- Table of Contents
-
- 17-Network Management and Monitoring Command Reference
- 00-Preface
- 01-System maintenance and debugging commands
- 02-NQA commands
- 03-NTP commands
- 04-PoE commands
- 05-SNMP commands
- 06-RMON commands
- 07-Event MIB commands
- 08-NETCONF commands
- 09-SmartMC commands
- 10-CWMP commands
- 11-EAA commands
- 12-Process monitoring and maintenance commands
- 13-Sampler commands
- 14-Mirroring commands
- 15-NetStream commands
- 16-IPv6 NetStream commands
- 17-sFlow commands
- 18-Performance management commands
- 19-Flow log commands
- 20-Information center commands
- 21-Packet capture commands
- 22-Cloud connection commands
- Related Documents
-
Title | Size | Download |
---|---|---|
19-Flow log commands | 86.89 KB |
Flow log commands
The following compatibility matrixes show the support of hardware platforms for flow log:
Hardware |
Flow log compatibility |
MSR810, MSR810-W, MSR810-W-DB, MSR810-LM, MSR810-W-LM, MSR810-10-PoE, MSR810-LM-HK, MSR810-W-LM-HK, MSR810-LM-CNDE-SJK, MSR810-CNDE-SJK |
Yes |
MSR810-LMS, MSR810-LUS |
No |
MSR810-LMS-EA, MSR810-LME |
Yes |
MSR2600-6-X1, MSR2600-10-X1 |
Yes |
MSR 2630 |
Yes |
MSR3600-28, MSR3600-51 |
Yes |
MSR3600-28-SI, MSR3600-51-SI |
No |
MSR3600-28-X1, MSR3600-28-X1-DP, MSR3600-51-X1, MSR3600-51-X1-DP |
Yes |
MSR3610-I-DP, MSR3610-IE-DP, MSR3610-IE-ES, MSR3610-IE-EAD, MSR3610-I-IG, MSR3610-IE-IG |
Yes |
MSR3610-X1, MSR3610-X1-DP, MSR3610-X1-DC, MSR3610-X1-DP-DC |
Yes |
MSR 3610, MSR 3620, MSR 3620-DP, MSR 3640, MSR 3660 |
Yes |
MSR3610-G, MSR3620-G |
Yes |
Hardware |
Flow log compatibility |
MSR810-W-WiNe, MSR810-LM-WiNet |
Yes |
MSR830-4LM-WiNet |
Yes |
MSR830-5BEI-WiNet, MSR830-6EI-WiNet, MSR830-10BEI-WiNet |
Yes |
MSR830-6BHI-WiNet, MSR830-10BHI-WiNet |
Yes |
MSR2600-6-WiNet, MSR2600-10-X1-WiNet |
Yes |
MSR2630-WiNet |
Yes |
MSR3600-28-WiNet |
Yes |
MSR3610-X1-WiNet |
Yes |
MSR3610-WiNet, MSR3620-10-WiNet, MSR3620-DP-WiNet, MSR3620-WiNet, MSR3660-WiNet |
Yes |
Hardware |
Flow log compatibility |
MSR2630-XS |
Yes |
MSR3600-28-XS |
Yes |
MSR3610-XS |
Yes |
MSR3620-XS |
Yes |
MSR3610-I-XS |
Yes |
MSR3610-IE-XS |
Yes |
Hardware |
Flow log compatibility |
MSR810-LM-GL |
Yes |
MSR810-W-LM-GL |
Yes |
MSR830-6EI-GL |
Yes |
MSR830-10EI-GL |
Yes |
MSR830-6HI-GL |
Yes |
MSR830-10HI-GL |
Yes |
MSR2600-6-X1-GL |
Yes |
MSR3600-28-SI-GL |
No |
display userlog export
Use display userlog export to display flow log configuration and statistics.
Syntax
display userlog export
Views
Any view
Predefined user roles
network-admin
network-operator
Examples
# Display flow log configuration and statistics.
<Sysname> display userlog export
Flow:
Export flow log as UDP Packet.
