Logging

The following scenarios show how to configure the conntrack logging option with different traffic policies and services enabled, in order to check that all fields are displayed correctly and all events are captured.

New events

Description

Check NEW sessions events are captured

Scenario

Step 1: Set the following configuration in DUT0 :

set interfaces ethernet eth0 address 192.168.100.1/24
set system conntrack logging events new
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'

Step 2: Set the following configuration in DUT1 :

set interfaces ethernet eth0 address 192.168.100.2/24
set protocols static route 0.0.0.0/0 next-hop 192.168.100.1
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'

Step 3: Ping IP address 192.168.100.1 from DUT1:

admin@DUT1$ ping 192.168.100.1 count 1 size 56 timeout 1

Show output

PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data.
64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.366 ms

--- 192.168.100.1 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 0.366/0.366/0.366/0.000 ms

Step 4: Ping IP address 192.168.100.1 from DUT1:

admin@DUT1$ ping 192.168.100.1 count 1 size 56 timeout 1

Show output

PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data.
64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.267 ms

--- 192.168.100.1 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 0.267/0.267/0.267/0.000 ms

Step 5: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:

ulogd\[.*\]:.*\[NEW\].*SRC=192.168.100.2

Show output

Oct 10 19:26:52.000214 osdx systemd-timedated[204277]: Changed local time to Fri 2025-10-10 19:26:52 UTC
Oct 10 19:26:52.001432 osdx OSDxCLI[206114]: User 'admin' executed a new command: 'set date 2025-10-10 19:26:52'.
Oct 10 19:26:52.283984 osdx systemd-journald[1670]: Runtime Journal (/run/log/journal/d6792964fe7547c9a60a3d774aa97dac) is 1.9M, max 13.8M, 11.8M free.
Oct 10 19:26:52.286180 osdx systemd-journald[1670]: Received client request to rotate journal, rotating.
Oct 10 19:26:52.286243 osdx systemd-journald[1670]: Vacuuming done, freed 0B of archived journals from /run/log/journal/d6792964fe7547c9a60a3d774aa97dac.
Oct 10 19:26:52.295000 osdx OSDxCLI[206114]: User 'admin' executed a new command: 'system journal clear'.
Oct 10 19:26:52.496536 osdx OSDxCLI[206114]: User 'admin' executed a new command: 'system coredump delete all'.
Oct 10 19:26:52.708512 osdx OSDxCLI[206114]: User 'admin' entered the configuration menu.
Oct 10 19:26:52.822732 osdx OSDxCLI[206114]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 192.168.100.1/24'.
Oct 10 19:26:52.874225 osdx OSDxCLI[206114]: User 'admin' added a new cfg line: 'set system conntrack logging events new'.
Oct 10 19:26:52.982664 osdx OSDxCLI[206114]: User 'admin' added a new cfg line: 'show working'.
Oct 10 19:26:53.041117 osdx ubnt-cfgd[206244]: inactive
Oct 10 19:26:53.058607 osdx INFO[206250]: FRR daemons did not change
Oct 10 19:26:53.082140 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0
Oct 10 19:26:53.126769 osdx WARNING[206321]: No supported link modes on interface eth0
Oct 10 19:26:53.128113 osdx modulelauncher[206321]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on
Oct 10 19:26:53.128128 osdx modulelauncher[206321]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76.
Oct 10 19:26:53.129229 osdx modulelauncher[206321]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off --
Oct 10 19:26:53.129236 osdx modulelauncher[206321]: Command '/sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off --' returned non-zero exit status 75.
Oct 10 19:26:53.190542 osdx systemd[1]: Starting ulogd2.service - Netfilter Userspace Logging Daemon...
Oct 10 19:26:53.193588 osdx systemd[1]: Started ulogd2.service - Netfilter Userspace Logging Daemon.
Oct 10 19:26:53.194882 osdx cfgd[1464]: [206114]Completed change to active configuration
Oct 10 19:26:53.196160 osdx ulogd[206346]: registering plugin `NFCT'
Oct 10 19:26:53.197260 osdx ulogd[206346]: registering plugin `IP2STR'
Oct 10 19:26:53.197347 osdx ulogd[206346]: registering plugin `PRINTFLOW'
Oct 10 19:26:53.198647 osdx ulogd[206346]: registering plugin `SYSLOG'
Oct 10 19:26:53.198658 osdx ulogd[206346]: building new pluginstance stack: 'ct1:NFCT,ip2str1:IP2STR,print1:PRINTFLOW,sys1:SYSLOG'
Oct 10 19:26:53.198728 osdx ulogd[206346]: NFCT plugin working in event mode
Oct 10 19:26:53.198738 osdx ulogd[206346]: Changing UID / GID
Oct 10 19:26:53.198835 osdx ulogd[206346]: initialization finished, entering main loop
Oct 10 19:26:53.208541 osdx OSDxCLI[206114]: User 'admin' committed the configuration.
Oct 10 19:26:53.239712 osdx OSDxCLI[206114]: User 'admin' left the configuration menu.
Oct 10 19:26:54.223628 osdx ulogd[206346]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0
Oct 10 19:26:54.320683 osdx ulogd[206346]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0

---

Update events

Description

Check UPDATE sessions events are captured

Scenario

Step 1: Set the following configuration in DUT0 :

set interfaces ethernet eth0 address 192.168.100.1/24
set system conntrack logging events update
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'

Step 2: Set the following configuration in DUT1 :

set interfaces ethernet eth0 address 192.168.100.2/24
set protocols static route 0.0.0.0/0 next-hop 192.168.100.1
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'

Step 3: Ping IP address 192.168.100.1 from DUT1:

admin@DUT1$ ping 192.168.100.1 count 1 size 56 timeout 1

Show output

PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data.
64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.339 ms

--- 192.168.100.1 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 0.339/0.339/0.339/0.000 ms

Step 4: Ping IP address 192.168.100.1 from DUT1:

admin@DUT1$ ping 192.168.100.1 count 1 size 56 timeout 1

Show output

PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data.
64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.229 ms

--- 192.168.100.1 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 0.229/0.229/0.229/0.000 ms

Step 5: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:

ulogd\[.*\]:.*\[UPDATE\].*SRC=192.168.100.2

Show output

Oct 10 19:26:58.304704 osdx systemd-journald[1670]: Runtime Journal (/run/log/journal/d6792964fe7547c9a60a3d774aa97dac) is 2.0M, max 13.8M, 11.7M free.
Oct 10 19:26:58.306300 osdx systemd-journald[1670]: Received client request to rotate journal, rotating.
Oct 10 19:26:58.306351 osdx systemd-journald[1670]: Vacuuming done, freed 0B of archived journals from /run/log/journal/d6792964fe7547c9a60a3d774aa97dac.
Oct 10 19:26:58.314834 osdx OSDxCLI[206114]: User 'admin' executed a new command: 'system journal clear'.
Oct 10 19:26:58.540866 osdx OSDxCLI[206114]: User 'admin' executed a new command: 'system coredump delete all'.
Oct 10 19:26:58.837539 osdx OSDxCLI[206114]: User 'admin' entered the configuration menu.
Oct 10 19:26:58.916067 osdx OSDxCLI[206114]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 192.168.100.1/24'.
Oct 10 19:26:59.008243 osdx OSDxCLI[206114]: User 'admin' added a new cfg line: 'set system conntrack logging events update'.
Oct 10 19:26:59.076475 osdx OSDxCLI[206114]: User 'admin' added a new cfg line: 'show working'.
Oct 10 19:26:59.178458 osdx ubnt-cfgd[206532]: inactive
Oct 10 19:26:59.198806 osdx INFO[206538]: FRR daemons did not change
Oct 10 19:26:59.226313 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0
Oct 10 19:26:59.269900 osdx WARNING[206609]: No supported link modes on interface eth0
Oct 10 19:26:59.271791 osdx modulelauncher[206609]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on
Oct 10 19:26:59.271806 osdx modulelauncher[206609]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76.
Oct 10 19:26:59.273311 osdx modulelauncher[206609]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off --
Oct 10 19:26:59.273319 osdx modulelauncher[206609]: Command '/sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off --' returned non-zero exit status 75.
Oct 10 19:26:59.338638 osdx systemd[1]: Starting ulogd2.service - Netfilter Userspace Logging Daemon...
Oct 10 19:26:59.339634 osdx systemd[1]: Started ulogd2.service - Netfilter Userspace Logging Daemon.
Oct 10 19:26:59.339867 osdx ulogd[206634]: registering plugin `NFCT'
Oct 10 19:26:59.340084 osdx ulogd[206634]: registering plugin `IP2STR'
Oct 10 19:26:59.340134 osdx ulogd[206634]: registering plugin `PRINTFLOW'
Oct 10 19:26:59.340183 osdx ulogd[206634]: registering plugin `SYSLOG'
Oct 10 19:26:59.340190 osdx ulogd[206634]: building new pluginstance stack: 'ct1:NFCT,ip2str1:IP2STR,print1:PRINTFLOW,sys1:SYSLOG'
Oct 10 19:26:59.340245 osdx ulogd[206634]: NFCT plugin working in event mode
Oct 10 19:26:59.340299 osdx ulogd[206634]: Changing UID / GID
Oct 10 19:26:59.340385 osdx ulogd[206634]: initialization finished, entering main loop
Oct 10 19:26:59.340721 osdx cfgd[1464]: [206114]Completed change to active configuration
Oct 10 19:26:59.354548 osdx OSDxCLI[206114]: User 'admin' committed the configuration.
Oct 10 19:26:59.393802 osdx OSDxCLI[206114]: User 'admin' left the configuration menu.
Oct 10 19:27:00.230102 osdx ulogd[206634]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0
Oct 10 19:27:00.304428 osdx ulogd[206634]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0

---

Destroy events

Description

Check DESTROY sessions events are captured

Scenario

Step 1: Set the following configuration in DUT0 :

set interfaces ethernet eth0 address 192.168.100.1/24
set service ssh
set system conntrack logging events destroy
set system conntrack timeout icmp 1
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'

Step 2: Set the following configuration in DUT1 :

set interfaces ethernet eth0 address 192.168.100.2/24
set protocols static route 0.0.0.0/0 next-hop 192.168.100.1
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'

Step 3: Ping IP address 192.168.100.1 from DUT1:

admin@DUT1$ ping 192.168.100.1 count 1 size 56 timeout 1

Show output

PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data.
64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.321 ms

--- 192.168.100.1 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 0.321/0.321/0.321/0.000 ms

Step 4: Ping IP address 192.168.100.1 from DUT1:

admin@DUT1$ ping 192.168.100.1 count 3 size 56 timeout 1

Show output

PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data.
64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.215 ms
64 bytes from 192.168.100.1: icmp_seq=2 ttl=64 time=0.271 ms
64 bytes from 192.168.100.1: icmp_seq=3 ttl=64 time=0.295 ms

--- 192.168.100.1 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2025ms
rtt min/avg/max/mdev = 0.215/0.260/0.295/0.033 ms

Step 5: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:

ulogd\[.*\]:.*\[DESTROY\].*SRC=192.168.100.2

Show output

Oct 10 19:27:05.292959 osdx systemd-journald[1670]: Runtime Journal (/run/log/journal/d6792964fe7547c9a60a3d774aa97dac) is 1.9M, max 13.8M, 11.9M free.
Oct 10 19:27:05.293706 osdx systemd-journald[1670]: Received client request to rotate journal, rotating.
Oct 10 19:27:05.293743 osdx systemd-journald[1670]: Vacuuming done, freed 0B of archived journals from /run/log/journal/d6792964fe7547c9a60a3d774aa97dac.
Oct 10 19:27:05.304619 osdx OSDxCLI[206114]: User 'admin' executed a new command: 'system journal clear'.
Oct 10 19:27:05.519124 osdx OSDxCLI[206114]: User 'admin' executed a new command: 'system coredump delete all'.
Oct 10 19:27:05.766379 osdx OSDxCLI[206114]: User 'admin' entered the configuration menu.
Oct 10 19:27:05.839841 osdx OSDxCLI[206114]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 192.168.100.1/24'.
Oct 10 19:27:05.917380 osdx OSDxCLI[206114]: User 'admin' added a new cfg line: 'set system conntrack logging events destroy'.
Oct 10 19:27:05.977954 osdx OSDxCLI[206114]: User 'admin' added a new cfg line: 'set system conntrack timeout icmp 1'.
Oct 10 19:27:06.070261 osdx OSDxCLI[206114]: User 'admin' added a new cfg line: 'set service ssh'.
Oct 10 19:27:06.144726 osdx OSDxCLI[206114]: User 'admin' added a new cfg line: 'show working'.
Oct 10 19:27:06.223437 osdx ubnt-cfgd[206825]: inactive
Oct 10 19:27:06.246468 osdx INFO[206837]: FRR daemons did not change
Oct 10 19:27:06.273720 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0
Oct 10 19:27:06.317320 osdx WARNING[206910]: No supported link modes on interface eth0
Oct 10 19:27:06.318716 osdx modulelauncher[206910]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on
Oct 10 19:27:06.318730 osdx modulelauncher[206910]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76.
Oct 10 19:27:06.319882 osdx modulelauncher[206910]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off --
Oct 10 19:27:06.319892 osdx modulelauncher[206910]: Command '/sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off --' returned non-zero exit status 75.
Oct 10 19:27:06.366066 osdx systemd[1]: Starting ulogd2.service - Netfilter Userspace Logging Daemon...
Oct 10 19:27:06.366933 osdx systemd[1]: Started ulogd2.service - Netfilter Userspace Logging Daemon.
Oct 10 19:27:06.367075 osdx ulogd[206935]: registering plugin `NFCT'
Oct 10 19:27:06.367249 osdx ulogd[206935]: registering plugin `IP2STR'
Oct 10 19:27:06.367313 osdx ulogd[206935]: registering plugin `PRINTFLOW'
Oct 10 19:27:06.367374 osdx ulogd[206935]: registering plugin `SYSLOG'
Oct 10 19:27:06.367398 osdx ulogd[206935]: building new pluginstance stack: 'ct1:NFCT,ip2str1:IP2STR,print1:PRINTFLOW,sys1:SYSLOG'
Oct 10 19:27:06.367460 osdx ulogd[206935]: NFCT plugin working in event mode
Oct 10 19:27:06.367488 osdx ulogd[206935]: Changing UID / GID
Oct 10 19:27:06.367571 osdx ulogd[206935]: initialization finished, entering main loop
Oct 10 19:27:06.446041 osdx systemd[1]: Starting ssh.service - OpenBSD Secure Shell server...
Oct 10 19:27:06.477591 osdx sshd[206941]: Server listening on 0.0.0.0 port 22.
Oct 10 19:27:06.477621 osdx sshd[206941]: Server listening on :: port 22.
Oct 10 19:27:06.477734 osdx systemd[1]: Started ssh.service - OpenBSD Secure Shell server.
Oct 10 19:27:06.504395 osdx cfgd[1464]: [206114]Completed change to active configuration
Oct 10 19:27:06.515899 osdx OSDxCLI[206114]: User 'admin' committed the configuration.
Oct 10 19:27:06.530879 osdx OSDxCLI[206114]: User 'admin' left the configuration menu.
Oct 10 19:27:08.360775 osdx ulogd[206935]: [DESTROY] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84
Oct 10 19:27:09.384747 osdx ulogd[206935]: [DESTROY] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84
Oct 10 19:27:10.433852 osdx ulogd[206935]: [DESTROY] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84
Oct 10 19:27:10.433882 osdx ulogd[206935]: [DESTROY] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84

---

Default logging

Description

Set a simple configuration, send a ping command from one device to other and check that default fields appear when running system journal show.

