Logging
The following scenarios show how to configure the conntrack logging option with different traffic policies and services enabled, in order to check that all fields are displayed correctly and all events are captured.
New events
Description
Check NEW sessions events are captured
Scenario
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 192.168.100.1/24 set system conntrack logging events new set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 2: Set the following configuration in DUT1 :
set interfaces ethernet eth0 address 192.168.100.2/24 set protocols static route 0.0.0.0/0 next-hop 192.168.100.1 set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 3: Ping IP address 192.168.100.1 from DUT1:
admin@DUT1$ ping 192.168.100.1 count 1 size 56 timeout 1Show output
PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data. 64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.393 ms --- 192.168.100.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.393/0.393/0.393/0.000 ms
Step 4: Ping IP address 192.168.100.1 from DUT1:
admin@DUT1$ ping 192.168.100.1 count 1 size 56 timeout 1Show output
PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data. 64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.235 ms --- 192.168.100.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.235/0.235/0.235/0.000 ms
Step 5: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
ulogd\[.*\]:.*\[NEW\].*SRC=192.168.100.2Show output
Dec 17 16:47:31.304587 osdx systemd-journald[1666]: Runtime Journal (/run/log/journal/a189e667ab9f46898dbfc92a68a94f73) is 1.8M, max 13.8M, 11.9M free. Dec 17 16:47:31.308129 osdx systemd-journald[1666]: Received client request to rotate journal, rotating. Dec 17 16:47:31.308203 osdx systemd-journald[1666]: Vacuuming done, freed 0B of archived journals from /run/log/journal/a189e667ab9f46898dbfc92a68a94f73. Dec 17 16:47:31.314974 osdx OSDxCLI[19513]: User 'admin' executed a new command: 'system journal clear'. Dec 17 16:47:31.657875 osdx OSDxCLI[19513]: User 'admin' executed a new command: 'system coredump delete all'. Dec 17 16:47:31.898956 osdx OSDxCLI[19513]: User 'admin' entered the configuration menu. Dec 17 16:47:31.996415 osdx OSDxCLI[19513]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 192.168.100.1/24'. Dec 17 16:47:32.081202 osdx OSDxCLI[19513]: User 'admin' added a new cfg line: 'set system conntrack logging events new'. Dec 17 16:47:32.144401 osdx OSDxCLI[19513]: User 'admin' added a new cfg line: 'show working'. Dec 17 16:47:32.236657 osdx ubnt-cfgd[67542]: inactive Dec 17 16:47:32.254374 osdx INFO[67548]: FRR daemons did not change Dec 17 16:47:32.280133 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Dec 17 16:47:32.321783 osdx WARNING[67619]: No supported link modes on interface eth0 Dec 17 16:47:32.323492 osdx modulelauncher[67619]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on Dec 17 16:47:32.323506 osdx modulelauncher[67619]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76. Dec 17 16:47:32.324994 osdx modulelauncher[67619]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off -- Dec 17 16:47:32.325002 osdx modulelauncher[67619]: Command '/sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off --' returned non-zero exit status 75. Dec 17 16:47:32.396534 osdx systemd[1]: Starting ulogd2.service - Netfilter Userspace Logging Daemon... Dec 17 16:47:32.399274 osdx systemd[1]: Started ulogd2.service - Netfilter Userspace Logging Daemon. Dec 17 16:47:32.400543 osdx cfgd[1460]: [19513]Completed change to active configuration Dec 17 16:47:32.401665 osdx ulogd[67644]: registering plugin `NFCT' Dec 17 16:47:32.402568 osdx ulogd[67644]: registering plugin `IP2STR' Dec 17 16:47:32.402645 osdx ulogd[67644]: registering plugin `PRINTFLOW' Dec 17 16:47:32.403709 osdx ulogd[67644]: registering plugin `SYSLOG' Dec 17 16:47:32.403716 osdx ulogd[67644]: building new pluginstance stack: 'ct1:NFCT,ip2str1:IP2STR,print1:PRINTFLOW,sys1:SYSLOG' Dec 17 16:47:32.403765 osdx ulogd[67644]: NFCT plugin working in event mode Dec 17 16:47:32.403775 osdx ulogd[67644]: Changing UID / GID Dec 17 16:47:32.403850 osdx ulogd[67644]: initialization finished, entering main loop Dec 17 16:47:32.412196 osdx OSDxCLI[19513]: User 'admin' committed the configuration. Dec 17 16:47:32.437456 osdx OSDxCLI[19513]: User 'admin' left the configuration menu. Dec 17 16:47:33.232636 osdx ulogd[67644]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 Dec 17 16:47:33.310588 osdx ulogd[67644]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0
Update events
Description
Check UPDATE sessions events are captured
Scenario
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 192.168.100.1/24 set system conntrack logging events update set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 2: Set the following configuration in DUT1 :
set interfaces ethernet eth0 address 192.168.100.2/24 set protocols static route 0.0.0.0/0 next-hop 192.168.100.1 set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 3: Ping IP address 192.168.100.1 from DUT1:
admin@DUT1$ ping 192.168.100.1 count 1 size 56 timeout 1Show output
PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data. 64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.348 ms --- 192.168.100.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.348/0.348/0.348/0.000 ms
Step 4: Ping IP address 192.168.100.1 from DUT1:
admin@DUT1$ ping 192.168.100.1 count 1 size 56 timeout 1Show output
PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data. 64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.232 ms --- 192.168.100.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.232/0.232/0.232/0.000 ms
Step 5: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
ulogd\[.*\]:.*\[UPDATE\].*SRC=192.168.100.2Show output
Dec 17 16:47:37.260028 osdx systemd-journald[1666]: Runtime Journal (/run/log/journal/a189e667ab9f46898dbfc92a68a94f73) is 1.8M, max 13.8M, 11.9M free. Dec 17 16:47:37.261523 osdx systemd-journald[1666]: Received client request to rotate journal, rotating. Dec 17 16:47:37.261585 osdx systemd-journald[1666]: Vacuuming done, freed 0B of archived journals from /run/log/journal/a189e667ab9f46898dbfc92a68a94f73. Dec 17 16:47:37.269968 osdx OSDxCLI[19513]: User 'admin' executed a new command: 'system journal clear'. Dec 17 16:47:37.515909 osdx OSDxCLI[19513]: User 'admin' executed a new command: 'system coredump delete all'. Dec 17 16:47:37.832860 osdx OSDxCLI[19513]: User 'admin' entered the configuration menu. Dec 17 16:47:37.913108 osdx OSDxCLI[19513]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 192.168.100.1/24'. Dec 17 16:47:38.029822 osdx OSDxCLI[19513]: User 'admin' added a new cfg line: 'set system conntrack logging events update'. Dec 17 16:47:38.098063 osdx OSDxCLI[19513]: User 'admin' added a new cfg line: 'show working'. Dec 17 16:47:38.207298 osdx ubnt-cfgd[67831]: inactive Dec 17 16:47:38.228566 osdx INFO[67837]: FRR daemons did not change Dec 17 16:47:38.257529 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Dec 17 16:47:38.305617 osdx WARNING[67908]: No supported link modes on interface eth0 Dec 17 16:47:38.307088 osdx modulelauncher[67908]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on Dec 17 16:47:38.307102 osdx modulelauncher[67908]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76. Dec 17 16:47:38.308300 osdx modulelauncher[67908]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off -- Dec 17 16:47:38.308309 osdx modulelauncher[67908]: Command '/sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off --' returned non-zero exit status 75. Dec 17 16:47:38.369884 osdx systemd[1]: Starting ulogd2.service - Netfilter Userspace Logging Daemon... Dec 17 16:47:38.370610 osdx systemd[1]: Started ulogd2.service - Netfilter Userspace Logging Daemon. Dec 17 16:47:38.370782 osdx ulogd[67933]: registering plugin `NFCT' Dec 17 16:47:38.370977 osdx ulogd[67933]: registering plugin `IP2STR' Dec 17 16:47:38.371023 osdx ulogd[67933]: registering plugin `PRINTFLOW' Dec 17 16:47:38.371108 osdx ulogd[67933]: registering plugin `SYSLOG' Dec 17 16:47:38.371114 osdx ulogd[67933]: building new pluginstance stack: 'ct1:NFCT,ip2str1:IP2STR,print1:PRINTFLOW,sys1:SYSLOG' Dec 17 16:47:38.371159 osdx ulogd[67933]: NFCT plugin working in event mode Dec 17 16:47:38.371166 osdx ulogd[67933]: Changing UID / GID Dec 17 16:47:38.371232 osdx ulogd[67933]: initialization finished, entering main loop Dec 17 16:47:38.371990 osdx cfgd[1460]: [19513]Completed change to active configuration Dec 17 16:47:38.387280 osdx OSDxCLI[19513]: User 'admin' committed the configuration. Dec 17 16:47:38.414025 osdx OSDxCLI[19513]: User 'admin' left the configuration menu. Dec 17 16:47:39.297038 osdx ulogd[67933]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 Dec 17 16:47:39.373519 osdx ulogd[67933]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0
Destroy events
Description
Check DESTROY sessions events are captured
Scenario
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 192.168.100.1/24 set service ssh set system conntrack logging events destroy set system conntrack timeout icmp 1 set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 2: Set the following configuration in DUT1 :
set interfaces ethernet eth0 address 192.168.100.2/24 set protocols static route 0.0.0.0/0 next-hop 192.168.100.1 set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 3: Ping IP address 192.168.100.1 from DUT1:
admin@DUT1$ ping 192.168.100.1 count 1 size 56 timeout 1Show output
PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data. 64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.331 ms --- 192.168.100.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.331/0.331/0.331/0.000 ms
Step 4: Ping IP address 192.168.100.1 from DUT1:
admin@DUT1$ ping 192.168.100.1 count 3 size 56 timeout 1Show output
PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data. 64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.302 ms 64 bytes from 192.168.100.1: icmp_seq=2 ttl=64 time=0.277 ms 64 bytes from 192.168.100.1: icmp_seq=3 ttl=64 time=0.270 ms --- 192.168.100.1 ping statistics --- 3 packets transmitted, 3 received, 0% packet loss, time 2056ms rtt min/avg/max/mdev = 0.270/0.283/0.302/0.013 ms
Step 5: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
ulogd\[.*\]:.*\[DESTROY\].*SRC=192.168.100.2Show output
Dec 17 16:47:44.281613 osdx systemd-journald[1666]: Runtime Journal (/run/log/journal/a189e667ab9f46898dbfc92a68a94f73) is 1.8M, max 13.8M, 11.9M free. Dec 17 16:47:44.282621 osdx systemd-journald[1666]: Received client request to rotate journal, rotating. Dec 17 16:47:44.282663 osdx systemd-journald[1666]: Vacuuming done, freed 0B of archived journals from /run/log/journal/a189e667ab9f46898dbfc92a68a94f73. Dec 17 16:47:44.292135 osdx OSDxCLI[19513]: User 'admin' executed a new command: 'system journal clear'. Dec 17 16:47:44.536562 osdx OSDxCLI[19513]: User 'admin' executed a new command: 'system coredump delete all'. Dec 17 16:47:44.750402 osdx OSDxCLI[19513]: User 'admin' entered the configuration menu. Dec 17 16:47:44.853649 osdx OSDxCLI[19513]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 192.168.100.1/24'. Dec 17 16:47:44.929061 osdx OSDxCLI[19513]: User 'admin' added a new cfg line: 'set system conntrack logging events destroy'. Dec 17 16:47:44.982138 osdx OSDxCLI[19513]: User 'admin' added a new cfg line: 'set system conntrack timeout icmp 1'. Dec 17 16:47:45.070271 osdx OSDxCLI[19513]: User 'admin' added a new cfg line: 'set service ssh'. Dec 17 16:47:45.133068 osdx OSDxCLI[19513]: User 'admin' added a new cfg line: 'show working'. Dec 17 16:47:45.225242 osdx ubnt-cfgd[68122]: inactive Dec 17 16:47:45.310276 osdx INFO[68134]: FRR daemons did not change Dec 17 16:47:45.338633 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Dec 17 16:47:45.381737 osdx WARNING[68207]: No supported link modes on interface eth0 Dec 17 16:47:45.383122 osdx modulelauncher[68207]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on Dec 17 16:47:45.383134 osdx modulelauncher[68207]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76. Dec 17 16:47:45.384366 osdx modulelauncher[68207]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off -- Dec 17 16:47:45.384373 osdx modulelauncher[68207]: Command '/sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off --' returned non-zero exit status 75. Dec 17 16:47:45.446981 osdx systemd[1]: Starting ulogd2.service - Netfilter Userspace Logging Daemon... Dec 17 16:47:45.447949 osdx systemd[1]: Started ulogd2.service - Netfilter Userspace Logging Daemon. Dec 17 16:47:45.448090 osdx ulogd[68232]: registering plugin `NFCT' Dec 17 16:47:45.448299 osdx ulogd[68232]: registering plugin `IP2STR' Dec 17 16:47:45.448343 osdx ulogd[68232]: registering plugin `PRINTFLOW' Dec 17 16:47:45.448766 osdx ulogd[68232]: registering plugin `SYSLOG' Dec 17 16:47:45.448773 osdx ulogd[68232]: building new pluginstance stack: 'ct1:NFCT,ip2str1:IP2STR,print1:PRINTFLOW,sys1:SYSLOG' Dec 17 16:47:45.448816 osdx ulogd[68232]: NFCT plugin working in event mode Dec 17 16:47:45.448822 osdx ulogd[68232]: Changing UID / GID Dec 17 16:47:45.448893 osdx ulogd[68232]: initialization finished, entering main loop Dec 17 16:47:45.496239 osdx systemd[1]: Starting ssh.service - OpenBSD Secure Shell server... Dec 17 16:47:45.510217 osdx sshd[68238]: Server listening on 0.0.0.0 port 22. Dec 17 16:47:45.510242 osdx sshd[68238]: Server listening on :: port 22. Dec 17 16:47:45.510330 osdx systemd[1]: Started ssh.service - OpenBSD Secure Shell server. Dec 17 16:47:45.534055 osdx cfgd[1460]: [19513]Completed change to active configuration Dec 17 16:47:45.546724 osdx OSDxCLI[19513]: User 'admin' committed the configuration. Dec 17 16:47:45.563671 osdx OSDxCLI[19513]: User 'admin' left the configuration menu. Dec 17 16:47:47.511691 osdx ulogd[68232]: [DESTROY] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 Dec 17 16:47:48.535688 osdx ulogd[68232]: [DESTROY] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84
Default logging
Description
Set a simple configuration, send a ping command from one device to other
and check that default fields appear when running system journal show.