Version: 3.0
Source ipv4 address: 2.2.2.2
Source ipv6 address:
Log load balance function: Disabled
Local time stamp: Disabled
Number of log hosts: 2
Log host 1:
Host/Port: 1.2.3.6/2000
Total logs/UDP packets exported: 112/87
Log host 2:
VPN instance:abc
Host/Port:1.1.1.1/2000
Total logs/UDP packets exported: 6553665536/409597846
Table 1 Command output
Field |
Description |
Flow |
Flow log configuration and statistics. |
Export flow log as UDP Packet |
Flow log entries were sent to log hosts in UDP. |
Version |
Flow log feature version. |
Source ipv4/ipv6 address |
Source IP address of the flow log packets. |
Log load balance function |
Load balancing status for flow log packets: · Enabled—Flow log packets are distributed among available log hosts. · Disabled—Every flow log packet is copied and sent to all available log hosts. |
Local time stamp |
Whether the use of the local time in the flow log timestamp is enabled or disabled. |
Number of log hosts |
Total number of log hosts. |
Log host |
Information about the log host. |
VPN instance |
VPN instance to which the log host belongs. |
Host/port |
IP address and port number of the log host. |
Total logs |
Total number of flow log entries successfully exported and those failed to be exported to the log hosts. |
UDP packets exported |
Total number of UDP packets successfully sent and those failed to be sent to the log hosts. The UDP packets are used to export flow log entries. A UDP packet can contain multiple flow log entries. |
userlog flow export
display userlog host-group
Use display userlog host-group to display flow log host group information.
Syntax
display userlog host-group [ ipv6 ] [ host-group-name ]
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
ipv6: Specifies an IPv6 flow log host group. Do not configure this keyword if you want to specify an IPv4 flow log host group.
host-group-name: Specify a flow log host group by its name, a case-sensitive string of 1 to 63 characters. If you do not specify a log host group, this command displays information about all log host groups.
Examples
# Display information about IPv4 flow log host group test.
<Sysname> display userlog host-group test
Userlog host-group test:
ACL number: 2000
Flow log host numbers: 1
Log host 1:
VPN-instance: test
Host/port: 1.1.1.2/2000
# Display information about all IPv4 flow log host groups.
<Sysname> display userlog host-group
There are 2 IPv4 host groups.
Userlog host-group test:
ACL number: 2000
Flow log host numbers: 1
Log host 1:
VPN-instance: test
Host/Port: 1.2.3.6/0
Userlog host-group test2:
ACL name: test
Flow log host numbers: 1
Log host 1:
Host/Port: 1.1.1.1/0
Table 2 Command output
Field |
Description |
Userlog host-group test |
Information about a flow log host group. |
ACL number/ACL name |
ACL used by the log host group to match flow log entries. |
Flow log host numbers |
Number of flow log hosts in the group. |
Log host |
Information about a flow log host. |
VPN-instance |
VPN instance to which the log host belongs. This field is not displayed if no VPN instance is specified for the log host. |
Host/Port |
IP address and port number of the log host. |
Related commands
userlog host-group
userlog host-group host flow
reset userlog flow export
Use reset userlog flow export to clear flow log statistics.
Syntax
reset userlog flow export
Views
User view
Predefined user roles
network-admin
Examples
# Clear flow log statistics.
<Sysname> reset userlog flow export
Related commands
userlog flow export
userlog flow export host
Use userlog flow export host to specify a log host to receive flow log entries.
Use undo userlog flow export host to remove a log host.
Syntax
userlog flow export [ vpn-instance vpn-instance-name ] host { hostname | ipv4-address | ipv6 ipv6-address } port udp-port
undo userlog flow export [ vpn-instance vpn-instance-name ] host { hostname | ipv4-address | ipv6 ipv6-address }
Default
No log hosts are specified.
