Logging
The following scenarios show how to configure the conntrack logging option with different traffic policies and services enabled, in order to check that all fields are displayed correctly and all events are captured.
Test new events
Description
Test to check NEW sessions events are captured
Scenario
Step 1: Set the following configuration in DUT0:
set interfaces ethernet eth0 address 192.168.100.1/24 set system conntrack logging events new set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 2: Set the following configuration in DUT1:
set interfaces ethernet eth0 address 192.168.100.2/24 set protocols static route 0.0.0.0/0 next-hop 192.168.100.1 set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 3: Ping IP address 192.168.100.1 from DUT1:
admin@DUT1$ ping 192.168.100.1 count 1 size 56 timeout 1Show output
PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data. 64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.422 ms --- 192.168.100.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.422/0.422/0.422/0.000 ms
Step 4: Ping IP address 192.168.100.1 from DUT1:
admin@DUT1$ ping 192.168.100.1 count 1 size 56 timeout 1Show output
PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data. 64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.265 ms --- 192.168.100.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.265/0.265/0.265/0.000 ms
Step 5: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
ulogd\[.*\]:.*\[NEW\].*SRC=192.168.100.2Show output
Jul 30 10:11:33.319842 osdx systemd-journald[60253]: Runtime Journal (/run/log/journal/22c37bf8be29452e87aca50c6265032f) is 568.0K, max 15.3M, 14.7M free. Jul 30 10:11:33.323709 osdx systemd-journald[60253]: Received client request to rotate journal, rotating. Jul 30 10:11:33.323788 osdx systemd-journald[60253]: Vacuuming done, freed 0B of archived journals from /run/log/journal/22c37bf8be29452e87aca50c6265032f. Jul 30 10:11:33.331916 osdx OSDxCLI[60091]: User 'admin' executed a new command: 'system journal clear'. Jul 30 10:11:33.683807 osdx osdx-coredump[60287]: Deleting all coredumps in /opt/vyatta/etc/config/coredump... Jul 30 10:11:33.691505 osdx OSDxCLI[60091]: User 'admin' executed a new command: 'system coredump delete all'. Jul 30 10:11:34.211699 osdx OSDxCLI[60091]: User 'admin' entered the configuration menu. Jul 30 10:11:34.324227 osdx OSDxCLI[60091]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 192.168.100.1/24'. Jul 30 10:11:34.378319 osdx OSDxCLI[60091]: User 'admin' added a new cfg line: 'set system conntrack logging events new'. Jul 30 10:11:34.483875 osdx OSDxCLI[60091]: User 'admin' added a new cfg line: 'show working'. Jul 30 10:11:34.579708 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Jul 30 10:11:34.676122 osdx systemd[1]: Starting ulogd2.service - Netfilter Userspace Logging Daemon... Jul 30 10:11:34.679318 osdx systemd[1]: Started ulogd2.service - Netfilter Userspace Logging Daemon. Jul 30 10:11:34.680815 osdx cfgd[1242]: [60091]Completed change to active configuration Jul 30 10:11:34.681849 osdx ulogd[60368]: registering plugin `NFCT' Jul 30 10:11:34.682674 osdx ulogd[60368]: registering plugin `IP2STR' Jul 30 10:11:34.682740 osdx ulogd[60368]: registering plugin `PRINTFLOW' Jul 30 10:11:34.683776 osdx ulogd[60368]: registering plugin `SYSLOG' Jul 30 10:11:34.683783 osdx ulogd[60368]: building new pluginstance stack: 'ct1:NFCT,ip2str1:IP2STR,print1:PRINTFLOW,sys1:SYSLOG' Jul 30 10:11:34.683823 osdx ulogd[60368]: NFCT plugin working in event mode Jul 30 10:11:34.683829 osdx ulogd[60368]: Changing UID / GID Jul 30 10:11:34.683899 osdx OSDxCLI[60091]: User 'admin' committed the configuration. Jul 30 10:11:34.683901 osdx ulogd[60368]: initialization finished, entering main loop Jul 30 10:11:34.700884 osdx OSDxCLI[60091]: User 'admin' left the configuration menu. Jul 30 10:11:35.585010 osdx ulogd[60368]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 Jul 30 10:11:35.698692 osdx ulogd[60368]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0
Test update events
Description
Test to check UPDATE sessions events are captured
Scenario
Step 1: Set the following configuration in DUT0:
set interfaces ethernet eth0 address 192.168.100.1/24 set system conntrack logging events update set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 2: Set the following configuration in DUT1:
set interfaces ethernet eth0 address 192.168.100.2/24 set protocols static route 0.0.0.0/0 next-hop 192.168.100.1 set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 3: Ping IP address 192.168.100.1 from DUT1:
admin@DUT1$ ping 192.168.100.1 count 1 size 56 timeout 1Show output
PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data. 64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.406 ms --- 192.168.100.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.406/0.406/0.406/0.000 ms
Step 4: Ping IP address 192.168.100.1 from DUT1:
admin@DUT1$ ping 192.168.100.1 count 1 size 56 timeout 1Show output
PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data. 64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.258 ms --- 192.168.100.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.258/0.258/0.258/0.000 ms
Step 5: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
ulogd\[.*\]:.*\[UPDATE\].*SRC=192.168.100.2Show output
