Logging

The following scenarios show how to configure the conntrack logging option with different traffic policies and services enabled, in order to check that all fields are displayed correctly and all events are captured.

New events

Description

Check NEW sessions events are captured

Scenario

Step 1: Set the following configuration in DUT0 :

set interfaces ethernet eth0 address 192.168.100.1/24
set system conntrack logging events new
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'

Step 2: Set the following configuration in DUT1 :

set interfaces ethernet eth0 address 192.168.100.2/24
set protocols static route 0.0.0.0/0 next-hop 192.168.100.1
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'

Step 3: Ping IP address 192.168.100.1 from DUT1:

admin@DUT1$ ping 192.168.100.1 count 1 size 56 timeout 1

Show output

PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data.
64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.499 ms

--- 192.168.100.1 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 0.499/0.499/0.499/0.000 ms

Step 4: Ping IP address 192.168.100.1 from DUT1:

admin@DUT1$ ping 192.168.100.1 count 1 size 56 timeout 1

Show output

PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data.
64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.241 ms

--- 192.168.100.1 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 0.241/0.241/0.241/0.000 ms

Step 5: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:

ulogd\[.*\]:.*\[NEW\].*SRC=192.168.100.2

Show output

Jan 27 16:43:21.312407 osdx systemd-journald[1842]: Runtime Journal (/run/log/journal/7f16b2c6785447ce99316296df636466) is 1.8M, max 13.8M, 11.9M free.
Jan 27 16:43:21.315334 osdx systemd-journald[1842]: Received client request to rotate journal, rotating.
Jan 27 16:43:21.315386 osdx systemd-journald[1842]: Vacuuming done, freed 0B of archived journals from /run/log/journal/7f16b2c6785447ce99316296df636466.
Jan 27 16:43:21.323263 osdx OSDxCLI[44999]: User 'admin' executed a new command: 'system journal clear'.
Jan 27 16:43:21.537009 osdx OSDxCLI[44999]: User 'admin' executed a new command: 'system coredump delete all'.
Jan 27 16:43:21.767398 osdx OSDxCLI[44999]: User 'admin' entered the configuration menu.
Jan 27 16:43:21.862682 osdx OSDxCLI[44999]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 192.168.100.1/24'.
Jan 27 16:43:21.941637 osdx OSDxCLI[44999]: User 'admin' added a new cfg line: 'set system conntrack logging events new'.
Jan 27 16:43:22.006862 osdx OSDxCLI[44999]: User 'admin' added a new cfg line: 'show working'.
Jan 27 16:43:22.115583 osdx ubnt-cfgd[45147]: inactive
Jan 27 16:43:22.137319 osdx INFO[45153]: FRR daemons did not change
Jan 27 16:43:22.216929 osdx WARNING[45225]: No supported link modes on interface eth0
Jan 27 16:43:22.218226 osdx modulelauncher[45225]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on
Jan 27 16:43:22.218237 osdx modulelauncher[45225]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76.
Jan 27 16:43:22.219364 osdx modulelauncher[45225]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Pause off Asym_Pause off --
Jan 27 16:43:22.219371 osdx modulelauncher[45225]: Command '/sbin/ethtool -s eth0 autoneg on advertise Pause off Asym_Pause off --' returned non-zero exit status 75.
Jan 27 16:43:22.267673 osdx systemd[1]: Starting ulogd2.service - Netfilter Userspace Logging Daemon...
Jan 27 16:43:22.270538 osdx systemd[1]: Started ulogd2.service - Netfilter Userspace Logging Daemon.
Jan 27 16:43:22.271855 osdx cfgd[1623]: [44999]Completed change to active configuration
Jan 27 16:43:22.273144 osdx ulogd[45250]: registering plugin `NFCT'
Jan 27 16:43:22.274087 osdx ulogd[45250]: registering plugin `IP2STR'
Jan 27 16:43:22.274151 osdx ulogd[45250]: registering plugin `PRINTFLOW'
Jan 27 16:43:22.275174 osdx ulogd[45250]: registering plugin `SYSLOG'
Jan 27 16:43:22.275181 osdx ulogd[45250]: building new pluginstance stack: 'ct1:NFCT,ip2str1:IP2STR,print1:PRINTFLOW,sys1:SYSLOG'
Jan 27 16:43:22.275233 osdx ulogd[45250]: NFCT plugin working in event mode
Jan 27 16:43:22.275240 osdx ulogd[45250]: Changing UID / GID
Jan 27 16:43:22.275325 osdx ulogd[45250]: initialization finished, entering main loop
Jan 27 16:43:22.284350 osdx OSDxCLI[44999]: User 'admin' committed the configuration.
Jan 27 16:43:22.307747 osdx OSDxCLI[44999]: User 'admin' left the configuration menu.
Jan 27 16:43:23.215433 osdx ulogd[45250]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0
Jan 27 16:43:23.319025 osdx ulogd[45250]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0

---

Update events

Description

Check UPDATE sessions events are captured

Scenario

Step 1: Set the following configuration in DUT0 :

set interfaces ethernet eth0 address 192.168.100.1/24
set system conntrack logging events update
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'

Step 2: Set the following configuration in DUT1 :

set interfaces ethernet eth0 address 192.168.100.2/24
set protocols static route 0.0.0.0/0 next-hop 192.168.100.1
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'

Step 3: Ping IP address 192.168.100.1 from DUT1:

admin@DUT1$ ping 192.168.100.1 count 1 size 56 timeout 1

Show output

PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data.
64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.511 ms

--- 192.168.100.1 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 0.511/0.511/0.511/0.000 ms

Step 4: Ping IP address 192.168.100.1 from DUT1:

admin@DUT1$ ping 192.168.100.1 count 1 size 56 timeout 1

Show output

PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data.
64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.265 ms

--- 192.168.100.1 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 0.265/0.265/0.265/0.000 ms

Step 5: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:

ulogd\[.*\]:.*\[UPDATE\].*SRC=192.168.100.2

Show output

Jan 27 16:43:28.363566 osdx systemd-journald[1842]: Runtime Journal (/run/log/journal/7f16b2c6785447ce99316296df636466) is 1.8M, max 13.8M, 11.9M free.
Jan 27 16:43:28.365686 osdx systemd-journald[1842]: Received client request to rotate journal, rotating.
Jan 27 16:43:28.365741 osdx systemd-journald[1842]: Vacuuming done, freed 0B of archived journals from /run/log/journal/7f16b2c6785447ce99316296df636466.
Jan 27 16:43:28.373273 osdx OSDxCLI[44999]: User 'admin' executed a new command: 'system journal clear'.
Jan 27 16:43:28.659306 osdx OSDxCLI[44999]: User 'admin' executed a new command: 'system coredump delete all'.
Jan 27 16:43:28.981603 osdx OSDxCLI[44999]: User 'admin' entered the configuration menu.
Jan 27 16:43:29.067045 osdx OSDxCLI[44999]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 192.168.100.1/24'.
Jan 27 16:43:29.164841 osdx OSDxCLI[44999]: User 'admin' added a new cfg line: 'set system conntrack logging events update'.
Jan 27 16:43:29.227592 osdx OSDxCLI[44999]: User 'admin' added a new cfg line: 'show working'.
Jan 27 16:43:29.319362 osdx ubnt-cfgd[45448]: inactive
Jan 27 16:43:29.337985 osdx INFO[45454]: FRR daemons did not change
Jan 27 16:43:29.419315 osdx WARNING[45526]: No supported link modes on interface eth0
Jan 27 16:43:29.420669 osdx modulelauncher[45526]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on
Jan 27 16:43:29.420682 osdx modulelauncher[45526]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76.
Jan 27 16:43:29.421783 osdx modulelauncher[45526]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Pause off Asym_Pause off --
Jan 27 16:43:29.421792 osdx modulelauncher[45526]: Command '/sbin/ethtool -s eth0 autoneg on advertise Pause off Asym_Pause off --' returned non-zero exit status 75.
Jan 27 16:43:29.458115 osdx systemd[1]: Starting ulogd2.service - Netfilter Userspace Logging Daemon...
Jan 27 16:43:29.458821 osdx systemd[1]: Started ulogd2.service - Netfilter Userspace Logging Daemon.
Jan 27 16:43:29.458919 osdx ulogd[45551]: registering plugin `NFCT'
Jan 27 16:43:29.459117 osdx ulogd[45551]: registering plugin `IP2STR'
Jan 27 16:43:29.459385 osdx ulogd[45551]: registering plugin `PRINTFLOW'
Jan 27 16:43:29.459457 osdx ulogd[45551]: registering plugin `SYSLOG'
Jan 27 16:43:29.459482 osdx ulogd[45551]: building new pluginstance stack: 'ct1:NFCT,ip2str1:IP2STR,print1:PRINTFLOW,sys1:SYSLOG'
Jan 27 16:43:29.459545 osdx ulogd[45551]: NFCT plugin working in event mode
Jan 27 16:43:29.459573 osdx ulogd[45551]: Changing UID / GID
Jan 27 16:43:29.459664 osdx ulogd[45551]: initialization finished, entering main loop
Jan 27 16:43:29.460188 osdx cfgd[1623]: [44999]Completed change to active configuration
Jan 27 16:43:29.471813 osdx OSDxCLI[44999]: User 'admin' committed the configuration.
Jan 27 16:43:29.505149 osdx OSDxCLI[44999]: User 'admin' left the configuration menu.
Jan 27 16:43:30.375294 osdx ulogd[45551]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0
Jan 27 16:43:30.460746 osdx ulogd[45551]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0

---

Destroy events

Description

Check DESTROY sessions events are captured

Scenario

Step 1: Set the following configuration in DUT0 :

set interfaces ethernet eth0 address 192.168.100.1/24
set service ssh
set system conntrack logging events destroy
set system conntrack timeout icmp 1
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'

Step 2: Set the following configuration in DUT1 :

set interfaces ethernet eth0 address 192.168.100.2/24
set protocols static route 0.0.0.0/0 next-hop 192.168.100.1
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'

Step 3: Ping IP address 192.168.100.1 from DUT1:

admin@DUT1$ ping 192.168.100.1 count 1 size 56 timeout 1

Show output

PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data.
64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.293 ms

--- 192.168.100.1 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 0.293/0.293/0.293/0.000 ms

Step 4: Ping IP address 192.168.100.1 from DUT1:

admin@DUT1$ ping 192.168.100.1 count 3 size 56 timeout 1

Show output

PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data.
64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.215 ms
64 bytes from 192.168.100.1: icmp_seq=2 ttl=64 time=0.320 ms
64 bytes from 192.168.100.1: icmp_seq=3 ttl=64 time=0.240 ms

--- 192.168.100.1 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2041ms
rtt min/avg/max/mdev = 0.215/0.258/0.320/0.044 ms

Step 5: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:

ulogd\[.*\]:.*\[DESTROY\].*SRC=192.168.100.2

Show output

Jan 27 16:43:34.301458 osdx systemd-journald[1842]: Runtime Journal (/run/log/journal/7f16b2c6785447ce99316296df636466) is 1.8M, max 13.8M, 11.9M free.
Jan 27 16:43:34.303779 osdx systemd-journald[1842]: Received client request to rotate journal, rotating.
Jan 27 16:43:34.303829 osdx systemd-journald[1842]: Vacuuming done, freed 0B of archived journals from /run/log/journal/7f16b2c6785447ce99316296df636466.
Jan 27 16:43:34.311169 osdx OSDxCLI[44999]: User 'admin' executed a new command: 'system journal clear'.
Jan 27 16:43:34.509953 osdx OSDxCLI[44999]: User 'admin' executed a new command: 'system coredump delete all'.
Jan 27 16:43:34.724137 osdx OSDxCLI[44999]: User 'admin' entered the configuration menu.
Jan 27 16:43:34.854636 osdx OSDxCLI[44999]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 192.168.100.1/24'.
Jan 27 16:43:34.918913 osdx OSDxCLI[44999]: User 'admin' added a new cfg line: 'set system conntrack logging events destroy'.
Jan 27 16:43:35.039456 osdx OSDxCLI[44999]: User 'admin' added a new cfg line: 'set system conntrack timeout icmp 1'.
Jan 27 16:43:35.118598 osdx OSDxCLI[44999]: User 'admin' added a new cfg line: 'set service ssh'.
Jan 27 16:43:35.221524 osdx OSDxCLI[44999]: User 'admin' added a new cfg line: 'show working'.
Jan 27 16:43:35.278785 osdx ubnt-cfgd[45749]: inactive
Jan 27 16:43:35.351451 osdx INFO[45768]: FRR daemons did not change
Jan 27 16:43:35.427454 osdx WARNING[45842]: No supported link modes on interface eth0
Jan 27 16:43:35.428776 osdx modulelauncher[45842]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on
Jan 27 16:43:35.428787 osdx modulelauncher[45842]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76.
Jan 27 16:43:35.429841 osdx modulelauncher[45842]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Pause off Asym_Pause off --
Jan 27 16:43:35.429851 osdx modulelauncher[45842]: Command '/sbin/ethtool -s eth0 autoneg on advertise Pause off Asym_Pause off --' returned non-zero exit status 75.
Jan 27 16:43:35.472185 osdx systemd[1]: Starting ulogd2.service - Netfilter Userspace Logging Daemon...
Jan 27 16:43:35.473021 osdx systemd[1]: Started ulogd2.service - Netfilter Userspace Logging Daemon.
Jan 27 16:43:35.473202 osdx ulogd[45867]: registering plugin `NFCT'
Jan 27 16:43:35.473404 osdx ulogd[45867]: registering plugin `IP2STR'
Jan 27 16:43:35.473449 osdx ulogd[45867]: registering plugin `PRINTFLOW'
Jan 27 16:43:35.473494 osdx ulogd[45867]: registering plugin `SYSLOG'
Jan 27 16:43:35.473527 osdx ulogd[45867]: building new pluginstance stack: 'ct1:NFCT,ip2str1:IP2STR,print1:PRINTFLOW,sys1:SYSLOG'
Jan 27 16:43:35.473570 osdx ulogd[45867]: NFCT plugin working in event mode
Jan 27 16:43:35.473580 osdx ulogd[45867]: Changing UID / GID
Jan 27 16:43:35.473648 osdx ulogd[45867]: initialization finished, entering main loop
Jan 27 16:43:35.506392 osdx systemd[1]: Starting ssh.service - OpenBSD Secure Shell server...
Jan 27 16:43:35.521177 osdx sshd[45882]: Server listening on 0.0.0.0 port 22.
Jan 27 16:43:35.521206 osdx sshd[45882]: Server listening on :: port 22.
Jan 27 16:43:35.521307 osdx systemd[1]: Started ssh.service - OpenBSD Secure Shell server.
Jan 27 16:43:35.522187 osdx cfgd[1623]: [44999]Completed change to active configuration
Jan 27 16:43:35.533622 osdx OSDxCLI[44999]: User 'admin' committed the configuration.
Jan 27 16:43:35.549283 osdx OSDxCLI[44999]: User 'admin' left the configuration menu.
Jan 27 16:43:37.439270 osdx ulogd[45867]: [DESTROY] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84
Jan 27 16:43:38.463189 osdx ulogd[45867]: [DESTROY] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84

---

Default logging

Description

Set a simple configuration, send a ping command from one device to other and check that default fields appear when running system journal show.

