Logging
The following scenarios show how to configure the conntrack logging option with different traffic policies and services enabled, in order to check that all fields are displayed correctly and all events are captured.
New events
Description
Check NEW sessions events are captured
Scenario
Step 1: Set the following configuration in DUT0:
set interfaces ethernet eth0 address 192.168.100.1/24 set system conntrack logging events new set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 2: Set the following configuration in DUT1:
set interfaces ethernet eth0 address 192.168.100.2/24 set protocols static route 0.0.0.0/0 next-hop 192.168.100.1 set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 3: Ping IP address 192.168.100.1 from DUT1:
admin@DUT1$ ping 192.168.100.1 count 1 size 56 timeout 1Show output
PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data. 64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.466 ms --- 192.168.100.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.466/0.466/0.466/0.000 ms
Step 4: Ping IP address 192.168.100.1 from DUT1:
admin@DUT1$ ping 192.168.100.1 count 1 size 56 timeout 1Show output
PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data. 64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.275 ms --- 192.168.100.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.275/0.275/0.275/0.000 ms
Step 5: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
ulogd\[.*\]:.*\[NEW\].*SRC=192.168.100.2Show output
Dec 03 15:53:48.371301 osdx systemd-journald[367964]: Runtime Journal (/run/log/journal/d3b584433ca54f4e84c38003c593de3f) is 2.0M, max 15.3M, 13.3M free. Dec 03 15:53:48.373005 osdx systemd-journald[367964]: Received client request to rotate journal, rotating. Dec 03 15:53:48.373050 osdx systemd-journald[367964]: Vacuuming done, freed 0B of archived journals from /run/log/journal/d3b584433ca54f4e84c38003c593de3f. Dec 03 15:53:48.383233 osdx OSDxCLI[367824]: User 'admin' executed a new command: 'system journal clear'. Dec 03 15:53:48.788878 osdx osdx-coredump[407180]: Deleting all coredumps in /opt/vyatta/etc/config/coredump... Dec 03 15:53:48.797947 osdx OSDxCLI[367824]: User 'admin' executed a new command: 'system coredump delete all'. Dec 03 15:53:49.368237 osdx OSDxCLI[367824]: User 'admin' entered the configuration menu. Dec 03 15:53:49.484093 osdx OSDxCLI[367824]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 192.168.100.1/24'. Dec 03 15:53:49.544378 osdx OSDxCLI[367824]: User 'admin' added a new cfg line: 'set system conntrack logging events new'. Dec 03 15:53:49.660047 osdx OSDxCLI[367824]: User 'admin' added a new cfg line: 'show working'. Dec 03 15:53:49.765017 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Dec 03 15:53:49.821259 osdx zebra[1599]: [RZ3YY-GPH41][EC 100663310] snmp[warning]: Warning: Failed to connect to the agentx master agent ([NIL]): Dec 03 15:53:49.877480 osdx systemd[1]: Starting ulogd2.service - Netfilter Userspace Logging Daemon... Dec 03 15:53:49.880193 osdx systemd[1]: Started ulogd2.service - Netfilter Userspace Logging Daemon. Dec 03 15:53:49.881989 osdx cfgd[1634]: [367824]Completed change to active configuration Dec 03 15:53:49.884366 osdx ulogd[407265]: registering plugin `NFCT' Dec 03 15:53:49.885353 osdx ulogd[407265]: registering plugin `IP2STR' Dec 03 15:53:49.885415 osdx ulogd[407265]: registering plugin `PRINTFLOW' Dec 03 15:53:49.886434 osdx ulogd[407265]: registering plugin `SYSLOG' Dec 03 15:53:49.886442 osdx ulogd[407265]: building new pluginstance stack: 'ct1:NFCT,ip2str1:IP2STR,print1:PRINTFLOW,sys1:SYSLOG' Dec 03 15:53:49.886497 osdx ulogd[407265]: NFCT plugin working in event mode Dec 03 15:53:49.886506 osdx ulogd[407265]: Changing UID / GID Dec 03 15:53:49.886583 osdx ulogd[407265]: initialization finished, entering main loop Dec 03 15:53:49.910405 osdx OSDxCLI[367824]: User 'admin' committed the configuration. Dec 03 15:53:49.937339 osdx OSDxCLI[367824]: User 'admin' left the configuration menu. Dec 03 15:53:50.852113 osdx ulogd[407265]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 Dec 03 15:53:50.940899 osdx ulogd[407265]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0
Update events
Description
Check UPDATE sessions events are captured
Scenario
Step 1: Set the following configuration in DUT0:
set interfaces ethernet eth0 address 192.168.100.1/24 set system conntrack logging events update set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 2: Set the following configuration in DUT1:
set interfaces ethernet eth0 address 192.168.100.2/24 set protocols static route 0.0.0.0/0 next-hop 192.168.100.1 set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 3: Ping IP address 192.168.100.1 from DUT1:
admin@DUT1$ ping 192.168.100.1 count 1 size 56 timeout 1Show output
PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data. 64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.403 ms --- 192.168.100.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.403/0.403/0.403/0.000 ms
Step 4: Ping IP address 192.168.100.1 from DUT1:
admin@DUT1$ ping 192.168.100.1 count 1 size 56 timeout 1Show output
PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data. 64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.270 ms --- 192.168.100.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.270/0.270/0.270/0.000 ms
Step 5: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
ulogd\[.*\]:.*\[UPDATE\].*SRC=192.168.100.2Show output
Dec 03 15:53:56.389038 osdx systemd-journald[367964]: Runtime Journal (/run/log/journal/d3b584433ca54f4e84c38003c593de3f) is 2.0M, max 15.3M, 13.3M free. Dec 03 15:53:56.390337 osdx systemd-journald[367964]: Received client request to rotate journal, rotating. Dec 03 15:53:56.390406 osdx systemd-journald[367964]: Vacuuming done, freed 0B of archived journals from /run/log/journal/d3b584433ca54f4e84c38003c593de3f. Dec 03 15:53:56.401119 osdx OSDxCLI[367824]: User 'admin' executed a new command: 'system journal clear'. Dec 03 15:53:56.639578 osdx zebra[1599]: [RZ3YY-GPH41][EC 100663310] snmp[warning]: Warning: Failed to connect to the agentx master agent ([NIL]): Dec 03 15:53:56.771510 osdx osdx-coredump[407412]: Deleting all coredumps in /opt/vyatta/etc/config/coredump... Dec 03 15:53:56.779472 osdx OSDxCLI[367824]: User 'admin' executed a new command: 'system coredump delete all'. Dec 03 15:53:57.349037 osdx OSDxCLI[367824]: User 'admin' entered the configuration menu. Dec 03 15:53:57.439347 osdx OSDxCLI[367824]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 192.168.100.1/24'. Dec 03 15:53:57.537025 osdx OSDxCLI[367824]: User 'admin' added a new cfg line: 'set system conntrack logging events update'. Dec 03 15:53:57.626532 osdx OSDxCLI[367824]: User 'admin' added a new cfg line: 'show working'. Dec 03 15:53:57.746346 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Dec 03 15:53:57.862684 osdx systemd[1]: Starting ulogd2.service - Netfilter Userspace Logging Daemon... Dec 03 15:53:57.863659 osdx systemd[1]: ulogd2.service: Failed to parse PID from file /run/ulog/ulogd.pid: Invalid argument Dec 03 15:53:57.863985 osdx systemd[1]: Started ulogd2.service - Netfilter Userspace Logging Daemon. Dec 03 15:53:57.865125 osdx ulogd[407497]: registering plugin `NFCT' Dec 03 15:53:57.865168 osdx ulogd[407497]: registering plugin `IP2STR' Dec 03 15:53:57.865208 osdx ulogd[407497]: registering plugin `PRINTFLOW' Dec 03 15:53:57.865250 osdx ulogd[407497]: registering plugin `SYSLOG' Dec 03 15:53:57.865253 osdx ulogd[407497]: building new pluginstance stack: 'ct1:NFCT,ip2str1:IP2STR,print1:PRINTFLOW,sys1:SYSLOG' Dec 03 15:53:57.865292 osdx ulogd[407497]: NFCT plugin working in event mode Dec 03 15:53:57.865299 osdx ulogd[407497]: Changing UID / GID Dec 03 15:53:57.865336 osdx cfgd[1634]: [367824]Completed change to active configuration Dec 03 15:53:57.865368 osdx ulogd[407497]: initialization finished, entering main loop Dec 03 15:53:57.895257 osdx OSDxCLI[367824]: User 'admin' committed the configuration. Dec 03 15:53:57.945289 osdx OSDxCLI[367824]: User 'admin' left the configuration menu. Dec 03 15:53:58.826230 osdx ulogd[407497]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 Dec 03 15:53:58.911317 osdx ulogd[407497]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0
Destroy events
Description
Check DESTROY sessions events are captured
Scenario
Step 1: Set the following configuration in DUT0:
set interfaces ethernet eth0 address 192.168.100.1/24 set service ssh set system conntrack logging events destroy set system conntrack timeout icmp 1 set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 2: Set the following configuration in DUT1:
set interfaces ethernet eth0 address 192.168.100.2/24 set protocols static route 0.0.0.0/0 next-hop 192.168.100.1 set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 3: Ping IP address 192.168.100.1 from DUT1:
admin@DUT1$ ping 192.168.100.1 count 1 size 56 timeout 1Show output
PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data. 64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.380 ms --- 192.168.100.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.380/0.380/0.380/0.000 ms
Step 4: Ping IP address 192.168.100.1 from DUT1:
admin@DUT1$ ping 192.168.100.1 count 3 size 56 timeout 1Show output
PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data. 64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.422 ms 64 bytes from 192.168.100.1: icmp_seq=2 ttl=64 time=0.309 ms 64 bytes from 192.168.100.1: icmp_seq=3 ttl=64 time=0.255 ms --- 192.168.100.1 ping statistics --- 3 packets transmitted, 3 received, 0% packet loss, time 2054ms rtt min/avg/max/mdev = 0.255/0.328/0.422/0.069 ms
Step 5: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
ulogd\[.*\]:.*\[DESTROY\].*SRC=192.168.100.2Show output
Dec 03 15:54:03.361517 osdx systemd-journald[367964]: Runtime Journal (/run/log/journal/d3b584433ca54f4e84c38003c593de3f) is 2.0M, max 15.3M, 13.3M free. Dec 03 15:54:03.362189 osdx systemd-journald[367964]: Received client request to rotate journal, rotating. Dec 03 15:54:03.362238 osdx systemd-journald[367964]: Vacuuming done, freed 0B of archived journals from /run/log/journal/d3b584433ca54f4e84c38003c593de3f. Dec 03 15:54:03.372217 osdx OSDxCLI[367824]: User 'admin' executed a new command: 'system journal clear'. Dec 03 15:54:03.731766 osdx osdx-coredump[407647]: Deleting all coredumps in /opt/vyatta/etc/config/coredump... Dec 03 15:54:03.740368 osdx OSDxCLI[367824]: User 'admin' executed a new command: 'system coredump delete all'. Dec 03 15:54:04.238156 osdx OSDxCLI[367824]: User 'admin' entered the configuration menu. Dec 03 15:54:04.325318 osdx OSDxCLI[367824]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 192.168.100.1/24'. Dec 03 15:54:04.414302 osdx OSDxCLI[367824]: User 'admin' added a new cfg line: 'set system conntrack logging events destroy'. Dec 03 15:54:04.494704 osdx OSDxCLI[367824]: User 'admin' added a new cfg line: 'set system conntrack timeout icmp 1'. Dec 03 15:54:04.557286 osdx OSDxCLI[367824]: User 'admin' added a new cfg line: 'set service ssh'. Dec 03 15:54:04.680291 osdx OSDxCLI[367824]: User 'admin' added a new cfg line: 'show working'. Dec 03 15:54:04.817606 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Dec 03 15:54:04.949964 osdx systemd[1]: Starting ulogd2.service - Netfilter Userspace Logging Daemon... Dec 03 15:54:04.951373 osdx systemd[1]: Started ulogd2.service - Netfilter Userspace Logging Daemon. Dec 03 15:54:04.951948 osdx ulogd[407742]: registering plugin `NFCT' Dec 03 15:54:04.952236 osdx ulogd[407742]: registering plugin `IP2STR' Dec 03 15:54:04.952416 osdx ulogd[407742]: registering plugin `PRINTFLOW' Dec 03 15:54:04.952534 osdx ulogd[407742]: registering plugin `SYSLOG' Dec 03 15:54:04.952585 osdx ulogd[407742]: building new pluginstance stack: 'ct1:NFCT,ip2str1:IP2STR,print1:PRINTFLOW,sys1:SYSLOG' Dec 03 15:54:04.952974 osdx ulogd[407742]: NFCT plugin working in event mode Dec 03 15:54:04.953038 osdx ulogd[407742]: Changing UID / GID Dec 03 15:54:04.953160 osdx ulogd[407742]: initialization finished, entering main loop Dec 03 15:54:05.007791 osdx systemd[1]: Starting ssh.service - OpenBSD Secure Shell server... Dec 03 15:54:05.022782 osdx sshd[407748]: Server listening on 0.0.0.0 port 22. Dec 03 15:54:05.023038 osdx sshd[407748]: Server listening on :: port 22. Dec 03 15:54:05.023177 osdx systemd[1]: Started ssh.service - OpenBSD Secure Shell server. Dec 03 15:54:05.044848 osdx cfgd[1634]: [367824]Completed change to active configuration Dec 03 15:54:05.080781 osdx OSDxCLI[367824]: User 'admin' committed the configuration. Dec 03 15:54:05.112175 osdx OSDxCLI[367824]: User 'admin' left the configuration menu. Dec 03 15:54:05.285955 osdx zebra[1599]: [RZ3YY-GPH41][EC 100663310] snmp[warning]: Warning: Failed to connect to the agentx master agent ([NIL]): Dec 03 15:54:07.391851 osdx ulogd[407742]: [DESTROY] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 Dec 03 15:54:07.656968 osdx zebra[1599]: [RZ3YY-GPH41][EC 100663310] snmp[warning]: Warning: Failed to connect to the agentx master agent ([NIL]): Dec 03 15:54:08.415807 osdx ulogd[407742]: [DESTROY] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 Dec 03 15:54:08.801877 osdx zebra[1599]: [RZ3YY-GPH41][EC 100663310] snmp[warning]: Warning: Failed to connect to the agentx master agent ([NIL]):
Default logging
Description
Set a simple configuration, send a ping command from one device to other
and check that default fields appear when running system journal show.
