Configuring the NAT Log Function

You can configure the NAT log function to record NAT operation information in real time, which strengthens device maintainability.

Context

NAT logs are generated by a NAT device during NAT operation. The information contains basic user information and NAT operation information. NAT logs also record private network users' access to public networks and public network users' access to private network servers. When private network users access a public network through the NAT device, they share an external network address. For this reason, the users accessing the public network cannot be located. The log function helps trace and record users' access to external networks in real time, enhancing network maintainability.

Procedure

  1. Run system-view

    The system view is displayed.

  2. Run nat instance instance-name [ id id ]

    The NAT instance view is displayed.

  3. Run nat log session enable [ elog | syslog | netstream ]

    The NAT log function is enabled.

  4. Run nat log host host-ip-address host-port source source-ip-address source-port [ name name ] [ vpn-instance vpn-instance-name ]

    A NAT log host is configured.

  5. (Optional) Run nat log send-mode { session-start-only | session-end-only }

    The mode of sending NAT logs is configured.

  6. (Optional) Configure a flexible NAT log template.

    1. Run quit

      Return to the system view.

    2. (Optional) Run nat time local

      The local time is displayed in the logs.

    3. (Optional) Run nat time { endtime-second-dec | endtime-second-hex | starttime-second-dec | starttime-second-hex | starttime | timestamp-second-dec | timestamp-second-hex | timestamp } { local | utc }

      The end time, start time, or timestamp in the log is set to the local time or UTC time.

      The time format configured using the nat time command takes precedence over that configured using the nat time local command in the flexible log template view. If the nat time command is run, the time format of the end time, start time, or timestamp takes effect according to the configured format. If the nat time command is not run, the nat time local command takes effect. If neither the nat time command nor the nat time local command is run, the default UTC time takes effect.

    4. In the flexible NAT flow log template view, run the nat position command to configure a flexible flow log template.

    5. Run quit

      Return to the system view.

  7. Run commit

    The configuration is committed.

Parent Topic: Maintaining NAT
Copyright © Huawei Technologies Co., Ltd.
Copyright © Huawei Technologies Co., Ltd.
Next topic >