vSRX
Highlighted
vSRX

vSRX not sampling traffic

[ Edited ]
‎01-17-2019 02:14 AM

Hi there,

we're in the process in setting up a vSRX and want to use sampled traffic exported to cflowd for monitoring.

 

I have set up the traffic sampling as described in Juniper documentation, but neither the cflowd server nor local files get any samples.

 

Here is my configuration:

 

set interfaces ge-0/0/0 unit 0 family inet filter input SAMPLING
set interfaces ge-0/0/0 unit 0 family inet address xxx.xxx.xxx.xxx/xx

set forwarding-options sampling input rate 10
set forwarding-options sampling input run-length 2
set forwarding-options sampling family inet output file filename SAMPLED.local
set forwarding-options sampling family inet output file files 10
set forwarding-options sampling family inet output file size 1m

set routing-options route-record

set firewall family inet filter SAMPLING term SAMPLE then sample
set firewall family inet filter SAMPLING term SAMPLE then accept

ge-0/0/0.0 is the internet facing interface of the router.

I was able to locate a file named SAMPLED.local int /var/tmp/, yet it only shows the header without any packet samples ever being displayed.

# Jan 17 10:02:49  
#          Dest             Src  Dest   Src Proto  TOS   Pkt  Intf    IP   TCP
#          addr            addr  port  port              len   num  frag flags

There are currently no other firewall filters configured on the system, just security zones and their policies.

Using monitor traffic interface ge-0/0/0.0 I can also see traffic coming in on the interface. The vSRX is running JUNOS 15.1X49-D123.3.

 

Do you have any suggestions what is missing in this configuration?

 

Best regards,

Dero