Logging
The following scenarios show how to configure the conntrack logging option with different traffic policies and services enabled, in order to check that all fields are displayed correctly and all events are captured.
New events
Description
Check NEW sessions events are captured
Scenario
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 192.168.100.1/24 set system conntrack logging events new set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 2: Set the following configuration in DUT1 :
set interfaces ethernet eth0 address 192.168.100.2/24 set protocols static route 0.0.0.0/0 next-hop 192.168.100.1 set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 3: Ping the IP address 192.168.100.1 from DUT1:
admin@DUT1$ ping 192.168.100.1 count 1 size 56 timeout 1Show output
PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data. 64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=6.34 ms --- 192.168.100.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 6.338/6.338/6.338/0.000 ms
Step 4: Ping the IP address 192.168.100.1 from DUT1:
admin@DUT1$ ping 192.168.100.1 count 1 size 56 timeout 1Show output
PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data. 64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.518 ms --- 192.168.100.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.518/0.518/0.518/0.000 ms
Step 5: Run the command system journal show | cat on DUT0 and check whether the output matches the following regular expressions:
ulogd\[.*\]:.*\[NEW\].*SRC=192.168.100.2Show output
Jun 03 11:44:13.000318 osdx systemd-timedated[196261]: Changed local time to Wed 2026-06-03 11:44:13 UTC Jun 03 11:44:13.001101 osdx systemd-journald[2151]: Time jumped backwards, rotating. Jun 03 11:44:13.002183 osdx OSDxCLI[119118]: User 'admin' executed a new command: 'set date 2026-06-03 11:44:13'. Jun 03 11:44:13.317863 osdx systemd-journald[2151]: Runtime Journal (/run/log/journal/140771393e044d28bd27951346e92000) is 2.4M, max 13.8M, 11.4M free. Jun 03 11:44:13.320982 osdx systemd-journald[2151]: Received client request to rotate journal, rotating. Jun 03 11:44:13.321063 osdx systemd-journald[2151]: Vacuuming done, freed 0B of archived journals from /run/log/journal/140771393e044d28bd27951346e92000. Jun 03 11:44:13.330757 osdx OSDxCLI[119118]: User 'admin' executed a new command: 'system journal clear'. Jun 03 11:44:13.566523 osdx OSDxCLI[119118]: User 'admin' executed a new command: 'system coredump delete all'. Jun 03 11:44:13.834794 osdx OSDxCLI[119118]: User 'admin' entered the configuration menu. Jun 03 11:44:13.945071 osdx OSDxCLI[119118]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 192.168.100.1/24'. Jun 03 11:44:14.058064 osdx OSDxCLI[119118]: User 'admin' added a new cfg line: 'set system conntrack logging events new'. Jun 03 11:44:14.165775 osdx OSDxCLI[119118]: User 'admin' added a new cfg line: 'show working'. Jun 03 11:44:14.236723 osdx ubnt-cfgd[196290]: inactive Jun 03 11:44:14.259307 osdx INFO[196297]: FRR daemons did not change Jun 03 11:44:14.292980 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Jun 03 11:44:14.344356 osdx WARNING[196371]: No supported link modes on interface eth0 Jun 03 11:44:14.345836 osdx modulelauncher[196371]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on Jun 03 11:44:14.345848 osdx modulelauncher[196371]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76. Jun 03 11:44:14.347038 osdx modulelauncher[196371]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Pause off Asym_Pause off -- Jun 03 11:44:14.347050 osdx modulelauncher[196371]: Command '/sbin/ethtool -s eth0 autoneg on advertise Pause off Asym_Pause off --' returned non-zero exit status 75. Jun 03 11:44:14.401364 osdx systemd[1]: Starting ulogd2.service - Netfilter Userspace Logging Daemon... Jun 03 11:44:14.404197 osdx systemd[1]: Started ulogd2.service - Netfilter Userspace Logging Daemon. Jun 03 11:44:14.406989 osdx ulogd[196391]: registering plugin `NFCT' Jun 03 11:44:14.407899 osdx ulogd[196391]: registering plugin `IP2STR' Jun 03 11:44:14.407961 osdx ulogd[196391]: registering plugin `PRINTFLOW' Jun 03 11:44:14.409045 osdx ulogd[196391]: registering plugin `SYSLOG' Jun 03 11:44:14.409053 osdx ulogd[196391]: building new pluginstance stack: 'ct1:NFCT,ip2str1:IP2STR,print1:PRINTFLOW,sys1:SYSLOG' Jun 03 11:44:14.409099 osdx ulogd[196391]: NFCT plugin working in event mode Jun 03 11:44:14.409109 osdx ulogd[196391]: Changing UID / GID Jun 03 11:44:14.409183 osdx ulogd[196391]: initialization finished, entering main loop Jun 03 11:44:14.588417 osdx cfgd[1899]: [119118]Completed change to active configuration Jun 03 11:44:14.589086 osdx OSDxCLI[119118]: User 'admin' committed the configuration. Jun 03 11:44:14.614619 osdx OSDxCLI[119118]: User 'admin' left the configuration menu. Jun 03 11:44:15.662294 osdx ulogd[196391]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 Jun 03 11:44:15.798945 osdx ulogd[196391]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0
Update events
Description
Check UPDATE sessions events are captured
Scenario
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 192.168.100.1/24 set system conntrack logging events update set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 2: Set the following configuration in DUT1 :
set interfaces ethernet eth0 address 192.168.100.2/24 set protocols static route 0.0.0.0/0 next-hop 192.168.100.1 set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 3: Ping the IP address 192.168.100.1 from DUT1:
admin@DUT1$ ping 192.168.100.1 count 1 size 56 timeout 1Show output
PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data. 64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.555 ms --- 192.168.100.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.555/0.555/0.555/0.000 ms
Step 4: Ping the IP address 192.168.100.1 from DUT1:
admin@DUT1$ ping 192.168.100.1 count 1 size 56 timeout 1Show output
PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data. 64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.515 ms --- 192.168.100.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.515/0.515/0.515/0.000 ms
Step 5: Run the command system journal show | cat on DUT0 and check whether the output matches the following regular expressions:
ulogd\[.*\]:.*\[UPDATE\].*SRC=192.168.100.2Show output
Jun 03 11:44:21.308295 osdx systemd-journald[2151]: Runtime Journal (/run/log/journal/140771393e044d28bd27951346e92000) is 1.9M, max 13.8M, 11.8M free. Jun 03 11:44:21.308852 osdx systemd-journald[2151]: Received client request to rotate journal, rotating. Jun 03 11:44:21.308900 osdx systemd-journald[2151]: Vacuuming done, freed 0B of archived journals from /run/log/journal/140771393e044d28bd27951346e92000. Jun 03 11:44:21.320402 osdx OSDxCLI[119118]: User 'admin' executed a new command: 'system journal clear'. Jun 03 11:44:21.540722 osdx OSDxCLI[119118]: User 'admin' executed a new command: 'system coredump delete all'. Jun 03 11:44:21.814972 osdx OSDxCLI[119118]: User 'admin' entered the configuration menu. Jun 03 11:44:21.919106 osdx OSDxCLI[119118]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 192.168.100.1/24'. Jun 03 11:44:21.994554 osdx OSDxCLI[119118]: User 'admin' added a new cfg line: 'set system conntrack logging events update'. Jun 03 11:44:22.109280 osdx OSDxCLI[119118]: User 'admin' added a new cfg line: 'show working'. Jun 03 11:44:22.172477 osdx ubnt-cfgd[196632]: inactive Jun 03 11:44:22.197692 osdx INFO[196639]: FRR daemons did not change Jun 03 11:44:22.232456 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Jun 03 11:44:22.278185 osdx WARNING[196713]: No supported link modes on interface eth0 Jun 03 11:44:22.279630 osdx modulelauncher[196713]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on Jun 03 11:44:22.279644 osdx modulelauncher[196713]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76. Jun 03 11:44:22.280888 osdx modulelauncher[196713]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Pause off Asym_Pause off -- Jun 03 11:44:22.280898 osdx modulelauncher[196713]: Command '/sbin/ethtool -s eth0 autoneg on advertise Pause off Asym_Pause off --' returned non-zero exit status 75. Jun 03 11:44:22.332709 osdx systemd[1]: Starting ulogd2.service - Netfilter Userspace Logging Daemon... Jun 03 11:44:22.333469 osdx systemd[1]: Started ulogd2.service - Netfilter Userspace Logging Daemon. Jun 03 11:44:22.333686 osdx ulogd[196733]: registering plugin `NFCT' Jun 03 11:44:22.333733 osdx ulogd[196733]: registering plugin `IP2STR' Jun 03 11:44:22.333775 osdx ulogd[196733]: registering plugin `PRINTFLOW' Jun 03 11:44:22.333824 osdx ulogd[196733]: registering plugin `SYSLOG' Jun 03 11:44:22.333829 osdx ulogd[196733]: building new pluginstance stack: 'ct1:NFCT,ip2str1:IP2STR,print1:PRINTFLOW,sys1:SYSLOG' Jun 03 11:44:22.333878 osdx ulogd[196733]: NFCT plugin working in event mode Jun 03 11:44:22.333887 osdx ulogd[196733]: Changing UID / GID Jun 03 11:44:22.333970 osdx ulogd[196733]: initialization finished, entering main loop Jun 03 11:44:22.499509 osdx cfgd[1899]: [119118]Completed change to active configuration Jun 03 11:44:22.500033 osdx OSDxCLI[119118]: User 'admin' committed the configuration. Jun 03 11:44:22.517693 osdx OSDxCLI[119118]: User 'admin' left the configuration menu. Jun 03 11:44:23.572286 osdx ulogd[196733]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 Jun 03 11:44:23.651135 osdx ulogd[196733]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0
Destroy events
Description
Check DESTROY sessions events are captured
Scenario
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 192.168.100.1/24 set service ssh set system conntrack logging events destroy set system conntrack timeout icmp 1 set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 2: Set the following configuration in DUT1 :
set interfaces ethernet eth0 address 192.168.100.2/24 set protocols static route 0.0.0.0/0 next-hop 192.168.100.1 set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 3: Ping the IP address 192.168.100.1 from DUT1:
admin@DUT1$ ping 192.168.100.1 count 1 size 56 timeout 1Show output
PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data. 64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.777 ms --- 192.168.100.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.777/0.777/0.777/0.000 ms
Step 4: Ping the IP address 192.168.100.1 from DUT1:
admin@DUT1$ ping 192.168.100.1 count 3 size 56 timeout 1Show output
PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data. 64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.407 ms 64 bytes from 192.168.100.1: icmp_seq=2 ttl=64 time=0.297 ms 64 bytes from 192.168.100.1: icmp_seq=3 ttl=64 time=0.298 ms --- 192.168.100.1 ping statistics --- 3 packets transmitted, 3 received, 0% packet loss, time 2050ms rtt min/avg/max/mdev = 0.297/0.334/0.407/0.051 ms
Step 5: Run the command system journal show | cat on DUT0 and check whether the output matches the following regular expressions:
ulogd\[.*\]:.*\[DESTROY\].*SRC=192.168.100.2Show output
Jun 03 11:44:28.308980 osdx systemd-journald[2151]: Runtime Journal (/run/log/journal/140771393e044d28bd27951346e92000) is 1.9M, max 13.8M, 11.9M free. Jun 03 11:44:28.309481 osdx systemd-journald[2151]: Received client request to rotate journal, rotating. Jun 03 11:44:28.309522 osdx systemd-journald[2151]: Vacuuming done, freed 0B of archived journals from /run/log/journal/140771393e044d28bd27951346e92000. Jun 03 11:44:28.318642 osdx OSDxCLI[119118]: User 'admin' executed a new command: 'system journal clear'. Jun 03 11:44:28.515681 osdx OSDxCLI[119118]: User 'admin' executed a new command: 'system coredump delete all'. Jun 03 11:44:28.721882 osdx OSDxCLI[119118]: User 'admin' entered the configuration menu. Jun 03 11:44:28.812180 osdx OSDxCLI[119118]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 192.168.100.1/24'. Jun 03 11:44:28.874208 osdx OSDxCLI[119118]: User 'admin' added a new cfg line: 'set system conntrack logging events destroy'. Jun 03 11:44:28.968198 osdx OSDxCLI[119118]: User 'admin' added a new cfg line: 'set system conntrack timeout icmp 1'. Jun 03 11:44:29.029662 osdx OSDxCLI[119118]: User 'admin' added a new cfg line: 'set service ssh'. Jun 03 11:44:29.161142 osdx OSDxCLI[119118]: User 'admin' added a new cfg line: 'show working'. Jun 03 11:44:29.220906 osdx ubnt-cfgd[196978]: inactive Jun 03 11:44:29.310732 osdx INFO[197000]: FRR daemons did not change Jun 03 11:44:29.349488 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Jun 03 11:44:29.406657 osdx WARNING[197076]: No supported link modes on interface eth0 Jun 03 11:44:29.408532 osdx modulelauncher[197076]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on Jun 03 11:44:29.408548 osdx modulelauncher[197076]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76. Jun 03 11:44:29.410065 osdx modulelauncher[197076]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Pause off Asym_Pause off -- Jun 03 11:44:29.410077 osdx modulelauncher[197076]: Command '/sbin/ethtool -s eth0 autoneg on advertise Pause off Asym_Pause off --' returned non-zero exit status 75. Jun 03 11:44:29.473868 osdx systemd[1]: Starting ulogd2.service - Netfilter Userspace Logging Daemon... Jun 03 11:44:29.474805 osdx systemd[1]: Started ulogd2.service - Netfilter Userspace Logging Daemon. Jun 03 11:44:29.474973 osdx ulogd[197096]: registering plugin `NFCT' Jun 03 11:44:29.475018 osdx ulogd[197096]: registering plugin `IP2STR' Jun 03 11:44:29.475059 osdx ulogd[197096]: registering plugin `PRINTFLOW' Jun 03 11:44:29.475105 osdx ulogd[197096]: registering plugin `SYSLOG' Jun 03 11:44:29.475109 osdx ulogd[197096]: building new pluginstance stack: 'ct1:NFCT,ip2str1:IP2STR,print1:PRINTFLOW,sys1:SYSLOG' Jun 03 11:44:29.475158 osdx ulogd[197096]: NFCT plugin working in event mode Jun 03 11:44:29.475168 osdx ulogd[197096]: Changing UID / GID Jun 03 11:44:29.475254 osdx ulogd[197096]: initialization finished, entering main loop Jun 03 11:44:29.533981 osdx systemd[1]: Starting ssh.service - OpenBSD Secure Shell server... Jun 03 11:44:29.547167 osdx sshd[197117]: Server listening on 0.0.0.0 port 22. Jun 03 11:44:29.547199 osdx sshd[197117]: Server listening on :: port 22. Jun 03 11:44:29.547350 osdx systemd[1]: Started ssh.service - OpenBSD Secure Shell server. Jun 03 11:44:29.732911 osdx cfgd[1899]: [119118]Completed change to active configuration Jun 03 11:44:29.733436 osdx OSDxCLI[119118]: User 'admin' committed the configuration. Jun 03 11:44:29.748877 osdx OSDxCLI[119118]: User 'admin' left the configuration menu. Jun 03 11:44:31.976080 osdx ulogd[197096]: [DESTROY] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 Jun 03 11:44:33.000097 osdx ulogd[197096]: [DESTROY] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84
Default logging
Description
Set a simple configuration, send a ping command from one device to other
and check that default fields appear when running system journal show.
