Logging

The following scenarios show how to configure the conntrack logging option with different traffic policies and services enabled, in order to check that all fields are displayed correctly and all events are captured.

New events

Description

Check NEW sessions events are captured

Scenario

Step 1: Set the following configuration in DUT0 :

set interfaces ethernet eth0 address 192.168.100.1/24
set system conntrack logging events new
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'

Step 2: Set the following configuration in DUT1 :

set interfaces ethernet eth0 address 192.168.100.2/24
set protocols static route 0.0.0.0/0 next-hop 192.168.100.1
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'

Step 3: Ping IP address 192.168.100.1 from DUT1:

admin@DUT1$ ping 192.168.100.1 count 1 size 56 timeout 1

Show output

PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data.
64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.381 ms

--- 192.168.100.1 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 0.381/0.381/0.381/0.000 ms

Step 4: Ping IP address 192.168.100.1 from DUT1:

admin@DUT1$ ping 192.168.100.1 count 1 size 56 timeout 1

Show output

PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data.
64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.221 ms

--- 192.168.100.1 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 0.221/0.221/0.221/0.000 ms

Step 5: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:

ulogd\[.*\]:.*\[NEW\].*SRC=192.168.100.2

Show output

Nov 12 14:14:36.269761 osdx systemd-journald[1959]: Runtime Journal (/run/log/journal/5e4ed8d3546348e58126c9438c4a827c) is 1.8M, max 13.8M, 11.9M free.
Nov 12 14:14:36.271812 osdx systemd-journald[1959]: Received client request to rotate journal, rotating.
Nov 12 14:14:36.271868 osdx systemd-journald[1959]: Vacuuming done, freed 0B of archived journals from /run/log/journal/5e4ed8d3546348e58126c9438c4a827c.
Nov 12 14:14:36.279059 osdx OSDxCLI[290541]: User 'admin' executed a new command: 'system journal clear'.
Nov 12 14:14:36.483004 osdx OSDxCLI[290541]: User 'admin' executed a new command: 'system coredump delete all'.
Nov 12 14:14:36.735021 osdx OSDxCLI[290541]: User 'admin' entered the configuration menu.
Nov 12 14:14:36.812181 osdx OSDxCLI[290541]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 192.168.100.1/24'.
Nov 12 14:14:36.891013 osdx OSDxCLI[290541]: User 'admin' added a new cfg line: 'set system conntrack logging events new'.
Nov 12 14:14:36.951905 osdx OSDxCLI[290541]: User 'admin' added a new cfg line: 'show working'.
Nov 12 14:14:37.062422 osdx ubnt-cfgd[353637]: inactive
Nov 12 14:14:37.080007 osdx INFO[353643]: FRR daemons did not change
Nov 12 14:14:37.107802 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0
Nov 12 14:14:37.147484 osdx WARNING[353714]: No supported link modes on interface eth0
Nov 12 14:14:37.148825 osdx modulelauncher[353714]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on
Nov 12 14:14:37.148836 osdx modulelauncher[353714]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76.
Nov 12 14:14:37.150286 osdx modulelauncher[353714]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off --
Nov 12 14:14:37.150294 osdx modulelauncher[353714]: Command '/sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off --' returned non-zero exit status 75.
Nov 12 14:14:37.200111 osdx systemd[1]: Starting ulogd2.service - Netfilter Userspace Logging Daemon...
Nov 12 14:14:37.203562 osdx systemd[1]: Started ulogd2.service - Netfilter Userspace Logging Daemon.
Nov 12 14:14:37.205090 osdx cfgd[1656]: [290541]Completed change to active configuration
Nov 12 14:14:37.206081 osdx ulogd[353739]: registering plugin `NFCT'
Nov 12 14:14:37.207196 osdx ulogd[353739]: registering plugin `IP2STR'
Nov 12 14:14:37.207292 osdx ulogd[353739]: registering plugin `PRINTFLOW'
Nov 12 14:14:37.208608 osdx ulogd[353739]: registering plugin `SYSLOG'
Nov 12 14:14:37.208617 osdx ulogd[353739]: building new pluginstance stack: 'ct1:NFCT,ip2str1:IP2STR,print1:PRINTFLOW,sys1:SYSLOG'
Nov 12 14:14:37.208678 osdx ulogd[353739]: NFCT plugin working in event mode
Nov 12 14:14:37.208688 osdx ulogd[353739]: Changing UID / GID
Nov 12 14:14:37.208778 osdx ulogd[353739]: initialization finished, entering main loop
Nov 12 14:14:37.216475 osdx OSDxCLI[290541]: User 'admin' committed the configuration.
Nov 12 14:14:37.231193 osdx OSDxCLI[290541]: User 'admin' left the configuration menu.
Nov 12 14:14:37.998743 osdx ulogd[353739]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0
Nov 12 14:14:38.074257 osdx ulogd[353739]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0

---

Update events

Description

Check UPDATE sessions events are captured

Scenario

Step 1: Set the following configuration in DUT0 :

set interfaces ethernet eth0 address 192.168.100.1/24
set system conntrack logging events update
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'

Step 2: Set the following configuration in DUT1 :

set interfaces ethernet eth0 address 192.168.100.2/24
set protocols static route 0.0.0.0/0 next-hop 192.168.100.1
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'

Step 3: Ping IP address 192.168.100.1 from DUT1:

admin@DUT1$ ping 192.168.100.1 count 1 size 56 timeout 1

Show output

PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data.
64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.298 ms

--- 192.168.100.1 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 0.298/0.298/0.298/0.000 ms

Step 4: Ping IP address 192.168.100.1 from DUT1:

admin@DUT1$ ping 192.168.100.1 count 1 size 56 timeout 1

Show output

PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data.
64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.177 ms

--- 192.168.100.1 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 0.177/0.177/0.177/0.000 ms

Step 5: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:

ulogd\[.*\]:.*\[UPDATE\].*SRC=192.168.100.2

Show output

Nov 12 14:14:42.277572 osdx systemd-journald[1959]: Runtime Journal (/run/log/journal/5e4ed8d3546348e58126c9438c4a827c) is 1.8M, max 13.8M, 11.9M free.
Nov 12 14:14:42.278290 osdx systemd-journald[1959]: Received client request to rotate journal, rotating.
Nov 12 14:14:42.278342 osdx systemd-journald[1959]: Vacuuming done, freed 0B of archived journals from /run/log/journal/5e4ed8d3546348e58126c9438c4a827c.
Nov 12 14:14:42.287545 osdx OSDxCLI[290541]: User 'admin' executed a new command: 'system journal clear'.
Nov 12 14:14:42.493091 osdx OSDxCLI[290541]: User 'admin' executed a new command: 'system coredump delete all'.
Nov 12 14:14:42.705110 osdx OSDxCLI[290541]: User 'admin' entered the configuration menu.
Nov 12 14:14:42.835768 osdx OSDxCLI[290541]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 192.168.100.1/24'.
Nov 12 14:14:42.886575 osdx OSDxCLI[290541]: User 'admin' added a new cfg line: 'set system conntrack logging events update'.
Nov 12 14:14:42.985758 osdx OSDxCLI[290541]: User 'admin' added a new cfg line: 'show working'.
Nov 12 14:14:43.043607 osdx ubnt-cfgd[353925]: inactive
Nov 12 14:14:43.060063 osdx INFO[353931]: FRR daemons did not change
Nov 12 14:14:43.086288 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0
Nov 12 14:14:43.128478 osdx WARNING[354002]: No supported link modes on interface eth0
Nov 12 14:14:43.129750 osdx modulelauncher[354002]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on
Nov 12 14:14:43.129765 osdx modulelauncher[354002]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76.
Nov 12 14:14:43.130812 osdx modulelauncher[354002]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off --
Nov 12 14:14:43.130821 osdx modulelauncher[354002]: Command '/sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off --' returned non-zero exit status 75.
Nov 12 14:14:43.182601 osdx systemd[1]: Starting ulogd2.service - Netfilter Userspace Logging Daemon...
Nov 12 14:14:43.183347 osdx systemd[1]: Started ulogd2.service - Netfilter Userspace Logging Daemon.
Nov 12 14:14:43.183589 osdx ulogd[354027]: registering plugin `NFCT'
Nov 12 14:14:43.183819 osdx ulogd[354027]: registering plugin `IP2STR'
Nov 12 14:14:43.183869 osdx ulogd[354027]: registering plugin `PRINTFLOW'
Nov 12 14:14:43.183922 osdx ulogd[354027]: registering plugin `SYSLOG'
Nov 12 14:14:43.183929 osdx ulogd[354027]: building new pluginstance stack: 'ct1:NFCT,ip2str1:IP2STR,print1:PRINTFLOW,sys1:SYSLOG'
Nov 12 14:14:43.183980 osdx ulogd[354027]: NFCT plugin working in event mode
Nov 12 14:14:43.183990 osdx ulogd[354027]: Changing UID / GID
Nov 12 14:14:43.184078 osdx ulogd[354027]: initialization finished, entering main loop
Nov 12 14:14:43.184744 osdx cfgd[1656]: [290541]Completed change to active configuration
Nov 12 14:14:43.198927 osdx OSDxCLI[290541]: User 'admin' committed the configuration.
Nov 12 14:14:43.213827 osdx OSDxCLI[290541]: User 'admin' left the configuration menu.
Nov 12 14:14:44.054402 osdx ulogd[354027]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0
Nov 12 14:14:44.128902 osdx ulogd[354027]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0

---

Destroy events

Description

Check DESTROY sessions events are captured

Scenario

Step 1: Set the following configuration in DUT0 :

set interfaces ethernet eth0 address 192.168.100.1/24
set service ssh
set system conntrack logging events destroy
set system conntrack timeout icmp 1
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'

Step 2: Set the following configuration in DUT1 :

set interfaces ethernet eth0 address 192.168.100.2/24
set protocols static route 0.0.0.0/0 next-hop 192.168.100.1
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'

Step 3: Ping IP address 192.168.100.1 from DUT1:

admin@DUT1$ ping 192.168.100.1 count 1 size 56 timeout 1

Show output

PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data.
64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.460 ms

--- 192.168.100.1 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 0.460/0.460/0.460/0.000 ms

Step 4: Ping IP address 192.168.100.1 from DUT1:

admin@DUT1$ ping 192.168.100.1 count 3 size 56 timeout 1

Show output

PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data.
64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.227 ms
64 bytes from 192.168.100.1: icmp_seq=2 ttl=64 time=0.238 ms
64 bytes from 192.168.100.1: icmp_seq=3 ttl=64 time=0.338 ms

--- 192.168.100.1 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2032ms
rtt min/avg/max/mdev = 0.227/0.267/0.338/0.049 ms

Step 5: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:

ulogd\[.*\]:.*\[DESTROY\].*SRC=192.168.100.2

Show output

Nov 12 14:14:48.281371 osdx systemd-journald[1959]: Runtime Journal (/run/log/journal/5e4ed8d3546348e58126c9438c4a827c) is 1.8M, max 13.8M, 11.9M free.
Nov 12 14:14:48.283940 osdx systemd-journald[1959]: Received client request to rotate journal, rotating.
Nov 12 14:14:48.283983 osdx systemd-journald[1959]: Vacuuming done, freed 0B of archived journals from /run/log/journal/5e4ed8d3546348e58126c9438c4a827c.
Nov 12 14:14:48.290725 osdx OSDxCLI[290541]: User 'admin' executed a new command: 'system journal clear'.
Nov 12 14:14:48.491653 osdx OSDxCLI[290541]: User 'admin' executed a new command: 'system coredump delete all'.
Nov 12 14:14:48.747721 osdx OSDxCLI[290541]: User 'admin' entered the configuration menu.
Nov 12 14:14:48.821269 osdx OSDxCLI[290541]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 192.168.100.1/24'.
Nov 12 14:14:48.898246 osdx OSDxCLI[290541]: User 'admin' added a new cfg line: 'set system conntrack logging events destroy'.
Nov 12 14:14:48.951404 osdx OSDxCLI[290541]: User 'admin' added a new cfg line: 'set system conntrack timeout icmp 1'.
Nov 12 14:14:49.046500 osdx OSDxCLI[290541]: User 'admin' added a new cfg line: 'set service ssh'.
Nov 12 14:14:49.109197 osdx OSDxCLI[290541]: User 'admin' added a new cfg line: 'show working'.
Nov 12 14:14:49.200630 osdx ubnt-cfgd[354215]: inactive
Nov 12 14:14:49.346958 osdx INFO[354227]: FRR daemons did not change
Nov 12 14:14:49.375947 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0
Nov 12 14:14:49.417991 osdx WARNING[354300]: No supported link modes on interface eth0
Nov 12 14:14:49.419243 osdx modulelauncher[354300]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on
Nov 12 14:14:49.419256 osdx modulelauncher[354300]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76.
Nov 12 14:14:49.420338 osdx modulelauncher[354300]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off --
Nov 12 14:14:49.420345 osdx modulelauncher[354300]: Command '/sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off --' returned non-zero exit status 75.
Nov 12 14:14:49.468166 osdx systemd[1]: Starting ulogd2.service - Netfilter Userspace Logging Daemon...
Nov 12 14:14:49.468788 osdx systemd[1]: Started ulogd2.service - Netfilter Userspace Logging Daemon.
Nov 12 14:14:49.468932 osdx ulogd[354325]: registering plugin `NFCT'
Nov 12 14:14:49.469162 osdx ulogd[354325]: registering plugin `IP2STR'
Nov 12 14:14:49.469219 osdx ulogd[354325]: registering plugin `PRINTFLOW'
Nov 12 14:14:49.469263 osdx ulogd[354325]: registering plugin `SYSLOG'
Nov 12 14:14:49.469270 osdx ulogd[354325]: building new pluginstance stack: 'ct1:NFCT,ip2str1:IP2STR,print1:PRINTFLOW,sys1:SYSLOG'
Nov 12 14:14:49.469321 osdx ulogd[354325]: NFCT plugin working in event mode
Nov 12 14:14:49.469374 osdx ulogd[354325]: Changing UID / GID
Nov 12 14:14:49.469450 osdx ulogd[354325]: initialization finished, entering main loop
Nov 12 14:14:49.516345 osdx systemd[1]: Starting ssh.service - OpenBSD Secure Shell server...
Nov 12 14:14:49.528645 osdx sshd[354331]: Server listening on 0.0.0.0 port 22.
Nov 12 14:14:49.528678 osdx sshd[354331]: Server listening on :: port 22.
Nov 12 14:14:49.528803 osdx systemd[1]: Started ssh.service - OpenBSD Secure Shell server.
Nov 12 14:14:49.555552 osdx cfgd[1656]: [290541]Completed change to active configuration
Nov 12 14:14:49.567598 osdx OSDxCLI[290541]: User 'admin' committed the configuration.
Nov 12 14:14:49.587746 osdx OSDxCLI[290541]: User 'admin' left the configuration menu.
Nov 12 14:14:51.462680 osdx ulogd[354325]: [DESTROY] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84
Nov 12 14:14:52.486679 osdx ulogd[354325]: [DESTROY] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84

---

Default logging

Description

Set a simple configuration, send a ping command from one device to other and check that default fields appear when running system journal show.

