Finding unused objects in policies

Showing results for 
Show  only  | Search instead for 
Did you mean: 

Finding unused objects in policies

L0 Member


I'm wondering if there's a way to see when an object last had a hit on it? I know there is for security policies, but I'm wondering about specific objects.

We don't have Panarama, and I'm just thinking about creating a new syslog server to capture historical data(going forward) to find these unused objects. I'm hoping that there's some kind of cli that may show this information.


any thoughts thanks



L7 Applicator

You are wanting to know not only what rule was used, but more specifically when a certain object was used in that rule?

LIVEcommunity team member
Stay Secure,
Don't forget to Like items if a post is helpful to you!

Cyber Elite
Cyber Elite


There's nothing that I'm aware readily available to do anything like this on the firewall. You can always attempt to simply delete the object in question (or all/any object), the firewall will present an error message for any object still referenced in the configuration and prevent you from removing it. 

I can find what rules an object belongs to, what I'm looking for is when was an object last hit. For example, I have object used in a policy, when did it get hit in the policy last 1 hour ago or 2 years ago. thanks John

  • 3 replies
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!