This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
VikingsFan
Advisor
‎2025-07-18 05:44 AM

Latest on Resetting Hit Count?

Have a need where we're working on a Management server which manages a handful of 1595 devices and another set of 6000 appliances.  We have a separate policy for the 1595 devices that I need to reset the hit count on all of the rules as we're monitoring rule traffic.  I've found two SKs that seem applicable but I was surprised resetting hit count involved stopping services and running sql commands.

SK's found:

sk111162 - How to reset the Hit Count

sk111832 - How to reset Hit Count for a specific rule

Few questions:

1. Is there not an easier way through Smart Console?

2. Doing SK111162 would reset hit counts on all policies, not just my 1595 device policy, correct?  No way to target just the one policy?

3. Trying to understand SK111162, do I need to do the top part and touch all my 1595 devices (which involves doing a cpstop... so not super feasible at this point) or is it enough to just run the management server section if these are all centrally managed?

4. One other idea was to change the hit count in Global Properties to disabled, let it sit a day and then re-enable.  Would that have a similar effect?  I know it would also impact all policies but just thinking of alternative methods.

Thanks!

Labels
0 Kudos
5 Replies
the_rock
Legend
Legend
‎2025-07-18 05:49 AM

Technically, one way is to disable/re-enable the rule, but you cant do that for all of them at once. Great question, lets see if there is a good way to do this.

Andy

0 Kudos
_Val_
Admin
Admin
‎2025-07-18 07:09 AM

Hit counters are kept on the GW side in a database, and the data is fed by the kernel operations. While resetting them from the SmartConsole sounds like a good RFE, I just want to convey that it may be a bit more complex than it might seem at the first glance.

0 Kudos
VikingsFan
Advisor
‎2025-07-18 07:13 AM
In response to _Val_

What about disabling hit count via Global Properties.  Does that do anything if I disabled and then re-enabled in a day or two?

0 Kudos
PhoneBoy
Admin
Admin
‎2025-07-22 04:03 PM
In response to VikingsFan

That might stop the logging of hit count data, but I don't think it deletes the data from the database.

0 Kudos
the_rock
Legend
Legend
‎2025-07-22 07:30 PM

One, though somewhat unconventional way to do this, is clone existing policy package, which would technically show hit count as 0 for all the rules, then delete original policy package and push policy for new cloned one.

I tried this before and it worked fine.

Andy

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events