Logging
The following scenarios show how to configure the conntrack logging option with different traffic policies and services enabled, in order to check that all fields are displayed correctly and all events are captured.
New events
Description
Check NEW sessions events are captured
Scenario
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 192.168.100.1/24 set system conntrack logging events new set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 2: Set the following configuration in DUT1 :
set interfaces ethernet eth0 address 192.168.100.2/24 set protocols static route 0.0.0.0/0 next-hop 192.168.100.1 set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 3: Ping IP address 192.168.100.1 from DUT1:
admin@DUT1$ ping 192.168.100.1 count 1 size 56 timeout 1Show output
PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data. 64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.310 ms --- 192.168.100.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.310/0.310/0.310/0.000 ms
Step 4: Ping IP address 192.168.100.1 from DUT1:
admin@DUT1$ ping 192.168.100.1 count 1 size 56 timeout 1Show output
PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data. 64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.216 ms --- 192.168.100.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.216/0.216/0.216/0.000 ms
Step 5: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
ulogd\[.*\]:.*\[NEW\].*SRC=192.168.100.2Show output
Mar 24 09:28:47.327282 osdx systemd-journald[1775]: Runtime Journal (/run/log/journal/7e3c4dd6c8d74b1c9c9747e610a7f242) is 1.9M, max 13.8M, 11.8M free. Mar 24 09:28:47.329600 osdx systemd-journald[1775]: Received client request to rotate journal, rotating. Mar 24 09:28:47.329675 osdx systemd-journald[1775]: Vacuuming done, freed 0B of archived journals from /run/log/journal/7e3c4dd6c8d74b1c9c9747e610a7f242. Mar 24 09:28:47.332916 osdx sudo[34757]: pam_limits(sudo:session): invalid line '@200:215 hard maxlogins ' - skipped Mar 24 09:28:47.341150 osdx OSDxCLI[32276]: User 'admin' executed a new command: 'system journal clear'. Mar 24 09:28:47.561866 osdx OSDxCLI[32276]: User 'admin' executed a new command: 'system coredump delete all'. Mar 24 09:28:47.793115 osdx OSDxCLI[32276]: User 'admin' entered the configuration menu. Mar 24 09:28:47.881806 osdx OSDxCLI[32276]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 192.168.100.1/24'. Mar 24 09:28:47.974337 osdx OSDxCLI[32276]: User 'admin' added a new cfg line: 'set system conntrack logging events new'. Mar 24 09:28:48.038291 osdx OSDxCLI[32276]: User 'admin' added a new cfg line: 'show working'. Mar 24 09:28:48.137090 osdx ubnt-cfgd[34782]: inactive Mar 24 09:28:48.158135 osdx INFO[34790]: FRR daemons did not change Mar 24 09:28:48.252657 osdx sudo[34878]: pam_limits(sudo:session): invalid line '@200:215 hard maxlogins ' - skipped Mar 24 09:28:48.281820 osdx systemd[1]: Starting ulogd2.service - Netfilter Userspace Logging Daemon... Mar 24 09:28:48.285247 osdx systemd[1]: Started ulogd2.service - Netfilter Userspace Logging Daemon. Mar 24 09:28:48.286579 osdx cfgd[1474]: [32276]Completed change to active configuration Mar 24 09:28:48.287592 osdx ulogd[34881]: registering plugin `NFCT' Mar 24 09:28:48.288559 osdx ulogd[34881]: registering plugin `IP2STR' Mar 24 09:28:48.288651 osdx ulogd[34881]: registering plugin `PRINTFLOW' Mar 24 09:28:48.289680 osdx ulogd[34881]: registering plugin `SYSLOG' Mar 24 09:28:48.289718 osdx ulogd[34881]: building new pluginstance stack: 'ct1:NFCT,ip2str1:IP2STR,print1:PRINTFLOW,sys1:SYSLOG' Mar 24 09:28:48.289785 osdx ulogd[34881]: NFCT plugin working in event mode Mar 24 09:28:48.289815 osdx ulogd[34881]: Changing UID / GID Mar 24 09:28:48.289909 osdx ulogd[34881]: initialization finished, entering main loop Mar 24 09:28:48.297723 osdx OSDxCLI[32276]: User 'admin' committed the configuration. Mar 24 09:28:48.314598 osdx OSDxCLI[32276]: User 'admin' left the configuration menu. Mar 24 09:28:49.187765 osdx ulogd[34881]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 Mar 24 09:28:49.281788 osdx ulogd[34881]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0
Update events
Description
Check UPDATE sessions events are captured
Scenario
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 192.168.100.1/24 set system conntrack logging events update set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 2: Set the following configuration in DUT1 :
set interfaces ethernet eth0 address 192.168.100.2/24 set protocols static route 0.0.0.0/0 next-hop 192.168.100.1 set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 3: Ping IP address 192.168.100.1 from DUT1:
admin@DUT1$ ping 192.168.100.1 count 1 size 56 timeout 1Show output
PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data. 64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.295 ms --- 192.168.100.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.295/0.295/0.295/0.000 ms
Step 4: Ping IP address 192.168.100.1 from DUT1:
admin@DUT1$ ping 192.168.100.1 count 1 size 56 timeout 1Show output
PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data. 64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.237 ms --- 192.168.100.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.237/0.237/0.237/0.000 ms
Step 5: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
ulogd\[.*\]:.*\[UPDATE\].*SRC=192.168.100.2Show output
Mar 24 09:28:53.000182 osdx systemd-timedated[28747]: Changed local time to Tue 2026-03-24 09:28:53 UTC Mar 24 09:28:53.001502 osdx OSDxCLI[32276]: User 'admin' executed a new command: 'set date 2026-03-24 09:28:53'. Mar 24 09:28:53.003512 osdx systemd-journald[1775]: Time jumped backwards, rotating. Mar 24 09:28:53.300568 osdx sudo[35039]: pam_limits(sudo:session): invalid line '@200:215 hard maxlogins ' - skipped Mar 24 09:28:53.303672 osdx systemd-journald[1775]: Runtime Journal (/run/log/journal/7e3c4dd6c8d74b1c9c9747e610a7f242) is 1.8M, max 13.8M, 11.9M free. Mar 24 09:28:53.307512 osdx systemd-journald[1775]: Received client request to rotate journal, rotating. Mar 24 09:28:53.307568 osdx systemd-journald[1775]: Vacuuming done, freed 0B of archived journals from /run/log/journal/7e3c4dd6c8d74b1c9c9747e610a7f242. Mar 24 09:28:53.307637 osdx sudo[35038]: pam_limits(sudo:session): invalid line '@200:215 hard maxlogins ' - skipped Mar 24 09:28:53.313363 osdx OSDxCLI[32276]: User 'admin' executed a new command: 'system journal clear'. Mar 24 09:28:53.527359 osdx OSDxCLI[32276]: User 'admin' executed a new command: 'system coredump delete all'. Mar 24 09:28:53.803517 osdx OSDxCLI[32276]: User 'admin' entered the configuration menu. Mar 24 09:28:53.907506 osdx OSDxCLI[32276]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 192.168.100.1/24'. Mar 24 09:28:53.963090 osdx OSDxCLI[32276]: User 'admin' added a new cfg line: 'set system conntrack logging events update'. Mar 24 09:28:54.064034 osdx OSDxCLI[32276]: User 'admin' added a new cfg line: 'show working'. Mar 24 09:28:54.129641 osdx ubnt-cfgd[35063]: inactive Mar 24 09:28:54.154670 osdx INFO[35071]: FRR daemons did not change Mar 24 09:28:54.239804 osdx sudo[35159]: pam_limits(sudo:session): invalid line '@200:215 hard maxlogins ' - skipped Mar 24 09:28:54.271869 osdx systemd[1]: Starting ulogd2.service - Netfilter Userspace Logging Daemon... Mar 24 09:28:54.272675 osdx systemd[1]: Started ulogd2.service - Netfilter Userspace Logging Daemon. Mar 24 09:28:54.272873 osdx ulogd[35162]: registering plugin `NFCT' Mar 24 09:28:54.273121 osdx ulogd[35162]: registering plugin `IP2STR' Mar 24 09:28:54.273210 osdx ulogd[35162]: registering plugin `PRINTFLOW' Mar 24 09:28:54.273295 osdx ulogd[35162]: registering plugin `SYSLOG' Mar 24 09:28:54.273329 osdx ulogd[35162]: building new pluginstance stack: 'ct1:NFCT,ip2str1:IP2STR,print1:PRINTFLOW,sys1:SYSLOG' Mar 24 09:28:54.273424 osdx ulogd[35162]: NFCT plugin working in event mode Mar 24 09:28:54.273465 osdx ulogd[35162]: Changing UID / GID Mar 24 09:28:54.273578 osdx ulogd[35162]: initialization finished, entering main loop Mar 24 09:28:54.274180 osdx cfgd[1474]: [32276]Completed change to active configuration Mar 24 09:28:54.285703 osdx OSDxCLI[32276]: User 'admin' committed the configuration. Mar 24 09:28:54.302321 osdx OSDxCLI[32276]: User 'admin' left the configuration menu. Mar 24 09:28:55.079067 osdx ulogd[35162]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 Mar 24 09:28:55.155683 osdx ulogd[35162]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0
Destroy events
Description
Check DESTROY sessions events are captured
Scenario
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 192.168.100.1/24 set service ssh set system conntrack logging events destroy set system conntrack timeout icmp 1 set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 2: Set the following configuration in DUT1 :
set interfaces ethernet eth0 address 192.168.100.2/24 set protocols static route 0.0.0.0/0 next-hop 192.168.100.1 set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 3: Ping IP address 192.168.100.1 from DUT1:
admin@DUT1$ ping 192.168.100.1 count 1 size 56 timeout 1Show output
PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data. 64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.332 ms --- 192.168.100.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.332/0.332/0.332/0.000 ms
Step 4: Ping IP address 192.168.100.1 from DUT1:
admin@DUT1$ ping 192.168.100.1 count 3 size 56 timeout 1Show output
PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data. 64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.234 ms 64 bytes from 192.168.100.1: icmp_seq=2 ttl=64 time=0.280 ms 64 bytes from 192.168.100.1: icmp_seq=3 ttl=64 time=0.281 ms --- 192.168.100.1 ping statistics --- 3 packets transmitted, 3 received, 0% packet loss, time 2044ms rtt min/avg/max/mdev = 0.234/0.265/0.281/0.021 ms
Step 5: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
ulogd\[.*\]:.*\[DESTROY\].*SRC=192.168.100.2Show output
Mar 24 09:28:59.000191 osdx systemd-timedated[28747]: Changed local time to Tue 2026-03-24 09:28:59 UTC Mar 24 09:28:59.001735 osdx OSDxCLI[32276]: User 'admin' executed a new command: 'set date 2026-03-24 09:28:59'. Mar 24 09:28:59.003761 osdx systemd-journald[1775]: Time jumped backwards, rotating. Mar 24 09:28:59.298840 osdx sudo[35320]: pam_limits(sudo:session): invalid line '@200:215 hard maxlogins ' - skipped Mar 24 09:28:59.302099 osdx systemd-journald[1775]: Runtime Journal (/run/log/journal/7e3c4dd6c8d74b1c9c9747e610a7f242) is 1.9M, max 13.8M, 11.9M free. Mar 24 09:28:59.303765 osdx systemd-journald[1775]: Received client request to rotate journal, rotating. Mar 24 09:28:59.303839 osdx systemd-journald[1775]: Vacuuming done, freed 0B of archived journals from /run/log/journal/7e3c4dd6c8d74b1c9c9747e610a7f242. Mar 24 09:28:59.307050 osdx sudo[35319]: pam_limits(sudo:session): invalid line '@200:215 hard maxlogins ' - skipped Mar 24 09:28:59.316162 osdx OSDxCLI[32276]: User 'admin' executed a new command: 'system journal clear'. Mar 24 09:28:59.605663 osdx OSDxCLI[32276]: User 'admin' executed a new command: 'system coredump delete all'. Mar 24 09:28:59.833525 osdx OSDxCLI[32276]: User 'admin' entered the configuration menu. Mar 24 09:28:59.981259 osdx OSDxCLI[32276]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 192.168.100.1/24'. Mar 24 09:29:00.035063 osdx OSDxCLI[32276]: User 'admin' added a new cfg line: 'set system conntrack logging events destroy'. Mar 24 09:29:00.131931 osdx OSDxCLI[32276]: User 'admin' added a new cfg line: 'set system conntrack timeout icmp 1'. Mar 24 09:29:00.187338 osdx OSDxCLI[32276]: User 'admin' added a new cfg line: 'set service ssh'. Mar 24 09:29:00.299612 osdx OSDxCLI[32276]: User 'admin' added a new cfg line: 'show working'. Mar 24 09:29:00.364315 osdx ubnt-cfgd[35346]: inactive Mar 24 09:29:00.392663 osdx INFO[35360]: FRR daemons did not change Mar 24 09:29:00.487269 osdx sudo[35450]: pam_limits(sudo:session): invalid line '@200:215 hard maxlogins ' - skipped Mar 24 09:29:00.520074 osdx systemd[1]: Starting ulogd2.service - Netfilter Userspace Logging Daemon... Mar 24 09:29:00.521151 osdx systemd[1]: ulogd2.service: Failed to parse PID from file /run/ulog/ulogd.pid: Invalid argument Mar 24 09:29:00.521500 osdx systemd[1]: Started ulogd2.service - Netfilter Userspace Logging Daemon. Mar 24 09:29:00.522663 osdx ulogd[35453]: registering plugin `NFCT' Mar 24 09:29:00.522893 osdx ulogd[35453]: registering plugin `IP2STR' Mar 24 09:29:00.522972 osdx ulogd[35453]: registering plugin `PRINTFLOW' Mar 24 09:29:00.523046 osdx ulogd[35453]: registering plugin `SYSLOG' Mar 24 09:29:00.523080 osdx ulogd[35453]: building new pluginstance stack: 'ct1:NFCT,ip2str1:IP2STR,print1:PRINTFLOW,sys1:SYSLOG' Mar 24 09:29:00.523155 osdx ulogd[35453]: NFCT plugin working in event mode Mar 24 09:29:00.523194 osdx ulogd[35453]: Changing UID / GID Mar 24 09:29:00.523308 osdx ulogd[35453]: initialization finished, entering main loop Mar 24 09:29:00.574927 osdx CRON[35458]: pam_limits(cron:session): invalid line '@200:215 hard maxlogins ' - skipped Mar 24 09:29:00.584134 osdx systemd[1]: Starting ssh.service - OpenBSD Secure Shell server... Mar 24 09:29:00.596479 osdx sshd[35461]: Server listening on 0.0.0.0 port 22. Mar 24 09:29:00.596732 osdx sshd[35461]: Server listening on :: port 22. Mar 24 09:29:00.596856 osdx systemd[1]: Started ssh.service - OpenBSD Secure Shell server. Mar 24 09:29:00.617146 osdx cfgd[1474]: [32276]Completed change to active configuration Mar 24 09:29:00.629931 osdx OSDxCLI[32276]: User 'admin' committed the configuration. Mar 24 09:29:00.658353 osdx OSDxCLI[32276]: User 'admin' left the configuration menu. Mar 24 09:29:02.601382 osdx ulogd[35453]: [DESTROY] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 Mar 24 09:29:03.625393 osdx ulogd[35453]: [DESTROY] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84
Default logging
Description
Set a simple configuration, send a ping command from one device to other
and check that default fields appear when running system journal show.
