Logging
The following scenarios show how to configure the conntrack logging option with different traffic policies and services enabled, in order to check that all fields are displayed correctly and all events are captured.
New events
Description
Check NEW sessions events are captured
Scenario
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 192.168.100.1/24 set system conntrack logging events new set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 2: Set the following configuration in DUT1 :
set interfaces ethernet eth0 address 192.168.100.2/24 set protocols static route 0.0.0.0/0 next-hop 192.168.100.1 set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 3: Ping IP address 192.168.100.1 from DUT1:
admin@DUT1$ ping 192.168.100.1 count 1 size 56 timeout 1Show output
PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data. 64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.446 ms --- 192.168.100.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.446/0.446/0.446/0.000 ms
Step 4: Ping IP address 192.168.100.1 from DUT1:
admin@DUT1$ ping 192.168.100.1 count 1 size 56 timeout 1Show output
PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data. 64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.331 ms --- 192.168.100.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.331/0.331/0.331/0.000 ms
Step 5: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
ulogd\[.*\]:.*\[NEW\].*SRC=192.168.100.2Show output
Jun 02 08:46:05.316963 osdx systemd-journald[1972]: Runtime Journal (/run/log/journal/a0363f0a73514b24b35c4ba7ae73dc6e) is 1.9M, max 13.8M, 11.8M free. Jun 02 08:46:05.318253 osdx systemd-journald[1972]: Received client request to rotate journal, rotating. Jun 02 08:46:05.318310 osdx systemd-journald[1972]: Vacuuming done, freed 0B of archived journals from /run/log/journal/a0363f0a73514b24b35c4ba7ae73dc6e. Jun 02 08:46:05.321086 osdx sudo[118971]: pam_limits(sudo:session): invalid line '@200:215 hard maxlogins ' - skipped Jun 02 08:46:05.327666 osdx OSDxCLI[68589]: User 'admin' executed a new command: 'system journal clear'. Jun 02 08:46:05.574716 osdx OSDxCLI[68589]: User 'admin' executed a new command: 'system coredump delete all'. Jun 02 08:46:05.801066 osdx OSDxCLI[68589]: User 'admin' entered the configuration menu. Jun 02 08:46:05.885809 osdx OSDxCLI[68589]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 192.168.100.1/24'. Jun 02 08:46:05.959990 osdx OSDxCLI[68589]: User 'admin' added a new cfg line: 'set system conntrack logging events new'. Jun 02 08:46:06.073563 osdx OSDxCLI[68589]: User 'admin' added a new cfg line: 'show working'. Jun 02 08:46:06.136723 osdx ubnt-cfgd[118998]: inactive Jun 02 08:46:06.159244 osdx INFO[119006]: FRR daemons did not change Jun 02 08:46:06.198286 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Jun 02 08:46:06.259558 osdx sudo[119096]: pam_limits(sudo:session): invalid line '@200:215 hard maxlogins ' - skipped Jun 02 08:46:06.302584 osdx systemd[1]: Starting ulogd2.service - Netfilter Userspace Logging Daemon... Jun 02 08:46:06.306019 osdx systemd[1]: ulogd2.service: Failed to parse PID from file /run/ulog/ulogd.pid: Invalid argument Jun 02 08:46:06.308916 osdx ulogd[119099]: registering plugin `NFCT' Jun 02 08:46:06.309962 osdx ulogd[119099]: registering plugin `IP2STR' Jun 02 08:46:06.310064 osdx ulogd[119099]: registering plugin `PRINTFLOW' Jun 02 08:46:06.311148 osdx ulogd[119099]: registering plugin `SYSLOG' Jun 02 08:46:06.311196 osdx ulogd[119099]: building new pluginstance stack: 'ct1:NFCT,ip2str1:IP2STR,print1:PRINTFLOW,sys1:SYSLOG' Jun 02 08:46:06.311267 osdx ulogd[119099]: NFCT plugin working in event mode Jun 02 08:46:06.311301 osdx ulogd[119099]: Changing UID / GID Jun 02 08:46:06.311410 osdx ulogd[119099]: initialization finished, entering main loop Jun 02 08:46:06.326343 osdx systemd[1]: Started ulogd2.service - Netfilter Userspace Logging Daemon. Jun 02 08:46:06.327646 osdx cfgd[1665]: [68589]Completed change to active configuration Jun 02 08:46:06.339249 osdx OSDxCLI[68589]: User 'admin' committed the configuration. Jun 02 08:46:06.364274 osdx OSDxCLI[68589]: User 'admin' left the configuration menu. Jun 02 08:46:07.338010 osdx ulogd[119099]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 Jun 02 08:46:07.427097 osdx ulogd[119099]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0
Update events
Description
Check UPDATE sessions events are captured
Scenario
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 192.168.100.1/24 set system conntrack logging events update set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 2: Set the following configuration in DUT1 :
set interfaces ethernet eth0 address 192.168.100.2/24 set protocols static route 0.0.0.0/0 next-hop 192.168.100.1 set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 3: Ping IP address 192.168.100.1 from DUT1:
admin@DUT1$ ping 192.168.100.1 count 1 size 56 timeout 1Show output
PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data. 64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.364 ms --- 192.168.100.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.364/0.364/0.364/0.000 ms
Step 4: Ping IP address 192.168.100.1 from DUT1:
admin@DUT1$ ping 192.168.100.1 count 1 size 56 timeout 1Show output
PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data. 64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.247 ms --- 192.168.100.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.247/0.247/0.247/0.000 ms
Step 5: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
ulogd\[.*\]:.*\[UPDATE\].*SRC=192.168.100.2Show output
Jun 02 08:46:12.316651 osdx systemd-journald[1972]: Runtime Journal (/run/log/journal/a0363f0a73514b24b35c4ba7ae73dc6e) is 1.9M, max 13.8M, 11.8M free. Jun 02 08:46:12.320018 osdx systemd-journald[1972]: Received client request to rotate journal, rotating. Jun 02 08:46:12.320065 osdx systemd-journald[1972]: Vacuuming done, freed 0B of archived journals from /run/log/journal/a0363f0a73514b24b35c4ba7ae73dc6e. Jun 02 08:46:12.321584 osdx sudo[119255]: pam_limits(sudo:session): invalid line '@200:215 hard maxlogins ' - skipped Jun 02 08:46:12.327345 osdx OSDxCLI[68589]: User 'admin' executed a new command: 'system journal clear'. Jun 02 08:46:12.535144 osdx OSDxCLI[68589]: User 'admin' executed a new command: 'system coredump delete all'. Jun 02 08:46:12.774614 osdx OSDxCLI[68589]: User 'admin' entered the configuration menu. Jun 02 08:46:12.857601 osdx OSDxCLI[68589]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 192.168.100.1/24'. Jun 02 08:46:12.933104 osdx OSDxCLI[68589]: User 'admin' added a new cfg line: 'set system conntrack logging events update'. Jun 02 08:46:12.998798 osdx OSDxCLI[68589]: User 'admin' added a new cfg line: 'show working'. Jun 02 08:46:13.097699 osdx ubnt-cfgd[119282]: inactive Jun 02 08:46:13.116825 osdx INFO[119290]: FRR daemons did not change Jun 02 08:46:13.148021 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Jun 02 08:46:13.203267 osdx sudo[119380]: pam_limits(sudo:session): invalid line '@200:215 hard maxlogins ' - skipped Jun 02 08:46:13.224270 osdx systemd[1]: Starting ulogd2.service - Netfilter Userspace Logging Daemon... Jun 02 08:46:13.224943 osdx systemd[1]: ulogd2.service: Failed to parse PID from file /run/ulog/ulogd.pid: Invalid argument Jun 02 08:46:13.228061 osdx systemd[1]: Started ulogd2.service - Netfilter Userspace Logging Daemon. Jun 02 08:46:13.228337 osdx ulogd[119383]: registering plugin `NFCT' Jun 02 08:46:13.228864 osdx ulogd[119383]: registering plugin `IP2STR' Jun 02 08:46:13.229013 osdx ulogd[119383]: registering plugin `PRINTFLOW' Jun 02 08:46:13.229160 osdx ulogd[119383]: registering plugin `SYSLOG' Jun 02 08:46:13.229214 osdx ulogd[119383]: building new pluginstance stack: 'ct1:NFCT,ip2str1:IP2STR,print1:PRINTFLOW,sys1:SYSLOG' Jun 02 08:46:13.229355 osdx ulogd[119383]: NFCT plugin working in event mode Jun 02 08:46:13.229432 osdx ulogd[119383]: Changing UID / GID Jun 02 08:46:13.229669 osdx ulogd[119383]: initialization finished, entering main loop Jun 02 08:46:13.232386 osdx cfgd[1665]: [68589]Completed change to active configuration Jun 02 08:46:13.249232 osdx OSDxCLI[68589]: User 'admin' committed the configuration. Jun 02 08:46:13.339535 osdx OSDxCLI[68589]: User 'admin' left the configuration menu. Jun 02 08:46:14.105910 osdx ulogd[119383]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 Jun 02 08:46:14.185970 osdx ulogd[119383]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0
Destroy events
Description
Check DESTROY sessions events are captured
Scenario
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 192.168.100.1/24 set service ssh set system conntrack logging events destroy set system conntrack timeout icmp 1 set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 2: Set the following configuration in DUT1 :
set interfaces ethernet eth0 address 192.168.100.2/24 set protocols static route 0.0.0.0/0 next-hop 192.168.100.1 set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 3: Ping IP address 192.168.100.1 from DUT1:
admin@DUT1$ ping 192.168.100.1 count 1 size 56 timeout 1Show output
PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data. 64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.407 ms --- 192.168.100.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.407/0.407/0.407/0.000 ms
Step 4: Ping IP address 192.168.100.1 from DUT1:
admin@DUT1$ ping 192.168.100.1 count 3 size 56 timeout 1Show output
PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data. 64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.228 ms 64 bytes from 192.168.100.1: icmp_seq=2 ttl=64 time=0.317 ms 64 bytes from 192.168.100.1: icmp_seq=3 ttl=64 time=0.270 ms --- 192.168.100.1 ping statistics --- 3 packets transmitted, 3 received, 0% packet loss, time 2043ms rtt min/avg/max/mdev = 0.228/0.271/0.317/0.036 ms
Step 5: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
ulogd\[.*\]:.*\[DESTROY\].*SRC=192.168.100.2Show output
Jun 02 08:46:18.000178 osdx systemd-timedated[115866]: Changed local time to Tue 2026-06-02 08:46:18 UTC Jun 02 08:46:18.001072 osdx systemd-journald[1972]: Time jumped backwards, rotating. Jun 02 08:46:18.001457 osdx OSDxCLI[68589]: User 'admin' executed a new command: 'set date 2026-06-02 08:46:18'. Jun 02 08:46:18.322875 osdx sudo[119541]: pam_limits(sudo:session): invalid line '@200:215 hard maxlogins ' - skipped Jun 02 08:46:18.326108 osdx systemd-journald[1972]: Runtime Journal (/run/log/journal/a0363f0a73514b24b35c4ba7ae73dc6e) is 1.8M, max 13.8M, 11.9M free. Jun 02 08:46:18.329072 osdx systemd-journald[1972]: Received client request to rotate journal, rotating. Jun 02 08:46:18.329121 osdx systemd-journald[1972]: Vacuuming done, freed 0B of archived journals from /run/log/journal/a0363f0a73514b24b35c4ba7ae73dc6e. Jun 02 08:46:18.331077 osdx sudo[119540]: pam_limits(sudo:session): invalid line '@200:215 hard maxlogins ' - skipped Jun 02 08:46:18.336966 osdx OSDxCLI[68589]: User 'admin' executed a new command: 'system journal clear'. Jun 02 08:46:18.554012 osdx OSDxCLI[68589]: User 'admin' executed a new command: 'system coredump delete all'. Jun 02 08:46:18.784358 osdx OSDxCLI[68589]: User 'admin' entered the configuration menu. Jun 02 08:46:18.876487 osdx OSDxCLI[68589]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 192.168.100.1/24'. Jun 02 08:46:19.003567 osdx OSDxCLI[68589]: User 'admin' added a new cfg line: 'set system conntrack logging events destroy'. Jun 02 08:46:19.094133 osdx OSDxCLI[68589]: User 'admin' added a new cfg line: 'set system conntrack timeout icmp 1'. Jun 02 08:46:19.201578 osdx OSDxCLI[68589]: User 'admin' added a new cfg line: 'set service ssh'. Jun 02 08:46:19.273963 osdx OSDxCLI[68589]: User 'admin' added a new cfg line: 'show working'. Jun 02 08:46:19.373827 osdx ubnt-cfgd[119569]: inactive Jun 02 08:46:19.398127 osdx INFO[119583]: FRR daemons did not change Jun 02 08:46:19.433089 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Jun 02 08:46:19.505373 osdx sudo[119675]: pam_limits(sudo:session): invalid line '@200:215 hard maxlogins ' - skipped Jun 02 08:46:19.541406 osdx systemd[1]: Starting ulogd2.service - Netfilter Userspace Logging Daemon... Jun 02 08:46:19.542189 osdx systemd[1]: ulogd2.service: Failed to parse PID from file /run/ulog/ulogd.pid: Invalid argument Jun 02 08:46:19.545111 osdx systemd[1]: Started ulogd2.service - Netfilter Userspace Logging Daemon. Jun 02 08:46:19.545638 osdx ulogd[119678]: registering plugin `NFCT' Jun 02 08:46:19.545887 osdx ulogd[119678]: registering plugin `IP2STR' Jun 02 08:46:19.545968 osdx ulogd[119678]: registering plugin `PRINTFLOW' Jun 02 08:46:19.546048 osdx ulogd[119678]: registering plugin `SYSLOG' Jun 02 08:46:19.546083 osdx ulogd[119678]: building new pluginstance stack: 'ct1:NFCT,ip2str1:IP2STR,print1:PRINTFLOW,sys1:SYSLOG' Jun 02 08:46:19.546166 osdx ulogd[119678]: NFCT plugin working in event mode Jun 02 08:46:19.546215 osdx ulogd[119678]: Changing UID / GID Jun 02 08:46:19.546325 osdx ulogd[119678]: initialization finished, entering main loop Jun 02 08:46:19.637447 osdx systemd[1]: Starting ssh.service - OpenBSD Secure Shell server... Jun 02 08:46:19.652478 osdx sshd[119684]: Server listening on 0.0.0.0 port 22. Jun 02 08:46:19.652713 osdx sshd[119684]: Server listening on :: port 22. Jun 02 08:46:19.652865 osdx systemd[1]: Started ssh.service - OpenBSD Secure Shell server. Jun 02 08:46:19.675946 osdx cfgd[1665]: [68589]Completed change to active configuration Jun 02 08:46:19.689416 osdx OSDxCLI[68589]: User 'admin' committed the configuration. Jun 02 08:46:19.721219 osdx OSDxCLI[68589]: User 'admin' left the configuration menu. Jun 02 08:46:21.717752 osdx ulogd[119678]: [DESTROY] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 Jun 02 08:46:22.741700 osdx ulogd[119678]: [DESTROY] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84
Default logging
Description
Set a simple configuration, send a ping command from one device to other
and check that default fields appear when running system journal show.
