Logging
The following scenarios show how to configure the conntrack logging option with different traffic policies and services enabled, in order to check that all fields are displayed correctly and all events are captured.
New events
Description
Check NEW sessions events are captured
Scenario
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 192.168.100.1/24 set system conntrack logging events new set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 2: Set the following configuration in DUT1 :
set interfaces ethernet eth0 address 192.168.100.2/24 set protocols static route 0.0.0.0/0 next-hop 192.168.100.1 set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 3: Ping IP address 192.168.100.1 from DUT1:
admin@DUT1$ ping 192.168.100.1 count 1 size 56 timeout 1Show output
PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data. 64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.342 ms --- 192.168.100.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.342/0.342/0.342/0.000 ms
Step 4: Ping IP address 192.168.100.1 from DUT1:
admin@DUT1$ ping 192.168.100.1 count 1 size 56 timeout 1Show output
PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data. 64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.249 ms --- 192.168.100.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.249/0.249/0.249/0.000 ms
Step 5: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
ulogd\[.*\]:.*\[NEW\].*SRC=192.168.100.2Show output
Mar 05 17:19:34.332178 osdx systemd-journald[466780]: Runtime Journal (/run/log/journal/78445f9299f9414990e66dc8aa510838) is 1.8M, max 13.8M, 11.9M free. Mar 05 17:19:34.333026 osdx systemd-journald[466780]: Received client request to rotate journal, rotating. Mar 05 17:19:34.333079 osdx systemd-journald[466780]: Vacuuming done, freed 0B of archived journals from /run/log/journal/78445f9299f9414990e66dc8aa510838. Mar 05 17:19:34.342561 osdx OSDxCLI[466618]: User 'admin' executed a new command: 'system journal clear'. Mar 05 17:19:34.560712 osdx OSDxCLI[466618]: User 'admin' executed a new command: 'system coredump delete all'. Mar 05 17:19:34.766561 osdx OSDxCLI[466618]: User 'admin' entered the configuration menu. Mar 05 17:19:34.894549 osdx OSDxCLI[466618]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 192.168.100.1/24'. Mar 05 17:19:34.946211 osdx OSDxCLI[466618]: User 'admin' added a new cfg line: 'set system conntrack logging events new'. Mar 05 17:19:35.062524 osdx OSDxCLI[466618]: User 'admin' added a new cfg line: 'show working'. Mar 05 17:19:35.139157 osdx ubnt-cfgd[476459]: inactive Mar 05 17:19:35.158401 osdx INFO[476465]: FRR daemons did not change Mar 05 17:19:35.189022 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Mar 05 17:19:35.236800 osdx WARNING[476537]: No supported link modes on interface eth0 Mar 05 17:19:35.241433 osdx modulelauncher[476537]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on Mar 05 17:19:35.241447 osdx modulelauncher[476537]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76. Mar 05 17:19:35.242602 osdx modulelauncher[476537]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Pause off Asym_Pause off -- Mar 05 17:19:35.242610 osdx modulelauncher[476537]: Command '/sbin/ethtool -s eth0 autoneg on advertise Pause off Asym_Pause off --' returned non-zero exit status 75. Mar 05 17:19:35.281342 osdx systemd[1]: Starting ulogd2.service - Netfilter Userspace Logging Daemon... Mar 05 17:19:35.284009 osdx systemd[1]: Started ulogd2.service - Netfilter Userspace Logging Daemon. Mar 05 17:19:35.285243 osdx cfgd[1863]: [466618]Completed change to active configuration Mar 05 17:19:35.286963 osdx ulogd[476562]: registering plugin `NFCT' Mar 05 17:19:35.287853 osdx ulogd[476562]: registering plugin `IP2STR' Mar 05 17:19:35.287915 osdx ulogd[476562]: registering plugin `PRINTFLOW' Mar 05 17:19:35.288986 osdx ulogd[476562]: registering plugin `SYSLOG' Mar 05 17:19:35.288993 osdx ulogd[476562]: building new pluginstance stack: 'ct1:NFCT,ip2str1:IP2STR,print1:PRINTFLOW,sys1:SYSLOG' Mar 05 17:19:35.289051 osdx ulogd[476562]: NFCT plugin working in event mode Mar 05 17:19:35.289065 osdx ulogd[476562]: Changing UID / GID Mar 05 17:19:35.289141 osdx ulogd[476562]: initialization finished, entering main loop Mar 05 17:19:35.296575 osdx OSDxCLI[466618]: User 'admin' committed the configuration. Mar 05 17:19:35.311755 osdx OSDxCLI[466618]: User 'admin' left the configuration menu. Mar 05 17:19:36.129551 osdx ulogd[476562]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 Mar 05 17:19:36.208573 osdx ulogd[476562]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0
Update events
Description
Check UPDATE sessions events are captured
Scenario
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 192.168.100.1/24 set system conntrack logging events update set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 2: Set the following configuration in DUT1 :
set interfaces ethernet eth0 address 192.168.100.2/24 set protocols static route 0.0.0.0/0 next-hop 192.168.100.1 set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 3: Ping IP address 192.168.100.1 from DUT1:
admin@DUT1$ ping 192.168.100.1 count 1 size 56 timeout 1Show output
PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data. 64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.704 ms --- 192.168.100.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.704/0.704/0.704/0.000 ms
Step 4: Ping IP address 192.168.100.1 from DUT1:
admin@DUT1$ ping 192.168.100.1 count 1 size 56 timeout 1Show output
PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data. 64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.510 ms --- 192.168.100.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.510/0.510/0.510/0.000 ms
Step 5: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
ulogd\[.*\]:.*\[UPDATE\].*SRC=192.168.100.2Show output
Mar 05 17:19:40.319681 osdx systemd-journald[466780]: Runtime Journal (/run/log/journal/78445f9299f9414990e66dc8aa510838) is 1.8M, max 13.8M, 11.9M free. Mar 05 17:19:40.322033 osdx systemd-journald[466780]: Received client request to rotate journal, rotating. Mar 05 17:19:40.322083 osdx systemd-journald[466780]: Vacuuming done, freed 0B of archived journals from /run/log/journal/78445f9299f9414990e66dc8aa510838. Mar 05 17:19:40.328897 osdx OSDxCLI[466618]: User 'admin' executed a new command: 'system journal clear'. Mar 05 17:19:40.533838 osdx OSDxCLI[466618]: User 'admin' executed a new command: 'system coredump delete all'. Mar 05 17:19:40.735920 osdx OSDxCLI[466618]: User 'admin' entered the configuration menu. Mar 05 17:19:40.817268 osdx OSDxCLI[466618]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 192.168.100.1/24'. Mar 05 17:19:40.886103 osdx OSDxCLI[466618]: User 'admin' added a new cfg line: 'set system conntrack logging events update'. Mar 05 17:19:40.993260 osdx OSDxCLI[466618]: User 'admin' added a new cfg line: 'show working'. Mar 05 17:19:41.057290 osdx ubnt-cfgd[476762]: inactive Mar 05 17:19:41.075198 osdx INFO[476768]: FRR daemons did not change Mar 05 17:19:41.106060 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Mar 05 17:19:41.156777 osdx WARNING[476840]: No supported link modes on interface eth0 Mar 05 17:19:41.158366 osdx modulelauncher[476840]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on Mar 05 17:19:41.158379 osdx modulelauncher[476840]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76. Mar 05 17:19:41.159534 osdx modulelauncher[476840]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Pause off Asym_Pause off -- Mar 05 17:19:41.159543 osdx modulelauncher[476840]: Command '/sbin/ethtool -s eth0 autoneg on advertise Pause off Asym_Pause off --' returned non-zero exit status 75. Mar 05 17:19:41.210398 osdx systemd[1]: Starting ulogd2.service - Netfilter Userspace Logging Daemon... Mar 05 17:19:41.211106 osdx systemd[1]: Started ulogd2.service - Netfilter Userspace Logging Daemon. Mar 05 17:19:41.211244 osdx ulogd[476865]: registering plugin `NFCT' Mar 05 17:19:41.211290 osdx ulogd[476865]: registering plugin `IP2STR' Mar 05 17:19:41.211332 osdx ulogd[476865]: registering plugin `PRINTFLOW' Mar 05 17:19:41.211378 osdx ulogd[476865]: registering plugin `SYSLOG' Mar 05 17:19:41.211383 osdx ulogd[476865]: building new pluginstance stack: 'ct1:NFCT,ip2str1:IP2STR,print1:PRINTFLOW,sys1:SYSLOG' Mar 05 17:19:41.211435 osdx ulogd[476865]: NFCT plugin working in event mode Mar 05 17:19:41.211444 osdx ulogd[476865]: Changing UID / GID Mar 05 17:19:41.211528 osdx ulogd[476865]: initialization finished, entering main loop Mar 05 17:19:41.212291 osdx cfgd[1863]: [466618]Completed change to active configuration Mar 05 17:19:41.224197 osdx OSDxCLI[466618]: User 'admin' committed the configuration. Mar 05 17:19:41.291917 osdx OSDxCLI[466618]: User 'admin' left the configuration menu. Mar 05 17:19:42.147642 osdx ulogd[476865]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 Mar 05 17:19:42.221352 osdx ulogd[476865]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0
Destroy events
Description
Check DESTROY sessions events are captured
Scenario
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 192.168.100.1/24 set service ssh set system conntrack logging events destroy set system conntrack timeout icmp 1 set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 2: Set the following configuration in DUT1 :
set interfaces ethernet eth0 address 192.168.100.2/24 set protocols static route 0.0.0.0/0 next-hop 192.168.100.1 set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 3: Ping IP address 192.168.100.1 from DUT1:
admin@DUT1$ ping 192.168.100.1 count 1 size 56 timeout 1Show output
PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data. 64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.542 ms --- 192.168.100.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.542/0.542/0.542/0.000 ms
Step 4: Ping IP address 192.168.100.1 from DUT1:
admin@DUT1$ ping 192.168.100.1 count 3 size 56 timeout 1Show output
PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data. 64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.677 ms 64 bytes from 192.168.100.1: icmp_seq=2 ttl=64 time=0.267 ms 64 bytes from 192.168.100.1: icmp_seq=3 ttl=64 time=0.322 ms --- 192.168.100.1 ping statistics --- 3 packets transmitted, 3 received, 0% packet loss, time 2050ms rtt min/avg/max/mdev = 0.267/0.422/0.677/0.181 ms
Step 5: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
ulogd\[.*\]:.*\[DESTROY\].*SRC=192.168.100.2Show output
Mar 05 17:19:47.363687 osdx systemd-journald[466780]: Runtime Journal (/run/log/journal/78445f9299f9414990e66dc8aa510838) is 1.8M, max 13.8M, 11.9M free. Mar 05 17:19:47.364148 osdx systemd-journald[466780]: Received client request to rotate journal, rotating. Mar 05 17:19:47.364182 osdx systemd-journald[466780]: Vacuuming done, freed 0B of archived journals from /run/log/journal/78445f9299f9414990e66dc8aa510838. Mar 05 17:19:47.373532 osdx OSDxCLI[466618]: User 'admin' executed a new command: 'system journal clear'. Mar 05 17:19:47.600508 osdx OSDxCLI[466618]: User 'admin' executed a new command: 'system coredump delete all'. Mar 05 17:19:47.817078 osdx OSDxCLI[466618]: User 'admin' entered the configuration menu. Mar 05 17:19:47.900358 osdx OSDxCLI[466618]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 192.168.100.1/24'. Mar 05 17:19:47.973388 osdx OSDxCLI[466618]: User 'admin' added a new cfg line: 'set system conntrack logging events destroy'. Mar 05 17:19:48.026922 osdx OSDxCLI[466618]: User 'admin' added a new cfg line: 'set system conntrack timeout icmp 1'. Mar 05 17:19:48.118694 osdx OSDxCLI[466618]: User 'admin' added a new cfg line: 'set service ssh'. Mar 05 17:19:48.185385 osdx OSDxCLI[466618]: User 'admin' added a new cfg line: 'show working'. Mar 05 17:19:48.277017 osdx ubnt-cfgd[477069]: inactive Mar 05 17:19:48.351775 osdx INFO[477090]: FRR daemons did not change Mar 05 17:19:48.384051 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Mar 05 17:19:48.430912 osdx WARNING[477164]: No supported link modes on interface eth0 Mar 05 17:19:48.432745 osdx modulelauncher[477164]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on Mar 05 17:19:48.432757 osdx modulelauncher[477164]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76. Mar 05 17:19:48.433932 osdx modulelauncher[477164]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Pause off Asym_Pause off -- Mar 05 17:19:48.433939 osdx modulelauncher[477164]: Command '/sbin/ethtool -s eth0 autoneg on advertise Pause off Asym_Pause off --' returned non-zero exit status 75. Mar 05 17:19:48.472301 osdx systemd[1]: Starting ulogd2.service - Netfilter Userspace Logging Daemon... Mar 05 17:19:48.473101 osdx systemd[1]: Started ulogd2.service - Netfilter Userspace Logging Daemon. Mar 05 17:19:48.473155 osdx ulogd[477189]: registering plugin `NFCT' Mar 05 17:19:48.473200 osdx ulogd[477189]: registering plugin `IP2STR' Mar 05 17:19:48.473248 osdx ulogd[477189]: registering plugin `PRINTFLOW' Mar 05 17:19:48.473294 osdx ulogd[477189]: registering plugin `SYSLOG' Mar 05 17:19:48.473298 osdx ulogd[477189]: building new pluginstance stack: 'ct1:NFCT,ip2str1:IP2STR,print1:PRINTFLOW,sys1:SYSLOG' Mar 05 17:19:48.473347 osdx ulogd[477189]: NFCT plugin working in event mode Mar 05 17:19:48.473358 osdx ulogd[477189]: Changing UID / GID Mar 05 17:19:48.473433 osdx ulogd[477189]: initialization finished, entering main loop Mar 05 17:19:48.532336 osdx systemd[1]: Starting ssh.service - OpenBSD Secure Shell server... Mar 05 17:19:48.551298 osdx sshd[477210]: Server listening on 0.0.0.0 port 22. Mar 05 17:19:48.551368 osdx sshd[477210]: Server listening on :: port 22. Mar 05 17:19:48.551641 osdx systemd[1]: Started ssh.service - OpenBSD Secure Shell server. Mar 05 17:19:48.553871 osdx cfgd[1863]: [466618]Completed change to active configuration Mar 05 17:19:48.583056 osdx OSDxCLI[466618]: User 'admin' committed the configuration. Mar 05 17:19:48.623615 osdx OSDxCLI[466618]: User 'admin' left the configuration menu. Mar 05 17:19:50.561789 osdx ulogd[477189]: [DESTROY] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 Mar 05 17:19:51.585824 osdx ulogd[477189]: [DESTROY] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84
Default logging
Description
Set a simple configuration, send a ping command from one device to other
and check that default fields appear when running system journal show.
