How to log NAT connections with nftables ?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hello,

I've got a Debian Bullseye host acting as a gateway to the Internet.
It serves around 100 simultaneous end users for mainstream usage (web
surfing, email, You Tube, ...).

For compliance reasons, I need to log NAT connections ie:
a timestamp, a private IPv4:port, a NATed IPv4:port and a destination IPv4:port.

Upon request, given a timestamp, a NATed IPv4 and a port, I must be
able to find the corresponding  IPv4 and port.
I don't mind collecting data files with a shell script before
processing files somewhere else and pushing data into an SQL database
later on.
Data retention period is 1 year.

1. How can I best produce these logs with netfilter ?
What are your recommendations ?

2. From previous experience, is it worth the effort to remove DNS or
other traffic from such logs to save disk space ?

3. Does it make sense to use Netflow/IPfix to separate log production
from log consolidation and storage ?

Cheers



[Index of Archives]     [Linux Netfilter Development]     [Linux Kernel Networking Development]     [Netem]     [Berkeley Packet Filter]     [Linux Kernel Development]     [Advanced Routing & Traffice Control]     [Bugtraq]

  Powered by Linux