NAT: syslog - sessions logging (VPP-1139)

Change-Id: I6e0b7cf37c1a9ac66f8ac011db29504e57844ee9
Signed-off-by: Matus Fabian <matfabia@cisco.com>

11 files changed, 463 insertions, 2 deletions

diff --git a/src/plugins/nat/CMakeLists.txt b/src/plugins/nat/CMakeLists.txt
index 76662f96cf3..134aafed509 100644
--- a/src/plugins/nat/CMakeLists.txt
+++ b/src/plugins/nat/CMakeLists.txt
@@ -47,6 +47,7 @@ add_vpp_plugin(nat
   nat66_out2in.c
   nat_affinity.c
   nat_format.c
+  nat_syslog.c
 
   API_FILES
   nat.api
diff --git a/src/plugins/nat/dslite_in2out.c b/src/plugins/nat/dslite_in2out.c
index e7a3028f28a..5c1de19b8b2 100644
--- a/src/plugins/nat/dslite_in2out.c
+++ b/src/plugins/nat/dslite_in2out.c
@@ -14,6 +14,7 @@
  */
 #include <nat/dslite.h>
 #include <nat/nat_inlines.h>
+#include <nat/nat_syslog.h>
 
 vlib_node_registration_t dslite_in2out_node;
 vlib_node_registration_t dslite_in2out_slowpath_node;
@@ -45,6 +46,7 @@ slow_path (dslite_main_t * dm, dslite_session_key_t * in2out_key,
   u32 oldest_index;
   dslite_session_t *s;
   snat_session_key_t out2in_key;
+  u32 b4_index;
 
   out2in_key.protocol = in2out_key->proto;
   out2in_key.fib_index = 0;
@@ -66,12 +68,13 @@ slow_path (dslite_main_t * dm, dslite_session_key_t * in2out_key,
       clib_dlist_init (dm->per_thread_data[thread_index].list_pool,
 		       b4->sessions_per_b4_list_head_index);
 
-      b4_kv.value = b4 - dm->per_thread_data[thread_index].b4s;
+      b4_index = b4_kv.value = b4 - dm->per_thread_data[thread_index].b4s;
       clib_bihash_add_del_16_8 (&dm->per_thread_data[thread_index].b4_hash,
 				&b4_kv, 1);
     }
   else
     {
+      b4_index = b4_value.value;
       b4 =
 	pool_elt_at_index (dm->per_thread_data[thread_index].b4s,
 			   b4_value.value);
@@ -104,6 +107,11 @@ slow_path (dslite_main_t * dm, dslite_session_key_t * in2out_key,
       snat_free_outside_address_and_port (dm->addr_pool, thread_index,
 					  &s->out2in);
 
+      nat_syslog_dslite_apmdel (b4_index, &s->in2out.softwire_id,
+				&s->in2out.addr, s->in2out.port,
+				&s->out2in.addr, s->out2in.port,
+				s->in2out.proto);
+
       if (snat_alloc_outside_address_and_port
 	  (dm->addr_pool, 0, thread_index, &out2in_key,
 	   dm->port_per_thread, thread_index))
@@ -147,6 +155,10 @@ slow_path (dslite_main_t * dm, dslite_session_key_t * in2out_key,
   clib_bihash_add_del_8_8 (&dm->per_thread_data[thread_index].out2in,
 			   &out2in_kv, 1);
 
+  nat_syslog_dslite_apmadd (b4_index, &s->in2out.softwire_id, &s->in2out.addr,
+			    s->in2out.port, &s->out2in.addr, s->out2in.port,
+			    s->in2out.proto);
+
   return next;
 }
 
diff --git a/src/plugins/nat/in2out.c b/src/plugins/nat/in2out.c
index d4432d98016..786d82147a7 100755
--- a/src/plugins/nat/in2out.c
+++ b/src/plugins/nat/in2out.c
@@ -28,6 +28,7 @@
 #include <nat/nat_ipfix_logging.h>
 #include <nat/nat_reass.h>
 #include <nat/nat_inlines.h>
+#include <nat/nat_syslog.h>
 
