Logging
The following scenarios show how to configure the conntrack logging option with different traffic policies and services enabled, in order to check that all fields are displayed correctly and all events are captured.
New events
Description
Check NEW sessions events are captured
Scenario
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 192.168.100.1/24 set system conntrack logging events new set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 2: Set the following configuration in DUT1 :
set interfaces ethernet eth0 address 192.168.100.2/24 set protocols static route 0.0.0.0/0 next-hop 192.168.100.1 set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 3: Ping the IP address 192.168.100.1 from DUT1:
admin@DUT1$ ping 192.168.100.1 count 1 size 56 timeout 1Show output
PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data. 64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.318 ms --- 192.168.100.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.318/0.318/0.318/0.000 ms
Step 4: Ping the IP address 192.168.100.1 from DUT1:
admin@DUT1$ ping 192.168.100.1 count 1 size 56 timeout 1Show output
PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data. 64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.351 ms --- 192.168.100.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.351/0.351/0.351/0.000 ms
Step 5: Run the command system journal show | cat on DUT0 and check whether the output matches the following regular expressions:
ulogd\[.*\]:.*\[NEW\].*SRC=192.168.100.2Show output
May 19 15:37:16.000171 osdx systemd-timedated[436725]: Changed local time to Tue 2026-05-19 15:37:16 UTC May 19 15:37:16.001256 osdx OSDxCLI[455728]: User 'admin' executed a new command: 'set date 2026-05-19 15:37:16'. May 19 15:37:16.002298 osdx systemd-journald[2275]: Time jumped backwards, rotating. May 19 15:37:16.281725 osdx systemd-journald[2275]: Runtime Journal (/run/log/journal/d1b141b298644f3ea5560bad25bf4943) is 1.8M, max 13.8M, 11.9M free. May 19 15:37:16.282304 osdx systemd-journald[2275]: Received client request to rotate journal, rotating. May 19 15:37:16.282338 osdx systemd-journald[2275]: Vacuuming done, freed 0B of archived journals from /run/log/journal/d1b141b298644f3ea5560bad25bf4943. May 19 15:37:16.290608 osdx OSDxCLI[455728]: User 'admin' executed a new command: 'system journal clear'. May 19 15:37:16.480383 osdx OSDxCLI[455728]: User 'admin' executed a new command: 'system coredump delete all'. May 19 15:37:16.720265 osdx OSDxCLI[455728]: User 'admin' entered the configuration menu. May 19 15:37:16.797145 osdx OSDxCLI[455728]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 192.168.100.1/24'. May 19 15:37:16.864593 osdx OSDxCLI[455728]: User 'admin' added a new cfg line: 'set system conntrack logging events new'. May 19 15:37:16.923545 osdx OSDxCLI[455728]: User 'admin' added a new cfg line: 'show working'. May 19 15:37:17.014805 osdx ubnt-cfgd[458503]: inactive May 19 15:37:17.032371 osdx INFO[458510]: FRR daemons did not change May 19 15:37:17.066306 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 May 19 15:37:17.112486 osdx WARNING[458584]: No supported link modes on interface eth0 May 19 15:37:17.113923 osdx modulelauncher[458584]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on May 19 15:37:17.113935 osdx modulelauncher[458584]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76. May 19 15:37:17.115169 osdx modulelauncher[458584]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off -- May 19 15:37:17.115177 osdx modulelauncher[458584]: Command '/sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off --' returned non-zero exit status 75. May 19 15:37:17.154933 osdx systemd[1]: Starting ulogd2.service - Netfilter Userspace Logging Daemon... May 19 15:37:17.156560 osdx systemd[1]: Started ulogd2.service - Netfilter Userspace Logging Daemon. May 19 15:37:17.156929 osdx ulogd[458604]: registering plugin `NFCT' May 19 15:37:17.157024 osdx ulogd[458604]: registering plugin `IP2STR' May 19 15:37:17.157111 osdx ulogd[458604]: registering plugin `PRINTFLOW' May 19 15:37:17.157205 osdx ulogd[458604]: registering plugin `SYSLOG' May 19 15:37:17.157213 osdx ulogd[458604]: building new pluginstance stack: 'ct1:NFCT,ip2str1:IP2STR,print1:PRINTFLOW,sys1:SYSLOG' May 19 15:37:17.157311 osdx ulogd[458604]: NFCT plugin working in event mode May 19 15:37:17.157330 osdx ulogd[458604]: Changing UID / GID May 19 15:37:17.157503 osdx ulogd[458604]: initialization finished, entering main loop May 19 15:37:17.338038 osdx cfgd[1918]: [455728]Completed change to active configuration May 19 15:37:17.338633 osdx OSDxCLI[455728]: User 'admin' committed the configuration. May 19 15:37:17.360670 osdx OSDxCLI[455728]: User 'admin' left the configuration menu. May 19 15:37:18.251865 osdx ulogd[458604]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 May 19 15:37:18.324465 osdx ulogd[458604]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0
Update events
Description
Check UPDATE sessions events are captured
Scenario
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 192.168.100.1/24 set system conntrack logging events update set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 2: Set the following configuration in DUT1 :
set interfaces ethernet eth0 address 192.168.100.2/24 set protocols static route 0.0.0.0/0 next-hop 192.168.100.1 set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 3: Ping the IP address 192.168.100.1 from DUT1:
admin@DUT1$ ping 192.168.100.1 count 1 size 56 timeout 1Show output
PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data. 64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.502 ms --- 192.168.100.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.502/0.502/0.502/0.000 ms
Step 4: Ping the IP address 192.168.100.1 from DUT1:
admin@DUT1$ ping 192.168.100.1 count 1 size 56 timeout 1Show output
PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data. 64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.443 ms --- 192.168.100.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.443/0.443/0.443/0.000 ms
Step 5: Run the command system journal show | cat on DUT0 and check whether the output matches the following regular expressions:
ulogd\[.*\]:.*\[UPDATE\].*SRC=192.168.100.2Show output
May 19 15:37:23.284255 osdx systemd-journald[2275]: Runtime Journal (/run/log/journal/d1b141b298644f3ea5560bad25bf4943) is 1.9M, max 13.8M, 11.9M free. May 19 15:37:23.286159 osdx systemd-journald[2275]: Received client request to rotate journal, rotating. May 19 15:37:23.286203 osdx systemd-journald[2275]: Vacuuming done, freed 0B of archived journals from /run/log/journal/d1b141b298644f3ea5560bad25bf4943. May 19 15:37:23.294170 osdx OSDxCLI[455728]: User 'admin' executed a new command: 'system journal clear'. May 19 15:37:23.486658 osdx OSDxCLI[455728]: User 'admin' executed a new command: 'system coredump delete all'. May 19 15:37:23.688403 osdx OSDxCLI[455728]: User 'admin' entered the configuration menu. May 19 15:37:23.765935 osdx OSDxCLI[455728]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 192.168.100.1/24'. May 19 15:37:23.833801 osdx OSDxCLI[455728]: User 'admin' added a new cfg line: 'set system conntrack logging events update'. May 19 15:37:23.893136 osdx OSDxCLI[455728]: User 'admin' added a new cfg line: 'show working'. May 19 15:37:23.984612 osdx ubnt-cfgd[458845]: inactive May 19 15:37:24.002408 osdx INFO[458852]: FRR daemons did not change May 19 15:37:24.030164 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 May 19 15:37:24.072542 osdx WARNING[458926]: No supported link modes on interface eth0 May 19 15:37:24.073845 osdx modulelauncher[458926]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on May 19 15:37:24.073856 osdx modulelauncher[458926]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76. May 19 15:37:24.074957 osdx modulelauncher[458926]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off -- May 19 15:37:24.074964 osdx modulelauncher[458926]: Command '/sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off --' returned non-zero exit status 75. May 19 15:37:24.102621 osdx systemd[1]: Starting ulogd2.service - Netfilter Userspace Logging Daemon... May 19 15:37:24.103680 osdx systemd[1]: Started ulogd2.service - Netfilter Userspace Logging Daemon. May 19 15:37:24.103804 osdx ulogd[458946]: registering plugin `NFCT' May 19 15:37:24.103862 osdx ulogd[458946]: registering plugin `IP2STR' May 19 15:37:24.103908 osdx ulogd[458946]: registering plugin `PRINTFLOW' May 19 15:37:24.103960 osdx ulogd[458946]: registering plugin `SYSLOG' May 19 15:37:24.103965 osdx ulogd[458946]: building new pluginstance stack: 'ct1:NFCT,ip2str1:IP2STR,print1:PRINTFLOW,sys1:SYSLOG' May 19 15:37:24.104017 osdx ulogd[458946]: NFCT plugin working in event mode May 19 15:37:24.104029 osdx ulogd[458946]: Changing UID / GID May 19 15:37:24.104118 osdx ulogd[458946]: initialization finished, entering main loop May 19 15:37:24.290471 osdx cfgd[1918]: [455728]Completed change to active configuration May 19 15:37:24.291151 osdx OSDxCLI[455728]: User 'admin' committed the configuration. May 19 15:37:24.308167 osdx OSDxCLI[455728]: User 'admin' left the configuration menu. May 19 15:37:25.192403 osdx ulogd[458946]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 May 19 15:37:25.263517 osdx ulogd[458946]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0
Destroy events
Description
Check DESTROY sessions events are captured
Scenario
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 192.168.100.1/24 set service ssh set system conntrack logging events destroy set system conntrack timeout icmp 1 set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 2: Set the following configuration in DUT1 :
set interfaces ethernet eth0 address 192.168.100.2/24 set protocols static route 0.0.0.0/0 next-hop 192.168.100.1 set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 3: Ping the IP address 192.168.100.1 from DUT1:
admin@DUT1$ ping 192.168.100.1 count 1 size 56 timeout 1Show output
PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data. 64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.549 ms --- 192.168.100.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.549/0.549/0.549/0.000 ms
Step 4: Ping the IP address 192.168.100.1 from DUT1:
admin@DUT1$ ping 192.168.100.1 count 3 size 56 timeout 1Show output
PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data. 64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.377 ms 64 bytes from 192.168.100.1: icmp_seq=2 ttl=64 time=0.440 ms 64 bytes from 192.168.100.1: icmp_seq=3 ttl=64 time=0.508 ms --- 192.168.100.1 ping statistics --- 3 packets transmitted, 3 received, 0% packet loss, time 2028ms rtt min/avg/max/mdev = 0.377/0.441/0.508/0.053 ms
Step 5: Run the command system journal show | cat on DUT0 and check whether the output matches the following regular expressions:
ulogd\[.*\]:.*\[DESTROY\].*SRC=192.168.100.2Show output
May 19 15:37:29.272790 osdx systemd-journald[2275]: Runtime Journal (/run/log/journal/d1b141b298644f3ea5560bad25bf4943) is 1.9M, max 13.8M, 11.9M free. May 19 15:37:29.273637 osdx systemd-journald[2275]: Received client request to rotate journal, rotating. May 19 15:37:29.273698 osdx systemd-journald[2275]: Vacuuming done, freed 0B of archived journals from /run/log/journal/d1b141b298644f3ea5560bad25bf4943. May 19 15:37:29.281544 osdx OSDxCLI[455728]: User 'admin' executed a new command: 'system journal clear'. May 19 15:37:29.472560 osdx OSDxCLI[455728]: User 'admin' executed a new command: 'system coredump delete all'. May 19 15:37:29.672288 osdx OSDxCLI[455728]: User 'admin' entered the configuration menu. May 19 15:37:29.756998 osdx OSDxCLI[455728]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 192.168.100.1/24'. May 19 15:37:29.829922 osdx OSDxCLI[455728]: User 'admin' added a new cfg line: 'set system conntrack logging events destroy'. May 19 15:37:29.890083 osdx OSDxCLI[455728]: User 'admin' added a new cfg line: 'set system conntrack timeout icmp 1'. May 19 15:37:29.982541 osdx OSDxCLI[455728]: User 'admin' added a new cfg line: 'set service ssh'. May 19 15:37:30.043301 osdx OSDxCLI[455728]: User 'admin' added a new cfg line: 'show working'. May 19 15:37:30.134022 osdx ubnt-cfgd[459189]: inactive May 19 15:37:30.197489 osdx INFO[459211]: FRR daemons did not change May 19 15:37:30.273639 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 May 19 15:37:30.317586 osdx WARNING[459287]: No supported link modes on interface eth0 May 19 15:37:30.318884 osdx modulelauncher[459287]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on May 19 15:37:30.318894 osdx modulelauncher[459287]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76. May 19 15:37:30.320019 osdx modulelauncher[459287]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off -- May 19 15:37:30.320025 osdx modulelauncher[459287]: Command '/sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off --' returned non-zero exit status 75. May 19 15:37:30.374303 osdx systemd[1]: Starting ulogd2.service - Netfilter Userspace Logging Daemon... May 19 15:37:30.375916 osdx systemd[1]: Started ulogd2.service - Netfilter Userspace Logging Daemon. May 19 15:37:30.376280 osdx ulogd[459307]: registering plugin `NFCT' May 19 15:37:30.376383 osdx ulogd[459307]: registering plugin `IP2STR' May 19 15:37:30.376473 osdx ulogd[459307]: registering plugin `PRINTFLOW' May 19 15:37:30.376574 osdx ulogd[459307]: registering plugin `SYSLOG' May 19 15:37:30.376582 osdx ulogd[459307]: building new pluginstance stack: 'ct1:NFCT,ip2str1:IP2STR,print1:PRINTFLOW,sys1:SYSLOG' May 19 15:37:30.376696 osdx ulogd[459307]: NFCT plugin working in event mode May 19 15:37:30.376731 osdx ulogd[459307]: Changing UID / GID May 19 15:37:30.376915 osdx ulogd[459307]: initialization finished, entering main loop May 19 15:37:30.441862 osdx systemd[1]: Starting ssh.service - OpenBSD Secure Shell server... May 19 15:37:30.458673 osdx sshd[459328]: Server listening on 0.0.0.0 port 22. May 19 15:37:30.458721 osdx sshd[459328]: Server listening on :: port 22. May 19 15:37:30.458848 osdx systemd[1]: Started ssh.service - OpenBSD Secure Shell server. May 19 15:37:30.654086 osdx cfgd[1918]: [455728]Completed change to active configuration May 19 15:37:30.654841 osdx OSDxCLI[455728]: User 'admin' committed the configuration. May 19 15:37:30.675761 osdx OSDxCLI[455728]: User 'admin' left the configuration menu. May 19 15:37:32.638057 osdx ulogd[459307]: [DESTROY] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 May 19 15:37:33.662057 osdx ulogd[459307]: [DESTROY] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84
Default logging
Description
Set a simple configuration, send a ping command from one device to other
and check that default fields appear when running system journal show.
