Hi,
I work for a VoIP company and we have an analyzer setup so we can monitor all traffic in and out of the nework. Recently the port that all the traffic comes out on has been a bit overloaded and we are trying to cut down on the amount of traffic that
the analyzer port outputs. I tried following the "Filtering the Traffic Entering an Analyzer section" at https://www.juniper.net/documentation/en_US/junos/topics/task/configuration/port-mirroring-cli.html however this seems to only allow sending input traffic to the analyzer (since there is lots of other traffic such as NFS and MySQL) . It seems there is no way of sending output traffic to the analyzer as well.
I have the following filter:
set firewall family ethernet-switching filter UDP_TRAFFIC term 10 from protocol udp
set firewall family ethernet-switching filter UDP_TRAFFIC term 10 then accept
set firewall family ethernet-switching filter UDP_TRAFFIC term 10 then analyzer MAIN
set firewall family ethernet-switching filter UDP_TRAFFIC term 20 then accept
and I tried doing on the interface:
set interfaces ge-0/0/0 unit 0 family ethernet-switching filter input UDP_TRAFFIC
set interfaces ge-0/0/0 unit 0 family ethernet-switching filter output UDP_TRAFFIC
and when I try to commit confirmed I get:
root@dovid_home# commit check
[edit interfaces ge-0/0/0 unit 0 family ethernet-switching]
'filter'
Referenced filter 'UDP_TRAFFIC' can not be used as analyzer not supported on egress
error: configuration check-out failed
Are there any work arounds to this?