 #include <vppinfra/hash.h>
 #include <vppinfra/error.h>
@@ -216,6 +217,11 @@ nat44_i2o_is_idle_session_cb (clib_bihash_kv_8_8_t * kv, void *arg)
 					   s->out2in.port,
 					   s->in2out.fib_index);
 
+      nat_syslog_nat44_apmdel (s->user_index, s->in2out.fib_index,
+			       &s->in2out.addr, s->in2out.port,
+			       &s->out2in.addr, s->out2in.port,
+			       s->in2out.protocol);
+
       if (!snat_is_session_static (s))
 	snat_free_outside_address_and_port (sm->addresses, ctx->thread_index,
 					    &s->out2in);
@@ -365,6 +371,11 @@ slow_path (snat_main_t * sm, vlib_buffer_t * b0,
 				       s->in2out.protocol,
 				       s->in2out.port,
 				       s->out2in.port, s->in2out.fib_index);
+
+  nat_syslog_nat44_apmadd (s->user_index, s->in2out.fib_index,
+			   &s->in2out.addr, s->in2out.port, &s->out2in.addr,
+			   s->out2in.port, s->in2out.protocol);
+
   return next0;
 }
 
diff --git a/src/plugins/nat/in2out_ed.c b/src/plugins/nat/in2out_ed.c
index c42d4e79f9e..ab253e8206b 100644
--- a/src/plugins/nat/in2out_ed.c
+++ b/src/plugins/nat/in2out_ed.c
@@ -28,6 +28,7 @@
 #include <nat/nat_ipfix_logging.h>
 #include <nat/nat_reass.h>
 #include <nat/nat_inlines.h>
+#include <nat/nat_syslog.h>
 
 #define foreach_nat_in2out_ed_error                       \
 _(UNSUPPORTED_PROTOCOL, "Unsupported protocol")         \
@@ -197,6 +198,13 @@ nat44_i2o_ed_is_idle_session_cb (clib_bihash_kv_16_8_t * kv, void *arg)
 					   s->out2in.port,
 					   s->in2out.fib_index);
 
+      nat_syslog_nat44_sdel (s->user_index, s->in2out.fib_index,
+			     &s->in2out.addr, s->in2out.port,
+			     &s->ext_host_nat_addr, s->ext_host_nat_port,
+			     &s->out2in.addr, s->out2in.port,
+			     &s->ext_host_addr, s->ext_host_port,
+			     s->in2out.protocol, is_twice_nat_session (s));
+
       if (is_twice_nat_session (s))
 	{
 	  for (i = 0; i < vec_len (sm->twice_nat_addresses); i++)
@@ -409,6 +417,14 @@ slow_path_ed (snat_main_t * sm,
 				       s->in2out.protocol,
 				       s->in2out.port,
 				       s->out2in.port, s->in2out.fib_index);
+
+  nat_syslog_nat44_sadd (s->user_index, s->in2out.fib_index,
+			 &s->in2out.addr, s->in2out.port,
+			 &s->ext_host_nat_addr, s->ext_host_nat_port,
+			 &s->out2in.addr, s->out2in.port,
+			 &s->ext_host_addr, s->ext_host_port,
+			 s->in2out.protocol, 0);
+
   return next;
 }
 
diff --git a/src/plugins/nat/nat.c b/src/plugins/nat/nat.c
index b7ade881c3f..6bfea3c4162 100755
--- a/src/plugins/nat/nat.c
+++ b/src/plugins/nat/nat.c
@@ -29,6 +29,7 @@
 #include <nat/nat_reass.h>
 #include <nat/nat_inlines.h>
 #include <nat/nat_affinity.h>
+#include <nat/nat_syslog.h>
 #include <vnet/fib/fib_table.h>
 #include <vnet/fib/ip4_fib.h>
 
