Logging

The following scenarios show how to configure the conntrack logging option with different traffic policies and services enabled, in order to check that all fields are displayed correctly and all events are captured.

New events

Description

Check NEW sessions events are captured

Scenario

Step 1: Set the following configuration in DUT0 :

set interfaces ethernet eth0 address 192.168.100.1/24
set system conntrack logging events new
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'

Step 2: Set the following configuration in DUT1 :

set interfaces ethernet eth0 address 192.168.100.2/24
set protocols static route 0.0.0.0/0 next-hop 192.168.100.1
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'

Step 3: Ping IP address 192.168.100.1 from DUT1:

admin@DUT1$ ping 192.168.100.1 count 1 size 56 timeout 1

Show output

PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data.
64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.672 ms

--- 192.168.100.1 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 0.672/0.672/0.672/0.000 ms

Step 4: Ping IP address 192.168.100.1 from DUT1:

admin@DUT1$ ping 192.168.100.1 count 1 size 56 timeout 1

Show output

PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data.
64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.483 ms

--- 192.168.100.1 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 0.483/0.483/0.483/0.000 ms

Step 5: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:

ulogd\[.*\]:.*\[NEW\].*SRC=192.168.100.2

Show output

Jun 04 11:08:31.000239 osdx systemd-timedated[57045]: Changed local time to Thu 2026-06-04 11:08:31 UTC
Jun 04 11:08:31.001899 osdx OSDxCLI[31450]: User 'admin' executed a new command: 'set date 2026-06-04 11:08:31'.
Jun 04 11:08:31.002701 osdx systemd-journald[2213]: Time jumped backwards, rotating.
Jun 04 11:08:31.337284 osdx systemd-journald[2213]: Runtime Journal (/run/log/journal/d7b8b58d13984d0bb9acdb87ea6c32f4) is 1.9M, max 13.8M, 11.8M free.
Jun 04 11:08:31.338731 osdx systemd-journald[2213]: Received client request to rotate journal, rotating.
Jun 04 11:08:31.338794 osdx systemd-journald[2213]: Vacuuming done, freed 0B of archived journals from /run/log/journal/d7b8b58d13984d0bb9acdb87ea6c32f4.
Jun 04 11:08:31.349477 osdx OSDxCLI[31450]: User 'admin' executed a new command: 'system journal clear'.
Jun 04 11:08:31.626899 osdx OSDxCLI[31450]: User 'admin' executed a new command: 'system coredump delete all'.
Jun 04 11:08:31.877278 osdx OSDxCLI[31450]: User 'admin' entered the configuration menu.
Jun 04 11:08:31.974346 osdx OSDxCLI[31450]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 192.168.100.1/24'.
Jun 04 11:08:32.038527 osdx OSDxCLI[31450]: User 'admin' added a new cfg line: 'set system conntrack logging events new'.
Jun 04 11:08:32.134098 osdx OSDxCLI[31450]: User 'admin' added a new cfg line: 'show working'.
Jun 04 11:08:32.195363 osdx ubnt-cfgd[57074]: inactive
Jun 04 11:08:32.217623 osdx INFO[57080]: FRR daemons did not change
Jun 04 11:08:32.258706 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0
Jun 04 11:08:32.315099 osdx WARNING[57152]: No supported link modes on interface eth0
Jun 04 11:08:32.316789 osdx modulelauncher[57152]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on
Jun 04 11:08:32.316803 osdx modulelauncher[57152]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76.
Jun 04 11:08:32.318180 osdx modulelauncher[57152]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off --
Jun 04 11:08:32.318190 osdx modulelauncher[57152]: Command '/sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off --' returned non-zero exit status 75.
Jun 04 11:08:32.355206 osdx systemd[1]: Starting ulogd2.service - Netfilter Userspace Logging Daemon...
Jun 04 11:08:32.356303 osdx ulogd[57177]: registering plugin `NFCT'
Jun 04 11:08:32.356167 osdx systemd[1]: Started ulogd2.service - Netfilter Userspace Logging Daemon.
Jun 04 11:08:32.356349 osdx ulogd[57177]: registering plugin `IP2STR'
Jun 04 11:08:32.356392 osdx ulogd[57177]: registering plugin `PRINTFLOW'
Jun 04 11:08:32.356447 osdx ulogd[57177]: registering plugin `SYSLOG'
Jun 04 11:08:32.356451 osdx ulogd[57177]: building new pluginstance stack: 'ct1:NFCT,ip2str1:IP2STR,print1:PRINTFLOW,sys1:SYSLOG'
Jun 04 11:08:32.356509 osdx ulogd[57177]: NFCT plugin working in event mode
Jun 04 11:08:32.356525 osdx ulogd[57177]: Changing UID / GID
Jun 04 11:08:32.356617 osdx ulogd[57177]: initialization finished, entering main loop
Jun 04 11:08:32.358157 osdx cfgd[1850]: [31450]Completed change to active configuration
Jun 04 11:08:32.373521 osdx OSDxCLI[31450]: User 'admin' committed the configuration.
Jun 04 11:08:32.419696 osdx OSDxCLI[31450]: User 'admin' left the configuration menu.
Jun 04 11:08:33.369268 osdx ulogd[57177]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0
Jun 04 11:08:33.455581 osdx ulogd[57177]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0

---

Update events

Description

Check UPDATE sessions events are captured

Scenario

Step 1: Set the following configuration in DUT0 :

set interfaces ethernet eth0 address 192.168.100.1/24
set system conntrack logging events update
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'

Step 2: Set the following configuration in DUT1 :

set interfaces ethernet eth0 address 192.168.100.2/24
set protocols static route 0.0.0.0/0 next-hop 192.168.100.1
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'

Step 3: Ping IP address 192.168.100.1 from DUT1:

admin@DUT1$ ping 192.168.100.1 count 1 size 56 timeout 1

Show output

PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data.
64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.560 ms

--- 192.168.100.1 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 0.560/0.560/0.560/0.000 ms

Step 4: Ping IP address 192.168.100.1 from DUT1:

admin@DUT1$ ping 192.168.100.1 count 1 size 56 timeout 1

Show output

PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data.
64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.380 ms

--- 192.168.100.1 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 0.380/0.380/0.380/0.000 ms

Step 5: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:

ulogd\[.*\]:.*\[UPDATE\].*SRC=192.168.100.2

Show output

Jun 04 11:08:38.316239 osdx systemd-journald[2213]: Runtime Journal (/run/log/journal/d7b8b58d13984d0bb9acdb87ea6c32f4) is 2.0M, max 13.8M, 11.8M free.
Jun 04 11:08:38.318831 osdx systemd-journald[2213]: Received client request to rotate journal, rotating.
Jun 04 11:08:38.318909 osdx systemd-journald[2213]: Vacuuming done, freed 0B of archived journals from /run/log/journal/d7b8b58d13984d0bb9acdb87ea6c32f4.
Jun 04 11:08:38.329250 osdx OSDxCLI[31450]: User 'admin' executed a new command: 'system journal clear'.
Jun 04 11:08:38.560143 osdx OSDxCLI[31450]: User 'admin' executed a new command: 'system coredump delete all'.
Jun 04 11:08:38.814025 osdx OSDxCLI[31450]: User 'admin' entered the configuration menu.
Jun 04 11:08:38.913269 osdx OSDxCLI[31450]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 192.168.100.1/24'.
Jun 04 11:08:38.995437 osdx OSDxCLI[31450]: User 'admin' added a new cfg line: 'set system conntrack logging events update'.
Jun 04 11:08:39.148403 osdx OSDxCLI[31450]: User 'admin' added a new cfg line: 'show working'.
Jun 04 11:08:39.211199 osdx ubnt-cfgd[57378]: inactive
Jun 04 11:08:39.232281 osdx INFO[57384]: FRR daemons did not change
Jun 04 11:08:39.266822 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0
Jun 04 11:08:39.314927 osdx WARNING[57456]: No supported link modes on interface eth0
Jun 04 11:08:39.316752 osdx modulelauncher[57456]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on
Jun 04 11:08:39.316766 osdx modulelauncher[57456]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76.
Jun 04 11:08:39.318241 osdx modulelauncher[57456]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off --
Jun 04 11:08:39.318251 osdx modulelauncher[57456]: Command '/sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off --' returned non-zero exit status 75.
Jun 04 11:08:39.367210 osdx systemd[1]: Starting ulogd2.service - Netfilter Userspace Logging Daemon...
Jun 04 11:08:39.367975 osdx systemd[1]: Started ulogd2.service - Netfilter Userspace Logging Daemon.
Jun 04 11:08:39.368090 osdx ulogd[57481]: registering plugin `NFCT'
Jun 04 11:08:39.368137 osdx ulogd[57481]: registering plugin `IP2STR'
Jun 04 11:08:39.368178 osdx ulogd[57481]: registering plugin `PRINTFLOW'
Jun 04 11:08:39.368218 osdx ulogd[57481]: registering plugin `SYSLOG'
Jun 04 11:08:39.368221 osdx ulogd[57481]: building new pluginstance stack: 'ct1:NFCT,ip2str1:IP2STR,print1:PRINTFLOW,sys1:SYSLOG'
Jun 04 11:08:39.368264 osdx ulogd[57481]: NFCT plugin working in event mode
Jun 04 11:08:39.368273 osdx ulogd[57481]: Changing UID / GID
Jun 04 11:08:39.368344 osdx ulogd[57481]: initialization finished, entering main loop
Jun 04 11:08:39.369497 osdx cfgd[1850]: [31450]Completed change to active configuration
Jun 04 11:08:39.383232 osdx OSDxCLI[31450]: User 'admin' committed the configuration.
Jun 04 11:08:39.415178 osdx OSDxCLI[31450]: User 'admin' left the configuration menu.
Jun 04 11:08:40.314504 osdx ulogd[57481]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0
Jun 04 11:08:40.401105 osdx ulogd[57481]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0

---

Destroy events

Description

Check DESTROY sessions events are captured

Scenario

Step 1: Set the following configuration in DUT0 :

set interfaces ethernet eth0 address 192.168.100.1/24
set service ssh
set system conntrack logging events destroy
set system conntrack timeout icmp 1
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'

Step 2: Set the following configuration in DUT1 :

set interfaces ethernet eth0 address 192.168.100.2/24
set protocols static route 0.0.0.0/0 next-hop 192.168.100.1
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'

Step 3: Ping IP address 192.168.100.1 from DUT1:

admin@DUT1$ ping 192.168.100.1 count 1 size 56 timeout 1

Show output

PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data.
64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.769 ms

--- 192.168.100.1 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 0.769/0.769/0.769/0.000 ms

Step 4: Ping IP address 192.168.100.1 from DUT1:

admin@DUT1$ ping 192.168.100.1 count 3 size 56 timeout 1

Show output

PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data.
64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.693 ms
64 bytes from 192.168.100.1: icmp_seq=2 ttl=64 time=0.245 ms
64 bytes from 192.168.100.1: icmp_seq=3 ttl=64 time=0.280 ms

--- 192.168.100.1 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2034ms
rtt min/avg/max/mdev = 0.245/0.406/0.693/0.203 ms

Step 5: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:

ulogd\[.*\]:.*\[DESTROY\].*SRC=192.168.100.2

Show output

Jun 04 11:08:46.349507 osdx systemd-journald[2213]: Runtime Journal (/run/log/journal/d7b8b58d13984d0bb9acdb87ea6c32f4) is 1.9M, max 13.8M, 11.9M free.
Jun 04 11:08:46.350458 osdx systemd-journald[2213]: Received client request to rotate journal, rotating.
Jun 04 11:08:46.350539 osdx systemd-journald[2213]: Vacuuming done, freed 0B of archived journals from /run/log/journal/d7b8b58d13984d0bb9acdb87ea6c32f4.
Jun 04 11:08:46.362706 osdx OSDxCLI[31450]: User 'admin' executed a new command: 'system journal clear'.
Jun 04 11:08:46.674412 osdx OSDxCLI[31450]: User 'admin' executed a new command: 'system coredump delete all'.
Jun 04 11:08:46.959430 osdx OSDxCLI[31450]: User 'admin' entered the configuration menu.
Jun 04 11:08:47.055737 osdx OSDxCLI[31450]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 192.168.100.1/24'.
Jun 04 11:08:47.153387 osdx OSDxCLI[31450]: User 'admin' added a new cfg line: 'set system conntrack logging events destroy'.
Jun 04 11:08:47.251304 osdx OSDxCLI[31450]: User 'admin' added a new cfg line: 'set system conntrack timeout icmp 1'.
Jun 04 11:08:47.322012 osdx OSDxCLI[31450]: User 'admin' added a new cfg line: 'set service ssh'.
Jun 04 11:08:47.432506 osdx OSDxCLI[31450]: User 'admin' added a new cfg line: 'show working'.
Jun 04 11:08:47.493641 osdx ubnt-cfgd[57684]: inactive
Jun 04 11:08:47.585025 osdx INFO[57705]: FRR daemons did not change
Jun 04 11:08:47.622473 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0
Jun 04 11:08:47.668964 osdx WARNING[57779]: No supported link modes on interface eth0
Jun 04 11:08:47.670526 osdx modulelauncher[57779]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on
Jun 04 11:08:47.670540 osdx modulelauncher[57779]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76.
Jun 04 11:08:47.672002 osdx modulelauncher[57779]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off --
Jun 04 11:08:47.672012 osdx modulelauncher[57779]: Command '/sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off --' returned non-zero exit status 75.
Jun 04 11:08:47.726814 osdx systemd[1]: Starting ulogd2.service - Netfilter Userspace Logging Daemon...
Jun 04 11:08:47.727938 osdx systemd[1]: Started ulogd2.service - Netfilter Userspace Logging Daemon.
Jun 04 11:08:47.728031 osdx ulogd[57804]: registering plugin `NFCT'
Jun 04 11:08:47.728075 osdx ulogd[57804]: registering plugin `IP2STR'
Jun 04 11:08:47.728115 osdx ulogd[57804]: registering plugin `PRINTFLOW'
Jun 04 11:08:47.728165 osdx ulogd[57804]: registering plugin `SYSLOG'
Jun 04 11:08:47.728169 osdx ulogd[57804]: building new pluginstance stack: 'ct1:NFCT,ip2str1:IP2STR,print1:PRINTFLOW,sys1:SYSLOG'
Jun 04 11:08:47.728220 osdx ulogd[57804]: NFCT plugin working in event mode
Jun 04 11:08:47.728230 osdx ulogd[57804]: Changing UID / GID
Jun 04 11:08:47.728321 osdx ulogd[57804]: initialization finished, entering main loop
Jun 04 11:08:47.790768 osdx systemd[1]: Starting ssh.service - OpenBSD Secure Shell server...
Jun 04 11:08:47.804933 osdx sshd[57825]: Server listening on 0.0.0.0 port 22.
Jun 04 11:08:47.804963 osdx sshd[57825]: Server listening on :: port 22.
Jun 04 11:08:47.805074 osdx systemd[1]: Started ssh.service - OpenBSD Secure Shell server.
Jun 04 11:08:47.806111 osdx cfgd[1850]: [31450]Completed change to active configuration
Jun 04 11:08:47.820942 osdx OSDxCLI[31450]: User 'admin' committed the configuration.
Jun 04 11:08:47.849372 osdx OSDxCLI[31450]: User 'admin' left the configuration menu.
Jun 04 11:08:50.006428 osdx ulogd[57804]: [DESTROY] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84
Jun 04 11:08:51.030455 osdx ulogd[57804]: [DESTROY] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84

---

Default logging

Description

Set a simple configuration, send a ping command from one device to other and check that default fields appear when running system journal show.

