there are multiple ways, 

enable traceoption under flow module as well enable file/flag options under security traceoptions module and assign a file name where you want to dump all your debug messages.

regress@sushmita# set security flow traceoptions ?
Possible completions:
+ apply-groups         Groups from which to inherit configuration data
+ apply-groups-except  Don't inherit configuration data from these groups
> file                 Trace file information
> flag                 Events and other information to include in trace output
> packet-filter        Flow packet debug filters
  rate-limit           Limit the incoming rate of trace messages (0..4294967295)
[edit]
regress@sushmita# set security flow traceoptions file ?
Possible completions:
  <filename>           Name of file in which to write trace information
  files                Maximum number of trace files (2..1000)
  match                Regular expression for lines to be logged
  no-world-readable    Don't allow any user to read the log file
  size                 Maximum trace file size (10240..1073741824)
  world-readable       Allow any user to read the log file
[edit]
regress@sushmita# set security flow traceoptions flag ?   
Possible completions:
  ager                 Ager events
  all                  All events
  basic-datapath       Basic packet flow
  cli                  CLI configuration and commands changes
  errors               Flow errors
  fragmentation        Ip fragmentation and reassembly events
  high-availability    Flow high-availability information
  host-traffic         Flow host-traffic information
  lookup               Flow lookup events
  multicast            Multicast flow information
  packet-drops         Packet drops
  route                Route information
  session              Session creation and deletion events
  session-scan         Session scan information
  tcp-advanced         Advanced TCP packet flow
  tcp-basic            TCP packet flow
  tunnel               Tunnel information
[edit]
regress@sushmita# set security flow traceoptions flag all   

[edit]
regress@sushmita# commit
regress@sushmita# set security traceoptions file debug-file

[edit]
regress@sushmita# show security flow
traceoptions {
    flag all;
}

[edit]
regress@sushmita# show security traceoptions
file debug-file;
flag all;

[edit]
regress@sushmita# 

bsome more basic troubleshooting commands,

status, show chassis hardware/fpc/firmware
Log, show log messages/chassisd
Image link, ls -l /usr/share/pfe

=============

how to check FLOW:

=============

Debug @ CP:
---------------

[    1] T21 In CP flow based processing , mbuf 64027e00, ifl 67ctxt_type 0xd
[    2] T21 lpak_init: lpak 6a1360f8, paksize 4a, machdr 6009f996, iphdr 0x6009f9a4
[    3] T21   cp_flow_first_sanity_check: in <ge-5/0/1.0>, out <N/A>
[    4] T21 search gate for abc:11.11.1.3/36359->11.11.2.2/21,6
[    5] T21 gate_search_hash_table: no gate found
[    6] T21   cp_flow_first_create_session
[    7] T21 CP allocates a CP session
[    8] T21 CP couldn't find session, creates a pending session 18
[    9] T21 CP lookup: no session match; created a new one
[   10] T21 CP fwd pkt to SPU ==*9*==, flag: 0x00000100
[   11] T21 cp flow rc 0x14

[   12] T20
CP flow starts, ifl_idx=67
[   13] T20 In CP flow based processing , mbuf 64028000, ifl 67ctxt_type 0xd
[   14] T20 lpak_init: lpak 6a1360f8, paksize 4a, machdr 600a0196, iphdr 0x600a01a4
[   15] T20   cp_flow_first_sanity_check: in <ge-5/0/1.0>, out <N/A>
[   16] T20 search gate for abc:11.11.1.3/36359->11.11.2.2/21,6
[   17] T20 gate_search_hash_table: no gate found
[   18] T20   cp_flow_first_create_session
[   19] T20 find flow 0x0x6d098448
[   20] T20 CP found session 18
[   21] T20 CP fwd pkt to SPU ==*9*==, flag: 0x00000100
[   22] T20 cp flow rc 0x14