Scenario

Step 1: Set the following configuration in DUT0 :

set interfaces ethernet eth0 address 192.168.100.1/24
set system conntrack logging events all
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'

Step 2: Set the following configuration in DUT1 :

set interfaces ethernet eth0 address 192.168.100.2/24
set protocols static route 0.0.0.0/0 next-hop 192.168.100.1
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'

Step 3: Ping IP address 192.168.100.1 from DUT1:

admin@DUT1$ ping 192.168.100.1 count 1 size 56 timeout 1

Show output

PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data.
64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.336 ms

--- 192.168.100.1 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 0.336/0.336/0.336/0.000 ms

Step 4: Ping IP address 192.168.100.1 from DUT1:

admin@DUT1$ ping 192.168.100.1 count 1 size 56 timeout 1

Show output

PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data.
64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.289 ms

--- 192.168.100.1 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 0.289/0.289/0.289/0.000 ms

Step 5: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:

ulogd\[.*\]:.*\[((NEW)|(UPDATE)|(DESTROY))\].*SRC=192.168.100.2

Show output

Nov 12 14:14:59.326333 osdx systemd-journald[1959]: Runtime Journal (/run/log/journal/5e4ed8d3546348e58126c9438c4a827c) is 1.8M, max 13.8M, 11.9M free.
Nov 12 14:14:59.330304 osdx systemd-journald[1959]: Received client request to rotate journal, rotating.
Nov 12 14:14:59.330362 osdx systemd-journald[1959]: Vacuuming done, freed 0B of archived journals from /run/log/journal/5e4ed8d3546348e58126c9438c4a827c.
Nov 12 14:14:59.335851 osdx OSDxCLI[290541]: User 'admin' executed a new command: 'system journal clear'.
Nov 12 14:14:59.533805 osdx OSDxCLI[290541]: User 'admin' executed a new command: 'system coredump delete all'.
Nov 12 14:14:59.779532 osdx OSDxCLI[290541]: User 'admin' entered the configuration menu.
Nov 12 14:14:59.864340 osdx OSDxCLI[290541]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 192.168.100.1/24'.
Nov 12 14:14:59.938150 osdx OSDxCLI[290541]: User 'admin' added a new cfg line: 'set system conntrack logging events all'.
Nov 12 14:14:59.999148 osdx OSDxCLI[290541]: User 'admin' added a new cfg line: 'show working'.
Nov 12 14:15:00.086742 osdx ubnt-cfgd[354542]: inactive
Nov 12 14:15:00.103228 osdx INFO[354548]: FRR daemons did not change
Nov 12 14:15:00.126321 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0
Nov 12 14:15:00.171822 osdx WARNING[354619]: No supported link modes on interface eth0
Nov 12 14:15:00.173079 osdx modulelauncher[354619]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on
Nov 12 14:15:00.173091 osdx modulelauncher[354619]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76.
Nov 12 14:15:00.174121 osdx modulelauncher[354619]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off --
Nov 12 14:15:00.174128 osdx modulelauncher[354619]: Command '/sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off --' returned non-zero exit status 75.
Nov 12 14:15:00.275256 osdx systemd[1]: Starting ulogd2.service - Netfilter Userspace Logging Daemon...
Nov 12 14:15:00.276980 osdx systemd[1]: Started ulogd2.service - Netfilter Userspace Logging Daemon.
Nov 12 14:15:00.277503 osdx ulogd[354644]: registering plugin `NFCT'
Nov 12 14:15:00.278108 osdx ulogd[354644]: registering plugin `IP2STR'
Nov 12 14:15:00.278249 osdx ulogd[354644]: registering plugin `PRINTFLOW'
Nov 12 14:15:00.278406 osdx ulogd[354644]: registering plugin `SYSLOG'
Nov 12 14:15:00.278536 osdx ulogd[354644]: building new pluginstance stack: 'ct1:NFCT,ip2str1:IP2STR,print1:PRINTFLOW,sys1:SYSLOG'
Nov 12 14:15:00.278700 osdx ulogd[354644]: NFCT plugin working in event mode
Nov 12 14:15:00.278731 osdx ulogd[354644]: Changing UID / GID
Nov 12 14:15:00.278952 osdx ulogd[354644]: initialization finished, entering main loop
Nov 12 14:15:00.279943 osdx cfgd[1656]: [290541]Completed change to active configuration
Nov 12 14:15:00.307014 osdx OSDxCLI[290541]: User 'admin' committed the configuration.
Nov 12 14:15:00.328090 osdx OSDxCLI[290541]: User 'admin' left the configuration menu.
Nov 12 14:15:01.198583 osdx ulogd[354644]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0
Nov 12 14:15:01.198606 osdx ulogd[354644]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0
Nov 12 14:15:01.276991 osdx ulogd[354644]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0
Nov 12 14:15:01.277016 osdx ulogd[354644]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0

---

Identity logging

Description

Set a simple configuration with identity OSDx_DUT0 for logs entries, send a ping command from one device to other and check that the identity has changed when running system journal show.

Scenario

Step 1: Set the following configuration in DUT0 :

set interfaces ethernet eth0 address 192.168.100.1/24
set system conntrack logging events all
set system conntrack logging identity OSDx_DUT0
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'

Step 2: Set the following configuration in DUT1 :

set interfaces ethernet eth0 address 192.168.100.2/24
set protocols static route 0.0.0.0/0 next-hop 192.168.100.1
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'

Step 3: Ping IP address 192.168.100.1 from DUT1:

admin@DUT1$ ping 192.168.100.1 count 1 size 56 timeout 1

Show output

PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data.
64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.356 ms

--- 192.168.100.1 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 0.356/0.356/0.356/0.000 ms

Step 4: Ping IP address 192.168.100.1 from DUT1:

admin@DUT1$ ping 192.168.100.1 count 1 size 56 timeout 1

Show output

PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data.
64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.282 ms

--- 192.168.100.1 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 0.282/0.282/0.282/0.000 ms

Step 5: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:

OSDx_DUT0\[.*\]:.*\[((NEW)|(UPDATE)|(DESTROY))\].*SRC=192.168.100.2

Show output

Nov 12 14:15:05.330871 osdx systemd-journald[1959]: Runtime Journal (/run/log/journal/5e4ed8d3546348e58126c9438c4a827c) is 1.8M, max 13.8M, 11.9M free.
Nov 12 14:15:05.334028 osdx systemd-journald[1959]: Received client request to rotate journal, rotating.
Nov 12 14:15:05.334090 osdx systemd-journald[1959]: Vacuuming done, freed 0B of archived journals from /run/log/journal/5e4ed8d3546348e58126c9438c4a827c.
Nov 12 14:15:05.341871 osdx OSDxCLI[290541]: User 'admin' executed a new command: 'system journal clear'.
Nov 12 14:15:05.582745 osdx OSDxCLI[290541]: User 'admin' executed a new command: 'system coredump delete all'.
Nov 12 14:15:05.868335 osdx OSDxCLI[290541]: User 'admin' entered the configuration menu.
Nov 12 14:15:05.946600 osdx OSDxCLI[290541]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 192.168.100.1/24'.
Nov 12 14:15:06.015210 osdx OSDxCLI[290541]: User 'admin' added a new cfg line: 'set system conntrack logging events all'.
Nov 12 14:15:06.109680 osdx OSDxCLI[290541]: User 'admin' added a new cfg line: 'set system conntrack logging identity OSDx_DUT0'.
Nov 12 14:15:06.167972 osdx OSDxCLI[290541]: User 'admin' added a new cfg line: 'show working'.
Nov 12 14:15:06.260001 osdx ubnt-cfgd[354836]: inactive
Nov 12 14:15:06.276337 osdx INFO[354842]: FRR daemons did not change
Nov 12 14:15:06.302033 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0
Nov 12 14:15:06.344109 osdx WARNING[354913]: No supported link modes on interface eth0
Nov 12 14:15:06.345425 osdx modulelauncher[354913]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on
Nov 12 14:15:06.345438 osdx modulelauncher[354913]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76.
Nov 12 14:15:06.346874 osdx modulelauncher[354913]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off --
Nov 12 14:15:06.346882 osdx modulelauncher[354913]: Command '/sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off --' returned non-zero exit status 75.
Nov 12 14:15:06.394330 osdx systemd[1]: Starting ulogd2.service - Netfilter Userspace Logging Daemon...
Nov 12 14:15:06.395034 osdx systemd[1]: Started ulogd2.service - Netfilter Userspace Logging Daemon.
Nov 12 14:15:06.395289 osdx ulogd[354938]: registering plugin `NFCT'
Nov 12 14:15:06.395814 osdx ulogd[354938]: registering plugin `IP2STR'
Nov 12 14:15:06.395869 osdx ulogd[354938]: registering plugin `PRINTFLOW'
Nov 12 14:15:06.395925 osdx ulogd[354938]: registering plugin `SYSLOG'
Nov 12 14:15:06.395932 osdx ulogd[354938]: building new pluginstance stack: 'ct1:NFCT,ip2str1:IP2STR,print1:PRINTFLOW,sys1:SYSLOG'
Nov 12 14:15:06.395984 osdx ulogd[354938]: NFCT plugin working in event mode
Nov 12 14:15:06.395995 osdx OSDx_DUT0[354938]: Changing UID / GID
Nov 12 14:15:06.396257 osdx cfgd[1656]: [290541]Completed change to active configuration
Nov 12 14:15:06.396358 osdx OSDx_DUT0[354938]: initialization finished, entering main loop
Nov 12 14:15:06.407171 osdx OSDxCLI[290541]: User 'admin' committed the configuration.
Nov 12 14:15:06.422358 osdx OSDxCLI[290541]: User 'admin' left the configuration menu.
Nov 12 14:15:07.176995 osdx OSDx_DUT0[354938]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0
Nov 12 14:15:07.177014 osdx OSDx_DUT0[354938]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0
Nov 12 14:15:07.259118 osdx OSDx_DUT0[354938]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0
Nov 12 14:15:07.259140 osdx OSDx_DUT0[354938]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0

Note

If the identity is not provided, “ulogd” will be used by default.

Step 6: Modify the following configuration lines in DUT0 :

delete system conntrack logging identity

Step 7: Ping IP address 192.168.100.1 from DUT1:

admin@DUT1$ ping 192.168.100.1 count 1 size 56 timeout 1

Show output

PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data.
64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.193 ms

--- 192.168.100.1 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 0.193/0.193/0.193/0.000 ms

Step 8: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:

ulogd\[.*\]:.*\[((NEW)|(UPDATE)|(DESTROY))\].*SRC=192.168.100.2

Show output

Nov 12 14:15:05.330871 osdx systemd-journald[1959]: Runtime Journal (/run/log/journal/5e4ed8d3546348e58126c9438c4a827c) is 1.8M, max 13.8M, 11.9M free.
Nov 12 14:15:05.334028 osdx systemd-journald[1959]: Received client request to rotate journal, rotating.
Nov 12 14:15:05.334090 osdx systemd-journald[1959]: Vacuuming done, freed 0B of archived journals from /run/log/journal/5e4ed8d3546348e58126c9438c4a827c.
Nov 12 14:15:05.341871 osdx OSDxCLI[290541]: User 'admin' executed a new command: 'system journal clear'.
Nov 12 14:15:05.582745 osdx OSDxCLI[290541]: User 'admin' executed a new command: 'system coredump delete all'.
Nov 12 14:15:05.868335 osdx OSDxCLI[290541]: User 'admin' entered the configuration menu.
Nov 12 14:15:05.946600 osdx OSDxCLI[290541]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 192.168.100.1/24'.
Nov 12 14:15:06.015210 osdx OSDxCLI[290541]: User 'admin' added a new cfg line: 'set system conntrack logging events all'.
Nov 12 14:15:06.109680 osdx OSDxCLI[290541]: User 'admin' added a new cfg line: 'set system conntrack logging identity OSDx_DUT0'.
Nov 12 14:15:06.167972 osdx OSDxCLI[290541]: User 'admin' added a new cfg line: 'show working'.
Nov 12 14:15:06.260001 osdx ubnt-cfgd[354836]: inactive
Nov 12 14:15:06.276337 osdx INFO[354842]: FRR daemons did not change
Nov 12 14:15:06.302033 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0
Nov 12 14:15:06.344109 osdx WARNING[354913]: No supported link modes on interface eth0
Nov 12 14:15:06.345425 osdx modulelauncher[354913]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on
Nov 12 14:15:06.345438 osdx modulelauncher[354913]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76.
Nov 12 14:15:06.346874 osdx modulelauncher[354913]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off --
Nov 12 14:15:06.346882 osdx modulelauncher[354913]: Command '/sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off --' returned non-zero exit status 75.
Nov 12 14:15:06.394330 osdx systemd[1]: Starting ulogd2.service - Netfilter Userspace Logging Daemon...
Nov 12 14:15:06.395034 osdx systemd[1]: Started ulogd2.service - Netfilter Userspace Logging Daemon.
Nov 12 14:15:06.395289 osdx ulogd[354938]: registering plugin `NFCT'
Nov 12 14:15:06.395814 osdx ulogd[354938]: registering plugin `IP2STR'
Nov 12 14:15:06.395869 osdx ulogd[354938]: registering plugin `PRINTFLOW'
Nov 12 14:15:06.395925 osdx ulogd[354938]: registering plugin `SYSLOG'
Nov 12 14:15:06.395932 osdx ulogd[354938]: building new pluginstance stack: 'ct1:NFCT,ip2str1:IP2STR,print1:PRINTFLOW,sys1:SYSLOG'
Nov 12 14:15:06.395984 osdx ulogd[354938]: NFCT plugin working in event mode
Nov 12 14:15:06.395995 osdx OSDx_DUT0[354938]: Changing UID / GID
Nov 12 14:15:06.396257 osdx cfgd[1656]: [290541]Completed change to active configuration
Nov 12 14:15:06.396358 osdx OSDx_DUT0[354938]: initialization finished, entering main loop
Nov 12 14:15:06.407171 osdx OSDxCLI[290541]: User 'admin' committed the configuration.
Nov 12 14:15:06.422358 osdx OSDxCLI[290541]: User 'admin' left the configuration menu.
Nov 12 14:15:07.176995 osdx OSDx_DUT0[354938]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0
Nov 12 14:15:07.177014 osdx OSDx_DUT0[354938]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0
Nov 12 14:15:07.259118 osdx OSDx_DUT0[354938]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0
Nov 12 14:15:07.259140 osdx OSDx_DUT0[354938]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0
Nov 12 14:15:07.378881 osdx OSDxCLI[290541]: User 'admin' executed a new command: 'system journal show | cat'.
Nov 12 14:15:07.521493 osdx OSDxCLI[290541]: User 'admin' entered the configuration menu.
Nov 12 14:15:07.604876 osdx OSDxCLI[290541]: User 'admin' added a new cfg line: 'delete system conntrack logging identity'.
Nov 12 14:15:07.702135 osdx OSDxCLI[290541]: User 'admin' added a new cfg line: 'show changes'.
Nov 12 14:15:07.766119 osdx ubnt-cfgd[354974]: inactive
Nov 12 14:15:07.781955 osdx INFO[354980]: FRR daemons did not change
Nov 12 14:15:07.795422 osdx OSDx_DUT0[354938]: Terminal signal received, exiting
Nov 12 14:15:07.795528 osdx systemd[1]: Stopping ulogd2.service - Netfilter Userspace Logging Daemon...
Nov 12 14:15:07.795805 osdx systemd[1]: ulogd2.service: Deactivated successfully.
Nov 12 14:15:07.795913 osdx systemd[1]: Stopped ulogd2.service - Netfilter Userspace Logging Daemon.
Nov 12 14:15:07.814313 osdx systemd[1]: Starting ulogd2.service - Netfilter Userspace Logging Daemon...
Nov 12 14:15:07.814953 osdx systemd[1]: Started ulogd2.service - Netfilter Userspace Logging Daemon.
Nov 12 14:15:07.815121 osdx ulogd[354988]: registering plugin `NFCT'
Nov 12 14:15:07.815346 osdx ulogd[354988]: registering plugin `IP2STR'
Nov 12 14:15:07.815395 osdx ulogd[354988]: registering plugin `PRINTFLOW'
Nov 12 14:15:07.815444 osdx ulogd[354988]: registering plugin `SYSLOG'
Nov 12 14:15:07.815451 osdx ulogd[354988]: building new pluginstance stack: 'ct1:NFCT,ip2str1:IP2STR,print1:PRINTFLOW,sys1:SYSLOG'
Nov 12 14:15:07.815501 osdx ulogd[354988]: NFCT plugin working in event mode
Nov 12 14:15:07.815511 osdx ulogd[354988]: Changing UID / GID
Nov 12 14:15:07.815583 osdx ulogd[354988]: initialization finished, entering main loop
Nov 12 14:15:07.816564 osdx cfgd[1656]: [290541]Completed change to active configuration
Nov 12 14:15:07.817937 osdx ulogd[354988]: [DESTROY] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84
Nov 12 14:15:07.817954 osdx ulogd[354988]: [DESTROY] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84
Nov 12 14:15:07.818509 osdx OSDxCLI[290541]: User 'admin' committed the configuration.
Nov 12 14:15:07.833125 osdx OSDxCLI[290541]: User 'admin' left the configuration menu.
Nov 12 14:15:07.973313 osdx ulogd[354988]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0
Nov 12 14:15:07.973339 osdx ulogd[354988]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0

---

Policies logging

Description

Set a simple configuration with mark and label traffic policies, send a ping command from one device to other and check that default, mark and label fields appear when running system journal show.

Scenario

Step 1: Set the following configuration in DUT0 :

set interfaces ethernet eth0 address 192.168.100.1/24
set interfaces ethernet eth0 traffic policy in POLICY
set system conntrack logging events all
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
set traffic label TEST
set traffic policy POLICY rule 1 set connmark 33
set traffic policy POLICY rule 1 set label TEST

Step 2: Set the following configuration in DUT1 :

set interfaces ethernet eth0 address 192.168.100.2/24
set protocols static route 0.0.0.0/0 next-hop 192.168.100.1
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'

Step 3: Ping IP address 192.168.100.1 from DUT1:

admin@DUT1$ ping 192.168.100.1 count 1 size 56 timeout 1

Show output

PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data.
64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.322 ms

--- 192.168.100.1 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 0.322/0.322/0.322/0.000 ms

Step 4: Ping IP address 192.168.100.1 from DUT1:

admin@DUT1$ ping 192.168.100.1 count 2 size 56 timeout 1

Show output

PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data.
64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.247 ms
64 bytes from 192.168.100.1: icmp_seq=2 ttl=64 time=0.241 ms

--- 192.168.100.1 ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1009ms
rtt min/avg/max/mdev = 0.241/0.244/0.247/0.003 ms

Step 5: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:

ulogd\[.*\]:.*\[((NEW)|(UPDATE)|(DESTROY))\].*MARK=33.*LABELS=TEST

Show output

Nov 12 14:15:12.306329 osdx systemd-journald[1959]: Runtime Journal (/run/log/journal/5e4ed8d3546348e58126c9438c4a827c) is 1.8M, max 13.8M, 11.9M free.
Nov 12 14:15:12.308633 osdx systemd-journald[1959]: Received client request to rotate journal, rotating.
Nov 12 14:15:12.308700 osdx systemd-journald[1959]: Vacuuming done, freed 0B of archived journals from /run/log/journal/5e4ed8d3546348e58126c9438c4a827c.
Nov 12 14:15:12.315638 osdx OSDxCLI[290541]: User 'admin' executed a new command: 'system journal clear'.
Nov 12 14:15:12.516552 osdx OSDxCLI[290541]: User 'admin' executed a new command: 'system coredump delete all'.
Nov 12 14:15:12.721336 osdx OSDxCLI[290541]: User 'admin' entered the configuration menu.
Nov 12 14:15:12.838670 osdx OSDxCLI[290541]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 traffic policy in POLICY'.
Nov 12 14:15:12.887770 osdx OSDxCLI[290541]: User 'admin' added a new cfg line: 'set traffic label TEST'.
Nov 12 14:15:12.976226 osdx OSDxCLI[290541]: User 'admin' added a new cfg line: 'set traffic policy POLICY rule 1 set connmark 33'.
Nov 12 14:15:13.031737 osdx OSDxCLI[290541]: User 'admin' added a new cfg line: 'set traffic policy POLICY rule 1 set label TEST'.
Nov 12 14:15:13.123421 osdx OSDxCLI[290541]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 192.168.100.1/24'.
Nov 12 14:15:13.176856 osdx OSDxCLI[290541]: User 'admin' added a new cfg line: 'set system conntrack logging events all'.
Nov 12 14:15:13.281825 osdx OSDxCLI[290541]: User 'admin' added a new cfg line: 'show working'.
Nov 12 14:15:13.339767 osdx ubnt-cfgd[355154]: inactive
Nov 12 14:15:13.365477 osdx INFO[355168]: FRR daemons did not change
Nov 12 14:15:13.388628 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0
Nov 12 14:15:13.427933 osdx WARNING[355239]: No supported link modes on interface eth0
Nov 12 14:15:13.429229 osdx modulelauncher[355239]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on
Nov 12 14:15:13.429243 osdx modulelauncher[355239]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76.
Nov 12 14:15:13.430314 osdx modulelauncher[355239]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off --
Nov 12 14:15:13.430321 osdx modulelauncher[355239]: Command '/sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off --' returned non-zero exit status 75.
Nov 12 14:15:13.488903 osdx systemd[1]: Starting ulogd2.service - Netfilter Userspace Logging Daemon...
Nov 12 14:15:13.489652 osdx systemd[1]: Started ulogd2.service - Netfilter Userspace Logging Daemon.
Nov 12 14:15:13.489811 osdx ulogd[355264]: registering plugin `NFCT'
Nov 12 14:15:13.489988 osdx ulogd[355264]: registering plugin `IP2STR'
Nov 12 14:15:13.490027 osdx ulogd[355264]: registering plugin `PRINTFLOW'
Nov 12 14:15:13.490067 osdx ulogd[355264]: registering plugin `SYSLOG'
Nov 12 14:15:13.490100 osdx ulogd[355264]: building new pluginstance stack: 'ct1:NFCT,ip2str1:IP2STR,print1:PRINTFLOW,sys1:SYSLOG'
Nov 12 14:15:13.490141 osdx ulogd[355264]: NFCT plugin working in event mode
Nov 12 14:15:13.490149 osdx ulogd[355264]: Changing UID / GID
Nov 12 14:15:13.490215 osdx ulogd[355264]: initialization finished, entering main loop
Nov 12 14:15:13.499640 osdx ulogd[355264]: Terminal signal received, exiting
Nov 12 14:15:13.499754 osdx systemd[1]: Stopping ulogd2.service - Netfilter Userspace Logging Daemon...
Nov 12 14:15:13.500011 osdx systemd[1]: ulogd2.service: Deactivated successfully.
Nov 12 14:15:13.500109 osdx systemd[1]: Stopped ulogd2.service - Netfilter Userspace Logging Daemon.
Nov 12 14:15:13.501074 osdx systemd[1]: Starting ulogd2.service - Netfilter Userspace Logging Daemon...
Nov 12 14:15:13.501860 osdx systemd[1]: Started ulogd2.service - Netfilter Userspace Logging Daemon.
Nov 12 14:15:13.502069 osdx ulogd[355270]: registering plugin `NFCT'
Nov 12 14:15:13.502119 osdx ulogd[355270]: registering plugin `IP2STR'
Nov 12 14:15:13.502164 osdx ulogd[355270]: registering plugin `PRINTFLOW'
Nov 12 14:15:13.502221 osdx ulogd[355270]: registering plugin `SYSLOG'
Nov 12 14:15:13.502225 osdx ulogd[355270]: building new pluginstance stack: 'ct1:NFCT,ip2str1:IP2STR,print1:PRINTFLOW,sys1:SYSLOG'
Nov 12 14:15:13.502674 osdx ulogd[355270]: NFCT plugin working in event mode
Nov 12 14:15:13.502685 osdx ulogd[355270]: Changing UID / GID
Nov 12 14:15:13.502756 osdx ulogd[355270]: initialization finished, entering main loop
Nov 12 14:15:13.731423 osdx cfgd[1656]: [290541]Completed change to active configuration
Nov 12 14:15:13.742536 osdx OSDxCLI[290541]: User 'admin' committed the configuration.
Nov 12 14:15:13.766176 osdx OSDxCLI[290541]: User 'admin' left the configuration menu.
Nov 12 14:15:14.567903 osdx ulogd[355270]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 MARK=33 LABELS=TEST
Nov 12 14:15:14.567921 osdx ulogd[355270]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 MARK=33
Nov 12 14:15:14.650666 osdx ulogd[355270]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 MARK=33 LABELS=TEST
Nov 12 14:15:14.650689 osdx ulogd[355270]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 MARK=33

---

VRF logging

Description

Set a simple configuration with a vrf, send a ping command from one device to other and check that default and vrf fields appear when running system journal show.

Scenario

Step 1: Set the following configuration in DUT0 :

set interfaces ethernet eth0 address 192.168.100.1/24
set interfaces ethernet eth0 vrf RED
set protocols vrf RED static route 0.0.0.0/0 next-hop 192.168.100.2
set system conntrack logging events all
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
set system vrf RED

Step 2: Set the following configuration in DUT1 :

set interfaces ethernet eth0 address 192.168.100.2/24
set protocols static route 0.0.0.0/0 next-hop 192.168.100.1
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'

Step 3: Ping IP address 192.168.100.1 from DUT1:

admin@DUT1$ ping 192.168.100.1 count 1 size 56 timeout 1

Show output

PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data.
64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.314 ms

--- 192.168.100.1 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 0.314/0.314/0.314/0.000 ms

Step 4: Ping IP address 192.168.100.1 from DUT1:

admin@DUT1$ ping 192.168.100.1 count 1 size 56 timeout 1

Show output

PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data.
64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.243 ms

--- 192.168.100.1 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 0.243/0.243/0.243/0.000 ms