Scenario
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 192.168.100.1/24 set system conntrack logging events all set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 2: Set the following configuration in DUT1 :
set interfaces ethernet eth0 address 192.168.100.2/24 set protocols static route 0.0.0.0/0 next-hop 192.168.100.1 set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 3: Ping IP address 192.168.100.1 from DUT1:
admin@DUT1$ ping 192.168.100.1 count 1 size 56 timeout 1Show output
PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data. 64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.358 ms --- 192.168.100.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.358/0.358/0.358/0.000 ms
Step 4: Ping IP address 192.168.100.1 from DUT1:
admin@DUT1$ ping 192.168.100.1 count 1 size 56 timeout 1Show output
PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data. 64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.253 ms --- 192.168.100.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.253/0.253/0.253/0.000 ms
Step 5: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
ulogd\[.*\]:.*\[((NEW)|(UPDATE)|(DESTROY))\].*SRC=192.168.100.2Show output
Jun 02 08:46:30.297080 osdx systemd-journald[1972]: Runtime Journal (/run/log/journal/a0363f0a73514b24b35c4ba7ae73dc6e) is 1.9M, max 13.8M, 11.9M free. Jun 02 08:46:30.299851 osdx systemd-journald[1972]: Received client request to rotate journal, rotating. Jun 02 08:46:30.299897 osdx systemd-journald[1972]: Vacuuming done, freed 0B of archived journals from /run/log/journal/a0363f0a73514b24b35c4ba7ae73dc6e. Jun 02 08:46:30.301107 osdx sudo[119865]: pam_limits(sudo:session): invalid line '@200:215 hard maxlogins ' - skipped Jun 02 08:46:30.307182 osdx OSDxCLI[68589]: User 'admin' executed a new command: 'system journal clear'. Jun 02 08:46:30.542196 osdx OSDxCLI[68589]: User 'admin' executed a new command: 'system coredump delete all'. Jun 02 08:46:30.769176 osdx OSDxCLI[68589]: User 'admin' entered the configuration menu. Jun 02 08:46:30.854338 osdx OSDxCLI[68589]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 192.168.100.1/24'. Jun 02 08:46:30.930499 osdx OSDxCLI[68589]: User 'admin' added a new cfg line: 'set system conntrack logging events all'. Jun 02 08:46:30.998919 osdx OSDxCLI[68589]: User 'admin' added a new cfg line: 'show working'. Jun 02 08:46:31.081709 osdx ubnt-cfgd[119892]: inactive Jun 02 08:46:31.100279 osdx INFO[119900]: FRR daemons did not change Jun 02 08:46:31.139859 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Jun 02 08:46:31.193078 osdx sudo[119990]: pam_limits(sudo:session): invalid line '@200:215 hard maxlogins ' - skipped Jun 02 08:46:31.228103 osdx systemd[1]: Starting ulogd2.service - Netfilter Userspace Logging Daemon... Jun 02 08:46:31.229019 osdx systemd[1]: ulogd2.service: Failed to parse PID from file /run/ulog/ulogd.pid: Invalid argument Jun 02 08:46:31.229320 osdx systemd[1]: Started ulogd2.service - Netfilter Userspace Logging Daemon. Jun 02 08:46:31.230453 osdx ulogd[119993]: registering plugin `NFCT' Jun 02 08:46:31.230629 osdx ulogd[119993]: registering plugin `IP2STR' Jun 02 08:46:31.230694 osdx ulogd[119993]: registering plugin `PRINTFLOW' Jun 02 08:46:31.230760 osdx ulogd[119993]: registering plugin `SYSLOG' Jun 02 08:46:31.230784 osdx ulogd[119993]: building new pluginstance stack: 'ct1:NFCT,ip2str1:IP2STR,print1:PRINTFLOW,sys1:SYSLOG' Jun 02 08:46:31.230791 osdx cfgd[1665]: [68589]Completed change to active configuration Jun 02 08:46:31.230972 osdx ulogd[119993]: NFCT plugin working in event mode Jun 02 08:46:31.231015 osdx ulogd[119993]: Changing UID / GID Jun 02 08:46:31.231123 osdx ulogd[119993]: initialization finished, entering main loop Jun 02 08:46:31.241841 osdx OSDxCLI[68589]: User 'admin' committed the configuration. Jun 02 08:46:31.261802 osdx OSDxCLI[68589]: User 'admin' left the configuration menu. Jun 02 08:46:32.106846 osdx ulogd[119993]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 Jun 02 08:46:32.106865 osdx ulogd[119993]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 Jun 02 08:46:32.183704 osdx ulogd[119993]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 Jun 02 08:46:32.183721 osdx ulogd[119993]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0
Identity logging
Description
Set a simple configuration with identity OSDx_DUT0 for logs entries, send a ping command from one device to other
and check that the identity has changed when running system journal show.
Scenario
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 192.168.100.1/24 set system conntrack logging events all set system conntrack logging identity OSDx_DUT0 set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 2: Set the following configuration in DUT1 :
set interfaces ethernet eth0 address 192.168.100.2/24 set protocols static route 0.0.0.0/0 next-hop 192.168.100.1 set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 3: Ping IP address 192.168.100.1 from DUT1:
admin@DUT1$ ping 192.168.100.1 count 1 size 56 timeout 1Show output
PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data. 64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.379 ms --- 192.168.100.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.379/0.379/0.379/0.000 ms
Step 4: Ping IP address 192.168.100.1 from DUT1:
admin@DUT1$ ping 192.168.100.1 count 1 size 56 timeout 1Show output
PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data. 64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.258 ms --- 192.168.100.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.258/0.258/0.258/0.000 ms
Step 5: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
OSDx_DUT0\[.*\]:.*\[((NEW)|(UPDATE)|(DESTROY))\].*SRC=192.168.100.2Show output
Jun 02 08:46:36.000182 osdx systemd-timedated[115866]: Changed local time to Tue 2026-06-02 08:46:36 UTC Jun 02 08:46:36.001627 osdx OSDxCLI[68589]: User 'admin' executed a new command: 'set date 2026-06-02 08:46:36'. Jun 02 08:46:36.001979 osdx systemd-journald[1972]: Time jumped backwards, rotating. Jun 02 08:46:36.330213 osdx sudo[120151]: pam_limits(sudo:session): invalid line '@200:215 hard maxlogins ' - skipped Jun 02 08:46:36.334206 osdx systemd-journald[1972]: Runtime Journal (/run/log/journal/a0363f0a73514b24b35c4ba7ae73dc6e) is 1.8M, max 13.8M, 11.9M free. Jun 02 08:46:36.338045 osdx systemd-journald[1972]: Received client request to rotate journal, rotating. Jun 02 08:46:36.338106 osdx systemd-journald[1972]: Vacuuming done, freed 0B of archived journals from /run/log/journal/a0363f0a73514b24b35c4ba7ae73dc6e. Jun 02 08:46:36.338579 osdx sudo[120150]: pam_limits(sudo:session): invalid line '@200:215 hard maxlogins ' - skipped Jun 02 08:46:36.345033 osdx OSDxCLI[68589]: User 'admin' executed a new command: 'system journal clear'. Jun 02 08:46:36.572245 osdx OSDxCLI[68589]: User 'admin' executed a new command: 'system coredump delete all'. Jun 02 08:46:36.826187 osdx OSDxCLI[68589]: User 'admin' entered the configuration menu. Jun 02 08:46:36.947967 osdx OSDxCLI[68589]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 192.168.100.1/24'. Jun 02 08:46:37.018679 osdx OSDxCLI[68589]: User 'admin' added a new cfg line: 'set system conntrack logging events all'. Jun 02 08:46:37.130334 osdx OSDxCLI[68589]: User 'admin' added a new cfg line: 'set system conntrack logging identity OSDx_DUT0'. Jun 02 08:46:37.204140 osdx OSDxCLI[68589]: User 'admin' added a new cfg line: 'show working'. Jun 02 08:46:37.308382 osdx ubnt-cfgd[120178]: inactive Jun 02 08:46:37.327237 osdx INFO[120186]: FRR daemons did not change Jun 02 08:46:37.357979 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Jun 02 08:46:37.411802 osdx sudo[120276]: pam_limits(sudo:session): invalid line '@200:215 hard maxlogins ' - skipped Jun 02 08:46:37.442278 osdx systemd[1]: Starting ulogd2.service - Netfilter Userspace Logging Daemon... Jun 02 08:46:37.443053 osdx systemd[1]: Started ulogd2.service - Netfilter Userspace Logging Daemon. Jun 02 08:46:37.443320 osdx ulogd[120279]: registering plugin `NFCT' Jun 02 08:46:37.443367 osdx ulogd[120279]: registering plugin `IP2STR' Jun 02 08:46:37.443424 osdx ulogd[120279]: registering plugin `PRINTFLOW' Jun 02 08:46:37.443478 osdx ulogd[120279]: registering plugin `SYSLOG' Jun 02 08:46:37.443539 osdx ulogd[120279]: building new pluginstance stack: 'ct1:NFCT,ip2str1:IP2STR,print1:PRINTFLOW,sys1:SYSLOG' Jun 02 08:46:37.443618 osdx ulogd[120279]: NFCT plugin working in event mode Jun 02 08:46:37.443658 osdx OSDx_DUT0[120279]: Changing UID / GID Jun 02 08:46:37.443770 osdx OSDx_DUT0[120279]: initialization finished, entering main loop Jun 02 08:46:37.445262 osdx cfgd[1665]: [68589]Completed change to active configuration Jun 02 08:46:37.458285 osdx OSDxCLI[68589]: User 'admin' committed the configuration. Jun 02 08:46:37.476030 osdx OSDxCLI[68589]: User 'admin' left the configuration menu. Jun 02 08:46:38.324160 osdx OSDx_DUT0[120279]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 Jun 02 08:46:38.324182 osdx OSDx_DUT0[120279]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 Jun 02 08:46:38.414810 osdx OSDx_DUT0[120279]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 Jun 02 08:46:38.414831 osdx OSDx_DUT0[120279]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0
Note
If the identity is not provided, “ulogd” will be used by default.
