How to filter DNS entries from NAT Logging using flow-export v9?

kirancisco · ‎11-16-2011

We would like to block/filter all DNS NAT entries on a VRF from reaching the NAT Logger server.

Current Config:

ip nat log translations flow-export v9 udp destination 172.X.X.X 999 source Loopback0

ip nat log translations flow-export v9 vrf XX on

The NAT command reference says:

To enable high speed logging for all or some a Network Address Translation (NAT) translations, use the ip nat log translations flow-export command in global configuration mode. To remove one or more translations from the log, use the no form of this command.

ip nat log translations flow-export v9 {udp destination addr port source interface interface-number | {vrf-name | global-on}}

no ip nat log translations flow-export v9 {udp destination addr port source interface interface-number | {vrf-name | global-on}}

But when I use <no ip nat log translations flow-export v9 udp destination 172.X.X.X 53 source int Loopback0> the logging is disabled completely!

Can any one provide some configs/advice on how this can be done?

Thank You!

NickNac79 · ‎11-23-2011

Hi Kirancisco,

I think that the documentation may not be worded very well.

You can't filter specific translations as far as I'm aware (happy to be proven wrong though!) - if you need to filter out certain types, you'll need to do this on your Netflow collector.

The only thing that you can filter, is which VRFs you collect the logs for.

Sorry this is not better news.

Nick