ScreenOS Firewalls (NOT SRX)
Reply
Contributor
pentium-v
Posts: 19
Registered: ‎02-23-2009
0

Is there S-FLOW like J-FLOW and C-FLOW?

Hello friends

 

Is there S-FLOW feature like J-FLOW and C-FLOW for session analysis?

What are the third party sotware which supports S-FLOW and J-FLOW both?

 

 

Trusted Expert Trusted Expert
Trusted Expert
WL
Posts: 790
Registered: ‎07-26-2008
0

Re: Is there S-FLOW like J-FLOW and C-FLOW?

Hi

 

There is no J-Flow kind of support on ScreenOS unfortunately. I think there is another thread wheresomeone also asked the same question:

http://forums.juniper.net/jnet/board/message?board.id=Firewalls&message.id=5718#M5718

****pls click the button " Accept as Solution" if my post helped to solve your problem****
Contributor
pentium-v
Posts: 19
Registered: ‎02-23-2009
0

Re: Is there S-FLOW like J-FLOW and C-FLOW?

Hi WL,

 

Thank you for answering. Then how can we do the session analysis of screen OS devices? It can be done through STRM product?

 

Super Contributor
Cesar
Posts: 141
Registered: ‎11-18-2008
0

Re: Is there S-FLOW like J-FLOW and C-FLOW?

You can use the following tools:

 

  • NSM with realtime monitor
  • https://tools.juniper.net/fsa/
  • http://performanceclassifieds.net/NSSA.zip
Trusted Expert Trusted Expert
Trusted Expert
WL
Posts: 790
Registered: ‎07-26-2008
0

Re: Is there S-FLOW like J-FLOW and C-FLOW?

For the NSM, I guess you may not know where to find the steps:

(i) Via NSM
- Right Click on the device
- Select View Statistics
- Go to Resource Statistics
- Select Session Utilization or Active Status which should show all the sessions as well

 

Also note that there is a file size limit for all the tools which Cesar has mentioned.

For :https://tools.juniper.net/fsa/ (not larger than 32MB) and same for the NSSA (I have had huge session files which were not able to be parsed by the NSSA tool).

 

In that case the only way is to use linux to parse the session file something like this:

 grep -A 1 id filename>  | grep -v id | grep if | awk '{print $3}' | awk -F: '{print $2}'  | awk -F, '{print $1}' | sort | uniq -c | sort -nr | more or > <filename for analysis>

 

*note above is just an example, of course there are many ways to do the analysis.

 

Also, you can use the private netscreen MIBs for session utilization (not really doing session analysis):

 

 

****pls click the button " Accept as Solution" if my post helped to solve your problem****
Contributor
TimEberhard
Posts: 10
Registered: ‎05-18-2009
0

Re: Is there S-FLOW like J-FLOW and C-FLOW?

WL,

 

I'm not aware of any known size limitations with NSSA. I've used it to analyze several session table snapshots combined into one. What kind of limitations have you ran into?

 

-Tim Eberhard

Trusted Expert Trusted Expert
Trusted Expert
WL
Posts: 790
Registered: ‎07-26-2008
0

Re: Is there S-FLOW like J-FLOW and C-FLOW?

I think when the session table is>40Mb, the NSSA seems to hang. I waited for10 somewhat mins but it was still stuck. It could be bcos I dint want to wait for the entire table to load :smileytongue:
****pls click the button " Accept as Solution" if my post helped to solve your problem****
Copyright© 1999-2013 Juniper Networks, Inc. All rights reserved.