Scenario

Step 1: Set the following configuration in DUT0 :

set interfaces ethernet eth0 address 192.168.100.1/24
set system conntrack logging events all
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'

Step 2: Set the following configuration in DUT1 :

set interfaces ethernet eth0 address 192.168.100.2/24
set protocols static route 0.0.0.0/0 next-hop 192.168.100.1
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'

Step 3: Ping IP address 192.168.100.1 from DUT1:

admin@DUT1$ ping 192.168.100.1 count 1 size 56 timeout 1

Show output

PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data.
64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.537 ms

--- 192.168.100.1 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 0.537/0.537/0.537/0.000 ms

Step 4: Ping IP address 192.168.100.1 from DUT1:

admin@DUT1$ ping 192.168.100.1 count 1 size 56 timeout 1

Show output

PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data.
64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.382 ms

--- 192.168.100.1 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 0.382/0.382/0.382/0.000 ms

Step 5: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:

ulogd\[.*\]:.*\[((NEW)|(UPDATE)|(DESTROY))\].*SRC=192.168.100.2

Show output

Jan 27 16:43:46.308963 osdx systemd-journald[1842]: Runtime Journal (/run/log/journal/7f16b2c6785447ce99316296df636466) is 1.8M, max 13.8M, 11.9M free.
Jan 27 16:43:46.310257 osdx systemd-journald[1842]: Received client request to rotate journal, rotating.
Jan 27 16:43:46.310303 osdx systemd-journald[1842]: Vacuuming done, freed 0B of archived journals from /run/log/journal/7f16b2c6785447ce99316296df636466.
Jan 27 16:43:46.317948 osdx OSDxCLI[44999]: User 'admin' executed a new command: 'system journal clear'.
Jan 27 16:43:46.547761 osdx OSDxCLI[44999]: User 'admin' executed a new command: 'system coredump delete all'.
Jan 27 16:43:46.788944 osdx OSDxCLI[44999]: User 'admin' entered the configuration menu.
Jan 27 16:43:46.878142 osdx OSDxCLI[44999]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 192.168.100.1/24'.
Jan 27 16:43:46.967585 osdx OSDxCLI[44999]: User 'admin' added a new cfg line: 'set system conntrack logging events all'.
Jan 27 16:43:47.035844 osdx OSDxCLI[44999]: User 'admin' added a new cfg line: 'show working'.
Jan 27 16:43:47.128469 osdx ubnt-cfgd[46095]: inactive
Jan 27 16:43:47.148027 osdx INFO[46101]: FRR daemons did not change
Jan 27 16:43:47.231343 osdx WARNING[46173]: No supported link modes on interface eth0
Jan 27 16:43:47.232684 osdx modulelauncher[46173]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on
Jan 27 16:43:47.232699 osdx modulelauncher[46173]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76.
Jan 27 16:43:47.233912 osdx modulelauncher[46173]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Pause off Asym_Pause off --
Jan 27 16:43:47.233919 osdx modulelauncher[46173]: Command '/sbin/ethtool -s eth0 autoneg on advertise Pause off Asym_Pause off --' returned non-zero exit status 75.
Jan 27 16:43:47.282530 osdx systemd[1]: Starting ulogd2.service - Netfilter Userspace Logging Daemon...
Jan 27 16:43:47.283499 osdx systemd[1]: Started ulogd2.service - Netfilter Userspace Logging Daemon.
Jan 27 16:43:47.283596 osdx ulogd[46198]: registering plugin `NFCT'
Jan 27 16:43:47.283971 osdx ulogd[46198]: registering plugin `IP2STR'
Jan 27 16:43:47.284150 osdx ulogd[46198]: registering plugin `PRINTFLOW'
Jan 27 16:43:47.284262 osdx ulogd[46198]: registering plugin `SYSLOG'
Jan 27 16:43:47.284273 osdx ulogd[46198]: building new pluginstance stack: 'ct1:NFCT,ip2str1:IP2STR,print1:PRINTFLOW,sys1:SYSLOG'
Jan 27 16:43:47.284384 osdx ulogd[46198]: NFCT plugin working in event mode
Jan 27 16:43:47.284401 osdx ulogd[46198]: Changing UID / GID
Jan 27 16:43:47.284561 osdx ulogd[46198]: initialization finished, entering main loop
Jan 27 16:43:47.285772 osdx cfgd[1623]: [44999]Completed change to active configuration
Jan 27 16:43:47.298984 osdx OSDxCLI[44999]: User 'admin' committed the configuration.
Jan 27 16:43:47.327161 osdx OSDxCLI[44999]: User 'admin' left the configuration menu.
Jan 27 16:43:48.110494 osdx ulogd[46198]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0
Jan 27 16:43:48.110519 osdx ulogd[46198]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0
Jan 27 16:43:48.185621 osdx ulogd[46198]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0
Jan 27 16:43:48.185645 osdx ulogd[46198]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0

---

Identity logging

Description

Set a simple configuration with identity OSDx_DUT0 for logs entries, send a ping command from one device to other and check that the identity has changed when running system journal show.

Scenario

Step 1: Set the following configuration in DUT0 :

set interfaces ethernet eth0 address 192.168.100.1/24
set system conntrack logging events all
set system conntrack logging identity OSDx_DUT0
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'

Step 2: Set the following configuration in DUT1 :

set interfaces ethernet eth0 address 192.168.100.2/24
set protocols static route 0.0.0.0/0 next-hop 192.168.100.1
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'

Step 3: Ping IP address 192.168.100.1 from DUT1:

admin@DUT1$ ping 192.168.100.1 count 1 size 56 timeout 1

Show output

PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data.
64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.353 ms

--- 192.168.100.1 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 0.353/0.353/0.353/0.000 ms

Step 4: Ping IP address 192.168.100.1 from DUT1:

admin@DUT1$ ping 192.168.100.1 count 1 size 56 timeout 1

Show output

PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data.
64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.243 ms

--- 192.168.100.1 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 0.243/0.243/0.243/0.000 ms

Step 5: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:

OSDx_DUT0\[.*\]:.*\[((NEW)|(UPDATE)|(DESTROY))\].*SRC=192.168.100.2

Show output

Jan 27 16:43:52.341681 osdx systemd-journald[1842]: Runtime Journal (/run/log/journal/7f16b2c6785447ce99316296df636466) is 1.8M, max 13.8M, 11.9M free.
Jan 27 16:43:52.344144 osdx systemd-journald[1842]: Received client request to rotate journal, rotating.
Jan 27 16:43:52.344218 osdx systemd-journald[1842]: Vacuuming done, freed 0B of archived journals from /run/log/journal/7f16b2c6785447ce99316296df636466.
Jan 27 16:43:52.354371 osdx OSDxCLI[44999]: User 'admin' executed a new command: 'system journal clear'.
Jan 27 16:43:52.603635 osdx OSDxCLI[44999]: User 'admin' executed a new command: 'system coredump delete all'.
Jan 27 16:43:52.869831 osdx OSDxCLI[44999]: User 'admin' entered the configuration menu.
Jan 27 16:43:52.974081 osdx OSDxCLI[44999]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 192.168.100.1/24'.
Jan 27 16:43:53.048145 osdx OSDxCLI[44999]: User 'admin' added a new cfg line: 'set system conntrack logging events all'.
Jan 27 16:43:53.184326 osdx OSDxCLI[44999]: User 'admin' added a new cfg line: 'set system conntrack logging identity OSDx_DUT0'.
Jan 27 16:43:53.287559 osdx OSDxCLI[44999]: User 'admin' added a new cfg line: 'show working'.
Jan 27 16:43:53.401241 osdx ubnt-cfgd[46395]: inactive
Jan 27 16:43:53.423070 osdx INFO[46401]: FRR daemons did not change
Jan 27 16:43:53.524073 osdx WARNING[46473]: No supported link modes on interface eth0
Jan 27 16:43:53.525896 osdx modulelauncher[46473]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on
Jan 27 16:43:53.525912 osdx modulelauncher[46473]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76.
Jan 27 16:43:53.527497 osdx modulelauncher[46473]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Pause off Asym_Pause off --
Jan 27 16:43:53.527508 osdx modulelauncher[46473]: Command '/sbin/ethtool -s eth0 autoneg on advertise Pause off Asym_Pause off --' returned non-zero exit status 75.
Jan 27 16:43:53.580591 osdx systemd[1]: Starting ulogd2.service - Netfilter Userspace Logging Daemon...
Jan 27 16:43:53.581795 osdx systemd[1]: Started ulogd2.service - Netfilter Userspace Logging Daemon.
Jan 27 16:43:53.581858 osdx ulogd[46498]: registering plugin `NFCT'
Jan 27 16:43:53.582073 osdx ulogd[46498]: registering plugin `IP2STR'
Jan 27 16:43:53.582149 osdx ulogd[46498]: registering plugin `PRINTFLOW'
Jan 27 16:43:53.582218 osdx ulogd[46498]: registering plugin `SYSLOG'
Jan 27 16:43:53.582225 osdx ulogd[46498]: building new pluginstance stack: 'ct1:NFCT,ip2str1:IP2STR,print1:PRINTFLOW,sys1:SYSLOG'
Jan 27 16:43:53.582266 osdx ulogd[46498]: NFCT plugin working in event mode
Jan 27 16:43:53.582273 osdx OSDx_DUT0[46498]: Changing UID / GID
Jan 27 16:43:53.582352 osdx OSDx_DUT0[46498]: initialization finished, entering main loop
Jan 27 16:43:53.583242 osdx cfgd[1623]: [44999]Completed change to active configuration
Jan 27 16:43:53.598896 osdx OSDxCLI[44999]: User 'admin' committed the configuration.
Jan 27 16:43:53.619940 osdx OSDxCLI[44999]: User 'admin' left the configuration menu.
Jan 27 16:43:54.497892 osdx OSDx_DUT0[46498]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0
Jan 27 16:43:54.497915 osdx OSDx_DUT0[46498]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0
Jan 27 16:43:54.590264 osdx OSDx_DUT0[46498]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0
Jan 27 16:43:54.590282 osdx OSDx_DUT0[46498]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0

Note

If the identity is not provided, “ulogd” will be used by default.

Step 6: Modify the following configuration lines in DUT0 :

delete system conntrack logging identity

Step 7: Ping IP address 192.168.100.1 from DUT1:

admin@DUT1$ ping 192.168.100.1 count 1 size 56 timeout 1

Show output

PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data.
64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.257 ms

--- 192.168.100.1 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 0.257/0.257/0.257/0.000 ms

Step 8: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:

ulogd\[.*\]:.*\[((NEW)|(UPDATE)|(DESTROY))\].*SRC=192.168.100.2

Show output

Jan 27 16:43:52.341681 osdx systemd-journald[1842]: Runtime Journal (/run/log/journal/7f16b2c6785447ce99316296df636466) is 1.8M, max 13.8M, 11.9M free.
Jan 27 16:43:52.344144 osdx systemd-journald[1842]: Received client request to rotate journal, rotating.
Jan 27 16:43:52.344218 osdx systemd-journald[1842]: Vacuuming done, freed 0B of archived journals from /run/log/journal/7f16b2c6785447ce99316296df636466.
Jan 27 16:43:52.354371 osdx OSDxCLI[44999]: User 'admin' executed a new command: 'system journal clear'.
Jan 27 16:43:52.603635 osdx OSDxCLI[44999]: User 'admin' executed a new command: 'system coredump delete all'.
Jan 27 16:43:52.869831 osdx OSDxCLI[44999]: User 'admin' entered the configuration menu.
Jan 27 16:43:52.974081 osdx OSDxCLI[44999]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 192.168.100.1/24'.
Jan 27 16:43:53.048145 osdx OSDxCLI[44999]: User 'admin' added a new cfg line: 'set system conntrack logging events all'.
Jan 27 16:43:53.184326 osdx OSDxCLI[44999]: User 'admin' added a new cfg line: 'set system conntrack logging identity OSDx_DUT0'.
Jan 27 16:43:53.287559 osdx OSDxCLI[44999]: User 'admin' added a new cfg line: 'show working'.
Jan 27 16:43:53.401241 osdx ubnt-cfgd[46395]: inactive
Jan 27 16:43:53.423070 osdx INFO[46401]: FRR daemons did not change
Jan 27 16:43:53.524073 osdx WARNING[46473]: No supported link modes on interface eth0
Jan 27 16:43:53.525896 osdx modulelauncher[46473]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on
Jan 27 16:43:53.525912 osdx modulelauncher[46473]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76.
Jan 27 16:43:53.527497 osdx modulelauncher[46473]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Pause off Asym_Pause off --
Jan 27 16:43:53.527508 osdx modulelauncher[46473]: Command '/sbin/ethtool -s eth0 autoneg on advertise Pause off Asym_Pause off --' returned non-zero exit status 75.
Jan 27 16:43:53.580591 osdx systemd[1]: Starting ulogd2.service - Netfilter Userspace Logging Daemon...
Jan 27 16:43:53.581795 osdx systemd[1]: Started ulogd2.service - Netfilter Userspace Logging Daemon.
Jan 27 16:43:53.581858 osdx ulogd[46498]: registering plugin `NFCT'
Jan 27 16:43:53.582073 osdx ulogd[46498]: registering plugin `IP2STR'
Jan 27 16:43:53.582149 osdx ulogd[46498]: registering plugin `PRINTFLOW'
Jan 27 16:43:53.582218 osdx ulogd[46498]: registering plugin `SYSLOG'
Jan 27 16:43:53.582225 osdx ulogd[46498]: building new pluginstance stack: 'ct1:NFCT,ip2str1:IP2STR,print1:PRINTFLOW,sys1:SYSLOG'
Jan 27 16:43:53.582266 osdx ulogd[46498]: NFCT plugin working in event mode
Jan 27 16:43:53.582273 osdx OSDx_DUT0[46498]: Changing UID / GID
Jan 27 16:43:53.582352 osdx OSDx_DUT0[46498]: initialization finished, entering main loop
Jan 27 16:43:53.583242 osdx cfgd[1623]: [44999]Completed change to active configuration
Jan 27 16:43:53.598896 osdx OSDxCLI[44999]: User 'admin' committed the configuration.
Jan 27 16:43:53.619940 osdx OSDxCLI[44999]: User 'admin' left the configuration menu.
Jan 27 16:43:54.497892 osdx OSDx_DUT0[46498]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0
Jan 27 16:43:54.497915 osdx OSDx_DUT0[46498]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0
Jan 27 16:43:54.590264 osdx OSDx_DUT0[46498]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0
Jan 27 16:43:54.590282 osdx OSDx_DUT0[46498]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0
Jan 27 16:43:54.720859 osdx OSDxCLI[44999]: User 'admin' executed a new command: 'system journal show | cat'.
Jan 27 16:43:54.906615 osdx OSDxCLI[44999]: User 'admin' entered the configuration menu.
Jan 27 16:43:54.972922 osdx OSDxCLI[44999]: User 'admin' added a new cfg line: 'delete system conntrack logging identity'.
Jan 27 16:43:55.069497 osdx OSDxCLI[44999]: User 'admin' added a new cfg line: 'show changes'.
Jan 27 16:43:55.127635 osdx ubnt-cfgd[46534]: inactive
Jan 27 16:43:55.144517 osdx INFO[46540]: FRR daemons did not change
Jan 27 16:43:55.154633 osdx OSDx_DUT0[46498]: Terminal signal received, exiting
Jan 27 16:43:55.154713 osdx systemd[1]: Stopping ulogd2.service - Netfilter Userspace Logging Daemon...
Jan 27 16:43:55.155086 osdx systemd[1]: ulogd2.service: Deactivated successfully.
Jan 27 16:43:55.155221 osdx systemd[1]: Stopped ulogd2.service - Netfilter Userspace Logging Daemon.
Jan 27 16:43:55.184426 osdx systemd[1]: Starting ulogd2.service - Netfilter Userspace Logging Daemon...
Jan 27 16:43:55.185081 osdx systemd[1]: Started ulogd2.service - Netfilter Userspace Logging Daemon.
Jan 27 16:43:55.185267 osdx ulogd[46549]: registering plugin `NFCT'
Jan 27 16:43:55.185491 osdx ulogd[46549]: registering plugin `IP2STR'
Jan 27 16:43:55.185541 osdx ulogd[46549]: registering plugin `PRINTFLOW'
Jan 27 16:43:55.185627 osdx ulogd[46549]: registering plugin `SYSLOG'
Jan 27 16:43:55.185634 osdx ulogd[46549]: building new pluginstance stack: 'ct1:NFCT,ip2str1:IP2STR,print1:PRINTFLOW,sys1:SYSLOG'
Jan 27 16:43:55.185684 osdx ulogd[46549]: NFCT plugin working in event mode
Jan 27 16:43:55.185691 osdx ulogd[46549]: Changing UID / GID
Jan 27 16:43:55.185766 osdx ulogd[46549]: initialization finished, entering main loop
Jan 27 16:43:55.186255 osdx cfgd[1623]: [44999]Completed change to active configuration
Jan 27 16:43:55.187678 osdx ulogd[46549]: [DESTROY] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84
Jan 27 16:43:55.187695 osdx ulogd[46549]: [DESTROY] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84
Jan 27 16:43:55.188319 osdx OSDxCLI[44999]: User 'admin' committed the configuration.
Jan 27 16:43:55.216937 osdx OSDxCLI[44999]: User 'admin' left the configuration menu.
Jan 27 16:43:55.404349 osdx ulogd[46549]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0
Jan 27 16:43:55.404369 osdx ulogd[46549]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0