Scenario
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 192.168.100.1/24 set system conntrack logging events all set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 2: Set the following configuration in DUT1 :
set interfaces ethernet eth0 address 192.168.100.2/24 set protocols static route 0.0.0.0/0 next-hop 192.168.100.1 set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 3: Ping the IP address 192.168.100.1 from DUT1:
admin@DUT1$ ping 192.168.100.1 count 1 size 56 timeout 1Show output
PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data. 64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.770 ms --- 192.168.100.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.770/0.770/0.770/0.000 ms
Step 4: Ping the IP address 192.168.100.1 from DUT1:
admin@DUT1$ ping 192.168.100.1 count 1 size 56 timeout 1Show output
PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data. 64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.619 ms --- 192.168.100.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.619/0.619/0.619/0.000 ms
Step 5: Run the command system journal show | cat on DUT0 and check whether the output matches the following regular expressions:
ulogd\[.*\]:.*\[((NEW)|(UPDATE)|(DESTROY))\].*SRC=192.168.100.2Show output
May 19 15:37:41.283343 osdx systemd-journald[2275]: Runtime Journal (/run/log/journal/d1b141b298644f3ea5560bad25bf4943) is 1.8M, max 13.8M, 11.9M free. May 19 15:37:41.285992 osdx systemd-journald[2275]: Received client request to rotate journal, rotating. May 19 15:37:41.286050 osdx systemd-journald[2275]: Vacuuming done, freed 0B of archived journals from /run/log/journal/d1b141b298644f3ea5560bad25bf4943. May 19 15:37:41.292076 osdx OSDxCLI[455728]: User 'admin' executed a new command: 'system journal clear'. May 19 15:37:41.483380 osdx OSDxCLI[455728]: User 'admin' executed a new command: 'system coredump delete all'. May 19 15:37:41.679646 osdx OSDxCLI[455728]: User 'admin' entered the configuration menu. May 19 15:37:41.758345 osdx OSDxCLI[455728]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 192.168.100.1/24'. May 19 15:37:41.841501 osdx OSDxCLI[455728]: User 'admin' added a new cfg line: 'set system conntrack logging events all'. May 19 15:37:41.938114 osdx OSDxCLI[455728]: User 'admin' added a new cfg line: 'show working'. May 19 15:37:41.992601 osdx ubnt-cfgd[459594]: inactive May 19 15:37:42.011210 osdx INFO[459601]: FRR daemons did not change May 19 15:37:42.042054 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 May 19 15:37:42.082676 osdx WARNING[459675]: No supported link modes on interface eth0 May 19 15:37:42.084037 osdx modulelauncher[459675]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on May 19 15:37:42.084049 osdx modulelauncher[459675]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76. May 19 15:37:42.085159 osdx modulelauncher[459675]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off -- May 19 15:37:42.085165 osdx modulelauncher[459675]: Command '/sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off --' returned non-zero exit status 75. May 19 15:37:42.130319 osdx systemd[1]: Starting ulogd2.service - Netfilter Userspace Logging Daemon... May 19 15:37:42.131082 osdx systemd[1]: Started ulogd2.service - Netfilter Userspace Logging Daemon. May 19 15:37:42.131225 osdx ulogd[459695]: registering plugin `NFCT' May 19 15:37:42.131260 osdx ulogd[459695]: registering plugin `IP2STR' May 19 15:37:42.131292 osdx ulogd[459695]: registering plugin `PRINTFLOW' May 19 15:37:42.131329 osdx ulogd[459695]: registering plugin `SYSLOG' May 19 15:37:42.131332 osdx ulogd[459695]: building new pluginstance stack: 'ct1:NFCT,ip2str1:IP2STR,print1:PRINTFLOW,sys1:SYSLOG' May 19 15:37:42.131372 osdx ulogd[459695]: NFCT plugin working in event mode May 19 15:37:42.131378 osdx ulogd[459695]: Changing UID / GID May 19 15:37:42.131443 osdx ulogd[459695]: initialization finished, entering main loop May 19 15:37:42.297200 osdx cfgd[1918]: [455728]Completed change to active configuration May 19 15:37:42.297618 osdx OSDxCLI[455728]: User 'admin' committed the configuration. May 19 15:37:42.311950 osdx OSDxCLI[455728]: User 'admin' left the configuration menu. May 19 15:37:43.210281 osdx ulogd[459695]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 May 19 15:37:43.210310 osdx ulogd[459695]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 May 19 15:37:43.287237 osdx ulogd[459695]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 May 19 15:37:43.287255 osdx ulogd[459695]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0
Identity logging
Description
Set a simple configuration with identity OSDx_DUT0 for logs entries, send a ping command from one device to other
and check that the identity has changed when running system journal show.
Scenario
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 192.168.100.1/24 set system conntrack logging events all set system conntrack logging identity OSDx_DUT0 set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 2: Set the following configuration in DUT1 :
set interfaces ethernet eth0 address 192.168.100.2/24 set protocols static route 0.0.0.0/0 next-hop 192.168.100.1 set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 3: Ping the IP address 192.168.100.1 from DUT1:
admin@DUT1$ ping 192.168.100.1 count 1 size 56 timeout 1Show output
PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data. 64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.499 ms --- 192.168.100.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.499/0.499/0.499/0.000 ms
Step 4: Ping the IP address 192.168.100.1 from DUT1:
admin@DUT1$ ping 192.168.100.1 count 1 size 56 timeout 1Show output
PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data. 64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.369 ms --- 192.168.100.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.369/0.369/0.369/0.000 ms
Step 5: Run the command system journal show | cat on DUT0 and check whether the output matches the following regular expressions:
OSDx_DUT0\[.*\]:.*\[((NEW)|(UPDATE)|(DESTROY))\].*SRC=192.168.100.2Show output
May 19 15:37:48.282752 osdx systemd-journald[2275]: Runtime Journal (/run/log/journal/d1b141b298644f3ea5560bad25bf4943) is 1.8M, max 13.8M, 11.9M free. May 19 15:37:48.284796 osdx systemd-journald[2275]: Received client request to rotate journal, rotating. May 19 15:37:48.284842 osdx systemd-journald[2275]: Vacuuming done, freed 0B of archived journals from /run/log/journal/d1b141b298644f3ea5560bad25bf4943. May 19 15:37:48.292284 osdx OSDxCLI[455728]: User 'admin' executed a new command: 'system journal clear'. May 19 15:37:48.491890 osdx OSDxCLI[455728]: User 'admin' executed a new command: 'system coredump delete all'. May 19 15:37:48.699807 osdx OSDxCLI[455728]: User 'admin' entered the configuration menu. May 19 15:37:48.779102 osdx OSDxCLI[455728]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 192.168.100.1/24'. May 19 15:37:48.848241 osdx OSDxCLI[455728]: User 'admin' added a new cfg line: 'set system conntrack logging events all'. May 19 15:37:48.899394 osdx OSDxCLI[455728]: User 'admin' added a new cfg line: 'set system conntrack logging identity OSDx_DUT0'. May 19 15:37:49.003834 osdx OSDxCLI[455728]: User 'admin' added a new cfg line: 'show working'. May 19 15:37:49.061206 osdx ubnt-cfgd[459937]: inactive May 19 15:37:49.078631 osdx INFO[459944]: FRR daemons did not change May 19 15:37:49.108724 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 May 19 15:37:49.153672 osdx WARNING[460018]: No supported link modes on interface eth0 May 19 15:37:49.155256 osdx modulelauncher[460018]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on May 19 15:37:49.155267 osdx modulelauncher[460018]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76. May 19 15:37:49.156550 osdx modulelauncher[460018]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off -- May 19 15:37:49.156557 osdx modulelauncher[460018]: Command '/sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off --' returned non-zero exit status 75. May 19 15:37:49.213218 osdx systemd[1]: Starting ulogd2.service - Netfilter Userspace Logging Daemon... May 19 15:37:49.214379 osdx systemd[1]: Started ulogd2.service - Netfilter Userspace Logging Daemon. May 19 15:37:49.214628 osdx ulogd[460038]: registering plugin `NFCT' May 19 15:37:49.214702 osdx ulogd[460038]: registering plugin `IP2STR' May 19 15:37:49.214768 osdx ulogd[460038]: registering plugin `PRINTFLOW' May 19 15:37:49.214843 osdx ulogd[460038]: registering plugin `SYSLOG' May 19 15:37:49.214850 osdx ulogd[460038]: building new pluginstance stack: 'ct1:NFCT,ip2str1:IP2STR,print1:PRINTFLOW,sys1:SYSLOG' May 19 15:37:49.214938 osdx ulogd[460038]: NFCT plugin working in event mode May 19 15:37:49.214954 osdx OSDx_DUT0[460038]: Changing UID / GID May 19 15:37:49.215091 osdx OSDx_DUT0[460038]: initialization finished, entering main loop May 19 15:37:49.411062 osdx cfgd[1918]: [455728]Completed change to active configuration May 19 15:37:49.412057 osdx OSDxCLI[455728]: User 'admin' committed the configuration. May 19 15:37:49.436912 osdx OSDxCLI[455728]: User 'admin' left the configuration menu. May 19 15:37:50.412298 osdx OSDx_DUT0[460038]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 May 19 15:37:50.412315 osdx OSDx_DUT0[460038]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 May 19 15:37:50.486671 osdx OSDx_DUT0[460038]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 May 19 15:37:50.486690 osdx OSDx_DUT0[460038]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0
Note
If the identity is not provided, “ulogd” will be used by default.
