Logging
The following scenarios show how to configure the conntrack logging option with different traffic policies and services enabled, in order to check that all fields are displayed correctly and all events are captured.
New events
Description
Check NEW sessions events are captured
Scenario
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 192.168.100.1/24 set system conntrack logging events new set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 2: Set the following configuration in DUT1 :
set interfaces ethernet eth0 address 192.168.100.2/24 set protocols static route 0.0.0.0/0 next-hop 192.168.100.1 set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 3: Ping IP address 192.168.100.1 from DUT1:
admin@DUT1$ ping 192.168.100.1 count 1 size 56 timeout 1Show output
PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data. 64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.663 ms --- 192.168.100.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.663/0.663/0.663/0.000 ms
Step 4: Ping IP address 192.168.100.1 from DUT1:
admin@DUT1$ ping 192.168.100.1 count 1 size 56 timeout 1Show output
PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data. 64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.403 ms --- 192.168.100.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.403/0.403/0.403/0.000 ms
Step 5: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
ulogd\[.*\]:.*\[NEW\].*SRC=192.168.100.2Show output
Mar 21 23:51:11.469468 osdx systemd-journald[1895]: Runtime Journal (/run/log/journal/6cebe234af79438581ed1b67e499c22c) is 2.0M, max 15.3M, 13.3M free. Mar 21 23:51:11.471062 osdx systemd-journald[1895]: Received client request to rotate journal, rotating. Mar 21 23:51:11.471147 osdx systemd-journald[1895]: Vacuuming done, freed 0B of archived journals from /run/log/journal/6cebe234af79438581ed1b67e499c22c. Mar 21 23:51:11.487249 osdx OSDxCLI[2009]: User 'admin' executed a new command: 'system journal clear'. Mar 21 23:51:12.018906 osdx osdx-coredump[7478]: Deleting all coredumps in /opt/vyatta/etc/config/coredump... Mar 21 23:51:12.033988 osdx OSDxCLI[2009]: User 'admin' executed a new command: 'system coredump delete all'. Mar 21 23:51:12.968719 osdx OSDxCLI[2009]: User 'admin' entered the configuration menu. Mar 21 23:51:13.137761 osdx OSDxCLI[2009]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 192.168.100.1/24'. Mar 21 23:51:13.265411 osdx OSDxCLI[2009]: User 'admin' added a new cfg line: 'set system conntrack logging events new'. Mar 21 23:51:13.399800 osdx OSDxCLI[2009]: User 'admin' added a new cfg line: 'show working'. Mar 21 23:51:13.511500 osdx ubnt-cfgd[7500]: inactive Mar 21 23:51:13.611508 osdx INFO[7512]: FRR daemons did not change Mar 21 23:51:13.663059 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Mar 21 23:51:13.811691 osdx systemd[1]: Starting ulogd2.service - Netfilter Userspace Logging Daemon... Mar 21 23:51:13.815892 osdx systemd[1]: ulogd2.service: Failed to parse PID from file /run/ulog/ulogd.pid: Invalid argument Mar 21 23:51:13.819686 osdx ulogd[7603]: registering plugin `NFCT' Mar 21 23:51:13.820995 osdx ulogd[7603]: registering plugin `IP2STR' Mar 21 23:51:13.821147 osdx ulogd[7603]: registering plugin `PRINTFLOW' Mar 21 23:51:13.822507 osdx ulogd[7603]: registering plugin `SYSLOG' Mar 21 23:51:13.822566 osdx ulogd[7603]: building new pluginstance stack: 'ct1:NFCT,ip2str1:IP2STR,print1:PRINTFLOW,sys1:SYSLOG' Mar 21 23:51:13.822681 osdx ulogd[7603]: NFCT plugin working in event mode Mar 21 23:51:13.822739 osdx ulogd[7603]: Changing UID / GID Mar 21 23:51:13.822884 osdx ulogd[7603]: initialization finished, entering main loop Mar 21 23:51:13.831124 osdx systemd[1]: Started ulogd2.service - Netfilter Userspace Logging Daemon. Mar 21 23:51:13.833625 osdx cfgd[1680]: [2009]Completed change to active configuration Mar 21 23:51:13.854759 osdx OSDxCLI[2009]: User 'admin' committed the configuration. Mar 21 23:51:13.894600 osdx OSDxCLI[2009]: User 'admin' left the configuration menu. Mar 21 23:51:15.711975 osdx ulogd[7603]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 Mar 21 23:51:15.893994 osdx ulogd[7603]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0
Update events
Description
Check UPDATE sessions events are captured
Scenario
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 192.168.100.1/24 set system conntrack logging events update set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 2: Set the following configuration in DUT1 :
set interfaces ethernet eth0 address 192.168.100.2/24 set protocols static route 0.0.0.0/0 next-hop 192.168.100.1 set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 3: Ping IP address 192.168.100.1 from DUT1:
admin@DUT1$ ping 192.168.100.1 count 1 size 56 timeout 1Show output
PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data. 64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.791 ms --- 192.168.100.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.791/0.791/0.791/0.000 ms
Step 4: Ping IP address 192.168.100.1 from DUT1:
admin@DUT1$ ping 192.168.100.1 count 1 size 56 timeout 1Show output
PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data. 64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.447 ms --- 192.168.100.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.447/0.447/0.447/0.000 ms
Step 5: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
ulogd\[.*\]:.*\[UPDATE\].*SRC=192.168.100.2Show output
Mar 21 23:51:24.552998 osdx systemd-journald[1895]: Runtime Journal (/run/log/journal/6cebe234af79438581ed1b67e499c22c) is 2.0M, max 15.3M, 13.3M free. Mar 21 23:51:24.553810 osdx systemd-journald[1895]: Received client request to rotate journal, rotating. Mar 21 23:51:24.553873 osdx systemd-journald[1895]: Vacuuming done, freed 0B of archived journals from /run/log/journal/6cebe234af79438581ed1b67e499c22c. Mar 21 23:51:24.575308 osdx OSDxCLI[2009]: User 'admin' executed a new command: 'system journal clear'. Mar 21 23:51:25.243977 osdx osdx-coredump[7798]: Deleting all coredumps in /opt/vyatta/etc/config/coredump... Mar 21 23:51:25.267014 osdx OSDxCLI[2009]: User 'admin' executed a new command: 'system coredump delete all'. Mar 21 23:51:26.452892 osdx OSDxCLI[2009]: User 'admin' entered the configuration menu. Mar 21 23:51:26.710213 osdx OSDxCLI[2009]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 192.168.100.1/24'. Mar 21 23:51:26.911425 osdx OSDxCLI[2009]: User 'admin' added a new cfg line: 'set system conntrack logging events update'. Mar 21 23:51:27.132922 osdx OSDxCLI[2009]: User 'admin' added a new cfg line: 'show working'. Mar 21 23:51:27.273370 osdx ubnt-cfgd[7820]: inactive Mar 21 23:51:27.381856 osdx INFO[7832]: FRR daemons did not change Mar 21 23:51:27.464881 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Mar 21 23:51:27.746163 osdx ulogd[7923]: registering plugin `NFCT' Mar 21 23:51:27.746244 osdx ulogd[7923]: registering plugin `IP2STR' Mar 21 23:51:27.746322 osdx ulogd[7923]: registering plugin `PRINTFLOW' Mar 21 23:51:27.746406 osdx ulogd[7923]: registering plugin `SYSLOG' Mar 21 23:51:27.746416 osdx ulogd[7923]: building new pluginstance stack: 'ct1:NFCT,ip2str1:IP2STR,print1:PRINTFLOW,sys1:SYSLOG' Mar 21 23:51:27.746509 osdx ulogd[7923]: NFCT plugin working in event mode Mar 21 23:51:27.746523 osdx ulogd[7923]: Changing UID / GID Mar 21 23:51:27.746644 osdx ulogd[7923]: initialization finished, entering main loop Mar 21 23:51:27.750852 osdx systemd[1]: Starting ulogd2.service - Netfilter Userspace Logging Daemon... Mar 21 23:51:27.753378 osdx systemd[1]: Started ulogd2.service - Netfilter Userspace Logging Daemon. Mar 21 23:51:27.761116 osdx cfgd[1680]: [2009]Completed change to active configuration Mar 21 23:51:27.813248 osdx OSDxCLI[2009]: User 'admin' committed the configuration. Mar 21 23:51:27.935390 osdx OSDxCLI[2009]: User 'admin' left the configuration menu. Mar 21 23:51:29.955624 osdx ulogd[7923]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 Mar 21 23:51:30.109983 osdx ulogd[7923]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0
Destroy events
Description
Check DESTROY sessions events are captured
Scenario
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 192.168.100.1/24 set service ssh set system conntrack logging events destroy set system conntrack timeout icmp 1 set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 2: Set the following configuration in DUT1 :
set interfaces ethernet eth0 address 192.168.100.2/24 set protocols static route 0.0.0.0/0 next-hop 192.168.100.1 set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 3: Ping IP address 192.168.100.1 from DUT1:
admin@DUT1$ ping 192.168.100.1 count 1 size 56 timeout 1Show output
PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data. 64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=1.79 ms --- 192.168.100.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 1.793/1.793/1.793/0.000 ms
Step 4: Ping IP address 192.168.100.1 from DUT1:
admin@DUT1$ ping 192.168.100.1 count 3 size 56 timeout 1Show output
PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data. 64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.326 ms 64 bytes from 192.168.100.1: icmp_seq=2 ttl=64 time=0.383 ms 64 bytes from 192.168.100.1: icmp_seq=3 ttl=64 time=0.322 ms --- 192.168.100.1 ping statistics --- 3 packets transmitted, 3 received, 0% packet loss, time 2028ms rtt min/avg/max/mdev = 0.322/0.343/0.383/0.027 ms
Step 5: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
ulogd\[.*\]:.*\[DESTROY\].*SRC=192.168.100.2Show output
Mar 21 23:51:40.508694 osdx systemd-journald[1895]: Runtime Journal (/run/log/journal/6cebe234af79438581ed1b67e499c22c) is 2.0M, max 15.3M, 13.3M free. Mar 21 23:51:40.509519 osdx systemd-journald[1895]: Received client request to rotate journal, rotating. Mar 21 23:51:40.509582 osdx systemd-journald[1895]: Vacuuming done, freed 0B of archived journals from /run/log/journal/6cebe234af79438581ed1b67e499c22c. Mar 21 23:51:40.531621 osdx OSDxCLI[2009]: User 'admin' executed a new command: 'system journal clear'. Mar 21 23:51:41.174440 osdx osdx-coredump[8105]: Deleting all coredumps in /opt/vyatta/etc/config/coredump... Mar 21 23:51:41.193327 osdx OSDxCLI[2009]: User 'admin' executed a new command: 'system coredump delete all'. Mar 21 23:51:42.100302 osdx OSDxCLI[2009]: User 'admin' entered the configuration menu. Mar 21 23:51:42.265832 osdx OSDxCLI[2009]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 192.168.100.1/24'. Mar 21 23:51:42.379324 osdx OSDxCLI[2009]: User 'admin' added a new cfg line: 'set system conntrack logging events destroy'. Mar 21 23:51:42.487366 osdx OSDxCLI[2009]: User 'admin' added a new cfg line: 'set system conntrack timeout icmp 1'. Mar 21 23:51:42.671695 osdx OSDxCLI[2009]: User 'admin' added a new cfg line: 'set service ssh'. Mar 21 23:51:42.810699 osdx OSDxCLI[2009]: User 'admin' added a new cfg line: 'show working'. Mar 21 23:51:42.932448 osdx ubnt-cfgd[8129]: inactive Mar 21 23:51:43.060963 osdx INFO[8147]: FRR daemons did not change Mar 21 23:51:43.104848 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Mar 21 23:51:43.253431 osdx systemd[1]: Starting ulogd2.service - Netfilter Userspace Logging Daemon... Mar 21 23:51:43.254698 osdx systemd[1]: Started ulogd2.service - Netfilter Userspace Logging Daemon. Mar 21 23:51:43.255300 osdx ulogd[8240]: registering plugin `NFCT' Mar 21 23:51:43.255398 osdx ulogd[8240]: registering plugin `IP2STR' Mar 21 23:51:43.255479 osdx ulogd[8240]: registering plugin `PRINTFLOW' Mar 21 23:51:43.255561 osdx ulogd[8240]: registering plugin `SYSLOG' Mar 21 23:51:43.255567 osdx ulogd[8240]: building new pluginstance stack: 'ct1:NFCT,ip2str1:IP2STR,print1:PRINTFLOW,sys1:SYSLOG' Mar 21 23:51:43.255642 osdx ulogd[8240]: NFCT plugin working in event mode Mar 21 23:51:43.255654 osdx ulogd[8240]: Changing UID / GID Mar 21 23:51:43.255775 osdx ulogd[8240]: initialization finished, entering main loop Mar 21 23:51:43.413943 osdx systemd[1]: Starting ssh.service - OpenBSD Secure Shell server... Mar 21 23:51:43.440071 osdx sshd[8246]: Server listening on 0.0.0.0 port 22. Mar 21 23:51:43.440467 osdx sshd[8246]: Server listening on :: port 22. Mar 21 23:51:43.440699 osdx systemd[1]: Started ssh.service - OpenBSD Secure Shell server. Mar 21 23:51:43.483763 osdx cfgd[1680]: [2009]Completed change to active configuration Mar 21 23:51:43.503347 osdx OSDxCLI[2009]: User 'admin' committed the configuration. Mar 21 23:51:43.551530 osdx OSDxCLI[2009]: User 'admin' left the configuration menu. Mar 21 23:51:46.271325 osdx ulogd[8240]: [DESTROY] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 Mar 21 23:51:47.295247 osdx ulogd[8240]: [DESTROY] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84
Default logging
Description
Set a simple configuration, send a ping command from one device to other
and check that default fields appear when running system journal show.
