Logging
The following scenarios show how to configure the conntrack logging option with different traffic policies and services enabled, in order to check that all fields are displayed correctly and all events are captured.
Test new events
Description
Test to check NEW sessions events are captured
Scenario
Step 1: Set the following configuration in DUT0:
set interfaces ethernet eth0 address 192.168.100.1/24 set system conntrack logging events new set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 2: Set the following configuration in DUT1:
set interfaces ethernet eth0 address 192.168.100.2/24 set protocols static route 0.0.0.0/0 next-hop 192.168.100.1 set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 3: Ping IP address 192.168.100.1 from DUT1:
admin@DUT1$ ping 192.168.100.1 count 1 size 56 timeout 1Show output
PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data. 64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.716 ms --- 192.168.100.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.716/0.716/0.716/0.000 ms
Step 4: Ping IP address 192.168.100.1 from DUT1:
admin@DUT1$ ping 192.168.100.1 count 1 size 56 timeout 1Show output
PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data. 64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.404 ms --- 192.168.100.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.404/0.404/0.404/0.000 ms
Step 5: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
ulogd\[.*\]:.*\[NEW\].*SRC=192.168.100.2Show output
Jul 17 15:48:01.301474 osdx systemd-journald[93647]: Runtime Journal (/run/log/journal/7135572a45764d02b8df631348eed5fb) is 3.6M, max 15.3M, 11.6M free. Jul 17 15:48:01.304698 osdx systemd-journald[93647]: Received client request to rotate journal, rotating. Jul 17 15:48:01.304753 osdx systemd-journald[93647]: Vacuuming done, freed 0B of archived journals from /run/log/journal/7135572a45764d02b8df631348eed5fb. Jul 17 15:48:01.311518 osdx OSDxCLI[93486]: User 'admin' executed a new command: 'system journal clear'. Jul 17 15:48:01.636922 osdx osdx-coredump[99688]: Deleting all coredumps in /opt/vyatta/etc/config/coredump... Jul 17 15:48:01.644519 osdx OSDxCLI[93486]: User 'admin' executed a new command: 'system coredump delete all'. Jul 17 15:48:02.075469 osdx OSDxCLI[93486]: User 'admin' entered the configuration menu. Jul 17 15:48:02.148638 osdx OSDxCLI[93486]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 192.168.100.1/24'. Jul 17 15:48:02.220356 osdx OSDxCLI[93486]: User 'admin' added a new cfg line: 'set system conntrack logging events new'. Jul 17 15:48:02.323886 osdx OSDxCLI[93486]: User 'admin' added a new cfg line: 'show working'. Jul 17 15:48:02.408700 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Jul 17 15:48:02.493090 osdx systemd[1]: Starting ulogd2.service - Netfilter Userspace Logging Daemon... Jul 17 15:48:02.495550 osdx systemd[1]: ulogd2.service: Failed to parse PID from file /run/ulog/ulogd.pid: Invalid argument Jul 17 15:48:02.496051 osdx systemd[1]: Started ulogd2.service - Netfilter Userspace Logging Daemon. Jul 17 15:48:02.497493 osdx cfgd[1240]: [93486]Completed change to active configuration Jul 17 15:48:02.499445 osdx ulogd[99769]: registering plugin `NFCT' Jul 17 15:48:02.500525 osdx ulogd[99769]: registering plugin `IP2STR' Jul 17 15:48:02.500601 osdx ulogd[99769]: registering plugin `PRINTFLOW' Jul 17 15:48:02.500651 osdx OSDxCLI[93486]: User 'admin' committed the configuration. Jul 17 15:48:02.501830 osdx ulogd[99769]: registering plugin `SYSLOG' Jul 17 15:48:02.501836 osdx ulogd[99769]: building new pluginstance stack: 'ct1:NFCT,ip2str1:IP2STR,print1:PRINTFLOW,sys1:SYSLOG' Jul 17 15:48:02.501903 osdx ulogd[99769]: NFCT plugin working in event mode Jul 17 15:48:02.501910 osdx ulogd[99769]: Changing UID / GID Jul 17 15:48:02.501984 osdx ulogd[99769]: initialization finished, entering main loop Jul 17 15:48:02.526992 osdx OSDxCLI[93486]: User 'admin' left the configuration menu. Jul 17 15:48:03.250694 osdx ulogd[99769]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 Jul 17 15:48:03.320258 osdx ulogd[99769]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0
Test update events
Description
Test to check UPDATE sessions events are captured
Scenario
Step 1: Set the following configuration in DUT0:
set interfaces ethernet eth0 address 192.168.100.1/24 set system conntrack logging events update set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 2: Set the following configuration in DUT1:
set interfaces ethernet eth0 address 192.168.100.2/24 set protocols static route 0.0.0.0/0 next-hop 192.168.100.1 set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 3: Ping IP address 192.168.100.1 from DUT1:
admin@DUT1$ ping 192.168.100.1 count 1 size 56 timeout 1Show output
PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data. 64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.361 ms --- 192.168.100.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.361/0.361/0.361/0.000 ms
Step 4: Ping IP address 192.168.100.1 from DUT1:
admin@DUT1$ ping 192.168.100.1 count 1 size 56 timeout 1Show output
PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data. 64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.478 ms --- 192.168.100.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.478/0.478/0.478/0.000 ms
Step 5: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
ulogd\[.*\]:.*\[UPDATE\].*SRC=192.168.100.2Show output