Step 5: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:

ulogd\[.*\]:.*\[((NEW)|(UPDATE)|(DESTROY))\].*VRF=RED

Show output

Nov 12 14:15:20.296544 osdx systemd-journald[1959]: Runtime Journal (/run/log/journal/5e4ed8d3546348e58126c9438c4a827c) is 1.8M, max 13.8M, 11.9M free.
Nov 12 14:15:20.299504 osdx systemd-journald[1959]: Received client request to rotate journal, rotating.
Nov 12 14:15:20.299548 osdx systemd-journald[1959]: Vacuuming done, freed 0B of archived journals from /run/log/journal/5e4ed8d3546348e58126c9438c4a827c.
Nov 12 14:15:20.308315 osdx OSDxCLI[290541]: User 'admin' executed a new command: 'system journal clear'.
Nov 12 14:15:20.527648 osdx OSDxCLI[290541]: User 'admin' executed a new command: 'system coredump delete all'.
Nov 12 14:15:20.736223 osdx OSDxCLI[290541]: User 'admin' entered the configuration menu.
Nov 12 14:15:20.809529 osdx OSDxCLI[290541]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 vrf RED'.
Nov 12 14:15:20.890363 osdx OSDxCLI[290541]: User 'admin' added a new cfg line: 'set protocols vrf RED static route 0.0.0.0/0 next-hop 192.168.100.2'.
Nov 12 14:15:20.939470 osdx OSDxCLI[290541]: User 'admin' added a new cfg line: 'set system vrf RED'.
Nov 12 14:15:21.035072 osdx OSDxCLI[290541]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 192.168.100.1/24'.
Nov 12 14:15:21.085604 osdx OSDxCLI[290541]: User 'admin' added a new cfg line: 'set system conntrack logging events all'.
Nov 12 14:15:21.185342 osdx OSDxCLI[290541]: User 'admin' added a new cfg line: 'show working'.
Nov 12 14:15:21.263707 osdx ubnt-cfgd[355506]: inactive
Nov 12 14:15:21.284835 osdx INFO[355512]: FRR daemons did not change
Nov 12 14:15:21.296695 osdx (udev-worker)[355522]: RED: Could not disable auto negotiation, ignoring: Operation not supported
Nov 12 14:15:21.296755 osdx (udev-worker)[355522]: Network interface NamePolicy= disabled on kernel command line.
Nov 12 14:15:21.331506 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0
Nov 12 14:15:21.381319 osdx WARNING[355597]: No supported link modes on interface eth0
Nov 12 14:15:21.382545 osdx modulelauncher[355597]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on
Nov 12 14:15:21.382558 osdx modulelauncher[355597]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76.
Nov 12 14:15:21.383613 osdx modulelauncher[355597]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off --
Nov 12 14:15:21.383620 osdx modulelauncher[355597]: Command '/sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off --' returned non-zero exit status 75.
Nov 12 14:15:21.395515 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0
Nov 12 14:15:21.495834 osdx systemd[1]: Starting ulogd2.service - Netfilter Userspace Logging Daemon...
Nov 12 14:15:21.496524 osdx systemd[1]: Started ulogd2.service - Netfilter Userspace Logging Daemon.
Nov 12 14:15:21.496649 osdx ulogd[355683]: registering plugin `NFCT'
Nov 12 14:15:21.496837 osdx ulogd[355683]: registering plugin `IP2STR'
Nov 12 14:15:21.497222 osdx ulogd[355683]: registering plugin `PRINTFLOW'
Nov 12 14:15:21.497271 osdx ulogd[355683]: registering plugin `SYSLOG'
Nov 12 14:15:21.497311 osdx ulogd[355683]: building new pluginstance stack: 'ct1:NFCT,ip2str1:IP2STR,print1:PRINTFLOW,sys1:SYSLOG'
Nov 12 14:15:21.497376 osdx ulogd[355683]: NFCT plugin working in event mode
Nov 12 14:15:21.497418 osdx ulogd[355683]: Changing UID / GID
Nov 12 14:15:21.497506 osdx ulogd[355683]: initialization finished, entering main loop
Nov 12 14:15:21.497651 osdx cfgd[1656]: [290541]Completed change to active configuration
Nov 12 14:15:21.508925 osdx OSDxCLI[290541]: User 'admin' committed the configuration.
Nov 12 14:15:21.542127 osdx OSDxCLI[290541]: User 'admin' left the configuration menu.
Nov 12 14:15:22.347460 osdx ulogd[355683]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 VRF=RED PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 VRF=RED PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0
Nov 12 14:15:22.347480 osdx ulogd[355683]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 VRF=RED PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 VRF=RED PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0
Nov 12 14:15:22.428087 osdx ulogd[355683]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 VRF=RED PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 VRF=RED PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0
Nov 12 14:15:22.428107 osdx ulogd[355683]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 VRF=RED PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 VRF=RED PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0

---

Not-Bypass logging

Description

Set a simple configuration with a firewall service, send a ping command from one device to other and check that default and bypass fields appear when running system journal show.

Scenario

Step 1: Set the following configuration in DUT0 :

set interfaces ethernet eth1 address 10.215.168.64/24
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'

Step 2: Ping IP address 10.215.168.1 from DUT0:

admin@DUT0$ ping 10.215.168.1 count 1 size 56 timeout 1

Show output

PING 10.215.168.1 (10.215.168.1) 56(84) bytes of data.
64 bytes from 10.215.168.1: icmp_seq=1 ttl=64 time=0.219 ms

--- 10.215.168.1 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 0.219/0.219/0.219/0.000 ms

Step 3: Run command file copy http://10.215.168.1/~robot/test-performance.rules running:// force at DUT0 and expect this output:

Show output

  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100   129  100   129    0     0   2725      0 --:--:-- --:--:-- --:--:--  2744

Step 4: Set the following configuration in DUT0 :

set interfaces ethernet eth0 address 192.168.100.1/24
set interfaces ethernet eth0 traffic policy in POLICY
set interfaces ethernet eth1 address 10.215.168.64/24
set service firewall FW mode inline queue FW_Q
set service firewall FW ruleset file 'running://test-performance.rules'
set service firewall FW stream bypass mark 129834765
set service firewall FW stream bypass mask 129834765
set service firewall FW stream bypass set-connmark
set system conntrack logging events all
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
set traffic policy POLICY rule 1 action enqueue FW_Q
set traffic queue FW_Q elements 1

Step 5: Set the following configuration in DUT1 :

set interfaces ethernet eth0 address 192.168.100.2/24
set protocols static route 0.0.0.0/0 next-hop 192.168.100.1
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'

Step 6: Ping IP address 192.168.100.1 from DUT1:

admin@DUT1$ ping 192.168.100.1 count 1 size 56 timeout 1

Show output

PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data.
64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.459 ms

--- 192.168.100.1 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 0.459/0.459/0.459/0.000 ms

Step 7: Ping IP address 192.168.100.1 from DUT1:

admin@DUT1$ ping 192.168.100.1 count 1 size 56 timeout 1

Show output

PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data.
64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.281 ms

--- 192.168.100.1 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 0.281/0.281/0.281/0.000 ms

Step 8: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:

ulogd\[.*\]:.*\[((NEW)|(UPDATE)|(DESTROY))\].*Sc: not-bypass

Show output

Nov 12 14:15:27.278364 osdx systemd-journald[1959]: Runtime Journal (/run/log/journal/5e4ed8d3546348e58126c9438c4a827c) is 1.8M, max 13.8M, 11.9M free.
Nov 12 14:15:27.281823 osdx systemd-journald[1959]: Received client request to rotate journal, rotating.
Nov 12 14:15:27.281887 osdx systemd-journald[1959]: Vacuuming done, freed 0B of archived journals from /run/log/journal/5e4ed8d3546348e58126c9438c4a827c.
Nov 12 14:15:27.288660 osdx OSDxCLI[290541]: User 'admin' executed a new command: 'system journal clear'.
Nov 12 14:15:27.500030 osdx OSDxCLI[290541]: User 'admin' executed a new command: 'system coredump delete all'.
Nov 12 14:15:27.760494 osdx OSDxCLI[290541]: User 'admin' entered the configuration menu.
Nov 12 14:15:27.846171 osdx OSDxCLI[290541]: User 'admin' added a new cfg line: 'set interfaces ethernet eth1 address 10.215.168.64/24'.
Nov 12 14:15:27.935531 osdx OSDxCLI[290541]: User 'admin' added a new cfg line: 'show working'.
Nov 12 14:15:27.993255 osdx ubnt-cfgd[355950]: inactive
Nov 12 14:15:28.011860 osdx INFO[355956]: FRR daemons did not change
Nov 12 14:15:28.037827 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth1
Nov 12 14:15:28.079507 osdx WARNING[356024]: No supported link modes on interface eth1
Nov 12 14:15:28.081082 osdx modulelauncher[356024]: osdx.utils.xos cmd error: /sbin/ethtool -A eth1 autoneg on
Nov 12 14:15:28.081095 osdx modulelauncher[356024]: Command '/sbin/ethtool -A eth1 autoneg on' returned non-zero exit status 76.
Nov 12 14:15:28.082272 osdx modulelauncher[356024]: osdx.utils.xos cmd error: /sbin/ethtool -s eth1 autoneg on advertise Asym_Pause off Pause off --
Nov 12 14:15:28.082278 osdx modulelauncher[356024]: Command '/sbin/ethtool -s eth1 autoneg on advertise Asym_Pause off Pause off --' returned non-zero exit status 75.
Nov 12 14:15:28.094893 osdx cfgd[1656]: [290541]Completed change to active configuration
Nov 12 14:15:28.113856 osdx OSDxCLI[290541]: User 'admin' committed the configuration.
Nov 12 14:15:28.133380 osdx OSDxCLI[290541]: User 'admin' left the configuration menu.
Nov 12 14:15:28.328024 osdx OSDxCLI[290541]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'.
Nov 12 14:15:28.477430 osdx file_operation[356078]: using src url: http://10.215.168.1/~robot/test-performance.rules dst url: running://
Nov 12 14:15:28.544016 osdx OSDxCLI[290541]: User 'admin' executed a new command: 'file copy http://10.215.168.1/~robot/test-performance.rules running:// force'.
Nov 12 14:15:28.694565 osdx OSDxCLI[290541]: User 'admin' entered the configuration menu.
Nov 12 14:15:28.764739 osdx OSDxCLI[290541]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 traffic policy in POLICY'.
Nov 12 14:15:28.856753 osdx OSDxCLI[290541]: User 'admin' added a new cfg line: 'set service firewall FW mode inline queue FW_Q'.
Nov 12 14:15:28.907627 osdx OSDxCLI[290541]: User 'admin' added a new cfg line: 'set service firewall FW ruleset file running://test-performance.rules'.
Nov 12 14:15:28.997991 osdx OSDxCLI[290541]: User 'admin' added a new cfg line: 'set service firewall FW stream bypass'.
Nov 12 14:15:29.050482 osdx OSDxCLI[290541]: User 'admin' added a new cfg line: 'set service firewall FW stream bypass mark 129834765'.
Nov 12 14:15:29.141794 osdx OSDxCLI[290541]: User 'admin' added a new cfg line: 'set service firewall FW stream bypass mask 129834765'.
Nov 12 14:15:29.196750 osdx OSDxCLI[290541]: User 'admin' added a new cfg line: 'set service firewall FW stream bypass set-connmark'.
Nov 12 14:15:29.289928 osdx OSDxCLI[290541]: User 'admin' added a new cfg line: 'set traffic queue FW_Q elements 1'.
Nov 12 14:15:29.347935 osdx OSDxCLI[290541]: User 'admin' added a new cfg line: 'set traffic policy POLICY rule 1 action enqueue FW_Q'.
Nov 12 14:15:29.453553 osdx OSDxCLI[290541]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 192.168.100.1/24'.
Nov 12 14:15:29.503972 osdx OSDxCLI[290541]: User 'admin' added a new cfg line: 'set system conntrack logging events all'.
Nov 12 14:15:29.630223 osdx OSDxCLI[290541]: User 'admin' added a new cfg line: 'show working'.
Nov 12 14:15:29.692248 osdx ubnt-cfgd[356112]: inactive
Nov 12 14:15:29.727592 osdx INFO[356129]: FRR daemons did not change
Nov 12 14:15:29.749827 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0
Nov 12 14:15:29.793682 osdx WARNING[356200]: No supported link modes on interface eth0
Nov 12 14:15:29.794940 osdx modulelauncher[356200]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on
Nov 12 14:15:29.794951 osdx modulelauncher[356200]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76.
Nov 12 14:15:29.796083 osdx modulelauncher[356200]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off --
Nov 12 14:15:29.796090 osdx modulelauncher[356200]: Command '/sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off --' returned non-zero exit status 75.
Nov 12 14:15:29.854172 osdx systemd[1]: Starting ulogd2.service - Netfilter Userspace Logging Daemon...
Nov 12 14:15:29.854966 osdx systemd[1]: Started ulogd2.service - Netfilter Userspace Logging Daemon.
Nov 12 14:15:29.855102 osdx ulogd[356225]: registering plugin `NFCT'
Nov 12 14:15:29.855295 osdx ulogd[356225]: registering plugin `IP2STR'
Nov 12 14:15:29.855377 osdx ulogd[356225]: registering plugin `PRINTFLOW'
Nov 12 14:15:29.855459 osdx ulogd[356225]: registering plugin `SYSLOG'
Nov 12 14:15:29.855466 osdx ulogd[356225]: building new pluginstance stack: 'ct1:NFCT,ip2str1:IP2STR,print1:PRINTFLOW,sys1:SYSLOG'
Nov 12 14:15:29.855517 osdx ulogd[356225]: NFCT plugin working in event mode
Nov 12 14:15:29.855524 osdx ulogd[356225]: Changing UID / GID
Nov 12 14:15:29.855606 osdx ulogd[356225]: initialization finished, entering main loop
Nov 12 14:15:30.068783 osdx ulogd[356225]: Terminal signal received, exiting
Nov 12 14:15:30.068864 osdx systemd[1]: Stopping ulogd2.service - Netfilter Userspace Logging Daemon...
Nov 12 14:15:30.069129 osdx systemd[1]: ulogd2.service: Deactivated successfully.
Nov 12 14:15:30.069218 osdx systemd[1]: Stopped ulogd2.service - Netfilter Userspace Logging Daemon.
Nov 12 14:15:30.114127 osdx systemd[1]: Starting ulogd2.service - Netfilter Userspace Logging Daemon...
Nov 12 14:15:30.114789 osdx systemd[1]: Started ulogd2.service - Netfilter Userspace Logging Daemon.
Nov 12 14:15:30.114970 osdx ulogd[356253]: registering plugin `NFCT'
Nov 12 14:15:30.115224 osdx ulogd[356253]: registering plugin `IP2STR'
Nov 12 14:15:30.115276 osdx ulogd[356253]: registering plugin `PRINTFLOW'
Nov 12 14:15:30.115327 osdx ulogd[356253]: registering plugin `SYSLOG'
Nov 12 14:15:30.115334 osdx ulogd[356253]: building new pluginstance stack: 'ct1:NFCT,ip2str1:IP2STR,print1:PRINTFLOW,sys1:SYSLOG'
Nov 12 14:15:30.115384 osdx ulogd[356253]: NFCT plugin working in event mode
Nov 12 14:15:30.115423 osdx ulogd[356253]: Changing UID / GID
Nov 12 14:15:30.115503 osdx ulogd[356253]: initialization finished, entering main loop
Nov 12 14:15:30.154048 osdx systemd[1]: Reloading.
Nov 12 14:15:30.205840 osdx systemd-sysv-generator[356274]: stat() failed on /etc/init.d/README, ignoring: No such file or directory
Nov 12 14:15:30.334496 osdx systemd[1]: Starting logrotate.service - Rotate log files...
Nov 12 14:15:30.345730 osdx systemd[1]: Created slice system-suricata.slice - Slice /system/suricata.
Nov 12 14:15:30.348138 osdx systemd[1]: Starting suricata@FW.service - Suricata client "FW" service...
Nov 12 14:15:30.381330 osdx systemd[1]: logrotate.service: Deactivated successfully.
Nov 12 14:15:30.381438 osdx systemd[1]: Finished logrotate.service - Rotate log files.
Nov 12 14:15:30.720987 osdx systemd[1]: Started suricata@FW.service - Suricata client "FW" service.
Nov 12 14:15:31.000415 osdx INFO[356255]: Rules successfully loaded
Nov 12 14:15:31.000998 osdx cfgd[1656]: [290541]Completed change to active configuration
Nov 12 14:15:31.015121 osdx OSDxCLI[290541]: User 'admin' committed the configuration.
Nov 12 14:15:31.030816 osdx OSDxCLI[290541]: User 'admin' left the configuration menu.
Nov 12 14:15:31.802471 osdx ulogd[356253]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 (Sc: not-bypass)
Nov 12 14:15:31.802490 osdx ulogd[356253]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 (Sc: not-bypass)
Nov 12 14:15:31.880328 osdx ulogd[356253]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 (Sc: not-bypass)
Nov 12 14:15:31.880346 osdx ulogd[356253]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 (Sc: not-bypass)

---

Offload flag

Description

Set a simple configuration with DUT0 as an intermediary between DUT1 and DUT2. Initiate a ssh connection from DUT1 to DUT2 and check that default and offload fields appear when running system journal show.

