Logging
The following scenarios show how to configure the conntrack logging option with different traffic policies and services enabled, in order to check that all fields are displayed correctly and all events are captured.
New events
Description
Check NEW sessions events are captured
Scenario
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 192.168.100.1/24 set system conntrack logging events new set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 2: Set the following configuration in DUT1 :
set interfaces ethernet eth0 address 192.168.100.2/24 set protocols static route 0.0.0.0/0 next-hop 192.168.100.1 set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 3: Ping IP address 192.168.100.1 from DUT1:
admin@DUT1$ ping 192.168.100.1 count 1 size 56 timeout 1Show output
PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data. 64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.769 ms --- 192.168.100.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.769/0.769/0.769/0.000 ms
Step 4: Ping IP address 192.168.100.1 from DUT1:
admin@DUT1$ ping 192.168.100.1 count 1 size 56 timeout 1Show output
PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data. 64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.503 ms --- 192.168.100.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.503/0.503/0.503/0.000 ms
Step 5: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
ulogd\[.*\]:.*\[NEW\].*SRC=192.168.100.2Show output
Jul 28 10:27:14.430437 osdx systemd-journald[340421]: Runtime Journal (/run/log/journal/a46937b51a3a4c469575696f63c9d620) is 568.0K, max 15.3M, 14.7M free. Jul 28 10:27:14.432360 osdx systemd-journald[340421]: Received client request to rotate journal, rotating. Jul 28 10:27:14.432447 osdx systemd-journald[340421]: Vacuuming done, freed 0B of archived journals from /run/log/journal/a46937b51a3a4c469575696f63c9d620. Jul 28 10:27:14.452950 osdx OSDxCLI[340267]: User 'admin' executed a new command: 'system journal clear'. Jul 28 10:27:15.016286 osdx OSDxCLI[340267]: User 'admin' executed a new command: 'system coredump delete all'. Jul 28 10:27:15.580023 osdx OSDxCLI[340267]: User 'admin' entered the configuration menu. Jul 28 10:27:15.804329 osdx OSDxCLI[340267]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 192.168.100.1/24'. Jul 28 10:27:15.965505 osdx OSDxCLI[340267]: User 'admin' added a new cfg line: 'set system conntrack logging events new'. Jul 28 10:27:16.175827 osdx OSDxCLI[340267]: User 'admin' added a new cfg line: 'show working'. Jul 28 10:27:16.336525 osdx ubnt-cfgd[340461]: inactive Jul 28 10:27:16.402953 osdx INFO[340469]: FRR daemons did not change Jul 28 10:27:16.456552 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Jul 28 10:27:16.607011 osdx systemd[1]: Starting ulogd2.service - Netfilter Userspace Logging Daemon... Jul 28 10:27:16.610212 osdx systemd[1]: ulogd2.service: Failed to parse PID from file /run/ulog/ulogd.pid: Invalid argument Jul 28 10:27:16.615158 osdx ulogd[340560]: registering plugin `NFCT' Jul 28 10:27:16.616380 osdx ulogd[340560]: registering plugin `IP2STR' Jul 28 10:27:16.616533 osdx ulogd[340560]: registering plugin `PRINTFLOW' Jul 28 10:27:16.616584 osdx systemd[1]: Started ulogd2.service - Netfilter Userspace Logging Daemon. Jul 28 10:27:16.619179 osdx cfgd[1473]: [340267]Completed change to active configuration Jul 28 10:27:16.619992 osdx ulogd[340560]: registering plugin `SYSLOG' Jul 28 10:27:16.623199 osdx ulogd[340560]: building new pluginstance stack: 'ct1:NFCT,ip2str1:IP2STR,print1:PRINTFLOW,sys1:SYSLOG' Jul 28 10:27:16.623329 osdx ulogd[340560]: NFCT plugin working in event mode Jul 28 10:27:16.623352 osdx ulogd[340560]: Changing UID / GID Jul 28 10:27:16.623505 osdx ulogd[340560]: initialization finished, entering main loop Jul 28 10:27:16.648690 osdx OSDxCLI[340267]: User 'admin' committed the configuration. Jul 28 10:27:16.687847 osdx OSDxCLI[340267]: User 'admin' left the configuration menu. Jul 28 10:27:18.220894 osdx ulogd[340560]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 Jul 28 10:27:18.395602 osdx ulogd[340560]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0
Update events
Description
Check UPDATE sessions events are captured
Scenario
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 192.168.100.1/24 set system conntrack logging events update set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 2: Set the following configuration in DUT1 :
set interfaces ethernet eth0 address 192.168.100.2/24 set protocols static route 0.0.0.0/0 next-hop 192.168.100.1 set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 3: Ping IP address 192.168.100.1 from DUT1:
admin@DUT1$ ping 192.168.100.1 count 1 size 56 timeout 1Show output
PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data. 64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=3.44 ms --- 192.168.100.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 3.441/3.441/3.441/0.000 ms
Step 4: Ping IP address 192.168.100.1 from DUT1:
admin@DUT1$ ping 192.168.100.1 count 1 size 56 timeout 1Show output
PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data. 64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=1.09 ms --- 192.168.100.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 1.088/1.088/1.088/0.000 ms
Step 5: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
ulogd\[.*\]:.*\[UPDATE\].*SRC=192.168.100.2Show output
Jul 28 10:27:29.508339 osdx systemd-journald[340421]: Runtime Journal (/run/log/journal/a46937b51a3a4c469575696f63c9d620) is 2.0M, max 15.3M, 13.2M free. Jul 28 10:27:29.511387 osdx systemd-journald[340421]: Received client request to rotate journal, rotating. Jul 28 10:27:29.511487 osdx systemd-journald[340421]: Vacuuming done, freed 0B of archived journals from /run/log/journal/a46937b51a3a4c469575696f63c9d620. Jul 28 10:27:29.539561 osdx OSDxCLI[340267]: User 'admin' executed a new command: 'system journal clear'. Jul 28 10:27:30.118624 osdx OSDxCLI[340267]: User 'admin' executed a new command: 'system coredump delete all'. Jul 28 10:27:30.742696 osdx OSDxCLI[340267]: User 'admin' entered the configuration menu. Jul 28 10:27:30.948990 osdx OSDxCLI[340267]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 192.168.100.1/24'. Jul 28 10:27:31.091000 osdx OSDxCLI[340267]: User 'admin' added a new cfg line: 'set system conntrack logging events update'. Jul 28 10:27:31.307108 osdx OSDxCLI[340267]: User 'admin' added a new cfg line: 'show working'. Jul 28 10:27:31.507177 osdx ubnt-cfgd[340741]: inactive Jul 28 10:27:31.579111 osdx INFO[340749]: FRR daemons did not change Jul 28 10:27:31.651946 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Jul 28 10:27:32.632676 osdx systemd[1]: Starting ulogd2.service - Netfilter Userspace Logging Daemon... Jul 28 10:27:32.634381 osdx systemd[1]: ulogd2.service: Failed to parse PID from file /run/ulog/ulogd.pid: Invalid argument Jul 28 10:27:32.635815 osdx ulogd[340840]: registering plugin `NFCT' Jul 28 10:27:32.636174 osdx ulogd[340840]: registering plugin `IP2STR' Jul 28 10:27:32.636325 osdx ulogd[340840]: registering plugin `PRINTFLOW' Jul 28 10:27:32.636478 osdx ulogd[340840]: registering plugin `SYSLOG' Jul 28 10:27:32.636559 osdx ulogd[340840]: building new pluginstance stack: 'ct1:NFCT,ip2str1:IP2STR,print1:PRINTFLOW,sys1:SYSLOG' Jul 28 10:27:32.636696 osdx ulogd[340840]: NFCT plugin working in event mode Jul 28 10:27:32.636767 osdx ulogd[340840]: Changing UID / GID Jul 28 10:27:32.636936 osdx ulogd[340840]: initialization finished, entering main loop Jul 28 10:27:32.651508 osdx systemd[1]: Started ulogd2.service - Netfilter Userspace Logging Daemon. Jul 28 10:27:32.656139 osdx cfgd[1473]: [340267]Completed change to active configuration Jul 28 10:27:32.684322 osdx OSDxCLI[340267]: User 'admin' committed the configuration. Jul 28 10:27:32.726575 osdx OSDxCLI[340267]: User 'admin' left the configuration menu. Jul 28 10:27:34.350354 osdx ulogd[340840]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 Jul 28 10:27:34.494139 osdx ulogd[340840]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0
Destroy events
Description
Check DESTROY sessions events are captured
Scenario
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 192.168.100.1/24 set service ssh set system conntrack logging events destroy set system conntrack timeout icmp 1 set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 2: Set the following configuration in DUT1 :
set interfaces ethernet eth0 address 192.168.100.2/24 set protocols static route 0.0.0.0/0 next-hop 192.168.100.1 set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 3: Ping IP address 192.168.100.1 from DUT1:
admin@DUT1$ ping 192.168.100.1 count 1 size 56 timeout 1Show output
PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data. 64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.656 ms --- 192.168.100.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.656/0.656/0.656/0.000 ms
Step 4: Ping IP address 192.168.100.1 from DUT1:
admin@DUT1$ ping 192.168.100.1 count 3 size 56 timeout 1Show output
PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data. 64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.695 ms 64 bytes from 192.168.100.1: icmp_seq=2 ttl=64 time=0.315 ms 64 bytes from 192.168.100.1: icmp_seq=3 ttl=64 time=0.355 ms --- 192.168.100.1 ping statistics --- 3 packets transmitted, 3 received, 0% packet loss, time 2019ms rtt min/avg/max/mdev = 0.315/0.455/0.695/0.170 ms
Step 5: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
ulogd\[.*\]:.*\[DESTROY\].*SRC=192.168.100.2Show output
Jul 28 10:27:45.507260 osdx systemd-journald[340421]: Runtime Journal (/run/log/journal/a46937b51a3a4c469575696f63c9d620) is 2.0M, max 15.3M, 13.3M free. Jul 28 10:27:45.511412 osdx systemd-journald[340421]: Received client request to rotate journal, rotating. Jul 28 10:27:45.511525 osdx systemd-journald[340421]: Vacuuming done, freed 0B of archived journals from /run/log/journal/a46937b51a3a4c469575696f63c9d620. Jul 28 10:27:45.536152 osdx OSDxCLI[340267]: User 'admin' executed a new command: 'system journal clear'. Jul 28 10:27:45.986825 osdx OSDxCLI[340267]: User 'admin' executed a new command: 'system coredump delete all'. Jul 28 10:27:46.494942 osdx OSDxCLI[340267]: User 'admin' entered the configuration menu. Jul 28 10:27:46.671889 osdx OSDxCLI[340267]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 192.168.100.1/24'. Jul 28 10:27:46.810195 osdx OSDxCLI[340267]: User 'admin' added a new cfg line: 'set system conntrack logging events destroy'. Jul 28 10:27:46.929332 osdx OSDxCLI[340267]: User 'admin' added a new cfg line: 'set system conntrack timeout icmp 1'. Jul 28 10:27:47.067641 osdx OSDxCLI[340267]: User 'admin' added a new cfg line: 'set service ssh'. Jul 28 10:27:47.237477 osdx OSDxCLI[340267]: User 'admin' added a new cfg line: 'show working'. Jul 28 10:27:47.362007 osdx ubnt-cfgd[341023]: inactive Jul 28 10:27:47.669683 osdx INFO[341037]: FRR daemons did not change Jul 28 10:27:47.709469 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Jul 28 10:27:47.849841 osdx systemd[1]: Starting ulogd2.service - Netfilter Userspace Logging Daemon... Jul 28 10:27:47.851370 osdx systemd[1]: ulogd2.service: Failed to parse PID from file /run/ulog/ulogd.pid: Invalid argument Jul 28 10:27:47.853457 osdx systemd[1]: Started ulogd2.service - Netfilter Userspace Logging Daemon. Jul 28 10:27:47.853885 osdx ulogd[341130]: registering plugin `NFCT' Jul 28 10:27:47.854268 osdx ulogd[341130]: registering plugin `IP2STR' Jul 28 10:27:47.854426 osdx ulogd[341130]: registering plugin `PRINTFLOW' Jul 28 10:27:47.854577 osdx ulogd[341130]: registering plugin `SYSLOG' Jul 28 10:27:47.854644 osdx ulogd[341130]: building new pluginstance stack: 'ct1:NFCT,ip2str1:IP2STR,print1:PRINTFLOW,sys1:SYSLOG' Jul 28 10:27:47.854864 osdx ulogd[341130]: NFCT plugin working in event mode Jul 28 10:27:47.854958 osdx ulogd[341130]: Changing UID / GID Jul 28 10:27:47.855176 osdx ulogd[341130]: initialization finished, entering main loop Jul 28 10:27:47.962012 osdx systemd[1]: Starting ssh.service - OpenBSD Secure Shell server... Jul 28 10:27:47.983007 osdx sshd[341136]: Server listening on 0.0.0.0 port 22. Jul 28 10:27:47.983317 osdx sshd[341136]: Server listening on :: port 22. Jul 28 10:27:47.983491 osdx systemd[1]: Started ssh.service - OpenBSD Secure Shell server. Jul 28 10:27:48.023126 osdx cfgd[1473]: [340267]Completed change to active configuration Jul 28 10:27:48.039552 osdx OSDxCLI[340267]: User 'admin' committed the configuration. Jul 28 10:27:48.102627 osdx OSDxCLI[340267]: User 'admin' left the configuration menu. Jul 28 10:27:50.751025 osdx ulogd[341130]: [DESTROY] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 Jul 28 10:27:51.769422 osdx ulogd[341130]: [DESTROY] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84
Default logging
Description
Set a simple configuration, send a ping command from one device to other
and check that default fields appear when running system journal show.