Scenario
Step 1: Set the following configuration in DUT0:
set interfaces ethernet eth0 address 192.168.100.1/24 set system conntrack logging events all set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 2: Set the following configuration in DUT1:
set interfaces ethernet eth0 address 192.168.100.2/24 set protocols static route 0.0.0.0/0 next-hop 192.168.100.1 set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 3: Ping IP address 192.168.100.1 from DUT1:
admin@DUT1$ ping 192.168.100.1 count 1 size 56 timeout 1Show output
PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data. 64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.891 ms --- 192.168.100.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.891/0.891/0.891/0.000 ms
Step 4: Ping IP address 192.168.100.1 from DUT1:
admin@DUT1$ ping 192.168.100.1 count 1 size 56 timeout 1Show output
PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data. 64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.267 ms --- 192.168.100.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.267/0.267/0.267/0.000 ms
Step 5: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
ulogd\[.*\]:.*\[((NEW)|(UPDATE)|(DESTROY))\].*SRC=192.168.100.2Show output
Dec 03 15:54:19.365744 osdx systemd-journald[367964]: Runtime Journal (/run/log/journal/d3b584433ca54f4e84c38003c593de3f) is 2.0M, max 15.3M, 13.3M free. Dec 03 15:54:19.368793 osdx systemd-journald[367964]: Received client request to rotate journal, rotating. Dec 03 15:54:19.368866 osdx systemd-journald[367964]: Vacuuming done, freed 0B of archived journals from /run/log/journal/d3b584433ca54f4e84c38003c593de3f. Dec 03 15:54:19.376692 osdx OSDxCLI[367824]: User 'admin' executed a new command: 'system journal clear'. Dec 03 15:54:19.744864 osdx osdx-coredump[407920]: Deleting all coredumps in /opt/vyatta/etc/config/coredump... Dec 03 15:54:19.753292 osdx OSDxCLI[367824]: User 'admin' executed a new command: 'system coredump delete all'. Dec 03 15:54:20.098132 osdx zebra[1599]: [RZ3YY-GPH41][EC 100663310] snmp[warning]: Warning: Failed to connect to the agentx master agent ([NIL]): Dec 03 15:54:20.259230 osdx OSDxCLI[367824]: User 'admin' entered the configuration menu. Dec 03 15:54:20.386132 osdx OSDxCLI[367824]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 192.168.100.1/24'. Dec 03 15:54:20.451959 osdx OSDxCLI[367824]: User 'admin' added a new cfg line: 'set system conntrack logging events all'. Dec 03 15:54:20.627904 osdx OSDxCLI[367824]: User 'admin' added a new cfg line: 'show working'. Dec 03 15:54:20.740788 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Dec 03 15:54:20.869093 osdx systemd[1]: Starting ulogd2.service - Netfilter Userspace Logging Daemon... Dec 03 15:54:20.869830 osdx systemd[1]: Started ulogd2.service - Netfilter Userspace Logging Daemon. Dec 03 15:54:20.870244 osdx ulogd[408005]: registering plugin `NFCT' Dec 03 15:54:20.870286 osdx ulogd[408005]: registering plugin `IP2STR' Dec 03 15:54:20.870324 osdx ulogd[408005]: registering plugin `PRINTFLOW' Dec 03 15:54:20.870362 osdx ulogd[408005]: registering plugin `SYSLOG' Dec 03 15:54:20.870366 osdx ulogd[408005]: building new pluginstance stack: 'ct1:NFCT,ip2str1:IP2STR,print1:PRINTFLOW,sys1:SYSLOG' Dec 03 15:54:20.870404 osdx ulogd[408005]: NFCT plugin working in event mode Dec 03 15:54:20.870410 osdx ulogd[408005]: Changing UID / GID Dec 03 15:54:20.870489 osdx ulogd[408005]: initialization finished, entering main loop Dec 03 15:54:20.871668 osdx cfgd[1634]: [367824]Completed change to active configuration Dec 03 15:54:20.910760 osdx OSDxCLI[367824]: User 'admin' committed the configuration. Dec 03 15:54:20.939731 osdx OSDxCLI[367824]: User 'admin' left the configuration menu. Dec 03 15:54:21.937005 osdx ulogd[408005]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 Dec 03 15:54:21.937029 osdx ulogd[408005]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 Dec 03 15:54:22.025507 osdx ulogd[408005]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 Dec 03 15:54:22.025526 osdx ulogd[408005]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0
Policies logging
Description
Set a simple configuration with mark and label traffic policies,
send a ping command from one device to other
and check that default, mark and label fields appear when running system journal show.
Scenario
Step 1: Set the following configuration in DUT0:
set interfaces ethernet eth0 address 192.168.100.1/24 set interfaces ethernet eth0 traffic policy in POLICY set system conntrack logging events all set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0' set traffic label TEST set traffic policy POLICY rule 1 set connmark 33 set traffic policy POLICY rule 1 set label TEST
Step 2: Set the following configuration in DUT1:
set interfaces ethernet eth0 address 192.168.100.2/24 set protocols static route 0.0.0.0/0 next-hop 192.168.100.1 set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 3: Ping IP address 192.168.100.1 from DUT1:
admin@DUT1$ ping 192.168.100.1 count 1 size 56 timeout 1Show output
PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data. 64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.400 ms --- 192.168.100.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.400/0.400/0.400/0.000 ms
Step 4: Ping IP address 192.168.100.1 from DUT1:
admin@DUT1$ ping 192.168.100.1 count 2 size 56 timeout 1Show output
PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data. 64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.277 ms 64 bytes from 192.168.100.1: icmp_seq=2 ttl=64 time=0.229 ms --- 192.168.100.1 ping statistics --- 2 packets transmitted, 2 received, 0% packet loss, time 1001ms rtt min/avg/max/mdev = 0.229/0.253/0.277/0.024 ms
Step 5: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
ulogd\[.*\]:.*\[((NEW)|(UPDATE)|(DESTROY))\].*MARK=33.*LABELS=TESTShow output
Dec 03 15:54:27.354724 osdx systemd-journald[367964]: Runtime Journal (/run/log/journal/d3b584433ca54f4e84c38003c593de3f) is 2.0M, max 15.3M, 13.2M free. Dec 03 15:54:27.356448 osdx systemd-journald[367964]: Received client request to rotate journal, rotating. Dec 03 15:54:27.356511 osdx systemd-journald[367964]: Vacuuming done, freed 0B of archived journals from /run/log/journal/d3b584433ca54f4e84c38003c593de3f. Dec 03 15:54:27.367524 osdx OSDxCLI[367824]: User 'admin' executed a new command: 'system journal clear'. Dec 03 15:54:27.744948 osdx osdx-coredump[408152]: Deleting all coredumps in /opt/vyatta/etc/config/coredump... Dec 03 15:54:27.754927 osdx OSDxCLI[367824]: User 'admin' executed a new command: 'system coredump delete all'. Dec 03 15:54:28.310870 osdx OSDxCLI[367824]: User 'admin' entered the configuration menu. Dec 03 15:54:28.439683 osdx OSDxCLI[367824]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 traffic policy in POLICY'. Dec 03 15:54:28.571174 osdx OSDxCLI[367824]: User 'admin' added a new cfg line: 'set traffic label TEST'. Dec 03 15:54:28.697872 osdx OSDxCLI[367824]: User 'admin' added a new cfg line: 'set traffic policy POLICY rule 1 set connmark 33'. Dec 03 15:54:28.797406 osdx OSDxCLI[367824]: User 'admin' added a new cfg line: 'set traffic policy POLICY rule 1 set label TEST'. Dec 03 15:54:28.916768 osdx OSDxCLI[367824]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 192.168.100.1/24'. Dec 03 15:54:29.059003 osdx OSDxCLI[367824]: User 'admin' added a new cfg line: 'set system conntrack logging events all'. Dec 03 15:54:29.152261 osdx OSDxCLI[367824]: User 'admin' added a new cfg line: 'show working'. Dec 03 15:54:29.312485 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Dec 03 15:54:29.416801 osdx systemd[1]: Starting ulogd2.service - Netfilter Userspace Logging Daemon... Dec 03 15:54:29.418015 osdx systemd[1]: ulogd2.service: Failed to parse PID from file /run/ulog/ulogd.pid: Invalid argument Dec 03 15:54:29.418721 osdx ulogd[408247]: registering plugin `NFCT' Dec 03 15:54:29.418770 osdx ulogd[408247]: registering plugin `IP2STR' Dec 03 15:54:29.418816 osdx ulogd[408247]: registering plugin `PRINTFLOW' Dec 03 15:54:29.418858 osdx ulogd[408247]: registering plugin `SYSLOG' Dec 03 15:54:29.418862 osdx ulogd[408247]: building new pluginstance stack: 'ct1:NFCT,ip2str1:IP2STR,print1:PRINTFLOW,sys1:SYSLOG' Dec 03 15:54:29.418911 osdx ulogd[408247]: NFCT plugin working in event mode Dec 03 15:54:29.418917 osdx ulogd[408247]: Changing UID / GID Dec 03 15:54:29.418991 osdx ulogd[408247]: initialization finished, entering main loop Dec 03 15:54:29.432559 osdx systemd[1]: Started ulogd2.service - Netfilter Userspace Logging Daemon. Dec 03 15:54:29.447051 osdx ulogd[408247]: Terminal signal received, exiting Dec 03 15:54:29.447202 osdx systemd[1]: Stopping ulogd2.service - Netfilter Userspace Logging Daemon... Dec 03 15:54:29.447886 osdx systemd[1]: ulogd2.service: Deactivated successfully. Dec 03 15:54:29.448015 osdx systemd[1]: Stopped ulogd2.service - Netfilter Userspace Logging Daemon. Dec 03 15:54:29.449535 osdx systemd[1]: Starting ulogd2.service - Netfilter Userspace Logging Daemon... Dec 03 15:54:29.450108 osdx systemd[1]: ulogd2.service: Failed to parse PID from file /run/ulog/ulogd.pid: Invalid argument Dec 03 15:54:29.450855 osdx ulogd[408253]: registering plugin `NFCT' Dec 03 15:54:29.450908 osdx ulogd[408253]: registering plugin `IP2STR' Dec 03 15:54:29.450957 osdx ulogd[408253]: registering plugin `PRINTFLOW' Dec 03 15:54:29.451019 osdx ulogd[408253]: registering plugin `SYSLOG' Dec 03 15:54:29.451023 osdx ulogd[408253]: building new pluginstance stack: 'ct1:NFCT,ip2str1:IP2STR,print1:PRINTFLOW,sys1:SYSLOG' Dec 03 15:54:29.451073 osdx ulogd[408253]: NFCT plugin working in event mode Dec 03 15:54:29.451081 osdx ulogd[408253]: Changing UID / GID Dec 03 15:54:29.451157 osdx ulogd[408253]: initialization finished, entering main loop Dec 03 15:54:29.468525 osdx systemd[1]: Started ulogd2.service - Netfilter Userspace Logging Daemon. Dec 03 15:54:29.689576 osdx cfgd[1634]: [367824]Completed change to active configuration Dec 03 15:54:29.721538 osdx OSDxCLI[367824]: User 'admin' committed the configuration. Dec 03 15:54:29.771896 osdx OSDxCLI[367824]: User 'admin' left the configuration menu. Dec 03 15:54:30.803394 osdx ulogd[408253]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 MARK=33 LABELS=TEST Dec 03 15:54:30.803411 osdx ulogd[408253]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 MARK=33 Dec 03 15:54:30.889330 osdx ulogd[408253]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 MARK=33 LABELS=TEST Dec 03 15:54:30.889354 osdx ulogd[408253]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 MARK=33
VRF logging
Description
Set a simple configuration with a vrf,
send a ping command from one device to other
and check that default and vrf fields appear when running system journal show.