Jul 30 10:11:40.375807 osdx systemd-journald[60253]: Runtime Journal (/run/log/journal/22c37bf8be29452e87aca50c6265032f) is 2.0M, max 15.3M, 13.2M free. Jul 30 10:11:40.379098 osdx systemd-journald[60253]: Received client request to rotate journal, rotating. Jul 30 10:11:40.379174 osdx systemd-journald[60253]: Vacuuming done, freed 0B of archived journals from /run/log/journal/22c37bf8be29452e87aca50c6265032f. Jul 30 10:11:40.387656 osdx OSDxCLI[60091]: User 'admin' executed a new command: 'system journal clear'. Jul 30 10:11:40.747631 osdx osdx-coredump[60503]: Deleting all coredumps in /opt/vyatta/etc/config/coredump... Jul 30 10:11:40.755326 osdx OSDxCLI[60091]: User 'admin' executed a new command: 'system coredump delete all'. Jul 30 10:11:41.254722 osdx OSDxCLI[60091]: User 'admin' entered the configuration menu. Jul 30 10:11:41.357898 osdx OSDxCLI[60091]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 192.168.100.1/24'. Jul 30 10:11:41.425850 osdx OSDxCLI[60091]: User 'admin' added a new cfg line: 'set system conntrack logging events update'. Jul 30 10:11:41.563889 osdx OSDxCLI[60091]: User 'admin' added a new cfg line: 'show working'. Jul 30 10:11:41.691116 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Jul 30 10:11:41.791705 osdx systemd[1]: Starting ulogd2.service - Netfilter Userspace Logging Daemon... Jul 30 10:11:41.792612 osdx systemd[1]: ulogd2.service: Failed to parse PID from file /run/ulog/ulogd.pid: Invalid argument Jul 30 10:11:41.793135 osdx systemd[1]: Started ulogd2.service - Netfilter Userspace Logging Daemon. Jul 30 10:11:41.794785 osdx cfgd[1242]: [60091]Completed change to active configuration Jul 30 10:11:41.795195 osdx ulogd[60584]: registering plugin `NFCT' Jul 30 10:11:41.795451 osdx ulogd[60584]: registering plugin `IP2STR' Jul 30 10:11:41.795548 osdx ulogd[60584]: registering plugin `PRINTFLOW' Jul 30 10:11:41.795629 osdx ulogd[60584]: registering plugin `SYSLOG' Jul 30 10:11:41.795662 osdx ulogd[60584]: building new pluginstance stack: 'ct1:NFCT,ip2str1:IP2STR,print1:PRINTFLOW,sys1:SYSLOG' Jul 30 10:11:41.795731 osdx ulogd[60584]: NFCT plugin working in event mode Jul 30 10:11:41.795763 osdx ulogd[60584]: Changing UID / GID Jul 30 10:11:41.795862 osdx ulogd[60584]: initialization finished, entering main loop Jul 30 10:11:41.797406 osdx OSDxCLI[60091]: User 'admin' committed the configuration. Jul 30 10:11:41.814892 osdx OSDxCLI[60091]: User 'admin' left the configuration menu. Jul 30 10:11:42.594375 osdx ulogd[60584]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 Jul 30 10:11:42.673252 osdx ulogd[60584]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0
Test destroy events
Description
Test to check DESTROY sessions events are captured
Scenario
Step 1: Set the following configuration in DUT0:
set interfaces ethernet eth0 address 192.168.100.1/24 set service ssh set system conntrack logging events destroy set system conntrack timeout icmp 1 set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 2: Set the following configuration in DUT1:
set interfaces ethernet eth0 address 192.168.100.2/24 set protocols static route 0.0.0.0/0 next-hop 192.168.100.1 set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 3: Ping IP address 192.168.100.1 from DUT1:
admin@DUT1$ ping 192.168.100.1 count 1 size 56 timeout 1Show output
PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data. 64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.327 ms --- 192.168.100.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.327/0.327/0.327/0.000 ms
Step 4: Ping IP address 192.168.100.1 from DUT1:
admin@DUT1$ ping 192.168.100.1 count 3 size 56 timeout 1Show output
PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data. 64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.277 ms 64 bytes from 192.168.100.1: icmp_seq=2 ttl=64 time=0.309 ms 64 bytes from 192.168.100.1: icmp_seq=3 ttl=64 time=0.300 ms --- 192.168.100.1 ping statistics --- 3 packets transmitted, 3 received, 0% packet loss, time 2032ms rtt min/avg/max/mdev = 0.277/0.295/0.309/0.013 ms
Step 5: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
ulogd\[.*\]:.*\[DESTROY\].*SRC=192.168.100.2Show output
Jul 30 10:11:47.308653 osdx systemd-journald[60253]: Runtime Journal (/run/log/journal/22c37bf8be29452e87aca50c6265032f) is 2.0M, max 15.3M, 13.3M free. Jul 30 10:11:47.309160 osdx systemd-journald[60253]: Received client request to rotate journal, rotating. Jul 30 10:11:47.309191 osdx systemd-journald[60253]: Vacuuming done, freed 0B of archived journals from /run/log/journal/22c37bf8be29452e87aca50c6265032f. Jul 30 10:11:47.320537 osdx OSDxCLI[60091]: User 'admin' executed a new command: 'system journal clear'. Jul 30 10:11:47.656151 osdx osdx-coredump[60719]: Deleting all coredumps in /opt/vyatta/etc/config/coredump... Jul 30 10:11:47.666604 osdx OSDxCLI[60091]: User 'admin' executed a new command: 'system coredump delete all'. Jul 30 10:11:48.132182 osdx OSDxCLI[60091]: User 'admin' entered the configuration menu. Jul 30 10:11:48.217623 osdx OSDxCLI[60091]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 192.168.100.1/24'. Jul 30 10:11:48.302981 osdx OSDxCLI[60091]: User 'admin' added a new cfg line: 'set system conntrack logging events destroy'. Jul 30 10:11:48.359177 osdx OSDxCLI[60091]: User 'admin' added a new cfg line: 'set system conntrack timeout icmp 1'. Jul 30 10:11:48.503570 osdx OSDxCLI[60091]: User 'admin' added a new cfg line: 'set service ssh'. Jul 30 10:11:48.582546 osdx OSDxCLI[60091]: User 'admin' added a new cfg line: 'show working'. Jul 30 10:11:48.716850 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Jul 30 10:11:48.841395 osdx systemd[1]: Starting ssh.service - OpenBSD Secure Shell server... Jul 30 10:11:48.858327 osdx sshd[60810]: Server listening on 0.0.0.0 port 22. Jul 30 10:11:48.858352 osdx sshd[60810]: Server listening on :: port 22. Jul 30 10:11:48.858446 osdx systemd[1]: Started ssh.service - OpenBSD Secure Shell server. Jul 30 