https://community.checkpoint.com/t5/Firewall-and-Security-Management/CheckPoint-Gateway-HitCount/m-p/234919#M45554 <P><STRONG>This answer is provided by <A href="https://www.checkpoint.com/ai/copilot/" target="_blank">Infinity AI Copilot</A> and should be confirmed by reviewing official documentation in <A href="https://support.checkpoint.com" target="blank">Support Center</A>.</STRONG></P> <P>Currently, there isn't a direct command or API to retrieve security rule hit counts directly from a local gateway. The hit counts are typically aggregated and retrieved through the Check Point Management Server. </P> <P>However, you can use the <CODE>cpstat</CODE> command on the Management Server to get hit counts for a specific Security Gateway and save it to a file. Here's how you can do it:</P> <OL> <LI>Connect to the command line on the Management Server.</LI> <LI>Log in to the Expert mode.</LI> <LI>Use the following command to get the hit count for a specific Security Gateway:<PRE><CODE class="language-bash">cpstat -h &lt;IP Address of Security Gateway Object&gt; blades &gt; /var/log/HitCount_for_GW.txt </CODE></PRE> Replace <CODE>&lt;IP Address of Security Gateway Object&gt;</CODE> with the actual IP address of your Security Gateway.</LI> </OL> <P>This method allows you to export the hit count data for a specific gateway, but it still requires access through the Management Server. If you need further assistance or have any other questions, feel free to ask!</P> Fri, 06 Dec 2024 14:32:49 GMT CheckMatesAI 2024-12-06T14:32:49Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/CheckPoint-Gateway-HitCount/m-p/234865#M45541 <P>I can run the API/command on the Check Point Management Server to retrieve the hit counts for security rules, but it provides the aggregate hit counts for all gateways on which security policy applied rather than specific ones.</P><P>Is there a command, API, or method available to collect the security rule hit counts directly from a local gateway instead of through the Management Server?</P> Fri, 06 Dec 2024 10:58:42 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/CheckPoint-Gateway-HitCount/m-p/234865#M45541 Pavan9096 2024-12-06T10:58:42Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/CheckPoint-Gateway-HitCount/m-p/234912#M45551 <P>Maybe this?</P> <P>Andy</P> <P><A href="https://sc1.checkpoint.com/documents/latest/APIs/index.html?#clish/show-access-rule~v2%20" target="_blank">https://sc1.checkpoint.com/documents/latest/APIs/index.html?#clish/show-access-rule~v2%20</A></P> Fri, 06 Dec 2024 14:27:41 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/CheckPoint-Gateway-HitCount/m-p/234912#M45551 the_rock 2024-12-06T14:27:41Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/CheckPoint-Gateway-HitCount/m-p/234919#M45554 <P><STRONG>This answer is provided by <A href="https://www.checkpoint.com/ai/copilot/" target="_blank">Infinity AI Copilot</A> and should be confirmed by reviewing official documentation in <A href="https://support.checkpoint.com" target="blank">Support Center</A>.</STRONG></P> <P>Currently, there isn't a direct command or API to retrieve security rule hit counts directly from a local gateway. The hit counts are typically aggregated and retrieved through the Check Point Management Server. </P> <P>However, you can use the <CODE>cpstat</CODE> command on the Management Server to get hit counts for a specific Security Gateway and save it to a file. Here's how you can do it:</P> <OL> <LI>Connect to the command line on the Management Server.</LI> <LI>Log in to the Expert mode.</LI> <LI>Use the following command to get the hit count for a specific Security Gateway:<PRE><CODE class="language-bash">cpstat -h &lt;IP Address of Security Gateway Object&gt; blades &gt; /var/log/HitCount_for_GW.txt </CODE></PRE> Replace <CODE>&lt;IP Address of Security Gateway Object&gt;</CODE> with the actual IP address of your Security Gateway.</LI> </OL> <P>This method allows you to export the hit count data for a specific gateway, but it still requires access through the Management Server. If you need further assistance or have any other questions, feel free to ask!</P> Fri, 06 Dec 2024 14:32:49 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/CheckPoint-Gateway-HitCount/m-p/234919#M45554 CheckMatesAI 2024-12-06T14:32:49Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/CheckPoint-Gateway-HitCount/m-p/234921#M45555 <P>To confirm the answer by CheckMatesAI, see:&nbsp;<A href="https://support.checkpoint.com/results/sk/sk135212" target="_blank">https://support.checkpoint.com/results/sk/sk135212</A></P> Fri, 06 Dec 2024 14:35:00 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/CheckPoint-Gateway-HitCount/m-p/234921#M45555 PhoneBoy 2024-12-06T14:35:00Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/CheckPoint-Gateway-HitCount/m-p/234923#M45556 <P><a href="https://community.checkpoint.com/t5/user/viewprofilepage/user-id/7">@PhoneBoy</a>&nbsp;</P> <P>Not sure if this looks right (just did it in my lab), but seems some info is missing...</P> <P>Andy</P> <P>&nbsp;</P> <P>[Expert@CP-MANAGEMENT:0]# cpstat -h 172.16.10.249 blades &gt; /var/log/hitcount_for_gw.txt<BR />[Expert@CP-MANAGEMENT:0]# more /var/log/hitcount_for_gw.txt</P> <P>Packets accepted : 44090826<BR />Packets dropped : 13516<BR />Peak number of connections: 1019<BR />Number of connections: 7</P> <P><BR />Top Rule Hits<BR />-----------------------<BR />|rule index|rule count|<BR />-----------------------<BR />-----------------------</P> <P><BR />[Expert@CP-MANAGEMENT:0]#</P> Fri, 06 Dec 2024 14:39:20 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/CheckPoint-Gateway-HitCount/m-p/234923#M45556 the_rock 2024-12-06T14:39:20Z