Logging
The following scenarios show how to configure the conntrack logging option with different traffic policies and services enabled, in order to check that all fields are displayed correctly and all events are captured.
New events
Description
Check NEW sessions events are captured
Scenario
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 192.168.100.1/24 set system conntrack logging events new set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 2: Set the following configuration in DUT1 :
set interfaces ethernet eth0 address 192.168.100.2/24 set protocols static route 0.0.0.0/0 next-hop 192.168.100.1 set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 3: Ping IP address 192.168.100.1 from DUT1:
admin@DUT1$ ping 192.168.100.1 count 1 size 56 timeout 1Show output
PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data. 64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.360 ms --- 192.168.100.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.360/0.360/0.360/0.000 ms
Step 4: Ping IP address 192.168.100.1 from DUT1:
admin@DUT1$ ping 192.168.100.1 count 1 size 56 timeout 1Show output
PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data. 64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.261 ms --- 192.168.100.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.261/0.261/0.261/0.000 ms
Step 5: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
ulogd\[.*\]:.*\[NEW\].*SRC=192.168.100.2Show output
Aug 20 14:03:21.000160 osdx systemd-timedated[173048]: Changed local time to Wed 2025-08-20 14:03:21 UTC Aug 20 14:03:21.001909 osdx OSDxCLI[173783]: User 'admin' executed a new command: 'set date 2025-08-20 14:03:21'. Aug 20 14:03:21.295424 osdx sudo[174008]: pam_limits(sudo:session): invalid line '@200:215 hard maxlogins ' - skipped Aug 20 14:03:21.298587 osdx systemd-journald[82189]: Runtime Journal (/run/log/journal/c36516c5c29741ae91520d0cd389ea90) is 2.2M, max 15.3M, 13.0M free. Aug 20 14:03:21.301045 osdx systemd-journald[82189]: Received client request to rotate journal, rotating. Aug 20 14:03:21.301097 osdx systemd-journald[82189]: Vacuuming done, freed 0B of archived journals from /run/log/journal/c36516c5c29741ae91520d0cd389ea90. Aug 20 14:03:21.302568 osdx sudo[174007]: pam_limits(sudo:session): invalid line '@200:215 hard maxlogins ' - skipped Aug 20 14:03:21.310463 osdx OSDxCLI[173783]: User 'admin' executed a new command: 'system journal clear'. Aug 20 14:03:21.531504 osdx OSDxCLI[173783]: User 'admin' executed a new command: 'system coredump delete all'. Aug 20 14:03:21.752157 osdx OSDxCLI[173783]: User 'admin' entered the configuration menu. Aug 20 14:03:21.829491 osdx OSDxCLI[173783]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 192.168.100.1/24'. Aug 20 14:03:21.915221 osdx OSDxCLI[173783]: User 'admin' added a new cfg line: 'set system conntrack logging events new'. Aug 20 14:03:21.997680 osdx OSDxCLI[173783]: User 'admin' added a new cfg line: 'show working'. Aug 20 14:03:22.111885 osdx ubnt-cfgd[174032]: inactive Aug 20 14:03:22.133841 osdx INFO[174040]: FRR daemons did not change Aug 20 14:03:22.157063 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Aug 20 14:03:22.213646 osdx sudo[174128]: pam_limits(sudo:session): invalid line '@200:215 hard maxlogins ' - skipped Aug 20 14:03:22.245415 osdx systemd[1]: Starting ulogd2.service - Netfilter Userspace Logging Daemon... Aug 20 14:03:22.248127 osdx systemd[1]: ulogd2.service: Failed to parse PID from file /run/ulog/ulogd.pid: Invalid argument Aug 20 14:03:22.250868 osdx ulogd[174131]: registering plugin `NFCT' Aug 20 14:03:22.251840 osdx ulogd[174131]: registering plugin `IP2STR' Aug 20 14:03:22.251943 osdx ulogd[174131]: registering plugin `PRINTFLOW' Aug 20 14:03:22.252947 osdx ulogd[174131]: registering plugin `SYSLOG' Aug 20 14:03:22.252980 osdx ulogd[174131]: building new pluginstance stack: 'ct1:NFCT,ip2str1:IP2STR,print1:PRINTFLOW,sys1:SYSLOG' Aug 20 14:03:22.253059 osdx ulogd[174131]: NFCT plugin working in event mode Aug 20 14:03:22.253091 osdx ulogd[174131]: Changing UID / GID Aug 20 14:03:22.253189 osdx ulogd[174131]: initialization finished, entering main loop Aug 20 14:03:22.261095 osdx systemd[1]: Started ulogd2.service - Netfilter Userspace Logging Daemon. Aug 20 14:03:22.262266 osdx cfgd[1656]: [173783]Completed change to active configuration Aug 20 14:03:22.273162 osdx OSDxCLI[173783]: User 'admin' committed the configuration. Aug 20 14:03:22.291415 osdx OSDxCLI[173783]: User 'admin' left the configuration menu. Aug 20 14:03:23.460545 osdx ulogd[174131]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 Aug 20 14:03:23.542882 osdx ulogd[174131]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0
Update events
Description
Check UPDATE sessions events are captured
Scenario
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 192.168.100.1/24 set system conntrack logging events update set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 2: Set the following configuration in DUT1 :
set interfaces ethernet eth0 address 192.168.100.2/24 set protocols static route 0.0.0.0/0 next-hop 192.168.100.1 set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 3: Ping IP address 192.168.100.1 from DUT1:
admin@DUT1$ ping 192.168.100.1 count 1 size 56 timeout 1Show output
PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data. 64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.393 ms --- 192.168.100.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.393/0.393/0.393/0.000 ms
Step 4: Ping IP address 192.168.100.1 from DUT1:
admin@DUT1$ ping 192.168.100.1 count 1 size 56 timeout 1Show output
PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data. 64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.228 ms --- 192.168.100.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.228/0.228/0.228/0.000 ms
Step 5: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
ulogd\[.*\]:.*\[UPDATE\].*SRC=192.168.100.2Show output
Aug 20 14:03:30.434645 osdx systemd-journald[82189]: Runtime Journal (/run/log/journal/c36516c5c29741ae91520d0cd389ea90) is 2.3M, max 15.3M, 12.9M free. Aug 20 14:03:30.436477 osdx systemd-journald[82189]: Received client request to rotate journal, rotating. Aug 20 14:03:30.436552 osdx systemd-journald[82189]: Vacuuming done, freed 0B of archived journals from /run/log/journal/c36516c5c29741ae91520d0cd389ea90. Aug 20 14:03:30.438995 osdx sudo[174287]: pam_limits(sudo:session): invalid line '@200:215 hard maxlogins ' - skipped Aug 20 14:03:30.445689 osdx OSDxCLI[173783]: User 'admin' executed a new command: 'system journal clear'. Aug 20 14:03:30.686357 osdx OSDxCLI[173783]: User 'admin' executed a new command: 'system coredump delete all'. Aug 20 14:03:30.921979 osdx OSDxCLI[173783]: User 'admin' entered the configuration menu. Aug 20 14:03:31.007692 osdx OSDxCLI[173783]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 192.168.100.1/24'. Aug 20 14:03:31.103459 osdx OSDxCLI[173783]: User 'admin' added a new cfg line: 'set system conntrack logging events update'. Aug 20 14:03:31.182448 osdx OSDxCLI[173783]: User 'admin' added a new cfg line: 'show working'. Aug 20 14:03:31.279557 osdx ubnt-cfgd[174312]: inactive Aug 20 14:03:31.304683 osdx INFO[174320]: FRR daemons did not change Aug 20 14:03:31.332479 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Aug 20 14:03:31.395114 osdx sudo[174408]: pam_limits(sudo:session): invalid line '@200:215 hard maxlogins ' - skipped Aug 20 14:03:31.436863 osdx systemd[1]: Starting ulogd2.service - Netfilter Userspace Logging Daemon... Aug 20 14:03:31.438107 osdx systemd[1]: Started ulogd2.service - Netfilter Userspace Logging Daemon. Aug 20 14:03:31.438272 osdx ulogd[174411]: registering plugin `NFCT' Aug 20 14:03:31.438476 osdx ulogd[174411]: registering plugin `IP2STR' Aug 20 14:03:31.438564 osdx ulogd[174411]: registering plugin `PRINTFLOW' Aug 20 14:03:31.438630 osdx ulogd[174411]: registering plugin `SYSLOG' Aug 20 14:03:31.438658 osdx ulogd[174411]: building new pluginstance stack: 'ct1:NFCT,ip2str1:IP2STR,print1:PRINTFLOW,sys1:SYSLOG' Aug 20 14:03:31.438722 osdx ulogd[174411]: NFCT plugin working in event mode Aug 20 14:03:31.438751 osdx ulogd[174411]: Changing UID / GID Aug 20 14:03:31.438846 osdx ulogd[174411]: initialization finished, entering main loop Aug 20 14:03:31.440277 osdx cfgd[1656]: [173783]Completed change to active configuration Aug 20 14:03:31.454402 osdx OSDxCLI[173783]: User 'admin' committed the configuration. Aug 20 14:03:31.489619 osdx OSDxCLI[173783]: User 'admin' left the configuration menu. Aug 20 14:03:32.388341 osdx ulogd[174411]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 Aug 20 14:03:32.499397 osdx ulogd[174411]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0
Destroy events
Description
Check DESTROY sessions events are captured
Scenario
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 192.168.100.1/24 set service ssh set system conntrack logging events destroy set system conntrack timeout icmp 1 set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 2: Set the following configuration in DUT1 :
set interfaces ethernet eth0 address 192.168.100.2/24 set protocols static route 0.0.0.0/0 next-hop 192.168.100.1 set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 3: Ping IP address 192.168.100.1 from DUT1:
admin@DUT1$ ping 192.168.100.1 count 1 size 56 timeout 1Show output
PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data. 64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.386 ms --- 192.168.100.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.386/0.386/0.386/0.000 ms
Step 4: Ping IP address 192.168.100.1 from DUT1:
admin@DUT1$ ping 192.168.100.1 count 3 size 56 timeout 1Show output
PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data. 64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.223 ms 64 bytes from 192.168.100.1: icmp_seq=2 ttl=64 time=0.269 ms 64 bytes from 192.168.100.1: icmp_seq=3 ttl=64 time=0.238 ms --- 192.168.100.1 ping statistics --- 3 packets transmitted, 3 received, 0% packet loss, time 2033ms rtt min/avg/max/mdev = 0.223/0.243/0.269/0.019 ms
Step 5: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
ulogd\[.*\]:.*\[DESTROY\].*SRC=192.168.100.2Show output
Aug 20 14:03:36.000171 osdx systemd-timedated[173048]: Changed local time to Wed 2025-08-20 14:03:36 UTC Aug 20 14:03:36.001520 osdx OSDxCLI[173783]: User 'admin' executed a new command: 'set date 2025-08-20 14:03:36'. Aug 20 14:03:36.003312 osdx systemd-journald[82189]: Time jumped backwards, rotating. Aug 20 14:03:36.296104 osdx sudo[174569]: pam_limits(sudo:session): invalid line '@200:215 hard maxlogins ' - skipped Aug 20 14:03:36.299505 osdx systemd-journald[82189]: Runtime Journal (/run/log/journal/c36516c5c29741ae91520d0cd389ea90) is 2.0M, max 15.3M, 13.3M free. Aug 20 14:03:36.303317 osdx systemd-journald[82189]: Received client request to rotate journal, rotating. Aug 20 14:03:36.303391 osdx systemd-journald[82189]: Vacuuming done, freed 0B of archived journals from /run/log/journal/c36516c5c29741ae91520d0cd389ea90. Aug 20 14:03:36.304584 osdx sudo[174568]: pam_limits(sudo:session): invalid line '@200:215 hard maxlogins ' - skipped Aug 20 14:03:36.311812 osdx OSDxCLI[173783]: User 'admin' executed a new command: 'system journal clear'. Aug 20 14:03:36.565203 osdx OSDxCLI[173783]: User 'admin' executed a new command: 'system coredump delete all'. Aug 20 14:03:36.873658 osdx OSDxCLI[173783]: User 'admin' entered the configuration menu. Aug 20 14:03:36.983265 osdx OSDxCLI[173783]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 192.168.100.1/24'. Aug 20 14:03:37.045400 osdx OSDxCLI[173783]: User 'admin' added a new cfg line: 'set system conntrack logging events destroy'. Aug 20 14:03:37.148798 osdx OSDxCLI[173783]: User 'admin' added a new cfg line: 'set system conntrack timeout icmp 1'. Aug 20 14:03:37.227655 osdx OSDxCLI[173783]: User 'admin' added a new cfg line: 'set service ssh'. Aug 20 14:03:37.354281 osdx OSDxCLI[173783]: User 'admin' added a new cfg line: 'show working'. Aug 20 14:03:37.430481 osdx ubnt-cfgd[174595]: inactive Aug 20 14:03:37.461548 osdx INFO[174609]: FRR daemons did not change Aug 20 14:03:37.487309 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Aug 20 14:03:37.553452 osdx sudo[174699]: pam_limits(sudo:session): invalid line '@200:215 hard maxlogins ' - skipped Aug 20 14:03:37.599689 osdx systemd[1]: Starting ulogd2.service - Netfilter Userspace Logging Daemon... Aug 20 14:03:37.600649 osdx systemd[1]: ulogd2.service: Failed to parse PID from file /run/ulog/ulogd.pid: Invalid argument Aug 20 14:03:37.600965 osdx systemd[1]: Started ulogd2.service - Netfilter Userspace Logging Daemon. Aug 20 14:03:37.603177 osdx ulogd[174702]: registering plugin `NFCT' Aug 20 14:03:37.603427 osdx ulogd[174702]: registering plugin `IP2STR' Aug 20 14:03:37.603496 osdx ulogd[174702]: registering plugin `PRINTFLOW' Aug 20 14:03:37.603563 osdx ulogd[174702]: registering plugin `SYSLOG' Aug 20 14:03:37.603595 osdx ulogd[174702]: building new pluginstance stack: 'ct1:NFCT,ip2str1:IP2STR,print1:PRINTFLOW,sys1:SYSLOG' Aug 20 14:03:37.603661 osdx ulogd[174702]: NFCT plugin working in event mode Aug 20 14:03:37.603691 osdx ulogd[174702]: Changing UID / GID Aug 20 14:03:37.603784 osdx ulogd[174702]: initialization finished, entering main loop Aug 20 14:03:37.684509 osdx systemd[1]: Starting ssh.service - OpenBSD Secure Shell server... Aug 20 14:03:37.696924 osdx sshd[174708]: Server listening on 0.0.0.0 port 22. Aug 20 14:03:37.697132 osdx sshd[174708]: Server listening on :: port 22. Aug 20 14:03:37.697252 osdx systemd[1]: Started ssh.service - OpenBSD Secure Shell server. Aug 20 14:03:37.722885 osdx cfgd[1656]: [173783]Completed change to active configuration Aug 20 14:03:37.736336 osdx OSDxCLI[173783]: User 'admin' committed the configuration. Aug 20 14:03:37.762087 osdx OSDxCLI[173783]: User 'admin' left the configuration menu. Aug 20 14:03:39.809042 osdx ulogd[174702]: [DESTROY] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 Aug 20 14:03:40.832965 osdx ulogd[174702]: [DESTROY] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84
Default logging
Description
Set a simple configuration, send a ping command from one device to other
and check that default fields appear when running system journal show.
