JUNOS Software can monitor and record traffic that it permits or denies based on previously configured policies.
Before You Begin
For background information, read:
To monitor traffic, enable the count and log options.
Count—Can be configured in an individual policy. If count is enabled, counters are collected for the number of packets, bytes, and sessions that enter the firewall for a given policy. For counts (only for packets and bytes), you can specify that alarms be generated whenever the traffic exceeds specified thresholds.
Log—Consists of trace options and a structured system log.
To trace security policies, include the traceoptions command at the  hierarchy level.
set security policies traceoptions < filename > < flag >
filename—Name of the file in which the output of the tracing operation is saved. All files are placed in the directory /var/log<“ filename” >. Enclose the name of the security-trace file within quotation marks. By default, commit script process tracing output is placed in the file. If you include the file command, you must specify a filename. To retain the default, you can specify eventd as the filename.
The default file size is 128 KB, and 10 files are created before the first one gets overwritten.
flag—Tracing operation to perform. To perform more than one tracing operation, include multiple flag commands. You can include the following flags:
For details about information collected for session logs, please see Information Provided in Session Log Entries.