Scenario
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 192.168.100.1/24 set system conntrack logging events all set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 2: Set the following configuration in DUT1 :
set interfaces ethernet eth0 address 192.168.100.2/24 set protocols static route 0.0.0.0/0 next-hop 192.168.100.1 set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 3: Ping IP address 192.168.100.1 from DUT1:
admin@DUT1$ ping 192.168.100.1 count 1 size 56 timeout 1Show output
PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data. 64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.686 ms --- 192.168.100.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.686/0.686/0.686/0.000 ms
Step 4: Ping IP address 192.168.100.1 from DUT1:
admin@DUT1$ ping 192.168.100.1 count 1 size 56 timeout 1Show output
PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data. 64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.529 ms --- 192.168.100.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.529/0.529/0.529/0.000 ms
Step 5: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
ulogd\[.*\]:.*\[((NEW)|(UPDATE)|(DESTROY))\].*SRC=192.168.100.2Show output
Mar 05 17:19:58.344342 osdx systemd-journald[466780]: Runtime Journal (/run/log/journal/78445f9299f9414990e66dc8aa510838) is 1.8M, max 13.8M, 11.9M free. Mar 05 17:19:58.344986 osdx systemd-journald[466780]: Received client request to rotate journal, rotating. Mar 05 17:19:58.345040 osdx systemd-journald[466780]: Vacuuming done, freed 0B of archived journals from /run/log/journal/78445f9299f9414990e66dc8aa510838. Mar 05 17:19:58.355227 osdx OSDxCLI[466618]: User 'admin' executed a new command: 'system journal clear'. Mar 05 17:19:58.551974 osdx OSDxCLI[466618]: User 'admin' executed a new command: 'system coredump delete all'. Mar 05 17:19:58.759942 osdx OSDxCLI[466618]: User 'admin' entered the configuration menu. Mar 05 17:19:58.847223 osdx OSDxCLI[466618]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 192.168.100.1/24'. Mar 05 17:19:58.919325 osdx OSDxCLI[466618]: User 'admin' added a new cfg line: 'set system conntrack logging events all'. Mar 05 17:19:58.980095 osdx OSDxCLI[466618]: User 'admin' added a new cfg line: 'show working'. Mar 05 17:19:59.073837 osdx ubnt-cfgd[477433]: inactive Mar 05 17:19:59.092162 osdx INFO[477439]: FRR daemons did not change Mar 05 17:19:59.124987 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Mar 05 17:19:59.174055 osdx WARNING[477511]: No supported link modes on interface eth0 Mar 05 17:19:59.175572 osdx modulelauncher[477511]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on Mar 05 17:19:59.175584 osdx modulelauncher[477511]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76. Mar 05 17:19:59.176758 osdx modulelauncher[477511]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Pause off Asym_Pause off -- Mar 05 17:19:59.176766 osdx modulelauncher[477511]: Command '/sbin/ethtool -s eth0 autoneg on advertise Pause off Asym_Pause off --' returned non-zero exit status 75. Mar 05 17:19:59.233426 osdx systemd[1]: Starting ulogd2.service - Netfilter Userspace Logging Daemon... Mar 05 17:19:59.234121 osdx systemd[1]: Started ulogd2.service - Netfilter Userspace Logging Daemon. Mar 05 17:19:59.234233 osdx ulogd[477536]: registering plugin `NFCT' Mar 05 17:19:59.234273 osdx ulogd[477536]: registering plugin `IP2STR' Mar 05 17:19:59.234316 osdx ulogd[477536]: registering plugin `PRINTFLOW' Mar 05 17:19:59.234354 osdx ulogd[477536]: registering plugin `SYSLOG' Mar 05 17:19:59.234357 osdx ulogd[477536]: building new pluginstance stack: 'ct1:NFCT,ip2str1:IP2STR,print1:PRINTFLOW,sys1:SYSLOG' Mar 05 17:19:59.234397 osdx ulogd[477536]: NFCT plugin working in event mode Mar 05 17:19:59.234406 osdx ulogd[477536]: Changing UID / GID Mar 05 17:19:59.234473 osdx ulogd[477536]: initialization finished, entering main loop Mar 05 17:19:59.235400 osdx cfgd[1863]: [466618]Completed change to active configuration Mar 05 17:19:59.247951 osdx OSDxCLI[466618]: User 'admin' committed the configuration. Mar 05 17:19:59.277084 osdx OSDxCLI[466618]: User 'admin' left the configuration menu. Mar 05 17:20:00.074410 osdx ulogd[477536]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 Mar 05 17:20:00.074431 osdx ulogd[477536]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 Mar 05 17:20:00.151347 osdx ulogd[477536]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 Mar 05 17:20:00.151370 osdx ulogd[477536]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0
Identity logging
Description
Set a simple configuration with identity OSDx_DUT0 for logs entries, send a ping command from one device to other
and check that the identity has changed when running system journal show.
Scenario
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 192.168.100.1/24 set system conntrack logging events all set system conntrack logging identity OSDx_DUT0 set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 2: Set the following configuration in DUT1 :
set interfaces ethernet eth0 address 192.168.100.2/24 set protocols static route 0.0.0.0/0 next-hop 192.168.100.1 set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 3: Ping IP address 192.168.100.1 from DUT1:
admin@DUT1$ ping 192.168.100.1 count 1 size 56 timeout 1Show output
PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data. 64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.652 ms --- 192.168.100.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.652/0.652/0.652/0.000 ms
Step 4: Ping IP address 192.168.100.1 from DUT1:
admin@DUT1$ ping 192.168.100.1 count 1 size 56 timeout 1Show output
PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data. 64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.385 ms --- 192.168.100.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.385/0.385/0.385/0.000 ms
Step 5: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
OSDx_DUT0\[.*\]:.*\[((NEW)|(UPDATE)|(DESTROY))\].*SRC=192.168.100.2Show output
Mar 05 17:20:05.320899 osdx systemd-journald[466780]: Runtime Journal (/run/log/journal/78445f9299f9414990e66dc8aa510838) is 1.8M, max 13.8M, 11.9M free. Mar 05 17:20:05.323239 osdx systemd-journald[466780]: Received client request to rotate journal, rotating. Mar 05 17:20:05.323295 osdx systemd-journald[466780]: Vacuuming done, freed 0B of archived journals from /run/log/journal/78445f9299f9414990e66dc8aa510838. Mar 05 17:20:05.331710 osdx OSDxCLI[466618]: User 'admin' executed a new command: 'system journal clear'. Mar 05 17:20:05.535356 osdx OSDxCLI[466618]: User 'admin' executed a new command: 'system coredump delete all'. Mar 05 17:20:05.819117 osdx OSDxCLI[466618]: User 'admin' entered the configuration menu. Mar 05 17:20:05.918362 osdx OSDxCLI[466618]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 192.168.100.1/24'. Mar 05 17:20:05.994029 osdx OSDxCLI[466618]: User 'admin' added a new cfg line: 'set system conntrack logging events all'. Mar 05 17:20:06.045787 osdx OSDxCLI[466618]: User 'admin' added a new cfg line: 'set system conntrack logging identity OSDx_DUT0'. Mar 05 17:20:06.151891 osdx OSDxCLI[466618]: User 'admin' added a new cfg line: 'show working'. Mar 05 17:20:06.213534 osdx ubnt-cfgd[477741]: inactive Mar 05 17:20:06.232902 osdx INFO[477747]: FRR daemons did not change Mar 05 17:20:06.267231 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Mar 05 17:20:06.326938 osdx WARNING[477819]: No supported link modes on interface eth0 Mar 05 17:20:06.328791 osdx modulelauncher[477819]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on Mar 05 17:20:06.328806 osdx modulelauncher[477819]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76. Mar 05 17:20:06.330319 osdx modulelauncher[477819]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Pause off Asym_Pause off -- Mar 05 17:20:06.330332 osdx modulelauncher[477819]: Command '/sbin/ethtool -s eth0 autoneg on advertise Pause off Asym_Pause off --' returned non-zero exit status 75. Mar 05 17:20:06.379588 osdx systemd[1]: Starting ulogd2.service - Netfilter Userspace Logging Daemon... Mar 05 17:20:06.380501 osdx systemd[1]: Started ulogd2.service - Netfilter Userspace Logging Daemon. Mar 05 17:20:06.380631 osdx ulogd[477844]: registering plugin `NFCT' Mar 05 17:20:06.380668 osdx ulogd[477844]: registering plugin `IP2STR' Mar 05 17:20:06.380701 osdx ulogd[477844]: registering plugin `PRINTFLOW' Mar 05 17:20:06.380740 osdx ulogd[477844]: registering plugin `SYSLOG' Mar 05 17:20:06.380743 osdx ulogd[477844]: building new pluginstance stack: 'ct1:NFCT,ip2str1:IP2STR,print1:PRINTFLOW,sys1:SYSLOG' Mar 05 17:20:06.380788 osdx ulogd[477844]: NFCT plugin working in event mode Mar 05 17:20:06.380797 osdx OSDx_DUT0[477844]: Changing UID / GID Mar 05 17:20:06.380889 osdx OSDx_DUT0[477844]: initialization finished, entering main loop Mar 05 17:20:06.381981 osdx cfgd[1863]: [466618]Completed change to active configuration Mar 05 17:20:06.394010 osdx OSDxCLI[466618]: User 'admin' committed the configuration. Mar 05 17:20:06.434082 osdx OSDxCLI[466618]: User 'admin' left the configuration menu. Mar 05 17:20:07.410631 osdx OSDx_DUT0[477844]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 Mar 05 17:20:07.410654 osdx OSDx_DUT0[477844]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 Mar 05 17:20:07.509116 osdx OSDx_DUT0[477844]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 Mar 05 17:20:07.509136 osdx OSDx_DUT0[477844]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0
Note
If the identity is not provided, “ulogd” will be used by default.
Step 6: Modify the following configuration lines in DUT0 :
delete system conntrack logging identity
Step 7: Ping IP address 192.168.100.1 from DUT1:
admin@DUT1$ ping 192.168.100.1 count 1 size 56 timeout 1Show output
PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data. 64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.420 ms --- 192.168.100.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.420/0.420/0.420/0.000 ms
Step 8: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
ulogd\[.*\]:.*\[((NEW)|(UPDATE)|(DESTROY))\].*SRC=192.168.100.2Show output
Mar 05 17:20:05.320899 osdx systemd-journald[466780]: Runtime Journal (/run/log/journal/78445f9299f9414990e66dc8aa510838) is 1.8M, max 13.8M, 11.9M free. Mar 05 17:20:05.323239 osdx systemd-journald[466780]: Received client request to rotate journal, rotating. Mar 05 17:20:05.323295 osdx systemd-journald[466780]: Vacuuming done, freed 0B of archived journals from /run/log/journal/78445f9299f9414990e66dc8aa510838. Mar 05 17:20:05.331710 osdx OSDxCLI[466618]: User 'admin' executed a new command: 'system journal clear'. Mar 05 17:20:05.535356 osdx OSDxCLI[466618]: User 'admin' executed a new command: 'system coredump delete all'. Mar 05 17:20:05.819117 osdx OSDxCLI[466618]: User 'admin' entered the configuration menu. Mar 05 17:20:05.918362 osdx OSDxCLI[466618]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 192.168.100.1/24'. Mar 05 17:20:05.994029 osdx OSDxCLI[466618]: User 'admin' added a new cfg line: 'set system conntrack logging events all'. Mar 05 17:20:06.045787 osdx OSDxCLI[466618]: User 'admin' added a new cfg line: 'set system conntrack logging identity OSDx_DUT0'. Mar 05 17:20:06.151891 osdx OSDxCLI[466618]: User 'admin' added a new cfg line: 'show working'. Mar 05 17:20:06.213534 osdx ubnt-cfgd[477741]: inactive Mar 05 17:20:06.232902 osdx INFO[477747]: FRR daemons did not change Mar 05 17:20:06.267231 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Mar 05 17:20:06.326938 osdx WARNING[477819]: No supported link modes on interface eth0 Mar 05 17:20:06.328791 osdx modulelauncher[477819]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on Mar 05 17:20:06.328806 osdx modulelauncher[477819]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76. Mar 05 17:20:06.330319 osdx modulelauncher[477819]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Pause off Asym_Pause off -- Mar 05 17:20:06.330332 osdx modulelauncher[477819]: Command '/sbin/ethtool -s eth0 autoneg on advertise Pause off Asym_Pause off --' returned non-zero exit status 75. Mar 05 17:20:06.379588 osdx systemd[1]: Starting ulogd2.service - Netfilter Userspace Logging Daemon... Mar 05 17:20:06.380501 osdx systemd[1]: Started ulogd2.service - Netfilter Userspace Logging Daemon. Mar 05 17:20:06.380631 osdx ulogd[477844]: registering plugin `NFCT' Mar 05 17:20:06.380668 osdx ulogd[477844]: registering plugin `IP2STR' Mar 05 17:20:06.380701 osdx ulogd[477844]: registering plugin `PRINTFLOW' Mar 05 17:20:06.380740 osdx ulogd[477844]: registering plugin `SYSLOG' Mar 05 17:20:06.380743 osdx ulogd[477844]: building new pluginstance stack: 'ct1:NFCT,ip2str1:IP2STR,print1:PRINTFLOW,sys1:SYSLOG' Mar 05 17:20:06.380788 osdx ulogd[477844]: NFCT plugin working in event mode Mar 05 17:20:06.380797 osdx OSDx_DUT0[477844]: Changing UID / GID Mar 05 17:20:06.380889 osdx OSDx_DUT0[477844]: initialization finished, entering main loop Mar 05 17:20:06.381981 osdx cfgd[1863]: [466618]Completed change to active configuration Mar 05 17:20:06.394010 osdx OSDxCLI[466618]: User 'admin' committed the configuration. Mar 05 17:20:06.434082 osdx OSDxCLI[466618]: User 'admin' left the configuration menu. Mar 05 17:20:07.410631 osdx OSDx_DUT0[477844]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 Mar 05 17:20:07.410654 osdx OSDx_DUT0[477844]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 Mar 05 17:20:07.509116 osdx OSDx_DUT0[477844]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 Mar 05 17:20:07.509136 osdx OSDx_DUT0[477844]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 Mar 05 17:20:07.612582 osdx OSDxCLI[466618]: User 'admin' executed a new command: 'system journal show | cat'. Mar 05 17:20:07.751468 osdx OSDxCLI[466618]: User 'admin' entered the configuration menu. Mar 05 17:20:07.830233 osdx OSDxCLI[466618]: User 'admin' added a new cfg line: 'delete system conntrack logging identity'. Mar 05 17:20:07.924177 osdx OSDxCLI[466618]: User 'admin' added a new cfg line: 'show changes'. Mar 05 17:20:07.982109 osdx ubnt-cfgd[477880]: inactive Mar 05 17:20:07.998162 osdx INFO[477886]: FRR daemons did not change Mar 05 17:20:08.007125 osdx OSDx_DUT0[477844]: Terminal signal received, exiting Mar 05 17:20:08.007189 osdx systemd[1]: Stopping ulogd2.service - Netfilter Userspace Logging Daemon... Mar 05 17:20:08.007471 osdx systemd[1]: ulogd2.service: Deactivated successfully. Mar 05 17:20:08.007570 osdx systemd[1]: Stopped ulogd2.service - Netfilter Userspace Logging Daemon. Mar 05 17:20:08.023519 osdx systemd[1]: Starting ulogd2.service - Netfilter Userspace Logging Daemon... Mar 05 17:20:08.024351 osdx systemd[1]: Started ulogd2.service - Netfilter Userspace Logging Daemon. Mar 05 17:20:08.024502 osdx ulogd[477894]: registering plugin `NFCT' Mar 05 17:20:08.024550 osdx ulogd[477894]: registering plugin `IP2STR' Mar 05 17:20:08.024594 osdx ulogd[477894]: registering plugin `PRINTFLOW' Mar 05 17:20:08.024641 osdx ulogd[477894]: registering plugin `SYSLOG' Mar 05 17:20:08.024645 osdx ulogd[477894]: building new pluginstance stack: 'ct1:NFCT,ip2str1:IP2STR,print1:PRINTFLOW,sys1:SYSLOG' Mar 05 17:20:08.024697 osdx ulogd[477894]: NFCT plugin working in event mode Mar 05 17:20:08.024708 osdx ulogd[477894]: Changing UID / GID Mar 05 17:20:08.024781 osdx ulogd[477894]: initialization finished, entering main loop Mar 05 17:20:08.025691 osdx cfgd[1863]: [466618]Completed change to active configuration Mar 05 17:20:08.026995 osdx ulogd[477894]: [DESTROY] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 Mar 05 17:20:08.027019 osdx ulogd[477894]: [DESTROY] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 Mar 05 17:20:08.027628 osdx OSDxCLI[466618]: User 'admin' committed the configuration. Mar 05 17:20:08.042569 osdx OSDxCLI[466618]: User 'admin' left the configuration menu. Mar 05 17:20:08.199428 osdx ulogd[477894]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 Mar 05 17:20:08.199446 osdx ulogd[477894]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0
Policies logging
Description
Set a simple configuration with mark and label traffic policies,
send a ping command from one device to other
and check that default, mark and label fields appear when running system journal show.
