Logging

The following scenarios show how to configure the conntrack logging option with different traffic policies and services enabled, in order to check that all fields are displayed correctly and all events are captured.

New events

Description

Check NEW sessions events are captured

Scenario

Step 1: Set the following configuration in DUT0 :

set interfaces ethernet eth0 address 192.168.100.1/24
set system conntrack logging events new
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'

Step 2: Set the following configuration in DUT1 :

set interfaces ethernet eth0 address 192.168.100.2/24
set protocols static route 0.0.0.0/0 next-hop 192.168.100.1
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'

Step 3: Ping IP address 192.168.100.1 from DUT1:

admin@DUT1$ ping 192.168.100.1 count 1 size 56 timeout 1

Show output

PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data.
64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.359 ms

--- 192.168.100.1 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 0.359/0.359/0.359/0.000 ms

Step 4: Ping IP address 192.168.100.1 from DUT1:

admin@DUT1$ ping 192.168.100.1 count 1 size 56 timeout 1

Show output

PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data.
64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.234 ms

--- 192.168.100.1 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 0.234/0.234/0.234/0.000 ms

Step 5: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:

ulogd\[.*\]:.*\[NEW\].*SRC=192.168.100.2

Show output

May 19 19:09:08.317869 osdx systemd-journald[13756]: Runtime Journal (/run/log/journal/7ae40c0371a74784821261dd7287ec45) is 2.1M, max 15.3M, 13.1M free.
May 19 19:09:08.318748 osdx systemd-journald[13756]: Received client request to rotate journal, rotating.
May 19 19:09:08.318806 osdx systemd-journald[13756]: Vacuuming done, freed 0B of archived journals from /run/log/journal/7ae40c0371a74784821261dd7287ec45.
May 19 19:09:08.328382 osdx OSDxCLI[33376]: User 'admin' executed a new command: 'system journal clear'.
May 19 19:09:08.647489 osdx osdx-coredump[35348]: Deleting all coredumps in /opt/vyatta/etc/config/coredump...
May 19 19:09:08.656300 osdx OSDxCLI[33376]: User 'admin' executed a new command: 'system coredump delete all'.
May 19 19:09:09.129041 osdx OSDxCLI[33376]: User 'admin' entered the configuration menu.
May 19 19:09:09.204417 osdx OSDxCLI[33376]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 192.168.100.1/24'.
May 19 19:09:09.284951 osdx OSDxCLI[33376]: User 'admin' added a new cfg line: 'set system conntrack logging events new'.
May 19 19:09:09.352468 osdx OSDxCLI[33376]: User 'admin' added a new cfg line: 'show working'.
May 19 19:09:09.453260 osdx INFO[35368]: FRR daemons did not change
May 19 19:09:09.603040 osdx systemd[1]: Starting ulogd2.service - Netfilter Userspace Logging Daemon...
May 19 19:09:09.605769 osdx systemd[1]: ulogd2.service: Failed to parse PID from file /run/ulog/ulogd.pid: Invalid argument
May 19 19:09:09.606080 osdx systemd[1]: Started ulogd2.service - Netfilter Userspace Logging Daemon.
May 19 19:09:09.607845 osdx cfgd[1655]: [33376]Completed change to active configuration
May 19 19:09:09.611785 osdx ulogd[35437]: registering plugin `NFCT'
May 19 19:09:09.613153 osdx ulogd[35437]: registering plugin `IP2STR'
May 19 19:09:09.613310 osdx ulogd[35437]: registering plugin `PRINTFLOW'
May 19 19:09:09.614881 osdx ulogd[35437]: registering plugin `SYSLOG'
May 19 19:09:09.614971 osdx ulogd[35437]: building new pluginstance stack: 'ct1:NFCT,ip2str1:IP2STR,print1:PRINTFLOW,sys1:SYSLOG'
May 19 19:09:09.615093 osdx ulogd[35437]: NFCT plugin working in event mode
May 19 19:09:09.615147 osdx ulogd[35437]: Changing UID / GID
May 19 19:09:09.615289 osdx ulogd[35437]: initialization finished, entering main loop
May 19 19:09:09.643070 osdx OSDxCLI[33376]: User 'admin' committed the configuration.
May 19 19:09:09.660274 osdx OSDxCLI[33376]: User 'admin' left the configuration menu.
May 19 19:09:10.526198 osdx ulogd[35437]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0
May 19 19:09:10.606480 osdx ulogd[35437]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0

---

Update events

Description

Check UPDATE sessions events are captured

Scenario

Step 1: Set the following configuration in DUT0 :

set interfaces ethernet eth0 address 192.168.100.1/24
set system conntrack logging events update
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'

Step 2: Set the following configuration in DUT1 :

set interfaces ethernet eth0 address 192.168.100.2/24
set protocols static route 0.0.0.0/0 next-hop 192.168.100.1
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'

Step 3: Ping IP address 192.168.100.1 from DUT1:

admin@DUT1$ ping 192.168.100.1 count 1 size 56 timeout 1

Show output

PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data.
64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.334 ms

--- 192.168.100.1 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 0.334/0.334/0.334/0.000 ms

Step 4: Ping IP address 192.168.100.1 from DUT1:

admin@DUT1$ ping 192.168.100.1 count 1 size 56 timeout 1

Show output

PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data.
64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.231 ms

--- 192.168.100.1 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 0.231/0.231/0.231/0.000 ms

Step 5: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:

ulogd\[.*\]:.*\[UPDATE\].*SRC=192.168.100.2

Show output

May 19 19:09:15.325163 osdx systemd-journald[13756]: Runtime Journal (/run/log/journal/7ae40c0371a74784821261dd7287ec45) is 2.0M, max 15.3M, 13.2M free.
May 19 19:09:15.329052 osdx systemd-journald[13756]: Received client request to rotate journal, rotating.
May 19 19:09:15.329103 osdx systemd-journald[13756]: Vacuuming done, freed 0B of archived journals from /run/log/journal/7ae40c0371a74784821261dd7287ec45.
May 19 19:09:15.334623 osdx OSDxCLI[33376]: User 'admin' executed a new command: 'system journal clear'.
May 19 19:09:15.661347 osdx osdx-coredump[35582]: Deleting all coredumps in /opt/vyatta/etc/config/coredump...
May 19 19:09:15.669973 osdx OSDxCLI[33376]: User 'admin' executed a new command: 'system coredump delete all'.
May 19 19:09:16.184086 osdx OSDxCLI[33376]: User 'admin' entered the configuration menu.
May 19 19:09:16.282106 osdx OSDxCLI[33376]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 192.168.100.1/24'.
May 19 19:09:16.374716 osdx OSDxCLI[33376]: User 'admin' added a new cfg line: 'set system conntrack logging events update'.
May 19 19:09:16.460452 osdx OSDxCLI[33376]: User 'admin' added a new cfg line: 'show working'.
May 19 19:09:16.569552 osdx INFO[35602]: FRR daemons did not change
May 19 19:09:16.693361 osdx systemd[1]: Starting ulogd2.service - Netfilter Userspace Logging Daemon...
May 19 19:09:16.693990 osdx systemd[1]: Started ulogd2.service - Netfilter Userspace Logging Daemon.
May 19 19:09:16.694432 osdx ulogd[35671]: registering plugin `NFCT'
May 19 19:09:16.694483 osdx ulogd[35671]: registering plugin `IP2STR'
May 19 19:09:16.694531 osdx ulogd[35671]: registering plugin `PRINTFLOW'
May 19 19:09:16.694580 osdx ulogd[35671]: registering plugin `SYSLOG'
May 19 19:09:16.694584 osdx ulogd[35671]: building new pluginstance stack: 'ct1:NFCT,ip2str1:IP2STR,print1:PRINTFLOW,sys1:SYSLOG'
May 19 19:09:16.694633 osdx ulogd[35671]: NFCT plugin working in event mode
May 19 19:09:16.694641 osdx ulogd[35671]: Changing UID / GID
May 19 19:09:16.694732 osdx ulogd[35671]: initialization finished, entering main loop
May 19 19:09:16.695641 osdx cfgd[1655]: [33376]Completed change to active configuration
May 19 19:09:16.721435 osdx OSDxCLI[33376]: User 'admin' committed the configuration.
May 19 19:09:16.746498 osdx OSDxCLI[33376]: User 'admin' left the configuration menu.
May 19 19:09:17.552686 osdx ulogd[35671]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0
May 19 19:09:17.631118 osdx ulogd[35671]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0

---

Destroy events

Description

Check DESTROY sessions events are captured

Scenario

Step 1: Set the following configuration in DUT0 :

set interfaces ethernet eth0 address 192.168.100.1/24
set service ssh
set system conntrack logging events destroy
set system conntrack timeout icmp 1
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'

Step 2: Set the following configuration in DUT1 :

set interfaces ethernet eth0 address 192.168.100.2/24
set protocols static route 0.0.0.0/0 next-hop 192.168.100.1
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'

Step 3: Ping IP address 192.168.100.1 from DUT1:

admin@DUT1$ ping 192.168.100.1 count 1 size 56 timeout 1

Show output

PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data.
64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.344 ms

--- 192.168.100.1 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 0.344/0.344/0.344/0.000 ms

Step 4: Ping IP address 192.168.100.1 from DUT1:

admin@DUT1$ ping 192.168.100.1 count 3 size 56 timeout 1

Show output

PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data.
64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.229 ms
64 bytes from 192.168.100.1: icmp_seq=2 ttl=64 time=0.369 ms
64 bytes from 192.168.100.1: icmp_seq=3 ttl=64 time=0.283 ms

--- 192.168.100.1 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2049ms
rtt min/avg/max/mdev = 0.229/0.293/0.369/0.057 ms

Step 5: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:

ulogd\[.*\]:.*\[DESTROY\].*SRC=192.168.100.2

Show output

May 19 19:09:21.000152 osdx systemd-timedated[25589]: Changed local time to Mon 2025-05-19 19:09:21 UTC
May 19 19:09:21.001583 osdx systemd-journald[13756]: Time jumped backwards, rotating.
May 19 19:09:21.001551 osdx OSDxCLI[33376]: User 'admin' executed a new command: 'set date 2025-05-19 19:09:21'.
May 19 19:09:21.297235 osdx systemd-journald[13756]: Runtime Journal (/run/log/journal/7ae40c0371a74784821261dd7287ec45) is 2.0M, max 15.3M, 13.3M free.
May 19 19:09:21.297644 osdx systemd-journald[13756]: Received client request to rotate journal, rotating.
May 19 19:09:21.297675 osdx systemd-journald[13756]: Vacuuming done, freed 0B of archived journals from /run/log/journal/7ae40c0371a74784821261dd7287ec45.
May 19 19:09:21.308451 osdx OSDxCLI[33376]: User 'admin' executed a new command: 'system journal clear'.
May 19 19:09:21.634525 osdx osdx-coredump[35817]: Deleting all coredumps in /opt/vyatta/etc/config/coredump...
May 19 19:09:21.642115 osdx OSDxCLI[33376]: User 'admin' executed a new command: 'system coredump delete all'.
May 19 19:09:22.145947 osdx OSDxCLI[33376]: User 'admin' entered the configuration menu.
May 19 19:09:22.243066 osdx OSDxCLI[33376]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 192.168.100.1/24'.
May 19 19:09:22.334438 osdx OSDxCLI[33376]: User 'admin' added a new cfg line: 'set system conntrack logging events destroy'.
May 19 19:09:22.413167 osdx OSDxCLI[33376]: User 'admin' added a new cfg line: 'set system conntrack timeout icmp 1'.
May 19 19:09:22.521959 osdx OSDxCLI[33376]: User 'admin' added a new cfg line: 'set service ssh'.
May 19 19:09:22.606700 osdx OSDxCLI[33376]: User 'admin' added a new cfg line: 'show working'.
May 19 19:09:22.723628 osdx INFO[35845]: FRR daemons did not change
May 19 19:09:22.865757 osdx systemd[1]: Starting ulogd2.service - Netfilter Userspace Logging Daemon...
May 19 19:09:22.866472 osdx systemd[1]: ulogd2.service: Failed to parse PID from file /run/ulog/ulogd.pid: Invalid argument
May 19 19:09:22.866806 osdx systemd[1]: Started ulogd2.service - Netfilter Userspace Logging Daemon.
May 19 19:09:22.868612 osdx ulogd[35916]: registering plugin `NFCT'
May 19 19:09:22.868811 osdx ulogd[35916]: registering plugin `IP2STR'
May 19 19:09:22.868875 osdx ulogd[35916]: registering plugin `PRINTFLOW'
May 19 19:09:22.868941 osdx ulogd[35916]: registering plugin `SYSLOG'
May 19 19:09:22.868966 osdx ulogd[35916]: building new pluginstance stack: 'ct1:NFCT,ip2str1:IP2STR,print1:PRINTFLOW,sys1:SYSLOG'
May 19 19:09:22.869030 osdx ulogd[35916]: NFCT plugin working in event mode
May 19 19:09:22.869063 osdx ulogd[35916]: Changing UID / GID
May 19 19:09:22.869151 osdx ulogd[35916]: initialization finished, entering main loop
May 19 19:09:22.945759 osdx systemd[1]: Starting ssh.service - OpenBSD Secure Shell server...
May 19 19:09:22.959401 osdx sshd[35922]: Server listening on 0.0.0.0 port 22.
May 19 19:09:22.959431 osdx sshd[35922]: Server listening on :: port 22.
May 19 19:09:22.959527 osdx systemd[1]: Started ssh.service - OpenBSD Secure Shell server.
May 19 19:09:22.984326 osdx cfgd[1655]: [33376]Completed change to active configuration
May 19 19:09:23.013982 osdx OSDxCLI[33376]: User 'admin' committed the configuration.
May 19 19:09:23.031114 osdx OSDxCLI[33376]: User 'admin' left the configuration menu.
May 19 19:09:25.080241 osdx ulogd[35916]: [DESTROY] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84
May 19 19:09:26.104192 osdx ulogd[35916]: [DESTROY] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84

