Logging

The following scenarios show how to configure the conntrack logging option with different traffic policies and services enabled, in order to check that all fields are displayed correctly and all events are captured.

New events

Description

Check NEW sessions events are captured

Scenario

Step 1: Set the following configuration in DUT0 :

set interfaces ethernet eth0 address 192.168.100.1/24
set system conntrack logging events new
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'

Step 2: Set the following configuration in DUT1 :

set interfaces ethernet eth0 address 192.168.100.2/24
set protocols static route 0.0.0.0/0 next-hop 192.168.100.1
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'

Step 3: Ping IP address 192.168.100.1 from DUT1:

admin@DUT1$ ping 192.168.100.1 count 1 size 56 timeout 1

Show output

PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data.
64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.328 ms

--- 192.168.100.1 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 0.328/0.328/0.328/0.000 ms

Step 4: Ping IP address 192.168.100.1 from DUT1:

admin@DUT1$ ping 192.168.100.1 count 1 size 56 timeout 1

Show output

PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data.
64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.240 ms

--- 192.168.100.1 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 0.240/0.240/0.240/0.000 ms

Step 5: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:

ulogd\[.*\]:.*\[NEW\].*SRC=192.168.100.2

Show output

Sep 05 14:43:45.321512 osdx systemd-journald[132215]: Runtime Journal (/run/log/journal/277fa7f754984f629482974adff2eda9) is 1.9M, max 13.8M, 11.8M free.
Sep 05 14:43:45.322732 osdx systemd-journald[132215]: Received client request to rotate journal, rotating.
Sep 05 14:43:45.322787 osdx systemd-journald[132215]: Vacuuming done, freed 0B of archived journals from /run/log/journal/277fa7f754984f629482974adff2eda9.
Sep 05 14:43:45.325673 osdx sudo[210501]: pam_limits(sudo:session): invalid line '@200:215        hard        maxlogins        ' - skipped
Sep 05 14:43:45.332407 osdx OSDxCLI[195996]: User 'admin' executed a new command: 'system journal clear'.
Sep 05 14:43:45.582667 osdx OSDxCLI[195996]: User 'admin' executed a new command: 'system coredump delete all'.
Sep 05 14:43:45.829526 osdx OSDxCLI[195996]: User 'admin' entered the configuration menu.
Sep 05 14:43:45.927275 osdx OSDxCLI[195996]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 192.168.100.1/24'.
Sep 05 14:43:46.011777 osdx OSDxCLI[195996]: User 'admin' added a new cfg line: 'set system conntrack logging events new'.
Sep 05 14:43:46.087528 osdx OSDxCLI[195996]: User 'admin' added a new cfg line: 'show working'.
Sep 05 14:43:46.200596 osdx ubnt-cfgd[210526]: inactive
Sep 05 14:43:46.239958 osdx INFO[210534]: FRR daemons did not change
Sep 05 14:43:46.266725 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0
Sep 05 14:43:46.330897 osdx sudo[210622]: pam_limits(sudo:session): invalid line '@200:215        hard        maxlogins        ' - skipped
Sep 05 14:43:46.359098 osdx systemd[1]: Starting ulogd2.service - Netfilter Userspace Logging Daemon...
Sep 05 14:43:46.361805 osdx systemd[1]: ulogd2.service: Failed to parse PID from file /run/ulog/ulogd.pid: Invalid argument
Sep 05 14:43:46.364604 osdx ulogd[210625]: registering plugin `NFCT'
Sep 05 14:43:46.365599 osdx ulogd[210625]: registering plugin `IP2STR'
Sep 05 14:43:46.365692 osdx ulogd[210625]: registering plugin `PRINTFLOW'
Sep 05 14:43:46.366736 osdx ulogd[210625]: registering plugin `SYSLOG'
Sep 05 14:43:46.366775 osdx ulogd[210625]: building new pluginstance stack: 'ct1:NFCT,ip2str1:IP2STR,print1:PRINTFLOW,sys1:SYSLOG'
Sep 05 14:43:46.366847 osdx ulogd[210625]: NFCT plugin working in event mode
Sep 05 14:43:46.366878 osdx ulogd[210625]: Changing UID / GID
Sep 05 14:43:46.366968 osdx ulogd[210625]: initialization finished, entering main loop
Sep 05 14:43:46.378759 osdx systemd[1]: Started ulogd2.service - Netfilter Userspace Logging Daemon.
Sep 05 14:43:46.380282 osdx cfgd[1463]: [195996]Completed change to active configuration
Sep 05 14:43:46.391646 osdx OSDxCLI[195996]: User 'admin' committed the configuration.
Sep 05 14:43:46.419582 osdx OSDxCLI[195996]: User 'admin' left the configuration menu.
Sep 05 14:43:47.368127 osdx ulogd[210625]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0
Sep 05 14:43:47.447680 osdx ulogd[210625]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0

---

Update events

Description

Check UPDATE sessions events are captured

Scenario

Step 1: Set the following configuration in DUT0 :

set interfaces ethernet eth0 address 192.168.100.1/24
set system conntrack logging events update
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'

Step 2: Set the following configuration in DUT1 :

set interfaces ethernet eth0 address 192.168.100.2/24
set protocols static route 0.0.0.0/0 next-hop 192.168.100.1
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'

Step 3: Ping IP address 192.168.100.1 from DUT1:

admin@DUT1$ ping 192.168.100.1 count 1 size 56 timeout 1

Show output

PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data.
64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.429 ms

--- 192.168.100.1 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 0.429/0.429/0.429/0.000 ms

Step 4: Ping IP address 192.168.100.1 from DUT1:

admin@DUT1$ ping 192.168.100.1 count 1 size 56 timeout 1

Show output

PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data.
64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.257 ms

--- 192.168.100.1 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 0.257/0.257/0.257/0.000 ms

Step 5: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:

ulogd\[.*\]:.*\[UPDATE\].*SRC=192.168.100.2

Show output

Sep 05 14:43:51.000215 osdx systemd-timedated[207418]: Changed local time to Fri 2025-09-05 14:43:51 UTC
Sep 05 14:43:51.001543 osdx OSDxCLI[195996]: User 'admin' executed a new command: 'set date 2025-09-05 14:43:51'.
Sep 05 14:43:51.004043 osdx systemd-journald[132215]: Time jumped backwards, rotating.
Sep 05 14:43:51.296247 osdx sudo[210786]: pam_limits(sudo:session): invalid line '@200:215        hard        maxlogins        ' - skipped
Sep 05 14:43:51.299680 osdx systemd-journald[132215]: Runtime Journal (/run/log/journal/277fa7f754984f629482974adff2eda9) is 1.8M, max 13.8M, 11.9M free.
Sep 05 14:43:51.300083 osdx systemd-journald[132215]: Received client request to rotate journal, rotating.
Sep 05 14:43:51.300114 osdx systemd-journald[132215]: Vacuuming done, freed 0B of archived journals from /run/log/journal/277fa7f754984f629482974adff2eda9.
Sep 05 14:43:51.303760 osdx sudo[210785]: pam_limits(sudo:session): invalid line '@200:215        hard        maxlogins        ' - skipped
Sep 05 14:43:51.309370 osdx OSDxCLI[195996]: User 'admin' executed a new command: 'system journal clear'.
Sep 05 14:43:51.530298 osdx OSDxCLI[195996]: User 'admin' executed a new command: 'system coredump delete all'.
Sep 05 14:43:51.748926 osdx OSDxCLI[195996]: User 'admin' entered the configuration menu.
Sep 05 14:43:51.828503 osdx OSDxCLI[195996]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 192.168.100.1/24'.
Sep 05 14:43:51.931865 osdx OSDxCLI[195996]: User 'admin' added a new cfg line: 'set system conntrack logging events update'.
Sep 05 14:43:52.020929 osdx OSDxCLI[195996]: User 'admin' added a new cfg line: 'show working'.
Sep 05 14:43:52.109158 osdx ubnt-cfgd[210810]: inactive
Sep 05 14:43:52.129228 osdx INFO[210818]: FRR daemons did not change
Sep 05 14:43:52.152037 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0
Sep 05 14:43:52.203656 osdx sudo[210906]: pam_limits(sudo:session): invalid line '@200:215        hard        maxlogins        ' - skipped
Sep 05 14:43:52.228456 osdx systemd[1]: Starting ulogd2.service - Netfilter Userspace Logging Daemon...
Sep 05 14:43:52.229474 osdx systemd[1]: Started ulogd2.service - Netfilter Userspace Logging Daemon.
Sep 05 14:43:52.229834 osdx ulogd[210909]: registering plugin `NFCT'
Sep 05 14:43:52.229885 osdx ulogd[210909]: registering plugin `IP2STR'
Sep 05 14:43:52.229934 osdx ulogd[210909]: registering plugin `PRINTFLOW'
Sep 05 14:43:52.229985 osdx ulogd[210909]: registering plugin `SYSLOG'
Sep 05 14:43:52.229989 osdx ulogd[210909]: building new pluginstance stack: 'ct1:NFCT,ip2str1:IP2STR,print1:PRINTFLOW,sys1:SYSLOG'
Sep 05 14:43:52.230037 osdx ulogd[210909]: NFCT plugin working in event mode
Sep 05 14:43:52.230045 osdx ulogd[210909]: Changing UID / GID
Sep 05 14:43:52.230132 osdx ulogd[210909]: initialization finished, entering main loop
Sep 05 14:43:52.231717 osdx cfgd[1463]: [195996]Completed change to active configuration
Sep 05 14:43:52.246302 osdx OSDxCLI[195996]: User 'admin' committed the configuration.
Sep 05 14:43:52.262813 osdx OSDxCLI[195996]: User 'admin' left the configuration menu.
Sep 05 14:43:53.240571 osdx ulogd[210909]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0
Sep 05 14:43:53.359027 osdx ulogd[210909]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0

---

Destroy events

Description

Check DESTROY sessions events are captured

Scenario

Step 1: Set the following configuration in DUT0 :

set interfaces ethernet eth0 address 192.168.100.1/24
set service ssh
set system conntrack logging events destroy
set system conntrack timeout icmp 1
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'

Step 2: Set the following configuration in DUT1 :

set interfaces ethernet eth0 address 192.168.100.2/24
set protocols static route 0.0.0.0/0 next-hop 192.168.100.1
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'

Step 3: Ping IP address 192.168.100.1 from DUT1:

admin@DUT1$ ping 192.168.100.1 count 1 size 56 timeout 1

Show output

PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data.
64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.366 ms

--- 192.168.100.1 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 0.366/0.366/0.366/0.000 ms

Step 4: Ping IP address 192.168.100.1 from DUT1:

admin@DUT1$ ping 192.168.100.1 count 3 size 56 timeout 1

Show output

PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data.
64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.225 ms
64 bytes from 192.168.100.1: icmp_seq=2 ttl=64 time=0.357 ms
64 bytes from 192.168.100.1: icmp_seq=3 ttl=64 time=0.277 ms

--- 192.168.100.1 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2030ms
rtt min/avg/max/mdev = 0.225/0.286/0.357/0.054 ms

Step 5: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:

ulogd\[.*\]:.*\[DESTROY\].*SRC=192.168.100.2

Show output

Sep 05 14:43:58.329874 osdx systemd-journald[132215]: Runtime Journal (/run/log/journal/277fa7f754984f629482974adff2eda9) is 1.9M, max 13.8M, 11.9M free.
Sep 05 14:43:58.333624 osdx systemd-journald[132215]: Received client request to rotate journal, rotating.
Sep 05 14:43:58.333680 osdx systemd-journald[132215]: Vacuuming done, freed 0B of archived journals from /run/log/journal/277fa7f754984f629482974adff2eda9.
Sep 05 14:43:58.333818 osdx sudo[211068]: pam_limits(sudo:session): invalid line '@200:215        hard        maxlogins        ' - skipped
Sep 05 14:43:58.340339 osdx OSDxCLI[195996]: User 'admin' executed a new command: 'system journal clear'.
Sep 05 14:43:58.553202 osdx OSDxCLI[195996]: User 'admin' executed a new command: 'system coredump delete all'.
Sep 05 14:43:58.779789 osdx OSDxCLI[195996]: User 'admin' entered the configuration menu.
Sep 05 14:43:58.858780 osdx OSDxCLI[195996]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 192.168.100.1/24'.
Sep 05 14:43:58.968359 osdx OSDxCLI[195996]: User 'admin' added a new cfg line: 'set system conntrack logging events destroy'.
Sep 05 14:43:59.033967 osdx OSDxCLI[195996]: User 'admin' added a new cfg line: 'set system conntrack timeout icmp 1'.
Sep 05 14:43:59.134026 osdx OSDxCLI[195996]: User 'admin' added a new cfg line: 'set service ssh'.
Sep 05 14:43:59.213813 osdx OSDxCLI[195996]: User 'admin' added a new cfg line: 'show working'.
Sep 05 14:43:59.316667 osdx ubnt-cfgd[211095]: inactive
Sep 05 14:43:59.345052 osdx INFO[211109]: FRR daemons did not change
Sep 05 14:43:59.373624 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0
Sep 05 14:43:59.437236 osdx sudo[211199]: pam_limits(sudo:session): invalid line '@200:215        hard        maxlogins        ' - skipped
Sep 05 14:43:59.469949 osdx systemd[1]: Starting ulogd2.service - Netfilter Userspace Logging Daemon...
Sep 05 14:43:59.470677 osdx systemd[1]: ulogd2.service: Failed to parse PID from file /run/ulog/ulogd.pid: Invalid argument
Sep 05 14:43:59.471395 osdx ulogd[211202]: registering plugin `NFCT'
Sep 05 14:43:59.471447 osdx ulogd[211202]: registering plugin `IP2STR'
Sep 05 14:43:59.471500 osdx ulogd[211202]: registering plugin `PRINTFLOW'
Sep 05 14:43:59.471558 osdx ulogd[211202]: registering plugin `SYSLOG'
Sep 05 14:43:59.471562 osdx ulogd[211202]: building new pluginstance stack: 'ct1:NFCT,ip2str1:IP2STR,print1:PRINTFLOW,sys1:SYSLOG'
Sep 05 14:43:59.471621 osdx ulogd[211202]: NFCT plugin working in event mode
Sep 05 14:43:59.471681 osdx ulogd[211202]: Changing UID / GID
Sep 05 14:43:59.471804 osdx ulogd[211202]: initialization finished, entering main loop
Sep 05 14:43:59.493672 osdx systemd[1]: Started ulogd2.service - Netfilter Userspace Logging Daemon.
Sep 05 14:43:59.561942 osdx systemd[1]: Starting ssh.service - OpenBSD Secure Shell server...
Sep 05 14:43:59.575613 osdx sshd[211208]: Server listening on 0.0.0.0 port 22.
Sep 05 14:43:59.575881 osdx sshd[211208]: Server listening on :: port 22.
Sep 05 14:43:59.576021 osdx systemd[1]: Started ssh.service - OpenBSD Secure Shell server.
Sep 05 14:43:59.597023 osdx cfgd[1463]: [195996]Completed change to active configuration
Sep 05 14:43:59.608443 osdx OSDxCLI[195996]: User 'admin' committed the configuration.
Sep 05 14:43:59.625374 osdx OSDxCLI[195996]: User 'admin' left the configuration menu.
Sep 05 14:44:01.376757 osdx CRON[211245]: pam_limits(cron:session): invalid line '@200:215        hard        maxlogins        ' - skipped
Sep 05 14:44:01.545714 osdx ulogd[211202]: [DESTROY] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84
Sep 05 14:44:02.569641 osdx ulogd[211202]: [DESTROY] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84

---

Default logging

Description

Set a simple configuration, send a ping command from one device to other and check that default fields appear when running system journal show.

