diff options
| author | Christian Breunig <christian@breunig.cc> | 2024-05-22 08:16:57 +0200 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2024-05-22 08:16:57 +0200 |
| commit | d702b781f472a370ecb8c5d6a45cf19505948f3c (patch) | |
| tree | 02765b5971f4232475d6e174f85a383d888c939c | |
| parent | 202c1d15999175e745f762b6c349f458c82857b5 (diff) | |
| parent | d3fb767da14edd510e29f7fc42fea11a90437330 (diff) | |
| download | vyos-1x-d702b781f472a370ecb8c5d6a45cf19505948f3c.tar.gz vyos-1x-d702b781f472a370ecb8c5d6a45cf19505948f3c.zip | |
Merge pull request #3495 from vyos/mergify/bp/sagitta/pr-3493
T6375: Fix/Update NAT logging (backport #3493)
| -rw-r--r-- | interface-definitions/nat.xml.in | 1 | ||||
| -rw-r--r-- | op-mode-definitions/show-log.xml.in | 50 | ||||
| -rw-r--r-- | python/vyos/nat.py | 6 |
3 files changed, 51 insertions, 6 deletions
diff --git a/interface-definitions/nat.xml.in b/interface-definitions/nat.xml.in index 0a639bd80..73a748137 100644 --- a/interface-definitions/nat.xml.in +++ b/interface-definitions/nat.xml.in @@ -141,6 +141,7 @@ </children> </node> #include <include/inbound-interface.xml.i> + #include <include/firewall/log.xml.i> <node name="translation"> <properties> <help>Translation address or prefix</help> diff --git a/op-mode-definitions/show-log.xml.in b/op-mode-definitions/show-log.xml.in index 78c03f511..c1e441e40 100644 --- a/op-mode-definitions/show-log.xml.in +++ b/op-mode-definitions/show-log.xml.in @@ -464,12 +464,56 @@ </properties> <command>journalctl --no-hostname --boot --unit lldpd.service</command> </leafNode> - <leafNode name="nat"> + <node name="nat"> <properties> <help>Show log for Network Address Translation (NAT)</help> </properties> - <command>egrep -i "kernel:.*\[NAT-[A-Z]{3,}-[0-9]+(-MASQ)?\]" $(find /var/log -maxdepth 1 -type f -name messages\* | sort -t. -k2nr)</command> - </leafNode> + <children> + <node name="destination"> + <properties> + <help>Show NAT destination log</help> + </properties> + <command>journalctl --no-hostname --boot -k | egrep "\[DST-NAT-[0-9]+\]"</command> + <children> + <tagNode name="rule"> + <properties> + <help>Show NAT destination log for specified rule</help> + </properties> + <command>journalctl --no-hostname --boot -k | egrep "\[DST-NAT-$6\]"</command> + </tagNode> + </children> + </node> + <node name="source"> + <properties> + <help>Show NAT source log</help> + </properties> + <command>journalctl --no-hostname --boot -k | egrep "\[SRC-NAT-[0-9]+(-MASQ)?\]"""</command> + <children> + <tagNode name="rule"> + <properties> + <help>Show NAT source log for specified rule</help> + </properties> + <command>journalctl --no-hostname --boot -k | egrep "\[SRC-NAT-$6(-MASQ)?\]"</command> + </tagNode> + </children> + </node> + <node name="static"> + <properties> + <help>Show NAT static log</help> + </properties> + <command>journalctl --no-hostname --boot -k | egrep "\[STATIC-(SRC|DST)-NAT-[0-9]+\]"</command> + <children> + <tagNode name="rule"> + <properties> + <help>Show NAT static log for specified rule</help> + </properties> + <command>journalctl --no-hostname --boot -k | egrep "\[STATIC-(SRC|DST)-NAT-$6\]"</command> + </tagNode> + </children> + </node> + </children> + <command>journalctl --no-hostname --boot -k | egrep "\[(STATIC-)?(DST|SRC)-NAT-[0-9]+(-MASQ)?\]"</command> + </node> <leafNode name="ndp-proxy"> <properties> <help>Show log for Neighbor Discovery Protocol (NDP) Proxy</help> diff --git a/python/vyos/nat.py b/python/vyos/nat.py index 2ada29add..e54548788 100644 --- a/python/vyos/nat.py +++ b/python/vyos/nat.py @@ -300,12 +300,12 @@ def parse_nat_static_rule(rule_conf, rule_id, nat_type): output.append('counter') - if translation_str: - output.append(translation_str) - if 'log' in rule_conf: output.append(f'log prefix "[{log_prefix}{log_suffix}]"') + if translation_str: + output.append(translation_str) + output.append(f'comment "{log_prefix}"') return " ".join(output) |