Scenario
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 192.168.100.1/24 set system conntrack logging events all set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 2: Set the following configuration in DUT1 :
set interfaces ethernet eth0 address 192.168.100.2/24 set protocols static route 0.0.0.0/0 next-hop 192.168.100.1 set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 3: Ping IP address 192.168.100.1 from DUT1:
admin@DUT1$ ping 192.168.100.1 count 1 size 56 timeout 1Show output
PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data. 64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.635 ms --- 192.168.100.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.635/0.635/0.635/0.000 ms
Step 4: Ping IP address 192.168.100.1 from DUT1:
admin@DUT1$ ping 192.168.100.1 count 1 size 56 timeout 1Show output
PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data. 64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=4.40 ms --- 192.168.100.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 4.398/4.398/4.398/0.000 ms
Step 5: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
ulogd\[.*\]:.*\[((NEW)|(UPDATE)|(DESTROY))\].*SRC=192.168.100.2Show output
Jul 28 10:28:04.517696 osdx systemd-journald[340421]: Runtime Journal (/run/log/journal/a46937b51a3a4c469575696f63c9d620) is 2.0M, max 15.3M, 13.3M free. Jul 28 10:28:04.518546 osdx systemd-journald[340421]: Received client request to rotate journal, rotating. Jul 28 10:28:04.518613 osdx systemd-journald[340421]: Vacuuming done, freed 0B of archived journals from /run/log/journal/a46937b51a3a4c469575696f63c9d620. Jul 28 10:28:04.547866 osdx OSDxCLI[340267]: User 'admin' executed a new command: 'system journal clear'. Jul 28 10:28:04.957870 osdx OSDxCLI[340267]: User 'admin' executed a new command: 'system coredump delete all'. Jul 28 10:28:05.523385 osdx OSDxCLI[340267]: User 'admin' entered the configuration menu. Jul 28 10:28:05.704997 osdx OSDxCLI[340267]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 192.168.100.1/24'. Jul 28 10:28:05.798245 osdx OSDxCLI[340267]: User 'admin' added a new cfg line: 'set system conntrack logging events all'. Jul 28 10:28:06.020134 osdx OSDxCLI[340267]: User 'admin' added a new cfg line: 'show working'. Jul 28 10:28:06.171211 osdx ubnt-cfgd[341345]: inactive Jul 28 10:28:06.227727 osdx INFO[341353]: FRR daemons did not change Jul 28 10:28:06.298493 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Jul 28 10:28:07.064258 osdx systemd[1]: Starting ulogd2.service - Netfilter Userspace Logging Daemon... Jul 28 10:28:07.065381 osdx systemd[1]: Started ulogd2.service - Netfilter Userspace Logging Daemon. Jul 28 10:28:07.065886 osdx ulogd[341444]: registering plugin `NFCT' Jul 28 10:28:07.066374 osdx ulogd[341444]: registering plugin `IP2STR' Jul 28 10:28:07.066532 osdx ulogd[341444]: registering plugin `PRINTFLOW' Jul 28 10:28:07.066680 osdx ulogd[341444]: registering plugin `SYSLOG' Jul 28 10:28:07.066747 osdx ulogd[341444]: building new pluginstance stack: 'ct1:NFCT,ip2str1:IP2STR,print1:PRINTFLOW,sys1:SYSLOG' Jul 28 10:28:07.066882 osdx ulogd[341444]: NFCT plugin working in event mode Jul 28 10:28:07.066955 osdx ulogd[341444]: Changing UID / GID Jul 28 10:28:07.067131 osdx ulogd[341444]: initialization finished, entering main loop Jul 28 10:28:07.068045 osdx cfgd[1473]: [340267]Completed change to active configuration Jul 28 10:28:07.090310 osdx OSDxCLI[340267]: User 'admin' committed the configuration. Jul 28 10:28:07.165039 osdx OSDxCLI[340267]: User 'admin' left the configuration menu. Jul 28 10:28:08.970244 osdx ulogd[341444]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 Jul 28 10:28:08.970286 osdx ulogd[341444]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 Jul 28 10:28:09.269050 osdx ulogd[341444]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 Jul 28 10:28:09.269214 osdx ulogd[341444]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0
Identity logging
Description
Set a simple configuration with identity OSDx_DUT0 for logs entries, send a ping command from one device to other
and check that the identity has changed when running system journal show.
Scenario
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 192.168.100.1/24 set system conntrack logging events all set system conntrack logging identity OSDx_DUT0 set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 2: Set the following configuration in DUT1 :
set interfaces ethernet eth0 address 192.168.100.2/24 set protocols static route 0.0.0.0/0 next-hop 192.168.100.1 set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 3: Ping IP address 192.168.100.1 from DUT1:
admin@DUT1$ ping 192.168.100.1 count 1 size 56 timeout 1Show output
PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data. 64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.600 ms --- 192.168.100.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.600/0.600/0.600/0.000 ms
Step 4: Ping IP address 192.168.100.1 from DUT1:
admin@DUT1$ ping 192.168.100.1 count 1 size 56 timeout 1Show output
PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data. 64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.485 ms --- 192.168.100.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.485/0.485/0.485/0.000 ms
Step 5: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
OSDx_DUT0\[.*\]:.*\[((NEW)|(UPDATE)|(DESTROY))\].*SRC=192.168.100.2Show output
Jul 28 10:28:21.513744 osdx systemd-journald[340421]: Runtime Journal (/run/log/journal/a46937b51a3a4c469575696f63c9d620) is 3.8M, max 15.3M, 11.5M free. Jul 28 10:28:21.516853 osdx systemd-journald[340421]: Received client request to rotate journal, rotating. Jul 28 10:28:21.516949 osdx systemd-journald[340421]: Vacuuming done, freed 0B of archived journals from /run/log/journal/a46937b51a3a4c469575696f63c9d620. Jul 28 10:28:21.540345 osdx OSDxCLI[340267]: User 'admin' executed a new command: 'system journal clear'. Jul 28 10:28:22.078565 osdx OSDxCLI[340267]: User 'admin' executed a new command: 'system coredump delete all'. Jul 28 10:28:22.646229 osdx OSDxCLI[340267]: User 'admin' entered the configuration menu. Jul 28 10:28:22.842413 osdx OSDxCLI[340267]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 192.168.100.1/24'. Jul 28 10:28:22.979669 osdx OSDxCLI[340267]: User 'admin' added a new cfg line: 'set system conntrack logging events all'. Jul 28 10:28:23.309391 osdx OSDxCLI[340267]: User 'admin' added a new cfg line: 'set system conntrack logging identity OSDx_DUT0'. Jul 28 10:28:23.442011 osdx OSDxCLI[340267]: User 'admin' added a new cfg line: 'show working'. Jul 28 10:28:23.549368 osdx ubnt-cfgd[341628]: inactive Jul 28 10:28:23.595168 osdx INFO[341636]: FRR daemons did not change Jul 28 10:28:23.640191 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Jul 28 10:28:23.761033 osdx systemd[1]: Starting ulogd2.service - Netfilter Userspace Logging Daemon... Jul 28 10:28:23.762140 osdx systemd[1]: Started ulogd2.service - Netfilter Userspace Logging Daemon. Jul 28 10:28:23.762407 osdx ulogd[341727]: registering plugin `NFCT' Jul 28 10:28:23.763647 osdx ulogd[341727]: registering plugin `IP2STR' Jul 28 10:28:23.763833 osdx ulogd[341727]: registering plugin `PRINTFLOW' Jul 28 10:28:23.764039 osdx ulogd[341727]: registering plugin `SYSLOG' Jul 28 10:28:23.764117 osdx ulogd[341727]: building new pluginstance stack: 'ct1:NFCT,ip2str1:IP2STR,print1:PRINTFLOW,sys1:SYSLOG' Jul 28 10:28:23.764139 osdx cfgd[1473]: [340267]Completed change to active configuration Jul 28 10:28:23.764500 osdx ulogd[341727]: NFCT plugin working in event mode Jul 28 10:28:23.764651 osdx OSDx_DUT0[341727]: Changing UID / GID Jul 28 10:28:23.764854 osdx OSDx_DUT0[341727]: initialization finished, entering main loop Jul 28 10:28:23.782383 osdx OSDxCLI[340267]: User 'admin' committed the configuration. Jul 28 10:28:23.814699 osdx OSDxCLI[340267]: User 'admin' left the configuration menu. Jul 28 10:28:25.290907 osdx OSDx_DUT0[341727]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 Jul 28 10:28:25.290951 osdx OSDx_DUT0[341727]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 Jul 28 10:28:25.492503 osdx OSDx_DUT0[341727]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 Jul 28 10:28:25.492563 osdx OSDx_DUT0[341727]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0
Note
If the identity is not provided, “ulogd” will be used by default.
