Hello,
We encountered an incident today whereby the hit counters on a specific policy were not working.
In Smart Console, the majority of rules reflected 0 hit count and if queried via a call to the mgmt. API, the rules would reflect 0 hits.
i.e. mgmt_cli show access-rulebase offset 11 limit 1 name "Network" details-level "standard" use-object-dictionary true show-hits true hits-settings.from-date "2022-09-11" hits-settings.to-date "2022-09-12T23:59" hits-settings.target "cluster01" --format json
We upgraded the cluster this policy was applied to today – the hit counters are working post-upgrade.
I’ve reviewed sk79240 to get an understanding of the components involved that can impact this data.
We run automation against all policies for auditing unused rules that is based on the hit counter metric, so it’s critical the management server is receiving this data from all gateways.
We need to be able to monitor whether rule hit counters are incrementing as expected – do you have an existing script internally that we could use for this purpose?
Regards,
Simon