This article contains instructions for troubleshooting your SRX device. It includes common commands for monitoring, viewing log files, and configuring traceoptions and packet capture.
For other topics, go to the SRX Getting Started main page.
Troubleshooting SRX Series devices.
This section contains the following:
Monitoring commands
The most common, important commands for monitoring the SRX hardware, interfaces, sessions, and alarms are as follows:
| Command | Description |
show version | Software version |
show chassis hardware detail
| Hardware and Serial numbers |
show chassis environment | Temperatures, Fan and Power Supply |
show chassis routing-engine | Temperatures, Memory, CPU Load |
show interfaces terse | Interface States |
show interfaces extensive | Interface and Zone Counters |
monitor interface | Real-time interface statistics |
show security flow session | Current sessions |
show system alarms
show chassis alarms
| Alarms |
If you are familiar with ScreenOS, refer to
KB14000 for a mapping of common troubleshooting commands from ScreenOS to Junos.
Log Files
System messages can be viewed in the log files with the 'show log messages' command. Variations of the command are as follows:
Command | Description |
show log | List all Logfiles available |
show log messages | Show Log File from beginning |
show log messages | last | List last Log Messages |
show log messages | match LOGIN | Search within the Log |
monitor start <file> | Send Logs to terminal (like tail -f) |
Debugging (Traceoptions)
The traceoptions feature in Junos is used for capturing debug data. The following two KB articles explain how to use traceoptions with examples:
Packet Capture for transit traffic through the SRX
For SRX Branch devices, use the Packet Capture Feature to snoop packets
through the Junos device, within the forwarding plane. Refer to the following:
Note: The Packet Capture Feature can also be used to capture 'self-traffic' (e.g. Dynamic Routing Protocol messages, ARP, management traffic, ICMP to Routing Engine). However, this Packet Capture feature is not available on the SRX High-End devices.
For SRX High-End devices, packet capture can be achieved using the
datapath-debug feature. Refer to the following:
Packet Capture of control traffic to and from the RE of the SRX
Use the 'monitor traffic interface' command to capture 'self-traffic', i.e. packets destined to and from the RE (Routing Engine) of the Junos device. This feature is useful for troubleshooting why one can't telnet to the SRX device, or for troubleshooting if a SNMP request is being received and transmitted from the SRX device, or for troubleshooting OSPF, BGP, and PPP connectivity issues.
> monitor traffic interface <int> layer2-headers
> monitor traffic interface e1-0/0/0.0 no-resolve
Notes:
- This feature is not promiscuous mode. This feature only captures traffic to/from the RE of the SRX or J Series device itself. It does not capture transit traffic (forwarding plane).
- ICMP traffic is excluded. (ICMP stays within the forwarding plane, and 'monitor traffic' is tracking the RE (control plane)).
For additional information on the 'monitor traffic' command, refer to
http://www.juniper.net/techpubs/en_US/junos11.4/information-products/topic-collections/security/software-all/monitoring-and-troubleshooting/index.html?jd0e24088.html.