10:11:48.941202 osdx systemd[1]: Starting ulogd2.service - Netfilter Userspace Logging Daemon... Jul 30 10:11:48.942421 osdx systemd[1]: Started ulogd2.service - Netfilter Userspace Logging Daemon. Jul 30 10:11:48.943745 osdx cfgd[1242]: [60091]Completed change to active configuration Jul 30 10:11:48.944047 osdx ulogd[60826]: registering plugin `NFCT' Jul 30 10:11:48.944104 osdx ulogd[60826]: registering plugin `IP2STR' Jul 30 10:11:48.944155 osdx ulogd[60826]: registering plugin `PRINTFLOW' Jul 30 10:11:48.944200 osdx ulogd[60826]: registering plugin `SYSLOG' Jul 30 10:11:48.944203 osdx ulogd[60826]: building new pluginstance stack: 'ct1:NFCT,ip2str1:IP2STR,print1:PRINTFLOW,sys1:SYSLOG' Jul 30 10:11:48.944243 osdx ulogd[60826]: NFCT plugin working in event mode Jul 30 10:11:48.944250 osdx ulogd[60826]: Changing UID / GID Jul 30 10:11:48.944323 osdx ulogd[60826]: initialization finished, entering main loop Jul 30 10:11:48.946030 osdx OSDxCLI[60091]: User 'admin' committed the configuration. Jul 30 10:11:48.961285 osdx OSDxCLI[60091]: User 'admin' left the configuration menu. Jul 30 10:11:50.938257 osdx ulogd[60826]: [DESTROY] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 Jul 30 10:11:51.962213 osdx ulogd[60826]: [DESTROY] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84
Test default logging
Description
Set a simple configuration, send a ping command from one device to other
and check that default fields appear when running system journal show.
Scenario
Step 1: Set the following configuration in DUT0:
set interfaces ethernet eth0 address 192.168.100.1/24 set system conntrack logging events all set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 2: Set the following configuration in DUT1:
set interfaces ethernet eth0 address 192.168.100.2/24 set protocols static route 0.0.0.0/0 next-hop 192.168.100.1 set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 3: Ping IP address 192.168.100.1 from DUT1:
admin@DUT1$ ping 192.168.100.1 count 1 size 56 timeout 1Show output
PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data. 64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.478 ms --- 192.168.100.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.478/0.478/0.478/0.000 ms
Step 4: Ping IP address 192.168.100.1 from DUT1:
admin@DUT1$ ping 192.168.100.1 count 1 size 56 timeout 1Show output
PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data. 64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.257 ms --- 192.168.100.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.257/0.257/0.257/0.000 ms
Step 5: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
ulogd\[.*\]:.*\[((NEW)|(UPDATE)|(DESTROY))\].*SRC=192.168.100.2Show output
Jul 30 10:11:58.306894 osdx systemd-journald[60253]: Runtime Journal (/run/log/journal/22c37bf8be29452e87aca50c6265032f) is 2.0M, max 15.3M, 13.3M free. Jul 30 10:11:58.310554 osdx systemd-journald[60253]: Received client request to rotate journal, rotating. Jul 30 10:11:58.310620 osdx systemd-journald[60253]: Vacuuming done, freed 0B of archived journals from /run/log/journal/22c37bf8be29452e87aca50c6265032f. Jul 30 10:11:58.318567 osdx OSDxCLI[60091]: User 'admin' executed a new command: 'system journal clear'. Jul 30 10:11:58.636000 osdx osdx-coredump[60976]: Deleting all coredumps in /opt/vyatta/etc/config/coredump... Jul 30 10:11:58.643434 osdx OSDxCLI[60091]: User 'admin' executed a new command: 'system coredump delete all'. Jul 30 10:11:59.144497 osdx OSDxCLI[60091]: User 'admin' entered the configuration menu. Jul 30 10:11:59.226126 osdx OSDxCLI[60091]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 192.168.100.1/24'. Jul 30 10:11:59.284373 osdx OSDxCLI[60091]: User 'admin' added a new cfg line: 'set system conntrack logging events all'. Jul 30 10:11:59.414619 osdx OSDxCLI[60091]: User 'admin' added a new cfg line: 'show working'. Jul 30 10:11:59.510549 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Jul 30 10:11:59.578859 osdx systemd[1]: Starting ulogd2.service - Netfilter Userspace Logging Daemon... Jul 30 10:11:59.579960 osdx systemd[1]: Started ulogd2.service - Netfilter Userspace Logging Daemon. Jul 30 10:11:59.580198 osdx ulogd[61057]: registering plugin `NFCT' Jul 30 10:11:59.580260 osdx ulogd[61057]: registering plugin `IP2STR' Jul 30 10:11:59.580315 osdx ulogd[61057]: registering plugin `PRINTFLOW' Jul 30 10:11:59.580373 osdx ulogd[61057]: registering plugin `SYSLOG' Jul 30 10:11:59.580377 osdx ulogd[61057]: building new pluginstance stack: 'ct1:NFCT,ip2str1:IP2STR,print1:PRINTFLOW,sys1:SYSLOG' Jul 30 10:11:59.580430 osdx ulogd[61057]: NFCT plugin working in event mode Jul 30 10:11:59.580439 osdx ulogd[61057]: Changing UID / GID Jul 30 10:11:59.580529 osdx ulogd[61057]: initialization finished, entering main loop Jul 30 10:11:59.582139 osdx cfgd[1242]: [60091]Completed change to active configuration Jul 30 10:11:59.584603 osdx OSDxCLI[60091]: User 'admin' committed the configuration. Jul 30 10:11:59.602921 osdx OSDxCLI[60091]: User 'admin' left the configuration menu. Jul 30 10:12:00.563037 osdx ulogd[61057]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 Jul 30 10:12:00.563060 osdx ulogd[61057]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 Jul 30 10:12:00.670111 osdx ulogd[61057]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 Jul 30 10:12:00.670131 osdx ulogd[61057]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0
Test policies logging
Description
Set a simple configuration with mark and label traffic policies,
send a ping command from one device to other
and check that default, mark and label fields appear when running system journal show.
