IP Flow Information Export (IPFIX) Information Elements for Logging NAT Events
Draft of message to be sent after approval:
From: The IESG <firstname.lastname@example.org> To: IETF-Announce <email@example.com> Cc: firstname.lastname@example.org, Spencer Dawkins <email@example.com>, firstname.lastname@example.org, email@example.com, The IESG <firstname.lastname@example.org> Subject: Protocol Action: 'IPFIX Information Elements for logging NAT Events' to Proposed Standard (draft-ietf-behave-ipfix-nat-logging-13.txt) The IESG has approved the following document: - 'IPFIX Information Elements for logging NAT Events' (draft-ietf-behave-ipfix-nat-logging-13.txt) as Proposed Standard This document has been reviewed in the IETF but is not the product of an IETF Working Group. The IESG contact person is Spencer Dawkins. A URL of this Internet Draft is: https://datatracker.ietf.org/doc/draft-ietf-behave-ipfix-nat-logging/
Technical Summary Network operators require NAT devices to log events like creation and deletion of translations and information about the resources that the NAT device is managing. The logs are essential in many cases to identify an attacker or a host that was used to launch malicious attacks and for various other purposes of accounting. Since there is no standard way of logging this information, different NAT devices log the information using proprietary formats and hence it is difficult to expect a consistent behavior. The lack of a consistent way to log the data makes it difficult to write the collector applications that would receive this data and process it to present useful information. This document describes the formats for logging of NAT events. Working Group Summary For much of its life, this work existed in the BEHAVE working group. It became an AD-sponsored draft when the BEHAVE working group was concluded. As a working group draft, it was not controversial, and much of the focus of discussion was between the authors of this draft, an MIB NAT management document (now RFCs 7658-7659, and a SYSLOG NAT management document, working to make sure each NAT management tool provided equivalent functionality, to the extent possible. Document Quality Reviews were provided by Dan Wing (former BEHAVE WG chair), Paul Aitken (on general use of IPFIX), Phillip Hallam-Baker (for SECDIR), Dan Romascanu (for OPDIR), Paul Aitken (for IANA), Juergen Quittek and Brian Trammell (for IPFIX IE-doctors), Tom Taylor checked this draft for consistency with the NAT MIB draft and the SYSLOG draft, and provided comments. Personnel The responsible Area Director is Spencer Dawkins, who is also acting as document shepherd.