Scenario
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 192.168.100.1/24 set system conntrack logging events all set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 2: Set the following configuration in DUT1 :
set interfaces ethernet eth0 address 192.168.100.2/24 set protocols static route 0.0.0.0/0 next-hop 192.168.100.1 set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 3: Ping IP address 192.168.100.1 from DUT1:
admin@DUT1$ ping 192.168.100.1 count 1 size 56 timeout 1Show output
PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data. 64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.344 ms --- 192.168.100.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.344/0.344/0.344/0.000 ms
Step 4: Ping IP address 192.168.100.1 from DUT1:
admin@DUT1$ ping 192.168.100.1 count 1 size 56 timeout 1Show output
PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data. 64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.240 ms --- 192.168.100.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.240/0.240/0.240/0.000 ms
Step 5: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
ulogd\[.*\]:.*\[((NEW)|(UPDATE)|(DESTROY))\].*SRC=192.168.100.2Show output
Aug 20 14:03:50.311025 osdx systemd-journald[82189]: Runtime Journal (/run/log/journal/c36516c5c29741ae91520d0cd389ea90) is 2.1M, max 15.3M, 13.2M free. Aug 20 14:03:50.314179 osdx systemd-journald[82189]: Received client request to rotate journal, rotating. Aug 20 14:03:50.314250 osdx systemd-journald[82189]: Vacuuming done, freed 0B of archived journals from /run/log/journal/c36516c5c29741ae91520d0cd389ea90. Aug 20 14:03:50.315484 osdx sudo[174891]: pam_limits(sudo:session): invalid line '@200:215 hard maxlogins ' - skipped Aug 20 14:03:50.322083 osdx OSDxCLI[173783]: User 'admin' executed a new command: 'system journal clear'. Aug 20 14:03:50.540640 osdx OSDxCLI[173783]: User 'admin' executed a new command: 'system coredump delete all'. Aug 20 14:03:50.763719 osdx OSDxCLI[173783]: User 'admin' entered the configuration menu. Aug 20 14:03:50.846185 osdx OSDxCLI[173783]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 192.168.100.1/24'. Aug 20 14:03:50.951567 osdx OSDxCLI[173783]: User 'admin' added a new cfg line: 'set system conntrack logging events all'. Aug 20 14:03:51.041506 osdx OSDxCLI[173783]: User 'admin' added a new cfg line: 'show working'. Aug 20 14:03:51.146452 osdx ubnt-cfgd[174916]: inactive Aug 20 14:03:51.166942 osdx INFO[174924]: FRR daemons did not change Aug 20 14:03:51.186175 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Aug 20 14:03:51.248182 osdx sudo[175012]: pam_limits(sudo:session): invalid line '@200:215 hard maxlogins ' - skipped Aug 20 14:03:51.274540 osdx systemd[1]: Starting ulogd2.service - Netfilter Userspace Logging Daemon... Aug 20 14:03:51.275852 osdx systemd[1]: Started ulogd2.service - Netfilter Userspace Logging Daemon. Aug 20 14:03:51.276046 osdx ulogd[175015]: registering plugin `NFCT' Aug 20 14:03:51.276295 osdx ulogd[175015]: registering plugin `IP2STR' Aug 20 14:03:51.276381 osdx ulogd[175015]: registering plugin `PRINTFLOW' Aug 20 14:03:51.276461 osdx ulogd[175015]: registering plugin `SYSLOG' Aug 20 14:03:51.276496 osdx ulogd[175015]: building new pluginstance stack: 'ct1:NFCT,ip2str1:IP2STR,print1:PRINTFLOW,sys1:SYSLOG' Aug 20 14:03:51.276568 osdx ulogd[175015]: NFCT plugin working in event mode Aug 20 14:03:51.276603 osdx ulogd[175015]: Changing UID / GID Aug 20 14:03:51.276704 osdx ulogd[175015]: initialization finished, entering main loop Aug 20 14:03:51.277455 osdx cfgd[1656]: [173783]Completed change to active configuration Aug 20 14:03:51.296180 osdx OSDxCLI[173783]: User 'admin' committed the configuration. Aug 20 14:03:51.331203 osdx OSDxCLI[173783]: User 'admin' left the configuration menu. Aug 20 14:03:52.202098 osdx ulogd[175015]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 Aug 20 14:03:52.202116 osdx ulogd[175015]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 Aug 20 14:03:52.283984 osdx ulogd[175015]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 Aug 20 14:03:52.284001 osdx ulogd[175015]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0
Identity logging
Description
Set a simple configuration with identity OSDx_DUT0 for logs entries, send a ping command from one device to other
and check that the identity has changed when running system journal show.
Scenario
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 192.168.100.1/24 set system conntrack logging events all set system conntrack logging identity OSDx_DUT0 set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 2: Set the following configuration in DUT1 :
set interfaces ethernet eth0 address 192.168.100.2/24 set protocols static route 0.0.0.0/0 next-hop 192.168.100.1 set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 3: Ping IP address 192.168.100.1 from DUT1:
admin@DUT1$ ping 192.168.100.1 count 1 size 56 timeout 1Show output
PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data. 64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.324 ms --- 192.168.100.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.324/0.324/0.324/0.000 ms
Step 4: Ping IP address 192.168.100.1 from DUT1:
admin@DUT1$ ping 192.168.100.1 count 1 size 56 timeout 1Show output
PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data. 64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.239 ms --- 192.168.100.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.239/0.239/0.239/0.000 ms
Step 5: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
OSDx_DUT0\[.*\]:.*\[((NEW)|(UPDATE)|(DESTROY))\].*SRC=192.168.100.2Show output
Aug 20 14:03:59.351485 osdx systemd-journald[82189]: Runtime Journal (/run/log/journal/c36516c5c29741ae91520d0cd389ea90) is 2.1M, max 15.3M, 13.2M free. Aug 20 14:03:59.352012 osdx systemd-journald[82189]: Received client request to rotate journal, rotating. Aug 20 14:03:59.352054 osdx systemd-journald[82189]: Vacuuming done, freed 0B of archived journals from /run/log/journal/c36516c5c29741ae91520d0cd389ea90. Aug 20 14:03:59.355833 osdx sudo[175171]: pam_limits(sudo:session): invalid line '@200:215 hard maxlogins ' - skipped Aug 20 14:03:59.361674 osdx OSDxCLI[173783]: User 'admin' executed a new command: 'system journal clear'. Aug 20 14:03:59.602867 osdx OSDxCLI[173783]: User 'admin' executed a new command: 'system coredump delete all'. Aug 20 14:03:59.891812 osdx OSDxCLI[173783]: User 'admin' entered the configuration menu. Aug 20 14:03:59.979014 osdx OSDxCLI[173783]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 192.168.100.1/24'. Aug 20 14:04:00.079793 osdx OSDxCLI[173783]: User 'admin' added a new cfg line: 'set system conntrack logging events all'. Aug 20 14:04:00.143785 osdx OSDxCLI[173783]: User 'admin' added a new cfg line: 'set system conntrack logging identity OSDx_DUT0'. Aug 20 14:04:00.255292 osdx OSDxCLI[173783]: User 'admin' added a new cfg line: 'show working'. Aug 20 14:04:00.319005 osdx ubnt-cfgd[175197]: inactive Aug 20 14:04:00.452293 osdx INFO[175205]: FRR daemons did not change Aug 20 14:04:00.480014 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Aug 20 14:04:00.554407 osdx sudo[175293]: pam_limits(sudo:session): invalid line '@200:215 hard maxlogins ' - skipped Aug 20 14:04:00.580406 osdx systemd[1]: Starting ulogd2.service - Netfilter Userspace Logging Daemon... Aug 20 14:04:00.581238 osdx systemd[1]: Started ulogd2.service - Netfilter Userspace Logging Daemon. Aug 20 14:04:00.581541 osdx ulogd[175296]: registering plugin `NFCT' Aug 20 14:04:00.581728 osdx ulogd[175296]: registering plugin `IP2STR' Aug 20 14:04:00.581798 osdx ulogd[175296]: registering plugin `PRINTFLOW' Aug 20 14:04:00.581870 osdx ulogd[175296]: registering plugin `SYSLOG' Aug 20 14:04:00.581908 osdx ulogd[175296]: building new pluginstance stack: 'ct1:NFCT,ip2str1:IP2STR,print1:PRINTFLOW,sys1:SYSLOG' Aug 20 14:04:00.581981 osdx ulogd[175296]: NFCT plugin working in event mode Aug 20 14:04:00.582018 osdx OSDx_DUT0[175296]: Changing UID / GID Aug 20 14:04:00.582111 osdx OSDx_DUT0[175296]: initialization finished, entering main loop Aug 20 14:04:00.582278 osdx cfgd[1656]: [173783]Completed change to active configuration Aug 20 14:04:00.596911 osdx OSDxCLI[173783]: User 'admin' committed the configuration. Aug 20 14:04:00.613436 osdx OSDxCLI[173783]: User 'admin' left the configuration menu. Aug 20 14:04:01.399897 osdx OSDx_DUT0[175296]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 Aug 20 14:04:01.399919 osdx OSDx_DUT0[175296]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 Aug 20 14:04:01.479802 osdx OSDx_DUT0[175296]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 Aug 20 14:04:01.479819 osdx OSDx_DUT0[175296]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0
Note
If the identity is not provided, “ulogd” will be used by default.
