Logging
The following scenarios show how to configure the conntrack logging option with different traffic policies and services enabled, in order to check that all fields are displayed correctly and all events are captured.
New events
Description
Check NEW sessions events are captured
Scenario
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 192.168.100.1/24 set system conntrack logging events new set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 2: Set the following configuration in DUT1 :
set interfaces ethernet eth0 address 192.168.100.2/24 set protocols static route 0.0.0.0/0 next-hop 192.168.100.1 set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 3: Ping IP address 192.168.100.1 from DUT1:
admin@DUT1$ ping 192.168.100.1 count 1 size 56 timeout 1Show output
PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data. 64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.321 ms --- 192.168.100.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.321/0.321/0.321/0.000 ms
Step 4: Ping IP address 192.168.100.1 from DUT1:
admin@DUT1$ ping 192.168.100.1 count 1 size 56 timeout 1Show output
PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data. 64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.265 ms --- 192.168.100.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.265/0.265/0.265/0.000 ms
Step 5: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
ulogd\[.*\]:.*\[NEW\].*SRC=192.168.100.2Show output
Jun 23 10:19:19.300319 osdx systemd-journald[1747]: Runtime Journal (/run/log/journal/76ff399027db4a3db160ed8651bac52f) is 2.0M, max 15.3M, 13.2M free. Jun 23 10:19:19.303297 osdx systemd-journald[1747]: Received client request to rotate journal, rotating. Jun 23 10:19:19.303359 osdx systemd-journald[1747]: Vacuuming done, freed 0B of archived journals from /run/log/journal/76ff399027db4a3db160ed8651bac52f. Jun 23 10:19:19.309747 osdx OSDxCLI[340412]: User 'admin' executed a new command: 'system journal clear'. Jun 23 10:19:19.531455 osdx OSDxCLI[340412]: User 'admin' executed a new command: 'system coredump delete all'. Jun 23 10:19:19.816104 osdx OSDxCLI[340412]: User 'admin' entered the configuration menu. Jun 23 10:19:19.912332 osdx OSDxCLI[340412]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 192.168.100.1/24'. Jun 23 10:19:20.001802 osdx OSDxCLI[340412]: User 'admin' added a new cfg line: 'set system conntrack logging events new'. Jun 23 10:19:20.080737 osdx OSDxCLI[340412]: User 'admin' added a new cfg line: 'show working'. Jun 23 10:19:20.180956 osdx INFO[376046]: FRR daemons did not change Jun 23 10:19:20.207298 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Jun 23 10:19:20.315528 osdx systemd[1]: Starting ulogd2.service - Netfilter Userspace Logging Daemon... Jun 23 10:19:20.318711 osdx systemd[1]: ulogd2.service: Failed to parse PID from file /run/ulog/ulogd.pid: Invalid argument Jun 23 10:19:20.319042 osdx systemd[1]: Started ulogd2.service - Netfilter Userspace Logging Daemon. Jun 23 10:19:20.320252 osdx cfgd[1453]: [340412]Completed change to active configuration Jun 23 10:19:20.323032 osdx ulogd[376115]: registering plugin `NFCT' Jun 23 10:19:20.324204 osdx ulogd[376115]: registering plugin `IP2STR' Jun 23 10:19:20.324283 osdx ulogd[376115]: registering plugin `PRINTFLOW' Jun 23 10:19:20.325647 osdx ulogd[376115]: registering plugin `SYSLOG' Jun 23 10:19:20.325655 osdx ulogd[376115]: building new pluginstance stack: 'ct1:NFCT,ip2str1:IP2STR,print1:PRINTFLOW,sys1:SYSLOG' Jun 23 10:19:20.325711 osdx ulogd[376115]: NFCT plugin working in event mode Jun 23 10:19:20.325722 osdx ulogd[376115]: Changing UID / GID Jun 23 10:19:20.325806 osdx ulogd[376115]: initialization finished, entering main loop Jun 23 10:19:20.351895 osdx OSDxCLI[340412]: User 'admin' committed the configuration. Jun 23 10:19:20.372328 osdx OSDxCLI[340412]: User 'admin' left the configuration menu. Jun 23 10:19:21.250341 osdx ulogd[376115]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 Jun 23 10:19:21.331383 osdx ulogd[376115]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0
Update events
Description
Check UPDATE sessions events are captured
Scenario
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 192.168.100.1/24 set system conntrack logging events update set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 2: Set the following configuration in DUT1 :
set interfaces ethernet eth0 address 192.168.100.2/24 set protocols static route 0.0.0.0/0 next-hop 192.168.100.1 set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 3: Ping IP address 192.168.100.1 from DUT1:
admin@DUT1$ ping 192.168.100.1 count 1 size 56 timeout 1Show output
PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data. 64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.353 ms --- 192.168.100.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.353/0.353/0.353/0.000 ms
Step 4: Ping IP address 192.168.100.1 from DUT1:
admin@DUT1$ ping 192.168.100.1 count 1 size 56 timeout 1Show output
PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data. 64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.250 ms --- 192.168.100.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.250/0.250/0.250/0.000 ms
Step 5: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
ulogd\[.*\]:.*\[UPDATE\].*SRC=192.168.100.2Show output
Jun 23 10:19:25.314729 osdx systemd-journald[1747]: Runtime Journal (/run/log/journal/76ff399027db4a3db160ed8651bac52f) is 2.0M, max 15.3M, 13.3M free. Jun 23 10:19:25.315499 osdx systemd-journald[1747]: Received client request to rotate journal, rotating. Jun 23 10:19:25.315547 osdx systemd-journald[1747]: Vacuuming done, freed 0B of archived journals from /run/log/journal/76ff399027db4a3db160ed8651bac52f. Jun 23 10:19:25.326109 osdx OSDxCLI[340412]: User 'admin' executed a new command: 'system journal clear'. Jun 23 10:19:25.559480 osdx OSDxCLI[340412]: User 'admin' executed a new command: 'system coredump delete all'. Jun 23 10:19:25.851141 osdx OSDxCLI[340412]: User 'admin' entered the configuration menu. Jun 23 10:19:25.942793 osdx OSDxCLI[340412]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 192.168.100.1/24'. Jun 23 10:19:26.028310 osdx OSDxCLI[340412]: User 'admin' added a new cfg line: 'set system conntrack logging events update'. Jun 23 10:19:26.099177 osdx OSDxCLI[340412]: User 'admin' added a new cfg line: 'show working'. Jun 23 10:19:26.196853 osdx INFO[376270]: FRR daemons did not change Jun 23 10:19:26.219509 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Jun 23 10:19:26.339836 osdx systemd[1]: Starting ulogd2.service - Netfilter Userspace Logging Daemon... Jun 23 10:19:26.340520 osdx systemd[1]: ulogd2.service: Failed to parse PID from file /run/ulog/ulogd.pid: Invalid argument Jun 23 10:19:26.340921 osdx systemd[1]: Started ulogd2.service - Netfilter Userspace Logging Daemon. Jun 23 10:19:26.341895 osdx ulogd[376339]: registering plugin `NFCT' Jun 23 10:19:26.341935 osdx ulogd[376339]: registering plugin `IP2STR' Jun 23 10:19:26.341967 osdx ulogd[376339]: registering plugin `PRINTFLOW' Jun 23 10:19:26.342004 osdx ulogd[376339]: registering plugin `SYSLOG' Jun 23 10:19:26.342008 osdx ulogd[376339]: building new pluginstance stack: 'ct1:NFCT,ip2str1:IP2STR,print1:PRINTFLOW,sys1:SYSLOG' Jun 23 10:19:26.342058 osdx ulogd[376339]: NFCT plugin working in event mode Jun 23 10:19:26.342064 osdx ulogd[376339]: Changing UID / GID Jun 23 10:19:26.342128 osdx ulogd[376339]: initialization finished, entering main loop Jun 23 10:19:26.342250 osdx cfgd[1453]: [340412]Completed change to active configuration Jun 23 10:19:26.376070 osdx OSDxCLI[340412]: User 'admin' committed the configuration. Jun 23 10:19:26.392148 osdx OSDxCLI[340412]: User 'admin' left the configuration menu. Jun 23 10:19:27.244361 osdx ulogd[376339]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 Jun 23 10:19:27.338840 osdx ulogd[376339]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0
Destroy events
Description
Check DESTROY sessions events are captured
Scenario
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 192.168.100.1/24 set service ssh set system conntrack logging events destroy set system conntrack timeout icmp 1 set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 2: Set the following configuration in DUT1 :
set interfaces ethernet eth0 address 192.168.100.2/24 set protocols static route 0.0.0.0/0 next-hop 192.168.100.1 set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 3: Ping IP address 192.168.100.1 from DUT1:
admin@DUT1$ ping 192.168.100.1 count 1 size 56 timeout 1Show output
PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data. 64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.292 ms --- 192.168.100.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.292/0.292/0.292/0.000 ms
Step 4: Ping IP address 192.168.100.1 from DUT1:
admin@DUT1$ ping 192.168.100.1 count 3 size 56 timeout 1Show output
PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data. 64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.239 ms 64 bytes from 192.168.100.1: icmp_seq=2 ttl=64 time=0.273 ms 64 bytes from 192.168.100.1: icmp_seq=3 ttl=64 time=0.309 ms --- 192.168.100.1 ping statistics --- 3 packets transmitted, 3 received, 0% packet loss, time 2033ms rtt min/avg/max/mdev = 0.239/0.273/0.309/0.028 ms
Step 5: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
ulogd\[.*\]:.*\[DESTROY\].*SRC=192.168.100.2Show output
Jun 23 10:19:32.343202 osdx systemd-journald[1747]: Runtime Journal (/run/log/journal/76ff399027db4a3db160ed8651bac52f) is 2.0M, max 15.3M, 13.3M free. Jun 23 10:19:32.346753 osdx systemd-journald[1747]: Received client request to rotate journal, rotating. Jun 23 10:19:32.346799 osdx systemd-journald[1747]: Vacuuming done, freed 0B of archived journals from /run/log/journal/76ff399027db4a3db160ed8651bac52f. Jun 23 10:19:32.353762 osdx OSDxCLI[340412]: User 'admin' executed a new command: 'system journal clear'. Jun 23 10:19:32.584196 osdx OSDxCLI[340412]: User 'admin' executed a new command: 'system coredump delete all'. Jun 23 10:19:32.845743 osdx OSDxCLI[340412]: User 'admin' entered the configuration menu. Jun 23 10:19:32.940555 osdx OSDxCLI[340412]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 192.168.100.1/24'. Jun 23 10:19:33.036352 osdx OSDxCLI[340412]: User 'admin' added a new cfg line: 'set system conntrack logging events destroy'. Jun 23 10:19:33.106319 osdx OSDxCLI[340412]: User 'admin' added a new cfg line: 'set system conntrack timeout icmp 1'. Jun 23 10:19:33.232306 osdx OSDxCLI[340412]: User 'admin' added a new cfg line: 'set service ssh'. Jun 23 10:19:33.346420 osdx OSDxCLI[340412]: User 'admin' added a new cfg line: 'show working'. Jun 23 10:19:33.425308 osdx INFO[376502]: FRR daemons did not change Jun 23 10:19:33.450762 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Jun 23 10:19:33.555081 osdx systemd[1]: Starting ulogd2.service - Netfilter Userspace Logging Daemon... Jun 23 10:19:33.556047 osdx systemd[1]: ulogd2.service: Failed to parse PID from file /run/ulog/ulogd.pid: Invalid argument Jun 23 10:19:33.556355 osdx systemd[1]: Started ulogd2.service - Netfilter Userspace Logging Daemon. Jun 23 10:19:33.557553 osdx ulogd[376573]: registering plugin `NFCT' Jun 23 10:19:33.557595 osdx ulogd[376573]: registering plugin `IP2STR' Jun 23 10:19:33.557636 osdx ulogd[376573]: registering plugin `PRINTFLOW' Jun 23 10:19:33.557677 osdx ulogd[376573]: registering plugin `SYSLOG' Jun 23 10:19:33.557680 osdx ulogd[376573]: building new pluginstance stack: 'ct1:NFCT,ip2str1:IP2STR,print1:PRINTFLOW,sys1:SYSLOG' Jun 23 10:19:33.557718 osdx ulogd[376573]: NFCT plugin working in event mode Jun 23 10:19:33.557724 osdx ulogd[376573]: Changing UID / GID Jun 23 10:19:33.557790 osdx ulogd[376573]: initialization finished, entering main loop Jun 23 10:19:33.631180 osdx systemd[1]: Starting ssh.service - OpenBSD Secure Shell server... Jun 23 10:19:33.648430 osdx sshd[376579]: Server listening on 0.0.0.0 port 22. Jun 23 10:19:33.648718 osdx sshd[376579]: Server listening on :: port 22. Jun 23 10:19:33.648844 osdx systemd[1]: Started ssh.service - OpenBSD Secure Shell server. Jun 23 10:19:33.672850 osdx cfgd[1453]: [340412]Completed change to active configuration Jun 23 10:19:33.699751 osdx OSDxCLI[340412]: User 'admin' committed the configuration. Jun 23 10:19:33.716462 osdx OSDxCLI[340412]: User 'admin' left the configuration menu. Jun 23 10:19:35.667832 osdx ulogd[376573]: [DESTROY] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 Jun 23 10:19:36.691832 osdx ulogd[376573]: [DESTROY] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84
Default logging
Description
Set a simple configuration, send a ping command from one device to other
and check that default fields appear when running system journal show.
