• Introduction
• Configuration Overview:
• Reference:

Introduction

Prior to the feature enhancement, the only way to monitor changes in the Network Address Translation (NAT) table was to continuously issue the show ip nat translation command or view the output of the debug ip nat command.

Configuration Overview:

The "ip nat log translations syslog" command enable NAT logging. Every NAT translation created on the router is logged in syslog. These logs can be sent to console, syslog host or router buffer.

if you are enabling the address translations logs on your edge router, You should configure the no logging console first in a production environment; otherwise your router will hang a few moments after you’ve enabled NAT logging.

The nat logs include 3 items:

1) layer-3/4 protocol (ICMP,TCP,UDP).

2) Inside local and global addresses and port numbers.

3) outside local and global addresses and port numbers.

Example: The following messages were logged when an inside host 10.1.1.2 tried to ping and telnet to web server at the IP address 172.16.1.1.The inside source address 10.1.1.1 was translated 192.168.1.1

You can also use logging discriminator to determine which syslog messages to display / log. The logging discriminator can be enabled on the buffered, console and monitor outputs. The pattern to match on can be a reg ex to process more complicated patterns.

Example:

1) No telnet related translate log on console.

R1(config)# logging discriminator cisco msg-body drops :23

R1(config)# logging console discriminator cisco

2)Only telnet related translate log on console

R1(config)# logging discriminator cisco msg-body includes ":23"

R1(config)# logging console discriminator cisco

You can also use following command to filter logs for various Syslog’s output.

logging buffered discrimiantor

logging monitor discriminator

logging host discriminator

Reference:

ip nat log translations syslog