diff --git a/src/nat_format.cpp b/src/nat_format.cpp
index 20a8465..af043ba 100644
--- a/src/nat_format.cpp
+++ b/src/nat_format.cpp
@@ -4,13 +4,15 @@
 #include <stdlib.h>
 #include <string.h>
 
-#include <sys/socket.h>
-#include <netinet/in.h>
 #include <arpa/inet.h>
+#include <netinet/in.h>
+#include <sys/socket.h>
+#include <time.h>
+#include <unistd.h> 
 
 #include "nat_format.h"
 
-#define NAT_FORMAT_NAT_FORMAT_CONFIG_FILE "./conf/nat_format.conf"
+#define NAT_FORMAT_CONFIG_FILE "./conf/nat_format.conf"
 #define PAYLOAD_LEN 46
 
 #define FORMAT_LOG_ACTION_ADD 0x00
@@ -43,8 +45,8 @@ int nat_format_init(void) {
     MESA_load_profile_int_def(NAT_FORMAT_CONFIG_FILE, "NAT_FORMAT_RECEIVE_PORT", "dp_syslog", &g_nat_format_info.dp_syslog_port, 518);
     MESA_load_profile_int_def(NAT_FORMAT_CONFIG_FILE, "NAT_FORMAT_RECEIVE_PORT", "dp_binary", &g_nat_format_info.dp_binary_port, 519);
 
-    MESA_load_profile_string_def(config_file, "NAT_FORMAT_LOG", "run_log_path", g_nat_format_info.log_path, sizeof(g_nat_format_info.root_log_path), "./log/nat_format.log");
-    MESA_load_profile_uint_def(config_file, "NAT_FORMAT_LOG", "run_log_level", &g_nat_format_info.log_level, 10);
+    MESA_load_profile_string_def(NAT_FORMAT_CONFIG_FILE, "NAT_FORMAT_LOG", "run_log_path", g_nat_format_info.log_path, sizeof(g_nat_format_info.log_path), "./log/nat_format.log");
+    MESA_load_profile_uint_def(NAT_FORMAT_CONFIG_FILE, "NAT_FORMAT_LOG", "run_log_level", &g_nat_format_info.log_level, 10);
     g_nat_format_info.log = MESA_create_runtime_log_handle(g_nat_format_info.log_path, g_nat_format_info.log_level);
     if (g_tf_dns_info.log == NULL) {
         printf("MESA_create_runtime_log_handle %s failed: %s\n", g_nat_format_info.log_path, strerror(errno));
@@ -107,56 +109,51 @@ char nat_format_entry(struct streaminfo *a_udp, void **pme, int thread_seq, void
 
     // 提取nat信息
     struct nat_payload nat_payload;
-    inet_pton(AF_INET, a_udp->addr.tuple4_v4->s_addr, nat_payload.fw_ip);   // 防火墙ip为源ip，需要进行点分十进制转换
+    inet_pton(AF_INET, a_udp->addr.tuple4_v4->saddr, nat_payload.fw_ip);   // 防火墙ip为源ip，需要进行点分十进制转换
     // 根据数据来源的端口采取不同的处理策略
-    switch (udp_port) {
-        // 华为syslog格式：防火墙日志生成时间需要转换为时间戳、动作字符串需要转换为序号、点分十进制格式ip需要转换为二进制
-        case g_nat_format_info.hw_syslog_port:
-            char fw_log_time[21];
-            char action_str[20];
-            char src_intra_ip[20];
-            char dst_ip[20];
-            char src_extra_ip[20];
-            int suc_num = sscanf(udp_data, "%*[^>]>%20[0-9: -]%*[^/]/%*[0-9]/%19[A-Z_]%*[^:]:SourceIP=%19[^,],DestinationIP=%19[^,],SourcePort=%hu,DestinationPort=%hu,SourceNatIP=%19[^,],SourceNatPort=%hu,BeginTime=%u,EndTime=%u",
-                                 fw_log_time, action_str, src_intra_ip, dst_ip, &nat_payload.src_intra_port, &nat_payload.dst_port, src_extra_ip, &nat_payload.src_extra_port, &nat_payload.stream_start_timestamp, &nat_payload.stream_end_timestamp);
-            if (suc_num != 10) {
-                MESA_handle_runtime_log(g_nat_format_info.log, RLOG_LV_FATAL, "nat_format Huawei syslog", "NAT extraction failed: %d/10", suc_num);
-                return APP_STATE_DROPME
-            }
+    // 华为syslog格式：防火墙日志生成时间需要转换为时间戳、动作字符串需要转换为序号、点分十进制格式ip需要转换为二进制
+    if (udp_port == g_nat_format_info.hw_syslog_port) {
+        char fw_log_time[21];
+        char action_str[20];
+        char src_intra_ip[20];
+        char dst_ip[20];
+        char src_extra_ip[20];
+        int suc_num = sscanf(udp_data, "%*[^>]>%20[0-9: -]%*[^/]/%*[0-9]/%19[A-Z_]%*[^:]:SourceIP=%19[^,],DestinationIP=%19[^,],SourcePort=%hu,DestinationPort=%hu,SourceNatIP=%19[^,],SourceNatPort=%hu,BeginTime=%u,EndTime=%u",
+                                fw_log_time, action_str, src_intra_ip, dst_ip, &nat_payload.src_intra_port, &nat_payload.dst_port, src_extra_ip, &nat_payload.src_extra_port, &nat_payload.stream_start_timestamp, &nat_payload.stream_end_timestamp);
+        if (suc_num != 10) {
+            MESA_handle_runtime_log(g_nat_format_info.log, RLOG_LV_FATAL, "nat_format Huawei syslog", "NAT extraction failed: %d/10", suc_num);
+            return APP_STATE_DROPME;
+        }
 