Scenario
Step 1: Set the following configuration in DUT0:
set interfaces ethernet eth0 address 192.168.100.1/24 set interfaces ethernet eth0 vrf RED set protocols vrf RED static route 0.0.0.0/0 next-hop 192.168.100.2 set system conntrack logging events all set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0' set system vrf RED
Step 2: Set the following configuration in DUT1:
set interfaces ethernet eth0 address 192.168.100.2/24 set protocols static route 0.0.0.0/0 next-hop 192.168.100.1 set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 3: Ping IP address 192.168.100.1 from DUT1:
admin@DUT1$ ping 192.168.100.1 count 1 size 56 timeout 1Show output
PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data. 64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.417 ms --- 192.168.100.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.417/0.417/0.417/0.000 ms
Step 4: Ping IP address 192.168.100.1 from DUT1:
admin@DUT1$ ping 192.168.100.1 count 1 size 56 timeout 1Show output
PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data. 64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.214 ms --- 192.168.100.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.214/0.214/0.214/0.000 ms
Step 5: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
ulogd\[.*\]:.*\[((NEW)|(UPDATE)|(DESTROY))\].*VRF=REDShow output
Dec 03 15:54:37.331285 osdx systemd-journald[367964]: Runtime Journal (/run/log/journal/d3b584433ca54f4e84c38003c593de3f) is 2.0M, max 15.3M, 13.3M free. Dec 03 15:54:37.331922 osdx systemd-journald[367964]: Received client request to rotate journal, rotating. Dec 03 15:54:37.331968 osdx systemd-journald[367964]: Vacuuming done, freed 0B of archived journals from /run/log/journal/d3b584433ca54f4e84c38003c593de3f. Dec 03 15:54:37.341672 osdx OSDxCLI[367824]: User 'admin' executed a new command: 'system journal clear'. Dec 03 15:54:37.396166 osdx zebra[1599]: [RZ3YY-GPH41][EC 100663310] snmp[warning]: Warning: Failed to connect to the agentx master agent ([NIL]): Dec 03 15:54:37.723387 osdx osdx-coredump[408445]: Deleting all coredumps in /opt/vyatta/etc/config/coredump... Dec 03 15:54:37.732772 osdx OSDxCLI[367824]: User 'admin' executed a new command: 'system coredump delete all'. Dec 03 15:54:38.263336 osdx OSDxCLI[367824]: User 'admin' entered the configuration menu. Dec 03 15:54:38.412681 osdx OSDxCLI[367824]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 vrf RED'. Dec 03 15:54:38.479287 osdx OSDxCLI[367824]: User 'admin' added a new cfg line: 'set protocols vrf RED static route 0.0.0.0/0 next-hop 192.168.100.2'. Dec 03 15:54:38.540246 osdx zebra[1599]: [RZ3YY-GPH41][EC 100663310] snmp[warning]: Warning: Failed to connect to the agentx master agent ([NIL]): Dec 03 15:54:38.630090 osdx OSDxCLI[367824]: User 'admin' added a new cfg line: 'set system vrf RED'. Dec 03 15:54:38.701980 osdx OSDxCLI[367824]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 192.168.100.1/24'. Dec 03 15:54:38.818503 osdx OSDxCLI[367824]: User 'admin' added a new cfg line: 'set system conntrack logging events all'. Dec 03 15:54:38.937488 osdx OSDxCLI[367824]: User 'admin' added a new cfg line: 'show working'. Dec 03 15:54:39.056887 osdx (udev-worker)[408482]: RED: Could not disable auto negotiation, ignoring: Operation not supported Dec 03 15:54:39.056911 osdx (udev-worker)[408482]: Network interface NamePolicy= disabled on kernel command line. Dec 03 15:54:39.079897 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Dec 03 15:54:39.155900 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Dec 03 15:54:39.268350 osdx systemd[1]: Starting ulogd2.service - Netfilter Userspace Logging Daemon... Dec 03 15:54:39.269115 osdx systemd[1]: Started ulogd2.service - Netfilter Userspace Logging Daemon. Dec 03 15:54:39.270218 osdx ulogd[408586]: registering plugin `NFCT' Dec 03 15:54:39.270274 osdx ulogd[408586]: registering plugin `IP2STR' Dec 03 15:54:39.270321 osdx ulogd[408586]: registering plugin `PRINTFLOW' Dec 03 15:54:39.270371 osdx ulogd[408586]: registering plugin `SYSLOG' Dec 03 15:54:39.270375 osdx ulogd[408586]: building new pluginstance stack: 'ct1:NFCT,ip2str1:IP2STR,print1:PRINTFLOW,sys1:SYSLOG' Dec 03 15:54:39.270424 osdx ulogd[408586]: NFCT plugin working in event mode Dec 03 15:54:39.270432 osdx ulogd[408586]: Changing UID / GID Dec 03 15:54:39.270516 osdx ulogd[408586]: initialization finished, entering main loop Dec 03 15:54:39.270651 osdx cfgd[1634]: [367824]Completed change to active configuration Dec 03 15:54:39.297464 osdx OSDxCLI[367824]: User 'admin' committed the configuration. Dec 03 15:54:39.325302 osdx OSDxCLI[367824]: User 'admin' left the configuration menu. Dec 03 15:54:40.371834 osdx ulogd[408586]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 VRF=RED PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 VRF=RED PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 Dec 03 15:54:40.371859 osdx ulogd[408586]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 VRF=RED PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 VRF=RED PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 Dec 03 15:54:40.476980 osdx ulogd[408586]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 VRF=RED PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 VRF=RED PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 Dec 03 15:54:40.476999 osdx ulogd[408586]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 VRF=RED PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 VRF=RED PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0
Not-Bypass logging
Description
Set a simple configuration with a firewall service,
send a ping command from one device to other
and check that default and bypass fields appear when running system journal show.
Scenario
Step 1: Set the following configuration in DUT0:
set interfaces ethernet eth1 address 10.215.168.64/24 set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 2: Ping IP address 10.215.168.1 from DUT0:
admin@DUT0$ ping 10.215.168.1 count 1 size 56 timeout 1Show output
PING 10.215.168.1 (10.215.168.1) 56(84) bytes of data. 64 bytes from 10.215.168.1: icmp_seq=1 ttl=64 time=0.234 ms --- 10.215.168.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.234/0.234/0.234/0.000 ms
Step 3: Run command file copy http://10.215.168.1/~robot/test-performance.rules running:// force at DUT0 and expect this output:
Show output
% Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 100 129 100 129 0 0 3613 0 --:--:-- --:--:-- --:--:-- 3685
Step 4: Set the following configuration in DUT0:
set interfaces ethernet eth0 address 192.168.100.1/24 set interfaces ethernet eth0 traffic policy in POLICY set interfaces ethernet eth1 address 10.215.168.64/24 set service firewall FW mode inline queue FW_Q set service firewall FW ruleset file 'running://test-performance.rules' set service firewall FW stream bypass mark 129834765 set service firewall FW stream bypass mask 129834765 set service firewall FW stream bypass set-connmark set system conntrack logging events all set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0' set traffic policy POLICY rule 1 action enqueue FW_Q set traffic queue FW_Q elements 1
Step 5: Set the following configuration in DUT1:
set interfaces ethernet eth0 address 192.168.100.2/24 set protocols static route 0.0.0.0/0 next-hop 192.168.100.1 set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 6: Ping IP address 192.168.100.1 from DUT1:
admin@DUT1$ ping 192.168.100.1 count 1 size 56 timeout 1Show output
PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data. 64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.453 ms --- 192.168.100.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.453/0.453/0.453/0.000 ms
Step 7: Ping IP address 192.168.100.1 from DUT1:
admin@DUT1$ ping 192.168.100.1 count 1 size 56 timeout 1Show output
PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data. 64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.319 ms --- 192.168.100.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.319/0.319/0.319/0.000 ms
Step 8: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
ulogd\[.*\]:.*\[((NEW)|(UPDATE)|(DESTROY))\].*Sc: not-bypassShow output