Scenario

Step 1: Set the following configuration in DUT0 :

set interfaces ethernet eth0 address 192.168.100.1/24
set system conntrack logging events all
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'

Step 2: Set the following configuration in DUT1 :

set interfaces ethernet eth0 address 192.168.100.2/24
set protocols static route 0.0.0.0/0 next-hop 192.168.100.1
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'

Step 3: Ping IP address 192.168.100.1 from DUT1:

admin@DUT1$ ping 192.168.100.1 count 1 size 56 timeout 1

Show output

PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data.
64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.316 ms

--- 192.168.100.1 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 0.316/0.316/0.316/0.000 ms

Step 4: Ping IP address 192.168.100.1 from DUT1:

admin@DUT1$ ping 192.168.100.1 count 1 size 56 timeout 1

Show output

PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data.
64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.249 ms

--- 192.168.100.1 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 0.249/0.249/0.249/0.000 ms

Step 5: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:

ulogd\[.*\]:.*\[((NEW)|(UPDATE)|(DESTROY))\].*SRC=192.168.100.2

Show output

Sep 05 14:44:10.292166 osdx systemd-journald[132215]: Runtime Journal (/run/log/journal/277fa7f754984f629482974adff2eda9) is 1.9M, max 13.8M, 11.8M free.
Sep 05 14:44:10.296133 osdx systemd-journald[132215]: Received client request to rotate journal, rotating.
Sep 05 14:44:10.296195 osdx systemd-journald[132215]: Vacuuming done, freed 0B of archived journals from /run/log/journal/277fa7f754984f629482974adff2eda9.
Sep 05 14:44:10.297250 osdx sudo[211396]: pam_limits(sudo:session): invalid line '@200:215        hard        maxlogins        ' - skipped
Sep 05 14:44:10.305213 osdx OSDxCLI[195996]: User 'admin' executed a new command: 'system journal clear'.
Sep 05 14:44:10.530766 osdx OSDxCLI[195996]: User 'admin' executed a new command: 'system coredump delete all'.
Sep 05 14:44:10.811178 osdx OSDxCLI[195996]: User 'admin' entered the configuration menu.
Sep 05 14:44:10.901433 osdx OSDxCLI[195996]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 192.168.100.1/24'.
Sep 05 14:44:10.983214 osdx OSDxCLI[195996]: User 'admin' added a new cfg line: 'set system conntrack logging events all'.
Sep 05 14:44:11.073173 osdx OSDxCLI[195996]: User 'admin' added a new cfg line: 'show working'.
Sep 05 14:44:11.168316 osdx ubnt-cfgd[211421]: inactive
Sep 05 14:44:11.193434 osdx INFO[211429]: FRR daemons did not change
Sep 05 14:44:11.220137 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0
Sep 05 14:44:11.275978 osdx sudo[211517]: pam_limits(sudo:session): invalid line '@200:215        hard        maxlogins        ' - skipped
Sep 05 14:44:11.308525 osdx systemd[1]: Starting ulogd2.service - Netfilter Userspace Logging Daemon...
Sep 05 14:44:11.309502 osdx systemd[1]: ulogd2.service: Failed to parse PID from file /run/ulog/ulogd.pid: Invalid argument
Sep 05 14:44:11.310199 osdx ulogd[211520]: registering plugin `NFCT'
Sep 05 14:44:11.310425 osdx ulogd[211520]: registering plugin `IP2STR'
Sep 05 14:44:11.310513 osdx ulogd[211520]: registering plugin `PRINTFLOW'
Sep 05 14:44:11.310601 osdx ulogd[211520]: registering plugin `SYSLOG'
Sep 05 14:44:11.310639 osdx ulogd[211520]: building new pluginstance stack: 'ct1:NFCT,ip2str1:IP2STR,print1:PRINTFLOW,sys1:SYSLOG'
Sep 05 14:44:11.310727 osdx ulogd[211520]: NFCT plugin working in event mode
Sep 05 14:44:11.310767 osdx ulogd[211520]: Changing UID / GID
Sep 05 14:44:11.310881 osdx ulogd[211520]: initialization finished, entering main loop
Sep 05 14:44:11.332181 osdx systemd[1]: Started ulogd2.service - Netfilter Userspace Logging Daemon.
Sep 05 14:44:11.333637 osdx cfgd[1463]: [195996]Completed change to active configuration
Sep 05 14:44:11.347264 osdx OSDxCLI[195996]: User 'admin' committed the configuration.
Sep 05 14:44:11.368670 osdx OSDxCLI[195996]: User 'admin' left the configuration menu.
Sep 05 14:44:12.203437 osdx ulogd[211520]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0
Sep 05 14:44:12.203455 osdx ulogd[211520]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0
Sep 05 14:44:12.286333 osdx ulogd[211520]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0
Sep 05 14:44:12.286355 osdx ulogd[211520]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0

---

Identity logging

Description

Set a simple configuration with identity OSDx_DUT0 for logs entries, send a ping command from one device to other and check that the identity has changed when running system journal show.

Scenario

Step 1: Set the following configuration in DUT0 :

set interfaces ethernet eth0 address 192.168.100.1/24
set system conntrack logging events all
set system conntrack logging identity OSDx_DUT0
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'

Step 2: Set the following configuration in DUT1 :

set interfaces ethernet eth0 address 192.168.100.2/24
set protocols static route 0.0.0.0/0 next-hop 192.168.100.1
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'

Step 3: Ping IP address 192.168.100.1 from DUT1:

admin@DUT1$ ping 192.168.100.1 count 1 size 56 timeout 1

Show output

PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data.
64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.361 ms

--- 192.168.100.1 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 0.361/0.361/0.361/0.000 ms

Step 4: Ping IP address 192.168.100.1 from DUT1:

admin@DUT1$ ping 192.168.100.1 count 1 size 56 timeout 1

Show output

PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data.
64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.259 ms

--- 192.168.100.1 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 0.259/0.259/0.259/0.000 ms

Step 5: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:

OSDx_DUT0\[.*\]:.*\[((NEW)|(UPDATE)|(DESTROY))\].*SRC=192.168.100.2

Show output

Sep 05 14:44:16.000177 osdx systemd-timedated[207418]: Changed local time to Fri 2025-09-05 14:44:16 UTC
Sep 05 14:44:16.001632 osdx systemd-journald[132215]: Time jumped backwards, rotating.
Sep 05 14:44:16.001749 osdx OSDxCLI[195996]: User 'admin' executed a new command: 'set date 2025-09-05 14:44:16'.
Sep 05 14:44:16.323904 osdx sudo[211680]: pam_limits(sudo:session): invalid line '@200:215        hard        maxlogins        ' - skipped
Sep 05 14:44:16.327998 osdx systemd-journald[132215]: Runtime Journal (/run/log/journal/277fa7f754984f629482974adff2eda9) is 1.8M, max 13.8M, 11.9M free.
Sep 05 14:44:16.329636 osdx systemd-journald[132215]: Received client request to rotate journal, rotating.
Sep 05 14:44:16.329692 osdx systemd-journald[132215]: Vacuuming done, freed 0B of archived journals from /run/log/journal/277fa7f754984f629482974adff2eda9.
Sep 05 14:44:16.332407 osdx sudo[211679]: pam_limits(sudo:session): invalid line '@200:215        hard        maxlogins        ' - skipped
Sep 05 14:44:16.338278 osdx OSDxCLI[195996]: User 'admin' executed a new command: 'system journal clear'.
Sep 05 14:44:16.546264 osdx OSDxCLI[195996]: User 'admin' executed a new command: 'system coredump delete all'.
Sep 05 14:44:16.800541 osdx OSDxCLI[195996]: User 'admin' entered the configuration menu.
Sep 05 14:44:16.876378 osdx OSDxCLI[195996]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 192.168.100.1/24'.
Sep 05 14:44:16.959850 osdx OSDxCLI[195996]: User 'admin' added a new cfg line: 'set system conntrack logging events all'.
Sep 05 14:44:17.043758 osdx OSDxCLI[195996]: User 'admin' added a new cfg line: 'set system conntrack logging identity OSDx_DUT0'.
Sep 05 14:44:17.115531 osdx OSDxCLI[195996]: User 'admin' added a new cfg line: 'show working'.
Sep 05 14:44:17.203210 osdx ubnt-cfgd[211705]: inactive
Sep 05 14:44:17.223482 osdx INFO[211713]: FRR daemons did not change
Sep 05 14:44:17.245640 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0
Sep 05 14:44:17.307126 osdx sudo[211801]: pam_limits(sudo:session): invalid line '@200:215        hard        maxlogins        ' - skipped
Sep 05 14:44:17.338125 osdx systemd[1]: Starting ulogd2.service - Netfilter Userspace Logging Daemon...
Sep 05 14:44:17.339263 osdx systemd[1]: Started ulogd2.service - Netfilter Userspace Logging Daemon.
Sep 05 14:44:17.339742 osdx ulogd[211804]: registering plugin `NFCT'
Sep 05 14:44:17.340025 osdx ulogd[211804]: registering plugin `IP2STR'
Sep 05 14:44:17.340133 osdx ulogd[211804]: registering plugin `PRINTFLOW'
Sep 05 14:44:17.340239 osdx ulogd[211804]: registering plugin `SYSLOG'
Sep 05 14:44:17.340279 osdx ulogd[211804]: building new pluginstance stack: 'ct1:NFCT,ip2str1:IP2STR,print1:PRINTFLOW,sys1:SYSLOG'
Sep 05 14:44:17.340370 osdx ulogd[211804]: NFCT plugin working in event mode
Sep 05 14:44:17.340414 osdx OSDx_DUT0[211804]: Changing UID / GID
Sep 05 14:44:17.340535 osdx OSDx_DUT0[211804]: initialization finished, entering main loop
Sep 05 14:44:17.341593 osdx cfgd[1463]: [195996]Completed change to active configuration
Sep 05 14:44:17.354063 osdx OSDxCLI[195996]: User 'admin' committed the configuration.
Sep 05 14:44:17.371009 osdx OSDxCLI[195996]: User 'admin' left the configuration menu.
Sep 05 14:44:18.208604 osdx OSDx_DUT0[211804]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0
Sep 05 14:44:18.208625 osdx OSDx_DUT0[211804]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0
Sep 05 14:44:18.290177 osdx OSDx_DUT0[211804]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0
Sep 05 14:44:18.290205 osdx OSDx_DUT0[211804]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0

Note

If the identity is not provided, “ulogd” will be used by default.

Step 6: Modify the following configuration lines in DUT0 :

delete system conntrack logging identity

Step 7: Ping IP address 192.168.100.1 from DUT1:

admin@DUT1$ ping 192.168.100.1 count 1 size 56 timeout 1

Show output

PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data.
64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.247 ms

--- 192.168.100.1 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 0.247/0.247/0.247/0.000 ms

Step 8: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:

ulogd\[.*\]:.*\[((NEW)|(UPDATE)|(DESTROY))\].*SRC=192.168.100.2

Show output

Sep 05 14:44:16.000177 osdx systemd-timedated[207418]: Changed local time to Fri 2025-09-05 14:44:16 UTC
Sep 05 14:44:16.001632 osdx systemd-journald[132215]: Time jumped backwards, rotating.
Sep 05 14:44:16.001749 osdx OSDxCLI[195996]: User 'admin' executed a new command: 'set date 2025-09-05 14:44:16'.
Sep 05 14:44:16.323904 osdx sudo[211680]: pam_limits(sudo:session): invalid line '@200:215        hard        maxlogins        ' - skipped
Sep 05 14:44:16.327998 osdx systemd-journald[132215]: Runtime Journal (/run/log/journal/277fa7f754984f629482974adff2eda9) is 1.8M, max 13.8M, 11.9M free.
Sep 05 14:44:16.329636 osdx systemd-journald[132215]: Received client request to rotate journal, rotating.
Sep 05 14:44:16.329692 osdx systemd-journald[132215]: Vacuuming done, freed 0B of archived journals from /run/log/journal/277fa7f754984f629482974adff2eda9.
Sep 05 14:44:16.332407 osdx sudo[211679]: pam_limits(sudo:session): invalid line '@200:215        hard        maxlogins        ' - skipped
Sep 05 14:44:16.338278 osdx OSDxCLI[195996]: User 'admin' executed a new command: 'system journal clear'.
Sep 05 14:44:16.546264 osdx OSDxCLI[195996]: User 'admin' executed a new command: 'system coredump delete all'.
Sep 05 14:44:16.800541 osdx OSDxCLI[195996]: User 'admin' entered the configuration menu.
Sep 05 14:44:16.876378 osdx OSDxCLI[195996]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 192.168.100.1/24'.
Sep 05 14:44:16.959850 osdx OSDxCLI[195996]: User 'admin' added a new cfg line: 'set system conntrack logging events all'.
Sep 05 14:44:17.043758 osdx OSDxCLI[195996]: User 'admin' added a new cfg line: 'set system conntrack logging identity OSDx_DUT0'.
Sep 05 14:44:17.115531 osdx OSDxCLI[195996]: User 'admin' added a new cfg line: 'show working'.
Sep 05 14:44:17.203210 osdx ubnt-cfgd[211705]: inactive
Sep 05 14:44:17.223482 osdx INFO[211713]: FRR daemons did not change
Sep 05 14:44:17.245640 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0
Sep 05 14:44:17.307126 osdx sudo[211801]: pam_limits(sudo:session): invalid line '@200:215        hard        maxlogins        ' - skipped
Sep 05 14:44:17.338125 osdx systemd[1]: Starting ulogd2.service - Netfilter Userspace Logging Daemon...
Sep 05 14:44:17.339263 osdx systemd[1]: Started ulogd2.service - Netfilter Userspace Logging Daemon.
Sep 05 14:44:17.339742 osdx ulogd[211804]: registering plugin `NFCT'
Sep 05 14:44:17.340025 osdx ulogd[211804]: registering plugin `IP2STR'
Sep 05 14:44:17.340133 osdx ulogd[211804]: registering plugin `PRINTFLOW'
Sep 05 14:44:17.340239 osdx ulogd[211804]: registering plugin `SYSLOG'
Sep 05 14:44:17.340279 osdx ulogd[211804]: building new pluginstance stack: 'ct1:NFCT,ip2str1:IP2STR,print1:PRINTFLOW,sys1:SYSLOG'
Sep 05 14:44:17.340370 osdx ulogd[211804]: NFCT plugin working in event mode
Sep 05 14:44:17.340414 osdx OSDx_DUT0[211804]: Changing UID / GID
Sep 05 14:44:17.340535 osdx OSDx_DUT0[211804]: initialization finished, entering main loop
Sep 05 14:44:17.341593 osdx cfgd[1463]: [195996]Completed change to active configuration
Sep 05 14:44:17.354063 osdx OSDxCLI[195996]: User 'admin' committed the configuration.
Sep 05 14:44:17.371009 osdx OSDxCLI[195996]: User 'admin' left the configuration menu.
Sep 05 14:44:18.208604 osdx OSDx_DUT0[211804]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0
Sep 05 14:44:18.208625 osdx OSDx_DUT0[211804]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0
Sep 05 14:44:18.290177 osdx OSDx_DUT0[211804]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0
Sep 05 14:44:18.290205 osdx OSDx_DUT0[211804]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0
Sep 05 14:44:18.416947 osdx OSDxCLI[195996]: User 'admin' executed a new command: 'system journal show | cat'.
Sep 05 14:44:18.569001 osdx OSDxCLI[195996]: User 'admin' entered the configuration menu.
Sep 05 14:44:18.628129 osdx OSDxCLI[195996]: User 'admin' added a new cfg line: 'delete system conntrack logging identity'.
Sep 05 14:44:18.732080 osdx OSDxCLI[195996]: User 'admin' added a new cfg line: 'show changes'.
Sep 05 14:44:18.796513 osdx ubnt-cfgd[211840]: inactive
Sep 05 14:44:18.815800 osdx INFO[211846]: FRR daemons did not change
Sep 05 14:44:18.822598 osdx sudo[211851]: pam_limits(sudo:session): invalid line '@200:215        hard        maxlogins        ' - skipped
Sep 05 14:44:18.827511 osdx OSDx_DUT0[211804]: Terminal signal received, exiting
Sep 05 14:44:18.827577 osdx systemd[1]: Stopping ulogd2.service - Netfilter Userspace Logging Daemon...
Sep 05 14:44:18.827875 osdx systemd[1]: ulogd2.service: Deactivated successfully.
Sep 05 14:44:18.827989 osdx systemd[1]: Stopped ulogd2.service - Netfilter Userspace Logging Daemon.
Sep 05 14:44:18.862080 osdx systemd[1]: Starting ulogd2.service - Netfilter Userspace Logging Daemon...
Sep 05 14:44:18.862823 osdx systemd[1]: Started ulogd2.service - Netfilter Userspace Logging Daemon.
Sep 05 14:44:18.862950 osdx ulogd[211855]: registering plugin `NFCT'
Sep 05 14:44:18.863148 osdx ulogd[211855]: registering plugin `IP2STR'
Sep 05 14:44:18.863223 osdx ulogd[211855]: registering plugin `PRINTFLOW'
Sep 05 14:44:18.863294 osdx ulogd[211855]: registering plugin `SYSLOG'
Sep 05 14:44:18.863321 osdx ulogd[211855]: building new pluginstance stack: 'ct1:NFCT,ip2str1:IP2STR,print1:PRINTFLOW,sys1:SYSLOG'
Sep 05 14:44:18.863385 osdx ulogd[211855]: NFCT plugin working in event mode
Sep 05 14:44:18.863413 osdx ulogd[211855]: Changing UID / GID
Sep 05 14:44:18.863505 osdx ulogd[211855]: initialization finished, entering main loop
Sep 05 14:44:18.864188 osdx cfgd[1463]: [195996]Completed change to active configuration
Sep 05 14:44:18.865462 osdx ulogd[211855]: [DESTROY] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84
Sep 05 14:44:18.865538 osdx ulogd[211855]: [DESTROY] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84
Sep 05 14:44:18.866150 osdx OSDxCLI[195996]: User 'admin' committed the configuration.
Sep 05 14:44:18.892080 osdx OSDxCLI[195996]: User 'admin' left the configuration menu.
Sep 05 14:44:19.044894 osdx ulogd[211855]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0
Sep 05 14:44:19.044915 osdx ulogd[211855]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0

---

Policies logging

Description

Set a simple configuration with mark and label traffic policies, send a ping command from one device to other and check that default, mark and label fields appear when running system journal show.

Scenario

Step 1: Set the following configuration in DUT0 :

set interfaces ethernet eth0 address 192.168.100.1/24
set interfaces ethernet eth0 traffic policy in POLICY
set system conntrack logging events all
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
set traffic label TEST
set traffic policy POLICY rule 1 set connmark 33
set traffic policy POLICY rule 1 set label TEST

Step 2: Set the following configuration in DUT1 :

set interfaces ethernet eth0 address 192.168.100.2/24
set protocols static route 0.0.0.0/0 next-hop 192.168.100.1
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'

Step 3: Ping IP address 192.168.100.1 from DUT1:

admin@DUT1$ ping 192.168.100.1 count 1 size 56 timeout 1

Show output

PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data.
64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.385 ms

--- 192.168.100.1 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 0.385/0.385/0.385/0.000 ms

Step 4: Ping IP address 192.168.100.1 from DUT1:

admin@DUT1$ ping 192.168.100.1 count 2 size 56 timeout 1

Show output

PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data.
64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.315 ms
64 bytes from 192.168.100.1: icmp_seq=2 ttl=64 time=0.220 ms

--- 192.168.100.1 ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1032ms
rtt min/avg/max/mdev = 0.220/0.267/0.315/0.047 ms

Step 5: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:

ulogd\[.*\]:.*\[((NEW)|(UPDATE)|(DESTROY))\].*MARK=33.*LABELS=TEST

Show output

Sep 05 14:44:23.000184 osdx systemd-timedated[207418]: Changed local time to Fri 2025-09-05 14:44:23 UTC
Sep 05 14:44:23.001618 osdx OSDxCLI[195996]: User 'admin' executed a new command: 'set date 2025-09-05 14:44:23'.
Sep 05 14:44:23.001770 osdx systemd-journald[132215]: Time jumped backwards, rotating.
Sep 05 14:44:23.337579 osdx sudo[211991]: pam_limits(sudo:session): invalid line '@200:215        hard        maxlogins        ' - skipped
Sep 05 14:44:23.341493 osdx systemd-journald[132215]: Runtime Journal (/run/log/journal/277fa7f754984f629482974adff2eda9) is 1.9M, max 13.8M, 11.8M free.
Sep 05 14:44:23.341906 osdx systemd-journald[132215]: Received client request to rotate journal, rotating.
Sep 05 14:44:23.341937 osdx systemd-journald[132215]: Vacuuming done, freed 0B of archived journals from /run/log/journal/277fa7f754984f629482974adff2eda9.
Sep 05 14:44:23.345711 osdx sudo[211990]: pam_limits(sudo:session): invalid line '@200:215        hard        maxlogins        ' - skipped
Sep 05 14:44:23.354591 osdx OSDxCLI[195996]: User 'admin' executed a new command: 'system journal clear'.
Sep 05 14:44:23.594350 osdx OSDxCLI[195996]: User 'admin' executed a new command: 'system coredump delete all'.
Sep 05 14:44:23.878516 osdx OSDxCLI[195996]: User 'admin' entered the configuration menu.
Sep 05 14:44:23.969782 osdx OSDxCLI[195996]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 traffic policy in POLICY'.
Sep 05 14:44:24.050348 osdx OSDxCLI[195996]: User 'admin' added a new cfg line: 'set traffic label TEST'.
Sep 05 14:44:24.169031 osdx OSDxCLI[195996]: User 'admin' added a new cfg line: 'set traffic policy POLICY rule 1 set connmark 33'.
Sep 05 14:44:24.252065 osdx OSDxCLI[195996]: User 'admin' added a new cfg line: 'set traffic policy POLICY rule 1 set label TEST'.
Sep 05 14:44:24.363624 osdx OSDxCLI[195996]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 192.168.100.1/24'.
Sep 05 14:44:24.422863 osdx OSDxCLI[195996]: User 'admin' added a new cfg line: 'set system conntrack logging events all'.
Sep 05 14:44:24.547052 osdx OSDxCLI[195996]: User 'admin' added a new cfg line: 'show working'.
Sep 05 14:44:24.624198 osdx ubnt-cfgd[212019]: inactive
Sep 05 14:44:24.655355 osdx INFO[212033]: FRR daemons did not change
Sep 05 14:44:24.677787 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0
Sep 05 14:44:24.733512 osdx sudo[212121]: pam_limits(sudo:session): invalid line '@200:215        hard        maxlogins        ' - skipped
Sep 05 14:44:24.754146 osdx systemd[1]: Starting ulogd2.service - Netfilter Userspace Logging Daemon...
Sep 05 14:44:24.754724 osdx systemd[1]: ulogd2.service: Failed to parse PID from file /run/ulog/ulogd.pid: Invalid argument
Sep 05 14:44:24.755428 osdx ulogd[212124]: registering plugin `NFCT'
Sep 05 14:44:24.755483 osdx ulogd[212124]: registering plugin `IP2STR'
Sep 05 14:44:24.755546 osdx ulogd[212124]: registering plugin `PRINTFLOW'
Sep 05 14:44:24.755600 osdx ulogd[212124]: registering plugin `SYSLOG'
Sep 05 14:44:24.755605 osdx ulogd[212124]: building new pluginstance stack: 'ct1:NFCT,ip2str1:IP2STR,print1:PRINTFLOW,sys1:SYSLOG'
Sep 05 14:44:24.755655 osdx ulogd[212124]: NFCT plugin working in event mode
Sep 05 14:44:24.755663 osdx ulogd[212124]: Changing UID / GID
Sep 05 14:44:24.755746 osdx ulogd[212124]: initialization finished, entering main loop
Sep 05 14:44:24.769831 osdx systemd[1]: Started ulogd2.service - Netfilter Userspace Logging Daemon.
Sep 05 14:44:24.778166 osdx sudo[212127]: pam_limits(sudo:session): invalid line '@200:215        hard        maxlogins        ' - skipped
Sep 05 14:44:24.781650 osdx ulogd[212124]: Terminal signal received, exiting
Sep 05 14:44:24.781724 osdx systemd[1]: Stopping ulogd2.service - Netfilter Userspace Logging Daemon...
Sep 05 14:44:24.782144 osdx systemd[1]: ulogd2.service: Deactivated successfully.
Sep 05 14:44:24.782264 osdx systemd[1]: Stopped ulogd2.service - Netfilter Userspace Logging Daemon.
Sep 05 14:44:24.783434 osdx systemd[1]: Starting ulogd2.service - Netfilter Userspace Logging Daemon...
Sep 05 14:44:24.784293 osdx systemd[1]: ulogd2.service: Failed to parse PID from file /run/ulog/ulogd.pid: Invalid argument
Sep 05 14:44:24.784962 osdx ulogd[212130]: registering plugin `NFCT'
Sep 05 14:44:24.785014 osdx ulogd[212130]: registering plugin `IP2STR'
Sep 05 14:44:24.785062 osdx ulogd[212130]: registering plugin `PRINTFLOW'
Sep 05 14:44:24.785129 osdx ulogd[212130]: registering plugin `SYSLOG'
Sep 05 14:44:24.785133 osdx ulogd[212130]: building new pluginstance stack: 'ct1:NFCT,ip2str1:IP2STR,print1:PRINTFLOW,sys1:SYSLOG'
Sep 05 14:44:24.785182 osdx ulogd[212130]: NFCT plugin working in event mode
Sep 05 14:44:24.785189 osdx ulogd[212130]: Changing UID / GID
Sep 05 14:44:24.785262 osdx ulogd[212130]: initialization finished, entering main loop
Sep 05 14:44:24.797854 osdx systemd[1]: Started ulogd2.service - Netfilter Userspace Logging Daemon.
Sep 05 14:44:24.974746 osdx cfgd[1463]: [195996]Completed change to active configuration
Sep 05 14:44:24.989729 osdx OSDxCLI[195996]: User 'admin' committed the configuration.
Sep 05 14:44:25.006045 osdx OSDxCLI[195996]: User 'admin' left the configuration menu.
Sep 05 14:44:25.922437 osdx ulogd[212130]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 MARK=33 LABELS=TEST
Sep 05 14:44:25.922462 osdx ulogd[212130]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 MARK=33
Sep 05 14:44:26.013995 osdx ulogd[212130]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 MARK=33 LABELS=TEST
Sep 05 14:44:26.014028 osdx ulogd[212130]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 MARK=33

---

VRF logging

Description

Set a simple configuration with a vrf, send a ping command from one device to other and check that default and vrf fields appear when running system journal show.