Scenario
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 192.168.100.1/24 set system conntrack logging events all set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 2: Set the following configuration in DUT1 :
set interfaces ethernet eth0 address 192.168.100.2/24 set protocols static route 0.0.0.0/0 next-hop 192.168.100.1 set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 3: Ping IP address 192.168.100.1 from DUT1:
admin@DUT1$ ping 192.168.100.1 count 1 size 56 timeout 1Show output
PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data. 64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.331 ms --- 192.168.100.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.331/0.331/0.331/0.000 ms
Step 4: Ping IP address 192.168.100.1 from DUT1:
admin@DUT1$ ping 192.168.100.1 count 1 size 56 timeout 1Show output
PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data. 64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.242 ms --- 192.168.100.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.242/0.242/0.242/0.000 ms
Step 5: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
ulogd\[.*\]:.*\[((NEW)|(UPDATE)|(DESTROY))\].*SRC=192.168.100.2Show output
Jun 23 10:19:43.000155 osdx systemd-timedated[373628]: Changed local time to Mon 2025-06-23 10:19:43 UTC Jun 23 10:19:43.001478 osdx OSDxCLI[340412]: User 'admin' executed a new command: 'set date 2025-06-23 10:19:43'. Jun 23 10:19:43.001655 osdx systemd-journald[1747]: Time jumped backwards, rotating. Jun 23 10:19:43.307986 osdx systemd-journald[1747]: Runtime Journal (/run/log/journal/76ff399027db4a3db160ed8651bac52f) is 2.0M, max 15.3M, 13.3M free. Jun 23 10:19:43.309633 osdx systemd-journald[1747]: Received client request to rotate journal, rotating. Jun 23 10:19:43.309705 osdx systemd-journald[1747]: Vacuuming done, freed 0B of archived journals from /run/log/journal/76ff399027db4a3db160ed8651bac52f. Jun 23 10:19:43.318202 osdx OSDxCLI[340412]: User 'admin' executed a new command: 'system journal clear'. Jun 23 10:19:43.542519 osdx OSDxCLI[340412]: User 'admin' executed a new command: 'system coredump delete all'. Jun 23 10:19:43.827796 osdx OSDxCLI[340412]: User 'admin' entered the configuration menu. Jun 23 10:19:43.915476 osdx OSDxCLI[340412]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 192.168.100.1/24'. Jun 23 10:19:44.000822 osdx OSDxCLI[340412]: User 'admin' added a new cfg line: 'set system conntrack logging events all'. Jun 23 10:19:44.070576 osdx OSDxCLI[340412]: User 'admin' added a new cfg line: 'show working'. Jun 23 10:19:44.163178 osdx INFO[376760]: FRR daemons did not change Jun 23 10:19:44.185632 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Jun 23 10:19:44.293904 osdx systemd[1]: Starting ulogd2.service - Netfilter Userspace Logging Daemon... Jun 23 10:19:44.294543 osdx systemd[1]: ulogd2.service: Failed to parse PID from file /run/ulog/ulogd.pid: Invalid argument Jun 23 10:19:44.294828 osdx systemd[1]: Started ulogd2.service - Netfilter Userspace Logging Daemon. Jun 23 10:19:44.295805 osdx ulogd[376829]: registering plugin `NFCT' Jun 23 10:19:44.295844 osdx ulogd[376829]: registering plugin `IP2STR' Jun 23 10:19:44.295887 osdx ulogd[376829]: registering plugin `PRINTFLOW' Jun 23 10:19:44.295927 osdx ulogd[376829]: registering plugin `SYSLOG' Jun 23 10:19:44.295930 osdx ulogd[376829]: building new pluginstance stack: 'ct1:NFCT,ip2str1:IP2STR,print1:PRINTFLOW,sys1:SYSLOG' Jun 23 10:19:44.295970 osdx ulogd[376829]: NFCT plugin working in event mode Jun 23 10:19:44.295977 osdx ulogd[376829]: Changing UID / GID Jun 23 10:19:44.296040 osdx ulogd[376829]: initialization finished, entering main loop Jun 23 10:19:44.296305 osdx cfgd[1453]: [340412]Completed change to active configuration Jun 23 10:19:44.321494 osdx OSDxCLI[340412]: User 'admin' committed the configuration. Jun 23 10:19:44.338067 osdx OSDxCLI[340412]: User 'admin' left the configuration menu. Jun 23 10:19:45.166017 osdx ulogd[376829]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 Jun 23 10:19:45.166039 osdx ulogd[376829]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 Jun 23 10:19:45.253855 osdx ulogd[376829]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 Jun 23 10:19:45.253876 osdx ulogd[376829]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0
Identity logging
Description
Set a simple configuration with identity OSDx_DUT0 for logs entries, send a ping command from one device to other
and check that the identity has changed when running system journal show.
Scenario
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 192.168.100.1/24 set system conntrack logging events all set system conntrack logging identity OSDx_DUT0 set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 2: Set the following configuration in DUT1 :
set interfaces ethernet eth0 address 192.168.100.2/24 set protocols static route 0.0.0.0/0 next-hop 192.168.100.1 set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 3: Ping IP address 192.168.100.1 from DUT1:
admin@DUT1$ ping 192.168.100.1 count 1 size 56 timeout 1Show output
PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data. 64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.385 ms --- 192.168.100.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.385/0.385/0.385/0.000 ms
Step 4: Ping IP address 192.168.100.1 from DUT1:
admin@DUT1$ ping 192.168.100.1 count 1 size 56 timeout 1Show output
PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data. 64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.282 ms --- 192.168.100.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.282/0.282/0.282/0.000 ms
Step 5: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
OSDx_DUT0\[.*\]:.*\[((NEW)|(UPDATE)|(DESTROY))\].*SRC=192.168.100.2Show output
Jun 23 10:19:50.307991 osdx systemd-journald[1747]: Runtime Journal (/run/log/journal/76ff399027db4a3db160ed8651bac52f) is 2.1M, max 15.3M, 13.2M free. Jun 23 10:19:50.309585 osdx systemd-journald[1747]: Received client request to rotate journal, rotating. Jun 23 10:19:50.309656 osdx systemd-journald[1747]: Vacuuming done, freed 0B of archived journals from /run/log/journal/76ff399027db4a3db160ed8651bac52f. Jun 23 10:19:50.318538 osdx OSDxCLI[340412]: User 'admin' executed a new command: 'system journal clear'. Jun 23 10:19:50.538864 osdx OSDxCLI[340412]: User 'admin' executed a new command: 'system coredump delete all'. Jun 23 10:19:50.872954 osdx OSDxCLI[340412]: User 'admin' entered the configuration menu. Jun 23 10:19:51.024937 osdx OSDxCLI[340412]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 192.168.100.1/24'. Jun 23 10:19:51.078736 osdx OSDxCLI[340412]: User 'admin' added a new cfg line: 'set system conntrack logging events all'. Jun 23 10:19:51.170561 osdx OSDxCLI[340412]: User 'admin' added a new cfg line: 'set system conntrack logging identity OSDx_DUT0'. Jun 23 10:19:51.264782 osdx OSDxCLI[340412]: User 'admin' added a new cfg line: 'show working'. Jun 23 10:19:51.332005 osdx INFO[376985]: FRR daemons did not change Jun 23 10:19:51.353587 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Jun 23 10:19:51.449850 osdx systemd[1]: Starting ulogd2.service - Netfilter Userspace Logging Daemon... Jun 23 10:19:51.450715 osdx systemd[1]: Started ulogd2.service - Netfilter Userspace Logging Daemon. Jun 23 10:19:51.451722 osdx ulogd[377054]: registering plugin `NFCT' Jun 23 10:19:51.451773 osdx ulogd[377054]: registering plugin `IP2STR' Jun 23 10:19:51.451799 osdx cfgd[1453]: [340412]Completed change to active configuration Jun 23 10:19:51.451819 osdx ulogd[377054]: registering plugin `PRINTFLOW' Jun 23 10:19:51.451869 osdx ulogd[377054]: registering plugin `SYSLOG' Jun 23 10:19:51.451873 osdx ulogd[377054]: building new pluginstance stack: 'ct1:NFCT,ip2str1:IP2STR,print1:PRINTFLOW,sys1:SYSLOG' Jun 23 10:19:51.451923 osdx ulogd[377054]: NFCT plugin working in event mode Jun 23 10:19:51.451930 osdx OSDx_DUT0[377054]: Changing UID / GID Jun 23 10:19:51.452007 osdx OSDx_DUT0[377054]: initialization finished, entering main loop Jun 23 10:19:51.490263 osdx OSDxCLI[340412]: User 'admin' committed the configuration. Jun 23 10:19:51.509552 osdx OSDxCLI[340412]: User 'admin' left the configuration menu. Jun 23 10:19:52.512541 osdx OSDx_DUT0[377054]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 Jun 23 10:19:52.512562 osdx OSDx_DUT0[377054]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 Jun 23 10:19:52.599748 osdx OSDx_DUT0[377054]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 Jun 23 10:19:52.599769 osdx OSDx_DUT0[377054]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0
Note
If the identity is not provided, “ulogd” will be used by default.