---

Default logging

Description

Set a simple configuration, send a ping command from one device to other and check that default fields appear when running system journal show.

Scenario

Step 1: Set the following configuration in DUT0 :

set interfaces ethernet eth0 address 192.168.100.1/24
set system conntrack logging events all
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'

Step 2: Set the following configuration in DUT1 :

set interfaces ethernet eth0 address 192.168.100.2/24
set protocols static route 0.0.0.0/0 next-hop 192.168.100.1
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'

Step 3: Ping IP address 192.168.100.1 from DUT1:

admin@DUT1$ ping 192.168.100.1 count 1 size 56 timeout 1

Show output

PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data.
64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.303 ms

--- 192.168.100.1 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 0.303/0.303/0.303/0.000 ms

Step 4: Ping IP address 192.168.100.1 from DUT1:

admin@DUT1$ ping 192.168.100.1 count 1 size 56 timeout 1

Show output

PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data.
64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.263 ms

--- 192.168.100.1 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 0.263/0.263/0.263/0.000 ms

Step 5: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:

ulogd\[.*\]:.*\[((NEW)|(UPDATE)|(DESTROY))\].*SRC=192.168.100.2

Show output

May 19 19:09:34.354542 osdx systemd-journald[13756]: Runtime Journal (/run/log/journal/7ae40c0371a74784821261dd7287ec45) is 2.5M, max 15.3M, 12.7M free.
May 19 19:09:34.357912 osdx systemd-journald[13756]: Received client request to rotate journal, rotating.
May 19 19:09:34.357965 osdx systemd-journald[13756]: Vacuuming done, freed 0B of archived journals from /run/log/journal/7ae40c0371a74784821261dd7287ec45.
May 19 19:09:34.365684 osdx OSDxCLI[33376]: User 'admin' executed a new command: 'system journal clear'.
May 19 19:09:34.688979 osdx osdx-coredump[36092]: Deleting all coredumps in /opt/vyatta/etc/config/coredump...
May 19 19:09:34.697115 osdx OSDxCLI[33376]: User 'admin' executed a new command: 'system coredump delete all'.
May 19 19:09:35.259987 osdx OSDxCLI[33376]: User 'admin' entered the configuration menu.
May 19 19:09:35.351500 osdx OSDxCLI[33376]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 192.168.100.1/24'.
May 19 19:09:35.438634 osdx OSDxCLI[33376]: User 'admin' added a new cfg line: 'set system conntrack logging events all'.
May 19 19:09:35.517777 osdx OSDxCLI[33376]: User 'admin' added a new cfg line: 'show working'.
May 19 19:09:35.642187 osdx INFO[36112]: FRR daemons did not change
May 19 19:09:35.774195 osdx systemd[1]: Starting ulogd2.service - Netfilter Userspace Logging Daemon...
May 19 19:09:35.775304 osdx systemd[1]: ulogd2.service: Failed to parse PID from file /run/ulog/ulogd.pid: Invalid argument
May 19 19:09:35.775759 osdx systemd[1]: Started ulogd2.service - Netfilter Userspace Logging Daemon.
May 19 19:09:35.777054 osdx ulogd[36181]: registering plugin `NFCT'
May 19 19:09:35.777121 osdx ulogd[36181]: registering plugin `IP2STR'
May 19 19:09:35.777182 osdx ulogd[36181]: registering plugin `PRINTFLOW'
May 19 19:09:35.777247 osdx ulogd[36181]: registering plugin `SYSLOG'
May 19 19:09:35.777253 osdx ulogd[36181]: building new pluginstance stack: 'ct1:NFCT,ip2str1:IP2STR,print1:PRINTFLOW,sys1:SYSLOG'
May 19 19:09:35.777320 osdx ulogd[36181]: NFCT plugin working in event mode
May 19 19:09:35.777330 osdx ulogd[36181]: Changing UID / GID
May 19 19:09:35.777431 osdx ulogd[36181]: initialization finished, entering main loop
May 19 19:09:35.778246 osdx cfgd[1655]: [33376]Completed change to active configuration
May 19 19:09:35.812945 osdx OSDxCLI[33376]: User 'admin' committed the configuration.
May 19 19:09:35.830947 osdx OSDxCLI[33376]: User 'admin' left the configuration menu.
May 19 19:09:36.769439 osdx ulogd[36181]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0
May 19 19:09:36.769455 osdx ulogd[36181]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0
May 19 19:09:36.855528 osdx ulogd[36181]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0
May 19 19:09:36.855545 osdx ulogd[36181]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0

---

Identity logging

Description

Set a simple configuration with identity OSDx_DUT0 for logs entries, send a ping command from one device to other and check that the identity has changed when running system journal show.

Scenario

Step 1: Set the following configuration in DUT0 :

set interfaces ethernet eth0 address 192.168.100.1/24
set system conntrack logging events all
set system conntrack logging identity OSDx_DUT0
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'

Step 2: Set the following configuration in DUT1 :

set interfaces ethernet eth0 address 192.168.100.2/24
set protocols static route 0.0.0.0/0 next-hop 192.168.100.1
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'

Step 3: Ping IP address 192.168.100.1 from DUT1:

admin@DUT1$ ping 192.168.100.1 count 1 size 56 timeout 1

Show output

PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data.
64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.359 ms

--- 192.168.100.1 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 0.359/0.359/0.359/0.000 ms

Step 4: Ping IP address 192.168.100.1 from DUT1:

admin@DUT1$ ping 192.168.100.1 count 1 size 56 timeout 1

Show output

PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data.
64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.254 ms

--- 192.168.100.1 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 0.254/0.254/0.254/0.000 ms

Step 5: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:

OSDx_DUT0\[.*\]:.*\[((NEW)|(UPDATE)|(DESTROY))\].*SRC=192.168.100.2

Show output

May 19 19:09:41.302121 osdx systemd-journald[13756]: Runtime Journal (/run/log/journal/7ae40c0371a74784821261dd7287ec45) is 2.1M, max 15.3M, 13.2M free.
May 19 19:09:41.304340 osdx systemd-journald[13756]: Received client request to rotate journal, rotating.
May 19 19:09:41.304391 osdx systemd-journald[13756]: Vacuuming done, freed 0B of archived journals from /run/log/journal/7ae40c0371a74784821261dd7287ec45.
May 19 19:09:41.311681 osdx OSDxCLI[33376]: User 'admin' executed a new command: 'system journal clear'.
May 19 19:09:41.652899 osdx osdx-coredump[36326]: Deleting all coredumps in /opt/vyatta/etc/config/coredump...
May 19 19:09:41.660873 osdx OSDxCLI[33376]: User 'admin' executed a new command: 'system coredump delete all'.
May 19 19:09:42.133753 osdx OSDxCLI[33376]: User 'admin' entered the configuration menu.
May 19 19:09:42.209887 osdx OSDxCLI[33376]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 192.168.100.1/24'.
May 19 19:09:42.294246 osdx OSDxCLI[33376]: User 'admin' added a new cfg line: 'set system conntrack logging events all'.
May 19 19:09:42.353237 osdx OSDxCLI[33376]: User 'admin' added a new cfg line: 'set system conntrack logging identity OSDx_DUT0'.
May 19 19:09:42.466732 osdx OSDxCLI[33376]: User 'admin' added a new cfg line: 'show working'.
May 19 19:09:42.532918 osdx INFO[36347]: FRR daemons did not change
May 19 19:09:42.672699 osdx systemd[1]: Starting ulogd2.service - Netfilter Userspace Logging Daemon...
May 19 19:09:42.673672 osdx systemd[1]: Started ulogd2.service - Netfilter Userspace Logging Daemon.
May 19 19:09:42.673782 osdx ulogd[36416]: registering plugin `NFCT'
May 19 19:09:42.673827 osdx ulogd[36416]: registering plugin `IP2STR'
May 19 19:09:42.673872 osdx ulogd[36416]: registering plugin `PRINTFLOW'
May 19 19:09:42.673920 osdx ulogd[36416]: registering plugin `SYSLOG'
May 19 19:09:42.673924 osdx ulogd[36416]: building new pluginstance stack: 'ct1:NFCT,ip2str1:IP2STR,print1:PRINTFLOW,sys1:SYSLOG'
May 19 19:09:42.673971 osdx ulogd[36416]: NFCT plugin working in event mode
May 19 19:09:42.673979 osdx OSDx_DUT0[36416]: Changing UID / GID
May 19 19:09:42.674062 osdx OSDx_DUT0[36416]: initialization finished, entering main loop
May 19 19:09:42.675398 osdx cfgd[1655]: [33376]Completed change to active configuration
May 19 19:09:42.710750 osdx OSDxCLI[33376]: User 'admin' committed the configuration.
May 19 19:09:42.729012 osdx OSDxCLI[33376]: User 'admin' left the configuration menu.
May 19 19:09:43.683844 osdx OSDx_DUT0[36416]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0
May 19 19:09:43.683866 osdx OSDx_DUT0[36416]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0
May 19 19:09:43.767890 osdx OSDx_DUT0[36416]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0
May 19 19:09:43.767916 osdx OSDx_DUT0[36416]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0

Note

If the identity is not provided, “ulogd” will be used by default.

