Logging
The following scenarios show how to configure the conntrack logging option with different traffic policies and services enabled, in order to check that all fields are displayed correctly and all events are captured.
New events
Description
Check NEW sessions events are captured
Scenario
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 192.168.100.1/24 set system conntrack logging events new set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 2: Set the following configuration in DUT1 :
set interfaces ethernet eth0 address 192.168.100.2/24 set protocols static route 0.0.0.0/0 next-hop 192.168.100.1 set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 3: Ping IP address 192.168.100.1 from DUT1:
admin@DUT1$ ping 192.168.100.1 count 1 size 56 timeout 1Show output
PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data. 64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.690 ms --- 192.168.100.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.690/0.690/0.690/0.000 ms
Step 4: Ping IP address 192.168.100.1 from DUT1:
admin@DUT1$ ping 192.168.100.1 count 1 size 56 timeout 1Show output
PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data. 64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=1.43 ms --- 192.168.100.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 1.429/1.429/1.429/0.000 ms
Step 5: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
ulogd\[.*\]:.*\[NEW\].*SRC=192.168.100.2Show output
Feb 19 16:56:03.511532 osdx systemd-journald[1662]: Runtime Journal (/run/log/journal/a4bff3775ff442739cbb447ef1abd30b) is 2.1M, max 15.3M, 13.2M free. Feb 19 16:56:03.512345 osdx systemd-journald[1662]: Received client request to rotate journal, rotating. Feb 19 16:56:03.512398 osdx systemd-journald[1662]: Vacuuming done, freed 0B of archived journals from /run/log/journal/a4bff3775ff442739cbb447ef1abd30b. Feb 19 16:56:03.528653 osdx OSDxCLI[13781]: User 'admin' executed a new command: 'system journal clear'. Feb 19 16:56:04.093297 osdx osdx-coredump[18774]: Deleting all coredumps in /opt/vyatta/etc/config/coredump... Feb 19 16:56:04.105453 osdx OSDxCLI[13781]: User 'admin' executed a new command: 'system coredump delete all'. Feb 19 16:56:04.881359 osdx OSDxCLI[13781]: User 'admin' entered the configuration menu. Feb 19 16:56:05.058696 osdx OSDxCLI[13781]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 192.168.100.1/24'. Feb 19 16:56:05.170990 osdx OSDxCLI[13781]: User 'admin' added a new cfg line: 'set system conntrack logging events new'. Feb 19 16:56:05.328363 osdx OSDxCLI[13781]: User 'admin' added a new cfg line: 'show working'. Feb 19 16:56:05.454168 osdx INFO[18798]: FRR daemons did not change Feb 19 16:56:05.676391 osdx systemd[1]: Starting ulogd2.service - Netfilter Userspace Logging Daemon... Feb 19 16:56:05.677749 osdx systemd[1]: Started ulogd2.service - Netfilter Userspace Logging Daemon. Feb 19 16:56:05.680596 osdx cfgd[1463]: [13781]Completed change to active configuration Feb 19 16:56:05.683367 osdx ulogd[18867]: registering plugin `NFCT' Feb 19 16:56:05.685125 osdx ulogd[18867]: registering plugin `IP2STR' Feb 19 16:56:05.685316 osdx ulogd[18867]: registering plugin `PRINTFLOW' Feb 19 16:56:05.687009 osdx ulogd[18867]: registering plugin `SYSLOG' Feb 19 16:56:05.687020 osdx ulogd[18867]: building new pluginstance stack: 'ct1:NFCT,ip2str1:IP2STR,print1:PRINTFLOW,sys1:SYSLOG' Feb 19 16:56:05.687083 osdx ulogd[18867]: NFCT plugin working in event mode Feb 19 16:56:05.687093 osdx ulogd[18867]: Changing UID / GID Feb 19 16:56:05.687200 osdx ulogd[18867]: initialization finished, entering main loop Feb 19 16:56:05.728206 osdx OSDxCLI[13781]: User 'admin' committed the configuration. Feb 19 16:56:05.772451 osdx OSDxCLI[13781]: User 'admin' left the configuration menu. Feb 19 16:56:07.262973 osdx ulogd[18867]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 Feb 19 16:56:07.491854 osdx ulogd[18867]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0
Update events
Description
Check UPDATE sessions events are captured
Scenario
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 192.168.100.1/24 set system conntrack logging events update set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 2: Set the following configuration in DUT1 :
set interfaces ethernet eth0 address 192.168.100.2/24 set protocols static route 0.0.0.0/0 next-hop 192.168.100.1 set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 3: Ping IP address 192.168.100.1 from DUT1:
admin@DUT1$ ping 192.168.100.1 count 1 size 56 timeout 1Show output
PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data. 64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.766 ms --- 192.168.100.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.766/0.766/0.766/0.000 ms
Step 4: Ping IP address 192.168.100.1 from DUT1:
admin@DUT1$ ping 192.168.100.1 count 1 size 56 timeout 1Show output
PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data. 64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.508 ms --- 192.168.100.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.508/0.508/0.508/0.000 ms
Step 5: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
ulogd\[.*\]:.*\[UPDATE\].*SRC=192.168.100.2Show output
Feb 19 16:56:14.394395 osdx systemd-journald[1662]: Runtime Journal (/run/log/journal/a4bff3775ff442739cbb447ef1abd30b) is 2.0M, max 15.3M, 13.2M free. Feb 19 16:56:14.398434 osdx systemd-journald[1662]: Received client request to rotate journal, rotating. Feb 19 16:56:14.398524 osdx systemd-journald[1662]: Vacuuming done, freed 0B of archived journals from /run/log/journal/a4bff3775ff442739cbb447ef1abd30b. Feb 19 16:56:14.409570 osdx OSDxCLI[13781]: User 'admin' executed a new command: 'system journal clear'. Feb 19 16:56:14.945839 osdx osdx-coredump[19018]: Deleting all coredumps in /opt/vyatta/etc/config/coredump... Feb 19 16:56:14.962021 osdx OSDxCLI[13781]: User 'admin' executed a new command: 'system coredump delete all'. Feb 19 16:56:15.813621 osdx OSDxCLI[13781]: User 'admin' entered the configuration menu. Feb 19 16:56:15.982993 osdx OSDxCLI[13781]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 192.168.100.1/24'. Feb 19 16:56:16.095383 osdx OSDxCLI[13781]: User 'admin' added a new cfg line: 'set system conntrack logging events update'. Feb 19 16:56:16.242830 osdx OSDxCLI[13781]: User 'admin' added a new cfg line: 'show working'. Feb 19 16:56:16.411890 osdx INFO[19042]: FRR daemons did not change Feb 19 16:56:16.618995 osdx systemd[1]: Starting ulogd2.service - Netfilter Userspace Logging Daemon... Feb 19 16:56:16.620035 osdx systemd[1]: ulogd2.service: Failed to parse PID from file /run/ulog/ulogd.pid: Invalid argument Feb 19 16:56:16.620790 osdx ulogd[19111]: registering plugin `NFCT' Feb 19 16:56:16.620854 osdx ulogd[19111]: registering plugin `IP2STR' Feb 19 16:56:16.620951 osdx ulogd[19111]: registering plugin `PRINTFLOW' Feb 19 16:56:16.621023 osdx ulogd[19111]: registering plugin `SYSLOG' Feb 19 16:56:16.621027 osdx ulogd[19111]: building new pluginstance stack: 'ct1:NFCT,ip2str1:IP2STR,print1:PRINTFLOW,sys1:SYSLOG' Feb 19 16:56:16.621083 osdx ulogd[19111]: NFCT plugin working in event mode Feb 19 16:56:16.621093 osdx ulogd[19111]: Changing UID / GID Feb 19 16:56:16.621196 osdx ulogd[19111]: initialization finished, entering main loop Feb 19 16:56:16.634488 osdx systemd[1]: Started ulogd2.service - Netfilter Userspace Logging Daemon. Feb 19 16:56:16.636610 osdx cfgd[1463]: [13781]Completed change to active configuration Feb 19 16:56:16.684453 osdx OSDxCLI[13781]: User 'admin' committed the configuration. Feb 19 16:56:16.719830 osdx OSDxCLI[13781]: User 'admin' left the configuration menu. Feb 19 16:56:18.094895 osdx ulogd[19111]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 Feb 19 16:56:18.278061 osdx ulogd[19111]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0
Destroy events
Description
Check DESTROY sessions events are captured
Scenario
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 192.168.100.1/24 set service ssh set system conntrack logging events destroy set system conntrack timeout icmp 1 set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 2: Set the following configuration in DUT1 :
set interfaces ethernet eth0 address 192.168.100.2/24 set protocols static route 0.0.0.0/0 next-hop 192.168.100.1 set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 3: Ping IP address 192.168.100.1 from DUT1:
admin@DUT1$ ping 192.168.100.1 count 1 size 56 timeout 1Show output
PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data. 64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.876 ms --- 192.168.100.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.876/0.876/0.876/0.000 ms
Step 4: Ping IP address 192.168.100.1 from DUT1:
admin@DUT1$ ping 192.168.100.1 count 3 size 56 timeout 1Show output
PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data. 64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.347 ms 64 bytes from 192.168.100.1: icmp_seq=2 ttl=64 time=0.586 ms 64 bytes from 192.168.100.1: icmp_seq=3 ttl=64 time=0.407 ms --- 192.168.100.1 ping statistics --- 3 packets transmitted, 3 received, 0% packet loss, time 2001ms rtt min/avg/max/mdev = 0.347/0.446/0.586/0.101 ms
Step 5: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
ulogd\[.*\]:.*\[DESTROY\].*SRC=192.168.100.2Show output
Feb 19 16:56:25.470786 osdx systemd-journald[1662]: Runtime Journal (/run/log/journal/a4bff3775ff442739cbb447ef1abd30b) is 2.0M, max 15.3M, 13.3M free. Feb 19 16:56:25.471655 osdx systemd-journald[1662]: Received client request to rotate journal, rotating. Feb 19 16:56:25.471719 osdx systemd-journald[1662]: Vacuuming done, freed 0B of archived journals from /run/log/journal/a4bff3775ff442739cbb447ef1abd30b. Feb 19 16:56:25.488802 osdx OSDxCLI[13781]: User 'admin' executed a new command: 'system journal clear'. Feb 19 16:56:25.997565 osdx osdx-coredump[19261]: Deleting all coredumps in /opt/vyatta/etc/config/coredump... Feb 19 16:56:26.009664 osdx OSDxCLI[13781]: User 'admin' executed a new command: 'system coredump delete all'. Feb 19 16:56:26.795167 osdx OSDxCLI[13781]: User 'admin' entered the configuration menu. Feb 19 16:56:26.939774 osdx OSDxCLI[13781]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 192.168.100.1/24'. Feb 19 16:56:27.051075 osdx OSDxCLI[13781]: User 'admin' added a new cfg line: 'set system conntrack logging events destroy'. Feb 19 16:56:27.165587 osdx OSDxCLI[13781]: User 'admin' added a new cfg line: 'set system conntrack timeout icmp 1'. Feb 19 16:56:27.277806 osdx OSDxCLI[13781]: User 'admin' added a new cfg line: 'set service ssh'. Feb 19 16:56:27.420226 osdx OSDxCLI[13781]: User 'admin' added a new cfg line: 'show working'. Feb 19 16:56:27.561457 osdx INFO[19293]: FRR daemons did not change Feb 19 16:56:27.767906 osdx systemd[1]: Starting ulogd2.service - Netfilter Userspace Logging Daemon... Feb 19 16:56:27.769190 osdx systemd[1]: Started ulogd2.service - Netfilter Userspace Logging Daemon. Feb 19 16:56:27.769601 osdx ulogd[19364]: registering plugin `NFCT' Feb 19 16:56:27.769671 osdx ulogd[19364]: registering plugin `IP2STR' Feb 19 16:56:27.769727 osdx ulogd[19364]: registering plugin `PRINTFLOW' Feb 19 16:56:27.769798 osdx ulogd[19364]: registering plugin `SYSLOG' Feb 19 16:56:27.769802 osdx ulogd[19364]: building new pluginstance stack: 'ct1:NFCT,ip2str1:IP2STR,print1:PRINTFLOW,sys1:SYSLOG' Feb 19 16:56:27.769861 osdx ulogd[19364]: NFCT plugin working in event mode Feb 19 16:56:27.769876 osdx ulogd[19364]: Changing UID / GID Feb 19 16:56:27.769990 osdx ulogd[19364]: initialization finished, entering main loop Feb 19 16:56:27.892177 osdx systemd[1]: Starting ssh.service - OpenBSD Secure Shell server... Feb 19 16:56:27.912451 osdx sshd[19370]: Server listening on 0.0.0.0 port 22. Feb 19 16:56:27.912485 osdx sshd[19370]: Server listening on :: port 22. Feb 19 16:56:27.912608 osdx systemd[1]: Started ssh.service - OpenBSD Secure Shell server. Feb 19 16:56:27.948651 osdx cfgd[1463]: [13781]Completed change to active configuration Feb 19 16:56:27.991037 osdx OSDxCLI[13781]: User 'admin' committed the configuration. Feb 19 16:56:28.020947 osdx OSDxCLI[13781]: User 'admin' left the configuration menu. Feb 19 16:56:30.623034 osdx ulogd[19364]: [DESTROY] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 Feb 19 16:56:31.623920 osdx ulogd[19364]: [DESTROY] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84
Default logging
Description
Set a simple configuration, send a ping command from one device to other
and check that default fields appear when running system journal show.