Scenario
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 192.168.100.1/24 set system conntrack logging events all set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 2: Set the following configuration in DUT1 :
set interfaces ethernet eth0 address 192.168.100.2/24 set protocols static route 0.0.0.0/0 next-hop 192.168.100.1 set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 3: Ping IP address 192.168.100.1 from DUT1:
admin@DUT1$ ping 192.168.100.1 count 1 size 56 timeout 1Show output
PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data. 64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.335 ms --- 192.168.100.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.335/0.335/0.335/0.000 ms
Step 4: Ping IP address 192.168.100.1 from DUT1:
admin@DUT1$ ping 192.168.100.1 count 1 size 56 timeout 1Show output
PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data. 64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.239 ms --- 192.168.100.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.239/0.239/0.239/0.000 ms
Step 5: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
ulogd\[.*\]:.*\[((NEW)|(UPDATE)|(DESTROY))\].*SRC=192.168.100.2Show output
Dec 17 16:47:56.332871 osdx systemd-journald[1666]: Runtime Journal (/run/log/journal/a189e667ab9f46898dbfc92a68a94f73) is 1.8M, max 13.8M, 11.9M free. Dec 17 16:47:56.334646 osdx systemd-journald[1666]: Received client request to rotate journal, rotating. Dec 17 16:47:56.334718 osdx systemd-journald[1666]: Vacuuming done, freed 0B of archived journals from /run/log/journal/a189e667ab9f46898dbfc92a68a94f73. Dec 17 16:47:56.345016 osdx OSDxCLI[19513]: User 'admin' executed a new command: 'system journal clear'. Dec 17 16:47:56.583539 osdx OSDxCLI[19513]: User 'admin' executed a new command: 'system coredump delete all'. Dec 17 16:47:56.854553 osdx OSDxCLI[19513]: User 'admin' entered the configuration menu. Dec 17 16:47:56.948565 osdx OSDxCLI[19513]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 192.168.100.1/24'. Dec 17 16:47:57.019969 osdx OSDxCLI[19513]: User 'admin' added a new cfg line: 'set system conntrack logging events all'. Dec 17 16:47:57.165570 osdx OSDxCLI[19513]: User 'admin' added a new cfg line: 'show working'. Dec 17 16:47:57.236866 osdx ubnt-cfgd[68449]: inactive Dec 17 16:47:57.259165 osdx INFO[68455]: FRR daemons did not change Dec 17 16:47:57.290655 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Dec 17 16:47:57.338153 osdx WARNING[68526]: No supported link modes on interface eth0 Dec 17 16:47:57.340057 osdx modulelauncher[68526]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on Dec 17 16:47:57.340073 osdx modulelauncher[68526]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76. Dec 17 16:47:57.341747 osdx modulelauncher[68526]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off -- Dec 17 16:47:57.341762 osdx modulelauncher[68526]: Command '/sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off --' returned non-zero exit status 75. Dec 17 16:47:57.391050 osdx systemd[1]: Starting ulogd2.service - Netfilter Userspace Logging Daemon... Dec 17 16:47:57.391975 osdx systemd[1]: Started ulogd2.service - Netfilter Userspace Logging Daemon. Dec 17 16:47:57.392156 osdx ulogd[68551]: registering plugin `NFCT' Dec 17 16:47:57.392422 osdx ulogd[68551]: registering plugin `IP2STR' Dec 17 16:47:57.392487 osdx ulogd[68551]: registering plugin `PRINTFLOW' Dec 17 16:47:57.392594 osdx ulogd[68551]: registering plugin `SYSLOG' Dec 17 16:47:57.392602 osdx ulogd[68551]: building new pluginstance stack: 'ct1:NFCT,ip2str1:IP2STR,print1:PRINTFLOW,sys1:SYSLOG' Dec 17 16:47:57.392664 osdx ulogd[68551]: NFCT plugin working in event mode Dec 17 16:47:57.392721 osdx ulogd[68551]: Changing UID / GID Dec 17 16:47:57.392809 osdx ulogd[68551]: initialization finished, entering main loop Dec 17 16:47:57.393482 osdx cfgd[1460]: [19513]Completed change to active configuration Dec 17 16:47:57.406139 osdx OSDxCLI[19513]: User 'admin' committed the configuration. Dec 17 16:47:57.439946 osdx OSDxCLI[19513]: User 'admin' left the configuration menu. Dec 17 16:47:58.295270 osdx ulogd[68551]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 Dec 17 16:47:58.295292 osdx ulogd[68551]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 Dec 17 16:47:58.370790 osdx ulogd[68551]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 Dec 17 16:47:58.370816 osdx ulogd[68551]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0
Identity logging
Description
Set a simple configuration with identity OSDx_DUT0 for logs entries, send a ping command from one device to other
and check that the identity has changed when running system journal show.
Scenario
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 192.168.100.1/24 set system conntrack logging events all set system conntrack logging identity OSDx_DUT0 set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 2: Set the following configuration in DUT1 :
set interfaces ethernet eth0 address 192.168.100.2/24 set protocols static route 0.0.0.0/0 next-hop 192.168.100.1 set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 3: Ping IP address 192.168.100.1 from DUT1:
admin@DUT1$ ping 192.168.100.1 count 1 size 56 timeout 1Show output
PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data. 64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.285 ms --- 192.168.100.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.285/0.285/0.285/0.000 ms
Step 4: Ping IP address 192.168.100.1 from DUT1:
admin@DUT1$ ping 192.168.100.1 count 1 size 56 timeout 1Show output
PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data. 64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.370 ms --- 192.168.100.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.370/0.370/0.370/0.000 ms
Step 5: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
OSDx_DUT0\[.*\]:.*\[((NEW)|(UPDATE)|(DESTROY))\].*SRC=192.168.100.2Show output
Dec 17 16:48:03.330334 osdx systemd-journald[1666]: Runtime Journal (/run/log/journal/a189e667ab9f46898dbfc92a68a94f73) is 1.8M, max 13.8M, 11.9M free. Dec 17 16:48:03.331383 osdx systemd-journald[1666]: Received client request to rotate journal, rotating. Dec 17 16:48:03.331443 osdx systemd-journald[1666]: Vacuuming done, freed 0B of archived journals from /run/log/journal/a189e667ab9f46898dbfc92a68a94f73. Dec 17 16:48:03.341061 osdx OSDxCLI[19513]: User 'admin' executed a new command: 'system journal clear'. Dec 17 16:48:03.634885 osdx OSDxCLI[19513]: User 'admin' executed a new command: 'system coredump delete all'. Dec 17 16:48:04.018017 osdx OSDxCLI[19513]: User 'admin' entered the configuration menu. Dec 17 16:48:04.097490 osdx OSDxCLI[19513]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 192.168.100.1/24'. Dec 17 16:48:04.178497 osdx OSDxCLI[19513]: User 'admin' added a new cfg line: 'set system conntrack logging events all'. Dec 17 16:48:04.234146 osdx OSDxCLI[19513]: User 'admin' added a new cfg line: 'set system conntrack logging identity OSDx_DUT0'. Dec 17 16:48:04.345584 osdx OSDxCLI[19513]: User 'admin' added a new cfg line: 'show working'. Dec 17 16:48:04.406458 osdx ubnt-cfgd[68741]: inactive Dec 17 16:48:04.428891 osdx INFO[68747]: FRR daemons did not change Dec 17 16:48:04.455398 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Dec 17 16:48:04.505641 osdx WARNING[68818]: No supported link modes on interface eth0 Dec 17 16:48:04.507713 osdx modulelauncher[68818]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on Dec 17 16:48:04.507730 osdx modulelauncher[68818]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76. Dec 17 16:48:04.509081 osdx modulelauncher[68818]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off -- Dec 17 16:48:04.509091 osdx modulelauncher[68818]: Command '/sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off --' returned non-zero exit status 75. Dec 17 16:48:04.564004 osdx systemd[1]: Starting ulogd2.service - Netfilter Userspace Logging Daemon... Dec 17 16:48:04.565096 osdx systemd[1]: Started ulogd2.service - Netfilter Userspace Logging Daemon. Dec 17 16:48:04.565188 osdx ulogd[68843]: registering plugin `NFCT' Dec 17 16:48:04.565262 osdx ulogd[68843]: registering plugin `IP2STR' Dec 17 16:48:04.565433 osdx ulogd[68843]: registering plugin `PRINTFLOW' Dec 17 16:48:04.565522 osdx ulogd[68843]: registering plugin `SYSLOG' Dec 17 16:48:04.565528 osdx ulogd[68843]: building new pluginstance stack: 'ct1:NFCT,ip2str1:IP2STR,print1:PRINTFLOW,sys1:SYSLOG' Dec 17 16:48:04.565587 osdx ulogd[68843]: NFCT plugin working in event mode Dec 17 16:48:04.565653 osdx OSDx_DUT0[68843]: Changing UID / GID Dec 17 16:48:04.565732 osdx OSDx_DUT0[68843]: initialization finished, entering main loop Dec 17 16:48:04.566946 osdx cfgd[1460]: [19513]Completed change to active configuration Dec 17 16:48:04.584187 osdx OSDxCLI[19513]: User 'admin' committed the configuration. Dec 17 16:48:04.636015 osdx OSDxCLI[19513]: User 'admin' left the configuration menu. Dec 17 16:48:05.697244 osdx OSDx_DUT0[68843]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 Dec 17 16:48:05.697264 osdx OSDx_DUT0[68843]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 Dec 17 16:48:05.774781 osdx OSDx_DUT0[68843]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 Dec 17 16:48:05.774801 osdx OSDx_DUT0[68843]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0
Note
If the identity is not provided, “ulogd” will be used by default.
Step 6: Modify the following configuration lines in DUT0 :
delete system conntrack logging identity
Step 7: Ping IP address 192.168.100.1 from DUT1:
admin@DUT1$ ping 192.168.100.1 count 1 size 56 timeout 1Show output
PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data. 64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.281 ms --- 192.168.100.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.281/0.281/0.281/0.000 ms
Step 8: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
ulogd\[.*\]:.*\[((NEW)|(UPDATE)|(DESTROY))\].*SRC=192.168.100.2Show output
Dec 17 16:48:03.330334 osdx systemd-journald[1666]: Runtime Journal (/run/log/journal/a189e667ab9f46898dbfc92a68a94f73) is 1.8M, max 13.8M, 11.9M free. Dec 17 16:48:03.331383 osdx systemd-journald[1666]: Received client request to rotate journal, rotating. Dec 17 16:48:03.331443 osdx systemd-journald[1666]: Vacuuming done, freed 0B of archived journals from /run/log/journal/a189e667ab9f46898dbfc92a68a94f73. Dec 17 16:48:03.341061 osdx OSDxCLI[19513]: User 'admin' executed a new command: 'system journal clear'. Dec 17 16:48:03.634885 osdx OSDxCLI[19513]: User 'admin' executed a new command: 'system coredump delete all'. Dec 17 16:48:04.018017 osdx OSDxCLI[19513]: User 'admin' entered the configuration menu. Dec 17 16:48:04.097490 osdx OSDxCLI[19513]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 192.168.100.1/24'. Dec 17 16:48:04.178497 osdx OSDxCLI[19513]: User 'admin' added a new cfg line: 'set system conntrack logging events all'. Dec 17 16:48:04.234146 osdx OSDxCLI[19513]: User 'admin' added a new cfg line: 'set system conntrack logging identity OSDx_DUT0'. Dec 17 16:48:04.345584 osdx OSDxCLI[19513]: User 'admin' added a new cfg line: 'show working'. Dec 17 16:48:04.406458 osdx ubnt-cfgd[68741]: inactive Dec 17 16:48:04.428891 osdx INFO[68747]: FRR daemons did not change Dec 17 16:48:04.455398 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Dec 17 16:48:04.505641 osdx WARNING[68818]: No supported link modes on interface eth0 Dec 17 16:48:04.507713 osdx modulelauncher[68818]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on Dec 17 16:48:04.507730 osdx modulelauncher[68818]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76. Dec 17 16:48:04.509081 osdx modulelauncher[68818]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off -- Dec 17 16:48:04.509091 osdx modulelauncher[68818]: Command '/sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off --' returned non-zero exit status 75. Dec 17 16:48:04.564004 osdx systemd[1]: Starting ulogd2.service - Netfilter Userspace Logging Daemon... Dec 17 16:48:04.565096 osdx systemd[1]: Started ulogd2.service - Netfilter Userspace Logging Daemon. Dec 17 16:48:04.565188 osdx ulogd[68843]: registering plugin `NFCT' Dec 17 16:48:04.565262 osdx ulogd[68843]: registering plugin `IP2STR' Dec 17 16:48:04.565433 osdx ulogd[68843]: registering plugin `PRINTFLOW' Dec 17 16:48:04.565522 osdx ulogd[68843]: registering plugin `SYSLOG' Dec 17 16:48:04.565528 osdx ulogd[68843]: building new pluginstance stack: 'ct1:NFCT,ip2str1:IP2STR,print1:PRINTFLOW,sys1:SYSLOG' Dec 17 16:48:04.565587 osdx ulogd[68843]: NFCT plugin working in event mode Dec 17 16:48:04.565653 osdx OSDx_DUT0[68843]: Changing UID / GID Dec 17 16:48:04.565732 osdx OSDx_DUT0[68843]: initialization finished, entering main loop Dec 17 16:48:04.566946 osdx cfgd[1460]: [19513]Completed change to active configuration Dec 17 16:48:04.584187 osdx OSDxCLI[19513]: User 'admin' committed the configuration. Dec 17 16:48:04.636015 osdx OSDxCLI[19513]: User 'admin' left the configuration menu. Dec 17 16:48:05.697244 osdx OSDx_DUT0[68843]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 Dec 17 16:48:05.697264 osdx OSDx_DUT0[68843]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 Dec 17 16:48:05.774781 osdx OSDx_DUT0[68843]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 Dec 17 16:48:05.774801 osdx OSDx_DUT0[68843]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 Dec 17 16:48:05.854190 osdx OSDxCLI[19513]: User 'admin' executed a new command: 'system journal show | cat'. Dec 17 16:48:06.005010 osdx OSDxCLI[19513]: User 'admin' entered the configuration menu. Dec 17 16:48:06.060556 osdx OSDxCLI[19513]: User 'admin' added a new cfg line: 'delete system conntrack logging identity'. Dec 17 16:48:06.158622 osdx OSDxCLI[19513]: User 'admin' added a new cfg line: 'show changes'. Dec 17 16:48:06.218316 osdx ubnt-cfgd[68879]: inactive Dec 17 16:48:06.236754 osdx INFO[68885]: FRR daemons did not change Dec 17 16:48:06.248927 osdx OSDx_DUT0[68843]: Terminal signal received, exiting Dec 17 16:48:06.249040 osdx systemd[1]: Stopping ulogd2.service - Netfilter Userspace Logging Daemon... Dec 17 16:48:06.249378 osdx systemd[1]: ulogd2.service: Deactivated successfully. Dec 17 16:48:06.249522 osdx systemd[1]: Stopped ulogd2.service - Netfilter Userspace Logging Daemon. Dec 17 16:48:06.279961 osdx systemd[1]: Starting ulogd2.service - Netfilter Userspace Logging Daemon... Dec 17 16:48:06.280959 osdx systemd[1]: Started ulogd2.service - Netfilter Userspace Logging Daemon. Dec 17 16:48:06.281127 osdx ulogd[68893]: registering plugin `NFCT' Dec 17 16:48:06.281390 osdx ulogd[68893]: registering plugin `IP2STR' Dec 17 16:48:06.281488 osdx ulogd[68893]: registering plugin `PRINTFLOW' Dec 17 16:48:06.281546 osdx ulogd[68893]: registering plugin `SYSLOG' Dec 17 16:48:06.281587 osdx ulogd[68893]: building new pluginstance stack: 'ct1:NFCT,ip2str1:IP2STR,print1:PRINTFLOW,sys1:SYSLOG' Dec 17 16:48:06.281643 osdx ulogd[68893]: NFCT plugin working in event mode Dec 17 16:48:06.281654 osdx ulogd[68893]: Changing UID / GID Dec 17 16:48:06.281739 osdx ulogd[68893]: initialization finished, entering main loop Dec 17 16:48:06.282394 osdx cfgd[1460]: [19513]Completed change to active configuration Dec 17 16:48:06.284230 osdx ulogd[68893]: [DESTROY] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 Dec 17 16:48:06.284255 osdx ulogd[68893]: [DESTROY] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 Dec 17 16:48:06.284970 osdx OSDxCLI[19513]: User 'admin' committed the configuration. Dec 17 16:48:06.311403 osdx OSDxCLI[19513]: User 'admin' left the configuration menu. Dec 17 16:48:06.461455 osdx ulogd[68893]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 Dec 17 16:48:06.461478 osdx ulogd[68893]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0
Policies logging
Description
Set a simple configuration with mark and label traffic policies,
send a ping command from one device to other
and check that default, mark and label fields appear when running system journal show.
