[rbak-nsp] NAT Logging

Yuri Shefer shefys at gmail.com
Tue Nov 5 12:24:30 EST 2013 

Hi,

You can try ipfix_collector which is coming with libipfix library. I just
added the required CGNAT template to the source code:
https://github.com/shef/libipfix

This is the example of collected flows:
#hdr: v9, 4840.000, 1378943271, 46
#template: 256, 24628(NatLogIdxCtxID:4), 24629(NatLogIdxContentName:64)
#template: 257, 24628(NatLogIdxCtxID:4),
24630(NatLogIdxAssignTSSec:4), 24632(NatLogIdxIPV4IntAddr:4),
24633(NatLogIdxIPV4ExtAddr:4), 24634(NatLogIdxExtPortFirst:2),
24635(NatLogIdxExtPortLast:2)
#template: 258, 24628(NatLogIdxCtxID:4),
24630(NatLogIdxAssignTSSec:4), 24631(NatLogIdxUnassignTSSec:4),
24632(NatLogIdxIPV4IntAddr:4), 24633(NatLogIdxIPV4ExtAddr:4),
24634(NatLogIdxExtPortFirst:2), 24635(NatLogIdxExtPortLast:2)
#hdr: v9, 4841.000, 1378943272, 47
256, 1, local
#hdr: v9, 4896.000, 1378943327, 48
257, 1, 1378943325, 192.168.1.25, 200.1.1.1, 1984, 2015
257, 1, 1378943325, 192.168.1.25, 200.1.1.1, 1920, 1951
257, 1, 1378943325, 192.168.1.25, 200.1.1.1, 1856, 1887
257, 1, 1378943325, 192.168.1.25, 200.1.1.1, 1824, 1855
...
257, 1, 1378943325, 192.168.1.25, 200.1.1.1, 1312, 1343
#hdr: v9, 4900.000, 1378943331, 49
#template: 256, 24628(NatLogIdxCtxID:4), 24629(NatLogIdxContentName:64)
#template: 257, 24628(NatLogIdxCtxID:4),
24630(NatLogIdxAssignTSSec:4), 24632(NatLogIdxIPV4IntAddr:4),
24633(NatLogIdxIPV4ExtAddr:4), 24634(NatLogIdxExtPortFirst:2),
24635(NatLogIdxExtPortLast:2)
#template: 258, 24628(NatLogIdxCtxID:4),
24630(NatLogIdxAssignTSSec:4), 24631(NatLogIdxUnassignTSSec:4),
24632(NatLogIdxIPV4IntAddr:4), 24633(NatLogIdxIPV4ExtAddr:4),
24634(NatLogIdxExtPortFirst:2), 24635(NatLogIdxExtPortLast:2)
#hdr: v9, 4948.000, 1378943379, 50
258, 1, 1378943325, 1378943378, 192.168.1.25, 200.1.1.1, 2016, 2047
258, 1, 1378943325, 1378943378, 192.168.1.25, 200.1.1.1, 1984, 2015
258, 1, 1378943325, 1378943378, 192.168.1.25, 200.1.1.1, 1952, 1983
258, 1, 1378943325, 1378943378, 192.168.1.25, 200.1.1.1, 1920, 1951
...
258, 1, 1378943325, 1378943378, 192.168.1.25, 200.1.1.1, 1024, 1055


On Sun, Nov 3, 2013 at 10:51 AM, Golem <golem at mtm-info.pl> wrote:

> Hello
>
> I  have  solved  problem by moving nat logging-profile to context with
> interface which is used to export flows and then changed ip nat pool
> logging-profile LogowanieNat context mrouter , looks like loop interface
> can't
> be used as source.
>
> Seems like CGNAT logging using custom fields in netflow, are there any
> patches for Nfdump available ?
>
>
> --
Best regards,
Yuri
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://puck.nether.net/pipermail/redback-nsp/attachments/20131105/4f5353a5/attachment.html>

More information about the redback-nsp mailing list