analytics network stale-rules
analytics network stale-rules(BIG-IP TMSH Manuanalytics network stale-rules(1)
NAME
stale-rules - Displays a network firewall stale rules report.
MODULE
analytics network
SYNTAX
Show an analytics network stale-rules report using the syntax shown in
the following sections.
DISPLAY
show stale-rules type [ enforced | staged ]
options:
drilldown {
{
entity [ context | policy | rule-name ]
values
{
[value ...]
}
} ...
}
field-fmt
first-rule-number [ value ]
number-of-rules [ value ]
range [ date range ]
DESCRIPTION
Use this command to generate network firewall stale rules reports. A
stale rule is one that has had not hits, or very few hits, over a
specified time period. The report is displayed in order from the
least-hit rules (including rules with no hits) to the most hit rules.
You can generate a stale rules report for either enforced or staged
rules.
EXAMPLES
show analytics network stale-rules type enforced
Shows a stale rules report for enforced rules (either inline or
not).
show analytics network stale-rules type staged drilldown { { entity
context values { /Common/virtual_server_1 } } }
Shows a stale rules report for staged rules in the context of the
virtual server /Common/virtual_server_1
show analytics network stale-rules type enforced number-of-rules 100
range now-1w
Shows a stale rules report for enforced rules. 100 rules are shown
in the report. This report is shown for the last week (including
the last day).
show analytics network stale-rules type enforced first-rule-number 10
number-of-rules 100 range now-1w
Shows a stale rules report for enforced rules. The first least hit
9 rules are skipped, and 100 rules are shown in the report. This
report is shown for the last week (including the last day).
show analytics network stale-rules type enforced first-rule-number 10
number-of-rules 100 range now-1d--now-1w
Shows a stale rules report for enforced rules. The first least hit
9 rules are skipped, and 100 rules are shown in the report. This
report is shown for the last week, excluding the last day.
OPTIONS
drilldown
Specifies specific entities that are used as a filter.
field-fmt
Shows statistics in field format for the specified items.
first-rule-number
Specifies the first rule number being displayed (rules are ordered
by hit count in an ascending order).
number-of-rules
Specifies the maximum number of firewall rules being displayed in
the output result set. The default value is 10.
range
Specifies the time/date range of the analytics information that
you want to display. The given results will reflect the time range
chosen here. The default value is the last hour (now--now-1h).
SEE ALSO
analytics, analytics report, security analytics settings, show, tmsh
COPYRIGHT
No part of this program may be reproduced or transmitted in any form or
by any means, electronic or mechanical, including photocopying,
recording, or information storage and retrieval systems, for any
purpose other than the purchaser's personal use, without the express
written permission of F5 Networks, Inc.
F5 Networks and BIG-IP (c) Copyright 2008-2013. All rights reserved.
BIG-IP 2013-11-04 analytics network stale-rules(1)