Scenario

Step 1: Set the following configuration in DUT0 :

set interfaces ethernet eth0 address 192.168.100.1/24
set system conntrack logging events all
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'

Step 2: Set the following configuration in DUT1 :

set interfaces ethernet eth0 address 192.168.100.2/24
set protocols static route 0.0.0.0/0 next-hop 192.168.100.1
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'

Step 3: Ping IP address 192.168.100.1 from DUT1:

admin@DUT1$ ping 192.168.100.1 count 1 size 56 timeout 1

Show output

PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data.
64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.315 ms

--- 192.168.100.1 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 0.315/0.315/0.315/0.000 ms

Step 4: Ping IP address 192.168.100.1 from DUT1:

admin@DUT1$ ping 192.168.100.1 count 1 size 56 timeout 1

Show output

PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data.
64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.250 ms

--- 192.168.100.1 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 0.250/0.250/0.250/0.000 ms

Step 5: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:

ulogd\[.*\]:.*\[((NEW)|(UPDATE)|(DESTROY))\].*SRC=192.168.100.2

Show output

Oct 10 19:27:16.336440 osdx systemd-journald[1670]: Runtime Journal (/run/log/journal/d6792964fe7547c9a60a3d774aa97dac) is 1.8M, max 13.8M, 11.9M free.
Oct 10 19:27:16.339951 osdx systemd-journald[1670]: Received client request to rotate journal, rotating.
Oct 10 19:27:16.340010 osdx systemd-journald[1670]: Vacuuming done, freed 0B of archived journals from /run/log/journal/d6792964fe7547c9a60a3d774aa97dac.
Oct 10 19:27:16.347292 osdx OSDxCLI[206114]: User 'admin' executed a new command: 'system journal clear'.
Oct 10 19:27:16.584037 osdx OSDxCLI[206114]: User 'admin' executed a new command: 'system coredump delete all'.
Oct 10 19:27:16.847481 osdx OSDxCLI[206114]: User 'admin' entered the configuration menu.
Oct 10 19:27:16.932009 osdx OSDxCLI[206114]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 192.168.100.1/24'.
Oct 10 19:27:17.019756 osdx OSDxCLI[206114]: User 'admin' added a new cfg line: 'set system conntrack logging events all'.
Oct 10 19:27:17.128752 osdx OSDxCLI[206114]: User 'admin' added a new cfg line: 'show working'.
Oct 10 19:27:17.189764 osdx ubnt-cfgd[207154]: inactive
Oct 10 19:27:17.207232 osdx INFO[207160]: FRR daemons did not change
Oct 10 19:27:17.231965 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0
Oct 10 19:27:17.275090 osdx WARNING[207231]: No supported link modes on interface eth0
Oct 10 19:27:17.276481 osdx modulelauncher[207231]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on
Oct 10 19:27:17.276494 osdx modulelauncher[207231]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76.
Oct 10 19:27:17.277948 osdx modulelauncher[207231]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off --
Oct 10 19:27:17.277955 osdx modulelauncher[207231]: Command '/sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off --' returned non-zero exit status 75.
Oct 10 19:27:17.328271 osdx systemd[1]: Starting ulogd2.service - Netfilter Userspace Logging Daemon...
Oct 10 19:27:17.328972 osdx systemd[1]: Started ulogd2.service - Netfilter Userspace Logging Daemon.
Oct 10 19:27:17.329053 osdx ulogd[207256]: registering plugin `NFCT'
Oct 10 19:27:17.329258 osdx ulogd[207256]: registering plugin `IP2STR'
Oct 10 19:27:17.329324 osdx ulogd[207256]: registering plugin `PRINTFLOW'
Oct 10 19:27:17.329380 osdx ulogd[207256]: registering plugin `SYSLOG'
Oct 10 19:27:17.329385 osdx ulogd[207256]: building new pluginstance stack: 'ct1:NFCT,ip2str1:IP2STR,print1:PRINTFLOW,sys1:SYSLOG'
Oct 10 19:27:17.329433 osdx ulogd[207256]: NFCT plugin working in event mode
Oct 10 19:27:17.329476 osdx ulogd[207256]: Changing UID / GID
Oct 10 19:27:17.329543 osdx ulogd[207256]: initialization finished, entering main loop
Oct 10 19:27:17.330141 osdx cfgd[1464]: [206114]Completed change to active configuration
Oct 10 19:27:17.341847 osdx OSDxCLI[206114]: User 'admin' committed the configuration.
Oct 10 19:27:17.389830 osdx OSDxCLI[206114]: User 'admin' left the configuration menu.
Oct 10 19:27:18.266663 osdx ulogd[207256]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0
Oct 10 19:27:18.266683 osdx ulogd[207256]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0
Oct 10 19:27:18.360888 osdx ulogd[207256]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0
Oct 10 19:27:18.360907 osdx ulogd[207256]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0

---

Identity logging

Description

Set a simple configuration with identity OSDx_DUT0 for logs entries, send a ping command from one device to other and check that the identity has changed when running system journal show.

Scenario

Step 1: Set the following configuration in DUT0 :

set interfaces ethernet eth0 address 192.168.100.1/24
set system conntrack logging events all
set system conntrack logging identity OSDx_DUT0
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'

Step 2: Set the following configuration in DUT1 :

set interfaces ethernet eth0 address 192.168.100.2/24
set protocols static route 0.0.0.0/0 next-hop 192.168.100.1
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'

Step 3: Ping IP address 192.168.100.1 from DUT1:

admin@DUT1$ ping 192.168.100.1 count 1 size 56 timeout 1

Show output

PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data.
64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.337 ms

--- 192.168.100.1 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 0.337/0.337/0.337/0.000 ms

Step 4: Ping IP address 192.168.100.1 from DUT1:

admin@DUT1$ ping 192.168.100.1 count 1 size 56 timeout 1

Show output

PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data.
64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.248 ms

--- 192.168.100.1 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 0.248/0.248/0.248/0.000 ms

Step 5: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:

OSDx_DUT0\[.*\]:.*\[((NEW)|(UPDATE)|(DESTROY))\].*SRC=192.168.100.2

Show output

Oct 10 19:27:22.293576 osdx systemd-journald[1670]: Runtime Journal (/run/log/journal/d6792964fe7547c9a60a3d774aa97dac) is 1.8M, max 13.8M, 11.9M free.
Oct 10 19:27:22.296020 osdx systemd-journald[1670]: Received client request to rotate journal, rotating.
Oct 10 19:27:22.296095 osdx systemd-journald[1670]: Vacuuming done, freed 0B of archived journals from /run/log/journal/d6792964fe7547c9a60a3d774aa97dac.
Oct 10 19:27:22.304611 osdx OSDxCLI[206114]: User 'admin' executed a new command: 'system journal clear'.
Oct 10 19:27:22.582443 osdx OSDxCLI[206114]: User 'admin' executed a new command: 'system coredump delete all'.
Oct 10 19:27:22.848575 osdx OSDxCLI[206114]: User 'admin' entered the configuration menu.
Oct 10 19:27:22.930623 osdx OSDxCLI[206114]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 192.168.100.1/24'.
Oct 10 19:27:23.013817 osdx OSDxCLI[206114]: User 'admin' added a new cfg line: 'set system conntrack logging events all'.
Oct 10 19:27:23.109902 osdx OSDxCLI[206114]: User 'admin' added a new cfg line: 'set system conntrack logging identity OSDx_DUT0'.
Oct 10 19:27:23.177220 osdx OSDxCLI[206114]: User 'admin' added a new cfg line: 'show working'.
Oct 10 19:27:23.277882 osdx ubnt-cfgd[207443]: inactive
Oct 10 19:27:23.298680 osdx INFO[207449]: FRR daemons did not change
Oct 10 19:27:23.324009 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0
Oct 10 19:27:23.364068 osdx WARNING[207520]: No supported link modes on interface eth0
Oct 10 19:27:23.365350 osdx modulelauncher[207520]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on
Oct 10 19:27:23.365363 osdx modulelauncher[207520]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76.
Oct 10 19:27:23.366426 osdx modulelauncher[207520]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off --
Oct 10 19:27:23.366433 osdx modulelauncher[207520]: Command '/sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off --' returned non-zero exit status 75.
Oct 10 19:27:23.416325 osdx systemd[1]: Starting ulogd2.service - Netfilter Userspace Logging Daemon...
Oct 10 19:27:23.417085 osdx systemd[1]: Started ulogd2.service - Netfilter Userspace Logging Daemon.
Oct 10 19:27:23.417176 osdx ulogd[207545]: registering plugin `NFCT'
Oct 10 19:27:23.417225 osdx ulogd[207545]: registering plugin `IP2STR'
Oct 10 19:27:23.417276 osdx ulogd[207545]: registering plugin `PRINTFLOW'
Oct 10 19:27:23.417326 osdx ulogd[207545]: registering plugin `SYSLOG'
Oct 10 19:27:23.417330 osdx ulogd[207545]: building new pluginstance stack: 'ct1:NFCT,ip2str1:IP2STR,print1:PRINTFLOW,sys1:SYSLOG'
Oct 10 19:27:23.417378 osdx ulogd[207545]: NFCT plugin working in event mode
Oct 10 19:27:23.417386 osdx OSDx_DUT0[207545]: Changing UID / GID
Oct 10 19:27:23.417465 osdx OSDx_DUT0[207545]: initialization finished, entering main loop
Oct 10 19:27:23.418270 osdx cfgd[1464]: [206114]Completed change to active configuration
Oct 10 19:27:23.429308 osdx OSDxCLI[206114]: User 'admin' committed the configuration.
Oct 10 19:27:23.452283 osdx OSDxCLI[206114]: User 'admin' left the configuration menu.
Oct 10 19:27:24.272040 osdx OSDx_DUT0[207545]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0
Oct 10 19:27:24.272066 osdx OSDx_DUT0[207545]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0
Oct 10 19:27:24.346816 osdx OSDx_DUT0[207545]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0
Oct 10 19:27:24.346839 osdx OSDx_DUT0[207545]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0

Note

If the identity is not provided, “ulogd” will be used by default.

Step 6: Modify the following configuration lines in DUT0 :

delete system conntrack logging identity

Step 7: Ping IP address 192.168.100.1 from DUT1:

admin@DUT1$ ping 192.168.100.1 count 1 size 56 timeout 1

Show output

PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data.
64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.225 ms

--- 192.168.100.1 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 0.225/0.225/0.225/0.000 ms

Step 8: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:

ulogd\[.*\]:.*\[((NEW)|(UPDATE)|(DESTROY))\].*SRC=192.168.100.2

Show output

Oct 10 19:27:22.293576 osdx systemd-journald[1670]: Runtime Journal (/run/log/journal/d6792964fe7547c9a60a3d774aa97dac) is 1.8M, max 13.8M, 11.9M free.
Oct 10 19:27:22.296020 osdx systemd-journald[1670]: Received client request to rotate journal, rotating.
Oct 10 19:27:22.296095 osdx systemd-journald[1670]: Vacuuming done, freed 0B of archived journals from /run/log/journal/d6792964fe7547c9a60a3d774aa97dac.
Oct 10 19:27:22.304611 osdx OSDxCLI[206114]: User 'admin' executed a new command: 'system journal clear'.
Oct 10 19:27:22.582443 osdx OSDxCLI[206114]: User 'admin' executed a new command: 'system coredump delete all'.
Oct 10 19:27:22.848575 osdx OSDxCLI[206114]: User 'admin' entered the configuration menu.
Oct 10 19:27:22.930623 osdx OSDxCLI[206114]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 192.168.100.1/24'.
Oct 10 19:27:23.013817 osdx OSDxCLI[206114]: User 'admin' added a new cfg line: 'set system conntrack logging events all'.
Oct 10 19:27:23.109902 osdx OSDxCLI[206114]: User 'admin' added a new cfg line: 'set system conntrack logging identity OSDx_DUT0'.
Oct 10 19:27:23.177220 osdx OSDxCLI[206114]: User 'admin' added a new cfg line: 'show working'.
Oct 10 19:27:23.277882 osdx ubnt-cfgd[207443]: inactive
Oct 10 19:27:23.298680 osdx INFO[207449]: FRR daemons did not change
Oct 10 19:27:23.324009 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0
Oct 10 19:27:23.364068 osdx WARNING[207520]: No supported link modes on interface eth0
Oct 10 19:27:23.365350 osdx modulelauncher[207520]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on
Oct 10 19:27:23.365363 osdx modulelauncher[207520]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76.
Oct 10 19:27:23.366426 osdx modulelauncher[207520]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off --
Oct 10 19:27:23.366433 osdx modulelauncher[207520]: Command '/sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off --' returned non-zero exit status 75.
Oct 10 19:27:23.416325 osdx systemd[1]: Starting ulogd2.service - Netfilter Userspace Logging Daemon...
Oct 10 19:27:23.417085 osdx systemd[1]: Started ulogd2.service - Netfilter Userspace Logging Daemon.
Oct 10 19:27:23.417176 osdx ulogd[207545]: registering plugin `NFCT'
Oct 10 19:27:23.417225 osdx ulogd[207545]: registering plugin `IP2STR'
Oct 10 19:27:23.417276 osdx ulogd[207545]: registering plugin `PRINTFLOW'
Oct 10 19:27:23.417326 osdx ulogd[207545]: registering plugin `SYSLOG'
Oct 10 19:27:23.417330 osdx ulogd[207545]: building new pluginstance stack: 'ct1:NFCT,ip2str1:IP2STR,print1:PRINTFLOW,sys1:SYSLOG'
Oct 10 19:27:23.417378 osdx ulogd[207545]: NFCT plugin working in event mode
Oct 10 19:27:23.417386 osdx OSDx_DUT0[207545]: Changing UID / GID
Oct 10 19:27:23.417465 osdx OSDx_DUT0[207545]: initialization finished, entering main loop
Oct 10 19:27:23.418270 osdx cfgd[1464]: [206114]Completed change to active configuration
Oct 10 19:27:23.429308 osdx OSDxCLI[206114]: User 'admin' committed the configuration.
Oct 10 19:27:23.452283 osdx OSDxCLI[206114]: User 'admin' left the configuration menu.
Oct 10 19:27:24.272040 osdx OSDx_DUT0[207545]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0
Oct 10 19:27:24.272066 osdx OSDx_DUT0[207545]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0
Oct 10 19:27:24.346816 osdx OSDx_DUT0[207545]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0
Oct 10 19:27:24.346839 osdx OSDx_DUT0[207545]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0
Oct 10 19:27:24.469282 osdx OSDxCLI[206114]: User 'admin' executed a new command: 'system journal show | cat'.
Oct 10 19:27:24.611572 osdx OSDxCLI[206114]: User 'admin' entered the configuration menu.
Oct 10 19:27:24.682739 osdx OSDxCLI[206114]: User 'admin' added a new cfg line: 'delete system conntrack logging identity'.
Oct 10 19:27:24.744379 osdx OSDxCLI[206114]: User 'admin' added a new cfg line: 'show changes'.
Oct 10 19:27:24.842417 osdx ubnt-cfgd[207582]: inactive
Oct 10 19:27:24.858502 osdx INFO[207588]: FRR daemons did not change
Oct 10 19:27:24.867317 osdx OSDx_DUT0[207545]: Terminal signal received, exiting
Oct 10 19:27:24.867399 osdx systemd[1]: Stopping ulogd2.service - Netfilter Userspace Logging Daemon...
Oct 10 19:27:24.867616 osdx systemd[1]: ulogd2.service: Deactivated successfully.
Oct 10 19:27:24.867708 osdx systemd[1]: Stopped ulogd2.service - Netfilter Userspace Logging Daemon.
Oct 10 19:27:24.892376 osdx systemd[1]: Starting ulogd2.service - Netfilter Userspace Logging Daemon...
Oct 10 19:27:24.893045 osdx systemd[1]: Started ulogd2.service - Netfilter Userspace Logging Daemon.
Oct 10 19:27:24.893211 osdx ulogd[207596]: registering plugin `NFCT'
Oct 10 19:27:24.893442 osdx ulogd[207596]: registering plugin `IP2STR'
Oct 10 19:27:24.893493 osdx ulogd[207596]: registering plugin `PRINTFLOW'
Oct 10 19:27:24.893584 osdx ulogd[207596]: registering plugin `SYSLOG'
Oct 10 19:27:24.893591 osdx ulogd[207596]: building new pluginstance stack: 'ct1:NFCT,ip2str1:IP2STR,print1:PRINTFLOW,sys1:SYSLOG'
Oct 10 19:27:24.893643 osdx ulogd[207596]: NFCT plugin working in event mode
Oct 10 19:27:24.893653 osdx ulogd[207596]: Changing UID / GID
Oct 10 19:27:24.893729 osdx ulogd[207596]: initialization finished, entering main loop
Oct 10 19:27:24.894320 osdx cfgd[1464]: [206114]Completed change to active configuration
Oct 10 19:27:24.896576 osdx ulogd[207596]: [DESTROY] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84
Oct 10 19:27:24.896597 osdx ulogd[207596]: [DESTROY] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84
Oct 10 19:27:24.897211 osdx OSDxCLI[206114]: User 'admin' committed the configuration.
Oct 10 19:27:24.912902 osdx OSDxCLI[206114]: User 'admin' left the configuration menu.
Oct 10 19:27:25.056521 osdx ulogd[207596]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0
Oct 10 19:27:25.056544 osdx ulogd[207596]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0

---

Policies logging

Description

Set a simple configuration with mark and label traffic policies, send a ping command from one device to other and check that default, mark and label fields appear when running system journal show.

Scenario

Step 1: Set the following configuration in DUT0 :

set interfaces ethernet eth0 address 192.168.100.1/24
set interfaces ethernet eth0 traffic policy in POLICY
set system conntrack logging events all
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
set traffic label TEST
set traffic policy POLICY rule 1 set connmark 33
set traffic policy POLICY rule 1 set label TEST

Step 2: Set the following configuration in DUT1 :

set interfaces ethernet eth0 address 192.168.100.2/24
set protocols static route 0.0.0.0/0 next-hop 192.168.100.1
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'

Step 3: Ping IP address 192.168.100.1 from DUT1:

admin@DUT1$ ping 192.168.100.1 count 1 size 56 timeout 1

Show output

PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data.
64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.425 ms

--- 192.168.100.1 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 0.425/0.425/0.425/0.000 ms

Step 4: Ping IP address 192.168.100.1 from DUT1:

admin@DUT1$ ping 192.168.100.1 count 2 size 56 timeout 1

Show output

PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data.
64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.269 ms
64 bytes from 192.168.100.1: icmp_seq=2 ttl=64 time=0.258 ms

--- 192.168.100.1 ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1008ms
rtt min/avg/max/mdev = 0.258/0.263/0.269/0.005 ms

Step 5: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:

ulogd\[.*\]:.*\[((NEW)|(UPDATE)|(DESTROY))\].*MARK=33.*LABELS=TEST

Show output

Oct 10 19:27:29.295281 osdx systemd-journald[1670]: Runtime Journal (/run/log/journal/d6792964fe7547c9a60a3d774aa97dac) is 1.8M, max 13.8M, 11.9M free.
Oct 10 19:27:29.297708 osdx systemd-journald[1670]: Received client request to rotate journal, rotating.
Oct 10 19:27:29.297753 osdx systemd-journald[1670]: Vacuuming done, freed 0B of archived journals from /run/log/journal/d6792964fe7547c9a60a3d774aa97dac.
Oct 10 19:27:29.304194 osdx OSDxCLI[206114]: User 'admin' executed a new command: 'system journal clear'.
Oct 10 19:27:29.522379 osdx OSDxCLI[206114]: User 'admin' executed a new command: 'system coredump delete all'.
Oct 10 19:27:29.753666 osdx OSDxCLI[206114]: User 'admin' entered the configuration menu.
Oct 10 19:27:29.833504 osdx OSDxCLI[206114]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 traffic policy in POLICY'.
Oct 10 19:27:29.904046 osdx OSDxCLI[206114]: User 'admin' added a new cfg line: 'set traffic label TEST'.
Oct 10 19:27:29.993752 osdx OSDxCLI[206114]: User 'admin' added a new cfg line: 'set traffic policy POLICY rule 1 set connmark 33'.
Oct 10 19:27:30.053717 osdx OSDxCLI[206114]: User 'admin' added a new cfg line: 'set traffic policy POLICY rule 1 set label TEST'.
Oct 10 19:27:30.149773 osdx OSDxCLI[206114]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 192.168.100.1/24'.
Oct 10 19:27:30.212393 osdx OSDxCLI[206114]: User 'admin' added a new cfg line: 'set system conntrack logging events all'.
Oct 10 19:27:30.330168 osdx OSDxCLI[206114]: User 'admin' added a new cfg line: 'show working'.
Oct 10 19:27:30.406098 osdx ubnt-cfgd[207762]: inactive
Oct 10 19:27:30.431488 osdx INFO[207774]: FRR daemons did not change
Oct 10 19:27:30.457713 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0
Oct 10 19:27:30.500521 osdx WARNING[207845]: No supported link modes on interface eth0
Oct 10 19:27:30.501885 osdx modulelauncher[207845]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on
Oct 10 19:27:30.501897 osdx modulelauncher[207845]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76.
Oct 10 19:27:30.503070 osdx modulelauncher[207845]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off --
Oct 10 19:27:30.503079 osdx modulelauncher[207845]: Command '/sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off --' returned non-zero exit status 75.
Oct 10 19:27:30.553982 osdx systemd[1]: Starting ulogd2.service - Netfilter Userspace Logging Daemon...
Oct 10 19:27:30.554808 osdx systemd[1]: Started ulogd2.service - Netfilter Userspace Logging Daemon.
Oct 10 19:27:30.554867 osdx ulogd[207870]: registering plugin `NFCT'
Oct 10 19:27:30.554903 osdx ulogd[207870]: registering plugin `IP2STR'
Oct 10 19:27:30.554938 osdx ulogd[207870]: registering plugin `PRINTFLOW'
Oct 10 19:27:30.554982 osdx ulogd[207870]: registering plugin `SYSLOG'
Oct 10 19:27:30.554986 osdx ulogd[207870]: building new pluginstance stack: 'ct1:NFCT,ip2str1:IP2STR,print1:PRINTFLOW,sys1:SYSLOG'
Oct 10 19:27:30.555027 osdx ulogd[207870]: NFCT plugin working in event mode
Oct 10 19:27:30.555033 osdx ulogd[207870]: Changing UID / GID
Oct 10 19:27:30.555095 osdx ulogd[207870]: initialization finished, entering main loop
Oct 10 19:27:30.566426 osdx ulogd[207870]: Terminal signal received, exiting
Oct 10 19:27:30.566556 osdx systemd[1]: Stopping ulogd2.service - Netfilter Userspace Logging Daemon...
Oct 10 19:27:30.566835 osdx systemd[1]: ulogd2.service: Deactivated successfully.
Oct 10 19:27:30.566962 osdx systemd[1]: Stopped ulogd2.service - Netfilter Userspace Logging Daemon.
Oct 10 19:27:30.568168 osdx systemd[1]: Starting ulogd2.service - Netfilter Userspace Logging Daemon...
Oct 10 19:27:30.569090 osdx systemd[1]: Started ulogd2.service - Netfilter Userspace Logging Daemon.
Oct 10 19:27:30.569307 osdx ulogd[207876]: registering plugin `NFCT'
Oct 10 19:27:30.569546 osdx ulogd[207876]: registering plugin `IP2STR'
Oct 10 19:27:30.569633 osdx ulogd[207876]: registering plugin `PRINTFLOW'
Oct 10 19:27:30.569759 osdx ulogd[207876]: registering plugin `SYSLOG'
Oct 10 19:27:30.569796 osdx ulogd[207876]: building new pluginstance stack: 'ct1:NFCT,ip2str1:IP2STR,print1:PRINTFLOW,sys1:SYSLOG'
Oct 10 19:27:30.569880 osdx ulogd[207876]: NFCT plugin working in event mode
Oct 10 19:27:30.569891 osdx ulogd[207876]: Changing UID / GID
Oct 10 19:27:30.569976 osdx ulogd[207876]: initialization finished, entering main loop
Oct 10 19:27:30.733125 osdx cfgd[1464]: [206114]Completed change to active configuration
Oct 10 19:27:30.747906 osdx OSDxCLI[206114]: User 'admin' committed the configuration.
Oct 10 19:27:30.764932 osdx OSDxCLI[206114]: User 'admin' left the configuration menu.
Oct 10 19:27:31.701430 osdx ulogd[207876]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 MARK=33 LABELS=TEST
Oct 10 19:27:31.701449 osdx ulogd[207876]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 MARK=33
Oct 10 19:27:31.784631 osdx ulogd[207876]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 MARK=33 LABELS=TEST
Oct 10 19:27:31.784657 osdx ulogd[207876]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 MARK=33

---

VRF logging

Description

Set a simple configuration with a vrf, send a ping command from one device to other and check that default and vrf fields appear when running system journal show.

Scenario

Step 1: Set the following configuration in DUT0 :

set interfaces ethernet eth0 address 192.168.100.1/24
set interfaces ethernet eth0 vrf RED
set protocols vrf RED static route 0.0.0.0/0 next-hop 192.168.100.2
set system conntrack logging events all
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
set system vrf RED

Step 2: Set the following configuration in DUT1 :

set interfaces ethernet eth0 address 192.168.100.2/24
set protocols static route 0.0.0.0/0 next-hop 192.168.100.1
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'

Step 3: Ping IP address 192.168.100.1 from DUT1:

admin@DUT1$ ping 192.168.100.1 count 1 size 56 timeout 1

Show output

PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data.
64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.340 ms

--- 192.168.100.1 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 0.340/0.340/0.340/0.000 ms

Step 4: Ping IP address 192.168.100.1 from DUT1:

admin@DUT1$ ping 192.168.100.1 count 1 size 56 timeout 1

Show output

PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data.
64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.307 ms

--- 192.168.100.1 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 0.307/0.307/0.307/0.000 ms