Jul 17 15:48:07.281306 osdx systemd-journald[93647]: Runtime Journal (/run/log/journal/7135572a45764d02b8df631348eed5fb) is 2.0M, max 15.3M, 13.3M free. Jul 17 15:48:07.284339 osdx systemd-journald[93647]: Received client request to rotate journal, rotating. Jul 17 15:48:07.284394 osdx systemd-journald[93647]: Vacuuming done, freed 0B of archived journals from /run/log/journal/7135572a45764d02b8df631348eed5fb. Jul 17 15:48:07.293223 osdx OSDxCLI[93486]: User 'admin' executed a new command: 'system journal clear'. Jul 17 15:48:07.624513 osdx osdx-coredump[99904]: Deleting all coredumps in /opt/vyatta/etc/config/coredump... Jul 17 15:48:07.632540 osdx OSDxCLI[93486]: User 'admin' executed a new command: 'system coredump delete all'. Jul 17 15:48:08.095253 osdx OSDxCLI[93486]: User 'admin' entered the configuration menu. Jul 17 15:48:08.165179 osdx OSDxCLI[93486]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 192.168.100.1/24'. Jul 17 15:48:08.255725 osdx OSDxCLI[93486]: User 'admin' added a new cfg line: 'set system conntrack logging events update'. Jul 17 15:48:08.325976 osdx OSDxCLI[93486]: User 'admin' added a new cfg line: 'show working'. Jul 17 15:48:08.440289 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Jul 17 15:48:08.516563 osdx systemd[1]: Starting ulogd2.service - Netfilter Userspace Logging Daemon... Jul 17 15:48:08.517622 osdx systemd[1]: Started ulogd2.service - Netfilter Userspace Logging Daemon. Jul 17 15:48:08.517818 osdx ulogd[99985]: registering plugin `NFCT' Jul 17 15:48:08.517863 osdx ulogd[99985]: registering plugin `IP2STR' Jul 17 15:48:08.517908 osdx ulogd[99985]: registering plugin `PRINTFLOW' Jul 17 15:48:08.517951 osdx ulogd[99985]: registering plugin `SYSLOG' Jul 17 15:48:08.517954 osdx ulogd[99985]: building new pluginstance stack: 'ct1:NFCT,ip2str1:IP2STR,print1:PRINTFLOW,sys1:SYSLOG' Jul 17 15:48:08.517995 osdx ulogd[99985]: NFCT plugin working in event mode Jul 17 15:48:08.518002 osdx ulogd[99985]: Changing UID / GID Jul 17 15:48:08.518069 osdx ulogd[99985]: initialization finished, entering main loop Jul 17 15:48:08.519251 osdx cfgd[1240]: [93486]Completed change to active configuration Jul 17 15:48:08.521508 osdx OSDxCLI[93486]: User 'admin' committed the configuration. Jul 17 15:48:08.537799 osdx OSDxCLI[93486]: User 'admin' left the configuration menu. Jul 17 15:48:09.295106 osdx ulogd[99985]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 Jul 17 15:48:09.380422 osdx ulogd[99985]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0
Test destroy events
Description
Test to check DESTROY sessions events are captured
Scenario
Step 1: Set the following configuration in DUT0:
set interfaces ethernet eth0 address 192.168.100.1/24 set service ssh set system conntrack logging events destroy set system conntrack timeout icmp 1 set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 2: Set the following configuration in DUT1:
set interfaces ethernet eth0 address 192.168.100.2/24 set protocols static route 0.0.0.0/0 next-hop 192.168.100.1 set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 3: Ping IP address 192.168.100.1 from DUT1:
admin@DUT1$ ping 192.168.100.1 count 1 size 56 timeout 1Show output
PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data. 64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.743 ms --- 192.168.100.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.743/0.743/0.743/0.000 ms
Step 4: Ping IP address 192.168.100.1 from DUT1:
admin@DUT1$ ping 192.168.100.1 count 3 size 56 timeout 1Show output
PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data. 64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.536 ms 64 bytes from 192.168.100.1: icmp_seq=2 ttl=64 time=0.430 ms 64 bytes from 192.168.100.1: icmp_seq=3 ttl=64 time=0.633 ms --- 192.168.100.1 ping statistics --- 3 packets transmitted, 3 received, 0% packet loss, time 2034ms rtt min/avg/max/mdev = 0.430/0.533/0.633/0.082 ms
Step 5: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
ulogd\[.*\]:.*\[DESTROY\].*SRC=192.168.100.2Show output
Jul 17 15:48:13.283556 osdx systemd-journald[93647]: Runtime Journal (/run/log/journal/7135572a45764d02b8df631348eed5fb) is 2.0M, max 15.3M, 13.3M free. Jul 17 15:48:13.285198 osdx systemd-journald[93647]: Received client request to rotate journal, rotating. Jul 17 15:48:13.285247 osdx systemd-journald[93647]: Vacuuming done, freed 0B of archived journals from /run/log/journal/7135572a45764d02b8df631348eed5fb. Jul 17 15:48:13.295342 osdx OSDxCLI[93486]: User 'admin' executed a new command: 'system journal clear'. Jul 17 15:48:13.653686 osdx osdx-coredump[100120]: Deleting all coredumps in /opt/vyatta/etc/config/coredump... Jul 17 15:48:13.660936 osdx OSDxCLI[93486]: User 'admin' executed a new command: 'system coredump delete all'. Jul 17 15:48:14.091840 osdx OSDxCLI[93486]: User 'admin' entered the configuration menu. Jul 17 15:48:14.167811 osdx OSDxCLI[93486]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 192.168.100.1/24'. Jul 17 15:48:14.255412 osdx OSDxCLI[93486]: User 'admin' added a new cfg line: 'set system conntrack logging events destroy'. Jul 17 15:48:14.309119 osdx OSDxCLI[93486]: User 'admin' added a new cfg line: 'set system conntrack timeout icmp 1'. Jul 17 15:48:14.391266 osdx OSDxCLI[93486]: User 'admin' added a new cfg line: 'set service ssh'. Jul 17 15:48:14.457833 osdx OSDxCLI[93486]: User 'admin' added a new cfg line: 'show working'. Jul 17 15:48:14.585306 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Jul 17 15:48:14.677715 osdx systemd[1]: Starting ssh.service - OpenBSD Secure Shell server... Jul 17 15:48:14.697767 osdx sshd[100211]: Server listening on 0.0.0.0 port 22. Jul 17 15:48:14.697808 osdx sshd[100211]: Server listening on :: port 22. Jul 17 15:48:14.697913 osdx systemd[1]: Started ssh.service - OpenBSD Secure Shell server. Jul 17 15:48:14.749638 osdx systemd[1]: Starting ulogd2.service - Netfilter Userspace Logging Daemon... Jul 17 15:48:14.750516 osdx systemd[1]: Started ulogd2.service - Netfilter