Logging
The following scenarios show how to configure the conntrack logging option with different traffic policies and services enabled, in order to check that all fields are displayed correctly and all events are captured.
New events
Description
Check NEW sessions events are captured
Scenario
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 192.168.100.1/24 set system conntrack logging events new set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 2: Set the following configuration in DUT1 :
set interfaces ethernet eth0 address 192.168.100.2/24 set protocols static route 0.0.0.0/0 next-hop 192.168.100.1 set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 3: Ping IP address 192.168.100.1 from DUT1:
admin@DUT1$ ping 192.168.100.1 count 1 size 56 timeout 1Show output
PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data. 64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.466 ms --- 192.168.100.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.466/0.466/0.466/0.000 ms
Step 4: Ping IP address 192.168.100.1 from DUT1:
admin@DUT1$ ping 192.168.100.1 count 1 size 56 timeout 1Show output
PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data. 64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.318 ms --- 192.168.100.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.318/0.318/0.318/0.000 ms
Step 5: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
ulogd\[.*\]:.*\[NEW\].*SRC=192.168.100.2Show output
Feb 12 23:27:04.000210 osdx systemd-timedated[787424]: Changed local time to Thu 2026-02-12 23:27:04 UTC Feb 12 23:27:04.001366 osdx OSDxCLI[781896]: User 'admin' executed a new command: 'set date 2026-02-12 23:27:04'. Feb 12 23:27:04.026900 osdx systemd[1]: Starting logrotate.service - Rotate log files... Feb 12 23:27:04.049276 osdx systemd[1]: logrotate.service: Deactivated successfully. Feb 12 23:27:04.049411 osdx systemd[1]: Finished logrotate.service - Rotate log files. Feb 12 23:27:04.410355 osdx systemd-journald[681778]: Runtime Journal (/run/log/journal/fef7273cfed74888920ec39438478308) is 2.4M, max 17.2M, 14.7M free. Feb 12 23:27:04.410876 osdx systemd-journald[681778]: Received client request to rotate journal, rotating. Feb 12 23:27:04.410916 osdx systemd-journald[681778]: Vacuuming done, freed 0B of archived journals from /run/log/journal/fef7273cfed74888920ec39438478308. Feb 12 23:27:04.425071 osdx OSDxCLI[781896]: User 'admin' executed a new command: 'system journal clear'. Feb 12 23:27:04.800244 osdx OSDxCLI[781896]: User 'admin' executed a new command: 'system coredump delete all'. Feb 12 23:27:05.108646 osdx OSDxCLI[781896]: User 'admin' entered the configuration menu. Feb 12 23:27:05.227638 osdx OSDxCLI[781896]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 192.168.100.1/24'. Feb 12 23:27:05.323243 osdx OSDxCLI[781896]: User 'admin' added a new cfg line: 'set system conntrack logging events new'. Feb 12 23:27:05.451034 osdx OSDxCLI[781896]: User 'admin' added a new cfg line: 'show working'. Feb 12 23:27:05.562244 osdx ubnt-cfgd[800298]: inactive Feb 12 23:27:05.583570 osdx INFO[800304]: FRR daemons did not change Feb 12 23:27:05.630492 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Feb 12 23:27:05.701663 osdx WARNING[800376]: No supported link modes on interface eth0 Feb 12 23:27:05.704180 osdx modulelauncher[800376]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on Feb 12 23:27:05.704216 osdx modulelauncher[800376]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76. Feb 12 23:27:05.706689 osdx modulelauncher[800376]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off -- Feb 12 23:27:05.707005 osdx modulelauncher[800376]: Command '/sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off --' returned non-zero exit status 75. Feb 12 23:27:05.767155 osdx systemd[1]: Starting ulogd2.service - Netfilter Userspace Logging Daemon... Feb 12 23:27:05.771267 osdx systemd[1]: Started ulogd2.service - Netfilter Userspace Logging Daemon. Feb 12 23:27:05.772994 osdx cfgd[1631]: [781896]Completed change to active configuration Feb 12 23:27:05.777594 osdx ulogd[800401]: registering plugin `NFCT' Feb 12 23:27:05.779189 osdx ulogd[800401]: registering plugin `IP2STR' Feb 12 23:27:05.779287 osdx ulogd[800401]: registering plugin `PRINTFLOW' Feb 12 23:27:05.781885 osdx ulogd[800401]: registering plugin `SYSLOG' Feb 12 23:27:05.781896 osdx ulogd[800401]: building new pluginstance stack: 'ct1:NFCT,ip2str1:IP2STR,print1:PRINTFLOW,sys1:SYSLOG' Feb 12 23:27:05.782140 osdx ulogd[800401]: NFCT plugin working in event mode Feb 12 23:27:05.782155 osdx ulogd[800401]: Changing UID / GID Feb 12 23:27:05.782266 osdx ulogd[800401]: initialization finished, entering main loop Feb 12 23:27:05.795720 osdx OSDxCLI[781896]: User 'admin' committed the configuration. Feb 12 23:27:05.825814 osdx OSDxCLI[781896]: User 'admin' left the configuration menu. Feb 12 23:27:06.962294 osdx ulogd[800401]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 Feb 12 23:27:07.045090 osdx ulogd[800401]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0
Update events
Description
Check UPDATE sessions events are captured
Scenario
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 192.168.100.1/24 set system conntrack logging events update set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 2: Set the following configuration in DUT1 :
set interfaces ethernet eth0 address 192.168.100.2/24 set protocols static route 0.0.0.0/0 next-hop 192.168.100.1 set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 3: Ping IP address 192.168.100.1 from DUT1:
admin@DUT1$ ping 192.168.100.1 count 1 size 56 timeout 1Show output
PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data. 64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.312 ms --- 192.168.100.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.312/0.312/0.312/0.000 ms
Step 4: Ping IP address 192.168.100.1 from DUT1:
admin@DUT1$ ping 192.168.100.1 count 1 size 56 timeout 1Show output
PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data. 64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.197 ms --- 192.168.100.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.197/0.197/0.197/0.000 ms
Step 5: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
ulogd\[.*\]:.*\[UPDATE\].*SRC=192.168.100.2Show output
Feb 12 23:27:12.291289 osdx systemd-journald[681778]: Runtime Journal (/run/log/journal/fef7273cfed74888920ec39438478308) is 2.8M, max 17.2M, 14.4M free. Feb 12 23:27:12.295182 osdx systemd-journald[681778]: Received client request to rotate journal, rotating. Feb 12 23:27:12.295269 osdx systemd-journald[681778]: Vacuuming done, freed 0B of archived journals from /run/log/journal/fef7273cfed74888920ec39438478308. Feb 12 23:27:12.303633 osdx OSDxCLI[781896]: User 'admin' executed a new command: 'system journal clear'. Feb 12 23:27:12.588310 osdx OSDxCLI[781896]: User 'admin' executed a new command: 'system coredump delete all'. Feb 12 23:27:12.941334 osdx OSDxCLI[781896]: User 'admin' entered the configuration menu. Feb 12 23:27:13.032162 osdx OSDxCLI[781896]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 192.168.100.1/24'. Feb 12 23:27:13.096780 osdx OSDxCLI[781896]: User 'admin' added a new cfg line: 'set system conntrack logging events update'. Feb 12 23:27:13.201402 osdx OSDxCLI[781896]: User 'admin' added a new cfg line: 'show working'. Feb 12 23:27:13.263031 osdx ubnt-cfgd[800608]: inactive Feb 12 23:27:13.281014 osdx INFO[800614]: FRR daemons did not change Feb 12 23:27:13.319181 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Feb 12 23:27:13.361256 osdx WARNING[800686]: No supported link modes on interface eth0 Feb 12 23:27:13.362572 osdx modulelauncher[800686]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on Feb 12 23:27:13.362584 osdx modulelauncher[800686]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76. Feb 12 23:27:13.363784 osdx modulelauncher[800686]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off -- Feb 12 23:27:13.363794 osdx modulelauncher[800686]: Command '/sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off --' returned non-zero exit status 75. Feb 12 23:27:13.419506 osdx systemd[1]: Starting ulogd2.service - Netfilter Userspace Logging Daemon... Feb 12 23:27:13.420325 osdx systemd[1]: Started ulogd2.service - Netfilter Userspace Logging Daemon. Feb 12 23:27:13.420476 osdx ulogd[800711]: registering plugin `NFCT' Feb 12 23:27:13.420702 osdx ulogd[800711]: registering plugin `IP2STR' Feb 12 23:27:13.420754 osdx ulogd[800711]: registering plugin `PRINTFLOW' Feb 12 23:27:13.420834 osdx ulogd[800711]: registering plugin `SYSLOG' Feb 12 23:27:13.420841 osdx ulogd[800711]: building new pluginstance stack: 'ct1:NFCT,ip2str1:IP2STR,print1:PRINTFLOW,sys1:SYSLOG' Feb 12 23:27:13.420898 osdx ulogd[800711]: NFCT plugin working in event mode Feb 12 23:27:13.420940 osdx ulogd[800711]: Changing UID / GID Feb 12 23:27:13.421027 osdx ulogd[800711]: initialization finished, entering main loop Feb 12 23:27:13.421436 osdx cfgd[1631]: [781896]Completed change to active configuration Feb 12 23:27:13.435860 osdx OSDxCLI[781896]: User 'admin' committed the configuration. Feb 12 23:27:13.465206 osdx OSDxCLI[781896]: User 'admin' left the configuration menu. Feb 12 23:27:14.464414 osdx ulogd[800711]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 Feb 12 23:27:14.583336 osdx ulogd[800711]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0
Destroy events
Description
Check DESTROY sessions events are captured
Scenario
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 192.168.100.1/24 set service ssh set system conntrack logging events destroy set system conntrack timeout icmp 1 set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 2: Set the following configuration in DUT1 :
set interfaces ethernet eth0 address 192.168.100.2/24 set protocols static route 0.0.0.0/0 next-hop 192.168.100.1 set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 3: Ping IP address 192.168.100.1 from DUT1:
admin@DUT1$ ping 192.168.100.1 count 1 size 56 timeout 1Show output
PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data. 64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.322 ms --- 192.168.100.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.322/0.322/0.322/0.000 ms
Step 4: Ping IP address 192.168.100.1 from DUT1:
admin@DUT1$ ping 192.168.100.1 count 3 size 56 timeout 1Show output
PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data. 64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.551 ms 64 bytes from 192.168.100.1: icmp_seq=2 ttl=64 time=0.264 ms 64 bytes from 192.168.100.1: icmp_seq=3 ttl=64 time=0.276 ms --- 192.168.100.1 ping statistics --- 3 packets transmitted, 3 received, 0% packet loss, time 2050ms rtt min/avg/max/mdev = 0.264/0.363/0.551/0.132 ms
Step 5: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
ulogd\[.*\]:.*\[DESTROY\].*SRC=192.168.100.2Show output
Feb 12 23:27:19.345640 osdx systemd-journald[681778]: Runtime Journal (/run/log/journal/fef7273cfed74888920ec39438478308) is 2.3M, max 17.2M, 14.8M free. Feb 12 23:27:19.346334 osdx systemd-journald[681778]: Received client request to rotate journal, rotating. Feb 12 23:27:19.346368 osdx systemd-journald[681778]: Vacuuming done, freed 0B of archived journals from /run/log/journal/fef7273cfed74888920ec39438478308. Feb 12 23:27:19.356976 osdx OSDxCLI[781896]: User 'admin' executed a new command: 'system journal clear'. Feb 12 23:27:19.649629 osdx OSDxCLI[781896]: User 'admin' executed a new command: 'system coredump delete all'. Feb 12 23:27:19.891579 osdx OSDxCLI[781896]: User 'admin' entered the configuration menu. Feb 12 23:27:19.975222 osdx OSDxCLI[781896]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 192.168.100.1/24'. Feb 12 23:27:20.048330 osdx OSDxCLI[781896]: User 'admin' added a new cfg line: 'set system conntrack logging events destroy'. Feb 12 23:27:20.145677 osdx OSDxCLI[781896]: User 'admin' added a new cfg line: 'set system conntrack timeout icmp 1'. Feb 12 23:27:20.218871 osdx OSDxCLI[781896]: User 'admin' added a new cfg line: 'set service ssh'. Feb 12 23:27:20.337518 osdx OSDxCLI[781896]: User 'admin' added a new cfg line: 'show working'. Feb 12 23:27:20.407892 osdx ubnt-cfgd[800920]: inactive Feb 12 23:27:20.493445 osdx INFO[800941]: FRR daemons did not change Feb 12 23:27:20.530329 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Feb 12 23:27:20.574323 osdx WARNING[801015]: No supported link modes on interface eth0 Feb 12 23:27:20.576124 osdx modulelauncher[801015]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on Feb 12 23:27:20.576141 osdx modulelauncher[801015]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76. Feb 12 23:27:20.577697 osdx modulelauncher[801015]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off -- Feb 12 23:27:20.577707 osdx modulelauncher[801015]: Command '/sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off --' returned non-zero exit status 75. Feb 12 23:27:20.638735 osdx systemd[1]: Starting ulogd2.service - Netfilter Userspace Logging Daemon... Feb 12 23:27:20.639522 osdx systemd[1]: Started ulogd2.service - Netfilter Userspace Logging Daemon. Feb 12 23:27:20.639688 osdx ulogd[801040]: registering plugin `NFCT' Feb 12 23:27:20.639876 osdx ulogd[801040]: registering plugin `IP2STR' Feb 12 23:27:20.639921 osdx ulogd[801040]: registering plugin `PRINTFLOW' Feb 12 23:27:20.639960 osdx ulogd[801040]: registering plugin `SYSLOG' Feb 12 23:27:20.639966 osdx ulogd[801040]: building new pluginstance stack: 'ct1:NFCT,ip2str1:IP2STR,print1:PRINTFLOW,sys1:SYSLOG' Feb 12 23:27:20.640006 osdx ulogd[801040]: NFCT plugin working in event mode Feb 12 23:27:20.640012 osdx ulogd[801040]: Changing UID / GID Feb 12 23:27:20.640094 osdx ulogd[801040]: initialization finished, entering main loop Feb 12 23:27:20.675733 osdx systemd[1]: Starting ssh.service - OpenBSD Secure Shell server... Feb 12 23:27:20.689169 osdx sshd[801061]: Server listening on 0.0.0.0 port 22. Feb 12 23:27:20.689199 osdx sshd[801061]: Server listening on :: port 22. Feb 12 23:27:20.689312 osdx systemd[1]: Started ssh.service - OpenBSD Secure Shell server. Feb 12 23:27:20.690225 osdx cfgd[1631]: [781896]Completed change to active configuration Feb 12 23:27:20.702578 osdx OSDxCLI[781896]: User 'admin' committed the configuration. Feb 12 23:27:20.722807 osdx OSDxCLI[781896]: User 'admin' left the configuration menu. Feb 12 23:27:22.701221 osdx ulogd[801040]: [DESTROY] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 Feb 12 23:27:23.725172 osdx ulogd[801040]: [DESTROY] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84
Default logging
Description
Set a simple configuration, send a ping command from one device to other
and check that default fields appear when running system journal show.