Step 5: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:

ulogd\[.*\]:.*\[((NEW)|(UPDATE)|(DESTROY))\].*VRF=RED

Show output

Oct 10 19:27:38.336041 osdx systemd-journald[1670]: Runtime Journal (/run/log/journal/d6792964fe7547c9a60a3d774aa97dac) is 1.8M, max 13.8M, 11.9M free.
Oct 10 19:27:38.337263 osdx systemd-journald[1670]: Received client request to rotate journal, rotating.
Oct 10 19:27:38.337318 osdx systemd-journald[1670]: Vacuuming done, freed 0B of archived journals from /run/log/journal/d6792964fe7547c9a60a3d774aa97dac.
Oct 10 19:27:38.347751 osdx OSDxCLI[206114]: User 'admin' executed a new command: 'system journal clear'.
Oct 10 19:27:38.587239 osdx OSDxCLI[206114]: User 'admin' executed a new command: 'system coredump delete all'.
Oct 10 19:27:38.885033 osdx OSDxCLI[206114]: User 'admin' entered the configuration menu.
Oct 10 19:27:38.959812 osdx OSDxCLI[206114]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 vrf RED'.
Oct 10 19:27:39.039293 osdx OSDxCLI[206114]: User 'admin' added a new cfg line: 'set protocols vrf RED static route 0.0.0.0/0 next-hop 192.168.100.2'.
Oct 10 19:27:39.087869 osdx OSDxCLI[206114]: User 'admin' added a new cfg line: 'set system vrf RED'.
Oct 10 19:27:39.189380 osdx OSDxCLI[206114]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 192.168.100.1/24'.
Oct 10 19:27:39.250203 osdx OSDxCLI[206114]: User 'admin' added a new cfg line: 'set system conntrack logging events all'.
Oct 10 19:27:39.369283 osdx OSDxCLI[206114]: User 'admin' added a new cfg line: 'show working'.
Oct 10 19:27:39.431799 osdx ubnt-cfgd[208111]: inactive
Oct 10 19:27:39.450505 osdx INFO[208117]: FRR daemons did not change
Oct 10 19:27:39.458918 osdx (udev-worker)[208127]: RED: Could not disable auto negotiation, ignoring: Operation not supported
Oct 10 19:27:39.458937 osdx (udev-worker)[208127]: Network interface NamePolicy= disabled on kernel command line.
Oct 10 19:27:39.489280 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0
Oct 10 19:27:39.530171 osdx WARNING[208202]: No supported link modes on interface eth0
Oct 10 19:27:39.531479 osdx modulelauncher[208202]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on
Oct 10 19:27:39.531493 osdx modulelauncher[208202]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76.
Oct 10 19:27:39.532597 osdx modulelauncher[208202]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off --
Oct 10 19:27:39.532604 osdx modulelauncher[208202]: Command '/sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off --' returned non-zero exit status 75.
Oct 10 19:27:39.545281 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0
Oct 10 19:27:39.641576 osdx systemd[1]: Starting ulogd2.service - Netfilter Userspace Logging Daemon...
Oct 10 19:27:39.642286 osdx systemd[1]: Started ulogd2.service - Netfilter Userspace Logging Daemon.
Oct 10 19:27:39.642479 osdx ulogd[208288]: registering plugin `NFCT'
Oct 10 19:27:39.642668 osdx ulogd[208288]: registering plugin `IP2STR'
Oct 10 19:27:39.642707 osdx ulogd[208288]: registering plugin `PRINTFLOW'
Oct 10 19:27:39.642746 osdx ulogd[208288]: registering plugin `SYSLOG'
Oct 10 19:27:39.642751 osdx ulogd[208288]: building new pluginstance stack: 'ct1:NFCT,ip2str1:IP2STR,print1:PRINTFLOW,sys1:SYSLOG'
Oct 10 19:27:39.642790 osdx ulogd[208288]: NFCT plugin working in event mode
Oct 10 19:27:39.642827 osdx ulogd[208288]: Changing UID / GID
Oct 10 19:27:39.642892 osdx ulogd[208288]: initialization finished, entering main loop
Oct 10 19:27:39.643378 osdx cfgd[1464]: [206114]Completed change to active configuration
Oct 10 19:27:39.655197 osdx OSDxCLI[206114]: User 'admin' committed the configuration.
Oct 10 19:27:39.707440 osdx OSDxCLI[206114]: User 'admin' left the configuration menu.
Oct 10 19:27:40.501438 osdx ulogd[208288]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 VRF=RED PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 VRF=RED PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0
Oct 10 19:27:40.501457 osdx ulogd[208288]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 VRF=RED PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 VRF=RED PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0
Oct 10 19:27:40.641547 osdx ulogd[208288]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 VRF=RED PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 VRF=RED PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0
Oct 10 19:27:40.641577 osdx ulogd[208288]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 VRF=RED PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 VRF=RED PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0

---

Not-Bypass logging

Description

Set a simple configuration with a firewall service, send a ping command from one device to other and check that default and bypass fields appear when running system journal show.

Scenario

Step 1: Set the following configuration in DUT0 :

set interfaces ethernet eth1 address 10.215.168.64/24
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'

Step 2: Ping IP address 10.215.168.1 from DUT0:

admin@DUT0$ ping 10.215.168.1 count 1 size 56 timeout 1

Show output

PING 10.215.168.1 (10.215.168.1) 56(84) bytes of data.
64 bytes from 10.215.168.1: icmp_seq=1 ttl=64 time=0.213 ms

--- 10.215.168.1 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 0.213/0.213/0.213/0.000 ms

Step 3: Run command file copy http://10.215.168.1/~robot/test-performance.rules running:// force at DUT0 and expect this output:

Show output

  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100   129  100   129    0     0   4480      0 --:--:-- --:--:-- --:--:--  4607

Step 4: Set the following configuration in DUT0 :

set interfaces ethernet eth0 address 192.168.100.1/24
set interfaces ethernet eth0 traffic policy in POLICY
set interfaces ethernet eth1 address 10.215.168.64/24
set service firewall FW mode inline queue FW_Q
set service firewall FW ruleset file 'running://test-performance.rules'
set service firewall FW stream bypass mark 129834765
set service firewall FW stream bypass mask 129834765
set service firewall FW stream bypass set-connmark
set system conntrack logging events all
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
set traffic policy POLICY rule 1 action enqueue FW_Q
set traffic queue FW_Q elements 1

Step 5: Set the following configuration in DUT1 :

set interfaces ethernet eth0 address 192.168.100.2/24
set protocols static route 0.0.0.0/0 next-hop 192.168.100.1
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'

Step 6: Ping IP address 192.168.100.1 from DUT1:

admin@DUT1$ ping 192.168.100.1 count 1 size 56 timeout 1

Show output

PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data.
64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.539 ms

--- 192.168.100.1 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 0.539/0.539/0.539/0.000 ms

Step 7: Ping IP address 192.168.100.1 from DUT1:

admin@DUT1$ ping 192.168.100.1 count 1 size 56 timeout 1

Show output

PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data.
64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.362 ms

--- 192.168.100.1 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 0.362/0.362/0.362/0.000 ms

Step 8: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:

ulogd\[.*\]:.*\[((NEW)|(UPDATE)|(DESTROY))\].*Sc: not-bypass

Show output

Oct 10 19:27:44.000170 osdx systemd-timedated[204277]: Changed local time to Fri 2025-10-10 19:27:44 UTC
Oct 10 19:27:44.001159 osdx OSDxCLI[206114]: User 'admin' executed a new command: 'set date 2025-10-10 19:27:44'.
Oct 10 19:27:44.003426 osdx systemd-journald[1670]: Time jumped backwards, rotating.
Oct 10 19:27:44.336082 osdx systemd-journald[1670]: Runtime Journal (/run/log/journal/d6792964fe7547c9a60a3d774aa97dac) is 1.8M, max 13.8M, 11.9M free.
Oct 10 19:27:44.339425 osdx systemd-journald[1670]: Received client request to rotate journal, rotating.
Oct 10 19:27:44.339472 osdx systemd-journald[1670]: Vacuuming done, freed 0B of archived journals from /run/log/journal/d6792964fe7547c9a60a3d774aa97dac.
Oct 10 19:27:44.345241 osdx OSDxCLI[206114]: User 'admin' executed a new command: 'system journal clear'.
Oct 10 19:27:44.554669 osdx OSDxCLI[206114]: User 'admin' executed a new command: 'system coredump delete all'.
Oct 10 19:27:44.806075 osdx OSDxCLI[206114]: User 'admin' entered the configuration menu.
Oct 10 19:27:44.878491 osdx OSDxCLI[206114]: User 'admin' added a new cfg line: 'set interfaces ethernet eth1 address 10.215.168.64/24'.
Oct 10 19:27:44.969849 osdx OSDxCLI[206114]: User 'admin' added a new cfg line: 'show working'.
Oct 10 19:27:45.058766 osdx ubnt-cfgd[208556]: inactive
Oct 10 19:27:45.079553 osdx INFO[208562]: FRR daemons did not change
Oct 10 19:27:45.103439 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth1
Oct 10 19:27:45.145742 osdx WARNING[208630]: No supported link modes on interface eth1
Oct 10 19:27:45.147107 osdx modulelauncher[208630]: osdx.utils.xos cmd error: /sbin/ethtool -A eth1 autoneg on
Oct 10 19:27:45.147124 osdx modulelauncher[208630]: Command '/sbin/ethtool -A eth1 autoneg on' returned non-zero exit status 76.
Oct 10 19:27:45.148554 osdx modulelauncher[208630]: osdx.utils.xos cmd error: /sbin/ethtool -s eth1 autoneg on advertise Asym_Pause off Pause off --
Oct 10 19:27:45.148564 osdx modulelauncher[208630]: Command '/sbin/ethtool -s eth1 autoneg on advertise Asym_Pause off Pause off --' returned non-zero exit status 75.
Oct 10 19:27:45.159198 osdx cfgd[1464]: [206114]Completed change to active configuration
Oct 10 19:27:45.170139 osdx OSDxCLI[206114]: User 'admin' committed the configuration.
Oct 10 19:27:45.186150 osdx OSDxCLI[206114]: User 'admin' left the configuration menu.
Oct 10 19:27:45.368207 osdx OSDxCLI[206114]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'.
Oct 10 19:27:45.498093 osdx file_operation[208684]: using src url: http://10.215.168.1/~robot/test-performance.rules dst url: running://
Oct 10 19:27:45.547300 osdx OSDxCLI[206114]: User 'admin' executed a new command: 'file copy http://10.215.168.1/~robot/test-performance.rules running:// force'.
Oct 10 19:27:45.698386 osdx OSDxCLI[206114]: User 'admin' entered the configuration menu.
Oct 10 19:27:45.766682 osdx OSDxCLI[206114]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 traffic policy in POLICY'.
Oct 10 19:27:45.861061 osdx OSDxCLI[206114]: User 'admin' added a new cfg line: 'set service firewall FW mode inline queue FW_Q'.
Oct 10 19:27:45.915061 osdx OSDxCLI[206114]: User 'admin' added a new cfg line: 'set service firewall FW ruleset file running://test-performance.rules'.
Oct 10 19:27:46.033374 osdx OSDxCLI[206114]: User 'admin' added a new cfg line: 'set service firewall FW stream bypass'.
Oct 10 19:27:46.094299 osdx OSDxCLI[206114]: User 'admin' added a new cfg line: 'set service firewall FW stream bypass mark 129834765'.
Oct 10 19:27:46.199688 osdx OSDxCLI[206114]: User 'admin' added a new cfg line: 'set service firewall FW stream bypass mask 129834765'.
Oct 10 19:27:46.261490 osdx OSDxCLI[206114]: User 'admin' added a new cfg line: 'set service firewall FW stream bypass set-connmark'.
Oct 10 19:27:46.368379 osdx OSDxCLI[206114]: User 'admin' added a new cfg line: 'set traffic queue FW_Q elements 1'.
Oct 10 19:27:46.441190 osdx OSDxCLI[206114]: User 'admin' added a new cfg line: 'set traffic policy POLICY rule 1 action enqueue FW_Q'.
Oct 10 19:27:46.577193 osdx OSDxCLI[206114]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 192.168.100.1/24'.
Oct 10 19:27:46.670256 osdx OSDxCLI[206114]: User 'admin' added a new cfg line: 'set system conntrack logging events all'.
Oct 10 19:27:46.810254 osdx OSDxCLI[206114]: User 'admin' added a new cfg line: 'show working'.
Oct 10 19:27:46.876054 osdx ubnt-cfgd[208718]: inactive
Oct 10 19:27:46.911966 osdx INFO[208733]: FRR daemons did not change
Oct 10 19:27:46.939436 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0
Oct 10 19:27:46.984377 osdx WARNING[208804]: No supported link modes on interface eth0
Oct 10 19:27:46.985723 osdx modulelauncher[208804]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on
Oct 10 19:27:46.985738 osdx modulelauncher[208804]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76.
Oct 10 19:27:46.986827 osdx modulelauncher[208804]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off --
Oct 10 19:27:46.986836 osdx modulelauncher[208804]: Command '/sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off --' returned non-zero exit status 75.
Oct 10 19:27:47.043762 osdx systemd[1]: Starting ulogd2.service - Netfilter Userspace Logging Daemon...
Oct 10 19:27:47.044573 osdx systemd[1]: Started ulogd2.service - Netfilter Userspace Logging Daemon.
Oct 10 19:27:47.044769 osdx ulogd[208829]: registering plugin `NFCT'
Oct 10 19:27:47.044961 osdx ulogd[208829]: registering plugin `IP2STR'
Oct 10 19:27:47.045009 osdx ulogd[208829]: registering plugin `PRINTFLOW'
Oct 10 19:27:47.045048 osdx ulogd[208829]: registering plugin `SYSLOG'
Oct 10 19:27:47.045051 osdx ulogd[208829]: building new pluginstance stack: 'ct1:NFCT,ip2str1:IP2STR,print1:PRINTFLOW,sys1:SYSLOG'
Oct 10 19:27:47.045095 osdx ulogd[208829]: NFCT plugin working in event mode
Oct 10 19:27:47.045104 osdx ulogd[208829]: Changing UID / GID
Oct 10 19:27:47.045172 osdx ulogd[208829]: initialization finished, entering main loop
Oct 10 19:27:47.328750 osdx ulogd[208829]: Terminal signal received, exiting
Oct 10 19:27:47.328827 osdx systemd[1]: Stopping ulogd2.service - Netfilter Userspace Logging Daemon...
Oct 10 19:27:47.329080 osdx systemd[1]: ulogd2.service: Deactivated successfully.
Oct 10 19:27:47.329182 osdx systemd[1]: Stopped ulogd2.service - Netfilter Userspace Logging Daemon.
Oct 10 19:27:47.351782 osdx systemd[1]: Starting ulogd2.service - Netfilter Userspace Logging Daemon...
Oct 10 19:27:47.352824 osdx systemd[1]: Started ulogd2.service - Netfilter Userspace Logging Daemon.
Oct 10 19:27:47.352924 osdx ulogd[208857]: registering plugin `NFCT'
Oct 10 19:27:47.353138 osdx ulogd[208857]: registering plugin `IP2STR'
Oct 10 19:27:47.353182 osdx ulogd[208857]: registering plugin `PRINTFLOW'
Oct 10 19:27:47.353248 osdx ulogd[208857]: registering plugin `SYSLOG'
Oct 10 19:27:47.353254 osdx ulogd[208857]: building new pluginstance stack: 'ct1:NFCT,ip2str1:IP2STR,print1:PRINTFLOW,sys1:SYSLOG'
Oct 10 19:27:47.353299 osdx ulogd[208857]: NFCT plugin working in event mode
Oct 10 19:27:47.353305 osdx ulogd[208857]: Changing UID / GID
Oct 10 19:27:47.353367 osdx ulogd[208857]: initialization finished, entering main loop
Oct 10 19:27:47.391866 osdx systemd[1]: Reloading.
Oct 10 19:27:47.431446 osdx systemd-sysv-generator[208878]: stat() failed on /etc/init.d/README, ignoring: No such file or directory
Oct 10 19:27:47.563809 osdx systemd[1]: Starting logrotate.service - Rotate log files...
Oct 10 19:27:47.567841 osdx systemd[1]: Created slice system-suricata.slice - Slice /system/suricata.
Oct 10 19:27:47.568588 osdx systemd[1]: Starting suricata@FW.service - Suricata client "FW" service...
Oct 10 19:27:47.593207 osdx systemd[1]: logrotate.service: Deactivated successfully.
Oct 10 19:27:47.593351 osdx systemd[1]: Finished logrotate.service - Rotate log files.
Oct 10 19:27:47.831036 osdx systemd[1]: Started suricata@FW.service - Suricata client "FW" service.
Oct 10 19:27:47.988607 osdx INFO[208859]: Rules successfully loaded
Oct 10 19:27:47.989219 osdx cfgd[1464]: [206114]Completed change to active configuration
Oct 10 19:27:48.001387 osdx OSDxCLI[206114]: User 'admin' committed the configuration.
Oct 10 19:27:48.022907 osdx OSDxCLI[206114]: User 'admin' left the configuration menu.
Oct 10 19:27:48.797345 osdx ulogd[208857]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 (Sc: not-bypass)
Oct 10 19:27:48.797369 osdx ulogd[208857]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 (Sc: not-bypass)
Oct 10 19:27:48.895953 osdx ulogd[208857]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 (Sc: not-bypass)
Oct 10 19:27:48.895976 osdx ulogd[208857]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 (Sc: not-bypass)

---

Offload flag

Description

Set a simple configuration with DUT0 as an intermediary between DUT1 and DUT2. Initiate a ssh connection from DUT1 to DUT2 and check that default and offload fields appear when running system journal show.

