Logging
The following scenarios show how to configure the conntrack logging option with different traffic policies and services enabled, in order to check that all fields are displayed correctly and all events are captured.
New events
Description
Check NEW sessions events are captured
Scenario
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 192.168.100.1/24 set system conntrack logging events new set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 2: Set the following configuration in DUT1 :
set interfaces ethernet eth0 address 192.168.100.2/24 set protocols static route 0.0.0.0/0 next-hop 192.168.100.1 set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 3: Ping IP address 192.168.100.1 from DUT1:
admin@DUT1$ ping 192.168.100.1 count 1 size 56 timeout 1Show output
PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data. 64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.978 ms --- 192.168.100.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.978/0.978/0.978/0.000 ms
Step 4: Ping IP address 192.168.100.1 from DUT1:
admin@DUT1$ ping 192.168.100.1 count 1 size 56 timeout 1Show output
PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data. 64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.688 ms --- 192.168.100.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.688/0.688/0.688/0.000 ms
Step 5: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
ulogd\[.*\]:.*\[NEW\].*SRC=192.168.100.2Show output
Apr 16 16:09:18.344070 osdx systemd-journald[126917]: Runtime Journal (/run/log/journal/a3fecc5be5e949c7a083b0adeea4bb21) is 1.8M, max 13.8M, 11.9M free. Apr 16 16:09:18.345947 osdx systemd-journald[126917]: Received client request to rotate journal, rotating. Apr 16 16:09:18.346025 osdx systemd-journald[126917]: Vacuuming done, freed 0B of archived journals from /run/log/journal/a3fecc5be5e949c7a083b0adeea4bb21. Apr 16 16:09:18.360384 osdx OSDxCLI[165502]: User 'admin' executed a new command: 'system journal clear'. Apr 16 16:09:18.819998 osdx OSDxCLI[165502]: User 'admin' executed a new command: 'system coredump delete all'. Apr 16 16:09:19.103915 osdx OSDxCLI[165502]: User 'admin' entered the configuration menu. Apr 16 16:09:19.209099 osdx OSDxCLI[165502]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 192.168.100.1/24'. Apr 16 16:09:19.280440 osdx OSDxCLI[165502]: User 'admin' added a new cfg line: 'set system conntrack logging events new'. Apr 16 16:09:19.399493 osdx OSDxCLI[165502]: User 'admin' added a new cfg line: 'show working'. Apr 16 16:09:19.484934 osdx ubnt-cfgd[170558]: inactive Apr 16 16:09:19.505918 osdx INFO[170564]: FRR daemons did not change Apr 16 16:09:19.545953 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Apr 16 16:09:19.625800 osdx WARNING[170636]: No supported link modes on interface eth0 Apr 16 16:09:19.628595 osdx modulelauncher[170636]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on Apr 16 16:09:19.628609 osdx modulelauncher[170636]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76. Apr 16 16:09:19.630278 osdx modulelauncher[170636]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Pause off Asym_Pause off -- Apr 16 16:09:19.630289 osdx modulelauncher[170636]: Command '/sbin/ethtool -s eth0 autoneg on advertise Pause off Asym_Pause off --' returned non-zero exit status 75. Apr 16 16:09:19.694349 osdx systemd[1]: Starting ulogd2.service - Netfilter Userspace Logging Daemon... Apr 16 16:09:19.698133 osdx systemd[1]: Started ulogd2.service - Netfilter Userspace Logging Daemon. Apr 16 16:09:19.699770 osdx cfgd[1833]: [165502]Completed change to active configuration Apr 16 16:09:19.700805 osdx ulogd[170661]: registering plugin `NFCT' Apr 16 16:09:19.702091 osdx ulogd[170661]: registering plugin `IP2STR' Apr 16 16:09:19.702189 osdx ulogd[170661]: registering plugin `PRINTFLOW' Apr 16 16:09:19.703579 osdx ulogd[170661]: registering plugin `SYSLOG' Apr 16 16:09:19.703594 osdx ulogd[170661]: building new pluginstance stack: 'ct1:NFCT,ip2str1:IP2STR,print1:PRINTFLOW,sys1:SYSLOG' Apr 16 16:09:19.703669 osdx ulogd[170661]: NFCT plugin working in event mode Apr 16 16:09:19.703692 osdx ulogd[170661]: Changing UID / GID Apr 16 16:09:19.703799 osdx ulogd[170661]: initialization finished, entering main loop Apr 16 16:09:19.712601 osdx OSDxCLI[165502]: User 'admin' committed the configuration. Apr 16 16:09:19.742414 osdx OSDxCLI[165502]: User 'admin' left the configuration menu. Apr 16 16:09:20.809437 osdx ulogd[170661]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 Apr 16 16:09:20.909295 osdx ulogd[170661]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0
Update events
Description
Check UPDATE sessions events are captured
Scenario
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 192.168.100.1/24 set system conntrack logging events update set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 2: Set the following configuration in DUT1 :
set interfaces ethernet eth0 address 192.168.100.2/24 set protocols static route 0.0.0.0/0 next-hop 192.168.100.1 set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 3: Ping IP address 192.168.100.1 from DUT1:
admin@DUT1$ ping 192.168.100.1 count 1 size 56 timeout 1Show output
PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data. 64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.784 ms --- 192.168.100.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.784/0.784/0.784/0.000 ms
Step 4: Ping IP address 192.168.100.1 from DUT1:
admin@DUT1$ ping 192.168.100.1 count 1 size 56 timeout 1Show output
PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data. 64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.287 ms --- 192.168.100.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.287/0.287/0.287/0.000 ms
Step 5: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
ulogd\[.*\]:.*\[UPDATE\].*SRC=192.168.100.2Show output
Apr 16 16:09:27.322639 osdx systemd-journald[126917]: Runtime Journal (/run/log/journal/a3fecc5be5e949c7a083b0adeea4bb21) is 1.9M, max 13.8M, 11.9M free. Apr 16 16:09:27.325191 osdx systemd-journald[126917]: Received client request to rotate journal, rotating. Apr 16 16:09:27.325269 osdx systemd-journald[126917]: Vacuuming done, freed 0B of archived journals from /run/log/journal/a3fecc5be5e949c7a083b0adeea4bb21. Apr 16 16:09:27.335777 osdx OSDxCLI[165502]: User 'admin' executed a new command: 'system journal clear'. Apr 16 16:09:27.594566 osdx OSDxCLI[165502]: User 'admin' executed a new command: 'system coredump delete all'. Apr 16 16:09:27.953800 osdx OSDxCLI[165502]: User 'admin' entered the configuration menu. Apr 16 16:09:28.060745 osdx OSDxCLI[165502]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 192.168.100.1/24'. Apr 16 16:09:28.161380 osdx OSDxCLI[165502]: User 'admin' added a new cfg line: 'set system conntrack logging events update'. Apr 16 16:09:28.276067 osdx OSDxCLI[165502]: User 'admin' added a new cfg line: 'show working'. Apr 16 16:09:28.354953 osdx ubnt-cfgd[170862]: inactive Apr 16 16:09:28.378721 osdx INFO[170868]: FRR daemons did not change Apr 16 16:09:28.417255 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Apr 16 16:09:28.470261 osdx WARNING[170940]: No supported link modes on interface eth0 Apr 16 16:09:28.472309 osdx modulelauncher[170940]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on Apr 16 16:09:28.472324 osdx modulelauncher[170940]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76. Apr 16 16:09:28.473665 osdx modulelauncher[170940]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Pause off Asym_Pause off -- Apr 16 16:09:28.473675 osdx modulelauncher[170940]: Command '/sbin/ethtool -s eth0 autoneg on advertise Pause off Asym_Pause off --' returned non-zero exit status 75. Apr 16 16:09:28.517626 osdx systemd[1]: Starting ulogd2.service - Netfilter Userspace Logging Daemon... Apr 16 16:09:28.518577 osdx systemd[1]: Started ulogd2.service - Netfilter Userspace Logging Daemon. Apr 16 16:09:28.518701 osdx ulogd[170965]: registering plugin `NFCT' Apr 16 16:09:28.518754 osdx ulogd[170965]: registering plugin `IP2STR' Apr 16 16:09:28.518799 osdx ulogd[170965]: registering plugin `PRINTFLOW' Apr 16 16:09:28.518849 osdx ulogd[170965]: registering plugin `SYSLOG' Apr 16 16:09:28.518853 osdx ulogd[170965]: building new pluginstance stack: 'ct1:NFCT,ip2str1:IP2STR,print1:PRINTFLOW,sys1:SYSLOG' Apr 16 16:09:28.518903 osdx ulogd[170965]: NFCT plugin working in event mode Apr 16 16:09:28.518915 osdx ulogd[170965]: Changing UID / GID Apr 16 16:09:28.519002 osdx ulogd[170965]: initialization finished, entering main loop Apr 16 16:09:28.520958 osdx cfgd[1833]: [165502]Completed change to active configuration Apr 16 16:09:28.536296 osdx OSDxCLI[165502]: User 'admin' committed the configuration. Apr 16 16:09:28.567495 osdx OSDxCLI[165502]: User 'admin' left the configuration menu. Apr 16 16:09:29.540436 osdx ulogd[170965]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 Apr 16 16:09:29.661801 osdx ulogd[170965]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0
Destroy events
Description
Check DESTROY sessions events are captured
Scenario
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 192.168.100.1/24 set service ssh set system conntrack logging events destroy set system conntrack timeout icmp 1 set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 2: Set the following configuration in DUT1 :
set interfaces ethernet eth0 address 192.168.100.2/24 set protocols static route 0.0.0.0/0 next-hop 192.168.100.1 set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 3: Ping IP address 192.168.100.1 from DUT1:
admin@DUT1$ ping 192.168.100.1 count 1 size 56 timeout 1Show output
PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data. 64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=1.54 ms --- 192.168.100.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 1.535/1.535/1.535/0.000 ms
Step 4: Ping IP address 192.168.100.1 from DUT1:
admin@DUT1$ ping 192.168.100.1 count 3 size 56 timeout 1Show output
PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data. 64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.745 ms 64 bytes from 192.168.100.1: icmp_seq=2 ttl=64 time=0.287 ms 64 bytes from 192.168.100.1: icmp_seq=3 ttl=64 time=0.299 ms --- 192.168.100.1 ping statistics --- 3 packets transmitted, 3 received, 0% packet loss, time 2028ms rtt min/avg/max/mdev = 0.287/0.443/0.745/0.213 ms
Step 5: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
ulogd\[.*\]:.*\[DESTROY\].*SRC=192.168.100.2Show output
Apr 16 16:09:38.351976 osdx systemd-journald[126917]: Runtime Journal (/run/log/journal/a3fecc5be5e949c7a083b0adeea4bb21) is 1.8M, max 13.8M, 11.9M free. Apr 16 16:09:38.355776 osdx systemd-journald[126917]: Received client request to rotate journal, rotating. Apr 16 16:09:38.355857 osdx systemd-journald[126917]: Vacuuming done, freed 0B of archived journals from /run/log/journal/a3fecc5be5e949c7a083b0adeea4bb21. Apr 16 16:09:38.364672 osdx OSDxCLI[165502]: User 'admin' executed a new command: 'system journal clear'. Apr 16 16:09:38.615690 osdx OSDxCLI[165502]: User 'admin' executed a new command: 'system coredump delete all'. Apr 16 16:09:38.980906 osdx OSDxCLI[165502]: User 'admin' entered the configuration menu. Apr 16 16:09:39.071431 osdx OSDxCLI[165502]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 192.168.100.1/24'. Apr 16 16:09:39.135663 osdx OSDxCLI[165502]: User 'admin' added a new cfg line: 'set system conntrack logging events destroy'. Apr 16 16:09:39.236401 osdx OSDxCLI[165502]: User 'admin' added a new cfg line: 'set system conntrack timeout icmp 1'. Apr 16 16:09:39.299588 osdx OSDxCLI[165502]: User 'admin' added a new cfg line: 'set service ssh'. Apr 16 16:09:39.406844 osdx OSDxCLI[165502]: User 'admin' added a new cfg line: 'show working'. Apr 16 16:09:39.480730 osdx ubnt-cfgd[171168]: inactive Apr 16 16:09:39.595818 osdx INFO[171189]: FRR daemons did not change Apr 16 16:09:39.635779 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Apr 16 16:09:39.684380 osdx WARNING[171263]: No supported link modes on interface eth0 Apr 16 16:09:39.685948 osdx modulelauncher[171263]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on Apr 16 16:09:39.685968 osdx modulelauncher[171263]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76. Apr 16 16:09:39.687317 osdx modulelauncher[171263]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Pause off Asym_Pause off -- Apr 16 16:09:39.687335 osdx modulelauncher[171263]: Command '/sbin/ethtool -s eth0 autoneg on advertise Pause off Asym_Pause off --' returned non-zero exit status 75. Apr 16 16:09:39.732279 osdx systemd[1]: Starting ulogd2.service - Netfilter Userspace Logging Daemon... Apr 16 16:09:39.733222 osdx systemd[1]: Started ulogd2.service - Netfilter Userspace Logging Daemon. Apr 16 16:09:39.733291 osdx ulogd[171288]: registering plugin `NFCT' Apr 16 16:09:39.733325 osdx ulogd[171288]: registering plugin `IP2STR' Apr 16 16:09:39.733389 osdx ulogd[171288]: registering plugin `PRINTFLOW' Apr 16 16:09:39.733432 osdx ulogd[171288]: registering plugin `SYSLOG' Apr 16 16:09:39.733435 osdx ulogd[171288]: building new pluginstance stack: 'ct1:NFCT,ip2str1:IP2STR,print1:PRINTFLOW,sys1:SYSLOG' Apr 16 16:09:39.733474 osdx ulogd[171288]: NFCT plugin working in event mode Apr 16 16:09:39.733482 osdx ulogd[171288]: Changing UID / GID Apr 16 16:09:39.733552 osdx ulogd[171288]: initialization finished, entering main loop Apr 16 16:09:39.800216 osdx systemd[1]: Starting ssh.service - OpenBSD Secure Shell server... Apr 16 16:09:39.816035 osdx sshd[171309]: Server listening on 0.0.0.0 port 22. Apr 16 16:09:39.816062 osdx sshd[171309]: Server listening on :: port 22. Apr 16 16:09:39.816169 osdx systemd[1]: Started ssh.service - OpenBSD Secure Shell server. Apr 16 16:09:39.817369 osdx cfgd[1833]: [165502]Completed change to active configuration Apr 16 16:09:39.829560 osdx OSDxCLI[165502]: User 'admin' committed the configuration. Apr 16 16:09:39.848405 osdx OSDxCLI[165502]: User 'admin' left the configuration menu. Apr 16 16:09:41.984503 osdx ulogd[171288]: [DESTROY] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 Apr 16 16:09:43.008429 osdx ulogd[171288]: [DESTROY] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84
Default logging
Description
Set a simple configuration, send a ping command from one device to other
and check that default fields appear when running system journal show.
Scenario
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 192.168.100.1/24 set system conntrack logging events all set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 2: Set the following configuration in DUT1 :
set interfaces ethernet eth0 address 192.168.100.2/24 set protocols static route 0.0.0.0/0 next-hop 192.168.100.1 set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 3: Ping IP address 192.168.100.1 from DUT1:
admin@DUT1$ ping 192.168.100.1 count 1 size 56 timeout 1Show output
PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data. 64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.754 ms --- 192.168.100.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.754/0.754/0.754/0.000 ms
Step 4: Ping IP address 192.168.100.1 from DUT1:
admin@DUT1$ ping 192.168.100.1 count 1 size 56 timeout 1Show output
PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data. 64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.759 ms --- 192.168.100.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.759/0.759/0.759/0.000 ms
Step 5: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
ulogd\[.*\]:.*\[((NEW)|(UPDATE)|(DESTROY))\].*SRC=192.168.100.2Show output
Apr 16 16:09:56.353225 osdx systemd-journald[126917]: Runtime Journal (/run/log/journal/a3fecc5be5e949c7a083b0adeea4bb21) is 1.8M, max 13.8M, 11.9M free. Apr 16 16:09:56.356974 osdx systemd-journald[126917]: Received client request to rotate journal, rotating. Apr 16 16:09:56.357052 osdx systemd-journald[126917]: Vacuuming done, freed 0B of archived journals from /run/log/journal/a3fecc5be5e949c7a083b0adeea4bb21. Apr 16 16:09:56.366423 osdx OSDxCLI[165502]: User 'admin' executed a new command: 'system journal clear'. Apr 16 16:09:56.617310 osdx OSDxCLI[165502]: User 'admin' executed a new command: 'system coredump delete all'. Apr 16 16:09:56.875795 osdx OSDxCLI[165502]: User 'admin' entered the configuration menu. Apr 16 16:09:56.972569 osdx OSDxCLI[165502]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 192.168.100.1/24'. Apr 16 16:09:57.093723 osdx OSDxCLI[165502]: User 'admin' added a new cfg line: 'set system conntrack logging events all'. Apr 16 16:09:57.212144 osdx OSDxCLI[165502]: User 'admin' added a new cfg line: 'show working'. Apr 16 16:09:57.276426 osdx ubnt-cfgd[171535]: inactive Apr 16 16:09:57.299781 osdx INFO[171541]: FRR daemons did not change Apr 16 16:09:57.340479 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Apr 16 16:09:57.390744 osdx WARNING[171613]: No supported link modes on interface eth0 Apr 16 16:09:57.392657 osdx modulelauncher[171613]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on Apr 16 16:09:57.392670 osdx modulelauncher[171613]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76. Apr 16 16:09:57.394338 osdx modulelauncher[171613]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Pause off Asym_Pause off -- Apr 16 16:09:57.394350 osdx modulelauncher[171613]: Command '/sbin/ethtool -s eth0 autoneg on advertise Pause off Asym_Pause off --' returned non-zero exit status 75. Apr 16 16:09:57.444895 osdx systemd[1]: Starting ulogd2.service - Netfilter Userspace Logging Daemon... Apr 16 16:09:57.445848 osdx systemd[1]: Started ulogd2.service - Netfilter Userspace Logging Daemon. Apr 16 16:09:57.445985 osdx ulogd[171638]: registering plugin `NFCT' Apr 16 16:09:57.446034 osdx ulogd[171638]: registering plugin `IP2STR' Apr 16 16:09:57.446076 osdx ulogd[171638]: registering plugin `PRINTFLOW' Apr 16 16:09:57.446140 osdx ulogd[171638]: registering plugin `SYSLOG' Apr 16 16:09:57.446145 osdx ulogd[171638]: building new pluginstance stack: 'ct1:NFCT,ip2str1:IP2STR,print1:PRINTFLOW,sys1:SYSLOG' Apr 16 16:09:57.446197 osdx ulogd[171638]: NFCT plugin working in event mode Apr 16 16:09:57.446208 osdx ulogd[171638]: Changing UID / GID Apr 16 16:09:57.446294 osdx ulogd[171638]: initialization finished, entering main loop Apr 16 16:09:57.447690 osdx cfgd[1833]: [165502]Completed change to active configuration Apr 16 16:09:57.461017 osdx OSDxCLI[165502]: User 'admin' committed the configuration. Apr 16 16:09:57.573036 osdx OSDxCLI[165502]: User 'admin' left the configuration menu. Apr 16 16:09:58.647419 osdx ulogd[171638]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 Apr 16 16:09:58.647446 osdx ulogd[171638]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 Apr 16 16:09:58.778603 osdx ulogd[171638]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 Apr 16 16:09:58.778627 osdx ulogd[171638]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0
Identity logging
Description
Set a simple configuration with identity OSDx_DUT0 for logs entries, send a ping command from one device to other
and check that the identity has changed when running system journal show.
Scenario
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 192.168.100.1/24 set system conntrack logging events all set system conntrack logging identity OSDx_DUT0 set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 2: Set the following configuration in DUT1 :
set interfaces ethernet eth0 address 192.168.100.2/24 set protocols static route 0.0.0.0/0 next-hop 192.168.100.1 set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 3: Ping IP address 192.168.100.1 from DUT1:
admin@DUT1$ ping 192.168.100.1 count 1 size 56 timeout 1Show output
PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data. 64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.906 ms --- 192.168.100.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.906/0.906/0.906/0.000 ms
Step 4: Ping IP address 192.168.100.1 from DUT1:
admin@DUT1$ ping 192.168.100.1 count 1 size 56 timeout 1Show output
PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data. 64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=1.13 ms --- 192.168.100.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 1.129/1.129/1.129/0.000 ms
Step 5: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
OSDx_DUT0\[.*\]:.*\[((NEW)|(UPDATE)|(DESTROY))\].*SRC=192.168.100.2Show output
Apr 16 16:10:10.720762 osdx systemd-journald[126917]: Runtime Journal (/run/log/journal/a3fecc5be5e949c7a083b0adeea4bb21) is 1.8M, max 13.8M, 11.9M free. Apr 16 16:10:10.723335 osdx systemd-journald[126917]: Received client request to rotate journal, rotating. Apr 16 16:10:10.723404 osdx systemd-journald[126917]: Vacuuming done, freed 0B of archived journals from /run/log/journal/a3fecc5be5e949c7a083b0adeea4bb21. Apr 16 16:10:10.736750 osdx OSDxCLI[165502]: User 'admin' executed a new command: 'system journal clear'. Apr 16 16:10:11.079026 osdx OSDxCLI[165502]: User 'admin' executed a new command: 'system coredump delete all'. Apr 16 16:10:11.581532 osdx OSDxCLI[165502]: User 'admin' entered the configuration menu. Apr 16 16:10:11.724203 osdx OSDxCLI[165502]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 192.168.100.1/24'. Apr 16 16:10:11.810395 osdx OSDxCLI[165502]: User 'admin' added a new cfg line: 'set system conntrack logging events all'. Apr 16 16:10:11.963547 osdx OSDxCLI[165502]: User 'admin' added a new cfg line: 'set system conntrack logging identity OSDx_DUT0'. Apr 16 16:10:12.056662 osdx OSDxCLI[165502]: User 'admin' added a new cfg line: 'show working'. Apr 16 16:10:12.297011 osdx ubnt-cfgd[171844]: inactive Apr 16 16:10:12.388985 osdx INFO[171850]: FRR daemons did not change Apr 16 16:10:12.435306 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Apr 16 16:10:12.504457 osdx WARNING[171922]: No supported link modes on interface eth0 Apr 16 16:10:12.506677 osdx modulelauncher[171922]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on Apr 16 16:10:12.506692 osdx modulelauncher[171922]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76. Apr 16 16:10:12.508161 osdx modulelauncher[171922]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Pause off Asym_Pause off -- Apr 16 16:10:12.508172 osdx modulelauncher[171922]: Command '/sbin/ethtool -s eth0 autoneg on advertise Pause off Asym_Pause off --' returned non-zero exit status 75. Apr 16 16:10:12.563788 osdx systemd[1]: Starting ulogd2.service - Netfilter Userspace Logging Daemon... Apr 16 16:10:12.564736 osdx systemd[1]: Started ulogd2.service - Netfilter Userspace Logging Daemon. Apr 16 16:10:12.564931 osdx ulogd[171947]: registering plugin `NFCT' Apr 16 16:10:12.564980 osdx ulogd[171947]: registering plugin `IP2STR' Apr 16 16:10:12.565047 osdx ulogd[171947]: registering plugin `PRINTFLOW' Apr 16 16:10:12.565105 osdx ulogd[171947]: registering plugin `SYSLOG' Apr 16 16:10:12.565110 osdx ulogd[171947]: building new pluginstance stack: 'ct1:NFCT,ip2str1:IP2STR,print1:PRINTFLOW,sys1:SYSLOG' Apr 16 16:10:12.565165 osdx ulogd[171947]: NFCT plugin working in event mode Apr 16 16:10:12.565178 osdx OSDx_DUT0[171947]: Changing UID / GID Apr 16 16:10:12.565344 osdx OSDx_DUT0[171947]: initialization finished, entering main loop Apr 16 16:10:12.567618 osdx cfgd[1833]: [165502]Completed change to active configuration Apr 16 16:10:12.588067 osdx OSDxCLI[165502]: User 'admin' committed the configuration. Apr 16 16:10:12.611791 osdx OSDxCLI[165502]: User 'admin' left the configuration menu. Apr 16 16:10:13.729827 osdx OSDx_DUT0[171947]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 Apr 16 16:10:13.729850 osdx OSDx_DUT0[171947]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 Apr 16 16:10:13.854737 osdx OSDx_DUT0[171947]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 Apr 16 16:10:13.854761 osdx OSDx_DUT0[171947]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0
Note
If the identity is not provided, “ulogd” will be used by default.
Step 6: Modify the following configuration lines in DUT0 :
delete system conntrack logging identity
Step 7: Ping IP address 192.168.100.1 from DUT1:
admin@DUT1$ ping 192.168.100.1 count 1 size 56 timeout 1Show output
PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data. 64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.826 ms --- 192.168.100.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.826/0.826/0.826/0.000 ms
Step 8: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
ulogd\[.*\]:.*\[((NEW)|(UPDATE)|(DESTROY))\].*SRC=192.168.100.2Show output
Apr 16 16:10:10.720762 osdx systemd-journald[126917]: Runtime Journal (/run/log/journal/a3fecc5be5e949c7a083b0adeea4bb21) is 1.8M, max 13.8M, 11.9M free. Apr 16 16:10:10.723335 osdx systemd-journald[126917]: Received client request to rotate journal, rotating. Apr 16 16:10:10.723404 osdx systemd-journald[126917]: Vacuuming done, freed 0B of archived journals from /run/log/journal/a3fecc5be5e949c7a083b0adeea4bb21. Apr 16 16:10:10.736750 osdx OSDxCLI[165502]: User 'admin' executed a new command: 'system journal clear'. Apr 16 16:10:11.079026 osdx OSDxCLI[165502]: User 'admin' executed a new command: 'system coredump delete all'. Apr 16 16:10:11.581532 osdx OSDxCLI[165502]: User 'admin' entered the configuration menu. Apr 16 16:10:11.724203 osdx OSDxCLI[165502]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 192.168.100.1/24'. Apr 16 16:10:11.810395 osdx OSDxCLI[165502]: User 'admin' added a new cfg line: 'set system conntrack logging events all'. Apr 16 16:10:11.963547 osdx OSDxCLI[165502]: User 'admin' added a new cfg line: 'set system conntrack logging identity OSDx_DUT0'. Apr 16 16:10:12.056662 osdx OSDxCLI[165502]: User 'admin' added a new cfg line: 'show working'. Apr 16 16:10:12.297011 osdx ubnt-cfgd[171844]: inactive Apr 16 16:10:12.388985 osdx INFO[171850]: FRR daemons did not change Apr 16 16:10:12.435306 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Apr 16 16:10:12.504457 osdx WARNING[171922]: No supported link modes on interface eth0 Apr 16 16:10:12.506677 osdx modulelauncher[171922]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on Apr 16 16:10:12.506692 osdx modulelauncher[171922]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76. Apr 16 16:10:12.508161 osdx modulelauncher[171922]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Pause off Asym_Pause off -- Apr 16 16:10:12.508172 osdx modulelauncher[171922]: Command '/sbin/ethtool -s eth0 autoneg on advertise Pause off Asym_Pause off --' returned non-zero exit status 75. Apr 16 16:10:12.563788 osdx systemd[1]: Starting ulogd2.service - Netfilter Userspace Logging Daemon... Apr 16 16:10:12.564736 osdx systemd[1]: Started ulogd2.service - Netfilter Userspace Logging Daemon. Apr 16 16:10:12.564931 osdx ulogd[171947]: registering plugin `NFCT' Apr 16 16:10:12.564980 osdx ulogd[171947]: registering plugin `IP2STR' Apr 16 16:10:12.565047 osdx ulogd[171947]: registering plugin `PRINTFLOW' Apr 16 16:10:12.565105 osdx ulogd[171947]: registering plugin `SYSLOG' Apr 16 16:10:12.565110 osdx ulogd[171947]: building new pluginstance stack: 'ct1:NFCT,ip2str1:IP2STR,print1:PRINTFLOW,sys1:SYSLOG' Apr 16 16:10:12.565165 osdx ulogd[171947]: NFCT plugin working in event mode Apr 16 16:10:12.565178 osdx OSDx_DUT0[171947]: Changing UID / GID Apr 16 16:10:12.565344 osdx OSDx_DUT0[171947]: initialization finished, entering main loop Apr 16 16:10:12.567618 osdx cfgd[1833]: [165502]Completed change to active configuration Apr 16 16:10:12.588067 osdx OSDxCLI[165502]: User 'admin' committed the configuration. Apr 16 16:10:12.611791 osdx OSDxCLI[165502]: User 'admin' left the configuration menu. Apr 16 16:10:13.729827 osdx OSDx_DUT0[171947]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 Apr 16 16:10:13.729850 osdx OSDx_DUT0[171947]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 Apr 16 16:10:13.854737 osdx OSDx_DUT0[171947]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 Apr 16 16:10:13.854761 osdx OSDx_DUT0[171947]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 Apr 16 16:10:14.008757 osdx OSDxCLI[165502]: User 'admin' executed a new command: 'system journal show | cat'. Apr 16 16:10:14.155258 osdx OSDxCLI[165502]: User 'admin' entered the configuration menu. Apr 16 16:10:14.235362 osdx OSDxCLI[165502]: User 'admin' added a new cfg line: 'delete system conntrack logging identity'. Apr 16 16:10:14.317145 osdx OSDxCLI[165502]: User 'admin' added a new cfg line: 'show changes'. Apr 16 16:10:14.446844 osdx ubnt-cfgd[171984]: inactive Apr 16 16:10:14.629653 osdx INFO[171990]: FRR daemons did not change Apr 16 16:10:14.645250 osdx systemd[1]: Stopping ulogd2.service - Netfilter Userspace Logging Daemon... Apr 16 16:10:14.645605 osdx OSDx_DUT0[171947]: Terminal signal received, exiting Apr 16 16:10:14.646055 osdx systemd[1]: ulogd2.service: Deactivated successfully. Apr 16 16:10:14.646185 osdx systemd[1]: Stopped ulogd2.service - Netfilter Userspace Logging Daemon. Apr 16 16:10:14.668653 osdx systemd[1]: Starting ulogd2.service - Netfilter Userspace Logging Daemon... Apr 16 16:10:14.670777 osdx ulogd[171998]: registering plugin `NFCT' Apr 16 16:10:14.670827 osdx ulogd[171998]: registering plugin `IP2STR' Apr 16 16:10:14.670876 osdx ulogd[171998]: registering plugin `PRINTFLOW' Apr 16 16:10:14.670927 osdx ulogd[171998]: registering plugin `SYSLOG' Apr 16 16:10:14.670932 osdx ulogd[171998]: building new pluginstance stack: 'ct1:NFCT,ip2str1:IP2STR,print1:PRINTFLOW,sys1:SYSLOG' Apr 16 16:10:14.670984 osdx ulogd[171998]: NFCT plugin working in event mode Apr 16 16:10:14.671351 osdx systemd[1]: Started ulogd2.service - Netfilter Userspace Logging Daemon. Apr 16 16:10:14.670996 osdx ulogd[171998]: Changing UID / GID Apr 16 16:10:14.672547 osdx ulogd[171998]: initialization finished, entering main loop Apr 16 16:10:14.675467 osdx cfgd[1833]: [165502]Completed change to active configuration Apr 16 16:10:14.679056 osdx ulogd[171998]: [DESTROY] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 Apr 16 16:10:14.679080 osdx ulogd[171998]: [DESTROY] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 Apr 16 16:10:14.680180 osdx OSDxCLI[165502]: User 'admin' committed the configuration. Apr 16 16:10:14.725732 osdx OSDxCLI[165502]: User 'admin' left the configuration menu. Apr 16 16:10:14.955807 osdx ulogd[171998]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 Apr 16 16:10:14.955831 osdx ulogd[171998]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0
Policies logging
Description
Set a simple configuration with mark and label traffic policies,
send a ping command from one device to other
and check that default, mark and label fields appear when running system journal show.
Scenario
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 192.168.100.1/24 set interfaces ethernet eth0 traffic policy in POLICY set system conntrack logging events all set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0' set traffic label TEST set traffic policy POLICY rule 1 set connmark 33 set traffic policy POLICY rule 1 set label TEST
Step 2: Set the following configuration in DUT1 :
set interfaces ethernet eth0 address 192.168.100.2/24 set protocols static route 0.0.0.0/0 next-hop 192.168.100.1 set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 3: Ping IP address 192.168.100.1 from DUT1:
admin@DUT1$ ping 192.168.100.1 count 1 size 56 timeout 1Show output
PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data. 64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.666 ms --- 192.168.100.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.666/0.666/0.666/0.000 ms
Step 4: Ping IP address 192.168.100.1 from DUT1:
admin@DUT1$ ping 192.168.100.1 count 2 size 56 timeout 1Show output
PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data. 64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.548 ms 64 bytes from 192.168.100.1: icmp_seq=2 ttl=64 time=0.308 ms --- 192.168.100.1 ping statistics --- 2 packets transmitted, 2 received, 0% packet loss, time 1008ms rtt min/avg/max/mdev = 0.308/0.428/0.548/0.120 ms
Step 5: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
ulogd\[.*\]:.*\[((NEW)|(UPDATE)|(DESTROY))\].*MARK=33.*LABELS=TESTShow output
Apr 16 16:10:24.346989 osdx systemd-journald[126917]: Runtime Journal (/run/log/journal/a3fecc5be5e949c7a083b0adeea4bb21) is 1.8M, max 13.8M, 11.9M free. Apr 16 16:10:24.347962 osdx systemd-journald[126917]: Received client request to rotate journal, rotating. Apr 16 16:10:24.348013 osdx systemd-journald[126917]: Vacuuming done, freed 0B of archived journals from /run/log/journal/a3fecc5be5e949c7a083b0adeea4bb21. Apr 16 16:10:24.360355 osdx OSDxCLI[165502]: User 'admin' executed a new command: 'system journal clear'. Apr 16 16:10:24.716348 osdx OSDxCLI[165502]: User 'admin' executed a new command: 'system coredump delete all'. Apr 16 16:10:24.976501 osdx OSDxCLI[165502]: User 'admin' entered the configuration menu. Apr 16 16:10:25.119861 osdx OSDxCLI[165502]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 traffic policy in POLICY'. Apr 16 16:10:25.186893 osdx OSDxCLI[165502]: User 'admin' added a new cfg line: 'set traffic label TEST'. Apr 16 16:10:25.296156 osdx OSDxCLI[165502]: User 'admin' added a new cfg line: 'set traffic policy POLICY rule 1 set connmark 33'. Apr 16 16:10:25.399085 osdx OSDxCLI[165502]: User 'admin' added a new cfg line: 'set traffic policy POLICY rule 1 set label TEST'. Apr 16 16:10:25.513947 osdx OSDxCLI[165502]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 192.168.100.1/24'. Apr 16 16:10:25.605991 osdx OSDxCLI[165502]: User 'admin' added a new cfg line: 'set system conntrack logging events all'. Apr 16 16:10:25.891448 osdx OSDxCLI[165502]: User 'admin' added a new cfg line: 'show working'. Apr 16 16:10:25.970524 osdx ubnt-cfgd[172183]: inactive Apr 16 16:10:26.002951 osdx INFO[172197]: FRR daemons did not change Apr 16 16:10:26.787986 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Apr 16 16:10:26.840899 osdx WARNING[172269]: No supported link modes on interface eth0 Apr 16 16:10:26.842804 osdx modulelauncher[172269]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on Apr 16 16:10:26.842818 osdx modulelauncher[172269]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76. Apr 16 16:10:26.844268 osdx modulelauncher[172269]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Pause off Asym_Pause off -- Apr 16 16:10:26.844280 osdx modulelauncher[172269]: Command '/sbin/ethtool -s eth0 autoneg on advertise Pause off Asym_Pause off --' returned non-zero exit status 75. Apr 16 16:10:26.884305 osdx systemd[1]: Starting ulogd2.service - Netfilter Userspace Logging Daemon... Apr 16 16:10:26.885281 osdx systemd[1]: Started ulogd2.service - Netfilter Userspace Logging Daemon. Apr 16 16:10:26.885412 osdx ulogd[172294]: registering plugin `NFCT' Apr 16 16:10:26.885458 osdx ulogd[172294]: registering plugin `IP2STR' Apr 16 16:10:26.885501 osdx ulogd[172294]: registering plugin `PRINTFLOW' Apr 16 16:10:26.885551 osdx ulogd[172294]: registering plugin `SYSLOG' Apr 16 16:10:26.885556 osdx ulogd[172294]: building new pluginstance stack: 'ct1:NFCT,ip2str1:IP2STR,print1:PRINTFLOW,sys1:SYSLOG' Apr 16 16:10:26.885629 osdx ulogd[172294]: NFCT plugin working in event mode Apr 16 16:10:26.885642 osdx ulogd[172294]: Changing UID / GID Apr 16 16:10:26.885746 osdx ulogd[172294]: initialization finished, entering main loop Apr 16 16:10:26.897724 osdx ulogd[172294]: Terminal signal received, exiting Apr 16 16:10:26.897847 osdx systemd[1]: Stopping ulogd2.service - Netfilter Userspace Logging Daemon... Apr 16 16:10:26.898143 osdx systemd[1]: ulogd2.service: Deactivated successfully. Apr 16 16:10:26.898271 osdx systemd[1]: Stopped ulogd2.service - Netfilter Userspace Logging Daemon. Apr 16 16:10:26.899510 osdx systemd[1]: Starting ulogd2.service - Netfilter Userspace Logging Daemon... Apr 16 16:10:26.900639 osdx systemd[1]: Started ulogd2.service - Netfilter Userspace Logging Daemon. Apr 16 16:10:26.900676 osdx ulogd[172300]: registering plugin `NFCT' Apr 16 16:10:26.900712 osdx ulogd[172300]: registering plugin `IP2STR' Apr 16 16:10:26.900743 osdx ulogd[172300]: registering plugin `PRINTFLOW' Apr 16 16:10:26.900787 osdx ulogd[172300]: registering plugin `SYSLOG' Apr 16 16:10:26.900791 osdx ulogd[172300]: building new pluginstance stack: 'ct1:NFCT,ip2str1:IP2STR,print1:PRINTFLOW,sys1:SYSLOG' Apr 16 16:10:26.900831 osdx ulogd[172300]: NFCT plugin working in event mode Apr 16 16:10:26.900840 osdx ulogd[172300]: Changing UID / GID Apr 16 16:10:26.900918 osdx ulogd[172300]: initialization finished, entering main loop Apr 16 16:10:27.104371 osdx cfgd[1833]: [165502]Completed change to active configuration Apr 16 16:10:27.121692 osdx OSDxCLI[165502]: User 'admin' committed the configuration. Apr 16 16:10:27.146726 osdx OSDxCLI[165502]: User 'admin' left the configuration menu. Apr 16 16:10:28.208014 osdx ulogd[172300]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 MARK=33 LABELS=TEST Apr 16 16:10:28.208038 osdx ulogd[172300]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 MARK=33 Apr 16 16:10:28.292786 osdx ulogd[172300]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 MARK=33 LABELS=TEST Apr 16 16:10:28.292811 osdx ulogd[172300]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 MARK=33
VRF logging
Description
Set a simple configuration with a vrf,
send a ping command from one device to other
and check that default and vrf fields appear when running system journal show.
Scenario
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 192.168.100.1/24 set interfaces ethernet eth0 vrf RED set protocols vrf RED static route 0.0.0.0/0 next-hop 192.168.100.2 set system conntrack logging events all set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0' set system vrf RED
Step 2: Set the following configuration in DUT1 :
set interfaces ethernet eth0 address 192.168.100.2/24 set protocols static route 0.0.0.0/0 next-hop 192.168.100.1 set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 3: Ping IP address 192.168.100.1 from DUT1:
admin@DUT1$ ping 192.168.100.1 count 1 size 56 timeout 1Show output
PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data. 64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=1.19 ms --- 192.168.100.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 1.189/1.189/1.189/0.000 ms
Step 4: Ping IP address 192.168.100.1 from DUT1:
admin@DUT1$ ping 192.168.100.1 count 1 size 56 timeout 1Show output
PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data. 64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.493 ms --- 192.168.100.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.493/0.493/0.493/0.000 ms
Step 5: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
ulogd\[.*\]:.*\[((NEW)|(UPDATE)|(DESTROY))\].*VRF=REDShow output
Apr 16 16:10:38.412567 osdx systemd-journald[126917]: Runtime Journal (/run/log/journal/a3fecc5be5e949c7a083b0adeea4bb21) is 1.8M, max 13.8M, 11.9M free. Apr 16 16:10:38.414357 osdx systemd-journald[126917]: Received client request to rotate journal, rotating. Apr 16 16:10:38.414422 osdx systemd-journald[126917]: Vacuuming done, freed 0B of archived journals from /run/log/journal/a3fecc5be5e949c7a083b0adeea4bb21. Apr 16 16:10:38.427132 osdx OSDxCLI[165502]: User 'admin' executed a new command: 'system journal clear'. Apr 16 16:10:38.782484 osdx OSDxCLI[165502]: User 'admin' executed a new command: 'system coredump delete all'. Apr 16 16:10:40.125215 osdx OSDxCLI[165502]: User 'admin' entered the configuration menu. Apr 16 16:10:40.298165 osdx OSDxCLI[165502]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 vrf RED'. Apr 16 16:10:40.400530 osdx OSDxCLI[165502]: User 'admin' added a new cfg line: 'set protocols vrf RED static route 0.0.0.0/0 next-hop 192.168.100.2'. Apr 16 16:10:40.492134 osdx OSDxCLI[165502]: User 'admin' added a new cfg line: 'set system vrf RED'. Apr 16 16:10:40.618780 osdx OSDxCLI[165502]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 192.168.100.1/24'. Apr 16 16:10:40.747493 osdx OSDxCLI[165502]: User 'admin' added a new cfg line: 'set system conntrack logging events all'. Apr 16 16:10:40.865744 osdx OSDxCLI[165502]: User 'admin' added a new cfg line: 'show working'. Apr 16 16:10:40.975493 osdx ubnt-cfgd[172550]: inactive Apr 16 16:10:41.001634 osdx INFO[172556]: FRR daemons did not change Apr 16 16:10:41.011915 osdx (udev-worker)[172566]: RED: Could not disable auto negotiation, ignoring: Operation not supported Apr 16 16:10:41.011935 osdx (udev-worker)[172566]: Network interface NamePolicy= disabled on kernel command line. Apr 16 16:10:41.054364 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Apr 16 16:10:41.109658 osdx WARNING[172649]: No supported link modes on interface eth0 Apr 16 16:10:41.111267 osdx modulelauncher[172649]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on Apr 16 16:10:41.111283 osdx modulelauncher[172649]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76. Apr 16 16:10:41.112533 osdx modulelauncher[172649]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Pause off Asym_Pause off -- Apr 16 16:10:41.112543 osdx modulelauncher[172649]: Command '/sbin/ethtool -s eth0 autoneg on advertise Pause off Asym_Pause off --' returned non-zero exit status 75. Apr 16 16:10:41.126366 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Apr 16 16:10:41.810831 osdx systemd[1]: Starting ulogd2.service - Netfilter Userspace Logging Daemon... Apr 16 16:10:41.812189 osdx ulogd[172735]: registering plugin `NFCT' Apr 16 16:10:41.811999 osdx systemd[1]: Started ulogd2.service - Netfilter Userspace Logging Daemon. Apr 16 16:10:41.812234 osdx ulogd[172735]: registering plugin `IP2STR' Apr 16 16:10:41.812275 osdx ulogd[172735]: registering plugin `PRINTFLOW' Apr 16 16:10:41.812325 osdx ulogd[172735]: registering plugin `SYSLOG' Apr 16 16:10:41.812329 osdx ulogd[172735]: building new pluginstance stack: 'ct1:NFCT,ip2str1:IP2STR,print1:PRINTFLOW,sys1:SYSLOG' Apr 16 16:10:41.812392 osdx ulogd[172735]: NFCT plugin working in event mode Apr 16 16:10:41.812404 osdx ulogd[172735]: Changing UID / GID Apr 16 16:10:41.812499 osdx ulogd[172735]: initialization finished, entering main loop Apr 16 16:10:41.813739 osdx cfgd[1833]: [165502]Completed change to active configuration Apr 16 16:10:41.830604 osdx OSDxCLI[165502]: User 'admin' committed the configuration. Apr 16 16:10:41.854867 osdx OSDxCLI[165502]: User 'admin' left the configuration menu. Apr 16 16:10:42.946511 osdx ulogd[172735]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 VRF=RED PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 VRF=RED PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 Apr 16 16:10:42.946536 osdx ulogd[172735]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 VRF=RED PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 VRF=RED PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 Apr 16 16:10:43.146913 osdx ulogd[172735]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 VRF=RED PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 VRF=RED PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 Apr 16 16:10:43.146937 osdx ulogd[172735]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 VRF=RED PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 VRF=RED PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0
Not-Bypass logging
Description
Set a simple configuration with a firewall service,
send a ping command from one device to other
and check that default and bypass fields appear when running system journal show.
