Logging
The following scenarios show how to configure the conntrack logging option with different traffic policies and services enabled, in order to check that all fields are displayed correctly and all events are captured.
New events
Description
Check NEW sessions events are captured
Scenario
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 192.168.100.1/24 set system conntrack logging events new set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 2: Set the following configuration in DUT1 :
set interfaces ethernet eth0 address 192.168.100.2/24 set protocols static route 0.0.0.0/0 next-hop 192.168.100.1 set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 3: Ping IP address 192.168.100.1 from DUT1:
admin@DUT1$ ping 192.168.100.1 count 1 size 56 timeout 1Show output
PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data. 64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=1.48 ms --- 192.168.100.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 1.482/1.482/1.482/0.000 ms
Step 4: Ping IP address 192.168.100.1 from DUT1:
admin@DUT1$ ping 192.168.100.1 count 1 size 56 timeout 1Show output
PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data. 64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=7.31 ms --- 192.168.100.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 7.305/7.305/7.305/0.000 ms
Step 5: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
ulogd\[.*\]:.*\[NEW\].*SRC=192.168.100.2Show output
Feb 19 19:22:29.002506 osdx systemd-timedated[398470]: Changed local time to Wed 2025-02-19 19:22:29 UTC Feb 19 19:22:29.004193 osdx systemd-journald[1749]: Time jumped backwards, rotating. Feb 19 19:22:29.007036 osdx OSDxCLI[389852]: User 'admin' executed a new command: 'set date 2025-02-19 19:22:29'. Feb 19 19:22:29.635607 osdx systemd-journald[1749]: Runtime Journal (/run/log/journal/88d6d46990514354af95198d86011406) is 3.8M, max 15.3M, 11.5M free. Feb 19 19:22:29.636562 osdx systemd-journald[1749]: Received client request to rotate journal, rotating. Feb 19 19:22:29.636630 osdx systemd-journald[1749]: Vacuuming done, freed 0B of archived journals from /run/log/journal/88d6d46990514354af95198d86011406. Feb 19 19:22:29.666176 osdx OSDxCLI[389852]: User 'admin' executed a new command: 'system journal clear'. Feb 19 19:22:30.401880 osdx osdx-coredump[398488]: Deleting all coredumps in /opt/vyatta/etc/config/coredump... Feb 19 19:22:30.417156 osdx OSDxCLI[389852]: User 'admin' executed a new command: 'system coredump delete all'. Feb 19 19:22:31.331445 osdx OSDxCLI[389852]: User 'admin' entered the configuration menu. Feb 19 19:22:31.502429 osdx OSDxCLI[389852]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 192.168.100.1/24'. Feb 19 19:22:31.616363 osdx OSDxCLI[389852]: User 'admin' added a new cfg line: 'set system conntrack logging events new'. Feb 19 19:22:31.823477 osdx OSDxCLI[389852]: User 'admin' added a new cfg line: 'show working'. Feb 19 19:22:31.956948 osdx INFO[398512]: FRR daemons did not change Feb 19 19:22:32.008192 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Feb 19 19:22:32.213086 osdx systemd[1]: Starting ulogd2.service - Netfilter Userspace Logging Daemon... Feb 19 19:22:32.225420 osdx systemd[1]: ulogd2.service: Failed to parse PID from file /run/ulog/ulogd.pid: Invalid argument Feb 19 19:22:32.236685 osdx ulogd[398581]: registering plugin `NFCT' Feb 19 19:22:32.239006 osdx ulogd[398581]: registering plugin `IP2STR' Feb 19 19:22:32.239359 osdx ulogd[398581]: registering plugin `PRINTFLOW' Feb 19 19:22:32.244009 osdx ulogd[398581]: registering plugin `SYSLOG' Feb 19 19:22:32.244023 osdx ulogd[398581]: building new pluginstance stack: 'ct1:NFCT,ip2str1:IP2STR,print1:PRINTFLOW,sys1:SYSLOG' Feb 19 19:22:32.244119 osdx ulogd[398581]: NFCT plugin working in event mode Feb 19 19:22:32.244148 osdx ulogd[398581]: Changing UID / GID Feb 19 19:22:32.244283 osdx ulogd[398581]: initialization finished, entering main loop Feb 19 19:22:32.248241 osdx systemd[1]: Started ulogd2.service - Netfilter Userspace Logging Daemon. Feb 19 19:22:32.252552 osdx cfgd[1448]: [389852]Completed change to active configuration Feb 19 19:22:32.316910 osdx OSDxCLI[389852]: User 'admin' committed the configuration. Feb 19 19:22:32.386708 osdx OSDxCLI[389852]: User 'admin' left the configuration menu. Feb 19 19:22:33.991772 osdx ulogd[398581]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 Feb 19 19:22:34.238134 osdx ulogd[398581]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0
Update events
Description
Check UPDATE sessions events are captured
Scenario
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 192.168.100.1/24 set system conntrack logging events update set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 2: Set the following configuration in DUT1 :
set interfaces ethernet eth0 address 192.168.100.2/24 set protocols static route 0.0.0.0/0 next-hop 192.168.100.1 set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 3: Ping IP address 192.168.100.1 from DUT1:
admin@DUT1$ ping 192.168.100.1 count 1 size 56 timeout 1Show output
PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data. 64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=16.1 ms --- 192.168.100.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 16.106/16.106/16.106/0.000 ms
Step 4: Ping IP address 192.168.100.1 from DUT1:
admin@DUT1$ ping 192.168.100.1 count 1 size 56 timeout 1Show output
PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data. 64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=9.07 ms --- 192.168.100.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 9.065/9.065/9.065/0.000 ms
Step 5: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
ulogd\[.*\]:.*\[UPDATE\].*SRC=192.168.100.2Show output
Feb 19 19:22:43.562503 osdx systemd-journald[1749]: Runtime Journal (/run/log/journal/88d6d46990514354af95198d86011406) is 2.1M, max 15.3M, 13.1M free. Feb 19 19:22:43.565883 osdx systemd-journald[1749]: Received client request to rotate journal, rotating. Feb 19 19:22:43.566002 osdx systemd-journald[1749]: Vacuuming done, freed 0B of archived journals from /run/log/journal/88d6d46990514354af95198d86011406. Feb 19 19:22:43.603082 osdx OSDxCLI[389852]: User 'admin' executed a new command: 'system journal clear'. Feb 19 19:22:44.497335 osdx osdx-coredump[398734]: Deleting all coredumps in /opt/vyatta/etc/config/coredump... Feb 19 19:22:44.519335 osdx OSDxCLI[389852]: User 'admin' executed a new command: 'system coredump delete all'. Feb 19 19:22:45.626204 osdx OSDxCLI[389852]: User 'admin' entered the configuration menu. Feb 19 19:22:45.867204 osdx OSDxCLI[389852]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 192.168.100.1/24'. Feb 19 19:22:46.083207 osdx OSDxCLI[389852]: User 'admin' added a new cfg line: 'set system conntrack logging events update'. Feb 19 19:22:46.246560 osdx OSDxCLI[389852]: User 'admin' added a new cfg line: 'show working'. Feb 19 19:22:46.387405 osdx INFO[398758]: FRR daemons did not change Feb 19 19:22:46.425642 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Feb 19 19:22:46.664946 osdx systemd[1]: Starting ulogd2.service - Netfilter Userspace Logging Daemon... Feb 19 19:22:46.666962 osdx systemd[1]: Started ulogd2.service - Netfilter Userspace Logging Daemon. Feb 19 19:22:46.666446 osdx ulogd[398827]: registering plugin `NFCT' Feb 19 19:22:46.666566 osdx ulogd[398827]: registering plugin `IP2STR' Feb 19 19:22:46.666666 osdx ulogd[398827]: registering plugin `PRINTFLOW' Feb 19 19:22:46.666764 osdx ulogd[398827]: registering plugin `SYSLOG' Feb 19 19:22:46.666770 osdx ulogd[398827]: building new pluginstance stack: 'ct1:NFCT,ip2str1:IP2STR,print1:PRINTFLOW,sys1:SYSLOG' Feb 19 19:22:46.666847 osdx ulogd[398827]: NFCT plugin working in event mode Feb 19 19:22:46.666860 osdx ulogd[398827]: Changing UID / GID Feb 19 19:22:46.666979 osdx ulogd[398827]: initialization finished, entering main loop Feb 19 19:22:46.671533 osdx cfgd[1448]: [389852]Completed change to active configuration Feb 19 19:22:46.736528 osdx OSDxCLI[389852]: User 'admin' committed the configuration. Feb 19 19:22:46.788050 osdx OSDxCLI[389852]: User 'admin' left the configuration menu. Feb 19 19:22:48.406166 osdx ulogd[398827]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 Feb 19 19:22:48.666087 osdx ulogd[398827]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0
Destroy events
Description
Check DESTROY sessions events are captured
Scenario
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 192.168.100.1/24 set service ssh set system conntrack logging events destroy set system conntrack timeout icmp 1 set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 2: Set the following configuration in DUT1 :
set interfaces ethernet eth0 address 192.168.100.2/24 set protocols static route 0.0.0.0/0 next-hop 192.168.100.1 set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 3: Ping IP address 192.168.100.1 from DUT1:
admin@DUT1$ ping 192.168.100.1 count 1 size 56 timeout 1Show output
PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data. 64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=2.47 ms --- 192.168.100.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 2.471/2.471/2.471/0.000 ms
Step 4: Ping IP address 192.168.100.1 from DUT1:
admin@DUT1$ ping 192.168.100.1 count 3 size 56 timeout 1Show output
PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data. 64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.355 ms 64 bytes from 192.168.100.1: icmp_seq=2 ttl=64 time=2.45 ms 64 bytes from 192.168.100.1: icmp_seq=3 ttl=64 time=0.478 ms --- 192.168.100.1 ping statistics --- 3 packets transmitted, 3 received, 0% packet loss, time 2016ms rtt min/avg/max/mdev = 0.355/1.094/2.451/0.960 ms
Step 5: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
ulogd\[.*\]:.*\[DESTROY\].*SRC=192.168.100.2Show output
Feb 19 19:22:58.509651 osdx systemd-journald[1749]: Runtime Journal (/run/log/journal/88d6d46990514354af95198d86011406) is 2.1M, max 15.3M, 13.2M free. Feb 19 19:22:58.512889 osdx systemd-journald[1749]: Received client request to rotate journal, rotating. Feb 19 19:22:58.512990 osdx systemd-journald[1749]: Vacuuming done, freed 0B of archived journals from /run/log/journal/88d6d46990514354af95198d86011406. Feb 19 19:22:58.535017 osdx OSDxCLI[389852]: User 'admin' executed a new command: 'system journal clear'. Feb 19 19:22:59.192894 osdx osdx-coredump[398978]: Deleting all coredumps in /opt/vyatta/etc/config/coredump... Feb 19 19:22:59.208038 osdx OSDxCLI[389852]: User 'admin' executed a new command: 'system coredump delete all'. Feb 19 19:23:00.142474 osdx OSDxCLI[389852]: User 'admin' entered the configuration menu. Feb 19 19:23:00.340040 osdx OSDxCLI[389852]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 192.168.100.1/24'. Feb 19 19:23:00.477463 osdx OSDxCLI[389852]: User 'admin' added a new cfg line: 'set system conntrack logging events destroy'. Feb 19 19:23:00.591293 osdx OSDxCLI[389852]: User 'admin' added a new cfg line: 'set system conntrack timeout icmp 1'. Feb 19 19:23:00.731067 osdx OSDxCLI[389852]: User 'admin' added a new cfg line: 'set service ssh'. Feb 19 19:23:00.878455 osdx OSDxCLI[389852]: User 'admin' added a new cfg line: 'show working'. Feb 19 19:23:01.020081 osdx INFO[399010]: FRR daemons did not change Feb 19 19:23:01.080951 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Feb 19 19:23:01.273627 osdx systemd[1]: Starting ulogd2.service - Netfilter Userspace Logging Daemon... Feb 19 19:23:01.274856 osdx systemd[1]: Started ulogd2.service - Netfilter Userspace Logging Daemon. Feb 19 19:23:01.275059 osdx ulogd[399081]: registering plugin `NFCT' Feb 19 19:23:01.275145 osdx ulogd[399081]: registering plugin `IP2STR' Feb 19 19:23:01.275223 osdx ulogd[399081]: registering plugin `PRINTFLOW' Feb 19 19:23:01.275323 osdx ulogd[399081]: registering plugin `SYSLOG' Feb 19 19:23:01.275330 osdx ulogd[399081]: building new pluginstance stack: 'ct1:NFCT,ip2str1:IP2STR,print1:PRINTFLOW,sys1:SYSLOG' Feb 19 19:23:01.275409 osdx ulogd[399081]: NFCT plugin working in event mode Feb 19 19:23:01.275422 osdx ulogd[399081]: Changing UID / GID Feb 19 19:23:01.275540 osdx ulogd[399081]: initialization finished, entering main loop Feb 19 19:23:01.425607 osdx systemd[1]: Starting ssh.service - OpenBSD Secure Shell server... Feb 19 19:23:01.457536 osdx sshd[399089]: Server listening on 0.0.0.0 port 22. Feb 19 19:23:01.457599 osdx sshd[399089]: Server listening on :: port 22. Feb 19 19:23:01.461163 osdx systemd[1]: Started ssh.service - OpenBSD Secure Shell server. Feb 19 19:23:01.525668 osdx cfgd[1448]: [389852]Completed change to active configuration Feb 19 19:23:01.578809 osdx OSDxCLI[389852]: User 'admin' committed the configuration. Feb 19 19:23:01.632954 osdx OSDxCLI[389852]: User 'admin' left the configuration menu. Feb 19 19:23:04.710421 osdx ulogd[399081]: [DESTROY] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 Feb 19 19:23:05.710252 osdx ulogd[399081]: [DESTROY] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84
Default logging
Description
Set a simple configuration, send a ping command from one device to other
and check that default fields appear when running system journal show.