Scenario
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 192.168.100.1/24 set system conntrack logging events all set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 2: Set the following configuration in DUT1 :
set interfaces ethernet eth0 address 192.168.100.2/24 set protocols static route 0.0.0.0/0 next-hop 192.168.100.1 set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 3: Ping the IP address 192.168.100.1 from DUT1:
admin@DUT1$ ping 192.168.100.1 count 1 size 56 timeout 1Show output
PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data. 64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.761 ms --- 192.168.100.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.761/0.761/0.761/0.000 ms
Step 4: Ping the IP address 192.168.100.1 from DUT1:
admin@DUT1$ ping 192.168.100.1 count 1 size 56 timeout 1Show output
PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data. 64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.529 ms --- 192.168.100.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.529/0.529/0.529/0.000 ms
Step 5: Run the command system journal show | cat on DUT0 and check whether the output matches the following regular expressions:
ulogd\[.*\]:.*\[((NEW)|(UPDATE)|(DESTROY))\].*SRC=192.168.100.2Show output
Jun 03 11:44:41.289665 osdx systemd-journald[2151]: Runtime Journal (/run/log/journal/140771393e044d28bd27951346e92000) is 2.0M, max 13.8M, 11.8M free. Jun 03 11:44:41.292007 osdx systemd-journald[2151]: Received client request to rotate journal, rotating. Jun 03 11:44:41.292100 osdx systemd-journald[2151]: Vacuuming done, freed 0B of archived journals from /run/log/journal/140771393e044d28bd27951346e92000. Jun 03 11:44:41.303096 osdx OSDxCLI[119118]: User 'admin' executed a new command: 'system journal clear'. Jun 03 11:44:41.534086 osdx OSDxCLI[119118]: User 'admin' executed a new command: 'system coredump delete all'. Jun 03 11:44:41.847094 osdx OSDxCLI[119118]: User 'admin' entered the configuration menu. Jun 03 11:44:41.962368 osdx OSDxCLI[119118]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 192.168.100.1/24'. Jun 03 11:44:42.029500 osdx OSDxCLI[119118]: User 'admin' added a new cfg line: 'set system conntrack logging events all'. Jun 03 11:44:42.141434 osdx OSDxCLI[119118]: User 'admin' added a new cfg line: 'show working'. Jun 03 11:44:42.239964 osdx ubnt-cfgd[197382]: inactive Jun 03 11:44:42.264655 osdx INFO[197389]: FRR daemons did not change Jun 03 11:44:42.300000 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Jun 03 11:44:42.346554 osdx WARNING[197463]: No supported link modes on interface eth0 Jun 03 11:44:42.347982 osdx modulelauncher[197463]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on Jun 03 11:44:42.347996 osdx modulelauncher[197463]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76. Jun 03 11:44:42.349143 osdx modulelauncher[197463]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Pause off Asym_Pause off -- Jun 03 11:44:42.349153 osdx modulelauncher[197463]: Command '/sbin/ethtool -s eth0 autoneg on advertise Pause off Asym_Pause off --' returned non-zero exit status 75. Jun 03 11:44:42.408296 osdx systemd[1]: Starting ulogd2.service - Netfilter Userspace Logging Daemon... Jun 03 11:44:42.409298 osdx systemd[1]: Started ulogd2.service - Netfilter Userspace Logging Daemon. Jun 03 11:44:42.409502 osdx ulogd[197483]: registering plugin `NFCT' Jun 03 11:44:42.409566 osdx ulogd[197483]: registering plugin `IP2STR' Jun 03 11:44:42.409625 osdx ulogd[197483]: registering plugin `PRINTFLOW' Jun 03 11:44:42.409681 osdx ulogd[197483]: registering plugin `SYSLOG' Jun 03 11:44:42.409685 osdx ulogd[197483]: building new pluginstance stack: 'ct1:NFCT,ip2str1:IP2STR,print1:PRINTFLOW,sys1:SYSLOG' Jun 03 11:44:42.409741 osdx ulogd[197483]: NFCT plugin working in event mode Jun 03 11:44:42.409751 osdx ulogd[197483]: Changing UID / GID Jun 03 11:44:42.409843 osdx ulogd[197483]: initialization finished, entering main loop Jun 03 11:44:42.602996 osdx cfgd[1899]: [119118]Completed change to active configuration Jun 03 11:44:42.603464 osdx OSDxCLI[119118]: User 'admin' committed the configuration. Jun 03 11:44:42.634450 osdx OSDxCLI[119118]: User 'admin' left the configuration menu. Jun 03 11:44:43.651254 osdx ulogd[197483]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 Jun 03 11:44:43.651279 osdx ulogd[197483]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 Jun 03 11:44:43.733784 osdx ulogd[197483]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 Jun 03 11:44:43.733808 osdx ulogd[197483]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0
Identity logging
Description
Set a simple configuration with identity OSDx_DUT0 for logs entries, send a ping command from one device to other
and check that the identity has changed when running system journal show.
Scenario
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 192.168.100.1/24 set system conntrack logging events all set system conntrack logging identity OSDx_DUT0 set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 2: Set the following configuration in DUT1 :
set interfaces ethernet eth0 address 192.168.100.2/24 set protocols static route 0.0.0.0/0 next-hop 192.168.100.1 set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 3: Ping the IP address 192.168.100.1 from DUT1:
admin@DUT1$ ping 192.168.100.1 count 1 size 56 timeout 1Show output
PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data. 64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.881 ms --- 192.168.100.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.881/0.881/0.881/0.000 ms
Step 4: Ping the IP address 192.168.100.1 from DUT1:
admin@DUT1$ ping 192.168.100.1 count 1 size 56 timeout 1Show output
PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data. 64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.713 ms --- 192.168.100.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.713/0.713/0.713/0.000 ms
Step 5: Run the command system journal show | cat on DUT0 and check whether the output matches the following regular expressions:
OSDx_DUT0\[.*\]:.*\[((NEW)|(UPDATE)|(DESTROY))\].*SRC=192.168.100.2Show output
Jun 03 11:44:49.312144 osdx systemd-journald[2151]: Runtime Journal (/run/log/journal/140771393e044d28bd27951346e92000) is 1.8M, max 13.8M, 11.9M free. Jun 03 11:44:49.313388 osdx systemd-journald[2151]: Received client request to rotate journal, rotating. Jun 03 11:44:49.313445 osdx systemd-journald[2151]: Vacuuming done, freed 0B of archived journals from /run/log/journal/140771393e044d28bd27951346e92000. Jun 03 11:44:49.321700 osdx OSDxCLI[119118]: User 'admin' executed a new command: 'system journal clear'. Jun 03 11:44:49.535820 osdx OSDxCLI[119118]: User 'admin' executed a new command: 'system coredump delete all'. Jun 03 11:44:49.750582 osdx OSDxCLI[119118]: User 'admin' entered the configuration menu. Jun 03 11:44:49.837130 osdx OSDxCLI[119118]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 192.168.100.1/24'. Jun 03 11:44:49.912494 osdx OSDxCLI[119118]: User 'admin' added a new cfg line: 'set system conntrack logging events all'. Jun 03 11:44:49.968179 osdx OSDxCLI[119118]: User 'admin' added a new cfg line: 'set system conntrack logging identity OSDx_DUT0'. Jun 03 11:44:50.068970 osdx OSDxCLI[119118]: User 'admin' added a new cfg line: 'show working'. Jun 03 11:44:50.127012 osdx ubnt-cfgd[197726]: inactive Jun 03 11:44:50.147809 osdx INFO[197733]: FRR daemons did not change Jun 03 11:44:50.185368 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Jun 03 11:44:50.236019 osdx WARNING[197807]: No supported link modes on interface eth0 Jun 03 11:44:50.237534 osdx modulelauncher[197807]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on Jun 03 11:44:50.237554 osdx modulelauncher[197807]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76. Jun 03 11:44:50.238700 osdx modulelauncher[197807]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Pause off Asym_Pause off -- Jun 03 11:44:50.238708 osdx modulelauncher[197807]: Command '/sbin/ethtool -s eth0 autoneg on advertise Pause off Asym_Pause off --' returned non-zero exit status 75. Jun 03 11:44:50.293706 osdx systemd[1]: Starting ulogd2.service - Netfilter Userspace Logging Daemon... Jun 03 11:44:50.294497 osdx systemd[1]: Started ulogd2.service - Netfilter Userspace Logging Daemon. Jun 03 11:44:50.294720 osdx ulogd[197827]: registering plugin `NFCT' Jun 03 11:44:50.294782 osdx ulogd[197827]: registering plugin `IP2STR' Jun 03 11:44:50.294823 osdx ulogd[197827]: registering plugin `PRINTFLOW' Jun 03 11:44:50.294870 osdx ulogd[197827]: registering plugin `SYSLOG' Jun 03 11:44:50.294874 osdx ulogd[197827]: building new pluginstance stack: 'ct1:NFCT,ip2str1:IP2STR,print1:PRINTFLOW,sys1:SYSLOG' Jun 03 11:44:50.294924 osdx ulogd[197827]: NFCT plugin working in event mode Jun 03 11:44:50.294934 osdx OSDx_DUT0[197827]: Changing UID / GID Jun 03 11:44:50.295015 osdx OSDx_DUT0[197827]: initialization finished, entering main loop Jun 03 11:44:50.464478 osdx cfgd[1899]: [119118]Completed change to active configuration Jun 03 11:44:50.464941 osdx OSDxCLI[119118]: User 'admin' committed the configuration. Jun 03 11:44:50.496389 osdx OSDxCLI[119118]: User 'admin' left the configuration menu. Jun 03 11:44:51.476376 osdx OSDx_DUT0[197827]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 Jun 03 11:44:51.476400 osdx OSDx_DUT0[197827]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 Jun 03 11:44:51.564818 osdx OSDx_DUT0[197827]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 Jun 03 11:44:51.564844 osdx OSDx_DUT0[197827]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0
Note
If the identity is not provided, “ulogd” will be used by default.
