SRX

last person joined: yesterday 

Ask questions and share experiences about the SRX Series, vSRX, and cSRX.

  • 1.  Show hit count per IP address

    Posted 03-18-2014 10:53
    Hi! is there a command or script that can show us the hit count for a specific IP address? I can check the hit count per policy with the "show security policies hit-count" command, but in some cases it would be great to understand what addresses have more or less weight on the policy hit-count. Thanks!


  • 2.  RE: Show hit count per IP address
    Best Answer

    Posted 03-19-2014 02:40

    Hi,

     

    There is no direct command to really do this on the SRX itself.

     

    There are a few things you could use inculding Tim Eberhards SRX Session Analyzer below.

     

    http://forums.juniper.net/t5/SRX-Services-Gateway/SRX-Session-Analyzer/td-p/113798

     

    Using JFlow and an external collector to view the results, SolarWinds etc. Scrutinizer is free for 24 hours worth of monitoring, probably enough for your needs.

     

    http://www.plixer.com/Scrutinizer-Netflow-Sflow/scrutinizer-flow-analyzer.html

     

    To set up J-Flow:

     

    http://kb.juniper.net/InfoCenter/index?page=content&id=KB16677

     

     



  • 3.  RE: Show hit count per IP address

    Posted 03-20-2014 07:12
    Didn't remember to use Flow data for this :D Since I already use Cacti I'll try to use the Cacti plugin - FlowView (http://docs.cacti.net/plugin:flowview) for the collector/analyzer. It should be enough for my needs. Thanks for the answer!


  • 4.  RE: Show hit count per IP address

    Posted 03-20-2014 07:21

    You might find this post helpful too in relation to Cacti:

     

    http://forums.juniper.net/t5/SRX-Services-Gateway/SRX-Cacti-Graph-Templates/m-p/233038#M28607