Scenario
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 192.168.100.1/24 set system conntrack logging events all set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 2: Set the following configuration in DUT1 :
set interfaces ethernet eth0 address 192.168.100.2/24 set protocols static route 0.0.0.0/0 next-hop 192.168.100.1 set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 3: Ping IP address 192.168.100.1 from DUT1:
admin@DUT1$ ping 192.168.100.1 count 1 size 56 timeout 1Show output
PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data. 64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.562 ms --- 192.168.100.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.562/0.562/0.562/0.000 ms
Step 4: Ping IP address 192.168.100.1 from DUT1:
admin@DUT1$ ping 192.168.100.1 count 1 size 56 timeout 1Show output
PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data. 64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.259 ms --- 192.168.100.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.259/0.259/0.259/0.000 ms
Step 5: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
ulogd\[.*\]:.*\[((NEW)|(UPDATE)|(DESTROY))\].*SRC=192.168.100.2Show output
Feb 12 23:27:31.329034 osdx systemd-journald[681778]: Runtime Journal (/run/log/journal/fef7273cfed74888920ec39438478308) is 2.2M, max 17.2M, 14.9M free. Feb 12 23:27:31.331228 osdx systemd-journald[681778]: Received client request to rotate journal, rotating. Feb 12 23:27:31.331332 osdx systemd-journald[681778]: Vacuuming done, freed 0B of archived journals from /run/log/journal/fef7273cfed74888920ec39438478308. Feb 12 23:27:31.342647 osdx OSDxCLI[781896]: User 'admin' executed a new command: 'system journal clear'. Feb 12 23:27:31.593437 osdx OSDxCLI[781896]: User 'admin' executed a new command: 'system coredump delete all'. Feb 12 23:27:32.035549 osdx OSDxCLI[781896]: User 'admin' entered the configuration menu. Feb 12 23:27:32.182771 osdx OSDxCLI[781896]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 192.168.100.1/24'. Feb 12 23:27:32.293207 osdx OSDxCLI[781896]: User 'admin' added a new cfg line: 'set system conntrack logging events all'. Feb 12 23:27:32.416963 osdx OSDxCLI[781896]: User 'admin' added a new cfg line: 'show working'. Feb 12 23:27:32.510198 osdx ubnt-cfgd[801291]: inactive Feb 12 23:27:32.528648 osdx INFO[801297]: FRR daemons did not change Feb 12 23:27:32.566886 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Feb 12 23:27:32.612384 osdx WARNING[801369]: No supported link modes on interface eth0 Feb 12 23:27:32.613804 osdx modulelauncher[801369]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on Feb 12 23:27:32.613816 osdx modulelauncher[801369]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76. Feb 12 23:27:32.615328 osdx modulelauncher[801369]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off -- Feb 12 23:27:32.615337 osdx modulelauncher[801369]: Command '/sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off --' returned non-zero exit status 75. Feb 12 23:27:32.663219 osdx systemd[1]: Starting ulogd2.service - Netfilter Userspace Logging Daemon... Feb 12 23:27:32.663911 osdx systemd[1]: Started ulogd2.service - Netfilter Userspace Logging Daemon. Feb 12 23:27:32.664046 osdx ulogd[801394]: registering plugin `NFCT' Feb 12 23:27:32.664280 osdx ulogd[801394]: registering plugin `IP2STR' Feb 12 23:27:32.664323 osdx ulogd[801394]: registering plugin `PRINTFLOW' Feb 12 23:27:32.664363 osdx ulogd[801394]: registering plugin `SYSLOG' Feb 12 23:27:32.664401 osdx ulogd[801394]: building new pluginstance stack: 'ct1:NFCT,ip2str1:IP2STR,print1:PRINTFLOW,sys1:SYSLOG' Feb 12 23:27:32.664445 osdx ulogd[801394]: NFCT plugin working in event mode Feb 12 23:27:32.664455 osdx ulogd[801394]: Changing UID / GID Feb 12 23:27:32.664522 osdx ulogd[801394]: initialization finished, entering main loop Feb 12 23:27:32.665100 osdx cfgd[1631]: [781896]Completed change to active configuration Feb 12 23:27:32.679575 osdx OSDxCLI[781896]: User 'admin' committed the configuration. Feb 12 23:27:32.696612 osdx OSDxCLI[781896]: User 'admin' left the configuration menu. Feb 12 23:27:33.588849 osdx ulogd[801394]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 Feb 12 23:27:33.588872 osdx ulogd[801394]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 Feb 12 23:27:33.670094 osdx ulogd[801394]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 Feb 12 23:27:33.670118 osdx ulogd[801394]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0
Identity logging
Description
Set a simple configuration with identity OSDx_DUT0 for logs entries, send a ping command from one device to other
and check that the identity has changed when running system journal show.
Scenario
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 192.168.100.1/24 set system conntrack logging events all set system conntrack logging identity OSDx_DUT0 set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 2: Set the following configuration in DUT1 :
set interfaces ethernet eth0 address 192.168.100.2/24 set protocols static route 0.0.0.0/0 next-hop 192.168.100.1 set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 3: Ping IP address 192.168.100.1 from DUT1:
admin@DUT1$ ping 192.168.100.1 count 1 size 56 timeout 1Show output
PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data. 64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.945 ms --- 192.168.100.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.945/0.945/0.945/0.000 ms
Step 4: Ping IP address 192.168.100.1 from DUT1:
admin@DUT1$ ping 192.168.100.1 count 1 size 56 timeout 1Show output
PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data. 64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.263 ms --- 192.168.100.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.263/0.263/0.263/0.000 ms
Step 5: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
OSDx_DUT0\[.*\]:.*\[((NEW)|(UPDATE)|(DESTROY))\].*SRC=192.168.100.2Show output
Feb 12 23:27:38.413405 osdx systemd-journald[681778]: Runtime Journal (/run/log/journal/fef7273cfed74888920ec39438478308) is 2.2M, max 17.2M, 14.9M free. Feb 12 23:27:38.414116 osdx systemd-journald[681778]: Received client request to rotate journal, rotating. Feb 12 23:27:38.414161 osdx systemd-journald[681778]: Vacuuming done, freed 0B of archived journals from /run/log/journal/fef7273cfed74888920ec39438478308. Feb 12 23:27:38.426795 osdx OSDxCLI[781896]: User 'admin' executed a new command: 'system journal clear'. Feb 12 23:27:38.656761 osdx OSDxCLI[781896]: User 'admin' executed a new command: 'system coredump delete all'. Feb 12 23:27:38.918267 osdx OSDxCLI[781896]: User 'admin' entered the configuration menu. Feb 12 23:27:39.021300 osdx OSDxCLI[781896]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 192.168.100.1/24'. Feb 12 23:27:39.087806 osdx OSDxCLI[781896]: User 'admin' added a new cfg line: 'set system conntrack logging events all'. Feb 12 23:27:39.184707 osdx OSDxCLI[781896]: User 'admin' added a new cfg line: 'set system conntrack logging identity OSDx_DUT0'. Feb 12 23:27:39.248701 osdx OSDxCLI[781896]: User 'admin' added a new cfg line: 'show working'. Feb 12 23:27:39.349723 osdx ubnt-cfgd[801604]: inactive Feb 12 23:27:39.367200 osdx INFO[801610]: FRR daemons did not change Feb 12 23:27:39.406037 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Feb 12 23:27:39.454439 osdx WARNING[801682]: No supported link modes on interface eth0 Feb 12 23:27:39.455848 osdx modulelauncher[801682]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on Feb 12 23:27:39.455861 osdx modulelauncher[801682]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76. Feb 12 23:27:39.456952 osdx modulelauncher[801682]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off -- Feb 12 23:27:39.456961 osdx modulelauncher[801682]: Command '/sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off --' returned non-zero exit status 75. Feb 12 23:27:39.502514 osdx systemd[1]: Starting ulogd2.service - Netfilter Userspace Logging Daemon... Feb 12 23:27:39.503230 osdx systemd[1]: Started ulogd2.service - Netfilter Userspace Logging Daemon. Feb 12 23:27:39.503360 osdx ulogd[801707]: registering plugin `NFCT' Feb 12 23:27:39.503555 osdx ulogd[801707]: registering plugin `IP2STR' Feb 12 23:27:39.503595 osdx ulogd[801707]: registering plugin `PRINTFLOW' Feb 12 23:27:39.503635 osdx ulogd[801707]: registering plugin `SYSLOG' Feb 12 23:27:39.503667 osdx ulogd[801707]: building new pluginstance stack: 'ct1:NFCT,ip2str1:IP2STR,print1:PRINTFLOW,sys1:SYSLOG' Feb 12 23:27:39.503710 osdx ulogd[801707]: NFCT plugin working in event mode Feb 12 23:27:39.503719 osdx OSDx_DUT0[801707]: Changing UID / GID Feb 12 23:27:39.503803 osdx OSDx_DUT0[801707]: initialization finished, entering main loop Feb 12 23:27:39.504446 osdx cfgd[1631]: [781896]Completed change to active configuration Feb 12 23:27:39.516496 osdx OSDxCLI[781896]: User 'admin' committed the configuration. Feb 12 23:27:39.556554 osdx OSDxCLI[781896]: User 'admin' left the configuration menu. Feb 12 23:27:40.481422 osdx OSDx_DUT0[801707]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 Feb 12 23:27:40.481454 osdx OSDx_DUT0[801707]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 Feb 12 23:27:40.607766 osdx OSDx_DUT0[801707]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 Feb 12 23:27:40.607791 osdx OSDx_DUT0[801707]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0
Note
If the identity is not provided, “ulogd” will be used by default.
Step 6: Modify the following configuration lines in DUT0 :
delete system conntrack logging identity
Step 7: Ping IP address 192.168.100.1 from DUT1:
admin@DUT1$ ping 192.168.100.1 count 1 size 56 timeout 1Show output
PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data. 64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.324 ms --- 192.168.100.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.324/0.324/0.324/0.000 ms
Step 8: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
ulogd\[.*\]:.*\[((NEW)|(UPDATE)|(DESTROY))\].*SRC=192.168.100.2Show output
Feb 12 23:27:38.413405 osdx systemd-journald[681778]: Runtime Journal (/run/log/journal/fef7273cfed74888920ec39438478308) is 2.2M, max 17.2M, 14.9M free. Feb 12 23:27:38.414116 osdx systemd-journald[681778]: Received client request to rotate journal, rotating. Feb 12 23:27:38.414161 osdx systemd-journald[681778]: Vacuuming done, freed 0B of archived journals from /run/log/journal/fef7273cfed74888920ec39438478308. Feb 12 23:27:38.426795 osdx OSDxCLI[781896]: User 'admin' executed a new command: 'system journal clear'. Feb 12 23:27:38.656761 osdx OSDxCLI[781896]: User 'admin' executed a new command: 'system coredump delete all'. Feb 12 23:27:38.918267 osdx OSDxCLI[781896]: User 'admin' entered the configuration menu. Feb 12 23:27:39.021300 osdx OSDxCLI[781896]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 192.168.100.1/24'. Feb 12 23:27:39.087806 osdx OSDxCLI[781896]: User 'admin' added a new cfg line: 'set system conntrack logging events all'. Feb 12 23:27:39.184707 osdx OSDxCLI[781896]: User 'admin' added a new cfg line: 'set system conntrack logging identity OSDx_DUT0'. Feb 12 23:27:39.248701 osdx OSDxCLI[781896]: User 'admin' added a new cfg line: 'show working'. Feb 12 23:27:39.349723 osdx ubnt-cfgd[801604]: inactive Feb 12 23:27:39.367200 osdx INFO[801610]: FRR daemons did not change Feb 12 23:27:39.406037 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Feb 12 23:27:39.454439 osdx WARNING[801682]: No supported link modes on interface eth0 Feb 12 23:27:39.455848 osdx modulelauncher[801682]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on Feb 12 23:27:39.455861 osdx modulelauncher[801682]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76. Feb 12 23:27:39.456952 osdx modulelauncher[801682]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off -- Feb 12 23:27:39.456961 osdx modulelauncher[801682]: Command '/sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off --' returned non-zero exit status 75. Feb 12 23:27:39.502514 osdx systemd[1]: Starting ulogd2.service - Netfilter Userspace Logging Daemon... Feb 12 23:27:39.503230 osdx systemd[1]: Started ulogd2.service - Netfilter Userspace Logging Daemon. Feb 12 23:27:39.503360 osdx ulogd[801707]: registering plugin `NFCT' Feb 12 23:27:39.503555 osdx ulogd[801707]: registering plugin `IP2STR' Feb 12 23:27:39.503595 osdx ulogd[801707]: registering plugin `PRINTFLOW' Feb 12 23:27:39.503635 osdx ulogd[801707]: registering plugin `SYSLOG' Feb 12 23:27:39.503667 osdx ulogd[801707]: building new pluginstance stack: 'ct1:NFCT,ip2str1:IP2STR,print1:PRINTFLOW,sys1:SYSLOG' Feb 12 23:27:39.503710 osdx ulogd[801707]: NFCT plugin working in event mode Feb 12 23:27:39.503719 osdx OSDx_DUT0[801707]: Changing UID / GID Feb 12 23:27:39.503803 osdx OSDx_DUT0[801707]: initialization finished, entering main loop Feb 12 23:27:39.504446 osdx cfgd[1631]: [781896]Completed change to active configuration Feb 12 23:27:39.516496 osdx OSDxCLI[781896]: User 'admin' committed the configuration. Feb 12 23:27:39.556554 osdx OSDxCLI[781896]: User 'admin' left the configuration menu. Feb 12 23:27:40.481422 osdx OSDx_DUT0[801707]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 Feb 12 23:27:40.481454 osdx OSDx_DUT0[801707]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 Feb 12 23:27:40.607766 osdx OSDx_DUT0[801707]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 Feb 12 23:27:40.607791 osdx OSDx_DUT0[801707]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 Feb 12 23:27:40.709872 osdx OSDxCLI[781896]: User 'admin' executed a new command: 'system journal show | cat'. Feb 12 23:27:40.890515 osdx OSDxCLI[781896]: User 'admin' entered the configuration menu. Feb 12 23:27:40.951816 osdx OSDxCLI[781896]: User 'admin' added a new cfg line: 'delete system conntrack logging identity'. Feb 12 23:27:41.091810 osdx OSDxCLI[781896]: User 'admin' added a new cfg line: 'show changes'. Feb 12 23:27:41.189148 osdx ubnt-cfgd[801743]: inactive Feb 12 23:27:41.207645 osdx INFO[801749]: FRR daemons did not change Feb 12 23:27:41.218342 osdx OSDx_DUT0[801707]: Terminal signal received, exiting Feb 12 23:27:41.218503 osdx systemd[1]: Stopping ulogd2.service - Netfilter Userspace Logging Daemon... Feb 12 23:27:41.218822 osdx systemd[1]: ulogd2.service: Deactivated successfully. Feb 12 23:27:41.218943 osdx systemd[1]: Stopped ulogd2.service - Netfilter Userspace Logging Daemon. Feb 12 23:27:41.250370 osdx systemd[1]: Starting ulogd2.service - Netfilter Userspace Logging Daemon... Feb 12 23:27:41.251084 osdx systemd[1]: Started ulogd2.service - Netfilter Userspace Logging Daemon. Feb 12 23:27:41.251192 osdx ulogd[801757]: registering plugin `NFCT' Feb 12 23:27:41.251242 osdx ulogd[801757]: registering plugin `IP2STR' Feb 12 23:27:41.251287 osdx ulogd[801757]: registering plugin `PRINTFLOW' Feb 12 23:27:41.251340 osdx ulogd[801757]: registering plugin `SYSLOG' Feb 12 23:27:41.251344 osdx ulogd[801757]: building new pluginstance stack: 'ct1:NFCT,ip2str1:IP2STR,print1:PRINTFLOW,sys1:SYSLOG' Feb 12 23:27:41.251393 osdx ulogd[801757]: NFCT plugin working in event mode Feb 12 23:27:41.251401 osdx ulogd[801757]: Changing UID / GID Feb 12 23:27:41.251481 osdx ulogd[801757]: initialization finished, entering main loop Feb 12 23:27:41.252429 osdx cfgd[1631]: [781896]Completed change to active configuration Feb 12 23:27:41.254393 osdx ulogd[801757]: [DESTROY] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 Feb 12 23:27:41.254418 osdx ulogd[801757]: [DESTROY] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 Feb 12 23:27:41.255117 osdx OSDxCLI[781896]: User 'admin' committed the configuration. Feb 12 23:27:41.280557 osdx OSDxCLI[781896]: User 'admin' left the configuration menu. Feb 12 23:27:41.489918 osdx ulogd[801757]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 Feb 12 23:27:41.489941 osdx ulogd[801757]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0
Policies logging
Description
Set a simple configuration with mark and label traffic policies,
send a ping command from one device to other
and check that default, mark and label fields appear when running system journal show.