Scenario
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 192.168.100.1/24 set system conntrack logging events all set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 2: Set the following configuration in DUT1 :
set interfaces ethernet eth0 address 192.168.100.2/24 set protocols static route 0.0.0.0/0 next-hop 192.168.100.1 set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 3: Ping IP address 192.168.100.1 from DUT1:
admin@DUT1$ ping 192.168.100.1 count 1 size 56 timeout 1Show output
PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data. 64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.742 ms --- 192.168.100.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.742/0.742/0.742/0.000 ms
Step 4: Ping IP address 192.168.100.1 from DUT1:
admin@DUT1$ ping 192.168.100.1 count 1 size 56 timeout 1Show output
PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data. 64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.304 ms --- 192.168.100.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.304/0.304/0.304/0.000 ms
Step 5: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
ulogd\[.*\]:.*\[((NEW)|(UPDATE)|(DESTROY))\].*SRC=192.168.100.2Show output
Feb 19 16:56:41.517413 osdx systemd-journald[1662]: Runtime Journal (/run/log/journal/a4bff3775ff442739cbb447ef1abd30b) is 2.0M, max 15.3M, 13.3M free. Feb 19 16:56:41.525156 osdx systemd-journald[1662]: Received client request to rotate journal, rotating. Feb 19 16:56:41.525268 osdx systemd-journald[1662]: Vacuuming done, freed 0B of archived journals from /run/log/journal/a4bff3775ff442739cbb447ef1abd30b. Feb 19 16:56:41.539732 osdx OSDxCLI[13781]: User 'admin' executed a new command: 'system journal clear'. Feb 19 16:56:42.334100 osdx osdx-coredump[19545]: Deleting all coredumps in /opt/vyatta/etc/config/coredump... Feb 19 16:56:42.369552 osdx OSDxCLI[13781]: User 'admin' executed a new command: 'system coredump delete all'. Feb 19 16:56:43.559152 osdx OSDxCLI[13781]: User 'admin' entered the configuration menu. Feb 19 16:56:43.887549 osdx OSDxCLI[13781]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 192.168.100.1/24'. Feb 19 16:56:44.033392 osdx OSDxCLI[13781]: User 'admin' added a new cfg line: 'set system conntrack logging events all'. Feb 19 16:56:44.270986 osdx OSDxCLI[13781]: User 'admin' added a new cfg line: 'show working'. Feb 19 16:56:44.536086 osdx INFO[19569]: FRR daemons did not change Feb 19 16:56:44.829481 osdx systemd[1]: Starting ulogd2.service - Netfilter Userspace Logging Daemon... Feb 19 16:56:44.830792 osdx systemd[1]: ulogd2.service: Failed to parse PID from file /run/ulog/ulogd.pid: Invalid argument Feb 19 16:56:44.831446 osdx systemd[1]: Started ulogd2.service - Netfilter Userspace Logging Daemon. Feb 19 16:56:44.834488 osdx cfgd[1463]: [13781]Completed change to active configuration Feb 19 16:56:44.835839 osdx ulogd[19638]: registering plugin `NFCT' Feb 19 16:56:44.835978 osdx ulogd[19638]: registering plugin `IP2STR' Feb 19 16:56:44.836070 osdx ulogd[19638]: registering plugin `PRINTFLOW' Feb 19 16:56:44.836153 osdx ulogd[19638]: registering plugin `SYSLOG' Feb 19 16:56:44.836160 osdx ulogd[19638]: building new pluginstance stack: 'ct1:NFCT,ip2str1:IP2STR,print1:PRINTFLOW,sys1:SYSLOG' Feb 19 16:56:44.836239 osdx ulogd[19638]: NFCT plugin working in event mode Feb 19 16:56:44.836257 osdx ulogd[19638]: Changing UID / GID Feb 19 16:56:44.836383 osdx ulogd[19638]: initialization finished, entering main loop Feb 19 16:56:44.893564 osdx OSDxCLI[13781]: User 'admin' committed the configuration. Feb 19 16:56:44.936397 osdx OSDxCLI[13781]: User 'admin' left the configuration menu. Feb 19 16:56:46.532667 osdx ulogd[19638]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 Feb 19 16:56:46.532699 osdx ulogd[19638]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 Feb 19 16:56:46.695228 osdx ulogd[19638]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 Feb 19 16:56:46.695260 osdx ulogd[19638]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0
Identity logging
Description
Set a simple configuration with identity OSDx_DUT0 for logs entries, send a ping command from one device to other
and check that the identity has changed when running system journal show.
Scenario
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 192.168.100.1/24 set system conntrack logging events all set system conntrack logging identity OSDx_DUT0 set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 2: Set the following configuration in DUT1 :
set interfaces ethernet eth0 address 192.168.100.2/24 set protocols static route 0.0.0.0/0 next-hop 192.168.100.1 set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 3: Ping IP address 192.168.100.1 from DUT1:
admin@DUT1$ ping 192.168.100.1 count 1 size 56 timeout 1Show output
PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data. 64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.573 ms --- 192.168.100.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.573/0.573/0.573/0.000 ms
Step 4: Ping IP address 192.168.100.1 from DUT1:
admin@DUT1$ ping 192.168.100.1 count 1 size 56 timeout 1Show output
PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data. 64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.373 ms --- 192.168.100.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.373/0.373/0.373/0.000 ms
Step 5: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
OSDx_DUT0\[.*\]:.*\[((NEW)|(UPDATE)|(DESTROY))\].*SRC=192.168.100.2Show output
Feb 19 16:56:54.502664 osdx systemd-journald[1662]: Runtime Journal (/run/log/journal/a4bff3775ff442739cbb447ef1abd30b) is 2.0M, max 15.3M, 13.3M free. Feb 19 16:56:54.503485 osdx systemd-journald[1662]: Received client request to rotate journal, rotating. Feb 19 16:56:54.503548 osdx systemd-journald[1662]: Vacuuming done, freed 0B of archived journals from /run/log/journal/a4bff3775ff442739cbb447ef1abd30b. Feb 19 16:56:54.526423 osdx OSDxCLI[13781]: User 'admin' executed a new command: 'system journal clear'. Feb 19 16:56:55.116034 osdx osdx-coredump[19790]: Deleting all coredumps in /opt/vyatta/etc/config/coredump... Feb 19 16:56:55.129600 osdx OSDxCLI[13781]: User 'admin' executed a new command: 'system coredump delete all'. Feb 19 16:56:55.962680 osdx OSDxCLI[13781]: User 'admin' entered the configuration menu. Feb 19 16:56:56.094102 osdx OSDxCLI[13781]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 192.168.100.1/24'. Feb 19 16:56:56.190539 osdx OSDxCLI[13781]: User 'admin' added a new cfg line: 'set system conntrack logging events all'. Feb 19 16:56:56.332444 osdx OSDxCLI[13781]: User 'admin' added a new cfg line: 'set system conntrack logging identity OSDx_DUT0'. Feb 19 16:56:56.460850 osdx OSDxCLI[13781]: User 'admin' added a new cfg line: 'show working'. Feb 19 16:56:56.573344 osdx INFO[19815]: FRR daemons did not change Feb 19 16:56:56.768423 osdx systemd[1]: Starting ulogd2.service - Netfilter Userspace Logging Daemon... Feb 19 16:56:56.769591 osdx ulogd[19884]: registering plugin `NFCT' Feb 19 16:56:56.769689 osdx ulogd[19884]: registering plugin `IP2STR' Feb 19 16:56:56.769777 osdx ulogd[19884]: registering plugin `PRINTFLOW' Feb 19 16:56:56.769871 osdx ulogd[19884]: registering plugin `SYSLOG' Feb 19 16:56:56.769877 osdx ulogd[19884]: building new pluginstance stack: 'ct1:NFCT,ip2str1:IP2STR,print1:PRINTFLOW,sys1:SYSLOG' Feb 19 16:56:56.769951 osdx ulogd[19884]: NFCT plugin working in event mode Feb 19 16:56:56.769963 osdx OSDx_DUT0[19884]: Changing UID / GID Feb 19 16:56:56.770127 osdx OSDx_DUT0[19884]: initialization finished, entering main loop Feb 19 16:56:56.770495 osdx systemd[1]: Started ulogd2.service - Netfilter Userspace Logging Daemon. Feb 19 16:56:56.773618 osdx cfgd[1463]: [13781]Completed change to active configuration Feb 19 16:56:56.828464 osdx OSDxCLI[13781]: User 'admin' committed the configuration. Feb 19 16:56:56.887653 osdx OSDxCLI[13781]: User 'admin' left the configuration menu. Feb 19 16:56:58.219213 osdx OSDx_DUT0[19884]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 Feb 19 16:56:58.219246 osdx OSDx_DUT0[19884]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 Feb 19 16:56:58.395433 osdx OSDx_DUT0[19884]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 Feb 19 16:56:58.395490 osdx OSDx_DUT0[19884]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0
Note
If the identity is not provided, “ulogd” will be used by default.