Scenario
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth1 address 10.215.168.64/24 set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 2: Ping IP address 10.215.168.1 from DUT0:
admin@DUT0$ ping 10.215.168.1 count 1 size 56 timeout 1Show output
PING 10.215.168.1 (10.215.168.1) 56(84) bytes of data. 64 bytes from 10.215.168.1: icmp_seq=1 ttl=64 time=0.988 ms --- 10.215.168.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.988/0.988/0.988/0.000 ms
Step 3: Run command file copy http://10.215.168.1/~robot/test-performance.rules running:// force at DUT0 and expect this output:
Show output
% Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 100 129 100 129 0 0 22839 0 --:--:-- --:--:-- --:--:-- 25800
Step 4: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 192.168.100.1/24 set interfaces ethernet eth0 traffic policy in POLICY set interfaces ethernet eth1 address 10.215.168.64/24 set service firewall FW mode inline queue FW_Q set service firewall FW ruleset file 'running://test-performance.rules' set service firewall FW stream bypass mark 129834765 set service firewall FW stream bypass mask 129834765 set service firewall FW stream bypass set-connmark set system conntrack logging events all set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0' set traffic policy POLICY rule 1 action enqueue FW_Q set traffic queue FW_Q elements 1
Step 5: Set the following configuration in DUT1 :
set interfaces ethernet eth0 address 192.168.100.2/24 set protocols static route 0.0.0.0/0 next-hop 192.168.100.1 set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 6: Ping IP address 192.168.100.1 from DUT1:
admin@DUT1$ ping 192.168.100.1 count 1 size 56 timeout 1Show output
PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data. 64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.789 ms --- 192.168.100.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.789/0.789/0.789/0.000 ms
Step 7: Ping IP address 192.168.100.1 from DUT1:
admin@DUT1$ ping 192.168.100.1 count 1 size 56 timeout 1Show output
PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data. 64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.947 ms --- 192.168.100.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.947/0.947/0.947/0.000 ms
Step 8: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
ulogd\[.*\]:.*\[((NEW)|(UPDATE)|(DESTROY))\].*Sc: not-bypassShow output
Apr 16 16:10:54.305372 osdx systemd-journald[126917]: Runtime Journal (/run/log/journal/a3fecc5be5e949c7a083b0adeea4bb21) is 1.8M, max 13.8M, 11.9M free. Apr 16 16:10:54.308947 osdx systemd-journald[126917]: Received client request to rotate journal, rotating. Apr 16 16:10:54.309019 osdx systemd-journald[126917]: Vacuuming done, freed 0B of archived journals from /run/log/journal/a3fecc5be5e949c7a083b0adeea4bb21. Apr 16 16:10:54.315505 osdx OSDxCLI[165502]: User 'admin' executed a new command: 'system journal clear'. Apr 16 16:10:54.589089 osdx OSDxCLI[165502]: User 'admin' executed a new command: 'system coredump delete all'. Apr 16 16:10:54.963400 osdx OSDxCLI[165502]: User 'admin' entered the configuration menu. Apr 16 16:10:55.108725 osdx OSDxCLI[165502]: User 'admin' added a new cfg line: 'set interfaces ethernet eth1 address 10.215.168.64/24'. Apr 16 16:10:55.229052 osdx OSDxCLI[165502]: User 'admin' added a new cfg line: 'show working'. Apr 16 16:10:55.310040 osdx ubnt-cfgd[173022]: inactive Apr 16 16:10:55.330511 osdx INFO[173028]: FRR daemons did not change Apr 16 16:10:55.360954 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth1 Apr 16 16:10:55.415881 osdx WARNING[173097]: No supported link modes on interface eth1 Apr 16 16:10:55.417713 osdx modulelauncher[173097]: osdx.utils.xos cmd error: /sbin/ethtool -A eth1 autoneg on Apr 16 16:10:55.417728 osdx modulelauncher[173097]: Command '/sbin/ethtool -A eth1 autoneg on' returned non-zero exit status 76. Apr 16 16:10:55.419144 osdx modulelauncher[173097]: osdx.utils.xos cmd error: /sbin/ethtool -s eth1 autoneg on advertise Pause off Asym_Pause off -- Apr 16 16:10:55.419155 osdx modulelauncher[173097]: Command '/sbin/ethtool -s eth1 autoneg on advertise Pause off Asym_Pause off --' returned non-zero exit status 75. Apr 16 16:10:55.435150 osdx cfgd[1833]: [165502]Completed change to active configuration Apr 16 16:10:55.974879 osdx OSDxCLI[165502]: User 'admin' committed the configuration. Apr 16 16:10:55.994916 osdx OSDxCLI[165502]: User 'admin' left the configuration menu. Apr 16 16:10:56.798449 osdx OSDxCLI[165502]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'. Apr 16 16:10:56.970433 osdx file_operation[173154]: using src url: http://10.215.168.1/~robot/test-performance.rules dst url: running:// Apr 16 16:10:57.001677 osdx OSDxCLI[165502]: User 'admin' executed a new command: 'file copy http://10.215.168.1/~robot/test-performance.rules running:// force'. Apr 16 16:10:57.308611 osdx OSDxCLI[165502]: User 'admin' entered the configuration menu. Apr 16 16:10:57.445497 osdx OSDxCLI[165502]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 traffic policy in POLICY'. Apr 16 16:10:57.541313 osdx OSDxCLI[165502]: User 'admin' added a new cfg line: 'set service firewall FW mode inline queue FW_Q'. Apr 16 16:10:57.622833 osdx OSDxCLI[165502]: User 'admin' added a new cfg line: 'set service firewall FW ruleset file running://test-performance.rules'. Apr 16 16:10:57.755499 osdx OSDxCLI[165502]: User 'admin' added a new cfg line: 'set service firewall FW stream bypass'. Apr 16 16:10:57.821474 osdx OSDxCLI[165502]: User 'admin' added a new cfg line: 'set service firewall FW stream bypass mark 129834765'. Apr 16 16:10:57.926738 osdx OSDxCLI[165502]: User 'admin' added a new cfg line: 'set service firewall FW stream bypass mask 129834765'. Apr 16 16:10:58.004531 osdx OSDxCLI[165502]: User 'admin' added a new cfg line: 'set service firewall FW stream bypass set-connmark'. Apr 16 16:10:58.099825 osdx OSDxCLI[165502]: User 'admin' added a new cfg line: 'set traffic queue FW_Q elements 1'. Apr 16 16:10:58.182012 osdx OSDxCLI[165502]: User 'admin' added a new cfg line: 'set traffic policy POLICY rule 1 action enqueue FW_Q'. Apr 16 16:10:58.572459 osdx OSDxCLI[165502]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 192.168.100.1/24'. Apr 16 16:10:58.646426 osdx OSDxCLI[165502]: User 'admin' added a new cfg line: 'set system conntrack logging events all'. Apr 16 16:10:58.815020 osdx OSDxCLI[165502]: User 'admin' added a new cfg line: 'show working'. Apr 16 16:10:58.918357 osdx ubnt-cfgd[173194]: inactive Apr 16 16:10:58.964647 osdx INFO[173211]: FRR daemons did not change Apr 16 16:10:59.004929 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Apr 16 16:10:59.057674 osdx WARNING[173283]: No supported link modes on interface eth0 Apr 16 16:10:59.059299 osdx modulelauncher[173283]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on Apr 16 16:10:59.059313 osdx modulelauncher[173283]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76. Apr 16 16:10:59.060854 osdx modulelauncher[173283]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Pause off Asym_Pause off -- Apr 16 16:10:59.060866 osdx modulelauncher[173283]: Command '/sbin/ethtool -s eth0 autoneg on advertise Pause off Asym_Pause off --' returned non-zero exit status 75. Apr 16 16:10:59.109341 osdx systemd[1]: Starting ulogd2.service - Netfilter Userspace Logging Daemon... Apr 16 16:10:59.110175 osdx systemd[1]: Started ulogd2.service - Netfilter Userspace Logging Daemon. Apr 16 16:10:59.110424 osdx ulogd[173308]: registering plugin `NFCT' Apr 16 16:10:59.110473 osdx ulogd[173308]: registering plugin `IP2STR' Apr 16 16:10:59.110513 osdx ulogd[173308]: registering plugin `PRINTFLOW' Apr 16 16:10:59.110579 osdx ulogd[173308]: registering plugin `SYSLOG' Apr 16 16:10:59.110583 osdx ulogd[173308]: building new pluginstance stack: 'ct1:NFCT,ip2str1:IP2STR,print1:PRINTFLOW,sys1:SYSLOG' Apr 16 16:10:59.110632 osdx ulogd[173308]: NFCT plugin working in event mode Apr 16 16:10:59.110640 osdx ulogd[173308]: Changing UID / GID Apr 16 16:10:59.110709 osdx ulogd[173308]: initialization finished, entering main loop Apr 16 16:10:59.362764 osdx ulogd[173308]: Terminal signal received, exiting Apr 16 16:10:59.362895 osdx systemd[1]: Stopping ulogd2.service - Netfilter Userspace Logging Daemon... Apr 16 16:10:59.363162 osdx systemd[1]: ulogd2.service: Deactivated successfully. Apr 16 16:10:59.363266 osdx systemd[1]: Stopped ulogd2.service - Netfilter Userspace Logging Daemon. Apr 16 16:10:59.397426 osdx systemd[1]: Starting ulogd2.service - Netfilter Userspace Logging Daemon... Apr 16 16:10:59.398303 osdx systemd[1]: Started ulogd2.service - Netfilter Userspace Logging Daemon. Apr 16 16:10:59.398509 osdx ulogd[173336]: registering plugin `NFCT' Apr 16 16:10:59.398573 osdx ulogd[173336]: registering plugin `IP2STR' Apr 16 16:10:59.398625 osdx ulogd[173336]: registering plugin `PRINTFLOW' Apr 16 16:10:59.398672 osdx ulogd[173336]: registering plugin `SYSLOG' Apr 16 16:10:59.398676 osdx ulogd[173336]: building new pluginstance stack: 'ct1:NFCT,ip2str1:IP2STR,print1:PRINTFLOW,sys1:SYSLOG' Apr 16 16:10:59.398730 osdx ulogd[173336]: NFCT plugin working in event mode Apr 16 16:10:59.398742 osdx ulogd[173336]: Changing UID / GID Apr 16 16:10:59.398854 osdx ulogd[173336]: initialization finished, entering main loop Apr 16 16:10:59.455729 osdx systemd[1]: Reloading. Apr 16 16:10:59.508944 osdx systemd-sysv-generator[173356]: stat() failed on /etc/init.d/README, ignoring: No such file or directory Apr 16 16:10:59.645533 osdx systemd[1]: Starting logrotate.service - Rotate log files... Apr 16 16:10:59.656402 osdx systemd[1]: Created slice system-suricata.slice - Slice /system/suricata. Apr 16 16:10:59.658444 osdx systemd[1]: Starting suricata@FW.service - Suricata client "FW" service... Apr 16 16:10:59.681518 osdx systemd[1]: logrotate.service: Deactivated successfully. Apr 16 16:10:59.681684 osdx systemd[1]: Finished logrotate.service - Rotate log files. Apr 16 16:10:59.965972 osdx systemd[1]: Started suricata@FW.service - Suricata client "FW" service. Apr 16 16:11:00.414146 osdx INFO[173338]: Rules successfully loaded Apr 16 16:11:00.414860 osdx cfgd[1833]: [165502]Completed change to active configuration Apr 16 16:11:00.428340 osdx OSDxCLI[165502]: User 'admin' committed the configuration. Apr 16 16:11:00.452080 osdx OSDxCLI[165502]: User 'admin' left the configuration menu. Apr 16 16:11:01.455521 osdx ulogd[173336]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 (Sc: not-bypass) Apr 16 16:11:01.455544 osdx ulogd[173336]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 (Sc: not-bypass) Apr 16 16:11:01.585413 osdx ulogd[173336]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 (Sc: not-bypass) Apr 16 16:11:01.585438 osdx ulogd[173336]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 (Sc: not-bypass)
Offload flag
Description
Set a simple configuration with DUT0 as an intermediary between DUT1
and DUT2. Initiate a ssh connection from DUT1 to DUT2
and check that default and offload fields appear when running system journal show.