Scenario

Step 1: Set the following configuration in DUT0 :

set interfaces ethernet eth0 address 192.168.100.1/24
set interfaces ethernet eth1 address 192.168.200.1/24
set system conntrack logging events all
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'

Step 2: Set the following configuration in DUT1 :

set interfaces ethernet eth0 address 192.168.100.2/24
set protocols static route 0.0.0.0/0 next-hop 192.168.100.1
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'

Step 3: Set the following configuration in DUT2 :

set interfaces ethernet eth0 address 192.168.200.2/24
set protocols static route 0.0.0.0/0 next-hop 192.168.200.1
set service ssh
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'

Step 4: Ping IP address 192.168.100.1 from DUT1:

admin@DUT1$ ping 192.168.100.1 count 1 size 56 timeout 1

Show output

PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data.
64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.455 ms

--- 192.168.100.1 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 0.455/0.455/0.455/0.000 ms

Step 5: Ping IP address 192.168.200.1 from DUT2:

admin@DUT2$ ping 192.168.200.1 count 1 size 56 timeout 1

Show output

PING 192.168.200.1 (192.168.200.1) 56(84) bytes of data.
64 bytes from 192.168.200.1: icmp_seq=1 ttl=64 time=0.315 ms

--- 192.168.200.1 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 0.315/0.315/0.315/0.000 ms

Step 6: Init an SSH connection from DUT1 to IP address 192.168.200.2 with the user admin:

admin@DUT1$ ssh admin@192.168.200.2 option StrictHostKeyChecking=no option UserKnownHostsFile=/dev/null

Show output

Warning: Permanently added '192.168.200.2' (ECDSA) to the list of known hosts.
admin@192.168.200.2's password:
Welcome to Teldat OSDx v4.2.7.0

This system includes free software.
Contact Teldat for licenses information and source code.

Last login: Fri Oct 10 19:26:48 2025
admin@osdx$

Step 7: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:

ulogd\[.*\]:.*\[((NEW)|(UPDATE)|(DESTROY))\].*\[OFFLOAD\]

Show output

Oct 10 19:27:56.287997 osdx systemd-journald[1670]: Runtime Journal (/run/log/journal/d6792964fe7547c9a60a3d774aa97dac) is 1.9M, max 13.8M, 11.8M free.
Oct 10 19:27:56.290024 osdx systemd-journald[1670]: Received client request to rotate journal, rotating.
Oct 10 19:27:56.290076 osdx systemd-journald[1670]: Vacuuming done, freed 0B of archived journals from /run/log/journal/d6792964fe7547c9a60a3d774aa97dac.
Oct 10 19:27:56.298040 osdx OSDxCLI[206114]: User 'admin' executed a new command: 'system journal clear'.
Oct 10 19:27:56.505625 osdx OSDxCLI[206114]: User 'admin' executed a new command: 'system coredump delete all'.
Oct 10 19:27:56.717040 osdx OSDxCLI[206114]: User 'admin' entered the configuration menu.
Oct 10 19:27:56.799191 osdx OSDxCLI[206114]: User 'admin' added a new cfg line: 'set interfaces ethernet eth1 address 192.168.200.1/24'.
Oct 10 19:27:56.886111 osdx OSDxCLI[206114]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 192.168.100.1/24'.
Oct 10 19:27:56.982122 osdx OSDxCLI[206114]: User 'admin' added a new cfg line: 'set system conntrack logging events all'.
Oct 10 19:27:57.051058 osdx OSDxCLI[206114]: User 'admin' added a new cfg line: 'show working'.
Oct 10 19:27:57.143683 osdx ubnt-cfgd[209187]: inactive
Oct 10 19:27:57.166309 osdx INFO[209193]: FRR daemons did not change
Oct 10 19:27:57.194034 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth1
Oct 10 19:27:57.236745 osdx WARNING[209264]: No supported link modes on interface eth1
Oct 10 19:27:57.238129 osdx modulelauncher[209264]: osdx.utils.xos cmd error: /sbin/ethtool -A eth1 autoneg on
Oct 10 19:27:57.238145 osdx modulelauncher[209264]: Command '/sbin/ethtool -A eth1 autoneg on' returned non-zero exit status 76.
Oct 10 19:27:57.239458 osdx modulelauncher[209264]: osdx.utils.xos cmd error: /sbin/ethtool -s eth1 autoneg on advertise Asym_Pause off Pause off --
Oct 10 19:27:57.239469 osdx modulelauncher[209264]: Command '/sbin/ethtool -s eth1 autoneg on advertise Asym_Pause off Pause off --' returned non-zero exit status 75.
Oct 10 19:27:57.270039 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0
Oct 10 19:27:57.315428 osdx WARNING[209343]: No supported link modes on interface eth0
Oct 10 19:27:57.317361 osdx modulelauncher[209343]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on
Oct 10 19:27:57.317385 osdx modulelauncher[209343]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76.
Oct 10 19:27:57.318864 osdx modulelauncher[209343]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off --
Oct 10 19:27:57.318874 osdx modulelauncher[209343]: Command '/sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off --' returned non-zero exit status 75.
Oct 10 19:27:57.358467 osdx systemd[1]: Starting ulogd2.service - Netfilter Userspace Logging Daemon...
Oct 10 19:27:57.359381 osdx systemd[1]: Started ulogd2.service - Netfilter Userspace Logging Daemon.
Oct 10 19:27:57.359585 osdx ulogd[209369]: registering plugin `NFCT'
Oct 10 19:27:57.359847 osdx ulogd[209369]: registering plugin `IP2STR'
Oct 10 19:27:57.359907 osdx ulogd[209369]: registering plugin `PRINTFLOW'
Oct 10 19:27:57.359985 osdx ulogd[209369]: registering plugin `SYSLOG'
Oct 10 19:27:57.359997 osdx ulogd[209369]: building new pluginstance stack: 'ct1:NFCT,ip2str1:IP2STR,print1:PRINTFLOW,sys1:SYSLOG'
Oct 10 19:27:57.360056 osdx ulogd[209369]: NFCT plugin working in event mode
Oct 10 19:27:57.360120 osdx ulogd[209369]: Changing UID / GID
Oct 10 19:27:57.360214 osdx ulogd[209369]: initialization finished, entering main loop
Oct 10 19:27:57.360861 osdx cfgd[1464]: [206114]Completed change to active configuration
Oct 10 19:27:57.373566 osdx OSDxCLI[206114]: User 'admin' committed the configuration.
Oct 10 19:27:57.402670 osdx OSDxCLI[206114]: User 'admin' left the configuration menu.
Oct 10 19:27:59.172170 osdx ulogd[209369]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0
Oct 10 19:27:59.172197 osdx ulogd[209369]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0
Oct 10 19:27:59.259348 osdx ulogd[209369]: [NEW] ORIG: SRC=192.168.200.2 DST=192.168.200.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.200.1 DST=192.168.200.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0
Oct 10 19:27:59.259368 osdx ulogd[209369]: [UPDATE] ORIG: SRC=192.168.200.2 DST=192.168.200.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.200.1 DST=192.168.200.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0
Oct 10 19:27:59.340799 osdx ulogd[209369]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.200.2 PROTO=TCP SPT=36446 DPT=22 PKTS=0 BYTES=0 , REPLY: SRC=192.168.200.2 DST=192.168.100.2 PROTO=TCP SPT=22 DPT=36446 PKTS=0 BYTES=0
Oct 10 19:27:59.340983 osdx ulogd[209369]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.200.2 PROTO=TCP SPT=36446 DPT=22 PKTS=0 BYTES=0 , REPLY: SRC=192.168.200.2 DST=192.168.100.2 PROTO=TCP SPT=22 DPT=36446 PKTS=0 BYTES=0
Oct 10 19:27:59.341095 osdx ulogd[209369]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.200.2 PROTO=TCP SPT=36446 DPT=22 PKTS=0 BYTES=0 , REPLY: SRC=192.168.200.2 DST=192.168.100.2 PROTO=TCP SPT=22 DPT=36446 PKTS=0 BYTES=0 [OFFLOAD]
Oct 10 19:27:59.659833 osdx ulogd[209369]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.200.2 PROTO=TCP SPT=36446 DPT=22 PKTS=0 BYTES=0 , REPLY: SRC=192.168.200.2 DST=192.168.100.2 PROTO=TCP SPT=22 DPT=36446 PKTS=0 BYTES=0
Oct 10 19:27:59.659862 osdx ulogd[209369]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.200.2 PROTO=TCP SPT=36446 DPT=22 PKTS=0 BYTES=0 , REPLY: SRC=192.168.200.2 DST=192.168.100.2 PROTO=TCP SPT=22 DPT=36446 PKTS=0 BYTES=0 [OFFLOAD]
Oct 10 19:27:59.661463 osdx ulogd[209369]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.200.2 PROTO=TCP SPT=36446 DPT=22 PKTS=0 BYTES=0 , REPLY: SRC=192.168.200.2 DST=192.168.100.2 PROTO=TCP SPT=22 DPT=36446 PKTS=0 BYTES=0
Oct 10 19:27:59.661631 osdx ulogd[209369]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.200.2 PROTO=TCP SPT=36446 DPT=22 PKTS=0 BYTES=0 , REPLY: SRC=192.168.200.2 DST=192.168.100.2 PROTO=TCP SPT=22 DPT=36446 PKTS=0 BYTES=0 [OFFLOAD]

---

App detect logging

Description

Set a simple configuration enabling app detection in system conntrack, send a ping command from DUT1 and check app detect field appears when running system journal show. After that, enabling app detection in system conntrack for http host, try to copy index.html from a http server and check that the app detect field appears and belongs to the http server when running system journal show.

Scenario

Step 1: Set the following configuration in DUT0 :

set interfaces ethernet eth0 address 192.168.100.1/24
set system conntrack app-detect
set system conntrack logging events all
set system conntrack timeout icmp 1
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'

Step 2: Set the following configuration in DUT1 :

set interfaces ethernet eth0 address 192.168.100.2/24
set protocols static route 0.0.0.0/0 next-hop 192.168.100.1
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'

Step 3: Ping IP address 192.168.100.1 from DUT1:

admin@DUT1$ ping 192.168.100.1 count 1 size 56 timeout 1

Show output

PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data.
64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.297 ms

--- 192.168.100.1 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 0.297/0.297/0.297/0.000 ms

Step 4: Ping IP address 192.168.100.1 from DUT1:

admin@DUT1$ ping 192.168.100.1 count 3 size 56 timeout 1

Show output

PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data.
64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.239 ms
64 bytes from 192.168.100.1: icmp_seq=2 ttl=64 time=0.248 ms
64 bytes from 192.168.100.1: icmp_seq=3 ttl=64 time=0.297 ms

--- 192.168.100.1 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2051ms
rtt min/avg/max/mdev = 0.239/0.261/0.297/0.025 ms

Step 5: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:

ulogd\[.*\]:.*\[NEW\].*APPDETECT\[L3:1\]