Scenario
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 192.168.100.1/24 set system conntrack logging events all set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 2: Set the following configuration in DUT1 :
set interfaces ethernet eth0 address 192.168.100.2/24 set protocols static route 0.0.0.0/0 next-hop 192.168.100.1 set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 3: Ping IP address 192.168.100.1 from DUT1:
admin@DUT1$ ping 192.168.100.1 count 1 size 56 timeout 1Show output
PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data. 64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=7.25 ms --- 192.168.100.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 7.245/7.245/7.245/0.000 ms
Step 4: Ping IP address 192.168.100.1 from DUT1:
admin@DUT1$ ping 192.168.100.1 count 1 size 56 timeout 1Show output
PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data. 64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=4.27 ms --- 192.168.100.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 4.271/4.271/4.271/0.000 ms
Step 5: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
ulogd\[.*\]:.*\[((NEW)|(UPDATE)|(DESTROY))\].*SRC=192.168.100.2Show output
Feb 19 19:23:17.634102 osdx systemd-journald[1749]: Runtime Journal (/run/log/journal/88d6d46990514354af95198d86011406) is 2.0M, max 15.3M, 13.3M free. Feb 19 19:23:17.635743 osdx systemd-journald[1749]: Received client request to rotate journal, rotating. Feb 19 19:23:17.635864 osdx systemd-journald[1749]: Vacuuming done, freed 0B of archived journals from /run/log/journal/88d6d46990514354af95198d86011406. Feb 19 19:23:17.662048 osdx OSDxCLI[389852]: User 'admin' executed a new command: 'system journal clear'. Feb 19 19:23:18.681783 osdx osdx-coredump[399265]: Deleting all coredumps in /opt/vyatta/etc/config/coredump... Feb 19 19:23:18.716566 osdx OSDxCLI[389852]: User 'admin' executed a new command: 'system coredump delete all'. Feb 19 19:23:19.908967 osdx OSDxCLI[389852]: User 'admin' entered the configuration menu. Feb 19 19:23:20.101402 osdx OSDxCLI[389852]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 192.168.100.1/24'. Feb 19 19:23:20.304378 osdx OSDxCLI[389852]: User 'admin' added a new cfg line: 'set system conntrack logging events all'. Feb 19 19:23:20.621162 osdx OSDxCLI[389852]: User 'admin' added a new cfg line: 'show working'. Feb 19 19:23:20.841011 osdx INFO[399289]: FRR daemons did not change Feb 19 19:23:20.915725 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Feb 19 19:23:21.181991 osdx ulogd[399358]: registering plugin `NFCT' Feb 19 19:23:21.182070 osdx ulogd[399358]: registering plugin `IP2STR' Feb 19 19:23:21.182150 osdx ulogd[399358]: registering plugin `PRINTFLOW' Feb 19 19:23:21.182250 osdx ulogd[399358]: registering plugin `SYSLOG' Feb 19 19:23:21.182256 osdx ulogd[399358]: building new pluginstance stack: 'ct1:NFCT,ip2str1:IP2STR,print1:PRINTFLOW,sys1:SYSLOG' Feb 19 19:23:21.182336 osdx ulogd[399358]: NFCT plugin working in event mode Feb 19 19:23:21.182406 osdx ulogd[399358]: Changing UID / GID Feb 19 19:23:21.182545 osdx ulogd[399358]: initialization finished, entering main loop Feb 19 19:23:21.188480 osdx systemd[1]: Starting ulogd2.service - Netfilter Userspace Logging Daemon... Feb 19 19:23:21.192268 osdx systemd[1]: Started ulogd2.service - Netfilter Userspace Logging Daemon. Feb 19 19:23:21.199257 osdx cfgd[1448]: [389852]Completed change to active configuration Feb 19 19:23:21.281953 osdx OSDxCLI[389852]: User 'admin' committed the configuration. Feb 19 19:23:21.350993 osdx OSDxCLI[389852]: User 'admin' left the configuration menu. Feb 19 19:23:23.085519 osdx ulogd[399358]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 Feb 19 19:23:23.085614 osdx ulogd[399358]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 Feb 19 19:23:23.340271 osdx ulogd[399358]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 Feb 19 19:23:23.340343 osdx ulogd[399358]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0
Identity logging
Description
Set a simple configuration with identity OSDx_DUT0 for logs entries, send a ping command from one device to other
and check that the identity has changed when running system journal show.
Scenario
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 192.168.100.1/24 set system conntrack logging events all set system conntrack logging identity OSDx_DUT0 set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 2: Set the following configuration in DUT1 :
set interfaces ethernet eth0 address 192.168.100.2/24 set protocols static route 0.0.0.0/0 next-hop 192.168.100.1 set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 3: Ping IP address 192.168.100.1 from DUT1:
admin@DUT1$ ping 192.168.100.1 count 1 size 56 timeout 1Show output
PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data. 64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=1.72 ms --- 192.168.100.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 1.721/1.721/1.721/0.000 ms
Step 4: Ping IP address 192.168.100.1 from DUT1:
admin@DUT1$ ping 192.168.100.1 count 1 size 56 timeout 1Show output
PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data. 64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.365 ms --- 192.168.100.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.365/0.365/0.365/0.000 ms
Step 5: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
OSDx_DUT0\[.*\]:.*\[((NEW)|(UPDATE)|(DESTROY))\].*SRC=192.168.100.2Show output
Feb 19 19:23:32.568313 osdx systemd-journald[1749]: Runtime Journal (/run/log/journal/88d6d46990514354af95198d86011406) is 2.0M, max 15.3M, 13.3M free. Feb 19 19:23:32.569629 osdx systemd-journald[1749]: Received client request to rotate journal, rotating. Feb 19 19:23:32.569705 osdx systemd-journald[1749]: Vacuuming done, freed 0B of archived journals from /run/log/journal/88d6d46990514354af95198d86011406. Feb 19 19:23:32.597951 osdx OSDxCLI[389852]: User 'admin' executed a new command: 'system journal clear'. Feb 19 19:23:33.401376 osdx osdx-coredump[399508]: Deleting all coredumps in /opt/vyatta/etc/config/coredump... Feb 19 19:23:33.426744 osdx OSDxCLI[389852]: User 'admin' executed a new command: 'system coredump delete all'. Feb 19 19:23:34.627428 osdx OSDxCLI[389852]: User 'admin' entered the configuration menu. Feb 19 19:23:34.805799 osdx OSDxCLI[389852]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 192.168.100.1/24'. Feb 19 19:23:34.947302 osdx OSDxCLI[389852]: User 'admin' added a new cfg line: 'set system conntrack logging events all'. Feb 19 19:23:35.121312 osdx OSDxCLI[389852]: User 'admin' added a new cfg line: 'set system conntrack logging identity OSDx_DUT0'. Feb 19 19:23:35.306532 osdx OSDxCLI[389852]: User 'admin' added a new cfg line: 'show working'. Feb 19 19:23:35.590180 osdx INFO[399533]: FRR daemons did not change Feb 19 19:23:35.645695 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Feb 19 19:23:35.971635 osdx systemd[1]: Starting ulogd2.service - Netfilter Userspace Logging Daemon... Feb 19 19:23:35.985377 osdx systemd[1]: Started ulogd2.service - Netfilter Userspace Logging Daemon. Feb 19 19:23:35.986526 osdx ulogd[399602]: registering plugin `NFCT' Feb 19 19:23:35.986645 osdx ulogd[399602]: registering plugin `IP2STR' Feb 19 19:23:35.986753 osdx ulogd[399602]: registering plugin `PRINTFLOW' Feb 19 19:23:35.986848 osdx ulogd[399602]: registering plugin `SYSLOG' Feb 19 19:23:35.986859 osdx ulogd[399602]: building new pluginstance stack: 'ct1:NFCT,ip2str1:IP2STR,print1:PRINTFLOW,sys1:SYSLOG' Feb 19 19:23:35.986953 osdx ulogd[399602]: NFCT plugin working in event mode Feb 19 19:23:35.986969 osdx OSDx_DUT0[399602]: Changing UID / GID Feb 19 19:23:35.987128 osdx OSDx_DUT0[399602]: initialization finished, entering main loop Feb 19 19:23:35.998184 osdx cfgd[1448]: [389852]Completed change to active configuration Feb 19 19:23:36.073103 osdx OSDxCLI[389852]: User 'admin' committed the configuration. Feb 19 19:23:36.147374 osdx OSDxCLI[389852]: User 'admin' left the configuration menu. Feb 19 19:23:37.926844 osdx OSDx_DUT0[399602]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 Feb 19 19:23:37.926880 osdx OSDx_DUT0[399602]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 Feb 19 19:23:38.109992 osdx OSDx_DUT0[399602]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 Feb 19 19:23:38.110036 osdx OSDx_DUT0[399602]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0
Note
If the identity is not provided, “ulogd” will be used by default.
