Logging
The following scenarios show how to configure the conntrack logging option with different traffic policies and services enabled, in order to check that all fields are displayed correctly and all events are captured.
New events
Description
Check NEW sessions events are captured
Scenario
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 192.168.100.1/24 set system conntrack logging events new set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 2: Set the following configuration in DUT1 :
set interfaces ethernet eth0 address 192.168.100.2/24 set protocols static route 0.0.0.0/0 next-hop 192.168.100.1 set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 3: Ping IP address 192.168.100.1 from DUT1:
admin@DUT1$ ping 192.168.100.1 count 1 size 56 timeout 1Show output
PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data. 64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.367 ms --- 192.168.100.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.367/0.367/0.367/0.000 ms
Step 4: Ping IP address 192.168.100.1 from DUT1:
admin@DUT1$ ping 192.168.100.1 count 1 size 56 timeout 1Show output
PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data. 64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.299 ms --- 192.168.100.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.299/0.299/0.299/0.000 ms
Step 5: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
ulogd\[.*\]:.*\[NEW\].*SRC=192.168.100.2Show output
Mar 20 14:31:19.000084 osdx systemd[1]: Started systemd-timedated.service - Time & Date Service. Mar 20 14:31:19.000308 osdx systemd-timedated[745811]: Changed local time to Fri 2026-03-20 14:31:19 UTC Mar 20 14:31:19.001130 osdx systemd-journald[685976]: Time jumped backwards, rotating. Mar 20 14:31:19.001914 osdx OSDxCLI[685811]: User 'admin' executed a new command: 'set date 2026-03-20 14:31:19'. Mar 20 14:31:19.305738 osdx systemd-journald[685976]: Runtime Journal (/run/log/journal/ba147585e3944580985006d3d45a280a) is 2.3M, max 17.2M, 14.9M free. Mar 20 14:31:19.309116 osdx systemd-journald[685976]: Received client request to rotate journal, rotating. Mar 20 14:31:19.309193 osdx systemd-journald[685976]: Vacuuming done, freed 0B of archived journals from /run/log/journal/ba147585e3944580985006d3d45a280a. Mar 20 14:31:19.319053 osdx OSDxCLI[685811]: User 'admin' executed a new command: 'system journal clear'. Mar 20 14:31:19.544132 osdx OSDxCLI[685811]: User 'admin' executed a new command: 'system coredump delete all'. Mar 20 14:31:19.813329 osdx OSDxCLI[685811]: User 'admin' entered the configuration menu. Mar 20 14:31:19.904287 osdx OSDxCLI[685811]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 192.168.100.1/24'. Mar 20 14:31:19.976220 osdx OSDxCLI[685811]: User 'admin' added a new cfg line: 'set system conntrack logging events new'. Mar 20 14:31:20.074194 osdx OSDxCLI[685811]: User 'admin' added a new cfg line: 'show working'. Mar 20 14:31:20.132479 osdx ubnt-cfgd[745841]: inactive Mar 20 14:31:20.149750 osdx INFO[745847]: FRR daemons did not change Mar 20 14:31:20.189098 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Mar 20 14:31:20.232345 osdx WARNING[745919]: No supported link modes on interface eth0 Mar 20 14:31:20.233722 osdx modulelauncher[745919]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on Mar 20 14:31:20.233734 osdx modulelauncher[745919]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76. Mar 20 14:31:20.234881 osdx modulelauncher[745919]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off -- Mar 20 14:31:20.234889 osdx modulelauncher[745919]: Command '/sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off --' returned non-zero exit status 75. Mar 20 14:31:20.281389 osdx systemd[1]: Starting ulogd2.service - Netfilter Userspace Logging Daemon... Mar 20 14:31:20.282232 osdx systemd[1]: Started ulogd2.service - Netfilter Userspace Logging Daemon. Mar 20 14:31:20.282658 osdx ulogd[745944]: registering plugin `NFCT' Mar 20 14:31:20.282709 osdx ulogd[745944]: registering plugin `IP2STR' Mar 20 14:31:20.282745 osdx ulogd[745944]: registering plugin `PRINTFLOW' Mar 20 14:31:20.282781 osdx ulogd[745944]: registering plugin `SYSLOG' Mar 20 14:31:20.282784 osdx ulogd[745944]: building new pluginstance stack: 'ct1:NFCT,ip2str1:IP2STR,print1:PRINTFLOW,sys1:SYSLOG' Mar 20 14:31:20.282825 osdx ulogd[745944]: NFCT plugin working in event mode Mar 20 14:31:20.282831 osdx ulogd[745944]: Changing UID / GID Mar 20 14:31:20.282905 osdx ulogd[745944]: initialization finished, entering main loop Mar 20 14:31:20.283388 osdx cfgd[1833]: [685811]Completed change to active configuration Mar 20 14:31:20.295114 osdx OSDxCLI[685811]: User 'admin' committed the configuration. Mar 20 14:31:20.327977 osdx OSDxCLI[685811]: User 'admin' left the configuration menu. Mar 20 14:31:21.241142 osdx ulogd[745944]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 Mar 20 14:31:21.346812 osdx ulogd[745944]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0
Update events
Description
Check UPDATE sessions events are captured
Scenario
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 192.168.100.1/24 set system conntrack logging events update set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 2: Set the following configuration in DUT1 :
set interfaces ethernet eth0 address 192.168.100.2/24 set protocols static route 0.0.0.0/0 next-hop 192.168.100.1 set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 3: Ping IP address 192.168.100.1 from DUT1:
admin@DUT1$ ping 192.168.100.1 count 1 size 56 timeout 1Show output
PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data. 64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.375 ms --- 192.168.100.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.375/0.375/0.375/0.000 ms
Step 4: Ping IP address 192.168.100.1 from DUT1:
admin@DUT1$ ping 192.168.100.1 count 1 size 56 timeout 1Show output
PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data. 64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.265 ms --- 192.168.100.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.265/0.265/0.265/0.000 ms
Step 5: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
ulogd\[.*\]:.*\[UPDATE\].*SRC=192.168.100.2Show output
Mar 20 14:31:25.294731 osdx systemd-journald[685976]: Runtime Journal (/run/log/journal/ba147585e3944580985006d3d45a280a) is 2.4M, max 17.2M, 14.8M free. Mar 20 14:31:25.296951 osdx systemd-journald[685976]: Received client request to rotate journal, rotating. Mar 20 14:31:25.297010 osdx systemd-journald[685976]: Vacuuming done, freed 0B of archived journals from /run/log/journal/ba147585e3944580985006d3d45a280a. Mar 20 14:31:25.305322 osdx OSDxCLI[685811]: User 'admin' executed a new command: 'system journal clear'. Mar 20 14:31:25.519873 osdx OSDxCLI[685811]: User 'admin' executed a new command: 'system coredump delete all'. Mar 20 14:31:25.747282 osdx OSDxCLI[685811]: User 'admin' entered the configuration menu. Mar 20 14:31:25.862360 osdx OSDxCLI[685811]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 192.168.100.1/24'. Mar 20 14:31:25.913826 osdx OSDxCLI[685811]: User 'admin' added a new cfg line: 'set system conntrack logging events update'. Mar 20 14:31:26.035517 osdx OSDxCLI[685811]: User 'admin' added a new cfg line: 'show working'. Mar 20 14:31:26.098634 osdx ubnt-cfgd[746144]: inactive Mar 20 14:31:26.118891 osdx INFO[746150]: FRR daemons did not change Mar 20 14:31:26.156964 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Mar 20 14:31:26.202368 osdx WARNING[746222]: No supported link modes on interface eth0 Mar 20 14:31:26.204099 osdx modulelauncher[746222]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on Mar 20 14:31:26.204111 osdx modulelauncher[746222]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76. Mar 20 14:31:26.205691 osdx modulelauncher[746222]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off -- Mar 20 14:31:26.205700 osdx modulelauncher[746222]: Command '/sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off --' returned non-zero exit status 75. Mar 20 14:31:26.285425 osdx systemd[1]: Starting ulogd2.service - Netfilter Userspace Logging Daemon... Mar 20 14:31:26.286219 osdx systemd[1]: Started ulogd2.service - Netfilter Userspace Logging Daemon. Mar 20 14:31:26.286399 osdx ulogd[746247]: registering plugin `NFCT' Mar 20 14:31:26.286672 osdx ulogd[746247]: registering plugin `IP2STR' Mar 20 14:31:26.286779 osdx ulogd[746247]: registering plugin `PRINTFLOW' Mar 20 14:31:26.286890 osdx ulogd[746247]: registering plugin `SYSLOG' Mar 20 14:31:26.286939 osdx ulogd[746247]: building new pluginstance stack: 'ct1:NFCT,ip2str1:IP2STR,print1:PRINTFLOW,sys1:SYSLOG' Mar 20 14:31:26.287066 osdx ulogd[746247]: NFCT plugin working in event mode Mar 20 14:31:26.287106 osdx ulogd[746247]: Changing UID / GID Mar 20 14:31:26.287218 osdx ulogd[746247]: initialization finished, entering main loop Mar 20 14:31:26.287748 osdx cfgd[1833]: [685811]Completed change to active configuration Mar 20 14:31:26.302904 osdx OSDxCLI[685811]: User 'admin' committed the configuration. Mar 20 14:31:26.322851 osdx OSDxCLI[685811]: User 'admin' left the configuration menu. Mar 20 14:31:27.204083 osdx ulogd[746247]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 Mar 20 14:31:27.285792 osdx ulogd[746247]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0
Destroy events
Description
Check DESTROY sessions events are captured
Scenario
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 192.168.100.1/24 set service ssh set system conntrack logging events destroy set system conntrack timeout icmp 1 set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 2: Set the following configuration in DUT1 :
set interfaces ethernet eth0 address 192.168.100.2/24 set protocols static route 0.0.0.0/0 next-hop 192.168.100.1 set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 3: Ping IP address 192.168.100.1 from DUT1:
admin@DUT1$ ping 192.168.100.1 count 1 size 56 timeout 1Show output
PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data. 64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.333 ms --- 192.168.100.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.333/0.333/0.333/0.000 ms
Step 4: Ping IP address 192.168.100.1 from DUT1:
admin@DUT1$ ping 192.168.100.1 count 3 size 56 timeout 1Show output
PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data. 64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.258 ms 64 bytes from 192.168.100.1: icmp_seq=2 ttl=64 time=0.309 ms 64 bytes from 192.168.100.1: icmp_seq=3 ttl=64 time=0.264 ms --- 192.168.100.1 ping statistics --- 3 packets transmitted, 3 received, 0% packet loss, time 2056ms rtt min/avg/max/mdev = 0.258/0.277/0.309/0.022 ms
Step 5: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
ulogd\[.*\]:.*\[DESTROY\].*SRC=192.168.100.2Show output
Mar 20 14:31:32.327644 osdx systemd-journald[685976]: Runtime Journal (/run/log/journal/ba147585e3944580985006d3d45a280a) is 2.3M, max 17.2M, 14.8M free. Mar 20 14:31:32.330667 osdx systemd-journald[685976]: Received client request to rotate journal, rotating. Mar 20 14:31:32.330726 osdx systemd-journald[685976]: Vacuuming done, freed 0B of archived journals from /run/log/journal/ba147585e3944580985006d3d45a280a. Mar 20 14:31:32.337286 osdx OSDxCLI[685811]: User 'admin' executed a new command: 'system journal clear'. Mar 20 14:31:32.562796 osdx OSDxCLI[685811]: User 'admin' executed a new command: 'system coredump delete all'. Mar 20 14:31:32.815937 osdx OSDxCLI[685811]: User 'admin' entered the configuration menu. Mar 20 14:31:32.907092 osdx OSDxCLI[685811]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 192.168.100.1/24'. Mar 20 14:31:32.980900 osdx OSDxCLI[685811]: User 'admin' added a new cfg line: 'set system conntrack logging events destroy'. Mar 20 14:31:33.073795 osdx OSDxCLI[685811]: User 'admin' added a new cfg line: 'set system conntrack timeout icmp 1'. Mar 20 14:31:33.140509 osdx OSDxCLI[685811]: User 'admin' added a new cfg line: 'set service ssh'. Mar 20 14:31:33.264637 osdx OSDxCLI[685811]: User 'admin' added a new cfg line: 'show working'. Mar 20 14:31:33.356596 osdx ubnt-cfgd[746450]: inactive Mar 20 14:31:33.437658 osdx INFO[746471]: FRR daemons did not change Mar 20 14:31:33.478657 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Mar 20 14:31:33.524111 osdx WARNING[746545]: No supported link modes on interface eth0 Mar 20 14:31:33.525647 osdx modulelauncher[746545]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on Mar 20 14:31:33.525663 osdx modulelauncher[746545]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76. Mar 20 14:31:33.526933 osdx modulelauncher[746545]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off -- Mar 20 14:31:33.526945 osdx modulelauncher[746545]: Command '/sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off --' returned non-zero exit status 75. Mar 20 14:31:33.583035 osdx systemd[1]: Starting ulogd2.service - Netfilter Userspace Logging Daemon... Mar 20 14:31:33.583788 osdx systemd[1]: Started ulogd2.service - Netfilter Userspace Logging Daemon. Mar 20 14:31:33.583989 osdx ulogd[746570]: registering plugin `NFCT' Mar 20 14:31:33.584038 osdx ulogd[746570]: registering plugin `IP2STR' Mar 20 14:31:33.584085 osdx ulogd[746570]: registering plugin `PRINTFLOW' Mar 20 14:31:33.584137 osdx ulogd[746570]: registering plugin `SYSLOG' Mar 20 14:31:33.584141 osdx ulogd[746570]: building new pluginstance stack: 'ct1:NFCT,ip2str1:IP2STR,print1:PRINTFLOW,sys1:SYSLOG' Mar 20 14:31:33.584191 osdx ulogd[746570]: NFCT plugin working in event mode Mar 20 14:31:33.584199 osdx ulogd[746570]: Changing UID / GID Mar 20 14:31:33.584284 osdx ulogd[746570]: initialization finished, entering main loop Mar 20 14:31:33.647133 osdx systemd[1]: Starting ssh.service - OpenBSD Secure Shell server... Mar 20 14:31:33.661368 osdx sshd[746591]: Server listening on 0.0.0.0 port 22. Mar 20 14:31:33.661393 osdx sshd[746591]: Server listening on :: port 22. Mar 20 14:31:33.661489 osdx systemd[1]: Started ssh.service - OpenBSD Secure Shell server. Mar 20 14:31:33.662325 osdx cfgd[1833]: [685811]Completed change to active configuration Mar 20 14:31:33.673618 osdx OSDxCLI[685811]: User 'admin' committed the configuration. Mar 20 14:31:33.722340 osdx OSDxCLI[685811]: User 'admin' left the configuration menu. Mar 20 14:31:35.717816 osdx ulogd[746570]: [DESTROY] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 Mar 20 14:31:36.741718 osdx ulogd[746570]: [DESTROY] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84
Default logging
Description
Set a simple configuration, send a ping command from one device to other
and check that default fields appear when running system journal show.