---

Policies logging

Description

Set a simple configuration with mark and label traffic policies, send a ping command from one device to other and check that default, mark and label fields appear when running system journal show.

Scenario

Step 1: Set the following configuration in DUT0 :

set interfaces ethernet eth0 address 192.168.100.1/24
set interfaces ethernet eth0 traffic policy in POLICY
set system conntrack logging events all
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
set traffic label TEST
set traffic policy POLICY rule 1 set connmark 33
set traffic policy POLICY rule 1 set label TEST

Step 2: Set the following configuration in DUT1 :

set interfaces ethernet eth0 address 192.168.100.2/24
set protocols static route 0.0.0.0/0 next-hop 192.168.100.1
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'

Step 3: Ping IP address 192.168.100.1 from DUT1:

admin@DUT1$ ping 192.168.100.1 count 1 size 56 timeout 1

Show output

PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data.
64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.406 ms

--- 192.168.100.1 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 0.406/0.406/0.406/0.000 ms

Step 4: Ping IP address 192.168.100.1 from DUT1:

admin@DUT1$ ping 192.168.100.1 count 2 size 56 timeout 1

Show output

PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data.
64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.254 ms
64 bytes from 192.168.100.1: icmp_seq=2 ttl=64 time=0.327 ms

--- 192.168.100.1 ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1011ms
rtt min/avg/max/mdev = 0.254/0.290/0.327/0.036 ms

Step 5: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:

ulogd\[.*\]:.*\[((NEW)|(UPDATE)|(DESTROY))\].*MARK=33.*LABELS=TEST

Show output

Jan 27 16:44:00.322695 osdx systemd-journald[1842]: Runtime Journal (/run/log/journal/7f16b2c6785447ce99316296df636466) is 1.8M, max 13.8M, 11.9M free.
Jan 27 16:44:00.325236 osdx systemd-journald[1842]: Received client request to rotate journal, rotating.
Jan 27 16:44:00.325292 osdx systemd-journald[1842]: Vacuuming done, freed 0B of archived journals from /run/log/journal/7f16b2c6785447ce99316296df636466.
Jan 27 16:44:00.333256 osdx OSDxCLI[44999]: User 'admin' executed a new command: 'system journal clear'.
Jan 27 16:44:00.554688 osdx OSDxCLI[44999]: User 'admin' executed a new command: 'system coredump delete all'.
Jan 27 16:44:00.796277 osdx OSDxCLI[44999]: User 'admin' entered the configuration menu.
Jan 27 16:44:00.908334 osdx OSDxCLI[44999]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 traffic policy in POLICY'.
Jan 27 16:44:00.982085 osdx OSDxCLI[44999]: User 'admin' added a new cfg line: 'set traffic label TEST'.
Jan 27 16:44:01.114495 osdx OSDxCLI[44999]: User 'admin' added a new cfg line: 'set traffic policy POLICY rule 1 set connmark 33'.
Jan 27 16:44:01.188927 osdx OSDxCLI[44999]: User 'admin' added a new cfg line: 'set traffic policy POLICY rule 1 set label TEST'.
Jan 27 16:44:01.286054 osdx OSDxCLI[44999]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 192.168.100.1/24'.
Jan 27 16:44:01.367753 osdx OSDxCLI[44999]: User 'admin' added a new cfg line: 'set system conntrack logging events all'.
Jan 27 16:44:01.485553 osdx OSDxCLI[44999]: User 'admin' added a new cfg line: 'show working'.
Jan 27 16:44:01.588136 osdx ubnt-cfgd[46728]: inactive
Jan 27 16:44:01.621675 osdx INFO[46742]: FRR daemons did not change
Jan 27 16:44:01.703970 osdx WARNING[46814]: No supported link modes on interface eth0
Jan 27 16:44:01.705350 osdx modulelauncher[46814]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on
Jan 27 16:44:01.705362 osdx modulelauncher[46814]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76.
Jan 27 16:44:01.706450 osdx modulelauncher[46814]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Pause off Asym_Pause off --
Jan 27 16:44:01.706457 osdx modulelauncher[46814]: Command '/sbin/ethtool -s eth0 autoneg on advertise Pause off Asym_Pause off --' returned non-zero exit status 75.
Jan 27 16:44:01.741541 osdx systemd[1]: Starting ulogd2.service - Netfilter Userspace Logging Daemon...
Jan 27 16:44:01.742273 osdx systemd[1]: Started ulogd2.service - Netfilter Userspace Logging Daemon.
Jan 27 16:44:01.742568 osdx ulogd[46839]: registering plugin `NFCT'
Jan 27 16:44:01.742853 osdx ulogd[46839]: registering plugin `IP2STR'
Jan 27 16:44:01.742914 osdx ulogd[46839]: registering plugin `PRINTFLOW'
Jan 27 16:44:01.743024 osdx ulogd[46839]: registering plugin `SYSLOG'
Jan 27 16:44:01.743031 osdx ulogd[46839]: building new pluginstance stack: 'ct1:NFCT,ip2str1:IP2STR,print1:PRINTFLOW,sys1:SYSLOG'
Jan 27 16:44:01.743086 osdx ulogd[46839]: NFCT plugin working in event mode
Jan 27 16:44:01.743095 osdx ulogd[46839]: Changing UID / GID
Jan 27 16:44:01.743178 osdx ulogd[46839]: initialization finished, entering main loop
Jan 27 16:44:01.755037 osdx ulogd[46839]: Terminal signal received, exiting
Jan 27 16:44:01.755149 osdx systemd[1]: Stopping ulogd2.service - Netfilter Userspace Logging Daemon...
Jan 27 16:44:01.755410 osdx systemd[1]: ulogd2.service: Deactivated successfully.
Jan 27 16:44:01.755522 osdx systemd[1]: Stopped ulogd2.service - Netfilter Userspace Logging Daemon.
Jan 27 16:44:01.756800 osdx systemd[1]: Starting ulogd2.service - Netfilter Userspace Logging Daemon...
Jan 27 16:44:01.757688 osdx systemd[1]: Started ulogd2.service - Netfilter Userspace Logging Daemon.
Jan 27 16:44:01.757812 osdx ulogd[46845]: registering plugin `NFCT'
Jan 27 16:44:01.758063 osdx ulogd[46845]: registering plugin `IP2STR'
Jan 27 16:44:01.758146 osdx ulogd[46845]: registering plugin `PRINTFLOW'
Jan 27 16:44:01.758226 osdx ulogd[46845]: registering plugin `SYSLOG'
Jan 27 16:44:01.758238 osdx ulogd[46845]: building new pluginstance stack: 'ct1:NFCT,ip2str1:IP2STR,print1:PRINTFLOW,sys1:SYSLOG'
Jan 27 16:44:01.758291 osdx ulogd[46845]: NFCT plugin working in event mode
Jan 27 16:44:01.758298 osdx ulogd[46845]: Changing UID / GID
Jan 27 16:44:01.758530 osdx ulogd[46845]: initialization finished, entering main loop
Jan 27 16:44:01.949081 osdx cfgd[1623]: [44999]Completed change to active configuration
Jan 27 16:44:01.960697 osdx OSDxCLI[44999]: User 'admin' committed the configuration.
Jan 27 16:44:01.982458 osdx OSDxCLI[44999]: User 'admin' left the configuration menu.
Jan 27 16:44:03.021110 osdx ulogd[46845]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 MARK=33 LABELS=TEST
Jan 27 16:44:03.021135 osdx ulogd[46845]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 MARK=33
Jan 27 16:44:03.101508 osdx ulogd[46845]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 MARK=33 LABELS=TEST
Jan 27 16:44:03.101533 osdx ulogd[46845]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 MARK=33

---

VRF logging

Description

Set a simple configuration with a vrf, send a ping command from one device to other and check that default and vrf fields appear when running system journal show.

Scenario

Step 1: Set the following configuration in DUT0 :

set interfaces ethernet eth0 address 192.168.100.1/24
set interfaces ethernet eth0 vrf RED
set protocols vrf RED static route 0.0.0.0/0 next-hop 192.168.100.2
set system conntrack logging events all
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
set system vrf RED

Step 2: Set the following configuration in DUT1 :

set interfaces ethernet eth0 address 192.168.100.2/24
set protocols static route 0.0.0.0/0 next-hop 192.168.100.1
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'

Step 3: Ping IP address 192.168.100.1 from DUT1:

admin@DUT1$ ping 192.168.100.1 count 1 size 56 timeout 1

Show output

PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data.
64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.757 ms

--- 192.168.100.1 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 0.757/0.757/0.757/0.000 ms

Step 4: Ping IP address 192.168.100.1 from DUT1:

admin@DUT1$ ping 192.168.100.1 count 1 size 56 timeout 1

Show output

PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data.
64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.242 ms

--- 192.168.100.1 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 0.242/0.242/0.242/0.000 ms

Step 5: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:

ulogd\[.*\]:.*\[((NEW)|(UPDATE)|(DESTROY))\].*VRF=RED

Show output

Jan 27 16:44:08.392748 osdx systemd-journald[1842]: Runtime Journal (/run/log/journal/7f16b2c6785447ce99316296df636466) is 1.8M, max 13.8M, 11.9M free.
Jan 27 16:44:08.395249 osdx systemd-journald[1842]: Received client request to rotate journal, rotating.
Jan 27 16:44:08.395329 osdx systemd-journald[1842]: Vacuuming done, freed 0B of archived journals from /run/log/journal/7f16b2c6785447ce99316296df636466.
Jan 27 16:44:08.406352 osdx OSDxCLI[44999]: User 'admin' executed a new command: 'system journal clear'.
Jan 27 16:44:08.664357 osdx OSDxCLI[44999]: User 'admin' executed a new command: 'system coredump delete all'.
Jan 27 16:44:08.969733 osdx OSDxCLI[44999]: User 'admin' entered the configuration menu.
Jan 27 16:44:09.079646 osdx OSDxCLI[44999]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 vrf RED'.
Jan 27 16:44:09.172921 osdx OSDxCLI[44999]: User 'admin' added a new cfg line: 'set protocols vrf RED static route 0.0.0.0/0 next-hop 192.168.100.2'.
Jan 27 16:44:09.255402 osdx OSDxCLI[44999]: User 'admin' added a new cfg line: 'set system vrf RED'.
Jan 27 16:44:09.311585 osdx OSDxCLI[44999]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 192.168.100.1/24'.
Jan 27 16:44:09.408497 osdx OSDxCLI[44999]: User 'admin' added a new cfg line: 'set system conntrack logging events all'.
Jan 27 16:44:09.472417 osdx OSDxCLI[44999]: User 'admin' added a new cfg line: 'show working'.
Jan 27 16:44:09.564909 osdx ubnt-cfgd[47090]: inactive
Jan 27 16:44:09.586499 osdx INFO[47096]: FRR daemons did not change
Jan 27 16:44:09.596641 osdx (udev-worker)[47106]: RED: Could not disable auto negotiation, ignoring: Operation not supported
Jan 27 16:44:09.596668 osdx (udev-worker)[47106]: Network interface NamePolicy= disabled on kernel command line.
Jan 27 16:44:09.676180 osdx WARNING[47187]: No supported link modes on interface eth0
Jan 27 16:44:09.677888 osdx modulelauncher[47187]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on
Jan 27 16:44:09.677903 osdx modulelauncher[47187]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76.
Jan 27 16:44:09.679427 osdx modulelauncher[47187]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Pause off Asym_Pause off --
Jan 27 16:44:09.679435 osdx modulelauncher[47187]: Command '/sbin/ethtool -s eth0 autoneg on advertise Pause off Asym_Pause off --' returned non-zero exit status 75.
Jan 27 16:44:09.779418 osdx systemd[1]: Starting ulogd2.service - Netfilter Userspace Logging Daemon...
Jan 27 16:44:09.780260 osdx systemd[1]: Started ulogd2.service - Netfilter Userspace Logging Daemon.
Jan 27 16:44:09.780410 osdx ulogd[47273]: registering plugin `NFCT'
Jan 27 16:44:09.780592 osdx ulogd[47273]: registering plugin `IP2STR'
Jan 27 16:44:09.780632 osdx ulogd[47273]: registering plugin `PRINTFLOW'
Jan 27 16:44:09.780671 osdx ulogd[47273]: registering plugin `SYSLOG'
Jan 27 16:44:09.780703 osdx ulogd[47273]: building new pluginstance stack: 'ct1:NFCT,ip2str1:IP2STR,print1:PRINTFLOW,sys1:SYSLOG'
Jan 27 16:44:09.780746 osdx ulogd[47273]: NFCT plugin working in event mode
Jan 27 16:44:09.780755 osdx ulogd[47273]: Changing UID / GID
Jan 27 16:44:09.780821 osdx ulogd[47273]: initialization finished, entering main loop
Jan 27 16:44:09.781238 osdx cfgd[1623]: [44999]Completed change to active configuration
Jan 27 16:44:09.794074 osdx OSDxCLI[44999]: User 'admin' committed the configuration.
Jan 27 16:44:09.810213 osdx OSDxCLI[44999]: User 'admin' left the configuration menu.
Jan 27 16:44:10.636234 osdx ulogd[47273]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 VRF=RED PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 VRF=RED PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0
Jan 27 16:44:10.636259 osdx ulogd[47273]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 VRF=RED PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 VRF=RED PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0
Jan 27 16:44:10.728149 osdx ulogd[47273]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 VRF=RED PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 VRF=RED PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0
Jan 27 16:44:10.728174 osdx ulogd[47273]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 VRF=RED PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 VRF=RED PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0

---

Not-Bypass logging

Description

Set a simple configuration with a firewall service, send a ping command from one device to other and check that default and bypass fields appear when running system journal show.