Step 6: Modify the following configuration lines in DUT0 :

delete system conntrack logging identity

Step 7: Ping IP address 192.168.100.1 from DUT1:

admin@DUT1$ ping 192.168.100.1 count 1 size 56 timeout 1

Show output

PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data.
64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.243 ms

--- 192.168.100.1 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 0.243/0.243/0.243/0.000 ms

Step 8: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:

ulogd\[.*\]:.*\[((NEW)|(UPDATE)|(DESTROY))\].*SRC=192.168.100.2

Show output

May 19 19:09:41.302121 osdx systemd-journald[13756]: Runtime Journal (/run/log/journal/7ae40c0371a74784821261dd7287ec45) is 2.1M, max 15.3M, 13.2M free.
May 19 19:09:41.304340 osdx systemd-journald[13756]: Received client request to rotate journal, rotating.
May 19 19:09:41.304391 osdx systemd-journald[13756]: Vacuuming done, freed 0B of archived journals from /run/log/journal/7ae40c0371a74784821261dd7287ec45.
May 19 19:09:41.311681 osdx OSDxCLI[33376]: User 'admin' executed a new command: 'system journal clear'.
May 19 19:09:41.652899 osdx osdx-coredump[36326]: Deleting all coredumps in /opt/vyatta/etc/config/coredump...
May 19 19:09:41.660873 osdx OSDxCLI[33376]: User 'admin' executed a new command: 'system coredump delete all'.
May 19 19:09:42.133753 osdx OSDxCLI[33376]: User 'admin' entered the configuration menu.
May 19 19:09:42.209887 osdx OSDxCLI[33376]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 192.168.100.1/24'.
May 19 19:09:42.294246 osdx OSDxCLI[33376]: User 'admin' added a new cfg line: 'set system conntrack logging events all'.
May 19 19:09:42.353237 osdx OSDxCLI[33376]: User 'admin' added a new cfg line: 'set system conntrack logging identity OSDx_DUT0'.
May 19 19:09:42.466732 osdx OSDxCLI[33376]: User 'admin' added a new cfg line: 'show working'.
May 19 19:09:42.532918 osdx INFO[36347]: FRR daemons did not change
May 19 19:09:42.672699 osdx systemd[1]: Starting ulogd2.service - Netfilter Userspace Logging Daemon...
May 19 19:09:42.673672 osdx systemd[1]: Started ulogd2.service - Netfilter Userspace Logging Daemon.
May 19 19:09:42.673782 osdx ulogd[36416]: registering plugin `NFCT'
May 19 19:09:42.673827 osdx ulogd[36416]: registering plugin `IP2STR'
May 19 19:09:42.673872 osdx ulogd[36416]: registering plugin `PRINTFLOW'
May 19 19:09:42.673920 osdx ulogd[36416]: registering plugin `SYSLOG'
May 19 19:09:42.673924 osdx ulogd[36416]: building new pluginstance stack: 'ct1:NFCT,ip2str1:IP2STR,print1:PRINTFLOW,sys1:SYSLOG'
May 19 19:09:42.673971 osdx ulogd[36416]: NFCT plugin working in event mode
May 19 19:09:42.673979 osdx OSDx_DUT0[36416]: Changing UID / GID
May 19 19:09:42.674062 osdx OSDx_DUT0[36416]: initialization finished, entering main loop
May 19 19:09:42.675398 osdx cfgd[1655]: [33376]Completed change to active configuration
May 19 19:09:42.710750 osdx OSDxCLI[33376]: User 'admin' committed the configuration.
May 19 19:09:42.729012 osdx OSDxCLI[33376]: User 'admin' left the configuration menu.
May 19 19:09:43.683844 osdx OSDx_DUT0[36416]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0
May 19 19:09:43.683866 osdx OSDx_DUT0[36416]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0
May 19 19:09:43.767890 osdx OSDx_DUT0[36416]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0
May 19 19:09:43.767916 osdx OSDx_DUT0[36416]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0
May 19 19:09:43.868191 osdx OSDxCLI[33376]: User 'admin' executed a new command: 'system journal show | cat'.
May 19 19:09:44.016827 osdx OSDxCLI[33376]: User 'admin' entered the configuration menu.
May 19 19:09:44.077818 osdx OSDxCLI[33376]: User 'admin' added a new cfg line: 'delete system conntrack logging identity'.
May 19 19:09:44.181645 osdx OSDxCLI[33376]: User 'admin' added a new cfg line: 'show changes'.
May 19 19:09:44.247864 osdx INFO[36452]: FRR daemons did not change
May 19 19:09:44.257743 osdx OSDx_DUT0[36416]: Terminal signal received, exiting
May 19 19:09:44.257824 osdx systemd[1]: Stopping ulogd2.service - Netfilter Userspace Logging Daemon...
May 19 19:09:44.258080 osdx systemd[1]: ulogd2.service: Deactivated successfully.
May 19 19:09:44.258171 osdx systemd[1]: Stopped ulogd2.service - Netfilter Userspace Logging Daemon.
May 19 19:09:44.280705 osdx systemd[1]: Starting ulogd2.service - Netfilter Userspace Logging Daemon...
May 19 19:09:44.281534 osdx systemd[1]: Started ulogd2.service - Netfilter Userspace Logging Daemon.
May 19 19:09:44.281666 osdx ulogd[36461]: registering plugin `NFCT'
May 19 19:09:44.281706 osdx ulogd[36461]: registering plugin `IP2STR'
May 19 19:09:44.281740 osdx ulogd[36461]: registering plugin `PRINTFLOW'
May 19 19:09:44.281782 osdx ulogd[36461]: registering plugin `SYSLOG'
May 19 19:09:44.281785 osdx ulogd[36461]: building new pluginstance stack: 'ct1:NFCT,ip2str1:IP2STR,print1:PRINTFLOW,sys1:SYSLOG'
May 19 19:09:44.281825 osdx ulogd[36461]: NFCT plugin working in event mode
May 19 19:09:44.281831 osdx ulogd[36461]: Changing UID / GID
May 19 19:09:44.281900 osdx ulogd[36461]: initialization finished, entering main loop
May 19 19:09:44.283274 osdx cfgd[1655]: [33376]Completed change to active configuration
May 19 19:09:44.284508 osdx ulogd[36461]: [DESTROY] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84
May 19 19:09:44.284524 osdx ulogd[36461]: [DESTROY] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84
May 19 19:09:44.285017 osdx OSDxCLI[33376]: User 'admin' committed the configuration.
May 19 19:09:44.313460 osdx OSDxCLI[33376]: User 'admin' left the configuration menu.
May 19 19:09:44.472999 osdx ulogd[36461]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0
May 19 19:09:44.473023 osdx ulogd[36461]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0

---

Policies logging

Description

Set a simple configuration with mark and label traffic policies, send a ping command from one device to other and check that default, mark and label fields appear when running system journal show.

Scenario

Step 1: Set the following configuration in DUT0 :

set interfaces ethernet eth0 address 192.168.100.1/24
set interfaces ethernet eth0 traffic policy in POLICY
set system conntrack logging events all
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
set traffic label TEST
set traffic policy POLICY rule 1 set connmark 33
set traffic policy POLICY rule 1 set label TEST

Step 2: Set the following configuration in DUT1 :

set interfaces ethernet eth0 address 192.168.100.2/24
set protocols static route 0.0.0.0/0 next-hop 192.168.100.1
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'

Step 3: Ping IP address 192.168.100.1 from DUT1:

admin@DUT1$ ping 192.168.100.1 count 1 size 56 timeout 1

Show output

PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data.
64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.345 ms

--- 192.168.100.1 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 0.345/0.345/0.345/0.000 ms

Step 4: Ping IP address 192.168.100.1 from DUT1:

admin@DUT1$ ping 192.168.100.1 count 2 size 56 timeout 1

Show output

PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data.
64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.249 ms
64 bytes from 192.168.100.1: icmp_seq=2 ttl=64 time=0.443 ms

--- 192.168.100.1 ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1019ms
rtt min/avg/max/mdev = 0.249/0.346/0.443/0.097 ms

Step 5: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:

ulogd\[.*\]:.*\[((NEW)|(UPDATE)|(DESTROY))\].*MARK=33.*LABELS=TEST

Show output

May 19 19:09:49.404348 osdx systemd-journald[13756]: Runtime Journal (/run/log/journal/7ae40c0371a74784821261dd7287ec45) is 2.0M, max 15.3M, 13.3M free.
May 19 19:09:49.406144 osdx systemd-journald[13756]: Received client request to rotate journal, rotating.
May 19 19:09:49.406206 osdx systemd-journald[13756]: Vacuuming done, freed 0B of archived journals from /run/log/journal/7ae40c0371a74784821261dd7287ec45.
May 19 19:09:49.419290 osdx OSDxCLI[33376]: User 'admin' executed a new command: 'system journal clear'.
May 19 19:09:49.791885 osdx osdx-coredump[36587]: Deleting all coredumps in /opt/vyatta/etc/config/coredump...
May 19 19:09:49.799660 osdx OSDxCLI[33376]: User 'admin' executed a new command: 'system coredump delete all'.
May 19 19:09:50.315520 osdx OSDxCLI[33376]: User 'admin' entered the configuration menu.
May 19 19:09:50.398681 osdx OSDxCLI[33376]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 traffic policy in POLICY'.
May 19 19:09:50.505442 osdx OSDxCLI[33376]: User 'admin' added a new cfg line: 'set traffic label TEST'.
May 19 19:09:50.565830 osdx OSDxCLI[33376]: User 'admin' added a new cfg line: 'set traffic policy POLICY rule 1 set connmark 33'.
May 19 19:09:50.667211 osdx OSDxCLI[33376]: User 'admin' added a new cfg line: 'set traffic policy POLICY rule 1 set label TEST'.
May 19 19:09:50.726680 osdx OSDxCLI[33376]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 192.168.100.1/24'.
May 19 19:09:50.892496 osdx OSDxCLI[33376]: User 'admin' added a new cfg line: 'set system conntrack logging events all'.
May 19 19:09:50.993463 osdx OSDxCLI[33376]: User 'admin' added a new cfg line: 'show working'.
May 19 19:09:51.102103 osdx INFO[36617]: FRR daemons did not change
May 19 19:09:51.230406 osdx systemd[1]: Starting ulogd2.service - Netfilter Userspace Logging Daemon...
May 19 19:09:51.231201 osdx systemd[1]: ulogd2.service: Failed to parse PID from file /run/ulog/ulogd.pid: Invalid argument
May 19 19:09:51.231515 osdx systemd[1]: Started ulogd2.service - Netfilter Userspace Logging Daemon.
May 19 19:09:51.233197 osdx ulogd[36686]: registering plugin `NFCT'
May 19 19:09:51.233243 osdx ulogd[36686]: registering plugin `IP2STR'
May 19 19:09:51.233277 osdx ulogd[36686]: registering plugin `PRINTFLOW'
May 19 19:09:51.233318 osdx ulogd[36686]: registering plugin `SYSLOG'
May 19 19:09:51.233321 osdx ulogd[36686]: building new pluginstance stack: 'ct1:NFCT,ip2str1:IP2STR,print1:PRINTFLOW,sys1:SYSLOG'
May 19 19:09:51.233358 osdx ulogd[36686]: NFCT plugin working in event mode
May 19 19:09:51.233364 osdx ulogd[36686]: Changing UID / GID
May 19 19:09:51.233431 osdx ulogd[36686]: initialization finished, entering main loop
May 19 19:09:51.241456 osdx ulogd[36686]: Terminal signal received, exiting
May 19 19:09:51.241486 osdx systemd[1]: Stopping ulogd2.service - Netfilter Userspace Logging Daemon...
May 19 19:09:51.241967 osdx systemd[1]: ulogd2.service: Deactivated successfully.
May 19 19:09:51.242059 osdx systemd[1]: Stopped ulogd2.service - Netfilter Userspace Logging Daemon.
May 19 19:09:51.242888 osdx systemd[1]: Starting ulogd2.service - Netfilter Userspace Logging Daemon...
May 19 19:09:51.243542 osdx systemd[1]: ulogd2.service: Failed to parse PID from file /run/ulog/ulogd.pid: Invalid argument
May 19 19:09:51.243879 osdx systemd[1]: Started ulogd2.service - Netfilter Userspace Logging Daemon.
May 19 19:09:51.244828 osdx ulogd[36692]: registering plugin `NFCT'
May 19 19:09:51.244871 osdx ulogd[36692]: registering plugin `IP2STR'
May 19 19:09:51.244906 osdx ulogd[36692]: registering plugin `PRINTFLOW'
May 19 19:09:51.244955 osdx ulogd[36692]: registering plugin `SYSLOG'
May 19 19:09:51.244958 osdx ulogd[36692]: building new pluginstance stack: 'ct1:NFCT,ip2str1:IP2STR,print1:PRINTFLOW,sys1:SYSLOG'
May 19 19:09:51.244993 osdx ulogd[36692]: NFCT plugin working in event mode
May 19 19:09:51.244999 osdx ulogd[36692]: Changing UID / GID
May 19 19:09:51.245055 osdx ulogd[36692]: initialization finished, entering main loop
May 19 19:09:51.427102 osdx cfgd[1655]: [33376]Completed change to active configuration
May 19 19:09:51.462553 osdx OSDxCLI[33376]: User 'admin' committed the configuration.
May 19 19:09:51.508212 osdx OSDxCLI[33376]: User 'admin' left the configuration menu.
May 19 19:09:52.427692 osdx ulogd[36692]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 MARK=33 LABELS=TEST
May 19 19:09:52.427720 osdx ulogd[36692]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 MARK=33
May 19 19:09:52.514270 osdx ulogd[36692]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 MARK=33 LABELS=TEST
May 19 19:09:52.514289 osdx ulogd[36692]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 MARK=33

---

VRF logging

Description

Set a simple configuration with a vrf, send a ping command from one device to other and check that default and vrf fields appear when running system journal show.

