection configuration for all services.

<Sysname> system-view

[Sysname] display dac log-collect all

Service type   Service            Status

 

Slot 1:

dpi       audit                Disabled

dpi       ffilter              Disabled

dpi       threat               Disabled

dpi       traffic              Enabled

dpi       uflt                 Disabled

Table 2 Command output

Field	Description
Service	Service name.
Status	Status of the log collection: Disabled or Enabled.

‌

Related commands

dac log-collect enable

display dac log-display

Use display dac log-display to display the configuration of the real-time log display.

Syntax

display dac log-display { all | service service-type service-name }

Views

Any view

Predefined user roles

network-admin

network-operator

mdc-admin

mdc-operator

Parameters

all: Specifies all types of services that are registered with the DAC. The DAC provides functions only for services that have registered with the DAC.

service-type: Specifies the type of a service that is registered with the DAC. The service type name is a case-insensitive string. To view the supported service type, enter a question mark (?) for this argument.

service-name: Specifies the name of a service that is registered with the DAC. The service name is a case-insensitive string. To view the supported service name, enter a question mark (?) for this argument.

Examples

# Display the configuration of the real-time log display.

<Sysname> system-view

[Sysname] display dac log-display syslog syslog

Service type     Service        Status

 

Slot 1:

syslog             syslog           Disabled

syslog             cfglog           Disabled

Table 3 Command output

Field	Description
Service	Service name.
Status	Status of the log collection: Disabled or Enabled.

‌

Related commands

dac log-display enable

display dac report

Use display dac report to display report subscriber information.

Syntax

display dac report [ comparison | integrated | intelligent | summary ]

Views

Any view

Predefined user roles

network-admin

network-operator

mdc-admin

mdc-operator

Parameters

comparison: Specifies the comparison report.

integrated: Specifies the integrated report.

intelligent: Specifies the intelligent report.

summary: Specifies the summary report.

Usage guidelines

If you do not specify a report type, this command displays subscriber information for all report types.

Examples

# Display subscriber information for all report types.

<Sysname> display dac report

Total subscribers:4

Summary subscribers:1

Comparison subscribers:1

Intelligent subscribers:1

Integrated subscribers:1

Report type       Language    Subscriber email

Summary           CH          124@123.com

Comparison        CH          111@123.com

Intelligent       EN          123@123.com

Integrated        EN          112@123.com

Table 4 Command output

Field	Description
Total subscribers	Total number of subscribers.
Summary subscribers	Number of subscribers for the summary report.
Comparison subscribers	Number of subscribers for the comparison report.
Intelligent subscribers	Number of subscribers for the intelligent report.
Integrated subscribers	Number of subscribers for the integrated report.
Language	Language used in the reports: ·     CH—Chinese. ·     EN—English.
Subscriber email	Email address of a report subscriber.

 

display dac storage

Use display dac storage to display the data storage limit configuration for services.

Syntax

display dac storage [service-type service-name ]

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

service-type: Specifies the type of a service that is registered with the DAC. The service type name is a case-insensitive string. To view the supported service type, enter a question mark (?) for this argument.

service-name: Specifies the name of a service that is registered with the DAC. The service name is a case-insensitive string. To view the supported service name, enter a question mark (?) for this argument.

Usage guidelines

If you do not specify a service, this command displays the data storage limit configuration for all services.

This command is supported only on the default MDC. For more information about MDCs, see MDC configuration in Virtual Technologies Configuration Guide.

Examples

# Displays the data storage limit configuration for all services.

<Sysname> display dac storage

Total services           :1

 

Service type     Service name            Time limit (days)       Usage limit

         Action

syslog           cfglog                  365                     20%

         delete

---- More ----

Table 5 Command output

Field	Description
Total services	Total number of services.
Time limit	Storage time limit in days.
Usage limit	Storage space usage limit in percentage.
Action	Action to take when the storage time limit or space limit is exceed. ·     delete—Delete the oldest data, and generates a log message. ·     log-only—Generate a log message only.

‌

display dac traffic-statistics

Use display dac traffic-statistics to display the configuration of the real-time traffic statistics collection.

Syntax

display dac traffic-statistics [ application | user ]

Views

Any view

Predefined user roles

network-admin

network-operator

mdc-admin

mdc-operator

Parameters

application: Speciifes the collection of the real-time application traffic statistics.

user: Specifies the collection of the real-time user traffic statistics.

Usage guidelines

If you do not specify any keyword, this command displays the configuration of the collection for all real-time traffic statistics.

Examples

# Displays the configuration of the real-time user traffic statistics collection.

<Sysname> system-view

[Sysname] display dac traffic-statistics user

Slot 1:

Type               Status

User               Enabled (verbose)

Table 6 Command output

Field	Description
Type	Type of traffic collected in real time: ·     Application. ·     User.
Status	Status of the real-time traffic statistics collection: ·     Disabled—This feature is disabled. ·     Enabled (brief)—This feature is enabled, and the DAC collects brief traffic information. ·     Enabled (verbose)—This feature is enabled, and the DAC collects detailed traffic information.

‌