Scenario
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 192.168.100.1/24 set system conntrack logging events all set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 2: Set the following configuration in DUT1 :
set interfaces ethernet eth0 address 192.168.100.2/24 set protocols static route 0.0.0.0/0 next-hop 192.168.100.1 set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 3: Ping IP address 192.168.100.1 from DUT1:
admin@DUT1$ ping 192.168.100.1 count 1 size 56 timeout 1Show output
PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data. 64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.435 ms --- 192.168.100.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.435/0.435/0.435/0.000 ms
Step 4: Ping IP address 192.168.100.1 from DUT1:
admin@DUT1$ ping 192.168.100.1 count 1 size 56 timeout 1Show output
PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data. 64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.238 ms --- 192.168.100.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.238/0.238/0.238/0.000 ms
Step 5: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
ulogd\[.*\]:.*\[((NEW)|(UPDATE)|(DESTROY))\].*SRC=192.168.100.2Show output
Mar 20 14:31:44.307591 osdx systemd-journald[685976]: Runtime Journal (/run/log/journal/ba147585e3944580985006d3d45a280a) is 2.2M, max 17.2M, 14.9M free. Mar 20 14:31:44.308214 osdx systemd-journald[685976]: Received client request to rotate journal, rotating. Mar 20 14:31:44.308255 osdx systemd-journald[685976]: Vacuuming done, freed 0B of archived journals from /run/log/journal/ba147585e3944580985006d3d45a280a. Mar 20 14:31:44.318030 osdx OSDxCLI[685811]: User 'admin' executed a new command: 'system journal clear'. Mar 20 14:31:44.516534 osdx OSDxCLI[685811]: User 'admin' executed a new command: 'system coredump delete all'. Mar 20 14:31:44.723240 osdx OSDxCLI[685811]: User 'admin' entered the configuration menu. Mar 20 14:31:44.808710 osdx OSDxCLI[685811]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 192.168.100.1/24'. Mar 20 14:31:44.874549 osdx OSDxCLI[685811]: User 'admin' added a new cfg line: 'set system conntrack logging events all'. Mar 20 14:31:44.978225 osdx OSDxCLI[685811]: User 'admin' added a new cfg line: 'show working'. Mar 20 14:31:45.037069 osdx ubnt-cfgd[746814]: inactive Mar 20 14:31:45.056150 osdx INFO[746820]: FRR daemons did not change Mar 20 14:31:45.088221 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Mar 20 14:31:45.136068 osdx WARNING[746892]: No supported link modes on interface eth0 Mar 20 14:31:45.137850 osdx modulelauncher[746892]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on Mar 20 14:31:45.137863 osdx modulelauncher[746892]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76. Mar 20 14:31:45.139338 osdx modulelauncher[746892]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off -- Mar 20 14:31:45.139347 osdx modulelauncher[746892]: Command '/sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off --' returned non-zero exit status 75. Mar 20 14:31:45.200568 osdx systemd[1]: Starting ulogd2.service - Netfilter Userspace Logging Daemon... Mar 20 14:31:45.201345 osdx systemd[1]: Started ulogd2.service - Netfilter Userspace Logging Daemon. Mar 20 14:31:45.201457 osdx ulogd[746917]: registering plugin `NFCT' Mar 20 14:31:45.201497 osdx ulogd[746917]: registering plugin `IP2STR' Mar 20 14:31:45.201540 osdx ulogd[746917]: registering plugin `PRINTFLOW' Mar 20 14:31:45.201584 osdx ulogd[746917]: registering plugin `SYSLOG' Mar 20 14:31:45.201588 osdx ulogd[746917]: building new pluginstance stack: 'ct1:NFCT,ip2str1:IP2STR,print1:PRINTFLOW,sys1:SYSLOG' Mar 20 14:31:45.201628 osdx ulogd[746917]: NFCT plugin working in event mode Mar 20 14:31:45.201636 osdx ulogd[746917]: Changing UID / GID Mar 20 14:31:45.201715 osdx ulogd[746917]: initialization finished, entering main loop Mar 20 14:31:45.202725 osdx cfgd[1833]: [685811]Completed change to active configuration Mar 20 14:31:45.214972 osdx OSDxCLI[685811]: User 'admin' committed the configuration. Mar 20 14:31:45.281067 osdx OSDxCLI[685811]: User 'admin' left the configuration menu. Mar 20 14:31:46.123658 osdx ulogd[746917]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 Mar 20 14:31:46.123689 osdx ulogd[746917]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 Mar 20 14:31:46.212036 osdx ulogd[746917]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 Mar 20 14:31:46.212061 osdx ulogd[746917]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0
Identity logging
Description
Set a simple configuration with identity OSDx_DUT0 for logs entries, send a ping command from one device to other
and check that the identity has changed when running system journal show.
Scenario
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 192.168.100.1/24 set system conntrack logging events all set system conntrack logging identity OSDx_DUT0 set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 2: Set the following configuration in DUT1 :
set interfaces ethernet eth0 address 192.168.100.2/24 set protocols static route 0.0.0.0/0 next-hop 192.168.100.1 set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 3: Ping IP address 192.168.100.1 from DUT1:
admin@DUT1$ ping 192.168.100.1 count 1 size 56 timeout 1Show output
PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data. 64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.324 ms --- 192.168.100.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.324/0.324/0.324/0.000 ms
Step 4: Ping IP address 192.168.100.1 from DUT1:
admin@DUT1$ ping 192.168.100.1 count 1 size 56 timeout 1Show output
PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data. 64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.229 ms --- 192.168.100.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.229/0.229/0.229/0.000 ms
Step 5: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
OSDx_DUT0\[.*\]:.*\[((NEW)|(UPDATE)|(DESTROY))\].*SRC=192.168.100.2Show output
Mar 20 14:31:50.315561 osdx systemd-journald[685976]: Runtime Journal (/run/log/journal/ba147585e3944580985006d3d45a280a) is 2.2M, max 17.2M, 14.9M free. Mar 20 14:31:50.318415 osdx systemd-journald[685976]: Received client request to rotate journal, rotating. Mar 20 14:31:50.318477 osdx systemd-journald[685976]: Vacuuming done, freed 0B of archived journals from /run/log/journal/ba147585e3944580985006d3d45a280a. Mar 20 14:31:50.325404 osdx OSDxCLI[685811]: User 'admin' executed a new command: 'system journal clear'. Mar 20 14:31:50.542221 osdx OSDxCLI[685811]: User 'admin' executed a new command: 'system coredump delete all'. Mar 20 14:31:50.758537 osdx OSDxCLI[685811]: User 'admin' entered the configuration menu. Mar 20 14:31:50.854417 osdx OSDxCLI[685811]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 192.168.100.1/24'. Mar 20 14:31:50.933544 osdx OSDxCLI[685811]: User 'admin' added a new cfg line: 'set system conntrack logging events all'. Mar 20 14:31:51.031887 osdx OSDxCLI[685811]: User 'admin' added a new cfg line: 'set system conntrack logging identity OSDx_DUT0'. Mar 20 14:31:51.148420 osdx OSDxCLI[685811]: User 'admin' added a new cfg line: 'show working'. Mar 20 14:31:51.209647 osdx ubnt-cfgd[747119]: inactive Mar 20 14:31:51.228127 osdx INFO[747125]: FRR daemons did not change Mar 20 14:31:51.262415 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Mar 20 14:31:51.306843 osdx WARNING[747197]: No supported link modes on interface eth0 Mar 20 14:31:51.308176 osdx modulelauncher[747197]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on Mar 20 14:31:51.308188 osdx modulelauncher[747197]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76. Mar 20 14:31:51.309358 osdx modulelauncher[747197]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off -- Mar 20 14:31:51.309368 osdx modulelauncher[747197]: Command '/sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off --' returned non-zero exit status 75. Mar 20 14:31:51.370857 osdx systemd[1]: Starting ulogd2.service - Netfilter Userspace Logging Daemon... Mar 20 14:31:51.371714 osdx systemd[1]: Started ulogd2.service - Netfilter Userspace Logging Daemon. Mar 20 14:31:51.371858 osdx ulogd[747222]: registering plugin `NFCT' Mar 20 14:31:51.372095 osdx ulogd[747222]: registering plugin `IP2STR' Mar 20 14:31:51.372557 osdx ulogd[747222]: registering plugin `PRINTFLOW' Mar 20 14:31:51.372614 osdx ulogd[747222]: registering plugin `SYSLOG' Mar 20 14:31:51.372660 osdx ulogd[747222]: building new pluginstance stack: 'ct1:NFCT,ip2str1:IP2STR,print1:PRINTFLOW,sys1:SYSLOG' Mar 20 14:31:51.372718 osdx ulogd[747222]: NFCT plugin working in event mode Mar 20 14:31:51.372729 osdx OSDx_DUT0[747222]: Changing UID / GID Mar 20 14:31:51.372825 osdx OSDx_DUT0[747222]: initialization finished, entering main loop Mar 20 14:31:51.373022 osdx cfgd[1833]: [685811]Completed change to active configuration Mar 20 14:31:51.384752 osdx OSDxCLI[685811]: User 'admin' committed the configuration. Mar 20 14:31:51.406314 osdx OSDxCLI[685811]: User 'admin' left the configuration menu. Mar 20 14:31:52.211022 osdx OSDx_DUT0[747222]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 Mar 20 14:31:52.211044 osdx OSDx_DUT0[747222]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 Mar 20 14:31:52.290682 osdx OSDx_DUT0[747222]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 Mar 20 14:31:52.290700 osdx OSDx_DUT0[747222]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0
Note
If the identity is not provided, “ulogd” will be used by default.
Step 6: Modify the following configuration lines in DUT0 :
delete system conntrack logging identity
Step 7: Ping IP address 192.168.100.1 from DUT1:
admin@DUT1$ ping 192.168.100.1 count 1 size 56 timeout 1Show output
PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data. 64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.220 ms --- 192.168.100.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.220/0.220/0.220/0.000 ms
Step 8: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
ulogd\[.*\]:.*\[((NEW)|(UPDATE)|(DESTROY))\].*SRC=192.168.100.2Show output
Mar 20 14:31:50.315561 osdx systemd-journald[685976]: Runtime Journal (/run/log/journal/ba147585e3944580985006d3d45a280a) is 2.2M, max 17.2M, 14.9M free. Mar 20 14:31:50.318415 osdx systemd-journald[685976]: Received client request to rotate journal, rotating. Mar 20 14:31:50.318477 osdx systemd-journald[685976]: Vacuuming done, freed 0B of archived journals from /run/log/journal/ba147585e3944580985006d3d45a280a. Mar 20 14:31:50.325404 osdx OSDxCLI[685811]: User 'admin' executed a new command: 'system journal clear'. Mar 20 14:31:50.542221 osdx OSDxCLI[685811]: User 'admin' executed a new command: 'system coredump delete all'. Mar 20 14:31:50.758537 osdx OSDxCLI[685811]: User 'admin' entered the configuration menu. Mar 20 14:31:50.854417 osdx OSDxCLI[685811]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 192.168.100.1/24'. Mar 20 14:31:50.933544 osdx OSDxCLI[685811]: User 'admin' added a new cfg line: 'set system conntrack logging events all'. Mar 20 14:31:51.031887 osdx OSDxCLI[685811]: User 'admin' added a new cfg line: 'set system conntrack logging identity OSDx_DUT0'. Mar 20 14:31:51.148420 osdx OSDxCLI[685811]: User 'admin' added a new cfg line: 'show working'. Mar 20 14:31:51.209647 osdx ubnt-cfgd[747119]: inactive Mar 20 14:31:51.228127 osdx INFO[747125]: FRR daemons did not change Mar 20 14:31:51.262415 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Mar 20 14:31:51.306843 osdx WARNING[747197]: No supported link modes on interface eth0 Mar 20 14:31:51.308176 osdx modulelauncher[747197]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on Mar 20 14:31:51.308188 osdx modulelauncher[747197]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76. Mar 20 14:31:51.309358 osdx modulelauncher[747197]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off -- Mar 20 14:31:51.309368 osdx modulelauncher[747197]: Command '/sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off --' returned non-zero exit status 75. Mar 20 14:31:51.370857 osdx systemd[1]: Starting ulogd2.service - Netfilter Userspace Logging Daemon... Mar 20 14:31:51.371714 osdx systemd[1]: Started ulogd2.service - Netfilter Userspace Logging Daemon. Mar 20 14:31:51.371858 osdx ulogd[747222]: registering plugin `NFCT' Mar 20 14:31:51.372095 osdx ulogd[747222]: registering plugin `IP2STR' Mar 20 14:31:51.372557 osdx ulogd[747222]: registering plugin `PRINTFLOW' Mar 20 14:31:51.372614 osdx ulogd[747222]: registering plugin `SYSLOG' Mar 20 14:31:51.372660 osdx ulogd[747222]: building new pluginstance stack: 'ct1:NFCT,ip2str1:IP2STR,print1:PRINTFLOW,sys1:SYSLOG' Mar 20 14:31:51.372718 osdx ulogd[747222]: NFCT plugin working in event mode Mar 20 14:31:51.372729 osdx OSDx_DUT0[747222]: Changing UID / GID Mar 20 14:31:51.372825 osdx OSDx_DUT0[747222]: initialization finished, entering main loop Mar 20 14:31:51.373022 osdx cfgd[1833]: [685811]Completed change to active configuration Mar 20 14:31:51.384752 osdx OSDxCLI[685811]: User 'admin' committed the configuration. Mar 20 14:31:51.406314 osdx OSDxCLI[685811]: User 'admin' left the configuration menu. Mar 20 14:31:52.211022 osdx OSDx_DUT0[747222]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 Mar 20 14:31:52.211044 osdx OSDx_DUT0[747222]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 Mar 20 14:31:52.290682 osdx OSDx_DUT0[747222]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 Mar 20 14:31:52.290700 osdx OSDx_DUT0[747222]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 Mar 20 14:31:52.399631 osdx OSDxCLI[685811]: User 'admin' executed a new command: 'system journal show | cat'. Mar 20 14:31:52.557914 osdx OSDxCLI[685811]: User 'admin' entered the configuration menu. Mar 20 14:31:52.639376 osdx OSDxCLI[685811]: User 'admin' added a new cfg line: 'delete system conntrack logging identity'. Mar 20 14:31:52.696080 osdx OSDxCLI[685811]: User 'admin' added a new cfg line: 'show changes'. Mar 20 14:31:52.802800 osdx ubnt-cfgd[747258]: inactive Mar 20 14:31:52.820279 osdx INFO[747264]: FRR daemons did not change Mar 20 14:31:52.831221 osdx OSDx_DUT0[747222]: Terminal signal received, exiting Mar 20 14:31:52.831358 osdx systemd[1]: Stopping ulogd2.service - Netfilter Userspace Logging Daemon... Mar 20 14:31:52.831673 osdx systemd[1]: ulogd2.service: Deactivated successfully. Mar 20 14:31:52.831800 osdx systemd[1]: Stopped ulogd2.service - Netfilter Userspace Logging Daemon. Mar 20 14:31:52.866740 osdx systemd[1]: Starting ulogd2.service - Netfilter Userspace Logging Daemon... Mar 20 14:31:52.867401 osdx systemd[1]: Started ulogd2.service - Netfilter Userspace Logging Daemon. Mar 20 14:31:52.867533 osdx ulogd[747272]: registering plugin `NFCT' Mar 20 14:31:52.867723 osdx ulogd[747272]: registering plugin `IP2STR' Mar 20 14:31:52.867764 osdx ulogd[747272]: registering plugin `PRINTFLOW' Mar 20 14:31:52.867804 osdx ulogd[747272]: registering plugin `SYSLOG' Mar 20 14:31:52.867810 osdx ulogd[747272]: building new pluginstance stack: 'ct1:NFCT,ip2str1:IP2STR,print1:PRINTFLOW,sys1:SYSLOG' Mar 20 14:31:52.867854 osdx ulogd[747272]: NFCT plugin working in event mode Mar 20 14:31:52.867863 osdx ulogd[747272]: Changing UID / GID Mar 20 14:31:52.867932 osdx ulogd[747272]: initialization finished, entering main loop Mar 20 14:31:52.868443 osdx cfgd[1833]: [685811]Completed change to active configuration Mar 20 14:31:52.869698 osdx ulogd[747272]: [DESTROY] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 Mar 20 14:31:52.869714 osdx ulogd[747272]: [DESTROY] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 Mar 20 14:31:52.870229 osdx OSDxCLI[685811]: User 'admin' committed the configuration. Mar 20 14:31:52.886253 osdx OSDxCLI[685811]: User 'admin' left the configuration menu. Mar 20 14:31:53.035801 osdx ulogd[747272]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 Mar 20 14:31:53.035823 osdx ulogd[747272]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0
Policies logging
Description
Set a simple configuration with mark and label traffic policies,
send a ping command from one device to other
and check that default, mark and label fields appear when running system journal show.
Scenario
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 192.168.100.1/24 set interfaces ethernet eth0 traffic policy in POLICY set system conntrack logging events all set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0' set traffic label TEST set traffic policy POLICY rule 1 set connmark 33 set traffic policy POLICY rule 1 set label TEST
Step 2: Set the following configuration in DUT1 :
set interfaces ethernet eth0 address 192.168.100.2/24 set protocols static route 0.0.0.0/0 next-hop 192.168.100.1 set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 3: Ping IP address 192.168.100.1 from DUT1:
admin@DUT1$ ping 192.168.100.1 count 1 size 56 timeout 1Show output
PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data. 64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.417 ms --- 192.168.100.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.417/0.417/0.417/0.000 ms
Step 4: Ping IP address 192.168.100.1 from DUT1:
admin@DUT1$ ping 192.168.100.1 count 2 size 56 timeout 1Show output
PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data. 64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.276 ms 64 bytes from 192.168.100.1: icmp_seq=2 ttl=64 time=0.268 ms --- 192.168.100.1 ping statistics --- 2 packets transmitted, 2 received, 0% packet loss, time 1021ms rtt min/avg/max/mdev = 0.268/0.272/0.276/0.004 ms
Step 5: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
ulogd\[.*\]:.*\[((NEW)|(UPDATE)|(DESTROY))\].*MARK=33.*LABELS=TESTShow output
Mar 20 14:31:57.296072 osdx systemd-journald[685976]: Runtime Journal (/run/log/journal/ba147585e3944580985006d3d45a280a) is 2.2M, max 17.2M, 14.9M free. Mar 20 14:31:57.296635 osdx systemd-journald[685976]: Received client request to rotate journal, rotating. Mar 20 14:31:57.296699 osdx systemd-journald[685976]: Vacuuming done, freed 0B of archived journals from /run/log/journal/ba147585e3944580985006d3d45a280a. Mar 20 14:31:57.306083 osdx OSDxCLI[685811]: User 'admin' executed a new command: 'system journal clear'. Mar 20 14:31:57.520465 osdx OSDxCLI[685811]: User 'admin' executed a new command: 'system coredump delete all'. Mar 20 14:31:57.779683 osdx OSDxCLI[685811]: User 'admin' entered the configuration menu. Mar 20 14:31:57.879474 osdx OSDxCLI[685811]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 traffic policy in POLICY'. Mar 20 14:31:57.945678 osdx OSDxCLI[685811]: User 'admin' added a new cfg line: 'set traffic label TEST'. Mar 20 14:31:58.035239 osdx OSDxCLI[685811]: User 'admin' added a new cfg line: 'set traffic policy POLICY rule 1 set connmark 33'. Mar 20 14:31:58.088309 osdx OSDxCLI[685811]: User 'admin' added a new cfg line: 'set traffic policy POLICY rule 1 set label TEST'. Mar 20 14:31:58.186412 osdx OSDxCLI[685811]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 192.168.100.1/24'. Mar 20 14:31:58.247674 osdx OSDxCLI[685811]: User 'admin' added a new cfg line: 'set system conntrack logging events all'. Mar 20 14:31:58.349181 osdx OSDxCLI[685811]: User 'admin' added a new cfg line: 'show working'. Mar 20 14:31:58.407459 osdx ubnt-cfgd[747454]: inactive Mar 20 14:31:58.438881 osdx INFO[747468]: FRR daemons did not change Mar 20 14:31:58.472633 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Mar 20 14:31:58.516364 osdx WARNING[747540]: No supported link modes on interface eth0 Mar 20 14:31:58.517647 osdx modulelauncher[747540]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on Mar 20 14:31:58.517657 osdx modulelauncher[747540]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76. Mar 20 14:31:58.518725 osdx modulelauncher[747540]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off -- Mar 20 14:31:58.518732 osdx modulelauncher[747540]: Command '/sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off --' returned non-zero exit status 75. Mar 20 14:31:58.593040 osdx systemd[1]: Starting ulogd2.service - Netfilter Userspace Logging Daemon... Mar 20 14:31:58.594016 osdx systemd[1]: Started ulogd2.service - Netfilter Userspace Logging Daemon. Mar 20 14:31:58.594173 osdx ulogd[747565]: registering plugin `NFCT' Mar 20 14:31:58.594413 osdx ulogd[747565]: registering plugin `IP2STR' Mar 20 14:31:58.594507 osdx ulogd[747565]: registering plugin `PRINTFLOW' Mar 20 14:31:58.594564 osdx ulogd[747565]: registering plugin `SYSLOG' Mar 20 14:31:58.594570 osdx ulogd[747565]: building new pluginstance stack: 'ct1:NFCT,ip2str1:IP2STR,print1:PRINTFLOW,sys1:SYSLOG' Mar 20 14:31:58.594622 osdx ulogd[747565]: NFCT plugin working in event mode Mar 20 14:31:58.594632 osdx ulogd[747565]: Changing UID / GID Mar 20 14:31:58.594743 osdx ulogd[747565]: initialization finished, entering main loop Mar 20 14:31:58.605467 osdx ulogd[747565]: Terminal signal received, exiting Mar 20 14:31:58.605584 osdx systemd[1]: Stopping ulogd2.service - Netfilter Userspace Logging Daemon... Mar 20 14:31:58.605854 osdx systemd[1]: ulogd2.service: Deactivated successfully. Mar 20 14:31:58.605967 osdx systemd[1]: Stopped ulogd2.service - Netfilter Userspace Logging Daemon. Mar 20 14:31:58.607005 osdx systemd[1]: Starting ulogd2.service - Netfilter Userspace Logging Daemon... Mar 20 14:31:58.607835 osdx systemd[1]: Started ulogd2.service - Netfilter Userspace Logging Daemon. Mar 20 14:31:58.607939 osdx ulogd[747571]: registering plugin `NFCT' Mar 20 14:31:58.607990 osdx ulogd[747571]: registering plugin `IP2STR' Mar 20 14:31:58.608034 osdx ulogd[747571]: registering plugin `PRINTFLOW' Mar 20 14:31:58.608091 osdx ulogd[747571]: registering plugin `SYSLOG' Mar 20 14:31:58.608095 osdx ulogd[747571]: building new pluginstance stack: 'ct1:NFCT,ip2str1:IP2STR,print1:PRINTFLOW,sys1:SYSLOG' Mar 20 14:31:58.608143 osdx ulogd[747571]: NFCT plugin working in event mode Mar 20 14:31:58.608152 osdx ulogd[747571]: Changing UID / GID Mar 20 14:31:58.608226 osdx ulogd[747571]: initialization finished, entering main loop Mar 20 14:31:58.771907 osdx cfgd[1833]: [685811]Completed change to active configuration Mar 20 14:31:58.783935 osdx OSDxCLI[685811]: User 'admin' committed the configuration. Mar 20 14:31:58.802077 osdx OSDxCLI[685811]: User 'admin' left the configuration menu. Mar 20 14:31:59.623267 osdx ulogd[747571]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 MARK=33 LABELS=TEST Mar 20 14:31:59.623289 osdx ulogd[747571]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 MARK=33 Mar 20 14:31:59.702757 osdx ulogd[747571]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 MARK=33 LABELS=TEST Mar 20 14:31:59.702778 osdx ulogd[747571]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 MARK=33
VRF logging
Description
Set a simple configuration with a vrf,
send a ping command from one device to other
and check that default and vrf fields appear when running system journal show.
Scenario
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 192.168.100.1/24 set interfaces ethernet eth0 vrf RED set protocols vrf RED static route 0.0.0.0/0 next-hop 192.168.100.2 set system conntrack logging events all set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0' set system vrf RED
Step 2: Set the following configuration in DUT1 :
set interfaces ethernet eth0 address 192.168.100.2/24 set protocols static route 0.0.0.0/0 next-hop 192.168.100.1 set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 3: Ping IP address 192.168.100.1 from DUT1:
admin@DUT1$ ping 192.168.100.1 count 1 size 56 timeout 1Show output
PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data. 64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.434 ms --- 192.168.100.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.434/0.434/0.434/0.000 ms
Step 4: Ping IP address 192.168.100.1 from DUT1:
admin@DUT1$ ping 192.168.100.1 count 1 size 56 timeout 1Show output
PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data. 64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.336 ms --- 192.168.100.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.336/0.336/0.336/0.000 ms
Step 5: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
ulogd\[.*\]:.*\[((NEW)|(UPDATE)|(DESTROY))\].*VRF=REDShow output
Mar 20 14:32:05.296650 osdx systemd-journald[685976]: Runtime Journal (/run/log/journal/ba147585e3944580985006d3d45a280a) is 2.3M, max 17.2M, 14.9M free. Mar 20 14:32:05.297153 osdx systemd-journald[685976]: Received client request to rotate journal, rotating. Mar 20 14:32:05.297184 osdx systemd-journald[685976]: Vacuuming done, freed 0B of archived journals from /run/log/journal/ba147585e3944580985006d3d45a280a. Mar 20 14:32:05.307438 osdx OSDxCLI[685811]: User 'admin' executed a new command: 'system journal clear'. Mar 20 14:32:05.518990 osdx OSDxCLI[685811]: User 'admin' executed a new command: 'system coredump delete all'. Mar 20 14:32:05.747805 osdx OSDxCLI[685811]: User 'admin' entered the configuration menu. Mar 20 14:32:05.842000 osdx OSDxCLI[685811]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 vrf RED'. Mar 20 14:32:05.924801 osdx OSDxCLI[685811]: User 'admin' added a new cfg line: 'set protocols vrf RED static route 0.0.0.0/0 next-hop 192.168.100.2'. Mar 20 14:32:06.014760 osdx OSDxCLI[685811]: User 'admin' added a new cfg line: 'set system vrf RED'. Mar 20 14:32:06.069724 osdx OSDxCLI[685811]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 192.168.100.1/24'. Mar 20 14:32:06.153021 osdx OSDxCLI[685811]: User 'admin' added a new cfg line: 'set system conntrack logging events all'. Mar 20 14:32:06.217977 osdx OSDxCLI[685811]: User 'admin' added a new cfg line: 'show working'. Mar 20 14:32:06.314033 osdx ubnt-cfgd[747823]: inactive Mar 20 14:32:06.332997 osdx INFO[747829]: FRR daemons did not change Mar 20 14:32:06.342641 osdx (udev-worker)[747840]: RED: Could not disable auto negotiation, ignoring: Operation not supported Mar 20 14:32:06.342675 osdx (udev-worker)[747840]: Network interface NamePolicy= disabled on kernel command line. Mar 20 14:32:06.380806 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Mar 20 14:32:06.427291 osdx WARNING[747920]: No supported link modes on interface eth0 Mar 20 14:32:06.428648 osdx modulelauncher[747920]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on Mar 20 14:32:06.428659 osdx modulelauncher[747920]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76. Mar 20 14:32:06.429802 osdx modulelauncher[747920]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off -- Mar 20 14:32:06.429815 osdx modulelauncher[747920]: Command '/sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off --' returned non-zero exit status 75. Mar 20 14:32:06.440808 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Mar 20 14:32:06.529189 osdx systemd[1]: Starting ulogd2.service - Netfilter Userspace Logging Daemon... Mar 20 14:32:06.529945 osdx systemd[1]: Started ulogd2.service - Netfilter Userspace Logging Daemon. Mar 20 14:32:06.530123 osdx ulogd[748006]: registering plugin `NFCT' Mar 20 14:32:06.530176 osdx ulogd[748006]: registering plugin `IP2STR' Mar 20 14:32:06.530225 osdx ulogd[748006]: registering plugin `PRINTFLOW' Mar 20 14:32:06.530273 osdx ulogd[748006]: registering plugin `SYSLOG' Mar 20 14:32:06.530277 osdx ulogd[748006]: building new pluginstance stack: 'ct1:NFCT,ip2str1:IP2STR,print1:PRINTFLOW,sys1:SYSLOG' Mar 20 14:32:06.530327 osdx ulogd[748006]: NFCT plugin working in event mode Mar 20 14:32:06.530335 osdx ulogd[748006]: Changing UID / GID Mar 20 14:32:06.530419 osdx ulogd[748006]: initialization finished, entering main loop Mar 20 14:32:06.532319 osdx cfgd[1833]: [685811]Completed change to active configuration Mar 20 14:32:06.544603 osdx OSDxCLI[685811]: User 'admin' committed the configuration. Mar 20 14:32:06.609380 osdx OSDxCLI[685811]: User 'admin' left the configuration menu. Mar 20 14:32:07.381354 osdx ulogd[748006]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 VRF=RED PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 VRF=RED PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 Mar 20 14:32:07.381375 osdx ulogd[748006]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 VRF=RED PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 VRF=RED PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 Mar 20 14:32:07.486575 osdx ulogd[748006]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 VRF=RED PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 VRF=RED PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 Mar 20 14:32:07.486599 osdx ulogd[748006]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 VRF=RED PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 VRF=RED PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0
Not-Bypass logging
Description
Set a simple configuration with a firewall service,
send a ping command from one device to other
and check that default and bypass fields appear when running system journal show.