Step 6: Modify the following configuration lines in DUT0 :
delete system conntrack logging identity
Step 7: Ping the IP address 192.168.100.1 from DUT1:
admin@DUT1$ ping 192.168.100.1 count 1 size 56 timeout 1Show output
PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data. 64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.358 ms --- 192.168.100.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.358/0.358/0.358/0.000 ms
Step 8: Run the command system journal show | cat on DUT0 and check whether the output matches the following regular expressions:
ulogd\[.*\]:.*\[((NEW)|(UPDATE)|(DESTROY))\].*SRC=192.168.100.2Show output
May 19 15:37:48.282752 osdx systemd-journald[2275]: Runtime Journal (/run/log/journal/d1b141b298644f3ea5560bad25bf4943) is 1.8M, max 13.8M, 11.9M free. May 19 15:37:48.284796 osdx systemd-journald[2275]: Received client request to rotate journal, rotating. May 19 15:37:48.284842 osdx systemd-journald[2275]: Vacuuming done, freed 0B of archived journals from /run/log/journal/d1b141b298644f3ea5560bad25bf4943. May 19 15:37:48.292284 osdx OSDxCLI[455728]: User 'admin' executed a new command: 'system journal clear'. May 19 15:37:48.491890 osdx OSDxCLI[455728]: User 'admin' executed a new command: 'system coredump delete all'. May 19 15:37:48.699807 osdx OSDxCLI[455728]: User 'admin' entered the configuration menu. May 19 15:37:48.779102 osdx OSDxCLI[455728]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 192.168.100.1/24'. May 19 15:37:48.848241 osdx OSDxCLI[455728]: User 'admin' added a new cfg line: 'set system conntrack logging events all'. May 19 15:37:48.899394 osdx OSDxCLI[455728]: User 'admin' added a new cfg line: 'set system conntrack logging identity OSDx_DUT0'. May 19 15:37:49.003834 osdx OSDxCLI[455728]: User 'admin' added a new cfg line: 'show working'. May 19 15:37:49.061206 osdx ubnt-cfgd[459937]: inactive May 19 15:37:49.078631 osdx INFO[459944]: FRR daemons did not change May 19 15:37:49.108724 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 May 19 15:37:49.153672 osdx WARNING[460018]: No supported link modes on interface eth0 May 19 15:37:49.155256 osdx modulelauncher[460018]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on May 19 15:37:49.155267 osdx modulelauncher[460018]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76. May 19 15:37:49.156550 osdx modulelauncher[460018]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off -- May 19 15:37:49.156557 osdx modulelauncher[460018]: Command '/sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off --' returned non-zero exit status 75. May 19 15:37:49.213218 osdx systemd[1]: Starting ulogd2.service - Netfilter Userspace Logging Daemon... May 19 15:37:49.214379 osdx systemd[1]: Started ulogd2.service - Netfilter Userspace Logging Daemon. May 19 15:37:49.214628 osdx ulogd[460038]: registering plugin `NFCT' May 19 15:37:49.214702 osdx ulogd[460038]: registering plugin `IP2STR' May 19 15:37:49.214768 osdx ulogd[460038]: registering plugin `PRINTFLOW' May 19 15:37:49.214843 osdx ulogd[460038]: registering plugin `SYSLOG' May 19 15:37:49.214850 osdx ulogd[460038]: building new pluginstance stack: 'ct1:NFCT,ip2str1:IP2STR,print1:PRINTFLOW,sys1:SYSLOG' May 19 15:37:49.214938 osdx ulogd[460038]: NFCT plugin working in event mode May 19 15:37:49.214954 osdx OSDx_DUT0[460038]: Changing UID / GID May 19 15:37:49.215091 osdx OSDx_DUT0[460038]: initialization finished, entering main loop May 19 15:37:49.411062 osdx cfgd[1918]: [455728]Completed change to active configuration May 19 15:37:49.412057 osdx OSDxCLI[455728]: User 'admin' committed the configuration. May 19 15:37:49.436912 osdx OSDxCLI[455728]: User 'admin' left the configuration menu. May 19 15:37:50.412298 osdx OSDx_DUT0[460038]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 May 19 15:37:50.412315 osdx OSDx_DUT0[460038]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 May 19 15:37:50.486671 osdx OSDx_DUT0[460038]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 May 19 15:37:50.486690 osdx OSDx_DUT0[460038]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 May 19 15:37:50.598928 osdx OSDxCLI[455728]: User 'admin' executed a new command: 'system journal show | cat'. May 19 15:37:50.742115 osdx OSDxCLI[455728]: User 'admin' entered the configuration menu. May 19 15:37:50.797491 osdx OSDxCLI[455728]: User 'admin' added a new cfg line: 'delete system conntrack logging identity'. May 19 15:37:50.885270 osdx OSDxCLI[455728]: User 'admin' added a new cfg line: 'show changes'. May 19 15:37:50.948732 osdx ubnt-cfgd[460089]: inactive May 19 15:37:50.965805 osdx INFO[460096]: FRR daemons did not change May 19 15:37:50.974694 osdx systemd[1]: Stopping ulogd2.service - Netfilter Userspace Logging Daemon... May 19 15:37:50.974770 osdx OSDx_DUT0[460038]: Terminal signal received, exiting May 19 15:37:50.975107 osdx systemd[1]: ulogd2.service: Deactivated successfully. May 19 15:37:50.975197 osdx systemd[1]: Stopped ulogd2.service - Netfilter Userspace Logging Daemon. May 19 15:37:50.997023 osdx systemd[1]: Starting ulogd2.service - Netfilter Userspace Logging Daemon... May 19 15:37:50.997835 osdx systemd[1]: Started ulogd2.service - Netfilter Userspace Logging Daemon. May 19 15:37:50.997981 osdx ulogd[460104]: registering plugin `NFCT' May 19 15:37:50.998190 osdx ulogd[460104]: registering plugin `IP2STR' May 19 15:37:50.998235 osdx ulogd[460104]: registering plugin `PRINTFLOW' May 19 15:37:50.998279 osdx ulogd[460104]: registering plugin `SYSLOG' May 19 15:37:50.998283 osdx ulogd[460104]: building new pluginstance stack: 'ct1:NFCT,ip2str1:IP2STR,print1:PRINTFLOW,sys1:SYSLOG' May 19 15:37:50.998331 osdx ulogd[460104]: NFCT plugin working in event mode May 19 15:37:50.998342 osdx ulogd[460104]: Changing UID / GID May 19 15:37:50.998417 osdx ulogd[460104]: initialization finished, entering main loop May 19 15:37:51.004220 osdx ulogd[460104]: [DESTROY] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 May 19 15:37:51.004242 osdx ulogd[460104]: [DESTROY] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 May 19 15:37:51.004547 osdx cfgd[1918]: [455728]Completed change to active configuration May 19 15:37:51.005065 osdx OSDxCLI[455728]: User 'admin' committed the configuration. May 19 15:37:51.019895 osdx OSDxCLI[455728]: User 'admin' left the configuration menu. May 19 15:37:51.165117 osdx ulogd[460104]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 May 19 15:37:51.165135 osdx ulogd[460104]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0
Policies logging
Description
Set a simple configuration with mark and label traffic policies,
send a ping command from one device to other
and check that default, mark and label fields appear when running system journal show.
Scenario
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 192.168.100.1/24 set interfaces ethernet eth0 traffic policy in POLICY set system conntrack logging events all set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0' set traffic label TEST set traffic policy POLICY rule 1 set connmark 33 set traffic policy POLICY rule 1 set label TEST
Step 2: Set the following configuration in DUT1 :
set interfaces ethernet eth0 address 192.168.100.2/24 set protocols static route 0.0.0.0/0 next-hop 192.168.100.1 set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 3: Ping the IP address 192.168.100.1 from DUT1:
admin@DUT1$ ping 192.168.100.1 count 1 size 56 timeout 1Show output
PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data. 64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.702 ms --- 192.168.100.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.702/0.702/0.702/0.000 ms
Step 4: Ping the IP address 192.168.100.1 from DUT1:
admin@DUT1$ ping 192.168.100.1 count 2 size 56 timeout 1Show output
PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data. 64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.414 ms 64 bytes from 192.168.100.1: icmp_seq=2 ttl=64 time=0.199 ms --- 192.168.100.1 ping statistics --- 2 packets transmitted, 2 received, 0% packet loss, time 1023ms rtt min/avg/max/mdev = 0.199/0.306/0.414/0.107 ms
Step 5: Run the command system journal show | cat on DUT0 and check whether the output matches the following regular expressions:
ulogd\[.*\]:.*\[((NEW)|(UPDATE)|(DESTROY))\].*MARK=33.*LABELS=TESTShow output
May 19 15:37:55.282943 osdx systemd-journald[2275]: Runtime Journal (/run/log/journal/d1b141b298644f3ea5560bad25bf4943) is 1.8M, max 13.8M, 11.9M free. May 19 15:37:55.286447 osdx systemd-journald[2275]: Received client request to rotate journal, rotating. May 19 15:37:55.286501 osdx systemd-journald[2275]: Vacuuming done, freed 0B of archived journals from /run/log/journal/d1b141b298644f3ea5560bad25bf4943. May 19 15:37:55.291887 osdx OSDxCLI[455728]: User 'admin' executed a new command: 'system journal clear'. May 19 15:37:55.483594 osdx OSDxCLI[455728]: User 'admin' executed a new command: 'system coredump delete all'. May 19 15:37:55.682651 osdx OSDxCLI[455728]: User 'admin' entered the configuration menu. May 19 15:37:55.764101 osdx OSDxCLI[455728]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 traffic policy in POLICY'. May 19 15:37:55.830889 osdx OSDxCLI[455728]: User 'admin' added a new cfg line: 'set traffic label TEST'. May 19 15:37:55.885191 osdx OSDxCLI[455728]: User 'admin' added a new cfg line: 'set traffic policy POLICY rule 1 set connmark 33'. May 19 15:37:55.979662 osdx OSDxCLI[455728]: User 'admin' added a new cfg line: 'set traffic policy POLICY rule 1 set label TEST'. May 19 15:37:56.028782 osdx OSDxCLI[455728]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 192.168.100.1/24'. May 19 15:37:56.124639 osdx OSDxCLI[455728]: User 'admin' added a new cfg line: 'set system conntrack logging events all'. May 19 15:37:56.185607 osdx OSDxCLI[455728]: User 'admin' added a new cfg line: 'show working'. May 19 15:37:56.276668 osdx ubnt-cfgd[460312]: inactive May 19 15:37:56.306043 osdx INFO[460329]: FRR daemons did not change May 19 15:37:56.334447 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 May 19 15:37:56.375838 osdx WARNING[460403]: No supported link modes on interface eth0 May 19 15:37:56.377226 osdx modulelauncher[460403]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on May 19 15:37:56.377238 osdx modulelauncher[460403]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76. May 19 15:37:56.378352 osdx modulelauncher[460403]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off -- May 19 15:37:56.378359 osdx modulelauncher[460403]: Command '/sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off --' returned non-zero exit status 75. May 19 15:37:56.419076 osdx systemd[1]: Starting ulogd2.service - Netfilter Userspace Logging Daemon... May 19 15:37:56.420956 osdx systemd[1]: Started ulogd2.service - Netfilter Userspace Logging Daemon. May 19 15:37:56.421337 osdx ulogd[460423]: registering plugin `NFCT' May 19 15:37:56.421433 osdx ulogd[460423]: registering plugin `IP2STR' May 19 15:37:56.421520 osdx ulogd[460423]: registering plugin `PRINTFLOW' May 19 15:37:56.421618 osdx ulogd[460423]: registering plugin `SYSLOG' May 19 15:37:56.421630 osdx ulogd[460423]: building new pluginstance stack: 'ct1:NFCT,ip2str1:IP2STR,print1:PRINTFLOW,sys1:SYSLOG' May 19 15:37:56.421772 osdx ulogd[460423]: NFCT plugin working in event mode May 19 15:37:56.421793 osdx ulogd[460423]: Changing UID / GID May 19 15:37:56.421986 osdx ulogd[460423]: initialization finished, entering main loop May 19 15:37:56.439681 osdx ulogd[460423]: Terminal signal received, exiting May 19 15:37:56.439862 osdx systemd[1]: Stopping ulogd2.service - Netfilter Userspace Logging Daemon... May 19 15:37:56.440228 osdx systemd[1]: ulogd2.service: Deactivated successfully. May 19 15:37:56.440350 osdx systemd[1]: Stopped ulogd2.service - Netfilter Userspace Logging Daemon. May 19 15:37:56.441971 osdx systemd[1]: Starting ulogd2.service - Netfilter Userspace Logging Daemon... May 19 15:37:56.442628 osdx systemd[1]: Started ulogd2.service - Netfilter Userspace Logging Daemon. May 19 15:37:56.442745 osdx ulogd[460429]: registering plugin `NFCT' May 19 15:37:56.442782 osdx ulogd[460429]: registering plugin `IP2STR' May 19 15:37:56.442820 osdx ulogd[460429]: registering plugin `PRINTFLOW' May 19 15:37:56.442863 osdx ulogd[460429]: registering plugin `SYSLOG' May 19 15:37:56.442866 osdx ulogd[460429]: building new pluginstance stack: 'ct1:NFCT,ip2str1:IP2STR,print1:PRINTFLOW,sys1:SYSLOG' May 19 15:37:56.442907 osdx ulogd[460429]: NFCT plugin working in event mode May 19 15:37:56.442918 osdx ulogd[460429]: Changing UID / GID May 19 15:37:56.442990 osdx ulogd[460429]: initialization finished, entering main loop May 19 15:37:56.881563 osdx cfgd[1918]: [455728]Completed change to active configuration May 19 15:37:56.882952 osdx OSDxCLI[455728]: User 'admin' committed the configuration. May 19 15:37:56.914891 osdx OSDxCLI[455728]: User 'admin' left the configuration menu. May 19 15:37:57.850206 osdx ulogd[460429]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 MARK=33 LABELS=TEST May 19 15:37:57.850225 osdx ulogd[460429]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 MARK=33 May 19 15:37:57.923512 osdx ulogd[460429]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 MARK=33 LABELS=TEST May 19 15:37:57.923533 osdx ulogd[460429]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 MARK=33
VRF logging
Description
Set a simple configuration with a vrf,
send a ping command from one device to other
and check that default and vrf fields appear when running system journal show.