Scenario
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 192.168.100.1/24 set interfaces ethernet eth0 traffic policy in POLICY set system conntrack logging events all set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0' set traffic label TEST set traffic policy POLICY rule 1 set connmark 33 set traffic policy POLICY rule 1 set label TEST
Step 2: Set the following configuration in DUT1 :
set interfaces ethernet eth0 address 192.168.100.2/24 set protocols static route 0.0.0.0/0 next-hop 192.168.100.1 set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 3: Ping IP address 192.168.100.1 from DUT1:
admin@DUT1$ ping 192.168.100.1 count 1 size 56 timeout 1Show output
PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data. 64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.362 ms --- 192.168.100.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.362/0.362/0.362/0.000 ms
Step 4: Ping IP address 192.168.100.1 from DUT1:
admin@DUT1$ ping 192.168.100.1 count 2 size 56 timeout 1Show output
PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data. 64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.297 ms 64 bytes from 192.168.100.1: icmp_seq=2 ttl=64 time=0.275 ms --- 192.168.100.1 ping statistics --- 2 packets transmitted, 2 received, 0% packet loss, time 1031ms rtt min/avg/max/mdev = 0.275/0.286/0.297/0.011 ms
Step 5: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
ulogd\[.*\]:.*\[((NEW)|(UPDATE)|(DESTROY))\].*MARK=33.*LABELS=TESTShow output
Dec 17 16:48:10.000195 osdx systemd-timedated[42259]: Changed local time to Wed 2025-12-17 16:48:10 UTC Dec 17 16:48:10.001609 osdx OSDxCLI[19513]: User 'admin' executed a new command: 'set date 2025-12-17 16:48:10'. Dec 17 16:48:10.001802 osdx systemd-journald[1666]: Time jumped backwards, rotating. Dec 17 16:48:10.336846 osdx systemd-journald[1666]: Runtime Journal (/run/log/journal/a189e667ab9f46898dbfc92a68a94f73) is 1.8M, max 13.8M, 11.9M free. Dec 17 16:48:10.337990 osdx systemd-journald[1666]: Received client request to rotate journal, rotating. Dec 17 16:48:10.338043 osdx systemd-journald[1666]: Vacuuming done, freed 0B of archived journals from /run/log/journal/a189e667ab9f46898dbfc92a68a94f73. Dec 17 16:48:10.348660 osdx OSDxCLI[19513]: User 'admin' executed a new command: 'system journal clear'. Dec 17 16:48:10.619330 osdx OSDxCLI[19513]: User 'admin' executed a new command: 'system coredump delete all'. Dec 17 16:48:10.894905 osdx OSDxCLI[19513]: User 'admin' entered the configuration menu. Dec 17 16:48:10.996780 osdx OSDxCLI[19513]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 traffic policy in POLICY'. Dec 17 16:48:11.076456 osdx OSDxCLI[19513]: User 'admin' added a new cfg line: 'set traffic label TEST'. Dec 17 16:48:11.159127 osdx OSDxCLI[19513]: User 'admin' added a new cfg line: 'set traffic policy POLICY rule 1 set connmark 33'. Dec 17 16:48:11.246997 osdx OSDxCLI[19513]: User 'admin' added a new cfg line: 'set traffic policy POLICY rule 1 set label TEST'. Dec 17 16:48:11.302933 osdx OSDxCLI[19513]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 192.168.100.1/24'. Dec 17 16:48:11.409644 osdx OSDxCLI[19513]: User 'admin' added a new cfg line: 'set system conntrack logging events all'. Dec 17 16:48:11.534409 osdx OSDxCLI[19513]: User 'admin' added a new cfg line: 'show working'. Dec 17 16:48:11.614332 osdx ubnt-cfgd[69060]: inactive Dec 17 16:48:11.662548 osdx INFO[69074]: FRR daemons did not change Dec 17 16:48:11.693702 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Dec 17 16:48:11.739129 osdx WARNING[69145]: No supported link modes on interface eth0 Dec 17 16:48:11.740524 osdx modulelauncher[69145]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on Dec 17 16:48:11.740539 osdx modulelauncher[69145]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76. Dec 17 16:48:11.741724 osdx modulelauncher[69145]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off -- Dec 17 16:48:11.741732 osdx modulelauncher[69145]: Command '/sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off --' returned non-zero exit status 75. Dec 17 16:48:11.782035 osdx systemd[1]: Starting ulogd2.service - Netfilter Userspace Logging Daemon... Dec 17 16:48:11.782822 osdx systemd[1]: Started ulogd2.service - Netfilter Userspace Logging Daemon. Dec 17 16:48:11.782947 osdx ulogd[69170]: registering plugin `NFCT' Dec 17 16:48:11.783148 osdx ulogd[69170]: registering plugin `IP2STR' Dec 17 16:48:11.783230 osdx ulogd[69170]: registering plugin `PRINTFLOW' Dec 17 16:48:11.783286 osdx ulogd[69170]: registering plugin `SYSLOG' Dec 17 16:48:11.783322 osdx ulogd[69170]: building new pluginstance stack: 'ct1:NFCT,ip2str1:IP2STR,print1:PRINTFLOW,sys1:SYSLOG' Dec 17 16:48:11.783369 osdx ulogd[69170]: NFCT plugin working in event mode Dec 17 16:48:11.783380 osdx ulogd[69170]: Changing UID / GID Dec 17 16:48:11.783449 osdx ulogd[69170]: initialization finished, entering main loop Dec 17 16:48:11.793482 osdx ulogd[69170]: Terminal signal received, exiting Dec 17 16:48:11.793584 osdx systemd[1]: Stopping ulogd2.service - Netfilter Userspace Logging Daemon... Dec 17 16:48:11.793872 osdx systemd[1]: ulogd2.service: Deactivated successfully. Dec 17 16:48:11.793990 osdx systemd[1]: Stopped ulogd2.service - Netfilter Userspace Logging Daemon. Dec 17 16:48:11.794977 osdx systemd[1]: Starting ulogd2.service - Netfilter Userspace Logging Daemon... Dec 17 16:48:11.796040 osdx systemd[1]: Started ulogd2.service - Netfilter Userspace Logging Daemon. Dec 17 16:48:11.796206 osdx ulogd[69176]: registering plugin `NFCT' Dec 17 16:48:11.796288 osdx ulogd[69176]: registering plugin `IP2STR' Dec 17 16:48:11.796348 osdx ulogd[69176]: registering plugin `PRINTFLOW' Dec 17 16:48:11.796410 osdx ulogd[69176]: registering plugin `SYSLOG' Dec 17 16:48:11.796414 osdx ulogd[69176]: building new pluginstance stack: 'ct1:NFCT,ip2str1:IP2STR,print1:PRINTFLOW,sys1:SYSLOG' Dec 17 16:48:11.796475 osdx ulogd[69176]: NFCT plugin working in event mode Dec 17 16:48:11.796484 osdx ulogd[69176]: Changing UID / GID Dec 17 16:48:11.796585 osdx ulogd[69176]: initialization finished, entering main loop Dec 17 16:48:11.988989 osdx cfgd[1460]: [19513]Completed change to active configuration Dec 17 16:48:12.001100 osdx OSDxCLI[19513]: User 'admin' committed the configuration. Dec 17 16:48:12.016391 osdx OSDxCLI[19513]: User 'admin' left the configuration menu. Dec 17 16:48:12.875767 osdx ulogd[69176]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 MARK=33 LABELS=TEST Dec 17 16:48:12.875787 osdx ulogd[69176]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 MARK=33 Dec 17 16:48:12.960171 osdx ulogd[69176]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 MARK=33 LABELS=TEST Dec 17 16:48:12.960192 osdx ulogd[69176]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 MARK=33
VRF logging
Description
Set a simple configuration with a vrf,
send a ping command from one device to other
and check that default and vrf fields appear when running system journal show.
Scenario
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 192.168.100.1/24 set interfaces ethernet eth0 vrf RED set protocols vrf RED static route 0.0.0.0/0 next-hop 192.168.100.2 set system conntrack logging events all set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0' set system vrf RED
Step 2: Set the following configuration in DUT1 :
set interfaces ethernet eth0 address 192.168.100.2/24 set protocols static route 0.0.0.0/0 next-hop 192.168.100.1 set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 3: Ping IP address 192.168.100.1 from DUT1:
admin@DUT1$ ping 192.168.100.1 count 1 size 56 timeout 1Show output
PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data. 64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.352 ms --- 192.168.100.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.352/0.352/0.352/0.000 ms
Step 4: Ping IP address 192.168.100.1 from DUT1:
admin@DUT1$ ping 192.168.100.1 count 1 size 56 timeout 1Show output
PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data. 64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.309 ms --- 192.168.100.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.309/0.309/0.309/0.000 ms
Step 5: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
ulogd\[.*\]:.*\[((NEW)|(UPDATE)|(DESTROY))\].*VRF=REDShow output
Dec 17 16:48:19.347174 osdx systemd-journald[1666]: Runtime Journal (/run/log/journal/a189e667ab9f46898dbfc92a68a94f73) is 1.9M, max 13.8M, 11.8M free. Dec 17 16:48:19.349134 osdx systemd-journald[1666]: Received client request to rotate journal, rotating. Dec 17 16:48:19.349212 osdx systemd-journald[1666]: Vacuuming done, freed 0B of archived journals from /run/log/journal/a189e667ab9f46898dbfc92a68a94f73. Dec 17 16:48:19.359911 osdx OSDxCLI[19513]: User 'admin' executed a new command: 'system journal clear'. Dec 17 16:48:19.651916 osdx OSDxCLI[19513]: User 'admin' executed a new command: 'system coredump delete all'. Dec 17 16:48:19.897671 osdx OSDxCLI[19513]: User 'admin' entered the configuration menu. Dec 17 16:48:19.976006 osdx OSDxCLI[19513]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 vrf RED'. Dec 17 16:48:20.057417 osdx OSDxCLI[19513]: User 'admin' added a new cfg line: 'set protocols vrf RED static route 0.0.0.0/0 next-hop 192.168.100.2'. Dec 17 16:48:20.107286 osdx OSDxCLI[19513]: User 'admin' added a new cfg line: 'set system vrf RED'. Dec 17 16:48:20.213907 osdx OSDxCLI[19513]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 192.168.100.1/24'. Dec 17 16:48:20.282915 osdx OSDxCLI[19513]: User 'admin' added a new cfg line: 'set system conntrack logging events all'. Dec 17 16:48:20.395959 osdx OSDxCLI[19513]: User 'admin' added a new cfg line: 'show working'. Dec 17 16:48:20.462163 osdx ubnt-cfgd[69413]: inactive Dec 17 16:48:20.483689 osdx INFO[69419]: FRR daemons did not change Dec 17 16:48:20.492875 osdx (udev-worker)[69429]: RED: Could not disable auto negotiation, ignoring: Operation not supported Dec 17 16:48:20.492897 osdx (udev-worker)[69429]: Network interface NamePolicy= disabled on kernel command line. Dec 17 16:48:20.525117 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Dec 17 16:48:20.568211 osdx WARNING[69504]: No supported link modes on interface eth0 Dec 17 16:48:20.569781 osdx modulelauncher[69504]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on Dec 17 16:48:20.569800 osdx modulelauncher[69504]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76. Dec 17 16:48:20.571447 osdx modulelauncher[69504]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off -- Dec 17 16:48:20.571456 osdx modulelauncher[69504]: Command '/sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off --' returned non-zero exit status 75. Dec 17 16:48:20.585118 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Dec 17 16:48:20.697485 osdx systemd[1]: Starting ulogd2.service - Netfilter Userspace Logging Daemon... Dec 17 16:48:20.698523 osdx systemd[1]: Started ulogd2.service - Netfilter Userspace Logging Daemon. Dec 17 16:48:20.698631 osdx ulogd[69590]: registering plugin `NFCT' Dec 17 16:48:20.698678 osdx ulogd[69590]: registering plugin `IP2STR' Dec 17 16:48:20.698725 osdx ulogd[69590]: registering plugin `PRINTFLOW' Dec 17 16:48:20.698773 osdx ulogd[69590]: registering plugin `SYSLOG' Dec 17 16:48:20.698776 osdx ulogd[69590]: building new pluginstance stack: 'ct1:NFCT,ip2str1:IP2STR,print1:PRINTFLOW,sys1:SYSLOG' Dec 17 16:48:20.698820 osdx ulogd[69590]: NFCT plugin working in event mode Dec 17 16:48:20.698827 osdx ulogd[69590]: Changing UID / GID Dec 17 16:48:20.698900 osdx ulogd[69590]: initialization finished, entering main loop Dec 17 16:48:20.700756 osdx cfgd[1460]: [19513]Completed change to active configuration Dec 17 16:48:20.722540 osdx OSDxCLI[19513]: User 'admin' committed the configuration. Dec 17 16:48:20.738963 osdx OSDxCLI[19513]: User 'admin' left the configuration menu. Dec 17 16:48:21.559446 osdx ulogd[69590]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 VRF=RED PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 VRF=RED PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 Dec 17 16:48:21.559472 osdx ulogd[69590]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 VRF=RED PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 VRF=RED PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 Dec 17 16:48:21.640401 osdx ulogd[69590]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 VRF=RED PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 VRF=RED PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 Dec 17 16:48:21.640428 osdx ulogd[69590]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 VRF=RED PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 VRF=RED PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0
Not-Bypass logging
Description
Set a simple configuration with a firewall service,
send a ping command from one device to other
and check that default and bypass fields appear when running system journal show.
