App Id
The following scenario shows how to filter packets based on app-id using traffic selectors.
Match Traffic by a custom dictionary
Description
This example illustrates how to match all traffic in a custom dictionary
Scenario
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns resolver name-server 10.215.168.1 set system conntrack app-detect dictionary 1 custom app-id 33 fqdn google set system conntrack app-detect dictionary 1 custom app-id 34 fqdn 10.215.168.1 set system conntrack app-detect http-host set system conntrack app-detect ssl-host set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0' set system traffic policy in POL set traffic policy POL rule 1 log app-id set traffic policy POL rule 1 selector SEL set traffic selector SEL rule 1 app-id custom -1 set traffic selector SEL rule 1 app-id detected
Step 2: Ping IP address 10.215.168.1 from DUT0:
admin@DUT0$ ping 10.215.168.1 count 1 size 56 timeout 1Show output
PING 10.215.168.1 (10.215.168.1) 56(84) bytes of data. 64 bytes from 10.215.168.1: icmp_seq=1 ttl=64 time=0.181 ms --- 10.215.168.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.181/0.181/0.181/0.000 ms
Step 3: Ping IP address www.google.com from DUT0:
admin@DUT0$ ping www.google.com count 1 size 56 timeout 1Show output
PING www.google.com (142.251.154.119) 56(84) bytes of data. 64 bytes from 142.251.154.119 (142.251.154.119): icmp_seq=1 ttl=109 time=4.89 ms --- www.google.com ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 4.887/4.887/4.887/0.000 ms
Step 4: Run command file copy https://www.google.com running://index.html force at DUT0 and expect this output:
Show output
% Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 100 79717 0 79717 0 0 396k 0 --:--:-- --:--:-- --:--:-- 397k
Step 5: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
osdx kernel:.*ACCEPT.*APPDETECT\[U:33 ssl-host:www.google.com\]Show output
Mar 24 11:25:09.286462 osdx systemd-journald[151414]: Runtime Journal (/run/log/journal/7e3c4dd6c8d74b1c9c9747e610a7f242) is 1.9M, max 13.8M, 11.8M free. Mar 24 11:25:09.288285 osdx systemd-journald[151414]: Received client request to rotate journal, rotating. Mar 24 11:25:09.288325 osdx systemd-journald[151414]: Vacuuming done, freed 0B of archived journals from /run/log/journal/7e3c4dd6c8d74b1c9c9747e610a7f242. Mar 24 11:25:09.290448 osdx sudo[287214]: pam_limits(sudo:session): invalid line '@200:215 hard maxlogins ' - skipped Mar 24 11:25:09.296802 osdx OSDxCLI[215243]: User 'admin' executed a new command: 'system journal clear'. Mar 24 11:25:09.504107 osdx OSDxCLI[215243]: User 'admin' executed a new command: 'system coredump delete all'. Mar 24 11:25:09.724466 osdx OSDxCLI[215243]: User 'admin' entered the configuration menu. Mar 24 11:25:09.793348 osdx OSDxCLI[215243]: User 'admin' added a new cfg line: 'set system traffic policy in POL'. Mar 24 11:25:09.895291 osdx OSDxCLI[215243]: User 'admin' added a new cfg line: 'set traffic policy POL rule 1 selector SEL'. Mar 24 11:25:09.958151 osdx OSDxCLI[215243]: User 'admin' added a new cfg line: 'set traffic policy POL rule 1 log app-id'. Mar 24 11:25:10.063411 osdx OSDxCLI[215243]: User 'admin' added a new cfg line: 'set traffic selector SEL rule 1 app-id custom -1'. Mar 24 11:25:10.121627 osdx OSDxCLI[215243]: User 'admin' added a new cfg line: 'set traffic selector SEL rule 1 app-id detected'. Mar 24 11:25:10.223192 osdx OSDxCLI[215243]: User 'admin' added a new cfg line: 'set system conntrack app-detect dictionary 1 custom app-id 33 fqdn google'. Mar 24 11:25:10.286794 osdx OSDxCLI[215243]: User 'admin' added a new cfg line: 'set system conntrack app-detect dictionary 1 custom app-id 34 fqdn 10.215.168.1'. Mar 24 11:25:10.374092 osdx OSDxCLI[215243]: User 'admin' added a new cfg line: 'set system conntrack app-detect http-host'. Mar 24 11:25:10.437221 osdx OSDxCLI[215243]: User 'admin' added a new cfg line: 'set system conntrack app-detect ssl-host'. Mar 24 11:25:10.550893 osdx OSDxCLI[215243]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Mar 24 11:25:10.617043 osdx OSDxCLI[215243]: User 'admin' added a new cfg line: 'set service dns resolver name-server 10.215.168.1'. Mar 24 11:25:10.732976 osdx OSDxCLI[215243]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Mar 24 11:25:10.802383 osdx OSDxCLI[215243]: User 'admin' added a new cfg line: 'show working'. Mar 24 11:25:10.895659 osdx ubnt-cfgd[287249]: inactive Mar 24 11:25:10.933134 osdx INFO[287271]: FRR daemons did not change Mar 24 11:25:11.140291 osdx kernel: app-detect: module init Mar 24 11:25:11.140354 osdx kernel: app-detect: registered: sysctl net.appdetect Mar 24 11:25:11.140365 osdx kernel: app-detect: expression init Mar 24 11:25:11.140373 osdx kernel: app-detect: appid cache initialized Mar 24 11:25:11.140381 osdx kernel: app-detect: appid cache changes counter initialized Mar 24 11:25:11.155406 osdx sudo[287300]: pam_limits(sudo:session): invalid line '@200:215 hard maxlogins ' - skipped Mar 24 11:25:11.184296 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Mar 24 11:25:11.473707 osdx cfgd[1474]: [215243]Completed change to active configuration Mar 24 11:25:11.485879 osdx OSDxCLI[215243]: User 'admin' committed the configuration. Mar 24 11:25:11.503216 osdx OSDxCLI[215243]: User 'admin' left the configuration menu. Mar 24 11:25:11.649919 osdx OSDxCLI[215243]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'. Mar 24 11:25:11.747811 osdx OSDxCLI[215243]: User 'admin' executed a new command: 'ping www.google.com count 1 size 56 timeout 1'. Mar 24 11:25:11.811383 osdx sudo[287512]: pam_limits(sudo:session): invalid line '@200:215 hard maxlogins ' - skipped Mar 24 11:25:11.877874 osdx file_operation[287515]: using src url: https://www.google.com dst url: running://index.html Mar 24 11:25:11.905716 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:10:04:23:ff:96:08:00 SRC=142.251.151.119 DST=10.215.168.64 LEN=52 TOS=0x00 PREC=0x00 TTL=113 ID=3049 PROTO=TCP SPT=443 DPT=50166 WINDOW=1048 RES=0x00 ACK URGP=0 APPDETECT[U:33 ssl-host:www.google.com] Mar 24 11:25:11.925379 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:10:04:23:ff:96:08:00 SRC=142.251.151.119 DST=10.215.168.64 LEN=1367 TOS=0x00 PREC=0x00 TTL=113 ID=3052 PROTO=TCP SPT=443 DPT=50166 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U:33 ssl-host:www.google.com] Mar 24 11:25:11.925456 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:10:04:23:ff:96:08:00 SRC=142.251.151.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=3051 PROTO=TCP SPT=443 DPT=50166 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U:33 ssl-host:www.google.com] Mar 24 11:25:11.925470 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:10:04:23:ff:96:08:00 SRC=142.251.151.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=3050 PROTO=TCP SPT=443 DPT=50166 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U:33 ssl-host:www.google.com] Mar 24 11:25:11.930609 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:10:04:23:ff:96:08:00 SRC=142.251.151.119 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=113 ID=3053 PROTO=TCP SPT=443 DPT=50166 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U:33 ssl-host:www.google.com] Mar 24 11:25:11.930688 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:10:04:23:ff:96:08:00 SRC=142.251.151.119 DST=10.215.168.64 LEN=52 TOS=0x00 PREC=0x00 TTL=113 ID=3054 PROTO=TCP SPT=443 DPT=50166 WINDOW=1049 RES=0x00 ACK URGP=0 APPDETECT[U:33 ssl-host:www.google.com] Mar 24 11:25:11.930983 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:10:04:23:ff:96:08:00 SRC=142.251.151.119 DST=10.215.168.64 LEN=700 TOS=0x00 PREC=0x00 TTL=113 ID=3055 PROTO=TCP SPT=443 DPT=50166 WINDOW=1049 RES=0x00 ACK PSH URGP=0 APPDETECT[U:33 ssl-host:www.google.com] Mar 24 11:25:11.932899 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:10:04:23:ff:96:08:00 SRC=142.251.151.119 DST=10.215.168.64 LEN=83 TOS=0x00 PREC=0x00 TTL=113 ID=3056 PROTO=TCP SPT=443 DPT=50166 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U:33 ssl-host:www.google.com] Mar 24 11:25:11.939570 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:10:04:23:ff:96:08:00 SRC=142.251.151.119 DST=10.215.168.64 LEN=52 TOS=0x00 PREC=0x00 TTL=113 ID=3057 PROTO=TCP SPT=443 DPT=50166 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U:33 ssl-host:www.google.com] Mar 24 11:25:12.059922 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:10:04:23:ff:96:08:00 SRC=142.251.151.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=3060 PROTO=TCP SPT=443 DPT=50166 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U:33 ssl-host:www.google.com] Mar 24 11:25:12.060024 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:10:04:23:ff:96:08:00 SRC=142.251.151.119 DST=10.215.168.64 LEN=1401 TOS=0x00 PREC=0x00 TTL=113 ID=3061 PROTO=TCP SPT=443 DPT=50166 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U:33 ssl-host:www.google.com] Mar 24 11:25:12.060039 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:10:04:23:ff:96:08:00 SRC=142.251.151.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=3059 PROTO=TCP SPT=443 DPT=50166 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U:33 ssl-host:www.google.com] Mar 24 11:25:12.060050 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:10:04:23:ff:96:08:00 SRC=142.251.151.119 DST=10.215.168.64 LEN=1272 TOS=0x00 PREC=0x00 TTL=113 ID=3058 PROTO=TCP SPT=443 DPT=50166 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U:33 ssl-host:www.google.com] Mar 24 11:25:12.063679 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:10:04:23:ff:96:08:00 SRC=142.251.151.119 DST=10.215.168.64 LEN=1272 TOS=0x00 PREC=0x00 TTL=113 ID=3062 PROTO=TCP SPT=443 DPT=50166 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U:33 ssl-host:www.google.com] Mar 24 11:25:12.068537 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:10:04:23:ff:96:08:00 SRC=142.251.151.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=3064 PROTO=TCP SPT=443 DPT=50166 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U:33 ssl-host:www.google.com] Mar 24 11:25:12.068555 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:10:04:23:ff:96:08:00 SRC=142.251.151.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=3063 PROTO=TCP SPT=443 DPT=50166 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U:33 ssl-host:www.google.com] Mar 24 11:25:12.068614 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:10:04:23:ff:96:08:00 SRC=142.251.151.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=3065 PROTO=TCP SPT=443 DPT=50166 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U:33 ssl-host:www.google.com] Mar 24 11:25:12.072286 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:10:04:23:ff:96:08:00 SRC=142.251.151.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=3066 PROTO=TCP SPT=443 DPT=50166 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U:33 ssl-host:www.google.com] Mar 24 11:25:12.072303 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:10:04:23:ff:96:08:00 SRC=142.251.151.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=3067 PROTO=TCP SPT=443 DPT=50166 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U:33 ssl-host:www.google.com] Mar 24 11:25:12.072315 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:10:04:23:ff:96:08:00 SRC=142.251.151.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=3068 PROTO=TCP SPT=443 DPT=50166 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U:33 ssl-host:www.google.com] Mar 24 11:25:12.072327 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:10:04:23:ff:96:08:00 SRC=142.251.151.119 DST=10.215.168.64 LEN=2852 TOS=0x00 PREC=0x00 TTL=113 ID=3071 PROTO=TCP SPT=443 DPT=50166 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U:33 ssl-host:www.google.com] Mar 24 11:25:12.072344 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:10:04:23:ff:96:08:00 SRC=142.251.151.119 DST=10.215.168.64 LEN=2852 TOS=0x00 PREC=0x00 TTL=113 ID=3069 PROTO=TCP SPT=443 DPT=50166 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U:33 ssl-host:www.google.com] Mar 24 11:25:12.072356 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:10:04:23:ff:96:08:00 SRC=142.251.151.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=3077 PROTO=TCP SPT=443 DPT=50166 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U:33 ssl-host:www.google.com] Mar 24 11:25:12.072368 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:10:04:23:ff:96:08:00 SRC=142.251.151.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=3075 PROTO=TCP SPT=443 DPT=50166 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U:33 ssl-host:www.google.com] Mar 24 11:25:12.072383 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:10:04:23:ff:96:08:00 SRC=142.251.151.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=3073 PROTO=TCP SPT=443 DPT=50166 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U:33 ssl-host:www.google.com] Mar 24 11:25:12.072397 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:10:04:23:ff:96:08:00 SRC=142.251.151.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=3074 PROTO=TCP SPT=443 DPT=50166 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U:33 ssl-host:www.google.com] Mar 24 11:25:12.072413 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:10:04:23:ff:96:08:00 SRC=142.251.151.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=3078 PROTO=TCP SPT=443 DPT=50166 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U:33 ssl-host:www.google.com] Mar 24 11:25:12.072425 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:10:04:23:ff:96:08:00 SRC=142.251.151.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=3076 PROTO=TCP SPT=443 DPT=50166 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U:33 ssl-host:www.google.com] Mar 24 11:25:12.072436 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:10:04:23:ff:96:08:00 SRC=142.251.151.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=3084 PROTO=TCP SPT=443 DPT=50166 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U:33 ssl-host:www.google.com] Mar 24 11:25:12.072448 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:10:04:23:ff:96:08:00 SRC=142.251.151.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=3083 PROTO=TCP SPT=443 DPT=50166 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U:33 ssl-host:www.google.com] Mar 24 11:25:12.072460 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:10:04:23:ff:96:08:00 SRC=142.251.151.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=3082 PROTO=TCP SPT=443 DPT=50166 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U:33 ssl-host:www.google.com] Mar 24 11:25:12.072472 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:10:04:23:ff:96:08:00 SRC=142.251.151.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=3079 PROTO=TCP SPT=443 DPT=50166 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U:33 ssl-host:www.google.com] Mar 24 11:25:12.072486 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:10:04:23:ff:96:08:00 SRC=142.251.151.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=3081 PROTO=TCP SPT=443 DPT=50166 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U:33 ssl-host:www.google.com] Mar 24 11:25:12.072498 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:10:04:23:ff:96:08:00 SRC=142.251.151.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=3080 PROTO=TCP SPT=443 DPT=50166 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U:33 ssl-host:www.google.com] Mar 24 11:25:12.072511 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:10:04:23:ff:96:08:00 SRC=142.251.151.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=3085 PROTO=TCP SPT=443 DPT=50166 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U:33 ssl-host:www.google.com] Mar 24 11:25:12.072522 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:10:04:23:ff:96:08:00 SRC=142.251.151.119 DST=10.215.168.64 LEN=2852 TOS=0x00 PREC=0x00 TTL=113 ID=3090 PROTO=TCP SPT=443 DPT=50166 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U:33 ssl-host:www.google.com] Mar 24 11:25:12.072535 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:10:04:23:ff:96:08:00 SRC=142.251.151.119 DST=10.215.168.64 LEN=2852 TOS=0x00 PREC=0x00 TTL=113 ID=3088 PROTO=TCP SPT=443 DPT=50166 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U:33 ssl-host:www.google.com] Mar 24 11:25:12.072548 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:10:04:23:ff:96:08:00 SRC=142.251.151.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=3087 PROTO=TCP SPT=443 DPT=50166 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U:33 ssl-host:www.google.com] Mar 24 11:25:12.072559 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:10:04:23:ff:96:08:00 SRC=142.251.151.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=3086 PROTO=TCP SPT=443 DPT=50166 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U:33 ssl-host:www.google.com] Mar 24 11:25:12.072568 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:10:04:23:ff:96:08:00 SRC=142.251.151.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=3093 PROTO=TCP SPT=443 DPT=50166 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U:33 ssl-host:www.google.com] Mar 24 11:25:12.072585 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:10:04:23:ff:96:08:00 SRC=142.251.151.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=3092 PROTO=TCP SPT=443 DPT=50166 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U:33 ssl-host:www.google.com] Mar 24 11:25:12.072599 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:10:04:23:ff:96:08:00 SRC=142.251.151.119 DST=10.215.168.64 LEN=2852 TOS=0x00 PREC=0x00 TTL=113 ID=3094 PROTO=TCP SPT=443 DPT=50166 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U:33 ssl-host:www.google.com] Mar 24 11:25:12.076292 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:10:04:23:ff:96:08:00 SRC=142.251.151.119 DST=10.215.168.64 LEN=2852 TOS=0x00 PREC=0x00 TTL=113 ID=3096 PROTO=TCP SPT=443 DPT=50166 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U:33 ssl-host:www.google.com] Mar 24 11:25:12.076343 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:10:04:23:ff:96:08:00 SRC=142.251.151.119 DST=10.215.168.64 LEN=1051 TOS=0x00 PREC=0x00 TTL=113 ID=3101 PROTO=TCP SPT=443 DPT=50166 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U:33 ssl-host:www.google.com] Mar 24 11:25:12.076372 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:10:04:23:ff:96:08:00 SRC=142.251.151.119 DST=10.215.168.64 LEN=2852 TOS=0x00 PREC=0x00 TTL=113 ID=3099 PROTO=TCP SPT=443 DPT=50166 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U:33 ssl-host:www.google.com] Mar 24 11:25:12.076388 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:10:04:23:ff:96:08:00 SRC=142.251.151.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=3098 PROTO=TCP SPT=443 DPT=50166 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U:33 ssl-host:www.google.com] Mar 24 11:25:12.076405 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:10:04:23:ff:96:08:00 SRC=142.251.151.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=3102 PROTO=TCP SPT=443 DPT=50166 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U:33 ssl-host:www.google.com] Mar 24 11:25:12.076422 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:10:04:23:ff:96:08:00 SRC=142.251.151.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=3103 PROTO=TCP SPT=443 DPT=50166 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U:33 ssl-host:www.google.com] Mar 24 11:25:12.076436 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:10:04:23:ff:96:08:00 SRC=142.251.151.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=3104 PROTO=TCP SPT=443 DPT=50166 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U:33 ssl-host:www.google.com] Mar 24 11:25:12.076449 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:10:04:23:ff:96:08:00 SRC=142.251.151.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=3105 PROTO=TCP SPT=443 DPT=50166 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U:33 ssl-host:www.google.com] Mar 24 11:25:12.076462 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:10:04:23:ff:96:08:00 SRC=142.251.151.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=3106 PROTO=TCP SPT=443 DPT=50166 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U:33 ssl-host:www.google.com] Mar 24 11:25:12.076479 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:10:04:23:ff:96:08:00 SRC=142.251.151.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=3107 PROTO=TCP SPT=443 DPT=50166 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U:33 ssl-host:www.google.com] Mar 24 11:25:12.076492 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:10:04:23:ff:96:08:00 SRC=142.251.151.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=3111 PROTO=TCP SPT=443 DPT=50166 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U:33 ssl-host:www.google.com] Mar 24 11:25:12.076505 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:10:04:23:ff:96:08:00 SRC=142.251.151.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=3110 PROTO=TCP SPT=443 DPT=50166 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U:33 ssl-host:www.google.com] Mar 24 11:25:12.076519 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:10:04:23:ff:96:08:00 SRC=142.251.151.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=3109 PROTO=TCP SPT=443 DPT=50166 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U:33 ssl-host:www.google.com] Mar 24 11:25:12.076532 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:10:04:23:ff:96:08:00 SRC=142.251.151.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=3108 PROTO=TCP SPT=443 DPT=50166 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U:33 ssl-host:www.google.com] Mar 24 11:25:12.076546 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:10:04:23:ff:96:08:00 SRC=142.251.151.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=3117 PROTO=TCP SPT=443 DPT=50166 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U:33 ssl-host:www.google.com] Mar 24 11:25:12.076559 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:10:04:23:ff:96:08:00 SRC=142.251.151.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=3116 PROTO=TCP SPT=443 DPT=50166 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U:33 ssl-host:www.google.com] Mar 24 11:25:12.076572 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:10:04:23:ff:96:08:00 SRC=142.251.151.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=3115 PROTO=TCP SPT=443 DPT=50166 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U:33 ssl-host:www.google.com] Mar 24 11:25:12.076597 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:10:04:23:ff:96:08:00 SRC=142.251.151.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=3114 PROTO=TCP SPT=443 DPT=50166 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U:33 ssl-host:www.google.com] Mar 24 11:25:12.076612 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:10:04:23:ff:96:08:00 SRC=142.251.151.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=3113 PROTO=TCP SPT=443 DPT=50166 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U:33 ssl-host:www.google.com] Mar 24 11:25:12.076626 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:10:04:23:ff:96:08:00 SRC=142.251.151.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=3112 PROTO=TCP SPT=443 DPT=50166 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U:33 ssl-host:www.google.com] Mar 24 11:25:12.076639 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:10:04:23:ff:96:08:00 SRC=142.251.151.119 DST=10.215.168.64 LEN=421 TOS=0x00 PREC=0x00 TTL=113 ID=3118 PROTO=TCP SPT=443 DPT=50166 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U:33 ssl-host:www.google.com] Mar 24 11:25:12.078062 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:10:04:23:ff:96:08:00 SRC=142.251.151.119 DST=10.215.168.64 LEN=52 TOS=0x00 PREC=0x00 TTL=113 ID=3119 PROTO=TCP SPT=443 DPT=50166 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U:33 ssl-host:www.google.com] Mar 24 11:25:12.084290 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:10:04:23:ff:96:08:00 SRC=142.251.151.119 DST=10.215.168.64 LEN=52 TOS=0x00 PREC=0x00 TTL=113 ID=3120 PROTO=TCP SPT=443 DPT=50166 WINDOW=1050 RES=0x00 ACK FIN URGP=0 APPDETECT[U:33 ssl-host:www.google.com] Mar 24 11:25:12.097216 osdx sudo[287523]: pam_limits(sudo:session): invalid line '@200:215 hard maxlogins ' - skipped Mar 24 11:25:12.100811 osdx OSDxCLI[215243]: User 'admin' executed a new command: 'file copy https://www.google.com running://index.html force'.