Step 6: Modify the following configuration lines in DUT0 :
delete system conntrack logging identity
Step 7: Ping IP address 192.168.100.1 from DUT1:
admin@DUT1$ ping 192.168.100.1 count 1 size 56 timeout 1Show output
PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data. 64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.767 ms --- 192.168.100.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.767/0.767/0.767/0.000 ms
Step 8: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
ulogd\[.*\]:.*\[((NEW)|(UPDATE)|(DESTROY))\].*SRC=192.168.100.2Show output
Jul 28 10:28:21.513744 osdx systemd-journald[340421]: Runtime Journal (/run/log/journal/a46937b51a3a4c469575696f63c9d620) is 3.8M, max 15.3M, 11.5M free. Jul 28 10:28:21.516853 osdx systemd-journald[340421]: Received client request to rotate journal, rotating. Jul 28 10:28:21.516949 osdx systemd-journald[340421]: Vacuuming done, freed 0B of archived journals from /run/log/journal/a46937b51a3a4c469575696f63c9d620. Jul 28 10:28:21.540345 osdx OSDxCLI[340267]: User 'admin' executed a new command: 'system journal clear'. Jul 28 10:28:22.078565 osdx OSDxCLI[340267]: User 'admin' executed a new command: 'system coredump delete all'. Jul 28 10:28:22.646229 osdx OSDxCLI[340267]: User 'admin' entered the configuration menu. Jul 28 10:28:22.842413 osdx OSDxCLI[340267]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 192.168.100.1/24'. Jul 28 10:28:22.979669 osdx OSDxCLI[340267]: User 'admin' added a new cfg line: 'set system conntrack logging events all'. Jul 28 10:28:23.309391 osdx OSDxCLI[340267]: User 'admin' added a new cfg line: 'set system conntrack logging identity OSDx_DUT0'. Jul 28 10:28:23.442011 osdx OSDxCLI[340267]: User 'admin' added a new cfg line: 'show working'. Jul 28 10:28:23.549368 osdx ubnt-cfgd[341628]: inactive Jul 28 10:28:23.595168 osdx INFO[341636]: FRR daemons did not change Jul 28 10:28:23.640191 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Jul 28 10:28:23.761033 osdx systemd[1]: Starting ulogd2.service - Netfilter Userspace Logging Daemon... Jul 28 10:28:23.762140 osdx systemd[1]: Started ulogd2.service - Netfilter Userspace Logging Daemon. Jul 28 10:28:23.762407 osdx ulogd[341727]: registering plugin `NFCT' Jul 28 10:28:23.763647 osdx ulogd[341727]: registering plugin `IP2STR' Jul 28 10:28:23.763833 osdx ulogd[341727]: registering plugin `PRINTFLOW' Jul 28 10:28:23.764039 osdx ulogd[341727]: registering plugin `SYSLOG' Jul 28 10:28:23.764117 osdx ulogd[341727]: building new pluginstance stack: 'ct1:NFCT,ip2str1:IP2STR,print1:PRINTFLOW,sys1:SYSLOG' Jul 28 10:28:23.764139 osdx cfgd[1473]: [340267]Completed change to active configuration Jul 28 10:28:23.764500 osdx ulogd[341727]: NFCT plugin working in event mode Jul 28 10:28:23.764651 osdx OSDx_DUT0[341727]: Changing UID / GID Jul 28 10:28:23.764854 osdx OSDx_DUT0[341727]: initialization finished, entering main loop Jul 28 10:28:23.782383 osdx OSDxCLI[340267]: User 'admin' committed the configuration. Jul 28 10:28:23.814699 osdx OSDxCLI[340267]: User 'admin' left the configuration menu. Jul 28 10:28:25.290907 osdx OSDx_DUT0[341727]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 Jul 28 10:28:25.290951 osdx OSDx_DUT0[341727]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 Jul 28 10:28:25.492503 osdx OSDx_DUT0[341727]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 Jul 28 10:28:25.492563 osdx OSDx_DUT0[341727]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 Jul 28 10:28:25.689950 osdx OSDxCLI[340267]: User 'admin' executed a new command: 'system journal show | cat'. Jul 28 10:28:26.207292 osdx OSDxCLI[340267]: User 'admin' entered the configuration menu. Jul 28 10:28:26.386574 osdx OSDxCLI[340267]: User 'admin' added a new cfg line: 'delete system conntrack logging identity'. Jul 28 10:28:26.586002 osdx OSDxCLI[340267]: User 'admin' added a new cfg line: 'show changes'. Jul 28 10:28:26.775764 osdx ubnt-cfgd[341763]: inactive Jul 28 10:28:26.811698 osdx INFO[341769]: FRR daemons did not change Jul 28 10:28:26.834689 osdx systemd[1]: Stopping ulogd2.service - Netfilter Userspace Logging Daemon... Jul 28 10:28:26.835427 osdx OSDx_DUT0[341727]: Terminal signal received, exiting Jul 28 10:28:26.836410 osdx systemd[1]: ulogd2.service: Deactivated successfully. Jul 28 10:28:26.836605 osdx systemd[1]: Stopped ulogd2.service - Netfilter Userspace Logging Daemon. Jul 28 10:28:26.857075 osdx systemd[1]: Starting ulogd2.service - Netfilter Userspace Logging Daemon... Jul 28 10:28:26.858751 osdx systemd[1]: Started ulogd2.service - Netfilter Userspace Logging Daemon. Jul 28 10:28:26.859004 osdx ulogd[341777]: registering plugin `NFCT' Jul 28 10:28:26.859391 osdx ulogd[341777]: registering plugin `IP2STR' Jul 28 10:28:26.859572 osdx ulogd[341777]: registering plugin `PRINTFLOW' Jul 28 10:28:26.859760 osdx ulogd[341777]: registering plugin `SYSLOG' Jul 28 10:28:26.859830 osdx ulogd[341777]: building new pluginstance stack: 'ct1:NFCT,ip2str1:IP2STR,print1:PRINTFLOW,sys1:SYSLOG' Jul 28 10:28:26.860027 osdx ulogd[341777]: NFCT plugin working in event mode Jul 28 10:28:26.860104 osdx ulogd[341777]: Changing UID / GID Jul 28 10:28:26.860281 osdx ulogd[341777]: initialization finished, entering main loop Jul 28 10:28:26.862988 osdx cfgd[1473]: [340267]Completed change to active configuration Jul 28 10:28:26.866304 osdx ulogd[341777]: [DESTROY] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 Jul 28 10:28:26.866576 osdx ulogd[341777]: [DESTROY] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 Jul 28 10:28:26.867313 osdx OSDxCLI[340267]: User 'admin' committed the configuration. Jul 28 10:28:26.909689 osdx OSDxCLI[340267]: User 'admin' left the configuration menu. Jul 28 10:28:27.156075 osdx ulogd[341777]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 Jul 28 10:28:27.156114 osdx ulogd[341777]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0
Policies logging
Description
Set a simple configuration with mark and label traffic policies,
send a ping command from one device to other
and check that default, mark and label fields appear when running system journal show.
Scenario
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 192.168.100.1/24 set interfaces ethernet eth0 traffic policy in POLICY set system conntrack logging events all set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0' set traffic label TEST set traffic policy POLICY rule 1 set connmark 33 set traffic policy POLICY rule 1 set label TEST
Step 2: Set the following configuration in DUT1 :
set interfaces ethernet eth0 address 192.168.100.2/24 set protocols static route 0.0.0.0/0 next-hop 192.168.100.1 set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 3: Ping IP address 192.168.100.1 from DUT1:
admin@DUT1$ ping 192.168.100.1 count 1 size 56 timeout 1Show output
PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data. 64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=6.54 ms --- 192.168.100.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 6.539/6.539/6.539/0.000 ms
Step 4: Ping IP address 192.168.100.1 from DUT1:
admin@DUT1$ ping 192.168.100.1 count 2 size 56 timeout 1Show output
PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data. 64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=6.32 ms 64 bytes from 192.168.100.1: icmp_seq=2 ttl=64 time=8.30 ms --- 192.168.100.1 ping statistics --- 2 packets transmitted, 2 received, 0% packet loss, time 1002ms rtt min/avg/max/mdev = 6.319/7.310/8.301/0.991 ms
Step 5: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
ulogd\[.*\]:.*\[((NEW)|(UPDATE)|(DESTROY))\].*MARK=33.*LABELS=TESTShow output
Jul 28 10:28:37.682321 osdx systemd-journald[340421]: Runtime Journal (/run/log/journal/a46937b51a3a4c469575696f63c9d620) is 2.0M, max 15.3M, 13.3M free. Jul 28 10:28:37.683145 osdx systemd-journald[340421]: Received client request to rotate journal, rotating. Jul 28 10:28:37.683209 osdx systemd-journald[340421]: Vacuuming done, freed 0B of archived journals from /run/log/journal/a46937b51a3a4c469575696f63c9d620. Jul 28 10:28:37.713234 osdx OSDxCLI[340267]: User 'admin' executed a new command: 'system journal clear'. Jul 28 10:28:38.204889 osdx OSDxCLI[340267]: User 'admin' executed a new command: 'system coredump delete all'. Jul 28 10:28:38.792164 osdx OSDxCLI[340267]: User 'admin' entered the configuration menu. Jul 28 10:28:38.995188 osdx OSDxCLI[340267]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 traffic policy in POLICY'. Jul 28 10:28:39.123726 osdx OSDxCLI[340267]: User 'admin' added a new cfg line: 'set traffic label TEST'. Jul 28 10:28:39.302708 osdx OSDxCLI[340267]: User 'admin' added a new cfg line: 'set traffic policy POLICY rule 1 set connmark 33'. Jul 28 10:28:39.486535 osdx OSDxCLI[340267]: User 'admin' added a new cfg line: 'set traffic policy POLICY rule 1 set label TEST'. Jul 28 10:28:39.693933 osdx OSDxCLI[340267]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 192.168.100.1/24'. Jul 28 10:28:39.862399 osdx OSDxCLI[340267]: User 'admin' added a new cfg line: 'set system conntrack logging events all'. Jul 28 10:28:40.044894 osdx OSDxCLI[340267]: User 'admin' added a new cfg line: 'show working'. Jul 28 10:28:40.164444 osdx ubnt-cfgd[341943]: inactive Jul 28 10:28:40.210386 osdx INFO[341957]: FRR daemons did not change Jul 28 10:28:40.246882 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Jul 28 10:28:40.647424 osdx systemd[1]: Starting ulogd2.service - Netfilter Userspace Logging Daemon... Jul 28 10:28:40.648572 osdx systemd[1]: ulogd2.service: Failed to parse PID from file /run/ulog/ulogd.pid: Invalid argument Jul 28 10:28:40.649420 osdx ulogd[342048]: registering plugin `NFCT' Jul 28 10:28:40.649516 osdx ulogd[342048]: registering plugin `IP2STR' Jul 28 10:28:40.649603 osdx ulogd[342048]: registering plugin `PRINTFLOW' Jul 28 10:28:40.649693 osdx ulogd[342048]: registering plugin `SYSLOG' Jul 28 10:28:40.649699 osdx ulogd[342048]: building new pluginstance stack: 'ct1:NFCT,ip2str1:IP2STR,print1:PRINTFLOW,sys1:SYSLOG' Jul 28 10:28:40.649775 osdx ulogd[342048]: NFCT plugin working in event mode Jul 28 10:28:40.649787 osdx ulogd[342048]: Changing UID / GID Jul 28 10:28:40.649907 osdx ulogd[342048]: initialization finished, entering main loop Jul 28 10:28:40.658858 osdx systemd[1]: Started ulogd2.service - Netfilter Userspace Logging Daemon. Jul 28 10:28:40.678160 osdx ulogd[342048]: Terminal signal received, exiting Jul 28 10:28:40.678648 osdx systemd[1]: Stopping ulogd2.service - Netfilter Userspace Logging Daemon... Jul 28 10:28:40.679156 osdx systemd[1]: ulogd2.service: Deactivated successfully. Jul 28 10:28:40.679323 osdx systemd[1]: Stopped ulogd2.service - Netfilter Userspace Logging Daemon. Jul 28 10:28:40.681038 osdx systemd[1]: Starting ulogd2.service - Netfilter Userspace Logging Daemon... Jul 28 10:28:40.682914 osdx systemd[1]: ulogd2.service: Failed to parse PID from file /run/ulog/ulogd.pid: Invalid argument Jul 28 10:28:40.684118 osdx ulogd[342054]: registering plugin `NFCT' Jul 28 10:28:40.684221 osdx ulogd[342054]: registering plugin `IP2STR' Jul 28 10:28:40.684307 osdx ulogd[342054]: registering plugin `PRINTFLOW' Jul 28 10:28:40.684411 osdx ulogd[342054]: registering plugin `SYSLOG' Jul 28 10:28:40.684418 osdx ulogd[342054]: building new pluginstance stack: 'ct1:NFCT,ip2str1:IP2STR,print1:PRINTFLOW,sys1:SYSLOG' Jul 28 10:28:40.684499 osdx ulogd[342054]: NFCT plugin working in event mode Jul 28 10:28:40.684512 osdx ulogd[342054]: Changing UID / GID Jul 28 10:28:40.684636 osdx ulogd[342054]: initialization finished, entering main loop Jul 28 10:28:40.694875 osdx systemd[1]: Started ulogd2.service - Netfilter Userspace Logging Daemon. Jul 28 10:28:40.896013 osdx cfgd[1473]: [340267]Completed change to active configuration Jul 28 10:28:40.912747 osdx OSDxCLI[340267]: User 'admin' committed the configuration. Jul 28 10:28:40.955595 osdx OSDxCLI[340267]: User 'admin' left the configuration menu. Jul 28 10:28:42.635502 osdx ulogd[342054]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 MARK=33 LABELS=TEST Jul 28 10:28:42.635540 osdx ulogd[342054]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 MARK=33 Jul 28 10:28:42.843534 osdx ulogd[342054]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 MARK=33 LABELS=TEST Jul 28 10:28:42.843578 osdx ulogd[342054]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 MARK=33
VRF logging
Description
Set a simple configuration with a vrf,
send a ping command from one device to other
and check that default and vrf fields appear when running system journal show.