Step 6: Modify the following configuration lines in DUT0 :
delete system conntrack logging identity
Step 7: Ping IP address 192.168.100.1 from DUT1:
admin@DUT1$ ping 192.168.100.1 count 1 size 56 timeout 1Show output
PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data. 64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.341 ms --- 192.168.100.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.341/0.341/0.341/0.000 ms
Step 8: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
ulogd\[.*\]:.*\[((NEW)|(UPDATE)|(DESTROY))\].*SRC=192.168.100.2Show output
Feb 19 16:56:54.502664 osdx systemd-journald[1662]: Runtime Journal (/run/log/journal/a4bff3775ff442739cbb447ef1abd30b) is 2.0M, max 15.3M, 13.3M free. Feb 19 16:56:54.503485 osdx systemd-journald[1662]: Received client request to rotate journal, rotating. Feb 19 16:56:54.503548 osdx systemd-journald[1662]: Vacuuming done, freed 0B of archived journals from /run/log/journal/a4bff3775ff442739cbb447ef1abd30b. Feb 19 16:56:54.526423 osdx OSDxCLI[13781]: User 'admin' executed a new command: 'system journal clear'. Feb 19 16:56:55.116034 osdx osdx-coredump[19790]: Deleting all coredumps in /opt/vyatta/etc/config/coredump... Feb 19 16:56:55.129600 osdx OSDxCLI[13781]: User 'admin' executed a new command: 'system coredump delete all'. Feb 19 16:56:55.962680 osdx OSDxCLI[13781]: User 'admin' entered the configuration menu. Feb 19 16:56:56.094102 osdx OSDxCLI[13781]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 192.168.100.1/24'. Feb 19 16:56:56.190539 osdx OSDxCLI[13781]: User 'admin' added a new cfg line: 'set system conntrack logging events all'. Feb 19 16:56:56.332444 osdx OSDxCLI[13781]: User 'admin' added a new cfg line: 'set system conntrack logging identity OSDx_DUT0'. Feb 19 16:56:56.460850 osdx OSDxCLI[13781]: User 'admin' added a new cfg line: 'show working'. Feb 19 16:56:56.573344 osdx INFO[19815]: FRR daemons did not change Feb 19 16:56:56.768423 osdx systemd[1]: Starting ulogd2.service - Netfilter Userspace Logging Daemon... Feb 19 16:56:56.769591 osdx ulogd[19884]: registering plugin `NFCT' Feb 19 16:56:56.769689 osdx ulogd[19884]: registering plugin `IP2STR' Feb 19 16:56:56.769777 osdx ulogd[19884]: registering plugin `PRINTFLOW' Feb 19 16:56:56.769871 osdx ulogd[19884]: registering plugin `SYSLOG' Feb 19 16:56:56.769877 osdx ulogd[19884]: building new pluginstance stack: 'ct1:NFCT,ip2str1:IP2STR,print1:PRINTFLOW,sys1:SYSLOG' Feb 19 16:56:56.769951 osdx ulogd[19884]: NFCT plugin working in event mode Feb 19 16:56:56.769963 osdx OSDx_DUT0[19884]: Changing UID / GID Feb 19 16:56:56.770127 osdx OSDx_DUT0[19884]: initialization finished, entering main loop Feb 19 16:56:56.770495 osdx systemd[1]: Started ulogd2.service - Netfilter Userspace Logging Daemon. Feb 19 16:56:56.773618 osdx cfgd[1463]: [13781]Completed change to active configuration Feb 19 16:56:56.828464 osdx OSDxCLI[13781]: User 'admin' committed the configuration. Feb 19 16:56:56.887653 osdx OSDxCLI[13781]: User 'admin' left the configuration menu. Feb 19 16:56:58.219213 osdx OSDx_DUT0[19884]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 Feb 19 16:56:58.219246 osdx OSDx_DUT0[19884]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 Feb 19 16:56:58.395433 osdx OSDx_DUT0[19884]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 Feb 19 16:56:58.395490 osdx OSDx_DUT0[19884]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 Feb 19 16:56:58.548981 osdx OSDxCLI[13781]: User 'admin' executed a new command: 'system journal show | cat'. Feb 19 16:56:58.860780 osdx OSDxCLI[13781]: User 'admin' entered the configuration menu. Feb 19 16:56:58.999220 osdx OSDxCLI[13781]: User 'admin' added a new cfg line: 'delete system conntrack logging identity'. Feb 19 16:56:59.124387 osdx OSDxCLI[13781]: User 'admin' added a new cfg line: 'show changes'. Feb 19 16:56:59.237023 osdx INFO[19920]: FRR daemons did not change Feb 19 16:56:59.253862 osdx OSDx_DUT0[19884]: Terminal signal received, exiting Feb 19 16:56:59.254041 osdx systemd[1]: Stopping ulogd2.service - Netfilter Userspace Logging Daemon... Feb 19 16:56:59.254511 osdx systemd[1]: ulogd2.service: Deactivated successfully. Feb 19 16:56:59.254775 osdx systemd[1]: Stopped ulogd2.service - Netfilter Userspace Logging Daemon. Feb 19 16:56:59.275883 osdx systemd[1]: Starting ulogd2.service - Netfilter Userspace Logging Daemon... Feb 19 16:56:59.277182 osdx systemd[1]: Started ulogd2.service - Netfilter Userspace Logging Daemon. Feb 19 16:56:59.277455 osdx ulogd[19929]: registering plugin `NFCT' Feb 19 16:56:59.277558 osdx ulogd[19929]: registering plugin `IP2STR' Feb 19 16:56:59.277652 osdx ulogd[19929]: registering plugin `PRINTFLOW' Feb 19 16:56:59.277744 osdx ulogd[19929]: registering plugin `SYSLOG' Feb 19 16:56:59.277752 osdx ulogd[19929]: building new pluginstance stack: 'ct1:NFCT,ip2str1:IP2STR,print1:PRINTFLOW,sys1:SYSLOG' Feb 19 16:56:59.277829 osdx ulogd[19929]: NFCT plugin working in event mode Feb 19 16:56:59.277845 osdx ulogd[19929]: Changing UID / GID Feb 19 16:56:59.278565 osdx ulogd[19929]: initialization finished, entering main loop Feb 19 16:56:59.279106 osdx cfgd[1463]: [13781]Completed change to active configuration Feb 19 16:56:59.280908 osdx ulogd[19929]: [DESTROY] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 Feb 19 16:56:59.280944 osdx ulogd[19929]: [DESTROY] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 Feb 19 16:56:59.281967 osdx OSDxCLI[13781]: User 'admin' committed the configuration. Feb 19 16:56:59.329450 osdx OSDxCLI[13781]: User 'admin' left the configuration menu. Feb 19 16:56:59.495640 osdx ulogd[19929]: [NEW] ORIG: SRC=127.0.0.1 DST=127.0.0.1 PROTO=UDP SPT=35782 DPT=2055 PKTS=0 BYTES=0 , REPLY: SRC=127.0.0.1 DST=127.0.0.1 PROTO=UDP SPT=2055 DPT=35782 PKTS=0 BYTES=0 Feb 19 16:56:59.531729 osdx ulogd[19929]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 Feb 19 16:56:59.531813 osdx ulogd[19929]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0
Policies logging
Description
Set a simple configuration with mark and label traffic policies,
send a ping command from one device to other
and check that default, mark and label fields appear when running system journal show.
Scenario
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 192.168.100.1/24 set interfaces ethernet eth0 traffic policy in POLICY set system conntrack logging events all set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0' set traffic label TEST set traffic policy POLICY rule 1 set connmark 33 set traffic policy POLICY rule 1 set label TEST
Step 2: Set the following configuration in DUT1 :
set interfaces ethernet eth0 address 192.168.100.2/24 set protocols static route 0.0.0.0/0 next-hop 192.168.100.1 set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 3: Ping IP address 192.168.100.1 from DUT1:
admin@DUT1$ ping 192.168.100.1 count 1 size 56 timeout 1Show output
PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data. 64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.538 ms --- 192.168.100.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.538/0.538/0.538/0.000 ms
Step 4: Ping IP address 192.168.100.1 from DUT1:
admin@DUT1$ ping 192.168.100.1 count 2 size 56 timeout 1Show output
PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data. 64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.400 ms 64 bytes from 192.168.100.1: icmp_seq=2 ttl=64 time=0.326 ms --- 192.168.100.1 ping statistics --- 2 packets transmitted, 2 received, 0% packet loss, time 1009ms rtt min/avg/max/mdev = 0.326/0.363/0.400/0.037 ms
Step 5: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
ulogd\[.*\]:.*\[((NEW)|(UPDATE)|(DESTROY))\].*MARK=33.*LABELS=TESTShow output
Feb 19 16:57:06.554073 osdx systemd-journald[1662]: Runtime Journal (/run/log/journal/a4bff3775ff442739cbb447ef1abd30b) is 2.1M, max 15.3M, 13.2M free. Feb 19 16:57:06.556992 osdx systemd-journald[1662]: Received client request to rotate journal, rotating. Feb 19 16:57:06.557112 osdx systemd-journald[1662]: Vacuuming done, freed 0B of archived journals from /run/log/journal/a4bff3775ff442739cbb447ef1abd30b. Feb 19 16:57:06.572356 osdx OSDxCLI[13781]: User 'admin' executed a new command: 'system journal clear'. Feb 19 16:57:07.141804 osdx osdx-coredump[20064]: Deleting all coredumps in /opt/vyatta/etc/config/coredump... Feb 19 16:57:07.161580 osdx OSDxCLI[13781]: User 'admin' executed a new command: 'system coredump delete all'. Feb 19 16:57:08.188826 osdx OSDxCLI[13781]: User 'admin' entered the configuration menu. Feb 19 16:57:08.372039 osdx OSDxCLI[13781]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 traffic policy in POLICY'. Feb 19 16:57:08.454655 osdx OSDxCLI[13781]: User 'admin' added a new cfg line: 'set traffic label TEST'. Feb 19 16:57:08.597276 osdx OSDxCLI[13781]: User 'admin' added a new cfg line: 'set traffic policy POLICY rule 1 set connmark 33'. Feb 19 16:57:08.736218 osdx OSDxCLI[13781]: User 'admin' added a new cfg line: 'set traffic policy POLICY rule 1 set label TEST'. Feb 19 16:57:08.893684 osdx OSDxCLI[13781]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 192.168.100.1/24'. Feb 19 16:57:09.063258 osdx OSDxCLI[13781]: User 'admin' added a new cfg line: 'set system conntrack logging events all'. Feb 19 16:57:09.301474 osdx OSDxCLI[13781]: User 'admin' added a new cfg line: 'show working'. Feb 19 16:57:09.560036 osdx INFO[20098]: FRR daemons did not change Feb 19 16:57:09.845858 osdx systemd[1]: Starting ulogd2.service - Netfilter Userspace Logging Daemon... Feb 19 16:57:09.847116 osdx ulogd[20167]: registering plugin `NFCT' Feb 19 16:57:09.847199 osdx ulogd[20167]: registering plugin `IP2STR' Feb 19 16:57:09.847277 osdx ulogd[20167]: registering plugin `PRINTFLOW' Feb 19 16:57:09.847369 osdx ulogd[20167]: registering plugin `SYSLOG' Feb 19 16:57:09.847375 osdx ulogd[20167]: building new pluginstance stack: 'ct1:NFCT,ip2str1:IP2STR,print1:PRINTFLOW,sys1:SYSLOG' Feb 19 16:57:09.847449 osdx ulogd[20167]: NFCT plugin working in event mode Feb 19 16:57:09.847469 osdx ulogd[20167]: Changing UID / GID Feb 19 16:57:09.847583 osdx ulogd[20167]: initialization finished, entering main loop Feb 19 16:57:09.848629 osdx systemd[1]: Started ulogd2.service - Netfilter Userspace Logging Daemon. Feb 19 16:57:09.884991 osdx ulogd[20167]: Terminal signal received, exiting Feb 19 16:57:09.885194 osdx systemd[1]: Stopping ulogd2.service - Netfilter Userspace Logging Daemon... Feb 19 16:57:09.886062 osdx systemd[1]: ulogd2.service: Deactivated successfully. Feb 19 16:57:09.886256 osdx systemd[1]: Stopped ulogd2.service - Netfilter Userspace Logging Daemon. Feb 19 16:57:09.888153 osdx systemd[1]: Starting ulogd2.service - Netfilter Userspace Logging Daemon... Feb 19 16:57:09.890215 osdx ulogd[20173]: registering plugin `NFCT' Feb 19 16:57:09.890051 osdx systemd[1]: Started ulogd2.service - Netfilter Userspace Logging Daemon. Feb 19 16:57:09.890302 osdx ulogd[20173]: registering plugin `IP2STR' Feb 19 16:57:09.890388 osdx ulogd[20173]: registering plugin `PRINTFLOW' Feb 19 16:57:09.890500 osdx ulogd[20173]: registering plugin `SYSLOG' Feb 19 16:57:09.890507 osdx ulogd[20173]: building new pluginstance stack: 'ct1:NFCT,ip2str1:IP2STR,print1:PRINTFLOW,sys1:SYSLOG' Feb 19 16:57:09.892657 osdx ulogd[20173]: NFCT plugin working in event mode Feb 19 16:57:09.892680 osdx ulogd[20173]: Changing UID / GID Feb 19 16:57:09.892811 osdx ulogd[20173]: initialization finished, entering main loop Feb 19 16:57:10.150870 osdx cfgd[1463]: [13781]Completed change to active configuration Feb 19 16:57:10.209109 osdx OSDxCLI[13781]: User 'admin' committed the configuration. Feb 19 16:57:10.259581 osdx OSDxCLI[13781]: User 'admin' left the configuration menu. Feb 19 16:57:11.689569 osdx ulogd[20173]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 MARK=33 LABELS=TEST Feb 19 16:57:11.689651 osdx ulogd[20173]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 MARK=33 Feb 19 16:57:11.845163 osdx ulogd[20173]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 MARK=33 LABELS=TEST Feb 19 16:57:11.845208 osdx ulogd[20173]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 MARK=33
VRF logging
Description
Set a simple configuration with a vrf,
send a ping command from one device to other
and check that default and vrf fields appear when running system journal show.