Scenario
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 192.168.100.1/24 set system conntrack logging events all set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 2: Set the following configuration in DUT1 :
set interfaces ethernet eth0 address 192.168.100.2/24 set protocols static route 0.0.0.0/0 next-hop 192.168.100.1 set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 3: Ping IP address 192.168.100.1 from DUT1:
admin@DUT1$ ping 192.168.100.1 count 1 size 56 timeout 1Show output
PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data. 64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.627 ms --- 192.168.100.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.627/0.627/0.627/0.000 ms
Step 4: Ping IP address 192.168.100.1 from DUT1:
admin@DUT1$ ping 192.168.100.1 count 1 size 56 timeout 1Show output
PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data. 64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.650 ms --- 192.168.100.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.650/0.650/0.650/0.000 ms
Step 5: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
ulogd\[.*\]:.*\[((NEW)|(UPDATE)|(DESTROY))\].*SRC=192.168.100.2Show output
Mar 21 23:51:57.431792 osdx systemd-journald[1895]: Runtime Journal (/run/log/journal/6cebe234af79438581ed1b67e499c22c) is 2.3M, max 15.3M, 12.9M free. Mar 21 23:51:57.432620 osdx systemd-journald[1895]: Received client request to rotate journal, rotating. Mar 21 23:51:57.432681 osdx systemd-journald[1895]: Vacuuming done, freed 0B of archived journals from /run/log/journal/6cebe234af79438581ed1b67e499c22c. Mar 21 23:51:57.450150 osdx OSDxCLI[2009]: User 'admin' executed a new command: 'system journal clear'. Mar 21 23:51:58.017309 osdx osdx-coredump[8455]: Deleting all coredumps in /opt/vyatta/etc/config/coredump... Mar 21 23:51:58.031343 osdx OSDxCLI[2009]: User 'admin' executed a new command: 'system coredump delete all'. Mar 21 23:51:58.807103 osdx OSDxCLI[2009]: User 'admin' entered the configuration menu. Mar 21 23:51:58.969121 osdx OSDxCLI[2009]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 192.168.100.1/24'. Mar 21 23:51:59.071825 osdx OSDxCLI[2009]: User 'admin' added a new cfg line: 'set system conntrack logging events all'. Mar 21 23:51:59.241072 osdx OSDxCLI[2009]: User 'admin' added a new cfg line: 'show working'. Mar 21 23:51:59.386805 osdx ubnt-cfgd[8477]: inactive Mar 21 23:51:59.482638 osdx INFO[8489]: FRR daemons did not change Mar 21 23:51:59.520509 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Mar 21 23:51:59.657108 osdx systemd[1]: Starting ulogd2.service - Netfilter Userspace Logging Daemon... Mar 21 23:51:59.658302 osdx systemd[1]: Started ulogd2.service - Netfilter Userspace Logging Daemon. Mar 21 23:51:59.658439 osdx ulogd[8580]: registering plugin `NFCT' Mar 21 23:51:59.658876 osdx ulogd[8580]: registering plugin `IP2STR' Mar 21 23:51:59.659148 osdx ulogd[8580]: registering plugin `PRINTFLOW' Mar 21 23:51:59.659305 osdx ulogd[8580]: registering plugin `SYSLOG' Mar 21 23:51:59.659373 osdx ulogd[8580]: building new pluginstance stack: 'ct1:NFCT,ip2str1:IP2STR,print1:PRINTFLOW,sys1:SYSLOG' Mar 21 23:51:59.659502 osdx ulogd[8580]: NFCT plugin working in event mode Mar 21 23:51:59.660253 osdx ulogd[8580]: Changing UID / GID Mar 21 23:51:59.660614 osdx ulogd[8580]: initialization finished, entering main loop Mar 21 23:51:59.661025 osdx cfgd[1680]: [2009]Completed change to active configuration Mar 21 23:51:59.682115 osdx OSDxCLI[2009]: User 'admin' committed the configuration. Mar 21 23:51:59.714843 osdx OSDxCLI[2009]: User 'admin' left the configuration menu. Mar 21 23:52:01.163552 osdx ulogd[8580]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 Mar 21 23:52:01.163596 osdx ulogd[8580]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 Mar 21 23:52:01.360280 osdx ulogd[8580]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 Mar 21 23:52:01.360312 osdx ulogd[8580]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0
Identity logging
Description
Set a simple configuration with identity OSDx_DUT0 for logs entries, send a ping command from one device to other
and check that the identity has changed when running system journal show.
Scenario
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 192.168.100.1/24 set system conntrack logging events all set system conntrack logging identity OSDx_DUT0 set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 2: Set the following configuration in DUT1 :
set interfaces ethernet eth0 address 192.168.100.2/24 set protocols static route 0.0.0.0/0 next-hop 192.168.100.1 set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 3: Ping IP address 192.168.100.1 from DUT1:
admin@DUT1$ ping 192.168.100.1 count 1 size 56 timeout 1Show output
PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data. 64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.628 ms --- 192.168.100.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.628/0.628/0.628/0.000 ms
Step 4: Ping IP address 192.168.100.1 from DUT1:
admin@DUT1$ ping 192.168.100.1 count 1 size 56 timeout 1Show output
PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data. 64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.767 ms --- 192.168.100.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.767/0.767/0.767/0.000 ms
Step 5: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
OSDx_DUT0\[.*\]:.*\[((NEW)|(UPDATE)|(DESTROY))\].*SRC=192.168.100.2Show output
Mar 21 23:52:09.469683 osdx systemd-journald[1895]: Runtime Journal (/run/log/journal/6cebe234af79438581ed1b67e499c22c) is 2.0M, max 15.3M, 13.3M free. Mar 21 23:52:09.471764 osdx systemd-journald[1895]: Received client request to rotate journal, rotating. Mar 21 23:52:09.471854 osdx systemd-journald[1895]: Vacuuming done, freed 0B of archived journals from /run/log/journal/6cebe234af79438581ed1b67e499c22c. Mar 21 23:52:09.491937 osdx OSDxCLI[2009]: User 'admin' executed a new command: 'system journal clear'. Mar 21 23:52:10.084347 osdx osdx-coredump[8765]: Deleting all coredumps in /opt/vyatta/etc/config/coredump... Mar 21 23:52:10.097425 osdx OSDxCLI[2009]: User 'admin' executed a new command: 'system coredump delete all'. Mar 21 23:52:10.902648 osdx OSDxCLI[2009]: User 'admin' entered the configuration menu. Mar 21 23:52:11.086573 osdx OSDxCLI[2009]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 192.168.100.1/24'. Mar 21 23:52:11.197874 osdx OSDxCLI[2009]: User 'admin' added a new cfg line: 'set system conntrack logging events all'. Mar 21 23:52:11.313943 osdx OSDxCLI[2009]: User 'admin' added a new cfg line: 'set system conntrack logging identity OSDx_DUT0'. Mar 21 23:52:11.479132 osdx OSDxCLI[2009]: User 'admin' added a new cfg line: 'show working'. Mar 21 23:52:11.583408 osdx ubnt-cfgd[8788]: inactive Mar 21 23:52:11.749515 osdx INFO[8800]: FRR daemons did not change Mar 21 23:52:11.795526 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Mar 21 23:52:11.948053 osdx systemd[1]: Starting ulogd2.service - Netfilter Userspace Logging Daemon... Mar 21 23:52:11.949905 osdx systemd[1]: ulogd2.service: Failed to parse PID from file /run/ulog/ulogd.pid: Invalid argument Mar 21 23:52:11.951333 osdx ulogd[8891]: registering plugin `NFCT' Mar 21 23:52:11.951840 osdx ulogd[8891]: registering plugin `IP2STR' Mar 21 23:52:11.952025 osdx ulogd[8891]: registering plugin `PRINTFLOW' Mar 21 23:52:11.952189 osdx ulogd[8891]: registering plugin `SYSLOG' Mar 21 23:52:11.952271 osdx ulogd[8891]: building new pluginstance stack: 'ct1:NFCT,ip2str1:IP2STR,print1:PRINTFLOW,sys1:SYSLOG' Mar 21 23:52:11.952380 osdx ulogd[8891]: NFCT plugin working in event mode Mar 21 23:52:11.952442 osdx OSDx_DUT0[8891]: Changing UID / GID Mar 21 23:52:11.952583 osdx OSDx_DUT0[8891]: initialization finished, entering main loop Mar 21 23:52:11.963552 osdx systemd[1]: Started ulogd2.service - Netfilter Userspace Logging Daemon. Mar 21 23:52:11.965576 osdx cfgd[1680]: [2009]Completed change to active configuration Mar 21 23:52:11.984462 osdx OSDxCLI[2009]: User 'admin' committed the configuration. Mar 21 23:52:12.026149 osdx OSDxCLI[2009]: User 'admin' left the configuration menu. Mar 21 23:52:13.583916 osdx OSDx_DUT0[8891]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 Mar 21 23:52:13.583946 osdx OSDx_DUT0[8891]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 Mar 21 23:52:13.776923 osdx OSDx_DUT0[8891]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 Mar 21 23:52:13.776947 osdx OSDx_DUT0[8891]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0
Note
If the identity is not provided, “ulogd” will be used by default.