Step 6: Modify the following configuration lines in DUT0 :
delete system conntrack logging identity
Step 7: Ping IP address 192.168.100.1 from DUT1:
admin@DUT1$ ping 192.168.100.1 count 1 size 56 timeout 1Show output
PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data. 64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.286 ms --- 192.168.100.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.286/0.286/0.286/0.000 ms
Step 8: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
ulogd\[.*\]:.*\[((NEW)|(UPDATE)|(DESTROY))\].*SRC=192.168.100.2Show output
Aug 20 14:03:59.351485 osdx systemd-journald[82189]: Runtime Journal (/run/log/journal/c36516c5c29741ae91520d0cd389ea90) is 2.1M, max 15.3M, 13.2M free. Aug 20 14:03:59.352012 osdx systemd-journald[82189]: Received client request to rotate journal, rotating. Aug 20 14:03:59.352054 osdx systemd-journald[82189]: Vacuuming done, freed 0B of archived journals from /run/log/journal/c36516c5c29741ae91520d0cd389ea90. Aug 20 14:03:59.355833 osdx sudo[175171]: pam_limits(sudo:session): invalid line '@200:215 hard maxlogins ' - skipped Aug 20 14:03:59.361674 osdx OSDxCLI[173783]: User 'admin' executed a new command: 'system journal clear'. Aug 20 14:03:59.602867 osdx OSDxCLI[173783]: User 'admin' executed a new command: 'system coredump delete all'. Aug 20 14:03:59.891812 osdx OSDxCLI[173783]: User 'admin' entered the configuration menu. Aug 20 14:03:59.979014 osdx OSDxCLI[173783]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 192.168.100.1/24'. Aug 20 14:04:00.079793 osdx OSDxCLI[173783]: User 'admin' added a new cfg line: 'set system conntrack logging events all'. Aug 20 14:04:00.143785 osdx OSDxCLI[173783]: User 'admin' added a new cfg line: 'set system conntrack logging identity OSDx_DUT0'. Aug 20 14:04:00.255292 osdx OSDxCLI[173783]: User 'admin' added a new cfg line: 'show working'. Aug 20 14:04:00.319005 osdx ubnt-cfgd[175197]: inactive Aug 20 14:04:00.452293 osdx INFO[175205]: FRR daemons did not change Aug 20 14:04:00.480014 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Aug 20 14:04:00.554407 osdx sudo[175293]: pam_limits(sudo:session): invalid line '@200:215 hard maxlogins ' - skipped Aug 20 14:04:00.580406 osdx systemd[1]: Starting ulogd2.service - Netfilter Userspace Logging Daemon... Aug 20 14:04:00.581238 osdx systemd[1]: Started ulogd2.service - Netfilter Userspace Logging Daemon. Aug 20 14:04:00.581541 osdx ulogd[175296]: registering plugin `NFCT' Aug 20 14:04:00.581728 osdx ulogd[175296]: registering plugin `IP2STR' Aug 20 14:04:00.581798 osdx ulogd[175296]: registering plugin `PRINTFLOW' Aug 20 14:04:00.581870 osdx ulogd[175296]: registering plugin `SYSLOG' Aug 20 14:04:00.581908 osdx ulogd[175296]: building new pluginstance stack: 'ct1:NFCT,ip2str1:IP2STR,print1:PRINTFLOW,sys1:SYSLOG' Aug 20 14:04:00.581981 osdx ulogd[175296]: NFCT plugin working in event mode Aug 20 14:04:00.582018 osdx OSDx_DUT0[175296]: Changing UID / GID Aug 20 14:04:00.582111 osdx OSDx_DUT0[175296]: initialization finished, entering main loop Aug 20 14:04:00.582278 osdx cfgd[1656]: [173783]Completed change to active configuration Aug 20 14:04:00.596911 osdx OSDxCLI[173783]: User 'admin' committed the configuration. Aug 20 14:04:00.613436 osdx OSDxCLI[173783]: User 'admin' left the configuration menu. Aug 20 14:04:01.399897 osdx OSDx_DUT0[175296]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 Aug 20 14:04:01.399919 osdx OSDx_DUT0[175296]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 Aug 20 14:04:01.479802 osdx OSDx_DUT0[175296]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 Aug 20 14:04:01.479819 osdx OSDx_DUT0[175296]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 Aug 20 14:04:01.592597 osdx OSDxCLI[173783]: User 'admin' executed a new command: 'system journal show | cat'. Aug 20 14:04:01.761110 osdx OSDxCLI[173783]: User 'admin' entered the configuration menu. Aug 20 14:04:01.787777 osdx CRON[175329]: pam_limits(cron:session): invalid line '@200:215 hard maxlogins ' - skipped Aug 20 14:04:01.820887 osdx OSDxCLI[173783]: User 'admin' added a new cfg line: 'delete system conntrack logging identity'. Aug 20 14:04:01.927450 osdx OSDxCLI[173783]: User 'admin' added a new cfg line: 'show changes'. Aug 20 14:04:01.990257 osdx ubnt-cfgd[175335]: inactive Aug 20 14:04:02.009406 osdx INFO[175341]: FRR daemons did not change Aug 20 14:04:02.017059 osdx sudo[175346]: pam_limits(sudo:session): invalid line '@200:215 hard maxlogins ' - skipped Aug 20 14:04:02.021002 osdx OSDx_DUT0[175296]: Terminal signal received, exiting Aug 20 14:04:02.021091 osdx systemd[1]: Stopping ulogd2.service - Netfilter Userspace Logging Daemon... Aug 20 14:04:02.021316 osdx systemd[1]: ulogd2.service: Deactivated successfully. Aug 20 14:04:02.021403 osdx systemd[1]: Stopped ulogd2.service - Netfilter Userspace Logging Daemon. Aug 20 14:04:02.048359 osdx systemd[1]: Starting ulogd2.service - Netfilter Userspace Logging Daemon... Aug 20 14:04:02.049190 osdx systemd[1]: Started ulogd2.service - Netfilter Userspace Logging Daemon. Aug 20 14:04:02.049380 osdx ulogd[175349]: registering plugin `NFCT' Aug 20 14:04:02.049426 osdx ulogd[175349]: registering plugin `IP2STR' Aug 20 14:04:02.049470 osdx ulogd[175349]: registering plugin `PRINTFLOW' Aug 20 14:04:02.049518 osdx ulogd[175349]: registering plugin `SYSLOG' Aug 20 14:04:02.049522 osdx ulogd[175349]: building new pluginstance stack: 'ct1:NFCT,ip2str1:IP2STR,print1:PRINTFLOW,sys1:SYSLOG' Aug 20 14:04:02.049572 osdx ulogd[175349]: NFCT plugin working in event mode Aug 20 14:04:02.049585 osdx ulogd[175349]: Changing UID / GID Aug 20 14:04:02.049671 osdx ulogd[175349]: initialization finished, entering main loop Aug 20 14:04:02.050939 osdx cfgd[1656]: [173783]Completed change to active configuration Aug 20 14:04:02.052235 osdx ulogd[175349]: [DESTROY] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 Aug 20 14:04:02.052263 osdx ulogd[175349]: [DESTROY] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 Aug 20 14:04:02.052841 osdx OSDxCLI[173783]: User 'admin' committed the configuration. Aug 20 14:04:02.068693 osdx OSDxCLI[173783]: User 'admin' left the configuration menu. Aug 20 14:04:02.229510 osdx ulogd[175349]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 Aug 20 14:04:02.229533 osdx ulogd[175349]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0
Policies logging
Description
Set a simple configuration with mark and label traffic policies,
send a ping command from one device to other
and check that default, mark and label fields appear when running system journal show.
Scenario
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 192.168.100.1/24 set interfaces ethernet eth0 traffic policy in POLICY set system conntrack logging events all set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0' set traffic label TEST set traffic policy POLICY rule 1 set connmark 33 set traffic policy POLICY rule 1 set label TEST
Step 2: Set the following configuration in DUT1 :
set interfaces ethernet eth0 address 192.168.100.2/24 set protocols static route 0.0.0.0/0 next-hop 192.168.100.1 set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 3: Ping IP address 192.168.100.1 from DUT1:
admin@DUT1$ ping 192.168.100.1 count 1 size 56 timeout 1Show output
PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data. 64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.377 ms --- 192.168.100.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.377/0.377/0.377/0.000 ms
Step 4: Ping IP address 192.168.100.1 from DUT1:
admin@DUT1$ ping 192.168.100.1 count 2 size 56 timeout 1Show output
PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data. 64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.240 ms 64 bytes from 192.168.100.1: icmp_seq=2 ttl=64 time=0.248 ms --- 192.168.100.1 ping statistics --- 2 packets transmitted, 2 received, 0% packet loss, time 1007ms rtt min/avg/max/mdev = 0.240/0.244/0.248/0.004 ms
Step 5: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
ulogd\[.*\]:.*\[((NEW)|(UPDATE)|(DESTROY))\].*MARK=33.*LABELS=TESTShow output
Aug 20 14:04:06.000174 osdx systemd-timedated[173048]: Changed local time to Wed 2025-08-20 14:04:06 UTC Aug 20 14:04:06.001548 osdx OSDxCLI[173783]: User 'admin' executed a new command: 'set date 2025-08-20 14:04:06'. Aug 20 14:04:06.003987 osdx systemd-journald[82189]: Time jumped backwards, rotating. Aug 20 14:04:06.344135 osdx sudo[175483]: pam_limits(sudo:session): invalid line '@200:215 hard maxlogins ' - skipped Aug 20 14:04:06.347216 osdx systemd-journald[82189]: Runtime Journal (/run/log/journal/c36516c5c29741ae91520d0cd389ea90) is 2.0M, max 15.3M, 13.2M free. Aug 20 14:04:06.347995 osdx systemd-journald[82189]: Received client request to rotate journal, rotating. Aug 20 14:04:06.348039 osdx systemd-journald[82189]: Vacuuming done, freed 0B of archived journals from /run/log/journal/c36516c5c29741ae91520d0cd389ea90. Aug 20 14:04:06.351229 osdx sudo[175482]: pam_limits(sudo:session): invalid line '@200:215 hard maxlogins ' - skipped Aug 20 14:04:06.356997 osdx OSDxCLI[173783]: User 'admin' executed a new command: 'system journal clear'. Aug 20 14:04:06.578827 osdx OSDxCLI[173783]: User 'admin' executed a new command: 'system coredump delete all'. Aug 20 14:04:06.863232 osdx OSDxCLI[173783]: User 'admin' entered the configuration menu. Aug 20 14:04:06.953555 osdx OSDxCLI[173783]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 traffic policy in POLICY'. Aug 20 14:04:07.055304 osdx OSDxCLI[173783]: User 'admin' added a new cfg line: 'set traffic label TEST'. Aug 20 14:04:07.131198 osdx OSDxCLI[173783]: User 'admin' added a new cfg line: 'set traffic policy POLICY rule 1 set connmark 33'. Aug 20 14:04:07.241391 osdx OSDxCLI[173783]: User 'admin' added a new cfg line: 'set traffic policy POLICY rule 1 set label TEST'. Aug 20 14:04:07.320588 osdx OSDxCLI[173783]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 192.168.100.1/24'. Aug 20 14:04:07.418255 osdx OSDxCLI[173783]: User 'admin' added a new cfg line: 'set system conntrack logging events all'. Aug 20 14:04:07.494348 osdx OSDxCLI[173783]: User 'admin' added a new cfg line: 'show working'. Aug 20 14:04:07.591215 osdx ubnt-cfgd[175511]: inactive Aug 20 14:04:07.618114 osdx INFO[175525]: FRR daemons did not change Aug 20 14:04:07.639987 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Aug 20 14:04:07.694411 osdx sudo[175613]: pam_limits(sudo:session): invalid line '@200:215 hard maxlogins ' - skipped Aug 20 14:04:07.724270 osdx systemd[1]: Starting ulogd2.service - Netfilter Userspace Logging Daemon... Aug 20 14:04:07.725135 osdx systemd[1]: ulogd2.service: Failed to parse PID from file /run/ulog/ulogd.pid: Invalid argument Aug 20 14:04:07.725626 osdx ulogd[175616]: registering plugin `NFCT' Aug 20 14:04:07.725798 osdx ulogd[175616]: registering plugin `IP2STR' Aug 20 14:04:07.725859 osdx ulogd[175616]: registering plugin `PRINTFLOW' Aug 20 14:04:07.725920 osdx ulogd[175616]: registering plugin `SYSLOG' Aug 20 14:04:07.725947 osdx ulogd[175616]: building new pluginstance stack: 'ct1:NFCT,ip2str1:IP2STR,print1:PRINTFLOW,sys1:SYSLOG' Aug 20 14:04:07.726008 osdx ulogd[175616]: NFCT plugin working in event mode Aug 20 14:04:07.726040 osdx ulogd[175616]: Changing UID / GID Aug 20 14:04:07.726127 osdx ulogd[175616]: initialization finished, entering main loop Aug 20 14:04:07.744051 osdx systemd[1]: Started ulogd2.service - Netfilter Userspace Logging Daemon. Aug 20 14:04:07.751349 osdx sudo[175619]: pam_limits(sudo:session): invalid line '@200:215 hard maxlogins ' - skipped Aug 20 14:04:07.756065 osdx ulogd[175616]: Terminal signal received, exiting Aug 20 14:04:07.756178 osdx systemd[1]: Stopping ulogd2.service - Netfilter Userspace Logging Daemon... Aug 20 14:04:07.756480 osdx systemd[1]: ulogd2.service: Deactivated successfully. Aug 20 14:04:07.756600 osdx systemd[1]: Stopped ulogd2.service - Netfilter Userspace Logging Daemon. Aug 20 14:04:07.757771 osdx systemd[1]: Starting ulogd2.service - Netfilter Userspace Logging Daemon... Aug 20 14:04:07.758611 osdx systemd[1]: ulogd2.service: Failed to parse PID from file /run/ulog/ulogd.pid: Invalid argument Aug 20 14:04:07.759266 osdx ulogd[175622]: registering plugin `NFCT' Aug 20 14:04:07.759483 osdx ulogd[175622]: registering plugin `IP2STR' Aug 20 14:04:07.759567 osdx ulogd[175622]: registering plugin `PRINTFLOW' Aug 20 14:04:07.759660 osdx ulogd[175622]: registering plugin `SYSLOG' Aug 20 14:04:07.759695 osdx ulogd[175622]: building new pluginstance stack: 'ct1:NFCT,ip2str1:IP2STR,print1:PRINTFLOW,sys1:SYSLOG' Aug 20 14:04:07.759777 osdx ulogd[175622]: NFCT plugin working in event mode Aug 20 14:04:07.759815 osdx ulogd[175622]: Changing UID / GID Aug 20 14:04:07.759915 osdx ulogd[175622]: initialization finished, entering main loop Aug 20 14:04:07.776036 osdx systemd[1]: Started ulogd2.service - Netfilter Userspace Logging Daemon. Aug 20 14:04:07.945123 osdx cfgd[1656]: [173783]Completed change to active configuration Aug 20 14:04:07.956315 osdx OSDxCLI[173783]: User 'admin' committed the configuration. Aug 20 14:04:07.974117 osdx OSDxCLI[173783]: User 'admin' left the configuration menu. Aug 20 14:04:08.780122 osdx ulogd[175622]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 MARK=33 LABELS=TEST Aug 20 14:04:08.780143 osdx ulogd[175622]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 MARK=33 Aug 20 14:04:08.862532 osdx ulogd[175622]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 MARK=33 LABELS=TEST Aug 20 14:04:08.862558 osdx ulogd[175622]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 MARK=33
VRF logging
Description
Set a simple configuration with a vrf,
send a ping command from one device to other
and check that default and vrf fields appear when running system journal show.