Scenario
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 192.168.100.1/24 set system conntrack logging events all set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 2: Set the following configuration in DUT1 :
set interfaces ethernet eth0 address 192.168.100.2/24 set protocols static route 0.0.0.0/0 next-hop 192.168.100.1 set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 3: Ping IP address 192.168.100.1 from DUT1:
admin@DUT1$ ping 192.168.100.1 count 1 size 56 timeout 1Show output
PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data. 64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.315 ms --- 192.168.100.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.315/0.315/0.315/0.000 ms
Step 4: Ping IP address 192.168.100.1 from DUT1:
admin@DUT1$ ping 192.168.100.1 count 1 size 56 timeout 1Show output
PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data. 64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.239 ms --- 192.168.100.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.239/0.239/0.239/0.000 ms
Step 5: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
ulogd\[.*\]:.*\[((NEW)|(UPDATE)|(DESTROY))\].*SRC=192.168.100.2Show output
Mar 24 09:29:11.344733 osdx systemd-journald[1775]: Runtime Journal (/run/log/journal/7e3c4dd6c8d74b1c9c9747e610a7f242) is 1.9M, max 13.8M, 11.8M free. Mar 24 09:29:11.348444 osdx systemd-journald[1775]: Received client request to rotate journal, rotating. Mar 24 09:29:11.348502 osdx systemd-journald[1775]: Vacuuming done, freed 0B of archived journals from /run/log/journal/7e3c4dd6c8d74b1c9c9747e610a7f242. Mar 24 09:29:11.348723 osdx sudo[35644]: pam_limits(sudo:session): invalid line '@200:215 hard maxlogins ' - skipped Mar 24 09:29:11.355900 osdx OSDxCLI[32276]: User 'admin' executed a new command: 'system journal clear'. Mar 24 09:29:11.585651 osdx OSDxCLI[32276]: User 'admin' executed a new command: 'system coredump delete all'. Mar 24 09:29:11.813519 osdx OSDxCLI[32276]: User 'admin' entered the configuration menu. Mar 24 09:29:11.894055 osdx OSDxCLI[32276]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 192.168.100.1/24'. Mar 24 09:29:11.978407 osdx OSDxCLI[32276]: User 'admin' added a new cfg line: 'set system conntrack logging events all'. Mar 24 09:29:12.045235 osdx OSDxCLI[32276]: User 'admin' added a new cfg line: 'show working'. Mar 24 09:29:12.139430 osdx ubnt-cfgd[35669]: inactive Mar 24 09:29:12.159838 osdx INFO[35677]: FRR daemons did not change Mar 24 09:29:12.308671 osdx sudo[35765]: pam_limits(sudo:session): invalid line '@200:215 hard maxlogins ' - skipped Mar 24 09:29:12.328707 osdx systemd[1]: Starting ulogd2.service - Netfilter Userspace Logging Daemon... Mar 24 09:29:12.329613 osdx systemd[1]: ulogd2.service: Failed to parse PID from file /run/ulog/ulogd.pid: Invalid argument Mar 24 09:29:12.332678 osdx ulogd[35768]: registering plugin `NFCT' Mar 24 09:29:12.332857 osdx ulogd[35768]: registering plugin `IP2STR' Mar 24 09:29:12.332929 osdx ulogd[35768]: registering plugin `PRINTFLOW' Mar 24 09:29:12.332997 osdx ulogd[35768]: registering plugin `SYSLOG' Mar 24 09:29:12.333031 osdx ulogd[35768]: building new pluginstance stack: 'ct1:NFCT,ip2str1:IP2STR,print1:PRINTFLOW,sys1:SYSLOG' Mar 24 09:29:12.333102 osdx ulogd[35768]: NFCT plugin working in event mode Mar 24 09:29:12.333137 osdx ulogd[35768]: Changing UID / GID Mar 24 09:29:12.333227 osdx ulogd[35768]: initialization finished, entering main loop Mar 24 09:29:12.340458 osdx systemd[1]: Started ulogd2.service - Netfilter Userspace Logging Daemon. Mar 24 09:29:12.341648 osdx cfgd[1474]: [32276]Completed change to active configuration Mar 24 09:29:12.355546 osdx OSDxCLI[32276]: User 'admin' committed the configuration. Mar 24 09:29:12.373075 osdx OSDxCLI[32276]: User 'admin' left the configuration menu. Mar 24 09:29:13.202942 osdx ulogd[35768]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 Mar 24 09:29:13.202959 osdx ulogd[35768]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 Mar 24 09:29:13.283842 osdx ulogd[35768]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 Mar 24 09:29:13.283859 osdx ulogd[35768]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0
Identity logging
Description
Set a simple configuration with identity OSDx_DUT0 for logs entries, send a ping command from one device to other
and check that the identity has changed when running system journal show.
Scenario
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 192.168.100.1/24 set system conntrack logging events all set system conntrack logging identity OSDx_DUT0 set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 2: Set the following configuration in DUT1 :
set interfaces ethernet eth0 address 192.168.100.2/24 set protocols static route 0.0.0.0/0 next-hop 192.168.100.1 set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 3: Ping IP address 192.168.100.1 from DUT1:
admin@DUT1$ ping 192.168.100.1 count 1 size 56 timeout 1Show output
PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data. 64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.338 ms --- 192.168.100.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.338/0.338/0.338/0.000 ms
Step 4: Ping IP address 192.168.100.1 from DUT1:
admin@DUT1$ ping 192.168.100.1 count 1 size 56 timeout 1Show output
PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data. 64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.247 ms --- 192.168.100.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.247/0.247/0.247/0.000 ms
Step 5: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
OSDx_DUT0\[.*\]:.*\[((NEW)|(UPDATE)|(DESTROY))\].*SRC=192.168.100.2Show output
Mar 24 09:29:17.000201 osdx systemd-timedated[28747]: Changed local time to Tue 2026-03-24 09:29:17 UTC Mar 24 09:29:17.001214 osdx systemd-journald[1775]: Time jumped backwards, rotating. Mar 24 09:29:17.001443 osdx OSDxCLI[32276]: User 'admin' executed a new command: 'set date 2026-03-24 09:29:17'. Mar 24 09:29:17.296807 osdx sudo[35926]: pam_limits(sudo:session): invalid line '@200:215 hard maxlogins ' - skipped Mar 24 09:29:17.300797 osdx systemd-journald[1775]: Runtime Journal (/run/log/journal/7e3c4dd6c8d74b1c9c9747e610a7f242) is 1.8M, max 13.8M, 11.9M free. Mar 24 09:29:17.301321 osdx systemd-journald[1775]: Received client request to rotate journal, rotating. Mar 24 09:29:17.301363 osdx systemd-journald[1775]: Vacuuming done, freed 0B of archived journals from /run/log/journal/7e3c4dd6c8d74b1c9c9747e610a7f242. Mar 24 09:29:17.305024 osdx sudo[35925]: pam_limits(sudo:session): invalid line '@200:215 hard maxlogins ' - skipped Mar 24 09:29:17.310946 osdx OSDxCLI[32276]: User 'admin' executed a new command: 'system journal clear'. Mar 24 09:29:17.539532 osdx OSDxCLI[32276]: User 'admin' executed a new command: 'system coredump delete all'. Mar 24 09:29:17.757321 osdx OSDxCLI[32276]: User 'admin' entered the configuration menu. Mar 24 09:29:17.833451 osdx OSDxCLI[32276]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 192.168.100.1/24'. Mar 24 09:29:17.917045 osdx OSDxCLI[32276]: User 'admin' added a new cfg line: 'set system conntrack logging events all'. Mar 24 09:29:17.975427 osdx OSDxCLI[32276]: User 'admin' added a new cfg line: 'set system conntrack logging identity OSDx_DUT0'. Mar 24 09:29:18.078541 osdx OSDxCLI[32276]: User 'admin' added a new cfg line: 'show working'. Mar 24 09:29:18.140552 osdx ubnt-cfgd[35951]: inactive Mar 24 09:29:18.163401 osdx INFO[35959]: FRR daemons did not change Mar 24 09:29:18.246552 osdx sudo[36047]: pam_limits(sudo:session): invalid line '@200:215 hard maxlogins ' - skipped Mar 24 09:29:18.281398 osdx systemd[1]: Starting ulogd2.service - Netfilter Userspace Logging Daemon... Mar 24 09:29:18.282649 osdx systemd[1]: ulogd2.service: Failed to parse PID from file /run/ulog/ulogd.pid: Invalid argument Mar 24 09:29:18.283191 osdx ulogd[36050]: registering plugin `NFCT' Mar 24 09:29:18.283233 osdx ulogd[36050]: registering plugin `IP2STR' Mar 24 09:29:18.283274 osdx ulogd[36050]: registering plugin `PRINTFLOW' Mar 24 09:29:18.283323 osdx ulogd[36050]: registering plugin `SYSLOG' Mar 24 09:29:18.283327 osdx ulogd[36050]: building new pluginstance stack: 'ct1:NFCT,ip2str1:IP2STR,print1:PRINTFLOW,sys1:SYSLOG' Mar 24 09:29:18.283367 osdx ulogd[36050]: NFCT plugin working in event mode Mar 24 09:29:18.283374 osdx OSDx_DUT0[36050]: Changing UID / GID Mar 24 09:29:18.283452 osdx OSDx_DUT0[36050]: initialization finished, entering main loop Mar 24 09:29:18.289067 osdx systemd[1]: Started ulogd2.service - Netfilter Userspace Logging Daemon. Mar 24 09:29:18.290612 osdx cfgd[1474]: [32276]Completed change to active configuration Mar 24 09:29:18.305060 osdx OSDxCLI[32276]: User 'admin' committed the configuration. Mar 24 09:29:18.334379 osdx OSDxCLI[32276]: User 'admin' left the configuration menu. Mar 24 09:29:19.238467 osdx OSDx_DUT0[36050]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 Mar 24 09:29:19.238489 osdx OSDx_DUT0[36050]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 Mar 24 09:29:19.323159 osdx OSDx_DUT0[36050]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 Mar 24 09:29:19.323183 osdx OSDx_DUT0[36050]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0
Note
If the identity is not provided, “ulogd” will be used by default.
