Heads Up :
The post you are writing will appear in a public forum. Please ensure all content is appropriate for public consumption. Review the employee guidelines for the community here.
A customer of mine needs to see hit counts on MX rules so that he can eliminate his any-any permit rule after verifying that all legit traffic is covered. We can get a snapshot by looking at the L3 rules with the GUI but we'd like to have several days of data to ensure that we're going to break as few things as possible. getNetworkApplianceFirewallL3FirewallRules tells us what the rules are, but no hit counts. Any suggestions?
Hmmm, when using the dashboard, I believe hits are only recorded while you have the page open. I have no idea what the returned value would mean from the API in this context.
+1 to @jdb1 . You will need to use syslog for this.
You'll need to indeed use a syslog server and parse the firewall events in it. Don't forget to discard the flow_start and flow_end events. At the end of the firewall events you have a matching statement that should make it obvious which actual rule it is matching. The rule number or name is NOT in the log.
Once you have filtered out the events you want you only need a linecount to get your counters.
or, just flick the allow all any any to deny and see what breaks
The story of my life. 🙂 I actually did look up this subject before I asked again hoping that they had added it to the API and I just couldn't find it. I'd bet you it is there but is expensive to execute so they just don't document it.
Learn, share, save
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
