nat log send-mode

Function

The nat log send-mode command configures the mode of sending NAT logs.

The undo nat log send-mode command restores the default configuration.

By default, a device sends log information once a NAT session is created or deleted

This command is supported only on the NetEngine 8000 F1A.

Format

nat log send-mode { session-start-only | session-end-only }

undo nat log send-mode { session-start-only | session-end-only }

Parameters

Parameter Description Value
session-start-only

Enables a NAT device to send logs only when sessions are created.

-
session-end-only

Indicates that logs are sent only when a NAT session ages out.

-

Views

NAT instance view

Default Level

2: Configuration level

Task Name and Operations

Task Name Operations
nat write

Usage Guidelines

Usage Scenario

By default, a device sends log information once a NAT session is created or deleted. To reduce the number of session logs to be sent, run the nat log send-mode command.

Precautions

The nat log send-mode command takes effect only when the NAT session log function is enabled.

If a device is configured to send session logs only when flow tables age, a security vulnerability exists. Before a flow table ages, the log system does not store source tracing information about the session. If the flow table keeps having traffic transmitted and does not age, the log server does not store information about the session.

If a device is configured to send session logs only when flow tables age and a board is restarted, the log server cannot trace the source because the log server does not store log messages generated when the flow tables are created.

If the device is configured to send session logs generated only when flow tables are created, a security vulnerability exists. After a flow table ages, the device cannot determine the time when the flow table ages.

If session-end-only is configured before a flow table is created and is changed to session-start-only before a flow table ages, a log server cannot store source tracing information about the session.

Example

# Configure NAT logs to be sent only when a NAT session is created.
<HUAWEI> system-view
[~HUAWEI] nat instance nat1 id 1
[*HUAWEI-nat-instance-nat1] nat log send-mode session-start-only
Parent Topic: NAT Configuration Commands
Copyright © Huawei Technologies Co., Ltd.
Copyright © Huawei Technologies Co., Ltd.
< Previous topic Next topic >