Logging
The following scenarios show how to configure the conntrack logging option with different traffic policies and services enabled, in order to check that all fields are displayed correctly and all events are captured.
New events
Description
Check NEW sessions events are captured
Scenario
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 192.168.100.1/24 set system conntrack logging events new set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 2: Set the following configuration in DUT1 :
set interfaces ethernet eth0 address 192.168.100.2/24 set protocols static route 0.0.0.0/0 next-hop 192.168.100.1 set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 3: Ping IP address 192.168.100.1 from DUT1:
admin@DUT1$ ping 192.168.100.1 count 1 size 56 timeout 1Show output
PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data. 64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.360 ms --- 192.168.100.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.360/0.360/0.360/0.000 ms
Step 4: Ping IP address 192.168.100.1 from DUT1:
admin@DUT1$ ping 192.168.100.1 count 1 size 56 timeout 1Show output
PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data. 64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.215 ms --- 192.168.100.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.215/0.215/0.215/0.000 ms
Step 5: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
ulogd\[.*\]:.*\[NEW\].*SRC=192.168.100.2Show output
Oct 20 15:25:56.312521 osdx systemd-journald[222010]: Runtime Journal (/run/log/journal/82a9756ca47e4d589aa55e1b1a6b94de) is 1.8M, max 13.8M, 11.9M free. Oct 20 15:25:56.313295 osdx systemd-journald[222010]: Received client request to rotate journal, rotating. Oct 20 15:25:56.313333 osdx systemd-journald[222010]: Vacuuming done, freed 0B of archived journals from /run/log/journal/82a9756ca47e4d589aa55e1b1a6b94de. Oct 20 15:25:56.322316 osdx OSDxCLI[223371]: User 'admin' executed a new command: 'system journal clear'. Oct 20 15:25:56.534335 osdx OSDxCLI[223371]: User 'admin' executed a new command: 'system coredump delete all'. Oct 20 15:25:56.765566 osdx OSDxCLI[223371]: User 'admin' entered the configuration menu. Oct 20 15:25:56.840481 osdx OSDxCLI[223371]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 192.168.100.1/24'. Oct 20 15:25:56.925380 osdx OSDxCLI[223371]: User 'admin' added a new cfg line: 'set system conntrack logging events new'. Oct 20 15:25:56.988470 osdx OSDxCLI[223371]: User 'admin' added a new cfg line: 'show working'. Oct 20 15:25:57.085312 osdx ubnt-cfgd[275937]: inactive Oct 20 15:25:57.105211 osdx INFO[275945]: FRR daemons did not change Oct 20 15:25:57.153304 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Oct 20 15:25:57.281538 osdx systemd[1]: Starting ulogd2.service - Netfilter Userspace Logging Daemon... Oct 20 15:25:57.284878 osdx systemd[1]: Started ulogd2.service - Netfilter Userspace Logging Daemon. Oct 20 15:25:57.286212 osdx cfgd[1655]: [223371]Completed change to active configuration Oct 20 15:25:57.287760 osdx ulogd[276036]: registering plugin `NFCT' Oct 20 15:25:57.288782 osdx ulogd[276036]: registering plugin `IP2STR' Oct 20 15:25:57.288880 osdx ulogd[276036]: registering plugin `PRINTFLOW' Oct 20 15:25:57.289908 osdx ulogd[276036]: registering plugin `SYSLOG' Oct 20 15:25:57.289946 osdx ulogd[276036]: building new pluginstance stack: 'ct1:NFCT,ip2str1:IP2STR,print1:PRINTFLOW,sys1:SYSLOG' Oct 20 15:25:57.290018 osdx ulogd[276036]: NFCT plugin working in event mode Oct 20 15:25:57.290048 osdx ulogd[276036]: Changing UID / GID Oct 20 15:25:57.290143 osdx ulogd[276036]: initialization finished, entering main loop Oct 20 15:25:57.297027 osdx OSDxCLI[223371]: User 'admin' committed the configuration. Oct 20 15:25:57.313340 osdx OSDxCLI[223371]: User 'admin' left the configuration menu. Oct 20 15:25:58.187666 osdx ulogd[276036]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 Oct 20 15:25:58.264430 osdx ulogd[276036]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0
Update events
Description
Check UPDATE sessions events are captured
Scenario
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 192.168.100.1/24 set system conntrack logging events update set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 2: Set the following configuration in DUT1 :
set interfaces ethernet eth0 address 192.168.100.2/24 set protocols static route 0.0.0.0/0 next-hop 192.168.100.1 set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 3: Ping IP address 192.168.100.1 from DUT1:
admin@DUT1$ ping 192.168.100.1 count 1 size 56 timeout 1Show output
PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data. 64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.386 ms --- 192.168.100.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.386/0.386/0.386/0.000 ms
Step 4: Ping IP address 192.168.100.1 from DUT1:
admin@DUT1$ ping 192.168.100.1 count 1 size 56 timeout 1Show output
PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data. 64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.225 ms --- 192.168.100.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.225/0.225/0.225/0.000 ms
Step 5: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
ulogd\[.*\]:.*\[UPDATE\].*SRC=192.168.100.2Show output
Oct 20 15:26:02.284391 osdx systemd-journald[222010]: Runtime Journal (/run/log/journal/82a9756ca47e4d589aa55e1b1a6b94de) is 1.8M, max 13.8M, 11.9M free. Oct 20 15:26:02.287713 osdx systemd-journald[222010]: Received client request to rotate journal, rotating. Oct 20 15:26:02.287764 osdx systemd-journald[222010]: Vacuuming done, freed 0B of archived journals from /run/log/journal/82a9756ca47e4d589aa55e1b1a6b94de. Oct 20 15:26:02.293899 osdx OSDxCLI[223371]: User 'admin' executed a new command: 'system journal clear'. Oct 20 15:26:02.513636 osdx OSDxCLI[223371]: User 'admin' executed a new command: 'system coredump delete all'. Oct 20 15:26:02.742609 osdx OSDxCLI[223371]: User 'admin' entered the configuration menu. Oct 20 15:26:02.818391 osdx OSDxCLI[223371]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 192.168.100.1/24'. Oct 20 15:26:02.901150 osdx OSDxCLI[223371]: User 'admin' added a new cfg line: 'set system conntrack logging events update'. Oct 20 15:26:02.966925 osdx OSDxCLI[223371]: User 'admin' added a new cfg line: 'show working'. Oct 20 15:26:03.063283 osdx ubnt-cfgd[276224]: inactive Oct 20 15:26:03.082763 osdx INFO[276232]: FRR daemons did not change Oct 20 15:26:03.107734 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Oct 20 15:26:03.187964 osdx systemd[1]: Starting ulogd2.service - Netfilter Userspace Logging Daemon... Oct 20 15:26:03.189042 osdx systemd[1]: ulogd2.service: Failed to parse PID from file /run/ulog/ulogd.pid: Invalid argument Oct 20 15:26:03.189525 osdx ulogd[276323]: registering plugin `NFCT' Oct 20 15:26:03.189708 osdx ulogd[276323]: registering plugin `IP2STR' Oct 20 15:26:03.189772 osdx ulogd[276323]: registering plugin `PRINTFLOW' Oct 20 15:26:03.189835 osdx ulogd[276323]: registering plugin `SYSLOG' Oct 20 15:26:03.189859 osdx ulogd[276323]: building new pluginstance stack: 'ct1:NFCT,ip2str1:IP2STR,print1:PRINTFLOW,sys1:SYSLOG' Oct 20 15:26:03.189921 osdx ulogd[276323]: NFCT plugin working in event mode Oct 20 15:26:03.189951 osdx ulogd[276323]: Changing UID / GID Oct 20 15:26:03.190030 osdx ulogd[276323]: initialization finished, entering main loop Oct 20 15:26:03.203752 osdx systemd[1]: Started ulogd2.service - Netfilter Userspace Logging Daemon. Oct 20 15:26:03.204996 osdx cfgd[1655]: [223371]Completed change to active configuration Oct 20 15:26:03.215650 osdx OSDxCLI[223371]: User 'admin' committed the configuration. Oct 20 15:26:03.236347 osdx OSDxCLI[223371]: User 'admin' left the configuration menu. Oct 20 15:26:04.019854 osdx ulogd[276323]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 Oct 20 15:26:04.098212 osdx ulogd[276323]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0
Destroy events
Description
Check DESTROY sessions events are captured
Scenario
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 192.168.100.1/24 set service ssh set system conntrack logging events destroy set system conntrack timeout icmp 1 set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 2: Set the following configuration in DUT1 :
set interfaces ethernet eth0 address 192.168.100.2/24 set protocols static route 0.0.0.0/0 next-hop 192.168.100.1 set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 3: Ping IP address 192.168.100.1 from DUT1:
admin@DUT1$ ping 192.168.100.1 count 1 size 56 timeout 1Show output
PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data. 64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.293 ms --- 192.168.100.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.293/0.293/0.293/0.000 ms
Step 4: Ping IP address 192.168.100.1 from DUT1:
admin@DUT1$ ping 192.168.100.1 count 3 size 56 timeout 1Show output
PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data. 64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.253 ms 64 bytes from 192.168.100.1: icmp_seq=2 ttl=64 time=0.249 ms 64 bytes from 192.168.100.1: icmp_seq=3 ttl=64 time=0.248 ms --- 192.168.100.1 ping statistics --- 3 packets transmitted, 3 received, 0% packet loss, time 2031ms rtt min/avg/max/mdev = 0.248/0.250/0.253/0.002 ms
Step 5: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
ulogd\[.*\]:.*\[DESTROY\].*SRC=192.168.100.2Show output
Oct 20 15:26:08.313798 osdx systemd-journald[222010]: Runtime Journal (/run/log/journal/82a9756ca47e4d589aa55e1b1a6b94de) is 1.8M, max 13.8M, 11.9M free. Oct 20 15:26:08.317717 osdx systemd-journald[222010]: Received client request to rotate journal, rotating. Oct 20 15:26:08.317773 osdx systemd-journald[222010]: Vacuuming done, freed 0B of archived journals from /run/log/journal/82a9756ca47e4d589aa55e1b1a6b94de. Oct 20 15:26:08.323788 osdx OSDxCLI[223371]: User 'admin' executed a new command: 'system journal clear'. Oct 20 15:26:08.538731 osdx OSDxCLI[223371]: User 'admin' executed a new command: 'system coredump delete all'. Oct 20 15:26:08.777046 osdx OSDxCLI[223371]: User 'admin' entered the configuration menu. Oct 20 15:26:08.860903 osdx OSDxCLI[223371]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 192.168.100.1/24'. Oct 20 15:26:08.958500 osdx OSDxCLI[223371]: User 'admin' added a new cfg line: 'set system conntrack logging events destroy'. Oct 20 15:26:09.022128 osdx OSDxCLI[223371]: User 'admin' added a new cfg line: 'set system conntrack timeout icmp 1'. Oct 20 15:26:09.180675 osdx OSDxCLI[223371]: User 'admin' added a new cfg line: 'set service ssh'. Oct 20 15:26:09.270523 osdx OSDxCLI[223371]: User 'admin' added a new cfg line: 'show working'. Oct 20 15:26:09.392778 osdx ubnt-cfgd[276508]: inactive Oct 20 15:26:09.459491 osdx INFO[276527]: FRR daemons did not change Oct 20 15:26:09.481747 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Oct 20 15:26:09.569993 osdx systemd[1]: Starting ulogd2.service - Netfilter Userspace Logging Daemon... Oct 20 15:26:09.571001 osdx systemd[1]: ulogd2.service: Failed to parse PID from file /run/ulog/ulogd.pid: Invalid argument Oct 20 15:26:09.571517 osdx ulogd[276620]: registering plugin `NFCT' Oct 20 15:26:09.571707 osdx ulogd[276620]: registering plugin `IP2STR' Oct 20 15:26:09.571771 osdx ulogd[276620]: registering plugin `PRINTFLOW' Oct 20 15:26:09.571836 osdx ulogd[276620]: registering plugin `SYSLOG' Oct 20 15:26:09.571864 osdx ulogd[276620]: building new pluginstance stack: 'ct1:NFCT,ip2str1:IP2STR,print1:PRINTFLOW,sys1:SYSLOG' Oct 20 15:26:09.571928 osdx ulogd[276620]: NFCT plugin working in event mode Oct 20 15:26:09.571958 osdx ulogd[276620]: Changing UID / GID Oct 20 15:26:09.572044 osdx ulogd[276620]: initialization finished, entering main loop Oct 20 15:26:09.593774 osdx systemd[1]: Started ulogd2.service - Netfilter Userspace Logging Daemon. Oct 20 15:26:09.650078 osdx systemd[1]: Starting ssh.service - OpenBSD Secure Shell server... Oct 20 15:26:09.663570 osdx sshd[276635]: Server listening on 0.0.0.0 port 22. Oct 20 15:26:09.663798 osdx sshd[276635]: Server listening on :: port 22. Oct 20 15:26:09.663916 osdx systemd[1]: Started ssh.service - OpenBSD Secure Shell server. Oct 20 15:26:09.665579 osdx cfgd[1655]: [223371]Completed change to active configuration Oct 20 15:26:09.676779 osdx OSDxCLI[223371]: User 'admin' committed the configuration. Oct 20 15:26:09.693606 osdx OSDxCLI[223371]: User 'admin' left the configuration menu. Oct 20 15:26:11.623471 osdx ulogd[276620]: [DESTROY] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 Oct 20 15:26:12.647469 osdx ulogd[276620]: [DESTROY] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84
Default logging
Description
Set a simple configuration, send a ping command from one device to other
and check that default fields appear when running system journal show.
