Junos output level and filtering allow us to control and filter the output of Junos show commands. This allows you to control how much detailed information is displayed. And only show the part of the output that is more important to us.
Management of Junos show command output
You can control and filter the output of Junos Show commands as to how much detail and what part of the output is more important to you to display on the screen.
In terms of level of detail, “terse” shows the minimal amount of information shown in the output of show commands, typically used with the ‘show Interface terse” command.
Keyword “brief” shows more information than “terse”. “details” show the most of information and “extensive” shows all information.
Show command output filtering lets you control which part of the output is more important to you to display on the screen.
A brief description before touching the commands, with “display” you can control which version of the output, “set” version, “XML” version or “JSON” version of the output is displayed. These types of outputs are mainly used in automation.
With “match”, only lines with specific keyword are displayed, like what with do with “grep” in shell commands. in Junos, it is also possible to use grep command instead of match command.
With “except”, all lines except lines with specific keyword are displayed.
With “find”, lines beginning with specific keyword is displayed.
With “last”, the last page of the output is displayed.
With “save”, you can save the output in specific file.
With “compare” which is very practical, you can compare two version of output.
The most important application of “compare” command is to compare the current active configuration with the latest versions of configurations to see what changes has been made. Also you can compare the current active version of the configuration with what will be active after commit command.
To get a better feeling of these commands, let touch them together.
Junos output levels
Let’s start with Junos show command output level.
To see an example, let’s run the “show interface” command with different output levels to show different levels of detail.
The command “show interface terse”, shows the minimum and most important information regarding interfaces.
rayka@vSRX> show interfaces terse
Interface Admin Link Proto Local Remote
ge-0/0/0 up up
gr-0/0/0 up up
ip-0/0/0 up up
lsq-0/0/0 up up
lt-0/0/0 up up
mt-0/0/0 up up
sp-0/0/0 up up
sp-0/0/0.0 up up inet
inet6
sp-0/0/0.16383 up up inet
ge-0/0/1 up up
dsc up up
em0 up up
em0.0 up up inet 128.0.0.1/2
em1 up up
em1.32768 up up inet 192.168.1.2/24
em2 up down
fti0 up up
fxp0 up up
fxp0.0 up up inet 192.168.200.100/24
gre up up
ipip up up
irb up up
lo0 up up
lo0.16384 up up inet 127.0.0.1 --> 0/0
lo0.16385 up up inet 10.0.0.1 --> 0/0
10.0.0.16 --> 0/0
128.0.0.1 --> 0/0
128.0.0.4 --> 0/0
128.0.1.16 --> 0/0
lo0.32768 up up
lsi up up
mtun up up
pimd up up
pime up up
pp0 up up
ppd0 up up
ppe0 up up
st0 up up
tap up up
vlan up down
vtep up upIt shows physical and line protocol status of interfaces and also the IP address assigned to the interfaces.
Most of the times you do not need to see all interfaces. You can filter it with regular expression. As an example, “show interfaces terse | grep “ge|fxp0“, shows interfaces including “ge” like gigabit Ethernet interfaces and also fxp0 which is management interface.
rayka@vSRX> show interfaces terse | grep "ge|fxp0"
ge-0/0/0 up up
ge-0/0/1 up up
fxp0 up up
fxp0.0 up up inet 192.168.200.100/24Brief version of show interface command, “show interface brief”, shows more information in addition to status and IP address of interfaces, like MTU and speed of interfaces.
rayka@vSRX> show interfaces brief
Physical interface: ge-0/0/0, Enabled, Physical link is Up
Link-level type: Ethernet, MTU: 1514, MRU: 1522, LAN-PHY mode, Speed: 10Gbps, Loopback: Disabled, Source filtering: Disabled,
Flow control: Enabled
Device flags : Present Running
Interface flags: SNMP-Traps Internal: 0x4000
Link flags : None
...Detail version of show interface command, “show interface detail”, shows the most information. in addition to status, IP address, MTU and speed of interfaces, it shows also traffic statistics.
