Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?


monitor security flow filter



Set security flow filters to define flow sessions that you want to monitor. A maximum of 64 filters is supported at a time.

Defining the filters themselves does not trigger monitoring. You must explicitly use the monitor security flow start command to enable monitoring. Once monitoring starts, any traffic that matches the specified filters is saved in an output file in the /var/log/ directory.


Unlike filters defined in the configuration mode, these filters defined using operational mode commands are cleared when you reboot your system. They are used expressly for debugging purposes.


filter filter-name

Specify a name for the filter. The filter name can contain letters, numbers, underscores (_) and hyphens (-) and can be up to 64 characters long.


Specify the session connection tag. The session connection tag uniquely identifies a session.

destination-port (port-range | protocol-name)

Specify the TCP or UDP destination port to match. You can also specify a range of TCP or UDP destination ports and monitor all traffic in this group.

destination-prefix destination-prefix

Specify the destination IPv4 or IPv6 address prefix to match.

interface interface-name

Specify the logical interface name to match.

logical-system logical-system-name

Specify the logical system name to match.

protocol (protocol name | protocol number)

Specify the IP protocol type to match.


(Default) Specify the root logical system to match.

source-port (port-range | protocol-name)

Specify the TCP or UDP source port to match. You can also specify a range of TCP or UDP source ports and monitor all traffic in this group.

source-prefix source-prefix

Specify the source IP address prefix to match.

Required Privilege Level


Release Information

Command introduced in Junos OS Release 12.1X46-D10. The was updated in Junos OS Release 15.1X49-D70 with the addition of the conn-tag filter parameter.