Scenario
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 192.168.100.1/24 set system conntrack logging events all set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 2: Set the following configuration in DUT1 :
set interfaces ethernet eth0 address 192.168.100.2/24 set protocols static route 0.0.0.0/0 next-hop 192.168.100.1 set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 3: Ping IP address 192.168.100.1 from DUT1:
admin@DUT1$ ping 192.168.100.1 count 1 size 56 timeout 1Show output
PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data. 64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.347 ms --- 192.168.100.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.347/0.347/0.347/0.000 ms
Step 4: Ping IP address 192.168.100.1 from DUT1:
admin@DUT1$ ping 192.168.100.1 count 1 size 56 timeout 1Show output
PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data. 64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.225 ms --- 192.168.100.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.225/0.225/0.225/0.000 ms
Step 5: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
ulogd\[.*\]:.*\[((NEW)|(UPDATE)|(DESTROY))\].*SRC=192.168.100.2Show output
Oct 20 15:26:20.303307 osdx systemd-journald[222010]: Runtime Journal (/run/log/journal/82a9756ca47e4d589aa55e1b1a6b94de) is 1.8M, max 13.8M, 11.9M free. Oct 20 15:26:20.306635 osdx systemd-journald[222010]: Received client request to rotate journal, rotating. Oct 20 15:26:20.306686 osdx systemd-journald[222010]: Vacuuming done, freed 0B of archived journals from /run/log/journal/82a9756ca47e4d589aa55e1b1a6b94de. Oct 20 15:26:20.312484 osdx OSDxCLI[223371]: User 'admin' executed a new command: 'system journal clear'. Oct 20 15:26:20.522056 osdx OSDxCLI[223371]: User 'admin' executed a new command: 'system coredump delete all'. Oct 20 15:26:20.739778 osdx OSDxCLI[223371]: User 'admin' entered the configuration menu. Oct 20 15:26:20.825942 osdx OSDxCLI[223371]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 192.168.100.1/24'. Oct 20 15:26:20.908631 osdx OSDxCLI[223371]: User 'admin' added a new cfg line: 'set system conntrack logging events all'. Oct 20 15:26:20.982262 osdx OSDxCLI[223371]: User 'admin' added a new cfg line: 'show working'. Oct 20 15:26:21.070592 osdx ubnt-cfgd[276836]: inactive Oct 20 15:26:21.143998 osdx INFO[276844]: FRR daemons did not change Oct 20 15:26:21.166639 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Oct 20 15:26:21.250891 osdx systemd[1]: Starting ulogd2.service - Netfilter Userspace Logging Daemon... Oct 20 15:26:21.251749 osdx systemd[1]: Started ulogd2.service - Netfilter Userspace Logging Daemon. Oct 20 15:26:21.251882 osdx ulogd[276935]: registering plugin `NFCT' Oct 20 15:26:21.252070 osdx ulogd[276935]: registering plugin `IP2STR' Oct 20 15:26:21.252156 osdx ulogd[276935]: registering plugin `PRINTFLOW' Oct 20 15:26:21.252229 osdx ulogd[276935]: registering plugin `SYSLOG' Oct 20 15:26:21.252259 osdx ulogd[276935]: building new pluginstance stack: 'ct1:NFCT,ip2str1:IP2STR,print1:PRINTFLOW,sys1:SYSLOG' Oct 20 15:26:21.252326 osdx ulogd[276935]: NFCT plugin working in event mode Oct 20 15:26:21.252368 osdx ulogd[276935]: Changing UID / GID Oct 20 15:26:21.252460 osdx ulogd[276935]: initialization finished, entering main loop Oct 20 15:26:21.252709 osdx cfgd[1655]: [223371]Completed change to active configuration Oct 20 15:26:21.265828 osdx OSDxCLI[223371]: User 'admin' committed the configuration. Oct 20 15:26:21.289437 osdx OSDxCLI[223371]: User 'admin' left the configuration menu. Oct 20 15:26:22.068993 osdx ulogd[276935]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 Oct 20 15:26:22.069014 osdx ulogd[276935]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 Oct 20 15:26:22.146644 osdx ulogd[276935]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 Oct 20 15:26:22.146662 osdx ulogd[276935]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0
Identity logging
Description
Set a simple configuration with identity OSDx_DUT0 for logs entries, send a ping command from one device to other
and check that the identity has changed when running system journal show.
Scenario
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 192.168.100.1/24 set system conntrack logging events all set system conntrack logging identity OSDx_DUT0 set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 2: Set the following configuration in DUT1 :
set interfaces ethernet eth0 address 192.168.100.2/24 set protocols static route 0.0.0.0/0 next-hop 192.168.100.1 set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 3: Ping IP address 192.168.100.1 from DUT1:
admin@DUT1$ ping 192.168.100.1 count 1 size 56 timeout 1Show output
PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data. 64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.326 ms --- 192.168.100.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.326/0.326/0.326/0.000 ms
Step 4: Ping IP address 192.168.100.1 from DUT1:
admin@DUT1$ ping 192.168.100.1 count 1 size 56 timeout 1Show output
PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data. 64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.165 ms --- 192.168.100.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.165/0.165/0.165/0.000 ms
Step 5: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
OSDx_DUT0\[.*\]:.*\[((NEW)|(UPDATE)|(DESTROY))\].*SRC=192.168.100.2Show output
Oct 20 15:26:26.313120 osdx systemd-journald[222010]: Runtime Journal (/run/log/journal/82a9756ca47e4d589aa55e1b1a6b94de) is 1.8M, max 13.8M, 11.9M free. Oct 20 15:26:26.314850 osdx systemd-journald[222010]: Received client request to rotate journal, rotating. Oct 20 15:26:26.314902 osdx systemd-journald[222010]: Vacuuming done, freed 0B of archived journals from /run/log/journal/82a9756ca47e4d589aa55e1b1a6b94de. Oct 20 15:26:26.323524 osdx OSDxCLI[223371]: User 'admin' executed a new command: 'system journal clear'. Oct 20 15:26:26.529857 osdx OSDxCLI[223371]: User 'admin' executed a new command: 'system coredump delete all'. Oct 20 15:26:26.747563 osdx OSDxCLI[223371]: User 'admin' entered the configuration menu. Oct 20 15:26:26.821493 osdx OSDxCLI[223371]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 192.168.100.1/24'. Oct 20 15:26:26.905211 osdx OSDxCLI[223371]: User 'admin' added a new cfg line: 'set system conntrack logging events all'. Oct 20 15:26:26.963854 osdx OSDxCLI[223371]: User 'admin' added a new cfg line: 'set system conntrack logging identity OSDx_DUT0'. Oct 20 15:26:27.071990 osdx OSDxCLI[223371]: User 'admin' added a new cfg line: 'show working'. Oct 20 15:26:27.131800 osdx ubnt-cfgd[277119]: inactive Oct 20 15:26:27.152967 osdx INFO[277127]: FRR daemons did not change Oct 20 15:26:27.178874 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Oct 20 15:26:27.263209 osdx systemd[1]: Starting ulogd2.service - Netfilter Userspace Logging Daemon... Oct 20 15:26:27.263906 osdx systemd[1]: Started ulogd2.service - Netfilter Userspace Logging Daemon. Oct 20 15:26:27.264076 osdx ulogd[277218]: registering plugin `NFCT' Oct 20 15:26:27.264323 osdx ulogd[277218]: registering plugin `IP2STR' Oct 20 15:26:27.264414 osdx ulogd[277218]: registering plugin `PRINTFLOW' Oct 20 15:26:27.264506 osdx ulogd[277218]: registering plugin `SYSLOG' Oct 20 15:26:27.264551 osdx ulogd[277218]: building new pluginstance stack: 'ct1:NFCT,ip2str1:IP2STR,print1:PRINTFLOW,sys1:SYSLOG' Oct 20 15:26:27.264638 osdx ulogd[277218]: NFCT plugin working in event mode Oct 20 15:26:27.264681 osdx OSDx_DUT0[277218]: Changing UID / GID Oct 20 15:26:27.264793 osdx OSDx_DUT0[277218]: initialization finished, entering main loop Oct 20 15:26:27.266334 osdx cfgd[1655]: [223371]Completed change to active configuration Oct 20 15:26:27.277707 osdx OSDxCLI[223371]: User 'admin' committed the configuration. Oct 20 15:26:27.294493 osdx OSDxCLI[223371]: User 'admin' left the configuration menu. Oct 20 15:26:28.145415 osdx OSDx_DUT0[277218]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 Oct 20 15:26:28.145444 osdx OSDx_DUT0[277218]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 Oct 20 15:26:28.220789 osdx OSDx_DUT0[277218]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 Oct 20 15:26:28.220808 osdx OSDx_DUT0[277218]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0
Note
If the identity is not provided, “ulogd” will be used by default.
Step 6: Modify the following configuration lines in DUT0 :
delete system conntrack logging identity
Step 7: Ping IP address 192.168.100.1 from DUT1:
admin@DUT1$ ping 192.168.100.1 count 1 size 56 timeout 1Show output
PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data. 64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.252 ms --- 192.168.100.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.252/0.252/0.252/0.000 ms
Step 8: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
ulogd\[.*\]:.*\[((NEW)|(UPDATE)|(DESTROY))\].*SRC=192.168.100.2Show output
Oct 20 15:26:26.313120 osdx systemd-journald[222010]: Runtime Journal (/run/log/journal/82a9756ca47e4d589aa55e1b1a6b94de) is 1.8M, max 13.8M, 11.9M free. Oct 20 15:26:26.314850 osdx systemd-journald[222010]: Received client request to rotate journal, rotating. Oct 20 15:26:26.314902 osdx systemd-journald[222010]: Vacuuming done, freed 0B of archived journals from /run/log/journal/82a9756ca47e4d589aa55e1b1a6b94de. Oct 20 15:26:26.323524 osdx OSDxCLI[223371]: User 'admin' executed a new command: 'system journal clear'. Oct 20 15:26:26.529857 osdx OSDxCLI[223371]: User 'admin' executed a new command: 'system coredump delete all'. Oct 20 15:26:26.747563 osdx OSDxCLI[223371]: User 'admin' entered the configuration menu. Oct 20 15:26:26.821493 osdx OSDxCLI[223371]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 192.168.100.1/24'. Oct 20 15:26:26.905211 osdx OSDxCLI[223371]: User 'admin' added a new cfg line: 'set system conntrack logging events all'. Oct 20 15:26:26.963854 osdx OSDxCLI[223371]: User 'admin' added a new cfg line: 'set system conntrack logging identity OSDx_DUT0'. Oct 20 15:26:27.071990 osdx OSDxCLI[223371]: User 'admin' added a new cfg line: 'show working'. Oct 20 15:26:27.131800 osdx ubnt-cfgd[277119]: inactive Oct 20 15:26:27.152967 osdx INFO[277127]: FRR daemons did not change Oct 20 15:26:27.178874 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Oct 20 15:26:27.263209 osdx systemd[1]: Starting ulogd2.service - Netfilter Userspace Logging Daemon... Oct 20 15:26:27.263906 osdx systemd[1]: Started ulogd2.service - Netfilter Userspace Logging Daemon. Oct 20 15:26:27.264076 osdx ulogd[277218]: registering plugin `NFCT' Oct 20 15:26:27.264323 osdx ulogd[277218]: registering plugin `IP2STR' Oct 20 15:26:27.264414 osdx ulogd[277218]: registering plugin `PRINTFLOW' Oct 20 15:26:27.264506 osdx ulogd[277218]: registering plugin `SYSLOG' Oct 20 15:26:27.264551 osdx ulogd[277218]: building new pluginstance stack: 'ct1:NFCT,ip2str1:IP2STR,print1:PRINTFLOW,sys1:SYSLOG' Oct 20 15:26:27.264638 osdx ulogd[277218]: NFCT plugin working in event mode Oct 20 15:26:27.264681 osdx OSDx_DUT0[277218]: Changing UID / GID Oct 20 15:26:27.264793 osdx OSDx_DUT0[277218]: initialization finished, entering main loop Oct 20 15:26:27.266334 osdx cfgd[1655]: [223371]Completed change to active configuration Oct 20 15:26:27.277707 osdx OSDxCLI[223371]: User 'admin' committed the configuration. Oct 20 15:26:27.294493 osdx OSDxCLI[223371]: User 'admin' left the configuration menu. Oct 20 15:26:28.145415 osdx OSDx_DUT0[277218]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 Oct 20 15:26:28.145444 osdx OSDx_DUT0[277218]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 Oct 20 15:26:28.220789 osdx OSDx_DUT0[277218]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 Oct 20 15:26:28.220808 osdx OSDx_DUT0[277218]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 Oct 20 15:26:28.340991 osdx OSDxCLI[223371]: User 'admin' executed a new command: 'system journal show | cat'. Oct 20 15:26:28.504869 osdx OSDxCLI[223371]: User 'admin' entered the configuration menu. Oct 20 15:26:28.570529 osdx OSDxCLI[223371]: User 'admin' added a new cfg line: 'delete system conntrack logging identity'. Oct 20 15:26:28.661819 osdx OSDxCLI[223371]: User 'admin' added a new cfg line: 'show changes'. Oct 20 15:26:28.725941 osdx ubnt-cfgd[277254]: inactive Oct 20 15:26:28.743454 osdx INFO[277260]: FRR daemons did not change Oct 20 15:26:28.753897 osdx OSDx_DUT0[277218]: Terminal signal received, exiting Oct 20 15:26:28.754005 osdx systemd[1]: Stopping ulogd2.service - Netfilter Userspace Logging Daemon... Oct 20 15:26:28.754293 osdx systemd[1]: ulogd2.service: Deactivated successfully. Oct 20 15:26:28.754406 osdx systemd[1]: Stopped ulogd2.service - Netfilter Userspace Logging Daemon. Oct 20 15:26:28.783146 osdx systemd[1]: Starting ulogd2.service - Netfilter Userspace Logging Daemon... Oct 20 15:26:28.783825 osdx systemd[1]: Started ulogd2.service - Netfilter Userspace Logging Daemon. Oct 20 15:26:28.784382 osdx ulogd[277269]: registering plugin `NFCT' Oct 20 15:26:28.784636 osdx ulogd[277269]: registering plugin `IP2STR' Oct 20 15:26:28.784729 osdx ulogd[277269]: registering plugin `PRINTFLOW' Oct 20 15:26:28.784812 osdx ulogd[277269]: registering plugin `SYSLOG' Oct 20 15:26:28.784849 osdx ulogd[277269]: building new pluginstance stack: 'ct1:NFCT,ip2str1:IP2STR,print1:PRINTFLOW,sys1:SYSLOG' Oct 20 15:26:28.784931 osdx ulogd[277269]: NFCT plugin working in event mode Oct 20 15:26:28.784971 osdx ulogd[277269]: Changing UID / GID Oct 20 15:26:28.785081 osdx ulogd[277269]: initialization finished, entering main loop Oct 20 15:26:28.785154 osdx cfgd[1655]: [223371]Completed change to active configuration Oct 20 15:26:28.786447 osdx ulogd[277269]: [DESTROY] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 Oct 20 15:26:28.786552 osdx ulogd[277269]: [DESTROY] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 Oct 20 15:26:28.787059 osdx OSDxCLI[223371]: User 'admin' committed the configuration. Oct 20 15:26:28.806464 osdx OSDxCLI[223371]: User 'admin' left the configuration menu. Oct 20 15:26:28.969412 osdx ulogd[277269]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 Oct 20 15:26:28.969439 osdx ulogd[277269]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0
Policies logging
Description
Set a simple configuration with mark and label traffic policies,
send a ping command from one device to other
and check that default, mark and label fields appear when running system journal show.
Scenario
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 192.168.100.1/24 set interfaces ethernet eth0 traffic policy in POLICY set system conntrack logging events all set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0' set traffic label TEST set traffic policy POLICY rule 1 set connmark 33 set traffic policy POLICY rule 1 set label TEST
Step 2: Set the following configuration in DUT1 :
set interfaces ethernet eth0 address 192.168.100.2/24 set protocols static route 0.0.0.0/0 next-hop 192.168.100.1 set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 3: Ping IP address 192.168.100.1 from DUT1:
admin@DUT1$ ping 192.168.100.1 count 1 size 56 timeout 1Show output
PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data. 64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.452 ms --- 192.168.100.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.452/0.452/0.452/0.000 ms
Step 4: Ping IP address 192.168.100.1 from DUT1:
admin@DUT1$ ping 192.168.100.1 count 2 size 56 timeout 1Show output
PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data. 64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.235 ms 64 bytes from 192.168.100.1: icmp_seq=2 ttl=64 time=0.223 ms --- 192.168.100.1 ping statistics --- 2 packets transmitted, 2 received, 0% packet loss, time 1013ms rtt min/avg/max/mdev = 0.223/0.229/0.235/0.006 ms
Step 5: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
ulogd\[.*\]:.*\[((NEW)|(UPDATE)|(DESTROY))\].*MARK=33.*LABELS=TESTShow output
Oct 20 15:26:33.296617 osdx systemd-journald[222010]: Runtime Journal (/run/log/journal/82a9756ca47e4d589aa55e1b1a6b94de) is 1.8M, max 13.8M, 11.9M free. Oct 20 15:26:33.298817 osdx systemd-journald[222010]: Received client request to rotate journal, rotating. Oct 20 15:26:33.298865 osdx systemd-journald[222010]: Vacuuming done, freed 0B of archived journals from /run/log/journal/82a9756ca47e4d589aa55e1b1a6b94de. Oct 20 15:26:33.307994 osdx OSDxCLI[223371]: User 'admin' executed a new command: 'system journal clear'. Oct 20 15:26:33.519501 osdx OSDxCLI[223371]: User 'admin' executed a new command: 'system coredump delete all'. Oct 20 15:26:33.739566 osdx OSDxCLI[223371]: User 'admin' entered the configuration menu. Oct 20 15:26:33.819306 osdx OSDxCLI[223371]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 traffic policy in POLICY'. Oct 20 15:26:33.924981 osdx OSDxCLI[223371]: User 'admin' added a new cfg line: 'set traffic label TEST'. Oct 20 15:26:34.017071 osdx OSDxCLI[223371]: User 'admin' added a new cfg line: 'set traffic policy POLICY rule 1 set connmark 33'. Oct 20 15:26:34.116729 osdx OSDxCLI[223371]: User 'admin' added a new cfg line: 'set traffic policy POLICY rule 1 set label TEST'. Oct 20 15:26:34.173164 osdx OSDxCLI[223371]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 192.168.100.1/24'. Oct 20 15:26:34.283973 osdx OSDxCLI[223371]: User 'admin' added a new cfg line: 'set system conntrack logging events all'. Oct 20 15:26:34.377806 osdx OSDxCLI[223371]: User 'admin' added a new cfg line: 'show working'. Oct 20 15:26:34.486167 osdx ubnt-cfgd[277432]: inactive Oct 20 15:26:34.512741 osdx INFO[277446]: FRR daemons did not change Oct 20 15:26:34.534831 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Oct 20 15:26:34.643211 osdx systemd[1]: Starting ulogd2.service - Netfilter Userspace Logging Daemon... Oct 20 15:26:34.643972 osdx systemd[1]: ulogd2.service: Failed to parse PID from file /run/ulog/ulogd.pid: Invalid argument Oct 20 15:26:34.646862 osdx systemd[1]: Started ulogd2.service - Netfilter Userspace Logging Daemon. Oct 20 15:26:34.647247 osdx ulogd[277537]: registering plugin `NFCT' Oct 20 15:26:34.647461 osdx ulogd[277537]: registering plugin `IP2STR' Oct 20 15:26:34.647541 osdx ulogd[277537]: registering plugin `PRINTFLOW' Oct 20 15:26:34.647614 osdx ulogd[277537]: registering plugin `SYSLOG' Oct 20 15:26:34.647647 osdx ulogd[277537]: building new pluginstance stack: 'ct1:NFCT,ip2str1:IP2STR,print1:PRINTFLOW,sys1:SYSLOG' Oct 20 15:26:34.647721 osdx ulogd[277537]: NFCT plugin working in event mode Oct 20 15:26:34.647753 osdx ulogd[277537]: Changing UID / GID Oct 20 15:26:34.647850 osdx ulogd[277537]: initialization finished, entering main loop Oct 20 15:26:34.660778 osdx ulogd[277537]: Terminal signal received, exiting Oct 20 15:26:34.660841 osdx systemd[1]: Stopping ulogd2.service - Netfilter Userspace Logging Daemon... Oct 20 15:26:34.661533 osdx systemd[1]: ulogd2.service: Deactivated successfully. Oct 20 15:26:34.661652 osdx systemd[1]: Stopped ulogd2.service - Netfilter Userspace Logging Daemon. Oct 20 15:26:34.662880 osdx systemd[1]: Starting ulogd2.service - Netfilter Userspace Logging Daemon... Oct 20 15:26:34.663590 osdx systemd[1]: ulogd2.service: Failed to parse PID from file /run/ulog/ulogd.pid: Invalid argument Oct 20 15:26:34.664020 osdx systemd[1]: Started ulogd2.service - Netfilter Userspace Logging Daemon. Oct 20 15:26:34.665376 osdx ulogd[277543]: registering plugin `NFCT' Oct 20 15:26:34.665625 osdx ulogd[277543]: registering plugin `IP2STR' Oct 20 15:26:34.665727 osdx ulogd[277543]: registering plugin `PRINTFLOW' Oct 20 15:26:34.665825 osdx ulogd[277543]: registering plugin `SYSLOG' Oct 20 15:26:34.665863 osdx ulogd[277543]: building new pluginstance stack: 'ct1:NFCT,ip2str1:IP2STR,print1:PRINTFLOW,sys1:SYSLOG' Oct 20 15:26:34.665950 osdx ulogd[277543]: NFCT plugin working in event mode Oct 20 15:26:34.665996 osdx ulogd[277543]: Changing UID / GID Oct 20 15:26:34.666109 osdx ulogd[277543]: initialization finished, entering main loop Oct 20 15:26:34.851658 osdx cfgd[1655]: [223371]Completed change to active configuration Oct 20 15:26:34.862757 osdx OSDxCLI[223371]: User 'admin' committed the configuration. Oct 20 15:26:34.887968 osdx OSDxCLI[223371]: User 'admin' left the configuration menu. Oct 20 15:26:35.770024 osdx ulogd[277543]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 MARK=33 LABELS=TEST Oct 20 15:26:35.770052 osdx ulogd[277543]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 MARK=33 Oct 20 15:26:35.855834 osdx ulogd[277543]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 MARK=33 LABELS=TEST Oct 20 15:26:35.855851 osdx ulogd[277543]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 MARK=33
VRF logging
Description
Set a simple configuration with a vrf,
send a ping command from one device to other
and check that default and vrf fields appear when running system journal show.
Scenario
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 192.168.100.1/24 set interfaces ethernet eth0 vrf RED set protocols vrf RED static route 0.0.0.0/0 next-hop 192.168.100.2 set system conntrack logging events all set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0' set system vrf RED
Step 2: Set the following configuration in DUT1 :
set interfaces ethernet eth0 address 192.168.100.2/24 set protocols static route 0.0.0.0/0 next-hop 192.168.100.1 set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 3: Ping IP address 192.168.100.1 from DUT1:
admin@DUT1$ ping 192.168.100.1 count 1 size 56 timeout 1Show output
PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data. 64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.319 ms --- 192.168.100.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.319/0.319/0.319/0.000 ms
Step 4: Ping IP address 192.168.100.1 from DUT1:
admin@DUT1$ ping 192.168.100.1 count 1 size 56 timeout 1Show output
PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data. 64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.224 ms --- 192.168.100.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.224/0.224/0.224/0.000 ms
Step 5: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
ulogd\[.*\]:.*\[((NEW)|(UPDATE)|(DESTROY))\].*VRF=REDShow output
Oct 20 15:26:41.301117 osdx systemd-journald[222010]: Runtime Journal (/run/log/journal/82a9756ca47e4d589aa55e1b1a6b94de) is 1.8M, max 13.8M, 11.9M free. Oct 20 15:26:41.304154 osdx systemd-journald[222010]: Received client request to rotate journal, rotating. Oct 20 15:26:41.304212 osdx systemd-journald[222010]: Vacuuming done, freed 0B of archived journals from /run/log/journal/82a9756ca47e4d589aa55e1b1a6b94de. Oct 20 15:26:41.311510 osdx OSDxCLI[223371]: User 'admin' executed a new command: 'system journal clear'. Oct 20 15:26:41.524915 osdx OSDxCLI[223371]: User 'admin' executed a new command: 'system coredump delete all'. Oct 20 15:26:41.756330 osdx OSDxCLI[223371]: User 'admin' entered the configuration menu. Oct 20 15:26:41.837112 osdx OSDxCLI[223371]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 vrf RED'. Oct 20 15:26:41.925431 osdx OSDxCLI[223371]: User 'admin' added a new cfg line: 'set protocols vrf RED static route 0.0.0.0/0 next-hop 192.168.100.2'. Oct 20 15:26:41.979407 osdx OSDxCLI[223371]: User 'admin' added a new cfg line: 'set system vrf RED'. Oct 20 15:26:42.071485 osdx OSDxCLI[223371]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 192.168.100.1/24'. Oct 20 15:26:42.137887 osdx OSDxCLI[223371]: User 'admin' added a new cfg line: 'set system conntrack logging events all'. Oct 20 15:26:42.255160 osdx OSDxCLI[223371]: User 'admin' added a new cfg line: 'show working'. Oct 20 15:26:42.319030 osdx ubnt-cfgd[277771]: inactive Oct 20 15:26:42.346971 osdx INFO[277779]: FRR daemons did not change Oct 20 15:26:42.358014 osdx (udev-worker)[277788]: RED: Could not disable auto negotiation, ignoring: Operation not supported Oct 20 15:26:42.358273 osdx (udev-worker)[277788]: Network interface NamePolicy= disabled on kernel command line. Oct 20 15:26:42.384186 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Oct 20 15:26:42.436160 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Oct 20 15:26:42.520499 osdx systemd[1]: Starting ulogd2.service - Netfilter Userspace Logging Daemon... Oct 20 15:26:42.521483 osdx systemd[1]: Started ulogd2.service - Netfilter Userspace Logging Daemon. Oct 20 15:26:42.521560 osdx ulogd[277945]: registering plugin `NFCT' Oct 20 15:26:42.521766 osdx ulogd[277945]: registering plugin `IP2STR' Oct 20 15:26:42.521833 osdx ulogd[277945]: registering plugin `PRINTFLOW' Oct 20 15:26:42.521915 osdx ulogd[277945]: registering plugin `SYSLOG' Oct 20 15:26:42.521944 osdx ulogd[277945]: building new pluginstance stack: 'ct1:NFCT,ip2str1:IP2STR,print1:PRINTFLOW,sys1:SYSLOG' Oct 20 15:26:42.522014 osdx ulogd[277945]: NFCT plugin working in event mode Oct 20 15:26:42.522046 osdx ulogd[277945]: Changing UID / GID Oct 20 15:26:42.522132 osdx ulogd[277945]: initialization finished, entering main loop Oct 20 15:26:42.523898 osdx cfgd[1655]: [223371]Completed change to active configuration Oct 20 15:26:42.538078 osdx OSDxCLI[223371]: User 'admin' committed the configuration. Oct 20 15:26:42.559805 osdx OSDxCLI[223371]: User 'admin' left the configuration menu. Oct 20 15:26:43.489680 osdx ulogd[277945]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 VRF=RED PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 VRF=RED PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 Oct 20 15:26:43.489698 osdx ulogd[277945]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 VRF=RED PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 VRF=RED PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 Oct 20 15:26:43.565755 osdx ulogd[277945]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 VRF=RED PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 VRF=RED PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 Oct 20 15:26:43.565773 osdx ulogd[277945]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 VRF=RED PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 VRF=RED PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0
Not-Bypass logging
Description
Set a simple configuration with a firewall service,
send a ping command from one device to other
and check that default and bypass fields appear when running system journal show.
Scenario
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth1 address 10.215.168.64/24 set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 2: Ping IP address 10.215.168.1 from DUT0:
admin@DUT0$ ping 10.215.168.1 count 1 size 56 timeout 1Show output
PING 10.215.168.1 (10.215.168.1) 56(84) bytes of data. 64 bytes from 10.215.168.1: icmp_seq=1 ttl=64 time=0.250 ms --- 10.215.168.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.250/0.250/0.250/0.000 ms
Step 3: Run command file copy http://10.215.168.1/~robot/test-performance.rules running:// force at DUT0 and expect this output:
Show output
% Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 100 129 100 129 0 0 9645 0 --:--:-- --:--:-- --:--:-- 9923
Step 4: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 192.168.100.1/24 set interfaces ethernet eth0 traffic policy in POLICY set interfaces ethernet eth1 address 10.215.168.64/24 set service firewall FW mode inline queue FW_Q set service firewall FW ruleset file 'running://test-performance.rules' set service firewall FW stream bypass mark 129834765 set service firewall FW stream bypass mask 129834765 set service firewall FW stream bypass set-connmark set system conntrack logging events all set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0' set traffic policy POLICY rule 1 action enqueue FW_Q set traffic queue FW_Q elements 1
Step 5: Set the following configuration in DUT1 :
set interfaces ethernet eth0 address 192.168.100.2/24 set protocols static route 0.0.0.0/0 next-hop 192.168.100.1 set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 6: Ping IP address 192.168.100.1 from DUT1:
admin@DUT1$ ping 192.168.100.1 count 1 size 56 timeout 1Show output
PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data. 64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.405 ms --- 192.168.100.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.405/0.405/0.405/0.000 ms
Step 7: Ping IP address 192.168.100.1 from DUT1:
admin@DUT1$ ping 192.168.100.1 count 1 size 56 timeout 1Show output
PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data. 64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.314 ms --- 192.168.100.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.314/0.314/0.314/0.000 ms
Step 8: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
ulogd\[.*\]:.*\[((NEW)|(UPDATE)|(DESTROY))\].*Sc: not-bypassShow output
Oct 20 15:26:47.000157 osdx systemd-timedated[249457]: Changed local time to Mon 2025-10-20 15:26:47 UTC Oct 20 15:26:47.001579 osdx OSDxCLI[223371]: User 'admin' executed a new command: 'set date 2025-10-20 15:26:47'. Oct 20 15:26:47.002472 osdx systemd-journald[222010]: Time jumped backwards, rotating. Oct 20 15:26:47.312343 osdx systemd-journald[222010]: Runtime Journal (/run/log/journal/82a9756ca47e4d589aa55e1b1a6b94de) is 1.8M, max 13.8M, 11.9M free. Oct 20 15:26:47.314484 osdx systemd-journald[222010]: Received client request to rotate journal, rotating. Oct 20 15:26:47.314541 osdx systemd-journald[222010]: Vacuuming done, freed 0B of archived journals from /run/log/journal/82a9756ca47e4d589aa55e1b1a6b94de. Oct 20 15:26:47.322623 osdx OSDxCLI[223371]: User 'admin' executed a new command: 'system journal clear'. Oct 20 15:26:47.557557 osdx OSDxCLI[223371]: User 'admin' executed a new command: 'system coredump delete all'. Oct 20 15:26:47.781726 osdx OSDxCLI[223371]: User 'admin' entered the configuration menu. Oct 20 15:26:47.860403 osdx OSDxCLI[223371]: User 'admin' added a new cfg line: 'set interfaces ethernet eth1 address 10.215.168.64/24'. Oct 20 15:26:47.952264 osdx OSDxCLI[223371]: User 'admin' added a new cfg line: 'show working'. Oct 20 15:26:48.010451 osdx ubnt-cfgd[278210]: inactive Oct 20 15:26:48.029526 osdx INFO[278218]: FRR daemons did not change Oct 20 15:26:48.050489 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth1 Oct 20 15:26:48.097568 osdx cfgd[1655]: [223371]Completed change to active configuration Oct 20 15:26:48.110800 osdx OSDxCLI[223371]: User 'admin' committed the configuration. Oct 20 15:26:48.133065 osdx OSDxCLI[223371]: User 'admin' left the configuration menu. Oct 20 15:26:48.344764 osdx OSDxCLI[223371]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'. Oct 20 15:26:48.488924 osdx file_operation[278335]: using src url: http://10.215.168.1/~robot/test-performance.rules dst url: running:// Oct 20 15:26:48.523287 osdx OSDxCLI[223371]: User 'admin' executed a new command: 'file copy http://10.215.168.1/~robot/test-performance.rules running:// force'. Oct 20 15:26:48.667771 osdx OSDxCLI[223371]: User 'admin' entered the configuration menu. Oct 20 15:26:48.734770 osdx OSDxCLI[223371]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 traffic policy in POLICY'. Oct 20 15:26:48.833097 osdx OSDxCLI[223371]: User 'admin' added a new cfg line: 'set service firewall FW mode inline queue FW_Q'. Oct 20 15:26:48.894996 osdx OSDxCLI[223371]: User 'admin' added a new cfg line: 'set service firewall FW ruleset file running://test-performance.rules'. Oct 20 15:26:48.993902 osdx OSDxCLI[223371]: User 'admin' added a new cfg line: 'set service firewall FW stream bypass'. Oct 20 15:26:49.066273 osdx OSDxCLI[223371]: User 'admin' added a new cfg line: 'set service firewall FW stream bypass mark 129834765'. Oct 20 15:26:49.155095 osdx OSDxCLI[223371]: User 'admin' added a new cfg line: 'set service firewall FW stream bypass mask 129834765'. Oct 20 15:26:49.218903 osdx OSDxCLI[223371]: User 'admin' added a new cfg line: 'set service firewall FW stream bypass set-connmark'. Oct 20 15:26:49.308127 osdx OSDxCLI[223371]: User 'admin' added a new cfg line: 'set traffic queue FW_Q elements 1'. Oct 20 15:26:49.373201 osdx OSDxCLI[223371]: User 'admin' added a new cfg line: 'set traffic policy POLICY rule 1 action enqueue FW_Q'. Oct 20 15:26:49.488389 osdx OSDxCLI[223371]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 192.168.100.1/24'. Oct 20 15:26:49.552064 osdx OSDxCLI[223371]: User 'admin' added a new cfg line: 'set system conntrack logging events all'. Oct 20 15:26:49.689987 osdx OSDxCLI[223371]: User 'admin' added a new cfg line: 'show working'. Oct 20 15:26:49.769213 osdx ubnt-cfgd[278369]: inactive Oct 20 15:26:49.806803 osdx INFO[278386]: FRR daemons did not change Oct 20 15:26:49.830482 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Oct 20 15:26:49.926722 osdx systemd[1]: Starting ulogd2.service - Netfilter Userspace Logging Daemon... Oct 20 15:26:49.927423 osdx systemd[1]: ulogd2.service: Failed to parse PID from file /run/ulog/ulogd.pid: Invalid argument Oct 20 15:26:49.930726 osdx ulogd[278477]: registering plugin `NFCT' Oct 20 15:26:49.930951 osdx ulogd[278477]: registering plugin `IP2STR' Oct 20 15:26:49.931022 osdx ulogd[278477]: registering plugin `PRINTFLOW' Oct 20 15:26:49.931093 osdx ulogd[278477]: registering plugin `SYSLOG' Oct 20 15:26:49.931123 osdx ulogd[278477]: building new pluginstance stack: 'ct1:NFCT,ip2str1:IP2STR,print1:PRINTFLOW,sys1:SYSLOG' Oct 20 15:26:49.931199 osdx ulogd[278477]: NFCT plugin working in event mode Oct 20 15:26:49.931234 osdx ulogd[278477]: Changing UID / GID Oct 20 15:26:49.931333 osdx ulogd[278477]: initialization finished, entering main loop Oct 20 15:26:49.938503 osdx systemd[1]: Started ulogd2.service - Netfilter Userspace Logging Daemon. Oct 20 15:26:50.249412 osdx systemd[1]: Reloading. Oct 20 15:26:50.270478 osdx systemd-sysv-generator[278514]: stat() failed on /etc/init.d/README, ignoring: No such file or directory Oct 20 15:26:50.402909 osdx systemd[1]: Starting logrotate.service - Rotate log files... Oct 20 15:26:50.407368 osdx systemd[1]: Created slice system-suricata.slice - Slice /system/suricata. Oct 20 15:26:50.408378 osdx systemd[1]: Starting suricata@FW.service - Suricata client "FW" service... Oct 20 15:26:50.426800 osdx systemd[1]: logrotate.service: Deactivated successfully. Oct 20 15:26:50.426962 osdx systemd[1]: Finished logrotate.service - Rotate log files. Oct 20 15:26:50.682405 osdx systemd[1]: Started suricata@FW.service - Suricata client "FW" service. Oct 20 15:26:51.158075 osdx INFO[278496]: Rules successfully loaded Oct 20 15:26:51.171234 osdx ulogd[278477]: Terminal signal received, exiting Oct 20 15:26:51.171346 osdx systemd[1]: Stopping ulogd2.service - Netfilter Userspace Logging Daemon... Oct 20 15:26:51.171641 osdx systemd[1]: ulogd2.service: Deactivated successfully. Oct 20 15:26:51.171734 osdx systemd[1]: Stopped ulogd2.service - Netfilter Userspace Logging Daemon. Oct 20 15:26:51.210800 osdx systemd[1]: Starting ulogd2.service - Netfilter Userspace Logging Daemon... Oct 20 15:26:51.211514 osdx systemd[1]: Started ulogd2.service - Netfilter Userspace Logging Daemon. Oct 20 15:26:51.211694 osdx ulogd[278542]: registering plugin `NFCT' Oct 20 15:26:51.212572 osdx ulogd[278542]: registering plugin `IP2STR' Oct 20 15:26:51.212718 osdx ulogd[278542]: registering plugin `PRINTFLOW' Oct 20 15:26:51.212842 osdx ulogd[278542]: registering plugin `SYSLOG' Oct 20 15:26:51.212905 osdx ulogd[278542]: building new pluginstance stack: 'ct1:NFCT,ip2str1:IP2STR,print1:PRINTFLOW,sys1:SYSLOG' Oct 20 15:26:51.212988 osdx ulogd[278542]: NFCT plugin working in event mode Oct 20 15:26:51.213028 osdx ulogd[278542]: Changing UID / GID Oct 20 15:26:51.213138 osdx ulogd[278542]: initialization finished, entering main loop Oct 20 15:26:51.213384 osdx cfgd[1655]: [223371]Completed change to active configuration Oct 20 15:26:51.224297 osdx OSDxCLI[223371]: User 'admin' committed the configuration. Oct 20 15:26:51.244481 osdx OSDxCLI[223371]: User 'admin' left the configuration menu. Oct 20 15:26:52.059759 osdx ulogd[278542]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 (Sc: not-bypass) Oct 20 15:26:52.059775 osdx ulogd[278542]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 (Sc: not-bypass) Oct 20 15:26:52.139697 osdx ulogd[278542]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 (Sc: not-bypass) Oct 20 15:26:52.139720 osdx ulogd[278542]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 (Sc: not-bypass)
Offload flag
Description
Set a simple configuration with DUT0 as an intermediary between DUT1
and DUT2. Initiate a ssh connection from DUT1 to DUT2
and check that default and offload fields appear when running system journal show.