Scenario
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 192.168.100.1/24 set interfaces ethernet eth1 address 192.168.200.1/24 set system conntrack logging events all set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 2: Set the following configuration in DUT1 :
set interfaces ethernet eth0 address 192.168.100.2/24 set protocols static route 0.0.0.0/0 next-hop 192.168.100.1 set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 3: Set the following configuration in DUT2 :
set interfaces ethernet eth0 address 192.168.200.2/24 set protocols static route 0.0.0.0/0 next-hop 192.168.200.1 set service ssh set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 4: Ping IP address 192.168.100.1 from DUT1:
admin@DUT1$ ping 192.168.100.1 count 1 size 56 timeout 1Show output
PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data. 64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.801 ms --- 192.168.100.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.801/0.801/0.801/0.000 ms
Step 5: Ping IP address 192.168.200.1 from DUT2:
admin@DUT2$ ping 192.168.200.1 count 1 size 56 timeout 1Show output
PING 192.168.200.1 (192.168.200.1) 56(84) bytes of data. 64 bytes from 192.168.200.1: icmp_seq=1 ttl=64 time=0.773 ms --- 192.168.200.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.773/0.773/0.773/0.000 ms
Step 6: Init an SSH connection from DUT1 to IP address 192.168.200.2 with the user admin:
admin@DUT1$ ssh admin@192.168.200.2 option StrictHostKeyChecking=no option UserKnownHostsFile=/dev/nullShow output
Warning: Permanently added '192.168.200.2' (ECDSA) to the list of known hosts. admin@192.168.200.2's password: Welcome to Teldat OSDx v4.2.9.2 This system includes free software. Contact Teldat for licenses information and source code. Last login: Thu Apr 16 15:21:02 2026 from 10.0.0.2 admin@osdx$
Step 7: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
ulogd\[.*\]:.*\[((NEW)|(UPDATE)|(DESTROY))\].*\[OFFLOAD\]Show output
Apr 16 16:11:10.387074 osdx systemd-journald[126917]: Runtime Journal (/run/log/journal/a3fecc5be5e949c7a083b0adeea4bb21) is 1.8M, max 13.8M, 11.9M free. Apr 16 16:11:10.388601 osdx systemd-journald[126917]: Received client request to rotate journal, rotating. Apr 16 16:11:10.388681 osdx systemd-journald[126917]: Vacuuming done, freed 0B of archived journals from /run/log/journal/a3fecc5be5e949c7a083b0adeea4bb21. Apr 16 16:11:10.403271 osdx OSDxCLI[165502]: User 'admin' executed a new command: 'system journal clear'. Apr 16 16:11:10.821728 osdx OSDxCLI[165502]: User 'admin' executed a new command: 'system coredump delete all'. Apr 16 16:11:11.212124 osdx OSDxCLI[165502]: User 'admin' entered the configuration menu. Apr 16 16:11:11.361115 osdx OSDxCLI[165502]: User 'admin' added a new cfg line: 'set interfaces ethernet eth1 address 192.168.200.1/24'. Apr 16 16:11:11.455223 osdx OSDxCLI[165502]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 192.168.100.1/24'. Apr 16 16:11:11.602104 osdx OSDxCLI[165502]: User 'admin' added a new cfg line: 'set system conntrack logging events all'. Apr 16 16:11:11.734263 osdx OSDxCLI[165502]: User 'admin' added a new cfg line: 'show working'. Apr 16 16:11:11.873499 osdx ubnt-cfgd[173686]: inactive Apr 16 16:11:11.900487 osdx INFO[173692]: FRR daemons did not change Apr 16 16:11:11.940050 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth1 Apr 16 16:11:12.005782 osdx WARNING[173764]: No supported link modes on interface eth1 Apr 16 16:11:12.007753 osdx modulelauncher[173764]: osdx.utils.xos cmd error: /sbin/ethtool -A eth1 autoneg on Apr 16 16:11:12.007769 osdx modulelauncher[173764]: Command '/sbin/ethtool -A eth1 autoneg on' returned non-zero exit status 76. Apr 16 16:11:12.009081 osdx modulelauncher[173764]: osdx.utils.xos cmd error: /sbin/ethtool -s eth1 autoneg on advertise Pause off Asym_Pause off -- Apr 16 16:11:12.009095 osdx modulelauncher[173764]: Command '/sbin/ethtool -s eth1 autoneg on advertise Pause off Asym_Pause off --' returned non-zero exit status 75. Apr 16 16:11:12.052090 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Apr 16 16:11:12.108305 osdx WARNING[173844]: No supported link modes on interface eth0 Apr 16 16:11:12.110127 osdx modulelauncher[173844]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on Apr 16 16:11:12.110155 osdx modulelauncher[173844]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76. Apr 16 16:11:12.111913 osdx modulelauncher[173844]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Pause off Asym_Pause off -- Apr 16 16:11:12.111925 osdx modulelauncher[173844]: Command '/sbin/ethtool -s eth0 autoneg on advertise Pause off Asym_Pause off --' returned non-zero exit status 75. Apr 16 16:11:12.180438 osdx systemd[1]: Starting ulogd2.service - Netfilter Userspace Logging Daemon... Apr 16 16:11:12.181652 osdx systemd[1]: Started ulogd2.service - Netfilter Userspace Logging Daemon. Apr 16 16:11:12.181856 osdx ulogd[173870]: registering plugin `NFCT' Apr 16 16:11:12.181907 osdx ulogd[173870]: registering plugin `IP2STR' Apr 16 16:11:12.181951 osdx ulogd[173870]: registering plugin `PRINTFLOW' Apr 16 16:11:12.181994 osdx ulogd[173870]: registering plugin `SYSLOG' Apr 16 16:11:12.181998 osdx ulogd[173870]: building new pluginstance stack: 'ct1:NFCT,ip2str1:IP2STR,print1:PRINTFLOW,sys1:SYSLOG' Apr 16 16:11:12.182038 osdx ulogd[173870]: NFCT plugin working in event mode Apr 16 16:11:12.182046 osdx ulogd[173870]: Changing UID / GID Apr 16 16:11:12.182115 osdx ulogd[173870]: initialization finished, entering main loop Apr 16 16:11:12.183205 osdx cfgd[1833]: [165502]Completed change to active configuration Apr 16 16:11:12.197499 osdx OSDxCLI[165502]: User 'admin' committed the configuration. Apr 16 16:11:12.250216 osdx OSDxCLI[165502]: User 'admin' left the configuration menu. Apr 16 16:11:14.860889 osdx ulogd[173870]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 Apr 16 16:11:14.860918 osdx ulogd[173870]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 Apr 16 16:11:14.984182 osdx ulogd[173870]: [NEW] ORIG: SRC=192.168.200.2 DST=192.168.200.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.200.1 DST=192.168.200.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 Apr 16 16:11:14.984206 osdx ulogd[173870]: [UPDATE] ORIG: SRC=192.168.200.2 DST=192.168.200.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.200.1 DST=192.168.200.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 Apr 16 16:11:15.105519 osdx ulogd[173870]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.200.2 PROTO=TCP SPT=55560 DPT=22 PKTS=0 BYTES=0 , REPLY: SRC=192.168.200.2 DST=192.168.100.2 PROTO=TCP SPT=22 DPT=55560 PKTS=0 BYTES=0 Apr 16 16:11:15.105718 osdx ulogd[173870]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.200.2 PROTO=TCP SPT=55560 DPT=22 PKTS=0 BYTES=0 , REPLY: SRC=192.168.200.2 DST=192.168.100.2 PROTO=TCP SPT=22 DPT=55560 PKTS=0 BYTES=0 Apr 16 16:11:15.105862 osdx ulogd[173870]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.200.2 PROTO=TCP SPT=55560 DPT=22 PKTS=0 BYTES=0 , REPLY: SRC=192.168.200.2 DST=192.168.100.2 PROTO=TCP SPT=22 DPT=55560 PKTS=0 BYTES=0 [OFFLOAD] Apr 16 16:11:16.551018 osdx ulogd[173870]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.200.2 PROTO=TCP SPT=55560 DPT=22 PKTS=0 BYTES=0 , REPLY: SRC=192.168.200.2 DST=192.168.100.2 PROTO=TCP SPT=22 DPT=55560 PKTS=0 BYTES=0 Apr 16 16:11:16.551203 osdx ulogd[173870]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.200.2 PROTO=TCP SPT=55560 DPT=22 PKTS=0 BYTES=0 , REPLY: SRC=192.168.200.2 DST=192.168.100.2 PROTO=TCP SPT=22 DPT=55560 PKTS=0 BYTES=0 [OFFLOAD] Apr 16 16:11:16.553236 osdx ulogd[173870]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.200.2 PROTO=TCP SPT=55560 DPT=22 PKTS=0 BYTES=0 , REPLY: SRC=192.168.200.2 DST=192.168.100.2 PROTO=TCP SPT=22 DPT=55560 PKTS=0 BYTES=0 Apr 16 16:11:16.561039 osdx ulogd[173870]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.200.2 PROTO=TCP SPT=55560 DPT=22 PKTS=0 BYTES=0 , REPLY: SRC=192.168.200.2 DST=192.168.100.2 PROTO=TCP SPT=22 DPT=55560 PKTS=0 BYTES=0 [OFFLOAD]
App detect logging
Description
Set a simple configuration enabling app detection in system conntrack, send a ping command from DUT1
and check app detect field appears when running system journal show. After that, enabling app detection
in system conntrack for http host, try to copy index.html from a http server
and check that the app detect field appears and belongs to the http server when running system journal show.
Scenario
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 192.168.100.1/24 set system conntrack app-detect set system conntrack logging events all set system conntrack timeout icmp 1 set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 2: Set the following configuration in DUT1 :
set interfaces ethernet eth0 address 192.168.100.2/24 set protocols static route 0.0.0.0/0 next-hop 192.168.100.1 set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 3: Ping IP address 192.168.100.1 from DUT1:
admin@DUT1$ ping 192.168.100.1 count 1 size 56 timeout 1Show output
PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data. 64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.959 ms --- 192.168.100.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.959/0.959/0.959/0.000 ms
Step 4: Ping IP address 192.168.100.1 from DUT1:
admin@DUT1$ ping 192.168.100.1 count 3 size 56 timeout 1Show output
PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data. 64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.262 ms 64 bytes from 192.168.100.1: icmp_seq=2 ttl=64 time=0.299 ms 64 bytes from 192.168.100.1: icmp_seq=3 ttl=64 time=0.309 ms --- 192.168.100.1 ping statistics --- 3 packets transmitted, 3 received, 0% packet loss, time 2035ms rtt min/avg/max/mdev = 0.262/0.290/0.309/0.020 ms
Step 5: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
ulogd\[.*\]:.*\[NEW\].*APPDETECT\[L3:1\]Show output
Apr 16 16:11:24.413235 osdx systemd-journald[126917]: Runtime Journal (/run/log/journal/a3fecc5be5e949c7a083b0adeea4bb21) is 1.8M, max 13.8M, 11.9M free. Apr 16 16:11:24.416127 osdx systemd-journald[126917]: Received client request to rotate journal, rotating. Apr 16 16:11:24.416183 osdx systemd-journald[126917]: Vacuuming done, freed 0B of archived journals from /run/log/journal/a3fecc5be5e949c7a083b0adeea4bb21. Apr 16 16:11:24.424853 osdx OSDxCLI[165502]: User 'admin' executed a new command: 'system journal clear'. Apr 16 16:11:24.656145 osdx OSDxCLI[165502]: User 'admin' executed a new command: 'system coredump delete all'. Apr 16 16:11:24.942720 osdx OSDxCLI[165502]: User 'admin' entered the configuration menu. Apr 16 16:11:25.031427 osdx OSDxCLI[165502]: User 'admin' added a new cfg line: 'set system conntrack app-detect'. Apr 16 16:11:25.137850 osdx OSDxCLI[165502]: User 'admin' added a new cfg line: 'set system conntrack timeout icmp 1'. Apr 16 16:11:25.256961 osdx OSDxCLI[165502]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 192.168.100.1/24'. Apr 16 16:11:25.318775 osdx OSDxCLI[165502]: User 'admin' added a new cfg line: 'set system conntrack logging events all'. Apr 16 16:11:25.444196 osdx OSDxCLI[165502]: User 'admin' added a new cfg line: 'show working'. Apr 16 16:11:25.526778 osdx ubnt-cfgd[174108]: inactive Apr 16 16:11:25.549028 osdx INFO[174114]: FRR daemons did not change Apr 16 16:11:25.748124 osdx kernel: nfUDPlink: module init Apr 16 16:11:25.748171 osdx kernel: app-detect: module init Apr 16 16:11:25.748180 osdx kernel: app-detect: registered: sysctl net.appdetect Apr 16 16:11:25.748192 osdx kernel: nfUDPlink: connected 127.0.0.1:49000 Apr 16 16:11:25.748200 osdx kernel: nfUDPlink: added destination 127.0.0.1:49000 Apr 16 16:11:25.748209 osdx kernel: app-detect: expression init Apr 16 16:11:25.748220 osdx kernel: app-detect: appid cache initialized (override=yes, chained=yes) Apr 16 16:11:25.748229 osdx kernel: app-detect: cache changes counter set appid_changes_count found (klen=4, dlen=4) Apr 16 16:11:25.756545 osdx modulelauncher[174117]: AppDetect: no appdetect_chain refresh needed, nothing more to do Apr 16 16:11:25.759341 osdx INFO[174142]: Stopping Traffic Categorization (TCATD) service ... Apr 16 16:11:25.822745 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Apr 16 16:11:25.888863 osdx WARNING[174217]: No supported link modes on interface eth0 Apr 16 16:11:25.890826 osdx modulelauncher[174217]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on Apr 16 16:11:25.890840 osdx modulelauncher[174217]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76. Apr 16 16:11:25.892439 osdx modulelauncher[174217]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Pause off Asym_Pause off -- Apr 16 16:11:25.892449 osdx modulelauncher[174217]: Command '/sbin/ethtool -s eth0 autoneg on advertise Pause off Asym_Pause