Logging
The following scenarios show how to configure the conntrack logging option with different traffic policies and services enabled, in order to check that all fields are displayed correctly and all events are captured.
New events
Description
Check NEW sessions events are captured
Scenario
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 192.168.100.1/24 set system conntrack logging events new set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 2: Set the following configuration in DUT1 :
set interfaces ethernet eth0 address 192.168.100.2/24 set protocols static route 0.0.0.0/0 next-hop 192.168.100.1 set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 3: Ping IP address 192.168.100.1 from DUT1:
admin@DUT1$ ping 192.168.100.1 count 1 size 56 timeout 1Show output
PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data. 64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.353 ms --- 192.168.100.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.353/0.353/0.353/0.000 ms
Step 4: Ping IP address 192.168.100.1 from DUT1:
admin@DUT1$ ping 192.168.100.1 count 1 size 56 timeout 1Show output
PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data. 64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.292 ms --- 192.168.100.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.292/0.292/0.292/0.000 ms
Step 5: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
ulogd\[.*\]:.*\[NEW\].*SRC=192.168.100.2Show output
Feb 19 12:58:38.299838 osdx systemd-journald[2186]: Runtime Journal (/run/log/journal/69bd8e6fd19244c08e519827aa7e309f) is 2.2M, max 17.2M, 14.9M free. Feb 19 12:58:38.303452 osdx systemd-journald[2186]: Received client request to rotate journal, rotating. Feb 19 12:58:38.303517 osdx systemd-journald[2186]: Vacuuming done, freed 0B of archived journals from /run/log/journal/69bd8e6fd19244c08e519827aa7e309f. Feb 19 12:58:38.310354 osdx OSDxCLI[633180]: User 'admin' executed a new command: 'system journal clear'. Feb 19 12:58:38.521791 osdx OSDxCLI[633180]: User 'admin' executed a new command: 'system coredump delete all'. Feb 19 12:58:38.732840 osdx OSDxCLI[633180]: User 'admin' entered the configuration menu. Feb 19 12:58:38.825748 osdx OSDxCLI[633180]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 192.168.100.1/24'. Feb 19 12:58:38.890821 osdx OSDxCLI[633180]: User 'admin' added a new cfg line: 'set system conntrack logging events new'. Feb 19 12:58:38.997398 osdx OSDxCLI[633180]: User 'admin' added a new cfg line: 'show working'. Feb 19 12:58:39.064394 osdx ubnt-cfgd[645006]: inactive Feb 19 12:58:39.082654 osdx INFO[645012]: FRR daemons did not change Feb 19 12:58:39.119464 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Feb 19 12:58:39.172695 osdx WARNING[645084]: No supported link modes on interface eth0 Feb 19 12:58:39.174355 osdx modulelauncher[645084]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on Feb 19 12:58:39.174366 osdx modulelauncher[645084]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76. Feb 19 12:58:39.175866 osdx modulelauncher[645084]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off -- Feb 19 12:58:39.175873 osdx modulelauncher[645084]: Command '/sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off --' returned non-zero exit status 75. Feb 19 12:58:39.219926 osdx systemd[1]: Starting ulogd2.service - Netfilter Userspace Logging Daemon... Feb 19 12:58:39.220812 osdx systemd[1]: Started ulogd2.service - Netfilter Userspace Logging Daemon. Feb 19 12:58:39.220940 osdx ulogd[645109]: registering plugin `NFCT' Feb 19 12:58:39.220981 osdx ulogd[645109]: registering plugin `IP2STR' Feb 19 12:58:39.221017 osdx ulogd[645109]: registering plugin `PRINTFLOW' Feb 19 12:58:39.221055 osdx ulogd[645109]: registering plugin `SYSLOG' Feb 19 12:58:39.221058 osdx ulogd[645109]: building new pluginstance stack: 'ct1:NFCT,ip2str1:IP2STR,print1:PRINTFLOW,sys1:SYSLOG' Feb 19 12:58:39.221105 osdx ulogd[645109]: NFCT plugin working in event mode Feb 19 12:58:39.221118 osdx ulogd[645109]: Changing UID / GID Feb 19 12:58:39.221191 osdx ulogd[645109]: initialization finished, entering main loop Feb 19 12:58:39.222446 osdx cfgd[1859]: [633180]Completed change to active configuration Feb 19 12:58:39.237090 osdx OSDxCLI[633180]: User 'admin' committed the configuration. Feb 19 12:58:39.263899 osdx OSDxCLI[633180]: User 'admin' left the configuration menu. Feb 19 12:58:40.098371 osdx ulogd[645109]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 Feb 19 12:58:40.178298 osdx ulogd[645109]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0
Update events
Description
Check UPDATE sessions events are captured
Scenario
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 192.168.100.1/24 set system conntrack logging events update set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 2: Set the following configuration in DUT1 :
set interfaces ethernet eth0 address 192.168.100.2/24 set protocols static route 0.0.0.0/0 next-hop 192.168.100.1 set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 3: Ping IP address 192.168.100.1 from DUT1:
admin@DUT1$ ping 192.168.100.1 count 1 size 56 timeout 1Show output
PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data. 64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.403 ms --- 192.168.100.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.403/0.403/0.403/0.000 ms
Step 4: Ping IP address 192.168.100.1 from DUT1:
admin@DUT1$ ping 192.168.100.1 count 1 size 56 timeout 1Show output
PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data. 64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.342 ms --- 192.168.100.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.342/0.342/0.342/0.000 ms
Step 5: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
ulogd\[.*\]:.*\[UPDATE\].*SRC=192.168.100.2Show output
Feb 19 12:58:45.361508 osdx systemd-journald[2186]: Runtime Journal (/run/log/journal/69bd8e6fd19244c08e519827aa7e309f) is 2.2M, max 17.2M, 14.9M free. Feb 19 12:58:45.364538 osdx systemd-journald[2186]: Received client request to rotate journal, rotating. Feb 19 12:58:45.364627 osdx systemd-journald[2186]: Vacuuming done, freed 0B of archived journals from /run/log/journal/69bd8e6fd19244c08e519827aa7e309f. Feb 19 12:58:45.374083 osdx OSDxCLI[633180]: User 'admin' executed a new command: 'system journal clear'. Feb 19 12:58:45.680829 osdx OSDxCLI[633180]: User 'admin' executed a new command: 'system coredump delete all'. Feb 19 12:58:45.952014 osdx OSDxCLI[633180]: User 'admin' entered the configuration menu. Feb 19 12:58:46.074997 osdx OSDxCLI[633180]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 192.168.100.1/24'. Feb 19 12:58:46.128767 osdx OSDxCLI[633180]: User 'admin' added a new cfg line: 'set system conntrack logging events update'. Feb 19 12:58:46.254446 osdx OSDxCLI[633180]: User 'admin' added a new cfg line: 'show working'. Feb 19 12:58:46.315249 osdx ubnt-cfgd[645309]: inactive Feb 19 12:58:46.335611 osdx INFO[645315]: FRR daemons did not change Feb 19 12:58:46.368512 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Feb 19 12:58:46.408961 osdx WARNING[645387]: No supported link modes on interface eth0 Feb 19 12:58:46.410303 osdx modulelauncher[645387]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on Feb 19 12:58:46.410315 osdx modulelauncher[645387]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76. Feb 19 12:58:46.411426 osdx modulelauncher[645387]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off -- Feb 19 12:58:46.411433 osdx modulelauncher[645387]: Command '/sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off --' returned non-zero exit status 75. Feb 19 12:58:46.452781 osdx systemd[1]: Starting ulogd2.service - Netfilter Userspace Logging Daemon... Feb 19 12:58:46.453499 osdx systemd[1]: Started ulogd2.service - Netfilter Userspace Logging Daemon. Feb 19 12:58:46.453638 osdx ulogd[645412]: registering plugin `NFCT' Feb 19 12:58:46.453681 osdx ulogd[645412]: registering plugin `IP2STR' Feb 19 12:58:46.453717 osdx ulogd[645412]: registering plugin `PRINTFLOW' Feb 19 12:58:46.453754 osdx ulogd[645412]: registering plugin `SYSLOG' Feb 19 12:58:46.453757 osdx ulogd[645412]: building new pluginstance stack: 'ct1:NFCT,ip2str1:IP2STR,print1:PRINTFLOW,sys1:SYSLOG' Feb 19 12:58:46.453797 osdx ulogd[645412]: NFCT plugin working in event mode Feb 19 12:58:46.453804 osdx ulogd[645412]: Changing UID / GID Feb 19 12:58:46.453870 osdx ulogd[645412]: initialization finished, entering main loop Feb 19 12:58:46.454921 osdx cfgd[1859]: [633180]Completed change to active configuration Feb 19 12:58:46.466614 osdx OSDxCLI[633180]: User 'admin' committed the configuration. Feb 19 12:58:46.504472 osdx OSDxCLI[633180]: User 'admin' left the configuration menu. Feb 19 12:58:47.556953 osdx ulogd[645412]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 Feb 19 12:58:47.664573 osdx ulogd[645412]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0
Destroy events
Description
Check DESTROY sessions events are captured
Scenario
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 192.168.100.1/24 set service ssh set system conntrack logging events destroy set system conntrack timeout icmp 1 set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 2: Set the following configuration in DUT1 :
set interfaces ethernet eth0 address 192.168.100.2/24 set protocols static route 0.0.0.0/0 next-hop 192.168.100.1 set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 3: Ping IP address 192.168.100.1 from DUT1:
admin@DUT1$ ping 192.168.100.1 count 1 size 56 timeout 1Show output
PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data. 64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.395 ms --- 192.168.100.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.395/0.395/0.395/0.000 ms
Step 4: Ping IP address 192.168.100.1 from DUT1:
admin@DUT1$ ping 192.168.100.1 count 3 size 56 timeout 1Show output
PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data. 64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.284 ms 64 bytes from 192.168.100.1: icmp_seq=2 ttl=64 time=0.256 ms 64 bytes from 192.168.100.1: icmp_seq=3 ttl=64 time=0.353 ms --- 192.168.100.1 ping statistics --- 3 packets transmitted, 3 received, 0% packet loss, time 2032ms rtt min/avg/max/mdev = 0.256/0.297/0.353/0.040 ms
Step 5: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
ulogd\[.*\]:.*\[DESTROY\].*SRC=192.168.100.2Show output
Feb 19 12:58:53.373358 osdx systemd-journald[2186]: Runtime Journal (/run/log/journal/69bd8e6fd19244c08e519827aa7e309f) is 2.2M, max 17.2M, 14.9M free. Feb 19 12:58:53.376503 osdx systemd-journald[2186]: Received client request to rotate journal, rotating. Feb 19 12:58:53.376575 osdx systemd-journald[2186]: Vacuuming done, freed 0B of archived journals from /run/log/journal/69bd8e6fd19244c08e519827aa7e309f. Feb 19 12:58:53.386916 osdx OSDxCLI[633180]: User 'admin' executed a new command: 'system journal clear'. Feb 19 12:58:53.747417 osdx OSDxCLI[633180]: User 'admin' executed a new command: 'system coredump delete all'. Feb 19 12:58:54.106461 osdx OSDxCLI[633180]: User 'admin' entered the configuration menu. Feb 19 12:58:54.260242 osdx OSDxCLI[633180]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 192.168.100.1/24'. Feb 19 12:58:54.349524 osdx OSDxCLI[633180]: User 'admin' added a new cfg line: 'set system conntrack logging events destroy'. Feb 19 12:58:54.493785 osdx OSDxCLI[633180]: User 'admin' added a new cfg line: 'set system conntrack timeout icmp 1'. Feb 19 12:58:54.617089 osdx OSDxCLI[633180]: User 'admin' added a new cfg line: 'set service ssh'. Feb 19 12:58:54.744516 osdx OSDxCLI[633180]: User 'admin' added a new cfg line: 'show working'. Feb 19 12:58:54.850720 osdx ubnt-cfgd[645615]: inactive Feb 19 12:58:54.928256 osdx INFO[645636]: FRR daemons did not change Feb 19 12:58:54.968513 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Feb 19 12:58:55.019097 osdx WARNING[645710]: No supported link modes on interface eth0 Feb 19 12:58:55.021099 osdx modulelauncher[645710]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on Feb 19 12:58:55.021113 osdx modulelauncher[645710]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76. Feb 19 12:58:55.022987 osdx modulelauncher[645710]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off -- Feb 19 12:58:55.022999 osdx modulelauncher[645710]: Command '/sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off --' returned non-zero exit status 75. Feb 19 12:58:55.064947 osdx systemd[1]: Starting ulogd2.service - Netfilter Userspace Logging Daemon... Feb 19 12:58:55.065961 osdx systemd[1]: Started ulogd2.service - Netfilter Userspace Logging Daemon. Feb 19 12:58:55.066211 osdx ulogd[645735]: registering plugin `NFCT' Feb 19 12:58:55.066468 osdx ulogd[645735]: registering plugin `IP2STR' Feb 19 12:58:55.066654 osdx ulogd[645735]: registering plugin `PRINTFLOW' Feb 19 12:58:55.066712 osdx ulogd[645735]: registering plugin `SYSLOG' Feb 19 12:58:55.066716 osdx ulogd[645735]: building new pluginstance stack: 'ct1:NFCT,ip2str1:IP2STR,print1:PRINTFLOW,sys1:SYSLOG' Feb 19 12:58:55.066772 osdx ulogd[645735]: NFCT plugin working in event mode Feb 19 12:58:55.066780 osdx ulogd[645735]: Changing UID / GID Feb 19 12:58:55.066873 osdx ulogd[645735]: initialization finished, entering main loop Feb 19 12:58:55.265025 osdx systemd[1]: Starting ssh.service - OpenBSD Secure Shell server... Feb 19 12:58:55.287413 osdx sshd[645756]: Server listening on 0.0.0.0 port 22. Feb 19 12:58:55.287455 osdx sshd[645756]: Server listening on :: port 22. Feb 19 12:58:55.287619 osdx systemd[1]: Started ssh.service - OpenBSD Secure Shell server. Feb 19 12:58:55.288598 osdx cfgd[1859]: [633180]Completed change to active configuration Feb 19 12:58:55.303721 osdx OSDxCLI[633180]: User 'admin' committed the configuration. Feb 19 12:58:55.326100 osdx OSDxCLI[633180]: User 'admin' left the configuration menu. Feb 19 12:58:57.373504 osdx ulogd[645735]: [DESTROY] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 Feb 19 12:58:58.397566 osdx ulogd[645735]: [DESTROY] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84
Default logging
Description
Set a simple configuration, send a ping command from one device to other
and check that default fields appear when running system journal show.
Scenario
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 192.168.100.1/24 set system conntrack logging events all set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 2: Set the following configuration in DUT1 :
set interfaces ethernet eth0 address 192.168.100.2/24 set protocols static route 0.0.0.0/0 next-hop 192.168.100.1 set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 3: Ping IP address 192.168.100.1 from DUT1:
admin@DUT1$ ping 192.168.100.1 count 1 size 56 timeout 1Show output
PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data. 64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.341 ms --- 192.168.100.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.341/0.341/0.341/0.000 ms
Step 4: Ping IP address 192.168.100.1 from DUT1:
admin@DUT1$ ping 192.168.100.1 count 1 size 56 timeout 1Show output
PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data. 64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.246 ms --- 192.168.100.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.246/0.246/0.246/0.000 ms
Step 5: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
ulogd\[.*\]:.*\[((NEW)|(UPDATE)|(DESTROY))\].*SRC=192.168.100.2Show output
Feb 19 12:59:06.323371 osdx systemd-journald[2186]: Runtime Journal (/run/log/journal/69bd8e6fd19244c08e519827aa7e309f) is 2.2M, max 17.2M, 14.9M free. Feb 19 12:59:06.323867 osdx systemd-journald[2186]: Received client request to rotate journal, rotating. Feb 19 12:59:06.323907 osdx systemd-journald[2186]: Vacuuming done, freed 0B of archived journals from /run/log/journal/69bd8e6fd19244c08e519827aa7e309f. Feb 19 12:59:06.333906 osdx OSDxCLI[633180]: User 'admin' executed a new command: 'system journal clear'. Feb 19 12:59:06.552784 osdx OSDxCLI[633180]: User 'admin' executed a new command: 'system coredump delete all'. Feb 19 12:59:06.824173 osdx OSDxCLI[633180]: User 'admin' entered the configuration menu. Feb 19 12:59:06.927615 osdx OSDxCLI[633180]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 192.168.100.1/24'. Feb 19 12:59:06.999717 osdx OSDxCLI[633180]: User 'admin' added a new cfg line: 'set system conntrack logging events all'. Feb 19 12:59:07.106328 osdx OSDxCLI[633180]: User 'admin' added a new cfg line: 'show working'. Feb 19 12:59:07.171921 osdx ubnt-cfgd[645982]: inactive Feb 19 12:59:07.197366 osdx INFO[645988]: FRR daemons did not change Feb 19 12:59:07.235586 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Feb 19 12:59:07.294061 osdx WARNING[646060]: No supported link modes on interface eth0 Feb 19 12:59:07.296200 osdx modulelauncher[646060]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on Feb 19 12:59:07.296216 osdx modulelauncher[646060]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76. Feb 19 12:59:07.298069 osdx modulelauncher[646060]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off -- Feb 19 12:59:07.298080 osdx modulelauncher[646060]: Command '/sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off --' returned non-zero exit status 75. Feb 19 12:59:07.360106 osdx systemd[1]: Starting ulogd2.service - Netfilter Userspace Logging Daemon... Feb 19 12:59:07.361015 osdx systemd[1]: Started ulogd2.service - Netfilter Userspace Logging Daemon. Feb 19 12:59:07.361227 osdx ulogd[646085]: registering plugin `NFCT' Feb 19 12:59:07.361530 osdx ulogd[646085]: registering plugin `IP2STR' Feb 19 12:59:07.361647 osdx ulogd[646085]: registering plugin `PRINTFLOW' Feb 19 12:59:07.361707 osdx ulogd[646085]: registering plugin `SYSLOG' Feb 19 12:59:07.361714 osdx ulogd[646085]: building new pluginstance stack: 'ct1:NFCT,ip2str1:IP2STR,print1:PRINTFLOW,sys1:SYSLOG' Feb 19 12:59:07.361795 osdx ulogd[646085]: NFCT plugin working in event mode Feb 19 12:59:07.361807 osdx ulogd[646085]: Changing UID / GID Feb 19 12:59:07.361898 osdx ulogd[646085]: initialization finished, entering main loop Feb 19 12:59:07.362525 osdx cfgd[1859]: [633180]Completed change to active configuration Feb 19 12:59:07.378007 osdx OSDxCLI[633180]: User 'admin' committed the configuration. Feb 19 12:59:07.405580 osdx OSDxCLI[633180]: User 'admin' left the configuration menu. Feb 19 12:59:08.385077 osdx ulogd[646085]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 Feb 19 12:59:08.385102 osdx ulogd[646085]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 Feb 19 12:59:08.514090 osdx ulogd[646085]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 Feb 19 12:59:08.514115 osdx ulogd[646085]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0
Identity logging
Description
Set a simple configuration with identity OSDx_DUT0 for logs entries, send a ping command from one device to other
and check that the identity has changed when running system journal show.
Scenario
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 192.168.100.1/24 set system conntrack logging events all set system conntrack logging identity OSDx_DUT0 set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 2: Set the following configuration in DUT1 :
set interfaces ethernet eth0 address 192.168.100.2/24 set protocols static route 0.0.0.0/0 next-hop 192.168.100.1 set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 3: Ping IP address 192.168.100.1 from DUT1:
admin@DUT1$ ping 192.168.100.1 count 1 size 56 timeout 1Show output
PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data. 64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.488 ms --- 192.168.100.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.488/0.488/0.488/0.000 ms
Step 4: Ping IP address 192.168.100.1 from DUT1:
admin@DUT1$ ping 192.168.100.1 count 1 size 56 timeout 1Show output
PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data. 64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.224 ms --- 192.168.100.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.224/0.224/0.224/0.000 ms
Step 5: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
OSDx_DUT0\[.*\]:.*\[((NEW)|(UPDATE)|(DESTROY))\].*SRC=192.168.100.2Show output
Feb 19 12:59:13.325922 osdx systemd-journald[2186]: Runtime Journal (/run/log/journal/69bd8e6fd19244c08e519827aa7e309f) is 2.2M, max 17.2M, 14.9M free. Feb 19 12:59:13.329253 osdx systemd-journald[2186]: Received client request to rotate journal, rotating. Feb 19 12:59:13.329325 osdx systemd-journald[2186]: Vacuuming done, freed 0B of archived journals from /run/log/journal/69bd8e6fd19244c08e519827aa7e309f. Feb 19 12:59:13.337268 osdx OSDxCLI[633180]: User 'admin' executed a new command: 'system journal clear'. Feb 19 12:59:13.609318 osdx OSDxCLI[633180]: User 'admin' executed a new command: 'system coredump delete all'. Feb 19 12:59:13.948335 osdx OSDxCLI[633180]: User 'admin' entered the configuration menu. Feb 19 12:59:14.041533 osdx OSDxCLI[633180]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 192.168.100.1/24'. Feb 19 12:59:14.119112 osdx OSDxCLI[633180]: User 'admin' added a new cfg line: 'set system conntrack logging events all'. Feb 19 12:59:14.267646 osdx OSDxCLI[633180]: User 'admin' added a new cfg line: 'set system conntrack logging identity OSDx_DUT0'. Feb 19 12:59:14.397462 osdx OSDxCLI[633180]: User 'admin' added a new cfg line: 'show working'. Feb 19 12:59:14.505510 osdx ubnt-cfgd[646288]: inactive Feb 19 12:59:14.523453 osdx INFO[646294]: FRR daemons did not change Feb 19 12:59:14.561250 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Feb 19 12:59:14.603698 osdx WARNING[646366]: No supported link modes on interface eth0 Feb 19 12:59:14.605043 osdx modulelauncher[646366]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on Feb 19 12:59:14.605058 osdx modulelauncher[646366]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76. Feb 19 12:59:14.606246 osdx modulelauncher[646366]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off -- Feb 19 12:59:14.606257 osdx modulelauncher[646366]: Command '/sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off --' returned non-zero exit status 75. Feb 19 12:59:14.657544 osdx systemd[1]: Starting ulogd2.service - Netfilter Userspace Logging Daemon... Feb 19 12:59:14.658261 osdx systemd[1]: Started ulogd2.service - Netfilter Userspace Logging Daemon. Feb 19 12:59:14.658478 osdx ulogd[646391]: registering plugin `NFCT' Feb 19 12:59:14.658694 osdx ulogd[646391]: registering plugin `IP2STR' Feb 19 12:59:14.658748 osdx ulogd[646391]: registering plugin `PRINTFLOW' Feb 19 12:59:14.658838 osdx ulogd[646391]: registering plugin `SYSLOG' Feb 19 12:59:14.658845 osdx ulogd[646391]: building new pluginstance stack: 'ct1:NFCT,ip2str1:IP2STR,print1:PRINTFLOW,sys1:SYSLOG' Feb 19 12:59:14.658900 osdx ulogd[646391]: NFCT plugin working in event mode Feb 19 12:59:14.658915 osdx OSDx_DUT0[646391]: Changing UID / GID Feb 19 12:59:14.659001 osdx OSDx_DUT0[646391]: initialization finished, entering main loop Feb 19 12:59:14.659527 osdx cfgd[1859]: [633180]Completed change to active configuration Feb 19 12:59:14.672818 osdx OSDxCLI[633180]: User 'admin' committed the configuration. Feb 19 12:59:14.706049 osdx OSDxCLI[633180]: User 'admin' left the configuration menu. Feb 19 12:59:15.609804 osdx OSDx_DUT0[646391]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 Feb 19 12:59:15.609829 osdx OSDx_DUT0[646391]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 Feb 19 12:59:15.689720 osdx OSDx_DUT0[646391]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 Feb 19 12:59:15.689744 osdx OSDx_DUT0[646391]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0
Note
If the identity is not provided, “ulogd” will be used by default.
Step 6: Modify the following configuration lines in DUT0 :
delete system conntrack logging identity
Step 7: Ping IP address 192.168.100.1 from DUT1:
admin@DUT1$ ping 192.168.100.1 count 1 size 56 timeout 1Show output
PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data. 64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.253 ms --- 192.168.100.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.253/0.253/0.253/0.000 ms
Step 8: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
ulogd\[.*\]:.*\[((NEW)|(UPDATE)|(DESTROY))\].*SRC=192.168.100.2Show output
Feb 19 12:59:13.325922 osdx systemd-journald[2186]: Runtime Journal (/run/log/journal/69bd8e6fd19244c08e519827aa7e309f) is 2.2M, max 17.2M, 14.9M free. Feb 19 12:59:13.329253 osdx systemd-journald[2186]: Received client request to rotate journal, rotating. Feb 19 12:59:13.329325 osdx systemd-journald[2186]: Vacuuming done, freed 0B of archived journals from /run/log/journal/69bd8e6fd19244c08e519827aa7e309f. Feb 19 12:59:13.337268 osdx OSDxCLI[633180]: User 'admin' executed a new command: 'system journal clear'. Feb 19 12:59:13.609318 osdx OSDxCLI[633180]: User 'admin' executed a new command: 'system coredump delete all'. Feb 19 12:59:13.948335 osdx OSDxCLI[633180]: User 'admin' entered the configuration menu. Feb 19 12:59:14.041533 osdx OSDxCLI[633180]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 192.168.100.1/24'. Feb 19 12:59:14.119112 osdx OSDxCLI[633180]: User 'admin' added a new cfg line: 'set system conntrack logging events all'. Feb 19 12:59:14.267646 osdx OSDxCLI[633180]: User 'admin' added a new cfg line: 'set system conntrack logging identity OSDx_DUT0'. Feb 19 12:59:14.397462 osdx OSDxCLI[633180]: User 'admin' added a new cfg line: 'show working'. Feb 19 12:59:14.505510 osdx ubnt-cfgd[646288]: inactive Feb 19 12:59:14.523453 osdx INFO[646294]: FRR daemons did not change Feb 19 12:59:14.561250 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Feb 19 12:59:14.603698 osdx WARNING[646366]: No supported link modes on interface eth0 Feb 19 12:59:14.605043 osdx modulelauncher[646366]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on Feb 19 12:59:14.605058 osdx modulelauncher[646366]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76. Feb 19 12:59:14.606246 osdx modulelauncher[646366]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off -- Feb 19 12:59:14.606257 osdx modulelauncher[646366]: Command '/sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off --' returned non-zero exit status 75. Feb 19 12:59:14.657544 osdx systemd[1]: Starting ulogd2.service - Netfilter Userspace Logging Daemon... Feb 19 12:59:14.658261 osdx systemd[1]: Started ulogd2.service - Netfilter Userspace Logging Daemon. Feb 19 12:59:14.658478 osdx ulogd[646391]: registering plugin `NFCT' Feb 19 12:59:14.658694 osdx ulogd[646391]: registering plugin `IP2STR' Feb 19 12:59:14.658748 osdx ulogd[646391]: registering plugin `PRINTFLOW' Feb 19 12:59:14.658838 osdx ulogd[646391]: registering plugin `SYSLOG' Feb 19 12:59:14.658845 osdx ulogd[646391]: building new pluginstance stack: 'ct1:NFCT,ip2str1:IP2STR,print1:PRINTFLOW,sys1:SYSLOG' Feb 19 12:59:14.658900 osdx ulogd[646391]: NFCT plugin working in event mode Feb 19 12:59:14.658915 osdx OSDx_DUT0[646391]: Changing UID / GID Feb 19 12:59:14.659001 osdx OSDx_DUT0[646391]: initialization finished, entering main loop Feb 19 12:59:14.659527 osdx cfgd[1859]: [633180]Completed change to active configuration Feb 19 12:59:14.672818 osdx OSDxCLI[633180]: User 'admin' committed the configuration. Feb 19 12:59:14.706049 osdx OSDxCLI[633180]: User 'admin' left the configuration menu. Feb 19 12:59:15.609804 osdx OSDx_DUT0[646391]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 Feb 19 12:59:15.609829 osdx OSDx_DUT0[646391]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 Feb 19 12:59:15.689720 osdx OSDx_DUT0[646391]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 Feb 19 12:59:15.689744 osdx OSDx_DUT0[646391]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 Feb 19 12:59:15.818911 osdx OSDxCLI[633180]: User 'admin' executed a new command: 'system journal show | cat'. Feb 19 12:59:15.985524 osdx OSDxCLI[633180]: User 'admin' entered the configuration menu. Feb 19 12:59:16.073406 osdx OSDxCLI[633180]: User 'admin' added a new cfg line: 'delete system conntrack logging identity'. Feb 19 12:59:16.175677 osdx OSDxCLI[633180]: User 'admin' added a new cfg line: 'show changes'. Feb 19 12:59:16.233209 osdx ubnt-cfgd[646427]: inactive Feb 19 12:59:16.249440 osdx INFO[646433]: FRR daemons did not change Feb 19 12:59:16.260715 osdx OSDx_DUT0[646391]: Terminal signal received, exiting Feb 19 12:59:16.260822 osdx systemd[1]: Stopping ulogd2.service - Netfilter Userspace Logging Daemon... Feb 19 12:59:16.261493 osdx systemd[1]: ulogd2.service: Deactivated successfully. Feb 19 12:59:16.261613 osdx systemd[1]: Stopped ulogd2.service - Netfilter Userspace Logging Daemon. Feb 19 12:59:16.285618 osdx systemd[1]: Starting ulogd2.service - Netfilter Userspace Logging Daemon... Feb 19 12:59:16.286451 osdx systemd[1]: Started ulogd2.service - Netfilter Userspace Logging Daemon. Feb 19 12:59:16.286616 osdx ulogd[646441]: registering plugin `NFCT' Feb 19 12:59:16.286861 osdx ulogd[646441]: registering plugin `IP2STR' Feb 19 12:59:16.286915 osdx ulogd[646441]: registering plugin `PRINTFLOW' Feb 19 12:59:16.286966 osdx ulogd[646441]: registering plugin `SYSLOG' Feb 19 12:59:16.286973 osdx ulogd[646441]: building new pluginstance stack: 'ct1:NFCT,ip2str1:IP2STR,print1:PRINTFLOW,sys1:SYSLOG' Feb 19 12:59:16.287029 osdx ulogd[646441]: NFCT plugin working in event mode Feb 19 12:59:16.287048 osdx ulogd[646441]: Changing UID / GID Feb 19 12:59:16.287135 osdx ulogd[646441]: initialization finished, entering main loop Feb 19 12:59:16.287723 osdx cfgd[1859]: [633180]Completed change to active configuration Feb 19 12:59:16.289045 osdx ulogd[646441]: [DESTROY] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 Feb 19 12:59:16.289067 osdx ulogd[646441]: [DESTROY] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 Feb 19 12:59:16.289623 osdx OSDxCLI[633180]: User 'admin' committed the configuration. Feb 19 12:59:16.305735 osdx OSDxCLI[633180]: User 'admin' left the configuration menu. Feb 19 12:59:16.453404 osdx ulogd[646441]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 Feb 19 12:59:16.453430 osdx ulogd[646441]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0
Policies logging
Description
Set a simple configuration with mark and label traffic policies,
send a ping command from one device to other
and check that default, mark and label fields appear when running system journal show.
Scenario
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 192.168.100.1/24 set interfaces ethernet eth0 traffic policy in POLICY set system conntrack logging events all set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0' set traffic label TEST set traffic policy POLICY rule 1 set connmark 33 set traffic policy POLICY rule 1 set label TEST
Step 2: Set the following configuration in DUT1 :
set interfaces ethernet eth0 address 192.168.100.2/24 set protocols static route 0.0.0.0/0 next-hop 192.168.100.1 set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 3: Ping IP address 192.168.100.1 from DUT1:
admin@DUT1$ ping 192.168.100.1 count 1 size 56 timeout 1Show output
PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data. 64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.361 ms --- 192.168.100.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.361/0.361/0.361/0.000 ms
Step 4: Ping IP address 192.168.100.1 from DUT1:
admin@DUT1$ ping 192.168.100.1 count 2 size 56 timeout 1Show output
PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data. 64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.237 ms 64 bytes from 192.168.100.1: icmp_seq=2 ttl=64 time=0.351 ms --- 192.168.100.1 ping statistics --- 2 packets transmitted, 2 received, 0% packet loss, time 1019ms rtt min/avg/max/mdev = 0.237/0.294/0.351/0.057 ms
Step 5: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
ulogd\[.*\]:.*\[((NEW)|(UPDATE)|(DESTROY))\].*MARK=33.*LABELS=TESTShow output
Feb 19 12:59:21.333062 osdx systemd-journald[2186]: Runtime Journal (/run/log/journal/69bd8e6fd19244c08e519827aa7e309f) is 2.2M, max 17.2M, 14.9M free. Feb 19 12:59:21.333869 osdx systemd-journald[2186]: Received client request to rotate journal, rotating. Feb 19 12:59:21.333977 osdx systemd-journald[2186]: Vacuuming done, freed 0B of archived journals from /run/log/journal/69bd8e6fd19244c08e519827aa7e309f. Feb 19 12:59:21.344674 osdx OSDxCLI[633180]: User 'admin' executed a new command: 'system journal clear'. Feb 19 12:59:21.625341 osdx OSDxCLI[633180]: User 'admin' executed a new command: 'system coredump delete all'. Feb 19 12:59:21.944205 osdx OSDxCLI[633180]: User 'admin' entered the configuration menu. Feb 19 12:59:22.072652 osdx OSDxCLI[633180]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 traffic policy in POLICY'. Feb 19 12:59:22.121921 osdx OSDxCLI[633180]: User 'admin' added a new cfg line: 'set traffic label TEST'. Feb 19 12:59:22.238475 osdx OSDxCLI[633180]: User 'admin' added a new cfg line: 'set traffic policy POLICY rule 1 set connmark 33'. Feb 19 12:59:22.294950 osdx OSDxCLI[633180]: User 'admin' added a new cfg line: 'set traffic policy POLICY rule 1 set label TEST'. Feb 19 12:59:22.398413 osdx OSDxCLI[633180]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 192.168.100.1/24'. Feb 19 12:59:22.467563 osdx OSDxCLI[633180]: User 'admin' added a new cfg line: 'set system conntrack logging events all'. Feb 19 12:59:22.598820 osdx OSDxCLI[633180]: User 'admin' added a new cfg line: 'show working'. Feb 19 12:59:22.659965 osdx ubnt-cfgd[646621]: inactive Feb 19 12:59:22.690124 osdx INFO[646635]: FRR daemons did not change Feb 19 12:59:22.721865 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Feb 19 12:59:22.765122 osdx WARNING[646707]: No supported link modes on interface eth0 Feb 19 12:59:22.766413 osdx modulelauncher[646707]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on Feb 19 12:59:22.766426 osdx modulelauncher[646707]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76. Feb 19 12:59:22.767600 osdx modulelauncher[646707]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off -- Feb 19 12:59:22.767610 osdx modulelauncher[646707]: Command '/sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off --' returned non-zero exit status 75. Feb 19 12:59:22.810300 osdx systemd[1]: Starting ulogd2.service - Netfilter Userspace Logging Daemon... Feb 19 12:59:22.810961 osdx systemd[1]: Started ulogd2.service - Netfilter Userspace Logging Daemon. Feb 19 12:59:22.811083 osdx ulogd[646732]: registering plugin `NFCT' Feb 19 12:59:22.811128 osdx ulogd[646732]: registering plugin `IP2STR' Feb 19 12:59:22.811166 osdx ulogd[646732]: registering plugin `PRINTFLOW' Feb 19 12:59:22.811203 osdx ulogd[646732]: registering plugin `SYSLOG' Feb 19 12:59:22.811206 osdx ulogd[646732]: building new pluginstance stack: 'ct1:NFCT,ip2str1:IP2STR,print1:PRINTFLOW,sys1:SYSLOG' Feb 19 12:59:22.811245 osdx ulogd[646732]: NFCT plugin working in event mode Feb 19 12:59:22.811251 osdx ulogd[646732]: Changing UID / GID Feb 19 12:59:22.811318 osdx ulogd[646732]: initialization finished, entering main loop Feb 19 12:59:22.820958 osdx ulogd[646732]: Terminal signal received, exiting Feb 19 12:59:22.821032 osdx systemd[1]: Stopping ulogd2.service - Netfilter Userspace Logging Daemon... Feb 19 12:59:22.821275 osdx systemd[1]: ulogd2.service: Deactivated successfully. Feb 19 12:59:22.821392 osdx systemd[1]: Stopped ulogd2.service - Netfilter Userspace Logging Daemon. Feb 19 12:59:22.822352 osdx systemd[1]: Starting ulogd2.service - Netfilter Userspace Logging Daemon... Feb 19 12:59:22.823158 osdx systemd[1]: Started ulogd2.service - Netfilter Userspace Logging Daemon. Feb 19 12:59:22.823324 osdx ulogd[646738]: registering plugin `NFCT' Feb 19 12:59:22.823375 osdx ulogd[646738]: registering plugin `IP2STR' Feb 19 12:59:22.823422 osdx ulogd[646738]: registering plugin `PRINTFLOW' Feb 19 12:59:22.823478 osdx ulogd[646738]: registering plugin `SYSLOG' Feb 19 12:59:22.823482 osdx ulogd[646738]: building new pluginstance stack: 'ct1:NFCT,ip2str1:IP2STR,print1:PRINTFLOW,sys1:SYSLOG' Feb 19 12:59:22.823530 osdx ulogd[646738]: NFCT plugin working in event mode Feb 19 12:59:22.823537 osdx ulogd[646738]: Changing UID / GID Feb 19 12:59:22.823610 osdx ulogd[646738]: initialization finished, entering main loop Feb 19 12:59:23.013819 osdx cfgd[1859]: [633180]Completed change to active configuration Feb 19 12:59:23.029033 osdx OSDxCLI[633180]: User 'admin' committed the configuration. Feb 19 12:59:23.067096 osdx OSDxCLI[633180]: User 'admin' left the configuration menu. Feb 19 12:59:23.981804 osdx ulogd[646738]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 MARK=33 LABELS=TEST Feb 19 12:59:23.981826 osdx ulogd[646738]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 MARK=33 Feb 19 12:59:24.060297 osdx ulogd[646738]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 MARK=33 LABELS=TEST Feb 19 12:59:24.060317 osdx ulogd[646738]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 MARK=33
VRF logging
Description
Set a simple configuration with a vrf,
send a ping command from one device to other
and check that default and vrf fields appear when running system journal show.
Scenario
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 192.168.100.1/24 set interfaces ethernet eth0 vrf RED set protocols vrf RED static route 0.0.0.0/0 next-hop 192.168.100.2 set system conntrack logging events all set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0' set system vrf RED
Step 2: Set the following configuration in DUT1 :
set interfaces ethernet eth0 address 192.168.100.2/24 set protocols static route 0.0.0.0/0 next-hop 192.168.100.1 set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 3: Ping IP address 192.168.100.1 from DUT1:
admin@DUT1$ ping 192.168.100.1 count 1 size 56 timeout 1Show output
PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data. 64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.611 ms --- 192.168.100.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.611/0.611/0.611/0.000 ms
Step 4: Ping IP address 192.168.100.1 from DUT1:
admin@DUT1$ ping 192.168.100.1 count 1 size 56 timeout 1Show output
PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data. 64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.263 ms --- 192.168.100.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.263/0.263/0.263/0.000 ms
Step 5: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
ulogd\[.*\]:.*\[((NEW)|(UPDATE)|(DESTROY))\].*VRF=REDShow output
Feb 19 12:59:30.417276 osdx systemd-journald[2186]: Runtime Journal (/run/log/journal/69bd8e6fd19244c08e519827aa7e309f) is 2.3M, max 17.2M, 14.9M free. Feb 19 12:59:30.419064 osdx systemd-journald[2186]: Received client request to rotate journal, rotating. Feb 19 12:59:30.419131 osdx systemd-journald[2186]: Vacuuming done, freed 0B of archived journals from /run/log/journal/69bd8e6fd19244c08e519827aa7e309f. Feb 19 12:59:30.428042 osdx OSDxCLI[633180]: User 'admin' executed a new command: 'system journal clear'. Feb 19 12:59:30.676690 osdx OSDxCLI[633180]: User 'admin' executed a new command: 'system coredump delete all'. Feb 19 12:59:30.944954 osdx OSDxCLI[633180]: User 'admin' entered the configuration menu. Feb 19 12:59:31.030717 osdx OSDxCLI[633180]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 vrf RED'. Feb 19 12:59:31.115567 osdx OSDxCLI[633180]: User 'admin' added a new cfg line: 'set protocols vrf RED static route 0.0.0.0/0 next-hop 192.168.100.2'. Feb 19 12:59:31.209666 osdx OSDxCLI[633180]: User 'admin' added a new cfg line: 'set system vrf RED'. Feb 19 12:59:31.281827 osdx OSDxCLI[633180]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 192.168.100.1/24'. Feb 19 12:59:31.410708 osdx OSDxCLI[633180]: User 'admin' added a new cfg line: 'set system conntrack logging events all'. Feb 19 12:59:31.479980 osdx OSDxCLI[633180]: User 'admin' added a new cfg line: 'show working'. Feb 19 12:59:31.586204 osdx ubnt-cfgd[646987]: inactive Feb 19 12:59:31.609134 osdx INFO[646993]: FRR daemons did not change Feb 19 12:59:31.619750 osdx (udev-worker)[647004]: RED: Could not disable auto negotiation, ignoring: Operation not supported Feb 19 12:59:31.619778 osdx (udev-worker)[647004]: Network interface NamePolicy= disabled on kernel command line. Feb 19 12:59:31.655063 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Feb 19 12:59:31.704416 osdx WARNING[647084]: No supported link modes on interface eth0 Feb 19 12:59:31.705824 osdx modulelauncher[647084]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on Feb 19 12:59:31.705838 osdx modulelauncher[647084]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76. Feb 19 12:59:31.706982 osdx modulelauncher[647084]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off -- Feb 19 12:59:31.706990 osdx modulelauncher[647084]: Command '/sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off --' returned non-zero exit status 75. Feb 19 12:59:31.719063 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Feb 19 12:59:31.803439 osdx systemd[1]: Starting ulogd2.service - Netfilter Userspace Logging Daemon... Feb 19 12:59:31.804197 osdx systemd[1]: Started ulogd2.service - Netfilter Userspace Logging Daemon. Feb 19 12:59:31.804316 osdx ulogd[647170]: registering plugin `NFCT' Feb 19 12:59:31.804370 osdx ulogd[647170]: registering plugin `IP2STR' Feb 19 12:59:31.804424 osdx ulogd[647170]: registering plugin `PRINTFLOW' Feb 19 12:59:31.804474 osdx ulogd[647170]: registering plugin `SYSLOG' Feb 19 12:59:31.804478 osdx ulogd[647170]: building new pluginstance stack: 'ct1:NFCT,ip2str1:IP2STR,print1:PRINTFLOW,sys1:SYSLOG' Feb 19 12:59:31.804529 osdx ulogd[647170]: NFCT plugin working in event mode Feb 19 12:59:31.804537 osdx ulogd[647170]: Changing UID / GID Feb 19 12:59:31.804621 osdx ulogd[647170]: initialization finished, entering main loop Feb 19 12:59:31.806731 osdx cfgd[1859]: [633180]Completed change to active configuration Feb 19 12:59:31.818626 osdx OSDxCLI[633180]: User 'admin' committed the configuration. Feb 19 12:59:31.846572 osdx OSDxCLI[633180]: User 'admin' left the configuration menu. Feb 19 12:59:32.799348 osdx ulogd[647170]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 VRF=RED PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 VRF=RED PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 Feb 19 12:59:32.799390 osdx ulogd[647170]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 VRF=RED PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 VRF=RED PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 Feb 19 12:59:32.883426 osdx ulogd[647170]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 VRF=RED PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 VRF=RED PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 Feb 19 12:59:32.883452 osdx ulogd[647170]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 VRF=RED PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 VRF=RED PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0
Not-Bypass logging
Description
Set a simple configuration with a firewall service,
send a ping command from one device to other
and check that default and bypass fields appear when running system journal show.