Step 6: Modify the following configuration lines in DUT0 :
delete system conntrack logging identity
Step 7: Ping IP address 192.168.100.1 from DUT1:
admin@DUT1$ ping 192.168.100.1 count 1 size 56 timeout 1Show output
PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data. 64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.369 ms --- 192.168.100.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.369/0.369/0.369/0.000 ms
Step 8: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
ulogd\[.*\]:.*\[((NEW)|(UPDATE)|(DESTROY))\].*SRC=192.168.100.2Show output
Feb 19 19:23:32.568313 osdx systemd-journald[1749]: Runtime Journal (/run/log/journal/88d6d46990514354af95198d86011406) is 2.0M, max 15.3M, 13.3M free. Feb 19 19:23:32.569629 osdx systemd-journald[1749]: Received client request to rotate journal, rotating. Feb 19 19:23:32.569705 osdx systemd-journald[1749]: Vacuuming done, freed 0B of archived journals from /run/log/journal/88d6d46990514354af95198d86011406. Feb 19 19:23:32.597951 osdx OSDxCLI[389852]: User 'admin' executed a new command: 'system journal clear'. Feb 19 19:23:33.401376 osdx osdx-coredump[399508]: Deleting all coredumps in /opt/vyatta/etc/config/coredump... Feb 19 19:23:33.426744 osdx OSDxCLI[389852]: User 'admin' executed a new command: 'system coredump delete all'. Feb 19 19:23:34.627428 osdx OSDxCLI[389852]: User 'admin' entered the configuration menu. Feb 19 19:23:34.805799 osdx OSDxCLI[389852]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 192.168.100.1/24'. Feb 19 19:23:34.947302 osdx OSDxCLI[389852]: User 'admin' added a new cfg line: 'set system conntrack logging events all'. Feb 19 19:23:35.121312 osdx OSDxCLI[389852]: User 'admin' added a new cfg line: 'set system conntrack logging identity OSDx_DUT0'. Feb 19 19:23:35.306532 osdx OSDxCLI[389852]: User 'admin' added a new cfg line: 'show working'. Feb 19 19:23:35.590180 osdx INFO[399533]: FRR daemons did not change Feb 19 19:23:35.645695 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Feb 19 19:23:35.971635 osdx systemd[1]: Starting ulogd2.service - Netfilter Userspace Logging Daemon... Feb 19 19:23:35.985377 osdx systemd[1]: Started ulogd2.service - Netfilter Userspace Logging Daemon. Feb 19 19:23:35.986526 osdx ulogd[399602]: registering plugin `NFCT' Feb 19 19:23:35.986645 osdx ulogd[399602]: registering plugin `IP2STR' Feb 19 19:23:35.986753 osdx ulogd[399602]: registering plugin `PRINTFLOW' Feb 19 19:23:35.986848 osdx ulogd[399602]: registering plugin `SYSLOG' Feb 19 19:23:35.986859 osdx ulogd[399602]: building new pluginstance stack: 'ct1:NFCT,ip2str1:IP2STR,print1:PRINTFLOW,sys1:SYSLOG' Feb 19 19:23:35.986953 osdx ulogd[399602]: NFCT plugin working in event mode Feb 19 19:23:35.986969 osdx OSDx_DUT0[399602]: Changing UID / GID Feb 19 19:23:35.987128 osdx OSDx_DUT0[399602]: initialization finished, entering main loop Feb 19 19:23:35.998184 osdx cfgd[1448]: [389852]Completed change to active configuration Feb 19 19:23:36.073103 osdx OSDxCLI[389852]: User 'admin' committed the configuration. Feb 19 19:23:36.147374 osdx OSDxCLI[389852]: User 'admin' left the configuration menu. Feb 19 19:23:37.926844 osdx OSDx_DUT0[399602]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 Feb 19 19:23:37.926880 osdx OSDx_DUT0[399602]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 Feb 19 19:23:38.109992 osdx OSDx_DUT0[399602]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 Feb 19 19:23:38.110036 osdx OSDx_DUT0[399602]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 Feb 19 19:23:38.303204 osdx OSDxCLI[389852]: User 'admin' executed a new command: 'system journal show | cat'. Feb 19 19:23:38.623116 osdx OSDxCLI[389852]: User 'admin' entered the configuration menu. Feb 19 19:23:38.822690 osdx OSDxCLI[389852]: User 'admin' added a new cfg line: 'delete system conntrack logging identity'. Feb 19 19:23:39.044788 osdx OSDxCLI[389852]: User 'admin' added a new cfg line: 'show changes'. Feb 19 19:23:39.315391 osdx INFO[399638]: FRR daemons did not change Feb 19 19:23:39.349978 osdx OSDx_DUT0[399602]: Terminal signal received, exiting Feb 19 19:23:39.351082 osdx systemd[1]: Stopping ulogd2.service - Netfilter Userspace Logging Daemon... Feb 19 19:23:39.351630 osdx systemd[1]: ulogd2.service: Deactivated successfully. Feb 19 19:23:39.351805 osdx systemd[1]: Stopped ulogd2.service - Netfilter Userspace Logging Daemon. Feb 19 19:23:39.388533 osdx systemd[1]: Starting ulogd2.service - Netfilter Userspace Logging Daemon... Feb 19 19:23:39.389275 osdx ulogd[399647]: registering plugin `NFCT' Feb 19 19:23:39.389456 osdx systemd[1]: Started ulogd2.service - Netfilter Userspace Logging Daemon. Feb 19 19:23:39.389450 osdx ulogd[399647]: registering plugin `IP2STR' Feb 19 19:23:39.389604 osdx ulogd[399647]: registering plugin `PRINTFLOW' Feb 19 19:23:39.389792 osdx ulogd[399647]: registering plugin `SYSLOG' Feb 19 19:23:39.389799 osdx ulogd[399647]: building new pluginstance stack: 'ct1:NFCT,ip2str1:IP2STR,print1:PRINTFLOW,sys1:SYSLOG' Feb 19 19:23:39.389926 osdx ulogd[399647]: NFCT plugin working in event mode Feb 19 19:23:39.389941 osdx ulogd[399647]: Changing UID / GID Feb 19 19:23:39.390197 osdx ulogd[399647]: initialization finished, entering main loop Feb 19 19:23:39.410274 osdx cfgd[1448]: [389852]Completed change to active configuration Feb 19 19:23:39.418275 osdx ulogd[399647]: [DESTROY] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 Feb 19 19:23:39.418888 osdx ulogd[399647]: [DESTROY] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 Feb 19 19:23:39.421533 osdx OSDxCLI[389852]: User 'admin' committed the configuration. Feb 19 19:23:39.488795 osdx OSDxCLI[389852]: User 'admin' left the configuration menu. Feb 19 19:23:39.739783 osdx ulogd[399647]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 Feb 19 19:23:39.739817 osdx ulogd[399647]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0
Policies logging
Description
Set a simple configuration with mark and label traffic policies,
send a ping command from one device to other
and check that default, mark and label fields appear when running system journal show.
Scenario
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 192.168.100.1/24 set interfaces ethernet eth0 traffic policy in POLICY set system conntrack logging events all set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0' set traffic label TEST set traffic policy POLICY rule 1 set connmark 33 set traffic policy POLICY rule 1 set label TEST
Step 2: Set the following configuration in DUT1 :
set interfaces ethernet eth0 address 192.168.100.2/24 set protocols static route 0.0.0.0/0 next-hop 192.168.100.1 set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 3: Ping IP address 192.168.100.1 from DUT1:
admin@DUT1$ ping 192.168.100.1 count 1 size 56 timeout 1Show output
PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data. 64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=8.90 ms --- 192.168.100.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 8.895/8.895/8.895/0.000 ms
Step 4: Ping IP address 192.168.100.1 from DUT1:
admin@DUT1$ ping 192.168.100.1 count 2 size 56 timeout 1Show output
PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data. 64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.670 ms 64 bytes from 192.168.100.1: icmp_seq=2 ttl=64 time=0.431 ms --- 192.168.100.1 ping statistics --- 2 packets transmitted, 2 received, 0% packet loss, time 1016ms rtt min/avg/max/mdev = 0.431/0.550/0.670/0.119 ms
Step 5: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
ulogd\[.*\]:.*\[((NEW)|(UPDATE)|(DESTROY))\].*MARK=33.*LABELS=TESTShow output
Feb 19 19:23:48.603548 osdx systemd-journald[1749]: Runtime Journal (/run/log/journal/88d6d46990514354af95198d86011406) is 3.2M, max 15.3M, 12.1M free. Feb 19 19:23:48.614073 osdx systemd-journald[1749]: Received client request to rotate journal, rotating. Feb 19 19:23:48.614844 osdx systemd-journald[1749]: Vacuuming done, freed 0B of archived journals from /run/log/journal/88d6d46990514354af95198d86011406. Feb 19 19:23:48.650346 osdx OSDxCLI[389852]: User 'admin' executed a new command: 'system journal clear'. Feb 19 19:23:49.304588 osdx osdx-coredump[399778]: Deleting all coredumps in /opt/vyatta/etc/config/coredump... Feb 19 19:23:49.319888 osdx OSDxCLI[389852]: User 'admin' executed a new command: 'system coredump delete all'. Feb 19 19:23:50.316881 osdx OSDxCLI[389852]: User 'admin' entered the configuration menu. Feb 19 19:23:50.478332 osdx OSDxCLI[389852]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 traffic policy in POLICY'. Feb 19 19:23:50.575364 osdx OSDxCLI[389852]: User 'admin' added a new cfg line: 'set traffic label TEST'. Feb 19 19:23:50.713414 osdx OSDxCLI[389852]: User 'admin' added a new cfg line: 'set traffic policy POLICY rule 1 set connmark 33'. Feb 19 19:23:50.842182 osdx OSDxCLI[389852]: User 'admin' added a new cfg line: 'set traffic policy POLICY rule 1 set label TEST'. Feb 19 19:23:50.953587 osdx OSDxCLI[389852]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 192.168.100.1/24'. Feb 19 19:23:51.100779 osdx OSDxCLI[389852]: User 'admin' added a new cfg line: 'set system conntrack logging events all'. Feb 19 19:23:51.264714 osdx OSDxCLI[389852]: User 'admin' added a new cfg line: 'show working'. Feb 19 19:23:51.463317 osdx INFO[399812]: FRR daemons did not change Feb 19 19:23:51.530810 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Feb 19 19:23:51.739370 osdx systemd[1]: Starting ulogd2.service - Netfilter Userspace Logging Daemon... Feb 19 19:23:51.740773 osdx systemd[1]: Started ulogd2.service - Netfilter Userspace Logging Daemon. Feb 19 19:23:51.741841 osdx ulogd[399881]: registering plugin `NFCT' Feb 19 19:23:51.741944 osdx ulogd[399881]: registering plugin `IP2STR' Feb 19 19:23:51.742040 osdx ulogd[399881]: registering plugin `PRINTFLOW' Feb 19 19:23:51.742127 osdx ulogd[399881]: registering plugin `SYSLOG' Feb 19 19:23:51.742133 osdx ulogd[399881]: building new pluginstance stack: 'ct1:NFCT,ip2str1:IP2STR,print1:PRINTFLOW,sys1:SYSLOG' Feb 19 19:23:51.742208 osdx ulogd[399881]: NFCT plugin working in event mode Feb 19 19:23:51.742221 osdx ulogd[399881]: Changing UID / GID Feb 19 19:23:51.742340 osdx ulogd[399881]: initialization finished, entering main loop Feb 19 19:23:51.766357 osdx ulogd[399881]: Terminal signal received, exiting Feb 19 19:23:51.766624 osdx systemd[1]: Stopping ulogd2.service - Netfilter Userspace Logging Daemon... Feb 19 19:23:51.767210 osdx systemd[1]: ulogd2.service: Deactivated successfully. Feb 19 19:23:51.767512 osdx systemd[1]: Stopped ulogd2.service - Netfilter Userspace Logging Daemon. Feb 19 19:23:51.769323 osdx systemd[1]: Starting ulogd2.service - Netfilter Userspace Logging Daemon... Feb 19 19:23:51.770814 osdx systemd[1]: Started ulogd2.service - Netfilter Userspace Logging Daemon. Feb 19 19:23:51.771226 osdx ulogd[399887]: registering plugin `NFCT' Feb 19 19:23:51.771433 osdx ulogd[399887]: registering plugin `IP2STR' Feb 19 19:23:51.771527 osdx ulogd[399887]: registering plugin `PRINTFLOW' Feb 19 19:23:51.771707 osdx ulogd[399887]: registering plugin `SYSLOG' Feb 19 19:23:51.771718 osdx ulogd[399887]: building new pluginstance stack: 'ct1:NFCT,ip2str1:IP2STR,print1:PRINTFLOW,sys1:SYSLOG' Feb 19 19:23:51.771793 osdx ulogd[399887]: NFCT plugin working in event mode Feb 19 19:23:51.771804 osdx ulogd[399887]: Changing UID / GID Feb 19 19:23:51.772015 osdx ulogd[399887]: initialization finished, entering main loop Feb 19 19:23:52.007103 osdx cfgd[1448]: [389852]Completed change to active configuration Feb 19 19:23:52.063802 osdx OSDxCLI[389852]: User 'admin' committed the configuration. Feb 19 19:23:52.105304 osdx OSDxCLI[389852]: User 'admin' left the configuration menu. Feb 19 19:23:53.783019 osdx ulogd[399887]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 MARK=33 LABELS=TEST Feb 19 19:23:53.783053 osdx ulogd[399887]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 MARK=33 Feb 19 19:23:53.927128 osdx ulogd[399887]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 MARK=33 LABELS=TEST Feb 19 19:23:53.927160 osdx ulogd[399887]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 MARK=33
VRF logging
Description
Set a simple configuration with a vrf,
send a ping command from one device to other
and check that default and vrf fields appear when running system journal show.