@@ -236,6 +237,13 @@ nat_free_session_data (snat_main_t * sm, snat_session_t * s, u32 thread_index)
       ed_kv.key[1] = ed_key.as_u64[1];
       if (clib_bihash_add_del_16_8 (&tsm->in2out_ed, &ed_kv, 0))
 	nat_log_warn ("in2out_ed key del failed");
+
+      nat_syslog_nat44_sdel (s->user_index, s->in2out.fib_index,
+			     &s->in2out.addr, s->in2out.port,
+			     &s->ext_host_nat_addr, s->ext_host_nat_port,
+			     &s->out2in.addr, s->out2in.port,
+			     &s->ext_host_addr, s->ext_host_port,
+			     s->in2out.protocol, is_twice_nat_session (s));
     }
   else
     {
@@ -245,6 +253,11 @@ nat_free_session_data (snat_main_t * sm, snat_session_t * s, u32 thread_index)
       kv.key = s->out2in.as_u64;
       if (clib_bihash_add_del_8_8 (&tsm->out2in, &kv, 0))
 	nat_log_warn ("out2in key del failed");
+
+      nat_syslog_nat44_apmdel (s->user_index, s->in2out.fib_index,
+			       &s->in2out.addr, s->in2out.port,
+			       &s->out2in.addr, s->out2in.port,
+			       s->in2out.protocol);
     }
 
   if (snat_is_unk_proto_session (s))
@@ -382,6 +395,8 @@ nat_session_alloc_or_recycle (snat_main_t * sm, snat_user_t * u,
       clib_dlist_addtail (tsm->list_pool,
 			  s->per_user_list_head_index,
 			  per_user_translation_list_elt - tsm->list_pool);
+
+      s->user_index = u - tsm->users;
     }
 
   return s;
diff --git a/src/plugins/nat/nat.h b/src/plugins/nat/nat.h
index 3162e41b696..3ce83ea2602 100644
--- a/src/plugins/nat/nat.h
+++ b/src/plugins/nat/nat.h
@@ -222,6 +222,9 @@ typedef CLIB_PACKED(struct
   u8 state;
   u32 i2o_fin_seq;
   u32 o2i_fin_seq;
+
+  /* user index */
+  u32 user_index;
 }) snat_session_t;
 /* *INDENT-ON* */
 
diff --git a/src/plugins/nat/nat64_db.c b/src/plugins/nat/nat64_db.c
index bb327a57152..ca8358ef8a2 100644
--- a/src/plugins/nat/nat64_db.c
+++ b/src/plugins/nat/nat64_db.c
@@ -19,6 +19,7 @@
 #include <nat/nat64_db.h>
 #include <nat/nat_ipfix_logging.h>
 #include <nat/nat_inlines.h>
+#include <nat/nat_syslog.h>
 #include <vnet/fib/fib_table.h>
 
 int
@@ -456,7 +457,9 @@ nat64_db_st_entry_create (nat64_db_t * db, nat64_db_bib_entry_t * bibe,
 				   &ste->in_r_addr, &ste->out_r_addr,
 				   ste->r_port, ste->r_port, fib->ft_table_id,
 				   1);
-
+  nat_syslog_nat64_sadd (bibe->fib_index, &bibe->in_addr, bibe->in_port,
+			 &bibe->out_addr, bibe->out_port, &ste->out_r_addr,
+			 ste->r_port, bibe->proto);
   return ste;
 }
 
@@ -528,6 +531,9 @@ nat64_db_st_entry_free (nat64_db_t * db, nat64_db_st_entry_t * ste)
 				   &ste->in_r_addr, &ste->out_r_addr,
 				   ste->r_port, ste->r_port, fib->ft_table_id,
 				   0);
+  nat_syslog_nat64_sdel (bibe->fib_index, &bibe->in_addr, bibe->in_port,
+			 &bibe->out_addr, bibe->out_port, &ste->out_r_addr,
+			 ste->r_port, bibe->proto);
 
