摘要：

本发明涉及日志系统技术领域,尤其涉及一种基于Linux的Nat日志记录方法与装置,所述方法包括:A.数据报文到达网卡,并进入内核防火墙;B.数据报文到达第一检测点,判断是否需要做DNat记录,是则对所述数据报文做DNat记录,并通过传输接口记录后执行步骤C,否则直接执行步骤C;C.数据报文进入第二检测点,判断是否需要做SNat记录,是则对所述数据报文做SNat记录,并通过传输接口记录后执行步骤D,否则直接执行步骤D;D.内核防火墙将数据报文通过Netlink发送到用户层. The present invention relates to the field log system, particularly to a Linux-Nat based logging method and apparatus, the method comprising: A data packet reaches the card and enter the kernel firewall; B data packets reach the first checkpoint. to determine whether you need to do DNat record, it is then for the data packets do DNat records and perform steps C through the transmission interface records, or directly to step C;. C data packets into the second detection point, to justify do SNat record, it is then for the data packets do SNat records and perform steps D through the transmission interface records, or directly to step D;. D kernel firewall data packets sent to the user level by Netlink. 本发明减少了数据的拷贝,以及系统调用的次数,提高了日志系统性能,使系统更加快速,准确,足够处理大流量的Nat环境需求. The present invention reduces the copy of the data, and the number of system calls, log improve system performance, making the system more quickly and accurately enough to handle large flow Nat environmental needs.

展开