Step 6: Modify the following configuration lines in DUT0 :
delete system conntrack logging identity
Step 7: Ping the IP address 192.168.100.1 from DUT1:
admin@DUT1$ ping 192.168.100.1 count 1 size 56 timeout 1Show output
PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data. 64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.497 ms --- 192.168.100.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.497/0.497/0.497/0.000 ms
Step 8: Run the command system journal show | cat on DUT0 and check whether the output matches the following regular expressions:
ulogd\[.*\]:.*\[((NEW)|(UPDATE)|(DESTROY))\].*SRC=192.168.100.2Show output
Jun 03 11:44:49.312144 osdx systemd-journald[2151]: Runtime Journal (/run/log/journal/140771393e044d28bd27951346e92000) is 1.8M, max 13.8M, 11.9M free. Jun 03 11:44:49.313388 osdx systemd-journald[2151]: Received client request to rotate journal, rotating. Jun 03 11:44:49.313445 osdx systemd-journald[2151]: Vacuuming done, freed 0B of archived journals from /run/log/journal/140771393e044d28bd27951346e92000. Jun 03 11:44:49.321700 osdx OSDxCLI[119118]: User 'admin' executed a new command: 'system journal clear'. Jun 03 11:44:49.535820 osdx OSDxCLI[119118]: User 'admin' executed a new command: 'system coredump delete all'. Jun 03 11:44:49.750582 osdx OSDxCLI[119118]: User 'admin' entered the configuration menu. Jun 03 11:44:49.837130 osdx OSDxCLI[119118]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 192.168.100.1/24'. Jun 03 11:44:49.912494 osdx OSDxCLI[119118]: User 'admin' added a new cfg line: 'set system conntrack logging events all'. Jun 03 11:44:49.968179 osdx OSDxCLI[119118]: User 'admin' added a new cfg line: 'set system conntrack logging identity OSDx_DUT0'. Jun 03 11:44:50.068970 osdx OSDxCLI[119118]: User 'admin' added a new cfg line: 'show working'. Jun 03 11:44:50.127012 osdx ubnt-cfgd[197726]: inactive Jun 03 11:44:50.147809 osdx INFO[197733]: FRR daemons did not change Jun 03 11:44:50.185368 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Jun 03 11:44:50.236019 osdx WARNING[197807]: No supported link modes on interface eth0 Jun 03 11:44:50.237534 osdx modulelauncher[197807]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on Jun 03 11:44:50.237554 osdx modulelauncher[197807]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76. Jun 03 11:44:50.238700 osdx modulelauncher[197807]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Pause off Asym_Pause off -- Jun 03 11:44:50.238708 osdx modulelauncher[197807]: Command '/sbin/ethtool -s eth0 autoneg on advertise Pause off Asym_Pause off --' returned non-zero exit status 75. Jun 03 11:44:50.293706 osdx systemd[1]: Starting ulogd2.service - Netfilter Userspace Logging Daemon... Jun 03 11:44:50.294497 osdx systemd[1]: Started ulogd2.service - Netfilter Userspace Logging Daemon. Jun 03 11:44:50.294720 osdx ulogd[197827]: registering plugin `NFCT' Jun 03 11:44:50.294782 osdx ulogd[197827]: registering plugin `IP2STR' Jun 03 11:44:50.294823 osdx ulogd[197827]: registering plugin `PRINTFLOW' Jun 03 11:44:50.294870 osdx ulogd[197827]: registering plugin `SYSLOG' Jun 03 11:44:50.294874 osdx ulogd[197827]: building new pluginstance stack: 'ct1:NFCT,ip2str1:IP2STR,print1:PRINTFLOW,sys1:SYSLOG' Jun 03 11:44:50.294924 osdx ulogd[197827]: NFCT plugin working in event mode Jun 03 11:44:50.294934 osdx OSDx_DUT0[197827]: Changing UID / GID Jun 03 11:44:50.295015 osdx OSDx_DUT0[197827]: initialization finished, entering main loop Jun 03 11:44:50.464478 osdx cfgd[1899]: [119118]Completed change to active configuration Jun 03 11:44:50.464941 osdx OSDxCLI[119118]: User 'admin' committed the configuration. Jun 03 11:44:50.496389 osdx OSDxCLI[119118]: User 'admin' left the configuration menu. Jun 03 11:44:51.476376 osdx OSDx_DUT0[197827]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 Jun 03 11:44:51.476400 osdx OSDx_DUT0[197827]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 Jun 03 11:44:51.564818 osdx OSDx_DUT0[197827]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 Jun 03 11:44:51.564844 osdx OSDx_DUT0[197827]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 Jun 03 11:44:51.699676 osdx OSDxCLI[119118]: User 'admin' executed a new command: 'system journal show | cat'. Jun 03 11:44:51.899521 osdx OSDxCLI[119118]: User 'admin' entered the configuration menu. Jun 03 11:44:51.956023 osdx OSDxCLI[119118]: User 'admin' added a new cfg line: 'delete system conntrack logging identity'. Jun 03 11:44:52.052984 osdx OSDxCLI[119118]: User 'admin' added a new cfg line: 'show changes'. Jun 03 11:44:52.112458 osdx ubnt-cfgd[197878]: inactive Jun 03 11:44:52.134694 osdx INFO[197885]: FRR daemons did not change Jun 03 11:44:52.148437 osdx OSDx_DUT0[197827]: Terminal signal received, exiting Jun 03 11:44:52.148571 osdx systemd[1]: Stopping ulogd2.service - Netfilter Userspace Logging Daemon... Jun 03 11:44:52.148879 osdx systemd[1]: ulogd2.service: Deactivated successfully. Jun 03 11:44:52.149008 osdx systemd[1]: Stopped ulogd2.service - Netfilter Userspace Logging Daemon. Jun 03 11:44:52.181804 osdx systemd[1]: Starting ulogd2.service - Netfilter Userspace Logging Daemon... Jun 03 11:44:52.182946 osdx systemd[1]: Started ulogd2.service - Netfilter Userspace Logging Daemon. Jun 03 11:44:52.183103 osdx ulogd[197893]: registering plugin `NFCT' Jun 03 11:44:52.183153 osdx ulogd[197893]: registering plugin `IP2STR' Jun 03 11:44:52.183198 osdx ulogd[197893]: registering plugin `PRINTFLOW' Jun 03 11:44:52.183256 osdx ulogd[197893]: registering plugin `SYSLOG' Jun 03 11:44:52.183260 osdx ulogd[197893]: building new pluginstance stack: 'ct1:NFCT,ip2str1:IP2STR,print1:PRINTFLOW,sys1:SYSLOG' Jun 03 11:44:52.183317 osdx ulogd[197893]: NFCT plugin working in event mode Jun 03 11:44:52.183330 osdx ulogd[197893]: Changing UID / GID Jun 03 11:44:52.183434 osdx ulogd[197893]: initialization finished, entering main loop Jun 03 11:44:52.190715 osdx ulogd[197893]: [DESTROY] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 Jun 03 11:44:52.190732 osdx ulogd[197893]: [DESTROY] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 Jun 03 11:44:52.191016 osdx cfgd[1899]: [119118]Completed change to active configuration Jun 03 11:44:52.191438 osdx OSDxCLI[119118]: User 'admin' committed the configuration. Jun 03 11:44:52.206162 osdx OSDxCLI[119118]: User 'admin' left the configuration menu. Jun 03 11:44:52.365863 osdx ulogd[197893]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 Jun 03 11:44:52.365884 osdx ulogd[197893]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0
Policies logging
Description
Set a simple configuration with mark and label traffic policies,
send a ping command from one device to other
and check that default, mark and label fields appear when running system journal show.
Scenario
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 192.168.100.1/24 set interfaces ethernet eth0 traffic policy in POLICY set system conntrack logging events all set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0' set traffic label TEST set traffic policy POLICY rule 1 set connmark 33 set traffic policy POLICY rule 1 set label TEST
Step 2: Set the following configuration in DUT1 :
set interfaces ethernet eth0 address 192.168.100.2/24 set protocols static route 0.0.0.0/0 next-hop 192.168.100.1 set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 3: Ping the IP address 192.168.100.1 from DUT1:
admin@DUT1$ ping 192.168.100.1 count 1 size 56 timeout 1Show output
PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data. 64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.669 ms --- 192.168.100.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.669/0.669/0.669/0.000 ms
Step 4: Ping the IP address 192.168.100.1 from DUT1:
admin@DUT1$ ping 192.168.100.1 count 2 size 56 timeout 1Show output
PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data. 64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.521 ms 64 bytes from 192.168.100.1: icmp_seq=2 ttl=64 time=0.291 ms --- 192.168.100.1 ping statistics --- 2 packets transmitted, 2 received, 0% packet loss, time 1003ms rtt min/avg/max/mdev = 0.291/0.406/0.521/0.115 ms
Step 5: Run the command system journal show | cat on DUT0 and check whether the output matches the following regular expressions:
ulogd\[.*\]:.*\[((NEW)|(UPDATE)|(DESTROY))\].*MARK=33.*LABELS=TESTShow output
Jun 03 11:44:57.319726 osdx systemd-journald[2151]: Runtime Journal (/run/log/journal/140771393e044d28bd27951346e92000) is 1.8M, max 13.8M, 11.9M free. Jun 03 11:44:57.323393 osdx systemd-journald[2151]: Received client request to rotate journal, rotating. Jun 03 11:44:57.323459 osdx systemd-journald[2151]: Vacuuming done, freed 0B of archived journals from /run/log/journal/140771393e044d28bd27951346e92000. Jun 03 11:44:57.333269 osdx OSDxCLI[119118]: User 'admin' executed a new command: 'system journal clear'. Jun 03 11:44:57.670062 osdx OSDxCLI[119118]: User 'admin' executed a new command: 'system coredump delete all'. Jun 03 11:44:58.083291 osdx OSDxCLI[119118]: User 'admin' entered the configuration menu. Jun 03 11:44:58.227052 osdx OSDxCLI[119118]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 traffic policy in POLICY'. Jun 03 11:44:58.281764 osdx OSDxCLI[119118]: User 'admin' added a new cfg line: 'set traffic label TEST'. Jun 03 11:44:58.423159 osdx OSDxCLI[119118]: User 'admin' added a new cfg line: 'set traffic policy POLICY rule 1 set connmark 33'. Jun 03 11:44:58.490059 osdx OSDxCLI[119118]: User 'admin' added a new cfg line: 'set traffic policy POLICY rule 1 set label TEST'. Jun 03 11:44:58.589606 osdx OSDxCLI[119118]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 192.168.100.1/24'. Jun 03 11:44:58.690140 osdx OSDxCLI[119118]: User 'admin' added a new cfg line: 'set system conntrack logging events all'. Jun 03 11:44:58.786363 osdx OSDxCLI[119118]: User 'admin' added a new cfg line: 'show working'. Jun 03 11:44:58.897150 osdx ubnt-cfgd[198106]: inactive Jun 03 11:44:58.939252 osdx INFO[198123]: FRR daemons did not change Jun 03 11:44:58.971392 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Jun 03 11:44:59.023843 osdx WARNING[198197]: No supported link modes on interface eth0 Jun 03 11:44:59.025717 osdx modulelauncher[198197]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on Jun 03 11:44:59.025730 osdx modulelauncher[198197]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76. Jun 03 11:44:59.027177 osdx modulelauncher[198197]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Pause off Asym_Pause off -- Jun 03 11:44:59.027186 osdx modulelauncher[198197]: Command '/sbin/ethtool -s eth0 autoneg on advertise Pause off Asym_Pause off --' returned non-zero exit status 75. Jun 03 11:44:59.083726 osdx systemd[1]: Starting ulogd2.service - Netfilter Userspace Logging Daemon... Jun 03 11:44:59.084534 osdx systemd[1]: Started ulogd2.service - Netfilter Userspace Logging Daemon. Jun 03 11:44:59.084680 osdx ulogd[198217]: registering plugin `NFCT' Jun 03 11:44:59.084724 osdx ulogd[198217]: registering plugin `IP2STR' Jun 03 11:44:59.084766 osdx ulogd[198217]: registering plugin `PRINTFLOW' Jun 03 11:44:59.084806 osdx ulogd[198217]: registering plugin `SYSLOG' Jun 03 11:44:59.084809 osdx ulogd[198217]: building new pluginstance stack: 'ct1:NFCT,ip2str1:IP2STR,print1:PRINTFLOW,sys1:SYSLOG' Jun 03 11:44:59.084848 osdx ulogd[198217]: NFCT plugin working in event mode Jun 03 11:44:59.084857 osdx ulogd[198217]: Changing UID / GID Jun 03 11:44:59.084927 osdx ulogd[198217]: initialization finished, entering main loop Jun 03 11:44:59.096311 osdx ulogd[198217]: Terminal signal received, exiting Jun 03 11:44:59.096419 osdx systemd[1]: Stopping ulogd2.service - Netfilter Userspace Logging Daemon... Jun 03 11:44:59.096801 osdx systemd[1]: ulogd2.service: Deactivated successfully. Jun 03 11:44:59.096929 osdx systemd[1]: Stopped ulogd2.service - Netfilter Userspace Logging Daemon. Jun 03 11:44:59.098031 osdx systemd[1]: Starting ulogd2.service - Netfilter Userspace Logging Daemon... Jun 03 11:44:59.098840 osdx systemd[1]: Started ulogd2.service - Netfilter Userspace Logging Daemon. Jun 03 11:44:59.099062 osdx ulogd[198223]: registering plugin `NFCT' Jun 03 11:44:59.099110 osdx ulogd[198223]: registering plugin `IP2STR' Jun 03 11:44:59.099176 osdx ulogd[198223]: registering plugin `PRINTFLOW' Jun 03 11:44:59.099235 osdx ulogd[198223]: registering plugin `SYSLOG' Jun 03 11:44:59.099239 osdx ulogd[198223]: building new pluginstance stack: 'ct1:NFCT,ip2str1:IP2STR,print1:PRINTFLOW,sys1:SYSLOG' Jun 03 11:44:59.099288 osdx ulogd[198223]: NFCT plugin working in event mode Jun 03 11:44:59.099296 osdx ulogd[198223]: Changing UID / GID Jun 03 11:44:59.099390 osdx ulogd[198223]: initialization finished, entering main loop Jun 03 11:44:59.482391 osdx cfgd[1899]: [119118]Completed change to active configuration Jun 03 11:44:59.482938 osdx OSDxCLI[119118]: User 'admin' committed the configuration. Jun 03 11:44:59.524027 osdx OSDxCLI[119118]: User 'admin' left the configuration menu. Jun 03 11:45:00.838100 osdx ulogd[198223]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 MARK=33 LABELS=TEST Jun 03 11:45:00.838127 osdx ulogd[198223]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 MARK=33 Jun 03 11:45:00.919490 osdx ulogd[198223]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 MARK=33 LABELS=TEST Jun 03 11:45:00.919515 osdx ulogd[198223]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 MARK=33
VRF logging
Description
Set a simple configuration with a vrf,
send a ping command from one device to other
and check that default and vrf fields appear when running system journal show.