Scenario

Step 1: Set the following configuration in DUT0 :

set interfaces ethernet eth0 address 192.168.100.1/24
set interfaces ethernet eth0 vrf RED
set protocols vrf RED static route 0.0.0.0/0 next-hop 192.168.100.2
set system conntrack logging events all
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
set system vrf RED

Step 2: Set the following configuration in DUT1 :

set interfaces ethernet eth0 address 192.168.100.2/24
set protocols static route 0.0.0.0/0 next-hop 192.168.100.1
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'

Step 3: Ping IP address 192.168.100.1 from DUT1:

admin@DUT1$ ping 192.168.100.1 count 1 size 56 timeout 1

Show output

PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data.
64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.275 ms

--- 192.168.100.1 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 0.275/0.275/0.275/0.000 ms

Step 4: Ping IP address 192.168.100.1 from DUT1:

admin@DUT1$ ping 192.168.100.1 count 1 size 56 timeout 1

Show output

PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data.
64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.268 ms

--- 192.168.100.1 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 0.268/0.268/0.268/0.000 ms

Step 5: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:

ulogd\[.*\]:.*\[((NEW)|(UPDATE)|(DESTROY))\].*VRF=RED

Show output

May 19 19:09:58.372912 osdx systemd-journald[13756]: Runtime Journal (/run/log/journal/7ae40c0371a74784821261dd7287ec45) is 2.0M, max 15.3M, 13.2M free.
May 19 19:09:58.373653 osdx systemd-journald[13756]: Received client request to rotate journal, rotating.
May 19 19:09:58.373705 osdx systemd-journald[13756]: Vacuuming done, freed 0B of archived journals from /run/log/journal/7ae40c0371a74784821261dd7287ec45.
May 19 19:09:58.399671 osdx OSDxCLI[33376]: User 'admin' executed a new command: 'system journal clear'.
May 19 19:09:58.745964 osdx osdx-coredump[36881]: Deleting all coredumps in /opt/vyatta/etc/config/coredump...
May 19 19:09:58.753526 osdx OSDxCLI[33376]: User 'admin' executed a new command: 'system coredump delete all'.
May 19 19:09:59.249046 osdx OSDxCLI[33376]: User 'admin' entered the configuration menu.
May 19 19:09:59.334572 osdx OSDxCLI[33376]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 vrf RED'.
May 19 19:09:59.421122 osdx OSDxCLI[33376]: User 'admin' added a new cfg line: 'set protocols vrf RED static route 0.0.0.0/0 next-hop 192.168.100.2'.
May 19 19:09:59.473563 osdx OSDxCLI[33376]: User 'admin' added a new cfg line: 'set system vrf RED'.
May 19 19:09:59.591131 osdx OSDxCLI[33376]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 192.168.100.1/24'.
May 19 19:09:59.656066 osdx OSDxCLI[33376]: User 'admin' added a new cfg line: 'set system conntrack logging events all'.
May 19 19:09:59.774465 osdx OSDxCLI[33376]: User 'admin' added a new cfg line: 'show working'.
May 19 19:09:59.855142 osdx INFO[36904]: FRR daemons did not change
May 19 19:09:59.869437 osdx (udev-worker)[36917]: RED: Could not disable auto negotiation, ignoring: Operation not supported
May 19 19:09:59.869459 osdx (udev-worker)[36917]: Network interface NamePolicy= disabled on kernel command line.
May 19 19:10:00.089962 osdx systemd[1]: Starting ulogd2.service - Netfilter Userspace Logging Daemon...
May 19 19:10:00.090702 osdx systemd[1]: ulogd2.service: Failed to parse PID from file /run/ulog/ulogd.pid: Invalid argument
May 19 19:10:00.091233 osdx ulogd[37026]: registering plugin `NFCT'
May 19 19:10:00.091269 osdx ulogd[37026]: registering plugin `IP2STR'
May 19 19:10:00.091316 osdx ulogd[37026]: registering plugin `PRINTFLOW'
May 19 19:10:00.091355 osdx ulogd[37026]: registering plugin `SYSLOG'
May 19 19:10:00.091359 osdx ulogd[37026]: building new pluginstance stack: 'ct1:NFCT,ip2str1:IP2STR,print1:PRINTFLOW,sys1:SYSLOG'
May 19 19:10:00.091412 osdx ulogd[37026]: NFCT plugin working in event mode
May 19 19:10:00.091418 osdx ulogd[37026]: Changing UID / GID
May 19 19:10:00.091486 osdx ulogd[37026]: initialization finished, entering main loop
May 19 19:10:00.105686 osdx systemd[1]: Started ulogd2.service - Netfilter Userspace Logging Daemon.
May 19 19:10:00.108056 osdx cfgd[1655]: [33376]Completed change to active configuration
May 19 19:10:00.149346 osdx OSDxCLI[33376]: User 'admin' committed the configuration.
May 19 19:10:00.170498 osdx OSDxCLI[33376]: User 'admin' left the configuration menu.
May 19 19:10:01.102066 osdx ulogd[37026]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 VRF=RED PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 VRF=RED PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0
May 19 19:10:01.102084 osdx ulogd[37026]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 VRF=RED PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 VRF=RED PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0
May 19 19:10:01.180401 osdx ulogd[37026]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 VRF=RED PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 VRF=RED PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0
May 19 19:10:01.180425 osdx ulogd[37026]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 VRF=RED PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 VRF=RED PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0

---

Not-Bypass logging

Description

Set a simple configuration with a firewall service, send a ping command from one device to other and check that default and bypass fields appear when running system journal show.

Scenario

Step 1: Set the following configuration in DUT0 :

set interfaces ethernet eth1 address 10.215.168.64/24
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'

Step 2: Ping IP address 10.215.168.1 from DUT0:

admin@DUT0$ ping 10.215.168.1 count 1 size 56 timeout 1

Show output

PING 10.215.168.1 (10.215.168.1) 56(84) bytes of data.
64 bytes from 10.215.168.1: icmp_seq=1 ttl=64 time=0.181 ms

--- 10.215.168.1 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 0.181/0.181/0.181/0.000 ms

Step 3: Run command file copy http://10.215.168.1/~robot/test-performance.rules running:// force at DUT0 and expect this output:

Show output

  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100   129  100   129    0     0  22755      0 --:--:-- --:--:-- --:--:-- 25800

Step 4: Set the following configuration in DUT0 :

set interfaces ethernet eth0 address 192.168.100.1/24
set interfaces ethernet eth0 traffic policy in POLICY
set interfaces ethernet eth1 address 10.215.168.64/24
set service firewall FW mode inline queue FW_Q
set service firewall FW ruleset file 'running://test-performance.rules'
set service firewall FW stream bypass mark 129834765
set service firewall FW stream bypass mask 129834765
set service firewall FW stream bypass set-connmark
set system conntrack logging events all
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
set traffic policy POLICY rule 1 action enqueue FW_Q
set traffic queue FW_Q elements 1

Step 5: Set the following configuration in DUT1 :

set interfaces ethernet eth0 address 192.168.100.2/24
set protocols static route 0.0.0.0/0 next-hop 192.168.100.1
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'

Step 6: Ping IP address 192.168.100.1 from DUT1:

admin@DUT1$ ping 192.168.100.1 count 1 size 56 timeout 1

Show output

PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data.
64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.491 ms

--- 192.168.100.1 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 0.491/0.491/0.491/0.000 ms

Step 7: Ping IP address 192.168.100.1 from DUT1:

admin@DUT1$ ping 192.168.100.1 count 1 size 56 timeout 1

Show output

PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data.
64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.273 ms

--- 192.168.100.1 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 0.273/0.273/0.273/0.000 ms

Step 8: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:

ulogd\[.*\]:.*\[((NEW)|(UPDATE)|(DESTROY))\].*Sc: not-bypass

Show output

May 19 19:10:05.000172 osdx systemd-timedated[25589]: Changed local time to Mon 2025-05-19 19:10:05 UTC
May 19 19:10:05.001473 osdx OSDxCLI[33376]: User 'admin' executed a new command: 'set date 2025-05-19 19:10:05'.
May 19 19:10:05.001544 osdx systemd-journald[13756]: Time jumped backwards, rotating.
May 19 19:10:05.294397 osdx systemd-journald[13756]: Runtime Journal (/run/log/journal/7ae40c0371a74784821261dd7287ec45) is 2.0M, max 15.3M, 13.3M free.
May 19 19:10:05.297506 osdx systemd-journald[13756]: Received client request to rotate journal, rotating.
May 19 19:10:05.297561 osdx systemd-journald[13756]: Vacuuming done, freed 0B of archived journals from /run/log/journal/7ae40c0371a74784821261dd7287ec45.
May 19 19:10:05.305983 osdx OSDxCLI[33376]: User 'admin' executed a new command: 'system journal clear'.
May 19 19:10:05.633677 osdx osdx-coredump[37235]: Deleting all coredumps in /opt/vyatta/etc/config/coredump...
May 19 19:10:05.641181 osdx OSDxCLI[33376]: User 'admin' executed a new command: 'system coredump delete all'.
May 19 19:10:06.091061 osdx OSDxCLI[33376]: User 'admin' entered the configuration menu.
May 19 19:10:06.168580 osdx OSDxCLI[33376]: User 'admin' added a new cfg line: 'set interfaces ethernet eth1 address 10.215.168.64/24'.
May 19 19:10:06.269641 osdx OSDxCLI[33376]: User 'admin' added a new cfg line: 'show working'.
May 19 19:10:06.334566 osdx INFO[37254]: FRR daemons did not change
May 19 19:10:06.447146 osdx cfgd[1655]: [33376]Completed change to active configuration
May 19 19:10:06.472120 osdx OSDxCLI[33376]: User 'admin' committed the configuration.
May 19 19:10:06.488792 osdx OSDxCLI[33376]: User 'admin' left the configuration menu.
May 19 19:10:06.644513 osdx OSDxCLI[33376]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'.
May 19 19:10:06.791445 osdx file_operation[37349]: using src url: http://10.215.168.1/~robot/test-performance.rules dst url: running://
May 19 19:10:06.815866 osdx OSDxCLI[33376]: User 'admin' executed a new command: 'file copy http://10.215.168.1/~robot/test-performance.rules running:// force'.
May 19 19:10:06.954914 osdx OSDxCLI[33376]: User 'admin' entered the configuration menu.
May 19 19:10:07.022855 osdx OSDxCLI[33376]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 traffic policy in POLICY'.
May 19 19:10:07.118029 osdx OSDxCLI[33376]: User 'admin' added a new cfg line: 'set service firewall FW mode inline queue FW_Q'.
May 19 19:10:07.177091 osdx OSDxCLI[33376]: User 'admin' added a new cfg line: 'set service firewall FW ruleset file running://test-performance.rules'.
May 19 19:10:07.278086 osdx OSDxCLI[33376]: User 'admin' added a new cfg line: 'set service firewall FW stream bypass'.
May 19 19:10:07.385446 osdx OSDxCLI[33376]: User 'admin' added a new cfg line: 'set service firewall FW stream bypass mark 129834765'.
May 19 19:10:07.445909 osdx OSDxCLI[33376]: User 'admin' added a new cfg line: 'set service firewall FW stream bypass mask 129834765'.
May 19 19:10:07.546220 osdx OSDxCLI[33376]: User 'admin' added a new cfg line: 'set service firewall FW stream bypass set-connmark'.
May 19 19:10:07.606736 osdx OSDxCLI[33376]: User 'admin' added a new cfg line: 'set traffic queue FW_Q elements 1'.
May 19 19:10:07.719100 osdx OSDxCLI[33376]: User 'admin' added a new cfg line: 'set traffic policy POLICY rule 1 action enqueue FW_Q'.
May 19 19:10:07.805876 osdx OSDxCLI[33376]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 192.168.100.1/24'.
May 19 19:10:07.902339 osdx OSDxCLI[33376]: User 'admin' added a new cfg line: 'set system conntrack logging events all'.
May 19 19:10:07.986819 osdx OSDxCLI[33376]: User 'admin' added a new cfg line: 'show working'.
May 19 19:10:08.107651 osdx INFO[37394]: FRR daemons did not change
May 19 19:10:08.245745 osdx systemd[1]: Starting ulogd2.service - Netfilter Userspace Logging Daemon...
May 19 19:10:08.246996 osdx systemd[1]: Started ulogd2.service - Netfilter Userspace Logging Daemon.
May 19 19:10:08.247443 osdx ulogd[37463]: registering plugin `NFCT'
May 19 19:10:08.247483 osdx ulogd[37463]: registering plugin `IP2STR'
May 19 19:10:08.247531 osdx ulogd[37463]: registering plugin `PRINTFLOW'
May 19 19:10:08.247574 osdx ulogd[37463]: registering plugin `SYSLOG'
May 19 19:10:08.247581 osdx ulogd[37463]: building new pluginstance stack: 'ct1:NFCT,ip2str1:IP2STR,print1:PRINTFLOW,sys1:SYSLOG'
May 19 19:10:08.247620 osdx ulogd[37463]: NFCT plugin working in event mode
May 19 19:10:08.247626 osdx ulogd[37463]: Changing UID / GID
May 19 19:10:08.247690 osdx ulogd[37463]: initialization finished, entering main loop
May 19 19:10:08.549497 osdx systemd[1]: Reloading.
May 19 19:10:08.685515 osdx systemd-sysv-generator[37500]: stat() failed on /etc/init.d/README, ignoring: No such file or directory
May 19 19:10:08.809985 osdx systemd[1]: Starting logrotate.service - Rotate log files...
May 19 19:10:08.814187 osdx systemd[1]: Created slice system-suricata.slice - Slice /system/suricata.
May 19 19:10:08.815035 osdx systemd[1]: Starting suricata@FW.service - Suricata client "FW" service...
May 19 19:10:08.843685 osdx systemd[1]: logrotate.service: Deactivated successfully.
May 19 19:10:08.843819 osdx systemd[1]: Finished logrotate.service - Rotate log files.
May 19 19:10:09.083382 osdx systemd[1]: Started suricata@FW.service - Suricata client "FW" service.
May 19 19:10:09.456331 osdx INFO[37482]: Rules successfully loaded
May 19 19:10:09.468022 osdx ulogd[37463]: Terminal signal received, exiting
May 19 19:10:09.468084 osdx systemd[1]: Stopping ulogd2.service - Netfilter Userspace Logging Daemon...
May 19 19:10:09.468469 osdx systemd[1]: ulogd2.service: Deactivated successfully.
May 19 19:10:09.468562 osdx systemd[1]: Stopped ulogd2.service - Netfilter Userspace Logging Daemon.
May 19 19:10:09.493879 osdx systemd[1]: Starting ulogd2.service - Netfilter Userspace Logging Daemon...
May 19 19:10:09.495000 osdx systemd[1]: Started ulogd2.service - Netfilter Userspace Logging Daemon.
May 19 19:10:09.495383 osdx ulogd[37528]: registering plugin `NFCT'
May 19 19:10:09.495424 osdx ulogd[37528]: registering plugin `IP2STR'
May 19 19:10:09.495465 osdx ulogd[37528]: registering plugin `PRINTFLOW'
May 19 19:10:09.495506 osdx ulogd[37528]: registering plugin `SYSLOG'
May 19 19:10:09.495509 osdx ulogd[37528]: building new pluginstance stack: 'ct1:NFCT,ip2str1:IP2STR,print1:PRINTFLOW,sys1:SYSLOG'
May 19 19:10:09.495552 osdx ulogd[37528]: NFCT plugin working in event mode
May 19 19:10:09.495560 osdx ulogd[37528]: Changing UID / GID
May 19 19:10:09.495632 osdx ulogd[37528]: initialization finished, entering main loop
May 19 19:10:09.496822 osdx cfgd[1655]: [33376]Completed change to active configuration
May 19 19:10:09.526907 osdx OSDxCLI[33376]: User 'admin' committed the configuration.
May 19 19:10:09.549208 osdx OSDxCLI[33376]: User 'admin' left the configuration menu.
May 19 19:10:10.381758 osdx ulogd[37528]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 (Sc: not-bypass)
May 19 19:10:10.381783 osdx ulogd[37528]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 (Sc: not-bypass)
May 19 19:10:10.464699 osdx ulogd[37528]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 (Sc: not-bypass)
May 19 19:10:10.464719 osdx ulogd[37528]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 (Sc: not-bypass)

---

Offload flag

Description

Set a simple configuration with DUT0 as an intermediary between DUT1 and DUT2. Initiate a ssh connection from DUT1 to DUT2 and check that default and offload fields appear when running system journal show.

Scenario

Step 1: Set the following configuration in DUT0 :

set interfaces ethernet eth0 address 192.168.100.1/24
set interfaces ethernet eth1 address 192.168.200.1/24
set system conntrack logging events all
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'

Step 2: Set the following configuration in DUT1 :

set interfaces ethernet eth0 address 192.168.100.2/24
set protocols static route 0.0.0.0/0 next-hop 192.168.100.1
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'

Step 3: Set the following configuration in DUT2 :

set interfaces ethernet eth0 address 192.168.200.2/24
set protocols static route 0.0.0.0/0 next-hop 192.168.200.1
set service ssh
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'

Step 4: Ping IP address 192.168.100.1 from DUT1:

admin@DUT1$ ping 192.168.100.1 count 1 size 56 timeout 1

Show output

PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data.
64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.332 ms

--- 192.168.100.1 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 0.332/0.332/0.332/0.000 ms

Step 5: Ping IP address 192.168.200.1 from DUT2:

admin@DUT2$ ping 192.168.200.1 count 1 size 56 timeout 1

Show output

PING 192.168.200.1 (192.168.200.1) 56(84) bytes of data.
64 bytes from 192.168.200.1: icmp_seq=1 ttl=64 time=0.414 ms

--- 192.168.200.1 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 0.414/0.414/0.414/0.000 ms

Step 6: Init an SSH connection from DUT1 to IP address 192.168.200.2 with the user admin:

admin@DUT1$ ssh admin@192.168.200.2 option StrictHostKeyChecking=no option UserKnownHostsFile=/dev/null

Show output

Warning: Permanently added '192.168.200.2' (ECDSA) to the list of known hosts.
admin@192.168.200.2's password:
Welcome to Teldat OSDx v4.2.3.3

This system includes free software.
Contact Teldat for licenses information and source code.

Last login: Mon May 19 18:48:33 2025
admin@osdx$

Step 7: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:

ulogd\[.*\]:.*\[((NEW)|(UPDATE)|(DESTROY))\].*\[OFFLOAD\]

Show output

May 19 19:10:18.390189 osdx systemd-journald[13756]: Runtime Journal (/run/log/journal/7ae40c0371a74784821261dd7287ec45) is 2.1M, max 15.3M, 13.2M free.
May 19 19:10:18.393893 osdx systemd-journald[13756]: Received client request to rotate journal, rotating.
May 19 19:10:18.393960 osdx systemd-journald[13756]: Vacuuming done, freed 0B of archived journals from /run/log/journal/7ae40c0371a74784821261dd7287ec45.
May 19 19:10:18.409269 osdx OSDxCLI[33376]: User 'admin' executed a new command: 'system journal clear'.
May 19 19:10:18.785262 osdx osdx-coredump[37745]: Deleting all coredumps in /opt/vyatta/etc/config/coredump...
May 19 19:10:18.792898 osdx OSDxCLI[33376]: User 'admin' executed a new command: 'system coredump delete all'.
May 19 19:10:19.315352 osdx OSDxCLI[33376]: User 'admin' entered the configuration menu.
May 19 19:10:19.437848 osdx OSDxCLI[33376]: User 'admin' added a new cfg line: 'set interfaces ethernet eth1 address 192.168.200.1/24'.
May 19 19:10:19.506160 osdx OSDxCLI[33376]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 192.168.100.1/24'.
May 19 19:10:19.613805 osdx OSDxCLI[33376]: User 'admin' added a new cfg line: 'set system conntrack logging events all'.
May 19 19:10:19.703824 osdx OSDxCLI[33376]: User 'admin' added a new cfg line: 'show working'.
May 19 19:10:19.813357 osdx INFO[37768]: FRR daemons did not change
May 19 19:10:20.021874 osdx systemd[1]: Starting ulogd2.service - Netfilter Userspace Logging Daemon...
May 19 19:10:20.023808 osdx systemd[1]: ulogd2.service: Failed to parse PID from file /run/ulog/ulogd.pid: Invalid argument
May 19 19:10:20.024407 osdx systemd[1]: Started ulogd2.service - Netfilter Userspace Logging Daemon.
May 19 19:10:20.025307 osdx ulogd[37890]: registering plugin `NFCT'
May 19 19:10:20.025409 osdx ulogd[37890]: registering plugin `IP2STR'
May 19 19:10:20.025499 osdx ulogd[37890]: registering plugin `PRINTFLOW'
May 19 19:10:20.025587 osdx ulogd[37890]: registering plugin `SYSLOG'
May 19 19:10:20.025595 osdx ulogd[37890]: building new pluginstance stack: 'ct1:NFCT,ip2str1:IP2STR,print1:PRINTFLOW,sys1:SYSLOG'
May 19 19:10:20.025682 osdx ulogd[37890]: NFCT plugin working in event mode
May 19 19:10:20.025697 osdx ulogd[37890]: Changing UID / GID
May 19 19:10:20.025829 osdx ulogd[37890]: initialization finished, entering main loop
May 19 19:10:20.027457 osdx cfgd[1655]: [33376]Completed change to active configuration
May 19 19:10:20.058939 osdx OSDxCLI[33376]: User 'admin' committed the configuration.
May 19 19:10:20.081116 osdx OSDxCLI[33376]: User 'admin' left the configuration menu.
May 19 19:10:21.895324 osdx ulogd[37890]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0
May 19 19:10:21.895352 osdx ulogd[37890]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0
May 19 19:10:21.977864 osdx ulogd[37890]: [NEW] ORIG: SRC=192.168.200.2 DST=192.168.200.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.200.1 DST=192.168.200.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0
May 19 19:10:21.977883 osdx ulogd[37890]: [UPDATE] ORIG: SRC=192.168.200.2 DST=192.168.200.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.200.1 DST=192.168.200.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0
May 19 19:10:22.069760 osdx ulogd[37890]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.200.2 PROTO=TCP SPT=52094 DPT=22 PKTS=0 BYTES=0 , REPLY: SRC=192.168.200.2 DST=192.168.100.2 PROTO=TCP SPT=22 DPT=52094 PKTS=0 BYTES=0
May 19 19:10:22.069911 osdx ulogd[37890]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.200.2 PROTO=TCP SPT=52094 DPT=22 PKTS=0 BYTES=0 , REPLY: SRC=192.168.200.2 DST=192.168.100.2 PROTO=TCP SPT=22 DPT=52094 PKTS=0 BYTES=0
May 19 19:10:22.070034 osdx ulogd[37890]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.200.2 PROTO=TCP SPT=52094 DPT=22 PKTS=0 BYTES=0 , REPLY: SRC=192.168.200.2 DST=192.168.100.2 PROTO=TCP SPT=22 DPT=52094 PKTS=0 BYTES=0 [OFFLOAD]
May 19 19:10:22.368419 osdx ulogd[37890]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.200.2 PROTO=TCP SPT=52094 DPT=22 PKTS=0 BYTES=0 , REPLY: SRC=192.168.200.2 DST=192.168.100.2 PROTO=TCP SPT=22 DPT=52094 PKTS=0 BYTES=0
May 19 19:10:22.368444 osdx ulogd[37890]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.200.2 PROTO=TCP SPT=52094 DPT=22 PKTS=0 BYTES=0 , REPLY: SRC=192.168.200.2 DST=192.168.100.2 PROTO=TCP SPT=22 DPT=52094 PKTS=0 BYTES=0 [OFFLOAD]
May 19 19:10:22.369888 osdx ulogd[37890]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.200.2 PROTO=TCP SPT=52094 DPT=22 PKTS=0 BYTES=0 , REPLY: SRC=192.168.200.2 DST=192.168.100.2 PROTO=TCP SPT=22 DPT=52094 PKTS=0 BYTES=0
May 19 19:10:22.370001 osdx ulogd[37890]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.200.2 PROTO=TCP SPT=52094 DPT=22 PKTS=0 BYTES=0 , REPLY: SRC=192.168.200.2 DST=192.168.100.2 PROTO=TCP SPT=22 DPT=52094 PKTS=0 BYTES=0 [OFFLOAD]

---

App detect logging

Description

Set a simple configuration enabling app detection in system conntrack, send a ping command from DUT1 and check app detect field appears when running system journal show. After that, enabling app detection in system conntrack for http host, try to copy index.html from a http server and check that the app detect field appears and belongs to the http server when running system journal show.