Scenario
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 192.168.100.1/24 set interfaces ethernet eth0 vrf RED set protocols vrf RED static route 0.0.0.0/0 next-hop 192.168.100.2 set system conntrack logging events all set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0' set system vrf RED
Step 2: Set the following configuration in DUT1 :
set interfaces ethernet eth0 address 192.168.100.2/24 set protocols static route 0.0.0.0/0 next-hop 192.168.100.1 set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 3: Ping IP address 192.168.100.1 from DUT1:
admin@DUT1$ ping 192.168.100.1 count 1 size 56 timeout 1Show output
PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data. 64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=1.47 ms --- 192.168.100.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 1.469/1.469/1.469/0.000 ms
Step 4: Ping IP address 192.168.100.1 from DUT1:
admin@DUT1$ ping 192.168.100.1 count 1 size 56 timeout 1Show output
PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data. 64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.363 ms --- 192.168.100.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.363/0.363/0.363/0.000 ms
Step 5: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
ulogd\[.*\]:.*\[((NEW)|(UPDATE)|(DESTROY))\].*VRF=REDShow output
Jul 28 10:28:56.671022 osdx systemd-journald[340421]: Runtime Journal (/run/log/journal/a46937b51a3a4c469575696f63c9d620) is 2.0M, max 15.3M, 13.2M free. Jul 28 10:28:56.678752 osdx systemd-journald[340421]: Received client request to rotate journal, rotating. Jul 28 10:28:56.678926 osdx systemd-journald[340421]: Vacuuming done, freed 0B of archived journals from /run/log/journal/a46937b51a3a4c469575696f63c9d620. Jul 28 10:28:56.702680 osdx OSDxCLI[340267]: User 'admin' executed a new command: 'system journal clear'. Jul 28 10:28:57.251325 osdx OSDxCLI[340267]: User 'admin' executed a new command: 'system coredump delete all'. Jul 28 10:28:57.869571 osdx OSDxCLI[340267]: User 'admin' entered the configuration menu. Jul 28 10:28:58.051428 osdx OSDxCLI[340267]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 vrf RED'. Jul 28 10:28:58.217700 osdx OSDxCLI[340267]: User 'admin' added a new cfg line: 'set protocols vrf RED static route 0.0.0.0/0 next-hop 192.168.100.2'. Jul 28 10:28:58.341241 osdx OSDxCLI[340267]: User 'admin' added a new cfg line: 'set system vrf RED'. Jul 28 10:28:58.440852 osdx OSDxCLI[340267]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 192.168.100.1/24'. Jul 28 10:28:58.563073 osdx OSDxCLI[340267]: User 'admin' added a new cfg line: 'set system conntrack logging events all'. Jul 28 10:28:58.715976 osdx OSDxCLI[340267]: User 'admin' added a new cfg line: 'show working'. Jul 28 10:28:58.885351 osdx ubnt-cfgd[342280]: inactive Jul 28 10:28:58.965180 osdx INFO[342288]: FRR daemons did not change Jul 28 10:28:58.984237 osdx (udev-worker)[342296]: RED: Could not disable auto negotiation, ignoring: Operation not supported Jul 28 10:28:58.984763 osdx (udev-worker)[342296]: Network interface NamePolicy= disabled on kernel command line. Jul 28 10:28:59.054112 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Jul 28 10:28:59.241239 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Jul 28 10:28:59.498794 osdx systemd[1]: Starting ulogd2.service - Netfilter Userspace Logging Daemon... Jul 28 10:28:59.502047 osdx systemd[1]: Started ulogd2.service - Netfilter Userspace Logging Daemon. Jul 28 10:28:59.502932 osdx ulogd[342454]: registering plugin `NFCT' Jul 28 10:28:59.503351 osdx ulogd[342454]: registering plugin `IP2STR' Jul 28 10:28:59.503851 osdx ulogd[342454]: registering plugin `PRINTFLOW' Jul 28 10:28:59.504012 osdx ulogd[342454]: registering plugin `SYSLOG' Jul 28 10:28:59.504083 osdx ulogd[342454]: building new pluginstance stack: 'ct1:NFCT,ip2str1:IP2STR,print1:PRINTFLOW,sys1:SYSLOG' Jul 28 10:28:59.504336 osdx ulogd[342454]: NFCT plugin working in event mode Jul 28 10:28:59.504710 osdx ulogd[342454]: Changing UID / GID Jul 28 10:28:59.504974 osdx ulogd[342454]: initialization finished, entering main loop Jul 28 10:28:59.505965 osdx cfgd[1473]: [340267]Completed change to active configuration Jul 28 10:28:59.542877 osdx OSDxCLI[340267]: User 'admin' committed the configuration. Jul 28 10:28:59.691759 osdx OSDxCLI[340267]: User 'admin' left the configuration menu. Jul 28 10:29:01.186699 osdx ulogd[342454]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 VRF=RED PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 VRF=RED PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 Jul 28 10:29:01.186741 osdx ulogd[342454]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 VRF=RED PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 VRF=RED PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 Jul 28 10:29:01.358608 osdx ulogd[342454]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 VRF=RED PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 VRF=RED PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 Jul 28 10:29:01.358639 osdx ulogd[342454]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 VRF=RED PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 VRF=RED PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0
Not-Bypass logging
Description
Set a simple configuration with a firewall service,
send a ping command from one device to other
and check that default and bypass fields appear when running system journal show.
Scenario
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth1 address 10.215.168.64/24 set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 2: Ping IP address 10.215.168.1 from DUT0:
admin@DUT0$ ping 10.215.168.1 count 1 size 56 timeout 1Show output
PING 10.215.168.1 (10.215.168.1) 56(84) bytes of data. 64 bytes from 10.215.168.1: icmp_seq=1 ttl=64 time=3.99 ms --- 10.215.168.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 3.992/3.992/3.992/0.000 ms
Step 3: Run command file copy http://10.215.168.1/~robot/test-performance.rules running:// force at DUT0 and expect this output:
Show output
% Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 100 129 100 129 0 0 10723 0 --:--:-- --:--:-- --:--:-- 11727
Step 4: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 192.168.100.1/24 set interfaces ethernet eth0 traffic policy in POLICY set interfaces ethernet eth1 address 10.215.168.64/24 set service firewall FW mode inline queue FW_Q set service firewall FW ruleset file 'running://test-performance.rules' set service firewall FW stream bypass mark 129834765 set service firewall FW stream bypass mask 129834765 set service firewall FW stream bypass set-connmark set system conntrack logging events all set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0' set traffic policy POLICY rule 1 action enqueue FW_Q set traffic queue FW_Q elements 1
Step 5: Set the following configuration in DUT1 :
set interfaces ethernet eth0 address 192.168.100.2/24 set protocols static route 0.0.0.0/0 next-hop 192.168.100.1 set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 6: Ping IP address 192.168.100.1 from DUT1:
admin@DUT1$ ping 192.168.100.1 count 1 size 56 timeout 1Show output
PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data. 64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=1.87 ms --- 192.168.100.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 1.872/1.872/1.872/0.000 ms
Step 7: Ping IP address 192.168.100.1 from DUT1:
admin@DUT1$ ping 192.168.100.1 count 1 size 56 timeout 1Show output
PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data. 64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=13.4 ms --- 192.168.100.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 13.427/13.427/13.427/0.000 ms
Step 8: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
ulogd\[.*\]:.*\[((NEW)|(UPDATE)|(DESTROY))\].*Sc: not-bypassShow output
Jul 28 10:29:12.597250 osdx systemd-journald[340421]: Runtime Journal (/run/log/journal/a46937b51a3a4c469575696f63c9d620) is 2.0M, max 15.3M, 13.2M free. Jul 28 10:29:12.600119 osdx systemd-journald[340421]: Received client request to rotate journal, rotating. Jul 28 10:29:12.600227 osdx systemd-journald[340421]: Vacuuming done, freed 0B of archived journals from /run/log/journal/a46937b51a3a4c469575696f63c9d620. Jul 28 10:29:12.662927 osdx OSDxCLI[340267]: User 'admin' executed a new command: 'system journal clear'. Jul 28 10:29:13.168204 osdx OSDxCLI[340267]: User 'admin' executed a new command: 'system coredump delete all'. Jul 28 10:29:13.691735 osdx OSDxCLI[340267]: User 'admin' entered the configuration menu. Jul 28 10:29:13.964779 osdx OSDxCLI[340267]: User 'admin' added a new cfg line: 'set interfaces ethernet eth1 address 10.215.168.64/24'. Jul 28 10:29:14.168594 osdx OSDxCLI[340267]: User 'admin' added a new cfg line: 'show working'. Jul 28 10:29:14.322902 osdx ubnt-cfgd[342720]: inactive Jul 28 10:29:14.786418 osdx INFO[342728]: FRR daemons did not change Jul 28 10:29:14.820076 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth1 Jul 28 10:29:14.954053 osdx cfgd[1473]: [340267]Completed change to active configuration Jul 28 10:29:14.980598 osdx OSDxCLI[340267]: User 'admin' committed the configuration. Jul 28 10:29:15.066111 osdx OSDxCLI[340267]: User 'admin' left the configuration menu. Jul 28 10:29:15.934013 osdx OSDxCLI[340267]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'. Jul 28 10:29:16.307289 osdx file_operation[342845]: using src url: http://10.215.168.1/~robot/test-performance.rules dst url: running:// Jul 28 10:29:16.366750 osdx OSDxCLI[340267]: User 'admin' executed a new command: 'file copy http://10.215.168.1/~robot/test-performance.rules running:// force'. Jul 28 10:29:16.641653 osdx OSDxCLI[340267]: User 'admin' entered the configuration menu. Jul 28 10:29:16.844846 osdx OSDxCLI[340267]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 traffic policy in POLICY'. Jul 28 10:29:17.088584 osdx OSDxCLI[340267]: User 'admin' added a new cfg line: 'set service firewall FW mode inline queue FW_Q'. Jul 28 10:29:17.318011 osdx OSDxCLI[340267]: User 'admin' added a new cfg line: 'set service firewall FW ruleset file running://test-performance.rules'. Jul 28 10:29:17.426899 osdx OSDxCLI[340267]: User 'admin' added a new cfg line: 'set service firewall FW stream bypass'. Jul 28 10:29:17.600758 osdx OSDxCLI[340267]: User 'admin' added a new cfg line: 'set service firewall FW stream bypass mark 129834765'. Jul 28 10:29:17.787992 osdx OSDxCLI[340267]: User 'admin' added a new cfg line: 'set service firewall FW stream bypass mask 129834765'. Jul 28 10:29:17.955692 osdx OSDxCLI[340267]: User 'admin' added a new cfg line: 'set service firewall FW stream bypass set-connmark'. Jul 28 10:29:18.121266 osdx OSDxCLI[340267]: User 'admin' added a new cfg line: 'set traffic queue FW_Q elements 1'. Jul 28 10:29:18.313500 osdx OSDxCLI[340267]: User 'admin' added a new cfg line: 'set traffic policy POLICY rule 1 action enqueue FW_Q'. Jul 28 10:29:18.481363 osdx OSDxCLI[340267]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 192.168.100.1/24'. Jul 28 10:29:18.594887 osdx OSDxCLI[340267]: User 'admin' added a new cfg line: 'set system conntrack logging events all'. Jul 28 10:29:18.796367 osdx OSDxCLI[340267]: User 'admin' added a new cfg line: 'show working'. Jul 28 10:29:18.921920 osdx ubnt-cfgd[342883]: inactive Jul 28 10:29:19.021286 osdx INFO[342900]: FRR daemons did not change Jul 28 10:29:19.068138 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Jul 28 10:29:19.220882 osdx systemd[1]: Starting ulogd2.service - Netfilter Userspace Logging Daemon... Jul 28 10:29:19.221847 osdx systemd[1]: Started ulogd2.service - Netfilter Userspace Logging Daemon. Jul 28 10:29:19.222057 osdx ulogd[342991]: registering plugin `NFCT' Jul 28 10:29:19.222420 osdx ulogd[342991]: registering plugin `IP2STR' Jul 28 10:29:19.222608 osdx ulogd[342991]: registering plugin `PRINTFLOW' Jul 28 10:29:19.222743 osdx ulogd[342991]: registering plugin `SYSLOG' Jul 28 10:29:19.222814 osdx ulogd[342991]: building new pluginstance stack: 'ct1:NFCT,ip2str1:IP2STR,print1:PRINTFLOW,sys1:SYSLOG' Jul 28 10:29:19.222952 osdx ulogd[342991]: NFCT plugin working in event mode Jul 28 10:29:19.223034 osdx ulogd[342991]: Changing UID / GID Jul 28 10:29:19.223228 osdx ulogd[342991]: initialization finished, entering main loop Jul 28 10:29:19.483800 osdx systemd[1]: Reloading. Jul 28 10:29:19.592096 osdx systemd-sysv-generator[343025]: stat() failed on /etc/init.d/README, ignoring: No such file or directory Jul 28 10:29:19.788682 osdx systemd[1]: Starting logrotate.service - Rotate log files... Jul 28 10:29:19.795865 osdx systemd[1]: Starting suricata@FW.service - Suricata client "FW" service... Jul 28 10:29:19.833441 osdx systemd[1]: Started suricata@FW.service - Suricata client "FW" service. Jul 28 10:29:19.839267 osdx systemd[1]: logrotate.service: Deactivated successfully. Jul 28 10:29:19.839449 osdx systemd[1]: Finished logrotate.service - Rotate log files. Jul 28 10:29:20.324464 osdx INFO[343006]: Rules successfully loaded Jul 28 10:29:20.352582 osdx ulogd[342991]: Terminal signal received, exiting Jul 28 10:29:20.352754 osdx systemd[1]: Stopping ulogd2.service - Netfilter Userspace Logging Daemon... Jul 28 10:29:20.353230 osdx systemd[1]: ulogd2.service: Deactivated successfully. Jul 28 10:29:20.353489 osdx systemd[1]: Stopped ulogd2.service - Netfilter Userspace Logging Daemon. Jul 28 10:29:20.388740 osdx systemd[1]: Starting ulogd2.service - Netfilter Userspace Logging Daemon... Jul 28 10:29:20.390549 osdx systemd[1]: Started ulogd2.service - Netfilter Userspace Logging Daemon. Jul 28 10:29:20.390890 osdx ulogd[343052]: registering plugin `NFCT' Jul 28 10:29:20.391281 osdx ulogd[343052]: registering plugin `IP2STR' Jul 28 10:29:20.391471 osdx ulogd[343052]: registering plugin `PRINTFLOW' Jul 28 10:29:20.392250 osdx ulogd[343052]: registering plugin `SYSLOG' Jul 28 10:29:20.392334 osdx ulogd[343052]: building new pluginstance stack: 'ct1:NFCT,ip2str1:IP2STR,print1:PRINTFLOW,sys1:SYSLOG' Jul 28 10:29:20.392700 osdx ulogd[343052]: NFCT plugin working in event mode Jul 28 10:29:20.392832 osdx ulogd[343052]: Changing UID / GID Jul 28 10:29:20.393042 osdx ulogd[343052]: initialization finished, entering main loop Jul 28 10:29:20.393947 osdx cfgd[1473]: [340267]Completed change to active configuration Jul 28 10:29:20.413374 osdx OSDxCLI[340267]: User 'admin' committed the configuration. Jul 28 10:29:20.466588 osdx OSDxCLI[340267]: User 'admin' left the configuration menu. Jul 28 10:29:21.956037 osdx ulogd[343052]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 (Sc: not-bypass) Jul 28 10:29:21.956089 osdx ulogd[343052]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 (Sc: not-bypass) Jul 28 10:29:22.179795 osdx ulogd[343052]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 (Sc: not-bypass) Jul 28 10:29:22.179825 osdx ulogd[343052]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 (Sc: not-bypass)
Offload flag
Description
Set a simple configuration with DUT0 as an intermediary between DUT1
and DUT2. Initiate a ssh connection from DUT1 to DUT2
and check that default and offload fields appear when running system journal show.
