Report on Rule Usage?

Reply
Highlighted
Not applicable

Report on Rule Usage?

Hi,

How can I run a report to understand the last use of a loaded policy/security rule? For example, if I have 100 security rules in the firewall policy, how can I identify which rules are actively being used, and which ones are not being used often, or at all? I realize that this information is contained within the traffic log, but for an environment whose log rention is not very long (50 days) is there another metric I can generate a report on to see when rules are being used?

Thanks,

-Paul

L6 Presenter

Re: Report on Rule Usage?

show running rule-use rule-base security type unused vsys vsys1 (replace vsys1 with the appropriate vsys name)

-Benjamin

Not applicable

Re: Report on Rule Usage?

Thank you Benajmin. This is pretty much exactly what I was looking for. Now is there any additional modification that can be made to show not only the rules that have NEVER used, but also those that haven not been used in a while, and include the last date/time that the rule was triggered?

L4 Transporter

Re: Report on Rule Usage?

I think your next option here is to review logs and start filtering on dates or rules you might question.  There's currently not a report like that one for "infrequently" used rules.  If you have particular rules you'd like to clean up, you could potentially create a custom report for utilization of just those particular rules, and run it against your desired time frames.  Hope this helps!

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!