Firewalls like iptables usually offer POSTROUTING source network address translation facilities changing the source address of a host behind the firewall to the address of the host before the firewall.
The standard log facilities provided by iptables do not easily allow us to associate addresses behind the firewall to their source-natted equivalents before the firewall. Natlog was
designed to fill in that particular niche.
When running natlog, messages are sent to the syslog daemon and/or to the standard output stream showing the essential characteristics of the connection using source natting. Here is an example:
from Fri 8 22:30:10:55588 until Fri 8 22:40:43:807100: 192.168.19.72:4467 (via: 18.104.22.168:4467) to 22.214.171.124:443
Natlog depends on facilities provided by iptables; work is in progress to generate logs using facilities offered by the pcap library
Be the first to post a review of natlog!