Scenario
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 192.168.100.1/24 set interfaces ethernet eth1 address 192.168.200.1/24 set system conntrack logging events all set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 2: Set the following configuration in DUT1 :
set interfaces ethernet eth0 address 192.168.100.2/24 set protocols static route 0.0.0.0/0 next-hop 192.168.100.1 set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 3: Set the following configuration in DUT2 :
set interfaces ethernet eth0 address 192.168.200.2/24 set protocols static route 0.0.0.0/0 next-hop 192.168.200.1 set service ssh set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 4: Ping IP address 192.168.100.1 from DUT1:
admin@DUT1$ ping 192.168.100.1 count 1 size 56 timeout 1Show output
PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data. 64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.698 ms --- 192.168.100.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.698/0.698/0.698/0.000 ms
Step 5: Ping IP address 192.168.200.1 from DUT2:
admin@DUT2$ ping 192.168.200.1 count 1 size 56 timeout 1Show output
PING 192.168.200.1 (192.168.200.1) 56(84) bytes of data. 64 bytes from 192.168.200.1: icmp_seq=1 ttl=64 time=10.0 ms --- 192.168.200.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 10.042/10.042/10.042/0.000 ms
Step 6: Init an SSH connection from DUT1 to IP address 192.168.200.2 with the user admin:
admin@DUT1$ ssh admin@192.168.200.2 option StrictHostKeyChecking=no option UserKnownHostsFile=/dev/nullShow output
Warning: Permanently added '192.168.200.2' (ECDSA) to the list of known hosts. admin@192.168.200.2's password: Welcome to Teldat OSDx v4.2.4.6 This system includes free software. Contact Teldat for licenses information and source code. Last login: Mon Jul 28 07:39:32 2025 from 40.0.0.2 admin@osdx$
Step 7: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
ulogd\[.*\]:.*\[((NEW)|(UPDATE)|(DESTROY))\].*\[OFFLOAD\]Show output
Jul 28 10:29:34.574089 osdx systemd-journald[340421]: Runtime Journal (/run/log/journal/a46937b51a3a4c469575696f63c9d620) is 2.0M, max 15.3M, 13.2M free. Jul 28 10:29:34.577373 osdx systemd-journald[340421]: Received client request to rotate journal, rotating. Jul 28 10:29:34.577509 osdx systemd-journald[340421]: Vacuuming done, freed 0B of archived journals from /run/log/journal/a46937b51a3a4c469575696f63c9d620. Jul 28 10:29:34.594713 osdx OSDxCLI[340267]: User 'admin' executed a new command: 'system journal clear'. Jul 28 10:29:35.009668 osdx OSDxCLI[340267]: User 'admin' executed a new command: 'system coredump delete all'. Jul 28 10:29:35.532307 osdx OSDxCLI[340267]: User 'admin' entered the configuration menu. Jul 28 10:29:35.751751 osdx OSDxCLI[340267]: User 'admin' added a new cfg line: 'set interfaces ethernet eth1 address 192.168.200.1/24'. Jul 28 10:29:35.900065 osdx OSDxCLI[340267]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 192.168.100.1/24'. Jul 28 10:29:36.362029 osdx OSDxCLI[340267]: User 'admin' added a new cfg line: 'set system conntrack logging events all'. Jul 28 10:29:36.517741 osdx OSDxCLI[340267]: User 'admin' added a new cfg line: 'show working'. Jul 28 10:29:36.650728 osdx ubnt-cfgd[343328]: inactive Jul 28 10:29:36.712045 osdx INFO[343338]: FRR daemons did not change Jul 28 10:29:36.769418 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth1 Jul 28 10:29:36.949424 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Jul 28 10:29:37.102014 osdx systemd[1]: Starting ulogd2.service - Netfilter Userspace Logging Daemon... Jul 28 10:29:37.103349 osdx systemd[1]: Started ulogd2.service - Netfilter Userspace Logging Daemon. Jul 28 10:29:37.103548 osdx ulogd[343504]: registering plugin `NFCT' Jul 28 10:29:37.104349 osdx ulogd[343504]: registering plugin `IP2STR' Jul 28 10:29:37.104531 osdx ulogd[343504]: registering plugin `PRINTFLOW' Jul 28 10:29:37.105373 osdx ulogd[343504]: registering plugin `SYSLOG' Jul 28 10:29:37.105464 osdx ulogd[343504]: building new pluginstance stack: 'ct1:NFCT,ip2str1:IP2STR,print1:PRINTFLOW,sys1:SYSLOG' Jul 28 10:29:37.105600 osdx ulogd[343504]: NFCT plugin working in event mode Jul 28 10:29:37.105672 osdx ulogd[343504]: Changing UID / GID Jul 28 10:29:37.105855 osdx ulogd[343504]: initialization finished, entering main loop Jul 28 10:29:37.106107 osdx cfgd[1473]: [340267]Completed change to active configuration Jul 28 10:29:37.127670 osdx OSDxCLI[340267]: User 'admin' committed the configuration. Jul 28 10:29:37.164553 osdx OSDxCLI[340267]: User 'admin' left the configuration menu. Jul 28 10:29:40.274204 osdx ulogd[343504]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 Jul 28 10:29:40.274235 osdx ulogd[343504]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 Jul 28 10:29:40.420943 osdx ulogd[343504]: [NEW] ORIG: SRC=192.168.200.2 DST=192.168.200.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.200.1 DST=192.168.200.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 Jul 28 10:29:40.420982 osdx ulogd[343504]: [UPDATE] ORIG: SRC=192.168.200.2 DST=192.168.200.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.200.1 DST=192.168.200.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 Jul 28 10:29:40.582429 osdx ulogd[343504]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.200.2 PROTO=TCP SPT=52934 DPT=22 PKTS=0 BYTES=0 , REPLY: SRC=192.168.200.2 DST=192.168.100.2 PROTO=TCP SPT=22 DPT=52934 PKTS=0 BYTES=0 Jul 28 10:29:40.582650 osdx ulogd[343504]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.200.2 PROTO=TCP SPT=52934 DPT=22 PKTS=0 BYTES=0 , REPLY: SRC=192.168.200.2 DST=192.168.100.2 PROTO=TCP SPT=22 DPT=52934 PKTS=0 BYTES=0 Jul 28 10:29:40.582918 osdx ulogd[343504]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.200.2 PROTO=TCP SPT=52934 DPT=22 PKTS=0 BYTES=0 , REPLY: SRC=192.168.200.2 DST=192.168.100.2 PROTO=TCP SPT=22 DPT=52934 PKTS=0 BYTES=0 [OFFLOAD] Jul 28 10:29:41.142158 osdx ulogd[343504]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.200.2 PROTO=TCP SPT=52934 DPT=22 PKTS=0 BYTES=0 , REPLY: SRC=192.168.200.2 DST=192.168.100.2 PROTO=TCP SPT=22 DPT=52934 PKTS=0 BYTES=0 Jul 28 10:29:41.145277 osdx ulogd[343504]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.200.2 PROTO=TCP SPT=52934 DPT=22 PKTS=0 BYTES=0 , REPLY: SRC=192.168.200.2 DST=192.168.100.2 PROTO=TCP SPT=22 DPT=52934 PKTS=0 BYTES=0 [OFFLOAD] Jul 28 10:29:41.151310 osdx ulogd[343504]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.200.2 PROTO=TCP SPT=52934 DPT=22 PKTS=0 BYTES=0 , REPLY: SRC=192.168.200.2 DST=192.168.100.2 PROTO=TCP SPT=22 DPT=52934 PKTS=0 BYTES=0 Jul 28 10:29:41.151880 osdx ulogd[343504]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.200.2 PROTO=TCP SPT=52934 DPT=22 PKTS=0 BYTES=0 , REPLY: SRC=192.168.200.2 DST=192.168.100.2 PROTO=TCP SPT=22 DPT=52934 PKTS=0 BYTES=0 [OFFLOAD]
App detect logging
Description
Set a simple configuration enabling app detection in system conntrack, send a ping command from DUT1
and check app detect field appears when running system journal show. After that, enabling app detection
in system conntrack for http host, try to copy index.html from a http server
and check that the app detect field appears and belongs to the http server when running system journal show.
