Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

Configuring Accounting Options, Source Class Usage and Destination Class Usage Options

 

Configuration Statements at the [edit accounting-options] Hierarchy Level

This topic shows all possible configuration statements at the [edit accounting-options] hierarchy level and their level in the configuration hierarchy. When you are configuring Junos OS, your current hierarchy level is shown in the banner on the line preceding the user@host# prompt.

Accounting Options Configuration

This topic contains the following sections:

Accounting Options—Full Configuration

To configure accounting options, include the following statements at the [edit accounting-options] hierarchy level:

By default, accounting options are disabled.

Note

Do not configure MIB objects related to interface octets or packets for a MIB profile, because doing so can cause the SNMP walk or a CLI show command to time out.

Minimum Accounting Options Configuration

To enable accounting options on the router, you must perform at least the following tasks:

  • Configure accounting options by including a file statement and one or more source-class-usage, destination-class-profile, filter-profile, interface-profile, mib-profile, or routing-engine-profile statements at the [edit accounting-options] hierarchy level:

  • Apply the profiles to the chosen interfaces or filters.

    Apply an interface profile to a physical or logical interface by including the accounting-profile statement at either the [edit interfaces interface-name] or the [edit interfaces interface-name unit logical-unit-number] hierarchy level.

    Note

    You do not apply destination class profiles to interfaces. Although the interface needs to have the destination-class-usage statement configured, the destination class profile automatically finds all interfaces with the destination class configured.

    Apply a filter profile to a firewall filter by including the accounting-profile statement at the [edit firewall filter filter-name] hierarchy level:

    You do not need to apply the Routing Engine profile to an interface because the statistics are collected on the Routing Engine itself.

Configuring Accounting-Data Log Files

An accounting profile specifies what statistics to collect and write to a log file. To configure an accounting-data log file, include the file statement at the [edit accounting-options] hierarchy level:

where filename is the name of the file in which to write accounting data.

If the filename contains spaces, enclose it in quotation marks (" "). The filename cannot contain a forward slash (/). The file is created in the /var/log directory and can contain data from multiple profiles.

All accounting-data log files include header and trailer sections that start with a # in the first column. The header contains the file creation time, the hostname, and the columns that appear in the file. The trailer contains the time that the file was closed.

Whenever any configured value changes that affects the columns in a file, the file creates a new profile layout record that contains a new list of columns.

You must configure the file size; all other properties are optional.

Configuring How Long Backup Files Are Retained

You can configure how many days the files are retained in the local directory before they are deleted.

Note

Files saved to the /var/log/pfedBackup directory are always compressed to conserve local storage, regardless of whether the compress statement is configured.

To configure retention for backup files:

  • Specify the number of days.

Note

Files are retained for 1 day if you do not configure this option.

This value, whether configured or default, applies to all configured files at the [edit accounting-options file] hierarchy level.

Configuring the Maximum Size of the File

To configure the maximum size of the file:

  • Specify the size.

The size statement is the maximum size of the log file, in bytes, kilobytes (KB), megabytes (MB), or gigabytes (GB). The minimum value for bytes is 256 KB. You must configure bytes; the remaining attributes are optional.

Configuring Archive Sites for the Files

After a file reaches its maximum size or the transfer-interval time is exceeded, the file is closed, renamed, and, if you configured an archive site, transferred to a remote host.

To configure the sites where files are archived:

  • Specify one or more site names.

where site-name is any valid FTP URL. For more information about specifying valid FTP URLs, see the Junos OS Administration Library. You can specify more than one URL, in any order. When a file is archived, the router or switch attempts to transfer the file to the first URL in the list, trying the next site in the list only if the transfer does not succeed. The log file is stored at the archive site with a filename of the format router-name_log-filename_timestamp. When you configure file archival by using archive-states statement, the transfer file utility uses the default routing instance to connect to the destination server. If the default routing instance is unable to connect to the destination server, the transfer file utility does not work.

Starting in Junos OS 18.4R1, when you configure file archival by using the archive-sites statement, the transfer file utility does not work if you have enabled the management instance.