Step 6: Modify the following configuration lines in DUT0 :
delete system conntrack logging identity
Step 7: Ping IP address 192.168.100.1 from DUT1:
admin@DUT1$ ping 192.168.100.1 count 1 size 56 timeout 1Show output
PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data. 64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.291 ms --- 192.168.100.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.291/0.291/0.291/0.000 ms
Step 8: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
ulogd\[.*\]:.*\[((NEW)|(UPDATE)|(DESTROY))\].*SRC=192.168.100.2Show output
Jun 02 08:46:36.000182 osdx systemd-timedated[115866]: Changed local time to Tue 2026-06-02 08:46:36 UTC Jun 02 08:46:36.001627 osdx OSDxCLI[68589]: User 'admin' executed a new command: 'set date 2026-06-02 08:46:36'. Jun 02 08:46:36.001979 osdx systemd-journald[1972]: Time jumped backwards, rotating. Jun 02 08:46:36.330213 osdx sudo[120151]: pam_limits(sudo:session): invalid line '@200:215 hard maxlogins ' - skipped Jun 02 08:46:36.334206 osdx systemd-journald[1972]: Runtime Journal (/run/log/journal/a0363f0a73514b24b35c4ba7ae73dc6e) is 1.8M, max 13.8M, 11.9M free. Jun 02 08:46:36.338045 osdx systemd-journald[1972]: Received client request to rotate journal, rotating. Jun 02 08:46:36.338106 osdx systemd-journald[1972]: Vacuuming done, freed 0B of archived journals from /run/log/journal/a0363f0a73514b24b35c4ba7ae73dc6e. Jun 02 08:46:36.338579 osdx sudo[120150]: pam_limits(sudo:session): invalid line '@200:215 hard maxlogins ' - skipped Jun 02 08:46:36.345033 osdx OSDxCLI[68589]: User 'admin' executed a new command: 'system journal clear'. Jun 02 08:46:36.572245 osdx OSDxCLI[68589]: User 'admin' executed a new command: 'system coredump delete all'. Jun 02 08:46:36.826187 osdx OSDxCLI[68589]: User 'admin' entered the configuration menu. Jun 02 08:46:36.947967 osdx OSDxCLI[68589]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 192.168.100.1/24'. Jun 02 08:46:37.018679 osdx OSDxCLI[68589]: User 'admin' added a new cfg line: 'set system conntrack logging events all'. Jun 02 08:46:37.130334 osdx OSDxCLI[68589]: User 'admin' added a new cfg line: 'set system conntrack logging identity OSDx_DUT0'. Jun 02 08:46:37.204140 osdx OSDxCLI[68589]: User 'admin' added a new cfg line: 'show working'. Jun 02 08:46:37.308382 osdx ubnt-cfgd[120178]: inactive Jun 02 08:46:37.327237 osdx INFO[120186]: FRR daemons did not change Jun 02 08:46:37.357979 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Jun 02 08:46:37.411802 osdx sudo[120276]: pam_limits(sudo:session): invalid line '@200:215 hard maxlogins ' - skipped Jun 02 08:46:37.442278 osdx systemd[1]: Starting ulogd2.service - Netfilter Userspace Logging Daemon... Jun 02 08:46:37.443053 osdx systemd[1]: Started ulogd2.service - Netfilter Userspace Logging Daemon. Jun 02 08:46:37.443320 osdx ulogd[120279]: registering plugin `NFCT' Jun 02 08:46:37.443367 osdx ulogd[120279]: registering plugin `IP2STR' Jun 02 08:46:37.443424 osdx ulogd[120279]: registering plugin `PRINTFLOW' Jun 02 08:46:37.443478 osdx ulogd[120279]: registering plugin `SYSLOG' Jun 02 08:46:37.443539 osdx ulogd[120279]: building new pluginstance stack: 'ct1:NFCT,ip2str1:IP2STR,print1:PRINTFLOW,sys1:SYSLOG' Jun 02 08:46:37.443618 osdx ulogd[120279]: NFCT plugin working in event mode Jun 02 08:46:37.443658 osdx OSDx_DUT0[120279]: Changing UID / GID Jun 02 08:46:37.443770 osdx OSDx_DUT0[120279]: initialization finished, entering main loop Jun 02 08:46:37.445262 osdx cfgd[1665]: [68589]Completed change to active configuration Jun 02 08:46:37.458285 osdx OSDxCLI[68589]: User 'admin' committed the configuration. Jun 02 08:46:37.476030 osdx OSDxCLI[68589]: User 'admin' left the configuration menu. Jun 02 08:46:38.324160 osdx OSDx_DUT0[120279]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 Jun 02 08:46:38.324182 osdx OSDx_DUT0[120279]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 Jun 02 08:46:38.414810 osdx OSDx_DUT0[120279]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 Jun 02 08:46:38.414831 osdx OSDx_DUT0[120279]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 Jun 02 08:46:38.498118 osdx OSDxCLI[68589]: User 'admin' executed a new command: 'system journal show | cat'. Jun 02 08:46:38.663341 osdx OSDxCLI[68589]: User 'admin' entered the configuration menu. Jun 02 08:46:38.773072 osdx OSDxCLI[68589]: User 'admin' added a new cfg line: 'delete system conntrack logging identity'. Jun 02 08:46:38.891598 osdx OSDxCLI[68589]: User 'admin' added a new cfg line: 'show changes'. Jun 02 08:46:38.988651 osdx ubnt-cfgd[120315]: inactive Jun 02 08:46:39.010976 osdx INFO[120321]: FRR daemons did not change Jun 02 08:46:39.018952 osdx sudo[120326]: pam_limits(sudo:session): invalid line '@200:215 hard maxlogins ' - skipped Jun 02 08:46:39.023218 osdx OSDx_DUT0[120279]: Terminal signal received, exiting Jun 02 08:46:39.023346 osdx systemd[1]: Stopping ulogd2.service - Netfilter Userspace Logging Daemon... Jun 02 08:46:39.023677 osdx systemd[1]: ulogd2.service: Deactivated successfully. Jun 02 08:46:39.023801 osdx systemd[1]: Stopped ulogd2.service - Netfilter Userspace Logging Daemon. Jun 02 08:46:39.054506 osdx systemd[1]: Starting ulogd2.service - Netfilter Userspace Logging Daemon... Jun 02 08:46:39.055543 osdx systemd[1]: Started ulogd2.service - Netfilter Userspace Logging Daemon. Jun 02 08:46:39.055717 osdx ulogd[120330]: registering plugin `NFCT' Jun 02 08:46:39.055982 osdx ulogd[120330]: registering plugin `IP2STR' Jun 02 08:46:39.056078 osdx ulogd[120330]: registering plugin `PRINTFLOW' Jun 02 08:46:39.056183 osdx ulogd[120330]: registering plugin `SYSLOG' Jun 02 08:46:39.056230 osdx ulogd[120330]: building new pluginstance stack: 'ct1:NFCT,ip2str1:IP2STR,print1:PRINTFLOW,sys1:SYSLOG' Jun 02 08:46:39.056323 osdx ulogd[120330]: NFCT plugin working in event mode Jun 02 08:46:39.056368 osdx ulogd[120330]: Changing UID / GID Jun 02 08:46:39.056479 osdx ulogd[120330]: initialization finished, entering main loop Jun 02 08:46:39.057220 osdx cfgd[1665]: [68589]Completed change to active configuration Jun 02 08:46:39.058562 osdx ulogd[120330]: [DESTROY] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 Jun 02 08:46:39.058633 osdx ulogd[120330]: [DESTROY] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 Jun 02 08:46:39.059177 osdx OSDxCLI[68589]: User 'admin' committed the configuration. Jun 02 08:46:39.075927 osdx OSDxCLI[68589]: User 'admin' left the configuration menu. Jun 02 08:46:39.242624 osdx ulogd[120330]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 Jun 02 08:46:39.242642 osdx ulogd[120330]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0
Policies logging
Description
Set a simple configuration with mark and label traffic policies,
send a ping command from one device to other
and check that default, mark and label fields appear when running system journal show.
Scenario
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 192.168.100.1/24 set interfaces ethernet eth0 traffic policy in POLICY set system conntrack logging events all set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0' set traffic label TEST set traffic policy POLICY rule 1 set connmark 33 set traffic policy POLICY rule 1 set label TEST
Step 2: Set the following configuration in DUT1 :
set interfaces ethernet eth0 address 192.168.100.2/24 set protocols static route 0.0.0.0/0 next-hop 192.168.100.1 set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 3: Ping IP address 192.168.100.1 from DUT1:
admin@DUT1$ ping 192.168.100.1 count 1 size 56 timeout 1Show output
PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data. 64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.394 ms --- 192.168.100.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.394/0.394/0.394/0.000 ms
Step 4: Ping IP address 192.168.100.1 from DUT1:
admin@DUT1$ ping 192.168.100.1 count 2 size 56 timeout 1Show output
PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data. 64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.352 ms 64 bytes from 192.168.100.1: icmp_seq=2 ttl=64 time=0.259 ms --- 192.168.100.1 ping statistics --- 2 packets transmitted, 2 received, 0% packet loss, time 1021ms rtt min/avg/max/mdev = 0.259/0.305/0.352/0.046 ms
Step 5: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
ulogd\[.*\]:.*\[((NEW)|(UPDATE)|(DESTROY))\].*MARK=33.*LABELS=TESTShow output
Jun 02 08:46:43.000148 osdx systemd-timedated[115866]: Changed local time to Tue 2026-06-02 08:46:43 UTC Jun 02 08:46:43.001133 osdx systemd-journald[1972]: Time jumped backwards, rotating. Jun 02 08:46:43.001483 osdx OSDxCLI[68589]: User 'admin' executed a new command: 'set date 2026-06-02 08:46:43'. Jun 02 08:46:43.331410 osdx sudo[120464]: pam_limits(sudo:session): invalid line '@200:215 hard maxlogins ' - skipped Jun 02 08:46:43.334632 osdx systemd-journald[1972]: Runtime Journal (/run/log/journal/a0363f0a73514b24b35c4ba7ae73dc6e) is 1.9M, max 13.8M, 11.8M free. Jun 02 08:46:43.337095 osdx systemd-journald[1972]: Received client request to rotate journal, rotating. Jun 02 08:46:43.337187 osdx systemd-journald[1972]: Vacuuming done, freed 0B of archived journals from /run/log/journal/a0363f0a73514b24b35c4ba7ae73dc6e. Jun 02 08:46:43.339536 osdx sudo[120463]: pam_limits(sudo:session): invalid line '@200:215 hard maxlogins ' - skipped Jun 02 08:46:43.346073 osdx OSDxCLI[68589]: User 'admin' executed a new command: 'system journal clear'. Jun 02 08:46:43.578970 osdx OSDxCLI[68589]: User 'admin' executed a new command: 'system coredump delete all'. Jun 02 08:46:43.797761 osdx OSDxCLI[68589]: User 'admin' entered the configuration menu. Jun 02 08:46:43.895851 osdx OSDxCLI[68589]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 traffic policy in POLICY'. Jun 02 08:46:43.958507 osdx OSDxCLI[68589]: User 'admin' added a new cfg line: 'set traffic label TEST'. Jun 02 08:46:44.066773 osdx OSDxCLI[68589]: User 'admin' added a new cfg line: 'set traffic policy POLICY rule 1 set connmark 33'. Jun 02 08:46:44.132690 osdx OSDxCLI[68589]: User 'admin' added a new cfg line: 'set traffic policy POLICY rule 1 set label TEST'. Jun 02 08:46:44.221670 osdx OSDxCLI[68589]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 192.168.100.1/24'. Jun 02 08:46:44.290598 osdx OSDxCLI[68589]: User 'admin' added a new cfg line: 'set system conntrack logging events all'. Jun 02 08:46:44.429708 osdx OSDxCLI[68589]: User 'admin' added a new cfg line: 'show working'. Jun 02 08:46:44.490749 osdx ubnt-cfgd[120494]: inactive Jun 02 08:46:44.521549 osdx INFO[120508]: FRR daemons did not change Jun 02 08:46:44.553096 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Jun 02 08:46:44.615921 osdx sudo[120598]: pam_limits(sudo:session): invalid line '@200:215 hard maxlogins ' - skipped Jun 02 08:46:44.653374 osdx systemd[1]: Starting ulogd2.service - Netfilter Userspace Logging Daemon... Jun 02 08:46:44.654392 osdx systemd[1]: Started ulogd2.service - Netfilter Userspace Logging Daemon. Jun 02 08:46:44.654586 osdx ulogd[120601]: registering plugin `NFCT' Jun 02 08:46:44.654815 osdx ulogd[120601]: registering plugin `IP2STR' Jun 02 08:46:44.654899 osdx ulogd[120601]: registering plugin `PRINTFLOW' Jun 02 08:46:44.654988 osdx ulogd[120601]: registering plugin `SYSLOG' Jun 02 08:46:44.655023 osdx ulogd[120601]: building new pluginstance stack: 'ct1:NFCT,ip2str1:IP2STR,print1:PRINTFLOW,sys1:SYSLOG' Jun 02 08:46:44.655105 osdx ulogd[120601]: NFCT plugin working in event mode Jun 02 08:46:44.655151 osdx ulogd[120601]: Changing UID / GID Jun 02 08:46:44.655265 osdx ulogd[120601]: initialization finished, entering main loop Jun 02 08:46:44.662140 osdx sudo[120604]: pam_limits(sudo:session): invalid line '@200:215 hard maxlogins ' - skipped Jun 02 08:46:44.665721 osdx ulogd[120601]: Terminal signal received, exiting Jun 02 08:46:44.665802 osdx systemd[1]: Stopping ulogd2.service - Netfilter Userspace Logging Daemon... Jun 02 08:46:44.666073 osdx systemd[1]: ulogd2.service: Deactivated successfully. Jun 02 08:46:44.666164 osdx systemd[1]: Stopped ulogd2.service - Netfilter Userspace Logging Daemon. Jun 02 08:46:44.667093 osdx systemd[1]: Starting ulogd2.service - Netfilter Userspace Logging Daemon... Jun 02 08:46:44.667936 osdx systemd[1]: ulogd2.service: Failed to parse PID from file /run/ulog/ulogd.pid: Invalid argument Jun 02 08:46:44.668294 osdx systemd[1]: Started ulogd2.service - Netfilter Userspace Logging Daemon. Jun 02 08:46:44.671087 osdx ulogd[120607]: registering plugin `NFCT' Jun 02 08:46:44.671381 osdx ulogd[120607]: registering plugin `IP2STR' Jun 02 08:46:44.671476 osdx ulogd[120607]: registering plugin `PRINTFLOW' Jun 02 08:46:44.671572 osdx ulogd[120607]: registering plugin `SYSLOG' Jun 02 08:46:44.671611 osdx ulogd[120607]: building new pluginstance stack: 'ct1:NFCT,ip2str1:IP2STR,print1:PRINTFLOW,sys1:SYSLOG' Jun 02 08:46:44.671696 osdx ulogd[120607]: NFCT plugin working in event mode Jun 02 08:46:44.671736 osdx ulogd[120607]: Changing UID / GID Jun 02 08:46:44.671848 osdx ulogd[120607]: initialization finished, entering main loop Jun 02 08:46:44.833986 osdx cfgd[1665]: [68589]Completed change to active configuration Jun 02 08:46:44.845371 osdx OSDxCLI[68589]: User 'admin' committed the configuration. Jun 02 08:46:44.870422 osdx OSDxCLI[68589]: User 'admin' left the configuration menu. Jun 02 08:46:45.720031 osdx ulogd[120607]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 MARK=33 LABELS=TEST Jun 02 08:46:45.720049 osdx ulogd[120607]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 MARK=33 Jun 02 08:46:45.820719 osdx ulogd[120607]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 MARK=33 LABELS=TEST Jun 02 08:46:45.820741 osdx ulogd[120607]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 MARK=33
VRF logging
Description
Set a simple configuration with a vrf,
send a ping command from one device to other
and check that default and vrf fields appear when running system journal show.