Step 6: Modify the following configuration lines in DUT0 :
delete system conntrack logging identity
Step 7: Ping IP address 192.168.100.1 from DUT1:
admin@DUT1$ ping 192.168.100.1 count 1 size 56 timeout 1Show output
PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data. 64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.258 ms --- 192.168.100.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.258/0.258/0.258/0.000 ms
Step 8: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
ulogd\[.*\]:.*\[((NEW)|(UPDATE)|(DESTROY))\].*SRC=192.168.100.2Show output
Jun 23 10:19:50.307991 osdx systemd-journald[1747]: Runtime Journal (/run/log/journal/76ff399027db4a3db160ed8651bac52f) is 2.1M, max 15.3M, 13.2M free. Jun 23 10:19:50.309585 osdx systemd-journald[1747]: Received client request to rotate journal, rotating. Jun 23 10:19:50.309656 osdx systemd-journald[1747]: Vacuuming done, freed 0B of archived journals from /run/log/journal/76ff399027db4a3db160ed8651bac52f. Jun 23 10:19:50.318538 osdx OSDxCLI[340412]: User 'admin' executed a new command: 'system journal clear'. Jun 23 10:19:50.538864 osdx OSDxCLI[340412]: User 'admin' executed a new command: 'system coredump delete all'. Jun 23 10:19:50.872954 osdx OSDxCLI[340412]: User 'admin' entered the configuration menu. Jun 23 10:19:51.024937 osdx OSDxCLI[340412]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 192.168.100.1/24'. Jun 23 10:19:51.078736 osdx OSDxCLI[340412]: User 'admin' added a new cfg line: 'set system conntrack logging events all'. Jun 23 10:19:51.170561 osdx OSDxCLI[340412]: User 'admin' added a new cfg line: 'set system conntrack logging identity OSDx_DUT0'. Jun 23 10:19:51.264782 osdx OSDxCLI[340412]: User 'admin' added a new cfg line: 'show working'. Jun 23 10:19:51.332005 osdx INFO[376985]: FRR daemons did not change Jun 23 10:19:51.353587 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Jun 23 10:19:51.449850 osdx systemd[1]: Starting ulogd2.service - Netfilter Userspace Logging Daemon... Jun 23 10:19:51.450715 osdx systemd[1]: Started ulogd2.service - Netfilter Userspace Logging Daemon. Jun 23 10:19:51.451722 osdx ulogd[377054]: registering plugin `NFCT' Jun 23 10:19:51.451773 osdx ulogd[377054]: registering plugin `IP2STR' Jun 23 10:19:51.451799 osdx cfgd[1453]: [340412]Completed change to active configuration Jun 23 10:19:51.451819 osdx ulogd[377054]: registering plugin `PRINTFLOW' Jun 23 10:19:51.451869 osdx ulogd[377054]: registering plugin `SYSLOG' Jun 23 10:19:51.451873 osdx ulogd[377054]: building new pluginstance stack: 'ct1:NFCT,ip2str1:IP2STR,print1:PRINTFLOW,sys1:SYSLOG' Jun 23 10:19:51.451923 osdx ulogd[377054]: NFCT plugin working in event mode Jun 23 10:19:51.451930 osdx OSDx_DUT0[377054]: Changing UID / GID Jun 23 10:19:51.452007 osdx OSDx_DUT0[377054]: initialization finished, entering main loop Jun 23 10:19:51.490263 osdx OSDxCLI[340412]: User 'admin' committed the configuration. Jun 23 10:19:51.509552 osdx OSDxCLI[340412]: User 'admin' left the configuration menu. Jun 23 10:19:52.512541 osdx OSDx_DUT0[377054]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 Jun 23 10:19:52.512562 osdx OSDx_DUT0[377054]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 Jun 23 10:19:52.599748 osdx OSDx_DUT0[377054]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 Jun 23 10:19:52.599769 osdx OSDx_DUT0[377054]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 Jun 23 10:19:52.712740 osdx OSDxCLI[340412]: User 'admin' executed a new command: 'system journal show | cat'. Jun 23 10:19:52.910467 osdx OSDxCLI[340412]: User 'admin' entered the configuration menu. Jun 23 10:19:52.970864 osdx OSDxCLI[340412]: User 'admin' added a new cfg line: 'delete system conntrack logging identity'. Jun 23 10:19:53.079481 osdx OSDxCLI[340412]: User 'admin' added a new cfg line: 'show changes'. Jun 23 10:19:53.144976 osdx INFO[377090]: FRR daemons did not change Jun 23 10:19:53.154239 osdx OSDx_DUT0[377054]: Terminal signal received, exiting Jun 23 10:19:53.154289 osdx systemd[1]: Stopping ulogd2.service - Netfilter Userspace Logging Daemon... Jun 23 10:19:53.154652 osdx systemd[1]: ulogd2.service: Deactivated successfully. Jun 23 10:19:53.154744 osdx systemd[1]: Stopped ulogd2.service - Netfilter Userspace Logging Daemon. Jun 23 10:19:53.173924 osdx systemd[1]: Starting ulogd2.service - Netfilter Userspace Logging Daemon... Jun 23 10:19:53.174941 osdx systemd[1]: Started ulogd2.service - Netfilter Userspace Logging Daemon. Jun 23 10:19:53.175168 osdx ulogd[377099]: registering plugin `NFCT' Jun 23 10:19:53.175220 osdx ulogd[377099]: registering plugin `IP2STR' Jun 23 10:19:53.175277 osdx ulogd[377099]: registering plugin `PRINTFLOW' Jun 23 10:19:53.175339 osdx ulogd[377099]: registering plugin `SYSLOG' Jun 23 10:19:53.175344 osdx ulogd[377099]: building new pluginstance stack: 'ct1:NFCT,ip2str1:IP2STR,print1:PRINTFLOW,sys1:SYSLOG' Jun 23 10:19:53.175393 osdx ulogd[377099]: NFCT plugin working in event mode Jun 23 10:19:53.175400 osdx ulogd[377099]: Changing UID / GID Jun 23 10:19:53.175484 osdx ulogd[377099]: initialization finished, entering main loop Jun 23 10:19:53.176954 osdx cfgd[1453]: [340412]Completed change to active configuration Jun 23 10:19:53.178645 osdx ulogd[377099]: [DESTROY] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 Jun 23 10:19:53.178664 osdx ulogd[377099]: [DESTROY] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 Jun 23 10:19:53.179328 osdx OSDxCLI[340412]: User 'admin' committed the configuration. Jun 23 10:19:53.211522 osdx OSDxCLI[340412]: User 'admin' left the configuration menu. Jun 23 10:19:53.379689 osdx ulogd[377099]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 Jun 23 10:19:53.379714 osdx ulogd[377099]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0
Policies logging
Description
Set a simple configuration with mark and label traffic policies,
send a ping command from one device to other
and check that default, mark and label fields appear when running system journal show.
Scenario
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 192.168.100.1/24 set interfaces ethernet eth0 traffic policy in POLICY set system conntrack logging events all set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0' set traffic label TEST set traffic policy POLICY rule 1 set connmark 33 set traffic policy POLICY rule 1 set label TEST
Step 2: Set the following configuration in DUT1 :
set interfaces ethernet eth0 address 192.168.100.2/24 set protocols static route 0.0.0.0/0 next-hop 192.168.100.1 set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 3: Ping IP address 192.168.100.1 from DUT1:
admin@DUT1$ ping 192.168.100.1 count 1 size 56 timeout 1Show output
PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data. 64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.321 ms --- 192.168.100.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.321/0.321/0.321/0.000 ms
Step 4: Ping IP address 192.168.100.1 from DUT1:
admin@DUT1$ ping 192.168.100.1 count 2 size 56 timeout 1Show output
PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data. 64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.254 ms 64 bytes from 192.168.100.1: icmp_seq=2 ttl=64 time=0.256 ms --- 192.168.100.1 ping statistics --- 2 packets transmitted, 2 received, 0% packet loss, time 1012ms rtt min/avg/max/mdev = 0.254/0.255/0.256/0.001 ms
Step 5: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
ulogd\[.*\]:.*\[((NEW)|(UPDATE)|(DESTROY))\].*MARK=33.*LABELS=TESTShow output
Jun 23 10:19:57.326802 osdx systemd-journald[1747]: Runtime Journal (/run/log/journal/76ff399027db4a3db160ed8651bac52f) is 2.1M, max 15.3M, 13.2M free. Jun 23 10:19:57.327586 osdx systemd-journald[1747]: Received client request to rotate journal, rotating. Jun 23 10:19:57.327624 osdx systemd-journald[1747]: Vacuuming done, freed 0B of archived journals from /run/log/journal/76ff399027db4a3db160ed8651bac52f. Jun 23 10:19:57.336378 osdx OSDxCLI[340412]: User 'admin' executed a new command: 'system journal clear'. Jun 23 10:19:57.596082 osdx OSDxCLI[340412]: User 'admin' executed a new command: 'system coredump delete all'. Jun 23 10:19:57.867503 osdx OSDxCLI[340412]: User 'admin' entered the configuration menu. Jun 23 10:19:57.980189 osdx OSDxCLI[340412]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 traffic policy in POLICY'. Jun 23 10:19:58.032899 osdx OSDxCLI[340412]: User 'admin' added a new cfg line: 'set traffic label TEST'. Jun 23 10:19:58.135808 osdx OSDxCLI[340412]: User 'admin' added a new cfg line: 'set traffic policy POLICY rule 1 set connmark 33'. Jun 23 10:19:58.207182 osdx OSDxCLI[340412]: User 'admin' added a new cfg line: 'set traffic policy POLICY rule 1 set label TEST'. Jun 23 10:19:58.317415 osdx OSDxCLI[340412]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 192.168.100.1/24'. Jun 23 10:19:58.381713 osdx OSDxCLI[340412]: User 'admin' added a new cfg line: 'set system conntrack logging events all'. Jun 23 10:19:58.501251 osdx OSDxCLI[340412]: User 'admin' added a new cfg line: 'show working'. Jun 23 10:19:58.575450 osdx INFO[377245]: FRR daemons did not change Jun 23 10:19:58.599601 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Jun 23 10:19:58.723926 osdx systemd[1]: Starting ulogd2.service - Netfilter Userspace Logging Daemon... Jun 23 10:19:58.725001 osdx systemd[1]: Started ulogd2.service - Netfilter Userspace Logging Daemon. Jun 23 10:19:58.725479 osdx ulogd[377314]: registering plugin `NFCT' Jun 23 10:19:58.725530 osdx ulogd[377314]: registering plugin `IP2STR' Jun 23 10:19:58.725576 osdx ulogd[377314]: registering plugin `PRINTFLOW' Jun 23 10:19:58.725626 osdx ulogd[377314]: registering plugin `SYSLOG' Jun 23 10:19:58.725631 osdx ulogd[377314]: building new pluginstance stack: 'ct1:NFCT,ip2str1:IP2STR,print1:PRINTFLOW,sys1:SYSLOG' Jun 23 10:19:58.725681 osdx ulogd[377314]: NFCT plugin working in event mode Jun 23 10:19:58.725688 osdx ulogd[377314]: Changing UID / GID Jun 23 10:19:58.725773 osdx ulogd[377314]: initialization finished, entering main loop Jun 23 10:19:58.735724 osdx ulogd[377314]: Terminal signal received, exiting Jun 23 10:19:58.735832 osdx systemd[1]: Stopping ulogd2.service - Netfilter Userspace Logging Daemon... Jun 23 10:19:58.736100 osdx systemd[1]: ulogd2.service: Deactivated successfully. Jun 23 10:19:58.736207 osdx systemd[1]: Stopped ulogd2.service - Netfilter Userspace Logging Daemon. Jun 23 10:19:58.737169 osdx systemd[1]: Starting ulogd2.service - Netfilter Userspace Logging Daemon... Jun 23 10:19:58.738154 osdx systemd[1]: Started ulogd2.service - Netfilter Userspace Logging Daemon. Jun 23 10:19:58.738399 osdx ulogd[377320]: registering plugin `NFCT' Jun 23 10:19:58.738451 osdx ulogd[377320]: registering plugin `IP2STR' Jun 23 10:19:58.738499 osdx ulogd[377320]: registering plugin `PRINTFLOW' Jun 23 10:19:58.738562 osdx ulogd[377320]: registering plugin `SYSLOG' Jun 23 10:19:58.738566 osdx ulogd[377320]: building new pluginstance stack: 'ct1:NFCT,ip2str1:IP2STR,print1:PRINTFLOW,sys1:SYSLOG' Jun 23 10:19:58.738614 osdx ulogd[377320]: NFCT plugin working in event mode Jun 23 10:19:58.738622 osdx ulogd[377320]: Changing UID / GID Jun 23 10:19:58.738696 osdx ulogd[377320]: initialization finished, entering main loop Jun 23 10:19:58.916514 osdx cfgd[1453]: [340412]Completed change to active configuration Jun 23 10:19:58.951433 osdx OSDxCLI[340412]: User 'admin' committed the configuration. Jun 23 10:19:58.981960 osdx OSDxCLI[340412]: User 'admin' left the configuration menu. Jun 23 10:19:59.821702 osdx ulogd[377320]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 MARK=33 LABELS=TEST Jun 23 10:19:59.821727 osdx ulogd[377320]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 MARK=33 Jun 23 10:19:59.904335 osdx ulogd[377320]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 MARK=33 LABELS=TEST Jun 23 10:19:59.904357 osdx ulogd[377320]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 MARK=33
VRF logging
Description
Set a simple configuration with a vrf,
send a ping command from one device to other
and check that default and vrf fields appear when running system journal show.