Scenario
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth1 address 10.215.168.64/24 set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 2: Ping IP address 10.215.168.1 from DUT0:
admin@DUT0$ ping 10.215.168.1 count 1 size 56 timeout 1Show output
PING 10.215.168.1 (10.215.168.1) 56(84) bytes of data. 64 bytes from 10.215.168.1: icmp_seq=1 ttl=64 time=0.198 ms --- 10.215.168.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.198/0.198/0.198/0.000 ms
Step 3: Run command file copy http://10.215.168.1/~robot/test-performance.rules running:// force at DUT0 and expect this output:
Show output
% Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 100 129 100 129 0 0 1453 0 --:--:-- --:--:-- --:--:-- 1465
Step 4: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 192.168.100.1/24 set interfaces ethernet eth0 traffic policy in POLICY set interfaces ethernet eth1 address 10.215.168.64/24 set service firewall FW mode inline queue FW_Q set service firewall FW ruleset file 'running://test-performance.rules' set service firewall FW stream bypass mark 129834765 set service firewall FW stream bypass mask 129834765 set service firewall FW stream bypass set-connmark set system conntrack logging events all set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0' set traffic policy POLICY rule 1 action enqueue FW_Q set traffic queue FW_Q elements 1
Step 5: Set the following configuration in DUT1 :
set interfaces ethernet eth0 address 192.168.100.2/24 set protocols static route 0.0.0.0/0 next-hop 192.168.100.1 set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 6: Ping IP address 192.168.100.1 from DUT1:
admin@DUT1$ ping 192.168.100.1 count 1 size 56 timeout 1Show output
PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data. 64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.450 ms --- 192.168.100.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.450/0.450/0.450/0.000 ms
Step 7: Ping IP address 192.168.100.1 from DUT1:
admin@DUT1$ ping 192.168.100.1 count 1 size 56 timeout 1Show output
PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data. 64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.382 ms --- 192.168.100.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.382/0.382/0.382/0.000 ms
Step 8: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
ulogd\[.*\]:.*\[((NEW)|(UPDATE)|(DESTROY))\].*Sc: not-bypassShow output
Dec 17 16:48:26.329642 osdx systemd-journald[1666]: Runtime Journal (/run/log/journal/a189e667ab9f46898dbfc92a68a94f73) is 1.9M, max 13.8M, 11.8M free. Dec 17 16:48:26.330794 osdx systemd-journald[1666]: Received client request to rotate journal, rotating. Dec 17 16:48:26.330861 osdx systemd-journald[1666]: Vacuuming done, freed 0B of archived journals from /run/log/journal/a189e667ab9f46898dbfc92a68a94f73. Dec 17 16:48:26.339824 osdx OSDxCLI[19513]: User 'admin' executed a new command: 'system journal clear'. Dec 17 16:48:26.556758 osdx OSDxCLI[19513]: User 'admin' executed a new command: 'system coredump delete all'. Dec 17 16:48:26.804113 osdx OSDxCLI[19513]: User 'admin' entered the configuration menu. Dec 17 16:48:26.900870 osdx OSDxCLI[19513]: User 'admin' added a new cfg line: 'set interfaces ethernet eth1 address 10.215.168.64/24'. Dec 17 16:48:26.981490 osdx OSDxCLI[19513]: User 'admin' added a new cfg line: 'show working'. Dec 17 16:48:27.076899 osdx ubnt-cfgd[69857]: inactive Dec 17 16:48:27.100722 osdx INFO[69863]: FRR daemons did not change Dec 17 16:48:27.210803 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth1 Dec 17 16:48:27.263510 osdx WARNING[69931]: No supported link modes on interface eth1 Dec 17 16:48:27.265044 osdx modulelauncher[69931]: osdx.utils.xos cmd error: /sbin/ethtool -A eth1 autoneg on Dec 17 16:48:27.265058 osdx modulelauncher[69931]: Command '/sbin/ethtool -A eth1 autoneg on' returned non-zero exit status 76. Dec 17 16:48:27.266245 osdx modulelauncher[69931]: osdx.utils.xos cmd error: /sbin/ethtool -s eth1 autoneg on advertise Asym_Pause off Pause off -- Dec 17 16:48:27.266254 osdx modulelauncher[69931]: Command '/sbin/ethtool -s eth1 autoneg on advertise Asym_Pause off Pause off --' returned non-zero exit status 75. Dec 17 16:48:27.279972 osdx cfgd[1460]: [19513]Completed change to active configuration Dec 17 16:48:27.294857 osdx OSDxCLI[19513]: User 'admin' committed the configuration. Dec 17 16:48:27.310241 osdx OSDxCLI[19513]: User 'admin' left the configuration menu. Dec 17 16:48:27.521363 osdx OSDxCLI[19513]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'. Dec 17 16:48:27.703532 osdx file_operation[69985]: using src url: http://10.215.168.1/~robot/test-performance.rules dst url: running:// Dec 17 16:48:27.813632 osdx OSDxCLI[19513]: User 'admin' executed a new command: 'file copy http://10.215.168.1/~robot/test-performance.rules running:// force'. Dec 17 16:48:27.936615 osdx OSDxCLI[19513]: User 'admin' entered the configuration menu. Dec 17 16:48:28.001133 osdx OSDxCLI[19513]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 traffic policy in POLICY'. Dec 17 16:48:28.095215 osdx OSDxCLI[19513]: User 'admin' added a new cfg line: 'set service firewall FW mode inline queue FW_Q'. Dec 17 16:48:28.156560 osdx OSDxCLI[19513]: User 'admin' added a new cfg line: 'set service firewall FW ruleset file running://test-performance.rules'. Dec 17 16:48:28.249344 osdx OSDxCLI[19513]: User 'admin' added a new cfg line: 'set service firewall FW stream bypass'. Dec 17 16:48:28.312897 osdx OSDxCLI[19513]: User 'admin' added a new cfg line: 'set service firewall FW stream bypass mark 129834765'. Dec 17 16:48:28.419977 osdx OSDxCLI[19513]: User 'admin' added a new cfg line: 'set service firewall FW stream bypass mask 129834765'. Dec 17 16:48:28.503614 osdx OSDxCLI[19513]: User 'admin' added a new cfg line: 'set service firewall FW stream bypass set-connmark'. Dec 17 16:48:28.580624 osdx OSDxCLI[19513]: User 'admin' added a new cfg line: 'set traffic queue FW_Q elements 1'. Dec 17 16:48:28.670424 osdx OSDxCLI[19513]: User 'admin' added a new cfg line: 'set traffic policy POLICY rule 1 action enqueue FW_Q'. Dec 17 16:48:28.737721 osdx OSDxCLI[19513]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 192.168.100.1/24'. Dec 17 16:48:28.817942 osdx OSDxCLI[19513]: User 'admin' added a new cfg line: 'set system conntrack logging events all'. Dec 17 16:48:28.892121 osdx OSDxCLI[19513]: User 'admin' added a new cfg line: 'show working'. Dec 17 16:48:28.987129 osdx ubnt-cfgd[70019]: inactive Dec 17 16:48:29.027545 osdx INFO[70036]: FRR daemons did not change Dec 17 16:48:29.050807 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Dec 17 16:48:29.097842 osdx WARNING[70107]: No supported link modes on interface eth0 Dec 17 16:48:29.099252 osdx modulelauncher[70107]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on Dec 17 16:48:29.099265 osdx modulelauncher[70107]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76. Dec 17 16:48:29.100761 osdx modulelauncher[70107]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off -- Dec 17 16:48:29.100773 osdx modulelauncher[70107]: Command '/sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off --' returned non-zero exit status 75. Dec 17 16:48:29.135165 osdx systemd[1]: Starting ulogd2.service - Netfilter Userspace Logging Daemon... Dec 17 16:48:29.135947 osdx systemd[1]: Started ulogd2.service - Netfilter Userspace Logging Daemon. Dec 17 16:48:29.136098 osdx ulogd[70132]: registering plugin `NFCT' Dec 17 16:48:29.136771 osdx ulogd[70132]: registering plugin `IP2STR' Dec 17 16:48:29.136841 osdx ulogd[70132]: registering plugin `PRINTFLOW' Dec 17 16:48:29.136896 osdx ulogd[70132]: registering plugin `SYSLOG' Dec 17 16:48:29.136903 osdx ulogd[70132]: building new pluginstance stack: 'ct1:NFCT,ip2str1:IP2STR,print1:PRINTFLOW,sys1:SYSLOG' Dec 17 16:48:29.136955 osdx ulogd[70132]: NFCT plugin working in event mode Dec 17 16:48:29.136964 osdx ulogd[70132]: Changing UID / GID Dec 17 16:48:29.137041 osdx ulogd[70132]: initialization finished, entering main loop Dec 17 16:48:29.384960 osdx ulogd[70132]: Terminal signal received, exiting Dec 17 16:48:29.385025 osdx systemd[1]: Stopping ulogd2.service - Netfilter Userspace Logging Daemon... Dec 17 16:48:29.385372 osdx systemd[1]: ulogd2.service: Deactivated successfully. Dec 17 16:48:29.385492 osdx systemd[1]: Stopped ulogd2.service - Netfilter Userspace Logging Daemon. Dec 17 16:48:29.407101 osdx systemd[1]: Starting ulogd2.service - Netfilter Userspace Logging Daemon... Dec 17 16:48:29.408159 osdx systemd[1]: Started ulogd2.service - Netfilter Userspace Logging Daemon. Dec 17 16:48:29.408282 osdx ulogd[70160]: registering plugin `NFCT' Dec 17 16:48:29.408491 osdx ulogd[70160]: registering plugin `IP2STR' Dec 17 16:48:29.408533 osdx ulogd[70160]: registering plugin `PRINTFLOW' Dec 17 16:48:29.408578 osdx ulogd[70160]: registering plugin `SYSLOG' Dec 17 16:48:29.408614 osdx ulogd[70160]: building new pluginstance stack: 'ct1:NFCT,ip2str1:IP2STR,print1:PRINTFLOW,sys1:SYSLOG' Dec 17 16:48:29.408670 osdx ulogd[70160]: NFCT plugin working in event mode Dec 17 16:48:29.408679 osdx ulogd[70160]: Changing UID / GID Dec 17 16:48:29.408748 osdx ulogd[70160]: initialization finished, entering main loop Dec 17 16:48:29.451486 osdx systemd[1]: Reloading. Dec 17 16:48:29.486816 osdx systemd-sysv-generator[70180]: stat() failed on /etc/init.d/README, ignoring: No such file or directory Dec 17 16:48:29.603293 osdx systemd[1]: Starting logrotate.service - Rotate log files... Dec 17 16:48:29.607630 osdx systemd[1]: Created slice system-suricata.slice - Slice /system/suricata. Dec 17 16:48:29.608588 osdx systemd[1]: Starting suricata@FW.service - Suricata client "FW" service... Dec 17 16:48:29.632982 osdx systemd[1]: logrotate.service: Deactivated successfully. Dec 17 16:48:29.633131 osdx systemd[1]: Finished logrotate.service - Rotate log files. Dec 17 16:48:29.872620 osdx systemd[1]: Started suricata@FW.service - Suricata client "FW" service. Dec 17 16:48:30.400282 osdx INFO[70162]: Rules successfully loaded Dec 17 16:48:30.400946 osdx cfgd[1460]: [19513]Completed change to active configuration Dec 17 16:48:30.414152 osdx OSDxCLI[19513]: User 'admin' committed the configuration. Dec 17 16:48:30.473844 osdx OSDxCLI[19513]: User 'admin' left the configuration menu. Dec 17 16:48:31.297149 osdx ulogd[70160]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 (Sc: not-bypass) Dec 17 16:48:31.297169 osdx ulogd[70160]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 (Sc: not-bypass) Dec 17 16:48:31.379886 osdx ulogd[70160]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 (Sc: not-bypass) Dec 17 16:48:31.379913 osdx ulogd[70160]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 (Sc: not-bypass)
Offload flag
Description
Set a simple configuration with DUT0 as an intermediary between DUT1
and DUT2. Initiate a ssh connection from DUT1 to DUT2
and check that default and offload fields appear when running system journal show.