Scenario
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 192.168.100.1/24 set interfaces ethernet eth0 vrf RED set protocols vrf RED static route 0.0.0.0/0 next-hop 192.168.100.2 set system conntrack logging events all set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0' set system vrf RED
Step 2: Set the following configuration in DUT1 :
set interfaces ethernet eth0 address 192.168.100.2/24 set protocols static route 0.0.0.0/0 next-hop 192.168.100.1 set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 3: Ping the IP address 192.168.100.1 from DUT1:
admin@DUT1$ ping 192.168.100.1 count 1 size 56 timeout 1Show output
PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data. 64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.847 ms --- 192.168.100.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.847/0.847/0.847/0.000 ms
Step 4: Ping the IP address 192.168.100.1 from DUT1:
admin@DUT1$ ping 192.168.100.1 count 1 size 56 timeout 1Show output
PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data. 64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.599 ms --- 192.168.100.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.599/0.599/0.599/0.000 ms
Step 5: Run the command system journal show | cat on DUT0 and check whether the output matches the following regular expressions:
ulogd\[.*\]:.*\[((NEW)|(UPDATE)|(DESTROY))\].*VRF=REDShow output
Jun 03 11:45:08.308880 osdx systemd-journald[2151]: Runtime Journal (/run/log/journal/140771393e044d28bd27951346e92000) is 1.8M, max 13.8M, 11.9M free. Jun 03 11:45:08.309467 osdx systemd-journald[2151]: Received client request to rotate journal, rotating. Jun 03 11:45:08.309535 osdx systemd-journald[2151]: Vacuuming done, freed 0B of archived journals from /run/log/journal/140771393e044d28bd27951346e92000. Jun 03 11:45:08.321536 osdx OSDxCLI[119118]: User 'admin' executed a new command: 'system journal clear'. Jun 03 11:45:08.596527 osdx OSDxCLI[119118]: User 'admin' executed a new command: 'system coredump delete all'. Jun 03 11:45:08.924315 osdx OSDxCLI[119118]: User 'admin' entered the configuration menu. Jun 03 11:45:09.100801 osdx OSDxCLI[119118]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 vrf RED'. Jun 03 11:45:09.162794 osdx OSDxCLI[119118]: User 'admin' added a new cfg line: 'set protocols vrf RED static route 0.0.0.0/0 next-hop 192.168.100.2'. Jun 03 11:45:09.317093 osdx OSDxCLI[119118]: User 'admin' added a new cfg line: 'set system vrf RED'. Jun 03 11:45:09.435154 osdx OSDxCLI[119118]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 192.168.100.1/24'. Jun 03 11:45:09.550153 osdx OSDxCLI[119118]: User 'admin' added a new cfg line: 'set system conntrack logging events all'. Jun 03 11:45:09.678071 osdx OSDxCLI[119118]: User 'admin' added a new cfg line: 'show working'. Jun 03 11:45:09.784243 osdx ubnt-cfgd[198513]: inactive Jun 03 11:45:09.811490 osdx INFO[198520]: FRR daemons did not change Jun 03 11:45:09.823037 osdx (udev-worker)[198530]: RED: Could not disable auto negotiation, ignoring: Operation not supported Jun 03 11:45:09.823069 osdx (udev-worker)[198530]: Network interface NamePolicy= disabled on kernel command line. Jun 03 11:45:09.869457 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Jun 03 11:45:09.918638 osdx WARNING[198615]: No supported link modes on interface eth0 Jun 03 11:45:09.920048 osdx modulelauncher[198615]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on Jun 03 11:45:09.920062 osdx modulelauncher[198615]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76. Jun 03 11:45:09.921300 osdx modulelauncher[198615]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Pause off Asym_Pause off -- Jun 03 11:45:09.921309 osdx modulelauncher[198615]: Command '/sbin/ethtool -s eth0 autoneg on advertise Pause off Asym_Pause off --' returned non-zero exit status 75. Jun 03 11:45:09.933538 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Jun 03 11:45:10.025851 osdx systemd[1]: Starting ulogd2.service - Netfilter Userspace Logging Daemon... Jun 03 11:45:10.026461 osdx systemd[1]: Started ulogd2.service - Netfilter Userspace Logging Daemon. Jun 03 11:45:10.026690 osdx ulogd[198696]: registering plugin `NFCT' Jun 03 11:45:10.026743 osdx ulogd[198696]: registering plugin `IP2STR' Jun 03 11:45:10.026785 osdx ulogd[198696]: registering plugin `PRINTFLOW' Jun 03 11:45:10.026833 osdx ulogd[198696]: registering plugin `SYSLOG' Jun 03 11:45:10.026837 osdx ulogd[198696]: building new pluginstance stack: 'ct1:NFCT,ip2str1:IP2STR,print1:PRINTFLOW,sys1:SYSLOG' Jun 03 11:45:10.026893 osdx ulogd[198696]: NFCT plugin working in event mode Jun 03 11:45:10.026902 osdx ulogd[198696]: Changing UID / GID Jun 03 11:45:10.026991 osdx ulogd[198696]: initialization finished, entering main loop Jun 03 11:45:10.204858 osdx cfgd[1899]: [119118]Completed change to active configuration Jun 03 11:45:10.205390 osdx OSDxCLI[119118]: User 'admin' committed the configuration. Jun 03 11:45:10.232889 osdx OSDxCLI[119118]: User 'admin' left the configuration menu. Jun 03 11:45:11.215354 osdx ulogd[198696]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 VRF=RED PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 VRF=RED PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 Jun 03 11:45:11.215378 osdx ulogd[198696]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 VRF=RED PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 VRF=RED PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 Jun 03 11:45:11.302361 osdx ulogd[198696]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 VRF=RED PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 VRF=RED PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 Jun 03 11:45:11.302386 osdx ulogd[198696]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 VRF=RED PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 VRF=RED PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0
Not-Bypass logging
Description
Set a simple configuration with a firewall service,
send a ping command from one device to other
and check that default and bypass fields appear when running system journal show.
Scenario
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 10.215.168.64/24 set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 2: Ping the IP address 10.215.168.1 from DUT0:
admin@DUT0$ ping 10.215.168.1 count 1 size 56 timeout 1Show output
PING 10.215.168.1 (10.215.168.1) 56(84) bytes of data. 64 bytes from 10.215.168.1: icmp_seq=1 ttl=64 time=0.306 ms --- 10.215.168.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.306/0.306/0.306/0.000 ms
Step 3: Run the command file copy http://10.215.168.1/~robot/test-performance.rules running:// force on DUT0 and expect the following output:
Show output
% Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 100 266 100 266 0 0 15775 0 --:--:-- --:--:-- --:--:-- 16625
Step 4: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 10.215.168.64/24 set interfaces ethernet eth0 address 192.168.100.1/24 set interfaces ethernet eth0 traffic policy in POLICY set service firewall FW mode inline queue FW_Q set service firewall FW ruleset file 'running://test-performance.rules' set service firewall FW stream bypass mark 129834765 set service firewall FW stream bypass mask 129834765 set service firewall FW stream bypass set-connmark set system conntrack logging events all set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0' set traffic policy POLICY rule 1 action enqueue FW_Q set traffic queue FW_Q elements 1
Step 5: Set the following configuration in DUT1 :
set interfaces ethernet eth0 address 192.168.100.2/24 set protocols static route 0.0.0.0/0 next-hop 192.168.100.1 set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 6: Ping the IP address 192.168.100.1 from DUT1:
admin@DUT1$ ping 192.168.100.1 count 1 size 56 timeout 1Show output
PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data. 64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.782 ms --- 192.168.100.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.782/0.782/0.782/0.000 ms
Step 7: Ping the IP address 192.168.100.1 from DUT1:
admin@DUT1$ ping 192.168.100.1 count 1 size 56 timeout 1Show output
PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data. 64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.480 ms --- 192.168.100.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.480/0.480/0.480/0.000 ms
Step 8: Run the command system journal show | cat on DUT0 and check whether the output matches the following regular expressions:
ulogd\[.*\]:.*\[((NEW)|(UPDATE)|(DESTROY))\].*Sc: not-bypassShow output
Jun 03 11:45:17.359558 osdx systemd-journald[2151]: Runtime Journal (/run/log/journal/140771393e044d28bd27951346e92000) is 1.8M, max 13.8M, 11.9M free. Jun 03 11:45:17.361860 osdx systemd-journald[2151]: Received client request to rotate journal, rotating. Jun 03 11:45:17.361942 osdx systemd-journald[2151]: Vacuuming done, freed 0B of archived journals from /run/log/journal/140771393e044d28bd27951346e92000. Jun 03 11:45:17.371071 osdx OSDxCLI[119118]: User 'admin' executed a new command: 'system journal clear'. Jun 03 11:45:17.604417 osdx OSDxCLI[119118]: User 'admin' executed a new command: 'system coredump delete all'. Jun 03 11:45:17.814798 osdx OSDxCLI[119118]: User 'admin' entered the configuration menu. Jun 03 11:45:17.902781 osdx OSDxCLI[119118]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Jun 03 11:45:17.981167 osdx OSDxCLI[119118]: User 'admin' added a new cfg line: 'show working'. Jun 03 11:45:18.079858 osdx ubnt-cfgd[199023]: inactive Jun 03 11:45:18.099052 osdx INFO[199030]: FRR daemons did not change Jun 03 11:45:18.129854 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Jun 03 11:45:18.180359 osdx WARNING[199101]: No supported link modes on interface eth0 Jun 03 11:45:18.181784 osdx modulelauncher[199101]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on Jun 03 11:45:18.181796 osdx modulelauncher[199101]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76. Jun 03 11:45:18.183314 osdx modulelauncher[199101]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Pause off Asym_Pause off -- Jun 03 11:45:18.183322 osdx modulelauncher[199101]: Command '/sbin/ethtool -s eth0 autoneg on advertise Pause off Asym_Pause off --' returned non-zero exit status 75. Jun 03 11:45:18.365042 osdx cfgd[1899]: [119118]Completed change to active configuration Jun 03 11:45:18.365499 osdx OSDxCLI[119118]: User 'admin' committed the configuration. Jun 03 11:45:18.387453 osdx OSDxCLI[119118]: User 'admin' left the configuration menu. Jun 03 11:45:18.549289 osdx OSDxCLI[119118]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'. Jun 03 11:45:18.681511 osdx file_operation[199167]: using src url: http://10.215.168.1/~robot/test-performance.rules dst url: running:// Jun 03 11:45:18.719006 osdx OSDxCLI[119118]: User 'admin' executed a new command: 'file copy http://10.215.168.1/~robot/test-performance.rules running:// force'. Jun 03 11:45:18.873869 osdx OSDxCLI[119118]: User 'admin' entered the configuration menu. Jun 03 11:45:18.943571 osdx OSDxCLI[119118]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 traffic policy in POLICY'. Jun 03 11:45:19.050668 osdx OSDxCLI[119118]: User 'admin' added a new cfg line: 'set service firewall FW mode inline queue FW_Q'. Jun 03 11:45:19.115430 osdx OSDxCLI[119118]: User 'admin' added a new cfg line: 'set service firewall FW ruleset file running://test-performance.rules'. Jun 03 11:45:19.218843 osdx OSDxCLI[119118]: User 'admin' added a new cfg line: 'set service firewall FW stream bypass'. Jun 03 11:45:19.292745 osdx OSDxCLI[119118]: User 'admin' added a new cfg line: 'set service firewall FW stream bypass mark 129834765'. Jun 03 11:45:19.421628 osdx OSDxCLI[119118]: User 'admin' added a new cfg line: 'set service firewall FW stream bypass mask 129834765'. Jun 03 11:45:19.485371 osdx OSDxCLI[119118]: User 'admin' added a new cfg line: 'set service firewall FW stream bypass set-connmark'. Jun 03 11:45:19.591090 osdx OSDxCLI[119118]: User 'admin' added a new cfg line: 'set traffic queue FW_Q elements 1'. Jun 03 11:45:19.654904 osdx OSDxCLI[119118]: User 'admin' added a new cfg line: 'set traffic policy POLICY rule 1 action enqueue FW_Q'. Jun 03 11:45:19.779798 osdx OSDxCLI[119118]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 192.168.100.1/24'. Jun 03 11:45:19.836786 osdx OSDxCLI[119118]: User 'admin' added a new cfg line: 'set system conntrack logging events all'. Jun 03 11:45:19.951146 osdx OSDxCLI[119118]: User 'admin' added a new cfg line: 'show working'. Jun 03 11:45:20.016053 osdx ubnt-cfgd[199202]: inactive Jun 03 11:45:20.065288 osdx INFO[199222]: FRR daemons did not change Jun 03 11:45:20.146271 osdx systemd[1]: Starting ulogd2.service - Netfilter Userspace Logging Daemon... Jun 03 11:45:20.146993 osdx systemd[1]: Started ulogd2.service - Netfilter Userspace Logging Daemon. Jun 03 11:45:20.147215 osdx ulogd[199262]: registering plugin `NFCT' Jun 03 11:45:20.147265 osdx ulogd[199262]: registering plugin `IP2STR' Jun 03 11:45:20.147307 osdx ulogd[199262]: registering plugin `PRINTFLOW' Jun 03 11:45:20.147355 osdx ulogd[199262]: registering plugin `SYSLOG' Jun 03 11:45:20.147359 osdx ulogd[199262]: building new pluginstance stack: 'ct1:NFCT,ip2str1:IP2STR,print1:PRINTFLOW,sys1:SYSLOG' Jun 03 11:45:20.147411 osdx ulogd[199262]: NFCT plugin working in event mode Jun 03 11:45:20.147420 osdx ulogd[199262]: Changing UID / GID Jun 03 11:45:20.147505 osdx ulogd[199262]: initialization finished, entering main loop Jun 03 11:45:20.327467 osdx ulogd[199262]: Terminal signal received, exiting Jun 03 11:45:20.327570 osdx systemd[1]: Stopping ulogd2.service - Netfilter Userspace Logging Daemon... Jun 03 11:45:20.327935 osdx systemd[1]: ulogd2.service: Deactivated successfully. Jun 03 11:45:20.328041 osdx systemd[1]: Stopped ulogd2.service - Netfilter Userspace Logging Daemon. Jun 03 11:45:20.346222 osdx systemd[1]: Starting ulogd2.service - Netfilter Userspace Logging Daemon... Jun 03 11:45:20.347221 osdx systemd[1]: Started ulogd2.service - Netfilter Userspace Logging Daemon. Jun 03 11:45:20.347383 osdx ulogd[199290]: registering plugin `NFCT' Jun 03 11:45:20.347436 osdx ulogd[199290]: registering plugin `IP2STR' Jun 03 11:45:20.347476 osdx ulogd[199290]: registering plugin `PRINTFLOW' Jun 03 11:45:20.347522 osdx ulogd[199290]: registering plugin `SYSLOG' Jun 03 11:45:20.347526 osdx ulogd[199290]: building new pluginstance stack: 'ct1:NFCT,ip2str1:IP2STR,print1:PRINTFLOW,sys1:SYSLOG' Jun 03 11:45:20.347574 osdx ulogd[199290]: NFCT plugin working in event mode Jun 03 11:45:20.347583 osdx ulogd[199290]: Changing UID / GID Jun 03 11:45:20.347662 osdx ulogd[199290]: initialization finished, entering main loop Jun 03 11:45:20.388656 osdx systemd[1]: Reloading. Jun 03 11:45:20.441857 osdx systemd-sysv-generator[199311]: stat() failed on /etc/init.d/README, ignoring: No such file or directory Jun 03 11:45:20.602261 osdx systemd[1]: Starting logrotate.service - Rotate log files... Jun 03 11:45:20.606966 osdx systemd[1]: Created slice system-suricata.slice - Slice /system/suricata. Jun 03 11:45:20.607963 osdx systemd[1]: Starting suricata@FW.service - Suricata client "FW" service... Jun 03 11:45:20.641472 osdx systemd[1]: logrotate.service: Deactivated successfully. Jun 03 11:45:20.641627 osdx systemd[1]: Finished logrotate.service - Rotate log files. Jun 03 11:45:20.904807 osdx systemd[1]: Started suricata@FW.service - Suricata client "FW" service. Jun 03 11:45:20.931962 osdx INFO[199292]: Rules successfully loaded Jun 03 11:45:20.989966 osdx cfgd[1899]: [119118]Completed change to active configuration Jun 03 11:45:20.990534 osdx OSDxCLI[119118]: User 'admin' committed the configuration. Jun 03 11:45:21.014916 osdx OSDxCLI[119118]: User 'admin' left the configuration menu. Jun 03 11:45:22.171661 osdx ulogd[199290]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 (Sc: not-bypass) Jun 03 11:45:22.171684 osdx ulogd[199290]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 (Sc: not-bypass) Jun 03 11:45:22.298459 osdx ulogd[199290]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 (Sc: not-bypass) Jun 03 11:45:22.298484 osdx ulogd[199290]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 (Sc: not-bypass)
Offload flag
Description
Set a simple configuration with DUT0 as an intermediary between DUT1
and DUT2. Initiate a ssh connection from DUT1 to DUT2
and check that default and offload fields appear when running system journal show.
