we're in the process in setting up a vSRX and want to use sampled traffic exported to cflowd for monitoring.
I have set up the traffic sampling as described in Juniper documentation, but neither the cflowd server nor local files get any samples.
Here is my configuration:
set interfaces ge-0/0/0 unit 0 family inet filter input SAMPLING
set interfaces ge-0/0/0 unit 0 family inet address xxx.xxx.xxx.xxx/xx
set forwarding-options sampling input rate 10
set forwarding-options sampling input run-length 2
set forwarding-options sampling family inet output file filename SAMPLED.local
set forwarding-options sampling family inet output file files 10
set forwarding-options sampling family inet output file size 1m
set routing-options route-record
set firewall family inet filter SAMPLING term SAMPLE then sample
set firewall family inet filter SAMPLING term SAMPLE then accept
ge-0/0/0.0 is the internet facing interface of the router.
I was able to locate a file named SAMPLED.local int /var/tmp/, yet it only shows the header without any packet samples ever being displayed.
# Jan 17 10:02:49
# Dest Src Dest Src Proto TOS Pkt Intf IP TCP
# addr addr port port len num frag flags
There are currently no other firewall filters configured on the system, just security zones and their policies.
Using monitor traffic interface ge-0/0/0.0 I can also see traffic coming in on the interface. The vSRX is running JUNOS 15.1X49-D123.3.
Do you have any suggestions what is missing in this configuration?