Scenario
Step 1: Set the following configuration in DUT0:
set interfaces ethernet eth0 address 192.168.100.1/24 set interfaces ethernet eth0 traffic policy in POLICY set system conntrack logging events all set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0' set traffic label TEST set traffic policy POLICY rule 1 set connmark 33 set traffic policy POLICY rule 1 set label TEST
Step 2: Set the following configuration in DUT1:
set interfaces ethernet eth0 address 192.168.100.2/24 set protocols static route 0.0.0.0/0 next-hop 192.168.100.1 set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 3: Ping IP address 192.168.100.1 from DUT1:
admin@DUT1$ ping 192.168.100.1 count 1 size 56 timeout 1Show output
PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data. 64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.417 ms --- 192.168.100.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.417/0.417/0.417/0.000 ms
Step 4: Ping IP address 192.168.100.1 from DUT1:
admin@DUT1$ ping 192.168.100.1 count 2 size 56 timeout 1Show output
PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data. 64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.403 ms 64 bytes from 192.168.100.1: icmp_seq=2 ttl=64 time=0.287 ms --- 192.168.100.1 ping statistics --- 2 packets transmitted, 2 received, 0% packet loss, time 1002ms rtt min/avg/max/mdev = 0.287/0.345/0.403/0.058 ms
Step 5: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
ulogd\[.*\]:.*\[((NEW)|(UPDATE)|(DESTROY))\].*MARK=33.*LABELS=TESTShow output
Jul 30 10:12:05.322531 osdx systemd-journald[60253]: Runtime Journal (/run/log/journal/22c37bf8be29452e87aca50c6265032f) is 2.0M, max 15.3M, 13.3M free. Jul 30 10:12:05.323837 osdx systemd-journald[60253]: Received client request to rotate journal, rotating. Jul 30 10:12:05.323891 osdx systemd-journald[60253]: Vacuuming done, freed 0B of archived journals from /run/log/journal/22c37bf8be29452e87aca50c6265032f. Jul 30 10:12:05.334494 osdx OSDxCLI[60091]: User 'admin' executed a new command: 'system journal clear'. Jul 30 10:12:05.677865 osdx osdx-coredump[61197]: Deleting all coredumps in /opt/vyatta/etc/config/coredump... Jul 30 10:12:05.685732 osdx OSDxCLI[60091]: User 'admin' executed a new command: 'system coredump delete all'. Jul 30 10:12:06.152859 osdx OSDxCLI[60091]: User 'admin' entered the configuration menu. Jul 30 10:12:06.269337 osdx OSDxCLI[60091]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 traffic policy in POLICY'. Jul 30 10:12:06.323726 osdx OSDxCLI[60091]: User 'admin' added a new cfg line: 'set traffic label TEST'. Jul 30 10:12:06.427931 osdx OSDxCLI[60091]: User 'admin' added a new cfg line: 'set traffic policy POLICY rule 1 set connmark 33'. Jul 30 10:12:06.494945 osdx OSDxCLI[60091]: User 'admin' added a new cfg line: 'set traffic policy POLICY rule 1 set label TEST'. Jul 30 10:12:06.588385 osdx OSDxCLI[60091]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 192.168.100.1/24'. Jul 30 10:12:06.644665 osdx OSDxCLI[60091]: User 'admin' added a new cfg line: 'set system conntrack logging events all'. Jul 30 10:12:06.766312 osdx OSDxCLI[60091]: User 'admin' added a new cfg line: 'show working'. Jul 30 10:12:06.883844 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Jul 30 10:12:07.148176 osdx systemd[1]: Starting ulogd2.service - Netfilter Userspace Logging Daemon... Jul 30 10:12:07.149086 osdx systemd[1]: ulogd2.service: Failed to parse PID from file /run/ulog/ulogd.pid: Invalid argument Jul 30 10:12:07.149408 osdx systemd[1]: Started ulogd2.service - Netfilter Userspace Logging Daemon. Jul 30 10:12:07.150417 osdx ulogd[61309]: registering plugin `NFCT' Jul 30 10:12:07.150475 osdx ulogd[61309]: registering plugin `IP2STR' Jul 30 10:12:07.150528 osdx ulogd[61309]: registering plugin `PRINTFLOW' Jul 30 10:12:07.150599 osdx ulogd[61309]: registering plugin `SYSLOG' Jul 30 10:12:07.150604 osdx ulogd[61309]: building new pluginstance stack: 'ct1:NFCT,ip2str1:IP2STR,print1:PRINTFLOW,sys1:SYSLOG' Jul 30 10:12:07.150653 osdx ulogd[61309]: NFCT plugin working in event mode Jul 30 10:12:07.150662 osdx ulogd[61309]: Changing UID / GID Jul 30 10:12:07.150746 osdx ulogd[61309]: initialization finished, entering main loop Jul 30 10:12:07.151911 osdx cfgd[1242]: [60091]Completed change to active configuration Jul 30 10:12:07.154242 osdx OSDxCLI[60091]: User 'admin' committed the configuration. Jul 30 10:12:07.169812 osdx OSDxCLI[60091]: User 'admin' left the configuration menu. Jul 30 10:12:08.012530 osdx ulogd[61309]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 MARK=33 LABELS=TEST Jul 30 10:12:08.012556 osdx ulogd[61309]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 MARK=33 Jul 30 10:12:08.082779 osdx ulogd[61309]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 MARK=33 LABELS=TEST Jul 30 10:12:08.082807 osdx ulogd[61309]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 MARK=33
Test VRF logging
Description
Set a simple configuration with a vrf,
send a ping command from one device to other
and check that default and vrf fields appear when running system journal show.