rayka@vSRX> show interfaces detail
Physical interface: ge-0/0/0, Enabled, Physical link is Up
Interface index: 136, SNMP ifIndex: 510, Generation: 139
Link-level type: Ethernet, MTU: 1514, MRU: 1522, LAN-PHY mode, Link-mode: Full-duplex, Speed: 10Gbps, BPDU Error: None,
Loop Detect PDU Error: None, Ethernet-Switching Error: None, MAC-REWRITE Error: None, Loopback: Disabled, Source filtering: Disabled,
Flow control: Enabled
Device flags : Present Running
Interface flags: SNMP-Traps Internal: 0x4000
Link flags : None
CoS queues : 8 supported, 8 maximum usable queues
Hold-times : Up 0 ms, Down 0 ms
Current address: 00:0c:29:bb:b0:24, Hardware address: 00:0c:29:bb:b0:24
Last flapped : 2022-04-23 18:04:45 UTC (4d 01:27 ago)
Statistics last cleared: Never
Traffic statistics:
Input bytes : 0 0 bps
Output bytes : 0 0 bps
Input packets: 0 0 pps
Output packets: 0 0 pps
Active alarms : None
Active defects : None
PCS statistics Seconds
Bit errors 0
Errored blocks 0
Ethernet FEC statistics Errors
FEC Corrected Errors 0
FEC Uncorrected Errors 0
FEC Corrected Errors Rate 0
FEC Uncorrected Errors Rate 0
Interface transmit statistics: Disabled
Physical interface: gr-0/0/0, Enabled, Physical link is Up
...And finally, extensive version of show interface command, “show interface extensive”, shows all information. in addition to information displayed in detail version, it also shows also error statistics.
rayka@vSRX> show interfaces extensive
Physical interface: ge-0/0/0, Enabled, Physical link is Up
Interface index: 136, SNMP ifIndex: 510, Generation: 139
Link-level type: Ethernet, MTU: 1514, MRU: 1522, LAN-PHY mode, Link-mode: Full-duplex, Speed: 10Gbps, BPDU Error: None,
Loop Detect PDU Error: None, Ethernet-Switching Error: None, MAC-REWRITE Error: None, Loopback: Disabled, Source filtering: Disabled,
Flow control: Enabled
Device flags : Present Running
Interface flags: SNMP-Traps Internal: 0x4000
Link flags : None
CoS queues : 8 supported, 8 maximum usable queues
Hold-times : Up 0 ms, Down 0 ms
Current address: 00:0c:29:bb:b0:24, Hardware address: 00:0c:29:bb:b0:24
Last flapped : 2022-04-23 18:04:45 UTC (4d 01:30 ago)
Statistics last cleared: Never
Traffic statistics:
Input bytes : 0 0 bps
Output bytes : 0 0 bps
Input packets: 0 0 pps
Output packets: 0 0 pps
Input errors:
Errors: 0, Drops: 0, Framing errors: 0, Runts: 0, Policed discards: 0, L3 incompletes: 0, L2 channel errors: 0, L2 mismatch timeouts: 0,
FIFO errors: 0, Resource errors: 0
Output errors:
Carrier transitions: 2, Errors: 0, Drops: 0, Collisions: 0, Aged packets: 0, FIFO errors: 0, HS link CRC errors: 0, MTU errors: 0,
Resource errors: 0
Active alarms : None
Active defects : None
PCS statistics Seconds
Bit errors 0
Errored blocks 0
Ethernet FEC statistics Errors
FEC Corrected Errors 0
FEC Uncorrected Errors 0
FEC Corrected Errors Rate 0
FEC Uncorrected Errors Rate 0
MAC statistics: Receive Transmit
Total octets 36711982 0
Total packets 504505 0
Unicast packets 0 0
Broadcast packets 0 0
Multicast packets 0 0
CRC/Align errors 0 0
FIFO errors 14 0
MAC control frames 0 0
MAC pause frames 0 0
Oversized frames 0
Jabber frames 0
Fragment frames 0
VLAN tagged frames 0
Code violations 0
Filter statistics:
Input packet count 0
Input packet rejects 0
Input DA rejects 0
Input SA rejects 0
Output packet count 0
Output packet pad count 0
Output packet error count 0
CAM destination filters: 1, CAM source filters: 0
Autonegotiation information:
Negotiation status: Complete
Link partner:
Link mode: Full-duplex, Flow control: None, Remote fault: OK
Packet Forwarding Engine configuration:
Destination slot: 0 (0x00)
CoS information:
Direction : Output
CoS transmit queue Bandwidth Buffer Priority Limit
% bps % usec
0 best-effort 95 9500000000 95 0 low none
3 network-control 5 500000000 5 0 low none
Interface transmit statistics: Disabled
Physical interface: gr-0/0/0, Enabled, Physical link is Up
...
Junos output filtering
Now we continue with output command filtering or formatting to show only a part of configuration or in the format that we are interested in.
The command “show configuration | display set” is very handy and, is used to show the “set” version of the configuration which not only is easier to read, but also to copy or use in automation. XML or JSON version of the configuration can also be shown with display command. XML and JSON are mostly used in automation.
