The device supports configuring fast log output using either v1 or v2 commands. As a best practice, use v2, as it allows for more convenient maintenance of the types of fast logs to be sent.

Fast log output commands (v2) (recommended)

The module command in fast log output (v2) provides a set of parameters for all service modules. However, whether the configured parameters can take effect on a specific service module depends on whether the device supports that service module. For example, if the device does not support NAT, the device will not generate NAT-related fast logs, even if NAT fast log output parameters have been configured in the commands.

broker

Use broker to specify a Kafka broker.

Use undo broker to restore the default.

Syntax

broker { hostname | ipv4-address | ipv6 ipv6-address } [ port port-number]

undo broker { hostname | ipv4-address | ipv6 ipv6-address }

Default

No Kafka broker is specified.

Views

Kafka server view

Predefined user roles

network-admin

Parameters

hostname: Specifies a hostname for the Kafka broker, a case-insensitive string of 1 to 253 characters. The hostname can contain letters, numbers, hyphens (-), underscores (_), and dots (.).

ipv4-address: Specifies an IP address for the Kafka broker.

ipv6 ipv6-address: Specifies an IPv6 address for the Kafka broker.

port port-number: Specifies a port number of the Kafka broker for receiving logs, in the range of 1 to 65535. The default port number is 9092. For the Kafka broker to receive logs, make sure the port number is the same as that configured for the broker on the Kafka server side.

Usage guidelines

A broker is a member of a Kafka server cluster. After you configure the IP address and port of a broker for receiving logs on the device side, the device will send logs in Kafka format to the specified address.

Examples

# Specify a Kafka broker with IP address 1.1.1.1 and port number 9092 in Kafka server ABC.

<Sysname> system-view

[Sysname] kafka-server ABC

[Sysname- kafka-server-ABC] broker 1.1.1.1 port 9092

Related commands

kafka-server

customlog character-encoding utf-8

Use customlog character-encoding utf-8 to configure fast log output to use the UTF-8 encoding.

Use undo customlog character-encoding to restore the default.

Syntax

customlog character-encoding utf-8

undo customlog character-encoding

Default

Fast log output uses the GB18030 encoding.

Views

System view

Predefined user roles

network-admin

Usage guidelines

For the log host to correctly display Chinese characters in received log messages, make sure the fast log output module uses the same character set encoding as the log host. Fast log output supports using GB18030 and UTF-8 encodings.

Examples

# Configure fast log output to use the UTF-8 encoding.

<Sysname> system-view

[Sysname] customlog character-encoding utf-8

customlog host v2

Use customlog host v2 to configure a log host for fast log output and enter its view, or enter the view of an existing log host.

Use undo customlog host v2 to delete a log host for fast log output.

Syntax

customlog host v2 { hostname | ipv4-address | ipv6 ipv6-address } [ port port-number ]

undo customlog host v2 { hostname | ipv4-address | ipv6 ipv6-address } [ port port-number ]

Default

No log hosts are configured for fast log output.

Views

System view

Predefined user roles

network-admin

context-admin

Parameters

hostname: Specifies a log host by its host name, a case-insensitive string of 1 to 253 characters. Valid characters are letters, digits, hyphens (-), underscores (_), and dot (.).

ipv4-address: Specifies a log host by its IPv4 address.

ipv6 ipv6-address: Specifies a log host by its IPv6 address.

port port-number: Specifies the port number on which the log host receives log data. The value range is 1 to 65535 and the default is 514. The setting must be the same as the port number configured on the log host. Otherwise, the log host cannot receive logs.

Usage guidelines

You can specify a maximum of eight log hosts for fast log output.

The log host resources on the device are shared by the customlog host v2 command and the customlog host command. If the customlog host command has already specified eight log hosts, you cannot use the customlog host v2 command to specify additional log hosts, and vice versa.

Compared to the log hosts configured with the customlog host command, those configured with the customlog host v2 command allow for easier maintenance of the types of fast output logs to be sent.

If you specify a log host by the host name, you must also use the ip host or ipv6 host command to specify the corresponding IP address for the host name. Failure to do so will result in the specified log host being unable to receive log messages.

Examples

# Configure the log host with an IP address of 1.1.1.1 and a port number of 1000 for fast log output, and enter log host view.

<Sysname> system-view

[Sysname] customlog host v2 1.1.1.1 port 1000

[Sysname-customlog-host-v2-1.1.1.1/1000]

Related commands

customlog host

ip host (Network Connectivity Command Reference)

ipv6 host (Network Connectivity Command Reference)

customlog host v2 test

Use customlog host v2 test to send a specified number and type of test logs.

Syntax

customlog host v2 test count number { anti-virus | attack-defense | audit | data-filter | file-filter | ips | keepalive | loadbalance { global-intelligent-dns | local-intelligent-dns | outbound-link-lb | server-lb | transparent-dns-proxy } | nat | sandbox | security-policy | security-policy-config | session | sslvpn | traffic-policy | url-filter } [ kernel ]

Default

No test log number or type is specified.

Views

System view

Predefined user roles

network-admin

context-admin

Parameters

count: Specifies the number of test logs to be sent for the test. The value range for the number argument is 1 to 100.

anti-virus: Sends logs from the anti-virus module to the log host.

attack-defense: Sends logs from the attack detection and prevention module to the log host.

audit: Sends logs from the application audit and management module to the log host.

data-filter: Sends logs from the data filtering module to the log host.

file-filter: Sends logs from the file filtering module to the log host.

ips: Send logs from the intrusion prevention system (IPS) module to the log host.

keepalive: Sends logs from the keepalive module to the log host.

loadbalance { global-intelligent-dns | local-intelligent-dns | outbound-link-lb | server-lb | transparent-dns-proxy }: Sends logs from a load balancing module to the log host. If you do not specify a load balancing module, the device can send logs from all load balancing-related modules to the log host.

· global-intelligent-dns: Specifies the LB global intelligent DNS module.

· local-intelligent-dns: Specifies the LB local intelligent DNS module.

· outbound-link-lb: Specifies the outbound link load balancing module.

· server-lb: Specifies the server load balancing module.

· transparent-dns-proxy: Specifies the LB DNS transparent proxy module.

nat: Sends logs from the NAT module to the log host.

security-policy: Sends security policy packet matching logs to the log host.

security-policy-config: Sends security policy configuration logs to the log host.

session: Sends the session management module logs to the log host.

sslvpn: Sends the SSL VPN module logs to the log host.

traffic-policy: Sends the bandwidth management module logs to the log host.

url-filter: Sends logs from the URL filtering module to the log host.

kernel: Sends the test logs in kernel mode.

Usage guidelines

After a log host is configured for fast log output, use this command to generate a specific type of test logs and check if the log host can receive these test logs normally.

The log host does not reply to the device after it receives the test logs. You need to check the test result on the log host.

Examples

# Send test logs for the SSL VPN module.

<Sysname> customlog host v2 test count 1 sslvpn

Related commands

customlog host v2

customlog host source

Use customlog host source to specify a source IP address for fast log output.

Use undo customlog host source to restore the default.

