Logging
The following scenarios show how to configure the conntrack logging option with different traffic policies and services enabled, in order to check that all fields are displayed correctly and all events are captured.
New events
Description
Check NEW sessions events are captured
Scenario
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 192.168.100.1/24 set system conntrack logging events new set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 2: Set the following configuration in DUT1 :
set interfaces ethernet eth0 address 192.168.100.2/24 set protocols static route 0.0.0.0/0 next-hop 192.168.100.1 set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 3: Ping IP address 192.168.100.1 from DUT1:
admin@DUT1$ ping 192.168.100.1 count 1 size 56 timeout 1Show output
PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data. 64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.590 ms --- 192.168.100.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.590/0.590/0.590/0.000 ms
Step 4: Ping IP address 192.168.100.1 from DUT1:
admin@DUT1$ ping 192.168.100.1 count 1 size 56 timeout 1Show output
PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data. 64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.304 ms --- 192.168.100.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.304/0.304/0.304/0.000 ms
Step 5: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
ulogd\[.*\]:.*\[NEW\].*SRC=192.168.100.2Show output
Mar 18 14:22:27.461216 osdx systemd-journald[1661]: Runtime Journal (/run/log/journal/7658cc7836d34fbaba4948b42da24d1a) is 2.0M, max 15.3M, 13.3M free. Mar 18 14:22:27.464225 osdx systemd-journald[1661]: Received client request to rotate journal, rotating. Mar 18 14:22:27.464327 osdx systemd-journald[1661]: Vacuuming done, freed 0B of archived journals from /run/log/journal/7658cc7836d34fbaba4948b42da24d1a. Mar 18 14:22:27.477845 osdx OSDxCLI[22287]: User 'admin' executed a new command: 'system journal clear'. Mar 18 14:22:27.984153 osdx osdx-coredump[57176]: Deleting all coredumps in /opt/vyatta/etc/config/coredump... Mar 18 14:22:27.995742 osdx OSDxCLI[22287]: User 'admin' executed a new command: 'system coredump delete all'. Mar 18 14:22:28.717415 osdx OSDxCLI[22287]: User 'admin' entered the configuration menu. Mar 18 14:22:28.842673 osdx OSDxCLI[22287]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 192.168.100.1/24'. Mar 18 14:22:28.940406 osdx OSDxCLI[22287]: User 'admin' added a new cfg line: 'set system conntrack logging events new'. Mar 18 14:22:29.055571 osdx OSDxCLI[22287]: User 'admin' added a new cfg line: 'show working'. Mar 18 14:22:29.193267 osdx INFO[57200]: FRR daemons did not change Mar 18 14:22:29.232219 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Mar 18 14:22:29.380646 osdx systemd[1]: Starting ulogd2.service - Netfilter Userspace Logging Daemon... Mar 18 14:22:29.385717 osdx systemd[1]: ulogd2.service: Failed to parse PID from file /run/ulog/ulogd.pid: Invalid argument Mar 18 14:22:29.386302 osdx systemd[1]: Started ulogd2.service - Netfilter Userspace Logging Daemon. Mar 18 14:22:29.388518 osdx cfgd[1459]: [22287]Completed change to active configuration Mar 18 14:22:29.390522 osdx ulogd[57269]: registering plugin `NFCT' Mar 18 14:22:29.391610 osdx ulogd[57269]: registering plugin `IP2STR' Mar 18 14:22:29.391727 osdx ulogd[57269]: registering plugin `PRINTFLOW' Mar 18 14:22:29.393008 osdx ulogd[57269]: registering plugin `SYSLOG' Mar 18 14:22:29.393019 osdx ulogd[57269]: building new pluginstance stack: 'ct1:NFCT,ip2str1:IP2STR,print1:PRINTFLOW,sys1:SYSLOG' Mar 18 14:22:29.393090 osdx ulogd[57269]: NFCT plugin working in event mode Mar 18 14:22:29.393101 osdx ulogd[57269]: Changing UID / GID Mar 18 14:22:29.393202 osdx ulogd[57269]: initialization finished, entering main loop Mar 18 14:22:29.430701 osdx OSDxCLI[22287]: User 'admin' committed the configuration. Mar 18 14:22:29.462766 osdx OSDxCLI[22287]: User 'admin' left the configuration menu. Mar 18 14:22:30.566236 osdx ulogd[57269]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 Mar 18 14:22:30.697806 osdx ulogd[57269]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0
Update events
Description
Check UPDATE sessions events are captured
Scenario
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 192.168.100.1/24 set system conntrack logging events update set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 2: Set the following configuration in DUT1 :
set interfaces ethernet eth0 address 192.168.100.2/24 set protocols static route 0.0.0.0/0 next-hop 192.168.100.1 set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 3: Ping IP address 192.168.100.1 from DUT1:
admin@DUT1$ ping 192.168.100.1 count 1 size 56 timeout 1Show output
PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data. 64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.508 ms --- 192.168.100.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.508/0.508/0.508/0.000 ms
Step 4: Ping IP address 192.168.100.1 from DUT1:
admin@DUT1$ ping 192.168.100.1 count 1 size 56 timeout 1Show output
PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data. 64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.400 ms --- 192.168.100.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.400/0.400/0.400/0.000 ms
Step 5: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
ulogd\[.*\]:.*\[UPDATE\].*SRC=192.168.100.2Show output
Mar 18 14:22:36.363529 osdx systemd-journald[1661]: Runtime Journal (/run/log/journal/7658cc7836d34fbaba4948b42da24d1a) is 2.0M, max 15.3M, 13.2M free. Mar 18 14:22:36.366305 osdx systemd-journald[1661]: Received client request to rotate journal, rotating. Mar 18 14:22:36.366380 osdx systemd-journald[1661]: Vacuuming done, freed 0B of archived journals from /run/log/journal/7658cc7836d34fbaba4948b42da24d1a. Mar 18 14:22:36.379398 osdx OSDxCLI[22287]: User 'admin' executed a new command: 'system journal clear'. Mar 18 14:22:36.825287 osdx osdx-coredump[57419]: Deleting all coredumps in /opt/vyatta/etc/config/coredump... Mar 18 14:22:36.835879 osdx OSDxCLI[22287]: User 'admin' executed a new command: 'system coredump delete all'. Mar 18 14:22:37.584167 osdx OSDxCLI[22287]: User 'admin' entered the configuration menu. Mar 18 14:22:37.709717 osdx OSDxCLI[22287]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 192.168.100.1/24'. Mar 18 14:22:37.808917 osdx OSDxCLI[22287]: User 'admin' added a new cfg line: 'set system conntrack logging events update'. Mar 18 14:22:37.949419 osdx OSDxCLI[22287]: User 'admin' added a new cfg line: 'show working'. Mar 18 14:22:38.051408 osdx INFO[57443]: FRR daemons did not change Mar 18 14:22:38.086305 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Mar 18 14:22:38.246728 osdx systemd[1]: Starting ulogd2.service - Netfilter Userspace Logging Daemon... Mar 18 14:22:38.247662 osdx systemd[1]: Started ulogd2.service - Netfilter Userspace Logging Daemon. Mar 18 14:22:38.247923 osdx ulogd[57512]: registering plugin `NFCT' Mar 18 14:22:38.248008 osdx ulogd[57512]: registering plugin `IP2STR' Mar 18 14:22:38.248093 osdx ulogd[57512]: registering plugin `PRINTFLOW' Mar 18 14:22:38.248193 osdx ulogd[57512]: registering plugin `SYSLOG' Mar 18 14:22:38.248200 osdx ulogd[57512]: building new pluginstance stack: 'ct1:NFCT,ip2str1:IP2STR,print1:PRINTFLOW,sys1:SYSLOG' Mar 18 14:22:38.248283 osdx ulogd[57512]: NFCT plugin working in event mode Mar 18 14:22:38.248296 osdx ulogd[57512]: Changing UID / GID Mar 18 14:22:38.248410 osdx ulogd[57512]: initialization finished, entering main loop Mar 18 14:22:38.250562 osdx cfgd[1459]: [22287]Completed change to active configuration Mar 18 14:22:38.286505 osdx OSDxCLI[22287]: User 'admin' committed the configuration. Mar 18 14:22:38.315870 osdx OSDxCLI[22287]: User 'admin' left the configuration menu. Mar 18 14:22:39.414121 osdx ulogd[57512]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 Mar 18 14:22:39.530702 osdx ulogd[57512]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0
Destroy events
Description
Check DESTROY sessions events are captured
Scenario
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 192.168.100.1/24 set service ssh set system conntrack logging events destroy set system conntrack timeout icmp 1 set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 2: Set the following configuration in DUT1 :
set interfaces ethernet eth0 address 192.168.100.2/24 set protocols static route 0.0.0.0/0 next-hop 192.168.100.1 set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 3: Ping IP address 192.168.100.1 from DUT1:
admin@DUT1$ ping 192.168.100.1 count 1 size 56 timeout 1Show output
PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data. 64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.484 ms --- 192.168.100.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.484/0.484/0.484/0.000 ms
Step 4: Ping IP address 192.168.100.1 from DUT1:
admin@DUT1$ ping 192.168.100.1 count 3 size 56 timeout 1Show output
PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data. 64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.271 ms 64 bytes from 192.168.100.1: icmp_seq=2 ttl=64 time=0.274 ms 64 bytes from 192.168.100.1: icmp_seq=3 ttl=64 time=0.342 ms --- 192.168.100.1 ping statistics --- 3 packets transmitted, 3 received, 0% packet loss, time 2025ms rtt min/avg/max/mdev = 0.271/0.295/0.342/0.032 ms
Step 5: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
ulogd\[.*\]:.*\[DESTROY\].*SRC=192.168.100.2Show output
Mar 18 14:22:45.396877 osdx systemd-journald[1661]: Runtime Journal (/run/log/journal/7658cc7836d34fbaba4948b42da24d1a) is 2.0M, max 15.3M, 13.3M free. Mar 18 14:22:45.397762 osdx systemd-journald[1661]: Received client request to rotate journal, rotating. Mar 18 14:22:45.397830 osdx systemd-journald[1661]: Vacuuming done, freed 0B of archived journals from /run/log/journal/7658cc7836d34fbaba4948b42da24d1a. Mar 18 14:22:45.413803 osdx OSDxCLI[22287]: User 'admin' executed a new command: 'system journal clear'. Mar 18 14:22:45.898710 osdx osdx-coredump[57663]: Deleting all coredumps in /opt/vyatta/etc/config/coredump... Mar 18 14:22:45.912187 osdx OSDxCLI[22287]: User 'admin' executed a new command: 'system coredump delete all'. Mar 18 14:22:46.586606 osdx OSDxCLI[22287]: User 'admin' entered the configuration menu. Mar 18 14:22:46.745211 osdx OSDxCLI[22287]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 192.168.100.1/24'. Mar 18 14:22:46.826180 osdx OSDxCLI[22287]: User 'admin' added a new cfg line: 'set system conntrack logging events destroy'. Mar 18 14:22:46.970547 osdx OSDxCLI[22287]: User 'admin' added a new cfg line: 'set system conntrack timeout icmp 1'. Mar 18 14:22:47.065939 osdx OSDxCLI[22287]: User 'admin' added a new cfg line: 'set service ssh'. Mar 18 14:22:47.222688 osdx OSDxCLI[22287]: User 'admin' added a new cfg line: 'show working'. Mar 18 14:22:47.342044 osdx INFO[57695]: FRR daemons did not change Mar 18 14:22:47.389482 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Mar 18 14:22:47.541922 osdx systemd[1]: Starting ulogd2.service - Netfilter Userspace Logging Daemon... Mar 18 14:22:47.543048 osdx systemd[1]: ulogd2.service: Failed to parse PID from file /run/ulog/ulogd.pid: Invalid argument Mar 18 14:22:47.544059 osdx ulogd[57766]: registering plugin `NFCT' Mar 18 14:22:47.544143 osdx ulogd[57766]: registering plugin `IP2STR' Mar 18 14:22:47.544220 osdx ulogd[57766]: registering plugin `PRINTFLOW' Mar 18 14:22:47.544302 osdx ulogd[57766]: registering plugin `SYSLOG' Mar 18 14:22:47.544317 osdx ulogd[57766]: building new pluginstance stack: 'ct1:NFCT,ip2str1:IP2STR,print1:PRINTFLOW,sys1:SYSLOG' Mar 18 14:22:47.544389 osdx ulogd[57766]: NFCT plugin working in event mode Mar 18 14:22:47.544401 osdx ulogd[57766]: Changing UID / GID Mar 18 14:22:47.544517 osdx ulogd[57766]: initialization finished, entering main loop Mar 18 14:22:47.557574 osdx systemd[1]: Started ulogd2.service - Netfilter Userspace Logging Daemon. Mar 18 14:22:47.690046 osdx systemd[1]: Starting ssh.service - OpenBSD Secure Shell server... Mar 18 14:22:47.707346 osdx sshd[57772]: Server listening on 0.0.0.0 port 22. Mar 18 14:22:47.707627 osdx sshd[57772]: Server listening on :: port 22. Mar 18 14:22:47.707827 osdx systemd[1]: Started ssh.service - OpenBSD Secure Shell server. Mar 18 14:22:47.740053 osdx cfgd[1459]: [22287]Completed change to active configuration Mar 18 14:22:47.788432 osdx OSDxCLI[22287]: User 'admin' committed the configuration. Mar 18 14:22:47.823040 osdx OSDxCLI[22287]: User 'admin' left the configuration menu. Mar 18 14:22:50.098535 osdx ulogd[57766]: [DESTROY] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 Mar 18 14:22:51.122584 osdx ulogd[57766]: [DESTROY] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84
Default logging
Description
Set a simple configuration, send a ping command from one device to other
and check that default fields appear when running system journal show.