Scenario
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 192.168.100.1/24 set interfaces ethernet eth0 vrf RED set protocols vrf RED static route 0.0.0.0/0 next-hop 192.168.100.2 set system conntrack logging events all set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0' set system vrf RED
Step 2: Set the following configuration in DUT1 :
set interfaces ethernet eth0 address 192.168.100.2/24 set protocols static route 0.0.0.0/0 next-hop 192.168.100.1 set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 3: Ping IP address 192.168.100.1 from DUT1:
admin@DUT1$ ping 192.168.100.1 count 1 size 56 timeout 1Show output
PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data. 64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=7.91 ms --- 192.168.100.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 7.907/7.907/7.907/0.000 ms
Step 4: Ping IP address 192.168.100.1 from DUT1:
admin@DUT1$ ping 192.168.100.1 count 1 size 56 timeout 1Show output
PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data. 64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.369 ms --- 192.168.100.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.369/0.369/0.369/0.000 ms
Step 5: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
ulogd\[.*\]:.*\[((NEW)|(UPDATE)|(DESTROY))\].*VRF=REDShow output
Feb 19 16:57:20.514283 osdx systemd-journald[1662]: Runtime Journal (/run/log/journal/a4bff3775ff442739cbb447ef1abd30b) is 2.0M, max 15.3M, 13.2M free. Feb 19 16:57:20.518072 osdx systemd-journald[1662]: Received client request to rotate journal, rotating. Feb 19 16:57:20.518153 osdx systemd-journald[1662]: Vacuuming done, freed 0B of archived journals from /run/log/journal/a4bff3775ff442739cbb447ef1abd30b. Feb 19 16:57:20.535141 osdx OSDxCLI[13781]: User 'admin' executed a new command: 'system journal clear'. Feb 19 16:57:21.178533 osdx osdx-coredump[20365]: Deleting all coredumps in /opt/vyatta/etc/config/coredump... Feb 19 16:57:21.190249 osdx OSDxCLI[13781]: User 'admin' executed a new command: 'system coredump delete all'. Feb 19 16:57:21.948042 osdx OSDxCLI[13781]: User 'admin' entered the configuration menu. Feb 19 16:57:22.112967 osdx OSDxCLI[13781]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 vrf RED'. Feb 19 16:57:22.217495 osdx OSDxCLI[13781]: User 'admin' added a new cfg line: 'set protocols vrf RED static route 0.0.0.0/0 next-hop 192.168.100.2'. Feb 19 16:57:22.334732 osdx OSDxCLI[13781]: User 'admin' added a new cfg line: 'set system vrf RED'. Feb 19 16:57:22.503961 osdx OSDxCLI[13781]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 192.168.100.1/24'. Feb 19 16:57:22.627164 osdx OSDxCLI[13781]: User 'admin' added a new cfg line: 'set system conntrack logging events all'. Feb 19 16:57:22.753242 osdx OSDxCLI[13781]: User 'admin' added a new cfg line: 'show working'. Feb 19 16:57:22.919367 osdx INFO[20392]: FRR daemons did not change Feb 19 16:57:22.948962 osdx (udev-worker)[20407]: RED: Could not disable auto negotiation, ignoring: Operation not supported Feb 19 16:57:22.949008 osdx (udev-worker)[20407]: Network interface NamePolicy= disabled on kernel command line. Feb 19 16:57:23.354435 osdx systemd[1]: Starting ulogd2.service - Netfilter Userspace Logging Daemon... Feb 19 16:57:23.355472 osdx systemd[1]: ulogd2.service: Failed to parse PID from file /run/ulog/ulogd.pid: Invalid argument Feb 19 16:57:23.356064 osdx ulogd[20514]: registering plugin `NFCT' Feb 19 16:57:23.356184 osdx ulogd[20514]: registering plugin `IP2STR' Feb 19 16:57:23.356284 osdx ulogd[20514]: registering plugin `PRINTFLOW' Feb 19 16:57:23.356394 osdx ulogd[20514]: registering plugin `SYSLOG' Feb 19 16:57:23.356402 osdx ulogd[20514]: building new pluginstance stack: 'ct1:NFCT,ip2str1:IP2STR,print1:PRINTFLOW,sys1:SYSLOG' Feb 19 16:57:23.356484 osdx ulogd[20514]: NFCT plugin working in event mode Feb 19 16:57:23.356497 osdx ulogd[20514]: Changing UID / GID Feb 19 16:57:23.356626 osdx ulogd[20514]: initialization finished, entering main loop Feb 19 16:57:23.374042 osdx systemd[1]: Started ulogd2.service - Netfilter Userspace Logging Daemon. Feb 19 16:57:23.376662 osdx cfgd[1463]: [13781]Completed change to active configuration Feb 19 16:57:23.427266 osdx OSDxCLI[13781]: User 'admin' committed the configuration. Feb 19 16:57:23.464944 osdx OSDxCLI[13781]: User 'admin' left the configuration menu. Feb 19 16:57:24.857302 osdx ulogd[20514]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 VRF=RED PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 VRF=RED PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 Feb 19 16:57:24.857345 osdx ulogd[20514]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 VRF=RED PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 VRF=RED PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 Feb 19 16:57:24.998713 osdx ulogd[20514]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 VRF=RED PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 VRF=RED PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 Feb 19 16:57:24.998779 osdx ulogd[20514]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 VRF=RED PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 VRF=RED PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0
Not-Bypass logging
Description
Set a simple configuration with a firewall service,
send a ping command from one device to other
and check that default and bypass fields appear when running system journal show.
Scenario
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth1 address 10.215.168.64/24 set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 2: Ping IP address 10.215.168.1 from DUT0:
admin@DUT0$ ping 10.215.168.1 count 1 size 56 timeout 1Show output
PING 10.215.168.1 (10.215.168.1) 56(84) bytes of data. 64 bytes from 10.215.168.1: icmp_seq=1 ttl=64 time=0.548 ms --- 10.215.168.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.548/0.548/0.548/0.000 ms
Step 3: Run command file copy http://10.215.168.1/~robot/test-performance.rules running:// force at DUT0 and expect this output:
Show output
% Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 100 129 100 129 0 0 69168 0 --:--:-- --:--:-- --:--:-- 125k
Step 4: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 192.168.100.1/24 set interfaces ethernet eth0 traffic policy in POLICY set interfaces ethernet eth1 address 10.215.168.64/24 set service firewall FW mode inline queue FW_Q set service firewall FW ruleset file 'running://test-performance.rules' set service firewall FW stream bypass mark 129834765 set service firewall FW stream bypass mask 129834765 set service firewall FW stream bypass set-connmark set system conntrack logging events all set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0' set traffic policy POLICY rule 1 action enqueue FW_Q set traffic queue FW_Q elements 1
Step 5: Set the following configuration in DUT1 :
set interfaces ethernet eth0 address 192.168.100.2/24 set protocols static route 0.0.0.0/0 next-hop 192.168.100.1 set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 6: Ping IP address 192.168.100.1 from DUT1:
admin@DUT1$ ping 192.168.100.1 count 1 size 56 timeout 1Show output
PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data. 64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=5.91 ms --- 192.168.100.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 5.907/5.907/5.907/0.000 ms
Step 7: Ping IP address 192.168.100.1 from DUT1:
admin@DUT1$ ping 192.168.100.1 count 1 size 56 timeout 1Show output
PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data. 64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.504 ms --- 192.168.100.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.504/0.504/0.504/0.000 ms
Step 8: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
ulogd\[.*\]:.*\[((NEW)|(UPDATE)|(DESTROY))\].*Sc: not-bypassShow output
Feb 19 16:57:32.462911 osdx systemd-journald[1662]: Runtime Journal (/run/log/journal/a4bff3775ff442739cbb447ef1abd30b) is 2.0M, max 15.3M, 13.2M free. Feb 19 16:57:32.464468 osdx systemd-journald[1662]: Received client request to rotate journal, rotating. Feb 19 16:57:32.464539 osdx systemd-journald[1662]: Vacuuming done, freed 0B of archived journals from /run/log/journal/a4bff3775ff442739cbb447ef1abd30b. Feb 19 16:57:32.479478 osdx OSDxCLI[13781]: User 'admin' executed a new command: 'system journal clear'. Feb 19 16:57:33.114695 osdx osdx-coredump[20725]: Deleting all coredumps in /opt/vyatta/etc/config/coredump... Feb 19 16:57:33.128693 osdx OSDxCLI[13781]: User 'admin' executed a new command: 'system coredump delete all'. Feb 19 16:57:34.060772 osdx OSDxCLI[13781]: User 'admin' entered the configuration menu. Feb 19 16:57:34.224878 osdx OSDxCLI[13781]: User 'admin' added a new cfg line: 'set interfaces ethernet eth1 address 10.215.168.64/24'. Feb 19 16:57:34.380229 osdx OSDxCLI[13781]: User 'admin' added a new cfg line: 'show working'. Feb 19 16:57:34.542997 osdx INFO[20748]: FRR daemons did not change Feb 19 16:57:34.698583 osdx cfgd[1463]: [13781]Completed change to active configuration Feb 19 16:57:34.742682 osdx OSDxCLI[13781]: User 'admin' committed the configuration. Feb 19 16:57:34.771601 osdx OSDxCLI[13781]: User 'admin' left the configuration menu. Feb 19 16:57:35.004099 osdx OSDxCLI[13781]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'. Feb 19 16:57:35.286204 osdx file_operation[20843]: using src url: http://10.215.168.1/~robot/test-performance.rules dst url: running:// Feb 19 16:57:35.326336 osdx OSDxCLI[13781]: User 'admin' executed a new command: 'file copy http://10.215.168.1/~robot/test-performance.rules running:// force'. Feb 19 16:57:35.625737 osdx OSDxCLI[13781]: User 'admin' entered the configuration menu. Feb 19 16:57:35.840484 osdx OSDxCLI[13781]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 traffic policy in POLICY'. Feb 19 16:57:35.975595 osdx OSDxCLI[13781]: User 'admin' added a new cfg line: 'set service firewall FW mode inline queue FW_Q'. Feb 19 16:57:36.097189 osdx OSDxCLI[13781]: User 'admin' added a new cfg line: 'set service firewall FW ruleset file running://test-performance.rules'. Feb 19 16:57:36.229234 osdx OSDxCLI[13781]: User 'admin' added a new cfg line: 'set service firewall FW stream bypass'. Feb 19 16:57:36.396214 osdx OSDxCLI[13781]: User 'admin' added a new cfg line: 'set service firewall FW stream bypass mark 129834765'. Feb 19 16:57:36.566294 osdx OSDxCLI[13781]: User 'admin' added a new cfg line: 'set service firewall FW stream bypass mask 129834765'. Feb 19 16:57:36.744064 osdx OSDxCLI[13781]: User 'admin' added a new cfg line: 'set service firewall FW stream bypass set-connmark'. Feb 19 16:57:36.860366 osdx OSDxCLI[13781]: User 'admin' added a new cfg line: 'set traffic queue FW_Q elements 1'. Feb 19 16:57:36.984826 osdx OSDxCLI[13781]: User 'admin' added a new cfg line: 'set traffic policy POLICY rule 1 action enqueue FW_Q'. Feb 19 16:57:37.139337 osdx OSDxCLI[13781]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 192.168.100.1/24'. Feb 19 16:57:37.237829 osdx OSDxCLI[13781]: User 'admin' added a new cfg line: 'set system conntrack logging events all'. Feb 19 