off --' returned non-zero exit status 75. Apr 16 16:11:25.940504 osdx systemd[1]: Starting ulogd2.service - Netfilter Userspace Logging Daemon... Apr 16 16:11:25.941603 osdx systemd[1]: Started ulogd2.service - Netfilter Userspace Logging Daemon. Apr 16 16:11:25.941800 osdx ulogd[174242]: registering plugin `NFCT' Apr 16 16:11:25.941848 osdx ulogd[174242]: registering plugin `IP2STR' Apr 16 16:11:25.941890 osdx ulogd[174242]: registering plugin `PRINTFLOW' Apr 16 16:11:25.941939 osdx ulogd[174242]: registering plugin `SYSLOG' Apr 16 16:11:25.941943 osdx ulogd[174242]: building new pluginstance stack: 'ct1:NFCT,ip2str1:IP2STR,print1:PRINTFLOW,sys1:SYSLOG' Apr 16 16:11:25.942001 osdx ulogd[174242]: NFCT plugin working in event mode Apr 16 16:11:25.942014 osdx ulogd[174242]: Changing UID / GID Apr 16 16:11:25.942291 osdx ulogd[174242]: initialization finished, entering main loop Apr 16 16:11:25.943734 osdx cfgd[1833]: [165502]Completed change to active configuration Apr 16 16:11:25.959217 osdx OSDxCLI[165502]: User 'admin' committed the configuration. Apr 16 16:11:25.995254 osdx OSDxCLI[165502]: User 'admin' left the configuration menu. Apr 16 16:11:27.928137 osdx ulogd[174242]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Apr 16 16:11:27.928160 osdx ulogd[174242]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Apr 16 16:11:28.054207 osdx ulogd[174242]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Apr 16 16:11:28.054234 osdx ulogd[174242]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Apr 16 16:11:29.064830 osdx ulogd[174242]: [DESTROY] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 APPDETECT[L3:1] Apr 16 16:11:29.064854 osdx ulogd[174242]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Apr 16 16:11:29.064874 osdx ulogd[174242]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Apr 16 16:11:30.088851 osdx ulogd[174242]: [DESTROY] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 APPDETECT[L3:1] Apr 16 16:11:30.088875 osdx ulogd[174242]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Apr 16 16:11:30.088894 osdx ulogd[174242]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1]
Step 6: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
ulogd\[.*\]:.*\[UPDATE\].*APPDETECT\[L3:1\]Show output
Apr 16 16:11:24.413235 osdx systemd-journald[126917]: Runtime Journal (/run/log/journal/a3fecc5be5e949c7a083b0adeea4bb21) is 1.8M, max 13.8M, 11.9M free. Apr 16 16:11:24.416127 osdx systemd-journald[126917]: Received client request to rotate journal, rotating. Apr 16 16:11:24.416183 osdx systemd-journald[126917]: Vacuuming done, freed 0B of archived journals from /run/log/journal/a3fecc5be5e949c7a083b0adeea4bb21. Apr 16 16:11:24.424853 osdx OSDxCLI[165502]: User 'admin' executed a new command: 'system journal clear'. Apr 16 16:11:24.656145 osdx OSDxCLI[165502]: User 'admin' executed a new command: 'system coredump delete all'. Apr 16 16:11:24.942720 osdx OSDxCLI[165502]: User 'admin' entered the configuration menu. Apr 16 16:11:25.031427 osdx OSDxCLI[165502]: User 'admin' added a new cfg line: 'set system conntrack app-detect'. Apr 16 16:11:25.137850 osdx OSDxCLI[165502]: User 'admin' added a new cfg line: 'set system conntrack timeout icmp 1'. Apr 16 16:11:25.256961 osdx OSDxCLI[165502]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 192.168.100.1/24'. Apr 16 16:11:25.318775 osdx OSDxCLI[165502]: User 'admin' added a new cfg line: 'set system conntrack logging events all'. Apr 16 16:11:25.444196 osdx OSDxCLI[165502]: User 'admin' added a new cfg line: 'show working'. Apr 16 16:11:25.526778 osdx ubnt-cfgd[174108]: inactive Apr 16 16:11:25.549028 osdx INFO[174114]: FRR daemons did not change Apr 16 16:11:25.748124 osdx kernel: nfUDPlink: module init Apr 16 16:11:25.748171 osdx kernel: app-detect: module init Apr 16 16:11:25.748180 osdx kernel: app-detect: registered: sysctl net.appdetect Apr 16 16:11:25.748192 osdx kernel: nfUDPlink: connected 127.0.0.1:49000 Apr 16 16:11:25.748200 osdx kernel: nfUDPlink: added destination 127.0.0.1:49000 Apr 16 16:11:25.748209 osdx kernel: app-detect: expression init Apr 16 16:11:25.748220 osdx kernel: app-detect: appid cache initialized (override=yes, chained=yes) Apr 16 16:11:25.748229 osdx kernel: app-detect: cache changes counter set appid_changes_count found (klen=4, dlen=4) Apr 16 16:11:25.756545 osdx modulelauncher[174117]: AppDetect: no appdetect_chain refresh needed, nothing more to do Apr 16 16:11:25.759341 osdx INFO[174142]: Stopping Traffic Categorization (TCATD) service ... Apr 16 16:11:25.822745 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Apr 16 16:11:25.888863 osdx WARNING[174217]: No supported link modes on interface eth0 Apr 16 16:11:25.890826 osdx modulelauncher[174217]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on Apr 16 16:11:25.890840 osdx modulelauncher[174217]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76. Apr 16 16:11:25.892439 osdx modulelauncher[174217]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Pause off Asym_Pause off -- Apr 16 16:11:25.892449 osdx modulelauncher[174217]: Command '/sbin/ethtool -s eth0 autoneg on advertise Pause off Asym_Pause off --' returned non-zero exit status 75. Apr 16 16:11:25.940504 osdx systemd[1]: Starting ulogd2.service - Netfilter Userspace Logging Daemon... Apr 16 16:11:25.941603 osdx systemd[1]: Started ulogd2.service - Netfilter Userspace Logging Daemon. Apr 16 16:11:25.941800 osdx ulogd[174242]: registering plugin `NFCT' Apr 16 16:11:25.941848 osdx ulogd[174242]: registering plugin `IP2STR' Apr 16 16:11:25.941890 osdx ulogd[174242]: registering plugin `PRINTFLOW' Apr 16 16:11:25.941939 osdx ulogd[174242]: registering plugin `SYSLOG' Apr 16 16:11:25.941943 osdx ulogd[174242]: building new pluginstance stack: 'ct1:NFCT,ip2str1:IP2STR,print1:PRINTFLOW,sys1:SYSLOG' Apr 16 16:11:25.942001 osdx ulogd[174242]: NFCT plugin working in event mode Apr 16 16:11:25.942014 osdx ulogd[174242]: Changing UID / GID Apr 16 16:11:25.942291 osdx ulogd[174242]: initialization finished, entering main loop Apr 16 16:11:25.943734 osdx cfgd[1833]: [165502]Completed change to active configuration Apr 16 16:11:25.959217 osdx OSDxCLI[165502]: User 'admin' committed the configuration. Apr 16 16:11:25.995254 osdx OSDxCLI[165502]: User 'admin' left the configuration menu. Apr 16 16:11:27.928137 osdx ulogd[174242]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Apr 16 16:11:27.928160 osdx ulogd[174242]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Apr 16 16:11:28.054207 osdx ulogd[174242]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Apr 16 16:11:28.054234 osdx ulogd[174242]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Apr 16 16:11:29.064830 osdx ulogd[174242]: [DESTROY] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 APPDETECT[L3:1] Apr 16 16:11:29.064854 osdx ulogd[174242]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Apr 16 16:11:29.064874 osdx ulogd[174242]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Apr 16 16:11:30.088851 osdx ulogd[174242]: [DESTROY] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 APPDETECT[L3:1] Apr 16 16:11:30.088875 osdx ulogd[174242]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Apr 16 16:11:30.088894 osdx ulogd[174242]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Apr 16 16:11:30.215916 osdx OSDxCLI[165502]: User 'admin' executed a new command: 'system journal show | cat'.
Step 7: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
ulogd\[.*\]:.*\[DESTROY\].*APPDETECT\[L3:1\]Show output
Apr 16 16:11:24.413235 osdx systemd-journald[126917]: Runtime Journal (/run/log/journal/a3fecc5be5e949c7a083b0adeea4bb21) is 1.8M, max 13.8M, 11.9M free. Apr 16 16:11:24.416127 osdx systemd-journald[126917]: Received client request to rotate journal, rotating. Apr 16 16:11:24.416183 osdx systemd-journald[126917]: Vacuuming done, freed 0B of archived journals from /run/log/journal/a3fecc5be5e949c7a083b0adeea4bb21. Apr 16 16:11:24.424853 osdx OSDxCLI[165502]: User 'admin' executed a new command: 'system journal clear'. Apr 16 16:11:24.656145 osdx OSDxCLI[165502]: User 'admin' executed a new command: 'system coredump delete all'. Apr 16 16:11:24.942720 osdx OSDxCLI[165502]: User 'admin' entered the configuration menu. Apr 16 16:11:25.031427 osdx OSDxCLI[165502]: User 'admin' added a new cfg line: 'set system conntrack app-detect'. Apr 16 16:11:25.137850 osdx OSDxCLI[165502]: User 'admin' added a new cfg line: 'set system conntrack timeout icmp 1'. Apr 16 16:11:25.256961 osdx OSDxCLI[165502]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 192.168.100.1/24'. Apr 16 16:11:25.318775 osdx OSDxCLI[165502]: User 'admin' added a new cfg line: 'set system conntrack logging events all'. Apr 16 16:11:25.444196 osdx OSDxCLI[165502]: User 'admin' added a new cfg line: 'show working'. Apr 16 16:11:25.526778 osdx ubnt-cfgd[174108]: inactive Apr 16 16:11:25.549028 osdx INFO[174114]: FRR daemons did not change Apr 16 16:11:25.748124 osdx kernel: nfUDPlink: module init Apr 16 16:11:25.748171 osdx kernel: app-detect: module init Apr 16 16:11:25.748180 osdx kernel: app-detect: registered: sysctl net.appdetect Apr 16 16:11:25.748192 osdx kernel: nfUDPlink: connected 127.0.0.1:49000 Apr 16 16:11:25.748200 osdx kernel: nfUDPlink: added destination 127.0.0.1:49000 Apr 16 16:11:25.748209 osdx kernel: app-detect: expression init Apr 16 16:11:25.748220 osdx kernel: app-detect: appid cache initialized (override=yes, chained=yes) Apr 16 16:11:25.748229 osdx kernel: app-detect: cache changes counter set appid_changes_count found (klen=4, dlen=4) Apr 16 16:11:25.756545 osdx modulelauncher[174117]: AppDetect: no appdetect_chain refresh needed, nothing more to do Apr 16 16:11:25.759341 osdx INFO[174142]: Stopping Traffic Categorization (TCATD) service ... Apr 16 16:11:25.822745 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Apr 16 16:11:25.888863 osdx WARNING[174217]: No supported link modes on interface eth0 Apr 16 16:11:25.890826 osdx modulelauncher[174217]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on Apr 16 16:11:25.890840 osdx modulelauncher[174217]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76. Apr 16 16:11:25.892439 osdx modulelauncher[174217]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Pause off Asym_Pause off -- Apr 16 16:11:25.892449 osdx modulelauncher[174217]: Command '/sbin/ethtool -s eth0 autoneg on advertise Pause off Asym_Pause off --' returned non-zero exit status 75. Apr 16 16:11:25.940504 osdx systemd[1]: Starting ulogd2.service - Netfilter Userspace Logging Daemon... Apr 16 16:11:25.941603 osdx systemd[1]: Started ulogd2.service - Netfilter Userspace Logging Daemon. Apr 16 16:11:25.941800 osdx ulogd[174242]: registering plugin `NFCT' Apr 16 16:11:25.941848 osdx ulogd[174242]: registering plugin `IP2STR' Apr 16 16:11:25.941890 osdx ulogd[174242]: registering plugin `PRINTFLOW' Apr 16 16:11:25.941939 osdx ulogd[174242]: registering plugin `SYSLOG' Apr 16 16:11:25.941943 osdx ulogd[174242]: building new pluginstance stack: 'ct1:NFCT,ip2str1:IP2STR,print1:PRINTFLOW,sys1:SYSLOG' Apr 16 16:11:25.942001 osdx ulogd[174242]: NFCT plugin working in event mode Apr 16 16:11:25.942014 osdx ulogd[174242]: Changing UID / GID Apr 16 16:11:25.942291 osdx ulogd[174242]: initialization finished, entering main loop Apr 16 16:11:25.943734 osdx cfgd[1833]: [165502]Completed change to active configuration Apr 16 16:11:25.959217 osdx OSDxCLI[165502]: User 'admin' committed the configuration. Apr 16 16:11:25.995254 osdx OSDxCLI[165502]: User 'admin' left the configuration menu. Apr 16 16:11:27.928137 osdx ulogd[174242]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Apr 16 16:11:27.928160 osdx ulogd[174242]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Apr 16 16:11:28.054207 osdx ulogd[174242]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Apr 16 16:11:28.054234 osdx ulogd[174242]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Apr 16 16:11:29.064830 osdx ulogd[174242]: [DESTROY] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 APPDETECT[L3:1] Apr 16 16:11:29.064854 osdx ulogd[174242]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Apr 16 16:11:29.064874 osdx ulogd[174242]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Apr 16 16:11:30.088851 osdx ulogd[174242]: [DESTROY] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 APPDETECT[L3:1] Apr 16 16:11:30.088875 osdx ulogd[174242]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Apr 16 16:11:30.088894 osdx ulogd[174242]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Apr 16 16:11:30.215916 osdx OSDxCLI[165502]: User 'admin' executed a new command: 'system journal show | cat'. Apr 16 16:11:30.353307 osdx OSDxCLI[165502]: User 'admin' executed a new command: 'system journal show | cat'.
