monitor security flow filter
Syntax
monitor security flow filter filter-name <conn-tag session-connection-tag> <destination-port (port-range | protocol-name)> <destination-prefix destination-prefix> <interface interface-name> <logical-system logical-system-name> <protocol (protocol name | protocol number)> <root-logical-system> <source-port (port-range | protocol-name)> <source-prefix source-prefix>
Description
Set security flow filters to define flow sessions that you want to monitor. A maximum of 64 filters is supported at a time.
Defining the filters themselves does not trigger monitoring.
You must explicitly use the monitor security flow start
command to enable monitoring. Once monitoring starts, any traffic
that matches the specified filters is saved in an output file in the /var/log/
directory.
Unlike filters defined in the configuration mode, these filters defined using operational mode commands are cleared when you reboot your system. They are used expressly for debugging purposes.
Options
filter filter-name | Specify a name for the filter. The filter name can contain letters, numbers, underscores (_) and hyphens (-) and can be up to 64 characters long. |
conn-tag | Specify the session connection tag. The session connection tag uniquely identifies a session. |
destination-port (port-range | protocol-name) | Specify the TCP or UDP destination port to match. You can also specify a range of TCP or UDP destination ports and monitor all traffic in this group. |
destination-prefix destination-prefix | Specify the destination IPv4 or IPv6 address prefix to match. |
interface interface-name | Specify the logical interface name to match. |
logical-system logical-system-name | Specify the logical system name to match. |
protocol (protocol name | protocol number) | Specify the IP protocol type to match. |
root-logical-system | (Default) Specify the root logical system to match. |
source-port (port-range | protocol-name) | Specify the TCP or UDP source port to match. You can also specify a range of TCP or UDP source ports and monitor all traffic in this group. |
source-prefix source-prefix | Specify the source IP address prefix to match. |
Required Privilege Level
view
Release Information
Command introduced in Junos OS Release 12.1X46-D10. The was updated in Junos OS Release 15.1X49-D70 with the addition of the conn-tag filter parameter.