Hardware platform	Module type	Data analysis center compatibility
M9006 M9010 M9014	Blade IV firewall module	Yes
	Blade V firewall module	Yes
	NAT module	No
M9010-GM	Encryption module	Yes
M9016-V	Blade V firewall module	Yes
M9008-S M9012-S	Blade IV firewall module	Yes
	Intrusion prevention service (IPS) module	Yes
	Video network gateway module	Yes
M9008-S-V	Blade IV firewall module	Yes
M9000-AI-E4 M9000-AI-E8 M9000-AI-E16	Blade V firewall module	Yes
M9000-AK001	Blade V firewall module	Yes
M9000-X06 M9000-X06-B M9000-X06-B-G M9000-X06-G M9000-X10	Blade VI firewall module	Yes
M9000-AI-X06 M9000-AI-X10	Blade VI firewall module	Yes

‌

dac email-server client-authentication enable

Use dac email-server client-authentication enable to enable email client authentication.

Use undo dac email-server client-authentication enable to disable email client authentication.

Syntax

dac email-server client-authentication enable

undo dac email-server client-authentication enable

Default

Email client authentication is disabled.

Views

System view

Predefined user roles

network-admin

context-admin

Usage guidelines

Enable email client authentication on the device if the email server (specified by the dac email-server server-address command) requires client identity authentication.

For successful email client authentication, you must configure the correct username and password for connecting to the email server.

Examples

# Enable email client authentication.

<Sysname> system-view

[Sysname] dac email-server client-authentication enable

Related commands

dac email-server server-address

dac email-server username

dac email-server password

Use dac email-server password to set the password for connecting to the email server.

Use unto dac email-server password to restore the default.

Syntax

dac email-server password { cipher | simple } string

undo dac email-server password

Default

The password for connecting to the email server is not specified.

Views

System view

Predefined user roles

network-admin

context-admin

Parameters

cipher: Specifies a password in encrypted form.

simple: Specifies a password in plaintext form. For security purposes, the password specified in plaintext form will be stored in encrypted form.

string: Specifies the password. Its plaintext form is a case-sensitive string of 1 to 63 characters. Its encrypted form is a case-sensitive string of 1 to 117 characters.

Usage guidelines

Both the username and password for connecting to the email server are required if email client authentication is enabled.

If you configure this command multiple times, the most recent configuration takes effect.

Examples

# Specify abc123 as the password for connecting to the email server.

<Sysname> system-view

[Sysname] dac email-server password simple abc123

Related commands

dac email-server client-authentication enable

dac email-server username

dac email-server secure-authentication enable

Use dac email-server secure-authentication enable to enable secure transmission of authentication credentials.

Use undo dac email-server secure-authentication enable to disable secure transmission of authentication credentials.

Syntax

dac email-server secure-authentication enable

undo dac email-server secure-authentication enable

Default

Secure transmission of authentication credentials is disabled.

Views

System view

Predefined user roles

network-admin

context-admin

Usage guidelines

This command enables the device to transmit email client authentication credentials to the email server over a secure channel.

This command takes effect only after email client authentication is enabled.

Examples

# Enable secure transmission of authentication credentials.

<Sysname> system-view

[Sysname] dac email-server secure-authentication enable

Related commands

dac email-server client-authentication enable

dac email-server sender

Use dac email-server sender to specify the email sender address.

Use undo dac email-server sender to restore the default.

Syntax

dac email-server sender address-string

undo dac email-server sender

Default

The email sender address is not specified.

Views

System view

Predefined user roles

network-admin

context-admin

Parameters

address-string: Specifies the email sender address, as case-sensitive string of 3 to 63 characters.

Usage guidelines

The data analysis center (DAC) uses the specified email sender address send emails.

Examples

# Specify mailto:[email protected] as the email sender address.

<Sysname> system-view

[Sysname] dac email-server sender [email protected]

Related commands

dac email-server server-address

Use dac email-server server-address to specify the email server address for the DAC.