Scenario
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 192.168.100.1/24 set interfaces ethernet eth1 address 192.168.200.1/24 set system conntrack logging events all set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 2: Set the following configuration in DUT1 :
set interfaces ethernet eth0 address 192.168.100.2/24 set protocols static route 0.0.0.0/0 next-hop 192.168.100.1 set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 3: Set the following configuration in DUT2 :
set interfaces ethernet eth0 address 192.168.200.2/24 set protocols static route 0.0.0.0/0 next-hop 192.168.200.1 set service ssh set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 4: Ping IP address 192.168.100.1 from DUT1:
admin@DUT1$ ping 192.168.100.1 count 1 size 56 timeout 1Show output
PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data. 64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.297 ms --- 192.168.100.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.297/0.297/0.297/0.000 ms
Step 5: Ping IP address 192.168.200.1 from DUT2:
admin@DUT2$ ping 192.168.200.1 count 1 size 56 timeout 1Show output
PING 192.168.200.1 (192.168.200.1) 56(84) bytes of data. 64 bytes from 192.168.200.1: icmp_seq=1 ttl=64 time=0.327 ms --- 192.168.200.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.327/0.327/0.327/0.000 ms
Step 6: Init an SSH connection from DUT1 to IP address 192.168.200.2 with the user admin:
admin@DUT1$ ssh admin@192.168.200.2 option StrictHostKeyChecking=no option UserKnownHostsFile=/dev/nullShow output
Warning: Permanently added '192.168.200.2' (ECDSA) to the list of known hosts. admin@192.168.200.2's password: Welcome to Teldat OSDx v4.2.5.3 This system includes free software. Contact Teldat for licenses information and source code. Last login: Mon Oct 20 15:18:12 2025 from 10.0.0.2 admin@osdx$
Step 7: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
ulogd\[.*\]:.*\[((NEW)|(UPDATE)|(DESTROY))\].*\[OFFLOAD\]Show output
Oct 20 15:26:59.305336 osdx systemd-journald[222010]: Runtime Journal (/run/log/journal/82a9756ca47e4d589aa55e1b1a6b94de) is 1.9M, max 13.8M, 11.8M free. Oct 20 15:26:59.305995 osdx systemd-journald[222010]: Received client request to rotate journal, rotating. Oct 20 15:26:59.306041 osdx systemd-journald[222010]: Vacuuming done, freed 0B of archived journals from /run/log/journal/82a9756ca47e4d589aa55e1b1a6b94de. Oct 20 15:26:59.316720 osdx OSDxCLI[223371]: User 'admin' executed a new command: 'system journal clear'. Oct 20 15:26:59.575707 osdx OSDxCLI[223371]: User 'admin' executed a new command: 'system coredump delete all'. Oct 20 15:26:59.802361 osdx OSDxCLI[223371]: User 'admin' entered the configuration menu. Oct 20 15:26:59.882579 osdx OSDxCLI[223371]: User 'admin' added a new cfg line: 'set interfaces ethernet eth1 address 192.168.200.1/24'. Oct 20 15:26:59.975211 osdx OSDxCLI[223371]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 192.168.100.1/24'. Oct 20 15:27:00.035516 osdx OSDxCLI[223371]: User 'admin' added a new cfg line: 'set system conntrack logging events all'. Oct 20 15:27:00.149142 osdx OSDxCLI[223371]: User 'admin' added a new cfg line: 'show working'. Oct 20 15:27:00.218529 osdx ubnt-cfgd[278820]: inactive Oct 20 15:27:00.246351 osdx INFO[278830]: FRR daemons did not change Oct 20 15:27:00.269999 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth1 Oct 20 15:27:00.334031 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Oct 20 15:27:00.426404 osdx systemd[1]: Starting ulogd2.service - Netfilter Userspace Logging Daemon... Oct 20 15:27:00.427691 osdx systemd[1]: Started ulogd2.service - Netfilter Userspace Logging Daemon. Oct 20 15:27:00.427792 osdx ulogd[278996]: registering plugin `NFCT' Oct 20 15:27:00.428021 osdx ulogd[278996]: registering plugin `IP2STR' Oct 20 15:27:00.428108 osdx ulogd[278996]: registering plugin `PRINTFLOW' Oct 20 15:27:00.428192 osdx ulogd[278996]: registering plugin `SYSLOG' Oct 20 15:27:00.428226 osdx ulogd[278996]: building new pluginstance stack: 'ct1:NFCT,ip2str1:IP2STR,print1:PRINTFLOW,sys1:SYSLOG' Oct 20 15:27:00.428312 osdx ulogd[278996]: NFCT plugin working in event mode Oct 20 15:27:00.428351 osdx ulogd[278996]: Changing UID / GID Oct 20 15:27:00.428467 osdx ulogd[278996]: initialization finished, entering main loop Oct 20 15:27:00.429045 osdx cfgd[1655]: [223371]Completed change to active configuration Oct 20 15:27:00.443698 osdx OSDxCLI[223371]: User 'admin' committed the configuration. Oct 20 15:27:00.462117 osdx OSDxCLI[223371]: User 'admin' left the configuration menu. Oct 20 15:27:02.115231 osdx ulogd[278996]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 Oct 20 15:27:02.115247 osdx ulogd[278996]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 Oct 20 15:27:02.213878 osdx ulogd[278996]: [NEW] ORIG: SRC=192.168.200.2 DST=192.168.200.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.200.1 DST=192.168.200.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 Oct 20 15:27:02.213901 osdx ulogd[278996]: [UPDATE] ORIG: SRC=192.168.200.2 DST=192.168.200.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.200.1 DST=192.168.200.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 Oct 20 15:27:02.298981 osdx ulogd[278996]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.200.2 PROTO=TCP SPT=55346 DPT=22 PKTS=0 BYTES=0 , REPLY: SRC=192.168.200.2 DST=192.168.100.2 PROTO=TCP SPT=22 DPT=55346 PKTS=0 BYTES=0 Oct 20 15:27:02.299155 osdx ulogd[278996]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.200.2 PROTO=TCP SPT=55346 DPT=22 PKTS=0 BYTES=0 , REPLY: SRC=192.168.200.2 DST=192.168.100.2 PROTO=TCP SPT=22 DPT=55346 PKTS=0 BYTES=0 Oct 20 15:27:02.299256 osdx ulogd[278996]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.200.2 PROTO=TCP SPT=55346 DPT=22 PKTS=0 BYTES=0 , REPLY: SRC=192.168.200.2 DST=192.168.100.2 PROTO=TCP SPT=22 DPT=55346 PKTS=0 BYTES=0 [OFFLOAD] Oct 20 15:27:02.581646 osdx ulogd[278996]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.200.2 PROTO=TCP SPT=55346 DPT=22 PKTS=0 BYTES=0 , REPLY: SRC=192.168.200.2 DST=192.168.100.2 PROTO=TCP SPT=22 DPT=55346 PKTS=0 BYTES=0 Oct 20 15:27:02.581667 osdx ulogd[278996]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.200.2 PROTO=TCP SPT=55346 DPT=22 PKTS=0 BYTES=0 , REPLY: SRC=192.168.200.2 DST=192.168.100.2 PROTO=TCP SPT=22 DPT=55346 PKTS=0 BYTES=0 [OFFLOAD] Oct 20 15:27:02.583053 osdx ulogd[278996]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.200.2 PROTO=TCP SPT=55346 DPT=22 PKTS=0 BYTES=0 , REPLY: SRC=192.168.200.2 DST=192.168.100.2 PROTO=TCP SPT=22 DPT=55346 PKTS=0 BYTES=0 Oct 20 15:27:02.583159 osdx ulogd[278996]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.200.2 PROTO=TCP SPT=55346 DPT=22 PKTS=0 BYTES=0 , REPLY: SRC=192.168.200.2 DST=192.168.100.2 PROTO=TCP SPT=22 DPT=55346 PKTS=0 BYTES=0 [OFFLOAD]
App detect logging
Description
Set a simple configuration enabling app detection in system conntrack, send a ping command from DUT1
and check app detect field appears when running system journal show. After that, enabling app detection
in system conntrack for http host, try to copy index.html from a http server
and check that the app detect field appears and belongs to the http server when running system journal show.