Scenario
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 192.168.100.1/24 set interfaces ethernet eth0 vrf RED set protocols vrf RED static route 0.0.0.0/0 next-hop 192.168.100.2 set system conntrack logging events all set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0' set system vrf RED
Step 2: Set the following configuration in DUT1 :
set interfaces ethernet eth0 address 192.168.100.2/24 set protocols static route 0.0.0.0/0 next-hop 192.168.100.1 set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 3: Ping IP address 192.168.100.1 from DUT1:
admin@DUT1$ ping 192.168.100.1 count 1 size 56 timeout 1Show output
PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data. 64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.377 ms --- 192.168.100.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.377/0.377/0.377/0.000 ms
Step 4: Ping IP address 192.168.100.1 from DUT1:
admin@DUT1$ ping 192.168.100.1 count 1 size 56 timeout 1Show output
PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data. 64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.220 ms --- 192.168.100.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.220/0.220/0.220/0.000 ms
Step 5: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
ulogd\[.*\]:.*\[((NEW)|(UPDATE)|(DESTROY))\].*VRF=REDShow output
Jun 02 08:46:51.000156 osdx systemd-timedated[115866]: Changed local time to Tue 2026-06-02 08:46:51 UTC Jun 02 08:46:51.001001 osdx systemd-journald[1972]: Time jumped backwards, rotating. Jun 02 08:46:51.001669 osdx OSDxCLI[68589]: User 'admin' executed a new command: 'set date 2026-06-02 08:46:51'. Jun 02 08:46:51.322422 osdx sudo[120807]: pam_limits(sudo:session): invalid line '@200:215 hard maxlogins ' - skipped Jun 02 08:46:51.326257 osdx systemd-journald[1972]: Runtime Journal (/run/log/journal/a0363f0a73514b24b35c4ba7ae73dc6e) is 1.9M, max 13.8M, 11.8M free. Jun 02 08:46:51.329017 osdx systemd-journald[1972]: Received client request to rotate journal, rotating. Jun 02 08:46:51.329076 osdx systemd-journald[1972]: Vacuuming done, freed 0B of archived journals from /run/log/journal/a0363f0a73514b24b35c4ba7ae73dc6e. Jun 02 08:46:51.331425 osdx sudo[120806]: pam_limits(sudo:session): invalid line '@200:215 hard maxlogins ' - skipped Jun 02 08:46:51.340106 osdx OSDxCLI[68589]: User 'admin' executed a new command: 'system journal clear'. Jun 02 08:46:51.601196 osdx OSDxCLI[68589]: User 'admin' executed a new command: 'system coredump delete all'. Jun 02 08:46:51.900789 osdx OSDxCLI[68589]: User 'admin' entered the configuration menu. Jun 02 08:46:51.987749 osdx OSDxCLI[68589]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 vrf RED'. Jun 02 08:46:52.070581 osdx OSDxCLI[68589]: User 'admin' added a new cfg line: 'set protocols vrf RED static route 0.0.0.0/0 next-hop 192.168.100.2'. Jun 02 08:46:52.122011 osdx OSDxCLI[68589]: User 'admin' added a new cfg line: 'set system vrf RED'. Jun 02 08:46:52.245637 osdx OSDxCLI[68589]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 192.168.100.1/24'. Jun 02 08:46:52.309185 osdx OSDxCLI[68589]: User 'admin' added a new cfg line: 'set system conntrack logging events all'. Jun 02 08:46:52.421814 osdx OSDxCLI[68589]: User 'admin' added a new cfg line: 'show working'. Jun 02 08:46:52.484486 osdx ubnt-cfgd[120836]: inactive Jun 02 08:46:52.506927 osdx INFO[120844]: FRR daemons did not change Jun 02 08:46:52.511162 osdx sudo[120849]: pam_limits(sudo:session): invalid line '@200:215 hard maxlogins ' - skipped Jun 02 08:46:52.516305 osdx (udev-worker)[120855]: RED: Could not disable auto negotiation, ignoring: Operation not supported Jun 02 08:46:52.516597 osdx (udev-worker)[120855]: Network interface NamePolicy= disabled on kernel command line. Jun 02 08:46:52.545025 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Jun 02 08:46:52.597013 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Jun 02 08:46:52.661245 osdx sudo[121009]: pam_limits(sudo:session): invalid line '@200:215 hard maxlogins ' - skipped Jun 02 08:46:52.685277 osdx systemd[1]: Starting ulogd2.service - Netfilter Userspace Logging Daemon... Jun 02 08:46:52.686175 osdx systemd[1]: ulogd2.service: Failed to parse PID from file /run/ulog/ulogd.pid: Invalid argument Jun 02 08:46:52.686727 osdx ulogd[121012]: registering plugin `NFCT' Jun 02 08:46:52.686904 osdx ulogd[121012]: registering plugin `IP2STR' Jun 02 08:46:52.686972 osdx ulogd[121012]: registering plugin `PRINTFLOW' Jun 02 08:46:52.687039 osdx ulogd[121012]: registering plugin `SYSLOG' Jun 02 08:46:52.687072 osdx ulogd[121012]: building new pluginstance stack: 'ct1:NFCT,ip2str1:IP2STR,print1:PRINTFLOW,sys1:SYSLOG' Jun 02 08:46:52.687146 osdx ulogd[121012]: NFCT plugin working in event mode Jun 02 08:46:52.687178 osdx ulogd[121012]: Changing UID / GID Jun 02 08:46:52.687264 osdx ulogd[121012]: initialization finished, entering main loop Jun 02 08:46:52.701068 osdx systemd[1]: Started ulogd2.service - Netfilter Userspace Logging Daemon. Jun 02 08:46:52.702623 osdx cfgd[1665]: [68589]Completed change to active configuration Jun 02 08:46:52.716184 osdx OSDxCLI[68589]: User 'admin' committed the configuration. Jun 02 08:46:52.732698 osdx OSDxCLI[68589]: User 'admin' left the configuration menu. Jun 02 08:46:53.551072 osdx ulogd[121012]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 VRF=RED PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 VRF=RED PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 Jun 02 08:46:53.551091 osdx ulogd[121012]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 VRF=RED PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 VRF=RED PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 Jun 02 08:46:53.627938 osdx ulogd[121012]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 VRF=RED PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 VRF=RED PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 Jun 02 08:46:53.627958 osdx ulogd[121012]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 VRF=RED PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 VRF=RED PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0
Not-Bypass logging
Description
Set a simple configuration with a firewall service,
send a ping command from one device to other
and check that default and bypass fields appear when running system journal show.
Scenario
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth1 address 10.215.168.64/24 set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 2: Ping IP address 10.215.168.1 from DUT0:
admin@DUT0$ ping 10.215.168.1 count 1 size 56 timeout 1Show output
PING 10.215.168.1 (10.215.168.1) 56(84) bytes of data. 64 bytes from 10.215.168.1: icmp_seq=1 ttl=64 time=0.184 ms --- 10.215.168.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.184/0.184/0.184/0.000 ms
Step 3: Run command file copy http://10.215.168.1/~robot/test-performance.rules running:// force at DUT0 and expect this output:
Show output
% Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 100 129 100 129 0 0 5062 0 --:--:-- --:--:-- --:--:-- 5160
Step 4: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 192.168.100.1/24 set interfaces ethernet eth0 traffic policy in POLICY set interfaces ethernet eth1 address 10.215.168.64/24 set service firewall FW mode inline queue FW_Q set service firewall FW ruleset file 'running://test-performance.rules' set service firewall FW stream bypass mark 129834765 set service firewall FW stream bypass mask 129834765 set service firewall FW stream bypass set-connmark set system conntrack logging events all set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0' set traffic policy POLICY rule 1 action enqueue FW_Q set traffic queue FW_Q elements 1
Step 5: Set the following configuration in DUT1 :
set interfaces ethernet eth0 address 192.168.100.2/24 set protocols static route 0.0.0.0/0 next-hop 192.168.100.1 set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 6: Ping IP address 192.168.100.1 from DUT1:
admin@DUT1$ ping 192.168.100.1 count 1 size 56 timeout 1Show output
PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data. 64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.657 ms --- 192.168.100.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.657/0.657/0.657/0.000 ms
Step 7: Ping IP address 192.168.100.1 from DUT1:
admin@DUT1$ ping 192.168.100.1 count 1 size 56 timeout 1Show output
PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data. 64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.331 ms --- 192.168.100.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.331/0.331/0.331/0.000 ms
Step 8: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
ulogd\[.*\]:.*\[((NEW)|(UPDATE)|(DESTROY))\].*Sc: not-bypassShow output
Jun 02 08:46:58.295521 osdx systemd-journald[1972]: Runtime Journal (/run/log/journal/a0363f0a73514b24b35c4ba7ae73dc6e) is 1.9M, max 13.8M, 11.8M free. Jun 02 08:46:58.296369 osdx systemd-journald[1972]: Received client request to rotate journal, rotating. Jun 02 08:46:58.296403 osdx systemd-journald[1972]: Vacuuming done, freed 0B of archived journals from /run/log/journal/a0363f0a73514b24b35c4ba7ae73dc6e. Jun 02 08:46:58.300384 osdx sudo[121250]: pam_limits(sudo:session): invalid line '@200:215 hard maxlogins ' - skipped Jun 02 08:46:58.306900 osdx OSDxCLI[68589]: User 'admin' executed a new command: 'system journal clear'. Jun 02 08:46:58.519456 osdx OSDxCLI[68589]: User 'admin' executed a new command: 'system coredump delete all'. Jun 02 08:46:58.734102 osdx OSDxCLI[68589]: User 'admin' entered the configuration menu. Jun 02 08:46:58.826191 osdx OSDxCLI[68589]: User 'admin' added a new cfg line: 'set interfaces ethernet eth1 address 10.215.168.64/24'. Jun 02 08:46:58.898999 osdx OSDxCLI[68589]: User 'admin' added a new cfg line: 'show working'. Jun 02 08:46:58.995720 osdx ubnt-cfgd[121276]: inactive Jun 02 08:46:59.015938 osdx INFO[121284]: FRR daemons did not change Jun 02 08:46:59.044378 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth1 Jun 02 08:46:59.095068 osdx cfgd[1665]: [68589]Completed change to active configuration Jun 02 08:46:59.105785 osdx OSDxCLI[68589]: User 'admin' committed the configuration. Jun 02 08:46:59.121887 osdx OSDxCLI[68589]: User 'admin' left the configuration menu. Jun 02 08:46:59.275092 osdx OSDxCLI[68589]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'. Jun 02 08:46:59.342368 osdx sudo[121402]: pam_limits(sudo:session): invalid line '@200:215 hard maxlogins ' - skipped Jun 02 08:46:59.408329 osdx file_operation[121405]: using src url: http://10.215.168.1/~robot/test-performance.rules dst url: running:// Jun 02 08:46:59.452493 osdx sudo[121412]: pam_limits(sudo:session): invalid line '@200:215 hard maxlogins ' - skipped Jun 02 08:46:59.454052 osdx OSDxCLI[68589]: User 'admin' executed a new command: 'file copy http://10.215.168.1/~robot/test-performance.rules running:// force'. Jun 02 08:46:59.593662 osdx OSDxCLI[68589]: User 'admin' entered the configuration menu. Jun 02 08:46:59.660222 osdx OSDxCLI[68589]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 traffic policy in POLICY'. Jun 02 08:46:59.761433 osdx OSDxCLI[68589]: User 'admin' added a new cfg line: 'set service firewall FW mode inline queue FW_Q'. Jun 02 08:46:59.815006 osdx OSDxCLI[68589]: User 'admin' added a new cfg line: 'set service firewall FW ruleset file running://test-performance.rules'. Jun 02 08:46:59.913411 osdx OSDxCLI[68589]: User 'admin' added a new cfg line: 'set service firewall FW stream bypass'. Jun 02 08:46:59.971492 osdx OSDxCLI[68589]: User 'admin' added a new cfg line: 'set service firewall FW stream bypass mark 129834765'. Jun 02 08:47:00.073109 osdx OSDxCLI[68589]: User 'admin' added a new cfg line: 'set service firewall FW stream bypass mask 129834765'. Jun 02 08:47:00.131151 osdx OSDxCLI[68589]: User 'admin' added a new cfg line: 'set service firewall FW stream bypass set-connmark'. Jun 02 08:47:00.233033 osdx OSDxCLI[68589]: User 'admin' added a new cfg line: 'set traffic queue FW_Q elements 1'. Jun 02 08:47:00.292035 osdx OSDxCLI[68589]: User 'admin' added a new cfg line: 'set traffic policy POLICY rule 1 action enqueue FW_Q'. Jun 02 08:47:00.414036 osdx OSDxCLI[68589]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 192.168.100.1/24'. Jun 02 08:47:00.467351 osdx OSDxCLI[68589]: User 'admin' added a new cfg line: 'set system conntrack logging events all'. Jun 02 08:47:00.579508 osdx OSDxCLI[68589]: User 'admin' added a new cfg line: 'show working'. Jun 02 08:47:00.663150 osdx ubnt-cfgd[121441]: inactive Jun 02 08:47:00.702505 osdx INFO[121458]: FRR daemons did not change Jun 02 08:47:00.732379 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Jun 02 08:47:00.789509 osdx sudo[121548]: pam_limits(sudo:session): invalid line '@200:215 hard maxlogins ' - skipped Jun 02 08:47:00.812688 osdx systemd[1]: Starting ulogd2.service - Netfilter Userspace Logging Daemon... Jun 02 08:47:00.813628 osdx systemd[1]: ulogd2.service: Failed to parse PID from file /run/ulog/ulogd.pid: Invalid argument Jun 02 08:47:00.814173 osdx ulogd[121551]: registering plugin `NFCT' Jun 02 08:47:00.814223 osdx ulogd[121551]: registering plugin `IP2STR' Jun 02 08:47:00.814267 osdx ulogd[121551]: registering plugin `PRINTFLOW' Jun 02 08:47:00.814317 osdx ulogd[121551]: registering plugin `SYSLOG' Jun 02 08:47:00.814323 osdx ulogd[121551]: building new pluginstance stack: 'ct1:NFCT,ip2str1:IP2STR,print1:PRINTFLOW,sys1:SYSLOG' Jun 02 08:47:00.814374 osdx ulogd[121551]: NFCT plugin working in event mode Jun 02 08:47:00.814382 osdx ulogd[121551]: Changing UID / GID Jun 02 08:47:00.814470 osdx ulogd[121551]: initialization finished, entering main loop Jun 02 08:47:00.832419 osdx systemd[1]: Started ulogd2.service - Netfilter Userspace Logging Daemon. Jun 02 08:47:01.103038 osdx systemd[1]: Reloading. Jun 02 08:47:01.156376 osdx systemd-sysv-generator[121589]: stat() failed on /etc/init.d/README, ignoring: No such file or directory Jun 02 08:47:01.284914 osdx systemd[1]: Starting logrotate.service - Rotate log files... Jun 02 08:47:01.289510 osdx systemd[1]: Created slice system-suricata.slice - Slice /system/suricata. Jun 02 08:47:01.290336 osdx systemd[1]: Starting suricata@FW.service - Suricata client "FW" service... Jun 02 08:47:01.309741 osdx systemd[1]: logrotate.service: Deactivated successfully. Jun 02 08:47:01.309877 osdx systemd[1]: Finished logrotate.service - Rotate log files. Jun 02 08:47:01.559695 osdx systemd[1]: Started suricata@FW.service - Suricata client "FW" service. Jun 02 08:47:02.017873 osdx INFO[121570]: Rules successfully loaded Jun 02 08:47:02.028576 osdx sudo[121613]: pam_limits(sudo:session): invalid line '@200:215 hard maxlogins ' - skipped Jun 02 08:47:02.032844 osdx ulogd[121551]: Terminal signal received, exiting Jun 02 08:47:02.032972 osdx systemd[1]: Stopping ulogd2.service - Netfilter Userspace Logging Daemon... Jun 02 08:47:02.033429 osdx systemd[1]: ulogd2.service: Deactivated successfully. Jun 02 08:47:02.033551 osdx systemd[1]: Stopped ulogd2.service - Netfilter Userspace Logging Daemon. Jun 02 08:47:02.052777 osdx systemd[1]: Starting ulogd2.service - Netfilter Userspace Logging Daemon... Jun 02 08:47:02.053615 osdx systemd[1]: Started ulogd2.service - Netfilter Userspace Logging Daemon. Jun 02 08:47:02.053938 osdx ulogd[121617]: registering plugin `NFCT' Jun 02 08:47:02.054161 osdx ulogd[121617]: registering plugin `IP2STR' Jun 02 08:47:02.054234 osdx ulogd[121617]: registering plugin `PRINTFLOW' Jun 02 08:47:02.054533 osdx ulogd[121617]: registering plugin `SYSLOG' Jun 02 08:47:02.054576 osdx ulogd[121617]: building new pluginstance stack: 'ct1:NFCT,ip2str1:IP2STR,print1:PRINTFLOW,sys1:SYSLOG' Jun 02 08:47:02.054680 osdx ulogd[121617]: NFCT plugin working in event mode Jun 02 08:47:02.054738 osdx ulogd[121617]: Changing UID / GID Jun 02 08:47:02.055117 osdx cfgd[1665]: [68589]Completed change to active configuration Jun 02 08:47:02.055591 osdx ulogd[121617]: initialization finished, entering main loop Jun 02 08:47:02.065994 osdx OSDxCLI[68589]: User 'admin' committed the configuration. Jun 02 08:47:02.084695 osdx OSDxCLI[68589]: User 'admin' left the configuration menu. Jun 02 08:47:02.968211 osdx ulogd[121617]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 (Sc: not-bypass) Jun 02 08:47:02.968227 osdx ulogd[121617]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 (Sc: not-bypass) Jun 02 08:47:03.073590 osdx ulogd[121617]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 (Sc: not-bypass) Jun 02 08:47:03.073606 osdx ulogd[121617]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 (Sc: not-bypass)
Offload flag
Description
Set a simple configuration with DUT0 as an intermediary between DUT1
and DUT2. Initiate a ssh connection from DUT1 to DUT2
and check that default and offload fields appear when running system journal show.