Use undo dac email-server server-address to restore the default.

Syntax

dac email-server server-address address-string

undo dac email-server server-address

Default

No email server is specified for the DAC.

Views

System view

Predefined user roles

network-admin

context-admin

Parameters

address-string: Specifies the IP address or host name of the email server. The host name is a case-sensitive string of 3 to 63 characters.

Usage guidelines

The DAC can send emails only after the both email server address and email sender address are configured.

If you specify the host name as the email server address for the DAC, make sure the device can obtain the IP address through static or dynamic domain name resolution. In addition, the device must reach the IP address of the email server. For more information about domain name resolution, see DNS configuration in Layer 3—IP Services.

If you configure this command multiple times, the most recent configuration takes effect.

Examples

# Specify 101.1.1.255 as email server address for the DAC.

<Sysname> system-view

[Sysname] dac email-server server-address 101.1.1.225

Related commands

dac email-server sender

dac email-server username

Use dac email-server username to set the username for connecting to the email server.

Use undo dac email-server username to restore the default.

Syntax

dac email-server username username

undo dac email-server username

Default

The username for connecting to the email server is not specified.

Views

System view

Predefined user roles

network-admin

context-admin

Parameters

username: Specifies the username, a case-sensitive string of 1 to 63 characters.

Usage guidelines

If you configure this command multiple times, the most recent configuration takes effect.

Examples

# Specify admin as the username for connecting to the email server.

<Sysname> system-view

[Sysname] dac email-server username admin

Related commands

dac email-server client-authentication enable

dac email-server password

dac log-collect enable

Use dac log-collect enable to enable the log collection for a service that is registered to the DAC.

Use undo dac log-collect enable to disable the log collection for a service.

Syntax

dac log-collect service service-type service-name enable

undo dac log-collect service service-type service-name enable

Default

The log collection status for each service varies by service setting when the service module is registered to the DAC.

Views

System view

Predefined user roles

network-admin

context-admin

Parameters

service-type: Specifies the type of a service that is registered to the DAC. The service type name is a case-insensitive string. To view the supported service type, enter a question mark (?) for this argument.

service-name: Specifies the name of a service that is registered to the DAC. The service name is a case-insensitive string. To view the supported service name, enter a question mark (?) for this argument.

Usage guidelines

This command enables the log collection for a specific service. To collect the log messages for the traffic service, first enable the session statistics collection and then enable the log collection.

Repeat this command to enable log collection for multiple services.

Examples

# Enable the log collection for the DPI traffic service.

<Sysname> system-view

[Sysname] dac log-collet service dpi traffic enable

Related commands

display dac log-collect

dac log-display enable

Use dac log-display enable to enable the real-time log display.

Use undo dac log-collect enable to disable the real-time log display.

Syntax

dac log-display service service-type service-name enable

undo dac log-display service service-type service-name enable

Default

The real-time log display for all services is disabled.

Views

System view

Predefined user roles

network-admin

context-admin

Parameters

service-type: Specifies the type of a service that is registered with the DAC. The service type name is a case-insensitive string. To view the supported service type, enter a question mark (?) for this argument.

service-name: Specifies the name of a service that is registered with the DAC. The service name is a case-insensitive string. To view the supported service name, enter a question mark (?) for this argument.

Usage guidelines

This command for a service takes effect only after the log collection for the service is enabled by the dac log-collect enable command.

With this feature enabled, you can see the real-time log messages displayed on the Web interface.

Repeat this command to enable real-time log display for multiple services.

DPI do not support this feature in the current software version.

Examples

# Enable the real-time display for system logs.

<Sysname> system-view

[Sysname] dac log-display service syslog syslog enable

Related commands

dac log-collect enable

display dac log-display

dac report

Use dac report to configure the subscription parameters for a report type.

Use undo dac report to remove the subscription parameters for a report type.