Scenario
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth1 address 10.215.168.64/24 set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 2: Ping IP address 10.215.168.1 from DUT0:
admin@DUT0$ ping 10.215.168.1 count 1 size 56 timeout 1Show output
PING 10.215.168.1 (10.215.168.1) 56(84) bytes of data. 64 bytes from 10.215.168.1: icmp_seq=1 ttl=64 time=0.318 ms --- 10.215.168.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.318/0.318/0.318/0.000 ms
Step 3: Run command file copy http://10.215.168.1/~robot/test-performance.rules running:// force at DUT0 and expect this output:
Show output
% Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 100 129 100 129 0 0 20742 0 --:--:-- --:--:-- --:--:-- 21500
Step 4: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 192.168.100.1/24 set interfaces ethernet eth0 traffic policy in POLICY set interfaces ethernet eth1 address 10.215.168.64/24 set service firewall FW mode inline queue FW_Q set service firewall FW ruleset file 'running://test-performance.rules' set service firewall FW stream bypass mark 129834765 set service firewall FW stream bypass mask 129834765 set service firewall FW stream bypass set-connmark set system conntrack logging events all set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0' set traffic policy POLICY rule 1 action enqueue FW_Q set traffic queue FW_Q elements 1
Step 5: Set the following configuration in DUT1 :
set interfaces ethernet eth0 address 192.168.100.2/24 set protocols static route 0.0.0.0/0 next-hop 192.168.100.1 set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 6: Ping IP address 192.168.100.1 from DUT1:
admin@DUT1$ ping 192.168.100.1 count 1 size 56 timeout 1Show output
PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data. 64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.514 ms --- 192.168.100.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.514/0.514/0.514/0.000 ms
Step 7: Ping IP address 192.168.100.1 from DUT1:
admin@DUT1$ ping 192.168.100.1 count 1 size 56 timeout 1Show output
PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data. 64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.341 ms --- 192.168.100.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.341/0.341/0.341/0.000 ms
Step 8: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
ulogd\[.*\]:.*\[((NEW)|(UPDATE)|(DESTROY))\].*Sc: not-bypassShow output
Feb 19 12:59:37.327238 osdx systemd-journald[2186]: Runtime Journal (/run/log/journal/69bd8e6fd19244c08e519827aa7e309f) is 2.3M, max 17.2M, 14.9M free. Feb 19 12:59:37.331090 osdx systemd-journald[2186]: Received client request to rotate journal, rotating. Feb 19 12:59:37.331163 osdx systemd-journald[2186]: Vacuuming done, freed 0B of archived journals from /run/log/journal/69bd8e6fd19244c08e519827aa7e309f. Feb 19 12:59:37.338197 osdx OSDxCLI[633180]: User 'admin' executed a new command: 'system journal clear'. Feb 19 12:59:37.574595 osdx OSDxCLI[633180]: User 'admin' executed a new command: 'system coredump delete all'. Feb 19 12:59:37.906588 osdx OSDxCLI[633180]: User 'admin' entered the configuration menu. Feb 19 12:59:38.008775 osdx OSDxCLI[633180]: User 'admin' added a new cfg line: 'set interfaces ethernet eth1 address 10.215.168.64/24'. Feb 19 12:59:38.089530 osdx OSDxCLI[633180]: User 'admin' added a new cfg line: 'show working'. Feb 19 12:59:38.201715 osdx ubnt-cfgd[647454]: inactive Feb 19 12:59:38.222256 osdx INFO[647460]: FRR daemons did not change Feb 19 12:59:38.255078 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth1 Feb 19 12:59:38.303189 osdx WARNING[647529]: No supported link modes on interface eth1 Feb 19 12:59:38.304996 osdx modulelauncher[647529]: osdx.utils.xos cmd error: /sbin/ethtool -A eth1 autoneg on Feb 19 12:59:38.305009 osdx modulelauncher[647529]: Command '/sbin/ethtool -A eth1 autoneg on' returned non-zero exit status 76. Feb 19 12:59:38.306682 osdx modulelauncher[647529]: osdx.utils.xos cmd error: /sbin/ethtool -s eth1 autoneg on advertise Asym_Pause off Pause off -- Feb 19 12:59:38.306692 osdx modulelauncher[647529]: Command '/sbin/ethtool -s eth1 autoneg on advertise Asym_Pause off Pause off --' returned non-zero exit status 75. Feb 19 12:59:38.319427 osdx cfgd[1859]: [633180]Completed change to active configuration Feb 19 12:59:38.331861 osdx OSDxCLI[633180]: User 'admin' committed the configuration. Feb 19 12:59:38.348036 osdx OSDxCLI[633180]: User 'admin' left the configuration menu. Feb 19 12:59:38.505227 osdx OSDxCLI[633180]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'. Feb 19 12:59:38.673341 osdx file_operation[647585]: using src url: http://10.215.168.1/~robot/test-performance.rules dst url: running:// Feb 19 12:59:38.702663 osdx OSDxCLI[633180]: User 'admin' executed a new command: 'file copy http://10.215.168.1/~robot/test-performance.rules running:// force'. Feb 19 12:59:38.854440 osdx OSDxCLI[633180]: User 'admin' entered the configuration menu. Feb 19 12:59:38.941595 osdx OSDxCLI[633180]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 traffic policy in POLICY'. Feb 19 12:59:39.052671 osdx OSDxCLI[633180]: User 'admin' added a new cfg line: 'set service firewall FW mode inline queue FW_Q'. Feb 19 12:59:39.158864 osdx OSDxCLI[633180]: User 'admin' added a new cfg line: 'set service firewall FW ruleset file running://test-performance.rules'. Feb 19 12:59:39.216074 osdx OSDxCLI[633180]: User 'admin' added a new cfg line: 'set service firewall FW stream bypass'. Feb 19 12:59:39.383381 osdx OSDxCLI[633180]: User 'admin' added a new cfg line: 'set service firewall FW stream bypass mark 129834765'. Feb 19 12:59:39.507146 osdx OSDxCLI[633180]: User 'admin' added a new cfg line: 'set service firewall FW stream bypass mask 129834765'. Feb 19 12:59:39.623118 osdx OSDxCLI[633180]: User 'admin' added a new cfg line: 'set service firewall FW stream bypass set-connmark'. Feb 19 12:59:39.747515 osdx OSDxCLI[633180]: User 'admin' added a new cfg line: 'set traffic queue FW_Q elements 1'. Feb 19 12:59:39.826665 osdx OSDxCLI[633180]: User 'admin' added a new cfg line: 'set traffic policy POLICY rule 1 action enqueue FW_Q'. Feb 19 12:59:39.944477 osdx OSDxCLI[633180]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 192.168.100.1/24'. Feb 19 12:59:40.003099 osdx OSDxCLI[633180]: User 'admin' added a new cfg line: 'set system conntrack logging events all'. Feb 19 12:59:40.127225 osdx OSDxCLI[633180]: User 'admin' added a new cfg line: 'show working'. Feb 19 12:59:40.200552 osdx ubnt-cfgd[647620]: inactive Feb 19 12:59:40.243165 osdx INFO[647637]: FRR daemons did not change Feb 19 12:59:40.275066 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Feb 19 12:59:40.320629 osdx WARNING[647709]: No supported link modes on interface eth0 Feb 19 12:59:40.321982 osdx modulelauncher[647709]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on Feb 19 12:59:40.321992 osdx modulelauncher[647709]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76. Feb 19 12:59:40.323104 osdx modulelauncher[647709]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off -- Feb 19 12:59:40.323111 osdx modulelauncher[647709]: Command '/sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off --' returned non-zero exit status 75. Feb 19 12:59:40.367491 osdx systemd[1]: Starting ulogd2.service - Netfilter Userspace Logging Daemon... Feb 19 12:59:40.368393 osdx systemd[1]: Started ulogd2.service - Netfilter Userspace Logging Daemon. Feb 19 12:59:40.368501 osdx ulogd[647734]: registering plugin `NFCT' Feb 19 12:59:40.368704 osdx ulogd[647734]: registering plugin `IP2STR' Feb 19 12:59:40.368779 osdx ulogd[647734]: registering plugin `PRINTFLOW' Feb 19 12:59:40.368832 osdx ulogd[647734]: registering plugin `SYSLOG' Feb 19 12:59:40.368839 osdx ulogd[647734]: building new pluginstance stack: 'ct1:NFCT,ip2str1:IP2STR,print1:PRINTFLOW,sys1:SYSLOG' Feb 19 12:59:40.368886 osdx ulogd[647734]: NFCT plugin working in event mode Feb 19 12:59:40.368929 osdx ulogd[647734]: Changing UID / GID Feb 19 12:59:40.368999 osdx ulogd[647734]: initialization finished, entering main loop Feb 19 12:59:40.500448 osdx ulogd[647734]: Terminal signal received, exiting Feb 19 12:59:40.500512 osdx systemd[1]: Stopping ulogd2.service - Netfilter Userspace Logging Daemon... Feb 19 12:59:40.500776 osdx systemd[1]: ulogd2.service: Deactivated successfully. Feb 19 12:59:40.500870 osdx systemd[1]: Stopped ulogd2.service - Netfilter Userspace Logging Daemon. Feb 19 12:59:40.523501 osdx systemd[1]: Starting ulogd2.service - Netfilter Userspace Logging Daemon... Feb 19 12:59:40.524398 osdx systemd[1]: Started ulogd2.service - Netfilter Userspace Logging Daemon. Feb 19 12:59:40.524605 osdx ulogd[647758]: registering plugin `NFCT' Feb 19 12:59:40.524853 osdx ulogd[647758]: registering plugin `IP2STR' Feb 19 12:59:40.524911 osdx ulogd[647758]: registering plugin `PRINTFLOW' Feb 19 12:59:40.525002 osdx ulogd[647758]: registering plugin `SYSLOG' Feb 19 12:59:40.525010 osdx ulogd[647758]: building new pluginstance stack: 'ct1:NFCT,ip2str1:IP2STR,print1:PRINTFLOW,sys1:SYSLOG' Feb 19 12:59:40.525076 osdx ulogd[647758]: NFCT plugin working in event mode Feb 19 12:59:40.525133 osdx ulogd[647758]: Changing UID / GID Feb 19 12:59:40.525222 osdx ulogd[647758]: initialization finished, entering main loop Feb 19 12:59:40.560511 osdx systemd[1]: Reloading. Feb 19 12:59:40.623081 osdx systemd-sysv-generator[647779]: stat() failed on /etc/init.d/README, ignoring: No such file or directory Feb 19 12:59:40.767496 osdx systemd[1]: Starting logrotate.service - Rotate log files... Feb 19 12:59:40.771523 osdx systemd[1]: Starting suricata@FW.service - Suricata client "FW" service... Feb 19 12:59:40.792323 osdx systemd[1]: logrotate.service: Deactivated successfully. Feb 19 12:59:40.792474 osdx systemd[1]: Finished logrotate.service - Rotate log files. Feb 19 12:59:40.795705 osdx systemd[1]: Started suricata@FW.service - Suricata client "FW" service. Feb 19 12:59:40.822288 osdx INFO[647760]: Rules successfully loaded Feb 19 12:59:40.823099 osdx cfgd[1859]: [633180]Completed change to active configuration Feb 19 12:59:40.837403 osdx OSDxCLI[633180]: User 'admin' committed the configuration. Feb 19 12:59:40.865663 osdx OSDxCLI[633180]: User 'admin' left the configuration menu. Feb 19 12:59:41.792581 osdx ulogd[647758]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 (Sc: not-bypass) Feb 19 12:59:41.792607 osdx ulogd[647758]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 (Sc: not-bypass) Feb 19 12:59:41.883322 osdx ulogd[647758]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 (Sc: not-bypass) Feb 19 12:59:41.883351 osdx ulogd[647758]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 (Sc: not-bypass)
Offload flag
Description
Set a simple configuration with DUT0 as an intermediary between DUT1
and DUT2. Initiate a ssh connection from DUT1 to DUT2
and check that default and offload fields appear when running system journal show.
