Configuring Traffic Sampling Output

You configure traffic sampling results to a file in the /var/tmp directory. To collect the sampled packets in a file, include the file statement at the [edit forwarding-options sampling output] hierarchy level:

To configure the period of time before an active flow is exported, include the flow-active-timeout statement at the [edit forwarding-options sampling output] hierarchy level:

To configure the period of time before a flow is considered inactive, include the flow-inactive-timeout statement at the [edit forwarding-options sampling output] hierarchy level:

To configure the interface, include the interface statement at the [edit forwarding-options sampling output] hierarchy level:

To configure the interval before exporting an active flow, include the flow-active-timeout statement. To configure the interval before a flow is considered inactive, include the flow-inactive-timeout statement. To configure the interface that sends out monitored information, include the interface statement.

Note: This feature is not supported with the version 9 template format. You must send traffic flows collected using version 9 to a server. For more information see Configuring Active Flow Monitoring Using Version 9.

Traffic Sampling Output Files

Traffic sampling output is saved to an ASCII text file. The following is an example of the traffic sampling output that is saved to a file in the /var/tmp directory. Each line in the output file contains information for one sampled packet. You can optionally display a timestamp for each line.

The column headers are repeated after each group of 1000 packets.

# Apr  7 15:48:50  
Time                    Dest           Src Dest Src Proto TOS Pkt Intf  IP   TCP
                        addr          addr port port          len num frag flags
Apr 7 15:48:54 192.168.9.194 192.168.9.195   0    0   1   0x0  84  8   0x0   0x0
Apr 7 15:48:55 192.168.9.194 192.168.9.195   0    0   1   0x0  84  8   0x0   0x0
Apr 7 15:48:56 192.168.9.194 192.168.9.195   0    0   1   0x0  84  8   0x0   0x0
Apr 7 15:48:57 192.168.9.194 192.168.9.195   0    0   1   0x0  84  8   0x0   0x0
Apr 7 15:48:58 192.168.9.194 192.168.9.195   0    0   1   0x0  84  8   0x0   0x0

The output contains the following fields:

• Time—Time at which the packet was received (displayed only if you include the stamp statement in the configuration)
• Dest addr—Destination IP address in the packet
• Src addr—Source IP address in the packet
• Dest port—Transmission Control Protocol (TCP) or User Datagram Protocol (UDP) port for the destination address
• Src port—TCP or UDP port for the source address
• Proto—Packet’s protocol type
• TOS—Contents of the type-of-service (ToS) field in the IP header
• Pkt len—Length of the sampled packet, in bytes
• Intf num—Unique number that identifies the sampled logical interface
• IP frag—IP fragment number, if applicable
• TCP flags—Any TCP flags found in the IP header

To set the timestamp option for the file my-sample, enter the following:

Whenever you toggle the timestamp option, a new header is included in the file. If you set the stamp option, the Time field is displayed.

# Apr  7 15:48:50
# Time            Dest        Src  Dest   Src Proto  TOS   Pkt  Intf    IP   TCP
#                 addr       addr  port  port              len   num  frag flags
# Feb  1 20:31:21
#                 Dest        Src  Dest   Src Proto  TOS   Pkt  Intf    IP   TCP
#                 addr       addr  port  port              len   num  frag flags

Copyright © 2008, Juniper Networks, Inc. All rights reserved. Trademark Notice.