Configuring Local Backup for Accounting Files

You can configure the router to save a copy of the accounting file locally when the normal transfer of the files to the archive site fails. The file is saved to the /var/log/pfedBackup directory of the relevant Routing Engine. You must specify whether only the files from the primary Routing Engine are saved or files are saved from both the primary Routing Engine and the backup (client) Routing Engine.

Note

Files saved to the /var/log/pfedBackup directory are always compressed to conserve local storage, regardless of whether the compress statement is configured.

To configure local backup in the event of failure:

  • Specify local backup and which files are saved.

Disabling this feature deletes the backed-up accounting files from the directory.

Note

When you do not configure this option, the file is saved on failure into the local directory specified as the last site in the list of archive sites.

Configuring Files to Be Compressed

By default, accounting files are transferred in an uncompressed format. To conserve resources during transmission and on the archive site, you can configure compression for the files.

Note

Files saved to the /var/log/pfedBackup directory are always compressed to conserve local storage, regardless of whether the compress statement is configured.

To configure the router to compress accounting files when they are transferred:

  • Specify compression.

Configuring the Maximum Number of Files

To configure the maximum number of files:

  • Specify the number.

When a log file reaches its maximum size, it is renamed filename.0, then filename.1, and so on, until the maximum number of log files is reached. Then the oldest log file is overwritten. The minimum value for number is 3 and the default value is 10.

Configuring the Storage Location of the File

On J Series Services Routers, the files are stored by default on the compact flash drive. Alternatively, you can configure the files to be stored in the mfs/var/log directory (on DRAM) instead of the cf/var/log directory (on the compact flash drive).

To configure the storage location on DRAM:

  • Specify nonpersistent storage.

This feature is useful for minimizing read/write traffic on the router’s compact flash drive.

Note

If log files for accounting data are stored on DRAM, these files are lost when you reboot the router. We recommend that you back up these files periodically.

Configuring Files to Be Saved After a Change in Primary Role

You can configure the router to save the accounting files from the new backup Routing Engine to the new primary Routing Engine when a change in primary role occurs. The files are stored in the /var/log/pfedBackup directory on the router. The primary Routing Engine includes these accounting files with its own current accounting files when it transfers the files from the backup directory to the archive site at the next transfer interval. Configure this option when the new backup Routing Engine is not able to connect to the archive site; for example, when the site is not connected by means of an out-of-band interface or the path to the site is routed through a line card.

To configure the backup Routing Engine files to be saved when primary role changes:

  • Specify the backup.

Note

The backup Routing Engine’s files on the primary Routing Engine are sent at each interval even though the files remain the same. If this is more activity than you want, consider using the backup-on-failure master-and-slave statement instead.

Configuring the Start Time for File Transfer

To configure the start time for transferring files:

  • Specify the time.

For example, 10:00 a.m. on January 30, 2007 is represented as 2007-01-30.10:00.

Configuring the Transfer Interval of the File

To configure the interval at which files are transferred:

  • Specify the interval.

The range for transfer-interval is 5 through 2880 minutes. The default is 30 minutes.

Tip

Junos OS saves the existing log file and creates a new file at the configured transfer intervals irrespective of whether:

  • The file has reached the maximum size.

  • An archive site is configured.

When you have a relatively small transfer interval configured and if no archive site is configured, data can be lost as Junos OS overwrites the log files when the maximum number of log files is reached. To ensure that the log information is saved for a reasonably long time:

  • Configure an archive site to archive the log files every time a new log file is created.

  • Configure the maximum value (2880 minutes) for transfer-interval so that new files are created less frequently; that is, only when the file exceeds the maximum size limit or once in 2 days.

Managing Accounting Files

If you configure SRX300, SRX320, SRX340, SRX345, SRX550M, SRX1500, SRX4100, SRX4200, and SRX4600 devices to capture accounting data in log files, set the location for your accounting files to the DRAM.

The default location for accounting files is the cfs/var/log directory on the CompactFlash (CF) card. The nonpersistent option minimizes the read/write traffic to your CF card. We recommend that you use the nonpersistent option for all accounting files configured on your system.

