Login
- Table of Contents
-
- 14-Network Management and Monitoring Configuration Guide
- 00-Preface
- 01-System maintenance and debugging configuration
- 02-NQA configuration
- 03-iNQA configuration
- 04-iFIT configuration
- 05-SRPM configuration
- 06-NTP configuration
- 07-PTP configuration
- 08-Network synchronization configuration
- 09-SNMP configuration
- 10-RMON configuration
- 11-NETCONF configuration
- 12-CWMP configuration
- 13-EAA configuration
- 14-Process monitoring and maintenance configuration
- 15-Sampler configuration
- 16-Mirroring configuration
- 17-NetStream configuration
- 18-IPv6 NetStream configuration
- 19-TCP connection trace configuration
- 20-Performance management configuration
- 21-Fast log output configuration
- 22-Flow log configuration
- 23-Information center configuration
- 24-Packet capture configuration
- 25-Flow monitor configuration
- Related Documents
-
| Title | Size | Download |
|---|---|---|
| 21-Fast log output configuration | 119.04 KB |
Log formats and field descriptions
Restrictions and guidelines: fast log output configuration
Fast log output configuration examples
Example: Configuring fast log output to a log host
Configuring fast log output
About fast log output
The fast log output feature enables fast output of logs to log hosts.
Typically, logs generated by a service module are first sent to the information center, which then outputs the logs to the specified destination (such as to log hosts). When fast log output is configured, logs of service modules are sent directly to log hosts instead of to the information center. Compared to outputting logs to the information center, fast log output saves system resources. For more information about the information center, see "Configuring the information center."
Log levels
Logs are classified into eight severity levels from 0 through 7 in descending order.
|
Severity value |
Level |
Description |
|
0 |
Emergency |
The system is unusable. For example, the system authorization has expired. |
|
1 |
Alert |
Action must be taken immediately. For example, traffic on an interface exceeds the upper limit. |
|
2 |
Critical |
Critical condition. For example, the device temperature exceeds the upper limit, the power module fails, or the fan tray fails. |
|
3 |
Error |
Error condition. For example, the link state changes. |
|
4 |
Warning |
Warning condition. For example, an interface is disconnected, or the memory resources are used up. |
|
5 |
Notification |
Normal but significant condition. For example, a terminal logs in to the device, or the device reboots. |
|
6 |
Informational |
Informational message. For example, a command or a ping operation is executed. |
|
7 |
Debugging |
Debug message. |
Log formats and field descriptions
Log formats
The format of logs varies by log type. Table 2 shows the original log formats, which might be different from what you see. The actual format varies by the log resolution tool used.
|
Log type |
Format |
|
NAT session log |
CMCC format: Example: Telecom format: Example: Unicom format: Example: eLog format: Example: |
|
NAT444 user log |
CMCC format: Example: Telecom format: Example: Unicom format: Example: eLog format: Example: |
|
DS-Lite user log |
eLog format: Example: |
|
AFT user log |
eLog format: Example: |
|
NAT alarm log |
CMCC format: Example: Telecom format: Example: Unicom format: Example: |
Log field description
Each log message contains a header and MSG content, which records log identifier information and detailed log information, respectively. Table 3 displays descriptions for log fields in the header and content in CMCC, Telecom, and Unicom log formats. Table 4 displays descriptions for log fields in the header and content in eLog log format.
Table 3 Description for log fields in CMCC, Telecom, and Unicom log formats
|
Field |
Description |
|
Header |
|
|
PRI |
Priority identifier. The priority is calculated by using this formula: facility*8+level, where: · facility is the facility name used to identify the log source at the log host. The facility name is fixed to 17, 16, and 17 for CMCC, Telecom, and Unicom, respectively. · level is in the range of 0 to 7. See Table 1 for more information about severity levels. |
|
Version |
Version of the log. This field is fixed to 1. |
|
Timestamp |
Time when the log was generated, accurate to seconds. The timestamp format is <year><mon> <day> <hh:mm:ss>, where: · year represents the year. · mon represents the month. · day represents the date. · hh:mm:ss represents the exact time. You can execute the customlog timestamp localtime command to configure the timestamp of fast output logs to show the system time. By default, the timestamp shows the Greenwich Mean Time (GMT). |
|
HostName |
Source IP address of the log. If the customlog host source command is configured, this field displays the IP address of the specified source interface. Otherwise, this field displays a hyphen (-). |
|
AppName |
Name of the device that generated the log. You can use the sysname command to modify the name of the device. |
|
ProcID |
Reserved field. This field displays a hyphen (-). |
|
MsgID |
Log message type in the format of <device type>:<message type>. The device type is NAT444, DSLITE, and NAT64 for NAT444, and NAT64 networks, respectively. Available message types include: · UserbasedA—Specifies user-based port assignment log. · UserbasedW—Specifies user-based port withdrawal log. · SessionbasedA—Specifies session-based port assignment log. · SessionbasedW—Specifies session-based port withdrawal log. · PortA—Specifies port range assignment log. · PortF—Specifies port range resource insufficient log. · PortW—Specifies port range withdrawal log. · SessionA—Specifies session start log. · SessionW—Specifies session end log. · SessionU—Specifies session log with a session URL. |
|
MSG content |
|
|
Protocol |
Transmission layer protocol. Options include: · 6—TCP. · 17—UDP. · 1—ICMP. |
|
Start Time |
NAT session start time, seconds elapsed since 1970-1-1 00:00:00. |
|
End Time |
NAT session end time, seconds elapsed since 1970-1-1 00:00:00. This field is 0 in a session start log message. |
|
Original Source IP |