Scenario
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 192.168.100.1/24 set interfaces ethernet eth0 vrf RED set protocols vrf RED static route 0.0.0.0/0 next-hop 192.168.100.2 set system conntrack logging events all set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0' set system vrf RED
Step 2: Set the following configuration in DUT1 :
set interfaces ethernet eth0 address 192.168.100.2/24 set protocols static route 0.0.0.0/0 next-hop 192.168.100.1 set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 3: Ping IP address 192.168.100.1 from DUT1:
admin@DUT1$ ping 192.168.100.1 count 1 size 56 timeout 1Show output
PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data. 64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.346 ms --- 192.168.100.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.346/0.346/0.346/0.000 ms
Step 4: Ping IP address 192.168.100.1 from DUT1:
admin@DUT1$ ping 192.168.100.1 count 1 size 56 timeout 1Show output
PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data. 64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.290 ms --- 192.168.100.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.290/0.290/0.290/0.000 ms
Step 5: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
ulogd\[.*\]:.*\[((NEW)|(UPDATE)|(DESTROY))\].*VRF=REDShow output
Jun 23 10:20:06.316903 osdx systemd-journald[1747]: Runtime Journal (/run/log/journal/76ff399027db4a3db160ed8651bac52f) is 2.0M, max 15.3M, 13.2M free. Jun 23 10:20:06.319532 osdx systemd-journald[1747]: Received client request to rotate journal, rotating. Jun 23 10:20:06.319587 osdx systemd-journald[1747]: Vacuuming done, freed 0B of archived journals from /run/log/journal/76ff399027db4a3db160ed8651bac52f. Jun 23 10:20:06.328551 osdx OSDxCLI[340412]: User 'admin' executed a new command: 'system journal clear'. Jun 23 10:20:06.541588 osdx OSDxCLI[340412]: User 'admin' executed a new command: 'system coredump delete all'. Jun 23 10:20:06.764038 osdx OSDxCLI[340412]: User 'admin' entered the configuration menu. Jun 23 10:20:06.846434 osdx OSDxCLI[340412]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 vrf RED'. Jun 23 10:20:06.930566 osdx OSDxCLI[340412]: User 'admin' added a new cfg line: 'set protocols vrf RED static route 0.0.0.0/0 next-hop 192.168.100.2'. Jun 23 10:20:06.985159 osdx OSDxCLI[340412]: User 'admin' added a new cfg line: 'set system vrf RED'. Jun 23 10:20:07.086699 osdx OSDxCLI[340412]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 192.168.100.1/24'. Jun 23 10:20:07.145844 osdx OSDxCLI[340412]: User 'admin' added a new cfg line: 'set system conntrack logging events all'. Jun 23 10:20:07.260835 osdx OSDxCLI[340412]: User 'admin' added a new cfg line: 'show working'. Jun 23 10:20:07.330191 osdx INFO[377525]: FRR daemons did not change Jun 23 10:20:07.344645 osdx (udev-worker)[377540]: RED: Could not disable auto negotiation, ignoring: Operation not supported Jun 23 10:20:07.344892 osdx (udev-worker)[377540]: Network interface NamePolicy= disabled on kernel command line. Jun 23 10:20:07.367544 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Jun 23 10:20:07.439547 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Jun 23 10:20:07.539849 osdx systemd[1]: Starting ulogd2.service - Netfilter Userspace Logging Daemon... Jun 23 10:20:07.540634 osdx systemd[1]: ulogd2.service: Failed to parse PID from file /run/ulog/ulogd.pid: Invalid argument Jun 23 10:20:07.541174 osdx ulogd[377647]: registering plugin `NFCT' Jun 23 10:20:07.541227 osdx ulogd[377647]: registering plugin `IP2STR' Jun 23 10:20:07.541269 osdx ulogd[377647]: registering plugin `PRINTFLOW' Jun 23 10:20:07.541311 osdx ulogd[377647]: registering plugin `SYSLOG' Jun 23 10:20:07.541314 osdx ulogd[377647]: building new pluginstance stack: 'ct1:NFCT,ip2str1:IP2STR,print1:PRINTFLOW,sys1:SYSLOG' Jun 23 10:20:07.541355 osdx ulogd[377647]: NFCT plugin working in event mode Jun 23 10:20:07.541362 osdx ulogd[377647]: Changing UID / GID Jun 23 10:20:07.541435 osdx ulogd[377647]: initialization finished, entering main loop Jun 23 10:20:07.559594 osdx systemd[1]: Started ulogd2.service - Netfilter Userspace Logging Daemon. Jun 23 10:20:07.560885 osdx cfgd[1453]: [340412]Completed change to active configuration Jun 23 10:20:07.592893 osdx OSDxCLI[340412]: User 'admin' committed the configuration. Jun 23 10:20:07.610325 osdx OSDxCLI[340412]: User 'admin' left the configuration menu. Jun 23 10:20:08.516746 osdx ulogd[377647]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 VRF=RED PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 VRF=RED PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 Jun 23 10:20:08.516769 osdx ulogd[377647]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 VRF=RED PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 VRF=RED PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 Jun 23 10:20:08.608874 osdx ulogd[377647]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 VRF=RED PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 VRF=RED PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 Jun 23 10:20:08.608899 osdx ulogd[377647]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 VRF=RED PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 VRF=RED PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0
Not-Bypass logging
Description
Set a simple configuration with a firewall service,
send a ping command from one device to other
and check that default and bypass fields appear when running system journal show.
Scenario
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth1 address 10.215.168.64/24 set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 2: Ping IP address 10.215.168.1 from DUT0:
admin@DUT0$ ping 10.215.168.1 count 1 size 56 timeout 1Show output
PING 10.215.168.1 (10.215.168.1) 56(84) bytes of data. 64 bytes from 10.215.168.1: icmp_seq=1 ttl=64 time=0.208 ms --- 10.215.168.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.208/0.208/0.208/0.000 ms
Step 3: Run command file copy http://10.215.168.1/~robot/test-performance.rules running:// force at DUT0 and expect this output:
Show output
% Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 100 129 100 129 0 0 21175 0 --:--:-- --:--:-- --:--:-- 21500
Step 4: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 192.168.100.1/24 set interfaces ethernet eth0 traffic policy in POLICY set interfaces ethernet eth1 address 10.215.168.64/24 set service firewall FW mode inline queue FW_Q set service firewall FW ruleset file 'running://test-performance.rules' set service firewall FW stream bypass mark 129834765 set service firewall FW stream bypass mask 129834765 set service firewall FW stream bypass set-connmark set system conntrack logging events all set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0' set traffic policy POLICY rule 1 action enqueue FW_Q set traffic queue FW_Q elements 1
Step 5: Set the following configuration in DUT1 :
set interfaces ethernet eth0 address 192.168.100.2/24 set protocols static route 0.0.0.0/0 next-hop 192.168.100.1 set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 6: Ping IP address 192.168.100.1 from DUT1:
admin@DUT1$ ping 192.168.100.1 count 1 size 56 timeout 1Show output
PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data. 64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.418 ms --- 192.168.100.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.418/0.418/0.418/0.000 ms
Step 7: Ping IP address 192.168.100.1 from DUT1:
admin@DUT1$ ping 192.168.100.1 count 1 size 56 timeout 1Show output
PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data. 64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.294 ms --- 192.168.100.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.294/0.294/0.294/0.000 ms
Step 8: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
ulogd\[.*\]:.*\[((NEW)|(UPDATE)|(DESTROY))\].*Sc: not-bypassShow output
Jun 23 10:20:12.000179 osdx systemd-timedated[373628]: Changed local time to Mon 2025-06-23 10:20:12 UTC Jun 23 10:20:12.001810 osdx OSDxCLI[340412]: User 'admin' executed a new command: 'set date 2025-06-23 10:20:12'. Jun 23 10:20:12.002261 osdx systemd-journald[1747]: Time jumped backwards, rotating. Jun 23 10:20:12.319102 osdx systemd-journald[1747]: Runtime Journal (/run/log/journal/76ff399027db4a3db160ed8651bac52f) is 2.0M, max 15.3M, 13.3M free. Jun 23 10:20:12.322273 osdx systemd-journald[1747]: Received client request to rotate journal, rotating. Jun 23 10:20:12.322337 osdx systemd-journald[1747]: Vacuuming done, freed 0B of archived journals from /run/log/journal/76ff399027db4a3db160ed8651bac52f. Jun 23 10:20:12.328991 osdx OSDxCLI[340412]: User 'admin' executed a new command: 'system journal clear'. Jun 23 10:20:12.556518 osdx OSDxCLI[340412]: User 'admin' executed a new command: 'system coredump delete all'. Jun 23 10:20:12.779308 osdx OSDxCLI[340412]: User 'admin' entered the configuration menu. Jun 23 10:20:12.860682 osdx OSDxCLI[340412]: User 'admin' added a new cfg line: 'set interfaces ethernet eth1 address 10.215.168.64/24'. Jun 23 10:20:12.956814 osdx OSDxCLI[340412]: User 'admin' added a new cfg line: 'show working'. Jun 23 10:20:13.030928 osdx INFO[377862]: FRR daemons did not change Jun 23 10:20:13.054270 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth1 Jun 23 10:20:13.126332 osdx cfgd[1453]: [340412]Completed change to active configuration Jun 23 10:20:13.159161 osdx OSDxCLI[340412]: User 'admin' committed the configuration. Jun 23 10:20:13.181323 osdx OSDxCLI[340412]: User 'admin' left the configuration menu. Jun 23 10:20:13.353583 osdx OSDxCLI[340412]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'. Jun 23 10:20:13.492530 osdx file_operation[377957]: using src url: http://10.215.168.1/~robot/test-performance.rules dst url: running:// Jun 23 10:20:13.518649 osdx OSDxCLI[340412]: User 'admin' executed a new command: 'file copy http://10.215.168.1/~robot/test-performance.rules running:// force'. Jun 23 10:20:13.681515 osdx OSDxCLI[340412]: User 'admin' entered the configuration menu. Jun 23 10:20:13.774594 osdx OSDxCLI[340412]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 traffic policy in POLICY'. Jun 23 10:20:13.838544 osdx OSDxCLI[340412]: User 'admin' added a new cfg line: 'set service firewall FW mode inline queue FW_Q'. Jun 23 10:20:13.944777 osdx OSDxCLI[340412]: User 'admin' added a new cfg line: 'set service firewall FW ruleset file running://test-performance.rules'. Jun 23 10:20:14.022878 osdx OSDxCLI[340412]: User 'admin' added a new cfg line: 'set service firewall FW stream bypass'. Jun 23 10:20:14.081168 osdx OSDxCLI[340412]: User 'admin' added a new cfg line: 'set service firewall FW stream bypass mark 129834765'. Jun 23 10:20:14.168900 osdx OSDxCLI[340412]: User 'admin' added a new cfg line: 'set service firewall FW stream bypass mask 129834765'. Jun 23 10:20:14.228333 osdx OSDxCLI[340412]: User 'admin' added a new cfg line: 'set service firewall FW stream bypass set-connmark'. Jun 23 10:20:14.338571 osdx OSDxCLI[340412]: User 'admin' added a new cfg line: 'set traffic queue FW_Q elements 1'. Jun 23 10:20:14.398178 osdx OSDxCLI[340412]: User 'admin' added a new cfg line: 'set