How to properly log conntrack on CentOS 6?

A

aLap2016-03-21 10:44:35

linux

aLap, 2016-03-21 10:44:35

Greetings! There is a task (I think everyone who works in telecoms has encountered) to log nat broadcasts. I used Ulog, it suited me, now, when the traffic has exceeded 3 gigabits, ulog stacks processors with all the attendant consequences. NetFlow (ipt_netflow) would be ideal, but it doesn't collect broadcasts (is it misconfigured?). The question, in fact, is how to teach NetFlow to listen to broadcasts, or maybe there are some alternative ways. Thank you!

Reply

Answer the question

In order to leave comments, you need to log in

1 answer(s)

L

lovecraft, 2016-03-24
@aLap

Maybe this will help you?
Flow Output
For each flow observed by "conntrack", three flow records are output by
this tool. As explained below, three records are required to correlate
the NAT operation which took place. The assumption of source IP NAT will
be relaxed in a future release of this software.
The format of these lines is "flow-tools" CSV for NetFlow version 5. Of
course your NetFlow collector receives a proper UDP NetFlow payload, but
here we are looking at the default Syslog output. The fields are listed
in order in the table below: