Ipfix / nat logs

magnitude · January 3, 2023, 7:28am

Hello,

I am not able to send nat logs to the remote Syslog host.

I want to send nat logs like source ip, destination ip, src port, dst port, time stamps, etc to the remote log server.

pepe · January 3, 2023, 8:27am

Have you tried enabling logging in the NAT configuration ?

set nat source rule <number> log enable

Of course you have the syslog service properly configured in VyOS ?
https://docs.vyos.io/en/equuleus/configuration/system/syslog.html

RyVolodya · January 3, 2023, 1:07pm

Hello @magnitude ,

If you configure syslog on VyOS as described by @pepe
VyOS will send you a message of the following type to the server (example):

Jan 3 12:50:16 vyos kernel: [ 562.822549] [SRC-NAT-100-MASQ]IN=eth1 OUT=eth0 MAC=0c:10:51:fd:00:01:0c:80:37:d0:00:00:08:00 SRC=172.16.0.11 DST=216.58.208.205 LEN=52 TOS=0x00 PREC=0x00 TTL=127 ID=361 DF PROTO=TCP SPT=55029 DPT=443 WINDOW=8192 RES=0x00 SYN URGP=0

magnitude · January 7, 2023, 11:55am

Hello,

ive managed to use configure Netflow , to send iptables nat logs to remote host using ipfix/netflow.

raxxmo1 · December 30, 2023, 9:55am

Hi ,

can u guide me , how do i do this…

Regards