Scenario

Step 1: Set the following configuration in DUT0 :

set interfaces ethernet eth1 address 10.215.168.64/24
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'

Step 2: Ping IP address 10.215.168.1 from DUT0:

admin@DUT0$ ping 10.215.168.1 count 1 size 56 timeout 1

Show output

PING 10.215.168.1 (10.215.168.1) 56(84) bytes of data.
64 bytes from 10.215.168.1: icmp_seq=1 ttl=64 time=0.269 ms

--- 10.215.168.1 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 0.269/0.269/0.269/0.000 ms

Step 3: Run command file copy http://10.215.168.1/~robot/test-performance.rules running:// force at DUT0 and expect this output:

Show output

  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100   129  100   129    0     0  19879      0 --:--:-- --:--:-- --:--:-- 21500

Step 4: Set the following configuration in DUT0 :

set interfaces ethernet eth0 address 192.168.100.1/24
set interfaces ethernet eth0 traffic policy in POLICY
set interfaces ethernet eth1 address 10.215.168.64/24
set service firewall FW mode inline queue FW_Q
set service firewall FW ruleset file 'running://test-performance.rules'
set service firewall FW stream bypass mark 129834765
set service firewall FW stream bypass mask 129834765
set service firewall FW stream bypass set-connmark
set system conntrack logging events all
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
set traffic policy POLICY rule 1 action enqueue FW_Q
set traffic queue FW_Q elements 1

Step 5: Set the following configuration in DUT1 :

set interfaces ethernet eth0 address 192.168.100.2/24
set protocols static route 0.0.0.0/0 next-hop 192.168.100.1
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'

Step 6: Ping IP address 192.168.100.1 from DUT1:

admin@DUT1$ ping 192.168.100.1 count 1 size 56 timeout 1

Show output

PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data.
64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.475 ms

--- 192.168.100.1 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 0.475/0.475/0.475/0.000 ms

Step 7: Ping IP address 192.168.100.1 from DUT1:

admin@DUT1$ ping 192.168.100.1 count 1 size 56 timeout 1

Show output

PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data.
64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.388 ms

--- 192.168.100.1 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 0.388/0.388/0.388/0.000 ms

Step 8: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:

ulogd\[.*\]:.*\[((NEW)|(UPDATE)|(DESTROY))\].*Sc: not-bypass

Show output

Jan 27 16:44:16.310614 osdx systemd-journald[1842]: Runtime Journal (/run/log/journal/7f16b2c6785447ce99316296df636466) is 1.8M, max 13.8M, 11.9M free.
Jan 27 16:44:16.313403 osdx systemd-journald[1842]: Received client request to rotate journal, rotating.
Jan 27 16:44:16.313460 osdx systemd-journald[1842]: Vacuuming done, freed 0B of archived journals from /run/log/journal/7f16b2c6785447ce99316296df636466.
Jan 27 16:44:16.321180 osdx OSDxCLI[44999]: User 'admin' executed a new command: 'system journal clear'.
Jan 27 16:44:16.551295 osdx OSDxCLI[44999]: User 'admin' executed a new command: 'system coredump delete all'.
Jan 27 16:44:16.828891 osdx OSDxCLI[44999]: User 'admin' entered the configuration menu.
Jan 27 16:44:17.000856 osdx OSDxCLI[44999]: User 'admin' added a new cfg line: 'set interfaces ethernet eth1 address 10.215.168.64/24'.
Jan 27 16:44:17.077642 osdx OSDxCLI[44999]: User 'admin' added a new cfg line: 'show working'.
Jan 27 16:44:17.213366 osdx ubnt-cfgd[47553]: inactive
Jan 27 16:44:17.234066 osdx INFO[47559]: FRR daemons did not change
Jan 27 16:44:17.312826 osdx WARNING[47628]: No supported link modes on interface eth1
Jan 27 16:44:17.315043 osdx modulelauncher[47628]: osdx.utils.xos cmd error: /sbin/ethtool -A eth1 autoneg on
Jan 27 16:44:17.315058 osdx modulelauncher[47628]: Command '/sbin/ethtool -A eth1 autoneg on' returned non-zero exit status 76.
Jan 27 16:44:17.316625 osdx modulelauncher[47628]: osdx.utils.xos cmd error: /sbin/ethtool -s eth1 autoneg on advertise Pause off Asym_Pause off --
Jan 27 16:44:17.316634 osdx modulelauncher[47628]: Command '/sbin/ethtool -s eth1 autoneg on advertise Pause off Asym_Pause off --' returned non-zero exit status 75.
Jan 27 16:44:17.328446 osdx cfgd[1623]: [44999]Completed change to active configuration
Jan 27 16:44:17.340163 osdx OSDxCLI[44999]: User 'admin' committed the configuration.
Jan 27 16:44:17.379994 osdx OSDxCLI[44999]: User 'admin' left the configuration menu.
Jan 27 16:44:17.563837 osdx OSDxCLI[44999]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'.
Jan 27 16:44:17.813106 osdx file_operation[47684]: using src url: http://10.215.168.1/~robot/test-performance.rules dst url: running://
Jan 27 16:44:17.840609 osdx OSDxCLI[44999]: User 'admin' executed a new command: 'file copy http://10.215.168.1/~robot/test-performance.rules running:// force'.
Jan 27 16:44:18.025658 osdx OSDxCLI[44999]: User 'admin' entered the configuration menu.
Jan 27 16:44:18.139407 osdx OSDxCLI[44999]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 traffic policy in POLICY'.
Jan 27 16:44:18.248194 osdx OSDxCLI[44999]: User 'admin' added a new cfg line: 'set service firewall FW mode inline queue FW_Q'.
Jan 27 16:44:18.359874 osdx OSDxCLI[44999]: User 'admin' added a new cfg line: 'set service firewall FW ruleset file running://test-performance.rules'.
Jan 27 16:44:18.477205 osdx OSDxCLI[44999]: User 'admin' added a new cfg line: 'set service firewall FW stream bypass'.
Jan 27 16:44:18.597058 osdx OSDxCLI[44999]: User 'admin' added a new cfg line: 'set service firewall FW stream bypass mark 129834765'.
Jan 27 16:44:18.729091 osdx OSDxCLI[44999]: User 'admin' added a new cfg line: 'set service firewall FW stream bypass mask 129834765'.
Jan 27 16:44:18.785001 osdx OSDxCLI[44999]: User 'admin' added a new cfg line: 'set service firewall FW stream bypass set-connmark'.
Jan 27 16:44:18.877356 osdx OSDxCLI[44999]: User 'admin' added a new cfg line: 'set traffic queue FW_Q elements 1'.
Jan 27 16:44:18.936729 osdx OSDxCLI[44999]: User 'admin' added a new cfg line: 'set traffic policy POLICY rule 1 action enqueue FW_Q'.
Jan 27 16:44:19.056337 osdx OSDxCLI[44999]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 192.168.100.1/24'.
Jan 27 16:44:19.127216 osdx OSDxCLI[44999]: User 'admin' added a new cfg line: 'set system conntrack logging events all'.
Jan 27 16:44:19.246784 osdx OSDxCLI[44999]: User 'admin' added a new cfg line: 'show working'.
Jan 27 16:44:19.332574 osdx ubnt-cfgd[47719]: inactive
Jan 27 16:44:19.372064 osdx INFO[47736]: FRR daemons did not change
Jan 27 16:44:19.493479 osdx WARNING[47808]: No supported link modes on interface eth0
Jan 27 16:44:19.494847 osdx modulelauncher[47808]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on
Jan 27 16:44:19.494858 osdx modulelauncher[47808]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76.
Jan 27 16:44:19.496031 osdx modulelauncher[47808]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Pause off Asym_Pause off --
Jan 27 16:44:19.496038 osdx modulelauncher[47808]: Command '/sbin/ethtool -s eth0 autoneg on advertise Pause off Asym_Pause off --' returned non-zero exit status 75.
Jan 27 16:44:19.541735 osdx systemd[1]: Starting ulogd2.service - Netfilter Userspace Logging Daemon...
Jan 27 16:44:19.542409 osdx systemd[1]: Started ulogd2.service - Netfilter Userspace Logging Daemon.
Jan 27 16:44:19.542581 osdx ulogd[47833]: registering plugin `NFCT'
Jan 27 16:44:19.542815 osdx ulogd[47833]: registering plugin `IP2STR'
Jan 27 16:44:19.542870 osdx ulogd[47833]: registering plugin `PRINTFLOW'
Jan 27 16:44:19.542923 osdx ulogd[47833]: registering plugin `SYSLOG'
Jan 27 16:44:19.542930 osdx ulogd[47833]: building new pluginstance stack: 'ct1:NFCT,ip2str1:IP2STR,print1:PRINTFLOW,sys1:SYSLOG'
Jan 27 16:44:19.542984 osdx ulogd[47833]: NFCT plugin working in event mode
Jan 27 16:44:19.542994 osdx ulogd[47833]: Changing UID / GID
Jan 27 16:44:19.543076 osdx ulogd[47833]: initialization finished, entering main loop
Jan 27 16:44:19.793624 osdx ulogd[47833]: Terminal signal received, exiting
Jan 27 16:44:19.793699 osdx systemd[1]: Stopping ulogd2.service - Netfilter Userspace Logging Daemon...
Jan 27 16:44:19.793968 osdx systemd[1]: ulogd2.service: Deactivated successfully.
Jan 27 16:44:19.794062 osdx systemd[1]: Stopped ulogd2.service - Netfilter Userspace Logging Daemon.
Jan 27 16:44:19.817820 osdx systemd[1]: Starting ulogd2.service - Netfilter Userspace Logging Daemon...
Jan 27 16:44:19.818633 osdx systemd[1]: Started ulogd2.service - Netfilter Userspace Logging Daemon.
Jan 27 16:44:19.818850 osdx ulogd[47861]: registering plugin `NFCT'
Jan 27 16:44:19.818921 osdx ulogd[47861]: registering plugin `IP2STR'
Jan 27 16:44:19.818981 osdx ulogd[47861]: registering plugin `PRINTFLOW'
Jan 27 16:44:19.819047 osdx ulogd[47861]: registering plugin `SYSLOG'
Jan 27 16:44:19.819053 osdx ulogd[47861]: building new pluginstance stack: 'ct1:NFCT,ip2str1:IP2STR,print1:PRINTFLOW,sys1:SYSLOG'
Jan 27 16:44:19.819122 osdx ulogd[47861]: NFCT plugin working in event mode
Jan 27 16:44:19.819133 osdx ulogd[47861]: Changing UID / GID
Jan 27 16:44:19.819229 osdx ulogd[47861]: initialization finished, entering main loop
Jan 27 16:44:19.862091 osdx systemd[1]: Reloading.
Jan 27 16:44:19.917431 osdx systemd-sysv-generator[47882]: stat() failed on /etc/init.d/README, ignoring: No such file or directory
Jan 27 16:44:20.025757 osdx systemd[1]: Starting logrotate.service - Rotate log files...
Jan 27 16:44:20.029631 osdx systemd[1]: Created slice system-suricata.slice - Slice /system/suricata.
Jan 27 16:44:20.030406 osdx systemd[1]: Starting suricata@FW.service - Suricata client "FW" service...
Jan 27 16:44:20.047362 osdx systemd[1]: logrotate.service: Deactivated successfully.
Jan 27 16:44:20.047508 osdx systemd[1]: Finished logrotate.service - Rotate log files.
Jan 27 16:44:20.301838 osdx systemd[1]: Started suricata@FW.service - Suricata client "FW" service.
Jan 27 16:44:20.794167 osdx INFO[47863]: Rules successfully loaded
Jan 27 16:44:20.794816 osdx cfgd[1623]: [44999]Completed change to active configuration
Jan 27 16:44:20.808721 osdx OSDxCLI[44999]: User 'admin' committed the configuration.
Jan 27 16:44:20.906888 osdx OSDxCLI[44999]: User 'admin' left the configuration menu.
Jan 27 16:44:21.695485 osdx ulogd[47861]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 (Sc: not-bypass)
Jan 27 16:44:21.695503 osdx ulogd[47861]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 (Sc: not-bypass)
Jan 27 16:44:21.786144 osdx ulogd[47861]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 (Sc: not-bypass)
Jan 27 16:44:21.786167 osdx ulogd[47861]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 (Sc: not-bypass)

---

Offload flag

Description

Set a simple configuration with DUT0 as an intermediary between DUT1 and DUT2. Initiate a ssh connection from DUT1 to DUT2 and check that default and offload fields appear when running system journal show.

