NAT devices are required to log events like creation and deletion of
translations and information about the resources it is managing.
With the wide deployment of Carrier Grade NAT (CGN) devices, the
logging of events have become very important for legal purposes. The
logs are required in many cases to identify an attacker or a host
that was used to launch malicious attacks and/or for various other
purposes of accounting. Since there is no standard way of logging
this information, different NAT devices behave differently and hence
it is difficult to expect a consistent behavior. The lack of a
consistent way makes it difficult to write the collector applications
that would receive this data and process it to present useful
information. This document describes the information that is
required to be logged by the NAT devices.