nft log level audit writes the messages into the audit buffer for reading with ausearch.
I want to use it instead of journalctl, but it is very limited. Only shows saddr,daddr and proto:
ausearch -i -m netfilter_pkt
type=NETFILTER_PKT msg=audit(06/20/2024 15:49:52.819:576) : mark=0x0 saddr=<ip> daddr=<ip> proto=tcp
----
type=NETFILTER_PKT msg=audit(06/20/2024 15:49:56.452:577) : mark=0x0 saddr=<ip> daddr=<ip> proto=tcp
...
dpt and spt is needed.
For the output packets the sid and gid is needed.
I can't believe I'm the only one who has this need. No one else has reported it?
nft log level auditwrites the messages into the audit buffer for reading withausearch.I want to use it instead of
journalctl, but it is very limited. Only showssaddr,daddrandproto:dptandsptis needed.For the output packets the sid and gid is needed.
I can't believe I'm the only one who has this need. No one else has reported it?