Dec 03 15:54:45.365692 osdx systemd-journald[367964]: Runtime Journal (/run/log/journal/d3b584433ca54f4e84c38003c593de3f) is 2.0M, max 15.3M, 13.2M free. Dec 03 15:54:45.367053 osdx systemd-journald[367964]: Received client request to rotate journal, rotating. Dec 03 15:54:45.367123 osdx systemd-journald[367964]: Vacuuming done, freed 0B of archived journals from /run/log/journal/d3b584433ca54f4e84c38003c593de3f. Dec 03 15:54:45.377499 osdx OSDxCLI[367824]: User 'admin' executed a new command: 'system journal clear'. Dec 03 15:54:45.876209 osdx osdx-coredump[408793]: Deleting all coredumps in /opt/vyatta/etc/config/coredump... Dec 03 15:54:45.884196 osdx OSDxCLI[367824]: User 'admin' executed a new command: 'system coredump delete all'. Dec 03 15:54:46.435727 osdx OSDxCLI[367824]: User 'admin' entered the configuration menu. Dec 03 15:54:46.510069 osdx OSDxCLI[367824]: User 'admin' added a new cfg line: 'set interfaces ethernet eth1 address 10.215.168.64/24'. Dec 03 15:54:46.640260 osdx OSDxCLI[367824]: User 'admin' added a new cfg line: 'show working'. Dec 03 15:54:46.759786 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth1 Dec 03 15:54:46.869789 osdx cfgd[1634]: [367824]Completed change to active configuration Dec 03 15:54:46.921758 osdx OSDxCLI[367824]: User 'admin' committed the configuration. Dec 03 15:54:46.972371 osdx OSDxCLI[367824]: User 'admin' left the configuration menu. Dec 03 15:54:47.195163 osdx OSDxCLI[367824]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'. Dec 03 15:54:47.402420 osdx file_operation[408903]: using src url: http://10.215.168.1/~robot/test-performance.rules dst url: running:// Dec 03 15:54:47.465808 osdx OSDxCLI[367824]: User 'admin' executed a new command: 'file copy http://10.215.168.1/~robot/test-performance.rules running:// force'. Dec 03 15:54:47.657060 osdx OSDxCLI[367824]: User 'admin' entered the configuration menu. Dec 03 15:54:47.763455 osdx OSDxCLI[367824]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 traffic policy in POLICY'. Dec 03 15:54:47.875777 osdx OSDxCLI[367824]: User 'admin' added a new cfg line: 'set service firewall FW mode inline queue FW_Q'. Dec 03 15:54:47.975742 osdx OSDxCLI[367824]: User 'admin' added a new cfg line: 'set service firewall FW ruleset file running://test-performance.rules'. Dec 03 15:54:48.044628 osdx OSDxCLI[367824]: User 'admin' added a new cfg line: 'set service firewall FW stream bypass'. Dec 03 15:54:48.162376 osdx OSDxCLI[367824]: User 'admin' added a new cfg line: 'set service firewall FW stream bypass mark 129834765'. Dec 03 15:54:48.282727 osdx OSDxCLI[367824]: User 'admin' added a new cfg line: 'set service firewall FW stream bypass mask 129834765'. Dec 03 15:54:48.390191 osdx OSDxCLI[367824]: User 'admin' added a new cfg line: 'set service firewall FW stream bypass set-connmark'. Dec 03 15:54:48.504996 osdx OSDxCLI[367824]: User 'admin' added a new cfg line: 'set traffic queue FW_Q elements 1'. Dec 03 15:54:48.650488 osdx OSDxCLI[367824]: User 'admin' added a new cfg line: 'set traffic policy POLICY rule 1 action enqueue FW_Q'. Dec 03 15:54:48.766187 osdx OSDxCLI[367824]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 192.168.100.1/24'. Dec 03 15:54:48.886986 osdx OSDxCLI[367824]: User 'admin' added a new cfg line: 'set system conntrack logging events all'. Dec 03 15:54:48.994362 osdx OSDxCLI[367824]: User 'admin' added a new cfg line: 'show working'. Dec 03 15:54:49.159054 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Dec 03 15:54:49.275456 osdx systemd[1]: Starting ulogd2.service - Netfilter Userspace Logging Daemon... Dec 03 15:54:49.276421 osdx systemd[1]: ulogd2.service: Failed to parse PID from file /run/ulog/ulogd.pid: Invalid argument Dec 03 15:54:49.276909 osdx systemd[1]: Started ulogd2.service - Netfilter Userspace Logging Daemon. Dec 03 15:54:49.278256 osdx ulogd[409015]: registering plugin `NFCT' Dec 03 15:54:49.278305 osdx ulogd[409015]: registering plugin `IP2STR' Dec 03 15:54:49.278349 osdx ulogd[409015]: registering plugin `PRINTFLOW' Dec 03 15:54:49.278402 osdx ulogd[409015]: registering plugin `SYSLOG' Dec 03 15:54:49.278406 osdx ulogd[409015]: building new pluginstance stack: 'ct1:NFCT,ip2str1:IP2STR,print1:PRINTFLOW,sys1:SYSLOG' Dec 03 15:54:49.278456 osdx ulogd[409015]: NFCT plugin working in event mode Dec 03 15:54:49.278464 osdx ulogd[409015]: Changing UID / GID Dec 03 15:54:49.278541 osdx ulogd[409015]: initialization finished, entering main loop Dec 03 15:54:49.475605 osdx systemd[1]: Reloading. Dec 03 15:54:49.599053 osdx systemd-sysv-generator[409048]: stat() failed on /etc/init.d/README, ignoring: No such file or directory Dec 03 15:54:49.719692 osdx systemd[1]: Starting logrotate.service - Rotate log files... Dec 03 15:54:49.724401 osdx systemd[1]: Starting suricata@FW.service - Suricata client "FW" service... Dec 03 15:54:49.744642 osdx systemd[1]: Started suricata@FW.service - Suricata client "FW" service. Dec 03 15:54:49.750839 osdx ulogd[409015]: [NEW] ORIG: SRC=127.0.0.1 DST=127.0.0.1 PROTO=UDP SPT=37398 DPT=53 PKTS=0 BYTES=0 , REPLY: SRC=127.0.0.1 DST=127.0.0.1 PROTO=UDP SPT=53 DPT=37398 PKTS=0 BYTES=0 Dec 03 15:54:49.750842 osdx zebra[1599]: [RZ3YY-GPH41][EC 100663310] snmp[warning]: Warning: Failed to connect to the agentx master agent ([NIL]): Dec 03 15:54:49.750860 osdx ulogd[409015]: [NEW] ORIG: SRC=127.0.0.1 DST=127.0.0.1 PROTO=UDP SPT=41985 DPT=53 PKTS=0 BYTES=0 , REPLY: SRC=127.0.0.1 DST=127.0.0.1 PROTO=UDP SPT=53 DPT=41985 PKTS=0 BYTES=0 Dec 03 15:54:49.756706 osdx systemd[1]: logrotate.service: Deactivated successfully. Dec 03 15:54:49.756838 osdx systemd[1]: Finished logrotate.service - Rotate log files. Dec 03 15:54:50.194960 osdx INFO[409030]: Rules successfully loaded Dec 03 15:54:50.211383 osdx ulogd[409015]: Terminal signal received, exiting Dec 03 15:54:50.211475 osdx systemd[1]: Stopping ulogd2.service - Netfilter Userspace Logging Daemon... Dec 03 15:54:50.211792 osdx systemd[1]: ulogd2.service: Deactivated successfully. Dec 03 15:54:50.211926 osdx systemd[1]: Stopped ulogd2.service - Netfilter Userspace Logging Daemon. Dec 03 15:54:50.235576 osdx systemd[1]: Starting ulogd2.service - Netfilter Userspace Logging Daemon... Dec 03 15:54:50.236725 osdx systemd[1]: Started ulogd2.service - Netfilter Userspace Logging Daemon. Dec 03 15:54:50.236849 osdx ulogd[409075]: registering plugin `NFCT' Dec 03 15:54:50.236899 osdx ulogd[409075]: registering plugin `IP2STR' Dec 03 15:54:50.236942 osdx ulogd[409075]: registering plugin `PRINTFLOW' Dec 03 15:54:50.236993 osdx ulogd[409075]: registering plugin `SYSLOG' Dec 03 15:54:50.236997 osdx ulogd[409075]: building new pluginstance stack: 'ct1:NFCT,ip2str1:IP2STR,print1:PRINTFLOW,sys1:SYSLOG' Dec 03 15:54:50.237045 osdx ulogd[409075]: NFCT plugin working in event mode Dec 03 15:54:50.237053 osdx ulogd[409075]: Changing UID / GID Dec 03 15:54:50.237146 osdx ulogd[409075]: initialization finished, entering main loop Dec 03 15:54:50.239668 osdx cfgd[1634]: [367824]Completed change to active configuration Dec 03 15:54:50.279351 osdx ulogd[409075]: [DESTROY] ORIG: SRC=127.0.0.1 DST=127.0.0.1 PROTO=UDP SPT=37398 DPT=53 PKTS=1 BYTES=62 , REPLY: SRC=127.0.0.1 DST=127.0.0.1 PROTO=UDP SPT=53 DPT=37398 PKTS=0 BYTES=0 Dec 03 15:54:50.279376 osdx ulogd[409075]: [DESTROY] ORIG: SRC=127.0.0.1 DST=127.0.0.1 PROTO=UDP SPT=41985 DPT=53 PKTS=1 BYTES=62 , REPLY: SRC=127.0.0.1 DST=127.0.0.1 PROTO=UDP SPT=53 DPT=41985 PKTS=0 BYTES=0 Dec 03 15:54:50.280225 osdx OSDxCLI[367824]: User 'admin' committed the configuration. Dec 03 15:54:50.307511 osdx OSDxCLI[367824]: User 'admin' left the configuration menu. Dec 03 15:54:51.367406 osdx ulogd[409075]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 (Sc: not-bypass) Dec 03 15:54:51.367426 osdx ulogd[409075]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 (Sc: not-bypass) Dec 03 15:54:51.469936 osdx ulogd[409075]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 (Sc: not-bypass) Dec 03 15:54:51.469955 osdx ulogd[409075]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 (Sc: not-bypass)
Offload flag
Description
Set a simple configuration with DUT0 as an intermediary between DUT1
and DUT2. Initiate a ssh connection from DUT1 to DUT2
and check that default and offload fields appear when running system journal show.
