Knowledge Center Search


 

SRX Getting Started - Troubleshooting Commands

  [KB15779] Show KB Properties

  [KB15779] Hide KB Properties

Categories:
Knowledge Base ID: KB15779
Last Updated: 28 Jan 2014
Version: 23.0

Summary:

This article contains instructions for troubleshooting your SRX device.  It includes common commands for monitoring, viewing log files, and configuring traceoptions and packet capture.

For other topics, go to the SRX Getting Started main page.

Problem or Goal:

Troubleshooting SRX Series devices.

Cause:

Solution:

This section contains the following:


Monitoring commands

The most common, important commands for monitoring the SRX hardware, interfaces, sessions, and alarms are as follows:
Command Description
show version Software version
show chassis hardware detail
Hardware and Serial numbers
show chassis environment Temperatures, Fan and Power Supply
show chassis routing-engine Temperatures, Memory, CPU Load
show interfaces terse Interface States
show interfaces extensive Interface and Zone Counters
monitor interface Real-time interface statistics
show security flow session Current sessions
show system alarms
show chassis alarms
Alarms
If you are familiar with ScreenOS, refer to KB14000 for a mapping of common troubleshooting commands from ScreenOS to Junos.



Log Files

System messages can be viewed in the log files with the 'show log messages' command.  Variations of the command are as follows:
Command
Description
show log
List all Logfiles available
show log messages
Show Log File from beginning
show log messages | last
List last Log Messages
show log messages | match LOGIN
Search within the Log
monitor start <file>
Send Logs to terminal (like tail -f)


Debugging (Traceoptions)

The traceoptions feature in Junos is used for capturing debug data.  The following two KB articles explain how to use traceoptions with examples:


Packet Capture for transit traffic through the SRX

For SRX Branch devices, use the Packet Capture Feature to snoop packets through the Junos device, within the forwarding plane.  Refer to the following:

Note:  The Packet Capture Feature can also be used to capture 'self-traffic' (e.g. Dynamic Routing Protocol messages, ARP, management traffic, ICMP to Routing Engine).  However, this Packet Capture feature is not available on the SRX High-End devices.



For SRX High-End devices, packet capture can be achieved using the datapath-debug feature.  Refer to the following:


Packet Capture of control traffic to and from the RE of the SRX       

Use the 'monitor traffic interface' command to capture 'self-traffic', i.e. packets destined to and from the RE (Routing Engine) of the Junos device.  This feature is useful for troubleshooting why one can't telnet to the SRX device, or for troubleshooting if a SNMP request is being received and transmitted from the SRX device, or for troubleshooting OSPF, BGP, and PPP connectivity issues. 
> monitor traffic interface <int> layer2-headers  
> monitor traffic interface e1-0/0/0.0 no-resolve
Notes: 
  • This feature is not promiscuous mode. This feature only captures traffic to/from the RE of the SRX or J Series device itself.  It does not capture transit traffic (forwarding plane).
  • ICMP traffic is excluded.  (ICMP stays within the forwarding plane, and 'monitor traffic' is tracking the RE (control plane)).
For additional information on the 'monitor traffic' command, refer to http://www.juniper.net/techpubs/en_US/junos11.4/information-products/topic-collections/security/software-all/monitoring-and-troubleshooting/index.html?jd0e24088.html.

Purpose:
Implementation

Related Links:

 

 

ASK THE KB

Question or KB ID:


 


 

 
Copyright© 1999-2012 Juniper Networks, Inc. All rights reserved.