Syntax

dac report type { comparison | integrated | intelligent | summary } subscriber mail-address [ language { chinese | english } ]

undo dac report type { comparison | integrated | intelligent | summary } [ subscriber mail-address ]

Default

No report subscription parameters are configured.

Views

System view

Predefined user roles

network-admin

context-admin

Parameters

comparison: Specifies the comparison report.

integrated: Specifies the integrated report.

intelligent: Specifies the intelligent report.

summary: Specifies the summary report.

subscriber mail-address: Specifies the email address of the report subscriber, a case-sensitive string of 3 to 63 characters. If you do not specify a subscriber, the undo command removes all subscribers for the specified report type.

language: Specifies a language for the reports. If you do not specify this keyword, Chinese is used in the reports.

chinese: Uses Chinese in the reports.

english: Uses English in the reports.

Usage guidelines

You can configure a maximum of 50 subscribers for each report type.

Examples

# Specify [email protected] and English as the subscriber address and language for the summary report, respectively.

<Sysname> system-view

[Sysname] dac report type summary subscriber [email protected] language english

# Remove subscriber address [email protected] for the summary report.

<Sysname> system-view

[Sysname] undo dac report type summary subscriber [email protected]

Related commands

display dac report

dac report top

Use dac report top to specify the number of statistics entries in descending order to be analyzed for a report type.

Use undo dac report top to restore the default.

Syntax

dac report type { comparison | integrated | intelligent | summary } top number

undo dac report type { comparison | integrated | intelligent | summary } top

Default

Top 5 statistics entries are specified to be analyzed for a report type.

Views

System view

Predefined user roles

network-admin

context-admin

Parameters

comparison: Specifies the comparison report.

integrated: Specifies the integrated report.

intelligent: Specifies the intelligent report.

summary: Specifies the summary report.

top number: Specifies the number of statistics entries in descending order. The value range for the number argument is 5, 10, 15, 20, and 25.

Usage guidelines

This command takes effect only when report subscription settings are configured.

Use this command to specify the range of statistics to be analyzed by a report. For example, if you specify top 20 statistics entries for the summary report, the generated report will contain the analysis results only about these statistics entries from each service.

Examples

# Specify top 5 statistics entries for the comparison report.

<Sysname> system-view

[Sysname] dac report type comparison top 15

Related commands

dac report

display dac report

dac storage

Use dac storage to configure the data storage limits for a service.

Use undo dac storage to restore the default.

Syntax

dac storage service service-type service-name limit { hold-time time-value | usage usage-value | action { delete | log-only } }

undo dac storage service service-type service-name limit { hold-time | usage | action }

Default

The service data can be saved for a maximum of 365 days.

The data of each service can occupy up to 20% of the total storage space.

If the storage time or storage space usage limit is exceeded, the system deletes the expired or the oldest data.

Views

System view

Predefined user roles

network-admin

Parameters

limit: Configures the data storage limits for a service.

hold-time time-value: Specifies the storage time limit in days. The value range is 1 to 65535. The storage time limit should be longer than the number of days that the oldest service data has been stored for.

usage usage-value: Specifies the percentage of the total storage space the service data can occupy. The value range is 1 to 100. The storage usage limit should be higher than the current storage usage of the service.

action: Specifies the action to take when a data storage limit is exceeded.

delete: Deletes data collected on the oldest dates and generates a log message. The data of the current date cannot be deleted.

log-only: Generates a log message only. When a storage limit is exceeded, old data are not deleted and new data cannot be saved.

Usage guidelines

The DAC periodically checks the data of each service to determine if the storage time or storage space usage limit is exceeded.

· If a storage limit is exceeded and the action is delete, the system deletes the expired or the oldest service data. A log will be generated to report the event.

· If a storage limit is exceeded and the action is log-only, the system generates a log message. New data will not be saved.

If you configure this command to set the storage time limit for a service multiple times, the most recent configuration takes effect. The same is true for setting the storage space limit or storage limit-violated action for a service. You can view the storage space usage of each service on the Web interface.