Scenario
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 192.168.100.1/24 set interfaces ethernet eth0 vrf RED set protocols vrf RED static route 0.0.0.0/0 next-hop 192.168.100.2 set system conntrack logging events all set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0' set system vrf RED
Step 2: Set the following configuration in DUT1 :
set interfaces ethernet eth0 address 192.168.100.2/24 set protocols static route 0.0.0.0/0 next-hop 192.168.100.1 set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 3: Ping IP address 192.168.100.1 from DUT1:
admin@DUT1$ ping 192.168.100.1 count 1 size 56 timeout 1Show output
PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data. 64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.367 ms --- 192.168.100.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.367/0.367/0.367/0.000 ms
Step 4: Ping IP address 192.168.100.1 from DUT1:
admin@DUT1$ ping 192.168.100.1 count 1 size 56 timeout 1Show output
PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data. 64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.257 ms --- 192.168.100.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.257/0.257/0.257/0.000 ms
Step 5: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
ulogd\[.*\]:.*\[((NEW)|(UPDATE)|(DESTROY))\].*VRF=REDShow output
Aug 20 14:04:14.319126 osdx systemd-journald[82189]: Runtime Journal (/run/log/journal/c36516c5c29741ae91520d0cd389ea90) is 2.1M, max 15.3M, 13.2M free. Aug 20 14:04:14.320859 osdx systemd-journald[82189]: Received client request to rotate journal, rotating. Aug 20 14:04:14.320916 osdx systemd-journald[82189]: Vacuuming done, freed 0B of archived journals from /run/log/journal/c36516c5c29741ae91520d0cd389ea90. Aug 20 14:04:14.323018 osdx sudo[175820]: pam_limits(sudo:session): invalid line '@200:215 hard maxlogins ' - skipped Aug 20 14:04:14.329280 osdx OSDxCLI[173783]: User 'admin' executed a new command: 'system journal clear'. Aug 20 14:04:14.538958 osdx OSDxCLI[173783]: User 'admin' executed a new command: 'system coredump delete all'. Aug 20 14:04:14.761302 osdx OSDxCLI[173783]: User 'admin' entered the configuration menu. Aug 20 14:04:14.835344 osdx OSDxCLI[173783]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 vrf RED'. Aug 20 14:04:14.924942 osdx OSDxCLI[173783]: User 'admin' added a new cfg line: 'set protocols vrf RED static route 0.0.0.0/0 next-hop 192.168.100.2'. Aug 20 14:04:14.978675 osdx OSDxCLI[173783]: User 'admin' added a new cfg line: 'set system vrf RED'. Aug 20 14:04:15.078260 osdx OSDxCLI[173783]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 192.168.100.1/24'. Aug 20 14:04:15.136019 osdx OSDxCLI[173783]: User 'admin' added a new cfg line: 'set system conntrack logging events all'. Aug 20 14:04:15.253820 osdx OSDxCLI[173783]: User 'admin' added a new cfg line: 'show working'. Aug 20 14:04:15.318179 osdx ubnt-cfgd[175848]: inactive Aug 20 14:04:15.342497 osdx INFO[175856]: FRR daemons did not change Aug 20 14:04:15.347913 osdx sudo[175861]: pam_limits(sudo:session): invalid line '@200:215 hard maxlogins ' - skipped Aug 20 14:04:15.353494 osdx (udev-worker)[175866]: RED: Could not disable auto negotiation, ignoring: Operation not supported Aug 20 14:04:15.353719 osdx (udev-worker)[175866]: Network interface NamePolicy= disabled on kernel command line. Aug 20 14:04:15.376864 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Aug 20 14:04:15.432858 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Aug 20 14:04:15.492682 osdx sudo[176019]: pam_limits(sudo:session): invalid line '@200:215 hard maxlogins ' - skipped Aug 20 14:04:15.529169 osdx systemd[1]: Starting ulogd2.service - Netfilter Userspace Logging Daemon... Aug 20 14:04:15.530566 osdx systemd[1]: ulogd2.service: Failed to parse PID from file /run/ulog/ulogd.pid: Invalid argument Aug 20 14:04:15.531061 osdx ulogd[176022]: registering plugin `NFCT' Aug 20 14:04:15.531241 osdx ulogd[176022]: registering plugin `IP2STR' Aug 20 14:04:15.531305 osdx ulogd[176022]: registering plugin `PRINTFLOW' Aug 20 14:04:15.531368 osdx ulogd[176022]: registering plugin `SYSLOG' Aug 20 14:04:15.531393 osdx ulogd[176022]: building new pluginstance stack: 'ct1:NFCT,ip2str1:IP2STR,print1:PRINTFLOW,sys1:SYSLOG' Aug 20 14:04:15.531459 osdx ulogd[176022]: NFCT plugin working in event mode Aug 20 14:04:15.531487 osdx ulogd[176022]: Changing UID / GID Aug 20 14:04:15.531571 osdx ulogd[176022]: initialization finished, entering main loop Aug 20 14:04:15.544963 osdx systemd[1]: Started ulogd2.service - Netfilter Userspace Logging Daemon. Aug 20 14:04:15.546772 osdx cfgd[1656]: [173783]Completed change to active configuration Aug 20 14:04:15.562506 osdx OSDxCLI[173783]: User 'admin' committed the configuration. Aug 20 14:04:15.581236 osdx OSDxCLI[173783]: User 'admin' left the configuration menu. Aug 20 14:04:16.395777 osdx ulogd[176022]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 VRF=RED PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 VRF=RED PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 Aug 20 14:04:16.395796 osdx ulogd[176022]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 VRF=RED PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 VRF=RED PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 Aug 20 14:04:16.476357 osdx ulogd[176022]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 VRF=RED PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 VRF=RED PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 Aug 20 14:04:16.476373 osdx ulogd[176022]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 VRF=RED PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 VRF=RED PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0
Not-Bypass logging
Description
Set a simple configuration with a firewall service,
send a ping command from one device to other
and check that default and bypass fields appear when running system journal show.
Scenario
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth1 address 10.215.168.64/24 set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 2: Ping IP address 10.215.168.1 from DUT0:
admin@DUT0$ ping 10.215.168.1 count 1 size 56 timeout 1Show output
PING 10.215.168.1 (10.215.168.1) 56(84) bytes of data. 64 bytes from 10.215.168.1: icmp_seq=1 ttl=64 time=0.195 ms --- 10.215.168.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.195/0.195/0.195/0.000 ms
Step 3: Run command file copy http://10.215.168.1/~robot/test-performance.rules running:// force at DUT0 and expect this output:
Show output
% Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 100 129 100 129 0 0 4589 0 --:--:-- --:--:-- --:--:-- 4607
Step 4: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 192.168.100.1/24 set interfaces ethernet eth0 traffic policy in POLICY set interfaces ethernet eth1 address 10.215.168.64/24 set service firewall FW mode inline queue FW_Q set service firewall FW ruleset file 'running://test-performance.rules' set service firewall FW stream bypass mark 129834765 set service firewall FW stream bypass mask 129834765 set service firewall FW stream bypass set-connmark set system conntrack logging events all set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0' set traffic policy POLICY rule 1 action enqueue FW_Q set traffic queue FW_Q elements 1
Step 5: Set the following configuration in DUT1 :
set interfaces ethernet eth0 address 192.168.100.2/24 set protocols static route 0.0.0.0/0 next-hop 192.168.100.1 set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 6: Ping IP address 192.168.100.1 from DUT1:
admin@DUT1$ ping 192.168.100.1 count 1 size 56 timeout 1Show output
PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data. 64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.454 ms --- 192.168.100.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.454/0.454/0.454/0.000 ms
Step 7: Ping IP address 192.168.100.1 from DUT1:
admin@DUT1$ ping 192.168.100.1 count 1 size 56 timeout 1Show output
PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data. 64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.263 ms --- 192.168.100.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.263/0.263/0.263/0.000 ms
Step 8: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
ulogd\[.*\]:.*\[((NEW)|(UPDATE)|(DESTROY))\].*Sc: not-bypassShow output
Aug 20 14:04:21.304625 osdx systemd-journald[82189]: Runtime Journal (/run/log/journal/c36516c5c29741ae91520d0cd389ea90) is 2.1M, max 15.3M, 13.2M free. Aug 20 14:04:21.305797 osdx systemd-journald[82189]: Received client request to rotate journal, rotating. Aug 20 14:04:21.305860 osdx systemd-journald[82189]: Vacuuming done, freed 0B of archived journals from /run/log/journal/c36516c5c29741ae91520d0cd389ea90. Aug 20 14:04:21.308492 osdx sudo[176260]: pam_limits(sudo:session): invalid line '@200:215 hard maxlogins ' - skipped Aug 20 14:04:21.313863 osdx OSDxCLI[173783]: User 'admin' executed a new command: 'system journal clear'. Aug 20 14:04:21.521050 osdx OSDxCLI[173783]: User 'admin' executed a new command: 'system coredump delete all'. Aug 20 14:04:21.744389 osdx OSDxCLI[173783]: User 'admin' entered the configuration menu. Aug 20 14:04:21.822767 osdx OSDxCLI[173783]: User 'admin' added a new cfg line: 'set interfaces ethernet eth1 address 10.215.168.64/24'. Aug 20 14:04:21.934743 osdx OSDxCLI[173783]: User 'admin' added a new cfg line: 'show working'. Aug 20 14:04:21.993979 osdx ubnt-cfgd[176284]: inactive Aug 20 14:04:22.014229 osdx INFO[176292]: FRR daemons did not change Aug 20 14:04:22.033805 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth1 Aug 20 14:04:22.081921 osdx cfgd[1656]: [173783]Completed change to active configuration Aug 20 14:04:22.094578 osdx OSDxCLI[173783]: User 'admin' committed the configuration. Aug 20 14:04:22.110952 osdx OSDxCLI[173783]: User 'admin' left the configuration menu. Aug 20 14:04:22.266235 osdx OSDxCLI[173783]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'. Aug 20 14:04:22.331138 osdx sudo[176406]: pam_limits(sudo:session): invalid line '@200:215 hard maxlogins ' - skipped Aug 20 14:04:22.397398 osdx file_operation[176409]: using src url: http://10.215.168.1/~robot/test-performance.rules dst url: running:// Aug 20 14:04:22.443479 osdx sudo[176416]: pam_limits(sudo:session): invalid line '@200:215 hard maxlogins ' - skipped Aug 20 14:04:22.445215 osdx OSDxCLI[173783]: User 'admin' executed a new command: 'file copy http://10.215.168.1/~robot/test-performance.rules running:// force'. Aug 20 14:04:22.591354 osdx OSDxCLI[173783]: User 'admin' entered the configuration menu. Aug 20 14:04:22.659208 osdx OSDxCLI[173783]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 traffic policy in POLICY'. Aug 20 14:04:22.766450 osdx OSDxCLI[173783]: User 'admin' added a new cfg line: 'set service firewall FW mode inline queue FW_Q'. Aug 20 14:04:22.820962 osdx OSDxCLI[173783]: User 'admin' added a new cfg line: 'set service firewall FW ruleset file running://test-performance.rules'. Aug 20 14:04:22.924444 osdx OSDxCLI[173783]: User 'admin' added a new cfg line: 'set service firewall FW stream bypass'. Aug 20 14:04:22.983221 osdx OSDxCLI[173783]: User 'admin' added a new cfg line: 'set service firewall FW stream bypass mark 129834765'. Aug 20 14:04:23.081994 osdx OSDxCLI[173783]: User 'admin' added a new cfg line: 'set service firewall FW stream bypass mask 129834765'. Aug 20 14:04:23.140445 osdx OSDxCLI[173783]: User 'admin' added a new cfg line: 'set service firewall FW stream bypass set-connmark'. Aug 20 14:04:23.240534 osdx OSDxCLI[173783]: User 'admin' added a new cfg line: 'set traffic queue FW_Q elements 1'. Aug 20 14:04:23.302412 osdx OSDxCLI[173783]: User 'admin' added a new cfg line: 'set traffic policy POLICY rule 1 action enqueue FW_Q'. Aug 20 14:04:23.409795 osdx OSDxCLI[173783]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 192.168.100.1/24'. Aug 20 14:04:23.464957 osdx OSDxCLI[173783]: User 'admin' added a new cfg line: 'set system conntrack logging events all'. Aug 20 14:04:23.591129 osdx OSDxCLI[173783]: User 'admin' added a new cfg line: 'show working'. Aug 20 14:04:23.666619 osdx ubnt-cfgd[176443]: inactive Aug 20 14:04:23.709474 osdx INFO[176460]: FRR daemons did not change Aug 20 14:04:23.733819 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Aug 20 14:04:23.788045 osdx sudo[176548]: pam_limits(sudo:session): invalid line '@200:215 hard maxlogins ' - skipped Aug 20 14:04:23.818056 osdx systemd[1]: Starting ulogd2.service - Netfilter Userspace Logging Daemon... Aug 20 14:04:23.818898 osdx systemd[1]: ulogd2.service: Failed to parse PID from file /run/ulog/ulogd.pid: Invalid argument Aug 20 14:04:23.821835 osdx systemd[1]: Started ulogd2.service - Netfilter Userspace Logging Daemon. Aug 20 14:04:23.822222 osdx ulogd[176551]: registering plugin `NFCT' Aug 20 14:04:23.822258 osdx ulogd[176551]: registering plugin `IP2STR' Aug 20 14:04:23.822292 osdx ulogd[176551]: registering plugin `PRINTFLOW' Aug 20 14:04:23.822331 osdx ulogd[176551]: registering plugin `SYSLOG' Aug 20 14:04:23.822335 osdx ulogd[176551]: building new pluginstance stack: 'ct1:NFCT,ip2str1:IP2STR,print1:PRINTFLOW,sys1:SYSLOG' Aug 20 14:04:23.822372 osdx ulogd[176551]: NFCT plugin working in event mode Aug 20 14:04:23.822378 osdx ulogd[176551]: Changing UID / GID Aug 20 14:04:23.822443 osdx ulogd[176551]: initialization finished, entering main loop Aug 20 14:04:24.133633 osdx systemd[1]: Reloading. Aug 20 14:04:24.177791 osdx systemd-sysv-generator[176588]: stat() failed on /etc/init.d/README, ignoring: No such file or directory Aug 20 14:04:24.298085 osdx systemd[1]: Starting logrotate.service - Rotate log files... Aug 20 14:04:24.302026 osdx systemd[1]: Created slice system-suricata.slice - Slice /system/suricata. Aug 20 14:04:24.302821 osdx systemd[1]: Starting suricata@FW.service - Suricata client "FW" service... Aug 20 14:04:24.330991 osdx systemd[1]: logrotate.service: Deactivated successfully. Aug 20 14:04:24.331169 osdx systemd[1]: Finished logrotate.service - Rotate log files. Aug 20 14:04:24.584747 osdx systemd[1]: Started suricata@FW.service - Suricata client "FW" service. Aug 20 14:04:25.188327 osdx INFO[176570]: Rules successfully loaded Aug 20 14:04:25.203606 osdx sudo[176614]: pam_limits(sudo:session): invalid line '@200:215 hard maxlogins ' - skipped Aug 20 14:04:25.209310 osdx ulogd[176551]: Terminal signal received, exiting Aug 20 14:04:25.209446 osdx systemd[1]: Stopping ulogd2.service - Netfilter Userspace Logging Daemon... Aug 20 14:04:25.209803 osdx systemd[1]: ulogd2.service: Deactivated successfully. Aug 20 14:04:25.209936 osdx systemd[1]: Stopped ulogd2.service - Netfilter Userspace Logging Daemon. Aug 20 14:04:25.234396 osdx systemd[1]: Starting ulogd2.service - Netfilter Userspace Logging Daemon... Aug 20 14:04:25.234967 osdx systemd[1]: Started ulogd2.service - Netfilter Userspace Logging Daemon. Aug 20 14:04:25.235097 osdx ulogd[176617]: registering plugin `NFCT' Aug 20 14:04:25.235138 osdx ulogd[176617]: registering plugin `IP2STR' Aug 20 14:04:25.235182 osdx ulogd[176617]: registering plugin `PRINTFLOW' Aug 20 14:04:25.235222 osdx ulogd[176617]: registering plugin `SYSLOG' Aug 20 14:04:25.235225 osdx ulogd[176617]: building new pluginstance stack: 'ct1:NFCT,ip2str1:IP2STR,print1:PRINTFLOW,sys1:SYSLOG' Aug 20 14:04:25.235264 osdx ulogd[176617]: NFCT plugin working in event mode Aug 20 14:04:25.235270 osdx ulogd[176617]: Changing UID / GID Aug 20 14:04:25.235336 osdx ulogd[176617]: initialization finished, entering main loop Aug 20 14:04:25.238382 osdx cfgd[1656]: [173783]Completed change to active configuration Aug 20 14:04:25.262408 osdx OSDxCLI[173783]: User 'admin' committed the configuration. Aug 20 14:04:25.281080 osdx OSDxCLI[173783]: User 'admin' left the configuration menu. Aug 20 14:04:26.104218 osdx ulogd[176617]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 (Sc: not-bypass) Aug 20 14:04:26.104236 osdx ulogd[176617]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 (Sc: not-bypass) Aug 20 14:04:26.184108 osdx ulogd[176617]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 (Sc: not-bypass) Aug 20 14:04:26.184126 osdx ulogd[176617]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 (Sc: not-bypass)
Offload flag
Description
Set a simple configuration with DUT0 as an intermediary between DUT1
and DUT2. Initiate a ssh connection from DUT1 to DUT2
and check that default and offload fields appear when running system journal show.