16:57:37.431669 osdx OSDxCLI[13781]: User 'admin' added a new cfg line: 'show working'. Feb 19 16:57:37.684481 osdx INFO[20896]: FRR daemons did not change Feb 19 16:57:37.933061 osdx systemd[1]: Starting ulogd2.service - Netfilter Userspace Logging Daemon... Feb 19 16:57:37.934475 osdx systemd[1]: Started ulogd2.service - Netfilter Userspace Logging Daemon. Feb 19 16:57:37.934739 osdx ulogd[20965]: registering plugin `NFCT' Feb 19 16:57:37.934828 osdx ulogd[20965]: registering plugin `IP2STR' Feb 19 16:57:37.934917 osdx ulogd[20965]: registering plugin `PRINTFLOW' Feb 19 16:57:37.935023 osdx ulogd[20965]: registering plugin `SYSLOG' Feb 19 16:57:37.935029 osdx ulogd[20965]: building new pluginstance stack: 'ct1:NFCT,ip2str1:IP2STR,print1:PRINTFLOW,sys1:SYSLOG' Feb 19 16:57:37.935102 osdx ulogd[20965]: NFCT plugin working in event mode Feb 19 16:57:37.935114 osdx ulogd[20965]: Changing UID / GID Feb 19 16:57:37.935249 osdx ulogd[20965]: initialization finished, entering main loop Feb 19 16:57:38.279242 osdx systemd[1]: Reloading. Feb 19 16:57:38.464464 osdx systemd-sysv-generator[21002]: stat() failed on /etc/init.d/README, ignoring: No such file or directory Feb 19 16:57:38.641415 osdx systemd[1]: Starting logrotate.service - Rotate log files... Feb 19 16:57:38.649789 osdx systemd[1]: Created slice system-suricata.slice - Slice /system/suricata. Feb 19 16:57:38.651281 osdx systemd[1]: Starting suricata@FW.service - Suricata client "FW" service... Feb 19 16:57:38.743728 osdx systemd[1]: logrotate.service: Deactivated successfully. Feb 19 16:57:38.744194 osdx systemd[1]: Finished logrotate.service - Rotate log files. Feb 19 16:57:39.143626 osdx systemd[1]: Started suricata@FW.service - Suricata client "FW" service. Feb 19 16:57:39.363339 osdx INFO[20984]: Rules successfully loaded Feb 19 16:57:39.395674 osdx ulogd[20965]: Terminal signal received, exiting Feb 19 16:57:39.395857 osdx systemd[1]: Stopping ulogd2.service - Netfilter Userspace Logging Daemon... Feb 19 16:57:39.396825 osdx systemd[1]: ulogd2.service: Deactivated successfully. Feb 19 16:57:39.397057 osdx systemd[1]: Stopped ulogd2.service - Netfilter Userspace Logging Daemon. Feb 19 16:57:39.422770 osdx systemd[1]: Starting ulogd2.service - Netfilter Userspace Logging Daemon... Feb 19 16:57:39.424966 osdx systemd[1]: ulogd2.service: Failed to parse PID from file /run/ulog/ulogd.pid: Invalid argument Feb 19 16:57:39.427596 osdx ulogd[21031]: registering plugin `NFCT' Feb 19 16:57:39.427722 osdx ulogd[21031]: registering plugin `IP2STR' Feb 19 16:57:39.427799 osdx ulogd[21031]: registering plugin `PRINTFLOW' Feb 19 16:57:39.427951 osdx ulogd[21031]: registering plugin `SYSLOG' Feb 19 16:57:39.427957 osdx ulogd[21031]: building new pluginstance stack: 'ct1:NFCT,ip2str1:IP2STR,print1:PRINTFLOW,sys1:SYSLOG' Feb 19 16:57:39.428229 osdx ulogd[21031]: NFCT plugin working in event mode Feb 19 16:57:39.428241 osdx ulogd[21031]: Changing UID / GID Feb 19 16:57:39.428571 osdx ulogd[21031]: initialization finished, entering main loop Feb 19 16:57:39.444670 osdx systemd[1]: Started ulogd2.service - Netfilter Userspace Logging Daemon. Feb 19 16:57:39.454029 osdx cfgd[1463]: [13781]Completed change to active configuration Feb 19 16:57:39.592750 osdx OSDxCLI[13781]: User 'admin' committed the configuration. Feb 19 16:57:39.646804 osdx OSDxCLI[13781]: User 'admin' left the configuration menu. Feb 19 16:57:41.405049 osdx ulogd[21031]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 (Sc: not-bypass) Feb 19 16:57:41.405087 osdx ulogd[21031]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 (Sc: not-bypass) Feb 19 16:57:41.676177 osdx ulogd[21031]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 (Sc: not-bypass) Feb 19 16:57:41.676210 osdx ulogd[21031]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 (Sc: not-bypass)
Offload flag
Description
Set a simple configuration with DUT0 as an intermediary between DUT1
and DUT2. Initiate a ssh connection from DUT1 to DUT2
and check that default and offload fields appear when running system journal show.
Scenario
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 192.168.100.1/24 set interfaces ethernet eth1 address 192.168.200.1/24 set system conntrack logging events all set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 2: Set the following configuration in DUT1 :
set interfaces ethernet eth0 address 192.168.100.2/24 set protocols static route 0.0.0.0/0 next-hop 192.168.100.1 set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 3: Set the following configuration in DUT2 :
set interfaces ethernet eth0 address 192.168.200.2/24 set protocols static route 0.0.0.0/0 next-hop 192.168.200.1 set service ssh set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 4: Ping IP address 192.168.100.1 from DUT1:
admin@DUT1$ ping 192.168.100.1 count 1 size 56 timeout 1Show output
PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data. 64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.684 ms --- 192.168.100.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.684/0.684/0.684/0.000 ms
Step 5: Ping IP address 192.168.200.1 from DUT2:
admin@DUT2$ ping 192.168.200.1 count 1 size 56 timeout 1Show output
PING 192.168.200.1 (192.168.200.1) 56(84) bytes of data. 64 bytes from 192.168.200.1: icmp_seq=1 ttl=64 time=0.528 ms --- 192.168.200.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.528/0.528/0.528/0.000 ms
Step 6: Init an SSH connection from DUT1 to IP address 192.168.200.2 with the user admin:
admin@DUT1$ ssh admin@192.168.200.2 option StrictHostKeyChecking=no option UserKnownHostsFile=/dev/nullShow output
Warning: Permanently added '192.168.200.2' (ECDSA) to the list of known hosts. admin@192.168.200.2's password: Welcome to Teldat OSDx v4.2.2.2 This system includes free software. Contact Teldat for licenses information and source code. Last login: Wed Feb 19 16:48:32 2025 admin@osdx$
Step 7: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
ulogd\[.*\]:.*\[((NEW)|(UPDATE)|(DESTROY))\].*\[OFFLOAD\]Show output
Feb 19 16:57:53.486702 osdx systemd-journald[1662]: Runtime Journal (/run/log/journal/a4bff3775ff442739cbb447ef1abd30b) is 2.0M, max 15.3M, 13.2M free. Feb 19 16:57:53.488784 osdx systemd-journald[1662]: Received client request to rotate journal, rotating. Feb 19 16:57:53.488880 osdx systemd-journald[1662]: Vacuuming done, freed 0B of archived journals from /run/log/journal/a4bff3775ff442739cbb447ef1abd30b. Feb 19 16:57:53.506625 osdx OSDxCLI[13781]: User 'admin' executed a new command: 'system journal clear'. Feb 19 16:57:54.179150 osdx osdx-coredump[21253]: Deleting all coredumps in /opt/vyatta/etc/config/coredump... Feb 19 16:57:54.196842 osdx OSDxCLI[13781]: User 'admin' executed a new command: 'system coredump delete all'. Feb 19 16:57:54.946015 osdx OSDxCLI[13781]: User 'admin' entered the configuration menu. Feb 19 16:57:55.087704 osdx OSDxCLI[13781]: User 'admin' added a new cfg line: 'set interfaces ethernet eth1 address 192.168.200.1/24'. Feb 19 16:57:55.200922 osdx OSDxCLI[13781]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 192.168.100.1/24'. Feb 19 16:57:55.299739 osdx OSDxCLI[13781]: User 'admin' added a new cfg line: 'set system conntrack logging events all'. Feb 19 16:57:55.434512 osdx OSDxCLI[13781]: User 'admin' added a new cfg line: 'show working'. Feb 19 16:57:55.550341 osdx INFO[21280]: FRR daemons did not change Feb 19 16:57:55.885512 osdx systemd[1]: Starting ulogd2.service - Netfilter Userspace Logging Daemon... Feb 19 16:57:55.887106 osdx systemd[1]: Started ulogd2.service - Netfilter Userspace Logging Daemon. Feb 19 16:57:55.887251 osdx ulogd[21402]: registering plugin `NFCT' Feb 19 16:57:55.887344 osdx ulogd[21402]: registering plugin `IP2STR' Feb 19 16:57:55.887432 osdx ulogd[21402]: registering plugin `PRINTFLOW' Feb 19 16:57:55.887516 osdx ulogd[21402]: registering plugin `SYSLOG' Feb 19 16:57:55.887523 osdx ulogd[21402]: building new pluginstance stack: 'ct1:NFCT,ip2str1:IP2STR,print1:PRINTFLOW,sys1:SYSLOG' Feb 19 16:57:55.887628 osdx ulogd[21402]: NFCT plugin working in event mode Feb 19 16:57:55.887673 osdx ulogd[21402]: Changing UID / GID Feb 19 16:57:55.887791 osdx ulogd[21402]: initialization finished, entering main loop Feb 19 16:57:55.890179 osdx cfgd[1463]: [13781]Completed change to active configuration Feb 19 16:57:55.941485 osdx OSDxCLI[13781]: User 'admin' committed the configuration. Feb 19 16:57:56.000572 osdx OSDxCLI[13781]: User 'admin' left the configuration menu. Feb 19 16:57:57.620926 osdx ulogd[21402]: [NEW] ORIG: SRC=127.0.0.1 DST=127.0.0.1 PROTO=UDP SPT=35782 DPT=2055 PKTS=0 BYTES=0 , REPLY: SRC=127.0.0.1 DST=127.0.0.1 PROTO=UDP SPT=2055 DPT=35782 PKTS=0 BYTES=0 Feb 19 16:57:58.979242 osdx ulogd[21402]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 Feb 19 16:57:58.979281 osdx ulogd[21402]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 Feb 19 16:57:59.112176 osdx ulogd[21402]: [NEW] ORIG: SRC=192.168.200.2 DST=192.168.200.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.200.1 DST=192.168.200.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 Feb 19 16:57:59.112230 osdx ulogd[21402]: [UPDATE] ORIG: SRC=192.168.200.2 DST=192.168.200.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.200.1 DST=192.168.200.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 Feb 19 16:57:59.266457 osdx ulogd[21402]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.200.2 PROTO=TCP SPT=44016 DPT=22 PKTS=0 BYTES=0 , REPLY: SRC=192.168.200.2 DST=192.168.100.2 PROTO=TCP SPT=22 DPT=44016 PKTS=0 BYTES=0 Feb 19 16:57:59.266657 osdx ulogd[21402]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.200.2 PROTO=TCP SPT=44016 DPT=22 PKTS=0 BYTES=0 , REPLY: SRC=192.168.200.2 DST=192.168.100.2 PROTO=TCP SPT=22 DPT=44016 PKTS=0 BYTES=0 Feb 19 16:57:59.266897 osdx ulogd[21402]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.200.2 PROTO=TCP SPT=44016 DPT=22 PKTS=0 BYTES=0 , REPLY: SRC=192.168.200.2 DST=192.168.100.2 PROTO=TCP SPT=22 DPT=44016 PKTS=0 BYTES=0 [OFFLOAD] Feb 19 16:57:59.650302 osdx ulogd[21402]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.200.2 PROTO=TCP SPT=44016 DPT=22 PKTS=0 BYTES=0 , REPLY: SRC=192.168.200.2 DST=192.168.100.2 PROTO=TCP SPT=22 DPT=44016 PKTS=0 BYTES=0 Feb 19 16:57:59.652919 osdx ulogd[21402]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.200.2 PROTO=TCP SPT=44016 DPT=22 PKTS=0 BYTES=0 , REPLY: SRC=192.168.200.2 DST=192.168.100.2 PROTO=TCP SPT=22 DPT=44016 PKTS=0 BYTES=0 Feb 19 16:57:59.652956 osdx ulogd[21402]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.200.2 PROTO=TCP SPT=44016 DPT=22 PKTS=0 BYTES=0 , REPLY: SRC=192.168.200.2 DST=192.168.100.2 PROTO=TCP SPT=22 DPT=44016 PKTS=0 BYTES=0 [OFFLOAD]
App detect logging
Description
Set a simple configuration enabling app detection in system conntrack, send a ping command from DUT1
and check app detect field appears when running system journal show. After that, enabling app detection
in system conntrack for http host, try to copy index.html from a http server
and check that the app detect field appears and belongs to the http server when running system journal show.