Scenario

Step 1: Set the following configuration in DUT0 :

set interfaces ethernet eth0 address 192.168.100.1/24
set interfaces ethernet eth1 address 192.168.200.1/24
set system conntrack logging events all
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'

Step 2: Set the following configuration in DUT1 :

set interfaces ethernet eth0 address 192.168.100.2/24
set protocols static route 0.0.0.0/0 next-hop 192.168.100.1
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'

Step 3: Set the following configuration in DUT2 :

set interfaces ethernet eth0 address 192.168.200.2/24
set protocols static route 0.0.0.0/0 next-hop 192.168.200.1
set service ssh
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'

Step 4: Ping IP address 192.168.100.1 from DUT1:

admin@DUT1$ ping 192.168.100.1 count 1 size 56 timeout 1

Show output

PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data.
64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.271 ms

--- 192.168.100.1 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 0.271/0.271/0.271/0.000 ms

Step 5: Ping IP address 192.168.200.1 from DUT2:

admin@DUT2$ ping 192.168.200.1 count 1 size 56 timeout 1

Show output

PING 192.168.200.1 (192.168.200.1) 56(84) bytes of data.
64 bytes from 192.168.200.1: icmp_seq=1 ttl=64 time=0.353 ms

--- 192.168.200.1 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 0.353/0.353/0.353/0.000 ms

Step 6: Init an SSH connection from DUT1 to IP address 192.168.200.2 with the user admin:

admin@DUT1$ ssh admin@192.168.200.2 option StrictHostKeyChecking=no option UserKnownHostsFile=/dev/null

Show output

Warning: Permanently added '192.168.200.2' (ECDSA) to the list of known hosts.
admin@192.168.200.2's password:
Welcome to Teldat OSDx v4.2.8.2

This system includes free software.
Contact Teldat for licenses information and source code.

Last login: Tue Jan 27 11:07:44 2026 from 40.0.0.2
admin@osdx$

Step 7: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:

ulogd\[.*\]:.*\[((NEW)|(UPDATE)|(DESTROY))\].*\[OFFLOAD\]

Show output

Jan 27 16:44:28.350002 osdx systemd-journald[1842]: Runtime Journal (/run/log/journal/7f16b2c6785447ce99316296df636466) is 1.8M, max 13.8M, 11.9M free.
Jan 27 16:44:28.352741 osdx systemd-journald[1842]: Received client request to rotate journal, rotating.
Jan 27 16:44:28.352812 osdx systemd-journald[1842]: Vacuuming done, freed 0B of archived journals from /run/log/journal/7f16b2c6785447ce99316296df636466.
Jan 27 16:44:28.360364 osdx OSDxCLI[44999]: User 'admin' executed a new command: 'system journal clear'.
Jan 27 16:44:28.588551 osdx OSDxCLI[44999]: User 'admin' executed a new command: 'system coredump delete all'.
Jan 27 16:44:28.821721 osdx OSDxCLI[44999]: User 'admin' entered the configuration menu.
Jan 27 16:44:28.943168 osdx OSDxCLI[44999]: User 'admin' added a new cfg line: 'set interfaces ethernet eth1 address 192.168.200.1/24'.
Jan 27 16:44:28.997709 osdx OSDxCLI[44999]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 192.168.100.1/24'.
Jan 27 16:44:29.090260 osdx OSDxCLI[44999]: User 'admin' added a new cfg line: 'set system conntrack logging events all'.
Jan 27 16:44:29.165129 osdx OSDxCLI[44999]: User 'admin' added a new cfg line: 'show working'.
Jan 27 16:44:29.242981 osdx ubnt-cfgd[48199]: inactive
Jan 27 16:44:29.263902 osdx INFO[48205]: FRR daemons did not change
Jan 27 16:44:29.340546 osdx WARNING[48277]: No supported link modes on interface eth1
Jan 27 16:44:29.341863 osdx modulelauncher[48277]: osdx.utils.xos cmd error: /sbin/ethtool -A eth1 autoneg on
Jan 27 16:44:29.341876 osdx modulelauncher[48277]: Command '/sbin/ethtool -A eth1 autoneg on' returned non-zero exit status 76.
Jan 27 16:44:29.342965 osdx modulelauncher[48277]: osdx.utils.xos cmd error: /sbin/ethtool -s eth1 autoneg on advertise Pause off Asym_Pause off --
Jan 27 16:44:29.342973 osdx modulelauncher[48277]: Command '/sbin/ethtool -s eth1 autoneg on advertise Pause off Asym_Pause off --' returned non-zero exit status 75.
Jan 27 16:44:29.416693 osdx WARNING[48357]: No supported link modes on interface eth0
Jan 27 16:44:29.418318 osdx modulelauncher[48357]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on
Jan 27 16:44:29.418329 osdx modulelauncher[48357]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76.
Jan 27 16:44:29.419544 osdx modulelauncher[48357]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Pause off Asym_Pause off --
Jan 27 16:44:29.419553 osdx modulelauncher[48357]: Command '/sbin/ethtool -s eth0 autoneg on advertise Pause off Asym_Pause off --' returned non-zero exit status 75.
Jan 27 16:44:29.481062 osdx systemd[1]: Starting ulogd2.service - Netfilter Userspace Logging Daemon...
Jan 27 16:44:29.481824 osdx systemd[1]: Started ulogd2.service - Netfilter Userspace Logging Daemon.
Jan 27 16:44:29.481952 osdx ulogd[48383]: registering plugin `NFCT'
Jan 27 16:44:29.482213 osdx ulogd[48383]: registering plugin `IP2STR'
Jan 27 16:44:29.482317 osdx ulogd[48383]: registering plugin `PRINTFLOW'
Jan 27 16:44:29.482381 osdx ulogd[48383]: registering plugin `SYSLOG'
Jan 27 16:44:29.482393 osdx ulogd[48383]: building new pluginstance stack: 'ct1:NFCT,ip2str1:IP2STR,print1:PRINTFLOW,sys1:SYSLOG'
Jan 27 16:44:29.482460 osdx ulogd[48383]: NFCT plugin working in event mode
Jan 27 16:44:29.482472 osdx ulogd[48383]: Changing UID / GID
Jan 27 16:44:29.482561 osdx ulogd[48383]: initialization finished, entering main loop
Jan 27 16:44:29.483491 osdx cfgd[1623]: [44999]Completed change to active configuration
Jan 27 16:44:29.494179 osdx OSDxCLI[44999]: User 'admin' committed the configuration.
Jan 27 16:44:29.514854 osdx OSDxCLI[44999]: User 'admin' left the configuration menu.
Jan 27 16:44:31.310141 osdx ulogd[48383]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0
Jan 27 16:44:31.310164 osdx ulogd[48383]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0
Jan 27 16:44:31.397866 osdx ulogd[48383]: [NEW] ORIG: SRC=192.168.200.2 DST=192.168.200.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.200.1 DST=192.168.200.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0
Jan 27 16:44:31.397884 osdx ulogd[48383]: [UPDATE] ORIG: SRC=192.168.200.2 DST=192.168.200.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.200.1 DST=192.168.200.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0
Jan 27 16:44:31.472592 osdx ulogd[48383]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.200.2 PROTO=TCP SPT=38580 DPT=22 PKTS=0 BYTES=0 , REPLY: SRC=192.168.200.2 DST=192.168.100.2 PROTO=TCP SPT=22 DPT=38580 PKTS=0 BYTES=0
Jan 27 16:44:31.472766 osdx ulogd[48383]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.200.2 PROTO=TCP SPT=38580 DPT=22 PKTS=0 BYTES=0 , REPLY: SRC=192.168.200.2 DST=192.168.100.2 PROTO=TCP SPT=22 DPT=38580 PKTS=0 BYTES=0
Jan 27 16:44:31.472900 osdx ulogd[48383]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.200.2 PROTO=TCP SPT=38580 DPT=22 PKTS=0 BYTES=0 , REPLY: SRC=192.168.200.2 DST=192.168.100.2 PROTO=TCP SPT=22 DPT=38580 PKTS=0 BYTES=0 [OFFLOAD]
Jan 27 16:44:31.750373 osdx ulogd[48383]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.200.2 PROTO=TCP SPT=38580 DPT=22 PKTS=0 BYTES=0 , REPLY: SRC=192.168.200.2 DST=192.168.100.2 PROTO=TCP SPT=22 DPT=38580 PKTS=0 BYTES=0
Jan 27 16:44:31.751766 osdx ulogd[48383]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.200.2 PROTO=TCP SPT=38580 DPT=22 PKTS=0 BYTES=0 , REPLY: SRC=192.168.200.2 DST=192.168.100.2 PROTO=TCP SPT=22 DPT=38580 PKTS=0 BYTES=0
Jan 27 16:44:31.751987 osdx ulogd[48383]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.200.2 PROTO=TCP SPT=38580 DPT=22 PKTS=0 BYTES=0 , REPLY: SRC=192.168.200.2 DST=192.168.100.2 PROTO=TCP SPT=22 DPT=38580 PKTS=0 BYTES=0 [OFFLOAD]

---

App detect logging

Description

Set a simple configuration enabling app detection in system conntrack, send a ping command from DUT1 and check app detect field appears when running system journal show. After that, enabling app detection in system conntrack for http host, try to copy index.html from a http server and check that the app detect field appears and belongs to the http server when running system journal show.

Scenario

Step 1: Set the following configuration in DUT0 :

set interfaces ethernet eth0 address 192.168.100.1/24
set system conntrack app-detect
set system conntrack logging events all
set system conntrack timeout icmp 1
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'

Step 2: Set the following configuration in DUT1 :

set interfaces ethernet eth0 address 192.168.100.2/24
set protocols static route 0.0.0.0/0 next-hop 192.168.100.1
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'

Step 3: Ping IP address 192.168.100.1 from DUT1:

admin@DUT1$ ping 192.168.100.1 count 1 size 56 timeout 1

Show output

PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data.
64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.445 ms

--- 192.168.100.1 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 0.445/0.445/0.445/0.000 ms

Step 4: Ping IP address 192.168.100.1 from DUT1:

admin@DUT1$ ping 192.168.100.1 count 3 size 56 timeout 1

Show output

PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data.
64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.269 ms
64 bytes from 192.168.100.1: icmp_seq=2 ttl=64 time=0.397 ms
64 bytes from 192.168.100.1: icmp_seq=3 ttl=64 time=0.342 ms

--- 192.168.100.1 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2048ms
rtt min/avg/max/mdev = 0.269/0.336/0.397/0.052 ms

Step 5: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:

ulogd\[.*\]:.*\[NEW\].*APPDETECT\[L3:1\]

Show output

Jan 27 16:44:36.340187 osdx systemd-journald[1842]: Runtime Journal (/run/log/journal/7f16b2c6785447ce99316296df636466) is 1.8M, max 13.8M, 11.9M free.
Jan 27 16:44:36.342977 osdx systemd-journald[1842]: Received client request to rotate journal, rotating.
Jan 27 16:44:36.343051 osdx systemd-journald[1842]: Vacuuming done, freed 0B of archived journals from /run/log/journal/7f16b2c6785447ce99316296df636466.
Jan 27 16:44:36.351444 osdx OSDxCLI[44999]: User 'admin' executed a new command: 'system journal clear'.
Jan 27 16:44:36.574672 osdx OSDxCLI[44999]: User 'admin' executed a new command: 'system coredump delete all'.
Jan 27 16:44:36.985427 osdx OSDxCLI[44999]: User 'admin' entered the configuration menu.
Jan 27 16:44:37.041089 osdx OSDxCLI[44999]: User 'admin' added a new cfg line: 'set system conntrack app-detect'.
Jan 27 16:44:37.135133 osdx OSDxCLI[44999]: User 'admin' added a new cfg line: 'set system conntrack timeout icmp 1'.
Jan 27 16:44:37.235870 osdx OSDxCLI[44999]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 192.168.100.1/24'.
Jan 27 16:44:37.301392 osdx OSDxCLI[44999]: User 'admin' added a new cfg line: 'set system conntrack logging events all'.
Jan 27 16:44:37.397866 osdx OSDxCLI[44999]: User 'admin' added a new cfg line: 'show working'.
Jan 27 16:44:37.457948 osdx ubnt-cfgd[48614]: inactive
Jan 27 16:44:37.476824 osdx INFO[48620]: FRR daemons did not change
Jan 27 16:44:37.618982 osdx kernel: nfUDPlink: module init
Jan 27 16:44:37.619045 osdx kernel: app-detect: module init
Jan 27 16:44:37.619066 osdx kernel: app-detect: registered: sysctl net.appdetect
Jan 27 16:44:37.619083 osdx kernel: nfUDPlink: connected 127.0.0.1:49000
Jan 27 16:44:37.619095 osdx kernel: nfUDPlink: added destination 127.0.0.1:49000
Jan 27 16:44:37.619106 osdx kernel: app-detect: expression init
Jan 27 16:44:37.619118 osdx kernel: app-detect: appid cache initialized (override=yes, chained=yes)
Jan 27 16:44:37.619130 osdx kernel: app-detect: cache changes counter set appid_changes_count found (klen=4, dlen=4)
Jan 27 16:44:37.625628 osdx modulelauncher[48623]: AppDetect: no appdetect_chain refresh needed, nothing more to do
Jan 27 16:44:37.628117 osdx INFO[48648]: Stopping Traffic Categorization (TCATD) service ...
Jan 27 16:44:37.720352 osdx WARNING[48723]: No supported link modes on interface eth0
Jan 27 16:44:37.722046 osdx modulelauncher[48723]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on
Jan 27 16:44:37.722062 osdx modulelauncher[48723]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76.
Jan 27 16:44:37.723328 osdx modulelauncher[48723]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Pause off Asym_Pause off --
Jan 27 16:44:37.723338 osdx modulelauncher[48723]: Command '/sbin/ethtool -s eth0 autoneg on advertise Pause off Asym_Pause off --' returned non-zero exit status 75.
Jan 27 16:44:37.767356 osdx systemd[1]: Starting ulogd2.service - Netfilter Userspace Logging Daemon...
Jan 27 16:44:37.768179 osdx systemd[1]: Started ulogd2.service - Netfilter Userspace Logging Daemon.
Jan 27 16:44:37.768422 osdx ulogd[48748]: registering plugin `NFCT'
Jan 27 16:44:37.768482 osdx ulogd[48748]: registering plugin `IP2STR'
Jan 27 16:44:37.768531 osdx ulogd[48748]: registering plugin `PRINTFLOW'
Jan 27 16:44:37.768587 osdx ulogd[48748]: registering plugin `SYSLOG'
Jan 27 16:44:37.768592 osdx ulogd[48748]: building new pluginstance stack: 'ct1:NFCT,ip2str1:IP2STR,print1:PRINTFLOW,sys1:SYSLOG'
Jan 27 16:44:37.768643 osdx ulogd[48748]: NFCT plugin working in event mode
Jan 27 16:44:37.768651 osdx ulogd[48748]: Changing UID / GID
Jan 27 16:44:37.768740 osdx ulogd[48748]: initialization finished, entering main loop
Jan 27 16:44:37.769621 osdx cfgd[1623]: [44999]Completed change to active configuration
Jan 27 16:44:37.781168 osdx OSDxCLI[44999]: User 'admin' committed the configuration.
Jan 27 16:44:37.797056 osdx OSDxCLI[44999]: User 'admin' left the configuration menu.
Jan 27 16:44:38.687273 osdx ulogd[48748]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1]
Jan 27 16:44:38.687300 osdx ulogd[48748]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1]
Jan 27 16:44:38.778898 osdx ulogd[48748]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1]
Jan 27 16:44:38.778923 osdx ulogd[48748]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1]
Jan 27 16:44:39.802503 osdx ulogd[48748]: [DESTROY] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 APPDETECT[L3:1]
Jan 27 16:44:39.802523 osdx ulogd[48748]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1]
Jan 27 16:44:39.802542 osdx ulogd[48748]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1]
Jan 27 16:44:40.826422 osdx ulogd[48748]: [DESTROY] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 APPDETECT[L3:1]
Jan 27 16:44:40.826443 osdx ulogd[48748]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1]
Jan 27 16:44:40.826454 osdx ulogd[48748]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1]