Userspace Logging Daemon. Jul 17 15:48:14.750791 osdx ulogd[100227]: registering plugin `NFCT' Jul 17 15:48:14.750865 osdx ulogd[100227]: registering plugin `IP2STR' Jul 17 15:48:14.750920 osdx ulogd[100227]: registering plugin `PRINTFLOW' Jul 17 15:48:14.750980 osdx ulogd[100227]: registering plugin `SYSLOG' Jul 17 15:48:14.750985 osdx ulogd[100227]: building new pluginstance stack: 'ct1:NFCT,ip2str1:IP2STR,print1:PRINTFLOW,sys1:SYSLOG' Jul 17 15:48:14.751039 osdx ulogd[100227]: NFCT plugin working in event mode Jul 17 15:48:14.751051 osdx ulogd[100227]: Changing UID / GID Jul 17 15:48:14.751141 osdx ulogd[100227]: initialization finished, entering main loop Jul 17 15:48:14.751923 osdx cfgd[1240]: [93486]Completed change to active configuration Jul 17 15:48:14.754264 osdx OSDxCLI[93486]: User 'admin' committed the configuration. Jul 17 15:48:14.772636 osdx OSDxCLI[93486]: User 'admin' left the configuration menu. Jul 17 15:48:16.630872 osdx ulogd[100227]: [DESTROY] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 Jul 17 15:48:17.305487 osdx ulogd[100227]: [DESTROY] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 Jul 17 15:48:17.654912 osdx ulogd[100227]: [DESTROY] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84
Test default logging
Description
Set a simple configuration, send a ping command from one device to other
and check that default fields appear when running system journal show.
Scenario
Step 1: Set the following configuration in DUT0:
set interfaces ethernet eth0 address 192.168.100.1/24 set system conntrack logging events all set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 2: Set the following configuration in DUT1:
set interfaces ethernet eth0 address 192.168.100.2/24 set protocols static route 0.0.0.0/0 next-hop 192.168.100.1 set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 3: Ping IP address 192.168.100.1 from DUT1:
admin@DUT1$ ping 192.168.100.1 count 1 size 56 timeout 1Show output
PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data. 64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.556 ms --- 192.168.100.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.556/0.556/0.556/0.000 ms
Step 4: Ping IP address 192.168.100.1 from DUT1:
admin@DUT1$ ping 192.168.100.1 count 1 size 56 timeout 1Show output
PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data. 64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.495 ms --- 192.168.100.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.495/0.495/0.495/0.000 ms
Step 5: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
ulogd\[.*\]:.*\[((NEW)|(UPDATE)|(DESTROY))\].*SRC=192.168.100.2Show output
Jul 17 15:48:24.267357 osdx systemd-journald[93647]: Runtime Journal (/run/log/journal/7135572a45764d02b8df631348eed5fb) is 2.0M, max 15.3M, 13.3M free. Jul 17 15:48:24.268451 osdx systemd-journald[93647]: Received client request to rotate journal, rotating. Jul 17 15:48:24.268488 osdx systemd-journald[93647]: Vacuuming done, freed 0B of archived journals from /run/log/journal/7135572a45764d02b8df631348eed5fb. Jul 17 15:48:24.276349 osdx OSDxCLI[93486]: User 'admin' executed a new command: 'system journal clear'. Jul 17 15:48:24.579597 osdx osdx-coredump[100379]: Deleting all coredumps in /opt/vyatta/etc/config/coredump... Jul 17 15:48:24.587282 osdx OSDxCLI[93486]: User 'admin' executed a new command: 'system coredump delete all'. Jul 17 15:48:24.968146 osdx OSDxCLI[93486]: User 'admin' entered the configuration menu. Jul 17 15:48:25.072787 osdx OSDxCLI[93486]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 192.168.100.1/24'. Jul 17 15:48:25.121804 osdx OSDxCLI[93486]: User 'admin' added a new cfg line: 'set system conntrack logging events all'. Jul 17 15:48:25.228027 osdx OSDxCLI[93486]: User 'admin' added a new cfg line: 'show working'. Jul 17 15:48:25.312484 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Jul 17 15:48:25.368799 osdx systemd[1]: Starting ulogd2.service - Netfilter Userspace Logging Daemon... Jul 17 15:48:25.369627 osdx systemd[1]: ulogd2.service: Failed to parse PID from file /run/ulog/ulogd.pid: Invalid argument Jul 17 15:48:25.369958 osdx systemd[1]: Started ulogd2.service - Netfilter Userspace Logging Daemon. Jul 17 15:48:25.370887 osdx ulogd[100460]: registering plugin `NFCT' Jul 17 15:48:25.370936 osdx ulogd[100460]: registering plugin `IP2STR' Jul 17 15:48:25.370984 osdx ulogd[100460]: registering plugin `PRINTFLOW' Jul 17 15:48:25.371034 osdx ulogd[100460]: registering plugin `SYSLOG' Jul 17 15:48:25.371038 osdx ulogd[100460]: building new pluginstance stack: 'ct1:NFCT,ip2str1:IP2STR,print1:PRINTFLOW,sys1:SYSLOG' Jul 17 15:48:25.371083 osdx ulogd[100460]: NFCT plugin working in event mode Jul 17 15:48:25.371091 osdx ulogd[100460]: Changing UID / GID Jul 17 15:48:25.371165 osdx ulogd[100460]: initialization finished, entering main loop Jul 17 15:48:25.372310 osdx cfgd[1240]: [93486]Completed change to active configuration Jul 17 15:48:25.374861 osdx OSDxCLI[93486]: User 'admin' committed the configuration. Jul 17 15:48:25.391605 osdx OSDxCLI[93486]: User 'admin' left the configuration menu. Jul 17 15:48:26.111155 osdx ulogd[100460]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 Jul 17 15:48:26.111185 osdx ulogd[100460]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 Jul 17 15:48:26.179276 osdx ulogd[100460]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 Jul 17 15:48:26.179303 osdx ulogd[100460]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0
Test policies logging
Description
Set a simple configuration with mark and label traffic policies,
send a ping command from one device to other
and check that default, mark and label fields appear when running system journal show.