Scenario
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 192.168.100.1/24 set system conntrack app-detect set system conntrack logging events all set system conntrack timeout icmp 1 set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 2: Set the following configuration in DUT1 :
set interfaces ethernet eth0 address 192.168.100.2/24 set protocols static route 0.0.0.0/0 next-hop 192.168.100.1 set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 3: Ping IP address 192.168.100.1 from DUT1:
admin@DUT1$ ping 192.168.100.1 count 1 size 56 timeout 1Show output
PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data. 64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=16.1 ms --- 192.168.100.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 16.071/16.071/16.071/0.000 ms
Step 4: Ping IP address 192.168.100.1 from DUT1:
admin@DUT1$ ping 192.168.100.1 count 3 size 56 timeout 1Show output
PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data. 64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=3.22 ms 64 bytes from 192.168.100.1: icmp_seq=2 ttl=64 time=0.345 ms 64 bytes from 192.168.100.1: icmp_seq=3 ttl=64 time=0.819 ms --- 192.168.100.1 ping statistics --- 3 packets transmitted, 3 received, 0% packet loss, time 2002ms rtt min/avg/max/mdev = 0.345/1.462/3.222/1.259 ms
Step 5: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
ulogd\[.*\]:.*\[NEW\].*APPDETECT\[L3:1\]Show output
Feb 19 16:58:06.541933 osdx systemd-journald[1662]: Runtime Journal (/run/log/journal/a4bff3775ff442739cbb447ef1abd30b) is 2.0M, max 15.3M, 13.2M free. Feb 19 16:58:06.545900 osdx systemd-journald[1662]: Received client request to rotate journal, rotating. Feb 19 16:58:06.546000 osdx systemd-journald[1662]: Vacuuming done, freed 0B of archived journals from /run/log/journal/a4bff3775ff442739cbb447ef1abd30b. Feb 19 16:58:06.560548 osdx OSDxCLI[13781]: User 'admin' executed a new command: 'system journal clear'. Feb 19 16:58:07.194390 osdx osdx-coredump[21563]: Deleting all coredumps in /opt/vyatta/etc/config/coredump... Feb 19 16:58:07.207024 osdx OSDxCLI[13781]: User 'admin' executed a new command: 'system coredump delete all'. Feb 19 16:58:08.025186 osdx OSDxCLI[13781]: User 'admin' entered the configuration menu. Feb 19 16:58:08.177376 osdx OSDxCLI[13781]: User 'admin' added a new cfg line: 'set system conntrack app-detect'. Feb 19 16:58:08.282549 osdx OSDxCLI[13781]: User 'admin' added a new cfg line: 'set system conntrack timeout icmp 1'. Feb 19 16:58:08.424854 osdx OSDxCLI[13781]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 192.168.100.1/24'. Feb 19 16:58:08.516047 osdx OSDxCLI[13781]: User 'admin' added a new cfg line: 'set system conntrack logging events all'. Feb 19 16:58:08.688106 osdx OSDxCLI[13781]: User 'admin' added a new cfg line: 'show working'. Feb 19 16:58:08.862989 osdx INFO[21589]: FRR daemons did not change Feb 19 16:58:09.017930 osdx kernel: app-detect: module init Feb 19 16:58:09.018005 osdx kernel: app-detect: registered: sysctl net.appdetect Feb 19 16:58:09.018029 osdx kernel: app-detect: expression init Feb 19 16:58:09.018042 osdx kernel: app-detect: appid cache initialized Feb 19 16:58:09.018054 osdx kernel: app-detect: appid cache changes counter initialized Feb 19 16:58:09.026233 osdx modulelauncher[21592]: AppDetect: no change in application dictionaries, thus nothing more to do Feb 19 16:58:09.358968 osdx systemd[1]: Starting ulogd2.service - Netfilter Userspace Logging Daemon... Feb 19 16:58:09.362237 osdx systemd[1]: ulogd2.service: Failed to parse PID from file /run/ulog/ulogd.pid: Invalid argument Feb 19 16:58:09.364957 osdx ulogd[21681]: registering plugin `NFCT' Feb 19 16:58:09.365690 osdx ulogd[21681]: registering plugin `IP2STR' Feb 19 16:58:09.366067 osdx systemd[1]: Started ulogd2.service - Netfilter Userspace Logging Daemon. Feb 19 16:58:09.367522 osdx ulogd[21681]: registering plugin `PRINTFLOW' Feb 19 16:58:09.367654 osdx ulogd[21681]: registering plugin `SYSLOG' Feb 19 16:58:09.367662 osdx ulogd[21681]: building new pluginstance stack: 'ct1:NFCT,ip2str1:IP2STR,print1:PRINTFLOW,sys1:SYSLOG' Feb 19 16:58:09.367755 osdx ulogd[21681]: NFCT plugin working in event mode Feb 19 16:58:09.368757 osdx ulogd[21681]: Changing UID / GID Feb 19 16:58:09.368952 osdx ulogd[21681]: initialization finished, entering main loop Feb 19 16:58:09.373035 osdx cfgd[1463]: [13781]Completed change to active configuration Feb 19 16:58:09.450515 osdx OSDxCLI[13781]: User 'admin' committed the configuration. Feb 19 16:58:09.496796 osdx OSDxCLI[13781]: User 'admin' left the configuration menu. Feb 19 16:58:11.148907 osdx ulogd[21681]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Feb 19 16:58:11.148956 osdx ulogd[21681]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Feb 19 16:58:11.308868 osdx ulogd[21681]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Feb 19 16:58:11.308905 osdx ulogd[21681]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Feb 19 16:58:12.307345 osdx ulogd[21681]: [DESTROY] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 APPDETECT[L3:1] Feb 19 16:58:12.307384 osdx ulogd[21681]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Feb 19 16:58:12.307408 osdx ulogd[21681]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Feb 19 16:58:13.308498 osdx ulogd[21681]: [DESTROY] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 APPDETECT[L3:1] Feb 19 16:58:13.308539 osdx ulogd[21681]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Feb 19 16:58:13.308571 osdx ulogd[21681]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1]
Step 6: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
ulogd\[.*\]:.*\[UPDATE\].*APPDETECT\[L3:1\]Show output
Feb 19 16:58:06.541933 osdx systemd-journald[1662]: Runtime Journal (/run/log/journal/a4bff3775ff442739cbb447ef1abd30b) is 2.0M, max 15.3M, 13.2M free. Feb 19 16:58:06.545900 osdx systemd-journald[1662]: Received client request to rotate journal, rotating. Feb 19 16:58:06.546000 osdx systemd-journald[1662]: Vacuuming done, freed 0B of archived journals from /run/log/journal/a4bff3775ff442739cbb447ef1abd30b. Feb 19 16:58:06.560548 osdx OSDxCLI[13781]: User 'admin' executed a new command: 'system journal clear'. Feb 19 16:58:07.194390 osdx osdx-coredump[21563]: Deleting all coredumps in /opt/vyatta/etc/config/coredump... Feb 19 16:58:07.207024 osdx OSDxCLI[13781]: User 'admin' executed a new command: 'system coredump delete all'. Feb 19 16:58:08.025186 osdx OSDxCLI[13781]: User 'admin' entered the configuration menu. Feb 19 16:58:08.177376 osdx OSDxCLI[13781]: User 'admin' added a new cfg line: 'set system conntrack app-detect'. Feb 19 16:58:08.282549 osdx OSDxCLI[13781]: User 'admin' added a new cfg line: 'set system conntrack timeout icmp 1'. Feb 19 16:58:08.424854 osdx OSDxCLI[13781]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 192.168.100.1/24'. Feb 19 16:58:08.516047 osdx OSDxCLI[13781]: User 'admin' added a new cfg line: 'set system conntrack logging events all'. Feb 19 16:58:08.688106 osdx OSDxCLI[13781]: User 'admin' added a new cfg line: 'show working'. Feb 19 16:58:08.862989 osdx INFO[21589]: FRR daemons did not change Feb 19 16:58:09.017930 osdx kernel: app-detect: module init Feb 19 16:58:09.018005 osdx kernel: app-detect: registered: sysctl net.appdetect Feb 19 16:58:09.018029 osdx kernel: app-detect: expression init Feb 19 16:58:09.018042 osdx kernel: app-detect: appid cache initialized Feb 19 16:58:09.018054 osdx kernel: app-detect: appid cache changes counter initialized Feb 19 16:58:09.026233 osdx modulelauncher[21592]: AppDetect: no change in application dictionaries, thus nothing more to do Feb 19 16:58:09.358968 osdx systemd[1]: Starting ulogd2.service - Netfilter Userspace Logging Daemon... Feb 19 16:58:09.362237 osdx systemd[1]: ulogd2.service: Failed to parse PID from file /run/ulog/ulogd.pid: Invalid argument Feb 19 16:58:09.364957 osdx ulogd[21681]: registering plugin `NFCT' Feb 19 16:58:09.365690 osdx ulogd[21681]: registering plugin `IP2STR' Feb 19 16:58:09.366067 osdx systemd[1]: Started ulogd2.service - Netfilter Userspace Logging Daemon. Feb 19 16:58:09.367522 osdx ulogd[21681]: registering plugin `PRINTFLOW' Feb 19 16:58:09.367654 osdx ulogd[21681]: registering plugin `SYSLOG' Feb 19 16:58:09.367662 osdx ulogd[21681]: building new pluginstance stack: 'ct1:NFCT,ip2str1:IP2STR,print1:PRINTFLOW,sys1:SYSLOG' Feb 19 16:58:09.367755 osdx ulogd[21681]: NFCT plugin working in event mode Feb 19 16:58:09.368757 osdx ulogd[21681]: Changing UID / GID Feb 19 16:58:09.368952 osdx ulogd[21681]: initialization finished, entering main loop Feb 19 16:58:09.373035 osdx cfgd[1463]: [13781]Completed change to active configuration Feb 19 16:58:09.450515 osdx OSDxCLI[13781]: User 'admin' committed the configuration. Feb 19 16:58:09.496796 osdx OSDxCLI[13781]: User 'admin' left the configuration menu. Feb 19 16:58:11.148907 osdx ulogd[21681]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Feb 19 16:58:11.148956 osdx ulogd[21681]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Feb 19 16:58:11.308868 osdx ulogd[21681]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Feb 19 16:58:11.308905 osdx ulogd[21681]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Feb 19 16:58:12.307345 osdx ulogd[21681]: [DESTROY] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 APPDETECT[L3:1] Feb 19 16:58:12.307384 osdx ulogd[21681]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Feb 19 16:58:12.307408 osdx ulogd[21681]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Feb 19 16:58:13.308498 osdx ulogd[21681]: [DESTROY] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 APPDETECT[L3:1] Feb 19 16:58:13.308539 osdx ulogd[21681]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Feb 19 16:58:13.308571 osdx ulogd[21681]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Feb 19 16:58:13.462774 osdx OSDxCLI[13781]: User 'admin' executed a new command: 'system journal show | cat'.