To store accounting log files in DRAM instead of the CF card:

  1. Enter configuration mode in the CLI.
  2. Create an accounting data log file in DRAM and replace filename with the name of the file.
  3. Store accounting log files in the DRAM file.
Caution

If log files for accounting data are stored on DRAM, these files are lost when the device reboots. Therefore, we recommend that you back up these files periodically.

Note

The CLI nonpersistent option is not supported on SRX5000 Series devices.

Configuring the Interface Profile

An interface profile specifies the information collected and written to a log file. You can configure a profile to collect error and statistic information for input and output packets on a particular physical or logical interface.

To configure an interface profile, include the interface-profile statement at the [edit accounting-options] hierarchy level:

By default, the Packet Forwarding Engine (PFE) periodically collects the statistics for all interfaces. To improve the performance, you can optionally disable the periodic refresh by including the periodic-refresh disable statement at the [edit accounting-options] hierarchy level.

Each accounting profile must have a unique profile-name. To apply a profile to a physical or logical interface, include the accounting-profile statement at either the [edit interfaces interface-name] or the [edit interfaces interface-name unit logical-unit-number] hierarchy level. You can also apply an accounting profile at the [edit firewall family family-type filter filter-name] hierarchy level. For more information, see the Routing Policies, Firewall Filters, and Traffic Policers User Guide.

To configure an interface profile, perform the tasks described in the following sections:

Configuring Fields

An interface profile must specify what statistics are collected. To configure which statistics should be collected for an interface, include the fields statement at the [edit accounting-options interface-profile profile-name] hierarchy level:

Configuring the File Information

Each accounting profile logs its statistics to a file in the /var/log directory.

To configure which file to use, include the file statement at the [edit accounting-options interface-profile profile-name] hierarchy level:

You must specify a file statement for the interface profile that has already been configured at the [edit accounting-options] hierarchy level.

Configuring Cleared Statistics to be Reported in the Flat File

When you issue the clear interfaces statistics command for a logical interface configured to collect accounting statistics, all accounting statistics received on that interface from the Packet Forwarding Engine are cleared. The current values when the command is issued become the new baseline and the statistics counters are reset to zero. The new values, starting from zero, are displayed in the CLI. However, they are not reported that way in the accounting flat file associated with the interface. Instead, the values as reported in the file continue to increment as if the command had not been issued.

You can change this result by including the allow-clear statement in the interface profile. In this case, when you issue the clear interfaces statistics command, the statistics are reset to zero and reported to the flat file.

To configure reporting of cleared accounting statistics to the flat file, specify reporting:

Configuring the Interval

Each interface with an accounting profile enabled has statistics collected once per interval time specified for the accounting profile. Statistics collection time is scheduled evenly over the configured interval. To configure the interval, include the interval statement at the [edit accounting-options interface-profile profile-name] hierarchy level:

Note

The minimum interval allowed is 1 minute. Configuring a low interval in an accounting profile for a large number of interfaces might cause serious performance degradation.

The range for the interval statement is 1 through 2880 minutes. The default is 30 minutes.

Example: Configuring the Interface Profile

Configure the interface profile:

The two interface profiles, if-profile1 and if-profile2, write data to the same file, if-stats. The if-stats file might look like the following:

Configuring the Filter Profile

A filter profile specifies error and statistics information collected and written to a file. A filter profile must specify counter names for which statistics are collected.

To configure a filter profile, include the filter-profile statement at the [edit accounting-options] hierarchy level:

To apply the filter profile, include the accounting-profile statement at the [edit firewall filter filter-name] hierarchy level.

To configure a filter profile, perform the tasks described in the following sections:

Configuring the Counters

Statistics are collected for all counters specified in the filter profile. To configure the counters, include the counters statement at the [edit accounting-options filter-profile profile-name] hierarchy level:

Configuring the File Information

Each accounting profile logs its statistics to a file in the /var/log directory.

To configure which file to use, include the file statement at the [edit accounting-options filter-profile profile-name] hierarchy level:

You must specify a filename for the filter profile that has already been configured at the [edit accounting-options] hierarchy level.

Note

The limit on the total number of characters per line in a log file equals 1023. If this limit is exceeded, the output written to the log file is incomplete. Ensure that you limit the number of counters or requested data so that this character limit is not exceeded.