Scenario
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth1 address 10.215.168.64/24 set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 2: Ping IP address 10.215.168.1 from DUT0:
admin@DUT0$ ping 10.215.168.1 count 1 size 56 timeout 1Show output
PING 10.215.168.1 (10.215.168.1) 56(84) bytes of data. 64 bytes from 10.215.168.1: icmp_seq=1 ttl=64 time=0.121 ms --- 10.215.168.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.121/0.121/0.121/0.000 ms
Step 3: Run command file copy http://10.215.168.1/~robot/test-performance.rules running:// force at DUT0 and expect this output:
Show output
% Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 100 129 100 129 0 0 7524 0 --:--:-- --:--:-- --:--:-- 7588
Step 4: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 192.168.100.1/24 set interfaces ethernet eth0 traffic policy in POLICY set interfaces ethernet eth1 address 10.215.168.64/24 set service firewall FW mode inline queue FW_Q set service firewall FW ruleset file 'running://test-performance.rules' set service firewall FW stream bypass mark 129834765 set service firewall FW stream bypass mask 129834765 set service firewall FW stream bypass set-connmark set system conntrack logging events all set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0' set traffic policy POLICY rule 1 action enqueue FW_Q set traffic queue FW_Q elements 1
Step 5: Set the following configuration in DUT1 :
set interfaces ethernet eth0 address 192.168.100.2/24 set protocols static route 0.0.0.0/0 next-hop 192.168.100.1 set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 6: Ping IP address 192.168.100.1 from DUT1:
admin@DUT1$ ping 192.168.100.1 count 1 size 56 timeout 1Show output
PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data. 64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.480 ms --- 192.168.100.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.480/0.480/0.480/0.000 ms
Step 7: Ping IP address 192.168.100.1 from DUT1:
admin@DUT1$ ping 192.168.100.1 count 1 size 56 timeout 1Show output
PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data. 64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=7.75 ms --- 192.168.100.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 7.745/7.745/7.745/0.000 ms
Step 8: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
ulogd\[.*\]:.*\[((NEW)|(UPDATE)|(DESTROY))\].*Sc: not-bypassShow output
Mar 20 14:32:12.271658 osdx systemd-journald[685976]: Runtime Journal (/run/log/journal/ba147585e3944580985006d3d45a280a) is 2.3M, max 17.2M, 14.9M free. Mar 20 14:32:12.274167 osdx systemd-journald[685976]: Received client request to rotate journal, rotating. Mar 20 14:32:12.274211 osdx systemd-journald[685976]: Vacuuming done, freed 0B of archived journals from /run/log/journal/ba147585e3944580985006d3d45a280a. Mar 20 14:32:12.282169 osdx OSDxCLI[685811]: User 'admin' executed a new command: 'system journal clear'. Mar 20 14:32:12.516309 osdx OSDxCLI[685811]: User 'admin' executed a new command: 'system coredump delete all'. Mar 20 14:32:12.725345 osdx OSDxCLI[685811]: User 'admin' entered the configuration menu. Mar 20 14:32:12.857217 osdx OSDxCLI[685811]: User 'admin' added a new cfg line: 'set interfaces ethernet eth1 address 10.215.168.64/24'. Mar 20 14:32:12.925837 osdx OSDxCLI[685811]: User 'admin' added a new cfg line: 'show working'. Mar 20 14:32:13.018709 osdx ubnt-cfgd[748290]: inactive Mar 20 14:32:13.037605 osdx INFO[748296]: FRR daemons did not change Mar 20 14:32:13.074172 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth1 Mar 20 14:32:13.117152 osdx WARNING[748365]: No supported link modes on interface eth1 Mar 20 14:32:13.118590 osdx modulelauncher[748365]: osdx.utils.xos cmd error: /sbin/ethtool -A eth1 autoneg on Mar 20 14:32:13.118603 osdx modulelauncher[748365]: Command '/sbin/ethtool -A eth1 autoneg on' returned non-zero exit status 76. Mar 20 14:32:13.119755 osdx modulelauncher[748365]: osdx.utils.xos cmd error: /sbin/ethtool -s eth1 autoneg on advertise Asym_Pause off Pause off -- Mar 20 14:32:13.119764 osdx modulelauncher[748365]: Command '/sbin/ethtool -s eth1 autoneg on advertise Asym_Pause off Pause off --' returned non-zero exit status 75. Mar 20 14:32:13.129694 osdx cfgd[1833]: [685811]Completed change to active configuration Mar 20 14:32:13.144654 osdx OSDxCLI[685811]: User 'admin' committed the configuration. Mar 20 14:32:13.163839 osdx OSDxCLI[685811]: User 'admin' left the configuration menu. Mar 20 14:32:13.395844 osdx OSDxCLI[685811]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'. Mar 20 14:32:13.583398 osdx file_operation[748421]: using src url: http://10.215.168.1/~robot/test-performance.rules dst url: running:// Mar 20 14:32:13.623863 osdx OSDxCLI[685811]: User 'admin' executed a new command: 'file copy http://10.215.168.1/~robot/test-performance.rules running:// force'. Mar 20 14:32:13.777095 osdx OSDxCLI[685811]: User 'admin' entered the configuration menu. Mar 20 14:32:13.845851 osdx OSDxCLI[685811]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 traffic policy in POLICY'. Mar 20 14:32:13.933843 osdx OSDxCLI[685811]: User 'admin' added a new cfg line: 'set service firewall FW mode inline queue FW_Q'. Mar 20 14:32:13.990410 osdx OSDxCLI[685811]: User 'admin' added a new cfg line: 'set service firewall FW ruleset file running://test-performance.rules'. Mar 20 14:32:14.098906 osdx OSDxCLI[685811]: User 'admin' added a new cfg line: 'set service firewall FW stream bypass'. Mar 20 14:32:14.154074 osdx OSDxCLI[685811]: User 'admin' added a new cfg line: 'set service firewall FW stream bypass mark 129834765'. Mar 20 14:32:14.253232 osdx OSDxCLI[685811]: User 'admin' added a new cfg line: 'set service firewall FW stream bypass mask 129834765'. Mar 20 14:32:14.327980 osdx OSDxCLI[685811]: User 'admin' added a new cfg line: 'set service firewall FW stream bypass set-connmark'. Mar 20 14:32:14.442826 osdx OSDxCLI[685811]: User 'admin' added a new cfg line: 'set traffic queue FW_Q elements 1'. Mar 20 14:32:14.525948 osdx OSDxCLI[685811]: User 'admin' added a new cfg line: 'set traffic policy POLICY rule 1 action enqueue FW_Q'. Mar 20 14:32:14.670202 osdx OSDxCLI[685811]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 192.168.100.1/24'. Mar 20 14:32:14.741477 osdx OSDxCLI[685811]: User 'admin' added a new cfg line: 'set system conntrack logging events all'. Mar 20 14:32:14.847192 osdx OSDxCLI[685811]: User 'admin' added a new cfg line: 'show working'. Mar 20 14:32:14.942053 osdx ubnt-cfgd[748456]: inactive Mar 20 14:32:14.986449 osdx INFO[748473]: FRR daemons did not change Mar 20 14:32:15.022242 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Mar 20 14:32:15.070512 osdx WARNING[748545]: No supported link modes on interface eth0 Mar 20 14:32:15.072314 osdx modulelauncher[748545]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on Mar 20 14:32:15.072329 osdx modulelauncher[748545]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76. Mar 20 14:32:15.073789 osdx modulelauncher[748545]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off -- Mar 20 14:32:15.073797 osdx modulelauncher[748545]: Command '/sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off --' returned non-zero exit status 75. Mar 20 14:32:15.126542 osdx systemd[1]: Starting ulogd2.service - Netfilter Userspace Logging Daemon... Mar 20 14:32:15.127404 osdx systemd[1]: Started ulogd2.service - Netfilter Userspace Logging Daemon. Mar 20 14:32:15.127536 osdx ulogd[748570]: registering plugin `NFCT' Mar 20 14:32:15.127759 osdx ulogd[748570]: registering plugin `IP2STR' Mar 20 14:32:15.127798 osdx ulogd[748570]: registering plugin `PRINTFLOW' Mar 20 14:32:15.127839 osdx ulogd[748570]: registering plugin `SYSLOG' Mar 20 14:32:15.127845 osdx ulogd[748570]: building new pluginstance stack: 'ct1:NFCT,ip2str1:IP2STR,print1:PRINTFLOW,sys1:SYSLOG' Mar 20 14:32:15.127890 osdx ulogd[748570]: NFCT plugin working in event mode Mar 20 14:32:15.127898 osdx ulogd[748570]: Changing UID / GID Mar 20 14:32:15.127976 osdx ulogd[748570]: initialization finished, entering main loop Mar 20 14:32:15.279052 osdx ulogd[748570]: Terminal signal received, exiting Mar 20 14:32:15.279188 osdx systemd[1]: Stopping ulogd2.service - Netfilter Userspace Logging Daemon... Mar 20 14:32:15.279515 osdx systemd[1]: ulogd2.service: Deactivated successfully. Mar 20 14:32:15.279637 osdx systemd[1]: Stopped ulogd2.service - Netfilter Userspace Logging Daemon. Mar 20 14:32:15.306584 osdx systemd[1]: Starting ulogd2.service - Netfilter Userspace Logging Daemon... Mar 20 14:32:15.307317 osdx systemd[1]: Started ulogd2.service - Netfilter Userspace Logging Daemon. Mar 20 14:32:15.307551 osdx ulogd[748594]: registering plugin `NFCT' Mar 20 14:32:15.307809 osdx ulogd[748594]: registering plugin `IP2STR' Mar 20 14:32:15.307862 osdx ulogd[748594]: registering plugin `PRINTFLOW' Mar 20 14:32:15.307917 osdx ulogd[748594]: registering plugin `SYSLOG' Mar 20 14:32:15.307924 osdx ulogd[748594]: building new pluginstance stack: 'ct1:NFCT,ip2str1:IP2STR,print1:PRINTFLOW,sys1:SYSLOG' Mar 20 14:32:15.307978 osdx ulogd[748594]: NFCT plugin working in event mode Mar 20 14:32:15.307988 osdx ulogd[748594]: Changing UID / GID Mar 20 14:32:15.308072 osdx ulogd[748594]: initialization finished, entering main loop Mar 20 14:32:15.345846 osdx systemd[1]: Reloading. Mar 20 14:32:15.394180 osdx systemd-sysv-generator[748615]: stat() failed on /etc/init.d/README, ignoring: No such file or directory Mar 20 14:32:15.538518 osdx systemd[1]: Starting logrotate.service - Rotate log files... Mar 20 14:32:15.542116 osdx systemd[1]: Starting suricata@FW.service - Suricata client "FW" service... Mar 20 14:32:15.566179 osdx systemd[1]: Started suricata@FW.service - Suricata client "FW" service. Mar 20 14:32:15.569998 osdx systemd[1]: logrotate.service: Deactivated successfully. Mar 20 14:32:15.570109 osdx systemd[1]: Finished logrotate.service - Rotate log files. Mar 20 14:32:15.965778 osdx INFO[748596]: Rules successfully loaded Mar 20 14:32:15.966372 osdx cfgd[1833]: [685811]Completed change to active configuration Mar 20 14:32:15.978354 osdx OSDxCLI[685811]: User 'admin' committed the configuration. Mar 20 14:32:15.994769 osdx OSDxCLI[685811]: User 'admin' left the configuration menu. Mar 20 14:32:16.886476 osdx ulogd[748594]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 (Sc: not-bypass) Mar 20 14:32:16.886503 osdx ulogd[748594]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 (Sc: not-bypass) Mar 20 14:32:16.995919 osdx ulogd[748594]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 (Sc: not-bypass) Mar 20 14:32:16.995945 osdx ulogd[748594]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 (Sc: not-bypass)
Offload flag
Description
Set a simple configuration with DUT0 as an intermediary between DUT1
and DUT2. Initiate a ssh connection from DUT1 to DUT2
and check that default and offload fields appear when running system journal show.