Scenario
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 192.168.100.1/24 set interfaces ethernet eth0 address 192.168.200.1/24 set system conntrack logging events all set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 2: Set the following configuration in DUT1 :
set interfaces ethernet eth0 address 192.168.100.2/24 set protocols static route 0.0.0.0/0 next-hop 192.168.100.1 set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 3: Set the following configuration in DUT2 :
set interfaces ethernet eth0 address 192.168.200.2/24 set protocols static route 0.0.0.0/0 next-hop 192.168.200.1 set service ssh set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 4: Ping the IP address 192.168.100.1 from DUT1:
admin@DUT1$ ping 192.168.100.1 count 1 size 56 timeout 1Show output
PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data. 64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.780 ms --- 192.168.100.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.780/0.780/0.780/0.000 ms
Step 5: Ping the IP address 192.168.200.1 from DUT2:
admin@DUT2$ ping 192.168.200.1 count 1 size 56 timeout 1Show output
PING 192.168.200.1 (192.168.200.1) 56(84) bytes of data. 64 bytes from 192.168.200.1: icmp_seq=1 ttl=64 time=0.577 ms --- 192.168.200.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.577/0.577/0.577/0.000 ms
Step 6: Initiate an SSH connection from DUT1 to IP address 192.168.200.2 using user admin:
admin@DUT1$ ssh admin@192.168.200.2 option StrictHostKeyChecking=no option UserKnownHostsFile=/dev/nullShow output
Warning: Permanently added '192.168.200.2' (ECDSA) to the list of known hosts. admin@192.168.200.2's password: Welcome to Teldat OSDx v4.2.10.1 This system includes free software. Contact Teldat for licenses information and source code. Last login: Wed Jun 3 11:37:31 2026 from 10.215.168.64 admin@osdx$
Step 7: Run the command system journal show | cat on DUT0 and check whether the output matches the following regular expressions:
ulogd\[.*\]:.*\[((NEW)|(UPDATE)|(DESTROY))\].*\[OFFLOAD\]Show output
Jun 03 11:45:30.318586 osdx systemd-journald[2151]: Runtime Journal (/run/log/journal/140771393e044d28bd27951346e92000) is 1.8M, max 13.8M, 11.9M free. Jun 03 11:45:30.319344 osdx systemd-journald[2151]: Received client request to rotate journal, rotating. Jun 03 11:45:30.319388 osdx systemd-journald[2151]: Vacuuming done, freed 0B of archived journals from /run/log/journal/140771393e044d28bd27951346e92000. Jun 03 11:45:30.331475 osdx OSDxCLI[119118]: User 'admin' executed a new command: 'system journal clear'. Jun 03 11:45:30.564278 osdx OSDxCLI[119118]: User 'admin' executed a new command: 'system coredump delete all'. Jun 03 11:45:30.824347 osdx OSDxCLI[119118]: User 'admin' entered the configuration menu. Jun 03 11:45:31.007894 osdx OSDxCLI[119118]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 192.168.200.1/24'. Jun 03 11:45:31.094786 osdx OSDxCLI[119118]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 192.168.100.1/24'. Jun 03 11:45:31.170012 osdx OSDxCLI[119118]: User 'admin' added a new cfg line: 'set system conntrack logging events all'. Jun 03 11:45:31.278833 osdx OSDxCLI[119118]: User 'admin' added a new cfg line: 'show working'. Jun 03 11:45:31.364447 osdx ubnt-cfgd[199618]: inactive Jun 03 11:45:31.391510 osdx INFO[199625]: FRR daemons did not change Jun 03 11:45:31.423250 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Jun 03 11:45:31.481574 osdx WARNING[199702]: No supported link modes on interface eth0 Jun 03 11:45:31.483312 osdx modulelauncher[199702]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on Jun 03 11:45:31.483325 osdx modulelauncher[199702]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76. Jun 03 11:45:31.484546 osdx modulelauncher[199702]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Pause off Asym_Pause off -- Jun 03 11:45:31.484553 osdx modulelauncher[199702]: Command '/sbin/ethtool -s eth0 autoneg on advertise Pause off Asym_Pause off --' returned non-zero exit status 75. Jun 03 11:45:31.527572 osdx systemd[1]: Starting ulogd2.service - Netfilter Userspace Logging Daemon... Jun 03 11:45:31.528481 osdx systemd[1]: Started ulogd2.service - Netfilter Userspace Logging Daemon. Jun 03 11:45:31.528668 osdx ulogd[199722]: registering plugin `NFCT' Jun 03 11:45:31.528713 osdx ulogd[199722]: registering plugin `IP2STR' Jun 03 11:45:31.528750 osdx ulogd[199722]: registering plugin `PRINTFLOW' Jun 03 11:45:31.528805 osdx ulogd[199722]: registering plugin `SYSLOG' Jun 03 11:45:31.528809 osdx ulogd[199722]: building new pluginstance stack: 'ct1:NFCT,ip2str1:IP2STR,print1:PRINTFLOW,sys1:SYSLOG' Jun 03 11:45:31.528857 osdx ulogd[199722]: NFCT plugin working in event mode Jun 03 11:45:31.528865 osdx ulogd[199722]: Changing UID / GID Jun 03 11:45:31.528937 osdx ulogd[199722]: initialization finished, entering main loop Jun 03 11:45:31.714989 osdx cfgd[1899]: [119118]Completed change to active configuration Jun 03 11:45:31.715711 osdx OSDxCLI[119118]: User 'admin' committed the configuration. Jun 03 11:45:31.736076 osdx OSDxCLI[119118]: User 'admin' left the configuration menu. Jun 03 11:45:34.218147 osdx ulogd[199722]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 Jun 03 11:45:34.218169 osdx ulogd[199722]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 Jun 03 11:45:34.343258 osdx ulogd[199722]: [NEW] ORIG: SRC=192.168.200.2 DST=192.168.200.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.200.1 DST=192.168.200.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 Jun 03 11:45:34.343275 osdx ulogd[199722]: [UPDATE] ORIG: SRC=192.168.200.2 DST=192.168.200.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.200.1 DST=192.168.200.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 Jun 03 11:45:34.436943 osdx ulogd[199722]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.200.2 PROTO=TCP SPT=55282 DPT=22 PKTS=0 BYTES=0 , REPLY: SRC=192.168.200.2 DST=192.168.100.2 PROTO=TCP SPT=22 DPT=55282 PKTS=0 BYTES=0 Jun 03 11:45:34.437108 osdx ulogd[199722]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.200.2 PROTO=TCP SPT=55282 DPT=22 PKTS=0 BYTES=0 , REPLY: SRC=192.168.200.2 DST=192.168.100.2 PROTO=TCP SPT=22 DPT=55282 PKTS=0 BYTES=0 Jun 03 11:45:34.437265 osdx ulogd[199722]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.200.2 PROTO=TCP SPT=55282 DPT=22 PKTS=0 BYTES=0 , REPLY: SRC=192.168.200.2 DST=192.168.100.2 PROTO=TCP SPT=22 DPT=55282 PKTS=0 BYTES=0 [OFFLOAD] Jun 03 11:45:34.792714 osdx ulogd[199722]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.200.2 PROTO=TCP SPT=55282 DPT=22 PKTS=0 BYTES=0 , REPLY: SRC=192.168.200.2 DST=192.168.100.2 PROTO=TCP SPT=22 DPT=55282 PKTS=0 BYTES=0 Jun 03 11:45:34.793039 osdx ulogd[199722]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.200.2 PROTO=TCP SPT=55282 DPT=22 PKTS=0 BYTES=0 , REPLY: SRC=192.168.200.2 DST=192.168.100.2 PROTO=TCP SPT=22 DPT=55282 PKTS=0 BYTES=0 Jun 03 11:45:34.794815 osdx ulogd[199722]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.200.2 PROTO=TCP SPT=55282 DPT=22 PKTS=0 BYTES=0 , REPLY: SRC=192.168.200.2 DST=192.168.100.2 PROTO=TCP SPT=22 DPT=55282 PKTS=0 BYTES=0 Jun 03 11:45:34.794957 osdx ulogd[199722]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.200.2 PROTO=TCP SPT=55282 DPT=22 PKTS=0 BYTES=0 , REPLY: SRC=192.168.200.2 DST=192.168.100.2 PROTO=TCP SPT=22 DPT=55282 PKTS=0 BYTES=0 [OFFLOAD]
App detect logging
Description
Set a simple configuration enabling app detection in system conntrack, send a ping command from DUT1
and check app detect field appears when running system journal show. After that, enabling app detection
in system conntrack for http host, try to copy index.html from a http server
and check that the app detect field appears and belongs to the http server when running system journal show.
Scenario
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 192.168.100.1/24 set system conntrack app-detect set system conntrack logging events all set system conntrack timeout icmp 1 set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 2: Set the following configuration in DUT1 :
set interfaces ethernet eth0 address 192.168.100.2/24 set protocols static route 0.0.0.0/0 next-hop 192.168.100.1 set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 3: Ping the IP address 192.168.100.1 from DUT1:
admin@DUT1$ ping 192.168.100.1 count 1 size 56 timeout 1Show output
PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data. 64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.906 ms --- 192.168.100.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.906/0.906/0.906/0.000 ms
Step 4: Ping the IP address 192.168.100.1 from DUT1:
admin@DUT1$ ping 192.168.100.1 count 3 size 56 timeout 1Show output
PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data. 64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.551 ms 64 bytes from 192.168.100.1: icmp_seq=2 ttl=64 time=0.325 ms 64 bytes from 192.168.100.1: icmp_seq=3 ttl=64 time=0.330 ms --- 192.168.100.1 ping statistics --- 3 packets transmitted, 3 received, 0% packet loss, time 2056ms rtt min/avg/max/mdev = 0.325/0.402/0.551/0.105 ms
Step 5: Run the command system journal show | cat on DUT0 and check whether the output matches the following regular expressions:
ulogd\[.*\]:.*\[NEW\].*APPDETECT\[L3:1\]Show output
Jun 03 11:45:40.297649 osdx systemd-journald[2151]: Runtime Journal (/run/log/journal/140771393e044d28bd27951346e92000) is 1.8M, max 13.8M, 11.9M free. Jun 03 11:45:40.299527 osdx systemd-journald[2151]: Received client request to rotate journal, rotating. Jun 03 11:45:40.299577 osdx systemd-journald[2151]: Vacuuming done, freed 0B of archived journals from /run/log/journal/140771393e044d28bd27951346e92000. Jun 03 11:45:40.309524 osdx OSDxCLI[119118]: User 'admin' executed a new command: 'system journal clear'. Jun 03 11:45:40.551737 osdx OSDxCLI[119118]: User 'admin' executed a new command: 'system coredump delete all'. Jun 03 11:45:40.806959 osdx OSDxCLI[119118]: User 'admin' entered the configuration menu. Jun 03 11:45:40.909113 osdx OSDxCLI[119118]: User 'admin' added a new cfg line: 'set system conntrack app-detect'. Jun 03 11:45:40.986062 osdx OSDxCLI[119118]: User 'admin' added a new cfg line: 'set system conntrack timeout icmp 1'. Jun 03 11:45:41.123491 osdx OSDxCLI[119118]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 192.168.100.1/24'. Jun 03 11:45:41.176596 osdx OSDxCLI[119118]: User 'admin' added a new cfg line: 'set system conntrack logging events all'. Jun 03 11:45:41.306157 osdx OSDxCLI[119118]: User 'admin' added a new cfg line: 'show working'. Jun 03 11:45:41.410078 osdx ubnt-cfgd[199966]: inactive Jun 03 11:45:41.430614 osdx INFO[199973]: FRR daemons did not change Jun 03 11:45:41.507524 osdx kernel: nfUDPlink: module init Jun 03 11:45:41.507570 osdx kernel: app-detect: module init Jun 03 11:45:41.507586 osdx kernel: app-detect: registered: sysctl net.appdetect Jun 03 11:45:41.507595 osdx kernel: nfUDPlink: connected 127.0.0.1:49000 Jun 03 11:45:41.507603 osdx kernel: nfUDPlink: added destination 127.0.0.1:49000 Jun 03 11:45:41.507613 osdx kernel: app-detect: registered: /proc/net/stat/appdetect Jun 03 11:45:41.507621 osdx kernel: app-detect: expression init Jun 03 11:45:41.507628 osdx kernel: app-detect: appid cache initialized (override=yes, chained=yes) Jun 03 11:45:41.507635 osdx kernel: app-detect: cache changes counter set appid_changes_count found (klen=4, dlen=4) Jun 03 11:45:41.515560 osdx modulelauncher[199976]: AppDetect: no appdetect_chain refresh needed, nothing more to do Jun 03 11:45:41.517992 osdx INFO[200001]: Stopping Traffic Categorization (TCATD) service ... Jun 03 11:45:41.567544 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Jun 03 11:45:41.614765 osdx WARNING[200078]: No supported link modes on interface eth0 Jun 03 11:45:41.616472 osdx modulelauncher[200078]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on Jun 03 11:45:41.616486 osdx modulelauncher[200078]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76. Jun 03 11:45:41.617908 osdx modulelauncher[200078]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Pause off Asym_Pause off -- Jun 03 11:45:41.617920 osdx modulelauncher[200078]: Command '/sbin/ethtool -s eth0 autoneg on advertise Pause off Asym_Pause off --' returned non-zero exit status 75. Jun 03 11:45:41.655953 osdx systemd[1]: Starting ulogd2.service - Netfilter Userspace Logging Daemon... Jun 03 11:45:41.656936 osdx systemd[1]: Started ulogd2.service - Netfilter Userspace Logging Daemon. Jun 03 11:45:41.657151 osdx ulogd[200098]: registering plugin `NFCT' Jun 03 11:45:41.657200 osdx ulogd[200098]: registering plugin `IP2STR' Jun 03 11:45:41.657243 osdx ulogd[200098]: registering plugin `PRINTFLOW' Jun 03 11:45:41.657300 osdx ulogd[200098]: registering plugin `SYSLOG' Jun 03 11:45:41.657304 osdx ulogd[200098]: building new pluginstance stack: 'ct1:NFCT,ip2str1:IP2STR,print1:PRINTFLOW,sys1:SYSLOG' Jun 03 11:45:41.657356 osdx ulogd[200098]: NFCT plugin working in event mode Jun 03 11:45:41.657365 osdx ulogd[200098]: Changing UID / GID Jun 03 11:45:41.657454 osdx ulogd[200098]: initialization finished, entering main loop Jun 03 11:45:41.883182 osdx cfgd[1899]: [119118]Completed change to active configuration Jun 03 11:45:41.883747 osdx OSDxCLI[119118]: User 'admin' committed the configuration. Jun 03 11:45:41.899421 osdx OSDxCLI[119118]: User 'admin' left the configuration menu. Jun 03 11:45:43.155812 osdx ulogd[200098]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Jun 03 11:45:43.155832 osdx ulogd[200098]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Jun 03 11:45:43.246511 osdx ulogd[200098]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Jun 03 11:45:43.246541 osdx ulogd[200098]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Jun 03 11:45:44.278106 osdx ulogd[200098]: [DESTROY] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 APPDETECT[L3:1] Jun 03 11:45:44.278126 osdx ulogd[200098]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Jun 03 11:45:44.278137 osdx ulogd[200098]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Jun 03 11:45:45.302122 osdx ulogd[200098]: [DESTROY] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 APPDETECT[L3:1] Jun 03 11:45:45.302148 osdx ulogd[200098]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Jun 03 11:45:45.302162 osdx ulogd[200098]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1]