This command is supported only on the default context. For more information about contexts, see context configuration in Virtual Technologies Configuration Guide.

Examples

# Set the storage time limit, storage space limit, and the action to take when the limits are exceeded for the traffic service.

<Sysname> system-view

[Sysname] dac storage service dpi traffic limit hold-time 60

[Sysname] dac storage service dpi traffic limit usage 30

[Sysname] dac storage service dpi traffic limit action delete

dac traffic-statistic enable

Use dac traffic-statistic enable to enable real-time traffic statistics collection.

Use undo dac traffic-statistic enable to disable real-time traffic statistics collection.

Syntax

dac traffic-statistic { application | user } enable [ verbose ]

undo dac traffic-statistic { application | user } enable

Default

The real-time traffic statistics collection is disabled.

Views

System view

Predefined user roles

network-admin

context-admin

Parameters

application: Collects application traffic statistics in real time.

user: Collects user traffic statistics in real time.

verbose: Collects detailed traffic information in real time. If you do not specify this keyword, this command collects brief traffic information in real time.

Usage guidelines

The detailed information about user traffic that is collected in real time provides used applications on a per-user basis.

The detailed information about application traffic that is collected in real time provides user information on a per-application basis.

Enabling this feature will have an impact on the CPU performance of the device. Make sure you are fully aware of the impact before you enable this feature in high traffic scenarios.

Repeat this command to enable multiple collections of real-time traffic statistics.

Examples

# Enable the collection of detailed user traffic statistics in real time.

<Sysname> system-view

[Sysname] dac traffic-statistic user enable verbose

Related commands

display dac traffic-statistic

display dac email-server

Use display dac email-server to display the email server configuration of the DAC.

Syntax

display dac email-server

Views

Any view

Predefined user roles

network-admin

network-operator

context-admin

context-operator

Examples

# Display the email server configuration of the DAC.

<Sysname> display dac email-server

Mail server address : 2.2.2.2

Mail sender address : [email protected]

Authentication : Enable

secure-authentication : Enable

Username : lkx

password : ******

Table 1 Command output

Field	Description
Authentication	Enabling status of the email client authentication.
Secure-authentication	Enabling status of the secure transmission of authentication credentials.
Username	Username for connecting to the email server.
Password	Password for connecting to the email server.

‌

display dac log-collect

Use display dac log-collect to display the log collection configuration for a service.

Syntax

display dac log-collect { all | service service-type service-name }

Views

Any view

Predefined user roles

network-admin

network-operator

context-admin

context-operator

Parameters

all: Specifies all types of services that are registered with the DAC. The DAC provides functions only for services that have registered with the DAC.

Examples

# Display the log collection configuration for all services.

<Sysname> system-view

[Sysname] display dac log-collect all

Service type Service Status

Slot 1:

dpi audit Disabled

dpi ffilter Disabled

dpi threat Disabled

dpi traffic Enabled

dpi uflt Disabled

Table 2 Command output

Field	Description
Service	Service name.
Status	Status of the log collection: Disabled or Enabled.

‌

Related commands

dac log-collect enable

display dac log-display

Use display dac log-display to display the configuration of the real-time log display.

Syntax

display dac log-display { all | service service-type service-name }

Views

Any view

Predefined user roles

network-admin

network-operator

context-admin

context-operator

Parameters

all: Specifies all types of services that are registered with the DAC. The DAC provides functions only for services that have registered with the DAC.

Examples

# Display the configuration of the real-time log display.

<Sysname> system-view

[Sysname] display dac log-display syslog syslog

Service type Service Status

Slot 1:

syslog syslog Disabled

syslog cfglog Disabled

Table 3 Command output

Field	Description
Service	Service name.
Status	Status of the log collection: Disabled or Enabled.

‌

Related commands

dac log-display enable

display dac report

Use display dac report to display report subscriber information.

