(Optional) Configuring the Function to Generate and Send User Login, User Logout, and User Login Result Logs

User login, user logout, and user login result logs can be used to query user information, such as the user IP address and the time when a user went online or offline.

Context

After the function to generate user login, user logout, and user login result logs is enabled on the router, the router records the related information when users successfully go online or offline. Such information includes the username, user login/logout operation, user login/logout time, user access interface, user IP address, and user MAC address.

In addition, the router supports the sending of user login, user logout, and user login result logs to a log server so that network maintenance personnel can query these logs on the log server.

It is recommended that IPsec be deployed to protect transmission channels and ensure security.

Procedure

Run system-view
The system view is displayed.
Run ip userlog { access | call-status } export host ip-address port transport tcp
The IP address and port number of the log server that receives user login, user logout, and user login result logs are configured.
Run ip userlog export host ip-addressport bind ssl-policy ssl-policy-name
An SSL policy is configured for the log server that receives user login, user logout, and user login result log packets.

The IP address and port number of the log server configured in this command must be the same as those configured in Step 2. The transport tcp parameter must be set to TCP in Step 2.
Run ip userlog access export version version
The version number of the user login and logout logs to be sent are configured.
Run ip userlog access send format syslog
The format of the user login and logout logs to be sent is configured.
Run ip userlog access
The function to generate and send user login and logout logs is enabled.
Run ip userlog call-status
The function to generate and send user login result logs is enabled.
Run commit
The configuration is committed.

Result

After the function to generate and send user login, user logout, and user login result logs is configured, run the display ip userlog access config command to check the configurations.
If a user has successfully gone online or offline, run the display ip userlog access statistic command to check statistics.

To re-collect information about user login, user logout, and user login result results, run the reset ip userlog statistics access command to clear the existing records on the device.

Statistics about user login, logout, and online result logs cannot be restored after they are cleared. Therefore, exercise caution when running this command.
After the function to generate and send user login, user logout, and user login result logs is configured, run the display ip userlog buffer access command to check the control block information and user information in the buffer of user login, user logout, and user login result logs.