Scenario
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 192.168.100.1/24 set interfaces ethernet eth0 vrf RED set protocols vrf RED static route 0.0.0.0/0 next-hop 192.168.100.2 set system conntrack logging events all set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0' set system vrf RED
Step 2: Set the following configuration in DUT1 :
set interfaces ethernet eth0 address 192.168.100.2/24 set protocols static route 0.0.0.0/0 next-hop 192.168.100.1 set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 3: Ping the IP address 192.168.100.1 from DUT1:
admin@DUT1$ ping 192.168.100.1 count 1 size 56 timeout 1Show output
PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data. 64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.530 ms --- 192.168.100.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.530/0.530/0.530/0.000 ms
Step 4: Ping the IP address 192.168.100.1 from DUT1:
admin@DUT1$ ping 192.168.100.1 count 1 size 56 timeout 1Show output
PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data. 64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.224 ms --- 192.168.100.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.224/0.224/0.224/0.000 ms
Step 5: Run the command system journal show | cat on DUT0 and check whether the output matches the following regular expressions:
ulogd\[.*\]:.*\[((NEW)|(UPDATE)|(DESTROY))\].*VRF=REDShow output
May 19 15:38:03.282993 osdx systemd-journald[2275]: Runtime Journal (/run/log/journal/d1b141b298644f3ea5560bad25bf4943) is 1.8M, max 13.8M, 11.9M free. May 19 15:38:03.286273 osdx systemd-journald[2275]: Received client request to rotate journal, rotating. May 19 15:38:03.286317 osdx systemd-journald[2275]: Vacuuming done, freed 0B of archived journals from /run/log/journal/d1b141b298644f3ea5560bad25bf4943. May 19 15:38:03.291860 osdx OSDxCLI[455728]: User 'admin' executed a new command: 'system journal clear'. May 19 15:38:03.483618 osdx OSDxCLI[455728]: User 'admin' executed a new command: 'system coredump delete all'. May 19 15:38:03.682079 osdx OSDxCLI[455728]: User 'admin' entered the configuration menu. May 19 15:38:03.763257 osdx OSDxCLI[455728]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 vrf RED'. May 19 15:38:03.840025 osdx OSDxCLI[455728]: User 'admin' added a new cfg line: 'set protocols vrf RED static route 0.0.0.0/0 next-hop 192.168.100.2'. May 19 15:38:03.888019 osdx OSDxCLI[455728]: User 'admin' added a new cfg line: 'set system vrf RED'. May 19 15:38:03.986243 osdx OSDxCLI[455728]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 192.168.100.1/24'. May 19 15:38:04.037501 osdx OSDxCLI[455728]: User 'admin' added a new cfg line: 'set system conntrack logging events all'. May 19 15:38:04.142445 osdx OSDxCLI[455728]: User 'admin' added a new cfg line: 'show working'. May 19 15:38:04.197818 osdx ubnt-cfgd[460719]: inactive May 19 15:38:04.217845 osdx INFO[460726]: FRR daemons did not change May 19 15:38:04.226195 osdx (udev-worker)[460736]: RED: Could not disable auto negotiation, ignoring: Operation not supported May 19 15:38:04.226214 osdx (udev-worker)[460736]: Network interface NamePolicy= disabled on kernel command line. May 19 15:38:04.262276 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 May 19 15:38:04.302883 osdx WARNING[460821]: No supported link modes on interface eth0 May 19 15:38:04.304205 osdx modulelauncher[460821]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on May 19 15:38:04.304216 osdx modulelauncher[460821]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76. May 19 15:38:04.305274 osdx modulelauncher[460821]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off -- May 19 15:38:04.305281 osdx modulelauncher[460821]: Command '/sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off --' returned non-zero exit status 75. May 19 15:38:04.314277 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 May 19 15:38:04.394944 osdx systemd[1]: Starting ulogd2.service - Netfilter Userspace Logging Daemon... May 19 15:38:04.396607 osdx systemd[1]: Started ulogd2.service - Netfilter Userspace Logging Daemon. May 19 15:38:04.396912 osdx ulogd[460902]: registering plugin `NFCT' May 19 15:38:04.397013 osdx ulogd[460902]: registering plugin `IP2STR' May 19 15:38:04.397101 osdx ulogd[460902]: registering plugin `PRINTFLOW' May 19 15:38:04.397198 osdx ulogd[460902]: registering plugin `SYSLOG' May 19 15:38:04.397206 osdx ulogd[460902]: building new pluginstance stack: 'ct1:NFCT,ip2str1:IP2STR,print1:PRINTFLOW,sys1:SYSLOG' May 19 15:38:04.397311 osdx ulogd[460902]: NFCT plugin working in event mode May 19 15:38:04.397332 osdx ulogd[460902]: Changing UID / GID May 19 15:38:04.397501 osdx ulogd[460902]: initialization finished, entering main loop May 19 15:38:04.574646 osdx cfgd[1918]: [455728]Completed change to active configuration May 19 15:38:04.575260 osdx OSDxCLI[455728]: User 'admin' committed the configuration. May 19 15:38:04.591928 osdx OSDxCLI[455728]: User 'admin' left the configuration menu. May 19 15:38:05.496108 osdx ulogd[460902]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 VRF=RED PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 VRF=RED PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 May 19 15:38:05.496126 osdx ulogd[460902]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 VRF=RED PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 VRF=RED PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 May 19 15:38:05.568654 osdx ulogd[460902]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 VRF=RED PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 VRF=RED PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 May 19 15:38:05.568673 osdx ulogd[460902]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 VRF=RED PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 VRF=RED PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0
Not-Bypass logging
Description
Set a simple configuration with a firewall service,
send a ping command from one device to other
and check that default and bypass fields appear when running system journal show.
Scenario
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 10.215.168.64/24 set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 2: Ping the IP address 10.215.168.1 from DUT0:
admin@DUT0$ ping 10.215.168.1 count 1 size 56 timeout 1Show output
PING 10.215.168.1 (10.215.168.1) 56(84) bytes of data. 64 bytes from 10.215.168.1: icmp_seq=1 ttl=64 time=0.634 ms --- 10.215.168.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.634/0.634/0.634/0.000 ms
Step 3: Run the command file copy http://10.215.168.1/~robot/test-performance.rules running:// force on DUT0 and expect the following output:
Show output
% Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 100 266 100 266 0 0 52413 0 --:--:-- --:--:-- --:--:-- 53200
Step 4: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 10.215.168.64/24 set interfaces ethernet eth0 address 192.168.100.1/24 set interfaces ethernet eth0 traffic policy in POLICY set service firewall FW mode inline queue FW_Q set service firewall FW ruleset file 'running://test-performance.rules' set service firewall FW stream bypass mark 129834765 set service firewall FW stream bypass mask 129834765 set service firewall FW stream bypass set-connmark set system conntrack logging events all set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0' set traffic policy POLICY rule 1 action enqueue FW_Q set traffic queue FW_Q elements 1
Step 5: Set the following configuration in DUT1 :
set interfaces ethernet eth0 address 192.168.100.2/24 set protocols static route 0.0.0.0/0 next-hop 192.168.100.1 set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 6: Ping the IP address 192.168.100.1 from DUT1:
admin@DUT1$ ping 192.168.100.1 count 1 size 56 timeout 1Show output
PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data. 64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.410 ms --- 192.168.100.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.410/0.410/0.410/0.000 ms
Step 7: Ping the IP address 192.168.100.1 from DUT1:
admin@DUT1$ ping 192.168.100.1 count 1 size 56 timeout 1Show output
PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data. 64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.266 ms --- 192.168.100.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.266/0.266/0.266/0.000 ms
Step 8: Run the command system journal show | cat on DUT0 and check whether the output matches the following regular expressions:
ulogd\[.*\]:.*\[((NEW)|(UPDATE)|(DESTROY))\].*Sc: not-bypassShow output
May 19 15:38:11.284862 osdx systemd-journald[2275]: Runtime Journal (/run/log/journal/d1b141b298644f3ea5560bad25bf4943) is 1.8M, max 13.8M, 11.9M free. May 19 15:38:11.285438 osdx systemd-journald[2275]: Received client request to rotate journal, rotating. May 19 15:38:11.285487 osdx systemd-journald[2275]: Vacuuming done, freed 0B of archived journals from /run/log/journal/d1b141b298644f3ea5560bad25bf4943. May 19 15:38:11.293762 osdx OSDxCLI[455728]: User 'admin' executed a new command: 'system journal clear'. May 19 15:38:11.486074 osdx OSDxCLI[455728]: User 'admin' executed a new command: 'system coredump delete all'. May 19 15:38:11.683810 osdx OSDxCLI[455728]: User 'admin' entered the configuration menu. May 19 15:38:11.805113 osdx OSDxCLI[455728]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. May 19 15:38:11.859767 osdx OSDxCLI[455728]: User 'admin' added a new cfg line: 'show working'. May 19 15:38:11.953469 osdx ubnt-cfgd[461229]: inactive May 19 15:38:11.970991 osdx INFO[461236]: FRR daemons did not change May 19 15:38:11.997441 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 May 19 15:38:12.043867 osdx WARNING[461307]: No supported link modes on interface eth0 May 19 15:38:12.045178 osdx modulelauncher[461307]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on May 19 15:38:12.045189 osdx modulelauncher[461307]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76. May 19 15:38:12.046290 osdx modulelauncher[461307]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off -- May 19 15:38:12.046298 osdx modulelauncher[461307]: Command '/sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off --' returned non-zero exit status 75. May 19 15:38:12.224717 osdx cfgd[1918]: [455728]Completed change to active configuration May 19 15:38:12.235029 osdx OSDxCLI[455728]: User 'admin' committed the configuration. May 19 15:38:12.253466 osdx OSDxCLI[455728]: User 'admin' left the configuration menu. May 19 15:38:12.417102 osdx OSDxCLI[455728]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'. May 19 15:38:12.538587 osdx file_operation[461373]: using src url: http://10.215.168.1/~robot/test-performance.rules dst url: running:// May 19 15:38:12.561828 osdx OSDxCLI[455728]: User 'admin' executed a new command: 'file copy http://10.215.168.1/~robot/test-performance.rules running:// force'. May 19 15:38:12.694838 osdx OSDxCLI[455728]: User 'admin' entered the configuration menu. May 19 15:38:12.753338 osdx OSDxCLI[455728]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 traffic policy in POLICY'. May 19 15:38:12.850500 osdx OSDxCLI[455728]: User 'admin' added a new cfg line: 'set service firewall FW mode inline queue FW_Q'. May 19 15:38:12.899214 osdx OSDxCLI[455728]: User 'admin' added a new cfg line: 'set service firewall FW ruleset file running://test-performance.rules'. May 19 15:38:12.992942 osdx OSDxCLI[455728]: User 'admin' added a new cfg line: 'set service firewall FW stream bypass'. May 19 15:38:13.043144 osdx OSDxCLI[455728]: User 'admin' added a new cfg line: 'set service firewall FW stream bypass mark 129834765'. May 19 15:38:13.139411 osdx OSDxCLI[455728]: User 'admin' added a new cfg line: 'set service firewall FW stream bypass mask 129834765'. May 19 15:38:13.190615 osdx OSDxCLI[455728]: User 'admin' added a new cfg line: 'set service firewall FW stream bypass set-connmark'. May 19 15:38:13.285685 osdx OSDxCLI[455728]: User 'admin' added a new cfg line: 'set traffic queue FW_Q elements 1'. May 19 15:38:13.337906 osdx OSDxCLI[455728]: User 'admin' added a new cfg line: 'set traffic policy POLICY rule 1 action enqueue FW_Q'. May 19 15:38:13.449907 osdx OSDxCLI[455728]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 192.168.100.1/24'. May 19 15:38:13.498084 osdx OSDxCLI[455728]: User 'admin' added a new cfg line: 'set system conntrack logging events all'. May 19 15:38:13.605574 osdx OSDxCLI[455728]: User 'admin' added a new cfg line: 'show working'. May 19 15:38:13.666244 osdx ubnt-cfgd[461408]: inactive May 19 15:38:13.704198 osdx INFO[461428]: FRR daemons did not change May 19 15:38:13.766052 osdx systemd[1]: Starting ulogd2.service - Netfilter Userspace Logging Daemon... May 19 15:38:13.767735 osdx systemd[1]: Started ulogd2.service - Netfilter Userspace Logging Daemon. May 19 15:38:13.768098 osdx ulogd[461468]: registering plugin `NFCT' May 19 15:38:13.768627 osdx ulogd[461468]: registering plugin `IP2STR' May 19 15:38:13.768741 osdx ulogd[461468]: registering plugin `PRINTFLOW' May 19 15:38:13.768847 osdx ulogd[461468]: registering plugin `SYSLOG' May 19 15:38:13.768862 osdx ulogd[461468]: building new pluginstance stack: 'ct1:NFCT,ip2str1:IP2STR,print1:PRINTFLOW,sys1:SYSLOG' May 19 15:38:13.768973 osdx ulogd[461468]: NFCT plugin working in event mode May 19 15:38:13.769092 osdx ulogd[461468]: Changing UID / GID May 19 15:38:13.769280 osdx ulogd[461468]: initialization finished, entering main loop May 19 15:38:13.990254 osdx ulogd[461468]: Terminal signal received, exiting May 19 15:38:13.990339 osdx systemd[1]: Stopping ulogd2.service - Netfilter Userspace Logging Daemon... May 19 15:38:13.990557 osdx systemd[1]: ulogd2.service: Deactivated successfully. May 19 15:38:13.990656 osdx systemd[1]: Stopped ulogd2.service - Netfilter Userspace Logging Daemon. May 19 15:38:14.030049 osdx systemd[1]: Starting ulogd2.service - Netfilter Userspace Logging Daemon... May 19 15:38:14.031537 osdx systemd[1]: Started ulogd2.service - Netfilter Userspace Logging Daemon. May 19 15:38:14.031881 osdx ulogd[461496]: registering plugin `NFCT' May 19 15:38:14.031955 osdx ulogd[461496]: registering plugin `IP2STR' May 19 15:38:14.032021 osdx ulogd[461496]: registering plugin `PRINTFLOW' May 19 15:38:14.032095 osdx ulogd[461496]: registering plugin `SYSLOG' May 19 15:38:14.032101 osdx ulogd[461496]: building new pluginstance stack: 'ct1:NFCT,ip2str1:IP2STR,print1:PRINTFLOW,sys1:SYSLOG' May 19 15:38:14.032175 osdx ulogd[461496]: NFCT plugin working in event mode May 19 15:38:14.032188 osdx ulogd[461496]: Changing UID / GID May 19 15:38:14.032306 osdx ulogd[461496]: initialization finished, entering main loop May 19 15:38:14.075022 osdx systemd[1]: Reloading. May 19 15:38:14.137436 osdx systemd-sysv-generator[461520]: stat() failed on /etc/init.d/README, ignoring: No such file or directory May 19 15:38:14.245760 osdx systemd[1]: Starting logrotate.service - Rotate log files... May 19 15:38:14.251610 osdx systemd[1]: Created slice system-suricata.slice - Slice /system/suricata. May 19 15:38:14.253049 osdx systemd[1]: Starting suricata@FW.service - Suricata client "FW" service... May 19 15:38:14.273045 osdx systemd[1]: logrotate.service: Deactivated successfully. May 19 15:38:14.273150 osdx systemd[1]: Finished logrotate.service - Rotate log files. May 19 15:38:14.510323 osdx systemd[1]: Started suricata@FW.service - Suricata client "FW" service. May 19 15:38:14.533229 osdx INFO[461498]: Rules successfully loaded May 19 15:38:14.574241 osdx cfgd[1918]: [455728]Completed change to active configuration May 19 15:38:14.574802 osdx OSDxCLI[455728]: User 'admin' committed the configuration. May 19 15:38:14.590856 osdx OSDxCLI[455728]: User 'admin' left the configuration menu. May 19 15:38:15.489129 osdx ulogd[461496]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 (Sc: not-bypass) May 19 15:38:15.489146 osdx ulogd[461496]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 (Sc: not-bypass) May 19 15:38:15.560967 osdx ulogd[461496]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 (Sc: not-bypass) May 19 15:38:15.560984 osdx ulogd[461496]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 (Sc: not-bypass)
Offload flag
Description
Set a simple configuration with DUT0 as an intermediary between DUT1
and DUT2. Initiate a ssh connection from DUT1 to DUT2
and check that default and offload fields appear when running system journal show.
