Junos “flow traceoptions” is the utility to track all routing protocols functionalities such as – how traffic is being traversing from source to destination; how traffic is being traversing from one interface to another; is the traffic able to finds out the correct destination path; what security zones are involved in the traffic path; what security polices are applied; is the traffic getting permitted or getting dropped by a firewall rule; what firewall rules or policies are involved; similar etc.
Three things need to be address while working with flow traceoptions –
- Need to enable “flow traceoptions” and send the logs to a Flow Trace log file.
- Analysis the Flow Trace log file to find out the fact what is happening.
- Make sure to disable flow traceoptions.
- Once finished with analysis & inspections, cleanup the flow trace log files to maintain available disk space on the Juniper box.
To enable flow traceoptions, following are popular syntaxes-
++++
#set security flow traceoptions file Flow-Trace-LogFile
#set security flow traceoptions flag basic-datapath
#set security flow traceoptions packet-filter PF1 source-prefix 1.1.1.1/32
#set security flow traceoptions packet-filter PF1 destination-prefix 2.2.2.2/32
#set security flow traceoptions packet-filter PF2 source-prefix 2.2.2.2/32
#set security flow traceoptions packet-filter PF2 destination-prefix 1.1.1.1/32
++++
Optionally we can enter the following to set limit to be avoid hammered by huge logs.
+++
#set security flow traceoptions file files 2; maximum 3 log files 0,1,2
#set security flow traceoptions file size 2m; size of each log file is 2MB
+++
The above will create log file “Flow-Trace-LogFile”; to see the log file, enter the following command –
+++
>show log Flow-Trace-LogFile
+++
We once we finished analysis & inspections with the log files – we should disable traceoptions as following-
+++
#delete security flow traceoptions
+++
Lastly to clean-up a log file and also to delete log files – use the following commands.
To clear a log file – enter the following command-
+++
>clear log LogFileName
+++
To delete a log file – enter the following command-
+++
>file delete <path>
>file delete /var/log/flow-trace-logs.0.gz
+++