Syntax

customlog host source interface-type interface-number

undo customlog host source

Default

The source IP address of fast output logs is the primary IP address of the outgoing interface.

Views

System view

Predefined user roles

network-admin

Parameters

interface-type interface-number: Specifies a source interface by its type and number. The interface's primary IP address will be used as the source IP address of fast output logs.

Usage guidelines

Configure this command when you need to filter logs according to their source IP addresses on the log host.

The customlog host source command takes effect only after the customlog format and customlog host commands are configured.

Examples

# Use the IP address of Loopback 0 as the source IP address of fast output logs.

<Sysname> system-view

[Sysname] interface loopback 0

[Sysname-LoopBack0] ip address 2.2.2.2 32

[Sysname-LoopBack0] quit

[Sysname] customlog host source loopback 0

customlog kafka-server

Use customlog kafka-server to enable output of fast logs to a Kafka server.

Use undo customlog kafka-server to disable output of fast logs to a Kafka server.

Syntax

customlog kafka-server server-name topic topic-name export dpi ips

undo customlog kafka-server server-name topic topic-name export

Default

Output of fast logs to a Kafka server is disabled.

Views

System view

Predefined user roles

network-admin

Parameters

server-name: Specifies a name for the Kafka server, a case-sensitive string of 1 to 15 characters. Valid characters are letters, digits, and underscores (_).

topic topic-name: Specifies a topic for the logs output to the Kafka server, a case-sensitive string of 1 to 249 characters. The topic can contain letters, numbers, hyphens (-), and underscores (_).

export: Specifies the type of logs to be output to the Kafka server.

dpi: Specifies the DPI module.

ips: Specifies the IPS module.

Usage guidelines

This command takes effect only when you have enabled fast log output for the corresponding modules using the customlog format command.

Examples

# Enable fast output of IPS logs to Kafka server ABC.

<Sysname> system-view

[Sysname] customlog kafka-server ABC topic TP1 export dpi ips

Related commands

kafka-server

customlog language

Use customlog language to specify a language for fast log output.

Use undo customlog language to restore the default.

Syntax

customlog language { chinese | english }

undo customlog language

Default

Fast logs are output in English.

Views

System view

Predefined user roles

network-admin

Parameters

chinese: Specifies the language to Chinese.

english: Specifies the language to English.

Usage guidelines

Only some fields in the fast logs of certain service modules can be output in Chinese. The following fields in the service module logs support fast output in Chinese:

· Session logs: Application and Category.

· Audit logs: Application.

· URL filtering logs: Application, URLCategory, and URLParentCategory.

· IPS logs: Application, AttackName, Category, and SubCategory.

· Anti-virus logs: Application.

For IPS logs, you can use the customlog language chinese or log language chinese command to specify the language for fast log output to Chinese.

For more information about the log language chinese command, see DPI engine commands in DPI Command Reference.

Examples

# Specify the language for fast log output to Chinese.

<Sysname> system-view

[Sysname] customlog language chinese

Related commands

log language chinese (DPI Command Reference)

customlog timestamp

Use customlog timestamp localtime to configure the timestamp of fast output logs to show the system time.

Use undo customlog timestamp localtime to restore the default.

Syntax

customlog timestamp localtime

undo customlog timestamp localtime

Default

The timestamp of fast output logs shows the Greenwich Mean Time (GMT).

Views

System view

Predefined user roles

network-admin

Examples

# Configure the timestamp of fast output logs to show the system time.

<Sysname> system-view

[Sysname] customlog timestamp localtime

customlog with-sn

Use customlog with-sn to configure the device to carry its serial number in fast output logs.

Use undo customlog with-sn to restore the default.

Syntax

customlog with-sn

undo customlog with-sn

Default

The device does not carry its serial number in fast output logs.

Views

System view

Predefined user roles

network-admin

Usage guidelines

This feature enables a device to add a serial number (SN) field to fast output log messages, helping users to identify the devices that sent the log messages.

This feature is not applicable to fast output logs in TELECOM, CMCC, and UNICOM formats.

Examples

# Configure the device to carry its serial number in fast output logs.

<Sysname> system-view

[Sysname] customlog with-sn

display customlog host v2 kernel

Use display customlog host v2 kernel to display running kernel information for the specified log host.

Syntax

display customlog host v2 kernel { hostname | ipv4-address | ipv6 ipv6-address } [ port port-number ]

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

hostname: Specifies a log host by its host name, a case-insensitive string of 1 to 253 characters. Valid characters are letters, digits, hyphens (-), underscores (_), and dots (.).

ipv4-address: Specifies a log host by its IPv4 address.

ipv6 ipv6-address: Specifies a log host by its IPv6 address.

Usage guidelines

After a log host is configured for fast log output, use this command to display kernel data information for the log host.

This command can display information about logs of a specified type sent from the specified chassis, card, or CPU to a specific log host.

If the command output contains fast log output information for a module and a log host, but the log host does not receive the specified logs, check if the module has generated logs and if network faults or restrictions exist between the device and the log host.

If the command output contains no fast log output configuration for a module or a log host, it might be because the fast log output for that module is not configured, or the configured log host name failed to be resolved to an IP address. In the latter case, use the ip host or ipv6 host command to specify an IP address for the host name.

Examples

# Display running kernel information for a log host.

<Sysname> display customlog host v2 kernel 1.1.1.1

Fast-output log host:

SrcIP: 10.153.230.143

DstIP: 1.1.1.1

Hostname:

Port: 514

VPN-instance:

Rate limit: Enabled

Output log format:

SSL VPN: Standard

Table 1 Command output

Field	Description
Fast-output log host	Parameters of the log host configured for fast log output.
SrcIP	Source IP address used by the device to send logs to the log host, which can be an IPv4 or IPv6 address.
DstIP	IP address of the log host, which can be an IPv4 or IPv6 address. A hyphen (-) indicates that the IP address of the log host was not resolved through the host name.
Hostname	Host name of the log host.
Port	Port number of the log host.
VPN-instance	VPN instance for the log host.
Rate limit	When the log host output interface is a management port, log output rate limiting is automatically enabled.
Log type and output format	Log type (module) and log output format. · SSL VPN: Logs of the SSL VPN module, output in standard format. · attack-defense: Logs of the attack detection and prevention module, output in standard format. · security-policy: Logs for security policy packet matching, which can be output in the following formats: ¡ Standard format. ¡ SGCC format. · security-policy-config: Logs for security policy configurations, output in SGCC format. · aft: AFT logs, which can be output in the following formats: ¡ Standard format. ¡ CMCC format. ¡ Unicom format. ¡ Telecom format. · nat: NAT logs, which can be output in the following formats: ¡ Standard format. ¡ CMCC format. ¡ Unicom format. ¡ Telecom format. ¡ TelecomNVI format. · scd: SCD logs, output in standard format. · Session: Session logs, output in standard format. · dpi audit: Logs of the application audit and management module, output in standard format. · dpi url-filter: URL filtering logs output in standard format. · dpi netshare: Logs of the NetShare control module, output in standard format. · dpi ips: IPS logs output in standard format. · dpi ips-sgcc: IPS logs output in SGCC format. · dpi reputation: Logs of the reputation module, output in standard format. · dpi waf: Logs of the WAF module, output in standard format. · dpi sandbox: Logs of the sandbox module, output in standard format. · dpi traffic-policy: Logs of the bandwidth management module, output in standard format. · dpi terminal: Logs of the terminal identification module, output in standard format. · dpi anti-virus: Logs of the anti-virus module, output in standard format. · dpi data-filter: Logs of the data filtering module, output in standard format. · dpi file-filter: Logs of the file filtering module, output in standard format. · dpi dga: Logs of the DGA detection module, output in standard format. · dpi iot-access-control: Logs of the IoT device access control module, output in standard format. · dpi iot-flow-control: Logs of the IoT device flow control module, output in standard format. · dpi iot-format-check: Logs of the IoT device format check module, output in standard format. · dpi iot-signal-control: Logs of the IoT device signaling control module, output in standard format. · loadbalance global-intelligent-dns: Logs of the LB global intelligent DNS module, output in standard format. · loadbalance transparent-dns-proxy: Logs of the LB DNS transparent proxy module, output in standard format. · load balance local-intelligent-dns: Logs of the LB local intelligent DNS module, output in standard format. · loadbalance outbound-link-lb: Logs of the outbound link load balancing module, output in standard format. · loadbalance server-lb: Logs of the LB server load balancing module, output in standard format. · trusted-access iam authentication: Logs of the trusted access IAM authentication module, output in standard format. · trusted-access iam notification: Logs of the trusted access IAM notification module, output in standard format. · keepalive: Logs of the keepalive module, output in SGCC format.

Related commands

customlog host v2

display customlog host v2 statistics

Use display customlog host v2 statistics to display statistics related to fast log output.

Syntax

display customlog host v2 [ send-failed ] statistics

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

send-failed: Displays statistics for logs that failed to be sent. If you do not specify this keyword, the command displays statistics for successfully sent logs.

Usage guidelines

Use this command to view the statistics of fast output logs sent from the device to the log host after the device has been sending logs to the log host for a period of time.

Examples

# Display fast log output statistics for logs successfully sent.

<Sysname> display customlog host v2 statistics

Fast-output log host IP/port(hostname)/VPN-instance: 1.1.1.1/514(logserver)/abc

Log sending rate : 0

Log statistics by log type:

sslvpn user-login : 0

sslvpn packet-drop : 0

sslvpn AllocAddress : 0

sslvpn resource-access : 0

attack-defense : 0

scd : 0

session : 0

nat-match : 0

nat444-sessionA : 0

nat444-sessionW : 0

nat444-portA : 0

nat444-portW : 0

nat444-portF : 0

aft-match : 0

aft-sessionA : 0

aft-sessionW : 0

aft-portA : 0

aft-portW : 0

aft-portF : 0

security-policy matches : 0

security-policy config : 0

dpi audit : 0

dpi url-filter : 0

dpi netshare : 0

dpi ips : 0

dpi ips-sgcc : 0

dpi reputation : 0

dpi waf : 0

dpi sandbox : 0

dpi traffic-policy : 0

dpi terminal : 0

dpi anti-virus : 0

dpi data-filter : 0

dpi file-filter : 0

dpi dga : 0

dpi iot-access-control : 0

dpi iot-flow-control : 0

dpi iot-format-check : 0

dpi iot-signal-control : 0

loadbalance server-lb : 0

loadbalance global-intelligent-dns : 0

loadbalance transparent-dns-proxy : 0

loadbalance local-intelligent-dns : 0

loadbalance outbound-link-lb : 0

trusted-access iam authentication : 0

trusted-access iam notification : 0

keepalive : 0

# Display fast log output statistics for logs that failed to be sent.

<Sysname> display customlog host v2 send-failed statistics

Fast-output log host IP/port(hostname)/VPN-instance: 1.1.1.1/514(logserver)/abc

Send-failed log statistics by log type:

sslvpn user-login : 0

sslvpn packet-drop : 0

sslvpn AllocAddress : 0

sslvpn resource-access : 0

attack-defense : 0

scd : 0

session : 0

nat-match : 0

nat444-sessionA : 0

nat444-sessionW : 0

nat444-portA : 0

nat444-portW : 0

nat444-portF : 0

aft-match : 0

aft-sessionA : 0

aft-sessionW : 0

aft-portA : 0

aft-portW : 0

aft-portF : 0

security-policy matches : 0

security-policy config : 0

dpi audit : 0

dpi url-filter : 0

dpi netshare : 0

dpi ips : 0

dpi ips-sgcc : 0

dpi reputation : 0

dpi waf : 0

dpi sandbox : 0

dpi traffic-policy : 0

dpi terminal : 0

dpi anti-virus : 0

dpi data-filter : 0

dpi file-filter : 0

dpi dga : 0

dpi iot-access-control : 0

dpi iot-flow-control : 0

dpi iot-format-check : 0

dpi iot-signal-control : 0

loadbalance server-lb : 0

loadbalance global-intelligent-dns : 0

loadbalance transparent-dns-proxy : 0

loadbalance local-intelligent-dns : 0

loadbalance outbound-link-lb : 0

trusted-access iam authentication : 0

trusted-access iam notification : 0

keepalive : 0

Table 2 Command output

Field	Description
Fast-output log host IP/port(hostname)/VPN-instance	IP address, port number (host name), and associated VPN instance of the log host for fast log output. The IP address can be either an IPv4 or IPv6 address. If the host name (domain name) for the log host is not configured, the host name will not be displayed. If no VPN instance is specified for the log host, the VPN instance will not be displayed.
Log sending rate	Log sending rate
Log statistics by log type	Statistics by log type for successfully sent fast logs: · sslvpn user-login—Number of fast logs sent for SSL VPN login and logout events. · sslvpn packet-drop—Number of fast logs sent for SSL VPN packet drops. · sslvpn AllocAddress—Number of fast logs sent for SSL VPN address requests. · sslvpn resource-access—Number of fast logs sent for SSL VPN resource access. · attack-defense: Number of fast logs sent for attack detection and prevention. · security-policy matches—Number of fast logs sent for security policy matches. · security-policy config—Number of fast logs sent for security policy configurations. · scd—Number of fast logs sent for SCD. · session—Number of fast logs sent for sessions. · nat_match—Number of fast logs sent for NAT in the standard format. · nat444_sessionA: Number of fast logs sent for new NAT444 sessions. · nat444_sessionW: Number of fast logs sent for deleted NAT444 sessions. · nat444_portA—Number of fast logs sent for NAT444 user port block allocations. · nat444_portW—Number of fast logs sent for NAT444 user port block withdrawals. · nat444_portF—Number of fast logs sent for NAT444 user port block alarms. · aft_match—Number of fast logs in standard format sent for AFT. · aft_sessionA—Number of fast logs sent for AFT new sessions. · aft_sessionW—Number of fast logs sent for AFT deleted sessions. · aft_portA—Number of fast logs sent for AFT user port block allocations. · aft_portW—Number of fast logs sent for AFT user port block withdrawals. · aft_portF—Number of fast logs sent for AFT user port block alarms. · adi audit—Number of fast logs sent for the application audit and management module. · dpi url-filter—Number of fast logs sent for the URL filtering module. · dpi netshare—Number of fast logs sent for the NetShare control module. · dpi ips—Number of fast logs sent for the IPS module. · dpi ips-sgcc—Number of fast logs in SGCC format sent for the IPS module. · dpi reputation—Number of fast logs sent for the reputation module. · dpi waf—Number of fast logs sent for the WAF module. · dpi sandbox—Number of fast logs sent for the sandbox module. · dpi traffic-policy—Number of fast logs sent for the bandwidth management module. · dpi terminal—Number of fast logs sent for the terminal identification module. · dpi anti-virus—Number of fast logs sent for the anti-virus module · dpi data-filter—Number of fast logs sent for the data filtering module. · dpi file-filter—Number of fast logs sent for the file filtering module. · dpi dga—Number of fast logs sent for the DGA detection module. · dpi iot-access-control: Number of fast logs sent for the IoT device access control module. · dpi iot-flow-control—Number of fast logs sent for IoT device flow control module. · dpi iot-format-check—Number of fast logs sent for the IoT device format check module. · dpi iot-signal-control—Number of fast logs sent for the IoT device signaling control module. · loadbalance server-lb—Number of fast logs sent for the server load balancing module. · loadbalance global-intelligent-dns—Number of fast logs sent for the global intelligent DNS module. · loadbalance transparent-dns-proxy—Number of fast logs sent for the DNS transparent proxy module. · loadbalance local-intelligent-dns—Number of fast logs sent for the local intelligent DNS module. · loadbalance outbound-link-lb—Number of fast logs sent for the outbound link load balancing module. · trusted-access iam authentication—Number of fast logs sent for IAM authentication. · trusted-access iam notification—Number of fast logs sent for IAM notifications · keepalive—Number of fast logs sent for the keepalive module.
Send-failed log statistics by log type	Statistics by log type for fast logs that failed to be sent: · sslvpn user-login—Number of fast logs that failed to be sent for SSL VPN login and logout events. · sslvpn packet-drop—Number of fast logs that failed to be sent for SSL VPN packet drops. · sslvpn AllocAddress—Number of fast logs that failed to be sent for SSL VPN address requests. · sslvpn resource-access—Number of fast logs that failed to be sent for SSL VPN resource access. · attack-defense: Number of fast logs that failed to be sent for attack detection and prevention. · security-policy matches—Number of fast logs that failed to be sent for security policy matches. · security-policy-config—Number of fast logs that that failed to be sent for security policy configurations. · scd—Number of SCD fast logs that failed to be sent. · session—Number of session fast logs that failed to be sent. · nat_match—Number of fast logs that failed to be sent for NAT in the standard format. · nat444_sessionA—Number of fast logs that failed to be sent for NAT444 new sessions. · nat444_sessionW—Number of fast logs that failed to be sent for NAT444 deleted sessions. · nat444_portA—Number of fast logs that failed to be sent for NAT444 user port block allocations. · nat444_portW—Number of fast logs that failed to be sent for NAT444 user port block withdrawals. · nat444_portF—Number of fast logs that failed to be sent for NAT444 user port block alarms. · aft_match—Number of fast logs in standard format that failed to be sent for AFT. · aft_sessionA—Number of fast logs that failed to be sent for AFT new sessions. · aft_sessionw—Number of fast logs that failed to be sent for AFT deleted sessions. · aft_portA—Number of fast logs that failed to be sent for AFT user port block allocations. · aft_portW—Number of fast logs that failed to be sent for AFT user port block withdrawals. · aft_portF—Number of fast logs that failed to be sent for AFT user port block alarms. · dpi audit—Number of fast logs that failed to be sent for the application audit and management module. · dpi url-filter—Number of fast logs that failed to be sent for the URL filtering module. · dpi netshare—Number of fast logs that failed to be sent for the NetShare control module. · dpi ips—Number of fast logs that failed to be sent for the IPS module. · dpi ips-sgcc—Number of fast logs in SGCC format that failed to be sent for the IPS module. · dpi reputation—Number of fast logs that failed to be sent for the reputation module. · dpi waf—Number of fast logs that failed to be sent for the WAF module. · dpi sandbox—Number of fast logs that failed to be sent for the sandbox module. · dpi traffic-policy—Number of fast logs that failed to be sent for the bandwidth management module. · dpi terminal—Number of fast logs that failed to be sent for the terminal identification module. · dpi anti-virus—Number of fast logs that failed to be sent for the anti-virus module. · dpi data-filter—Number of fast logs that failed to be sent for the data filtering module. · dpi file-filter—Number of fast logs that failed to be sent for the file filtering module. · dpi dga—Number of fast logs that failed to be sent for the DGA detection module. · dpi iot-access-control: Number of fast logs that failed to be sent for the IoT device access control module. · dpi iot-flow-control—Number of fast logs that failed to be sent for IoT device flow control module. · dpi iot-format-check—Number of fast logs that failed to be sent for the IoT device format check module. · dpi iot-signal-control—Number of fast logs that failed to be sent for the IoT device signaling control module. · loadbalance server-lb—Number of fast logs that failed to be sent for the server load balancing module. · loadbalance global-intelligent-dns—Number of fast logs that failed to be sent for the global intelligent DNS module. · loadbalance transparent-dns-proxy—Number of fast logs that failed to be sent for the DNS transparent proxy module. · loadbalance local-intelligent-dns—Number of fast logs that failed to be sent for the local intelligent DNS module. · loadbalance outbound-link-lb—Number of fast logs that failed to be sent for the outbound link load balancing module. · trusted-access iam authentication—Number of fast logs that failed to be sent for the trusted access IAM authentication module. · trusted-access iam notification—Number of fast logs that failed to be sent for the trusted access IAM notification module. · keepalive—Number of fast logs that failed to be sent for the keepalive module.

Related commands

customlog host v2

facility

Use facility to configure a logging facility for a log host.

Use undo facility to restore the default.

Syntax

facility local-number

undo facility local-number

Default

No logging facility is configured for a log host.

Views

Log host view

Predefined user roles

network-admin

Parameters

local-number: Specifies a logging facility value in the range of local0 to local7.

Usage guidelines

A logging facility is primarily used for marking different log sources on a log host, and for searching and filtering logs from corresponding log sources.

The configured facility takes effect only on the logs output in standard format from each service module as well as the NAT logs output in a carrier-customized format.

If you do not configure a facility for a log host, the value for the Facility field in the log headers output by each service module is used as the logging facility. For the NAT module, logs output in CMCC and UNICOM formats will have a facility value of Local1, while logs output in TELECOM format will have a facility value of Local0.

Examples

# Configure the log host with IP address 1.1.1.1 and port number 1000 to use logging facility value local7.

<Sysname> system-view

[Sysname] customlog host v2 1.1.1.1 port 1000

[Sysname-customhost-host-v2-1.1.1.1/1000] facility local7

kafka-server

Use kafka-server to create a Kafka server and enter its view, or enter the view of an existing Kafka server.