Scenario

Step 1: Set the following configuration in DUT0 :

set interfaces ethernet eth0 address 192.168.100.1/24
set interfaces ethernet eth0 vrf RED
set protocols vrf RED static route 0.0.0.0/0 next-hop 192.168.100.2
set system conntrack logging events all
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
set system vrf RED

Step 2: Set the following configuration in DUT1 :

set interfaces ethernet eth0 address 192.168.100.2/24
set protocols static route 0.0.0.0/0 next-hop 192.168.100.1
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'

Step 3: Ping IP address 192.168.100.1 from DUT1:

admin@DUT1$ ping 192.168.100.1 count 1 size 56 timeout 1

Show output

PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data.
64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.367 ms

--- 192.168.100.1 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 0.367/0.367/0.367/0.000 ms

Step 4: Ping IP address 192.168.100.1 from DUT1:

admin@DUT1$ ping 192.168.100.1 count 1 size 56 timeout 1

Show output

PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data.
64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.276 ms

--- 192.168.100.1 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 0.276/0.276/0.276/0.000 ms

Step 5: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:

ulogd\[.*\]:.*\[((NEW)|(UPDATE)|(DESTROY))\].*VRF=RED

Show output

Sep 05 14:44:32.329450 osdx systemd-journald[132215]: Runtime Journal (/run/log/journal/277fa7f754984f629482974adff2eda9) is 1.9M, max 13.8M, 11.8M free.
Sep 05 14:44:32.332730 osdx systemd-journald[132215]: Received client request to rotate journal, rotating.
Sep 05 14:44:32.332789 osdx systemd-journald[132215]: Vacuuming done, freed 0B of archived journals from /run/log/journal/277fa7f754984f629482974adff2eda9.
Sep 05 14:44:32.334884 osdx sudo[212330]: pam_limits(sudo:session): invalid line '@200:215        hard        maxlogins        ' - skipped
Sep 05 14:44:32.342268 osdx OSDxCLI[195996]: User 'admin' executed a new command: 'system journal clear'.
Sep 05 14:44:32.618680 osdx OSDxCLI[195996]: User 'admin' executed a new command: 'system coredump delete all'.
Sep 05 14:44:32.852976 osdx OSDxCLI[195996]: User 'admin' entered the configuration menu.
Sep 05 14:44:32.933427 osdx OSDxCLI[195996]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 vrf RED'.
Sep 05 14:44:33.047541 osdx OSDxCLI[195996]: User 'admin' added a new cfg line: 'set protocols vrf RED static route 0.0.0.0/0 next-hop 192.168.100.2'.
Sep 05 14:44:33.112015 osdx OSDxCLI[195996]: User 'admin' added a new cfg line: 'set system vrf RED'.
Sep 05 14:44:33.224931 osdx OSDxCLI[195996]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 192.168.100.1/24'.
Sep 05 14:44:33.287812 osdx OSDxCLI[195996]: User 'admin' added a new cfg line: 'set system conntrack logging events all'.
Sep 05 14:44:33.410066 osdx OSDxCLI[195996]: User 'admin' added a new cfg line: 'show working'.
Sep 05 14:44:33.491734 osdx ubnt-cfgd[212358]: inactive
Sep 05 14:44:33.517090 osdx INFO[212366]: FRR daemons did not change
Sep 05 14:44:33.521793 osdx sudo[212371]: pam_limits(sudo:session): invalid line '@200:215        hard        maxlogins        ' - skipped
Sep 05 14:44:33.527131 osdx (udev-worker)[212374]: RED: Could not disable auto negotiation, ignoring: Operation not supported
Sep 05 14:44:33.527390 osdx (udev-worker)[212374]: Network interface NamePolicy= disabled on kernel command line.
Sep 05 14:44:33.556735 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0
Sep 05 14:44:33.616712 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0
Sep 05 14:44:33.898427 osdx sudo[212529]: pam_limits(sudo:session): invalid line '@200:215        hard        maxlogins        ' - skipped
Sep 05 14:44:33.925087 osdx systemd[1]: Starting ulogd2.service - Netfilter Userspace Logging Daemon...
Sep 05 14:44:33.925856 osdx systemd[1]: Started ulogd2.service - Netfilter Userspace Logging Daemon.
Sep 05 14:44:33.926110 osdx ulogd[212532]: registering plugin `NFCT'
Sep 05 14:44:33.926377 osdx ulogd[212532]: registering plugin `IP2STR'
Sep 05 14:44:33.926474 osdx ulogd[212532]: registering plugin `PRINTFLOW'
Sep 05 14:44:33.926576 osdx ulogd[212532]: registering plugin `SYSLOG'
Sep 05 14:44:33.926613 osdx ulogd[212532]: building new pluginstance stack: 'ct1:NFCT,ip2str1:IP2STR,print1:PRINTFLOW,sys1:SYSLOG'
Sep 05 14:44:33.926697 osdx ulogd[212532]: NFCT plugin working in event mode
Sep 05 14:44:33.926739 osdx ulogd[212532]: Changing UID / GID
Sep 05 14:44:33.926850 osdx ulogd[212532]: initialization finished, entering main loop
Sep 05 14:44:33.927388 osdx cfgd[1463]: [195996]Completed change to active configuration
Sep 05 14:44:33.938627 osdx OSDxCLI[195996]: User 'admin' committed the configuration.
Sep 05 14:44:33.957782 osdx OSDxCLI[195996]: User 'admin' left the configuration menu.
Sep 05 14:44:34.810472 osdx ulogd[212532]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 VRF=RED PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 VRF=RED PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0
Sep 05 14:44:34.810490 osdx ulogd[212532]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 VRF=RED PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 VRF=RED PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0
Sep 05 14:44:34.905834 osdx ulogd[212532]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 VRF=RED PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 VRF=RED PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0
Sep 05 14:44:34.905858 osdx ulogd[212532]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 VRF=RED PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 VRF=RED PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0

---

Not-Bypass logging

Description

Set a simple configuration with a firewall service, send a ping command from one device to other and check that default and bypass fields appear when running system journal show.

Scenario

Step 1: Set the following configuration in DUT0 :

set interfaces ethernet eth1 address 10.215.168.64/24
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'

Step 2: Ping IP address 10.215.168.1 from DUT0:

admin@DUT0$ ping 10.215.168.1 count 1 size 56 timeout 1

Show output

PING 10.215.168.1 (10.215.168.1) 56(84) bytes of data.
64 bytes from 10.215.168.1: icmp_seq=1 ttl=64 time=0.184 ms

--- 10.215.168.1 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 0.184/0.184/0.184/0.000 ms

Step 3: Run command file copy http://10.215.168.1/~robot/test-performance.rules running:// force at DUT0 and expect this output:

Show output

  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100   129  100   129    0     0  54893      0 --:--:-- --:--:-- --:--:-- 64500

Step 4: Set the following configuration in DUT0 :

set interfaces ethernet eth0 address 192.168.100.1/24
set interfaces ethernet eth0 traffic policy in POLICY
set interfaces ethernet eth1 address 10.215.168.64/24
set service firewall FW mode inline queue FW_Q
set service firewall FW ruleset file 'running://test-performance.rules'
set service firewall FW stream bypass mark 129834765
set service firewall FW stream bypass mask 129834765
set service firewall FW stream bypass set-connmark
set system conntrack logging events all
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
set traffic policy POLICY rule 1 action enqueue FW_Q
set traffic queue FW_Q elements 1

Step 5: Set the following configuration in DUT1 :

set interfaces ethernet eth0 address 192.168.100.2/24
set protocols static route 0.0.0.0/0 next-hop 192.168.100.1
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'

Step 6: Ping IP address 192.168.100.1 from DUT1:

admin@DUT1$ ping 192.168.100.1 count 1 size 56 timeout 1

Show output

PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data.
64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.492 ms

--- 192.168.100.1 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 0.492/0.492/0.492/0.000 ms

Step 7: Ping IP address 192.168.100.1 from DUT1:

admin@DUT1$ ping 192.168.100.1 count 1 size 56 timeout 1

Show output

PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data.
64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.369 ms

--- 192.168.100.1 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 0.369/0.369/0.369/0.000 ms

Step 8: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:

ulogd\[.*\]:.*\[((NEW)|(UPDATE)|(DESTROY))\].*Sc: not-bypass

Show output

Sep 05 14:44:39.000175 osdx systemd-timedated[207418]: Changed local time to Fri 2025-09-05 14:44:39 UTC
Sep 05 14:44:39.000661 osdx systemd-journald[132215]: Time jumped backwards, rotating.
Sep 05 14:44:39.001550 osdx OSDxCLI[195996]: User 'admin' executed a new command: 'set date 2025-09-05 14:44:39'.
Sep 05 14:44:39.310182 osdx sudo[212775]: pam_limits(sudo:session): invalid line '@200:215        hard        maxlogins        ' - skipped
Sep 05 14:44:39.313879 osdx systemd-journald[132215]: Runtime Journal (/run/log/journal/277fa7f754984f629482974adff2eda9) is 2.2M, max 13.8M, 11.5M free.
Sep 05 14:44:39.316506 osdx systemd-journald[132215]: Received client request to rotate journal, rotating.
Sep 05 14:44:39.316560 osdx systemd-journald[132215]: Vacuuming done, freed 0B of archived journals from /run/log/journal/277fa7f754984f629482974adff2eda9.
Sep 05 14:44:39.318153 osdx sudo[212774]: pam_limits(sudo:session): invalid line '@200:215        hard        maxlogins        ' - skipped
Sep 05 14:44:39.325810 osdx OSDxCLI[195996]: User 'admin' executed a new command: 'system journal clear'.
Sep 05 14:44:39.550880 osdx OSDxCLI[195996]: User 'admin' executed a new command: 'system coredump delete all'.
Sep 05 14:44:39.809861 osdx OSDxCLI[195996]: User 'admin' entered the configuration menu.
Sep 05 14:44:39.884256 osdx OSDxCLI[195996]: User 'admin' added a new cfg line: 'set interfaces ethernet eth1 address 10.215.168.64/24'.
Sep 05 14:44:39.980068 osdx OSDxCLI[195996]: User 'admin' added a new cfg line: 'show working'.
Sep 05 14:44:40.080973 osdx ubnt-cfgd[212798]: inactive
Sep 05 14:44:40.100810 osdx INFO[212806]: FRR daemons did not change
Sep 05 14:44:40.184507 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth1
Sep 05 14:44:40.232540 osdx cfgd[1463]: [195996]Completed change to active configuration
Sep 05 14:44:40.244670 osdx OSDxCLI[195996]: User 'admin' committed the configuration.
Sep 05 14:44:40.297200 osdx OSDxCLI[195996]: User 'admin' left the configuration menu.
Sep 05 14:44:40.467674 osdx OSDxCLI[195996]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'.
Sep 05 14:44:40.542975 osdx sudo[212920]: pam_limits(sudo:session): invalid line '@200:215        hard        maxlogins        ' - skipped
Sep 05 14:44:40.609859 osdx file_operation[212923]: using src url: http://10.215.168.1/~robot/test-performance.rules dst url: running://
Sep 05 14:44:40.628572 osdx sudo[212930]: pam_limits(sudo:session): invalid line '@200:215        hard        maxlogins        ' - skipped
Sep 05 14:44:40.630769 osdx OSDxCLI[195996]: User 'admin' executed a new command: 'file copy http://10.215.168.1/~robot/test-performance.rules running:// force'.
Sep 05 14:44:40.775024 osdx OSDxCLI[195996]: User 'admin' entered the configuration menu.
Sep 05 14:44:40.845539 osdx OSDxCLI[195996]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 traffic policy in POLICY'.
Sep 05 14:44:40.930207 osdx OSDxCLI[195996]: User 'admin' added a new cfg line: 'set service firewall FW mode inline queue FW_Q'.
Sep 05 14:44:40.987631 osdx OSDxCLI[195996]: User 'admin' added a new cfg line: 'set service firewall FW ruleset file running://test-performance.rules'.
Sep 05 14:44:41.084851 osdx OSDxCLI[195996]: User 'admin' added a new cfg line: 'set service firewall FW stream bypass'.
Sep 05 14:44:41.141291 osdx OSDxCLI[195996]: User 'admin' added a new cfg line: 'set service firewall FW stream bypass mark 129834765'.
Sep 05 14:44:41.242182 osdx OSDxCLI[195996]: User 'admin' added a new cfg line: 'set service firewall FW stream bypass mask 129834765'.
Sep 05 14:44:41.303063 osdx OSDxCLI[195996]: User 'admin' added a new cfg line: 'set service firewall FW stream bypass set-connmark'.
Sep 05 14:44:41.426987 osdx OSDxCLI[195996]: User 'admin' added a new cfg line: 'set traffic queue FW_Q elements 1'.
Sep 05 14:44:41.499037 osdx OSDxCLI[195996]: User 'admin' added a new cfg line: 'set traffic policy POLICY rule 1 action enqueue FW_Q'.
Sep 05 14:44:41.606990 osdx OSDxCLI[195996]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 192.168.100.1/24'.
Sep 05 14:44:41.683465 osdx OSDxCLI[195996]: User 'admin' added a new cfg line: 'set system conntrack logging events all'.
Sep 05 14:44:41.793347 osdx OSDxCLI[195996]: User 'admin' added a new cfg line: 'show working'.
Sep 05 14:44:41.869250 osdx ubnt-cfgd[212957]: inactive
Sep 05 14:44:41.914711 osdx INFO[212974]: FRR daemons did not change
Sep 05 14:44:41.936506 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0
Sep 05 14:44:41.995992 osdx sudo[213062]: pam_limits(sudo:session): invalid line '@200:215        hard        maxlogins        ' - skipped
Sep 05 14:44:42.020816 osdx systemd[1]: Starting ulogd2.service - Netfilter Userspace Logging Daemon...
Sep 05 14:44:42.021650 osdx systemd[1]: Started ulogd2.service - Netfilter Userspace Logging Daemon.
Sep 05 14:44:42.021988 osdx ulogd[213065]: registering plugin `NFCT'
Sep 05 14:44:42.022183 osdx ulogd[213065]: registering plugin `IP2STR'
Sep 05 14:44:42.022256 osdx ulogd[213065]: registering plugin `PRINTFLOW'
Sep 05 14:44:42.022325 osdx ulogd[213065]: registering plugin `SYSLOG'
Sep 05 14:44:42.022359 osdx ulogd[213065]: building new pluginstance stack: 'ct1:NFCT,ip2str1:IP2STR,print1:PRINTFLOW,sys1:SYSLOG'
Sep 05 14:44:42.022424 osdx ulogd[213065]: NFCT plugin working in event mode
Sep 05 14:44:42.022455 osdx ulogd[213065]: Changing UID / GID
Sep 05 14:44:42.022544 osdx ulogd[213065]: initialization finished, entering main loop
Sep 05 14:44:42.269900 osdx systemd[1]: Reloading.
Sep 05 14:44:42.300514 osdx systemd-sysv-generator[213101]: stat() failed on /etc/init.d/README, ignoring: No such file or directory
Sep 05 14:44:42.460977 osdx systemd[1]: Starting logrotate.service - Rotate log files...
Sep 05 14:44:42.465035 osdx systemd[1]: Created slice system-suricata.slice - Slice /system/suricata.
Sep 05 14:44:42.465876 osdx systemd[1]: Starting suricata@FW.service - Suricata client "FW" service...
Sep 05 14:44:42.486250 osdx systemd[1]: logrotate.service: Deactivated successfully.
Sep 05 14:44:42.486519 osdx systemd[1]: Finished logrotate.service - Rotate log files.
Sep 05 14:44:42.731260 osdx systemd[1]: Started suricata@FW.service - Suricata client "FW" service.
Sep 05 14:44:43.082521 osdx INFO[213084]: Rules successfully loaded
Sep 05 14:44:43.091554 osdx sudo[213127]: pam_limits(sudo:session): invalid line '@200:215        hard        maxlogins        ' - skipped
Sep 05 14:44:43.095084 osdx systemd[1]: Stopping ulogd2.service - Netfilter Userspace Logging Daemon...
Sep 05 14:44:43.095160 osdx ulogd[213065]: Terminal signal received, exiting
Sep 05 14:44:43.095540 osdx systemd[1]: ulogd2.service: Deactivated successfully.
Sep 05 14:44:43.095627 osdx systemd[1]: Stopped ulogd2.service - Netfilter Userspace Logging Daemon.
Sep 05 14:44:43.120865 osdx systemd[1]: Starting ulogd2.service - Netfilter Userspace Logging Daemon...
Sep 05 14:44:43.122007 osdx systemd[1]: Started ulogd2.service - Netfilter Userspace Logging Daemon.
Sep 05 14:44:43.122162 osdx ulogd[213130]: registering plugin `NFCT'
Sep 05 14:44:43.122349 osdx ulogd[213130]: registering plugin `IP2STR'
Sep 05 14:44:43.122415 osdx ulogd[213130]: registering plugin `PRINTFLOW'
Sep 05 14:44:43.122480 osdx ulogd[213130]: registering plugin `SYSLOG'
Sep 05 14:44:43.122503 osdx ulogd[213130]: building new pluginstance stack: 'ct1:NFCT,ip2str1:IP2STR,print1:PRINTFLOW,sys1:SYSLOG'
Sep 05 14:44:43.122572 osdx ulogd[213130]: NFCT plugin working in event mode
Sep 05 14:44:43.122597 osdx ulogd[213130]: Changing UID / GID
Sep 05 14:44:43.123059 osdx ulogd[213130]: initialization finished, entering main loop
Sep 05 14:44:43.123995 osdx cfgd[1463]: [195996]Completed change to active configuration
Sep 05 14:44:43.135226 osdx OSDxCLI[195996]: User 'admin' committed the configuration.
Sep 05 14:44:43.159675 osdx OSDxCLI[195996]: User 'admin' left the configuration menu.
Sep 05 14:44:43.957512 osdx ulogd[213130]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 (Sc: not-bypass)
Sep 05 14:44:43.957527 osdx ulogd[213130]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 (Sc: not-bypass)
Sep 05 14:44:44.036975 osdx ulogd[213130]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 (Sc: not-bypass)
Sep 05 14:44:44.036990 osdx ulogd[213130]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 (Sc: not-bypass)

