Merge pull request #3493 from l0crian1/T6375-fix-add-nat-logging

c-po · web-flow · commit a67cde68b553 · 2024-05-21T19:50:13.000+02:00
T6375: Fix/Update NAT logging
diff --git a/interface-definitions/nat.xml.in b/interface-definitions/nat.xml.in
@@ -141,6 +141,7 @@
                 </children>
               </node>
               #include <include/inbound-interface.xml.i>
+              #include <include/firewall/log.xml.i>
               <node name="translation">
                 <properties>
                   <help>Translation address or prefix</help>
diff --git a/op-mode-definitions/show-log.xml.in b/op-mode-definitions/show-log.xml.in
@@ -464,12 +464,56 @@
             </properties>
             <command>journalctl --no-hostname --boot --unit lldpd.service</command>
           </leafNode>
-          <leafNode name="nat">
+          <node name="nat">
             <properties>
               <help>Show log for Network Address Translation (NAT)</help>
             </properties>
-            <command>egrep -i "kernel:.*\[NAT-[A-Z]{3,}-[0-9]+(-MASQ)?\]" $(find /var/log -maxdepth 1 -type f -name messages\* | sort -t. -k2nr)</command>
-          </leafNode>
+            <children>
+              <node name="destination">
+                <properties>
+                  <help>Show NAT destination log</help>
+                </properties>
+                <command>journalctl --no-hostname --boot -k | egrep "\[DST-NAT-[0-9]+\]"</command>
+                <children>
+                  <tagNode name="rule">
+                    <properties>
+                      <help>Show NAT destination log for specified rule</help>
+                    </properties>
+                    <command>journalctl --no-hostname --boot -k | egrep "\[DST-NAT-$6\]"</command>
+                  </tagNode>
+                </children>
+              </node>
+              <node name="source">
+                <properties>
+                  <help>Show NAT source log</help>
+                </properties>
+                <command>journalctl --no-hostname --boot -k | egrep "\[SRC-NAT-[0-9]+(-MASQ)?\]"&quot;"</command>
+                <children>
+                  <tagNode name="rule">
+                    <properties>
+                      <help>Show NAT source log for specified rule</help>
+                    </properties>
+                    <command>journalctl --no-hostname --boot -k | egrep "\[SRC-NAT-$6(-MASQ)?\]"</command>
+                  </tagNode>
+                </children>
+              </node>
+              <node name="static">
+                <properties>
+                  <help>Show NAT static log</help>
+                </properties>
+                <command>journalctl --no-hostname --boot -k | egrep "\[STATIC-(SRC|DST)-NAT-[0-9]+\]"</command>
+                <children>
+                  <tagNode name="rule">
+                    <properties>
+                      <help>Show NAT static log for specified rule</help>
+                    </properties>
+                    <command>journalctl --no-hostname --boot -k | egrep "\[STATIC-(SRC|DST)-NAT-$6\]"</command>
+                  </tagNode>
+                </children>
+              </node>
+            </children>
+            <command>journalctl --no-hostname --boot -k | egrep "\[(STATIC-)?(DST|SRC)-NAT-[0-9]+(-MASQ)?\]"</command>
+          </node>
           <leafNode name="ndp-proxy">
             <properties>
               <help>Show log for Neighbor Discovery Protocol (NDP) Proxy</help>
diff --git a/python/vyos/nat.py b/python/vyos/nat.py
@@ -300,12 +300,12 @@ def parse_nat_static_rule(rule_conf, rule_id, nat_type):
 
     output.append('counter')
 
-    if translation_str:
-        output.append(translation_str)
-
     if 'log' in rule_conf:
         output.append(f'log prefix "[{log_prefix}{log_suffix}]"')
 
+    if translation_str:
+        output.append(translation_str)
+
     output.append(f'comment "{log_prefix}"')
 
     return " ".join(output)