Scenario
Step 1: Set the following configuration in DUT0:
set interfaces ethernet eth0 address 192.168.100.1/24 set interfaces ethernet eth1 address 192.168.200.1/24 set system conntrack logging events all set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 2: Set the following configuration in DUT1:
set interfaces ethernet eth0 address 192.168.100.2/24 set protocols static route 0.0.0.0/0 next-hop 192.168.100.1 set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 3: Set the following configuration in DUT2:
set interfaces ethernet eth0 address 192.168.200.2/24 set protocols static route 0.0.0.0/0 next-hop 192.168.200.1 set service ssh set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 4: Ping IP address 192.168.100.1 from DUT1:
admin@DUT1$ ping 192.168.100.1 count 1 size 56 timeout 1Show output
PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data. 64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.409 ms --- 192.168.100.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.409/0.409/0.409/0.000 ms
Step 5: Ping IP address 192.168.200.1 from DUT2:
admin@DUT2$ ping 192.168.200.1 count 1 size 56 timeout 1Show output
PING 192.168.200.1 (192.168.200.1) 56(84) bytes of data. 64 bytes from 192.168.200.1: icmp_seq=1 ttl=64 time=0.380 ms --- 192.168.200.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.380/0.380/0.380/0.000 ms
Step 6: Init an SSH connection from DUT1 to IP address 192.168.200.2 with the user admin:
admin@DUT1$ ssh admin@192.168.200.2 option StrictHostKeyChecking=no option UserKnownHostsFile=/dev/nullShow output
Warning: Permanently added '192.168.200.2' (ECDSA) to the list of known hosts. admin@192.168.200.2's password: Welcome to Teldat OSDx v4.2.1.2 This system includes free software. Contact Teldat for licenses information and source code. Last login: Tue Dec 3 15:53:19 2024 from 10.215.168.64 admin@osdx$
Step 7: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
ulogd\[.*\]:.*\[((NEW)|(UPDATE)|(DESTROY))\].*\[OFFLOAD\]Show output
Dec 03 15:54:59.306869 osdx systemd-journald[367964]: Runtime Journal (/run/log/journal/d3b584433ca54f4e84c38003c593de3f) is 2.0M, max 15.3M, 13.2M free. Dec 03 15:54:59.308186 osdx systemd-journald[367964]: Received client request to rotate journal, rotating. Dec 03 15:54:59.308253 osdx systemd-journald[367964]: Vacuuming done, freed 0B of archived journals from /run/log/journal/d3b584433ca54f4e84c38003c593de3f. Dec 03 15:54:59.318674 osdx OSDxCLI[367824]: User 'admin' executed a new command: 'system journal clear'. Dec 03 15:54:59.664749 osdx osdx-coredump[409295]: Deleting all coredumps in /opt/vyatta/etc/config/coredump... Dec 03 15:54:59.672553 osdx OSDxCLI[367824]: User 'admin' executed a new command: 'system coredump delete all'. Dec 03 15:55:00.205082 osdx OSDxCLI[367824]: User 'admin' entered the configuration menu. Dec 03 15:55:00.360368 osdx OSDxCLI[367824]: User 'admin' added a new cfg line: 'set interfaces ethernet eth1 address 192.168.200.1/24'. Dec 03 15:55:00.451040 osdx OSDxCLI[367824]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 192.168.100.1/24'. Dec 03 15:55:00.561058 osdx OSDxCLI[367824]: User 'admin' added a new cfg line: 'set system conntrack logging events all'. Dec 03 15:55:00.671858 osdx OSDxCLI[367824]: User 'admin' added a new cfg line: 'show working'. Dec 03 15:55:00.804627 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth1 Dec 03 15:55:00.908234 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Dec 03 15:55:01.040802 osdx systemd[1]: Starting ulogd2.service - Netfilter Userspace Logging Daemon... Dec 03 15:55:01.041420 osdx systemd[1]: Started ulogd2.service - Netfilter Userspace Logging Daemon. Dec 03 15:55:01.041471 osdx ulogd[409433]: registering plugin `NFCT' Dec 03 15:55:01.041513 osdx ulogd[409433]: registering plugin `IP2STR' Dec 03 15:55:01.041549 osdx ulogd[409433]: registering plugin `PRINTFLOW' Dec 03 15:55:01.041588 osdx ulogd[409433]: registering plugin `SYSLOG' Dec 03 15:55:01.041592 osdx ulogd[409433]: building new pluginstance stack: 'ct1:NFCT,ip2str1:IP2STR,print1:PRINTFLOW,sys1:SYSLOG' Dec 03 15:55:01.041638 osdx ulogd[409433]: NFCT plugin working in event mode Dec 03 15:55:01.041645 osdx ulogd[409433]: Changing UID / GID Dec 03 15:55:01.041720 osdx ulogd[409433]: initialization finished, entering main loop Dec 03 15:55:01.043318 osdx cfgd[1634]: [367824]Completed change to active configuration Dec 03 15:55:01.071878 osdx OSDxCLI[367824]: User 'admin' committed the configuration. Dec 03 15:55:01.112785 osdx OSDxCLI[367824]: User 'admin' left the configuration menu. Dec 03 15:55:03.294516 osdx ulogd[409433]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 Dec 03 15:55:03.294538 osdx ulogd[409433]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 Dec 03 15:55:03.390070 osdx ulogd[409433]: [NEW] ORIG: SRC=192.168.200.2 DST=192.168.200.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.200.1 DST=192.168.200.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 Dec 03 15:55:03.390092 osdx ulogd[409433]: [UPDATE] ORIG: SRC=192.168.200.2 DST=192.168.200.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.200.1 DST=192.168.200.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 Dec 03 15:55:03.471717 osdx ulogd[409433]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.200.2 PROTO=TCP SPT=45820 DPT=22 PKTS=0 BYTES=0 , REPLY: SRC=192.168.200.2 DST=192.168.100.2 PROTO=TCP SPT=22 DPT=45820 PKTS=0 BYTES=0 Dec 03 15:55:03.471878 osdx ulogd[409433]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.200.2 PROTO=TCP SPT=45820 DPT=22 PKTS=0 BYTES=0 , REPLY: SRC=192.168.200.2 DST=192.168.100.2 PROTO=TCP SPT=22 DPT=45820 PKTS=0 BYTES=0 Dec 03 15:55:03.472076 osdx ulogd[409433]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.200.2 PROTO=TCP SPT=45820 DPT=22 PKTS=0 BYTES=0 , REPLY: SRC=192.168.200.2 DST=192.168.100.2 PROTO=TCP SPT=22 DPT=45820 PKTS=0 BYTES=0 [OFFLOAD] Dec 03 15:55:03.817487 osdx ulogd[409433]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.200.2 PROTO=TCP SPT=45820 DPT=22 PKTS=0 BYTES=0 , REPLY: SRC=192.168.200.2 DST=192.168.100.2 PROTO=TCP SPT=22 DPT=45820 PKTS=0 BYTES=0 Dec 03 15:55:03.817940 osdx ulogd[409433]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.200.2 PROTO=TCP SPT=45820 DPT=22 PKTS=0 BYTES=0 , REPLY: SRC=192.168.200.2 DST=192.168.100.2 PROTO=TCP SPT=22 DPT=45820 PKTS=0 BYTES=0 [OFFLOAD] Dec 03 15:55:03.821332 osdx ulogd[409433]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.200.2 PROTO=TCP SPT=45820 DPT=22 PKTS=0 BYTES=0 , REPLY: SRC=192.168.200.2 DST=192.168.100.2 PROTO=TCP SPT=22 DPT=45820 PKTS=0 BYTES=0 Dec 03 15:55:03.821539 osdx ulogd[409433]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.200.2 PROTO=TCP SPT=45820 DPT=22 PKTS=0 BYTES=0 , REPLY: SRC=192.168.200.2 DST=192.168.100.2 PROTO=TCP SPT=22 DPT=45820 PKTS=0 BYTES=0 [OFFLOAD]
App detect logging
Description
Set a simple configuration enabling app detection in system conntrack, send a ping command from DUT1
and check app detect field appears when running system journal show. After that, enabling app detection
in system conntrack for http host, try to copy index.html from a http server
and check that the app detect field appears and belongs to the http server when running system journal show.
Scenario
Step 1: Set the following configuration in DUT0:
set interfaces ethernet eth0 address 192.168.100.1/24 set system conntrack app-detect set system conntrack logging events all set system conntrack timeout icmp 1 set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 2: Set the following configuration in DUT1:
set interfaces ethernet eth0 address 192.168.100.2/24 set protocols static route 0.0.0.0/0 next-hop 192.168.100.1 set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 3: Ping IP address 192.168.100.1 from DUT1:
admin@DUT1$ ping 192.168.100.1 count 1 size 56 timeout 1Show output
PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data. 64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.438 ms --- 192.168.100.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.438/0.438/0.438/0.000 ms
Step 4: Ping IP address 192.168.100.1 from DUT1:
admin@DUT1$ ping 192.168.100.1 count 3 size 56 timeout 1Show output
PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data. 64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.273 ms 64 bytes from 192.168.100.1: icmp_seq=2 ttl=64 time=0.307 ms 64 bytes from 192.168.100.1: icmp_seq=3 ttl=64 time=0.316 ms --- 192.168.100.1 ping statistics --- 3 packets transmitted, 3 received, 0% packet loss, time 2037ms rtt min/avg/max/mdev = 0.273/0.298/0.316/0.018 ms
Step 5: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
ulogd\[.*\]:.*\[NEW\].*APPDETECT\[L3:1\]Show output
Dec 03 15:55:09.000218 osdx systemd-timedated[405972]: Changed local time to Tue 2024-12-03 15:55:09 UTC Dec 03 15:55:09.000894 osdx systemd-journald[367964]: Time jumped backwards, rotating. Dec 03 15:55:09.001373 osdx OSDxCLI[367824]: User 'admin' executed a new command: 'set date 2024-12-03 15:55:09'. Dec 03 15:55:09.332054 osdx systemd-journald[367964]: Runtime Journal (/run/log/journal/d3b584433ca54f4e84c38003c593de3f) is 3.6M, max 15.3M, 11.6M free. Dec 03 15:55:09.332886 osdx systemd-journald[367964]: Received client request to rotate journal, rotating. Dec 03 15:55:09.332934 osdx systemd-journald[367964]: Vacuuming done, freed 0B of archived journals from /run/log/journal/d3b584433ca54f4e84c38003c593de3f. Dec 03 15:55:09.342912 osdx OSDxCLI[367824]: User 'admin' executed a new command: 'system journal clear'. Dec 03 15:55:09.742618 osdx osdx-coredump[409592]: Deleting all coredumps in /opt/vyatta/etc/config/coredump... Dec 03 15:55:09.752729 osdx OSDxCLI[367824]: User 'admin' executed a new command: 'system coredump delete all'. Dec 03 15:55:10.378591 osdx OSDxCLI[367824]: User 'admin' entered the configuration menu. Dec 03 15:55:10.442767 osdx OSDxCLI[367824]: User 'admin' added a new cfg line: 'set system conntrack app-detect'. Dec 03 15:55:10.553782 osdx OSDxCLI[367824]: User 'admin' added a new cfg line: 'set system conntrack timeout icmp 1'. Dec 03 15:55:10.636085 osdx OSDxCLI[367824]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 192.168.100.1/24'. Dec 03 15:55:10.741007 osdx OSDxCLI[367824]: User 'admin' added a new cfg line: 'set system conntrack logging events all'. Dec 03 15:55:10.815758 osdx OSDxCLI[367824]: User 'admin' added a new cfg line: 'show working'. Dec 03 15:55:11.052895 osdx kernel: app-detect: module init Dec 03 15:55:11.052954 osdx kernel: app-detect: registered: sysctl net.appdetect Dec 03 15:55:11.052970 osdx kernel: app-detect: expression init Dec 03 15:55:11.052987 osdx kernel: app-detect: appid cache initialized Dec 03 15:55:11.052999 osdx kernel: app-detect: appid cache changes counter initialized Dec 03 15:55:11.057016 osdx modulelauncher[409616]: AppDetect: no change in application dictionaries, thus nothing more to do Dec 03 15:55:11.080901 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Dec 03 15:55:11.193289 osdx systemd[1]: Starting ulogd2.service - Netfilter Userspace Logging Daemon... Dec 03 15:55:11.194076 osdx systemd[1]: ulogd2.service: Failed to parse PID from file /run/ulog/ulogd.pid: Invalid argument Dec 03 15:55:11.196925 osdx systemd[1]: Started ulogd2.service - Netfilter Userspace Logging Daemon. Dec 03 15:55:11.197481 osdx ulogd[409702]: registering plugin `NFCT' Dec 03 15:55:11.197521 osdx ulogd[409702]: registering plugin `IP2STR' Dec 03 15:55:11.197568 osdx ulogd[409702]: registering plugin `PRINTFLOW' Dec 03 15:55:11.197608 osdx ulogd[409702]: registering plugin `SYSLOG' Dec 03 15:55:11.197612 osdx ulogd[409702]: building new pluginstance stack: 'ct1:NFCT,ip2str1:IP2STR,print1:PRINTFLOW,sys1:SYSLOG' Dec 03 15:55:11.197650 osdx ulogd[409702]: NFCT plugin working in event mode Dec 03 15:55:11.197657 osdx ulogd[409702]: Changing UID / GID Dec 03 15:55:11.197735 osdx ulogd[409702]: initialization finished, entering main loop Dec 03 15:55:11.198835 osdx cfgd[1634]: [367824]Completed change to active configuration Dec 03 15:55:11.226547 osdx OSDxCLI[367824]: User 'admin' committed the configuration. Dec 03 15:55:11.244664 osdx OSDxCLI[367824]: User 'admin' left the configuration menu. Dec 03 15:55:11.579337 osdx zebra[1599]: [RZ3YY-GPH41][EC 100663310] snmp[warning]: Warning: Failed to connect to the agentx master agent ([NIL]): Dec 03 15:55:11.579428 osdx ulogd[409702]: [NEW] ORIG: SRC=127.0.0.1 DST=127.0.0.1 PROTO=UDP SPT=45884 DPT=53 PKTS=0 BYTES=0 , REPLY: SRC=127.0.0.1 DST=127.0.0.1 PROTO=UDP SPT=53 DPT=45884 PKTS=0 BYTES=0 APPDETECT[L4:53] Dec 03 15:55:11.579445 osdx ulogd[409702]: [NEW] ORIG: SRC=127.0.0.1 DST=127.0.0.1 PROTO=UDP SPT=59869 DPT=53 PKTS=0 BYTES=0 , REPLY: SRC=127.0.0.1 DST=127.0.0.1 PROTO=UDP SPT=53 DPT=59869 PKTS=0 BYTES=0 APPDETECT[L4:53] Dec 03 15:55:12.190683 osdx ulogd[409702]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Dec 03 15:55:12.190710 osdx ulogd[409702]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Dec 03 15:55:12.286005 osdx ulogd[409702]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Dec 03 15:55:12.286031 osdx ulogd[409702]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Dec 03 15:55:13.299112 osdx ulogd[409702]: [DESTROY] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 APPDETECT[L3:1] Dec 03 15:55:13.299132 osdx ulogd[409702]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Dec 03 15:55:13.299151 osdx ulogd[409702]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Dec 03 15:55:14.323110 osdx ulogd[409702]: [DESTROY] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 APPDETECT[L3:1] Dec 03 15:55:14.323133 osdx ulogd[409702]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Dec 03 15:55:14.323153 osdx ulogd[409702]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1]
