Prior to the feature enhancement, the only way to monitor changes in the Network Address Translation (NAT) table was to continuously issue the show ip nat translation command or view the output of the debug ip nat command.
The "ip nat log translations syslog" command enable NAT logging. Every NAT translation created on the router is logged in syslog. These logs can be sent to console, syslog host or router buffer.
if you are enabling the address translations logs on your edge router, You should configure the no logging console first in a production environment; otherwise your router will hang a few moments after you’ve enabled NAT logging.
The nat logs include 3 items:
1) layer-3/4 protocol (ICMP,TCP,UDP).
2) Inside local and global addresses and port numbers.
3) outside local and global addresses and port numbers.
Example: The following messages were logged when an inside host 10.1.1.2 tried to ping and telnet to web server at the IP address 172.16.1.1.The inside source address 10.1.1.1 was translated 192.168.1.1
You can also use logging discriminator to determine which syslog messages to display / log. The logging discriminator can be enabled on the buffered, console and monitor outputs. The pattern to match on can be a reg ex to process more complicated patterns.