Scenario
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 192.168.100.1/24 set interfaces ethernet eth1 address 192.168.200.1/24 set system conntrack logging events all set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 2: Set the following configuration in DUT1 :
set interfaces ethernet eth0 address 192.168.100.2/24 set protocols static route 0.0.0.0/0 next-hop 192.168.100.1 set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 3: Set the following configuration in DUT2 :
set interfaces ethernet eth0 address 192.168.200.2/24 set protocols static route 0.0.0.0/0 next-hop 192.168.200.1 set service ssh set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 4: Ping IP address 192.168.100.1 from DUT1:
admin@DUT1$ ping 192.168.100.1 count 1 size 56 timeout 1Show output
PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data. 64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.396 ms --- 192.168.100.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.396/0.396/0.396/0.000 ms
Step 5: Ping IP address 192.168.200.1 from DUT2:
admin@DUT2$ ping 192.168.200.1 count 1 size 56 timeout 1Show output
PING 192.168.200.1 (192.168.200.1) 56(84) bytes of data. 64 bytes from 192.168.200.1: icmp_seq=1 ttl=64 time=0.444 ms --- 192.168.200.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.444/0.444/0.444/0.000 ms
Step 6: Init an SSH connection from DUT1 to IP address 192.168.200.2 with the user admin:
admin@DUT1$ ssh admin@192.168.200.2 option StrictHostKeyChecking=no option UserKnownHostsFile=/dev/nullShow output
Warning: Permanently added '192.168.200.2' (ECDSA) to the list of known hosts. admin@192.168.200.2's password: Welcome to Teldat OSDx v4.2.7.2 This system includes free software. Contact Teldat for licenses information and source code. Last login: Wed Dec 17 16:47:20 2025 from 10.0.0.2 admin@osdx$
Step 7: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
ulogd\[.*\]:.*\[((NEW)|(UPDATE)|(DESTROY))\].*\[OFFLOAD\]Show output
Dec 17 16:48:38.515478 osdx systemd-journald[1666]: Runtime Journal (/run/log/journal/a189e667ab9f46898dbfc92a68a94f73) is 1.8M, max 13.8M, 11.9M free. Dec 17 16:48:38.517905 osdx systemd-journald[1666]: Received client request to rotate journal, rotating. Dec 17 16:48:38.517982 osdx systemd-journald[1666]: Vacuuming done, freed 0B of archived journals from /run/log/journal/a189e667ab9f46898dbfc92a68a94f73. Dec 17 16:48:38.525761 osdx OSDxCLI[19513]: User 'admin' executed a new command: 'system journal clear'. Dec 17 16:48:38.809568 osdx OSDxCLI[19513]: User 'admin' executed a new command: 'system coredump delete all'. Dec 17 16:48:39.137912 osdx OSDxCLI[19513]: User 'admin' entered the configuration menu. Dec 17 16:48:39.243931 osdx OSDxCLI[19513]: User 'admin' added a new cfg line: 'set interfaces ethernet eth1 address 192.168.200.1/24'. Dec 17 16:48:39.307877 osdx OSDxCLI[19513]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 192.168.100.1/24'. Dec 17 16:48:39.412654 osdx OSDxCLI[19513]: User 'admin' added a new cfg line: 'set system conntrack logging events all'. Dec 17 16:48:39.511125 osdx OSDxCLI[19513]: User 'admin' added a new cfg line: 'show working'. Dec 17 16:48:39.601974 osdx ubnt-cfgd[70488]: inactive Dec 17 16:48:39.638455 osdx INFO[70494]: FRR daemons did not change Dec 17 16:48:39.661915 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth1 Dec 17 16:48:39.713149 osdx WARNING[70565]: No supported link modes on interface eth1 Dec 17 16:48:39.714970 osdx modulelauncher[70565]: osdx.utils.xos cmd error: /sbin/ethtool -A eth1 autoneg on Dec 17 16:48:39.714984 osdx modulelauncher[70565]: Command '/sbin/ethtool -A eth1 autoneg on' returned non-zero exit status 76. Dec 17 16:48:39.716480 osdx modulelauncher[70565]: osdx.utils.xos cmd error: /sbin/ethtool -s eth1 autoneg on advertise Asym_Pause off Pause off -- Dec 17 16:48:39.716492 osdx modulelauncher[70565]: Command '/sbin/ethtool -s eth1 autoneg on advertise Asym_Pause off Pause off --' returned non-zero exit status 75. Dec 17 16:48:39.749907 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Dec 17 16:48:39.801025 osdx WARNING[70644]: No supported link modes on interface eth0 Dec 17 16:48:39.802889 osdx modulelauncher[70644]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on Dec 17 16:48:39.802903 osdx modulelauncher[70644]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76. Dec 17 16:48:39.804418 osdx modulelauncher[70644]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off -- Dec 17 16:48:39.804427 osdx modulelauncher[70644]: Command '/sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off --' returned non-zero exit status 75. Dec 17 16:48:39.846387 osdx systemd[1]: Starting ulogd2.service - Netfilter Userspace Logging Daemon... Dec 17 16:48:39.847174 osdx systemd[1]: Started ulogd2.service - Netfilter Userspace Logging Daemon. Dec 17 16:48:39.847300 osdx ulogd[70670]: registering plugin `NFCT' Dec 17 16:48:39.847551 osdx ulogd[70670]: registering plugin `IP2STR' Dec 17 16:48:39.847609 osdx ulogd[70670]: registering plugin `PRINTFLOW' Dec 17 16:48:39.847691 osdx ulogd[70670]: registering plugin `SYSLOG' Dec 17 16:48:39.847699 osdx ulogd[70670]: building new pluginstance stack: 'ct1:NFCT,ip2str1:IP2STR,print1:PRINTFLOW,sys1:SYSLOG' Dec 17 16:48:39.847760 osdx ulogd[70670]: NFCT plugin working in event mode Dec 17 16:48:39.847803 osdx ulogd[70670]: Changing UID / GID Dec 17 16:48:39.847890 osdx ulogd[70670]: initialization finished, entering main loop Dec 17 16:48:39.848623 osdx cfgd[1460]: [19513]Completed change to active configuration Dec 17 16:48:39.860661 osdx OSDxCLI[19513]: User 'admin' committed the configuration. Dec 17 16:48:39.885366 osdx OSDxCLI[19513]: User 'admin' left the configuration menu. Dec 17 16:48:41.752759 osdx ulogd[70670]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 Dec 17 16:48:41.752782 osdx ulogd[70670]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 Dec 17 16:48:41.902722 osdx ulogd[70670]: [NEW] ORIG: SRC=192.168.200.2 DST=192.168.200.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.200.1 DST=192.168.200.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 Dec 17 16:48:41.902749 osdx ulogd[70670]: [UPDATE] ORIG: SRC=192.168.200.2 DST=192.168.200.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.200.1 DST=192.168.200.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 Dec 17 16:48:42.022829 osdx ulogd[70670]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.200.2 PROTO=TCP SPT=42010 DPT=22 PKTS=0 BYTES=0 , REPLY: SRC=192.168.200.2 DST=192.168.100.2 PROTO=TCP SPT=22 DPT=42010 PKTS=0 BYTES=0 Dec 17 16:48:42.022995 osdx ulogd[70670]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.200.2 PROTO=TCP SPT=42010 DPT=22 PKTS=0 BYTES=0 , REPLY: SRC=192.168.200.2 DST=192.168.100.2 PROTO=TCP SPT=22 DPT=42010 PKTS=0 BYTES=0 Dec 17 16:48:42.023188 osdx ulogd[70670]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.200.2 PROTO=TCP SPT=42010 DPT=22 PKTS=0 BYTES=0 , REPLY: SRC=192.168.200.2 DST=192.168.100.2 PROTO=TCP SPT=22 DPT=42010 PKTS=0 BYTES=0 [OFFLOAD] Dec 17 16:48:42.299574 osdx ulogd[70670]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.200.2 PROTO=TCP SPT=42010 DPT=22 PKTS=0 BYTES=0 , REPLY: SRC=192.168.200.2 DST=192.168.100.2 PROTO=TCP SPT=22 DPT=42010 PKTS=0 BYTES=0 Dec 17 16:48:42.299602 osdx ulogd[70670]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.200.2 PROTO=TCP SPT=42010 DPT=22 PKTS=0 BYTES=0 , REPLY: SRC=192.168.200.2 DST=192.168.100.2 PROTO=TCP SPT=22 DPT=42010 PKTS=0 BYTES=0 [OFFLOAD] Dec 17 16:48:42.302293 osdx ulogd[70670]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.200.2 PROTO=TCP SPT=42010 DPT=22 PKTS=0 BYTES=0 , REPLY: SRC=192.168.200.2 DST=192.168.100.2 PROTO=TCP SPT=22 DPT=42010 PKTS=0 BYTES=0 Dec 17 16:48:42.302540 osdx ulogd[70670]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.200.2 PROTO=TCP SPT=42010 DPT=22 PKTS=0 BYTES=0 , REPLY: SRC=192.168.200.2 DST=192.168.100.2 PROTO=TCP SPT=22 DPT=42010 PKTS=0 BYTES=0 [OFFLOAD]
App detect logging
Description
Set a simple configuration enabling app detection in system conntrack, send a ping command from DUT1
and check app detect field appears when running system journal show. After that, enabling app detection
in system conntrack for http host, try to copy index.html from a http server
and check that the app detect field appears and belongs to the http server when running system journal show.
Scenario
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 192.168.100.1/24 set system conntrack app-detect set system conntrack logging events all set system conntrack timeout icmp 1 set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 2: Set the following configuration in DUT1 :
set interfaces ethernet eth0 address 192.168.100.2/24 set protocols static route 0.0.0.0/0 next-hop 192.168.100.1 set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 3: Ping IP address 192.168.100.1 from DUT1:
admin@DUT1$ ping 192.168.100.1 count 1 size 56 timeout 1Show output
PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data. 64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.389 ms --- 192.168.100.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.389/0.389/0.389/0.000 ms
Step 4: Ping IP address 192.168.100.1 from DUT1:
admin@DUT1$ ping 192.168.100.1 count 3 size 56 timeout 1Show output
PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data. 64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.277 ms 64 bytes from 192.168.100.1: icmp_seq=2 ttl=64 time=0.280 ms 64 bytes from 192.168.100.1: icmp_seq=3 ttl=64 time=0.312 ms --- 192.168.100.1 ping statistics --- 3 packets transmitted, 3 received, 0% packet loss, time 2053ms rtt min/avg/max/mdev = 0.277/0.289/0.312/0.015 ms
Step 5: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
ulogd\[.*\]:.*\[NEW\].*APPDETECT\[L3:1\]Show output
Dec 17 16:48:46.000217 osdx systemd-timedated[42259]: Changed local time to Wed 2025-12-17 16:48:46 UTC Dec 17 16:48:46.001451 osdx OSDxCLI[19513]: User 'admin' executed a new command: 'set date 2025-12-17 16:48:46'. Dec 17 16:48:46.004379 osdx systemd-journald[1666]: Time jumped backwards, rotating. Dec 17 16:48:46.324603 osdx systemd-journald[1666]: Runtime Journal (/run/log/journal/a189e667ab9f46898dbfc92a68a94f73) is 1.8M, max 13.8M, 11.9M free. Dec 17 16:48:46.328366 osdx systemd-journald[1666]: Received client request to rotate journal, rotating. Dec 17 16:48:46.328442 osdx systemd-journald[1666]: Vacuuming done, freed 0B of archived journals from /run/log/journal/a189e667ab9f46898dbfc92a68a94f73. Dec 17 16:48:46.335590 osdx OSDxCLI[19513]: User 'admin' executed a new command: 'system journal clear'. Dec 17 16:48:46.586194 osdx OSDxCLI[19513]: User 'admin' executed a new command: 'system coredump delete all'. Dec 17 16:48:46.952556 osdx OSDxCLI[19513]: User 'admin' entered the configuration menu. Dec 17 16:48:47.016562 osdx OSDxCLI[19513]: User 'admin' added a new cfg line: 'set system conntrack app-detect'. Dec 17 16:48:47.112852 osdx OSDxCLI[19513]: User 'admin' added a new cfg line: 'set system conntrack timeout icmp 1'. Dec 17 16:48:47.214033 osdx OSDxCLI[19513]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 192.168.100.1/24'. Dec 17 16:48:47.303141 osdx OSDxCLI[19513]: User 'admin' added a new cfg line: 'set system conntrack logging events all'. Dec 17 16:48:47.393293 osdx OSDxCLI[19513]: User 'admin' added a new cfg line: 'show working'. Dec 17 16:48:47.485698 osdx ubnt-cfgd[70892]: inactive Dec 17 16:48:47.507647 osdx INFO[70898]: FRR daemons did not change Dec 17 16:48:47.696391 osdx kernel: app-detect: module init Dec 17 16:48:47.696482 osdx kernel: app-detect: registered: sysctl net.appdetect Dec 17 16:48:47.696498 osdx kernel: app-detect: expression init Dec 17 16:48:47.696516 osdx kernel: app-detect: appid cache initialized (override=yes, chained=yes) Dec 17 16:48:47.696542 osdx kernel: app-detect: appid cache changes counter set appid_changes_count found (klen=4, dlen=4) Dec 17 16:48:47.702857 osdx modulelauncher[70901]: AppDetect: no appdetect_chain refresh needed, nothing more to do Dec 17 16:48:47.732381 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Dec 17 16:48:47.786357 osdx WARNING[70994]: No supported link modes on interface eth0 Dec 17 16:48:47.788039 osdx modulelauncher[70994]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on Dec 17 16:48:47.788055 osdx modulelauncher[70994]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76. Dec 17 16:48:47.789492 osdx modulelauncher[70994]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off -- Dec 17 16:48:47.789504 osdx modulelauncher[70994]: Command '/sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off --' returned non-zero exit status 75. Dec 17 16:48:47.844746 osdx systemd[1]: Starting ulogd2.service - Netfilter Userspace Logging Daemon... Dec 17 16:48:47.845693 osdx systemd[1]: Started ulogd2.service - Netfilter Userspace Logging Daemon. Dec 17 16:48:47.845870 osdx ulogd[71019]: registering plugin `NFCT' Dec 17 16:48:47.846113 osdx ulogd[71019]: registering plugin `IP2STR' Dec 17 16:48:47.846171 osdx ulogd[71019]: registering plugin `PRINTFLOW' Dec 17 16:48:47.846230 osdx ulogd[71019]: registering plugin `SYSLOG' Dec 17 16:48:47.846237 osdx ulogd[71019]: building new pluginstance stack: 'ct1:NFCT,ip2str1:IP2STR,print1:PRINTFLOW,sys1:SYSLOG' Dec 17 16:48:47.846292 osdx ulogd[71019]: NFCT plugin working in event mode Dec 17 16:48:47.846303 osdx ulogd[71019]: Changing UID / GID Dec 17 16:48:47.846388 osdx ulogd[71019]: initialization finished, entering main loop Dec 17 16:48:47.846939 osdx cfgd[1460]: [19513]Completed change to active configuration Dec 17 16:48:47.859583 osdx OSDxCLI[19513]: User 'admin' committed the configuration. Dec 17 16:48:47.879719 osdx OSDxCLI[19513]: User 'admin' left the configuration menu. Dec 17 16:48:48.795586 osdx ulogd[71019]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Dec 17 16:48:48.795611 osdx ulogd[71019]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Dec 17 16:48:48.876517 osdx ulogd[71019]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Dec 17 16:48:48.876543 osdx ulogd[71019]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Dec 17 16:48:49.905418 osdx ulogd[71019]: [DESTROY] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 APPDETECT[L3:1] Dec 17 16:48:49.905443 osdx ulogd[71019]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Dec 17 16:48:49.905457 osdx ulogd[71019]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Dec 17 16:48:50.929467 osdx ulogd[71019]: [DESTROY] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 APPDETECT[L3:1] Dec 17 16:48:50.929493 osdx ulogd[71019]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Dec 17 16:48:50.929506 osdx ulogd[71019]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1]
Step 6: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
ulogd\[.*\]:.*\[UPDATE\].*APPDETECT\[L3:1\]Show output
Dec 17 16:48:46.000217 osdx systemd-timedated[42259]: Changed local time to Wed 2025-12-17 16:48:46 UTC Dec 17 16:48:46.001451 osdx OSDxCLI[19513]: User 'admin' executed a new command: 'set date 2025-12-17 16:48:46'. Dec 17 16:48:46.004379 osdx systemd-journald[1666]: Time jumped backwards, rotating. Dec 17 16:48:46.324603 osdx systemd-journald[1666]: Runtime Journal (/run/log/journal/a189e667ab9f46898dbfc92a68a94f73) is 1.8M, max 13.8M, 11.9M free. Dec 17 16:48:46.328366 osdx systemd-journald[1666]: Received client request to rotate journal, rotating. Dec 17 16:48:46.328442 osdx systemd-journald[1666]: Vacuuming done, freed 0B of archived journals from /run/log/journal/a189e667ab9f46898dbfc92a68a94f73. Dec 17 16:48:46.335590 osdx OSDxCLI[19513]: User 'admin' executed a new command: 'system journal clear'. Dec 17 16:48:46.586194 osdx OSDxCLI[19513]: User 'admin' executed a new command: 'system coredump delete all'. Dec 17 16:48:46.952556 osdx OSDxCLI[19513]: User 'admin' entered the configuration menu. Dec 17 16:48:47.016562 osdx OSDxCLI[19513]: User 'admin' added a new cfg line: 'set system conntrack app-detect'. Dec 17 16:48:47.112852 osdx OSDxCLI[19513]: User 'admin' added a new cfg line: 'set system conntrack timeout icmp 1'. Dec 17 16:48:47.214033 osdx OSDxCLI[19513]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 192.168.100.1/24'. Dec 17 16:48:47.303141 osdx OSDxCLI[19513]: User 'admin' added a new cfg line: 'set system conntrack logging events all'. Dec 17 16:48:47.393293 osdx OSDxCLI[19513]: User 'admin' added a new cfg line: 'show working'. Dec 17 16:48:47.485698 osdx ubnt-cfgd[70892]: inactive Dec 17 16:48:47.507647 osdx INFO[70898]: FRR daemons did not change Dec 17 16:48:47.696391 osdx kernel: app-detect: module init Dec 17 16:48:47.696482 osdx kernel: app-detect: registered: sysctl net.appdetect Dec 17 16:48:47.696498 osdx kernel: app-detect: expression init Dec 17 16:48:47.696516 osdx kernel: app-detect: appid cache initialized (override=yes, chained=yes) Dec 17 16:48:47.696542 osdx kernel: app-detect: appid cache changes counter set appid_changes_count found (klen=4, dlen=4) Dec 17 16:48:47.702857 osdx modulelauncher[70901]: AppDetect: no appdetect_chain refresh needed, nothing more to do Dec 17 16:48:47.732381 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Dec 17 16:48:47.786357 osdx WARNING[70994]: No supported link modes on interface eth0 Dec 17 16:48:47.788039 osdx modulelauncher[70994]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on Dec 17 16:48:47.788055 osdx modulelauncher[70994]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76. Dec 17 16:48:47.789492 osdx modulelauncher[70994]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off -- Dec 17 16:48:47.789504 osdx modulelauncher[70994]: Command '/sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off --' returned non-zero exit status 75. Dec 17 16:48:47.844746 osdx systemd[1]: Starting ulogd2.service - Netfilter Userspace Logging Daemon... Dec 17 16:48:47.845693 osdx systemd[1]: Started ulogd2.service - Netfilter Userspace Logging Daemon. Dec 17 16:48:47.845870 osdx ulogd[71019]: registering plugin `NFCT' Dec 17 16:48:47.846113 osdx ulogd[71019]: registering plugin `IP2STR' Dec 17 16:48:47.846171 osdx ulogd[71019]: registering plugin `PRINTFLOW' Dec 17 16:48:47.846230 osdx ulogd[71019]: registering plugin `SYSLOG' Dec 17 16:48:47.846237 osdx ulogd[71019]: building new pluginstance stack: 'ct1:NFCT,ip2str1:IP2STR,print1:PRINTFLOW,sys1:SYSLOG' Dec 17 16:48:47.846292 osdx ulogd[71019]: NFCT plugin working in event mode Dec 17 16:48:47.846303 osdx ulogd[71019]: Changing UID / GID Dec 17 16:48:47.846388 osdx ulogd[71019]: initialization finished, entering main loop Dec 17 16:48:47.846939 osdx cfgd[1460]: [19513]Completed change to active configuration Dec 17 16:48:47.859583 osdx OSDxCLI[19513]: User 'admin' committed the configuration. Dec 17 16:48:47.879719 osdx OSDxCLI[19513]: User 'admin' left the configuration menu. Dec 17 16:48:48.795586 osdx ulogd[71019]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Dec 17 16:48:48.795611 osdx ulogd[71019]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Dec 17 16:48:48.876517 osdx ulogd[71019]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Dec 17 16:48:48.876543 osdx ulogd[71019]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Dec 17 16:48:49.905418 osdx ulogd[71019]: [DESTROY] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 APPDETECT[L3:1] Dec 17 16:48:49.905443 osdx ulogd[71019]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Dec 17 16:48:49.905457 osdx ulogd[71019]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Dec 17 16:48:50.929467 osdx ulogd[71019]: [DESTROY] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 APPDETECT[L3:1] Dec 17 16:48:50.929493 osdx ulogd[71019]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Dec 17 16:48:50.929506 osdx ulogd[71019]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Dec 17 16:48:51.061915 osdx OSDxCLI[19513]: User 'admin' executed a new command: 'system journal show | cat'.
Step 7: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
ulogd\[.*\]:.*\[DESTROY\].*APPDETECT\[L3:1\]Show output
Dec 17 16:48:46.000217 osdx systemd-timedated[42259]: Changed local time to Wed 2025-12-17 16:48:46 UTC Dec 17 16:48:46.001451 osdx OSDxCLI[19513]: User 'admin' executed a new command: 'set date 2025-12-17 16:48:46'. Dec 17 16:48:46.004379 osdx systemd-journald[1666]: Time jumped backwards, rotating. Dec 17 16:48:46.324603 osdx systemd-journald[1666]: Runtime Journal (/run/log/journal/a189e667ab9f46898dbfc92a68a94f73) is 1.8M, max 13.8M, 11.9M free. Dec 17 16:48:46.328366 osdx systemd-journald[1666]: Received client request to rotate journal, rotating. Dec 17 16:48:46.328442 osdx systemd-journald[1666]: Vacuuming done, freed 0B of archived journals from /run/log/journal/a189e667ab9f46898dbfc92a68a94f73. Dec 17 16:48:46.335590 osdx OSDxCLI[19513]: User 'admin' executed a new command: 'system journal clear'. Dec 17 16:48:46.586194 osdx OSDxCLI[19513]: User 'admin' executed a new command: 'system coredump delete all'. Dec 17 16:48:46.952556 osdx OSDxCLI[19513]: User 'admin' entered the configuration menu. Dec 17 16:48:47.016562 osdx OSDxCLI[19513]: User 'admin' added a new cfg line: 'set system conntrack app-detect'. Dec 17 16:48:47.112852 osdx OSDxCLI[19513]: User 'admin' added a new cfg line: 'set system conntrack timeout icmp 1'. Dec 17 16:48:47.214033 osdx OSDxCLI[19513]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 192.168.100.1/24'. Dec 17 16:48:47.303141 osdx OSDxCLI[19513]: User 'admin' added a new cfg line: 'set system conntrack logging events all'. Dec 17 16:48:47.393293 osdx OSDxCLI[19513]: User 'admin' added a new cfg line: 'show working'. Dec 17 16:48:47.485698 osdx ubnt-cfgd[70892]: inactive Dec 17 16:48:47.507647 osdx INFO[70898]: FRR daemons did not change Dec 17 16:48:47.696391 osdx kernel: app-detect: module init Dec 17 16:48:47.696482 osdx kernel: app-detect: registered: sysctl net.appdetect Dec 17 16:48:47.696498 osdx kernel: app-detect: expression init Dec 17 16:48:47.696516 osdx kernel: app-detect: appid cache initialized (override=yes, chained=yes) Dec 17 16:48:47.696542 osdx kernel: app-detect: appid cache changes counter set appid_changes_count found (klen=4, dlen=4) Dec 17 16:48:47.702857 osdx modulelauncher[70901]: AppDetect: no appdetect_chain refresh needed, nothing more to do Dec 17 16:48:47.732381 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Dec 17 16:48:47.786357 osdx WARNING[70994]: No supported link modes on interface eth0 Dec 17 16:48:47.788039 osdx modulelauncher[70994]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on Dec 17 16:48:47.788055 osdx modulelauncher[70994]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76. Dec 17 16:48:47.789492 osdx modulelauncher[70994]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off -- Dec 17 16:48:47.789504 osdx modulelauncher[70994]: Command '/sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off --' returned non-zero exit status 75. Dec 17 16:48:47.844746 osdx systemd[1]: Starting ulogd2.service - Netfilter Userspace Logging Daemon... Dec 17 16:48:47.845693 osdx systemd[1]: Started ulogd2.service - Netfilter Userspace Logging Daemon. Dec 17 16:48:47.845870 osdx ulogd[71019]: registering plugin `NFCT' Dec 17 16:48:47.846113 osdx ulogd[71019]: registering plugin `IP2STR' Dec 17 16:48:47.846171 osdx ulogd[71019]: registering plugin `PRINTFLOW' Dec 17 16:48:47.846230 osdx ulogd[71019]: registering plugin `SYSLOG' Dec 17 16:48:47.846237 osdx ulogd[71019]: building new pluginstance stack: 'ct1:NFCT,ip2str1:IP2STR,print1:PRINTFLOW,sys1:SYSLOG' Dec 17 16:48:47.846292 osdx ulogd[71019]: NFCT plugin working in event mode Dec 17 16:48:47.846303 osdx ulogd[71019]: Changing UID / GID Dec 17 16:48:47.846388 osdx ulogd[71019]: initialization finished, entering main loop Dec 17 16:48:47.846939 osdx cfgd[1460]: [19513]Completed change to active configuration Dec 17 16:48:47.859583 osdx OSDxCLI[19513]: User 'admin' committed the configuration. Dec 17 16:48:47.879719 osdx OSDxCLI[19513]: User 'admin' left the configuration menu. Dec 17 16:48:48.795586 osdx ulogd[71019]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Dec 17 16:48:48.795611 osdx ulogd[71019]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Dec 17 16:48:48.876517 osdx ulogd[71019]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Dec 17 16:48:48.876543 osdx ulogd[71019]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Dec 17 16:48:49.905418 osdx ulogd[71019]: [DESTROY] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 APPDETECT[L3:1] Dec 17 16:48:49.905443 osdx ulogd[71019]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Dec 17 16:48:49.905457 osdx ulogd[71019]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Dec 17 16:48:50.929467 osdx ulogd[71019]: [DESTROY] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 APPDETECT[L3:1] Dec 17 16:48:50.929493 osdx ulogd[71019]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Dec 17 16:48:50.929506 osdx ulogd[71019]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Dec 17 16:48:51.061915 osdx OSDxCLI[19513]: User 'admin' executed a new command: 'system journal show | cat'. Dec 17 16:48:51.242720 osdx OSDxCLI[19513]: User 'admin' executed a new command: 'system journal show | cat'.