Scenario
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 192.168.100.1/24 set interfaces ethernet eth1 address 192.168.200.1/24 set system conntrack logging events all set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 2: Set the following configuration in DUT1 :
set interfaces ethernet eth0 address 192.168.100.2/24 set protocols static route 0.0.0.0/0 next-hop 192.168.100.1 set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 3: Set the following configuration in DUT2 :
set interfaces ethernet eth0 address 192.168.200.2/24 set protocols static route 0.0.0.0/0 next-hop 192.168.200.1 set service ssh set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 4: Ping IP address 192.168.100.1 from DUT1:
admin@DUT1$ ping 192.168.100.1 count 1 size 56 timeout 1Show output
PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data. 64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.291 ms --- 192.168.100.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.291/0.291/0.291/0.000 ms
Step 5: Ping IP address 192.168.200.1 from DUT2:
admin@DUT2$ ping 192.168.200.1 count 1 size 56 timeout 1Show output
PING 192.168.200.1 (192.168.200.1) 56(84) bytes of data. 64 bytes from 192.168.200.1: icmp_seq=1 ttl=64 time=0.358 ms --- 192.168.200.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.358/0.358/0.358/0.000 ms
Step 6: Init an SSH connection from DUT1 to IP address 192.168.200.2 with the user admin:
admin@DUT1$ ssh admin@192.168.200.2 option StrictHostKeyChecking=no option UserKnownHostsFile=/dev/nullShow output
Warning: Permanently added '192.168.200.2' (ECDSA) to the list of known hosts. admin@192.168.200.2's password: Welcome to Teldat OSDx v4.2.8.5 This system includes free software. Contact Teldat for licenses information and source code. Last login: Fri Mar 20 14:26:15 2026 from 10.215.168.64 admin@osdx$
Step 7: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
ulogd\[.*\]:.*\[((NEW)|(UPDATE)|(DESTROY))\].*\[OFFLOAD\]Show output
Mar 20 14:32:24.302648 osdx systemd-journald[685976]: Runtime Journal (/run/log/journal/ba147585e3944580985006d3d45a280a) is 2.2M, max 17.2M, 14.9M free. Mar 20 14:32:24.304225 osdx systemd-journald[685976]: Received client request to rotate journal, rotating. Mar 20 14:32:24.304287 osdx systemd-journald[685976]: Vacuuming done, freed 0B of archived journals from /run/log/journal/ba147585e3944580985006d3d45a280a. Mar 20 14:32:24.314557 osdx OSDxCLI[685811]: User 'admin' executed a new command: 'system journal clear'. Mar 20 14:32:24.534226 osdx OSDxCLI[685811]: User 'admin' executed a new command: 'system coredump delete all'. Mar 20 14:32:24.795498 osdx OSDxCLI[685811]: User 'admin' entered the configuration menu. Mar 20 14:32:24.892261 osdx OSDxCLI[685811]: User 'admin' added a new cfg line: 'set interfaces ethernet eth1 address 192.168.200.1/24'. Mar 20 14:32:24.961076 osdx OSDxCLI[685811]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 192.168.100.1/24'. Mar 20 14:32:25.055648 osdx OSDxCLI[685811]: User 'admin' added a new cfg line: 'set system conntrack logging events all'. Mar 20 14:32:25.120309 osdx OSDxCLI[685811]: User 'admin' added a new cfg line: 'show working'. Mar 20 14:32:25.219705 osdx ubnt-cfgd[748935]: inactive Mar 20 14:32:25.241324 osdx INFO[748941]: FRR daemons did not change Mar 20 14:32:25.276203 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth1 Mar 20 14:32:25.324426 osdx WARNING[749013]: No supported link modes on interface eth1 Mar 20 14:32:25.326181 osdx modulelauncher[749013]: osdx.utils.xos cmd error: /sbin/ethtool -A eth1 autoneg on Mar 20 14:32:25.326197 osdx modulelauncher[749013]: Command '/sbin/ethtool -A eth1 autoneg on' returned non-zero exit status 76. Mar 20 14:32:25.327489 osdx modulelauncher[749013]: osdx.utils.xos cmd error: /sbin/ethtool -s eth1 autoneg on advertise Asym_Pause off Pause off -- Mar 20 14:32:25.327499 osdx modulelauncher[749013]: Command '/sbin/ethtool -s eth1 autoneg on advertise Asym_Pause off Pause off --' returned non-zero exit status 75. Mar 20 14:32:25.368205 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Mar 20 14:32:25.416283 osdx WARNING[749093]: No supported link modes on interface eth0 Mar 20 14:32:25.417755 osdx modulelauncher[749093]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on Mar 20 14:32:25.417768 osdx modulelauncher[749093]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76. Mar 20 14:32:25.418941 osdx modulelauncher[749093]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off -- Mar 20 14:32:25.418951 osdx modulelauncher[749093]: Command '/sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off --' returned non-zero exit status 75. Mar 20 14:32:25.476542 osdx systemd[1]: Starting ulogd2.service - Netfilter Userspace Logging Daemon... Mar 20 14:32:25.477526 osdx systemd[1]: Started ulogd2.service - Netfilter Userspace Logging Daemon. Mar 20 14:32:25.477753 osdx ulogd[749119]: registering plugin `NFCT' Mar 20 14:32:25.478000 osdx ulogd[749119]: registering plugin `IP2STR' Mar 20 14:32:25.478567 osdx ulogd[749119]: registering plugin `PRINTFLOW' Mar 20 14:32:25.478625 osdx ulogd[749119]: registering plugin `SYSLOG' Mar 20 14:32:25.478635 osdx ulogd[749119]: building new pluginstance stack: 'ct1:NFCT,ip2str1:IP2STR,print1:PRINTFLOW,sys1:SYSLOG' Mar 20 14:32:25.478687 osdx ulogd[749119]: NFCT plugin working in event mode Mar 20 14:32:25.478695 osdx ulogd[749119]: Changing UID / GID Mar 20 14:32:25.478783 osdx ulogd[749119]: initialization finished, entering main loop Mar 20 14:32:25.479058 osdx cfgd[1833]: [685811]Completed change to active configuration Mar 20 14:32:25.490682 osdx OSDxCLI[685811]: User 'admin' committed the configuration. Mar 20 14:32:25.505937 osdx OSDxCLI[685811]: User 'admin' left the configuration menu. Mar 20 14:32:27.354540 osdx ulogd[749119]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 Mar 20 14:32:27.354566 osdx ulogd[749119]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 Mar 20 14:32:27.458876 osdx ulogd[749119]: [NEW] ORIG: SRC=192.168.200.2 DST=192.168.200.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.200.1 DST=192.168.200.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 Mar 20 14:32:27.458903 osdx ulogd[749119]: [UPDATE] ORIG: SRC=192.168.200.2 DST=192.168.200.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.200.1 DST=192.168.200.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 Mar 20 14:32:27.538023 osdx ulogd[749119]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.200.2 PROTO=TCP SPT=59000 DPT=22 PKTS=0 BYTES=0 , REPLY: SRC=192.168.200.2 DST=192.168.100.2 PROTO=TCP SPT=22 DPT=59000 PKTS=0 BYTES=0 Mar 20 14:32:27.538192 osdx ulogd[749119]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.200.2 PROTO=TCP SPT=59000 DPT=22 PKTS=0 BYTES=0 , REPLY: SRC=192.168.200.2 DST=192.168.100.2 PROTO=TCP SPT=22 DPT=59000 PKTS=0 BYTES=0 Mar 20 14:32:27.538303 osdx ulogd[749119]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.200.2 PROTO=TCP SPT=59000 DPT=22 PKTS=0 BYTES=0 , REPLY: SRC=192.168.200.2 DST=192.168.100.2 PROTO=TCP SPT=22 DPT=59000 PKTS=0 BYTES=0 [OFFLOAD] Mar 20 14:32:27.808798 osdx ulogd[749119]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.200.2 PROTO=TCP SPT=59000 DPT=22 PKTS=0 BYTES=0 , REPLY: SRC=192.168.200.2 DST=192.168.100.2 PROTO=TCP SPT=22 DPT=59000 PKTS=0 BYTES=0 Mar 20 14:32:27.808860 osdx ulogd[749119]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.200.2 PROTO=TCP SPT=59000 DPT=22 PKTS=0 BYTES=0 , REPLY: SRC=192.168.200.2 DST=192.168.100.2 PROTO=TCP SPT=22 DPT=59000 PKTS=0 BYTES=0 [OFFLOAD] Mar 20 14:32:27.810177 osdx ulogd[749119]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.200.2 PROTO=TCP SPT=59000 DPT=22 PKTS=0 BYTES=0 , REPLY: SRC=192.168.200.2 DST=192.168.100.2 PROTO=TCP SPT=22 DPT=59000 PKTS=0 BYTES=0 Mar 20 14:32:27.810301 osdx ulogd[749119]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.200.2 PROTO=TCP SPT=59000 DPT=22 PKTS=0 BYTES=0 , REPLY: SRC=192.168.200.2 DST=192.168.100.2 PROTO=TCP SPT=22 DPT=59000 PKTS=0 BYTES=0 [OFFLOAD]
App detect logging
Description
Set a simple configuration enabling app detection in system conntrack, send a ping command from DUT1
and check app detect field appears when running system journal show. After that, enabling app detection
in system conntrack for http host, try to copy index.html from a http server
and check that the app detect field appears and belongs to the http server when running system journal show.
Scenario
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 192.168.100.1/24 set system conntrack app-detect set system conntrack logging events all set system conntrack timeout icmp 1 set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 2: Set the following configuration in DUT1 :
set interfaces ethernet eth0 address 192.168.100.2/24 set protocols static route 0.0.0.0/0 next-hop 192.168.100.1 set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 3: Ping IP address 192.168.100.1 from DUT1:
admin@DUT1$ ping 192.168.100.1 count 1 size 56 timeout 1Show output
PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data. 64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.357 ms --- 192.168.100.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.357/0.357/0.357/0.000 ms
Step 4: Ping IP address 192.168.100.1 from DUT1:
admin@DUT1$ ping 192.168.100.1 count 3 size 56 timeout 1Show output
PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data. 64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.304 ms 64 bytes from 192.168.100.1: icmp_seq=2 ttl=64 time=0.310 ms 64 bytes from 192.168.100.1: icmp_seq=3 ttl=64 time=0.310 ms --- 192.168.100.1 ping statistics --- 3 packets transmitted, 3 received, 0% packet loss, time 2041ms rtt min/avg/max/mdev = 0.304/0.308/0.310/0.003 ms
Step 5: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
ulogd\[.*\]:.*\[NEW\].*APPDETECT\[L3:1\]Show output
Mar 20 14:32:32.297486 osdx systemd-journald[685976]: Runtime Journal (/run/log/journal/ba147585e3944580985006d3d45a280a) is 2.3M, max 17.2M, 14.9M free. Mar 20 14:32:32.301063 osdx systemd-journald[685976]: Received client request to rotate journal, rotating. Mar 20 14:32:32.301125 osdx systemd-journald[685976]: Vacuuming done, freed 0B of archived journals from /run/log/journal/ba147585e3944580985006d3d45a280a. Mar 20 14:32:32.307390 osdx OSDxCLI[685811]: User 'admin' executed a new command: 'system journal clear'. Mar 20 14:32:32.547358 osdx OSDxCLI[685811]: User 'admin' executed a new command: 'system coredump delete all'. Mar 20 14:32:32.797672 osdx OSDxCLI[685811]: User 'admin' entered the configuration menu. Mar 20 14:32:32.868221 osdx OSDxCLI[685811]: User 'admin' added a new cfg line: 'set system conntrack app-detect'. Mar 20 14:32:32.984632 osdx OSDxCLI[685811]: User 'admin' added a new cfg line: 'set system conntrack timeout icmp 1'. Mar 20 14:32:33.145897 osdx OSDxCLI[685811]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 192.168.100.1/24'. Mar 20 14:32:33.199017 osdx OSDxCLI[685811]: User 'admin' added a new cfg line: 'set system conntrack logging events all'. Mar 20 14:32:33.325179 osdx OSDxCLI[685811]: User 'admin' added a new cfg line: 'show working'. Mar 20 14:32:33.388240 osdx ubnt-cfgd[749354]: inactive Mar 20 14:32:33.409297 osdx INFO[749360]: FRR daemons did not change Mar 20 14:32:33.585099 osdx kernel: nfUDPlink: module init Mar 20 14:32:33.585159 osdx kernel: app-detect: module init Mar 20 14:32:33.585184 osdx kernel: app-detect: registered: sysctl net.appdetect Mar 20 14:32:33.585196 osdx kernel: nfUDPlink: connected 127.0.0.1:49000 Mar 20 14:32:33.585214 osdx kernel: nfUDPlink: added destination 127.0.0.1:49000 Mar 20 14:32:33.585228 osdx kernel: app-detect: expression init Mar 20 14:32:33.585240 osdx kernel: app-detect: appid cache initialized (override=yes, chained=yes) Mar 20 14:32:33.585252 osdx kernel: app-detect: cache changes counter set appid_changes_count found (klen=4, dlen=4) Mar 20 14:32:33.592574 osdx modulelauncher[749363]: AppDetect: no appdetect_chain refresh needed, nothing more to do Mar 20 14:32:33.595300 osdx INFO[749388]: Stopping Traffic Categorization (TCATD) service ... Mar 20 14:32:33.649063 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Mar 20 14:32:33.693245 osdx WARNING[749463]: No supported link modes on interface eth0 Mar 20 14:32:33.694703 osdx modulelauncher[749463]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on Mar 20 14:32:33.694719 osdx modulelauncher[749463]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76. Mar 20 14:32:33.695891 osdx modulelauncher[749463]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off -- Mar 20 14:32:33.695899 osdx modulelauncher[749463]: Command '/sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off --' returned non-zero exit status 75. Mar 20 14:32:33.741383 osdx systemd[1]: Starting ulogd2.service - Netfilter Userspace Logging Daemon... Mar 20 14:32:33.742083 osdx systemd[1]: Started ulogd2.service - Netfilter Userspace Logging Daemon. Mar 20 14:32:33.742207 osdx ulogd[749488]: registering plugin `NFCT' Mar 20 14:32:33.742380 osdx ulogd[749488]: registering plugin `IP2STR' Mar 20 14:32:33.742422 osdx ulogd[749488]: registering plugin `PRINTFLOW' Mar 20 14:32:33.742460 osdx ulogd[749488]: registering plugin `SYSLOG' Mar 20 14:32:33.742499 osdx ulogd[749488]: building new pluginstance stack: 'ct1:NFCT,ip2str1:IP2STR,print1:PRINTFLOW,sys1:SYSLOG' Mar 20 14:32:33.742543 osdx ulogd[749488]: NFCT plugin working in event mode Mar 20 14:32:33.742553 osdx ulogd[749488]: Changing UID / GID Mar 20 14:32:33.742616 osdx ulogd[749488]: initialization finished, entering main loop Mar 20 14:32:33.743213 osdx cfgd[1833]: [685811]Completed change to active configuration Mar 20 14:32:33.754920 osdx OSDxCLI[685811]: User 'admin' committed the configuration. Mar 20 14:32:33.770616 osdx OSDxCLI[685811]: User 'admin' left the configuration menu. Mar 20 14:32:34.649285 osdx ulogd[749488]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Mar 20 14:32:34.649304 osdx ulogd[749488]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Mar 20 14:32:34.743116 osdx ulogd[749488]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Mar 20 14:32:34.743142 osdx ulogd[749488]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Mar 20 14:32:35.760184 osdx ulogd[749488]: [DESTROY] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 APPDETECT[L3:1] Mar 20 14:32:35.760208 osdx ulogd[749488]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Mar 20 14:32:35.760221 osdx ulogd[749488]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Mar 20 14:32:36.784199 osdx ulogd[749488]: [DESTROY] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 APPDETECT[L3:1] Mar 20 14:32:36.784220 osdx ulogd[749488]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Mar 20 14:32:36.784234 osdx ulogd[749488]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1]
Step 6: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
ulogd\[.*\]:.*\[UPDATE\].*APPDETECT\[L3:1\]Show output
Mar 20 14:32:32.297486 osdx systemd-journald[685976]: Runtime Journal (/run/log/journal/ba147585e3944580985006d3d45a280a) is 2.3M, max 17.2M, 14.9M free. Mar 20 14:32:32.301063 osdx systemd-journald[685976]: Received client request to rotate journal, rotating. Mar 20 14:32:32.301125 osdx systemd-journald[685976]: Vacuuming done, freed 0B of archived journals from /run/log/journal/ba147585e3944580985006d3d45a280a. Mar 20 14:32:32.307390 osdx OSDxCLI[685811]: User 'admin' executed a new command: 'system journal clear'. Mar 20 14:32:32.547358 osdx OSDxCLI[685811]: User 'admin' executed a new command: 'system coredump delete all'. Mar 20 14:32:32.797672 osdx OSDxCLI[685811]: User 'admin' entered the configuration menu. Mar 20 14:32:32.868221 osdx OSDxCLI[685811]: User 'admin' added a new cfg line: 'set system conntrack app-detect'. Mar 20 14:32:32.984632 osdx OSDxCLI[685811]: User 'admin' added a new cfg line: 'set system conntrack timeout icmp 1'. Mar 20 14:32:33.145897 osdx OSDxCLI[685811]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 192.168.100.1/24'. Mar 20 14:32:33.199017 osdx OSDxCLI[685811]: User 'admin' added a new cfg line: 'set system conntrack logging events all'. Mar 20 14:32:33.325179 osdx OSDxCLI[685811]: User 'admin' added a new cfg line: 'show working'. Mar 20 14:32:33.388240 osdx ubnt-cfgd[749354]: inactive Mar 20 14:32:33.409297 osdx INFO[749360]: FRR daemons did not change Mar 20 14:32:33.585099 osdx kernel: nfUDPlink: module init Mar 20 14:32:33.585159 osdx kernel: app-detect: module init Mar 20 14:32:33.585184 osdx kernel: app-detect: registered: sysctl net.appdetect Mar 20 14:32:33.585196 osdx kernel: nfUDPlink: connected 127.0.0.1:49000 Mar 20 14:32:33.585214 osdx kernel: nfUDPlink: added destination 127.0.0.1:49000 Mar 20 14:32:33.585228 osdx kernel: app-detect: expression init Mar 20 14:32:33.585240 osdx kernel: app-detect: appid cache initialized (override=yes, chained=yes) Mar 20 14:32:33.585252 osdx kernel: app-detect: cache changes counter set appid_changes_count found (klen=4, dlen=4) Mar 20 14:32:33.592574 osdx modulelauncher[749363]: AppDetect: no appdetect_chain refresh needed, nothing more to do Mar 20 14:32:33.595300 osdx INFO[749388]: Stopping Traffic Categorization (TCATD) service ... Mar 20 14:32:33.649063 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Mar 20 14:32:33.693245 osdx WARNING[749463]: No supported link modes on interface eth0 Mar 20 14:32:33.694703 osdx modulelauncher[749463]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on Mar 20 14:32:33.694719 osdx modulelauncher[749463]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76. Mar 20 14:32:33.695891 osdx modulelauncher[749463]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off -- Mar 20 14:32:33.695899 osdx modulelauncher[749463]: Command '/sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off --' returned non-zero exit status 75. Mar 20 14:32:33.741383 osdx systemd[1]: Starting ulogd2.service - Netfilter Userspace Logging Daemon... Mar 20 14:32:33.742083 osdx systemd[1]: Started ulogd2.service - Netfilter Userspace Logging Daemon. Mar 20 14:32:33.742207 osdx ulogd[749488]: registering plugin `NFCT' Mar 20 14:32:33.742380 osdx ulogd[749488]: registering plugin `IP2STR' Mar 20 14:32:33.742422 osdx ulogd[749488]: registering plugin `PRINTFLOW' Mar 20 14:32:33.742460 osdx ulogd[749488]: registering plugin `SYSLOG' Mar 20 14:32:33.742499 osdx ulogd[749488]: building new pluginstance stack: 'ct1:NFCT,ip2str1:IP2STR,print1:PRINTFLOW,sys1:SYSLOG' Mar 20 14:32:33.742543 osdx ulogd[749488]: NFCT plugin working in event mode Mar 20 14:32:33.742553 osdx ulogd[749488]: Changing UID / GID Mar 20 14:32:33.742616 osdx ulogd[749488]: initialization finished, entering main loop Mar 20 14:32:33.743213 osdx cfgd[1833]: [685811]Completed change to active configuration Mar 20 14:32:33.754920 osdx OSDxCLI[685811]: User 'admin' committed the configuration. Mar 20 14:32:33.770616 osdx OSDxCLI[685811]: User 'admin' left the configuration menu. Mar 20 14:32:34.649285 osdx ulogd[749488]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Mar 20 14:32:34.649304 osdx ulogd[749488]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Mar 20 14:32:34.743116 osdx ulogd[749488]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Mar 20 14:32:34.743142 osdx ulogd[749488]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Mar 20 14:32:35.760184 osdx ulogd[749488]: [DESTROY] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 APPDETECT[L3:1] Mar 20 14:32:35.760208 osdx ulogd[749488]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Mar 20 14:32:35.760221 osdx ulogd[749488]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Mar 20 14:32:36.784199 osdx ulogd[749488]: [DESTROY] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 APPDETECT[L3:1] Mar 20 14:32:36.784220 osdx ulogd[749488]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Mar 20 14:32:36.784234 osdx ulogd[749488]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Mar 20 14:32:36.896258 osdx OSDxCLI[685811]: User 'admin' executed a new command: 'system journal show | cat'.
Step 7: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
ulogd\[.*\]:.*\[DESTROY\].*APPDETECT\[L3:1\]Show output
Mar 20 14:32:32.297486 osdx systemd-journald[685976]: Runtime Journal (/run/log/journal/ba147585e3944580985006d3d45a280a) is 2.3M, max 17.2M, 14.9M free. Mar 20 14:32:32.301063 osdx systemd-journald[685976]: Received client request to rotate journal, rotating. Mar 20 14:32:32.301125 osdx systemd-journald[685976]: Vacuuming done, freed 0B of archived journals from /run/log/journal/ba147585e3944580985006d3d45a280a. Mar 20 14:32:32.307390 osdx OSDxCLI[685811]: User 'admin' executed a new command: 'system journal clear'. Mar 20 14:32:32.547358 osdx OSDxCLI[685811]: User 'admin' executed a new command: 'system coredump delete all'. Mar 20 14:32:32.797672 osdx OSDxCLI[685811]: User 'admin' entered the configuration menu. Mar 20 14:32:32.868221 osdx OSDxCLI[685811]: User 'admin' added a new cfg line: 'set system conntrack app-detect'. Mar 20 14:32:32.984632 osdx OSDxCLI[685811]: User 'admin' added a new cfg line: 'set system conntrack timeout icmp 1'. Mar 20 14:32:33.145897 osdx OSDxCLI[685811]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 192.168.100.1/24'. Mar 20 14:32:33.199017 osdx OSDxCLI[685811]: User 'admin' added a new cfg line: 'set system conntrack logging events all'. Mar 20 14:32:33.325179 osdx OSDxCLI[685811]: User 'admin' added a new cfg line: 'show working'. Mar 20 14:32:33.388240 osdx ubnt-cfgd[749354]: inactive Mar 20 14:32:33.409297 osdx INFO[749360]: FRR daemons did not change Mar 20 14:32:33.585099 osdx kernel: nfUDPlink: module init Mar 20 14:32:33.585159 osdx kernel: app-detect: module init Mar 20 14:32:33.585184 osdx kernel: app-detect: registered: sysctl net.appdetect Mar 20 14:32:33.585196 osdx kernel: nfUDPlink: connected 127.0.0.1:49000 Mar 20 14:32:33.585214 osdx kernel: nfUDPlink: added destination 127.0.0.1:49000 Mar 20 14:32:33.585228 osdx kernel: app-detect: expression init Mar 20 14:32:33.585240 osdx kernel: app-detect: appid cache initialized (override=yes, chained=yes) Mar 20 14:32:33.585252 osdx kernel: app-detect: cache changes counter set appid_changes_count found (klen=4, dlen=4) Mar 20 14:32:33.592574 osdx modulelauncher[749363]: AppDetect: no appdetect_chain refresh needed, nothing more to do Mar 20 14:32:33.595300 osdx INFO[749388]: Stopping Traffic Categorization (TCATD) service ... Mar 20 14:32:33.649063 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Mar 20 14:32:33.693245 osdx WARNING[749463]: No supported link modes on interface eth0 Mar 20 14:32:33.694703 osdx modulelauncher[749463]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on Mar 20 14:32:33.694719 osdx modulelauncher[749463]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76. Mar 20 14:32:33.695891 osdx modulelauncher[749463]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off -- Mar 20 14:32:33.695899 osdx modulelauncher[749463]: Command '/sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off --' returned non-zero exit status 75. Mar 20 14:32:33.741383 osdx systemd[1]: Starting ulogd2.service - Netfilter Userspace Logging Daemon... Mar 20 14:32:33.742083 osdx systemd[1]: Started ulogd2.service - Netfilter Userspace Logging Daemon. Mar 20 14:32:33.742207 osdx ulogd[749488]: registering plugin `NFCT' Mar 20 14:32:33.742380 osdx ulogd[749488]: registering plugin `IP2STR' Mar 20 14:32:33.742422 osdx ulogd[749488]: registering plugin `PRINTFLOW' Mar 20 14:32:33.742460 osdx ulogd[749488]: registering plugin `SYSLOG' Mar 20 14:32:33.742499 osdx ulogd[749488]: building new pluginstance stack: 'ct1:NFCT,ip2str1:IP2STR,print1:PRINTFLOW,sys1:SYSLOG' Mar 20 14:32:33.742543 osdx ulogd[749488]: NFCT plugin working in event mode Mar 20 14:32:33.742553 osdx ulogd[749488]: Changing UID / GID Mar 20 14:32:33.742616 osdx ulogd[749488]: initialization finished, entering main loop Mar 20 14:32:33.743213 osdx cfgd[1833]: [685811]Completed change to active configuration Mar 20 14:32:33.754920 osdx OSDxCLI[685811]: User 'admin' committed the configuration. Mar 20 14:32:33.770616 osdx OSDxCLI[685811]: User 'admin' left the configuration menu. Mar 20 14:32:34.649285 osdx ulogd[749488]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Mar 20 14:32:34.649304 osdx ulogd[749488]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Mar 20 14:32:34.743116 osdx ulogd[749488]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Mar 20 14:32:34.743142 osdx ulogd[749488]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Mar 20 14:32:35.760184 osdx ulogd[749488]: [DESTROY] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 APPDETECT[L3:1] Mar 20 14:32:35.760208 osdx ulogd[749488]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Mar 20 14:32:35.760221 osdx ulogd[749488]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Mar 20 14:32:36.784199 osdx ulogd[749488]: [DESTROY] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 APPDETECT[L3:1] Mar 20 14:32:36.784220 osdx ulogd[749488]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Mar 20 14:32:36.784234 osdx ulogd[749488]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Mar 20 14:32:36.896258 osdx OSDxCLI[685811]: User 'admin' executed a new command: 'system journal show | cat'. Mar 20 14:32:37.027680 osdx OSDxCLI[685811]: User 'admin' executed a new command: 'system journal show | cat'.
