Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?


Flow Trace for Tenant Systems

Flow trace also called traceoptions, allows you to monitor traffic flow into and out of an SRX Series Firewall. You can use tracoptions as debugging tool to trace the packets as they traverse the SRX Series Firewall. Traceoptions help you to get details of actions by your security device.

Flow Trace Support for Tenant Systems Overview

For an SRX Series Firewall configured with tenant systems, by default the traceoptions are configured at the root level only. In this case, all the system traces including root and tenant systems are logged in one single trace file. This generated large amounts of information in a single file.

Starting in Junos OS Release 19.4R1, you can enable tracing operations per tenant system level. When you configure the traceoptions at the tenant system level, then the traces for that specific tenant systems are logged in the respective trace file. You can generate an output file for the specified tenant system, and you can find the required traffic information easily in the trace file.

When you enable traceoptions, you specify the name of the file and the type of information you want to trace.

All flow trace sent to one log file in root, if you enable the traceoptions under root context. Traces for a tenant system only sent to the respective trace file, if you enable the traceoptions for the specific tenant system.

Configure Flow Trace Support for Tenant Systems

Configuring traceoptions for a tenant system includes configuring both a target file and a flag. The target file determines where the trace output is recorded. The flag defines what type of data to be collected. If you configure traceoptions for a tenant system, the respective trace file sent to the specific tenant system log file only.

To configure traceoptions for a tenant system:

  1. Create tenant system TSYS1 and setup the basic configurations. See Tenant System Configuration Overview.
  2. Configure target file to save the trace information for the tenant system.
  3. Configure traceoptions flag for the tenant system.

After you commit the traceoptions configuration, you can view the traceoptions debug files for the tenant system using show log tracefilename operational command.