Step 6: Modify the following configuration lines in DUT0 :
delete system conntrack logging identity
Step 7: Ping IP address 192.168.100.1 from DUT1:
admin@DUT1$ ping 192.168.100.1 count 1 size 56 timeout 1Show output
PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data. 64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.250 ms --- 192.168.100.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.250/0.250/0.250/0.000 ms
Step 8: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
ulogd\[.*\]:.*\[((NEW)|(UPDATE)|(DESTROY))\].*SRC=192.168.100.2Show output
Mar 24 09:29:17.000201 osdx systemd-timedated[28747]: Changed local time to Tue 2026-03-24 09:29:17 UTC Mar 24 09:29:17.001214 osdx systemd-journald[1775]: Time jumped backwards, rotating. Mar 24 09:29:17.001443 osdx OSDxCLI[32276]: User 'admin' executed a new command: 'set date 2026-03-24 09:29:17'. Mar 24 09:29:17.296807 osdx sudo[35926]: pam_limits(sudo:session): invalid line '@200:215 hard maxlogins ' - skipped Mar 24 09:29:17.300797 osdx systemd-journald[1775]: Runtime Journal (/run/log/journal/7e3c4dd6c8d74b1c9c9747e610a7f242) is 1.8M, max 13.8M, 11.9M free. Mar 24 09:29:17.301321 osdx systemd-journald[1775]: Received client request to rotate journal, rotating. Mar 24 09:29:17.301363 osdx systemd-journald[1775]: Vacuuming done, freed 0B of archived journals from /run/log/journal/7e3c4dd6c8d74b1c9c9747e610a7f242. Mar 24 09:29:17.305024 osdx sudo[35925]: pam_limits(sudo:session): invalid line '@200:215 hard maxlogins ' - skipped Mar 24 09:29:17.310946 osdx OSDxCLI[32276]: User 'admin' executed a new command: 'system journal clear'. Mar 24 09:29:17.539532 osdx OSDxCLI[32276]: User 'admin' executed a new command: 'system coredump delete all'. Mar 24 09:29:17.757321 osdx OSDxCLI[32276]: User 'admin' entered the configuration menu. Mar 24 09:29:17.833451 osdx OSDxCLI[32276]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 192.168.100.1/24'. Mar 24 09:29:17.917045 osdx OSDxCLI[32276]: User 'admin' added a new cfg line: 'set system conntrack logging events all'. Mar 24 09:29:17.975427 osdx OSDxCLI[32276]: User 'admin' added a new cfg line: 'set system conntrack logging identity OSDx_DUT0'. Mar 24 09:29:18.078541 osdx OSDxCLI[32276]: User 'admin' added a new cfg line: 'show working'. Mar 24 09:29:18.140552 osdx ubnt-cfgd[35951]: inactive Mar 24 09:29:18.163401 osdx INFO[35959]: FRR daemons did not change Mar 24 09:29:18.246552 osdx sudo[36047]: pam_limits(sudo:session): invalid line '@200:215 hard maxlogins ' - skipped Mar 24 09:29:18.281398 osdx systemd[1]: Starting ulogd2.service - Netfilter Userspace Logging Daemon... Mar 24 09:29:18.282649 osdx systemd[1]: ulogd2.service: Failed to parse PID from file /run/ulog/ulogd.pid: Invalid argument Mar 24 09:29:18.283191 osdx ulogd[36050]: registering plugin `NFCT' Mar 24 09:29:18.283233 osdx ulogd[36050]: registering plugin `IP2STR' Mar 24 09:29:18.283274 osdx ulogd[36050]: registering plugin `PRINTFLOW' Mar 24 09:29:18.283323 osdx ulogd[36050]: registering plugin `SYSLOG' Mar 24 09:29:18.283327 osdx ulogd[36050]: building new pluginstance stack: 'ct1:NFCT,ip2str1:IP2STR,print1:PRINTFLOW,sys1:SYSLOG' Mar 24 09:29:18.283367 osdx ulogd[36050]: NFCT plugin working in event mode Mar 24 09:29:18.283374 osdx OSDx_DUT0[36050]: Changing UID / GID Mar 24 09:29:18.283452 osdx OSDx_DUT0[36050]: initialization finished, entering main loop Mar 24 09:29:18.289067 osdx systemd[1]: Started ulogd2.service - Netfilter Userspace Logging Daemon. Mar 24 09:29:18.290612 osdx cfgd[1474]: [32276]Completed change to active configuration Mar 24 09:29:18.305060 osdx OSDxCLI[32276]: User 'admin' committed the configuration. Mar 24 09:29:18.334379 osdx OSDxCLI[32276]: User 'admin' left the configuration menu. Mar 24 09:29:19.238467 osdx OSDx_DUT0[36050]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 Mar 24 09:29:19.238489 osdx OSDx_DUT0[36050]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 Mar 24 09:29:19.323159 osdx OSDx_DUT0[36050]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 Mar 24 09:29:19.323183 osdx OSDx_DUT0[36050]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 Mar 24 09:29:19.419222 osdx OSDxCLI[32276]: User 'admin' executed a new command: 'system journal show | cat'. Mar 24 09:29:19.569399 osdx OSDxCLI[32276]: User 'admin' entered the configuration menu. Mar 24 09:29:19.631358 osdx OSDxCLI[32276]: User 'admin' added a new cfg line: 'delete system conntrack logging identity'. Mar 24 09:29:19.734367 osdx OSDxCLI[32276]: User 'admin' added a new cfg line: 'show changes'. Mar 24 09:29:19.802333 osdx ubnt-cfgd[36086]: inactive Mar 24 09:29:19.821942 osdx INFO[36092]: FRR daemons did not change Mar 24 09:29:19.828541 osdx sudo[36097]: pam_limits(sudo:session): invalid line '@200:215 hard maxlogins ' - skipped Mar 24 09:29:19.832095 osdx systemd[1]: Stopping ulogd2.service - Netfilter Userspace Logging Daemon... Mar 24 09:29:19.832197 osdx OSDx_DUT0[36050]: Terminal signal received, exiting Mar 24 09:29:19.832531 osdx systemd[1]: ulogd2.service: Deactivated successfully. Mar 24 09:29:19.832641 osdx systemd[1]: Stopped ulogd2.service - Netfilter Userspace Logging Daemon. Mar 24 09:29:19.853431 osdx systemd[1]: Starting ulogd2.service - Netfilter Userspace Logging Daemon... Mar 24 09:29:19.854339 osdx systemd[1]: Started ulogd2.service - Netfilter Userspace Logging Daemon. Mar 24 09:29:19.854897 osdx ulogd[36101]: registering plugin `NFCT' Mar 24 09:29:19.854947 osdx ulogd[36101]: registering plugin `IP2STR' Mar 24 09:29:19.854982 osdx ulogd[36101]: registering plugin `PRINTFLOW' Mar 24 09:29:19.855019 osdx ulogd[36101]: registering plugin `SYSLOG' Mar 24 09:29:19.855022 osdx ulogd[36101]: building new pluginstance stack: 'ct1:NFCT,ip2str1:IP2STR,print1:PRINTFLOW,sys1:SYSLOG' Mar 24 09:29:19.855063 osdx ulogd[36101]: NFCT plugin working in event mode Mar 24 09:29:19.855070 osdx ulogd[36101]: Changing UID / GID Mar 24 09:29:19.855131 osdx ulogd[36101]: initialization finished, entering main loop Mar 24 09:29:19.855778 osdx cfgd[1474]: [32276]Completed change to active configuration Mar 24 09:29:19.857241 osdx ulogd[36101]: [DESTROY] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 Mar 24 09:29:19.857257 osdx ulogd[36101]: [DESTROY] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 Mar 24 09:29:19.857883 osdx OSDxCLI[32276]: User 'admin' committed the configuration. Mar 24 09:29:19.907679 osdx OSDxCLI[32276]: User 'admin' left the configuration menu. Mar 24 09:29:20.035307 osdx ulogd[36101]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 Mar 24 09:29:20.035326 osdx ulogd[36101]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0
Policies logging
Description
Set a simple configuration with mark and label traffic policies,
send a ping command from one device to other
and check that default, mark and label fields appear when running system journal show.
Scenario
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 192.168.100.1/24 set interfaces ethernet eth0 traffic policy in POLICY set system conntrack logging events all set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0' set traffic label TEST set traffic policy POLICY rule 1 set connmark 33 set traffic policy POLICY rule 1 set label TEST
Step 2: Set the following configuration in DUT1 :
set interfaces ethernet eth0 address 192.168.100.2/24 set protocols static route 0.0.0.0/0 next-hop 192.168.100.1 set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 3: Ping IP address 192.168.100.1 from DUT1:
admin@DUT1$ ping 192.168.100.1 count 1 size 56 timeout 1Show output
PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data. 64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.349 ms --- 192.168.100.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.349/0.349/0.349/0.000 ms
Step 4: Ping IP address 192.168.100.1 from DUT1:
admin@DUT1$ ping 192.168.100.1 count 2 size 56 timeout 1Show output
PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data. 64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.261 ms 64 bytes from 192.168.100.1: icmp_seq=2 ttl=64 time=0.281 ms --- 192.168.100.1 ping statistics --- 2 packets transmitted, 2 received, 0% packet loss, time 1007ms rtt min/avg/max/mdev = 0.261/0.271/0.281/0.010 ms
Step 5: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
ulogd\[.*\]:.*\[((NEW)|(UPDATE)|(DESTROY))\].*MARK=33.*LABELS=TESTShow output
Mar 24 09:29:24.000187 osdx systemd-timedated[28747]: Changed local time to Tue 2026-03-24 09:29:24 UTC Mar 24 09:29:24.000820 osdx systemd-journald[1775]: Time jumped backwards, rotating. Mar 24 09:29:24.001857 osdx OSDxCLI[32276]: User 'admin' executed a new command: 'set date 2026-03-24 09:29:24'. Mar 24 09:29:24.316810 osdx sudo[36235]: pam_limits(sudo:session): invalid line '@200:215 hard maxlogins ' - skipped Mar 24 09:29:24.319757 osdx systemd-journald[1775]: Runtime Journal (/run/log/journal/7e3c4dd6c8d74b1c9c9747e610a7f242) is 1.9M, max 13.8M, 11.8M free. Mar 24 09:29:24.320827 osdx systemd-journald[1775]: Received client request to rotate journal, rotating. Mar 24 09:29:24.320874 osdx systemd-journald[1775]: Vacuuming done, freed 0B of archived journals from /run/log/journal/7e3c4dd6c8d74b1c9c9747e610a7f242. Mar 24 09:29:24.324914 osdx sudo[36234]: pam_limits(sudo:session): invalid line '@200:215 hard maxlogins ' - skipped Mar 24 09:29:24.332785 osdx OSDxCLI[32276]: User 'admin' executed a new command: 'system journal clear'. Mar 24 09:29:24.548579 osdx OSDxCLI[32276]: User 'admin' executed a new command: 'system coredump delete all'. Mar 24 09:29:24.824979 osdx OSDxCLI[32276]: User 'admin' entered the configuration menu. Mar 24 09:29:24.907774 osdx OSDxCLI[32276]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 traffic policy in POLICY'. Mar 24 09:29:24.989154 osdx OSDxCLI[32276]: User 'admin' added a new cfg line: 'set traffic label TEST'. Mar 24 09:29:25.052155 osdx OSDxCLI[32276]: User 'admin' added a new cfg line: 'set traffic policy POLICY rule 1 set connmark 33'. Mar 24 09:29:25.150607 osdx OSDxCLI[32276]: User 'admin' added a new cfg line: 'set traffic policy POLICY rule 1 set label TEST'. Mar 24 09:29:25.208991 osdx OSDxCLI[32276]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 192.168.100.1/24'. Mar 24 09:29:25.335279 osdx OSDxCLI[32276]: User 'admin' added a new cfg line: 'set system conntrack logging events all'. Mar 24 09:29:25.400700 osdx OSDxCLI[32276]: User 'admin' added a new cfg line: 'show working'. Mar 24 09:29:25.500765 osdx ubnt-cfgd[36263]: inactive Mar 24 09:29:25.526732 osdx INFO[36277]: FRR daemons did not change Mar 24 09:29:25.618003 osdx sudo[36365]: pam_limits(sudo:session): invalid line '@200:215 hard maxlogins ' - skipped Mar 24 09:29:25.653080 osdx systemd[1]: Starting ulogd2.service - Netfilter Userspace Logging Daemon... Mar 24 09:29:25.654253 osdx systemd[1]: ulogd2.service: Failed to parse PID from file /run/ulog/ulogd.pid: Invalid argument Mar 24 09:29:25.654552 osdx systemd[1]: Started ulogd2.service - Netfilter Userspace Logging Daemon. Mar 24 09:29:25.655437 osdx ulogd[36368]: registering plugin `NFCT' Mar 24 09:29:25.655630 osdx ulogd[36368]: registering plugin `IP2STR' Mar 24 09:29:25.655690 osdx ulogd[36368]: registering plugin `PRINTFLOW' Mar 24 09:29:25.655749 osdx ulogd[36368]: registering plugin `SYSLOG' Mar 24 09:29:25.655770 osdx ulogd[36368]: building new pluginstance stack: 'ct1:NFCT,ip2str1:IP2STR,print1:PRINTFLOW,sys1:SYSLOG' Mar 24 09:29:25.655829 osdx ulogd[36368]: NFCT plugin working in event mode Mar 24 09:29:25.655853 osdx ulogd[36368]: Changing UID / GID Mar 24 09:29:25.655933 osdx ulogd[36368]: initialization finished, entering main loop Mar 24 09:29:25.662839 osdx sudo[36371]: pam_limits(sudo:session): invalid line '@200:215 hard maxlogins ' - skipped Mar 24 09:29:25.666500 osdx ulogd[36368]: Terminal signal received, exiting Mar 24 09:29:25.666549 osdx systemd[1]: Stopping ulogd2.service - Netfilter Userspace Logging Daemon... Mar 24 09:29:25.667083 osdx systemd[1]: ulogd2.service: Deactivated successfully. Mar 24 09:29:25.667174 osdx systemd[1]: Stopped ulogd2.service - Netfilter Userspace Logging Daemon. Mar 24 09:29:25.668021 osdx systemd[1]: Starting ulogd2.service - Netfilter Userspace Logging Daemon... Mar 24 09:29:25.668740 osdx systemd[1]: ulogd2.service: Failed to parse PID from file /run/ulog/ulogd.pid: Invalid argument Mar 24 09:29:25.669452 osdx ulogd[36374]: registering plugin `NFCT' Mar 24 09:29:25.669680 osdx ulogd[36374]: registering plugin `IP2STR' Mar 24 09:29:25.669765 osdx ulogd[36374]: registering plugin `PRINTFLOW' Mar 24 09:29:25.669855 osdx ulogd[36374]: registering plugin `SYSLOG' Mar 24 09:29:25.669891 osdx ulogd[36374]: building new pluginstance stack: 'ct1:NFCT,ip2str1:IP2STR,print1:PRINTFLOW,sys1:SYSLOG' Mar 24 09:29:25.669975 osdx ulogd[36374]: NFCT plugin working in event mode Mar 24 09:29:25.670013 osdx ulogd[36374]: Changing UID / GID Mar 24 09:29:25.670119 osdx ulogd[36374]: initialization finished, entering main loop Mar 24 09:29:25.688881 osdx systemd[1]: Started ulogd2.service - Netfilter Userspace Logging Daemon. Mar 24 09:29:25.869803 osdx cfgd[1474]: [32276]Completed change to active configuration Mar 24 09:29:25.883936 osdx OSDxCLI[32276]: User 'admin' committed the configuration. Mar 24 09:29:25.899932 osdx OSDxCLI[32276]: User 'admin' left the configuration menu. Mar 24 09:29:26.691473 osdx ulogd[36374]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 MARK=33 LABELS=TEST Mar 24 09:29:26.691496 osdx ulogd[36374]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 MARK=33 Mar 24 09:29:26.766954 osdx ulogd[36374]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 MARK=33 LABELS=TEST Mar 24 09:29:26.766973 osdx ulogd[36374]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 MARK=33
VRF logging
Description
Set a simple configuration with a vrf,
send a ping command from one device to other
and check that default and vrf fields appear when running system journal show.