Scenario
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 192.168.100.1/24 set system conntrack logging events all set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 2: Set the following configuration in DUT1 :
set interfaces ethernet eth0 address 192.168.100.2/24 set protocols static route 0.0.0.0/0 next-hop 192.168.100.1 set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 3: Ping IP address 192.168.100.1 from DUT1:
admin@DUT1$ ping 192.168.100.1 count 1 size 56 timeout 1Show output
PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data. 64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.460 ms --- 192.168.100.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.460/0.460/0.460/0.000 ms
Step 4: Ping IP address 192.168.100.1 from DUT1:
admin@DUT1$ ping 192.168.100.1 count 1 size 56 timeout 1Show output
PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data. 64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.248 ms --- 192.168.100.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.248/0.248/0.248/0.000 ms
Step 5: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
ulogd\[.*\]:.*\[((NEW)|(UPDATE)|(DESTROY))\].*SRC=192.168.100.2Show output
Mar 18 14:23:00.384479 osdx systemd-journald[1661]: Runtime Journal (/run/log/journal/7658cc7836d34fbaba4948b42da24d1a) is 2.0M, max 15.3M, 13.3M free. Mar 18 14:23:00.388199 osdx systemd-journald[1661]: Received client request to rotate journal, rotating. Mar 18 14:23:00.388293 osdx systemd-journald[1661]: Vacuuming done, freed 0B of archived journals from /run/log/journal/7658cc7836d34fbaba4948b42da24d1a. Mar 18 14:23:00.400499 osdx OSDxCLI[22287]: User 'admin' executed a new command: 'system journal clear'. Mar 18 14:23:00.882692 osdx osdx-coredump[57947]: Deleting all coredumps in /opt/vyatta/etc/config/coredump... Mar 18 14:23:00.896312 osdx OSDxCLI[22287]: User 'admin' executed a new command: 'system coredump delete all'. Mar 18 14:23:01.554285 osdx OSDxCLI[22287]: User 'admin' entered the configuration menu. Mar 18 14:23:01.708114 osdx OSDxCLI[22287]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 192.168.100.1/24'. Mar 18 14:23:01.804669 osdx OSDxCLI[22287]: User 'admin' added a new cfg line: 'set system conntrack logging events all'. Mar 18 14:23:01.947224 osdx OSDxCLI[22287]: User 'admin' added a new cfg line: 'show working'. Mar 18 14:23:02.074879 osdx INFO[57974]: FRR daemons did not change Mar 18 14:23:02.112210 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Mar 18 14:23:02.276772 osdx systemd[1]: Starting ulogd2.service - Netfilter Userspace Logging Daemon... Mar 18 14:23:02.277564 osdx systemd[1]: Started ulogd2.service - Netfilter Userspace Logging Daemon. Mar 18 14:23:02.277712 osdx ulogd[58043]: registering plugin `NFCT' Mar 18 14:23:02.277774 osdx ulogd[58043]: registering plugin `IP2STR' Mar 18 14:23:02.277855 osdx ulogd[58043]: registering plugin `PRINTFLOW' Mar 18 14:23:02.277918 osdx ulogd[58043]: registering plugin `SYSLOG' Mar 18 14:23:02.277922 osdx ulogd[58043]: building new pluginstance stack: 'ct1:NFCT,ip2str1:IP2STR,print1:PRINTFLOW,sys1:SYSLOG' Mar 18 14:23:02.277982 osdx ulogd[58043]: NFCT plugin working in event mode Mar 18 14:23:02.277994 osdx ulogd[58043]: Changing UID / GID Mar 18 14:23:02.278089 osdx ulogd[58043]: initialization finished, entering main loop Mar 18 14:23:02.280021 osdx cfgd[1459]: [22287]Completed change to active configuration Mar 18 14:23:02.318471 osdx OSDxCLI[22287]: User 'admin' committed the configuration. Mar 18 14:23:02.358071 osdx OSDxCLI[22287]: User 'admin' left the configuration menu. Mar 18 14:23:03.456539 osdx ulogd[58043]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 Mar 18 14:23:03.456566 osdx ulogd[58043]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 Mar 18 14:23:03.581478 osdx ulogd[58043]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 Mar 18 14:23:03.581520 osdx ulogd[58043]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0
Identity logging
Description
Set a simple configuration with identity OSDx_DUT0 for logs entries, send a ping command from one device to other
and check that the identity has changed when running system journal show.
Scenario
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 192.168.100.1/24 set system conntrack logging events all set system conntrack logging identity OSDx_DUT0 set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 2: Set the following configuration in DUT1 :
set interfaces ethernet eth0 address 192.168.100.2/24 set protocols static route 0.0.0.0/0 next-hop 192.168.100.1 set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 3: Ping IP address 192.168.100.1 from DUT1:
admin@DUT1$ ping 192.168.100.1 count 1 size 56 timeout 1Show output
PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data. 64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.635 ms --- 192.168.100.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.635/0.635/0.635/0.000 ms
Step 4: Ping IP address 192.168.100.1 from DUT1:
admin@DUT1$ ping 192.168.100.1 count 1 size 56 timeout 1Show output
PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data. 64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.414 ms --- 192.168.100.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.414/0.414/0.414/0.000 ms
Step 5: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
OSDx_DUT0\[.*\]:.*\[((NEW)|(UPDATE)|(DESTROY))\].*SRC=192.168.100.2Show output
Mar 18 14:23:09.367616 osdx systemd-journald[1661]: Runtime Journal (/run/log/journal/7658cc7836d34fbaba4948b42da24d1a) is 2.0M, max 15.3M, 13.3M free. Mar 18 14:23:09.369524 osdx systemd-journald[1661]: Received client request to rotate journal, rotating. Mar 18 14:23:09.369586 osdx systemd-journald[1661]: Vacuuming done, freed 0B of archived journals from /run/log/journal/7658cc7836d34fbaba4948b42da24d1a. Mar 18 14:23:09.386388 osdx OSDxCLI[22287]: User 'admin' executed a new command: 'system journal clear'. Mar 18 14:23:09.875832 osdx osdx-coredump[58194]: Deleting all coredumps in /opt/vyatta/etc/config/coredump... Mar 18 14:23:09.886686 osdx OSDxCLI[22287]: User 'admin' executed a new command: 'system coredump delete all'. Mar 18 14:23:10.542558 osdx OSDxCLI[22287]: User 'admin' entered the configuration menu. Mar 18 14:23:10.694171 osdx OSDxCLI[22287]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 192.168.100.1/24'. Mar 18 14:23:10.779668 osdx OSDxCLI[22287]: User 'admin' added a new cfg line: 'set system conntrack logging events all'. Mar 18 14:23:10.875618 osdx OSDxCLI[22287]: User 'admin' added a new cfg line: 'set system conntrack logging identity OSDx_DUT0'. Mar 18 14:23:11.007502 osdx OSDxCLI[22287]: User 'admin' added a new cfg line: 'show working'. Mar 18 14:23:11.138619 osdx INFO[58219]: FRR daemons did not change Mar 18 14:23:11.181539 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Mar 18 14:23:11.317824 osdx systemd[1]: Starting ulogd2.service - Netfilter Userspace Logging Daemon... Mar 18 14:23:11.319061 osdx systemd[1]: ulogd2.service: Failed to parse PID from file /run/ulog/ulogd.pid: Invalid argument Mar 18 14:23:11.321575 osdx systemd[1]: Started ulogd2.service - Netfilter Userspace Logging Daemon. Mar 18 14:23:11.322516 osdx ulogd[58288]: registering plugin `NFCT' Mar 18 14:23:11.322594 osdx ulogd[58288]: registering plugin `IP2STR' Mar 18 14:23:11.322704 osdx ulogd[58288]: registering plugin `PRINTFLOW' Mar 18 14:23:11.322921 osdx ulogd[58288]: registering plugin `SYSLOG' Mar 18 14:23:11.322935 osdx ulogd[58288]: building new pluginstance stack: 'ct1:NFCT,ip2str1:IP2STR,print1:PRINTFLOW,sys1:SYSLOG' Mar 18 14:23:11.323299 osdx cfgd[1459]: [22287]Completed change to active configuration Mar 18 14:23:11.323571 osdx ulogd[58288]: NFCT plugin working in event mode Mar 18 14:23:11.323644 osdx OSDx_DUT0[58288]: Changing UID / GID Mar 18 14:23:11.323785 osdx OSDx_DUT0[58288]: initialization finished, entering main loop Mar 18 14:23:11.360262 osdx OSDxCLI[22287]: User 'admin' committed the configuration. Mar 18 14:23:11.386456 osdx OSDxCLI[22287]: User 'admin' left the configuration menu. Mar 18 14:23:12.549235 osdx OSDx_DUT0[58288]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 Mar 18 14:23:12.549270 osdx OSDx_DUT0[58288]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 Mar 18 14:23:12.668917 osdx OSDx_DUT0[58288]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 Mar 18 14:23:12.668960 osdx OSDx_DUT0[58288]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0
Note
If the identity is not provided, “ulogd” will be used by default.