Scenario
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 192.168.100.1/24 set system conntrack app-detect set system conntrack logging events all set system conntrack timeout icmp 1 set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 2: Set the following configuration in DUT1 :
set interfaces ethernet eth0 address 192.168.100.2/24 set protocols static route 0.0.0.0/0 next-hop 192.168.100.1 set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 3: Ping IP address 192.168.100.1 from DUT1:
admin@DUT1$ ping 192.168.100.1 count 1 size 56 timeout 1Show output
PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data. 64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.367 ms --- 192.168.100.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.367/0.367/0.367/0.000 ms
Step 4: Ping IP address 192.168.100.1 from DUT1:
admin@DUT1$ ping 192.168.100.1 count 3 size 56 timeout 1Show output
PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data. 64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.266 ms 64 bytes from 192.168.100.1: icmp_seq=2 ttl=64 time=0.251 ms 64 bytes from 192.168.100.1: icmp_seq=3 ttl=64 time=0.289 ms --- 192.168.100.1 ping statistics --- 3 packets transmitted, 3 received, 0% packet loss, time 2055ms rtt min/avg/max/mdev = 0.251/0.268/0.289/0.015 ms
Step 5: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
ulogd\[.*\]:.*\[NEW\].*APPDETECT\[L3:1\]Show output
Oct 20 15:27:07.338805 osdx systemd-journald[222010]: Runtime Journal (/run/log/journal/82a9756ca47e4d589aa55e1b1a6b94de) is 1.9M, max 13.8M, 11.8M free. Oct 20 15:27:07.340586 osdx systemd-journald[222010]: Received client request to rotate journal, rotating. Oct 20 15:27:07.340639 osdx systemd-journald[222010]: Vacuuming done, freed 0B of archived journals from /run/log/journal/82a9756ca47e4d589aa55e1b1a6b94de. Oct 20 15:27:07.348126 osdx OSDxCLI[223371]: User 'admin' executed a new command: 'system journal clear'. Oct 20 15:27:07.570327 osdx OSDxCLI[223371]: User 'admin' executed a new command: 'system coredump delete all'. Oct 20 15:27:07.834589 osdx OSDxCLI[223371]: User 'admin' entered the configuration menu. Oct 20 15:27:07.892491 osdx OSDxCLI[223371]: User 'admin' added a new cfg line: 'set system conntrack app-detect'. Oct 20 15:27:07.991591 osdx OSDxCLI[223371]: User 'admin' added a new cfg line: 'set system conntrack timeout icmp 1'. Oct 20 15:27:08.063611 osdx OSDxCLI[223371]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 192.168.100.1/24'. Oct 20 15:27:08.146959 osdx OSDxCLI[223371]: User 'admin' added a new cfg line: 'set system conntrack logging events all'. Oct 20 15:27:08.214884 osdx OSDxCLI[223371]: User 'admin' added a new cfg line: 'show working'. Oct 20 15:27:08.311961 osdx ubnt-cfgd[279214]: inactive Oct 20 15:27:08.337254 osdx INFO[279222]: FRR daemons did not change Oct 20 15:27:08.544615 osdx kernel: app-detect: module init Oct 20 15:27:08.544666 osdx kernel: app-detect: registered: sysctl net.appdetect Oct 20 15:27:08.544680 osdx kernel: app-detect: expression init Oct 20 15:27:08.544688 osdx kernel: app-detect: appid cache initialized Oct 20 15:27:08.544695 osdx kernel: app-detect: appid cache changes counter initialized Oct 20 15:27:08.547489 osdx modulelauncher[279225]: AppDetect: no change in application dictionaries, thus nothing more to do Oct 20 15:27:08.572610 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Oct 20 15:27:08.664857 osdx systemd[1]: Starting ulogd2.service - Netfilter Userspace Logging Daemon... Oct 20 15:27:08.665566 osdx systemd[1]: Started ulogd2.service - Netfilter Userspace Logging Daemon. Oct 20 15:27:08.666274 osdx ulogd[279336]: registering plugin `NFCT' Oct 20 15:27:08.666322 osdx ulogd[279336]: registering plugin `IP2STR' Oct 20 15:27:08.666368 osdx ulogd[279336]: registering plugin `PRINTFLOW' Oct 20 15:27:08.666535 osdx ulogd[279336]: registering plugin `SYSLOG' Oct 20 15:27:08.666539 osdx ulogd[279336]: building new pluginstance stack: 'ct1:NFCT,ip2str1:IP2STR,print1:PRINTFLOW,sys1:SYSLOG' Oct 20 15:27:08.666824 osdx cfgd[1655]: [223371]Completed change to active configuration Oct 20 15:27:08.667599 osdx ulogd[279336]: NFCT plugin working in event mode Oct 20 15:27:08.667664 osdx ulogd[279336]: Changing UID / GID Oct 20 15:27:08.667777 osdx ulogd[279336]: initialization finished, entering main loop Oct 20 15:27:08.677627 osdx OSDxCLI[223371]: User 'admin' committed the configuration. Oct 20 15:27:08.694884 osdx OSDxCLI[223371]: User 'admin' left the configuration menu. Oct 20 15:27:09.532498 osdx ulogd[279336]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Oct 20 15:27:09.532520 osdx ulogd[279336]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Oct 20 15:27:09.623259 osdx ulogd[279336]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Oct 20 15:27:09.623280 osdx ulogd[279336]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Oct 20 15:27:10.654288 osdx ulogd[279336]: [DESTROY] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 APPDETECT[L3:1] Oct 20 15:27:10.654314 osdx ulogd[279336]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Oct 20 15:27:10.654326 osdx ulogd[279336]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Oct 20 15:27:11.678309 osdx ulogd[279336]: [DESTROY] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 APPDETECT[L3:1] Oct 20 15:27:11.678327 osdx ulogd[279336]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Oct 20 15:27:11.678338 osdx ulogd[279336]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1]
Step 6: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
ulogd\[.*\]:.*\[UPDATE\].*APPDETECT\[L3:1\]Show output
Oct 20 15:27:07.338805 osdx systemd-journald[222010]: Runtime Journal (/run/log/journal/82a9756ca47e4d589aa55e1b1a6b94de) is 1.9M, max 13.8M, 11.8M free. Oct 20 15:27:07.340586 osdx systemd-journald[222010]: Received client request to rotate journal, rotating. Oct 20 15:27:07.340639 osdx systemd-journald[222010]: Vacuuming done, freed 0B of archived journals from /run/log/journal/82a9756ca47e4d589aa55e1b1a6b94de. Oct 20 15:27:07.348126 osdx OSDxCLI[223371]: User 'admin' executed a new command: 'system journal clear'. Oct 20 15:27:07.570327 osdx OSDxCLI[223371]: User 'admin' executed a new command: 'system coredump delete all'. Oct 20 15:27:07.834589 osdx OSDxCLI[223371]: User 'admin' entered the configuration menu. Oct 20 15:27:07.892491 osdx OSDxCLI[223371]: User 'admin' added a new cfg line: 'set system conntrack app-detect'. Oct 20 15:27:07.991591 osdx OSDxCLI[223371]: User 'admin' added a new cfg line: 'set system conntrack timeout icmp 1'. Oct 20 15:27:08.063611 osdx OSDxCLI[223371]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 192.168.100.1/24'. Oct 20 15:27:08.146959 osdx OSDxCLI[223371]: User 'admin' added a new cfg line: 'set system conntrack logging events all'. Oct 20 15:27:08.214884 osdx OSDxCLI[223371]: User 'admin' added a new cfg line: 'show working'. Oct 20 15:27:08.311961 osdx ubnt-cfgd[279214]: inactive Oct 20 15:27:08.337254 osdx INFO[279222]: FRR daemons did not change Oct 20 15:27:08.544615 osdx kernel: app-detect: module init Oct 20 15:27:08.544666 osdx kernel: app-detect: registered: sysctl net.appdetect Oct 20 15:27:08.544680 osdx kernel: app-detect: expression init Oct 20 15:27:08.544688 osdx kernel: app-detect: appid cache initialized Oct 20 15:27:08.544695 osdx kernel: app-detect: appid cache changes counter initialized Oct 20 15:27:08.547489 osdx modulelauncher[279225]: AppDetect: no change in application dictionaries, thus nothing more to do Oct 20 15:27:08.572610 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Oct 20 15:27:08.664857 osdx systemd[1]: Starting ulogd2.service - Netfilter Userspace Logging Daemon... Oct 20 15:27:08.665566 osdx systemd[1]: Started ulogd2.service - Netfilter Userspace Logging Daemon. Oct 20 15:27:08.666274 osdx ulogd[279336]: registering plugin `NFCT' Oct 20 15:27:08.666322 osdx ulogd[279336]: registering plugin `IP2STR' Oct 20 15:27:08.666368 osdx ulogd[279336]: registering plugin `PRINTFLOW' Oct 20 15:27:08.666535 osdx ulogd[279336]: registering plugin `SYSLOG' Oct 20 15:27:08.666539 osdx ulogd[279336]: building new pluginstance stack: 'ct1:NFCT,ip2str1:IP2STR,print1:PRINTFLOW,sys1:SYSLOG' Oct 20 15:27:08.666824 osdx cfgd[1655]: [223371]Completed change to active configuration Oct 20 15:27:08.667599 osdx ulogd[279336]: NFCT plugin working in event mode Oct 20 15:27:08.667664 osdx ulogd[279336]: Changing UID / GID Oct 20 15:27:08.667777 osdx ulogd[279336]: initialization finished, entering main loop Oct 20 15:27:08.677627 osdx OSDxCLI[223371]: User 'admin' committed the configuration. Oct 20 15:27:08.694884 osdx OSDxCLI[223371]: User 'admin' left the configuration menu. Oct 20 15:27:09.532498 osdx ulogd[279336]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Oct 20 15:27:09.532520 osdx ulogd[279336]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Oct 20 15:27:09.623259 osdx ulogd[279336]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Oct 20 15:27:09.623280 osdx ulogd[279336]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Oct 20 15:27:10.654288 osdx ulogd[279336]: [DESTROY] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 APPDETECT[L3:1] Oct 20 15:27:10.654314 osdx ulogd[279336]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Oct 20 15:27:10.654326 osdx ulogd[279336]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Oct 20 15:27:11.678309 osdx ulogd[279336]: [DESTROY] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 APPDETECT[L3:1] Oct 20 15:27:11.678327 osdx ulogd[279336]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Oct 20 15:27:11.678338 osdx ulogd[279336]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Oct 20 15:27:11.763495 osdx OSDxCLI[223371]: User 'admin' executed a new command: 'system journal show | cat'.
Step 7: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
ulogd\[.*\]:.*\[DESTROY\].*APPDETECT\[L3:1\]Show output
Oct 20 15:27:07.338805 osdx systemd-journald[222010]: Runtime Journal (/run/log/journal/82a9756ca47e4d589aa55e1b1a6b94de) is 1.9M, max 13.8M, 11.8M free. Oct 20 15:27:07.340586 osdx systemd-journald[222010]: Received client request to rotate journal, rotating. Oct 20 15:27:07.340639 osdx systemd-journald[222010]: Vacuuming done, freed 0B of archived journals from /run/log/journal/82a9756ca47e4d589aa55e1b1a6b94de. Oct 20 15:27:07.348126 osdx OSDxCLI[223371]: User 'admin' executed a new command: 'system journal clear'. Oct 20 15:27:07.570327 osdx OSDxCLI[223371]: User 'admin' executed a new command: 'system coredump delete all'. Oct 20 15:27:07.834589 osdx OSDxCLI[223371]: User 'admin' entered the configuration menu. Oct 20 15:27:07.892491 osdx OSDxCLI[223371]: User 'admin' added a new cfg line: 'set system conntrack app-detect'. Oct 20 15:27:07.991591 osdx OSDxCLI[223371]: User 'admin' added a new cfg line: 'set system conntrack timeout icmp 1'. Oct 20 15:27:08.063611 osdx OSDxCLI[223371]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 192.168.100.1/24'. Oct 20 15:27:08.146959 osdx OSDxCLI[223371]: User 'admin' added a new cfg line: 'set system conntrack logging events all'. Oct 20 15:27:08.214884 osdx OSDxCLI[223371]: User 'admin' added a new cfg line: 'show working'. Oct 20 15:27:08.311961 osdx ubnt-cfgd[279214]: inactive Oct 20 15:27:08.337254 osdx INFO[279222]: FRR daemons did not change Oct 20 15:27:08.544615 osdx kernel: app-detect: module init Oct 20 15:27:08.544666 osdx kernel: app-detect: registered: sysctl net.appdetect Oct 20 15:27:08.544680 osdx kernel: app-detect: expression init Oct 20 15:27:08.544688 osdx kernel: app-detect: appid cache initialized Oct 20 15:27:08.544695 osdx kernel: app-detect: appid cache changes counter initialized Oct 20 15:27:08.547489 osdx modulelauncher[279225]: AppDetect: no change in application dictionaries, thus nothing more to do Oct 20 15:27:08.572610 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Oct 20 15:27:08.664857 osdx systemd[1]: Starting ulogd2.service - Netfilter Userspace Logging Daemon... Oct 20 15:27:08.665566 osdx systemd[1]: Started ulogd2.service - Netfilter Userspace Logging Daemon. Oct 20 15:27:08.666274 osdx ulogd[279336]: registering plugin `NFCT' Oct 20 15:27:08.666322 osdx ulogd[279336]: registering plugin `IP2STR' Oct 20 15:27:08.666368 osdx ulogd[279336]: registering plugin `PRINTFLOW' Oct 20 15:27:08.666535 osdx ulogd[279336]: registering plugin `SYSLOG' Oct 20 15:27:08.666539 osdx ulogd[279336]: building new pluginstance stack: 'ct1:NFCT,ip2str1:IP2STR,print1:PRINTFLOW,sys1:SYSLOG' Oct 20 15:27:08.666824 osdx cfgd[1655]: [223371]Completed change to active configuration Oct 20 15:27:08.667599 osdx ulogd[279336]: NFCT plugin working in event mode Oct 20 15:27:08.667664 osdx ulogd[279336]: Changing UID / GID Oct 20 15:27:08.667777 osdx ulogd[279336]: initialization finished, entering main loop Oct 20 15:27:08.677627 osdx OSDxCLI[223371]: User 'admin' committed the configuration. Oct 20 15:27:08.694884 osdx OSDxCLI[223371]: User 'admin' left the configuration menu. Oct 20 15:27:09.532498 osdx ulogd[279336]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Oct 20 15:27:09.532520 osdx ulogd[279336]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Oct 20 15:27:09.623259 osdx ulogd[279336]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Oct 20 15:27:09.623280 osdx ulogd[279336]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Oct 20 15:27:10.654288 osdx ulogd[279336]: [DESTROY] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 APPDETECT[L3:1] Oct 20 15:27:10.654314 osdx ulogd[279336]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Oct 20 15:27:10.654326 osdx ulogd[279336]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Oct 20 15:27:11.678309 osdx ulogd[279336]: [DESTROY] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 APPDETECT[L3:1] Oct 20 15:27:11.678327 osdx ulogd[279336]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Oct 20 15:27:11.678338 osdx ulogd[279336]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Oct 20 15:27:11.763495 osdx OSDxCLI[223371]: User 'admin' executed a new command: 'system journal show | cat'. Oct 20 15:27:11.907312 osdx OSDxCLI[223371]: User 'admin' executed a new command: 'system journal show | cat'.
