Below is teh config for traceoption:-
show configuration | match traceoption | display set
set security flow traceoptions file 001_check
set security flow traceoptions flag basic-datapath
set security flow traceoptions packet-filter trace-filer source-prefix x.x.x.x/32
set security flow traceoptions packet-filter trace-filer destination-prefix y.y.y.y/32
Below shows session is forming
show security flow session destination-prefix y.y.y.y source-prefix x.x.x.x
node0:
------------------------------
Flow Sessions on FPC1 PIC0:
Session ID: 20063422, Policy name: POL-KCC-ORN-001/37, State: Active, Timeout: 2, Valid
In: x.x.x.x/2 --> y.y.y.y/14560;icmp, If: reth0.2269, Pkts: 1, Bytes: 84
Out: y.y.y.y/14560 --> x.x.x.x/2;icmp, If: reth1.452, Pkts: 1, Bytes: 84
Session ID: 20340282, Policy name: POL-KCC-ORN-001/37, State: Active, Timeout: 4, Valid
But in traceoptions only get the dropped packet
13:59:55.445631:CID-01:FPC-01:
Dec 9 13:59:56 13:59:55.445660:CID-01:FPC-01:
Dec 9 13:59:56 13:59:55.445682:CID-01:FPC-01:
Dec 9 13:59:56 13:59:55.445691:CID-01:FPC-01:
Dec 9 13:59:56
Customer configured traceoptions in SRX 3400. But when he see show log <file name for traceoption> he only sees dropped packet, however he has configured with flag basic-datapath. I can see sessions on show security flow session for the source for which traceoption is applied.