Views
System view
Predefined user roles
network-admin
Parameters
vpn-instance vpn-instance-name: Specifies an MPLS L3VPN instance by its name, a case-sensitive string of 1 to 31 characters. If the log host is on the public network, do not specify this option.
hostname: Specifies a log host by its name, a case-insensitive string of 1 to 253 characters. The host name can contain letters, digits, and special characters including hyphen (-), underscore (_), and dot (.).
ipv4-address: Specifies a log host by its IPv4 address. The address must be a valid unicast address and cannot be a loopback address.
ipv6 ipv6-address: Specifies a log host by its IPv6 address.
port udp-port: Specifies the UDP port number of the log host, in the range of 1 to 65535. As a best practice, use UDP port numbers in the range 1025 to 65535 to avoid collision with well-known UDP port numbers.
Examples
# Export flow log entries to UDP port 2000 on the log host at 1.2.3.6.
[Sysname] userlog flow export host 1.2.3.6 port 2000
Related commands
display userlog export
userlog flow export load-balancing
Use userlog flow export load-balancing to enable load balancing for flow log entries.
Use undo userlog flow export load-balancing to restore the default.
Syntax
userlog flow export load-balancing
undo userlog flow export load-balancing
Default
Load balancing is disabled. The device sends a copy of each flow log entry to all available log hosts.
Views
System view
Predefined user roles
network-admin
Usage guidelines
In load balancing mode, flow log entries are distributed among log hosts based on the source IP addresses (before NAT) that are recorded in the entries. The flow log entries generated for the same source IP address are sent to the same log host. If a log host goes down, the flow logs sent to it will be lost.
Examples
# Enable load balancing for flow logging.
<Sysname> system-view
[Sysname] userlog flow export load-balancing
Related commands
userlog flow export host
userlog flow export source-ip
Use userlog flow export source-ip to specify a source IP address for flow log packets.
Use undo userlog flow export source-ip to restore the default.
Syntax
userlog flow export source-ip { ipv4-address | ipv6 ipv6-address }
undo userlog flow export source-ip [ ipv6 ]
Default
The source IP address of flow log packets is the IP address of their outgoing interface.
Views
System view
Predefined user roles
network-admin
Parameters
ipv4-address: Specifies an IPv4 address.
ipv6 ipv6-address: Specifies an IPv6 address.
Examples
# Specify 1.2.1.2 as the source IP address for flow log packets.
<Sysname> system-view
[Sysname] userlog flow export source-ip 1.2.1.2
Related commands
userlog flow export host
userlog flow export timestamp localtime
Use userlog flow export timestamp localtime to configure the device to use the local time in the timestamp of flow logs.
Use undo userlog flow export timestamp localtime to restore the default.
Syntax
userlog flow export timestamp localtime
undo userlog flow export timestamp localtime
Default
The device uses the UTC time in the timestamp of flow logs.
Views
System view
Predefined user roles
network-admin
Usage guidelines
The device uses either the local time or the UTC time in the timestamp of flow logs.
· UTC time—Standard Greenwich Mean Time (GMT).
· Local time—Standard GMT plus or minus the time zone offset.
The time zone offset can be configured by using the clock timezone command. For more information, see Fundamentals Command Reference.
Examples
# Configure the device to use the local time in the timestamp of flow logs.
<Sysname> system-view
[Sysname] userlog flow export timestamp localtime
userlog flow export version
Use userlog flow export version to set the flow log version.
Use undo userlog flow export version to restore the default.
Syntax
userlog flow export version version-number
undo userlog flow export version
Default
The flow log version is 1.0.
Views
System view
Predefined user roles
network-admin
Parameters
version-number: Specifies a flow log version. Available options are 1, 3, and 5, which represent version 1.0, version 3.0, and version 5.0.
Usage guidelines
If you execute this command multiple times, the most recent configuration takes effect.
Examples
# Set the flow log version to 3.0.
<Sysname> system-view
[Sysname] userlog flow export version 3
Related commands
userlog flow export host
userlog flow syslog
Use userlog flow syslog to specify the information center as the destination for flow log export.
Use undo userlog flow syslog to restore the default.
Syntax
userlog flow syslog
undo userlog flow syslog
Default
Flow log entries are not exported.
Views
System view
Predefined user roles
network-admin
Usage guidelines
You can export flow log entries to log hosts or the information center, but not both. If both methods are configured, the system exports flow log entries to the information center.
Flow log entries are converted to the syslog format when they are exported to the information center. Their severity level is informational. With the information center, you can specify multiple log output destinations, including the console, log host, and log file.