Scenario
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 192.168.100.1/24 set interfaces ethernet eth1 address 192.168.200.1/24 set system conntrack logging events all set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 2: Set the following configuration in DUT1 :
set interfaces ethernet eth0 address 192.168.100.2/24 set protocols static route 0.0.0.0/0 next-hop 192.168.100.1 set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 3: Set the following configuration in DUT2 :
set interfaces ethernet eth0 address 192.168.200.2/24 set protocols static route 0.0.0.0/0 next-hop 192.168.200.1 set service ssh set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 4: Ping IP address 192.168.100.1 from DUT1:
admin@DUT1$ ping 192.168.100.1 count 1 size 56 timeout 1Show output
PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data. 64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.408 ms --- 192.168.100.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.408/0.408/0.408/0.000 ms
Step 5: Ping IP address 192.168.200.1 from DUT2:
admin@DUT2$ ping 192.168.200.1 count 1 size 56 timeout 1Show output
PING 192.168.200.1 (192.168.200.1) 56(84) bytes of data. 64 bytes from 192.168.200.1: icmp_seq=1 ttl=64 time=0.388 ms --- 192.168.200.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.388/0.388/0.388/0.000 ms
Step 6: Init an SSH connection from DUT1 to IP address 192.168.200.2 with the user admin:
admin@DUT1$ ssh admin@192.168.200.2 option StrictHostKeyChecking=no option UserKnownHostsFile=/dev/nullShow output
Warning: Permanently added '192.168.200.2' (ECDSA) to the list of known hosts. admin@192.168.200.2's password: Welcome to Teldat OSDx v4.2.4.10 This system includes free software. Contact Teldat for licenses information and source code. Last login: Tue Jun 2 08:45:48 2026 from 10.215.168.64 admin@osdx$
Step 7: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
ulogd\[.*\]:.*\[((NEW)|(UPDATE)|(DESTROY))\].*\[OFFLOAD\]Show output
Jun 02 08:47:10.365625 osdx systemd-journald[1972]: Runtime Journal (/run/log/journal/a0363f0a73514b24b35c4ba7ae73dc6e) is 1.9M, max 13.8M, 11.8M free. Jun 02 08:47:10.369349 osdx systemd-journald[1972]: Received client request to rotate journal, rotating. Jun 02 08:47:10.369409 osdx systemd-journald[1972]: Vacuuming done, freed 0B of archived journals from /run/log/journal/a0363f0a73514b24b35c4ba7ae73dc6e. Jun 02 08:47:10.371522 osdx sudo[121867]: pam_limits(sudo:session): invalid line '@200:215 hard maxlogins ' - skipped Jun 02 08:47:10.379125 osdx OSDxCLI[68589]: User 'admin' executed a new command: 'system journal clear'. Jun 02 08:47:10.632069 osdx OSDxCLI[68589]: User 'admin' executed a new command: 'system coredump delete all'. Jun 02 08:47:10.927480 osdx OSDxCLI[68589]: User 'admin' entered the configuration menu. Jun 02 08:47:11.038770 osdx OSDxCLI[68589]: User 'admin' added a new cfg line: 'set interfaces ethernet eth1 address 192.168.200.1/24'. Jun 02 08:47:11.128293 osdx OSDxCLI[68589]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 192.168.100.1/24'. Jun 02 08:47:11.189932 osdx OSDxCLI[68589]: User 'admin' added a new cfg line: 'set system conntrack logging events all'. Jun 02 08:47:11.334541 osdx OSDxCLI[68589]: User 'admin' added a new cfg line: 'show working'. Jun 02 08:47:11.402206 osdx ubnt-cfgd[121895]: inactive Jun 02 08:47:11.427781 osdx INFO[121905]: FRR daemons did not change Jun 02 08:47:11.461350 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth1 Jun 02 08:47:11.537355 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Jun 02 08:47:11.762681 osdx sudo[122072]: pam_limits(sudo:session): invalid line '@200:215 hard maxlogins ' - skipped Jun 02 08:47:11.793737 osdx systemd[1]: Starting ulogd2.service - Netfilter Userspace Logging Daemon... Jun 02 08:47:11.794849 osdx systemd[1]: Started ulogd2.service - Netfilter Userspace Logging Daemon. Jun 02 08:47:11.795063 osdx ulogd[122075]: registering plugin `NFCT' Jun 02 08:47:11.795288 osdx ulogd[122075]: registering plugin `IP2STR' Jun 02 08:47:11.795374 osdx ulogd[122075]: registering plugin `PRINTFLOW' Jun 02 08:47:11.795466 osdx ulogd[122075]: registering plugin `SYSLOG' Jun 02 08:47:11.795500 osdx ulogd[122075]: building new pluginstance stack: 'ct1:NFCT,ip2str1:IP2STR,print1:PRINTFLOW,sys1:SYSLOG' Jun 02 08:47:11.795577 osdx ulogd[122075]: NFCT plugin working in event mode Jun 02 08:47:11.795613 osdx ulogd[122075]: Changing UID / GID Jun 02 08:47:11.795722 osdx ulogd[122075]: initialization finished, entering main loop Jun 02 08:47:11.797417 osdx cfgd[1665]: [68589]Completed change to active configuration Jun 02 08:47:11.809802 osdx OSDxCLI[68589]: User 'admin' committed the configuration. Jun 02 08:47:11.826976 osdx OSDxCLI[68589]: User 'admin' left the configuration menu. Jun 02 08:47:14.059326 osdx ulogd[122075]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 Jun 02 08:47:14.059349 osdx ulogd[122075]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 Jun 02 08:47:14.162328 osdx ulogd[122075]: [NEW] ORIG: SRC=192.168.200.2 DST=192.168.200.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.200.1 DST=192.168.200.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 Jun 02 08:47:14.162350 osdx ulogd[122075]: [UPDATE] ORIG: SRC=192.168.200.2 DST=192.168.200.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.200.1 DST=192.168.200.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 Jun 02 08:47:14.241404 osdx ulogd[122075]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.200.2 PROTO=TCP SPT=57714 DPT=22 PKTS=0 BYTES=0 , REPLY: SRC=192.168.200.2 DST=192.168.100.2 PROTO=TCP SPT=22 DPT=57714 PKTS=0 BYTES=0 Jun 02 08:47:14.241590 osdx ulogd[122075]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.200.2 PROTO=TCP SPT=57714 DPT=22 PKTS=0 BYTES=0 , REPLY: SRC=192.168.200.2 DST=192.168.100.2 PROTO=TCP SPT=22 DPT=57714 PKTS=0 BYTES=0 Jun 02 08:47:14.241672 osdx ulogd[122075]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.200.2 PROTO=TCP SPT=57714 DPT=22 PKTS=0 BYTES=0 , REPLY: SRC=192.168.200.2 DST=192.168.100.2 PROTO=TCP SPT=22 DPT=57714 PKTS=0 BYTES=0 [OFFLOAD] Jun 02 08:47:14.556326 osdx ulogd[122075]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.200.2 PROTO=TCP SPT=57714 DPT=22 PKTS=0 BYTES=0 , REPLY: SRC=192.168.200.2 DST=192.168.100.2 PROTO=TCP SPT=22 DPT=57714 PKTS=0 BYTES=0 Jun 02 08:47:14.556350 osdx ulogd[122075]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.200.2 PROTO=TCP SPT=57714 DPT=22 PKTS=0 BYTES=0 , REPLY: SRC=192.168.200.2 DST=192.168.100.2 PROTO=TCP SPT=22 DPT=57714 PKTS=0 BYTES=0 [OFFLOAD] Jun 02 08:47:14.558018 osdx ulogd[122075]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.200.2 PROTO=TCP SPT=57714 DPT=22 PKTS=0 BYTES=0 , REPLY: SRC=192.168.200.2 DST=192.168.100.2 PROTO=TCP SPT=22 DPT=57714 PKTS=0 BYTES=0 Jun 02 08:47:14.558174 osdx ulogd[122075]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.200.2 PROTO=TCP SPT=57714 DPT=22 PKTS=0 BYTES=0 , REPLY: SRC=192.168.200.2 DST=192.168.100.2 PROTO=TCP SPT=22 DPT=57714 PKTS=0 BYTES=0 [OFFLOAD]
App detect logging
Description
Set a simple configuration enabling app detection in system conntrack, send a ping command from DUT1
and check app detect field appears when running system journal show. After that, enabling app detection
in system conntrack for http host, try to copy index.html from a http server
and check that the app detect field appears and belongs to the http server when running system journal show.