Step 8: Modify the following configuration lines in DUT0 :
set interfaces ethernet eth1 address 10.215.168.64/24 set system conntrack app-detect http-host
Step 9: Ping IP address 10.215.168.1 from DUT0:
admin@DUT0$ ping 10.215.168.1 count 1 size 56 timeout 1Show output
PING 10.215.168.1 (10.215.168.1) 56(84) bytes of data. 64 bytes from 10.215.168.1: icmp_seq=1 ttl=64 time=0.493 ms --- 10.215.168.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.493/0.493/0.493/0.000 ms
Step 10: Run command file copy http://10.215.168.1/~robot/ running://index.html force at DUT0 and expect this output:
Show output
% Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 100 1095 0 1095 0 0 149k 0 --:--:-- --:--:-- --:--:-- 152k
Step 11: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
ulogd\[.*\]:.*\[((NEW)|(UPDATE)|(DESTROY))\].*APPDETECT\[L4:80 http-host:10.215.168.1\]Show output
Apr 16 16:11:24.413235 osdx systemd-journald[126917]: Runtime Journal (/run/log/journal/a3fecc5be5e949c7a083b0adeea4bb21) is 1.8M, max 13.8M, 11.9M free. Apr 16 16:11:24.416127 osdx systemd-journald[126917]: Received client request to rotate journal, rotating. Apr 16 16:11:24.416183 osdx systemd-journald[126917]: Vacuuming done, freed 0B of archived journals from /run/log/journal/a3fecc5be5e949c7a083b0adeea4bb21. Apr 16 16:11:24.424853 osdx OSDxCLI[165502]: User 'admin' executed a new command: 'system journal clear'. Apr 16 16:11:24.656145 osdx OSDxCLI[165502]: User 'admin' executed a new command: 'system coredump delete all'. Apr 16 16:11:24.942720 osdx OSDxCLI[165502]: User 'admin' entered the configuration menu. Apr 16 16:11:25.031427 osdx OSDxCLI[165502]: User 'admin' added a new cfg line: 'set system conntrack app-detect'. Apr 16 16:11:25.137850 osdx OSDxCLI[165502]: User 'admin' added a new cfg line: 'set system conntrack timeout icmp 1'. Apr 16 16:11:25.256961 osdx OSDxCLI[165502]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 192.168.100.1/24'. Apr 16 16:11:25.318775 osdx OSDxCLI[165502]: User 'admin' added a new cfg line: 'set system conntrack logging events all'. Apr 16 16:11:25.444196 osdx OSDxCLI[165502]: User 'admin' added a new cfg line: 'show working'. Apr 16 16:11:25.526778 osdx ubnt-cfgd[174108]: inactive Apr 16 16:11:25.549028 osdx INFO[174114]: FRR daemons did not change Apr 16 16:11:25.748124 osdx kernel: nfUDPlink: module init Apr 16 16:11:25.748171 osdx kernel: app-detect: module init Apr 16 16:11:25.748180 osdx kernel: app-detect: registered: sysctl net.appdetect Apr 16 16:11:25.748192 osdx kernel: nfUDPlink: connected 127.0.0.1:49000 Apr 16 16:11:25.748200 osdx kernel: nfUDPlink: added destination 127.0.0.1:49000 Apr 16 16:11:25.748209 osdx kernel: app-detect: expression init Apr 16 16:11:25.748220 osdx kernel: app-detect: appid cache initialized (override=yes, chained=yes) Apr 16 16:11:25.748229 osdx kernel: app-detect: cache changes counter set appid_changes_count found (klen=4, dlen=4) Apr 16 16:11:25.756545 osdx modulelauncher[174117]: AppDetect: no appdetect_chain refresh needed, nothing more to do Apr 16 16:11:25.759341 osdx INFO[174142]: Stopping Traffic Categorization (TCATD) service ... Apr 16 16:11:25.822745 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Apr 16 16:11:25.888863 osdx WARNING[174217]: No supported link modes on interface eth0 Apr 16 16:11:25.890826 osdx modulelauncher[174217]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on Apr 16 16:11:25.890840 osdx modulelauncher[174217]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76. Apr 16 16:11:25.892439 osdx modulelauncher[174217]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Pause off Asym_Pause off -- Apr 16 16:11:25.892449 osdx modulelauncher[174217]: Command '/sbin/ethtool -s eth0 autoneg on advertise Pause off Asym_Pause off --' returned non-zero exit status 75. Apr 16 16:11:25.940504 osdx systemd[1]: Starting ulogd2.service - Netfilter Userspace Logging Daemon... Apr 16 16:11:25.941603 osdx systemd[1]: Started ulogd2.service - Netfilter Userspace Logging Daemon. Apr 16 16:11:25.941800 osdx ulogd[174242]: registering plugin `NFCT' Apr 16 16:11:25.941848 osdx ulogd[174242]: registering plugin `IP2STR' Apr 16 16:11:25.941890 osdx ulogd[174242]: registering plugin `PRINTFLOW' Apr 16 16:11:25.941939 osdx ulogd[174242]: registering plugin `SYSLOG' Apr 16 16:11:25.941943 osdx ulogd[174242]: building new pluginstance stack: 'ct1:NFCT,ip2str1:IP2STR,print1:PRINTFLOW,sys1:SYSLOG' Apr 16 16:11:25.942001 osdx ulogd[174242]: NFCT plugin working in event mode Apr 16 16:11:25.942014 osdx ulogd[174242]: Changing UID / GID Apr 16 16:11:25.942291 osdx ulogd[174242]: initialization finished, entering main loop Apr 16 16:11:25.943734 osdx cfgd[1833]: [165502]Completed change to active configuration Apr 16 16:11:25.959217 osdx OSDxCLI[165502]: User 'admin' committed the configuration. Apr 16 16:11:25.995254 osdx OSDxCLI[165502]: User 'admin' left the configuration menu. Apr 16 16:11:27.928137 osdx ulogd[174242]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Apr 16 16:11:27.928160 osdx ulogd[174242]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Apr 16 16:11:28.054207 osdx ulogd[174242]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Apr 16 16:11:28.054234 osdx ulogd[174242]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Apr 16 16:11:29.064830 osdx ulogd[174242]: [DESTROY] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 APPDETECT[L3:1] Apr 16 16:11:29.064854 osdx ulogd[174242]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Apr 16 16:11:29.064874 osdx ulogd[174242]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Apr 16 16:11:30.088851 osdx ulogd[174242]: [DESTROY] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 APPDETECT[L3:1] Apr 16 16:11:30.088875 osdx ulogd[174242]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Apr 16 16:11:30.088894 osdx ulogd[174242]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Apr 16 16:11:30.215916 osdx OSDxCLI[165502]: User 'admin' executed a new command: 'system journal show | cat'. Apr 16 16:11:30.353307 osdx OSDxCLI[165502]: User 'admin' executed a new command: 'system journal show | cat'. Apr 16 16:11:30.523595 osdx OSDxCLI[165502]: User 'admin' executed a new command: 'system journal show | cat'. Apr 16 16:11:30.794172 osdx OSDxCLI[165502]: User 'admin' entered the configuration menu. Apr 16 16:11:30.901470 osdx OSDxCLI[165502]: User 'admin' added a new cfg line: 'set interfaces ethernet eth1 address 10.215.168.64/24'. Apr 16 16:11:30.973588 osdx OSDxCLI[165502]: User 'admin' added a new cfg line: 'set system conntrack app-detect http-host'. Apr 16 16:11:31.105196 osdx OSDxCLI[165502]: User 'admin' added a new cfg line: 'show changes'. Apr 16 16:11:31.326950 osdx ubnt-cfgd[174295]: inactive Apr 16 16:11:31.350086 osdx INFO[174301]: FRR daemons did not change Apr 16 16:11:31.396130 osdx kernel: app-detect: expression destroy Apr 16 16:11:31.408137 osdx kernel: app-detect: expression init Apr 16 16:11:31.408200 osdx kernel: app-detect: appid cache initialized (override=yes, chained=yes) Apr 16 16:11:31.408219 osdx kernel: app-detect: cache changes counter set appid_changes_count found (klen=4, dlen=4) Apr 16 16:11:31.416567 osdx modulelauncher[174304]: AppDetect: no appdetect_chain refresh needed, nothing more to do Apr 16 16:11:31.419751 osdx INFO[174320]: Stopping Traffic Categorization (TCATD) service ... Apr 16 16:11:31.464122 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth1 Apr 16 16:11:31.521913 osdx WARNING[174390]: No supported link modes on interface eth1 Apr 16 16:11:31.524086 osdx modulelauncher[174390]: osdx.utils.xos cmd error: /sbin/ethtool -A eth1 autoneg on Apr 16 16:11:31.524115 osdx modulelauncher[174390]: Command '/sbin/ethtool -A eth1 autoneg on' returned non-zero exit status 76. Apr 16 16:11:31.525925 osdx modulelauncher[174390]: osdx.utils.xos cmd error: /sbin/ethtool -s eth1 autoneg on advertise Pause off Asym_Pause off -- Apr 16 16:11:31.525936 osdx modulelauncher[174390]: Command '/sbin/ethtool -s eth1 autoneg on advertise Pause off Asym_Pause off --' returned non-zero exit status 75. Apr 16 16:11:31.539091 osdx cfgd[1833]: [165502]Completed change to active configuration Apr 16 16:11:31.550345 osdx ulogd[174242]: [DESTROY] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 APPDETECT[L3:1] Apr 16 16:11:31.550365 osdx ulogd[174242]: [DESTROY] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 APPDETECT[L3:1] Apr 16 16:11:31.551117 osdx OSDxCLI[165502]: User 'admin' committed the configuration. Apr 16 16:11:31.579916 osdx OSDxCLI[165502]: User 'admin' left the configuration menu. Apr 16 16:11:31.734480 osdx ulogd[174242]: [NEW] ORIG: SRC=10.215.168.64 DST=10.215.168.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=10.215.168.1 DST=10.215.168.64 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Apr 16 16:11:31.734509 osdx ulogd[174242]: [UPDATE] ORIG: SRC=10.215.168.64 DST=10.215.168.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=10.215.168.1 DST=10.215.168.64 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1] Apr 16 16:11:31.735503 osdx OSDxCLI[165502]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'. Apr 16 16:11:31.897671 osdx file_operation[174447]: using src url: http://10.215.168.1/~robot/ dst url: running://index.html Apr 16 16:11:31.906829 osdx ulogd[174242]: [NEW] ORIG: SRC=10.215.168.64 DST=10.215.168.1 PROTO=TCP SPT=42286 DPT=80 PKTS=0 BYTES=0 , REPLY: SRC=10.215.168.1 DST=10.215.168.64 PROTO=TCP SPT=80 DPT=42286 PKTS=0 BYTES=0 APPDETECT[L4:80] Apr 16 16:11:31.906854 osdx ulogd[174242]: [UPDATE] ORIG: SRC=10.215.168.64 DST=10.215.168.1 PROTO=TCP SPT=42286 DPT=80 PKTS=0 BYTES=0 , REPLY: SRC=10.215.168.1 DST=10.215.168.64 PROTO=TCP SPT=80 DPT=42286 PKTS=0 BYTES=0 APPDETECT[L4:80] Apr 16 16:11:31.906870 osdx ulogd[174242]: [UPDATE] ORIG: SRC=10.215.168.64 DST=10.215.168.1 PROTO=TCP SPT=42286 DPT=80 PKTS=0 BYTES=0 , REPLY: SRC=10.215.168.1 DST=10.215.168.64 PROTO=TCP SPT=80 DPT=42286 PKTS=0 BYTES=0 APPDETECT[L4:80] Apr 16 16:11:31.906886 osdx ulogd[174242]: [UPDATE] ORIG: SRC=10.215.168.64 DST=10.215.168.1 PROTO=TCP SPT=42286 DPT=80 PKTS=0 BYTES=0 , REPLY: SRC=10.215.168.1 DST=10.215.168.64 PROTO=TCP SPT=80 DPT=42286 PKTS=0 BYTES=0 APPDETECT[L4:80 http-host:10.215.168.1] Apr 16 16:11:31.933336 osdx OSDxCLI[165502]: User 'admin' executed a new command: 'file copy http://10.215.168.1/~robot/ running://index.html force'. Apr 16 16:11:31.950493 osdx ulogd[174242]: [UPDATE] ORIG: SRC=10.215.168.64 DST=10.215.168.1 PROTO=TCP SPT=42286 DPT=80 PKTS=0 BYTES=0 , REPLY: SRC=10.215.168.1 DST=10.215.168.64 PROTO=TCP SPT=80 DPT=42286 PKTS=0 BYTES=0 APPDETECT[L4:80 http-host:10.215.168.1]
App Detect Drop Packet
Description
Set a traffic policy with action drop for all the packets matching an appid specified by a traffic selector.
Enable http-host and http-url option in system conntrack appdetect path in order to see relevant information about http packets.