Scenario
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 192.168.100.1/24 set interfaces ethernet eth0 traffic policy in POLICY set system conntrack logging events all set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0' set traffic label TEST set traffic policy POLICY rule 1 set connmark 33 set traffic policy POLICY rule 1 set label TEST
Step 2: Set the following configuration in DUT1 :
set interfaces ethernet eth0 address 192.168.100.2/24 set protocols static route 0.0.0.0/0 next-hop 192.168.100.1 set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 3: Ping IP address 192.168.100.1 from DUT1:
admin@DUT1$ ping 192.168.100.1 count 1 size 56 timeout 1Show output
PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data. 64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.381 ms --- 192.168.100.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.381/0.381/0.381/0.000 ms
Step 4: Ping IP address 192.168.100.1 from DUT1:
admin@DUT1$ ping 192.168.100.1 count 2 size 56 timeout 1Show output
PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data. 64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.455 ms 64 bytes from 192.168.100.1: icmp_seq=2 ttl=64 time=0.320 ms --- 192.168.100.1 ping statistics --- 2 packets transmitted, 2 received, 0% packet loss, time 1017ms rtt min/avg/max/mdev = 0.320/0.387/0.455/0.067 ms
Step 5: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
ulogd\[.*\]:.*\[((NEW)|(UPDATE)|(DESTROY))\].*MARK=33.*LABELS=TESTShow output
Mar 05 17:20:12.281940 osdx systemd-journald[466780]: Runtime Journal (/run/log/journal/78445f9299f9414990e66dc8aa510838) is 1.8M, max 13.8M, 11.9M free. Mar 05 17:20:12.283930 osdx systemd-journald[466780]: Received client request to rotate journal, rotating. Mar 05 17:20:12.283989 osdx systemd-journald[466780]: Vacuuming done, freed 0B of archived journals from /run/log/journal/78445f9299f9414990e66dc8aa510838. Mar 05 17:20:12.291827 osdx OSDxCLI[466618]: User 'admin' executed a new command: 'system journal clear'. Mar 05 17:20:12.496227 osdx OSDxCLI[466618]: User 'admin' executed a new command: 'system coredump delete all'. Mar 05 17:20:12.734764 osdx OSDxCLI[466618]: User 'admin' entered the configuration menu. Mar 05 17:20:12.845827 osdx OSDxCLI[466618]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 traffic policy in POLICY'. Mar 05 17:20:12.904724 osdx OSDxCLI[466618]: User 'admin' added a new cfg line: 'set traffic label TEST'. Mar 05 17:20:13.012400 osdx OSDxCLI[466618]: User 'admin' added a new cfg line: 'set traffic policy POLICY rule 1 set connmark 33'. Mar 05 17:20:13.077713 osdx OSDxCLI[466618]: User 'admin' added a new cfg line: 'set traffic policy POLICY rule 1 set label TEST'. Mar 05 17:20:13.170618 osdx OSDxCLI[466618]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 192.168.100.1/24'. Mar 05 17:20:13.241232 osdx OSDxCLI[466618]: User 'admin' added a new cfg line: 'set system conntrack logging events all'. Mar 05 17:20:13.365409 osdx OSDxCLI[466618]: User 'admin' added a new cfg line: 'show working'. Mar 05 17:20:13.427051 osdx ubnt-cfgd[478074]: inactive Mar 05 17:20:13.454096 osdx INFO[478088]: FRR daemons did not change Mar 05 17:20:13.483937 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Mar 05 17:20:13.530777 osdx WARNING[478160]: No supported link modes on interface eth0 Mar 05 17:20:13.532178 osdx modulelauncher[478160]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on Mar 05 17:20:13.532189 osdx modulelauncher[478160]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76. Mar 05 17:20:13.533282 osdx modulelauncher[478160]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Pause off Asym_Pause off -- Mar 05 17:20:13.533288 osdx modulelauncher[478160]: Command '/sbin/ethtool -s eth0 autoneg on advertise Pause off Asym_Pause off --' returned non-zero exit status 75. Mar 05 17:20:13.576382 osdx systemd[1]: Starting ulogd2.service - Netfilter Userspace Logging Daemon... Mar 05 17:20:13.577333 osdx systemd[1]: Started ulogd2.service - Netfilter Userspace Logging Daemon. Mar 05 17:20:13.577487 osdx ulogd[478185]: registering plugin `NFCT' Mar 05 17:20:13.577539 osdx ulogd[478185]: registering plugin `IP2STR' Mar 05 17:20:13.577585 osdx ulogd[478185]: registering plugin `PRINTFLOW' Mar 05 17:20:13.577650 osdx ulogd[478185]: registering plugin `SYSLOG' Mar 05 17:20:13.577655 osdx ulogd[478185]: building new pluginstance stack: 'ct1:NFCT,ip2str1:IP2STR,print1:PRINTFLOW,sys1:SYSLOG' Mar 05 17:20:13.577715 osdx ulogd[478185]: NFCT plugin working in event mode Mar 05 17:20:13.577726 osdx ulogd[478185]: Changing UID / GID Mar 05 17:20:13.577810 osdx ulogd[478185]: initialization finished, entering main loop Mar 05 17:20:13.587285 osdx ulogd[478185]: Terminal signal received, exiting Mar 05 17:20:13.587393 osdx systemd[1]: Stopping ulogd2.service - Netfilter Userspace Logging Daemon... Mar 05 17:20:13.587621 osdx systemd[1]: ulogd2.service: Deactivated successfully. Mar 05 17:20:13.587733 osdx systemd[1]: Stopped ulogd2.service - Netfilter Userspace Logging Daemon. Mar 05 17:20:13.588866 osdx systemd[1]: Starting ulogd2.service - Netfilter Userspace Logging Daemon... Mar 05 17:20:13.590140 osdx systemd[1]: Started ulogd2.service - Netfilter Userspace Logging Daemon. Mar 05 17:20:13.590587 osdx ulogd[478191]: registering plugin `NFCT' Mar 05 17:20:13.590682 osdx ulogd[478191]: registering plugin `IP2STR' Mar 05 17:20:13.590811 osdx ulogd[478191]: registering plugin `PRINTFLOW' Mar 05 17:20:13.590924 osdx ulogd[478191]: registering plugin `SYSLOG' Mar 05 17:20:13.590933 osdx ulogd[478191]: building new pluginstance stack: 'ct1:NFCT,ip2str1:IP2STR,print1:PRINTFLOW,sys1:SYSLOG' Mar 05 17:20:13.591036 osdx ulogd[478191]: NFCT plugin working in event mode Mar 05 17:20:13.591059 osdx ulogd[478191]: Changing UID / GID Mar 05 17:20:13.591216 osdx ulogd[478191]: initialization finished, entering main loop Mar 05 17:20:13.818804 osdx cfgd[1863]: [466618]Completed change to active configuration Mar 05 17:20:13.830310 osdx OSDxCLI[466618]: User 'admin' committed the configuration. Mar 05 17:20:13.855360 osdx OSDxCLI[466618]: User 'admin' left the configuration menu. Mar 05 17:20:14.640881 osdx ulogd[478191]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 MARK=33 LABELS=TEST Mar 05 17:20:14.640905 osdx ulogd[478191]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 MARK=33 Mar 05 17:20:14.724522 osdx ulogd[478191]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 MARK=33 LABELS=TEST Mar 05 17:20:14.724546 osdx ulogd[478191]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 MARK=33
VRF logging
Description
Set a simple configuration with a vrf,
send a ping command from one device to other
and check that default and vrf fields appear when running system journal show.
Scenario
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 192.168.100.1/24 set interfaces ethernet eth0 vrf RED set protocols vrf RED static route 0.0.0.0/0 next-hop 192.168.100.2 set system conntrack logging events all set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0' set system vrf RED
Step 2: Set the following configuration in DUT1 :
set interfaces ethernet eth0 address 192.168.100.2/24 set protocols static route 0.0.0.0/0 next-hop 192.168.100.1 set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 3: Ping IP address 192.168.100.1 from DUT1:
admin@DUT1$ ping 192.168.100.1 count 1 size 56 timeout 1Show output
PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data. 64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.631 ms --- 192.168.100.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.631/0.631/0.631/0.000 ms
Step 4: Ping IP address 192.168.100.1 from DUT1:
admin@DUT1$ ping 192.168.100.1 count 1 size 56 timeout 1Show output
PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data. 64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.523 ms --- 192.168.100.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.523/0.523/0.523/0.000 ms
Step 5: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
ulogd\[.*\]:.*\[((NEW)|(UPDATE)|(DESTROY))\].*VRF=REDShow output
Mar 05 17:20:19.000216 osdx systemd-timedated[472354]: Changed local time to Thu 2026-03-05 17:20:19 UTC Mar 05 17:20:19.001314 osdx systemd-journald[466780]: Time jumped backwards, rotating. Mar 05 17:20:19.001783 osdx OSDxCLI[466618]: User 'admin' executed a new command: 'set date 2026-03-05 17:20:19'. Mar 05 17:20:19.281239 osdx systemd-journald[466780]: Runtime Journal (/run/log/journal/78445f9299f9414990e66dc8aa510838) is 1.8M, max 13.8M, 11.9M free. Mar 05 17:20:19.281679 osdx systemd-journald[466780]: Received client request to rotate journal, rotating. Mar 05 17:20:19.281709 osdx systemd-journald[466780]: Vacuuming done, freed 0B of archived journals from /run/log/journal/78445f9299f9414990e66dc8aa510838. Mar 05 17:20:19.290728 osdx OSDxCLI[466618]: User 'admin' executed a new command: 'system journal clear'. Mar 05 17:20:19.491087 osdx OSDxCLI[466618]: User 'admin' executed a new command: 'system coredump delete all'. Mar 05 17:20:19.738079 osdx OSDxCLI[466618]: User 'admin' entered the configuration menu. Mar 05 17:20:19.821759 osdx OSDxCLI[466618]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 vrf RED'. Mar 05 17:20:19.894500 osdx OSDxCLI[466618]: User 'admin' added a new cfg line: 'set protocols vrf RED static route 0.0.0.0/0 next-hop 192.168.100.2'. Mar 05 17:20:19.981671 osdx OSDxCLI[466618]: User 'admin' added a new cfg line: 'set system vrf RED'. Mar 05 17:20:20.038838 osdx OSDxCLI[466618]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 192.168.100.1/24'. Mar 05 17:20:20.132352 osdx OSDxCLI[466618]: User 'admin' added a new cfg line: 'set system conntrack logging events all'. Mar 05 17:20:20.200245 osdx OSDxCLI[466618]: User 'admin' added a new cfg line: 'show working'. Mar 05 17:20:20.293340 osdx ubnt-cfgd[478443]: inactive Mar 05 17:20:20.315274 osdx INFO[478449]: FRR daemons did not change Mar 05 17:20:20.324746 osdx (udev-worker)[478459]: RED: Could not disable auto negotiation, ignoring: Operation not supported Mar 05 17:20:20.324777 osdx (udev-worker)[478459]: Network interface NamePolicy= disabled on kernel command line. Mar 05 17:20:20.361327 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Mar 05 17:20:20.409184 osdx WARNING[478542]: No supported link modes on interface eth0 Mar 05 17:20:20.410742 osdx modulelauncher[478542]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on Mar 05 17:20:20.410756 osdx modulelauncher[478542]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76. Mar 05 17:20:20.411975 osdx modulelauncher[478542]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Pause off Asym_Pause off -- Mar 05 17:20:20.411985 osdx modulelauncher[478542]: Command '/sbin/ethtool -s eth0 autoneg on advertise Pause off Asym_Pause off --' returned non-zero exit status 75. Mar 05 17:20:20.425324 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Mar 05 17:20:20.521631 osdx systemd[1]: Starting ulogd2.service - Netfilter Userspace Logging Daemon... Mar 05 17:20:20.522530 osdx systemd[1]: Started ulogd2.service - Netfilter Userspace Logging Daemon. Mar 05 17:20:20.522674 osdx ulogd[478628]: registering plugin `NFCT' Mar 05 17:20:20.522728 osdx ulogd[478628]: registering plugin `IP2STR' Mar 05 17:20:20.522783 osdx ulogd[478628]: registering plugin `PRINTFLOW' Mar 05 17:20:20.522833 osdx ulogd[478628]: registering plugin `SYSLOG' Mar 05 17:20:20.522837 osdx ulogd[478628]: building new pluginstance stack: 'ct1:NFCT,ip2str1:IP2STR,print1:PRINTFLOW,sys1:SYSLOG' Mar 05 17:20:20.522885 osdx ulogd[478628]: NFCT plugin working in event mode Mar 05 17:20:20.522897 osdx ulogd[478628]: Changing UID / GID Mar 05 17:20:20.522978 osdx ulogd[478628]: initialization finished, entering main loop Mar 05 17:20:20.523930 osdx cfgd[1863]: [466618]Completed change to active configuration Mar 05 17:20:20.538191 osdx OSDxCLI[466618]: User 'admin' committed the configuration. Mar 05 17:20:20.555579 osdx OSDxCLI[466618]: User 'admin' left the configuration menu. Mar 05 17:20:21.356855 osdx ulogd[478628]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 VRF=RED PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 VRF=RED PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 Mar 05 17:20:21.356882 osdx ulogd[478628]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 VRF=RED PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 VRF=RED PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 Mar 05 17:20:21.435729 osdx ulogd[478628]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 VRF=RED PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 VRF=RED PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 Mar 05 17:20:21.435752 osdx ulogd[478628]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 VRF=RED PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 VRF=RED PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0
Not-Bypass logging
Description
Set a simple configuration with a firewall service,
send a ping command from one device to other
and check that default and bypass fields appear when running system journal show.