Step 6: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:

ulogd\[.*\]:.*\[UPDATE\].*APPDETECT\[L3:1\]

Show output

Jan 27 16:44:36.340187 osdx systemd-journald[1842]: Runtime Journal (/run/log/journal/7f16b2c6785447ce99316296df636466) is 1.8M, max 13.8M, 11.9M free.
Jan 27 16:44:36.342977 osdx systemd-journald[1842]: Received client request to rotate journal, rotating.
Jan 27 16:44:36.343051 osdx systemd-journald[1842]: Vacuuming done, freed 0B of archived journals from /run/log/journal/7f16b2c6785447ce99316296df636466.
Jan 27 16:44:36.351444 osdx OSDxCLI[44999]: User 'admin' executed a new command: 'system journal clear'.
Jan 27 16:44:36.574672 osdx OSDxCLI[44999]: User 'admin' executed a new command: 'system coredump delete all'.
Jan 27 16:44:36.985427 osdx OSDxCLI[44999]: User 'admin' entered the configuration menu.
Jan 27 16:44:37.041089 osdx OSDxCLI[44999]: User 'admin' added a new cfg line: 'set system conntrack app-detect'.
Jan 27 16:44:37.135133 osdx OSDxCLI[44999]: User 'admin' added a new cfg line: 'set system conntrack timeout icmp 1'.
Jan 27 16:44:37.235870 osdx OSDxCLI[44999]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 192.168.100.1/24'.
Jan 27 16:44:37.301392 osdx OSDxCLI[44999]: User 'admin' added a new cfg line: 'set system conntrack logging events all'.
Jan 27 16:44:37.397866 osdx OSDxCLI[44999]: User 'admin' added a new cfg line: 'show working'.
Jan 27 16:44:37.457948 osdx ubnt-cfgd[48614]: inactive
Jan 27 16:44:37.476824 osdx INFO[48620]: FRR daemons did not change
Jan 27 16:44:37.618982 osdx kernel: nfUDPlink: module init
Jan 27 16:44:37.619045 osdx kernel: app-detect: module init
Jan 27 16:44:37.619066 osdx kernel: app-detect: registered: sysctl net.appdetect
Jan 27 16:44:37.619083 osdx kernel: nfUDPlink: connected 127.0.0.1:49000
Jan 27 16:44:37.619095 osdx kernel: nfUDPlink: added destination 127.0.0.1:49000
Jan 27 16:44:37.619106 osdx kernel: app-detect: expression init
Jan 27 16:44:37.619118 osdx kernel: app-detect: appid cache initialized (override=yes, chained=yes)
Jan 27 16:44:37.619130 osdx kernel: app-detect: cache changes counter set appid_changes_count found (klen=4, dlen=4)
Jan 27 16:44:37.625628 osdx modulelauncher[48623]: AppDetect: no appdetect_chain refresh needed, nothing more to do
Jan 27 16:44:37.628117 osdx INFO[48648]: Stopping Traffic Categorization (TCATD) service ...
Jan 27 16:44:37.720352 osdx WARNING[48723]: No supported link modes on interface eth0
Jan 27 16:44:37.722046 osdx modulelauncher[48723]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on
Jan 27 16:44:37.722062 osdx modulelauncher[48723]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76.
Jan 27 16:44:37.723328 osdx modulelauncher[48723]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Pause off Asym_Pause off --
Jan 27 16:44:37.723338 osdx modulelauncher[48723]: Command '/sbin/ethtool -s eth0 autoneg on advertise Pause off Asym_Pause off --' returned non-zero exit status 75.
Jan 27 16:44:37.767356 osdx systemd[1]: Starting ulogd2.service - Netfilter Userspace Logging Daemon...
Jan 27 16:44:37.768179 osdx systemd[1]: Started ulogd2.service - Netfilter Userspace Logging Daemon.
Jan 27 16:44:37.768422 osdx ulogd[48748]: registering plugin `NFCT'
Jan 27 16:44:37.768482 osdx ulogd[48748]: registering plugin `IP2STR'
Jan 27 16:44:37.768531 osdx ulogd[48748]: registering plugin `PRINTFLOW'
Jan 27 16:44:37.768587 osdx ulogd[48748]: registering plugin `SYSLOG'
Jan 27 16:44:37.768592 osdx ulogd[48748]: building new pluginstance stack: 'ct1:NFCT,ip2str1:IP2STR,print1:PRINTFLOW,sys1:SYSLOG'
Jan 27 16:44:37.768643 osdx ulogd[48748]: NFCT plugin working in event mode
Jan 27 16:44:37.768651 osdx ulogd[48748]: Changing UID / GID
Jan 27 16:44:37.768740 osdx ulogd[48748]: initialization finished, entering main loop
Jan 27 16:44:37.769621 osdx cfgd[1623]: [44999]Completed change to active configuration
Jan 27 16:44:37.781168 osdx OSDxCLI[44999]: User 'admin' committed the configuration.
Jan 27 16:44:37.797056 osdx OSDxCLI[44999]: User 'admin' left the configuration menu.
Jan 27 16:44:38.687273 osdx ulogd[48748]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1]
Jan 27 16:44:38.687300 osdx ulogd[48748]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1]
Jan 27 16:44:38.778898 osdx ulogd[48748]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1]
Jan 27 16:44:38.778923 osdx ulogd[48748]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1]
Jan 27 16:44:39.802503 osdx ulogd[48748]: [DESTROY] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 APPDETECT[L3:1]
Jan 27 16:44:39.802523 osdx ulogd[48748]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1]
Jan 27 16:44:39.802542 osdx ulogd[48748]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1]
Jan 27 16:44:40.826422 osdx ulogd[48748]: [DESTROY] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 APPDETECT[L3:1]
Jan 27 16:44:40.826443 osdx ulogd[48748]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1]
Jan 27 16:44:40.826454 osdx ulogd[48748]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1]
Jan 27 16:44:40.932223 osdx OSDxCLI[44999]: User 'admin' executed a new command: 'system journal show | cat'.

Step 7: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:

ulogd\[.*\]:.*\[DESTROY\].*APPDETECT\[L3:1\]

Show output

Jan 27 16:44:36.340187 osdx systemd-journald[1842]: Runtime Journal (/run/log/journal/7f16b2c6785447ce99316296df636466) is 1.8M, max 13.8M, 11.9M free.
Jan 27 16:44:36.342977 osdx systemd-journald[1842]: Received client request to rotate journal, rotating.
Jan 27 16:44:36.343051 osdx systemd-journald[1842]: Vacuuming done, freed 0B of archived journals from /run/log/journal/7f16b2c6785447ce99316296df636466.
Jan 27 16:44:36.351444 osdx OSDxCLI[44999]: User 'admin' executed a new command: 'system journal clear'.
Jan 27 16:44:36.574672 osdx OSDxCLI[44999]: User 'admin' executed a new command: 'system coredump delete all'.
Jan 27 16:44:36.985427 osdx OSDxCLI[44999]: User 'admin' entered the configuration menu.
Jan 27 16:44:37.041089 osdx OSDxCLI[44999]: User 'admin' added a new cfg line: 'set system conntrack app-detect'.
Jan 27 16:44:37.135133 osdx OSDxCLI[44999]: User 'admin' added a new cfg line: 'set system conntrack timeout icmp 1'.
Jan 27 16:44:37.235870 osdx OSDxCLI[44999]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 192.168.100.1/24'.
Jan 27 16:44:37.301392 osdx OSDxCLI[44999]: User 'admin' added a new cfg line: 'set system conntrack logging events all'.
Jan 27 16:44:37.397866 osdx OSDxCLI[44999]: User 'admin' added a new cfg line: 'show working'.
Jan 27 16:44:37.457948 osdx ubnt-cfgd[48614]: inactive
Jan 27 16:44:37.476824 osdx INFO[48620]: FRR daemons did not change
Jan 27 16:44:37.618982 osdx kernel: nfUDPlink: module init
Jan 27 16:44:37.619045 osdx kernel: app-detect: module init
Jan 27 16:44:37.619066 osdx kernel: app-detect: registered: sysctl net.appdetect
Jan 27 16:44:37.619083 osdx kernel: nfUDPlink: connected 127.0.0.1:49000
Jan 27 16:44:37.619095 osdx kernel: nfUDPlink: added destination 127.0.0.1:49000
Jan 27 16:44:37.619106 osdx kernel: app-detect: expression init
Jan 27 16:44:37.619118 osdx kernel: app-detect: appid cache initialized (override=yes, chained=yes)
Jan 27 16:44:37.619130 osdx kernel: app-detect: cache changes counter set appid_changes_count found (klen=4, dlen=4)
Jan 27 16:44:37.625628 osdx modulelauncher[48623]: AppDetect: no appdetect_chain refresh needed, nothing more to do
Jan 27 16:44:37.628117 osdx INFO[48648]: Stopping Traffic Categorization (TCATD) service ...
Jan 27 16:44:37.720352 osdx WARNING[48723]: No supported link modes on interface eth0
Jan 27 16:44:37.722046 osdx modulelauncher[48723]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on
Jan 27 16:44:37.722062 osdx modulelauncher[48723]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76.
Jan 27 16:44:37.723328 osdx modulelauncher[48723]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Pause off Asym_Pause off --
Jan 27 16:44:37.723338 osdx modulelauncher[48723]: Command '/sbin/ethtool -s eth0 autoneg on advertise Pause off Asym_Pause off --' returned non-zero exit status 75.
Jan 27 16:44:37.767356 osdx systemd[1]: Starting ulogd2.service - Netfilter Userspace Logging Daemon...
Jan 27 16:44:37.768179 osdx systemd[1]: Started ulogd2.service - Netfilter Userspace Logging Daemon.
Jan 27 16:44:37.768422 osdx ulogd[48748]: registering plugin `NFCT'
Jan 27 16:44:37.768482 osdx ulogd[48748]: registering plugin `IP2STR'
Jan 27 16:44:37.768531 osdx ulogd[48748]: registering plugin `PRINTFLOW'
Jan 27 16:44:37.768587 osdx ulogd[48748]: registering plugin `SYSLOG'
Jan 27 16:44:37.768592 osdx ulogd[48748]: building new pluginstance stack: 'ct1:NFCT,ip2str1:IP2STR,print1:PRINTFLOW,sys1:SYSLOG'
Jan 27 16:44:37.768643 osdx ulogd[48748]: NFCT plugin working in event mode
Jan 27 16:44:37.768651 osdx ulogd[48748]: Changing UID / GID
Jan 27 16:44:37.768740 osdx ulogd[48748]: initialization finished, entering main loop
Jan 27 16:44:37.769621 osdx cfgd[1623]: [44999]Completed change to active configuration
Jan 27 16:44:37.781168 osdx OSDxCLI[44999]: User 'admin' committed the configuration.
Jan 27 16:44:37.797056 osdx OSDxCLI[44999]: User 'admin' left the configuration menu.
Jan 27 16:44:38.687273 osdx ulogd[48748]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1]
Jan 27 16:44:38.687300 osdx ulogd[48748]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1]
Jan 27 16:44:38.778898 osdx ulogd[48748]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1]
Jan 27 16:44:38.778923 osdx ulogd[48748]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1]
Jan 27 16:44:39.802503 osdx ulogd[48748]: [DESTROY] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 APPDETECT[L3:1]
Jan 27 16:44:39.802523 osdx ulogd[48748]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1]
Jan 27 16:44:39.802542 osdx ulogd[48748]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1]
Jan 27 16:44:40.826422 osdx ulogd[48748]: [DESTROY] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 APPDETECT[L3:1]
Jan 27 16:44:40.826443 osdx ulogd[48748]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1]
Jan 27 16:44:40.826454 osdx ulogd[48748]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1]
Jan 27 16:44:40.932223 osdx OSDxCLI[44999]: User 'admin' executed a new command: 'system journal show | cat'.
Jan 27 16:44:41.054165 osdx OSDxCLI[44999]: User 'admin' executed a new command: 'system journal show | cat'.

