Report on Rule Usage?

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Report on Rule Usage?

Not applicable

Hi,

How can I run a report to understand the last use of a loaded policy/security rule? For example, if I have 100 security rules in the firewall policy, how can I identify which rules are actively being used, and which ones are not being used often, or at all? I realize that this information is contained within the traffic log, but for an environment whose log rention is not very long (50 days) is there another metric I can generate a report on to see when rules are being used?

Thanks,

-Paul

3 REPLIES 3

L6 Presenter

show running rule-use rule-base security type unused vsys vsys1 (replace vsys1 with the appropriate vsys name)

-Benjamin

Thank you Benajmin. This is pretty much exactly what I was looking for. Now is there any additional modification that can be made to show not only the rules that have NEVER used, but also those that haven not been used in a while, and include the last date/time that the rule was triggered?

I think your next option here is to review logs and start filtering on dates or rules you might question.  There's currently not a report like that one for "infrequently" used rules.  If you have particular rules you'd like to clean up, you could potentially create a custom report for utilization of just those particular rules, and run it against your desired time frames.  Hope this helps!

  • 2969 Views
  • 3 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!