Finnally, log that packets with app-id option and check that appdetect field appear in journal when
running system journal show
Scenario
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth1 address 10.215.168.64/24 set interfaces ethernet eth1 traffic policy out DROP set system conntrack app-detect dictionary 130 custom app-id 155 fqdn 10.215.168.1 set system conntrack app-detect enable_dict_match_priv_ip set system conntrack app-detect http-host set system conntrack app-detect http-url set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0' set traffic policy DROP rule 1 action drop set traffic policy DROP rule 1 log app-id set traffic policy DROP rule 1 selector APPID set traffic selector APPID rule 1 app-detect app-id custom 155
Step 2: Ping IP address 10.215.168.1 from DUT0:
admin@DUT0$ ping 10.215.168.1 count 1 size 56 timeout 1Show output
PING 10.215.168.1 (10.215.168.1) 56(84) bytes of data. 64 bytes from 10.215.168.1: icmp_seq=1 ttl=64 time=2.18 ms --- 10.215.168.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 2.183/2.183/2.183/0.000 ms
Step 3: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
osdx kernel:.*APPDETECT\[U6:155 http-url:/~robot/ http-host:10.215.168.1\]Show output
Apr 16 16:11:39.364673 osdx systemd-journald[126917]: Runtime Journal (/run/log/journal/a3fecc5be5e949c7a083b0adeea4bb21) is 1.8M, max 13.8M, 11.9M free. Apr 16 16:11:39.367150 osdx systemd-journald[126917]: Received client request to rotate journal, rotating. Apr 16 16:11:39.367225 osdx systemd-journald[126917]: Vacuuming done, freed 0B of archived journals from /run/log/journal/a3fecc5be5e949c7a083b0adeea4bb21. Apr 16 16:11:39.378151 osdx OSDxCLI[165502]: User 'admin' executed a new command: 'system journal clear'. Apr 16 16:11:39.892226 osdx OSDxCLI[165502]: User 'admin' executed a new command: 'system coredump delete all'. Apr 16 16:11:40.310712 osdx OSDxCLI[165502]: User 'admin' entered the configuration menu. Apr 16 16:11:40.382004 osdx OSDxCLI[165502]: User 'admin' added a new cfg line: 'set system conntrack app-detect dictionary 130 custom app-id 155 fqdn 10.215.168.1'. Apr 16 16:11:40.478866 osdx OSDxCLI[165502]: User 'admin' added a new cfg line: 'set system conntrack app-detect enable_dict_match_priv_ip'. Apr 16 16:11:40.544540 osdx OSDxCLI[165502]: User 'admin' added a new cfg line: 'set system conntrack app-detect http-url'. Apr 16 16:11:40.641417 osdx OSDxCLI[165502]: User 'admin' added a new cfg line: 'set traffic selector APPID rule 1 app-detect app-id custom 155'. Apr 16 16:11:40.755808 osdx OSDxCLI[165502]: User 'admin' added a new cfg line: 'set traffic policy DROP rule 1 selector APPID'. Apr 16 16:11:40.840644 osdx OSDxCLI[165502]: User 'admin' added a new cfg line: 'set traffic policy DROP rule 1 action drop'. Apr 16 16:11:41.083042 osdx OSDxCLI[165502]: User 'admin' added a new cfg line: 'set traffic policy DROP rule 1 log app-id'. Apr 16 16:11:41.193638 osdx OSDxCLI[165502]: User 'admin' added a new cfg line: 'set interfaces ethernet eth1 traffic policy out DROP'. Apr 16 16:11:41.253646 osdx OSDxCLI[165502]: User 'admin' added a new cfg line: 'set interfaces ethernet eth1 address 10.215.168.64/24'. Apr 16 16:11:41.344921 osdx OSDxCLI[165502]: User 'admin' added a new cfg line: 'set system conntrack app-detect http-host'. Apr 16 16:11:41.445990 osdx OSDxCLI[165502]: User 'admin' added a new cfg line: 'show working'. Apr 16 16:11:41.559337 osdx ubnt-cfgd[174692]: inactive Apr 16 16:11:41.611459 osdx INFO[174716]: FRR daemons did not change Apr 16 16:11:41.759116 osdx kernel: nfUDPlink: module init Apr 16 16:11:41.759171 osdx kernel: app-detect: module init Apr 16 16:11:41.759181 osdx kernel: app-detect: registered: sysctl net.appdetect Apr 16 16:11:41.759189 osdx kernel: nfUDPlink: connected 127.0.0.1:49000 Apr 16 16:11:41.759202 osdx kernel: nfUDPlink: added destination 127.0.0.1:49000 Apr 16 16:11:41.759214 osdx kernel: app-detect: expression init Apr 16 16:11:41.759228 osdx kernel: app-detect: appid cache initialized (override=yes, chained=yes) Apr 16 16:11:41.759246 osdx kernel: app-detect: cache changes counter set appid_changes_count found (klen=4, dlen=4) Apr 16 16:11:41.788460 osdx INFO[174751]: Updated /etc/default/osdx_tcatd.conf Apr 16 16:11:41.788511 osdx INFO[174751]: Restarting Traffic Categorization (TCATD) service ... Apr 16 16:11:41.815654 osdx systemd[1]: Starting osdx-tcatd.service - App-Detect Traffic Categorization daemon... Apr 16 16:11:41.823880 osdx systemd[1]: Started osdx-tcatd.service - App-Detect Traffic Categorization daemon. Apr 16 16:11:41.859122 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth1 Apr 16 16:11:41.917773 osdx WARNING[174825]: No supported link modes on interface eth1 Apr 16 16:11:41.919359 osdx modulelauncher[174825]: osdx.utils.xos cmd error: /sbin/ethtool -A eth1 autoneg on Apr 16 16:11:41.919380 osdx modulelauncher[174825]: Command '/sbin/ethtool -A eth1 autoneg on' returned non-zero exit status 76. Apr 16 16:11:41.920697 osdx modulelauncher[174825]: osdx.utils.xos cmd error: /sbin/ethtool -s eth1 autoneg on advertise Pause off Asym_Pause off -- Apr 16 16:11:41.920708 osdx modulelauncher[174825]: Command '/sbin/ethtool -s eth1 autoneg on advertise Pause off Asym_Pause off --' returned non-zero exit status 75. Apr 16 16:11:42.127731 osdx cfgd[1833]: [165502]Completed change to active configuration Apr 16 16:11:42.142289 osdx OSDxCLI[165502]: User 'admin' committed the configuration. Apr 16 16:11:42.170407 osdx OSDxCLI[165502]: User 'admin' left the configuration menu. Apr 16 16:11:42.367675 osdx OSDxCLI[165502]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'. Apr 16 16:11:42.571217 osdx file_operation[174905]: using src url: http://10.215.168.1/~robot/ dst url: running://index.html Apr 16 16:11:42.579163 osdx kernel: [DROP-1] DROP IN= OUT=eth1 SRC=10.215.168.64 DST=10.215.168.1 LEN=306 TOS=0x00 PREC=0x00 TTL=64 ID=5629 DF PROTO=TCP SPT=34222 DPT=80 WINDOW=502 RES=0x00 ACK PSH URGP=0 APPDETECT[U6:155 http-url:/~robot/ http-host:10.215.168.1] Apr 16 16:11:42.787246 osdx kernel: [DROP-1] DROP IN= OUT=eth1 SRC=10.215.168.64 DST=10.215.168.1 LEN=306 TOS=0x00 PREC=0x00 TTL=64 ID=5630 DF PROTO=TCP SPT=34222 DPT=80 WINDOW=502 RES=0x00 ACK PSH URGP=0 APPDETECT[U6:155 http-url:/~robot/ http-host:10.215.168.1] Apr 16 16:11:43.215177 osdx kernel: [DROP-1] DROP IN= OUT=eth1 SRC=10.215.168.64 DST=10.215.168.1 LEN=306 TOS=0x00 PREC=0x00 TTL=64 ID=5631 DF PROTO=TCP SPT=34222 DPT=80 WINDOW=502 RES=0x00 ACK PSH URGP=0 APPDETECT[U6:155 http-url:/~robot/ http-host:10.215.168.1] Apr 16 16:11:44.047174 osdx kernel: [DROP-1] DROP IN= OUT=eth1 SRC=10.215.168.64 DST=10.215.168.1 LEN=306 TOS=0x00 PREC=0x00 TTL=64 ID=5632 DF PROTO=TCP SPT=34222 DPT=80 WINDOW=502 RES=0x00 ACK PSH URGP=0 APPDETECT[U6:155 http-url:/~robot/ http-host:10.215.168.1] Apr 16 16:11:45.529480 osdx file_operation.py[174905]: Operation aborted by user. Apr 16 16:11:45.543139 osdx kernel: [DROP-1] DROP IN= OUT=eth1 SRC=10.215.168.64 DST=10.215.168.1 LEN=306 TOS=0x00 PREC=0x00 TTL=64 ID=5633 DF PROTO=TCP SPT=34222 DPT=80 WINDOW=502 RES=0x00 ACK PSH FIN URGP=0 APPDETECT[U6:155 http-url:/~robot/ http-host:10.215.168.1] Apr 16 16:11:45.547816 osdx OSDxCLI[165502]: User 'admin' executed a new command: 'file copy http://10.215.168.1/~robot/ running://index.html force'.
Identity Values
Description
Conntrack identity is able to contain any printed character (max 92 characters) but not spaces
Scenario
Step 1: Run command configure at DUT0 and expect this output:
Show output
admin@osdx#
Step 2: Run command set system conntrack logging identity "he||o w@rld!" at DUT0 and check if output contains the following tokens:
Identity name must be 92 characters or less and must contain printable characters except those defined as part of the space character classShow output
Identity name must be 92 characters or less and must contain printable characters except those defined as part of the space character class Value validation failed CLI Error: Command error
Step 3: Run command set system conntrack logging identity Lorem-ipsum-dolor-sit-amet-consectetur-adipiscing-elit-quisque-lorem-ipsum-dolor-sit-amet-vita at DUT0 and check if output contains the following tokens:
Identity name must be 92 characters or less and must contain printable characters except those defined as part of the space character classShow output
Identity name must be 92 characters or less and must contain printable characters except those defined as part of the space character class Value validation failed CLI Error: Command error
Step 4: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 192.168.100.1/24 set system conntrack logging events all set system conntrack logging identity Lorem-ipsum-dolor-sit-amet-consectetur-adipiscing-elit-quisque-lorem-ipsum-dolor-sit-ame-vit set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 5: Set the following configuration in DUT1 :
set interfaces ethernet eth0 address 192.168.100.2/24 set protocols static route 0.0.0.0/0 next-hop 192.168.100.1 set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 6: Ping IP address 192.168.100.1 from DUT1:
admin@DUT1$ ping 192.168.100.1 count 1 size 56 timeout 1Show output
PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data. 64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=1.00 ms --- 192.168.100.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 1.000/1.000/1.000/0.000 ms
Step 7: Ping IP address 192.168.100.1 from DUT1:
admin@DUT1$ ping 192.168.100.1 count 1 size 56 timeout 1Show output
PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data. 64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.522 ms --- 192.168.100.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.522/0.522/0.522/0.000 ms
Step 8: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:
Lorem-ipsum-dolor-sit-amet-consectetur-adipiscing-elit-quisque-lorem-ipsum-dolor-sit-ame-vit\[.*\]:.*\[((NEW)|(UPDATE)|(DESTROY))\].*SRC=192.168.100.2Show output
Apr 16 16:11:54.362980 osdx systemd-journald[126917]: Runtime Journal (/run/log/journal/a3fecc5be5e949c7a083b0adeea4bb21) is 1.8M, max 13.8M, 11.9M free. Apr 16 16:11:54.365920 osdx systemd-journald[126917]: Received client request to rotate journal, rotating. Apr 16 16:11:54.366002 osdx systemd-journald[126917]: Vacuuming done, freed 0B of archived journals from /run/log/journal/a3fecc5be5e949c7a083b0adeea4bb21. Apr 16 16:11:54.377802 osdx OSDxCLI[165502]: User 'admin' executed a new command: 'system journal clear'. Apr 16 16:11:54.835057 osdx OSDxCLI[165502]: User 'admin' executed a new command: 'system coredump delete all'. Apr 16 16:11:55.142654 osdx OSDxCLI[165502]: User 'admin' entered the configuration menu. Apr 16 16:11:55.235832 osdx cfgd[1833]: [165502]Command output: Identity name must be 92 characters or less and must contain printable characters except those defined as part of the space character class Value validation failed Apr 16 16:11:55.236657 osdx OSDxCLI[165502]: User 'admin' entered an invalid command: 'set system conntrack logging identity "he||o w@rld!"'. Apr 16 16:11:55.317176 osdx cfgd[1833]: [165502]Command output: Identity name must be 92 characters or less and must contain printable characters except those defined as part of the space character class Value validation failed Apr 16 16:11:55.317960 osdx OSDxCLI[165502]: User 'admin' entered an invalid command: 'set system conntrack logging identity Lorem-ipsum-dolor-sit-amet-consectetur-adipiscing-elit-quisque-lorem-ipsum-dolor-sit-amet-vita'. Apr 16 16:11:55.358516 osdx OSDxCLI[165502]: User 'admin' left the configuration menu. Apr 16 16:11:55.591329 osdx OSDxCLI[165502]: User 'admin' entered the configuration menu. Apr 16 16:11:55.735431 osdx OSDxCLI[165502]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 192.168.100.1/24'. Apr 16 16:11:55.825179 osdx OSDxCLI[165502]: User 'admin' added a new cfg line: 'set system conntrack logging events all'. Apr 16 16:11:55.947889 osdx OSDxCLI[165502]: User 'admin' added a new cfg line: 'set system conntrack logging identity Lorem-ipsum-dolor-sit-amet-consectetur-adipiscing-elit-quisque-lorem-ipsum-dolor-sit-ame-vit'. Apr 16 16:11:56.393779 osdx OSDxCLI[165502]: User 'admin' added a new cfg line: 'show working'. Apr 16 16:11:56.497211 osdx ubnt-cfgd[175120]: inactive Apr 16 16:11:56.520495 osdx INFO[175126]: FRR daemons did not change Apr 16 16:11:56.561879 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Apr 16 16:11:56.619502 osdx WARNING[175198]: No supported link modes on interface eth0 Apr 16 16:11:56.621313 osdx modulelauncher[175198]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on Apr 16 16:11:56.621328 osdx modulelauncher[175198]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76. Apr 16 16:11:56.622682 osdx modulelauncher[175198]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Pause off Asym_Pause off -- Apr 16 16:11:56.622692 osdx modulelauncher[175198]: Command '/sbin/ethtool -s eth0 autoneg on advertise Pause off Asym_Pause off --' returned non-zero exit status 75. Apr 16 16:11:56.662363 osdx systemd[1]: Starting ulogd2.service - Netfilter Userspace Logging Daemon... Apr 16 16:11:56.663228 osdx systemd[1]: Started ulogd2.service - Netfilter Userspace Logging Daemon. Apr 16 16:11:56.663376 osdx ulogd[175223]: registering plugin `NFCT' Apr 16 16:11:56.663433 osdx ulogd[175223]: registering plugin `IP2STR' Apr 16 16:11:56.663477 osdx ulogd[175223]: registering plugin `PRINTFLOW' Apr 16 16:11:56.663531 osdx ulogd[175223]: registering plugin `SYSLOG' Apr 16 16:11:56.663535 osdx ulogd[175223]: building new pluginstance stack: 'ct1:NFCT,ip2str1:IP2STR,print1:PRINTFLOW,sys1:SYSLOG' Apr 16 16:11:56.663585 osdx ulogd[175223]: NFCT plugin working in event mode Apr 16 16:11:56.663594 osdx Lorem-ipsum-dolor-sit-amet-consectetur-adipiscing-elit-quisque-lorem-ipsum-dolor-sit-ame-vit[175223]: Changing UID / GID Apr 16 16:11:56.663677 osdx Lorem-ipsum-dolor-sit-amet-consectetur-adipiscing-elit-quisque-lorem-ipsum-dolor-sit-ame-vit[175223]: initialization finished, entering main loop Apr 16 16:11:56.664726 osdx cfgd[1833]: [165502]Completed change to active configuration Apr 16 16:11:56.678172 osdx OSDxCLI[165502]: User 'admin' committed the configuration. Apr 16 16:11:56.707339 osdx OSDxCLI[165502]: User 'admin' left the configuration menu. Apr 16 16:11:57.731185 osdx Lorem-ipsum-dolor-sit-amet-consectetur-adipiscing-elit-quisque-lorem-ipsum-dolor-sit-ame-vit[175223]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 Apr 16 16:11:57.731210 osdx Lorem-ipsum-dolor-sit-amet-consectetur-adipiscing-elit-quisque-lorem-ipsum-dolor-sit-ame-vit[175223]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 Apr 16 16:11:57.868964 osdx Lorem-ipsum-dolor-sit-amet-consectetur-adipiscing-elit-quisque-lorem-ipsum-dolor-sit-ame-vit[175223]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 Apr 16 16:11:57.868996 osdx Lorem-ipsum-dolor-sit-amet-consectetur-adipiscing-elit-quisque-lorem-ipsum-dolor-sit-ame-vit[175223]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0