Syntax

display dac report [ comparison | integrated | intelligent | summary ]

Views

Any view

Predefined user roles

network-admin

network-operator

context-admin

context-operator

Parameters

comparison: Specifies the comparison report.

integrated: Specifies the integrated report.

intelligent: Specifies the intelligent report.

summary: Specifies the summary report.

Usage guidelines

If you do not specify a report type, this command displays subscriber information for all report types.

Examples

# Display subscriber information for all report types.

<Sysname> display dac report

Total subscribers:4

Summary subscribers:1

Comparison subscribers:1

Intelligent subscribers:1

Integrated subscribers:1

Report type Language Top Subscriber email

Summary CH 20 [email protected]

Comparison CH 20 [email protected]

Intelligent EN 15 [email protected]

Integrated EN 25 [email protected]

Table 4 Command output

Field	Description
Total subscribers	Total number of subscribers.
Summary subscribers	Number of subscribers for the summary report.
Comparison subscribers	Number of subscribers for the comparison report.
Intelligent subscribers	Number of subscribers for the intelligent report.
Integrated subscribers	Number of subscribers for the integrated report.
Language	Language used in the reports: · CH—Chinese. · EN—English.
Top	Statistics range of a report.
Subscriber email	Email address of a report subscriber.

‌

display dac storage

Use display dac storage to display the data storage limit configuration for services.

Syntax

display dac storage [service-type service-name ]

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

Usage guidelines

If you do not specify a service, this command displays the data storage limit configuration for all services.

This command is supported only on the default context. For more information about contexts, see context configuration in Virtual Technologies Configuration Guide.

Examples

# Displays the data storage limit configuration for all services.

<Sysname> display dac storage

Total services :25

Service type Service name Time limit (days) Usage limit

Action

syslog cfglog 365 20%

delete

sandbox log 365 20%

---- More ----

Table 5 Command output

Field	Description
Total services	Total number of services.
Time limit	Storage time limit in days.
Usage limit	Storage space usage limit in percentage.
Action	Action to take when the storage time limit or space limit is exceed. · delete—Delete the oldest data, and generates a log message. · log-only—Generate a log message only.

‌

display dac traffic-statistic

Use display dac traffic-statistic to display the configuration of the real-time traffic statistics collection.

Syntax

display dac traffic-statistic [ application | user ]

Views

Any view

Predefined user roles

network-admin

network-operator

context-admin

context-operator

Parameters

application: Specifies the collection of the real-time application traffic statistics.

user: Specifies the collection of the real-time user traffic statistics.

Usage guidelines

If you do not specify any keyword, this command displays the configuration of the collection for all real-time traffic statistics.

Examples

# Displays the configuration of the real-time user traffic statistics collection.

<Sysname> system-view

[Sysname] display dac traffic-statistic user

Slot 1:

Type Status

User Enabled (verbose)

Table 6 Command output

Field	Description
Type	Type of traffic collected in real time: · Application. · User.
Status	Status of the real-time traffic statistics collection: · Disabled—This feature is disabled. · Enabled (brief)—This feature is enabled, and the DAC collects brief traffic information. · Enabled (verbose)—This feature is enabled, and the DAC collects detailed traffic information.

Field

Description

Type

Type of traffic collected in real time:

· Application.

· User.

Status

Status of the real-time traffic statistics collection:

· Disabled—This feature is disabled.

· Enabled (brief)—This feature is enabled, and the DAC collects brief traffic information.

· Enabled (verbose)—This feature is enabled, and the DAC collects detailed traffic information.

‌

04-DPI Command Reference

Data analysis center commands

display dac email-server

display dac report

display dac traffic-statistic

Intelligent Terminal Products

Product Support Services

Technical Service Solutions

Resource Center

Policy

Online Help

Become a Partner

Partner Policy & Program

Global Learning

Partner Sales Resources

Service Business

News & Events

Contact Us