Add some explanations to traffic logging (#301)

2026-04-15 23:16:36 +00:00 · 2025-03-29 16:38:27 +01:00
parent 83e006a7f3
commit e957933347
4 changed files with 42 additions and 7 deletions
--- a/public/docs-static/img/how-to-guides/traffic-events/p2p-traffic-events.png
+++ b/public/docs-static/img/how-to-guides/traffic-events/p2p-traffic-events.png
--- a/public/docs-static/img/how-to-guides/traffic-events/routed-traffic-events.png
+++ b/public/docs-static/img/how-to-guides/traffic-events/routed-traffic-events.png
--- a/src/components/NavigationDocs.jsx
+++ b/src/components/NavigationDocs.jsx
@@ -107,7 +107,7 @@ export const docsNavigation = [
             ]
         },
         {
-              title: 'Networks (new)',
+              title: 'Networks',
              isOpen: false,
              links: [
                  { title: 'Concept', href: '/how-to/networks' },
--- a/src/pages/how-to/traffic-events-logging.mdx
+++ b/src/pages/how-to/traffic-events-logging.mdx
@@ -1,10 +1,9 @@
 # Traffic Events Logging

 <Note>
-This feature is available only in the NetBird cloud and on the [Business plan](https://www.netbird.io/pricing?utm_source=docs&utm_content=traffic-events).
-It is an experimental feature, and its functionality and behavior may evolve, including changes to how data is collected
-or reported.
-To use this feature, ensure you have NetBird client version 0.39 or higher.
+This feature is available only in the NetBird cloud under the [Business plan](https://www.netbird.io/pricing?utm_source=docs&utm_content=traffic-events).
+It is an experimental feature, and its functionality may change over time — including how data is collected and reported.
+To use this feature, make sure you're running NetBird client version 0.39 or higher.
 </Note>


@@ -16,6 +15,41 @@ the connection, what resource was accessed, when it happened, where it originate
 network monitoring capabilities, it strengthens security measures and delivers actionable operational insights, empowering
 you to better manage and secure your environment.

+## How Traffic Events Logging Works
+
+NetBird offers flexibility as a peer-to-peer (p2p) overlay network and a remote network access solution. You can use NetBird to connect
+machines directly (p2p) when running the NetBird client on each machine. You can also use NetBird to organize remote employee access
+to internal networks like VPCs, office networks, and internal services without running the NetBird client on the remote resources using the [NetBird Networks](/how-to/networks) feature.
+The way you use NetBird influences the way traffic events are captured and logged. Below are the two main scenarios for traffic events logging
+that describe how NetBird logs traffic events for different types of connections.
+
+### Peer-to-Peer (P2P) Connections Logging
+
+When two peers are connected directly (p2p), NetBird captures and logs the traffic events for that connection on both peers.
+For example, if a user accessed an internal CRM from their laptop via a browser and port 443, NetBird would log the traffic events for that
+connection on both the user's machine and the CRM server. If the connection was blocked, such as when there is a
+[policy](/how-to/manage-network-access#managing-policies) that restricts access to the CRM server,
+NetBird would log the blocked event on the peer that refused the connection.
+
+<p>
+    <img src="/docs-static/img/how-to-guides/traffic-events/p2p-traffic-events.png" alt="traffic-events-p2p-diagram" className="imagewrapper-big"/>
+</p>
+
+### Peer-to-Network Resource Connections Logging
+
+When a peer connects to a [network resource](/how-to-guides/networks#resources), NetBird captures and logs the traffic
+events for that connection on the peer that initiated the connection, and on the routing peer that connects the peer to
+the internal network resource.
+
+A slightly modified example of the CRM connection scenario would be if instead of running the NetBird client on the CRM server,
+you used the NetBird Networks feature. In this case, if a user accessed an internal CRM from their laptop via a browser
+and port 443, NetBird would log the traffic events for that connection on the user's machine and the routing peer that
+routed the connection to the CRM server. If the connection was blocked, NetBird would log the blocked event on the routing peer.
+
+<p>
+    <img src="/docs-static/img/how-to-guides/traffic-events/routed-traffic-events.png" alt="traffic-events-routed-diagram" className="imagewrapper-big"/>
+</p>
+

 ## Enabling Traffic Events Logging

@@ -230,8 +264,9 @@ For site-2-site connections, the events will be similar to the above examples, b
 <p>
    <img src="/docs-static/img/how-to-guides/traffic-events/s2s-tcp-allowed.png" alt="S2S TCP Allowed" className="imagewrapper-big"/>
 </p>
+
 ## Limitations
-There are a few differences between the different Wireguard modes NetBird supports and the data captured by the NetBird agent.
+There are a few differences between the different WireGuard modes NetBird supports and the data captured by the NetBird client.
 | Feature | Kernel Mode | Userspace Mode | Netstack Mode |
 |:---------:|:-------------:|:----------------:|:---------------:|
 | Blocked traffic event | No | Yes | Yes |
@@ -240,7 +275,7 @@ There are a few differences between the different Wireguard modes NetBird suppor
 | Allowed rule ID for routed events | Yes | No | No |
 | Byte counters for routed events | Yes | No | No |

-We are actively working to improve the data captured by the NetBird agent in Kernel and userspace modes to align with customers' expectations.
+We are actively working to improve the data captured by the NetBird client in Kernel and userspace modes to align with customers' expectations.

 ## Conclusion
 Traffic events logging provides a powerful tool for monitoring and analyzing network traffic across your infrastructure.