I've trying to set a NAT logging system up to comply with local regulation (copyright infringement and so on) in a RouterOS 6.48 environment.
I'm completely new to NetFlow/IPFIX world.
I intend (but I'm not 100% sure yet) to save NAT translation details and leave out outbound flows destination addresses and ports.
My lab setup includes:
- an hex PoE with 6.48 connected to a LAN
- a Debian Bullseye host acting as a NetFlow/IPFIX collector
- a laptop connected to the hex PoE
WebFig allow NAT events inclusion. It seems NAT Events in IPFIX are covered by RFC8158.
1. Do you know if package nfdump can process such NAT Events (looking at [1], it seems it cannot) ?
2. I tried pmacct with the command bellow. This command prints on stdout lines such as bellow.
As you may see, timestamp values (start and end) are identical.
Where does it come ? From my RouterOS device or from nfacctd ?
Code: Select all
SRC_IP SRC_PORT PROTOCOL POST_NAT_SRC_IP POST_NAT_SRC_PORT NAT_EVENT TIMESTAMP_START TIMESTAMP_END PACKETS BYTES
192.168.33.44 57088 tcp 192.168.64.70 57088 0 2022-03-09 17:40:45.000000 2022-03-09 17:40:45.000000 14 2750Best regards