mirror of
https://github.com/cloudnativelabs/kube-router.git
synced 2025-09-25 18:11:06 +02:00
1af329c480
* nflog the packet that will be dropped by network policy enforcement that can be further by read by ulogd Fixes #505 * addressing review comments
569 B
569 B
Observability
Observing dropped traffic due to network policy enforcements
Traffic that gets rejected due to network policy enforcements gets logged by kube-route using iptables NFLOG target under the group 100. Simplest way to observe the dropped packets by kube-router is by running tcpdump on nflog:100 interface for e.g. tcpdump -i nflog:100 -n. You can also configure ulogd to monitor dropped packets in desired output format. Please see https://kb.gtkc.net/iptables-with-ulogd-quick-howto/ for an example configuration to setup a stack to log packets.