Scenario
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 192.168.100.1/24 set interfaces ethernet eth0 traffic policy in POLICY set system conntrack logging events all set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0' set traffic label TEST set traffic policy POLICY rule 1 set connmark 33 set traffic policy POLICY rule 1 set label TEST
Step 2: Set the following configuration in DUT1 :
set interfaces ethernet eth0 address 192.168.100.2/24 set protocols static route 0.0.0.0/0 next-hop 192.168.100.1 set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 3: Ping IP address 192.168.100.1 from DUT1:
admin@DUT1$ ping 192.168.100.1 count 1 size 56 timeout 1Show output
PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data. 64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.590 ms --- 192.168.100.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.590/0.590/0.590/0.000 ms
Step 4: Ping IP address 192.168.100.1 from DUT1:
admin@DUT1$ ping 192.168.100.1 count 2 size 56 timeout 1Show output
PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data. 64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.276 ms 64 bytes from 192.168.100.1: icmp_seq=2 ttl=64 time=0.280 ms --- 192.168.100.1 ping statistics --- 2 packets transmitted, 2 received, 0% packet loss, time 1017ms rtt min/avg/max/mdev = 0.276/0.278/0.280/0.002 ms
Step 5: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
ulogd\[.*\]:.*\[((NEW)|(UPDATE)|(DESTROY))\].*MARK=33.*LABELS=TESTShow output
Feb 12 23:27:46.373977 osdx systemd-journald[681778]: Runtime Journal (/run/log/journal/fef7273cfed74888920ec39438478308) is 2.2M, max 17.2M, 14.9M free. Feb 12 23:27:46.375596 osdx systemd-journald[681778]: Received client request to rotate journal, rotating. Feb 12 23:27:46.375671 osdx systemd-journald[681778]: Vacuuming done, freed 0B of archived journals from /run/log/journal/fef7273cfed74888920ec39438478308. Feb 12 23:27:46.384718 osdx OSDxCLI[781896]: User 'admin' executed a new command: 'system journal clear'. Feb 12 23:27:46.614044 osdx OSDxCLI[781896]: User 'admin' executed a new command: 'system coredump delete all'. Feb 12 23:27:46.846512 osdx OSDxCLI[781896]: User 'admin' entered the configuration menu. Feb 12 23:27:46.943431 osdx OSDxCLI[781896]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 traffic policy in POLICY'. Feb 12 23:27:47.003735 osdx OSDxCLI[781896]: User 'admin' added a new cfg line: 'set traffic label TEST'. Feb 12 23:27:47.108759 osdx OSDxCLI[781896]: User 'admin' added a new cfg line: 'set traffic policy POLICY rule 1 set connmark 33'. Feb 12 23:27:47.196410 osdx OSDxCLI[781896]: User 'admin' added a new cfg line: 'set traffic policy POLICY rule 1 set label TEST'. Feb 12 23:27:47.309931 osdx OSDxCLI[781896]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 192.168.100.1/24'. Feb 12 23:27:47.432055 osdx OSDxCLI[781896]: User 'admin' added a new cfg line: 'set system conntrack logging events all'. Feb 12 23:27:47.554147 osdx OSDxCLI[781896]: User 'admin' added a new cfg line: 'show working'. Feb 12 23:27:47.623934 osdx ubnt-cfgd[801944]: inactive Feb 12 23:27:47.656676 osdx INFO[801958]: FRR daemons did not change Feb 12 23:27:47.695596 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Feb 12 23:27:47.740388 osdx WARNING[802030]: No supported link modes on interface eth0 Feb 12 23:27:47.742226 osdx modulelauncher[802030]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on Feb 12 23:27:47.742243 osdx modulelauncher[802030]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76. Feb 12 23:27:47.743648 osdx modulelauncher[802030]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off -- Feb 12 23:27:47.743663 osdx modulelauncher[802030]: Command '/sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off --' returned non-zero exit status 75. Feb 12 23:27:47.851852 osdx systemd[1]: Starting ulogd2.service - Netfilter Userspace Logging Daemon... Feb 12 23:27:47.852606 osdx systemd[1]: Started ulogd2.service - Netfilter Userspace Logging Daemon. Feb 12 23:27:47.852759 osdx ulogd[802055]: registering plugin `NFCT' Feb 12 23:27:47.852951 osdx ulogd[802055]: registering plugin `IP2STR' Feb 12 23:27:47.852991 osdx ulogd[802055]: registering plugin `PRINTFLOW' Feb 12 23:27:47.853062 osdx ulogd[802055]: registering plugin `SYSLOG' Feb 12 23:27:47.853068 osdx ulogd[802055]: building new pluginstance stack: 'ct1:NFCT,ip2str1:IP2STR,print1:PRINTFLOW,sys1:SYSLOG' Feb 12 23:27:47.853114 osdx ulogd[802055]: NFCT plugin working in event mode Feb 12 23:27:47.853123 osdx ulogd[802055]: Changing UID / GID Feb 12 23:27:47.853247 osdx ulogd[802055]: initialization finished, entering main loop Feb 12 23:27:47.866151 osdx ulogd[802055]: Terminal signal received, exiting Feb 12 23:27:47.866249 osdx systemd[1]: Stopping ulogd2.service - Netfilter Userspace Logging Daemon... Feb 12 23:27:47.866470 osdx systemd[1]: ulogd2.service: Deactivated successfully. Feb 12 23:27:47.866591 osdx systemd[1]: Stopped ulogd2.service - Netfilter Userspace Logging Daemon. Feb 12 23:27:47.868469 osdx systemd[1]: Starting ulogd2.service - Netfilter Userspace Logging Daemon... Feb 12 23:27:47.869716 osdx systemd[1]: Started ulogd2.service - Netfilter Userspace Logging Daemon. Feb 12 23:27:47.870054 osdx ulogd[802061]: registering plugin `NFCT' Feb 12 23:27:47.870486 osdx ulogd[802061]: registering plugin `IP2STR' Feb 12 23:27:47.870579 osdx ulogd[802061]: registering plugin `PRINTFLOW' Feb 12 23:27:47.870759 osdx ulogd[802061]: registering plugin `SYSLOG' Feb 12 23:27:47.870772 osdx ulogd[802061]: building new pluginstance stack: 'ct1:NFCT,ip2str1:IP2STR,print1:PRINTFLOW,sys1:SYSLOG' Feb 12 23:27:47.870860 osdx ulogd[802061]: NFCT plugin working in event mode Feb 12 23:27:47.870875 osdx ulogd[802061]: Changing UID / GID Feb 12 23:27:47.871018 osdx ulogd[802061]: initialization finished, entering main loop Feb 12 23:27:48.027458 osdx cfgd[1631]: [781896]Completed change to active configuration Feb 12 23:27:48.039647 osdx OSDxCLI[781896]: User 'admin' committed the configuration. Feb 12 23:27:48.060946 osdx OSDxCLI[781896]: User 'admin' left the configuration menu. Feb 12 23:27:48.915228 osdx ulogd[802061]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 MARK=33 LABELS=TEST Feb 12 23:27:48.915253 osdx ulogd[802061]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 MARK=33 Feb 12 23:27:49.013912 osdx ulogd[802061]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 MARK=33 LABELS=TEST Feb 12 23:27:49.013938 osdx ulogd[802061]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 MARK=33
VRF logging
Description
Set a simple configuration with a vrf,
send a ping command from one device to other
and check that default and vrf fields appear when running system journal show.
Scenario
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 192.168.100.1/24 set interfaces ethernet eth0 vrf RED set protocols vrf RED static route 0.0.0.0/0 next-hop 192.168.100.2 set system conntrack logging events all set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0' set system vrf RED
Step 2: Set the following configuration in DUT1 :
set interfaces ethernet eth0 address 192.168.100.2/24 set protocols static route 0.0.0.0/0 next-hop 192.168.100.1 set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 3: Ping IP address 192.168.100.1 from DUT1:
admin@DUT1$ ping 192.168.100.1 count 1 size 56 timeout 1Show output
PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data. 64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.348 ms --- 192.168.100.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.348/0.348/0.348/0.000 ms
Step 4: Ping IP address 192.168.100.1 from DUT1:
admin@DUT1$ ping 192.168.100.1 count 1 size 56 timeout 1Show output
PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data. 64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.246 ms --- 192.168.100.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.246/0.246/0.246/0.000 ms
Step 5: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
ulogd\[.*\]:.*\[((NEW)|(UPDATE)|(DESTROY))\].*VRF=REDShow output
Feb 12 23:27:55.271857 osdx systemd-journald[681778]: Runtime Journal (/run/log/journal/fef7273cfed74888920ec39438478308) is 2.3M, max 17.2M, 14.9M free. Feb 12 23:27:55.274819 osdx systemd-journald[681778]: Received client request to rotate journal, rotating. Feb 12 23:27:55.274901 osdx systemd-journald[681778]: Vacuuming done, freed 0B of archived journals from /run/log/journal/fef7273cfed74888920ec39438478308. Feb 12 23:27:55.283204 osdx OSDxCLI[781896]: User 'admin' executed a new command: 'system journal clear'. Feb 12 23:27:55.545303 osdx OSDxCLI[781896]: User 'admin' executed a new command: 'system coredump delete all'. Feb 12 23:27:55.807349 osdx OSDxCLI[781896]: User 'admin' entered the configuration menu. Feb 12 23:27:55.910961 osdx OSDxCLI[781896]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 vrf RED'. Feb 12 23:27:55.991999 osdx OSDxCLI[781896]: User 'admin' added a new cfg line: 'set protocols vrf RED static route 0.0.0.0/0 next-hop 192.168.100.2'. Feb 12 23:27:56.079536 osdx OSDxCLI[781896]: User 'admin' added a new cfg line: 'set system vrf RED'. Feb 12 23:27:56.157485 osdx OSDxCLI[781896]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 192.168.100.1/24'. Feb 12 23:27:56.261704 osdx OSDxCLI[781896]: User 'admin' added a new cfg line: 'set system conntrack logging events all'. Feb 12 23:27:56.388802 osdx OSDxCLI[781896]: User 'admin' added a new cfg line: 'show working'. Feb 12 23:27:56.507563 osdx ubnt-cfgd[802321]: inactive Feb 12 23:27:56.531359 osdx INFO[802327]: FRR daemons did not change Feb 12 23:27:56.542214 osdx (udev-worker)[802338]: RED: Could not disable auto negotiation, ignoring: Operation not supported Feb 12 23:27:56.542241 osdx (udev-worker)[802338]: Network interface NamePolicy= disabled on kernel command line. Feb 12 23:27:56.578822 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Feb 12 23:27:56.631005 osdx WARNING[802418]: No supported link modes on interface eth0 Feb 12 23:27:56.633019 osdx modulelauncher[802418]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on Feb 12 23:27:56.633040 osdx modulelauncher[802418]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76. Feb 12 23:27:56.634460 osdx modulelauncher[802418]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off -- Feb 12 23:27:56.634470 osdx modulelauncher[802418]: Command '/sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off --' returned non-zero exit status 75. Feb 12 23:27:56.658834 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Feb 12 23:27:56.760313 osdx systemd[1]: Starting ulogd2.service - Netfilter Userspace Logging Daemon... Feb 12 23:27:56.761434 osdx systemd[1]: Started ulogd2.service - Netfilter Userspace Logging Daemon. Feb 12 23:27:56.761537 osdx ulogd[802504]: registering plugin `NFCT' Feb 12 23:27:56.761587 osdx ulogd[802504]: registering plugin `IP2STR' Feb 12 23:27:56.761643 osdx ulogd[802504]: registering plugin `PRINTFLOW' Feb 12 23:27:56.761693 osdx ulogd[802504]: registering plugin `SYSLOG' Feb 12 23:27:56.761697 osdx ulogd[802504]: building new pluginstance stack: 'ct1:NFCT,ip2str1:IP2STR,print1:PRINTFLOW,sys1:SYSLOG' Feb 12 23:27:56.761756 osdx ulogd[802504]: NFCT plugin working in event mode Feb 12 23:27:56.761765 osdx ulogd[802504]: Changing UID / GID Feb 12 23:27:56.761857 osdx ulogd[802504]: initialization finished, entering main loop Feb 12 23:27:56.763009 osdx cfgd[1631]: [781896]Completed change to active configuration Feb 12 23:27:56.775738 osdx OSDxCLI[781896]: User 'admin' committed the configuration. Feb 12 23:27:56.807733 osdx OSDxCLI[781896]: User 'admin' left the configuration menu. Feb 12 23:27:57.757804 osdx ulogd[802504]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 VRF=RED PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 VRF=RED PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 Feb 12 23:27:57.757828 osdx ulogd[802504]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 VRF=RED PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 VRF=RED PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 Feb 12 23:27:57.880363 osdx ulogd[802504]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 VRF=RED PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 VRF=RED PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 Feb 12 23:27:57.880387 osdx ulogd[802504]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 VRF=RED PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 VRF=RED PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0
Not-Bypass logging
Description
Set a simple configuration with a firewall service,
send a ping command from one device to other
and check that default and bypass fields appear when running system journal show.