Step 6: Run command file copy http://10.215.168.1/~robot/ running://index.html force at DUT0 and expect this output:
Show output
% Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 100 972 0 972 0 0 216k 0 --:--:-- --:--:-- --:--:-- 237k
Step 7: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
osdx kernel:.*ACCEPT.*APPDETECT\[U:34 http-host:10.215.168.1\]Show output
Mar 24 11:25:09.286462 osdx systemd-journald[151414]: Runtime Journal (/run/log/journal/7e3c4dd6c8d74b1c9c9747e610a7f242) is 1.9M, max 13.8M, 11.8M free. Mar 24 11:25:09.288285 osdx systemd-journald[151414]: Received client request to rotate journal, rotating. Mar 24 11:25:09.288325 osdx systemd-journald[151414]: Vacuuming done, freed 0B of archived journals from /run/log/journal/7e3c4dd6c8d74b1c9c9747e610a7f242. Mar 24 11:25:09.290448 osdx sudo[287214]: pam_limits(sudo:session): invalid line '@200:215 hard maxlogins ' - skipped Mar 24 11:25:09.296802 osdx OSDxCLI[215243]: User 'admin' executed a new command: 'system journal clear'. Mar 24 11:25:09.504107 osdx OSDxCLI[215243]: User 'admin' executed a new command: 'system coredump delete all'. Mar 24 11:25:09.724466 osdx OSDxCLI[215243]: User 'admin' entered the configuration menu. Mar 24 11:25:09.793348 osdx OSDxCLI[215243]: User 'admin' added a new cfg line: 'set system traffic policy in POL'. Mar 24 11:25:09.895291 osdx OSDxCLI[215243]: User 'admin' added a new cfg line: 'set traffic policy POL rule 1 selector SEL'. Mar 24 11:25:09.958151 osdx OSDxCLI[215243]: User 'admin' added a new cfg line: 'set traffic policy POL rule 1 log app-id'. Mar 24 11:25:10.063411 osdx OSDxCLI[215243]: User 'admin' added a new cfg line: 'set traffic selector SEL rule 1 app-id custom -1'. Mar 24 11:25:10.121627 osdx OSDxCLI[215243]: User 'admin' added a new cfg line: 'set traffic selector SEL rule 1 app-id detected'. Mar 24 11:25:10.223192 osdx OSDxCLI[215243]: User 'admin' added a new cfg line: 'set system conntrack app-detect dictionary 1 custom app-id 33 fqdn google'. Mar 24 11:25:10.286794 osdx OSDxCLI[215243]: User 'admin' added a new cfg line: 'set system conntrack app-detect dictionary 1 custom app-id 34 fqdn 10.215.168.1'. Mar 24 11:25:10.374092 osdx OSDxCLI[215243]: User 'admin' added a new cfg line: 'set system conntrack app-detect http-host'. Mar 24 11:25:10.437221 osdx OSDxCLI[215243]: User 'admin' added a new cfg line: 'set system conntrack app-detect ssl-host'. Mar 24 11:25:10.550893 osdx OSDxCLI[215243]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Mar 24 11:25:10.617043 osdx OSDxCLI[215243]: User 'admin' added a new cfg line: 'set service dns resolver name-server 10.215.168.1'. Mar 24 11:25:10.732976 osdx OSDxCLI[215243]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Mar 24 11:25:10.802383 osdx OSDxCLI[215243]: User 'admin' added a new cfg line: 'show working'. Mar 24 11:25:10.895659 osdx ubnt-cfgd[287249]: inactive Mar 24 11:25:10.933134 osdx INFO[287271]: FRR daemons did not change Mar 24 11:25:11.140291 osdx kernel: app-detect: module init Mar 24 11:25:11.140354 osdx kernel: app-detect: registered: sysctl net.appdetect Mar 24 11:25:11.140365 osdx kernel: app-detect: expression init Mar 24 11:25:11.140373 osdx kernel: app-detect: appid cache initialized Mar 24 11:25:11.140381 osdx kernel: app-detect: appid cache changes counter initialized Mar 24 11:25:11.155406 osdx sudo[287300]: pam_limits(sudo:session): invalid line '@200:215 hard maxlogins ' - skipped Mar 24 11:25:11.184296 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Mar 24 11:25:11.473707 osdx cfgd[1474]: [215243]Completed change to active configuration Mar 24 11:25:11.485879 osdx OSDxCLI[215243]: User 'admin' committed the configuration. Mar 24 11:25:11.503216 osdx OSDxCLI[215243]: User 'admin' left the configuration menu. Mar 24 11:25:11.649919 osdx OSDxCLI[215243]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'. Mar 24 11:25:11.747811 osdx OSDxCLI[215243]: User 'admin' executed a new command: 'ping www.google.com count 1 size 56 timeout 1'. Mar 24 11:25:11.811383 osdx sudo[287512]: pam_limits(sudo:session): invalid line '@200:215 hard maxlogins ' - skipped Mar 24 11:25:11.877874 osdx file_operation[287515]: using src url: https://www.google.com dst url: running://index.html Mar 24 11:25:11.905716 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:10:04:23:ff:96:08:00 SRC=142.251.151.119 DST=10.215.168.64 LEN=52 TOS=0x00 PREC=0x00 TTL=113 ID=3049 PROTO=TCP SPT=443 DPT=50166 WINDOW=1048 RES=0x00 ACK URGP=0 APPDETECT[U:33 ssl-host:www.google.com] Mar 24 11:25:11.925379 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:10:04:23:ff:96:08:00 SRC=142.251.151.119 DST=10.215.168.64 LEN=1367 TOS=0x00 PREC=0x00 TTL=113 ID=3052 PROTO=TCP SPT=443 DPT=50166 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U:33 ssl-host:www.google.com] Mar 24 11:25:11.925456 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:10:04:23:ff:96:08:00 SRC=142.251.151.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=3051 PROTO=TCP SPT=443 DPT=50166 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U:33 ssl-host:www.google.com] Mar 24 11:25:11.925470 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:10:04:23:ff:96:08:00 SRC=142.251.151.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=3050 PROTO=TCP SPT=443 DPT=50166 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U:33 ssl-host:www.google.com] Mar 24 11:25:11.930609 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:10:04:23:ff:96:08:00 SRC=142.251.151.119 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=113 ID=3053 PROTO=TCP SPT=443 DPT=50166 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U:33 ssl-host:www.google.com] Mar 24 11:25:11.930688 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:10:04:23:ff:96:08:00 SRC=142.251.151.119 DST=10.215.168.64 LEN=52 TOS=0x00 PREC=0x00 TTL=113 ID=3054 PROTO=TCP SPT=443 DPT=50166 WINDOW=1049 RES=0x00 ACK URGP=0 APPDETECT[U:33 ssl-host:www.google.com] Mar 24 11:25:11.930983 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:10:04:23:ff:96:08:00 SRC=142.251.151.119 DST=10.215.168.64 LEN=700 TOS=0x00 PREC=0x00 TTL=113 ID=3055 PROTO=TCP SPT=443 DPT=50166 WINDOW=1049 RES=0x00 ACK PSH URGP=0 APPDETECT[U:33 ssl-host:www.google.com] Mar 24 11:25:11.932899 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:10:04:23:ff:96:08:00 SRC=142.251.151.119 DST=10.215.168.64 LEN=83 TOS=0x00 PREC=0x00 TTL=113 ID=3056 PROTO=TCP SPT=443 DPT=50166 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U:33 ssl-host:www.google.com] Mar 24 11:25:11.939570 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:10:04:23:ff:96:08:00 SRC=142.251.151.119 DST=10.215.168.64 LEN=52 TOS=0x00 PREC=0x00 TTL=113 ID=3057 PROTO=TCP SPT=443 DPT=50166 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U:33 ssl-host:www.google.com] Mar 24 11:25:12.059922 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:10:04:23:ff:96:08:00 SRC=142.251.151.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=3060 PROTO=TCP SPT=443 DPT=50166 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U:33 ssl-host:www.google.com] Mar 24 11:25:12.060024 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:10:04:23:ff:96:08:00 SRC=142.251.151.119 DST=10.215.168.64 LEN=1401 TOS=0x00 PREC=0x00 TTL=113 ID=3061 PROTO=TCP SPT=443 DPT=50166 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U:33 ssl-host:www.google.com] Mar 24 11:25:12.060039 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:10:04:23:ff:96:08:00 SRC=142.251.151.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=3059 PROTO=TCP SPT=443 DPT=50166 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U:33 ssl-host:www.google.com] Mar 24 11:25:12.060050 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:10:04:23:ff:96:08:00 SRC=142.251.151.119 DST=10.215.168.64 LEN=1272 TOS=0x00 PREC=0x00 TTL=113 ID=3058 PROTO=TCP SPT=443 DPT=50166 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U:33 ssl-host:www.google.com] Mar 24 11:25:12.063679 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:10:04:23:ff:96:08:00 SRC=142.251.151.119 DST=10.215.168.64 LEN=1272 TOS=0x00 PREC=0x00 TTL=113 ID=3062 PROTO=TCP SPT=443 DPT=50166 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U:33 ssl-host:www.google.com] Mar 24 11:25:12.068537 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:10:04:23:ff:96:08:00 SRC=142.251.151.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=3064 PROTO=TCP SPT=443 DPT=50166 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U:33 ssl-host:www.google.com] Mar 24 11:25:12.068555 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:10:04:23:ff:96:08:00 SRC=142.251.151.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=3063 PROTO=TCP SPT=443 DPT=50166 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U:33 ssl-host:www.google.com] Mar 24 11:25:12.068614 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:10:04:23:ff:96:08:00 SRC=142.251.151.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=3065 PROTO=TCP SPT=443 DPT=50166 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U:33 ssl-host:www.google.com] Mar 24 11:25:12.072286 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:10:04:23:ff:96:08:00 SRC=142.251.151.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=3066 PROTO=TCP SPT=443 DPT=50166 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U:33 ssl-host:www.google.com] Mar 24 11:25:12.072303 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:10:04:23:ff:96:08:00 SRC=142.251.151.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=3067 PROTO=TCP SPT=443 DPT=50166 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U:33 ssl-host:www.google.com] Mar 24 11:25:12.072315 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:10:04:23:ff:96:08:00 SRC=142.251.151.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=3068 PROTO=TCP SPT=443 DPT=50166 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U:33 ssl-host:www.google.com] Mar 24 11:25:12.072327 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:10:04:23:ff:96:08:00 SRC=142.251.151.119 DST=10.215.168.64 LEN=2852 TOS=0x00 PREC=0x00 TTL=113 ID=3071 PROTO=TCP SPT=443 DPT=50166 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U:33 ssl-host:www.google.com] Mar 24 11:25:12.072344 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:10:04:23:ff:96:08:00 SRC=142.251.151.119 DST=10.215.168.64 LEN=2852 TOS=0x00 PREC=0x00 TTL=113 ID=3069 PROTO=TCP SPT=443 DPT=50166 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U:33 ssl-host:www.google.com] Mar 24 11:25:12.072356 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:10:04:23:ff:96:08:00 SRC=142.251.151.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=3077 PROTO=TCP SPT=443 DPT=50166 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U:33 ssl-host:www.google.com] Mar 24 11:25:12.072368 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:10:04:23:ff:96:08:00 SRC=142.251.151.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=3075 PROTO=TCP SPT=443 DPT=50166 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U:33 ssl-host:www.google.com] Mar 24 11:25:12.072383 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:10:04:23:ff:96:08:00 SRC=142.251.151.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=3073 PROTO=TCP SPT=443 DPT=50166 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U:33 ssl-host:www.google.com] Mar 24 11:25:12.072397 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:10:04:23:ff:96:08:00 SRC=142.251.151.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=3074 PROTO=TCP SPT=443 DPT=50166 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U:33 ssl-host:www.google.com] Mar 24 11:25:12.072413 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:10:04:23:ff:96:08:00 SRC=142.251.151.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=3078 PROTO=TCP SPT=443 DPT=50166 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U:33 ssl-host:www.google.com] Mar 24 11:25:12.072425 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:10:04:23:ff:96:08:00 SRC=142.251.151.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=3076 PROTO=TCP SPT=443 DPT=50166 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U:33 ssl-host:www.google.com] Mar 24 11:25:12.072436 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:10:04:23:ff:96:08:00 SRC=142.251.151.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=3084 PROTO=TCP SPT=443 DPT=50166 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U:33 ssl-host:www.google.com] Mar 24 11:25:12.072448 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:10:04:23:ff:96:08:00 SRC=142.251.151.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=3083 PROTO=TCP SPT=443 DPT=50166 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U:33 ssl-host:www.google.com] Mar 24 11:25:12.072460 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:10:04:23:ff:96:08:00 SRC=142.251.151.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=3082 PROTO=TCP SPT=443 DPT=50166 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U:33 ssl-host:www.google.com] Mar 24 11:25:12.072472 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:10:04:23:ff:96:08:00 SRC=142.251.151.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=3079 PROTO=TCP SPT=443 DPT=50166 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U:33 ssl-host:www.google.com] Mar 24 11:25:12.072486 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:10:04:23:ff:96:08:00 SRC=142.251.151.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=3081 PROTO=TCP SPT=443 DPT=50166 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U:33 ssl-host:www.google.com] Mar 24 11:25:12.072498 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:10:04:23:ff:96:08:00 SRC=142.251.151.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=3080 PROTO=TCP SPT=443 DPT=50166 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U:33 ssl-host:www.google.com] Mar 24 11:25:12.072511 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:10:04:23:ff:96:08:00 SRC=142.251.151.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=3085 PROTO=TCP SPT=443 DPT=50166 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U:33 ssl-host:www.google.com] Mar 24 11:25:12.072522 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:10:04:23:ff:96:08:00 SRC=142.251.151.119 DST=10.215.168.64 LEN=2852 TOS=0x00 PREC=0x00 TTL=113 ID=3090 PROTO=TCP SPT=443 DPT=50166 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U:33 ssl-host:www.google.com] Mar 24 11:25:12.072535 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:10:04:23:ff:96:08:00 SRC=142.251.151.119 DST=10.215.168.64 LEN=2852 TOS=0x00 PREC=0x00 TTL=113 ID=3088 PROTO=TCP SPT=443 DPT=50166 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U:33 ssl-host:www.google.com] Mar 24 11:25:12.072548 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:10:04:23:ff:96:08:00 SRC=142.251.151.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=3087 PROTO=TCP SPT=443 DPT=50166 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U:33 ssl-host:www.google.com] Mar 24 11:25:12.072559 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:10:04:23:ff:96:08:00 SRC=142.251.151.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=3086 PROTO=TCP SPT=443 DPT=50166 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U:33 ssl-host:www.google.com] Mar 24 11:25:12.072568 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:10:04:23:ff:96:08:00 SRC=142.251.151.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=3093 PROTO=TCP SPT=443 DPT=50166 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U:33 ssl-host:www.google.com] Mar 24 11:25:12.072585 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:10:04:23:ff:96:08:00 SRC=142.251.151.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=3092 PROTO=TCP SPT=443 DPT=50166 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U:33 ssl-host:www.google.com] Mar 24 11:25:12.072599 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:10:04:23:ff:96:08:00 SRC=142.251.151.119 DST=10.215.168.64 LEN=2852 TOS=0x00 PREC=0x00 TTL=113 ID=3094 PROTO=TCP SPT=443 DPT=50166 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U:33 ssl-host:www.google.com] Mar 24 11:25:12.076292 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:10:04:23:ff:96:08:00 SRC=142.251.151.119 DST=10.215.168.64 LEN=2852 TOS=0x00 PREC=0x00 TTL=113 ID=3096 PROTO=TCP SPT=443 DPT=50166 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U:33 ssl-host:www.google.com] Mar 24 11:25:12.076343 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:10:04:23:ff:96:08:00 SRC=142.251.151.119 DST=10.215.168.64 LEN=1051 TOS=0x00 PREC=0x00 TTL=113 ID=3101 PROTO=TCP SPT=443 DPT=50166 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U:33 ssl-host:www.google.com] Mar 24 11:25:12.076372 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:10:04:23:ff:96:08:00 SRC=142.251.151.119 DST=10.215.168.64 LEN=2852 TOS=0x00 PREC=0x00 TTL=113 ID=3099 PROTO=TCP SPT=443 DPT=50166 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U:33 ssl-host:www.google.com] Mar 24 11:25:12.076388 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:10:04:23:ff:96:08:00 SRC=142.251.151.