Is there a way to log snat transations
cfernandez
Member ✭
in System
We just moved our LDAP service to our new A10 load balancers. Our PROD partition (which is where our LDAP virtual server is on) is running in one arm mode utilizing a snat pool. Every thing is working fine but our LDAP administrator is asking if there is a way to save a log file of the snat translations for the LDAP virtual server to a remote logging server? Or is there a way for the servers to see the client IP address when snat is configured?
I would appreciate your help. Thank you.
I would appreciate your help. Thank you.
0
Comments
As you probably know when you have the AX configured in one arm mode you need to use source NAT, One way would be to disable source NAT and configure server to point to the AX as its gateway; however, if that is not possible you may be able to use syslog to log the session. One last option would be to use aflex to insert the IP address. Plus there may be some additional aflex capabilities along these line in a future release.
# This aFleX logs Client/Server IP/Port information for security when using Source NAT
when CLIENT_ACCEPTED {
set timestamp [clock format [clock seconds] -format {%Y-%m-%d %H:%M:%S}]
set cip [IP::client_addr]
set cport [TCP::client_port]
set vip [IP::local_addr]
set vport [TCP::local_port]
}
when SERVER_CONNECTED {
set sip [IP::server_addr]
set sport [TCP::server_port]
set snat_ip [IP::local_addr]
set snat_port [TCP::local_port]
log "$timestamp - $cip:$cport -> $vip:$vport to $snat_ip:$snat_port -> $sip:$sport"
}
My apologies for the very late reply (I didn't get an email notification someone had responded to my post). I want to thank you for your reply. I will test out your proposed aFlex and let you know the results. Once again, thank you.