Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1118
Views
10
Helpful
6
Replies

Cisco asa export unused access-list with time stamps last used

mitchell-ruijgrok
Level 1
Level 1

‎05-19-2022 02:44 AM

Hi All,

 

This is my first time I'm sending a message on this community, so if there isn't enough information please let me know.  

 

Can some one tell me how I can get a nice clean export of unused access-list with a time stamp for checking which access-list I can and can't remove because there not used at all?

 

I already have a list of rules who has a hitcnt of 0 but I dont now how long they are not used.

 

Thanks in advance

 

With kind regards,

Mitchell

6 Replies 6

balaji.bandi
Hall of Fame
Hall of Fame

‎05-19-2022 02:56 AM

If you some test environment with Linux hands on - I have used to get these output (later moved to Tuffin archestration tool does the work for you)

 

https://developer.cisco.com/codeexchange/github/repo/DiogoAndre/acl_stats

 

hope that help you.

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

mitchell-ruijgrok
Level 1
Level 1
In response to balaji.bandi

‎05-19-2022 03:02 AM

Thanks Balaji,

 

I'm going to try this. I will let you know if this was help full for me as a beginner of linux.

 

 

0 Helpful

MHM Cisco World
VIP
VIP

‎05-19-2022 03:03 AM

ok I have workaround 
these ACL with 0 hitcnt, add LOG to it, 
this make you know if it use or not if you monitor for days and you don't see any log message for these ACL that another indication that these ACL are ever use during monitor time.

0 Helpful

mitchell-ruijgrok
Level 1
Level 1
In response to MHM Cisco World

‎05-19-2022 03:15 AM

Hi MHM,

 

I got around 200 acl with a hitcnt 0. Do I need to LOG them al or is the way that Balaji is telling a beter way to start with?

 

Thanks in advance.

 

 

 

0 Helpful

MHM Cisco World
VIP
VIP
In response to mitchell-ruijgrok

‎05-19-2022 06:13 AM - edited ‎05-19-2022 06:13 AM

@balaji.bandi  is more professional than Me, 
so Sure try his way and then if you face any issue with linux then try my workaround.
and for 200 ACL, not all only the ACL you are 100% sure it never use, but use log to be more sure.

balaji.bandi
Hall of Fame
Hall of Fame
In response to MHM Cisco World

‎05-19-2022 07:42 AM

@MHM Cisco World - nothing more and less in the technology mate, we are all part of the journey as we learning, so our intention is learn and help where we can, taken your appriciated comments.

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card