-            struct tm fw_time;
-            if (strptime(fw_log_time, "%Y-%m-%d %H:%M:%S ", &fw_time) == NULL) {
-                MESA_handle_runtime_log(g_nat_format_info.log, RLOG_LV_FATAL, "nat_format Huawei syslog", "firewall log generation time extraction failed: %s", fw_log_time);
-                return APP_STATE_GIVEME;
-            }
-            nat_payload.fw_log_timestamp = (unsigned int)mktime(fw_time);
+        struct tm fw_time;
+        if (strptime(fw_log_time, "%Y-%m-%d %H:%M:%S ", &fw_time) == NULL) {
+            MESA_handle_runtime_log(g_nat_format_info.log, RLOG_LV_FATAL, "nat_format Huawei syslog", "firewall log generation time extraction failed: %s", fw_log_time);
+            return APP_STATE_GIVEME;
+        }
+        nat_payload.fw_log_timestamp = (unsigned int)mktime(fw_time);
 
-            inet_pton(AF_INET, src_intra_ip, &nat_payload.src_intra_ip);
-            inet_pton(AF_INET, dst_ip, &nat_payload.dst_ip);
-            inet_pton(AF_INET, src_extra_ip, &nat_payload.src_extra_ip);
+        inet_pton(AF_INET, src_intra_ip, &nat_payload.src_intra_ip);
+        inet_pton(AF_INET, dst_ip, &nat_payload.dst_ip);
+        inet_pton(AF_INET, src_extra_ip, &nat_payload.src_extra_ip);
 
-            if (strcmp(action_str, HW_EVENT_ADD) == 0) {
-                nat_payload.action = FORMAT_LOG_ACTION_ADD;
-            } else if (strcmp(action_str, HW_EVENT_DEL) == 0) {
-                nat_payload.action = FORMAT_LOG_ACTION_DEL;
-            } else {
-                MESA_handle_runtime_log(g_nat_format_info.log, RLOG_LV_FATAL, "nat_format Huawei syslog", "Event field is an undefined value: %s", action_str);
-                return APP_STATE_GIVEME;
-            }
-
-            break;
-        case g_nat_format_info.hw_binary_port:
-            break;
-        case g_nat_format_info.h3_syslog_port:
-            break;
-        case g_nat_format_info.h3_binary_port:
-            break;
-        case g_nat_format_info.dp_syslog_port:
-            break;
-        case g_nat_format_info.dp_binary_port:
-            break;
-        default:
-            break;
+        if (strcmp(action_str, HW_EVENT_ADD) == 0) {
+            nat_payload.action = FORMAT_LOG_ACTION_ADD;
+        } else if (strcmp(action_str, HW_EVENT_DEL) == 0) {
+            nat_payload.action = FORMAT_LOG_ACTION_DEL;
+        } else {
+            MESA_handle_runtime_log(g_nat_format_info.log, RLOG_LV_FATAL, "nat_format Huawei syslog", "Event field is an undefined value: %s", action_str);
+            return APP_STATE_GIVEME;
+        }
+    } else if (udp_port == g_nat_format_info.hw_binary_port) {
+        return APP_STATE_GIVEME;
+    } else if (udp_port == g_nat_format_info.h3_syslog_port) {
+        return APP_STATE_GIVEME;
+    } else if (udp_port == g_nat_format_info.h3_binary_port) {
+        return APP_STATE_GIVEME;
+    } else if (udp_port == g_nat_format_info.dp_syslog_port) {
+        return APP_STATE_GIVEME;
+    } else if (udp_port == g_nat_format_info.dp_binary_port) {
+        return APP_STATE_GIVEME;
     }
 
     // 将提取出来的信息写进组播载荷
@@ -165,8 +162,8 @@ char nat_format_entry(struct streaminfo *a_udp, void **pme, int thread_seq, void
 
     // 攒够20个进行发送
     if (cur_pkt == 20) {
-        if (sendto(udp_socket, buf, strlen(buf), 0, (struct sockaddr *)&dst_addr, sizeof(dst_addr)) < 0) {
-            MESA_handle_runtime_log(g_nat_format_info.log, RLOG_LV_FATAL, "nat_format Huawei syslog", "Event field is an undefined value: %s", action_str);
+        if (sendto(udp_socket, multicast_payload, strlen(multicast_payload), 0, (struct sockaddr *)&dst_addr, sizeof(dst_addr)) < 0) {
+            MESA_handle_runtime_log(g_nat_format_info.log, RLOG_LV_FATAL, "nat_format Huawei syslog", "Send multicast failed: %s", strerror(errno));
         }
         cur_pkt = 0;
     }
diff --git a/src/nat_format.h b/src/nat_format.h
index 33c773c..a7dd592 100644
--- a/src/nat_format.h
+++ b/src/nat_format.h
@@ -27,7 +27,7 @@ struct nat_format_global_info {
     int32_t dp_syslog_port;
     int32_t dp_binary_port;
 
-    char root_log_path[256];
+    char log_path[256];
     u_int32_t log_level;
     void *log;
 };
@@ -35,7 +35,7 @@ struct nat_format_global_info {
 // 格式化NAT报文载荷
 struct nat_payload {
     unsigned int magic_num = FORMAT_LOG_MAGIC_NUMBER;
-    unsigned short magic_num = FORMAT_LOG_VERSION;
+    unsigned short version = FORMAT_LOG_VERSION;
     unsigned int fw_log_timestamp;
     unsigned int fw_ip;
     char action;