SRX

Hello community,

We are facing an issue with JFlow not sending data to scrutinizer. The jFlow collector (10.101.20.151) is not receiving any flow, despite it’s in the same subnet as the fw sending if, 10.101.20.254. The collector is fine as it receiving flows from other devices.

The software version we are running is [12.3X48-D65.1]. Here is the configuration we have:

"

root@CNETILFW02> show configuration forwarding-options

sampling {

    input {

        rate 100;

        run-length 0;

    }

    family inet {

        output {

            flow-server 10.101.20.151 {

                port 2055;

                version 5;

            }

            inline-jflow {

               source-address 10.101.20.254;

            }

        }

    }

}

INTERFACES CONFIGURATION

reth0 { 

    description VLAN300_Office;

    redundant-ether-options {

        redundancy-group 1;

    }

    unit 0 {

        family inet {

            sampling {

                input;

                output;

            }

            address 192.168.20.254/24;

        }

    }

}

"

FORWARDING OPTIONS (I’ve tried also with version 9) but nothing changed.

Does anyone know why we might be facing this issue?
Is there any configuration mistake or missing configuration?

Any assistance would be greatly appreaciated.

Hello,

I see You have enabled sampling on RETH0 and this means You have a cluster.

In SRX products, "inline-flow" is supported only with v9 and v9 is not supported in cluster.

Please see this KB https://kb.juniper.net/InfoCenter/index?page=content&id=KB16677 for more info

HTH

Thx

Alex

Hi Trasgu,

I think removing "inline-jflow" from the v5 or v8 configuration should make it work. 

If it didn't work, please provide me the following outputs:

user@host> show route 10.101.20.151
user@host> show security flow session destination-prefix 10.101.20.151

Also, please check whether the log collector is listening to the appropriate port.

Worked! thanks a lot!