[Contents] [Prev] [Next] [Index] [Report an Error]

Configure Traffic Sampling Output

You can configure the following traffic sampling output statements:

[edit forwarding-options sampling output]

aggregate-export-interval seconds;

cflowd hostname {

    aggregation {

        autonomous-system;

        destination-prefix;

        protocol-port;

        source-destination-prefix {

            caida-compliant;

        }

        source-prefix;

    }

    autonomous-system-type (origin | peer);

    (local-dump | no-local-dump);

    port port-number;

    source-address address;

    version format; 

}

file {

    disable;

    filename filename;

    files number;

    size bytes;

    (stamp | no-stamp);

    (world-readable | no-world-readable);

}

flow-active-timeout seconds;

flow-inactive-timeout seconds;

interface interface-name {

    engine-id number;

    engine-type number;

    source-address address;

}

To direct sampled traffic to a flow-monitoring interface, include the interface statement. The engine-id and engine-type statements specify the identity and type numbers of the interface; they are dynamically generated based on the FPC, PIC, and slot numbers and the chassis type. The source-address statement specifies the traffic source.

For information on cflowd, see Configure cflowd. The aggregate-export-interval statement is described in Configure Discard Accounting, and the flow-active-timeout and flow-inactive-timeout statements are described in Configure Flow Monitoring.

Traffic sampling results are automatically saved to a file in the /var/tmp directory. To collect the sampled packets in a file, include the file statement at the [edit forwarding-options sampling output] hierarchy level: 

[edit forwarding-options sampling output]

file {

    disable;

    filename filename;

    files number;

    size bytes;

    (stamp | no-stamp);

    (world-readable | no-world-readable);

}

Traffic Sampling Output Files

Traffic sampling output is saved to an ASCII text file. The following is an example of the traffic sampling output that is saved to a file in the /var/tmp directory. Each line in the output file contains information for one sampled packet. You can optionally display a timestamp for each line.

The column headers are repeated after each group of 1000 packets. 

# Apr  7 15:48:50  

Time                    Dest           Src Dest Src Proto TOS Pkt Intf  IP   TCP

                        addr          addr port port          len num frag flags

Apr 7 15:48:54 192.168.9.194 192.168.9.195   0    0   1   0x0  84  8   0x0   0x0

Apr 7 15:48:55 192.168.9.194 192.168.9.195   0    0   1   0x0  84  8   0x0   0x0

Apr 7 15:48:56 192.168.9.194 192.168.9.195   0    0   1   0x0  84  8   0x0   0x0

Apr 7 15:48:57 192.168.9.194 192.168.9.195   0    0   1   0x0  84  8   0x0   0x0

Apr 7 15:48:58 192.168.9.194 192.168.9.195   0    0   1   0x0  84  8   0x0   0x0

To set the timestamp option for the file my-sample, enter the following: 

[edit forwarding-options sampling output file]

user@host# set filename my-sample files 5 size 2m world-readable stamp;

Whenever you toggle the timestamp option, a new header is included in the file. If you set the stamp option, the Time field is displayed.

# Apr  7 15:48:50

# Time            Dest        Src  Dest   Src Proto  TOS   Pkt  Intf    IP   TCP

#                 addr       addr  port  port              len   num  frag flags

# Feb  1 20:31:21

#                 Dest        Src  Dest   Src Proto  TOS   Pkt  Intf    IP   TCP

#                 addr       addr  port  port              len   num  frag flags
[Contents] [Prev] [Next] [Index] [Report an Error]