Scenario
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth1 address 10.215.168.64/24 set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 2: Ping IP address 10.215.168.1 from DUT0:
admin@DUT0$ ping 10.215.168.1 count 1 size 56 timeout 1Show output
PING 10.215.168.1 (10.215.168.1) 56(84) bytes of data. 64 bytes from 10.215.168.1: icmp_seq=1 ttl=64 time=0.998 ms --- 10.215.168.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.998/0.998/0.998/0.000 ms
Step 3: Run command file copy http://10.215.168.1/~robot/test-performance.rules running:// force at DUT0 and expect this output:
Show output
% Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 100 129 100 129 0 0 17815 0 --:--:-- --:--:-- --:--:-- 18428
Step 4: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 192.168.100.1/24 set interfaces ethernet eth0 traffic policy in POLICY set interfaces ethernet eth1 address 10.215.168.64/24 set service firewall FW mode inline queue FW_Q set service firewall FW ruleset file 'running://test-performance.rules' set service firewall FW stream bypass mark 129834765 set service firewall FW stream bypass mask 129834765 set service firewall FW stream bypass set-connmark set system conntrack logging events all set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0' set traffic policy POLICY rule 1 action enqueue FW_Q set traffic queue FW_Q elements 1
Step 5: Set the following configuration in DUT1 :
set interfaces ethernet eth0 address 192.168.100.2/24 set protocols static route 0.0.0.0/0 next-hop 192.168.100.1 set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 6: Ping IP address 192.168.100.1 from DUT1:
admin@DUT1$ ping 192.168.100.1 count 1 size 56 timeout 1Show output
PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data. 64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.552 ms --- 192.168.100.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.552/0.552/0.552/0.000 ms
Step 7: Ping IP address 192.168.100.1 from DUT1:
admin@DUT1$ ping 192.168.100.1 count 1 size 56 timeout 1Show output
PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data. 64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.335 ms --- 192.168.100.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.335/0.335/0.335/0.000 ms
Step 8: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
ulogd\[.*\]:.*\[((NEW)|(UPDATE)|(DESTROY))\].*Sc: not-bypassShow output
Mar 05 17:20:27.366357 osdx systemd-journald[466780]: Runtime Journal (/run/log/journal/78445f9299f9414990e66dc8aa510838) is 1.9M, max 13.8M, 11.9M free. Mar 05 17:20:27.367720 osdx systemd-journald[466780]: Received client request to rotate journal, rotating. Mar 05 17:20:27.367769 osdx systemd-journald[466780]: Vacuuming done, freed 0B of archived journals from /run/log/journal/78445f9299f9414990e66dc8aa510838. Mar 05 17:20:27.378380 osdx OSDxCLI[466618]: User 'admin' executed a new command: 'system journal clear'. Mar 05 17:20:27.639688 osdx OSDxCLI[466618]: User 'admin' executed a new command: 'system coredump delete all'. Mar 05 17:20:27.930441 osdx OSDxCLI[466618]: User 'admin' entered the configuration menu. Mar 05 17:20:28.047925 osdx OSDxCLI[466618]: User 'admin' added a new cfg line: 'set interfaces ethernet eth1 address 10.215.168.64/24'. Mar 05 17:20:28.147843 osdx OSDxCLI[466618]: User 'admin' added a new cfg line: 'show working'. Mar 05 17:20:28.259583 osdx ubnt-cfgd[478914]: inactive Mar 05 17:20:28.434530 osdx INFO[478920]: FRR daemons did not change Mar 05 17:20:28.471396 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth1 Mar 05 17:20:28.532982 osdx WARNING[478989]: No supported link modes on interface eth1 Mar 05 17:20:28.534867 osdx modulelauncher[478989]: osdx.utils.xos cmd error: /sbin/ethtool -A eth1 autoneg on Mar 05 17:20:28.534881 osdx modulelauncher[478989]: Command '/sbin/ethtool -A eth1 autoneg on' returned non-zero exit status 76. Mar 05 17:20:28.536278 osdx modulelauncher[478989]: osdx.utils.xos cmd error: /sbin/ethtool -s eth1 autoneg on advertise Pause off Asym_Pause off -- Mar 05 17:20:28.536288 osdx modulelauncher[478989]: Command '/sbin/ethtool -s eth1 autoneg on advertise Pause off Asym_Pause off --' returned non-zero exit status 75. Mar 05 17:20:28.549067 osdx cfgd[1863]: [466618]Completed change to active configuration Mar 05 17:20:28.561811 osdx OSDxCLI[466618]: User 'admin' committed the configuration. Mar 05 17:20:28.582827 osdx OSDxCLI[466618]: User 'admin' left the configuration menu. Mar 05 17:20:28.795632 osdx OSDxCLI[466618]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'. Mar 05 17:20:29.043232 osdx file_operation[479045]: using src url: http://10.215.168.1/~robot/test-performance.rules dst url: running:// Mar 05 17:20:29.075864 osdx OSDxCLI[466618]: User 'admin' executed a new command: 'file copy http://10.215.168.1/~robot/test-performance.rules running:// force'. Mar 05 17:20:29.226789 osdx OSDxCLI[466618]: User 'admin' entered the configuration menu. Mar 05 17:20:29.314000 osdx OSDxCLI[466618]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 traffic policy in POLICY'. Mar 05 17:20:29.485837 osdx OSDxCLI[466618]: User 'admin' added a new cfg line: 'set service firewall FW mode inline queue FW_Q'. Mar 05 17:20:29.589334 osdx OSDxCLI[466618]: User 'admin' added a new cfg line: 'set service firewall FW ruleset file running://test-performance.rules'. Mar 05 17:20:29.717781 osdx OSDxCLI[466618]: User 'admin' added a new cfg line: 'set service firewall FW stream bypass'. Mar 05 17:20:29.894828 osdx OSDxCLI[466618]: User 'admin' added a new cfg line: 'set service firewall FW stream bypass mark 129834765'. Mar 05 17:20:29.965251 osdx OSDxCLI[466618]: User 'admin' added a new cfg line: 'set service firewall FW stream bypass mask 129834765'. Mar 05 17:20:30.071864 osdx OSDxCLI[466618]: User 'admin' added a new cfg line: 'set service firewall FW stream bypass set-connmark'. Mar 05 17:20:30.169909 osdx OSDxCLI[466618]: User 'admin' added a new cfg line: 'set traffic queue FW_Q elements 1'. Mar 05 17:20:30.246939 osdx OSDxCLI[466618]: User 'admin' added a new cfg line: 'set traffic policy POLICY rule 1 action enqueue FW_Q'. Mar 05 17:20:30.363909 osdx OSDxCLI[466618]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 192.168.100.1/24'. Mar 05 17:20:30.437347 osdx OSDxCLI[466618]: User 'admin' added a new cfg line: 'set system conntrack logging events all'. Mar 05 17:20:30.542848 osdx OSDxCLI[466618]: User 'admin' added a new cfg line: 'show working'. Mar 05 17:20:30.663476 osdx ubnt-cfgd[479080]: inactive Mar 05 17:20:30.712193 osdx INFO[479097]: FRR daemons did not change Mar 05 17:20:30.751395 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Mar 05 17:20:30.805438 osdx WARNING[479169]: No supported link modes on interface eth0 Mar 05 17:20:30.807179 osdx modulelauncher[479169]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on Mar 05 17:20:30.807194 osdx modulelauncher[479169]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76. Mar 05 17:20:30.808849 osdx modulelauncher[479169]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Pause off Asym_Pause off -- Mar 05 17:20:30.808860 osdx modulelauncher[479169]: Command '/sbin/ethtool -s eth0 autoneg on advertise Pause off Asym_Pause off --' returned non-zero exit status 75. Mar 05 17:20:30.863762 osdx systemd[1]: Starting ulogd2.service - Netfilter Userspace Logging Daemon... Mar 05 17:20:30.864929 osdx systemd[1]: Started ulogd2.service - Netfilter Userspace Logging Daemon. Mar 05 17:20:30.865057 osdx ulogd[479194]: registering plugin `NFCT' Mar 05 17:20:30.865104 osdx ulogd[479194]: registering plugin `IP2STR' Mar 05 17:20:30.865147 osdx ulogd[479194]: registering plugin `PRINTFLOW' Mar 05 17:20:30.865201 osdx ulogd[479194]: registering plugin `SYSLOG' Mar 05 17:20:30.865204 osdx ulogd[479194]: building new pluginstance stack: 'ct1:NFCT,ip2str1:IP2STR,print1:PRINTFLOW,sys1:SYSLOG' Mar 05 17:20:30.865260 osdx ulogd[479194]: NFCT plugin working in event mode Mar 05 17:20:30.865270 osdx ulogd[479194]: Changing UID / GID Mar 05 17:20:30.865360 osdx ulogd[479194]: initialization finished, entering main loop Mar 05 17:20:31.135178 osdx ulogd[479194]: Terminal signal received, exiting Mar 05 17:20:31.135352 osdx systemd[1]: Stopping ulogd2.service - Netfilter Userspace Logging Daemon... Mar 05 17:20:31.135681 osdx systemd[1]: ulogd2.service: Deactivated successfully. Mar 05 17:20:31.135799 osdx systemd[1]: Stopped ulogd2.service - Netfilter Userspace Logging Daemon. Mar 05 17:20:31.159812 osdx systemd[1]: Starting ulogd2.service - Netfilter Userspace Logging Daemon... Mar 05 17:20:31.160735 osdx systemd[1]: Started ulogd2.service - Netfilter Userspace Logging Daemon. Mar 05 17:20:31.160896 osdx ulogd[479222]: registering plugin `NFCT' Mar 05 17:20:31.160970 osdx ulogd[479222]: registering plugin `IP2STR' Mar 05 17:20:31.161011 osdx ulogd[479222]: registering plugin `PRINTFLOW' Mar 05 17:20:31.161062 osdx ulogd[479222]: registering plugin `SYSLOG' Mar 05 17:20:31.161066 osdx ulogd[479222]: building new pluginstance stack: 'ct1:NFCT,ip2str1:IP2STR,print1:PRINTFLOW,sys1:SYSLOG' Mar 05 17:20:31.161120 osdx ulogd[479222]: NFCT plugin working in event mode Mar 05 17:20:31.161135 osdx ulogd[479222]: Changing UID / GID Mar 05 17:20:31.161227 osdx ulogd[479222]: initialization finished, entering main loop Mar 05 17:20:31.223733 osdx systemd[1]: Reloading. Mar 05 17:20:31.279405 osdx systemd-sysv-generator[479242]: stat() failed on /etc/init.d/README, ignoring: No such file or directory Mar 05 17:20:31.431892 osdx systemd[1]: Starting logrotate.service - Rotate log files... Mar 05 17:20:31.436695 osdx systemd[1]: Created slice system-suricata.slice - Slice /system/suricata. Mar 05 17:20:31.437761 osdx systemd[1]: Starting suricata@FW.service - Suricata client "FW" service... Mar 05 17:20:31.462652 osdx systemd[1]: logrotate.service: Deactivated successfully. Mar 05 17:20:31.462796 osdx systemd[1]: Finished logrotate.service - Rotate log files. Mar 05 17:20:31.748278 osdx systemd[1]: Started suricata@FW.service - Suricata client "FW" service. Mar 05 17:20:32.122066 osdx INFO[479224]: Rules successfully loaded Mar 05 17:20:32.122654 osdx cfgd[1863]: [466618]Completed change to active configuration Mar 05 17:20:32.136856 osdx OSDxCLI[466618]: User 'admin' committed the configuration. Mar 05 17:20:32.181983 osdx OSDxCLI[466618]: User 'admin' left the configuration menu. Mar 05 17:20:33.117726 osdx ulogd[479222]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 (Sc: not-bypass) Mar 05 17:20:33.117748 osdx ulogd[479222]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 (Sc: not-bypass) Mar 05 17:20:33.237806 osdx ulogd[479222]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 (Sc: not-bypass) Mar 05 17:20:33.237826 osdx ulogd[479222]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 (Sc: not-bypass)
Offload flag
Description
Set a simple configuration with DUT0 as an intermediary between DUT1
and DUT2. Initiate a ssh connection from DUT1 to DUT2
and check that default and offload fields appear when running system journal show.