Step 6: Run the command system journal show | cat on DUT0 and check whether the output matches the following regular expressions:
ulogd\[.*\]:.*\[UPDATE\].*APPDETECT\[L3:1\]Show output
Jun 03 11:45:40.297649 osdx systemd-journald[2151]: Runtime Journal (/run/log/journal/140771393e044d28bd27951346e92000) is 1.8M, max 13.8M, 11.9M free. Jun 03 11:45:40.299527 osdx systemd-journald[2151]: Received client request to rotate journal, rotating. Jun 03 11:45:40.299577 osdx systemd-journald[2151]: Vacuuming done, freed 0B of archived journals from /run/log/journal/140771393e044d28bd27951346e92000. Jun 03 11:45:40.309524 osdx OSDxCLI[119118]: User 'admin' executed a new command: 'system journal clear'. Jun 03 11:45:40.551737 osdx OSDxCLI[119118]: User 'admin' executed a new command: 'system coredump delete all'. Jun 03 11:45:40.806959 osdx OSDxCLI[119118]: User 'admin' entered the configuration menu. Jun 03 11:45:40.909113 osdx OSDxCLI[119118]: User 'admin' added a new cfg line: 'set system conntrack app-detect'. Jun 03 11:45:40.986062 osdx OSDxCLI[119118]: User 'admin' added a new cfg line: 'set system conntrack timeout icmp 1'. Jun 03 11:45:41.123491 osdx OSDxCLI[119118]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 192.168.100.1/24'. Jun 03 11:45:41.176596 osdx OSDxCLI[119118]: User 'admin' added a new cfg line: 'set system conntrack logging events all'. Jun 03 11:45:41.306157 osdx OSDxCLI[119118]: User 'admin' added a new cfg line: 'show working'. Jun 03 11:45:41.410078 osdx ubnt-cfgd[199966]: inactive Jun 03 11:45:41.430614 osdx INFO[199973]: FRR daemons did not change Jun 03 11:45:41.507524 osdx kernel: nfUDPlink: module init Jun 03 11:45:41.507570 osdx kernel: app-detect: module init Jun 03 11:45:41.507586 osdx kernel: app-detect: registered: sysctl net.appdetect Jun 03 11:45:41.507595 osdx kernel: nfUDPlink: connected 127.0.0.1:49000 Jun 03 11:45:41.507603 osdx kernel: nfUDPlink: added destination 127.0.0.1:49000 Jun 03 11:45:41.507613 osdx kernel: app-detect: registered: /proc/net/stat/appdetect Jun 03 11:45:41.507621 osdx kernel: app-detect: expression init Jun 03 11:45:41.507628 osdx kernel: app-detect: appid cache initialized (override=yes, chained=yes) Jun 03 11:45:41.507635 osdx kernel: app-detect: cache changes counter set appid_changes_count found (klen=4, dlen=4) Jun 03 11:45:41.515560 osdx modulelauncher[199976]: AppDetect: no appdetect_chain refresh needed, nothing more to do Jun 03 11:45:41.517992 osdx INFO[200001]: Stopping Traffic Categorization (TCATD) service ... Jun 03 11:45:41.567544 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Jun 03 11:45:41.614765 osdx WARNING[200078]: No supported link modes on interface eth0 Jun 03 11:45:41.616472 osdx modulelauncher[200078]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on Jun 03 11:45:41.616486 osdx modulelauncher[200078]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76. Jun 03 11:45:41.617908 osdx modulelauncher[200078]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Pause off Asym_Pause off -- Jun 03 11:45:41.617920 osdx modulelauncher[200078]: Command '/sbin/ethtool -s eth0 autoneg on advertise Pause off Asym_Pause off --' returned non-zero exit status 75. Jun 03 11:45:41.655953 osdx systemd[1]: Starting ulogd2.service - Netfilter Userspace Logging Daemon... Jun 03 11:45:41.656936 osdx systemd[1]: Started ulogd2.service - Netfilter Userspace Logging Daemon. Jun 03 11:45:41.657151 osdx ulogd[200098]: registering plugin `NFCT' Jun 03 11:45:41.657200 osdx ulogd[200098]: registering plugin `IP2STR' Jun 03 11:45:41.657243 osdx ulogd[200098]: registering plugin `PRINTFLOW' Jun 03 11:45:41.657300 osdx ulogd[200098]: registering plugin `SYSLOG' Jun 03 11:45:41.657304 osdx ulogd[200098]: building new pluginstance stack: 'ct1:NFCT,ip2str1:IP2STR,print1:PRINTFLOW,sys1:SYSLOG' Jun 03 11:45:41.657356 osdx ulogd[200098]: NFCT plugin working in event mode Jun 03 11:45:41.657365 osdx ulogd[200098]: Changing UID / GID Jun 03 11:45:41.657454 osdx ulogd[200098]: initialization finished, entering main loop Jun 03 11:45:41.883182 osdx cfgd[1899]: [119118]Completed change to active configuration Jun 03 11:45:41.883747 osdx OSDxCLI[119118]: User 'admin' committed the configuration. Jun 03 11:45:41.899421 osdx OSDxCLI[119118]: User 'admin' left the configuration menu. Jun 03 11:45:43.155812 osdx ulogd[200098]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Jun 03 11:45:43.155832 osdx ulogd[200098]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Jun 03 11:45:43.246511 osdx ulogd[200098]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Jun 03 11:45:43.246541 osdx ulogd[200098]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Jun 03 11:45:44.278106 osdx ulogd[200098]: [DESTROY] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 APPDETECT[L3:1] Jun 03 11:45:44.278126 osdx ulogd[200098]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Jun 03 11:45:44.278137 osdx ulogd[200098]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Jun 03 11:45:45.302122 osdx ulogd[200098]: [DESTROY] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 APPDETECT[L3:1] Jun 03 11:45:45.302148 osdx ulogd[200098]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Jun 03 11:45:45.302162 osdx ulogd[200098]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Jun 03 11:45:45.450996 osdx OSDxCLI[119118]: User 'admin' executed a new command: 'system journal show | cat'.
Step 7: Run the command system journal show | cat on DUT0 and check whether the output matches the following regular expressions:
ulogd\[.*\]:.*\[DESTROY\].*APPDETECT\[L3:1\]Show output
Jun 03 11:45:40.297649 osdx systemd-journald[2151]: Runtime Journal (/run/log/journal/140771393e044d28bd27951346e92000) is 1.8M, max 13.8M, 11.9M free. Jun 03 11:45:40.299527 osdx systemd-journald[2151]: Received client request to rotate journal, rotating. Jun 03 11:45:40.299577 osdx systemd-journald[2151]: Vacuuming done, freed 0B of archived journals from /run/log/journal/140771393e044d28bd27951346e92000. Jun 03 11:45:40.309524 osdx OSDxCLI[119118]: User 'admin' executed a new command: 'system journal clear'. Jun 03 11:45:40.551737 osdx OSDxCLI[119118]: User 'admin' executed a new command: 'system coredump delete all'. Jun 03 11:45:40.806959 osdx OSDxCLI[119118]: User 'admin' entered the configuration menu. Jun 03 11:45:40.909113 osdx OSDxCLI[119118]: User 'admin' added a new cfg line: 'set system conntrack app-detect'. Jun 03 11:45:40.986062 osdx OSDxCLI[119118]: User 'admin' added a new cfg line: 'set system conntrack timeout icmp 1'. Jun 03 11:45:41.123491 osdx OSDxCLI[119118]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 192.168.100.1/24'. Jun 03 11:45:41.176596 osdx OSDxCLI[119118]: User 'admin' added a new cfg line: 'set system conntrack logging events all'. Jun 03 11:45:41.306157 osdx OSDxCLI[119118]: User 'admin' added a new cfg line: 'show working'. Jun 03 11:45:41.410078 osdx ubnt-cfgd[199966]: inactive Jun 03 11:45:41.430614 osdx INFO[199973]: FRR daemons did not change Jun 03 11:45:41.507524 osdx kernel: nfUDPlink: module init Jun 03 11:45:41.507570 osdx kernel: app-detect: module init Jun 03 11:45:41.507586 osdx kernel: app-detect: registered: sysctl net.appdetect Jun 03 11:45:41.507595 osdx kernel: nfUDPlink: connected 127.0.0.1:49000 Jun 03 11:45:41.507603 osdx kernel: nfUDPlink: added destination 127.0.0.1:49000 Jun 03 11:45:41.507613 osdx kernel: app-detect: registered: /proc/net/stat/appdetect Jun 03 11:45:41.507621 osdx kernel: app-detect: expression init Jun 03 11:45:41.507628 osdx kernel: app-detect: appid cache initialized (override=yes, chained=yes) Jun 03 11:45:41.507635 osdx kernel: app-detect: cache changes counter set appid_changes_count found (klen=4, dlen=4) Jun 03 11:45:41.515560 osdx modulelauncher[199976]: AppDetect: no appdetect_chain refresh needed, nothing more to do Jun 03 11:45:41.517992 osdx INFO[200001]: Stopping Traffic Categorization (TCATD) service ... Jun 03 11:45:41.567544 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Jun 03 11:45:41.614765 osdx WARNING[200078]: No supported link modes on interface eth0 Jun 03 11:45:41.616472 osdx modulelauncher[200078]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on Jun 03 11:45:41.616486 osdx modulelauncher[200078]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76. Jun 03 11:45:41.617908 osdx modulelauncher[200078]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Pause off Asym_Pause off -- Jun 03 11:45:41.617920 osdx modulelauncher[200078]: Command '/sbin/ethtool -s eth0 autoneg on advertise Pause off Asym_Pause off --' returned non-zero exit status 75. Jun 03 11:45:41.655953 osdx systemd[1]: Starting ulogd2.service - Netfilter Userspace Logging Daemon... Jun 03 11:45:41.656936 osdx systemd[1]: Started ulogd2.service - Netfilter Userspace Logging Daemon. Jun 03 11:45:41.657151 osdx ulogd[200098]: registering plugin `NFCT' Jun 03 11:45:41.657200 osdx ulogd[200098]: registering plugin `IP2STR' Jun 03 11:45:41.657243 osdx ulogd[200098]: registering plugin `PRINTFLOW' Jun 03 11:45:41.657300 osdx ulogd[200098]: registering plugin `SYSLOG' Jun 03 11:45:41.657304 osdx ulogd[200098]: building new pluginstance stack: 'ct1:NFCT,ip2str1:IP2STR,print1:PRINTFLOW,sys1:SYSLOG' Jun 03 11:45:41.657356 osdx ulogd[200098]: NFCT plugin working in event mode Jun 03 11:45:41.657365 osdx ulogd[200098]: Changing UID / GID Jun 03 11:45:41.657454 osdx ulogd[200098]: initialization finished, entering main loop Jun 03 11:45:41.883182 osdx cfgd[1899]: [119118]Completed change to active configuration Jun 03 11:45:41.883747 osdx OSDxCLI[119118]: User 'admin' committed the configuration. Jun 03 11:45:41.899421 osdx OSDxCLI[119118]: User 'admin' left the configuration menu. Jun 03 11:45:43.155812 osdx ulogd[200098]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Jun 03 11:45:43.155832 osdx ulogd[200098]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Jun 03 11:45:43.246511 osdx ulogd[200098]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Jun 03 11:45:43.246541 osdx ulogd[200098]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Jun 03 11:45:44.278106 osdx ulogd[200098]: [DESTROY] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 APPDETECT[L3:1] Jun 03 11:45:44.278126 osdx ulogd[200098]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Jun 03 11:45:44.278137 osdx ulogd[200098]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Jun 03 11:45:45.302122 osdx ulogd[200098]: [DESTROY] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 APPDETECT[L3:1] Jun 03 11:45:45.302148 osdx ulogd[200098]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Jun 03 11:45:45.302162 osdx ulogd[200098]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Jun 03 11:45:45.450996 osdx OSDxCLI[119118]: User 'admin' executed a new command: 'system journal show | cat'. Jun 03 11:45:45.591247 osdx OSDxCLI[119118]: User 'admin' executed a new command: 'system journal show | cat'.