Show output

Oct 10 19:28:04.276108 osdx systemd-journald[1670]: Runtime Journal (/run/log/journal/d6792964fe7547c9a60a3d774aa97dac) is 1.9M, max 13.8M, 11.8M free.
Oct 10 19:28:04.276940 osdx systemd-journald[1670]: Received client request to rotate journal, rotating.
Oct 10 19:28:04.276998 osdx systemd-journald[1670]: Vacuuming done, freed 0B of archived journals from /run/log/journal/d6792964fe7547c9a60a3d774aa97dac.
Oct 10 19:28:04.285462 osdx OSDxCLI[206114]: User 'admin' executed a new command: 'system journal clear'.
Oct 10 19:28:04.488361 osdx OSDxCLI[206114]: User 'admin' executed a new command: 'system coredump delete all'.
Oct 10 19:28:04.709859 osdx OSDxCLI[206114]: User 'admin' entered the configuration menu.
Oct 10 19:28:04.805147 osdx OSDxCLI[206114]: User 'admin' added a new cfg line: 'set system conntrack app-detect'.
Oct 10 19:28:04.858970 osdx OSDxCLI[206114]: User 'admin' added a new cfg line: 'set system conntrack timeout icmp 1'.
Oct 10 19:28:04.971883 osdx OSDxCLI[206114]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 192.168.100.1/24'.
Oct 10 19:28:05.022256 osdx OSDxCLI[206114]: User 'admin' added a new cfg line: 'set system conntrack logging events all'.
Oct 10 19:28:05.131301 osdx OSDxCLI[206114]: User 'admin' added a new cfg line: 'show working'.
Oct 10 19:28:05.193826 osdx ubnt-cfgd[209593]: inactive
Oct 10 19:28:05.213747 osdx INFO[209599]: FRR daemons did not change
Oct 10 19:28:05.400947 osdx kernel: app-detect: module init
Oct 10 19:28:05.401007 osdx kernel: app-detect: registered: sysctl net.appdetect
Oct 10 19:28:05.401022 osdx kernel: app-detect: expression init
Oct 10 19:28:05.401030 osdx kernel: app-detect: appid cache initialized
Oct 10 19:28:05.401037 osdx kernel: app-detect: appid cache changes counter initialized
Oct 10 19:28:05.405160 osdx modulelauncher[209602]: AppDetect: no change in application dictionaries, thus nothing more to do
Oct 10 19:28:05.436957 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0
Oct 10 19:28:05.478440 osdx WARNING[209695]: No supported link modes on interface eth0
Oct 10 19:28:05.480116 osdx modulelauncher[209695]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on
Oct 10 19:28:05.480130 osdx modulelauncher[209695]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76.
Oct 10 19:28:05.481518 osdx modulelauncher[209695]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off --
Oct 10 19:28:05.481525 osdx modulelauncher[209695]: Command '/sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off --' returned non-zero exit status 75.
Oct 10 19:28:05.577212 osdx systemd[1]: Starting ulogd2.service - Netfilter Userspace Logging Daemon...
Oct 10 19:28:05.578093 osdx systemd[1]: Started ulogd2.service - Netfilter Userspace Logging Daemon.
Oct 10 19:28:05.578212 osdx ulogd[209720]: registering plugin `NFCT'
Oct 10 19:28:05.578254 osdx ulogd[209720]: registering plugin `IP2STR'
Oct 10 19:28:05.578297 osdx ulogd[209720]: registering plugin `PRINTFLOW'
Oct 10 19:28:05.578336 osdx ulogd[209720]: registering plugin `SYSLOG'
Oct 10 19:28:05.578339 osdx ulogd[209720]: building new pluginstance stack: 'ct1:NFCT,ip2str1:IP2STR,print1:PRINTFLOW,sys1:SYSLOG'
Oct 10 19:28:05.578378 osdx ulogd[209720]: NFCT plugin working in event mode
Oct 10 19:28:05.578384 osdx ulogd[209720]: Changing UID / GID
Oct 10 19:28:05.578452 osdx ulogd[209720]: initialization finished, entering main loop
Oct 10 19:28:05.579886 osdx cfgd[1464]: [206114]Completed change to active configuration
Oct 10 19:28:05.591665 osdx OSDxCLI[206114]: User 'admin' committed the configuration.
Oct 10 19:28:05.610861 osdx OSDxCLI[206114]: User 'admin' left the configuration menu.
Oct 10 19:28:06.403445 osdx ulogd[209720]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1]
Oct 10 19:28:06.403468 osdx ulogd[209720]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1]
Oct 10 19:28:06.481458 osdx ulogd[209720]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1]
Oct 10 19:28:06.481483 osdx ulogd[209720]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1]
Oct 10 19:28:07.507950 osdx ulogd[209720]: [DESTROY] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 APPDETECT[L3:1]
Oct 10 19:28:07.507976 osdx ulogd[209720]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1]
Oct 10 19:28:07.507991 osdx ulogd[209720]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1]
Oct 10 19:28:08.531994 osdx ulogd[209720]: [DESTROY] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 APPDETECT[L3:1]
Oct 10 19:28:08.532015 osdx ulogd[209720]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1]
Oct 10 19:28:08.532028 osdx ulogd[209720]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1]

Step 6: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:

ulogd\[.*\]:.*\[UPDATE\].*APPDETECT\[L3:1\]

Show output

Oct 10 19:28:04.276108 osdx systemd-journald[1670]: Runtime Journal (/run/log/journal/d6792964fe7547c9a60a3d774aa97dac) is 1.9M, max 13.8M, 11.8M free.
Oct 10 19:28:04.276940 osdx systemd-journald[1670]: Received client request to rotate journal, rotating.
Oct 10 19:28:04.276998 osdx systemd-journald[1670]: Vacuuming done, freed 0B of archived journals from /run/log/journal/d6792964fe7547c9a60a3d774aa97dac.
Oct 10 19:28:04.285462 osdx OSDxCLI[206114]: User 'admin' executed a new command: 'system journal clear'.
Oct 10 19:28:04.488361 osdx OSDxCLI[206114]: User 'admin' executed a new command: 'system coredump delete all'.
Oct 10 19:28:04.709859 osdx OSDxCLI[206114]: User 'admin' entered the configuration menu.
Oct 10 19:28:04.805147 osdx OSDxCLI[206114]: User 'admin' added a new cfg line: 'set system conntrack app-detect'.
Oct 10 19:28:04.858970 osdx OSDxCLI[206114]: User 'admin' added a new cfg line: 'set system conntrack timeout icmp 1'.
Oct 10 19:28:04.971883 osdx OSDxCLI[206114]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 192.168.100.1/24'.
Oct 10 19:28:05.022256 osdx OSDxCLI[206114]: User 'admin' added a new cfg line: 'set system conntrack logging events all'.
Oct 10 19:28:05.131301 osdx OSDxCLI[206114]: User 'admin' added a new cfg line: 'show working'.
Oct 10 19:28:05.193826 osdx ubnt-cfgd[209593]: inactive
Oct 10 19:28:05.213747 osdx INFO[209599]: FRR daemons did not change
Oct 10 19:28:05.400947 osdx kernel: app-detect: module init
Oct 10 19:28:05.401007 osdx kernel: app-detect: registered: sysctl net.appdetect
Oct 10 19:28:05.401022 osdx kernel: app-detect: expression init
Oct 10 19:28:05.401030 osdx kernel: app-detect: appid cache initialized
Oct 10 19:28:05.401037 osdx kernel: app-detect: appid cache changes counter initialized
Oct 10 19:28:05.405160 osdx modulelauncher[209602]: AppDetect: no change in application dictionaries, thus nothing more to do
Oct 10 19:28:05.436957 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0
Oct 10 19:28:05.478440 osdx WARNING[209695]: No supported link modes on interface eth0
Oct 10 19:28:05.480116 osdx modulelauncher[209695]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on
Oct 10 19:28:05.480130 osdx modulelauncher[209695]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76.
Oct 10 19:28:05.481518 osdx modulelauncher[209695]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off --
Oct 10 19:28:05.481525 osdx modulelauncher[209695]: Command '/sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off --' returned non-zero exit status 75.
Oct 10 19:28:05.577212 osdx systemd[1]: Starting ulogd2.service - Netfilter Userspace Logging Daemon...
Oct 10 19:28:05.578093 osdx systemd[1]: Started ulogd2.service - Netfilter Userspace Logging Daemon.
Oct 10 19:28:05.578212 osdx ulogd[209720]: registering plugin `NFCT'
Oct 10 19:28:05.578254 osdx ulogd[209720]: registering plugin `IP2STR'
Oct 10 19:28:05.578297 osdx ulogd[209720]: registering plugin `PRINTFLOW'
Oct 10 19:28:05.578336 osdx ulogd[209720]: registering plugin `SYSLOG'
Oct 10 19:28:05.578339 osdx ulogd[209720]: building new pluginstance stack: 'ct1:NFCT,ip2str1:IP2STR,print1:PRINTFLOW,sys1:SYSLOG'
Oct 10 19:28:05.578378 osdx ulogd[209720]: NFCT plugin working in event mode
Oct 10 19:28:05.578384 osdx ulogd[209720]: Changing UID / GID
Oct 10 19:28:05.578452 osdx ulogd[209720]: initialization finished, entering main loop
Oct 10 19:28:05.579886 osdx cfgd[1464]: [206114]Completed change to active configuration
Oct 10 19:28:05.591665 osdx OSDxCLI[206114]: User 'admin' committed the configuration.
Oct 10 19:28:05.610861 osdx OSDxCLI[206114]: User 'admin' left the configuration menu.
Oct 10 19:28:06.403445 osdx ulogd[209720]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1]
Oct 10 19:28:06.403468 osdx ulogd[209720]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1]
Oct 10 19:28:06.481458 osdx ulogd[209720]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1]
Oct 10 19:28:06.481483 osdx ulogd[209720]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1]
Oct 10 19:28:07.507950 osdx ulogd[209720]: [DESTROY] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 APPDETECT[L3:1]
Oct 10 19:28:07.507976 osdx ulogd[209720]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1]
Oct 10 19:28:07.507991 osdx ulogd[209720]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1]
Oct 10 19:28:08.531994 osdx ulogd[209720]: [DESTROY] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 APPDETECT[L3:1]
Oct 10 19:28:08.532015 osdx ulogd[209720]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1]
Oct 10 19:28:08.532028 osdx ulogd[209720]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1]
Oct 10 19:28:08.638949 osdx OSDxCLI[206114]: User 'admin' executed a new command: 'system journal show | cat'.

Step 7: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:

ulogd\[.*\]:.*\[DESTROY\].*APPDETECT\[L3:1\]

Show output

Oct 10 19:28:04.276108 osdx systemd-journald[1670]: Runtime Journal (/run/log/journal/d6792964fe7547c9a60a3d774aa97dac) is 1.9M, max 13.8M, 11.8M free.
Oct 10 19:28:04.276940 osdx systemd-journald[1670]: Received client request to rotate journal, rotating.
Oct 10 19:28:04.276998 osdx systemd-journald[1670]: Vacuuming done, freed 0B of archived journals from /run/log/journal/d6792964fe7547c9a60a3d774aa97dac.
Oct 10 19:28:04.285462 osdx OSDxCLI[206114]: User 'admin' executed a new command: 'system journal clear'.
Oct 10 19:28:04.488361 osdx OSDxCLI[206114]: User 'admin' executed a new command: 'system coredump delete all'.
Oct 10 19:28:04.709859 osdx OSDxCLI[206114]: User 'admin' entered the configuration menu.
Oct 10 19:28:04.805147 osdx OSDxCLI[206114]: User 'admin' added a new cfg line: 'set system conntrack app-detect'.
Oct 10 19:28:04.858970 osdx OSDxCLI[206114]: User 'admin' added a new cfg line: 'set system conntrack timeout icmp 1'.
Oct 10 19:28:04.971883 osdx OSDxCLI[206114]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 192.168.100.1/24'.
Oct 10 19:28:05.022256 osdx OSDxCLI[206114]: User 'admin' added a new cfg line: 'set system conntrack logging events all'.
Oct 10 19:28:05.131301 osdx OSDxCLI[206114]: User 'admin' added a new cfg line: 'show working'.
Oct 10 19:28:05.193826 osdx ubnt-cfgd[209593]: inactive
Oct 10 19:28:05.213747 osdx INFO[209599]: FRR daemons did not change
Oct 10 19:28:05.400947 osdx kernel: app-detect: module init
Oct 10 19:28:05.401007 osdx kernel: app-detect: registered: sysctl net.appdetect
Oct 10 19:28:05.401022 osdx kernel: app-detect: expression init
Oct 10 19:28:05.401030 osdx kernel: app-detect: appid cache initialized
Oct 10 19:28:05.401037 osdx kernel: app-detect: appid cache changes counter initialized
Oct 10 19:28:05.405160 osdx modulelauncher[209602]: AppDetect: no change in application dictionaries, thus nothing more to do
Oct 10 19:28:05.436957 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0
Oct 10 19:28:05.478440 osdx WARNING[209695]: No supported link modes on interface eth0
Oct 10 19:28:05.480116 osdx modulelauncher[209695]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on
Oct 10 19:28:05.480130 osdx modulelauncher[209695]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76.
Oct 10 19:28:05.481518 osdx modulelauncher[209695]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off --
Oct 10 19:28:05.481525 osdx modulelauncher[209695]: Command '/sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off --' returned non-zero exit status 75.
Oct 10 19:28:05.577212 osdx systemd[1]: Starting ulogd2.service - Netfilter Userspace Logging Daemon...
Oct 10 19:28:05.578093 osdx systemd[1]: Started ulogd2.service - Netfilter Userspace Logging Daemon.
Oct 10 19:28:05.578212 osdx ulogd[209720]: registering plugin `NFCT'
Oct 10 19:28:05.578254 osdx ulogd[209720]: registering plugin `IP2STR'
Oct 10 19:28:05.578297 osdx ulogd[209720]: registering plugin `PRINTFLOW'
Oct 10 19:28:05.578336 osdx ulogd[209720]: registering plugin `SYSLOG'
Oct 10 19:28:05.578339 osdx ulogd[209720]: building new pluginstance stack: 'ct1:NFCT,ip2str1:IP2STR,print1:PRINTFLOW,sys1:SYSLOG'
Oct 10 19:28:05.578378 osdx ulogd[209720]: NFCT plugin working in event mode
Oct 10 19:28:05.578384 osdx ulogd[209720]: Changing UID / GID
Oct 10 19:28:05.578452 osdx ulogd[209720]: initialization finished, entering main loop
Oct 10 19:28:05.579886 osdx cfgd[1464]: [206114]Completed change to active configuration
Oct 10 19:28:05.591665 osdx OSDxCLI[206114]: User 'admin' committed the configuration.
Oct 10 19:28:05.610861 osdx OSDxCLI[206114]: User 'admin' left the configuration menu.
Oct 10 19:28:06.403445 osdx ulogd[209720]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1]
Oct 10 19:28:06.403468 osdx ulogd[209720]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1]
Oct 10 19:28:06.481458 osdx ulogd[209720]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1]
Oct 10 19:28:06.481483 osdx ulogd[209720]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1]
Oct 10 19:28:07.507950 osdx ulogd[209720]: [DESTROY] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 APPDETECT[L3:1]
Oct 10 19:28:07.507976 osdx ulogd[209720]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1]
Oct 10 19:28:07.507991 osdx ulogd[209720]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1]
Oct 10 19:28:08.531994 osdx ulogd[209720]: [DESTROY] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 APPDETECT[L3:1]
Oct 10 19:28:08.532015 osdx ulogd[209720]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1]
Oct 10 19:28:08.532028 osdx ulogd[209720]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1]
Oct 10 19:28:08.638949 osdx OSDxCLI[206114]: User 'admin' executed a new command: 'system journal show | cat'.
Oct 10 19:28:08.742672 osdx OSDxCLI[206114]: User 'admin' executed a new command: 'system journal show | cat'.