Step 8: Modify the following configuration lines in DUT0 :
set interfaces ethernet eth1 address 10.215.168.64/24 set system conntrack app-detect http-host
Step 9: Ping IP address 10.215.168.1 from DUT0:
admin@DUT0$ ping 10.215.168.1 count 1 size 56 timeout 1Show output
PING 10.215.168.1 (10.215.168.1) 56(84) bytes of data. 64 bytes from 10.215.168.1: icmp_seq=1 ttl=64 time=0.211 ms --- 10.215.168.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.211/0.211/0.211/0.000 ms
Step 10: Run command file copy http://10.215.168.1/~robot/ running://index.html force at DUT0 and expect this output:
Show output
% Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 100 4818 0 4818 0 0 709k 0 --:--:-- --:--:-- --:--:-- 784k
Step 11: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
ulogd\[.*\]:.*\[((NEW)|(UPDATE)|(DESTROY))\].*APPDETECT\[L4:80 http-host:10.215.168.1\]Show output
Mar 20 14:32:32.297486 osdx systemd-journald[685976]: Runtime Journal (/run/log/journal/ba147585e3944580985006d3d45a280a) is 2.3M, max 17.2M, 14.9M free. Mar 20 14:32:32.301063 osdx systemd-journald[685976]: Received client request to rotate journal, rotating. Mar 20 14:32:32.301125 osdx systemd-journald[685976]: Vacuuming done, freed 0B of archived journals from /run/log/journal/ba147585e3944580985006d3d45a280a. Mar 20 14:32:32.307390 osdx OSDxCLI[685811]: User 'admin' executed a new command: 'system journal clear'. Mar 20 14:32:32.547358 osdx OSDxCLI[685811]: User 'admin' executed a new command: 'system coredump delete all'. Mar 20 14:32:32.797672 osdx OSDxCLI[685811]: User 'admin' entered the configuration menu. Mar 20 14:32:32.868221 osdx OSDxCLI[685811]: User 'admin' added a new cfg line: 'set system conntrack app-detect'. Mar 20 14:32:32.984632 osdx OSDxCLI[685811]: User 'admin' added a new cfg line: 'set system conntrack timeout icmp 1'. Mar 20 14:32:33.145897 osdx OSDxCLI[685811]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 192.168.100.1/24'. Mar 20 14:32:33.199017 osdx OSDxCLI[685811]: User 'admin' added a new cfg line: 'set system conntrack logging events all'. Mar 20 14:32:33.325179 osdx OSDxCLI[685811]: User 'admin' added a new cfg line: 'show working'. Mar 20 14:32:33.388240 osdx ubnt-cfgd[749354]: inactive Mar 20 14:32:33.409297 osdx INFO[749360]: FRR daemons did not change Mar 20 14:32:33.585099 osdx kernel: nfUDPlink: module init Mar 20 14:32:33.585159 osdx kernel: app-detect: module init Mar 20 14:32:33.585184 osdx kernel: app-detect: registered: sysctl net.appdetect Mar 20 14:32:33.585196 osdx kernel: nfUDPlink: connected 127.0.0.1:49000 Mar 20 14:32:33.585214 osdx kernel: nfUDPlink: added destination 127.0.0.1:49000 Mar 20 14:32:33.585228 osdx kernel: app-detect: expression init Mar 20 14:32:33.585240 osdx kernel: app-detect: appid cache initialized (override=yes, chained=yes) Mar 20 14:32:33.585252 osdx kernel: app-detect: cache changes counter set appid_changes_count found (klen=4, dlen=4) Mar 20 14:32:33.592574 osdx modulelauncher[749363]: AppDetect: no appdetect_chain refresh needed, nothing more to do Mar 20 14:32:33.595300 osdx INFO[749388]: Stopping Traffic Categorization (TCATD) service ... Mar 20 14:32:33.649063 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Mar 20 14:32:33.693245 osdx WARNING[749463]: No supported link modes on interface eth0 Mar 20 14:32:33.694703 osdx modulelauncher[749463]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on Mar 20 14:32:33.694719 osdx modulelauncher[749463]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76. Mar 20 14:32:33.695891 osdx modulelauncher[749463]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off -- Mar 20 14:32:33.695899 osdx modulelauncher[749463]: Command '/sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off --' returned non-zero exit status 75. Mar 20 14:32:33.741383 osdx systemd[1]: Starting ulogd2.service - Netfilter Userspace Logging Daemon... Mar 20 14:32:33.742083 osdx systemd[1]: Started ulogd2.service - Netfilter Userspace Logging Daemon. Mar 20 14:32:33.742207 osdx ulogd[749488]: registering plugin `NFCT' Mar 20 14:32:33.742380 osdx ulogd[749488]: registering plugin `IP2STR' Mar 20 14:32:33.742422 osdx ulogd[749488]: registering plugin `PRINTFLOW' Mar 20 14:32:33.742460 osdx ulogd[749488]: registering plugin `SYSLOG' Mar 20 14:32:33.742499 osdx ulogd[749488]: building new pluginstance stack: 'ct1:NFCT,ip2str1:IP2STR,print1:PRINTFLOW,sys1:SYSLOG' Mar 20 14:32:33.742543 osdx ulogd[749488]: NFCT plugin working in event mode Mar 20 14:32:33.742553 osdx ulogd[749488]: Changing UID / GID Mar 20 14:32:33.742616 osdx ulogd[749488]: initialization finished, entering main loop Mar 20 14:32:33.743213 osdx cfgd[1833]: [685811]Completed change to active configuration Mar 20 14:32:33.754920 osdx OSDxCLI[685811]: User 'admin' committed the configuration. Mar 20 14:32:33.770616 osdx OSDxCLI[685811]: User 'admin' left the configuration menu. Mar 20 14:32:34.649285 osdx ulogd[749488]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Mar 20 14:32:34.649304 osdx ulogd[749488]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Mar 20 14:32:34.743116 osdx ulogd[749488]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Mar 20 14:32:34.743142 osdx ulogd[749488]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Mar 20 14:32:35.760184 osdx ulogd[749488]: [DESTROY] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 APPDETECT[L3:1] Mar 20 14:32:35.760208 osdx ulogd[749488]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Mar 20 14:32:35.760221 osdx ulogd[749488]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Mar 20 14:32:36.784199 osdx ulogd[749488]: [DESTROY] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 APPDETECT[L3:1] Mar 20 14:32:36.784220 osdx ulogd[749488]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Mar 20 14:32:36.784234 osdx ulogd[749488]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Mar 20 14:32:36.896258 osdx OSDxCLI[685811]: User 'admin' executed a new command: 'system journal show | cat'. Mar 20 14:32:37.027680 osdx OSDxCLI[685811]: User 'admin' executed a new command: 'system journal show | cat'. Mar 20 14:32:37.165656 osdx OSDxCLI[685811]: User 'admin' executed a new command: 'system journal show | cat'. Mar 20 14:32:37.357109 osdx OSDxCLI[685811]: User 'admin' entered the configuration menu. Mar 20 14:32:37.441661 osdx OSDxCLI[685811]: User 'admin' added a new cfg line: 'set interfaces ethernet eth1 address 10.215.168.64/24'. Mar 20 14:32:37.507146 osdx OSDxCLI[685811]: User 'admin' added a new cfg line: 'set system conntrack app-detect http-host'. Mar 20 14:32:37.603772 osdx OSDxCLI[685811]: User 'admin' added a new cfg line: 'show changes'. Mar 20 14:32:37.662318 osdx ubnt-cfgd[749540]: inactive Mar 20 14:32:37.686080 osdx INFO[749546]: FRR daemons did not change Mar 20 14:32:37.717075 osdx kernel: app-detect: expression destroy Mar 20 14:32:37.725063 osdx kernel: app-detect: expression init Mar 20 14:32:37.725115 osdx kernel: app-detect: appid cache initialized (override=yes, chained=yes) Mar 20 14:32:37.725134 osdx kernel: app-detect: cache changes counter set appid_changes_count found (klen=4, dlen=4) Mar 20 14:32:37.732660 osdx modulelauncher[749549]: AppDetect: no appdetect_chain refresh needed, nothing more to do Mar 20 14:32:37.735295 osdx INFO[749565]: Stopping Traffic Categorization (TCATD) service ... Mar 20 14:32:37.777069 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth1 Mar 20 14:32:37.822660 osdx WARNING[749635]: No supported link modes on interface eth1 Mar 20 14:32:37.824328 osdx modulelauncher[749635]: osdx.utils.xos cmd error: /sbin/ethtool -A eth1 autoneg on Mar 20 14:32:37.824341 osdx modulelauncher[749635]: Command '/sbin/ethtool -A eth1 autoneg on' returned non-zero exit status 76. Mar 20 14:32:37.825839 osdx modulelauncher[749635]: osdx.utils.xos cmd error: /sbin/ethtool -s eth1 autoneg on advertise Asym_Pause off Pause off -- Mar 20 14:32:37.825846 osdx modulelauncher[749635]: Command '/sbin/ethtool -s eth1 autoneg on advertise Asym_Pause off Pause off --' returned non-zero exit status 75. Mar 20 14:32:37.836594 osdx cfgd[1833]: [685811]Completed change to active configuration Mar 20 14:32:37.847394 osdx ulogd[749488]: [DESTROY] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 APPDETECT[L3:1] Mar 20 14:32:37.847416 osdx ulogd[749488]: [DESTROY] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 APPDETECT[L3:1] Mar 20 14:32:37.848030 osdx OSDxCLI[685811]: User 'admin' committed the configuration. Mar 20 14:32:37.864304 osdx OSDxCLI[685811]: User 'admin' left the configuration menu. Mar 20 14:32:38.015098 osdx ulogd[749488]: [NEW] ORIG: SRC=10.215.168.64 DST=10.215.168.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=10.215.168.1 DST=10.215.168.64 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Mar 20 14:32:38.015264 osdx ulogd[749488]: [UPDATE] ORIG: SRC=10.215.168.64 DST=10.215.168.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=10.215.168.1 DST=10.215.168.64 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Mar 20 14:32:38.017366 osdx OSDxCLI[685811]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'. Mar 20 14:32:38.165763 osdx file_operation[749691]: using src url: http://10.215.168.1/~robot/ dst url: running://index.html Mar 20 14:32:38.172222 osdx ulogd[749488]: [NEW] ORIG: SRC=10.215.168.64 DST=10.215.168.1 PROTO=TCP SPT=38880 DPT=80 PKTS=0 BYTES=0 , REPLY: SRC=10.215.168.1 DST=10.215.168.64 PROTO=TCP SPT=80 DPT=38880 PKTS=0 BYTES=0 APPDETECT[L4:80] Mar 20 14:32:38.172338 osdx ulogd[749488]: [UPDATE] ORIG: SRC=10.215.168.64 DST=10.215.168.1 PROTO=TCP SPT=38880 DPT=80 PKTS=0 BYTES=0 , REPLY: SRC=10.215.168.1 DST=10.215.168.64 PROTO=TCP SPT=80 DPT=38880 PKTS=0 BYTES=0 APPDETECT[L4:80] Mar 20 14:32:38.172354 osdx ulogd[749488]: [UPDATE] ORIG: SRC=10.215.168.64 DST=10.215.168.1 PROTO=TCP SPT=38880 DPT=80 PKTS=0 BYTES=0 , REPLY: SRC=10.215.168.1 DST=10.215.168.64 PROTO=TCP SPT=80 DPT=38880 PKTS=0 BYTES=0 APPDETECT[L4:80] Mar 20 14:32:38.174701 osdx ulogd[749488]: [UPDATE] ORIG: SRC=10.215.168.64 DST=10.215.168.1 PROTO=TCP SPT=38880 DPT=80 PKTS=0 BYTES=0 , REPLY: SRC=10.215.168.1 DST=10.215.168.64 PROTO=TCP SPT=80 DPT=38880 PKTS=0 BYTES=0 APPDETECT[L4:80 http-host:10.215.168.1] Mar 20 14:32:38.174759 osdx ulogd[749488]: [UPDATE] ORIG: SRC=10.215.168.64 DST=10.215.168.1 PROTO=TCP SPT=38880 DPT=80 PKTS=0 BYTES=0 , REPLY: SRC=10.215.168.1 DST=10.215.168.64 PROTO=TCP SPT=80 DPT=38880 PKTS=0 BYTES=0 APPDETECT[L4:80 http-host:10.215.168.1] Mar 20 14:32:38.174779 osdx ulogd[749488]: [UPDATE] ORIG: SRC=10.215.168.64 DST=10.215.168.1 PROTO=TCP SPT=38880 DPT=80 PKTS=0 BYTES=0 , REPLY: SRC=10.215.168.1 DST=10.215.168.64 PROTO=TCP SPT=80 DPT=38880 PKTS=0 BYTES=0 APPDETECT[L4:80 http-host:10.215.168.1] Mar 20 14:32:38.194441 osdx OSDxCLI[685811]: User 'admin' executed a new command: 'file copy http://10.215.168.1/~robot/ running://index.html force'.
App Detect Drop Packet
Description
Set a traffic policy with action drop for all the packets matching an appid specified by a traffic selector.
Enable http-host and http-url option in system conntrack appdetect path in order to see relevant information about http packets.
