Supported Platforms
Configuring the Output File for Traffic Sampling
You configure traffic sampling results to a file in the /var/tmp directory. To collect the sampled packets in a file, include the file statement at the [edit forwarding-options sampling output] hierarchy level:
To configure the period of time before an active flow is exported, include the flow-active-timeout statement at the [edit forwarding-options sampling output family (inet | inet6 | mpls)] hierarchy level:
To configure the period of time before a flow is considered inactive, include the flow-inactive-timeout statement at the [edit forwarding-options sampling output] hierarchy level:
To configure the interface that sends out monitored information, include the interface statement at the [edit forwarding-options sampling output] hierarchy level:
 | Note: This feature is not supported with the version 9 template format. You must send traffic flows collected using version 9 to a server. For more information see Configuring Active Flow Monitoring Using Version 9. |
Traffic Sampling Output Format
Traffic sampling output is saved to an ASCII text file. The following is an example of the traffic sampling output that is saved to a file in the /var/tmp directory. Each line in the output file contains information for one sampled packet. You can optionally display a timestamp for each line.
The column headers are repeated after each group of 1000 packets.
# Apr 7 15:48:50
Time Dest Src Dest Src Proto TOS Pkt Intf IP TCP
addr addr port port len num frag flags
Apr 7 15:48:54 192.168.9.194 192.168.9.195 0 0 1 0x0 84 8 0x0 0x0
Apr 7 15:48:55 192.168.9.194 192.168.9.195 0 0 1 0x0 84 8 0x0 0x0
Apr 7 15:48:56 192.168.9.194 192.168.9.195 0 0 1 0x0 84 8 0x0 0x0
Apr 7 15:48:57 192.168.9.194 192.168.9.195 0 0 1 0x0 84 8 0x0 0x0
Apr 7 15:48:58 192.168.9.194 192.168.9.195 0 0 1 0x0 84 8 0x0 0x0The output contains the following fields:
- Time—Time at which the packet was received (displayed only if you include the stamp statement in the configuration)
- Dest addr—Destination IP address in the packet
- Src addr—Source IP address in the packet
- Dest port—Transmission Control Protocol (TCP) or User Datagram Protocol (UDP) port for the destination address
- Src port—TCP or UDP port for the source address
- Proto—Packet’s protocol type
- TOS—Contents of the type-of-service (ToS) field in the IP header
- Pkt len—Length of the sampled packet, in bytes
- Intf num—Unique number that identifies the sampled logical interface
- IP frag—IP fragment number, if applicable
- TCP flags—Any TCP flags found in the IP header
To set the timestamp option for the file my-sample, enter the following:
Whenever you toggle the timestamp option, a new header is included in the file. If you set the stamp option, the Time field is displayed.
# Apr 7 15:48:50 # Time Dest Src Dest Src Proto TOS Pkt Intf IP TCP # addr addr port port len num frag flags # Feb 1 20:31:21 # Dest Src Dest Src Proto TOS Pkt Intf IP TCP # addr addr port port len num frag flags