Scenario
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 192.168.100.1/24 set system conntrack app-detect set system conntrack logging events all set system conntrack timeout icmp 1 set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 2: Set the following configuration in DUT1 :
set interfaces ethernet eth0 address 192.168.100.2/24 set protocols static route 0.0.0.0/0 next-hop 192.168.100.1 set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 3: Ping IP address 192.168.100.1 from DUT1:
admin@DUT1$ ping 192.168.100.1 count 1 size 56 timeout 1Show output
PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data. 64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.359 ms --- 192.168.100.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.359/0.359/0.359/0.000 ms
Step 4: Ping IP address 192.168.100.1 from DUT1:
admin@DUT1$ ping 192.168.100.1 count 3 size 56 timeout 1Show output
PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data. 64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.253 ms 64 bytes from 192.168.100.1: icmp_seq=2 ttl=64 time=0.378 ms 64 bytes from 192.168.100.1: icmp_seq=3 ttl=64 time=0.308 ms --- 192.168.100.1 ping statistics --- 3 packets transmitted, 3 received, 0% packet loss, time 2026ms rtt min/avg/max/mdev = 0.253/0.313/0.378/0.051 ms
Step 5: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
ulogd\[.*\]:.*\[NEW\].*APPDETECT\[L3:1\]Show output
Jun 02 08:47:22.000169 osdx systemd-timedated[115866]: Changed local time to Tue 2026-06-02 08:47:22 UTC Jun 02 08:47:22.001764 osdx systemd-journald[1972]: Time jumped backwards, rotating. Jun 02 08:47:22.001778 osdx OSDxCLI[68589]: User 'admin' executed a new command: 'set date 2026-06-02 08:47:22'. Jun 02 08:47:22.322716 osdx sudo[122263]: pam_limits(sudo:session): invalid line '@200:215 hard maxlogins ' - skipped Jun 02 08:47:22.327046 osdx systemd-journald[1972]: Runtime Journal (/run/log/journal/a0363f0a73514b24b35c4ba7ae73dc6e) is 1.8M, max 13.8M, 11.9M free. Jun 02 08:47:22.329797 osdx systemd-journald[1972]: Received client request to rotate journal, rotating. Jun 02 08:47:22.329873 osdx systemd-journald[1972]: Vacuuming done, freed 0B of archived journals from /run/log/journal/a0363f0a73514b24b35c4ba7ae73dc6e. Jun 02 08:47:22.331673 osdx sudo[122262]: pam_limits(sudo:session): invalid line '@200:215 hard maxlogins ' - skipped Jun 02 08:47:22.337700 osdx OSDxCLI[68589]: User 'admin' executed a new command: 'system journal clear'. Jun 02 08:47:22.562913 osdx OSDxCLI[68589]: User 'admin' executed a new command: 'system coredump delete all'. Jun 02 08:47:22.784033 osdx OSDxCLI[68589]: User 'admin' entered the configuration menu. Jun 02 08:47:22.843160 osdx OSDxCLI[68589]: User 'admin' added a new cfg line: 'set system conntrack app-detect'. Jun 02 08:47:22.940373 osdx OSDxCLI[68589]: User 'admin' added a new cfg line: 'set system conntrack timeout icmp 1'. Jun 02 08:47:23.020788 osdx OSDxCLI[68589]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 192.168.100.1/24'. Jun 02 08:47:23.122470 osdx OSDxCLI[68589]: User 'admin' added a new cfg line: 'set system conntrack logging events all'. Jun 02 08:47:23.203660 osdx OSDxCLI[68589]: User 'admin' added a new cfg line: 'show working'. Jun 02 08:47:23.298978 osdx ubnt-cfgd[122291]: inactive Jun 02 08:47:23.319216 osdx INFO[122299]: FRR daemons did not change Jun 02 08:47:23.453767 osdx kernel: app-detect: module init Jun 02 08:47:23.453821 osdx kernel: app-detect: registered: sysctl net.appdetect Jun 02 08:47:23.453833 osdx kernel: app-detect: expression init Jun 02 08:47:23.453841 osdx kernel: app-detect: appid cache initialized Jun 02 08:47:23.453849 osdx kernel: app-detect: appid cache changes counter initialized Jun 02 08:47:23.459700 osdx modulelauncher[122302]: AppDetect: no change in application dictionaries, thus nothing more to do Jun 02 08:47:23.489770 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Jun 02 08:47:23.546432 osdx sudo[122411]: pam_limits(sudo:session): invalid line '@200:215 hard maxlogins ' - skipped Jun 02 08:47:23.578146 osdx systemd[1]: Starting ulogd2.service - Netfilter Userspace Logging Daemon... Jun 02 08:47:23.579025 osdx systemd[1]: Started ulogd2.service - Netfilter Userspace Logging Daemon. Jun 02 08:47:23.579994 osdx ulogd[122414]: registering plugin `NFCT' Jun 02 08:47:23.580508 osdx ulogd[122414]: registering plugin `IP2STR' Jun 02 08:47:23.580677 osdx ulogd[122414]: registering plugin `PRINTFLOW' Jun 02 08:47:23.580854 osdx ulogd[122414]: registering plugin `SYSLOG' Jun 02 08:47:23.580931 osdx ulogd[122414]: building new pluginstance stack: 'ct1:NFCT,ip2str1:IP2STR,print1:PRINTFLOW,sys1:SYSLOG' Jun 02 08:47:23.581079 osdx ulogd[122414]: NFCT plugin working in event mode Jun 02 08:47:23.581147 osdx ulogd[122414]: Changing UID / GID Jun 02 08:47:23.581383 osdx ulogd[122414]: initialization finished, entering main loop Jun 02 08:47:23.581780 osdx cfgd[1665]: [68589]Completed change to active configuration Jun 02 08:47:23.598571 osdx OSDxCLI[68589]: User 'admin' committed the configuration. Jun 02 08:47:23.617508 osdx OSDxCLI[68589]: User 'admin' left the configuration menu. Jun 02 08:47:24.433352 osdx ulogd[122414]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Jun 02 08:47:24.433370 osdx ulogd[122414]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Jun 02 08:47:24.517390 osdx ulogd[122414]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Jun 02 08:47:24.517409 osdx ulogd[122414]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Jun 02 08:47:25.542496 osdx ulogd[122414]: [DESTROY] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 APPDETECT[L3:1] Jun 02 08:47:25.542527 osdx ulogd[122414]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Jun 02 08:47:25.542551 osdx ulogd[122414]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Jun 02 08:47:26.543186 osdx ulogd[122414]: [DESTROY] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 APPDETECT[L3:1] Jun 02 08:47:26.543209 osdx ulogd[122414]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Jun 02 08:47:26.543221 osdx ulogd[122414]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1]
Step 6: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
ulogd\[.*\]:.*\[UPDATE\].*APPDETECT\[L3:1\]Show output
Jun 02 08:47:22.000169 osdx systemd-timedated[115866]: Changed local time to Tue 2026-06-02 08:47:22 UTC Jun 02 08:47:22.001764 osdx systemd-journald[1972]: Time jumped backwards, rotating. Jun 02 08:47:22.001778 osdx OSDxCLI[68589]: User 'admin' executed a new command: 'set date 2026-06-02 08:47:22'. Jun 02 08:47:22.322716 osdx sudo[122263]: pam_limits(sudo:session): invalid line '@200:215 hard maxlogins ' - skipped Jun 02 08:47:22.327046 osdx systemd-journald[1972]: Runtime Journal (/run/log/journal/a0363f0a73514b24b35c4ba7ae73dc6e) is 1.8M, max 13.8M, 11.9M free. Jun 02 08:47:22.329797 osdx systemd-journald[1972]: Received client request to rotate journal, rotating. Jun 02 08:47:22.329873 osdx systemd-journald[1972]: Vacuuming done, freed 0B of archived journals from /run/log/journal/a0363f0a73514b24b35c4ba7ae73dc6e. Jun 02 08:47:22.331673 osdx sudo[122262]: pam_limits(sudo:session): invalid line '@200:215 hard maxlogins ' - skipped Jun 02 08:47:22.337700 osdx OSDxCLI[68589]: User 'admin' executed a new command: 'system journal clear'. Jun 02 08:47:22.562913 osdx OSDxCLI[68589]: User 'admin' executed a new command: 'system coredump delete all'. Jun 02 08:47:22.784033 osdx OSDxCLI[68589]: User 'admin' entered the configuration menu. Jun 02 08:47:22.843160 osdx OSDxCLI[68589]: User 'admin' added a new cfg line: 'set system conntrack app-detect'. Jun 02 08:47:22.940373 osdx OSDxCLI[68589]: User 'admin' added a new cfg line: 'set system conntrack timeout icmp 1'. Jun 02 08:47:23.020788 osdx OSDxCLI[68589]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 192.168.100.1/24'. Jun 02 08:47:23.122470 osdx OSDxCLI[68589]: User 'admin' added a new cfg line: 'set system conntrack logging events all'. Jun 02 08:47:23.203660 osdx OSDxCLI[68589]: User 'admin' added a new cfg line: 'show working'. Jun 02 08:47:23.298978 osdx ubnt-cfgd[122291]: inactive Jun 02 08:47:23.319216 osdx INFO[122299]: FRR daemons did not change Jun 02 08:47:23.453767 osdx kernel: app-detect: module init Jun 02 08:47:23.453821 osdx kernel: app-detect: registered: sysctl net.appdetect Jun 02 08:47:23.453833 osdx kernel: app-detect: expression init Jun 02 08:47:23.453841 osdx kernel: app-detect: appid cache initialized Jun 02 08:47:23.453849 osdx kernel: app-detect: appid cache changes counter initialized Jun 02 08:47:23.459700 osdx modulelauncher[122302]: AppDetect: no change in application dictionaries, thus nothing more to do Jun 02 08:47:23.489770 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Jun 02 08:47:23.546432 osdx sudo[122411]: pam_limits(sudo:session): invalid line '@200:215 hard maxlogins ' - skipped Jun 02 08:47:23.578146 osdx systemd[1]: Starting ulogd2.service - Netfilter Userspace Logging Daemon... Jun 02 08:47:23.579025 osdx systemd[1]: Started ulogd2.service - Netfilter Userspace Logging Daemon. Jun 02 08:47:23.579994 osdx ulogd[122414]: registering plugin `NFCT' Jun 02 08:47:23.580508 osdx ulogd[122414]: registering plugin `IP2STR' Jun 02 08:47:23.580677 osdx ulogd[122414]: registering plugin `PRINTFLOW' Jun 02 08:47:23.580854 osdx ulogd[122414]: registering plugin `SYSLOG' Jun 02 08:47:23.580931 osdx ulogd[122414]: building new pluginstance stack: 'ct1:NFCT,ip2str1:IP2STR,print1:PRINTFLOW,sys1:SYSLOG' Jun 02 08:47:23.581079 osdx ulogd[122414]: NFCT plugin working in event mode Jun 02 08:47:23.581147 osdx ulogd[122414]: Changing UID / GID Jun 02 08:47:23.581383 osdx ulogd[122414]: initialization finished, entering main loop Jun 02 08:47:23.581780 osdx cfgd[1665]: [68589]Completed change to active configuration Jun 02 08:47:23.598571 osdx OSDxCLI[68589]: User 'admin' committed the configuration. Jun 02 08:47:23.617508 osdx OSDxCLI[68589]: User 'admin' left the configuration menu. Jun 02 08:47:24.433352 osdx ulogd[122414]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Jun 02 08:47:24.433370 osdx ulogd[122414]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Jun 02 08:47:24.517390 osdx ulogd[122414]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Jun 02 08:47:24.517409 osdx ulogd[122414]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Jun 02 08:47:25.542496 osdx ulogd[122414]: [DESTROY] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 APPDETECT[L3:1] Jun 02 08:47:25.542527 osdx ulogd[122414]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Jun 02 08:47:25.542551 osdx ulogd[122414]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Jun 02 08:47:26.543186 osdx ulogd[122414]: [DESTROY] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 APPDETECT[L3:1] Jun 02 08:47:26.543209 osdx ulogd[122414]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Jun 02 08:47:26.543221 osdx ulogd[122414]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Jun 02 08:47:26.657275 osdx OSDxCLI[68589]: User 'admin' executed a new command: 'system journal show | cat'.
Step 7: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
ulogd\[.*\]:.*\[DESTROY\].*APPDETECT\[L3:1\]Show output
Jun 02 08:47:22.000169 osdx systemd-timedated[115866]: Changed local time to Tue 2026-06-02 08:47:22 UTC Jun 02 08:47:22.001764 osdx systemd-journald[1972]: Time jumped backwards, rotating. Jun 02 08:47:22.001778 osdx OSDxCLI[68589]: User 'admin' executed a new command: 'set date 2026-06-02 08:47:22'. Jun 02 08:47:22.322716 osdx sudo[122263]: pam_limits(sudo:session): invalid line '@200:215 hard maxlogins ' - skipped Jun 02 08:47:22.327046 osdx systemd-journald[1972]: Runtime Journal (/run/log/journal/a0363f0a73514b24b35c4ba7ae73dc6e) is 1.8M, max 13.8M, 11.9M free. Jun 02 08:47:22.329797 osdx systemd-journald[1972]: Received client request to rotate journal, rotating. Jun 02 08:47:22.329873 osdx systemd-journald[1972]: Vacuuming done, freed 0B of archived journals from /run/log/journal/a0363f0a73514b24b35c4ba7ae73dc6e. Jun 02 08:47:22.331673 osdx sudo[122262]: pam_limits(sudo:session): invalid line '@200:215 hard maxlogins ' - skipped Jun 02 08:47:22.337700 osdx OSDxCLI[68589]: User 'admin' executed a new command: 'system journal clear'. Jun 02 08:47:22.562913 osdx OSDxCLI[68589]: User 'admin' executed a new command: 'system coredump delete all'. Jun 02 08:47:22.784033 osdx OSDxCLI[68589]: User 'admin' entered the configuration menu. Jun 02 08:47:22.843160 osdx OSDxCLI[68589]: User 'admin' added a new cfg line: 'set system conntrack app-detect'. Jun 02 08:47:22.940373 osdx OSDxCLI[68589]: User 'admin' added a new cfg line: 'set system conntrack timeout icmp 1'. Jun 02 08:47:23.020788 osdx OSDxCLI[68589]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 192.168.100.1/24'. Jun 02 08:47:23.122470 osdx OSDxCLI[68589]: User 'admin' added a new cfg line: 'set system conntrack logging events all'. Jun 02 08:47:23.203660 osdx OSDxCLI[68589]: User 'admin' added a new cfg line: 'show working'. Jun 02 08:47:23.298978 osdx ubnt-cfgd[122291]: inactive Jun 02 08:47:23.319216 osdx INFO[122299]: FRR daemons did not change Jun 02 08:47:23.453767 osdx kernel: app-detect: module init Jun 02 08:47:23.453821 osdx kernel: app-detect: registered: sysctl net.appdetect Jun 02 08:47:23.453833 osdx kernel: app-detect: expression init Jun 02 08:47:23.453841 osdx kernel: app-detect: appid cache initialized Jun 02 08:47:23.453849 osdx kernel: app-detect: appid cache changes counter initialized Jun 02 08:47:23.459700 osdx modulelauncher[122302]: AppDetect: no change in application dictionaries, thus nothing more to do Jun 02 08:47:23.489770 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Jun 02 08:47:23.546432 osdx sudo[122411]: pam_limits(sudo:session): invalid line '@200:215 hard maxlogins ' - skipped Jun 02 08:47:23.578146 osdx systemd[1]: Starting ulogd2.service - Netfilter Userspace Logging Daemon... Jun 02 08:47:23.579025 osdx systemd[1]: Started ulogd2.service - Netfilter Userspace Logging Daemon. Jun 02 08:47:23.579994 osdx ulogd[122414]: registering plugin `NFCT' Jun 02 08:47:23.580508 osdx ulogd[122414]: registering plugin `IP2STR' Jun 02 08:47:23.580677 osdx ulogd[122414]: registering plugin `PRINTFLOW' Jun 02 08:47:23.580854 osdx ulogd[122414]: registering plugin `SYSLOG' Jun 02 08:47:23.580931 osdx ulogd[122414]: building new pluginstance stack: 'ct1:NFCT,ip2str1:IP2STR,print1:PRINTFLOW,sys1:SYSLOG' Jun 02 08:47:23.581079 osdx ulogd[122414]: NFCT plugin working in event mode Jun 02 08:47:23.581147 osdx ulogd[122414]: Changing UID / GID Jun 02 08:47:23.581383 osdx ulogd[122414]: initialization finished, entering main loop Jun 02 08:47:23.581780 osdx cfgd[1665]: [68589]Completed change to active configuration Jun 02 08:47:23.598571 osdx OSDxCLI[68589]: User 'admin' committed the configuration. Jun 02 08:47:23.617508 osdx OSDxCLI[68589]: User 'admin' left the configuration menu. Jun 02 08:47:24.433352 osdx ulogd[122414]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Jun 02 08:47:24.433370 osdx ulogd[122414]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Jun 02 08:47:24.517390 osdx ulogd[122414]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Jun 02 08:47:24.517409 osdx ulogd[122414]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Jun 02 08:47:25.542496 osdx ulogd[122414]: [DESTROY] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 APPDETECT[L3:1] Jun 02 08:47:25.542527 osdx ulogd[122414]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Jun 02 08:47:25.542551 osdx ulogd[122414]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Jun 02 08:47:26.543186 osdx ulogd[122414]: [DESTROY] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 APPDETECT[L3:1] Jun 02 08:47:26.543209 osdx ulogd[122414]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Jun 02 08:47:26.543221 osdx ulogd[122414]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Jun 02 08:47:26.657275 osdx OSDxCLI[68589]: User 'admin' executed a new command: 'system journal show | cat'. Jun 02 08:47:26.780038 osdx OSDxCLI[68589]: User 'admin' executed a new command: 'system journal show | cat'.