Scenario
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 192.168.100.1/24 set interfaces ethernet eth1 address 192.168.200.1/24 set system conntrack logging events all set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 2: Set the following configuration in DUT1 :
set interfaces ethernet eth0 address 192.168.100.2/24 set protocols static route 0.0.0.0/0 next-hop 192.168.100.1 set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 3: Set the following configuration in DUT2 :
set interfaces ethernet eth0 address 192.168.200.2/24 set protocols static route 0.0.0.0/0 next-hop 192.168.200.1 set service ssh set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 4: Ping IP address 192.168.100.1 from DUT1:
admin@DUT1$ ping 192.168.100.1 count 1 size 56 timeout 1Show output
PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data. 64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.289 ms --- 192.168.100.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.289/0.289/0.289/0.000 ms
Step 5: Ping IP address 192.168.200.1 from DUT2:
admin@DUT2$ ping 192.168.200.1 count 1 size 56 timeout 1Show output
PING 192.168.200.1 (192.168.200.1) 56(84) bytes of data. 64 bytes from 192.168.200.1: icmp_seq=1 ttl=64 time=0.349 ms --- 192.168.200.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.349/0.349/0.349/0.000 ms
Step 6: Init an SSH connection from DUT1 to IP address 192.168.200.2 with the user admin:
admin@DUT1$ ssh admin@192.168.200.2 option StrictHostKeyChecking=no option UserKnownHostsFile=/dev/nullShow output
Warning: Permanently added '192.168.200.2' (ECDSA) to the list of known hosts. admin@192.168.200.2's password: Welcome to Teldat OSDx v4.2.4.7 This system includes free software. Contact Teldat for licenses information and source code. Last login: Wed Aug 20 13:21:29 2025 from 10.0.0.2 admin@osdx$
Step 7: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
ulogd\[.*\]:.*\[((NEW)|(UPDATE)|(DESTROY))\].*\[OFFLOAD\]Show output
Aug 20 14:04:32.000226 osdx systemd-timedated[173048]: Changed local time to Wed 2025-08-20 14:04:32 UTC Aug 20 14:04:32.001734 osdx OSDxCLI[173783]: User 'admin' executed a new command: 'set date 2025-08-20 14:04:32'. Aug 20 14:04:32.001995 osdx systemd-journald[82189]: Time jumped backwards, rotating. Aug 20 14:04:32.302453 osdx sudo[176869]: pam_limits(sudo:session): invalid line '@200:215 hard maxlogins ' - skipped Aug 20 14:04:32.306518 osdx systemd-journald[82189]: Runtime Journal (/run/log/journal/c36516c5c29741ae91520d0cd389ea90) is 2.0M, max 15.3M, 13.2M free. Aug 20 14:04:32.309994 osdx systemd-journald[82189]: Received client request to rotate journal, rotating. Aug 20 14:04:32.310044 osdx systemd-journald[82189]: Vacuuming done, freed 0B of archived journals from /run/log/journal/c36516c5c29741ae91520d0cd389ea90. Aug 20 14:04:32.310672 osdx sudo[176868]: pam_limits(sudo:session): invalid line '@200:215 hard maxlogins ' - skipped Aug 20 14:04:32.316418 osdx OSDxCLI[173783]: User 'admin' executed a new command: 'system journal clear'. Aug 20 14:04:32.533435 osdx OSDxCLI[173783]: User 'admin' executed a new command: 'system coredump delete all'. Aug 20 14:04:32.758619 osdx OSDxCLI[173783]: User 'admin' entered the configuration menu. Aug 20 14:04:32.835105 osdx OSDxCLI[173783]: User 'admin' added a new cfg line: 'set interfaces ethernet eth1 address 192.168.200.1/24'. Aug 20 14:04:32.922023 osdx OSDxCLI[173783]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 192.168.100.1/24'. Aug 20 14:04:32.978085 osdx OSDxCLI[173783]: User 'admin' added a new cfg line: 'set system conntrack logging events all'. Aug 20 14:04:33.094032 osdx OSDxCLI[173783]: User 'admin' added a new cfg line: 'show working'. Aug 20 14:04:33.159498 osdx ubnt-cfgd[176894]: inactive Aug 20 14:04:33.187935 osdx INFO[176904]: FRR daemons did not change Aug 20 14:04:33.210000 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth1 Aug 20 14:04:33.274010 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Aug 20 14:04:33.333244 osdx sudo[177067]: pam_limits(sudo:session): invalid line '@200:215 hard maxlogins ' - skipped Aug 20 14:04:33.354305 osdx systemd[1]: Starting ulogd2.service - Netfilter Userspace Logging Daemon... Aug 20 14:04:33.355134 osdx systemd[1]: Started ulogd2.service - Netfilter Userspace Logging Daemon. Aug 20 14:04:33.355337 osdx ulogd[177070]: registering plugin `NFCT' Aug 20 14:04:33.355563 osdx ulogd[177070]: registering plugin `IP2STR' Aug 20 14:04:33.355647 osdx ulogd[177070]: registering plugin `PRINTFLOW' Aug 20 14:04:33.355733 osdx ulogd[177070]: registering plugin `SYSLOG' Aug 20 14:04:33.355780 osdx ulogd[177070]: building new pluginstance stack: 'ct1:NFCT,ip2str1:IP2STR,print1:PRINTFLOW,sys1:SYSLOG' Aug 20 14:04:33.355865 osdx ulogd[177070]: NFCT plugin working in event mode Aug 20 14:04:33.355909 osdx ulogd[177070]: Changing UID / GID Aug 20 14:04:33.356020 osdx ulogd[177070]: initialization finished, entering main loop Aug 20 14:04:33.356553 osdx cfgd[1656]: [173783]Completed change to active configuration Aug 20 14:04:33.367344 osdx OSDxCLI[173783]: User 'admin' committed the configuration. Aug 20 14:04:33.384635 osdx OSDxCLI[173783]: User 'admin' left the configuration menu. Aug 20 14:04:35.171783 osdx ulogd[177070]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 Aug 20 14:04:35.171805 osdx ulogd[177070]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 Aug 20 14:04:35.254090 osdx ulogd[177070]: [NEW] ORIG: SRC=192.168.200.2 DST=192.168.200.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.200.1 DST=192.168.200.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 Aug 20 14:04:35.254106 osdx ulogd[177070]: [UPDATE] ORIG: SRC=192.168.200.2 DST=192.168.200.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.200.1 DST=192.168.200.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 Aug 20 14:04:35.326378 osdx ulogd[177070]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.200.2 PROTO=TCP SPT=59022 DPT=22 PKTS=0 BYTES=0 , REPLY: SRC=192.168.200.2 DST=192.168.100.2 PROTO=TCP SPT=22 DPT=59022 PKTS=0 BYTES=0 Aug 20 14:04:35.326570 osdx ulogd[177070]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.200.2 PROTO=TCP SPT=59022 DPT=22 PKTS=0 BYTES=0 , REPLY: SRC=192.168.200.2 DST=192.168.100.2 PROTO=TCP SPT=22 DPT=59022 PKTS=0 BYTES=0 Aug 20 14:04:35.326581 osdx ulogd[177070]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.200.2 PROTO=TCP SPT=59022 DPT=22 PKTS=0 BYTES=0 , REPLY: SRC=192.168.200.2 DST=192.168.100.2 PROTO=TCP SPT=22 DPT=59022 PKTS=0 BYTES=0 [OFFLOAD] Aug 20 14:04:35.601347 osdx ulogd[177070]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.200.2 PROTO=TCP SPT=59022 DPT=22 PKTS=0 BYTES=0 , REPLY: SRC=192.168.200.2 DST=192.168.100.2 PROTO=TCP SPT=22 DPT=59022 PKTS=0 BYTES=0 Aug 20 14:04:35.601364 osdx ulogd[177070]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.200.2 PROTO=TCP SPT=59022 DPT=22 PKTS=0 BYTES=0 , REPLY: SRC=192.168.200.2 DST=192.168.100.2 PROTO=TCP SPT=22 DPT=59022 PKTS=0 BYTES=0 [OFFLOAD] Aug 20 14:04:35.602607 osdx ulogd[177070]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.200.2 PROTO=TCP SPT=59022 DPT=22 PKTS=0 BYTES=0 , REPLY: SRC=192.168.200.2 DST=192.168.100.2 PROTO=TCP SPT=22 DPT=59022 PKTS=0 BYTES=0 Aug 20 14:04:35.602747 osdx ulogd[177070]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.200.2 PROTO=TCP SPT=59022 DPT=22 PKTS=0 BYTES=0 , REPLY: SRC=192.168.200.2 DST=192.168.100.2 PROTO=TCP SPT=22 DPT=59022 PKTS=0 BYTES=0 [OFFLOAD]
App detect logging
Description
Set a simple configuration enabling app detection in system conntrack, send a ping command from DUT1
and check app detect field appears when running system journal show. After that, enabling app detection
in system conntrack for http host, try to copy index.html from a http server
and check that the app detect field appears and belongs to the http server when running system journal show.