Scenario
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth1 address 10.215.168.64/24 set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 2: Ping IP address 10.215.168.1 from DUT0:
admin@DUT0$ ping 10.215.168.1 count 1 size 56 timeout 1Show output
PING 10.215.168.1 (10.215.168.1) 56(84) bytes of data. 64 bytes from 10.215.168.1: icmp_seq=1 ttl=64 time=0.270 ms --- 10.215.168.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.270/0.270/0.270/0.000 ms
Step 3: Run command file copy http://10.215.168.1/~robot/test-performance.rules running:// force at DUT0 and expect this output:
Show output
% Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 100 129 100 129 0 0 4189 0 --:--:-- --:--:-- --:--:-- 4300
Step 4: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 192.168.100.1/24 set interfaces ethernet eth0 traffic policy in POLICY set interfaces ethernet eth1 address 10.215.168.64/24 set service firewall FW mode inline queue FW_Q set service firewall FW ruleset file 'running://test-performance.rules' set service firewall FW stream bypass mark 129834765 set service firewall FW stream bypass mask 129834765 set service firewall FW stream bypass set-connmark set system conntrack logging events all set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0' set traffic policy POLICY rule 1 action enqueue FW_Q set traffic queue FW_Q elements 1
Step 5: Set the following configuration in DUT1 :
set interfaces ethernet eth0 address 192.168.100.2/24 set protocols static route 0.0.0.0/0 next-hop 192.168.100.1 set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 6: Ping IP address 192.168.100.1 from DUT1:
admin@DUT1$ ping 192.168.100.1 count 1 size 56 timeout 1Show output
PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data. 64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.467 ms --- 192.168.100.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.467/0.467/0.467/0.000 ms
Step 7: Ping IP address 192.168.100.1 from DUT1:
admin@DUT1$ ping 192.168.100.1 count 1 size 56 timeout 1Show output
PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data. 64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.581 ms --- 192.168.100.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.581/0.581/0.581/0.000 ms
Step 8: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
ulogd\[.*\]:.*\[((NEW)|(UPDATE)|(DESTROY))\].*Sc: not-bypassShow output
Feb 12 23:28:03.372399 osdx systemd-journald[681778]: Runtime Journal (/run/log/journal/fef7273cfed74888920ec39438478308) is 2.3M, max 17.2M, 14.9M free. Feb 12 23:28:03.374730 osdx systemd-journald[681778]: Received client request to rotate journal, rotating. Feb 12 23:28:03.374796 osdx systemd-journald[681778]: Vacuuming done, freed 0B of archived journals from /run/log/journal/fef7273cfed74888920ec39438478308. Feb 12 23:28:03.382345 osdx OSDxCLI[781896]: User 'admin' executed a new command: 'system journal clear'. Feb 12 23:28:03.619098 osdx OSDxCLI[781896]: User 'admin' executed a new command: 'system coredump delete all'. Feb 12 23:28:03.913289 osdx OSDxCLI[781896]: User 'admin' entered the configuration menu. Feb 12 23:28:04.017133 osdx OSDxCLI[781896]: User 'admin' added a new cfg line: 'set interfaces ethernet eth1 address 10.215.168.64/24'. Feb 12 23:28:04.113878 osdx OSDxCLI[781896]: User 'admin' added a new cfg line: 'show working'. Feb 12 23:28:04.176781 osdx ubnt-cfgd[802798]: inactive Feb 12 23:28:04.198588 osdx INFO[802804]: FRR daemons did not change Feb 12 23:28:04.234736 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth1 Feb 12 23:28:04.280987 osdx WARNING[802873]: No supported link modes on interface eth1 Feb 12 23:28:04.282356 osdx modulelauncher[802873]: osdx.utils.xos cmd error: /sbin/ethtool -A eth1 autoneg on Feb 12 23:28:04.282367 osdx modulelauncher[802873]: Command '/sbin/ethtool -A eth1 autoneg on' returned non-zero exit status 76. Feb 12 23:28:04.283504 osdx modulelauncher[802873]: osdx.utils.xos cmd error: /sbin/ethtool -s eth1 autoneg on advertise Asym_Pause off Pause off -- Feb 12 23:28:04.283511 osdx modulelauncher[802873]: Command '/sbin/ethtool -s eth1 autoneg on advertise Asym_Pause off Pause off --' returned non-zero exit status 75. Feb 12 23:28:04.296060 osdx cfgd[1631]: [781896]Completed change to active configuration Feb 12 23:28:04.308635 osdx OSDxCLI[781896]: User 'admin' committed the configuration. Feb 12 23:28:04.347667 osdx OSDxCLI[781896]: User 'admin' left the configuration menu. Feb 12 23:28:04.519290 osdx OSDxCLI[781896]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'. Feb 12 23:28:04.653100 osdx file_operation[802929]: using src url: http://10.215.168.1/~robot/test-performance.rules dst url: running:// Feb 12 23:28:04.707761 osdx OSDxCLI[781896]: User 'admin' executed a new command: 'file copy http://10.215.168.1/~robot/test-performance.rules running:// force'. Feb 12 23:28:04.844137 osdx OSDxCLI[781896]: User 'admin' entered the configuration menu. Feb 12 23:28:04.922665 osdx OSDxCLI[781896]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 traffic policy in POLICY'. Feb 12 23:28:05.015612 osdx OSDxCLI[781896]: User 'admin' added a new cfg line: 'set service firewall FW mode inline queue FW_Q'. Feb 12 23:28:05.070020 osdx OSDxCLI[781896]: User 'admin' added a new cfg line: 'set service firewall FW ruleset file running://test-performance.rules'. Feb 12 23:28:05.175402 osdx OSDxCLI[781896]: User 'admin' added a new cfg line: 'set service firewall FW stream bypass'. Feb 12 23:28:05.229391 osdx OSDxCLI[781896]: User 'admin' added a new cfg line: 'set service firewall FW stream bypass mark 129834765'. Feb 12 23:28:05.317966 osdx OSDxCLI[781896]: User 'admin' added a new cfg line: 'set service firewall FW stream bypass mask 129834765'. Feb 12 23:28:05.377935 osdx OSDxCLI[781896]: User 'admin' added a new cfg line: 'set service firewall FW stream bypass set-connmark'. Feb 12 23:28:05.477325 osdx OSDxCLI[781896]: User 'admin' added a new cfg line: 'set traffic queue FW_Q elements 1'. Feb 12 23:28:05.535898 osdx OSDxCLI[781896]: User 'admin' added a new cfg line: 'set traffic policy POLICY rule 1 action enqueue FW_Q'. Feb 12 23:28:05.656594 osdx OSDxCLI[781896]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 192.168.100.1/24'. Feb 12 23:28:05.715858 osdx OSDxCLI[781896]: User 'admin' added a new cfg line: 'set system conntrack logging events all'. Feb 12 23:28:05.830868 osdx OSDxCLI[781896]: User 'admin' added a new cfg line: 'show working'. Feb 12 23:28:05.914694 osdx ubnt-cfgd[802964]: inactive Feb 12 23:28:05.962617 osdx INFO[802981]: FRR daemons did not change Feb 12 23:28:06.010738 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Feb 12 23:28:06.056749 osdx WARNING[803053]: No supported link modes on interface eth0 Feb 12 23:28:06.058640 osdx modulelauncher[803053]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on Feb 12 23:28:06.058659 osdx modulelauncher[803053]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76. Feb 12 23:28:06.060329 osdx modulelauncher[803053]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off -- Feb 12 23:28:06.060341 osdx modulelauncher[803053]: Command '/sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off --' returned non-zero exit status 75. Feb 12 23:28:06.123176 osdx systemd[1]: Starting ulogd2.service - Netfilter Userspace Logging Daemon... Feb 12 23:28:06.124033 osdx systemd[1]: Started ulogd2.service - Netfilter Userspace Logging Daemon. Feb 12 23:28:06.124189 osdx ulogd[803078]: registering plugin `NFCT' Feb 12 23:28:06.124429 osdx ulogd[803078]: registering plugin `IP2STR' Feb 12 23:28:06.124480 osdx ulogd[803078]: registering plugin `PRINTFLOW' Feb 12 23:28:06.124539 osdx ulogd[803078]: registering plugin `SYSLOG' Feb 12 23:28:06.124546 osdx ulogd[803078]: building new pluginstance stack: 'ct1:NFCT,ip2str1:IP2STR,print1:PRINTFLOW,sys1:SYSLOG' Feb 12 23:28:06.124606 osdx ulogd[803078]: NFCT plugin working in event mode Feb 12 23:28:06.124663 osdx ulogd[803078]: Changing UID / GID Feb 12 23:28:06.124753 osdx ulogd[803078]: initialization finished, entering main loop Feb 12 23:28:06.306560 osdx ulogd[803078]: Terminal signal received, exiting Feb 12 23:28:06.306622 osdx systemd[1]: Stopping ulogd2.service - Netfilter Userspace Logging Daemon... Feb 12 23:28:06.306886 osdx systemd[1]: ulogd2.service: Deactivated successfully. Feb 12 23:28:06.306978 osdx systemd[1]: Stopped ulogd2.service - Netfilter Userspace Logging Daemon. Feb 12 23:28:06.323128 osdx systemd[1]: Starting ulogd2.service - Netfilter Userspace Logging Daemon... Feb 12 23:28:06.323800 osdx systemd[1]: Started ulogd2.service - Netfilter Userspace Logging Daemon. Feb 12 23:28:06.324016 osdx ulogd[803102]: registering plugin `NFCT' Feb 12 23:28:06.324252 osdx ulogd[803102]: registering plugin `IP2STR' Feb 12 23:28:06.324304 osdx ulogd[803102]: registering plugin `PRINTFLOW' Feb 12 23:28:06.324358 osdx ulogd[803102]: registering plugin `SYSLOG' Feb 12 23:28:06.324365 osdx ulogd[803102]: building new pluginstance stack: 'ct1:NFCT,ip2str1:IP2STR,print1:PRINTFLOW,sys1:SYSLOG' Feb 12 23:28:06.324415 osdx ulogd[803102]: NFCT plugin working in event mode Feb 12 23:28:06.324489 osdx ulogd[803102]: Changing UID / GID Feb 12 23:28:06.324604 osdx ulogd[803102]: initialization finished, entering main loop Feb 12 23:28:06.361355 osdx systemd[1]: Reloading. Feb 12 23:28:06.410730 osdx systemd-sysv-generator[803123]: stat() failed on /etc/init.d/README, ignoring: No such file or directory Feb 12 23:28:06.551288 osdx systemd[1]: Starting logrotate.service - Rotate log files... Feb 12 23:28:06.555636 osdx systemd[1]: Starting suricata@FW.service - Suricata client "FW" service... Feb 12 23:28:06.578083 osdx systemd[1]: Started suricata@FW.service - Suricata client "FW" service. Feb 12 23:28:06.579682 osdx systemd[1]: logrotate.service: Deactivated successfully. Feb 12 23:28:06.579908 osdx systemd[1]: Finished logrotate.service - Rotate log files. Feb 12 23:28:07.002528 osdx INFO[803104]: Rules successfully loaded Feb 12 23:28:07.003187 osdx cfgd[1631]: [781896]Completed change to active configuration Feb 12 23:28:07.014796 osdx OSDxCLI[781896]: User 'admin' committed the configuration. Feb 12 23:28:07.031149 osdx OSDxCLI[781896]: User 'admin' left the configuration menu. Feb 12 23:28:07.930967 osdx ulogd[803102]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 (Sc: not-bypass) Feb 12 23:28:07.930993 osdx ulogd[803102]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 (Sc: not-bypass) Feb 12 23:28:08.008562 osdx ulogd[803102]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 (Sc: not-bypass) Feb 12 23:28:08.008587 osdx ulogd[803102]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 (Sc: not-bypass)
Offload flag
Description
Set a simple configuration with DUT0 as an intermediary between DUT1
and DUT2. Initiate a ssh connection from DUT1 to DUT2
and check that default and offload fields appear when running system journal show.