Scenario
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 192.168.100.1/24 set interfaces ethernet eth1 address 192.168.200.1/24 set system conntrack logging events all set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 2: Set the following configuration in DUT1 :
set interfaces ethernet eth0 address 192.168.100.2/24 set protocols static route 0.0.0.0/0 next-hop 192.168.100.1 set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 3: Set the following configuration in DUT2 :
set interfaces ethernet eth0 address 192.168.200.2/24 set protocols static route 0.0.0.0/0 next-hop 192.168.200.1 set service ssh set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 4: Ping IP address 192.168.100.1 from DUT1:
admin@DUT1$ ping 192.168.100.1 count 1 size 56 timeout 1Show output
PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data. 64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.975 ms --- 192.168.100.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.975/0.975/0.975/0.000 ms
Step 5: Ping IP address 192.168.200.1 from DUT2:
admin@DUT2$ ping 192.168.200.1 count 1 size 56 timeout 1Show output
PING 192.168.200.1 (192.168.200.1) 56(84) bytes of data. 64 bytes from 192.168.200.1: icmp_seq=1 ttl=64 time=0.391 ms --- 192.168.200.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.391/0.391/0.391/0.000 ms
Step 6: Init an SSH connection from DUT1 to IP address 192.168.200.2 with the user admin:
admin@DUT1$ ssh admin@192.168.200.2 option StrictHostKeyChecking=no option UserKnownHostsFile=/dev/nullShow output
Warning: Permanently added '192.168.200.2' (ECDSA) to the list of known hosts. admin@192.168.200.2's password: Welcome to Teldat OSDx v4.2.9.0 This system includes free software. Contact Teldat for licenses information and source code. Last login: Thu Mar 5 17:13:00 2026 from 10.215.168.64 admin@osdx$
Step 7: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
ulogd\[.*\]:.*\[((NEW)|(UPDATE)|(DESTROY))\].*\[OFFLOAD\]Show output
Mar 05 17:20:42.443663 osdx systemd-journald[466780]: Runtime Journal (/run/log/journal/78445f9299f9414990e66dc8aa510838) is 1.9M, max 13.8M, 11.9M free. Mar 05 17:20:42.444588 osdx systemd-journald[466780]: Received client request to rotate journal, rotating. Mar 05 17:20:42.444640 osdx systemd-journald[466780]: Vacuuming done, freed 0B of archived journals from /run/log/journal/78445f9299f9414990e66dc8aa510838. Mar 05 17:20:42.455149 osdx OSDxCLI[466618]: User 'admin' executed a new command: 'system journal clear'. Mar 05 17:20:42.664970 osdx OSDxCLI[466618]: User 'admin' executed a new command: 'system coredump delete all'. Mar 05 17:20:42.883891 osdx OSDxCLI[466618]: User 'admin' entered the configuration menu. Mar 05 17:20:42.983848 osdx OSDxCLI[466618]: User 'admin' added a new cfg line: 'set interfaces ethernet eth1 address 192.168.200.1/24'. Mar 05 17:20:43.227554 osdx OSDxCLI[466618]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 192.168.100.1/24'. Mar 05 17:20:43.328500 osdx OSDxCLI[466618]: User 'admin' added a new cfg line: 'set system conntrack logging events all'. Mar 05 17:20:43.390247 osdx OSDxCLI[466618]: User 'admin' added a new cfg line: 'show working'. Mar 05 17:20:43.500219 osdx ubnt-cfgd[479564]: inactive Mar 05 17:20:43.525206 osdx INFO[479570]: FRR daemons did not change Mar 05 17:20:43.556583 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth1 Mar 05 17:20:43.608926 osdx WARNING[479642]: No supported link modes on interface eth1 Mar 05 17:20:43.610434 osdx modulelauncher[479642]: osdx.utils.xos cmd error: /sbin/ethtool -A eth1 autoneg on Mar 05 17:20:43.610445 osdx modulelauncher[479642]: Command '/sbin/ethtool -A eth1 autoneg on' returned non-zero exit status 76. Mar 05 17:20:43.611925 osdx modulelauncher[479642]: osdx.utils.xos cmd error: /sbin/ethtool -s eth1 autoneg on advertise Pause off Asym_Pause off -- Mar 05 17:20:43.611932 osdx modulelauncher[479642]: Command '/sbin/ethtool -s eth1 autoneg on advertise Pause off Asym_Pause off --' returned non-zero exit status 75. Mar 05 17:20:43.644604 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Mar 05 17:20:43.695438 osdx WARNING[479722]: No supported link modes on interface eth0 Mar 05 17:20:43.697353 osdx modulelauncher[479722]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on Mar 05 17:20:43.697364 osdx modulelauncher[479722]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76. Mar 05 17:20:43.698579 osdx modulelauncher[479722]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Pause off Asym_Pause off -- Mar 05 17:20:43.698586 osdx modulelauncher[479722]: Command '/sbin/ethtool -s eth0 autoneg on advertise Pause off Asym_Pause off --' returned non-zero exit status 75. Mar 05 17:20:43.752900 osdx systemd[1]: Starting ulogd2.service - Netfilter Userspace Logging Daemon... Mar 05 17:20:43.753684 osdx systemd[1]: Started ulogd2.service - Netfilter Userspace Logging Daemon. Mar 05 17:20:43.753789 osdx ulogd[479748]: registering plugin `NFCT' Mar 05 17:20:43.753824 osdx ulogd[479748]: registering plugin `IP2STR' Mar 05 17:20:43.753859 osdx ulogd[479748]: registering plugin `PRINTFLOW' Mar 05 17:20:43.753898 osdx ulogd[479748]: registering plugin `SYSLOG' Mar 05 17:20:43.753901 osdx ulogd[479748]: building new pluginstance stack: 'ct1:NFCT,ip2str1:IP2STR,print1:PRINTFLOW,sys1:SYSLOG' Mar 05 17:20:43.753942 osdx ulogd[479748]: NFCT plugin working in event mode Mar 05 17:20:43.753950 osdx ulogd[479748]: Changing UID / GID Mar 05 17:20:43.754015 osdx ulogd[479748]: initialization finished, entering main loop Mar 05 17:20:43.754898 osdx cfgd[1863]: [466618]Completed change to active configuration Mar 05 17:20:43.766271 osdx OSDxCLI[466618]: User 'admin' committed the configuration. Mar 05 17:20:43.782214 osdx OSDxCLI[466618]: User 'admin' left the configuration menu. Mar 05 17:20:45.726114 osdx ulogd[479748]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 Mar 05 17:20:45.726137 osdx ulogd[479748]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 Mar 05 17:20:45.817387 osdx ulogd[479748]: [NEW] ORIG: SRC=192.168.200.2 DST=192.168.200.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.200.1 DST=192.168.200.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 Mar 05 17:20:45.817410 osdx ulogd[479748]: [UPDATE] ORIG: SRC=192.168.200.2 DST=192.168.200.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.200.1 DST=192.168.200.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 Mar 05 17:20:45.894489 osdx ulogd[479748]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.200.2 PROTO=TCP SPT=55036 DPT=22 PKTS=0 BYTES=0 , REPLY: SRC=192.168.200.2 DST=192.168.100.2 PROTO=TCP SPT=22 DPT=55036 PKTS=0 BYTES=0 Mar 05 17:20:45.894626 osdx ulogd[479748]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.200.2 PROTO=TCP SPT=55036 DPT=22 PKTS=0 BYTES=0 , REPLY: SRC=192.168.200.2 DST=192.168.100.2 PROTO=TCP SPT=22 DPT=55036 PKTS=0 BYTES=0 Mar 05 17:20:45.894796 osdx ulogd[479748]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.200.2 PROTO=TCP SPT=55036 DPT=22 PKTS=0 BYTES=0 , REPLY: SRC=192.168.200.2 DST=192.168.100.2 PROTO=TCP SPT=22 DPT=55036 PKTS=0 BYTES=0 [OFFLOAD] Mar 05 17:20:46.632972 osdx ulogd[479748]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.200.2 PROTO=TCP SPT=55036 DPT=22 PKTS=0 BYTES=0 , REPLY: SRC=192.168.200.2 DST=192.168.100.2 PROTO=TCP SPT=22 DPT=55036 PKTS=0 BYTES=0 Mar 05 17:20:46.633048 osdx ulogd[479748]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.200.2 PROTO=TCP SPT=55036 DPT=22 PKTS=0 BYTES=0 , REPLY: SRC=192.168.200.2 DST=192.168.100.2 PROTO=TCP SPT=22 DPT=55036 PKTS=0 BYTES=0 [OFFLOAD] Mar 05 17:20:46.634503 osdx ulogd[479748]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.200.2 PROTO=TCP SPT=55036 DPT=22 PKTS=0 BYTES=0 , REPLY: SRC=192.168.200.2 DST=192.168.100.2 PROTO=TCP SPT=22 DPT=55036 PKTS=0 BYTES=0 Mar 05 17:20:46.634641 osdx ulogd[479748]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.200.2 PROTO=TCP SPT=55036 DPT=22 PKTS=0 BYTES=0 , REPLY: SRC=192.168.200.2 DST=192.168.100.2 PROTO=TCP SPT=22 DPT=55036 PKTS=0 BYTES=0 [OFFLOAD]
App detect logging
Description
Set a simple configuration enabling app detection in system conntrack, send a ping command from DUT1
and check app detect field appears when running system journal show. After that, enabling app detection
in system conntrack for http host, try to copy index.html from a http server
and check that the app detect field appears and belongs to the http server when running system journal show.
Scenario
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 192.168.100.1/24 set system conntrack app-detect set system conntrack logging events all set system conntrack timeout icmp 1 set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 2: Set the following configuration in DUT1 :
set interfaces ethernet eth0 address 192.168.100.2/24 set protocols static route 0.0.0.0/0 next-hop 192.168.100.1 set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 3: Ping IP address 192.168.100.1 from DUT1:
admin@DUT1$ ping 192.168.100.1 count 1 size 56 timeout 1Show output
PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data. 64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.781 ms --- 192.168.100.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.781/0.781/0.781/0.000 ms
Step 4: Ping IP address 192.168.100.1 from DUT1:
admin@DUT1$ ping 192.168.100.1 count 3 size 56 timeout 1Show output
PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data. 64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.678 ms 64 bytes from 192.168.100.1: icmp_seq=2 ttl=64 time=0.341 ms 64 bytes from 192.168.100.1: icmp_seq=3 ttl=64 time=0.339 ms --- 192.168.100.1 ping statistics --- 3 packets transmitted, 3 received, 0% packet loss, time 2040ms rtt min/avg/max/mdev = 0.339/0.452/0.678/0.159 ms
Step 5: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
ulogd\[.*\]:.*\[NEW\].*APPDETECT\[L3:1\]Show output
Mar 05 17:20:52.300774 osdx systemd-journald[466780]: Runtime Journal (/run/log/journal/78445f9299f9414990e66dc8aa510838) is 1.8M, max 13.8M, 11.9M free. Mar 05 17:20:52.301995 osdx systemd-journald[466780]: Received client request to rotate journal, rotating. Mar 05 17:20:52.302045 osdx systemd-journald[466780]: Vacuuming done, freed 0B of archived journals from /run/log/journal/78445f9299f9414990e66dc8aa510838. Mar 05 17:20:52.309727 osdx OSDxCLI[466618]: User 'admin' executed a new command: 'system journal clear'. Mar 05 17:20:52.509906 osdx OSDxCLI[466618]: User 'admin' executed a new command: 'system coredump delete all'. Mar 05 17:20:52.754758 osdx OSDxCLI[466618]: User 'admin' entered the configuration menu. Mar 05 17:20:52.809084 osdx OSDxCLI[466618]: User 'admin' added a new cfg line: 'set system conntrack app-detect'. Mar 05 17:20:52.902678 osdx OSDxCLI[466618]: User 'admin' added a new cfg line: 'set system conntrack timeout icmp 1'. Mar 05 17:20:52.983456 osdx OSDxCLI[466618]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 192.168.100.1/24'. Mar 05 17:20:53.050373 osdx OSDxCLI[466618]: User 'admin' added a new cfg line: 'set system conntrack logging events all'. Mar 05 17:20:53.151973 osdx OSDxCLI[466618]: User 'admin' added a new cfg line: 'show working'. Mar 05 17:20:53.216918 osdx ubnt-cfgd[479984]: inactive Mar 05 17:20:53.238569 osdx INFO[479990]: FRR daemons did not change Mar 05 17:20:53.398000 osdx kernel: nfUDPlink: module init Mar 05 17:20:53.398054 osdx kernel: app-detect: module init Mar 05 17:20:53.398070 osdx kernel: app-detect: registered: sysctl net.appdetect Mar 05 17:20:53.398078 osdx kernel: nfUDPlink: connected 127.0.0.1:49000 Mar 05 17:20:53.398086 osdx kernel: nfUDPlink: added destination 127.0.0.1:49000 Mar 05 17:20:53.398094 osdx kernel: app-detect: expression init Mar 05 17:20:53.398101 osdx kernel: app-detect: appid cache initialized (override=yes, chained=yes) Mar 05 17:20:53.398111 osdx kernel: app-detect: cache changes counter set appid_changes_count found (klen=4, dlen=4) Mar 05 17:20:53.405349 osdx modulelauncher[479993]: AppDetect: no appdetect_chain refresh needed, nothing more to do Mar 05 17:20:53.408212 osdx INFO[480018]: Stopping Traffic Categorization (TCATD) service ... Mar 05 17:20:53.457996 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Mar 05 17:20:53.511714 osdx WARNING[480093]: No supported link modes on interface eth0 Mar 05 17:20:53.513297 osdx modulelauncher[480093]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on Mar 05 17:20:53.513310 osdx modulelauncher[480093]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76. Mar 05 17:20:53.514497 osdx modulelauncher[480093]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Pause off Asym_Pause off -- Mar 05 17:20:53.514507 osdx modulelauncher[480093]: Command '/sbin/ethtool -s eth0 autoneg on advertise Pause off Asym_Pause