Scenario
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 192.168.100.1/24 set interfaces ethernet eth0 address 192.168.200.1/24 set system conntrack logging events all set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 2: Set the following configuration in DUT1 :
set interfaces ethernet eth0 address 192.168.100.2/24 set protocols static route 0.0.0.0/0 next-hop 192.168.100.1 set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 3: Set the following configuration in DUT2 :
set interfaces ethernet eth0 address 192.168.200.2/24 set protocols static route 0.0.0.0/0 next-hop 192.168.200.1 set service ssh set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 4: Ping the IP address 192.168.100.1 from DUT1:
admin@DUT1$ ping 192.168.100.1 count 1 size 56 timeout 1Show output
PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data. 64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.589 ms --- 192.168.100.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.589/0.589/0.589/0.000 ms
Step 5: Ping the IP address 192.168.200.1 from DUT2:
admin@DUT2$ ping 192.168.200.1 count 1 size 56 timeout 1Show output
PING 192.168.200.1 (192.168.200.1) 56(84) bytes of data. 64 bytes from 192.168.200.1: icmp_seq=1 ttl=64 time=0.625 ms --- 192.168.200.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.625/0.625/0.625/0.000 ms
Step 6: Initiate an SSH connection from DUT1 to IP address 192.168.200.2 using user admin:
admin@DUT1$ ssh admin@192.168.200.2 option StrictHostKeyChecking=no option UserKnownHostsFile=/dev/nullShow output
Warning: Permanently added '192.168.200.2' (ECDSA) to the list of known hosts. admin@192.168.200.2's password: Welcome to Teldat OSDx v4.2.10.0 This system includes free software. Contact Teldat for licenses information and source code. Last login: Tue May 19 12:04:15 2026 admin@osdx$
Step 7: Run the command system journal show | cat on DUT0 and check whether the output matches the following regular expressions:
ulogd\[.*\]:.*\[((NEW)|(UPDATE)|(DESTROY))\].*\[OFFLOAD\]Show output
May 19 15:38:22.282891 osdx systemd-journald[2275]: Runtime Journal (/run/log/journal/d1b141b298644f3ea5560bad25bf4943) is 1.8M, max 13.8M, 11.9M free. May 19 15:38:22.285213 osdx systemd-journald[2275]: Received client request to rotate journal, rotating. May 19 15:38:22.285250 osdx systemd-journald[2275]: Vacuuming done, freed 0B of archived journals from /run/log/journal/d1b141b298644f3ea5560bad25bf4943. May 19 15:38:22.291552 osdx OSDxCLI[455728]: User 'admin' executed a new command: 'system journal clear'. May 19 15:38:22.482624 osdx OSDxCLI[455728]: User 'admin' executed a new command: 'system coredump delete all'. May 19 15:38:22.679592 osdx OSDxCLI[455728]: User 'admin' entered the configuration menu. May 19 15:38:22.758579 osdx OSDxCLI[455728]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 192.168.200.1/24'. May 19 15:38:22.825165 osdx OSDxCLI[455728]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 192.168.100.1/24'. May 19 15:38:22.920666 osdx OSDxCLI[455728]: User 'admin' added a new cfg line: 'set system conntrack logging events all'. May 19 15:38:22.979391 osdx OSDxCLI[455728]: User 'admin' added a new cfg line: 'show working'. May 19 15:38:23.070185 osdx ubnt-cfgd[461825]: inactive May 19 15:38:23.090244 osdx INFO[461832]: FRR daemons did not change May 19 15:38:23.129219 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 May 19 15:38:23.178526 osdx WARNING[461909]: No supported link modes on interface eth0 May 19 15:38:23.179831 osdx modulelauncher[461909]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on May 19 15:38:23.179841 osdx modulelauncher[461909]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76. May 19 15:38:23.180966 osdx modulelauncher[461909]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off -- May 19 15:38:23.180973 osdx modulelauncher[461909]: Command '/sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off --' returned non-zero exit status 75. May 19 15:38:23.217814 osdx systemd[1]: Starting ulogd2.service - Netfilter Userspace Logging Daemon... May 19 15:38:23.219547 osdx systemd[1]: Started ulogd2.service - Netfilter Userspace Logging Daemon. May 19 15:38:23.219878 osdx ulogd[461929]: registering plugin `NFCT' May 19 15:38:23.219982 osdx ulogd[461929]: registering plugin `IP2STR' May 19 15:38:23.220074 osdx ulogd[461929]: registering plugin `PRINTFLOW' May 19 15:38:23.220173 osdx ulogd[461929]: registering plugin `SYSLOG' May 19 15:38:23.220182 osdx ulogd[461929]: building new pluginstance stack: 'ct1:NFCT,ip2str1:IP2STR,print1:PRINTFLOW,sys1:SYSLOG' May 19 15:38:23.220287 osdx ulogd[461929]: NFCT plugin working in event mode May 19 15:38:23.220307 osdx ulogd[461929]: Changing UID / GID May 19 15:38:23.220492 osdx ulogd[461929]: initialization finished, entering main loop May 19 15:38:23.430976 osdx cfgd[1918]: [455728]Completed change to active configuration May 19 15:38:23.432092 osdx OSDxCLI[455728]: User 'admin' committed the configuration. May 19 15:38:23.452095 osdx OSDxCLI[455728]: User 'admin' left the configuration menu. May 19 15:38:25.363110 osdx ulogd[461929]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 May 19 15:38:25.363127 osdx ulogd[461929]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 May 19 15:38:25.440460 osdx ulogd[461929]: [NEW] ORIG: SRC=192.168.200.2 DST=192.168.200.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.200.1 DST=192.168.200.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 May 19 15:38:25.440483 osdx ulogd[461929]: [UPDATE] ORIG: SRC=192.168.200.2 DST=192.168.200.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.200.1 DST=192.168.200.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 May 19 15:38:25.510179 osdx ulogd[461929]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.200.2 PROTO=TCP SPT=41164 DPT=22 PKTS=0 BYTES=0 , REPLY: SRC=192.168.200.2 DST=192.168.100.2 PROTO=TCP SPT=22 DPT=41164 PKTS=0 BYTES=0 May 19 15:38:25.510357 osdx ulogd[461929]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.200.2 PROTO=TCP SPT=41164 DPT=22 PKTS=0 BYTES=0 , REPLY: SRC=192.168.200.2 DST=192.168.100.2 PROTO=TCP SPT=22 DPT=41164 PKTS=0 BYTES=0 May 19 15:38:25.510422 osdx ulogd[461929]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.200.2 PROTO=TCP SPT=41164 DPT=22 PKTS=0 BYTES=0 , REPLY: SRC=192.168.200.2 DST=192.168.100.2 PROTO=TCP SPT=22 DPT=41164 PKTS=0 BYTES=0 [OFFLOAD] May 19 15:38:25.767937 osdx ulogd[461929]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.200.2 PROTO=TCP SPT=41164 DPT=22 PKTS=0 BYTES=0 , REPLY: SRC=192.168.200.2 DST=192.168.100.2 PROTO=TCP SPT=22 DPT=41164 PKTS=0 BYTES=0 May 19 15:38:25.767963 osdx ulogd[461929]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.200.2 PROTO=TCP SPT=41164 DPT=22 PKTS=0 BYTES=0 , REPLY: SRC=192.168.200.2 DST=192.168.100.2 PROTO=TCP SPT=22 DPT=41164 PKTS=0 BYTES=0 May 19 15:38:25.768945 osdx ulogd[461929]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.200.2 PROTO=TCP SPT=41164 DPT=22 PKTS=0 BYTES=0 , REPLY: SRC=192.168.200.2 DST=192.168.100.2 PROTO=TCP SPT=22 DPT=41164 PKTS=0 BYTES=0 May 19 15:38:25.769029 osdx ulogd[461929]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.200.2 PROTO=TCP SPT=41164 DPT=22 PKTS=0 BYTES=0 , REPLY: SRC=192.168.200.2 DST=192.168.100.2 PROTO=TCP SPT=22 DPT=41164 PKTS=0 BYTES=0 [OFFLOAD]
App detect logging
Description
Set a simple configuration enabling app detection in system conntrack, send a ping command from DUT1
and check app detect field appears when running system journal show. After that, enabling app detection
in system conntrack for http host, try to copy index.html from a http server
and check that the app detect field appears and belongs to the http server when running system journal show.
Scenario
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 192.168.100.1/24 set system conntrack app-detect set system conntrack logging events all set system conntrack timeout icmp 1 set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 2: Set the following configuration in DUT1 :
set interfaces ethernet eth0 address 192.168.100.2/24 set protocols static route 0.0.0.0/0 next-hop 192.168.100.1 set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 3: Ping the IP address 192.168.100.1 from DUT1:
admin@DUT1$ ping 192.168.100.1 count 1 size 56 timeout 1Show output
PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data. 64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.537 ms --- 192.168.100.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.537/0.537/0.537/0.000 ms
Step 4: Ping the IP address 192.168.100.1 from DUT1:
admin@DUT1$ ping 192.168.100.1 count 3 size 56 timeout 1Show output
PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data. 64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.376 ms 64 bytes from 192.168.100.1: icmp_seq=2 ttl=64 time=0.248 ms 64 bytes from 192.168.100.1: icmp_seq=3 ttl=64 time=0.275 ms --- 192.168.100.1 ping statistics --- 3 packets transmitted, 3 received, 0% packet loss, time 2053ms rtt min/avg/max/mdev = 0.248/0.299/0.376/0.055 ms
Step 5: Run the command system journal show | cat on DUT0 and check whether the output matches the following regular expressions:
ulogd\[.*\]:.*\[NEW\].*APPDETECT\[L3:1\]Show output
May 19 15:38:30.281961 osdx systemd-journald[2275]: Runtime Journal (/run/log/journal/d1b141b298644f3ea5560bad25bf4943) is 1.8M, max 13.8M, 11.9M free. May 19 15:38:30.285092 osdx systemd-journald[2275]: Received client request to rotate journal, rotating. May 19 15:38:30.285143 osdx systemd-journald[2275]: Vacuuming done, freed 0B of archived journals from /run/log/journal/d1b141b298644f3ea5560bad25bf4943. May 19 15:38:30.291337 osdx OSDxCLI[455728]: User 'admin' executed a new command: 'system journal clear'. May 19 15:38:30.481698 osdx OSDxCLI[455728]: User 'admin' executed a new command: 'system coredump delete all'. May 19 15:38:30.682946 osdx OSDxCLI[455728]: User 'admin' entered the configuration menu. May 19 15:38:30.737624 osdx OSDxCLI[455728]: User 'admin' added a new cfg line: 'set system conntrack app-detect'. May 19 15:38:30.828382 osdx OSDxCLI[455728]: User 'admin' added a new cfg line: 'set system conntrack timeout icmp 1'. May 19 15:38:30.907263 osdx OSDxCLI[455728]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 192.168.100.1/24'. May 19 15:38:30.978479 osdx OSDxCLI[455728]: User 'admin' added a new cfg line: 'set system conntrack logging events all'. May 19 15:38:31.039247 osdx OSDxCLI[455728]: User 'admin' added a new cfg line: 'show working'. May 19 15:38:31.128814 osdx ubnt-cfgd[462173]: inactive May 19 15:38:31.146889 osdx INFO[462180]: FRR daemons did not change May 19 15:38:31.249106 osdx kernel: nfUDPlink: module init May 19 15:38:31.249173 osdx kernel: app-detect: module init May 19 15:38:31.249193 osdx kernel: app-detect: registered: sysctl net.appdetect May 19 15:38:31.249209 osdx kernel: nfUDPlink: connected 127.0.0.1:49000 May 19 15:38:31.249221 osdx kernel: nfUDPlink: added destination 127.0.0.1:49000 May 19 15:38:31.249232 osdx kernel: app-detect: registered: /proc/net/stat/appdetect May 19 15:38:31.253090 osdx kernel: app-detect: expression init May 19 15:38:31.253125 osdx kernel: app-detect: appid cache initialized (override=yes, chained=yes) May 19 15:38:31.253136 osdx kernel: app-detect: cache changes counter set appid_changes_count found (klen=4, dlen=4) May 19 15:38:31.260012 osdx modulelauncher[462183]: AppDetect: no appdetect_chain refresh needed, nothing more to do May 19 15:38:31.262582 osdx INFO[462208]: Stopping Traffic Categorization (TCATD) service ... May 19 15:38:31.301109 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 May 19 15:38:31.345795 osdx WARNING[462285]: No supported link modes on interface eth0 May 19 15:38:31.347100 osdx modulelauncher[462285]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on May 19 15:38:31.347111 osdx modulelauncher[462285]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76. May 19 15:38:31.348207 osdx modulelauncher[462285]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off -- May 19 15:38:31.348213 osdx modulelauncher[462285]: Command '/sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off --' returned non-zero exit status 75. May 19 15:38:31.401590 osdx systemd[1]: Starting ulogd2.service - Netfilter Userspace Logging Daemon... May 19 15:38:31.402900 osdx systemd[1]: Started ulogd2.service - Netfilter Userspace Logging Daemon. May 19 15:38:31.403170 osdx ulogd[462305]: registering plugin `NFCT' May 19 15:38:31.403245 osdx ulogd[462305]: registering plugin `IP2STR' May 19 15:38:31.403321 osdx ulogd[462305]: registering plugin `PRINTFLOW' May 19 15:38:31.403397 osdx ulogd[462305]: registering plugin `SYSLOG' May 19 15:38:31.403403 osdx ulogd[462305]: building new pluginstance stack: 'ct1:NFCT,ip2str1:IP2STR,print1:PRINTFLOW,sys1:SYSLOG' May 19 15:38:31.403482 osdx ulogd[462305]: NFCT plugin working in event mode May 19 15:38:31.403497 osdx ulogd[462305]: Changing UID / GID May 19 15:38:31.403625 osdx ulogd[462305]: initialization finished, entering main loop May 19 15:38:31.620589 osdx cfgd[1918]: [455728]Completed change to active configuration May 19 15:38:31.621719 osdx OSDxCLI[455728]: User 'admin' committed the configuration. May 19 15:38:31.641589 osdx OSDxCLI[455728]: User 'admin' left the configuration menu. May 19 15:38:32.537586 osdx ulogd[462305]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] May 19 15:38:32.537605 osdx ulogd[462305]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] May 19 15:38:32.608430 osdx ulogd[462305]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] May 19 15:38:32.608446 osdx ulogd[462305]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] May 19 15:38:33.637259 osdx ulogd[462305]: [DESTROY] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 APPDETECT[L3:1] May 19 15:38:33.637283 osdx ulogd[462305]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] May 19 15:38:33.637295 osdx ulogd[462305]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] May 19 15:38:34.661260 osdx ulogd[462305]: [DESTROY] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 APPDETECT[L3:1] May 19 15:38:34.661281 osdx ulogd[462305]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] May 19 15:38:34.661293 osdx ulogd[462305]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1]