Scenario
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 192.168.100.1/24 set interfaces ethernet eth0 vrf RED set protocols vrf RED static route 0.0.0.0/0 next-hop 192.168.100.2 set system conntrack logging events all set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0' set system vrf RED
Step 2: Set the following configuration in DUT1 :
set interfaces ethernet eth0 address 192.168.100.2/24 set protocols static route 0.0.0.0/0 next-hop 192.168.100.1 set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 3: Ping IP address 192.168.100.1 from DUT1:
admin@DUT1$ ping 192.168.100.1 count 1 size 56 timeout 1Show output
PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data. 64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=1.34 ms --- 192.168.100.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 1.338/1.338/1.338/0.000 ms
Step 4: Ping IP address 192.168.100.1 from DUT1:
admin@DUT1$ ping 192.168.100.1 count 1 size 56 timeout 1Show output
PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data. 64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.545 ms --- 192.168.100.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.545/0.545/0.545/0.000 ms
Step 5: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
ulogd\[.*\]:.*\[((NEW)|(UPDATE)|(DESTROY))\].*VRF=REDShow output
Feb 19 19:24:04.546678 osdx systemd-journald[1749]: Runtime Journal (/run/log/journal/88d6d46990514354af95198d86011406) is 2.0M, max 15.3M, 13.2M free. Feb 19 19:24:04.548286 osdx systemd-journald[1749]: Received client request to rotate journal, rotating. Feb 19 19:24:04.548364 osdx systemd-journald[1749]: Vacuuming done, freed 0B of archived journals from /run/log/journal/88d6d46990514354af95198d86011406. Feb 19 19:24:04.566035 osdx OSDxCLI[389852]: User 'admin' executed a new command: 'system journal clear'. Feb 19 19:24:05.414531 osdx osdx-coredump[400082]: Deleting all coredumps in /opt/vyatta/etc/config/coredump... Feb 19 19:24:05.436341 osdx OSDxCLI[389852]: User 'admin' executed a new command: 'system coredump delete all'. Feb 19 19:24:06.616948 osdx OSDxCLI[389852]: User 'admin' entered the configuration menu. Feb 19 19:24:06.860635 osdx OSDxCLI[389852]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 vrf RED'. Feb 19 19:24:07.064506 osdx OSDxCLI[389852]: User 'admin' added a new cfg line: 'set protocols vrf RED static route 0.0.0.0/0 next-hop 192.168.100.2'. Feb 19 19:24:07.227788 osdx OSDxCLI[389852]: User 'admin' added a new cfg line: 'set system vrf RED'. Feb 19 19:24:07.367142 osdx OSDxCLI[389852]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 192.168.100.1/24'. Feb 19 19:24:07.570456 osdx OSDxCLI[389852]: User 'admin' added a new cfg line: 'set system conntrack logging events all'. Feb 19 19:24:07.788747 osdx OSDxCLI[389852]: User 'admin' added a new cfg line: 'show working'. Feb 19 19:24:07.990379 osdx INFO[400111]: FRR daemons did not change Feb 19 19:24:08.022212 osdx (udev-worker)[400122]: RED: Could not disable auto negotiation, ignoring: Operation not supported Feb 19 19:24:08.022267 osdx (udev-worker)[400122]: Network interface NamePolicy= disabled on kernel command line. Feb 19 19:24:08.116146 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Feb 19 19:24:08.296283 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Feb 19 19:24:08.573267 osdx systemd[1]: Starting ulogd2.service - Netfilter Userspace Logging Daemon... Feb 19 19:24:08.575674 osdx systemd[1]: Started ulogd2.service - Netfilter Userspace Logging Daemon. Feb 19 19:24:08.575850 osdx ulogd[400233]: registering plugin `NFCT' Feb 19 19:24:08.575939 osdx ulogd[400233]: registering plugin `IP2STR' Feb 19 19:24:08.576019 osdx ulogd[400233]: registering plugin `PRINTFLOW' Feb 19 19:24:08.576120 osdx ulogd[400233]: registering plugin `SYSLOG' Feb 19 19:24:08.576127 osdx ulogd[400233]: building new pluginstance stack: 'ct1:NFCT,ip2str1:IP2STR,print1:PRINTFLOW,sys1:SYSLOG' Feb 19 19:24:08.576204 osdx ulogd[400233]: NFCT plugin working in event mode Feb 19 19:24:08.576217 osdx ulogd[400233]: Changing UID / GID Feb 19 19:24:08.576342 osdx ulogd[400233]: initialization finished, entering main loop Feb 19 19:24:08.580701 osdx cfgd[1448]: [389852]Completed change to active configuration Feb 19 19:24:08.737421 osdx OSDxCLI[389852]: User 'admin' committed the configuration. Feb 19 19:24:08.809460 osdx OSDxCLI[389852]: User 'admin' left the configuration menu. Feb 19 19:24:10.636727 osdx ulogd[400233]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 VRF=RED PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 VRF=RED PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 Feb 19 19:24:10.636771 osdx ulogd[400233]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 VRF=RED PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 VRF=RED PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 Feb 19 19:24:10.845475 osdx ulogd[400233]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 VRF=RED PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 VRF=RED PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 Feb 19 19:24:10.845513 osdx ulogd[400233]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 VRF=RED PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 VRF=RED PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0
Not-Bypass logging
Description
Set a simple configuration with a firewall service,
send a ping command from one device to other
and check that default and bypass fields appear when running system journal show.
Scenario
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth1 address 10.215.168.64/24 set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 2: Ping IP address 10.215.168.1 from DUT0:
admin@DUT0$ ping 10.215.168.1 count 1 size 56 timeout 1Show output
PING 10.215.168.1 (10.215.168.1) 56(84) bytes of data. 64 bytes from 10.215.168.1: icmp_seq=1 ttl=64 time=0.723 ms --- 10.215.168.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.723/0.723/0.723/0.000 ms
Step 3: Run command file copy http://10.215.168.1/~robot/test-performance.rules running:// force at DUT0 and expect this output:
Show output
% Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 100 129 100 129 0 0 12312 0 --:--:-- --:--:-- --:--:-- 12900
Step 4: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 192.168.100.1/24 set interfaces ethernet eth0 traffic policy in POLICY set interfaces ethernet eth1 address 10.215.168.64/24 set service firewall FW mode inline queue FW_Q set service firewall FW ruleset file 'running://test-performance.rules' set service firewall FW stream bypass mark 129834765 set service firewall FW stream bypass mask 129834765 set service firewall FW stream bypass set-connmark set system conntrack logging events all set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0' set traffic policy POLICY rule 1 action enqueue FW_Q set traffic queue FW_Q elements 1
Step 5: Set the following configuration in DUT1 :
set interfaces ethernet eth0 address 192.168.100.2/24 set protocols static route 0.0.0.0/0 next-hop 192.168.100.1 set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 6: Ping IP address 192.168.100.1 from DUT1:
admin@DUT1$ ping 192.168.100.1 count 1 size 56 timeout 1Show output
PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data. 64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=1.29 ms --- 192.168.100.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 1.291/1.291/1.291/0.000 ms
Step 7: Ping IP address 192.168.100.1 from DUT1:
admin@DUT1$ ping 192.168.100.1 count 1 size 56 timeout 1Show output
PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data. 64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=8.14 ms --- 192.168.100.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 8.138/8.138/8.138/0.000 ms
Step 8: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
ulogd\[.*\]:.*\[((NEW)|(UPDATE)|(DESTROY))\].*Sc: not-bypassShow output
Feb 19 19:24:20.602002 osdx systemd-journald[1749]: Runtime Journal (/run/log/journal/88d6d46990514354af95198d86011406) is 2.0M, max 15.3M, 13.2M free. Feb 19 19:24:20.606790 osdx systemd-journald[1749]: Received client request to rotate journal, rotating. Feb 19 19:24:20.606905 osdx systemd-journald[1749]: Vacuuming done, freed 0B of archived journals from /run/log/journal/88d6d46990514354af95198d86011406. Feb 19 19:24:20.633012 osdx OSDxCLI[389852]: User 'admin' executed a new command: 'system journal clear'. Feb 19 19:24:21.275866 osdx osdx-coredump[400444]: Deleting all coredumps in /opt/vyatta/etc/config/coredump... Feb 19 19:24:21.295141 osdx OSDxCLI[389852]: User 'admin' executed a new command: 'system coredump delete all'. Feb 19 19:24:22.471906 osdx OSDxCLI[389852]: User 'admin' entered the configuration menu. Feb 19 19:24:22.655635 osdx OSDxCLI[389852]: User 'admin' added a new cfg line: 'set interfaces ethernet eth1 address 10.215.168.64/24'. Feb 19 19:24:22.826436 osdx OSDxCLI[389852]: User 'admin' added a new cfg line: 'show working'. Feb 19 19:24:22.989118 osdx INFO[400467]: FRR daemons did not change Feb 19 19:24:23.031095 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth1 Feb 19 19:24:23.195337 osdx cfgd[1448]: [389852]Completed change to active configuration Feb 19 19:24:23.247451 osdx OSDxCLI[389852]: User 'admin' committed the configuration. Feb 19 19:24:23.316714 osdx OSDxCLI[389852]: User 'admin' left the configuration menu. Feb 19 19:24:23.655481 osdx OSDxCLI[389852]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'. Feb 19 19:24:23.931058 osdx file_operation[400562]: using src url: http://10.215.168.1/~robot/test-performance.rules dst url: running:// Feb 19 19:24:23.979604 osdx OSDxCLI[389852]: User 'admin' executed a new command: 'file copy http://10.215.168.1/~robot/test-performance.rules running:// force'. Feb 19 19:24:24.225798 osdx OSDxCLI[389852]: User 'admin' entered the configuration menu. Feb 19 19:24:24.431472 osdx OSDxCLI[389852]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 traffic policy in POLICY'. Feb 19 19:24:24.563048 osdx OSDxCLI[389852]: User 'admin' added a new cfg line: 'set service firewall FW mode inline queue FW_Q'. Feb 19 19:24:24.736717 osdx OSDxCLI[389852]: User 'admin' added a new cfg line: 'set service firewall FW ruleset file running://test-performance.rules'. Feb 19 19:24:24.939630 osdx OSDxCLI[389852]: User 'admin' added a new cfg line: 'set service firewall FW stream bypass'. Feb 19 19:24:25.161919 osdx OSDxCLI[389852]: User 'admin' added a new cfg line: 'set service firewall FW stream bypass mark 129834765'. Feb 19 19:24:25.269090 osdx OSDxCLI[389852]: User 'admin' added a new cfg line: 'set service firewall FW stream bypass mask 129834765'. Feb 19 19:24:25.494110 osdx OSDxCLI[389852]: User 'admin' added a new cfg line: 'set service firewall FW stream bypass set-connmark'. Feb 19 19:24:25.630432 osdx OSDxCLI[389852]: User 'admin' added a new cfg line: 'set traffic queue FW_Q elements 1'. Feb 19 19:24:25.816647 osdx OSDxCLI[389852]: User 'admin' added a new cfg line: 'set traffic policy POLICY rule 1 action enqueue FW_Q'. Feb 19 19:24:26.028607 osdx OSDxCLI[389852]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 192.168.100.1/24'. Feb 19 19:24:26.184917 osdx OSDxCLI[389852]: User 