Scenario

Step 1: Set the following configuration in DUT0 :

set interfaces ethernet eth0 address 192.168.100.1/24
set interfaces ethernet eth1 address 192.168.200.1/24
set system conntrack logging events all
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'

Step 2: Set the following configuration in DUT1 :

set interfaces ethernet eth0 address 192.168.100.2/24
set protocols static route 0.0.0.0/0 next-hop 192.168.100.1
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'

Step 3: Set the following configuration in DUT2 :

set interfaces ethernet eth0 address 192.168.200.2/24
set protocols static route 0.0.0.0/0 next-hop 192.168.200.1
set service ssh
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'

Step 4: Ping IP address 192.168.100.1 from DUT1:

admin@DUT1$ ping 192.168.100.1 count 1 size 56 timeout 1

Show output

PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data.
64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.298 ms

--- 192.168.100.1 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 0.298/0.298/0.298/0.000 ms

Step 5: Ping IP address 192.168.200.1 from DUT2:

admin@DUT2$ ping 192.168.200.1 count 1 size 56 timeout 1

Show output

PING 192.168.200.1 (192.168.200.1) 56(84) bytes of data.
64 bytes from 192.168.200.1: icmp_seq=1 ttl=64 time=0.330 ms

--- 192.168.200.1 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 0.330/0.330/0.330/0.000 ms

Step 6: Init an SSH connection from DUT1 to IP address 192.168.200.2 with the user admin:

admin@DUT1$ ssh admin@192.168.200.2 option StrictHostKeyChecking=no option UserKnownHostsFile=/dev/null

Show output

Warning: Permanently added '192.168.200.2' (ECDSA) to the list of known hosts.
admin@192.168.200.2's password:
Welcome to Teldat OSDx v4.2.7.1

This system includes free software.
Contact Teldat for licenses information and source code.

Last login: Wed Nov 12 13:56:25 2025 from 10.0.0.2
admin@osdx$

Step 7: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:

ulogd\[.*\]:.*\[((NEW)|(UPDATE)|(DESTROY))\].*\[OFFLOAD\]

Show output

Nov 12 14:15:38.288963 osdx systemd-journald[1959]: Runtime Journal (/run/log/journal/5e4ed8d3546348e58126c9438c4a827c) is 1.8M, max 13.8M, 11.9M free.
Nov 12 14:15:38.289804 osdx systemd-journald[1959]: Received client request to rotate journal, rotating.
Nov 12 14:15:38.289844 osdx systemd-journald[1959]: Vacuuming done, freed 0B of archived journals from /run/log/journal/5e4ed8d3546348e58126c9438c4a827c.
Nov 12 14:15:38.299004 osdx OSDxCLI[290541]: User 'admin' executed a new command: 'system journal clear'.
Nov 12 14:15:38.501984 osdx OSDxCLI[290541]: User 'admin' executed a new command: 'system coredump delete all'.
Nov 12 14:15:38.743988 osdx OSDxCLI[290541]: User 'admin' entered the configuration menu.
Nov 12 14:15:38.817222 osdx OSDxCLI[290541]: User 'admin' added a new cfg line: 'set interfaces ethernet eth1 address 192.168.200.1/24'.
Nov 12 14:15:38.894972 osdx OSDxCLI[290541]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 192.168.100.1/24'.
Nov 12 14:15:38.945628 osdx OSDxCLI[290541]: User 'admin' added a new cfg line: 'set system conntrack logging events all'.
Nov 12 14:15:39.047673 osdx OSDxCLI[290541]: User 'admin' added a new cfg line: 'show working'.
Nov 12 14:15:39.105556 osdx ubnt-cfgd[356581]: inactive
Nov 12 14:15:39.125828 osdx INFO[356587]: FRR daemons did not change
Nov 12 14:15:39.153799 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth1
Nov 12 14:15:39.194675 osdx WARNING[356658]: No supported link modes on interface eth1
Nov 12 14:15:39.195984 osdx modulelauncher[356658]: osdx.utils.xos cmd error: /sbin/ethtool -A eth1 autoneg on
Nov 12 14:15:39.195997 osdx modulelauncher[356658]: Command '/sbin/ethtool -A eth1 autoneg on' returned non-zero exit status 76.
Nov 12 14:15:39.197071 osdx modulelauncher[356658]: osdx.utils.xos cmd error: /sbin/ethtool -s eth1 autoneg on advertise Asym_Pause off Pause off --
Nov 12 14:15:39.197078 osdx modulelauncher[356658]: Command '/sbin/ethtool -s eth1 autoneg on advertise Asym_Pause off Pause off --' returned non-zero exit status 75.
Nov 12 14:15:39.229827 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0
Nov 12 14:15:39.269347 osdx WARNING[356737]: No supported link modes on interface eth0
Nov 12 14:15:39.270668 osdx modulelauncher[356737]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on
Nov 12 14:15:39.270680 osdx modulelauncher[356737]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76.
Nov 12 14:15:39.271777 osdx modulelauncher[356737]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off --
Nov 12 14:15:39.271787 osdx modulelauncher[356737]: Command '/sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off --' returned non-zero exit status 75.
Nov 12 14:15:39.318039 osdx systemd[1]: Starting ulogd2.service - Netfilter Userspace Logging Daemon...
Nov 12 14:15:39.318964 osdx systemd[1]: Started ulogd2.service - Netfilter Userspace Logging Daemon.
Nov 12 14:15:39.319019 osdx ulogd[356763]: registering plugin `NFCT'
Nov 12 14:15:39.319060 osdx ulogd[356763]: registering plugin `IP2STR'
Nov 12 14:15:39.319098 osdx ulogd[356763]: registering plugin `PRINTFLOW'
Nov 12 14:15:39.319135 osdx ulogd[356763]: registering plugin `SYSLOG'
Nov 12 14:15:39.319139 osdx ulogd[356763]: building new pluginstance stack: 'ct1:NFCT,ip2str1:IP2STR,print1:PRINTFLOW,sys1:SYSLOG'
Nov 12 14:15:39.319179 osdx ulogd[356763]: NFCT plugin working in event mode
Nov 12 14:15:39.319186 osdx ulogd[356763]: Changing UID / GID
Nov 12 14:15:39.319254 osdx ulogd[356763]: initialization finished, entering main loop
Nov 12 14:15:39.320335 osdx cfgd[1656]: [290541]Completed change to active configuration
Nov 12 14:15:39.334345 osdx OSDxCLI[290541]: User 'admin' committed the configuration.
Nov 12 14:15:39.349134 osdx OSDxCLI[290541]: User 'admin' left the configuration menu.
Nov 12 14:15:40.940855 osdx ulogd[356763]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0
Nov 12 14:15:40.940879 osdx ulogd[356763]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0
Nov 12 14:15:41.014929 osdx ulogd[356763]: [NEW] ORIG: SRC=192.168.200.2 DST=192.168.200.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.200.1 DST=192.168.200.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0
Nov 12 14:15:41.014952 osdx ulogd[356763]: [UPDATE] ORIG: SRC=192.168.200.2 DST=192.168.200.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.200.1 DST=192.168.200.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0
Nov 12 14:15:41.086753 osdx ulogd[356763]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.200.2 PROTO=TCP SPT=52696 DPT=22 PKTS=0 BYTES=0 , REPLY: SRC=192.168.200.2 DST=192.168.100.2 PROTO=TCP SPT=22 DPT=52696 PKTS=0 BYTES=0
Nov 12 14:15:41.086862 osdx ulogd[356763]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.200.2 PROTO=TCP SPT=52696 DPT=22 PKTS=0 BYTES=0 , REPLY: SRC=192.168.200.2 DST=192.168.100.2 PROTO=TCP SPT=22 DPT=52696 PKTS=0 BYTES=0
Nov 12 14:15:41.086995 osdx ulogd[356763]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.200.2 PROTO=TCP SPT=52696 DPT=22 PKTS=0 BYTES=0 , REPLY: SRC=192.168.200.2 DST=192.168.100.2 PROTO=TCP SPT=22 DPT=52696 PKTS=0 BYTES=0 [OFFLOAD]
Nov 12 14:15:41.356685 osdx ulogd[356763]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.200.2 PROTO=TCP SPT=52696 DPT=22 PKTS=0 BYTES=0 , REPLY: SRC=192.168.200.2 DST=192.168.100.2 PROTO=TCP SPT=22 DPT=52696 PKTS=0 BYTES=0
Nov 12 14:15:41.356709 osdx ulogd[356763]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.200.2 PROTO=TCP SPT=52696 DPT=22 PKTS=0 BYTES=0 , REPLY: SRC=192.168.200.2 DST=192.168.100.2 PROTO=TCP SPT=22 DPT=52696 PKTS=0 BYTES=0 [OFFLOAD]
Nov 12 14:15:41.358564 osdx ulogd[356763]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.200.2 PROTO=TCP SPT=52696 DPT=22 PKTS=0 BYTES=0 , REPLY: SRC=192.168.200.2 DST=192.168.100.2 PROTO=TCP SPT=22 DPT=52696 PKTS=0 BYTES=0
Nov 12 14:15:41.358669 osdx ulogd[356763]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.200.2 PROTO=TCP SPT=52696 DPT=22 PKTS=0 BYTES=0 , REPLY: SRC=192.168.200.2 DST=192.168.100.2 PROTO=TCP SPT=22 DPT=52696 PKTS=0 BYTES=0 [OFFLOAD]

---

App detect logging

Description

Set a simple configuration enabling app detection in system conntrack, send a ping command from DUT1 and check app detect field appears when running system journal show. After that, enabling app detection in system conntrack for http host, try to copy index.html from a http server and check that the app detect field appears and belongs to the http server when running system journal show.

Scenario

Step 1: Set the following configuration in DUT0 :

set interfaces ethernet eth0 address 192.168.100.1/24
set system conntrack app-detect
set system conntrack logging events all
set system conntrack timeout icmp 1
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'

Step 2: Set the following configuration in DUT1 :

set interfaces ethernet eth0 address 192.168.100.2/24
set protocols static route 0.0.0.0/0 next-hop 192.168.100.1
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'

Step 3: Ping IP address 192.168.100.1 from DUT1:

admin@DUT1$ ping 192.168.100.1 count 1 size 56 timeout 1

Show output

PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data.
64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.336 ms

--- 192.168.100.1 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 0.336/0.336/0.336/0.000 ms

Step 4: Ping IP address 192.168.100.1 from DUT1:

admin@DUT1$ ping 192.168.100.1 count 3 size 56 timeout 1

Show output

PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data.
64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.226 ms
64 bytes from 192.168.100.1: icmp_seq=2 ttl=64 time=0.612 ms
64 bytes from 192.168.100.1: icmp_seq=3 ttl=64 time=0.253 ms

--- 192.168.100.1 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2043ms
rtt min/avg/max/mdev = 0.226/0.363/0.612/0.175 ms

Step 5: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:

ulogd\[.*\]:.*\[NEW\].*APPDETECT\[L3:1\]