Scenario
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 192.168.100.1/24 set system conntrack app-detect set system conntrack logging events all set system conntrack timeout icmp 1 set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 2: Set the following configuration in DUT1 :
set interfaces ethernet eth0 address 192.168.100.2/24 set protocols static route 0.0.0.0/0 next-hop 192.168.100.1 set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 3: Ping IP address 192.168.100.1 from DUT1:
admin@DUT1$ ping 192.168.100.1 count 1 size 56 timeout 1Show output
PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data. 64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=1.39 ms --- 192.168.100.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 1.387/1.387/1.387/0.000 ms
Step 4: Ping IP address 192.168.100.1 from DUT1:
admin@DUT1$ ping 192.168.100.1 count 3 size 56 timeout 1Show output
PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data. 64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.387 ms 64 bytes from 192.168.100.1: icmp_seq=2 ttl=64 time=1.69 ms 64 bytes from 192.168.100.1: icmp_seq=3 ttl=64 time=0.440 ms --- 192.168.100.1 ping statistics --- 3 packets transmitted, 3 received, 0% packet loss, time 2002ms rtt min/avg/max/mdev = 0.387/0.838/1.689/0.601 ms
Step 5: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
ulogd\[.*\]:.*\[NEW\].*APPDETECT\[L3:1\]Show output
Jul 28 10:29:49.497409 osdx systemd-journald[340421]: Runtime Journal (/run/log/journal/a46937b51a3a4c469575696f63c9d620) is 2.0M, max 15.3M, 13.2M free. Jul 28 10:29:49.500194 osdx systemd-journald[340421]: Received client request to rotate journal, rotating. Jul 28 10:29:49.500288 osdx systemd-journald[340421]: Vacuuming done, freed 0B of archived journals from /run/log/journal/a46937b51a3a4c469575696f63c9d620. Jul 28 10:29:49.540639 osdx OSDxCLI[340267]: User 'admin' executed a new command: 'system journal clear'. Jul 28 10:29:50.150382 osdx OSDxCLI[340267]: User 'admin' executed a new command: 'system coredump delete all'. Jul 28 10:29:50.793798 osdx OSDxCLI[340267]: User 'admin' entered the configuration menu. Jul 28 10:29:50.973107 osdx OSDxCLI[340267]: User 'admin' added a new cfg line: 'set system conntrack app-detect'. Jul 28 10:29:51.145240 osdx OSDxCLI[340267]: User 'admin' added a new cfg line: 'set system conntrack timeout icmp 1'. Jul 28 10:29:51.371754 osdx OSDxCLI[340267]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 192.168.100.1/24'. Jul 28 10:29:51.525148 osdx OSDxCLI[340267]: User 'admin' added a new cfg line: 'set system conntrack logging events all'. Jul 28 10:29:51.764875 osdx OSDxCLI[340267]: User 'admin' added a new cfg line: 'show working'. Jul 28 10:29:51.937020 osdx ubnt-cfgd[343719]: inactive Jul 28 10:29:51.992590 osdx INFO[343727]: FRR daemons did not change Jul 28 10:29:52.196163 osdx kernel: app-detect: module init Jul 28 10:29:52.196232 osdx kernel: app-detect: registered: sysctl net.appdetect Jul 28 10:29:52.196254 osdx kernel: app-detect: expression init Jul 28 10:29:52.196273 osdx kernel: app-detect: appid cache initialized Jul 28 10:29:52.196306 osdx kernel: app-detect: appid cache changes counter initialized Jul 28 10:29:52.209915 osdx modulelauncher[343730]: AppDetect: no change in application dictionaries, thus nothing more to do Jul 28 10:29:52.260207 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Jul 28 10:29:52.404702 osdx systemd[1]: Starting ulogd2.service - Netfilter Userspace Logging Daemon... Jul 28 10:29:52.406011 osdx systemd[1]: Started ulogd2.service - Netfilter Userspace Logging Daemon. Jul 28 10:29:52.406145 osdx ulogd[343841]: registering plugin `NFCT' Jul 28 10:29:52.406497 osdx ulogd[343841]: registering plugin `IP2STR' Jul 28 10:29:52.406655 osdx ulogd[343841]: registering plugin `PRINTFLOW' Jul 28 10:29:52.406809 osdx ulogd[343841]: registering plugin `SYSLOG' Jul 28 10:29:52.406881 osdx ulogd[343841]: building new pluginstance stack: 'ct1:NFCT,ip2str1:IP2STR,print1:PRINTFLOW,sys1:SYSLOG' Jul 28 10:29:52.407020 osdx ulogd[343841]: NFCT plugin working in event mode Jul 28 10:29:52.407090 osdx ulogd[343841]: Changing UID / GID Jul 28 10:29:52.407255 osdx ulogd[343841]: initialization finished, entering main loop Jul 28 10:29:52.408738 osdx cfgd[1473]: [340267]Completed change to active configuration Jul 28 10:29:52.432709 osdx OSDxCLI[340267]: User 'admin' committed the configuration. Jul 28 10:29:52.491418 osdx OSDxCLI[340267]: User 'admin' left the configuration menu. Jul 28 10:29:54.072729 osdx ulogd[343841]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Jul 28 10:29:54.072762 osdx ulogd[343841]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Jul 28 10:29:54.288836 osdx ulogd[343841]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Jul 28 10:29:54.288879 osdx ulogd[343841]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Jul 28 10:29:55.290546 osdx ulogd[343841]: [DESTROY] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 APPDETECT[L3:1] Jul 28 10:29:55.290585 osdx ulogd[343841]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Jul 28 10:29:55.290610 osdx ulogd[343841]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Jul 28 10:29:56.290848 osdx ulogd[343841]: [DESTROY] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 APPDETECT[L3:1] Jul 28 10:29:56.294193 osdx ulogd[343841]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Jul 28 10:29:56.294230 osdx ulogd[343841]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1]
Step 6: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
ulogd\[.*\]:.*\[UPDATE\].*APPDETECT\[L3:1\]Show output
Jul 28 10:29:49.497409 osdx systemd-journald[340421]: Runtime Journal (/run/log/journal/a46937b51a3a4c469575696f63c9d620) is 2.0M, max 15.3M, 13.2M free. Jul 28 10:29:49.500194 osdx systemd-journald[340421]: Received client request to rotate journal, rotating. Jul 28 10:29:49.500288 osdx systemd-journald[340421]: Vacuuming done, freed 0B of archived journals from /run/log/journal/a46937b51a3a4c469575696f63c9d620. Jul 28 10:29:49.540639 osdx OSDxCLI[340267]: User 'admin' executed a new command: 'system journal clear'. Jul 28 10:29:50.150382 osdx OSDxCLI[340267]: User 'admin' executed a new command: 'system coredump delete all'. Jul 28 10:29:50.793798 osdx OSDxCLI[340267]: User 'admin' entered the configuration menu. Jul 28 10:29:50.973107 osdx OSDxCLI[340267]: User 'admin' added a new cfg line: 'set system conntrack app-detect'. Jul 28 10:29:51.145240 osdx OSDxCLI[340267]: User 'admin' added a new cfg line: 'set system conntrack timeout icmp 1'. Jul 28 10:29:51.371754 osdx OSDxCLI[340267]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 192.168.100.1/24'. Jul 28 10:29:51.525148 osdx OSDxCLI[340267]: User 'admin' added a new cfg line: 'set system conntrack logging events all'. Jul 28 10:29:51.764875 osdx OSDxCLI[340267]: User 'admin' added a new cfg line: 'show working'. Jul 28 10:29:51.937020 osdx ubnt-cfgd[343719]: inactive Jul 28 10:29:51.992590 osdx INFO[343727]: FRR daemons did not change Jul 28 10:29:52.196163 osdx kernel: app-detect: module init Jul 28 10:29:52.196232 osdx kernel: app-detect: registered: sysctl net.appdetect Jul 28 10:29:52.196254 osdx kernel: app-detect: expression init Jul 28 10:29:52.196273 osdx kernel: app-detect: appid cache initialized Jul 28 10:29:52.196306 osdx kernel: app-detect: appid cache changes counter initialized Jul 28 10:29:52.209915 osdx modulelauncher[343730]: AppDetect: no change in application dictionaries, thus nothing more to do Jul 28 10:29:52.260207 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Jul 28 10:29:52.404702 osdx systemd[1]: Starting ulogd2.service - Netfilter Userspace Logging Daemon... Jul 28 10:29:52.406011 osdx systemd[1]: Started ulogd2.service - Netfilter Userspace Logging Daemon. Jul 28 10:29:52.406145 osdx ulogd[343841]: registering plugin `NFCT' Jul 28 10:29:52.406497 osdx ulogd[343841]: registering plugin `IP2STR' Jul 28 10:29:52.406655 osdx ulogd[343841]: registering plugin `PRINTFLOW' Jul 28 10:29:52.406809 osdx ulogd[343841]: registering plugin `SYSLOG' Jul 28 10:29:52.406881 osdx ulogd[343841]: building new pluginstance stack: 'ct1:NFCT,ip2str1:IP2STR,print1:PRINTFLOW,sys1:SYSLOG' Jul 28 10:29:52.407020 osdx ulogd[343841]: NFCT plugin working in event mode Jul 28 10:29:52.407090 osdx ulogd[343841]: Changing UID / GID Jul 28 10:29:52.407255 osdx ulogd[343841]: initialization finished, entering main loop Jul 28 10:29:52.408738 osdx cfgd[1473]: [340267]Completed change to active configuration Jul 28 10:29:52.432709 osdx OSDxCLI[340267]: User 'admin' committed the configuration. Jul 28 10:29:52.491418 osdx OSDxCLI[340267]: User 'admin' left the configuration menu. Jul 28 10:29:54.072729 osdx ulogd[343841]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Jul 28 10:29:54.072762 osdx ulogd[343841]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Jul 28 10:29:54.288836 osdx ulogd[343841]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Jul 28 10:29:54.288879 osdx ulogd[343841]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Jul 28 10:29:55.290546 osdx ulogd[343841]: [DESTROY] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 APPDETECT[L3:1] Jul 28 10:29:55.290585 osdx ulogd[343841]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Jul 28 10:29:55.290610 osdx ulogd[343841]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Jul 28 10:29:56.290848 osdx ulogd[343841]: [DESTROY] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 APPDETECT[L3:1] Jul 28 10:29:56.294193 osdx ulogd[343841]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Jul 28 10:29:56.294230 osdx ulogd[343841]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Jul 28 10:29:56.471542 osdx OSDxCLI[340267]: User 'admin' executed a new command: 'system journal show | cat'.
Step 7: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
ulogd\[.*\]:.*\[DESTROY\].*APPDETECT\[L3:1\]Show output
Jul 28 10:29:49.497409 osdx systemd-journald[340421]: Runtime Journal (/run/log/journal/a46937b51a3a4c469575696f63c9d620) is 2.0M, max 15.3M, 13.2M free. Jul 28 10:29:49.500194 osdx systemd-journald[340421]: Received client request to rotate journal, rotating. Jul 28 10:29:49.500288 osdx systemd-journald[340421]: Vacuuming done, freed 0B of archived journals from /run/log/journal/a46937b51a3a4c469575696f63c9d620. Jul 28 10:29:49.540639 osdx OSDxCLI[340267]: User 'admin' executed a new command: 'system journal clear'. Jul 28 10:29:50.150382 osdx OSDxCLI[340267]: User 'admin' executed a new command: 'system coredump delete all'. Jul 28 10:29:50.793798 osdx OSDxCLI[340267]: User 'admin' entered the configuration menu. Jul 28 10:29:50.973107 osdx OSDxCLI[340267]: User 'admin' added a new cfg line: 'set system conntrack app-detect'. Jul 28 10:29:51.145240 osdx OSDxCLI[340267]: User 'admin' added a new cfg line: 'set system conntrack timeout icmp 1'. Jul 28 10:29:51.371754 osdx OSDxCLI[340267]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 192.168.100.1/24'. Jul 28 10:29:51.525148 osdx OSDxCLI[340267]: User 'admin' added a new cfg line: 'set system conntrack logging events all'. Jul 28 10:29:51.764875 osdx OSDxCLI[340267]: User 'admin' added a new cfg line: 'show working'. Jul 28 10:29:51.937020 osdx ubnt-cfgd[343719]: inactive Jul 28 10:29:51.992590 osdx INFO[343727]: FRR daemons did not change Jul 28 10:29:52.196163 osdx kernel: app-detect: module init Jul 28 10:29:52.196232 osdx kernel: app-detect: registered: sysctl net.appdetect Jul 28 10:29:52.196254 osdx kernel: app-detect: expression init Jul 28 10:29:52.196273 osdx kernel: app-detect: appid cache initialized Jul 28 10:29:52.196306 osdx kernel: app-detect: appid cache changes counter initialized Jul 28 10:29:52.209915 osdx modulelauncher[343730]: AppDetect: no change in application dictionaries, thus nothing more to do Jul 28 10:29:52.260207 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Jul 28 10:29:52.404702 osdx systemd[1]: Starting ulogd2.service - Netfilter Userspace Logging Daemon... Jul 28 10:29:52.406011 osdx systemd[1]: Started ulogd2.service - Netfilter Userspace Logging Daemon. Jul 28 10:29:52.406145 osdx ulogd[343841]: registering plugin `NFCT' Jul 28 10:29:52.406497 osdx ulogd[343841]: registering plugin `IP2STR' Jul 28 10:29:52.406655 osdx ulogd[343841]: registering plugin `PRINTFLOW' Jul 28 10:29:52.406809 osdx ulogd[343841]: registering plugin `SYSLOG' Jul 28 10:29:52.406881 osdx ulogd[343841]: building new pluginstance stack: 'ct1:NFCT,ip2str1:IP2STR,print1:PRINTFLOW,sys1:SYSLOG' Jul 28 10:29:52.407020 osdx ulogd[343841]: NFCT plugin working in event mode Jul 28 10:29:52.407090 osdx ulogd[343841]: Changing UID / GID Jul 28 10:29:52.407255 osdx ulogd[343841]: initialization finished, entering main loop Jul 28 10:29:52.408738 osdx cfgd[1473]: [340267]Completed change to active configuration Jul 28 10:29:52.432709 osdx OSDxCLI[340267]: User 'admin' committed the configuration. Jul 28 10:29:52.491418 osdx OSDxCLI[340267]: User 'admin' left the configuration menu. Jul 28 10:29:54.072729 osdx ulogd[343841]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Jul 28 10:29:54.072762 osdx ulogd[343841]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Jul 28 10:29:54.288836 osdx ulogd[343841]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Jul 28 10:29:54.288879 osdx ulogd[343841]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Jul 28 10:29:55.290546 osdx ulogd[343841]: [DESTROY] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 APPDETECT[L3:1] Jul 28 10:29:55.290585 osdx ulogd[343841]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Jul 28 10:29:55.290610 osdx ulogd[343841]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Jul 28 10:29:56.290848 osdx ulogd[343841]: [DESTROY] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 APPDETECT[L3:1] Jul 28 10:29:56.294193 osdx ulogd[343841]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Jul 28 10:29:56.294230 osdx ulogd[343841]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Jul 28 10:29:56.471542 osdx OSDxCLI[340267]: User 'admin' executed a new command: 'system journal show | cat'. Jul 28 10:29:56.803470 osdx OSDxCLI[340267]: User 'admin' executed a new command: 'system journal show | cat'.
