What is this?

This knowledgebase contains questions and answers about PRTG Network Monitor and network monitoring in general.

Learn more

PRTG Network Monitor

Intuitive to Use. Easy to manage.
More than 500,000 users rely on Paessler PRTG every day. Find out how you can reduce cost, increase QoS and ease planning, as well.

Free Download

Top Tags


View all Tags

J-Flow and Juniper SRX physical and logical interfaces

Votes:

0

I am having trouble configuring J-Flow sensors for my Juniper SRX-210 firewall. When I define a J-Flow sensor I can specify an "interface" which according to the terse documentation must be expressed simply as "a number". What number?

I did an auto-discovery on the device, and while RMON sensors were auto-configured (and numbered 1-28), there are also an RMON Port Numbers which was picked up (509 to 536 in my case). These are RMON sensors but the port numbers agree with the SNMP Interface number. The interfaces that were picked up all correspond to physical interfaces, not logical interfaces. The SRX series allows the configuration of "logical interfaces" numbered st0.0, st0.1 etc. that are then used in routing rules for VPN tunnels. They also have SNMP interface numbers assigned. One physical interface can have multiple logical st0.x logical interfaces defined. I know the SNMP interface numbers for all interfaces - logical and physical.

So which numbers do I use for a J-Flow sensor to specify the interface? A sequential # beginning with 1 corresponding to the # assigned to the auto-discovered RMON sendor, an SNMP interface number, or something else? Also can I track the SRX VPN tunnel logical interfaces at all?

interfaces j-flow juniper sensors srx

Created on Apr 29, 2014 7:14:54 PM



9 Replies

Votes:

0

Hello,

thank you very much for your KB-Post. Unfortunately, we do not know the interface number for the filter. We can't say which exact number the device sends in its Jflow-Packets. That will be a question for the vendor of the device actually.

best regards.

Created on Apr 30, 2014 1:06:10 PM by Torsten Lindner [Paessler Support]



Votes:

0

Isn't there any more specific information you can provide? For example in general would an interface number as reported by an SNMP walk be the one that is reported via J-Flow (or NetFlow for another brand of device) be the one that is used in the filter? What about the case when a router's configuration identifies the interface as a string (as in the SRX product)? Or what about sequential numbers starting with one? Are there any diagnostic tools avaiable to look at the 'raw' J-Flow data to see what it's reporting? I find it hard to believe that otherwise all I can try to do is use random numbers to see if anything happens.

Created on May 1, 2014 4:04:11 PM



Votes:

0

The vendor of the jflow-sending device really should be able to provide specific information here. Sometimes the indexes from SNMP Counters do match the interface-numbers in flow-packets, but not all the time. This really depends on the device.

Created on May 6, 2014 9:17:06 AM by Torsten Lindner [Paessler Support]



Votes:

0

Hi ehavemann,

Did you find any luck in figuring out jflow on SRX devices with PRTG ?

Regards

Created on Nov 17, 2014 8:47:25 AM



Votes:

0

Funny, I am coming back to this issue and while googling for answers I came back to my own original post. The answer to your question is NO, I have not been able to figure out the Interface issue.

Let me restate my question. I am not asking for what specific number to type into the filter whose syntax is "Interface[###]". I am asking what is the General concept used to define the interface # for any brand of router for the purposes of a flow filter. Is the concept a sequential # starting at 1? Is it the SNMP # reported by PRTG when it probes the device (regardliess of which brand of router)?

And if I were to create log file of all traffic and look at it, will I find the interface numbers in the log file?

Created on Nov 21, 2014 11:40:32 PM

Last change on Dec 2, 2021 10:34:40 AM by Maike Guba [Paessler Support] (2,404) 2 1



Votes:

0

PRTG can only re-act to the interface number in the flow packets. Therefore the definition happens on the router. That means the question of the general concept behind the interface numbers in flows is a question for the vendor(s) of the routers & switches.
J-flow-Sensors do not allow Stream Logs as of now I'm afraid, so this won't tell the interface number.

Created on Nov 24, 2014 10:08:50 AM by Torsten Lindner [Paessler Support]



Votes:

1

It turns out that on the Juniper SRX routers the SNMP index is the correct one to use. The CLI command "show interfaces" will provide for each configured interface a "SNMP if Index". These are also the same interface numbers as the ones revealed during the automatic initial scan of the router performed by PRTG. All of the "SNMP RMON Port ###" sensors correspond to the number you need to provide in the "Interface[###]" filters when setting up J-Flow.

Created on Nov 24, 2014 10:21:09 PM



Votes:

1

you can see interface numbers by creating a custom top list and put check marks in the inbound/outbound interface. We have a lot of Juniper and it seems to key off the SNMP IfIndex of the logical interface.

Created on Sep 11, 2015 2:00:13 PM



Votes:

1

There is a SRX jFlow configuration sample in the following link: http://chimera.labs.oreilly.com/books/1234000001633/ch05.html#system_services_operation_on_the_srx

Hope this will help.

Created on May 30, 2016 3:07:30 AM




Disclaimer: The information in the Paessler Knowledge Base comes without warranty of any kind. Use at your own risk. Before applying any instructions please exercise proper system administrator housekeeping. You must make sure that a proper backup of all your data is available.