Show output

Nov 12 14:15:46.280572 osdx systemd-journald[1959]: Runtime Journal (/run/log/journal/5e4ed8d3546348e58126c9438c4a827c) is 1.8M, max 13.8M, 11.9M free.
Nov 12 14:15:46.283139 osdx systemd-journald[1959]: Received client request to rotate journal, rotating.
Nov 12 14:15:46.283191 osdx systemd-journald[1959]: Vacuuming done, freed 0B of archived journals from /run/log/journal/5e4ed8d3546348e58126c9438c4a827c.
Nov 12 14:15:46.289878 osdx OSDxCLI[290541]: User 'admin' executed a new command: 'system journal clear'.
Nov 12 14:15:46.493297 osdx OSDxCLI[290541]: User 'admin' executed a new command: 'system coredump delete all'.
Nov 12 14:15:46.701195 osdx OSDxCLI[290541]: User 'admin' entered the configuration menu.
Nov 12 14:15:46.797468 osdx OSDxCLI[290541]: User 'admin' added a new cfg line: 'set system conntrack app-detect'.
Nov 12 14:15:46.847970 osdx OSDxCLI[290541]: User 'admin' added a new cfg line: 'set system conntrack timeout icmp 1'.
Nov 12 14:15:46.959949 osdx OSDxCLI[290541]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 192.168.100.1/24'.
Nov 12 14:15:47.009926 osdx OSDxCLI[290541]: User 'admin' added a new cfg line: 'set system conntrack logging events all'.
Nov 12 14:15:47.116769 osdx OSDxCLI[290541]: User 'admin' added a new cfg line: 'show working'.
Nov 12 14:15:47.172704 osdx ubnt-cfgd[356984]: inactive
Nov 12 14:15:47.189226 osdx INFO[356990]: FRR daemons did not change
Nov 12 14:15:47.415146 osdx kernel: app-detect: module init
Nov 12 14:15:47.415194 osdx kernel: app-detect: registered: sysctl net.appdetect
Nov 12 14:15:47.415206 osdx kernel: app-detect: expression init
Nov 12 14:15:47.415218 osdx kernel: app-detect: appid cache initialized
Nov 12 14:15:47.415226 osdx kernel: app-detect: appid cache changes counter initialized
Nov 12 14:15:47.418770 osdx modulelauncher[356993]: AppDetect: no change in application dictionaries, thus nothing more to do
Nov 12 14:15:47.443144 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0
Nov 12 14:15:47.485215 osdx WARNING[357086]: No supported link modes on interface eth0
Nov 12 14:15:47.486507 osdx modulelauncher[357086]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on
Nov 12 14:15:47.486519 osdx modulelauncher[357086]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76.
Nov 12 14:15:47.487620 osdx modulelauncher[357086]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off --
Nov 12 14:15:47.487627 osdx modulelauncher[357086]: Command '/sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off --' returned non-zero exit status 75.
Nov 12 14:15:47.531450 osdx systemd[1]: Starting ulogd2.service - Netfilter Userspace Logging Daemon...
Nov 12 14:15:47.532207 osdx systemd[1]: Started ulogd2.service - Netfilter Userspace Logging Daemon.
Nov 12 14:15:47.532373 osdx ulogd[357111]: registering plugin `NFCT'
Nov 12 14:15:47.532597 osdx ulogd[357111]: registering plugin `IP2STR'
Nov 12 14:15:47.532680 osdx ulogd[357111]: registering plugin `PRINTFLOW'
Nov 12 14:15:47.532760 osdx ulogd[357111]: registering plugin `SYSLOG'
Nov 12 14:15:47.532795 osdx ulogd[357111]: building new pluginstance stack: 'ct1:NFCT,ip2str1:IP2STR,print1:PRINTFLOW,sys1:SYSLOG'
Nov 12 14:15:47.532992 osdx ulogd[357111]: NFCT plugin working in event mode
Nov 12 14:15:47.533034 osdx ulogd[357111]: Changing UID / GID
Nov 12 14:15:47.533119 osdx ulogd[357111]: initialization finished, entering main loop
Nov 12 14:15:47.533371 osdx cfgd[1656]: [290541]Completed change to active configuration
Nov 12 14:15:47.546578 osdx OSDxCLI[290541]: User 'admin' committed the configuration.
Nov 12 14:15:47.561111 osdx OSDxCLI[290541]: User 'admin' left the configuration menu.
Nov 12 14:15:48.391163 osdx ulogd[357111]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1]
Nov 12 14:15:48.391187 osdx ulogd[357111]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1]
Nov 12 14:15:48.466722 osdx ulogd[357111]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1]
Nov 12 14:15:48.466741 osdx ulogd[357111]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1]
Nov 12 14:15:49.486237 osdx ulogd[357111]: [DESTROY] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 APPDETECT[L3:1]
Nov 12 14:15:49.486303 osdx ulogd[357111]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1]
Nov 12 14:15:49.486346 osdx ulogd[357111]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1]
Nov 12 14:15:49.891264 osdx ulogd[357111]: [DESTROY] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 APPDETECT[L3:1]
Nov 12 14:15:50.509859 osdx ulogd[357111]: [DESTROY] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 APPDETECT[L3:1]
Nov 12 14:15:50.509883 osdx ulogd[357111]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1]
Nov 12 14:15:50.509898 osdx ulogd[357111]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1]

Step 6: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:

ulogd\[.*\]:.*\[UPDATE\].*APPDETECT\[L3:1\]

Show output

Nov 12 14:15:46.280572 osdx systemd-journald[1959]: Runtime Journal (/run/log/journal/5e4ed8d3546348e58126c9438c4a827c) is 1.8M, max 13.8M, 11.9M free.
Nov 12 14:15:46.283139 osdx systemd-journald[1959]: Received client request to rotate journal, rotating.
Nov 12 14:15:46.283191 osdx systemd-journald[1959]: Vacuuming done, freed 0B of archived journals from /run/log/journal/5e4ed8d3546348e58126c9438c4a827c.
Nov 12 14:15:46.289878 osdx OSDxCLI[290541]: User 'admin' executed a new command: 'system journal clear'.
Nov 12 14:15:46.493297 osdx OSDxCLI[290541]: User 'admin' executed a new command: 'system coredump delete all'.
Nov 12 14:15:46.701195 osdx OSDxCLI[290541]: User 'admin' entered the configuration menu.
Nov 12 14:15:46.797468 osdx OSDxCLI[290541]: User 'admin' added a new cfg line: 'set system conntrack app-detect'.
Nov 12 14:15:46.847970 osdx OSDxCLI[290541]: User 'admin' added a new cfg line: 'set system conntrack timeout icmp 1'.
Nov 12 14:15:46.959949 osdx OSDxCLI[290541]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 192.168.100.1/24'.
Nov 12 14:15:47.009926 osdx OSDxCLI[290541]: User 'admin' added a new cfg line: 'set system conntrack logging events all'.
Nov 12 14:15:47.116769 osdx OSDxCLI[290541]: User 'admin' added a new cfg line: 'show working'.
Nov 12 14:15:47.172704 osdx ubnt-cfgd[356984]: inactive
Nov 12 14:15:47.189226 osdx INFO[356990]: FRR daemons did not change
Nov 12 14:15:47.415146 osdx kernel: app-detect: module init
Nov 12 14:15:47.415194 osdx kernel: app-detect: registered: sysctl net.appdetect
Nov 12 14:15:47.415206 osdx kernel: app-detect: expression init
Nov 12 14:15:47.415218 osdx kernel: app-detect: appid cache initialized
Nov 12 14:15:47.415226 osdx kernel: app-detect: appid cache changes counter initialized
Nov 12 14:15:47.418770 osdx modulelauncher[356993]: AppDetect: no change in application dictionaries, thus nothing more to do
Nov 12 14:15:47.443144 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0
Nov 12 14:15:47.485215 osdx WARNING[357086]: No supported link modes on interface eth0
Nov 12 14:15:47.486507 osdx modulelauncher[357086]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on
Nov 12 14:15:47.486519 osdx modulelauncher[357086]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76.
Nov 12 14:15:47.487620 osdx modulelauncher[357086]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off --
Nov 12 14:15:47.487627 osdx modulelauncher[357086]: Command '/sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off --' returned non-zero exit status 75.
Nov 12 14:15:47.531450 osdx systemd[1]: Starting ulogd2.service - Netfilter Userspace Logging Daemon...
Nov 12 14:15:47.532207 osdx systemd[1]: Started ulogd2.service - Netfilter Userspace Logging Daemon.
Nov 12 14:15:47.532373 osdx ulogd[357111]: registering plugin `NFCT'
Nov 12 14:15:47.532597 osdx ulogd[357111]: registering plugin `IP2STR'
Nov 12 14:15:47.532680 osdx ulogd[357111]: registering plugin `PRINTFLOW'
Nov 12 14:15:47.532760 osdx ulogd[357111]: registering plugin `SYSLOG'
Nov 12 14:15:47.532795 osdx ulogd[357111]: building new pluginstance stack: 'ct1:NFCT,ip2str1:IP2STR,print1:PRINTFLOW,sys1:SYSLOG'
Nov 12 14:15:47.532992 osdx ulogd[357111]: NFCT plugin working in event mode
Nov 12 14:15:47.533034 osdx ulogd[357111]: Changing UID / GID
Nov 12 14:15:47.533119 osdx ulogd[357111]: initialization finished, entering main loop
Nov 12 14:15:47.533371 osdx cfgd[1656]: [290541]Completed change to active configuration
Nov 12 14:15:47.546578 osdx OSDxCLI[290541]: User 'admin' committed the configuration.
Nov 12 14:15:47.561111 osdx OSDxCLI[290541]: User 'admin' left the configuration menu.
Nov 12 14:15:48.391163 osdx ulogd[357111]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1]
Nov 12 14:15:48.391187 osdx ulogd[357111]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1]
Nov 12 14:15:48.466722 osdx ulogd[357111]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1]
Nov 12 14:15:48.466741 osdx ulogd[357111]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1]
Nov 12 14:15:49.486237 osdx ulogd[357111]: [DESTROY] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 APPDETECT[L3:1]
Nov 12 14:15:49.486303 osdx ulogd[357111]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1]
Nov 12 14:15:49.486346 osdx ulogd[357111]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1]
Nov 12 14:15:49.891264 osdx ulogd[357111]: [DESTROY] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 APPDETECT[L3:1]
Nov 12 14:15:50.509859 osdx ulogd[357111]: [DESTROY] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 APPDETECT[L3:1]
Nov 12 14:15:50.509883 osdx ulogd[357111]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1]
Nov 12 14:15:50.509898 osdx ulogd[357111]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1]
Nov 12 14:15:50.632333 osdx OSDxCLI[290541]: User 'admin' executed a new command: 'system journal show | cat'.

Step 7: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:

ulogd\[.*\]:.*\[DESTROY\].*APPDETECT\[L3:1\]

Show output

Nov 12 14:15:46.280572 osdx systemd-journald[1959]: Runtime Journal (/run/log/journal/5e4ed8d3546348e58126c9438c4a827c) is 1.8M, max 13.8M, 11.9M free.
Nov 12 14:15:46.283139 osdx systemd-journald[1959]: Received client request to rotate journal, rotating.
Nov 12 14:15:46.283191 osdx systemd-journald[1959]: Vacuuming done, freed 0B of archived journals from /run/log/journal/5e4ed8d3546348e58126c9438c4a827c.
Nov 12 14:15:46.289878 osdx OSDxCLI[290541]: User 'admin' executed a new command: 'system journal clear'.
Nov 12 14:15:46.493297 osdx OSDxCLI[290541]: User 'admin' executed a new command: 'system coredump delete all'.
Nov 12 14:15:46.701195 osdx OSDxCLI[290541]: User 'admin' entered the configuration menu.
Nov 12 14:15:46.797468 osdx OSDxCLI[290541]: User 'admin' added a new cfg line: 'set system conntrack app-detect'.
Nov 12 14:15:46.847970 osdx OSDxCLI[290541]: User 'admin' added a new cfg line: 'set system conntrack timeout icmp 1'.
Nov 12 14:15:46.959949 osdx OSDxCLI[290541]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 192.168.100.1/24'.
Nov 12 14:15:47.009926 osdx OSDxCLI[290541]: User 'admin' added a new cfg line: 'set system conntrack logging events all'.
Nov 12 14:15:47.116769 osdx OSDxCLI[290541]: User 'admin' added a new cfg line: 'show working'.
Nov 12 14:15:47.172704 osdx ubnt-cfgd[356984]: inactive
Nov 12 14:15:47.189226 osdx INFO[356990]: FRR daemons did not change
Nov 12 14:15:47.415146 osdx kernel: app-detect: module init
Nov 12 14:15:47.415194 osdx kernel: app-detect: registered: sysctl net.appdetect
Nov 12 14:15:47.415206 osdx kernel: app-detect: expression init
Nov 12 14:15:47.415218 osdx kernel: app-detect: appid cache initialized
Nov 12 14:15:47.415226 osdx kernel: app-detect: appid cache changes counter initialized
Nov 12 14:15:47.418770 osdx modulelauncher[356993]: AppDetect: no change in application dictionaries, thus nothing more to do
Nov 12 14:15:47.443144 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0
Nov 12 14:15:47.485215 osdx WARNING[357086]: No supported link modes on interface eth0
Nov 12 14:15:47.486507 osdx modulelauncher[357086]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on
Nov 12 14:15:47.486519 osdx modulelauncher[357086]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76.
Nov 12 14:15:47.487620 osdx modulelauncher[357086]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off --
Nov 12 14:15:47.487627 osdx modulelauncher[357086]: Command '/sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off --' returned non-zero exit status 75.
Nov 12 14:15:47.531450 osdx systemd[1]: Starting ulogd2.service - Netfilter Userspace Logging Daemon...
Nov 12 14:15:47.532207 osdx systemd[1]: Started ulogd2.service - Netfilter Userspace Logging Daemon.
Nov 12 14:15:47.532373 osdx ulogd[357111]: registering plugin `NFCT'
Nov 12 14:15:47.532597 osdx ulogd[357111]: registering plugin `IP2STR'
Nov 12 14:15:47.532680 osdx ulogd[357111]: registering plugin `PRINTFLOW'
Nov 12 14:15:47.532760 osdx ulogd[357111]: registering plugin `SYSLOG'
Nov 12 14:15:47.532795 osdx ulogd[357111]: building new pluginstance stack: 'ct1:NFCT,ip2str1:IP2STR,print1:PRINTFLOW,sys1:SYSLOG'
Nov 12 14:15:47.532992 osdx ulogd[357111]: NFCT plugin working in event mode
Nov 12 14:15:47.533034 osdx ulogd[357111]: Changing UID / GID
Nov 12 14:15:47.533119 osdx ulogd[357111]: initialization finished, entering main loop
Nov 12 14:15:47.533371 osdx cfgd[1656]: [290541]Completed change to active configuration
Nov 12 14:15:47.546578 osdx OSDxCLI[290541]: User 'admin' committed the configuration.
Nov 12 14:15:47.561111 osdx OSDxCLI[290541]: User 'admin' left the configuration menu.
Nov 12 14:15:48.391163 osdx ulogd[357111]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1]
Nov 12 14:15:48.391187 osdx ulogd[357111]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1]
Nov 12 14:15:48.466722 osdx ulogd[357111]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1]
Nov 12 14:15:48.466741 osdx ulogd[357111]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1]
Nov 12 14:15:49.486237 osdx ulogd[357111]: [DESTROY] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 APPDETECT[L3:1]
Nov 12 14:15:49.486303 osdx ulogd[357111]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1]
Nov 12 14:15:49.486346 osdx ulogd[357111]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1]
Nov 12 14:15:49.891264 osdx ulogd[357111]: [DESTROY] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 APPDETECT[L3:1]
Nov 12 14:15:50.509859 osdx ulogd[357111]: [DESTROY] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 APPDETECT[L3:1]
Nov 12 14:15:50.509883 osdx ulogd[357111]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1]
Nov 12 14:15:50.509898 osdx ulogd[357111]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1]
Nov 12 14:15:50.632333 osdx OSDxCLI[290541]: User 'admin' executed a new command: 'system journal show | cat'.
Nov 12 14:15:50.735992 osdx OSDxCLI[290541]: User 'admin' executed a new command: 'system journal show | cat'.