Scenario
Step 1: Set the following configuration in DUT0:
set interfaces ethernet eth0 address 192.168.100.1/24 set interfaces ethernet eth0 traffic policy in POLICY set system conntrack logging events all set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0' set traffic label TEST set traffic policy POLICY rule 1 set connmark 33 set traffic policy POLICY rule 1 set label TEST
Step 2: Set the following configuration in DUT1:
set interfaces ethernet eth0 address 192.168.100.2/24 set protocols static route 0.0.0.0/0 next-hop 192.168.100.1 set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 3: Ping IP address 192.168.100.1 from DUT1:
admin@DUT1$ ping 192.168.100.1 count 1 size 56 timeout 1Show output
PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data. 64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.866 ms --- 192.168.100.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.866/0.866/0.866/0.000 ms
Step 4: Ping IP address 192.168.100.1 from DUT1:
admin@DUT1$ ping 192.168.100.1 count 2 size 56 timeout 1Show output
PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data. 64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.458 ms 64 bytes from 192.168.100.1: icmp_seq=2 ttl=64 time=0.532 ms --- 192.168.100.1 ping statistics --- 2 packets transmitted, 2 received, 0% packet loss, time 1026ms rtt min/avg/max/mdev = 0.458/0.495/0.532/0.037 ms
Step 5: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
ulogd\[.*\]:.*\[((NEW)|(UPDATE)|(DESTROY))\].*MARK=33.*LABELS=TESTShow output
Jul 17 15:48:30.307997 osdx systemd-journald[93647]: Runtime Journal (/run/log/journal/7135572a45764d02b8df631348eed5fb) is 2.0M, max 15.3M, 13.3M free. Jul 17 15:48:30.308930 osdx systemd-journald[93647]: Received client request to rotate journal, rotating. Jul 17 15:48:30.308970 osdx systemd-journald[93647]: Vacuuming done, freed 0B of archived journals from /run/log/journal/7135572a45764d02b8df631348eed5fb. Jul 17 15:48:30.319137 osdx OSDxCLI[93486]: User 'admin' executed a new command: 'system journal clear'. Jul 17 15:48:30.640377 osdx osdx-coredump[100595]: Deleting all coredumps in /opt/vyatta/etc/config/coredump... Jul 17 15:48:30.648619 osdx OSDxCLI[93486]: User 'admin' executed a new command: 'system coredump delete all'. Jul 17 15:48:31.104996 osdx OSDxCLI[93486]: User 'admin' entered the configuration menu. Jul 17 15:48:31.180549 osdx OSDxCLI[93486]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 traffic policy in POLICY'. Jul 17 15:48:31.252802 osdx OSDxCLI[93486]: User 'admin' added a new cfg line: 'set traffic label TEST'. Jul 17 15:48:31.307287 osdx OSDxCLI[93486]: User 'admin' added a new cfg line: 'set traffic policy POLICY rule 1 set connmark 33'. Jul 17 15:48:31.400774 osdx OSDxCLI[93486]: User 'admin' added a new cfg line: 'set traffic policy POLICY rule 1 set label TEST'. Jul 17 15:48:31.450867 osdx OSDxCLI[93486]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 192.168.100.1/24'. Jul 17 15:48:31.543999 osdx OSDxCLI[93486]: User 'admin' added a new cfg line: 'set system conntrack logging events all'. Jul 17 15:48:31.612589 osdx OSDxCLI[93486]: User 'admin' added a new cfg line: 'show working'. Jul 17 15:48:31.748972 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Jul 17 15:48:32.001552 osdx systemd[1]: Starting ulogd2.service - Netfilter Userspace Logging Daemon... Jul 17 15:48:32.003080 osdx systemd[1]: ulogd2.service: Failed to parse PID from file /run/ulog/ulogd.pid: Invalid argument Jul 17 15:48:32.003624 osdx systemd[1]: Started ulogd2.service - Netfilter Userspace Logging Daemon. Jul 17 15:48:32.004587 osdx ulogd[100707]: registering plugin `NFCT' Jul 17 15:48:32.004646 osdx ulogd[100707]: registering plugin `IP2STR' Jul 17 15:48:32.004696 osdx ulogd[100707]: registering plugin `PRINTFLOW' Jul 17 15:48:32.004763 osdx ulogd[100707]: registering plugin `SYSLOG' Jul 17 15:48:32.004767 osdx ulogd[100707]: building new pluginstance stack: 'ct1:NFCT,ip2str1:IP2STR,print1:PRINTFLOW,sys1:SYSLOG' Jul 17 15:48:32.004824 osdx ulogd[100707]: NFCT plugin working in event mode Jul 17 15:48:32.004835 osdx ulogd[100707]: Changing UID / GID Jul 17 15:48:32.004977 osdx ulogd[100707]: initialization finished, entering main loop Jul 17 15:48:32.006055 osdx cfgd[1240]: [93486]Completed change to active configuration Jul 17 15:48:32.008895 osdx OSDxCLI[93486]: User 'admin' committed the configuration. Jul 17 15:48:32.029281 osdx OSDxCLI[93486]: User 'admin' left the configuration menu. Jul 17 15:48:32.781802 osdx ulogd[100707]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 MARK=33 LABELS=TEST Jul 17 15:48:32.781822 osdx ulogd[100707]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 MARK=33 Jul 17 15:48:32.860123 osdx ulogd[100707]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 MARK=33 LABELS=TEST Jul 17 15:48:32.860146 osdx ulogd[100707]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 MARK=33
Test VRF logging
Description
Set a simple configuration with a vrf,
send a ping command from one device to other
and check that default and vrf fields appear when running system journal show.