'admin' added a new cfg line: 'set system conntrack logging events all'. Feb 19 19:24:26.355926 osdx OSDxCLI[389852]: User 'admin' added a new cfg line: 'show working'. Feb 19 19:24:26.560567 osdx INFO[400615]: FRR daemons did not change Feb 19 19:24:26.615189 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Feb 19 19:24:26.835649 osdx systemd[1]: Starting ulogd2.service - Netfilter Userspace Logging Daemon... Feb 19 19:24:26.837433 osdx systemd[1]: Started ulogd2.service - Netfilter Userspace Logging Daemon. Feb 19 19:24:26.837614 osdx ulogd[400684]: registering plugin `NFCT' Feb 19 19:24:26.837699 osdx ulogd[400684]: registering plugin `IP2STR' Feb 19 19:24:26.837793 osdx ulogd[400684]: registering plugin `PRINTFLOW' Feb 19 19:24:26.837877 osdx ulogd[400684]: registering plugin `SYSLOG' Feb 19 19:24:26.837883 osdx ulogd[400684]: building new pluginstance stack: 'ct1:NFCT,ip2str1:IP2STR,print1:PRINTFLOW,sys1:SYSLOG' Feb 19 19:24:26.837961 osdx ulogd[400684]: NFCT plugin working in event mode Feb 19 19:24:26.837973 osdx ulogd[400684]: Changing UID / GID Feb 19 19:24:26.838088 osdx ulogd[400684]: initialization finished, entering main loop Feb 19 19:24:27.083001 osdx systemd[1]: Reloading. Feb 19 19:24:27.315051 osdx systemd-sysv-generator[400720]: stat() failed on /etc/init.d/README, ignoring: No such file or directory Feb 19 19:24:27.570515 osdx systemd[1]: Starting logrotate.service - Rotate log files... Feb 19 19:24:27.583266 osdx systemd[1]: Starting suricata@FW.service - Suricata client "FW" service... Feb 19 19:24:27.628332 osdx systemd[1]: Started suricata@FW.service - Suricata client "FW" service. Feb 19 19:24:27.701481 osdx INFO[400699]: Rules successfully loaded Feb 19 19:24:27.714847 osdx systemd[1]: logrotate.service: Deactivated successfully. Feb 19 19:24:27.715036 osdx systemd[1]: Finished logrotate.service - Rotate log files. Feb 19 19:24:27.730343 osdx ulogd[400684]: Terminal signal received, exiting Feb 19 19:24:27.731218 osdx systemd[1]: Stopping ulogd2.service - Netfilter Userspace Logging Daemon... Feb 19 19:24:27.731720 osdx systemd[1]: ulogd2.service: Deactivated successfully. Feb 19 19:24:27.731961 osdx systemd[1]: Stopped ulogd2.service - Netfilter Userspace Logging Daemon. Feb 19 19:24:27.767926 osdx systemd[1]: Starting ulogd2.service - Netfilter Userspace Logging Daemon... Feb 19 19:24:27.769257 osdx systemd[1]: ulogd2.service: Failed to parse PID from file /run/ulog/ulogd.pid: Invalid argument Feb 19 19:24:27.770187 osdx systemd[1]: Started ulogd2.service - Netfilter Userspace Logging Daemon. Feb 19 19:24:27.770557 osdx ulogd[400743]: registering plugin `NFCT' Feb 19 19:24:27.770646 osdx ulogd[400743]: registering plugin `IP2STR' Feb 19 19:24:27.770800 osdx ulogd[400743]: registering plugin `PRINTFLOW' Feb 19 19:24:27.770902 osdx ulogd[400743]: registering plugin `SYSLOG' Feb 19 19:24:27.770908 osdx ulogd[400743]: building new pluginstance stack: 'ct1:NFCT,ip2str1:IP2STR,print1:PRINTFLOW,sys1:SYSLOG' Feb 19 19:24:27.770993 osdx ulogd[400743]: NFCT plugin working in event mode Feb 19 19:24:27.771013 osdx ulogd[400743]: Changing UID / GID Feb 19 19:24:27.771172 osdx ulogd[400743]: initialization finished, entering main loop Feb 19 19:24:27.774379 osdx cfgd[1448]: [389852]Completed change to active configuration Feb 19 19:24:27.876583 osdx OSDxCLI[389852]: User 'admin' committed the configuration. Feb 19 19:24:27.984909 osdx OSDxCLI[389852]: User 'admin' left the configuration menu. Feb 19 19:24:29.612729 osdx ulogd[400743]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 (Sc: not-bypass) Feb 19 19:24:29.612805 osdx ulogd[400743]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 (Sc: not-bypass) Feb 19 19:24:29.780428 osdx ulogd[400743]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 (Sc: not-bypass) Feb 19 19:24:29.780461 osdx ulogd[400743]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 (Sc: not-bypass)
Offload flag
Description
Set a simple configuration with DUT0 as an intermediary between DUT1
and DUT2. Initiate a ssh connection from DUT1 to DUT2
and check that default and offload fields appear when running system journal show.
Scenario
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 192.168.100.1/24 set interfaces ethernet eth1 address 192.168.200.1/24 set system conntrack logging events all set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 2: Set the following configuration in DUT1 :
set interfaces ethernet eth0 address 192.168.100.2/24 set protocols static route 0.0.0.0/0 next-hop 192.168.100.1 set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 3: Set the following configuration in DUT2 :
set interfaces ethernet eth0 address 192.168.200.2/24 set protocols static route 0.0.0.0/0 next-hop 192.168.200.1 set service ssh set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 4: Ping IP address 192.168.100.1 from DUT1:
admin@DUT1$ ping 192.168.100.1 count 1 size 56 timeout 1Show output
PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data. 64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=4.46 ms --- 192.168.100.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 4.458/4.458/4.458/0.000 ms
Step 5: Ping IP address 192.168.200.1 from DUT2:
admin@DUT2$ ping 192.168.200.1 count 1 size 56 timeout 1Show output
PING 192.168.200.1 (192.168.200.1) 56(84) bytes of data. 64 bytes from 192.168.200.1: icmp_seq=1 ttl=64 time=3.81 ms --- 192.168.200.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 3.805/3.805/3.805/0.000 ms
Step 6: Init an SSH connection from DUT1 to IP address 192.168.200.2 with the user admin:
admin@DUT1$ ssh admin@192.168.200.2 option StrictHostKeyChecking=no option UserKnownHostsFile=/dev/nullShow output
Warning: Permanently added '192.168.200.2' (ECDSA) to the list of known hosts. admin@192.168.200.2's password: Welcome to Teldat OSDx v4.2.3.1 This system includes free software. Contact Teldat for licenses information and source code. Last login: Wed Feb 19 19:20:32 2025 from 10.215.168.64 admin@osdx$
Step 7: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
ulogd\[.*\]:.*\[((NEW)|(UPDATE)|(DESTROY))\].*\[OFFLOAD\]Show output
Feb 19 19:24:40.534479 osdx systemd-journald[1749]: Runtime Journal (/run/log/journal/88d6d46990514354af95198d86011406) is 2.0M, max 15.3M, 13.2M free. Feb 19 19:24:40.538018 osdx systemd-journald[1749]: Received client request to rotate journal, rotating. Feb 19 19:24:40.538118 osdx systemd-journald[1749]: Vacuuming done, freed 0B of archived journals from /run/log/journal/88d6d46990514354af95198d86011406. Feb 19 19:24:40.553428 osdx OSDxCLI[389852]: User 'admin' executed a new command: 'system journal clear'. Feb 19 19:24:41.285785 osdx osdx-coredump[400966]: Deleting all coredumps in /opt/vyatta/etc/config/coredump... Feb 19 19:24:41.325760 osdx OSDxCLI[389852]: User 'admin' executed a new command: 'system coredump delete all'. Feb 19 19:24:42.528408 osdx OSDxCLI[389852]: User 'admin' entered the configuration menu. Feb 19 19:24:42.747236 osdx OSDxCLI[389852]: User 'admin' added a new cfg line: 'set interfaces ethernet eth1 address 192.168.200.1/24'. Feb 19 19:24:42.926257 osdx OSDxCLI[389852]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 192.168.100.1/24'. Feb 19 19:24:43.129385 osdx OSDxCLI[389852]: User 'admin' added a new cfg line: 'set system conntrack logging events all'. Feb 19 19:24:43.342520 osdx OSDxCLI[389852]: User 'admin' added a new cfg line: 'show working'. Feb 19 19:24:43.649692 osdx INFO[400993]: FRR daemons did not change Feb 19 19:24:43.793746 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth1 Feb 19 19:24:44.022045 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Feb 19 19:24:44.271686 osdx systemd[1]: Starting ulogd2.service - Netfilter Userspace Logging Daemon... Feb 19 19:24:44.273141 osdx systemd[1]: Started ulogd2.service - Netfilter Userspace Logging Daemon. Feb 19 19:24:44.273497 osdx ulogd[401115]: registering plugin `NFCT' Feb 19 19:24:44.274221 osdx ulogd[401115]: registering plugin `IP2STR' Feb 19 19:24:44.274315 osdx ulogd[401115]: registering plugin `PRINTFLOW' Feb 19 19:24:44.274501 osdx ulogd[401115]: registering plugin `SYSLOG' Feb 19 19:24:44.274513 osdx ulogd[401115]: building new pluginstance stack: 'ct1:NFCT,ip2str1:IP2STR,print1:PRINTFLOW,sys1:SYSLOG' Feb 19 19:24:44.274603 osdx ulogd[401115]: NFCT plugin working in event mode Feb 19 19:24:44.274623 osdx ulogd[401115]: Changing UID / GID Feb 19 19:24:44.274758 osdx ulogd[401115]: initialization finished, entering main loop Feb 19 19:24:44.277573 osdx cfgd[1448]: [389852]Completed change to active configuration Feb 19 19:24:44.385114 osdx OSDxCLI[389852]: User 'admin' committed the configuration. Feb 19 19:24:44.472875 osdx OSDxCLI[389852]: User 'admin' left the configuration menu. Feb 19 19:24:48.451504 osdx ulogd[401115]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 Feb 19 19:24:48.451535 osdx ulogd[401115]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 Feb 19 19:24:48.729637 osdx ulogd[401115]: [NEW] ORIG: SRC=192.168.200.2 DST=192.168.200.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.200.1 DST=192.168.200.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 Feb 19 19:24:48.729670 osdx ulogd[401115]: [UPDATE] ORIG: SRC=192.168.200.2 DST=192.168.200.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.200.1 DST=192.168.200.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 Feb 19 19:24:48.901348 osdx ulogd[401115]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.200.2 PROTO=TCP SPT=45396 DPT=22 PKTS=0 BYTES=0 , REPLY: SRC=192.168.200.2 DST=192.168.100.2 PROTO=TCP SPT=22 DPT=45396 PKTS=0 BYTES=0 Feb 19 19:24:48.901851 osdx ulogd[401115]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.200.2 PROTO=TCP SPT=45396 DPT=22 PKTS=0 BYTES=0 , REPLY: SRC=192.168.200.2 DST=192.168.100.2 PROTO=TCP SPT=22 DPT=45396 PKTS=0 BYTES=0 Feb 19 19:24:48.902217 osdx ulogd[401115]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.200.2 PROTO=TCP SPT=45396 DPT=22 PKTS=0 BYTES=0 , REPLY: SRC=192.168.200.2 DST=192.168.100.2 PROTO=TCP SPT=22 DPT=45396 PKTS=0 BYTES=0 [OFFLOAD] Feb 19 19:24:49.409616 osdx ulogd[401115]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.200.2 PROTO=TCP SPT=45396 DPT=22 PKTS=0 BYTES=0 , REPLY: SRC=192.168.200.2 DST=192.168.100.2 PROTO=TCP SPT=22 DPT=45396 PKTS=0 BYTES=0 Feb 19 19:24:49.411097 osdx ulogd[401115]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.200.2 PROTO=TCP SPT=45396 DPT=22 PKTS=0 BYTES=0 , REPLY: SRC=192.168.200.2 DST=192.168.100.2 PROTO=TCP SPT=22 DPT=45396 PKTS=0 BYTES=0 Feb 19 19:24:49.412727 osdx ulogd[401115]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.200.2 PROTO=TCP SPT=45396 DPT=22 PKTS=0 BYTES=0 , REPLY: SRC=192.168.200.2 DST=192.168.100.2 PROTO=TCP SPT=22 DPT=45396 PKTS=0 BYTES=0 [OFFLOAD]
App detect logging
Description
Set a simple configuration enabling app detection in system conntrack, send a ping command from DUT1
and check app detect field appears when running system journal show. After that, enabling app detection
in system conntrack for http host, try to copy index.html from a http server
and check that the app detect field appears and belongs to the http server when running system journal show.