Use undo kafka-server to delete a Kafka server.

Syntax

kafka-server server-name

undo kafka-server server-name

Default

No Kafka server exists.

Views

System view

Predefined user roles

network-admin

Parameters

server-name: Specifies a name for the Kafka server, a case-sensitive string of 1 to 15 characters. The hostname can contain letters, numbers, and underscores (_).

Usage guidelines

A Kafka server is a server for receiving fast logs in Kafka format. When you have deployed a Kafka log server in the network, you can create a Kafka server on the device to send fast logs in Kafka format to the Kafka log server.

Examples

# Create a Kafka server named ABC.

<Sysname> system-view

[Sysname] kafka-server ABC

[Sysname- kafka-server-ABC]

Related commands

customlog kafka-server

module anti-virus

Use module anti-virus to enable fast log output from the anti-virus module to the log host.

Use undo module anti-virus to disable fast log output from the anti-virus module to the log host.

Syntax

module anti-virus

undo module anti-virus

Default

Fast log output from the anti-virus module to the log host is disabled.

Views

Log host view

Predefined user roles

network-admin

Examples

# Enable fast log output from the anti-virus module to the log host at IP address 1.1.1.1 on port 1000.

<Sysname> system-view

[Sysname] customlog host v2 1.1.1.1 port 1000

[Sysname-customhost-host-v2-1.1.1.1/1000] module anti-virus

module attack-defense

Use module attack-defense to enable fast log output from the attack detection and prevention module to the log host.

Use undo module attack-defense to disable fast log output from the attack detection and prevention module to the log host.

Syntax

module attack-defense

undo module attack-defense

Default

Fast log output from the attack detection and prevention module to the log host is disabled.

Views

Log host view

Predefined user roles

network-admin

Examples

# Enable fast log output from the attack detection and prevention module to the log host at IP address 1.1.1.1 on port 1000.

<Sysname> system-view

[Sysname] customlog host v2 1.1.1.1 port 1000

[Sysname-customhost-host-v2-1.1.1.1/1000] module attack-defense

module audit

Use module audit to enable fast log output from the application audit and management module to the log host.

Use undo module audit to disable fast log output from the application audit and management module to the log host.

Syntax

module audit

undo module audit

Default

Fast log output from the application audit and management module to the log host is disabled.

Views

Log host view

Predefined user roles

network-admin

Examples

# Enable fast log output from the application audit and management module to the log host at IP address 1.1.1.1 on port 1000.

<Sysname> system-view

[Sysname] customlog host v2 1.1.1.1 port 1000

[Sysname-customhost-host-v2-1.1.1.1/1000] module audit

module data-filter

Use module data-filter to enable fast log output from the data filtering module to the log host.

Use undo module data-filter to disable fast log output from the data filtering module to the log host.

Syntax

module data-filter

undo module data-filter

Default

Fast log output from the data filtering module to the log host is disabled.

Views

Log host view

Predefined user roles

network-admin

Examples

# Enable fast log output from the data filtering module to the log host at IP address 1.1.1.1 on port 1000.

<Sysname> system-view

[Sysname] customlog host v2 1.1.1.1 port 1000

[Sysname-customhost-host-v2-1.1.1.1/1000] module data-filter

module file-filter

Use module file-filter to enable fast log output from the file filtering module to the log host.

Use undo module file-filter to disable fast log output from the file filtering module to the log host.

Syntax

module file-filter

undo module file-filter

Default

Fast log output from the file filtering module to the log host is disabled.

Views

Log host view

Predefined user roles

network-admin

Usage guidelines

You can only configure only one type of fast log at a time. Multiple types will be displayed on multiple lines.

Examples

# Enable fast log output from the file filtering module to the log host at IP address 1.1.1.1 on port 1000.

<Sysname> system-view

[Sysname] customlog host v2 1.1.1.1 port 1000

[Sysname-customhost-host-v2-1.1.1.1/1000] module file-filter

module ips

Use module ips to enable fast log output from the IPS module to the log host.

Use undo module ips to disable fast log output from the IPS module to the log host.

Syntax

module ips [ sgcc { policy-hit | signature-update } ]

undo module ips [ sgcc { policy-hit | signature-update } ]

Default

Fast log output from the IPS module to the log host is disabled.

Views

Log host view

Predefined user roles

network-admin

Parameters

sgcc { policy-hit | signature-update }: Specifies the SGCC format for the specified type of IPS logs. If you do not specify the sgcc keyword, the standard format is used for fast output of the IPS policy hit logs.

· policy-hit: Specifies the IPS policy hit logs.

· signature-update: Specifies the IPS signature update logs.

Examples

# Enable fast log output from the IPS module to the log host at IP address 1.1.1.1 on port 1000.

<Sysname> system-view

[Sysname] customlog host v2 1.1.1.1 port 1000

[Sysname-customhost-host-v2-1.1.1.1/1000] module ips

module keepalive

Use module keepalive to enable fast log output from the keepalive module to the log host.

Use undo module keepalive to disable fast log output from the keepalive module to the log host.

Syntax

module keepalive sgcc

undo module keepalive

Default

Fast log output from the keepalive module to the log host is disabled.

Views

Log host view

Predefined user roles

network-admin

Parameters

sgcc: Outputs logs from the keepalive module in SGCC format.

Examples

# Enable fast log output from the IPS module to the log host at IP address 1.1.1.1 on port 1000.

<Sysname> system-view

[Sysname] customlog host v2 1.1.1.1 port 1000

[Sysname-customhost-host-v2-1.1.1.1/1000] module sslvpn

module loadbalance

Use module loadbalance to enable fast log output from LB modules to the log host.

Use undo module loadbalance to disable fast log output from LB modules to the log host.

Syntax

module loadbalance [ global-intelligent-dns | local-intelligent-dns | outbound-link-lb | server-lb | transparent-dns-proxy ] *

undo module loadbalance [ global-intelligent-dns | local-intelligent-dns | outbound-link-lb | server-lb | transparent-dns-proxy ] *

Default

Fast log output from LB modules to the log host is disabled.

Views

Log host view

Predefined user roles

network-admin

Parameters

global-intelligent-dns: Specifies the LB global intelligent DNS module.

local-intelligent-dns: Specifies the LB local intelligent DNS module.

outbound-link-lb: Specifies the outbound link load balancing module.

server-lb: Specifies the server load balancing module.

transparent-dns-proxy: Specifies the LB DNS transparent proxy module.

Usage guidelines

If you do not specify a load balancing module, the device can send logs from all load balancing-related modules to the log host.

Examples

# Enable fast log output from all LB modules to the log host at IP address 1.1.1.1 on port 1000.

<Sysname> system-view

[Sysname] customlog host v2 1.1.1.1 port 1000

[Sysname-customhost-host-v2-1.1.1.1/1000] module loadbalance

module nat

Use module nat to enable fast log output from the NAT module to the log host.

Use undo module nat to disable fast log output from the NAT module to the log host.