   /* delete from pool */
   pool_put (st, ste);
diff --git a/src/plugins/nat/nat_syslog.c b/src/plugins/nat/nat_syslog.c
new file mode 100644
index 00000000000..07fe2ea5808
--- /dev/null
+++ b/src/plugins/nat/nat_syslog.c
@@ -0,0 +1,290 @@
+/*
+ * Copyright (c) 2018 Cisco and/or its affiliates.
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at:
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+/**
+ * @file
+ * @brief NAT syslog logging
+ */
+
+#include <vnet/fib/fib_table.h>
+#include <vnet/ip/ip.h>
+#include <vnet/syslog/syslog.h>
+
+#include <nat/nat_syslog.h>
+#include <nat/nat_inlines.h>
+
+
+#define NAT_FACILITY SYSLOG_FACILITY_LOCAL0
+
+#define NAT_APPNAME "NAT"
+
+#define SADD_SDEL_SEVERITY SYSLOG_SEVERITY_INFORMATIONAL
+#define APMADD_APMDEL_SEVERITY SYSLOG_SEVERITY_INFORMATIONAL
+
+#define SADD_MSGID "SADD"
+#define SDEL_MSGID "SDEL"
+#define APMADD_MSGID "APMADD"
+#define APMDEL_MSGID "APMDEL"
+
+#define NSESS_SDID "nsess"
+#define NAPMAP_SDID "napmap"
+
+#define SSUBIX_SDPARAM_NAME "SSUBIX"
+#define SVLAN_SDPARAM_NAME "SVLAN"
+#define IATYP_SDPARAM_NAME "IATYP"
+#define ISADDR_SDPARAM_NAME "ISADDR"
+#define ISPORT_SDPARAM_NAME "ISPORT"
+#define IDADDR_SDPARAM_NAME "IDADDR"
+#define IDPORT_SDPARAM_NAME "IDPORT"
+#define XATYP_SDPARAM_NAME "XATYP"
+#define XSADDR_SDPARAM_NAME "XSADDR"
+#define XSPORT_SDPARAM_NAME "XSPORT"
+#define XDADDR_SDPARAM_NAME "XDADDR"
+#define XDPORT_SDPARAM_NAME "XDPORT"
+#define PROTO_SDPARAM_NAME "PROTO"
+#define SV6ENC_SDPARAM_NAME "SV6ENC"
+
+#define IATYP_IPV4 "IPv4"
+#define IATYP_IPV6 "IPv6"
+
+static inline void
+nat_syslog_nat44_apmap (u32 ssubix, u32 sfibix, ip4_address_t * isaddr,
+			u16 isport, ip4_address_t * xsaddr, u16 xsport,
+			snat_protocol_t proto, u8 is_add,
+			ip6_address_t * sv6enc)
+{
+  syslog_msg_t syslog_msg;
+  fib_table_t *fib;
+
+  if (!syslog_is_enabled ())
+    return;
+
+  if (syslog_severity_filter_block (APMADD_APMDEL_SEVERITY))
+    return;
+
+  syslog_msg_init (&syslog_msg, NAT_FACILITY, APMADD_APMDEL_SEVERITY,
+		   NAT_APPNAME, is_add ? APMADD_MSGID : APMDEL_MSGID);
+
+  syslog_msg_sd_init (&syslog_msg, NAPMAP_SDID);
+  syslog_msg_add_sd_param (&syslog_msg, SSUBIX_SDPARAM_NAME, "%d", ssubix);
+  if (sv6enc)
+    {
+      syslog_msg_add_sd_param (&syslog_msg, SV6ENC_SDPARAM_NAME, "%U",
+			       format_ip6_address, sv6enc);
+    }
+  else
+    {
+      fib = fib_table_get (sfibix, FIB_PROTOCOL_IP4);
+      syslog_msg_add_sd_param (&syslog_msg, SVLAN_SDPARAM_NAME, "%d",
+			       fib->ft_table_id);
+    }
+  syslog_msg_add_sd_param (&syslog_msg, IATYP_SDPARAM_NAME, IATYP_IPV4);
+  syslog_msg_add_sd_param (&syslog_msg, ISADDR_SDPARAM_NAME, "%U",
+			   format_ip4_address, isaddr);
+  syslog_msg_add_sd_param (&syslog_msg, ISPORT_SDPARAM_NAME, "%d",
+			   clib_net_to_host_u16 (isport));
+  syslog_msg_add_sd_param (&syslog_msg, XATYP_SDPARAM_NAME, IATYP_IPV4);
+  syslog_msg_add_sd_param (&syslog_msg, XSADDR_SDPARAM_NAME, "%U",
+			   format_ip4_address, xsaddr);
+  syslog_msg_add_sd_param (&syslog_msg, XSPORT_SDPARAM_NAME, "%d",
+			   clib_net_to_host_u16 (xsport));
+  syslog_msg_add_sd_param (&syslog_msg, PROTO_SDPARAM_NAME, "%d",
+			   snat_proto_to_ip_proto (proto));
+
+  syslog_msg_send (&syslog_msg);
+}
+
+void
+nat_syslog_nat44_apmadd (u32 ssubix, u32 sfibix, ip4_address_t * isaddr,
+			 u16 isport, ip4_address_t * xsaddr, u16 xsport,
+			 snat_protocol_t proto)
+{
+  nat_syslog_nat44_apmap (ssubix, sfibix, isaddr, isport, xsaddr, xsport,
+			  proto, 1, 0);
+}
+
+void
+nat_syslog_nat44_apmdel (u32 ssubix, u32 sfibix, ip4_address_t * isaddr,
+			 u16 isport, ip4_address_t * xsaddr, u16 xsport,
+			 snat_protocol_t proto)
+{
+  nat_syslog_nat44_apmap (ssubix, sfibix, isaddr, isport, xsaddr, xsport,
+			  proto, 0, 0);
+}
+
+void
+nat_syslog_dslite_apmadd (u32 ssubix, ip6_address_t * sv6enc,
+			  ip4_address_t * isaddr, u16 isport,
+			  ip4_address_t * xsaddr, u16 xsport,
+			  snat_protocol_t proto)
+{
+  nat_syslog_nat44_apmap (ssubix, 0, isaddr, isport, xsaddr, xsport,
+			  proto, 1, sv6enc);
+}
+
+void
