nat log session enable

Function

The nat log session enable command enables the NAT log function.

The undo nat log session enable command disables the NAT log function.

This NAT log function is disabled by default.

This command is supported only on the NetEngine 8000 F1A.

Format

nat log session enable [ elog | syslog | netstream ]

undo nat log session enable [ elog | syslog | netstream ]

Parameters

Parameter	Description	Value
elog	Indicates NAT session logs in the elog format.	-
syslog	Indicates NAT session logs in the syslog format.	-
netstream	Indicates NAT session logs in the NetStream format.	-

Parameter

Description

Value

elog

Indicates NAT session logs in the elog format.

syslog

Indicates NAT session logs in the syslog format.

netstream

Indicates NAT session logs in the NetStream format.

Views

NAT instance view

Default Level

2: Configuration level

Task Name and Operations

Task Name	Operations
nat	write

Usage Guidelines

Usage Scenario

When users access the Internet through a NAT device, the NAT device is difficult to locate which host initiates an access request based on the source IP address because the NAT device has translated the private address to a public address, which reduces network security.

To enable the NAT log function, run the nat log session enable command. NAT flow logs record information about NAT flows so that administrators can obtain addresses before NAT translation is performed to query and trace network activities and operations. This improves network availability and security.

Follow-up Procedure

Run the nat log host command to set the log host's IP address, port number, and name so that a NAT device can send NAT logs evenly to multiple log hosts.

Precautions

The NAT session logging function must be used together with a log host. To ensure that the NAT logging function takes effect, run the nat log session enable command and configure a log host.

When the nat log session enable command without a format configured is run, the elog flow log format is used by default for NAT flow logs.

Example

# Enable the NAT log function.

<HUAWEI> system-view
[~HUAWEI] nat instance cpe1 id 1
[*HUAWEI-nat-instance-cpe1] nat log session enable