Step 8: Modify the following configuration lines in DUT0 :
set interfaces ethernet eth1 address 10.215.168.64/24 set system conntrack app-detect http-host
Step 9: Ping IP address 10.215.168.1 from DUT0:
admin@DUT0$ ping 10.215.168.1 count 1 size 56 timeout 1Show output
PING 10.215.168.1 (10.215.168.1) 56(84) bytes of data. 64 bytes from 10.215.168.1: icmp_seq=1 ttl=64 time=0.226 ms --- 10.215.168.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.226/0.226/0.226/0.000 ms
Step 10: Run command file copy http://10.215.168.1/~robot/ running://index.html at DUT0 and expect this output:
Show output
% Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 100 1086 0 1086 0 0 109k 0 --:--:-- --:--:-- --:--:-- 117k
Step 11: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
ulogd\[.*\]:.*\[((NEW)|(UPDATE)|(DESTROY))\].*APPDETECT\[L4:80 http-host:10.215.168.1\]Show output
Oct 20 15:27:07.338805 osdx systemd-journald[222010]: Runtime Journal (/run/log/journal/82a9756ca47e4d589aa55e1b1a6b94de) is 1.9M, max 13.8M, 11.8M free. Oct 20 15:27:07.340586 osdx systemd-journald[222010]: Received client request to rotate journal, rotating. Oct 20 15:27:07.340639 osdx systemd-journald[222010]: Vacuuming done, freed 0B of archived journals from /run/log/journal/82a9756ca47e4d589aa55e1b1a6b94de. Oct 20 15:27:07.348126 osdx OSDxCLI[223371]: User 'admin' executed a new command: 'system journal clear'. Oct 20 15:27:07.570327 osdx OSDxCLI[223371]: User 'admin' executed a new command: 'system coredump delete all'. Oct 20 15:27:07.834589 osdx OSDxCLI[223371]: User 'admin' entered the configuration menu. Oct 20 15:27:07.892491 osdx OSDxCLI[223371]: User 'admin' added a new cfg line: 'set system conntrack app-detect'. Oct 20 15:27:07.991591 osdx OSDxCLI[223371]: User 'admin' added a new cfg line: 'set system conntrack timeout icmp 1'. Oct 20 15:27:08.063611 osdx OSDxCLI[223371]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 192.168.100.1/24'. Oct 20 15:27:08.146959 osdx OSDxCLI[223371]: User 'admin' added a new cfg line: 'set system conntrack logging events all'. Oct 20 15:27:08.214884 osdx OSDxCLI[223371]: User 'admin' added a new cfg line: 'show working'. Oct 20 15:27:08.311961 osdx ubnt-cfgd[279214]: inactive Oct 20 15:27:08.337254 osdx INFO[279222]: FRR daemons did not change Oct 20 15:27:08.544615 osdx kernel: app-detect: module init Oct 20 15:27:08.544666 osdx kernel: app-detect: registered: sysctl net.appdetect Oct 20 15:27:08.544680 osdx kernel: app-detect: expression init Oct 20 15:27:08.544688 osdx kernel: app-detect: appid cache initialized Oct 20 15:27:08.544695 osdx kernel: app-detect: appid cache changes counter initialized Oct 20 15:27:08.547489 osdx modulelauncher[279225]: AppDetect: no change in application dictionaries, thus nothing more to do Oct 20 15:27:08.572610 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Oct 20 15:27:08.664857 osdx systemd[1]: Starting ulogd2.service - Netfilter Userspace Logging Daemon... Oct 20 15:27:08.665566 osdx systemd[1]: Started ulogd2.service - Netfilter Userspace Logging Daemon. Oct 20 15:27:08.666274 osdx ulogd[279336]: registering plugin `NFCT' Oct 20 15:27:08.666322 osdx ulogd[279336]: registering plugin `IP2STR' Oct 20 15:27:08.666368 osdx ulogd[279336]: registering plugin `PRINTFLOW' Oct 20 15:27:08.666535 osdx ulogd[279336]: registering plugin `SYSLOG' Oct 20 15:27:08.666539 osdx ulogd[279336]: building new pluginstance stack: 'ct1:NFCT,ip2str1:IP2STR,print1:PRINTFLOW,sys1:SYSLOG' Oct 20 15:27:08.666824 osdx cfgd[1655]: [223371]Completed change to active configuration Oct 20 15:27:08.667599 osdx ulogd[279336]: NFCT plugin working in event mode Oct 20 15:27:08.667664 osdx ulogd[279336]: Changing UID / GID Oct 20 15:27:08.667777 osdx ulogd[279336]: initialization finished, entering main loop Oct 20 15:27:08.677627 osdx OSDxCLI[223371]: User 'admin' committed the configuration. Oct 20 15:27:08.694884 osdx OSDxCLI[223371]: User 'admin' left the configuration menu. Oct 20 15:27:09.532498 osdx ulogd[279336]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Oct 20 15:27:09.532520 osdx ulogd[279336]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Oct 20 15:27:09.623259 osdx ulogd[279336]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Oct 20 15:27:09.623280 osdx ulogd[279336]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Oct 20 15:27:10.654288 osdx ulogd[279336]: [DESTROY] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 APPDETECT[L3:1] Oct 20 15:27:10.654314 osdx ulogd[279336]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Oct 20 15:27:10.654326 osdx ulogd[279336]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Oct 20 15:27:11.678309 osdx ulogd[279336]: [DESTROY] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 APPDETECT[L3:1] Oct 20 15:27:11.678327 osdx ulogd[279336]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Oct 20 15:27:11.678338 osdx ulogd[279336]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Oct 20 15:27:11.763495 osdx OSDxCLI[223371]: User 'admin' executed a new command: 'system journal show | cat'. Oct 20 15:27:11.907312 osdx OSDxCLI[223371]: User 'admin' executed a new command: 'system journal show | cat'. Oct 20 15:27:12.019581 osdx OSDxCLI[223371]: User 'admin' executed a new command: 'system journal show | cat'. Oct 20 15:27:12.154133 osdx OSDxCLI[223371]: User 'admin' entered the configuration menu. Oct 20 15:27:12.228206 osdx OSDxCLI[223371]: User 'admin' added a new cfg line: 'set interfaces ethernet eth1 address 10.215.168.64/24'. Oct 20 15:27:12.312261 osdx OSDxCLI[223371]: User 'admin' added a new cfg line: 'set system conntrack app-detect http-host'. Oct 20 15:27:12.373845 osdx OSDxCLI[223371]: User 'admin' added a new cfg line: 'show changes'. Oct 20 15:27:12.481323 osdx ubnt-cfgd[279387]: inactive Oct 20 15:27:12.506611 osdx INFO[279395]: FRR daemons did not change Oct 20 15:27:12.552586 osdx kernel: app-detect: expression destroy Oct 20 15:27:12.560587 osdx kernel: app-detect: expression init Oct 20 15:27:12.560627 osdx kernel: app-detect: appid cache initialized Oct 20 15:27:12.560636 osdx kernel: app-detect: appid cache changes counter initialized Oct 20 15:27:12.564239 osdx modulelauncher[279398]: AppDetect: no change in application dictionaries, thus nothing more to do Oct 20 15:27:12.584593 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth1 Oct 20 15:27:12.634771 osdx cfgd[1655]: [223371]Completed change to active configuration Oct 20 15:27:12.644837 osdx ulogd[279336]: [DESTROY] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 APPDETECT[L3:1] Oct 20 15:27:12.644959 osdx ulogd[279336]: [DESTROY] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 APPDETECT[L3:1] Oct 20 15:27:12.645689 osdx OSDxCLI[223371]: User 'admin' committed the configuration. Oct 20 15:27:12.665921 osdx OSDxCLI[223371]: User 'admin' left the configuration menu. Oct 20 15:27:12.812300 osdx ulogd[279336]: [NEW] ORIG: SRC=10.215.168.64 DST=10.215.168.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=10.215.168.1 DST=10.215.168.64 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Oct 20 15:27:12.812531 osdx ulogd[279336]: [UPDATE] ORIG: SRC=10.215.168.64 DST=10.215.168.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=10.215.168.1 DST=10.215.168.64 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Oct 20 15:27:12.814470 osdx OSDxCLI[223371]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'. Oct 20 15:27:12.936367 osdx file_operation[279525]: using src url: http://10.215.168.1/~robot/ dst url: running://index.html Oct 20 15:27:12.940679 osdx ulogd[279336]: [NEW] ORIG: SRC=10.215.168.64 DST=10.215.168.1 PROTO=TCP SPT=41206 DPT=80 PKTS=0 BYTES=0 , REPLY: SRC=10.215.168.1 DST=10.215.168.64 PROTO=TCP SPT=80 DPT=41206 PKTS=0 BYTES=0 APPDETECT[L4:80] Oct 20 15:27:12.940815 osdx ulogd[279336]: [UPDATE] ORIG: SRC=10.215.168.64 DST=10.215.168.1 PROTO=TCP SPT=41206 DPT=80 PKTS=0 BYTES=0 , REPLY: SRC=10.215.168.1 DST=10.215.168.64 PROTO=TCP SPT=80 DPT=41206 PKTS=0 BYTES=0 APPDETECT[L4:80] Oct 20 15:27:12.940865 osdx ulogd[279336]: [UPDATE] ORIG: SRC=10.215.168.64 DST=10.215.168.1 PROTO=TCP SPT=41206 DPT=80 PKTS=0 BYTES=0 , REPLY: SRC=10.215.168.1 DST=10.215.168.64 PROTO=TCP SPT=80 DPT=41206 PKTS=0 BYTES=0 APPDETECT[L4:80] Oct 20 15:27:12.947721 osdx ulogd[279336]: [UPDATE] ORIG: SRC=10.215.168.64 DST=10.215.168.1 PROTO=TCP SPT=41206 DPT=80 PKTS=0 BYTES=0 , REPLY: SRC=10.215.168.1 DST=10.215.168.64 PROTO=TCP SPT=80 DPT=41206 PKTS=0 BYTES=0 APPDETECT[L4:80 http-host:10.215.168.1] Oct 20 15:27:12.947775 osdx ulogd[279336]: [UPDATE] ORIG: SRC=10.215.168.64 DST=10.215.168.1 PROTO=TCP SPT=41206 DPT=80 PKTS=0 BYTES=0 , REPLY: SRC=10.215.168.1 DST=10.215.168.64 PROTO=TCP SPT=80 DPT=41206 PKTS=0 BYTES=0 APPDETECT[L4:80 http-host:10.215.168.1] Oct 20 15:27:12.947787 osdx ulogd[279336]: [UPDATE] ORIG: SRC=10.215.168.64 DST=10.215.168.1 PROTO=TCP SPT=41206 DPT=80 PKTS=0 BYTES=0 , REPLY: SRC=10.215.168.1 DST=10.215.168.64 PROTO=TCP SPT=80 DPT=41206 PKTS=0 BYTES=0 APPDETECT[L4:80 http-host:10.215.168.1] Oct 20 15:27:12.965311 osdx OSDxCLI[223371]: User 'admin' executed a new command: 'file copy http://10.215.168.1/~robot/ running://index.html'.
App Detect Drop Packet
Description
Set a traffic policy with action drop for all the packets matching an appid specified by a traffic selector.
Enable http-host and http-url option in system conntrack appdetect path in order to see relevant information about http packets.
