Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
S_E_
Advisor

Hit Counter search

Hi,

In R77.30, it is possible to search for Hit Counter Level (Very High, High,..)  in the Policy Query Search bar on top of the SmartDashboard.

Looking at R80, I do not see the filter for Hit Counter anymore.

SmartConsole R80.20 Help 

Will this come back? 

Thanks

1 Reply
Maik
Advisor

Hey,

I am not sure about future plans - someone from Check Point needs to make a statement regarding that. But in the meanwhile you could use the management API to filter/search for specific/greater|smaller than hitcounts. The information can be obtained via "show access-rulebase name <type_name_here> show-hits true".

Afterwards you could analyze the results or pass the json into sth. different... or use the json to search directly for the required values. Example output of one rule in a rulebase via the above mentioned command:

- uid: "4583b580-1240-4629-a711-5972dda16422"
  name: "Cleanup"
  type: "access-section"
  from: 8
  to: 8
  rulebase:
  - uid: "ca429c69-6cfd-4ccc-b9c6-e50d7d685b8d"
    name: "Cleanup"
    type: "access-rule"
    domain:
      uid: "41e821a0-3720-11e3-aa6e-0800200c9fde"
      name: "SMC User"
      domain-type: "domain"
    rule-number: 8
    track:
      type: "598ead32-aa42-4615-90ed-f51a5928d41d"
      per-session: false
      per-connection: true
      accounting: false
      alert: "none"
    source:
    - "97aeb369-9aea-11d5-bd16-0090272ccb30"
    source-negate: false
    destination:
    - "97aeb369-9aea-11d5-bd16-0090272ccb30"
    destination-negate: false
    service:
    - "97aeb369-9aea-11d5-bd16-0090272ccb30"
    service-negate: false
    vpn:
    - "97aeb369-9aea-11d5-bd16-0090272ccb30"
    action: "6c488338-8eec-4103-ad21-cd461ac2c473"
    action-settings: {}
    content:
    - "97aeb369-9aea-11d5-bd16-0090272ccb30"
    content-negate: false
    content-direction: "any"
    time:
    - "97aeb369-9aea-11d5-bd16-0090272ccb30"
    hits:
      percentage: "0%"
      value: 0
    custom-fields:
      field-1: ""
      field-2: ""
      field-3: ""
    meta-info:
      lock: "unlocked"
      validation-state: "ok"
      last-modify-time:
        posix: 1494777048228
        iso-8601: "2017-05-14T18:50+0300"
      last-modifier: "admin"
      creation-time:
        posix: 1460465910414
        iso-8601: "2016-04-12T15:58+0300"
      creator: "admin"
    comments: ""
    enabled: true
    install-on:
    - "6c488338-8eec-4103-ad21-cd461ac2c476"

[This information was obtained via a mgmt demo instance, the hit count part is marked in red.]

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events