Step 8: Modify the following configuration lines in DUT0 :

set interfaces ethernet eth1 address 10.215.168.64/24
set system conntrack app-detect http-host

Step 9: Ping IP address 10.215.168.1 from DUT0:

admin@DUT0$ ping 10.215.168.1 count 1 size 56 timeout 1

Show output

PING 10.215.168.1 (10.215.168.1) 56(84) bytes of data.
64 bytes from 10.215.168.1: icmp_seq=1 ttl=64 time=0.193 ms

--- 10.215.168.1 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 0.193/0.193/0.193/0.000 ms

Step 10: Run command file copy http://10.215.168.1/~robot/ running://index.html at DUT0 and expect this output:

Show output

  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100   972    0   972    0     0  47595      0 --:--:-- --:--:-- --:--:-- 48600

Step 11: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:

ulogd\[.*\]:.*\[((NEW)|(UPDATE)|(DESTROY))\].*APPDETECT\[L4:80 http-host:10.215.168.1\]

Show output

Oct 10 19:28:04.276108 osdx systemd-journald[1670]: Runtime Journal (/run/log/journal/d6792964fe7547c9a60a3d774aa97dac) is 1.9M, max 13.8M, 11.8M free.
Oct 10 19:28:04.276940 osdx systemd-journald[1670]: Received client request to rotate journal, rotating.
Oct 10 19:28:04.276998 osdx systemd-journald[1670]: Vacuuming done, freed 0B of archived journals from /run/log/journal/d6792964fe7547c9a60a3d774aa97dac.
Oct 10 19:28:04.285462 osdx OSDxCLI[206114]: User 'admin' executed a new command: 'system journal clear'.
Oct 10 19:28:04.488361 osdx OSDxCLI[206114]: User 'admin' executed a new command: 'system coredump delete all'.
Oct 10 19:28:04.709859 osdx OSDxCLI[206114]: User 'admin' entered the configuration menu.
Oct 10 19:28:04.805147 osdx OSDxCLI[206114]: User 'admin' added a new cfg line: 'set system conntrack app-detect'.
Oct 10 19:28:04.858970 osdx OSDxCLI[206114]: User 'admin' added a new cfg line: 'set system conntrack timeout icmp 1'.
Oct 10 19:28:04.971883 osdx OSDxCLI[206114]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 192.168.100.1/24'.
Oct 10 19:28:05.022256 osdx OSDxCLI[206114]: User 'admin' added a new cfg line: 'set system conntrack logging events all'.
Oct 10 19:28:05.131301 osdx OSDxCLI[206114]: User 'admin' added a new cfg line: 'show working'.
Oct 10 19:28:05.193826 osdx ubnt-cfgd[209593]: inactive
Oct 10 19:28:05.213747 osdx INFO[209599]: FRR daemons did not change
Oct 10 19:28:05.400947 osdx kernel: app-detect: module init
Oct 10 19:28:05.401007 osdx kernel: app-detect: registered: sysctl net.appdetect
Oct 10 19:28:05.401022 osdx kernel: app-detect: expression init
Oct 10 19:28:05.401030 osdx kernel: app-detect: appid cache initialized
Oct 10 19:28:05.401037 osdx kernel: app-detect: appid cache changes counter initialized
Oct 10 19:28:05.405160 osdx modulelauncher[209602]: AppDetect: no change in application dictionaries, thus nothing more to do
Oct 10 19:28:05.436957 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0
Oct 10 19:28:05.478440 osdx WARNING[209695]: No supported link modes on interface eth0
Oct 10 19:28:05.480116 osdx modulelauncher[209695]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on
Oct 10 19:28:05.480130 osdx modulelauncher[209695]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76.
Oct 10 19:28:05.481518 osdx modulelauncher[209695]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off --
Oct 10 19:28:05.481525 osdx modulelauncher[209695]: Command '/sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off --' returned non-zero exit status 75.
Oct 10 19:28:05.577212 osdx systemd[1]: Starting ulogd2.service - Netfilter Userspace Logging Daemon...
Oct 10 19:28:05.578093 osdx systemd[1]: Started ulogd2.service - Netfilter Userspace Logging Daemon.
Oct 10 19:28:05.578212 osdx ulogd[209720]: registering plugin `NFCT'
Oct 10 19:28:05.578254 osdx ulogd[209720]: registering plugin `IP2STR'
Oct 10 19:28:05.578297 osdx ulogd[209720]: registering plugin `PRINTFLOW'
Oct 10 19:28:05.578336 osdx ulogd[209720]: registering plugin `SYSLOG'
Oct 10 19:28:05.578339 osdx ulogd[209720]: building new pluginstance stack: 'ct1:NFCT,ip2str1:IP2STR,print1:PRINTFLOW,sys1:SYSLOG'
Oct 10 19:28:05.578378 osdx ulogd[209720]: NFCT plugin working in event mode
Oct 10 19:28:05.578384 osdx ulogd[209720]: Changing UID / GID
Oct 10 19:28:05.578452 osdx ulogd[209720]: initialization finished, entering main loop
Oct 10 19:28:05.579886 osdx cfgd[1464]: [206114]Completed change to active configuration
Oct 10 19:28:05.591665 osdx OSDxCLI[206114]: User 'admin' committed the configuration.
Oct 10 19:28:05.610861 osdx OSDxCLI[206114]: User 'admin' left the configuration menu.
Oct 10 19:28:06.403445 osdx ulogd[209720]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1]
Oct 10 19:28:06.403468 osdx ulogd[209720]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1]
Oct 10 19:28:06.481458 osdx ulogd[209720]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1]
Oct 10 19:28:06.481483 osdx ulogd[209720]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1]
Oct 10 19:28:07.507950 osdx ulogd[209720]: [DESTROY] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 APPDETECT[L3:1]
Oct 10 19:28:07.507976 osdx ulogd[209720]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1]
Oct 10 19:28:07.507991 osdx ulogd[209720]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1]
Oct 10 19:28:08.531994 osdx ulogd[209720]: [DESTROY] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 APPDETECT[L3:1]
Oct 10 19:28:08.532015 osdx ulogd[209720]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1]
Oct 10 19:28:08.532028 osdx ulogd[209720]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1]
Oct 10 19:28:08.638949 osdx OSDxCLI[206114]: User 'admin' executed a new command: 'system journal show | cat'.
Oct 10 19:28:08.742672 osdx OSDxCLI[206114]: User 'admin' executed a new command: 'system journal show | cat'.
Oct 10 19:28:08.848122 osdx OSDxCLI[206114]: User 'admin' executed a new command: 'system journal show | cat'.
Oct 10 19:28:09.007097 osdx OSDxCLI[206114]: User 'admin' entered the configuration menu.
Oct 10 19:28:09.105125 osdx OSDxCLI[206114]: User 'admin' added a new cfg line: 'set interfaces ethernet eth1 address 10.215.168.64/24'.
Oct 10 19:28:09.201257 osdx OSDxCLI[206114]: User 'admin' added a new cfg line: 'set system conntrack app-detect http-host'.
Oct 10 19:28:09.274745 osdx OSDxCLI[206114]: User 'admin' added a new cfg line: 'show changes'.
Oct 10 19:28:09.388346 osdx ubnt-cfgd[209771]: inactive
Oct 10 19:28:09.408033 osdx INFO[209777]: FRR daemons did not change
Oct 10 19:28:09.440944 osdx kernel: app-detect: expression destroy
Oct 10 19:28:09.448945 osdx kernel: app-detect: expression init
Oct 10 19:28:09.448997 osdx kernel: app-detect: appid cache initialized
Oct 10 19:28:09.449009 osdx kernel: app-detect: appid cache changes counter initialized
Oct 10 19:28:09.453826 osdx modulelauncher[209780]: AppDetect: no change in application dictionaries, thus nothing more to do
Oct 10 19:28:09.476947 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth1
Oct 10 19:28:09.518489 osdx WARNING[209860]: No supported link modes on interface eth1
Oct 10 19:28:09.519754 osdx modulelauncher[209860]: osdx.utils.xos cmd error: /sbin/ethtool -A eth1 autoneg on
Oct 10 19:28:09.519766 osdx modulelauncher[209860]: Command '/sbin/ethtool -A eth1 autoneg on' returned non-zero exit status 76.
Oct 10 19:28:09.520908 osdx modulelauncher[209860]: osdx.utils.xos cmd error: /sbin/ethtool -s eth1 autoneg on advertise Asym_Pause off Pause off --
Oct 10 19:28:09.520915 osdx modulelauncher[209860]: Command '/sbin/ethtool -s eth1 autoneg on advertise Asym_Pause off Pause off --' returned non-zero exit status 75.
Oct 10 19:28:09.531322 osdx cfgd[1464]: [206114]Completed change to active configuration
Oct 10 19:28:09.542773 osdx ulogd[209720]: [DESTROY] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 APPDETECT[L3:1]
Oct 10 19:28:09.542795 osdx ulogd[209720]: [DESTROY] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 APPDETECT[L3:1]
Oct 10 19:28:09.543423 osdx OSDxCLI[206114]: User 'admin' committed the configuration.
Oct 10 19:28:09.558509 osdx OSDxCLI[206114]: User 'admin' left the configuration menu.
Oct 10 19:28:09.696641 osdx ulogd[209720]: [NEW] ORIG: SRC=10.215.168.64 DST=10.215.168.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=10.215.168.1 DST=10.215.168.64 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1]
Oct 10 19:28:09.696812 osdx ulogd[209720]: [UPDATE] ORIG: SRC=10.215.168.64 DST=10.215.168.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=10.215.168.1 DST=10.215.168.64 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1]
Oct 10 19:28:09.698310 osdx OSDxCLI[206114]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'.
Oct 10 19:28:09.821730 osdx file_operation[209914]: using src url: http://10.215.168.1/~robot/ dst url: running://index.html
Oct 10 19:28:09.827036 osdx ulogd[209720]: [NEW] ORIG: SRC=10.215.168.64 DST=10.215.168.1 PROTO=TCP SPT=55276 DPT=80 PKTS=0 BYTES=0 , REPLY: SRC=10.215.168.1 DST=10.215.168.64 PROTO=TCP SPT=80 DPT=55276 PKTS=0 BYTES=0 APPDETECT[L4:80]
Oct 10 19:28:09.827130 osdx ulogd[209720]: [UPDATE] ORIG: SRC=10.215.168.64 DST=10.215.168.1 PROTO=TCP SPT=55276 DPT=80 PKTS=0 BYTES=0 , REPLY: SRC=10.215.168.1 DST=10.215.168.64 PROTO=TCP SPT=80 DPT=55276 PKTS=0 BYTES=0 APPDETECT[L4:80]
Oct 10 19:28:09.827145 osdx ulogd[209720]: [UPDATE] ORIG: SRC=10.215.168.64 DST=10.215.168.1 PROTO=TCP SPT=55276 DPT=80 PKTS=0 BYTES=0 , REPLY: SRC=10.215.168.1 DST=10.215.168.64 PROTO=TCP SPT=80 DPT=55276 PKTS=0 BYTES=0 APPDETECT[L4:80]
Oct 10 19:28:09.844033 osdx ulogd[209720]: [UPDATE] ORIG: SRC=10.215.168.64 DST=10.215.168.1 PROTO=TCP SPT=55276 DPT=80 PKTS=0 BYTES=0 , REPLY: SRC=10.215.168.1 DST=10.215.168.64 PROTO=TCP SPT=80 DPT=55276 PKTS=0 BYTES=0 APPDETECT[L4:80 http-host:10.215.168.1]
Oct 10 19:28:09.844062 osdx ulogd[209720]: [UPDATE] ORIG: SRC=10.215.168.64 DST=10.215.168.1 PROTO=TCP SPT=55276 DPT=80 PKTS=0 BYTES=0 , REPLY: SRC=10.215.168.1 DST=10.215.168.64 PROTO=TCP SPT=80 DPT=55276 PKTS=0 BYTES=0 APPDETECT[L4:80 http-host:10.215.168.1]
Oct 10 19:28:09.844139 osdx ulogd[209720]: [UPDATE] ORIG: SRC=10.215.168.64 DST=10.215.168.1 PROTO=TCP SPT=55276 DPT=80 PKTS=0 BYTES=0 , REPLY: SRC=10.215.168.1 DST=10.215.168.64 PROTO=TCP SPT=80 DPT=55276 PKTS=0 BYTES=0 APPDETECT[L4:80 http-host:10.215.168.1]
Oct 10 19:28:09.861063 osdx OSDxCLI[206114]: User 'admin' executed a new command: 'file copy http://10.215.168.1/~robot/ running://index.html'.

---

App Detect Drop Packet

Description

Set a traffic policy with action drop for all the packets matching an appid specified by a traffic selector. Enable http-host and http-url option in system conntrack appdetect path in order to see relevant information about http packets. Finnally, log that packets with app-id option and check that appdetect field appear in journal when running system journal show

Scenario

Step 1: Set the following configuration in DUT0 :

set interfaces ethernet eth1 address 10.215.168.64/24
set interfaces ethernet eth1 traffic policy out DROP
set system conntrack app-detect dictionary 130 custom app-id 155 fqdn 10.215.168.1
set system conntrack app-detect enable_dict_match_priv_ip
set system conntrack app-detect http-host
set system conntrack app-detect http-url
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
set traffic policy DROP rule 1 action drop
set traffic policy DROP rule 1 log app-id
set traffic policy DROP rule 1 selector APPID
set traffic selector APPID rule 1 app-id custom 155

Step 2: Ping IP address 10.215.168.1 from DUT0:

admin@DUT0$ ping 10.215.168.1 count 1 size 56 timeout 1

Show output

PING 10.215.168.1 (10.215.168.1) 56(84) bytes of data.
64 bytes from 10.215.168.1: icmp_seq=1 ttl=64 time=0.185 ms

--- 10.215.168.1 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 0.185/0.185/0.185/0.000 ms

Step 3: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:

osdx kernel:.*APPDETECT\[U6:155 http-url:/~robot/ http-host:10.215.168.1\]