Scenario
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 192.168.100.1/24 set interfaces ethernet eth0 vrf RED set protocols vrf RED static route 0.0.0.0/0 next-hop 192.168.100.2 set system conntrack logging events all set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0' set system vrf RED
Step 2: Set the following configuration in DUT1 :
set interfaces ethernet eth0 address 192.168.100.2/24 set protocols static route 0.0.0.0/0 next-hop 192.168.100.1 set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 3: Ping IP address 192.168.100.1 from DUT1:
admin@DUT1$ ping 192.168.100.1 count 1 size 56 timeout 1Show output
PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data. 64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.301 ms --- 192.168.100.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.301/0.301/0.301/0.000 ms
Step 4: Ping IP address 192.168.100.1 from DUT1:
admin@DUT1$ ping 192.168.100.1 count 1 size 56 timeout 1Show output
PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data. 64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.246 ms --- 192.168.100.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.246/0.246/0.246/0.000 ms
Step 5: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
ulogd\[.*\]:.*\[((NEW)|(UPDATE)|(DESTROY))\].*VRF=REDShow output
Mar 24 09:29:32.000192 osdx systemd-timedated[28747]: Changed local time to Tue 2026-03-24 09:29:32 UTC Mar 24 09:29:32.000933 osdx systemd-journald[1775]: Time jumped backwards, rotating. Mar 24 09:29:32.001918 osdx OSDxCLI[32276]: User 'admin' executed a new command: 'set date 2026-03-24 09:29:32'. Mar 24 09:29:32.297850 osdx sudo[36574]: pam_limits(sudo:session): invalid line '@200:215 hard maxlogins ' - skipped Mar 24 09:29:32.300791 osdx systemd-journald[1775]: Runtime Journal (/run/log/journal/7e3c4dd6c8d74b1c9c9747e610a7f242) is 1.9M, max 13.8M, 11.8M free. Mar 24 09:29:32.301214 osdx systemd-journald[1775]: Received client request to rotate journal, rotating. Mar 24 09:29:32.301245 osdx systemd-journald[1775]: Vacuuming done, freed 0B of archived journals from /run/log/journal/7e3c4dd6c8d74b1c9c9747e610a7f242. Mar 24 09:29:32.304889 osdx sudo[36573]: pam_limits(sudo:session): invalid line '@200:215 hard maxlogins ' - skipped Mar 24 09:29:32.312176 osdx OSDxCLI[32276]: User 'admin' executed a new command: 'system journal clear'. Mar 24 09:29:32.534069 osdx OSDxCLI[32276]: User 'admin' executed a new command: 'system coredump delete all'. Mar 24 09:29:32.783989 osdx OSDxCLI[32276]: User 'admin' entered the configuration menu. Mar 24 09:29:32.862858 osdx OSDxCLI[32276]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 vrf RED'. Mar 24 09:29:32.953858 osdx OSDxCLI[32276]: User 'admin' added a new cfg line: 'set protocols vrf RED static route 0.0.0.0/0 next-hop 192.168.100.2'. Mar 24 09:29:33.007547 osdx OSDxCLI[32276]: User 'admin' added a new cfg line: 'set system vrf RED'. Mar 24 09:29:33.139798 osdx OSDxCLI[32276]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 192.168.100.1/24'. Mar 24 09:29:33.197733 osdx OSDxCLI[32276]: User 'admin' added a new cfg line: 'set system conntrack logging events all'. Mar 24 09:29:33.310477 osdx OSDxCLI[32276]: User 'admin' added a new cfg line: 'show working'. Mar 24 09:29:33.381634 osdx ubnt-cfgd[36601]: inactive Mar 24 09:29:33.407931 osdx INFO[36609]: FRR daemons did not change Mar 24 09:29:33.413727 osdx sudo[36614]: pam_limits(sudo:session): invalid line '@200:215 hard maxlogins ' - skipped Mar 24 09:29:33.418638 osdx (udev-worker)[36619]: RED: Could not disable auto negotiation, ignoring: Operation not supported Mar 24 09:29:33.418660 osdx (udev-worker)[36619]: Network interface NamePolicy= disabled on kernel command line. Mar 24 09:29:33.554565 osdx sudo[36772]: pam_limits(sudo:session): invalid line '@200:215 hard maxlogins ' - skipped Mar 24 09:29:33.585245 osdx systemd[1]: Starting ulogd2.service - Netfilter Userspace Logging Daemon... Mar 24 09:29:33.586159 osdx systemd[1]: ulogd2.service: Failed to parse PID from file /run/ulog/ulogd.pid: Invalid argument Mar 24 09:29:33.588967 osdx systemd[1]: Started ulogd2.service - Netfilter Userspace Logging Daemon. Mar 24 09:29:33.589186 osdx ulogd[36775]: registering plugin `NFCT' Mar 24 09:29:33.589380 osdx ulogd[36775]: registering plugin `IP2STR' Mar 24 09:29:33.589456 osdx ulogd[36775]: registering plugin `PRINTFLOW' Mar 24 09:29:33.589519 osdx ulogd[36775]: registering plugin `SYSLOG' Mar 24 09:29:33.589545 osdx ulogd[36775]: building new pluginstance stack: 'ct1:NFCT,ip2str1:IP2STR,print1:PRINTFLOW,sys1:SYSLOG' Mar 24 09:29:33.589606 osdx ulogd[36775]: NFCT plugin working in event mode Mar 24 09:29:33.589642 osdx ulogd[36775]: Changing UID / GID Mar 24 09:29:33.589725 osdx ulogd[36775]: initialization finished, entering main loop Mar 24 09:29:33.590174 osdx cfgd[1474]: [32276]Completed change to active configuration Mar 24 09:29:33.601026 osdx OSDxCLI[32276]: User 'admin' committed the configuration. Mar 24 09:29:33.617309 osdx OSDxCLI[32276]: User 'admin' left the configuration menu. Mar 24 09:29:34.523412 osdx ulogd[36775]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 VRF=RED PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 VRF=RED PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 Mar 24 09:29:34.523435 osdx ulogd[36775]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 VRF=RED PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 VRF=RED PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 Mar 24 09:29:34.601105 osdx ulogd[36775]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 VRF=RED PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 VRF=RED PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 Mar 24 09:29:34.601124 osdx ulogd[36775]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 VRF=RED PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 VRF=RED PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0
Not-Bypass logging
Description
Set a simple configuration with a firewall service,
send a ping command from one device to other
and check that default and bypass fields appear when running system journal show.
Scenario
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth1 address 10.215.168.64/24 set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 2: Ping IP address 10.215.168.1 from DUT0:
admin@DUT0$ ping 10.215.168.1 count 1 size 56 timeout 1Show output
PING 10.215.168.1 (10.215.168.1) 56(84) bytes of data. 64 bytes from 10.215.168.1: icmp_seq=1 ttl=64 time=0.207 ms --- 10.215.168.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.207/0.207/0.207/0.000 ms
Step 3: Run command file copy http://10.215.168.1/~robot/test-performance.rules running:// force at DUT0 and expect this output:
Show output
% Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 100 129 100 129 0 0 27946 0 --:--:-- --:--:-- --:--:-- 32250
Step 4: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 192.168.100.1/24 set interfaces ethernet eth0 traffic policy in POLICY set interfaces ethernet eth1 address 10.215.168.64/24 set service firewall FW mode inline queue FW_Q set service firewall FW ruleset file 'running://test-performance.rules' set service firewall FW stream bypass mark 129834765 set service firewall FW stream bypass mask 129834765 set service firewall FW stream bypass set-connmark set system conntrack logging events all set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0' set traffic policy POLICY rule 1 action enqueue FW_Q set traffic queue FW_Q elements 1
Step 5: Set the following configuration in DUT1 :
set interfaces ethernet eth0 address 192.168.100.2/24 set protocols static route 0.0.0.0/0 next-hop 192.168.100.1 set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 6: Ping IP address 192.168.100.1 from DUT1:
admin@DUT1$ ping 192.168.100.1 count 1 size 56 timeout 1Show output
PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data. 64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.432 ms --- 192.168.100.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.432/0.432/0.432/0.000 ms
Step 7: Ping IP address 192.168.100.1 from DUT1:
admin@DUT1$ ping 192.168.100.1 count 1 size 56 timeout 1Show output
PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data. 64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.331 ms --- 192.168.100.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.331/0.331/0.331/0.000 ms
Step 8: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
ulogd\[.*\]:.*\[((NEW)|(UPDATE)|(DESTROY))\].*Sc: not-bypassShow output
Mar 24 09:29:39.328920 osdx systemd-journald[1775]: Runtime Journal (/run/log/journal/7e3c4dd6c8d74b1c9c9747e610a7f242) is 1.9M, max 13.8M, 11.8M free. Mar 24 09:29:39.331063 osdx systemd-journald[1775]: Received client request to rotate journal, rotating. Mar 24 09:29:39.331116 osdx systemd-journald[1775]: Vacuuming done, freed 0B of archived journals from /run/log/journal/7e3c4dd6c8d74b1c9c9747e610a7f242. Mar 24 09:29:39.332669 osdx sudo[37015]: pam_limits(sudo:session): invalid line '@200:215 hard maxlogins ' - skipped Mar 24 09:29:39.338858 osdx OSDxCLI[32276]: User 'admin' executed a new command: 'system journal clear'. Mar 24 09:29:39.550023 osdx OSDxCLI[32276]: User 'admin' executed a new command: 'system coredump delete all'. Mar 24 09:29:39.803558 osdx OSDxCLI[32276]: User 'admin' entered the configuration menu. Mar 24 09:29:39.879952 osdx OSDxCLI[32276]: User 'admin' added a new cfg line: 'set interfaces ethernet eth1 address 10.215.168.64/24'. Mar 24 09:29:39.960684 osdx OSDxCLI[32276]: User 'admin' added a new cfg line: 'show working'. Mar 24 09:29:40.046477 osdx ubnt-cfgd[37039]: inactive Mar 24 09:29:40.066803 osdx INFO[37047]: FRR daemons did not change Mar 24 09:29:40.130823 osdx cfgd[1474]: [32276]Completed change to active configuration Mar 24 09:29:40.141383 osdx OSDxCLI[32276]: User 'admin' committed the configuration. Mar 24 09:29:40.158216 osdx OSDxCLI[32276]: User 'admin' left the configuration menu. Mar 24 09:29:40.309098 osdx OSDxCLI[32276]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'. Mar 24 09:29:40.375180 osdx sudo[37161]: pam_limits(sudo:session): invalid line '@200:215 hard maxlogins ' - skipped Mar 24 09:29:40.451871 osdx file_operation[37164]: using src url: http://10.215.168.1/~robot/test-performance.rules dst url: running:// Mar 24 09:29:40.473425 osdx sudo[37171]: pam_limits(sudo:session): invalid line '@200:215 hard maxlogins ' - skipped Mar 24 09:29:40.475344 osdx OSDxCLI[32276]: User 'admin' executed a new command: 'file copy http://10.215.168.1/~robot/test-performance.rules running:// force'. Mar 24 09:29:40.613042 osdx OSDxCLI[32276]: User 'admin' entered the configuration menu. Mar 24 09:29:40.677831 osdx OSDxCLI[32276]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 traffic policy in POLICY'. Mar 24 09:29:40.798801 osdx OSDxCLI[32276]: User 'admin' added a new cfg line: 'set service firewall FW mode inline queue FW_Q'. Mar 24 09:29:40.865270 osdx OSDxCLI[32276]: User 'admin' added a new cfg line: 'set service firewall FW ruleset file running://test-performance.rules'. Mar 24 09:29:40.973301 osdx OSDxCLI[32276]: User 'admin' added a new cfg line: 'set service firewall FW stream bypass'. Mar 24 09:29:41.039849 osdx OSDxCLI[32276]: User 'admin' added a new cfg line: 'set service firewall FW stream bypass mark 129834765'. Mar 24 09:29:41.138013 osdx OSDxCLI[32276]: User 'admin' added a new cfg line: 'set service firewall FW stream bypass mask 129834765'. Mar 24 09:29:41.192166 osdx OSDxCLI[32276]: User 'admin' added a new cfg line: 'set service firewall FW stream bypass set-connmark'. Mar 24 09:29:41.289984 osdx OSDxCLI[32276]: User 'admin' added a new cfg line: 'set traffic queue FW_Q elements 1'. Mar 24 09:29:41.347976 osdx OSDxCLI[32276]: User 'admin' added a new cfg line: 'set traffic policy POLICY rule 1 action enqueue FW_Q'. Mar 24 09:29:41.457423 osdx OSDxCLI[32276]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 192.168.100.1/24'. Mar 24 09:29:41.510943 osdx OSDxCLI[32276]: User 'admin' added a new cfg line: 'set system conntrack logging events all'. Mar 24 09:29:41.624467 osdx OSDxCLI[32276]: User 'admin' added a new cfg line: 'show working'. Mar 24 09:29:41.696355 osdx ubnt-cfgd[37198]: inactive Mar 24 09:29:41.741719 osdx INFO[37215]: FRR daemons did not change Mar 24 09:29:41.827024 osdx sudo[37303]: pam_limits(sudo:session): invalid line '@200:215 hard maxlogins ' - skipped Mar 24 09:29:41.859521 osdx systemd[1]: Starting ulogd2.service - Netfilter Userspace Logging Daemon... Mar 24 09:29:41.860760 osdx systemd[1]: Started ulogd2.service - Netfilter Userspace Logging Daemon. Mar 24 09:29:41.861191 osdx ulogd[37306]: registering plugin `NFCT' Mar 24 09:29:41.861538 osdx ulogd[37306]: registering plugin `IP2STR' Mar 24 09:29:41.861681 osdx ulogd[37306]: registering plugin `PRINTFLOW' Mar 24 09:29:41.861816 osdx ulogd[37306]: registering plugin `SYSLOG' Mar 24 09:29:41.861872 osdx ulogd[37306]: building new pluginstance stack: 'ct1:NFCT,ip2str1:IP2STR,print1:PRINTFLOW,sys1:SYSLOG' Mar 24 09:29:41.861999 osdx ulogd[37306]: NFCT plugin working in event mode Mar 24 09:29:41.862066 osdx ulogd[37306]: Changing UID / GID Mar 24 09:29:41.862233 osdx ulogd[37306]: initialization finished, entering main loop Mar 24 09:29:42.172062 osdx systemd[1]: Reloading. Mar 24 09:29:42.223068 osdx systemd-sysv-generator[37343]: stat() failed on /etc/init.d/README, ignoring: No such file or directory Mar 24 09:29:42.367684 osdx systemd[1]: Starting logrotate.service - Rotate log files... Mar 24 09:29:42.373637 osdx systemd[1]: Created slice system-suricata.slice - Slice /system/suricata. Mar 24 09:29:42.374879 osdx systemd[1]: Starting suricata@FW.service - Suricata client "FW" service... Mar 24 09:29:42.430596 osdx systemd[1]: logrotate.service: Deactivated successfully. Mar 24 09:29:42.430724 osdx systemd[1]: Finished logrotate.service - Rotate log files. Mar 24 09:29:42.662585 osdx systemd[1]: Started suricata@FW.service - Suricata client "FW" service. Mar 24 09:29:43.042799 osdx INFO[37325]: Rules successfully loaded Mar 24 09:29:43.051975 osdx sudo[37369]: pam_limits(sudo:session): invalid line '@200:215 hard maxlogins ' - skipped Mar 24 09:29:43.055490 osdx ulogd[37306]: Terminal signal received, exiting Mar 24 09:29:43.055546 osdx systemd[1]: Stopping ulogd2.service - Netfilter Userspace Logging Daemon... Mar 24 09:29:43.055922 osdx systemd[1]: ulogd2.service: Deactivated successfully. Mar 24 09:29:43.056016 osdx systemd[1]: Stopped ulogd2.service - Netfilter Userspace Logging Daemon. Mar 24 09:29:43.075344 osdx systemd[1]: Starting ulogd2.service - Netfilter Userspace Logging Daemon... Mar 24 09:29:43.076100 osdx systemd[1]: Started ulogd2.service - Netfilter Userspace Logging Daemon. Mar 24 09:29:43.076275 osdx ulogd[37373]: registering plugin `NFCT' Mar 24 09:29:43.076558 osdx ulogd[37373]: registering plugin `IP2STR' Mar 24 09:29:43.076610 osdx ulogd[37373]: registering plugin `PRINTFLOW' Mar 24 09:29:43.076662 osdx ulogd[37373]: registering plugin `SYSLOG' Mar 24 09:29:43.076666 osdx ulogd[37373]: building new pluginstance stack: 'ct1:NFCT,ip2str1:IP2STR,print1:PRINTFLOW,sys1:SYSLOG' Mar 24 09:29:43.076715 osdx ulogd[37373]: NFCT plugin working in event mode Mar 24 09:29:43.076723 osdx ulogd[37373]: Changing UID / GID Mar 24 09:29:43.076802 osdx ulogd[37373]: initialization finished, entering main loop Mar 24 09:29:43.078075 osdx cfgd[1474]: [32276]Completed change to active configuration Mar 24 09:29:43.089720 osdx OSDxCLI[32276]: User 'admin' committed the configuration. Mar 24 09:29:43.107079 osdx OSDxCLI[32276]: User 'admin' left the configuration menu. Mar 24 09:29:44.023183 osdx ulogd[37373]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 (Sc: not-bypass) Mar 24 09:29:44.023201 osdx ulogd[37373]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 (Sc: not-bypass) Mar 24 09:29:44.117025 osdx ulogd[37373]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 (Sc: not-bypass) Mar 24 09:29:44.117049 osdx ulogd[37373]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 (Sc: not-bypass)
Offload flag
Description
Set a simple configuration with DUT0 as an intermediary between DUT1
and DUT2. Initiate a ssh connection from DUT1 to DUT2
and check that default and offload fields appear when running system journal show.