Scenario
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 192.168.100.1/24 set interfaces ethernet eth1 address 192.168.200.1/24 set system conntrack logging events all set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 2: Set the following configuration in DUT1 :
set interfaces ethernet eth0 address 192.168.100.2/24 set protocols static route 0.0.0.0/0 next-hop 192.168.100.1 set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 3: Set the following configuration in DUT2 :
set interfaces ethernet eth0 address 192.168.200.2/24 set protocols static route 0.0.0.0/0 next-hop 192.168.200.1 set service ssh set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 4: Ping IP address 192.168.100.1 from DUT1:
admin@DUT1$ ping 192.168.100.1 count 1 size 56 timeout 1Show output
PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data. 64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.448 ms --- 192.168.100.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.448/0.448/0.448/0.000 ms
Step 5: Ping IP address 192.168.200.1 from DUT2:
admin@DUT2$ ping 192.168.200.1 count 1 size 56 timeout 1Show output
PING 192.168.200.1 (192.168.200.1) 56(84) bytes of data. 64 bytes from 192.168.200.1: icmp_seq=1 ttl=64 time=0.364 ms --- 192.168.200.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.364/0.364/0.364/0.000 ms
Step 6: Init an SSH connection from DUT1 to IP address 192.168.200.2 with the user admin:
admin@DUT1$ ssh admin@192.168.200.2 option StrictHostKeyChecking=no option UserKnownHostsFile=/dev/nullShow output
Warning: Permanently added '192.168.200.2' (ECDSA) to the list of known hosts. admin@192.168.200.2's password: Welcome to Teldat OSDx v4.2.8.4 This system includes free software. Contact Teldat for licenses information and source code. Last login: Thu Feb 19 12:52:33 2026 from 10.215.168.64 admin@osdx$
Step 7: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
ulogd\[.*\]:.*\[((NEW)|(UPDATE)|(DESTROY))\].*\[OFFLOAD\]Show output
Feb 19 12:59:48.332329 osdx systemd-journald[2186]: Runtime Journal (/run/log/journal/69bd8e6fd19244c08e519827aa7e309f) is 2.2M, max 17.2M, 14.9M free. Feb 19 12:59:48.334186 osdx systemd-journald[2186]: Received client request to rotate journal, rotating. Feb 19 12:59:48.334241 osdx systemd-journald[2186]: Vacuuming done, freed 0B of archived journals from /run/log/journal/69bd8e6fd19244c08e519827aa7e309f. Feb 19 12:59:48.344475 osdx OSDxCLI[633180]: User 'admin' executed a new command: 'system journal clear'. Feb 19 12:59:48.552393 osdx OSDxCLI[633180]: User 'admin' executed a new command: 'system coredump delete all'. Feb 19 12:59:48.815325 osdx OSDxCLI[633180]: User 'admin' entered the configuration menu. Feb 19 12:59:48.919380 osdx OSDxCLI[633180]: User 'admin' added a new cfg line: 'set interfaces ethernet eth1 address 192.168.200.1/24'. Feb 19 12:59:48.994713 osdx OSDxCLI[633180]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 192.168.100.1/24'. Feb 19 12:59:49.086092 osdx OSDxCLI[633180]: User 'admin' added a new cfg line: 'set system conntrack logging events all'. Feb 19 12:59:49.152097 osdx OSDxCLI[633180]: User 'admin' added a new cfg line: 'show working'. Feb 19 12:59:49.245857 osdx ubnt-cfgd[648098]: inactive Feb 19 12:59:49.266125 osdx INFO[648104]: FRR daemons did not change Feb 19 12:59:49.298200 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth1 Feb 19 12:59:49.342919 osdx WARNING[648176]: No supported link modes on interface eth1 Feb 19 12:59:49.344593 osdx modulelauncher[648176]: osdx.utils.xos cmd error: /sbin/ethtool -A eth1 autoneg on Feb 19 12:59:49.344604 osdx modulelauncher[648176]: Command '/sbin/ethtool -A eth1 autoneg on' returned non-zero exit status 76. Feb 19 12:59:49.345755 osdx modulelauncher[648176]: osdx.utils.xos cmd error: /sbin/ethtool -s eth1 autoneg on advertise Asym_Pause off Pause off -- Feb 19 12:59:49.345762 osdx modulelauncher[648176]: Command '/sbin/ethtool -s eth1 autoneg on advertise Asym_Pause off Pause off --' returned non-zero exit status 75. Feb 19 12:59:49.378187 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Feb 19 12:59:49.424804 osdx WARNING[648256]: No supported link modes on interface eth0 Feb 19 12:59:49.426333 osdx modulelauncher[648256]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on Feb 19 12:59:49.426348 osdx modulelauncher[648256]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76. Feb 19 12:59:49.427496 osdx modulelauncher[648256]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off -- Feb 19 12:59:49.427504 osdx modulelauncher[648256]: Command '/sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off --' returned non-zero exit status 75. Feb 19 12:59:49.506631 osdx systemd[1]: Starting ulogd2.service - Netfilter Userspace Logging Daemon... Feb 19 12:59:49.507474 osdx systemd[1]: Started ulogd2.service - Netfilter Userspace Logging Daemon. Feb 19 12:59:49.507607 osdx ulogd[648282]: registering plugin `NFCT' Feb 19 12:59:49.507661 osdx ulogd[648282]: registering plugin `IP2STR' Feb 19 12:59:49.507710 osdx ulogd[648282]: registering plugin `PRINTFLOW' Feb 19 12:59:49.507758 osdx ulogd[648282]: registering plugin `SYSLOG' Feb 19 12:59:49.507763 osdx ulogd[648282]: building new pluginstance stack: 'ct1:NFCT,ip2str1:IP2STR,print1:PRINTFLOW,sys1:SYSLOG' Feb 19 12:59:49.507814 osdx ulogd[648282]: NFCT plugin working in event mode Feb 19 12:59:49.507822 osdx ulogd[648282]: Changing UID / GID Feb 19 12:59:49.507905 osdx ulogd[648282]: initialization finished, entering main loop Feb 19 12:59:49.509323 osdx cfgd[1859]: [633180]Completed change to active configuration Feb 19 12:59:49.523620 osdx OSDxCLI[633180]: User 'admin' committed the configuration. Feb 19 12:59:49.542234 osdx OSDxCLI[633180]: User 'admin' left the configuration menu. Feb 19 12:59:51.409971 osdx ulogd[648282]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 Feb 19 12:59:51.409989 osdx ulogd[648282]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 Feb 19 12:59:51.508725 osdx ulogd[648282]: [NEW] ORIG: SRC=192.168.200.2 DST=192.168.200.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.200.1 DST=192.168.200.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 Feb 19 12:59:51.508748 osdx ulogd[648282]: [UPDATE] ORIG: SRC=192.168.200.2 DST=192.168.200.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.200.1 DST=192.168.200.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 Feb 19 12:59:51.617725 osdx ulogd[648282]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.200.2 PROTO=TCP SPT=55730 DPT=22 PKTS=0 BYTES=0 , REPLY: SRC=192.168.200.2 DST=192.168.100.2 PROTO=TCP SPT=22 DPT=55730 PKTS=0 BYTES=0 Feb 19 12:59:51.617952 osdx ulogd[648282]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.200.2 PROTO=TCP SPT=55730 DPT=22 PKTS=0 BYTES=0 , REPLY: SRC=192.168.200.2 DST=192.168.100.2 PROTO=TCP SPT=22 DPT=55730 PKTS=0 BYTES=0 Feb 19 12:59:51.618069 osdx ulogd[648282]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.200.2 PROTO=TCP SPT=55730 DPT=22 PKTS=0 BYTES=0 , REPLY: SRC=192.168.200.2 DST=192.168.100.2 PROTO=TCP SPT=22 DPT=55730 PKTS=0 BYTES=0 [OFFLOAD] Feb 19 12:59:51.934852 osdx ulogd[648282]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.200.2 PROTO=TCP SPT=55730 DPT=22 PKTS=0 BYTES=0 , REPLY: SRC=192.168.200.2 DST=192.168.100.2 PROTO=TCP SPT=22 DPT=55730 PKTS=0 BYTES=0 Feb 19 12:59:51.935101 osdx ulogd[648282]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.200.2 PROTO=TCP SPT=55730 DPT=22 PKTS=0 BYTES=0 , REPLY: SRC=192.168.200.2 DST=192.168.100.2 PROTO=TCP SPT=22 DPT=55730 PKTS=0 BYTES=0 [OFFLOAD] Feb 19 12:59:51.937363 osdx ulogd[648282]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.200.2 PROTO=TCP SPT=55730 DPT=22 PKTS=0 BYTES=0 , REPLY: SRC=192.168.200.2 DST=192.168.100.2 PROTO=TCP SPT=22 DPT=55730 PKTS=0 BYTES=0 Feb 19 12:59:51.937486 osdx ulogd[648282]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.200.2 PROTO=TCP SPT=55730 DPT=22 PKTS=0 BYTES=0 , REPLY: SRC=192.168.200.2 DST=192.168.100.2 PROTO=TCP SPT=22 DPT=55730 PKTS=0 BYTES=0 [OFFLOAD]
App detect logging
Description
Set a simple configuration enabling app detection in system conntrack, send a ping command from DUT1
and check app detect field appears when running system journal show. After that, enabling app detection
in system conntrack for http host, try to copy index.html from a http server
and check that the app detect field appears and belongs to the http server when running system journal show.
Scenario
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 192.168.100.1/24 set system conntrack app-detect set system conntrack logging events all set system conntrack timeout icmp 1 set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 2: Set the following configuration in DUT1 :
set interfaces ethernet eth0 address 192.168.100.2/24 set protocols static route 0.0.0.0/0 next-hop 192.168.100.1 set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 3: Ping IP address 192.168.100.1 from DUT1:
admin@DUT1$ ping 192.168.100.1 count 1 size 56 timeout 1Show output
PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data. 64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.460 ms --- 192.168.100.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.460/0.460/0.460/0.000 ms
Step 4: Ping IP address 192.168.100.1 from DUT1:
admin@DUT1$ ping 192.168.100.1 count 3 size 56 timeout 1Show output
PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data. 64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.280 ms 64 bytes from 192.168.100.1: icmp_seq=2 ttl=64 time=0.369 ms 64 bytes from 192.168.100.1: icmp_seq=3 ttl=64 time=0.353 ms --- 192.168.100.1 ping statistics --- 3 packets transmitted, 3 received, 0% packet loss, time 2040ms rtt min/avg/max/mdev = 0.280/0.334/0.369/0.038 ms
Step 5: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
ulogd\[.*\]:.*\[NEW\].*APPDETECT\[L3:1\]Show output
Feb 19 12:59:57.296997 osdx systemd-journald[2186]: Runtime Journal (/run/log/journal/69bd8e6fd19244c08e519827aa7e309f) is 2.3M, max 17.2M, 14.9M free. Feb 19 12:59:57.297655 osdx systemd-journald[2186]: Received client request to rotate journal, rotating. Feb 19 12:59:57.297697 osdx systemd-journald[2186]: Vacuuming done, freed 0B of archived journals from /run/log/journal/69bd8e6fd19244c08e519827aa7e309f. Feb 19 12:59:57.307013 osdx OSDxCLI[633180]: User 'admin' executed a new command: 'system journal clear'. Feb 19 12:59:57.528518 osdx OSDxCLI[633180]: User 'admin' executed a new command: 'system coredump delete all'. Feb 19 12:59:57.775822 osdx OSDxCLI[633180]: User 'admin' entered the configuration menu. Feb 19 12:59:57.832810 osdx OSDxCLI[633180]: User 'admin' added a new cfg line: 'set system conntrack app-detect'. Feb 19 12:59:57.927098 osdx OSDxCLI[633180]: User 'admin' added a new cfg line: 'set system conntrack timeout icmp 1'. Feb 19 12:59:58.005511 osdx OSDxCLI[633180]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 192.168.100.1/24'. Feb 19 12:59:58.084622 osdx OSDxCLI[633180]: User 'admin' added a new cfg line: 'set system conntrack logging events all'. Feb 19 12:59:58.189327 osdx OSDxCLI[633180]: User 'admin' added a new cfg line: 'show working'. Feb 19 12:59:58.249538 osdx ubnt-cfgd[648519]: inactive Feb 19 12:59:58.267610 osdx INFO[648525]: FRR daemons did not change Feb 19 12:59:58.413575 osdx kernel: nfUDPlink: module init Feb 19 12:59:58.413635 osdx kernel: app-detect: module init Feb 19 12:59:58.413652 osdx kernel: app-detect: registered: sysctl net.appdetect Feb 19 12:59:58.413663 osdx kernel: nfUDPlink: connected 127.0.0.1:49000 Feb 19 12:59:58.413674 osdx kernel: nfUDPlink: added destination 127.0.0.1:49000 Feb 19 12:59:58.413683 osdx kernel: app-detect: expression init Feb 19 12:59:58.413694 osdx kernel: app-detect: appid cache initialized (override=yes, chained=yes) Feb 19 12:59:58.413705 osdx kernel: app-detect: cache changes counter set appid_changes_count found (klen=4, dlen=4) Feb 19 12:59:58.419506 osdx modulelauncher[648528]: AppDetect: no appdetect_chain refresh needed, nothing more to do Feb 19 12:59:58.422196 osdx INFO[648553]: Stopping Traffic Categorization (TCATD) service ... Feb 19 12:59:58.465550 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Feb 19 12:59:58.506327 osdx WARNING[648628]: No supported link modes on interface eth0 Feb 19 12:59:58.507978 osdx modulelauncher[648628]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on Feb 19 12:59:58.507990 osdx modulelauncher[648628]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76. Feb 19 12:59:58.509079 osdx modulelauncher[648628]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off -- Feb 19 12:59:58.509087 osdx modulelauncher[648628]: Command '/sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off --' returned non-zero exit status 75. Feb 19 12:59:58.565885 osdx systemd[1]: Starting ulogd2.service - Netfilter Userspace Logging Daemon... Feb 19 12:59:58.566536 osdx systemd[1]: Started ulogd2.service - Netfilter Userspace Logging Daemon. Feb 19 12:59:58.566695 osdx ulogd[648653]: registering plugin `NFCT' Feb 19 12:59:58.566874 osdx ulogd[648653]: registering plugin `IP2STR' Feb 19 12:59:58.566913 osdx ulogd[648653]: registering plugin `PRINTFLOW' Feb 19 12:59:58.566951 osdx ulogd[648653]: registering plugin `SYSLOG' Feb 19 12:59:58.566956 osdx ulogd[648653]: building new pluginstance stack: 'ct1:NFCT,ip2str1:IP2STR,print1:PRINTFLOW,sys1:SYSLOG' Feb 19 12:59:58.566996 osdx ulogd[648653]: NFCT plugin working in event mode Feb 19 12:59:58.567033 osdx ulogd[648653]: Changing UID / GID Feb 19 12:59:58.567101 osdx ulogd[648653]: initialization finished, entering main loop Feb 19 12:59:58.567571 osdx cfgd[1859]: [633180]Completed change to active configuration Feb 19 12:59:58.591287 osdx OSDxCLI[633180]: User 'admin' committed the configuration. Feb 19 12:59:58.626295 osdx OSDxCLI[633180]: User 'admin' left the configuration menu. Feb 19 12:59:59.438678 osdx ulogd[648653]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Feb 19 12:59:59.438703 osdx ulogd[648653]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Feb 19 12:59:59.519043 osdx ulogd[648653]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Feb 19 12:59:59.519074 osdx ulogd[648653]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Feb 19 13:00:00.534699 osdx ulogd[648653]: [DESTROY] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 APPDETECT[L3:1] Feb 19 13:00:00.534722 osdx ulogd[648653]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Feb 19 13:00:00.534737 osdx ulogd[648653]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Feb 19 13:00:01.558703 osdx ulogd[648653]: [DESTROY] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 APPDETECT[L3:1] Feb 19 13:00:01.558729 osdx ulogd[648653]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Feb 19 13:00:01.558745 osdx ulogd[648653]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1]
Step 6: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
ulogd\[.*\]:.*\[UPDATE\].*APPDETECT\[L3:1\]Show output
Feb 19 12:59:57.296997 osdx systemd-journald[2186]: Runtime Journal (/run/log/journal/69bd8e6fd19244c08e519827aa7e309f) is 2.3M, max 17.2M, 14.9M free. Feb 19 12:59:57.297655 osdx systemd-journald[2186]: Received client request to rotate journal, rotating. Feb 19 12:59:57.297697 osdx systemd-journald[2186]: Vacuuming done, freed 0B of archived journals from /run/log/journal/69bd8e6fd19244c08e519827aa7e309f. Feb 19 12:59:57.307013 osdx OSDxCLI[633180]: User 'admin' executed a new command: 'system journal clear'. Feb 19 12:59:57.528518 osdx OSDxCLI[633180]: User 'admin' executed a new command: 'system coredump delete all'. Feb 19 12:59:57.775822 osdx OSDxCLI[633180]: User 'admin' entered the configuration menu. Feb 19 12:59:57.832810 osdx OSDxCLI[633180]: User 'admin' added a new cfg line: 'set system conntrack app-detect'. Feb 19 12:59:57.927098 osdx OSDxCLI[633180]: User 'admin' added a new cfg line: 'set system conntrack timeout icmp 1'. Feb 19 12:59:58.005511 osdx OSDxCLI[633180]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 192.168.100.1/24'. Feb 19 12:59:58.084622 osdx OSDxCLI[633180]: User 'admin' added a new cfg line: 'set system conntrack logging events all'. Feb 19 12:59:58.189327 osdx OSDxCLI[633180]: User 'admin' added a new cfg line: 'show working'. Feb 19 12:59:58.249538 osdx ubnt-cfgd[648519]: inactive Feb 19 12:59:58.267610 osdx INFO[648525]: FRR daemons did not change Feb 19 12:59:58.413575 osdx kernel: nfUDPlink: module init Feb 19 12:59:58.413635 osdx kernel: app-detect: module init Feb 19 12:59:58.413652 osdx kernel: app-detect: registered: sysctl net.appdetect Feb 19 12:59:58.413663 osdx kernel: nfUDPlink: connected 127.0.0.1:49000 Feb 19 12:59:58.413674 osdx kernel: nfUDPlink: added destination 127.0.0.1:49000 Feb 19 12:59:58.413683 osdx kernel: app-detect: expression init Feb 19 12:59:58.413694 osdx kernel: app-detect: appid cache initialized (override=yes, chained=yes) Feb 19 12:59:58.413705 osdx kernel: app-detect: cache changes counter set appid_changes_count found (klen=4, dlen=4) Feb 19 12:59:58.419506 osdx modulelauncher[648528]: AppDetect: no appdetect_chain refresh needed, nothing more to do Feb 19 12:59:58.422196 osdx INFO[648553]: Stopping Traffic Categorization (TCATD) service ... Feb 19 12:59:58.465550 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Feb 19 12:59:58.506327 osdx WARNING[648628]: No supported link modes on interface eth0 Feb 19 12:59:58.507978 osdx modulelauncher[648628]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on Feb 19 12:59:58.507990 osdx modulelauncher[648628]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76. Feb 19 12:59:58.509079 osdx modulelauncher[648628]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off -- Feb 19 12:59:58.509087 osdx modulelauncher[648628]: Command '/sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off --' returned non-zero exit status 75. Feb 19 12:59:58.565885 osdx systemd[1]: Starting ulogd2.service - Netfilter Userspace Logging Daemon... Feb 19 12:59:58.566536 osdx systemd[1]: Started ulogd2.service - Netfilter Userspace Logging Daemon. Feb 19 12:59:58.566695 osdx ulogd[648653]: registering plugin `NFCT' Feb 19 12:59:58.566874 osdx ulogd[648653]: registering plugin `IP2STR' Feb 19 12:59:58.566913 osdx ulogd[648653]: registering plugin `PRINTFLOW' Feb 19 12:59:58.566951 osdx ulogd[648653]: registering plugin `SYSLOG' Feb 19 12:59:58.566956 osdx ulogd[648653]: building new pluginstance stack: 'ct1:NFCT,ip2str1:IP2STR,print1:PRINTFLOW,sys1:SYSLOG' Feb 19 12:59:58.566996 osdx ulogd[648653]: NFCT plugin working in event mode Feb 19 12:59:58.567033 osdx ulogd[648653]: Changing UID / GID Feb 19 12:59:58.567101 osdx ulogd[648653]: initialization finished, entering main loop Feb 19 12:59:58.567571 osdx cfgd[1859]: [633180]Completed change to active configuration Feb 19 12:59:58.591287 osdx OSDxCLI[633180]: User 'admin' committed the configuration. Feb 19 12:59:58.626295 osdx OSDxCLI[633180]: User 'admin' left the configuration menu. Feb 19 12:59:59.438678 osdx ulogd[648653]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Feb 19 12:59:59.438703 osdx ulogd[648653]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Feb 19 12:59:59.519043 osdx ulogd[648653]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Feb 19 12:59:59.519074 osdx ulogd[648653]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Feb 19 13:00:00.534699 osdx ulogd[648653]: [DESTROY] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 APPDETECT[L3:1] Feb 19 13:00:00.534722 osdx ulogd[648653]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Feb 19 13:00:00.534737 osdx ulogd[648653]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Feb 19 13:00:01.558703 osdx ulogd[648653]: [DESTROY] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 APPDETECT[L3:1] Feb 19 13:00:01.558729 osdx ulogd[648653]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Feb 19 13:00:01.558745 osdx ulogd[648653]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Feb 19 13:00:01.687747 osdx OSDxCLI[633180]: User 'admin' executed a new command: 'system journal show | cat'.
Step 7: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
ulogd\[.*\]:.*\[DESTROY\].*APPDETECT\[L3:1\]Show output
Feb 19 12:59:57.296997 osdx systemd-journald[2186]: Runtime Journal (/run/log/journal/69bd8e6fd19244c08e519827aa7e309f) is 2.3M, max 17.2M, 14.9M free. Feb 19 12:59:57.297655 osdx systemd-journald[2186]: Received client request to rotate journal, rotating. Feb 19 12:59:57.297697 osdx systemd-journald[2186]: Vacuuming done, freed 0B of archived journals from /run/log/journal/69bd8e6fd19244c08e519827aa7e309f. Feb 19 12:59:57.307013 osdx OSDxCLI[633180]: User 'admin' executed a new command: 'system journal clear'. Feb 19 12:59:57.528518 osdx OSDxCLI[633180]: User 'admin' executed a new command: 'system coredump delete all'. Feb 19 12:59:57.775822 osdx OSDxCLI[633180]: User 'admin' entered the configuration menu. Feb 19 12:59:57.832810 osdx OSDxCLI[633180]: User 'admin' added a new cfg line: 'set system conntrack app-detect'. Feb 19 12:59:57.927098 osdx OSDxCLI[633180]: User 'admin' added a new cfg line: 'set system conntrack timeout icmp 1'. Feb 19 12:59:58.005511 osdx OSDxCLI[633180]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 192.168.100.1/24'. Feb 19 12:59:58.084622 osdx OSDxCLI[633180]: User 'admin' added a new cfg line: 'set system conntrack logging events all'. Feb 19 12:59:58.189327 osdx OSDxCLI[633180]: User 'admin' added a new cfg line: 'show working'. Feb 19 12:59:58.249538 osdx ubnt-cfgd[648519]: inactive Feb 19 12:59:58.267610 osdx INFO[648525]: FRR daemons did not change Feb 19 12:59:58.413575 osdx kernel: nfUDPlink: module init Feb 19 12:59:58.413635 osdx kernel: app-detect: module init Feb 19 12:59:58.413652 osdx kernel: app-detect: registered: sysctl net.appdetect Feb 19 12:59:58.413663 osdx kernel: nfUDPlink: connected 127.0.0.1:49000 Feb 19 12:59:58.413674 osdx kernel: nfUDPlink: added destination 127.0.0.1:49000 Feb 19 12:59:58.413683 osdx kernel: app-detect: expression init Feb 19 12:59:58.413694 osdx kernel: app-detect: appid cache initialized (override=yes, chained=yes) Feb 19 12:59:58.413705 osdx kernel: app-detect: cache changes counter set appid_changes_count found (klen=4, dlen=4) Feb 19 12:59:58.419506 osdx modulelauncher[648528]: AppDetect: no appdetect_chain refresh needed, nothing more to do Feb 19 12:59:58.422196 osdx INFO[648553]: Stopping Traffic Categorization (TCATD) service ... Feb 19 12:59:58.465550 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Feb 19 12:59:58.506327 osdx WARNING[648628]: No supported link modes on interface eth0 Feb 19 12:59:58.507978 osdx modulelauncher[648628]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on Feb 19 12:59:58.507990 osdx modulelauncher[648628]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76. Feb 19 12:59:58.509079 osdx modulelauncher[648628]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off -- Feb 19 12:59:58.509087 osdx modulelauncher[648628]: Command '/sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off --' returned non-zero exit status 75. Feb 19 12:59:58.565885 osdx systemd[1]: Starting ulogd2.service - Netfilter Userspace Logging Daemon... Feb 19 12:59:58.566536 osdx systemd[1]: Started ulogd2.service - Netfilter Userspace Logging Daemon. Feb 19 12:59:58.566695 osdx ulogd[648653]: registering plugin `NFCT' Feb 19 12:59:58.566874 osdx ulogd[648653]: registering plugin `IP2STR' Feb 19 12:59:58.566913 osdx ulogd[648653]: registering plugin `PRINTFLOW' Feb 19 12:59:58.566951 osdx ulogd[648653]: registering plugin `SYSLOG' Feb 19 12:59:58.566956 osdx ulogd[648653]: building new pluginstance stack: 'ct1:NFCT,ip2str1:IP2STR,print1:PRINTFLOW,sys1:SYSLOG' Feb 19 12:59:58.566996 osdx ulogd[648653]: NFCT plugin working in event mode Feb 19 12:59:58.567033 osdx ulogd[648653]: Changing UID / GID Feb 19 12:59:58.567101 osdx ulogd[648653]: initialization finished, entering main loop Feb 19 12:59:58.567571 osdx cfgd[1859]: [633180]Completed change to active configuration Feb 19 12:59:58.591287 osdx OSDxCLI[633180]: User 'admin' committed the configuration. Feb 19 12:59:58.626295 osdx OSDxCLI[633180]: User 'admin' left the configuration menu. Feb 19 12:59:59.438678 osdx ulogd[648653]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Feb 19 12:59:59.438703 osdx ulogd[648653]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Feb 19 12:59:59.519043 osdx ulogd[648653]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Feb 19 12:59:59.519074 osdx ulogd[648653]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Feb 19 13:00:00.534699 osdx ulogd[648653]: [DESTROY] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 APPDETECT[L3:1] Feb 19 13:00:00.534722 osdx ulogd[648653]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Feb 19 13:00:00.534737 osdx ulogd[648653]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Feb 19 13:00:01.558703 osdx ulogd[648653]: [DESTROY] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 APPDETECT[L3:1] Feb 19 13:00:01.558729 osdx ulogd[648653]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Feb 19 13:00:01.558745 osdx ulogd[648653]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Feb 19 13:00:01.687747 osdx OSDxCLI[633180]: User 'admin' executed a new command: 'system journal show | cat'. Feb 19 13:00:01.915577 osdx OSDxCLI[633180]: User 'admin' executed a new command: 'system journal show | cat'.