Step 6: Modify the following configuration lines in DUT0 :
delete system conntrack logging identity
Step 7: Ping IP address 192.168.100.1 from DUT1:
admin@DUT1$ ping 192.168.100.1 count 1 size 56 timeout 1Show output
PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data. 64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.314 ms --- 192.168.100.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.314/0.314/0.314/0.000 ms
Step 8: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
ulogd\[.*\]:.*\[((NEW)|(UPDATE)|(DESTROY))\].*SRC=192.168.100.2Show output
Mar 18 14:23:09.367616 osdx systemd-journald[1661]: Runtime Journal (/run/log/journal/7658cc7836d34fbaba4948b42da24d1a) is 2.0M, max 15.3M, 13.3M free. Mar 18 14:23:09.369524 osdx systemd-journald[1661]: Received client request to rotate journal, rotating. Mar 18 14:23:09.369586 osdx systemd-journald[1661]: Vacuuming done, freed 0B of archived journals from /run/log/journal/7658cc7836d34fbaba4948b42da24d1a. Mar 18 14:23:09.386388 osdx OSDxCLI[22287]: User 'admin' executed a new command: 'system journal clear'. Mar 18 14:23:09.875832 osdx osdx-coredump[58194]: Deleting all coredumps in /opt/vyatta/etc/config/coredump... Mar 18 14:23:09.886686 osdx OSDxCLI[22287]: User 'admin' executed a new command: 'system coredump delete all'. Mar 18 14:23:10.542558 osdx OSDxCLI[22287]: User 'admin' entered the configuration menu. Mar 18 14:23:10.694171 osdx OSDxCLI[22287]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 192.168.100.1/24'. Mar 18 14:23:10.779668 osdx OSDxCLI[22287]: User 'admin' added a new cfg line: 'set system conntrack logging events all'. Mar 18 14:23:10.875618 osdx OSDxCLI[22287]: User 'admin' added a new cfg line: 'set system conntrack logging identity OSDx_DUT0'. Mar 18 14:23:11.007502 osdx OSDxCLI[22287]: User 'admin' added a new cfg line: 'show working'. Mar 18 14:23:11.138619 osdx INFO[58219]: FRR daemons did not change Mar 18 14:23:11.181539 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Mar 18 14:23:11.317824 osdx systemd[1]: Starting ulogd2.service - Netfilter Userspace Logging Daemon... Mar 18 14:23:11.319061 osdx systemd[1]: ulogd2.service: Failed to parse PID from file /run/ulog/ulogd.pid: Invalid argument Mar 18 14:23:11.321575 osdx systemd[1]: Started ulogd2.service - Netfilter Userspace Logging Daemon. Mar 18 14:23:11.322516 osdx ulogd[58288]: registering plugin `NFCT' Mar 18 14:23:11.322594 osdx ulogd[58288]: registering plugin `IP2STR' Mar 18 14:23:11.322704 osdx ulogd[58288]: registering plugin `PRINTFLOW' Mar 18 14:23:11.322921 osdx ulogd[58288]: registering plugin `SYSLOG' Mar 18 14:23:11.322935 osdx ulogd[58288]: building new pluginstance stack: 'ct1:NFCT,ip2str1:IP2STR,print1:PRINTFLOW,sys1:SYSLOG' Mar 18 14:23:11.323299 osdx cfgd[1459]: [22287]Completed change to active configuration Mar 18 14:23:11.323571 osdx ulogd[58288]: NFCT plugin working in event mode Mar 18 14:23:11.323644 osdx OSDx_DUT0[58288]: Changing UID / GID Mar 18 14:23:11.323785 osdx OSDx_DUT0[58288]: initialization finished, entering main loop Mar 18 14:23:11.360262 osdx OSDxCLI[22287]: User 'admin' committed the configuration. Mar 18 14:23:11.386456 osdx OSDxCLI[22287]: User 'admin' left the configuration menu. Mar 18 14:23:12.549235 osdx OSDx_DUT0[58288]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 Mar 18 14:23:12.549270 osdx OSDx_DUT0[58288]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 Mar 18 14:23:12.668917 osdx OSDx_DUT0[58288]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 Mar 18 14:23:12.668960 osdx OSDx_DUT0[58288]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 Mar 18 14:23:12.796794 osdx OSDxCLI[22287]: User 'admin' executed a new command: 'system journal show | cat'. Mar 18 14:23:13.031826 osdx OSDxCLI[22287]: User 'admin' entered the configuration menu. Mar 18 14:23:13.162871 osdx OSDxCLI[22287]: User 'admin' added a new cfg line: 'delete system conntrack logging identity'. Mar 18 14:23:13.309438 osdx OSDxCLI[22287]: User 'admin' added a new cfg line: 'show changes'. Mar 18 14:23:13.417336 osdx INFO[58324]: FRR daemons did not change Mar 18 14:23:13.432124 osdx OSDx_DUT0[58288]: Terminal signal received, exiting Mar 18 14:23:13.432160 osdx systemd[1]: Stopping ulogd2.service - Netfilter Userspace Logging Daemon... Mar 18 14:23:13.433054 osdx systemd[1]: ulogd2.service: Deactivated successfully. Mar 18 14:23:13.433199 osdx systemd[1]: Stopped ulogd2.service - Netfilter Userspace Logging Daemon. Mar 18 14:23:13.458119 osdx systemd[1]: Starting ulogd2.service - Netfilter Userspace Logging Daemon... Mar 18 14:23:13.459103 osdx systemd[1]: Started ulogd2.service - Netfilter Userspace Logging Daemon. Mar 18 14:23:13.459879 osdx ulogd[58333]: registering plugin `NFCT' Mar 18 14:23:13.460229 osdx ulogd[58333]: registering plugin `IP2STR' Mar 18 14:23:13.460397 osdx ulogd[58333]: registering plugin `PRINTFLOW' Mar 18 14:23:13.460580 osdx ulogd[58333]: registering plugin `SYSLOG' Mar 18 14:23:13.460657 osdx ulogd[58333]: building new pluginstance stack: 'ct1:NFCT,ip2str1:IP2STR,print1:PRINTFLOW,sys1:SYSLOG' Mar 18 14:23:13.460817 osdx ulogd[58333]: NFCT plugin working in event mode Mar 18 14:23:13.461060 osdx ulogd[58333]: Changing UID / GID Mar 18 14:23:13.461512 osdx cfgd[1459]: [22287]Completed change to active configuration Mar 18 14:23:13.461804 osdx ulogd[58333]: initialization finished, entering main loop Mar 18 14:23:13.463769 osdx ulogd[58333]: [DESTROY] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 Mar 18 14:23:13.463863 osdx ulogd[58333]: [DESTROY] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 Mar 18 14:23:13.464712 osdx OSDxCLI[22287]: User 'admin' committed the configuration. Mar 18 14:23:13.496172 osdx OSDxCLI[22287]: User 'admin' left the configuration menu. Mar 18 14:23:13.685641 osdx ulogd[58333]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 Mar 18 14:23:13.685864 osdx ulogd[58333]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0
Policies logging
Description
Set a simple configuration with mark and label traffic policies,
send a ping command from one device to other
and check that default, mark and label fields appear when running system journal show.
Scenario
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 192.168.100.1/24 set interfaces ethernet eth0 traffic policy in POLICY set system conntrack logging events all set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0' set traffic label TEST set traffic policy POLICY rule 1 set connmark 33 set traffic policy POLICY rule 1 set label TEST
Step 2: Set the following configuration in DUT1 :
set interfaces ethernet eth0 address 192.168.100.2/24 set protocols static route 0.0.0.0/0 next-hop 192.168.100.1 set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 3: Ping IP address 192.168.100.1 from DUT1:
admin@DUT1$ ping 192.168.100.1 count 1 size 56 timeout 1Show output
PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data. 64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.484 ms --- 192.168.100.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.484/0.484/0.484/0.000 ms
Step 4: Ping IP address 192.168.100.1 from DUT1:
admin@DUT1$ ping 192.168.100.1 count 2 size 56 timeout 1Show output
PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data. 64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.381 ms 64 bytes from 192.168.100.1: icmp_seq=2 ttl=64 time=0.341 ms --- 192.168.100.1 ping statistics --- 2 packets transmitted, 2 received, 0% packet loss, time 1029ms rtt min/avg/max/mdev = 0.341/0.361/0.381/0.020 ms
Step 5: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
ulogd\[.*\]:.*\[((NEW)|(UPDATE)|(DESTROY))\].*MARK=33.*LABELS=TESTShow output
Mar 18 14:23:19.411959 osdx systemd-journald[1661]: Runtime Journal (/run/log/journal/7658cc7836d34fbaba4948b42da24d1a) is 2.0M, max 15.3M, 13.3M free. Mar 18 14:23:19.413279 osdx systemd-journald[1661]: Received client request to rotate journal, rotating. Mar 18 14:23:19.413345 osdx systemd-journald[1661]: Vacuuming done, freed 0B of archived journals from /run/log/journal/7658cc7836d34fbaba4948b42da24d1a. Mar 18 14:23:19.428223 osdx OSDxCLI[22287]: User 'admin' executed a new command: 'system journal clear'. Mar 18 14:23:19.959040 osdx osdx-coredump[58467]: Deleting all coredumps in /opt/vyatta/etc/config/coredump... Mar 18 14:23:19.970264 osdx OSDxCLI[22287]: User 'admin' executed a new command: 'system coredump delete all'. Mar 18 14:23:20.669028 osdx OSDxCLI[22287]: User 'admin' entered the configuration menu. Mar 18 14:23:20.822208 osdx OSDxCLI[22287]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 traffic policy in POLICY'. Mar 18 14:23:20.922828 osdx OSDxCLI[22287]: User 'admin' added a new cfg line: 'set traffic label TEST'. Mar 18 14:23:21.049443 osdx OSDxCLI[22287]: User 'admin' added a new cfg line: 'set traffic policy POLICY rule 1 set connmark 33'. Mar 18 14:23:21.141536 osdx OSDxCLI[22287]: User 'admin' added a new cfg line: 'set traffic policy POLICY rule 1 set label TEST'. Mar 18 14:23:21.233695 osdx OSDxCLI[22287]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 192.168.100.1/24'. Mar 18 14:23:21.325560 osdx OSDxCLI[22287]: User 'admin' added a new cfg line: 'set system conntrack logging events all'. Mar 18 14:23:21.445593 osdx OSDxCLI[22287]: User 'admin' added a new cfg line: 'show working'. Mar 18 14:23:21.557963 osdx INFO[58501]: FRR daemons did not change Mar 18 14:23:21.597277 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Mar 18 14:23:21.749645 osdx systemd[1]: Starting ulogd2.service - Netfilter Userspace Logging Daemon... Mar 18 14:23:21.751074 osdx systemd[1]: Started ulogd2.service - Netfilter Userspace Logging Daemon. Mar 18 14:23:21.751199 osdx ulogd[58570]: registering plugin `NFCT' Mar 18 14:23:21.751261 osdx ulogd[58570]: registering plugin `IP2STR' Mar 18 14:23:21.751315 osdx ulogd[58570]: registering plugin `PRINTFLOW' Mar 18 14:23:21.751374 osdx ulogd[58570]: registering plugin `SYSLOG' Mar 18 14:23:21.751379 osdx ulogd[58570]: building new pluginstance stack: 'ct1:NFCT,ip2str1:IP2STR,print1:PRINTFLOW,sys1:SYSLOG' Mar 18 14:23:21.751432 osdx ulogd[58570]: NFCT plugin working in event mode Mar 18 14:23:21.751442 osdx ulogd[58570]: Changing UID / GID Mar 18 14:23:21.751537 osdx ulogd[58570]: initialization finished, entering main loop Mar 18 14:23:21.766806 osdx ulogd[58570]: Terminal signal received, exiting Mar 18 14:23:21.766917 osdx systemd[1]: Stopping ulogd2.service - Netfilter Userspace Logging Daemon... Mar 18 14:23:21.767402 osdx systemd[1]: ulogd2.service: Deactivated successfully. Mar 18 14:23:21.767534 osdx systemd[1]: Stopped ulogd2.service - Netfilter Userspace Logging Daemon. Mar 18 14:23:21.768751 osdx systemd[1]: Starting ulogd2.service - Netfilter Userspace Logging Daemon... Mar 18 14:23:21.769820 osdx systemd[1]: ulogd2.service: Failed to parse PID from file /run/ulog/ulogd.pid: Invalid argument Mar 18 14:23:21.770583 osdx ulogd[58576]: registering plugin `NFCT' Mar 18 14:23:21.770661 osdx ulogd[58576]: registering plugin `IP2STR' Mar 18 14:23:21.770731 osdx ulogd[58576]: registering plugin `PRINTFLOW' Mar 18 14:23:21.770821 osdx ulogd[58576]: registering plugin `SYSLOG' Mar 18 14:23:21.770826 osdx ulogd[58576]: building new pluginstance stack: 'ct1:NFCT,ip2str1:IP2STR,print1:PRINTFLOW,sys1:SYSLOG' Mar 18 14:23:21.770881 osdx ulogd[58576]: NFCT plugin working in event mode Mar 18 14:23:21.770890 osdx ulogd[58576]: Changing UID / GID Mar 18 14:23:21.770973 osdx ulogd[58576]: initialization finished, entering main loop Mar 18 14:23:21.785352 osdx systemd[1]: Started ulogd2.service - Netfilter Userspace Logging Daemon. Mar 18 14:23:21.983087 osdx cfgd[1459]: [22287]Completed change to active configuration Mar 18 14:23:22.024259 osdx OSDxCLI[22287]: User 'admin' committed the configuration. Mar 18 14:23:22.051855 osdx OSDxCLI[22287]: User 'admin' left the configuration menu. Mar 18 14:23:23.184149 osdx ulogd[58576]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 MARK=33 LABELS=TEST Mar 18 14:23:23.184197 osdx ulogd[58576]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 MARK=33 Mar 18 14:23:23.309741 osdx ulogd[58576]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 MARK=33 LABELS=TEST Mar 18 14:23:23.309784 osdx ulogd[58576]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 MARK=33
VRF logging
Description
Set a simple configuration with a vrf,
send a ping command from one device to other
and check that default and vrf fields appear when running system journal show.