Log entries in ASCII format are human readable. However, the log data volume is higher in ASCII format than in binary format.
Examples
# Specify the information center as the destination for flow log export.
<Sysname> system-view
[Sysname] userlog flow syslog
Related commands
userlog flow export host
userlog host-group
Use userlog host-group to create a flow log host group and enter its view, or enter the view of an existing flow log host group.
Use undo userlog host-group to delete a flow log host group.
Syntax
userlog host-group [ ipv6 ] host-group-name acl { name acl-name | number acl-number }
undo userlog host-group [ ipv6 ] host-group-name
Default
No flow log host groups exist.
Views
System view
Predefined user roles
network-admin
Parameters
ipv6: Creates an IPv6 flow log host group. Do not configure this keyword if you want to create an IPv4 flow log host group.
host-group-name: Specify a name for the flow log host group, a case-sensitive string of 1 to 63 characters.
acl: Specify an ACL to match the flow log entries to be sent to the flow log host group.
name acl-name: Specifies the ACL name, a case-insensitive string of 1 to 63 characters. The ACL name must start with a letter and cannot be all.
number acl-number: Specifies the ACL number, in the range of 2000 to 3999.
Usage guidelines
The flow log host group feature enables the device to send specific flow logs to specific group of log hosts. This facilitates log filtering and reduces the log sending and processing workload of the device.
A flow log host group uses an ACL to match the flow logs to be sent to it. Make sure the ACL exists and the ACL rules can identify the designated flow logs.
A flow log matches a log host group if it matches the group's ACL, and it is sent only to the log hosts in the matching group.
If a flow log matches multiple log host groups, the device sends the log to the group that comes first in alphabetical order of the matching group names.
If a flow log does not match any log host groups, the device ignores the log host group configuration and sends the log to all configured log hosts.
Examples
# Create an IPv4 flow log host group named test and specify ACL 2000 for it.
<Sysname> system-view
[Sysname] userlog host-group test acl number 2000
[Sysname-userlog-host-group-test]
Related commands
display userlog host-group
userlog host-group host flow
userlog host-group host flow
Use userlog host-group host flow to assign a log host to a flow log host group.
Use undo userlog host-group host flow to remove a log host from a flow log host group.
Syntax
IPv4 flow log host group view:
userlog host-group [ vpn-instance vpn-instance-name ] host flow { hostname | ipv4-address }
undo userlog host-group [ vpn-instace vpn-instance-name ] host flow { hostname | ipv4-address }
IPv6 flow log host group view:
userlog host-group [ vpn-instance vpn-instance-name ] host flow ipv6 { hostname | ipv6-address }
undo userlog host-group [ vpn-instance vpn-instance-name ] host flow ipv6 { hostname | ipv6-address }
Default
No log hosts exist in a flow log host group.
Views
IPv4 flow log host group view
IPv6 flow log host group view
Predefined user roles
network-admin
Parameters
vpn-instance vpn-instance-name: Specifies an MPLS L3VPN instance by its name, a case-sensitive string of 1 to 31 characters. If the log host is on the public network, do not specify this option.
hostname: Specifies a log host by its name, a case-insensitive string of 1 to 253 characters. The host name can contain letters, digits, hyphens (-), underscores (_), and dots (.).
ipv4-address: Specifies a log host by its IPv4 address. The address must be a valid IPv4 unicast address and cannot be a loopback address.
ipv6 ipv6-address: Specifies a log host by its IPv6 address. The address must be a valid IPv6 unicast address and cannot be a loopback address or all zeros.
Usage guidelines
A flow log host group can contain multiple log hosts, and a log host can be assigned to multiple flow log host groups.
Before you assign a log host to a flow log host group, make sure the log host has been configured on the device by using userlog flow export host the command.
Examples
# Assign a log host to flow log host group test.
<Sysname> system-view
[Sysname] userlog host-group test acl number 2000
[Sysname-userlog-host-group-test] userlog host-group host flow 1.2.3.6
Related commands
display userlog host-group
userlog flow export host
userlog host-group