flow trace without commit

On SRX, there is now a handy feature introduced in 12.1X46-D10. You can enable flow trace without going into configuration on the operational mode. I believe this will make troubleshooting easier as it saves time if you need to try different flow filters. Here is how you can enable a sample ICMP flow trace for a specific IP address e.g

Create your filters named incoming-filter,outgoing-filter to catch the traffic

Give a file name to save the flow trace

File will be saved under /var/log folder, you can also set size option if you like

Check the filters

Yes we have created the filters but they are not active as you can see on the Status field.

Until you start monitoring nothing is being traced. Start the trace:

We can see that now filters are active

Generate the traffic and check the log file

Yes we have caught the traffic

Now it is time to stop the monitoring and clearing the filters

All done!

One thought on “flow trace without commit

You have a feedback?

This site uses Akismet to reduce spam. Learn how your comment data is processed.