Scenario

Step 1: Set the following configuration in DUT0 :

set interfaces ethernet eth0 address 192.168.100.1/24
set system conntrack logging events all
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'

Step 2: Set the following configuration in DUT1 :

set interfaces ethernet eth0 address 192.168.100.2/24
set protocols static route 0.0.0.0/0 next-hop 192.168.100.1
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'

Step 3: Ping IP address 192.168.100.1 from DUT1:

admin@DUT1$ ping 192.168.100.1 count 1 size 56 timeout 1

Show output

PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data.
64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.659 ms

--- 192.168.100.1 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 0.659/0.659/0.659/0.000 ms

Step 4: Ping IP address 192.168.100.1 from DUT1:

admin@DUT1$ ping 192.168.100.1 count 1 size 56 timeout 1

Show output

PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data.
64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.615 ms

--- 192.168.100.1 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 0.615/0.615/0.615/0.000 ms

Step 5: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:

ulogd\[.*\]:.*\[((NEW)|(UPDATE)|(DESTROY))\].*SRC=192.168.100.2

Show output

Jun 04 11:08:58.304607 osdx systemd-journald[2213]: Runtime Journal (/run/log/journal/d7b8b58d13984d0bb9acdb87ea6c32f4) is 1.8M, max 13.8M, 11.9M free.
Jun 04 11:08:58.308661 osdx systemd-journald[2213]: Received client request to rotate journal, rotating.
Jun 04 11:08:58.308717 osdx systemd-journald[2213]: Vacuuming done, freed 0B of archived journals from /run/log/journal/d7b8b58d13984d0bb9acdb87ea6c32f4.
Jun 04 11:08:58.316035 osdx OSDxCLI[31450]: User 'admin' executed a new command: 'system journal clear'.
Jun 04 11:08:58.569143 osdx OSDxCLI[31450]: User 'admin' executed a new command: 'system coredump delete all'.
Jun 04 11:08:58.831454 osdx OSDxCLI[31450]: User 'admin' entered the configuration menu.
Jun 04 11:08:58.937714 osdx OSDxCLI[31450]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 192.168.100.1/24'.
Jun 04 11:08:59.001632 osdx OSDxCLI[31450]: User 'admin' added a new cfg line: 'set system conntrack logging events all'.
Jun 04 11:08:59.097116 osdx OSDxCLI[31450]: User 'admin' added a new cfg line: 'show working'.
Jun 04 11:08:59.168808 osdx ubnt-cfgd[58052]: inactive
Jun 04 11:08:59.190028 osdx INFO[58058]: FRR daemons did not change
Jun 04 11:08:59.224648 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0
Jun 04 11:08:59.265707 osdx WARNING[58130]: No supported link modes on interface eth0
Jun 04 11:08:59.267676 osdx modulelauncher[58130]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on
Jun 04 11:08:59.267693 osdx modulelauncher[58130]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76.
Jun 04 11:08:59.269108 osdx modulelauncher[58130]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off --
Jun 04 11:08:59.269120 osdx modulelauncher[58130]: Command '/sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off --' returned non-zero exit status 75.
Jun 04 11:08:59.321025 osdx systemd[1]: Starting ulogd2.service - Netfilter Userspace Logging Daemon...
Jun 04 11:08:59.321980 osdx systemd[1]: Started ulogd2.service - Netfilter Userspace Logging Daemon.
Jun 04 11:08:59.322072 osdx ulogd[58155]: registering plugin `NFCT'
Jun 04 11:08:59.322111 osdx ulogd[58155]: registering plugin `IP2STR'
Jun 04 11:08:59.322158 osdx ulogd[58155]: registering plugin `PRINTFLOW'
Jun 04 11:08:59.322206 osdx ulogd[58155]: registering plugin `SYSLOG'
Jun 04 11:08:59.322211 osdx ulogd[58155]: building new pluginstance stack: 'ct1:NFCT,ip2str1:IP2STR,print1:PRINTFLOW,sys1:SYSLOG'
Jun 04 11:08:59.322260 osdx ulogd[58155]: NFCT plugin working in event mode
Jun 04 11:08:59.322270 osdx ulogd[58155]: Changing UID / GID
Jun 04 11:08:59.322352 osdx ulogd[58155]: initialization finished, entering main loop
Jun 04 11:08:59.323483 osdx cfgd[1850]: [31450]Completed change to active configuration
Jun 04 11:08:59.336445 osdx OSDxCLI[31450]: User 'admin' committed the configuration.
Jun 04 11:08:59.358908 osdx OSDxCLI[31450]: User 'admin' left the configuration menu.
Jun 04 11:09:00.143393 osdx ulogd[58155]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0
Jun 04 11:09:00.143412 osdx ulogd[58155]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0
Jun 04 11:09:00.227005 osdx ulogd[58155]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0
Jun 04 11:09:00.227026 osdx ulogd[58155]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0

---

Identity logging

Description

Set a simple configuration with identity OSDx_DUT0 for logs entries, send a ping command from one device to other and check that the identity has changed when running system journal show.

Scenario

Step 1: Set the following configuration in DUT0 :

set interfaces ethernet eth0 address 192.168.100.1/24
set system conntrack logging events all
set system conntrack logging identity OSDx_DUT0
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'

Step 2: Set the following configuration in DUT1 :

set interfaces ethernet eth0 address 192.168.100.2/24
set protocols static route 0.0.0.0/0 next-hop 192.168.100.1
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'

Step 3: Ping IP address 192.168.100.1 from DUT1:

admin@DUT1$ ping 192.168.100.1 count 1 size 56 timeout 1

Show output

PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data.
64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.826 ms

--- 192.168.100.1 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 0.826/0.826/0.826/0.000 ms

Step 4: Ping IP address 192.168.100.1 from DUT1:

admin@DUT1$ ping 192.168.100.1 count 1 size 56 timeout 1

Show output

PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data.
64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.266 ms

--- 192.168.100.1 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 0.266/0.266/0.266/0.000 ms

Step 5: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:

OSDx_DUT0\[.*\]:.*\[((NEW)|(UPDATE)|(DESTROY))\].*SRC=192.168.100.2

Show output

Jun 04 11:09:05.305602 osdx systemd-journald[2213]: Runtime Journal (/run/log/journal/d7b8b58d13984d0bb9acdb87ea6c32f4) is 1.8M, max 13.8M, 11.9M free.
Jun 04 11:09:05.307402 osdx systemd-journald[2213]: Received client request to rotate journal, rotating.
Jun 04 11:09:05.307469 osdx systemd-journald[2213]: Vacuuming done, freed 0B of archived journals from /run/log/journal/d7b8b58d13984d0bb9acdb87ea6c32f4.
Jun 04 11:09:05.316565 osdx OSDxCLI[31450]: User 'admin' executed a new command: 'system journal clear'.
Jun 04 11:09:05.523163 osdx OSDxCLI[31450]: User 'admin' executed a new command: 'system coredump delete all'.
Jun 04 11:09:05.739338 osdx OSDxCLI[31450]: User 'admin' entered the configuration menu.
Jun 04 11:09:05.825026 osdx OSDxCLI[31450]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 192.168.100.1/24'.
Jun 04 11:09:05.897703 osdx OSDxCLI[31450]: User 'admin' added a new cfg line: 'set system conntrack logging events all'.
Jun 04 11:09:06.007257 osdx OSDxCLI[31450]: User 'admin' added a new cfg line: 'set system conntrack logging identity OSDx_DUT0'.
Jun 04 11:09:06.104935 osdx OSDxCLI[31450]: User 'admin' added a new cfg line: 'show working'.
Jun 04 11:09:06.198867 osdx ubnt-cfgd[58357]: inactive
Jun 04 11:09:06.223177 osdx INFO[58363]: FRR daemons did not change
Jun 04 11:09:06.259408 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0
Jun 04 11:09:06.310789 osdx WARNING[58435]: No supported link modes on interface eth0
Jun 04 11:09:06.312216 osdx modulelauncher[58435]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on
Jun 04 11:09:06.312234 osdx modulelauncher[58435]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76.
Jun 04 11:09:06.313374 osdx modulelauncher[58435]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off --
Jun 04 11:09:06.313384 osdx modulelauncher[58435]: Command '/sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off --' returned non-zero exit status 75.
Jun 04 11:09:06.351789 osdx systemd[1]: Starting ulogd2.service - Netfilter Userspace Logging Daemon...
Jun 04 11:09:06.352968 osdx systemd[1]: Started ulogd2.service - Netfilter Userspace Logging Daemon.
Jun 04 11:09:06.352982 osdx ulogd[58460]: registering plugin `NFCT'
Jun 04 11:09:06.353017 osdx ulogd[58460]: registering plugin `IP2STR'
Jun 04 11:09:06.353052 osdx ulogd[58460]: registering plugin `PRINTFLOW'
Jun 04 11:09:06.353090 osdx ulogd[58460]: registering plugin `SYSLOG'
Jun 04 11:09:06.353094 osdx ulogd[58460]: building new pluginstance stack: 'ct1:NFCT,ip2str1:IP2STR,print1:PRINTFLOW,sys1:SYSLOG'
Jun 04 11:09:06.353134 osdx ulogd[58460]: NFCT plugin working in event mode
Jun 04 11:09:06.353149 osdx OSDx_DUT0[58460]: Changing UID / GID
Jun 04 11:09:06.353222 osdx OSDx_DUT0[58460]: initialization finished, entering main loop
Jun 04 11:09:06.354719 osdx cfgd[1850]: [31450]Completed change to active configuration
Jun 04 11:09:06.369037 osdx OSDxCLI[31450]: User 'admin' committed the configuration.
Jun 04 11:09:06.385784 osdx OSDxCLI[31450]: User 'admin' left the configuration menu.
Jun 04 11:09:07.239654 osdx OSDx_DUT0[58460]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0
Jun 04 11:09:07.239676 osdx OSDx_DUT0[58460]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0
Jun 04 11:09:07.331499 osdx OSDx_DUT0[58460]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0
Jun 04 11:09:07.331517 osdx OSDx_DUT0[58460]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0

Note

If the identity is not provided, “ulogd” will be used by default.

Step 6: Modify the following configuration lines in DUT0 :

delete system conntrack logging identity

Step 7: Ping IP address 192.168.100.1 from DUT1:

admin@DUT1$ ping 192.168.100.1 count 1 size 56 timeout 1

Show output

PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data.
64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.409 ms

--- 192.168.100.1 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 0.409/0.409/0.409/0.000 ms

Step 8: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:

ulogd\[.*\]:.*\[((NEW)|(UPDATE)|(DESTROY))\].*SRC=192.168.100.2

Show output

Jun 04 11:09:05.305602 osdx systemd-journald[2213]: Runtime Journal (/run/log/journal/d7b8b58d13984d0bb9acdb87ea6c32f4) is 1.8M, max 13.8M, 11.9M free.
Jun 04 11:09:05.307402 osdx systemd-journald[2213]: Received client request to rotate journal, rotating.
Jun 04 11:09:05.307469 osdx systemd-journald[2213]: Vacuuming done, freed 0B of archived journals from /run/log/journal/d7b8b58d13984d0bb9acdb87ea6c32f4.
Jun 04 11:09:05.316565 osdx OSDxCLI[31450]: User 'admin' executed a new command: 'system journal clear'.
Jun 04 11:09:05.523163 osdx OSDxCLI[31450]: User 'admin' executed a new command: 'system coredump delete all'.
Jun 04 11:09:05.739338 osdx OSDxCLI[31450]: User 'admin' entered the configuration menu.
Jun 04 11:09:05.825026 osdx OSDxCLI[31450]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 192.168.100.1/24'.
Jun 04 11:09:05.897703 osdx OSDxCLI[31450]: User 'admin' added a new cfg line: 'set system conntrack logging events all'.
Jun 04 11:09:06.007257 osdx OSDxCLI[31450]: User 'admin' added a new cfg line: 'set system conntrack logging identity OSDx_DUT0'.
Jun 04 11:09:06.104935 osdx OSDxCLI[31450]: User 'admin' added a new cfg line: 'show working'.
Jun 04 11:09:06.198867 osdx ubnt-cfgd[58357]: inactive
Jun 04 11:09:06.223177 osdx INFO[58363]: FRR daemons did not change
Jun 04 11:09:06.259408 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0
Jun 04 11:09:06.310789 osdx WARNING[58435]: No supported link modes on interface eth0
Jun 04 11:09:06.312216 osdx modulelauncher[58435]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on
Jun 04 11:09:06.312234 osdx modulelauncher[58435]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76.
Jun 04 11:09:06.313374 osdx modulelauncher[58435]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off --
Jun 04 11:09:06.313384 osdx modulelauncher[58435]: Command '/sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off --' returned non-zero exit status 75.
Jun 04 11:09:06.351789 osdx systemd[1]: Starting ulogd2.service - Netfilter Userspace Logging Daemon...
Jun 04 11:09:06.352968 osdx systemd[1]: Started ulogd2.service - Netfilter Userspace Logging Daemon.
Jun 04 11:09:06.352982 osdx ulogd[58460]: registering plugin `NFCT'
Jun 04 11:09:06.353017 osdx ulogd[58460]: registering plugin `IP2STR'
Jun 04 11:09:06.353052 osdx ulogd[58460]: registering plugin `PRINTFLOW'
Jun 04 11:09:06.353090 osdx ulogd[58460]: registering plugin `SYSLOG'
Jun 04 11:09:06.353094 osdx ulogd[58460]: building new pluginstance stack: 'ct1:NFCT,ip2str1:IP2STR,print1:PRINTFLOW,sys1:SYSLOG'
Jun 04 11:09:06.353134 osdx ulogd[58460]: NFCT plugin working in event mode
Jun 04 11:09:06.353149 osdx OSDx_DUT0[58460]: Changing UID / GID
Jun 04 11:09:06.353222 osdx OSDx_DUT0[58460]: initialization finished, entering main loop
Jun 04 11:09:06.354719 osdx cfgd[1850]: [31450]Completed change to active configuration
Jun 04 11:09:06.369037 osdx OSDxCLI[31450]: User 'admin' committed the configuration.
Jun 04 11:09:06.385784 osdx OSDxCLI[31450]: User 'admin' left the configuration menu.
Jun 04 11:09:07.239654 osdx OSDx_DUT0[58460]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0
Jun 04 11:09:07.239676 osdx OSDx_DUT0[58460]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0
Jun 04 11:09:07.331499 osdx OSDx_DUT0[58460]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0
Jun 04 11:09:07.331517 osdx OSDx_DUT0[58460]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0
Jun 04 11:09:07.454547 osdx OSDxCLI[31450]: User 'admin' executed a new command: 'system journal show | cat'.
Jun 04 11:09:07.665877 osdx OSDxCLI[31450]: User 'admin' entered the configuration menu.
Jun 04 11:09:07.733094 osdx OSDxCLI[31450]: User 'admin' added a new cfg line: 'delete system conntrack logging identity'.
Jun 04 11:09:07.844610 osdx OSDxCLI[31450]: User 'admin' added a new cfg line: 'show changes'.
Jun 04 11:09:07.914596 osdx ubnt-cfgd[58497]: inactive
Jun 04 11:09:07.931610 osdx INFO[58503]: FRR daemons did not change
Jun 04 11:09:07.942084 osdx OSDx_DUT0[58460]: Terminal signal received, exiting
Jun 04 11:09:07.942226 osdx systemd[1]: Stopping ulogd2.service - Netfilter Userspace Logging Daemon...
Jun 04 11:09:07.942678 osdx systemd[1]: ulogd2.service: Deactivated successfully.
Jun 04 11:09:07.942801 osdx systemd[1]: Stopped ulogd2.service - Netfilter Userspace Logging Daemon.
Jun 04 11:09:07.975632 osdx systemd[1]: Starting ulogd2.service - Netfilter Userspace Logging Daemon...
Jun 04 11:09:07.976349 osdx systemd[1]: Started ulogd2.service - Netfilter Userspace Logging Daemon.
Jun 04 11:09:07.976506 osdx ulogd[58512]: registering plugin `NFCT'
Jun 04 11:09:07.976542 osdx ulogd[58512]: registering plugin `IP2STR'
Jun 04 11:09:07.976573 osdx ulogd[58512]: registering plugin `PRINTFLOW'
Jun 04 11:09:07.976613 osdx ulogd[58512]: registering plugin `SYSLOG'
Jun 04 11:09:07.976616 osdx ulogd[58512]: building new pluginstance stack: 'ct1:NFCT,ip2str1:IP2STR,print1:PRINTFLOW,sys1:SYSLOG'
Jun 04 11:09:07.976658 osdx ulogd[58512]: NFCT plugin working in event mode
Jun 04 11:09:07.976664 osdx ulogd[58512]: Changing UID / GID
Jun 04 11:09:07.976732 osdx ulogd[58512]: initialization finished, entering main loop
Jun 04 11:09:07.977831 osdx cfgd[1850]: [31450]Completed change to active configuration
Jun 04 11:09:07.979917 osdx ulogd[58512]: [DESTROY] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84
Jun 04 11:09:07.979937 osdx ulogd[58512]: [DESTROY] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84
Jun 04 11:09:07.980485 osdx OSDxCLI[31450]: User 'admin' committed the configuration.
Jun 04 11:09:08.026558 osdx OSDxCLI[31450]: User 'admin' left the configuration menu.
Jun 04 11:09:08.184539 osdx ulogd[58512]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0
Jun 04 11:09:08.184561 osdx ulogd[58512]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0