Scenario
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 192.168.100.1/24 set interfaces ethernet eth0 vrf RED set protocols vrf RED static route 0.0.0.0/0 next-hop 192.168.100.2 set system conntrack logging events all set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0' set system vrf RED
Step 2: Set the following configuration in DUT1 :
set interfaces ethernet eth0 address 192.168.100.2/24 set protocols static route 0.0.0.0/0 next-hop 192.168.100.1 set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 3: Ping IP address 192.168.100.1 from DUT1:
admin@DUT1$ ping 192.168.100.1 count 1 size 56 timeout 1Show output
PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data. 64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.483 ms --- 192.168.100.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.483/0.483/0.483/0.000 ms
Step 4: Ping IP address 192.168.100.1 from DUT1:
admin@DUT1$ ping 192.168.100.1 count 1 size 56 timeout 1Show output
PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data. 64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.296 ms --- 192.168.100.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.296/0.296/0.296/0.000 ms
Step 5: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
ulogd\[.*\]:.*\[((NEW)|(UPDATE)|(DESTROY))\].*VRF=REDShow output
Mar 18 14:23:30.392488 osdx systemd-journald[1661]: Runtime Journal (/run/log/journal/7658cc7836d34fbaba4948b42da24d1a) is 2.0M, max 15.3M, 13.2M free. Mar 18 14:23:30.396287 osdx systemd-journald[1661]: Received client request to rotate journal, rotating. Mar 18 14:23:30.396356 osdx systemd-journald[1661]: Vacuuming done, freed 0B of archived journals from /run/log/journal/7658cc7836d34fbaba4948b42da24d1a. Mar 18 14:23:30.409791 osdx OSDxCLI[22287]: User 'admin' executed a new command: 'system journal clear'. Mar 18 14:23:30.873104 osdx osdx-coredump[58768]: Deleting all coredumps in /opt/vyatta/etc/config/coredump... Mar 18 14:23:30.884231 osdx OSDxCLI[22287]: User 'admin' executed a new command: 'system coredump delete all'. Mar 18 14:23:31.529394 osdx OSDxCLI[22287]: User 'admin' entered the configuration menu. Mar 18 14:23:31.685376 osdx OSDxCLI[22287]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 vrf RED'. Mar 18 14:23:31.767670 osdx OSDxCLI[22287]: User 'admin' added a new cfg line: 'set protocols vrf RED static route 0.0.0.0/0 next-hop 192.168.100.2'. Mar 18 14:23:31.855639 osdx OSDxCLI[22287]: User 'admin' added a new cfg line: 'set system vrf RED'. Mar 18 14:23:31.960478 osdx OSDxCLI[22287]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 192.168.100.1/24'. Mar 18 14:23:32.079176 osdx OSDxCLI[22287]: User 'admin' added a new cfg line: 'set system conntrack logging events all'. Mar 18 14:23:32.205873 osdx OSDxCLI[22287]: User 'admin' added a new cfg line: 'show working'. Mar 18 14:23:32.307308 osdx INFO[58795]: FRR daemons did not change Mar 18 14:23:32.327511 osdx (udev-worker)[58809]: RED: Could not disable auto negotiation, ignoring: Operation not supported Mar 18 14:23:32.327833 osdx (udev-worker)[58809]: Network interface NamePolicy= disabled on kernel command line. Mar 18 14:23:32.360298 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Mar 18 14:23:32.452296 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Mar 18 14:23:32.576696 osdx systemd[1]: Starting ulogd2.service - Netfilter Userspace Logging Daemon... Mar 18 14:23:32.577725 osdx systemd[1]: Started ulogd2.service - Netfilter Userspace Logging Daemon. Mar 18 14:23:32.577824 osdx ulogd[58917]: registering plugin `NFCT' Mar 18 14:23:32.577886 osdx ulogd[58917]: registering plugin `IP2STR' Mar 18 14:23:32.577940 osdx ulogd[58917]: registering plugin `PRINTFLOW' Mar 18 14:23:32.577999 osdx ulogd[58917]: registering plugin `SYSLOG' Mar 18 14:23:32.578003 osdx ulogd[58917]: building new pluginstance stack: 'ct1:NFCT,ip2str1:IP2STR,print1:PRINTFLOW,sys1:SYSLOG' Mar 18 14:23:32.578055 osdx ulogd[58917]: NFCT plugin working in event mode Mar 18 14:23:32.578070 osdx ulogd[58917]: Changing UID / GID Mar 18 14:23:32.578201 osdx ulogd[58917]: initialization finished, entering main loop Mar 18 14:23:32.580364 osdx cfgd[1459]: [22287]Completed change to active configuration Mar 18 14:23:32.616592 osdx OSDxCLI[22287]: User 'admin' committed the configuration. Mar 18 14:23:32.642849 osdx OSDxCLI[22287]: User 'admin' left the configuration menu. Mar 18 14:23:33.734291 osdx ulogd[58917]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 VRF=RED PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 VRF=RED PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 Mar 18 14:23:33.734330 osdx ulogd[58917]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 VRF=RED PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 VRF=RED PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 Mar 18 14:23:33.853311 osdx ulogd[58917]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 VRF=RED PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 VRF=RED PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 Mar 18 14:23:33.853344 osdx ulogd[58917]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 VRF=RED PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 VRF=RED PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0
Not-Bypass logging
Description
Set a simple configuration with a firewall service,
send a ping command from one device to other
and check that default and bypass fields appear when running system journal show.
Scenario
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth1 address 10.215.168.64/24 set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 2: Ping IP address 10.215.168.1 from DUT0:
admin@DUT0$ ping 10.215.168.1 count 1 size 56 timeout 1Show output
PING 10.215.168.1 (10.215.168.1) 56(84) bytes of data. 64 bytes from 10.215.168.1: icmp_seq=1 ttl=64 time=0.305 ms --- 10.215.168.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.305/0.305/0.305/0.000 ms
Step 3: Run command file copy http://10.215.168.1/~robot/test-performance.rules running:// force at DUT0 and expect this output:
Show output
% Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 100 129 100 129 0 0 17446 0 --:--:-- --:--:-- --:--:-- 18428
Step 4: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 192.168.100.1/24 set interfaces ethernet eth0 traffic policy in POLICY set interfaces ethernet eth1 address 10.215.168.64/24 set service firewall FW mode inline queue FW_Q set service firewall FW ruleset file 'running://test-performance.rules' set service firewall FW stream bypass mark 129834765 set service firewall FW stream bypass mask 129834765 set service firewall FW stream bypass set-connmark set system conntrack logging events all set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0' set traffic policy POLICY rule 1 action enqueue FW_Q set traffic queue FW_Q elements 1
Step 5: Set the following configuration in DUT1 :
set interfaces ethernet eth0 address 192.168.100.2/24 set protocols static route 0.0.0.0/0 next-hop 192.168.100.1 set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 6: Ping IP address 192.168.100.1 from DUT1:
admin@DUT1$ ping 192.168.100.1 count 1 size 56 timeout 1Show output
PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data. 64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.654 ms --- 192.168.100.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.654/0.654/0.654/0.000 ms
Step 7: Ping IP address 192.168.100.1 from DUT1:
admin@DUT1$ ping 192.168.100.1 count 1 size 56 timeout 1Show output
PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data. 64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.445 ms --- 192.168.100.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.445/0.445/0.445/0.000 ms
Step 8: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
ulogd\[.*\]:.*\[((NEW)|(UPDATE)|(DESTROY))\].*Sc: not-bypassShow output
Mar 18 14:23:40.378420 osdx systemd-journald[1661]: Runtime Journal (/run/log/journal/7658cc7836d34fbaba4948b42da24d1a) is 2.0M, max 15.3M, 13.2M free. Mar 18 14:23:40.379418 osdx systemd-journald[1661]: Received client request to rotate journal, rotating. Mar 18 14:23:40.379485 osdx systemd-journald[1661]: Vacuuming done, freed 0B of archived journals from /run/log/journal/7658cc7836d34fbaba4948b42da24d1a. Mar 18 14:23:40.394063 osdx OSDxCLI[22287]: User 'admin' executed a new command: 'system journal clear'. Mar 18 14:23:40.860237 osdx osdx-coredump[59127]: Deleting all coredumps in /opt/vyatta/etc/config/coredump... Mar 18 14:23:40.871509 osdx OSDxCLI[22287]: User 'admin' executed a new command: 'system coredump delete all'. Mar 18 14:23:41.560506 osdx OSDxCLI[22287]: User 'admin' entered the configuration menu. Mar 18 14:23:41.761824 osdx OSDxCLI[22287]: User 'admin' added a new cfg line: 'set interfaces ethernet eth1 address 10.215.168.64/24'. Mar 18 14:23:41.858052 osdx OSDxCLI[22287]: User 'admin' added a new cfg line: 'show working'. Mar 18 14:23:41.962173 osdx INFO[59150]: FRR daemons did not change Mar 18 14:23:41.999412 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth1 Mar 18 14:23:42.098819 osdx cfgd[1459]: [22287]Completed change to active configuration Mar 18 14:23:42.134785 osdx OSDxCLI[22287]: User 'admin' committed the configuration. Mar 18 14:23:42.162063 osdx OSDxCLI[22287]: User 'admin' left the configuration menu. Mar 18 14:23:42.360323 osdx OSDxCLI[22287]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'. Mar 18 14:23:42.561010 osdx file_operation[59245]: using src url: http://10.215.168.1/~robot/test-performance.rules dst url: running:// Mar 18 14:23:42.595424 osdx OSDxCLI[22287]: User 'admin' executed a new command: 'file copy http://10.215.168.1/~robot/test-performance.rules running:// force'. Mar 18 14:23:42.772173 osdx OSDxCLI[22287]: User 'admin' entered the configuration menu. Mar 18 14:23:42.887217 osdx OSDxCLI[22287]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 traffic policy in POLICY'. Mar 18 14:23:42.985289 osdx OSDxCLI[22287]: User 'admin' added a new cfg line: 'set service firewall FW mode inline queue FW_Q'. Mar 18 14:23:43.073527 osdx OSDxCLI[22287]: User 'admin' added a new cfg line: 'set service firewall FW ruleset file running://test-performance.rules'. Mar 18 14:23:43.172848 osdx OSDxCLI[22287]: User 'admin' added a new cfg line: 'set service firewall FW stream bypass'. Mar 18 14:23:43.269629 osdx OSDxCLI[22287]: User 'admin' added a new cfg line: 'set service firewall FW stream bypass mark 129834765'. Mar 18 14:23:43.369071 osdx OSDxCLI[22287]: User 'admin' added a new cfg line: 'set service firewall FW stream bypass mask 129834765'. Mar 18 14:23:43.473620 osdx OSDxCLI[22287]: User 'admin' added a new cfg line: 'set service firewall FW stream bypass set-connmark'. Mar 18 14:23:43.598770 osdx OSDxCLI[22287]: User 'admin' added a new cfg line: 'set traffic queue FW_Q elements 1'. Mar 18 14:23:43.713393 osdx OSDxCLI[22287]: User 'admin' added a new cfg line: 'set traffic policy POLICY rule 1 action enqueue FW_Q'. Mar 18 14:23:43.843187 osdx OSDxCLI[22287]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 192.168.100.1/24'. Mar 18 14:23:43.947407 osdx OSDxCLI[22287]: User 'admin' added a new cfg line: 'set system conntrack logging events all'. Mar 18 14:23:44.084429 osdx