off --' returned non-zero exit status 75. Mar 05 17:20:53.578423 osdx systemd[1]: Starting ulogd2.service - Netfilter Userspace Logging Daemon... Mar 05 17:20:53.579343 osdx systemd[1]: Started ulogd2.service - Netfilter Userspace Logging Daemon. Mar 05 17:20:53.579537 osdx ulogd[480118]: registering plugin `NFCT' Mar 05 17:20:53.579588 osdx ulogd[480118]: registering plugin `IP2STR' Mar 05 17:20:53.579632 osdx ulogd[480118]: registering plugin `PRINTFLOW' Mar 05 17:20:53.579682 osdx ulogd[480118]: registering plugin `SYSLOG' Mar 05 17:20:53.579685 osdx ulogd[480118]: building new pluginstance stack: 'ct1:NFCT,ip2str1:IP2STR,print1:PRINTFLOW,sys1:SYSLOG' Mar 05 17:20:53.579737 osdx ulogd[480118]: NFCT plugin working in event mode Mar 05 17:20:53.579750 osdx ulogd[480118]: Changing UID / GID Mar 05 17:20:53.579842 osdx ulogd[480118]: initialization finished, entering main loop Mar 05 17:20:53.581401 osdx cfgd[1863]: [466618]Completed change to active configuration Mar 05 17:20:53.594353 osdx OSDxCLI[466618]: User 'admin' committed the configuration. Mar 05 17:20:53.611579 osdx OSDxCLI[466618]: User 'admin' left the configuration menu. Mar 05 17:20:54.539349 osdx ulogd[480118]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Mar 05 17:20:54.539373 osdx ulogd[480118]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Mar 05 17:20:54.623745 osdx ulogd[480118]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Mar 05 17:20:54.623779 osdx ulogd[480118]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Mar 05 17:20:55.639777 osdx ulogd[480118]: [DESTROY] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 APPDETECT[L3:1] Mar 05 17:20:55.639796 osdx ulogd[480118]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Mar 05 17:20:55.639807 osdx ulogd[480118]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Mar 05 17:20:56.663739 osdx ulogd[480118]: [DESTROY] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 APPDETECT[L3:1] Mar 05 17:20:56.663760 osdx ulogd[480118]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Mar 05 17:20:56.663776 osdx ulogd[480118]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1]
Step 6: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
ulogd\[.*\]:.*\[UPDATE\].*APPDETECT\[L3:1\]Show output
Mar 05 17:20:52.300774 osdx systemd-journald[466780]: Runtime Journal (/run/log/journal/78445f9299f9414990e66dc8aa510838) is 1.8M, max 13.8M, 11.9M free. Mar 05 17:20:52.301995 osdx systemd-journald[466780]: Received client request to rotate journal, rotating. Mar 05 17:20:52.302045 osdx systemd-journald[466780]: Vacuuming done, freed 0B of archived journals from /run/log/journal/78445f9299f9414990e66dc8aa510838. Mar 05 17:20:52.309727 osdx OSDxCLI[466618]: User 'admin' executed a new command: 'system journal clear'. Mar 05 17:20:52.509906 osdx OSDxCLI[466618]: User 'admin' executed a new command: 'system coredump delete all'. Mar 05 17:20:52.754758 osdx OSDxCLI[466618]: User 'admin' entered the configuration menu. Mar 05 17:20:52.809084 osdx OSDxCLI[466618]: User 'admin' added a new cfg line: 'set system conntrack app-detect'. Mar 05 17:20:52.902678 osdx OSDxCLI[466618]: User 'admin' added a new cfg line: 'set system conntrack timeout icmp 1'. Mar 05 17:20:52.983456 osdx OSDxCLI[466618]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 192.168.100.1/24'. Mar 05 17:20:53.050373 osdx OSDxCLI[466618]: User 'admin' added a new cfg line: 'set system conntrack logging events all'. Mar 05 17:20:53.151973 osdx OSDxCLI[466618]: User 'admin' added a new cfg line: 'show working'. Mar 05 17:20:53.216918 osdx ubnt-cfgd[479984]: inactive Mar 05 17:20:53.238569 osdx INFO[479990]: FRR daemons did not change Mar 05 17:20:53.398000 osdx kernel: nfUDPlink: module init Mar 05 17:20:53.398054 osdx kernel: app-detect: module init Mar 05 17:20:53.398070 osdx kernel: app-detect: registered: sysctl net.appdetect Mar 05 17:20:53.398078 osdx kernel: nfUDPlink: connected 127.0.0.1:49000 Mar 05 17:20:53.398086 osdx kernel: nfUDPlink: added destination 127.0.0.1:49000 Mar 05 17:20:53.398094 osdx kernel: app-detect: expression init Mar 05 17:20:53.398101 osdx kernel: app-detect: appid cache initialized (override=yes, chained=yes) Mar 05 17:20:53.398111 osdx kernel: app-detect: cache changes counter set appid_changes_count found (klen=4, dlen=4) Mar 05 17:20:53.405349 osdx modulelauncher[479993]: AppDetect: no appdetect_chain refresh needed, nothing more to do Mar 05 17:20:53.408212 osdx INFO[480018]: Stopping Traffic Categorization (TCATD) service ... Mar 05 17:20:53.457996 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Mar 05 17:20:53.511714 osdx WARNING[480093]: No supported link modes on interface eth0 Mar 05 17:20:53.513297 osdx modulelauncher[480093]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on Mar 05 17:20:53.513310 osdx modulelauncher[480093]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76. Mar 05 17:20:53.514497 osdx modulelauncher[480093]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Pause off Asym_Pause off -- Mar 05 17:20:53.514507 osdx modulelauncher[480093]: Command '/sbin/ethtool -s eth0 autoneg on advertise Pause off Asym_Pause off --' returned non-zero exit status 75. Mar 05 17:20:53.578423 osdx systemd[1]: Starting ulogd2.service - Netfilter Userspace Logging Daemon... Mar 05 17:20:53.579343 osdx systemd[1]: Started ulogd2.service - Netfilter Userspace Logging Daemon. Mar 05 17:20:53.579537 osdx ulogd[480118]: registering plugin `NFCT' Mar 05 17:20:53.579588 osdx ulogd[480118]: registering plugin `IP2STR' Mar 05 17:20:53.579632 osdx ulogd[480118]: registering plugin `PRINTFLOW' Mar 05 17:20:53.579682 osdx ulogd[480118]: registering plugin `SYSLOG' Mar 05 17:20:53.579685 osdx ulogd[480118]: building new pluginstance stack: 'ct1:NFCT,ip2str1:IP2STR,print1:PRINTFLOW,sys1:SYSLOG' Mar 05 17:20:53.579737 osdx ulogd[480118]: NFCT plugin working in event mode Mar 05 17:20:53.579750 osdx ulogd[480118]: Changing UID / GID Mar 05 17:20:53.579842 osdx ulogd[480118]: initialization finished, entering main loop Mar 05 17:20:53.581401 osdx cfgd[1863]: [466618]Completed change to active configuration Mar 05 17:20:53.594353 osdx OSDxCLI[466618]: User 'admin' committed the configuration. Mar 05 17:20:53.611579 osdx OSDxCLI[466618]: User 'admin' left the configuration menu. Mar 05 17:20:54.539349 osdx ulogd[480118]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Mar 05 17:20:54.539373 osdx ulogd[480118]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Mar 05 17:20:54.623745 osdx ulogd[480118]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Mar 05 17:20:54.623779 osdx ulogd[480118]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Mar 05 17:20:55.639777 osdx ulogd[480118]: [DESTROY] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 APPDETECT[L3:1] Mar 05 17:20:55.639796 osdx ulogd[480118]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Mar 05 17:20:55.639807 osdx ulogd[480118]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Mar 05 17:20:56.663739 osdx ulogd[480118]: [DESTROY] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 APPDETECT[L3:1] Mar 05 17:20:56.663760 osdx ulogd[480118]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Mar 05 17:20:56.663776 osdx ulogd[480118]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Mar 05 17:20:56.767460 osdx OSDxCLI[466618]: User 'admin' executed a new command: 'system journal show | cat'.
Step 7: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
ulogd\[.*\]:.*\[DESTROY\].*APPDETECT\[L3:1\]Show output
Mar 05 17:20:52.300774 osdx systemd-journald[466780]: Runtime Journal (/run/log/journal/78445f9299f9414990e66dc8aa510838) is 1.8M, max 13.8M, 11.9M free. Mar 05 17:20:52.301995 osdx systemd-journald[466780]: Received client request to rotate journal, rotating. Mar 05 17:20:52.302045 osdx systemd-journald[466780]: Vacuuming done, freed 0B of archived journals from /run/log/journal/78445f9299f9414990e66dc8aa510838. Mar 05 17:20:52.309727 osdx OSDxCLI[466618]: User 'admin' executed a new command: 'system journal clear'. Mar 05 17:20:52.509906 osdx OSDxCLI[466618]: User 'admin' executed a new command: 'system coredump delete all'. Mar 05 17:20:52.754758 osdx OSDxCLI[466618]: User 'admin' entered the configuration menu. Mar 05 17:20:52.809084 osdx OSDxCLI[466618]: User 'admin' added a new cfg line: 'set system conntrack app-detect'. Mar 05 17:20:52.902678 osdx OSDxCLI[466618]: User 'admin' added a new cfg line: 'set system conntrack timeout icmp 1'. Mar 05 17:20:52.983456 osdx OSDxCLI[466618]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 192.168.100.1/24'. Mar 05 17:20:53.050373 osdx OSDxCLI[466618]: User 'admin' added a new cfg line: 'set system conntrack logging events all'. Mar 05 17:20:53.151973 osdx OSDxCLI[466618]: User 'admin' added a new cfg line: 'show working'. Mar 05 17:20:53.216918 osdx ubnt-cfgd[479984]: inactive Mar 05 17:20:53.238569 osdx INFO[479990]: FRR daemons did not change Mar 05 17:20:53.398000 osdx kernel: nfUDPlink: module init Mar 05 17:20:53.398054 osdx kernel: app-detect: module init Mar 05 17:20:53.398070 osdx kernel: app-detect: registered: sysctl net.appdetect Mar 05 17:20:53.398078 osdx kernel: nfUDPlink: connected 127.0.0.1:49000 Mar 05 17:20:53.398086 osdx kernel: nfUDPlink: added destination 127.0.0.1:49000 Mar 05 17:20:53.398094 osdx kernel: app-detect: expression init Mar 05 17:20:53.398101 osdx kernel: app-detect: appid cache initialized (override=yes, chained=yes) Mar 05 17:20:53.398111 osdx kernel: app-detect: cache changes counter set appid_changes_count found (klen=4, dlen=4) Mar 05 17:20:53.405349 osdx modulelauncher[479993]: AppDetect: no appdetect_chain refresh needed, nothing more to do Mar 05 17:20:53.408212 osdx INFO[480018]: Stopping Traffic Categorization (TCATD) service ... Mar 05 17:20:53.457996 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Mar 05 17:20:53.511714 osdx WARNING[480093]: No supported link modes on interface eth0 Mar 05 17:20:53.513297 osdx modulelauncher[480093]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on Mar 05 17:20:53.513310 osdx modulelauncher[480093]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76. Mar 05 17:20:53.514497 osdx modulelauncher[480093]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Pause off Asym_Pause off -- Mar 05 17:20:53.514507 osdx modulelauncher[480093]: Command '/sbin/ethtool -s eth0 autoneg on advertise Pause off Asym_Pause off --' returned non-zero exit status 75. Mar 05 17:20:53.578423 osdx systemd[1]: Starting ulogd2.service - Netfilter Userspace Logging Daemon... Mar 05 17:20:53.579343 osdx systemd[1]: Started ulogd2.service - Netfilter Userspace Logging Daemon. Mar 05 17:20:53.579537 osdx ulogd[480118]: registering plugin `NFCT' Mar 05 17:20:53.579588 osdx ulogd[480118]: registering plugin `IP2STR' Mar 05 17:20:53.579632 osdx ulogd[480118]: registering plugin `PRINTFLOW' Mar 05 17:20:53.579682 osdx ulogd[480118]: registering plugin `SYSLOG' Mar 05 17:20:53.579685 osdx ulogd[480118]: building new pluginstance stack: 'ct1:NFCT,ip2str1:IP2STR,print1:PRINTFLOW,sys1:SYSLOG' Mar 05 17:20:53.579737 osdx ulogd[480118]: NFCT plugin working in event mode Mar 05 17:20:53.579750 osdx ulogd[480118]: Changing UID / GID Mar 05 17:20:53.579842 osdx ulogd[480118]: initialization finished, entering main loop Mar 05 17:20:53.581401 osdx cfgd[1863]: [466618]Completed change to active configuration Mar 05 17:20:53.594353 osdx OSDxCLI[466618]: User 'admin' committed the configuration. Mar 05 17:20:53.611579 osdx OSDxCLI[466618]: User 'admin' left the configuration menu. Mar 05 17:20:54.539349 osdx ulogd[480118]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Mar 05 17:20:54.539373 osdx ulogd[480118]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Mar 05 17:20:54.623745 osdx ulogd[480118]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Mar 05 17:20:54.623779 osdx ulogd[480118]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Mar 05 17:20:55.639777 osdx ulogd[480118]: [DESTROY] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 APPDETECT[L3:1] Mar 05 17:20:55.639796 osdx ulogd[480118]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Mar 05 17:20:55.639807 osdx ulogd[480118]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Mar 05 17:20:56.663739 osdx ulogd[480118]: [DESTROY] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 APPDETECT[L3:1] Mar 05 17:20:56.663760 osdx ulogd[480118]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Mar 05 17:20:56.663776 osdx ulogd[480118]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Mar 05 17:20:56.767460 osdx OSDxCLI[466618]: User 'admin' executed a new command: 'system journal show | cat'. Mar 05 17:20:56.883484 osdx OSDxCLI[466618]: User 'admin' executed a new command: 'system journal show | cat'.