+nat_syslog_dslite_apmdel (u32 ssubix, ip6_address_t * sv6enc,
+			  ip4_address_t * isaddr, u16 isport,
+			  ip4_address_t * xsaddr, u16 xsport,
+			  snat_protocol_t proto)
+{
+  nat_syslog_nat44_apmap (ssubix, 0, isaddr, isport, xsaddr, xsport,
+			  proto, 0, sv6enc);
+}
+
+static inline void
+nat_syslog_nat44_sess (u32 ssubix, u32 sfibix, ip4_address_t * isaddr,
+		       u16 isport, ip4_address_t * xsaddr, u16 xsport,
+		       ip4_address_t * idaddr, u16 idport,
+		       ip4_address_t * xdaddr, u16 xdport,
+		       snat_protocol_t proto, u8 is_add, u8 is_twicenat)
+{
+  syslog_msg_t syslog_msg;
+  fib_table_t *fib;
+
+  if (!syslog_is_enabled ())
+    return;
+
+  if (syslog_severity_filter_block (SADD_SDEL_SEVERITY))
+    return;
+
+  fib = fib_table_get (sfibix, FIB_PROTOCOL_IP4);
+
+  syslog_msg_init (&syslog_msg, NAT_FACILITY, SADD_SDEL_SEVERITY, NAT_APPNAME,
+		   is_add ? SADD_MSGID : SDEL_MSGID);
+
+  syslog_msg_sd_init (&syslog_msg, NSESS_SDID);
+  syslog_msg_add_sd_param (&syslog_msg, SSUBIX_SDPARAM_NAME, "%d", ssubix);
+  syslog_msg_add_sd_param (&syslog_msg, SVLAN_SDPARAM_NAME, "%d",
+			   fib->ft_table_id);
+  syslog_msg_add_sd_param (&syslog_msg, IATYP_SDPARAM_NAME, IATYP_IPV4);
+  syslog_msg_add_sd_param (&syslog_msg, ISADDR_SDPARAM_NAME, "%U",
+			   format_ip4_address, isaddr);
+  syslog_msg_add_sd_param (&syslog_msg, ISPORT_SDPARAM_NAME, "%d",
+			   clib_net_to_host_u16 (isport));
+  syslog_msg_add_sd_param (&syslog_msg, XATYP_SDPARAM_NAME, IATYP_IPV4);
+  syslog_msg_add_sd_param (&syslog_msg, XSADDR_SDPARAM_NAME, "%U",
+			   format_ip4_address, xsaddr);
+  syslog_msg_add_sd_param (&syslog_msg, XSPORT_SDPARAM_NAME, "%d",
+			   clib_net_to_host_u16 (xsport));
+  syslog_msg_add_sd_param (&syslog_msg, PROTO_SDPARAM_NAME, "%d",
+			   snat_proto_to_ip_proto (proto));
+  syslog_msg_add_sd_param (&syslog_msg, XDADDR_SDPARAM_NAME, "%U",
+			   format_ip4_address, xdaddr);
+  syslog_msg_add_sd_param (&syslog_msg, XDPORT_SDPARAM_NAME, "%d",
+			   clib_net_to_host_u16 (xdport));
+  if (is_twicenat)
+    {
+      syslog_msg_add_sd_param (&syslog_msg, IDADDR_SDPARAM_NAME, "%U",
+			       format_ip4_address, idaddr);
+      syslog_msg_add_sd_param (&syslog_msg, IDPORT_SDPARAM_NAME, "%d",
+			       clib_net_to_host_u16 (idport));
+    }
+
+  syslog_msg_send (&syslog_msg);
+}
+
+void
+nat_syslog_nat44_sadd (u32 ssubix, u32 sfibix, ip4_address_t * isaddr,
+		       u16 isport, ip4_address_t * idaddr, u16 idport,
+		       ip4_address_t * xsaddr, u16 xsport,
+		       ip4_address_t * xdaddr, u16 xdport,
+		       snat_protocol_t proto, u8 is_twicenat)
+{
+  nat_syslog_nat44_sess (ssubix, sfibix, isaddr, isport, xsaddr, xsport,
+			 idaddr, idport, xdaddr, xdport, proto, 1,
+			 is_twicenat);
+}
+
+void
+nat_syslog_nat44_sdel (u32 ssubix, u32 sfibix, ip4_address_t * isaddr,
+		       u16 isport, ip4_address_t * idaddr, u16 idport,
+		       ip4_address_t * xsaddr, u16 xsport,
+		       ip4_address_t * xdaddr, u16 xdport,
+		       snat_protocol_t proto, u8 is_twicenat)
+{
+  nat_syslog_nat44_sess (ssubix, sfibix, isaddr, isport, xsaddr, xsport,
+			 idaddr, idport, xdaddr, xdport, proto, 0,
+			 is_twicenat);
+}
+
+static inline void
+nat_syslog_nat64_sess (u32 sfibix, ip6_address_t * isaddr, u16 isport,
+		       ip4_address_t * xsaddr, u16 xsport,
+		       ip4_address_t * xdaddr, u16 xdport,
+		       snat_protocol_t proto, u8 is_add)
+{
+  syslog_msg_t syslog_msg;
+  fib_table_t *fib;
+
+  if (!syslog_is_enabled ())
+    return;
+
+  if (syslog_severity_filter_block (SADD_SDEL_SEVERITY))
+    return;
+
+  fib = fib_table_get (sfibix, FIB_PROTOCOL_IP6);
+
+  syslog_msg_init (&syslog_msg, NAT_FACILITY, SADD_SDEL_SEVERITY, NAT_APPNAME,
+		   is_add ? SADD_MSGID : SDEL_MSGID);
+
+  syslog_msg_sd_init (&syslog_msg, NSESS_SDID);
+  syslog_msg_add_sd_param (&syslog_msg, SVLAN_SDPARAM_NAME, "%d",
+			   fib->ft_table_id);
+  syslog_msg_add_sd_param (&syslog_msg, IATYP_SDPARAM_NAME, IATYP_IPV6);
+  syslog_msg_add_sd_param (&syslog_msg, ISADDR_SDPARAM_NAME, "%U",
+			   format_ip6_address, isaddr);