traffic policy POLICY rule 1 action enqueue FW_Q'. Jun 23 10:20:14.506583 osdx OSDxCLI[340412]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 192.168.100.1/24'. Jun 23 10:20:14.559329 osdx OSDxCLI[340412]: User 'admin' added a new cfg line: 'set system conntrack logging events all'. Jun 23 10:20:14.677147 osdx OSDxCLI[340412]: User 'admin' added a new cfg line: 'show working'. Jun 23 10:20:14.769323 osdx INFO[378002]: FRR daemons did not change Jun 23 10:20:14.794300 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Jun 23 10:20:14.894516 osdx systemd[1]: Starting ulogd2.service - Netfilter Userspace Logging Daemon... Jun 23 10:20:14.895605 osdx systemd[1]: Started ulogd2.service - Netfilter Userspace Logging Daemon. Jun 23 10:20:14.896263 osdx ulogd[378071]: registering plugin `NFCT' Jun 23 10:20:14.896306 osdx ulogd[378071]: registering plugin `IP2STR' Jun 23 10:20:14.896343 osdx ulogd[378071]: registering plugin `PRINTFLOW' Jun 23 10:20:14.896381 osdx ulogd[378071]: registering plugin `SYSLOG' Jun 23 10:20:14.896385 osdx ulogd[378071]: building new pluginstance stack: 'ct1:NFCT,ip2str1:IP2STR,print1:PRINTFLOW,sys1:SYSLOG' Jun 23 10:20:14.896424 osdx ulogd[378071]: NFCT plugin working in event mode Jun 23 10:20:14.896430 osdx ulogd[378071]: Changing UID / GID Jun 23 10:20:14.896495 osdx ulogd[378071]: initialization finished, entering main loop Jun 23 10:20:15.097839 osdx systemd[1]: Reloading. Jun 23 10:20:15.218266 osdx systemd-sysv-generator[378104]: stat() failed on /etc/init.d/README, ignoring: No such file or directory Jun 23 10:20:15.326741 osdx systemd[1]: Starting logrotate.service - Rotate log files... Jun 23 10:20:15.330789 osdx systemd[1]: Starting suricata@FW.service - Suricata client "FW" service... Jun 23 10:20:15.350318 osdx systemd[1]: Started suricata@FW.service - Suricata client "FW" service. Jun 23 10:20:15.355597 osdx systemd[1]: logrotate.service: Deactivated successfully. Jun 23 10:20:15.355704 osdx systemd[1]: Finished logrotate.service - Rotate log files. Jun 23 10:20:15.591095 osdx INFO[378086]: Rules successfully loaded Jun 23 10:20:15.604030 osdx ulogd[378071]: Terminal signal received, exiting Jun 23 10:20:15.604128 osdx systemd[1]: Stopping ulogd2.service - Netfilter Userspace Logging Daemon... Jun 23 10:20:15.604542 osdx systemd[1]: ulogd2.service: Deactivated successfully. Jun 23 10:20:15.604634 osdx systemd[1]: Stopped ulogd2.service - Netfilter Userspace Logging Daemon. Jun 23 10:20:15.630529 osdx systemd[1]: Starting ulogd2.service - Netfilter Userspace Logging Daemon... Jun 23 10:20:15.631211 osdx systemd[1]: Started ulogd2.service - Netfilter Userspace Logging Daemon. Jun 23 10:20:15.631558 osdx ulogd[378132]: registering plugin `NFCT' Jun 23 10:20:15.631602 osdx ulogd[378132]: registering plugin `IP2STR' Jun 23 10:20:15.631638 osdx ulogd[378132]: registering plugin `PRINTFLOW' Jun 23 10:20:15.631676 osdx ulogd[378132]: registering plugin `SYSLOG' Jun 23 10:20:15.631679 osdx ulogd[378132]: building new pluginstance stack: 'ct1:NFCT,ip2str1:IP2STR,print1:PRINTFLOW,sys1:SYSLOG' Jun 23 10:20:15.631718 osdx ulogd[378132]: NFCT plugin working in event mode Jun 23 10:20:15.631724 osdx ulogd[378132]: Changing UID / GID Jun 23 10:20:15.631790 osdx ulogd[378132]: initialization finished, entering main loop Jun 23 10:20:15.632925 osdx cfgd[1453]: [340412]Completed change to active configuration Jun 23 10:20:15.664650 osdx OSDxCLI[340412]: User 'admin' committed the configuration. Jun 23 10:20:15.693489 osdx OSDxCLI[340412]: User 'admin' left the configuration menu. Jun 23 10:20:16.600930 osdx ulogd[378132]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 (Sc: not-bypass) Jun 23 10:20:16.600948 osdx ulogd[378132]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 (Sc: not-bypass) Jun 23 10:20:16.684257 osdx ulogd[378132]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 (Sc: not-bypass) Jun 23 10:20:16.684279 osdx ulogd[378132]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 (Sc: not-bypass)
Offload flag
Description
Set a simple configuration with DUT0 as an intermediary between DUT1
and DUT2. Initiate a ssh connection from DUT1 to DUT2
and check that default and offload fields appear when running system journal show.
Scenario
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 192.168.100.1/24 set interfaces ethernet eth1 address 192.168.200.1/24 set system conntrack logging events all set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 2: Set the following configuration in DUT1 :
set interfaces ethernet eth0 address 192.168.100.2/24 set protocols static route 0.0.0.0/0 next-hop 192.168.100.1 set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 3: Set the following configuration in DUT2 :
set interfaces ethernet eth0 address 192.168.200.2/24 set protocols static route 0.0.0.0/0 next-hop 192.168.200.1 set service ssh set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 4: Ping IP address 192.168.100.1 from DUT1:
admin@DUT1$ ping 192.168.100.1 count 1 size 56 timeout 1Show output
PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data. 64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.300 ms --- 192.168.100.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.300/0.300/0.300/0.000 ms
Step 5: Ping IP address 192.168.200.1 from DUT2:
admin@DUT2$ ping 192.168.200.1 count 1 size 56 timeout 1Show output
PING 192.168.200.1 (192.168.200.1) 56(84) bytes of data. 64 bytes from 192.168.200.1: icmp_seq=1 ttl=64 time=0.324 ms --- 192.168.200.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.324/0.324/0.324/0.000 ms
Step 6: Init an SSH connection from DUT1 to IP address 192.168.200.2 with the user admin:
admin@DUT1$ ssh admin@192.168.200.2 option StrictHostKeyChecking=no option UserKnownHostsFile=/dev/nullShow output
Warning: Permanently added '192.168.200.2' (ECDSA) to the list of known hosts. admin@192.168.200.2's password: Welcome to Teldat OSDx v4.2.2.6 This system includes free software. Contact Teldat for licenses information and source code. Last login: Mon Jun 23 10:19:02 2025 from 10.215.168.64 admin@osdx$
Step 7: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
ulogd\[.*\]:.*\[((NEW)|(UPDATE)|(DESTROY))\].*\[OFFLOAD\]Show output
Jun 23 10:20:24.308090 osdx systemd-journald[1747]: Runtime Journal (/run/log/journal/76ff399027db4a3db160ed8651bac52f) is 2.1M, max 15.3M, 13.2M free. Jun 23 10:20:24.309176 osdx systemd-journald[1747]: Received client request to rotate journal, rotating. Jun 23 10:20:24.309229 osdx systemd-journald[1747]: Vacuuming done, freed 0B of archived journals from /run/log/journal/76ff399027db4a3db160ed8651bac52f. Jun 23 10:20:24.318318 osdx OSDxCLI[340412]: User 'admin' executed a new command: 'system journal clear'. Jun 23 10:20:24.538098 osdx OSDxCLI[340412]: User 'admin' executed a new command: 'system coredump delete all'. Jun 23 10:20:24.781380 osdx OSDxCLI[340412]: User 'admin' entered the configuration menu. Jun 23 10:20:24.861883 osdx OSDxCLI[340412]: User 'admin' added a new cfg line: 'set interfaces ethernet eth1 address 192.168.200.1/24'. Jun 23 10:20:24.947636 osdx OSDxCLI[340412]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 192.168.100.1/24'. Jun 23 10:20:25.080092 osdx OSDxCLI[340412]: User 'admin' added a new cfg line: 'set system conntrack logging events all'. Jun 23 10:20:25.192656 osdx OSDxCLI[340412]: User 'admin' added a new cfg line: 'show working'. Jun 23 10:20:25.271194 osdx INFO[378362]: FRR daemons did not change Jun 23 10:20:25.293185 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth1 Jun 23 10:20:25.365197 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Jun 23 10:20:25.457497 osdx systemd[1]: Starting ulogd2.service - Netfilter Userspace Logging Daemon... Jun 23 10:20:25.458309 osdx systemd[1]: Started ulogd2.service - Netfilter Userspace Logging Daemon. Jun 23 10:20:25.458499 osdx ulogd[378484]: registering plugin `NFCT' Jun 23 10:20:25.458538 osdx ulogd[378484]: registering plugin `IP2STR' Jun 23 10:20:25.458591 osdx ulogd[378484]: registering plugin `PRINTFLOW' Jun 23 10:20:25.458641 osdx ulogd[378484]: registering plugin `SYSLOG' Jun 23 10:20:25.458645 osdx ulogd[378484]: building new pluginstance stack: 'ct1:NFCT,ip2str1:IP2STR,print1:PRINTFLOW,sys1:SYSLOG' Jun 23 10:20:25.458684 osdx ulogd[378484]: NFCT plugin working in event mode Jun 23 10:20:25.458690 osdx ulogd[378484]: Changing UID / GID Jun 23 10:20:25.458759 osdx ulogd[378484]: initialization finished, entering main loop Jun 23 10:20:25.459542 osdx cfgd[1453]: [340412]Completed change to active configuration Jun 23 10:20:25.484890 osdx OSDxCLI[340412]: User 'admin' committed the configuration. Jun 23 10:20:25.500559 osdx OSDxCLI[340412]: User 'admin' left the configuration menu. Jun 23 10:20:27.147405 osdx ulogd[378484]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 Jun 23 10:20:27.147424 osdx ulogd[378484]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 Jun 23 10:20:27.228730 osdx ulogd[378484]: [NEW] ORIG: SRC=192.168.200.2 DST=192.168.200.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.200.1 DST=192.168.200.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 Jun 23 10:20:27.228749 osdx ulogd[378484]: [UPDATE] ORIG: SRC=192.168.200.2 DST=192.168.200.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.200.1 DST=192.168.200.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 Jun 23 10:20:27.302760 osdx ulogd[378484]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.200.2 PROTO=TCP SPT=49754 DPT=22 PKTS=0 BYTES=0 , REPLY: SRC=192.168.200.2 DST=192.168.100.2 PROTO=TCP SPT=22 DPT=49754 PKTS=0 BYTES=0 Jun 23 10:20:27.302847 osdx ulogd[378484]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.200.2 PROTO=TCP SPT=49754 DPT=22 PKTS=0 BYTES=0 , REPLY: SRC=192.168.200.2 DST=192.168.100.2 PROTO=TCP SPT=22 DPT=49754 PKTS=0 BYTES=0 Jun 23 10:20:27.302937 osdx ulogd[378484]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.200.2 PROTO=TCP SPT=49754 DPT=22 PKTS=0 BYTES=0 , REPLY: SRC=192.168.200.2 DST=192.168.100.2 PROTO=TCP SPT=22 DPT=49754 PKTS=0 BYTES=0 [OFFLOAD] Jun 23 10:20:27.571262 osdx ulogd[378484]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.200.2 PROTO=TCP SPT=49754 DPT=22 PKTS=0 BYTES=0 , REPLY: SRC=192.168.200.2 DST=192.168.100.2 PROTO=TCP SPT=22 DPT=49754 PKTS=0 BYTES=0 Jun 23 10:20:27.572476 osdx ulogd[378484]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.200.2 PROTO=TCP SPT=49754 DPT=22 PKTS=0 BYTES=0 , REPLY: SRC=192.168.200.2 DST=192.168.100.2 PROTO=TCP SPT=22 DPT=49754 PKTS=0 BYTES=0 Jun 23 10:20:27.572567 osdx ulogd[378484]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.200.2 PROTO=TCP SPT=49754 DPT=22 PKTS=0 BYTES=0 , REPLY: SRC=192.168.200.2 DST=192.168.100.2 PROTO=TCP SPT=22 DPT=49754 PKTS=0 BYTES=0 [OFFLOAD]
App detect logging
Description
Set a simple configuration enabling app detection in system conntrack, send a ping command from DUT1
and check app detect field appears when running system journal show. After that, enabling app detection
in system conntrack for http host, try to copy index.html from a http server
and check that the app detect field appears and belongs to the http server when running system journal show.
