Highlight unused rules after device restart

cancel
Showing results for 
Search instead for 
Did you mean: 

Highlight unused rules after device restart

L2 Linker

Hello,

Is there any way to know unused rules after device restart? Can the PA dig into available logs and recount?

4 REPLIES 4

L7 Applicator

The highlight unused rule function clears with a system reboot.  This only measures whether a rule was used or not since the most recent reboot.

There is no way to adjust the operation or parameters of this feature.

Steve Puluka BSEET - IP Architect - DQE Communications (Metro Ethernet/ISP)
ACE PanOS 6; ACE PanOS 7; ASE 3.0; PSE 7.0 Foundations & Associate in Platform; Cyber Security; Data Center

Hello Steven,

There may not be a way now but the migration tool can run reports for rules to get applications. Can this be used to check unused rules?

if there a traffic hits a rule in log, set counter+1 for example.so even after a reboot unused rules will have counter 0 And used rules will have minimum counter of 1.

I've only used the migration tool a couple times.  But from what I've seen this only deals with the configurations.  It seems like the approach you suggest would require some kind of log preservation and report.  And this tool is designed for migrations and application rule changes.

Seems like the better outside tool for this type of report would be to ship all syslog to a log server and create reports from there.

In any case the current unused rule feature in PanOS only performs the simple task of noting if a rule has ever been hit since the last reboot of the system, nothing more.  This is not a hit counter in the traditional sense.

Steve Puluka BSEET - IP Architect - DQE Communications (Metro Ethernet/ISP)
ACE PanOS 6; ACE PanOS 7; ASE 3.0; PSE 7.0 Foundations & Associate in Platform; Cyber Security; Data Center

L5 Sessionator

Hi,

What you can do, if you don't want to reboot your FW every day :-), is to create custom report based on "Rule" and "Repeat Count".

Check the report every day and see is which are the rule with no change.

Capture.JPG

V.

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!