OSDxCLI[22287]: User 'admin' added a new cfg line: 'show working'. Mar 18 14:23:44.237427 osdx INFO[59294]: FRR daemons did not change Mar 18 14:23:44.275439 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Mar 18 14:23:44.431782 osdx systemd[1]: Starting ulogd2.service - Netfilter Userspace Logging Daemon... Mar 18 14:23:44.433034 osdx systemd[1]: Started ulogd2.service - Netfilter Userspace Logging Daemon. Mar 18 14:23:44.433726 osdx ulogd[59363]: registering plugin `NFCT' Mar 18 14:23:44.433811 osdx ulogd[59363]: registering plugin `IP2STR' Mar 18 14:23:44.433888 osdx ulogd[59363]: registering plugin `PRINTFLOW' Mar 18 14:23:44.433984 osdx ulogd[59363]: registering plugin `SYSLOG' Mar 18 14:23:44.433990 osdx ulogd[59363]: building new pluginstance stack: 'ct1:NFCT,ip2str1:IP2STR,print1:PRINTFLOW,sys1:SYSLOG' Mar 18 14:23:44.434060 osdx ulogd[59363]: NFCT plugin working in event mode Mar 18 14:23:44.434075 osdx ulogd[59363]: Changing UID / GID Mar 18 14:23:44.434186 osdx ulogd[59363]: initialization finished, entering main loop Mar 18 14:23:44.759410 osdx systemd[1]: Reloading. Mar 18 14:23:44.951418 osdx systemd-sysv-generator[59400]: stat() failed on /etc/init.d/README, ignoring: No such file or directory Mar 18 14:23:45.128105 osdx systemd[1]: Starting logrotate.service - Rotate log files... Mar 18 14:23:45.135784 osdx systemd[1]: Created slice system-suricata.slice - Slice /system/suricata. Mar 18 14:23:45.137200 osdx systemd[1]: Starting suricata@FW.service - Suricata client "FW" service... Mar 18 14:23:45.163587 osdx systemd[1]: logrotate.service: Deactivated successfully. Mar 18 14:23:45.163839 osdx systemd[1]: Finished logrotate.service - Rotate log files. Mar 18 14:23:45.487276 osdx systemd[1]: Started suricata@FW.service - Suricata client "FW" service. Mar 18 14:23:45.940155 osdx INFO[59382]: Rules successfully loaded Mar 18 14:23:45.958089 osdx ulogd[59363]: Terminal signal received, exiting Mar 18 14:23:45.958124 osdx systemd[1]: Stopping ulogd2.service - Netfilter Userspace Logging Daemon... Mar 18 14:23:45.958524 osdx systemd[1]: ulogd2.service: Deactivated successfully. Mar 18 14:23:45.958689 osdx systemd[1]: Stopped ulogd2.service - Netfilter Userspace Logging Daemon. Mar 18 14:23:45.992070 osdx systemd[1]: Starting ulogd2.service - Netfilter Userspace Logging Daemon... Mar 18 14:23:45.992995 osdx systemd[1]: Started ulogd2.service - Netfilter Userspace Logging Daemon. Mar 18 14:23:45.993108 osdx ulogd[59428]: registering plugin `NFCT' Mar 18 14:23:45.993171 osdx ulogd[59428]: registering plugin `IP2STR' Mar 18 14:23:45.993265 osdx ulogd[59428]: registering plugin `PRINTFLOW' Mar 18 14:23:45.993337 osdx ulogd[59428]: registering plugin `SYSLOG' Mar 18 14:23:45.993341 osdx ulogd[59428]: building new pluginstance stack: 'ct1:NFCT,ip2str1:IP2STR,print1:PRINTFLOW,sys1:SYSLOG' Mar 18 14:23:45.993394 osdx ulogd[59428]: NFCT plugin working in event mode Mar 18 14:23:45.993403 osdx ulogd[59428]: Changing UID / GID Mar 18 14:23:45.993484 osdx ulogd[59428]: initialization finished, entering main loop Mar 18 14:23:45.996164 osdx cfgd[1459]: [22287]Completed change to active configuration Mar 18 14:23:46.034044 osdx OSDxCLI[22287]: User 'admin' committed the configuration. Mar 18 14:23:46.076845 osdx OSDxCLI[22287]: User 'admin' left the configuration menu. Mar 18 14:23:47.175104 osdx ulogd[59428]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 (Sc: not-bypass) Mar 18 14:23:47.175147 osdx ulogd[59428]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 (Sc: not-bypass) Mar 18 14:23:47.294283 osdx ulogd[59428]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 (Sc: not-bypass) Mar 18 14:23:47.294315 osdx ulogd[59428]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 (Sc: not-bypass)
Offload flag
Description
Set a simple configuration with DUT0 as an intermediary between DUT1
and DUT2. Initiate a ssh connection from DUT1 to DUT2
and check that default and offload fields appear when running system journal show.
Scenario
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 192.168.100.1/24 set interfaces ethernet eth1 address 192.168.200.1/24 set system conntrack logging events all set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 2: Set the following configuration in DUT1 :
set interfaces ethernet eth0 address 192.168.100.2/24 set protocols static route 0.0.0.0/0 next-hop 192.168.100.1 set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 3: Set the following configuration in DUT2 :
set interfaces ethernet eth0 address 192.168.200.2/24 set protocols static route 0.0.0.0/0 next-hop 192.168.200.1 set service ssh set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 4: Ping IP address 192.168.100.1 from DUT1:
admin@DUT1$ ping 192.168.100.1 count 1 size 56 timeout 1Show output
PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data. 64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.462 ms --- 192.168.100.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.462/0.462/0.462/0.000 ms
Step 5: Ping IP address 192.168.200.1 from DUT2:
admin@DUT2$ ping 192.168.200.1 count 1 size 56 timeout 1Show output
PING 192.168.200.1 (192.168.200.1) 56(84) bytes of data. 64 bytes from 192.168.200.1: icmp_seq=1 ttl=64 time=0.580 ms --- 192.168.200.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.580/0.580/0.580/0.000 ms
Step 6: Init an SSH connection from DUT1 to IP address 192.168.200.2 with the user admin:
admin@DUT1$ ssh admin@192.168.200.2 option StrictHostKeyChecking=no option UserKnownHostsFile=/dev/nullShow output
Warning: Permanently added '192.168.200.2' (ECDSA) to the list of known hosts. admin@192.168.200.2's password: Welcome to Teldat OSDx v4.2.2.3 This system includes free software. Contact Teldat for licenses information and source code. Last login: Tue Mar 18 13:57:58 2025 from 10.0.0.2 admin@osdx$
Step 7: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
ulogd\[.*\]:.*\[((NEW)|(UPDATE)|(DESTROY))\].*\[OFFLOAD\]Show output
Mar 18 14:23:55.369133 osdx systemd-journald[1661]: Runtime Journal (/run/log/journal/7658cc7836d34fbaba4948b42da24d1a) is 2.0M, max 15.3M, 13.2M free. Mar 18 14:23:55.372987 osdx systemd-journald[1661]: Received client request to rotate journal, rotating. Mar 18 14:23:55.373067 osdx systemd-journald[1661]: Vacuuming done, freed 0B of archived journals from /run/log/journal/7658cc7836d34fbaba4948b42da24d1a. Mar 18 14:23:55.386135 osdx OSDxCLI[22287]: User 'admin' executed a new command: 'system journal clear'. Mar 18 14:23:55.912341 osdx osdx-coredump[59652]: Deleting all coredumps in /opt/vyatta/etc/config/coredump... Mar 18 14:23:55.923661 osdx OSDxCLI[22287]: User 'admin' executed a new command: 'system coredump delete all'. Mar 18 14:23:56.651643 osdx OSDxCLI[22287]: User 'admin' entered the configuration menu. Mar 18 14:23:56.802773 osdx OSDxCLI[22287]: User 'admin' added a new cfg line: 'set interfaces ethernet eth1 address 192.168.200.1/24'. Mar 18 14:23:56.883948 osdx OSDxCLI[22287]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 192.168.100.1/24'. Mar 18 14:23:56.983711 osdx OSDxCLI[22287]: User 'admin' added a new cfg line: 'set system conntrack logging events all'. Mar 18 14:23:57.131515 osdx OSDxCLI[22287]: User 'admin' added a new cfg line: 'show working'. Mar 18 14:23:57.244698 osdx INFO[59679]: FRR daemons did not change Mar 18 14:23:57.285312 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth1 Mar 18 14:23:57.408986 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Mar 18 14:23:57.565298 osdx systemd[1]: Starting ulogd2.service - Netfilter Userspace Logging Daemon... Mar 18 14:23:57.566408 osdx systemd[1]: Started ulogd2.service - Netfilter Userspace Logging Daemon. Mar 18 14:23:57.566836 osdx ulogd[59801]: registering plugin `NFCT' Mar 18 14:23:57.567103 osdx ulogd[59801]: registering plugin `IP2STR' Mar 18 14:23:57.567220 osdx ulogd[59801]: registering plugin `PRINTFLOW' Mar 18 14:23:57.567342 osdx ulogd[59801]: registering plugin `SYSLOG' Mar 18 14:23:57.567398 osdx ulogd[59801]: building new pluginstance stack: 'ct1:NFCT,ip2str1:IP2STR,print1:PRINTFLOW,sys1:SYSLOG' Mar 18 14:23:57.567499 osdx ulogd[59801]: NFCT plugin working in event mode Mar 18 14:23:57.567627 osdx ulogd[59801]: Changing UID / GID Mar 18 14:23:57.567847 osdx ulogd[59801]: initialization finished, entering main loop Mar 18 14:23:57.568006 osdx cfgd[1459]: [22287]Completed change to active configuration Mar 18 14:23:57.603387 osdx OSDxCLI[22287]: User 'admin' committed the configuration. Mar 18 14:23:57.630050 osdx OSDxCLI[22287]: User 'admin' left the configuration menu. Mar 18 14:23:59.934262 osdx ulogd[59801]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 Mar 18 14:23:59.934285 osdx ulogd[59801]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 Mar 18 14:24:00.057622 osdx ulogd[59801]: [NEW] ORIG: SRC=192.168.200.2 DST=192.168.200.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.200.1 DST=192.168.200.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 Mar 18 14:24:00.057651 osdx ulogd[59801]: [UPDATE] ORIG: SRC=192.168.200.2 DST=192.168.200.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.200.1 DST=192.168.200.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 Mar 18 14:24:00.173863 osdx ulogd[59801]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.200.2 PROTO=TCP SPT=43054 DPT=22 PKTS=0 BYTES=0 , REPLY: SRC=192.168.200.2 DST=192.168.100.2 PROTO=TCP SPT=22 DPT=43054 PKTS=0 BYTES=0 Mar 18 14:24:00.174241 osdx ulogd[59801]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.200.2 PROTO=TCP SPT=43054 DPT=22 PKTS=0 BYTES=0 , REPLY: SRC=192.168.200.2 DST=192.168.100.2 PROTO=TCP SPT=22 DPT=43054 PKTS=0 BYTES=0 Mar 18 14:24:00.174449 osdx ulogd[59801]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.200.2 PROTO=TCP SPT=43054 DPT=22 PKTS=0 BYTES=0 , REPLY: SRC=192.168.200.2 DST=192.168.100.2 PROTO=TCP SPT=22 DPT=43054 PKTS=0 BYTES=0 [OFFLOAD] Mar 18 14:24:00.603075 osdx ulogd[59801]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.200.2 PROTO=TCP SPT=43054 DPT=22 PKTS=0 BYTES=0 , REPLY: SRC=192.168.200.2 DST=192.168.100.2 PROTO=TCP SPT=22 DPT=43054 PKTS=0 BYTES=0 Mar 18 14:24:00.603105 osdx ulogd[59801]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.200.2 PROTO=TCP SPT=43054 DPT=22 PKTS=0 BYTES=0 , REPLY: SRC=192.168.200.2 DST=192.168.100.2 PROTO=TCP SPT=22 DPT=43054 PKTS=0 BYTES=0 [OFFLOAD] Mar 18 14:24:00.606013 osdx ulogd[59801]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.200.2 PROTO=TCP SPT=43054 DPT=22 PKTS=0 BYTES=0 , REPLY: SRC=192.168.200.2 DST=192.168.100.2 PROTO=TCP SPT=22 DPT=43054 PKTS=0 BYTES=0 Mar 18 14:24:00.606208 osdx ulogd[59801]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.200.2 PROTO=TCP SPT=43054 DPT=22 PKTS=0 BYTES=0 , REPLY: SRC=192.168.200.2 DST=192.168.100.2 PROTO=TCP SPT=22 DPT=43054 PKTS=0 BYTES=0 [OFFLOAD]
App detect logging
Description
Set a simple configuration enabling app detection in system conntrack, send a ping command from DUT1
and check app detect field appears when running system journal show. After that, enabling app detection
in system conntrack for http host, try to copy index.html from a http server
and check that the app detect field appears and belongs to the http server when running system journal show.