---

Offload flag

Description

Set a simple configuration with DUT0 as an intermediary between DUT1 and DUT2. Initiate a ssh connection from DUT1 to DUT2 and check that default and offload fields appear when running system journal show.

Scenario

Step 1: Set the following configuration in DUT0 :

set interfaces ethernet eth0 address 192.168.100.1/24
set interfaces ethernet eth1 address 192.168.200.1/24
set system conntrack logging events all
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'

Step 2: Set the following configuration in DUT1 :

set interfaces ethernet eth0 address 192.168.100.2/24
set protocols static route 0.0.0.0/0 next-hop 192.168.100.1
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'

Step 3: Set the following configuration in DUT2 :

set interfaces ethernet eth0 address 192.168.200.2/24
set protocols static route 0.0.0.0/0 next-hop 192.168.200.1
set service ssh
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'

Step 4: Ping IP address 192.168.100.1 from DUT1:

admin@DUT1$ ping 192.168.100.1 count 1 size 56 timeout 1

Show output

PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data.
64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.360 ms

--- 192.168.100.1 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 0.360/0.360/0.360/0.000 ms

Step 5: Ping IP address 192.168.200.1 from DUT2:

admin@DUT2$ ping 192.168.200.1 count 1 size 56 timeout 1

Show output

PING 192.168.200.1 (192.168.200.1) 56(84) bytes of data.
64 bytes from 192.168.200.1: icmp_seq=1 ttl=64 time=0.305 ms

--- 192.168.200.1 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 0.305/0.305/0.305/0.000 ms

Step 6: Init an SSH connection from DUT1 to IP address 192.168.200.2 with the user admin:

admin@DUT1$ ssh admin@192.168.200.2 option StrictHostKeyChecking=no option UserKnownHostsFile=/dev/null

Show output

Warning: Permanently added '192.168.200.2' (ECDSA) to the list of known hosts.
admin@192.168.200.2's password:
Welcome to Teldat OSDx v4.2.5.2

This system includes free software.
Contact Teldat for licenses information and source code.

Last login: Fri Sep  5 14:43:28 2025 from 10.215.168.64
admin@osdx$

Step 7: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:

ulogd\[.*\]:.*\[((NEW)|(UPDATE)|(DESTROY))\].*\[OFFLOAD\]

Show output

Sep 05 14:44:50.000160 osdx systemd-timedated[207418]: Changed local time to Fri 2025-09-05 14:44:50 UTC
Sep 05 14:44:50.001740 osdx OSDxCLI[195996]: User 'admin' executed a new command: 'set date 2025-09-05 14:44:50'.
Sep 05 14:44:50.002497 osdx systemd-journald[132215]: Time jumped backwards, rotating.
Sep 05 14:44:50.312167 osdx sudo[213386]: pam_limits(sudo:session): invalid line '@200:215        hard        maxlogins        ' - skipped
Sep 05 14:44:50.315553 osdx systemd-journald[132215]: Runtime Journal (/run/log/journal/277fa7f754984f629482974adff2eda9) is 1.9M, max 13.8M, 11.8M free.
Sep 05 14:44:50.318514 osdx systemd-journald[132215]: Received client request to rotate journal, rotating.
Sep 05 14:44:50.318572 osdx systemd-journald[132215]: Vacuuming done, freed 0B of archived journals from /run/log/journal/277fa7f754984f629482974adff2eda9.
Sep 05 14:44:50.319557 osdx sudo[213385]: pam_limits(sudo:session): invalid line '@200:215        hard        maxlogins        ' - skipped
Sep 05 14:44:50.327177 osdx OSDxCLI[195996]: User 'admin' executed a new command: 'system journal clear'.
Sep 05 14:44:50.544557 osdx OSDxCLI[195996]: User 'admin' executed a new command: 'system coredump delete all'.
Sep 05 14:44:50.771009 osdx OSDxCLI[195996]: User 'admin' entered the configuration menu.
Sep 05 14:44:50.854095 osdx OSDxCLI[195996]: User 'admin' added a new cfg line: 'set interfaces ethernet eth1 address 192.168.200.1/24'.
Sep 05 14:44:50.934426 osdx OSDxCLI[195996]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 192.168.100.1/24'.
Sep 05 14:44:50.992503 osdx OSDxCLI[195996]: User 'admin' added a new cfg line: 'set system conntrack logging events all'.
Sep 05 14:44:51.113030 osdx OSDxCLI[195996]: User 'admin' added a new cfg line: 'show working'.
Sep 05 14:44:51.175200 osdx ubnt-cfgd[213411]: inactive
Sep 05 14:44:51.203058 osdx INFO[213421]: FRR daemons did not change
Sep 05 14:44:51.230509 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth1
Sep 05 14:44:51.302506 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0
Sep 05 14:44:51.362243 osdx sudo[213584]: pam_limits(sudo:session): invalid line '@200:215        hard        maxlogins        ' - skipped
Sep 05 14:44:51.398815 osdx systemd[1]: Starting ulogd2.service - Netfilter Userspace Logging Daemon...
Sep 05 14:44:51.399731 osdx systemd[1]: ulogd2.service: Failed to parse PID from file /run/ulog/ulogd.pid: Invalid argument
Sep 05 14:44:51.400235 osdx ulogd[213587]: registering plugin `NFCT'
Sep 05 14:44:51.400415 osdx ulogd[213587]: registering plugin `IP2STR'
Sep 05 14:44:51.400482 osdx ulogd[213587]: registering plugin `PRINTFLOW'
Sep 05 14:44:51.400550 osdx ulogd[213587]: registering plugin `SYSLOG'
Sep 05 14:44:51.400576 osdx ulogd[213587]: building new pluginstance stack: 'ct1:NFCT,ip2str1:IP2STR,print1:PRINTFLOW,sys1:SYSLOG'
Sep 05 14:44:51.400637 osdx ulogd[213587]: NFCT plugin working in event mode
Sep 05 14:44:51.400666 osdx ulogd[213587]: Changing UID / GID
Sep 05 14:44:51.400758 osdx ulogd[213587]: initialization finished, entering main loop
Sep 05 14:44:51.418560 osdx systemd[1]: Started ulogd2.service - Netfilter Userspace Logging Daemon.
Sep 05 14:44:51.420164 osdx cfgd[1463]: [195996]Completed change to active configuration
Sep 05 14:44:51.431565 osdx OSDxCLI[195996]: User 'admin' committed the configuration.
Sep 05 14:44:51.449426 osdx OSDxCLI[195996]: User 'admin' left the configuration menu.
Sep 05 14:44:53.170911 osdx ulogd[213587]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0
Sep 05 14:44:53.170934 osdx ulogd[213587]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0
Sep 05 14:44:53.250088 osdx ulogd[213587]: [NEW] ORIG: SRC=192.168.200.2 DST=192.168.200.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.200.1 DST=192.168.200.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0
Sep 05 14:44:53.250104 osdx ulogd[213587]: [UPDATE] ORIG: SRC=192.168.200.2 DST=192.168.200.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.200.1 DST=192.168.200.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0
Sep 05 14:44:53.329345 osdx ulogd[213587]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.200.2 PROTO=TCP SPT=48520 DPT=22 PKTS=0 BYTES=0 , REPLY: SRC=192.168.200.2 DST=192.168.100.2 PROTO=TCP SPT=22 DPT=48520 PKTS=0 BYTES=0
Sep 05 14:44:53.329517 osdx ulogd[213587]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.200.2 PROTO=TCP SPT=48520 DPT=22 PKTS=0 BYTES=0 , REPLY: SRC=192.168.200.2 DST=192.168.100.2 PROTO=TCP SPT=22 DPT=48520 PKTS=0 BYTES=0
Sep 05 14:44:53.329601 osdx ulogd[213587]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.200.2 PROTO=TCP SPT=48520 DPT=22 PKTS=0 BYTES=0 , REPLY: SRC=192.168.200.2 DST=192.168.100.2 PROTO=TCP SPT=22 DPT=48520 PKTS=0 BYTES=0 [OFFLOAD]
Sep 05 14:44:53.609560 osdx ulogd[213587]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.200.2 PROTO=TCP SPT=48520 DPT=22 PKTS=0 BYTES=0 , REPLY: SRC=192.168.200.2 DST=192.168.100.2 PROTO=TCP SPT=22 DPT=48520 PKTS=0 BYTES=0
Sep 05 14:44:53.609716 osdx ulogd[213587]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.200.2 PROTO=TCP SPT=48520 DPT=22 PKTS=0 BYTES=0 , REPLY: SRC=192.168.200.2 DST=192.168.100.2 PROTO=TCP SPT=22 DPT=48520 PKTS=0 BYTES=0 [OFFLOAD]
Sep 05 14:44:53.611319 osdx ulogd[213587]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.200.2 PROTO=TCP SPT=48520 DPT=22 PKTS=0 BYTES=0 , REPLY: SRC=192.168.200.2 DST=192.168.100.2 PROTO=TCP SPT=22 DPT=48520 PKTS=0 BYTES=0
Sep 05 14:44:53.611433 osdx ulogd[213587]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.200.2 PROTO=TCP SPT=48520 DPT=22 PKTS=0 BYTES=0 , REPLY: SRC=192.168.200.2 DST=192.168.100.2 PROTO=TCP SPT=22 DPT=48520 PKTS=0 BYTES=0 [OFFLOAD]

---

App detect logging

Description

Set a simple configuration enabling app detection in system conntrack, send a ping command from DUT1 and check app detect field appears when running system journal show. After that, enabling app detection in system conntrack for http host, try to copy index.html from a http server and check that the app detect field appears and belongs to the http server when running system journal show.

