mirror of
https://github.com/cloudnativelabs/kube-router.git
synced 2025-09-25 18:11:06 +02:00
1af329c480
* nflog the packet that will be dropped by network policy enforcement that can be further by read by ulogd Fixes #505 * addressing review comments
6 lines
569 B
Markdown
6 lines
569 B
Markdown
# Observability
|
|
|
|
## Observing dropped traffic due to network policy enforcements
|
|
|
|
Traffic that gets rejected due to network policy enforcements gets logged by kube-route using iptables NFLOG target under the group 100. Simplest way to observe the dropped packets by kube-router is by running tcpdump on `nflog:100` interface for e.g. `tcpdump -i nflog:100 -n`. You can also configure ulogd to monitor dropped packets in desired output format. Please see https://kb.gtkc.net/iptables-with-ulogd-quick-howto/ for an example configuration to setup a stack to log packets.
|