Step 8: Modify the following configuration lines in DUT0 :
set interfaces ethernet eth1 address 10.215.168.64/24 set system conntrack app-detect http-host
Step 9: Ping IP address 10.215.168.1 from DUT0:
admin@DUT0$ ping 10.215.168.1 count 1 size 56 timeout 1Show output
PING 10.215.168.1 (10.215.168.1) 56(84) bytes of data. 64 bytes from 10.215.168.1: icmp_seq=1 ttl=64 time=0.256 ms --- 10.215.168.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.256/0.256/0.256/0.000 ms
Step 10: Run command file copy http://10.215.168.1/~robot/ running://index.html force at DUT0 and expect this output:
Show output
% Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 100 4704 0 4704 0 0 823k 0 --:--:-- --:--:-- --:--:-- 918k
Step 11: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
ulogd\[.*\]:.*\[((NEW)|(UPDATE)|(DESTROY))\].*APPDETECT\[L4:80 http-host:10.215.168.1\]Show output
Feb 19 12:59:57.296997 osdx systemd-journald[2186]: Runtime Journal (/run/log/journal/69bd8e6fd19244c08e519827aa7e309f) is 2.3M, max 17.2M, 14.9M free. Feb 19 12:59:57.297655 osdx systemd-journald[2186]: Received client request to rotate journal, rotating. Feb 19 12:59:57.297697 osdx systemd-journald[2186]: Vacuuming done, freed 0B of archived journals from /run/log/journal/69bd8e6fd19244c08e519827aa7e309f. Feb 19 12:59:57.307013 osdx OSDxCLI[633180]: User 'admin' executed a new command: 'system journal clear'. Feb 19 12:59:57.528518 osdx OSDxCLI[633180]: User 'admin' executed a new command: 'system coredump delete all'. Feb 19 12:59:57.775822 osdx OSDxCLI[633180]: User 'admin' entered the configuration menu. Feb 19 12:59:57.832810 osdx OSDxCLI[633180]: User 'admin' added a new cfg line: 'set system conntrack app-detect'. Feb 19 12:59:57.927098 osdx OSDxCLI[633180]: User 'admin' added a new cfg line: 'set system conntrack timeout icmp 1'. Feb 19 12:59:58.005511 osdx OSDxCLI[633180]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 192.168.100.1/24'. Feb 19 12:59:58.084622 osdx OSDxCLI[633180]: User 'admin' added a new cfg line: 'set system conntrack logging events all'. Feb 19 12:59:58.189327 osdx OSDxCLI[633180]: User 'admin' added a new cfg line: 'show working'. Feb 19 12:59:58.249538 osdx ubnt-cfgd[648519]: inactive Feb 19 12:59:58.267610 osdx INFO[648525]: FRR daemons did not change Feb 19 12:59:58.413575 osdx kernel: nfUDPlink: module init Feb 19 12:59:58.413635 osdx kernel: app-detect: module init Feb 19 12:59:58.413652 osdx kernel: app-detect: registered: sysctl net.appdetect Feb 19 12:59:58.413663 osdx kernel: nfUDPlink: connected 127.0.0.1:49000 Feb 19 12:59:58.413674 osdx kernel: nfUDPlink: added destination 127.0.0.1:49000 Feb 19 12:59:58.413683 osdx kernel: app-detect: expression init Feb 19 12:59:58.413694 osdx kernel: app-detect: appid cache initialized (override=yes, chained=yes) Feb 19 12:59:58.413705 osdx kernel: app-detect: cache changes counter set appid_changes_count found (klen=4, dlen=4) Feb 19 12:59:58.419506 osdx modulelauncher[648528]: AppDetect: no appdetect_chain refresh needed, nothing more to do Feb 19 12:59:58.422196 osdx INFO[648553]: Stopping Traffic Categorization (TCATD) service ... Feb 19 12:59:58.465550 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Feb 19 12:59:58.506327 osdx WARNING[648628]: No supported link modes on interface eth0 Feb 19 12:59:58.507978 osdx modulelauncher[648628]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on Feb 19 12:59:58.507990 osdx modulelauncher[648628]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76. Feb 19 12:59:58.509079 osdx modulelauncher[648628]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off -- Feb 19 12:59:58.509087 osdx modulelauncher[648628]: Command '/sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off --' returned non-zero exit status 75. Feb 19 12:59:58.565885 osdx systemd[1]: Starting ulogd2.service - Netfilter Userspace Logging Daemon... Feb 19 12:59:58.566536 osdx systemd[1]: Started ulogd2.service - Netfilter Userspace Logging Daemon. Feb 19 12:59:58.566695 osdx ulogd[648653]: registering plugin `NFCT' Feb 19 12:59:58.566874 osdx ulogd[648653]: registering plugin `IP2STR' Feb 19 12:59:58.566913 osdx ulogd[648653]: registering plugin `PRINTFLOW' Feb 19 12:59:58.566951 osdx ulogd[648653]: registering plugin `SYSLOG' Feb 19 12:59:58.566956 osdx ulogd[648653]: building new pluginstance stack: 'ct1:NFCT,ip2str1:IP2STR,print1:PRINTFLOW,sys1:SYSLOG' Feb 19 12:59:58.566996 osdx ulogd[648653]: NFCT plugin working in event mode Feb 19 12:59:58.567033 osdx ulogd[648653]: Changing UID / GID Feb 19 12:59:58.567101 osdx ulogd[648653]: initialization finished, entering main loop Feb 19 12:59:58.567571 osdx cfgd[1859]: [633180]Completed change to active configuration Feb 19 12:59:58.591287 osdx OSDxCLI[633180]: User 'admin' committed the configuration. Feb 19 12:59:58.626295 osdx OSDxCLI[633180]: User 'admin' left the configuration menu. Feb 19 12:59:59.438678 osdx ulogd[648653]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Feb 19 12:59:59.438703 osdx ulogd[648653]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Feb 19 12:59:59.519043 osdx ulogd[648653]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Feb 19 12:59:59.519074 osdx ulogd[648653]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Feb 19 13:00:00.534699 osdx ulogd[648653]: [DESTROY] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 APPDETECT[L3:1] Feb 19 13:00:00.534722 osdx ulogd[648653]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Feb 19 13:00:00.534737 osdx ulogd[648653]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Feb 19 13:00:01.558703 osdx ulogd[648653]: [DESTROY] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 APPDETECT[L3:1] Feb 19 13:00:01.558729 osdx ulogd[648653]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Feb 19 13:00:01.558745 osdx ulogd[648653]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Feb 19 13:00:01.687747 osdx OSDxCLI[633180]: User 'admin' executed a new command: 'system journal show | cat'. Feb 19 13:00:01.915577 osdx OSDxCLI[633180]: User 'admin' executed a new command: 'system journal show | cat'. Feb 19 13:00:02.064102 osdx OSDxCLI[633180]: User 'admin' executed a new command: 'system journal show | cat'. Feb 19 13:00:02.189805 osdx OSDxCLI[633180]: User 'admin' entered the configuration menu. Feb 19 13:00:02.282549 osdx OSDxCLI[633180]: User 'admin' added a new cfg line: 'set interfaces ethernet eth1 address 10.215.168.64/24'. Feb 19 13:00:02.358443 osdx OSDxCLI[633180]: User 'admin' added a new cfg line: 'set system conntrack app-detect http-host'. Feb 19 13:00:02.456872 osdx OSDxCLI[633180]: User 'admin' added a new cfg line: 'show changes'. Feb 19 13:00:02.521215 osdx ubnt-cfgd[648710]: inactive Feb 19 13:00:02.540940 osdx INFO[648716]: FRR daemons did not change Feb 19 13:00:02.569551 osdx kernel: app-detect: expression destroy Feb 19 13:00:02.581550 osdx kernel: app-detect: expression init Feb 19 13:00:02.581608 osdx kernel: app-detect: appid cache initialized (override=yes, chained=yes) Feb 19 13:00:02.581619 osdx kernel: app-detect: cache changes counter set appid_changes_count found (klen=4, dlen=4) Feb 19 13:00:02.587525 osdx modulelauncher[648719]: AppDetect: no appdetect_chain refresh needed, nothing more to do Feb 19 13:00:02.590241 osdx INFO[648735]: Stopping Traffic Categorization (TCATD) service ... Feb 19 13:00:02.633547 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth1 Feb 19 13:00:02.680740 osdx WARNING[648805]: No supported link modes on interface eth1 Feb 19 13:00:02.682069 osdx modulelauncher[648805]: osdx.utils.xos cmd error: /sbin/ethtool -A eth1 autoneg on Feb 19 13:00:02.682081 osdx modulelauncher[648805]: Command '/sbin/ethtool -A eth1 autoneg on' returned non-zero exit status 76. Feb 19 13:00:02.683190 osdx modulelauncher[648805]: osdx.utils.xos cmd error: /sbin/ethtool -s eth1 autoneg on advertise Asym_Pause off Pause off -- Feb 19 13:00:02.683198 osdx modulelauncher[648805]: Command '/sbin/ethtool -s eth1 autoneg on advertise Asym_Pause off Pause off --' returned non-zero exit status 75. Feb 19 13:00:02.697823 osdx cfgd[1859]: [633180]Completed change to active configuration Feb 19 13:00:02.710204 osdx ulogd[648653]: [DESTROY] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 APPDETECT[L3:1] Feb 19 13:00:02.710225 osdx ulogd[648653]: [DESTROY] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 APPDETECT[L3:1] Feb 19 13:00:02.710917 osdx OSDxCLI[633180]: User 'admin' committed the configuration. Feb 19 13:00:02.734848 osdx OSDxCLI[633180]: User 'admin' left the configuration menu. Feb 19 13:00:02.883808 osdx ulogd[648653]: [NEW] ORIG: SRC=10.215.168.64 DST=10.215.168.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=10.215.168.1 DST=10.215.168.64 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Feb 19 13:00:02.884012 osdx ulogd[648653]: [UPDATE] ORIG: SRC=10.215.168.64 DST=10.215.168.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=10.215.168.1 DST=10.215.168.64 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Feb 19 13:00:02.886516 osdx OSDxCLI[633180]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'. Feb 19 13:00:03.036157 osdx file_operation[648861]: using src url: http://10.215.168.1/~robot/ dst url: running://index.html Feb 19 13:00:03.041597 osdx ulogd[648653]: [NEW] ORIG: SRC=10.215.168.64 DST=10.215.168.1 PROTO=TCP SPT=51320 DPT=80 PKTS=0 BYTES=0 , REPLY: SRC=10.215.168.1 DST=10.215.168.64 PROTO=TCP SPT=80 DPT=51320 PKTS=0 BYTES=0 APPDETECT[L4:80] Feb 19 13:00:03.041737 osdx ulogd[648653]: [UPDATE] ORIG: SRC=10.215.168.64 DST=10.215.168.1 PROTO=TCP SPT=51320 DPT=80 PKTS=0 BYTES=0 , REPLY: SRC=10.215.168.1 DST=10.215.168.64 PROTO=TCP SPT=80 DPT=51320 PKTS=0 BYTES=0 APPDETECT[L4:80] Feb 19 13:00:03.041756 osdx ulogd[648653]: [UPDATE] ORIG: SRC=10.215.168.64 DST=10.215.168.1 PROTO=TCP SPT=51320 DPT=80 PKTS=0 BYTES=0 , REPLY: SRC=10.215.168.1 DST=10.215.168.64 PROTO=TCP SPT=80 DPT=51320 PKTS=0 BYTES=0 APPDETECT[L4:80] Feb 19 13:00:03.043434 osdx ulogd[648653]: [UPDATE] ORIG: SRC=10.215.168.64 DST=10.215.168.1 PROTO=TCP SPT=51320 DPT=80 PKTS=0 BYTES=0 , REPLY: SRC=10.215.168.1 DST=10.215.168.64 PROTO=TCP SPT=80 DPT=51320 PKTS=0 BYTES=0 APPDETECT[L4:80 http-host:10.215.168.1] Feb 19 13:00:03.043566 osdx ulogd[648653]: [UPDATE] ORIG: SRC=10.215.168.64 DST=10.215.168.1 PROTO=TCP SPT=51320 DPT=80 PKTS=0 BYTES=0 , REPLY: SRC=10.215.168.1 DST=10.215.168.64 PROTO=TCP SPT=80 DPT=51320 PKTS=0 BYTES=0 APPDETECT[L4:80 http-host:10.215.168.1] Feb 19 13:00:03.043583 osdx ulogd[648653]: [UPDATE] ORIG: SRC=10.215.168.64 DST=10.215.168.1 PROTO=TCP SPT=51320 DPT=80 PKTS=0 BYTES=0 , REPLY: SRC=10.215.168.1 DST=10.215.168.64 PROTO=TCP SPT=80 DPT=51320 PKTS=0 BYTES=0 APPDETECT[L4:80 http-host:10.215.168.1] Feb 19 13:00:03.061120 osdx OSDxCLI[633180]: User 'admin' executed a new command: 'file copy http://10.215.168.1/~robot/ running://index.html force'.
App Detect Drop Packet
Description
Set a traffic policy with action drop for all the packets matching an appid specified by a traffic selector.
Enable http-host and http-url option in system conntrack appdetect path in order to see relevant information about http packets.