Scenario
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 192.168.100.1/24 set system conntrack app-detect set system conntrack logging events all set system conntrack timeout icmp 1 set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 2: Set the following configuration in DUT1 :
set interfaces ethernet eth0 address 192.168.100.2/24 set protocols static route 0.0.0.0/0 next-hop 192.168.100.1 set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 3: Ping IP address 192.168.100.1 from DUT1:
admin@DUT1$ ping 192.168.100.1 count 1 size 56 timeout 1Show output
PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data. 64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.362 ms --- 192.168.100.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.362/0.362/0.362/0.000 ms
Step 4: Ping IP address 192.168.100.1 from DUT1:
admin@DUT1$ ping 192.168.100.1 count 3 size 56 timeout 1Show output
PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data. 64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.345 ms 64 bytes from 192.168.100.1: icmp_seq=2 ttl=64 time=0.248 ms 64 bytes from 192.168.100.1: icmp_seq=3 ttl=64 time=0.275 ms --- 192.168.100.1 ping statistics --- 3 packets transmitted, 3 received, 0% packet loss, time 2048ms rtt min/avg/max/mdev = 0.248/0.289/0.345/0.040 ms
Step 5: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
ulogd\[.*\]:.*\[NEW\].*APPDETECT\[L3:1\]Show output
Jun 23 10:20:31.000205 osdx systemd-timedated[373628]: Changed local time to Mon 2025-06-23 10:20:31 UTC Jun 23 10:20:31.002545 osdx OSDxCLI[340412]: User 'admin' executed a new command: 'set date 2025-06-23 10:20:31'. Jun 23 10:20:31.003216 osdx systemd-journald[1747]: Time jumped backwards, rotating. Jun 23 10:20:31.313700 osdx systemd-journald[1747]: Runtime Journal (/run/log/journal/76ff399027db4a3db160ed8651bac52f) is 2.0M, max 15.3M, 13.3M free. Jun 23 10:20:31.315212 osdx systemd-journald[1747]: Received client request to rotate journal, rotating. Jun 23 10:20:31.315270 osdx systemd-journald[1747]: Vacuuming done, freed 0B of archived journals from /run/log/journal/76ff399027db4a3db160ed8651bac52f. Jun 23 10:20:31.323275 osdx OSDxCLI[340412]: User 'admin' executed a new command: 'system journal clear'. Jun 23 10:20:31.530655 osdx OSDxCLI[340412]: User 'admin' executed a new command: 'system coredump delete all'. Jun 23 10:20:31.759089 osdx OSDxCLI[340412]: User 'admin' entered the configuration menu. Jun 23 10:20:31.817983 osdx OSDxCLI[340412]: User 'admin' added a new cfg line: 'set system conntrack app-detect'. Jun 23 10:20:31.918371 osdx OSDxCLI[340412]: User 'admin' added a new cfg line: 'set system conntrack timeout icmp 1'. Jun 23 10:20:31.993184 osdx OSDxCLI[340412]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 192.168.100.1/24'. Jun 23 10:20:32.075858 osdx OSDxCLI[340412]: User 'admin' added a new cfg line: 'set system conntrack logging events all'. Jun 23 10:20:32.200944 osdx OSDxCLI[340412]: User 'admin' added a new cfg line: 'show working'. Jun 23 10:20:32.277413 osdx INFO[378650]: FRR daemons did not change Jun 23 10:20:32.443214 osdx kernel: app-detect: module init Jun 23 10:20:32.443257 osdx kernel: app-detect: registered: sysctl net.appdetect Jun 23 10:20:32.443274 osdx kernel: app-detect: expression init Jun 23 10:20:32.443282 osdx kernel: app-detect: appid cache initialized Jun 23 10:20:32.443290 osdx kernel: app-detect: appid cache changes counter initialized Jun 23 10:20:32.447103 osdx modulelauncher[378653]: AppDetect: no change in application dictionaries, thus nothing more to do Jun 23 10:20:32.471221 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Jun 23 10:20:32.583497 osdx systemd[1]: Starting ulogd2.service - Netfilter Userspace Logging Daemon... Jun 23 10:20:32.584448 osdx systemd[1]: ulogd2.service: Failed to parse PID from file /run/ulog/ulogd.pid: Invalid argument Jun 23 10:20:32.584779 osdx systemd[1]: Started ulogd2.service - Netfilter Userspace Logging Daemon. Jun 23 10:20:32.585815 osdx cfgd[1453]: [340412]Completed change to active configuration Jun 23 10:20:32.586473 osdx ulogd[378742]: registering plugin `NFCT' Jun 23 10:20:32.586513 osdx ulogd[378742]: registering plugin `IP2STR' Jun 23 10:20:32.586547 osdx ulogd[378742]: registering plugin `PRINTFLOW' Jun 23 10:20:32.586595 osdx ulogd[378742]: registering plugin `SYSLOG' Jun 23 10:20:32.586599 osdx ulogd[378742]: building new pluginstance stack: 'ct1:NFCT,ip2str1:IP2STR,print1:PRINTFLOW,sys1:SYSLOG' Jun 23 10:20:32.586646 osdx ulogd[378742]: NFCT plugin working in event mode Jun 23 10:20:32.586654 osdx ulogd[378742]: Changing UID / GID Jun 23 10:20:32.586734 osdx ulogd[378742]: initialization finished, entering main loop Jun 23 10:20:32.626495 osdx OSDxCLI[340412]: User 'admin' committed the configuration. Jun 23 10:20:32.644988 osdx OSDxCLI[340412]: User 'admin' left the configuration menu. Jun 23 10:20:33.530347 osdx ulogd[378742]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Jun 23 10:20:33.530372 osdx ulogd[378742]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Jun 23 10:20:33.620409 osdx ulogd[378742]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Jun 23 10:20:33.620434 osdx ulogd[378742]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Jun 23 10:20:34.644257 osdx ulogd[378742]: [DESTROY] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 APPDETECT[L3:1] Jun 23 10:20:34.644279 osdx ulogd[378742]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Jun 23 10:20:34.644293 osdx ulogd[378742]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Jun 23 10:20:35.668279 osdx ulogd[378742]: [DESTROY] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 APPDETECT[L3:1] Jun 23 10:20:35.668300 osdx ulogd[378742]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Jun 23 10:20:35.668312 osdx ulogd[378742]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1]
Step 6: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
ulogd\[.*\]:.*\[UPDATE\].*APPDETECT\[L3:1\]Show output
Jun 23 10:20:31.000205 osdx systemd-timedated[373628]: Changed local time to Mon 2025-06-23 10:20:31 UTC Jun 23 10:20:31.002545 osdx OSDxCLI[340412]: User 'admin' executed a new command: 'set date 2025-06-23 10:20:31'. Jun 23 10:20:31.003216 osdx systemd-journald[1747]: Time jumped backwards, rotating. Jun 23 10:20:31.313700 osdx systemd-journald[1747]: Runtime Journal (/run/log/journal/76ff399027db4a3db160ed8651bac52f) is 2.0M, max 15.3M, 13.3M free. Jun 23 10:20:31.315212 osdx systemd-journald[1747]: Received client request to rotate journal, rotating. Jun 23 10:20:31.315270 osdx systemd-journald[1747]: Vacuuming done, freed 0B of archived journals from /run/log/journal/76ff399027db4a3db160ed8651bac52f. Jun 23 10:20:31.323275 osdx OSDxCLI[340412]: User 'admin' executed a new command: 'system journal clear'. Jun 23 10:20:31.530655 osdx OSDxCLI[340412]: User 'admin' executed a new command: 'system coredump delete all'. Jun 23 10:20:31.759089 osdx OSDxCLI[340412]: User 'admin' entered the configuration menu. Jun 23 10:20:31.817983 osdx OSDxCLI[340412]: User 'admin' added a new cfg line: 'set system conntrack app-detect'. Jun 23 10:20:31.918371 osdx OSDxCLI[340412]: User 'admin' added a new cfg line: 'set system conntrack timeout icmp 1'. Jun 23 10:20:31.993184 osdx OSDxCLI[340412]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 192.168.100.1/24'. Jun 23 10:20:32.075858 osdx OSDxCLI[340412]: User 'admin' added a new cfg line: 'set system conntrack logging events all'. Jun 23 10:20:32.200944 osdx OSDxCLI[340412]: User 'admin' added a new cfg line: 'show working'. Jun 23 10:20:32.277413 osdx INFO[378650]: FRR daemons did not change Jun 23 10:20:32.443214 osdx kernel: app-detect: module init Jun 23 10:20:32.443257 osdx kernel: app-detect: registered: sysctl net.appdetect Jun 23 10:20:32.443274 osdx kernel: app-detect: expression init Jun 23 10:20:32.443282 osdx kernel: app-detect: appid cache initialized Jun 23 10:20:32.443290 osdx kernel: app-detect: appid cache changes counter initialized Jun 23 10:20:32.447103 osdx modulelauncher[378653]: AppDetect: no change in application dictionaries, thus nothing more to do Jun 23 10:20:32.471221 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Jun 23 10:20:32.583497 osdx systemd[1]: Starting ulogd2.service - Netfilter Userspace Logging Daemon... Jun 23 10:20:32.584448 osdx systemd[1]: ulogd2.service: Failed to parse PID from file /run/ulog/ulogd.pid: Invalid argument Jun 23 10:20:32.584779 osdx systemd[1]: Started ulogd2.service - Netfilter Userspace Logging Daemon. Jun 23 10:20:32.585815 osdx cfgd[1453]: [340412]Completed change to active configuration Jun 23 10:20:32.586473 osdx ulogd[378742]: registering plugin `NFCT' Jun 23 10:20:32.586513 osdx ulogd[378742]: registering plugin `IP2STR' Jun 23 10:20:32.586547 osdx ulogd[378742]: registering plugin `PRINTFLOW' Jun 23 10:20:32.586595 osdx ulogd[378742]: registering plugin `SYSLOG' Jun 23 10:20:32.586599 osdx ulogd[378742]: building new pluginstance stack: 'ct1:NFCT,ip2str1:IP2STR,print1:PRINTFLOW,sys1:SYSLOG' Jun 23 10:20:32.586646 osdx ulogd[378742]: NFCT plugin working in event mode Jun 23 10:20:32.586654 osdx ulogd[378742]: Changing UID / GID Jun 23 10:20:32.586734 osdx ulogd[378742]: initialization finished, entering main loop Jun 23 10:20:32.626495 osdx OSDxCLI[340412]: User 'admin' committed the configuration. Jun 23 10:20:32.644988 osdx OSDxCLI[340412]: User 'admin' left the configuration menu. Jun 23 10:20:33.530347 osdx ulogd[378742]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Jun 23 10:20:33.530372 osdx ulogd[378742]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Jun 23 10:20:33.620409 osdx ulogd[378742]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Jun 23 10:20:33.620434 osdx ulogd[378742]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Jun 23 10:20:34.644257 osdx ulogd[378742]: [DESTROY] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 APPDETECT[L3:1] Jun 23 10:20:34.644279 osdx ulogd[378742]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Jun 23 10:20:34.644293 osdx ulogd[378742]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Jun 23 10:20:35.668279 osdx ulogd[378742]: [DESTROY] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 APPDETECT[L3:1] Jun 23 10:20:35.668300 osdx ulogd[378742]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Jun 23 10:20:35.668312 osdx ulogd[378742]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Jun 23 10:20:35.767856 osdx OSDxCLI[340412]: User 'admin' executed a new command: 'system journal show | cat'.