Scenario
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 192.168.100.1/24 set system conntrack app-detect set system conntrack logging events all set system conntrack timeout icmp 1 set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 2: Set the following configuration in DUT1 :
set interfaces ethernet eth0 address 192.168.100.2/24 set protocols static route 0.0.0.0/0 next-hop 192.168.100.1 set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 3: Ping IP address 192.168.100.1 from DUT1:
admin@DUT1$ ping 192.168.100.1 count 1 size 56 timeout 1Show output
PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data. 64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.383 ms --- 192.168.100.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.383/0.383/0.383/0.000 ms
Step 4: Ping IP address 192.168.100.1 from DUT1:
admin@DUT1$ ping 192.168.100.1 count 3 size 56 timeout 1Show output
PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data. 64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.269 ms 64 bytes from 192.168.100.1: icmp_seq=2 ttl=64 time=0.362 ms 64 bytes from 192.168.100.1: icmp_seq=3 ttl=64 time=0.265 ms --- 192.168.100.1 ping statistics --- 3 packets transmitted, 3 received, 0% packet loss, time 2043ms rtt min/avg/max/mdev = 0.265/0.298/0.362/0.044 ms
Step 5: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
ulogd\[.*\]:.*\[NEW\].*APPDETECT\[L3:1\]Show output
Aug 20 14:04:40.336662 osdx systemd-journald[82189]: Runtime Journal (/run/log/journal/c36516c5c29741ae91520d0cd389ea90) is 2.1M, max 15.3M, 13.1M free. Aug 20 14:04:40.340505 osdx systemd-journald[82189]: Received client request to rotate journal, rotating. Aug 20 14:04:40.340582 osdx systemd-journald[82189]: Vacuuming done, freed 0B of archived journals from /run/log/journal/c36516c5c29741ae91520d0cd389ea90. Aug 20 14:04:40.341498 osdx sudo[177256]: pam_limits(sudo:session): invalid line '@200:215 hard maxlogins ' - skipped Aug 20 14:04:40.348603 osdx OSDxCLI[173783]: User 'admin' executed a new command: 'system journal clear'. Aug 20 14:04:40.580079 osdx OSDxCLI[173783]: User 'admin' executed a new command: 'system coredump delete all'. Aug 20 14:04:40.879292 osdx OSDxCLI[173783]: User 'admin' entered the configuration menu. Aug 20 14:04:40.941442 osdx OSDxCLI[173783]: User 'admin' added a new cfg line: 'set system conntrack app-detect'. Aug 20 14:04:41.040222 osdx OSDxCLI[173783]: User 'admin' added a new cfg line: 'set system conntrack timeout icmp 1'. Aug 20 14:04:41.118762 osdx OSDxCLI[173783]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 192.168.100.1/24'. Aug 20 14:04:41.201404 osdx OSDxCLI[173783]: User 'admin' added a new cfg line: 'set system conntrack logging events all'. Aug 20 14:04:41.279673 osdx OSDxCLI[173783]: User 'admin' added a new cfg line: 'show working'. Aug 20 14:04:41.377528 osdx ubnt-cfgd[177283]: inactive Aug 20 14:04:41.397195 osdx INFO[177291]: FRR daemons did not change Aug 20 14:04:41.572498 osdx kernel: app-detect: module init Aug 20 14:04:41.572556 osdx kernel: app-detect: registered: sysctl net.appdetect Aug 20 14:04:41.572573 osdx kernel: app-detect: expression init Aug 20 14:04:41.572583 osdx kernel: app-detect: appid cache initialized Aug 20 14:04:41.572598 osdx kernel: app-detect: appid cache changes counter initialized Aug 20 14:04:41.576620 osdx modulelauncher[177294]: AppDetect: no change in application dictionaries, thus nothing more to do Aug 20 14:04:41.600504 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Aug 20 14:04:41.662263 osdx sudo[177402]: pam_limits(sudo:session): invalid line '@200:215 hard maxlogins ' - skipped Aug 20 14:04:41.692734 osdx systemd[1]: Starting ulogd2.service - Netfilter Userspace Logging Daemon... Aug 20 14:04:41.693666 osdx systemd[1]: ulogd2.service: Failed to parse PID from file /run/ulog/ulogd.pid: Invalid argument Aug 20 14:04:41.694164 osdx ulogd[177405]: registering plugin `NFCT' Aug 20 14:04:41.694397 osdx ulogd[177405]: registering plugin `IP2STR' Aug 20 14:04:41.694487 osdx ulogd[177405]: registering plugin `PRINTFLOW' Aug 20 14:04:41.694576 osdx ulogd[177405]: registering plugin `SYSLOG' Aug 20 14:04:41.694611 osdx ulogd[177405]: building new pluginstance stack: 'ct1:NFCT,ip2str1:IP2STR,print1:PRINTFLOW,sys1:SYSLOG' Aug 20 14:04:41.694699 osdx ulogd[177405]: NFCT plugin working in event mode Aug 20 14:04:41.694745 osdx ulogd[177405]: Changing UID / GID Aug 20 14:04:41.694871 osdx ulogd[177405]: initialization finished, entering main loop Aug 20 14:04:41.708534 osdx systemd[1]: Started ulogd2.service - Netfilter Userspace Logging Daemon. Aug 20 14:04:41.709790 osdx cfgd[1656]: [173783]Completed change to active configuration Aug 20 14:04:41.727010 osdx OSDxCLI[173783]: User 'admin' committed the configuration. Aug 20 14:04:41.767987 osdx OSDxCLI[173783]: User 'admin' left the configuration menu. Aug 20 14:04:42.661327 osdx ulogd[177405]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Aug 20 14:04:42.661351 osdx ulogd[177405]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Aug 20 14:04:42.751243 osdx ulogd[177405]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Aug 20 14:04:42.751267 osdx ulogd[177405]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Aug 20 14:04:43.770238 osdx ulogd[177405]: [DESTROY] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 APPDETECT[L3:1] Aug 20 14:04:43.770259 osdx ulogd[177405]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Aug 20 14:04:43.770271 osdx ulogd[177405]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Aug 20 14:04:44.794140 osdx ulogd[177405]: [DESTROY] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 APPDETECT[L3:1] Aug 20 14:04:44.794161 osdx ulogd[177405]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Aug 20 14:04:44.794172 osdx ulogd[177405]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1]
Step 6: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
ulogd\[.*\]:.*\[UPDATE\].*APPDETECT\[L3:1\]Show output
Aug 20 14:04:40.336662 osdx systemd-journald[82189]: Runtime Journal (/run/log/journal/c36516c5c29741ae91520d0cd389ea90) is 2.1M, max 15.3M, 13.1M free. Aug 20 14:04:40.340505 osdx systemd-journald[82189]: Received client request to rotate journal, rotating. Aug 20 14:04:40.340582 osdx systemd-journald[82189]: Vacuuming done, freed 0B of archived journals from /run/log/journal/c36516c5c29741ae91520d0cd389ea90. Aug 20 14:04:40.341498 osdx sudo[177256]: pam_limits(sudo:session): invalid line '@200:215 hard maxlogins ' - skipped Aug 20 14:04:40.348603 osdx OSDxCLI[173783]: User 'admin' executed a new command: 'system journal clear'. Aug 20 14:04:40.580079 osdx OSDxCLI[173783]: User 'admin' executed a new command: 'system coredump delete all'. Aug 20 14:04:40.879292 osdx OSDxCLI[173783]: User 'admin' entered the configuration menu. Aug 20 14:04:40.941442 osdx OSDxCLI[173783]: User 'admin' added a new cfg line: 'set system conntrack app-detect'. Aug 20 14:04:41.040222 osdx OSDxCLI[173783]: User 'admin' added a new cfg line: 'set system conntrack timeout icmp 1'. Aug 20 14:04:41.118762 osdx OSDxCLI[173783]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 192.168.100.1/24'. Aug 20 14:04:41.201404 osdx OSDxCLI[173783]: User 'admin' added a new cfg line: 'set system conntrack logging events all'. Aug 20 14:04:41.279673 osdx OSDxCLI[173783]: User 'admin' added a new cfg line: 'show working'. Aug 20 14:04:41.377528 osdx ubnt-cfgd[177283]: inactive Aug 20 14:04:41.397195 osdx INFO[177291]: FRR daemons did not change Aug 20 14:04:41.572498 osdx kernel: app-detect: module init Aug 20 14:04:41.572556 osdx kernel: app-detect: registered: sysctl net.appdetect Aug 20 14:04:41.572573 osdx kernel: app-detect: expression init Aug 20 14:04:41.572583 osdx kernel: app-detect: appid cache initialized Aug 20 14:04:41.572598 osdx kernel: app-detect: appid cache changes counter initialized Aug 20 14:04:41.576620 osdx modulelauncher[177294]: AppDetect: no change in application dictionaries, thus nothing more to do Aug 20 14:04:41.600504 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Aug 20 14:04:41.662263 osdx sudo[177402]: pam_limits(sudo:session): invalid line '@200:215 hard maxlogins ' - skipped Aug 20 14:04:41.692734 osdx systemd[1]: Starting ulogd2.service - Netfilter Userspace Logging Daemon... Aug 20 14:04:41.693666 osdx systemd[1]: ulogd2.service: Failed to parse PID from file /run/ulog/ulogd.pid: Invalid argument Aug 20 14:04:41.694164 osdx ulogd[177405]: registering plugin `NFCT' Aug 20 14:04:41.694397 osdx ulogd[177405]: registering plugin `IP2STR' Aug 20 14:04:41.694487 osdx ulogd[177405]: registering plugin `PRINTFLOW' Aug 20 14:04:41.694576 osdx ulogd[177405]: registering plugin `SYSLOG' Aug 20 14:04:41.694611 osdx ulogd[177405]: building new pluginstance stack: 'ct1:NFCT,ip2str1:IP2STR,print1:PRINTFLOW,sys1:SYSLOG' Aug 20 14:04:41.694699 osdx ulogd[177405]: NFCT plugin working in event mode Aug 20 14:04:41.694745 osdx ulogd[177405]: Changing UID / GID Aug 20 14:04:41.694871 osdx ulogd[177405]: initialization finished, entering main loop Aug 20 14:04:41.708534 osdx systemd[1]: Started ulogd2.service - Netfilter Userspace Logging Daemon. Aug 20 14:04:41.709790 osdx cfgd[1656]: [173783]Completed change to active configuration Aug 20 14:04:41.727010 osdx OSDxCLI[173783]: User 'admin' committed the configuration. Aug 20 14:04:41.767987 osdx OSDxCLI[173783]: User 'admin' left the configuration menu. Aug 20 14:04:42.661327 osdx ulogd[177405]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Aug 20 14:04:42.661351 osdx ulogd[177405]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Aug 20 14:04:42.751243 osdx ulogd[177405]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Aug 20 14:04:42.751267 osdx ulogd[177405]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Aug 20 14:04:43.770238 osdx ulogd[177405]: [DESTROY] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 APPDETECT[L3:1] Aug 20 14:04:43.770259 osdx ulogd[177405]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Aug 20 14:04:43.770271 osdx ulogd[177405]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Aug 20 14:04:44.794140 osdx ulogd[177405]: [DESTROY] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 APPDETECT[L3:1] Aug 20 14:04:44.794161 osdx ulogd[177405]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Aug 20 14:04:44.794172 osdx ulogd[177405]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Aug 20 14:04:44.891738 osdx OSDxCLI[173783]: User 'admin' executed a new command: 'system journal show | cat'.
Step 7: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
ulogd\[.*\]:.*\[DESTROY\].*APPDETECT\[L3:1\]Show output
Aug 20 14:04:40.336662 osdx systemd-journald[82189]: Runtime Journal (/run/log/journal/c36516c5c29741ae91520d0cd389ea90) is 2.1M, max 15.3M, 13.1M free. Aug 20 14:04:40.340505 osdx systemd-journald[82189]: Received client request to rotate journal, rotating. Aug 20 14:04:40.340582 osdx systemd-journald[82189]: Vacuuming done, freed 0B of archived journals from /run/log/journal/c36516c5c29741ae91520d0cd389ea90. Aug 20 14:04:40.341498 osdx sudo[177256]: pam_limits(sudo:session): invalid line '@200:215 hard maxlogins ' - skipped Aug 20 14:04:40.348603 osdx OSDxCLI[173783]: User 'admin' executed a new command: 'system journal clear'. Aug 20 14:04:40.580079 osdx OSDxCLI[173783]: User 'admin' executed a new command: 'system coredump delete all'. Aug 20 14:04:40.879292 osdx OSDxCLI[173783]: User 'admin' entered the configuration menu. Aug 20 14:04:40.941442 osdx OSDxCLI[173783]: User 'admin' added a new cfg line: 'set system conntrack app-detect'. Aug 20 14:04:41.040222 osdx OSDxCLI[173783]: User 'admin' added a new cfg line: 'set system conntrack timeout icmp 1'. Aug 20 14:04:41.118762 osdx OSDxCLI[173783]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 192.168.100.1/24'. Aug 20 14:04:41.201404 osdx OSDxCLI[173783]: User 'admin' added a new cfg line: 'set system conntrack logging events all'. Aug 20 14:04:41.279673 osdx OSDxCLI[173783]: User 'admin' added a new cfg line: 'show working'. Aug 20 14:04:41.377528 osdx ubnt-cfgd[177283]: inactive Aug 20 14:04:41.397195 osdx INFO[177291]: FRR daemons did not change Aug 20 14:04:41.572498 osdx kernel: app-detect: module init Aug 20 14:04:41.572556 osdx kernel: app-detect: registered: sysctl net.appdetect Aug 20 14:04:41.572573 osdx kernel: app-detect: expression init Aug 20 14:04:41.572583 osdx kernel: app-detect: appid cache initialized Aug 20 14:04:41.572598 osdx kernel: app-detect: appid cache changes counter initialized Aug 20 14:04:41.576620 osdx modulelauncher[177294]: AppDetect: no change in application dictionaries, thus nothing more to do Aug 20 14:04:41.600504 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Aug 20 14:04:41.662263 osdx sudo[177402]: pam_limits(sudo:session): invalid line '@200:215 hard maxlogins ' - skipped Aug 20 14:04:41.692734 osdx systemd[1]: Starting ulogd2.service - Netfilter Userspace Logging Daemon... Aug 20 14:04:41.693666 osdx systemd[1]: ulogd2.service: Failed to parse PID from file /run/ulog/ulogd.pid: Invalid argument Aug 20 14:04:41.694164 osdx ulogd[177405]: registering plugin `NFCT' Aug 20 14:04:41.694397 osdx ulogd[177405]: registering plugin `IP2STR' Aug 20 14:04:41.694487 osdx ulogd[177405]: registering plugin `PRINTFLOW' Aug 20 14:04:41.694576 osdx ulogd[177405]: registering plugin `SYSLOG' Aug 20 14:04:41.694611 osdx ulogd[177405]: building new pluginstance stack: 'ct1:NFCT,ip2str1:IP2STR,print1:PRINTFLOW,sys1:SYSLOG' Aug 20 14:04:41.694699 osdx ulogd[177405]: NFCT plugin working in event mode Aug 20 14:04:41.694745 osdx ulogd[177405]: Changing UID / GID Aug 20 14:04:41.694871 osdx ulogd[177405]: initialization finished, entering main loop Aug 20 14:04:41.708534 osdx systemd[1]: Started ulogd2.service - Netfilter Userspace Logging Daemon. Aug 20 14:04:41.709790 osdx cfgd[1656]: [173783]Completed change to active configuration Aug 20 14:04:41.727010 osdx OSDxCLI[173783]: User 'admin' committed the configuration. Aug 20 14:04:41.767987 osdx OSDxCLI[173783]: User 'admin' left the configuration menu. Aug 20 14:04:42.661327 osdx ulogd[177405]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Aug 20 14:04:42.661351 osdx ulogd[177405]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Aug 20 14:04:42.751243 osdx ulogd[177405]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Aug 20 14:04:42.751267 osdx ulogd[177405]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Aug 20 14:04:43.770238 osdx ulogd[177405]: [DESTROY] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 APPDETECT[L3:1] Aug 20 14:04:43.770259 osdx ulogd[177405]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Aug 20 14:04:43.770271 osdx ulogd[177405]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Aug 20 14:04:44.794140 osdx ulogd[177405]: [DESTROY] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 APPDETECT[L3:1] Aug 20 14:04:44.794161 osdx ulogd[177405]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Aug 20 14:04:44.794172 osdx ulogd[177405]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Aug 20 14:04:44.891738 osdx OSDxCLI[173783]: User 'admin' executed a new command: 'system journal show | cat'. Aug 20 14:04:45.008315 osdx OSDxCLI[173783]: User 'admin' executed a new command: 'system journal show | cat'.
