Hello guys!
Since of 6.33 release of ROS it's possible to track full NAT translations history via Netflow protocol version 9. In most countries providers must keep track users access log to goverment agency. It was hard to do it with NAT usually.
Did someone setup configuration with NAT logging using opensource collector software?
My infestigation is the folowing:
1. Mikrotik itself is providing nessesarry information according to Netflow V9 standart.
2. I run some modern netflow collector code writen on node.js: http://deliantech.blogspot.com/2014/06/ ... odejs.html and got full information from Mikrotik flow. But it's not usable in production because of text output and lack of administrative features.
3. I run nfcapd/nfdump for years: http://nfdump.sourceforge.net/ This software has fine toolset, but unfortunately has lack of support of Netflow9. You can only compile some predifine fixed templates used by Cisco devices. I think code is not designed for flexible template support.
4. I found very powerfool set of netflow tools called SiLK: https://tools.netsa.cert.org/silk/ but it's very complecated. You need probably a lot of time only to install and configure it. May be someone already have tested it with Mikrotik?
Please share your experience!