You can learn logs for events in which packets match security policies on firewalls by checking access control events on the LogCenter.
You can query the access control events on the LogCenter based on policy packet filtering or rule packet filtering. Table 4-1 describes adaption of the firewalls for different query modes.
Unless otherwise specified, the operator involved in configurations indicates the system administrators of the firewalls.
Table 1-1 Adaptation of the firewalls to access control events
| Query Mode |
Compatible Product Form |
Product Version |
Log Type |
Log Format |
Output Mode |
Key Configuration Points |
Description |
| Policy Packet Filtering |
USG6000 |
V100R001C10 V100R001C20 V100R001C30 |
Policy matching logs |
Dataflow |
The logs are directly sent to the LogCenter. |
l In the system view, run the data-flow loghost command to configure the log host and set the port number to 9903. l In the system view, run the log type policy enable command to enable the function of generating policy matching logs. l In the security policy rule view, run the policy logging command to enable the function of recording policy matching rules. |
For details about configuration instances, see 7.1.1 Checking Access Control Event Logs on the LogCenter. |
| USG9500 |
V300R001C01 |
Policy matching logs |
Syslog |
The logs are sent to the LogCenter through the information center. The module name is SEC. |
l In the system view, run the info-center enable command to enable the information center. l In the system view, run the info-center loghost command to configure the log host and set the port number to 514 (default). l In the system view, run the info-center source command to add records to information channels. l In the security policy ID view, run the policy logging command to enable the function of recording policy matching rules. |
For details about configuration instances, see 7.1.1 Checking Access Control Event Logs on the LogCenter. | |
| Rule Packet Filtering |
USG6000 |
V100R001C10 V100R001C20 V100R001C30 |
- |
- |
- |
- |
The firewalls of these versions do not generate this type of logs. Therefore, you cannot view the corresponding logs on the LogCenter. |
| USG9500 |
V300R001C01 |
- |
- |
- |
- |
The firewalls of these versions do not generate this type of logs. Therefore, you cannot view the corresponding logs on the LogCenter. |