Finnally, log that packets with app-id option and check that appdetect field appear in journal when
running system journal show
Scenario
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth1 address 10.215.168.64/24 set interfaces ethernet eth1 traffic policy out DROP set system conntrack app-detect dictionary 130 custom app-id 155 fqdn 10.215.168.1 set system conntrack app-detect enable_dict_match_priv_ip set system conntrack app-detect http-host set system conntrack app-detect http-url set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0' set traffic policy DROP rule 1 action drop set traffic policy DROP rule 1 log app-id set traffic policy DROP rule 1 selector APPID set traffic selector APPID rule 1 app-detect app-id custom 155
Step 2: Ping IP address 10.215.168.1 from DUT0:
admin@DUT0$ ping 10.215.168.1 count 1 size 56 timeout 1Show output
PING 10.215.168.1 (10.215.168.1) 56(84) bytes of data. 64 bytes from 10.215.168.1: icmp_seq=1 ttl=64 time=0.261 ms --- 10.215.168.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.261/0.261/0.261/0.000 ms
Step 3: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
osdx kernel:.*APPDETECT\[U6:155 http-url:/~robot/ http-host:10.215.168.1\]Show output
Feb 19 13:00:09.296021 osdx systemd-journald[2186]: Runtime Journal (/run/log/journal/69bd8e6fd19244c08e519827aa7e309f) is 2.3M, max 17.2M, 14.9M free. Feb 19 13:00:09.296948 osdx systemd-journald[2186]: Received client request to rotate journal, rotating. Feb 19 13:00:09.297013 osdx systemd-journald[2186]: Vacuuming done, freed 0B of archived journals from /run/log/journal/69bd8e6fd19244c08e519827aa7e309f. Feb 19 13:00:09.307637 osdx OSDxCLI[633180]: User 'admin' executed a new command: 'system journal clear'. Feb 19 13:00:09.513757 osdx OSDxCLI[633180]: User 'admin' executed a new command: 'system coredump delete all'. Feb 19 13:00:09.759950 osdx OSDxCLI[633180]: User 'admin' entered the configuration menu. Feb 19 13:00:09.843505 osdx OSDxCLI[633180]: User 'admin' added a new cfg line: 'set system conntrack app-detect dictionary 130 custom app-id 155 fqdn 10.215.168.1'. Feb 19 13:00:09.978187 osdx OSDxCLI[633180]: User 'admin' added a new cfg line: 'set system conntrack app-detect enable_dict_match_priv_ip'. Feb 19 13:00:10.092029 osdx OSDxCLI[633180]: User 'admin' added a new cfg line: 'set system conntrack app-detect http-url'. Feb 19 13:00:10.202263 osdx OSDxCLI[633180]: User 'admin' added a new cfg line: 'set traffic selector APPID rule 1 app-detect app-id custom 155'. Feb 19 13:00:10.260716 osdx OSDxCLI[633180]: User 'admin' added a new cfg line: 'set traffic policy DROP rule 1 selector APPID'. Feb 19 13:00:10.346955 osdx OSDxCLI[633180]: User 'admin' added a new cfg line: 'set traffic policy DROP rule 1 action drop'. Feb 19 13:00:10.408703 osdx OSDxCLI[633180]: User 'admin' added a new cfg line: 'set traffic policy DROP rule 1 log app-id'. Feb 19 13:00:10.548529 osdx OSDxCLI[633180]: User 'admin' added a new cfg line: 'set interfaces ethernet eth1 traffic policy out DROP'. Feb 19 13:00:10.604505 osdx OSDxCLI[633180]: User 'admin' added a new cfg line: 'set interfaces ethernet eth1 address 10.215.168.64/24'. Feb 19 13:00:10.754309 osdx OSDxCLI[633180]: User 'admin' added a new cfg line: 'set system conntrack app-detect http-host'. Feb 19 13:00:10.828677 osdx OSDxCLI[633180]: User 'admin' added a new cfg line: 'show working'. Feb 19 13:00:10.944137 osdx ubnt-cfgd[649105]: inactive Feb 19 13:00:10.987055 osdx INFO[649129]: FRR daemons did not change Feb 19 13:00:11.192952 osdx kernel: nfUDPlink: module init Feb 19 13:00:11.193013 osdx kernel: app-detect: module init Feb 19 13:00:11.193027 osdx kernel: app-detect: registered: sysctl net.appdetect Feb 19 13:00:11.193035 osdx kernel: nfUDPlink: connected 127.0.0.1:49000 Feb 19 13:00:11.193043 osdx kernel: nfUDPlink: added destination 127.0.0.1:49000 Feb 19 13:00:11.193050 osdx kernel: app-detect: expression init Feb 19 13:00:11.193058 osdx kernel: app-detect: appid cache initialized (override=yes, chained=yes) Feb 19 13:00:11.193070 osdx kernel: app-detect: cache changes counter set appid_changes_count found (klen=4, dlen=4) Feb 19 13:00:11.215287 osdx INFO[649164]: Updated /etc/default/osdx_tcatd.conf Feb 19 13:00:11.215327 osdx INFO[649164]: Restarting Traffic Categorization (TCATD) service ... Feb 19 13:00:11.277425 osdx systemd[1]: Starting osdx-tcatd.service - App-Detect Traffic Categorization daemon... Feb 19 13:00:11.286138 osdx systemd[1]: Started osdx-tcatd.service - App-Detect Traffic Categorization daemon. Feb 19 13:00:11.320955 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth1 Feb 19 13:00:11.365749 osdx WARNING[649238]: No supported link modes on interface eth1 Feb 19 13:00:11.367070 osdx modulelauncher[649238]: osdx.utils.xos cmd error: /sbin/ethtool -A eth1 autoneg on Feb 19 13:00:11.367080 osdx modulelauncher[649238]: Command '/sbin/ethtool -A eth1 autoneg on' returned non-zero exit status 76. Feb 19 13:00:11.368207 osdx modulelauncher[649238]: osdx.utils.xos cmd error: /sbin/ethtool -s eth1 autoneg on advertise Asym_Pause off Pause off -- Feb 19 13:00:11.368214 osdx modulelauncher[649238]: Command '/sbin/ethtool -s eth1 autoneg on advertise Asym_Pause off Pause off --' returned non-zero exit status 75. Feb 19 13:00:11.544211 osdx cfgd[1859]: [633180]Completed change to active configuration Feb 19 13:00:11.555484 osdx OSDxCLI[633180]: User 'admin' committed the configuration. Feb 19 13:00:11.571181 osdx OSDxCLI[633180]: User 'admin' left the configuration menu. Feb 19 13:00:11.723099 osdx OSDxCLI[633180]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'. Feb 19 13:00:11.887695 osdx file_operation[649317]: using src url: http://10.215.168.1/~robot/ dst url: running://index.html Feb 19 13:00:11.896950 osdx kernel: [DROP-1] DROP IN= OUT=eth1 SRC=10.215.168.64 DST=10.215.168.1 LEN=306 TOS=0x00 PREC=0x00 TTL=64 ID=36934 DF PROTO=TCP SPT=41046 DPT=80 WINDOW=502 RES=0x00 ACK PSH URGP=0 APPDETECT[U6:155 http-url:/~robot/ http-host:10.215.168.1] Feb 19 13:00:12.100958 osdx kernel: [DROP-1] DROP IN= OUT=eth1 SRC=10.215.168.64 DST=10.215.168.1 LEN=306 TOS=0x00 PREC=0x00 TTL=64 ID=36935 DF PROTO=TCP SPT=41046 DPT=80 WINDOW=502 RES=0x00 ACK PSH URGP=0 APPDETECT[U6:155 http-url:/~robot/ http-host:10.215.168.1] Feb 19 13:00:12.500995 osdx kernel: [DROP-1] DROP IN= OUT=eth1 SRC=10.215.168.64 DST=10.215.168.1 LEN=306 TOS=0x00 PREC=0x00 TTL=64 ID=36936 DF PROTO=TCP SPT=41046 DPT=80 WINDOW=502 RES=0x00 ACK PSH URGP=0 APPDETECT[U6:155 http-url:/~robot/ http-host:10.215.168.1] Feb 19 13:00:13.332999 osdx kernel: [DROP-1] DROP IN= OUT=eth1 SRC=10.215.168.64 DST=10.215.168.1 LEN=306 TOS=0x00 PREC=0x00 TTL=64 ID=36937 DF PROTO=TCP SPT=41046 DPT=80 WINDOW=502 RES=0x00 ACK PSH URGP=0 APPDETECT[U6:155 http-url:/~robot/ http-host:10.215.168.1] Feb 19 13:00:14.854267 osdx file_operation.py[649317]: Operation aborted by user. Feb 19 13:00:14.865129 osdx kernel: [DROP-1] DROP IN= OUT=eth1 SRC=10.215.168.64 DST=10.215.168.1 LEN=306 TOS=0x00 PREC=0x00 TTL=64 ID=36938 DF PROTO=TCP SPT=41046 DPT=80 WINDOW=502 RES=0x00 ACK PSH FIN URGP=0 APPDETECT[U6:155 http-url:/~robot/ http-host:10.215.168.1] Feb 19 13:00:14.871534 osdx OSDxCLI[633180]: User 'admin' executed a new command: 'file copy http://10.215.168.1/~robot/ running://index.html force'.
Identity Values
Description
Conntrack identity is able to contain any printed character (max 92 characters) but not spaces
Scenario
Step 1: Run command configure at DUT0 and expect this output:
Show output
admin@osdx#
Step 2: Run command set system conntrack logging identity "he||o w@rld!" at DUT0 and check if output contains the following tokens:
Identity name must be 92 characters or less and must contain printable characters except those defined as part of the space character classShow output
Identity name must be 92 characters or less and must contain printable characters except those defined as part of the space character class Value validation failed CLI Error: Command error
Step 3: Run command set system conntrack logging identity Lorem-ipsum-dolor-sit-amet-consectetur-adipiscing-elit-quisque-lorem-ipsum-dolor-sit-amet-vita at DUT0 and check if output contains the following tokens:
Identity name must be 92 characters or less and must contain printable characters except those defined as part of the space character classShow output
Identity name must be 92 characters or less and must contain printable characters except those defined as part of the space character class Value validation failed CLI Error: Command error
Step 4: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 192.168.100.1/24 set system conntrack logging events all set system conntrack logging identity Lorem-ipsum-dolor-sit-amet-consectetur-adipiscing-elit-quisque-lorem-ipsum-dolor-sit-ame-vit set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 5: Set the following configuration in DUT1 :
set interfaces ethernet eth0 address 192.168.100.2/24 set protocols static route 0.0.0.0/0 next-hop 192.168.100.1 set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 6: Ping IP address 192.168.100.1 from DUT1:
admin@DUT1$ ping 192.168.100.1 count 1 size 56 timeout 1Show output
PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data. 64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=1.06 ms --- 192.168.100.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 1.056/1.056/1.056/0.000 ms
Step 7: Ping IP address 192.168.100.1 from DUT1:
admin@DUT1$ ping 192.168.100.1 count 1 size 56 timeout 1Show output
PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data. 64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.260 ms --- 192.168.100.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.260/0.260/0.260/0.000 ms
Step 8: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
Lorem-ipsum-dolor-sit-amet-consectetur-adipiscing-elit-quisque-lorem-ipsum-dolor-sit-ame-vit\[.*\]:.*\[((NEW)|(UPDATE)|(DESTROY))\].*SRC=192.168.100.2Show output
Feb 19 13:00:19.387611 osdx systemd-journald[2186]: Runtime Journal (/run/log/journal/69bd8e6fd19244c08e519827aa7e309f) is 2.3M, max 17.2M, 14.9M free. Feb 19 13:00:19.390832 osdx systemd-journald[2186]: Received client request to rotate journal, rotating. Feb 19 13:00:19.390942 osdx systemd-journald[2186]: Vacuuming done, freed 0B of archived journals from /run/log/journal/69bd8e6fd19244c08e519827aa7e309f. Feb 19 13:00:19.399766 osdx OSDxCLI[633180]: User 'admin' executed a new command: 'system journal clear'. Feb 19 13:00:19.722536 osdx OSDxCLI[633180]: User 'admin' executed a new command: 'system coredump delete all'. Feb 19 13:00:19.962682 osdx OSDxCLI[633180]: User 'admin' entered the configuration menu. Feb 19 13:00:20.034284 osdx cfgd[1859]: [633180]Command output: Identity name must be 92 characters or less and must contain printable characters except those defined as part of the space character class Value validation failed Feb 19 13:00:20.035452 osdx OSDxCLI[633180]: User 'admin' entered an invalid command: 'set system conntrack logging identity "he||o w@rld!"'. Feb 19 13:00:20.127891 osdx cfgd[1859]: [633180]Command output: Identity name must be 92 characters or less and must contain printable characters except those defined as part of the space character class Value validation failed Feb 19 13:00:20.129063 osdx OSDxCLI[633180]: User 'admin' entered an invalid command: 'set system conntrack logging identity Lorem-ipsum-dolor-sit-amet-consectetur-adipiscing-elit-quisque-lorem-ipsum-dolor-sit-amet-vita'. Feb 19 13:00:20.147398 osdx OSDxCLI[633180]: User 'admin' left the configuration menu. Feb 19 13:00:20.311101 osdx OSDxCLI[633180]: User 'admin' entered the configuration menu. Feb 19 13:00:20.405689 osdx OSDxCLI[633180]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 192.168.100.1/24'. Feb 19 13:00:20.498367 osdx OSDxCLI[633180]: User 'admin' added a new cfg line: 'set system conntrack logging events all'. Feb 19 13:00:20.578222 osdx OSDxCLI[633180]: User 'admin' added a new cfg line: 'set system conntrack logging identity Lorem-ipsum-dolor-sit-amet-consectetur-adipiscing-elit-quisque-lorem-ipsum-dolor-sit-ame-vit'. Feb 19 13:00:20.691181 osdx OSDxCLI[633180]: User 'admin' added a new cfg line: 'show working'. Feb 19 13:00:20.760345 osdx ubnt-cfgd[649532]: inactive Feb 19 13:00:20.782385 osdx INFO[649538]: FRR daemons did not change Feb 19 13:00:20.830841 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Feb 19 13:00:20.881007 osdx WARNING[649610]: No supported link modes on interface eth0 Feb 19 13:00:20.882958 osdx modulelauncher[649610]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on Feb 19 13:00:20.882973 osdx modulelauncher[649610]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76. Feb 19 13:00:20.884638 osdx modulelauncher[649610]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off -- Feb 19 13:00:20.884670 osdx modulelauncher[649610]: Command '/sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off --' returned non-zero exit status 75. Feb 19 13:00:20.939211 osdx systemd[1]: Starting ulogd2.service - Netfilter Userspace Logging Daemon... Feb 19 13:00:20.940146 osdx systemd[1]: Started ulogd2.service - Netfilter Userspace Logging Daemon. Feb 19 13:00:20.940276 osdx ulogd[649635]: registering plugin `NFCT' Feb 19 13:00:20.940509 osdx ulogd[649635]: registering plugin `IP2STR' Feb 19 13:00:20.940563 osdx ulogd[649635]: registering plugin `PRINTFLOW' Feb 19 13:00:20.940656 osdx ulogd[649635]: registering plugin `SYSLOG' Feb 19 13:00:20.940665 osdx ulogd[649635]: building new pluginstance stack: 'ct1:NFCT,ip2str1:IP2STR,print1:PRINTFLOW,sys1:SYSLOG' Feb 19 13:00:20.940720 osdx ulogd[649635]: NFCT plugin working in event mode Feb 19 13:00:20.940728 osdx Lorem-ipsum-dolor-sit-amet-consectetur-adipiscing-elit-quisque-lorem-ipsum-dolor-sit-ame-vit[649635]: Changing UID / GID Feb 19 13:00:20.940827 osdx Lorem-ipsum-dolor-sit-amet-consectetur-adipiscing-elit-quisque-lorem-ipsum-dolor-sit-ame-vit[649635]: initialization finished, entering main loop Feb 19 13:00:20.941590 osdx cfgd[1859]: [633180]Completed change to active configuration Feb 19 13:00:20.953683 osdx OSDxCLI[633180]: User 'admin' committed the configuration. Feb 19 13:00:20.973477 osdx OSDxCLI[633180]: User 'admin' left the configuration menu. Feb 19 13:00:21.990615 osdx Lorem-ipsum-dolor-sit-amet-consectetur-adipiscing-elit-quisque-lorem-ipsum-dolor-sit-ame-vit[649635]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 Feb 19 13:00:21.990640 osdx Lorem-ipsum-dolor-sit-amet-consectetur-adipiscing-elit-quisque-lorem-ipsum-dolor-sit-ame-vit[649635]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 Feb 19 13:00:22.090368 osdx Lorem-ipsum-dolor-sit-amet-consectetur-adipiscing-elit-quisque-lorem-ipsum-dolor-sit-ame-vit[649635]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 Feb 19 13:00:22.090392 osdx Lorem-ipsum-dolor-sit-amet-consectetur-adipiscing-elit-quisque-lorem-ipsum-dolor-sit-ame-vit[649635]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0