Hardware logging server groups
Configure hardware logging server groups to group the hardware logging servers that receive logs from traffic accepted by a hyperscale firewall policy. To add hardware logging for hyperscale firewall traffic, you add a log server group to a hyperscale firewall policy.
You also use the log server group to configure the number of log messages sent for each session, the log format (NetFlow or syslog), how software sessions are logged, whether log messages are distributed to the log servers in the server group or simultaneously sent to all log servers in the server group, and to select the log servers added to the log server group.
From the GUI:
- Under Log Server Groups select Create New to add a log server group.
- Enter a Name for the log server group.
- Select the Logging Mode and Log format.
- Add one or more Log servers.
- Select OK to save the log server group.
- Repeat these steps to add more logging server groups.
- Select Apply to save your changes.
From the CLI:
config log npu-server
config server-group
edit <group-name>
set log-mode {per-session | per-nat-mapping | per-session-ending}
set log-format {netflow | syslog}
set log-tx-mode {roundrobin | multicast}
set sw-log-flags {tcp-udp-only | enable-all-log | disable-all-log}
set log-user-info {disable | enable}
set log-gen-event {disable | enable}
set server-number <number>
set server-start-id <number>
end
Logging Mode (log-mode
) select a log mode:
- Per Session (
per-session
) (the default) create two log messages per session, one when the session is established and one when the session ends. If Log Module (log-processor
) is set to Hardware Log Module (hardware
), NP7 processors may incorrectly create multiple session start messages due to a hardware limitation. - Per Mapping (
per-nat-mapping
) create two log messages per session, one when the session allocates NAT mapping resources and one when NAT mapping resources are freed when the session ends. - Per-Session ending (
per-session-ending
) create one log message when a session ends. This log message includes the session duration, allowing you to calculate the session start time. Per-Session ending logging may be preferable to per session logging because fewer log messages are created, but the same information is available.
Log Format (log-format {netflow | syslog}
) set the log message format to NetFlow (netflow
) (the default) or Syslog (syslog
). If you select NetFlow, the global hardware logging NetFlow version setting determines the NetFlow version (v9 or v10) of the log messages.
Log servers, select one or more hardware log servers to add to this log server group. From the CLI you use the server-number
and server-start-id
to select the servers to add to the log server group.
CLI-only logging server group options
log-tx-mode {roundrobin | multicast}
select roundrobin
(the default) to load balance log messages to the log servers in the server group. Select multicast
to enable multicast logging. Multicast logging simultaneously sends log messages to all of the log servers in the server group.
sw-log-flags {tcp-udp-only | enable-all-log | disable-all-log}
configure how software session logs are handled by the log server group. Software session logging uses per-session
logging, which creates two log messages per session, one when the session is established and one when the session ends. Software session logging supports NetFlow v9, NetFlow v10, and syslog log message formats.
-
tcp-udp-only
log only TCP and UDP software sessions (the default). -
enable-all-log
log all software sessions. -
disable-all-log
disable software session logging for this log server group.
log-user-info
enable to include user information in log messages. This option is only available if log-format
is set to syslog
.
log-gen-event
enable to add event logs to hardware logging. This option is only available if log-format
is set to syslog
and log-mode
is set to per-nat-mapping
to reduce the number of log messages generated.
server-number
the number of log servers to add to this server group. The range is 1 to 16. The default is 0 and must be changed.
server-start-id
the ID of one of the log servers in the config server-info
list. The range is 1 to 16 and the default is 0 and must be changed.
Use server-number
and server-start-id
to select the log servers to add to a log server group. You can add the same log server to multiple log server groups.
For example, if you have created five log servers with IDs 1 to 5:
config server-info
edit 1
set vdom Test-hw12
set ipv4-server 10.10.10.20
end
edit 2
set vdom Test-hw12
set ipv4-server 10.10.10.21
end
edit 3
set vdom Test-hw12
set ipv4-server 10.10.10.22
end
edit 4
set vdom Test-hw12
set ipv4-server 10.10.10.23
end
edit 5
set vdom Test-hw12
set ipv4-server 10.10.10.24
end
You can add the first three log servers (IDs 1 to 3) to a log server group by setting server-number
to 3 and server-start-id
to 1. This adds the log servers with ID 1, 2, and 3 to this log server group.
config server-group
edit test-log-11
set server-number 3
set server-start-id 1
end
To add the other two servers to a second log server group, set server-number
to 2 and server-start-id
to 4. This adds log servers 4 and 5 to this log server group.
config server-group
edit test-log-12
set server-number 2
set server-start-id 4
end
To add all of the log servers to a third log server group, set server-number
to 5 and server-start-id
to 1. This adds log servers 1 to 5 to the this log server group.
config server-group
edit test-log-13
set server-number 5
set server-start-id 1
end