Versions Compared

Old Version 1

changes.mady.by.user Jean-luc KRIKER

Saved on

compared with

New Version 2

changes.mady.by.user Jean-luc KRIKER

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.




what to trace?
configuration


Code Block
titleconfig
[edit security flow]
Netbox@SRX300-1-RL102# show
traceoptions {
    file selfpolicy size 1m;
    flag
basic-datapath
session;
    packet-filter term1 {
        source-prefix 192.168.200.1/32;
        destination-prefix 192.168.200.2/32;
    }
    packet-filter term2 {
        source-prefix 192.168.200.2/32;
        destination-prefix 192.168.200.1/32;
    }
}


set security flow traceoptions file selfpolicy
set security flow traceoptions file size 1m
set security flow traceoptions flag basic-datapath
set security flow traceoptions packet-filter term1 source-prefix 192.168.200.1/32
set security flow traceoptions packet-filter term1 destination-prefix 192.168.200.2/32
set security flow traceoptions packet-filter term2 source-prefix 192.168.200.2/32
set security flow traceoptions packet-filter term2 destination-prefix 192.168.200.1/32


flag options


Code Block
titleflag option
Netbox@SRX300-1-RL102# set traceoptions flag ?
Possible completions:
  all                  All events
  basic-datapath       Basic packet flow
  fragmentation        Ip fragmentation and reassembly events
  high-availability    Flow high-availability information
  host-traffic         Flow host-traffic information
  multicast            Multicast flow information
  route                Route lookup information
  session              Session creation and deletion events
  session-scan         Session scan information
  tcp-basic            TCP packet flow
  tunnel               Tunnel information


show log


Code Block
titleshow log
[edit security flow]
Netbox@SRX300-1-RL102# run show log selfpolicy
Jul 30 11:59:14 SRX300-1-RL102 clear-log[81116]: logfile cleared
Jul 30 11:59:24 11:59:24.681252:CID-0:RT:refresh nat 0x93bb4b0(9742) timeout to 75

Jul 30 11:59:24 11:59:24.693169:CID-0:RT:set nat 0x93bb4b0(9742) timeout const to 1

Jul 30 11:59:24 11:59:24.693169:CID-0:RT: set_nat_timeout 1 on session 9742

Jul 30 11:59:24 11:59:24.693169:CID-0:RT:refresh nat 0x93bb4b0(9742) timeout to 1

Jul 30 11:59:24 11:59:24.693169:CID-0:RT:refresh nat 0x93bb4b0(9742) timeout to 75

Jul 30 11:59:24 11:59:24.693169:CID-0:RT:skipping refresh for non refreshable session 0x93bb4b0(9742)

Jul 30 11:59:27 11:59:26.958128:CID-0:RT:Installing pending sess (19976) in ager

Jul 30 11:59:27 11:59:26.958128:CID-0:RT:First path alloc and instl pending session, natp=0x99826d0, id=19976

Jul 30 11:59:27 11:59:26.958128:CID-0:RT:updating pending sess (19976) in ager

Jul 30 11:59:27 11:59:26.958128:CID-0:RT:first path session installation succeeded