Scenario
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 192.168.100.1/24 set system conntrack app-detect set system conntrack logging events all set system conntrack timeout icmp 1 set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 2: Set the following configuration in DUT1 :
set interfaces ethernet eth0 address 192.168.100.2/24 set protocols static route 0.0.0.0/0 next-hop 192.168.100.1 set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 3: Ping IP address 192.168.100.1 from DUT1:
admin@DUT1$ ping 192.168.100.1 count 1 size 56 timeout 1Show output
PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data. 64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.644 ms --- 192.168.100.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.644/0.644/0.644/0.000 ms
Step 4: Ping IP address 192.168.100.1 from DUT1:
admin@DUT1$ ping 192.168.100.1 count 3 size 56 timeout 1Show output
PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data. 64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.334 ms 64 bytes from 192.168.100.1: icmp_seq=2 ttl=64 time=0.347 ms 64 bytes from 192.168.100.1: icmp_seq=3 ttl=64 time=0.390 ms --- 192.168.100.1 ping statistics --- 3 packets transmitted, 3 received, 0% packet loss, time 2045ms rtt min/avg/max/mdev = 0.334/0.357/0.390/0.023 ms
Step 5: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
ulogd\[.*\]:.*\[NEW\].*APPDETECT\[L3:1\]Show output
Mar 18 14:24:06.404212 osdx systemd-journald[1661]: Runtime Journal (/run/log/journal/7658cc7836d34fbaba4948b42da24d1a) is 2.0M, max 15.3M, 13.2M free. Mar 18 14:24:06.406405 osdx systemd-journald[1661]: Received client request to rotate journal, rotating. Mar 18 14:24:06.406484 osdx systemd-journald[1661]: Vacuuming done, freed 0B of archived journals from /run/log/journal/7658cc7836d34fbaba4948b42da24d1a. Mar 18 14:24:06.424182 osdx OSDxCLI[22287]: User 'admin' executed a new command: 'system journal clear'. Mar 18 14:24:07.027109 osdx osdx-coredump[59962]: Deleting all coredumps in /opt/vyatta/etc/config/coredump... Mar 18 14:24:07.040356 osdx OSDxCLI[22287]: User 'admin' executed a new command: 'system coredump delete all'. Mar 18 14:24:07.755026 osdx OSDxCLI[22287]: User 'admin' entered the configuration menu. Mar 18 14:24:07.859529 osdx OSDxCLI[22287]: User 'admin' added a new cfg line: 'set system conntrack app-detect'. Mar 18 14:24:07.977108 osdx OSDxCLI[22287]: User 'admin' added a new cfg line: 'set system conntrack timeout icmp 1'. Mar 18 14:24:08.134018 osdx OSDxCLI[22287]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 192.168.100.1/24'. Mar 18 14:24:08.211838 osdx OSDxCLI[22287]: User 'admin' added a new cfg line: 'set system conntrack logging events all'. Mar 18 14:24:08.368009 osdx OSDxCLI[22287]: User 'admin' added a new cfg line: 'show working'. Mar 18 14:24:08.469040 osdx INFO[59988]: FRR daemons did not change Mar 18 14:24:08.650391 osdx kernel: app-detect: module init Mar 18 14:24:08.650451 osdx kernel: app-detect: registered: sysctl net.appdetect Mar 18 14:24:08.650468 osdx kernel: app-detect: expression init Mar 18 14:24:08.650480 osdx kernel: app-detect: appid cache initialized Mar 18 14:24:08.650492 osdx kernel: app-detect: appid cache changes counter initialized Mar 18 14:24:08.657372 osdx modulelauncher[59991]: AppDetect: no change in application dictionaries, thus nothing more to do Mar 18 14:24:08.698394 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Mar 18 14:24:08.838736 osdx systemd[1]: Starting ulogd2.service - Netfilter Userspace Logging Daemon... Mar 18 14:24:08.839835 osdx systemd[1]: ulogd2.service: Failed to parse PID from file /run/ulog/ulogd.pid: Invalid argument Mar 18 14:24:08.840813 osdx ulogd[60080]: registering plugin `NFCT' Mar 18 14:24:08.841104 osdx ulogd[60080]: registering plugin `IP2STR' Mar 18 14:24:08.841245 osdx ulogd[60080]: registering plugin `PRINTFLOW' Mar 18 14:24:08.841407 osdx ulogd[60080]: registering plugin `SYSLOG' Mar 18 14:24:08.841469 osdx ulogd[60080]: building new pluginstance stack: 'ct1:NFCT,ip2str1:IP2STR,print1:PRINTFLOW,sys1:SYSLOG' Mar 18 14:24:08.841574 osdx ulogd[60080]: NFCT plugin working in event mode Mar 18 14:24:08.841664 osdx ulogd[60080]: Changing UID / GID Mar 18 14:24:08.841800 osdx ulogd[60080]: initialization finished, entering main loop Mar 18 14:24:08.854422 osdx systemd[1]: Started ulogd2.service - Netfilter Userspace Logging Daemon. Mar 18 14:24:08.856717 osdx cfgd[1459]: [22287]Completed change to active configuration Mar 18 14:24:08.893190 osdx OSDxCLI[22287]: User 'admin' committed the configuration. Mar 18 14:24:08.946748 osdx OSDxCLI[22287]: User 'admin' left the configuration menu. Mar 18 14:24:10.100919 osdx ulogd[60080]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Mar 18 14:24:10.100960 osdx ulogd[60080]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Mar 18 14:24:10.218797 osdx ulogd[60080]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Mar 18 14:24:10.218836 osdx ulogd[60080]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Mar 18 14:24:11.239459 osdx ulogd[60080]: [DESTROY] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 APPDETECT[L3:1] Mar 18 14:24:11.239495 osdx ulogd[60080]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Mar 18 14:24:11.239512 osdx ulogd[60080]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Mar 18 14:24:12.263506 osdx ulogd[60080]: [DESTROY] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 APPDETECT[L3:1] Mar 18 14:24:12.263547 osdx ulogd[60080]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Mar 18 14:24:12.263567 osdx ulogd[60080]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1]
Step 6: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
ulogd\[.*\]:.*\[UPDATE\].*APPDETECT\[L3:1\]Show output
Mar 18 14:24:06.404212 osdx systemd-journald[1661]: Runtime Journal (/run/log/journal/7658cc7836d34fbaba4948b42da24d1a) is 2.0M, max 15.3M, 13.2M free. Mar 18 14:24:06.406405 osdx systemd-journald[1661]: Received client request to rotate journal, rotating. Mar 18 14:24:06.406484 osdx systemd-journald[1661]: Vacuuming done, freed 0B of archived journals from /run/log/journal/7658cc7836d34fbaba4948b42da24d1a. Mar 18 14:24:06.424182 osdx OSDxCLI[22287]: User 'admin' executed a new command: 'system journal clear'. Mar 18 14:24:07.027109 osdx osdx-coredump[59962]: Deleting all coredumps in /opt/vyatta/etc/config/coredump... Mar 18 14:24:07.040356 osdx OSDxCLI[22287]: User 'admin' executed a new command: 'system coredump delete all'. Mar 18 14:24:07.755026 osdx OSDxCLI[22287]: User 'admin' entered the configuration menu. Mar 18 14:24:07.859529 osdx OSDxCLI[22287]: User 'admin' added a new cfg line: 'set system conntrack app-detect'. Mar 18 14:24:07.977108 osdx OSDxCLI[22287]: User 'admin' added a new cfg line: 'set system conntrack timeout icmp 1'. Mar 18 14:24:08.134018 osdx OSDxCLI[22287]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 192.168.100.1/24'. Mar 18 14:24:08.211838 osdx OSDxCLI[22287]: User 'admin' added a new cfg line: 'set system conntrack logging events all'. Mar 18 14:24:08.368009 osdx OSDxCLI[22287]: User 'admin' added a new cfg line: 'show working'. Mar 18 14:24:08.469040 osdx INFO[59988]: FRR daemons did not change Mar 18 14:24:08.650391 osdx kernel: app-detect: module init Mar 18 14:24:08.650451 osdx kernel: app-detect: registered: sysctl net.appdetect Mar 18 14:24:08.650468 osdx kernel: app-detect: expression init Mar 18 14:24:08.650480 osdx kernel: app-detect: appid cache initialized Mar 18 14:24:08.650492 osdx kernel: app-detect: appid cache changes counter initialized Mar 18 14:24:08.657372 osdx modulelauncher[59991]: AppDetect: no change in application dictionaries, thus nothing more to do Mar 18 14:24:08.698394 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Mar 18 14:24:08.838736 osdx systemd[1]: Starting ulogd2.service - Netfilter Userspace Logging Daemon... Mar 18 14:24:08.839835 osdx systemd[1]: ulogd2.service: Failed to parse PID from file /run/ulog/ulogd.pid: Invalid argument Mar 18 14:24:08.840813 osdx ulogd[60080]: registering plugin `NFCT' Mar 18 14:24:08.841104 osdx ulogd[60080]: registering plugin `IP2STR' Mar 18 14:24:08.841245 osdx ulogd[60080]: registering plugin `PRINTFLOW' Mar 18 14:24:08.841407 osdx ulogd[60080]: registering plugin `SYSLOG' Mar 18 14:24:08.841469 osdx ulogd[60080]: building new pluginstance stack: 'ct1:NFCT,ip2str1:IP2STR,print1:PRINTFLOW,sys1:SYSLOG' Mar 18 14:24:08.841574 osdx ulogd[60080]: NFCT plugin working in event mode Mar 18 14:24:08.841664 osdx ulogd[60080]: Changing UID / GID Mar 18 14:24:08.841800 osdx ulogd[60080]: initialization finished, entering main loop Mar 18 14:24:08.854422 osdx systemd[1]: Started ulogd2.service - Netfilter Userspace Logging Daemon. Mar 18 14:24:08.856717 osdx cfgd[1459]: [22287]Completed change to active configuration Mar 18 14:24:08.893190 osdx OSDxCLI[22287]: User 'admin' committed the configuration. Mar 18 14:24:08.946748 osdx OSDxCLI[22287]: User 'admin' left the configuration menu. Mar 18 14:24:10.100919 osdx ulogd[60080]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Mar 18 14:24:10.100960 osdx ulogd[60080]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Mar 18 14:24:10.218797 osdx ulogd[60080]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Mar 18 14:24:10.218836 osdx ulogd[60080]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Mar 18 14:24:11.239459 osdx ulogd[60080]: [DESTROY] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 APPDETECT[L3:1] Mar 18 14:24:11.239495 osdx ulogd[60080]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Mar 18 14:24:11.239512 osdx ulogd[60080]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Mar 18 14:24:12.263506 osdx ulogd[60080]: [DESTROY] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 APPDETECT[L3:1] Mar 18 14:24:12.263547 osdx ulogd[60080]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Mar 18 14:24:12.263567 osdx ulogd[60080]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Mar 18 14:24:12.402824 osdx OSDxCLI[22287]: User 'admin' executed a new command: 'system journal show | cat'.
