nat log

Function

The nat log command configures a NAT log host.

The undo nat log command deletes NAT log host configurations.

No NAT log host is configured by default.

This command is supported only on the NetEngine 8000 F1A.

Format

nat log host host-ip-address host-port source source-ip-address source-port [ name name ] [ vpn-instance vpn-instance-name ]

undo nat log [ host host-ip-address [ host-port source source-ip-address source-port [ name name ] [ vpn-instance vpn-instance-name ] ] ]

Parameters

Parameter Description Value
source source-ip-address

Specifies the source IP address used by a NAT device to communicate with a NAT log host.

The value is in dotted decimal notation.
source source-port

Specifies the source port number used by a NAT device to communicate with a NAT log host.

The value is an integer ranging from 1 to 65535.
name name

Specifies the name of a NAT log host.

The value is a string of 1 to 31 case-sensitive characters, spaces not supported. When double quotation marks are used around the string, spaces are allowed in the string.
vpn-instance

VPN instance of the log host.

-
vpn-instance-name

Specifies the name of a VPN instance.

The value is a string of 1 to 31 case-sensitive characters, spaces not supported. In addition, the VPN instance name must not be _public_. When double quotation marks are used around the string, spaces are allowed in the string.
host host-ip-address

Specifies IP address of a NAT log host.

The value is in dotted decimal notation.
host host-port

Specifies the port number of a NAT log host.

The value is an integer ranging from 1 to 65535.

Views

NAT instance view

Default Level

2: Configuration level

Task Name and Operations

Task Name Operations
nat write

Usage Guidelines

Usage Scenario

To configure a NAT log host, run the nat log host command. After NAT translates a source private IP address to a source public IP address, the source that initiates a request to access a network cannot be located, which decreases network security. To improve network security, the flow log function can be configured. NAT logs record information about NAT flows so that administrators can obtain addresses before NAT translation is performed to query network activities and operations. This improves network availability and security.

Precautions

  • A log host is uniquely identified by its IP address, port number, and VPN instance name.
  • Flow logs cannot be sent by a management interface.
  • After a log host is configured, you must enable the user-level log or flow log function so that the device sends NAT logs to the host.

Example

# In a NAT instance named cpe1, configure a log host named host 1 with IP 10.10.100.10, port number 1234, source IP 10.10.10.1, and source port number 3456.
<HUAWEI> system-view
[~HUAWEI] nat instance 1 id 1
[~HUAWEI-nat-instance-1] nat log host 10.10.100.10 1234 source 10.10.10.1 3456 name host1
Parent Topic: NAT Configuration Commands
Copyright © Huawei Technologies Co., Ltd.
Copyright © Huawei Technologies Co., Ltd.
< Previous topic Next topic >