Step 8: Modify the following configuration lines in DUT0 :
set interfaces ethernet eth1 address 10.215.168.64/24 set system conntrack app-detect http-host
Step 9: Ping IP address 10.215.168.1 from DUT0:
admin@DUT0$ ping 10.215.168.1 count 1 size 56 timeout 1Show output
PING 10.215.168.1 (10.215.168.1) 56(84) bytes of data. 64 bytes from 10.215.168.1: icmp_seq=1 ttl=64 time=0.312 ms --- 10.215.168.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.312/0.312/0.312/0.000 ms
Step 10: Run command file copy http://10.215.168.1/~robot/ running://index.html at DUT0 and expect this output:
Show output
% Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 100 972 0 972 0 0 173k 0 --:--:-- --:--:-- --:--:-- 189k
Step 11: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
ulogd\[.*\]:.*\[((NEW)|(UPDATE)|(DESTROY))\].*APPDETECT\[L4:80 http-host:10.215.168.1\]Show output
Jun 02 08:47:22.000169 osdx systemd-timedated[115866]: Changed local time to Tue 2026-06-02 08:47:22 UTC Jun 02 08:47:22.001764 osdx systemd-journald[1972]: Time jumped backwards, rotating. Jun 02 08:47:22.001778 osdx OSDxCLI[68589]: User 'admin' executed a new command: 'set date 2026-06-02 08:47:22'. Jun 02 08:47:22.322716 osdx sudo[122263]: pam_limits(sudo:session): invalid line '@200:215 hard maxlogins ' - skipped Jun 02 08:47:22.327046 osdx systemd-journald[1972]: Runtime Journal (/run/log/journal/a0363f0a73514b24b35c4ba7ae73dc6e) is 1.8M, max 13.8M, 11.9M free. Jun 02 08:47:22.329797 osdx systemd-journald[1972]: Received client request to rotate journal, rotating. Jun 02 08:47:22.329873 osdx systemd-journald[1972]: Vacuuming done, freed 0B of archived journals from /run/log/journal/a0363f0a73514b24b35c4ba7ae73dc6e. Jun 02 08:47:22.331673 osdx sudo[122262]: pam_limits(sudo:session): invalid line '@200:215 hard maxlogins ' - skipped Jun 02 08:47:22.337700 osdx OSDxCLI[68589]: User 'admin' executed a new command: 'system journal clear'. Jun 02 08:47:22.562913 osdx OSDxCLI[68589]: User 'admin' executed a new command: 'system coredump delete all'. Jun 02 08:47:22.784033 osdx OSDxCLI[68589]: User 'admin' entered the configuration menu. Jun 02 08:47:22.843160 osdx OSDxCLI[68589]: User 'admin' added a new cfg line: 'set system conntrack app-detect'. Jun 02 08:47:22.940373 osdx OSDxCLI[68589]: User 'admin' added a new cfg line: 'set system conntrack timeout icmp 1'. Jun 02 08:47:23.020788 osdx OSDxCLI[68589]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 192.168.100.1/24'. Jun 02 08:47:23.122470 osdx OSDxCLI[68589]: User 'admin' added a new cfg line: 'set system conntrack logging events all'. Jun 02 08:47:23.203660 osdx OSDxCLI[68589]: User 'admin' added a new cfg line: 'show working'. Jun 02 08:47:23.298978 osdx ubnt-cfgd[122291]: inactive Jun 02 08:47:23.319216 osdx INFO[122299]: FRR daemons did not change Jun 02 08:47:23.453767 osdx kernel: app-detect: module init Jun 02 08:47:23.453821 osdx kernel: app-detect: registered: sysctl net.appdetect Jun 02 08:47:23.453833 osdx kernel: app-detect: expression init Jun 02 08:47:23.453841 osdx kernel: app-detect: appid cache initialized Jun 02 08:47:23.453849 osdx kernel: app-detect: appid cache changes counter initialized Jun 02 08:47:23.459700 osdx modulelauncher[122302]: AppDetect: no change in application dictionaries, thus nothing more to do Jun 02 08:47:23.489770 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Jun 02 08:47:23.546432 osdx sudo[122411]: pam_limits(sudo:session): invalid line '@200:215 hard maxlogins ' - skipped Jun 02 08:47:23.578146 osdx systemd[1]: Starting ulogd2.service - Netfilter Userspace Logging Daemon... Jun 02 08:47:23.579025 osdx systemd[1]: Started ulogd2.service - Netfilter Userspace Logging Daemon. Jun 02 08:47:23.579994 osdx ulogd[122414]: registering plugin `NFCT' Jun 02 08:47:23.580508 osdx ulogd[122414]: registering plugin `IP2STR' Jun 02 08:47:23.580677 osdx ulogd[122414]: registering plugin `PRINTFLOW' Jun 02 08:47:23.580854 osdx ulogd[122414]: registering plugin `SYSLOG' Jun 02 08:47:23.580931 osdx ulogd[122414]: building new pluginstance stack: 'ct1:NFCT,ip2str1:IP2STR,print1:PRINTFLOW,sys1:SYSLOG' Jun 02 08:47:23.581079 osdx ulogd[122414]: NFCT plugin working in event mode Jun 02 08:47:23.581147 osdx ulogd[122414]: Changing UID / GID Jun 02 08:47:23.581383 osdx ulogd[122414]: initialization finished, entering main loop Jun 02 08:47:23.581780 osdx cfgd[1665]: [68589]Completed change to active configuration Jun 02 08:47:23.598571 osdx OSDxCLI[68589]: User 'admin' committed the configuration. Jun 02 08:47:23.617508 osdx OSDxCLI[68589]: User 'admin' left the configuration menu. Jun 02 08:47:24.433352 osdx ulogd[122414]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Jun 02 08:47:24.433370 osdx ulogd[122414]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Jun 02 08:47:24.517390 osdx ulogd[122414]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Jun 02 08:47:24.517409 osdx ulogd[122414]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Jun 02 08:47:25.542496 osdx ulogd[122414]: [DESTROY] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 APPDETECT[L3:1] Jun 02 08:47:25.542527 osdx ulogd[122414]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Jun 02 08:47:25.542551 osdx ulogd[122414]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Jun 02 08:47:26.543186 osdx ulogd[122414]: [DESTROY] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 APPDETECT[L3:1] Jun 02 08:47:26.543209 osdx ulogd[122414]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Jun 02 08:47:26.543221 osdx ulogd[122414]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Jun 02 08:47:26.657275 osdx OSDxCLI[68589]: User 'admin' executed a new command: 'system journal show | cat'. Jun 02 08:47:26.780038 osdx OSDxCLI[68589]: User 'admin' executed a new command: 'system journal show | cat'. Jun 02 08:47:26.899530 osdx OSDxCLI[68589]: User 'admin' executed a new command: 'system journal show | cat'. Jun 02 08:47:27.239281 osdx OSDxCLI[68589]: User 'admin' entered the configuration menu. Jun 02 08:47:27.364888 osdx OSDxCLI[68589]: User 'admin' added a new cfg line: 'set interfaces ethernet eth1 address 10.215.168.64/24'. Jun 02 08:47:27.422946 osdx OSDxCLI[68589]: User 'admin' added a new cfg line: 'set system conntrack app-detect http-host'. Jun 02 08:47:27.528996 osdx OSDxCLI[68589]: User 'admin' added a new cfg line: 'show changes'. Jun 02 08:47:27.604372 osdx ubnt-cfgd[122467]: inactive Jun 02 08:47:27.633538 osdx INFO[122475]: FRR daemons did not change Jun 02 08:47:27.661778 osdx kernel: app-detect: expression destroy Jun 02 08:47:27.673772 osdx kernel: app-detect: expression init Jun 02 08:47:27.673821 osdx kernel: app-detect: appid cache initialized Jun 02 08:47:27.673830 osdx kernel: app-detect: appid cache changes counter initialized Jun 02 08:47:27.676467 osdx modulelauncher[122478]: AppDetect: no change in application dictionaries, thus nothing more to do Jun 02 08:47:27.713764 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth1 Jun 02 08:47:27.768047 osdx cfgd[1665]: [68589]Completed change to active configuration Jun 02 08:47:27.779274 osdx ulogd[122414]: [DESTROY] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 APPDETECT[L3:1] Jun 02 08:47:27.779301 osdx ulogd[122414]: [DESTROY] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 APPDETECT[L3:1] Jun 02 08:47:27.779892 osdx OSDxCLI[68589]: User 'admin' committed the configuration. Jun 02 08:47:27.809429 osdx OSDxCLI[68589]: User 'admin' left the configuration menu. Jun 02 08:47:27.992890 osdx ulogd[122414]: [NEW] ORIG: SRC=10.215.168.64 DST=10.215.168.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=10.215.168.1 DST=10.215.168.64 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Jun 02 08:47:27.993166 osdx ulogd[122414]: [UPDATE] ORIG: SRC=10.215.168.64 DST=10.215.168.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=10.215.168.1 DST=10.215.168.64 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Jun 02 08:47:27.994817 osdx OSDxCLI[68589]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'. Jun 02 08:47:28.065625 osdx sudo[122604]: pam_limits(sudo:session): invalid line '@200:215 hard maxlogins ' - skipped Jun 02 08:47:28.133583 osdx file_operation[122607]: using src url: http://10.215.168.1/~robot/ dst url: running://index.html Jun 02 08:47:28.138941 osdx ulogd[122414]: [NEW] ORIG: SRC=10.215.168.64 DST=10.215.168.1 PROTO=TCP SPT=53478 DPT=80 PKTS=0 BYTES=0 , REPLY: SRC=10.215.168.1 DST=10.215.168.64 PROTO=TCP SPT=80 DPT=53478 PKTS=0 BYTES=0 APPDETECT[L4:80] Jun 02 08:47:28.139086 osdx ulogd[122414]: [UPDATE] ORIG: SRC=10.215.168.64 DST=10.215.168.1 PROTO=TCP SPT=53478 DPT=80 PKTS=0 BYTES=0 , REPLY: SRC=10.215.168.1 DST=10.215.168.64 PROTO=TCP SPT=80 DPT=53478 PKTS=0 BYTES=0 APPDETECT[L4:80] Jun 02 08:47:28.139101 osdx ulogd[122414]: [UPDATE] ORIG: SRC=10.215.168.64 DST=10.215.168.1 PROTO=TCP SPT=53478 DPT=80 PKTS=0 BYTES=0 , REPLY: SRC=10.215.168.1 DST=10.215.168.64 PROTO=TCP SPT=80 DPT=53478 PKTS=0 BYTES=0 APPDETECT[L4:80] Jun 02 08:47:28.140936 osdx ulogd[122414]: [UPDATE] ORIG: SRC=10.215.168.64 DST=10.215.168.1 PROTO=TCP SPT=53478 DPT=80 PKTS=0 BYTES=0 , REPLY: SRC=10.215.168.1 DST=10.215.168.64 PROTO=TCP SPT=80 DPT=53478 PKTS=0 BYTES=0 APPDETECT[L4:80 http-host:10.215.168.1] Jun 02 08:47:28.141183 osdx ulogd[122414]: [UPDATE] ORIG: SRC=10.215.168.64 DST=10.215.168.1 PROTO=TCP SPT=53478 DPT=80 PKTS=0 BYTES=0 , REPLY: SRC=10.215.168.1 DST=10.215.168.64 PROTO=TCP SPT=80 DPT=53478 PKTS=0 BYTES=0 APPDETECT[L4:80 http-host:10.215.168.1] Jun 02 08:47:28.141222 osdx ulogd[122414]: [UPDATE] ORIG: SRC=10.215.168.64 DST=10.215.168.1 PROTO=TCP SPT=53478 DPT=80 PKTS=0 BYTES=0 , REPLY: SRC=10.215.168.1 DST=10.215.168.64 PROTO=TCP SPT=80 DPT=53478 PKTS=0 BYTES=0 APPDETECT[L4:80 http-host:10.215.168.1] Jun 02 08:47:28.160607 osdx sudo[122614]: pam_limits(sudo:session): invalid line '@200:215 hard maxlogins ' - skipped Jun 02 08:47:28.162925 osdx OSDxCLI[68589]: User 'admin' executed a new command: 'file copy http://10.215.168.1/~robot/ running://index.html'.
App Detect Drop Packet
Description
Set a traffic policy with action drop for all the packets matching an appid specified by a traffic selector.
Enable http-host and http-url option in system conntrack appdetect path in order to see relevant information about http packets.
