Module to be configured when a log output channel is configured on the USG6000 series

2

By default, the log audit module (AUDIT), mail filtering module (MAILFITER), URL filtering module (URL), anti-spam module (RBL), application control module (APPCTL), data leak prevention module (DLP), antivirus module (AV), intrusion prevention module (IPS), and attack defense module (DDOS) do not output logs to syslog hosts, while other modules output logs to syslog hosts.

Other related questions:
Method used to output syslog logs of the USG2000, USG5000, or USG6000 to the log server
Method used to output syslog logs of the USG2000, USG5000, or USG6000 to the log server: Configuration procedure: 1. Enable the information center and allow the device to output logs through the information center. 2. Configure the source interface used to send logs. 3. Configure the log output channel to send logs of different modules to the specified log server. 4. Configure the log server to receive logs from the NGFW.

How do I configure the NAT log output on the AR router
NAT logs are generated when the AR performs address translation. The logs record the source IP address, source port, destination IP address, destination port, and translated source IP address and source port, as well as user actions and timestamp. The configuration is as follows: [Huawei] firewall log session enable //Enables the log function on the firewall. [Huawei] firewall log session nat enable //Enables the NAT session log function. Run the following commands to output logs to the log host or session log host: 1. Configure the device to use channel6 to send information to the log host at 10.1.1.1. [Huawei] info-center enable [Huawei] info-center loghost 10.1.1.1 channel channel6 2. Configure a binary log server whose IP address is 10.10.10.1 and port number is 3456. Set the IP address and port number of the remote device to 10.10.10.2 and 20000 respectively. [Huawei] firewall log binary-log host 10.10.10.1 3456 source 10.10.10.2 20000

Methods of outputting logs to log files on S series switches
The S series switches (except the S1700) support the storage of logs and alarms in the log files. You can run the dir command in the user view to view the log files, which are named syslogfile or logfile. Perform the following steps to obtain logs and alarms from log files: 1. Run the save logfile command to save information in the log buffer to syslogfile or logfile. Remarks: The device automatically saves logs at regular intervals. The syslogfile file is saved automatically every time the device restarts. The logfile file is automatically saved at regular intervals. 2. After running the save logfile command, you can transfer log files to the terminal (PC) through FTP or TFTP.

If you have more questions, you can seek help from following ways:
To iKnow To Live Chat
Scroll to top