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=3098 PROTO=TCP SPT=443 DPT=50166 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U:33 ssl-host:www.google.com] Mar 24 11:25:12.076405 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:10:04:23:ff:96:08:00 SRC=142.251.151.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=3102 PROTO=TCP SPT=443 DPT=50166 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U:33 ssl-host:www.google.com] Mar 24 11:25:12.076422 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:10:04:23:ff:96:08:00 SRC=142.251.151.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=3103 PROTO=TCP SPT=443 DPT=50166 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U:33 ssl-host:www.google.com] Mar 24 11:25:12.076436 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:10:04:23:ff:96:08:00 SRC=142.251.151.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=3104 PROTO=TCP SPT=443 DPT=50166 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U:33 ssl-host:www.google.com] Mar 24 11:25:12.076449 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:10:04:23:ff:96:08:00 SRC=142.251.151.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=3105 PROTO=TCP SPT=443 DPT=50166 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U:33 ssl-host:www.google.com] Mar 24 11:25:12.076462 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:10:04:23:ff:96:08:00 SRC=142.251.151.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=3106 PROTO=TCP SPT=443 DPT=50166 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U:33 ssl-host:www.google.com] Mar 24 11:25:12.076479 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:10:04:23:ff:96:08:00 SRC=142.251.151.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=3107 PROTO=TCP SPT=443 DPT=50166 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U:33 ssl-host:www.google.com] Mar 24 11:25:12.076492 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:10:04:23:ff:96:08:00 SRC=142.251.151.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=3111 PROTO=TCP SPT=443 DPT=50166 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U:33 ssl-host:www.google.com] Mar 24 11:25:12.076505 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:10:04:23:ff:96:08:00 SRC=142.251.151.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=3110 PROTO=TCP SPT=443 DPT=50166 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U:33 ssl-host:www.google.com] Mar 24 11:25:12.076519 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:10:04:23:ff:96:08:00 SRC=142.251.151.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=3109 PROTO=TCP SPT=443 DPT=50166 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U:33 ssl-host:www.google.com] Mar 24 11:25:12.076532 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:10:04:23:ff:96:08:00 SRC=142.251.151.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=3108 PROTO=TCP SPT=443 DPT=50166 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U:33 ssl-host:www.google.com] Mar 24 11:25:12.076546 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:10:04:23:ff:96:08:00 SRC=142.251.151.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=3117 PROTO=TCP SPT=443 DPT=50166 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U:33 ssl-host:www.google.com] Mar 24 11:25:12.076559 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:10:04:23:ff:96:08:00 SRC=142.251.151.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=3116 PROTO=TCP SPT=443 DPT=50166 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U:33 ssl-host:www.google.com] Mar 24 11:25:12.076572 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:10:04:23:ff:96:08:00 SRC=142.251.151.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=3115 PROTO=TCP SPT=443 DPT=50166 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U:33 ssl-host:www.google.com] Mar 24 11:25:12.076597 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:10:04:23:ff:96:08:00 SRC=142.251.151.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=3114 PROTO=TCP SPT=443 DPT=50166 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U:33 ssl-host:www.google.com] Mar 24 11:25:12.076612 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:10:04:23:ff:96:08:00 SRC=142.251.151.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=3113 PROTO=TCP SPT=443 DPT=50166 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U:33 ssl-host:www.google.com] Mar 24 11:25:12.076626 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:10:04:23:ff:96:08:00 SRC=142.251.151.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=113 ID=3112 PROTO=TCP SPT=443 DPT=50166 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U:33 ssl-host:www.google.com] Mar 24 11:25:12.076639 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:10:04:23:ff:96:08:00 SRC=142.251.151.119 DST=10.215.168.64 LEN=421 TOS=0x00 PREC=0x00 TTL=113 ID=3118 PROTO=TCP SPT=443 DPT=50166 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U:33 ssl-host:www.google.com] Mar 24 11:25:12.078062 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:10:04:23:ff:96:08:00 SRC=142.251.151.119 DST=10.215.168.64 LEN=52 TOS=0x00 PREC=0x00 TTL=113 ID=3119 PROTO=TCP SPT=443 DPT=50166 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U:33 ssl-host:www.google.com] Mar 24 11:25:12.084290 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:10:04:23:ff:96:08:00 SRC=142.251.151.119 DST=10.215.168.64 LEN=52 TOS=0x00 PREC=0x00 TTL=113 ID=3120 PROTO=TCP SPT=443 DPT=50166 WINDOW=1050 RES=0x00 ACK FIN URGP=0 APPDETECT[U:33 ssl-host:www.google.com] Mar 24 11:25:12.097216 osdx sudo[287523]: pam_limits(sudo:session): invalid line '@200:215 hard maxlogins ' - skipped Mar 24 11:25:12.100811 osdx OSDxCLI[215243]: User 'admin' executed a new command: 'file copy https://www.google.com running://index.html force'. Mar 24 11:25:12.266495 osdx OSDxCLI[215243]: User 'admin' executed a new command: 'system journal show | cat'. Mar 24 11:25:12.539169 osdx sudo[287534]: pam_limits(sudo:session): invalid line '@200:215 hard maxlogins ' - skipped Mar 24 11:25:12.612489 osdx file_operation[287537]: using src url: http://10.215.168.1/~robot/ dst url: running://index.html Mar 24 11:25:12.620292 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:10:04:23:ff:96:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=52 TOS=0x00 PREC=0x00 TTL=64 ID=34189 DF PROTO=TCP SPT=80 DPT=37780 WINDOW=508 RES=0x00 ACK URGP=0 APPDETECT[U:34 http-host:10.215.168.1] Mar 24 11:25:12.620338 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:10:04:23:ff:96:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=1191 TOS=0x00 PREC=0x00 TTL=64 ID=34190 DF PROTO=TCP SPT=80 DPT=37780 WINDOW=508 RES=0x00 ACK PSH URGP=0 APPDETECT[U:34 http-host:10.215.168.1] Mar 24 11:25:12.620357 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:10:04:23:ff:96:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=52 TOS=0x00 PREC=0x00 TTL=64 ID=34191 DF PROTO=TCP SPT=80 DPT=37780 WINDOW=508 RES=0x00 ACK FIN URGP=0 APPDETECT[U:34 http-host:10.215.168.1] Mar 24 11:25:12.636859 osdx sudo[287544]: pam_limits(sudo:session): invalid line '@200:215 hard maxlogins ' - skipped Mar 24 11:25:12.638700 osdx OSDxCLI[215243]: User 'admin' executed a new command: 'file copy http://10.215.168.1/~robot/ running://index.html force'.
Match Traffic by an engine dictionary
Description
This example illustrates how to match all traffic in an engine dictionary
Scenario
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns resolver name-server 10.215.168.1 set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0' set system traffic policy in POL set traffic policy POL rule 1 log app-id set traffic policy POL rule 1 selector SEL set traffic selector SEL rule 1 app-id detected set traffic selector SEL rule 1 app-id engine 128
Step 2: Ping IP address 10.215.168.1 from DUT0:
admin@DUT0$ ping 10.215.168.1 count 1 size 56 timeout 1Show output
PING 10.215.168.1 (10.215.168.1) 56(84) bytes of data. 64 bytes from 10.215.168.1: icmp_seq=1 ttl=64 time=0.204 ms --- 10.215.168.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.204/0.204/0.204/0.000 ms
Step 3: Ping IP address www.google.com from DUT0:
admin@DUT0$ ping www.google.com count 1 size 56 timeout 1Show output
PING www.google.com (142.251.152.119) 56(84) bytes of data. 64 bytes from 142.251.152.119 (142.251.152.119): icmp_seq=1 ttl=108 time=4.32 ms --- www.google.com ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 4.324/4.324/4.324/0.000 ms
Step 4: Run command file copy http://10.215.168.1/~robot/test_dict.gz running://test_dict.gz force at DUT0 and expect this output:
Show output
% Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 100 68181 100 68181 0 0 9957k 0 --:--:-- --:--:-- --:--:-- 10.8M
Step 5: Modify the following configuration lines in DUT0 :
set system conntrack app-detect dictionary 1 filename 'running://test_dict.gz' set system conntrack app-detect http-host set system conntrack app-detect ssl-host
Step 6: Run command file copy https://www.google.com running://index.html force at DUT0 and expect this output:
Show output
% Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 100 79820 0 79820 0 0 357k 0 --:--:-- --:--:-- --:--:-- 359k
Step 7: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
osdx kernel:.*ACCEPT.*APPDETECT\[U:6 ssl-host:www.google.com\]Show output
Mar 24 11:25:17.000193 osdx systemd-timedated[285067]: Changed local time to Tue 2026-03-24 11:25:17 UTC Mar 24 11:25:17.001947 osdx OSDxCLI[215243]: User 'admin' executed a new command: 'set date 2026-03-24 11:25:17'. Mar 24 11:25:17.003937 osdx systemd-journald[151414]: Time jumped backwards, rotating. Mar 24 11:25:17.297714 osdx sudo[287778]: pam_limits(sudo:session): invalid line '@200:215 hard maxlogins ' - skipped Mar 24 11:25:17.301831 osdx systemd-journald[151414]: Runtime Journal (/run/log/journal/7e3c4dd6c8d74b1c9c9747e610a7f242) is 1.8M, max 13.8M, 11.9M free. Mar 24 11:25:17.303946 osdx systemd-journald[151414]: Received client request to rotate journal, rotating. Mar 24 11:25:17.304014 osdx systemd-journald[151414]: Vacuuming done, freed 0B of archived journals from /run/log/journal/7e3c4dd6c8d74b1c9c9747e610a7f242. Mar 24 11:25:17.306323 osdx sudo[287777]: pam_limits(sudo:session): invalid line '@200:215 hard maxlogins ' - skipped Mar 24 11:25:17.312222 osdx OSDxCLI[215243]: User 'admin' executed a new command: 'system journal clear'. Mar 24 11:25:17.554708 osdx OSDxCLI[215243]: User 'admin' executed a new command: 'system coredump delete all'. Mar 24 11:25:17.792525 osdx OSDxCLI[215243]: User 'admin' entered the configuration menu. Mar 24 11:25:17.855993 osdx OSDxCLI[215243]: User 'admin' added a new cfg line: 'set system traffic policy in POL'. Mar 24 11:25:17.956318 osdx OSDxCLI[215243]: User 'admin' added a new cfg line: 'set traffic policy POL rule 1 selector SEL'. Mar 24 11:25:18.052596 osdx OSDxCLI[215243]: User 'admin' added a new cfg line: 'set traffic policy POL rule 1 log app-id'. Mar 24 11:25:18.121934 osdx OSDxCLI[215243]: User 'admin' added a new cfg line: 'set traffic selector SEL rule 1 app-id engine 128'. Mar 24 11:25:18.214211 osdx OSDxCLI[215243]: User 'admin' added a new cfg line: 'set traffic selector SEL rule 1 app-id detected'. Mar 24 11:25:18.271663 osdx OSDxCLI[215243]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Mar 24 11:25:18.369587 osdx OSDxCLI[215243]: User 'admin' added a new cfg line: 'set service dns resolver name-server 10.215.168.1'. Mar 24 11:25:18.442317 osdx OSDxCLI[215243]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Mar 24 11:25:18.542884 osdx OSDxCLI[215243]: User 'admin' added a new cfg line: 'show working'. Mar 24 11:25:18.614695 osdx ubnt-cfgd[287808]: inactive Mar 24 11:25:18.661414 osdx INFO[287830]: FRR daemons did not change Mar 24 11:25:18.683934 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Mar 24 11:25:18.972885 osdx cfgd[1474]: [215243]Completed change to active configuration Mar 24 11:25:18.984817 osdx OSDxCLI[215243]: User 'admin' committed the configuration. Mar 24 11:25:19.010085 osdx OSDxCLI[215243]: User 'admin' left the configuration menu. Mar 24 11:25:19.150392 osdx OSDxCLI[215243]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'. Mar 24 11:25:19.248451 osdx OSDxCLI[215243]: User 'admin' executed a new command: 'ping www.google.com count 1 size 56 timeout 1'. Mar 24 11:25:19.324863 osdx sudo[288037]: pam_limits(sudo:session): invalid line '@200:215 hard maxlogins ' - skipped Mar 24 11:25:19.405849 osdx file_operation[288040]: using src url: http://10.215.168.1/~robot/test_dict.gz dst url: running://test_dict.gz Mar 24 11:25:19.433092 osdx sudo[288047]: pam_limits(sudo:session): invalid line '@200:215 hard maxlogins ' - skipped Mar 24 11:25:19.435164 osdx OSDxCLI[215243]: User 'admin' executed a new command: 'file copy http://10.215.168.1/~robot/test_dict.gz running://test_dict.gz force'. Mar 24 11:25:19.579627 osdx OSDxCLI[215243]: User 'admin' entered the configuration menu. Mar 24 11:25:19.651056 osdx OSDxCLI[215243]: User 'admin' added a new cfg line: 'set system conntrack app-detect dictionary 1 filename running://test_dict.gz'. Mar 24 11:25:19.746764 osdx OSDxCLI[215243]: User 'admin' added a new cfg line: 'set system conntrack app-detect http-host'. Mar 24 11:25:19.805037 osdx OSDxCLI[215243]: User 'admin' added a new cfg line: 'set system conntrack app-detect ssl-host'. Mar 24 11:25:19.917079 osdx OSDxCLI[215243]: User 'admin' added a new cfg line: 'show changes'. Mar 24 11:25:19.990240 osdx ubnt-cfgd[288057]: inactive Mar 24 11:25:20.012407 osdx INFO[288063]: FRR daemons did not change Mar 24 11:25:20.171932 osdx kernel: app-detect: module init Mar 24 11:25:20.171994 osdx kernel: app-detect: registered: sysctl net.appdetect Mar 24 11:25:20.172007 osdx kernel: app-detect: expression init Mar 24 11:25:20.172019 osdx kernel: app-detect: appid cache initialized Mar 24 11:25:20.172029 osdx kernel: app-detect: appid cache changes counter initialized Mar 24 11:25:20.346691 osdx sudo[288099]: pam_limits(sudo:session): invalid line '@200:215 hard maxlogins ' - skipped Mar 24 11:25:20.351519 osdx cfgd[1474]: [215243]Completed change to active configuration Mar 24 11:25:20.353479 osdx OSDxCLI[215243]: User 'admin' committed the configuration. Mar 24 11:25:20.375275 osdx OSDxCLI[215243]: User 'admin' left the configuration menu. Mar 24 11:25:20.522199 osdx sudo[288113]: pam_limits(sudo:session): invalid line '@200:215 hard maxlogins ' - skipped Mar 24 11:25:20.589451 osdx file_operation[288116]: using src url: https://www.google.com dst url: running://index.html Mar 24 11:25:20.617416 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:10:04:23:ff:96:08:00 SRC=142.251.157.119 DST=10.215.168.64 LEN=52 TOS=0x00 PREC=0x00 TTL=112 ID=7057 PROTO=TCP SPT=443 DPT=34602 WINDOW=1048 RES=0x00 ACK URGP=0 APPDETECT[U:6 ssl-host:www.google.com] Mar 24 11:25:20.632463 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:10:04:23:ff:96:08:00 SRC=142.251.157.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=112 ID=7058 PROTO=TCP SPT=443 DPT=34602 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U:6 ssl-host:www.google.com] Mar 24 11:25:20.632491 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:10:04:23:ff:96:08:00 SRC=142.251.157.119 DST=10.215.168.64 LEN=1367 TOS=0x00 PREC=0x00 TTL=112 ID=7060 PROTO=TCP SPT=443 DPT=34602 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U:6 ssl-host:www.google.com] Mar 24 11:25:20.632500 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:10:04:23:ff:96:08:00 SRC=142.251.157.