Scenario

Step 1: Set the following configuration in DUT0 :

set interfaces ethernet eth0 address 192.168.100.1/24
set system conntrack app-detect
set system conntrack logging events all
set system conntrack timeout icmp 1
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'

Step 2: Set the following configuration in DUT1 :

set interfaces ethernet eth0 address 192.168.100.2/24
set protocols static route 0.0.0.0/0 next-hop 192.168.100.1
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'

Step 3: Ping IP address 192.168.100.1 from DUT1:

admin@DUT1$ ping 192.168.100.1 count 1 size 56 timeout 1

Show output

PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data.
64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.318 ms

--- 192.168.100.1 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 0.318/0.318/0.318/0.000 ms

Step 4: Ping IP address 192.168.100.1 from DUT1:

admin@DUT1$ ping 192.168.100.1 count 3 size 56 timeout 1

Show output

PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data.
64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.242 ms
64 bytes from 192.168.100.1: icmp_seq=2 ttl=64 time=0.303 ms
64 bytes from 192.168.100.1: icmp_seq=3 ttl=64 time=0.274 ms

--- 192.168.100.1 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2051ms
rtt min/avg/max/mdev = 0.242/0.273/0.303/0.024 ms

Step 5: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:

ulogd\[.*\]:.*\[NEW\].*APPDETECT\[L3:1\]

Show output

Sep 05 14:44:58.311623 osdx systemd-journald[132215]: Runtime Journal (/run/log/journal/277fa7f754984f629482974adff2eda9) is 2.0M, max 13.8M, 11.7M free.
Sep 05 14:44:58.314410 osdx systemd-journald[132215]: Received client request to rotate journal, rotating.
Sep 05 14:44:58.314463 osdx systemd-journald[132215]: Vacuuming done, freed 0B of archived journals from /run/log/journal/277fa7f754984f629482974adff2eda9.
Sep 05 14:44:58.315735 osdx sudo[213775]: pam_limits(sudo:session): invalid line '@200:215        hard        maxlogins        ' - skipped
Sep 05 14:44:58.322338 osdx OSDxCLI[195996]: User 'admin' executed a new command: 'system journal clear'.
Sep 05 14:44:58.546997 osdx OSDxCLI[195996]: User 'admin' executed a new command: 'system coredump delete all'.
Sep 05 14:44:58.790675 osdx OSDxCLI[195996]: User 'admin' entered the configuration menu.
Sep 05 14:44:58.856015 osdx OSDxCLI[195996]: User 'admin' added a new cfg line: 'set system conntrack app-detect'.
Sep 05 14:44:58.955053 osdx OSDxCLI[195996]: User 'admin' added a new cfg line: 'set system conntrack timeout icmp 1'.
Sep 05 14:44:59.037390 osdx OSDxCLI[195996]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 192.168.100.1/24'.
Sep 05 14:44:59.132959 osdx OSDxCLI[195996]: User 'admin' added a new cfg line: 'set system conntrack logging events all'.
Sep 05 14:44:59.206066 osdx OSDxCLI[195996]: User 'admin' added a new cfg line: 'show working'.
Sep 05 14:44:59.296488 osdx ubnt-cfgd[213802]: inactive
Sep 05 14:44:59.316241 osdx INFO[213810]: FRR daemons did not change
Sep 05 14:44:59.458415 osdx kernel: app-detect: module init
Sep 05 14:44:59.458470 osdx kernel: app-detect: registered: sysctl net.appdetect
Sep 05 14:44:59.458480 osdx kernel: app-detect: expression init
Sep 05 14:44:59.458488 osdx kernel: app-detect: appid cache initialized
Sep 05 14:44:59.458496 osdx kernel: app-detect: appid cache changes counter initialized
Sep 05 14:44:59.462015 osdx modulelauncher[213813]: AppDetect: no change in application dictionaries, thus nothing more to do
Sep 05 14:44:59.486419 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0
Sep 05 14:44:59.544642 osdx sudo[213921]: pam_limits(sudo:session): invalid line '@200:215        hard        maxlogins        ' - skipped
Sep 05 14:44:59.582787 osdx systemd[1]: Starting ulogd2.service - Netfilter Userspace Logging Daemon...
Sep 05 14:44:59.583702 osdx systemd[1]: ulogd2.service: Failed to parse PID from file /run/ulog/ulogd.pid: Invalid argument
Sep 05 14:44:59.584327 osdx ulogd[213924]: registering plugin `NFCT'
Sep 05 14:44:59.584542 osdx ulogd[213924]: registering plugin `IP2STR'
Sep 05 14:44:59.584614 osdx ulogd[213924]: registering plugin `PRINTFLOW'
Sep 05 14:44:59.584698 osdx ulogd[213924]: registering plugin `SYSLOG'
Sep 05 14:44:59.584731 osdx ulogd[213924]: building new pluginstance stack: 'ct1:NFCT,ip2str1:IP2STR,print1:PRINTFLOW,sys1:SYSLOG'
Sep 05 14:44:59.584808 osdx ulogd[213924]: NFCT plugin working in event mode
Sep 05 14:44:59.584841 osdx ulogd[213924]: Changing UID / GID
Sep 05 14:44:59.584946 osdx ulogd[213924]: initialization finished, entering main loop
Sep 05 14:44:59.598503 osdx systemd[1]: Started ulogd2.service - Netfilter Userspace Logging Daemon.
Sep 05 14:44:59.599873 osdx cfgd[1463]: [195996]Completed change to active configuration
Sep 05 14:44:59.612000 osdx OSDxCLI[195996]: User 'admin' committed the configuration.
Sep 05 14:44:59.638323 osdx OSDxCLI[195996]: User 'admin' left the configuration menu.
Sep 05 14:45:00.404301 osdx ulogd[213924]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1]
Sep 05 14:45:00.404318 osdx ulogd[213924]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1]
Sep 05 14:45:00.479064 osdx ulogd[213924]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1]
Sep 05 14:45:00.479082 osdx ulogd[213924]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1]
Sep 05 14:45:01.506475 osdx ulogd[213924]: [DESTROY] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 APPDETECT[L3:1]
Sep 05 14:45:01.506499 osdx ulogd[213924]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1]
Sep 05 14:45:01.506516 osdx ulogd[213924]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1]
Sep 05 14:45:01.602369 osdx CRON[213950]: pam_limits(cron:session): invalid line '@200:215        hard        maxlogins        ' - skipped
Sep 05 14:45:02.530435 osdx ulogd[213924]: [DESTROY] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 APPDETECT[L3:1]
Sep 05 14:45:02.530453 osdx ulogd[213924]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1]
Sep 05 14:45:02.530465 osdx ulogd[213924]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1]

Step 6: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:

ulogd\[.*\]:.*\[UPDATE\].*APPDETECT\[L3:1\]

Show output

Sep 05 14:44:58.311623 osdx systemd-journald[132215]: Runtime Journal (/run/log/journal/277fa7f754984f629482974adff2eda9) is 2.0M, max 13.8M, 11.7M free.
Sep 05 14:44:58.314410 osdx systemd-journald[132215]: Received client request to rotate journal, rotating.
Sep 05 14:44:58.314463 osdx systemd-journald[132215]: Vacuuming done, freed 0B of archived journals from /run/log/journal/277fa7f754984f629482974adff2eda9.
Sep 05 14:44:58.315735 osdx sudo[213775]: pam_limits(sudo:session): invalid line '@200:215        hard        maxlogins        ' - skipped
Sep 05 14:44:58.322338 osdx OSDxCLI[195996]: User 'admin' executed a new command: 'system journal clear'.
Sep 05 14:44:58.546997 osdx OSDxCLI[195996]: User 'admin' executed a new command: 'system coredump delete all'.
Sep 05 14:44:58.790675 osdx OSDxCLI[195996]: User 'admin' entered the configuration menu.
Sep 05 14:44:58.856015 osdx OSDxCLI[195996]: User 'admin' added a new cfg line: 'set system conntrack app-detect'.
Sep 05 14:44:58.955053 osdx OSDxCLI[195996]: User 'admin' added a new cfg line: 'set system conntrack timeout icmp 1'.
Sep 05 14:44:59.037390 osdx OSDxCLI[195996]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 192.168.100.1/24'.
Sep 05 14:44:59.132959 osdx OSDxCLI[195996]: User 'admin' added a new cfg line: 'set system conntrack logging events all'.
Sep 05 14:44:59.206066 osdx OSDxCLI[195996]: User 'admin' added a new cfg line: 'show working'.
Sep 05 14:44:59.296488 osdx ubnt-cfgd[213802]: inactive
Sep 05 14:44:59.316241 osdx INFO[213810]: FRR daemons did not change
Sep 05 14:44:59.458415 osdx kernel: app-detect: module init
Sep 05 14:44:59.458470 osdx kernel: app-detect: registered: sysctl net.appdetect
Sep 05 14:44:59.458480 osdx kernel: app-detect: expression init
Sep 05 14:44:59.458488 osdx kernel: app-detect: appid cache initialized
Sep 05 14:44:59.458496 osdx kernel: app-detect: appid cache changes counter initialized
Sep 05 14:44:59.462015 osdx modulelauncher[213813]: AppDetect: no change in application dictionaries, thus nothing more to do
Sep 05 14:44:59.486419 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0
Sep 05 14:44:59.544642 osdx sudo[213921]: pam_limits(sudo:session): invalid line '@200:215        hard        maxlogins        ' - skipped
Sep 05 14:44:59.582787 osdx systemd[1]: Starting ulogd2.service - Netfilter Userspace Logging Daemon...
Sep 05 14:44:59.583702 osdx systemd[1]: ulogd2.service: Failed to parse PID from file /run/ulog/ulogd.pid: Invalid argument
Sep 05 14:44:59.584327 osdx ulogd[213924]: registering plugin `NFCT'
Sep 05 14:44:59.584542 osdx ulogd[213924]: registering plugin `IP2STR'
Sep 05 14:44:59.584614 osdx ulogd[213924]: registering plugin `PRINTFLOW'
Sep 05 14:44:59.584698 osdx ulogd[213924]: registering plugin `SYSLOG'
Sep 05 14:44:59.584731 osdx ulogd[213924]: building new pluginstance stack: 'ct1:NFCT,ip2str1:IP2STR,print1:PRINTFLOW,sys1:SYSLOG'
Sep 05 14:44:59.584808 osdx ulogd[213924]: NFCT plugin working in event mode
Sep 05 14:44:59.584841 osdx ulogd[213924]: Changing UID / GID
Sep 05 14:44:59.584946 osdx ulogd[213924]: initialization finished, entering main loop
Sep 05 14:44:59.598503 osdx systemd[1]: Started ulogd2.service - Netfilter Userspace Logging Daemon.
Sep 05 14:44:59.599873 osdx cfgd[1463]: [195996]Completed change to active configuration
Sep 05 14:44:59.612000 osdx OSDxCLI[195996]: User 'admin' committed the configuration.
Sep 05 14:44:59.638323 osdx OSDxCLI[195996]: User 'admin' left the configuration menu.
Sep 05 14:45:00.404301 osdx ulogd[213924]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1]
Sep 05 14:45:00.404318 osdx ulogd[213924]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1]
Sep 05 14:45:00.479064 osdx ulogd[213924]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1]
Sep 05 14:45:00.479082 osdx ulogd[213924]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1]
Sep 05 14:45:01.506475 osdx ulogd[213924]: [DESTROY] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 APPDETECT[L3:1]
Sep 05 14:45:01.506499 osdx ulogd[213924]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1]
Sep 05 14:45:01.506516 osdx ulogd[213924]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1]
Sep 05 14:45:01.602369 osdx CRON[213950]: pam_limits(cron:session): invalid line '@200:215        hard        maxlogins        ' - skipped
Sep 05 14:45:02.530435 osdx ulogd[213924]: [DESTROY] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 APPDETECT[L3:1]
Sep 05 14:45:02.530453 osdx ulogd[213924]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1]
Sep 05 14:45:02.530465 osdx ulogd[213924]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1]
Sep 05 14:45:02.639947 osdx OSDxCLI[195996]: User 'admin' executed a new command: 'system journal show | cat'.

Step 7: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:

ulogd\[.*\]:.*\[DESTROY\].*APPDETECT\[L3:1\]

Show output

Sep 05 14:44:58.311623 osdx systemd-journald[132215]: Runtime Journal (/run/log/journal/277fa7f754984f629482974adff2eda9) is 2.0M, max 13.8M, 11.7M free.
Sep 05 14:44:58.314410 osdx systemd-journald[132215]: Received client request to rotate journal, rotating.
Sep 05 14:44:58.314463 osdx systemd-journald[132215]: Vacuuming done, freed 0B of archived journals from /run/log/journal/277fa7f754984f629482974adff2eda9.
Sep 05 14:44:58.315735 osdx sudo[213775]: pam_limits(sudo:session): invalid line '@200:215        hard        maxlogins        ' - skipped
Sep 05 14:44:58.322338 osdx OSDxCLI[195996]: User 'admin' executed a new command: 'system journal clear'.
Sep 05 14:44:58.546997 osdx OSDxCLI[195996]: User 'admin' executed a new command: 'system coredump delete all'.
Sep 05 14:44:58.790675 osdx OSDxCLI[195996]: User 'admin' entered the configuration menu.
Sep 05 14:44:58.856015 osdx OSDxCLI[195996]: User 'admin' added a new cfg line: 'set system conntrack app-detect'.
Sep 05 14:44:58.955053 osdx OSDxCLI[195996]: User 'admin' added a new cfg line: 'set system conntrack timeout icmp 1'.
Sep 05 14:44:59.037390 osdx OSDxCLI[195996]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 192.168.100.1/24'.
Sep 05 14:44:59.132959 osdx OSDxCLI[195996]: User 'admin' added a new cfg line: 'set system conntrack logging events all'.
Sep 05 14:44:59.206066 osdx OSDxCLI[195996]: User 'admin' added a new cfg line: 'show working'.
Sep 05 14:44:59.296488 osdx ubnt-cfgd[213802]: inactive
Sep 05 14:44:59.316241 osdx INFO[213810]: FRR daemons did not change
Sep 05 14:44:59.458415 osdx kernel: app-detect: module init
Sep 05 14:44:59.458470 osdx kernel: app-detect: registered: sysctl net.appdetect
Sep 05 14:44:59.458480 osdx kernel: app-detect: expression init
Sep 05 14:44:59.458488 osdx kernel: app-detect: appid cache initialized
Sep 05 14:44:59.458496 osdx kernel: app-detect: appid cache changes counter initialized
Sep 05 14:44:59.462015 osdx modulelauncher[213813]: AppDetect: no change in application dictionaries, thus nothing more to do
Sep 05 14:44:59.486419 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0
Sep 05 14:44:59.544642 osdx sudo[213921]: pam_limits(sudo:session): invalid line '@200:215        hard        maxlogins        ' - skipped
Sep 05 14:44:59.582787 osdx systemd[1]: Starting ulogd2.service - Netfilter Userspace Logging Daemon...
Sep 05 14:44:59.583702 osdx systemd[1]: ulogd2.service: Failed to parse PID from file /run/ulog/ulogd.pid: Invalid argument
Sep 05 14:44:59.584327 osdx ulogd[213924]: registering plugin `NFCT'
Sep 05 14:44:59.584542 osdx ulogd[213924]: registering plugin `IP2STR'
Sep 05 14:44:59.584614 osdx ulogd[213924]: registering plugin `PRINTFLOW'
Sep 05 14:44:59.584698 osdx ulogd[213924]: registering plugin `SYSLOG'
Sep 05 14:44:59.584731 osdx ulogd[213924]: building new pluginstance stack: 'ct1:NFCT,ip2str1:IP2STR,print1:PRINTFLOW,sys1:SYSLOG'
Sep 05 14:44:59.584808 osdx ulogd[213924]: NFCT plugin working in event mode
Sep 05 14:44:59.584841 osdx ulogd[213924]: Changing UID / GID
Sep 05 14:44:59.584946 osdx ulogd[213924]: initialization finished, entering main loop
Sep 05 14:44:59.598503 osdx systemd[1]: Started ulogd2.service - Netfilter Userspace Logging Daemon.
Sep 05 14:44:59.599873 osdx cfgd[1463]: [195996]Completed change to active configuration
Sep 05 14:44:59.612000 osdx OSDxCLI[195996]: User 'admin' committed the configuration.
Sep 05 14:44:59.638323 osdx OSDxCLI[195996]: User 'admin' left the configuration menu.
Sep 05 14:45:00.404301 osdx ulogd[213924]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1]
Sep 05 14:45:00.404318 osdx ulogd[213924]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1]
Sep 05 14:45:00.479064 osdx ulogd[213924]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1]
Sep 05 14:45:00.479082 osdx ulogd[213924]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1]
Sep 05 14:45:01.506475 osdx ulogd[213924]: [DESTROY] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 APPDETECT[L3:1]
Sep 05 14:45:01.506499 osdx ulogd[213924]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1]
Sep 05 14:45:01.506516 osdx ulogd[213924]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1]
Sep 05 14:45:01.602369 osdx CRON[213950]: pam_limits(cron:session): invalid line '@200:215        hard        maxlogins        ' - skipped
Sep 05 14:45:02.530435 osdx ulogd[213924]: [DESTROY] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 APPDETECT[L3:1]
Sep 05 14:45:02.530453 osdx ulogd[213924]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1]
Sep 05 14:45:02.530465 osdx ulogd[213924]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1]
Sep 05 14:45:02.639947 osdx OSDxCLI[195996]: User 'admin' executed a new command: 'system journal show | cat'.
Sep 05 14:45:02.754487 osdx OSDxCLI[195996]: User 'admin' executed a new command: 'system journal show | cat'.