Step 6: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
ulogd\[.*\]:.*\[UPDATE\].*APPDETECT\[L3:1\]Show output
Dec 03 15:55:09.000218 osdx systemd-timedated[405972]: Changed local time to Tue 2024-12-03 15:55:09 UTC Dec 03 15:55:09.000894 osdx systemd-journald[367964]: Time jumped backwards, rotating. Dec 03 15:55:09.001373 osdx OSDxCLI[367824]: User 'admin' executed a new command: 'set date 2024-12-03 15:55:09'. Dec 03 15:55:09.332054 osdx systemd-journald[367964]: Runtime Journal (/run/log/journal/d3b584433ca54f4e84c38003c593de3f) is 3.6M, max 15.3M, 11.6M free. Dec 03 15:55:09.332886 osdx systemd-journald[367964]: Received client request to rotate journal, rotating. Dec 03 15:55:09.332934 osdx systemd-journald[367964]: Vacuuming done, freed 0B of archived journals from /run/log/journal/d3b584433ca54f4e84c38003c593de3f. Dec 03 15:55:09.342912 osdx OSDxCLI[367824]: User 'admin' executed a new command: 'system journal clear'. Dec 03 15:55:09.742618 osdx osdx-coredump[409592]: Deleting all coredumps in /opt/vyatta/etc/config/coredump... Dec 03 15:55:09.752729 osdx OSDxCLI[367824]: User 'admin' executed a new command: 'system coredump delete all'. Dec 03 15:55:10.378591 osdx OSDxCLI[367824]: User 'admin' entered the configuration menu. Dec 03 15:55:10.442767 osdx OSDxCLI[367824]: User 'admin' added a new cfg line: 'set system conntrack app-detect'. Dec 03 15:55:10.553782 osdx OSDxCLI[367824]: User 'admin' added a new cfg line: 'set system conntrack timeout icmp 1'. Dec 03 15:55:10.636085 osdx OSDxCLI[367824]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 192.168.100.1/24'. Dec 03 15:55:10.741007 osdx OSDxCLI[367824]: User 'admin' added a new cfg line: 'set system conntrack logging events all'. Dec 03 15:55:10.815758 osdx OSDxCLI[367824]: User 'admin' added a new cfg line: 'show working'. Dec 03 15:55:11.052895 osdx kernel: app-detect: module init Dec 03 15:55:11.052954 osdx kernel: app-detect: registered: sysctl net.appdetect Dec 03 15:55:11.052970 osdx kernel: app-detect: expression init Dec 03 15:55:11.052987 osdx kernel: app-detect: appid cache initialized Dec 03 15:55:11.052999 osdx kernel: app-detect: appid cache changes counter initialized Dec 03 15:55:11.057016 osdx modulelauncher[409616]: AppDetect: no change in application dictionaries, thus nothing more to do Dec 03 15:55:11.080901 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Dec 03 15:55:11.193289 osdx systemd[1]: Starting ulogd2.service - Netfilter Userspace Logging Daemon... Dec 03 15:55:11.194076 osdx systemd[1]: ulogd2.service: Failed to parse PID from file /run/ulog/ulogd.pid: Invalid argument Dec 03 15:55:11.196925 osdx systemd[1]: Started ulogd2.service - Netfilter Userspace Logging Daemon. Dec 03 15:55:11.197481 osdx ulogd[409702]: registering plugin `NFCT' Dec 03 15:55:11.197521 osdx ulogd[409702]: registering plugin `IP2STR' Dec 03 15:55:11.197568 osdx ulogd[409702]: registering plugin `PRINTFLOW' Dec 03 15:55:11.197608 osdx ulogd[409702]: registering plugin `SYSLOG' Dec 03 15:55:11.197612 osdx ulogd[409702]: building new pluginstance stack: 'ct1:NFCT,ip2str1:IP2STR,print1:PRINTFLOW,sys1:SYSLOG' Dec 03 15:55:11.197650 osdx ulogd[409702]: NFCT plugin working in event mode Dec 03 15:55:11.197657 osdx ulogd[409702]: Changing UID / GID Dec 03 15:55:11.197735 osdx ulogd[409702]: initialization finished, entering main loop Dec 03 15:55:11.198835 osdx cfgd[1634]: [367824]Completed change to active configuration Dec 03 15:55:11.226547 osdx OSDxCLI[367824]: User 'admin' committed the configuration. Dec 03 15:55:11.244664 osdx OSDxCLI[367824]: User 'admin' left the configuration menu. Dec 03 15:55:11.579337 osdx zebra[1599]: [RZ3YY-GPH41][EC 100663310] snmp[warning]: Warning: Failed to connect to the agentx master agent ([NIL]): Dec 03 15:55:11.579428 osdx ulogd[409702]: [NEW] ORIG: SRC=127.0.0.1 DST=127.0.0.1 PROTO=UDP SPT=45884 DPT=53 PKTS=0 BYTES=0 , REPLY: SRC=127.0.0.1 DST=127.0.0.1 PROTO=UDP SPT=53 DPT=45884 PKTS=0 BYTES=0 APPDETECT[L4:53] Dec 03 15:55:11.579445 osdx ulogd[409702]: [NEW] ORIG: SRC=127.0.0.1 DST=127.0.0.1 PROTO=UDP SPT=59869 DPT=53 PKTS=0 BYTES=0 , REPLY: SRC=127.0.0.1 DST=127.0.0.1 PROTO=UDP SPT=53 DPT=59869 PKTS=0 BYTES=0 APPDETECT[L4:53] Dec 03 15:55:12.190683 osdx ulogd[409702]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Dec 03 15:55:12.190710 osdx ulogd[409702]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Dec 03 15:55:12.286005 osdx ulogd[409702]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Dec 03 15:55:12.286031 osdx ulogd[409702]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Dec 03 15:55:13.299112 osdx ulogd[409702]: [DESTROY] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 APPDETECT[L3:1] Dec 03 15:55:13.299132 osdx ulogd[409702]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Dec 03 15:55:13.299151 osdx ulogd[409702]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Dec 03 15:55:14.323110 osdx ulogd[409702]: [DESTROY] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 APPDETECT[L3:1] Dec 03 15:55:14.323133 osdx ulogd[409702]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Dec 03 15:55:14.323153 osdx ulogd[409702]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Dec 03 15:55:14.455058 osdx OSDxCLI[367824]: User 'admin' executed a new command: 'system journal show | cat'.
Step 7: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
ulogd\[.*\]:.*\[DESTROY\].*APPDETECT\[L3:1\]Show output
Dec 03 15:55:09.000218 osdx systemd-timedated[405972]: Changed local time to Tue 2024-12-03 15:55:09 UTC Dec 03 15:55:09.000894 osdx systemd-journald[367964]: Time jumped backwards, rotating. Dec 03 15:55:09.001373 osdx OSDxCLI[367824]: User 'admin' executed a new command: 'set date 2024-12-03 15:55:09'. Dec 03 15:55:09.332054 osdx systemd-journald[367964]: Runtime Journal (/run/log/journal/d3b584433ca54f4e84c38003c593de3f) is 3.6M, max 15.3M, 11.6M free. Dec 03 15:55:09.332886 osdx systemd-journald[367964]: Received client request to rotate journal, rotating. Dec 03 15:55:09.332934 osdx systemd-journald[367964]: Vacuuming done, freed 0B of archived journals from /run/log/journal/d3b584433ca54f4e84c38003c593de3f. Dec 03 15:55:09.342912 osdx OSDxCLI[367824]: User 'admin' executed a new command: 'system journal clear'. Dec 03 15:55:09.742618 osdx osdx-coredump[409592]: Deleting all coredumps in /opt/vyatta/etc/config/coredump... Dec 03 15:55:09.752729 osdx OSDxCLI[367824]: User 'admin' executed a new command: 'system coredump delete all'. Dec 03 15:55:10.378591 osdx OSDxCLI[367824]: User 'admin' entered the configuration menu. Dec 03 15:55:10.442767 osdx OSDxCLI[367824]: User 'admin' added a new cfg line: 'set system conntrack app-detect'. Dec 03 15:55:10.553782 osdx OSDxCLI[367824]: User 'admin' added a new cfg line: 'set system conntrack timeout icmp 1'. Dec 03 15:55:10.636085 osdx OSDxCLI[367824]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 192.168.100.1/24'. Dec 03 15:55:10.741007 osdx OSDxCLI[367824]: User 'admin' added a new cfg line: 'set system conntrack logging events all'. Dec 03 15:55:10.815758 osdx OSDxCLI[367824]: User 'admin' added a new cfg line: 'show working'. Dec 03 15:55:11.052895 osdx kernel: app-detect: module init Dec 03 15:55:11.052954 osdx kernel: app-detect: registered: sysctl net.appdetect Dec 03 15:55:11.052970 osdx kernel: app-detect: expression init Dec 03 15:55:11.052987 osdx kernel: app-detect: appid cache initialized Dec 03 15:55:11.052999 osdx kernel: app-detect: appid cache changes counter initialized Dec 03 15:55:11.057016 osdx modulelauncher[409616]: AppDetect: no change in application dictionaries, thus nothing more to do Dec 03 15:55:11.080901 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Dec 03 15:55:11.193289 osdx systemd[1]: Starting ulogd2.service - Netfilter Userspace Logging Daemon... Dec 03 15:55:11.194076 osdx systemd[1]: ulogd2.service: Failed to parse PID from file /run/ulog/ulogd.pid: Invalid argument Dec 03 15:55:11.196925 osdx systemd[1]: Started ulogd2.service - Netfilter Userspace Logging Daemon. Dec 03 15:55:11.197481 osdx ulogd[409702]: registering plugin `NFCT' Dec 03 15:55:11.197521 osdx ulogd[409702]: registering plugin `IP2STR' Dec 03 15:55:11.197568 osdx ulogd[409702]: registering plugin `PRINTFLOW' Dec 03 15:55:11.197608 osdx ulogd[409702]: registering plugin `SYSLOG' Dec 03 15:55:11.197612 osdx ulogd[409702]: building new pluginstance stack: 'ct1:NFCT,ip2str1:IP2STR,print1:PRINTFLOW,sys1:SYSLOG' Dec 03 15:55:11.197650 osdx ulogd[409702]: NFCT plugin working in event mode Dec 03 15:55:11.197657 osdx ulogd[409702]: Changing UID / GID Dec 03 15:55:11.197735 osdx ulogd[409702]: initialization finished, entering main loop Dec 03 15:55:11.198835 osdx cfgd[1634]: [367824]Completed change to active configuration Dec 03 15:55:11.226547 osdx OSDxCLI[367824]: User 'admin' committed the configuration. Dec 03 15:55:11.244664 osdx OSDxCLI[367824]: User 'admin' left the configuration menu. Dec 03 15:55:11.579337 osdx zebra[1599]: [RZ3YY-GPH41][EC 100663310] snmp[warning]: Warning: Failed to connect to the agentx master agent ([NIL]): Dec 03 15:55:11.579428 osdx ulogd[409702]: [NEW] ORIG: SRC=127.0.0.1 DST=127.0.0.1 PROTO=UDP SPT=45884 DPT=53 PKTS=0 BYTES=0 , REPLY: SRC=127.0.0.1 DST=127.0.0.1 PROTO=UDP SPT=53 DPT=45884 PKTS=0 BYTES=0 APPDETECT[L4:53] Dec 03 15:55:11.579445 osdx ulogd[409702]: [NEW] ORIG: SRC=127.0.0.1 DST=127.0.0.1 PROTO=UDP SPT=59869 DPT=53 PKTS=0 BYTES=0 , REPLY: SRC=127.0.0.1 DST=127.0.0.1 PROTO=UDP SPT=53 DPT=59869 PKTS=0 BYTES=0 APPDETECT[L4:53] Dec 03 15:55:12.190683 osdx ulogd[409702]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Dec 03 15:55:12.190710 osdx ulogd[409702]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Dec 03 15:55:12.286005 osdx ulogd[409702]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Dec 03 15:55:12.286031 osdx ulogd[409702]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Dec 03 15:55:13.299112 osdx ulogd[409702]: [DESTROY] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 APPDETECT[L3:1] Dec 03 15:55:13.299132 osdx ulogd[409702]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Dec 03 15:55:13.299151 osdx ulogd[409702]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Dec 03 15:55:14.323110 osdx ulogd[409702]: [DESTROY] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 APPDETECT[L3:1] Dec 03 15:55:14.323133 osdx ulogd[409702]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Dec 03 15:55:14.323153 osdx ulogd[409702]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Dec 03 15:55:14.455058 osdx OSDxCLI[367824]: User 'admin' executed a new command: 'system journal show | cat'. Dec 03 15:55:14.590287 osdx OSDxCLI[367824]: User 'admin' executed a new command: 'system journal show | cat'.