Step 6: Modify the following configuration lines in DUT0 :
delete system conntrack logging identity
Step 7: Ping IP address 192.168.100.1 from DUT1:
admin@DUT1$ ping 192.168.100.1 count 1 size 56 timeout 1Show output
PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data. 64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.322 ms --- 192.168.100.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.322/0.322/0.322/0.000 ms
Step 8: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
ulogd\[.*\]:.*\[((NEW)|(UPDATE)|(DESTROY))\].*SRC=192.168.100.2Show output
Mar 21 23:52:09.469683 osdx systemd-journald[1895]: Runtime Journal (/run/log/journal/6cebe234af79438581ed1b67e499c22c) is 2.0M, max 15.3M, 13.3M free. Mar 21 23:52:09.471764 osdx systemd-journald[1895]: Received client request to rotate journal, rotating. Mar 21 23:52:09.471854 osdx systemd-journald[1895]: Vacuuming done, freed 0B of archived journals from /run/log/journal/6cebe234af79438581ed1b67e499c22c. Mar 21 23:52:09.491937 osdx OSDxCLI[2009]: User 'admin' executed a new command: 'system journal clear'. Mar 21 23:52:10.084347 osdx osdx-coredump[8765]: Deleting all coredumps in /opt/vyatta/etc/config/coredump... Mar 21 23:52:10.097425 osdx OSDxCLI[2009]: User 'admin' executed a new command: 'system coredump delete all'. Mar 21 23:52:10.902648 osdx OSDxCLI[2009]: User 'admin' entered the configuration menu. Mar 21 23:52:11.086573 osdx OSDxCLI[2009]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 192.168.100.1/24'. Mar 21 23:52:11.197874 osdx OSDxCLI[2009]: User 'admin' added a new cfg line: 'set system conntrack logging events all'. Mar 21 23:52:11.313943 osdx OSDxCLI[2009]: User 'admin' added a new cfg line: 'set system conntrack logging identity OSDx_DUT0'. Mar 21 23:52:11.479132 osdx OSDxCLI[2009]: User 'admin' added a new cfg line: 'show working'. Mar 21 23:52:11.583408 osdx ubnt-cfgd[8788]: inactive Mar 21 23:52:11.749515 osdx INFO[8800]: FRR daemons did not change Mar 21 23:52:11.795526 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Mar 21 23:52:11.948053 osdx systemd[1]: Starting ulogd2.service - Netfilter Userspace Logging Daemon... Mar 21 23:52:11.949905 osdx systemd[1]: ulogd2.service: Failed to parse PID from file /run/ulog/ulogd.pid: Invalid argument Mar 21 23:52:11.951333 osdx ulogd[8891]: registering plugin `NFCT' Mar 21 23:52:11.951840 osdx ulogd[8891]: registering plugin `IP2STR' Mar 21 23:52:11.952025 osdx ulogd[8891]: registering plugin `PRINTFLOW' Mar 21 23:52:11.952189 osdx ulogd[8891]: registering plugin `SYSLOG' Mar 21 23:52:11.952271 osdx ulogd[8891]: building new pluginstance stack: 'ct1:NFCT,ip2str1:IP2STR,print1:PRINTFLOW,sys1:SYSLOG' Mar 21 23:52:11.952380 osdx ulogd[8891]: NFCT plugin working in event mode Mar 21 23:52:11.952442 osdx OSDx_DUT0[8891]: Changing UID / GID Mar 21 23:52:11.952583 osdx OSDx_DUT0[8891]: initialization finished, entering main loop Mar 21 23:52:11.963552 osdx systemd[1]: Started ulogd2.service - Netfilter Userspace Logging Daemon. Mar 21 23:52:11.965576 osdx cfgd[1680]: [2009]Completed change to active configuration Mar 21 23:52:11.984462 osdx OSDxCLI[2009]: User 'admin' committed the configuration. Mar 21 23:52:12.026149 osdx OSDxCLI[2009]: User 'admin' left the configuration menu. Mar 21 23:52:13.583916 osdx OSDx_DUT0[8891]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 Mar 21 23:52:13.583946 osdx OSDx_DUT0[8891]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 Mar 21 23:52:13.776923 osdx OSDx_DUT0[8891]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 Mar 21 23:52:13.776947 osdx OSDx_DUT0[8891]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 Mar 21 23:52:13.938764 osdx OSDxCLI[2009]: User 'admin' executed a new command: 'system journal show | cat'. Mar 21 23:52:14.214539 osdx OSDxCLI[2009]: User 'admin' entered the configuration menu. Mar 21 23:52:14.326412 osdx OSDxCLI[2009]: User 'admin' added a new cfg line: 'delete system conntrack logging identity'. Mar 21 23:52:14.464209 osdx OSDxCLI[2009]: User 'admin' added a new cfg line: 'show changes'. Mar 21 23:52:14.584451 osdx ubnt-cfgd[8927]: inactive Mar 21 23:52:14.884673 osdx INFO[8937]: FRR daemons did not change Mar 21 23:52:14.903088 osdx OSDx_DUT0[8891]: Terminal signal received, exiting Mar 21 23:52:14.903264 osdx systemd[1]: Stopping ulogd2.service - Netfilter Userspace Logging Daemon... Mar 21 23:52:14.903762 osdx systemd[1]: ulogd2.service: Deactivated successfully. Mar 21 23:52:14.903926 osdx systemd[1]: Stopped ulogd2.service - Netfilter Userspace Logging Daemon. Mar 21 23:52:14.940422 osdx systemd[1]: Starting ulogd2.service - Netfilter Userspace Logging Daemon... Mar 21 23:52:14.941550 osdx ulogd[8945]: registering plugin `NFCT' Mar 21 23:52:14.941608 osdx systemd[1]: Started ulogd2.service - Netfilter Userspace Logging Daemon. Mar 21 23:52:14.942029 osdx ulogd[8945]: registering plugin `IP2STR' Mar 21 23:52:14.942143 osdx ulogd[8945]: registering plugin `PRINTFLOW' Mar 21 23:52:14.942282 osdx ulogd[8945]: registering plugin `SYSLOG' Mar 21 23:52:14.942335 osdx ulogd[8945]: building new pluginstance stack: 'ct1:NFCT,ip2str1:IP2STR,print1:PRINTFLOW,sys1:SYSLOG' Mar 21 23:52:14.942459 osdx ulogd[8945]: NFCT plugin working in event mode Mar 21 23:52:14.942512 osdx ulogd[8945]: Changing UID / GID Mar 21 23:52:14.942631 osdx ulogd[8945]: initialization finished, entering main loop Mar 21 23:52:14.945847 osdx cfgd[1680]: [2009]Completed change to active configuration Mar 21 23:52:14.947953 osdx ulogd[8945]: [DESTROY] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 Mar 21 23:52:14.948088 osdx ulogd[8945]: [DESTROY] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 Mar 21 23:52:14.948915 osdx OSDxCLI[2009]: User 'admin' committed the configuration. Mar 21 23:52:15.008926 osdx OSDxCLI[2009]: User 'admin' left the configuration menu. Mar 21 23:52:15.230835 osdx ulogd[8945]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 Mar 21 23:52:15.230929 osdx ulogd[8945]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0
Policies logging
Description
Set a simple configuration with mark and label traffic policies,
send a ping command from one device to other
and check that default, mark and label fields appear when running system journal show.
Scenario
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 192.168.100.1/24 set interfaces ethernet eth0 traffic policy in POLICY set system conntrack logging events all set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0' set traffic label TEST set traffic policy POLICY rule 1 set connmark 33 set traffic policy POLICY rule 1 set label TEST
Step 2: Set the following configuration in DUT1 :
set interfaces ethernet eth0 address 192.168.100.2/24 set protocols static route 0.0.0.0/0 next-hop 192.168.100.1 set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 3: Ping IP address 192.168.100.1 from DUT1:
admin@DUT1$ ping 192.168.100.1 count 1 size 56 timeout 1Show output
PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data. 64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.581 ms --- 192.168.100.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.581/0.581/0.581/0.000 ms
Step 4: Ping IP address 192.168.100.1 from DUT1:
admin@DUT1$ ping 192.168.100.1 count 2 size 56 timeout 1Show output
PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data. 64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.365 ms 64 bytes from 192.168.100.1: icmp_seq=2 ttl=64 time=0.295 ms --- 192.168.100.1 ping statistics --- 2 packets transmitted, 2 received, 0% packet loss, time 1012ms rtt min/avg/max/mdev = 0.295/0.330/0.365/0.035 ms
Step 5: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
ulogd\[.*\]:.*\[((NEW)|(UPDATE)|(DESTROY))\].*MARK=33.*LABELS=TESTShow output
Mar 21 23:52:22.419726 osdx systemd-journald[1895]: Runtime Journal (/run/log/journal/6cebe234af79438581ed1b67e499c22c) is 2.0M, max 15.3M, 13.3M free. Mar 21 23:52:22.422595 osdx systemd-journald[1895]: Received client request to rotate journal, rotating. Mar 21 23:52:22.422684 osdx systemd-journald[1895]: Vacuuming done, freed 0B of archived journals from /run/log/journal/6cebe234af79438581ed1b67e499c22c. Mar 21 23:52:22.439233 osdx OSDxCLI[2009]: User 'admin' executed a new command: 'system journal clear'. Mar 21 23:52:23.109237 osdx osdx-coredump[9108]: Deleting all coredumps in /opt/vyatta/etc/config/coredump... Mar 21 23:52:23.124039 osdx OSDxCLI[2009]: User 'admin' executed a new command: 'system coredump delete all'. Mar 21 23:52:24.046681 osdx OSDxCLI[2009]: User 'admin' entered the configuration menu. Mar 21 23:52:24.232656 osdx OSDxCLI[2009]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 traffic policy in POLICY'. Mar 21 23:52:24.361184 osdx OSDxCLI[2009]: User 'admin' added a new cfg line: 'set traffic label TEST'. Mar 21 23:52:24.487832 osdx OSDxCLI[2009]: User 'admin' added a new cfg line: 'set traffic policy POLICY rule 1 set connmark 33'. Mar 21 23:52:24.628262 osdx OSDxCLI[2009]: User 'admin' added a new cfg line: 'set traffic policy POLICY rule 1 set label TEST'. Mar 21 23:52:24.754883 osdx OSDxCLI[2009]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 192.168.100.1/24'. Mar 21 23:52:24.885204 osdx OSDxCLI[2009]: User 'admin' added a new cfg line: 'set system conntrack logging events all'. Mar 21 23:52:25.035552 osdx OSDxCLI[2009]: User 'admin' added a new cfg line: 'show working'. Mar 21 23:52:25.145894 osdx ubnt-cfgd[9134]: inactive Mar 21 23:52:25.288204 osdx INFO[9152]: FRR daemons did not change Mar 21 23:52:25.330599 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Mar 21 23:52:25.459389 osdx systemd[1]: Starting ulogd2.service - Netfilter Userspace Logging Daemon... Mar 21 23:52:25.460712 osdx systemd[1]: Started ulogd2.service - Netfilter Userspace Logging Daemon. Mar 21 23:52:25.460719 osdx ulogd[9243]: registering plugin `NFCT' Mar 21 23:52:25.460810 osdx ulogd[9243]: registering plugin `IP2STR' Mar 21 23:52:25.460955 osdx ulogd[9243]: registering plugin `PRINTFLOW' Mar 21 23:52:25.461050 osdx ulogd[9243]: registering plugin `SYSLOG' Mar 21 23:52:25.461057 osdx ulogd[9243]: building new pluginstance stack: 'ct1:NFCT,ip2str1:IP2STR,print1:PRINTFLOW,sys1:SYSLOG' Mar 21 23:52:25.461153 osdx ulogd[9243]: NFCT plugin working in event mode Mar 21 23:52:25.461165 osdx ulogd[9243]: Changing UID / GID Mar 21 23:52:25.461282 osdx ulogd[9243]: initialization finished, entering main loop Mar 21 23:52:25.478074 osdx systemd[1]: Stopping ulogd2.service - Netfilter Userspace Logging Daemon... Mar 21 23:52:25.478361 osdx ulogd[9243]: Terminal signal received, exiting Mar 21 23:52:25.479057 osdx systemd[1]: ulogd2.service: Deactivated successfully. Mar 21 23:52:25.479220 osdx systemd[1]: Stopped ulogd2.service - Netfilter Userspace Logging Daemon. Mar 21 23:52:25.480787 osdx systemd[1]: Starting ulogd2.service - Netfilter Userspace Logging Daemon... Mar 21 23:52:25.481991 osdx systemd[1]: ulogd2.service: Failed to parse PID from file /run/ulog/ulogd.pid: Invalid argument Mar 21 23:52:25.483267 osdx ulogd[9249]: registering plugin `NFCT' Mar 21 23:52:25.483359 osdx ulogd[9249]: registering plugin `IP2STR' Mar 21 23:52:25.483448 osdx ulogd[9249]: registering plugin `PRINTFLOW' Mar 21 23:52:25.483544 osdx ulogd[9249]: registering plugin `SYSLOG' Mar 21 23:52:25.483551 osdx ulogd[9249]: building new pluginstance stack: 'ct1:NFCT,ip2str1:IP2STR,print1:PRINTFLOW,sys1:SYSLOG' Mar 21 23:52:25.483623 osdx ulogd[9249]: NFCT plugin working in event mode Mar 21 23:52:25.483634 osdx ulogd[9249]: Changing UID / GID Mar 21 23:52:25.483747 osdx ulogd[9249]: initialization finished, entering main loop Mar 21 23:52:25.498658 osdx systemd[1]: Started ulogd2.service - Netfilter Userspace Logging Daemon. Mar 21 23:52:25.704410 osdx cfgd[1680]: [2009]Completed change to active configuration Mar 21 23:52:25.722885 osdx OSDxCLI[2009]: User 'admin' committed the configuration. Mar 21 23:52:25.770032 osdx OSDxCLI[2009]: User 'admin' left the configuration menu. Mar 21 23:52:27.049557 osdx ulogd[9249]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 MARK=33 LABELS=TEST Mar 21 23:52:27.049594 osdx ulogd[9249]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 MARK=33 Mar 21 23:52:27.241050 osdx ulogd[9249]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 MARK=33 LABELS=TEST Mar 21 23:52:27.241078 osdx ulogd[9249]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 MARK=33
VRF logging
Description
Set a simple configuration with a vrf,
send a ping command from one device to other
and check that default and vrf fields appear when running system journal show.