---

Policies logging

Description

Set a simple configuration with mark and label traffic policies, send a ping command from one device to other and check that default, mark and label fields appear when running system journal show.

Scenario

Step 1: Set the following configuration in DUT0 :

set interfaces ethernet eth0 address 192.168.100.1/24
set interfaces ethernet eth0 traffic policy in POLICY
set system conntrack logging events all
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
set traffic label TEST
set traffic policy POLICY rule 1 set connmark 33
set traffic policy POLICY rule 1 set label TEST

Step 2: Set the following configuration in DUT1 :

set interfaces ethernet eth0 address 192.168.100.2/24
set protocols static route 0.0.0.0/0 next-hop 192.168.100.1
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'

Step 3: Ping IP address 192.168.100.1 from DUT1:

admin@DUT1$ ping 192.168.100.1 count 1 size 56 timeout 1

Show output

PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data.
64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.719 ms

--- 192.168.100.1 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 0.719/0.719/0.719/0.000 ms

Step 4: Ping IP address 192.168.100.1 from DUT1:

admin@DUT1$ ping 192.168.100.1 count 2 size 56 timeout 1

Show output

PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data.
64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.447 ms
64 bytes from 192.168.100.1: icmp_seq=2 ttl=64 time=0.251 ms

--- 192.168.100.1 ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1007ms
rtt min/avg/max/mdev = 0.251/0.349/0.447/0.098 ms

Step 5: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:

ulogd\[.*\]:.*\[((NEW)|(UPDATE)|(DESTROY))\].*MARK=33.*LABELS=TEST

Show output

Jun 04 11:09:12.340753 osdx systemd-journald[2213]: Runtime Journal (/run/log/journal/d7b8b58d13984d0bb9acdb87ea6c32f4) is 1.8M, max 13.8M, 11.9M free.
Jun 04 11:09:12.341193 osdx systemd-journald[2213]: Received client request to rotate journal, rotating.
Jun 04 11:09:12.341230 osdx systemd-journald[2213]: Vacuuming done, freed 0B of archived journals from /run/log/journal/d7b8b58d13984d0bb9acdb87ea6c32f4.
Jun 04 11:09:12.351185 osdx OSDxCLI[31450]: User 'admin' executed a new command: 'system journal clear'.
Jun 04 11:09:12.572251 osdx OSDxCLI[31450]: User 'admin' executed a new command: 'system coredump delete all'.
Jun 04 11:09:12.834166 osdx OSDxCLI[31450]: User 'admin' entered the configuration menu.
Jun 04 11:09:12.966076 osdx OSDxCLI[31450]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 traffic policy in POLICY'.
Jun 04 11:09:13.020404 osdx OSDxCLI[31450]: User 'admin' added a new cfg line: 'set traffic label TEST'.
Jun 04 11:09:13.109307 osdx OSDxCLI[31450]: User 'admin' added a new cfg line: 'set traffic policy POLICY rule 1 set connmark 33'.
Jun 04 11:09:13.174390 osdx OSDxCLI[31450]: User 'admin' added a new cfg line: 'set traffic policy POLICY rule 1 set label TEST'.
Jun 04 11:09:13.288656 osdx OSDxCLI[31450]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 192.168.100.1/24'.
Jun 04 11:09:13.368248 osdx OSDxCLI[31450]: User 'admin' added a new cfg line: 'set system conntrack logging events all'.
Jun 04 11:09:13.495171 osdx OSDxCLI[31450]: User 'admin' added a new cfg line: 'show working'.
Jun 04 11:09:13.563796 osdx ubnt-cfgd[58692]: inactive
Jun 04 11:09:13.599401 osdx INFO[58706]: FRR daemons did not change
Jun 04 11:09:13.633187 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0
Jun 04 11:09:13.680774 osdx WARNING[58778]: No supported link modes on interface eth0
Jun 04 11:09:13.682493 osdx modulelauncher[58778]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on
Jun 04 11:09:13.682507 osdx modulelauncher[58778]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76.
Jun 04 11:09:13.683884 osdx modulelauncher[58778]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off --
Jun 04 11:09:13.683895 osdx modulelauncher[58778]: Command '/sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off --' returned non-zero exit status 75.
Jun 04 11:09:13.793639 osdx systemd[1]: Starting ulogd2.service - Netfilter Userspace Logging Daemon...
Jun 04 11:09:13.794466 osdx systemd[1]: Started ulogd2.service - Netfilter Userspace Logging Daemon.
Jun 04 11:09:13.794653 osdx ulogd[58803]: registering plugin `NFCT'
Jun 04 11:09:13.794702 osdx ulogd[58803]: registering plugin `IP2STR'
Jun 04 11:09:13.794744 osdx ulogd[58803]: registering plugin `PRINTFLOW'
Jun 04 11:09:13.794788 osdx ulogd[58803]: registering plugin `SYSLOG'
Jun 04 11:09:13.794792 osdx ulogd[58803]: building new pluginstance stack: 'ct1:NFCT,ip2str1:IP2STR,print1:PRINTFLOW,sys1:SYSLOG'
Jun 04 11:09:13.794840 osdx ulogd[58803]: NFCT plugin working in event mode
Jun 04 11:09:13.794850 osdx ulogd[58803]: Changing UID / GID
Jun 04 11:09:13.794946 osdx ulogd[58803]: initialization finished, entering main loop
Jun 04 11:09:13.806445 osdx ulogd[58803]: Terminal signal received, exiting
Jun 04 11:09:13.806593 osdx systemd[1]: Stopping ulogd2.service - Netfilter Userspace Logging Daemon...
Jun 04 11:09:13.806880 osdx systemd[1]: ulogd2.service: Deactivated successfully.
Jun 04 11:09:13.807277 osdx systemd[1]: Stopped ulogd2.service - Netfilter Userspace Logging Daemon.
Jun 04 11:09:13.808533 osdx systemd[1]: Starting ulogd2.service - Netfilter Userspace Logging Daemon...
Jun 04 11:09:13.810529 osdx systemd[1]: Started ulogd2.service - Netfilter Userspace Logging Daemon.
Jun 04 11:09:13.809969 osdx ulogd[58809]: registering plugin `NFCT'
Jun 04 11:09:13.810018 osdx ulogd[58809]: registering plugin `IP2STR'
Jun 04 11:09:13.810060 osdx ulogd[58809]: registering plugin `PRINTFLOW'
Jun 04 11:09:13.810112 osdx ulogd[58809]: registering plugin `SYSLOG'
Jun 04 11:09:13.810116 osdx ulogd[58809]: building new pluginstance stack: 'ct1:NFCT,ip2str1:IP2STR,print1:PRINTFLOW,sys1:SYSLOG'
Jun 04 11:09:13.810165 osdx ulogd[58809]: NFCT plugin working in event mode
Jun 04 11:09:13.810176 osdx ulogd[58809]: Changing UID / GID
Jun 04 11:09:13.810253 osdx ulogd[58809]: initialization finished, entering main loop
Jun 04 11:09:14.004980 osdx cfgd[1850]: [31450]Completed change to active configuration
Jun 04 11:09:14.017500 osdx OSDxCLI[31450]: User 'admin' committed the configuration.
Jun 04 11:09:14.042342 osdx OSDxCLI[31450]: User 'admin' left the configuration menu.
Jun 04 11:09:15.021432 osdx ulogd[58809]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 MARK=33 LABELS=TEST
Jun 04 11:09:15.021456 osdx ulogd[58809]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 MARK=33
Jun 04 11:09:15.145805 osdx ulogd[58809]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 MARK=33 LABELS=TEST
Jun 04 11:09:15.145830 osdx ulogd[58809]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 MARK=33

---

VRF logging

Description

Set a simple configuration with a vrf, send a ping command from one device to other and check that default and vrf fields appear when running system journal show.

Scenario

Step 1: Set the following configuration in DUT0 :

set interfaces ethernet eth0 address 192.168.100.1/24
set interfaces ethernet eth0 vrf RED
set protocols vrf RED static route 0.0.0.0/0 next-hop 192.168.100.2
set system conntrack logging events all
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
set system vrf RED

Step 2: Set the following configuration in DUT1 :

set interfaces ethernet eth0 address 192.168.100.2/24
set protocols static route 0.0.0.0/0 next-hop 192.168.100.1
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'

Step 3: Ping IP address 192.168.100.1 from DUT1:

admin@DUT1$ ping 192.168.100.1 count 1 size 56 timeout 1

Show output

PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data.
64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.328 ms

--- 192.168.100.1 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 0.328/0.328/0.328/0.000 ms

Step 4: Ping IP address 192.168.100.1 from DUT1:

admin@DUT1$ ping 192.168.100.1 count 1 size 56 timeout 1

Show output

PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data.
64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.649 ms

--- 192.168.100.1 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 0.649/0.649/0.649/0.000 ms

Step 5: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:

ulogd\[.*\]:.*\[((NEW)|(UPDATE)|(DESTROY))\].*VRF=RED

Show output

Jun 04 11:09:21.308426 osdx systemd-journald[2213]: Runtime Journal (/run/log/journal/d7b8b58d13984d0bb9acdb87ea6c32f4) is 2.3M, max 13.8M, 11.5M free.
Jun 04 11:09:21.310692 osdx systemd-journald[2213]: Received client request to rotate journal, rotating.
Jun 04 11:09:21.310744 osdx systemd-journald[2213]: Vacuuming done, freed 0B of archived journals from /run/log/journal/d7b8b58d13984d0bb9acdb87ea6c32f4.
Jun 04 11:09:21.320537 osdx OSDxCLI[31450]: User 'admin' executed a new command: 'system journal clear'.
Jun 04 11:09:21.565606 osdx OSDxCLI[31450]: User 'admin' executed a new command: 'system coredump delete all'.
Jun 04 11:09:21.821066 osdx OSDxCLI[31450]: User 'admin' entered the configuration menu.
Jun 04 11:09:21.903586 osdx OSDxCLI[31450]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 vrf RED'.
Jun 04 11:09:21.986741 osdx OSDxCLI[31450]: User 'admin' added a new cfg line: 'set protocols vrf RED static route 0.0.0.0/0 next-hop 192.168.100.2'.
Jun 04 11:09:22.079333 osdx OSDxCLI[31450]: User 'admin' added a new cfg line: 'set system vrf RED'.
Jun 04 11:09:22.148075 osdx OSDxCLI[31450]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 192.168.100.1/24'.
Jun 04 11:09:22.265251 osdx OSDxCLI[31450]: User 'admin' added a new cfg line: 'set system conntrack logging events all'.
Jun 04 11:09:22.362801 osdx OSDxCLI[31450]: User 'admin' added a new cfg line: 'show working'.
Jun 04 11:09:22.453617 osdx ubnt-cfgd[59060]: inactive
Jun 04 11:09:22.479866 osdx INFO[59066]: FRR daemons did not change
Jun 04 11:09:22.490891 osdx (udev-worker)[59076]: RED: Could not disable auto negotiation, ignoring: Operation not supported
Jun 04 11:09:22.490911 osdx (udev-worker)[59076]: Network interface NamePolicy= disabled on kernel command line.
Jun 04 11:09:22.530698 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0
Jun 04 11:09:22.577526 osdx WARNING[59159]: No supported link modes on interface eth0
Jun 04 11:09:22.579004 osdx modulelauncher[59159]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on
Jun 04 11:09:22.579019 osdx modulelauncher[59159]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76.
Jun 04 11:09:22.580192 osdx modulelauncher[59159]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off --
Jun 04 11:09:22.580201 osdx modulelauncher[59159]: Command '/sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off --' returned non-zero exit status 75.
Jun 04 11:09:22.594722 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0
Jun 04 11:09:22.687089 osdx systemd[1]: Starting ulogd2.service - Netfilter Userspace Logging Daemon...
Jun 04 11:09:22.688055 osdx systemd[1]: Started ulogd2.service - Netfilter Userspace Logging Daemon.
Jun 04 11:09:22.688142 osdx ulogd[59245]: registering plugin `NFCT'
Jun 04 11:09:22.688185 osdx ulogd[59245]: registering plugin `IP2STR'
Jun 04 11:09:22.688230 osdx ulogd[59245]: registering plugin `PRINTFLOW'
Jun 04 11:09:22.688278 osdx ulogd[59245]: registering plugin `SYSLOG'
Jun 04 11:09:22.688282 osdx ulogd[59245]: building new pluginstance stack: 'ct1:NFCT,ip2str1:IP2STR,print1:PRINTFLOW,sys1:SYSLOG'
Jun 04 11:09:22.688335 osdx ulogd[59245]: NFCT plugin working in event mode
Jun 04 11:09:22.688346 osdx ulogd[59245]: Changing UID / GID
Jun 04 11:09:22.688431 osdx ulogd[59245]: initialization finished, entering main loop
Jun 04 11:09:22.689834 osdx cfgd[1850]: [31450]Completed change to active configuration
Jun 04 11:09:22.704591 osdx OSDxCLI[31450]: User 'admin' committed the configuration.
Jun 04 11:09:22.720471 osdx OSDxCLI[31450]: User 'admin' left the configuration menu.
Jun 04 11:09:23.709248 osdx ulogd[59245]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 VRF=RED PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 VRF=RED PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0
Jun 04 11:09:23.709273 osdx ulogd[59245]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 VRF=RED PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 VRF=RED PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0
Jun 04 11:09:23.793434 osdx ulogd[59245]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 VRF=RED PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 VRF=RED PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0
Jun 04 11:09:23.793456 osdx ulogd[59245]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 VRF=RED PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 VRF=RED PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0

---

Not-Bypass logging

Description

Set a simple configuration with a firewall service, send a ping command from one device to other and check that default and bypass fields appear when running system journal show.

