Difference between revisions of "How to perform firewall flow filter debugging"
From Tech-Wiki
Line 1: | Line 1: | ||
− | [[Category: | + | [[Category:Juniper_Networks]] |
The debug buffer is a circular buffer, once the buffer has reached the size limit, the oldest data will be overwritten.<br />The buffer size is configurable.<br /> | The debug buffer is a circular buffer, once the buffer has reached the size limit, the oldest data will be overwritten.<br />The buffer size is configurable.<br /> |
Latest revision as of 03:31, 8 August 2016
The debug buffer is a circular buffer, once the buffer has reached the size limit, the oldest data will be overwritten.
The buffer size is configurable.
To change the size, use the following commands:
set db size 4096 set console dbuf clear db
To set-up the flow filter:
get ffilter set ffilter src-ip / dst-ip ... (see the CLI-help for more ffilter options) (same row = AND, more rows = OR) debug flow basic
Reproduce the issue. The timestamp resolution of the output is in tenths of a second. Stop the ffilter and then display the output with the following commands:
undebug all get dbuf stream or get dbuf stream > tftp <host> <name-of-file>