Scenario
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 192.168.100.1/24 set interfaces ethernet eth0 vrf RED set protocols vrf RED static route 0.0.0.0/0 next-hop 192.168.100.2 set system conntrack logging events all set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0' set system vrf RED
Step 2: Set the following configuration in DUT1 :
set interfaces ethernet eth0 address 192.168.100.2/24 set protocols static route 0.0.0.0/0 next-hop 192.168.100.1 set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 3: Ping IP address 192.168.100.1 from DUT1:
admin@DUT1$ ping 192.168.100.1 count 1 size 56 timeout 1Show output
PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data. 64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=1.44 ms --- 192.168.100.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 1.442/1.442/1.442/0.000 ms
Step 4: Ping IP address 192.168.100.1 from DUT1:
admin@DUT1$ ping 192.168.100.1 count 1 size 56 timeout 1Show output
PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data. 64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.931 ms --- 192.168.100.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.931/0.931/0.931/0.000 ms
Step 5: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
ulogd\[.*\]:.*\[((NEW)|(UPDATE)|(DESTROY))\].*VRF=REDShow output
Mar 21 23:52:35.460565 osdx systemd-journald[1895]: Runtime Journal (/run/log/journal/6cebe234af79438581ed1b67e499c22c) is 2.0M, max 15.3M, 13.2M free. Mar 21 23:52:35.463286 osdx systemd-journald[1895]: Received client request to rotate journal, rotating. Mar 21 23:52:35.463523 osdx systemd-journald[1895]: Vacuuming done, freed 0B of archived journals from /run/log/journal/6cebe234af79438581ed1b67e499c22c. Mar 21 23:52:35.480318 osdx OSDxCLI[2009]: User 'admin' executed a new command: 'system journal clear'. Mar 21 23:52:36.154681 osdx osdx-coredump[9475]: Deleting all coredumps in /opt/vyatta/etc/config/coredump... Mar 21 23:52:36.170807 osdx OSDxCLI[2009]: User 'admin' executed a new command: 'system coredump delete all'. Mar 21 23:52:37.103462 osdx OSDxCLI[2009]: User 'admin' entered the configuration menu. Mar 21 23:52:37.258578 osdx OSDxCLI[2009]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 vrf RED'. Mar 21 23:52:37.427116 osdx OSDxCLI[2009]: User 'admin' added a new cfg line: 'set protocols vrf RED static route 0.0.0.0/0 next-hop 192.168.100.2'. Mar 21 23:52:37.564042 osdx OSDxCLI[2009]: User 'admin' added a new cfg line: 'set system vrf RED'. Mar 21 23:52:37.689191 osdx OSDxCLI[2009]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 192.168.100.1/24'. Mar 21 23:52:37.825583 osdx OSDxCLI[2009]: User 'admin' added a new cfg line: 'set system conntrack logging events all'. Mar 21 23:52:38.019815 osdx OSDxCLI[2009]: User 'admin' added a new cfg line: 'show working'. Mar 21 23:52:38.213349 osdx ubnt-cfgd[9500]: inactive Mar 21 23:52:38.394563 osdx INFO[9512]: FRR daemons did not change Mar 21 23:52:38.441810 osdx (udev-worker)[9525]: RED: Could not disable auto negotiation, ignoring: Operation not supported Mar 21 23:52:38.442186 osdx (udev-worker)[9525]: Network interface NamePolicy= disabled on kernel command line. Mar 21 23:52:38.499483 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Mar 21 23:52:38.643214 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Mar 21 23:52:38.840075 osdx systemd[1]: Starting ulogd2.service - Netfilter Userspace Logging Daemon... Mar 21 23:52:38.842273 osdx systemd[1]: ulogd2.service: Failed to parse PID from file /run/ulog/ulogd.pid: Invalid argument Mar 21 23:52:38.843259 osdx systemd[1]: Started ulogd2.service - Netfilter Userspace Logging Daemon. Mar 21 23:52:38.843523 osdx ulogd[9678]: registering plugin `NFCT' Mar 21 23:52:38.843736 osdx ulogd[9678]: registering plugin `IP2STR' Mar 21 23:52:38.843830 osdx ulogd[9678]: registering plugin `PRINTFLOW' Mar 21 23:52:38.844030 osdx ulogd[9678]: registering plugin `SYSLOG' Mar 21 23:52:38.844038 osdx ulogd[9678]: building new pluginstance stack: 'ct1:NFCT,ip2str1:IP2STR,print1:PRINTFLOW,sys1:SYSLOG' Mar 21 23:52:38.844174 osdx ulogd[9678]: NFCT plugin working in event mode Mar 21 23:52:38.844248 osdx ulogd[9678]: Changing UID / GID Mar 21 23:52:38.844516 osdx ulogd[9678]: initialization finished, entering main loop Mar 21 23:52:38.846440 osdx cfgd[1680]: [2009]Completed change to active configuration Mar 21 23:52:38.872274 osdx OSDxCLI[2009]: User 'admin' committed the configuration. Mar 21 23:52:38.935297 osdx OSDxCLI[2009]: User 'admin' left the configuration menu. Mar 21 23:52:40.441318 osdx ulogd[9678]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 VRF=RED PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 VRF=RED PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 Mar 21 23:52:40.441351 osdx ulogd[9678]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 VRF=RED PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 VRF=RED PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 Mar 21 23:52:40.605511 osdx ulogd[9678]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 VRF=RED PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 VRF=RED PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 Mar 21 23:52:40.605838 osdx ulogd[9678]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 VRF=RED PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 VRF=RED PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0
Not-Bypass logging
Description
Set a simple configuration with a firewall service,
send a ping command from one device to other
and check that default and bypass fields appear when running system journal show.
Scenario
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth1 address 10.215.168.64/24 set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 2: Ping IP address 10.215.168.1 from DUT0:
admin@DUT0$ ping 10.215.168.1 count 1 size 56 timeout 1Show output
PING 10.215.168.1 (10.215.168.1) 56(84) bytes of data. 64 bytes from 10.215.168.1: icmp_seq=1 ttl=64 time=0.279 ms --- 10.215.168.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.279/0.279/0.279/0.000 ms
Step 3: Run command file copy http://10.215.168.1/~robot/test-performance.rules running:// force at DUT0 and expect this output:
Show output
% Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 100 129 100 129 0 0 39534 0 --:--:-- --:--:-- --:--:-- 43000
Step 4: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 192.168.100.1/24 set interfaces ethernet eth0 traffic policy in POLICY set interfaces ethernet eth1 address 10.215.168.64/24 set service firewall FW mode inline queue FW_Q set service firewall FW ruleset file 'running://test-performance.rules' set service firewall FW stream bypass mark 129834765 set service firewall FW stream bypass mask 129834765 set service firewall FW stream bypass set-connmark set system conntrack logging events all set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0' set traffic policy POLICY rule 1 action enqueue FW_Q set traffic queue FW_Q elements 1
Step 5: Set the following configuration in DUT1 :
set interfaces ethernet eth0 address 192.168.100.2/24 set protocols static route 0.0.0.0/0 next-hop 192.168.100.1 set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 6: Ping IP address 192.168.100.1 from DUT1:
admin@DUT1$ ping 192.168.100.1 count 1 size 56 timeout 1Show output
PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data. 64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.940 ms --- 192.168.100.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.940/0.940/0.940/0.000 ms
Step 7: Ping IP address 192.168.100.1 from DUT1:
admin@DUT1$ ping 192.168.100.1 count 1 size 56 timeout 1Show output
PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data. 64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.520 ms --- 192.168.100.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.520/0.520/0.520/0.000 ms
Step 8: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
ulogd\[.*\]:.*\[((NEW)|(UPDATE)|(DESTROY))\].*Sc: not-bypassShow output
Mar 21 23:52:49.624350 osdx systemd-journald[1895]: Runtime Journal (/run/log/journal/6cebe234af79438581ed1b67e499c22c) is 2.0M, max 15.3M, 13.2M free. Mar 21 23:52:49.627546 osdx systemd-journald[1895]: Received client request to rotate journal, rotating. Mar 21 23:52:49.627647 osdx systemd-journald[1895]: Vacuuming done, freed 0B of archived journals from /run/log/journal/6cebe234af79438581ed1b67e499c22c. Mar 21 23:52:49.652489 osdx OSDxCLI[2009]: User 'admin' executed a new command: 'system journal clear'. Mar 21 23:52:50.684313 osdx osdx-coredump[9942]: Deleting all coredumps in /opt/vyatta/etc/config/coredump... Mar 21 23:52:50.723605 osdx OSDxCLI[2009]: User 'admin' executed a new command: 'system coredump delete all'. Mar 21 23:52:51.787020 osdx OSDxCLI[2009]: User 'admin' entered the configuration menu. Mar 21 23:52:51.986817 osdx OSDxCLI[2009]: User 'admin' added a new cfg line: 'set interfaces ethernet eth1 address 10.215.168.64/24'. Mar 21 23:52:52.178292 osdx OSDxCLI[2009]: User 'admin' added a new cfg line: 'show working'. Mar 21 23:52:52.313183 osdx ubnt-cfgd[9963]: inactive Mar 21 23:52:52.778564 osdx INFO[9975]: FRR daemons did not change Mar 21 23:52:52.835502 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth1 Mar 21 23:52:52.949447 osdx cfgd[1680]: [2009]Completed change to active configuration Mar 21 23:52:52.976627 osdx OSDxCLI[2009]: User 'admin' committed the configuration. Mar 21 23:52:53.025092 osdx OSDxCLI[2009]: User 'admin' left the configuration menu. Mar 21 23:52:53.354550 osdx OSDxCLI[2009]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'. Mar 21 23:52:53.634142 osdx file_operation[10092]: using src url: http://10.215.168.1/~robot/test-performance.rules dst url: running:// Mar 21 23:52:53.676884 osdx OSDxCLI[2009]: User 'admin' executed a new command: 'file copy http://10.215.168.1/~robot/test-performance.rules running:// force'. Mar 21 23:52:53.871808 osdx OSDxCLI[2009]: User 'admin' entered the configuration menu. Mar 21 23:52:54.070893 osdx OSDxCLI[2009]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 traffic policy in POLICY'. Mar 21 23:52:54.190607 osdx OSDxCLI[2009]: User 'admin' added a new cfg line: 'set service firewall FW mode inline queue FW_Q'. Mar 21 23:52:54.336093 osdx OSDxCLI[2009]: User 'admin' added a new cfg line: 'set service firewall FW ruleset file running://test-performance.rules'. Mar 21 23:52:54.456969 osdx OSDxCLI[2009]: User 'admin' added a new cfg line: 'set service firewall FW stream bypass'. Mar 21 23:52:54.577258 osdx OSDxCLI[2009]: User 'admin' added a new cfg line: 'set service firewall FW stream bypass mark 129834765'. Mar 21 23:52:54.711609 osdx OSDxCLI[2009]: User 'admin' added a new cfg line: 'set service firewall FW stream bypass mask 129834765'. Mar 21 23:52:54.836292 osdx OSDxCLI[2009]: User 'admin' added a new cfg line: 'set service firewall FW stream bypass set-connmark'. Mar 21 23:52:54.971023 osdx OSDxCLI[2009]: User 'admin' added a new cfg line: 'set traffic queue FW_Q elements 1'. Mar 21 23:52:55.078086 osdx OSDxCLI[2009]: User 'admin' added a new cfg line: 'set traffic policy POLICY rule 1 action enqueue FW_Q'. Mar 21 23:52:55.261470 osdx OSDxCLI[2009]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 192.168.100.1/24'. Mar 21 23:52:55.379799 osdx OSDxCLI[2009]: User 'admin' added a new cfg line: 'set system conntrack logging events all'. Mar 21 23:52:55.632379 osdx OSDxCLI[2009]: User 'admin' added a new cfg