Scenario

Step 1: Set the following configuration in DUT0 :

set interfaces ethernet eth1 address 10.215.168.64/24
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'

Step 2: Ping IP address 10.215.168.1 from DUT0:

admin@DUT0$ ping 10.215.168.1 count 1 size 56 timeout 1

Show output

PING 10.215.168.1 (10.215.168.1) 56(84) bytes of data.
64 bytes from 10.215.168.1: icmp_seq=1 ttl=64 time=0.302 ms

--- 10.215.168.1 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 0.302/0.302/0.302/0.000 ms

Step 3: Run command file copy http://10.215.168.1/~robot/test-performance.rules running:// force at DUT0 and expect this output:

Show output

  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100   129  100   129    0     0  24670      0 --:--:-- --:--:-- --:--:-- 25800

Step 4: Set the following configuration in DUT0 :

set interfaces ethernet eth0 address 192.168.100.1/24
set interfaces ethernet eth0 traffic policy in POLICY
set interfaces ethernet eth1 address 10.215.168.64/24
set service firewall FW mode inline queue FW_Q
set service firewall FW ruleset file 'running://test-performance.rules'
set service firewall FW stream bypass mark 129834765
set service firewall FW stream bypass mask 129834765
set service firewall FW stream bypass set-connmark
set system conntrack logging events all
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
set traffic policy POLICY rule 1 action enqueue FW_Q
set traffic queue FW_Q elements 1

Step 5: Set the following configuration in DUT1 :

set interfaces ethernet eth0 address 192.168.100.2/24
set protocols static route 0.0.0.0/0 next-hop 192.168.100.1
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'

Step 6: Ping IP address 192.168.100.1 from DUT1:

admin@DUT1$ ping 192.168.100.1 count 1 size 56 timeout 1

Show output

PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data.
64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.832 ms

--- 192.168.100.1 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 0.832/0.832/0.832/0.000 ms

Step 7: Ping IP address 192.168.100.1 from DUT1:

admin@DUT1$ ping 192.168.100.1 count 1 size 56 timeout 1

Show output

PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data.
64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.421 ms

--- 192.168.100.1 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 0.421/0.421/0.421/0.000 ms

Step 8: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:

ulogd\[.*\]:.*\[((NEW)|(UPDATE)|(DESTROY))\].*Sc: not-bypass

Show output

Jun 04 11:09:28.317122 osdx systemd-journald[2213]: Runtime Journal (/run/log/journal/d7b8b58d13984d0bb9acdb87ea6c32f4) is 1.8M, max 13.8M, 11.9M free.
Jun 04 11:09:28.319922 osdx systemd-journald[2213]: Received client request to rotate journal, rotating.
Jun 04 11:09:28.319967 osdx systemd-journald[2213]: Vacuuming done, freed 0B of archived journals from /run/log/journal/d7b8b58d13984d0bb9acdb87ea6c32f4.
Jun 04 11:09:28.328190 osdx OSDxCLI[31450]: User 'admin' executed a new command: 'system journal clear'.
Jun 04 11:09:28.526606 osdx OSDxCLI[31450]: User 'admin' executed a new command: 'system coredump delete all'.
Jun 04 11:09:28.790448 osdx OSDxCLI[31450]: User 'admin' entered the configuration menu.
Jun 04 11:09:28.873678 osdx OSDxCLI[31450]: User 'admin' added a new cfg line: 'set interfaces ethernet eth1 address 10.215.168.64/24'.
Jun 04 11:09:28.952560 osdx OSDxCLI[31450]: User 'admin' added a new cfg line: 'show working'.
Jun 04 11:09:29.042632 osdx ubnt-cfgd[59532]: inactive
Jun 04 11:09:29.062566 osdx INFO[59538]: FRR daemons did not change
Jun 04 11:09:29.095936 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth1
Jun 04 11:09:29.137274 osdx WARNING[59607]: No supported link modes on interface eth1
Jun 04 11:09:29.138975 osdx modulelauncher[59607]: osdx.utils.xos cmd error: /sbin/ethtool -A eth1 autoneg on
Jun 04 11:09:29.138988 osdx modulelauncher[59607]: Command '/sbin/ethtool -A eth1 autoneg on' returned non-zero exit status 76.
Jun 04 11:09:29.140204 osdx modulelauncher[59607]: osdx.utils.xos cmd error: /sbin/ethtool -s eth1 autoneg on advertise Asym_Pause off Pause off --
Jun 04 11:09:29.140213 osdx modulelauncher[59607]: Command '/sbin/ethtool -s eth1 autoneg on advertise Asym_Pause off Pause off --' returned non-zero exit status 75.
Jun 04 11:09:29.151296 osdx cfgd[1850]: [31450]Completed change to active configuration
Jun 04 11:09:29.163410 osdx OSDxCLI[31450]: User 'admin' committed the configuration.
Jun 04 11:09:29.188346 osdx OSDxCLI[31450]: User 'admin' left the configuration menu.
Jun 04 11:09:29.355548 osdx OSDxCLI[31450]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'.
Jun 04 11:09:29.497666 osdx file_operation[59664]: using src url: http://10.215.168.1/~robot/test-performance.rules dst url: running://
Jun 04 11:09:29.528274 osdx OSDxCLI[31450]: User 'admin' executed a new command: 'file copy http://10.215.168.1/~robot/test-performance.rules running:// force'.
Jun 04 11:09:29.664614 osdx OSDxCLI[31450]: User 'admin' entered the configuration menu.
Jun 04 11:09:29.750256 osdx OSDxCLI[31450]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 traffic policy in POLICY'.
Jun 04 11:09:29.856703 osdx OSDxCLI[31450]: User 'admin' added a new cfg line: 'set service firewall FW mode inline queue FW_Q'.
Jun 04 11:09:29.926252 osdx OSDxCLI[31450]: User 'admin' added a new cfg line: 'set service firewall FW ruleset file running://test-performance.rules'.
Jun 04 11:09:30.023368 osdx OSDxCLI[31450]: User 'admin' added a new cfg line: 'set service firewall FW stream bypass'.
Jun 04 11:09:30.111175 osdx OSDxCLI[31450]: User 'admin' added a new cfg line: 'set service firewall FW stream bypass mark 129834765'.
Jun 04 11:09:30.233775 osdx OSDxCLI[31450]: User 'admin' added a new cfg line: 'set service firewall FW stream bypass mask 129834765'.
Jun 04 11:09:30.307540 osdx OSDxCLI[31450]: User 'admin' added a new cfg line: 'set service firewall FW stream bypass set-connmark'.
Jun 04 11:09:30.405235 osdx OSDxCLI[31450]: User 'admin' added a new cfg line: 'set traffic queue FW_Q elements 1'.
Jun 04 11:09:30.463804 osdx OSDxCLI[31450]: User 'admin' added a new cfg line: 'set traffic policy POLICY rule 1 action enqueue FW_Q'.
Jun 04 11:09:30.580442 osdx OSDxCLI[31450]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 192.168.100.1/24'.
Jun 04 11:09:30.635749 osdx OSDxCLI[31450]: User 'admin' added a new cfg line: 'set system conntrack logging events all'.
Jun 04 11:09:30.756566 osdx OSDxCLI[31450]: User 'admin' added a new cfg line: 'show working'.
Jun 04 11:09:30.821704 osdx ubnt-cfgd[59699]: inactive
Jun 04 11:09:30.870429 osdx INFO[59716]: FRR daemons did not change
Jun 04 11:09:30.911945 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0
Jun 04 11:09:30.965412 osdx WARNING[59788]: No supported link modes on interface eth0
Jun 04 11:09:30.967292 osdx modulelauncher[59788]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on
Jun 04 11:09:30.967305 osdx modulelauncher[59788]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76.
Jun 04 11:09:30.968738 osdx modulelauncher[59788]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off --
Jun 04 11:09:30.968827 osdx modulelauncher[59788]: Command '/sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off --' returned non-zero exit status 75.
Jun 04 11:09:31.028331 osdx systemd[1]: Starting ulogd2.service - Netfilter Userspace Logging Daemon...
Jun 04 11:09:31.029191 osdx systemd[1]: Started ulogd2.service - Netfilter Userspace Logging Daemon.
Jun 04 11:09:31.029274 osdx ulogd[59813]: registering plugin `NFCT'
Jun 04 11:09:31.029315 osdx ulogd[59813]: registering plugin `IP2STR'
Jun 04 11:09:31.029356 osdx ulogd[59813]: registering plugin `PRINTFLOW'
Jun 04 11:09:31.029402 osdx ulogd[59813]: registering plugin `SYSLOG'
Jun 04 11:09:31.029407 osdx ulogd[59813]: building new pluginstance stack: 'ct1:NFCT,ip2str1:IP2STR,print1:PRINTFLOW,sys1:SYSLOG'
Jun 04 11:09:31.029457 osdx ulogd[59813]: NFCT plugin working in event mode
Jun 04 11:09:31.029468 osdx ulogd[59813]: Changing UID / GID
Jun 04 11:09:31.029566 osdx ulogd[59813]: initialization finished, entering main loop
Jun 04 11:09:31.298846 osdx ulogd[59813]: Terminal signal received, exiting
Jun 04 11:09:31.298985 osdx systemd[1]: Stopping ulogd2.service - Netfilter Userspace Logging Daemon...
Jun 04 11:09:31.299446 osdx systemd[1]: ulogd2.service: Deactivated successfully.
Jun 04 11:09:31.299581 osdx systemd[1]: Stopped ulogd2.service - Netfilter Userspace Logging Daemon.
Jun 04 11:09:31.332382 osdx systemd[1]: Starting ulogd2.service - Netfilter Userspace Logging Daemon...
Jun 04 11:09:31.333393 osdx systemd[1]: Started ulogd2.service - Netfilter Userspace Logging Daemon.
Jun 04 11:09:31.333507 osdx ulogd[59841]: registering plugin `NFCT'
Jun 04 11:09:31.333549 osdx ulogd[59841]: registering plugin `IP2STR'
Jun 04 11:09:31.333594 osdx ulogd[59841]: registering plugin `PRINTFLOW'
Jun 04 11:09:31.333642 osdx ulogd[59841]: registering plugin `SYSLOG'
Jun 04 11:09:31.333646 osdx ulogd[59841]: building new pluginstance stack: 'ct1:NFCT,ip2str1:IP2STR,print1:PRINTFLOW,sys1:SYSLOG'
Jun 04 11:09:31.333696 osdx ulogd[59841]: NFCT plugin working in event mode
Jun 04 11:09:31.333706 osdx ulogd[59841]: Changing UID / GID
Jun 04 11:09:31.333792 osdx ulogd[59841]: initialization finished, entering main loop
Jun 04 11:09:31.386334 osdx systemd[1]: Reloading.
Jun 04 11:09:31.448206 osdx systemd-sysv-generator[59862]: stat() failed on /etc/init.d/README, ignoring: No such file or directory
Jun 04 11:09:31.560370 osdx systemd[1]: Starting logrotate.service - Rotate log files...
Jun 04 11:09:31.565366 osdx systemd[1]: Created slice system-suricata.slice - Slice /system/suricata.
Jun 04 11:09:31.566274 osdx systemd[1]: Starting suricata@FW.service - Suricata client "FW" service...
Jun 04 11:09:31.592035 osdx systemd[1]: logrotate.service: Deactivated successfully.
Jun 04 11:09:31.592176 osdx systemd[1]: Finished logrotate.service - Rotate log files.
Jun 04 11:09:31.866984 osdx systemd[1]: Started suricata@FW.service - Suricata client "FW" service.
Jun 04 11:09:32.180254 osdx INFO[59843]: Rules successfully loaded
Jun 04 11:09:32.180994 osdx cfgd[1850]: [31450]Completed change to active configuration
Jun 04 11:09:32.193283 osdx OSDxCLI[31450]: User 'admin' committed the configuration.
Jun 04 11:09:32.210361 osdx OSDxCLI[31450]: User 'admin' left the configuration menu.
Jun 04 11:09:33.082013 osdx ulogd[59841]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 (Sc: not-bypass)
Jun 04 11:09:33.082033 osdx ulogd[59841]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 (Sc: not-bypass)
Jun 04 11:09:33.161694 osdx ulogd[59841]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 (Sc: not-bypass)
Jun 04 11:09:33.161712 osdx ulogd[59841]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 (Sc: not-bypass)

---

Offload flag

Description

Set a simple configuration with DUT0 as an intermediary between DUT1 and DUT2. Initiate a ssh connection from DUT1 to DUT2 and check that default and offload fields appear when running system journal show.

Scenario

Step 1: Set the following configuration in DUT0 :

set interfaces ethernet eth0 address 192.168.100.1/24
set interfaces ethernet eth1 address 192.168.200.1/24
set system conntrack logging events all
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'

Step 2: Set the following configuration in DUT1 :

set interfaces ethernet eth0 address 192.168.100.2/24
set protocols static route 0.0.0.0/0 next-hop 192.168.100.1
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'

Step 3: Set the following configuration in DUT2 :

set interfaces ethernet eth0 address 192.168.200.2/24
set protocols static route 0.0.0.0/0 next-hop 192.168.200.1
set service ssh
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'

Step 4: Ping IP address 192.168.100.1 from DUT1:

admin@DUT1$ ping 192.168.100.1 count 1 size 56 timeout 1

Show output

PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data.
64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.758 ms

--- 192.168.100.1 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 0.758/0.758/0.758/0.000 ms

Step 5: Ping IP address 192.168.200.1 from DUT2:

admin@DUT2$ ping 192.168.200.1 count 1 size 56 timeout 1

Show output

PING 192.168.200.1 (192.168.200.1) 56(84) bytes of data.
64 bytes from 192.168.200.1: icmp_seq=1 ttl=64 time=0.518 ms

--- 192.168.200.1 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 0.518/0.518/0.518/0.000 ms

Step 6: Init an SSH connection from DUT1 to IP address 192.168.200.2 with the user admin:

admin@DUT1$ ssh admin@192.168.200.2 option StrictHostKeyChecking=no option UserKnownHostsFile=/dev/null

Show output

Warning: Permanently added '192.168.200.2' (ECDSA) to the list of known hosts.
admin@192.168.200.2's password:
Welcome to Teldat OSDx v4.2.9.4

This system includes free software.
Contact Teldat for licenses information and source code.