Syntax

module nat [ cmcc | telecom | telecom-vni | unicom ]

undo module nat

Default

Fast log output for the NAT module is disabled.

Views

Log host view

Predefined user roles

network-admin

Parameters

cmcc: Outputs logs from the NAT module in CMCC format.

unicom: Outputs logs from the NAT module in UNICOM format.

telecom: Outputs logs of the NAT module in TELECOM format.

telecom-vni: Outputs logs of the NAT module in TELECOM format with VNI (VXLAN ID).

Usage guidelines

If you do not specify any parameters, the device will output logs from the NAT module in standard format.

Examples

# Enable fast log output in CMCC format from the NAT module to the log host at IP address 1.1.1.1 on port 1000.

<Sysname> system-view

[Sysname] customlog host v2 1.1.1.1 port 1000

[Sysname-customhost-host-v2-1.1.1.1/1000] module nat cmcc

module security-policy

Use module security-policy to enable fast log output of security policy packet matching logs to the log host.

Use undo module security-policy to disable fast log output of security policy packet matching logs to the log host.

Syntax

module security-policy [ sgcc ]

undo module security-policy

Default

Fast log output of security policy packet matching logs to the log host is disabled.

Views

Log host view

Predefined user roles

network-admin

Parameters

sgcc: Outputs fast logs in SGCC format for security policy packet matching. If you do not specify this keyword, the output uses the standard format.

Examples

# Enable fast log output of security policy packet matching logs to the log host at IP address 1.1.1.1 on port 1000.

<Sysname> system-view

[Sysname] customlog host v2 1.1.1.1 port 1000

[Sysname-customhost-host-v2-1.1.1.1/1000] module security-policy

module security-policy-config

Use module security-policy-config to enable fast log output of security policy configuration logs to the log host.

Use undo module security-policy-config to disable fast log output of security policy configuration logs to the log host.

Syntax

module security-policy-config sgcc

undo module security-policy-config

Default

Fast log output of security policy configuration logs to the log host is disabled.

Views

Log host view

Predefined user roles

network-admin

Parameters

sgcc: Outputs fast logs in SGCC format for security policy configurations.

Examples

# Enable fast log output of security policy configuration logs in SGCC format to the log host at IP address 1.1.1.1 on port 1000.

<Sysname> system-view

[Sysname] customlog host v2 1.1.1.1 port 1000

[Sysname-customhost-host-v2-1.1.1.1/1000] module security-policy-config sgcc

module session

Use module session to enable fast log output from the session management module to the log host.

Use undo module session to disable fast log output from the session management module to the log host.

Syntax

module session

undo module session

Default

Fast log output from the session management module to the log host is disabled.

Views

Log host view

Predefined user roles

network-admin

Parameters

session: Sends logs from the session management module to the log host.

Examples

# Enable fast log output from the session management module to the log host at IP address 1.1.1.1 on port 1000.

<Sysname> system-view

[Sysname] customlog host v2 1.1.1.1 port 1000

[Sysname-customhost-host-v2-1.1.1.1/1000] module session

module sslvpn

Use module sslvpn to enable fast log output from the SSL VPN module to the log host.

Use undo module sslvpn to disable fast log output from the SSL VPN module to the log host.

Syntax

module sslvpn

undo module sslvpn

Default

Fast log output from the SSL VPN module to the log host is disabled.

Views

Log host view

Predefined user roles

network-admin

Examples

# Enable fast log output from the SSL VPN module to the log host at IP address 1.1.1.1 on port 1000.

<Sysname> system-view

[Sysname] customlog host v2 1.1.1.1 port 1000

[Sysname-customhost-host-v2-1.1.1.1/1000] module sslvpn

module traffic-policy

Use module traffic-policy to enable fast log output from the bandwidth management module to the log host.

Use undo module traffic-policy to disable fast log output from the bandwidth management module to the log host.

Syntax

module traffic-policy

undo module traffic-policy

Default

Fast log output from the bandwidth management module to the log host is disabled.

Views

Log host view

Predefined user roles

network-admin

Examples

# Enable fast log output from bandwidth management module to the log host at IP address 1.1.1.1 on port 1000.

<Sysname> system-view

[Sysname] customlog host v2 1.1.1.1 port 1000

[Sysname-customhost-host-v2-1.1.1.1/1000] module traffic-policy

module url-filter

Use module url-filter to enable fast log output from the URL filtering module to the log host.

Use undo module url-filter to disable fast log output from the URL filtering module to the log host.

Syntax

module url-filter [ unicom ]

undo module url-filter [ unicom ]

Default

Fast log output from the URL filtering module to the log host is disabled.

Views

Log host view

Predefined user roles

network-admin

Parameters

unicom: Outputs logs from the URL filtering module in UNICOM format.

Examples

# Enable fast log output in UNICOM format from the URL filtering module to the log host at IP address 1.1.1.1 on port 1000.

<Sysname> system-view

[Sysname] customlog host v2 1.1.1.1 port 1000

[Sysname-customhost-host-v2-1.1.1.1/1000] module url-filter unicom

reset customlog host v2 statistics

Use reset customlog host v2 statistics to clear statistics related to fast log output.

Syntax

reset customlog host v2 statistics

Views

User view

Predefined user roles

network-admin

Parameters

Examples

# Clear the statistics for fast log output.

<Sysname> reset customlog host v2 statistics

Fast log output commands (v1)

broker

Use broker to specify a Kafka broker.

Use undo broker to restore the default.

Syntax

broker { hostname | ipv4-address | ipv6 ipv6-address } [ port port-number]

undo broker { hostname | ipv4-address | ipv6 ipv6-address }

Default

No Kafka broker is specified.

Views

Kafka server view

Predefined user roles

network-admin

Parameters

hostname: Specifies a hostname for the Kafka broker, a case-insensitive string of 1 to 253 characters. The hostname can contain letters, numbers, hyphens (-), underscores (_), and dots (.).

ipv4-address: Specifies an IP address for the Kafka broker.

ipv6 ipv6-address: Specifies an IPv6 address for the Kafka broker.

Usage guidelines

Examples

# Specify a Kafka broker with IP address 1.1.1.1 and port number 9092 in Kafka server ABC.

<Sysname> system-view

[Sysname] kafka-server ABC

[Sysname- kafka-server-ABC] broker 1.1.1.1 port 9092

Related commands

kafka-server

customlog character-encoding utf-8

Use customlog character-encoding utf-8 to configure fast log output to use the UTF-8 encoding.

Use undo customlog character-encoding to restore the default.

Syntax

customlog character-encoding utf-8

undo customlog character-encoding

Default

Fast log output uses the GB18030 encoding.

Views

System view

Predefined user roles

network-admin

Usage guidelines

Examples

# Configure fast log output to use the UTF-8 encoding.

<Sysname> system-view

[Sysname] customlog character-encoding utf-8

customlog format

Use customlog format to enable fast log output.

Use undo customlog format to restore the default.