Note

If the configured file size or transfer interval is exceeded, Junos OS closes the file and starts a new one. By default, the transfer interval value is 30 minutes. If the transfer interval is not configured, Junos OS closes the file and starts a new one when the file size exceeds its configured value or the default transfer interval value exceeds 30 minutes. To avoid transferring files every 30 minutes, specify a different value for the transfer interval.

Configuring the Interval

Each filter with an accounting profile enabled has statistics collected once per interval time specified for the accounting profile. Statistics collection time is scheduled evenly over the configured interval. To configure the interval, include the interval statement at the [edit accounting-options filter-profile profile-name] hierarchy level:

Note

The minimum interval allowed is 1 minute. Configuring a low interval in an accounting profile for a large number of filters might cause serious performance degradation.

The range for the interval statement is 1 through 2880 minutes. The default is 30 minutes.

Example: Configuring a Filter Profile

Configure a filter profile:

The filter profile, fw-profile1, writes data to the file fw_accounting. The file might look like the following:

Example: Configuring Interface-Specific Firewall Counters and Filter Profiles

To collect and log count statistics collected by firewall filters on a per-interface basis, you must configure a filter profile and include the interface-specific statement at the [edit firewall filter filter-name] hierarchy level.

Configure the firewall filter accounting profile:

Configure the interface-specific firewall counter:

Apply the firewall filter to an interface:

The following example shows the contents of the cust1_accounting file in the /var/log folder that might result from the preceding configuration:

If the interface-specific statement is not included in the configuration, the following output might result:

Configuring SCU or DCU

To configure SCU or DCU, perform the following tasks described in this section:

Note

We recommend that you stop the network traffic on an interface before you modify the DCU or SCU configuration for that interface. Modifying the DCU or SCU configuration without stopping the traffic might corrupt the DCU or SCU statistics. Before you restart the traffic after modifying the configuration, enter the clear interfaces statistics command.

Creating Prefix Route Filters in a Policy Statement

To define prefix router filters:

Applying the Policy to the Forwarding Table

To apply the policy to the forwarding table:

Enabling Accounting on Inbound and Outbound Interfaces

To enable accounting on inbound and outbound interfaces:

Optionally, you can include the input and output statements on a single interface as shown:

For more information about configuring route filters and source classes in a routing policy, see the Routing Policies, Firewall Filters, and Traffic Policers User Guide and the Junos OS Network Interfaces Library for Routing Devices.

Configuring SCU on a Virtual Loopback Tunnel Interface

To configure source class usage on the virtual loopback tunnel interface, perform the tasks described in the following sections:

Example: Configuring a Virtual Loopback Tunnel Interface on a Provider Edge Router Equipped with a Tunnel PIC

Define a virtual loop interface on a provider edge router with a Tunnel PIC:

Example: Mapping the VRF Instance Type to the Virtual Loopback Tunnel Interface

Map the VRF instance type to the virtual loopback tunnel interface:

Note

For SCU and DCU to work, do not include the vrf-table-label statement at the [edit routing-instances instance-name] hierarchy level.

Example: Sending Traffic Received from the Virtual Loopback Interface Out the Source Class Output Interface

Send traffic received from the virtual loopback tunnel interface out of the source class output interface:

For more information about configuring source class usage on the virtual loopback tunnel interface, see the Junos OS Network Interfaces Library for Routing Devices.

Configuring Class Usage Profiles

To collect class usage statistics, perform the tasks described in these sections:

Configuring a Class Usage Profile

You can configure the class usage profile to collect statistics for particular source and destination classes.

To configure the class usage profile to filter by source classes, include the source-classes statement at the [edit accounting-options class-usage-profile profile-name] hierarchy level:

To configure the class usage profile to filter by destination classes, include the destination-classes statement at the [edit accounting-options class-usage-profile profile-name] hierarchy level:

Configuring the File Information

Each accounting profile logs its statistics to a file in the /var/log directory.

To specify which file to use, include the file statement at the [edit accounting-options class-usage-profile profile-name] hierarchy level:

You must specify a filename for the source class usage profile that has already been configured at the [edit accounting-options] hierarchy level. You can also specify a filename for the destination class usage profile configured at the [edit accounting-options] hierarchy level.

