mirror of
https://github.com/netbirdio/docs.git
synced 2026-04-16 15:36:36 +00:00
Add some explanations to traffic logging (#301)
This commit is contained in:
Misha Bragin
@@ -107,7 +107,7 @@ export const docsNavigation = [
|
||||
]
|
||||
},
|
||||
{
|
||||
title: 'Networks (new)',
|
||||
title: 'Networks',
|
||||
isOpen: false,
|
||||
links: [
|
||||
{ title: 'Concept', href: '/how-to/networks' },
|
||||
|
||||
@@ -1,10 +1,9 @@
|
||||
# Traffic Events Logging
|
||||
|
||||
<Note>
|
||||
This feature is available only in the NetBird cloud and on the [Business plan](https://www.netbird.io/pricing?utm_source=docs&utm_content=traffic-events).
|
||||
It is an experimental feature, and its functionality and behavior may evolve, including changes to how data is collected
|
||||
or reported.
|
||||
To use this feature, ensure you have NetBird client version 0.39 or higher.
|
||||
This feature is available only in the NetBird cloud under the [Business plan](https://www.netbird.io/pricing?utm_source=docs&utm_content=traffic-events).
|
||||
It is an experimental feature, and its functionality may change over time — including how data is collected and reported.
|
||||
To use this feature, make sure you're running NetBird client version 0.39 or higher.
|
||||
</Note>
|
||||
|
||||
|
||||
@@ -16,6 +15,41 @@ the connection, what resource was accessed, when it happened, where it originate
|
||||
network monitoring capabilities, it strengthens security measures and delivers actionable operational insights, empowering
|
||||
you to better manage and secure your environment.
|
||||
|
||||
## How Traffic Events Logging Works
|
||||
|
||||
NetBird offers flexibility as a peer-to-peer (p2p) overlay network and a remote network access solution. You can use NetBird to connect
|
||||
machines directly (p2p) when running the NetBird client on each machine. You can also use NetBird to organize remote employee access
|
||||
to internal networks like VPCs, office networks, and internal services without running the NetBird client on the remote resources using the [NetBird Networks](/how-to/networks) feature.
|
||||
The way you use NetBird influences the way traffic events are captured and logged. Below are the two main scenarios for traffic events logging
|
||||
that describe how NetBird logs traffic events for different types of connections.
|
||||
|
||||
### Peer-to-Peer (P2P) Connections Logging
|
||||
|
||||
When two peers are connected directly (p2p), NetBird captures and logs the traffic events for that connection on both peers.
|
||||
For example, if a user accessed an internal CRM from their laptop via a browser and port 443, NetBird would log the traffic events for that
|
||||
connection on both the user's machine and the CRM server. If the connection was blocked, such as when there is a
|
||||
[policy](/how-to/manage-network-access#managing-policies) that restricts access to the CRM server,
|
||||
NetBird would log the blocked event on the peer that refused the connection.
|
||||
|
||||
<p>
|
||||
<img src="/docs-static/img/how-to-guides/traffic-events/p2p-traffic-events.png" alt="traffic-events-p2p-diagram" className="imagewrapper-big"/>
|
||||
</p>
|
||||
|
||||
### Peer-to-Network Resource Connections Logging
|
||||
|
||||
When a peer connects to a [network resource](/how-to-guides/networks#resources), NetBird captures and logs the traffic
|
||||
events for that connection on the peer that initiated the connection, and on the routing peer that connects the peer to
|
||||
the internal network resource.
|
||||
|
||||
A slightly modified example of the CRM connection scenario would be if instead of running the NetBird client on the CRM server,
|
||||
you used the NetBird Networks feature. In this case, if a user accessed an internal CRM from their laptop via a browser
|
||||
and port 443, NetBird would log the traffic events for that connection on the user's machine and the routing peer that
|
||||
routed the connection to the CRM server. If the connection was blocked, NetBird would log the blocked event on the routing peer.
|
||||
|
||||
<p>
|
||||
<img src="/docs-static/img/how-to-guides/traffic-events/routed-traffic-events.png" alt="traffic-events-routed-diagram" className="imagewrapper-big"/>
|
||||
</p>
|
||||
|
||||
|
||||
## Enabling Traffic Events Logging
|
||||
|
||||
@@ -230,8 +264,9 @@ For site-2-site connections, the events will be similar to the above examples, b
|
||||
<p>
|
||||
<img src="/docs-static/img/how-to-guides/traffic-events/s2s-tcp-allowed.png" alt="S2S TCP Allowed" className="imagewrapper-big"/>
|
||||
</p>
|
||||
|
||||
## Limitations
|
||||
There are a few differences between the different Wireguard modes NetBird supports and the data captured by the NetBird agent.
|
||||
There are a few differences between the different WireGuard modes NetBird supports and the data captured by the NetBird client.
|
||||
| Feature | Kernel Mode | Userspace Mode | Netstack Mode |
|
||||
|:---------:|:-------------:|:----------------:|:---------------:|
|
||||
| Blocked traffic event | No | Yes | Yes |
|
||||
@@ -240,7 +275,7 @@ There are a few differences between the different Wireguard modes NetBird suppor
|
||||
| Allowed rule ID for routed events | Yes | No | No |
|
||||
| Byte counters for routed events | Yes | No | No |
|
||||
|
||||
We are actively working to improve the data captured by the NetBird agent in Kernel and userspace modes to align with customers' expectations.
|
||||
We are actively working to improve the data captured by the NetBird client in Kernel and userspace modes to align with customers' expectations.
|
||||
|
||||
## Conclusion
|
||||
Traffic events logging provides a powerful tool for monitoring and analyzing network traffic across your infrastructure.
|
||||
|
||||
Reference in New Issue
Block a user