Scenario
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 192.168.100.1/24 set interfaces ethernet eth1 address 192.168.200.1/24 set system conntrack logging events all set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 2: Set the following configuration in DUT1 :
set interfaces ethernet eth0 address 192.168.100.2/24 set protocols static route 0.0.0.0/0 next-hop 192.168.100.1 set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 3: Set the following configuration in DUT2 :
set interfaces ethernet eth0 address 192.168.200.2/24 set protocols static route 0.0.0.0/0 next-hop 192.168.200.1 set service ssh set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 4: Ping IP address 192.168.100.1 from DUT1:
admin@DUT1$ ping 192.168.100.1 count 1 size 56 timeout 1Show output
PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data. 64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.326 ms --- 192.168.100.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.326/0.326/0.326/0.000 ms
Step 5: Ping IP address 192.168.200.1 from DUT2:
admin@DUT2$ ping 192.168.200.1 count 1 size 56 timeout 1Show output
PING 192.168.200.1 (192.168.200.1) 56(84) bytes of data. 64 bytes from 192.168.200.1: icmp_seq=1 ttl=64 time=0.470 ms --- 192.168.200.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.470/0.470/0.470/0.000 ms
Step 6: Init an SSH connection from DUT1 to IP address 192.168.200.2 with the user admin:
admin@DUT1$ ssh admin@192.168.200.2 option StrictHostKeyChecking=no option UserKnownHostsFile=/dev/nullShow output
Warning: Permanently added '192.168.200.2' (ECDSA) to the list of known hosts. admin@192.168.200.2's password: Welcome to Teldat OSDx v4.2.4.9 This system includes free software. Contact Teldat for licenses information and source code. Last login: Tue Mar 24 09:24:44 2026 admin@osdx$
Step 7: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
ulogd\[.*\]:.*\[((NEW)|(UPDATE)|(DESTROY))\].*\[OFFLOAD\]Show output
Mar 24 09:29:51.317919 osdx systemd-journald[1775]: Runtime Journal (/run/log/journal/7e3c4dd6c8d74b1c9c9747e610a7f242) is 1.9M, max 13.8M, 11.8M free. Mar 24 09:29:51.318893 osdx systemd-journald[1775]: Received client request to rotate journal, rotating. Mar 24 09:29:51.318942 osdx systemd-journald[1775]: Vacuuming done, freed 0B of archived journals from /run/log/journal/7e3c4dd6c8d74b1c9c9747e610a7f242. Mar 24 09:29:51.323346 osdx sudo[37623]: pam_limits(sudo:session): invalid line '@200:215 hard maxlogins ' - skipped Mar 24 09:29:51.330340 osdx OSDxCLI[32276]: User 'admin' executed a new command: 'system journal clear'. Mar 24 09:29:51.571450 osdx OSDxCLI[32276]: User 'admin' executed a new command: 'system coredump delete all'. Mar 24 09:29:51.850679 osdx OSDxCLI[32276]: User 'admin' entered the configuration menu. Mar 24 09:29:51.940700 osdx OSDxCLI[32276]: User 'admin' added a new cfg line: 'set interfaces ethernet eth1 address 192.168.200.1/24'. Mar 24 09:29:52.013235 osdx OSDxCLI[32276]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 192.168.100.1/24'. Mar 24 09:29:52.115088 osdx OSDxCLI[32276]: User 'admin' added a new cfg line: 'set system conntrack logging events all'. Mar 24 09:29:52.207110 osdx OSDxCLI[32276]: User 'admin' added a new cfg line: 'show working'. Mar 24 09:29:52.301264 osdx ubnt-cfgd[37649]: inactive Mar 24 09:29:52.326933 osdx INFO[37659]: FRR daemons did not change Mar 24 09:29:52.481004 osdx sudo[37822]: pam_limits(sudo:session): invalid line '@200:215 hard maxlogins ' - skipped Mar 24 09:29:52.515277 osdx systemd[1]: Starting ulogd2.service - Netfilter Userspace Logging Daemon... Mar 24 09:29:52.516657 osdx systemd[1]: Started ulogd2.service - Netfilter Userspace Logging Daemon. Mar 24 09:29:52.516800 osdx ulogd[37825]: registering plugin `NFCT' Mar 24 09:29:52.517053 osdx ulogd[37825]: registering plugin `IP2STR' Mar 24 09:29:52.517654 osdx ulogd[37825]: registering plugin `PRINTFLOW' Mar 24 09:29:52.517761 osdx ulogd[37825]: registering plugin `SYSLOG' Mar 24 09:29:52.517800 osdx ulogd[37825]: building new pluginstance stack: 'ct1:NFCT,ip2str1:IP2STR,print1:PRINTFLOW,sys1:SYSLOG' Mar 24 09:29:52.517888 osdx ulogd[37825]: NFCT plugin working in event mode Mar 24 09:29:52.517930 osdx ulogd[37825]: Changing UID / GID Mar 24 09:29:52.518049 osdx ulogd[37825]: initialization finished, entering main loop Mar 24 09:29:52.518486 osdx cfgd[1474]: [32276]Completed change to active configuration Mar 24 09:29:52.531317 osdx OSDxCLI[32276]: User 'admin' committed the configuration. Mar 24 09:29:52.554893 osdx OSDxCLI[32276]: User 'admin' left the configuration menu. Mar 24 09:29:54.246980 osdx ulogd[37825]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 Mar 24 09:29:54.247005 osdx ulogd[37825]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 Mar 24 09:29:54.339171 osdx ulogd[37825]: [NEW] ORIG: SRC=192.168.200.2 DST=192.168.200.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.200.1 DST=192.168.200.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 Mar 24 09:29:54.339192 osdx ulogd[37825]: [UPDATE] ORIG: SRC=192.168.200.2 DST=192.168.200.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.200.1 DST=192.168.200.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 Mar 24 09:29:54.415623 osdx ulogd[37825]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.200.2 PROTO=TCP SPT=44924 DPT=22 PKTS=0 BYTES=0 , REPLY: SRC=192.168.200.2 DST=192.168.100.2 PROTO=TCP SPT=22 DPT=44924 PKTS=0 BYTES=0 Mar 24 09:29:54.415771 osdx ulogd[37825]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.200.2 PROTO=TCP SPT=44924 DPT=22 PKTS=0 BYTES=0 , REPLY: SRC=192.168.200.2 DST=192.168.100.2 PROTO=TCP SPT=22 DPT=44924 PKTS=0 BYTES=0 Mar 24 09:29:54.415880 osdx ulogd[37825]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.200.2 PROTO=TCP SPT=44924 DPT=22 PKTS=0 BYTES=0 , REPLY: SRC=192.168.200.2 DST=192.168.100.2 PROTO=TCP SPT=22 DPT=44924 PKTS=0 BYTES=0 [OFFLOAD] Mar 24 09:29:54.711699 osdx ulogd[37825]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.200.2 PROTO=TCP SPT=44924 DPT=22 PKTS=0 BYTES=0 , REPLY: SRC=192.168.200.2 DST=192.168.100.2 PROTO=TCP SPT=22 DPT=44924 PKTS=0 BYTES=0 Mar 24 09:29:54.711725 osdx ulogd[37825]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.200.2 PROTO=TCP SPT=44924 DPT=22 PKTS=0 BYTES=0 , REPLY: SRC=192.168.200.2 DST=192.168.100.2 PROTO=TCP SPT=22 DPT=44924 PKTS=0 BYTES=0 [OFFLOAD] Mar 24 09:29:54.713088 osdx ulogd[37825]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.200.2 PROTO=TCP SPT=44924 DPT=22 PKTS=0 BYTES=0 , REPLY: SRC=192.168.200.2 DST=192.168.100.2 PROTO=TCP SPT=22 DPT=44924 PKTS=0 BYTES=0 Mar 24 09:29:54.713176 osdx ulogd[37825]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.200.2 PROTO=TCP SPT=44924 DPT=22 PKTS=0 BYTES=0 , REPLY: SRC=192.168.200.2 DST=192.168.100.2 PROTO=TCP SPT=22 DPT=44924 PKTS=0 BYTES=0 [OFFLOAD]
App detect logging
Description
Set a simple configuration enabling app detection in system conntrack, send a ping command from DUT1
and check app detect field appears when running system journal show. After that, enabling app detection
in system conntrack for http host, try to copy index.html from a http server
and check that the app detect field appears and belongs to the http server when running system journal show.