Step 8: Modify the following configuration lines in DUT0:
set interfaces ethernet eth1 address 10.215.168.64/24 set system conntrack app-detect http-host
Step 9: Ping IP address 10.215.168.1 from DUT0:
admin@DUT0$ ping 10.215.168.1 count 1 size 56 timeout 1Show output
PING 10.215.168.1 (10.215.168.1) 56(84) bytes of data. 64 bytes from 10.215.168.1: icmp_seq=1 ttl=64 time=0.242 ms --- 10.215.168.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.242/0.242/0.242/0.000 ms
Step 10: Run command file copy http://10.215.168.1/~robot/ running://index.html at DUT0 and expect this output:
Show output
% Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 100 4352 0 4352 0 0 375k 0 --:--:-- --:--:-- --:--:-- 386k
Step 11: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
ulogd\[.*\]:.*\[((NEW)|(UPDATE)|(DESTROY))\].*APPDETECT\[L4:80 http-host:10.215.168.1\]Show output
Dec 03 15:55:09.000218 osdx systemd-timedated[405972]: Changed local time to Tue 2024-12-03 15:55:09 UTC Dec 03 15:55:09.000894 osdx systemd-journald[367964]: Time jumped backwards, rotating. Dec 03 15:55:09.001373 osdx OSDxCLI[367824]: User 'admin' executed a new command: 'set date 2024-12-03 15:55:09'. Dec 03 15:55:09.332054 osdx systemd-journald[367964]: Runtime Journal (/run/log/journal/d3b584433ca54f4e84c38003c593de3f) is 3.6M, max 15.3M, 11.6M free. Dec 03 15:55:09.332886 osdx systemd-journald[367964]: Received client request to rotate journal, rotating. Dec 03 15:55:09.332934 osdx systemd-journald[367964]: Vacuuming done, freed 0B of archived journals from /run/log/journal/d3b584433ca54f4e84c38003c593de3f. Dec 03 15:55:09.342912 osdx OSDxCLI[367824]: User 'admin' executed a new command: 'system journal clear'. Dec 03 15:55:09.742618 osdx osdx-coredump[409592]: Deleting all coredumps in /opt/vyatta/etc/config/coredump... Dec 03 15:55:09.752729 osdx OSDxCLI[367824]: User 'admin' executed a new command: 'system coredump delete all'. Dec 03 15:55:10.378591 osdx OSDxCLI[367824]: User 'admin' entered the configuration menu. Dec 03 15:55:10.442767 osdx OSDxCLI[367824]: User 'admin' added a new cfg line: 'set system conntrack app-detect'. Dec 03 15:55:10.553782 osdx OSDxCLI[367824]: User 'admin' added a new cfg line: 'set system conntrack timeout icmp 1'. Dec 03 15:55:10.636085 osdx OSDxCLI[367824]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 192.168.100.1/24'. Dec 03 15:55:10.741007 osdx OSDxCLI[367824]: User 'admin' added a new cfg line: 'set system conntrack logging events all'. Dec 03 15:55:10.815758 osdx OSDxCLI[367824]: User 'admin' added a new cfg line: 'show working'. Dec 03 15:55:11.052895 osdx kernel: app-detect: module init Dec 03 15:55:11.052954 osdx kernel: app-detect: registered: sysctl net.appdetect Dec 03 15:55:11.052970 osdx kernel: app-detect: expression init Dec 03 15:55:11.052987 osdx kernel: app-detect: appid cache initialized Dec 03 15:55:11.052999 osdx kernel: app-detect: appid cache changes counter initialized Dec 03 15:55:11.057016 osdx modulelauncher[409616]: AppDetect: no change in application dictionaries, thus nothing more to do Dec 03 15:55:11.080901 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Dec 03 15:55:11.193289 osdx systemd[1]: Starting ulogd2.service - Netfilter Userspace Logging Daemon... Dec 03 15:55:11.194076 osdx systemd[1]: ulogd2.service: Failed to parse PID from file /run/ulog/ulogd.pid: Invalid argument Dec 03 15:55:11.196925 osdx systemd[1]: Started ulogd2.service - Netfilter Userspace Logging Daemon. Dec 03 15:55:11.197481 osdx ulogd[409702]: registering plugin `NFCT' Dec 03 15:55:11.197521 osdx ulogd[409702]: registering plugin `IP2STR' Dec 03 15:55:11.197568 osdx ulogd[409702]: registering plugin `PRINTFLOW' Dec 03 15:55:11.197608 osdx ulogd[409702]: registering plugin `SYSLOG' Dec 03 15:55:11.197612 osdx ulogd[409702]: building new pluginstance stack: 'ct1:NFCT,ip2str1:IP2STR,print1:PRINTFLOW,sys1:SYSLOG' Dec 03 15:55:11.197650 osdx ulogd[409702]: NFCT plugin working in event mode Dec 03 15:55:11.197657 osdx ulogd[409702]: Changing UID / GID Dec 03 15:55:11.197735 osdx ulogd[409702]: initialization finished, entering main loop Dec 03 15:55:11.198835 osdx cfgd[1634]: [367824]Completed change to active configuration Dec 03 15:55:11.226547 osdx OSDxCLI[367824]: User 'admin' committed the configuration. Dec 03 15:55:11.244664 osdx OSDxCLI[367824]: User 'admin' left the configuration menu. Dec 03 15:55:11.579337 osdx zebra[1599]: [RZ3YY-GPH41][EC 100663310] snmp[warning]: Warning: Failed to connect to the agentx master agent ([NIL]): Dec 03 15:55:11.579428 osdx ulogd[409702]: [NEW] ORIG: SRC=127.0.0.1 DST=127.0.0.1 PROTO=UDP SPT=45884 DPT=53 PKTS=0 BYTES=0 , REPLY: SRC=127.0.0.1 DST=127.0.0.1 PROTO=UDP SPT=53 DPT=45884 PKTS=0 BYTES=0 APPDETECT[L4:53] Dec 03 15:55:11.579445 osdx ulogd[409702]: [NEW] ORIG: SRC=127.0.0.1 DST=127.0.0.1 PROTO=UDP SPT=59869 DPT=53 PKTS=0 BYTES=0 , REPLY: SRC=127.0.0.1 DST=127.0.0.1 PROTO=UDP SPT=53 DPT=59869 PKTS=0 BYTES=0 APPDETECT[L4:53] Dec 03 15:55:12.190683 osdx ulogd[409702]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Dec 03 15:55:12.190710 osdx ulogd[409702]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Dec 03 15:55:12.286005 osdx ulogd[409702]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Dec 03 15:55:12.286031 osdx ulogd[409702]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Dec 03 15:55:13.299112 osdx ulogd[409702]: [DESTROY] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 APPDETECT[L3:1] Dec 03 15:55:13.299132 osdx ulogd[409702]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Dec 03 15:55:13.299151 osdx ulogd[409702]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Dec 03 15:55:14.323110 osdx ulogd[409702]: [DESTROY] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 APPDETECT[L3:1] Dec 03 15:55:14.323133 osdx ulogd[409702]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Dec 03 15:55:14.323153 osdx ulogd[409702]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Dec 03 15:55:14.455058 osdx OSDxCLI[367824]: User 'admin' executed a new command: 'system journal show | cat'. Dec 03 15:55:14.590287 osdx OSDxCLI[367824]: User 'admin' executed a new command: 'system journal show | cat'. Dec 03 15:55:14.752341 osdx OSDxCLI[367824]: User 'admin' executed a new command: 'system journal show | cat'. Dec 03 15:55:14.913861 osdx OSDxCLI[367824]: User 'admin' entered the configuration menu. Dec 03 15:55:15.045627 osdx OSDxCLI[367824]: User 'admin' added a new cfg line: 'set interfaces ethernet eth1 address 10.215.168.64/24'. Dec 03 15:55:15.138861 osdx OSDxCLI[367824]: User 'admin' added a new cfg line: 'set system conntrack app-detect http-host'. Dec 03 15:55:15.257703 osdx OSDxCLI[367824]: User 'admin' added a new cfg line: 'show changes'. Dec 03 15:55:15.372900 osdx kernel: app-detect: expression destroy Dec 03 15:55:15.404904 osdx kernel: app-detect: expression init Dec 03 15:55:15.404982 osdx kernel: app-detect: appid cache initialized Dec 03 15:55:15.404997 osdx kernel: app-detect: appid cache changes counter initialized Dec 03 15:55:15.410840 osdx modulelauncher[409754]: AppDetect: no change in application dictionaries, thus nothing more to do Dec 03 15:55:15.432894 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth1 Dec 03 15:55:15.523001 osdx cfgd[1634]: [367824]Completed change to active configuration Dec 03 15:55:15.550125 osdx ulogd[409702]: [DESTROY] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 APPDETECT[L3:1] Dec 03 15:55:15.550146 osdx ulogd[409702]: [DESTROY] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 APPDETECT[L3:1] Dec 03 15:55:15.550166 osdx ulogd[409702]: [DESTROY] ORIG: SRC=127.0.0.1 DST=127.0.0.1 PROTO=UDP SPT=45884 DPT=53 PKTS=1 BYTES=62 , REPLY: SRC=127.0.0.1 DST=127.0.0.1 PROTO=UDP SPT=53 DPT=45884 PKTS=0 BYTES=0 APPDETECT[L4:53] Dec 03 15:55:15.550180 osdx ulogd[409702]: [DESTROY] ORIG: SRC=127.0.0.1 DST=127.0.0.1 PROTO=UDP SPT=59869 DPT=53 PKTS=1 BYTES=62 , REPLY: SRC=127.0.0.1 DST=127.0.0.1 PROTO=UDP SPT=53 DPT=59869 PKTS=0 BYTES=0 APPDETECT[L4:53] Dec 03 15:55:15.551004 osdx OSDxCLI[367824]: User 'admin' committed the configuration. Dec 03 15:55:15.580437 osdx OSDxCLI[367824]: User 'admin' left the configuration menu. Dec 03 15:55:15.746733 osdx ulogd[409702]: [NEW] ORIG: SRC=10.215.168.64 DST=10.215.168.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=10.215.168.1 DST=10.215.168.64 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Dec 03 15:55:15.746944 osdx ulogd[409702]: [UPDATE] ORIG: SRC=10.215.168.64 DST=10.215.168.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=10.215.168.1 DST=10.215.168.64 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Dec 03 15:55:15.748792 osdx OSDxCLI[367824]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'. Dec 03 15:55:15.908482 osdx file_operation[409856]: using src url: http://10.215.168.1/~robot/ dst url: running://index.html Dec 03 15:55:15.912157 osdx ulogd[409702]: [NEW] ORIG: SRC=10.215.168.64 DST=10.215.168.1 PROTO=TCP SPT=52980 DPT=80 PKTS=0 BYTES=0 , REPLY: SRC=10.215.168.1 DST=10.215.168.64 PROTO=TCP SPT=80 DPT=52980 PKTS=0 BYTES=0 APPDETECT[L4:80] Dec 03 15:55:15.912186 osdx ulogd[409702]: [UPDATE] ORIG: SRC=10.215.168.64 DST=10.215.168.1 PROTO=TCP SPT=52980 DPT=80 PKTS=0 BYTES=0 , REPLY: SRC=10.215.168.1 DST=10.215.168.64 PROTO=TCP SPT=80 DPT=52980 PKTS=0 BYTES=0 APPDETECT[L4:80] Dec 03 15:55:15.912201 osdx ulogd[409702]: [UPDATE] ORIG: SRC=10.215.168.64 DST=10.215.168.1 PROTO=TCP SPT=52980 DPT=80 PKTS=0 BYTES=0 , REPLY: SRC=10.215.168.1 DST=10.215.168.64 PROTO=TCP SPT=80 DPT=52980 PKTS=0 BYTES=0 APPDETECT[L4:80] Dec 03 15:55:15.920691 osdx ulogd[409702]: [UPDATE] ORIG: SRC=10.215.168.64 DST=10.215.168.1 PROTO=TCP SPT=52980 DPT=80 PKTS=0 BYTES=0 , REPLY: SRC=10.215.168.1 DST=10.215.168.64 PROTO=TCP SPT=80 DPT=52980 PKTS=0 BYTES=0 APPDETECT[L4:80 http-host:10.215.168.1] Dec 03 15:55:15.920806 osdx ulogd[409702]: [UPDATE] ORIG: SRC=10.215.168.64 DST=10.215.168.1 PROTO=TCP SPT=52980 DPT=80 PKTS=0 BYTES=0 , REPLY: SRC=10.215.168.1 DST=10.215.168.64 PROTO=TCP SPT=80 DPT=52980 PKTS=0 BYTES=0 APPDETECT[L4:80 http-host:10.215.168.1] Dec 03 15:55:15.921082 osdx ulogd[409702]: [UPDATE] ORIG: SRC=10.215.168.64 DST=10.215.168.1 PROTO=TCP SPT=52980 DPT=80 PKTS=0 BYTES=0 , REPLY: SRC=10.215.168.1 DST=10.215.168.64 PROTO=TCP SPT=80 DPT=52980 PKTS=0 BYTES=0 APPDETECT[L4:80 http-host:10.215.168.1] Dec 03 15:55:15.952575 osdx OSDxCLI[367824]: User 'admin' executed a new command: 'file copy http://10.215.168.1/~robot/ running://index.html'.