Step 7: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
ulogd\[.*\]:.*\[DESTROY\].*APPDETECT\[L3:1\]Show output
Jun 23 10:20:31.000205 osdx systemd-timedated[373628]: Changed local time to Mon 2025-06-23 10:20:31 UTC Jun 23 10:20:31.002545 osdx OSDxCLI[340412]: User 'admin' executed a new command: 'set date 2025-06-23 10:20:31'. Jun 23 10:20:31.003216 osdx systemd-journald[1747]: Time jumped backwards, rotating. Jun 23 10:20:31.313700 osdx systemd-journald[1747]: Runtime Journal (/run/log/journal/76ff399027db4a3db160ed8651bac52f) is 2.0M, max 15.3M, 13.3M free. Jun 23 10:20:31.315212 osdx systemd-journald[1747]: Received client request to rotate journal, rotating. Jun 23 10:20:31.315270 osdx systemd-journald[1747]: Vacuuming done, freed 0B of archived journals from /run/log/journal/76ff399027db4a3db160ed8651bac52f. Jun 23 10:20:31.323275 osdx OSDxCLI[340412]: User 'admin' executed a new command: 'system journal clear'. Jun 23 10:20:31.530655 osdx OSDxCLI[340412]: User 'admin' executed a new command: 'system coredump delete all'. Jun 23 10:20:31.759089 osdx OSDxCLI[340412]: User 'admin' entered the configuration menu. Jun 23 10:20:31.817983 osdx OSDxCLI[340412]: User 'admin' added a new cfg line: 'set system conntrack app-detect'. Jun 23 10:20:31.918371 osdx OSDxCLI[340412]: User 'admin' added a new cfg line: 'set system conntrack timeout icmp 1'. Jun 23 10:20:31.993184 osdx OSDxCLI[340412]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 192.168.100.1/24'. Jun 23 10:20:32.075858 osdx OSDxCLI[340412]: User 'admin' added a new cfg line: 'set system conntrack logging events all'. Jun 23 10:20:32.200944 osdx OSDxCLI[340412]: User 'admin' added a new cfg line: 'show working'. Jun 23 10:20:32.277413 osdx INFO[378650]: FRR daemons did not change Jun 23 10:20:32.443214 osdx kernel: app-detect: module init Jun 23 10:20:32.443257 osdx kernel: app-detect: registered: sysctl net.appdetect Jun 23 10:20:32.443274 osdx kernel: app-detect: expression init Jun 23 10:20:32.443282 osdx kernel: app-detect: appid cache initialized Jun 23 10:20:32.443290 osdx kernel: app-detect: appid cache changes counter initialized Jun 23 10:20:32.447103 osdx modulelauncher[378653]: AppDetect: no change in application dictionaries, thus nothing more to do Jun 23 10:20:32.471221 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Jun 23 10:20:32.583497 osdx systemd[1]: Starting ulogd2.service - Netfilter Userspace Logging Daemon... Jun 23 10:20:32.584448 osdx systemd[1]: ulogd2.service: Failed to parse PID from file /run/ulog/ulogd.pid: Invalid argument Jun 23 10:20:32.584779 osdx systemd[1]: Started ulogd2.service - Netfilter Userspace Logging Daemon. Jun 23 10:20:32.585815 osdx cfgd[1453]: [340412]Completed change to active configuration Jun 23 10:20:32.586473 osdx ulogd[378742]: registering plugin `NFCT' Jun 23 10:20:32.586513 osdx ulogd[378742]: registering plugin `IP2STR' Jun 23 10:20:32.586547 osdx ulogd[378742]: registering plugin `PRINTFLOW' Jun 23 10:20:32.586595 osdx ulogd[378742]: registering plugin `SYSLOG' Jun 23 10:20:32.586599 osdx ulogd[378742]: building new pluginstance stack: 'ct1:NFCT,ip2str1:IP2STR,print1:PRINTFLOW,sys1:SYSLOG' Jun 23 10:20:32.586646 osdx ulogd[378742]: NFCT plugin working in event mode Jun 23 10:20:32.586654 osdx ulogd[378742]: Changing UID / GID Jun 23 10:20:32.586734 osdx ulogd[378742]: initialization finished, entering main loop Jun 23 10:20:32.626495 osdx OSDxCLI[340412]: User 'admin' committed the configuration. Jun 23 10:20:32.644988 osdx OSDxCLI[340412]: User 'admin' left the configuration menu. Jun 23 10:20:33.530347 osdx ulogd[378742]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Jun 23 10:20:33.530372 osdx ulogd[378742]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Jun 23 10:20:33.620409 osdx ulogd[378742]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Jun 23 10:20:33.620434 osdx ulogd[378742]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Jun 23 10:20:34.644257 osdx ulogd[378742]: [DESTROY] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 APPDETECT[L3:1] Jun 23 10:20:34.644279 osdx ulogd[378742]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Jun 23 10:20:34.644293 osdx ulogd[378742]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Jun 23 10:20:35.668279 osdx ulogd[378742]: [DESTROY] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 APPDETECT[L3:1] Jun 23 10:20:35.668300 osdx ulogd[378742]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Jun 23 10:20:35.668312 osdx ulogd[378742]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Jun 23 10:20:35.767856 osdx OSDxCLI[340412]: User 'admin' executed a new command: 'system journal show | cat'. Jun 23 10:20:35.897247 osdx OSDxCLI[340412]: User 'admin' executed a new command: 'system journal show | cat'.
Step 8: Modify the following configuration lines in DUT0 :
set interfaces ethernet eth1 address 10.215.168.64/24 set system conntrack app-detect http-host
Step 9: Ping IP address 10.215.168.1 from DUT0:
admin@DUT0$ ping 10.215.168.1 count 1 size 56 timeout 1Show output
PING 10.215.168.1 (10.215.168.1) 56(84) bytes of data. 64 bytes from 10.215.168.1: icmp_seq=1 ttl=64 time=0.235 ms --- 10.215.168.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.235/0.235/0.235/0.000 ms
Step 10: Run command file copy http://10.215.168.1/~robot/ running://index.html at DUT0 and expect this output:
Show output
% Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 100 4352 0 4352 0 0 1331k 0 --:--:-- --:--:-- --:--:-- 1416k
Step 11: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
ulogd\[.*\]:.*\[((NEW)|(UPDATE)|(DESTROY))\].*APPDETECT\[L4:80 http-host:10.215.168.1\]Show output
Jun 23 10:20:31.000205 osdx systemd-timedated[373628]: Changed local time to Mon 2025-06-23 10:20:31 UTC Jun 23 10:20:31.002545 osdx OSDxCLI[340412]: User 'admin' executed a new command: 'set date 2025-06-23 10:20:31'. Jun 23 10:20:31.003216 osdx systemd-journald[1747]: Time jumped backwards, rotating. Jun 23 10:20:31.313700 osdx systemd-journald[1747]: Runtime Journal (/run/log/journal/76ff399027db4a3db160ed8651bac52f) is 2.0M, max 15.3M, 13.3M free. Jun 23 10:20:31.315212 osdx systemd-journald[1747]: Received client request to rotate journal, rotating. Jun 23 10:20:31.315270 osdx systemd-journald[1747]: Vacuuming done, freed 0B of archived journals from /run/log/journal/76ff399027db4a3db160ed8651bac52f. Jun 23 10:20:31.323275 osdx OSDxCLI[340412]: User 'admin' executed a new command: 'system journal clear'. Jun 23 10:20:31.530655 osdx OSDxCLI[340412]: User 'admin' executed a new command: 'system coredump delete all'. Jun 23 10:20:31.759089 osdx OSDxCLI[340412]: User 'admin' entered the configuration menu. Jun 23 10:20:31.817983 osdx OSDxCLI[340412]: User 'admin' added a new cfg line: 'set system conntrack app-detect'. Jun 23 10:20:31.918371 osdx OSDxCLI[340412]: User 'admin' added a new cfg line: 'set system conntrack timeout icmp 1'. Jun 23 10:20:31.993184 osdx OSDxCLI[340412]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 192.168.100.1/24'. Jun 23 10:20:32.075858 osdx OSDxCLI[340412]: User 'admin' added a new cfg line: 'set system conntrack logging events all'. Jun 23 10:20:32.200944 osdx OSDxCLI[340412]: User 'admin' added a new cfg line: 'show working'. Jun 23 10:20:32.277413 osdx INFO[378650]: FRR daemons did not change Jun 23 10:20:32.443214 osdx kernel: app-detect: module init Jun 23 10:20:32.443257 osdx kernel: app-detect: registered: sysctl net.appdetect Jun 23 10:20:32.443274 osdx kernel: app-detect: expression init Jun 23 10:20:32.443282 osdx kernel: app-detect: appid cache initialized Jun 23 10:20:32.443290 osdx kernel: app-detect: appid cache changes counter initialized Jun 23 10:20:32.447103 osdx modulelauncher[378653]: AppDetect: no change in application dictionaries, thus nothing more to do Jun 23 10:20:32.471221 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Jun 23 10:20:32.583497 osdx systemd[1]: Starting ulogd2.service - Netfilter Userspace Logging Daemon... Jun 23 10:20:32.584448 osdx systemd[1]: ulogd2.service: Failed to parse PID from file /run/ulog/ulogd.pid: Invalid argument Jun 23 10:20:32.584779 osdx systemd[1]: Started ulogd2.service - Netfilter Userspace Logging Daemon. Jun 23 10:20:32.585815 osdx cfgd[1453]: [340412]Completed change to active configuration Jun 23 10:20:32.586473 osdx ulogd[378742]: registering plugin `NFCT' Jun 23 10:20:32.586513 osdx ulogd[378742]: registering plugin `IP2STR' Jun 23 10:20:32.586547 osdx ulogd[378742]: registering plugin `PRINTFLOW' Jun 23 10:20:32.586595 osdx ulogd[378742]: registering plugin `SYSLOG' Jun 23 10:20:32.586599 osdx ulogd[378742]: building new pluginstance stack: 'ct1:NFCT,ip2str1:IP2STR,print1:PRINTFLOW,sys1:SYSLOG' Jun 23 10:20:32.586646 osdx ulogd[378742]: NFCT plugin working in event mode Jun 23 10:20:32.586654 osdx ulogd[378742]: Changing UID / GID Jun 23 10:20:32.586734 osdx ulogd[378742]: initialization finished, entering main loop Jun 23 10:20:32.626495 osdx OSDxCLI[340412]: User 'admin' committed the configuration. Jun 23 10:20:32.644988 osdx OSDxCLI[340412]: User 'admin' left the configuration menu. Jun 23 10:20:33.530347 osdx ulogd[378742]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Jun 23 10:20:33.530372 osdx ulogd[378742]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Jun 23 10:20:33.620409 osdx ulogd[378742]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Jun 23 10:20:33.620434 osdx ulogd[378742]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Jun 23 10:20:34.644257 osdx ulogd[378742]: [DESTROY] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 APPDETECT[L3:1] Jun 23 10:20:34.644279 osdx ulogd[378742]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Jun 23 10:20:34.644293 osdx ulogd[378742]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Jun 23 10:20:35.668279 osdx ulogd[378742]: [DESTROY] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 APPDETECT[L3:1] Jun 23 10:20:35.668300 osdx ulogd[378742]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Jun 23 10:20:35.668312 osdx ulogd[378742]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Jun 23 10:20:35.767856 osdx OSDxCLI[340412]: User 'admin' executed a new command: 'system journal show | cat'. Jun 23 10:20:35.897247 osdx OSDxCLI[340412]: User 'admin' executed a new command: 'system journal show | cat'. Jun 23 10:20:36.076310 