Scenario
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 192.168.100.1/24 set system conntrack app-detect set system conntrack logging events all set system conntrack timeout icmp 1 set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 2: Set the following configuration in DUT1 :
set interfaces ethernet eth0 address 192.168.100.2/24 set protocols static route 0.0.0.0/0 next-hop 192.168.100.1 set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 3: Ping IP address 192.168.100.1 from DUT1:
admin@DUT1$ ping 192.168.100.1 count 1 size 56 timeout 1Show output
PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data. 64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.799 ms --- 192.168.100.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.799/0.799/0.799/0.000 ms
Step 4: Ping IP address 192.168.100.1 from DUT1:
admin@DUT1$ ping 192.168.100.1 count 3 size 56 timeout 1Show output
PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data. 64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.435 ms 64 bytes from 192.168.100.1: icmp_seq=2 ttl=64 time=0.499 ms 64 bytes from 192.168.100.1: icmp_seq=3 ttl=64 time=0.606 ms --- 192.168.100.1 ping statistics --- 3 packets transmitted, 3 received, 0% packet loss, time 2009ms rtt min/avg/max/mdev = 0.435/0.513/0.606/0.070 ms
Step 5: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
ulogd\[.*\]:.*\[NEW\].*APPDETECT\[L3:1\]Show output
Feb 19 19:25:00.542101 osdx systemd-journald[1749]: Runtime Journal (/run/log/journal/88d6d46990514354af95198d86011406) is 2.0M, max 15.3M, 13.2M free. Feb 19 19:25:00.544028 osdx systemd-journald[1749]: Received client request to rotate journal, rotating. Feb 19 19:25:00.544199 osdx systemd-journald[1749]: Vacuuming done, freed 0B of archived journals from /run/log/journal/88d6d46990514354af95198d86011406. Feb 19 19:25:00.573750 osdx OSDxCLI[389852]: User 'admin' executed a new command: 'system journal clear'. Feb 19 19:25:01.444253 osdx osdx-coredump[401273]: Deleting all coredumps in /opt/vyatta/etc/config/coredump... Feb 19 19:25:01.462370 osdx OSDxCLI[389852]: User 'admin' executed a new command: 'system coredump delete all'. Feb 19 19:25:02.889730 osdx OSDxCLI[389852]: User 'admin' entered the configuration menu. Feb 19 19:25:03.064009 osdx OSDxCLI[389852]: User 'admin' added a new cfg line: 'set system conntrack app-detect'. Feb 19 19:25:03.220727 osdx OSDxCLI[389852]: User 'admin' added a new cfg line: 'set system conntrack timeout icmp 1'. Feb 19 19:25:03.452222 osdx OSDxCLI[389852]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 192.168.100.1/24'. Feb 19 19:25:03.557065 osdx OSDxCLI[389852]: User 'admin' added a new cfg line: 'set system conntrack logging events all'. Feb 19 19:25:03.716701 osdx OSDxCLI[389852]: User 'admin' added a new cfg line: 'show working'. Feb 19 19:25:03.967505 osdx INFO[401302]: FRR daemons did not change Feb 19 19:25:04.208012 osdx kernel: app-detect: module init Feb 19 19:25:04.208082 osdx kernel: app-detect: registered: sysctl net.appdetect Feb 19 19:25:04.216375 osdx kernel: app-detect: expression init Feb 19 19:25:04.216431 osdx kernel: app-detect: appid cache initialized Feb 19 19:25:04.216455 osdx kernel: app-detect: appid cache changes counter initialized Feb 19 19:25:04.226909 osdx modulelauncher[401305]: AppDetect: no change in application dictionaries, thus nothing more to do Feb 19 19:25:04.379850 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Feb 19 19:25:04.679231 osdx systemd[1]: Starting ulogd2.service - Netfilter Userspace Logging Daemon... Feb 19 19:25:04.679439 osdx ulogd[401394]: registering plugin `NFCT' Feb 19 19:25:04.679564 osdx ulogd[401394]: registering plugin `IP2STR' Feb 19 19:25:04.679658 osdx ulogd[401394]: registering plugin `PRINTFLOW' Feb 19 19:25:04.679754 osdx ulogd[401394]: registering plugin `SYSLOG' Feb 19 19:25:04.679761 osdx ulogd[401394]: building new pluginstance stack: 'ct1:NFCT,ip2str1:IP2STR,print1:PRINTFLOW,sys1:SYSLOG' Feb 19 19:25:04.679840 osdx ulogd[401394]: NFCT plugin working in event mode Feb 19 19:25:04.679852 osdx ulogd[401394]: Changing UID / GID Feb 19 19:25:04.679994 osdx ulogd[401394]: initialization finished, entering main loop Feb 19 19:25:04.681826 osdx systemd[1]: Started ulogd2.service - Netfilter Userspace Logging Daemon. Feb 19 19:25:04.685434 osdx cfgd[1448]: [389852]Completed change to active configuration Feb 19 19:25:04.797295 osdx OSDxCLI[389852]: User 'admin' committed the configuration. Feb 19 19:25:04.853496 osdx OSDxCLI[389852]: User 'admin' left the configuration menu. Feb 19 19:25:06.787550 osdx ulogd[401394]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Feb 19 19:25:06.787585 osdx ulogd[401394]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Feb 19 19:25:07.000202 osdx ulogd[401394]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Feb 19 19:25:07.000237 osdx ulogd[401394]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Feb 19 19:25:08.000993 osdx ulogd[401394]: [DESTROY] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 APPDETECT[L3:1] Feb 19 19:25:08.001030 osdx ulogd[401394]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Feb 19 19:25:08.001064 osdx ulogd[401394]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Feb 19 19:25:09.009697 osdx ulogd[401394]: [DESTROY] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 APPDETECT[L3:1] Feb 19 19:25:09.009732 osdx ulogd[401394]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Feb 19 19:25:09.009757 osdx ulogd[401394]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1]
Step 6: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
ulogd\[.*\]:.*\[UPDATE\].*APPDETECT\[L3:1\]Show output
Feb 19 19:25:00.542101 osdx systemd-journald[1749]: Runtime Journal (/run/log/journal/88d6d46990514354af95198d86011406) is 2.0M, max 15.3M, 13.2M free. Feb 19 19:25:00.544028 osdx systemd-journald[1749]: Received client request to rotate journal, rotating. Feb 19 19:25:00.544199 osdx systemd-journald[1749]: Vacuuming done, freed 0B of archived journals from /run/log/journal/88d6d46990514354af95198d86011406. Feb 19 19:25:00.573750 osdx OSDxCLI[389852]: User 'admin' executed a new command: 'system journal clear'. Feb 19 19:25:01.444253 osdx osdx-coredump[401273]: Deleting all coredumps in /opt/vyatta/etc/config/coredump... Feb 19 19:25:01.462370 osdx OSDxCLI[389852]: User 'admin' executed a new command: 'system coredump delete all'. Feb 19 19:25:02.889730 osdx OSDxCLI[389852]: User 'admin' entered the configuration menu. Feb 19 19:25:03.064009 osdx OSDxCLI[389852]: User 'admin' added a new cfg line: 'set system conntrack app-detect'. Feb 19 19:25:03.220727 osdx OSDxCLI[389852]: User 'admin' added a new cfg line: 'set system conntrack timeout icmp 1'. Feb 19 19:25:03.452222 osdx OSDxCLI[389852]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 192.168.100.1/24'. Feb 19 19:25:03.557065 osdx OSDxCLI[389852]: User 'admin' added a new cfg line: 'set system conntrack logging events all'. Feb 19 19:25:03.716701 osdx OSDxCLI[389852]: User 'admin' added a new cfg line: 'show working'. Feb 19 19:25:03.967505 osdx INFO[401302]: FRR daemons did not change Feb 19 19:25:04.208012 osdx kernel: app-detect: module init Feb 19 19:25:04.208082 osdx kernel: app-detect: registered: sysctl net.appdetect Feb 19 19:25:04.216375 osdx kernel: app-detect: expression init Feb 19 19:25:04.216431 osdx kernel: app-detect: appid cache initialized Feb 19 19:25:04.216455 osdx kernel: app-detect: appid cache changes counter initialized Feb 19 19:25:04.226909 osdx modulelauncher[401305]: AppDetect: no change in application dictionaries, thus nothing more to do Feb 19 19:25:04.379850 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Feb 19 19:25:04.679231 osdx systemd[1]: Starting ulogd2.service - Netfilter Userspace Logging Daemon... Feb 19 19:25:04.679439 osdx ulogd[401394]: registering plugin `NFCT' Feb 19 19:25:04.679564 osdx ulogd[401394]: registering plugin `IP2STR' Feb 19 19:25:04.679658 osdx ulogd[401394]: registering plugin `PRINTFLOW' Feb 19 19:25:04.679754 osdx ulogd[401394]: registering plugin `SYSLOG' Feb 19 19:25:04.679761 osdx ulogd[401394]: building new pluginstance stack: 'ct1:NFCT,ip2str1:IP2STR,print1:PRINTFLOW,sys1:SYSLOG' Feb 19 19:25:04.679840 osdx ulogd[401394]: NFCT plugin working in event mode Feb 19 19:25:04.679852 osdx ulogd[401394]: Changing UID / GID Feb 19 19:25:04.679994 osdx ulogd[401394]: initialization finished, entering main loop Feb 19 19:25:04.681826 osdx systemd[1]: Started ulogd2.service - Netfilter Userspace Logging Daemon. Feb 19 19:25:04.685434 osdx cfgd[1448]: [389852]Completed change to active configuration Feb 19 19:25:04.797295 osdx OSDxCLI[389852]: User 'admin' committed the configuration. Feb 19 19:25:04.853496 osdx OSDxCLI[389852]: User 'admin' left the configuration menu. Feb 19 19:25:06.787550 osdx ulogd[401394]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Feb 19 19:25:06.787585 osdx ulogd[401394]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Feb 19 19:25:07.000202 osdx ulogd[401394]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Feb 19 19:25:07.000237 osdx ulogd[401394]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Feb 19 19:25:08.000993 osdx ulogd[401394]: [DESTROY] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 APPDETECT[L3:1] Feb 19 19:25:08.001030 osdx ulogd[401394]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Feb 19 19:25:08.001064 osdx ulogd[401394]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Feb 19 19:25:09.009697 osdx ulogd[401394]: [DESTROY] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 APPDETECT[L3:1] Feb 19 19:25:09.009732 osdx ulogd[401394]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Feb 19 19:25:09.009757 osdx ulogd[401394]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Feb 19 19:25:09.279764 osdx OSDxCLI[389852]: User 'admin' executed a new command: 'system journal show | cat'.