Configuring the Interval

Each interface with a class usage profile enabled has statistics collected once per interval specified for the accounting profile. Statistics collection time is scheduled evenly over the configured interval. To configure the interval, include the interval statement at the [edit accounting-options class-usage-profile profile-name] hierarchy level:

Creating a Class Usage Profile to Collect Source Class Usage Statistics

To create a class usage profile to collect source class usage statistics:

The class usage profile, scu-profile1, writes data to the file usage_stats. The file might look like the following:

Creating a Class Usage Profile to Collect Destination Class Usage Statistics

To create a class usage profile to collect destination class usage statistics:

The class usage profile, dcu-profile1, writes data to the file usage-stats. The file might look like the following:

Configuring the MIB Profile

The MIB profile collects MIB statistics and logs them to a file. The MIB profile specifies the SNMP operation and MIB object names for which statistics are collected.

To configure a MIB profile, include the mib-profile statement at the [edit accounting-options] hierarchy level:

To configure a MIB profile, perform the tasks described in the following sections:

Configuring the File Information

Each accounting profile logs its statistics to a file in the /var/log directory.

To configure which file to use, include the file statement at the [edit accounting-options mib-profile profile-name] hierarchy level:

You must specify a filename for the MIB profile that has already been configured at the [edit accounting-options] hierarchy level.

Configuring the Interval

A MIB profile has statistics collected once per interval time specified for the profile. Statistics collection time is scheduled evenly over the configured interval. To configure the interval, include the interval statement at the [edit accounting-options mib-profile profile-name] hierarchy level:

The range for the interval statement is 1 through 2880 minutes. The default is 30 minutes.

Configuring the MIB Operation

A MIB profile must specify the operation that is used to collect MIB statistics. To configure which operation is used to collect MIB statistics, include the operation statement at the [edit accounting-options mib-profile profile-name] hierarchy level:

You can configure a get, get-next, or walk operation. The default operation is walk.

Configuring MIB Object Names

A MIB profile must specify the MIB objects for which statistics are to be collected. To configure the MIB objects for which statistics are collected, include the objects-names statement at the [edit accounting-options mib-profile profile-name] hierarchy level:

You can include multiple MIB object names in the configuration.

Note

In Junos OS Release 15.1X49-D10 and later, do not configure MIB objects related to interface octets or packets for a MIB profile, because it can cause the SNMP walk or a CLI show command to time out.

Example: Configuring a MIB Profile

Configure a MIB profile:

Configuring the Routing Engine Profile

The Routing Engine profile collects Routing Engine statistics and logs them to a file. The Routing Engine profile specifies the fields for which statistics are collected.

To configure a Routing Engine profile, include the routing-engine-profile statement at the [edit accounting-options] hierarchy level:

To configure a Routing Engine profile, perform the tasks described in the following sections:

Configuring Fields

A Routing Engine profile must specify what statistics are collected. To configure which statistics should be collected for the Routing Engine, include the fields statement at the [edit accounting-options routing-engine-profile profile-name] hierarchy level:

Configuring the File Information

Each accounting profile logs its statistics to a file in the /var/log directory.

To configure which file to use, include the file statement at the [edit accounting-options routing-engine-profile profile-name] hierarchy level:

You must specify a filename for the Routing Engine profile that has already been configured at the [edit accounting-options] hierarchy level.

Configuring the Interval

A Routing Engine profile has statistics collected once per interval time specified for the profile. Statistics collection time is scheduled evenly over the configured interval. To configure the interval, include the interval statement at the [edit accounting-options routing-engine-profile profile-name] hierarchy level:

The range for interval is 1 through 2880 minutes. The default is 30 minutes.

Example: Configuring a Routing Engine Profile

Configure a Routing Engine profile:

Release History Table
Release
Description
Starting in Junos OS 18.4R1, when you configure file archival by using the archive-sites statement, the transfer file utility does not work if you have enabled the management instance.
In Junos OS Release 15.1X49-D10 and later, do not configure MIB objects related to interface octets or packets for a MIB profile, because it can cause the SNMP walk or a CLI show command to time out.