Configuring Passive Flow Monitoring
On routing platforms containing the Monitoring Services PIC or the Monitoring Services II PIC, you can configure flow monitoring for traffic passing through the routing platform. This type of monitoring method is passive monitoring.
To configure flow monitoring, include the monitoring
statement at the [edit forwarding-options
hierarchy level:
[edit forwarding-options] monitoring group-name { family inet { output { cflowd hostname { port port-number; } export-format cflowd-version-5; flow-active-timeout seconds; flow-export-destination { cflowd-collector; } flow-inactive-timeout seconds; interface interface-name { engine-id number; engine-type number; input-interface-index number; output-interface-index number; source-address address; } } } }
To configure a passive monitoring group, include the monitoring
statement and specify a group name. To configure monitoring on a
specified address family, include the family
statement
and specify an address family. To specify an interface to monitor
incoming traffic, include the input
statement. To configure
the monitoring information that is sent out, include the output
statement. To configure the output flow aggregation, include the cflowd
statement. For more information about flow aggregation,
see Directing Traffic Sampling Output
to a Server Running the cflowd Application. To specify
the format of the monitoring information sent out, include the export-format
statement and specify a version number. To configure
the interval before exporting an active flow, include the flow-active-timeout
statement. The default value for flow-active-timeout is
1800 seconds. To enable flow collection, include the flow-export-destination
statement. To configure the interval before a flow is considered
inactive, include the flow-inactive-timeout
statement.
The default value for flow-inactive-timeout is 60 seconds.
To configure the interface that sends out the monitored information,
include the interface
statement. Flow monitoring is supported
for Monitoring Services PIC interfaces only.
When you apply a firewall filter to a loopback interface, the filter might block responses from the Monitoring Services PIC. To allow responses from the Monitoring Services PIC to pass through for monitoring purposes, configure a term in the firewall filter to include the Monitoring Services PIC’s IP address. For more detailed information about configuring firewall filters, see Guidelines for Configuring Firewall Filters and Guidelines for Applying Standard Firewall Filters.