rayka@vSRX> show configuration | display set
set version 22.1R1.10
set system host-name vSRX
set system root-authentication encrypted-password "$6$Mm42nQEW$FBVpHM3HM3jTMOhBsS4pbQ8ZnmhmMsx4cQEz05/z0tIED/lF83D45Y8jvgPiCosReDYg.z/Ww4izkNsvS0KrB1"
set system login user rayka uid 2000
set system login user rayka class super-user
set system login user rayka authentication encrypted-password "$6$q3IzG30w$9C9wXWadnG3bhg.GqSJXREB1YqiPWZ/3Y3aVf3.YKSCBN4rxONm5Czpi4JHrQ8OoeJCk0DZqr3k2rFf8r0g../"
set system services ssh root-login allow
set system services telnet
...rayka@vSRX> show configuration | display xml
<rpc-reply xmlns:junos="http://xml.juniper.net/junos/22.1R0/junos">
<configuration junos:commit-seconds="1651081620" junos:commit-localtime="2022-04-27 17:47:00 UTC" junos:commit-user="rayka">
<version>22.1R1.10</version>
<system>
<host-name>vSRX</host-name>
<root-authentication>
<encrypted-password>$6$Mm42nQEW$FBVpHM3HM3jTMOhBsS4pbQ8ZnmhmMsx4cQEz05/z0tIED/lF83D45Y8jvgPiCosReDYg.z/Ww4izkNsvS0KrB1</encrypted-password>
</root-authentication>
<login>
<user>
<name>rayka</name>
<uid>2000</uid>
<class>super-user</class>
<authentication>
<encrypted-password>$6$q3IzG30w$9C9wXWadnG3bhg.GqSJXREB1YqiPWZ/3Y3aVf3.YKSCBN4rxONm5Czpi4JHrQ8OoeJCk0DZqr3k2rFf8r0g../</encrypted-password>
</authentication>
</user>
</login>
<services>
...rayka@vSRX> show configuration | display json
{
"configuration" : {
"@" : {
"junos:commit-seconds" : "1651081620",
"junos:commit-localtime" : "2022-04-27 17:47:00 UTC",
"junos:commit-user" : "rayka"
},
"version" : "22.1R1.10",
"system" : {
"host-name" : "vSRX",
"root-authentication" : {
"encrypted-password" : "$6$Mm42nQEW$FBVpHM3HM3jTMOhBsS4pbQ8ZnmhmMsx4cQEz05/z0tIED/lF83D45Y8jvgPiCosReDYg.z/Ww4izkNsvS0KrB1"
},
"login" : {
"user" : [
{
"name" : "rayka",
"uid" : 2000,
"class" : "super-user",
"authentication" : {
"encrypted-password" : "$6$q3IzG30w$9C9wXWadnG3bhg.GqSJXREB1YqiPWZ/3Y3aVf3.YKSCBN4rxONm5Czpi4JHrQ8OoeJCk0DZqr3k2rFf8r0g../"
}
}
]
},
"services" : {
...With command “match” or “grep”, we can show only lines matching with specific keyword. This command is also very handy to use in monitoring and troubleshooting.
As example we can use it with “show configuration | display set” command.
like “show configuration | display set | match policies”, show set version of the configuration but only lines matching “policies” keyword.
rayka@vSRX> show configuration | display set | match policies
set security policies from-zone trust to-zone trust policy default-permit match source-address any
set security policies from-zone trust to-zone trust policy default-permit match destination-address any
set security policies from-zone trust to-zone trust policy default-permit match application any
set security policies from-zone trust to-zone trust policy default-permit then permit
set security policies from-zone trust to-zone untrust policy default-permit match source-address any
set security policies from-zone trust to-zone untrust policy default-permit match destination-address any
set security policies from-zone trust to-zone untrust policy default-permit match application any
set security policies from-zone trust to-zone untrust policy default-permit then permit
set security policies pre-id-default-policy then log session-closeThe command parameter “except” is opposite to “match”. It shows only lines not matching specific “keyword”.
For example, “show configuration | display set | except security”, shows only lines not matching “security” keyword.
rayka@vSRX> show configuration | display set | except security
set version 22.1R1.10
set system host-name vSRX
set system root-authentication encrypted-password "$6$Mm42nQEW$FBVpHM3HM3jTMOhBsS4pbQ8ZnmhmMsx4cQEz05/z0tIED/lF83D45Y8jvgPiCosReDYg.z/Ww4izkNsvS0KrB1"
set system login user rayka uid 2000
set system login user rayka class super-user
set system login user rayka authentication encrypted-password "$6$q3IzG30w$9C9wXWadnG3bhg.GqSJXREB1YqiPWZ/3Y3aVf3.YKSCBN4rxONm5Czpi4JHrQ8OoeJCk0DZqr3k2rFf8r0g../"
set system services ssh root-login allow
set system services telnet
set system services web-management http interface fxp0.0
set system syslog file interactive-commands interactive-commands any
set system syslog file messages any any
set system syslog file messages authorization info
set system license autoupdate url https://ae1.juniper.net/junos/key_retrieval
set interfaces fxp0 unit 0 family inet address 192.168.200.100/24The command parameter “find”, shows the output but beginning from the line matching specific “keyword”.