Last login: Thu Jun  4 11:03:19 2026 from 10.215.168.64
admin@osdx$

Step 7: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:

ulogd\[.*\]:.*\[((NEW)|(UPDATE)|(DESTROY))\].*\[OFFLOAD\]

Show output

Jun 04 11:09:39.351639 osdx systemd-journald[2213]: Runtime Journal (/run/log/journal/d7b8b58d13984d0bb9acdb87ea6c32f4) is 1.8M, max 13.8M, 11.9M free.
Jun 04 11:09:39.353035 osdx systemd-journald[2213]: Received client request to rotate journal, rotating.
Jun 04 11:09:39.353100 osdx systemd-journald[2213]: Vacuuming done, freed 0B of archived journals from /run/log/journal/d7b8b58d13984d0bb9acdb87ea6c32f4.
Jun 04 11:09:39.364133 osdx OSDxCLI[31450]: User 'admin' executed a new command: 'system journal clear'.
Jun 04 11:09:39.610125 osdx OSDxCLI[31450]: User 'admin' executed a new command: 'system coredump delete all'.
Jun 04 11:09:40.041137 osdx OSDxCLI[31450]: User 'admin' entered the configuration menu.
Jun 04 11:09:40.195511 osdx OSDxCLI[31450]: User 'admin' added a new cfg line: 'set interfaces ethernet eth1 address 192.168.200.1/24'.
Jun 04 11:09:40.255489 osdx OSDxCLI[31450]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 192.168.100.1/24'.
Jun 04 11:09:40.375535 osdx OSDxCLI[31450]: User 'admin' added a new cfg line: 'set system conntrack logging events all'.
Jun 04 11:09:40.456837 osdx OSDxCLI[31450]: User 'admin' added a new cfg line: 'show working'.
Jun 04 11:09:40.598001 osdx ubnt-cfgd[60185]: inactive
Jun 04 11:09:40.624227 osdx INFO[60191]: FRR daemons did not change
Jun 04 11:09:40.661068 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth1
Jun 04 11:09:40.713593 osdx WARNING[60263]: No supported link modes on interface eth1
Jun 04 11:09:40.715126 osdx modulelauncher[60263]: osdx.utils.xos cmd error: /sbin/ethtool -A eth1 autoneg on
Jun 04 11:09:40.715143 osdx modulelauncher[60263]: Command '/sbin/ethtool -A eth1 autoneg on' returned non-zero exit status 76.
Jun 04 11:09:40.716495 osdx modulelauncher[60263]: osdx.utils.xos cmd error: /sbin/ethtool -s eth1 autoneg on advertise Asym_Pause off Pause off --
Jun 04 11:09:40.716504 osdx modulelauncher[60263]: Command '/sbin/ethtool -s eth1 autoneg on advertise Asym_Pause off Pause off --' returned non-zero exit status 75.
Jun 04 11:09:40.753066 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0
Jun 04 11:09:40.802538 osdx WARNING[60343]: No supported link modes on interface eth0
Jun 04 11:09:40.804374 osdx modulelauncher[60343]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on
Jun 04 11:09:40.804388 osdx modulelauncher[60343]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76.
Jun 04 11:09:40.805629 osdx modulelauncher[60343]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off --
Jun 04 11:09:40.805638 osdx modulelauncher[60343]: Command '/sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off --' returned non-zero exit status 75.
Jun 04 11:09:40.841629 osdx systemd[1]: Starting ulogd2.service - Netfilter Userspace Logging Daemon...
Jun 04 11:09:40.842547 osdx systemd[1]: Started ulogd2.service - Netfilter Userspace Logging Daemon.
Jun 04 11:09:40.842616 osdx ulogd[60369]: registering plugin `NFCT'
Jun 04 11:09:40.842658 osdx ulogd[60369]: registering plugin `IP2STR'
Jun 04 11:09:40.842733 osdx ulogd[60369]: registering plugin `PRINTFLOW'
Jun 04 11:09:40.842784 osdx ulogd[60369]: registering plugin `SYSLOG'
Jun 04 11:09:40.842788 osdx ulogd[60369]: building new pluginstance stack: 'ct1:NFCT,ip2str1:IP2STR,print1:PRINTFLOW,sys1:SYSLOG'
Jun 04 11:09:40.842838 osdx ulogd[60369]: NFCT plugin working in event mode
Jun 04 11:09:40.842852 osdx ulogd[60369]: Changing UID / GID
Jun 04 11:09:40.842931 osdx ulogd[60369]: initialization finished, entering main loop
Jun 04 11:09:40.844152 osdx cfgd[1850]: [31450]Completed change to active configuration
Jun 04 11:09:40.855862 osdx OSDxCLI[31450]: User 'admin' committed the configuration.
Jun 04 11:09:40.872449 osdx OSDxCLI[31450]: User 'admin' left the configuration menu.
Jun 04 11:09:42.972553 osdx ulogd[60369]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0
Jun 04 11:09:42.972577 osdx ulogd[60369]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0
Jun 04 11:09:43.081531 osdx ulogd[60369]: [NEW] ORIG: SRC=192.168.200.2 DST=192.168.200.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.200.1 DST=192.168.200.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0
Jun 04 11:09:43.081557 osdx ulogd[60369]: [UPDATE] ORIG: SRC=192.168.200.2 DST=192.168.200.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.200.1 DST=192.168.200.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0
Jun 04 11:09:43.182367 osdx ulogd[60369]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.200.2 PROTO=TCP SPT=54816 DPT=22 PKTS=0 BYTES=0 , REPLY: SRC=192.168.200.2 DST=192.168.100.2 PROTO=TCP SPT=22 DPT=54816 PKTS=0 BYTES=0
Jun 04 11:09:43.182547 osdx ulogd[60369]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.200.2 PROTO=TCP SPT=54816 DPT=22 PKTS=0 BYTES=0 , REPLY: SRC=192.168.200.2 DST=192.168.100.2 PROTO=TCP SPT=22 DPT=54816 PKTS=0 BYTES=0
Jun 04 11:09:43.182712 osdx ulogd[60369]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.200.2 PROTO=TCP SPT=54816 DPT=22 PKTS=0 BYTES=0 , REPLY: SRC=192.168.200.2 DST=192.168.100.2 PROTO=TCP SPT=22 DPT=54816 PKTS=0 BYTES=0 [OFFLOAD]
Jun 04 11:09:43.487245 osdx ulogd[60369]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.200.2 PROTO=TCP SPT=54816 DPT=22 PKTS=0 BYTES=0 , REPLY: SRC=192.168.200.2 DST=192.168.100.2 PROTO=TCP SPT=22 DPT=54816 PKTS=0 BYTES=0
Jun 04 11:09:43.487273 osdx ulogd[60369]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.200.2 PROTO=TCP SPT=54816 DPT=22 PKTS=0 BYTES=0 , REPLY: SRC=192.168.200.2 DST=192.168.100.2 PROTO=TCP SPT=22 DPT=54816 PKTS=0 BYTES=0 [OFFLOAD]
Jun 04 11:09:43.488560 osdx ulogd[60369]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.200.2 PROTO=TCP SPT=54816 DPT=22 PKTS=0 BYTES=0 , REPLY: SRC=192.168.200.2 DST=192.168.100.2 PROTO=TCP SPT=22 DPT=54816 PKTS=0 BYTES=0
Jun 04 11:09:43.488667 osdx ulogd[60369]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.200.2 PROTO=TCP SPT=54816 DPT=22 PKTS=0 BYTES=0 , REPLY: SRC=192.168.200.2 DST=192.168.100.2 PROTO=TCP SPT=22 DPT=54816 PKTS=0 BYTES=0 [OFFLOAD]

---

App detect logging

Description

Set a simple configuration enabling app detection in system conntrack, send a ping command from DUT1 and check app detect field appears when running system journal show. After that, enabling app detection in system conntrack for http host, try to copy index.html from a http server and check that the app detect field appears and belongs to the http server when running system journal show.

Scenario

Step 1: Set the following configuration in DUT0 :

set interfaces ethernet eth0 address 192.168.100.1/24
set system conntrack app-detect
set system conntrack logging events all
set system conntrack timeout icmp 1
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'

Step 2: Set the following configuration in DUT1 :

set interfaces ethernet eth0 address 192.168.100.2/24
set protocols static route 0.0.0.0/0 next-hop 192.168.100.1
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'

Step 3: Ping IP address 192.168.100.1 from DUT1:

admin@DUT1$ ping 192.168.100.1 count 1 size 56 timeout 1

Show output

PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data.
64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.682 ms

--- 192.168.100.1 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 0.682/0.682/0.682/0.000 ms

Step 4: Ping IP address 192.168.100.1 from DUT1:

admin@DUT1$ ping 192.168.100.1 count 3 size 56 timeout 1

Show output

PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data.
64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.517 ms
64 bytes from 192.168.100.1: icmp_seq=2 ttl=64 time=0.301 ms
64 bytes from 192.168.100.1: icmp_seq=3 ttl=64 time=0.348 ms

--- 192.168.100.1 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2051ms
rtt min/avg/max/mdev = 0.301/0.388/0.517/0.092 ms

Step 5: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:

ulogd\[.*\]:.*\[NEW\].*APPDETECT\[L3:1\]

Show output

Jun 04 11:09:48.283159 osdx systemd-journald[2213]: Runtime Journal (/run/log/journal/d7b8b58d13984d0bb9acdb87ea6c32f4) is 1.8M, max 13.8M, 11.9M free.
Jun 04 11:09:48.284777 osdx systemd-journald[2213]: Received client request to rotate journal, rotating.
Jun 04 11:09:48.284830 osdx systemd-journald[2213]: Vacuuming done, freed 0B of archived journals from /run/log/journal/d7b8b58d13984d0bb9acdb87ea6c32f4.
Jun 04 11:09:48.294460 osdx OSDxCLI[31450]: User 'admin' executed a new command: 'system journal clear'.
Jun 04 11:09:48.536716 osdx OSDxCLI[31450]: User 'admin' executed a new command: 'system coredump delete all'.
Jun 04 11:09:48.939184 osdx OSDxCLI[31450]: User 'admin' entered the configuration menu.
Jun 04 11:09:49.023459 osdx OSDxCLI[31450]: User 'admin' added a new cfg line: 'set system conntrack app-detect'.
Jun 04 11:09:49.121998 osdx OSDxCLI[31450]: User 'admin' added a new cfg line: 'set system conntrack timeout icmp 1'.
Jun 04 11:09:49.227209 osdx OSDxCLI[31450]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 192.168.100.1/24'.
Jun 04 11:09:49.280603 osdx OSDxCLI[31450]: User 'admin' added a new cfg line: 'set system conntrack logging events all'.
Jun 04 11:09:49.403563 osdx OSDxCLI[31450]: User 'admin' added a new cfg line: 'show working'.
Jun 04 11:09:49.467818 osdx ubnt-cfgd[60605]: inactive
Jun 04 11:09:49.490601 osdx INFO[60611]: FRR daemons did not change
Jun 04 11:09:49.652795 osdx kernel: nfUDPlink: module init
Jun 04 11:09:49.652834 osdx kernel: app-detect: module init
Jun 04 11:09:49.652846 osdx kernel: app-detect: registered: sysctl net.appdetect
Jun 04 11:09:49.652854 osdx kernel: nfUDPlink: connected 127.0.0.1:49000
Jun 04 11:09:49.652861 osdx kernel: nfUDPlink: added destination 127.0.0.1:49000
Jun 04 11:09:49.652869 osdx kernel: app-detect: registered: /proc/net/stat/appdetect
Jun 04 11:09:49.652876 osdx kernel: app-detect: expression init
Jun 04 11:09:49.652883 osdx kernel: app-detect: appid cache initialized (override=yes, chained=yes)
Jun 04 11:09:49.652891 osdx kernel: app-detect: cache changes counter set appid_changes_count found (klen=4, dlen=4)
Jun 04 11:09:49.659122 osdx modulelauncher[60614]: AppDetect: no appdetect_chain refresh needed, nothing more to do
Jun 04 11:09:49.661671 osdx INFO[60639]: Stopping Traffic Categorization (TCATD) service ...
Jun 04 11:09:49.708780 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0
Jun 04 11:09:49.752618 osdx WARNING[60714]: No supported link modes on interface eth0
Jun 04 11:09:49.754040 osdx modulelauncher[60714]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on
Jun 04 11:09:49.754055 osdx modulelauncher[60714]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76.
Jun 04 11:09:49.755161 osdx modulelauncher[60714]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off --
Jun 04 11:09:49.755170 osdx modulelauncher[60714]: Command '/sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off --' returned non-zero exit status 75.
Jun 04 11:09:49.817113 osdx systemd[1]: Starting ulogd2.service - Netfilter Userspace Logging Daemon...
Jun 04 11:09:49.818069 osdx systemd[1]: Started ulogd2.service - Netfilter Userspace Logging Daemon.
Jun 04 11:09:49.818149 osdx ulogd[60739]: registering plugin `NFCT'
Jun 04 11:09:49.818188 osdx ulogd[60739]: registering plugin `IP2STR'
Jun 04 11:09:49.818223 osdx ulogd[60739]: registering plugin `PRINTFLOW'
Jun 04 11:09:49.818263 osdx ulogd[60739]: registering plugin `SYSLOG'
Jun 04 11:09:49.818267 osdx ulogd[60739]: building new pluginstance stack: 'ct1:NFCT,ip2str1:IP2STR,print1:PRINTFLOW,sys1:SYSLOG'
Jun 04 11:09:49.818310 osdx ulogd[60739]: NFCT plugin working in event mode
Jun 04 11:09:49.818319 osdx ulogd[60739]: Changing UID / GID
Jun 04 11:09:49.818387 osdx ulogd[60739]: initialization finished, entering main loop
Jun 04 11:09:49.819587 osdx cfgd[1850]: [31450]Completed change to active configuration
Jun 04 11:09:49.831837 osdx OSDxCLI[31450]: User 'admin' committed the configuration.
Jun 04 11:09:49.848315 osdx OSDxCLI[31450]: User 'admin' left the configuration menu.
Jun 04 11:09:50.815105 osdx ulogd[60739]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1]
Jun 04 11:09:50.815130 osdx ulogd[60739]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1]
Jun 04 11:09:50.938097 osdx ulogd[60739]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1]
Jun 04 11:09:50.938124 osdx ulogd[60739]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1]
Jun 04 11:09:51.964790 osdx ulogd[60739]: [DESTROY] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 APPDETECT[L3:1]
Jun 04 11:09:51.964814 osdx ulogd[60739]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1]
Jun 04 11:09:51.964828 osdx ulogd[60739]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1]
Jun 04 11:09:52.988849 osdx ulogd[60739]: [DESTROY] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 APPDETECT[L3:1]
Jun 04 11:09:52.988874 osdx ulogd[60739]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1]
Jun 04 11:09:52.988889 osdx ulogd[60739]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1]

