ScreenOS Firewalls (NOT SRX)
ScreenOS Firewalls (NOT SRX)

Is there S-FLOW like J-FLOW and C-FLOW?

05.03.09   |  
‎05-03-2009 11:13 AM

Hello friends

 

Is there S-FLOW feature like J-FLOW and C-FLOW for session analysis?

What are the third party sotware which supports S-FLOW and J-FLOW both?

 

 

6 REPLIES
ScreenOS Firewalls (NOT SRX)

Re: Is there S-FLOW like J-FLOW and C-FLOW?

05.03.09   |  
‎05-03-2009 11:23 AM

Hi

 

There is no J-Flow kind of support on ScreenOS unfortunately. I think there is another thread wheresomeone also asked the same question:

http://forums.juniper.net/jnet/board/message?board.id=Firewalls&message.id=5718#M5718

****pls click the button " Accept as Solution" if my post helped to solve your problem****
ScreenOS Firewalls (NOT SRX)

Re: Is there S-FLOW like J-FLOW and C-FLOW?

05.10.09   |  
‎05-10-2009 12:04 PM

Hi WL,

 

Thank you for answering. Then how can we do the session analysis of screen OS devices? It can be done through STRM product?

 

Highlighted
ScreenOS Firewalls (NOT SRX)

Re: Is there S-FLOW like J-FLOW and C-FLOW?

05.11.09   |  
‎05-11-2009 10:06 AM

You can use the following tools:

 

  • NSM with realtime monitor
  • https://tools.juniper.net/fsa/
  • http://performanceclassifieds.net/NSSA.zip
ScreenOS Firewalls (NOT SRX)

Re: Is there S-FLOW like J-FLOW and C-FLOW?

05.11.09   |  
‎05-11-2009 12:50 PM

For the NSM, I guess you may not know where to find the steps:

(i) Via NSM
- Right Click on the device
- Select View Statistics
- Go to Resource Statistics
- Select Session Utilization or Active Status which should show all the sessions as well

 

Also note that there is a file size limit for all the tools which Cesar has mentioned.

For :https://tools.juniper.net/fsa/ (not larger than 32MB) and same for the NSSA (I have had huge session files which were not able to be parsed by the NSSA tool).

 

In that case the only way is to use linux to parse the session file something like this:

 grep -A 1 id filename>  | grep -v id | grep if | awk '{print $3}' | awk -F: '{print $2}'  | awk -F, '{print $1}' | sort | uniq -c | sort -nr | more or > <filename for analysis>

 

*note above is just an example, of course there are many ways to do the analysis.

 

Also, you can use the private netscreen MIBs for session utilization (not really doing session analysis):

 

 

****pls click the button " Accept as Solution" if my post helped to solve your problem****

Attachments

ScreenOS Firewalls (NOT SRX)

Re: Is there S-FLOW like J-FLOW and C-FLOW?

05.18.09   |  
‎05-18-2009 06:11 PM

WL,

 

I'm not aware of any known size limitations with NSSA. I've used it to analyze several session table snapshots combined into one. What kind of limitations have you ran into?

 

-Tim Eberhard

ScreenOS Firewalls (NOT SRX)

Re: Is there S-FLOW like J-FLOW and C-FLOW?

05.18.09   |  
‎05-18-2009 08:26 PM
I think when the session table is>40Mb, the NSSA seems to hang. I waited for10 somewhat mins but it was still stuck. It could be bcos I dint want to wait for the entire table to load Smiley Tongue
****pls click the button " Accept as Solution" if my post helped to solve your problem****