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=112 ID=7059 PROTO=TCP SPT=443 DPT=34602 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U:6 ssl-host:www.google.com] Mar 24 11:25:20.637839 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:10:04:23:ff:96:08:00 SRC=142.251.157.119 DST=10.215.168.64 LEN=700 TOS=0x00 PREC=0x00 TTL=112 ID=7061 PROTO=TCP SPT=443 DPT=34602 WINDOW=1049 RES=0x00 ACK PSH URGP=0 APPDETECT[U:6 ssl-host:www.google.com] Mar 24 11:25:20.639836 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:10:04:23:ff:96:08:00 SRC=142.251.157.119 DST=10.215.168.64 LEN=83 TOS=0x00 PREC=0x00 TTL=112 ID=7062 PROTO=TCP SPT=443 DPT=34602 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U:6 ssl-host:www.google.com] Mar 24 11:25:20.646907 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:10:04:23:ff:96:08:00 SRC=142.251.157.119 DST=10.215.168.64 LEN=52 TOS=0x00 PREC=0x00 TTL=112 ID=7063 PROTO=TCP SPT=443 DPT=34602 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U:6 ssl-host:www.google.com] Mar 24 11:25:20.778869 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:10:04:23:ff:96:08:00 SRC=142.251.157.119 DST=10.215.168.64 LEN=989 TOS=0x00 PREC=0x00 TTL=112 ID=7067 PROTO=TCP SPT=443 DPT=34602 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U:6 ssl-host:www.google.com] Mar 24 11:25:20.778931 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:10:04:23:ff:96:08:00 SRC=142.251.157.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=112 ID=7066 PROTO=TCP SPT=443 DPT=34602 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U:6 ssl-host:www.google.com] Mar 24 11:25:20.778940 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:10:04:23:ff:96:08:00 SRC=142.251.157.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=112 ID=7065 PROTO=TCP SPT=443 DPT=34602 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U:6 ssl-host:www.google.com] Mar 24 11:25:20.778948 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:10:04:23:ff:96:08:00 SRC=142.251.157.119 DST=10.215.168.64 LEN=1273 TOS=0x00 PREC=0x00 TTL=112 ID=7064 PROTO=TCP SPT=443 DPT=34602 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U:6 ssl-host:www.google.com] Mar 24 11:25:20.801674 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:10:04:23:ff:96:08:00 SRC=142.251.157.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=112 ID=7068 PROTO=TCP SPT=443 DPT=34602 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U:6 ssl-host:www.google.com] Mar 24 11:25:20.801837 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:10:04:23:ff:96:08:00 SRC=142.251.157.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=112 ID=7070 PROTO=TCP SPT=443 DPT=34602 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U:6 ssl-host:www.google.com] Mar 24 11:25:20.801851 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:10:04:23:ff:96:08:00 SRC=142.251.157.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=112 ID=7069 PROTO=TCP SPT=443 DPT=34602 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U:6 ssl-host:www.google.com] Mar 24 11:25:20.801867 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:10:04:23:ff:96:08:00 SRC=142.251.157.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=112 ID=7071 PROTO=TCP SPT=443 DPT=34602 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U:6 ssl-host:www.google.com] Mar 24 11:25:20.801958 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:10:04:23:ff:96:08:00 SRC=142.251.157.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=112 ID=7072 PROTO=TCP SPT=443 DPT=34602 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U:6 ssl-host:www.google.com] Mar 24 11:25:20.802125 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:10:04:23:ff:96:08:00 SRC=142.251.157.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=112 ID=7075 PROTO=TCP SPT=443 DPT=34602 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U:6 ssl-host:www.google.com] Mar 24 11:25:20.802137 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:10:04:23:ff:96:08:00 SRC=142.251.157.119 DST=10.215.168.64 LEN=2852 TOS=0x00 PREC=0x00 TTL=112 ID=7073 PROTO=TCP SPT=443 DPT=34602 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U:6 ssl-host:www.google.com] Mar 24 11:25:20.802580 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:10:04:23:ff:96:08:00 SRC=142.251.157.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=112 ID=7080 PROTO=TCP SPT=443 DPT=34602 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U:6 ssl-host:www.google.com] Mar 24 11:25:20.802591 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:10:04:23:ff:96:08:00 SRC=142.251.157.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=112 ID=7079 PROTO=TCP SPT=443 DPT=34602 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U:6 ssl-host:www.google.com] Mar 24 11:25:20.802600 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:10:04:23:ff:96:08:00 SRC=142.251.157.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=112 ID=7076 PROTO=TCP SPT=443 DPT=34602 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U:6 ssl-host:www.google.com] Mar 24 11:25:20.802612 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:10:04:23:ff:96:08:00 SRC=142.251.157.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=112 ID=7078 PROTO=TCP SPT=443 DPT=34602 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U:6 ssl-host:www.google.com] Mar 24 11:25:20.802621 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:10:04:23:ff:96:08:00 SRC=142.251.157.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=112 ID=7077 PROTO=TCP SPT=443 DPT=34602 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U:6 ssl-host:www.google.com] Mar 24 11:25:20.803348 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:10:04:23:ff:96:08:00 SRC=142.251.157.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=112 ID=7088 PROTO=TCP SPT=443 DPT=34602 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U:6 ssl-host:www.google.com] Mar 24 11:25:20.803360 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:10:04:23:ff:96:08:00 SRC=142.251.157.119 DST=10.215.168.64 LEN=2852 TOS=0x00 PREC=0x00 TTL=112 ID=7086 PROTO=TCP SPT=443 DPT=34602 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U:6 ssl-host:www.google.com] Mar 24 11:25:20.803368 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:10:04:23:ff:96:08:00 SRC=142.251.157.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=112 ID=7083 PROTO=TCP SPT=443 DPT=34602 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U:6 ssl-host:www.google.com] Mar 24 11:25:20.803384 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:10:04:23:ff:96:08:00 SRC=142.251.157.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=112 ID=7082 PROTO=TCP SPT=443 DPT=34602 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U:6 ssl-host:www.google.com] Mar 24 11:25:20.803410 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:10:04:23:ff:96:08:00 SRC=142.251.157.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=112 ID=7085 PROTO=TCP SPT=443 DPT=34602 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U:6 ssl-host:www.google.com] Mar 24 11:25:20.803421 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:10:04:23:ff:96:08:00 SRC=142.251.157.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=112 ID=7081 PROTO=TCP SPT=443 DPT=34602 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U:6 ssl-host:www.google.com] Mar 24 11:25:20.803432 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:10:04:23:ff:96:08:00 SRC=142.251.157.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=112 ID=7084 PROTO=TCP SPT=443 DPT=34602 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U:6 ssl-host:www.google.com] Mar 24 11:25:20.803979 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:10:04:23:ff:96:08:00 SRC=142.251.157.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=112 ID=7093 PROTO=TCP SPT=443 DPT=34602 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U:6 ssl-host:www.google.com] Mar 24 11:25:20.803990 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:10:04:23:ff:96:08:00 SRC=142.251.157.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=112 ID=7092 PROTO=TCP SPT=443 DPT=34602 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U:6 ssl-host:www.google.com] Mar 24 11:25:20.803999 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:10:04:23:ff:96:08:00 SRC=142.251.157.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=112 ID=7091 PROTO=TCP SPT=443 DPT=34602 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U:6 ssl-host:www.google.com] Mar 24 11:25:20.804007 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:10:04:23:ff:96:08:00 SRC=142.251.157.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=112 ID=7090 PROTO=TCP SPT=443 DPT=34602 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U:6 ssl-host:www.google.com] Mar 24 11:25:20.804017 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:10:04:23:ff:96:08:00 SRC=142.251.157.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=112 ID=7089 PROTO=TCP SPT=443 DPT=34602 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U:6 ssl-host:www.google.com] Mar 24 11:25:20.804962 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:10:04:23:ff:96:08:00 SRC=142.251.157.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=112 ID=7095 PROTO=TCP SPT=443 DPT=34602 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U:6 ssl-host:www.google.com] Mar 24 11:25:20.804975 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:10:04:23:ff:96:08:00 SRC=142.251.157.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=112 ID=7094 PROTO=TCP SPT=443 DPT=34602 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U:6 ssl-host:www.google.com] Mar 24 11:25:20.805445 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:10:04:23:ff:96:08:00 SRC=142.251.157.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=112 ID=7101 PROTO=TCP SPT=443 DPT=34602 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U:6 ssl-host:www.google.com] Mar 24 11:25:20.805464 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:10:04:23:ff:96:08:00 SRC=142.251.157.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=112 ID=7098 PROTO=TCP SPT=443 DPT=34602 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U:6 ssl-host:www.google.com] Mar 24 11:25:20.805480 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:10:04:23:ff:96:08:00 SRC=142.251.157.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=112 ID=7100 PROTO=TCP SPT=443 DPT=34602 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U:6 ssl-host:www.google.com] Mar 24 11:25:20.805496 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:10:04:23:ff:96:08:00 SRC=142.251.157.119 DST=10.215.168.64 LEN=2852 TOS=0x00 PREC=0x00 TTL=112 ID=7096 PROTO=TCP SPT=443 DPT=34602 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U:6 ssl-host:www.google.com] Mar 24 11:25:20.805516 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:10:04:23:ff:96:08:00 SRC=142.251.157.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=112 ID=7099 PROTO=TCP SPT=443 DPT=34602 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U:6 ssl-host:www.google.com] Mar 24 11:25:20.807923 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:10:04:23:ff:96:08:00 SRC=142.251.157.119 DST=10.215.168.64 LEN=2852 TOS=0x00 PREC=0x00 TTL=112 ID=7102 PROTO=TCP SPT=443 DPT=34602 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U:6 ssl-host:www.google.com] Mar 24 11:25:20.807941 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:10:04:23:ff:96:08:00 SRC=142.251.157.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=112 ID=7109 PROTO=TCP SPT=443 DPT=34602 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U:6 ssl-host:www.google.com] Mar 24 11:25:20.807950 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:10:04:23:ff:96:08:00 SRC=142.251.157.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=112 ID=7108 PROTO=TCP SPT=443 DPT=34602 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U:6 ssl-host:www.google.com] Mar 24 11:25:20.807960 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:10:04:23:ff:96:08:00 SRC=142.251.157.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=112 ID=7107 PROTO=TCP SPT=443 DPT=34602 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U:6 ssl-host:www.google.com] Mar 24 11:25:20.809442 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:10:04:23:ff:96:08:00 SRC=142.251.157.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=112 ID=7106 PROTO=TCP SPT=443 DPT=34602 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U:6 ssl-host:www.google.com] Mar 24 11:25:20.809452 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:10:04:23:ff:96:08:00 SRC=142.251.157.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=112 ID=7105 PROTO=TCP SPT=443 DPT=34602 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U:6 ssl-host:www.google.com] Mar 24 11:25:20.809460 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:10:04:23:ff:96:08:00 SRC=142.251.157.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=112 ID=7104 PROTO=TCP SPT=443 DPT=34602 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U:6 ssl-host:www.google.com] Mar 24 11:25:20.809471 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:10:04:23:ff:96:08:00 SRC=142.251.157.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=112 ID=7118 PROTO=TCP SPT=443 DPT=34602 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U:6 ssl-host:www.google.com] Mar 24 11:25:20.809479 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:10:04:23:ff:96:08:00 SRC=142.251.157.119 DST=10.215.168.64 LEN=2852 TOS=0x00 PREC=0x00 TTL=112 ID=7116 PROTO=TCP SPT=443 DPT=34602 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U:6 ssl-host:www.google.com] Mar 24 11:25:20.809487 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:10:04:23:ff:96:08:00 SRC=142.251.157.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=112 ID=7115 PROTO=TCP SPT=443 DPT=34602 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U:6 ssl-host:www.google.com] Mar 24 11:25:20.809495 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:10:04:23:ff:96:08:00 SRC=142.251.157.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=112 ID=7114 PROTO=TCP SPT=443 DPT=34602 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U:6 ssl-host:www.google.com] Mar 24 11:25:20.809503 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:10:04:23:ff:96:08:00 SRC=142.251.157.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=112 ID=7113 PROTO=TCP SPT=443 DPT=34602 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U:6 ssl-host:www.google.com] Mar 24 11:25:20.809513 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:10:04:23:ff:96:08:00 SRC=142.251.157.119 DST=10.215.168.64 LEN=2852 TOS=0x00 PREC=0x00 TTL=112 ID=7111 PROTO=TCP SPT=443 DPT=34602 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U:6 ssl-host:www.google.com] Mar 24 11:25:20.809524 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:10:04:23:ff:96:08:00 SRC=142.251.157.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=112 ID=7110 PROTO=TCP SPT=443 DPT=34602 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U:6 ssl-host:www.google.com] Mar 24 11:25:20.809537 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:10:04:23:ff:96:08:00 SRC=142.251.157.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=112 ID=7119 PROTO=TCP SPT=443 DPT=34602 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U:6 ssl-host:www.google.com] Mar 24 11:25:20.809547 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:10:04:23:ff:96:08:00 SRC=142.251.157.119 DST=10.215.168.64 LEN=1926 TOS=0x00 PREC=0x00 TTL=112 ID=7122 PROTO=TCP SPT=443 DPT=34602 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U:6 ssl-host:www.google.com] Mar 24 11:25:20.809556 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:10:04:23:ff:96:08:00 SRC=142.251.157.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=112 ID=7121 PROTO=TCP SPT=443 DPT=34602 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U:6 ssl-host:www.google.com] Mar 24 11:25:20.809564 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:10:04:23:ff:96:08:00 SRC=142.251.157.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=112 ID=7120 PROTO=TCP SPT=443 DPT=34602 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U:6 ssl-host:www.google.com] Mar 24 11:25:20.811682 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:10:04:23:ff:96:08:00 SRC=142.251.157.119 DST=10.215.168.64 LEN=52 TOS=0x00 PREC=0x00 TTL=112 ID=7124 PROTO=TCP SPT=443 DPT=34602 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U:6 ssl-host:www.google.com] Mar 24 11:25:20.815949 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:10:04:23:ff:96:08:00 SRC=142.251.157.119 DST=10.215.168.64 LEN=52 TOS=0x00 PREC=0x00 TTL=112 ID=7125 PROTO=TCP SPT=443 DPT=34602 WINDOW=1050 RES=0x00 ACK FIN URGP=0 APPDETECT[U:6 ssl-host:www.google.com] Mar 24 11:25:20.841029 osdx sudo[288124]: pam_limits(sudo:session): invalid line '@200:215 hard maxlogins ' - skipped Mar 24 11:25:20.842737 osdx OSDxCLI[215243]: User 'admin' executed a new command: 'file copy https://www.google.com running://index.html force'.