Scenario
Step 1: Set the following configuration in DUT0:
set interfaces ethernet eth0 address 192.168.100.1/24 set interfaces ethernet eth0 vrf RED set protocols vrf RED static route 0.0.0.0/0 next-hop 192.168.100.2 set system conntrack logging events all set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0' set system vrf RED
Step 2: Set the following configuration in DUT1:
set interfaces ethernet eth0 address 192.168.100.2/24 set protocols static route 0.0.0.0/0 next-hop 192.168.100.1 set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 3: Ping IP address 192.168.100.1 from DUT1:
admin@DUT1$ ping 192.168.100.1 count 1 size 56 timeout 1Show output
PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data. 64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.879 ms --- 192.168.100.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.879/0.879/0.879/0.000 ms
Step 4: Ping IP address 192.168.100.1 from DUT1:
admin@DUT1$ ping 192.168.100.1 count 1 size 56 timeout 1Show output
PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data. 64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.510 ms --- 192.168.100.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.510/0.510/0.510/0.000 ms
Step 5: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
ulogd\[.*\]:.*\[((NEW)|(UPDATE)|(DESTROY))\].*VRF=REDShow output
Jul 17 15:48:38.321746 osdx systemd-journald[93647]: Runtime Journal (/run/log/journal/7135572a45764d02b8df631348eed5fb) is 2.0M, max 15.3M, 13.3M free. Jul 17 15:48:38.322488 osdx systemd-journald[93647]: Received client request to rotate journal, rotating. Jul 17 15:48:38.322531 osdx systemd-journald[93647]: Vacuuming done, freed 0B of archived journals from /run/log/journal/7135572a45764d02b8df631348eed5fb. Jul 17 15:48:38.331680 osdx OSDxCLI[93486]: User 'admin' executed a new command: 'system journal clear'. Jul 17 15:48:38.644126 osdx osdx-coredump[100861]: Deleting all coredumps in /opt/vyatta/etc/config/coredump... Jul 17 15:48:38.651097 osdx OSDxCLI[93486]: User 'admin' executed a new command: 'system coredump delete all'. Jul 17 15:48:39.087727 osdx OSDxCLI[93486]: User 'admin' entered the configuration menu. Jul 17 15:48:39.151424 osdx OSDxCLI[93486]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 vrf RED'. Jul 17 15:48:39.253501 osdx OSDxCLI[93486]: User 'admin' added a new cfg line: 'set protocols vrf RED static route 0.0.0.0/0 next-hop 192.168.100.2'. Jul 17 15:48:39.303839 osdx OSDxCLI[93486]: User 'admin' added a new cfg line: 'set system vrf RED'. Jul 17 15:48:39.392701 osdx OSDxCLI[93486]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 192.168.100.1/24'. Jul 17 15:48:39.448101 osdx OSDxCLI[93486]: User 'admin' added a new cfg line: 'set system conntrack logging events all'. Jul 17 15:48:39.560995 osdx OSDxCLI[93486]: User 'admin' added a new cfg line: 'show working'. Jul 17 15:48:39.650474 osdx (udev-worker)[100896]: RED: Could not disable auto negotiation, ignoring: Operation not supported Jul 17 15:48:39.650499 osdx (udev-worker)[100896]: Network interface NamePolicy= disabled on kernel command line. Jul 17 15:48:39.670121 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Jul 17 15:48:39.706157 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Jul 17 15:48:39.786391 osdx systemd[1]: Starting ulogd2.service - Netfilter Userspace Logging Daemon... Jul 17 15:48:39.787617 osdx systemd[1]: Started ulogd2.service - Netfilter Userspace Logging Daemon. Jul 17 15:48:39.788467 osdx ulogd[100975]: registering plugin `NFCT' Jul 17 15:48:39.788511 osdx ulogd[100975]: registering plugin `IP2STR' Jul 17 15:48:39.788557 osdx ulogd[100975]: registering plugin `PRINTFLOW' Jul 17 15:48:39.788601 osdx ulogd[100975]: registering plugin `SYSLOG' Jul 17 15:48:39.788605 osdx ulogd[100975]: building new pluginstance stack: 'ct1:NFCT,ip2str1:IP2STR,print1:PRINTFLOW,sys1:SYSLOG' Jul 17 15:48:39.788644 osdx ulogd[100975]: NFCT plugin working in event mode Jul 17 15:48:39.788650 osdx ulogd[100975]: Changing UID / GID Jul 17 15:48:39.788716 osdx ulogd[100975]: initialization finished, entering main loop Jul 17 15:48:39.789256 osdx cfgd[1240]: [93486]Completed change to active configuration Jul 17 15:48:39.814303 osdx OSDxCLI[93486]: User 'admin' committed the configuration. Jul 17 15:48:39.831076 osdx OSDxCLI[93486]: User 'admin' left the configuration menu. Jul 17 15:48:40.629398 osdx ulogd[100975]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 VRF=RED PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 VRF=RED PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 Jul 17 15:48:40.629419 osdx ulogd[100975]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 VRF=RED PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 VRF=RED PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 Jul 17 15:48:40.710048 osdx ulogd[100975]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 VRF=RED PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 VRF=RED PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 Jul 17 15:48:40.710077 osdx ulogd[100975]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 VRF=RED PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 VRF=RED PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0
Test Not-Bypass logging
Description
Set a simple configuration with a firewall service,
send a ping command from one device to other
and check that default and bypass fields appear when running system journal show.
