Support Support Downloads Knowledge Base Case Manager My Juniper Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

SRX Getting Started - Troubleshooting Commands

1

0

Article ID: KB15779 KB Last Updated: 28 Jan 2014Version: 23.0
Summary:

This article contains instructions for troubleshooting your SRX device.  It includes common commands for monitoring, viewing log files, and configuring traceoptions and packet capture.

For other topics, go to the SRX Getting Started main page.

Symptoms:

Troubleshooting SRX Series devices.

Cause:

Solution:

This section contains the following:


Monitoring commands

The most common, important commands for monitoring the SRX hardware, interfaces, sessions, and alarms are as follows:
Command Description
show version Software version
show chassis hardware detail
Hardware and Serial numbers
show chassis environment Temperatures, Fan and Power Supply
show chassis routing-engine Temperatures, Memory, CPU Load
show interfaces terse Interface States
show interfaces extensive Interface and Zone Counters
monitor interface Real-time interface statistics
show security flow session Current sessions
show system alarms
show chassis alarms
Alarms
If you are familiar with ScreenOS, refer to KB14000 for a mapping of common troubleshooting commands from ScreenOS to Junos.



Log Files

System messages can be viewed in the log files with the 'show log messages' command.  Variations of the command are as follows:
Command
Description
show log
List all Logfiles available
show log messages
Show Log File from beginning
show log messages | last
List last Log Messages
show log messages | match LOGIN
Search within the Log
monitor start <file>
Send Logs to terminal (like tail -f)


Debugging (Traceoptions)

The traceoptions feature in Junos is used for capturing debug data.  The following two KB articles explain how to use traceoptions with examples:


Packet Capture for transit traffic through the SRX

For SRX Branch devices, use the Packet Capture Feature to snoop packets through the Junos device, within the forwarding plane.  Refer to the following:

Note:  The Packet Capture Feature can also be used to capture 'self-traffic' (e.g. Dynamic Routing Protocol messages, ARP, management traffic, ICMP to Routing Engine).  However, this Packet Capture feature is not available on the SRX High-End devices.



For SRX High-End devices, packet capture can be achieved using the datapath-debug feature.  Refer to the following:


Packet Capture of control traffic to and from the RE of the SRX       

Use the 'monitor traffic interface' command to capture 'self-traffic', i.e. packets destined to and from the RE (Routing Engine) of the Junos device.  This feature is useful for troubleshooting why one can't telnet to the SRX device, or for troubleshooting if a SNMP request is being received and transmitted from the SRX device, or for troubleshooting OSPF, BGP, and PPP connectivity issues. 
> monitor traffic interface <int> layer2-headers  
> monitor traffic interface e1-0/0/0.0 no-resolve
Notes: 
  • This feature is not promiscuous mode. This feature only captures traffic to/from the RE of the SRX or J Series device itself.  It does not capture transit traffic (forwarding plane).
  • ICMP traffic is excluded.  (ICMP stays within the forwarding plane, and 'monitor traffic' is tracking the RE (control plane)).
For additional information on the 'monitor traffic' command, refer to http://www.juniper.net/techpubs/en_US/junos11.4/information-products/topic-collections/security/software-all/monitoring-and-troubleshooting/index.html?jd0e24088.html.

Related Links

Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search