osdx OSDxCLI[340412]: User 'admin' executed a new command: 'system journal show | cat'. Jun 23 10:20:36.239422 osdx OSDxCLI[340412]: User 'admin' entered the configuration menu. Jun 23 10:20:36.314607 osdx OSDxCLI[340412]: User 'admin' added a new cfg line: 'set interfaces ethernet eth1 address 10.215.168.64/24'. Jun 23 10:20:36.397242 osdx OSDxCLI[340412]: User 'admin' added a new cfg line: 'set system conntrack app-detect http-host'. Jun 23 10:20:36.461943 osdx OSDxCLI[340412]: User 'admin' added a new cfg line: 'show changes'. Jun 23 10:20:36.571186 osdx INFO[378795]: FRR daemons did not change Jun 23 10:20:36.595216 osdx kernel: app-detect: expression destroy Jun 23 10:20:36.623216 osdx kernel: app-detect: expression init Jun 23 10:20:36.623275 osdx kernel: app-detect: appid cache initialized Jun 23 10:20:36.623288 osdx kernel: app-detect: appid cache changes counter initialized Jun 23 10:20:36.631645 osdx modulelauncher[378798]: AppDetect: no change in application dictionaries, thus nothing more to do Jun 23 10:20:36.659212 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth1 Jun 23 10:20:36.722860 osdx cfgd[1453]: [340412]Completed change to active configuration Jun 23 10:20:36.749902 osdx ulogd[378742]: [DESTROY] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 APPDETECT[L3:1] Jun 23 10:20:36.749956 osdx ulogd[378742]: [DESTROY] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 APPDETECT[L3:1] Jun 23 10:20:36.750583 osdx OSDxCLI[340412]: User 'admin' committed the configuration. Jun 23 10:20:36.783741 osdx OSDxCLI[340412]: User 'admin' left the configuration menu. Jun 23 10:20:36.939585 osdx ulogd[378742]: [NEW] ORIG: SRC=10.215.168.64 DST=10.215.168.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=10.215.168.1 DST=10.215.168.64 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Jun 23 10:20:36.939768 osdx ulogd[378742]: [UPDATE] ORIG: SRC=10.215.168.64 DST=10.215.168.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=10.215.168.1 DST=10.215.168.64 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Jun 23 10:20:36.941783 osdx OSDxCLI[340412]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'. Jun 23 10:20:37.066222 osdx file_operation[378903]: using src url: http://10.215.168.1/~robot/ dst url: running://index.html Jun 23 10:20:37.069213 osdx ulogd[378742]: [NEW] ORIG: SRC=10.215.168.64 DST=10.215.168.1 PROTO=TCP SPT=53142 DPT=80 PKTS=0 BYTES=0 , REPLY: SRC=10.215.168.1 DST=10.215.168.64 PROTO=TCP SPT=80 DPT=53142 PKTS=0 BYTES=0 APPDETECT[L4:80] Jun 23 10:20:37.069491 osdx ulogd[378742]: [UPDATE] ORIG: SRC=10.215.168.64 DST=10.215.168.1 PROTO=TCP SPT=53142 DPT=80 PKTS=0 BYTES=0 , REPLY: SRC=10.215.168.1 DST=10.215.168.64 PROTO=TCP SPT=80 DPT=53142 PKTS=0 BYTES=0 APPDETECT[L4:80] Jun 23 10:20:37.069506 osdx ulogd[378742]: [UPDATE] ORIG: SRC=10.215.168.64 DST=10.215.168.1 PROTO=TCP SPT=53142 DPT=80 PKTS=0 BYTES=0 , REPLY: SRC=10.215.168.1 DST=10.215.168.64 PROTO=TCP SPT=80 DPT=53142 PKTS=0 BYTES=0 APPDETECT[L4:80] Jun 23 10:20:37.070540 osdx ulogd[378742]: [UPDATE] ORIG: SRC=10.215.168.64 DST=10.215.168.1 PROTO=TCP SPT=53142 DPT=80 PKTS=0 BYTES=0 , REPLY: SRC=10.215.168.1 DST=10.215.168.64 PROTO=TCP SPT=80 DPT=53142 PKTS=0 BYTES=0 APPDETECT[L4:80 http-host:10.215.168.1] Jun 23 10:20:37.070662 osdx ulogd[378742]: [UPDATE] ORIG: SRC=10.215.168.64 DST=10.215.168.1 PROTO=TCP SPT=53142 DPT=80 PKTS=0 BYTES=0 , REPLY: SRC=10.215.168.1 DST=10.215.168.64 PROTO=TCP SPT=80 DPT=53142 PKTS=0 BYTES=0 APPDETECT[L4:80 http-host:10.215.168.1] Jun 23 10:20:37.070677 osdx ulogd[378742]: [UPDATE] ORIG: SRC=10.215.168.64 DST=10.215.168.1 PROTO=TCP SPT=53142 DPT=80 PKTS=0 BYTES=0 , REPLY: SRC=10.215.168.1 DST=10.215.168.64 PROTO=TCP SPT=80 DPT=53142 PKTS=0 BYTES=0 APPDETECT[L4:80 http-host:10.215.168.1] Jun 23 10:20:37.091983 osdx OSDxCLI[340412]: User 'admin' executed a new command: 'file copy http://10.215.168.1/~robot/ running://index.html'.
App Detect Drop Packet
Description
Set a traffic policy with action drop for all the packets matching an appid specified by a traffic selector.
Enable http-host and http-url option in system conntrack appdetect path in order to see relevant information about http packets.
Finnally, log that packets with app-id option and check that appdetect field appear in journal when
running system journal show
Scenario
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth1 address 10.215.168.64/24 set interfaces ethernet eth1 traffic policy out DROP set system conntrack app-detect dictionary 130 custom app-id 155 fqdn 10.215.168.1 set system conntrack app-detect enable_dict_match_priv_ip set system conntrack app-detect http-host set system conntrack app-detect http-url set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0' set traffic policy DROP rule 1 action drop set traffic policy DROP rule 1 log app-id set traffic policy DROP rule 1 selector APPID set traffic selector APPID rule 1 app-id custom 155
Step 2: Ping IP address 10.215.168.1 from DUT0:
admin@DUT0$ ping 10.215.168.1 count 1 size 56 timeout 1Show output
PING 10.215.168.1 (10.215.168.1) 56(84) bytes of data. 64 bytes from 10.215.168.1: icmp_seq=1 ttl=64 time=0.211 ms --- 10.215.168.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.211/0.211/0.211/0.000 ms
Step 3: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
osdx kernel:.*APPDETECT\[U:155 http-url:/~robot/ http-host:10.215.168.1\]Show output
Jun 23 10:20:42.340604 osdx systemd-journald[1747]: Runtime Journal (/run/log/journal/76ff399027db4a3db160ed8651bac52f) is 2.1M, max 15.3M, 13.2M free. Jun 23 10:20:42.341562 osdx systemd-journald[1747]: Received client request to rotate journal, rotating. Jun 23 10:20:42.341612 osdx systemd-journald[1747]: Vacuuming done, freed 0B of archived journals from /run/log/journal/76ff399027db4a3db160ed8651bac52f. Jun 23 10:20:42.351680 osdx OSDxCLI[340412]: User 'admin' executed a new command: 'system journal clear'. Jun 23 10:20:42.569035 osdx OSDxCLI[340412]: User 'admin' executed a new command: 'system coredump delete all'. Jun 23 10:20:42.788478 osdx OSDxCLI[340412]: User 'admin' entered the configuration menu. Jun 23 10:20:42.852452 osdx OSDxCLI[340412]: User 'admin' added a new cfg line: 'set system conntrack app-detect dictionary 130 custom app-id 155 fqdn 10.215.168.1'. Jun 23 10:20:42.950678 osdx OSDxCLI[340412]: User 'admin' added a new cfg line: 'set system conntrack app-detect enable_dict_match_priv_ip'. Jun 23 10:20:43.080874 osdx OSDxCLI[340412]: User 'admin' added a new cfg line: 'set system conntrack app-detect http-url'. Jun 23 10:20:43.155950 osdx OSDxCLI[340412]: User 'admin' added a new cfg line: 'set traffic selector APPID rule 1 app-id custom 155'. Jun 23 10:20:43.257227 osdx OSDxCLI[340412]: User 'admin' added a new cfg line: 'set traffic policy DROP rule 1 selector APPID'. Jun 23 10:20:43.325433 osdx OSDxCLI[340412]: User 'admin' added a new cfg line: 'set traffic policy DROP rule 1 action drop'. Jun 23 10:20:43.439934 osdx OSDxCLI[340412]: User 'admin' added a new cfg line: 'set traffic policy DROP rule 1 log app-id'. Jun 23 10:20:43.545800 osdx OSDxCLI[340412]: User 'admin' added a new cfg line: 'set interfaces ethernet eth1 traffic policy out DROP'. Jun 23 10:20:43.624165 osdx OSDxCLI[340412]: User 'admin' added a new cfg line: 'set interfaces ethernet eth1 address 10.215.168.64/24'. Jun 23 10:20:43.682236 osdx OSDxCLI[340412]: User 'admin' added a new cfg line: 'set system conntrack app-detect http-host'. Jun 23 10:20:43.804333 osdx OSDxCLI[340412]: User 'admin' added a new cfg line: 'show working'. Jun 23 10:20:43.905009 osdx INFO[379087]: FRR daemons did not change Jun 23 10:20:44.057552 osdx kernel: app-detect: module init Jun 23 10:20:44.057594 osdx kernel: app-detect: registered: sysctl net.appdetect Jun 23 10:20:44.057605 osdx kernel: app-detect: expression init Jun 23 10:20:44.057613 osdx kernel: app-detect: appid cache initialized Jun 23 10:20:44.057620 osdx kernel: app-detect: appid cache changes counter initialized Jun 23 10:20:44.097558 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth1 Jun 23 10:20:44.350562 osdx cfgd[1453]: [340412]Completed change to active configuration Jun 23 10:20:44.383253 osdx OSDxCLI[340412]: User 'admin' committed the configuration. Jun 23 10:20:44.400865 osdx OSDxCLI[340412]: User 'admin' left the configuration menu. Jun 23 10:20:44.550547 osdx OSDxCLI[340412]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'. Jun 23 10:20:44.684102 osdx file_operation[379233]: using src url: http://10.215.168.1/~robot/ dst url: running://index.html Jun 23 10:20:44.689551 osdx kernel: [DROP-1] DROP IN= OUT=eth1 SRC=10.215.168.64 DST=10.215.168.1 LEN=306 TOS=0x00 PREC=0x00 TTL=64 ID=42278 DF PROTO=TCP SPT=38164 DPT=80 WINDOW=502 RES=0x00 ACK PSH URGP=0 APPDETECT[U:155 http-url:/~robot/ http-host:10.215.168.1] Jun 23 10:20:44.897563 osdx kernel: [DROP-1] DROP IN= OUT=eth1 SRC=10.215.168.64 DST=10.215.168.1 LEN=306 TOS=0x00 PREC=0x00 TTL=64 ID=42279 DF PROTO=TCP SPT=38164 DPT=80 WINDOW=502 RES=0x00 ACK PSH URGP=0 APPDETECT[U:155 http-url:/~robot/ http-host:10.215.168.1] Jun 23 10:20:45.297599 osdx kernel: [DROP-1] DROP IN= OUT=eth1 SRC=10.215.168.64 DST=10.215.168.1 LEN=306 TOS=0x00 PREC=0x00 TTL=64 ID=42280 DF PROTO=TCP SPT=38164 DPT=80 WINDOW=502 RES=0x00 ACK PSH URGP=0 APPDETECT[U:155 http-url:/~robot/ http-host:10.215.168.1] Jun 23 10:20:46.129619 osdx kernel: [DROP-1] DROP IN= OUT=eth1 SRC=10.215.168.64 DST=10.215.168.1 LEN=306 TOS=0x00 PREC=0x00 TTL=64 ID=42281 DF PROTO=TCP SPT=38164 DPT=80 WINDOW=502 RES=0x00 ACK PSH URGP=0 APPDETECT[U:155 http-url:/~robot/ http-host:10.215.168.1] Jun 23 10:20:47.671746 osdx file_operation.py[379233]: Operation aborted by user. Jun 23 10:20:47.685561 osdx kernel: [DROP-1] DROP IN= OUT=eth1 SRC=10.215.168.64 DST=10.215.168.1 LEN=306 TOS=0x00 PREC=0x00 TTL=64 ID=42282 DF PROTO=TCP SPT=38164 DPT=80 WINDOW=502 RES=0x00 ACK PSH FIN URGP=0 APPDETECT[U:155 http-url:/~robot/ http-host:10.215.168.1] Jun 23 10:20:47.690493 osdx OSDxCLI[340412]: User 'admin' executed a new command: 'file copy http://10.215.168.1/~robot/ running://index.html'. Jun 23 10:20:47.765555 osdx kernel: [DROP-1] DROP IN= OUT=eth1 SRC=10.215.168.64 DST=10.215.168.1 LEN=306 TOS=0x00 PREC=0x00 TTL=64 ID=42283 DF PROTO=TCP SPT=38164 DPT=80 WINDOW=502 RES=0x00 ACK PSH FIN URGP=0 APPDETECT[U:155 http-url:/~robot/ http-host:10.215.168.1]