Step 6: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:

ulogd\[.*\]:.*\[UPDATE\].*APPDETECT\[L3:1\]

Show output

Jun 04 11:09:48.283159 osdx systemd-journald[2213]: Runtime Journal (/run/log/journal/d7b8b58d13984d0bb9acdb87ea6c32f4) is 1.8M, max 13.8M, 11.9M free.
Jun 04 11:09:48.284777 osdx systemd-journald[2213]: Received client request to rotate journal, rotating.
Jun 04 11:09:48.284830 osdx systemd-journald[2213]: Vacuuming done, freed 0B of archived journals from /run/log/journal/d7b8b58d13984d0bb9acdb87ea6c32f4.
Jun 04 11:09:48.294460 osdx OSDxCLI[31450]: User 'admin' executed a new command: 'system journal clear'.
Jun 04 11:09:48.536716 osdx OSDxCLI[31450]: User 'admin' executed a new command: 'system coredump delete all'.
Jun 04 11:09:48.939184 osdx OSDxCLI[31450]: User 'admin' entered the configuration menu.
Jun 04 11:09:49.023459 osdx OSDxCLI[31450]: User 'admin' added a new cfg line: 'set system conntrack app-detect'.
Jun 04 11:09:49.121998 osdx OSDxCLI[31450]: User 'admin' added a new cfg line: 'set system conntrack timeout icmp 1'.
Jun 04 11:09:49.227209 osdx OSDxCLI[31450]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 192.168.100.1/24'.
Jun 04 11:09:49.280603 osdx OSDxCLI[31450]: User 'admin' added a new cfg line: 'set system conntrack logging events all'.
Jun 04 11:09:49.403563 osdx OSDxCLI[31450]: User 'admin' added a new cfg line: 'show working'.
Jun 04 11:09:49.467818 osdx ubnt-cfgd[60605]: inactive
Jun 04 11:09:49.490601 osdx INFO[60611]: FRR daemons did not change
Jun 04 11:09:49.652795 osdx kernel: nfUDPlink: module init
Jun 04 11:09:49.652834 osdx kernel: app-detect: module init
Jun 04 11:09:49.652846 osdx kernel: app-detect: registered: sysctl net.appdetect
Jun 04 11:09:49.652854 osdx kernel: nfUDPlink: connected 127.0.0.1:49000
Jun 04 11:09:49.652861 osdx kernel: nfUDPlink: added destination 127.0.0.1:49000
Jun 04 11:09:49.652869 osdx kernel: app-detect: registered: /proc/net/stat/appdetect
Jun 04 11:09:49.652876 osdx kernel: app-detect: expression init
Jun 04 11:09:49.652883 osdx kernel: app-detect: appid cache initialized (override=yes, chained=yes)
Jun 04 11:09:49.652891 osdx kernel: app-detect: cache changes counter set appid_changes_count found (klen=4, dlen=4)
Jun 04 11:09:49.659122 osdx modulelauncher[60614]: AppDetect: no appdetect_chain refresh needed, nothing more to do
Jun 04 11:09:49.661671 osdx INFO[60639]: Stopping Traffic Categorization (TCATD) service ...
Jun 04 11:09:49.708780 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0
Jun 04 11:09:49.752618 osdx WARNING[60714]: No supported link modes on interface eth0
Jun 04 11:09:49.754040 osdx modulelauncher[60714]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on
Jun 04 11:09:49.754055 osdx modulelauncher[60714]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76.
Jun 04 11:09:49.755161 osdx modulelauncher[60714]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off --
Jun 04 11:09:49.755170 osdx modulelauncher[60714]: Command '/sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off --' returned non-zero exit status 75.
Jun 04 11:09:49.817113 osdx systemd[1]: Starting ulogd2.service - Netfilter Userspace Logging Daemon...
Jun 04 11:09:49.818069 osdx systemd[1]: Started ulogd2.service - Netfilter Userspace Logging Daemon.
Jun 04 11:09:49.818149 osdx ulogd[60739]: registering plugin `NFCT'
Jun 04 11:09:49.818188 osdx ulogd[60739]: registering plugin `IP2STR'
Jun 04 11:09:49.818223 osdx ulogd[60739]: registering plugin `PRINTFLOW'
Jun 04 11:09:49.818263 osdx ulogd[60739]: registering plugin `SYSLOG'
Jun 04 11:09:49.818267 osdx ulogd[60739]: building new pluginstance stack: 'ct1:NFCT,ip2str1:IP2STR,print1:PRINTFLOW,sys1:SYSLOG'
Jun 04 11:09:49.818310 osdx ulogd[60739]: NFCT plugin working in event mode
Jun 04 11:09:49.818319 osdx ulogd[60739]: Changing UID / GID
Jun 04 11:09:49.818387 osdx ulogd[60739]: initialization finished, entering main loop
Jun 04 11:09:49.819587 osdx cfgd[1850]: [31450]Completed change to active configuration
Jun 04 11:09:49.831837 osdx OSDxCLI[31450]: User 'admin' committed the configuration.
Jun 04 11:09:49.848315 osdx OSDxCLI[31450]: User 'admin' left the configuration menu.
Jun 04 11:09:50.815105 osdx ulogd[60739]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1]
Jun 04 11:09:50.815130 osdx ulogd[60739]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1]
Jun 04 11:09:50.938097 osdx ulogd[60739]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1]
Jun 04 11:09:50.938124 osdx ulogd[60739]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1]
Jun 04 11:09:51.964790 osdx ulogd[60739]: [DESTROY] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 APPDETECT[L3:1]
Jun 04 11:09:51.964814 osdx ulogd[60739]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1]
Jun 04 11:09:51.964828 osdx ulogd[60739]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1]
Jun 04 11:09:52.988849 osdx ulogd[60739]: [DESTROY] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 APPDETECT[L3:1]
Jun 04 11:09:52.988874 osdx ulogd[60739]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1]
Jun 04 11:09:52.988889 osdx ulogd[60739]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1]
Jun 04 11:09:53.109239 osdx OSDxCLI[31450]: User 'admin' executed a new command: 'system journal show | cat'.

Step 7: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:

ulogd\[.*\]:.*\[DESTROY\].*APPDETECT\[L3:1\]

Show output

Jun 04 11:09:48.283159 osdx systemd-journald[2213]: Runtime Journal (/run/log/journal/d7b8b58d13984d0bb9acdb87ea6c32f4) is 1.8M, max 13.8M, 11.9M free.
Jun 04 11:09:48.284777 osdx systemd-journald[2213]: Received client request to rotate journal, rotating.
Jun 04 11:09:48.284830 osdx systemd-journald[2213]: Vacuuming done, freed 0B of archived journals from /run/log/journal/d7b8b58d13984d0bb9acdb87ea6c32f4.
Jun 04 11:09:48.294460 osdx OSDxCLI[31450]: User 'admin' executed a new command: 'system journal clear'.
Jun 04 11:09:48.536716 osdx OSDxCLI[31450]: User 'admin' executed a new command: 'system coredump delete all'.
Jun 04 11:09:48.939184 osdx OSDxCLI[31450]: User 'admin' entered the configuration menu.
Jun 04 11:09:49.023459 osdx OSDxCLI[31450]: User 'admin' added a new cfg line: 'set system conntrack app-detect'.
Jun 04 11:09:49.121998 osdx OSDxCLI[31450]: User 'admin' added a new cfg line: 'set system conntrack timeout icmp 1'.
Jun 04 11:09:49.227209 osdx OSDxCLI[31450]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 192.168.100.1/24'.
Jun 04 11:09:49.280603 osdx OSDxCLI[31450]: User 'admin' added a new cfg line: 'set system conntrack logging events all'.
Jun 04 11:09:49.403563 osdx OSDxCLI[31450]: User 'admin' added a new cfg line: 'show working'.
Jun 04 11:09:49.467818 osdx ubnt-cfgd[60605]: inactive
Jun 04 11:09:49.490601 osdx INFO[60611]: FRR daemons did not change
Jun 04 11:09:49.652795 osdx kernel: nfUDPlink: module init
Jun 04 11:09:49.652834 osdx kernel: app-detect: module init
Jun 04 11:09:49.652846 osdx kernel: app-detect: registered: sysctl net.appdetect
Jun 04 11:09:49.652854 osdx kernel: nfUDPlink: connected 127.0.0.1:49000
Jun 04 11:09:49.652861 osdx kernel: nfUDPlink: added destination 127.0.0.1:49000
Jun 04 11:09:49.652869 osdx kernel: app-detect: registered: /proc/net/stat/appdetect
Jun 04 11:09:49.652876 osdx kernel: app-detect: expression init
Jun 04 11:09:49.652883 osdx kernel: app-detect: appid cache initialized (override=yes, chained=yes)
Jun 04 11:09:49.652891 osdx kernel: app-detect: cache changes counter set appid_changes_count found (klen=4, dlen=4)
Jun 04 11:09:49.659122 osdx modulelauncher[60614]: AppDetect: no appdetect_chain refresh needed, nothing more to do
Jun 04 11:09:49.661671 osdx INFO[60639]: Stopping Traffic Categorization (TCATD) service ...
Jun 04 11:09:49.708780 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0
Jun 04 11:09:49.752618 osdx WARNING[60714]: No supported link modes on interface eth0
Jun 04 11:09:49.754040 osdx modulelauncher[60714]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on
Jun 04 11:09:49.754055 osdx modulelauncher[60714]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76.
Jun 04 11:09:49.755161 osdx modulelauncher[60714]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off --
Jun 04 11:09:49.755170 osdx modulelauncher[60714]: Command '/sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off --' returned non-zero exit status 75.
Jun 04 11:09:49.817113 osdx systemd[1]: Starting ulogd2.service - Netfilter Userspace Logging Daemon...
Jun 04 11:09:49.818069 osdx systemd[1]: Started ulogd2.service - Netfilter Userspace Logging Daemon.
Jun 04 11:09:49.818149 osdx ulogd[60739]: registering plugin `NFCT'
Jun 04 11:09:49.818188 osdx ulogd[60739]: registering plugin `IP2STR'
Jun 04 11:09:49.818223 osdx ulogd[60739]: registering plugin `PRINTFLOW'
Jun 04 11:09:49.818263 osdx ulogd[60739]: registering plugin `SYSLOG'
Jun 04 11:09:49.818267 osdx ulogd[60739]: building new pluginstance stack: 'ct1:NFCT,ip2str1:IP2STR,print1:PRINTFLOW,sys1:SYSLOG'
Jun 04 11:09:49.818310 osdx ulogd[60739]: NFCT plugin working in event mode
Jun 04 11:09:49.818319 osdx ulogd[60739]: Changing UID / GID
Jun 04 11:09:49.818387 osdx ulogd[60739]: initialization finished, entering main loop
Jun 04 11:09:49.819587 osdx cfgd[1850]: [31450]Completed change to active configuration
Jun 04 11:09:49.831837 osdx OSDxCLI[31450]: User 'admin' committed the configuration.
Jun 04 11:09:49.848315 osdx OSDxCLI[31450]: User 'admin' left the configuration menu.
Jun 04 11:09:50.815105 osdx ulogd[60739]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1]
Jun 04 11:09:50.815130 osdx ulogd[60739]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1]
Jun 04 11:09:50.938097 osdx ulogd[60739]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1]
Jun 04 11:09:50.938124 osdx ulogd[60739]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1]
Jun 04 11:09:51.964790 osdx ulogd[60739]: [DESTROY] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 APPDETECT[L3:1]
Jun 04 11:09:51.964814 osdx ulogd[60739]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1]
Jun 04 11:09:51.964828 osdx ulogd[60739]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1]
Jun 04 11:09:52.988849 osdx ulogd[60739]: [DESTROY] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 APPDETECT[L3:1]
Jun 04 11:09:52.988874 osdx ulogd[60739]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1]
Jun 04 11:09:52.988889 osdx ulogd[60739]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1]
Jun 04 11:09:53.109239 osdx OSDxCLI[31450]: User 'admin' executed a new command: 'system journal show | cat'.
Jun 04 11:09:53.338143 osdx OSDxCLI[31450]: User 'admin' executed a new command: 'system journal show | cat'.

Step 8: Modify the following configuration lines in DUT0 :

set interfaces ethernet eth1 address 10.215.168.64/24
set system conntrack app-detect http-host

Step 9: Ping IP address 10.215.168.1 from DUT0:

admin@DUT0$ ping 10.215.168.1 count 1 size 56 timeout 1

Show output

PING 10.215.168.1 (10.215.168.1) 56(84) bytes of data.
64 bytes from 10.215.168.1: icmp_seq=1 ttl=64 time=0.339 ms

--- 10.215.168.1 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 0.339/0.339/0.339/0.000 ms

Step 10: Run command file copy http://10.215.168.1/~robot/ running://index.html force at DUT0 and expect this output:

Show output

  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100   972    0   972    0     0   194k      0 --:--:-- --:--:-- --:--:--  237k

Step 11: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:

ulogd\[.*\]:.*\[((NEW)|(UPDATE)|(DESTROY))\].*APPDETECT\[L4:80 http-host:10.215.168.1\]

