Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 

Collecting Traffic Sampling Output in a File

 

You configure traffic sampling results to a file in the /var/tmp directory. To collect the sampled packets in a file, include the file statement at the [edit forwarding-options sampling output] hierarchy level:

To configure the period of time before an active flow is exported, include the flow-active-timeout statement at the [edit forwarding-options sampling output family (inet | inet6 | mpls)] hierarchy level:

To configure the period of time before a flow is considered inactive, include the flow-inactive-timeout statement at the [edit forwarding-options sampling output] hierarchy level:

To configure the interface that sends out monitored information, include the interface statement at the [edit forwarding-options sampling output] hierarchy level:

Note

This feature is not supported with the version 9 template format. You must send traffic flows collected using version 9 to a server. For more information see Collecting Traffic Sampling Output in the Cisco Systems NetFlow Services Export Version 9 Format.

Traffic Sampling Output Format

Traffic sampling output is saved to an ASCII text file. The following is an example of the traffic sampling output that is saved to a file in the /var/tmp directory. Each line in the output file contains information for one sampled packet. You can optionally display a timestamp for each line.

The column headers are repeated after each group of 1000 packets.

The output contains the following fields:

  • Time—Time at which the packet was received (displayed only if you include the stamp statement in the configuration)

  • Dest addr—Destination IP address in the packet

  • Src addr—Source IP address in the packet

  • Dest port—Transmission Control Protocol (TCP) or User Datagram Protocol (UDP) port for the destination address

  • Src port—TCP or UDP port for the source address

  • Proto—Packet’s protocol type

  • TOS—Contents of the type-of-service (ToS) field in the IP header

  • Pkt len—Length of the sampled packet, in bytes

  • Intf num—Unique number that identifies the sampled logical interface

  • IP frag—IP fragment number, if applicable

  • TCP flags—Any TCP flags found in the IP header

To set the timestamp option for the file my-sample, enter the following:

Whenever you toggle the timestamp option, a new header is included in the file. If you set the stamp option, the Time field is displayed.