Step 8: Modify the following configuration lines in DUT0 :
set interfaces ethernet eth0 address 10.215.168.64/24 set system conntrack app-detect http-host
Step 9: Ping the IP address 10.215.168.1 from DUT0:
admin@DUT0$ ping 10.215.168.1 count 1 size 56 timeout 1Show output
PING 10.215.168.1 (10.215.168.1) 56(84) bytes of data. 64 bytes from 10.215.168.1: icmp_seq=1 ttl=64 time=11.5 ms --- 10.215.168.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 11.534/11.534/11.534/0.000 ms
Step 10: Run the command file copy http://10.215.168.1/~robot/ running://index.html force on DUT0 and expect the following output:
Show output
% Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 100 1095 0 1095 0 0 652k 0 --:--:-- --:--:-- --:--:-- 1069k
Step 11: Run the command system journal show | cat on DUT0 and check whether the output matches the following regular expressions:
ulogd\[.*\]:.*\[((NEW)|(UPDATE)|(DESTROY))\].*APPDETECT\[L4:80 http-host:10.215.168.1\]Show output
Jun 03 11:45:40.297649 osdx systemd-journald[2151]: Runtime Journal (/run/log/journal/140771393e044d28bd27951346e92000) is 1.8M, max 13.8M, 11.9M free. Jun 03 11:45:40.299527 osdx systemd-journald[2151]: Received client request to rotate journal, rotating. Jun 03 11:45:40.299577 osdx systemd-journald[2151]: Vacuuming done, freed 0B of archived journals from /run/log/journal/140771393e044d28bd27951346e92000. Jun 03 11:45:40.309524 osdx OSDxCLI[119118]: User 'admin' executed a new command: 'system journal clear'. Jun 03 11:45:40.551737 osdx OSDxCLI[119118]: User 'admin' executed a new command: 'system coredump delete all'. Jun 03 11:45:40.806959 osdx OSDxCLI[119118]: User 'admin' entered the configuration menu. Jun 03 11:45:40.909113 osdx OSDxCLI[119118]: User 'admin' added a new cfg line: 'set system conntrack app-detect'. Jun 03 11:45:40.986062 osdx OSDxCLI[119118]: User 'admin' added a new cfg line: 'set system conntrack timeout icmp 1'. Jun 03 11:45:41.123491 osdx OSDxCLI[119118]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 192.168.100.1/24'. Jun 03 11:45:41.176596 osdx OSDxCLI[119118]: User 'admin' added a new cfg line: 'set system conntrack logging events all'. Jun 03 11:45:41.306157 osdx OSDxCLI[119118]: User 'admin' added a new cfg line: 'show working'. Jun 03 11:45:41.410078 osdx ubnt-cfgd[199966]: inactive Jun 03 11:45:41.430614 osdx INFO[199973]: FRR daemons did not change Jun 03 11:45:41.507524 osdx kernel: nfUDPlink: module init Jun 03 11:45:41.507570 osdx kernel: app-detect: module init Jun 03 11:45:41.507586 osdx kernel: app-detect: registered: sysctl net.appdetect Jun 03 11:45:41.507595 osdx kernel: nfUDPlink: connected 127.0.0.1:49000 Jun 03 11:45:41.507603 osdx kernel: nfUDPlink: added destination 127.0.0.1:49000 Jun 03 11:45:41.507613 osdx kernel: app-detect: registered: /proc/net/stat/appdetect Jun 03 11:45:41.507621 osdx kernel: app-detect: expression init Jun 03 11:45:41.507628 osdx kernel: app-detect: appid cache initialized (override=yes, chained=yes) Jun 03 11:45:41.507635 osdx kernel: app-detect: cache changes counter set appid_changes_count found (klen=4, dlen=4) Jun 03 11:45:41.515560 osdx modulelauncher[199976]: AppDetect: no appdetect_chain refresh needed, nothing more to do Jun 03 11:45:41.517992 osdx INFO[200001]: Stopping Traffic Categorization (TCATD) service ... Jun 03 11:45:41.567544 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Jun 03 11:45:41.614765 osdx WARNING[200078]: No supported link modes on interface eth0 Jun 03 11:45:41.616472 osdx modulelauncher[200078]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on Jun 03 11:45:41.616486 osdx modulelauncher[200078]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76. Jun 03 11:45:41.617908 osdx modulelauncher[200078]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Pause off Asym_Pause off -- Jun 03 11:45:41.617920 osdx modulelauncher[200078]: Command '/sbin/ethtool -s eth0 autoneg on advertise Pause off Asym_Pause off --' returned non-zero exit status 75. Jun 03 11:45:41.655953 osdx systemd[1]: Starting ulogd2.service - Netfilter Userspace Logging Daemon... Jun 03 11:45:41.656936 osdx systemd[1]: Started ulogd2.service - Netfilter Userspace Logging Daemon. Jun 03 11:45:41.657151 osdx ulogd[200098]: registering plugin `NFCT' Jun 03 11:45:41.657200 osdx ulogd[200098]: registering plugin `IP2STR' Jun 03 11:45:41.657243 osdx ulogd[200098]: registering plugin `PRINTFLOW' Jun 03 11:45:41.657300 osdx ulogd[200098]: registering plugin `SYSLOG' Jun 03 11:45:41.657304 osdx ulogd[200098]: building new pluginstance stack: 'ct1:NFCT,ip2str1:IP2STR,print1:PRINTFLOW,sys1:SYSLOG' Jun 03 11:45:41.657356 osdx ulogd[200098]: NFCT plugin working in event mode Jun 03 11:45:41.657365 osdx ulogd[200098]: Changing UID / GID Jun 03 11:45:41.657454 osdx ulogd[200098]: initialization finished, entering main loop Jun 03 11:45:41.883182 osdx cfgd[1899]: [119118]Completed change to active configuration Jun 03 11:45:41.883747 osdx OSDxCLI[119118]: User 'admin' committed the configuration. Jun 03 11:45:41.899421 osdx OSDxCLI[119118]: User 'admin' left the configuration menu. Jun 03 11:45:43.155812 osdx ulogd[200098]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Jun 03 11:45:43.155832 osdx ulogd[200098]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Jun 03 11:45:43.246511 osdx ulogd[200098]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Jun 03 11:45:43.246541 osdx ulogd[200098]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Jun 03 11:45:44.278106 osdx ulogd[200098]: [DESTROY] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 APPDETECT[L3:1] Jun 03 11:45:44.278126 osdx ulogd[200098]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Jun 03 11:45:44.278137 osdx ulogd[200098]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Jun 03 11:45:45.302122 osdx ulogd[200098]: [DESTROY] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 APPDETECT[L3:1] Jun 03 11:45:45.302148 osdx ulogd[200098]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Jun 03 11:45:45.302162 osdx ulogd[200098]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Jun 03 11:45:45.450996 osdx OSDxCLI[119118]: User 'admin' executed a new command: 'system journal show | cat'. Jun 03 11:45:45.591247 osdx OSDxCLI[119118]: User 'admin' executed a new command: 'system journal show | cat'. Jun 03 11:45:45.723908 osdx OSDxCLI[119118]: User 'admin' executed a new command: 'system journal show | cat'. Jun 03 11:45:45.900692 osdx OSDxCLI[119118]: User 'admin' entered the configuration menu. Jun 03 11:45:45.986798 osdx OSDxCLI[119118]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Jun 03 11:45:46.101604 osdx OSDxCLI[119118]: User 'admin' added a new cfg line: 'set system conntrack app-detect http-host'. Jun 03 11:45:46.191736 osdx OSDxCLI[119118]: User 'admin' added a new cfg line: 'show changes'. Jun 03 11:45:46.292503 osdx ubnt-cfgd[200165]: inactive Jun 03 11:45:46.316649 osdx INFO[200172]: FRR daemons did not change Jun 03 11:45:46.351535 osdx kernel: app-detect: expression destroy Jun 03 11:45:46.363546 osdx kernel: app-detect: expression init Jun 03 11:45:46.363595 osdx kernel: app-detect: appid cache initialized (override=yes, chained=yes) Jun 03 11:45:46.363612 osdx kernel: app-detect: cache changes counter set appid_changes_count found (klen=4, dlen=4) Jun 03 11:45:46.368640 osdx modulelauncher[200175]: AppDetect: no appdetect_chain refresh needed, nothing more to do Jun 03 11:45:46.371169 osdx INFO[200191]: Stopping Traffic Categorization (TCATD) service ... Jun 03 11:45:46.469841 osdx ulogd[200098]: [DESTROY] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 APPDETECT[L3:1] Jun 03 11:45:46.469886 osdx ulogd[200098]: [DESTROY] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 APPDETECT[L3:1] Jun 03 11:45:46.470299 osdx cfgd[1899]: [119118]Completed change to active configuration Jun 03 11:45:46.470893 osdx OSDxCLI[119118]: User 'admin' committed the configuration. Jun 03 11:45:46.502678 osdx OSDxCLI[119118]: User 'admin' left the configuration menu. Jun 03 11:45:46.675571 osdx ulogd[200098]: [NEW] ORIG: SRC=10.215.168.64 DST=10.215.168.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=10.215.168.1 DST=10.215.168.64 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Jun 03 11:45:46.675800 osdx ulogd[200098]: [UPDATE] ORIG: SRC=10.215.168.64 DST=10.215.168.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=10.215.168.1 DST=10.215.168.64 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Jun 03 11:45:46.689789 osdx OSDxCLI[119118]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'. Jun 03 11:45:46.848156 osdx file_operation[200253]: using src url: http://10.215.168.1/~robot/ dst url: running://index.html Jun 03 11:45:46.849838 osdx ulogd[200098]: [NEW] ORIG: SRC=10.215.168.64 DST=10.215.168.1 PROTO=TCP SPT=38808 DPT=80 PKTS=0 BYTES=0 , REPLY: SRC=10.215.168.1 DST=10.215.168.64 PROTO=TCP SPT=80 DPT=38808 PKTS=0 BYTES=0 APPDETECT[L4:80] Jun 03 11:45:46.849988 osdx ulogd[200098]: [UPDATE] ORIG: SRC=10.215.168.64 DST=10.215.168.1 PROTO=TCP SPT=38808 DPT=80 PKTS=0 BYTES=0 , REPLY: SRC=10.215.168.1 DST=10.215.168.64 PROTO=TCP SPT=80 DPT=38808 PKTS=0 BYTES=0 APPDETECT[L4:80] Jun 03 11:45:46.850004 osdx ulogd[200098]: [UPDATE] ORIG: SRC=10.215.168.64 DST=10.215.168.1 PROTO=TCP SPT=38808 DPT=80 PKTS=0 BYTES=0 , REPLY: SRC=10.215.168.1 DST=10.215.168.64 PROTO=TCP SPT=80 DPT=38808 PKTS=0 BYTES=0 APPDETECT[L4:80] Jun 03 11:45:46.851365 osdx ulogd[200098]: [UPDATE] ORIG: SRC=10.215.168.64 DST=10.215.168.1 PROTO=TCP SPT=38808 DPT=80 PKTS=0 BYTES=0 , REPLY: SRC=10.215.168.1 DST=10.215.168.64 PROTO=TCP SPT=80 DPT=38808 PKTS=0 BYTES=0 APPDETECT[L4:80 http-host:10.215.168.1] Jun 03 11:45:46.851464 osdx ulogd[200098]: [UPDATE] ORIG: SRC=10.215.168.64 DST=10.215.168.1 PROTO=TCP SPT=38808 DPT=80 PKTS=0 BYTES=0 , REPLY: SRC=10.215.168.1 DST=10.215.168.64 PROTO=TCP SPT=80 DPT=38808 PKTS=0 BYTES=0 APPDETECT[L4:80 http-host:10.215.168.1] Jun 03 11:45:46.851480 osdx ulogd[200098]: [UPDATE] ORIG: SRC=10.215.168.64 DST=10.215.168.1 PROTO=TCP SPT=38808 DPT=80 PKTS=0 BYTES=0 , REPLY: SRC=10.215.168.1 DST=10.215.168.64 PROTO=TCP SPT=80 DPT=38808 PKTS=0 BYTES=0 APPDETECT[L4:80 http-host:10.215.168.1] Jun 03 11:45:46.869732 osdx OSDxCLI[119118]: User 'admin' executed a new command: 'file copy http://10.215.168.1/~robot/ running://index.html force'.
App Detect Drop Packet
Description
Set a traffic policy with action drop for all the packets matching an appid specified by a traffic selector.
Enable http-host and http-url option in system conntrack appdetect path in order to see relevant information about http packets.