Step 8: Run command file copy http://10.215.168.1/~robot/ running://index.html force at DUT0 and expect this output:
Show output
% Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 100 1089 0 1089 0 0 195k 0 --:--:-- --:--:-- --:--:-- 212k
Step 9: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
osdx kernel:.*ACCEPT.*APPDETECT\[U:30 http-host:10.215.168.1\]Show output
Mar 24 11:25:17.000193 osdx systemd-timedated[285067]: Changed local time to Tue 2026-03-24 11:25:17 UTC Mar 24 11:25:17.001947 osdx OSDxCLI[215243]: User 'admin' executed a new command: 'set date 2026-03-24 11:25:17'. Mar 24 11:25:17.003937 osdx systemd-journald[151414]: Time jumped backwards, rotating. Mar 24 11:25:17.297714 osdx sudo[287778]: pam_limits(sudo:session): invalid line '@200:215 hard maxlogins ' - skipped Mar 24 11:25:17.301831 osdx systemd-journald[151414]: Runtime Journal (/run/log/journal/7e3c4dd6c8d74b1c9c9747e610a7f242) is 1.8M, max 13.8M, 11.9M free. Mar 24 11:25:17.303946 osdx systemd-journald[151414]: Received client request to rotate journal, rotating. Mar 24 11:25:17.304014 osdx systemd-journald[151414]: Vacuuming done, freed 0B of archived journals from /run/log/journal/7e3c4dd6c8d74b1c9c9747e610a7f242. Mar 24 11:25:17.306323 osdx sudo[287777]: pam_limits(sudo:session): invalid line '@200:215 hard maxlogins ' - skipped Mar 24 11:25:17.312222 osdx OSDxCLI[215243]: User 'admin' executed a new command: 'system journal clear'. Mar 24 11:25:17.554708 osdx OSDxCLI[215243]: User 'admin' executed a new command: 'system coredump delete all'. Mar 24 11:25:17.792525 osdx OSDxCLI[215243]: User 'admin' entered the configuration menu. Mar 24 11:25:17.855993 osdx OSDxCLI[215243]: User 'admin' added a new cfg line: 'set system traffic policy in POL'. Mar 24 11:25:17.956318 osdx OSDxCLI[215243]: User 'admin' added a new cfg line: 'set traffic policy POL rule 1 selector SEL'. Mar 24 11:25:18.052596 osdx OSDxCLI[215243]: User 'admin' added a new cfg line: 'set traffic policy POL rule 1 log app-id'. Mar 24 11:25:18.121934 osdx OSDxCLI[215243]: User 'admin' added a new cfg line: 'set traffic selector SEL rule 1 app-id engine 128'. Mar 24 11:25:18.214211 osdx OSDxCLI[215243]: User 'admin' added a new cfg line: 'set traffic selector SEL rule 1 app-id detected'. Mar 24 11:25:18.271663 osdx OSDxCLI[215243]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Mar 24 11:25:18.369587 osdx OSDxCLI[215243]: User 'admin' added a new cfg line: 'set service dns resolver name-server 10.215.168.1'. Mar 24 11:25:18.442317 osdx OSDxCLI[215243]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Mar 24 11:25:18.542884 osdx OSDxCLI[215243]: User 'admin' added a new cfg line: 'show working'. Mar 24 11:25:18.614695 osdx ubnt-cfgd[287808]: inactive Mar 24 11:25:18.661414 osdx INFO[287830]: FRR daemons did not change Mar 24 11:25:18.683934 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Mar 24 11:25:18.972885 osdx cfgd[1474]: [215243]Completed change to active configuration Mar 24 11:25:18.984817 osdx OSDxCLI[215243]: User 'admin' committed the configuration. Mar 24 11:25:19.010085 osdx OSDxCLI[215243]: User 'admin' left the configuration menu. Mar 24 11:25:19.150392 osdx OSDxCLI[215243]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'. Mar 24 11:25:19.248451 osdx OSDxCLI[215243]: User 'admin' executed a new command: 'ping www.google.com count 1 size 56 timeout 1'. Mar 24 11:25:19.324863 osdx sudo[288037]: pam_limits(sudo:session): invalid line '@200:215 hard maxlogins ' - skipped Mar 24 11:25:19.405849 osdx file_operation[288040]: using src url: http://10.215.168.1/~robot/test_dict.gz dst url: running://test_dict.gz Mar 24 11:25:19.433092 osdx sudo[288047]: pam_limits(sudo:session): invalid line '@200:215 hard maxlogins ' - skipped Mar 24 11:25:19.435164 osdx OSDxCLI[215243]: User 'admin' executed a new command: 'file copy http://10.215.168.1/~robot/test_dict.gz running://test_dict.gz force'. Mar 24 11:25:19.579627 osdx OSDxCLI[215243]: User 'admin' entered the configuration menu. Mar 24 11:25:19.651056 osdx OSDxCLI[215243]: User 'admin' added a new cfg line: 'set system conntrack app-detect dictionary 1 filename running://test_dict.gz'. Mar 24 11:25:19.746764 osdx OSDxCLI[215243]: User 'admin' added a new cfg line: 'set system conntrack app-detect http-host'. Mar 24 11:25:19.805037 osdx OSDxCLI[215243]: User 'admin' added a new cfg line: 'set system conntrack app-detect ssl-host'. Mar 24 11:25:19.917079 osdx OSDxCLI[215243]: User 'admin' added a new cfg line: 'show changes'. Mar 24 11:25:19.990240 osdx ubnt-cfgd[288057]: inactive Mar 24 11:25:20.012407 osdx INFO[288063]: FRR daemons did not change Mar 24 11:25:20.171932 osdx kernel: app-detect: module init Mar 24 11:25:20.171994 osdx kernel: app-detect: registered: sysctl net.appdetect Mar 24 11:25:20.172007 osdx kernel: app-detect: expression init Mar 24 11:25:20.172019 osdx kernel: app-detect: appid cache initialized Mar 24 11:25:20.172029 osdx kernel: app-detect: appid cache changes counter initialized Mar 24 11:25:20.346691 osdx sudo[288099]: pam_limits(sudo:session): invalid line '@200:215 hard maxlogins ' - skipped Mar 24 11:25:20.351519 osdx cfgd[1474]: [215243]Completed change to active configuration Mar 24 11:25:20.353479 osdx OSDxCLI[215243]: User 'admin' committed the configuration. Mar 24 11:25:20.375275 osdx OSDxCLI[215243]: User 'admin' left the configuration menu. Mar 24 11:25:20.522199 osdx sudo[288113]: pam_limits(sudo:session): invalid line '@200:215 hard maxlogins ' - skipped Mar 24 11:25:20.589451 osdx file_operation[288116]: using src url: https://www.google.com dst url: running://index.html Mar 24 11:25:20.617416 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:10:04:23:ff:96:08:00 SRC=142.251.157.119 DST=10.215.168.64 LEN=52 TOS=0x00 PREC=0x00 TTL=112 ID=7057 PROTO=TCP SPT=443 DPT=34602 WINDOW=1048 RES=0x00 ACK URGP=0 APPDETECT[U:6 ssl-host:www.google.com] Mar 24 11:25:20.632463 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:10:04:23:ff:96:08:00 SRC=142.251.157.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=112 ID=7058 PROTO=TCP SPT=443 DPT=34602 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U:6 ssl-host:www.google.com] Mar 24 11:25:20.632491 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:10:04:23:ff:96:08:00 SRC=142.251.157.119 DST=10.215.168.64 LEN=1367 TOS=0x00 PREC=0x00 TTL=112 ID=7060 PROTO=TCP SPT=443 DPT=34602 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U:6 ssl-host:www.google.com] Mar 24 11:25:20.632500 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:10:04:23:ff:96:08:00 SRC=142.251.157.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=112 ID=7059 PROTO=TCP SPT=443 DPT=34602 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U:6 ssl-host:www.google.com] Mar 24 11:25:20.637839 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:10:04:23:ff:96:08:00 SRC=142.251.157.119 DST=10.215.168.64 LEN=700 TOS=0x00 PREC=0x00 TTL=112 ID=7061 PROTO=TCP SPT=443 DPT=34602 WINDOW=1049 RES=0x00 ACK PSH URGP=0 APPDETECT[U:6 ssl-host:www.google.com] Mar 24 11:25:20.639836 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:10:04:23:ff:96:08:00 SRC=142.251.157.119 DST=10.215.168.64 LEN=83 TOS=0x00 PREC=0x00 TTL=112 ID=7062 PROTO=TCP SPT=443 DPT=34602 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U:6 ssl-host:www.google.com] Mar 24 11:25:20.646907 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:10:04:23:ff:96:08:00 SRC=142.251.157.119 DST=10.215.168.64 LEN=52 TOS=0x00 PREC=0x00 TTL=112 ID=7063 PROTO=TCP SPT=443 DPT=34602 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U:6 ssl-host:www.google.com] Mar 24 11:25:20.778869 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:10:04:23:ff:96:08:00 SRC=142.251.157.119 DST=10.215.168.64 LEN=989 TOS=0x00 PREC=0x00 TTL=112 ID=7067 PROTO=TCP SPT=443 DPT=34602 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U:6 ssl-host:www.google.com] Mar 24 11:25:20.778931 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:10:04:23:ff:96:08:00 SRC=142.251.157.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=112 ID=7066 PROTO=TCP SPT=443 DPT=34602 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U:6 ssl-host:www.google.com] Mar 24 11:25:20.778940 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:10:04:23:ff:96:08:00 SRC=142.251.157.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=112 ID=7065 PROTO=TCP SPT=443 DPT=34602 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U:6 ssl-host:www.google.com] Mar 24 11:25:20.778948 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:10:04:23:ff:96:08:00 SRC=142.251.157.119 DST=10.215.168.64 LEN=1273 TOS=0x00 PREC=0x00 TTL=112 ID=7064 PROTO=TCP SPT=443 DPT=34602 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U:6 ssl-host:www.google.com] Mar 24 11:25:20.801674 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:10:04:23:ff:96:08:00 SRC=142.251.157.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=112 ID=7068 PROTO=TCP SPT=443 DPT=34602 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U:6 ssl-host:www.google.com] Mar 24 11:25:20.801837 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:10:04:23:ff:96:08:00 SRC=142.251.157.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=112 ID=7070 PROTO=TCP SPT=443 DPT=34602 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U:6 ssl-host:www.google.com] Mar 24 11:25:20.801851 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:10:04:23:ff:96:08:00 SRC=142.251.157.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=112 ID=7069 PROTO=TCP SPT=443 DPT=34602 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U:6 ssl-host:www.google.com] Mar 24 11:25:20.801867 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:10:04:23:ff:96:08:00 SRC=142.251.157.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=112 ID=7071 PROTO=TCP SPT=443 DPT=34602 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U:6 ssl-host:www.google.com] Mar 24 11:25:20.801958 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:10:04:23:ff:96:08:00 SRC=142.251.157.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=112 ID=7072 PROTO=TCP SPT=443 DPT=34602 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U:6 ssl-host:www.google.com] Mar 24 11:25:20.802125 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:10:04:23:ff:96:08:00 SRC=142.251.157.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=112 ID=7075 PROTO=TCP SPT=443 DPT=34602 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U:6 ssl-host:www.google.com] Mar 24 11:25:20.802137 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:10:04:23:ff:96:08:00 SRC=142.251.157.119 DST=10.215.168.64 LEN=2852 TOS=0x00 PREC=0x00 TTL=112 ID=7073 PROTO=TCP SPT=443 DPT=34602 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U:6 ssl-host:www.google.com] Mar 24 11:25:20.802580 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:10:04:23:ff:96:08:00 SRC=142.251.157.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=112 ID=7080 PROTO=TCP SPT=443 DPT=34602 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U:6 ssl-host:www.google.com] Mar 24 11:25:20.802591 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:10:04:23:ff:96:08:00 SRC=142.251.157.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=112 ID=7079 PROTO=TCP SPT=443 DPT=34602 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U:6 ssl-host:www.google.com] Mar 24 11:25:20.802600 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:10:04:23:ff:96:08:00 SRC=142.251.157.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=112 ID=7076 PROTO=TCP SPT=443 DPT=34602 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U:6 ssl-host:www.google.com] Mar 24 11:25:20.802612 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:10:04:23:ff:96:08:00 SRC=142.251.157.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=112 ID=7078 PROTO=TCP SPT=443 DPT=34602 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U:6 ssl-host:www.google.com] Mar 24 11:25:20.802621 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:10:04:23:ff:96:08:00 SRC=142.251.157.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=112 ID=7077 PROTO=TCP SPT=443 DPT=34602 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U:6 ssl-host:www.google.com] Mar 24 11:25:20.803348 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:10:04:23:ff:96:08:00 SRC=142.251.157.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=112 ID=7088 PROTO=TCP SPT=443 DPT=34602 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U:6 ssl-host:www.google.com] Mar 24 11:25:20.803360 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:10:04:23:ff:96:08:00 SRC=142.251.157.119 DST=10.215.168.64 LEN=2852 TOS=0x00 PREC=0x00 TTL=112 ID=7086 PROTO=TCP SPT=443 DPT=34602 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U:6 ssl-host:www.google.com] Mar 24 11:25:20.803368 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:10:04:23:ff:96:08:00 SRC=142.251.157.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=112 ID=7083 PROTO=TCP SPT=443 DPT=34602 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U:6 ssl-host:www.google.com] Mar 24 11:25:20.803384 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:10:04:23:ff:96:08:00 SRC=142.251.157.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=112 ID=7082 PROTO=TCP SPT=443 DPT=34602 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U:6 ssl-host:www.google.com] Mar 24 11:25:20.803410 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:10:04:23:ff:96:08:00 SRC=142.251.157.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=112 ID=7085 PROTO=TCP SPT=443 DPT=34602 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U:6 ssl-host:www.google.com] Mar 24 11:25:20.803421 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:10:04:23:ff:96:08:00 SRC=142.251.157.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=112 ID=7081 PROTO=TCP SPT=443 DPT=34602 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U:6 ssl-host:www.google.com] Mar 24 11:25:20.803432 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:10:04:23:ff:96:08:00 SRC=142.251.157.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=112 ID=7084 PROTO=TCP SPT=443 DPT=34602 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U:6 ssl-host:www.google.com] Mar 24 11:25:20.803979 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:10:04:23:ff:96:08:00 SRC=142.251.157.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=112 ID=7093 PROTO=TCP SPT=443 DPT=34602 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U:6 ssl-host:www.google.com] Mar 24 11:25:20.803990 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:10:04:23:ff:96:08:00 SRC=142.251.157.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=112 ID=7092 PROTO=TCP SPT=443 DPT=34602 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U:6 ssl-host:www.google.com] Mar 24 11:25:20.803999 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:10:04:23:ff:96:08:00 SRC=142.251.157.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=112 ID=7091 PROTO=TCP SPT=443 DPT=34602 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U:6 ssl-host:www.google.com] Mar 24 11:25:20.804007 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:10:04:23:ff:96:08:00 SRC=142.251.157.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=112 ID=7090 PROTO=TCP SPT=443 DPT=34602 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U:6 ssl-host:www.google.com] Mar 24 11:25:20.804017 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:10:04:23:ff:96:08:00 SRC=142.251.157.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=112 ID=7089 PROTO=TCP SPT=443 DPT=34602 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U:6 ssl-host:www.google.com] Mar 24 11:25:20.804962 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:10:04:23:ff:96:08:00 SRC=142.251.157.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=112 ID=7095 PROTO=TCP SPT=443 DPT=34602 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U:6 ssl-host:www.google.com] Mar 24 11:25:20.804975 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:10:04:23:ff:96:08:00 SRC=142.251.157.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=112 ID=7094 PROTO=TCP SPT=443 DPT=34602 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U:6 ssl-host:www.google.com] Mar 24 11:25:20.805445 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:10:04:23:ff:96:08:00 SRC=142.251.157.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=112 ID=7101 PROTO=TCP SPT=443 DPT=34602 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U:6 ssl-host:www.google.com] Mar 24 11:25:20.805464 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:10:04:23:ff:96:08:00 SRC=142.251.157.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=112 ID=7098 PROTO=TCP SPT=443 DPT=34602 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U:6 ssl-host:www.google.com] Mar 24 11:25:20.805480 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:10:04:23:ff:96:08:00 SRC=142.251.157.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=112 ID=7100 PROTO=TCP SPT=443 DPT=34602 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U:6 ssl-host:www.google.com] Mar 24 11:25:20.805496 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:10:04:23:ff:96:08:00 SRC=142.251.157.119 DST=10.215.168.64 LEN=2852 TOS=0x00 PREC=0x00 TTL=112 ID=7096 PROTO=TCP SPT=443 DPT=34602 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U:6 ssl-host:www.google.com] Mar 24 11:25:20.805516 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:10:04:23:ff:96:08:00 SRC=142.251.157.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=112 ID=7099 PROTO=TCP SPT=443 DPT=34602 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U:6 ssl-host:www.google.com] Mar 24 11:25:20.807923 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:10:04:23:ff:96:08:00 SRC=142.251.157.119 DST=10.215.168.64 LEN=2852 TOS=0x00 PREC=0x00 TTL=112 ID=7102 PROTO=TCP SPT=443 DPT=34602 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U:6 ssl-host:www.google.com] Mar 24 11:25:20.807941 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:10:04:23:ff:96:08:00 SRC=142.251.157.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=112 ID=7109 PROTO=TCP SPT=443 DPT=34602 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U:6 ssl-host:www.google.com] Mar 24 11:25:20.807950 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:10:04:23:ff:96:08:00 SRC=142.251.157.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=112 ID=7108 PROTO=TCP SPT=443 DPT=34602 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U:6 ssl-host:www.google.com] Mar 24 11:25:20.807960 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:10:04:23:ff:96:08:00 SRC=142.251.157.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=112 ID=7107 PROTO=TCP SPT=443 DPT=34602 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U:6 ssl-host:www.google.com] Mar 24 11:25:20.809442 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:10:04:23:ff:96:08:00 SRC=142.251.157.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=112 ID=7106 PROTO=TCP SPT=443 DPT=34602 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U:6 ssl-host:www.google.com] Mar 24 11:25:20.809452 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:10:04:23:ff:96:08:00 SRC=142.251.157.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=112 ID=7105 PROTO=TCP SPT=443 DPT=34602 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U:6 ssl-host:www.google.com] Mar 24 11:25:20.809460 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:10:04:23:ff:96:08:00 SRC=142.251.157.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=112 ID=7104 PROTO=TCP SPT=443 DPT=34602 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U:6 ssl-host:www.google.com] Mar 24 11:25:20.809471 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:10:04:23:ff:96:08:00 SRC=142.251.157.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=112 ID=7118 PROTO=TCP SPT=443 DPT=34602 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U:6 ssl-host:www.google.com] Mar 24 11:25:20.809479 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:10:04:23:ff:96:08:00 SRC=142.251.157.119 DST=10.215.168.64 LEN=2852 TOS=0x00 PREC=0x00 TTL=112 ID=7116 PROTO=TCP SPT=443 DPT=34602 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U:6 ssl-host:www.google.com] Mar 24 11:25:20.809487 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:10:04:23:ff:96:08:00 SRC=142.251.157.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=112 ID=7115 PROTO=TCP SPT=443 DPT=34602 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U:6 ssl-host:www.google.com] Mar 24 11:25:20.809495 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:10:04:23:ff:96:08:00 SRC=142.251.157.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=112 ID=7114 PROTO=TCP SPT=443 DPT=34602 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U:6 ssl-host:www.google.com] Mar 24 11:25:20.809503 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:10:04:23:ff:96:08:00 SRC=142.251.157.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=112 ID=7113 PROTO=TCP SPT=443 DPT=34602 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U:6 ssl-host:www.google.com] Mar 24 11:25:20.809513 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:10:04:23:ff:96:08:00 SRC=142.251.157.119 DST=10.215.168.64 LEN=2852 TOS=0x00 PREC=0x00 TTL=112 ID=7111 PROTO=TCP SPT=443 DPT=34602 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U:6 ssl-host:www.google.com] Mar 24 11:25:20.809524 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:10:04:23:ff:96:08:00 SRC=142.251.157.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=112 ID=7110 PROTO=TCP SPT=443 DPT=34602 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U:6 ssl-host:www.google.com] Mar 24 11:25:20.809537 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:10:04:23:ff:96:08:00 SRC=142.251.157.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=112 ID=7119 PROTO=TCP SPT=443 DPT=34602 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U:6 ssl-host:www.google.com] Mar 24 11:25:20.809547 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:10:04:23:ff:96:08:00 SRC=142.251.157.119 DST=10.215.168.64 LEN=1926 TOS=0x00 PREC=0x00 TTL=112 ID=7122 PROTO=TCP SPT=443 DPT=34602 WINDOW=1050 RES=0x00 ACK PSH URGP=0 APPDETECT[U:6 ssl-host:www.google.com] Mar 24 11:25:20.809556 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:10:04:23:ff:96:08:00 SRC=142.251.157.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=112 ID=7121 PROTO=TCP SPT=443 DPT=34602 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U:6 ssl-host:www.google.com] Mar 24 11:25:20.809564 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:10:04:23:ff:96:08:00 SRC=142.251.157.119 DST=10.215.168.64 LEN=1452 TOS=0x00 PREC=0x00 TTL=112 ID=7120 PROTO=TCP SPT=443 DPT=34602 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U:6 ssl-host:www.google.com] Mar 24 11:25:20.811682 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:10:04:23:ff:96:08:00 SRC=142.251.157.119 DST=10.215.168.64 LEN=52 TOS=0x00 PREC=0x00 TTL=112 ID=7124 PROTO=TCP SPT=443 DPT=34602 WINDOW=1050 RES=0x00 ACK URGP=0 APPDETECT[U:6 ssl-host:www.google.com] Mar 24 11:25:20.815949 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:10:04:23:ff:96:08:00 SRC=142.251.157.119 DST=10.215.168.64 LEN=52 TOS=0x00 PREC=0x00 TTL=112 ID=7125 PROTO=TCP SPT=443 DPT=34602 WINDOW=1050 RES=0x00 ACK FIN URGP=0 APPDETECT[U:6 ssl-host:www.google.com] Mar 24 11:25:20.841029 osdx sudo[288124]: pam_limits(sudo:session): invalid line '@200:215 hard maxlogins ' - skipped Mar 24 11:25:20.842737 osdx OSDxCLI[215243]: User 'admin' executed a new command: 'file copy https://www.google.com running://index.html force'. Mar 24 11:25:21.009207 osdx OSDxCLI[215243]: User 'admin' executed a new command: 'system journal show | cat'. Mar 24 11:25:21.301301 osdx sudo[288135]: pam_limits(sudo:session): invalid line '@200:215 hard maxlogins ' - skipped Mar 24 11:25:21.366996 osdx file_operation[288138]: using src url: http://10.215.168.1/~robot/ dst url: running://index.html Mar 24 11:25:21.375936 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:10:04:23:ff:96:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=52 TOS=0x00 PREC=0x00 TTL=64 ID=40353 DF PROTO=TCP SPT=80 DPT=38668 WINDOW=508 RES=0x00 ACK URGP=0 APPDETECT[U:30 http-host:10.215.168.1] Mar 24 11:25:21.375991 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:10:04:23:ff:96:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=1308 TOS=0x00 PREC=0x00 TTL=64 ID=40354 DF PROTO=TCP SPT=80 DPT=38668 WINDOW=508 RES=0x00 ACK PSH URGP=0 APPDETECT[U:30 http-host:10.215.168.1] Mar 24 11:25:21.376006 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:10:04:23:ff:96:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=52 TOS=0x00 PREC=0x00 TTL=64 ID=40355 DF PROTO=TCP SPT=80 DPT=38668 WINDOW=508 RES=0x00 ACK FIN URGP=0 APPDETECT[U:30 http-host:10.215.168.1] Mar 24 11:25:21.394766 osdx sudo[288145]: pam_limits(sudo:session): invalid line '@200:215 hard maxlogins ' - skipped Mar 24 11:25:21.397155 osdx OSDxCLI[215243]: User 'admin' executed a new command: 'file copy http://10.215.168.1/~robot/ running://index.html force'.