Scenario
Step 1: Set the following configuration in DUT0:
set interfaces ethernet eth1 address 10.215.168.64/24 set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 2: Ping IP address 10.215.168.1 from DUT0:
admin@DUT0$ ping 10.215.168.1 count 1 size 56 timeout 1Show output
PING 10.215.168.1 (10.215.168.1) 56(84) bytes of data. 64 bytes from 10.215.168.1: icmp_seq=1 ttl=64 time=0.207 ms --- 10.215.168.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.207/0.207/0.207/0.000 ms
Step 3: Run command file copy http://10.215.168.1/~robot/test-performance.rules running:// force at DUT0 and expect this output:
Show output
% Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 100 129 100 129 0 0 23344 0 --:--:-- --:--:-- --:--:-- 25800
Step 4: Set the following configuration in DUT0:
set interfaces ethernet eth0 address 192.168.100.1/24 set interfaces ethernet eth0 traffic policy in POLICY set interfaces ethernet eth1 address 10.215.168.64/24 set service firewall FW mode inline queue FW_Q set service firewall FW ruleset file 'running://test-performance.rules' set service firewall FW stream bypass mark 129834765 set service firewall FW stream bypass mask 129834765 set service firewall FW stream bypass set-connmark set system conntrack logging events all set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0' set traffic policy POLICY rule 1 action enqueue FW_Q set traffic queue FW_Q elements 1
Step 5: Set the following configuration in DUT1:
set interfaces ethernet eth0 address 192.168.100.2/24 set protocols static route 0.0.0.0/0 next-hop 192.168.100.1 set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 6: Ping IP address 192.168.100.1 from DUT1:
admin@DUT1$ ping 192.168.100.1 count 1 size 56 timeout 1Show output
PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data. 64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=1.08 ms --- 192.168.100.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 1.078/1.078/1.078/0.000 ms
Step 7: Ping IP address 192.168.100.1 from DUT1:
admin@DUT1$ ping 192.168.100.1 count 1 size 56 timeout 1Show output
PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data. 64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.600 ms --- 192.168.100.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.600/0.600/0.600/0.000 ms
Step 8: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
ulogd\[.*\]:.*\[((NEW)|(UPDATE)|(DESTROY))\].*Sc: not-bypassShow output
Jul 17 15:48:45.358093 osdx systemd-journald[93647]: Runtime Journal (/run/log/journal/7135572a45764d02b8df631348eed5fb) is 2.0M, max 15.3M, 13.3M free. Jul 17 15:48:45.360377 osdx systemd-journald[93647]: Received client request to rotate journal, rotating. Jul 17 15:48:45.360432 osdx systemd-journald[93647]: Vacuuming done, freed 0B of archived journals from /run/log/journal/7135572a45764d02b8df631348eed5fb. Jul 17 15:48:45.371284 osdx OSDxCLI[93486]: User 'admin' executed a new command: 'system journal clear'. Jul 17 15:48:45.683079 osdx osdx-coredump[101149]: Deleting all coredumps in /opt/vyatta/etc/config/coredump... Jul 17 15:48:45.690374 osdx OSDxCLI[93486]: User 'admin' executed a new command: 'system coredump delete all'. Jul 17 15:48:46.093808 osdx OSDxCLI[93486]: User 'admin' entered the configuration menu. Jul 17 15:48:46.206373 osdx OSDxCLI[93486]: User 'admin' added a new cfg line: 'set interfaces ethernet eth1 address 10.215.168.64/24'. Jul 17 15:48:46.267367 osdx OSDxCLI[93486]: User 'admin' added a new cfg line: 'show working'. Jul 17 15:48:46.372395 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth1 Jul 17 15:48:46.407170 osdx cfgd[1240]: [93486]Completed change to active configuration Jul 17 15:48:46.409438 osdx OSDxCLI[93486]: User 'admin' committed the configuration. Jul 17 15:48:46.435195 osdx OSDxCLI[93486]: User 'admin' left the configuration menu. Jul 17 15:48:46.574583 osdx OSDxCLI[93486]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'. Jul 17 15:48:46.729197 osdx file_operation[101249]: using src url: http://10.215.168.1/~robot/test-performance.rules dst url: running:// Jul 17 15:48:46.756791 osdx OSDxCLI[93486]: User 'admin' executed a new command: 'file copy http://10.215.168.1/~robot/test-performance.rules running:// force'. Jul 17 15:48:46.887487 osdx OSDxCLI[93486]: User 'admin' entered the configuration menu. Jul 17 15:48:46.951714 osdx OSDxCLI[93486]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 traffic policy in POLICY'. Jul 17 15:48:47.044380 osdx OSDxCLI[93486]: User 'admin' added a new cfg line: 'set service firewall FW mode inline queue FW_Q'. Jul 17 15:48:47.096446 osdx OSDxCLI[93486]: User 'admin' added a new cfg line: 'set service firewall FW ruleset file 'running://test-performance.rules''. Jul 17 15:48:47.192553 osdx OSDxCLI[93486]: User 'admin' added a new cfg line: 'set service firewall FW stream bypass'. Jul 17 15:48:47.243480 osdx OSDxCLI[93486]: User 'admin' added a new cfg line: 'set service firewall FW stream bypass mark 129834765'. Jul 17 15:48:47.346311 osdx OSDxCLI[93486]: User 'admin' added a new cfg line: 'set service