Ask Your Question
1

OpenStack NAT Logs

asked 2018-11-27 04:54:44 -0500

hcotuk gravatar image

updated 2018-11-27 04:55:24 -0500

Hi there,

I am looking for a way to log VM inbound/outbound traffic to/from Internet. Instances with floating IPs can be followed by the floating IP itself. But instances without floating IPs are NATted to project router IP. In order to conform to regulations, I want to log source/destination IP and port numbers with a valid timestamp. Actually iptables can log this traffic with "-j LOG" parameter but neutron does not have any flag to enable iptables logging.

Is there any way to do this?

My Best,

Huseyin

edit retag flag offensive close merge delete

1 answer

Sort by ยป oldest newest most voted
0

answered 2018-11-27 05:35:19 -0500

Neutron Packet Logging Framework may do this,

Packet logging service is designed as a Neutron plug-in that captures network packets for relevant resources (e.g. security group or firewall group) when the registered events occur.

refer to: https://docs.openstack.org/neutron/ro...

edit flag offensive delete link more

Comments

Thanks for your answer. AFAIS, linuxbridge implementation is under development. It seems that I have to wait a bit more.

hcotuk gravatar imagehcotuk ( 2018-11-27 06:02:46 -0500 )edit

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Get to know Ask OpenStack

Resources for moderators

Question Tools

1 follower

Stats

Asked: 2018-11-27 04:54:44 -0500

Seen: 26 times

Last updated: Nov 27 '18