+  syslog_msg_add_sd_param (&syslog_msg, ISPORT_SDPARAM_NAME, "%d",
+			   clib_net_to_host_u16 (isport));
+  syslog_msg_add_sd_param (&syslog_msg, XATYP_SDPARAM_NAME, IATYP_IPV4);
+  syslog_msg_add_sd_param (&syslog_msg, XSADDR_SDPARAM_NAME, "%U",
+			   format_ip4_address, xsaddr);
+  syslog_msg_add_sd_param (&syslog_msg, XSPORT_SDPARAM_NAME, "%d",
+			   clib_net_to_host_u16 (xsport));
+  syslog_msg_add_sd_param (&syslog_msg, PROTO_SDPARAM_NAME, "%d", proto);
+  syslog_msg_add_sd_param (&syslog_msg, XDADDR_SDPARAM_NAME, "%U",
+			   format_ip4_address, xdaddr);
+  syslog_msg_add_sd_param (&syslog_msg, XDPORT_SDPARAM_NAME, "%d",
+			   clib_net_to_host_u16 (xdport));
+
+  syslog_msg_send (&syslog_msg);
+}
+
+void
+nat_syslog_nat64_sadd (u32 sfibix, ip6_address_t * isaddr, u16 isport,
+		       ip4_address_t * xsaddr, u16 xsport,
+		       ip4_address_t * xdaddr, u16 xdport,
+		       snat_protocol_t proto)
+{
+  nat_syslog_nat64_sess (sfibix, isaddr, isport, xsaddr, xsport, xdaddr,
+			 xdport, proto, 1);
+}
+
+void
+nat_syslog_nat64_sdel (u32 sfibix, ip6_address_t * isaddr, u16 isport,
+		       ip4_address_t * xsaddr, u16 xsport,
+		       ip4_address_t * xdaddr, u16 xdport,
+		       snat_protocol_t proto)
+{
+  nat_syslog_nat64_sess (sfibix, isaddr, isport, xsaddr, xsport, xdaddr,
+			 xdport, proto, 0);
+}
+
+/*
+ * fd.io coding-style-patch-verification: ON
+ *
+ * Local Variables:
+ * eval: (c-set-style "gnu")
+ * End:
+ */
diff --git a/src/plugins/nat/nat_syslog.h b/src/plugins/nat/nat_syslog.h
new file mode 100644
index 00000000000..15a891fd0c0
--- /dev/null
+++ b/src/plugins/nat/nat_syslog.h
@@ -0,0 +1,75 @@
+/*
+ * Copyright (c) 2018 Cisco and/or its affiliates.
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at:
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+/**
+ * @file
+ * @brief NAT syslog logging
+ */
+
+#ifndef __included_nat_syslog_h__
+#define __included_nat_syslog_h__
+
+#include <nat/nat.h>
+
+void nat_syslog_nat44_apmadd (u32 ssubix, u32 sfibix, ip4_address_t * isaddr,
+			      u16 isport, ip4_address_t * xsaddr, u16 xsport,
+			      snat_protocol_t proto);
+
+void nat_syslog_nat44_apmdel (u32 ssubix, u32 sfibix, ip4_address_t * isaddr,
+			      u16 isport, ip4_address_t * xsaddr, u16 xsport,
+			      snat_protocol_t proto);
+
+void
+nat_syslog_dslite_apmadd (u32 ssubix, ip6_address_t * sv6enc,
+			  ip4_address_t * isaddr, u16 isport,
+			  ip4_address_t * xsaddr, u16 xsport,
+			  snat_protocol_t proto);
+
+void
+nat_syslog_dslite_apmdel (u32 ssubix, ip6_address_t * sv6enc,
+			  ip4_address_t * isaddr, u16 isport,
+			  ip4_address_t * xsaddr, u16 xsport,
+			  snat_protocol_t proto);
+
+void nat_syslog_nat44_sadd (u32 ssubix, u32 sfibix, ip4_address_t * isaddr,
+			    u16 isport, ip4_address_t * idaddr, u16 idport,
+			    ip4_address_t * xsaddr, u16 xsport,
+			    ip4_address_t * xdaddr, u16 xdport,
+			    snat_protocol_t proto, u8 is_twicenat);
+
+void nat_syslog_nat44_sdel (u32 ssubix, u32 sfibix, ip4_address_t * isaddr,
+			    u16 isport, ip4_address_t * idaddr, u16 idport,
+			    ip4_address_t * xsaddr, u16 xsport,
+			    ip4_address_t * xdaddr, u16 xdport,
+			    snat_protocol_t proto, u8 is_twicenat);
+
+void nat_syslog_nat64_sadd (u32 sfibix, ip6_address_t * isaddr, u16 isport,
+			    ip4_address_t * xsaddr, u16 xsport,
+			    ip4_address_t * xdaddr, u16 xdport,
+			    snat_protocol_t proto);
+
+void nat_syslog_nat64_sdel (u32 sfibix, ip6_address_t * isaddr, u16 isport,
+			    ip4_address_t * xsaddr, u16 xsport,
+			    ip4_address_t * xdaddr, u16 xdport,
+			    snat_protocol_t proto);
+
+#endif /* __included_nat_syslog_h__ */
+
+/*
+ * fd.io coding-style-patch-verification: ON
+ *
+ * Local Variables:
+ * eval: (c-set-style "gnu")
+ * End:
+ */
diff --git a/src/plugins/nat/out2in.c b/src/plugins/nat/out2in.c
index 52f2023efe1..74d20888f57 100755
--- a/src/plugins/nat/out2in.c
+++ b/src/plugins/nat/out2in.c
@@ -29,6 +29,7 @@
 #include <nat/nat_ipfix_logging.h>
 #include <nat/nat_reass.h>
 #include <nat/nat_inlines.h>
+#include <nat/nat_syslog.h>
 
