Logging cflowd Flows Before Export
To collect the cflowd flows in a log file before they are exported, include the local-dump statement at the [edit forwarding-options sampling output flow-server hostname] hierarchy level:
By default, the flows are collected in /var/log/sampled; to change the filename, include the filename statement at the [edit forwarding-options sampling traceoptions] hierarchy level. For more information about changing the filename, see Configuring Traffic Sampling Output.
 | Note: Because the local-dump statement adds extra overhead, you should use it only while debugging cflowd problems, not during normal operation. |
The following is an example of the flow information. The AS number exported is the origin AS number. All flows that belong under a cflowd header are dumped, followed by the header itself:
Jun 27 18:35:43 v5 flow entry Jun 27 18:35:43 Src addr: 192.53.127.1 Jun 27 18:35:43 Dst addr: 192.6.255.15 Jun 27 18:35:43 Nhop addr: 192.6.255.240 Jun 27 18:35:43 Input interface: 5 Jun 27 18:35:43 Output interface: 3 Jun 27 18:35:43 Pkts in flow: 15 Jun 27 18:35:43 Bytes in flow: 600 Jun 27 18:35:43 Start time of flow: 7230 Jun 27 18:35:43 End time of flow: 7271 Jun 27 18:35:43 Src port: 26629 Jun 27 18:35:43 Dst port: 179 Jun 27 18:35:43 TCP flags: 0x10 Jun 27 18:35:43 IP proto num: 6 Jun 27 18:35:43 TOS: 0xc0 Jun 27 18:35:43 Src AS: 7018 Jun 27 18:35:43 Dst AS: 11111 Jun 27 18:35:43 Src netmask len: 16 Jun 27 18:35:43 Dst netmask len: 0
[... 41 more version 5 flow entries; then the following header:]
Jun 27 18:35:43 cflowd header: Jun 27 18:35:43 Num-records: 42 Jun 27 18:35:43 Version: 5 Jun 27 18:35:43 low seq num: 118 Jun 27 18:35:43 Engine id: 0 Jun 27 18:35:43 Engine type: 3