Finnally, log that packets with app-id option and check that appdetect field appear in journal when
running system journal show
Scenario
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth1 address 10.215.168.64/24 set interfaces ethernet eth1 traffic policy out DROP set system conntrack app-detect dictionary 130 custom app-id 155 fqdn 10.215.168.1 set system conntrack app-detect enable_dict_match_priv_ip set system conntrack app-detect http-host set system conntrack app-detect http-url set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0' set traffic policy DROP rule 1 action drop set traffic policy DROP rule 1 log app-id set traffic policy DROP rule 1 selector APPID set traffic selector APPID rule 1 app-id custom 155
Step 2: Ping IP address 10.215.168.1 from DUT0:
admin@DUT0$ ping 10.215.168.1 count 1 size 56 timeout 1Show output
PING 10.215.168.1 (10.215.168.1) 56(84) bytes of data. 64 bytes from 10.215.168.1: icmp_seq=1 ttl=64 time=0.204 ms --- 10.215.168.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.204/0.204/0.204/0.000 ms
Step 3: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
osdx kernel:.*APPDETECT\[U:155 http-url:/~robot/ http-host:10.215.168.1\]Show output
Jun 02 08:47:33.317785 osdx systemd-journald[1972]: Runtime Journal (/run/log/journal/a0363f0a73514b24b35c4ba7ae73dc6e) is 1.9M, max 13.8M, 11.8M free. Jun 02 08:47:33.318963 osdx systemd-journald[1972]: Received client request to rotate journal, rotating. Jun 02 08:47:33.319013 osdx systemd-journald[1972]: Vacuuming done, freed 0B of archived journals from /run/log/journal/a0363f0a73514b24b35c4ba7ae73dc6e. Jun 02 08:47:33.322819 osdx sudo[122792]: pam_limits(sudo:session): invalid line '@200:215 hard maxlogins ' - skipped Jun 02 08:47:33.331632 osdx OSDxCLI[68589]: User 'admin' executed a new command: 'system journal clear'. Jun 02 08:47:33.574821 osdx OSDxCLI[68589]: User 'admin' executed a new command: 'system coredump delete all'. Jun 02 08:47:33.805418 osdx OSDxCLI[68589]: User 'admin' entered the configuration menu. Jun 02 08:47:33.884120 osdx OSDxCLI[68589]: User 'admin' added a new cfg line: 'set system conntrack app-detect dictionary 130 custom app-id 155 fqdn 10.215.168.1'. Jun 02 08:47:33.972550 osdx OSDxCLI[68589]: User 'admin' added a new cfg line: 'set system conntrack app-detect enable_dict_match_priv_ip'. Jun 02 08:47:34.029796 osdx OSDxCLI[68589]: User 'admin' added a new cfg line: 'set system conntrack app-detect http-url'. Jun 02 08:47:34.138632 osdx OSDxCLI[68589]: User 'admin' added a new cfg line: 'set traffic selector APPID rule 1 app-id custom 155'. Jun 02 08:47:34.205706 osdx OSDxCLI[68589]: User 'admin' added a new cfg line: 'set traffic policy DROP rule 1 selector APPID'. Jun 02 08:47:34.338759 osdx OSDxCLI[68589]: User 'admin' added a new cfg line: 'set traffic policy DROP rule 1 action drop'. Jun 02 08:47:34.415364 osdx OSDxCLI[68589]: User 'admin' added a new cfg line: 'set traffic policy DROP rule 1 log app-id'. Jun 02 08:47:34.544264 osdx OSDxCLI[68589]: User 'admin' added a new cfg line: 'set interfaces ethernet eth1 traffic policy out DROP'. Jun 02 08:47:34.598398 osdx OSDxCLI[68589]: User 'admin' added a new cfg line: 'set interfaces ethernet eth1 address 10.215.168.64/24'. Jun 02 08:47:34.709181 osdx OSDxCLI[68589]: User 'admin' added a new cfg line: 'set system conntrack app-detect http-host'. Jun 02 08:47:34.798832 osdx OSDxCLI[68589]: User 'admin' added a new cfg line: 'show working'. Jun 02 08:47:34.913216 osdx ubnt-cfgd[122827]: inactive Jun 02 08:47:34.954967 osdx INFO[122849]: FRR daemons did not change Jun 02 08:47:35.138956 osdx kernel: app-detect: module init Jun 02 08:47:35.139008 osdx kernel: app-detect: registered: sysctl net.appdetect Jun 02 08:47:35.139020 osdx kernel: app-detect: expression init Jun 02 08:47:35.139028 osdx kernel: app-detect: appid cache initialized Jun 02 08:47:35.139040 osdx kernel: app-detect: appid cache changes counter initialized Jun 02 08:47:35.156018 osdx sudo[122877]: pam_limits(sudo:session): invalid line '@200:215 hard maxlogins ' - skipped Jun 02 08:47:35.186959 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth1 Jun 02 08:47:35.432061 osdx cfgd[1665]: [68589]Completed change to active configuration Jun 02 08:47:35.443291 osdx OSDxCLI[68589]: User 'admin' committed the configuration. Jun 02 08:47:35.459220 osdx OSDxCLI[68589]: User 'admin' left the configuration menu. Jun 02 08:47:35.618105 osdx OSDxCLI[68589]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'. Jun 02 08:47:35.683191 osdx sudo[123015]: pam_limits(sudo:session): invalid line '@200:215 hard maxlogins ' - skipped Jun 02 08:47:35.751664 osdx file_operation[123018]: using src url: http://10.215.168.1/~robot/ dst url: running://index.html Jun 02 08:47:35.758958 osdx kernel: [DROP-1] DROP IN= OUT=eth1 SRC=10.215.168.64 DST=10.215.168.1 LEN=306 TOS=0x00 PREC=0x00 TTL=64 ID=57183 DF PROTO=TCP SPT=39090 DPT=80 WINDOW=502 RES=0x00 ACK PSH URGP=0 APPDETECT[U:155 http-url:/~robot/ http-host:10.215.168.1] Jun 02 08:47:35.966965 osdx kernel: [DROP-1] DROP IN= OUT=eth1 SRC=10.215.168.64 DST=10.215.168.1 LEN=306 TOS=0x00 PREC=0x00 TTL=64 ID=57184 DF PROTO=TCP SPT=39090 DPT=80 WINDOW=502 RES=0x00 ACK PSH URGP=0 APPDETECT[U:155 http-url:/~robot/ http-host:10.215.168.1] Jun 02 08:47:36.395026 osdx kernel: [DROP-1] DROP IN= OUT=eth1 SRC=10.215.168.64 DST=10.215.168.1 LEN=306 TOS=0x00 PREC=0x00 TTL=64 ID=57185 DF PROTO=TCP SPT=39090 DPT=80 WINDOW=502 RES=0x00 ACK PSH URGP=0 APPDETECT[U:155 http-url:/~robot/ http-host:10.215.168.1] Jun 02 08:47:37.226997 osdx kernel: [DROP-1] DROP IN= OUT=eth1 SRC=10.215.168.64 DST=10.215.168.1 LEN=306 TOS=0x00 PREC=0x00 TTL=64 ID=57186 DF PROTO=TCP SPT=39090 DPT=80 WINDOW=502 RES=0x00 ACK PSH URGP=0 APPDETECT[U:155 http-url:/~robot/ http-host:10.215.168.1] Jun 02 08:47:38.779150 osdx file_operation.py[123018]: Operation aborted by user. Jun 02 08:47:38.790960 osdx kernel: [DROP-1] DROP IN= OUT=eth1 SRC=10.215.168.64 DST=10.215.168.1 LEN=306 TOS=0x00 PREC=0x00 TTL=64 ID=57187 DF PROTO=TCP SPT=39090 DPT=80 WINDOW=502 RES=0x00 ACK PSH FIN URGP=0 APPDETECT[U:155 http-url:/~robot/ http-host:10.215.168.1] Jun 02 08:47:38.792321 osdx sudo[123023]: pam_limits(sudo:session): invalid line '@200:215 hard maxlogins ' - skipped Jun 02 08:47:38.794294 osdx OSDxCLI[68589]: User 'admin' executed a new command: 'file copy http://10.215.168.1/~robot/ running://index.html'. Jun 02 08:47:38.866958 osdx kernel: [DROP-1] DROP IN= OUT=eth1 SRC=10.215.168.64 DST=10.215.168.1 LEN=306 TOS=0x00 PREC=0x00 TTL=64 ID=57188 DF PROTO=TCP SPT=39090 DPT=80 WINDOW=502 RES=0x00 ACK PSH FIN URGP=0 APPDETECT[U:155 http-url:/~robot/ http-host:10.215.168.1]
Identity Values
Description
Conntrack identity is able to contain any printed character but not spaces
Scenario
Step 1: Run command configure at DUT0 and expect this output:
Step 2: Run command set system conntrack logging identity "he||o w@rld!" at DUT0 and check if output contains the following tokens:
Identity name must be 92 characters or less and must contain printable characters except those defined as part of the space character classShow output
Identity name must be 92 characters or less and must contain printable characters except those defined as part of the space character class Value validation failed CLI Error: Command error
Step 3: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 192.168.100.1/24 set system conntrack logging events all set system conntrack logging identity 'he||o-w@rld!' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 4: Set the following configuration in DUT1 :
set interfaces ethernet eth0 address 192.168.100.2/24 set protocols static route 0.0.0.0/0 next-hop 192.168.100.1 set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 5: Ping IP address 192.168.100.1 from DUT1:
admin@DUT1$ ping 192.168.100.1 count 1 size 56 timeout 1Show output
PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data. 64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.417 ms --- 192.168.100.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.417/0.417/0.417/0.000 ms
Step 6: Ping IP address 192.168.100.1 from DUT1:
admin@DUT1$ ping 192.168.100.1 count 1 size 56 timeout 1Show output
PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data. 64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.222 ms --- 192.168.100.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.222/0.222/0.222/0.000 ms
Step 7: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
he||o-w@rld!\[.*\]:.*\[((NEW)|(UPDATE)|(DESTROY))\].*SRC=192.168.100.2Show output
Jun 02 08:47:43.305086 osdx systemd-journald[1972]: Runtime Journal (/run/log/journal/a0363f0a73514b24b35c4ba7ae73dc6e) is 1.9M, max 13.8M, 11.8M free. Jun 02 08:47:43.308112 osdx systemd-journald[1972]: Received client request to rotate journal, rotating. Jun 02 08:47:43.308179 osdx systemd-journald[1972]: Vacuuming done, freed 0B of archived journals from /run/log/journal/a0363f0a73514b24b35c4ba7ae73dc6e. Jun 02 08:47:43.309680 osdx sudo[123178]: pam_limits(sudo:session): invalid line '@200:215 hard maxlogins ' - skipped Jun 02 08:47:43.315373 osdx OSDxCLI[68589]: User 'admin' executed a new command: 'system journal clear'. Jun 02 08:47:43.551917 osdx OSDxCLI[68589]: User 'admin' executed a new command: 'system coredump delete all'. Jun 02 08:47:43.917390 osdx OSDxCLI[68589]: User 'admin' entered the configuration menu. Jun 02 08:47:44.004055 osdx cfgd[1665]: [68589]Command output: Identity name must be 92 characters or less and must contain printable characters except those defined as part of the space character class Value validation failed Jun 02 08:47:44.004695 osdx OSDxCLI[68589]: User 'admin' entered an invalid command: 'set system conntrack logging identity "he||o w@rld!"'. Jun 02 08:47:44.052834 osdx OSDxCLI[68589]: User 'admin' left the configuration menu. Jun 02 08:47:44.245340 osdx OSDxCLI[68589]: User 'admin' entered the configuration menu. Jun 02 08:47:44.405535 osdx OSDxCLI[68589]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 192.168.100.1/24'. Jun 02 08:47:44.481619 osdx OSDxCLI[68589]: User 'admin' added a new cfg line: 'set system conntrack logging events all'. Jun 02 08:47:44.617421 osdx OSDxCLI[68589]: User 'admin' added a new cfg line: 'set system conntrack logging identity he||o-w@rld!'. Jun 02 08:47:44.697729 osdx OSDxCLI[68589]: User 'admin' added a new cfg line: 'show working'. Jun 02 08:47:44.805798 osdx ubnt-cfgd[123209]: inactive Jun 02 08:47:44.827850 osdx INFO[123217]: FRR daemons did not change Jun 02 08:47:44.864103 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Jun 02 08:47:44.924420 osdx sudo[123307]: pam_limits(sudo:session): invalid line '@200:215 hard maxlogins ' - skipped Jun 02 08:47:44.973019 osdx systemd[1]: Starting ulogd2.service - Netfilter Userspace Logging Daemon... Jun 02 08:47:44.975294 osdx systemd[1]: Started ulogd2.service - Netfilter Userspace Logging Daemon. Jun 02 08:47:44.975756 osdx ulogd[123310]: registering plugin `NFCT' Jun 02 08:47:44.975810 osdx ulogd[123310]: registering plugin `IP2STR' Jun 02 08:47:44.975858 osdx ulogd[123310]: registering plugin `PRINTFLOW' Jun 02 08:47:44.975911 osdx ulogd[123310]: registering plugin `SYSLOG' Jun 02 08:47:44.975915 osdx ulogd[123310]: building new pluginstance stack: 'ct1:NFCT,ip2str1:IP2STR,print1:PRINTFLOW,sys1:SYSLOG' Jun 02 08:47:44.975970 osdx ulogd[123310]: NFCT plugin working in event mode Jun 02 08:47:44.975978 osdx he||o-w@rld![123310]: Changing UID / GID Jun 02 08:47:44.976054 osdx he||o-w@rld![123310]: initialization finished, entering main loop Jun 02 08:47:44.976944 osdx cfgd[1665]: [68589]Completed change to active configuration Jun 02 08:47:44.989735 osdx OSDxCLI[68589]: User 'admin' committed the configuration. Jun 02 08:47:45.015636 osdx OSDxCLI[68589]: User 'admin' left the configuration menu. Jun 02 08:47:45.887587 osdx he||o-w@rld![123310]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 Jun 02 08:47:45.887611 osdx he||o-w@rld![123310]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 Jun 02 08:47:45.994317 osdx he||o-w@rld![123310]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 Jun 02 08:47:45.994338 osdx he||o-w@rld![123310]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0