Scenario

Step 1: Set the following configuration in DUT0 :

set interfaces ethernet eth0 address 192.168.100.1/24
set system conntrack app-detect
set system conntrack logging events all
set system conntrack timeout icmp 1
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'

Step 2: Set the following configuration in DUT1 :

set interfaces ethernet eth0 address 192.168.100.2/24
set protocols static route 0.0.0.0/0 next-hop 192.168.100.1
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'

Step 3: Ping IP address 192.168.100.1 from DUT1:

admin@DUT1$ ping 192.168.100.1 count 1 size 56 timeout 1

Show output

PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data.
64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.328 ms

--- 192.168.100.1 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 0.328/0.328/0.328/0.000 ms

Step 4: Ping IP address 192.168.100.1 from DUT1:

admin@DUT1$ ping 192.168.100.1 count 3 size 56 timeout 1

Show output

PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data.
64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.308 ms
64 bytes from 192.168.100.1: icmp_seq=2 ttl=64 time=0.269 ms
64 bytes from 192.168.100.1: icmp_seq=3 ttl=64 time=0.249 ms

--- 192.168.100.1 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2029ms
rtt min/avg/max/mdev = 0.249/0.275/0.308/0.024 ms

Step 5: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:

ulogd\[.*\]:.*\[NEW\].*APPDETECT\[L3:1\]

Show output

May 19 19:10:26.000181 osdx systemd-timedated[25589]: Changed local time to Mon 2025-05-19 19:10:26 UTC
May 19 19:10:26.000728 osdx systemd-journald[13756]: Time jumped backwards, rotating.
May 19 19:10:26.001599 osdx OSDxCLI[33376]: User 'admin' executed a new command: 'set date 2025-05-19 19:10:26'.
May 19 19:10:26.324755 osdx systemd-journald[13756]: Runtime Journal (/run/log/journal/7ae40c0371a74784821261dd7287ec45) is 3.8M, max 15.3M, 11.5M free.
May 19 19:10:26.328660 osdx systemd-journald[13756]: Received client request to rotate journal, rotating.
May 19 19:10:26.328722 osdx systemd-journald[13756]: Vacuuming done, freed 0B of archived journals from /run/log/journal/7ae40c0371a74784821261dd7287ec45.
May 19 19:10:26.334416 osdx OSDxCLI[33376]: User 'admin' executed a new command: 'system journal clear'.
May 19 19:10:26.646666 osdx osdx-coredump[38045]: Deleting all coredumps in /opt/vyatta/etc/config/coredump...
May 19 19:10:26.656444 osdx OSDxCLI[33376]: User 'admin' executed a new command: 'system coredump delete all'.
May 19 19:10:27.133418 osdx OSDxCLI[33376]: User 'admin' entered the configuration menu.
May 19 19:10:27.194035 osdx OSDxCLI[33376]: User 'admin' added a new cfg line: 'set system conntrack app-detect'.
May 19 19:10:27.294868 osdx OSDxCLI[33376]: User 'admin' added a new cfg line: 'set system conntrack timeout icmp 1'.
May 19 19:10:27.408842 osdx OSDxCLI[33376]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 192.168.100.1/24'.
May 19 19:10:27.462581 osdx OSDxCLI[33376]: User 'admin' added a new cfg line: 'set system conntrack logging events all'.
May 19 19:10:27.586859 osdx OSDxCLI[33376]: User 'admin' added a new cfg line: 'show working'.
May 19 19:10:27.659188 osdx INFO[38067]: FRR daemons did not change
May 19 19:10:27.820766 osdx kernel: app-detect: module init
May 19 19:10:27.820825 osdx kernel: app-detect: registered: sysctl net.appdetect
May 19 19:10:27.820839 osdx kernel: app-detect: expression init
May 19 19:10:27.820850 osdx kernel: app-detect: appid cache initialized
May 19 19:10:27.820861 osdx kernel: app-detect: appid cache changes counter initialized
May 19 19:10:27.826896 osdx modulelauncher[38070]: AppDetect: no change in application dictionaries, thus nothing more to do
May 19 19:10:27.973021 osdx systemd[1]: Starting ulogd2.service - Netfilter Userspace Logging Daemon...
May 19 19:10:27.974439 osdx systemd[1]: Started ulogd2.service - Netfilter Userspace Logging Daemon.
May 19 19:10:27.974679 osdx ulogd[38159]: registering plugin `NFCT'
May 19 19:10:27.974733 osdx ulogd[38159]: registering plugin `IP2STR'
May 19 19:10:27.974780 osdx ulogd[38159]: registering plugin `PRINTFLOW'
May 19 19:10:27.974831 osdx ulogd[38159]: registering plugin `SYSLOG'
May 19 19:10:27.974836 osdx ulogd[38159]: building new pluginstance stack: 'ct1:NFCT,ip2str1:IP2STR,print1:PRINTFLOW,sys1:SYSLOG'
May 19 19:10:27.974887 osdx ulogd[38159]: NFCT plugin working in event mode
May 19 19:10:27.974895 osdx ulogd[38159]: Changing UID / GID
May 19 19:10:27.974989 osdx ulogd[38159]: initialization finished, entering main loop
May 19 19:10:27.976909 osdx cfgd[1655]: [33376]Completed change to active configuration
May 19 19:10:28.015955 osdx OSDxCLI[33376]: User 'admin' committed the configuration.
May 19 19:10:28.035518 osdx OSDxCLI[33376]: User 'admin' left the configuration menu.
May 19 19:10:29.025247 osdx ulogd[38159]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1]
May 19 19:10:29.025276 osdx ulogd[38159]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1]
May 19 19:10:29.106210 osdx ulogd[38159]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1]
May 19 19:10:29.106230 osdx ulogd[38159]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1]
May 19 19:10:30.111420 osdx ulogd[38159]: [DESTROY] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 APPDETECT[L3:1]
May 19 19:10:30.111448 osdx ulogd[38159]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1]
May 19 19:10:30.111463 osdx ulogd[38159]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1]
May 19 19:10:31.135363 osdx ulogd[38159]: [DESTROY] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 APPDETECT[L3:1]
May 19 19:10:31.135387 osdx ulogd[38159]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1]
May 19 19:10:31.135398 osdx ulogd[38159]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1]

Step 6: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:

ulogd\[.*\]:.*\[UPDATE\].*APPDETECT\[L3:1\]

Show output

May 19 19:10:26.000181 osdx systemd-timedated[25589]: Changed local time to Mon 2025-05-19 19:10:26 UTC
May 19 19:10:26.000728 osdx systemd-journald[13756]: Time jumped backwards, rotating.
May 19 19:10:26.001599 osdx OSDxCLI[33376]: User 'admin' executed a new command: 'set date 2025-05-19 19:10:26'.
May 19 19:10:26.324755 osdx systemd-journald[13756]: Runtime Journal (/run/log/journal/7ae40c0371a74784821261dd7287ec45) is 3.8M, max 15.3M, 11.5M free.
May 19 19:10:26.328660 osdx systemd-journald[13756]: Received client request to rotate journal, rotating.
May 19 19:10:26.328722 osdx systemd-journald[13756]: Vacuuming done, freed 0B of archived journals from /run/log/journal/7ae40c0371a74784821261dd7287ec45.
May 19 19:10:26.334416 osdx OSDxCLI[33376]: User 'admin' executed a new command: 'system journal clear'.
May 19 19:10:26.646666 osdx osdx-coredump[38045]: Deleting all coredumps in /opt/vyatta/etc/config/coredump...
May 19 19:10:26.656444 osdx OSDxCLI[33376]: User 'admin' executed a new command: 'system coredump delete all'.
May 19 19:10:27.133418 osdx OSDxCLI[33376]: User 'admin' entered the configuration menu.
May 19 19:10:27.194035 osdx OSDxCLI[33376]: User 'admin' added a new cfg line: 'set system conntrack app-detect'.
May 19 19:10:27.294868 osdx OSDxCLI[33376]: User 'admin' added a new cfg line: 'set system conntrack timeout icmp 1'.
May 19 19:10:27.408842 osdx OSDxCLI[33376]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 192.168.100.1/24'.
May 19 19:10:27.462581 osdx OSDxCLI[33376]: User 'admin' added a new cfg line: 'set system conntrack logging events all'.
May 19 19:10:27.586859 osdx OSDxCLI[33376]: User 'admin' added a new cfg line: 'show working'.
May 19 19:10:27.659188 osdx INFO[38067]: FRR daemons did not change
May 19 19:10:27.820766 osdx kernel: app-detect: module init
May 19 19:10:27.820825 osdx kernel: app-detect: registered: sysctl net.appdetect
May 19 19:10:27.820839 osdx kernel: app-detect: expression init
May 19 19:10:27.820850 osdx kernel: app-detect: appid cache initialized
May 19 19:10:27.820861 osdx kernel: app-detect: appid cache changes counter initialized
May 19 19:10:27.826896 osdx modulelauncher[38070]: AppDetect: no change in application dictionaries, thus nothing more to do
May 19 19:10:27.973021 osdx systemd[1]: Starting ulogd2.service - Netfilter Userspace Logging Daemon...
May 19 19:10:27.974439 osdx systemd[1]: Started ulogd2.service - Netfilter Userspace Logging Daemon.
May 19 19:10:27.974679 osdx ulogd[38159]: registering plugin `NFCT'
May 19 19:10:27.974733 osdx ulogd[38159]: registering plugin `IP2STR'
May 19 19:10:27.974780 osdx ulogd[38159]: registering plugin `PRINTFLOW'
May 19 19:10:27.974831 osdx ulogd[38159]: registering plugin `SYSLOG'
May 19 19:10:27.974836 osdx ulogd[38159]: building new pluginstance stack: 'ct1:NFCT,ip2str1:IP2STR,print1:PRINTFLOW,sys1:SYSLOG'
May 19 19:10:27.974887 osdx ulogd[38159]: NFCT plugin working in event mode
May 19 19:10:27.974895 osdx ulogd[38159]: Changing UID / GID
May 19 19:10:27.974989 osdx ulogd[38159]: initialization finished, entering main loop
May 19 19:10:27.976909 osdx cfgd[1655]: [33376]Completed change to active configuration
May 19 19:10:28.015955 osdx OSDxCLI[33376]: User 'admin' committed the configuration.
May 19 19:10:28.035518 osdx OSDxCLI[33376]: User 'admin' left the configuration menu.
May 19 19:10:29.025247 osdx ulogd[38159]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1]
May 19 19:10:29.025276 osdx ulogd[38159]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1]
May 19 19:10:29.106210 osdx ulogd[38159]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1]
May 19 19:10:29.106230 osdx ulogd[38159]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1]
May 19 19:10:30.111420 osdx ulogd[38159]: [DESTROY] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 APPDETECT[L3:1]
May 19 19:10:30.111448 osdx ulogd[38159]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1]
May 19 19:10:30.111463 osdx ulogd[38159]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1]
May 19 19:10:31.135363 osdx ulogd[38159]: [DESTROY] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 APPDETECT[L3:1]
May 19 19:10:31.135387 osdx ulogd[38159]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1]
May 19 19:10:31.135398 osdx ulogd[38159]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1]
May 19 19:10:31.236144 osdx OSDxCLI[33376]: User 'admin' executed a new command: 'system journal show | cat'.