Scenario
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 192.168.100.1/24 set system conntrack app-detect set system conntrack logging events all set system conntrack timeout icmp 1 set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 2: Set the following configuration in DUT1 :
set interfaces ethernet eth0 address 192.168.100.2/24 set protocols static route 0.0.0.0/0 next-hop 192.168.100.1 set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 3: Ping IP address 192.168.100.1 from DUT1:
admin@DUT1$ ping 192.168.100.1 count 1 size 56 timeout 1Show output
PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data. 64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.388 ms --- 192.168.100.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.388/0.388/0.388/0.000 ms
Step 4: Ping IP address 192.168.100.1 from DUT1:
admin@DUT1$ ping 192.168.100.1 count 3 size 56 timeout 1Show output
PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data. 64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.310 ms 64 bytes from 192.168.100.1: icmp_seq=2 ttl=64 time=0.279 ms 64 bytes from 192.168.100.1: icmp_seq=3 ttl=64 time=0.285 ms --- 192.168.100.1 ping statistics --- 3 packets transmitted, 3 received, 0% packet loss, time 2045ms rtt min/avg/max/mdev = 0.279/0.291/0.310/0.013 ms
Step 5: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
ulogd\[.*\]:.*\[NEW\].*APPDETECT\[L3:1\]Show output
Mar 24 09:29:59.295185 osdx systemd-journald[1775]: Runtime Journal (/run/log/journal/7e3c4dd6c8d74b1c9c9747e610a7f242) is 1.8M, max 13.8M, 11.9M free. Mar 24 09:29:59.298097 osdx systemd-journald[1775]: Received client request to rotate journal, rotating. Mar 24 09:29:59.298147 osdx systemd-journald[1775]: Vacuuming done, freed 0B of archived journals from /run/log/journal/7e3c4dd6c8d74b1c9c9747e610a7f242. Mar 24 09:29:59.299422 osdx sudo[38012]: pam_limits(sudo:session): invalid line '@200:215 hard maxlogins ' - skipped Mar 24 09:29:59.306027 osdx OSDxCLI[32276]: User 'admin' executed a new command: 'system journal clear'. Mar 24 09:29:59.512941 osdx OSDxCLI[32276]: User 'admin' executed a new command: 'system coredump delete all'. Mar 24 09:29:59.754413 osdx OSDxCLI[32276]: User 'admin' entered the configuration menu. Mar 24 09:29:59.826551 osdx OSDxCLI[32276]: User 'admin' added a new cfg line: 'set system conntrack app-detect'. Mar 24 09:29:59.925467 osdx OSDxCLI[32276]: User 'admin' added a new cfg line: 'set system conntrack timeout icmp 1'. Mar 24 09:30:00.005789 osdx OSDxCLI[32276]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 192.168.100.1/24'. Mar 24 09:30:00.085716 osdx OSDxCLI[32276]: User 'admin' added a new cfg line: 'set system conntrack logging events all'. Mar 24 09:30:00.174522 osdx OSDxCLI[32276]: User 'admin' added a new cfg line: 'show working'. Mar 24 09:30:00.284517 osdx ubnt-cfgd[38039]: inactive Mar 24 09:30:00.306815 osdx INFO[38047]: FRR daemons did not change Mar 24 09:30:00.466112 osdx kernel: app-detect: module init Mar 24 09:30:00.466166 osdx kernel: app-detect: registered: sysctl net.appdetect Mar 24 09:30:00.466176 osdx kernel: app-detect: expression init Mar 24 09:30:00.466184 osdx kernel: app-detect: appid cache initialized Mar 24 09:30:00.466192 osdx kernel: app-detect: appid cache changes counter initialized Mar 24 09:30:00.471357 osdx modulelauncher[38050]: AppDetect: no change in application dictionaries, thus nothing more to do Mar 24 09:30:00.570370 osdx sudo[38158]: pam_limits(sudo:session): invalid line '@200:215 hard maxlogins ' - skipped Mar 24 09:30:00.610477 osdx systemd[1]: Starting ulogd2.service - Netfilter Userspace Logging Daemon... Mar 24 09:30:00.611209 osdx systemd[1]: ulogd2.service: Failed to parse PID from file /run/ulog/ulogd.pid: Invalid argument Mar 24 09:30:00.614127 osdx systemd[1]: Started ulogd2.service - Netfilter Userspace Logging Daemon. Mar 24 09:30:00.614349 osdx ulogd[38161]: registering plugin `NFCT' Mar 24 09:30:00.614533 osdx ulogd[38161]: registering plugin `IP2STR' Mar 24 09:30:00.614600 osdx ulogd[38161]: registering plugin `PRINTFLOW' Mar 24 09:30:00.614667 osdx ulogd[38161]: registering plugin `SYSLOG' Mar 24 09:30:00.614692 osdx ulogd[38161]: building new pluginstance stack: 'ct1:NFCT,ip2str1:IP2STR,print1:PRINTFLOW,sys1:SYSLOG' Mar 24 09:30:00.614752 osdx ulogd[38161]: NFCT plugin working in event mode Mar 24 09:30:00.614781 osdx ulogd[38161]: Changing UID / GID Mar 24 09:30:00.614873 osdx ulogd[38161]: initialization finished, entering main loop Mar 24 09:30:00.615390 osdx cfgd[1474]: [32276]Completed change to active configuration Mar 24 09:30:00.628939 osdx OSDxCLI[32276]: User 'admin' committed the configuration. Mar 24 09:30:00.660001 osdx OSDxCLI[32276]: User 'admin' left the configuration menu. Mar 24 09:30:01.466678 osdx ulogd[38161]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Mar 24 09:30:01.466698 osdx ulogd[38161]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Mar 24 09:30:01.551101 osdx ulogd[38161]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Mar 24 09:30:01.551123 osdx ulogd[38161]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Mar 24 09:30:02.290408 osdx CRON[38187]: pam_limits(cron:session): invalid line '@200:215 hard maxlogins ' - skipped Mar 24 09:30:02.571646 osdx ulogd[38161]: [DESTROY] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 APPDETECT[L3:1] Mar 24 09:30:02.571669 osdx ulogd[38161]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Mar 24 09:30:02.571690 osdx ulogd[38161]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Mar 24 09:30:03.595619 osdx ulogd[38161]: [DESTROY] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 APPDETECT[L3:1] Mar 24 09:30:03.595637 osdx ulogd[38161]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Mar 24 09:30:03.595648 osdx ulogd[38161]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1]
Step 6: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
ulogd\[.*\]:.*\[UPDATE\].*APPDETECT\[L3:1\]Show output
Mar 24 09:29:59.295185 osdx systemd-journald[1775]: Runtime Journal (/run/log/journal/7e3c4dd6c8d74b1c9c9747e610a7f242) is 1.8M, max 13.8M, 11.9M free. Mar 24 09:29:59.298097 osdx systemd-journald[1775]: Received client request to rotate journal, rotating. Mar 24 09:29:59.298147 osdx systemd-journald[1775]: Vacuuming done, freed 0B of archived journals from /run/log/journal/7e3c4dd6c8d74b1c9c9747e610a7f242. Mar 24 09:29:59.299422 osdx sudo[38012]: pam_limits(sudo:session): invalid line '@200:215 hard maxlogins ' - skipped Mar 24 09:29:59.306027 osdx OSDxCLI[32276]: User 'admin' executed a new command: 'system journal clear'. Mar 24 09:29:59.512941 osdx OSDxCLI[32276]: User 'admin' executed a new command: 'system coredump delete all'. Mar 24 09:29:59.754413 osdx OSDxCLI[32276]: User 'admin' entered the configuration menu. Mar 24 09:29:59.826551 osdx OSDxCLI[32276]: User 'admin' added a new cfg line: 'set system conntrack app-detect'. Mar 24 09:29:59.925467 osdx OSDxCLI[32276]: User 'admin' added a new cfg line: 'set system conntrack timeout icmp 1'. Mar 24 09:30:00.005789 osdx OSDxCLI[32276]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 192.168.100.1/24'. Mar 24 09:30:00.085716 osdx OSDxCLI[32276]: User 'admin' added a new cfg line: 'set system conntrack logging events all'. Mar 24 09:30:00.174522 osdx OSDxCLI[32276]: User 'admin' added a new cfg line: 'show working'. Mar 24 09:30:00.284517 osdx ubnt-cfgd[38039]: inactive Mar 24 09:30:00.306815 osdx INFO[38047]: FRR daemons did not change Mar 24 09:30:00.466112 osdx kernel: app-detect: module init Mar 24 09:30:00.466166 osdx kernel: app-detect: registered: sysctl net.appdetect Mar 24 09:30:00.466176 osdx kernel: app-detect: expression init Mar 24 09:30:00.466184 osdx kernel: app-detect: appid cache initialized Mar 24 09:30:00.466192 osdx kernel: app-detect: appid cache changes counter initialized Mar 24 09:30:00.471357 osdx modulelauncher[38050]: AppDetect: no change in application dictionaries, thus nothing more to do Mar 24 09:30:00.570370 osdx sudo[38158]: pam_limits(sudo:session): invalid line '@200:215 hard maxlogins ' - skipped Mar 24 09:30:00.610477 osdx systemd[1]: Starting ulogd2.service - Netfilter Userspace Logging Daemon... Mar 24 09:30:00.611209 osdx systemd[1]: ulogd2.service: Failed to parse PID from file /run/ulog/ulogd.pid: Invalid argument Mar 24 09:30:00.614127 osdx systemd[1]: Started ulogd2.service - Netfilter Userspace Logging Daemon. Mar 24 09:30:00.614349 osdx ulogd[38161]: registering plugin `NFCT' Mar 24 09:30:00.614533 osdx ulogd[38161]: registering plugin `IP2STR' Mar 24 09:30:00.614600 osdx ulogd[38161]: registering plugin `PRINTFLOW' Mar 24 09:30:00.614667 osdx ulogd[38161]: registering plugin `SYSLOG' Mar 24 09:30:00.614692 osdx ulogd[38161]: building new pluginstance stack: 'ct1:NFCT,ip2str1:IP2STR,print1:PRINTFLOW,sys1:SYSLOG' Mar 24 09:30:00.614752 osdx ulogd[38161]: NFCT plugin working in event mode Mar 24 09:30:00.614781 osdx ulogd[38161]: Changing UID / GID Mar 24 09:30:00.614873 osdx ulogd[38161]: initialization finished, entering main loop Mar 24 09:30:00.615390 osdx cfgd[1474]: [32276]Completed change to active configuration Mar 24 09:30:00.628939 osdx OSDxCLI[32276]: User 'admin' committed the configuration. Mar 24 09:30:00.660001 osdx OSDxCLI[32276]: User 'admin' left the configuration menu. Mar 24 09:30:01.466678 osdx ulogd[38161]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Mar 24 09:30:01.466698 osdx ulogd[38161]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Mar 24 09:30:01.551101 osdx ulogd[38161]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Mar 24 09:30:01.551123 osdx ulogd[38161]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Mar 24 09:30:02.290408 osdx CRON[38187]: pam_limits(cron:session): invalid line '@200:215 hard maxlogins ' - skipped Mar 24 09:30:02.571646 osdx ulogd[38161]: [DESTROY] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 APPDETECT[L3:1] Mar 24 09:30:02.571669 osdx ulogd[38161]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Mar 24 09:30:02.571690 osdx ulogd[38161]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Mar 24 09:30:03.595619 osdx ulogd[38161]: [DESTROY] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 APPDETECT[L3:1] Mar 24 09:30:03.595637 osdx ulogd[38161]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Mar 24 09:30:03.595648 osdx ulogd[38161]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Mar 24 09:30:03.700247 osdx OSDxCLI[32276]: User 'admin' executed a new command: 'system journal show | cat'.
Step 7: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
ulogd\[.*\]:.*\[DESTROY\].*APPDETECT\[L3:1\]Show output
Mar 24 09:29:59.295185 osdx systemd-journald[1775]: Runtime Journal (/run/log/journal/7e3c4dd6c8d74b1c9c9747e610a7f242) is 1.8M, max 13.8M, 11.9M free. Mar 24 09:29:59.298097 osdx systemd-journald[1775]: Received client request to rotate journal, rotating. Mar 24 09:29:59.298147 osdx systemd-journald[1775]: Vacuuming done, freed 0B of archived journals from /run/log/journal/7e3c4dd6c8d74b1c9c9747e610a7f242. Mar 24 09:29:59.299422 osdx sudo[38012]: pam_limits(sudo:session): invalid line '@200:215 hard maxlogins ' - skipped Mar 24 09:29:59.306027 osdx OSDxCLI[32276]: User 'admin' executed a new command: 'system journal clear'. Mar 24 09:29:59.512941 osdx OSDxCLI[32276]: User 'admin' executed a new command: 'system coredump delete all'. Mar 24 09:29:59.754413 osdx OSDxCLI[32276]: User 'admin' entered the configuration menu. Mar 24 09:29:59.826551 osdx OSDxCLI[32276]: User 'admin' added a new cfg line: 'set system conntrack app-detect'. Mar 24 09:29:59.925467 osdx OSDxCLI[32276]: User 'admin' added a new cfg line: 'set system conntrack timeout icmp 1'. Mar 24 09:30:00.005789 osdx OSDxCLI[32276]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 192.168.100.1/24'. Mar 24 09:30:00.085716 osdx OSDxCLI[32276]: User 'admin' added a new cfg line: 'set system conntrack logging events all'. Mar 24 09:30:00.174522 osdx OSDxCLI[32276]: User 'admin' added a new cfg line: 'show working'. Mar 24 09:30:00.284517 osdx ubnt-cfgd[38039]: inactive Mar 24 09:30:00.306815 osdx INFO[38047]: FRR daemons did not change Mar 24 09:30:00.466112 osdx kernel: app-detect: module init Mar 24 09:30:00.466166 osdx kernel: app-detect: registered: sysctl net.appdetect Mar 24 09:30:00.466176 osdx kernel: app-detect: expression init Mar 24 09:30:00.466184 osdx kernel: app-detect: appid cache initialized Mar 24 09:30:00.466192 osdx kernel: app-detect: appid cache changes counter initialized Mar 24 09:30:00.471357 osdx modulelauncher[38050]: AppDetect: no change in application dictionaries, thus nothing more to do Mar 24 09:30:00.570370 osdx sudo[38158]: pam_limits(sudo:session): invalid line '@200:215 hard maxlogins ' - skipped Mar 24 09:30:00.610477 osdx systemd[1]: Starting ulogd2.service - Netfilter Userspace Logging Daemon... Mar 24 09:30:00.611209 osdx systemd[1]: ulogd2.service: Failed to parse PID from file /run/ulog/ulogd.pid: Invalid argument Mar 24 09:30:00.614127 osdx systemd[1]: Started ulogd2.service - Netfilter Userspace Logging Daemon. Mar 24 09:30:00.614349 osdx ulogd[38161]: registering plugin `NFCT' Mar 24 09:30:00.614533 osdx ulogd[38161]: registering plugin `IP2STR' Mar 24 09:30:00.614600 osdx ulogd[38161]: registering plugin `PRINTFLOW' Mar 24 09:30:00.614667 osdx ulogd[38161]: registering plugin `SYSLOG' Mar 24 09:30:00.614692 osdx ulogd[38161]: building new pluginstance stack: 'ct1:NFCT,ip2str1:IP2STR,print1:PRINTFLOW,sys1:SYSLOG' Mar 24 09:30:00.614752 osdx ulogd[38161]: NFCT plugin working in event mode Mar 24 09:30:00.614781 osdx ulogd[38161]: Changing UID / GID Mar 24 09:30:00.614873 osdx ulogd[38161]: initialization finished, entering main loop Mar 24 09:30:00.615390 osdx cfgd[1474]: [32276]Completed change to active configuration Mar 24 09:30:00.628939 osdx OSDxCLI[32276]: User 'admin' committed the configuration. Mar 24 09:30:00.660001 osdx OSDxCLI[32276]: User 'admin' left the configuration menu. Mar 24 09:30:01.466678 osdx ulogd[38161]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Mar 24 09:30:01.466698 osdx ulogd[38161]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Mar 24 09:30:01.551101 osdx ulogd[38161]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Mar 24 09:30:01.551123 osdx ulogd[38161]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Mar 24 09:30:02.290408 osdx CRON[38187]: pam_limits(cron:session): invalid line '@200:215 hard maxlogins ' - skipped Mar 24 09:30:02.571646 osdx ulogd[38161]: [DESTROY] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 APPDETECT[L3:1] Mar 24 09:30:02.571669 osdx ulogd[38161]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Mar 24 09:30:02.571690 osdx ulogd[38161]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Mar 24 09:30:03.595619 osdx ulogd[38161]: [DESTROY] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 APPDETECT[L3:1] Mar 24 09:30:03.595637 osdx ulogd[38161]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Mar 24 09:30:03.595648 osdx ulogd[38161]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Mar 24 09:30:03.700247 osdx OSDxCLI[32276]: User 'admin' executed a new command: 'system journal show | cat'. Mar 24 09:30:03.803416 osdx OSDxCLI[32276]: User 'admin' executed a new command: 'system journal show | cat'.