Step 8: Modify the following configuration lines in DUT0 :

set interfaces ethernet eth1 address 10.215.168.64/24
set system conntrack app-detect http-host

Step 9: Ping IP address 10.215.168.1 from DUT0:

admin@DUT0$ ping 10.215.168.1 count 1 size 56 timeout 1

Show output

PING 10.215.168.1 (10.215.168.1) 56(84) bytes of data.
64 bytes from 10.215.168.1: icmp_seq=1 ttl=64 time=0.333 ms

--- 10.215.168.1 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 0.333/0.333/0.333/0.000 ms

Step 10: Run command file copy http://10.215.168.1/~robot/ running://index.html at DUT0 and expect this output:

Show output

  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100  4586    0  4586    0     0   724k      0 --:--:-- --:--:-- --:--:--  746k

Step 11: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:

ulogd\[.*\]:.*\[((NEW)|(UPDATE)|(DESTROY))\].*APPDETECT\[L4:80 http-host:10.215.168.1\]

Show output

Sep 05 14:44:58.311623 osdx systemd-journald[132215]: Runtime Journal (/run/log/journal/277fa7f754984f629482974adff2eda9) is 2.0M, max 13.8M, 11.7M free.
Sep 05 14:44:58.314410 osdx systemd-journald[132215]: Received client request to rotate journal, rotating.
Sep 05 14:44:58.314463 osdx systemd-journald[132215]: Vacuuming done, freed 0B of archived journals from /run/log/journal/277fa7f754984f629482974adff2eda9.
Sep 05 14:44:58.315735 osdx sudo[213775]: pam_limits(sudo:session): invalid line '@200:215        hard        maxlogins        ' - skipped
Sep 05 14:44:58.322338 osdx OSDxCLI[195996]: User 'admin' executed a new command: 'system journal clear'.
Sep 05 14:44:58.546997 osdx OSDxCLI[195996]: User 'admin' executed a new command: 'system coredump delete all'.
Sep 05 14:44:58.790675 osdx OSDxCLI[195996]: User 'admin' entered the configuration menu.
Sep 05 14:44:58.856015 osdx OSDxCLI[195996]: User 'admin' added a new cfg line: 'set system conntrack app-detect'.
Sep 05 14:44:58.955053 osdx OSDxCLI[195996]: User 'admin' added a new cfg line: 'set system conntrack timeout icmp 1'.
Sep 05 14:44:59.037390 osdx OSDxCLI[195996]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 192.168.100.1/24'.
Sep 05 14:44:59.132959 osdx OSDxCLI[195996]: User 'admin' added a new cfg line: 'set system conntrack logging events all'.
Sep 05 14:44:59.206066 osdx OSDxCLI[195996]: User 'admin' added a new cfg line: 'show working'.
Sep 05 14:44:59.296488 osdx ubnt-cfgd[213802]: inactive
Sep 05 14:44:59.316241 osdx INFO[213810]: FRR daemons did not change
Sep 05 14:44:59.458415 osdx kernel: app-detect: module init
Sep 05 14:44:59.458470 osdx kernel: app-detect: registered: sysctl net.appdetect
Sep 05 14:44:59.458480 osdx kernel: app-detect: expression init
Sep 05 14:44:59.458488 osdx kernel: app-detect: appid cache initialized
Sep 05 14:44:59.458496 osdx kernel: app-detect: appid cache changes counter initialized
Sep 05 14:44:59.462015 osdx modulelauncher[213813]: AppDetect: no change in application dictionaries, thus nothing more to do
Sep 05 14:44:59.486419 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0
Sep 05 14:44:59.544642 osdx sudo[213921]: pam_limits(sudo:session): invalid line '@200:215        hard        maxlogins        ' - skipped
Sep 05 14:44:59.582787 osdx systemd[1]: Starting ulogd2.service - Netfilter Userspace Logging Daemon...
Sep 05 14:44:59.583702 osdx systemd[1]: ulogd2.service: Failed to parse PID from file /run/ulog/ulogd.pid: Invalid argument
Sep 05 14:44:59.584327 osdx ulogd[213924]: registering plugin `NFCT'
Sep 05 14:44:59.584542 osdx ulogd[213924]: registering plugin `IP2STR'
Sep 05 14:44:59.584614 osdx ulogd[213924]: registering plugin `PRINTFLOW'
Sep 05 14:44:59.584698 osdx ulogd[213924]: registering plugin `SYSLOG'
Sep 05 14:44:59.584731 osdx ulogd[213924]: building new pluginstance stack: 'ct1:NFCT,ip2str1:IP2STR,print1:PRINTFLOW,sys1:SYSLOG'
Sep 05 14:44:59.584808 osdx ulogd[213924]: NFCT plugin working in event mode
Sep 05 14:44:59.584841 osdx ulogd[213924]: Changing UID / GID
Sep 05 14:44:59.584946 osdx ulogd[213924]: initialization finished, entering main loop
Sep 05 14:44:59.598503 osdx systemd[1]: Started ulogd2.service - Netfilter Userspace Logging Daemon.
Sep 05 14:44:59.599873 osdx cfgd[1463]: [195996]Completed change to active configuration
Sep 05 14:44:59.612000 osdx OSDxCLI[195996]: User 'admin' committed the configuration.
Sep 05 14:44:59.638323 osdx OSDxCLI[195996]: User 'admin' left the configuration menu.
Sep 05 14:45:00.404301 osdx ulogd[213924]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1]
Sep 05 14:45:00.404318 osdx ulogd[213924]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1]
Sep 05 14:45:00.479064 osdx ulogd[213924]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1]
Sep 05 14:45:00.479082 osdx ulogd[213924]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1]
Sep 05 14:45:01.506475 osdx ulogd[213924]: [DESTROY] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 APPDETECT[L3:1]
Sep 05 14:45:01.506499 osdx ulogd[213924]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1]
Sep 05 14:45:01.506516 osdx ulogd[213924]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1]
Sep 05 14:45:01.602369 osdx CRON[213950]: pam_limits(cron:session): invalid line '@200:215        hard        maxlogins        ' - skipped
Sep 05 14:45:02.530435 osdx ulogd[213924]: [DESTROY] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 APPDETECT[L3:1]
Sep 05 14:45:02.530453 osdx ulogd[213924]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1]
Sep 05 14:45:02.530465 osdx ulogd[213924]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1]
Sep 05 14:45:02.639947 osdx OSDxCLI[195996]: User 'admin' executed a new command: 'system journal show | cat'.
Sep 05 14:45:02.754487 osdx OSDxCLI[195996]: User 'admin' executed a new command: 'system journal show | cat'.
Sep 05 14:45:02.935682 osdx OSDxCLI[195996]: User 'admin' executed a new command: 'system journal show | cat'.
Sep 05 14:45:03.109861 osdx OSDxCLI[195996]: User 'admin' entered the configuration menu.
Sep 05 14:45:03.190208 osdx OSDxCLI[195996]: User 'admin' added a new cfg line: 'set interfaces ethernet eth1 address 10.215.168.64/24'.
Sep 05 14:45:03.278670 osdx OSDxCLI[195996]: User 'admin' added a new cfg line: 'set system conntrack app-detect http-host'.
Sep 05 14:45:03.343081 osdx OSDxCLI[195996]: User 'admin' added a new cfg line: 'show changes'.
Sep 05 14:45:03.481989 osdx ubnt-cfgd[213978]: inactive
Sep 05 14:45:03.508026 osdx INFO[213986]: FRR daemons did not change
Sep 05 14:45:03.538449 osdx kernel: app-detect: expression destroy
Sep 05 14:45:03.546432 osdx kernel: app-detect: expression init
Sep 05 14:45:03.546474 osdx kernel: app-detect: appid cache initialized
Sep 05 14:45:03.546486 osdx kernel: app-detect: appid cache changes counter initialized
Sep 05 14:45:03.550543 osdx modulelauncher[213989]: AppDetect: no change in application dictionaries, thus nothing more to do
Sep 05 14:45:03.570414 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth1
Sep 05 14:45:03.619616 osdx cfgd[1463]: [195996]Completed change to active configuration
Sep 05 14:45:03.630812 osdx ulogd[213924]: [DESTROY] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 APPDETECT[L3:1]
Sep 05 14:45:03.630851 osdx ulogd[213924]: [DESTROY] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 APPDETECT[L3:1]
Sep 05 14:45:03.631613 osdx OSDxCLI[195996]: User 'admin' committed the configuration.
Sep 05 14:45:03.662140 osdx OSDxCLI[195996]: User 'admin' left the configuration menu.
Sep 05 14:45:03.800573 osdx ulogd[213924]: [NEW] ORIG: SRC=10.215.168.64 DST=10.215.168.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=10.215.168.1 DST=10.215.168.64 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1]
Sep 05 14:45:03.800888 osdx ulogd[213924]: [UPDATE] ORIG: SRC=10.215.168.64 DST=10.215.168.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=10.215.168.1 DST=10.215.168.64 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1]
Sep 05 14:45:03.802148 osdx OSDxCLI[195996]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'.
Sep 05 14:45:03.869821 osdx sudo[214113]: pam_limits(sudo:session): invalid line '@200:215        hard        maxlogins        ' - skipped
Sep 05 14:45:03.933879 osdx file_operation[214116]: using src url: http://10.215.168.1/~robot/ dst url: running://index.html
Sep 05 14:45:03.940170 osdx ulogd[213924]: [NEW] ORIG: SRC=10.215.168.64 DST=10.215.168.1 PROTO=TCP SPT=39448 DPT=80 PKTS=0 BYTES=0 , REPLY: SRC=10.215.168.1 DST=10.215.168.64 PROTO=TCP SPT=80 DPT=39448 PKTS=0 BYTES=0 APPDETECT[L4:80]
Sep 05 14:45:03.940294 osdx ulogd[213924]: [UPDATE] ORIG: SRC=10.215.168.64 DST=10.215.168.1 PROTO=TCP SPT=39448 DPT=80 PKTS=0 BYTES=0 , REPLY: SRC=10.215.168.1 DST=10.215.168.64 PROTO=TCP SPT=80 DPT=39448 PKTS=0 BYTES=0 APPDETECT[L4:80]
Sep 05 14:45:03.940308 osdx ulogd[213924]: [UPDATE] ORIG: SRC=10.215.168.64 DST=10.215.168.1 PROTO=TCP SPT=39448 DPT=80 PKTS=0 BYTES=0 , REPLY: SRC=10.215.168.1 DST=10.215.168.64 PROTO=TCP SPT=80 DPT=39448 PKTS=0 BYTES=0 APPDETECT[L4:80]
Sep 05 14:45:03.942551 osdx ulogd[213924]: [UPDATE] ORIG: SRC=10.215.168.64 DST=10.215.168.1 PROTO=TCP SPT=39448 DPT=80 PKTS=0 BYTES=0 , REPLY: SRC=10.215.168.1 DST=10.215.168.64 PROTO=TCP SPT=80 DPT=39448 PKTS=0 BYTES=0 APPDETECT[L4:80 http-host:10.215.168.1]
Sep 05 14:45:03.942646 osdx ulogd[213924]: [UPDATE] ORIG: SRC=10.215.168.64 DST=10.215.168.1 PROTO=TCP SPT=39448 DPT=80 PKTS=0 BYTES=0 , REPLY: SRC=10.215.168.1 DST=10.215.168.64 PROTO=TCP SPT=80 DPT=39448 PKTS=0 BYTES=0 APPDETECT[L4:80 http-host:10.215.168.1]
Sep 05 14:45:03.942662 osdx ulogd[213924]: [UPDATE] ORIG: SRC=10.215.168.64 DST=10.215.168.1 PROTO=TCP SPT=39448 DPT=80 PKTS=0 BYTES=0 , REPLY: SRC=10.215.168.1 DST=10.215.168.64 PROTO=TCP SPT=80 DPT=39448 PKTS=0 BYTES=0 APPDETECT[L4:80 http-host:10.215.168.1]
Sep 05 14:45:03.958573 osdx sudo[214123]: pam_limits(sudo:session): invalid line '@200:215        hard        maxlogins        ' - skipped
Sep 05 14:45:03.960439 osdx OSDxCLI[195996]: User 'admin' executed a new command: 'file copy http://10.215.168.1/~robot/ running://index.html'.