Step 8: Modify the following configuration lines in DUT0 :
set interfaces ethernet eth1 address 10.215.168.64/24 set system conntrack app-detect http-host
Step 9: Ping IP address 10.215.168.1 from DUT0:
admin@DUT0$ ping 10.215.168.1 count 1 size 56 timeout 1Show output
PING 10.215.168.1 (10.215.168.1) 56(84) bytes of data. 64 bytes from 10.215.168.1: icmp_seq=1 ttl=64 time=0.243 ms --- 10.215.168.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.243/0.243/0.243/0.000 ms
Step 10: Run command file copy http://10.215.168.1/~robot/ running://index.html at DUT0 and expect this output:
Show output
% Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 100 4352 0 4352 0 0 689k 0 --:--:-- --:--:-- --:--:-- 708k
Step 11: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
ulogd\[.*\]:.*\[((NEW)|(UPDATE)|(DESTROY))\].*APPDETECT\[L4:80 http-host:10.215.168.1\]Show output
Aug 20 14:04:40.336662 osdx systemd-journald[82189]: Runtime Journal (/run/log/journal/c36516c5c29741ae91520d0cd389ea90) is 2.1M, max 15.3M, 13.1M free. Aug 20 14:04:40.340505 osdx systemd-journald[82189]: Received client request to rotate journal, rotating. Aug 20 14:04:40.340582 osdx systemd-journald[82189]: Vacuuming done, freed 0B of archived journals from /run/log/journal/c36516c5c29741ae91520d0cd389ea90. Aug 20 14:04:40.341498 osdx sudo[177256]: pam_limits(sudo:session): invalid line '@200:215 hard maxlogins ' - skipped Aug 20 14:04:40.348603 osdx OSDxCLI[173783]: User 'admin' executed a new command: 'system journal clear'. Aug 20 14:04:40.580079 osdx OSDxCLI[173783]: User 'admin' executed a new command: 'system coredump delete all'. Aug 20 14:04:40.879292 osdx OSDxCLI[173783]: User 'admin' entered the configuration menu. Aug 20 14:04:40.941442 osdx OSDxCLI[173783]: User 'admin' added a new cfg line: 'set system conntrack app-detect'. Aug 20 14:04:41.040222 osdx OSDxCLI[173783]: User 'admin' added a new cfg line: 'set system conntrack timeout icmp 1'. Aug 20 14:04:41.118762 osdx OSDxCLI[173783]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 192.168.100.1/24'. Aug 20 14:04:41.201404 osdx OSDxCLI[173783]: User 'admin' added a new cfg line: 'set system conntrack logging events all'. Aug 20 14:04:41.279673 osdx OSDxCLI[173783]: User 'admin' added a new cfg line: 'show working'. Aug 20 14:04:41.377528 osdx ubnt-cfgd[177283]: inactive Aug 20 14:04:41.397195 osdx INFO[177291]: FRR daemons did not change Aug 20 14:04:41.572498 osdx kernel: app-detect: module init Aug 20 14:04:41.572556 osdx kernel: app-detect: registered: sysctl net.appdetect Aug 20 14:04:41.572573 osdx kernel: app-detect: expression init Aug 20 14:04:41.572583 osdx kernel: app-detect: appid cache initialized Aug 20 14:04:41.572598 osdx kernel: app-detect: appid cache changes counter initialized Aug 20 14:04:41.576620 osdx modulelauncher[177294]: AppDetect: no change in application dictionaries, thus nothing more to do Aug 20 14:04:41.600504 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Aug 20 14:04:41.662263 osdx sudo[177402]: pam_limits(sudo:session): invalid line '@200:215 hard maxlogins ' - skipped Aug 20 14:04:41.692734 osdx systemd[1]: Starting ulogd2.service - Netfilter Userspace Logging Daemon... Aug 20 14:04:41.693666 osdx systemd[1]: ulogd2.service: Failed to parse PID from file /run/ulog/ulogd.pid: Invalid argument Aug 20 14:04:41.694164 osdx ulogd[177405]: registering plugin `NFCT' Aug 20 14:04:41.694397 osdx ulogd[177405]: registering plugin `IP2STR' Aug 20 14:04:41.694487 osdx ulogd[177405]: registering plugin `PRINTFLOW' Aug 20 14:04:41.694576 osdx ulogd[177405]: registering plugin `SYSLOG' Aug 20 14:04:41.694611 osdx ulogd[177405]: building new pluginstance stack: 'ct1:NFCT,ip2str1:IP2STR,print1:PRINTFLOW,sys1:SYSLOG' Aug 20 14:04:41.694699 osdx ulogd[177405]: NFCT plugin working in event mode Aug 20 14:04:41.694745 osdx ulogd[177405]: Changing UID / GID Aug 20 14:04:41.694871 osdx ulogd[177405]: initialization finished, entering main loop Aug 20 14:04:41.708534 osdx systemd[1]: Started ulogd2.service - Netfilter Userspace Logging Daemon. Aug 20 14:04:41.709790 osdx cfgd[1656]: [173783]Completed change to active configuration Aug 20 14:04:41.727010 osdx OSDxCLI[173783]: User 'admin' committed the configuration. Aug 20 14:04:41.767987 osdx OSDxCLI[173783]: User 'admin' left the configuration menu. Aug 20 14:04:42.661327 osdx ulogd[177405]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Aug 20 14:04:42.661351 osdx ulogd[177405]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Aug 20 14:04:42.751243 osdx ulogd[177405]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Aug 20 14:04:42.751267 osdx ulogd[177405]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Aug 20 14:04:43.770238 osdx ulogd[177405]: [DESTROY] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 APPDETECT[L3:1] Aug 20 14:04:43.770259 osdx ulogd[177405]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Aug 20 14:04:43.770271 osdx ulogd[177405]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Aug 20 14:04:44.794140 osdx ulogd[177405]: [DESTROY] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 APPDETECT[L3:1] Aug 20 14:04:44.794161 osdx ulogd[177405]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Aug 20 14:04:44.794172 osdx ulogd[177405]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Aug 20 14:04:44.891738 osdx OSDxCLI[173783]: User 'admin' executed a new command: 'system journal show | cat'. Aug 20 14:04:45.008315 osdx OSDxCLI[173783]: User 'admin' executed a new command: 'system journal show | cat'. Aug 20 14:04:45.127850 osdx OSDxCLI[173783]: User 'admin' executed a new command: 'system journal show | cat'. Aug 20 14:04:45.299241 osdx OSDxCLI[173783]: User 'admin' entered the configuration menu. Aug 20 14:04:45.377227 osdx OSDxCLI[173783]: User 'admin' added a new cfg line: 'set interfaces ethernet eth1 address 10.215.168.64/24'. Aug 20 14:04:45.459938 osdx OSDxCLI[173783]: User 'admin' added a new cfg line: 'set system conntrack app-detect http-host'. Aug 20 14:04:45.524549 osdx OSDxCLI[173783]: User 'admin' added a new cfg line: 'show changes'. Aug 20 14:04:45.621596 osdx ubnt-cfgd[177456]: inactive Aug 20 14:04:45.643012 osdx INFO[177464]: FRR daemons did not change Aug 20 14:04:45.688500 osdx kernel: app-detect: expression destroy Aug 20 14:04:45.696513 osdx kernel: app-detect: expression init Aug 20 14:04:45.696583 osdx kernel: app-detect: appid cache initialized Aug 20 14:04:45.696606 osdx kernel: app-detect: appid cache changes counter initialized Aug 20 14:04:45.701998 osdx modulelauncher[177467]: AppDetect: no change in application dictionaries, thus nothing more to do Aug 20 14:04:45.728510 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth1 Aug 20 14:04:45.781490 osdx cfgd[1656]: [173783]Completed change to active configuration Aug 20 14:04:45.792097 osdx ulogd[177405]: [DESTROY] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 APPDETECT[L3:1] Aug 20 14:04:45.792223 osdx ulogd[177405]: [DESTROY] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 APPDETECT[L3:1] Aug 20 14:04:45.792987 osdx OSDxCLI[173783]: User 'admin' committed the configuration. Aug 20 14:04:45.819428 osdx OSDxCLI[173783]: User 'admin' left the configuration menu. Aug 20 14:04:45.980913 osdx ulogd[177405]: [NEW] ORIG: SRC=10.215.168.64 DST=10.215.168.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=10.215.168.1 DST=10.215.168.64 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Aug 20 14:04:45.981157 osdx ulogd[177405]: [UPDATE] ORIG: SRC=10.215.168.64 DST=10.215.168.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=10.215.168.1 DST=10.215.168.64 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Aug 20 14:04:45.982546 osdx OSDxCLI[173783]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'. Aug 20 14:04:46.062518 osdx sudo[177591]: pam_limits(sudo:session): invalid line '@200:215 hard maxlogins ' - skipped Aug 20 14:04:46.145399 osdx file_operation[177594]: using src url: http://10.215.168.1/~robot/ dst url: running://index.html Aug 20 14:04:46.151503 osdx ulogd[177405]: [NEW] ORIG: SRC=10.215.168.64 DST=10.215.168.1 PROTO=TCP SPT=45662 DPT=80 PKTS=0 BYTES=0 , REPLY: SRC=10.215.168.1 DST=10.215.168.64 PROTO=TCP SPT=80 DPT=45662 PKTS=0 BYTES=0 APPDETECT[L4:80] Aug 20 14:04:46.151647 osdx ulogd[177405]: [UPDATE] ORIG: SRC=10.215.168.64 DST=10.215.168.1 PROTO=TCP SPT=45662 DPT=80 PKTS=0 BYTES=0 , REPLY: SRC=10.215.168.1 DST=10.215.168.64 PROTO=TCP SPT=80 DPT=45662 PKTS=0 BYTES=0 APPDETECT[L4:80] Aug 20 14:04:46.151659 osdx ulogd[177405]: [UPDATE] ORIG: SRC=10.215.168.64 DST=10.215.168.1 PROTO=TCP SPT=45662 DPT=80 PKTS=0 BYTES=0 , REPLY: SRC=10.215.168.1 DST=10.215.168.64 PROTO=TCP SPT=80 DPT=45662 PKTS=0 BYTES=0 APPDETECT[L4:80] Aug 20 14:04:46.154090 osdx ulogd[177405]: [UPDATE] ORIG: SRC=10.215.168.64 DST=10.215.168.1 PROTO=TCP SPT=45662 DPT=80 PKTS=0 BYTES=0 , REPLY: SRC=10.215.168.1 DST=10.215.168.64 PROTO=TCP SPT=80 DPT=45662 PKTS=0 BYTES=0 APPDETECT[L4:80 http-host:10.215.168.1] Aug 20 14:04:46.154160 osdx ulogd[177405]: [UPDATE] ORIG: SRC=10.215.168.64 DST=10.215.168.1 PROTO=TCP SPT=45662 DPT=80 PKTS=0 BYTES=0 , REPLY: SRC=10.215.168.1 DST=10.215.168.64 PROTO=TCP SPT=80 DPT=45662 PKTS=0 BYTES=0 APPDETECT[L4:80 http-host:10.215.168.1] Aug 20 14:04:46.154171 osdx ulogd[177405]: [UPDATE] ORIG: SRC=10.215.168.64 DST=10.215.168.1 PROTO=TCP SPT=45662 DPT=80 PKTS=0 BYTES=0 , REPLY: SRC=10.215.168.1 DST=10.215.168.64 PROTO=TCP SPT=80 DPT=45662 PKTS=0 BYTES=0 APPDETECT[L4:80 http-host:10.215.168.1] Aug 20 14:04:46.172507 osdx sudo[177601]: pam_limits(sudo:session): invalid line '@200:215 hard maxlogins ' - skipped Aug 20 14:04:46.174359 osdx OSDxCLI[173783]: User 'admin' executed a new command: 'file copy http://10.215.168.1/~robot/ running://index.html'.
App Detect Drop Packet
Description
Set a traffic policy with action drop for all the packets matching an appid specified by a traffic selector.
Enable http-host and http-url option in system conntrack appdetect path in order to see relevant information about http packets.