Scenario
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 192.168.100.1/24 set interfaces ethernet eth1 address 192.168.200.1/24 set system conntrack logging events all set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 2: Set the following configuration in DUT1 :
set interfaces ethernet eth0 address 192.168.100.2/24 set protocols static route 0.0.0.0/0 next-hop 192.168.100.1 set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 3: Set the following configuration in DUT2 :
set interfaces ethernet eth0 address 192.168.200.2/24 set protocols static route 0.0.0.0/0 next-hop 192.168.200.1 set service ssh set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 4: Ping IP address 192.168.100.1 from DUT1:
admin@DUT1$ ping 192.168.100.1 count 1 size 56 timeout 1Show output
PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data. 64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.861 ms --- 192.168.100.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.861/0.861/0.861/0.000 ms
Step 5: Ping IP address 192.168.200.1 from DUT2:
admin@DUT2$ ping 192.168.200.1 count 1 size 56 timeout 1Show output
PING 192.168.200.1 (192.168.200.1) 56(84) bytes of data. 64 bytes from 192.168.200.1: icmp_seq=1 ttl=64 time=0.380 ms --- 192.168.200.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.380/0.380/0.380/0.000 ms
Step 6: Init an SSH connection from DUT1 to IP address 192.168.200.2 with the user admin:
admin@DUT1$ ssh admin@192.168.200.2 option StrictHostKeyChecking=no option UserKnownHostsFile=/dev/nullShow output
Warning: Permanently added '192.168.200.2' (ECDSA) to the list of known hosts. admin@192.168.200.2's password: Welcome to Teldat OSDx v4.2.8.3 This system includes free software. Contact Teldat for licenses information and source code. Last login: Thu Feb 12 23:15:53 2026 admin@osdx$
Step 7: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
ulogd\[.*\]:.*\[((NEW)|(UPDATE)|(DESTROY))\].*\[OFFLOAD\]Show output
Feb 12 23:28:14.309919 osdx systemd-journald[681778]: Runtime Journal (/run/log/journal/fef7273cfed74888920ec39438478308) is 2.2M, max 17.2M, 14.9M free. Feb 12 23:28:14.312637 osdx systemd-journald[681778]: Received client request to rotate journal, rotating. Feb 12 23:28:14.312721 osdx systemd-journald[681778]: Vacuuming done, freed 0B of archived journals from /run/log/journal/fef7273cfed74888920ec39438478308. Feb 12 23:28:14.322243 osdx OSDxCLI[781896]: User 'admin' executed a new command: 'system journal clear'. Feb 12 23:28:14.536459 osdx OSDxCLI[781896]: User 'admin' executed a new command: 'system coredump delete all'. Feb 12 23:28:14.781080 osdx OSDxCLI[781896]: User 'admin' entered the configuration menu. Feb 12 23:28:14.875755 osdx OSDxCLI[781896]: User 'admin' added a new cfg line: 'set interfaces ethernet eth1 address 192.168.200.1/24'. Feb 12 23:28:14.945796 osdx OSDxCLI[781896]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 192.168.100.1/24'. Feb 12 23:28:15.062668 osdx OSDxCLI[781896]: User 'admin' added a new cfg line: 'set system conntrack logging events all'. Feb 12 23:28:15.200079 osdx OSDxCLI[781896]: User 'admin' added a new cfg line: 'show working'. Feb 12 23:28:15.261983 osdx ubnt-cfgd[803450]: inactive Feb 12 23:28:15.284342 osdx INFO[803456]: FRR daemons did not change Feb 12 23:28:15.320632 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth1 Feb 12 23:28:15.365649 osdx WARNING[803528]: No supported link modes on interface eth1 Feb 12 23:28:15.367008 osdx modulelauncher[803528]: osdx.utils.xos cmd error: /sbin/ethtool -A eth1 autoneg on Feb 12 23:28:15.367020 osdx modulelauncher[803528]: Command '/sbin/ethtool -A eth1 autoneg on' returned non-zero exit status 76. Feb 12 23:28:15.368546 osdx modulelauncher[803528]: osdx.utils.xos cmd error: /sbin/ethtool -s eth1 autoneg on advertise Asym_Pause off Pause off -- Feb 12 23:28:15.368559 osdx modulelauncher[803528]: Command '/sbin/ethtool -s eth1 autoneg on advertise Asym_Pause off Pause off --' returned non-zero exit status 75. Feb 12 23:28:15.408634 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Feb 12 23:28:15.451375 osdx WARNING[803608]: No supported link modes on interface eth0 Feb 12 23:28:15.453145 osdx modulelauncher[803608]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on Feb 12 23:28:15.453159 osdx modulelauncher[803608]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76. Feb 12 23:28:15.454749 osdx modulelauncher[803608]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off -- Feb 12 23:28:15.454760 osdx modulelauncher[803608]: Command '/sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off --' returned non-zero exit status 75. Feb 12 23:28:15.517124 osdx systemd[1]: Starting ulogd2.service - Netfilter Userspace Logging Daemon... Feb 12 23:28:15.517830 osdx systemd[1]: Started ulogd2.service - Netfilter Userspace Logging Daemon. Feb 12 23:28:15.518069 osdx ulogd[803634]: registering plugin `NFCT' Feb 12 23:28:15.518316 osdx ulogd[803634]: registering plugin `IP2STR' Feb 12 23:28:15.518369 osdx ulogd[803634]: registering plugin `PRINTFLOW' Feb 12 23:28:15.518457 osdx ulogd[803634]: registering plugin `SYSLOG' Feb 12 23:28:15.518464 osdx ulogd[803634]: building new pluginstance stack: 'ct1:NFCT,ip2str1:IP2STR,print1:PRINTFLOW,sys1:SYSLOG' Feb 12 23:28:15.518517 osdx ulogd[803634]: NFCT plugin working in event mode Feb 12 23:28:15.518569 osdx ulogd[803634]: Changing UID / GID Feb 12 23:28:15.518659 osdx ulogd[803634]: initialization finished, entering main loop Feb 12 23:28:15.519046 osdx cfgd[1631]: [781896]Completed change to active configuration Feb 12 23:28:15.530856 osdx OSDxCLI[781896]: User 'admin' committed the configuration. Feb 12 23:28:15.555761 osdx OSDxCLI[781896]: User 'admin' left the configuration menu. Feb 12 23:28:17.530487 osdx ulogd[803634]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 Feb 12 23:28:17.530506 osdx ulogd[803634]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 Feb 12 23:28:17.609076 osdx ulogd[803634]: [NEW] ORIG: SRC=192.168.200.2 DST=192.168.200.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.200.1 DST=192.168.200.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 Feb 12 23:28:17.609096 osdx ulogd[803634]: [UPDATE] ORIG: SRC=192.168.200.2 DST=192.168.200.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.200.1 DST=192.168.200.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 Feb 12 23:28:17.689508 osdx ulogd[803634]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.200.2 PROTO=TCP SPT=46736 DPT=22 PKTS=0 BYTES=0 , REPLY: SRC=192.168.200.2 DST=192.168.100.2 PROTO=TCP SPT=22 DPT=46736 PKTS=0 BYTES=0 Feb 12 23:28:17.689644 osdx ulogd[803634]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.200.2 PROTO=TCP SPT=46736 DPT=22 PKTS=0 BYTES=0 , REPLY: SRC=192.168.200.2 DST=192.168.100.2 PROTO=TCP SPT=22 DPT=46736 PKTS=0 BYTES=0 Feb 12 23:28:17.689788 osdx ulogd[803634]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.200.2 PROTO=TCP SPT=46736 DPT=22 PKTS=0 BYTES=0 , REPLY: SRC=192.168.200.2 DST=192.168.100.2 PROTO=TCP SPT=22 DPT=46736 PKTS=0 BYTES=0 [OFFLOAD] Feb 12 23:28:17.956861 osdx ulogd[803634]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.200.2 PROTO=TCP SPT=46736 DPT=22 PKTS=0 BYTES=0 , REPLY: SRC=192.168.200.2 DST=192.168.100.2 PROTO=TCP SPT=22 DPT=46736 PKTS=0 BYTES=0 Feb 12 23:28:17.956888 osdx ulogd[803634]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.200.2 PROTO=TCP SPT=46736 DPT=22 PKTS=0 BYTES=0 , REPLY: SRC=192.168.200.2 DST=192.168.100.2 PROTO=TCP SPT=22 DPT=46736 PKTS=0 BYTES=0 [OFFLOAD] Feb 12 23:28:17.958259 osdx ulogd[803634]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.200.2 PROTO=TCP SPT=46736 DPT=22 PKTS=0 BYTES=0 , REPLY: SRC=192.168.200.2 DST=192.168.100.2 PROTO=TCP SPT=22 DPT=46736 PKTS=0 BYTES=0 Feb 12 23:28:17.958412 osdx ulogd[803634]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.200.2 PROTO=TCP SPT=46736 DPT=22 PKTS=0 BYTES=0 , REPLY: SRC=192.168.200.2 DST=192.168.100.2 PROTO=TCP SPT=22 DPT=46736 PKTS=0 BYTES=0 [OFFLOAD]
App detect logging
Description
Set a simple configuration enabling app detection in system conntrack, send a ping command from DUT1
and check app detect field appears when running system journal show. After that, enabling app detection
in system conntrack for http host, try to copy index.html from a http server
and check that the app detect field appears and belongs to the http server when running system journal show.
Scenario
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 192.168.100.1/24 set system conntrack app-detect set system conntrack logging events all set system conntrack timeout icmp 1 set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 2: Set the following configuration in DUT1 :
set interfaces ethernet eth0 address 192.168.100.2/24 set protocols static route 0.0.0.0/0 next-hop 192.168.100.1 set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 3: Ping IP address 192.168.100.1 from DUT1:
admin@DUT1$ ping 192.168.100.1 count 1 size 56 timeout 1Show output
PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data. 64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.668 ms --- 192.168.100.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.668/0.668/0.668/0.000 ms
Step 4: Ping IP address 192.168.100.1 from DUT1:
admin@DUT1$ ping 192.168.100.1 count 3 size 56 timeout 1Show output
PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data. 64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.363 ms 64 bytes from 192.168.100.1: icmp_seq=2 ttl=64 time=0.331 ms 64 bytes from 192.168.100.1: icmp_seq=3 ttl=64 time=0.360 ms --- 192.168.100.1 ping statistics --- 3 packets transmitted, 3 received, 0% packet loss, time 2026ms rtt min/avg/max/mdev = 0.331/0.351/0.363/0.014 ms
Step 5: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
ulogd\[.*\]:.*\[NEW\].*APPDETECT\[L3:1\]Show output
Feb 12 23:28:23.286765 osdx systemd-journald[681778]: Runtime Journal (/run/log/journal/fef7273cfed74888920ec39438478308) is 2.3M, max 17.2M, 14.9M free. Feb 12 23:28:23.287696 osdx systemd-journald[681778]: Received client request to rotate journal, rotating. Feb 12 23:28:23.287743 osdx systemd-journald[681778]: Vacuuming done, freed 0B of archived journals from /run/log/journal/fef7273cfed74888920ec39438478308. Feb 12 23:28:23.296644 osdx OSDxCLI[781896]: User 'admin' executed a new command: 'system journal clear'. Feb 12 23:28:23.503828 osdx OSDxCLI[781896]: User 'admin' executed a new command: 'system coredump delete all'. Feb 12 23:28:23.746788 osdx OSDxCLI[781896]: User 'admin' entered the configuration menu. Feb 12 23:28:23.824249 osdx OSDxCLI[781896]: User 'admin' added a new cfg line: 'set system conntrack app-detect'. Feb 12 23:28:23.913538 osdx OSDxCLI[781896]: User 'admin' added a new cfg line: 'set system conntrack timeout icmp 1'. Feb 12 23:28:24.003268 osdx OSDxCLI[781896]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 192.168.100.1/24'. Feb 12 23:28:24.072193 osdx OSDxCLI[781896]: User 'admin' added a new cfg line: 'set system conntrack logging events all'. Feb 12 23:28:24.177407 osdx OSDxCLI[781896]: User 'admin' added a new cfg line: 'show working'. Feb 12 23:28:24.239947 osdx ubnt-cfgd[803876]: inactive Feb 12 23:28:24.258526 osdx INFO[803882]: FRR daemons did not change Feb 12 23:28:24.407701 osdx kernel: nfUDPlink: module init Feb 12 23:28:24.407755 osdx kernel: app-detect: module init Feb 12 23:28:24.407770 osdx kernel: app-detect: registered: sysctl net.appdetect Feb 12 23:28:24.407779 osdx kernel: nfUDPlink: connected 127.0.0.1:49000 Feb 12 23:28:24.407787 osdx kernel: nfUDPlink: added destination 127.0.0.1:49000 Feb 12 23:28:24.407795 osdx kernel: app-detect: expression init Feb 12 23:28:24.407802 osdx kernel: app-detect: appid cache initialized (override=yes, chained=yes) Feb 12 23:28:24.407810 osdx kernel: app-detect: cache changes counter set appid_changes_count found (klen=4, dlen=4) Feb 12 23:28:24.414529 osdx modulelauncher[803885]: AppDetect: no appdetect_chain refresh needed, nothing more to do Feb 12 23:28:24.417475 osdx INFO[803910]: Stopping Traffic Categorization (TCATD) service ... Feb 12 23:28:24.467719 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Feb 12 23:28:24.513156 osdx WARNING[803985]: No supported link modes on interface eth0 Feb 12 23:28:24.514891 osdx modulelauncher[803985]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on Feb 12 23:28:24.514907 osdx modulelauncher[803985]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76. Feb 12 23:28:24.516444 osdx modulelauncher[803985]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off -- Feb 12 23:28:24.516452 osdx modulelauncher[803985]: Command '/sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off --' returned non-zero exit status 75. Feb 12 23:28:24.563998 osdx systemd[1]: Starting ulogd2.service - Netfilter Userspace Logging Daemon... Feb 12 23:28:24.564820 osdx systemd[1]: Started ulogd2.service - Netfilter Userspace Logging Daemon. Feb 12 23:28:24.564940 osdx ulogd[804010]: registering plugin `NFCT' Feb 12 23:28:24.565146 osdx ulogd[804010]: registering plugin `IP2STR' Feb 12 23:28:24.565189 osdx ulogd[804010]: registering plugin `PRINTFLOW' Feb 12 23:28:24.565226 osdx ulogd[804010]: registering plugin `SYSLOG' Feb 12 23:28:24.565264 osdx ulogd[804010]: building new pluginstance stack: 'ct1:NFCT,ip2str1:IP2STR,print1:PRINTFLOW,sys1:SYSLOG' Feb 12 23:28:24.565307 osdx ulogd[804010]: NFCT plugin working in event mode Feb 12 23:28:24.565315 osdx ulogd[804010]: Changing UID / GID Feb 12 23:28:24.565386 osdx ulogd[804010]: initialization finished, entering main loop Feb 12 23:28:24.565964 osdx cfgd[1631]: [781896]Completed change to active configuration Feb 12 23:28:24.577366 osdx OSDxCLI[781896]: User 'admin' committed the configuration. Feb 12 23:28:24.593330 osdx OSDxCLI[781896]: User 'admin' left the configuration menu. Feb 12 23:28:25.505827 osdx ulogd[804010]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Feb 12 23:28:25.505849 osdx ulogd[804010]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Feb 12 23:28:25.616321 osdx ulogd[804010]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Feb 12 23:28:25.616344 osdx ulogd[804010]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Feb 12 23:28:26.618536 osdx ulogd[804010]: [DESTROY] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 APPDETECT[L3:1] Feb 12 23:28:26.618559 osdx ulogd[804010]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Feb 12 23:28:26.618572 osdx ulogd[804010]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Feb 12 23:28:27.642587 osdx ulogd[804010]: [DESTROY] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 APPDETECT[L3:1] Feb 12 23:28:27.642614 osdx ulogd[804010]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Feb 12 23:28:27.642630 osdx ulogd[804010]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1]
Step 6: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
ulogd\[.*\]:.*\[UPDATE\].*APPDETECT\[L3:1\]Show output
Feb 12 23:28:23.286765 osdx systemd-journald[681778]: Runtime Journal (/run/log/journal/fef7273cfed74888920ec39438478308) is 2.3M, max 17.2M, 14.9M free. Feb 12 23:28:23.287696 osdx systemd-journald[681778]: Received client request to rotate journal, rotating. Feb 12 23:28:23.287743 osdx systemd-journald[681778]: Vacuuming done, freed 0B of archived journals from /run/log/journal/fef7273cfed74888920ec39438478308. Feb 12 23:28:23.296644 osdx OSDxCLI[781896]: User 'admin' executed a new command: 'system journal clear'. Feb 12 23:28:23.503828 osdx OSDxCLI[781896]: User 'admin' executed a new command: 'system coredump delete all'. Feb 12 23:28:23.746788 osdx OSDxCLI[781896]: User 'admin' entered the configuration menu. Feb 12 23:28:23.824249 osdx OSDxCLI[781896]: User 'admin' added a new cfg line: 'set system conntrack app-detect'. Feb 12 23:28:23.913538 osdx OSDxCLI[781896]: User 'admin' added a new cfg line: 'set system conntrack timeout icmp 1'. Feb 12 23:28:24.003268 osdx OSDxCLI[781896]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 192.168.100.1/24'. Feb 12 23:28:24.072193 osdx OSDxCLI[781896]: User 'admin' added a new cfg line: 'set system conntrack logging events all'. Feb 12 23:28:24.177407 osdx OSDxCLI[781896]: User 'admin' added a new cfg line: 'show working'. Feb 12 23:28:24.239947 osdx ubnt-cfgd[803876]: inactive Feb 12 23:28:24.258526 osdx INFO[803882]: FRR daemons did not change Feb 12 23:28:24.407701 osdx kernel: nfUDPlink: module init Feb 12 23:28:24.407755 osdx kernel: app-detect: module init Feb 12 23:28:24.407770 osdx kernel: app-detect: registered: sysctl net.appdetect Feb 12 23:28:24.407779 osdx kernel: nfUDPlink: connected 127.0.0.1:49000 Feb 12 23:28:24.407787 osdx kernel: nfUDPlink: added destination 127.0.0.1:49000 Feb 12 23:28:24.407795 osdx kernel: app-detect: expression init Feb 12 23:28:24.407802 osdx kernel: app-detect: appid cache initialized (override=yes, chained=yes) Feb 12 23:28:24.407810 osdx kernel: app-detect: cache changes counter set appid_changes_count found (klen=4, dlen=4) Feb 12 23:28:24.414529 osdx modulelauncher[803885]: AppDetect: no appdetect_chain refresh needed, nothing more to do Feb 12 23:28:24.417475 osdx INFO[803910]: Stopping Traffic Categorization (TCATD) service ... Feb 12 23:28:24.467719 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Feb 12 23:28:24.513156 osdx WARNING[803985]: No supported link modes on interface eth0 Feb 12 23:28:24.514891 osdx modulelauncher[803985]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on Feb 12 23:28:24.514907 osdx modulelauncher[803985]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76. Feb 12 23:28:24.516444 osdx modulelauncher[803985]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off -- Feb 12 23:28:24.516452 osdx modulelauncher[803985]: Command '/sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off --' returned non-zero exit status 75. Feb 12 23:28:24.563998 osdx systemd[1]: Starting ulogd2.service - Netfilter Userspace Logging Daemon... Feb 12 23:28:24.564820 osdx systemd[1]: Started ulogd2.service - Netfilter Userspace Logging Daemon. Feb 12 23:28:24.564940 osdx ulogd[804010]: registering plugin `NFCT' Feb 12 23:28:24.565146 osdx ulogd[804010]: registering plugin `IP2STR' Feb 12 23:28:24.565189 osdx ulogd[804010]: registering plugin `PRINTFLOW' Feb 12 23:28:24.565226 osdx ulogd[804010]: registering plugin `SYSLOG' Feb 12 23:28:24.565264 osdx ulogd[804010]: building new pluginstance stack: 'ct1:NFCT,ip2str1:IP2STR,print1:PRINTFLOW,sys1:SYSLOG' Feb 12 23:28:24.565307 osdx ulogd[804010]: NFCT plugin working in event mode Feb 12 23:28:24.565315 osdx ulogd[804010]: Changing UID / GID Feb 12 23:28:24.565386 osdx ulogd[804010]: initialization finished, entering main loop Feb 12 23:28:24.565964 osdx cfgd[1631]: [781896]Completed change to active configuration Feb 12 23:28:24.577366 osdx OSDxCLI[781896]: User 'admin' committed the configuration. Feb 12 23:28:24.593330 osdx OSDxCLI[781896]: User 'admin' left the configuration menu. Feb 12 23:28:25.505827 osdx ulogd[804010]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Feb 12 23:28:25.505849 osdx ulogd[804010]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Feb 12 23:28:25.616321 osdx ulogd[804010]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Feb 12 23:28:25.616344 osdx ulogd[804010]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Feb 12 23:28:26.618536 osdx ulogd[804010]: [DESTROY] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 APPDETECT[L3:1] Feb 12 23:28:26.618559 osdx ulogd[804010]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Feb 12 23:28:26.618572 osdx ulogd[804010]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Feb 12 23:28:27.642587 osdx ulogd[804010]: [DESTROY] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 APPDETECT[L3:1] Feb 12 23:28:27.642614 osdx ulogd[804010]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Feb 12 23:28:27.642630 osdx ulogd[804010]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Feb 12 23:28:27.752767 osdx OSDxCLI[781896]: User 'admin' executed a new command: 'system journal show | cat'.
Step 7: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
ulogd\[.*\]:.*\[DESTROY\].*APPDETECT\[L3:1\]Show output
Feb 12 23:28:23.286765 osdx systemd-journald[681778]: Runtime Journal (/run/log/journal/fef7273cfed74888920ec39438478308) is 2.3M, max 17.2M, 14.9M free. Feb 12 23:28:23.287696 osdx systemd-journald[681778]: Received client request to rotate journal, rotating. Feb 12 23:28:23.287743 osdx systemd-journald[681778]: Vacuuming done, freed 0B of archived journals from /run/log/journal/fef7273cfed74888920ec39438478308. Feb 12 23:28:23.296644 osdx OSDxCLI[781896]: User 'admin' executed a new command: 'system journal clear'. Feb 12 23:28:23.503828 osdx OSDxCLI[781896]: User 'admin' executed a new command: 'system coredump delete all'. Feb 12 23:28:23.746788 osdx OSDxCLI[781896]: User 'admin' entered the configuration menu. Feb 12 23:28:23.824249 osdx OSDxCLI[781896]: User 'admin' added a new cfg line: 'set system conntrack app-detect'. Feb 12 23:28:23.913538 osdx OSDxCLI[781896]: User 'admin' added a new cfg line: 'set system conntrack timeout icmp 1'. Feb 12 23:28:24.003268 osdx OSDxCLI[781896]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 192.168.100.1/24'. Feb 12 23:28:24.072193 osdx OSDxCLI[781896]: User 'admin' added a new cfg line: 'set system conntrack logging events all'. Feb 12 23:28:24.177407 osdx OSDxCLI[781896]: User 'admin' added a new cfg line: 'show working'. Feb 12 23:28:24.239947 osdx ubnt-cfgd[803876]: inactive Feb 12 23:28:24.258526 osdx INFO[803882]: FRR daemons did not change Feb 12 23:28:24.407701 osdx kernel: nfUDPlink: module init Feb 12 23:28:24.407755 osdx kernel: app-detect: module init Feb 12 23:28:24.407770 osdx kernel: app-detect: registered: sysctl net.appdetect Feb 12 23:28:24.407779 osdx kernel: nfUDPlink: connected 127.0.0.1:49000 Feb 12 23:28:24.407787 osdx kernel: nfUDPlink: added destination 127.0.0.1:49000 Feb 12 23:28:24.407795 osdx kernel: app-detect: expression init Feb 12 23:28:24.407802 osdx kernel: app-detect: appid cache initialized (override=yes, chained=yes) Feb 12 23:28:24.407810 osdx kernel: app-detect: cache changes counter set appid_changes_count found (klen=4, dlen=4) Feb 12 23:28:24.414529 osdx modulelauncher[803885]: AppDetect: no appdetect_chain refresh needed, nothing more to do Feb 12 23:28:24.417475 osdx INFO[803910]: Stopping Traffic Categorization (TCATD) service ... Feb 12 23:28:24.467719 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Feb 12 23:28:24.513156 osdx WARNING[803985]: No supported link modes on interface eth0 Feb 12 23:28:24.514891 osdx modulelauncher[803985]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on Feb 12 23:28:24.514907 osdx modulelauncher[803985]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76. Feb 12 23:28:24.516444 osdx modulelauncher[803985]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off -- Feb 12 23:28:24.516452 osdx modulelauncher[803985]: Command '/sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off --' returned non-zero exit status 75. Feb 12 23:28:24.563998 osdx systemd[1]: Starting ulogd2.service - Netfilter Userspace Logging Daemon... Feb 12 23:28:24.564820 osdx systemd[1]: Started ulogd2.service - Netfilter Userspace Logging Daemon. Feb 12 23:28:24.564940 osdx ulogd[804010]: registering plugin `NFCT' Feb 12 23:28:24.565146 osdx ulogd[804010]: registering plugin `IP2STR' Feb 12 23:28:24.565189 osdx ulogd[804010]: registering plugin `PRINTFLOW' Feb 12 23:28:24.565226 osdx ulogd[804010]: registering plugin `SYSLOG' Feb 12 23:28:24.565264 osdx ulogd[804010]: building new pluginstance stack: 'ct1:NFCT,ip2str1:IP2STR,print1:PRINTFLOW,sys1:SYSLOG' Feb 12 23:28:24.565307 osdx ulogd[804010]: NFCT plugin working in event mode Feb 12 23:28:24.565315 osdx ulogd[804010]: Changing UID / GID Feb 12 23:28:24.565386 osdx ulogd[804010]: initialization finished, entering main loop Feb 12 23:28:24.565964 osdx cfgd[1631]: [781896]Completed change to active configuration Feb 12 23:28:24.577366 osdx OSDxCLI[781896]: User 'admin' committed the configuration. Feb 12 23:28:24.593330 osdx OSDxCLI[781896]: User 'admin' left the configuration menu. Feb 12 23:28:25.505827 osdx ulogd[804010]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Feb 12 23:28:25.505849 osdx ulogd[804010]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Feb 12 23:28:25.616321 osdx ulogd[804010]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Feb 12 23:28:25.616344 osdx ulogd[804010]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Feb 12 23:28:26.618536 osdx ulogd[804010]: [DESTROY] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 APPDETECT[L3:1] Feb 12 23:28:26.618559 osdx ulogd[804010]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Feb 12 23:28:26.618572 osdx ulogd[804010]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Feb 12 23:28:27.642587 osdx ulogd[804010]: [DESTROY] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 APPDETECT[L3:1] Feb 12 23:28:27.642614 osdx ulogd[804010]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Feb 12 23:28:27.642630 osdx ulogd[804010]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Feb 12 23:28:27.752767 osdx OSDxCLI[781896]: User 'admin' executed a new command: 'system journal show | cat'. Feb 12 23:28:27.875679 osdx OSDxCLI[781896]: User 'admin' executed a new command: 'system journal show | cat'.