Step 8: Modify the following configuration lines in DUT0 :
set interfaces ethernet eth1 address 10.215.168.64/24 set system conntrack app-detect http-host
Step 9: Ping IP address 10.215.168.1 from DUT0:
admin@DUT0$ ping 10.215.168.1 count 1 size 56 timeout 1Show output
PING 10.215.168.1 (10.215.168.1) 56(84) bytes of data. 64 bytes from 10.215.168.1: icmp_seq=1 ttl=64 time=0.251 ms --- 10.215.168.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.251/0.251/0.251/0.000 ms
Step 10: Run command file copy http://10.215.168.1/~robot/ running://index.html at DUT0 and expect this output:
Show output
% Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 100 972 0 972 0 0 25785 0 --:--:-- --:--:-- --:--:-- 26270
Step 11: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
ulogd\[.*\]:.*\[((NEW)|(UPDATE)|(DESTROY))\].*APPDETECT\[L4:80 http-host:10.215.168.1\]Show output
Dec 17 16:48:46.000217 osdx systemd-timedated[42259]: Changed local time to Wed 2025-12-17 16:48:46 UTC Dec 17 16:48:46.001451 osdx OSDxCLI[19513]: User 'admin' executed a new command: 'set date 2025-12-17 16:48:46'. Dec 17 16:48:46.004379 osdx systemd-journald[1666]: Time jumped backwards, rotating. Dec 17 16:48:46.324603 osdx systemd-journald[1666]: Runtime Journal (/run/log/journal/a189e667ab9f46898dbfc92a68a94f73) is 1.8M, max 13.8M, 11.9M free. Dec 17 16:48:46.328366 osdx systemd-journald[1666]: Received client request to rotate journal, rotating. Dec 17 16:48:46.328442 osdx systemd-journald[1666]: Vacuuming done, freed 0B of archived journals from /run/log/journal/a189e667ab9f46898dbfc92a68a94f73. Dec 17 16:48:46.335590 osdx OSDxCLI[19513]: User 'admin' executed a new command: 'system journal clear'. Dec 17 16:48:46.586194 osdx OSDxCLI[19513]: User 'admin' executed a new command: 'system coredump delete all'. Dec 17 16:48:46.952556 osdx OSDxCLI[19513]: User 'admin' entered the configuration menu. Dec 17 16:48:47.016562 osdx OSDxCLI[19513]: User 'admin' added a new cfg line: 'set system conntrack app-detect'. Dec 17 16:48:47.112852 osdx OSDxCLI[19513]: User 'admin' added a new cfg line: 'set system conntrack timeout icmp 1'. Dec 17 16:48:47.214033 osdx OSDxCLI[19513]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 192.168.100.1/24'. Dec 17 16:48:47.303141 osdx OSDxCLI[19513]: User 'admin' added a new cfg line: 'set system conntrack logging events all'. Dec 17 16:48:47.393293 osdx OSDxCLI[19513]: User 'admin' added a new cfg line: 'show working'. Dec 17 16:48:47.485698 osdx ubnt-cfgd[70892]: inactive Dec 17 16:48:47.507647 osdx INFO[70898]: FRR daemons did not change Dec 17 16:48:47.696391 osdx kernel: app-detect: module init Dec 17 16:48:47.696482 osdx kernel: app-detect: registered: sysctl net.appdetect Dec 17 16:48:47.696498 osdx kernel: app-detect: expression init Dec 17 16:48:47.696516 osdx kernel: app-detect: appid cache initialized (override=yes, chained=yes) Dec 17 16:48:47.696542 osdx kernel: app-detect: appid cache changes counter set appid_changes_count found (klen=4, dlen=4) Dec 17 16:48:47.702857 osdx modulelauncher[70901]: AppDetect: no appdetect_chain refresh needed, nothing more to do Dec 17 16:48:47.732381 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Dec 17 16:48:47.786357 osdx WARNING[70994]: No supported link modes on interface eth0 Dec 17 16:48:47.788039 osdx modulelauncher[70994]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on Dec 17 16:48:47.788055 osdx modulelauncher[70994]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76. Dec 17 16:48:47.789492 osdx modulelauncher[70994]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off -- Dec 17 16:48:47.789504 osdx modulelauncher[70994]: Command '/sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off --' returned non-zero exit status 75. Dec 17 16:48:47.844746 osdx systemd[1]: Starting ulogd2.service - Netfilter Userspace Logging Daemon... Dec 17 16:48:47.845693 osdx systemd[1]: Started ulogd2.service - Netfilter Userspace Logging Daemon. Dec 17 16:48:47.845870 osdx ulogd[71019]: registering plugin `NFCT' Dec 17 16:48:47.846113 osdx ulogd[71019]: registering plugin `IP2STR' Dec 17 16:48:47.846171 osdx ulogd[71019]: registering plugin `PRINTFLOW' Dec 17 16:48:47.846230 osdx ulogd[71019]: registering plugin `SYSLOG' Dec 17 16:48:47.846237 osdx ulogd[71019]: building new pluginstance stack: 'ct1:NFCT,ip2str1:IP2STR,print1:PRINTFLOW,sys1:SYSLOG' Dec 17 16:48:47.846292 osdx ulogd[71019]: NFCT plugin working in event mode Dec 17 16:48:47.846303 osdx ulogd[71019]: Changing UID / GID Dec 17 16:48:47.846388 osdx ulogd[71019]: initialization finished, entering main loop Dec 17 16:48:47.846939 osdx cfgd[1460]: [19513]Completed change to active configuration Dec 17 16:48:47.859583 osdx OSDxCLI[19513]: User 'admin' committed the configuration. Dec 17 16:48:47.879719 osdx OSDxCLI[19513]: User 'admin' left the configuration menu. Dec 17 16:48:48.795586 osdx ulogd[71019]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Dec 17 16:48:48.795611 osdx ulogd[71019]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Dec 17 16:48:48.876517 osdx ulogd[71019]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Dec 17 16:48:48.876543 osdx ulogd[71019]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Dec 17 16:48:49.905418 osdx ulogd[71019]: [DESTROY] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 APPDETECT[L3:1] Dec 17 16:48:49.905443 osdx ulogd[71019]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Dec 17 16:48:49.905457 osdx ulogd[71019]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Dec 17 16:48:50.929467 osdx ulogd[71019]: [DESTROY] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 APPDETECT[L3:1] Dec 17 16:48:50.929493 osdx ulogd[71019]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Dec 17 16:48:50.929506 osdx ulogd[71019]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Dec 17 16:48:51.061915 osdx OSDxCLI[19513]: User 'admin' executed a new command: 'system journal show | cat'. Dec 17 16:48:51.242720 osdx OSDxCLI[19513]: User 'admin' executed a new command: 'system journal show | cat'. Dec 17 16:48:51.389082 osdx OSDxCLI[19513]: User 'admin' executed a new command: 'system journal show | cat'. Dec 17 16:48:51.520523 osdx OSDxCLI[19513]: User 'admin' entered the configuration menu. Dec 17 16:48:51.612706 osdx OSDxCLI[19513]: User 'admin' added a new cfg line: 'set interfaces ethernet eth1 address 10.215.168.64/24'. Dec 17 16:48:51.705205 osdx OSDxCLI[19513]: User 'admin' added a new cfg line: 'set system conntrack app-detect http-host'. Dec 17 16:48:51.770096 osdx OSDxCLI[19513]: User 'admin' added a new cfg line: 'show changes'. Dec 17 16:48:51.875181 osdx ubnt-cfgd[71070]: inactive Dec 17 16:48:51.899257 osdx INFO[71076]: FRR daemons did not change Dec 17 16:48:51.940376 osdx kernel: app-detect: expression destroy Dec 17 16:48:51.952383 osdx kernel: app-detect: expression init Dec 17 16:48:51.952453 osdx kernel: app-detect: appid cache initialized (override=yes, chained=yes) Dec 17 16:48:51.952467 osdx kernel: app-detect: appid cache changes counter set appid_changes_count found (klen=4, dlen=4) Dec 17 16:48:51.958531 osdx modulelauncher[71079]: AppDetect: no appdetect_chain refresh needed, nothing more to do Dec 17 16:48:51.984368 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth1 Dec 17 16:48:52.035365 osdx WARNING[71159]: No supported link modes on interface eth1 Dec 17 16:48:52.037186 osdx modulelauncher[71159]: osdx.utils.xos cmd error: /sbin/ethtool -A eth1 autoneg on Dec 17 16:48:52.037200 osdx modulelauncher[71159]: Command '/sbin/ethtool -A eth1 autoneg on' returned non-zero exit status 76. Dec 17 16:48:52.038585 osdx modulelauncher[71159]: osdx.utils.xos cmd error: /sbin/ethtool -s eth1 autoneg on advertise Asym_Pause off Pause off -- Dec 17 16:48:52.038595 osdx modulelauncher[71159]: Command '/sbin/ethtool -s eth1 autoneg on advertise Asym_Pause off Pause off --' returned non-zero exit status 75. Dec 17 16:48:52.051130 osdx cfgd[1460]: [19513]Completed change to active configuration Dec 17 16:48:52.063073 osdx ulogd[71019]: [DESTROY] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 APPDETECT[L3:1] Dec 17 16:48:52.063097 osdx ulogd[71019]: [DESTROY] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 APPDETECT[L3:1] Dec 17 16:48:52.063851 osdx OSDxCLI[19513]: User 'admin' committed the configuration. Dec 17 16:48:52.078456 osdx OSDxCLI[19513]: User 'admin' left the configuration menu. Dec 17 16:48:52.232817 osdx ulogd[71019]: [NEW] ORIG: SRC=10.215.168.64 DST=10.215.168.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=10.215.168.1 DST=10.215.168.64 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Dec 17 16:48:52.233049 osdx ulogd[71019]: [UPDATE] ORIG: SRC=10.215.168.64 DST=10.215.168.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=10.215.168.1 DST=10.215.168.64 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Dec 17 16:48:52.234800 osdx OSDxCLI[19513]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'. Dec 17 16:48:52.418638 osdx file_operation[71213]: using src url: http://10.215.168.1/~robot/ dst url: running://index.html Dec 17 16:48:52.427515 osdx ulogd[71019]: [NEW] ORIG: SRC=10.215.168.64 DST=10.215.168.1 PROTO=TCP SPT=43386 DPT=80 PKTS=0 BYTES=0 , REPLY: SRC=10.215.168.1 DST=10.215.168.64 PROTO=TCP SPT=80 DPT=43386 PKTS=0 BYTES=0 APPDETECT[L4:80] Dec 17 16:48:52.427662 osdx ulogd[71019]: [UPDATE] ORIG: SRC=10.215.168.64 DST=10.215.168.1 PROTO=TCP SPT=43386 DPT=80 PKTS=0 BYTES=0 , REPLY: SRC=10.215.168.1 DST=10.215.168.64 PROTO=TCP SPT=80 DPT=43386 PKTS=0 BYTES=0 APPDETECT[L4:80] Dec 17 16:48:52.427681 osdx ulogd[71019]: [UPDATE] ORIG: SRC=10.215.168.64 DST=10.215.168.1 PROTO=TCP SPT=43386 DPT=80 PKTS=0 BYTES=0 , REPLY: SRC=10.215.168.1 DST=10.215.168.64 PROTO=TCP SPT=80 DPT=43386 PKTS=0 BYTES=0 APPDETECT[L4:80] Dec 17 16:48:52.459778 osdx ulogd[71019]: [UPDATE] ORIG: SRC=10.215.168.64 DST=10.215.168.1 PROTO=TCP SPT=43386 DPT=80 PKTS=0 BYTES=0 , REPLY: SRC=10.215.168.1 DST=10.215.168.64 PROTO=TCP SPT=80 DPT=43386 PKTS=0 BYTES=0 APPDETECT[L4:80 http-host:10.215.168.1] Dec 17 16:48:52.459804 osdx ulogd[71019]: [UPDATE] ORIG: SRC=10.215.168.64 DST=10.215.168.1 PROTO=TCP SPT=43386 DPT=80 PKTS=0 BYTES=0 , REPLY: SRC=10.215.168.1 DST=10.215.168.64 PROTO=TCP SPT=80 DPT=43386 PKTS=0 BYTES=0 APPDETECT[L4:80 http-host:10.215.168.1] Dec 17 16:48:52.459820 osdx ulogd[71019]: [UPDATE] ORIG: SRC=10.215.168.64 DST=10.215.168.1 PROTO=TCP SPT=43386 DPT=80 PKTS=0 BYTES=0 , REPLY: SRC=10.215.168.1 DST=10.215.168.64 PROTO=TCP SPT=80 DPT=43386 PKTS=0 BYTES=0 APPDETECT[L4:80 http-host:10.215.168.1] Dec 17 16:48:52.484082 osdx OSDxCLI[19513]: User 'admin' executed a new command: 'file copy http://10.215.168.1/~robot/ running://index.html'.
App Detect Drop Packet
Description
Set a traffic policy with action drop for all the packets matching an appid specified by a traffic selector.
Enable http-host and http-url option in system conntrack appdetect path in order to see relevant information about http packets.
