Ask Your Question

OpenStack NAT Logs

asked 2018-11-27 04:54:44 -0500

hcotuk gravatar image

updated 2018-11-27 04:55:24 -0500

Hi there,

I am looking for a way to log VM inbound/outbound traffic to/from Internet. Instances with floating IPs can be followed by the floating IP itself. But instances without floating IPs are NATted to project router IP. In order to conform to regulations, I want to log source/destination IP and port numbers with a valid timestamp. Actually iptables can log this traffic with "-j LOG" parameter but neutron does not have any flag to enable iptables logging.

Is there any way to do this?

My Best,


edit retag flag offensive close merge delete

1 answer

Sort by ยป oldest newest most voted

answered 2018-11-27 05:35:19 -0500

Neutron Packet Logging Framework may do this,

Packet logging service is designed as a Neutron plug-in that captures network packets for relevant resources (e.g. security group or firewall group) when the registered events occur.

refer to:

edit flag offensive delete link more


Thanks for your answer. AFAIS, linuxbridge implementation is under development. It seems that I have to wait a bit more.

hcotuk gravatar imagehcotuk ( 2018-11-27 06:02:46 -0500 )edit

Get to know Ask OpenStack

Resources for moderators

Question Tools

1 follower


Asked: 2018-11-27 04:54:44 -0500

Seen: 148 times

Last updated: Nov 27 '18