FLOWD_XLR(vty)# 

Debug @ SPU:
----------------

[    1] T11 NO flow_pkt_serialization. mbuf 6401f400
[    2] T11 flow process pak, mbuf 6401f400, ifl 67, ctxt_type 17 inq type 1
[    3] T11 lpak_init: lpak 6a1275a8, paksize 4a, machdr 6007d1b6, iphdr 0x6007d1c4
[    4] T11 inq_type 0x1
[    5] T11 Received pkt from CP with tunnel info 0
[    6] T11 <11.11.1.3/36359->11.11.2.2/21;6> : <abc/ge-5/0/1.0>
[    7] T11 packet [60] ipid = 37798, @6007d1c4
[    8] T11 flow_process_pkt: local_flag: 0x00000100
[    9] T11  find flow: table 0x6a342df0, hash 9928(0xffff), sa 11.11.1.3, da 11.11.2.2, sp 36359, dp 21, proto 6, tok 10
[   10] T11   flow_first_sanity_check: in <ge-5/0/1.0>, out <N/A>
[   11] T11 search gate for abc:11.11.1.3/36359->11.11.2.2/21,6
[   12] T11 gate_search_hash_table: no gate found
[   13] T11   flow_first_create_session
[   14] T11 tbl = 0x6a342df0
[   15] T11 tbl = 0x6a342df0
[   16] T11 First path alloc and instl pending session, natp=0x6b147e18, id=9
[   17] T11   flow_first_in_dst_nat: in <ge-5/0/1.0>, out <N/A>
[   18] T11   flow_first_in_dst_nat: dst_adr 11.11.2.2, sp 36359, dp 21
[   19] T11   chose interface ge-5/0/1.0 as incoming nat if.
[   20] T11   flow_first_routing: Before route-lookup ifp: in <ge-5/0/1.0>, out <N/A>
[   21] T11 flow_first_routing: call flow_route_lookup(): src_ip 11.11.1.3, x_dst_ip 11.11.2.2, ifp ge-5/0/1.0, sp 36359, dp 21, ip_proto 6, tos 0
[   22] T11 Doing DESTINATION addr route-lookup
[   23] T11 flow_ipv4_rt_lkup: nh word 0x30010
[   24] T11 flow_ipv4_rt_lkup success 11.11.2.2, iifl 0x43, oifl 0x44
[   25] T11   routed (x_dst_ip 11.11.2.2) from abc (ge-5/0/1.0 in 128) to ge-6/2/7.0, Next-hop: 11.11.2.2
[   26] T11   policy search from zone abc-> zone abc
[   27] T11 policy_flow_search: starting policy lookup
[   28] T11 policy_ipv4_lookup: Vsys: (0) Src Zone: (abc) Dst Zone: (abc) src_ip: (11.11.1.3) dst_ip: (11.11.2.2) src_port: (36359) dst_port: (21) protocol: (6)
[   29] T11 policy_ipv4_lookup: Invalid context entry for ctx: (0/6/6)
[   30] T11 policy_flow_search: no valid policy found,  returning default policy
[   31] T11    policy found 2
[   32] T11 Permitted by policy 2
[   33] T11 flow_first_src_xlate: src nat 0.0.0.0(36359) to 11.11.2.2(21) returns status 0, dip id 0.
[   34] T11   dip id = 0/0, 11.11.1.3/36359->11.11.1.3/36359
[   35] T11   choose interface ge-6/2/7.0 as outgoing phy if
[   36] T11 is_loop_pak: No loop: on ifp: ge-6/2/7.0, addr: 11.11.2.2, rtt_idx:0
[   37] T11   session application type 1, name FLOW STUB: LOOKUP DISABLED TO AVOID CRASH,  timeout 1800sec curr_ageout_time:20secs
[   38] T11 FLOW STUB: ALG vector attachment disabled to avoid crash[   39] T11   service lookup identified service 0.
[   40] T11   flow_first_final_check: in <ge-5/0/1.0>, out <ge-6/2/7.0>
[   41] T11 In flow_first_complete_session
[   42] T11   existing vector list 2-6671d878.
[   43] T11   Session (id:9) created for first pak 2
[   44] T11 first pak processing successful
[   45] T11   flow_first_install_session======> 0x6b147e18
[   46] T11  nsp 0x6b147e18, nsp2 0x6b147e8c
[   47] T11   make_nsp_ready_no_resolve()
[   48] T11 flow_ipv4_rt_lkup: nh word 0x50010
[   49] T11 flow_ipv4_rt_lkup success 11.11.1.3, iifl 0x0, oifl 0x43
[   50] T11   route to %i???
[   51] T11 tbl = 0x6a342df0
[   52] T11 tbl = 0x6a342df0
[   53] T11 queue pak for pending session 9, natp=0x6b147e18, paks queued 1
[   54] T11 first path session installation succeeded
[   55] T11   flow didn't create session, code=3.
[   56] T11   flow process -- pak is dropped, a copy is queued.
[   57] T11  ----- flow_process_pkt rc 0xf (fp rc 3)

[   58] T11 SPU: post jexec executed, drop packet
 

hope this helps.

thanks

Raheel Anwar