Step 7: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:

ulogd\[.*\]:.*\[DESTROY\].*APPDETECT\[L3:1\]

Show output

May 19 19:10:26.000181 osdx systemd-timedated[25589]: Changed local time to Mon 2025-05-19 19:10:26 UTC
May 19 19:10:26.000728 osdx systemd-journald[13756]: Time jumped backwards, rotating.
May 19 19:10:26.001599 osdx OSDxCLI[33376]: User 'admin' executed a new command: 'set date 2025-05-19 19:10:26'.
May 19 19:10:26.324755 osdx systemd-journald[13756]: Runtime Journal (/run/log/journal/7ae40c0371a74784821261dd7287ec45) is 3.8M, max 15.3M, 11.5M free.
May 19 19:10:26.328660 osdx systemd-journald[13756]: Received client request to rotate journal, rotating.
May 19 19:10:26.328722 osdx systemd-journald[13756]: Vacuuming done, freed 0B of archived journals from /run/log/journal/7ae40c0371a74784821261dd7287ec45.
May 19 19:10:26.334416 osdx OSDxCLI[33376]: User 'admin' executed a new command: 'system journal clear'.
May 19 19:10:26.646666 osdx osdx-coredump[38045]: Deleting all coredumps in /opt/vyatta/etc/config/coredump...
May 19 19:10:26.656444 osdx OSDxCLI[33376]: User 'admin' executed a new command: 'system coredump delete all'.
May 19 19:10:27.133418 osdx OSDxCLI[33376]: User 'admin' entered the configuration menu.
May 19 19:10:27.194035 osdx OSDxCLI[33376]: User 'admin' added a new cfg line: 'set system conntrack app-detect'.
May 19 19:10:27.294868 osdx OSDxCLI[33376]: User 'admin' added a new cfg line: 'set system conntrack timeout icmp 1'.
May 19 19:10:27.408842 osdx OSDxCLI[33376]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 192.168.100.1/24'.
May 19 19:10:27.462581 osdx OSDxCLI[33376]: User 'admin' added a new cfg line: 'set system conntrack logging events all'.
May 19 19:10:27.586859 osdx OSDxCLI[33376]: User 'admin' added a new cfg line: 'show working'.
May 19 19:10:27.659188 osdx INFO[38067]: FRR daemons did not change
May 19 19:10:27.820766 osdx kernel: app-detect: module init
May 19 19:10:27.820825 osdx kernel: app-detect: registered: sysctl net.appdetect
May 19 19:10:27.820839 osdx kernel: app-detect: expression init
May 19 19:10:27.820850 osdx kernel: app-detect: appid cache initialized
May 19 19:10:27.820861 osdx kernel: app-detect: appid cache changes counter initialized
May 19 19:10:27.826896 osdx modulelauncher[38070]: AppDetect: no change in application dictionaries, thus nothing more to do
May 19 19:10:27.973021 osdx systemd[1]: Starting ulogd2.service - Netfilter Userspace Logging Daemon...
May 19 19:10:27.974439 osdx systemd[1]: Started ulogd2.service - Netfilter Userspace Logging Daemon.
May 19 19:10:27.974679 osdx ulogd[38159]: registering plugin `NFCT'
May 19 19:10:27.974733 osdx ulogd[38159]: registering plugin `IP2STR'
May 19 19:10:27.974780 osdx ulogd[38159]: registering plugin `PRINTFLOW'
May 19 19:10:27.974831 osdx ulogd[38159]: registering plugin `SYSLOG'
May 19 19:10:27.974836 osdx ulogd[38159]: building new pluginstance stack: 'ct1:NFCT,ip2str1:IP2STR,print1:PRINTFLOW,sys1:SYSLOG'
May 19 19:10:27.974887 osdx ulogd[38159]: NFCT plugin working in event mode
May 19 19:10:27.974895 osdx ulogd[38159]: Changing UID / GID
May 19 19:10:27.974989 osdx ulogd[38159]: initialization finished, entering main loop
May 19 19:10:27.976909 osdx cfgd[1655]: [33376]Completed change to active configuration
May 19 19:10:28.015955 osdx OSDxCLI[33376]: User 'admin' committed the configuration.
May 19 19:10:28.035518 osdx OSDxCLI[33376]: User 'admin' left the configuration menu.
May 19 19:10:29.025247 osdx ulogd[38159]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1]
May 19 19:10:29.025276 osdx ulogd[38159]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1]
May 19 19:10:29.106210 osdx ulogd[38159]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1]
May 19 19:10:29.106230 osdx ulogd[38159]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1]
May 19 19:10:30.111420 osdx ulogd[38159]: [DESTROY] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 APPDETECT[L3:1]
May 19 19:10:30.111448 osdx ulogd[38159]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1]
May 19 19:10:30.111463 osdx ulogd[38159]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1]
May 19 19:10:31.135363 osdx ulogd[38159]: [DESTROY] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 APPDETECT[L3:1]
May 19 19:10:31.135387 osdx ulogd[38159]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1]
May 19 19:10:31.135398 osdx ulogd[38159]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1]
May 19 19:10:31.236144 osdx OSDxCLI[33376]: User 'admin' executed a new command: 'system journal show | cat'.
May 19 19:10:31.351635 osdx OSDxCLI[33376]: User 'admin' executed a new command: 'system journal show | cat'.

Step 8: Modify the following configuration lines in DUT0 :

set interfaces ethernet eth1 address 10.215.168.64/24
set system conntrack app-detect http-host

Step 9: Ping IP address 10.215.168.1 from DUT0:

admin@DUT0$ ping 10.215.168.1 count 1 size 56 timeout 1

Show output

PING 10.215.168.1 (10.215.168.1) 56(84) bytes of data.
64 bytes from 10.215.168.1: icmp_seq=1 ttl=64 time=0.223 ms

--- 10.215.168.1 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 0.223/0.223/0.223/0.000 ms

Step 10: Run command file copy http://10.215.168.1/~robot/ running://index.html at DUT0 and expect this output:

Show output

  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100  4352    0  4352    0     0   956k      0 --:--:-- --:--:-- --:--:-- 1062k

Step 11: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:

ulogd\[.*\]:.*\[((NEW)|(UPDATE)|(DESTROY))\].*APPDETECT\[L4:80 http-host:10.215.168.1\]

Show output

May 19 19:10:26.000181 osdx systemd-timedated[25589]: Changed local time to Mon 2025-05-19 19:10:26 UTC
May 19 19:10:26.000728 osdx systemd-journald[13756]: Time jumped backwards, rotating.
May 19 19:10:26.001599 osdx OSDxCLI[33376]: User 'admin' executed a new command: 'set date 2025-05-19 19:10:26'.
May 19 19:10:26.324755 osdx systemd-journald[13756]: Runtime Journal (/run/log/journal/7ae40c0371a74784821261dd7287ec45) is 3.8M, max 15.3M, 11.5M free.
May 19 19:10:26.328660 osdx systemd-journald[13756]: Received client request to rotate journal, rotating.
May 19 19:10:26.328722 osdx systemd-journald[13756]: Vacuuming done, freed 0B of archived journals from /run/log/journal/7ae40c0371a74784821261dd7287ec45.
May 19 19:10:26.334416 osdx OSDxCLI[33376]: User 'admin' executed a new command: 'system journal clear'.
May 19 19:10:26.646666 osdx osdx-coredump[38045]: Deleting all coredumps in /opt/vyatta/etc/config/coredump...
May 19 19:10:26.656444 osdx OSDxCLI[33376]: User 'admin' executed a new command: 'system coredump delete all'.
May 19 19:10:27.133418 osdx OSDxCLI[33376]: User 'admin' entered the configuration menu.
May 19 19:10:27.194035 osdx OSDxCLI[33376]: User 'admin' added a new cfg line: 'set system conntrack app-detect'.
May 19 19:10:27.294868 osdx OSDxCLI[33376]: User 'admin' added a new cfg line: 'set system conntrack timeout icmp 1'.
May 19 19:10:27.408842 osdx OSDxCLI[33376]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 192.168.100.1/24'.
May 19 19:10:27.462581 osdx OSDxCLI[33376]: User 'admin' added a new cfg line: 'set system conntrack logging events all'.
May 19 19:10:27.586859 osdx OSDxCLI[33376]: User 'admin' added a new cfg line: 'show working'.
May 19 19:10:27.659188 osdx INFO[38067]: FRR daemons did not change
May 19 19:10:27.820766 osdx kernel: app-detect: module init
May 19 19:10:27.820825 osdx kernel: app-detect: registered: sysctl net.appdetect
May 19 19:10:27.820839 osdx kernel: app-detect: expression init
May 19 19:10:27.820850 osdx kernel: app-detect: appid cache initialized
May 19 19:10:27.820861 osdx kernel: app-detect: appid cache changes counter initialized
May 19 19:10:27.826896 osdx modulelauncher[38070]: AppDetect: no change in application dictionaries, thus nothing more to do
May 19 19:10:27.973021 osdx systemd[1]: Starting ulogd2.service - Netfilter Userspace Logging Daemon...
May 19 19:10:27.974439 osdx systemd[1]: Started ulogd2.service - Netfilter Userspace Logging Daemon.
May 19 19:10:27.974679 osdx ulogd[38159]: registering plugin `NFCT'
May 19 19:10:27.974733 osdx ulogd[38159]: registering plugin `IP2STR'
May 19 19:10:27.974780 osdx ulogd[38159]: registering plugin `PRINTFLOW'
May 19 19:10:27.974831 osdx ulogd[38159]: registering plugin `SYSLOG'
May 19 19:10:27.974836 osdx ulogd[38159]: building new pluginstance stack: 'ct1:NFCT,ip2str1:IP2STR,print1:PRINTFLOW,sys1:SYSLOG'
May 19 19:10:27.974887 osdx ulogd[38159]: NFCT plugin working in event mode
May 19 19:10:27.974895 osdx ulogd[38159]: Changing UID / GID
May 19 19:10:27.974989 osdx ulogd[38159]: initialization finished, entering main loop
May 19 19:10:27.976909 osdx cfgd[1655]: [33376]Completed change to active configuration
May 19 19:10:28.015955 osdx OSDxCLI[33376]: User 'admin' committed the configuration.
May 19 19:10:28.035518 osdx OSDxCLI[33376]: User 'admin' left the configuration menu.
May 19 19:10:29.025247 osdx ulogd[38159]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1]
May 19 19:10:29.025276 osdx ulogd[38159]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1]
May 19 19:10:29.106210 osdx ulogd[38159]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1]
May 19 19:10:29.106230 osdx ulogd[38159]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1]
May 19 19:10:30.111420 osdx ulogd[38159]: [DESTROY] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 APPDETECT[L3:1]
May 19 19:10:30.111448 osdx ulogd[38159]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1]
May 19 19:10:30.111463 osdx ulogd[38159]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1]
May 19 19:10:31.135363 osdx ulogd[38159]: [DESTROY] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 APPDETECT[L3:1]
May 19 19:10:31.135387 osdx ulogd[38159]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1]
May 19 19:10:31.135398 osdx ulogd[38159]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1]
May 19 19:10:31.236144 osdx OSDxCLI[33376]: User 'admin' executed a new command: 'system journal show | cat'.
May 19 19:10:31.351635 osdx OSDxCLI[33376]: User 'admin' executed a new command: 'system journal show | cat'.
May 19 19:10:31.476829 osdx OSDxCLI[33376]: User 'admin' executed a new command: 'system journal show | cat'.
May 19 19:10:31.635883 osdx OSDxCLI[33376]: User 'admin' entered the configuration menu.
May 19 19:10:31.727936 osdx OSDxCLI[33376]: User 'admin' added a new cfg line: 'set interfaces ethernet eth1 address 10.215.168.64/24'.
May 19 19:10:31.808615 osdx OSDxCLI[33376]: User 'admin' added a new cfg line: 'set system conntrack app-detect http-host'.
May 19 19:10:31.886020 osdx OSDxCLI[33376]: User 'admin' added a new cfg line: 'show changes'.
May 19 19:10:31.995446 osdx INFO[38212]: FRR daemons did not change
May 19 19:10:32.040662 osdx kernel: app-detect: expression destroy
May 19 19:10:32.076686 osdx kernel: app-detect: expression init
May 19 19:10:32.076809 osdx kernel: app-detect: appid cache initialized
May 19 19:10:32.076857 osdx kernel: app-detect: appid cache changes counter initialized
May 19 19:10:32.093609 osdx modulelauncher[38215]: AppDetect: no change in application dictionaries, thus nothing more to do
May 19 19:10:32.198754 osdx cfgd[1655]: [33376]Completed change to active configuration
May 19 19:10:32.224252 osdx ulogd[38159]: [DESTROY] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 APPDETECT[L3:1]
May 19 19:10:32.224304 osdx ulogd[38159]: [DESTROY] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 APPDETECT[L3:1]
May 19 19:10:32.225031 osdx OSDxCLI[33376]: User 'admin' committed the configuration.
May 19 19:10:32.241906 osdx OSDxCLI[33376]: User 'admin' left the configuration menu.
May 19 19:10:32.419731 osdx ulogd[38159]: [NEW] ORIG: SRC=10.215.168.64 DST=10.215.168.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=10.215.168.1 DST=10.215.168.64 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1]
May 19 19:10:32.419912 osdx ulogd[38159]: [UPDATE] ORIG: SRC=10.215.168.64 DST=10.215.168.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=10.215.168.1 DST=10.215.168.64 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1]
May 19 19:10:32.421177 osdx OSDxCLI[33376]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'.
May 19 19:10:32.564365 osdx file_operation[38320]: using src url: http://10.215.168.1/~robot/ dst url: running://index.html
May 19 19:10:32.568611 osdx ulogd[38159]: [NEW] ORIG: SRC=10.215.168.64 DST=10.215.168.1 PROTO=TCP SPT=51512 DPT=80 PKTS=0 BYTES=0 , REPLY: SRC=10.215.168.1 DST=10.215.168.64 PROTO=TCP SPT=80 DPT=51512 PKTS=0 BYTES=0 APPDETECT[L4:80]
May 19 19:10:32.568733 osdx ulogd[38159]: [UPDATE] ORIG: SRC=10.215.168.64 DST=10.215.168.1 PROTO=TCP SPT=51512 DPT=80 PKTS=0 BYTES=0 , REPLY: SRC=10.215.168.1 DST=10.215.168.64 PROTO=TCP SPT=80 DPT=51512 PKTS=0 BYTES=0 APPDETECT[L4:80]
May 19 19:10:32.568744 osdx ulogd[38159]: [UPDATE] ORIG: SRC=10.215.168.64 DST=10.215.168.1 PROTO=TCP SPT=51512 DPT=80 PKTS=0 BYTES=0 , REPLY: SRC=10.215.168.1 DST=10.215.168.64 PROTO=TCP SPT=80 DPT=51512 PKTS=0 BYTES=0 APPDETECT[L4:80]
May 19 19:10:32.570256 osdx ulogd[38159]: [UPDATE] ORIG: SRC=10.215.168.64 DST=10.215.168.1 PROTO=TCP SPT=51512 DPT=80 PKTS=0 BYTES=0 , REPLY: SRC=10.215.168.1 DST=10.215.168.64 PROTO=TCP SPT=80 DPT=51512 PKTS=0 BYTES=0 APPDETECT[L4:80 http-host:10.215.168.1]
May 19 19:10:32.570306 osdx ulogd[38159]: [UPDATE] ORIG: SRC=10.215.168.64 DST=10.215.168.1 PROTO=TCP SPT=51512 DPT=80 PKTS=0 BYTES=0 , REPLY: SRC=10.215.168.1 DST=10.215.168.64 PROTO=TCP SPT=80 DPT=51512 PKTS=0 BYTES=0 APPDETECT[L4:80 http-host:10.215.168.1]
May 19 19:10:32.570317 osdx ulogd[38159]: [UPDATE] ORIG: SRC=10.215.168.64 DST=10.215.168.1 PROTO=TCP SPT=51512 DPT=80 PKTS=0 BYTES=0 , REPLY: SRC=10.215.168.1 DST=10.215.168.64 PROTO=TCP SPT=80 DPT=51512 PKTS=0 BYTES=0 APPDETECT[L4:80 http-host:10.215.168.1]
May 19 19:10:32.586297 osdx OSDxCLI[33376]: User 'admin' executed a new command: 'file copy http://10.215.168.1/~robot/ running://index.html'.