Step 7: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
ulogd\[.*\]:.*\[DESTROY\].*APPDETECT\[L3:1\]Show output
Mar 18 14:24:06.404212 osdx systemd-journald[1661]: Runtime Journal (/run/log/journal/7658cc7836d34fbaba4948b42da24d1a) is 2.0M, max 15.3M, 13.2M free. Mar 18 14:24:06.406405 osdx systemd-journald[1661]: Received client request to rotate journal, rotating. Mar 18 14:24:06.406484 osdx systemd-journald[1661]: Vacuuming done, freed 0B of archived journals from /run/log/journal/7658cc7836d34fbaba4948b42da24d1a. Mar 18 14:24:06.424182 osdx OSDxCLI[22287]: User 'admin' executed a new command: 'system journal clear'. Mar 18 14:24:07.027109 osdx osdx-coredump[59962]: Deleting all coredumps in /opt/vyatta/etc/config/coredump... Mar 18 14:24:07.040356 osdx OSDxCLI[22287]: User 'admin' executed a new command: 'system coredump delete all'. Mar 18 14:24:07.755026 osdx OSDxCLI[22287]: User 'admin' entered the configuration menu. Mar 18 14:24:07.859529 osdx OSDxCLI[22287]: User 'admin' added a new cfg line: 'set system conntrack app-detect'. Mar 18 14:24:07.977108 osdx OSDxCLI[22287]: User 'admin' added a new cfg line: 'set system conntrack timeout icmp 1'. Mar 18 14:24:08.134018 osdx OSDxCLI[22287]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 192.168.100.1/24'. Mar 18 14:24:08.211838 osdx OSDxCLI[22287]: User 'admin' added a new cfg line: 'set system conntrack logging events all'. Mar 18 14:24:08.368009 osdx OSDxCLI[22287]: User 'admin' added a new cfg line: 'show working'. Mar 18 14:24:08.469040 osdx INFO[59988]: FRR daemons did not change Mar 18 14:24:08.650391 osdx kernel: app-detect: module init Mar 18 14:24:08.650451 osdx kernel: app-detect: registered: sysctl net.appdetect Mar 18 14:24:08.650468 osdx kernel: app-detect: expression init Mar 18 14:24:08.650480 osdx kernel: app-detect: appid cache initialized Mar 18 14:24:08.650492 osdx kernel: app-detect: appid cache changes counter initialized Mar 18 14:24:08.657372 osdx modulelauncher[59991]: AppDetect: no change in application dictionaries, thus nothing more to do Mar 18 14:24:08.698394 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Mar 18 14:24:08.838736 osdx systemd[1]: Starting ulogd2.service - Netfilter Userspace Logging Daemon... Mar 18 14:24:08.839835 osdx systemd[1]: ulogd2.service: Failed to parse PID from file /run/ulog/ulogd.pid: Invalid argument Mar 18 14:24:08.840813 osdx ulogd[60080]: registering plugin `NFCT' Mar 18 14:24:08.841104 osdx ulogd[60080]: registering plugin `IP2STR' Mar 18 14:24:08.841245 osdx ulogd[60080]: registering plugin `PRINTFLOW' Mar 18 14:24:08.841407 osdx ulogd[60080]: registering plugin `SYSLOG' Mar 18 14:24:08.841469 osdx ulogd[60080]: building new pluginstance stack: 'ct1:NFCT,ip2str1:IP2STR,print1:PRINTFLOW,sys1:SYSLOG' Mar 18 14:24:08.841574 osdx ulogd[60080]: NFCT plugin working in event mode Mar 18 14:24:08.841664 osdx ulogd[60080]: Changing UID / GID Mar 18 14:24:08.841800 osdx ulogd[60080]: initialization finished, entering main loop Mar 18 14:24:08.854422 osdx systemd[1]: Started ulogd2.service - Netfilter Userspace Logging Daemon. Mar 18 14:24:08.856717 osdx cfgd[1459]: [22287]Completed change to active configuration Mar 18 14:24:08.893190 osdx OSDxCLI[22287]: User 'admin' committed the configuration. Mar 18 14:24:08.946748 osdx OSDxCLI[22287]: User 'admin' left the configuration menu. Mar 18 14:24:10.100919 osdx ulogd[60080]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Mar 18 14:24:10.100960 osdx ulogd[60080]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Mar 18 14:24:10.218797 osdx ulogd[60080]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Mar 18 14:24:10.218836 osdx ulogd[60080]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Mar 18 14:24:11.239459 osdx ulogd[60080]: [DESTROY] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 APPDETECT[L3:1] Mar 18 14:24:11.239495 osdx ulogd[60080]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Mar 18 14:24:11.239512 osdx ulogd[60080]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Mar 18 14:24:12.263506 osdx ulogd[60080]: [DESTROY] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 APPDETECT[L3:1] Mar 18 14:24:12.263547 osdx ulogd[60080]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Mar 18 14:24:12.263567 osdx ulogd[60080]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Mar 18 14:24:12.402824 osdx OSDxCLI[22287]: User 'admin' executed a new command: 'system journal show | cat'. Mar 18 14:24:12.589636 osdx OSDxCLI[22287]: User 'admin' executed a new command: 'system journal show | cat'.
Step 8: Modify the following configuration lines in DUT0 :
set interfaces ethernet eth1 address 10.215.168.64/24 set system conntrack app-detect http-host
Step 9: Ping IP address 10.215.168.1 from DUT0:
admin@DUT0$ ping 10.215.168.1 count 1 size 56 timeout 1Show output
PING 10.215.168.1 (10.215.168.1) 56(84) bytes of data. 64 bytes from 10.215.168.1: icmp_seq=1 ttl=64 time=0.317 ms --- 10.215.168.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.317/0.317/0.317/0.000 ms
Step 10: Run command file copy http://10.215.168.1/~robot/ running://index.html at DUT0 and expect this output:
Show output
% Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 100 4352 0 4352 0 0 663k 0 --:--:-- --:--:-- --:--:-- 708k
Step 11: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
ulogd\[.*\]:.*\[((NEW)|(UPDATE)|(DESTROY))\].*APPDETECT\[L4:80 http-host:10.215.168.1\]Show output
Mar 18 14:24:06.404212 osdx systemd-journald[1661]: Runtime Journal (/run/log/journal/7658cc7836d34fbaba4948b42da24d1a) is 2.0M, max 15.3M, 13.2M free. Mar 18 14:24:06.406405 osdx systemd-journald[1661]: Received client request to rotate journal, rotating. Mar 18 14:24:06.406484 osdx systemd-journald[1661]: Vacuuming done, freed 0B of archived journals from /run/log/journal/7658cc7836d34fbaba4948b42da24d1a. Mar 18 14:24:06.424182 osdx OSDxCLI[22287]: User 'admin' executed a new command: 'system journal clear'. Mar 18 14:24:07.027109 osdx osdx-coredump[59962]: Deleting all coredumps in /opt/vyatta/etc/config/coredump... Mar 18 14:24:07.040356 osdx OSDxCLI[22287]: User 'admin' executed a new command: 'system coredump delete all'. Mar 18 14:24:07.755026 osdx OSDxCLI[22287]: User 'admin' entered the configuration menu. Mar 18 14:24:07.859529 osdx OSDxCLI[22287]: User 'admin' added a new cfg line: 'set system conntrack app-detect'. Mar 18 14:24:07.977108 osdx OSDxCLI[22287]: User 'admin' added a new cfg line: 'set system conntrack timeout icmp 1'. Mar 18 14:24:08.134018 osdx OSDxCLI[22287]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 192.168.100.1/24'. Mar 18 14:24:08.211838 osdx OSDxCLI[22287]: User 'admin' added a new cfg line: 'set system conntrack logging events all'. Mar 18 14:24:08.368009 osdx OSDxCLI[22287]: User 'admin' added a new cfg line: 'show working'. Mar 18 14:24:08.469040 osdx INFO[59988]: FRR daemons did not change Mar 18 14:24:08.650391 osdx kernel: app-detect: module init Mar 18 14:24:08.650451 osdx kernel: app-detect: registered: sysctl net.appdetect Mar 18 14:24:08.650468 osdx kernel: app-detect: expression init Mar 18 14:24:08.650480 osdx kernel: app-detect: appid cache initialized Mar 18 14:24:08.650492 osdx kernel: app-detect: appid cache changes counter initialized Mar 18 14:24:08.657372 osdx modulelauncher[59991]: AppDetect: no change in application dictionaries, thus nothing more to do Mar 18 14:24:08.698394 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Mar 18 14:24:08.838736 osdx systemd[1]: Starting ulogd2.service - Netfilter Userspace Logging Daemon... Mar 18 14:24:08.839835 osdx systemd[1]: ulogd2.service: Failed to parse PID from file /run/ulog/ulogd.pid: Invalid argument Mar 18 14:24:08.840813 osdx ulogd[60080]: registering plugin `NFCT' Mar 18 14:24:08.841104 osdx ulogd[60080]: registering plugin `IP2STR' Mar 18 14:24:08.841245 osdx ulogd[60080]: registering plugin `PRINTFLOW' Mar 18 14:24:08.841407 osdx ulogd[60080]: registering plugin `SYSLOG' Mar 18 14:24:08.841469 osdx ulogd[60080]: building new pluginstance stack: 'ct1:NFCT,ip2str1:IP2STR,print1:PRINTFLOW,sys1:SYSLOG' Mar 18 14:24:08.841574 osdx ulogd[60080]: NFCT plugin working in event mode Mar 18 14:24:08.841664 osdx ulogd[60080]: Changing UID / GID Mar 18 14:24:08.841800 osdx ulogd[60080]: initialization finished, entering main loop Mar 18 14:24:08.854422 osdx systemd[1]: Started ulogd2.service - Netfilter Userspace Logging Daemon. Mar 18 14:24:08.856717 osdx cfgd[1459]: [22287]Completed change to active configuration Mar 18 14:24:08.893190 osdx OSDxCLI[22287]: User 'admin' committed the configuration. Mar 18 14:24:08.946748 osdx OSDxCLI[22287]: User 'admin' left the configuration menu. Mar 18 14:24:10.100919 osdx ulogd[60080]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Mar 18 14:24:10.100960 osdx ulogd[60080]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Mar 18 14:24:10.218797 osdx ulogd[60080]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Mar 18 14:24:10.218836 osdx ulogd[60080]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Mar 18 14:24:11.239459 osdx ulogd[60080]: [DESTROY] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 APPDETECT[L3:1] Mar 18 14:24:11.239495 osdx ulogd[60080]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Mar 18 14:24:11.239512 osdx ulogd[60080]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Mar 18 14:24:12.263506 osdx ulogd[60080]: [DESTROY] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 APPDETECT[L3:1] Mar 18 14:24:12.263547 osdx ulogd[60080]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Mar 18 14:24:12.263567 osdx ulogd[60080]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Mar 18 14:24:12.402824 osdx OSDxCLI[22287]: User 'admin' executed a new command: 'system journal show | cat'. Mar 18 14:24:12.589636 osdx OSDxCLI[22287]: User 'admin' executed a new command: 'system journal show | cat'. Mar 18 14:24:12.766908 osdx OSDxCLI[22287]: User 'admin' executed a new command: 'system journal show | cat'. Mar 18 14:24:13.002530 osdx OSDxCLI[22287]: User 'admin' entered the configuration menu. Mar 18 14:24:13.137446 osdx OSDxCLI[22287]: User 'admin' added a new cfg line: 'set interfaces ethernet eth1 address 10.215.168.64/24'. Mar 18 14:24:13.214266 osdx OSDxCLI[22287]: User 'admin' added a new cfg line: 'set system conntrack app-detect http-host'. Mar 18 14:24:13.333677 osdx OSDxCLI[22287]: User 'admin' added a new cfg line: 'show changes'. Mar 18 14:24:13.439656 osdx INFO[60133]: FRR daemons did not change Mar 18 14:24:13.498399 osdx kernel: app-detect: expression destroy Mar 18 14:24:13.546422 osdx kernel: app-detect: expression init Mar 18 14:24:13.546540 osdx kernel: app-detect: appid cache initialized Mar 18 14:24:13.546586 osdx kernel: app-detect: appid cache changes counter initialized Mar 18 14:24:13.564338 osdx modulelauncher[60136]: AppDetect: no change in application dictionaries, thus nothing more to do Mar 18 14:24:13.618425 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth1 Mar 18 14:24:13.815801 osdx cfgd[1459]: [22287]Completed change to active configuration Mar 18 14:24:13.883677 osdx ulogd[60080]: [DESTROY] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 APPDETECT[L3:1] Mar 18 14:24:13.883708 osdx ulogd[60080]: [DESTROY] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 APPDETECT[L3:1] Mar 18 14:24:13.884909 osdx OSDxCLI[22287]: User 'admin' committed the configuration. Mar 18 14:24:13.923274 osdx OSDxCLI[22287]: User 'admin' left the configuration menu. Mar 18 14:24:14.127806 osdx ulogd[60080]: [NEW] ORIG: SRC=10.215.168.64 DST=10.215.168.