Step 8: Modify the following configuration lines in DUT0 :
set interfaces ethernet eth1 address 10.215.168.64/24 set system conntrack app-detect http-host
Step 9: Ping IP address 10.215.168.1 from DUT0:
admin@DUT0$ ping 10.215.168.1 count 1 size 56 timeout 1Show output
PING 10.215.168.1 (10.215.168.1) 56(84) bytes of data. 64 bytes from 10.215.168.1: icmp_seq=1 ttl=64 time=0.286 ms --- 10.215.168.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.286/0.286/0.286/0.000 ms
Step 10: Run command file copy http://10.215.168.1/~robot/ running://index.html force at DUT0 and expect this output:
Show output
% Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 100 4827 0 4827 0 0 712k 0 --:--:-- --:--:-- --:--:-- 785k
Step 11: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
ulogd\[.*\]:.*\[((NEW)|(UPDATE)|(DESTROY))\].*APPDETECT\[L4:80 http-host:10.215.168.1\]Show output
Feb 12 23:28:23.286765 osdx systemd-journald[681778]: Runtime Journal (/run/log/journal/fef7273cfed74888920ec39438478308) is 2.3M, max 17.2M, 14.9M free. Feb 12 23:28:23.287696 osdx systemd-journald[681778]: Received client request to rotate journal, rotating. Feb 12 23:28:23.287743 osdx systemd-journald[681778]: Vacuuming done, freed 0B of archived journals from /run/log/journal/fef7273cfed74888920ec39438478308. Feb 12 23:28:23.296644 osdx OSDxCLI[781896]: User 'admin' executed a new command: 'system journal clear'. Feb 12 23:28:23.503828 osdx OSDxCLI[781896]: User 'admin' executed a new command: 'system coredump delete all'. Feb 12 23:28:23.746788 osdx OSDxCLI[781896]: User 'admin' entered the configuration menu. Feb 12 23:28:23.824249 osdx OSDxCLI[781896]: User 'admin' added a new cfg line: 'set system conntrack app-detect'. Feb 12 23:28:23.913538 osdx OSDxCLI[781896]: User 'admin' added a new cfg line: 'set system conntrack timeout icmp 1'. Feb 12 23:28:24.003268 osdx OSDxCLI[781896]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 192.168.100.1/24'. Feb 12 23:28:24.072193 osdx OSDxCLI[781896]: User 'admin' added a new cfg line: 'set system conntrack logging events all'. Feb 12 23:28:24.177407 osdx OSDxCLI[781896]: User 'admin' added a new cfg line: 'show working'. Feb 12 23:28:24.239947 osdx ubnt-cfgd[803876]: inactive Feb 12 23:28:24.258526 osdx INFO[803882]: FRR daemons did not change Feb 12 23:28:24.407701 osdx kernel: nfUDPlink: module init Feb 12 23:28:24.407755 osdx kernel: app-detect: module init Feb 12 23:28:24.407770 osdx kernel: app-detect: registered: sysctl net.appdetect Feb 12 23:28:24.407779 osdx kernel: nfUDPlink: connected 127.0.0.1:49000 Feb 12 23:28:24.407787 osdx kernel: nfUDPlink: added destination 127.0.0.1:49000 Feb 12 23:28:24.407795 osdx kernel: app-detect: expression init Feb 12 23:28:24.407802 osdx kernel: app-detect: appid cache initialized (override=yes, chained=yes) Feb 12 23:28:24.407810 osdx kernel: app-detect: cache changes counter set appid_changes_count found (klen=4, dlen=4) Feb 12 23:28:24.414529 osdx modulelauncher[803885]: AppDetect: no appdetect_chain refresh needed, nothing more to do Feb 12 23:28:24.417475 osdx INFO[803910]: Stopping Traffic Categorization (TCATD) service ... Feb 12 23:28:24.467719 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Feb 12 23:28:24.513156 osdx WARNING[803985]: No supported link modes on interface eth0 Feb 12 23:28:24.514891 osdx modulelauncher[803985]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on Feb 12 23:28:24.514907 osdx modulelauncher[803985]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76. Feb 12 23:28:24.516444 osdx modulelauncher[803985]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off -- Feb 12 23:28:24.516452 osdx modulelauncher[803985]: Command '/sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off --' returned non-zero exit status 75. Feb 12 23:28:24.563998 osdx systemd[1]: Starting ulogd2.service - Netfilter Userspace Logging Daemon... Feb 12 23:28:24.564820 osdx systemd[1]: Started ulogd2.service - Netfilter Userspace Logging Daemon. Feb 12 23:28:24.564940 osdx ulogd[804010]: registering plugin `NFCT' Feb 12 23:28:24.565146 osdx ulogd[804010]: registering plugin `IP2STR' Feb 12 23:28:24.565189 osdx ulogd[804010]: registering plugin `PRINTFLOW' Feb 12 23:28:24.565226 osdx ulogd[804010]: registering plugin `SYSLOG' Feb 12 23:28:24.565264 osdx ulogd[804010]: building new pluginstance stack: 'ct1:NFCT,ip2str1:IP2STR,print1:PRINTFLOW,sys1:SYSLOG' Feb 12 23:28:24.565307 osdx ulogd[804010]: NFCT plugin working in event mode Feb 12 23:28:24.565315 osdx ulogd[804010]: Changing UID / GID Feb 12 23:28:24.565386 osdx ulogd[804010]: initialization finished, entering main loop Feb 12 23:28:24.565964 osdx cfgd[1631]: [781896]Completed change to active configuration Feb 12 23:28:24.577366 osdx OSDxCLI[781896]: User 'admin' committed the configuration. Feb 12 23:28:24.593330 osdx OSDxCLI[781896]: User 'admin' left the configuration menu. Feb 12 23:28:25.505827 osdx ulogd[804010]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Feb 12 23:28:25.505849 osdx ulogd[804010]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Feb 12 23:28:25.616321 osdx ulogd[804010]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Feb 12 23:28:25.616344 osdx ulogd[804010]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Feb 12 23:28:26.618536 osdx ulogd[804010]: [DESTROY] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 APPDETECT[L3:1] Feb 12 23:28:26.618559 osdx ulogd[804010]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Feb 12 23:28:26.618572 osdx ulogd[804010]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Feb 12 23:28:27.642587 osdx ulogd[804010]: [DESTROY] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 APPDETECT[L3:1] Feb 12 23:28:27.642614 osdx ulogd[804010]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Feb 12 23:28:27.642630 osdx ulogd[804010]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Feb 12 23:28:27.752767 osdx OSDxCLI[781896]: User 'admin' executed a new command: 'system journal show | cat'. Feb 12 23:28:27.875679 osdx OSDxCLI[781896]: User 'admin' executed a new command: 'system journal show | cat'. Feb 12 23:28:28.018481 osdx OSDxCLI[781896]: User 'admin' executed a new command: 'system journal show | cat'. Feb 12 23:28:28.200311 osdx OSDxCLI[781896]: User 'admin' entered the configuration menu. Feb 12 23:28:28.304109 osdx OSDxCLI[781896]: User 'admin' added a new cfg line: 'set interfaces ethernet eth1 address 10.215.168.64/24'. Feb 12 23:28:28.361427 osdx OSDxCLI[781896]: User 'admin' added a new cfg line: 'set system conntrack app-detect http-host'. Feb 12 23:28:28.458882 osdx OSDxCLI[781896]: User 'admin' added a new cfg line: 'show changes'. Feb 12 23:28:28.519163 osdx ubnt-cfgd[804062]: inactive Feb 12 23:28:28.543672 osdx INFO[804068]: FRR daemons did not change Feb 12 23:28:28.583702 osdx kernel: app-detect: expression destroy Feb 12 23:28:28.595725 osdx kernel: app-detect: expression init Feb 12 23:28:28.595836 osdx kernel: app-detect: appid cache initialized (override=yes, chained=yes) Feb 12 23:28:28.595882 osdx kernel: app-detect: cache changes counter set appid_changes_count found (klen=4, dlen=4) Feb 12 23:28:28.615090 osdx modulelauncher[804071]: AppDetect: no appdetect_chain refresh needed, nothing more to do Feb 12 23:28:28.621274 osdx INFO[804087]: Stopping Traffic Categorization (TCATD) service ... Feb 12 23:28:28.671705 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth1 Feb 12 23:28:28.714345 osdx WARNING[804157]: No supported link modes on interface eth1 Feb 12 23:28:28.715628 osdx modulelauncher[804157]: osdx.utils.xos cmd error: /sbin/ethtool -A eth1 autoneg on Feb 12 23:28:28.715639 osdx modulelauncher[804157]: Command '/sbin/ethtool -A eth1 autoneg on' returned non-zero exit status 76. Feb 12 23:28:28.716763 osdx modulelauncher[804157]: osdx.utils.xos cmd error: /sbin/ethtool -s eth1 autoneg on advertise Asym_Pause off Pause off -- Feb 12 23:28:28.716770 osdx modulelauncher[804157]: Command '/sbin/ethtool -s eth1 autoneg on advertise Asym_Pause off Pause off --' returned non-zero exit status 75. Feb 12 23:28:28.726960 osdx cfgd[1631]: [781896]Completed change to active configuration Feb 12 23:28:28.737821 osdx ulogd[804010]: [DESTROY] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 APPDETECT[L3:1] Feb 12 23:28:28.737838 osdx ulogd[804010]: [DESTROY] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 APPDETECT[L3:1] Feb 12 23:28:28.738404 osdx OSDxCLI[781896]: User 'admin' committed the configuration. Feb 12 23:28:28.754379 osdx OSDxCLI[781896]: User 'admin' left the configuration menu. Feb 12 23:28:28.898885 osdx ulogd[804010]: [NEW] ORIG: SRC=10.215.168.64 DST=10.215.168.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=10.215.168.1 DST=10.215.168.64 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Feb 12 23:28:28.899151 osdx ulogd[804010]: [UPDATE] ORIG: SRC=10.215.168.64 DST=10.215.168.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=10.215.168.1 DST=10.215.168.64 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Feb 12 23:28:28.901012 osdx OSDxCLI[781896]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'. Feb 12 23:28:29.042014 osdx file_operation[804213]: using src url: http://10.215.168.1/~robot/ dst url: running://index.html Feb 12 23:28:29.048419 osdx ulogd[804010]: [NEW] ORIG: SRC=10.215.168.64 DST=10.215.168.1 PROTO=TCP SPT=57912 DPT=80 PKTS=0 BYTES=0 , REPLY: SRC=10.215.168.1 DST=10.215.168.64 PROTO=TCP SPT=80 DPT=57912 PKTS=0 BYTES=0 APPDETECT[L4:80] Feb 12 23:28:29.048492 osdx ulogd[804010]: [UPDATE] ORIG: SRC=10.215.168.64 DST=10.215.168.1 PROTO=TCP SPT=57912 DPT=80 PKTS=0 BYTES=0 , REPLY: SRC=10.215.168.1 DST=10.215.168.64 PROTO=TCP SPT=80 DPT=57912 PKTS=0 BYTES=0 APPDETECT[L4:80] Feb 12 23:28:29.048515 osdx ulogd[804010]: [UPDATE] ORIG: SRC=10.215.168.64 DST=10.215.168.1 PROTO=TCP SPT=57912 DPT=80 PKTS=0 BYTES=0 , REPLY: SRC=10.215.168.1 DST=10.215.168.64 PROTO=TCP SPT=80 DPT=57912 PKTS=0 BYTES=0 APPDETECT[L4:80] Feb 12 23:28:29.050818 osdx ulogd[804010]: [UPDATE] ORIG: SRC=10.215.168.64 DST=10.215.168.1 PROTO=TCP SPT=57912 DPT=80 PKTS=0 BYTES=0 , REPLY: SRC=10.215.168.1 DST=10.215.168.64 PROTO=TCP SPT=80 DPT=57912 PKTS=0 BYTES=0 APPDETECT[L4:80 http-host:10.215.168.1] Feb 12 23:28:29.050890 osdx ulogd[804010]: [UPDATE] ORIG: SRC=10.215.168.64 DST=10.215.168.1 PROTO=TCP SPT=57912 DPT=80 PKTS=0 BYTES=0 , REPLY: SRC=10.215.168.1 DST=10.215.168.64 PROTO=TCP SPT=80 DPT=57912 PKTS=0 BYTES=0 APPDETECT[L4:80 http-host:10.215.168.1] Feb 12 23:28:29.050903 osdx ulogd[804010]: [UPDATE] ORIG: SRC=10.215.168.64 DST=10.215.168.1 PROTO=TCP SPT=57912 DPT=80 PKTS=0 BYTES=0 , REPLY: SRC=10.215.168.1 DST=10.215.168.64 PROTO=TCP SPT=80 DPT=57912 PKTS=0 BYTES=0 APPDETECT[L4:80 http-host:10.215.168.1] Feb 12 23:28:29.070183 osdx OSDxCLI[781896]: User 'admin' executed a new command: 'file copy http://10.215.168.1/~robot/ running://index.html force'.
App Detect Drop Packet
Description
Set a traffic policy with action drop for all the packets matching an appid specified by a traffic selector.
Enable http-host and http-url option in system conntrack appdetect path in order to see relevant information about http packets.
