Network Flow Logs

Overview

Traffic Logs provides real-time visibility into network traffic flowing through your Netmaker network. Monitor connections, analyze traffic patterns, and troubleshoot network issues with detailed logs of every connection.

PRO FEATURE

Traffic Logs is available exclusively on Netmaker Pro.

ENABLING TRAFFIC LOGS

Traffic Logs must be enabled by the Netmaker team. To request activation:

Contact Form: https://www.netmaker.io/contact

Status: ALPHA

What are Traffic Logs?

Traffic Logs capture detailed information about network connections flowing through your Netmaker network. Each log entry records the source, destination, protocol, ports, traffic direction, and data volume for comprehensive network visibility.

Key Benefits

• Real-time visibility into all network traffic

• Troubleshoot connectivity issues with detailed connection data

• Monitor traffic patterns and bandwidth usage

• Identify suspicious activity or unauthorized connections

Understanding the Traffic Logs Interface

Global Insights View

User Logs View

Each traffic log entry displays detailed information about a network event. Below is a breakdown of all components you'll see in a log entry:

Log Entry Components

| Component | Description | Example | | Event | Timestamp, end time, node name, and direction of traffic | 9:03 AM, End: 9:03 AM, Node: inetgw, Inbound | | Source | Origin of the traffic - can be Node, User, Config Files, External IP, or Egress Route | debian (node) 100.102.137.9:54618 (IP:port) [email protected] (user) | | Protocol & Port | Network protocol (TCP/UDP/ICMP) and destination port number | TCP, Port 443 UDP, Port 53 ICMP | | Destination | Target of the traffic - can be Node, User, Config Files, External IP, or Egress Route | inetgw (node) 100.102.137.4:443 (IP:port) 140.82.113.26 (external IP) | | Traffic | Data transferred - Download (↓) and Upload (↑) shown in bytes, KiB, or MiB | ↓ 60.00 (B), ↑ 40.00 (B) ↓ 4.33 (KiB), ↑ 4.84 (KiB) |

Component Details

Event Information:

• Timestamp: Exact time the traffic event occurred (format: HH:MM AM/PM)

• End Time: When the traffic event completed (format: End: HH:MM AM/PM)

• Node: The node that generated or received the traffic (format: Node: [node-name])

• Direction: Traffic flow - Inbound (coming into node) or Outbound (leaving node)

Source Types:

• Node: Internal network node (e.g., debian, inetgw)

• User: User devices (e.g., [email protected])

• Config Files: Configuration-related traffic

• External: External IP addresses outside your network

• Egress Route: Traffic through egress gateways

Protocol Types:

• TCP - Transmission Control Protocol (reliable, connection-oriented)

• UDP - User Datagram Protocol (fast, connectionless)

• ICMP - Internet Control Message Protocol (network diagnostics)

Destination Types:

• Node: Internal network node

• User: User endpoint

• Config Files: Configuration endpoints

• External: External IP addresses (e.g., 140.82.113.26)

• Egress Route: Egress gateway destinations

Traffic Volume Indicators:

• ↓ (Download): Data received by the source node

• ↑ (Upload): Data sent by the source node

• Units: B (bytes), KiB (kibibytes), MiB (mebibytes)

Reading Traffic Log Entries

Example 1: Internal Node Communication (Inbound)

Interpretation: The debian node initiated a secure HTTPS connection to the inetgw gateway, receiving 60 bytes and sending 40 bytes of data. This is typical of a small API call or status check.

Example 2: Same Connection from Source Perspective (Outbound)

Interpretation: This is the same connection as Example 1, but reported by the debian node. Notice how the traffic values are reversed (↓40B/↑60B vs ↓60B/↑40B).

Example 3: User Connection to External Service

Interpretation: User [email protected] connected through the inetgw gateway to an external server on HTTPS. The user downloaded 2.36 KiB and uploaded 4.03 KiB, suggesting they sent more data than they received—typical of uploading data or submitting form content to an external service.

Common Traffic Patterns

Small Data Transfers (< 1 KiB)

What it means: Control messages, API calls, heartbeats, status checks

Examples:

• ↓ 60.00 (B) / ↑ 40.00 (B)

• TCP port 443 connections with minimal data

• Quick request/response patterns

Typical scenarios:

• Health checks between nodes

• Authentication requests

• Configuration updates

• DNS queries

Medium Data Transfers (1-100 KiB)

What it means: Web pages, API responses, small files

Examples:

• ↓ 4.33 (KiB) / ↑ 4.84 (KiB)

• HTTP/HTTPS web page loads

• JSON data exchanges

Typical scenarios:

• Loading web dashboards

• API data retrieval

• Configuration file transfers

• Log uploads

Large Data Transfers (> 100 KiB)

What it means: File transfers, media, backups

Examples:

• ↓ 2.5 (MiB) / ↑ 1.2 (MiB)

• File downloads/uploads

• Database syncs

Typical scenarios:

• Software updates

• Backup operations

• Video streaming

• Large file transfers

Using the Filter Feature

Data Volume Reference

Understanding Size Units

Bytes (B):

• Range: 1 - 999 B

• Typical for: Control messages, handshakes, small requests

• Examples: TCP SYN packets, HTTP headers, status checks

Kibibytes (KiB):

• 1 KiB = 1,024 bytes

• Range: 1 - 999 KiB

• Typical for: Web pages, API responses, small files

• Examples: HTML pages, JSON data, small images

Mebibytes (MiB):

• 1 MiB = 1,024 KiB = 1,048,576 bytes

• Range: 1+ MiB

• Typical for: Large files, media, backups

• Examples: Videos, software updates, database dumps

Typical Traffic Volumes by Service

Summary

Traffic Logs provides essential visibility into your network communications:

• Real-time monitoring of all network traffic

• Detailed information about each connection

• Flexible filtering to find relevant events

• Security monitoring to detect threats

• Performance troubleshooting to identify issues

• Compliance auditing to document activity

To get started: Please https://www.netmaker.io/contact