Skip to main content

Shepherd writeup

1. Summary

   The responsible Area Director is Spencer Dawkins, who is also 
   acting as document shepherd.

   Network operators require NAT devices to log events like creation and
   deletion of translations and information about the resources that the
   NAT device is managing.  The logs are essential in many cases to
   identify an attacker or a host that was used to launch malicious
   attacks and for various other purposes of accounting.  Since there is
   no standard way of logging this information, different NAT devices
   log the information using proprietary formats and hence it is
   difficult to expect a consistent behavior.  The lack of a consistent
   way to log the data makes it difficult to write the collector
   applications that would receive this data and process it to present
   useful information.  This document describes the formats for logging
   of NAT events.

2. Review and Consensus

   For much of its life, this work existed in the BEHAVE working group. 
   It became an AD-sponsored draft when the BEHAVE working group
   was concluded. As a working group draft, it was not controversial,
   and much of the focus of discussion was between the authors of this 
   draft, an MIB NAT management document (now RFCs 7658-7659, and 
   a SYSLOG NAT management document, working to make sure each 
   NAT management tool provided equivalent functionality, to the extent 

   Reviews were provided by Dan Wing (former BEHAVE WG chair), Paul 
   Aitken (on general use of IPFIX), Phillip Hallam-Baker (for 
   SECDIR), Dan Romascanu (for OPDIR), Paul Aitken (for IANA), 
   Juergen Quittek and Brian Trammell (for IPFIX IE-doctors),
   Tom Taylor checked this draft for consistency with the NAT MIB
   draft and the SYSLOG draft, and provided comments.

3. Intellectual Property

   Each author has confirmed conformance with BCP 78/79. There are no IPR
   disclosures on the document.

4. Other Points

   None noted.