Finnally, log that packets with app-id option and check that appdetect field appear in journal when
running system journal show
Scenario
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth1 address 10.215.168.64/24 set interfaces ethernet eth1 traffic policy out DROP set system conntrack app-detect dictionary 130 custom app-id 155 fqdn 10.215.168.1 set system conntrack app-detect enable_dict_match_priv_ip set system conntrack app-detect http-host set system conntrack app-detect http-url set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0' set traffic policy DROP rule 1 action drop set traffic policy DROP rule 1 log app-id set traffic policy DROP rule 1 selector APPID set traffic selector APPID rule 1 app-detect app-id custom 155
Step 2: Ping IP address 10.215.168.1 from DUT0:
admin@DUT0$ ping 10.215.168.1 count 1 size 56 timeout 1Show output
PING 10.215.168.1 (10.215.168.1) 56(84) bytes of data. 64 bytes from 10.215.168.1: icmp_seq=1 ttl=64 time=0.234 ms --- 10.215.168.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.234/0.234/0.234/0.000 ms
Step 3: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
osdx kernel:.*APPDETECT\[U6:155 http-url:/~robot/ http-host:10.215.168.1\]Show output
Feb 12 23:28:34.323032 osdx systemd-journald[681778]: Runtime Journal (/run/log/journal/fef7273cfed74888920ec39438478308) is 2.3M, max 17.2M, 14.9M free. Feb 12 23:28:34.324104 osdx systemd-journald[681778]: Received client request to rotate journal, rotating. Feb 12 23:28:34.324159 osdx systemd-journald[681778]: Vacuuming done, freed 0B of archived journals from /run/log/journal/fef7273cfed74888920ec39438478308. Feb 12 23:28:34.335747 osdx OSDxCLI[781896]: User 'admin' executed a new command: 'system journal clear'. Feb 12 23:28:34.551558 osdx OSDxCLI[781896]: User 'admin' executed a new command: 'system coredump delete all'. Feb 12 23:28:34.827692 osdx OSDxCLI[781896]: User 'admin' entered the configuration menu. Feb 12 23:28:34.899065 osdx OSDxCLI[781896]: User 'admin' added a new cfg line: 'set system conntrack app-detect dictionary 130 custom app-id 155 fqdn 10.215.168.1'. Feb 12 23:28:34.982621 osdx OSDxCLI[781896]: User 'admin' added a new cfg line: 'set system conntrack app-detect enable_dict_match_priv_ip'. Feb 12 23:28:35.054007 osdx OSDxCLI[781896]: User 'admin' added a new cfg line: 'set system conntrack app-detect http-url'. Feb 12 23:28:35.181917 osdx OSDxCLI[781896]: User 'admin' added a new cfg line: 'set traffic selector APPID rule 1 app-detect app-id custom 155'. Feb 12 23:28:35.240801 osdx OSDxCLI[781896]: User 'admin' added a new cfg line: 'set traffic policy DROP rule 1 selector APPID'. Feb 12 23:28:35.351337 osdx OSDxCLI[781896]: User 'admin' added a new cfg line: 'set traffic policy DROP rule 1 action drop'. Feb 12 23:28:35.421374 osdx OSDxCLI[781896]: User 'admin' added a new cfg line: 'set traffic policy DROP rule 1 log app-id'. Feb 12 23:28:35.541926 osdx OSDxCLI[781896]: User 'admin' added a new cfg line: 'set interfaces ethernet eth1 traffic policy out DROP'. Feb 12 23:28:35.607248 osdx OSDxCLI[781896]: User 'admin' added a new cfg line: 'set interfaces ethernet eth1 address 10.215.168.64/24'. Feb 12 23:28:35.716898 osdx OSDxCLI[781896]: User 'admin' added a new cfg line: 'set system conntrack app-detect http-host'. Feb 12 23:28:35.799643 osdx OSDxCLI[781896]: User 'admin' added a new cfg line: 'show working'. Feb 12 23:28:35.890800 osdx ubnt-cfgd[804464]: inactive Feb 12 23:28:35.934277 osdx INFO[804488]: FRR daemons did not change Feb 12 23:28:36.120110 osdx kernel: nfUDPlink: module init Feb 12 23:28:36.120162 osdx kernel: app-detect: module init Feb 12 23:28:36.120172 osdx kernel: app-detect: registered: sysctl net.appdetect Feb 12 23:28:36.120180 osdx kernel: nfUDPlink: connected 127.0.0.1:49000 Feb 12 23:28:36.120188 osdx kernel: nfUDPlink: added destination 127.0.0.1:49000 Feb 12 23:28:36.120195 osdx kernel: app-detect: expression init Feb 12 23:28:36.120203 osdx kernel: app-detect: appid cache initialized (override=yes, chained=yes) Feb 12 23:28:36.120215 osdx kernel: app-detect: cache changes counter set appid_changes_count found (klen=4, dlen=4) Feb 12 23:28:36.140610 osdx INFO[804523]: Updated /etc/default/osdx_tcatd.conf Feb 12 23:28:36.140646 osdx INFO[804523]: Restarting Traffic Categorization (TCATD) service ... Feb 12 23:28:36.172404 osdx systemd[1]: Starting osdx-tcatd.service - App-Detect Traffic Categorization daemon... Feb 12 23:28:36.194664 osdx systemd[1]: Started osdx-tcatd.service - App-Detect Traffic Categorization daemon. Feb 12 23:28:36.228117 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth1 Feb 12 23:28:36.273962 osdx WARNING[804597]: No supported link modes on interface eth1 Feb 12 23:28:36.275315 osdx modulelauncher[804597]: osdx.utils.xos cmd error: /sbin/ethtool -A eth1 autoneg on Feb 12 23:28:36.275328 osdx modulelauncher[804597]: Command '/sbin/ethtool -A eth1 autoneg on' returned non-zero exit status 76. Feb 12 23:28:36.276414 osdx modulelauncher[804597]: osdx.utils.xos cmd error: /sbin/ethtool -s eth1 autoneg on advertise Asym_Pause off Pause off -- Feb 12 23:28:36.276423 osdx modulelauncher[804597]: Command '/sbin/ethtool -s eth1 autoneg on advertise Asym_Pause off Pause off --' returned non-zero exit status 75. Feb 12 23:28:36.476571 osdx cfgd[1631]: [781896]Completed change to active configuration Feb 12 23:28:36.537774 osdx OSDxCLI[781896]: User 'admin' committed the configuration. Feb 12 23:28:36.582007 osdx OSDxCLI[781896]: User 'admin' left the configuration menu. Feb 12 23:28:36.736870 osdx OSDxCLI[781896]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'. Feb 12 23:28:36.876902 osdx file_operation[804676]: using src url: http://10.215.168.1/~robot/ dst url: running://index.html Feb 12 23:28:36.880107 osdx kernel: [DROP-1] DROP IN= OUT=eth1 SRC=10.215.168.64 DST=10.215.168.1 LEN=306 TOS=0x00 PREC=0x00 TTL=64 ID=28659 DF PROTO=TCP SPT=57098 DPT=80 WINDOW=502 RES=0x00 ACK PSH URGP=0 APPDETECT[U6:155 http-url:/~robot/ http-host:10.215.168.1] Feb 12 23:28:37.080145 osdx kernel: [DROP-1] DROP IN= OUT=eth1 SRC=10.215.168.64 DST=10.215.168.1 LEN=306 TOS=0x00 PREC=0x00 TTL=64 ID=28660 DF PROTO=TCP SPT=57098 DPT=80 WINDOW=502 RES=0x00 ACK PSH URGP=0 APPDETECT[U6:155 http-url:/~robot/ http-host:10.215.168.1] Feb 12 23:28:37.484166 osdx kernel: [DROP-1] DROP IN= OUT=eth1 SRC=10.215.168.64 DST=10.215.168.1 LEN=306 TOS=0x00 PREC=0x00 TTL=64 ID=28661 DF PROTO=TCP SPT=57098 DPT=80 WINDOW=502 RES=0x00 ACK PSH URGP=0 APPDETECT[U6:155 http-url:/~robot/ http-host:10.215.168.1] Feb 12 23:28:38.316169 osdx kernel: [DROP-1] DROP IN= OUT=eth1 SRC=10.215.168.64 DST=10.215.168.1 LEN=306 TOS=0x00 PREC=0x00 TTL=64 ID=28662 DF PROTO=TCP SPT=57098 DPT=80 WINDOW=502 RES=0x00 ACK PSH URGP=0 APPDETECT[U6:155 http-url:/~robot/ http-host:10.215.168.1] Feb 12 23:28:39.896963 osdx file_operation.py[804676]: Operation aborted by user. Feb 12 23:28:39.908105 osdx kernel: [DROP-1] DROP IN= OUT=eth1 SRC=10.215.168.64 DST=10.215.168.1 LEN=306 TOS=0x00 PREC=0x00 TTL=64 ID=28663 DF PROTO=TCP SPT=57098 DPT=80 WINDOW=502 RES=0x00 ACK PSH FIN URGP=0 APPDETECT[U6:155 http-url:/~robot/ http-host:10.215.168.1] Feb 12 23:28:39.915430 osdx OSDxCLI[781896]: User 'admin' executed a new command: 'file copy http://10.215.168.1/~robot/ running://index.html force'. Feb 12 23:28:39.956116 osdx kernel: [DROP-1] DROP IN= OUT=eth1 SRC=10.215.168.64 DST=10.215.168.1 LEN=306 TOS=0x00 PREC=0x00 TTL=64 ID=28664 DF PROTO=TCP SPT=57098 DPT=80 WINDOW=502 RES=0x00 ACK PSH FIN URGP=0 APPDETECT[U6:155 http-url:/~robot/ http-host:10.215.168.1]
Identity Values
Description
Conntrack identity is able to contain any printed character (max 92 characters) but not spaces
Scenario
Step 1: Run command configure at DUT0 and expect this output:
Show output
admin@osdx#
Step 2: Run command set system conntrack logging identity "he||o w@rld!" at DUT0 and check if output contains the following tokens:
Identity name must be 92 characters or less and must contain printable characters except those defined as part of the space character classShow output
Identity name must be 92 characters or less and must contain printable characters except those defined as part of the space character class Value validation failed CLI Error: Command error
Step 3: Run command set system conntrack logging identity Lorem-ipsum-dolor-sit-amet-consectetur-adipiscing-elit-quisque-lorem-ipsum-dolor-sit-amet-vita at DUT0 and check if output contains the following tokens:
Identity name must be 92 characters or less and must contain printable characters except those defined as part of the space character classShow output
Identity name must be 92 characters or less and must contain printable characters except those defined as part of the space character class Value validation failed CLI Error: Command error
Step 4: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 192.168.100.1/24 set system conntrack logging events all set system conntrack logging identity Lorem-ipsum-dolor-sit-amet-consectetur-adipiscing-elit-quisque-lorem-ipsum-dolor-sit-ame-vit set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 5: Set the following configuration in DUT1 :
set interfaces ethernet eth0 address 192.168.100.2/24 set protocols static route 0.0.0.0/0 next-hop 192.168.100.1 set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 6: Ping IP address 192.168.100.1 from DUT1:
admin@DUT1$ ping 192.168.100.1 count 1 size 56 timeout 1Show output
PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data. 64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.361 ms --- 192.168.100.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.361/0.361/0.361/0.000 ms
Step 7: Ping IP address 192.168.100.1 from DUT1:
admin@DUT1$ ping 192.168.100.1 count 1 size 56 timeout 1Show output
PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data. 64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.270 ms --- 192.168.100.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.270/0.270/0.270/0.000 ms
Step 8: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
Lorem-ipsum-dolor-sit-amet-consectetur-adipiscing-elit-quisque-lorem-ipsum-dolor-sit-ame-vit\[.*\]:.*\[((NEW)|(UPDATE)|(DESTROY))\].*SRC=192.168.100.2Show output
Feb 12 23:28:45.326202 osdx systemd-journald[681778]: Runtime Journal (/run/log/journal/fef7273cfed74888920ec39438478308) is 2.3M, max 17.2M, 14.9M free. Feb 12 23:28:45.329948 osdx systemd-journald[681778]: Received client request to rotate journal, rotating. Feb 12 23:28:45.330015 osdx systemd-journald[681778]: Vacuuming done, freed 0B of archived journals from /run/log/journal/fef7273cfed74888920ec39438478308. Feb 12 23:28:45.336730 osdx OSDxCLI[781896]: User 'admin' executed a new command: 'system journal clear'. Feb 12 23:28:45.690302 osdx OSDxCLI[781896]: User 'admin' executed a new command: 'system coredump delete all'. Feb 12 23:28:45.990425 osdx OSDxCLI[781896]: User 'admin' entered the configuration menu. Feb 12 23:28:46.048189 osdx cfgd[1631]: [781896]Command output: Identity name must be 92 characters or less and must contain printable characters except those defined as part of the space character class Value validation failed Feb 12 23:28:46.048597 osdx OSDxCLI[781896]: User 'admin' entered an invalid command: 'set system conntrack logging identity "he||o w@rld!"'. Feb 12 23:28:46.162574 osdx cfgd[1631]: [781896]Command output: Identity name must be 92 characters or less and must contain printable characters except those defined as part of the space character class Value validation failed Feb 12 23:28:46.163063 osdx OSDxCLI[781896]: User 'admin' entered an invalid command: 'set system conntrack logging identity Lorem-ipsum-dolor-sit-amet-consectetur-adipiscing-elit-quisque-lorem-ipsum-dolor-sit-amet-vita'. Feb 12 23:28:46.181991 osdx OSDxCLI[781896]: User 'admin' left the configuration menu. Feb 12 23:28:46.384128 osdx OSDxCLI[781896]: User 'admin' entered the configuration menu. Feb 12 23:28:46.482378 osdx OSDxCLI[781896]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 192.168.100.1/24'. Feb 12 23:28:46.549751 osdx OSDxCLI[781896]: User 'admin' added a new cfg line: 'set system conntrack logging events all'. Feb 12 23:28:46.642044 osdx OSDxCLI[781896]: User 'admin' added a new cfg line: 'set system conntrack logging identity Lorem-ipsum-dolor-sit-amet-consectetur-adipiscing-elit-quisque-lorem-ipsum-dolor-sit-ame-vit'. Feb 12 23:28:46.714735 osdx OSDxCLI[781896]: User 'admin' added a new cfg line: 'show working'. Feb 12 23:28:46.802248 osdx ubnt-cfgd[804898]: inactive Feb 12 23:28:46.823879 osdx INFO[804904]: FRR daemons did not change Feb 12 23:28:46.861933 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Feb 12 23:28:46.905728 osdx WARNING[804976]: No supported link modes on interface eth0 Feb 12 23:28:46.907338 osdx modulelauncher[804976]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on Feb 12 23:28:46.907349 osdx modulelauncher[804976]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76. Feb 12 23:28:46.908748 osdx modulelauncher[804976]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off -- Feb 12 23:28:46.908757 osdx modulelauncher[804976]: Command '/sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off --' returned non-zero exit status 75. Feb 12 23:28:46.966329 osdx systemd[1]: Starting ulogd2.service - Netfilter Userspace Logging Daemon... Feb 12 23:28:46.967041 osdx systemd[1]: Started ulogd2.service - Netfilter Userspace Logging Daemon. Feb 12 23:28:46.967214 osdx ulogd[805001]: registering plugin `NFCT' Feb 12 23:28:46.967414 osdx ulogd[805001]: registering plugin `IP2STR' Feb 12 23:28:46.967454 osdx ulogd[805001]: registering plugin `PRINTFLOW' Feb 12 23:28:46.967492 osdx ulogd[805001]: registering plugin `SYSLOG' Feb 12 23:28:46.967526 osdx ulogd[805001]: building new pluginstance stack: 'ct1:NFCT,ip2str1:IP2STR,print1:PRINTFLOW,sys1:SYSLOG' Feb 12 23:28:46.967569 osdx ulogd[805001]: NFCT plugin working in event mode Feb 12 23:28:46.967577 osdx Lorem-ipsum-dolor-sit-amet-consectetur-adipiscing-elit-quisque-lorem-ipsum-dolor-sit-ame-vit[805001]: Changing UID / GID Feb 12 23:28:46.967645 osdx Lorem-ipsum-dolor-sit-amet-consectetur-adipiscing-elit-quisque-lorem-ipsum-dolor-sit-ame-vit[805001]: initialization finished, entering main loop Feb 12 23:28:46.968257 osdx cfgd[1631]: [781896]Completed change to active configuration Feb 12 23:28:46.979926 osdx OSDxCLI[781896]: User 'admin' committed the configuration. Feb 12 23:28:46.998678 osdx OSDxCLI[781896]: User 'admin' left the configuration menu. Feb 12 23:28:47.859535 osdx Lorem-ipsum-dolor-sit-amet-consectetur-adipiscing-elit-quisque-lorem-ipsum-dolor-sit-ame-vit[805001]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 Feb 12 23:28:47.859555 osdx Lorem-ipsum-dolor-sit-amet-consectetur-adipiscing-elit-quisque-lorem-ipsum-dolor-sit-ame-vit[805001]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 Feb 12 23:28:47.958362 osdx Lorem-ipsum-dolor-sit-amet-consectetur-adipiscing-elit-quisque-lorem-ipsum-dolor-sit-ame-vit[805001]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 Feb 12 23:28:47.958386 osdx Lorem-ipsum-dolor-sit-amet-consectetur-adipiscing-elit-quisque-lorem-ipsum-dolor-sit-ame-vit[805001]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0