Drop Traffic not in a custom dictionary
Description
This example illustrates how to drop all traffic that does not belong to a custom dictionary
Scenario
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns resolver name-server 10.215.168.1 set system conntrack app-detect dictionary 1 custom app-id 33 fqdn google set system conntrack app-detect dictionary 1 custom app-id 34 fqdn 10.215.168.1 set system conntrack app-detect http-host set system conntrack app-detect ssl-host set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0' set system traffic policy in POL set traffic policy POL rule 1 action drop set traffic policy POL rule 1 log app-id set traffic policy POL rule 1 selector SEL set traffic selector SEL rule 1 app-id detected set traffic selector SEL rule 1 not app-id custom -1
Step 2: Ping IP address www.marca.com from DUT0:
admin@DUT0$ ping www.marca.com count 1 size 56 timeout 1Show output
PING unidadeditorial.map.fastly.net (199.232.197.50) 56(84) bytes of data. 64 bytes from 199.232.197.50 (199.232.197.50): icmp_seq=1 ttl=49 time=3.37 ms --- unidadeditorial.map.fastly.net ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 3.374/3.374/3.374/0.000 ms
Step 3: Ping IP address www.facebook.es from DUT0:
admin@DUT0$ ping www.facebook.es count 1 size 56 timeout 1Show output
PING star-mini.c10r.facebook.com (31.13.83.36) 56(84) bytes of data. 64 bytes from edge-star-mini-shv-01-mad1.facebook.com (31.13.83.36): icmp_seq=1 ttl=47 time=4.30 ms --- star-mini.c10r.facebook.com ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 4.298/4.298/4.298/0.000 ms
Step 4: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
osdx kernel:.*DROP.*APPDETECT\[L4:443 ssl-host:www.marca.com\]Show output
Mar 24 11:25:26.000192 osdx systemd-timedated[285067]: Changed local time to Tue 2026-03-24 11:25:26 UTC Mar 24 11:25:26.001520 osdx OSDxCLI[215243]: User 'admin' executed a new command: 'set date 2026-03-24 11:25:26'. Mar 24 11:25:26.001761 osdx systemd-journald[151414]: Time jumped backwards, rotating. Mar 24 11:25:26.365723 osdx sudo[288381]: pam_limits(sudo:session): invalid line '@200:215 hard maxlogins ' - skipped Mar 24 11:25:26.369768 osdx systemd-journald[151414]: Runtime Journal (/run/log/journal/7e3c4dd6c8d74b1c9c9747e610a7f242) is 1.9M, max 13.8M, 11.8M free. Mar 24 11:25:26.373733 osdx systemd-journald[151414]: Received client request to rotate journal, rotating. Mar 24 11:25:26.373801 osdx systemd-journald[151414]: Vacuuming done, freed 0B of archived journals from /run/log/journal/7e3c4dd6c8d74b1c9c9747e610a7f242. Mar 24 11:25:26.374909 osdx sudo[288380]: pam_limits(sudo:session): invalid line '@200:215 hard maxlogins ' - skipped Mar 24 11:25:26.381778 osdx OSDxCLI[215243]: User 'admin' executed a new command: 'system journal clear'. Mar 24 11:25:26.596198 osdx OSDxCLI[215243]: User 'admin' executed a new command: 'system coredump delete all'. Mar 24 11:25:26.826843 osdx OSDxCLI[215243]: User 'admin' entered the configuration menu. Mar 24 11:25:26.896822 osdx OSDxCLI[215243]: User 'admin' added a new cfg line: 'set system traffic policy in POL'. Mar 24 11:25:26.997628 osdx OSDxCLI[215243]: User 'admin' added a new cfg line: 'set traffic policy POL rule 1 selector SEL'. Mar 24 11:25:27.051599 osdx OSDxCLI[215243]: User 'admin' added a new cfg line: 'set traffic policy POL rule 1 log app-id'. Mar 24 11:25:27.151398 osdx OSDxCLI[215243]: User 'admin' added a new cfg line: 'set traffic policy POL rule 1 action drop'. Mar 24 11:25:27.217017 osdx OSDxCLI[215243]: User 'admin' added a new cfg line: 'set traffic selector SEL rule 1 not app-id custom -1'. Mar 24 11:25:27.295631 osdx OSDxCLI[215243]: User 'admin' added a new cfg line: 'set traffic selector SEL rule 1 app-id detected'. Mar 24 11:25:27.356145 osdx OSDxCLI[215243]: User 'admin' added a new cfg line: 'set system conntrack app-detect dictionary 1 custom app-id 33 fqdn google'. Mar 24 11:25:27.457137 osdx OSDxCLI[215243]: User 'admin' added a new cfg line: 'set system conntrack app-detect dictionary 1 custom app-id 34 fqdn 10.215.168.1'. Mar 24 11:25:27.511894 osdx OSDxCLI[215243]: User 'admin' added a new cfg line: 'set system conntrack app-detect http-host'. Mar 24 11:25:27.611237 osdx OSDxCLI[215243]: User 'admin' added a new cfg line: 'set system conntrack app-detect ssl-host'. Mar 24 11:25:27.669783 osdx OSDxCLI[215243]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Mar 24 11:25:27.770200 osdx OSDxCLI[215243]: User 'admin' added a new cfg line: 'set service dns resolver name-server 10.215.168.1'. Mar 24 11:25:27.842659 osdx OSDxCLI[215243]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Mar 24 11:25:27.984105 osdx OSDxCLI[215243]: User 'admin' added a new cfg line: 'show working'. Mar 24 11:25:28.053176 osdx ubnt-cfgd[288416]: inactive Mar 24 11:25:28.092726 osdx INFO[288438]: FRR daemons did not change Mar 24 11:25:28.261704 osdx kernel: app-detect: module init Mar 24 11:25:28.261754 osdx kernel: app-detect: registered: sysctl net.appdetect Mar 24 11:25:28.261764 osdx kernel: app-detect: expression init Mar 24 11:25:28.261772 osdx kernel: app-detect: appid cache initialized Mar 24 11:25:28.261780 osdx kernel: app-detect: appid cache changes counter initialized Mar 24 11:25:28.279933 osdx sudo[288467]: pam_limits(sudo:session): invalid line '@200:215 hard maxlogins ' - skipped Mar 24 11:25:28.301712 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Mar 24 11:25:28.562533 osdx cfgd[1474]: [215243]Completed change to active configuration Mar 24 11:25:28.573707 osdx OSDxCLI[215243]: User 'admin' committed the configuration. Mar 24 11:25:28.589284 osdx OSDxCLI[215243]: User 'admin' left the configuration menu. Mar 24 11:25:28.781117 osdx OSDxCLI[215243]: User 'admin' executed a new command: 'ping www.marca.com count 1 size 56 timeout 1'. Mar 24 11:25:28.926785 osdx OSDxCLI[215243]: User 'admin' executed a new command: 'ping www.facebook.es count 1 size 56 timeout 1'. Mar 24 11:25:29.004063 osdx sudo[288676]: pam_limits(sudo:session): invalid line '@200:215 hard maxlogins ' - skipped Mar 24 11:25:29.072014 osdx file_operation[288679]: using src url: https://www.marca.com dst url: running://index.html Mar 24 11:25:29.097705 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:10:04:23:ff:96:08:00 SRC=199.232.197.50 DST=10.215.168.64 LEN=52 TOS=0x00 PREC=0x00 TTL=50 ID=63962 DF PROTO=TCP SPT=443 DPT=39302 WINDOW=285 RES=0x00 ACK URGP=0 APPDETECT[L4:443 ssl-host:www.marca.com] Mar 24 11:25:29.097750 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:10:04:23:ff:96:08:00 SRC=199.232.197.50 DST=10.215.168.64 LEN=1496 TOS=0x00 PREC=0x00 TTL=50 ID=63963 DF PROTO=TCP SPT=443 DPT=39302 WINDOW=285 RES=0x00 ACK URGP=0 APPDETECT[L4:443 ssl-host:www.marca.com] Mar 24 11:25:29.097760 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:10:04:23:ff:96:08:00 SRC=199.232.197.50 DST=10.215.168.64 LEN=1496 TOS=0x00 PREC=0x00 TTL=50 ID=63964 DF PROTO=TCP SPT=443 DPT=39302 WINDOW=285 RES=0x00 ACK URGP=0 APPDETECT[L4:443 ssl-host:www.marca.com] Mar 24 11:25:29.097773 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:10:04:23:ff:96:08:00 SRC=199.232.197.50 DST=10.215.168.64 LEN=1496 TOS=0x00 PREC=0x00 TTL=50 ID=63965 DF PROTO=TCP SPT=443 DPT=39302 WINDOW=285 RES=0x00 ACK URGP=0 APPDETECT[L4:443 ssl-host:www.marca.com] Mar 24 11:25:29.097781 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:10:04:23:ff:96:08:00 SRC=199.232.197.50 DST=10.215.168.64 LEN=721 TOS=0x00 PREC=0x00 TTL=50 ID=63966 DF PROTO=TCP SPT=443 DPT=39302 WINDOW=285 RES=0x00 ACK PSH URGP=0 APPDETECT[L4:443 ssl-host:www.marca.com] Mar 24 11:25:29.125699 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:10:04:23:ff:96:08:00 SRC=199.232.197.50 DST=10.215.168.64 LEN=721 TOS=0x00 PREC=0x00 TTL=50 ID=63967 DF PROTO=TCP SPT=443 DPT=39302 WINDOW=285 RES=0x00 ACK PSH URGP=0 APPDETECT[L4:443 ssl-host:www.marca.com] Mar 24 11:25:29.292348 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:10:04:23:ff:96:08:00 SRC=199.232.197.50 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=50 ID=63968 DF PROTO=TCP SPT=443 DPT=39302 WINDOW=285 RES=0x00 ACK URGP=0 APPDETECT[L4:443 ssl-host:www.marca.com] Mar 24 11:25:29.341998 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:10:04:23:ff:96:08:00 SRC=199.232.197.50 DST=10.215.168.64 LEN=1496 TOS=0x00 PREC=0x00 TTL=50 ID=63969 DF PROTO=TCP SPT=443 DPT=39302 WINDOW=285 RES=0x00 ACK URGP=0 APPDETECT[L4:443 ssl-host:www.marca.com] Mar 24 11:25:29.501307 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:10:04:23:ff:96:08:00 SRC=199.232.197.50 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=50 ID=63970 DF PROTO=TCP SPT=443 DPT=39302 WINDOW=285 RES=0x00 ACK URGP=0 APPDETECT[L4:443 ssl-host:www.marca.com] Mar 24 11:25:29.774907 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:10:04:23:ff:96:08:00 SRC=199.232.197.50 DST=10.215.168.64 LEN=1496 TOS=0x00 PREC=0x00 TTL=50 ID=63971 DF PROTO=TCP SPT=443 DPT=39302 WINDOW=285 RES=0x00 ACK URGP=0 APPDETECT[L4:443 ssl-host:www.marca.com] Mar 24 11:25:29.925310 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:10:04:23:ff:96:08:00 SRC=199.232.197.50 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=50 ID=63972 DF PROTO=TCP SPT=443 DPT=39302 WINDOW=285 RES=0x00 ACK URGP=0 APPDETECT[L4:443 ssl-host:www.marca.com] Mar 24 11:25:30.637944 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:10:04:23:ff:96:08:00 SRC=199.232.197.50 DST=10.215.168.64 LEN=1496 TOS=0x00 PREC=0x00 TTL=50 ID=63973 DF PROTO=TCP SPT=443 DPT=39302 WINDOW=285 RES=0x00 ACK URGP=0 APPDETECT[L4:443 ssl-host:www.marca.com] Mar 24 11:25:30.757450 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:10:04:23:ff:96:08:00 SRC=199.232.197.50 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=50 ID=63974 DF PROTO=TCP SPT=443 DPT=39302 WINDOW=285 RES=0x00 ACK URGP=0 APPDETECT[L4:443 ssl-host:www.marca.com] Mar 24 11:25:32.367162 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:10:04:23:ff:96:08:00 SRC=199.232.197.50 DST=10.215.168.64 LEN=1496 TOS=0x00 PREC=0x00 TTL=47 ID=63975 DF PROTO=TCP SPT=443 DPT=39302 WINDOW=285 RES=0x00 ACK URGP=0 APPDETECT[L4:443 ssl-host:www.marca.com] Mar 24 11:25:32.421533 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:10:04:23:ff:96:08:00 SRC=199.232.197.50 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=47 ID=63976 DF PROTO=TCP SPT=443 DPT=39302 WINDOW=285 RES=0x00 ACK URGP=0 APPDETECT[L4:443 ssl-host:www.marca.com] Mar 24 11:25:34.045505 osdx file_operation.py[288679]: Operation aborted by user. Mar 24 11:25:34.058903 osdx sudo[288685]: pam_limits(sudo:session): invalid line '@200:215 hard maxlogins ' - skipped Mar 24 11:25:34.060758 osdx OSDxCLI[215243]: User 'admin' executed a new command: 'file copy https://www.marca.com running://index.html force'. Mar 24 11:25:34.061705 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:10:04:23:ff:96:08:00 SRC=199.232.197.50 DST=10.215.168.64 LEN=52 TOS=0x00 PREC=0x00 TTL=47 ID=63977 DF PROTO=TCP SPT=443 DPT=39302 WINDOW=285 RES=0x00 ACK URGP=0 APPDETECT[L4:443 ssl-host:www.marca.com] Mar 24 11:25:34.061727 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:10:04:23:ff:96:08:00 SRC=199.232.197.50 DST=10.215.168.64 LEN=52 TOS=0x00 PREC=0x00 TTL=47 ID=63978 DF PROTO=TCP SPT=443 DPT=39302 WINDOW=285 RES=0x00 ACK FIN URGP=0 APPDETECT[L4:443 ssl-host:www.marca.com]
Step 5: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
osdx kernel:.*DROP.*APPDETECT\[L4:80 http-host:www.facebook.es\]Show output