The command, “show configuration | display set | find policies”, shows the configuration beginning from the line matching “policies” keyword.
rayka@vSRX> show configuration | display set | find policies
set security policies from-zone trust to-zone trust policy default-permit match source-address any
set security policies from-zone trust to-zone trust policy default-permit match destination-address any
set security policies from-zone trust to-zone trust policy default-permit match application any
set security policies from-zone trust to-zone trust policy default-permit then permit
set security policies from-zone trust to-zone untrust policy default-permit match source-address any
set security policies from-zone trust to-zone untrust policy default-permit match destination-address any
set security policies from-zone trust to-zone untrust policy default-permit match application any
set security policies from-zone trust to-zone untrust policy default-permit then permit
set security policies pre-id-default-policy then log session-close
set security zones security-zone trust tcp-rst
set security zones security-zone untrust screen untrust-screen
set interfaces fxp0 unit 0 family inet address 192.168.200.100/24The command parameter “last”, shows the last page of the output.
The command, “show configuration | display set | last”, shows the last page of the configuration. our configuration is only one page.
rayka@vSRX> show configuration | display set | last
set version 22.1R1.10
set system host-name vSRX
set system root-authentication encrypted-password "$6$Mm42nQEW$FBVpHM3HM3jTMOhBsS4pbQ8ZnmhmMsx4cQEz05/z0tIED/lF83D45Y8jvgPiCosReDYg.z/Ww4izkNsvS0KrB1"
set system login user rayka uid 2000
set system login user rayka class super-user
set system login user rayka authentication encrypted-password "$6$q3IzG30w$9C9wXWadnG3bhg.GqSJXREB1YqiPWZ/3Y3aVf3.YKSCBN4rxONm5Czpi4JHrQ8OoeJCk0DZqr3k2rFf8r0g../"
set system services ssh root-login allow
set system services telnet
set system services web-management http interface fxp0.0
set system syslog file interactive-commands interactive-commands any
set system syslog file messages any any
set system syslog file messages authorization info
set system license autoupdate url https://ae1.juniper.net/junos/key_retrieval
set security log mode stream
set security screen ids-option untrust-screen icmp ping-death
set security screen ids-option untrust-screen ip source-route-option
set security screen ids-option untrust-screen ip tear-dropThe command parameter “compare” is very practical and useful. With it we can compare two versions of configuration.
For example, the command “show configuration | compare rollback 1”, compare the current configuration with the previous version.
rayka@vSRX> show configuration | compare rollback 1
[edit system]
+ host-name vSRX;The difference of the current configuration and previous version shows that in the last changes, we have configured the host-name to vSRX.
The command, “show configuration | compare rollback 2” ”, compare the current configuration with two previous version.
rayka@vSRX> show configuration | compare rollback 2
[edit system]
- host-name vSRX1;
+ host-name vSRX;
rayka@vSRX> The difference of the current configuration and two previous version shows that, we have changed host-name from vSRX1 to vSRX.
The most important usage of “compare” command parameter is to compare the current configuration with the changes that have not yet been applied.
Usually before committing the new configuration we use “show | compare” command in configuration mode to review the changes.
As example, we change the hostname again. But before committing the changes, you can review the changes with “show | compare” command.
rayka@vSRX# set system host-name vSRX2
[edit]
rayka@vSRX# show | compare
[edit system]
- host-name vSRX;
+ host-name vSRX2;
[edit]
rayka@vSRX#
And if it is not what you wish, then you can easily discard it with “rollback 0” command. and if it is as your wish, you can just deploy it with “commit” command.
rayka@vSRX# rollback 0
load complete
[edit]
rayka@vSRX# show | compare
[edit]
rayka@vSRX# And finally with “save” command parameter, for example “show configuration | save config20220430”, you can save the output of show command.
Then you can the list the saved file with “file list” command and also see the content of the file with “file show” command.
rayka@vSRX> show configuration | save config20220430
Wrote 119 lines of output to 'config20220430'
rayka@vSRX> file list
/var/home/rayka/:
config20220430
rayka@vSRX>
rayka@vSRX> file show config20220430
## Last commit: 2022-04-27 17:47:00 UTC by rayka
version 22.1R1.10;
system {
host-name vSRX;
root-authentication {
encrypted-password "$6$Mm42nQEW$FBVpHM3HM3jTMOhBsS4pbQ8ZnmhmMsx4cQEz05/z0tIED/lF83D45Y8jvgPiCosReDYg.z/Ww4izkNsvS0KrB1"; ## SECRET-DATA
}
login {
user rayka {
uid 2000;
class super-user;
authentication {
encrypted-password "$6$q3IzG30w$9C9wXWadnG3bhg.GqSJXREB1YqiPWZ/3Y3aVf3.YKSCBN4rxONm5Czpi4JHrQ8OoeJCk0DZqr3k2rFf8r0g../"; ## SECRET-DATA
}
}
}
services {
ssh {
......