====== NAT flow export ======
{{indexmenu_n>5}}

===== Export NAT flows in IPFIX (Netflow 10) =====
For data analisys on NAT flows on external systems IPFIX export is available (aka netflow v10).

Settings of NAT flows export:
<code ini>
ipfix_dev=em1
ipfix_nat_udp_collectors=1.2.3.4:1500,1.2.3.5:1501
ipfix_nat_tcp_collectors=1.2.3.6:9418
</code>
here
  * **em1** - network device name for export
  * **ipfix_nat_udp_collectors** - addresses of udp collectors
  * **ipfix_nat_tcp_collectors** - addresses of tcp collectors

^IPFIX template for NAT flows export^^^^^ 
^ID	^IANA ^Size	^Type ^ Description^ 
|323    |0    |8              |int64      | SYSTEM_TIME_WHEN_THE_EVENT_OCCURRED| 
|4      |0    |1              |int8       | PROTOCOL_IDENTIFIER | 
|230    |0    |1              |int8       | TYPE_OF_EVENT | 
|8      |0    |4              |IP v4      | SOURCE_IPV4_ADDRESS | 
|225    |0    |4              |IP v4      | POST_NAT_SOURCE_IPV4_ADDRESS | 
|7      |0    |2              |int16      | SOURCE_PORT | 
|227    |0    |2              |int16      | POST_NAPT_SOURCE_TRANSPORT_PORT |
|12     |0    |4              |IP v4      | DESTINATION_IPV4_ADDRESS | 
|11     |0    |2              |int16      | DESTINATION_TRANSPORT_PORT | 
|2000   |43823|8              |int64      | SESSION_ID |
|2003   |43823|               |string     | LOGIN |

To collect information in IPFIX any universal collector can be used or [[en:dpi:dpi_components:utilities:ipfixreceiver|IPFIX Receiver]] utility.

Also NAT information is transmited in fields postNATsourceIPv4Address and postNAPTsourceTransportPort in IPFIX export [[en:dpi:dpi_options:opt_statistics:statistics_ipfix|full Netflow]]

===== Export NAT flows in text file =====
Settings for NAT flow export in text file on Stingray Service Gateway DPI server are in the configuration file /etc/dpi/fastdpi.conf:

<code ini>
ajb_save_nat=1
ajb_save_nat_format=ts:ssid:event:login:proto:ipsrc:portsrc:ipsrcpostnat:portsrcpostnat:ipdst:portdst
ajb_nat_path=/var/dump/dpi
ajb_nat_ftimeout=30
</code>
here
  * ajb_save_nat=1 activate export NAT flows in text file
  * ajb_nat_path=/var/dump/dpi directory for files with NAT flows (default /var/dump/dpi)
  * ajb_nat_ftimeout=30 time period of records
  * ajb_save_nat_format=ts:ssid:event:login:proto:ipsrc:portsrc:ipsrcpostnat:portsrcpostnat:ipdst:portdst list and order of recorder fields, here
    * ts - timestamp
    * ssid - session id (for link with Netflow/IPFIX by volume)
    * event - event : 1 - NAT44 Session create, 2 - NAT44 Session delete
    * login - subscriber login 
    * ipsrc - IP address of request source (subscriber)
    * portsrc - port of request source (subscriber)
    * ipsrcpostnat - IP address of request source (subscriber) after NAT translation 
    * portsrcpostnat - port of request source (subscriber) after NAT translation 
    * ipdst - destination IP address (host)
    * portdst - destination port (host).

<note tip>The file system for writing logs must be fast and local (no NFS and other remotes), this type of journaling is recommended only for short-term diagnostics.</note>