Step 7: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
ulogd\[.*\]:.*\[DESTROY\].*APPDETECT\[L3:1\]Show output
Feb 19 19:25:00.542101 osdx systemd-journald[1749]: Runtime Journal (/run/log/journal/88d6d46990514354af95198d86011406) is 2.0M, max 15.3M, 13.2M free. Feb 19 19:25:00.544028 osdx systemd-journald[1749]: Received client request to rotate journal, rotating. Feb 19 19:25:00.544199 osdx systemd-journald[1749]: Vacuuming done, freed 0B of archived journals from /run/log/journal/88d6d46990514354af95198d86011406. Feb 19 19:25:00.573750 osdx OSDxCLI[389852]: User 'admin' executed a new command: 'system journal clear'. Feb 19 19:25:01.444253 osdx osdx-coredump[401273]: Deleting all coredumps in /opt/vyatta/etc/config/coredump... Feb 19 19:25:01.462370 osdx OSDxCLI[389852]: User 'admin' executed a new command: 'system coredump delete all'. Feb 19 19:25:02.889730 osdx OSDxCLI[389852]: User 'admin' entered the configuration menu. Feb 19 19:25:03.064009 osdx OSDxCLI[389852]: User 'admin' added a new cfg line: 'set system conntrack app-detect'. Feb 19 19:25:03.220727 osdx OSDxCLI[389852]: User 'admin' added a new cfg line: 'set system conntrack timeout icmp 1'. Feb 19 19:25:03.452222 osdx OSDxCLI[389852]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 192.168.100.1/24'. Feb 19 19:25:03.557065 osdx OSDxCLI[389852]: User 'admin' added a new cfg line: 'set system conntrack logging events all'. Feb 19 19:25:03.716701 osdx OSDxCLI[389852]: User 'admin' added a new cfg line: 'show working'. Feb 19 19:25:03.967505 osdx INFO[401302]: FRR daemons did not change Feb 19 19:25:04.208012 osdx kernel: app-detect: module init Feb 19 19:25:04.208082 osdx kernel: app-detect: registered: sysctl net.appdetect Feb 19 19:25:04.216375 osdx kernel: app-detect: expression init Feb 19 19:25:04.216431 osdx kernel: app-detect: appid cache initialized Feb 19 19:25:04.216455 osdx kernel: app-detect: appid cache changes counter initialized Feb 19 19:25:04.226909 osdx modulelauncher[401305]: AppDetect: no change in application dictionaries, thus nothing more to do Feb 19 19:25:04.379850 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Feb 19 19:25:04.679231 osdx systemd[1]: Starting ulogd2.service - Netfilter Userspace Logging Daemon... Feb 19 19:25:04.679439 osdx ulogd[401394]: registering plugin `NFCT' Feb 19 19:25:04.679564 osdx ulogd[401394]: registering plugin `IP2STR' Feb 19 19:25:04.679658 osdx ulogd[401394]: registering plugin `PRINTFLOW' Feb 19 19:25:04.679754 osdx ulogd[401394]: registering plugin `SYSLOG' Feb 19 19:25:04.679761 osdx ulogd[401394]: building new pluginstance stack: 'ct1:NFCT,ip2str1:IP2STR,print1:PRINTFLOW,sys1:SYSLOG' Feb 19 19:25:04.679840 osdx ulogd[401394]: NFCT plugin working in event mode Feb 19 19:25:04.679852 osdx ulogd[401394]: Changing UID / GID Feb 19 19:25:04.679994 osdx ulogd[401394]: initialization finished, entering main loop Feb 19 19:25:04.681826 osdx systemd[1]: Started ulogd2.service - Netfilter Userspace Logging Daemon. Feb 19 19:25:04.685434 osdx cfgd[1448]: [389852]Completed change to active configuration Feb 19 19:25:04.797295 osdx OSDxCLI[389852]: User 'admin' committed the configuration. Feb 19 19:25:04.853496 osdx OSDxCLI[389852]: User 'admin' left the configuration menu. Feb 19 19:25:06.787550 osdx ulogd[401394]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Feb 19 19:25:06.787585 osdx ulogd[401394]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Feb 19 19:25:07.000202 osdx ulogd[401394]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Feb 19 19:25:07.000237 osdx ulogd[401394]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Feb 19 19:25:08.000993 osdx ulogd[401394]: [DESTROY] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 APPDETECT[L3:1] Feb 19 19:25:08.001030 osdx ulogd[401394]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Feb 19 19:25:08.001064 osdx ulogd[401394]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Feb 19 19:25:09.009697 osdx ulogd[401394]: [DESTROY] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 APPDETECT[L3:1] Feb 19 19:25:09.009732 osdx ulogd[401394]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Feb 19 19:25:09.009757 osdx ulogd[401394]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Feb 19 19:25:09.279764 osdx OSDxCLI[389852]: User 'admin' executed a new command: 'system journal show | cat'. Feb 19 19:25:09.571546 osdx OSDxCLI[389852]: User 'admin' executed a new command: 'system journal show | cat'.
Step 8: Modify the following configuration lines in DUT0 :
set interfaces ethernet eth1 address 10.215.168.64/24 set system conntrack app-detect http-host
Step 9: Ping IP address 10.215.168.1 from DUT0:
admin@DUT0$ ping 10.215.168.1 count 1 size 56 timeout 1Show output
PING 10.215.168.1 (10.215.168.1) 56(84) bytes of data. 64 bytes from 10.215.168.1: icmp_seq=1 ttl=64 time=3.57 ms --- 10.215.168.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 3.567/3.567/3.567/0.000 ms
Step 10: Run command file copy http://10.215.168.1/~robot/ running://index.html at DUT0 and expect this output:
Show output
% Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 100 4352 0 4352 0 0 116k 0 --:--:-- --:--:-- --:--:-- 118k
Step 11: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
ulogd\[.*\]:.*\[((NEW)|(UPDATE)|(DESTROY))\].*APPDETECT\[L4:80 http-host:10.215.168.1\]Show output
Feb 19 19:25:00.542101 osdx systemd-journald[1749]: Runtime Journal (/run/log/journal/88d6d46990514354af95198d86011406) is 2.0M, max 15.3M, 13.2M free. Feb 19 19:25:00.544028 osdx systemd-journald[1749]: Received client request to rotate journal, rotating. Feb 19 19:25:00.544199 osdx systemd-journald[1749]: Vacuuming done, freed 0B of archived journals from /run/log/journal/88d6d46990514354af95198d86011406. Feb 19 19:25:00.573750 osdx OSDxCLI[389852]: User 'admin' executed a new command: 'system journal clear'. Feb 19 19:25:01.444253 osdx osdx-coredump[401273]: Deleting all coredumps in /opt/vyatta/etc/config/coredump... Feb 19 19:25:01.462370 osdx OSDxCLI[389852]: User 'admin' executed a new command: 'system coredump delete all'. Feb 19 19:25:02.889730 osdx OSDxCLI[389852]: User 'admin' entered the configuration menu. Feb 19 19:25:03.064009 osdx OSDxCLI[389852]: User 'admin' added a new cfg line: 'set system conntrack app-detect'. Feb 19 19:25:03.220727 osdx OSDxCLI[389852]: User 'admin' added a new cfg line: 'set system conntrack timeout icmp 1'. Feb 19 19:25:03.452222 osdx OSDxCLI[389852]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 192.168.100.1/24'. Feb 19 19:25:03.557065 osdx OSDxCLI[389852]: User 'admin' added a new cfg line: 'set system conntrack logging events all'. Feb 19 19:25:03.716701 osdx OSDxCLI[389852]: User 'admin' added a new cfg line: 'show working'. Feb 19 19:25:03.967505 osdx INFO[401302]: FRR daemons did not change Feb 19 19:25:04.208012 osdx kernel: app-detect: module init Feb 19 19:25:04.208082 osdx kernel: app-detect: registered: sysctl net.appdetect Feb 19 19:25:04.216375 osdx kernel: app-detect: expression init Feb 19 19:25:04.216431 osdx kernel: app-detect: appid cache initialized Feb 19 19:25:04.216455 osdx kernel: app-detect: appid cache changes counter initialized Feb 19 19:25:04.226909 osdx modulelauncher[401305]: AppDetect: no change in application dictionaries, thus nothing more to do Feb 19 19:25:04.379850 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Feb 19 19:25:04.679231 osdx systemd[1]: Starting ulogd2.service - Netfilter Userspace Logging Daemon... Feb 19 19:25:04.679439 osdx ulogd[401394]: registering plugin `NFCT' Feb 19 19:25:04.679564 osdx ulogd[401394]: registering plugin `IP2STR' Feb 19 19:25:04.679658 osdx ulogd[401394]: registering plugin `PRINTFLOW' Feb 19 19:25:04.679754 osdx ulogd[401394]: registering plugin `SYSLOG' Feb 19 19:25:04.679761 osdx ulogd[401394]: building new pluginstance stack: 'ct1:NFCT,ip2str1:IP2STR,print1:PRINTFLOW,sys1:SYSLOG' Feb 19 19:25:04.679840 osdx ulogd[401394]: NFCT plugin working in event mode Feb 19 19:25:04.679852 osdx ulogd[401394]: Changing UID / GID Feb 19 19:25:04.679994 osdx ulogd[401394]: initialization finished, entering main loop Feb 19 19:25:04.681826 osdx systemd[1]: Started ulogd2.service - Netfilter Userspace Logging Daemon. Feb 19 19:25:04.685434 osdx cfgd[1448]: [389852]Completed change to active configuration Feb 19 19:25:04.797295 osdx OSDxCLI[389852]: User 'admin' committed the configuration. Feb 19 19:25:04.853496 osdx OSDxCLI[389852]: User 'admin' left the configuration menu. Feb 19 19:25:06.787550 osdx ulogd[401394]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Feb 19 19:25:06.787585 osdx ulogd[401394]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Feb 19 19:25:07.000202 osdx ulogd[401394]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Feb 19 19:25:07.000237 osdx ulogd[401394]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Feb 19 19:25:08.000993 osdx ulogd[401394]: [DESTROY] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 APPDETECT[L3:1] Feb 19 19:25:08.001030 osdx ulogd[401394]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Feb 19 19:25:08.001064 osdx ulogd[401394]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Feb 19 19:25:09.009697 osdx ulogd[401394]: [DESTROY] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 APPDETECT[L3:1] Feb 19 19:25:09.009732 osdx ulogd[401394]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Feb 19 19:25:09.009757 osdx ulogd[401394]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Feb 19 19:25:09.279764 osdx OSDxCLI[389852]: User 'admin' executed a new command: 'system journal show | cat'. Feb 19 19:25:09.571546 osdx OSDxCLI[389852]: User 'admin' executed a new command: 'system journal show | cat'. Feb 19 19:25:09.814557 osdx OSDxCLI[389852]: User 'admin' executed a new command: 'system journal show | cat'. Feb 19 19:25:10.124165 osdx OSDxCLI[389852]: User 'admin' entered the configuration menu. Feb 19 19:25:10.299623 osdx OSDxCLI[389852]: User 'admin' added a new cfg line: 'set interfaces ethernet eth1 address 10.215.168.64/24'. Feb 19 19:25:10.396493 osdx OSDxCLI[389852]: User 'admin' added a new cfg line: 'set system conntrack app-detect http-host'. Feb 19 19:25:10.559627 osdx OSDxCLI[389852]: User 'admin' added a new cfg line: 'show changes'. Feb 19 19:25:10.757176 osdx INFO[401447]: FRR daemons did not change Feb 19 19:25:10.792019 osdx kernel: app-detect: expression destroy Feb 19 19:25:10.836172 osdx kernel: app-detect: expression init Feb 19 19:25:10.836233 osdx kernel: app-detect: appid cache initialized Feb 19 19:25:10.836256 osdx kernel: app-detect: appid cache changes counter initialized Feb 19 19:25:10.848766 osdx modulelauncher[401450]: AppDetect: no change in application dictionaries, thus nothing more to do Feb 19 19:25:10.951979 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth1 Feb 19 19:25:11.124886 osdx cfgd[1448]: [389852]Completed change to active configuration Feb 19 19:25:11.190276 osdx ulogd[401394]: [DESTROY] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 APPDETECT[L3:1] Feb 19 19:25:11.190690 osdx ulogd[401394]: [DESTROY] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 APPDETECT[L3:1] Feb 19 19:25:11.192109 osdx OSDxCLI[389852]: User 'admin' committed the configuration. Feb 19 19:25:11.233184 osdx OSDxCLI[389852]: User 'admin' left the configuration menu. Feb 19 19:25:11.532202 osdx ulogd[401394]: [NEW] ORIG: SRC=10.215.168.64 DST=10.215.168.