Show output

Jun 04 11:09:48.283159 osdx systemd-journald[2213]: Runtime Journal (/run/log/journal/d7b8b58d13984d0bb9acdb87ea6c32f4) is 1.8M, max 13.8M, 11.9M free.
Jun 04 11:09:48.284777 osdx systemd-journald[2213]: Received client request to rotate journal, rotating.
Jun 04 11:09:48.284830 osdx systemd-journald[2213]: Vacuuming done, freed 0B of archived journals from /run/log/journal/d7b8b58d13984d0bb9acdb87ea6c32f4.
Jun 04 11:09:48.294460 osdx OSDxCLI[31450]: User 'admin' executed a new command: 'system journal clear'.
Jun 04 11:09:48.536716 osdx OSDxCLI[31450]: User 'admin' executed a new command: 'system coredump delete all'.
Jun 04 11:09:48.939184 osdx OSDxCLI[31450]: User 'admin' entered the configuration menu.
Jun 04 11:09:49.023459 osdx OSDxCLI[31450]: User 'admin' added a new cfg line: 'set system conntrack app-detect'.
Jun 04 11:09:49.121998 osdx OSDxCLI[31450]: User 'admin' added a new cfg line: 'set system conntrack timeout icmp 1'.
Jun 04 11:09:49.227209 osdx OSDxCLI[31450]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 192.168.100.1/24'.
Jun 04 11:09:49.280603 osdx OSDxCLI[31450]: User 'admin' added a new cfg line: 'set system conntrack logging events all'.
Jun 04 11:09:49.403563 osdx OSDxCLI[31450]: User 'admin' added a new cfg line: 'show working'.
Jun 04 11:09:49.467818 osdx ubnt-cfgd[60605]: inactive
Jun 04 11:09:49.490601 osdx INFO[60611]: FRR daemons did not change
Jun 04 11:09:49.652795 osdx kernel: nfUDPlink: module init
Jun 04 11:09:49.652834 osdx kernel: app-detect: module init
Jun 04 11:09:49.652846 osdx kernel: app-detect: registered: sysctl net.appdetect
Jun 04 11:09:49.652854 osdx kernel: nfUDPlink: connected 127.0.0.1:49000
Jun 04 11:09:49.652861 osdx kernel: nfUDPlink: added destination 127.0.0.1:49000
Jun 04 11:09:49.652869 osdx kernel: app-detect: registered: /proc/net/stat/appdetect
Jun 04 11:09:49.652876 osdx kernel: app-detect: expression init
Jun 04 11:09:49.652883 osdx kernel: app-detect: appid cache initialized (override=yes, chained=yes)
Jun 04 11:09:49.652891 osdx kernel: app-detect: cache changes counter set appid_changes_count found (klen=4, dlen=4)
Jun 04 11:09:49.659122 osdx modulelauncher[60614]: AppDetect: no appdetect_chain refresh needed, nothing more to do
Jun 04 11:09:49.661671 osdx INFO[60639]: Stopping Traffic Categorization (TCATD) service ...
Jun 04 11:09:49.708780 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0
Jun 04 11:09:49.752618 osdx WARNING[60714]: No supported link modes on interface eth0
Jun 04 11:09:49.754040 osdx modulelauncher[60714]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on
Jun 04 11:09:49.754055 osdx modulelauncher[60714]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76.
Jun 04 11:09:49.755161 osdx modulelauncher[60714]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off --
Jun 04 11:09:49.755170 osdx modulelauncher[60714]: Command '/sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off --' returned non-zero exit status 75.
Jun 04 11:09:49.817113 osdx systemd[1]: Starting ulogd2.service - Netfilter Userspace Logging Daemon...
Jun 04 11:09:49.818069 osdx systemd[1]: Started ulogd2.service - Netfilter Userspace Logging Daemon.
Jun 04 11:09:49.818149 osdx ulogd[60739]: registering plugin `NFCT'
Jun 04 11:09:49.818188 osdx ulogd[60739]: registering plugin `IP2STR'
Jun 04 11:09:49.818223 osdx ulogd[60739]: registering plugin `PRINTFLOW'
Jun 04 11:09:49.818263 osdx ulogd[60739]: registering plugin `SYSLOG'
Jun 04 11:09:49.818267 osdx ulogd[60739]: building new pluginstance stack: 'ct1:NFCT,ip2str1:IP2STR,print1:PRINTFLOW,sys1:SYSLOG'
Jun 04 11:09:49.818310 osdx ulogd[60739]: NFCT plugin working in event mode
Jun 04 11:09:49.818319 osdx ulogd[60739]: Changing UID / GID
Jun 04 11:09:49.818387 osdx ulogd[60739]: initialization finished, entering main loop
Jun 04 11:09:49.819587 osdx cfgd[1850]: [31450]Completed change to active configuration
Jun 04 11:09:49.831837 osdx OSDxCLI[31450]: User 'admin' committed the configuration.
Jun 04 11:09:49.848315 osdx OSDxCLI[31450]: User 'admin' left the configuration menu.
Jun 04 11:09:50.815105 osdx ulogd[60739]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1]
Jun 04 11:09:50.815130 osdx ulogd[60739]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1]
Jun 04 11:09:50.938097 osdx ulogd[60739]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1]
Jun 04 11:09:50.938124 osdx ulogd[60739]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1]
Jun 04 11:09:51.964790 osdx ulogd[60739]: [DESTROY] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 APPDETECT[L3:1]
Jun 04 11:09:51.964814 osdx ulogd[60739]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1]
Jun 04 11:09:51.964828 osdx ulogd[60739]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1]
Jun 04 11:09:52.988849 osdx ulogd[60739]: [DESTROY] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 APPDETECT[L3:1]
Jun 04 11:09:52.988874 osdx ulogd[60739]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1]
Jun 04 11:09:52.988889 osdx ulogd[60739]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1]
Jun 04 11:09:53.109239 osdx OSDxCLI[31450]: User 'admin' executed a new command: 'system journal show | cat'.
Jun 04 11:09:53.338143 osdx OSDxCLI[31450]: User 'admin' executed a new command: 'system journal show | cat'.
Jun 04 11:09:53.529482 osdx OSDxCLI[31450]: User 'admin' executed a new command: 'system journal show | cat'.
Jun 04 11:09:53.718700 osdx OSDxCLI[31450]: User 'admin' entered the configuration menu.
Jun 04 11:09:53.812417 osdx OSDxCLI[31450]: User 'admin' added a new cfg line: 'set interfaces ethernet eth1 address 10.215.168.64/24'.
Jun 04 11:09:53.878953 osdx OSDxCLI[31450]: User 'admin' added a new cfg line: 'set system conntrack app-detect http-host'.
Jun 04 11:09:53.982363 osdx OSDxCLI[31450]: User 'admin' added a new cfg line: 'show changes'.
Jun 04 11:09:54.040186 osdx ubnt-cfgd[60792]: inactive
Jun 04 11:09:54.064947 osdx INFO[60798]: FRR daemons did not change
Jun 04 11:09:54.100777 osdx kernel: app-detect: expression destroy
Jun 04 11:09:54.112793 osdx kernel: app-detect: expression init
Jun 04 11:09:54.112842 osdx kernel: app-detect: appid cache initialized (override=yes, chained=yes)
Jun 04 11:09:54.112856 osdx kernel: app-detect: cache changes counter set appid_changes_count found (klen=4, dlen=4)
Jun 04 11:09:54.118630 osdx modulelauncher[60801]: AppDetect: no appdetect_chain refresh needed, nothing more to do
Jun 04 11:09:54.121757 osdx INFO[60817]: Stopping Traffic Categorization (TCATD) service ...
Jun 04 11:09:54.160791 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth1
Jun 04 11:09:54.208352 osdx WARNING[60887]: No supported link modes on interface eth1
Jun 04 11:09:54.210177 osdx modulelauncher[60887]: osdx.utils.xos cmd error: /sbin/ethtool -A eth1 autoneg on
Jun 04 11:09:54.210194 osdx modulelauncher[60887]: Command '/sbin/ethtool -A eth1 autoneg on' returned non-zero exit status 76.
Jun 04 11:09:54.211710 osdx modulelauncher[60887]: osdx.utils.xos cmd error: /sbin/ethtool -s eth1 autoneg on advertise Asym_Pause off Pause off --
Jun 04 11:09:54.211720 osdx modulelauncher[60887]: Command '/sbin/ethtool -s eth1 autoneg on advertise Asym_Pause off Pause off --' returned non-zero exit status 75.
Jun 04 11:09:54.222232 osdx cfgd[1850]: [31450]Completed change to active configuration
Jun 04 11:09:54.232433 osdx ulogd[60739]: [DESTROY] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 APPDETECT[L3:1]
Jun 04 11:09:54.232450 osdx ulogd[60739]: [DESTROY] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=1 BYTES=84 APPDETECT[L3:1]
Jun 04 11:09:54.233170 osdx OSDxCLI[31450]: User 'admin' committed the configuration.
Jun 04 11:09:54.252792 osdx OSDxCLI[31450]: User 'admin' left the configuration menu.
Jun 04 11:09:54.439323 osdx ulogd[60739]: [NEW] ORIG: SRC=10.215.168.64 DST=10.215.168.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=10.215.168.1 DST=10.215.168.64 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1]
Jun 04 11:09:54.439625 osdx ulogd[60739]: [UPDATE] ORIG: SRC=10.215.168.64 DST=10.215.168.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=10.215.168.1 DST=10.215.168.64 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 APPDETECT[L3:1]
Jun 04 11:09:54.441854 osdx OSDxCLI[31450]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'.
Jun 04 11:09:54.599429 osdx file_operation[60944]: using src url: http://10.215.168.1/~robot/ dst url: running://index.html
Jun 04 11:09:54.604282 osdx ulogd[60739]: [NEW] ORIG: SRC=10.215.168.64 DST=10.215.168.1 PROTO=TCP SPT=49658 DPT=80 PKTS=0 BYTES=0 , REPLY: SRC=10.215.168.1 DST=10.215.168.64 PROTO=TCP SPT=80 DPT=49658 PKTS=0 BYTES=0 APPDETECT[L4:80]
Jun 04 11:09:54.604391 osdx ulogd[60739]: [UPDATE] ORIG: SRC=10.215.168.64 DST=10.215.168.1 PROTO=TCP SPT=49658 DPT=80 PKTS=0 BYTES=0 , REPLY: SRC=10.215.168.1 DST=10.215.168.64 PROTO=TCP SPT=80 DPT=49658 PKTS=0 BYTES=0 APPDETECT[L4:80]
Jun 04 11:09:54.604424 osdx ulogd[60739]: [UPDATE] ORIG: SRC=10.215.168.64 DST=10.215.168.1 PROTO=TCP SPT=49658 DPT=80 PKTS=0 BYTES=0 , REPLY: SRC=10.215.168.1 DST=10.215.168.64 PROTO=TCP SPT=80 DPT=49658 PKTS=0 BYTES=0 APPDETECT[L4:80]
Jun 04 11:09:54.606215 osdx ulogd[60739]: [UPDATE] ORIG: SRC=10.215.168.64 DST=10.215.168.1 PROTO=TCP SPT=49658 DPT=80 PKTS=0 BYTES=0 , REPLY: SRC=10.215.168.1 DST=10.215.168.64 PROTO=TCP SPT=80 DPT=49658 PKTS=0 BYTES=0 APPDETECT[L4:80 http-host:10.215.168.1]
Jun 04 11:09:54.606256 osdx ulogd[60739]: [UPDATE] ORIG: SRC=10.215.168.64 DST=10.215.168.1 PROTO=TCP SPT=49658 DPT=80 PKTS=0 BYTES=0 , REPLY: SRC=10.215.168.1 DST=10.215.168.64 PROTO=TCP SPT=80 DPT=49658 PKTS=0 BYTES=0 APPDETECT[L4:80 http-host:10.215.168.1]
Jun 04 11:09:54.606271 osdx ulogd[60739]: [UPDATE] ORIG: SRC=10.215.168.64 DST=10.215.168.1 PROTO=TCP SPT=49658 DPT=80 PKTS=0 BYTES=0 , REPLY: SRC=10.215.168.1 DST=10.215.168.64 PROTO=TCP SPT=80 DPT=49658 PKTS=0 BYTES=0 APPDETECT[L4:80 http-host:10.215.168.1]
Jun 04 11:09:54.624271 osdx OSDxCLI[31450]: User 'admin' executed a new command: 'file copy http://10.215.168.1/~robot/ running://index.html force'.

---

App Detect Drop Packet

Description

Set a traffic policy with action drop for all the packets matching an appid specified by a traffic selector. Enable http-host and http-url option in system conntrack appdetect path in order to see relevant information about http packets. Finnally, log that packets with app-id option and check that appdetect field appear in journal when running system journal show

Scenario

Step 1: Set the following configuration in DUT0 :

set interfaces ethernet eth1 address 10.215.168.64/24
set interfaces ethernet eth1 traffic policy out DROP
set system conntrack app-detect dictionary 130 custom app-id 155 fqdn 10.215.168.1
set system conntrack app-detect enable_dict_match_priv_ip
set system conntrack app-detect http-host
set system conntrack app-detect http-url
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
set traffic policy DROP rule 1 action drop
set traffic policy DROP rule 1 log app-id
set traffic policy DROP rule 1 selector APPID
set traffic selector APPID rule 1 app-detect app-id custom 155

Step 2: Ping IP address 10.215.168.1 from DUT0:

admin@DUT0$ ping 10.215.168.1 count 1 size 56 timeout 1

Show output

PING 10.215.168.1 (10.215.168.1) 56(84) bytes of data.
64 bytes from 10.215.168.1: icmp_seq=1 ttl=64 time=0.466 ms

--- 10.215.168.1 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 0.466/0.466/0.466/0.000 ms

Step 3: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:

osdx kernel:.*APPDETECT\[U6:155 http-url:/~robot/ http-host:10.215.168.1\]