Finnally, log that packets with app-id option and check that appdetect field appear in journal when
running system journal show
Scenario
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth1 address 10.215.168.64/24 set interfaces ethernet eth1 traffic policy out DROP set system conntrack app-detect dictionary 130 custom app-id 155 fqdn 10.215.168.1 set system conntrack app-detect enable_dict_match_priv_ip set system conntrack app-detect http-host set system conntrack app-detect http-url set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0' set traffic policy DROP rule 1 action drop set traffic policy DROP rule 1 log app-id set traffic policy DROP rule 1 selector APPID set traffic selector APPID rule 1 app-id custom 155
Step 2: Ping IP address 10.215.168.1 from DUT0:
admin@DUT0$ ping 10.215.168.1 count 1 size 56 timeout 1Show output
PING 10.215.168.1 (10.215.168.1) 56(84) bytes of data. 64 bytes from 10.215.168.1: icmp_seq=1 ttl=64 time=0.187 ms --- 10.215.168.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.187/0.187/0.187/0.000 ms
Step 3: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
osdx kernel:.*APPDETECT\[U6:155 http-url:/~robot/ http-host:10.215.168.1\]Show output
Dec 17 16:48:58.330842 osdx systemd-journald[1666]: Runtime Journal (/run/log/journal/a189e667ab9f46898dbfc92a68a94f73) is 1.9M, max 13.8M, 11.8M free. Dec 17 16:48:58.332388 osdx systemd-journald[1666]: Received client request to rotate journal, rotating. Dec 17 16:48:58.332460 osdx systemd-journald[1666]: Vacuuming done, freed 0B of archived journals from /run/log/journal/a189e667ab9f46898dbfc92a68a94f73. Dec 17 16:48:58.342986 osdx OSDxCLI[19513]: User 'admin' executed a new command: 'system journal clear'. Dec 17 16:48:58.550574 osdx OSDxCLI[19513]: User 'admin' executed a new command: 'system coredump delete all'. Dec 17 16:48:58.765524 osdx OSDxCLI[19513]: User 'admin' entered the configuration menu. Dec 17 16:48:58.838136 osdx OSDxCLI[19513]: User 'admin' added a new cfg line: 'set system conntrack app-detect dictionary 130 custom app-id 155 fqdn 10.215.168.1'. Dec 17 16:48:58.955123 osdx OSDxCLI[19513]: User 'admin' added a new cfg line: 'set system conntrack app-detect enable_dict_match_priv_ip'. Dec 17 16:48:59.067161 osdx OSDxCLI[19513]: User 'admin' added a new cfg line: 'set system conntrack app-detect http-url'. Dec 17 16:48:59.141460 osdx OSDxCLI[19513]: User 'admin' added a new cfg line: 'set traffic selector APPID rule 1 app-id custom 155'. Dec 17 16:48:59.246004 osdx OSDxCLI[19513]: User 'admin' added a new cfg line: 'set traffic policy DROP rule 1 selector APPID'. Dec 17 16:48:59.328504 osdx OSDxCLI[19513]: User 'admin' added a new cfg line: 'set traffic policy DROP rule 1 action drop'. Dec 17 16:48:59.425918 osdx OSDxCLI[19513]: User 'admin' added a new cfg line: 'set traffic policy DROP rule 1 log app-id'. Dec 17 16:48:59.504811 osdx OSDxCLI[19513]: User 'admin' added a new cfg line: 'set interfaces ethernet eth1 traffic policy out DROP'. Dec 17 16:48:59.585420 osdx OSDxCLI[19513]: User 'admin' added a new cfg line: 'set interfaces ethernet eth1 address 10.215.168.64/24'. Dec 17 16:48:59.657504 osdx OSDxCLI[19513]: User 'admin' added a new cfg line: 'set system conntrack app-detect http-host'. Dec 17 16:48:59.791057 osdx OSDxCLI[19513]: User 'admin' added a new cfg line: 'show working'. Dec 17 16:48:59.867381 osdx ubnt-cfgd[71439]: inactive Dec 17 16:48:59.912994 osdx INFO[71463]: FRR daemons did not change Dec 17 16:49:00.068387 osdx kernel: app-detect: module init Dec 17 16:49:00.068446 osdx kernel: app-detect: registered: sysctl net.appdetect Dec 17 16:49:00.068460 osdx kernel: app-detect: expression init Dec 17 16:49:00.068469 osdx kernel: app-detect: appid cache initialized (override=yes, chained=yes) Dec 17 16:49:00.068478 osdx kernel: app-detect: appid cache changes counter set appid_changes_count found (klen=4, dlen=4) Dec 17 16:49:00.116397 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth1 Dec 17 16:49:00.165201 osdx WARNING[71564]: No supported link modes on interface eth1 Dec 17 16:49:00.166903 osdx modulelauncher[71564]: osdx.utils.xos cmd error: /sbin/ethtool -A eth1 autoneg on Dec 17 16:49:00.166916 osdx modulelauncher[71564]: Command '/sbin/ethtool -A eth1 autoneg on' returned non-zero exit status 76. Dec 17 16:49:00.168437 osdx modulelauncher[71564]: osdx.utils.xos cmd error: /sbin/ethtool -s eth1 autoneg on advertise Asym_Pause off Pause off -- Dec 17 16:49:00.168448 osdx modulelauncher[71564]: Command '/sbin/ethtool -s eth1 autoneg on advertise Asym_Pause off Pause off --' returned non-zero exit status 75. Dec 17 16:49:00.367884 osdx cfgd[1460]: [19513]Completed change to active configuration Dec 17 16:49:00.382014 osdx OSDxCLI[19513]: User 'admin' committed the configuration. Dec 17 16:49:00.414211 osdx OSDxCLI[19513]: User 'admin' left the configuration menu. Dec 17 16:49:00.577932 osdx OSDxCLI[19513]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'. Dec 17 16:49:00.742448 osdx file_operation[71641]: using src url: http://10.215.168.1/~robot/ dst url: running://index.html Dec 17 16:49:00.752406 osdx kernel: [DROP-1] DROP IN= OUT=eth1 SRC=10.215.168.64 DST=10.215.168.1 LEN=306 TOS=0x00 PREC=0x00 TTL=64 ID=64033 DF PROTO=TCP SPT=39298 DPT=80 WINDOW=502 RES=0x00 ACK PSH URGP=0 APPDETECT[U6:155 http-url:/~robot/ http-host:10.215.168.1] Dec 17 16:49:00.956397 osdx kernel: [DROP-1] DROP IN= OUT=eth1 SRC=10.215.168.64 DST=10.215.168.1 LEN=306 TOS=0x00 PREC=0x00 TTL=64 ID=64034 DF PROTO=TCP SPT=39298 DPT=80 WINDOW=502 RES=0x00 ACK PSH URGP=0 APPDETECT[U6:155 http-url:/~robot/ http-host:10.215.168.1] Dec 17 16:49:01.361435 osdx kernel: [DROP-1] DROP IN= OUT=eth1 SRC=10.215.168.64 DST=10.215.168.1 LEN=306 TOS=0x00 PREC=0x00 TTL=64 ID=64035 DF PROTO=TCP SPT=39298 DPT=80 WINDOW=502 RES=0x00 ACK PSH URGP=0 APPDETECT[U6:155 http-url:/~robot/ http-host:10.215.168.1] Dec 17 16:49:02.192459 osdx kernel: [DROP-1] DROP IN= OUT=eth1 SRC=10.215.168.64 DST=10.215.168.1 LEN=306 TOS=0x00 PREC=0x00 TTL=64 ID=64036 DF PROTO=TCP SPT=39298 DPT=80 WINDOW=502 RES=0x00 ACK PSH URGP=0 APPDETECT[U6:155 http-url:/~robot/ http-host:10.215.168.1] Dec 17 16:49:03.701705 osdx file_operation.py[71641]: Operation aborted by user. Dec 17 16:49:03.716386 osdx kernel: [DROP-1] DROP IN= OUT=eth1 SRC=10.215.168.64 DST=10.215.168.1 LEN=306 TOS=0x00 PREC=0x00 TTL=64 ID=64037 DF PROTO=TCP SPT=39298 DPT=80 WINDOW=502 RES=0x00 ACK PSH FIN URGP=0 APPDETECT[U6:155 http-url:/~robot/ http-host:10.215.168.1] Dec 17 16:49:03.720352 osdx OSDxCLI[19513]: User 'admin' executed a new command: 'file copy http://10.215.168.1/~robot/ running://index.html'.
Identity Values
Description
Conntrack identity is able to contain any printed character (max 92 characters) but not spaces
Scenario
Step 1: Run command configure at DUT0 and expect this output:
Show output
admin@osdx#
Step 2: Run command set system conntrack logging identity "he||o w@rld!" at DUT0 and check if output contains the following tokens:
Identity name must be 92 characters or less and must contain printable characters except those defined as part of the space character classShow output
Identity name must be 92 characters or less and must contain printable characters except those defined as part of the space character class Value validation failed CLI Error: Command error
Step 3: Run command set system conntrack logging identity Lorem-ipsum-dolor-sit-amet-consectetur-adipiscing-elit-quisque-lorem-ipsum-dolor-sit-amet-vita at DUT0 and check if output contains the following tokens:
Identity name must be 92 characters or less and must contain printable characters except those defined as part of the space character classShow output
Identity name must be 92 characters or less and must contain printable characters except those defined as part of the space character class Value validation failed CLI Error: Command error
Step 4: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 192.168.100.1/24 set system conntrack logging events all set system conntrack logging identity Lorem-ipsum-dolor-sit-amet-consectetur-adipiscing-elit-quisque-lorem-ipsum-dolor-sit-ame-vit set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 5: Set the following configuration in DUT1 :
set interfaces ethernet eth0 address 192.168.100.2/24 set protocols static route 0.0.0.0/0 next-hop 192.168.100.1 set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 6: Ping IP address 192.168.100.1 from DUT1:
admin@DUT1$ ping 192.168.100.1 count 1 size 56 timeout 1Show output
PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data. 64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.336 ms --- 192.168.100.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.336/0.336/0.336/0.000 ms
Step 7: Ping IP address 192.168.100.1 from DUT1:
admin@DUT1$ ping 192.168.100.1 count 1 size 56 timeout 1Show output
PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data. 64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.241 ms --- 192.168.100.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.241/0.241/0.241/0.000 ms
Step 8: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
Lorem-ipsum-dolor-sit-amet-consectetur-adipiscing-elit-quisque-lorem-ipsum-dolor-sit-ame-vit\[.*\]:.*\[((NEW)|(UPDATE)|(DESTROY))\].*SRC=192.168.100.2Show output
Dec 17 16:49:08.328147 osdx systemd-journald[1666]: Runtime Journal (/run/log/journal/a189e667ab9f46898dbfc92a68a94f73) is 1.9M, max 13.8M, 11.8M free. Dec 17 16:49:08.331310 osdx systemd-journald[1666]: Received client request to rotate journal, rotating. Dec 17 16:49:08.331368 osdx systemd-journald[1666]: Vacuuming done, freed 0B of archived journals from /run/log/journal/a189e667ab9f46898dbfc92a68a94f73. Dec 17 16:49:08.339145 osdx OSDxCLI[19513]: User 'admin' executed a new command: 'system journal clear'. Dec 17 16:49:08.564427 osdx OSDxCLI[19513]: User 'admin' executed a new command: 'system coredump delete all'. Dec 17 16:49:08.827039 osdx OSDxCLI[19513]: User 'admin' entered the configuration menu. Dec 17 16:49:08.896745 osdx cfgd[1460]: [19513]Command output: Identity name must be 92 characters or less and must contain printable characters except those defined as part of the space character class Value validation failed Dec 17 16:49:08.897295 osdx OSDxCLI[19513]: User 'admin' entered an invalid command: 'set system conntrack logging identity "he||o w@rld!"'. Dec 17 16:49:09.008132 osdx cfgd[1460]: [19513]Command output: Identity name must be 92 characters or less and must contain printable characters except those defined as part of the space character class Value validation failed Dec 17 16:49:09.009734 osdx OSDxCLI[19513]: User 'admin' entered an invalid command: 'set system conntrack logging identity Lorem-ipsum-dolor-sit-amet-consectetur-adipiscing-elit-quisque-lorem-ipsum-dolor-sit-amet-vita'. Dec 17 16:49:09.036888 osdx OSDxCLI[19513]: User 'admin' left the configuration menu. Dec 17 16:49:09.213450 osdx OSDxCLI[19513]: User 'admin' entered the configuration menu. Dec 17 16:49:09.311465 osdx OSDxCLI[19513]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 192.168.100.1/24'. Dec 17 16:49:09.398654 osdx OSDxCLI[19513]: User 'admin' added a new cfg line: 'set system conntrack logging events all'. Dec 17 16:49:09.466682 osdx OSDxCLI[19513]: User 'admin' added a new cfg line: 'set system conntrack logging identity Lorem-ipsum-dolor-sit-amet-consectetur-adipiscing-elit-quisque-lorem-ipsum-dolor-sit-ame-vit'. Dec 17 16:49:09.567393 osdx OSDxCLI[19513]: User 'admin' added a new cfg line: 'show working'. Dec 17 16:49:09.626422 osdx ubnt-cfgd[71841]: inactive Dec 17 16:49:09.644325 osdx INFO[71847]: FRR daemons did not change Dec 17 16:49:09.667315 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Dec 17 16:49:09.710698 osdx WARNING[71918]: No supported link modes on interface eth0 Dec 17 16:49:09.712332 osdx modulelauncher[71918]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on Dec 17 16:49:09.712343 osdx modulelauncher[71918]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76. Dec 17 16:49:09.713674 osdx modulelauncher[71918]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off -- Dec 17 16:49:09.713681 osdx modulelauncher[71918]: Command '/sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off --' returned non-zero exit status 75. Dec 17 16:49:09.759702 osdx systemd[1]: Starting ulogd2.service - Netfilter Userspace Logging Daemon... Dec 17 16:49:09.760512 osdx systemd[1]: Started ulogd2.service - Netfilter Userspace Logging Daemon. Dec 17 16:49:09.760697 osdx ulogd[71943]: registering plugin `NFCT' Dec 17 16:49:09.760937 osdx ulogd[71943]: registering plugin `IP2STR' Dec 17 16:49:09.761034 osdx ulogd[71943]: registering plugin `PRINTFLOW' Dec 17 16:49:09.761114 osdx ulogd[71943]: registering plugin `SYSLOG' Dec 17 16:49:09.761151 osdx ulogd[71943]: building new pluginstance stack: 'ct1:NFCT,ip2str1:IP2STR,print1:PRINTFLOW,sys1:SYSLOG' Dec 17 16:49:09.761237 osdx ulogd[71943]: NFCT plugin working in event mode Dec 17 16:49:09.761277 osdx Lorem-ipsum-dolor-sit-amet-consectetur-adipiscing-elit-quisque-lorem-ipsum-dolor-sit-ame-vit[71943]: Changing UID / GID Dec 17 16:49:09.761361 osdx Lorem-ipsum-dolor-sit-amet-consectetur-adipiscing-elit-quisque-lorem-ipsum-dolor-sit-ame-vit[71943]: initialization finished, entering main loop Dec 17 16:49:09.761750 osdx cfgd[1460]: [19513]Completed change to active configuration Dec 17 16:49:09.774013 osdx OSDxCLI[19513]: User 'admin' committed the configuration. Dec 17 16:49:09.798110 osdx OSDxCLI[19513]: User 'admin' left the configuration menu. Dec 17 16:49:10.594777 osdx Lorem-ipsum-dolor-sit-amet-consectetur-adipiscing-elit-quisque-lorem-ipsum-dolor-sit-ame-vit[71943]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 Dec 17 16:49:10.594799 osdx Lorem-ipsum-dolor-sit-amet-consectetur-adipiscing-elit-quisque-lorem-ipsum-dolor-sit-ame-vit[71943]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 Dec 17 16:49:10.669680 osdx Lorem-ipsum-dolor-sit-amet-consectetur-adipiscing-elit-quisque-lorem-ipsum-dolor-sit-ame-vit[71943]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 Dec 17 16:49:10.669699 osdx Lorem-ipsum-dolor-sit-amet-consectetur-adipiscing-elit-quisque-lorem-ipsum-dolor-sit-ame-vit[71943]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0