Syntax

customlog format { attack-defense | cntm | dns | dpi [ anti-virus | audit | data-filter | file-filter | ips [ sgcc { policy-hit | signature-update } | cmcc-kafka ] | traffic-policy | url-filter [ unicom ] ] | keepalive sgcc | lb [ dns-proxy | gslb | inbound | outbound | slb ] | nat { cmcc | telecom | unicom } | packet-filter [ sgcc ] | security-policy sgcc | session | wlan }

undo customlog format { attack-defense | cntm | dns | dpi [ anti-virus | audit | data-filter | file-filter | ips | traffic-policy | url-filter [ unicom ] ] * | keepalive | lb [ dns-proxy | gslb | inbound | outbound |slb ] * | nat | packet-filter | security-policy | session | wlan } *

Default

Fast log output is disabled.

Views

System view

Predefined user roles

network-admin

Parameters

attack-defense: Enables fast log output for the attack defense module.

dns: Enables fast log output for the DNS module.

dpi: Enables fast log output for a DPI-related module. If you do not specify a DIP module keyword, this command enables fast log output for all the DPI-related modules.

anti-virus: Specifies the anti-virus module.

audit: Specifies the application audit and management module.

cntm: Specifies the content moderation module.

data-filter: Specifies the data filtering module.

file-filter: Specifies the file filtering module.

ips: Specifies the IPS module.

sgcc: Specifies the SGCC format for the specified type of IPS logs. If you do not specify this keyword, the standard format is used for fast output of the IPS logs.

policy-hit: Specifies the IPS policy hit logs.

signature-update: Specifies the IPS signature update logs.

cmcc-kafka: Specifies the CMCC-Kafka format for the IPS policy hit logs. If you configure this keyword, you must also configure fast output of logs to Kafka servers. For more information about this feature, see the configuration guide.

traffic-policy: Specifies the bandwidth management module.

url-filter: Specifies the URL filtering module.

unicom: Specifies the UNICOM format for fast output URL filtering logs. If you do not specify this keyword, the standard format is used to output the logs.

keepalive: Enables fast log output of keepalive logs. After this keyword is specified, the device sends keepalive logs to the log host periodically. If the log host cannot receive the keepalive logs in a specific period of time, the log host determines that the device is down.

lb: Enables fast log output for a load balancing module. If you do not specify a load balancing module, this command enables fast log output for all load balancing-related modules.

· dns-proxy: Specifies the transparent DNS proxy module.

· gslb: Specifies the global server load balancing module.

· inbound: Specifies the inbound link load balancing module.

· outbound: Specifies the outbound link load balancing module.

· slb: Specifies the server load balancing module.

nat: Enables fast log output in a specific format for the NAT module.

· cmcc: Specifies the CMCC format.

· telecom: Specifies the TELECOM format.

· unicom: Specifies the UNICOM format.

packet-filter: Enables fast output of packet matching logs for the packet filter, object policy, and security policy modules.

security-policy: Enables fast log output of security policy configuration logs for the security policy module.

session: Enables fast log output for the session management module.

sgcc: Specifies the SGCC format for the specified type of logs. If you do not specify this keyword, the standard format is used for fast output of the logs.

wlan: Enables fast log output for the WLAN module.

Usage guidelines

Application scenarios

The fast log output feature enables fast output of logs to log hosts.

Typically, logs generated by a service module are first sent to the information center, which then outputs the logs to the specified destination (such as to log hosts). When fast log output is configured, logs of service modules are sent directly to log hosts instead of to the information center. Compared to outputting logs to the information center, fast log output saves system resources.

Restrictions and guidelines

This command provides a set of parameters for all service modules. However, whether the configured parameters can take effect on a specific service module depends on whether the device supports that service module. For example, if the device does not support NAT, the device will not generate NAT-related fast logs, even if NAT fast log output parameters have been configured in the commands.

Fast log output, flow log, and information center are exclusive from one another. When the customlog format command is configured, the specified service module uses only the fast log output method. For more information about flow log, see "Configuring flow log." For more information about the information center, see System Management Configuration Guide.

You cannot specify both the standard format and SGCC format for IPS logs. If you configure both formats, the last specified format takes effect. However, you can configure either of the two formats and the CMCC-Kafka format for IPS logs.

To output logs of the NAT module to a log host, you must specify the log format required by the log host in the customlog format and customlog host commands. Logs of other modules can be output only in one format. You do not need to specify the format for these logs.

You can configure the device to carry VNI information in NAT logs only if you specify the TELECOM format. NAT logs that carry the VNI field use a new format different from the TELECOM format.

For more information about a service module, see the service module configuration in the related configuration guide.

Examples

# Enable fast log output for the session management module.

<Sysname> system

[Sysname] customlog format session

customlog host

Use customlog host to configure fast log output parameters.

Use undo customlog host to remove the fast log output configuration.

Syntax

customlog host { hostname | ipv4-address | ipv6 ipv6-address } [ port port-number ] [ facility local-number ] export { attack-defense | cmcc-sessionlog | cmcc-userlog | cntm | dns | dpi [ anti-virus | audit | data-filter | file-filter| ips | traffic-policy | url-filter ] * | | keepalive | lb [ dns-proxy | gslb | inbound | outbound | slb ] * | packet-filter | security-policy | session | telecom-sessionlog | telecom-userlog | unicom-sessionlog | unicom-userlog } *

undo customlog host { hostname | ipv4-address | ipv6 ipv6-address } [ port port-number ]

Default

Fast log output parameters are not configured.

Views

System view

Predefined user roles

network-admin

Parameters

hostname: Specifies a log host by its name, a case-insensitive string of 1 to 253 characters. The host name can contain letters, digits, hyphens (-), underscores (_), and dots (.).

ipv4-address: Specifies a log host by its IPv4 address.

ipv6 ipv6-address: Specifies a log host by its IPv6 address.

port port-number: Specifies the port number of the log host. The value range is 1 to 65535, and the default is 514. The setting must be the same as the port number configured on the log host. Otherwise, the log host cannot receive logs.

facility local-number: Specifies a logging facility value in the range of local0 to local7. A logging facility is primarily used for marking different log sources on a log host, and for searching and filtering logs from corresponding log sources. If you do not configure a facility for a log host, the value for the Facility field in the log headers output by each service module is used as the logging facility. For the AFT and NAT modules, logs output in CMCC and UNICOM formats will have a facility value of Local1, while logs output in TELECOM format will have a facility value of Local0.

export: Specifies a source module for fast log output.

attack-defense: Outputs logs of the attack defense module to the log host.

cmcc-sessionlog: Outputs NAT session logs in CMCC format to the log host.

cmcc-userlog: Outputs NAT444 user logs in CMCC format to the log host.

dns: Outputs logs of the DNS module to the log host.

dpi: Outputs logs of a DPI-related module to the log host. If you specify the dpi keyword without a DPI module keyword, this command outputs logs of all the DPI-related modules to the log host.

anti-virus: Specifies the anti-virus module.

audit: Specifies the application audit and management module.

cntm: Specifies the content moderation module.

data-filter: Specifies the data filtering module.

file-filter: Specifies the file filtering module.

ips: Specifies the IPS module.

traffic-policy: Specifies the bandwidth management module.

url-filter: Specifies the URL filtering module.

keepalive: Outputs keepalive logs to the log host.

lb: Outputs logs of a load balancing module to the log host. If you do not specify a load balancing module, this command outputs logs of all load balancing modules to the log host.