line: 'show working'. Mar 21 23:52:55.778233 osdx ubnt-cfgd[10134]: inactive Mar 21 23:52:56.005469 osdx INFO[10155]: FRR daemons did not change Mar 21 23:52:56.055511 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Mar 21 23:52:56.256024 osdx systemd[1]: Starting ulogd2.service - Netfilter Userspace Logging Daemon... Mar 21 23:52:56.258241 osdx systemd[1]: Started ulogd2.service - Netfilter Userspace Logging Daemon. Mar 21 23:52:56.259470 osdx ulogd[10246]: registering plugin `NFCT' Mar 21 23:52:56.260082 osdx ulogd[10246]: registering plugin `IP2STR' Mar 21 23:52:56.260242 osdx ulogd[10246]: registering plugin `PRINTFLOW' Mar 21 23:52:56.261070 osdx ulogd[10246]: registering plugin `SYSLOG' Mar 21 23:52:56.261143 osdx ulogd[10246]: building new pluginstance stack: 'ct1:NFCT,ip2str1:IP2STR,print1:PRINTFLOW,sys1:SYSLOG' Mar 21 23:52:56.261437 osdx ulogd[10246]: NFCT plugin working in event mode Mar 21 23:52:56.261519 osdx ulogd[10246]: Changing UID / GID Mar 21 23:52:56.261688 osdx ulogd[10246]: initialization finished, entering main loop Mar 21 23:52:56.590838 osdx systemd[1]: Reloading. Mar 21 23:52:56.783502 osdx systemd-sysv-generator[10282]: stat() failed on /etc/init.d/README, ignoring: No such file or directory Mar 21 23:52:57.024057 osdx systemd[1]: Starting logrotate.service - Rotate log files... Mar 21 23:52:57.035552 osdx systemd[1]: Created slice system-suricata.slice - Slice /system/suricata. Mar 21 23:52:57.036993 osdx systemd[1]: Starting suricata@FW.service - Suricata client "FW" service... Mar 21 23:52:57.203948 osdx systemd[1]: logrotate.service: Deactivated successfully. Mar 21 23:52:57.204154 osdx systemd[1]: Finished logrotate.service - Rotate log files. Mar 21 23:52:57.542027 osdx systemd[1]: Started suricata@FW.service - Suricata client "FW" service. Mar 21 23:52:57.799205 osdx INFO[10265]: Rules successfully loaded Mar 21 23:52:57.820078 osdx ulogd[10246]: Terminal signal received, exiting Mar 21 23:52:57.820174 osdx systemd[1]: Stopping ulogd2.service - Netfilter Userspace Logging Daemon... Mar 21 23:52:57.820949 osdx systemd[1]: ulogd2.service: Deactivated successfully. Mar 21 23:52:57.821089 osdx systemd[1]: Stopped ulogd2.service - Netfilter Userspace Logging Daemon. Mar 21 23:52:57.852472 osdx systemd[1]: Starting ulogd2.service - Netfilter Userspace Logging Daemon... Mar 21 23:52:57.853287 osdx systemd[1]: ulogd2.service: Failed to parse PID from file /run/ulog/ulogd.pid: Invalid argument Mar 21 23:52:57.854310 osdx ulogd[10310]: registering plugin `NFCT' Mar 21 23:52:57.854458 osdx systemd[1]: Started ulogd2.service - Netfilter Userspace Logging Daemon. Mar 21 23:52:57.854818 osdx ulogd[10310]: registering plugin `IP2STR' Mar 21 23:52:57.855012 osdx ulogd[10310]: registering plugin `PRINTFLOW' Mar 21 23:52:57.855109 osdx ulogd[10310]: registering plugin `SYSLOG' Mar 21 23:52:57.855116 osdx ulogd[10310]: building new pluginstance stack: 'ct1:NFCT,ip2str1:IP2STR,print1:PRINTFLOW,sys1:SYSLOG' Mar 21 23:52:57.855347 osdx ulogd[10310]: NFCT plugin working in event mode Mar 21 23:52:57.855359 osdx ulogd[10310]: Changing UID / GID Mar 21 23:52:57.855998 osdx ulogd[10310]: initialization finished, entering main loop Mar 21 23:52:57.858620 osdx cfgd[1680]: [2009]Completed change to active configuration Mar 21 23:52:57.875187 osdx OSDxCLI[2009]: User 'admin' committed the configuration. Mar 21 23:52:57.910817 osdx OSDxCLI[2009]: User 'admin' left the configuration menu. Mar 21 23:52:59.406642 osdx ulogd[10310]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 (Sc: not-bypass) Mar 21 23:52:59.406677 osdx ulogd[10310]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 (Sc: not-bypass) Mar 21 23:52:59.624076 osdx ulogd[10310]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 (Sc: not-bypass) Mar 21 23:52:59.624108 osdx ulogd[10310]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 (Sc: not-bypass)
Offload flag
Description
Set a simple configuration with DUT0 as an intermediary between DUT1
and DUT2. Initiate a ssh connection from DUT1 to DUT2
and check that default and offload fields appear when running system journal show.
Scenario
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 192.168.100.1/24 set interfaces ethernet eth1 address 192.168.200.1/24 set system conntrack logging events all set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 2: Set the following configuration in DUT1 :
set interfaces ethernet eth0 address 192.168.100.2/24 set protocols static route 0.0.0.0/0 next-hop 192.168.100.1 set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 3: Set the following configuration in DUT2 :
set interfaces ethernet eth0 address 192.168.200.2/24 set protocols static route 0.0.0.0/0 next-hop 192.168.200.1 set service ssh set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 4: Ping IP address 192.168.100.1 from DUT1:
admin@DUT1$ ping 192.168.100.1 count 1 size 56 timeout 1Show output
PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data. 64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=1.49 ms --- 192.168.100.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 1.491/1.491/1.491/0.000 ms
Step 5: Ping IP address 192.168.200.1 from DUT2:
admin@DUT2$ ping 192.168.200.1 count 1 size 56 timeout 1Show output
PING 192.168.200.1 (192.168.200.1) 56(84) bytes of data. 64 bytes from 192.168.200.1: icmp_seq=1 ttl=64 time=0.638 ms --- 192.168.200.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.638/0.638/0.638/0.000 ms
Step 6: Init an SSH connection from DUT1 to IP address 192.168.200.2 with the user admin:
admin@DUT1$ ssh admin@192.168.200.2 option StrictHostKeyChecking=no option UserKnownHostsFile=/dev/nullShow output
Warning: Permanently added '192.168.200.2' (ECDSA) to the list of known hosts. admin@192.168.200.2's password: Welcome to Teldat OSDx 202503211214.a3e79e6-master-snapshot This system includes free software. Contact Teldat for licenses information and source code. Last login: Fri Mar 21 23:50:21 2025 from 10.215.168.64 admin@osdx$
Step 7: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
ulogd\[.*\]:.*\[((NEW)|(UPDATE)|(DESTROY))\].*\[OFFLOAD\]Show output
Mar 21 23:53:12.512173 osdx systemd-journald[1895]: Runtime Journal (/run/log/journal/6cebe234af79438581ed1b67e499c22c) is 2.0M, max 15.3M, 13.2M free. Mar 21 23:53:12.515655 osdx systemd-journald[1895]: Received client request to rotate journal, rotating. Mar 21 23:53:12.515724 osdx systemd-journald[1895]: Vacuuming done, freed 0B of archived journals from /run/log/journal/6cebe234af79438581ed1b67e499c22c. Mar 21 23:53:12.533245 osdx OSDxCLI[2009]: User 'admin' executed a new command: 'system journal clear'. Mar 21 23:53:13.160357 osdx osdx-coredump[10590]: Deleting all coredumps in /opt/vyatta/etc/config/coredump... Mar 21 23:53:13.176745 osdx OSDxCLI[2009]: User 'admin' executed a new command: 'system coredump delete all'. Mar 21 23:53:14.012189 osdx OSDxCLI[2009]: User 'admin' entered the configuration menu. Mar 21 23:53:14.241664 osdx OSDxCLI[2009]: User 'admin' added a new cfg line: 'set interfaces ethernet eth1 address 192.168.200.1/24'. Mar 21 23:53:14.346289 osdx OSDxCLI[2009]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 192.168.100.1/24'. Mar 21 23:53:14.478959 osdx OSDxCLI[2009]: User 'admin' added a new cfg line: 'set system conntrack logging events all'. Mar 21 23:53:14.710561 osdx OSDxCLI[2009]: User 'admin' added a new cfg line: 'show working'. Mar 21 23:53:14.862108 osdx ubnt-cfgd[10613]: inactive Mar 21 23:53:14.991965 osdx INFO[10627]: FRR daemons did not change Mar 21 23:53:15.047722 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth1 Mar 21 23:53:15.203671 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Mar 21 23:53:15.420184 osdx ulogd[10793]: registering plugin `NFCT' Mar 21 23:53:15.420694 osdx ulogd[10793]: registering plugin `IP2STR' Mar 21 23:53:15.421240 osdx ulogd[10793]: registering plugin `PRINTFLOW' Mar 21 23:53:15.421585 osdx ulogd[10793]: registering plugin `SYSLOG' Mar 21 23:53:15.421660 osdx ulogd[10793]: building new pluginstance stack: 'ct1:NFCT,ip2str1:IP2STR,print1:PRINTFLOW,sys1:SYSLOG' Mar 21 23:53:15.422214 osdx ulogd[10793]: NFCT plugin working in event mode Mar 21 23:53:15.422287 osdx ulogd[10793]: Changing UID / GID Mar 21 23:53:15.422644 osdx ulogd[10793]: initialization finished, entering main loop Mar 21 23:53:15.423707 osdx systemd[1]: Starting ulogd2.service - Netfilter Userspace Logging Daemon... Mar 21 23:53:15.426828 osdx systemd[1]: Started ulogd2.service - Netfilter Userspace Logging Daemon. Mar 21 23:53:15.434458 osdx cfgd[1680]: [2009]Completed change to active configuration Mar 21 23:53:15.458962 osdx OSDxCLI[2009]: User 'admin' committed the configuration. Mar 21 23:53:15.508728 osdx OSDxCLI[2009]: User 'admin' left the configuration menu. Mar 21 23:53:18.829914 osdx ulogd[10793]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 Mar 21 23:53:18.829949 osdx ulogd[10793]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 Mar 21 23:53:19.035519 osdx ulogd[10793]: [NEW] ORIG: SRC=192.168.200.2 DST=192.168.200.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.200.1 DST=192.168.200.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 Mar 21 23:53:19.035556 osdx ulogd[10793]: [UPDATE] ORIG: SRC=192.168.200.2 DST=192.168.200.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.200.1 DST=192.168.200.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 Mar 21 23:53:19.200106 osdx ulogd[10793]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.200.2 PROTO=TCP SPT=50592 DPT=22 PKTS=0 BYTES=0 , REPLY: SRC=192.168.200.2 DST=192.168.100.2 PROTO=TCP SPT=22 DPT=50592 PKTS=0 BYTES=0 Mar 21 23:53:19.200676 osdx ulogd[10793]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.200.2 PROTO=TCP SPT=50592 DPT=22 PKTS=0 BYTES=0 , REPLY: SRC=192.168.200.2 DST=192.168.100.2 PROTO=TCP SPT=22 DPT=50592 PKTS=0 BYTES=0 Mar 21 23:53:19.201210 osdx ulogd[10793]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.200.2 PROTO=TCP SPT=50592 DPT=22 PKTS=0 BYTES=0 , REPLY: SRC=192.168.200.2 DST=192.168.100.2 PROTO=TCP SPT=22 DPT=50592 PKTS=0 BYTES=0 [OFFLOAD] Mar 21 23:53:19.766109 osdx ulogd[10793]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.200.2 PROTO=TCP SPT=50592 DPT=22 PKTS=0 BYTES=0 , REPLY: SRC=192.168.200.2 DST=192.168.100.2 PROTO=TCP SPT=22 DPT=50592 PKTS=0 BYTES=0 Mar 21 23:53:19.766144 osdx ulogd[10793]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.200.2 PROTO=TCP SPT=50592 DPT=22 PKTS=0 BYTES=0 , REPLY: SRC=192.168.200.2 DST=192.168.100.2 PROTO=TCP SPT=22 DPT=50592 PKTS=0 BYTES=0 [OFFLOAD] Mar 21 23:53:19.772309 osdx ulogd[10793]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.200.2 PROTO=TCP SPT=50592 DPT=22 PKTS=0 BYTES=0 , REPLY: SRC=192.168.200.2 DST=192.168.100.2 PROTO=TCP SPT=22 DPT=50592 PKTS=0 BYTES=0 Mar 21 23:53:19.773293 osdx ulogd[10793]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.200.2 PROTO=TCP SPT=50592 DPT=22 PKTS=0 BYTES=0 , REPLY: SRC=192.168.200.2 DST=192.168.100.2 PROTO=TCP SPT=22 DPT=50592 PKTS=0 BYTES=0 [OFFLOAD]
App detect logging
Description
Set a simple configuration enabling app detection in system conntrack, send a ping command from DUT1
and check app detect field appears when running system journal show. After that, enabling app detection
in system conntrack for http host, try to copy index.html from a http server
and check that the app detect field appears and belongs to the http server when running system journal show.