---

App Detect Drop Packet

Description

Set a traffic policy with action drop for all the packets matching an appid specified by a traffic selector. Enable http-host and http-url option in system conntrack appdetect path in order to see relevant information about http packets. Finnally, log that packets with app-id option and check that appdetect field appear in journal when running system journal show

Scenario

Step 1: Set the following configuration in DUT0 :

set interfaces ethernet eth1 address 10.215.168.64/24
set interfaces ethernet eth1 traffic policy out DROP
set system conntrack app-detect dictionary 130 custom app-id 155 fqdn 10.215.168.1
set system conntrack app-detect enable_dict_match_priv_ip
set system conntrack app-detect http-host
set system conntrack app-detect http-url
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
set traffic policy DROP rule 1 action drop
set traffic policy DROP rule 1 log app-id
set traffic policy DROP rule 1 selector APPID
set traffic selector APPID rule 1 app-id custom 155

Step 2: Ping IP address 10.215.168.1 from DUT0:

admin@DUT0$ ping 10.215.168.1 count 1 size 56 timeout 1

Show output

PING 10.215.168.1 (10.215.168.1) 56(84) bytes of data.
64 bytes from 10.215.168.1: icmp_seq=1 ttl=64 time=0.223 ms

--- 10.215.168.1 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 0.223/0.223/0.223/0.000 ms

Step 3: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:

osdx kernel:.*APPDETECT\[U:155 http-url:/~robot/ http-host:10.215.168.1\]

Show output

Sep 05 14:45:08.000186 osdx systemd-timedated[207418]: Changed local time to Fri 2025-09-05 14:45:08 UTC
Sep 05 14:45:08.001386 osdx OSDxCLI[195996]: User 'admin' executed a new command: 'set date 2025-09-05 14:45:08'.
Sep 05 14:45:08.001751 osdx systemd-journald[132215]: Time jumped backwards, rotating.
Sep 05 14:45:08.320372 osdx sudo[214305]: pam_limits(sudo:session): invalid line '@200:215        hard        maxlogins        ' - skipped
Sep 05 14:45:08.323641 osdx systemd-journald[132215]: Runtime Journal (/run/log/journal/277fa7f754984f629482974adff2eda9) is 1.8M, max 13.8M, 11.9M free.
Sep 05 14:45:08.325759 osdx systemd-journald[132215]: Received client request to rotate journal, rotating.
Sep 05 14:45:08.325819 osdx systemd-journald[132215]: Vacuuming done, freed 0B of archived journals from /run/log/journal/277fa7f754984f629482974adff2eda9.
Sep 05 14:45:08.327581 osdx sudo[214304]: pam_limits(sudo:session): invalid line '@200:215        hard        maxlogins        ' - skipped
Sep 05 14:45:08.333395 osdx OSDxCLI[195996]: User 'admin' executed a new command: 'system journal clear'.
Sep 05 14:45:08.552501 osdx OSDxCLI[195996]: User 'admin' executed a new command: 'system coredump delete all'.
Sep 05 14:45:08.767179 osdx OSDxCLI[195996]: User 'admin' entered the configuration menu.
Sep 05 14:45:08.832311 osdx OSDxCLI[195996]: User 'admin' added a new cfg line: 'set system conntrack app-detect dictionary 130 custom app-id 155 fqdn 10.215.168.1'.
Sep 05 14:45:08.928024 osdx OSDxCLI[195996]: User 'admin' added a new cfg line: 'set system conntrack app-detect enable_dict_match_priv_ip'.
Sep 05 14:45:08.984951 osdx OSDxCLI[195996]: User 'admin' added a new cfg line: 'set system conntrack app-detect http-url'.
Sep 05 14:45:09.088051 osdx OSDxCLI[195996]: User 'admin' added a new cfg line: 'set traffic selector APPID rule 1 app-id custom 155'.
Sep 05 14:45:09.141765 osdx OSDxCLI[195996]: User 'admin' added a new cfg line: 'set traffic policy DROP rule 1 selector APPID'.
Sep 05 14:45:09.238256 osdx OSDxCLI[195996]: User 'admin' added a new cfg line: 'set traffic policy DROP rule 1 action drop'.
Sep 05 14:45:09.302123 osdx OSDxCLI[195996]: User 'admin' added a new cfg line: 'set traffic policy DROP rule 1 log app-id'.
Sep 05 14:45:09.417474 osdx OSDxCLI[195996]: User 'admin' added a new cfg line: 'set interfaces ethernet eth1 traffic policy out DROP'.
Sep 05 14:45:09.471061 osdx OSDxCLI[195996]: User 'admin' added a new cfg line: 'set interfaces ethernet eth1 address 10.215.168.64/24'.
Sep 05 14:45:09.566702 osdx OSDxCLI[195996]: User 'admin' added a new cfg line: 'set system conntrack app-detect http-host'.
Sep 05 14:45:09.644325 osdx OSDxCLI[195996]: User 'admin' added a new cfg line: 'show working'.
Sep 05 14:45:09.728096 osdx ubnt-cfgd[214337]: inactive
Sep 05 14:45:09.766517 osdx INFO[214359]: FRR daemons did not change
Sep 05 14:45:09.937760 osdx kernel: app-detect: module init
Sep 05 14:45:09.937819 osdx kernel: app-detect: registered: sysctl net.appdetect
Sep 05 14:45:09.937832 osdx kernel: app-detect: expression init
Sep 05 14:45:09.937844 osdx kernel: app-detect: appid cache initialized
Sep 05 14:45:09.937855 osdx kernel: app-detect: appid cache changes counter initialized
Sep 05 14:45:09.951696 osdx sudo[214388]: pam_limits(sudo:session): invalid line '@200:215        hard        maxlogins        ' - skipped
Sep 05 14:45:09.973761 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth1
Sep 05 14:45:10.202789 osdx cfgd[1463]: [195996]Completed change to active configuration
Sep 05 14:45:10.214062 osdx OSDxCLI[195996]: User 'admin' committed the configuration.
Sep 05 14:45:10.232446 osdx OSDxCLI[195996]: User 'admin' left the configuration menu.
Sep 05 14:45:10.374095 osdx OSDxCLI[195996]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'.
Sep 05 14:45:10.434547 osdx sudo[214524]: pam_limits(sudo:session): invalid line '@200:215        hard        maxlogins        ' - skipped
Sep 05 14:45:10.495718 osdx file_operation[214527]: using src url: http://10.215.168.1/~robot/ dst url: running://index.html
Sep 05 14:45:10.501758 osdx kernel: [DROP-1] DROP IN= OUT=eth1 SRC=10.215.168.64 DST=10.215.168.1 LEN=306 TOS=0x00 PREC=0x00 TTL=64 ID=31847 DF PROTO=TCP SPT=47290 DPT=80 WINDOW=502 RES=0x00 ACK PSH URGP=0 APPDETECT[U:155 http-url:/~robot/ http-host:10.215.168.1]
Sep 05 14:45:10.705801 osdx kernel: [DROP-1] DROP IN= OUT=eth1 SRC=10.215.168.64 DST=10.215.168.1 LEN=306 TOS=0x00 PREC=0x00 TTL=64 ID=31848 DF PROTO=TCP SPT=47290 DPT=80 WINDOW=502 RES=0x00 ACK PSH URGP=0 APPDETECT[U:155 http-url:/~robot/ http-host:10.215.168.1]
Sep 05 14:45:11.105824 osdx kernel: [DROP-1] DROP IN= OUT=eth1 SRC=10.215.168.64 DST=10.215.168.1 LEN=306 TOS=0x00 PREC=0x00 TTL=64 ID=31849 DF PROTO=TCP SPT=47290 DPT=80 WINDOW=502 RES=0x00 ACK PSH URGP=0 APPDETECT[U:155 http-url:/~robot/ http-host:10.215.168.1]
Sep 05 14:45:11.937804 osdx kernel: [DROP-1] DROP IN= OUT=eth1 SRC=10.215.168.64 DST=10.215.168.1 LEN=306 TOS=0x00 PREC=0x00 TTL=64 ID=31850 DF PROTO=TCP SPT=47290 DPT=80 WINDOW=502 RES=0x00 ACK PSH URGP=0 APPDETECT[U:155 http-url:/~robot/ http-host:10.215.168.1]
Sep 05 14:45:13.504028 osdx file_operation.py[214527]: Operation aborted by user.
Sep 05 14:45:13.513752 osdx kernel: [DROP-1] DROP IN= OUT=eth1 SRC=10.215.168.64 DST=10.215.168.1 LEN=306 TOS=0x00 PREC=0x00 TTL=64 ID=31851 DF PROTO=TCP SPT=47290 DPT=80 WINDOW=502 RES=0x00 ACK PSH FIN URGP=0 APPDETECT[U:155 http-url:/~robot/ http-host:10.215.168.1]
Sep 05 14:45:13.516343 osdx sudo[214532]: pam_limits(sudo:session): invalid line '@200:215        hard        maxlogins        ' - skipped
Sep 05 14:45:13.518171 osdx OSDxCLI[195996]: User 'admin' executed a new command: 'file copy http://10.215.168.1/~robot/ running://index.html'.
Sep 05 14:45:13.573759 osdx kernel: [DROP-1] DROP IN= OUT=eth1 SRC=10.215.168.64 DST=10.215.168.1 LEN=306 TOS=0x00 PREC=0x00 TTL=64 ID=31852 DF PROTO=TCP SPT=47290 DPT=80 WINDOW=502 RES=0x00 ACK PSH FIN URGP=0 APPDETECT[U:155 http-url:/~robot/ http-host:10.215.168.1]

---

Identity Values

Description

Conntrack identity is able to contain any printed character but not spaces

Scenario

Step 1: Run command configure at DUT0 and expect this output: Step 2: Run command set system conntrack logging identity "he||o w@rld!" at DUT0 and check if output contains the following tokens:

Identity name must be 92 characters or less and must contain printable characters except those defined as part of the space character class

Show output

Identity name must be 92 characters or less and must contain printable characters except those defined as part of the space character class
Value validation failed
CLI Error: Command error

Step 3: Set the following configuration in DUT0 :

set interfaces ethernet eth0 address 192.168.100.1/24
set system conntrack logging events all
set system conntrack logging identity 'he||o-w@rld!'
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'

Step 4: Set the following configuration in DUT1 :

set interfaces ethernet eth0 address 192.168.100.2/24
set protocols static route 0.0.0.0/0 next-hop 192.168.100.1
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'

Step 5: Ping IP address 192.168.100.1 from DUT1:

admin@DUT1$ ping 192.168.100.1 count 1 size 56 timeout 1

Show output

PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data.
64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.334 ms

--- 192.168.100.1 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 0.334/0.334/0.334/0.000 ms

Step 6: Ping IP address 192.168.100.1 from DUT1:

admin@DUT1$ ping 192.168.100.1 count 1 size 56 timeout 1

Show output

PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data.
64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.290 ms

--- 192.168.100.1 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 0.290/0.290/0.290/0.000 ms

Step 7: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:

he||o-w@rld!\[.*\]:.*\[((NEW)|(UPDATE)|(DESTROY))\].*SRC=192.168.100.2

Show output

Sep 05 14:45:18.318764 osdx systemd-journald[132215]: Runtime Journal (/run/log/journal/277fa7f754984f629482974adff2eda9) is 1.9M, max 13.8M, 11.8M free.
Sep 05 14:45:18.321189 osdx systemd-journald[132215]: Received client request to rotate journal, rotating.
Sep 05 14:45:18.321240 osdx systemd-journald[132215]: Vacuuming done, freed 0B of archived journals from /run/log/journal/277fa7f754984f629482974adff2eda9.
Sep 05 14:45:18.322685 osdx sudo[214689]: pam_limits(sudo:session): invalid line '@200:215        hard        maxlogins        ' - skipped
Sep 05 14:45:18.328918 osdx OSDxCLI[195996]: User 'admin' executed a new command: 'system journal clear'.
Sep 05 14:45:18.552697 osdx OSDxCLI[195996]: User 'admin' executed a new command: 'system coredump delete all'.
Sep 05 14:45:18.813698 osdx OSDxCLI[195996]: User 'admin' entered the configuration menu.
Sep 05 14:45:18.907229 osdx cfgd[1463]: [195996]Command output:
                                        Identity name must be 92 characters or less and must contain printable characters except those defined as part of the space character class
                                        Value validation failed
Sep 05 14:45:18.908695 osdx OSDxCLI[195996]: User 'admin' entered an invalid command: 'set system conntrack logging identity "he||o w@rld!"'.
Sep 05 14:45:18.938596 osdx OSDxCLI[195996]: User 'admin' left the configuration menu.
Sep 05 14:45:19.113040 osdx OSDxCLI[195996]: User 'admin' entered the configuration menu.
Sep 05 14:45:19.194248 osdx OSDxCLI[195996]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 192.168.100.1/24'.
Sep 05 14:45:19.288164 osdx OSDxCLI[195996]: User 'admin' added a new cfg line: 'set system conntrack logging events all'.
Sep 05 14:45:19.360282 osdx OSDxCLI[195996]: User 'admin' added a new cfg line: 'set system conntrack logging identity he||o-w@rld!'.
Sep 05 14:45:19.475839 osdx OSDxCLI[195996]: User 'admin' added a new cfg line: 'show working'.
Sep 05 14:45:19.536676 osdx ubnt-cfgd[214718]: inactive
Sep 05 14:45:19.560838 osdx INFO[214726]: FRR daemons did not change
Sep 05 14:45:19.585186 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0
Sep 05 14:45:19.644078 osdx sudo[214814]: pam_limits(sudo:session): invalid line '@200:215        hard        maxlogins        ' - skipped
Sep 05 14:45:19.681705 osdx systemd[1]: Starting ulogd2.service - Netfilter Userspace Logging Daemon...
Sep 05 14:45:19.683757 osdx systemd[1]: Started ulogd2.service - Netfilter Userspace Logging Daemon.
Sep 05 14:45:19.684505 osdx ulogd[214817]: registering plugin `NFCT'
Sep 05 14:45:19.684868 osdx ulogd[214817]: registering plugin `IP2STR'
Sep 05 14:45:19.685005 osdx ulogd[214817]: registering plugin `PRINTFLOW'
Sep 05 14:45:19.685132 osdx ulogd[214817]: registering plugin `SYSLOG'
Sep 05 14:45:19.685207 osdx ulogd[214817]: building new pluginstance stack: 'ct1:NFCT,ip2str1:IP2STR,print1:PRINTFLOW,sys1:SYSLOG'
Sep 05 14:45:19.685332 osdx ulogd[214817]: NFCT plugin working in event mode
Sep 05 14:45:19.685394 osdx he||o-w@rld![214817]: Changing UID / GID
Sep 05 14:45:19.685609 osdx cfgd[1463]: [195996]Completed change to active configuration
Sep 05 14:45:19.685749 osdx he||o-w@rld![214817]: initialization finished, entering main loop
Sep 05 14:45:19.703283 osdx OSDxCLI[195996]: User 'admin' committed the configuration.
Sep 05 14:45:19.730712 osdx OSDxCLI[195996]: User 'admin' left the configuration menu.
Sep 05 14:45:20.597194 osdx he||o-w@rld![214817]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0
Sep 05 14:45:20.597211 osdx he||o-w@rld![214817]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0
Sep 05 14:45:20.679757 osdx he||o-w@rld![214817]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0
Sep 05 14:45:20.679776 osdx he||o-w@rld![214817]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0

---