Step 8: Modify the following configuration lines in DUT0 :
set interfaces ethernet eth1 address 10.215.168.64/24 set system conntrack app-detect http-host
Step 9: Ping IP address 10.215.168.1 from DUT0:
admin@DUT0$ ping 10.215.168.1 count 1 size 56 timeout 1Show output
PING 10.215.168.1 (10.215.168.1) 56(84) bytes of data. 64 bytes from 10.215.168.1: icmp_seq=1 ttl=64 time=0.453 ms --- 10.215.168.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.453/0.453/0.453/0.000 ms
Step 10: Run command file copy http://10.215.168.1/~robot/ running://index.html at DUT0 and expect this output:
Show output
% Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 100 4352 0 4352 0 0 34909 0 --:--:-- --:--:-- --:--:-- 35096
Step 11: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
ulogd\[.*\]:.*\[((NEW)|(UPDATE)|(DESTROY))\].*APPDETECT\[L4:80 http-host:10.215.168.1\]Show output
Jul 28 10:29:49.497409 osdx systemd-journald[340421]: Runtime Journal (/run/log/journal/a46937b51a3a4c469575696f63c9d620) is 2.0M, max 15.3M, 13.2M free. Jul 28 10:29:49.500194 osdx systemd-journald[340421]: Received client request to rotate journal, rotating. Jul 28 10:29:49.500288 osdx systemd-journald[340421]: Vacuuming done, freed 0B of archived journals from /run/log/journal/a46937b51a3a4c469575696f63c9d620. Jul 28 10:29:49.540639 osdx OSDxCLI[340267]: User 'admin' executed a new command: 'system journal clear'. Jul 28 10:29:50.150382 osdx OSDxCLI[340267]: User 'admin' executed a new command: 'system coredump delete all'. Jul 28 10:29:50.793798 osdx OSDxCLI[340267]: User 'admin' entered the configuration menu. Jul 28 10:29:50.973107 osdx OSDxCLI[340267]: User 'admin' added a new cfg line: 'set system conntrack app-detect'. Jul 28 10:29:51.145240 osdx OSDxCLI[340267]: User 'admin' added a new cfg line: 'set system conntrack timeout icmp 1'. Jul 28 10:29:51.371754 osdx OSDxCLI[340267]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 192.168.100.1/24'. Jul 28 10:29:51.525148 osdx OSDxCLI[340267]: User 'admin' added a new cfg line: 'set system conntrack logging events all'. Jul 28 10:29:51.764875 osdx OSDxCLI[340267]: User 'admin' added a new cfg line: 'show working'. Jul 28 10:29:51.937020 osdx ubnt-cfgd[343719]: inactive Jul 28 10:29:51.992590 osdx INFO[343727]: FRR daemons did not change Jul 28 10:29:52.196163 osdx kernel: app-detect: module init Jul 28 10:29:52.196232 osdx kernel: app-detect: registered: sysctl net.appdetect Jul 28 10:29:52.196254 osdx kernel: app-detect: expression init Jul 28 10:29:52.196273 osdx kernel: app-detect: appid cache initialized Jul 28 10:29:52.196306 osdx kernel: app-detect: appid cache changes counter initialized Jul 28 10:29:52.209915 osdx modulelauncher[343730]: AppDetect: no change in application dictionaries, thus nothing more to do Jul 28 10:29:52.260207 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Jul 28 10:29:52.404702 osdx systemd[1]: Starting ulogd2.service - Netfilter Userspace Logging Daemon... Jul 28 10:29:52.406011 osdx systemd[1]: Started ulogd2.service - Netfilter Userspace Logging Daemon. Jul 28 10:29:52.406145 osdx ulogd[343841]: registering plugin `NFCT' Jul 28 10:29:52.406497 osdx ulogd[343841]: registering plugin `IP2STR' Jul 28 10:29:52.406655 osdx ulogd[343841]: registering plugin `PRINTFLOW' Jul 28 10:29:52.406809 osdx ulogd[343841]: registering plugin `SYSLOG' Jul 28 10:29:52.406881 osdx ulogd[343841]: building new pluginstance stack: 'ct1:NFCT,ip2str1:IP2STR,print1:PRINTFLOW,sys1:SYSLOG' Jul 28 10:29:52.407020 osdx ulogd[343841]: NFCT plugin working in event mode Jul 28 10:29:52.407090 osdx ulogd[343841]: Changing UID / GID Jul 28 10:29:52.407255 osdx ulogd[343841]: initialization finished, entering main loop Jul 28 10:29:52.408738 osdx cfgd[1473]: [340267]Completed change to active configuration Jul 28 10:29:52.432709 osdx OSDxCLI[340267]: User 'admin' committed the configuration. Jul 28 10:29:52.491418 osdx OSDxCLI[340267]: User 'admin' left the configuration menu. Jul 28 10:29:54.072729 osdx ulogd[343841]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Jul 28 10:29:54.072762 osdx ulogd[343841]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Jul 28 10:29:54.288836 osdx ulogd[343841]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Jul 28 10:29:54.288879 osdx ulogd[343841]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Jul 28 10:29:55.290546 osdx ulogd[343841]: [DESTROY] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 APPDETECT[L3:1] Jul 28 10:29:55.290585 osdx ulogd[343841]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Jul 28 10:29:55.290610 osdx ulogd[343841]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Jul 28 10:29:56.290848 osdx ulogd[343841]: [DESTROY] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 APPDETECT[L3:1] Jul 28 10:29:56.294193 osdx ulogd[343841]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Jul 28 10:29:56.294230 osdx ulogd[343841]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Jul 28 10:29:56.471542 osdx OSDxCLI[340267]: User 'admin' executed a new command: 'system journal show | cat'. Jul 28 10:29:56.803470 osdx OSDxCLI[340267]: User 'admin' executed a new command: 'system journal show | cat'. Jul 28 10:29:57.043779 osdx OSDxCLI[340267]: User 'admin' executed a new command: 'system journal show | cat'. Jul 28 10:29:57.372105 osdx OSDxCLI[340267]: User 'admin' entered the configuration menu. Jul 28 10:29:57.555808 osdx OSDxCLI[340267]: User 'admin' added a new cfg line: 'set interfaces ethernet eth1 address 10.215.168.64/24'. Jul 28 10:29:57.668344 osdx OSDxCLI[340267]: User 'admin' added a new cfg line: 'set system conntrack app-detect http-host'. Jul 28 10:29:57.846372 osdx OSDxCLI[340267]: User 'admin' added a new cfg line: 'show changes'. Jul 28 10:29:57.984878 osdx ubnt-cfgd[343892]: inactive Jul 28 10:29:58.050860 osdx INFO[343900]: FRR daemons did not change Jul 28 10:29:58.092219 osdx kernel: app-detect: expression destroy Jul 28 10:29:58.112227 osdx kernel: app-detect: expression init Jul 28 10:29:58.112285 osdx kernel: app-detect: appid cache initialized Jul 28 10:29:58.112312 osdx kernel: app-detect: appid cache changes counter initialized Jul 28 10:29:58.118748 osdx modulelauncher[343903]: AppDetect: no change in application dictionaries, thus nothing more to do Jul 28 10:29:58.252188 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth1 Jul 28 10:29:58.395791 osdx cfgd[1473]: [340267]Completed change to active configuration Jul 28 10:29:58.417008 osdx ulogd[343841]: [DESTROY] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 APPDETECT[L3:1] Jul 28 10:29:58.417042 osdx ulogd[343841]: [DESTROY] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 APPDETECT[L3:1] Jul 28 10:29:58.418341 osdx OSDxCLI[340267]: User 'admin' committed the configuration. Jul 28 10:29:58.493134 osdx OSDxCLI[340267]: User 'admin' left the configuration menu. Jul 28 10:29:58.725536 osdx ulogd[343841]: [NEW] ORIG: SRC=10.215.168.64 DST=10.215.168.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=10.215.168.1 DST=10.215.168.64 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Jul 28 10:29:58.725981 osdx ulogd[343841]: [UPDATE] ORIG: SRC=10.215.168.64 DST=10.215.168.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=10.215.168.1 DST=10.215.168.64 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Jul 28 10:29:58.728470 osdx OSDxCLI[340267]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'. Jul 28 10:29:58.954069 osdx file_operation[344030]: using src url: http://10.215.168.1/~robot/ dst url: running://index.html Jul 28 10:29:58.968273 osdx ulogd[343841]: [NEW] ORIG: SRC=10.215.168.64 DST=10.215.168.1 PROTO=TCP SPT=36318 DPT=80 PKTS=0 BYTES=0 , REPLY: SRC=10.215.168.1 DST=10.215.168.64 PROTO=TCP SPT=80 DPT=36318 PKTS=0 BYTES=0 APPDETECT[L4:80] Jul 28 10:29:58.968672 osdx ulogd[343841]: [UPDATE] ORIG: SRC=10.215.168.64 DST=10.215.168.1 PROTO=TCP SPT=36318 DPT=80 PKTS=0 BYTES=0 , REPLY: SRC=10.215.168.1 DST=10.215.168.64 PROTO=TCP SPT=80 DPT=36318 PKTS=0 BYTES=0 APPDETECT[L4:80] Jul 28 10:29:58.968704 osdx ulogd[343841]: [UPDATE] ORIG: SRC=10.215.168.64 DST=10.215.168.1 PROTO=TCP SPT=36318 DPT=80 PKTS=0 BYTES=0 , REPLY: SRC=10.215.168.1 DST=10.215.168.64 PROTO=TCP SPT=80 DPT=36318 PKTS=0 BYTES=0 APPDETECT[L4:80] Jul 28 10:29:59.082132 osdx ulogd[343841]: [UPDATE] ORIG: SRC=10.215.168.64 DST=10.215.168.1 PROTO=TCP SPT=36318 DPT=80 PKTS=0 BYTES=0 , REPLY: SRC=10.215.168.1 DST=10.215.168.64 PROTO=TCP SPT=80 DPT=36318 PKTS=0 BYTES=0 APPDETECT[L4:80 http-host:10.215.168.1] Jul 28 10:29:59.082864 osdx ulogd[343841]: [UPDATE] ORIG: SRC=10.215.168.64 DST=10.215.168.1 PROTO=TCP SPT=36318 DPT=80 PKTS=0 BYTES=0 , REPLY: SRC=10.215.168.1 DST=10.215.168.64 PROTO=TCP SPT=80 DPT=36318 PKTS=0 BYTES=0 APPDETECT[L4:80 http-host:10.215.168.1] Jul 28 10:29:59.082894 osdx ulogd[343841]: [UPDATE] ORIG: SRC=10.215.168.64 DST=10.215.168.1 PROTO=TCP SPT=36318 DPT=80 PKTS=0 BYTES=0 , REPLY: SRC=10.215.168.1 DST=10.215.168.64 PROTO=TCP SPT=80 DPT=36318 PKTS=0 BYTES=0 APPDETECT[L4:80 http-host:10.215.168.1] Jul 28 10:29:59.110347 osdx OSDxCLI[340267]: User 'admin' executed a new command: 'file copy http://10.215.168.1/~robot/ running://index.html'.
App Detect Drop Packet
Description
Set a traffic policy with action drop for all the packets matching an appid specified by a traffic selector.
Enable http-host and http-url option in system conntrack appdetect path in order to see relevant information about http packets.