Finnally, log that packets with app-id option and check that appdetect field appear in journal when
running system journal show
Scenario
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth1 address 10.215.168.64/24 set interfaces ethernet eth1 traffic policy out DROP set system conntrack app-detect dictionary 130 custom app-id 155 fqdn 10.215.168.1 set system conntrack app-detect enable_dict_match_priv_ip set system conntrack app-detect http-host set system conntrack app-detect http-url set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0' set traffic policy DROP rule 1 action drop set traffic policy DROP rule 1 log app-id set traffic policy DROP rule 1 selector APPID set traffic selector APPID rule 1 app-id custom 155
Step 2: Ping IP address 10.215.168.1 from DUT0:
admin@DUT0$ ping 10.215.168.1 count 1 size 56 timeout 1Show output
PING 10.215.168.1 (10.215.168.1) 56(84) bytes of data. 64 bytes from 10.215.168.1: icmp_seq=1 ttl=64 time=0.208 ms --- 10.215.168.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.208/0.208/0.208/0.000 ms
Step 3: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
osdx kernel:.*APPDETECT\[U:155 http-url:/~robot/ http-host:10.215.168.1\]Show output
Oct 20 15:27:17.000186 osdx systemd-timedated[249457]: Changed local time to Mon 2025-10-20 15:27:17 UTC Oct 20 15:27:17.001034 osdx systemd-journald[222010]: Time jumped backwards, rotating. Oct 20 15:27:17.001188 osdx OSDxCLI[223371]: User 'admin' executed a new command: 'set date 2025-10-20 15:27:17'. Oct 20 15:27:17.297365 osdx systemd-journald[222010]: Runtime Journal (/run/log/journal/82a9756ca47e4d589aa55e1b1a6b94de) is 1.8M, max 13.8M, 11.9M free. Oct 20 15:27:17.301033 osdx systemd-journald[222010]: Received client request to rotate journal, rotating. Oct 20 15:27:17.301090 osdx systemd-journald[222010]: Vacuuming done, freed 0B of archived journals from /run/log/journal/82a9756ca47e4d589aa55e1b1a6b94de. Oct 20 15:27:17.307011 osdx OSDxCLI[223371]: User 'admin' executed a new command: 'system journal clear'. Oct 20 15:27:17.518616 osdx OSDxCLI[223371]: User 'admin' executed a new command: 'system coredump delete all'. Oct 20 15:27:17.752274 osdx OSDxCLI[223371]: User 'admin' entered the configuration menu. Oct 20 15:27:17.817339 osdx OSDxCLI[223371]: User 'admin' added a new cfg line: 'set system conntrack app-detect dictionary 130 custom app-id 155 fqdn 10.215.168.1'. Oct 20 15:27:17.913967 osdx OSDxCLI[223371]: User 'admin' added a new cfg line: 'set system conntrack app-detect enable_dict_match_priv_ip'. Oct 20 15:27:18.021393 osdx OSDxCLI[223371]: User 'admin' added a new cfg line: 'set system conntrack app-detect http-url'. Oct 20 15:27:18.085640 osdx OSDxCLI[223371]: User 'admin' added a new cfg line: 'set traffic selector APPID rule 1 app-id custom 155'. Oct 20 15:27:18.169747 osdx OSDxCLI[223371]: User 'admin' added a new cfg line: 'set traffic policy DROP rule 1 selector APPID'. Oct 20 15:27:18.237543 osdx OSDxCLI[223371]: User 'admin' added a new cfg line: 'set traffic policy DROP rule 1 action drop'. Oct 20 15:27:18.338272 osdx OSDxCLI[223371]: User 'admin' added a new cfg line: 'set traffic policy DROP rule 1 log app-id'. Oct 20 15:27:18.418721 osdx OSDxCLI[223371]: User 'admin' added a new cfg line: 'set interfaces ethernet eth1 traffic policy out DROP'. Oct 20 15:27:18.488017 osdx OSDxCLI[223371]: User 'admin' added a new cfg line: 'set interfaces ethernet eth1 address 10.215.168.64/24'. Oct 20 15:27:18.586138 osdx OSDxCLI[223371]: User 'admin' added a new cfg line: 'set system conntrack app-detect http-host'. Oct 20 15:27:18.653626 osdx OSDxCLI[223371]: User 'admin' added a new cfg line: 'show working'. Oct 20 15:27:18.754007 osdx ubnt-cfgd[279746]: inactive Oct 20 15:27:18.793433 osdx INFO[279768]: FRR daemons did not change Oct 20 15:27:18.961030 osdx kernel: app-detect: module init Oct 20 15:27:18.961081 osdx kernel: app-detect: registered: sysctl net.appdetect Oct 20 15:27:18.961091 osdx kernel: app-detect: expression init Oct 20 15:27:18.961099 osdx kernel: app-detect: appid cache initialized Oct 20 15:27:18.961107 osdx kernel: app-detect: appid cache changes counter initialized Oct 20 15:27:19.001033 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth1 Oct 20 15:27:19.250149 osdx cfgd[1655]: [223371]Completed change to active configuration Oct 20 15:27:19.261808 osdx OSDxCLI[223371]: User 'admin' committed the configuration. Oct 20 15:27:19.279002 osdx OSDxCLI[223371]: User 'admin' left the configuration menu. Oct 20 15:27:19.427208 osdx OSDxCLI[223371]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'. Oct 20 15:27:19.578642 osdx file_operation[279936]: using src url: http://10.215.168.1/~robot/ dst url: running://index.html Oct 20 15:27:19.585036 osdx kernel: [DROP-1] DROP IN= OUT=eth1 SRC=10.215.168.64 DST=10.215.168.1 LEN=306 TOS=0x00 PREC=0x00 TTL=64 ID=1513 DF PROTO=TCP SPT=41222 DPT=80 WINDOW=502 RES=0x00 ACK PSH URGP=0 APPDETECT[U:155 http-url:/~robot/ http-host:10.215.168.1] Oct 20 15:27:19.789038 osdx kernel: [DROP-1] DROP IN= OUT=eth1 SRC=10.215.168.64 DST=10.215.168.1 LEN=306 TOS=0x00 PREC=0x00 TTL=64 ID=1514 DF PROTO=TCP SPT=41222 DPT=80 WINDOW=502 RES=0x00 ACK PSH URGP=0 APPDETECT[U:155 http-url:/~robot/ http-host:10.215.168.1] Oct 20 15:27:20.213079 osdx kernel: [DROP-1] DROP IN= OUT=eth1 SRC=10.215.168.64 DST=10.215.168.1 LEN=306 TOS=0x00 PREC=0x00 TTL=64 ID=1515 DF PROTO=TCP SPT=41222 DPT=80 WINDOW=502 RES=0x00 ACK PSH URGP=0 APPDETECT[U:155 http-url:/~robot/ http-host:10.215.168.1] Oct 20 15:27:21.049033 osdx kernel: [DROP-1] DROP IN= OUT=eth1 SRC=10.215.168.64 DST=10.215.168.1 LEN=306 TOS=0x00 PREC=0x00 TTL=64 ID=1516 DF PROTO=TCP SPT=41222 DPT=80 WINDOW=502 RES=0x00 ACK PSH URGP=0 APPDETECT[U:155 http-url:/~robot/ http-host:10.215.168.1] Oct 20 15:27:22.570690 osdx file_operation.py[279936]: Operation aborted by user. Oct 20 15:27:22.581045 osdx kernel: [DROP-1] DROP IN= OUT=eth1 SRC=10.215.168.64 DST=10.215.168.1 LEN=306 TOS=0x00 PREC=0x00 TTL=64 ID=1517 DF PROTO=TCP SPT=41222 DPT=80 WINDOW=502 RES=0x00 ACK PSH FIN URGP=0 APPDETECT[U:155 http-url:/~robot/ http-host:10.215.168.1] Oct 20 15:27:22.586407 osdx OSDxCLI[223371]: User 'admin' executed a new command: 'file copy http://10.215.168.1/~robot/ running://index.html'. Oct 20 15:27:22.677066 osdx kernel: [DROP-1] DROP IN= OUT=eth1 SRC=10.215.168.64 DST=10.215.168.1 LEN=306 TOS=0x00 PREC=0x00 TTL=64 ID=1518 DF PROTO=TCP SPT=41222 DPT=80 WINDOW=502 RES=0x00 ACK PSH FIN URGP=0 APPDETECT[U:155 http-url:/~robot/ http-host:10.215.168.1]
Identity Values
Description
Conntrack identity is able to contain any printed character but not spaces
Scenario
Step 1: Run command configure at DUT0 and expect this output:
Step 2: Run command set system conntrack logging identity "he||o w@rld!" at DUT0 and check if output contains the following tokens:
Identity name must be 92 characters or less and must contain printable characters except those defined as part of the space character classShow output
Identity name must be 92 characters or less and must contain printable characters except those defined as part of the space character class Value validation failed CLI Error: Command error
Step 3: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 192.168.100.1/24 set system conntrack logging events all set system conntrack logging identity 'he||o-w@rld!' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 4: Set the following configuration in DUT1 :
set interfaces ethernet eth0 address 192.168.100.2/24 set protocols static route 0.0.0.0/0 next-hop 192.168.100.1 set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 5: Ping IP address 192.168.100.1 from DUT1:
admin@DUT1$ ping 192.168.100.1 count 1 size 56 timeout 1Show output
PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data. 64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.283 ms --- 192.168.100.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.283/0.283/0.283/0.000 ms
Step 6: Ping IP address 192.168.100.1 from DUT1:
admin@DUT1$ ping 192.168.100.1 count 1 size 56 timeout 1Show output
PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data. 64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.222 ms --- 192.168.100.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.222/0.222/0.222/0.000 ms
Step 7: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
he||o-w@rld!\[.*\]:.*\[((NEW)|(UPDATE)|(DESTROY))\].*SRC=192.168.100.2Show output
Oct 20 15:27:27.305102 osdx systemd-journald[222010]: Runtime Journal (/run/log/journal/82a9756ca47e4d589aa55e1b1a6b94de) is 1.9M, max 13.8M, 11.8M free. Oct 20 15:27:27.308613 osdx systemd-journald[222010]: Received client request to rotate journal, rotating. Oct 20 15:27:27.308676 osdx systemd-journald[222010]: Vacuuming done, freed 0B of archived journals from /run/log/journal/82a9756ca47e4d589aa55e1b1a6b94de. Oct 20 15:27:27.315369 osdx OSDxCLI[223371]: User 'admin' executed a new command: 'system journal clear'. Oct 20 15:27:27.530659 osdx OSDxCLI[223371]: User 'admin' executed a new command: 'system coredump delete all'. Oct 20 15:27:27.748145 osdx OSDxCLI[223371]: User 'admin' entered the configuration menu. Oct 20 15:27:27.853292 osdx cfgd[1655]: [223371]Command output: Identity name must be 92 characters or less and must contain printable characters except those defined as part of the space character class Value validation failed Oct 20 15:27:27.854588 osdx OSDxCLI[223371]: User 'admin' entered an invalid command: 'set system conntrack logging identity "he||o w@rld!"'. Oct 20 15:27:27.883237 osdx OSDxCLI[223371]: User 'admin' left the configuration menu. Oct 20 15:27:28.046422 osdx OSDxCLI[223371]: User 'admin' entered the configuration menu. Oct 20 15:27:28.123560 osdx OSDxCLI[223371]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 192.168.100.1/24'. Oct 20 15:27:28.207248 osdx OSDxCLI[223371]: User 'admin' added a new cfg line: 'set system conntrack logging events all'. Oct 20 15:27:28.267099 osdx OSDxCLI[223371]: User 'admin' added a new cfg line: 'set system conntrack logging identity he||o-w@rld!'. Oct 20 15:27:28.380937 osdx OSDxCLI[223371]: User 'admin' added a new cfg line: 'show working'. Oct 20 15:27:28.441584 osdx ubnt-cfgd[280129]: inactive Oct 20 15:27:28.460594 osdx INFO[280137]: FRR daemons did not change Oct 20 15:27:28.484610 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Oct 20 15:27:28.592875 osdx systemd[1]: Starting ulogd2.service - Netfilter Userspace Logging Daemon... Oct 20 15:27:28.593730 osdx systemd[1]: Started ulogd2.service - Netfilter Userspace Logging Daemon. Oct 20 15:27:28.594091 osdx ulogd[280228]: registering plugin `NFCT' Oct 20 15:27:28.594127 osdx ulogd[280228]: registering plugin `IP2STR' Oct 20 15:27:28.594162 osdx ulogd[280228]: registering plugin `PRINTFLOW' Oct 20 15:27:28.594206 osdx ulogd[280228]: registering plugin `SYSLOG' Oct 20 15:27:28.594210 osdx ulogd[280228]: building new pluginstance stack: 'ct1:NFCT,ip2str1:IP2STR,print1:PRINTFLOW,sys1:SYSLOG' Oct 20 15:27:28.594248 osdx ulogd[280228]: NFCT plugin working in event mode Oct 20 15:27:28.594255 osdx he||o-w@rld![280228]: Changing UID / GID Oct 20 15:27:28.594327 osdx he||o-w@rld![280228]: initialization finished, entering main loop Oct 20 15:27:28.594779 osdx cfgd[1655]: [223371]Completed change to active configuration Oct 20 15:27:28.607182 osdx OSDxCLI[223371]: User 'admin' committed the configuration. Oct 20 15:27:28.630231 osdx OSDxCLI[223371]: User 'admin' left the configuration menu. Oct 20 15:27:29.452036 osdx he||o-w@rld![280228]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 Oct 20 15:27:29.452053 osdx he||o-w@rld![280228]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 Oct 20 15:27:29.531732 osdx he||o-w@rld![280228]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 Oct 20 15:27:29.531750 osdx he||o-w@rld![280228]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0