Finnally, log that packets with app-id option and check that appdetect field appear in journal when
running system journal show
Scenario
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth1 address 10.215.168.64/24 set interfaces ethernet eth1 traffic policy out DROP set system conntrack app-detect dictionary 130 custom app-id 155 fqdn 10.215.168.1 set system conntrack app-detect enable_dict_match_priv_ip set system conntrack app-detect http-host set system conntrack app-detect http-url set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0' set traffic policy DROP rule 1 action drop set traffic policy DROP rule 1 log app-id set traffic policy DROP rule 1 selector APPID set traffic selector APPID rule 1 app-detect app-id custom 155
Step 2: Ping IP address 10.215.168.1 from DUT0:
admin@DUT0$ ping 10.215.168.1 count 1 size 56 timeout 1Show output
PING 10.215.168.1 (10.215.168.1) 56(84) bytes of data. 64 bytes from 10.215.168.1: icmp_seq=1 ttl=64 time=0.167 ms --- 10.215.168.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.167/0.167/0.167/0.000 ms
Step 3: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
osdx kernel:.*APPDETECT\[U6:155 http-url:/~robot/ http-host:10.215.168.1\]Show output
Mar 20 14:32:43.290922 osdx systemd-journald[685976]: Runtime Journal (/run/log/journal/ba147585e3944580985006d3d45a280a) is 2.3M, max 17.2M, 14.9M free. Mar 20 14:32:43.294589 osdx systemd-journald[685976]: Received client request to rotate journal, rotating. Mar 20 14:32:43.294658 osdx systemd-journald[685976]: Vacuuming done, freed 0B of archived journals from /run/log/journal/ba147585e3944580985006d3d45a280a. Mar 20 14:32:43.302010 osdx OSDxCLI[685811]: User 'admin' executed a new command: 'system journal clear'. Mar 20 14:32:43.508448 osdx OSDxCLI[685811]: User 'admin' executed a new command: 'system coredump delete all'. Mar 20 14:32:43.718457 osdx OSDxCLI[685811]: User 'admin' entered the configuration menu. Mar 20 14:32:43.835145 osdx OSDxCLI[685811]: User 'admin' added a new cfg line: 'set system conntrack app-detect dictionary 130 custom app-id 155 fqdn 10.215.168.1'. Mar 20 14:32:43.884129 osdx OSDxCLI[685811]: User 'admin' added a new cfg line: 'set system conntrack app-detect enable_dict_match_priv_ip'. Mar 20 14:32:43.977598 osdx OSDxCLI[685811]: User 'admin' added a new cfg line: 'set system conntrack app-detect http-url'. Mar 20 14:32:44.037932 osdx OSDxCLI[685811]: User 'admin' added a new cfg line: 'set traffic selector APPID rule 1 app-detect app-id custom 155'. Mar 20 14:32:44.133543 osdx OSDxCLI[685811]: User 'admin' added a new cfg line: 'set traffic policy DROP rule 1 selector APPID'. Mar 20 14:32:44.184568 osdx OSDxCLI[685811]: User 'admin' added a new cfg line: 'set traffic policy DROP rule 1 action drop'. Mar 20 14:32:44.283753 osdx OSDxCLI[685811]: User 'admin' added a new cfg line: 'set traffic policy DROP rule 1 log app-id'. Mar 20 14:32:44.377934 osdx OSDxCLI[685811]: User 'admin' added a new cfg line: 'set interfaces ethernet eth1 traffic policy out DROP'. Mar 20 14:32:44.436466 osdx OSDxCLI[685811]: User 'admin' added a new cfg line: 'set interfaces ethernet eth1 address 10.215.168.64/24'. Mar 20 14:32:44.533983 osdx OSDxCLI[685811]: User 'admin' added a new cfg line: 'set system conntrack app-detect http-host'. Mar 20 14:32:44.609804 osdx OSDxCLI[685811]: User 'admin' added a new cfg line: 'show working'. Mar 20 14:32:44.706903 osdx ubnt-cfgd[749936]: inactive Mar 20 14:32:44.765805 osdx INFO[749960]: FRR daemons did not change Mar 20 14:32:44.898594 osdx kernel: nfUDPlink: module init Mar 20 14:32:44.898657 osdx kernel: app-detect: module init Mar 20 14:32:44.898669 osdx kernel: app-detect: registered: sysctl net.appdetect Mar 20 14:32:44.898680 osdx kernel: nfUDPlink: connected 127.0.0.1:49000 Mar 20 14:32:44.898691 osdx kernel: nfUDPlink: added destination 127.0.0.1:49000 Mar 20 14:32:44.898706 osdx kernel: app-detect: expression init Mar 20 14:32:44.898722 osdx kernel: app-detect: appid cache initialized (override=yes, chained=yes) Mar 20 14:32:44.898732 osdx kernel: app-detect: cache changes counter set appid_changes_count found (klen=4, dlen=4) Mar 20 14:32:44.932286 osdx INFO[749995]: Updated /etc/default/osdx_tcatd.conf Mar 20 14:32:44.932326 osdx INFO[749995]: Restarting Traffic Categorization (TCATD) service ... Mar 20 14:32:44.958868 osdx systemd[1]: Starting osdx-tcatd.service - App-Detect Traffic Categorization daemon... Mar 20 14:32:44.965349 osdx systemd[1]: Started osdx-tcatd.service - App-Detect Traffic Categorization daemon. Mar 20 14:32:44.998591 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth1 Mar 20 14:32:45.056977 osdx WARNING[750069]: No supported link modes on interface eth1 Mar 20 14:32:45.058537 osdx modulelauncher[750069]: osdx.utils.xos cmd error: /sbin/ethtool -A eth1 autoneg on Mar 20 14:32:45.058548 osdx modulelauncher[750069]: Command '/sbin/ethtool -A eth1 autoneg on' returned non-zero exit status 76. Mar 20 14:32:45.060389 osdx modulelauncher[750069]: osdx.utils.xos cmd error: /sbin/ethtool -s eth1 autoneg on advertise Asym_Pause off Pause off -- Mar 20 14:32:45.060398 osdx modulelauncher[750069]: Command '/sbin/ethtool -s eth1 autoneg on advertise Asym_Pause off Pause off --' returned non-zero exit status 75. Mar 20 14:32:45.257425 osdx cfgd[1833]: [685811]Completed change to active configuration Mar 20 14:32:45.269758 osdx OSDxCLI[685811]: User 'admin' committed the configuration. Mar 20 14:32:45.285111 osdx OSDxCLI[685811]: User 'admin' left the configuration menu. Mar 20 14:32:45.430437 osdx OSDxCLI[685811]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'. Mar 20 14:32:45.575210 osdx file_operation[750148]: using src url: http://10.215.168.1/~robot/ dst url: running://index.html Mar 20 14:32:45.578597 osdx kernel: [DROP-1] DROP IN= OUT=eth1 SRC=10.215.168.64 DST=10.215.168.1 LEN=306 TOS=0x00 PREC=0x00 TTL=64 ID=21344 DF PROTO=TCP SPT=38890 DPT=80 WINDOW=502 RES=0x00 ACK PSH URGP=0 APPDETECT[U6:155 http-url:/~robot/ http-host:10.215.168.1] Mar 20 14:32:45.786591 osdx kernel: [DROP-1] DROP IN= OUT=eth1 SRC=10.215.168.64 DST=10.215.168.1 LEN=306 TOS=0x00 PREC=0x00 TTL=64 ID=21345 DF PROTO=TCP SPT=38890 DPT=80 WINDOW=502 RES=0x00 ACK PSH URGP=0 APPDETECT[U6:155 http-url:/~robot/ http-host:10.215.168.1] Mar 20 14:32:46.210647 osdx kernel: [DROP-1] DROP IN= OUT=eth1 SRC=10.215.168.64 DST=10.215.168.1 LEN=306 TOS=0x00 PREC=0x00 TTL=64 ID=21346 DF PROTO=TCP SPT=38890 DPT=80 WINDOW=502 RES=0x00 ACK PSH URGP=0 APPDETECT[U6:155 http-url:/~robot/ http-host:10.215.168.1] Mar 20 14:32:47.042642 osdx kernel: [DROP-1] DROP IN= OUT=eth1 SRC=10.215.168.64 DST=10.215.168.1 LEN=306 TOS=0x00 PREC=0x00 TTL=64 ID=21347 DF PROTO=TCP SPT=38890 DPT=80 WINDOW=502 RES=0x00 ACK PSH URGP=0 APPDETECT[U6:155 http-url:/~robot/ http-host:10.215.168.1] Mar 20 14:32:48.514729 osdx file_operation.py[750148]: Operation aborted by user. Mar 20 14:32:48.526595 osdx kernel: [DROP-1] DROP IN= OUT=eth1 SRC=10.215.168.64 DST=10.215.168.1 LEN=306 TOS=0x00 PREC=0x00 TTL=64 ID=21348 DF PROTO=TCP SPT=38890 DPT=80 WINDOW=502 RES=0x00 ACK PSH FIN URGP=0 APPDETECT[U6:155 http-url:/~robot/ http-host:10.215.168.1] Mar 20 14:32:48.529937 osdx OSDxCLI[685811]: User 'admin' executed a new command: 'file copy http://10.215.168.1/~robot/ running://index.html force'.
Identity Values
Description
Conntrack identity is able to contain any printed character (max 92 characters) but not spaces
Scenario
Step 1: Run command configure at DUT0 and expect this output:
Show output
admin@osdx#
Step 2: Run command set system conntrack logging identity "he||o w@rld!" at DUT0 and check if output contains the following tokens:
Identity name must be 92 characters or less and must contain printable characters except those defined as part of the space character classShow output
Identity name must be 92 characters or less and must contain printable characters except those defined as part of the space character class Value validation failed CLI Error: Command error
Step 3: Run command set system conntrack logging identity Lorem-ipsum-dolor-sit-amet-consectetur-adipiscing-elit-quisque-lorem-ipsum-dolor-sit-amet-vita at DUT0 and check if output contains the following tokens:
Identity name must be 92 characters or less and must contain printable characters except those defined as part of the space character classShow output
Identity name must be 92 characters or less and must contain printable characters except those defined as part of the space character class Value validation failed CLI Error: Command error
Step 4: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 192.168.100.1/24 set system conntrack logging events all set system conntrack logging identity Lorem-ipsum-dolor-sit-amet-consectetur-adipiscing-elit-quisque-lorem-ipsum-dolor-sit-ame-vit set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 5: Set the following configuration in DUT1 :
set interfaces ethernet eth0 address 192.168.100.2/24 set protocols static route 0.0.0.0/0 next-hop 192.168.100.1 set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 6: Ping IP address 192.168.100.1 from DUT1:
admin@DUT1$ ping 192.168.100.1 count 1 size 56 timeout 1Show output
PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data. 64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.409 ms --- 192.168.100.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.409/0.409/0.409/0.000 ms
Step 7: Ping IP address 192.168.100.1 from DUT1:
admin@DUT1$ ping 192.168.100.1 count 1 size 56 timeout 1Show output
PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data. 64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.291 ms --- 192.168.100.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.291/0.291/0.291/0.000 ms
Step 8: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
Lorem-ipsum-dolor-sit-amet-consectetur-adipiscing-elit-quisque-lorem-ipsum-dolor-sit-ame-vit\[.*\]:.*\[((NEW)|(UPDATE)|(DESTROY))\].*SRC=192.168.100.2Show output
Mar 20 14:32:53.311346 osdx systemd-journald[685976]: Runtime Journal (/run/log/journal/ba147585e3944580985006d3d45a280a) is 2.3M, max 17.2M, 14.9M free. Mar 20 14:32:53.312948 osdx systemd-journald[685976]: Received client request to rotate journal, rotating. Mar 20 14:32:53.313019 osdx systemd-journald[685976]: Vacuuming done, freed 0B of archived journals from /run/log/journal/ba147585e3944580985006d3d45a280a. Mar 20 14:32:53.322350 osdx OSDxCLI[685811]: User 'admin' executed a new command: 'system journal clear'. Mar 20 14:32:53.551625 osdx OSDxCLI[685811]: User 'admin' executed a new command: 'system coredump delete all'. Mar 20 14:32:53.806528 osdx OSDxCLI[685811]: User 'admin' entered the configuration menu. Mar 20 14:32:53.872696 osdx cfgd[1833]: [685811]Command output: Identity name must be 92 characters or less and must contain printable characters except those defined as part of the space character class Value validation failed Mar 20 14:32:53.873868 osdx OSDxCLI[685811]: User 'admin' entered an invalid command: 'set system conntrack logging identity "he||o w@rld!"'. Mar 20 14:32:53.967105 osdx cfgd[1833]: [685811]Command output: Identity name must be 92 characters or less and must contain printable characters except those defined as part of the space character class Value validation failed Mar 20 14:32:53.968791 osdx OSDxCLI[685811]: User 'admin' entered an invalid command: 'set system conntrack logging identity Lorem-ipsum-dolor-sit-amet-consectetur-adipiscing-elit-quisque-lorem-ipsum-dolor-sit-amet-vita'. Mar 20 14:32:53.985319 osdx OSDxCLI[685811]: User 'admin' left the configuration menu. Mar 20 14:32:54.160315 osdx OSDxCLI[685811]: User 'admin' entered the configuration menu. Mar 20 14:32:54.249225 osdx OSDxCLI[685811]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 192.168.100.1/24'. Mar 20 14:32:54.316879 osdx OSDxCLI[685811]: User 'admin' added a new cfg line: 'set system conntrack logging events all'. Mar 20 14:32:54.412256 osdx OSDxCLI[685811]: User 'admin' added a new cfg line: 'set system conntrack logging identity Lorem-ipsum-dolor-sit-amet-consectetur-adipiscing-elit-quisque-lorem-ipsum-dolor-sit-ame-vit'. Mar 20 14:32:54.476967 osdx OSDxCLI[685811]: User 'admin' added a new cfg line: 'show working'. Mar 20 14:32:54.573433 osdx ubnt-cfgd[750363]: inactive Mar 20 14:32:54.591843 osdx INFO[750369]: FRR daemons did not change Mar 20 14:32:54.624928 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Mar 20 14:32:54.672140 osdx WARNING[750441]: No supported link modes on interface eth0 Mar 20 14:32:54.674124 osdx modulelauncher[750441]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on Mar 20 14:32:54.674142 osdx modulelauncher[750441]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76. Mar 20 14:32:54.675438 osdx modulelauncher[750441]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off -- Mar 20 14:32:54.675449 osdx modulelauncher[750441]: Command '/sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off --' returned non-zero exit status 75. Mar 20 14:32:54.725281 osdx systemd[1]: Starting ulogd2.service - Netfilter Userspace Logging Daemon... Mar 20 14:32:54.726026 osdx systemd[1]: Started ulogd2.service - Netfilter Userspace Logging Daemon. Mar 20 14:32:54.726240 osdx ulogd[750466]: registering plugin `NFCT' Mar 20 14:32:54.726297 osdx ulogd[750466]: registering plugin `IP2STR' Mar 20 14:32:54.726347 osdx ulogd[750466]: registering plugin `PRINTFLOW' Mar 20 14:32:54.726424 osdx ulogd[750466]: registering plugin `SYSLOG' Mar 20 14:32:54.726428 osdx ulogd[750466]: building new pluginstance stack: 'ct1:NFCT,ip2str1:IP2STR,print1:PRINTFLOW,sys1:SYSLOG' Mar 20 14:32:54.726477 osdx ulogd[750466]: NFCT plugin working in event mode Mar 20 14:32:54.726484 osdx Lorem-ipsum-dolor-sit-amet-consectetur-adipiscing-elit-quisque-lorem-ipsum-dolor-sit-ame-vit[750466]: Changing UID / GID Mar 20 14:32:54.726564 osdx Lorem-ipsum-dolor-sit-amet-consectetur-adipiscing-elit-quisque-lorem-ipsum-dolor-sit-ame-vit[750466]: initialization finished, entering main loop Mar 20 14:32:54.727778 osdx cfgd[1833]: [685811]Completed change to active configuration Mar 20 14:32:54.742738 osdx OSDxCLI[685811]: User 'admin' committed the configuration. Mar 20 14:32:54.788796 osdx OSDxCLI[685811]: User 'admin' left the configuration menu. Mar 20 14:32:55.727266 osdx Lorem-ipsum-dolor-sit-amet-consectetur-adipiscing-elit-quisque-lorem-ipsum-dolor-sit-ame-vit[750466]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 Mar 20 14:32:55.727284 osdx Lorem-ipsum-dolor-sit-amet-consectetur-adipiscing-elit-quisque-lorem-ipsum-dolor-sit-ame-vit[750466]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 Mar 20 14:32:55.817097 osdx Lorem-ipsum-dolor-sit-amet-consectetur-adipiscing-elit-quisque-lorem-ipsum-dolor-sit-ame-vit[750466]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 Mar 20 14:32:55.817119 osdx Lorem-ipsum-dolor-sit-amet-consectetur-adipiscing-elit-quisque-lorem-ipsum-dolor-sit-ame-vit[750466]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0