Step 8: Modify the following configuration lines in DUT0 :

set interfaces ethernet eth1 address 10.215.168.64/24
set system conntrack app-detect http-host

Step 9: Ping IP address 10.215.168.1 from DUT0:

admin@DUT0$ ping 10.215.168.1 count 1 size 56 timeout 1

Show output

PING 10.215.168.1 (10.215.168.1) 56(84) bytes of data.
64 bytes from 10.215.168.1: icmp_seq=1 ttl=64 time=0.355 ms

--- 10.215.168.1 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 0.355/0.355/0.355/0.000 ms

Step 10: Run command file copy http://10.215.168.1/~robot/ running://index.html force at DUT0 and expect this output:

Show output

  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100  4818    0  4818    0     0   404k      0 --:--:-- --:--:-- --:--:--  427k

Step 11: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:

ulogd\[.*\]:.*\[((NEW)|(UPDATE)|(DESTROY))\].*APPDETECT\[L4:80 http-host:10.215.168.1\]

Show output

Jan 27 16:44:36.340187 osdx systemd-journald[1842]: Runtime Journal (/run/log/journal/7f16b2c6785447ce99316296df636466) is 1.8M, max 13.8M, 11.9M free.
Jan 27 16:44:36.342977 osdx systemd-journald[1842]: Received client request to rotate journal, rotating.
Jan 27 16:44:36.343051 osdx systemd-journald[1842]: Vacuuming done, freed 0B of archived journals from /run/log/journal/7f16b2c6785447ce99316296df636466.
Jan 27 16:44:36.351444 osdx OSDxCLI[44999]: User 'admin' executed a new command: 'system journal clear'.
Jan 27 16:44:36.574672 osdx OSDxCLI[44999]: User 'admin' executed a new command: 'system coredump delete all'.
Jan 27 16:44:36.985427 osdx OSDxCLI[44999]: User 'admin' entered the configuration menu.
Jan 27 16:44:37.041089 osdx OSDxCLI[44999]: User 'admin' added a new cfg line: 'set system conntrack app-detect'.
Jan 27 16:44:37.135133 osdx OSDxCLI[44999]: User 'admin' added a new cfg line: 'set system conntrack timeout icmp 1'.
Jan 27 16:44:37.235870 osdx OSDxCLI[44999]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 192.168.100.1/24'.
Jan 27 16:44:37.301392 osdx OSDxCLI[44999]: User 'admin' added a new cfg line: 'set system conntrack logging events all'.
Jan 27 16:44:37.397866 osdx OSDxCLI[44999]: User 'admin' added a new cfg line: 'show working'.
Jan 27 16:44:37.457948 osdx ubnt-cfgd[48614]: inactive
Jan 27 16:44:37.476824 osdx INFO[48620]: FRR daemons did not change
Jan 27 16:44:37.618982 osdx kernel: nfUDPlink: module init
Jan 27 16:44:37.619045 osdx kernel: app-detect: module init
Jan 27 16:44:37.619066 osdx kernel: app-detect: registered: sysctl net.appdetect
Jan 27 16:44:37.619083 osdx kernel: nfUDPlink: connected 127.0.0.1:49000
Jan 27 16:44:37.619095 osdx kernel: nfUDPlink: added destination 127.0.0.1:49000
Jan 27 16:44:37.619106 osdx kernel: app-detect: expression init
Jan 27 16:44:37.619118 osdx kernel: app-detect: appid cache initialized (override=yes, chained=yes)
Jan 27 16:44:37.619130 osdx kernel: app-detect: cache changes counter set appid_changes_count found (klen=4, dlen=4)
Jan 27 16:44:37.625628 osdx modulelauncher[48623]: AppDetect: no appdetect_chain refresh needed, nothing more to do
Jan 27 16:44:37.628117 osdx INFO[48648]: Stopping Traffic Categorization (TCATD) service ...
Jan 27 16:44:37.720352 osdx WARNING[48723]: No supported link modes on interface eth0
Jan 27 16:44:37.722046 osdx modulelauncher[48723]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on
Jan 27 16:44:37.722062 osdx modulelauncher[48723]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76.
Jan 27 16:44:37.723328 osdx modulelauncher[48723]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Pause off Asym_Pause off --
Jan 27 16:44:37.723338 osdx modulelauncher[48723]: Command '/sbin/ethtool -s eth0 autoneg on advertise Pause off Asym_Pause off --' returned non-zero exit status 75.
Jan 27 16:44:37.767356 osdx systemd[1]: Starting ulogd2.service - Netfilter Userspace Logging Daemon...
Jan 27 16:44:37.768179 osdx systemd[1]: Started ulogd2.service - Netfilter Userspace Logging Daemon.
Jan 27 16:44:37.768422 osdx ulogd[48748]: registering plugin `NFCT'
Jan 27 16:44:37.768482 osdx ulogd[48748]: registering plugin `IP2STR'
Jan 27 16:44:37.768531 osdx ulogd[48748]: registering plugin `PRINTFLOW'
Jan 27 16:44:37.768587 osdx ulogd[48748]: registering plugin `SYSLOG'
Jan 27 16:44:37.768592 osdx ulogd[48748]: building new pluginstance stack: 'ct1:NFCT,ip2str1:IP2STR,print1:PRINTFLOW,sys1:SYSLOG'
Jan 27 16:44:37.768643 osdx ulogd[48748]: NFCT plugin working in event mode
Jan 27 16:44:37.768651 osdx ulogd[48748]: Changing UID / GID
Jan 27 16:44:37.768740 osdx ulogd[48748]: initialization finished, entering main loop
Jan 27 16:44:37.769621 osdx cfgd[1623]: [44999]Completed change to active configuration
Jan 27 16:44:37.781168 osdx OSDxCLI[44999]: User 'admin' committed the configuration.
Jan 27 16:44:37.797056 osdx OSDxCLI[44999]: User 'admin' left the configuration menu.
Jan 27 16:44:38.687273 osdx ulogd[48748]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1]
Jan 27 16:44:38.687300 osdx ulogd[48748]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1]
Jan 27 16:44:38.778898 osdx ulogd[48748]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1]
Jan 27 16:44:38.778923 osdx ulogd[48748]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1]
Jan 27 16:44:39.802503 osdx ulogd[48748]: [DESTROY] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 APPDETECT[L3:1]
Jan 27 16:44:39.802523 osdx ulogd[48748]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1]
Jan 27 16:44:39.802542 osdx ulogd[48748]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1]
Jan 27 16:44:40.826422 osdx ulogd[48748]: [DESTROY] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 APPDETECT[L3:1]
Jan 27 16:44:40.826443 osdx ulogd[48748]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1]
Jan 27 16:44:40.826454 osdx ulogd[48748]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1]
Jan 27 16:44:40.932223 osdx OSDxCLI[44999]: User 'admin' executed a new command: 'system journal show | cat'.
Jan 27 16:44:41.054165 osdx OSDxCLI[44999]: User 'admin' executed a new command: 'system journal show | cat'.
Jan 27 16:44:41.170994 osdx OSDxCLI[44999]: User 'admin' executed a new command: 'system journal show | cat'.
Jan 27 16:44:41.343623 osdx OSDxCLI[44999]: User 'admin' entered the configuration menu.
Jan 27 16:44:41.440215 osdx OSDxCLI[44999]: User 'admin' added a new cfg line: 'set interfaces ethernet eth1 address 10.215.168.64/24'.
Jan 27 16:44:41.518189 osdx OSDxCLI[44999]: User 'admin' added a new cfg line: 'set system conntrack app-detect http-host'.
Jan 27 16:44:41.593183 osdx OSDxCLI[44999]: User 'admin' added a new cfg line: 'show changes'.
Jan 27 16:44:41.680329 osdx ubnt-cfgd[48800]: inactive
Jan 27 16:44:41.701997 osdx INFO[48806]: FRR daemons did not change
Jan 27 16:44:41.746980 osdx kernel: app-detect: expression destroy
Jan 27 16:44:41.759035 osdx kernel: app-detect: expression init
Jan 27 16:44:41.759109 osdx kernel: app-detect: appid cache initialized (override=yes, chained=yes)
Jan 27 16:44:41.759123 osdx kernel: app-detect: cache changes counter set appid_changes_count found (klen=4, dlen=4)
Jan 27 16:44:41.766650 osdx modulelauncher[48809]: AppDetect: no appdetect_chain refresh needed, nothing more to do
Jan 27 16:44:41.769947 osdx INFO[48825]: Stopping Traffic Categorization (TCATD) service ...
Jan 27 16:44:41.870702 osdx WARNING[48895]: No supported link modes on interface eth1
Jan 27 16:44:41.872240 osdx modulelauncher[48895]: osdx.utils.xos cmd error: /sbin/ethtool -A eth1 autoneg on
Jan 27 16:44:41.872253 osdx modulelauncher[48895]: Command '/sbin/ethtool -A eth1 autoneg on' returned non-zero exit status 76.
Jan 27 16:44:41.873534 osdx modulelauncher[48895]: osdx.utils.xos cmd error: /sbin/ethtool -s eth1 autoneg on advertise Pause off Asym_Pause off --
Jan 27 16:44:41.873543 osdx modulelauncher[48895]: Command '/sbin/ethtool -s eth1 autoneg on advertise Pause off Asym_Pause off --' returned non-zero exit status 75.
Jan 27 16:44:41.884240 osdx cfgd[1623]: [44999]Completed change to active configuration
Jan 27 16:44:41.894875 osdx ulogd[48748]: [DESTROY] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 APPDETECT[L3:1]
Jan 27 16:44:41.894893 osdx ulogd[48748]: [DESTROY] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 APPDETECT[L3:1]
Jan 27 16:44:41.924114 osdx OSDxCLI[44999]: User 'admin' committed the configuration.
Jan 27 16:44:41.961416 osdx OSDxCLI[44999]: User 'admin' left the configuration menu.
Jan 27 16:44:42.121317 osdx ulogd[48748]: [NEW] ORIG: SRC=10.215.168.64 DST=10.215.168.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=10.215.168.1 DST=10.215.168.64 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1]
Jan 27 16:44:42.121342 osdx ulogd[48748]: [UPDATE] ORIG: SRC=10.215.168.64 DST=10.215.168.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=10.215.168.1 DST=10.215.168.64 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1]
Jan 27 16:44:42.123805 osdx OSDxCLI[44999]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'.
Jan 27 16:44:42.289714 osdx file_operation[48951]: using src url: http://10.215.168.1/~robot/ dst url: running://index.html
Jan 27 16:44:42.295023 osdx ulogd[48748]: [NEW] ORIG: SRC=10.215.168.64 DST=10.215.168.1 PROTO=TCP SPT=47976 DPT=80 PKTS=0 BYTES=0 , REPLY: SRC=10.215.168.1 DST=10.215.168.64 PROTO=TCP SPT=80 DPT=47976 PKTS=0 BYTES=0 APPDETECT[L4:80]
Jan 27 16:44:42.295124 osdx ulogd[48748]: [UPDATE] ORIG: SRC=10.215.168.64 DST=10.215.168.1 PROTO=TCP SPT=47976 DPT=80 PKTS=0 BYTES=0 , REPLY: SRC=10.215.168.1 DST=10.215.168.64 PROTO=TCP SPT=80 DPT=47976 PKTS=0 BYTES=0 APPDETECT[L4:80]
Jan 27 16:44:42.295148 osdx ulogd[48748]: [UPDATE] ORIG: SRC=10.215.168.64 DST=10.215.168.1 PROTO=TCP SPT=47976 DPT=80 PKTS=0 BYTES=0 , REPLY: SRC=10.215.168.1 DST=10.215.168.64 PROTO=TCP SPT=80 DPT=47976 PKTS=0 BYTES=0 APPDETECT[L4:80]
Jan 27 16:44:42.303495 osdx ulogd[48748]: [UPDATE] ORIG: SRC=10.215.168.64 DST=10.215.168.1 PROTO=TCP SPT=47976 DPT=80 PKTS=0 BYTES=0 , REPLY: SRC=10.215.168.1 DST=10.215.168.64 PROTO=TCP SPT=80 DPT=47976 PKTS=0 BYTES=0 APPDETECT[L4:80 http-host:10.215.168.1]
Jan 27 16:44:42.303798 osdx ulogd[48748]: [UPDATE] ORIG: SRC=10.215.168.64 DST=10.215.168.1 PROTO=TCP SPT=47976 DPT=80 PKTS=0 BYTES=0 , REPLY: SRC=10.215.168.1 DST=10.215.168.64 PROTO=TCP SPT=80 DPT=47976 PKTS=0 BYTES=0 APPDETECT[L4:80 http-host:10.215.168.1]
Jan 27 16:44:42.303818 osdx ulogd[48748]: [UPDATE] ORIG: SRC=10.215.168.64 DST=10.215.168.1 PROTO=TCP SPT=47976 DPT=80 PKTS=0 BYTES=0 , REPLY: SRC=10.215.168.1 DST=10.215.168.64 PROTO=TCP SPT=80 DPT=47976 PKTS=0 BYTES=0 APPDETECT[L4:80 http-host:10.215.168.1]
Jan 27 16:44:42.323781 osdx OSDxCLI[44999]: User 'admin' executed a new command: 'file copy http://10.215.168.1/~robot/ running://index.html force'.

---

App Detect Drop Packet

Description

Set a traffic policy with action drop for all the packets matching an appid specified by a traffic selector. Enable http-host and http-url option in system conntrack appdetect path in order to see relevant information about http packets. Finnally, log that packets with app-id option and check that appdetect field appear in journal when running system journal show

Scenario

Step 1: Set the following configuration in DUT0 :

set interfaces ethernet eth1 address 10.215.168.64/24
set interfaces ethernet eth1 traffic policy out DROP
set system conntrack app-detect dictionary 130 custom app-id 155 fqdn 10.215.168.1
set system conntrack app-detect enable_dict_match_priv_ip
set system conntrack app-detect http-host
set system conntrack app-detect http-url
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
set traffic policy DROP rule 1 action drop
set traffic policy DROP rule 1 log app-id
set traffic policy DROP rule 1 selector APPID
set traffic selector APPID rule 1 app-detect app-id custom 155

Step 2: Ping IP address 10.215.168.1 from DUT0:

admin@DUT0$ ping 10.215.168.1 count 1 size 56 timeout 1

Show output

PING 10.215.168.1 (10.215.168.1) 56(84) bytes of data.
64 bytes from 10.215.168.1: icmp_seq=1 ttl=64 time=0.251 ms

--- 10.215.168.1 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 0.251/0.251/0.251/0.000 ms

Step 3: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:

osdx kernel:.*APPDETECT\[U6:155 http-url:/~robot/ http-host:10.215.168.1\]