Finnally, log that packets with app-id option and check that appdetect field appear in journal when
running system journal show
Scenario
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth1 address 10.215.168.64/24 set interfaces ethernet eth1 traffic policy out DROP set system conntrack app-detect dictionary 130 custom app-id 155 fqdn 10.215.168.1 set system conntrack app-detect enable_dict_match_priv_ip set system conntrack app-detect http-host set system conntrack app-detect http-url set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0' set traffic policy DROP rule 1 action drop set traffic policy DROP rule 1 log app-id set traffic policy DROP rule 1 selector APPID set traffic selector APPID rule 1 app-id custom 155
Step 2: Ping IP address 10.215.168.1 from DUT0:
admin@DUT0$ ping 10.215.168.1 count 1 size 56 timeout 1Show output
PING 10.215.168.1 (10.215.168.1) 56(84) bytes of data. 64 bytes from 10.215.168.1: icmp_seq=1 ttl=64 time=0.227 ms --- 10.215.168.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.227/0.227/0.227/0.000 ms
Step 3: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
osdx kernel:.*APPDETECT\[U:155 http-url:/~robot/ http-host:10.215.168.1\]Show output
Aug 20 14:04:51.305075 osdx systemd-journald[82189]: Runtime Journal (/run/log/journal/c36516c5c29741ae91520d0cd389ea90) is 2.1M, max 15.3M, 13.2M free. Aug 20 14:04:51.306612 osdx systemd-journald[82189]: Received client request to rotate journal, rotating. Aug 20 14:04:51.306678 osdx systemd-journald[82189]: Vacuuming done, freed 0B of archived journals from /run/log/journal/c36516c5c29741ae91520d0cd389ea90. Aug 20 14:04:51.309058 osdx sudo[177779]: pam_limits(sudo:session): invalid line '@200:215 hard maxlogins ' - skipped Aug 20 14:04:51.315615 osdx OSDxCLI[173783]: User 'admin' executed a new command: 'system journal clear'. Aug 20 14:04:51.558371 osdx OSDxCLI[173783]: User 'admin' executed a new command: 'system coredump delete all'. Aug 20 14:04:51.835600 osdx OSDxCLI[173783]: User 'admin' entered the configuration menu. Aug 20 14:04:51.928220 osdx OSDxCLI[173783]: User 'admin' added a new cfg line: 'set system conntrack app-detect dictionary 130 custom app-id 155 fqdn 10.215.168.1'. Aug 20 14:04:52.031143 osdx OSDxCLI[173783]: User 'admin' added a new cfg line: 'set system conntrack app-detect enable_dict_match_priv_ip'. Aug 20 14:04:52.100003 osdx OSDxCLI[173783]: User 'admin' added a new cfg line: 'set system conntrack app-detect http-url'. Aug 20 14:04:52.218113 osdx OSDxCLI[173783]: User 'admin' added a new cfg line: 'set traffic selector APPID rule 1 app-id custom 155'. Aug 20 14:04:52.292549 osdx OSDxCLI[173783]: User 'admin' added a new cfg line: 'set traffic policy DROP rule 1 selector APPID'. Aug 20 14:04:52.414111 osdx OSDxCLI[173783]: User 'admin' added a new cfg line: 'set traffic policy DROP rule 1 action drop'. Aug 20 14:04:52.513773 osdx OSDxCLI[173783]: User 'admin' added a new cfg line: 'set traffic policy DROP rule 1 log app-id'. Aug 20 14:04:52.590333 osdx OSDxCLI[173783]: User 'admin' added a new cfg line: 'set interfaces ethernet eth1 traffic policy out DROP'. Aug 20 14:04:52.673351 osdx OSDxCLI[173783]: User 'admin' added a new cfg line: 'set interfaces ethernet eth1 address 10.215.168.64/24'. Aug 20 14:04:52.730134 osdx OSDxCLI[173783]: User 'admin' added a new cfg line: 'set system conntrack app-detect http-host'. Aug 20 14:04:52.883222 osdx OSDxCLI[173783]: User 'admin' added a new cfg line: 'show working'. Aug 20 14:04:52.951135 osdx ubnt-cfgd[177812]: inactive Aug 20 14:04:52.991006 osdx INFO[177834]: FRR daemons did not change Aug 20 14:04:53.138614 osdx kernel: app-detect: module init Aug 20 14:04:53.138682 osdx kernel: app-detect: registered: sysctl net.appdetect Aug 20 14:04:53.138697 osdx kernel: app-detect: expression init Aug 20 14:04:53.138706 osdx kernel: app-detect: appid cache initialized Aug 20 14:04:53.138715 osdx kernel: app-detect: appid cache changes counter initialized Aug 20 14:04:53.153119 osdx sudo[177863]: pam_limits(sudo:session): invalid line '@200:215 hard maxlogins ' - skipped Aug 20 14:04:53.174653 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth1 Aug 20 14:04:53.431740 osdx cfgd[1656]: [173783]Completed change to active configuration Aug 20 14:04:53.445338 osdx OSDxCLI[173783]: User 'admin' committed the configuration. Aug 20 14:04:53.476095 osdx OSDxCLI[173783]: User 'admin' left the configuration menu. Aug 20 14:04:53.645192 osdx OSDxCLI[173783]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'. Aug 20 14:04:53.726309 osdx sudo[177999]: pam_limits(sudo:session): invalid line '@200:215 hard maxlogins ' - skipped Aug 20 14:04:53.788276 osdx file_operation[178002]: using src url: http://10.215.168.1/~robot/ dst url: running://index.html Aug 20 14:04:53.794606 osdx kernel: [DROP-1] DROP IN= OUT=eth1 SRC=10.215.168.64 DST=10.215.168.1 LEN=306 TOS=0x00 PREC=0x00 TTL=64 ID=9137 DF PROTO=TCP SPT=51838 DPT=80 WINDOW=502 RES=0x00 ACK PSH URGP=0 APPDETECT[U:155 http-url:/~robot/ http-host:10.215.168.1] Aug 20 14:04:53.998611 osdx kernel: [DROP-1] DROP IN= OUT=eth1 SRC=10.215.168.64 DST=10.215.168.1 LEN=306 TOS=0x00 PREC=0x00 TTL=64 ID=9138 DF PROTO=TCP SPT=51838 DPT=80 WINDOW=502 RES=0x00 ACK PSH URGP=0 APPDETECT[U:155 http-url:/~robot/ http-host:10.215.168.1] Aug 20 14:04:54.410650 osdx kernel: [DROP-1] DROP IN= OUT=eth1 SRC=10.215.168.64 DST=10.215.168.1 LEN=306 TOS=0x00 PREC=0x00 TTL=64 ID=9139 DF PROTO=TCP SPT=51838 DPT=80 WINDOW=502 RES=0x00 ACK PSH URGP=0 APPDETECT[U:155 http-url:/~robot/ http-host:10.215.168.1] Aug 20 14:04:55.242753 osdx kernel: [DROP-1] DROP IN= OUT=eth1 SRC=10.215.168.64 DST=10.215.168.1 LEN=306 TOS=0x00 PREC=0x00 TTL=64 ID=9140 DF PROTO=TCP SPT=51838 DPT=80 WINDOW=502 RES=0x00 ACK PSH URGP=0 APPDETECT[U:155 http-url:/~robot/ http-host:10.215.168.1] Aug 20 14:04:56.786808 osdx file_operation.py[178002]: Operation aborted by user. Aug 20 14:04:56.798612 osdx kernel: [DROP-1] DROP IN= OUT=eth1 SRC=10.215.168.64 DST=10.215.168.1 LEN=306 TOS=0x00 PREC=0x00 TTL=64 ID=9141 DF PROTO=TCP SPT=51838 DPT=80 WINDOW=502 RES=0x00 ACK PSH FIN URGP=0 APPDETECT[U:155 http-url:/~robot/ http-host:10.215.168.1] Aug 20 14:04:56.799452 osdx sudo[178007]: pam_limits(sudo:session): invalid line '@200:215 hard maxlogins ' - skipped Aug 20 14:04:56.801290 osdx OSDxCLI[173783]: User 'admin' executed a new command: 'file copy http://10.215.168.1/~robot/ running://index.html'.
Identity Values
Description
Conntrack identity is able to contain any printed character but not spaces
Scenario
Step 1: Run command configure at DUT0 and expect this output:
Step 2: Run command set system conntrack logging identity "he||o w@rld!" at DUT0 and check if output contains the following tokens:
Identity name must be 92 characters or less and must contain printable characters except those defined as part of the space character classShow output
Identity name must be 92 characters or less and must contain printable characters except those defined as part of the space character class Value validation failed CLI Error: Command error
Step 3: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 192.168.100.1/24 set system conntrack logging events all set system conntrack logging identity 'he||o-w@rld!' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 4: Set the following configuration in DUT1 :
set interfaces ethernet eth0 address 192.168.100.2/24 set protocols static route 0.0.0.0/0 next-hop 192.168.100.1 set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 5: Ping IP address 192.168.100.1 from DUT1:
admin@DUT1$ ping 192.168.100.1 count 1 size 56 timeout 1Show output
PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data. 64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.404 ms --- 192.168.100.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.404/0.404/0.404/0.000 ms
Step 6: Ping IP address 192.168.100.1 from DUT1:
admin@DUT1$ ping 192.168.100.1 count 1 size 56 timeout 1Show output
PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data. 64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.252 ms --- 192.168.100.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.252/0.252/0.252/0.000 ms
Step 7: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
he||o-w@rld!\[.*\]:.*\[((NEW)|(UPDATE)|(DESTROY))\].*SRC=192.168.100.2Show output
Aug 20 14:05:00.000205 osdx systemd-timedated[173048]: Changed local time to Wed 2025-08-20 14:05:00 UTC Aug 20 14:05:00.001537 osdx OSDxCLI[173783]: User 'admin' executed a new command: 'set date 2025-08-20 14:05:00'. Aug 20 14:05:00.002591 osdx systemd-journald[82189]: Time jumped backwards, rotating. Aug 20 14:05:00.339840 osdx sudo[178164]: pam_limits(sudo:session): invalid line '@200:215 hard maxlogins ' - skipped Aug 20 14:05:00.342922 osdx systemd-journald[82189]: Runtime Journal (/run/log/journal/c36516c5c29741ae91520d0cd389ea90) is 2.0M, max 15.3M, 13.3M free. Aug 20 14:05:00.346586 osdx systemd-journald[82189]: Received client request to rotate journal, rotating. Aug 20 14:05:00.346634 osdx systemd-journald[82189]: Vacuuming done, freed 0B of archived journals from /run/log/journal/c36516c5c29741ae91520d0cd389ea90. Aug 20 14:05:00.346918 osdx sudo[178163]: pam_limits(sudo:session): invalid line '@200:215 hard maxlogins ' - skipped Aug 20 14:05:00.352789 osdx OSDxCLI[173783]: User 'admin' executed a new command: 'system journal clear'. Aug 20 14:05:00.571187 osdx OSDxCLI[173783]: User 'admin' executed a new command: 'system coredump delete all'. Aug 20 14:05:00.872833 osdx OSDxCLI[173783]: User 'admin' entered the configuration menu. Aug 20 14:05:00.939078 osdx cfgd[1656]: [173783]Command output: Identity name must be 92 characters or less and must contain printable characters except those defined as part of the space character class Value validation failed Aug 20 14:05:00.940009 osdx OSDxCLI[173783]: User 'admin' entered an invalid command: 'set system conntrack logging identity "he||o w@rld!"'. Aug 20 14:05:01.034181 osdx OSDxCLI[173783]: User 'admin' left the configuration menu. Aug 20 14:05:01.112610 osdx CRON[178176]: pam_limits(cron:session): invalid line '@200:215 hard maxlogins ' - skipped Aug 20 14:05:01.204840 osdx OSDxCLI[173783]: User 'admin' entered the configuration menu. Aug 20 14:05:01.279409 osdx OSDxCLI[173783]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 192.168.100.1/24'. Aug 20 14:05:01.389916 osdx OSDxCLI[173783]: User 'admin' added a new cfg line: 'set system conntrack logging events all'. Aug 20 14:05:01.453048 osdx OSDxCLI[173783]: User 'admin' added a new cfg line: 'set system conntrack logging identity he||o-w@rld!'. Aug 20 14:05:01.572175 osdx OSDxCLI[173783]: User 'admin' added a new cfg line: 'show working'. Aug 20 14:05:01.647240 osdx ubnt-cfgd[178195]: inactive Aug 20 14:05:01.669893 osdx INFO[178203]: FRR daemons did not change Aug 20 14:05:01.694590 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Aug 20 14:05:01.756381 osdx sudo[178291]: pam_limits(sudo:session): invalid line '@200:215 hard maxlogins ' - skipped Aug 20 14:05:01.798914 osdx systemd[1]: Starting ulogd2.service - Netfilter Userspace Logging Daemon... Aug 20 14:05:01.799651 osdx systemd[1]: ulogd2.service: Failed to parse PID from file /run/ulog/ulogd.pid: Invalid argument Aug 20 14:05:01.799962 osdx systemd[1]: Started ulogd2.service - Netfilter Userspace Logging Daemon. Aug 20 14:05:01.800968 osdx ulogd[178294]: registering plugin `NFCT' Aug 20 14:05:01.801119 osdx cfgd[1656]: [173783]Completed change to active configuration Aug 20 14:05:01.801172 osdx ulogd[178294]: registering plugin `IP2STR' Aug 20 14:05:01.801209 osdx ulogd[178294]: registering plugin `PRINTFLOW' Aug 20 14:05:01.801252 osdx ulogd[178294]: registering plugin `SYSLOG' Aug 20 14:05:01.801281 osdx ulogd[178294]: building new pluginstance stack: 'ct1:NFCT,ip2str1:IP2STR,print1:PRINTFLOW,sys1:SYSLOG' Aug 20 14:05:01.801346 osdx ulogd[178294]: NFCT plugin working in event mode Aug 20 14:05:01.801377 osdx he||o-w@rld![178294]: Changing UID / GID Aug 20 14:05:01.801472 osdx he||o-w@rld![178294]: initialization finished, entering main loop Aug 20 14:05:01.813606 osdx OSDxCLI[173783]: User 'admin' committed the configuration. Aug 20 14:05:01.842287 osdx OSDxCLI[173783]: User 'admin' left the configuration menu. Aug 20 14:05:02.797524 osdx he||o-w@rld![178294]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 Aug 20 14:05:02.797545 osdx he||o-w@rld![178294]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 Aug 20 14:05:02.878423 osdx he||o-w@rld![178294]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 Aug 20 14:05:02.878445 osdx he||o-w@rld![178294]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0