Scenario
Step 1: Set the following configuration in DUT0:
set interfaces ethernet eth0 address 192.168.100.1/24 set interfaces ethernet eth0 vrf RED set protocols vrf RED static route 0.0.0.0/0 next-hop 192.168.100.2 set system conntrack logging events all set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0' set system vrf RED
Step 2: Set the following configuration in DUT1:
set interfaces ethernet eth0 address 192.168.100.2/24 set protocols static route 0.0.0.0/0 next-hop 192.168.100.1 set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 3: Ping IP address 192.168.100.1 from DUT1:
admin@DUT1$ ping 192.168.100.1 count 1 size 56 timeout 1Show output
PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data. 64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.339 ms --- 192.168.100.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.339/0.339/0.339/0.000 ms
Step 4: Ping IP address 192.168.100.1 from DUT1:
admin@DUT1$ ping 192.168.100.1 count 1 size 56 timeout 1Show output
PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data. 64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.267 ms --- 192.168.100.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.267/0.267/0.267/0.000 ms
Step 5: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
ulogd\[.*\]:.*\[((NEW)|(UPDATE)|(DESTROY))\].*VRF=REDShow output
Jul 30 10:12:13.306698 osdx systemd-journald[60253]: Runtime Journal (/run/log/journal/22c37bf8be29452e87aca50c6265032f) is 2.0M, max 15.3M, 13.3M free. Jul 30 10:12:13.310297 osdx systemd-journald[60253]: Received client request to rotate journal, rotating. Jul 30 10:12:13.310389 osdx systemd-journald[60253]: Vacuuming done, freed 0B of archived journals from /run/log/journal/22c37bf8be29452e87aca50c6265032f. Jul 30 10:12:13.318382 osdx OSDxCLI[60091]: User 'admin' executed a new command: 'system journal clear'. Jul 30 10:12:13.683432 osdx osdx-coredump[61465]: Deleting all coredumps in /opt/vyatta/etc/config/coredump... Jul 30 10:12:13.693078 osdx OSDxCLI[60091]: User 'admin' executed a new command: 'system coredump delete all'. Jul 30 10:12:14.145213 osdx OSDxCLI[60091]: User 'admin' entered the configuration menu. Jul 30 10:12:14.217371 osdx OSDxCLI[60091]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 vrf RED'. Jul 30 10:12:14.323090 osdx OSDxCLI[60091]: User 'admin' added a new cfg line: 'set protocols vrf RED static route 0.0.0.0/0 next-hop 192.168.100.2'. Jul 30 10:12:14.437193 osdx OSDxCLI[60091]: User 'admin' added a new cfg line: 'set system vrf RED'. Jul 30 10:12:14.499863 osdx OSDxCLI[60091]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 192.168.100.1/24'. Jul 30 10:12:14.597492 osdx OSDxCLI[60091]: User 'admin' added a new cfg line: 'set system conntrack logging events all'. Jul 30 10:12:14.671363 osdx OSDxCLI[60091]: User 'admin' added a new cfg line: 'show working'. Jul 30 10:12:14.789280 osdx (udev-worker)[61500]: RED: Could not disable auto negotiation, ignoring: Operation not supported Jul 30 10:12:14.789315 osdx (udev-worker)[61500]: Network interface NamePolicy= disabled on kernel command line. Jul 30 10:12:14.810286 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Jul 30 10:12:14.850280 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Jul 30 10:12:14.966603 osdx systemd[1]: Starting ulogd2.service - Netfilter Userspace Logging Daemon... Jul 30 10:12:14.967917 osdx systemd[1]: ulogd2.service: Failed to parse PID from file /run/ulog/ulogd.pid: Invalid argument Jul 30 10:12:14.968454 osdx ulogd[61579]: registering plugin `NFCT' Jul 30 10:12:14.968501 osdx ulogd[61579]: registering plugin `IP2STR' Jul 30 10:12:14.968541 osdx ulogd[61579]: registering plugin `PRINTFLOW' Jul 30 10:12:14.968583 osdx ulogd[61579]: registering plugin `SYSLOG' Jul 30 10:12:14.968587 osdx ulogd[61579]: building new pluginstance stack: 'ct1:NFCT,ip2str1:IP2STR,print1:PRINTFLOW,sys1:SYSLOG' Jul 30 10:12:14.968628 osdx ulogd[61579]: NFCT plugin working in event mode Jul 30 10:12:14.968634 osdx ulogd[61579]: Changing UID / GID Jul 30 10:12:14.968701 osdx ulogd[61579]: initialization finished, entering main loop Jul 30 10:12:14.982305 osdx systemd[1]: Started ulogd2.service - Netfilter Userspace Logging Daemon. Jul 30 10:12:14.984282 osdx cfgd[1242]: [60091]Completed change to active configuration Jul 30 10:12:15.010688 osdx OSDxCLI[60091]: User 'admin' committed the configuration. Jul 30 10:12:15.027583 osdx OSDxCLI[60091]: User 'admin' left the configuration menu. Jul 30 10:12:15.963281 osdx ulogd[61579]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 VRF=RED PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 VRF=RED PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 Jul 30 10:12:15.963301 osdx ulogd[61579]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 VRF=RED PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 VRF=RED PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 Jul 30 10:12:16.056081 osdx ulogd[61579]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 VRF=RED PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 VRF=RED PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 Jul 30 10:12:16.056108 osdx ulogd[61579]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 VRF=RED PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 VRF=RED PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0
Test Not-Bypass logging
Description
Set a simple configuration with a firewall service,
send a ping command from one device to other
and check that default and bypass fields appear when running system journal show.
