Hello, I've got a Debian Bullseye host acting as a gateway to the Internet. It serves around 100 simultaneous end users for mainstream usage (web surfing, email, You Tube, ...). For compliance reasons, I need to log NAT connections ie: a timestamp, a private IPv4:port, a NATed IPv4:port and a destination IPv4:port. Upon request, given a timestamp, a NATed IPv4 and a port, I must be able to find the corresponding IPv4 and port. I don't mind collecting data files with a shell script before processing files somewhere else and pushing data into an SQL database later on. Data retention period is 1 year. 1. How can I best produce these logs with netfilter ? What are your recommendations ? 2. From previous experience, is it worth the effort to remove DNS or other traffic from such logs to save disk space ? 3. Does it make sense to use Netflow/IPfix to separate log production from log consolidation and storage ? Cheers