 #include <vppinfra/hash.h>
 #include <vppinfra/error.h>
@@ -132,6 +133,11 @@ nat44_o2i_is_idle_session_cb (clib_bihash_kv_8_8_t * kv, void *arg)
 					   s->out2in.port,
 					   s->in2out.fib_index);
 
+      nat_syslog_nat44_apmdel (s->user_index, s->in2out.fib_index,
+			       &s->in2out.addr, s->in2out.port,
+			       &s->out2in.addr, s->out2in.port,
+			       s->in2out.protocol);
+
       if (!snat_is_session_static (s))
 	snat_free_outside_address_and_port (sm->addresses, ctx->thread_index,
 					    &s->out2in);
@@ -229,6 +235,11 @@ create_session_for_static_mapping (snat_main_t * sm,
 				       s->in2out.protocol,
 				       s->in2out.port,
 				       s->out2in.port, s->in2out.fib_index);
+
+  nat_syslog_nat44_apmadd (s->user_index, s->in2out.fib_index,
+			   &s->in2out.addr, s->in2out.port, &s->out2in.addr,
+			   s->out2in.port, s->in2out.protocol);
+
   return s;
 }
 
diff --git a/src/plugins/nat/out2in_ed.c b/src/plugins/nat/out2in_ed.c
index aa7f7e40117..f76fc60bda0 100644
--- a/src/plugins/nat/out2in_ed.c
+++ b/src/plugins/nat/out2in_ed.c
@@ -29,6 +29,7 @@
 #include <nat/nat_ipfix_logging.h>
 #include <nat/nat_reass.h>
 #include <nat/nat_inlines.h>
+#include <nat/nat_syslog.h>
 
