Related Documentation
Example: Configuring AppTrack for a User Logical System
This example shows how to configure the AppTrack tracking tool so you can analyze the bandwidth usage of your network.
Requirements
Before you begin:
- Log in to the user logical system as the logical system administrator. See User Logical System Configuration Overview.
- (Master administrator) Configure system logging in the
master logical system. See the Junos OS Monitoring and Troubleshooting Guide for Security Devices
.
Overview
This example shows how to enable application tracking for the security zone ls-product-design-trust in the ls-product-design user logical system shown in Example: Creating User Logical Systems, Their Administrators, Their Users, and an Interconnect Logical System.
The first message is generated at session start and update messages are sent every 5 minutes after that or until the session ends. A final message is sent at session end.
Configuration
CLI Quick Configuration
To quickly configure this example, copy the following commands, paste them into a text file, remove any line breaks, change any details necessary to match your network configuration, and then copy and paste the commands into the CLI at the [edit] hierarchy level.
Step-by-Step Procedure
To configure AppTrack for a user logical system:
- Log in to the user logical system as the logical system
administrator and enter configuration mode.lsdesignadmin1@host:ls-product-design> configurelsdesignadmin1@host:ls-product-design#
- Enable AppTrack for the security zone.[edit security]lsdesignadmin1@host:ls-product-design# set zones security-zone ls-product-design-trust application-tracking
- Generate update messages at session start and at 5-minute
intervals.[edit security]lsdesignadmin1@host:ls-product-design# set application-tracking first-update
Results
From configuration mode, confirm your configuration by entering the show security command. If the output does not display the intended configuration, repeat the configuration instructions in this example to correct it.
For brevity, this show command output includes only the configuration that is relevant to this example. Any other configuration on the system has been replaced with ellipses (...).
If you are done configuring the device, enter commit from configuration mode.
Verification
To confirm that the configuration is working properly, perform these tasks:
- Verifying AppTrack Operation
- Verifying Security Flow Session Statistics
- Verifying Application System Cache Statistics
- Verifying the Status of Application Identification Counter Values
Verifying AppTrack Operation
Purpose
View the AppTrack counters periodically to monitor tracking.
Action
From operational mode, enter the show application-tracking counters command.
Verifying Security Flow Session Statistics
Purpose
Compare byte and packet counts in logged messages with the session statistics from the show security flow session command output.
Action
From operational mode, enter the show security flow session command.
Verifying Application System Cache Statistics
Purpose
Compare cache statistics such as IP address, port, protocol, and service for an application from the show services application-identification application-system-cache command output.
Action
From operational mode, enter the show services application-identification application-system-cache command.
Verifying the Status of Application Identification Counter Values
Purpose
Compare session statistics for application identification counter values from the show services application-identification counter command output.
Action
From operational mode, enter the show services application-identification counter command.