---

App Detect Drop Packet

Description

Set a traffic policy with action drop for all the packets matching an appid specified by a traffic selector. Enable http-host and http-url option in system conntrack appdetect path in order to see relevant information about http packets. Finnally, log that packets with app-id option and check that appdetect field appear in journal when running system journal show

Scenario

Step 1: Set the following configuration in DUT0 :

set interfaces ethernet eth1 address 10.215.168.64/24
set interfaces ethernet eth1 traffic policy out DROP
set system conntrack app-detect dictionary 130 custom app-id 155 fqdn 10.215.168.1
set system conntrack app-detect enable_dict_match_priv_ip
set system conntrack app-detect http-host
set system conntrack app-detect http-url
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
set traffic policy DROP rule 1 action drop
set traffic policy DROP rule 1 log app-id
set traffic policy DROP rule 1 selector APPID
set traffic selector APPID rule 1 app-id custom 155

Step 2: Ping IP address 10.215.168.1 from DUT0:

admin@DUT0$ ping 10.215.168.1 count 1 size 56 timeout 1

Show output

PING 10.215.168.1 (10.215.168.1) 56(84) bytes of data.
64 bytes from 10.215.168.1: icmp_seq=1 ttl=64 time=0.207 ms

--- 10.215.168.1 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 0.207/0.207/0.207/0.000 ms

Step 3: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:

osdx kernel:.*APPDETECT\[U:155 http-url:/~robot/ http-host:10.215.168.1\]

Show output

May 19 19:10:38.303567 osdx systemd-journald[13756]: Runtime Journal (/run/log/journal/7ae40c0371a74784821261dd7287ec45) is 2.1M, max 15.3M, 13.2M free.
May 19 19:10:38.304880 osdx systemd-journald[13756]: Received client request to rotate journal, rotating.
May 19 19:10:38.304931 osdx systemd-journald[13756]: Vacuuming done, freed 0B of archived journals from /run/log/journal/7ae40c0371a74784821261dd7287ec45.
May 19 19:10:38.314527 osdx OSDxCLI[33376]: User 'admin' executed a new command: 'system journal clear'.
May 19 19:10:38.672185 osdx osdx-coredump[38473]: Deleting all coredumps in /opt/vyatta/etc/config/coredump...
May 19 19:10:38.682135 osdx OSDxCLI[33376]: User 'admin' executed a new command: 'system coredump delete all'.
May 19 19:10:39.444040 osdx OSDxCLI[33376]: User 'admin' entered the configuration menu.
May 19 19:10:39.527982 osdx OSDxCLI[33376]: User 'admin' added a new cfg line: 'set system conntrack app-detect dictionary 130 custom app-id 155 fqdn 10.215.168.1'.
May 19 19:10:39.616655 osdx OSDxCLI[33376]: User 'admin' added a new cfg line: 'set system conntrack app-detect enable_dict_match_priv_ip'.
May 19 19:10:39.674373 osdx OSDxCLI[33376]: User 'admin' added a new cfg line: 'set system conntrack app-detect http-url'.
May 19 19:10:39.781463 osdx OSDxCLI[33376]: User 'admin' added a new cfg line: 'set traffic selector APPID rule 1 app-id custom 155'.
May 19 19:10:39.838300 osdx OSDxCLI[33376]: User 'admin' added a new cfg line: 'set traffic policy DROP rule 1 selector APPID'.
May 19 19:10:39.936438 osdx OSDxCLI[33376]: User 'admin' added a new cfg line: 'set traffic policy DROP rule 1 action drop'.
May 19 19:10:39.994605 osdx OSDxCLI[33376]: User 'admin' added a new cfg line: 'set traffic policy DROP rule 1 log app-id'.
May 19 19:10:40.114021 osdx OSDxCLI[33376]: User 'admin' added a new cfg line: 'set interfaces ethernet eth1 traffic policy out DROP'.
May 19 19:10:40.167744 osdx OSDxCLI[33376]: User 'admin' added a new cfg line: 'set interfaces ethernet eth1 address 10.215.168.64/24'.
May 19 19:10:40.269070 osdx OSDxCLI[33376]: User 'admin' added a new cfg line: 'set system conntrack app-detect http-host'.
May 19 19:10:40.349378 osdx OSDxCLI[33376]: User 'admin' added a new cfg line: 'show working'.
May 19 19:10:40.464801 osdx INFO[38515]: FRR daemons did not change
May 19 19:10:40.616888 osdx kernel: app-detect: module init
May 19 19:10:40.616936 osdx kernel: app-detect: registered: sysctl net.appdetect
May 19 19:10:40.616950 osdx kernel: app-detect: expression init
May 19 19:10:40.616961 osdx kernel: app-detect: appid cache initialized
May 19 19:10:40.616976 osdx kernel: app-detect: appid cache changes counter initialized
May 19 19:10:41.129960 osdx cfgd[1655]: [33376]Completed change to active configuration
May 19 19:10:41.155290 osdx OSDxCLI[33376]: User 'admin' committed the configuration.
May 19 19:10:41.172913 osdx OSDxCLI[33376]: User 'admin' left the configuration menu.
May 19 19:10:41.317148 osdx OSDxCLI[33376]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'.
May 19 19:10:41.463642 osdx file_operation[38667]: using src url: http://10.215.168.1/~robot/ dst url: running://index.html
May 19 19:10:41.472883 osdx kernel: [DROP-1] DROP IN= OUT=eth1 SRC=10.215.168.64 DST=10.215.168.1 LEN=306 TOS=0x00 PREC=0x00 TTL=64 ID=53096 DF PROTO=TCP SPT=57516 DPT=80 WINDOW=502 RES=0x00 ACK PSH URGP=0 APPDETECT[U:155 http-url:/~robot/ http-host:10.215.168.1]
May 19 19:10:41.676924 osdx kernel: [DROP-1] DROP IN= OUT=eth1 SRC=10.215.168.64 DST=10.215.168.1 LEN=306 TOS=0x00 PREC=0x00 TTL=64 ID=53097 DF PROTO=TCP SPT=57516 DPT=80 WINDOW=502 RES=0x00 ACK PSH URGP=0 APPDETECT[U:155 http-url:/~robot/ http-host:10.215.168.1]
May 19 19:10:42.100913 osdx kernel: [DROP-1] DROP IN= OUT=eth1 SRC=10.215.168.64 DST=10.215.168.1 LEN=306 TOS=0x00 PREC=0x00 TTL=64 ID=53098 DF PROTO=TCP SPT=57516 DPT=80 WINDOW=502 RES=0x00 ACK PSH URGP=0 APPDETECT[U:155 http-url:/~robot/ http-host:10.215.168.1]
May 19 19:10:42.932917 osdx kernel: [DROP-1] DROP IN= OUT=eth1 SRC=10.215.168.64 DST=10.215.168.1 LEN=306 TOS=0x00 PREC=0x00 TTL=64 ID=53099 DF PROTO=TCP SPT=57516 DPT=80 WINDOW=502 RES=0x00 ACK PSH URGP=0 APPDETECT[U:155 http-url:/~robot/ http-host:10.215.168.1]
May 19 19:10:44.448454 osdx file_operation.py[38667]: Operation aborted by user.
May 19 19:10:44.460888 osdx kernel: [DROP-1] DROP IN= OUT=eth1 SRC=10.215.168.64 DST=10.215.168.1 LEN=306 TOS=0x00 PREC=0x00 TTL=64 ID=53100 DF PROTO=TCP SPT=57516 DPT=80 WINDOW=502 RES=0x00 ACK PSH FIN URGP=0 APPDETECT[U:155 http-url:/~robot/ http-host:10.215.168.1]
May 19 19:10:44.466777 osdx OSDxCLI[33376]: User 'admin' executed a new command: 'file copy http://10.215.168.1/~robot/ running://index.html'.

---