Step 8: Modify the following configuration lines in DUT0 :
set interfaces ethernet eth1 address 10.215.168.64/24 set system conntrack app-detect http-host
Step 9: Ping IP address 10.215.168.1 from DUT0:
admin@DUT0$ ping 10.215.168.1 count 1 size 56 timeout 1Show output
PING 10.215.168.1 (10.215.168.1) 56(84) bytes of data. 64 bytes from 10.215.168.1: icmp_seq=1 ttl=64 time=0.493 ms --- 10.215.168.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.493/0.493/0.493/0.000 ms
Step 10: Run command file copy http://10.215.168.1/~robot/ running://index.html force at DUT0 and expect this output:
Show output
% Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 100 1209 0 1209 0 0 186k 0 --:--:-- --:--:-- --:--:-- 196k
Step 11: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
ulogd\[.*\]:.*\[((NEW)|(UPDATE)|(DESTROY))\].*APPDETECT\[L4:80 http-host:10.215.168.1\]Show output
Mar 05 17:20:52.300774 osdx systemd-journald[466780]: Runtime Journal (/run/log/journal/78445f9299f9414990e66dc8aa510838) is 1.8M, max 13.8M, 11.9M free. Mar 05 17:20:52.301995 osdx systemd-journald[466780]: Received client request to rotate journal, rotating. Mar 05 17:20:52.302045 osdx systemd-journald[466780]: Vacuuming done, freed 0B of archived journals from /run/log/journal/78445f9299f9414990e66dc8aa510838. Mar 05 17:20:52.309727 osdx OSDxCLI[466618]: User 'admin' executed a new command: 'system journal clear'. Mar 05 17:20:52.509906 osdx OSDxCLI[466618]: User 'admin' executed a new command: 'system coredump delete all'. Mar 05 17:20:52.754758 osdx OSDxCLI[466618]: User 'admin' entered the configuration menu. Mar 05 17:20:52.809084 osdx OSDxCLI[466618]: User 'admin' added a new cfg line: 'set system conntrack app-detect'. Mar 05 17:20:52.902678 osdx OSDxCLI[466618]: User 'admin' added a new cfg line: 'set system conntrack timeout icmp 1'. Mar 05 17:20:52.983456 osdx OSDxCLI[466618]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 192.168.100.1/24'. Mar 05 17:20:53.050373 osdx OSDxCLI[466618]: User 'admin' added a new cfg line: 'set system conntrack logging events all'. Mar 05 17:20:53.151973 osdx OSDxCLI[466618]: User 'admin' added a new cfg line: 'show working'. Mar 05 17:20:53.216918 osdx ubnt-cfgd[479984]: inactive Mar 05 17:20:53.238569 osdx INFO[479990]: FRR daemons did not change Mar 05 17:20:53.398000 osdx kernel: nfUDPlink: module init Mar 05 17:20:53.398054 osdx kernel: app-detect: module init Mar 05 17:20:53.398070 osdx kernel: app-detect: registered: sysctl net.appdetect Mar 05 17:20:53.398078 osdx kernel: nfUDPlink: connected 127.0.0.1:49000 Mar 05 17:20:53.398086 osdx kernel: nfUDPlink: added destination 127.0.0.1:49000 Mar 05 17:20:53.398094 osdx kernel: app-detect: expression init Mar 05 17:20:53.398101 osdx kernel: app-detect: appid cache initialized (override=yes, chained=yes) Mar 05 17:20:53.398111 osdx kernel: app-detect: cache changes counter set appid_changes_count found (klen=4, dlen=4) Mar 05 17:20:53.405349 osdx modulelauncher[479993]: AppDetect: no appdetect_chain refresh needed, nothing more to do Mar 05 17:20:53.408212 osdx INFO[480018]: Stopping Traffic Categorization (TCATD) service ... Mar 05 17:20:53.457996 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Mar 05 17:20:53.511714 osdx WARNING[480093]: No supported link modes on interface eth0 Mar 05 17:20:53.513297 osdx modulelauncher[480093]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on Mar 05 17:20:53.513310 osdx modulelauncher[480093]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76. Mar 05 17:20:53.514497 osdx modulelauncher[480093]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Pause off Asym_Pause off -- Mar 05 17:20:53.514507 osdx modulelauncher[480093]: Command '/sbin/ethtool -s eth0 autoneg on advertise Pause off Asym_Pause off --' returned non-zero exit status 75. Mar 05 17:20:53.578423 osdx systemd[1]: Starting ulogd2.service - Netfilter Userspace Logging Daemon... Mar 05 17:20:53.579343 osdx systemd[1]: Started ulogd2.service - Netfilter Userspace Logging Daemon. Mar 05 17:20:53.579537 osdx ulogd[480118]: registering plugin `NFCT' Mar 05 17:20:53.579588 osdx ulogd[480118]: registering plugin `IP2STR' Mar 05 17:20:53.579632 osdx ulogd[480118]: registering plugin `PRINTFLOW' Mar 05 17:20:53.579682 osdx ulogd[480118]: registering plugin `SYSLOG' Mar 05 17:20:53.579685 osdx ulogd[480118]: building new pluginstance stack: 'ct1:NFCT,ip2str1:IP2STR,print1:PRINTFLOW,sys1:SYSLOG' Mar 05 17:20:53.579737 osdx ulogd[480118]: NFCT plugin working in event mode Mar 05 17:20:53.579750 osdx ulogd[480118]: Changing UID / GID Mar 05 17:20:53.579842 osdx ulogd[480118]: initialization finished, entering main loop Mar 05 17:20:53.581401 osdx cfgd[1863]: [466618]Completed change to active configuration Mar 05 17:20:53.594353 osdx OSDxCLI[466618]: User 'admin' committed the configuration. Mar 05 17:20:53.611579 osdx OSDxCLI[466618]: User 'admin' left the configuration menu. Mar 05 17:20:54.539349 osdx ulogd[480118]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Mar 05 17:20:54.539373 osdx ulogd[480118]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Mar 05 17:20:54.623745 osdx ulogd[480118]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Mar 05 17:20:54.623779 osdx ulogd[480118]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Mar 05 17:20:55.639777 osdx ulogd[480118]: [DESTROY] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 APPDETECT[L3:1] Mar 05 17:20:55.639796 osdx ulogd[480118]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Mar 05 17:20:55.639807 osdx ulogd[480118]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Mar 05 17:20:56.663739 osdx ulogd[480118]: [DESTROY] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 APPDETECT[L3:1] Mar 05 17:20:56.663760 osdx ulogd[480118]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Mar 05 17:20:56.663776 osdx ulogd[480118]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Mar 05 17:20:56.767460 osdx OSDxCLI[466618]: User 'admin' executed a new command: 'system journal show | cat'. Mar 05 17:20:56.883484 osdx OSDxCLI[466618]: User 'admin' executed a new command: 'system journal show | cat'. Mar 05 17:20:57.012361 osdx OSDxCLI[466618]: User 'admin' executed a new command: 'system journal show | cat'. Mar 05 17:20:57.131762 osdx OSDxCLI[466618]: User 'admin' entered the configuration menu. Mar 05 17:20:57.218159 osdx OSDxCLI[466618]: User 'admin' added a new cfg line: 'set interfaces ethernet eth1 address 10.215.168.64/24'. Mar 05 17:20:57.289111 osdx OSDxCLI[466618]: User 'admin' added a new cfg line: 'set system conntrack app-detect http-host'. Mar 05 17:20:57.351665 osdx OSDxCLI[466618]: User 'admin' added a new cfg line: 'show changes'. Mar 05 17:20:57.454465 osdx ubnt-cfgd[480170]: inactive Mar 05 17:20:57.477162 osdx INFO[480176]: FRR daemons did not change Mar 05 17:20:57.505997 osdx kernel: app-detect: expression destroy Mar 05 17:20:57.513996 osdx kernel: app-detect: expression init Mar 05 17:20:57.514042 osdx kernel: app-detect: appid cache initialized (override=yes, chained=yes) Mar 05 17:20:57.514055 osdx kernel: app-detect: cache changes counter set appid_changes_count found (klen=4, dlen=4) Mar 05 17:20:57.522369 osdx modulelauncher[480179]: AppDetect: no appdetect_chain refresh needed, nothing more to do Mar 05 17:20:57.525532 osdx INFO[480195]: Stopping Traffic Categorization (TCATD) service ... Mar 05 17:20:57.562024 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth1 Mar 05 17:20:57.615634 osdx WARNING[480265]: No supported link modes on interface eth1 Mar 05 17:20:57.617175 osdx modulelauncher[480265]: osdx.utils.xos cmd error: /sbin/ethtool -A eth1 autoneg on Mar 05 17:20:57.617189 osdx modulelauncher[480265]: Command '/sbin/ethtool -A eth1 autoneg on' returned non-zero exit status 76. Mar 05 17:20:57.618369 osdx modulelauncher[480265]: osdx.utils.xos cmd error: /sbin/ethtool -s eth1 autoneg on advertise Pause off Asym_Pause off -- Mar 05 17:20:57.618378 osdx modulelauncher[480265]: Command '/sbin/ethtool -s eth1 autoneg on advertise Pause off Asym_Pause off --' returned non-zero exit status 75. Mar 05 17:20:57.629377 osdx cfgd[1863]: [466618]Completed change to active configuration Mar 05 17:20:57.640128 osdx ulogd[480118]: [DESTROY] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 APPDETECT[L3:1] Mar 05 17:20:57.640144 osdx ulogd[480118]: [DESTROY] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 APPDETECT[L3:1] Mar 05 17:20:57.640837 osdx OSDxCLI[466618]: User 'admin' committed the configuration. Mar 05 17:20:57.656939 osdx OSDxCLI[466618]: User 'admin' left the configuration menu. Mar 05 17:20:57.799200 osdx ulogd[480118]: [NEW] ORIG: SRC=10.215.168.64 DST=10.215.168.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=10.215.168.1 DST=10.215.168.64 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Mar 05 17:20:57.799444 osdx ulogd[480118]: [UPDATE] ORIG: SRC=10.215.168.64 DST=10.215.168.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=10.215.168.1 DST=10.215.168.64 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Mar 05 17:20:57.801514 osdx OSDxCLI[466618]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'. Mar 05 17:20:57.935584 osdx file_operation[480321]: using src url: http://10.215.168.1/~robot/ dst url: running://index.html Mar 05 17:20:57.941820 osdx ulogd[480118]: [NEW] ORIG: SRC=10.215.168.64 DST=10.215.168.1 PROTO=TCP SPT=33812 DPT=80 PKTS=0 BYTES=0 , REPLY: SRC=10.215.168.1 DST=10.215.168.64 PROTO=TCP SPT=80 DPT=33812 PKTS=0 BYTES=0 APPDETECT[L4:80] Mar 05 17:20:57.941926 osdx ulogd[480118]: [UPDATE] ORIG: SRC=10.215.168.64 DST=10.215.168.1 PROTO=TCP SPT=33812 DPT=80 PKTS=0 BYTES=0 , REPLY: SRC=10.215.168.1 DST=10.215.168.64 PROTO=TCP SPT=80 DPT=33812 PKTS=0 BYTES=0 APPDETECT[L4:80] Mar 05 17:20:57.941946 osdx ulogd[480118]: [UPDATE] ORIG: SRC=10.215.168.64 DST=10.215.168.1 PROTO=TCP SPT=33812 DPT=80 PKTS=0 BYTES=0 , REPLY: SRC=10.215.168.1 DST=10.215.168.64 PROTO=TCP SPT=80 DPT=33812 PKTS=0 BYTES=0 APPDETECT[L4:80] Mar 05 17:20:57.944297 osdx ulogd[480118]: [UPDATE] ORIG: SRC=10.215.168.64 DST=10.215.168.1 PROTO=TCP SPT=33812 DPT=80 PKTS=0 BYTES=0 , REPLY: SRC=10.215.168.1 DST=10.215.168.64 PROTO=TCP SPT=80 DPT=33812 PKTS=0 BYTES=0 APPDETECT[L4:80 http-host:10.215.168.1] Mar 05 17:20:57.944386 osdx ulogd[480118]: [UPDATE] ORIG: SRC=10.215.168.64 DST=10.215.168.1 PROTO=TCP SPT=33812 DPT=80 PKTS=0 BYTES=0 , REPLY: SRC=10.215.168.1 DST=10.215.168.64 PROTO=TCP SPT=80 DPT=33812 PKTS=0 BYTES=0 APPDETECT[L4:80 http-host:10.215.168.1] Mar 05 17:20:57.944408 osdx ulogd[480118]: [UPDATE] ORIG: SRC=10.215.168.64 DST=10.215.168.1 PROTO=TCP SPT=33812 DPT=80 PKTS=0 BYTES=0 , REPLY: SRC=10.215.168.1 DST=10.215.168.64 PROTO=TCP SPT=80 DPT=33812 PKTS=0 BYTES=0 APPDETECT[L4:80 http-host:10.215.168.1] Mar 05 17:20:57.964745 osdx OSDxCLI[466618]: User 'admin' executed a new command: 'file copy http://10.215.168.1/~robot/ running://index.html force'.
App Detect Drop Packet
Description
Set a traffic policy with action drop for all the packets matching an appid specified by a traffic selector.
Enable http-host and http-url option in system conntrack appdetect path in order to see relevant information about http packets.