Step 8: Modify the following configuration lines in DUT0 :
set interfaces ethernet eth1 address 10.215.168.64/24 set system conntrack app-detect http-host
Step 9: Ping IP address 10.215.168.1 from DUT0:
admin@DUT0$ ping 10.215.168.1 count 1 size 56 timeout 1Show output
PING 10.215.168.1 (10.215.168.1) 56(84) bytes of data. 64 bytes from 10.215.168.1: icmp_seq=1 ttl=64 time=0.207 ms --- 10.215.168.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.207/0.207/0.207/0.000 ms
Step 10: Run command file copy http://10.215.168.1/~robot/ running://index.html at DUT0 and expect this output:
Show output
% Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 100 972 0 972 0 0 160k 0 --:--:-- --:--:-- --:--:-- 189k
Step 11: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
ulogd\[.*\]:.*\[((NEW)|(UPDATE)|(DESTROY))\].*APPDETECT\[L4:80 http-host:10.215.168.1\]Show output
Mar 24 09:29:59.295185 osdx systemd-journald[1775]: Runtime Journal (/run/log/journal/7e3c4dd6c8d74b1c9c9747e610a7f242) is 1.8M, max 13.8M, 11.9M free. Mar 24 09:29:59.298097 osdx systemd-journald[1775]: Received client request to rotate journal, rotating. Mar 24 09:29:59.298147 osdx systemd-journald[1775]: Vacuuming done, freed 0B of archived journals from /run/log/journal/7e3c4dd6c8d74b1c9c9747e610a7f242. Mar 24 09:29:59.299422 osdx sudo[38012]: pam_limits(sudo:session): invalid line '@200:215 hard maxlogins ' - skipped Mar 24 09:29:59.306027 osdx OSDxCLI[32276]: User 'admin' executed a new command: 'system journal clear'. Mar 24 09:29:59.512941 osdx OSDxCLI[32276]: User 'admin' executed a new command: 'system coredump delete all'. Mar 24 09:29:59.754413 osdx OSDxCLI[32276]: User 'admin' entered the configuration menu. Mar 24 09:29:59.826551 osdx OSDxCLI[32276]: User 'admin' added a new cfg line: 'set system conntrack app-detect'. Mar 24 09:29:59.925467 osdx OSDxCLI[32276]: User 'admin' added a new cfg line: 'set system conntrack timeout icmp 1'. Mar 24 09:30:00.005789 osdx OSDxCLI[32276]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 192.168.100.1/24'. Mar 24 09:30:00.085716 osdx OSDxCLI[32276]: User 'admin' added a new cfg line: 'set system conntrack logging events all'. Mar 24 09:30:00.174522 osdx OSDxCLI[32276]: User 'admin' added a new cfg line: 'show working'. Mar 24 09:30:00.284517 osdx ubnt-cfgd[38039]: inactive Mar 24 09:30:00.306815 osdx INFO[38047]: FRR daemons did not change Mar 24 09:30:00.466112 osdx kernel: app-detect: module init Mar 24 09:30:00.466166 osdx kernel: app-detect: registered: sysctl net.appdetect Mar 24 09:30:00.466176 osdx kernel: app-detect: expression init Mar 24 09:30:00.466184 osdx kernel: app-detect: appid cache initialized Mar 24 09:30:00.466192 osdx kernel: app-detect: appid cache changes counter initialized Mar 24 09:30:00.471357 osdx modulelauncher[38050]: AppDetect: no change in application dictionaries, thus nothing more to do Mar 24 09:30:00.570370 osdx sudo[38158]: pam_limits(sudo:session): invalid line '@200:215 hard maxlogins ' - skipped Mar 24 09:30:00.610477 osdx systemd[1]: Starting ulogd2.service - Netfilter Userspace Logging Daemon... Mar 24 09:30:00.611209 osdx systemd[1]: ulogd2.service: Failed to parse PID from file /run/ulog/ulogd.pid: Invalid argument Mar 24 09:30:00.614127 osdx systemd[1]: Started ulogd2.service - Netfilter Userspace Logging Daemon. Mar 24 09:30:00.614349 osdx ulogd[38161]: registering plugin `NFCT' Mar 24 09:30:00.614533 osdx ulogd[38161]: registering plugin `IP2STR' Mar 24 09:30:00.614600 osdx ulogd[38161]: registering plugin `PRINTFLOW' Mar 24 09:30:00.614667 osdx ulogd[38161]: registering plugin `SYSLOG' Mar 24 09:30:00.614692 osdx ulogd[38161]: building new pluginstance stack: 'ct1:NFCT,ip2str1:IP2STR,print1:PRINTFLOW,sys1:SYSLOG' Mar 24 09:30:00.614752 osdx ulogd[38161]: NFCT plugin working in event mode Mar 24 09:30:00.614781 osdx ulogd[38161]: Changing UID / GID Mar 24 09:30:00.614873 osdx ulogd[38161]: initialization finished, entering main loop Mar 24 09:30:00.615390 osdx cfgd[1474]: [32276]Completed change to active configuration Mar 24 09:30:00.628939 osdx OSDxCLI[32276]: User 'admin' committed the configuration. Mar 24 09:30:00.660001 osdx OSDxCLI[32276]: User 'admin' left the configuration menu. Mar 24 09:30:01.466678 osdx ulogd[38161]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Mar 24 09:30:01.466698 osdx ulogd[38161]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Mar 24 09:30:01.551101 osdx ulogd[38161]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Mar 24 09:30:01.551123 osdx ulogd[38161]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Mar 24 09:30:02.290408 osdx CRON[38187]: pam_limits(cron:session): invalid line '@200:215 hard maxlogins ' - skipped Mar 24 09:30:02.571646 osdx ulogd[38161]: [DESTROY] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 APPDETECT[L3:1] Mar 24 09:30:02.571669 osdx ulogd[38161]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Mar 24 09:30:02.571690 osdx ulogd[38161]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Mar 24 09:30:03.595619 osdx ulogd[38161]: [DESTROY] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 APPDETECT[L3:1] Mar 24 09:30:03.595637 osdx ulogd[38161]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Mar 24 09:30:03.595648 osdx ulogd[38161]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Mar 24 09:30:03.700247 osdx OSDxCLI[32276]: User 'admin' executed a new command: 'system journal show | cat'. Mar 24 09:30:03.803416 osdx OSDxCLI[32276]: User 'admin' executed a new command: 'system journal show | cat'. Mar 24 09:30:03.925411 osdx OSDxCLI[32276]: User 'admin' executed a new command: 'system journal show | cat'. Mar 24 09:30:04.112076 osdx OSDxCLI[32276]: User 'admin' entered the configuration menu. Mar 24 09:30:04.201010 osdx OSDxCLI[32276]: User 'admin' added a new cfg line: 'set interfaces ethernet eth1 address 10.215.168.64/24'. Mar 24 09:30:04.293781 osdx OSDxCLI[32276]: User 'admin' added a new cfg line: 'set system conntrack app-detect http-host'. Mar 24 09:30:04.377140 osdx OSDxCLI[32276]: User 'admin' added a new cfg line: 'show changes'. Mar 24 09:30:04.462769 osdx ubnt-cfgd[38215]: inactive Mar 24 09:30:04.487388 osdx INFO[38223]: FRR daemons did not change Mar 24 09:30:04.534103 osdx kernel: app-detect: expression destroy Mar 24 09:30:04.542104 osdx kernel: app-detect: expression init Mar 24 09:30:04.542159 osdx kernel: app-detect: appid cache initialized Mar 24 09:30:04.542172 osdx kernel: app-detect: appid cache changes counter initialized Mar 24 09:30:04.547759 osdx modulelauncher[38226]: AppDetect: no change in application dictionaries, thus nothing more to do Mar 24 09:30:04.621061 osdx cfgd[1474]: [32276]Completed change to active configuration Mar 24 09:30:04.631569 osdx ulogd[38161]: [DESTROY] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 APPDETECT[L3:1] Mar 24 09:30:04.631585 osdx ulogd[38161]: [DESTROY] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 APPDETECT[L3:1] Mar 24 09:30:04.632218 osdx OSDxCLI[32276]: User 'admin' committed the configuration. Mar 24 09:30:04.655240 osdx OSDxCLI[32276]: User 'admin' left the configuration menu. Mar 24 09:30:04.807711 osdx ulogd[38161]: [NEW] ORIG: SRC=10.215.168.64 DST=10.215.168.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=10.215.168.1 DST=10.215.168.64 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Mar 24 09:30:04.807874 osdx ulogd[38161]: [UPDATE] ORIG: SRC=10.215.168.64 DST=10.215.168.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=10.215.168.1 DST=10.215.168.64 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Mar 24 09:30:04.809396 osdx OSDxCLI[32276]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'. Mar 24 09:30:04.872098 osdx sudo[38350]: pam_limits(sudo:session): invalid line '@200:215 hard maxlogins ' - skipped Mar 24 09:30:04.940763 osdx file_operation[38353]: using src url: http://10.215.168.1/~robot/ dst url: running://index.html Mar 24 09:30:04.946811 osdx ulogd[38161]: [NEW] ORIG: SRC=10.215.168.64 DST=10.215.168.1 PROTO=TCP SPT=41454 DPT=80 PKTS=0 BYTES=0 , REPLY: SRC=10.215.168.1 DST=10.215.168.64 PROTO=TCP SPT=80 DPT=41454 PKTS=0 BYTES=0 APPDETECT[L4:80] Mar 24 09:30:04.946923 osdx ulogd[38161]: [UPDATE] ORIG: SRC=10.215.168.64 DST=10.215.168.1 PROTO=TCP SPT=41454 DPT=80 PKTS=0 BYTES=0 , REPLY: SRC=10.215.168.1 DST=10.215.168.64 PROTO=TCP SPT=80 DPT=41454 PKTS=0 BYTES=0 APPDETECT[L4:80] Mar 24 09:30:04.946936 osdx ulogd[38161]: [UPDATE] ORIG: SRC=10.215.168.64 DST=10.215.168.1 PROTO=TCP SPT=41454 DPT=80 PKTS=0 BYTES=0 , REPLY: SRC=10.215.168.1 DST=10.215.168.64 PROTO=TCP SPT=80 DPT=41454 PKTS=0 BYTES=0 APPDETECT[L4:80] Mar 24 09:30:04.949042 osdx ulogd[38161]: [UPDATE] ORIG: SRC=10.215.168.64 DST=10.215.168.1 PROTO=TCP SPT=41454 DPT=80 PKTS=0 BYTES=0 , REPLY: SRC=10.215.168.1 DST=10.215.168.64 PROTO=TCP SPT=80 DPT=41454 PKTS=0 BYTES=0 APPDETECT[L4:80 http-host:10.215.168.1] Mar 24 09:30:04.949164 osdx ulogd[38161]: [UPDATE] ORIG: SRC=10.215.168.64 DST=10.215.168.1 PROTO=TCP SPT=41454 DPT=80 PKTS=0 BYTES=0 , REPLY: SRC=10.215.168.1 DST=10.215.168.64 PROTO=TCP SPT=80 DPT=41454 PKTS=0 BYTES=0 APPDETECT[L4:80 http-host:10.215.168.1] Mar 24 09:30:04.949211 osdx ulogd[38161]: [UPDATE] ORIG: SRC=10.215.168.64 DST=10.215.168.1 PROTO=TCP SPT=41454 DPT=80 PKTS=0 BYTES=0 , REPLY: SRC=10.215.168.1 DST=10.215.168.64 PROTO=TCP SPT=80 DPT=41454 PKTS=0 BYTES=0 APPDETECT[L4:80 http-host:10.215.168.1] Mar 24 09:30:04.967356 osdx sudo[38360]: pam_limits(sudo:session): invalid line '@200:215 hard maxlogins ' - skipped Mar 24 09:30:04.969380 osdx OSDxCLI[32276]: User 'admin' executed a new command: 'file copy http://10.215.168.1/~robot/ running://index.html'.
App Detect Drop Packet
Description
Set a traffic policy with action drop for all the packets matching an appid specified by a traffic selector.
Enable http-host and http-url option in system conntrack appdetect path in order to see relevant information about http packets.