Scenario
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 192.168.100.1/24 set system conntrack app-detect set system conntrack logging events all set system conntrack timeout icmp 1 set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 2: Set the following configuration in DUT1 :
set interfaces ethernet eth0 address 192.168.100.2/24 set protocols static route 0.0.0.0/0 next-hop 192.168.100.1 set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 3: Ping IP address 192.168.100.1 from DUT1:
admin@DUT1$ ping 192.168.100.1 count 1 size 56 timeout 1Show output
PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data. 64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=1.18 ms --- 192.168.100.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 1.181/1.181/1.181/0.000 ms
Step 4: Ping IP address 192.168.100.1 from DUT1:
admin@DUT1$ ping 192.168.100.1 count 3 size 56 timeout 1Show output
PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data. 64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.621 ms 64 bytes from 192.168.100.1: icmp_seq=2 ttl=64 time=0.305 ms 64 bytes from 192.168.100.1: icmp_seq=3 ttl=64 time=0.345 ms --- 192.168.100.1 ping statistics --- 3 packets transmitted, 3 received, 0% packet loss, time 2002ms rtt min/avg/max/mdev = 0.305/0.423/0.621/0.140 ms
Step 5: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
ulogd\[.*\]:.*\[NEW\].*APPDETECT\[L3:1\]Show output
Mar 21 23:53:27.583780 osdx systemd-journald[1895]: Runtime Journal (/run/log/journal/6cebe234af79438581ed1b67e499c22c) is 2.0M, max 15.3M, 13.2M free. Mar 21 23:53:27.586196 osdx systemd-journald[1895]: Received client request to rotate journal, rotating. Mar 21 23:53:27.586739 osdx systemd-journald[1895]: Vacuuming done, freed 0B of archived journals from /run/log/journal/6cebe234af79438581ed1b67e499c22c. Mar 21 23:53:27.611557 osdx OSDxCLI[2009]: User 'admin' executed a new command: 'system journal clear'. Mar 21 23:53:28.247042 osdx osdx-coredump[11005]: Deleting all coredumps in /opt/vyatta/etc/config/coredump... Mar 21 23:53:28.266424 osdx OSDxCLI[2009]: User 'admin' executed a new command: 'system coredump delete all'. Mar 21 23:53:29.186246 osdx OSDxCLI[2009]: User 'admin' entered the configuration menu. Mar 21 23:53:29.350256 osdx OSDxCLI[2009]: User 'admin' added a new cfg line: 'set system conntrack app-detect'. Mar 21 23:53:29.480850 osdx OSDxCLI[2009]: User 'admin' added a new cfg line: 'set system conntrack timeout icmp 1'. Mar 21 23:53:29.640846 osdx OSDxCLI[2009]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 192.168.100.1/24'. Mar 21 23:53:29.752880 osdx OSDxCLI[2009]: User 'admin' added a new cfg line: 'set system conntrack logging events all'. Mar 21 23:53:29.919017 osdx OSDxCLI[2009]: User 'admin' added a new cfg line: 'show working'. Mar 21 23:53:30.051123 osdx ubnt-cfgd[11029]: inactive Mar 21 23:53:30.210174 osdx INFO[11041]: FRR daemons did not change Mar 21 23:53:30.381927 osdx kernel: app-detect: module init Mar 21 23:53:30.381989 osdx kernel: app-detect: registered: sysctl net.appdetect Mar 21 23:53:30.382007 osdx kernel: app-detect: expression init Mar 21 23:53:30.382019 osdx kernel: app-detect: appid cache initialized Mar 21 23:53:30.382048 osdx kernel: app-detect: appid cache changes counter initialized Mar 21 23:53:30.421999 osdx modulelauncher[11044]: AppDetect: no change in application dictionaries, thus nothing more to do Mar 21 23:53:30.489931 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Mar 21 23:53:30.662794 osdx systemd[1]: Starting ulogd2.service - Netfilter Userspace Logging Daemon... Mar 21 23:53:30.665582 osdx systemd[1]: ulogd2.service: Failed to parse PID from file /run/ulog/ulogd.pid: Invalid argument Mar 21 23:53:30.666682 osdx systemd[1]: Started ulogd2.service - Netfilter Userspace Logging Daemon. Mar 21 23:53:30.667729 osdx ulogd[11155]: registering plugin `NFCT' Mar 21 23:53:30.668455 osdx ulogd[11155]: registering plugin `IP2STR' Mar 21 23:53:30.669599 osdx cfgd[1680]: [2009]Completed change to active configuration Mar 21 23:53:30.670202 osdx ulogd[11155]: registering plugin `PRINTFLOW' Mar 21 23:53:30.670340 osdx ulogd[11155]: registering plugin `SYSLOG' Mar 21 23:53:30.670391 osdx ulogd[11155]: building new pluginstance stack: 'ct1:NFCT,ip2str1:IP2STR,print1:PRINTFLOW,sys1:SYSLOG' Mar 21 23:53:30.670485 osdx ulogd[11155]: NFCT plugin working in event mode Mar 21 23:53:30.670497 osdx ulogd[11155]: Changing UID / GID Mar 21 23:53:30.670614 osdx ulogd[11155]: initialization finished, entering main loop Mar 21 23:53:30.697723 osdx OSDxCLI[2009]: User 'admin' committed the configuration. Mar 21 23:53:30.749559 osdx OSDxCLI[2009]: User 'admin' left the configuration menu. Mar 21 23:53:32.520999 osdx ulogd[11155]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Mar 21 23:53:32.521045 osdx ulogd[11155]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Mar 21 23:53:32.727284 osdx ulogd[11155]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Mar 21 23:53:32.727599 osdx ulogd[11155]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Mar 21 23:53:33.727661 osdx ulogd[11155]: [DESTROY] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 APPDETECT[L3:1] Mar 21 23:53:33.727709 osdx ulogd[11155]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Mar 21 23:53:33.727735 osdx ulogd[11155]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Mar 21 23:53:34.728701 osdx ulogd[11155]: [DESTROY] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 APPDETECT[L3:1] Mar 21 23:53:34.728732 osdx ulogd[11155]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Mar 21 23:53:34.728750 osdx ulogd[11155]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1]
Step 6: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
ulogd\[.*\]:.*\[UPDATE\].*APPDETECT\[L3:1\]Show output
Mar 21 23:53:27.583780 osdx systemd-journald[1895]: Runtime Journal (/run/log/journal/6cebe234af79438581ed1b67e499c22c) is 2.0M, max 15.3M, 13.2M free. Mar 21 23:53:27.586196 osdx systemd-journald[1895]: Received client request to rotate journal, rotating. Mar 21 23:53:27.586739 osdx systemd-journald[1895]: Vacuuming done, freed 0B of archived journals from /run/log/journal/6cebe234af79438581ed1b67e499c22c. Mar 21 23:53:27.611557 osdx OSDxCLI[2009]: User 'admin' executed a new command: 'system journal clear'. Mar 21 23:53:28.247042 osdx osdx-coredump[11005]: Deleting all coredumps in /opt/vyatta/etc/config/coredump... Mar 21 23:53:28.266424 osdx OSDxCLI[2009]: User 'admin' executed a new command: 'system coredump delete all'. Mar 21 23:53:29.186246 osdx OSDxCLI[2009]: User 'admin' entered the configuration menu. Mar 21 23:53:29.350256 osdx OSDxCLI[2009]: User 'admin' added a new cfg line: 'set system conntrack app-detect'. Mar 21 23:53:29.480850 osdx OSDxCLI[2009]: User 'admin' added a new cfg line: 'set system conntrack timeout icmp 1'. Mar 21 23:53:29.640846 osdx OSDxCLI[2009]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 192.168.100.1/24'. Mar 21 23:53:29.752880 osdx OSDxCLI[2009]: User 'admin' added a new cfg line: 'set system conntrack logging events all'. Mar 21 23:53:29.919017 osdx OSDxCLI[2009]: User 'admin' added a new cfg line: 'show working'. Mar 21 23:53:30.051123 osdx ubnt-cfgd[11029]: inactive Mar 21 23:53:30.210174 osdx INFO[11041]: FRR daemons did not change Mar 21 23:53:30.381927 osdx kernel: app-detect: module init Mar 21 23:53:30.381989 osdx kernel: app-detect: registered: sysctl net.appdetect Mar 21 23:53:30.382007 osdx kernel: app-detect: expression init Mar 21 23:53:30.382019 osdx kernel: app-detect: appid cache initialized Mar 21 23:53:30.382048 osdx kernel: app-detect: appid cache changes counter initialized Mar 21 23:53:30.421999 osdx modulelauncher[11044]: AppDetect: no change in application dictionaries, thus nothing more to do Mar 21 23:53:30.489931 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Mar 21 23:53:30.662794 osdx systemd[1]: Starting ulogd2.service - Netfilter Userspace Logging Daemon... Mar 21 23:53:30.665582 osdx systemd[1]: ulogd2.service: Failed to parse PID from file /run/ulog/ulogd.pid: Invalid argument Mar 21 23:53:30.666682 osdx systemd[1]: Started ulogd2.service - Netfilter Userspace Logging Daemon. Mar 21 23:53:30.667729 osdx ulogd[11155]: registering plugin `NFCT' Mar 21 23:53:30.668455 osdx ulogd[11155]: registering plugin `IP2STR' Mar 21 23:53:30.669599 osdx cfgd[1680]: [2009]Completed change to active configuration Mar 21 23:53:30.670202 osdx ulogd[11155]: registering plugin `PRINTFLOW' Mar 21 23:53:30.670340 osdx ulogd[11155]: registering plugin `SYSLOG' Mar 21 23:53:30.670391 osdx ulogd[11155]: building new pluginstance stack: 'ct1:NFCT,ip2str1:IP2STR,print1:PRINTFLOW,sys1:SYSLOG' Mar 21 23:53:30.670485 osdx ulogd[11155]: NFCT plugin working in event mode Mar 21 23:53:30.670497 osdx ulogd[11155]: Changing UID / GID Mar 21 23:53:30.670614 osdx ulogd[11155]: initialization finished, entering main loop Mar 21 23:53:30.697723 osdx OSDxCLI[2009]: User 'admin' committed the configuration. Mar 21 23:53:30.749559 osdx OSDxCLI[2009]: User 'admin' left the configuration menu. Mar 21 23:53:32.520999 osdx ulogd[11155]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Mar 21 23:53:32.521045 osdx ulogd[11155]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Mar 21 23:53:32.727284 osdx ulogd[11155]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Mar 21 23:53:32.727599 osdx ulogd[11155]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Mar 21 23:53:33.727661 osdx ulogd[11155]: [DESTROY] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 APPDETECT[L3:1] Mar 21 23:53:33.727709 osdx ulogd[11155]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Mar 21 23:53:33.727735 osdx ulogd[11155]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Mar 21 23:53:34.728701 osdx ulogd[11155]: [DESTROY] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 APPDETECT[L3:1] Mar 21 23:53:34.728732 osdx ulogd[11155]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Mar 21 23:53:34.728750 osdx ulogd[11155]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Mar 21 23:53:34.914914 osdx OSDxCLI[2009]: User 'admin' executed a new command: 'system journal show | cat'.