Scenario
Step 1: Set the following configuration in DUT0:
set interfaces ethernet eth1 address 10.215.168.64/24 set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 2: Ping IP address 10.215.168.1 from DUT0:
admin@DUT0$ ping 10.215.168.1 count 1 size 56 timeout 1Show output
PING 10.215.168.1 (10.215.168.1) 56(84) bytes of data. 64 bytes from 10.215.168.1: icmp_seq=1 ttl=64 time=0.232 ms --- 10.215.168.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.232/0.232/0.232/0.000 ms
Step 3: Run command file copy http://10.215.168.1/~robot/test-performance.rules running:// force at DUT0 and expect this output:
Show output
% Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 100 129 100 129 0 0 8505 0 --:--:-- --:--:-- --:--:-- 8600
Step 4: Set the following configuration in DUT0:
set interfaces ethernet eth0 address 192.168.100.1/24 set interfaces ethernet eth0 traffic policy in POLICY set interfaces ethernet eth1 address 10.215.168.64/24 set service firewall FW mode inline queue FW_Q set service firewall FW ruleset file 'running://test-performance.rules' set service firewall FW stream bypass mark 129834765 set service firewall FW stream bypass mask 129834765 set service firewall FW stream bypass set-connmark set system conntrack logging events all set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0' set traffic policy POLICY rule 1 action enqueue FW_Q set traffic queue FW_Q elements 1
Step 5: Set the following configuration in DUT1:
set interfaces ethernet eth0 address 192.168.100.2/24 set protocols static route 0.0.0.0/0 next-hop 192.168.100.1 set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 6: Ping IP address 192.168.100.1 from DUT1:
admin@DUT1$ ping 192.168.100.1 count 1 size 56 timeout 1Show output
PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data. 64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.538 ms --- 192.168.100.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.538/0.538/0.538/0.000 ms
Step 7: Ping IP address 192.168.100.1 from DUT1:
admin@DUT1$ ping 192.168.100.1 count 1 size 56 timeout 1Show output
PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data. 64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.323 ms --- 192.168.100.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.323/0.323/0.323/0.000 ms
Step 8: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
ulogd\[.*\]:.*\[((NEW)|(UPDATE)|(DESTROY))\].*Sc: not-bypassShow output
Jul 30 10:12:21.309780 osdx systemd-journald[60253]: Runtime Journal (/run/log/journal/22c37bf8be29452e87aca50c6265032f) is 2.0M, max 15.3M, 13.3M free. Jul 30 10:12:21.311284 osdx systemd-journald[60253]: Received client request to rotate journal, rotating. Jul 30 10:12:21.311331 osdx systemd-journald[60253]: Vacuuming done, freed 0B of archived journals from /run/log/journal/22c37bf8be29452e87aca50c6265032f. Jul 30 10:12:21.322191 osdx OSDxCLI[60091]: User 'admin' executed a new command: 'system journal clear'. Jul 30 10:12:21.694980 osdx osdx-coredump[61753]: Deleting all coredumps in /opt/vyatta/etc/config/coredump... Jul 30 10:12:21.702953 osdx OSDxCLI[60091]: User 'admin' executed a new command: 'system coredump delete all'. Jul 30 10:12:22.190570 osdx OSDxCLI[60091]: User 'admin' entered the configuration menu. Jul 30 10:12:22.265208 osdx OSDxCLI[60091]: User 'admin' added a new cfg line: 'set interfaces ethernet eth1 address 10.215.168.64/24'. Jul 30 10:12:22.435323 osdx OSDxCLI[60091]: User 'admin' added a new cfg line: 'show working'. Jul 30 10:12:22.543292 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth1 Jul 30 10:12:22.577678 osdx cfgd[1242]: [60091]Completed change to active configuration Jul 30 10:12:22.580051 osdx OSDxCLI[60091]: User 'admin' committed the configuration. Jul 30 10:12:22.607631 osdx OSDxCLI[60091]: User 'admin' left the configuration menu. Jul 30 10:12:22.796616 osdx OSDxCLI[60091]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'. Jul 30 10:12:23.017728 osdx file_operation[61853]: using src url: http://10.215.168.1/~robot/test-performance.rules dst url: running:// Jul 30 10:12:23.057499 osdx OSDxCLI[60091]: User 'admin' executed a new command: 'file copy http://10.215.168.1/~robot/test-performance.rules running:// force'. Jul 30 10:12:23.200765 osdx OSDxCLI[60091]: User 'admin' entered the configuration menu. Jul 30 10:12:23.292220 osdx OSDxCLI[60091]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 traffic policy in POLICY'. Jul 30 10:12:23.391166 osdx OSDxCLI[60091]: User 'admin' added a new cfg line: 'set service firewall FW mode inline queue FW_Q'. Jul 30 10:12:23.458807 osdx OSDxCLI[60091]: User 'admin' added a new cfg line: 'set service firewall FW ruleset file 'running://test-performance.rules''. Jul 30 10:12:23.558585 osdx OSDxCLI[60091]: User 'admin' added a new cfg line: 'set service firewall FW stream bypass'. Jul 30 10:12:23.621630 osdx OSDxCLI[60091]: User 'admin' added a new cfg line: 'set service firewall FW stream bypass mark 129834765'. Jul 30 10:12:23.763502 osdx OSDxCLI[60091]: User 'admin' added a new cfg line: 'set service firewall FW stream bypass mask 129834765'. Jul 30 10:12:23.842933 osdx OSDxCLI[60091]: User 'admin' added