[Contents] [Prev] [Next] [Index] [Report an Error]

Configuring Traffic Sampling Output

To configure traffic sampling output, include the following statements at the [edit forwarding-options sampling output] hierarchy level:

aggregate-export-interval seconds;
cflowd hostname {
aggregation {
autonomous-system;
destination-prefix;
protocol-port;
source-destination-prefix {
caida-compliant;
}
source-prefix;
}
autonomous-system-type (origin | peer);
label-position {
template template-name;
}
(local-dump | no-local-dump);
port port-number;
source-address address;
version format;
}
file {
disable;
filename filename;
files number;
size bytes;
(stamp | no-stamp);
(world-readable | no-world-readable);
}
flow-active-timeout seconds;
flow-inactive-timeout seconds;
interface interface-name {
engine-id number;
engine-type number;
source-address address;
}

To direct sampled traffic to a flow-monitoring interface, include the interface statement. The engine-id and engine-type statements specify the identity and type numbers of the interface; they are dynamically generated based on the Flexible PIC Concentrator (FPC), PIC, and slot numbers and the chassis type. The source-address statement specifies the traffic source.

To configure flow sampling version 9 output, you need to include the template statement at the [edit forwarding-options sampling output version9] hierarchy level. For information on cflowd, see Configuring Flow Aggregation.

The aggregate-export-interval statement is described in Configuring Discard Accounting, and the flow-active-timeout and flow-inactive-timeout statements are described in Configuring Flow Monitoring.

Traffic sampling results are automatically saved to a file in the /var/tmp directory. To collect the sampled packets in a file, include the file statement at the [edit forwarding-options sampling output] hierarchy level:

file {
disable;
filename filename;
files number;
size bytes;
(stamp | no-stamp);
(world-readable | no-world-readable);
}

Traffic Sampling Output Files

Traffic sampling output is saved to an ASCII text file. The following is an example of the traffic sampling output that is saved to a file in the /var/tmp directory. Each line in the output file contains information for one sampled packet. You can optionally display a timestamp for each line.

The column headers are repeated after each group of 1000 packets. 

# Apr  7 15:48:50  
Time                    Dest           Src Dest Src Proto TOS Pkt Intf  IP   TCP
                        addr          addr port port          len num frag flags
Apr 7 15:48:54 192.168.9.194 192.168.9.195   0    0   1   0x0  84  8   0x0   0x0
Apr 7 15:48:55 192.168.9.194 192.168.9.195   0    0   1   0x0  84  8   0x0   0x0
Apr 7 15:48:56 192.168.9.194 192.168.9.195   0    0   1   0x0  84  8   0x0   0x0
Apr 7 15:48:57 192.168.9.194 192.168.9.195   0    0   1   0x0  84  8   0x0   0x0
Apr 7 15:48:58 192.168.9.194 192.168.9.195   0    0   1   0x0  84  8   0x0   0x0

To set the timestamp option for the file my-sample, enter the following:

[edit forwarding-options sampling output file]
user@host# set filename my-sample files 5 size 2m world-readable stamp;

Whenever you toggle the timestamp option, a new header is included in the file. If you set the stamp option, the Time field is displayed.

# Apr  7 15:48:50
# Time            Dest        Src  Dest   Src Proto  TOS   Pkt  Intf    IP   TCP
#                 addr       addr  port  port              len   num  frag flags
# Feb  1 20:31:21
#                 Dest        Src  Dest   Src Proto  TOS   Pkt  Intf    IP   TCP
#                 addr       addr  port  port              len   num  frag flags
[Contents] [Prev] [Next] [Index] [Report an Error]

Copyright © 2008, Juniper Networks, Inc. All rights reserved. Trademark Notice.