Here is an op script that I tested on 12.1X44 if you do not want to use the shell or upgrade to 12.3.
version 1.0;
ns junos = "http://xml.juniper.net/junos/*/junos";
ns xnm = "http://xml.juniper.net/xnm/1.1/xnm";
ns jcs = "http://xml.juniper.net/junos/commit-scripts/1.0";
import "../import/junos.xsl";
var $arguments = {
<argument> {
<name> "policy";
<description> "Specific policy name";
}
}
param $policy;
match / {
<op-script-results> {
<out> {
call main;
}
}
}
template main
{
var $flowrpc = <get-flow-session-information>;
var $conn = jcs:open();
var $flowout = jcs:execute($conn, $flowrpc);
for-each ($flowout/flow-session) {
var $polName = substring-before(policy, "/");
if ($policy == $polName) {
var $out = jcs:printf("Session ID: %s, Policy name: %s, Timeout: %s, %s",
session-identifier, policy, timeout, sess-state);
expr jcs:output($out);
for-each (flow-information) {
var $infoout = jcs:printf(" %s: %s/%s --> %s/%s;%s, if: %s, Pkts: %s, Bytes: %s",
direction, source-address, source-port, destination-address,
destination-port, protocol, interface-name, pkt-cnt, byte-cnt);
expr jcs:output($infoout);
}
expr jcs:output("\n");
}
}
expr jcs:close($conn);
}
Output is identical to the standard 'show security flow session' and it will accept an argument with the policy name.
Tim