Step 7: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
ulogd\[.*\]:.*\[DESTROY\].*APPDETECT\[L3:1\]Show output
Feb 19 16:58:06.541933 osdx systemd-journald[1662]: Runtime Journal (/run/log/journal/a4bff3775ff442739cbb447ef1abd30b) is 2.0M, max 15.3M, 13.2M free. Feb 19 16:58:06.545900 osdx systemd-journald[1662]: Received client request to rotate journal, rotating. Feb 19 16:58:06.546000 osdx systemd-journald[1662]: Vacuuming done, freed 0B of archived journals from /run/log/journal/a4bff3775ff442739cbb447ef1abd30b. Feb 19 16:58:06.560548 osdx OSDxCLI[13781]: User 'admin' executed a new command: 'system journal clear'. Feb 19 16:58:07.194390 osdx osdx-coredump[21563]: Deleting all coredumps in /opt/vyatta/etc/config/coredump... Feb 19 16:58:07.207024 osdx OSDxCLI[13781]: User 'admin' executed a new command: 'system coredump delete all'. Feb 19 16:58:08.025186 osdx OSDxCLI[13781]: User 'admin' entered the configuration menu. Feb 19 16:58:08.177376 osdx OSDxCLI[13781]: User 'admin' added a new cfg line: 'set system conntrack app-detect'. Feb 19 16:58:08.282549 osdx OSDxCLI[13781]: User 'admin' added a new cfg line: 'set system conntrack timeout icmp 1'. Feb 19 16:58:08.424854 osdx OSDxCLI[13781]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 192.168.100.1/24'. Feb 19 16:58:08.516047 osdx OSDxCLI[13781]: User 'admin' added a new cfg line: 'set system conntrack logging events all'. Feb 19 16:58:08.688106 osdx OSDxCLI[13781]: User 'admin' added a new cfg line: 'show working'. Feb 19 16:58:08.862989 osdx INFO[21589]: FRR daemons did not change Feb 19 16:58:09.017930 osdx kernel: app-detect: module init Feb 19 16:58:09.018005 osdx kernel: app-detect: registered: sysctl net.appdetect Feb 19 16:58:09.018029 osdx kernel: app-detect: expression init Feb 19 16:58:09.018042 osdx kernel: app-detect: appid cache initialized Feb 19 16:58:09.018054 osdx kernel: app-detect: appid cache changes counter initialized Feb 19 16:58:09.026233 osdx modulelauncher[21592]: AppDetect: no change in application dictionaries, thus nothing more to do Feb 19 16:58:09.358968 osdx systemd[1]: Starting ulogd2.service - Netfilter Userspace Logging Daemon... Feb 19 16:58:09.362237 osdx systemd[1]: ulogd2.service: Failed to parse PID from file /run/ulog/ulogd.pid: Invalid argument Feb 19 16:58:09.364957 osdx ulogd[21681]: registering plugin `NFCT' Feb 19 16:58:09.365690 osdx ulogd[21681]: registering plugin `IP2STR' Feb 19 16:58:09.366067 osdx systemd[1]: Started ulogd2.service - Netfilter Userspace Logging Daemon. Feb 19 16:58:09.367522 osdx ulogd[21681]: registering plugin `PRINTFLOW' Feb 19 16:58:09.367654 osdx ulogd[21681]: registering plugin `SYSLOG' Feb 19 16:58:09.367662 osdx ulogd[21681]: building new pluginstance stack: 'ct1:NFCT,ip2str1:IP2STR,print1:PRINTFLOW,sys1:SYSLOG' Feb 19 16:58:09.367755 osdx ulogd[21681]: NFCT plugin working in event mode Feb 19 16:58:09.368757 osdx ulogd[21681]: Changing UID / GID Feb 19 16:58:09.368952 osdx ulogd[21681]: initialization finished, entering main loop Feb 19 16:58:09.373035 osdx cfgd[1463]: [13781]Completed change to active configuration Feb 19 16:58:09.450515 osdx OSDxCLI[13781]: User 'admin' committed the configuration. Feb 19 16:58:09.496796 osdx OSDxCLI[13781]: User 'admin' left the configuration menu. Feb 19 16:58:11.148907 osdx ulogd[21681]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Feb 19 16:58:11.148956 osdx ulogd[21681]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Feb 19 16:58:11.308868 osdx ulogd[21681]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Feb 19 16:58:11.308905 osdx ulogd[21681]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Feb 19 16:58:12.307345 osdx ulogd[21681]: [DESTROY] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 APPDETECT[L3:1] Feb 19 16:58:12.307384 osdx ulogd[21681]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Feb 19 16:58:12.307408 osdx ulogd[21681]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Feb 19 16:58:13.308498 osdx ulogd[21681]: [DESTROY] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 APPDETECT[L3:1] Feb 19 16:58:13.308539 osdx ulogd[21681]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Feb 19 16:58:13.308571 osdx ulogd[21681]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Feb 19 16:58:13.462774 osdx OSDxCLI[13781]: User 'admin' executed a new command: 'system journal show | cat'. Feb 19 16:58:13.687315 osdx OSDxCLI[13781]: User 'admin' executed a new command: 'system journal show | cat'.
Step 8: Modify the following configuration lines in DUT0 :
set interfaces ethernet eth1 address 10.215.168.64/24 set system conntrack app-detect http-host
Step 9: Ping IP address 10.215.168.1 from DUT0:
admin@DUT0$ ping 10.215.168.1 count 1 size 56 timeout 1Show output
PING 10.215.168.1 (10.215.168.1) 56(84) bytes of data. 64 bytes from 10.215.168.1: icmp_seq=1 ttl=64 time=0.511 ms --- 10.215.168.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.511/0.511/0.511/0.000 ms
Step 10: Run command file copy http://10.215.168.1/~robot/ running://index.html at DUT0 and expect this output:
Show output
% Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 100 972 0 972 0 0 99k 0 --:--:-- --:--:-- --:--:-- 105k
Step 11: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
ulogd\[.*\]:.*\[((NEW)|(UPDATE)|(DESTROY))\].*APPDETECT\[L4:80 http-host:10.215.168.1\]Show output
Feb 19 16:58:06.541933 osdx systemd-journald[1662]: Runtime Journal (/run/log/journal/a4bff3775ff442739cbb447ef1abd30b) is 2.0M, max 15.3M, 13.2M free. Feb 19 16:58:06.545900 osdx systemd-journald[1662]: Received client request to rotate journal, rotating. Feb 19 16:58:06.546000 osdx systemd-journald[1662]: Vacuuming done, freed 0B of archived journals from /run/log/journal/a4bff3775ff442739cbb447ef1abd30b. Feb 19 16:58:06.560548 osdx OSDxCLI[13781]: User 'admin' executed a new command: 'system journal clear'. Feb 19 16:58:07.194390 osdx osdx-coredump[21563]: Deleting all coredumps in /opt/vyatta/etc/config/coredump... Feb 19 16:58:07.207024 osdx OSDxCLI[13781]: User 'admin' executed a new command: 'system coredump delete all'. Feb 19 16:58:08.025186 osdx OSDxCLI[13781]: User 'admin' entered the configuration menu. Feb 19 16:58:08.177376 osdx OSDxCLI[13781]: User 'admin' added a new cfg line: 'set system conntrack app-detect'. Feb 19 16:58:08.282549 osdx OSDxCLI[13781]: User 'admin' added a new cfg line: 'set system conntrack timeout icmp 1'. Feb 19 16:58:08.424854 osdx OSDxCLI[13781]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 192.168.100.1/24'. Feb 19 16:58:08.516047 osdx OSDxCLI[13781]: User 'admin' added a new cfg line: 'set system conntrack logging events all'. Feb 19 16:58:08.688106 osdx OSDxCLI[13781]: User 'admin' added a new cfg line: 'show working'. Feb 19 16:58:08.862989 osdx INFO[21589]: FRR daemons did not change Feb 19 16:58:09.017930 osdx kernel: app-detect: module init Feb 19 16:58:09.018005 osdx kernel: app-detect: registered: sysctl net.appdetect Feb 19 16:58:09.018029 osdx kernel: app-detect: expression init Feb 19 16:58:09.018042 osdx kernel: app-detect: appid cache initialized Feb 19 16:58:09.018054 osdx kernel: app-detect: appid cache changes counter initialized Feb 19 16:58:09.026233 osdx modulelauncher[21592]: AppDetect: no change in application dictionaries, thus nothing more to do Feb 19 16:58:09.358968 osdx systemd[1]: Starting ulogd2.service - Netfilter Userspace Logging Daemon... Feb 19 16:58:09.362237 osdx systemd[1]: ulogd2.service: Failed to parse PID from file /run/ulog/ulogd.pid: Invalid argument Feb 19 16:58:09.364957 osdx ulogd[21681]: registering plugin `NFCT' Feb 19 16:58:09.365690 osdx ulogd[21681]: registering plugin `IP2STR' Feb 19 16:58:09.366067 osdx systemd[1]: Started ulogd2.service - Netfilter Userspace Logging Daemon. Feb 19 16:58:09.367522 osdx ulogd[21681]: registering plugin `PRINTFLOW' Feb 19 16:58:09.367654 osdx ulogd[21681]: registering plugin `SYSLOG' Feb 19 16:58:09.367662 osdx ulogd[21681]: building new pluginstance stack: 'ct1:NFCT,ip2str1:IP2STR,print1:PRINTFLOW,sys1:SYSLOG' Feb 19 16:58:09.367755 osdx ulogd[21681]: NFCT plugin working in event mode Feb 19 16:58:09.368757 osdx ulogd[21681]: Changing UID / GID Feb 19 16:58:09.368952 osdx ulogd[21681]: initialization finished, entering main loop Feb 19 16:58:09.373035 osdx cfgd[1463]: [13781]Completed change to active configuration Feb 19 16:58:09.450515 osdx OSDxCLI[13781]: User 'admin' committed the configuration. Feb 19 16:58:09.496796 osdx OSDxCLI[13781]: User 'admin' left the configuration menu. Feb 19 16:58:11.148907 osdx ulogd[21681]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Feb 19 16:58:11.148956 osdx ulogd[21681]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Feb 19 16:58:11.308868 osdx ulogd[21681]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Feb 19 16:58:11.308905 osdx ulogd[21681]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Feb 19 16:58:12.307345 osdx ulogd[21681]: [DESTROY] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 APPDETECT[L3:1] Feb 19 16:58:12.307384 osdx ulogd[21681]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Feb 19 16:58:12.307408 osdx ulogd[21681]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Feb 19 16:58:13.308498 osdx ulogd[21681]: [DESTROY] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 APPDETECT[L3:1] Feb 19 16:58:13.308539 osdx ulogd[21681]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Feb 19 16:58:13.308571 osdx ulogd[21681]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Feb 19 16:58:13.462774 osdx OSDxCLI[13781]: User 'admin' executed a new command: 'system journal show | cat'. Feb 19 16:58:13.687315 osdx OSDxCLI[13781]: User 'admin' executed a new command: 'system journal show | cat'. Feb 19 16:58:13.899736 osdx OSDxCLI[13781]: User 'admin' executed a new command: 'system journal show | cat'. Feb 19 16:58:14.187053 osdx OSDxCLI[13781]: User 'admin' entered the configuration menu. Feb 19 16:58:14.352319 osdx OSDxCLI[13781]: User 'admin' added a new cfg line: 'set interfaces ethernet eth1 address 10.215.168.64/24'. Feb 19 16:58:14.450424 osdx OSDxCLI[13781]: User 'admin' added a new cfg line: 'set system conntrack app-detect http-host'. Feb 19 16:58:14.606853 osdx OSDxCLI[13781]: User 'admin' added a new cfg line: 'show changes'. Feb 19 16:58:14.776692 osdx INFO[21736]: FRR daemons did not change Feb 19 16:58:14.805946 osdx kernel: app-detect: expression destroy Feb 19 16:58:14.841921 osdx kernel: app-detect: expression init Feb 19 16:58:14.841983 osdx kernel: app-detect: appid cache initialized Feb 19 16:58:14.842011 osdx kernel: app-detect: appid cache changes counter initialized Feb 19 16:58:14.849917 osdx modulelauncher[21739]: AppDetect: no change in application dictionaries, thus nothing more to do Feb 19 16:58:15.006556 osdx cfgd[1463]: [13781]Completed change to active configuration Feb 19 16:58:15.056387 osdx ulogd[21681]: [DESTROY] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 APPDETECT[L3:1] Feb 19 16:58:15.056448 osdx ulogd[21681]: [DESTROY] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 APPDETECT[L3:1] Feb 19 16:58:15.057528 osdx OSDxCLI[13781]: User 'admin' committed the configuration. Feb 19 16:58:15.101817 osdx OSDxCLI[13781]: User 'admin' left the configuration menu. Feb 19 16:58:15.348708 osdx ulogd[21681]: [NEW] ORIG: SRC=10.215.168.64 DST=10.215.168.