a new cfg line: 'set service firewall FW stream bypass set-connmark'. Jul 30 10:12:23.943216 osdx OSDxCLI[60091]: User 'admin' added a new cfg line: 'set traffic queue FW_Q elements 1'. Jul 30 10:12:24.016059 osdx OSDxCLI[60091]: User 'admin' added a new cfg line: 'set traffic policy POLICY rule 1 action enqueue FW_Q'. Jul 30 10:12:24.151189 osdx OSDxCLI[60091]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 192.168.100.1/24'. Jul 30 10:12:24.263165 osdx OSDxCLI[60091]: User 'admin' added a new cfg line: 'set system conntrack logging events all'. Jul 30 10:12:24.411134 osdx OSDxCLI[60091]: User 'admin' added a new cfg line: 'show working'. Jul 30 10:12:24.595294 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Jul 30 10:12:24.887712 osdx systemd[1]: Starting ulogd2.service - Netfilter Userspace Logging Daemon... Jul 30 10:12:24.888701 osdx systemd[1]: ulogd2.service: Failed to parse PID from file /run/ulog/ulogd.pid: Invalid argument Jul 30 10:12:24.889495 osdx ulogd[61974]: registering plugin `NFCT' Jul 30 10:12:24.889559 osdx ulogd[61974]: registering plugin `IP2STR' Jul 30 10:12:24.889619 osdx ulogd[61974]: registering plugin `PRINTFLOW' Jul 30 10:12:24.889678 osdx ulogd[61974]: registering plugin `SYSLOG' Jul 30 10:12:24.889682 osdx ulogd[61974]: building new pluginstance stack: 'ct1:NFCT,ip2str1:IP2STR,print1:PRINTFLOW,sys1:SYSLOG' Jul 30 10:12:24.889740 osdx ulogd[61974]: NFCT plugin working in event mode Jul 30 10:12:24.889751 osdx ulogd[61974]: Changing UID / GID Jul 30 10:12:24.889848 osdx ulogd[61974]: initialization finished, entering main loop Jul 30 10:12:24.903392 osdx systemd[1]: Started ulogd2.service - Netfilter Userspace Logging Daemon. Jul 30 10:12:24.955327 osdx systemd[1]: Reloading. Jul 30 10:12:25.063294 osdx systemd-sysv-generator[61993]: stat() failed on /etc/init.d/README, ignoring: No such file or directory Jul 30 10:12:25.171965 osdx systemd[1]: Starting logrotate.service - Rotate log files... Jul 30 10:12:25.176406 osdx systemd[1]: Created slice system-suricata.slice - Slice /system/suricata. Jul 30 10:12:25.177236 osdx systemd[1]: Starting suricata@FW.service - Suricata client "FW" service... Jul 30 10:12:25.207888 osdx systemd[1]: logrotate.service: Deactivated successfully. Jul 30 10:12:25.208169 osdx systemd[1]: Finished logrotate.service - Rotate log files. Jul 30 10:12:25.634514 osdx systemd[1]: Started suricata@FW.service - Suricata client "FW" service. Jul 30 10:12:25.840372 osdx INFO[61975]: Rules successfully loaded Jul 30 10:12:25.844548 osdx cfgd[1242]: [60091]Completed change to active configuration Jul 30 10:12:25.847237 osdx OSDxCLI[60091]: User 'admin' committed the configuration. Jul 30 10:12:25.867479 osdx OSDxCLI[60091]: User 'admin' left the configuration menu. Jul 30 10:12:26.687242 osdx ulogd[61974]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 (Sc: not-bypass) Jul 30 10:12:26.687266 osdx ulogd[61974]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 (Sc: not-bypass) Jul 30 10:12:26.769856 osdx ulogd[61974]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 (Sc: not-bypass) Jul 30 10:12:26.769881 osdx ulogd[61974]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 (Sc: not-bypass)
Test Offload flag
Description
Set a simple configuration with DUT0 as an intermediary between DUT1
and DUT2. Initiate a ssh connection from DUT1 to DUT2
and check that default and offload fields appear when running system journal show.
Scenario
Step 1: Set the following configuration in DUT0:
set interfaces ethernet eth0 address 192.168.100.1/24 set interfaces ethernet eth1 address 192.168.200.1/24 set system conntrack logging events all set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 2: Set the following configuration in DUT1:
set interfaces ethernet eth0 address 192.168.100.2/24 set protocols static route 0.0.0.0/0 next-hop 192.168.100.1 set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 3: Set the following configuration in DUT2:
set interfaces ethernet eth0 address 192.168.200.2/24 set protocols static route 0.0.0.0/0 next-hop 192.168.200.1 set service ssh set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 4: Ping IP address 192.168.100.1 from DUT1:
admin@DUT1$ ping 192.168.100.1 count 1 size 56 timeout 1Show output
PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data. 64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.377 ms --- 192.168.100.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.377/0.377/0.377/0.000 ms
Step 5: Ping IP address 192.168.200.1 from DUT2:
admin@DUT2$ ping 192.168.200.1 count 1 size 56 timeout 1Show output
PING 192.168.200.1 (192.168.200.1) 56(84) bytes of data. 64 bytes from 192.168.200.1: icmp_seq=1 ttl=64 time=0.424 ms --- 192.168.200.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.424/0.424/0.424/0.000 ms
Step 6: Init an SSH connection from DUT1 to IP address 192.168.200.2 with the user admin:
admin@DUT1$ ssh admin@192.168.200.2 option StrictHostKeyChecking=no option UserKnownHostsFile=/dev/nullShow output
Warning: Permanently added '192.168.200.2' (ED25519) to the list of known hosts. admin@192.168.200.2's password: Welcome to Teldat OSDx v4.1.1.2 This system includes free software. Contact Teldat for licenses information and source code. Last login: Tue Jul 30 09:32:57 2024 admin@osdx$