Show output

Oct 10 19:28:14.333864 osdx systemd-journald[1670]: Runtime Journal (/run/log/journal/d6792964fe7547c9a60a3d774aa97dac) is 1.8M, max 13.8M, 11.9M free.
Oct 10 19:28:14.335050 osdx systemd-journald[1670]: Received client request to rotate journal, rotating.
Oct 10 19:28:14.335105 osdx systemd-journald[1670]: Vacuuming done, freed 0B of archived journals from /run/log/journal/d6792964fe7547c9a60a3d774aa97dac.
Oct 10 19:28:14.344682 osdx OSDxCLI[206114]: User 'admin' executed a new command: 'system journal clear'.
Oct 10 19:28:14.560470 osdx OSDxCLI[206114]: User 'admin' executed a new command: 'system coredump delete all'.
Oct 10 19:28:14.777237 osdx OSDxCLI[206114]: User 'admin' entered the configuration menu.
Oct 10 19:28:14.838575 osdx OSDxCLI[206114]: User 'admin' added a new cfg line: 'set system conntrack app-detect dictionary 130 custom app-id 155 fqdn 10.215.168.1'.
Oct 10 19:28:14.940762 osdx OSDxCLI[206114]: User 'admin' added a new cfg line: 'set system conntrack app-detect enable_dict_match_priv_ip'.
Oct 10 19:28:15.047071 osdx OSDxCLI[206114]: User 'admin' added a new cfg line: 'set system conntrack app-detect http-url'.
Oct 10 19:28:15.131197 osdx OSDxCLI[206114]: User 'admin' added a new cfg line: 'set traffic selector APPID rule 1 app-id custom 155'.
Oct 10 19:28:15.185879 osdx OSDxCLI[206114]: User 'admin' added a new cfg line: 'set traffic policy DROP rule 1 selector APPID'.
Oct 10 19:28:15.294387 osdx OSDxCLI[206114]: User 'admin' added a new cfg line: 'set traffic policy DROP rule 1 action drop'.
Oct 10 19:28:15.348926 osdx OSDxCLI[206114]: User 'admin' added a new cfg line: 'set traffic policy DROP rule 1 log app-id'.
Oct 10 19:28:15.467633 osdx OSDxCLI[206114]: User 'admin' added a new cfg line: 'set interfaces ethernet eth1 traffic policy out DROP'.
Oct 10 19:28:15.517805 osdx OSDxCLI[206114]: User 'admin' added a new cfg line: 'set interfaces ethernet eth1 address 10.215.168.64/24'.
Oct 10 19:28:15.600949 osdx OSDxCLI[206114]: User 'admin' added a new cfg line: 'set system conntrack app-detect http-host'.
Oct 10 19:28:15.678747 osdx OSDxCLI[206114]: User 'admin' added a new cfg line: 'show working'.
Oct 10 19:28:15.764241 osdx ubnt-cfgd[210140]: inactive
Oct 10 19:28:15.798916 osdx INFO[210160]: FRR daemons did not change
Oct 10 19:28:15.963080 osdx kernel: app-detect: module init
Oct 10 19:28:15.963183 osdx kernel: app-detect: registered: sysctl net.appdetect
Oct 10 19:28:15.963210 osdx kernel: app-detect: expression init
Oct 10 19:28:15.963232 osdx kernel: app-detect: appid cache initialized
Oct 10 19:28:15.963254 osdx kernel: app-detect: appid cache changes counter initialized
Oct 10 19:28:16.019070 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth1
Oct 10 19:28:16.068070 osdx WARNING[210261]: No supported link modes on interface eth1
Oct 10 19:28:16.069398 osdx modulelauncher[210261]: osdx.utils.xos cmd error: /sbin/ethtool -A eth1 autoneg on
Oct 10 19:28:16.069411 osdx modulelauncher[210261]: Command '/sbin/ethtool -A eth1 autoneg on' returned non-zero exit status 76.
Oct 10 19:28:16.070825 osdx modulelauncher[210261]: osdx.utils.xos cmd error: /sbin/ethtool -s eth1 autoneg on advertise Asym_Pause off Pause off --
Oct 10 19:28:16.070832 osdx modulelauncher[210261]: Command '/sbin/ethtool -s eth1 autoneg on advertise Asym_Pause off Pause off --' returned non-zero exit status 75.
Oct 10 19:28:16.273768 osdx cfgd[1464]: [206114]Completed change to active configuration
Oct 10 19:28:16.284511 osdx OSDxCLI[206114]: User 'admin' committed the configuration.
Oct 10 19:28:16.303533 osdx OSDxCLI[206114]: User 'admin' left the configuration menu.
Oct 10 19:28:16.443538 osdx OSDxCLI[206114]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'.
Oct 10 19:28:16.564330 osdx file_operation[210338]: using src url: http://10.215.168.1/~robot/ dst url: running://index.html
Oct 10 19:28:16.571051 osdx kernel: [DROP-1] DROP IN= OUT=eth1 SRC=10.215.168.64 DST=10.215.168.1 LEN=306 TOS=0x00 PREC=0x00 TTL=64 ID=51597 DF PROTO=TCP SPT=41410 DPT=80 WINDOW=502 RES=0x00 ACK PSH URGP=0 APPDETECT[U6:155 http-url:/~robot/ http-host:10.215.168.1]
Oct 10 19:28:16.775055 osdx kernel: [DROP-1] DROP IN= OUT=eth1 SRC=10.215.168.64 DST=10.215.168.1 LEN=306 TOS=0x00 PREC=0x00 TTL=64 ID=51598 DF PROTO=TCP SPT=41410 DPT=80 WINDOW=502 RES=0x00 ACK PSH URGP=0 APPDETECT[U6:155 http-url:/~robot/ http-host:10.215.168.1]
Oct 10 19:28:17.183090 osdx kernel: [DROP-1] DROP IN= OUT=eth1 SRC=10.215.168.64 DST=10.215.168.1 LEN=306 TOS=0x00 PREC=0x00 TTL=64 ID=51599 DF PROTO=TCP SPT=41410 DPT=80 WINDOW=502 RES=0x00 ACK PSH URGP=0 APPDETECT[U6:155 http-url:/~robot/ http-host:10.215.168.1]
Oct 10 19:28:18.015093 osdx kernel: [DROP-1] DROP IN= OUT=eth1 SRC=10.215.168.64 DST=10.215.168.1 LEN=306 TOS=0x00 PREC=0x00 TTL=64 ID=51600 DF PROTO=TCP SPT=41410 DPT=80 WINDOW=502 RES=0x00 ACK PSH URGP=0 APPDETECT[U6:155 http-url:/~robot/ http-host:10.215.168.1]
Oct 10 19:28:19.588505 osdx file_operation.py[210338]: Operation aborted by user.
Oct 10 19:28:19.603304 osdx kernel: [DROP-1] DROP IN= OUT=eth1 SRC=10.215.168.64 DST=10.215.168.1 LEN=306 TOS=0x00 PREC=0x00 TTL=64 ID=51601 DF PROTO=TCP SPT=41410 DPT=80 WINDOW=502 RES=0x00 ACK PSH FIN URGP=0 APPDETECT[U6:155 http-url:/~robot/ http-host:10.215.168.1]
Oct 10 19:28:19.607339 osdx OSDxCLI[206114]: User 'admin' executed a new command: 'file copy http://10.215.168.1/~robot/ running://index.html'.
Oct 10 19:28:19.651064 osdx kernel: [DROP-1] DROP IN= OUT=eth1 SRC=10.215.168.64 DST=10.215.168.1 LEN=306 TOS=0x00 PREC=0x00 TTL=64 ID=51602 DF PROTO=TCP SPT=41410 DPT=80 WINDOW=502 RES=0x00 ACK PSH FIN URGP=0 APPDETECT[U6:155 http-url:/~robot/ http-host:10.215.168.1]

---

Identity Values

Description

Conntrack identity is able to contain any printed character (max 92 characters) but not spaces

Scenario

Step 1: Run command configure at DUT0 and expect this output:

Show output

admin@osdx#

Step 2: Run command set system conntrack logging identity "he||o w@rld!" at DUT0 and check if output contains the following tokens:

Identity name must be 92 characters or less and must contain printable characters except those defined as part of the space character class

Show output

Identity name must be 92 characters or less and must contain printable characters except those defined as part of the space character class
Value validation failed
CLI Error: Command error

Step 3: Run command set system conntrack logging identity Lorem-ipsum-dolor-sit-amet-consectetur-adipiscing-elit-quisque-lorem-ipsum-dolor-sit-amet-vita at DUT0 and check if output contains the following tokens:

Identity name must be 92 characters or less and must contain printable characters except those defined as part of the space character class

Show output

Identity name must be 92 characters or less and must contain printable characters except those defined as part of the space character class
Value validation failed
CLI Error: Command error

Step 4: Set the following configuration in DUT0 :

set interfaces ethernet eth0 address 192.168.100.1/24
set system conntrack logging events all
set system conntrack logging identity Lorem-ipsum-dolor-sit-amet-consectetur-adipiscing-elit-quisque-lorem-ipsum-dolor-sit-ame-vit
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'

Step 5: Set the following configuration in DUT1 :

set interfaces ethernet eth0 address 192.168.100.2/24
set protocols static route 0.0.0.0/0 next-hop 192.168.100.1
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'

Step 6: Ping IP address 192.168.100.1 from DUT1:

admin@DUT1$ ping 192.168.100.1 count 1 size 56 timeout 1

Show output

PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data.
64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.380 ms

--- 192.168.100.1 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 0.380/0.380/0.380/0.000 ms

Step 7: Ping IP address 192.168.100.1 from DUT1:

admin@DUT1$ ping 192.168.100.1 count 1 size 56 timeout 1

Show output

PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data.
64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.315 ms

--- 192.168.100.1 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 0.315/0.315/0.315/0.000 ms

Step 8: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:

Lorem-ipsum-dolor-sit-amet-consectetur-adipiscing-elit-quisque-lorem-ipsum-dolor-sit-ame-vit\[.*\]:.*\[((NEW)|(UPDATE)|(DESTROY))\].*SRC=192.168.100.2

Show output

Oct 10 19:28:24.290158 osdx systemd-journald[1670]: Runtime Journal (/run/log/journal/d6792964fe7547c9a60a3d774aa97dac) is 1.8M, max 13.8M, 11.9M free.
Oct 10 19:28:24.292236 osdx systemd-journald[1670]: Received client request to rotate journal, rotating.
Oct 10 19:28:24.292311 osdx systemd-journald[1670]: Vacuuming done, freed 0B of archived journals from /run/log/journal/d6792964fe7547c9a60a3d774aa97dac.
Oct 10 19:28:24.302029 osdx OSDxCLI[206114]: User 'admin' executed a new command: 'system journal clear'.
Oct 10 19:28:24.511442 osdx OSDxCLI[206114]: User 'admin' executed a new command: 'system coredump delete all'.
Oct 10 19:28:24.766545 osdx OSDxCLI[206114]: User 'admin' entered the configuration menu.
Oct 10 19:28:24.831350 osdx cfgd[1464]: [206114]Command output:
                                        Identity name must be 92 characters or less and must contain printable characters except those defined as part of the space character class
                                        Value validation failed
Oct 10 19:28:24.832017 osdx OSDxCLI[206114]: User 'admin' entered an invalid command: 'set system conntrack logging identity "he||o w@rld!"'.
Oct 10 19:28:24.931249 osdx cfgd[1464]: [206114]Command output:
                                        Identity name must be 92 characters or less and must contain printable characters except those defined as part of the space character class
                                        Value validation failed
Oct 10 19:28:24.931877 osdx OSDxCLI[206114]: User 'admin' entered an invalid command: 'set system conntrack logging identity Lorem-ipsum-dolor-sit-amet-consectetur-adipiscing-elit-quisque-lorem-ipsum-dolor-sit-amet-vita'.
Oct 10 19:28:24.948941 osdx OSDxCLI[206114]: User 'admin' left the configuration menu.
Oct 10 19:28:25.155963 osdx OSDxCLI[206114]: User 'admin' entered the configuration menu.
Oct 10 19:28:25.230990 osdx OSDxCLI[206114]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 192.168.100.1/24'.
Oct 10 19:28:25.308386 osdx OSDxCLI[206114]: User 'admin' added a new cfg line: 'set system conntrack logging events all'.
Oct 10 19:28:25.364457 osdx OSDxCLI[206114]: User 'admin' added a new cfg line: 'set system conntrack logging identity Lorem-ipsum-dolor-sit-amet-consectetur-adipiscing-elit-quisque-lorem-ipsum-dolor-sit-ame-vit'.
Oct 10 19:28:25.486187 osdx OSDxCLI[206114]: User 'admin' added a new cfg line: 'show working'.
Oct 10 19:28:25.589057 osdx ubnt-cfgd[210535]: inactive
Oct 10 19:28:25.606475 osdx INFO[210541]: FRR daemons did not change
Oct 10 19:28:25.632247 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0
Oct 10 19:28:25.674885 osdx WARNING[210612]: No supported link modes on interface eth0
Oct 10 19:28:25.676410 osdx modulelauncher[210612]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on
Oct 10 19:28:25.676425 osdx modulelauncher[210612]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76.
Oct 10 19:28:25.677578 osdx modulelauncher[210612]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off --
Oct 10 19:28:25.677587 osdx modulelauncher[210612]: Command '/sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off --' returned non-zero exit status 75.
Oct 10 19:28:25.724490 osdx systemd[1]: Starting ulogd2.service - Netfilter Userspace Logging Daemon...
Oct 10 19:28:25.725192 osdx systemd[1]: Started ulogd2.service - Netfilter Userspace Logging Daemon.
Oct 10 19:28:25.725423 osdx ulogd[210637]: registering plugin `NFCT'
Oct 10 19:28:25.725482 osdx ulogd[210637]: registering plugin `IP2STR'
Oct 10 19:28:25.725534 osdx ulogd[210637]: registering plugin `PRINTFLOW'
Oct 10 19:28:25.725583 osdx ulogd[210637]: registering plugin `SYSLOG'
Oct 10 19:28:25.725587 osdx ulogd[210637]: building new pluginstance stack: 'ct1:NFCT,ip2str1:IP2STR,print1:PRINTFLOW,sys1:SYSLOG'
Oct 10 19:28:25.725640 osdx ulogd[210637]: NFCT plugin working in event mode
Oct 10 19:28:25.725700 osdx Lorem-ipsum-dolor-sit-amet-consectetur-adipiscing-elit-quisque-lorem-ipsum-dolor-sit-ame-vit[210637]: Changing UID / GID
Oct 10 19:28:25.725785 osdx Lorem-ipsum-dolor-sit-amet-consectetur-adipiscing-elit-quisque-lorem-ipsum-dolor-sit-ame-vit[210637]: initialization finished, entering main loop
Oct 10 19:28:25.726505 osdx cfgd[1464]: [206114]Completed change to active configuration
Oct 10 19:28:25.737543 osdx OSDxCLI[206114]: User 'admin' committed the configuration.
Oct 10 19:28:25.752845 osdx OSDxCLI[206114]: User 'admin' left the configuration menu.
Oct 10 19:28:26.634429 osdx Lorem-ipsum-dolor-sit-amet-consectetur-adipiscing-elit-quisque-lorem-ipsum-dolor-sit-ame-vit[210637]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0
Oct 10 19:28:26.634449 osdx Lorem-ipsum-dolor-sit-amet-consectetur-adipiscing-elit-quisque-lorem-ipsum-dolor-sit-ame-vit[210637]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0
Oct 10 19:28:26.738203 osdx Lorem-ipsum-dolor-sit-amet-consectetur-adipiscing-elit-quisque-lorem-ipsum-dolor-sit-ame-vit[210637]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0
Oct 10 19:28:26.738230 osdx Lorem-ipsum-dolor-sit-amet-consectetur-adipiscing-elit-quisque-lorem-ipsum-dolor-sit-ame-vit[210637]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0

---