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=10.215.168.1 DST=10.215.168.64 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Feb 19 19:25:11.535744 osdx ulogd[401394]: [UPDATE] ORIG: SRC=10.215.168.64 DST=10.215.168.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=10.215.168.1 DST=10.215.168.64 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Feb 19 19:25:11.539200 osdx OSDxCLI[389852]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'. Feb 19 19:25:12.035616 osdx file_operation[401555]: using src url: http://10.215.168.1/~robot/ dst url: running://index.html Feb 19 19:25:12.072113 osdx ulogd[401394]: [NEW] ORIG: SRC=10.215.168.64 DST=10.215.168.1 PROTO=TCP SPT=51552 DPT=80 PKTS=0 BYTES=0 , REPLY: SRC=10.215.168.1 DST=10.215.168.64 PROTO=TCP SPT=80 DPT=51552 PKTS=0 BYTES=0 APPDETECT[L4:80] Feb 19 19:25:12.072545 osdx ulogd[401394]: [UPDATE] ORIG: SRC=10.215.168.64 DST=10.215.168.1 PROTO=TCP SPT=51552 DPT=80 PKTS=0 BYTES=0 , REPLY: SRC=10.215.168.1 DST=10.215.168.64 PROTO=TCP SPT=80 DPT=51552 PKTS=0 BYTES=0 APPDETECT[L4:80] Feb 19 19:25:12.072576 osdx ulogd[401394]: [UPDATE] ORIG: SRC=10.215.168.64 DST=10.215.168.1 PROTO=TCP SPT=51552 DPT=80 PKTS=0 BYTES=0 , REPLY: SRC=10.215.168.1 DST=10.215.168.64 PROTO=TCP SPT=80 DPT=51552 PKTS=0 BYTES=0 APPDETECT[L4:80] Feb 19 19:25:12.098463 osdx ulogd[401394]: [UPDATE] ORIG: SRC=10.215.168.64 DST=10.215.168.1 PROTO=TCP SPT=51552 DPT=80 PKTS=0 BYTES=0 , REPLY: SRC=10.215.168.1 DST=10.215.168.64 PROTO=TCP SPT=80 DPT=51552 PKTS=0 BYTES=0 APPDETECT[L4:80 http-host:10.215.168.1] Feb 19 19:25:12.109517 osdx ulogd[401394]: [UPDATE] ORIG: SRC=10.215.168.64 DST=10.215.168.1 PROTO=TCP SPT=51552 DPT=80 PKTS=0 BYTES=0 , REPLY: SRC=10.215.168.1 DST=10.215.168.64 PROTO=TCP SPT=80 DPT=51552 PKTS=0 BYTES=0 APPDETECT[L4:80 http-host:10.215.168.1] Feb 19 19:25:12.109898 osdx ulogd[401394]: [UPDATE] ORIG: SRC=10.215.168.64 DST=10.215.168.1 PROTO=TCP SPT=51552 DPT=80 PKTS=0 BYTES=0 , REPLY: SRC=10.215.168.1 DST=10.215.168.64 PROTO=TCP SPT=80 DPT=51552 PKTS=0 BYTES=0 APPDETECT[L4:80 http-host:10.215.168.1] Feb 19 19:25:12.178735 osdx OSDxCLI[389852]: User 'admin' executed a new command: 'file copy http://10.215.168.1/~robot/ running://index.html'.
App Detect Drop Packet
Description
Set a traffic policy with action drop for all the packets matching an appid specified by a traffic selector.
Enable http-host and http-url option in system conntrack appdetect path in order to see relevant information about http packets.
Finnally, log that packets with app-id option and check that appdetect field appear in journal when
running system journal show
Scenario
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth1 address 10.215.168.64/24 set interfaces ethernet eth1 traffic policy out DROP set system conntrack app-detect dictionary 130 custom app-id 155 fqdn 10.215.168.1 set system conntrack app-detect enable_dict_match_priv_ip set system conntrack app-detect http-host set system conntrack app-detect http-url set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0' set traffic policy DROP rule 1 action drop set traffic policy DROP rule 1 log app-id set traffic policy DROP rule 1 selector APPID set traffic selector APPID rule 1 app-id custom 155
Step 2: Ping IP address 10.215.168.1 from DUT0:
admin@DUT0$ ping 10.215.168.1 count 1 size 56 timeout 1Show output
PING 10.215.168.1 (10.215.168.1) 56(84) bytes of data. 64 bytes from 10.215.168.1: icmp_seq=1 ttl=64 time=1.31 ms --- 10.215.168.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 1.313/1.313/1.313/0.000 ms
Step 3: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
osdx kernel:.*APPDETECT\[U:155 http-url:/~robot/ http-host:10.215.168.1\]Show output
Feb 19 19:25:21.539825 osdx systemd-journald[1749]: Runtime Journal (/run/log/journal/88d6d46990514354af95198d86011406) is 2.0M, max 15.3M, 13.3M free. Feb 19 19:25:21.552261 osdx systemd-journald[1749]: Received client request to rotate journal, rotating. Feb 19 19:25:21.552368 osdx systemd-journald[1749]: Vacuuming done, freed 0B of archived journals from /run/log/journal/88d6d46990514354af95198d86011406. Feb 19 19:25:21.569888 osdx OSDxCLI[389852]: User 'admin' executed a new command: 'system journal clear'. Feb 19 19:25:22.332024 osdx osdx-coredump[401712]: Deleting all coredumps in /opt/vyatta/etc/config/coredump... Feb 19 19:25:22.345555 osdx OSDxCLI[389852]: User 'admin' executed a new command: 'system coredump delete all'. Feb 19 19:25:23.290445 osdx OSDxCLI[389852]: User 'admin' entered the configuration menu. Feb 19 19:25:23.421070 osdx OSDxCLI[389852]: User 'admin' added a new cfg line: 'set system conntrack app-detect dictionary 130 custom app-id 155 fqdn 10.215.168.1'. Feb 19 19:25:23.577877 osdx OSDxCLI[389852]: User 'admin' added a new cfg line: 'set system conntrack app-detect enable_dict_match_priv_ip'. Feb 19 19:25:23.713561 osdx OSDxCLI[389852]: User 'admin' added a new cfg line: 'set system conntrack app-detect http-url'. Feb 19 19:25:23.863992 osdx OSDxCLI[389852]: User 'admin' added a new cfg line: 'set traffic selector APPID rule 1 app-id custom 155'. Feb 19 19:25:24.037352 osdx OSDxCLI[389852]: User 'admin' added a new cfg line: 'set traffic policy DROP rule 1 selector APPID'. Feb 19 19:25:24.213825 osdx OSDxCLI[389852]: User 'admin' added a new cfg line: 'set traffic policy DROP rule 1 action drop'. Feb 19 19:25:24.453561 osdx OSDxCLI[389852]: User 'admin' added a new cfg line: 'set traffic policy DROP rule 1 log app-id'. Feb 19 19:25:24.682920 osdx OSDxCLI[389852]: User 'admin' added a new cfg line: 'set interfaces ethernet eth1 traffic policy out DROP'. Feb 19 19:25:24.776112 osdx OSDxCLI[389852]: User 'admin' added a new cfg line: 'set interfaces ethernet eth1 address 10.215.168.64/24'. Feb 19 19:25:24.925491 osdx OSDxCLI[389852]: User 'admin' added a new cfg line: 'set system conntrack app-detect http-host'. Feb 19 19:25:25.149804 osdx OSDxCLI[389852]: User 'admin' added a new cfg line: 'show working'. Feb 19 19:25:25.347107 osdx INFO[401758]: FRR daemons did not change Feb 19 19:25:25.531715 osdx kernel: app-detect: module init Feb 19 19:25:25.531805 osdx kernel: app-detect: registered: sysctl net.appdetect Feb 19 19:25:25.531831 osdx kernel: app-detect: expression init Feb 19 19:25:25.531864 osdx kernel: app-detect: appid cache initialized Feb 19 19:25:25.531884 osdx kernel: app-detect: appid cache changes counter initialized Feb 19 19:25:25.619814 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth1 Feb 19 19:25:26.034321 osdx cfgd[1448]: [389852]Completed change to active configuration Feb 19 19:25:26.089661 osdx OSDxCLI[389852]: User 'admin' committed the configuration. Feb 19 19:25:26.144611 osdx OSDxCLI[389852]: User 'admin' left the configuration menu. Feb 19 19:25:26.416722 osdx OSDxCLI[389852]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'. Feb 19 19:25:26.740101 osdx file_operation[401904]: using src url: http://10.215.168.1/~robot/ dst url: running://index.html Feb 19 19:25:26.747724 osdx kernel: [DROP-1] DROP IN= OUT=eth1 SRC=10.215.168.64 DST=10.215.168.1 LEN=306 TOS=0x00 PREC=0x00 TTL=64 ID=6101 DF PROTO=TCP SPT=48950 DPT=80 WINDOW=502 RES=0x00 ACK PSH URGP=0 APPDETECT[U:155 http-url:/~robot/ http-host:10.215.168.1] Feb 19 19:25:26.951748 osdx kernel: [DROP-1] DROP IN= OUT=eth1 SRC=10.215.168.64 DST=10.215.168.1 LEN=306 TOS=0x00 PREC=0x00 TTL=64 ID=6102 DF PROTO=TCP SPT=48950 DPT=80 WINDOW=502 RES=0x00 ACK PSH URGP=0 APPDETECT[U:155 http-url:/~robot/ http-host:10.215.168.1] Feb 19 19:25:27.391782 osdx kernel: [DROP-1] DROP IN= OUT=eth1 SRC=10.215.168.64 DST=10.215.168.1 LEN=306 TOS=0x00 PREC=0x00 TTL=64 ID=6103 DF PROTO=TCP SPT=48950 DPT=80 WINDOW=502 RES=0x00 ACK PSH URGP=0 APPDETECT[U:155 http-url:/~robot/ http-host:10.215.168.1] Feb 19 19:25:28.223755 osdx kernel: [DROP-1] DROP IN= OUT=eth1 SRC=10.215.168.64 DST=10.215.168.1 LEN=306 TOS=0x00 PREC=0x00 TTL=64 ID=6104 DF PROTO=TCP SPT=48950 DPT=80 WINDOW=502 RES=0x00 ACK PSH URGP=0 APPDETECT[U:155 http-url:/~robot/ http-host:10.215.168.1] Feb 19 19:25:29.645363 osdx file_operation.py[401904]: Operation aborted by user. Feb 19 19:25:29.667987 osdx kernel: [DROP-1] DROP IN= OUT=eth1 SRC=10.215.168.64 DST=10.215.168.1 LEN=306 TOS=0x00 PREC=0x00 TTL=64 ID=6105 DF PROTO=TCP SPT=48950 DPT=80 WINDOW=502 RES=0x00 ACK PSH FIN URGP=0 APPDETECT[U:155 http-url:/~robot/ http-host:10.215.168.1] Feb 19 19:25:29.688444 osdx OSDxCLI[389852]: User 'admin' executed a new command: 'file copy http://10.215.168.1/~robot/ running://index.html'.