Finnally, log that packets with app-id option and check that appdetect field appear in journal when
running system journal show
Scenario
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth1 address 10.215.168.64/24 set interfaces ethernet eth1 traffic policy out DROP set system conntrack app-detect dictionary 130 custom app-id 155 fqdn 10.215.168.1 set system conntrack app-detect enable_dict_match_priv_ip set system conntrack app-detect http-host set system conntrack app-detect http-url set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0' set traffic policy DROP rule 1 action drop set traffic policy DROP rule 1 log app-id set traffic policy DROP rule 1 selector APPID set traffic selector APPID rule 1 app-detect app-id custom 155
Step 2: Ping IP address 10.215.168.1 from DUT0:
admin@DUT0$ ping 10.215.168.1 count 1 size 56 timeout 1Show output
PING 10.215.168.1 (10.215.168.1) 56(84) bytes of data. 64 bytes from 10.215.168.1: icmp_seq=1 ttl=64 time=0.316 ms --- 10.215.168.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.316/0.316/0.316/0.000 ms
Step 3: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
osdx kernel:.*APPDETECT\[U6:155 http-url:/~robot/ http-host:10.215.168.1\]Show output
Mar 05 17:21:05.314435 osdx systemd-journald[466780]: Runtime Journal (/run/log/journal/78445f9299f9414990e66dc8aa510838) is 1.8M, max 13.8M, 11.9M free. Mar 05 17:21:05.318383 osdx systemd-journald[466780]: Received client request to rotate journal, rotating. Mar 05 17:21:05.318444 osdx systemd-journald[466780]: Vacuuming done, freed 0B of archived journals from /run/log/journal/78445f9299f9414990e66dc8aa510838. Mar 05 17:21:05.323358 osdx OSDxCLI[466618]: User 'admin' executed a new command: 'system journal clear'. Mar 05 17:21:05.609416 osdx OSDxCLI[466618]: User 'admin' executed a new command: 'system coredump delete all'. Mar 05 17:21:05.825175 osdx OSDxCLI[466618]: User 'admin' entered the configuration menu. Mar 05 17:21:05.887296 osdx OSDxCLI[466618]: User 'admin' added a new cfg line: 'set system conntrack app-detect dictionary 130 custom app-id 155 fqdn 10.215.168.1'. Mar 05 17:21:05.979513 osdx OSDxCLI[466618]: User 'admin' added a new cfg line: 'set system conntrack app-detect enable_dict_match_priv_ip'. Mar 05 17:21:06.038172 osdx OSDxCLI[466618]: User 'admin' added a new cfg line: 'set system conntrack app-detect http-url'. Mar 05 17:21:06.138187 osdx OSDxCLI[466618]: User 'admin' added a new cfg line: 'set traffic selector APPID rule 1 app-detect app-id custom 155'. Mar 05 17:21:06.193510 osdx OSDxCLI[466618]: User 'admin' added a new cfg line: 'set traffic policy DROP rule 1 selector APPID'. Mar 05 17:21:06.285763 osdx OSDxCLI[466618]: User 'admin' added a new cfg line: 'set traffic policy DROP rule 1 action drop'. Mar 05 17:21:06.337686 osdx OSDxCLI[466618]: User 'admin' added a new cfg line: 'set traffic policy DROP rule 1 log app-id'. Mar 05 17:21:06.464595 osdx OSDxCLI[466618]: User 'admin' added a new cfg line: 'set interfaces ethernet eth1 traffic policy out DROP'. Mar 05 17:21:06.516107 osdx OSDxCLI[466618]: User 'admin' added a new cfg line: 'set interfaces ethernet eth1 address 10.215.168.64/24'. Mar 05 17:21:06.627784 osdx OSDxCLI[466618]: User 'admin' added a new cfg line: 'set system conntrack app-detect http-host'. Mar 05 17:21:06.707984 osdx OSDxCLI[466618]: User 'admin' added a new cfg line: 'show working'. Mar 05 17:21:06.802847 osdx ubnt-cfgd[480568]: inactive Mar 05 17:21:06.854129 osdx INFO[480592]: FRR daemons did not change Mar 05 17:21:07.018386 osdx kernel: nfUDPlink: module init Mar 05 17:21:07.018440 osdx kernel: app-detect: module init Mar 05 17:21:07.018449 osdx kernel: app-detect: registered: sysctl net.appdetect Mar 05 17:21:07.018457 osdx kernel: nfUDPlink: connected 127.0.0.1:49000 Mar 05 17:21:07.018465 osdx kernel: nfUDPlink: added destination 127.0.0.1:49000 Mar 05 17:21:07.018473 osdx kernel: app-detect: expression init Mar 05 17:21:07.018480 osdx kernel: app-detect: appid cache initialized (override=yes, chained=yes) Mar 05 17:21:07.018498 osdx kernel: app-detect: cache changes counter set appid_changes_count found (klen=4, dlen=4) Mar 05 17:21:07.038871 osdx INFO[480627]: Updated /etc/default/osdx_tcatd.conf Mar 05 17:21:07.038907 osdx INFO[480627]: Restarting Traffic Categorization (TCATD) service ... Mar 05 17:21:07.070737 osdx systemd[1]: Starting osdx-tcatd.service - App-Detect Traffic Categorization daemon... Mar 05 17:21:07.077816 osdx systemd[1]: Started osdx-tcatd.service - App-Detect Traffic Categorization daemon. Mar 05 17:21:07.114399 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth1 Mar 05 17:21:07.161390 osdx WARNING[480701]: No supported link modes on interface eth1 Mar 05 17:21:07.162906 osdx modulelauncher[480701]: osdx.utils.xos cmd error: /sbin/ethtool -A eth1 autoneg on Mar 05 17:21:07.162918 osdx modulelauncher[480701]: Command '/sbin/ethtool -A eth1 autoneg on' returned non-zero exit status 76. Mar 05 17:21:07.164323 osdx modulelauncher[480701]: osdx.utils.xos cmd error: /sbin/ethtool -s eth1 autoneg on advertise Pause off Asym_Pause off -- Mar 05 17:21:07.164330 osdx modulelauncher[480701]: Command '/sbin/ethtool -s eth1 autoneg on advertise Pause off Asym_Pause off --' returned non-zero exit status 75. Mar 05 17:21:07.389268 osdx cfgd[1863]: [466618]Completed change to active configuration Mar 05 17:21:07.400439 osdx OSDxCLI[466618]: User 'admin' committed the configuration. Mar 05 17:21:07.417190 osdx OSDxCLI[466618]: User 'admin' left the configuration menu. Mar 05 17:21:07.564579 osdx OSDxCLI[466618]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'. Mar 05 17:21:07.709241 osdx file_operation[480780]: using src url: http://10.215.168.1/~robot/ dst url: running://index.html Mar 05 17:21:07.714401 osdx kernel: [DROP-1] DROP IN= OUT=eth1 SRC=10.215.168.64 DST=10.215.168.1 LEN=306 TOS=0x00 PREC=0x00 TTL=64 ID=41592 DF PROTO=TCP SPT=37656 DPT=80 WINDOW=502 RES=0x00 ACK PSH URGP=0 APPDETECT[U6:155 http-url:/~robot/ http-host:10.215.168.1] Mar 05 17:21:07.922399 osdx kernel: [DROP-1] DROP IN= OUT=eth1 SRC=10.215.168.64 DST=10.215.168.1 LEN=306 TOS=0x00 PREC=0x00 TTL=64 ID=41593 DF PROTO=TCP SPT=37656 DPT=80 WINDOW=502 RES=0x00 ACK PSH URGP=0 APPDETECT[U6:155 http-url:/~robot/ http-host:10.215.168.1] Mar 05 17:21:08.326432 osdx kernel: [DROP-1] DROP IN= OUT=eth1 SRC=10.215.168.64 DST=10.215.168.1 LEN=306 TOS=0x00 PREC=0x00 TTL=64 ID=41594 DF PROTO=TCP SPT=37656 DPT=80 WINDOW=502 RES=0x00 ACK PSH URGP=0 APPDETECT[U6:155 http-url:/~robot/ http-host:10.215.168.1] Mar 05 17:21:09.158453 osdx kernel: [DROP-1] DROP IN= OUT=eth1 SRC=10.215.168.64 DST=10.215.168.1 LEN=306 TOS=0x00 PREC=0x00 TTL=64 ID=41595 DF PROTO=TCP SPT=37656 DPT=80 WINDOW=502 RES=0x00 ACK PSH URGP=0 APPDETECT[U6:155 http-url:/~robot/ http-host:10.215.168.1] Mar 05 17:21:10.722960 osdx file_operation.py[480780]: Operation aborted by user. Mar 05 17:21:10.734397 osdx kernel: [DROP-1] DROP IN= OUT=eth1 SRC=10.215.168.64 DST=10.215.168.1 LEN=306 TOS=0x00 PREC=0x00 TTL=64 ID=41596 DF PROTO=TCP SPT=37656 DPT=80 WINDOW=502 RES=0x00 ACK PSH FIN URGP=0 APPDETECT[U6:155 http-url:/~robot/ http-host:10.215.168.1] Mar 05 17:21:10.738480 osdx OSDxCLI[466618]: User 'admin' executed a new command: 'file copy http://10.215.168.1/~robot/ running://index.html force'. Mar 05 17:21:10.794390 osdx kernel: [DROP-1] DROP IN= OUT=eth1 SRC=10.215.168.64 DST=10.215.168.1 LEN=306 TOS=0x00 PREC=0x00 TTL=64 ID=41597 DF PROTO=TCP SPT=37656 DPT=80 WINDOW=502 RES=0x00 ACK PSH FIN URGP=0 APPDETECT[U6:155 http-url:/~robot/ http-host:10.215.168.1]
Identity Values
Description
Conntrack identity is able to contain any printed character (max 92 characters) but not spaces
Scenario
Step 1: Run command configure at DUT0 and expect this output:
Show output
admin@osdx#
Step 2: Run command set system conntrack logging identity "he||o w@rld!" at DUT0 and check if output contains the following tokens:
Identity name must be 92 characters or less and must contain printable characters except those defined as part of the space character classShow output
Identity name must be 92 characters or less and must contain printable characters except those defined as part of the space character class Value validation failed CLI Error: Command error
Step 3: Run command set system conntrack logging identity Lorem-ipsum-dolor-sit-amet-consectetur-adipiscing-elit-quisque-lorem-ipsum-dolor-sit-amet-vita at DUT0 and check if output contains the following tokens:
Identity name must be 92 characters or less and must contain printable characters except those defined as part of the space character classShow output
Identity name must be 92 characters or less and must contain printable characters except those defined as part of the space character class Value validation failed CLI Error: Command error
Step 4: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 192.168.100.1/24 set system conntrack logging events all set system conntrack logging identity Lorem-ipsum-dolor-sit-amet-consectetur-adipiscing-elit-quisque-lorem-ipsum-dolor-sit-ame-vit set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 5: Set the following configuration in DUT1 :
set interfaces ethernet eth0 address 192.168.100.2/24 set protocols static route 0.0.0.0/0 next-hop 192.168.100.1 set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 6: Ping IP address 192.168.100.1 from DUT1:
admin@DUT1$ ping 192.168.100.1 count 1 size 56 timeout 1Show output
PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data. 64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.684 ms --- 192.168.100.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.684/0.684/0.684/0.000 ms
Step 7: Ping IP address 192.168.100.1 from DUT1:
admin@DUT1$ ping 192.168.100.1 count 1 size 56 timeout 1Show output
PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data. 64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.458 ms --- 192.168.100.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.458/0.458/0.458/0.000 ms
Step 8: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
Lorem-ipsum-dolor-sit-amet-consectetur-adipiscing-elit-quisque-lorem-ipsum-dolor-sit-ame-vit\[.*\]:.*\[((NEW)|(UPDATE)|(DESTROY))\].*SRC=192.168.100.2Show output
Mar 05 17:21:17.283712 osdx systemd-journald[466780]: Runtime Journal (/run/log/journal/78445f9299f9414990e66dc8aa510838) is 1.8M, max 13.8M, 11.9M free. Mar 05 17:21:17.285790 osdx systemd-journald[466780]: Received client request to rotate journal, rotating. Mar 05 17:21:17.285842 osdx systemd-journald[466780]: Vacuuming done, freed 0B of archived journals from /run/log/journal/78445f9299f9414990e66dc8aa510838. Mar 05 17:21:17.292788 osdx OSDxCLI[466618]: User 'admin' executed a new command: 'system journal clear'. Mar 05 17:21:17.496168 osdx OSDxCLI[466618]: User 'admin' executed a new command: 'system coredump delete all'. Mar 05 17:21:17.708430 osdx OSDxCLI[466618]: User 'admin' entered the configuration menu. Mar 05 17:21:17.769447 osdx cfgd[1863]: [466618]Command output: Identity name must be 92 characters or less and must contain printable characters except those defined as part of the space character class Value validation failed Mar 05 17:21:17.770522 osdx OSDxCLI[466618]: User 'admin' entered an invalid command: 'set system conntrack logging identity "he||o w@rld!"'. Mar 05 17:21:17.872357 osdx cfgd[1863]: [466618]Command output: Identity name must be 92 characters or less and must contain printable characters except those defined as part of the space character class Value validation failed Mar 05 17:21:17.873827 osdx OSDxCLI[466618]: User 'admin' entered an invalid command: 'set system conntrack logging identity Lorem-ipsum-dolor-sit-amet-consectetur-adipiscing-elit-quisque-lorem-ipsum-dolor-sit-amet-vita'. Mar 05 17:21:17.987562 osdx OSDxCLI[466618]: User 'admin' left the configuration menu. Mar 05 17:21:18.183498 osdx OSDxCLI[466618]: User 'admin' entered the configuration menu. Mar 05 17:21:18.268709 osdx OSDxCLI[466618]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 192.168.100.1/24'. Mar 05 17:21:18.335456 osdx OSDxCLI[466618]: User 'admin' added a new cfg line: 'set system conntrack logging events all'. Mar 05 17:21:18.433823 osdx OSDxCLI[466618]: User 'admin' added a new cfg line: 'set system conntrack logging identity Lorem-ipsum-dolor-sit-amet-consectetur-adipiscing-elit-quisque-lorem-ipsum-dolor-sit-ame-vit'. Mar 05 17:21:18.497402 osdx OSDxCLI[466618]: User 'admin' added a new cfg line: 'show working'. Mar 05 17:21:18.586957 osdx ubnt-cfgd[480995]: inactive Mar 05 17:21:18.604699 osdx INFO[481001]: FRR daemons did not change Mar 05 17:21:18.641792 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Mar 05 17:21:18.688641 osdx WARNING[481073]: No supported link modes on interface eth0 Mar 05 17:21:18.691025 osdx modulelauncher[481073]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on Mar 05 17:21:18.691040 osdx modulelauncher[481073]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76. Mar 05 17:21:18.692891 osdx modulelauncher[481073]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Pause off Asym_Pause off -- Mar 05 17:21:18.692902 osdx modulelauncher[481073]: Command '/sbin/ethtool -s eth0 autoneg on advertise Pause off Asym_Pause off --' returned non-zero exit status 75. Mar 05 17:21:18.738081 osdx systemd[1]: Starting ulogd2.service - Netfilter Userspace Logging Daemon... Mar 05 17:21:18.738725 osdx systemd[1]: Started ulogd2.service - Netfilter Userspace Logging Daemon. Mar 05 17:21:18.738909 osdx ulogd[481098]: registering plugin `NFCT' Mar 05 17:21:18.738957 osdx ulogd[481098]: registering plugin `IP2STR' Mar 05 17:21:18.738999 osdx ulogd[481098]: registering plugin `PRINTFLOW' Mar 05 17:21:18.739046 osdx ulogd[481098]: registering plugin `SYSLOG' Mar 05 17:21:18.739051 osdx ulogd[481098]: building new pluginstance stack: 'ct1:NFCT,ip2str1:IP2STR,print1:PRINTFLOW,sys1:SYSLOG' Mar 05 17:21:18.739101 osdx ulogd[481098]: NFCT plugin working in event mode Mar 05 17:21:18.739109 osdx Lorem-ipsum-dolor-sit-amet-consectetur-adipiscing-elit-quisque-lorem-ipsum-dolor-sit-ame-vit[481098]: Changing UID / GID Mar 05 17:21:18.739185 osdx Lorem-ipsum-dolor-sit-amet-consectetur-adipiscing-elit-quisque-lorem-ipsum-dolor-sit-ame-vit[481098]: initialization finished, entering main loop Mar 05 17:21:18.739829 osdx cfgd[1863]: [466618]Completed change to active configuration Mar 05 17:21:18.751357 osdx OSDxCLI[466618]: User 'admin' committed the configuration. Mar 05 17:21:18.799024 osdx OSDxCLI[466618]: User 'admin' left the configuration menu. Mar 05 17:21:19.603648 osdx Lorem-ipsum-dolor-sit-amet-consectetur-adipiscing-elit-quisque-lorem-ipsum-dolor-sit-ame-vit[481098]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 Mar 05 17:21:19.603670 osdx Lorem-ipsum-dolor-sit-amet-consectetur-adipiscing-elit-quisque-lorem-ipsum-dolor-sit-ame-vit[481098]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 Mar 05 17:21:19.684319 osdx Lorem-ipsum-dolor-sit-amet-consectetur-adipiscing-elit-quisque-lorem-ipsum-dolor-sit-ame-vit[481098]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 Mar 05 17:21:19.684340 osdx Lorem-ipsum-dolor-sit-amet-consectetur-adipiscing-elit-quisque-lorem-ipsum-dolor-sit-ame-vit[481098]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0