Step 6: Run the command system journal show | cat on DUT0 and check whether the output matches the following regular expressions:
ulogd\[.*\]:.*\[UPDATE\].*APPDETECT\[L3:1\]Show output
May 19 15:38:30.281961 osdx systemd-journald[2275]: Runtime Journal (/run/log/journal/d1b141b298644f3ea5560bad25bf4943) is 1.8M, max 13.8M, 11.9M free. May 19 15:38:30.285092 osdx systemd-journald[2275]: Received client request to rotate journal, rotating. May 19 15:38:30.285143 osdx systemd-journald[2275]: Vacuuming done, freed 0B of archived journals from /run/log/journal/d1b141b298644f3ea5560bad25bf4943. May 19 15:38:30.291337 osdx OSDxCLI[455728]: User 'admin' executed a new command: 'system journal clear'. May 19 15:38:30.481698 osdx OSDxCLI[455728]: User 'admin' executed a new command: 'system coredump delete all'. May 19 15:38:30.682946 osdx OSDxCLI[455728]: User 'admin' entered the configuration menu. May 19 15:38:30.737624 osdx OSDxCLI[455728]: User 'admin' added a new cfg line: 'set system conntrack app-detect'. May 19 15:38:30.828382 osdx OSDxCLI[455728]: User 'admin' added a new cfg line: 'set system conntrack timeout icmp 1'. May 19 15:38:30.907263 osdx OSDxCLI[455728]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 192.168.100.1/24'. May 19 15:38:30.978479 osdx OSDxCLI[455728]: User 'admin' added a new cfg line: 'set system conntrack logging events all'. May 19 15:38:31.039247 osdx OSDxCLI[455728]: User 'admin' added a new cfg line: 'show working'. May 19 15:38:31.128814 osdx ubnt-cfgd[462173]: inactive May 19 15:38:31.146889 osdx INFO[462180]: FRR daemons did not change May 19 15:38:31.249106 osdx kernel: nfUDPlink: module init May 19 15:38:31.249173 osdx kernel: app-detect: module init May 19 15:38:31.249193 osdx kernel: app-detect: registered: sysctl net.appdetect May 19 15:38:31.249209 osdx kernel: nfUDPlink: connected 127.0.0.1:49000 May 19 15:38:31.249221 osdx kernel: nfUDPlink: added destination 127.0.0.1:49000 May 19 15:38:31.249232 osdx kernel: app-detect: registered: /proc/net/stat/appdetect May 19 15:38:31.253090 osdx kernel: app-detect: expression init May 19 15:38:31.253125 osdx kernel: app-detect: appid cache initialized (override=yes, chained=yes) May 19 15:38:31.253136 osdx kernel: app-detect: cache changes counter set appid_changes_count found (klen=4, dlen=4) May 19 15:38:31.260012 osdx modulelauncher[462183]: AppDetect: no appdetect_chain refresh needed, nothing more to do May 19 15:38:31.262582 osdx INFO[462208]: Stopping Traffic Categorization (TCATD) service ... May 19 15:38:31.301109 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 May 19 15:38:31.345795 osdx WARNING[462285]: No supported link modes on interface eth0 May 19 15:38:31.347100 osdx modulelauncher[462285]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on May 19 15:38:31.347111 osdx modulelauncher[462285]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76. May 19 15:38:31.348207 osdx modulelauncher[462285]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off -- May 19 15:38:31.348213 osdx modulelauncher[462285]: Command '/sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off --' returned non-zero exit status 75. May 19 15:38:31.401590 osdx systemd[1]: Starting ulogd2.service - Netfilter Userspace Logging Daemon... May 19 15:38:31.402900 osdx systemd[1]: Started ulogd2.service - Netfilter Userspace Logging Daemon. May 19 15:38:31.403170 osdx ulogd[462305]: registering plugin `NFCT' May 19 15:38:31.403245 osdx ulogd[462305]: registering plugin `IP2STR' May 19 15:38:31.403321 osdx ulogd[462305]: registering plugin `PRINTFLOW' May 19 15:38:31.403397 osdx ulogd[462305]: registering plugin `SYSLOG' May 19 15:38:31.403403 osdx ulogd[462305]: building new pluginstance stack: 'ct1:NFCT,ip2str1:IP2STR,print1:PRINTFLOW,sys1:SYSLOG' May 19 15:38:31.403482 osdx ulogd[462305]: NFCT plugin working in event mode May 19 15:38:31.403497 osdx ulogd[462305]: Changing UID / GID May 19 15:38:31.403625 osdx ulogd[462305]: initialization finished, entering main loop May 19 15:38:31.620589 osdx cfgd[1918]: [455728]Completed change to active configuration May 19 15:38:31.621719 osdx OSDxCLI[455728]: User 'admin' committed the configuration. May 19 15:38:31.641589 osdx OSDxCLI[455728]: User 'admin' left the configuration menu. May 19 15:38:32.537586 osdx ulogd[462305]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] May 19 15:38:32.537605 osdx ulogd[462305]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] May 19 15:38:32.608430 osdx ulogd[462305]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] May 19 15:38:32.608446 osdx ulogd[462305]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] May 19 15:38:33.637259 osdx ulogd[462305]: [DESTROY] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 APPDETECT[L3:1] May 19 15:38:33.637283 osdx ulogd[462305]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] May 19 15:38:33.637295 osdx ulogd[462305]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] May 19 15:38:34.661260 osdx ulogd[462305]: [DESTROY] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 APPDETECT[L3:1] May 19 15:38:34.661281 osdx ulogd[462305]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] May 19 15:38:34.661293 osdx ulogd[462305]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] May 19 15:38:34.749201 osdx OSDxCLI[455728]: User 'admin' executed a new command: 'system journal show | cat'.
Step 7: Run the command system journal show | cat on DUT0 and check whether the output matches the following regular expressions:
ulogd\[.*\]:.*\[DESTROY\].*APPDETECT\[L3:1\]Show output
May 19 15:38:30.281961 osdx systemd-journald[2275]: Runtime Journal (/run/log/journal/d1b141b298644f3ea5560bad25bf4943) is 1.8M, max 13.8M, 11.9M free. May 19 15:38:30.285092 osdx systemd-journald[2275]: Received client request to rotate journal, rotating. May 19 15:38:30.285143 osdx systemd-journald[2275]: Vacuuming done, freed 0B of archived journals from /run/log/journal/d1b141b298644f3ea5560bad25bf4943. May 19 15:38:30.291337 osdx OSDxCLI[455728]: User 'admin' executed a new command: 'system journal clear'. May 19 15:38:30.481698 osdx OSDxCLI[455728]: User 'admin' executed a new command: 'system coredump delete all'. May 19 15:38:30.682946 osdx OSDxCLI[455728]: User 'admin' entered the configuration menu. May 19 15:38:30.737624 osdx OSDxCLI[455728]: User 'admin' added a new cfg line: 'set system conntrack app-detect'. May 19 15:38:30.828382 osdx OSDxCLI[455728]: User 'admin' added a new cfg line: 'set system conntrack timeout icmp 1'. May 19 15:38:30.907263 osdx OSDxCLI[455728]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 192.168.100.1/24'. May 19 15:38:30.978479 osdx OSDxCLI[455728]: User 'admin' added a new cfg line: 'set system conntrack logging events all'. May 19 15:38:31.039247 osdx OSDxCLI[455728]: User 'admin' added a new cfg line: 'show working'. May 19 15:38:31.128814 osdx ubnt-cfgd[462173]: inactive May 19 15:38:31.146889 osdx INFO[462180]: FRR daemons did not change May 19 15:38:31.249106 osdx kernel: nfUDPlink: module init May 19 15:38:31.249173 osdx kernel: app-detect: module init May 19 15:38:31.249193 osdx kernel: app-detect: registered: sysctl net.appdetect May 19 15:38:31.249209 osdx kernel: nfUDPlink: connected 127.0.0.1:49000 May 19 15:38:31.249221 osdx kernel: nfUDPlink: added destination 127.0.0.1:49000 May 19 15:38:31.249232 osdx kernel: app-detect: registered: /proc/net/stat/appdetect May 19 15:38:31.253090 osdx kernel: app-detect: expression init May 19 15:38:31.253125 osdx kernel: app-detect: appid cache initialized (override=yes, chained=yes) May 19 15:38:31.253136 osdx kernel: app-detect: cache changes counter set appid_changes_count found (klen=4, dlen=4) May 19 15:38:31.260012 osdx modulelauncher[462183]: AppDetect: no appdetect_chain refresh needed, nothing more to do May 19 15:38:31.262582 osdx INFO[462208]: Stopping Traffic Categorization (TCATD) service ... May 19 15:38:31.301109 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 May 19 15:38:31.345795 osdx WARNING[462285]: No supported link modes on interface eth0 May 19 15:38:31.347100 osdx modulelauncher[462285]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on May 19 15:38:31.347111 osdx modulelauncher[462285]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76. May 19 15:38:31.348207 osdx modulelauncher[462285]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off -- May 19 15:38:31.348213 osdx modulelauncher[462285]: Command '/sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off --' returned non-zero exit status 75. May 19 15:38:31.401590 osdx systemd[1]: Starting ulogd2.service - Netfilter Userspace Logging Daemon... May 19 15:38:31.402900 osdx systemd[1]: Started ulogd2.service - Netfilter Userspace Logging Daemon. May 19 15:38:31.403170 osdx ulogd[462305]: registering plugin `NFCT' May 19 15:38:31.403245 osdx ulogd[462305]: registering plugin `IP2STR' May 19 15:38:31.403321 osdx ulogd[462305]: registering plugin `PRINTFLOW' May 19 15:38:31.403397 osdx ulogd[462305]: registering plugin `SYSLOG' May 19 15:38:31.403403 osdx ulogd[462305]: building new pluginstance stack: 'ct1:NFCT,ip2str1:IP2STR,print1:PRINTFLOW,sys1:SYSLOG' May 19 15:38:31.403482 osdx ulogd[462305]: NFCT plugin working in event mode May 19 15:38:31.403497 osdx ulogd[462305]: Changing UID / GID May 19 15:38:31.403625 osdx ulogd[462305]: initialization finished, entering main loop May 19 15:38:31.620589 osdx cfgd[1918]: [455728]Completed change to active configuration May 19 15:38:31.621719 osdx OSDxCLI[455728]: User 'admin' committed the configuration. May 19 15:38:31.641589 osdx OSDxCLI[455728]: User 'admin' left the configuration menu. May 19 15:38:32.537586 osdx ulogd[462305]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] May 19 15:38:32.537605 osdx ulogd[462305]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] May 19 15:38:32.608430 osdx ulogd[462305]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] May 19 15:38:32.608446 osdx ulogd[462305]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] May 19 15:38:33.637259 osdx ulogd[462305]: [DESTROY] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 APPDETECT[L3:1] May 19 15:38:33.637283 osdx ulogd[462305]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] May 19 15:38:33.637295 osdx ulogd[462305]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] May 19 15:38:34.661260 osdx ulogd[462305]: [DESTROY] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 APPDETECT[L3:1] May 19 15:38:34.661281 osdx ulogd[462305]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] May 19 15:38:34.661293 osdx ulogd[462305]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] May 19 15:38:34.749201 osdx OSDxCLI[455728]: User 'admin' executed a new command: 'system journal show | cat'. May 19 15:38:34.849235 osdx OSDxCLI[455728]: User 'admin' executed a new command: 'system journal show | cat'.