Step 7: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
ulogd\[.*\]:.*\[DESTROY\].*APPDETECT\[L3:1\]Show output
Mar 21 23:53:27.583780 osdx systemd-journald[1895]: Runtime Journal (/run/log/journal/6cebe234af79438581ed1b67e499c22c) is 2.0M, max 15.3M, 13.2M free. Mar 21 23:53:27.586196 osdx systemd-journald[1895]: Received client request to rotate journal, rotating. Mar 21 23:53:27.586739 osdx systemd-journald[1895]: Vacuuming done, freed 0B of archived journals from /run/log/journal/6cebe234af79438581ed1b67e499c22c. Mar 21 23:53:27.611557 osdx OSDxCLI[2009]: User 'admin' executed a new command: 'system journal clear'. Mar 21 23:53:28.247042 osdx osdx-coredump[11005]: Deleting all coredumps in /opt/vyatta/etc/config/coredump... Mar 21 23:53:28.266424 osdx OSDxCLI[2009]: User 'admin' executed a new command: 'system coredump delete all'. Mar 21 23:53:29.186246 osdx OSDxCLI[2009]: User 'admin' entered the configuration menu. Mar 21 23:53:29.350256 osdx OSDxCLI[2009]: User 'admin' added a new cfg line: 'set system conntrack app-detect'. Mar 21 23:53:29.480850 osdx OSDxCLI[2009]: User 'admin' added a new cfg line: 'set system conntrack timeout icmp 1'. Mar 21 23:53:29.640846 osdx OSDxCLI[2009]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 192.168.100.1/24'. Mar 21 23:53:29.752880 osdx OSDxCLI[2009]: User 'admin' added a new cfg line: 'set system conntrack logging events all'. Mar 21 23:53:29.919017 osdx OSDxCLI[2009]: User 'admin' added a new cfg line: 'show working'. Mar 21 23:53:30.051123 osdx ubnt-cfgd[11029]: inactive Mar 21 23:53:30.210174 osdx INFO[11041]: FRR daemons did not change Mar 21 23:53:30.381927 osdx kernel: app-detect: module init Mar 21 23:53:30.381989 osdx kernel: app-detect: registered: sysctl net.appdetect Mar 21 23:53:30.382007 osdx kernel: app-detect: expression init Mar 21 23:53:30.382019 osdx kernel: app-detect: appid cache initialized Mar 21 23:53:30.382048 osdx kernel: app-detect: appid cache changes counter initialized Mar 21 23:53:30.421999 osdx modulelauncher[11044]: AppDetect: no change in application dictionaries, thus nothing more to do Mar 21 23:53:30.489931 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Mar 21 23:53:30.662794 osdx systemd[1]: Starting ulogd2.service - Netfilter Userspace Logging Daemon... Mar 21 23:53:30.665582 osdx systemd[1]: ulogd2.service: Failed to parse PID from file /run/ulog/ulogd.pid: Invalid argument Mar 21 23:53:30.666682 osdx systemd[1]: Started ulogd2.service - Netfilter Userspace Logging Daemon. Mar 21 23:53:30.667729 osdx ulogd[11155]: registering plugin `NFCT' Mar 21 23:53:30.668455 osdx ulogd[11155]: registering plugin `IP2STR' Mar 21 23:53:30.669599 osdx cfgd[1680]: [2009]Completed change to active configuration Mar 21 23:53:30.670202 osdx ulogd[11155]: registering plugin `PRINTFLOW' Mar 21 23:53:30.670340 osdx ulogd[11155]: registering plugin `SYSLOG' Mar 21 23:53:30.670391 osdx ulogd[11155]: building new pluginstance stack: 'ct1:NFCT,ip2str1:IP2STR,print1:PRINTFLOW,sys1:SYSLOG' Mar 21 23:53:30.670485 osdx ulogd[11155]: NFCT plugin working in event mode Mar 21 23:53:30.670497 osdx ulogd[11155]: Changing UID / GID Mar 21 23:53:30.670614 osdx ulogd[11155]: initialization finished, entering main loop Mar 21 23:53:30.697723 osdx OSDxCLI[2009]: User 'admin' committed the configuration. Mar 21 23:53:30.749559 osdx OSDxCLI[2009]: User 'admin' left the configuration menu. Mar 21 23:53:32.520999 osdx ulogd[11155]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Mar 21 23:53:32.521045 osdx ulogd[11155]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Mar 21 23:53:32.727284 osdx ulogd[11155]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Mar 21 23:53:32.727599 osdx ulogd[11155]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Mar 21 23:53:33.727661 osdx ulogd[11155]: [DESTROY] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 APPDETECT[L3:1] Mar 21 23:53:33.727709 osdx ulogd[11155]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Mar 21 23:53:33.727735 osdx ulogd[11155]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Mar 21 23:53:34.728701 osdx ulogd[11155]: [DESTROY] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 APPDETECT[L3:1] Mar 21 23:53:34.728732 osdx ulogd[11155]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Mar 21 23:53:34.728750 osdx ulogd[11155]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Mar 21 23:53:34.914914 osdx OSDxCLI[2009]: User 'admin' executed a new command: 'system journal show | cat'. Mar 21 23:53:35.122378 osdx OSDxCLI[2009]: User 'admin' executed a new command: 'system journal show | cat'.
Step 8: Modify the following configuration lines in DUT0 :
set interfaces ethernet eth1 address 10.215.168.64/24 set system conntrack app-detect http-host
Step 9: Ping IP address 10.215.168.1 from DUT0:
admin@DUT0$ ping 10.215.168.1 count 1 size 56 timeout 1Show output
PING 10.215.168.1 (10.215.168.1) 56(84) bytes of data. 64 bytes from 10.215.168.1: icmp_seq=1 ttl=64 time=0.569 ms --- 10.215.168.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.569/0.569/0.569/0.000 ms
Step 10: Run command file copy http://10.215.168.1/~robot/ running://index.html at DUT0 and expect this output:
Show output
% Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 100 4352 0 4352 0 0 1096k 0 --:--:-- --:--:-- --:--:-- 1416k
Step 11: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
ulogd\[.*\]:.*\[((NEW)|(UPDATE)|(DESTROY))\].*APPDETECT\[L4:80 http-host:10.215.168.1\]Show output
Mar 21 23:53:27.583780 osdx systemd-journald[1895]: Runtime Journal (/run/log/journal/6cebe234af79438581ed1b67e499c22c) is 2.0M, max 15.3M, 13.2M free. Mar 21 23:53:27.586196 osdx systemd-journald[1895]: Received client request to rotate journal, rotating. Mar 21 23:53:27.586739 osdx systemd-journald[1895]: Vacuuming done, freed 0B of archived journals from /run/log/journal/6cebe234af79438581ed1b67e499c22c. Mar 21 23:53:27.611557 osdx OSDxCLI[2009]: User 'admin' executed a new command: 'system journal clear'. Mar 21 23:53:28.247042 osdx osdx-coredump[11005]: Deleting all coredumps in /opt/vyatta/etc/config/coredump... Mar 21 23:53:28.266424 osdx OSDxCLI[2009]: User 'admin' executed a new command: 'system coredump delete all'. Mar 21 23:53:29.186246 osdx OSDxCLI[2009]: User 'admin' entered the configuration menu. Mar 21 23:53:29.350256 osdx OSDxCLI[2009]: User 'admin' added a new cfg line: 'set system conntrack app-detect'. Mar 21 23:53:29.480850 osdx OSDxCLI[2009]: User 'admin' added a new cfg line: 'set system conntrack timeout icmp 1'. Mar 21 23:53:29.640846 osdx OSDxCLI[2009]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 192.168.100.1/24'. Mar 21 23:53:29.752880 osdx OSDxCLI[2009]: User 'admin' added a new cfg line: 'set system conntrack logging events all'. Mar 21 23:53:29.919017 osdx OSDxCLI[2009]: User 'admin' added a new cfg line: 'show working'. Mar 21 23:53:30.051123 osdx ubnt-cfgd[11029]: inactive Mar 21 23:53:30.210174 osdx INFO[11041]: FRR daemons did not change Mar 21 23:53:30.381927 osdx kernel: app-detect: module init Mar 21 23:53:30.381989 osdx kernel: app-detect: registered: sysctl net.appdetect Mar 21 23:53:30.382007 osdx kernel: app-detect: expression init Mar 21 23:53:30.382019 osdx kernel: app-detect: appid cache initialized Mar 21 23:53:30.382048 osdx kernel: app-detect: appid cache changes counter initialized Mar 21 23:53:30.421999 osdx modulelauncher[11044]: AppDetect: no change in application dictionaries, thus nothing more to do Mar 21 23:53:30.489931 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Mar 21 23:53:30.662794 osdx systemd[1]: Starting ulogd2.service - Netfilter Userspace Logging Daemon... Mar 21 23:53:30.665582 osdx systemd[1]: ulogd2.service: Failed to parse PID from file /run/ulog/ulogd.pid: Invalid argument Mar 21 23:53:30.666682 osdx systemd[1]: Started ulogd2.service - Netfilter Userspace Logging Daemon. Mar 21 23:53:30.667729 osdx ulogd[11155]: registering plugin `NFCT' Mar 21 23:53:30.668455 osdx ulogd[11155]: registering plugin `IP2STR' Mar 21 23:53:30.669599 osdx cfgd[1680]: [2009]Completed change to active configuration Mar 21 23:53:30.670202 osdx ulogd[11155]: registering plugin `PRINTFLOW' Mar 21 23:53:30.670340 osdx ulogd[11155]: registering plugin `SYSLOG' Mar 21 23:53:30.670391 osdx ulogd[11155]: building new pluginstance stack: 'ct1:NFCT,ip2str1:IP2STR,print1:PRINTFLOW,sys1:SYSLOG' Mar 21 23:53:30.670485 osdx ulogd[11155]: NFCT plugin working in event mode Mar 21 23:53:30.670497 osdx ulogd[11155]: Changing UID / GID Mar 21 23:53:30.670614 osdx ulogd[11155]: initialization finished, entering main loop Mar 21 23:53:30.697723 osdx OSDxCLI[2009]: User 'admin' committed the configuration. Mar 21 23:53:30.749559 osdx OSDxCLI[2009]: User 'admin' left the configuration menu. Mar 21 23:53:32.520999 osdx ulogd[11155]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Mar 21 23:53:32.521045 osdx ulogd[11155]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Mar 21 23:53:32.727284 osdx ulogd[11155]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Mar 21 23:53:32.727599 osdx ulogd[11155]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Mar 21 23:53:33.727661 osdx ulogd[11155]: [DESTROY] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 APPDETECT[L3:1] Mar 21 23:53:33.727709 osdx ulogd[11155]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Mar 21 23:53:33.727735 osdx ulogd[11155]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Mar 21 23:53:34.728701 osdx ulogd[11155]: [DESTROY] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 APPDETECT[L3:1] Mar 21 23:53:34.728732 osdx ulogd[11155]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Mar 21 23:53:34.728750 osdx ulogd[11155]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Mar 21 23:53:34.914914 osdx OSDxCLI[2009]: User 'admin' executed a new command: 'system journal show | cat'. Mar 21 23:53:35.122378 osdx OSDxCLI[2009]: User 'admin' executed a new command: 'system journal show | cat'. Mar 21 23:53:35.354408 osdx OSDxCLI[2009]: User 'admin' executed a new command: 'system journal show | cat'. Mar 21 23:53:35.645462 osdx OSDxCLI[2009]: User 'admin' entered the configuration menu. Mar 21 23:53:35.808688 osdx OSDxCLI[2009]: User 'admin' added a new cfg line: 'set interfaces ethernet eth1 address 10.215.168.64/24'. Mar 21 23:53:35.910415 osdx OSDxCLI[2009]: User 'admin' added a new cfg line: 'set system conntrack app-detect http-host'. Mar 21 23:53:36.041793 osdx OSDxCLI[2009]: User 'admin' added a new cfg line: 'show changes'. Mar 21 23:53:36.160946 osdx ubnt-cfgd[11206]: inactive Mar 21 23:53:36.263914 osdx INFO[11218]: FRR daemons did not change Mar 21 23:53:36.313983 osdx kernel: app-detect: expression destroy Mar 21 23:53:36.329931 osdx kernel: app-detect: expression init Mar 21 23:53:36.329998 osdx kernel: app-detect: appid cache initialized Mar 21 23:53:36.330021 osdx kernel: app-detect: appid cache changes counter initialized Mar 21 23:53:36.335045 osdx modulelauncher[11221]: AppDetect: no change in application dictionaries, thus nothing more to do Mar 21 23:53:36.365932 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth1 Mar 21 23:53:36.454828 osdx cfgd[1680]: [2009]Completed change to active configuration Mar 21 23:53:36.475857 osdx ulogd[11155]: [DESTROY] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 APPDETECT[L3:1] Mar 21 23:53:36.475879 osdx ulogd[11155]: [DESTROY] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 APPDETECT[L3:1] Mar 21 23:53:36.477002 osdx OSDxCLI[2009]: User 'admin' committed the configuration. Mar 21 23:53:36.527642 osdx OSDxCLI[2009]: User 'admin' left the configuration menu. Mar 21 23:53:36.754087 osdx ulogd[11155]: [NEW] ORIG: SRC=10.215.168.64 DST=10.215.168.