Step 8: Modify the following configuration lines in DUT0 :

set interfaces ethernet eth1 address 10.215.168.64/24
set system conntrack app-detect http-host

Step 9: Ping IP address 10.215.168.1 from DUT0:

admin@DUT0$ ping 10.215.168.1 count 1 size 56 timeout 1

Show output

PING 10.215.168.1 (10.215.168.1) 56(84) bytes of data.
64 bytes from 10.215.168.1: icmp_seq=1 ttl=64 time=0.188 ms

--- 10.215.168.1 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 0.188/0.188/0.188/0.000 ms

Step 10: Run command file copy http://10.215.168.1/~robot/ running://index.html at DUT0 and expect this output:

Show output

  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100  1086    0  1086    0     0  73807      0 --:--:-- --:--:-- --:--:-- 77571

Step 11: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:

ulogd\[.*\]:.*\[((NEW)|(UPDATE)|(DESTROY))\].*APPDETECT\[L4:80 http-host:10.215.168.1\]

Show output

Nov 12 14:15:46.280572 osdx systemd-journald[1959]: Runtime Journal (/run/log/journal/5e4ed8d3546348e58126c9438c4a827c) is 1.8M, max 13.8M, 11.9M free.
Nov 12 14:15:46.283139 osdx systemd-journald[1959]: Received client request to rotate journal, rotating.
Nov 12 14:15:46.283191 osdx systemd-journald[1959]: Vacuuming done, freed 0B of archived journals from /run/log/journal/5e4ed8d3546348e58126c9438c4a827c.
Nov 12 14:15:46.289878 osdx OSDxCLI[290541]: User 'admin' executed a new command: 'system journal clear'.
Nov 12 14:15:46.493297 osdx OSDxCLI[290541]: User 'admin' executed a new command: 'system coredump delete all'.
Nov 12 14:15:46.701195 osdx OSDxCLI[290541]: User 'admin' entered the configuration menu.
Nov 12 14:15:46.797468 osdx OSDxCLI[290541]: User 'admin' added a new cfg line: 'set system conntrack app-detect'.
Nov 12 14:15:46.847970 osdx OSDxCLI[290541]: User 'admin' added a new cfg line: 'set system conntrack timeout icmp 1'.
Nov 12 14:15:46.959949 osdx OSDxCLI[290541]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 192.168.100.1/24'.
Nov 12 14:15:47.009926 osdx OSDxCLI[290541]: User 'admin' added a new cfg line: 'set system conntrack logging events all'.
Nov 12 14:15:47.116769 osdx OSDxCLI[290541]: User 'admin' added a new cfg line: 'show working'.
Nov 12 14:15:47.172704 osdx ubnt-cfgd[356984]: inactive
Nov 12 14:15:47.189226 osdx INFO[356990]: FRR daemons did not change
Nov 12 14:15:47.415146 osdx kernel: app-detect: module init
Nov 12 14:15:47.415194 osdx kernel: app-detect: registered: sysctl net.appdetect
Nov 12 14:15:47.415206 osdx kernel: app-detect: expression init
Nov 12 14:15:47.415218 osdx kernel: app-detect: appid cache initialized
Nov 12 14:15:47.415226 osdx kernel: app-detect: appid cache changes counter initialized
Nov 12 14:15:47.418770 osdx modulelauncher[356993]: AppDetect: no change in application dictionaries, thus nothing more to do
Nov 12 14:15:47.443144 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0
Nov 12 14:15:47.485215 osdx WARNING[357086]: No supported link modes on interface eth0
Nov 12 14:15:47.486507 osdx modulelauncher[357086]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on
Nov 12 14:15:47.486519 osdx modulelauncher[357086]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76.
Nov 12 14:15:47.487620 osdx modulelauncher[357086]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off --
Nov 12 14:15:47.487627 osdx modulelauncher[357086]: Command '/sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off --' returned non-zero exit status 75.
Nov 12 14:15:47.531450 osdx systemd[1]: Starting ulogd2.service - Netfilter Userspace Logging Daemon...
Nov 12 14:15:47.532207 osdx systemd[1]: Started ulogd2.service - Netfilter Userspace Logging Daemon.
Nov 12 14:15:47.532373 osdx ulogd[357111]: registering plugin `NFCT'
Nov 12 14:15:47.532597 osdx ulogd[357111]: registering plugin `IP2STR'
Nov 12 14:15:47.532680 osdx ulogd[357111]: registering plugin `PRINTFLOW'
Nov 12 14:15:47.532760 osdx ulogd[357111]: registering plugin `SYSLOG'
Nov 12 14:15:47.532795 osdx ulogd[357111]: building new pluginstance stack: 'ct1:NFCT,ip2str1:IP2STR,print1:PRINTFLOW,sys1:SYSLOG'
Nov 12 14:15:47.532992 osdx ulogd[357111]: NFCT plugin working in event mode
Nov 12 14:15:47.533034 osdx ulogd[357111]: Changing UID / GID
Nov 12 14:15:47.533119 osdx ulogd[357111]: initialization finished, entering main loop
Nov 12 14:15:47.533371 osdx cfgd[1656]: [290541]Completed change to active configuration
Nov 12 14:15:47.546578 osdx OSDxCLI[290541]: User 'admin' committed the configuration.
Nov 12 14:15:47.561111 osdx OSDxCLI[290541]: User 'admin' left the configuration menu.
Nov 12 14:15:48.391163 osdx ulogd[357111]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1]
Nov 12 14:15:48.391187 osdx ulogd[357111]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1]
Nov 12 14:15:48.466722 osdx ulogd[357111]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1]
Nov 12 14:15:48.466741 osdx ulogd[357111]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1]
Nov 12 14:15:49.486237 osdx ulogd[357111]: [DESTROY] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 APPDETECT[L3:1]
Nov 12 14:15:49.486303 osdx ulogd[357111]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1]
Nov 12 14:15:49.486346 osdx ulogd[357111]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1]
Nov 12 14:15:49.891264 osdx ulogd[357111]: [DESTROY] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 APPDETECT[L3:1]
Nov 12 14:15:50.509859 osdx ulogd[357111]: [DESTROY] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 APPDETECT[L3:1]
Nov 12 14:15:50.509883 osdx ulogd[357111]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1]
Nov 12 14:15:50.509898 osdx ulogd[357111]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1]
Nov 12 14:15:50.632333 osdx OSDxCLI[290541]: User 'admin' executed a new command: 'system journal show | cat'.
Nov 12 14:15:50.735992 osdx OSDxCLI[290541]: User 'admin' executed a new command: 'system journal show | cat'.
Nov 12 14:15:50.842719 osdx OSDxCLI[290541]: User 'admin' executed a new command: 'system journal show | cat'.
Nov 12 14:15:50.989555 osdx OSDxCLI[290541]: User 'admin' entered the configuration menu.
Nov 12 14:15:51.061417 osdx OSDxCLI[290541]: User 'admin' added a new cfg line: 'set interfaces ethernet eth1 address 10.215.168.64/24'.
Nov 12 14:15:51.135602 osdx OSDxCLI[290541]: User 'admin' added a new cfg line: 'set system conntrack app-detect http-host'.
Nov 12 14:15:51.189787 osdx OSDxCLI[290541]: User 'admin' added a new cfg line: 'show changes'.
Nov 12 14:15:51.287071 osdx ubnt-cfgd[357162]: inactive
Nov 12 14:15:51.305669 osdx INFO[357168]: FRR daemons did not change
Nov 12 14:15:51.339146 osdx kernel: app-detect: expression destroy
Nov 12 14:15:51.351153 osdx kernel: app-detect: expression init
Nov 12 14:15:51.351212 osdx kernel: app-detect: appid cache initialized
Nov 12 14:15:51.351233 osdx kernel: app-detect: appid cache changes counter initialized
Nov 12 14:15:51.357369 osdx modulelauncher[357171]: AppDetect: no change in application dictionaries, thus nothing more to do
Nov 12 14:15:51.383148 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth1
Nov 12 14:15:51.439093 osdx WARNING[357251]: No supported link modes on interface eth1
Nov 12 14:15:51.440411 osdx modulelauncher[357251]: osdx.utils.xos cmd error: /sbin/ethtool -A eth1 autoneg on
Nov 12 14:15:51.440425 osdx modulelauncher[357251]: Command '/sbin/ethtool -A eth1 autoneg on' returned non-zero exit status 76.
Nov 12 14:15:51.441536 osdx modulelauncher[357251]: osdx.utils.xos cmd error: /sbin/ethtool -s eth1 autoneg on advertise Asym_Pause off Pause off --
Nov 12 14:15:51.441544 osdx modulelauncher[357251]: Command '/sbin/ethtool -s eth1 autoneg on advertise Asym_Pause off Pause off --' returned non-zero exit status 75.
Nov 12 14:15:51.451045 osdx cfgd[1656]: [290541]Completed change to active configuration
Nov 12 14:15:51.461243 osdx ulogd[357111]: [DESTROY] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 APPDETECT[L3:1]
Nov 12 14:15:51.461792 osdx OSDxCLI[290541]: User 'admin' committed the configuration.
Nov 12 14:15:51.477352 osdx OSDxCLI[290541]: User 'admin' left the configuration menu.
Nov 12 14:15:51.617789 osdx ulogd[357111]: [NEW] ORIG: SRC=10.215.168.64 DST=10.215.168.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=10.215.168.1 DST=10.215.168.64 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1]
Nov 12 14:15:51.619423 osdx ulogd[357111]: [UPDATE] ORIG: SRC=10.215.168.64 DST=10.215.168.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=10.215.168.1 DST=10.215.168.64 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1]
Nov 12 14:15:51.619649 osdx OSDxCLI[290541]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'.
Nov 12 14:15:51.746449 osdx file_operation[357305]: using src url: http://10.215.168.1/~robot/ dst url: running://index.html
Nov 12 14:15:51.751520 osdx ulogd[357111]: [NEW] ORIG: SRC=10.215.168.64 DST=10.215.168.1 PROTO=TCP SPT=56318 DPT=80 PKTS=0 BYTES=0 , REPLY: SRC=10.215.168.1 DST=10.215.168.64 PROTO=TCP SPT=80 DPT=56318 PKTS=0 BYTES=0 APPDETECT[L4:80]
Nov 12 14:15:51.751625 osdx ulogd[357111]: [UPDATE] ORIG: SRC=10.215.168.64 DST=10.215.168.1 PROTO=TCP SPT=56318 DPT=80 PKTS=0 BYTES=0 , REPLY: SRC=10.215.168.1 DST=10.215.168.64 PROTO=TCP SPT=80 DPT=56318 PKTS=0 BYTES=0 APPDETECT[L4:80]
Nov 12 14:15:51.751645 osdx ulogd[357111]: [UPDATE] ORIG: SRC=10.215.168.64 DST=10.215.168.1 PROTO=TCP SPT=56318 DPT=80 PKTS=0 BYTES=0 , REPLY: SRC=10.215.168.1 DST=10.215.168.64 PROTO=TCP SPT=80 DPT=56318 PKTS=0 BYTES=0 APPDETECT[L4:80]
Nov 12 14:15:51.763613 osdx ulogd[357111]: [UPDATE] ORIG: SRC=10.215.168.64 DST=10.215.168.1 PROTO=TCP SPT=56318 DPT=80 PKTS=0 BYTES=0 , REPLY: SRC=10.215.168.1 DST=10.215.168.64 PROTO=TCP SPT=80 DPT=56318 PKTS=0 BYTES=0 APPDETECT[L4:80 http-host:10.215.168.1]
Nov 12 14:15:51.763650 osdx ulogd[357111]: [UPDATE] ORIG: SRC=10.215.168.64 DST=10.215.168.1 PROTO=TCP SPT=56318 DPT=80 PKTS=0 BYTES=0 , REPLY: SRC=10.215.168.1 DST=10.215.168.64 PROTO=TCP SPT=80 DPT=56318 PKTS=0 BYTES=0 APPDETECT[L4:80 http-host:10.215.168.1]
Nov 12 14:15:51.763665 osdx ulogd[357111]: [UPDATE] ORIG: SRC=10.215.168.64 DST=10.215.168.1 PROTO=TCP SPT=56318 DPT=80 PKTS=0 BYTES=0 , REPLY: SRC=10.215.168.1 DST=10.215.168.64 PROTO=TCP SPT=80 DPT=56318 PKTS=0 BYTES=0 APPDETECT[L4:80 http-host:10.215.168.1]
Nov 12 14:15:51.781700 osdx OSDxCLI[290541]: User 'admin' executed a new command: 'file copy http://10.215.168.1/~robot/ running://index.html'.

---

App Detect Drop Packet

Description

Set a traffic policy with action drop for all the packets matching an appid specified by a traffic selector. Enable http-host and http-url option in system conntrack appdetect path in order to see relevant information about http packets. Finnally, log that packets with app-id option and check that appdetect field appear in journal when running system journal show

Scenario

Step 1: Set the following configuration in DUT0 :

set interfaces ethernet eth1 address 10.215.168.64/24
set interfaces ethernet eth1 traffic policy out DROP
set system conntrack app-detect dictionary 130 custom app-id 155 fqdn 10.215.168.1
set system conntrack app-detect enable_dict_match_priv_ip
set system conntrack app-detect http-host
set system conntrack app-detect http-url
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
set traffic policy DROP rule 1 action drop
set traffic policy DROP rule 1 log app-id
set traffic policy DROP rule 1 selector APPID
set traffic selector APPID rule 1 app-id custom 155

Step 2: Ping IP address 10.215.168.1 from DUT0:

admin@DUT0$ ping 10.215.168.1 count 1 size 56 timeout 1

Show output

PING 10.215.168.1 (10.215.168.1) 56(84) bytes of data.
64 bytes from 10.215.168.1: icmp_seq=1 ttl=64 time=0.188 ms

--- 10.215.168.1 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 0.188/0.188/0.188/0.000 ms

Step 3: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:

osdx kernel:.*APPDETECT\[U6:155 http-url:/~robot/ http-host:10.215.168.1\]