Step 8: Modify the following configuration lines in DUT0 :
set interfaces ethernet eth0 address 10.215.168.64/24 set system conntrack app-detect http-host
Step 9: Ping the IP address 10.215.168.1 from DUT0:
admin@DUT0$ ping 10.215.168.1 count 1 size 56 timeout 1Show output
PING 10.215.168.1 (10.215.168.1) 56(84) bytes of data. 64 bytes from 10.215.168.1: icmp_seq=1 ttl=64 time=0.457 ms --- 10.215.168.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.457/0.457/0.457/0.000 ms
Step 10: Run the command file copy http://10.215.168.1/~robot/ running://index.html force on DUT0 and expect the following output:
Show output
% Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 100 1095 0 1095 0 0 216k 0 --:--:-- --:--:-- --:--:-- 267k
Step 11: Run the command system journal show | cat on DUT0 and check whether the output matches the following regular expressions:
ulogd\[.*\]:.*\[((NEW)|(UPDATE)|(DESTROY))\].*APPDETECT\[L4:80 http-host:10.215.168.1\]Show output
May 19 15:38:30.281961 osdx systemd-journald[2275]: Runtime Journal (/run/log/journal/d1b141b298644f3ea5560bad25bf4943) is 1.8M, max 13.8M, 11.9M free. May 19 15:38:30.285092 osdx systemd-journald[2275]: Received client request to rotate journal, rotating. May 19 15:38:30.285143 osdx systemd-journald[2275]: Vacuuming done, freed 0B of archived journals from /run/log/journal/d1b141b298644f3ea5560bad25bf4943. May 19 15:38:30.291337 osdx OSDxCLI[455728]: User 'admin' executed a new command: 'system journal clear'. May 19 15:38:30.481698 osdx OSDxCLI[455728]: User 'admin' executed a new command: 'system coredump delete all'. May 19 15:38:30.682946 osdx OSDxCLI[455728]: User 'admin' entered the configuration menu. May 19 15:38:30.737624 osdx OSDxCLI[455728]: User 'admin' added a new cfg line: 'set system conntrack app-detect'. May 19 15:38:30.828382 osdx OSDxCLI[455728]: User 'admin' added a new cfg line: 'set system conntrack timeout icmp 1'. May 19 15:38:30.907263 osdx OSDxCLI[455728]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 192.168.100.1/24'. May 19 15:38:30.978479 osdx OSDxCLI[455728]: User 'admin' added a new cfg line: 'set system conntrack logging events all'. May 19 15:38:31.039247 osdx OSDxCLI[455728]: User 'admin' added a new cfg line: 'show working'. May 19 15:38:31.128814 osdx ubnt-cfgd[462173]: inactive May 19 15:38:31.146889 osdx INFO[462180]: FRR daemons did not change May 19 15:38:31.249106 osdx kernel: nfUDPlink: module init May 19 15:38:31.249173 osdx kernel: app-detect: module init May 19 15:38:31.249193 osdx kernel: app-detect: registered: sysctl net.appdetect May 19 15:38:31.249209 osdx kernel: nfUDPlink: connected 127.0.0.1:49000 May 19 15:38:31.249221 osdx kernel: nfUDPlink: added destination 127.0.0.1:49000 May 19 15:38:31.249232 osdx kernel: app-detect: registered: /proc/net/stat/appdetect May 19 15:38:31.253090 osdx kernel: app-detect: expression init May 19 15:38:31.253125 osdx kernel: app-detect: appid cache initialized (override=yes, chained=yes) May 19 15:38:31.253136 osdx kernel: app-detect: cache changes counter set appid_changes_count found (klen=4, dlen=4) May 19 15:38:31.260012 osdx modulelauncher[462183]: AppDetect: no appdetect_chain refresh needed, nothing more to do May 19 15:38:31.262582 osdx INFO[462208]: Stopping Traffic Categorization (TCATD) service ... May 19 15:38:31.301109 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 May 19 15:38:31.345795 osdx WARNING[462285]: No supported link modes on interface eth0 May 19 15:38:31.347100 osdx modulelauncher[462285]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on May 19 15:38:31.347111 osdx modulelauncher[462285]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76. May 19 15:38:31.348207 osdx modulelauncher[462285]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off -- May 19 15:38:31.348213 osdx modulelauncher[462285]: Command '/sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off --' returned non-zero exit status 75. May 19 15:38:31.401590 osdx systemd[1]: Starting ulogd2.service - Netfilter Userspace Logging Daemon... May 19 15:38:31.402900 osdx systemd[1]: Started ulogd2.service - Netfilter Userspace Logging Daemon. May 19 15:38:31.403170 osdx ulogd[462305]: registering plugin `NFCT' May 19 15:38:31.403245 osdx ulogd[462305]: registering plugin `IP2STR' May 19 15:38:31.403321 osdx ulogd[462305]: registering plugin `PRINTFLOW' May 19 15:38:31.403397 osdx ulogd[462305]: registering plugin `SYSLOG' May 19 15:38:31.403403 osdx ulogd[462305]: building new pluginstance stack: 'ct1:NFCT,ip2str1:IP2STR,print1:PRINTFLOW,sys1:SYSLOG' May 19 15:38:31.403482 osdx ulogd[462305]: NFCT plugin working in event mode May 19 15:38:31.403497 osdx ulogd[462305]: Changing UID / GID May 19 15:38:31.403625 osdx ulogd[462305]: initialization finished, entering main loop May 19 15:38:31.620589 osdx cfgd[1918]: [455728]Completed change to active configuration May 19 15:38:31.621719 osdx OSDxCLI[455728]: User 'admin' committed the configuration. May 19 15:38:31.641589 osdx OSDxCLI[455728]: User 'admin' left the configuration menu. May 19 15:38:32.537586 osdx ulogd[462305]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] May 19 15:38:32.537605 osdx ulogd[462305]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] May 19 15:38:32.608430 osdx ulogd[462305]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] May 19 15:38:32.608446 osdx ulogd[462305]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] May 19 15:38:33.637259 osdx ulogd[462305]: [DESTROY] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 APPDETECT[L3:1] May 19 15:38:33.637283 osdx ulogd[462305]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] May 19 15:38:33.637295 osdx ulogd[462305]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] May 19 15:38:34.661260 osdx ulogd[462305]: [DESTROY] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 APPDETECT[L3:1] May 19 15:38:34.661281 osdx ulogd[462305]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] May 19 15:38:34.661293 osdx ulogd[462305]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] May 19 15:38:34.749201 osdx OSDxCLI[455728]: User 'admin' executed a new command: 'system journal show | cat'. May 19 15:38:34.849235 osdx OSDxCLI[455728]: User 'admin' executed a new command: 'system journal show | cat'. May 19 15:38:34.950070 osdx OSDxCLI[455728]: User 'admin' executed a new command: 'system journal show | cat'. May 19 15:38:35.100840 osdx OSDxCLI[455728]: User 'admin' entered the configuration menu. May 19 15:38:35.175467 osdx OSDxCLI[455728]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. May 19 15:38:35.246554 osdx OSDxCLI[455728]: User 'admin' added a new cfg line: 'set system conntrack app-detect http-host'. May 19 15:38:35.300439 osdx OSDxCLI[455728]: User 'admin' added a new cfg line: 'show changes'. May 19 15:38:35.396765 osdx ubnt-cfgd[462372]: inactive May 19 15:38:35.416133 osdx INFO[462379]: FRR daemons did not change May 19 15:38:35.449091 osdx kernel: app-detect: expression destroy May 19 15:38:35.457090 osdx kernel: app-detect: expression init May 19 15:38:35.457122 osdx kernel: app-detect: appid cache initialized (override=yes, chained=yes) May 19 15:38:35.457135 osdx kernel: app-detect: cache changes counter set appid_changes_count found (klen=4, dlen=4) May 19 15:38:35.463581 osdx modulelauncher[462382]: AppDetect: no appdetect_chain refresh needed, nothing more to do May 19 15:38:35.465922 osdx INFO[462398]: Stopping Traffic Categorization (TCATD) service ... May 19 15:38:35.543126 osdx ulogd[462305]: [DESTROY] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 APPDETECT[L3:1] May 19 15:38:35.543143 osdx ulogd[462305]: [DESTROY] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 APPDETECT[L3:1] May 19 15:38:35.543397 osdx cfgd[1918]: [455728]Completed change to active configuration May 19 15:38:35.543800 osdx OSDxCLI[455728]: User 'admin' committed the configuration. May 19 15:38:35.558095 osdx OSDxCLI[455728]: User 'admin' left the configuration menu. May 19 15:38:35.697671 osdx ulogd[462305]: [NEW] ORIG: SRC=10.215.168.64 DST=10.215.168.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=10.215.168.1 DST=10.215.168.64 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] May 19 15:38:35.697820 osdx ulogd[462305]: [UPDATE] ORIG: SRC=10.215.168.64 DST=10.215.168.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=10.215.168.1 DST=10.215.168.64 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] May 19 15:38:35.699709 osdx OSDxCLI[455728]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'. May 19 15:38:35.826590 osdx file_operation[462460]: using src url: http://10.215.168.1/~robot/ dst url: running://index.html May 19 15:38:35.831406 osdx ulogd[462305]: [NEW] ORIG: SRC=10.215.168.64 DST=10.215.168.1 PROTO=TCP SPT=40562 DPT=80 PKTS=0 BYTES=0 , REPLY: SRC=10.215.168.1 DST=10.215.168.64 PROTO=TCP SPT=80 DPT=40562 PKTS=0 BYTES=0 APPDETECT[L4:80] May 19 15:38:35.831560 osdx ulogd[462305]: [UPDATE] ORIG: SRC=10.215.168.64 DST=10.215.168.1 PROTO=TCP SPT=40562 DPT=80 PKTS=0 BYTES=0 , REPLY: SRC=10.215.168.1 DST=10.215.168.64 PROTO=TCP SPT=80 DPT=40562 PKTS=0 BYTES=0 APPDETECT[L4:80] May 19 15:38:35.831578 osdx ulogd[462305]: [UPDATE] ORIG: SRC=10.215.168.64 DST=10.215.168.1 PROTO=TCP SPT=40562 DPT=80 PKTS=0 BYTES=0 , REPLY: SRC=10.215.168.1 DST=10.215.168.64 PROTO=TCP SPT=80 DPT=40562 PKTS=0 BYTES=0 APPDETECT[L4:80] May 19 15:38:35.833296 osdx ulogd[462305]: [UPDATE] ORIG: SRC=10.215.168.64 DST=10.215.168.1 PROTO=TCP SPT=40562 DPT=80 PKTS=0 BYTES=0 , REPLY: SRC=10.215.168.1 DST=10.215.168.64 PROTO=TCP SPT=80 DPT=40562 PKTS=0 BYTES=0 APPDETECT[L4:80 http-host:10.215.168.1] May 19 15:38:35.833355 osdx ulogd[462305]: [UPDATE] ORIG: SRC=10.215.168.64 DST=10.215.168.1 PROTO=TCP SPT=40562 DPT=80 PKTS=0 BYTES=0 , REPLY: SRC=10.215.168.1 DST=10.215.168.64 PROTO=TCP SPT=80 DPT=40562 PKTS=0 BYTES=0 APPDETECT[L4:80 http-host:10.215.168.1] May 19 15:38:35.833372 osdx ulogd[462305]: [UPDATE] ORIG: SRC=10.215.168.64 DST=10.215.168.1 PROTO=TCP SPT=40562 DPT=80 PKTS=0 BYTES=0 , REPLY: SRC=10.215.168.1 DST=10.215.168.64 PROTO=TCP SPT=80 DPT=40562 PKTS=0 BYTES=0 APPDETECT[L4:80 http-host:10.215.168.1] May 19 15:38:35.849292 osdx OSDxCLI[455728]: User 'admin' executed a new command: 'file copy http://10.215.168.1/~robot/ running://index.html force'.
App Detect Drop Packet
Description
Set a traffic policy with action drop for all the packets matching an appid specified by a traffic selector.
Enable http-host and http-url option in system conntrack appdetect path in order to see relevant information about http packets.
