So trying to troubleshoot some BGP on the SRX I had to play with logging. I tried and tried to make it work and well kept falling flat. That is because I was in the wrong dang area. I was trying to look at flows coming across the device and tried doing traceoptions in security and in policies. Both did not work. To make this work I found an article on what i was missing.
Basically I had to enable logging under security flow. Some people are probably reading that and going duh but these are my notes so whatever.
Anyways I didn't do a packet filter because I am on a small home grown network but I did play around and found what I wanted and more.
Below is my setup for a quick logging setup to see what is passing through the firewall
jmctsm@srx05# show security flow
traceoptions {
file flow_log size 1m files 100;
flag basic-datapath;
}
That way all I had to do was run a show log flow_log to see what was passing. That showed me what I wanted to see and more. That BGP to my device didn't work as I wanted it not to but BGP from the device to an outside device did work.
And on to other things.
No comments:
Post a Comment