· dns-proxy: Specifies the transparent DNS proxy module.

· gslb: Specifies the global load balancing module.

· inbound: Specifies the inbound link load balancing module.

· outbound: Specifies the outbound link load balancing module.

· slb: Specifies the server load balancing module.

packet-filter: Outputs packet matching logs of the packet filter, object policy, and security policy modules to the log host.

security-policy: Outputs security policy configuration logs of the security policy module to the log host.

session: Outputs logs of the session management module to the log host.

telecom-sessionlog: Outputs NAT session logs in TELECOM format to the log host.

telecom-userlog: Outputs NAT444 user logs in TELECOM format to the log host.

unicom-sessionlog: Outputs NAT session logs in UNICOM format to the log host.

unicom-userlog: Outputs NAT444 user logs in UNICOM format to the log host.

Usage guidelines

The customlog host command takes effect only after the customlog format command is configured.

To output NAT logs to a log host, you must specify the log format required by the log host in the customlog format and customlog host commands.

You can specify a maximum of eight log hosts for fast log output.

The log host resources on the device are shared by the customlog host v2 command and the customlog host command. If the customlog host v2 command has already specified eight log hosts, you cannot use the customlog host command to specify additional log hosts, and vice versa.

The facility local-number option takes effect only on the logs output in standard format from each service module as well as the AFT and NAT logs output in a carrier-customized format.

For more information about a service module, see the service module configuration in the related configuration guide.

Examples

# Output logs of the session management module to the log host at 1.1.1.1.

<Sysname> system-view

[Sysname] customlog host 1.1.1.1 port 1000 export session

customlog host source

Use customlog host source to specify a source IP address for fast log output.

Use undo customlog host source to restore the default.

Syntax

customlog host source interface-type interface-number

undo customlog host source

Default

The source IP address of fast output logs is the primary IP address of the outgoing interface.

Views

System view

Predefined user roles

network-admin

Parameters

interface-type interface-number: Specifies a source interface by its type and number. The interface's primary IP address will be used as the source IP address of fast output logs.

Usage guidelines

Configure this command when you need to filter logs according to their source IP addresses on the log host.

The customlog host source command takes effect only after the customlog format and customlog host commands are configured.

Examples

# Use the IP address of Loopback 0 as the source IP address of fast output logs.

<Sysname> system-view

[Sysname] interface loopback 0

[Sysname-LoopBack0] ip address 2.2.2.2 32

[Sysname-LoopBack0] quit

[Sysname] customlog host source loopback 0

customlog kafka-server

Use customlog kafka-server to enable output of fast logs to a Kafka server.

Use undo customlog kafka-server to disable output of fast logs to a Kafka server.

Syntax

customlog kafka-server server-name topic topic-name export dpi ips

undo customlog kafka-server server-name topic topic-name export

Default

Output of fast logs to a Kafka server is disabled.

Views

System view

Predefined user roles

network-admin

Parameters

server-name: Specifies a name for the Kafka server, a case-sensitive string of 1 to 15 characters. Valid characters are letters, digits, and underscores (_).

topic topic-name: Specifies a topic for the logs output to the Kafka server, a case-sensitive string of 1 to 249 characters. The topic can contain letters, numbers, hyphens (-), and underscores (_).

export: Specifies the type of logs to be output to the Kafka server.

dpi: Specifies the DPI module.

ips: Specifies the IPS module.

Usage guidelines

This command takes effect only when you have enabled fast log output for the corresponding modules using the customlog format command.

Examples

# Enable fast output of IPS logs to Kafka server ABC.

<Sysname> system-view

[Sysname] customlog kafka-server ABC topic TP1 export dpi ips

Related commands

kafka-server

customlog language

Use customlog language to specify a language for fast log output.

Use undo customlog language to restore the default.

Syntax

customlog language { chinese | english }

undo customlog language

Default

Fast logs are output in English.

Views

System view

Predefined user roles

network-admin

Parameters

chinese: Specifies the language to Chinese.

english: Specifies the language to English.

Usage guidelines

Only some fields in the fast logs of certain service modules can be output in Chinese. The following fields in the service module logs support fast output in Chinese:

· Session logs: Application and Category.

· Audit logs: Application.

· URL filtering logs: Application, URLCategory, and URLParentCategory.

· IPS logs: Application, AttackName, Category, and SubCategory.

· Anti-virus logs: Application.

For IPS logs, you can use the customlog language chinese or log language chinese command to specify the language for fast log output to Chinese.

For more information about the log language chinese command, see DPI engine commands in DPI Command Reference.

Examples

# Specify the language for fast log output to Chinese.

<Sysname> system-view

[Sysname] customlog language chinese

Related commands

log language chinese (DPI Command Reference)

customlog timestamp

Use customlog timestamp localtime to configure the timestamp of fast output logs to show the system time.

Use undo customlog timestamp localtime to restore the default.

Syntax

customlog timestamp localtime

undo customlog timestamp localtime

Default

The timestamp of fast output logs shows the Greenwich Mean Time (GMT).

Views

System view

Predefined user roles

network-admin

Examples

# Configure the timestamp of fast output logs to show the system time.

<Sysname> system-view

[Sysname] customlog timestamp localtime

customlog with-sn

Use customlog with-sn to configure the device to carry its serial number in fast output logs.

Use undo customlog with-sn to restore the default.

Syntax

customlog with-sn

undo customlog with-sn

Default

The device does not carry its serial number in fast output logs.

Views

System view

Predefined user roles

network-admin

Usage guidelines

This feature enables a device to add a serial number (SN) field to fast output log messages, helping users to identify the devices that sent the log messages.

This feature is not applicable to fast output logs in TELECOM, CMCC, and UNICOM formats.

Examples

# Configure the device to carry its serial number in fast output logs.

<Sysname> system-view

[Sysname] customlog with-sn

kafka-server

Use kafka-server to create a Kafka server and enter its view, or enter the view of an existing Kafka server.

Use undo kafka-server to delete a Kafka server.

Syntax

kafka-server server-name

undo kafka-server server-name

Default

No Kafka server exists.

Views

System view

Predefined user roles

network-admin

Parameters

server-name: Specifies a name for the Kafka server, a case-sensitive string of 1 to 15 characters. The hostname can contain letters, numbers, and underscores (_).

Usage guidelines

Examples

# Create a Kafka server named ABC.

<Sysname> system-view

[Sysname] kafka-server ABC

[Sysname- kafka-server-ABC]

Related commands

customlog kafka-server

20-Network Management and Monitoring Command Reference

Fast log output commands

customlog with-sn

kafka-server

customlog format

Application scenarios

Restrictions and guidelines

Intelligent Terminal Products

Product Support Services

Technical Service Solutions

Resource Center

Policy

Online Help

Become a Partner

Partner Policy & Program

Global Learning

Partner Sales Resources

Service Business

News & Events

Contact Us