Mar 24 11:25:26.000192 osdx systemd-timedated[285067]: Changed local time to Tue 2026-03-24 11:25:26 UTC Mar 24 11:25:26.001520 osdx OSDxCLI[215243]: User 'admin' executed a new command: 'set date 2026-03-24 11:25:26'. Mar 24 11:25:26.001761 osdx systemd-journald[151414]: Time jumped backwards, rotating. Mar 24 11:25:26.365723 osdx sudo[288381]: pam_limits(sudo:session): invalid line '@200:215 hard maxlogins ' - skipped Mar 24 11:25:26.369768 osdx systemd-journald[151414]: Runtime Journal (/run/log/journal/7e3c4dd6c8d74b1c9c9747e610a7f242) is 1.9M, max 13.8M, 11.8M free. Mar 24 11:25:26.373733 osdx systemd-journald[151414]: Received client request to rotate journal, rotating. Mar 24 11:25:26.373801 osdx systemd-journald[151414]: Vacuuming done, freed 0B of archived journals from /run/log/journal/7e3c4dd6c8d74b1c9c9747e610a7f242. Mar 24 11:25:26.374909 osdx sudo[288380]: pam_limits(sudo:session): invalid line '@200:215 hard maxlogins ' - skipped Mar 24 11:25:26.381778 osdx OSDxCLI[215243]: User 'admin' executed a new command: 'system journal clear'. Mar 24 11:25:26.596198 osdx OSDxCLI[215243]: User 'admin' executed a new command: 'system coredump delete all'. Mar 24 11:25:26.826843 osdx OSDxCLI[215243]: User 'admin' entered the configuration menu. Mar 24 11:25:26.896822 osdx OSDxCLI[215243]: User 'admin' added a new cfg line: 'set system traffic policy in POL'. Mar 24 11:25:26.997628 osdx OSDxCLI[215243]: User 'admin' added a new cfg line: 'set traffic policy POL rule 1 selector SEL'. Mar 24 11:25:27.051599 osdx OSDxCLI[215243]: User 'admin' added a new cfg line: 'set traffic policy POL rule 1 log app-id'. Mar 24 11:25:27.151398 osdx OSDxCLI[215243]: User 'admin' added a new cfg line: 'set traffic policy POL rule 1 action drop'. Mar 24 11:25:27.217017 osdx OSDxCLI[215243]: User 'admin' added a new cfg line: 'set traffic selector SEL rule 1 not app-id custom -1'. Mar 24 11:25:27.295631 osdx OSDxCLI[215243]: User 'admin' added a new cfg line: 'set traffic selector SEL rule 1 app-id detected'. Mar 24 11:25:27.356145 osdx OSDxCLI[215243]: User 'admin' added a new cfg line: 'set system conntrack app-detect dictionary 1 custom app-id 33 fqdn google'. Mar 24 11:25:27.457137 osdx OSDxCLI[215243]: User 'admin' added a new cfg line: 'set system conntrack app-detect dictionary 1 custom app-id 34 fqdn 10.215.168.1'. Mar 24 11:25:27.511894 osdx OSDxCLI[215243]: User 'admin' added a new cfg line: 'set system conntrack app-detect http-host'. Mar 24 11:25:27.611237 osdx OSDxCLI[215243]: User 'admin' added a new cfg line: 'set system conntrack app-detect ssl-host'. Mar 24 11:25:27.669783 osdx OSDxCLI[215243]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Mar 24 11:25:27.770200 osdx OSDxCLI[215243]: User 'admin' added a new cfg line: 'set service dns resolver name-server 10.215.168.1'. Mar 24 11:25:27.842659 osdx OSDxCLI[215243]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Mar 24 11:25:27.984105 osdx OSDxCLI[215243]: User 'admin' added a new cfg line: 'show working'. Mar 24 11:25:28.053176 osdx ubnt-cfgd[288416]: inactive Mar 24 11:25:28.092726 osdx INFO[288438]: FRR daemons did not change Mar 24 11:25:28.261704 osdx kernel: app-detect: module init Mar 24 11:25:28.261754 osdx kernel: app-detect: registered: sysctl net.appdetect Mar 24 11:25:28.261764 osdx kernel: app-detect: expression init Mar 24 11:25:28.261772 osdx kernel: app-detect: appid cache initialized Mar 24 11:25:28.261780 osdx kernel: app-detect: appid cache changes counter initialized Mar 24 11:25:28.279933 osdx sudo[288467]: pam_limits(sudo:session): invalid line '@200:215 hard maxlogins ' - skipped Mar 24 11:25:28.301712 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Mar 24 11:25:28.562533 osdx cfgd[1474]: [215243]Completed change to active configuration Mar 24 11:25:28.573707 osdx OSDxCLI[215243]: User 'admin' committed the configuration. Mar 24 11:25:28.589284 osdx OSDxCLI[215243]: User 'admin' left the configuration menu. Mar 24 11:25:28.781117 osdx OSDxCLI[215243]: User 'admin' executed a new command: 'ping www.marca.com count 1 size 56 timeout 1'. Mar 24 11:25:28.926785 osdx OSDxCLI[215243]: User 'admin' executed a new command: 'ping www.facebook.es count 1 size 56 timeout 1'. Mar 24 11:25:29.004063 osdx sudo[288676]: pam_limits(sudo:session): invalid line '@200:215 hard maxlogins ' - skipped Mar 24 11:25:29.072014 osdx file_operation[288679]: using src url: https://www.marca.com dst url: running://index.html Mar 24 11:25:29.097705 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:10:04:23:ff:96:08:00 SRC=199.232.197.50 DST=10.215.168.64 LEN=52 TOS=0x00 PREC=0x00 TTL=50 ID=63962 DF PROTO=TCP SPT=443 DPT=39302 WINDOW=285 RES=0x00 ACK URGP=0 APPDETECT[L4:443 ssl-host:www.marca.com] Mar 24 11:25:29.097750 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:10:04:23:ff:96:08:00 SRC=199.232.197.50 DST=10.215.168.64 LEN=1496 TOS=0x00 PREC=0x00 TTL=50 ID=63963 DF PROTO=TCP SPT=443 DPT=39302 WINDOW=285 RES=0x00 ACK URGP=0 APPDETECT[L4:443 ssl-host:www.marca.com] Mar 24 11:25:29.097760 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:10:04:23:ff:96:08:00 SRC=199.232.197.50 DST=10.215.168.64 LEN=1496 TOS=0x00 PREC=0x00 TTL=50 ID=63964 DF PROTO=TCP SPT=443 DPT=39302 WINDOW=285 RES=0x00 ACK URGP=0 APPDETECT[L4:443 ssl-host:www.marca.com] Mar 24 11:25:29.097773 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:10:04:23:ff:96:08:00 SRC=199.232.197.50 DST=10.215.168.64 LEN=1496 TOS=0x00 PREC=0x00 TTL=50 ID=63965 DF PROTO=TCP SPT=443 DPT=39302 WINDOW=285 RES=0x00 ACK URGP=0 APPDETECT[L4:443 ssl-host:www.marca.com] Mar 24 11:25:29.097781 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:10:04:23:ff:96:08:00 SRC=199.232.197.50 DST=10.215.168.64 LEN=721 TOS=0x00 PREC=0x00 TTL=50 ID=63966 DF PROTO=TCP SPT=443 DPT=39302 WINDOW=285 RES=0x00 ACK PSH URGP=0 APPDETECT[L4:443 ssl-host:www.marca.com] Mar 24 11:25:29.125699 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:10:04:23:ff:96:08:00 SRC=199.232.197.50 DST=10.215.168.64 LEN=721 TOS=0x00 PREC=0x00 TTL=50 ID=63967 DF PROTO=TCP SPT=443 DPT=39302 WINDOW=285 RES=0x00 ACK PSH URGP=0 APPDETECT[L4:443 ssl-host:www.marca.com] Mar 24 11:25:29.292348 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:10:04:23:ff:96:08:00 SRC=199.232.197.50 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=50 ID=63968 DF PROTO=TCP SPT=443 DPT=39302 WINDOW=285 RES=0x00 ACK URGP=0 APPDETECT[L4:443 ssl-host:www.marca.com] Mar 24 11:25:29.341998 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:10:04:23:ff:96:08:00 SRC=199.232.197.50 DST=10.215.168.64 LEN=1496 TOS=0x00 PREC=0x00 TTL=50 ID=63969 DF PROTO=TCP SPT=443 DPT=39302 WINDOW=285 RES=0x00 ACK URGP=0 APPDETECT[L4:443 ssl-host:www.marca.com] Mar 24 11:25:29.501307 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:10:04:23:ff:96:08:00 SRC=199.232.197.50 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=50 ID=63970 DF PROTO=TCP SPT=443 DPT=39302 WINDOW=285 RES=0x00 ACK URGP=0 APPDETECT[L4:443 ssl-host:www.marca.com] Mar 24 11:25:29.774907 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:10:04:23:ff:96:08:00 SRC=199.232.197.50 DST=10.215.168.64 LEN=1496 TOS=0x00 PREC=0x00 TTL=50 ID=63971 DF PROTO=TCP SPT=443 DPT=39302 WINDOW=285 RES=0x00 ACK URGP=0 APPDETECT[L4:443 ssl-host:www.marca.com] Mar 24 11:25:29.925310 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:10:04:23:ff:96:08:00 SRC=199.232.197.50 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=50 ID=63972 DF PROTO=TCP SPT=443 DPT=39302 WINDOW=285 RES=0x00 ACK URGP=0 APPDETECT[L4:443 ssl-host:www.marca.com] Mar 24 11:25:30.637944 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:10:04:23:ff:96:08:00 SRC=199.232.197.50 DST=10.215.168.64 LEN=1496 TOS=0x00 PREC=0x00 TTL=50 ID=63973 DF PROTO=TCP SPT=443 DPT=39302 WINDOW=285 RES=0x00 ACK URGP=0 APPDETECT[L4:443 ssl-host:www.marca.com] Mar 24 11:25:30.757450 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:10:04:23:ff:96:08:00 SRC=199.232.197.50 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=50 ID=63974 DF PROTO=TCP SPT=443 DPT=39302 WINDOW=285 RES=0x00 ACK URGP=0 APPDETECT[L4:443 ssl-host:www.marca.com] Mar 24 11:25:32.367162 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:10:04:23:ff:96:08:00 SRC=199.232.197.50 DST=10.215.168.64 LEN=1496 TOS=0x00 PREC=0x00 TTL=47 ID=63975 DF PROTO=TCP SPT=443 DPT=39302 WINDOW=285 RES=0x00 ACK URGP=0 APPDETECT[L4:443 ssl-host:www.marca.com] Mar 24 11:25:32.421533 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:10:04:23:ff:96:08:00 SRC=199.232.197.50 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=47 ID=63976 DF PROTO=TCP SPT=443 DPT=39302 WINDOW=285 RES=0x00 ACK URGP=0 APPDETECT[L4:443 ssl-host:www.marca.com] Mar 24 11:25:34.045505 osdx file_operation.py[288679]: Operation aborted by user. Mar 24 11:25:34.058903 osdx sudo[288685]: pam_limits(sudo:session): invalid line '@200:215 hard maxlogins ' - skipped Mar 24 11:25:34.060758 osdx OSDxCLI[215243]: User 'admin' executed a new command: 'file copy https://www.marca.com running://index.html force'. Mar 24 11:25:34.061705 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:10:04:23:ff:96:08:00 SRC=199.232.197.50 DST=10.215.168.64 LEN=52 TOS=0x00 PREC=0x00 TTL=47 ID=63977 DF PROTO=TCP SPT=443 DPT=39302 WINDOW=285 RES=0x00 ACK URGP=0 APPDETECT[L4:443 ssl-host:www.marca.com] Mar 24 11:25:34.061727 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:10:04:23:ff:96:08:00 SRC=199.232.197.50 DST=10.215.168.64 LEN=52 TOS=0x00 PREC=0x00 TTL=47 ID=63978 DF PROTO=TCP SPT=443 DPT=39302 WINDOW=285 RES=0x00 ACK FIN URGP=0 APPDETECT[L4:443 ssl-host:www.marca.com] Mar 24 11:25:34.278304 osdx OSDxCLI[215243]: User 'admin' executed a new command: 'system journal show | cat'. Mar 24 11:25:34.412555 osdx sudo[288696]: pam_limits(sudo:session): invalid line '@200:215 hard maxlogins ' - skipped Mar 24 11:25:34.486072 osdx sudo[288701]: pam_limits(sudo:session): invalid line '@200:215 hard maxlogins ' - skipped Mar 24 11:25:34.490655 osdx file_operation[288699]: using src url: http://www.facebook.es dst url: running://index.html Mar 24 11:25:34.521717 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:10:04:23:ff:96:08:00 SRC=31.13.83.36 DST=10.215.168.64 LEN=52 TOS=0x00 PREC=0x00 TTL=79 ID=44702 DF PROTO=TCP SPT=80 DPT=40884 WINDOW=261 RES=0x00 ACK URGP=0 APPDETECT[L4:80 http-host:www.facebook.es] Mar 24 11:25:34.521784 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:10:04:23:ff:96:08:00 SRC=31.13.83.36 DST=10.215.168.64 LEN=52 TOS=0x00 PREC=0x00 TTL=79 ID=44703 DF PROTO=TCP SPT=80 DPT=40884 WINDOW=261 RES=0x00 ACK URGP=0 APPDETECT[L4:80 http-host:www.facebook.es] Mar 24 11:25:34.729533 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:10:04:23:ff:96:08:00 SRC=31.13.83.36 DST=10.215.168.64 LEN=52 TOS=0x00 PREC=0x00 TTL=79 ID=44704 DF PROTO=TCP SPT=80 DPT=40884 WINDOW=261 RES=0x00 ACK URGP=0 APPDETECT[L4:80 http-host:www.facebook.es] Mar 24 11:25:34.737701 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:10:04:23:ff:96:08:00 SRC=31.13.83.36 DST=10.215.168.64 LEN=483 TOS=0x00 PREC=0x00 TTL=79 ID=44705 DF PROTO=TCP SPT=80 DPT=40884 WINDOW=261 RES=0x00 ACK PSH URGP=0 APPDETECT[L4:80 http-host:www.facebook.es] Mar 24 11:25:34.941733 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:10:04:23:ff:96:08:00 SRC=31.13.83.36 DST=10.215.168.64 LEN=52 TOS=0x00 PREC=0x00 TTL=79 ID=44706 DF PROTO=TCP SPT=80 DPT=40884 WINDOW=261 RES=0x00 ACK URGP=0 APPDETECT[L4:80 http-host:www.facebook.es] Mar 24 11:25:34.953724 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:10:04:23:ff:96:08:00 SRC=31.13.83.36 DST=10.215.168.64 LEN=483 TOS=0x00 PREC=0x00 TTL=79 ID=44707 DF PROTO=TCP SPT=80 DPT=40884 WINDOW=261 RES=0x00 ACK PSH URGP=0 APPDETECT[L4:80 http-host:www.facebook.es] Mar 24 11:25:35.158637 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:10:04:23:ff:96:08:00 SRC=31.13.83.36 DST=10.215.168.64 LEN=483 TOS=0x00 PREC=0x00 TTL=79 ID=44708 DF PROTO=TCP SPT=80 DPT=40884 WINDOW=261 RES=0x00 ACK PSH URGP=0 APPDETECT[L4:80 http-host:www.facebook.es] Mar 24 11:25:35.364682 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:10:04:23:ff:96:08:00 SRC=31.13.83.36 DST=10.215.168.64 LEN=52 TOS=0x00 PREC=0x00 TTL=79 ID=44709 DF PROTO=TCP SPT=80 DPT=40884 WINDOW=261 RES=0x00 ACK URGP=0 APPDETECT[L4:80 http-host:www.facebook.es] Mar 24 11:25:35.573645 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:10:04:23:ff:96:08:00 SRC=31.13.83.36 DST=10.215.168.64 LEN=483 TOS=0x00 PREC=0x00 TTL=79 ID=44710 DF PROTO=TCP SPT=80 DPT=40884 WINDOW=261 RES=0x00 ACK PSH URGP=0 APPDETECT[L4:80 http-host:www.facebook.es] Mar 24 11:25:35.822335 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:10:04:23:ff:96:08:00 SRC=199.232.197.50 DST=10.215.168.64 LEN=1496 TOS=0x00 PREC=0x00 TTL=47 ID=63979 DF PROTO=TCP SPT=443 DPT=39302 WINDOW=285 RES=0x00 ACK URGP=0 APPDETECT[L4:443 ssl-host:www.marca.com] Mar 24 11:25:35.850075 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:10:04:23:ff:96:08:00 SRC=199.232.197.50 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=47 ID=63980 DF PROTO=TCP SPT=443 DPT=39302 WINDOW=285 RES=0x00 ACK URGP=0 APPDETECT[L4:443 ssl-host:www.marca.com] Mar 24 11:25:36.229592 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:10:04:23:ff:96:08:00 SRC=31.13.83.36 DST=10.215.168.64 LEN=52 TOS=0x00 PREC=0x00 TTL=79 ID=44711 DF PROTO=TCP SPT=80 DPT=40884 WINDOW=261 RES=0x00 ACK URGP=0 APPDETECT[L4:80 http-host:www.facebook.es] Mar 24 11:25:36.413554 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:10:04:23:ff:96:08:00 SRC=31.13.83.36 DST=10.215.168.64 LEN=483 TOS=0x00 PREC=0x00 TTL=79 ID=44712 DF PROTO=TCP SPT=80 DPT=40884 WINDOW=261 RES=0x00 ACK PSH URGP=0 APPDETECT[L4:80 http-host:www.facebook.es] Mar 24 11:25:37.925574 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:10:04:23:ff:96:08:00 SRC=31.13.83.36 DST=10.215.168.64 LEN=52 TOS=0x00 PREC=0x00 TTL=79 ID=44713 DF PROTO=TCP SPT=80 DPT=40884 WINDOW=261 RES=0x00 ACK URGP=0 APPDETECT[L4:80 http-host:www.facebook.es] Mar 24 11:25:38.078523 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:10:04:23:ff:96:08:00 SRC=31.13.83.36 DST=10.215.168.64 LEN=483 TOS=0x00 PREC=0x00 TTL=79 ID=44714 DF PROTO=TCP SPT=80 DPT=40884 WINDOW=261 RES=0x00 ACK PSH URGP=0 APPDETECT[L4:80 http-host:www.facebook.es] Mar 24 11:25:39.447448 osdx file_operation.py[288699]: Operation aborted by user. Mar 24 11:25:39.462981 osdx sudo[288708]: pam_limits(sudo:session): invalid line '@200:215 hard maxlogins ' - skipped Mar 24 11:25:39.465128 osdx OSDxCLI[215243]: User 'admin' executed a new command: 'file copy http://www.facebook.es running://index.html force'. Mar 24 11:25:39.465706 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:10:04:23:ff:96:08:00 SRC=31.13.83.36 DST=10.215.168.64 LEN=52 TOS=0x00 PREC=0x00 TTL=79 ID=44715 DF PROTO=TCP SPT=80 DPT=40884 WINDOW=261 RES=0x00 ACK FIN URGP=0 APPDETECT[L4:80 http-host:www.facebook.es]
