Unlock instant, AI-driven research and patent intelligence for your innovation.

Method and system for associating sessions before and after NAT according to syslog logs

A log and analysis system technology, applied in transmission systems, digital transmission systems, data exchange networks, etc., can solve problems such as correlation analysis without associated sessions, and achieve the effect of ensuring continuity and strong traceability

Active Publication Date: 2021-04-16
科来网络技术股份有限公司
View PDF5 Cites 2 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

However, after obtaining the before and after NAT logs of syslog, there is no method for correlating session correlation analysis of the before and after NAT logs of syslog and applying it to traffic analysis scenarios

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Method and system for associating sessions before and after NAT according to syslog logs
  • Method and system for associating sessions before and after NAT according to syslog logs
  • Method and system for associating sessions before and after NAT according to syslog logs

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0037] This embodiment proposes a method for associating sessions before and after NAT according to syslog logs, such as figure 1 As shown, the design idea of ​​the method is: set traffic collection probes before and after the F5 device to collect traffic information, summarize the collected traffic information to the analysis system, and at the same time, the F5 device pushes the syslog log to the analysis system, and the analysis system Analyze the information, and then integrate the traffic collection probe collection sessions for analysis. From this as figure 2 As shown, the method includes the following steps:

[0038] S1, F5 devices are equipped with flow collection probes; figure 1 Probe A and Probe B shown in;

[0039] S2, the flow collection probe sends the collected flow information to the analysis system;

[0040] S3, the F5 device pushes the syslog logs before and after the NAT to the analysis system; in this embodiment, the F5 device regularly pushes the sysl...

Embodiment 2

[0053] This embodiment implements a system for associating sessions before and after NAT according to syslog logs, such as figure 1 As shown, the system for associating sessions before and after NAT according to syslog logs includes: F5 equipment, traffic collection probes and analysis systems; the F5 equipment, traffic collection probes and analysis systems are associated according to syslog logs described in Embodiment 1 Method execution for pre- and post-NAT sessions. Refer to Embodiment 1 for the specific execution process, and details are not repeated here.

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention provides a method and a system for associating sessions before and after NAT according to syslog logs. The method comprises the following steps: S1, arranging flow acquisition probes in front of and behind F5 equipment; S2, the flow acquisition probe sending the acquired flow information to an analysis system; S3, the F5 equipment pushing syslog logs before and after the NAT to an analysis system; S4, defining an analysis field by the analysis system according to a known format; S5, parsing TCP sessions before and after the NAT from the syslog log according to the parsing field; and S6, the analysis system performing association session analysis on the TCP sessions before and after the NAT by combining the analyzed TCP sessions with the flow information acquired by the flow acquisition probe. According to the method, the flow information of the F5 equipment and the syslog logs before and after the NAT are combined and analyzed, so that session association before and after the NAT is realized.

Description

technical field [0001] The invention relates to the fields of network management and network statistics, in particular to a method and system for associating sessions before and after NAT according to syslog logs. Background technique [0002] The F5 device is a load balancing and traffic forwarding device. The BIG-IP system of the F5 device provides two address translation mechanisms, NAT and SNAT, both of which can access the external network through address translation. The function is to convert the private network IP to the public network IP when the private network IP accesses the public network. Accessing this public network IP can directly access the mapped private network server. NAT is a one-to-one address mapping relationship in F5 devices. That is, a public IP address is only mapped to a private IP address. [0003] The load balancing log of the F5 device can be collected through the syslog protocol, and the NAT log information can be collected only by configu...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Applications(China)
IPC IPC(8): H04L29/12H04L12/26H04L12/803H04L29/06
CPCY02D30/50
Inventor 龙姗
Owner 科来网络技术股份有限公司