Show output

Jan 27 16:44:48.367802 osdx systemd-journald[1842]: Runtime Journal (/run/log/journal/7f16b2c6785447ce99316296df636466) is 1.8M, max 13.8M, 11.9M free.
Jan 27 16:44:48.370438 osdx systemd-journald[1842]: Received client request to rotate journal, rotating.
Jan 27 16:44:48.370496 osdx systemd-journald[1842]: Vacuuming done, freed 0B of archived journals from /run/log/journal/7f16b2c6785447ce99316296df636466.
Jan 27 16:44:48.379438 osdx OSDxCLI[44999]: User 'admin' executed a new command: 'system journal clear'.
Jan 27 16:44:48.701239 osdx OSDxCLI[44999]: User 'admin' executed a new command: 'system coredump delete all'.
Jan 27 16:44:49.033444 osdx OSDxCLI[44999]: User 'admin' entered the configuration menu.
Jan 27 16:44:49.129847 osdx OSDxCLI[44999]: User 'admin' added a new cfg line: 'set system conntrack app-detect dictionary 130 custom app-id 155 fqdn 10.215.168.1'.
Jan 27 16:44:49.223874 osdx OSDxCLI[44999]: User 'admin' added a new cfg line: 'set system conntrack app-detect enable_dict_match_priv_ip'.
Jan 27 16:44:49.285010 osdx OSDxCLI[44999]: User 'admin' added a new cfg line: 'set system conntrack app-detect http-url'.
Jan 27 16:44:49.414206 osdx OSDxCLI[44999]: User 'admin' added a new cfg line: 'set traffic selector APPID rule 1 app-id custom 155'.
Jan 27 16:44:49.479750 osdx OSDxCLI[44999]: User 'admin' added a new cfg line: 'set traffic policy DROP rule 1 selector APPID'.
Jan 27 16:44:49.589647 osdx OSDxCLI[44999]: User 'admin' added a new cfg line: 'set traffic policy DROP rule 1 action drop'.
Jan 27 16:44:49.660697 osdx OSDxCLI[44999]: User 'admin' added a new cfg line: 'set traffic policy DROP rule 1 log app-id'.
Jan 27 16:44:49.791218 osdx OSDxCLI[44999]: User 'admin' added a new cfg line: 'set interfaces ethernet eth1 traffic policy out DROP'.
Jan 27 16:44:49.842679 osdx OSDxCLI[44999]: User 'admin' added a new cfg line: 'set interfaces ethernet eth1 address 10.215.168.64/24'.
Jan 27 16:44:49.942164 osdx OSDxCLI[44999]: User 'admin' added a new cfg line: 'set system conntrack app-detect http-host'.
Jan 27 16:44:50.018886 osdx OSDxCLI[44999]: User 'admin' added a new cfg line: 'show working'.
Jan 27 16:44:50.110921 osdx ubnt-cfgd[49193]: inactive
Jan 27 16:44:50.155289 osdx INFO[49217]: FRR daemons did not change
Jan 27 16:44:50.318434 osdx kernel: nfUDPlink: module init
Jan 27 16:44:50.318483 osdx kernel: app-detect: module init
Jan 27 16:44:50.318501 osdx kernel: app-detect: registered: sysctl net.appdetect
Jan 27 16:44:50.318516 osdx kernel: nfUDPlink: connected 127.0.0.1:49000
Jan 27 16:44:50.318526 osdx kernel: nfUDPlink: added destination 127.0.0.1:49000
Jan 27 16:44:50.318533 osdx kernel: app-detect: expression init
Jan 27 16:44:50.318541 osdx kernel: app-detect: appid cache initialized (override=yes, chained=yes)
Jan 27 16:44:50.318554 osdx kernel: app-detect: cache changes counter set appid_changes_count found (klen=4, dlen=4)
Jan 27 16:44:50.338876 osdx INFO[49252]: Updated /etc/default/osdx_tcatd.conf
Jan 27 16:44:50.338912 osdx INFO[49252]: Restarting Traffic Categorization (TCATD) service ...
Jan 27 16:44:50.374879 osdx systemd[1]: Starting osdx-tcatd.service - App-Detect Traffic Categorization daemon...
Jan 27 16:44:50.387419 osdx systemd[1]: Started osdx-tcatd.service - App-Detect Traffic Categorization daemon.
Jan 27 16:44:50.467070 osdx WARNING[49326]: No supported link modes on interface eth1
Jan 27 16:44:50.468433 osdx modulelauncher[49326]: osdx.utils.xos cmd error: /sbin/ethtool -A eth1 autoneg on
Jan 27 16:44:50.468453 osdx modulelauncher[49326]: Command '/sbin/ethtool -A eth1 autoneg on' returned non-zero exit status 76.
Jan 27 16:44:50.469618 osdx modulelauncher[49326]: osdx.utils.xos cmd error: /sbin/ethtool -s eth1 autoneg on advertise Pause off Asym_Pause off --
Jan 27 16:44:50.469626 osdx modulelauncher[49326]: Command '/sbin/ethtool -s eth1 autoneg on advertise Pause off Asym_Pause off --' returned non-zero exit status 75.
Jan 27 16:44:50.891381 osdx cfgd[1623]: [44999]Completed change to active configuration
Jan 27 16:44:50.907362 osdx OSDxCLI[44999]: User 'admin' committed the configuration.
Jan 27 16:44:50.931150 osdx OSDxCLI[44999]: User 'admin' left the configuration menu.
Jan 27 16:44:51.070580 osdx OSDxCLI[44999]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'.
Jan 27 16:44:51.221461 osdx file_operation[49411]: using src url: http://10.215.168.1/~robot/ dst url: running://index.html
Jan 27 16:44:51.230429 osdx kernel: [DROP-1] DROP IN= OUT=eth1 SRC=10.215.168.64 DST=10.215.168.1 LEN=306 TOS=0x00 PREC=0x00 TTL=64 ID=550 DF PROTO=TCP SPT=47978 DPT=80 WINDOW=502 RES=0x00 ACK PSH URGP=0 APPDETECT[U6:155 http-url:/~robot/ http-host:10.215.168.1]
Jan 27 16:44:51.434437 osdx kernel: [DROP-1] DROP IN= OUT=eth1 SRC=10.215.168.64 DST=10.215.168.1 LEN=306 TOS=0x00 PREC=0x00 TTL=64 ID=551 DF PROTO=TCP SPT=47978 DPT=80 WINDOW=502 RES=0x00 ACK PSH URGP=0 APPDETECT[U6:155 http-url:/~robot/ http-host:10.215.168.1]
Jan 27 16:44:51.842479 osdx kernel: [DROP-1] DROP IN= OUT=eth1 SRC=10.215.168.64 DST=10.215.168.1 LEN=306 TOS=0x00 PREC=0x00 TTL=64 ID=552 DF PROTO=TCP SPT=47978 DPT=80 WINDOW=502 RES=0x00 ACK PSH URGP=0 APPDETECT[U6:155 http-url:/~robot/ http-host:10.215.168.1]
Jan 27 16:44:52.674478 osdx kernel: [DROP-1] DROP IN= OUT=eth1 SRC=10.215.168.64 DST=10.215.168.1 LEN=306 TOS=0x00 PREC=0x00 TTL=64 ID=553 DF PROTO=TCP SPT=47978 DPT=80 WINDOW=502 RES=0x00 ACK PSH URGP=0 APPDETECT[U6:155 http-url:/~robot/ http-host:10.215.168.1]
Jan 27 16:44:54.193668 osdx file_operation.py[49411]: Operation aborted by user.
Jan 27 16:44:54.206440 osdx kernel: [DROP-1] DROP IN= OUT=eth1 SRC=10.215.168.64 DST=10.215.168.1 LEN=306 TOS=0x00 PREC=0x00 TTL=64 ID=554 DF PROTO=TCP SPT=47978 DPT=80 WINDOW=502 RES=0x00 ACK PSH FIN URGP=0 APPDETECT[U6:155 http-url:/~robot/ http-host:10.215.168.1]
Jan 27 16:44:54.210984 osdx OSDxCLI[44999]: User 'admin' executed a new command: 'file copy http://10.215.168.1/~robot/ running://index.html force'.

---

Identity Values

Description

Conntrack identity is able to contain any printed character (max 92 characters) but not spaces

Scenario

Step 1: Run command configure at DUT0 and expect this output:

Show output

admin@osdx#

Step 2: Run command set system conntrack logging identity "he||o w@rld!" at DUT0 and check if output contains the following tokens:

Identity name must be 92 characters or less and must contain printable characters except those defined as part of the space character class

Show output

Identity name must be 92 characters or less and must contain printable characters except those defined as part of the space character class
Value validation failed
CLI Error: Command error

Step 3: Run command set system conntrack logging identity Lorem-ipsum-dolor-sit-amet-consectetur-adipiscing-elit-quisque-lorem-ipsum-dolor-sit-amet-vita at DUT0 and check if output contains the following tokens:

Identity name must be 92 characters or less and must contain printable characters except those defined as part of the space character class

Show output

Identity name must be 92 characters or less and must contain printable characters except those defined as part of the space character class
Value validation failed
CLI Error: Command error

Step 4: Set the following configuration in DUT0 :

set interfaces ethernet eth0 address 192.168.100.1/24
set system conntrack logging events all
set system conntrack logging identity Lorem-ipsum-dolor-sit-amet-consectetur-adipiscing-elit-quisque-lorem-ipsum-dolor-sit-ame-vit
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'

Step 5: Set the following configuration in DUT1 :

set interfaces ethernet eth0 address 192.168.100.2/24
set protocols static route 0.0.0.0/0 next-hop 192.168.100.1
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'

Step 6: Ping IP address 192.168.100.1 from DUT1:

admin@DUT1$ ping 192.168.100.1 count 1 size 56 timeout 1

Show output

PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data.
64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.465 ms

--- 192.168.100.1 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 0.465/0.465/0.465/0.000 ms

Step 7: Ping IP address 192.168.100.1 from DUT1:

admin@DUT1$ ping 192.168.100.1 count 1 size 56 timeout 1

Show output

PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data.
64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.282 ms

--- 192.168.100.1 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 0.282/0.282/0.282/0.000 ms

Step 8: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:

Lorem-ipsum-dolor-sit-amet-consectetur-adipiscing-elit-quisque-lorem-ipsum-dolor-sit-ame-vit\[.*\]:.*\[((NEW)|(UPDATE)|(DESTROY))\].*SRC=192.168.100.2

Show output

Jan 27 16:44:58.000202 osdx systemd-timedated[36563]: Changed local time to Tue 2026-01-27 16:44:58 UTC
Jan 27 16:44:58.001374 osdx OSDxCLI[44999]: User 'admin' executed a new command: 'set date 2026-01-27 16:44:58'.
Jan 27 16:44:58.003081 osdx systemd-journald[1842]: Time jumped backwards, rotating.
Jan 27 16:44:58.307141 osdx systemd-journald[1842]: Runtime Journal (/run/log/journal/7f16b2c6785447ce99316296df636466) is 1.8M, max 13.8M, 11.9M free.
Jan 27 16:44:58.311082 osdx systemd-journald[1842]: Received client request to rotate journal, rotating.
Jan 27 16:44:58.311130 osdx systemd-journald[1842]: Vacuuming done, freed 0B of archived journals from /run/log/journal/7f16b2c6785447ce99316296df636466.
Jan 27 16:44:58.317515 osdx OSDxCLI[44999]: User 'admin' executed a new command: 'system journal clear'.
Jan 27 16:44:58.537305 osdx OSDxCLI[44999]: User 'admin' executed a new command: 'system coredump delete all'.
Jan 27 16:44:58.803975 osdx OSDxCLI[44999]: User 'admin' entered the configuration menu.
Jan 27 16:44:58.867754 osdx cfgd[1623]: [44999]Command output:
                                        Identity name must be 92 characters or less and must contain printable characters except those defined as part of the space character class
                                        Value validation failed
Jan 27 16:44:58.868286 osdx OSDxCLI[44999]: User 'admin' entered an invalid command: 'set system conntrack logging identity "he||o w@rld!"'.
Jan 27 16:44:59.012439 osdx cfgd[1623]: [44999]Command output:
                                        Identity name must be 92 characters or less and must contain printable characters except those defined as part of the space character class
                                        Value validation failed
Jan 27 16:44:59.013241 osdx OSDxCLI[44999]: User 'admin' entered an invalid command: 'set system conntrack logging identity Lorem-ipsum-dolor-sit-amet-consectetur-adipiscing-elit-quisque-lorem-ipsum-dolor-sit-amet-vita'.
Jan 27 16:44:59.067355 osdx OSDxCLI[44999]: User 'admin' left the configuration menu.
Jan 27 16:44:59.323304 osdx OSDxCLI[44999]: User 'admin' entered the configuration menu.
Jan 27 16:44:59.438520 osdx OSDxCLI[44999]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 192.168.100.1/24'.
Jan 27 16:44:59.510390 osdx OSDxCLI[44999]: User 'admin' added a new cfg line: 'set system conntrack logging events all'.
Jan 27 16:44:59.636604 osdx OSDxCLI[44999]: User 'admin' added a new cfg line: 'set system conntrack logging identity Lorem-ipsum-dolor-sit-amet-consectetur-adipiscing-elit-quisque-lorem-ipsum-dolor-sit-ame-vit'.
Jan 27 16:44:59.711909 osdx OSDxCLI[44999]: User 'admin' added a new cfg line: 'show working'.
Jan 27 16:44:59.870904 osdx ubnt-cfgd[49623]: inactive
Jan 27 16:44:59.892525 osdx INFO[49629]: FRR daemons did not change
Jan 27 16:44:59.973748 osdx WARNING[49701]: No supported link modes on interface eth0
Jan 27 16:44:59.975569 osdx modulelauncher[49701]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on
Jan 27 16:44:59.975586 osdx modulelauncher[49701]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76.
Jan 27 16:44:59.977132 osdx modulelauncher[49701]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Pause off Asym_Pause off --
Jan 27 16:44:59.977145 osdx modulelauncher[49701]: Command '/sbin/ethtool -s eth0 autoneg on advertise Pause off Asym_Pause off --' returned non-zero exit status 75.
Jan 27 16:45:00.027368 osdx systemd[1]: Starting ulogd2.service - Netfilter Userspace Logging Daemon...
Jan 27 16:45:00.028349 osdx systemd[1]: Started ulogd2.service - Netfilter Userspace Logging Daemon.
Jan 27 16:45:00.028491 osdx ulogd[49726]: registering plugin `NFCT'
Jan 27 16:45:00.028682 osdx ulogd[49726]: registering plugin `IP2STR'
Jan 27 16:45:00.028746 osdx ulogd[49726]: registering plugin `PRINTFLOW'
Jan 27 16:45:00.028824 osdx ulogd[49726]: registering plugin `SYSLOG'
Jan 27 16:45:00.028853 osdx ulogd[49726]: building new pluginstance stack: 'ct1:NFCT,ip2str1:IP2STR,print1:PRINTFLOW,sys1:SYSLOG'
Jan 27 16:45:00.028917 osdx ulogd[49726]: NFCT plugin working in event mode
Jan 27 16:45:00.028953 osdx Lorem-ipsum-dolor-sit-amet-consectetur-adipiscing-elit-quisque-lorem-ipsum-dolor-sit-ame-vit[49726]: Changing UID / GID
Jan 27 16:45:00.029053 osdx Lorem-ipsum-dolor-sit-amet-consectetur-adipiscing-elit-quisque-lorem-ipsum-dolor-sit-ame-vit[49726]: initialization finished, entering main loop
Jan 27 16:45:00.029456 osdx cfgd[1623]: [44999]Completed change to active configuration
Jan 27 16:45:00.041214 osdx OSDxCLI[44999]: User 'admin' committed the configuration.
Jan 27 16:45:00.058345 osdx OSDxCLI[44999]: User 'admin' left the configuration menu.
Jan 27 16:45:00.905103 osdx Lorem-ipsum-dolor-sit-amet-consectetur-adipiscing-elit-quisque-lorem-ipsum-dolor-sit-ame-vit[49726]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0
Jan 27 16:45:00.905127 osdx Lorem-ipsum-dolor-sit-amet-consectetur-adipiscing-elit-quisque-lorem-ipsum-dolor-sit-ame-vit[49726]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0
Jan 27 16:45:00.982910 osdx Lorem-ipsum-dolor-sit-amet-consectetur-adipiscing-elit-quisque-lorem-ipsum-dolor-sit-ame-vit[49726]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0
Jan 27 16:45:00.982929 osdx Lorem-ipsum-dolor-sit-amet-consectetur-adipiscing-elit-quisque-lorem-ipsum-dolor-sit-ame-vit[49726]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0

---