Finnally, log that packets with app-id option and check that appdetect field appear in journal when
running system journal show
Scenario
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth1 address 10.215.168.64/24 set interfaces ethernet eth1 traffic policy out DROP set system conntrack app-detect dictionary 130 custom app-id 155 fqdn 10.215.168.1 set system conntrack app-detect enable_dict_match_priv_ip set system conntrack app-detect http-host set system conntrack app-detect http-url set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0' set traffic policy DROP rule 1 action drop set traffic policy DROP rule 1 log app-id set traffic policy DROP rule 1 selector APPID set traffic selector APPID rule 1 app-id custom 155
Step 2: Ping IP address 10.215.168.1 from DUT0:
admin@DUT0$ ping 10.215.168.1 count 1 size 56 timeout 1Show output
PING 10.215.168.1 (10.215.168.1) 56(84) bytes of data. 64 bytes from 10.215.168.1: icmp_seq=1 ttl=64 time=0.215 ms --- 10.215.168.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.215/0.215/0.215/0.000 ms
Step 3: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
osdx kernel:.*APPDETECT\[U:155 http-url:/~robot/ http-host:10.215.168.1\]Show output
Mar 24 09:30:09.000206 osdx systemd-timedated[28747]: Changed local time to Tue 2026-03-24 09:30:09 UTC Mar 24 09:30:09.001627 osdx OSDxCLI[32276]: User 'admin' executed a new command: 'set date 2026-03-24 09:30:09'. Mar 24 09:30:09.002146 osdx systemd-journald[1775]: Time jumped backwards, rotating. Mar 24 09:30:09.319889 osdx sudo[38540]: pam_limits(sudo:session): invalid line '@200:215 hard maxlogins ' - skipped Mar 24 09:30:09.323315 osdx systemd-journald[1775]: Runtime Journal (/run/log/journal/7e3c4dd6c8d74b1c9c9747e610a7f242) is 1.8M, max 13.8M, 11.9M free. Mar 24 09:30:09.326155 osdx systemd-journald[1775]: Received client request to rotate journal, rotating. Mar 24 09:30:09.326203 osdx systemd-journald[1775]: Vacuuming done, freed 0B of archived journals from /run/log/journal/7e3c4dd6c8d74b1c9c9747e610a7f242. Mar 24 09:30:09.327530 osdx sudo[38539]: pam_limits(sudo:session): invalid line '@200:215 hard maxlogins ' - skipped Mar 24 09:30:09.333498 osdx OSDxCLI[32276]: User 'admin' executed a new command: 'system journal clear'. Mar 24 09:30:09.570643 osdx OSDxCLI[32276]: User 'admin' executed a new command: 'system coredump delete all'. Mar 24 09:30:09.828038 osdx OSDxCLI[32276]: User 'admin' entered the configuration menu. Mar 24 09:30:09.930306 osdx OSDxCLI[32276]: User 'admin' added a new cfg line: 'set system conntrack app-detect dictionary 130 custom app-id 155 fqdn 10.215.168.1'. Mar 24 09:30:09.989601 osdx OSDxCLI[32276]: User 'admin' added a new cfg line: 'set system conntrack app-detect enable_dict_match_priv_ip'. Mar 24 09:30:10.087406 osdx OSDxCLI[32276]: User 'admin' added a new cfg line: 'set system conntrack app-detect http-url'. Mar 24 09:30:10.154549 osdx OSDxCLI[32276]: User 'admin' added a new cfg line: 'set traffic selector APPID rule 1 app-id custom 155'. Mar 24 09:30:10.246766 osdx OSDxCLI[32276]: User 'admin' added a new cfg line: 'set traffic policy DROP rule 1 selector APPID'. Mar 24 09:30:10.303609 osdx OSDxCLI[32276]: User 'admin' added a new cfg line: 'set traffic policy DROP rule 1 action drop'. Mar 24 09:30:10.424987 osdx OSDxCLI[32276]: User 'admin' added a new cfg line: 'set traffic policy DROP rule 1 log app-id'. Mar 24 09:30:10.509962 osdx OSDxCLI[32276]: User 'admin' added a new cfg line: 'set interfaces ethernet eth1 traffic policy out DROP'. Mar 24 09:30:10.588208 osdx OSDxCLI[32276]: User 'admin' added a new cfg line: 'set interfaces ethernet eth1 address 10.215.168.64/24'. Mar 24 09:30:10.647464 osdx OSDxCLI[32276]: User 'admin' added a new cfg line: 'set system conntrack app-detect http-host'. Mar 24 09:30:10.771886 osdx OSDxCLI[32276]: User 'admin' added a new cfg line: 'show working'. Mar 24 09:30:10.837839 osdx ubnt-cfgd[38572]: inactive Mar 24 09:30:10.879864 osdx INFO[38594]: FRR daemons did not change Mar 24 09:30:11.054152 osdx kernel: app-detect: module init Mar 24 09:30:11.054227 osdx kernel: app-detect: registered: sysctl net.appdetect Mar 24 09:30:11.054239 osdx kernel: app-detect: expression init Mar 24 09:30:11.054249 osdx kernel: app-detect: appid cache initialized Mar 24 09:30:11.054268 osdx kernel: app-detect: appid cache changes counter initialized Mar 24 09:30:11.069361 osdx sudo[38622]: pam_limits(sudo:session): invalid line '@200:215 hard maxlogins ' - skipped Mar 24 09:30:11.503332 osdx cfgd[1474]: [32276]Completed change to active configuration Mar 24 09:30:11.515155 osdx OSDxCLI[32276]: User 'admin' committed the configuration. Mar 24 09:30:11.542233 osdx OSDxCLI[32276]: User 'admin' left the configuration menu. Mar 24 09:30:11.707784 osdx OSDxCLI[32276]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'. Mar 24 09:30:11.772916 osdx sudo[38764]: pam_limits(sudo:session): invalid line '@200:215 hard maxlogins ' - skipped Mar 24 09:30:11.850355 osdx file_operation[38767]: using src url: http://10.215.168.1/~robot/ dst url: running://index.html Mar 24 09:30:11.858146 osdx kernel: [DROP-1] DROP IN= OUT=eth1 SRC=10.215.168.64 DST=10.215.168.1 LEN=306 TOS=0x00 PREC=0x00 TTL=64 ID=46924 DF PROTO=TCP SPT=34280 DPT=80 WINDOW=502 RES=0x00 ACK PSH URGP=0 APPDETECT[U:155 http-url:/~robot/ http-host:10.215.168.1] Mar 24 09:30:12.066152 osdx kernel: [DROP-1] DROP IN= OUT=eth1 SRC=10.215.168.64 DST=10.215.168.1 LEN=306 TOS=0x00 PREC=0x00 TTL=64 ID=46925 DF PROTO=TCP SPT=34280 DPT=80 WINDOW=502 RES=0x00 ACK PSH URGP=0 APPDETECT[U:155 http-url:/~robot/ http-host:10.215.168.1] Mar 24 09:30:12.498201 osdx kernel: [DROP-1] DROP IN= OUT=eth1 SRC=10.215.168.64 DST=10.215.168.1 LEN=306 TOS=0x00 PREC=0x00 TTL=64 ID=46926 DF PROTO=TCP SPT=34280 DPT=80 WINDOW=502 RES=0x00 ACK PSH URGP=0 APPDETECT[U:155 http-url:/~robot/ http-host:10.215.168.1] Mar 24 09:30:13.330191 osdx kernel: [DROP-1] DROP IN= OUT=eth1 SRC=10.215.168.64 DST=10.215.168.1 LEN=306 TOS=0x00 PREC=0x00 TTL=64 ID=46927 DF PROTO=TCP SPT=34280 DPT=80 WINDOW=502 RES=0x00 ACK PSH URGP=0 APPDETECT[U:155 http-url:/~robot/ http-host:10.215.168.1] Mar 24 09:30:14.826424 osdx file_operation.py[38767]: Operation aborted by user. Mar 24 09:30:14.838156 osdx kernel: [DROP-1] DROP IN= OUT=eth1 SRC=10.215.168.64 DST=10.215.168.1 LEN=306 TOS=0x00 PREC=0x00 TTL=64 ID=46928 DF PROTO=TCP SPT=34280 DPT=80 WINDOW=502 RES=0x00 ACK PSH FIN URGP=0 APPDETECT[U:155 http-url:/~robot/ http-host:10.215.168.1] Mar 24 09:30:14.841682 osdx sudo[38772]: pam_limits(sudo:session): invalid line '@200:215 hard maxlogins ' - skipped Mar 24 09:30:14.843557 osdx OSDxCLI[32276]: User 'admin' executed a new command: 'file copy http://10.215.168.1/~robot/ running://index.html'.
Identity Values
Description
Conntrack identity is able to contain any printed character but not spaces
Scenario
Step 1: Run command configure at DUT0 and expect this output:
Step 2: Run command set system conntrack logging identity "he||o w@rld!" at DUT0 and check if output contains the following tokens:
Identity name must be 92 characters or less and must contain printable characters except those defined as part of the space character classShow output
Identity name must be 92 characters or less and must contain printable characters except those defined as part of the space character class Value validation failed CLI Error: Command error
Step 3: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 192.168.100.1/24 set system conntrack logging events all set system conntrack logging identity 'he||o-w@rld!' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 4: Set the following configuration in DUT1 :
set interfaces ethernet eth0 address 192.168.100.2/24 set protocols static route 0.0.0.0/0 next-hop 192.168.100.1 set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 5: Ping IP address 192.168.100.1 from DUT1:
admin@DUT1$ ping 192.168.100.1 count 1 size 56 timeout 1Show output
PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data. 64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.307 ms --- 192.168.100.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.307/0.307/0.307/0.000 ms
Step 6: Ping IP address 192.168.100.1 from DUT1:
admin@DUT1$ ping 192.168.100.1 count 1 size 56 timeout 1Show output
PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data. 64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.234 ms --- 192.168.100.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.234/0.234/0.234/0.000 ms
Step 7: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
he||o-w@rld!\[.*\]:.*\[((NEW)|(UPDATE)|(DESTROY))\].*SRC=192.168.100.2Show output
Mar 24 09:30:19.000205 osdx systemd-timedated[28747]: Changed local time to Tue 2026-03-24 09:30:19 UTC Mar 24 09:30:19.001225 osdx systemd-journald[1775]: Time jumped backwards, rotating. Mar 24 09:30:19.001973 osdx OSDxCLI[32276]: User 'admin' executed a new command: 'set date 2026-03-24 09:30:19'. Mar 24 09:30:19.362352 osdx sudo[38929]: pam_limits(sudo:session): invalid line '@200:215 hard maxlogins ' - skipped Mar 24 09:30:19.365428 osdx systemd-journald[1775]: Runtime Journal (/run/log/journal/7e3c4dd6c8d74b1c9c9747e610a7f242) is 1.9M, max 13.8M, 11.9M free. Mar 24 09:30:19.369238 osdx systemd-journald[1775]: Received client request to rotate journal, rotating. Mar 24 09:30:19.369303 osdx systemd-journald[1775]: Vacuuming done, freed 0B of archived journals from /run/log/journal/7e3c4dd6c8d74b1c9c9747e610a7f242. Mar 24 09:30:19.369337 osdx sudo[38928]: pam_limits(sudo:session): invalid line '@200:215 hard maxlogins ' - skipped Mar 24 09:30:19.375997 osdx OSDxCLI[32276]: User 'admin' executed a new command: 'system journal clear'. Mar 24 09:30:19.601256 osdx OSDxCLI[32276]: User 'admin' executed a new command: 'system coredump delete all'. Mar 24 09:30:19.864954 osdx OSDxCLI[32276]: User 'admin' entered the configuration menu. Mar 24 09:30:19.963209 osdx cfgd[1474]: [32276]Command output: Identity name must be 92 characters or less and must contain printable characters except those defined as part of the space character class Value validation failed Mar 24 09:30:19.963737 osdx OSDxCLI[32276]: User 'admin' entered an invalid command: 'set system conntrack logging identity "he||o w@rld!"'. Mar 24 09:30:19.986291 osdx OSDxCLI[32276]: User 'admin' left the configuration menu. Mar 24 09:30:20.155179 osdx OSDxCLI[32276]: User 'admin' entered the configuration menu. Mar 24 09:30:20.262255 osdx OSDxCLI[32276]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 192.168.100.1/24'. Mar 24 09:30:20.359917 osdx OSDxCLI[32276]: User 'admin' added a new cfg line: 'set system conntrack logging events all'. Mar 24 09:30:20.439155 osdx OSDxCLI[32276]: User 'admin' added a new cfg line: 'set system conntrack logging identity he||o-w@rld!'. Mar 24 09:30:20.562849 osdx OSDxCLI[32276]: User 'admin' added a new cfg line: 'show working'. Mar 24 09:30:20.630397 osdx ubnt-cfgd[38957]: inactive Mar 24 09:30:20.653689 osdx INFO[38965]: FRR daemons did not change Mar 24 09:30:20.733605 osdx sudo[39053]: pam_limits(sudo:session): invalid line '@200:215 hard maxlogins ' - skipped Mar 24 09:30:20.753528 osdx systemd[1]: Starting ulogd2.service - Netfilter Userspace Logging Daemon... Mar 24 09:30:20.754138 osdx systemd[1]: ulogd2.service: Failed to parse PID from file /run/ulog/ulogd.pid: Invalid argument Mar 24 09:30:20.754684 osdx ulogd[39056]: registering plugin `NFCT' Mar 24 09:30:20.754730 osdx ulogd[39056]: registering plugin `IP2STR' Mar 24 09:30:20.754775 osdx ulogd[39056]: registering plugin `PRINTFLOW' Mar 24 09:30:20.754824 osdx ulogd[39056]: registering plugin `SYSLOG' Mar 24 09:30:20.754828 osdx ulogd[39056]: building new pluginstance stack: 'ct1:NFCT,ip2str1:IP2STR,print1:PRINTFLOW,sys1:SYSLOG' Mar 24 09:30:20.754879 osdx ulogd[39056]: NFCT plugin working in event mode Mar 24 09:30:20.754886 osdx he||o-w@rld![39056]: Changing UID / GID Mar 24 09:30:20.754963 osdx he||o-w@rld![39056]: initialization finished, entering main loop Mar 24 09:30:20.769279 osdx systemd[1]: Started ulogd2.service - Netfilter Userspace Logging Daemon. Mar 24 09:30:20.771020 osdx cfgd[1474]: [32276]Completed change to active configuration Mar 24 09:30:20.782119 osdx OSDxCLI[32276]: User 'admin' committed the configuration. Mar 24 09:30:20.804596 osdx OSDxCLI[32276]: User 'admin' left the configuration menu. Mar 24 09:30:21.693241 osdx he||o-w@rld![39056]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 Mar 24 09:30:21.693260 osdx he||o-w@rld![39056]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 Mar 24 09:30:21.766468 osdx he||o-w@rld![39056]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 Mar 24 09:30:21.766488 osdx he||o-w@rld![39056]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0