Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
ScottG67
Participant

Custom Rule Report

Hello All,

    I have inherited a R80.40 system and I have a few rules that are allowing more than I would like. Now I know a few Services (Ports/Protocols) that are going through I want to remove, but going through the logs and trying to weed everything out is painful. I was wondering if I could write a report for a specific rule that would show the top number of Service's (Ports/Protocols) that were going through that rule? If this is possible then I could move things to more appropriate places or black them all together and trim the fat so to speak.

 

Thanks,

Scott

 

2 Replies
PhoneBoy
Admin
Admin

Depending on the rule that's being matched, it may not be possible to run a report.
The main reason being SmartEvent generally does not index connection logs from the firewall blade, only sessions (generally things that are tracked by a higher-level blade like App Control).
That said, I can think of a couple ways to do this:

  • Use SmartView to export the last million logs against the relevant rule into a CSV file, where you can import to Excel or similar.
  • You can also get some rough statistics in SmartView, but you'd have to scroll through the various log entries to get them to load into memory so the stats can be shown.

Screen Shot 2021-07-16 at 2.59.15 PM.png

ScottG67
Participant

Thanks a lot for the explanation. I will look into this and report back.

0 Kudos