Show output

Jun 04 11:10:00.293958 osdx systemd-journald[2213]: Runtime Journal (/run/log/journal/d7b8b58d13984d0bb9acdb87ea6c32f4) is 1.8M, max 13.8M, 11.9M free.
Jun 04 11:10:00.294399 osdx systemd-journald[2213]: Received client request to rotate journal, rotating.
Jun 04 11:10:00.294430 osdx systemd-journald[2213]: Vacuuming done, freed 0B of archived journals from /run/log/journal/d7b8b58d13984d0bb9acdb87ea6c32f4.
Jun 04 11:10:00.305299 osdx OSDxCLI[31450]: User 'admin' executed a new command: 'system journal clear'.
Jun 04 11:10:00.503421 osdx OSDxCLI[31450]: User 'admin' executed a new command: 'system coredump delete all'.
Jun 04 11:10:00.772576 osdx OSDxCLI[31450]: User 'admin' entered the configuration menu.
Jun 04 11:10:00.831950 osdx OSDxCLI[31450]: User 'admin' added a new cfg line: 'set system conntrack app-detect dictionary 130 custom app-id 155 fqdn 10.215.168.1'.
Jun 04 11:10:00.962794 osdx OSDxCLI[31450]: User 'admin' added a new cfg line: 'set system conntrack app-detect enable_dict_match_priv_ip'.
Jun 04 11:10:01.015807 osdx OSDxCLI[31450]: User 'admin' added a new cfg line: 'set system conntrack app-detect http-url'.
Jun 04 11:10:01.120819 osdx OSDxCLI[31450]: User 'admin' added a new cfg line: 'set traffic selector APPID rule 1 app-detect app-id custom 155'.
Jun 04 11:10:01.176333 osdx OSDxCLI[31450]: User 'admin' added a new cfg line: 'set traffic policy DROP rule 1 selector APPID'.
Jun 04 11:10:01.325036 osdx OSDxCLI[31450]: User 'admin' added a new cfg line: 'set traffic policy DROP rule 1 action drop'.
Jun 04 11:10:01.384734 osdx OSDxCLI[31450]: User 'admin' added a new cfg line: 'set traffic policy DROP rule 1 log app-id'.
Jun 04 11:10:01.512929 osdx OSDxCLI[31450]: User 'admin' added a new cfg line: 'set interfaces ethernet eth1 traffic policy out DROP'.
Jun 04 11:10:01.601240 osdx OSDxCLI[31450]: User 'admin' added a new cfg line: 'set interfaces ethernet eth1 address 10.215.168.64/24'.
Jun 04 11:10:01.688579 osdx OSDxCLI[31450]: User 'admin' added a new cfg line: 'set system conntrack app-detect http-host'.
Jun 04 11:10:01.797737 osdx OSDxCLI[31450]: User 'admin' added a new cfg line: 'show working'.
Jun 04 11:10:01.860669 osdx ubnt-cfgd[61188]: inactive
Jun 04 11:10:01.903759 osdx INFO[61212]: FRR daemons did not change
Jun 04 11:10:02.050351 osdx kernel: nfUDPlink: module init
Jun 04 11:10:02.050415 osdx kernel: app-detect: module init
Jun 04 11:10:02.050427 osdx kernel: app-detect: registered: sysctl net.appdetect
Jun 04 11:10:02.050439 osdx kernel: nfUDPlink: connected 127.0.0.1:49000
Jun 04 11:10:02.050450 osdx kernel: nfUDPlink: added destination 127.0.0.1:49000
Jun 04 11:10:02.050461 osdx kernel: app-detect: registered: /proc/net/stat/appdetect
Jun 04 11:10:02.050473 osdx kernel: app-detect: expression init
Jun 04 11:10:02.050490 osdx kernel: app-detect: appid cache initialized (override=yes, chained=yes)
Jun 04 11:10:02.050501 osdx kernel: app-detect: cache changes counter set appid_changes_count found (klen=4, dlen=4)
Jun 04 11:10:02.077959 osdx INFO[61247]: Updated /etc/default/osdx_tcatd.conf
Jun 04 11:10:02.078007 osdx INFO[61247]: Restarting Traffic Categorization (TCATD) service ...
Jun 04 11:10:02.122864 osdx systemd[1]: Starting osdx-tcatd.service - App-Detect Traffic Categorization daemon...
Jun 04 11:10:02.131953 osdx systemd[1]: Started osdx-tcatd.service - App-Detect Traffic Categorization daemon.
Jun 04 11:10:02.166371 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth1
Jun 04 11:10:02.215476 osdx WARNING[61321]: No supported link modes on interface eth1
Jun 04 11:10:02.217141 osdx modulelauncher[61321]: osdx.utils.xos cmd error: /sbin/ethtool -A eth1 autoneg on
Jun 04 11:10:02.217154 osdx modulelauncher[61321]: Command '/sbin/ethtool -A eth1 autoneg on' returned non-zero exit status 76.
Jun 04 11:10:02.218918 osdx modulelauncher[61321]: osdx.utils.xos cmd error: /sbin/ethtool -s eth1 autoneg on advertise Asym_Pause off Pause off --
Jun 04 11:10:02.218928 osdx modulelauncher[61321]: Command '/sbin/ethtool -s eth1 autoneg on advertise Asym_Pause off Pause off --' returned non-zero exit status 75.
Jun 04 11:10:02.442771 osdx cfgd[1850]: [31450]Completed change to active configuration
Jun 04 11:10:02.458418 osdx OSDxCLI[31450]: User 'admin' committed the configuration.
Jun 04 11:10:02.487544 osdx OSDxCLI[31450]: User 'admin' left the configuration menu.
Jun 04 11:10:02.652923 osdx OSDxCLI[31450]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'.
Jun 04 11:10:02.803745 osdx file_operation[61401]: using src url: http://10.215.168.1/~robot/ dst url: running://index.html
Jun 04 11:10:02.814385 osdx kernel: [DROP-1] DROP IN= OUT=eth1 SRC=10.215.168.64 DST=10.215.168.1 LEN=306 TOS=0x00 PREC=0x00 TTL=64 ID=11125 DF PROTO=TCP SPT=41310 DPT=80 WINDOW=502 RES=0x00 ACK PSH URGP=0 APPDETECT[U6:155 http-url:/~robot/ http-host:10.215.168.1]
Jun 04 11:10:03.018358 osdx kernel: [DROP-1] DROP IN= OUT=eth1 SRC=10.215.168.64 DST=10.215.168.1 LEN=306 TOS=0x00 PREC=0x00 TTL=64 ID=11126 DF PROTO=TCP SPT=41310 DPT=80 WINDOW=502 RES=0x00 ACK PSH URGP=0 APPDETECT[U6:155 http-url:/~robot/ http-host:10.215.168.1]
Jun 04 11:10:03.422391 osdx kernel: [DROP-1] DROP IN= OUT=eth1 SRC=10.215.168.64 DST=10.215.168.1 LEN=306 TOS=0x00 PREC=0x00 TTL=64 ID=11127 DF PROTO=TCP SPT=41310 DPT=80 WINDOW=502 RES=0x00 ACK PSH URGP=0 APPDETECT[U6:155 http-url:/~robot/ http-host:10.215.168.1]
Jun 04 11:10:04.254409 osdx kernel: [DROP-1] DROP IN= OUT=eth1 SRC=10.215.168.64 DST=10.215.168.1 LEN=306 TOS=0x00 PREC=0x00 TTL=64 ID=11128 DF PROTO=TCP SPT=41310 DPT=80 WINDOW=502 RES=0x00 ACK PSH URGP=0 APPDETECT[U6:155 http-url:/~robot/ http-host:10.215.168.1]
Jun 04 11:10:05.829172 osdx file_operation.py[61401]: Operation aborted by user.
Jun 04 11:10:05.842357 osdx kernel: [DROP-1] DROP IN= OUT=eth1 SRC=10.215.168.64 DST=10.215.168.1 LEN=306 TOS=0x00 PREC=0x00 TTL=64 ID=11129 DF PROTO=TCP SPT=41310 DPT=80 WINDOW=502 RES=0x00 ACK PSH FIN URGP=0 APPDETECT[U6:155 http-url:/~robot/ http-host:10.215.168.1]
Jun 04 11:10:05.845633 osdx OSDxCLI[31450]: User 'admin' executed a new command: 'file copy http://10.215.168.1/~robot/ running://index.html force'.
Jun 04 11:10:05.890381 osdx kernel: [DROP-1] DROP IN= OUT=eth1 SRC=10.215.168.64 DST=10.215.168.1 LEN=306 TOS=0x00 PREC=0x00 TTL=64 ID=11130 DF PROTO=TCP SPT=41310 DPT=80 WINDOW=502 RES=0x00 ACK PSH FIN URGP=0 APPDETECT[U6:155 http-url:/~robot/ http-host:10.215.168.1]

---

Identity Values

Description

Conntrack identity is able to contain any printed character (max 92 characters) but not spaces

Scenario

Step 1: Run command configure at DUT0 and expect this output:

Show output

admin@osdx#

Step 2: Run command set system conntrack logging identity "he||o w@rld!" at DUT0 and check if output contains the following tokens:

Identity name must be 92 characters or less and must contain printable characters except those defined as part of the space character class

Show output

Identity name must be 92 characters or less and must contain printable characters except those defined as part of the space character class
Value validation failed
CLI Error: Command error

Step 3: Run command set system conntrack logging identity Lorem-ipsum-dolor-sit-amet-consectetur-adipiscing-elit-quisque-lorem-ipsum-dolor-sit-amet-vita at DUT0 and check if output contains the following tokens:

Identity name must be 92 characters or less and must contain printable characters except those defined as part of the space character class

Show output

Identity name must be 92 characters or less and must contain printable characters except those defined as part of the space character class
Value validation failed
CLI Error: Command error

Step 4: Set the following configuration in DUT0 :

set interfaces ethernet eth0 address 192.168.100.1/24
set system conntrack logging events all
set system conntrack logging identity Lorem-ipsum-dolor-sit-amet-consectetur-adipiscing-elit-quisque-lorem-ipsum-dolor-sit-ame-vit
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'

Step 5: Set the following configuration in DUT1 :

set interfaces ethernet eth0 address 192.168.100.2/24
set protocols static route 0.0.0.0/0 next-hop 192.168.100.1
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'

Step 6: Ping IP address 192.168.100.1 from DUT1:

admin@DUT1$ ping 192.168.100.1 count 1 size 56 timeout 1

Show output

PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data.
64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.404 ms

--- 192.168.100.1 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 0.404/0.404/0.404/0.000 ms

Step 7: Ping IP address 192.168.100.1 from DUT1:

admin@DUT1$ ping 192.168.100.1 count 1 size 56 timeout 1

Show output

PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data.
64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.545 ms

--- 192.168.100.1 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 0.545/0.545/0.545/0.000 ms

Step 8: Run command system journal show | cat at DUT0 and check if output matches the following regular expressions:

Lorem-ipsum-dolor-sit-amet-consectetur-adipiscing-elit-quisque-lorem-ipsum-dolor-sit-ame-vit\[.*\]:.*\[((NEW)|(UPDATE)|(DESTROY))\].*SRC=192.168.100.2

Show output

Jun 04 11:10:10.305966 osdx systemd-journald[2213]: Runtime Journal (/run/log/journal/d7b8b58d13984d0bb9acdb87ea6c32f4) is 1.8M, max 13.8M, 11.9M free.
Jun 04 11:10:10.308398 osdx systemd-journald[2213]: Received client request to rotate journal, rotating.
Jun 04 11:10:10.308454 osdx systemd-journald[2213]: Vacuuming done, freed 0B of archived journals from /run/log/journal/d7b8b58d13984d0bb9acdb87ea6c32f4.
Jun 04 11:10:10.316257 osdx OSDxCLI[31450]: User 'admin' executed a new command: 'system journal clear'.
Jun 04 11:10:10.563875 osdx OSDxCLI[31450]: User 'admin' executed a new command: 'system coredump delete all'.
Jun 04 11:10:10.886119 osdx OSDxCLI[31450]: User 'admin' entered the configuration menu.
Jun 04 11:10:10.948629 osdx cfgd[1850]: [31450]Command output:
                                        Identity name must be 92 characters or less and must contain printable characters except those defined as part of the space character class
                                        Value validation failed
Jun 04 11:10:10.949827 osdx OSDxCLI[31450]: User 'admin' entered an invalid command: 'set system conntrack logging identity "he||o w@rld!"'.
Jun 04 11:10:11.052712 osdx cfgd[1850]: [31450]Command output:
                                        Identity name must be 92 characters or less and must contain printable characters except those defined as part of the space character class
                                        Value validation failed
Jun 04 11:10:11.054360 osdx OSDxCLI[31450]: User 'admin' entered an invalid command: 'set system conntrack logging identity Lorem-ipsum-dolor-sit-amet-consectetur-adipiscing-elit-quisque-lorem-ipsum-dolor-sit-amet-vita'.
Jun 04 11:10:11.070668 osdx OSDxCLI[31450]: User 'admin' left the configuration menu.
Jun 04 11:10:11.230878 osdx OSDxCLI[31450]: User 'admin' entered the configuration menu.
Jun 04 11:10:11.316423 osdx OSDxCLI[31450]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 192.168.100.1/24'.
Jun 04 11:10:11.432869 osdx OSDxCLI[31450]: User 'admin' added a new cfg line: 'set system conntrack logging events all'.
Jun 04 11:10:11.497156 osdx OSDxCLI[31450]: User 'admin' added a new cfg line: 'set system conntrack logging identity Lorem-ipsum-dolor-sit-amet-consectetur-adipiscing-elit-quisque-lorem-ipsum-dolor-sit-ame-vit'.
Jun 04 11:10:11.611616 osdx OSDxCLI[31450]: User 'admin' added a new cfg line: 'show working'.
Jun 04 11:10:11.704531 osdx ubnt-cfgd[61616]: inactive
Jun 04 11:10:11.722300 osdx INFO[61622]: FRR daemons did not change
Jun 04 11:10:11.760404 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0
Jun 04 11:10:11.803416 osdx WARNING[61694]: No supported link modes on interface eth0
Jun 04 11:10:11.805110 osdx modulelauncher[61694]: osdx.utils.xos cmd error: /sbin/ethtool -A eth0 autoneg on
Jun 04 11:10:11.805121 osdx modulelauncher[61694]: Command '/sbin/ethtool -A eth0 autoneg on' returned non-zero exit status 76.
Jun 04 11:10:11.806318 osdx modulelauncher[61694]: osdx.utils.xos cmd error: /sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off --
Jun 04 11:10:11.806327 osdx modulelauncher[61694]: Command '/sbin/ethtool -s eth0 autoneg on advertise Asym_Pause off Pause off --' returned non-zero exit status 75.
Jun 04 11:10:11.852793 osdx systemd[1]: Starting ulogd2.service - Netfilter Userspace Logging Daemon...
Jun 04 11:10:11.853597 osdx systemd[1]: Started ulogd2.service - Netfilter Userspace Logging Daemon.
Jun 04 11:10:11.853684 osdx ulogd[61719]: registering plugin `NFCT'
Jun 04 11:10:11.853728 osdx ulogd[61719]: registering plugin `IP2STR'
Jun 04 11:10:11.853761 osdx ulogd[61719]: registering plugin `PRINTFLOW'
Jun 04 11:10:11.853798 osdx ulogd[61719]: registering plugin `SYSLOG'
Jun 04 11:10:11.853802 osdx ulogd[61719]: building new pluginstance stack: 'ct1:NFCT,ip2str1:IP2STR,print1:PRINTFLOW,sys1:SYSLOG'
Jun 04 11:10:11.853841 osdx ulogd[61719]: NFCT plugin working in event mode
Jun 04 11:10:11.853857 osdx Lorem-ipsum-dolor-sit-amet-consectetur-adipiscing-elit-quisque-lorem-ipsum-dolor-sit-ame-vit[61719]: Changing UID / GID
Jun 04 11:10:11.853926 osdx Lorem-ipsum-dolor-sit-amet-consectetur-adipiscing-elit-quisque-lorem-ipsum-dolor-sit-ame-vit[61719]: initialization finished, entering main loop
Jun 04 11:10:11.855097 osdx cfgd[1850]: [31450]Completed change to active configuration
Jun 04 11:10:11.866501 osdx OSDxCLI[31450]: User 'admin' committed the configuration.
Jun 04 11:10:11.890452 osdx OSDxCLI[31450]: User 'admin' left the configuration menu.
Jun 04 11:10:12.852958 osdx Lorem-ipsum-dolor-sit-amet-consectetur-adipiscing-elit-quisque-lorem-ipsum-dolor-sit-ame-vit[61719]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0
Jun 04 11:10:12.852983 osdx Lorem-ipsum-dolor-sit-amet-consectetur-adipiscing-elit-quisque-lorem-ipsum-dolor-sit-ame-vit[61719]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0
Jun 04 11:10:12.946391 osdx Lorem-ipsum-dolor-sit-amet-consectetur-adipiscing-elit-quisque-lorem-ipsum-dolor-sit-ame-vit[61719]: [NEW] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0
Jun 04 11:10:12.946419 osdx Lorem-ipsum-dolor-sit-amet-consectetur-adipiscing-elit-quisque-lorem-ipsum-dolor-sit-ame-vit[61719]: [UPDATE] ORIG: SRC=192.168.100.2 DST=192.168.100.1 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0 , REPLY: SRC=192.168.100.1 DST=192.168.100.2 PROTO=ICMP TYPE=0 CODE=8 PKTS=0 BYTES=0

---