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=10.215.168.1 DST=10.215.168.64 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Feb 19 16:58:15.349193 osdx ulogd[21681]: [UPDATE] ORIG: SRC=10.215.168.64 DST=10.215.168.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=10.215.168.1 DST=10.215.168.64 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Feb 19 16:58:15.351305 osdx OSDxCLI[13781]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'. Feb 19 16:58:15.553297 osdx file_operation[21844]: using src url: http://10.215.168.1/~robot/ dst url: running://index.html Feb 19 16:58:15.562861 osdx ulogd[21681]: [NEW] ORIG: SRC=10.215.168.64 DST=10.215.168.1 PROTO=TCP SPT=55140 DPT=80 PKTS=0 BYTES=0 , REPLY: SRC=10.215.168.1 DST=10.215.168.64 PROTO=TCP SPT=80 DPT=55140 PKTS=0 BYTES=0 APPDETECT[L4:80] Feb 19 16:58:15.563090 osdx ulogd[21681]: [UPDATE] ORIG: SRC=10.215.168.64 DST=10.215.168.1 PROTO=TCP SPT=55140 DPT=80 PKTS=0 BYTES=0 , REPLY: SRC=10.215.168.1 DST=10.215.168.64 PROTO=TCP SPT=80 DPT=55140 PKTS=0 BYTES=0 APPDETECT[L4:80] Feb 19 16:58:15.563131 osdx ulogd[21681]: [UPDATE] ORIG: SRC=10.215.168.64 DST=10.215.168.1 PROTO=TCP SPT=55140 DPT=80 PKTS=0 BYTES=0 , REPLY: SRC=10.215.168.1 DST=10.215.168.64 PROTO=TCP SPT=80 DPT=55140 PKTS=0 BYTES=0 APPDETECT[L4:80] Feb 19 16:58:15.567313 osdx ulogd[21681]: [UPDATE] ORIG: SRC=10.215.168.64 DST=10.215.168.1 PROTO=TCP SPT=55140 DPT=80 PKTS=0 BYTES=0 , REPLY: SRC=10.215.168.1 DST=10.215.168.64 PROTO=TCP SPT=80 DPT=55140 PKTS=0 BYTES=0 APPDETECT[L4:80 http-host:10.215.168.1] Feb 19 16:58:15.567507 osdx ulogd[21681]: [UPDATE] ORIG: SRC=10.215.168.64 DST=10.215.168.1 PROTO=TCP SPT=55140 DPT=80 PKTS=0 BYTES=0 , REPLY: SRC=10.215.168.1 DST=10.215.168.64 PROTO=TCP SPT=80 DPT=55140 PKTS=0 BYTES=0 APPDETECT[L4:80 http-host:10.215.168.1] Feb 19 16:58:15.567536 osdx ulogd[21681]: [UPDATE] ORIG: SRC=10.215.168.64 DST=10.215.168.1 PROTO=TCP SPT=55140 DPT=80 PKTS=0 BYTES=0 , REPLY: SRC=10.215.168.1 DST=10.215.168.64 PROTO=TCP SPT=80 DPT=55140 PKTS=0 BYTES=0 APPDETECT[L4:80 http-host:10.215.168.1] Feb 19 16:58:15.599171 osdx OSDxCLI[13781]: User 'admin' executed a new command: 'file copy http://10.215.168.1/~robot/ running://index.html'.
App Detect Drop Packet
Description
Set a traffic policy with action drop for all the packets matching an appid specified by a traffic selector.
Enable http-host and http-url option in system conntrack appdetect path in order to see relevant information about http packets.
Finnally, log that packets with app-id option and check that appdetect field appear in journal when
running system journal show
Scenario
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth1 address 10.215.168.64/24 set interfaces ethernet eth1 traffic policy out DROP set system conntrack app-detect dictionary 130 custom app-id 155 fqdn 10.215.168.1 set system conntrack app-detect enable_dict_match_priv_ip set system conntrack app-detect http-host set system conntrack app-detect http-url set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0' set traffic policy DROP rule 1 action drop set traffic policy DROP rule 1 log app-id set traffic policy DROP rule 1 selector APPID set traffic selector APPID rule 1 app-id custom 155
Step 2: Ping IP address 10.215.168.1 from DUT0:
admin@DUT0$ ping 10.215.168.1 count 1 size 56 timeout 1Show output
PING 10.215.168.1 (10.215.168.1) 56(84) bytes of data. 64 bytes from 10.215.168.1: icmp_seq=1 ttl=64 time=0.271 ms --- 10.215.168.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.271/0.271/0.271/0.000 ms
Step 3: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
osdx kernel:.*APPDETECT\[U:155 http-url:/~robot/ http-host:10.215.168.1\]Show output
Feb 19 16:58:23.462442 osdx systemd-journald[1662]: Runtime Journal (/run/log/journal/a4bff3775ff442739cbb447ef1abd30b) is 2.0M, max 15.3M, 13.3M free. Feb 19 16:58:23.463409 osdx systemd-journald[1662]: Received client request to rotate journal, rotating. Feb 19 16:58:23.463476 osdx systemd-journald[1662]: Vacuuming done, freed 0B of archived journals from /run/log/journal/a4bff3775ff442739cbb447ef1abd30b. Feb 19 16:58:23.487300 osdx OSDxCLI[13781]: User 'admin' executed a new command: 'system journal clear'. Feb 19 16:58:24.127805 osdx osdx-coredump[22001]: Deleting all coredumps in /opt/vyatta/etc/config/coredump... Feb 19 16:58:24.141898 osdx OSDxCLI[13781]: User 'admin' executed a new command: 'system coredump delete all'. Feb 19 16:58:24.989922 osdx OSDxCLI[13781]: User 'admin' entered the configuration menu. Feb 19 16:58:25.120095 osdx OSDxCLI[13781]: User 'admin' added a new cfg line: 'set system conntrack app-detect dictionary 130 custom app-id 155 fqdn 10.215.168.1'. Feb 19 16:58:25.251682 osdx OSDxCLI[13781]: User 'admin' added a new cfg line: 'set system conntrack app-detect enable_dict_match_priv_ip'. Feb 19 16:58:25.378417 osdx OSDxCLI[13781]: User 'admin' added a new cfg line: 'set system conntrack app-detect http-url'. Feb 19 16:58:25.601277 osdx OSDxCLI[13781]: User 'admin' added a new cfg line: 'set traffic selector APPID rule 1 app-id custom 155'. Feb 19 16:58:25.710580 osdx OSDxCLI[13781]: User 'admin' added a new cfg line: 'set traffic policy DROP rule 1 selector APPID'. Feb 19 16:58:25.824882 osdx OSDxCLI[13781]: User 'admin' added a new cfg line: 'set traffic policy DROP rule 1 action drop'. Feb 19 16:58:26.003172 osdx OSDxCLI[13781]: User 'admin' added a new cfg line: 'set traffic policy DROP rule 1 log app-id'. Feb 19 16:58:26.164147 osdx OSDxCLI[13781]: User 'admin' added a new cfg line: 'set interfaces ethernet eth1 traffic policy out DROP'. Feb 19 16:58:26.256971 osdx OSDxCLI[13781]: User 'admin' added a new cfg line: 'set interfaces ethernet eth1 address 10.215.168.64/24'. Feb 19 16:58:26.387055 osdx OSDxCLI[13781]: User 'admin' added a new cfg line: 'set system conntrack app-detect http-host'. Feb 19 16:58:26.574865 osdx OSDxCLI[13781]: User 'admin' added a new cfg line: 'show working'. Feb 19 16:58:26.743400 osdx INFO[22047]: FRR daemons did not change Feb 19 16:58:26.899365 osdx kernel: app-detect: module init Feb 19 16:58:26.899428 osdx kernel: app-detect: registered: sysctl net.appdetect Feb 19 16:58:26.899462 osdx kernel: app-detect: expression init Feb 19 16:58:26.899493 osdx kernel: app-detect: appid cache initialized Feb 19 16:58:26.899518 osdx kernel: app-detect: appid cache changes counter initialized Feb 19 16:58:27.536871 osdx cfgd[1463]: [13781]Completed change to active configuration Feb 19 16:58:27.579171 osdx OSDxCLI[13781]: User 'admin' committed the configuration. Feb 19 16:58:27.617064 osdx OSDxCLI[13781]: User 'admin' left the configuration menu. Feb 19 16:58:27.827702 osdx OSDxCLI[13781]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'. Feb 19 16:58:28.087633 osdx file_operation[22199]: using src url: http://10.215.168.1/~robot/ dst url: running://index.html Feb 19 16:58:28.103393 osdx kernel: [DROP-1] DROP IN= OUT=eth1 SRC=10.215.168.64 DST=10.215.168.1 LEN=306 TOS=0x00 PREC=0x00 TTL=64 ID=15306 DF PROTO=TCP SPT=38864 DPT=80 WINDOW=502 RES=0x00 ACK PSH URGP=0 APPDETECT[U:155 http-url:/~robot/ http-host:10.215.168.1] Feb 19 16:58:28.307383 osdx kernel: [DROP-1] DROP IN= OUT=eth1 SRC=10.215.168.64 DST=10.215.168.1 LEN=306 TOS=0x00 PREC=0x00 TTL=64 ID=15307 DF PROTO=TCP SPT=38864 DPT=80 WINDOW=502 RES=0x00 ACK PSH URGP=0 APPDETECT[U:155 http-url:/~robot/ http-host:10.215.168.1] Feb 19 16:58:28.719431 osdx kernel: [DROP-1] DROP IN= OUT=eth1 SRC=10.215.168.64 DST=10.215.168.1 LEN=306 TOS=0x00 PREC=0x00 TTL=64 ID=15308 DF PROTO=TCP SPT=38864 DPT=80 WINDOW=502 RES=0x00 ACK PSH URGP=0 APPDETECT[U:155 http-url:/~robot/ http-host:10.215.168.1] Feb 19 16:58:29.551441 osdx kernel: [DROP-1] DROP IN= OUT=eth1 SRC=10.215.168.64 DST=10.215.168.1 LEN=306 TOS=0x00 PREC=0x00 TTL=64 ID=15309 DF PROTO=TCP SPT=38864 DPT=80 WINDOW=502 RES=0x00 ACK PSH URGP=0 APPDETECT[U:155 http-url:/~robot/ http-host:10.215.168.1] Feb 19 16:58:31.001803 osdx file_operation.py[22199]: Operation aborted by user. Feb 19 16:58:31.041938 osdx kernel: [DROP-1] DROP IN= OUT=eth1 SRC=10.215.168.64 DST=10.215.168.1 LEN=306 TOS=0x00 PREC=0x00 TTL=64 ID=15310 DF PROTO=TCP SPT=38864 DPT=80 WINDOW=502 RES=0x00 ACK PSH FIN URGP=0 APPDETECT[U:155 http-url:/~robot/ http-host:10.215.168.1] Feb 19 16:58:31.050815 osdx OSDxCLI[13781]: User 'admin' executed a new command: 'file copy http://10.215.168.1/~robot/ running://index.html'. Feb 19 16:58:31.187379 osdx kernel: [DROP-1] DROP IN= OUT=eth1 SRC=10.215.168.64 DST=10.215.168.1 LEN=306 TOS=0x00 PREC=0x00 TTL=64 ID=15311 DF PROTO=TCP SPT=38864 DPT=80 WINDOW=502 RES=0x00 ACK PSH FIN URGP=0 APPDETECT[U:155 http-url:/~robot/ http-host:10.215.168.1]