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=10.215.168.1 DST=10.215.168.64 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Mar 21 23:53:36.754612 osdx ulogd[11155]: [UPDATE] ORIG: SRC=10.215.168.64 DST=10.215.168.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=10.215.168.1 DST=10.215.168.64 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Mar 21 23:53:36.766017 osdx OSDxCLI[2009]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'. Mar 21 23:53:37.021361 osdx file_operation[11348]: using src url: http://10.215.168.1/~robot/ dst url: running://index.html Mar 21 23:53:37.025414 osdx ulogd[11155]: [NEW] ORIG: SRC=10.215.168.64 DST=10.215.168.1 PROTO=TCP SPT=54688 DPT=80 PKTS=0 BYTES=0 , REPLY: SRC=10.215.168.1 DST=10.215.168.64 PROTO=TCP SPT=80 DPT=54688 PKTS=0 BYTES=0 APPDETECT[L4:80] Mar 21 23:53:37.025771 osdx ulogd[11155]: [UPDATE] ORIG: SRC=10.215.168.64 DST=10.215.168.1 PROTO=TCP SPT=54688 DPT=80 PKTS=0 BYTES=0 , REPLY: SRC=10.215.168.1 DST=10.215.168.64 PROTO=TCP SPT=80 DPT=54688 PKTS=0 BYTES=0 APPDETECT[L4:80] Mar 21 23:53:37.025800 osdx ulogd[11155]: [UPDATE] ORIG: SRC=10.215.168.64 DST=10.215.168.1 PROTO=TCP SPT=54688 DPT=80 PKTS=0 BYTES=0 , REPLY: SRC=10.215.168.1 DST=10.215.168.64 PROTO=TCP SPT=80 DPT=54688 PKTS=0 BYTES=0 APPDETECT[L4:80] Mar 21 23:53:37.026387 osdx ulogd[11155]: [UPDATE] ORIG: SRC=10.215.168.64 DST=10.215.168.1 PROTO=TCP SPT=54688 DPT=80 PKTS=0 BYTES=0 , REPLY: SRC=10.215.168.1 DST=10.215.168.64 PROTO=TCP SPT=80 DPT=54688 PKTS=0 BYTES=0 APPDETECT[L4:80 http-host:10.215.168.1] Mar 21 23:53:37.026621 osdx ulogd[11155]: [UPDATE] ORIG: SRC=10.215.168.64 DST=10.215.168.1 PROTO=TCP SPT=54688 DPT=80 PKTS=0 BYTES=0 , REPLY: SRC=10.215.168.1 DST=10.215.168.64 PROTO=TCP SPT=80 DPT=54688 PKTS=0 BYTES=0 APPDETECT[L4:80 http-host:10.215.168.1] Mar 21 23:53:37.026648 osdx ulogd[11155]: [UPDATE] ORIG: SRC=10.215.168.64 DST=10.215.168.1 PROTO=TCP SPT=54688 DPT=80 PKTS=0 BYTES=0 , REPLY: SRC=10.215.168.1 DST=10.215.168.64 PROTO=TCP SPT=80 DPT=54688 PKTS=0 BYTES=0 APPDETECT[L4:80 http-host:10.215.168.1] Mar 21 23:53:37.059865 osdx OSDxCLI[2009]: User 'admin' executed a new command: 'file copy http://10.215.168.1/~robot/ running://index.html'.
App Detect Drop Packet
Description
Set a traffic policy with action drop for all the packets matching an appid specified by a traffic selector.
Enable http-host and http-url option in system conntrack appdetect path in order to see relevant information about http packets.
Finnally, log that packets with app-id option and check that appdetect field appear in journal when
running system journal show
Scenario
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth1 address 10.215.168.64/24 set interfaces ethernet eth1 traffic policy out DROP set system conntrack app-detect dictionary 130 custom app-id 155 fqdn 10.215.168.1 set system conntrack app-detect enable_dict_match_priv_ip set system conntrack app-detect http-host set system conntrack app-detect http-url set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0' set traffic policy DROP rule 1 action drop set traffic policy DROP rule 1 log app-id set traffic policy DROP rule 1 selector APPID set traffic selector APPID rule 1 app-id custom 155
Step 2: Ping IP address 10.215.168.1 from DUT0:
admin@DUT0$ ping 10.215.168.1 count 1 size 56 timeout 1Show output
PING 10.215.168.1 (10.215.168.1) 56(84) bytes of data. 64 bytes from 10.215.168.1: icmp_seq=1 ttl=64 time=1.80 ms --- 10.215.168.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 1.795/1.795/1.795/0.000 ms
Step 3: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
osdx kernel:.*APPDETECT\[U:155 http-url:/~robot/ http-host:10.215.168.1\]Show output
Mar 21 23:53:46.510260 osdx systemd-journald[1895]: Runtime Journal (/run/log/journal/6cebe234af79438581ed1b67e499c22c) is 2.0M, max 15.3M, 13.3M free. Mar 21 23:53:46.513247 osdx systemd-journald[1895]: Received client request to rotate journal, rotating. Mar 21 23:53:46.513316 osdx systemd-journald[1895]: Vacuuming done, freed 0B of archived journals from /run/log/journal/6cebe234af79438581ed1b67e499c22c. Mar 21 23:53:46.526368 osdx OSDxCLI[2009]: User 'admin' executed a new command: 'system journal clear'. Mar 21 23:53:47.265260 osdx osdx-coredump[11559]: Deleting all coredumps in /opt/vyatta/etc/config/coredump... Mar 21 23:53:47.282083 osdx OSDxCLI[2009]: User 'admin' executed a new command: 'system coredump delete all'. Mar 21 23:53:48.244567 osdx OSDxCLI[2009]: User 'admin' entered the configuration menu. Mar 21 23:53:48.398956 osdx OSDxCLI[2009]: User 'admin' added a new cfg line: 'set system conntrack app-detect dictionary 130 custom app-id 155 fqdn 10.215.168.1'. Mar 21 23:53:48.559760 osdx OSDxCLI[2009]: User 'admin' added a new cfg line: 'set system conntrack app-detect enable_dict_match_priv_ip'. Mar 21 23:53:48.749803 osdx OSDxCLI[2009]: User 'admin' added a new cfg line: 'set system conntrack app-detect http-url'. Mar 21 23:53:48.880614 osdx OSDxCLI[2009]: User 'admin' added a new cfg line: 'set traffic selector APPID rule 1 app-id custom 155'. Mar 21 23:53:49.023940 osdx OSDxCLI[2009]: User 'admin' added a new cfg line: 'set traffic policy DROP rule 1 selector APPID'. Mar 21 23:53:49.157654 osdx OSDxCLI[2009]: User 'admin' added a new cfg line: 'set traffic policy DROP rule 1 action drop'. Mar 21 23:53:49.269322 osdx OSDxCLI[2009]: User 'admin' added a new cfg line: 'set traffic policy DROP rule 1 log app-id'. Mar 21 23:53:49.445770 osdx OSDxCLI[2009]: User 'admin' added a new cfg line: 'set interfaces ethernet eth1 traffic policy out DROP'. Mar 21 23:53:49.592982 osdx OSDxCLI[2009]: User 'admin' added a new cfg line: 'set interfaces ethernet eth1 address 10.215.168.64/24'. Mar 21 23:53:49.750056 osdx OSDxCLI[2009]: User 'admin' added a new cfg line: 'set system conntrack app-detect http-host'. Mar 21 23:53:49.955684 osdx OSDxCLI[2009]: User 'admin' added a new cfg line: 'show working'. Mar 21 23:53:50.096657 osdx ubnt-cfgd[11589]: inactive Mar 21 23:53:50.263517 osdx INFO[11615]: FRR daemons did not change Mar 21 23:53:50.437855 osdx kernel: app-detect: module init Mar 21 23:53:50.437937 osdx kernel: app-detect: registered: sysctl net.appdetect Mar 21 23:53:50.448689 osdx kernel: app-detect: expression init Mar 21 23:53:50.448747 osdx kernel: app-detect: appid cache initialized Mar 21 23:53:50.448777 osdx kernel: app-detect: appid cache changes counter initialized Mar 21 23:53:50.565237 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth1 Mar 21 23:53:51.235233 osdx cfgd[1680]: [2009]Completed change to active configuration Mar 21 23:53:51.255342 osdx OSDxCLI[2009]: User 'admin' committed the configuration. Mar 21 23:53:51.289094 osdx OSDxCLI[2009]: User 'admin' left the configuration menu. Mar 21 23:53:51.577420 osdx OSDxCLI[2009]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'. Mar 21 23:53:51.885605 osdx file_operation[11789]: using src url: http://10.215.168.1/~robot/ dst url: running://index.html Mar 21 23:53:51.893280 osdx kernel: [DROP-1] DROP IN= OUT=eth1 SRC=10.215.168.64 DST=10.215.168.1 LEN=306 TOS=0x00 PREC=0x00 TTL=64 ID=38338 DF PROTO=TCP SPT=45110 DPT=80 WINDOW=502 RES=0x00 ACK PSH URGP=0 APPDETECT[U:155 http-url:/~robot/ http-host:10.215.168.1] Mar 21 23:53:52.097244 osdx kernel: [DROP-1] DROP IN= OUT=eth1 SRC=10.215.168.64 DST=10.215.168.1 LEN=306 TOS=0x00 PREC=0x00 TTL=64 ID=38339 DF PROTO=TCP SPT=45110 DPT=80 WINDOW=502 RES=0x00 ACK PSH URGP=0 APPDETECT[U:155 http-url:/~robot/ http-host:10.215.168.1] Mar 21 23:53:52.525382 osdx kernel: [DROP-1] DROP IN= OUT=eth1 SRC=10.215.168.64 DST=10.215.168.1 LEN=306 TOS=0x00 PREC=0x00 TTL=64 ID=38340 DF PROTO=TCP SPT=45110 DPT=80 WINDOW=502 RES=0x00 ACK PSH URGP=0 APPDETECT[U:155 http-url:/~robot/ http-host:10.215.168.1] Mar 21 23:53:53.357311 osdx kernel: [DROP-1] DROP IN= OUT=eth1 SRC=10.215.168.64 DST=10.215.168.1 LEN=306 TOS=0x00 PREC=0x00 TTL=64 ID=38341 DF PROTO=TCP SPT=45110 DPT=80 WINDOW=502 RES=0x00 ACK PSH URGP=0 APPDETECT[U:155 http-url:/~robot/ http-host:10.215.168.1] Mar 21 23:53:54.793229 osdx file_operation.py[11789]: Operation aborted by user. Mar 21 23:53:54.813559 osdx kernel: [DROP-1] DROP IN= OUT=eth1 SRC=10.215.168.64 DST=10.215.168.1 LEN=306 TOS=0x00 PREC=0x00 TTL=64 ID=38342 DF PROTO=TCP SPT=45110 DPT=80 WINDOW=502 RES=0x00 ACK PSH FIN URGP=0 APPDETECT[U:155 http-url:/~robot/ http-host:10.215.168.1] Mar 21 23:53:54.828094 osdx OSDxCLI[2009]: User 'admin' executed a new command: 'file copy http://10.215.168.1/~robot/ running://index.html'. Mar 21 23:53:54.997236 osdx kernel: [DROP-1] DROP IN= OUT=eth1 SRC=10.215.168.64 DST=10.215.168.1 LEN=306 TOS=0x00 PREC=0x00 TTL=64 ID=38343 DF PROTO=TCP SPT=45110 DPT=80 WINDOW=502 RES=0x00 ACK PSH FIN URGP=0 APPDETECT[U:155 http-url:/~robot/ http-host:10.215.168.1]