Finnally, log that packets with app-id option and check that appdetect field appear in journal when
running system journal show
Scenario
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 10.215.168.64/24 set interfaces ethernet eth0 traffic policy out DROP set system conntrack app-detect dictionary 130 local app-id custom 155 fqdn 10.215.168.1 set system conntrack app-detect enable_dict_match_priv_ip set system conntrack app-detect http-host set system conntrack app-detect http-url set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0' set traffic policy DROP rule 1 action drop set traffic policy DROP rule 1 log app-id set traffic policy DROP rule 1 selector APPID set traffic selector APPID rule 1 app-detect app-id custom 155
Step 2: Ping the IP address 10.215.168.1 from DUT0:
admin@DUT0$ ping 10.215.168.1 count 1 size 56 timeout 1Show output
PING 10.215.168.1 (10.215.168.1) 56(84) bytes of data. 64 bytes from 10.215.168.1: icmp_seq=1 ttl=64 time=0.235 ms --- 10.215.168.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.235/0.235/0.235/0.000 ms
Step 3: Run the command system journal show | cat on DUT0 and check whether the output matches the following regular expressions:
osdx kernel:.*APPDETECT\[U6:155 http-url:/~robot/ http-host:10.215.168.1\]Show output
May 19 15:38:40.000189 osdx systemd-timedated[436725]: Changed local time to Tue 2026-05-19 15:38:40 UTC May 19 15:38:40.001223 osdx OSDxCLI[455728]: User 'admin' executed a new command: 'set date 2026-05-19 15:38:40'. May 19 15:38:40.002578 osdx systemd-journald[2275]: Time jumped backwards, rotating. May 19 15:38:40.280912 osdx systemd-journald[2275]: Runtime Journal (/run/log/journal/d1b141b298644f3ea5560bad25bf4943) is 1.8M, max 13.8M, 11.9M free. May 19 15:38:40.282582 osdx systemd-journald[2275]: Received client request to rotate journal, rotating. May 19 15:38:40.282630 osdx systemd-journald[2275]: Vacuuming done, freed 0B of archived journals from /run/log/journal/d1b141b298644f3ea5560bad25bf4943. May 19 15:38:40.289884 osdx OSDxCLI[455728]: User 'admin' executed a new command: 'system journal clear'. May 19 15:38:40.483359 osdx OSDxCLI[455728]: User 'admin' executed a new command: 'system coredump delete all'. May 19 15:38:40.686047 osdx OSDxCLI[455728]: User 'admin' entered the configuration menu. May 19 15:38:40.748553 osdx OSDxCLI[455728]: User 'admin' added a new cfg line: 'set system conntrack app-detect dictionary 130 custom app-id 155 fqdn 10.215.168.1'. May 19 15:38:40.835512 osdx OSDxCLI[455728]: User 'admin' added a new cfg line: 'set system conntrack app-detect enable_dict_match_priv_ip'. May 19 15:38:40.893558 osdx OSDxCLI[455728]: User 'admin' added a new cfg line: 'set system conntrack app-detect http-url'. May 19 15:38:40.984054 osdx OSDxCLI[455728]: User 'admin' added a new cfg line: 'set traffic selector APPID rule 1 app-detect app-id custom 155'. May 19 15:38:41.033120 osdx OSDxCLI[455728]: User 'admin' added a new cfg line: 'set traffic policy DROP rule 1 selector APPID'. May 19 15:38:41.123918 osdx OSDxCLI[455728]: User 'admin' added a new cfg line: 'set traffic policy DROP rule 1 action drop'. May 19 15:38:41.175523 osdx OSDxCLI[455728]: User 'admin' added a new cfg line: 'set traffic policy DROP rule 1 log app-id'. May 19 15:38:41.291628 osdx OSDxCLI[455728]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 traffic policy out DROP'. May 19 15:38:41.339324 osdx OSDxCLI[455728]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. May 19 15:38:41.434275 osdx OSDxCLI[455728]: User 'admin' added a new cfg line: 'set system conntrack app-detect http-host'. May 19 15:38:41.510756 osdx OSDxCLI[455728]: User 'admin' added a new cfg line: 'show working'. May 19 15:38:41.587269 osdx ubnt-cfgd[462699]: inactive May 19 15:38:41.626673 osdx INFO[462726]: FRR daemons did not change May 19 15:38:41.710624 osdx kernel: nfUDPlink: module init May 19 15:38:41.710744 osdx kernel: app-detect: module init May 19 15:38:41.710796 osdx kernel: app-detect: registered: sysctl net.appdetect May 19 15:38:41.710831 osdx kernel: nfUDPlink: connected 127.0.0.1:49000 May 19 15:38:41.710863 osdx kernel: nfUDPlink: added destination 127.0.0.1:49000 May 19 15:38:41.710894 osdx kernel: app-detect: registered: /proc/net/stat/appdetect May 19 15:38:41.714594 osdx kernel: app-detect: expression init May 19 15:38:41.714650 osdx kernel: app-detect: appid cache initialized (override=yes, chained=yes) May 19 15:38:41.714668 osdx kernel: app-detect: cache changes counter set appid_changes_count found (klen=4, dlen=4) May 19 15:38:41.780237 osdx INFO[462761]: Updated /etc/default/osdx_tcatd.conf May 19 15:38:41.780296 osdx INFO[462761]: Restarting Traffic Categorization (TCATD) service ... May 19 15:38:41.807042 osdx systemd[1]: Starting osdx-tcatd.service - App-Detect Traffic Categorization daemon... May 19 15:38:41.815253 osdx systemd[1]: Started osdx-tcatd.service - App-Detect Traffic Categorization daemon. May 19 15:38:41.846583 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 May 19 15:38:41.891361 osdx WARNING[462837]: No supported link modes on interface eth0 May 19 15:38:41.893010 osdx modulelauncher[462837]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on May 19 15:38:41.893021 osdx modulelauncher[462837]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76. May 19 15:38:41.894404 osdx modulelauncher[462837]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off -- May 19 15:38:41.894411 osdx modulelauncher[462837]: Command '/sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off --' returned non-zero exit status 75. May 19 15:38:42.273547 osdx cfgd[1918]: [455728]Completed change to active configuration May 19 15:38:42.273985 osdx OSDxCLI[455728]: User 'admin' committed the configuration. May 19 15:38:42.289776 osdx OSDxCLI[455728]: User 'admin' left the configuration menu. May 19 15:38:42.435948 osdx OSDxCLI[455728]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'. May 19 15:38:42.553032 osdx file_operation[462926]: using src url: http://10.215.168.1/~robot/ dst url: running://index.html May 19 15:38:42.558577 osdx kernel: [DROP-1] DROP IN= OUT=eth0 SRC=10.215.168.64 DST=10.215.168.1 LEN=306 TOS=0x00 PREC=0x00 TTL=64 ID=3688 DF PROTO=TCP SPT=58920 DPT=80 WINDOW=502 RES=0x00 ACK PSH URGP=0 APPDETECT[U6:155 http-url:/~robot/ http-host:10.215.168.1] May 19 15:38:42.762597 osdx kernel: [DROP-1] DROP IN= OUT=eth0 SRC=10.215.168.64 DST=10.215.168.1 LEN=306 TOS=0x00 PREC=0x00 TTL=64 ID=3689 DF PROTO=TCP SPT=58920 DPT=80 WINDOW=502 RES=0x00 ACK PSH URGP=0 APPDETECT[U6:155 http-url:/~robot/ http-host:10.215.168.1] May 19 15:38:43.182670 osdx kernel: [DROP-1] DROP IN= OUT=eth0 SRC=10.215.168.64 DST=10.215.168.1 LEN=306 TOS=0x00 PREC=0x00 TTL=64 ID=3690 DF PROTO=TCP SPT=58920 DPT=80 WINDOW=502 RES=0x00 ACK PSH URGP=0 APPDETECT[U6:155 http-url:/~robot/ http-host:10.215.168.1] May 19 15:38:44.014684 osdx kernel: [DROP-1] DROP IN= OUT=eth0 SRC=10.215.168.64 DST=10.215.168.1 LEN=306 TOS=0x00 PREC=0x00 TTL=64 ID=3691 DF PROTO=TCP SPT=58920 DPT=80 WINDOW=502 RES=0x00 ACK PSH URGP=0 APPDETECT[U6:155 http-url:/~robot/ http-host:10.215.168.1] May 19 15:38:45.534919 osdx file_operation.py[462926]: Operation aborted by user. May 19 15:38:45.546585 osdx kernel: [DROP-1] DROP IN= OUT=eth0 SRC=10.215.168.64 DST=10.215.168.1 LEN=306 TOS=0x00 PREC=0x00 TTL=64 ID=3692 DF PROTO=TCP SPT=58920 DPT=80 WINDOW=502 RES=0x00 ACK PSH FIN URGP=0 APPDETECT[U6:155 http-url:/~robot/ http-host:10.215.168.1] May 19 15:38:45.552711 osdx OSDxCLI[455728]: User 'admin' executed a new command: 'file copy http://10.215.168.1/~robot/ running://index.html force'.
Identity Values
Description
Conntrack identity is able to contain any printed character (max 92 characters) but not spaces
Scenario
Step 1: Run the command configure on DUT0 and expect the following output:
Show output
admin@osdx#
Step 2: Run the command set system conntrack logging identity "he||o w@rld!" on DUT0 and check whether the output contains the following tokens:
Identity name must be 92 characters or less and must contain printable characters except those defined as part of the space character classShow output
Identity name must be 92 characters or less and must contain printable characters except those defined as part of the space character class Value validation failed CLI Error: Command error
Step 3: Run the command set system conntrack logging identity Lorem-ipsum-dolor-sit-amet-consectetur-adipiscing-elit-quisque-lorem-ipsum-dolor-sit-amet-vita on DUT0 and check whether the output contains the following tokens:
Identity name must be 92 characters or less and must contain printable characters except those defined as part of the space character classShow output
Identity name must be 92 characters or less and must contain printable characters except those defined as part of the space character class Value validation failed CLI Error: Command error
Step 4: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 192.168.100.1/24 set system conntrack logging events all set system conntrack logging identity Lorem-ipsum-dolor-sit-amet-consectetur-adipiscing-elit-quisque-lorem-ipsum-dolor-sit-ame-vit set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 5: Set the following configuration in DUT1 :
set interfaces ethernet eth0 address 192.168.100.2/24 set protocols static route 0.0.0.0/0 next-hop 192.168.100.1 set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 6: Ping the IP address 192.168.100.1 from DUT1:
admin@DUT1$ ping 192.168.100.1 count 1 size 56 timeout 1Show output
PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data. 64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.763 ms --- 192.168.100.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.763/0.763/0.763/0.000 ms
Step 7: Ping the IP address 192.168.100.1 from DUT1:
admin@DUT1$ ping 192.168.100.1 count 1 size 56 timeout 1Show output
PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data. 64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.590 ms --- 192.168.100.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.590/0.590/0.590/0.000 ms
Step 8: Run the command system journal show | cat on DUT0 and check whether the output matches the following regular expressions:
Lorem-ipsum-dolor-sit-amet-consectetur-adipiscing-elit-quisque-lorem-ipsum-dolor-sit-ame-vit\[.*\]:.*\[((NEW)|(UPDATE)|(DESTROY))\].*SRC=192.168.100.2Show output
May 19 15:38:50.272994 osdx systemd-journald[2275]: Runtime Journal (/run/log/journal/d1b141b298644f3ea5560bad25bf4943) is 1.9M, max 13.8M, 11.8M free. May 19 15:38:50.275711 osdx systemd-journald[2275]: Received client request to rotate journal, rotating. May 19 15:38:50.275769 osdx systemd-journald[2275]: Vacuuming done, freed 0B of archived journals from /run/log/journal/d1b141b298644f3ea5560bad25bf4943. May 19 15:38:50.283011 osdx OSDxCLI[455728]: User 'admin' executed a new command: 'system journal clear'. May 19 15:38:50.472190 osdx OSDxCLI[455728]: User 'admin' executed a new command: 'system coredump delete all'. May 19 15:38:50.671215 osdx OSDxCLI[455728]: User 'admin' entered the configuration menu. May 19 15:38:50.735118 osdx cfgd[1918]: [455728]Command output: Identity name must be 92 characters or less and must contain printable characters except those defined as part of the space character class Value validation failed May 19 15:38:50.735682 osdx OSDxCLI[455728]: User 'admin' entered an invalid command: 'set system conntrack logging identity "he||o w@rld!"'. May 19 15:38:50.837193 osdx cfgd[1918]: [455728]Command output: Identity name must be 92 characters or less and must contain printable characters except those defined as part of the space character class Value validation failed May 19 15:38:50.837798 osdx OSDxCLI[455728]: User 'admin' entered an invalid command: 'set system conntrack logging identity Lorem-ipsum-dolor-sit-amet-consectetur-adipiscing-elit-quisque-lorem-ipsum-dolor-sit-amet-vita'. May 19 15:38:50.854325 osdx OSDxCLI[455728]: User 'admin' left the configuration menu. May 19 15:38:51.044990 osdx OSDxCLI[455728]: User 'admin' entered the configuration menu. May 19 15:38:51.122623 osdx OSDxCLI[455728]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 192.168.100.1/24'. May 19 15:38:51.191175 osdx OSDxCLI[455728]: User 'admin' added a new cfg line: 'set system conntrack logging events all'. May 19 15:38:51.243740 osdx OSDxCLI[455728]: User 'admin' added a new cfg line: 'set system conntrack logging identity Lorem-ipsum-dolor-sit-amet-consectetur-adipiscing-elit-quisque-lorem-ipsum-dolor-sit-ame-vit'. May 19 15:38:51.340738 osdx OSDxCLI[455728]: User 'admin' added a new cfg line: 'show working'. May 19 15:38:51.395901 osdx ubnt-cfgd[463168]: inactive May 19 15:38:51.435714 osdx INFO[463175]: FRR daemons did not change May 19 15:38:51.463714 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 May 19 15:38:51.506152 osdx WARNING[463249]: No supported link modes on interface eth0 May 19 15:38:51.507448 osdx modulelauncher[463249]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on May 19 15:38:51.507459 osdx modulelauncher[463249]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76. May 19 15:38:51.508543 osdx modulelauncher[463249]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off -- May 19 15:38:51.508550 osdx modulelauncher[463249]: Command '/sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off --' returned non-zero exit status 75. May 19 15:38:51.548097 osdx systemd[1]: Starting ulogd2.service - Netfilter Userspace Logging Daemon... May 19 15:38:51.548812 osdx systemd[1]: Started ulogd2.service - Netfilter Userspace Logging Daemon. May 19 15:38:51.548972 osdx ulogd[463269]: registering plugin `NFCT' May 19 15:38:51.549019 osdx ulogd[463269]: registering plugin `IP2STR' May 19 15:38:51.549064 osdx ulogd[463269]: registering plugin `PRINTFLOW' May 19 15:38:51.549113 osdx ulogd[463269]: registering plugin `SYSLOG' May 19 15:38:51.549117 osdx ulogd[463269]: building new pluginstance stack: 'ct1:NFCT,ip2str1:IP2STR,print1:PRINTFLOW,sys1:SYSLOG' May 19 15:38:51.549166 osdx ulogd[463269]: NFCT plugin working in event mode May 19 15:38:51.549177 osdx Lorem-ipsum-dolor-sit-amet-consectetur-adipiscing-elit-quisque-lorem-ipsum-dolor-sit-ame-vit[463269]: Changing UID / GID May 19 15:38:51.549258 osdx Lorem-ipsum-dolor-sit-amet-consectetur-adipiscing-elit-quisque-lorem-ipsum-dolor-sit-ame-vit[463269]: initialization finished, entering main loop May 19 15:38:51.720125 osdx cfgd[1918]: [455728]Completed change to active configuration May 19 15:38:51.720992 osdx OSDxCLI[455728]: User 'admin' committed the configuration. May 19 15:38:51.739801 osdx OSDxCLI[455728]: User 'admin' left the configuration menu. May 19 15:38:52.613996 osdx Lorem-ipsum-dolor-sit-amet-consectetur-adipiscing-elit-quisque-lorem-ipsum-dolor-sit-ame-vit[463269]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 May 19 15:38:52.614024 osdx Lorem-ipsum-dolor-sit-amet-consectetur-adipiscing-elit-quisque-lorem-ipsum-dolor-sit-ame-vit[463269]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 May 19 15:38:52.685775 osdx Lorem-ipsum-dolor-sit-amet-consectetur-adipiscing-elit-quisque-lorem-ipsum-dolor-sit-ame-vit[463269]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 May 19 15:38:52.685809 osdx Lorem-ipsum-dolor-sit-amet-consectetur-adipiscing-elit-quisque-lorem-ipsum-dolor-sit-ame-vit[463269]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0