 #define foreach_nat_out2in_ed_error                     \
 _(UNSUPPORTED_PROTOCOL, "Unsupported protocol")         \
@@ -173,6 +174,13 @@ nat44_o2i_ed_is_idle_session_cb (clib_bihash_kv_16_8_t * kv, void *arg)
 					   s->out2in.port,
 					   s->in2out.fib_index);
 
+      nat_syslog_nat44_sdel (s->user_index, s->in2out.fib_index,
+			     &s->in2out.addr, s->in2out.port,
+			     &s->ext_host_nat_addr, s->ext_host_nat_port,
+			     &s->out2in.addr, s->out2in.port,
+			     &s->ext_host_addr, s->ext_host_port,
+			     s->in2out.protocol, is_twice_nat_session (s));
+
       if (is_twice_nat_session (s))
 	{
 	  for (i = 0; i < vec_len (sm->twice_nat_addresses); i++)
@@ -303,6 +311,19 @@ create_session_for_static_mapping_ed (snat_main_t * sm,
 					       &ctx))
     nat_log_notice ("in2out-ed key add failed");
 
+  snat_ipfix_logging_nat44_ses_create (s->in2out.addr.as_u32,
+				       s->out2in.addr.as_u32,
+				       s->in2out.protocol,
+				       s->in2out.port,
+				       s->out2in.port, s->in2out.fib_index);
+
+  nat_syslog_nat44_sdel (s->user_index, s->in2out.fib_index,
+			 &s->in2out.addr, s->in2out.port,
+			 &s->ext_host_nat_addr, s->ext_host_nat_port,
+			 &s->out2in.addr, s->out2in.port,
+			 &s->ext_host_addr, s->ext_host_port,
+			 s->in2out.protocol, is_twice_nat_session (s));
+
   return s;
 }