firewall FW stream bypass mask 129834765'. Jul 17 15:48:47.399396 osdx OSDxCLI[93486]: User 'admin' added a new cfg line: 'set service firewall FW stream bypass set-connmark'. Jul 17 15:48:47.499747 osdx OSDxCLI[93486]: User 'admin' added a new cfg line: 'set traffic queue FW_Q elements 1'. Jul 17 15:48:47.559639 osdx OSDxCLI[93486]: User 'admin' added a new cfg line: 'set traffic policy POLICY rule 1 action enqueue FW_Q'. Jul 17 15:48:47.698367 osdx OSDxCLI[93486]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 192.168.100.1/24'. Jul 17 15:48:47.753284 osdx OSDxCLI[93486]: User 'admin' added a new cfg line: 'set system conntrack logging events all'. Jul 17 15:48:47.882047 osdx OSDxCLI[93486]: User 'admin' added a new cfg line: 'show working'. Jul 17 15:48:48.056282 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Jul 17 15:48:48.356645 osdx systemd[1]: Starting ulogd2.service - Netfilter Userspace Logging Daemon... Jul 17 15:48:48.357618 osdx systemd[1]: ulogd2.service: Failed to parse PID from file /run/ulog/ulogd.pid: Invalid argument Jul 17 15:48:48.358077 osdx systemd[1]: Started ulogd2.service - Netfilter Userspace Logging Daemon. Jul 17 15:48:48.359091 osdx ulogd[101371]: registering plugin `NFCT' Jul 17 15:48:48.359312 osdx ulogd[101371]: registering plugin `IP2STR' Jul 17 15:48:48.359414 osdx ulogd[101371]: registering plugin `PRINTFLOW' Jul 17 15:48:48.359519 osdx ulogd[101371]: registering plugin `SYSLOG' Jul 17 15:48:48.359565 osdx ulogd[101371]: building new pluginstance stack: 'ct1:NFCT,ip2str1:IP2STR,print1:PRINTFLOW,sys1:SYSLOG' Jul 17 15:48:48.359657 osdx ulogd[101371]: NFCT plugin working in event mode Jul 17 15:48:48.359709 osdx ulogd[101371]: Changing UID / GID Jul 17 15:48:48.359833 osdx ulogd[101371]: initialization finished, entering main loop Jul 17 15:48:48.397505 osdx systemd[1]: Reloading. Jul 17 15:48:48.496303 osdx systemd-sysv-generator[101391]: stat() failed on /etc/init.d/README, ignoring: No such file or directory Jul 17 15:48:48.600850 osdx systemd[1]: Starting logrotate.service - Rotate log files... Jul 17 15:48:48.604838 osdx systemd[1]: Created slice system-suricata.slice - Slice /system/suricata. Jul 17 15:48:48.605725 osdx systemd[1]: Starting suricata@FW.service - Suricata client "FW" service... Jul 17 15:48:48.634425 osdx systemd[1]: logrotate.service: Deactivated successfully. Jul 17 15:48:48.634540 osdx systemd[1]: Finished logrotate.service - Rotate log files. Jul 17 15:48:48.956685 osdx systemd[1]: Started suricata@FW.service - Suricata client "FW" service. Jul 17 15:48:49.139198 osdx INFO[101372]: Rules successfully loaded Jul 17 15:48:49.143311 osdx cfgd[1240]: [93486]Completed change to active configuration Jul 17 15:48:49.145704 osdx OSDxCLI[93486]: User 'admin' committed the configuration. Jul 17 15:48:49.164481 osdx OSDxCLI[93486]: User 'admin' left the configuration menu. Jul 17 15:48:49.903523 osdx ulogd[101371]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 (Sc: not-bypass) Jul 17 15:48:49.903540 osdx ulogd[101371]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 (Sc: not-bypass) Jul 17 15:48:49.974148 osdx ulogd[101371]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 (Sc: not-bypass) Jul 17 15:48:49.974167 osdx ulogd[101371]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 (Sc: not-bypass)
Test Offload flag
Description
Set a simple configuration with DUT0 as an intermediary between DUT1
and DUT2. Initiate a ssh connection from DUT1 to DUT2
and check that default and offload fields appear when running system journal show.
Scenario
Step 1: Set the following configuration in DUT0:
set interfaces ethernet eth0 address 192.168.100.1/24 set interfaces ethernet eth1 address 192.168.200.1/24 set system conntrack logging events all set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 2: Set the following configuration in DUT1:
set interfaces ethernet eth0 address 192.168.100.2/24 set protocols static route 0.0.0.0/0 next-hop 192.168.100.1 set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 3: Set the following configuration in DUT2:
set interfaces ethernet eth0 address 192.168.200.2/24 set protocols static route 0.0.0.0/0 next-hop 192.168.200.1 set service ssh set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 4: Ping IP address 192.168.100.1 from DUT1:
admin@DUT1$ ping 192.168.100.1 count 1 size 56 timeout 1Show output
PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data. 64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.431 ms --- 192.168.100.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.431/0.431/0.431/0.000 ms
Step 5: Ping IP address 192.168.200.1 from DUT2:
admin@DUT2$ ping 192.168.200.1 count 1 size 56 timeout 1Show output
PING 192.168.200.1 (192.168.200.1) 56(84) bytes of data. 64 bytes from 192.168.200.1: icmp_seq=1 ttl=64 time=0.428 ms --- 192.168.200.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.428/0.428/0.428/0.000 ms
Step 6: Init an SSH connection from DUT1 to IP address 192.168.200.2 with the user admin:
admin@DUT1$ ssh admin@192.168.200.2 option StrictHostKeyChecking=no option UserKnownHostsFile=/dev/nullShow output
Warning: Permanently added '192.168.200.2' (ED25519) to the list of known hosts. admin@192.168.200.2's password: Welcome to Teldat OSDx v4.1.1.1 This system includes free software. Contact Teldat for licenses information and source code. Last login: Wed Jul 17 15:40:01 2024 admin@osdx$
Step 7: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
ulogd\[.*\]:.*\[((NEW)|(UPDATE)|(DESTROY))\].*\[OFFLOAD\]Show output
Jul 17 15:48:55.313285 osdx systemd-journald[93647]: Runtime Journal (/run/log/journal/7135572a45764d02b8df631348eed5fb) is 2.0M, max 15.3M, 13.3M free. Jul 17 15:48:55.317229 osdx systemd-journald[93647]: Received client request to rotate journal, rotating. Jul 17 15:48:55.317283 osdx systemd-journald[93647]: Vacuuming done, freed 0B of archived journals from /run/log/journal/7135572a45764d02b8df631348eed5fb. Jul 17 15:48:55.323472 osdx OSDxCLI[93486]: User 'admin' executed a new command: 'system journal clear'. Jul 17 15:48:55.624361 osdx osdx-coredump[101609]: Deleting all coredumps in /opt/vyatta/etc/config/coredump... Jul 17 15:48:55.631635 osdx OSDxCLI[93486]: User 'admin' executed a new command: 'system coredump delete all'. Jul 17 15:48:56.035287 osdx OSDxCLI[93486]: User 'admin' entered the configuration menu. Jul 17 15:48:56.098872 osdx OSDxCLI[93486]: User 'admin' added a new cfg line: 'set interfaces ethernet eth1 address 192.168.200.1/24'. Jul 17 15:48:56.192379 osdx OSDxCLI[93486]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 192.168.100.1/24'. Jul 17 15:48:56.244382 osdx OSDxCLI[93486]: User 'admin' added a new cfg line: 'set system conntrack logging events all'. Jul 17 15:48:56.360422 osdx OSDxCLI[93486]: User 'admin' added a new cfg line: 'show working'. Jul 17 15:48:56.453133 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth1 Jul 17 15:48:56.497149 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Jul 17 15:48:56.561560 osdx systemd[1]: Starting ulogd2.service - Netfilter Userspace Logging Daemon... Jul 17 15:48:56.562266 osdx systemd[1]: Started ulogd2.service - Netfilter Userspace Logging Daemon. Jul 17 15:48:56.562467 osdx ulogd[101739]: registering plugin `NFCT' Jul 17 15:48:56.562528 osdx ulogd[101739]: registering plugin `IP2STR' Jul 17 15:48:56.562580 osdx ulogd[101739]: registering plugin `PRINTFLOW' Jul 17 15:48:56.562639 osdx ulogd[101739]: registering plugin `SYSLOG' Jul 17 15:48:56.562644 osdx ulogd[101739]: building new pluginstance stack: 'ct1:NFCT,ip2str1:IP2STR,print1:PRINTFLOW,sys1:SYSLOG' Jul 17 15:48:56.562698 osdx ulogd[101739]: NFCT plugin working in event mode Jul 17 15:48:56.562707 osdx ulogd[101739]: Changing UID / GID Jul 17 15:48:56.562793 osdx ulogd[101739]: initialization finished, entering main loop Jul 17 15:48:56.563989 osdx cfgd[1240]: [93486]Completed change to active configuration Jul 17 15:48:56.566073 osdx OSDxCLI[93486]: User 'admin' committed the configuration. Jul 17 15:48:56.581703 osdx OSDxCLI[93486]: User 'admin' left the configuration menu. Jul 17 15:48:58.180869 osdx ulogd[101739]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 Jul 17 15:48:58.180890 osdx ulogd[101739]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 Jul 17 15:48:58.260598 osdx ulogd[101739]: [NEW] ORIG: SRC=192.168.200.2 DST=192.168.200.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.200.1 DST=192.168.200.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 Jul 17 15:48:58.260621 osdx ulogd[101739]: [UPDATE] ORIG: SRC=192.168.200.2 DST=192.168.200.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.200.1 DST=192.168.200.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 Jul 17 15:48:58.420414 osdx ulogd[101739]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.200.2 PROTO=TCP SPT=37784 DPT=22 PKTS=0 BYTES=0 , REPLY: SRC=192.168.200.2 DST=192.168.100.2 PROTO=TCP SPT=22 DPT=37784 PKTS=0 BYTES=0 Jul 17 15:48:58.420649 osdx ulogd[101739]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.200.2 PROTO=TCP SPT=37784 DPT=22 PKTS=0 BYTES=0 , REPLY: SRC=192.168.200.2 DST=192.168.100.2 PROTO=TCP SPT=22 DPT=37784 PKTS=0 BYTES=0 Jul 17 15:48:58.420915 osdx ulogd[101739]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.200.2 PROTO=TCP SPT=37784 DPT=22 PKTS=0 BYTES=0 , REPLY: SRC=192.168.200.2 DST=192.168.100.2 PROTO=TCP SPT=22 DPT=37784 PKTS=0 BYTES=0 [OFFLOAD] Jul 17 15:48:58.678052 osdx ulogd[101739]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.200.2 PROTO=TCP SPT=37784 DPT=22 PKTS=0 BYTES=0 , REPLY: SRC=192.168.200.2 DST=192.168.100.2 PROTO=TCP SPT=22 DPT=37784 PKTS=0 BYTES=0 Jul 17 15:48:58.679270 osdx ulogd[101739]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.200.2 PROTO=TCP SPT=37784 DPT=22 PKTS=0 BYTES=0 , REPLY: SRC=192.168.200.2 DST=192.168.100.2 PROTO=TCP SPT=22 DPT=37784 PKTS=0 BYTES=0 Jul 17 15:48:58.679443 osdx ulogd[101739]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.200.2 PROTO=TCP SPT=37784 DPT=22 PKTS=0 BYTES=0 , REPLY: SRC=192.168.200.2 DST=192.168.100.2 PROTO=TCP SPT=22 DPT=37784 PKTS=0 BYTES=0 [OFFLOAD]