App Detect Drop Packet
Description
Set a traffic policy with action drop for all the packets matching an appid specified by a traffic selector.
Enable http-host and http-url option in system conntrack appdetect path in order to see relevant information about http packets.
Finnally, log that packets with app-id option and check that appdetect field appear in journal when
running system journal show
Scenario
Step 1: Set the following configuration in DUT0:
set interfaces ethernet eth1 address 10.215.168.64/24 set interfaces ethernet eth1 traffic policy out DROP set system conntrack app-detect dictionary 130 custom app-id 155 fqdn 10.215.168.1 set system conntrack app-detect enable_dict_match_priv_ip set system conntrack app-detect http-host set system conntrack app-detect http-url set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0' set traffic policy DROP rule 1 action drop set traffic policy DROP rule 1 log app-id set traffic policy DROP rule 1 selector APPID set traffic selector APPID rule 1 app-id custom 155
Step 2: Ping IP address 10.215.168.1 from DUT0:
admin@DUT0$ ping 10.215.168.1 count 1 size 56 timeout 1Show output
PING 10.215.168.1 (10.215.168.1) 56(84) bytes of data. 64 bytes from 10.215.168.1: icmp_seq=1 ttl=64 time=0.273 ms --- 10.215.168.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.273/0.273/0.273/0.000 ms
Step 3: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
osdx kernel:.*APPDETECT\[U:155 http-url:/~robot/ http-host:10.215.168.1\]Show output
Dec 03 15:55:21.328806 osdx systemd-journald[367964]: Runtime Journal (/run/log/journal/d3b584433ca54f4e84c38003c593de3f) is 2.1M, max 15.3M, 13.2M free. Dec 03 15:55:21.331027 osdx systemd-journald[367964]: Received client request to rotate journal, rotating. Dec 03 15:55:21.331111 osdx systemd-journald[367964]: Vacuuming done, freed 0B of archived journals from /run/log/journal/d3b584433ca54f4e84c38003c593de3f. Dec 03 15:55:21.351953 osdx OSDxCLI[367824]: User 'admin' executed a new command: 'system journal clear'. Dec 03 15:55:21.772542 osdx osdx-coredump[410011]: Deleting all coredumps in /opt/vyatta/etc/config/coredump... Dec 03 15:55:21.780397 osdx OSDxCLI[367824]: User 'admin' executed a new command: 'system coredump delete all'. Dec 03 15:55:22.161306 osdx zebra[1599]: [RZ3YY-GPH41][EC 100663310] snmp[warning]: Warning: Failed to connect to the agentx master agent ([NIL]): Dec 03 15:55:22.354400 osdx OSDxCLI[367824]: User 'admin' entered the configuration menu. Dec 03 15:55:22.466701 osdx OSDxCLI[367824]: User 'admin' added a new cfg line: 'set system conntrack app-detect dictionary 130 custom app-id 155 fqdn 10.215.168.1'. Dec 03 15:55:22.525945 osdx OSDxCLI[367824]: User 'admin' added a new cfg line: 'set system conntrack app-detect enable_dict_match_priv_ip'. Dec 03 15:55:22.623003 osdx OSDxCLI[367824]: User 'admin' added a new cfg line: 'set system conntrack app-detect http-url'. Dec 03 15:55:22.690390 osdx OSDxCLI[367824]: User 'admin' added a new cfg line: 'set traffic selector APPID rule 1 app-id custom 155'. Dec 03 15:55:22.789152 osdx OSDxCLI[367824]: User 'admin' added a new cfg line: 'set traffic policy DROP rule 1 selector APPID'. Dec 03 15:55:22.846476 osdx OSDxCLI[367824]: User 'admin' added a new cfg line: 'set traffic policy DROP rule 1 action drop'. Dec 03 15:55:22.944202 osdx OSDxCLI[367824]: User 'admin' added a new cfg line: 'set traffic policy DROP rule 1 log app-id'. Dec 03 15:55:23.019183 osdx OSDxCLI[367824]: User 'admin' added a new cfg line: 'set interfaces ethernet eth1 traffic policy out DROP'. Dec 03 15:55:23.102223 osdx OSDxCLI[367824]: User 'admin' added a new cfg line: 'set interfaces ethernet eth1 address 10.215.168.64/24'. Dec 03 15:55:23.160900 osdx OSDxCLI[367824]: User 'admin' added a new cfg line: 'set system conntrack app-detect http-host'. Dec 03 15:55:23.288727 osdx OSDxCLI[367824]: User 'admin' added a new cfg line: 'show working'. Dec 03 15:55:23.303927 osdx zebra[1599]: [RZ3YY-GPH41][EC 100663310] snmp[warning]: Warning: Failed to connect to the agentx master agent ([NIL]): Dec 03 15:55:23.563009 osdx kernel: app-detect: module init Dec 03 15:55:23.563061 osdx kernel: app-detect: registered: sysctl net.appdetect Dec 03 15:55:23.563076 osdx kernel: app-detect: expression init Dec 03 15:55:23.563089 osdx kernel: app-detect: appid cache initialized Dec 03 15:55:23.563097 osdx kernel: app-detect: appid cache changes counter initialized Dec 03 15:55:23.607016 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth1 Dec 03 15:55:23.872409 osdx cfgd[1634]: [367824]Completed change to active configuration Dec 03 15:55:23.905532 osdx OSDxCLI[367824]: User 'admin' committed the configuration. Dec 03 15:55:23.935182 osdx OSDxCLI[367824]: User 'admin' left the configuration menu. Dec 03 15:55:24.076739 osdx OSDxCLI[367824]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'. Dec 03 15:55:24.223576 osdx file_operation[410193]: using src url: http://10.215.168.1/~robot/ dst url: running://index.html Dec 03 15:55:24.227020 osdx kernel: [DROP-1] DROP IN= OUT=eth1 SRC=10.215.168.64 DST=10.215.168.1 LEN=306 TOS=0x00 PREC=0x00 TTL=64 ID=63383 DF PROTO=TCP SPT=42516 DPT=80 WINDOW=502 RES=0x00 ACK PSH URGP=0 APPDETECT[U:155 http-url:/~robot/ http-host:10.215.168.1] Dec 03 15:55:24.431022 osdx kernel: [DROP-1] DROP IN= OUT=eth1 SRC=10.215.168.64 DST=10.215.168.1 LEN=306 TOS=0x00 PREC=0x00 TTL=64 ID=63384 DF PROTO=TCP SPT=42516 DPT=80 WINDOW=502 RES=0x00 ACK PSH URGP=0 APPDETECT[U:155 http-url:/~robot/ http-host:10.215.168.1] Dec 03 15:55:24.839053 osdx kernel: [DROP-1] DROP IN= OUT=eth1 SRC=10.215.168.64 DST=10.215.168.1 LEN=306 TOS=0x00 PREC=0x00 TTL=64 ID=63385 DF PROTO=TCP SPT=42516 DPT=80 WINDOW=502 RES=0x00 ACK PSH URGP=0 APPDETECT[U:155 http-url:/~robot/ http-host:10.215.168.1] Dec 03 15:55:25.671091 osdx kernel: [DROP-1] DROP IN= OUT=eth1 SRC=10.215.168.64 DST=10.215.168.1 LEN=306 TOS=0x00 PREC=0x00 TTL=64 ID=63386 DF PROTO=TCP SPT=42516 DPT=80 WINDOW=502 RES=0x00 ACK PSH URGP=0 APPDETECT[U:155 http-url:/~robot/ http-host:10.215.168.1] Dec 03 15:55:26.157476 osdx zebra[1599]: [RZ3YY-GPH41][EC 100663310] snmp[warning]: Warning: Failed to connect to the agentx master agent ([NIL]): Dec 03 15:55:27.213937 osdx file_operation.py[410193]: Operation aborted by user. Dec 03 15:55:27.227018 osdx kernel: [DROP-1] DROP IN= OUT=eth1 SRC=10.215.168.64 DST=10.215.168.1 LEN=306 TOS=0x00 PREC=0x00 TTL=64 ID=63387 DF PROTO=TCP SPT=42516 DPT=80 WINDOW=502 RES=0x00 ACK PSH FIN URGP=0 APPDETECT[U:155 http-url:/~robot/ http-host:10.215.168.1] Dec 03 15:55:27.231330 osdx OSDxCLI[367824]: User 'admin' executed a new command: 'file copy http://10.215.168.1/~robot/ running://index.html'. Dec 03 15:55:27.307014 osdx kernel: [DROP-1] DROP IN= OUT=eth1 SRC=10.215.168.64 DST=10.215.168.1 LEN=306 TOS=0x00 PREC=0x00 TTL=64 ID=63388 DF PROTO=TCP SPT=42516 DPT=80 WINDOW=502 RES=0x00 ACK PSH FIN URGP=0 APPDETECT[U:155 http-url:/~robot/ http-host:10.215.168.1]