[j-nsp] SRX210 + AppTrack. How to analyse?
MALLETT, Leo (Leo)
leo.mallett at alcatel-lucent.com
Mon Aug 12 02:18:56 EDT 2013
There are a few ways to do it.
1. You could login to the shell as root and tcpdump the interface to a capture file, this won't be "live" but you can roll files over.
2. You could also monitor the traffic for live visibility "monitor interface <X.y> extensive no-resolve size <mtu>" without quotations, and set <> enclosed to match your configuration. I believe SRX210H have 1GB flash so the latter may be better.
3. Alternately set the forwarding options to capture the file (if platform supports it)
4. Mirror the port to a host and capture with wireshark.
From: juniper-nsp [mailto:juniper-nsp-bounces at puck.nether.net] On Behalf Of Skeeve Stevens
Sent: Monday, August 12, 2013 3:12 PM
To: juniper-nsp at puck.nether.net
Subject: [j-nsp] SRX210 + AppTrack. How to analyse?
I have a customer in a bandwidth sensitive location (expensive and slow), and they would like to know what is going through their device, and who is doing it.
In Cisco terms, this was NBAR - we used it many times to track down bandwidth hogs.
This is a small branch site using a SRX210H, and obviously STRM is too expensive for a reporting engine.
So what I am looking for is... How can we look at their device, and see what is happening (preferably live) on a protocol and user (IP?) basis.
I understand it can export to syslog, but that just gives me lots of text to deal with... nothing that is easy to look at.
Thank you for helping out guys!
*Skeeve Stevens - *eintellego Networks Pty Ltd skeeve at eintellegonetworks.com ; www.eintellegonetworks.com
Phone: 1300 239 038; Cell +61 (0)414 753 383 ; skype://skeeve
facebook.com/eintellegonetworks ; <http://twitter.com/networkceoau> linkedin.com/in/skeeve
twitter.com/networkceoau ; blog: www.network-ceo.net
The Experts Who The Experts Call
Juniper - Cisco - Cloud
juniper-nsp mailing list juniper-nsp at puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
More information about the juniper-nsp