Step 7: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
ulogd\[.*\]:.*\[((NEW)|(UPDATE)|(DESTROY))\].*\[OFFLOAD\]Show output
Jul 30 10:12:32.395056 osdx systemd-journald[60253]: Runtime Journal (/run/log/journal/22c37bf8be29452e87aca50c6265032f) is 2.0M, max 15.3M, 13.3M free. Jul 30 10:12:32.397514 osdx systemd-journald[60253]: Received client request to rotate journal, rotating. Jul 30 10:12:32.397570 osdx systemd-journald[60253]: Vacuuming done, freed 0B of archived journals from /run/log/journal/22c37bf8be29452e87aca50c6265032f. Jul 30 10:12:32.405790 osdx OSDxCLI[60091]: User 'admin' executed a new command: 'system journal clear'. Jul 30 10:12:32.812724 osdx osdx-coredump[62212]: Deleting all coredumps in /opt/vyatta/etc/config/coredump... Jul 30 10:12:32.820733 osdx OSDxCLI[60091]: User 'admin' executed a new command: 'system coredump delete all'. Jul 30 10:12:33.373291 osdx OSDxCLI[60091]: User 'admin' entered the configuration menu. Jul 30 10:12:33.485884 osdx OSDxCLI[60091]: User 'admin' added a new cfg line: 'set interfaces ethernet eth1 address 192.168.200.1/24'. Jul 30 10:12:33.541320 osdx OSDxCLI[60091]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 192.168.100.1/24'. Jul 30 10:12:33.629193 osdx OSDxCLI[60091]: User 'admin' added a new cfg line: 'set system conntrack logging events all'. Jul 30 10:12:33.714463 osdx OSDxCLI[60091]: User 'admin' added a new cfg line: 'show working'. Jul 30 10:12:33.829518 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth1 Jul 30 10:12:33.873515 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Jul 30 10:12:33.937861 osdx systemd[1]: Starting ulogd2.service - Netfilter Userspace Logging Daemon... Jul 30 10:12:33.938607 osdx systemd[1]: ulogd2.service: Failed to parse PID from file /run/ulog/ulogd.pid: Invalid argument Jul 30 10:12:33.939176 osdx ulogd[62342]: registering plugin `NFCT' Jul 30 10:12:33.939226 osdx ulogd[62342]: registering plugin `IP2STR' Jul 30 10:12:33.939267 osdx ulogd[62342]: registering plugin `PRINTFLOW' Jul 30 10:12:33.939314 osdx ulogd[62342]: registering plugin `SYSLOG' Jul 30 10:12:33.939317 osdx ulogd[62342]: building new pluginstance stack: 'ct1:NFCT,ip2str1:IP2STR,print1:PRINTFLOW,sys1:SYSLOG' Jul 30 10:12:33.939356 osdx ulogd[62342]: NFCT plugin working in event mode Jul 30 10:12:33.939363 osdx ulogd[62342]: Changing UID / GID Jul 30 10:12:33.939431 osdx ulogd[62342]: initialization finished, entering main loop Jul 30 10:12:33.957653 osdx systemd[1]: Started ulogd2.service - Netfilter Userspace Logging Daemon. Jul 30 10:12:33.959211 osdx cfgd[1242]: [60091]Completed change to active configuration Jul 30 10:12:33.961107 osdx OSDxCLI[60091]: User 'admin' committed the configuration. Jul 30 10:12:34.043726 osdx OSDxCLI[60091]: User 'admin' left the configuration menu. Jul 30 10:12:35.813280 osdx ulogd[62342]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 Jul 30 10:12:35.813305 osdx ulogd[62342]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 Jul 30 10:12:35.890997 osdx ulogd[62342]: [NEW] ORIG: SRC=192.168.200.2 DST=192.168.200.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.200.1 DST=192.168.200.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 Jul 30 10:12:35.891016 osdx ulogd[62342]: [UPDATE] ORIG: SRC=192.168.200.2 DST=192.168.200.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.200.1 DST=192.168.200.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 Jul 30 10:12:36.002064 osdx ulogd[62342]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.200.2 PROTO=TCP SPT=57026 DPT=22 PKTS=0 BYTES=0 , REPLY: SRC=192.168.200.2 DST=192.168.100.2 PROTO=TCP SPT=22 DPT=57026 PKTS=0 BYTES=0 Jul 30 10:12:36.002156 osdx ulogd[62342]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.200.2 PROTO=TCP SPT=57026 DPT=22 PKTS=0 BYTES=0 , REPLY: SRC=192.168.200.2 DST=192.168.100.2 PROTO=TCP SPT=22 DPT=57026 PKTS=0 BYTES=0 Jul 30 10:12:36.002250 osdx ulogd[62342]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.200.2 PROTO=TCP SPT=57026 DPT=22 PKTS=0 BYTES=0 , REPLY: SRC=192.168.200.2 DST=192.168.100.2 PROTO=TCP SPT=22 DPT=57026 PKTS=0 BYTES=0 [OFFLOAD] Jul 30 10:12:36.261710 osdx ulogd[62342]: [NEW] ORIG: SRC=127.0.0.1 DST=127.0.0.1 PROTO=UDP SPT=43898 DPT=2055 PKTS=0 BYTES=0 , REPLY: SRC=127.0.0.1 DST=127.0.0.1 PROTO=UDP SPT=2055 DPT=43898 PKTS=0 BYTES=0 Jul 30 10:12:36.264463 osdx ulogd[62342]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.200.2 PROTO=TCP SPT=57026 DPT=22 PKTS=0 BYTES=0 , REPLY: SRC=192.168.200.2 DST=192.168.100.2 PROTO=TCP SPT=22 DPT=57026 PKTS=0 BYTES=0 Jul 30 10:12:36.266455 osdx ulogd[62342]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.200.2 PROTO=TCP SPT=57026 DPT=22 PKTS=0 BYTES=0 , REPLY: SRC=192.168.200.2 DST=192.168.100.2 PROTO=TCP SPT=22 DPT=57026 PKTS=0 BYTES=0 Jul 30 10:12:36.266536 osdx ulogd[62342]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.200.2 PROTO=TCP SPT=57026 DPT=22 PKTS=0 BYTES=0 , REPLY: SRC=192.168.200.2 DST=192.168.100.2 PROTO=TCP SPT=22 DPT=57026 PKTS=0 BYTES=0 [OFFLOAD]