Drop Traffic not in an engine dictionary
Description
This example illustrates how to drop all traffic that does not belong to an engine dictionary
Scenario
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1 set service dns resolver name-server 10.215.168.1 set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 2: Ping IP address 10.215.168.1 from DUT0:
admin@DUT0$ ping 10.215.168.1 count 1 size 56 timeout 1Show output
PING 10.215.168.1 (10.215.168.1) 56(84) bytes of data. 64 bytes from 10.215.168.1: icmp_seq=1 ttl=64 time=0.205 ms --- 10.215.168.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.205/0.205/0.205/0.000 ms
Step 3: Ping IP address www.marca.com from DUT0:
admin@DUT0$ ping www.marca.com count 1 size 56 timeout 1Show output
PING unidadeditorial.map.fastly.net (199.232.193.50) 56(84) bytes of data. 64 bytes from 199.232.193.50 (199.232.193.50): icmp_seq=1 ttl=49 time=3.82 ms --- unidadeditorial.map.fastly.net ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 3.819/3.819/3.819/0.000 ms
Step 4: Run command file copy http://10.215.168.1/~robot/test_dict.gz running://test_dict.gz force at DUT0 and expect this output:
Show output
% Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 100 68181 100 68181 0 0 15.5M 0 --:--:-- --:--:-- --:--:-- 16.2M
Step 5: Modify the following configuration lines in DUT0 :
set system conntrack app-detect dictionary 1 filename 'running://test_dict.gz' set system conntrack app-detect http-host set system conntrack app-detect ssl-host set system traffic policy in POL set traffic policy POL rule 1 action drop set traffic policy POL rule 1 log app-id set traffic policy POL rule 1 selector SEL set traffic selector SEL rule 1 app-id detected set traffic selector SEL rule 1 not app-id engine 128
Step 6: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
osdx kernel:.*DROP.*APPDETECT\[L4:443 ssl-host:www.marca.com\]Show output
Mar 24 11:25:44.000182 osdx systemd-timedated[285067]: Changed local time to Tue 2026-03-24 11:25:44 UTC Mar 24 11:25:44.001424 osdx OSDxCLI[215243]: User 'admin' executed a new command: 'set date 2026-03-24 11:25:44'. Mar 24 11:25:44.001783 osdx systemd-journald[151414]: Time jumped backwards, rotating. Mar 24 11:25:44.288937 osdx sudo[288934]: pam_limits(sudo:session): invalid line '@200:215 hard maxlogins ' - skipped Mar 24 11:25:44.292294 osdx systemd-journald[151414]: Runtime Journal (/run/log/journal/7e3c4dd6c8d74b1c9c9747e610a7f242) is 1.9M, max 13.8M, 11.8M free. Mar 24 11:25:44.293794 osdx systemd-journald[151414]: Received client request to rotate journal, rotating. Mar 24 11:25:44.293853 osdx systemd-journald[151414]: Vacuuming done, freed 0B of archived journals from /run/log/journal/7e3c4dd6c8d74b1c9c9747e610a7f242. Mar 24 11:25:44.296524 osdx sudo[288933]: pam_limits(sudo:session): invalid line '@200:215 hard maxlogins ' - skipped Mar 24 11:25:44.302943 osdx OSDxCLI[215243]: User 'admin' executed a new command: 'system journal clear'. Mar 24 11:25:44.515130 osdx OSDxCLI[215243]: User 'admin' executed a new command: 'system coredump delete all'. Mar 24 11:25:44.734438 osdx OSDxCLI[215243]: User 'admin' entered the configuration menu. Mar 24 11:25:44.807426 osdx OSDxCLI[215243]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Mar 24 11:25:44.905512 osdx OSDxCLI[215243]: User 'admin' added a new cfg line: 'set service dns resolver name-server 10.215.168.1'. Mar 24 11:25:44.984393 osdx OSDxCLI[215243]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Mar 24 11:25:45.080978 osdx OSDxCLI[215243]: User 'admin' added a new cfg line: 'show working'. Mar 24 11:25:45.142018 osdx ubnt-cfgd[288959]: inactive Mar 24 11:25:45.172937 osdx INFO[288967]: FRR daemons did not change Mar 24 11:25:45.193788 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Mar 24 11:25:45.299128 osdx cfgd[1474]: [215243]Completed change to active configuration Mar 24 11:25:45.310499 osdx OSDxCLI[215243]: User 'admin' committed the configuration. Mar 24 11:25:45.326448 osdx OSDxCLI[215243]: User 'admin' left the configuration menu. Mar 24 11:25:45.464801 osdx OSDxCLI[215243]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'. Mar 24 11:25:45.558884 osdx OSDxCLI[215243]: User 'admin' executed a new command: 'ping www.marca.com count 1 size 56 timeout 1'. Mar 24 11:25:45.622428 osdx sudo[289156]: pam_limits(sudo:session): invalid line '@200:215 hard maxlogins ' - skipped Mar 24 11:25:45.689263 osdx sudo[289161]: pam_limits(sudo:session): invalid line '@200:215 hard maxlogins ' - skipped Mar 24 11:25:45.694054 osdx file_operation[289159]: using src url: http://10.215.168.1/~robot/test_dict.gz dst url: running://test_dict.gz Mar 24 11:25:45.715753 osdx sudo[289169]: pam_limits(sudo:session): invalid line '@200:215 hard maxlogins ' - skipped Mar 24 11:25:45.717624 osdx OSDxCLI[215243]: User 'admin' executed a new command: 'file copy http://10.215.168.1/~robot/test_dict.gz running://test_dict.gz force'. Mar 24 11:25:45.856223 osdx OSDxCLI[215243]: User 'admin' entered the configuration menu. Mar 24 11:25:45.917513 osdx OSDxCLI[215243]: User 'admin' added a new cfg line: 'set system traffic policy in POL'. Mar 24 11:25:46.006547 osdx OSDxCLI[215243]: User 'admin' added a new cfg line: 'set traffic policy POL rule 1 selector SEL'. Mar 24 11:25:46.062330 osdx OSDxCLI[215243]: User 'admin' added a new cfg line: 'set traffic policy POL rule 1 log app-id'. Mar 24 11:25:46.160186 osdx OSDxCLI[215243]: User 'admin' added a new cfg line: 'set traffic policy POL rule 1 action drop'. Mar 24 11:25:46.219304 osdx OSDxCLI[215243]: User 'admin' added a new cfg line: 'set traffic policy POL rule 1 action drop'. Mar 24 11:25:46.329309 osdx OSDxCLI[215243]: User 'admin' added a new cfg line: 'set traffic selector SEL rule 1 not app-id engine 128'. Mar 24 11:25:46.383536 osdx OSDxCLI[215243]: User 'admin' added a new cfg line: 'set traffic selector SEL rule 1 app-id detected'. Mar 24 11:25:46.486130 osdx OSDxCLI[215243]: User 'admin' added a new cfg line: 'set system conntrack app-detect dictionary 1 filename running://test_dict.gz'. Mar 24 11:25:46.538589 osdx OSDxCLI[215243]: User 'admin' added a new cfg line: 'set system conntrack app-detect http-host'. Mar 24 11:25:46.637319 osdx OSDxCLI[215243]: User 'admin' added a new cfg line: 'set system conntrack app-detect ssl-host'. Mar 24 11:25:46.700405 osdx OSDxCLI[215243]: User 'admin' added a new cfg line: 'show changes'. Mar 24 11:25:46.803702 osdx ubnt-cfgd[289186]: inactive Mar 24 11:25:46.836191 osdx INFO[289206]: FRR daemons did not change Mar 24 11:25:46.989789 osdx kernel: app-detect: module init Mar 24 11:25:46.989844 osdx kernel: app-detect: registered: sysctl net.appdetect Mar 24 11:25:46.989863 osdx kernel: app-detect: expression init Mar 24 11:25:46.989874 osdx kernel: app-detect: appid cache initialized Mar 24 11:25:46.989885 osdx kernel: app-detect: appid cache changes counter initialized Mar 24 11:25:47.170340 osdx sudo[289241]: pam_limits(sudo:session): invalid line '@200:215 hard maxlogins ' - skipped Mar 24 11:25:47.374902 osdx cfgd[1474]: [215243]Completed change to active configuration Mar 24 11:25:47.377516 osdx OSDxCLI[215243]: User 'admin' committed the configuration. Mar 24 11:25:47.395129 osdx OSDxCLI[215243]: User 'admin' left the configuration menu. Mar 24 11:25:47.529603 osdx sudo[289275]: pam_limits(sudo:session): invalid line '@200:215 hard maxlogins ' - skipped Mar 24 11:25:47.600053 osdx file_operation[289278]: using src url: https://www.marca.com dst url: running://index.html Mar 24 11:25:47.625792 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:10:04:23:ff:96:08:00 SRC=199.232.197.50 DST=10.215.168.64 LEN=52 TOS=0x00 PREC=0x00 TTL=50 ID=61842 DF PROTO=TCP SPT=443 DPT=33822 WINDOW=285 RES=0x00 ACK URGP=0 APPDETECT[L4:443 ssl-host:www.marca.com] Mar 24 11:25:47.625844 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:10:04:23:ff:96:08:00 SRC=199.232.197.50 DST=10.215.168.64 LEN=1496 TOS=0x00 PREC=0x00 TTL=50 ID=61843 DF PROTO=TCP SPT=443 DPT=33822 WINDOW=285 RES=0x00 ACK URGP=0 APPDETECT[L4:443 ssl-host:www.marca.com] Mar 24 11:25:47.625853 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:10:04:23:ff:96:08:00 SRC=199.232.197.50 DST=10.215.168.64 LEN=1496 TOS=0x00 PREC=0x00 TTL=50 ID=61844 DF PROTO=TCP SPT=443 DPT=33822 WINDOW=285 RES=0x00 ACK URGP=0 APPDETECT[L4:443 ssl-host:www.marca.com] Mar 24 11:25:47.625862 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:10:04:23:ff:96:08:00 SRC=199.232.197.50 DST=10.215.168.64 LEN=1496 TOS=0x00 PREC=0x00 TTL=50 ID=61845 DF PROTO=TCP SPT=443 DPT=33822 WINDOW=285 RES=0x00 ACK PSH URGP=0 APPDETECT[L4:443 ssl-host:www.marca.com] Mar 24 11:25:47.625875 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:10:04:23:ff:96:08:00 SRC=199.232.197.50 DST=10.215.168.64 LEN=721 TOS=0x00 PREC=0x00 TTL=50 ID=61846 DF PROTO=TCP SPT=443 DPT=33822 WINDOW=285 RES=0x00 ACK PSH URGP=0 APPDETECT[L4:443 ssl-host:www.marca.com] Mar 24 11:25:47.659146 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:10:04:23:ff:96:08:00 SRC=199.232.197.50 DST=10.215.168.64 LEN=721 TOS=0x00 PREC=0x00 TTL=50 ID=61847 DF PROTO=TCP SPT=443 DPT=33822 WINDOW=285 RES=0x00 ACK PSH URGP=0 APPDETECT[L4:443 ssl-host:www.marca.com] Mar 24 11:25:47.825713 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:10:04:23:ff:96:08:00 SRC=199.232.197.50 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=50 ID=61848 DF PROTO=TCP SPT=443 DPT=33822 WINDOW=285 RES=0x00 ACK URGP=0 APPDETECT[L4:443 ssl-host:www.marca.com] Mar 24 11:25:47.884284 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:10:04:23:ff:96:08:00 SRC=199.232.197.50 DST=10.215.168.64 LEN=1496 TOS=0x00 PREC=0x00 TTL=50 ID=61849 DF PROTO=TCP SPT=443 DPT=33822 WINDOW=285 RES=0x00 ACK URGP=0 APPDETECT[L4:443 ssl-host:www.marca.com] Mar 24 11:25:48.037727 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:10:04:23:ff:96:08:00 SRC=199.232.197.50 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=50 ID=61850 DF PROTO=TCP SPT=443 DPT=33822 WINDOW=285 RES=0x00 ACK URGP=0 APPDETECT[L4:443 ssl-host:www.marca.com] Mar 24 11:25:48.327348 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:10:04:23:ff:96:08:00 SRC=199.232.197.50 DST=10.215.168.64 LEN=1496 TOS=0x00 PREC=0x00 TTL=50 ID=61851 DF PROTO=TCP SPT=443 DPT=33822 WINDOW=285 RES=0x00 ACK URGP=0 APPDETECT[L4:443 ssl-host:www.marca.com] Mar 24 11:25:48.485447 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:10:04:23:ff:96:08:00 SRC=199.232.197.50 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=50 ID=61852 DF PROTO=TCP SPT=443 DPT=33822 WINDOW=285 RES=0x00 ACK URGP=0 APPDETECT[L4:443 ssl-host:www.marca.com] Mar 24 11:25:49.203455 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:10:04:23:ff:96:08:00 SRC=199.232.197.50 DST=10.215.168.64 LEN=1496 TOS=0x00 PREC=0x00 TTL=50 ID=61853 DF PROTO=TCP SPT=443 DPT=33822 WINDOW=285 RES=0x00 ACK URGP=0 APPDETECT[L4:443 ssl-host:www.marca.com] Mar 24 11:25:49.349629 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:10:04:23:ff:96:08:00 SRC=199.232.197.50 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=50 ID=61854 DF PROTO=TCP SPT=443 DPT=33822 WINDOW=285 RES=0x00 ACK URGP=0 APPDETECT[L4:443 ssl-host:www.marca.com] Mar 24 11:25:50.995304 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:10:04:23:ff:96:08:00 SRC=199.232.197.50 DST=10.215.168.64 LEN=1496 TOS=0x00 PREC=0x00 TTL=49 ID=61855 DF PROTO=TCP SPT=443 DPT=33822 WINDOW=285 RES=0x00 ACK URGP=0 APPDETECT[L4:443 ssl-host:www.marca.com] Mar 24 11:25:51.045719 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:10:04:23:ff:96:08:00 SRC=199.232.197.50 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=49 ID=61856 DF PROTO=TCP SPT=443 DPT=33822 WINDOW=285 RES=0x00 ACK URGP=0 APPDETECT[L4:443 ssl-host:www.marca.com] Mar 24 11:25:52.576260 osdx file_operation.py[289278]: Operation aborted by user. Mar 24 11:25:52.592258 osdx sudo[289284]: pam_limits(sudo:session): invalid line '@200:215 hard maxlogins ' - skipped Mar 24 11:25:52.593785 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:10:04:23:ff:96:08:00 SRC=199.232.197.50 DST=10.215.168.64 LEN=52 TOS=0x00 PREC=0x00 TTL=49 ID=61857 DF PROTO=TCP SPT=443 DPT=33822 WINDOW=285 RES=0x00 ACK URGP=0 APPDETECT[L4:443 ssl-host:www.marca.com] Mar 24 11:25:52.594038 osdx OSDxCLI[215243]: User 'admin' executed a new command: 'file copy https://www.marca.com running://index.html force'.