Source IPv4 address before NAT. This field is displayed as 0.0.0.0 in a user-based port assignment log message when users come online through a VPN connection. |
|
VpnName |
VPN instance name of the source IPv4 address. In the current software version, only China Telecom format supports displaying VPN information, and China CMCC format or China Unicom format does not. |
|
Original Source IPv6 |
Source IPv6 address before NAT. |
|
Original Source Port |
Source port number before NAT. |
|
Translated Source IP |
Source IPv4 address after NAT. |
|
Translated First Source port |
First source port number after NAT. |
|
Translated Last Source port |
Last source port number after NAT. |
|
Destination IP |
Destination IP address. |
|
Destination Port |
Destination port number. |
Table 4 Description for log fields in eLog log format
|
Field |
Description |
|
Header |
|
|
PRI |
Priority identifier. This field is fixed to 134. |
|
Version |
Version of the log. This field is fixed to 1. |
|
Timestamp1 |
Time when the log was generated, in the format of YEAR-MONTH-DAYTHOUR:MINUTE:SECONDZ (GMT). |
|
HostName |
Source IP address of the log, which is the IP address of the egress interface that sends the log. If the customlog host source command is executed, this field displays the IP address of the specified source interface. |
|
AppName |
Name of the device that generated the log. You can use the sysname command to modify the name of the device. |
|
SyslogVer |
Syslog version. This field is fixed to 1. |
|
MODULENAME |
Module name. This field is fixed to SEC. |
|
LOGLEVEL |
Log level. This field is fixed to 6. |
|
LOGINFOMNEM |
Mnemonic. This field is fixed to BIND. |
|
LOGTYPE |
Log type. This field is fixed to L. |
|
UserORINCType |
User log type, including: · An initial portrange is assigned—User-based port assignment log. · An initial portrange is freed—User-based port withdrawal log. · An increase portrange is assigned—User-based extended port assignment log. · An increase portrange is freed—User-based extended port withdrawal log |
|
Scenario |
Transition technology scenario, including: · NAT444 · DS-Lite · NAT64 |
|
MsgType |
Field type, including the following parts: · Device type—NAT444, DS-Lite, and NAT64. · Message type—SessionbasedA and SessionbasedW. When a flow table is created, the message type is SessionbasedA. When a flow table ages out, the message type is SessionbasedW. |
|
Timestamp2 |
Time when the log was generated, in the format of YEAR-MONTH-DAY HOUR:MINUTE:SECOND. By default, this timestamp shows the UTC time. If the customlog timestamp localtime command, this field displays the local time. |
|
MSG content |
|
|
PrivateIP |
Private IP address of the user. |
|
LEN |
Prefix length of the private IPv6 address. |
|
VRFID |
VRF index. |
|
PublicIP |
Public IP address of the user after NAT. |
|
StartPort |
Start port of the user port block. |
|
EndPort |
End port of the user port block. |
|
PrivatePort |
Private port number of the user. |
|
PublicPort |
Public port number of the user after NAT. |
Restrictions and guidelines: fast log output configuration
1. Fast log output. Only NAT logs can be output by using this method in the current software version. For more information about NAT logs, see NAT configuration in For more information about NAT logs, see NAT Configuration Guide.
2. Flow log. For more information about flow log and the service modules supported by flow log, see "Configuring flow log."
3. Information center.
If you configure multiple log output methods for a service module, the service module outputs its logs in the method that has the highest priority.
To output NAT logs to a log host, you must specify the log format required by the log host in the customlog format and customlog host commands.
The device does not support outputting fast logs through the network management interface.
Procedure
1. Enter system view.
system-view
2. Enable fast log output.
customlog format { cmcc [ with-brackets ] [ with-vpn ] | elog | telecom [ with-brackets ] [ with-vpn ] | unicom [ type1 ] [ with-brackets ] [ with-vpn ] }
By default, fast log output is disabled.
Only China Telecom format supports displaying VPN information, and China CMCC format or China Unicom format does not.
3. Configure fast log output parameters.
customlog host [ vpn-instance vpn-instance-name ] { hostname | ipv4-address | ipv6 ipv6-address } [ port port-number ] export { cmcc-sessionlog | cmcc-userlog | elog-sessionlog | elog-userlog | telecom-sessionlog | telecom-userlog | unicom-sessionlog | unicom-userlog } * [ sysname sysname ]
By default, no fast log output parameters are configured.
The value for the port-number argument must be the same as the port number configured on the log host. Otherwise, the log host cannot receive logs.
4. (Optional.) Specify the source IP address for fast log output.
customlog host source interface-type interface-number
By default, the source IP address of fast output logs is the primary IP address of the outgoing interface.
If this command is configured, the primary IP address of the specified interface is used as the source IP address of fast output logs regardless of the outgoing interface.
Configure this command when you need to filter logs by source IP address on the log host.
5. (Optional.) Configure the timestamp of fast output logs to show the system time.
customlog timestamp localtime
By default, the timestamp of fast output logs shows the Greenwich Mean Time (GMT).
Fast log output configuration examples
Example: Configuring fast log output to a log host
Network configuration
As shown in Figure 1, configure fast log output on the device to send NAT444 user logs to the log host in CMCC format.
Procedure
1. Make sure the device and the log host can reach each other. (Details not shown.)
2. Configure the device:
# Enable fast log output in CMCC format.
<Device> system-view
[Device] customlog format cmcc
# Output NAT444 user logs in CMCC format to the log host at 1.2.0.1/16.
[Device] customlog host 1.2.0.1 port 1000 export cmcc-userlog
# Enable NAT444 user log.
[Device] nat log enable
[Device] nat log port-block-assign
[Device] nat log port-block-withdraw
3. Configure the log host:
The log host configuration varies by log host. For more information, see related document of the log host.