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=10.215.168.1 DST=10.215.168.64 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Mar 18 14:24:14.128085 osdx ulogd[60080]: [UPDATE] ORIG: SRC=10.215.168.64 DST=10.215.168.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=10.215.168.1 DST=10.215.168.64 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Mar 18 14:24:14.130354 osdx OSDxCLI[22287]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'. Mar 18 14:24:14.315627 osdx file_operation[60241]: using src url: http://10.215.168.1/~robot/ dst url: running://index.html Mar 18 14:24:14.322113 osdx ulogd[60080]: [NEW] ORIG: SRC=10.215.168.64 DST=10.215.168.1 PROTO=TCP SPT=40654 DPT=80 PKTS=0 BYTES=0 , REPLY: SRC=10.215.168.1 DST=10.215.168.64 PROTO=TCP SPT=80 DPT=40654 PKTS=0 BYTES=0 APPDETECT[L4:80] Mar 18 14:24:14.322296 osdx ulogd[60080]: [UPDATE] ORIG: SRC=10.215.168.64 DST=10.215.168.1 PROTO=TCP SPT=40654 DPT=80 PKTS=0 BYTES=0 , REPLY: SRC=10.215.168.1 DST=10.215.168.64 PROTO=TCP SPT=80 DPT=40654 PKTS=0 BYTES=0 APPDETECT[L4:80] Mar 18 14:24:14.322322 osdx ulogd[60080]: [UPDATE] ORIG: SRC=10.215.168.64 DST=10.215.168.1 PROTO=TCP SPT=40654 DPT=80 PKTS=0 BYTES=0 , REPLY: SRC=10.215.168.1 DST=10.215.168.64 PROTO=TCP SPT=80 DPT=40654 PKTS=0 BYTES=0 APPDETECT[L4:80] Mar 18 14:24:14.324661 osdx ulogd[60080]: [UPDATE] ORIG: SRC=10.215.168.64 DST=10.215.168.1 PROTO=TCP SPT=40654 DPT=80 PKTS=0 BYTES=0 , REPLY: SRC=10.215.168.1 DST=10.215.168.64 PROTO=TCP SPT=80 DPT=40654 PKTS=0 BYTES=0 APPDETECT[L4:80 http-host:10.215.168.1] Mar 18 14:24:14.324886 osdx ulogd[60080]: [UPDATE] ORIG: SRC=10.215.168.64 DST=10.215.168.1 PROTO=TCP SPT=40654 DPT=80 PKTS=0 BYTES=0 , REPLY: SRC=10.215.168.1 DST=10.215.168.64 PROTO=TCP SPT=80 DPT=40654 PKTS=0 BYTES=0 APPDETECT[L4:80 http-host:10.215.168.1] Mar 18 14:24:14.324913 osdx ulogd[60080]: [UPDATE] ORIG: SRC=10.215.168.64 DST=10.215.168.1 PROTO=TCP SPT=40654 DPT=80 PKTS=0 BYTES=0 , REPLY: SRC=10.215.168.1 DST=10.215.168.64 PROTO=TCP SPT=80 DPT=40654 PKTS=0 BYTES=0 APPDETECT[L4:80 http-host:10.215.168.1] Mar 18 14:24:14.348286 osdx OSDxCLI[22287]: User 'admin' executed a new command: 'file copy http://10.215.168.1/~robot/ running://index.html'.
App Detect Drop Packet
Description
Set a traffic policy with action drop for all the packets matching an appid specified by a traffic selector.
Enable http-host and http-url option in system conntrack appdetect path in order to see relevant information about http packets.
Finnally, log that packets with app-id option and check that appdetect field appear in journal when
running system journal show
Scenario
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth1 address 10.215.168.64/24 set interfaces ethernet eth1 traffic policy out DROP set system conntrack app-detect dictionary 130 custom app-id 155 fqdn 10.215.168.1 set system conntrack app-detect enable_dict_match_priv_ip set system conntrack app-detect http-host set system conntrack app-detect http-url set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0' set traffic policy DROP rule 1 action drop set traffic policy DROP rule 1 log app-id set traffic policy DROP rule 1 selector APPID set traffic selector APPID rule 1 app-id custom 155
Step 2: Ping IP address 10.215.168.1 from DUT0:
admin@DUT0$ ping 10.215.168.1 count 1 size 56 timeout 1Show output
PING 10.215.168.1 (10.215.168.1) 56(84) bytes of data. 64 bytes from 10.215.168.1: icmp_seq=1 ttl=64 time=0.284 ms --- 10.215.168.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.284/0.284/0.284/0.000 ms
Step 3: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
osdx kernel:.*APPDETECT\[U:155 http-url:/~robot/ http-host:10.215.168.1\]Show output
Mar 18 14:24:21.369963 osdx systemd-journald[1661]: Runtime Journal (/run/log/journal/7658cc7836d34fbaba4948b42da24d1a) is 2.0M, max 15.3M, 13.3M free. Mar 18 14:24:21.371316 osdx systemd-journald[1661]: Received client request to rotate journal, rotating. Mar 18 14:24:21.371400 osdx systemd-journald[1661]: Vacuuming done, freed 0B of archived journals from /run/log/journal/7658cc7836d34fbaba4948b42da24d1a. Mar 18 14:24:21.387920 osdx OSDxCLI[22287]: User 'admin' executed a new command: 'system journal clear'. Mar 18 14:24:21.846719 osdx osdx-coredump[60398]: Deleting all coredumps in /opt/vyatta/etc/config/coredump... Mar 18 14:24:21.859563 osdx OSDxCLI[22287]: User 'admin' executed a new command: 'system coredump delete all'. Mar 18 14:24:22.580891 osdx OSDxCLI[22287]: User 'admin' entered the configuration menu. Mar 18 14:24:22.694257 osdx OSDxCLI[22287]: User 'admin' added a new cfg line: 'set system conntrack app-detect dictionary 130 custom app-id 155 fqdn 10.215.168.1'. Mar 18 14:24:22.806945 osdx OSDxCLI[22287]: User 'admin' added a new cfg line: 'set system conntrack app-detect enable_dict_match_priv_ip'. Mar 18 14:24:22.937865 osdx OSDxCLI[22287]: User 'admin' added a new cfg line: 'set system conntrack app-detect http-url'. Mar 18 14:24:23.046230 osdx OSDxCLI[22287]: User 'admin' added a new cfg line: 'set traffic selector APPID rule 1 app-id custom 155'. Mar 18 14:24:23.173922 osdx OSDxCLI[22287]: User 'admin' added a new cfg line: 'set traffic policy DROP rule 1 selector APPID'. Mar 18 14:24:23.270363 osdx OSDxCLI[22287]: User 'admin' added a new cfg line: 'set traffic policy DROP rule 1 action drop'. Mar 18 14:24:23.376685 osdx OSDxCLI[22287]: User 'admin' added a new cfg line: 'set traffic policy DROP rule 1 log app-id'. Mar 18 14:24:23.504104 osdx OSDxCLI[22287]: User 'admin' added a new cfg line: 'set interfaces ethernet eth1 traffic policy out DROP'. Mar 18 14:24:23.580724 osdx OSDxCLI[22287]: User 'admin' added a new cfg line: 'set interfaces ethernet eth1 address 10.215.168.64/24'. Mar 18 14:24:23.723509 osdx OSDxCLI[22287]: User 'admin' added a new cfg line: 'set system conntrack app-detect http-host'. Mar 18 14:24:23.853949 osdx OSDxCLI[22287]: User 'admin' added a new cfg line: 'show working'. Mar 18 14:24:24.000883 osdx INFO[60444]: FRR daemons did not change Mar 18 14:24:24.175298 osdx kernel: app-detect: module init Mar 18 14:24:24.175354 osdx kernel: app-detect: registered: sysctl net.appdetect Mar 18 14:24:24.175379 osdx kernel: app-detect: expression init Mar 18 14:24:24.175393 osdx kernel: app-detect: appid cache initialized Mar 18 14:24:24.175410 osdx kernel: app-detect: appid cache changes counter initialized Mar 18 14:24:24.239320 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth1 Mar 18 14:24:24.540729 osdx cfgd[1459]: [22287]Completed change to active configuration Mar 18 14:24:24.588984 osdx OSDxCLI[22287]: User 'admin' committed the configuration. Mar 18 14:24:24.618399 osdx OSDxCLI[22287]: User 'admin' left the configuration menu. Mar 18 14:24:24.821341 osdx OSDxCLI[22287]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'. Mar 18 14:24:25.022970 osdx file_operation[60590]: using src url: http://10.215.168.1/~robot/ dst url: running://index.html Mar 18 14:24:25.031315 osdx kernel: [DROP-1] DROP IN= OUT=eth1 SRC=10.215.168.64 DST=10.215.168.1 LEN=306 TOS=0x00 PREC=0x00 TTL=64 ID=3823 DF PROTO=TCP SPT=44364 DPT=80 WINDOW=502 RES=0x00 ACK PSH URGP=0 APPDETECT[U:155 http-url:/~robot/ http-host:10.215.168.1] Mar 18 14:24:25.235309 osdx kernel: [DROP-1] DROP IN= OUT=eth1 SRC=10.215.168.64 DST=10.215.168.1 LEN=306 TOS=0x00 PREC=0x00 TTL=64 ID=3824 DF PROTO=TCP SPT=44364 DPT=80 WINDOW=502 RES=0x00 ACK PSH URGP=0 APPDETECT[U:155 http-url:/~robot/ http-host:10.215.168.1] Mar 18 14:24:25.639353 osdx kernel: [DROP-1] DROP IN= OUT=eth1 SRC=10.215.168.64 DST=10.215.168.1 LEN=306 TOS=0x00 PREC=0x00 TTL=64 ID=3825 DF PROTO=TCP SPT=44364 DPT=80 WINDOW=502 RES=0x00 ACK PSH URGP=0 APPDETECT[U:155 http-url:/~robot/ http-host:10.215.168.1] Mar 18 14:24:26.471340 osdx kernel: [DROP-1] DROP IN= OUT=eth1 SRC=10.215.168.64 DST=10.215.168.1 LEN=306 TOS=0x00 PREC=0x00 TTL=64 ID=3826 DF PROTO=TCP SPT=44364 DPT=80 WINDOW=502 RES=0x00 ACK PSH URGP=0 APPDETECT[U:155 http-url:/~robot/ http-host:10.215.168.1] Mar 18 14:24:28.020811 osdx file_operation.py[60590]: Operation aborted by user. Mar 18 14:24:28.035302 osdx kernel: [DROP-1] DROP IN= OUT=eth1 SRC=10.215.168.64 DST=10.215.168.1 LEN=306 TOS=0x00 PREC=0x00 TTL=64 ID=3827 DF PROTO=TCP SPT=44364 DPT=80 WINDOW=502 RES=0x00 ACK PSH FIN URGP=0 APPDETECT[U:155 http-url:/~robot/ http-host:10.215.168.1] Mar 18 14:24:28.041397 osdx OSDxCLI[22287]: User 'admin' executed a new command: 'file copy http://10.215.168.1/~robot/ running://index.html'. Mar 18 14:24:28.103343 osdx kernel: [DROP-1] DROP IN= OUT=eth1 SRC=10.215.168.64 DST=10.215.168.1 LEN=306 TOS=0x00 PREC=0x00 TTL=64 ID=3828 DF PROTO=TCP SPT=44364 DPT=80 WINDOW=502 RES=0x00 ACK PSH FIN URGP=0 APPDETECT[U:155 http-url:/~robot/ http-host:10.215.168.1]