Show output

Nov 12 14:15:56.304713 osdx systemd-journald[1959]: Runtime Journal (/run/log/journal/5e4ed8d3546348e58126c9438c4a827c) is 1.8M, max 13.8M, 11.9M free.
Nov 12 14:15:56.307663 osdx systemd-journald[1959]: Received client request to rotate journal, rotating.
Nov 12 14:15:56.307717 osdx systemd-journald[1959]: Vacuuming done, freed 0B of archived journals from /run/log/journal/5e4ed8d3546348e58126c9438c4a827c.
Nov 12 14:15:56.314741 osdx OSDxCLI[290541]: User 'admin' executed a new command: 'system journal clear'.
Nov 12 14:15:56.519133 osdx OSDxCLI[290541]: User 'admin' executed a new command: 'system coredump delete all'.
Nov 12 14:15:56.727416 osdx OSDxCLI[290541]: User 'admin' entered the configuration menu.
Nov 12 14:15:56.821594 osdx OSDxCLI[290541]: User 'admin' added a new cfg line: 'set system conntrack app-detect dictionary 130 custom app-id 155 fqdn 10.215.168.1'.
Nov 12 14:15:56.871755 osdx OSDxCLI[290541]: User 'admin' added a new cfg line: 'set system conntrack app-detect enable_dict_match_priv_ip'.
Nov 12 14:15:56.963684 osdx OSDxCLI[290541]: User 'admin' added a new cfg line: 'set system conntrack app-detect http-url'.
Nov 12 14:15:57.021969 osdx OSDxCLI[290541]: User 'admin' added a new cfg line: 'set traffic selector APPID rule 1 app-id custom 155'.
Nov 12 14:15:57.115687 osdx OSDxCLI[290541]: User 'admin' added a new cfg line: 'set traffic policy DROP rule 1 selector APPID'.
Nov 12 14:15:57.167439 osdx OSDxCLI[290541]: User 'admin' added a new cfg line: 'set traffic policy DROP rule 1 action drop'.
Nov 12 14:15:57.262632 osdx OSDxCLI[290541]: User 'admin' added a new cfg line: 'set traffic policy DROP rule 1 log app-id'.
Nov 12 14:15:57.337341 osdx OSDxCLI[290541]: User 'admin' added a new cfg line: 'set interfaces ethernet eth1 traffic policy out DROP'.
Nov 12 14:15:57.412631 osdx OSDxCLI[290541]: User 'admin' added a new cfg line: 'set interfaces ethernet eth1 address 10.215.168.64/24'.
Nov 12 14:15:57.466132 osdx OSDxCLI[290541]: User 'admin' added a new cfg line: 'set system conntrack app-detect http-host'.
Nov 12 14:15:57.572805 osdx OSDxCLI[290541]: User 'admin' added a new cfg line: 'show working'.
Nov 12 14:15:57.634198 osdx ubnt-cfgd[357532]: inactive
Nov 12 14:15:57.669774 osdx INFO[357556]: FRR daemons did not change
Nov 12 14:15:57.859664 osdx kernel: app-detect: module init
Nov 12 14:15:57.859711 osdx kernel: app-detect: registered: sysctl net.appdetect
Nov 12 14:15:57.859724 osdx kernel: app-detect: expression init
Nov 12 14:15:57.859732 osdx kernel: app-detect: appid cache initialized
Nov 12 14:15:57.859740 osdx kernel: app-detect: appid cache changes counter initialized
Nov 12 14:15:57.923666 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth1
Nov 12 14:15:57.963228 osdx WARNING[357657]: No supported link modes on interface eth1
Nov 12 14:15:57.964597 osdx modulelauncher[357657]: osdx.utils.xos cmd error: /sbin/ethtool -A eth1 autoneg on
Nov 12 14:15:57.964612 osdx modulelauncher[357657]: Command '/sbin/ethtool -A eth1 autoneg on' returned non-zero exit status 76.
Nov 12 14:15:57.965658 osdx modulelauncher[357657]: osdx.utils.xos cmd error: /sbin/ethtool -s eth1 autoneg on advertise Asym_Pause off Pause off --
Nov 12 14:15:57.965667 osdx modulelauncher[357657]: Command '/sbin/ethtool -s eth1 autoneg on advertise Asym_Pause off Pause off --' returned non-zero exit status 75.
Nov 12 14:15:58.190583 osdx cfgd[1656]: [290541]Completed change to active configuration
Nov 12 14:15:58.201965 osdx OSDxCLI[290541]: User 'admin' committed the configuration.
Nov 12 14:15:58.236523 osdx OSDxCLI[290541]: User 'admin' left the configuration menu.
Nov 12 14:15:58.367896 osdx OSDxCLI[290541]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'.
Nov 12 14:15:58.490160 osdx file_operation[357734]: using src url: http://10.215.168.1/~robot/ dst url: running://index.html
Nov 12 14:15:58.495664 osdx kernel: [DROP-1] DROP IN= OUT=eth1 SRC=10.215.168.64 DST=10.215.168.1 LEN=306 TOS=0x00 PREC=0x00 TTL=64 ID=56066 DF PROTO=TCP SPT=56320 DPT=80 WINDOW=502 RES=0x00 ACK PSH URGP=0 APPDETECT[U6:155 http-url:/~robot/ http-host:10.215.168.1]
Nov 12 14:15:58.699703 osdx kernel: [DROP-1] DROP IN= OUT=eth1 SRC=10.215.168.64 DST=10.215.168.1 LEN=306 TOS=0x00 PREC=0x00 TTL=64 ID=56067 DF PROTO=TCP SPT=56320 DPT=80 WINDOW=502 RES=0x00 ACK PSH URGP=0 APPDETECT[U6:155 http-url:/~robot/ http-host:10.215.168.1]
Nov 12 14:15:59.139704 osdx kernel: [DROP-1] DROP IN= OUT=eth1 SRC=10.215.168.64 DST=10.215.168.1 LEN=306 TOS=0x00 PREC=0x00 TTL=64 ID=56068 DF PROTO=TCP SPT=56320 DPT=80 WINDOW=502 RES=0x00 ACK PSH URGP=0 APPDETECT[U6:155 http-url:/~robot/ http-host:10.215.168.1]
Nov 12 14:15:59.971709 osdx kernel: [DROP-1] DROP IN= OUT=eth1 SRC=10.215.168.64 DST=10.215.168.1 LEN=306 TOS=0x00 PREC=0x00 TTL=64 ID=56069 DF PROTO=TCP SPT=56320 DPT=80 WINDOW=502 RES=0x00 ACK PSH URGP=0 APPDETECT[U6:155 http-url:/~robot/ http-host:10.215.168.1]
Nov 12 14:16:01.496983 osdx file_operation.py[357734]: Operation aborted by user.
Nov 12 14:16:01.511938 osdx kernel: [DROP-1] DROP IN= OUT=eth1 SRC=10.215.168.64 DST=10.215.168.1 LEN=306 TOS=0x00 PREC=0x00 TTL=64 ID=56070 DF PROTO=TCP SPT=56320 DPT=80 WINDOW=502 RES=0x00 ACK PSH FIN URGP=0 APPDETECT[U6:155 http-url:/~robot/ http-host:10.215.168.1]
Nov 12 14:16:01.516295 osdx OSDxCLI[290541]: User 'admin' executed a new command: 'file copy http://10.215.168.1/~robot/ running://index.html'.

---

Identity Values

Description

Conntrack identity is able to contain any printed character (max 92 characters) but not spaces

Scenario

Step 1: Run command configure at DUT0 and expect this output:

Show output

admin@osdx#

Step 2: Run command set system conntrack logging identity "he||o w@rld!" at DUT0 and check if output contains the following tokens:

Identity name must be 92 characters or less and must contain printable characters except those defined as part of the space character class

Show output

Identity name must be 92 characters or less and must contain printable characters except those defined as part of the space character class
Value validation failed
CLI Error: Command error

Step 3: Run command set system conntrack logging identity Lorem-ipsum-dolor-sit-amet-consectetur-adipiscing-elit-quisque-lorem-ipsum-dolor-sit-amet-vita at DUT0 and check if output contains the following tokens:

Identity name must be 92 characters or less and must contain printable characters except those defined as part of the space character class

Show output

Identity name must be 92 characters or less and must contain printable characters except those defined as part of the space character class
Value validation failed
CLI Error: Command error

Step 4: Set the following configuration in DUT0 :

set interfaces ethernet eth0 address 192.168.100.1/24
set system conntrack logging events all
set system conntrack logging identity Lorem-ipsum-dolor-sit-amet-consectetur-adipiscing-elit-quisque-lorem-ipsum-dolor-sit-ame-vit
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'

Step 5: Set the following configuration in DUT1 :

set interfaces ethernet eth0 address 192.168.100.2/24
set protocols static route 0.0.0.0/0 next-hop 192.168.100.1
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'

Step 6: Ping IP address 192.168.100.1 from DUT1:

admin@DUT1$ ping 192.168.100.1 count 1 size 56 timeout 1

Show output

PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data.
64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.412 ms

--- 192.168.100.1 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 0.412/0.412/0.412/0.000 ms

Step 7: Ping IP address 192.168.100.1 from DUT1:

admin@DUT1$ ping 192.168.100.1 count 1 size 56 timeout 1

Show output

PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data.
64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.209 ms

--- 192.168.100.1 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 0.209/0.209/0.209/0.000 ms

Step 8: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:

Lorem-ipsum-dolor-sit-amet-consectetur-adipiscing-elit-quisque-lorem-ipsum-dolor-sit-ame-vit\[.*\]:.*\[((NEW)|(UPDATE)|(DESTROY))\].*SRC=192.168.100.2

Show output

Nov 12 14:16:06.280986 osdx systemd-journald[1959]: Runtime Journal (/run/log/journal/5e4ed8d3546348e58126c9438c4a827c) is 1.8M, max 13.8M, 11.9M free.
Nov 12 14:16:06.281840 osdx systemd-journald[1959]: Received client request to rotate journal, rotating.
Nov 12 14:16:06.281905 osdx systemd-journald[1959]: Vacuuming done, freed 0B of archived journals from /run/log/journal/5e4ed8d3546348e58126c9438c4a827c.
Nov 12 14:16:06.292025 osdx OSDxCLI[290541]: User 'admin' executed a new command: 'system journal clear'.
Nov 12 14:16:06.530982 osdx OSDxCLI[290541]: User 'admin' executed a new command: 'system coredump delete all'.
Nov 12 14:16:06.736516 osdx OSDxCLI[290541]: User 'admin' entered the configuration menu.
Nov 12 14:16:06.850398 osdx cfgd[1656]: [290541]Command output:
                                        Identity name must be 92 characters or less and must contain printable characters except those defined as part of the space character class
                                        Value validation failed
Nov 12 14:16:06.851600 osdx OSDxCLI[290541]: User 'admin' entered an invalid command: 'set system conntrack logging identity "he||o w@rld!"'.
Nov 12 14:16:06.923493 osdx cfgd[1656]: [290541]Command output:
                                        Identity name must be 92 characters or less and must contain printable characters except those defined as part of the space character class
                                        Value validation failed
Nov 12 14:16:06.924610 osdx OSDxCLI[290541]: User 'admin' entered an invalid command: 'set system conntrack logging identity Lorem-ipsum-dolor-sit-amet-consectetur-adipiscing-elit-quisque-lorem-ipsum-dolor-sit-amet-vita'.
Nov 12 14:16:06.991775 osdx OSDxCLI[290541]: User 'admin' left the configuration menu.
Nov 12 14:16:07.182618 osdx OSDxCLI[290541]: User 'admin' entered the configuration menu.
Nov 12 14:16:07.272052 osdx OSDxCLI[290541]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 192.168.100.1/24'.
Nov 12 14:16:07.357977 osdx OSDxCLI[290541]: User 'admin' added a new cfg line: 'set system conntrack logging events all'.
Nov 12 14:16:07.424910 osdx OSDxCLI[290541]: User 'admin' added a new cfg line: 'set system conntrack logging identity Lorem-ipsum-dolor-sit-amet-consectetur-adipiscing-elit-quisque-lorem-ipsum-dolor-sit-ame-vit'.
Nov 12 14:16:07.530024 osdx OSDxCLI[290541]: User 'admin' added a new cfg line: 'show working'.
Nov 12 14:16:07.618952 osdx ubnt-cfgd[357934]: inactive
Nov 12 14:16:07.637232 osdx INFO[357940]: FRR daemons did not change
Nov 12 14:16:07.661839 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0
Nov 12 14:16:07.703325 osdx WARNING[358011]: No supported link modes on interface eth0
Nov 12 14:16:07.705150 osdx modulelauncher[358011]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on
Nov 12 14:16:07.705165 osdx modulelauncher[358011]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76.
Nov 12 14:16:07.706361 osdx modulelauncher[358011]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off --
Nov 12 14:16:07.706374 osdx modulelauncher[358011]: Command '/sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off --' returned non-zero exit status 75.
Nov 12 14:16:07.754167 osdx systemd[1]: Starting ulogd2.service - Netfilter Userspace Logging Daemon...
Nov 12 14:16:07.755068 osdx systemd[1]: Started ulogd2.service - Netfilter Userspace Logging Daemon.
Nov 12 14:16:07.755185 osdx ulogd[358036]: registering plugin `NFCT'
Nov 12 14:16:07.755367 osdx ulogd[358036]: registering plugin `IP2STR'
Nov 12 14:16:07.755407 osdx ulogd[358036]: registering plugin `PRINTFLOW'
Nov 12 14:16:07.755446 osdx ulogd[358036]: registering plugin `SYSLOG'
Nov 12 14:16:07.755480 osdx ulogd[358036]: building new pluginstance stack: 'ct1:NFCT,ip2str1:IP2STR,print1:PRINTFLOW,sys1:SYSLOG'
Nov 12 14:16:07.755539 osdx ulogd[358036]: NFCT plugin working in event mode
Nov 12 14:16:07.755568 osdx Lorem-ipsum-dolor-sit-amet-consectetur-adipiscing-elit-quisque-lorem-ipsum-dolor-sit-ame-vit[358036]: Changing UID / GID
Nov 12 14:16:07.755659 osdx Lorem-ipsum-dolor-sit-amet-consectetur-adipiscing-elit-quisque-lorem-ipsum-dolor-sit-ame-vit[358036]: initialization finished, entering main loop
Nov 12 14:16:07.756295 osdx cfgd[1656]: [290541]Completed change to active configuration
Nov 12 14:16:07.767453 osdx OSDxCLI[290541]: User 'admin' committed the configuration.
Nov 12 14:16:07.783376 osdx OSDxCLI[290541]: User 'admin' left the configuration menu.
Nov 12 14:16:08.737356 osdx Lorem-ipsum-dolor-sit-amet-consectetur-adipiscing-elit-quisque-lorem-ipsum-dolor-sit-ame-vit[358036]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0
Nov 12 14:16:08.737377 osdx Lorem-ipsum-dolor-sit-amet-consectetur-adipiscing-elit-quisque-lorem-ipsum-dolor-sit-ame-vit[358036]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0
Nov 12 14:16:08.811239 osdx Lorem-ipsum-dolor-sit-amet-consectetur-adipiscing-elit-quisque-lorem-ipsum-dolor-sit-ame-vit[358036]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0
Nov 12 14:16:08.811261 osdx Lorem-ipsum-dolor-sit-amet-consectetur-adipiscing-elit-quisque-lorem-ipsum-dolor-sit-ame-vit[358036]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0

---