You can learn security situations of the network by checking attack defense events on the LogCenter and therefore take targeted defense measures.
You can view the attack defense events on the LogCenter in various dimensions such as Snapshot, Attack Trend, Attack Rankings, Source IP Address Top N, and Log Details. Table 4-2 describes the adaptation of different firewalls.
Unless otherwise specified, the operator involved in configurations indicates the system administrators of the firewalls.
Table 1-1 Adaptation of the firewalls to attack defense events
| Compatible Product Form |
Product Version |
Log Type |
Log Format |
Output Mode |
Key Configuration Points |
Description |
| USG6000 |
V100R001C10 V100R001C20 V100R001C30 |
Attack defense logs |
Dataflow |
The logs are directly sent to the LogCenter. |
l In the system view, run the data-flow loghost command to configure the log host and set the port number to 9903. l In the system view, enable the attack defense function. According to actual network situations, configure the corresponding attack defense parameters. |
For details about configuration instances, see 7.1.2 Checking Attack Event Logs on the LogCenter. |
| USG9500 |
V300R001C01 |
Attack defense logs |
Syslog |
The logs are sent to the LogCenter through the information center. The module name is SEC. |
l In the system view, run the info-center enable command to enable the information center. l In the system view, run the info-center loghost command to configure the log host and set the port number to 514 (default). l In the system view, run the info-center source command to add records to information channels. l In the system view, enable the attack defense function. According to actual network situations, configure the corresponding attack defense parameters. |
For details about configuration instances, see 7.1.2 Checking Attack Event Logs on the LogCenter. |
