IP Flow Information Export (IPFIX) Information Elements for Logging NAT Events, December 2017
- File formats:
- PROPOSED STANDARD
- S. Sivakumar
- NON WORKING GROUP
Discuss this RFC: Send questions or comments to firstname.lastname@example.org
Network operators require NAT devices to log events like creation and deletion of translations and information about the resources that the NAT device is managing. In many cases, the logs are essential to identify an attacker or a host that was used to launch malicious attacks and for various other purposes of accounting. Since there is no standard way of logging this information, different NAT devices use proprietary formats; hence, it is difficult to expect consistent behavior. This lack of standardization makes it difficult to write the Collector applications that would receive this data and process it to present useful information. This document describes the formats for logging NAT events.
For the definition of Status, see RFC 2026.
For the definition of Stream, see RFC 4844.