Finnally, log that packets with app-id option and check that appdetect field appear in journal when
running system journal show
Scenario
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth1 address 10.215.168.64/24 set interfaces ethernet eth1 traffic policy out DROP set system conntrack app-detect dictionary 130 custom app-id 155 fqdn 10.215.168.1 set system conntrack app-detect enable_dict_match_priv_ip set system conntrack app-detect http-host set system conntrack app-detect http-url set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0' set traffic policy DROP rule 1 action drop set traffic policy DROP rule 1 log app-id set traffic policy DROP rule 1 selector APPID set traffic selector APPID rule 1 app-id custom 155
Step 2: Ping IP address 10.215.168.1 from DUT0:
admin@DUT0$ ping 10.215.168.1 count 1 size 56 timeout 1Show output
PING 10.215.168.1 (10.215.168.1) 56(84) bytes of data. 64 bytes from 10.215.168.1: icmp_seq=1 ttl=64 time=0.293 ms --- 10.215.168.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.293/0.293/0.293/0.000 ms
Step 3: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
osdx kernel:.*APPDETECT\[U:155 http-url:/~robot/ http-host:10.215.168.1\]Show output
Jul 28 10:30:08.421510 osdx systemd-journald[340421]: Runtime Journal (/run/log/journal/a46937b51a3a4c469575696f63c9d620) is 3.8M, max 15.3M, 11.5M free. Jul 28 10:30:08.426621 osdx systemd-journald[340421]: Received client request to rotate journal, rotating. Jul 28 10:30:08.426728 osdx systemd-journald[340421]: Vacuuming done, freed 0B of archived journals from /run/log/journal/a46937b51a3a4c469575696f63c9d620. Jul 28 10:30:08.446064 osdx OSDxCLI[340267]: User 'admin' executed a new command: 'system journal clear'. Jul 28 10:30:08.952221 osdx OSDxCLI[340267]: User 'admin' executed a new command: 'system coredump delete all'. Jul 28 10:30:09.492867 osdx OSDxCLI[340267]: User 'admin' entered the configuration menu. Jul 28 10:30:09.616310 osdx OSDxCLI[340267]: User 'admin' added a new cfg line: 'set system conntrack app-detect dictionary 130 custom app-id 155 fqdn 10.215.168.1'. Jul 28 10:30:09.766420 osdx OSDxCLI[340267]: User 'admin' added a new cfg line: 'set system conntrack app-detect enable_dict_match_priv_ip'. Jul 28 10:30:09.870372 osdx OSDxCLI[340267]: User 'admin' added a new cfg line: 'set system conntrack app-detect http-url'. Jul 28 10:30:10.001528 osdx OSDxCLI[340267]: User 'admin' added a new cfg line: 'set traffic selector APPID rule 1 app-id custom 155'. Jul 28 10:30:10.156408 osdx OSDxCLI[340267]: User 'admin' added a new cfg line: 'set traffic policy DROP rule 1 selector APPID'. Jul 28 10:30:10.253525 osdx OSDxCLI[340267]: User 'admin' added a new cfg line: 'set traffic policy DROP rule 1 action drop'. Jul 28 10:30:10.405288 osdx OSDxCLI[340267]: User 'admin' added a new cfg line: 'set traffic policy DROP rule 1 log app-id'. Jul 28 10:30:10.599755 osdx OSDxCLI[340267]: User 'admin' added a new cfg line: 'set interfaces ethernet eth1 traffic policy out DROP'. Jul 28 10:30:10.752758 osdx OSDxCLI[340267]: User 'admin' added a new cfg line: 'set interfaces ethernet eth1 address 10.215.168.64/24'. Jul 28 10:30:10.866269 osdx OSDxCLI[340267]: User 'admin' added a new cfg line: 'set system conntrack app-detect http-host'. Jul 28 10:30:11.026198 osdx OSDxCLI[340267]: User 'admin' added a new cfg line: 'show working'. Jul 28 10:30:11.134227 osdx ubnt-cfgd[344251]: inactive Jul 28 10:30:11.210077 osdx INFO[344273]: FRR daemons did not change Jul 28 10:30:11.404119 osdx kernel: app-detect: module init Jul 28 10:30:11.404215 osdx kernel: app-detect: registered: sysctl net.appdetect Jul 28 10:30:11.404246 osdx kernel: app-detect: expression init Jul 28 10:30:11.404267 osdx kernel: app-detect: appid cache initialized Jul 28 10:30:11.404286 osdx kernel: app-detect: appid cache changes counter initialized Jul 28 10:30:11.476131 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth1 Jul 28 10:30:11.806866 osdx cfgd[1473]: [340267]Completed change to active configuration Jul 28 10:30:11.841566 osdx OSDxCLI[340267]: User 'admin' committed the configuration. Jul 28 10:30:11.896591 osdx OSDxCLI[340267]: User 'admin' left the configuration menu. Jul 28 10:30:12.153117 osdx OSDxCLI[340267]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'. Jul 28 10:30:12.375153 osdx file_operation[344442]: using src url: http://10.215.168.1/~robot/ dst url: running://index.html Jul 28 10:30:12.388167 osdx kernel: [DROP-1] DROP IN= OUT=eth1 SRC=10.215.168.64 DST=10.215.168.1 LEN=306 TOS=0x00 PREC=0x00 TTL=64 ID=46241 DF PROTO=TCP SPT=41938 DPT=80 WINDOW=502 RES=0x00 ACK PSH URGP=0 APPDETECT[U:155 http-url:/~robot/ http-host:10.215.168.1] Jul 28 10:30:12.592176 osdx kernel: [DROP-1] DROP IN= OUT=eth1 SRC=10.215.168.64 DST=10.215.168.1 LEN=306 TOS=0x00 PREC=0x00 TTL=64 ID=46242 DF PROTO=TCP SPT=41938 DPT=80 WINDOW=502 RES=0x00 ACK PSH URGP=0 APPDETECT[U:155 http-url:/~robot/ http-host:10.215.168.1] Jul 28 10:30:13.008201 osdx kernel: [DROP-1] DROP IN= OUT=eth1 SRC=10.215.168.64 DST=10.215.168.1 LEN=306 TOS=0x00 PREC=0x00 TTL=64 ID=46243 DF PROTO=TCP SPT=41938 DPT=80 WINDOW=502 RES=0x00 ACK PSH URGP=0 APPDETECT[U:155 http-url:/~robot/ http-host:10.215.168.1] Jul 28 10:30:13.844182 osdx kernel: [DROP-1] DROP IN= OUT=eth1 SRC=10.215.168.64 DST=10.215.168.1 LEN=306 TOS=0x00 PREC=0x00 TTL=64 ID=46244 DF PROTO=TCP SPT=41938 DPT=80 WINDOW=502 RES=0x00 ACK PSH URGP=0 APPDETECT[U:155 http-url:/~robot/ http-host:10.215.168.1] Jul 28 10:30:15.370865 osdx file_operation.py[344442]: Operation aborted by user. Jul 28 10:30:15.400354 osdx kernel: [DROP-1] DROP IN= OUT=eth1 SRC=10.215.168.64 DST=10.215.168.1 LEN=306 TOS=0x00 PREC=0x00 TTL=64 ID=46245 DF PROTO=TCP SPT=41938 DPT=80 WINDOW=502 RES=0x00 ACK PSH FIN URGP=0 APPDETECT[U:155 http-url:/~robot/ http-host:10.215.168.1] Jul 28 10:30:15.424822 osdx OSDxCLI[340267]: User 'admin' executed a new command: 'file copy http://10.215.168.1/~robot/ running://index.html'. Jul 28 10:30:15.473755 osdx kernel: [DROP-1] DROP IN= OUT=eth1 SRC=10.215.168.64 DST=10.215.168.1 LEN=306 TOS=0x00 PREC=0x00 TTL=64 ID=46246 DF PROTO=TCP SPT=41938 DPT=80 WINDOW=502 RES=0x00 ACK PSH FIN URGP=0 APPDETECT[U:155 http-url:/~robot/ http-host:10.215.168.1]
Identity Values
Description
Conntrack identity is able to contain any printed character but not spaces
Scenario
Step 1: Run command configure at DUT0 and expect this output:
Step 2: Run command set system conntrack logging identity "he||o w@rld!" at DUT0 and check if output contains the following tokens:
Identity name must be 92 characters or less and must contain printable characters except those defined as part of the space character classShow output
Identity name must be 92 characters or less and must contain printable characters except those defined as part of the space character class Value validation failed CLI Error: Command error
Step 3: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 192.168.100.1/24 set system conntrack logging events all set system conntrack logging identity 'he||o-w@rld!' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 4: Set the following configuration in DUT1 :
set interfaces ethernet eth0 address 192.168.100.2/24 set protocols static route 0.0.0.0/0 next-hop 192.168.100.1 set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 5: Ping IP address 192.168.100.1 from DUT1:
admin@DUT1$ ping 192.168.100.1 count 1 size 56 timeout 1Show output
PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data. 64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.664 ms --- 192.168.100.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.664/0.664/0.664/0.000 ms
Step 6: Ping IP address 192.168.100.1 from DUT1:
admin@DUT1$ ping 192.168.100.1 count 1 size 56 timeout 1Show output
PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data. 64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=4.13 ms --- 192.168.100.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 4.128/4.128/4.128/0.000 ms
Step 7: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
he||o-w@rld!\[.*\]:.*\[((NEW)|(UPDATE)|(DESTROY))\].*SRC=192.168.100.2Show output
Jul 28 10:30:24.561166 osdx systemd-journald[340421]: Runtime Journal (/run/log/journal/a46937b51a3a4c469575696f63c9d620) is 2.0M, max 15.3M, 13.2M free. Jul 28 10:30:24.572708 osdx systemd-journald[340421]: Received client request to rotate journal, rotating. Jul 28 10:30:24.572820 osdx systemd-journald[340421]: Vacuuming done, freed 0B of archived journals from /run/log/journal/a46937b51a3a4c469575696f63c9d620. Jul 28 10:30:24.592345 osdx OSDxCLI[340267]: User 'admin' executed a new command: 'system journal clear'. Jul 28 10:30:25.162023 osdx OSDxCLI[340267]: User 'admin' executed a new command: 'system coredump delete all'. Jul 28 10:30:25.900208 osdx OSDxCLI[340267]: User 'admin' entered the configuration menu. Jul 28 10:30:26.148816 osdx cfgd[1473]: [340267]Command output: Identity name must be 92 characters or less and must contain printable characters except those defined as part of the space character class Value validation failed Jul 28 10:30:26.149648 osdx OSDxCLI[340267]: User 'admin' entered an invalid command: 'set system conntrack logging identity "he||o w@rld!"'. Jul 28 10:30:26.219722 osdx OSDxCLI[340267]: User 'admin' left the configuration menu. Jul 28 10:30:26.564536 osdx OSDxCLI[340267]: User 'admin' entered the configuration menu. Jul 28 10:30:26.793083 osdx OSDxCLI[340267]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 192.168.100.1/24'. Jul 28 10:30:26.965238 osdx OSDxCLI[340267]: User 'admin' added a new cfg line: 'set system conntrack logging events all'. Jul 28 10:30:27.057178 osdx OSDxCLI[340267]: User 'admin' added a new cfg line: 'set system conntrack logging identity he||o-w@rld!'. Jul 28 10:30:27.197529 osdx OSDxCLI[340267]: User 'admin' added a new cfg line: 'show working'. Jul 28 10:30:27.385691 osdx ubnt-cfgd[344631]: inactive Jul 28 10:30:27.422218 osdx INFO[344639]: FRR daemons did not change Jul 28 10:30:27.460910 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Jul 28 10:30:27.589749 osdx systemd[1]: Starting ulogd2.service - Netfilter Userspace Logging Daemon... Jul 28 10:30:27.590791 osdx ulogd[344730]: registering plugin `NFCT' Jul 28 10:30:27.590875 osdx ulogd[344730]: registering plugin `IP2STR' Jul 28 10:30:27.590974 osdx ulogd[344730]: registering plugin `PRINTFLOW' Jul 28 10:30:27.591059 osdx ulogd[344730]: registering plugin `SYSLOG' Jul 28 10:30:27.591066 osdx ulogd[344730]: building new pluginstance stack: 'ct1:NFCT,ip2str1:IP2STR,print1:PRINTFLOW,sys1:SYSLOG' Jul 28 10:30:27.591143 osdx ulogd[344730]: NFCT plugin working in event mode Jul 28 10:30:27.591159 osdx he||o-w@rld![344730]: Changing UID / GID Jul 28 10:30:27.591282 osdx he||o-w@rld![344730]: initialization finished, entering main loop Jul 28 10:30:27.591476 osdx systemd[1]: Started ulogd2.service - Netfilter Userspace Logging Daemon. Jul 28 10:30:27.593440 osdx cfgd[1473]: [340267]Completed change to active configuration Jul 28 10:30:27.612344 osdx OSDxCLI[340267]: User 'admin' committed the configuration. Jul 28 10:30:27.655617 osdx OSDxCLI[340267]: User 'admin' left the configuration menu. Jul 28 10:30:29.071067 osdx he||o-w@rld![344730]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 Jul 28 10:30:29.071111 osdx he||o-w@rld![344730]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 Jul 28 10:30:29.299313 osdx he||o-w@rld![344730]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 Jul 28 10:30:29.299356 osdx he||o-w@rld![344730]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0