Finnally, log that packets with app-id option and check that appdetect field appear in journal when
running system journal show
Scenario
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 10.215.168.64/24 set interfaces ethernet eth0 traffic policy out DROP set system conntrack app-detect dictionary 130 local app-id custom 155 fqdn 10.215.168.1 set system conntrack app-detect enable_dict_match_priv_ip set system conntrack app-detect http-host set system conntrack app-detect http-url set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0' set traffic policy DROP rule 1 action drop set traffic policy DROP rule 1 log app-id set traffic policy DROP rule 1 selector APPID set traffic selector APPID rule 1 app-detect app-id custom 155
Step 2: Ping the IP address 10.215.168.1 from DUT0:
admin@DUT0$ ping 10.215.168.1 count 1 size 56 timeout 1Show output
PING 10.215.168.1 (10.215.168.1) 56(84) bytes of data. 64 bytes from 10.215.168.1: icmp_seq=1 ttl=64 time=0.269 ms --- 10.215.168.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.269/0.269/0.269/0.000 ms
Step 3: Run the command system journal show | cat on DUT0 and check whether the output matches the following regular expressions:
osdx kernel:.*APPDETECT\[U6:155 http-url:/~robot/ http-host:10.215.168.1\]Show output
Jun 03 11:45:53.324822 osdx systemd-journald[2151]: Runtime Journal (/run/log/journal/140771393e044d28bd27951346e92000) is 1.8M, max 13.8M, 11.9M free. Jun 03 11:45:53.325677 osdx systemd-journald[2151]: Received client request to rotate journal, rotating. Jun 03 11:45:53.325741 osdx systemd-journald[2151]: Vacuuming done, freed 0B of archived journals from /run/log/journal/140771393e044d28bd27951346e92000. Jun 03 11:45:53.336450 osdx OSDxCLI[119118]: User 'admin' executed a new command: 'system journal clear'. Jun 03 11:45:53.591598 osdx OSDxCLI[119118]: User 'admin' executed a new command: 'system coredump delete all'. Jun 03 11:45:53.907068 osdx OSDxCLI[119118]: User 'admin' entered the configuration menu. Jun 03 11:45:53.991147 osdx OSDxCLI[119118]: User 'admin' added a new cfg line: 'set system conntrack app-detect dictionary 130 custom app-id 155 fqdn 10.215.168.1'. Jun 03 11:45:54.093647 osdx OSDxCLI[119118]: User 'admin' added a new cfg line: 'set system conntrack app-detect enable_dict_match_priv_ip'. Jun 03 11:45:54.161902 osdx OSDxCLI[119118]: User 'admin' added a new cfg line: 'set system conntrack app-detect http-url'. Jun 03 11:45:54.264455 osdx OSDxCLI[119118]: User 'admin' added a new cfg line: 'set traffic selector APPID rule 1 app-detect app-id custom 155'. Jun 03 11:45:54.325143 osdx OSDxCLI[119118]: User 'admin' added a new cfg line: 'set traffic policy DROP rule 1 selector APPID'. Jun 03 11:45:54.407169 osdx OSDxCLI[119118]: User 'admin' added a new cfg line: 'set traffic policy DROP rule 1 action drop'. Jun 03 11:45:54.461299 osdx OSDxCLI[119118]: User 'admin' added a new cfg line: 'set traffic policy DROP rule 1 log app-id'. Jun 03 11:45:54.643607 osdx OSDxCLI[119118]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 traffic policy out DROP'. Jun 03 11:45:54.695418 osdx OSDxCLI[119118]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Jun 03 11:45:54.818766 osdx OSDxCLI[119118]: User 'admin' added a new cfg line: 'set system conntrack app-detect http-host'. Jun 03 11:45:54.915501 osdx OSDxCLI[119118]: User 'admin' added a new cfg line: 'show working'. Jun 03 11:45:55.018255 osdx ubnt-cfgd[200493]: inactive Jun 03 11:45:55.066525 osdx INFO[200520]: FRR daemons did not change Jun 03 11:45:55.153704 osdx kernel: nfUDPlink: module init Jun 03 11:45:55.153756 osdx kernel: app-detect: module init Jun 03 11:45:55.153766 osdx kernel: app-detect: registered: sysctl net.appdetect Jun 03 11:45:55.153774 osdx kernel: nfUDPlink: connected 127.0.0.1:49000 Jun 03 11:45:55.153781 osdx kernel: nfUDPlink: added destination 127.0.0.1:49000 Jun 03 11:45:55.153789 osdx kernel: app-detect: registered: /proc/net/stat/appdetect Jun 03 11:45:55.153796 osdx kernel: app-detect: expression init Jun 03 11:45:55.153808 osdx kernel: app-detect: appid cache initialized (override=yes, chained=yes) Jun 03 11:45:55.153816 osdx kernel: app-detect: cache changes counter set appid_changes_count found (klen=4, dlen=4) Jun 03 11:45:55.179723 osdx INFO[200555]: Updated /etc/default/osdx_tcatd.conf Jun 03 11:45:55.179761 osdx INFO[200555]: Restarting Traffic Categorization (TCATD) service ... Jun 03 11:45:55.206066 osdx systemd[1]: Starting osdx-tcatd.service - App-Detect Traffic Categorization daemon... Jun 03 11:45:55.212565 osdx systemd[1]: Started osdx-tcatd.service - App-Detect Traffic Categorization daemon. Jun 03 11:45:55.245678 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Jun 03 11:45:55.295449 osdx WARNING[200631]: No supported link modes on interface eth0 Jun 03 11:45:55.296891 osdx modulelauncher[200631]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on Jun 03 11:45:55.296903 osdx modulelauncher[200631]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76. Jun 03 11:45:55.298176 osdx modulelauncher[200631]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Pause off Asym_Pause off -- Jun 03 11:45:55.298186 osdx modulelauncher[200631]: Command '/sbin/ethtool -s eth0 autoneg on advertise Pause off Asym_Pause off --' returned non-zero exit status 75. Jun 03 11:45:55.664654 osdx cfgd[1899]: [119118]Completed change to active configuration Jun 03 11:45:55.665130 osdx OSDxCLI[119118]: User 'admin' committed the configuration. Jun 03 11:45:55.690168 osdx OSDxCLI[119118]: User 'admin' left the configuration menu. Jun 03 11:45:55.835456 osdx OSDxCLI[119118]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'. Jun 03 11:45:55.966171 osdx file_operation[200720]: using src url: http://10.215.168.1/~robot/ dst url: running://index.html Jun 03 11:45:55.969672 osdx kernel: [DROP-1] DROP IN= OUT=eth0 SRC=10.215.168.64 DST=10.215.168.1 LEN=306 TOS=0x00 PREC=0x00 TTL=64 ID=64707 DF PROTO=TCP SPT=33616 DPT=80 WINDOW=502 RES=0x00 ACK PSH URGP=0 APPDETECT[U6:155 http-url:/~robot/ http-host:10.215.168.1] Jun 03 11:45:56.173677 osdx kernel: [DROP-1] DROP IN= OUT=eth0 SRC=10.215.168.64 DST=10.215.168.1 LEN=306 TOS=0x00 PREC=0x00 TTL=64 ID=64708 DF PROTO=TCP SPT=33616 DPT=80 WINDOW=502 RES=0x00 ACK PSH URGP=0 APPDETECT[U6:155 http-url:/~robot/ http-host:10.215.168.1] Jun 03 11:45:56.597730 osdx kernel: [DROP-1] DROP IN= OUT=eth0 SRC=10.215.168.64 DST=10.215.168.1 LEN=306 TOS=0x00 PREC=0x00 TTL=64 ID=64709 DF PROTO=TCP SPT=33616 DPT=80 WINDOW=502 RES=0x00 ACK PSH URGP=0 APPDETECT[U6:155 http-url:/~robot/ http-host:10.215.168.1] Jun 03 11:45:57.433682 osdx kernel: [DROP-1] DROP IN= OUT=eth0 SRC=10.215.168.64 DST=10.215.168.1 LEN=306 TOS=0x00 PREC=0x00 TTL=64 ID=64710 DF PROTO=TCP SPT=33616 DPT=80 WINDOW=502 RES=0x00 ACK PSH URGP=0 APPDETECT[U6:155 http-url:/~robot/ http-host:10.215.168.1] Jun 03 11:45:58.972100 osdx file_operation.py[200720]: Operation aborted by user. Jun 03 11:45:58.989202 osdx kernel: [DROP-1] DROP IN= OUT=eth0 SRC=10.215.168.64 DST=10.215.168.1 LEN=306 TOS=0x00 PREC=0x00 TTL=64 ID=64711 DF PROTO=TCP SPT=33616 DPT=80 WINDOW=502 RES=0x00 ACK PSH FIN URGP=0 APPDETECT[U6:155 http-url:/~robot/ http-host:10.215.168.1] Jun 03 11:45:59.000787 osdx OSDxCLI[119118]: User 'admin' executed a new command: 'file copy http://10.215.168.1/~robot/ running://index.html force'. Jun 03 11:45:59.061728 osdx kernel: [DROP-1] DROP IN= OUT=eth0 SRC=10.215.168.64 DST=10.215.168.1 LEN=306 TOS=0x00 PREC=0x00 TTL=64 ID=64712 DF PROTO=TCP SPT=33616 DPT=80 WINDOW=502 RES=0x00 ACK PSH FIN URGP=0 APPDETECT[U6:155 http-url:/~robot/ http-host:10.215.168.1]
Identity Values
Description
Conntrack identity is able to contain any printed character (max 92 characters) but not spaces
Scenario
Step 1: Run the command configure on DUT0 and expect the following output:
Show output
admin@osdx#
Step 2: Run the command set system conntrack logging identity "he||o w@rld!" on DUT0 and check whether the output contains the following tokens:
Identity name must be 92 characters or less and must contain printable characters except those defined as part of the space character classShow output
Identity name must be 92 characters or less and must contain printable characters except those defined as part of the space character class Value validation failed CLI Error: Command error
Step 3: Run the command set system conntrack logging identity Lorem-ipsum-dolor-sit-amet-consectetur-adipiscing-elit-quisque-lorem-ipsum-dolor-sit-amet-vita on DUT0 and check whether the output contains the following tokens:
Identity name must be 92 characters or less and must contain printable characters except those defined as part of the space character classShow output
Identity name must be 92 characters or less and must contain printable characters except those defined as part of the space character class Value validation failed CLI Error: Command error
Step 4: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 192.168.100.1/24 set system conntrack logging events all set system conntrack logging identity Lorem-ipsum-dolor-sit-amet-consectetur-adipiscing-elit-quisque-lorem-ipsum-dolor-sit-ame-vit set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 5: Set the following configuration in DUT1 :
set interfaces ethernet eth0 address 192.168.100.2/24 set protocols static route 0.0.0.0/0 next-hop 192.168.100.1 set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 6: Ping the IP address 192.168.100.1 from DUT1:
admin@DUT1$ ping 192.168.100.1 count 1 size 56 timeout 1Show output
PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data. 64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.675 ms --- 192.168.100.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.675/0.675/0.675/0.000 ms
Step 7: Ping the IP address 192.168.100.1 from DUT1:
admin@DUT1$ ping 192.168.100.1 count 1 size 56 timeout 1Show output
PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data. 64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.617 ms --- 192.168.100.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.617/0.617/0.617/0.000 ms
Step 8: Run the command system journal show | cat on DUT0 and check whether the output matches the following regular expressions:
Lorem-ipsum-dolor-sit-amet-consectetur-adipiscing-elit-quisque-lorem-ipsum-dolor-sit-ame-vit\[.*\]:.*\[((NEW)|(UPDATE)|(DESTROY))\].*SRC=192.168.100.2Show output
Jun 03 11:46:04.298905 osdx systemd-journald[2151]: Runtime Journal (/run/log/journal/140771393e044d28bd27951346e92000) is 1.8M, max 13.8M, 11.9M free. Jun 03 11:46:04.301685 osdx systemd-journald[2151]: Received client request to rotate journal, rotating. Jun 03 11:46:04.301749 osdx systemd-journald[2151]: Vacuuming done, freed 0B of archived journals from /run/log/journal/140771393e044d28bd27951346e92000. Jun 03 11:46:04.308901 osdx OSDxCLI[119118]: User 'admin' executed a new command: 'system journal clear'. Jun 03 11:46:04.537243 osdx OSDxCLI[119118]: User 'admin' executed a new command: 'system coredump delete all'. Jun 03 11:46:04.796449 osdx OSDxCLI[119118]: User 'admin' entered the configuration menu. Jun 03 11:46:04.857539 osdx cfgd[1899]: [119118]Command output: Identity name must be 92 characters or less and must contain printable characters except those defined as part of the space character class Value validation failed Jun 03 11:46:04.857981 osdx OSDxCLI[119118]: User 'admin' entered an invalid command: 'set system conntrack logging identity "he||o w@rld!"'. Jun 03 11:46:04.959312 osdx cfgd[1899]: [119118]Command output: Identity name must be 92 characters or less and must contain printable characters except those defined as part of the space character class Value validation failed Jun 03 11:46:04.959613 osdx OSDxCLI[119118]: User 'admin' entered an invalid command: 'set system conntrack logging identity Lorem-ipsum-dolor-sit-amet-consectetur-adipiscing-elit-quisque-lorem-ipsum-dolor-sit-amet-vita'. Jun 03 11:46:04.977165 osdx OSDxCLI[119118]: User 'admin' left the configuration menu. Jun 03 11:46:05.132940 osdx OSDxCLI[119118]: User 'admin' entered the configuration menu. Jun 03 11:46:05.216105 osdx OSDxCLI[119118]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 192.168.100.1/24'. Jun 03 11:46:05.300982 osdx OSDxCLI[119118]: User 'admin' added a new cfg line: 'set system conntrack logging events all'. Jun 03 11:46:05.378853 osdx OSDxCLI[119118]: User 'admin' added a new cfg line: 'set system conntrack logging identity Lorem-ipsum-dolor-sit-amet-consectetur-adipiscing-elit-quisque-lorem-ipsum-dolor-sit-ame-vit'. Jun 03 11:46:05.484647 osdx OSDxCLI[119118]: User 'admin' added a new cfg line: 'show working'. Jun 03 11:46:05.559194 osdx ubnt-cfgd[200961]: inactive Jun 03 11:46:05.581770 osdx INFO[200968]: FRR daemons did not change Jun 03 11:46:05.613680 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Jun 03 11:46:05.662972 osdx WARNING[201042]: No supported link modes on interface eth0 Jun 03 11:46:05.664487 osdx modulelauncher[201042]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on Jun 03 11:46:05.664501 osdx modulelauncher[201042]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76. Jun 03 11:46:05.665685 osdx modulelauncher[201042]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Pause off Asym_Pause off -- Jun 03 11:46:05.665696 osdx modulelauncher[201042]: Command '/sbin/ethtool -s eth0 autoneg on advertise Pause off Asym_Pause off --' returned non-zero exit status 75. Jun 03 11:46:05.714083 osdx systemd[1]: Starting ulogd2.service - Netfilter Userspace Logging Daemon... Jun 03 11:46:05.715104 osdx systemd[1]: Started ulogd2.service - Netfilter Userspace Logging Daemon. Jun 03 11:46:05.715327 osdx ulogd[201062]: registering plugin `NFCT' Jun 03 11:46:05.715377 osdx ulogd[201062]: registering plugin `IP2STR' Jun 03 11:46:05.715420 osdx ulogd[201062]: registering plugin `PRINTFLOW' Jun 03 11:46:05.715469 osdx ulogd[201062]: registering plugin `SYSLOG' Jun 03 11:46:05.715474 osdx ulogd[201062]: building new pluginstance stack: 'ct1:NFCT,ip2str1:IP2STR,print1:PRINTFLOW,sys1:SYSLOG' Jun 03 11:46:05.715524 osdx ulogd[201062]: NFCT plugin working in event mode Jun 03 11:46:05.715534 osdx Lorem-ipsum-dolor-sit-amet-consectetur-adipiscing-elit-quisque-lorem-ipsum-dolor-sit-ame-vit[201062]: Changing UID / GID Jun 03 11:46:05.715633 osdx Lorem-ipsum-dolor-sit-amet-consectetur-adipiscing-elit-quisque-lorem-ipsum-dolor-sit-ame-vit[201062]: initialization finished, entering main loop Jun 03 11:46:05.889404 osdx cfgd[1899]: [119118]Completed change to active configuration Jun 03 11:46:05.889974 osdx OSDxCLI[119118]: User 'admin' committed the configuration. Jun 03 11:46:05.917161 osdx OSDxCLI[119118]: User 'admin' left the configuration menu. Jun 03 11:46:07.073272 osdx Lorem-ipsum-dolor-sit-amet-consectetur-adipiscing-elit-quisque-lorem-ipsum-dolor-sit-ame-vit[201062]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 Jun 03 11:46:07.073295 osdx Lorem-ipsum-dolor-sit-amet-consectetur-adipiscing-elit-quisque-lorem-ipsum-dolor-sit-ame-vit[201062]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 Jun 03 11:46:07.174637 osdx Lorem-ipsum-dolor-sit-amet-consectetur-adipiscing-elit-quisque-lorem-ipsum-dolor-sit-ame-vit[201062]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 Jun 03 11:46:07.174662 osdx Lorem-ipsum-dolor-sit-amet-consectetur-adipiscing-elit-quisque-lorem-ipsum-dolor-sit-ame-vit[201062]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0