[j-nsp] SRX Command

Ben Dale bdale at comlinx.com.au
Tue Sep 24 03:15:44 EDT 2013 

Just blew the dust off it and it still works ; )

http://pastebin.com/xiszACPf

If you're applying this to a chassis cluster, you may need to replace the line:

for-each ($policies-list/security-context/policies) {

with 

for-each ($policies-list/multi-routing-engine-item/security-context/policies) {

Enjoy,

Ben

On 24/09/2013, at 4:43 PM, Maarten van der Hoek <maarten at vanderhoek.nl> wrote:

> Hi Ben,
> 
> Did you succeed in building that script ?
> (e.g. do you have it somewhere ? ;-) )
> 
> We've been playing with exports and then import in Excel...but still not
> very nice.. 
> A better solution would be nice.
> (we can't you Junos-Space / or so because most deployments are in separate
> Small / Branch offices)
> 
> Brgds,
> 
> Maarten van der Hoek
> 
> -----Oorspronkelijk bericht-----
> Van: juniper-nsp [mailto:juniper-nsp-bounces at puck.nether.net] Namens Ben
> Dale
> Verzonden: dinsdag 24 september 2013 6:46
> Aan: Edward Dore
> CC: juniper-nsp at puck.nether.net; Harri Makela
> Onderwerp: Re: [j-nsp] SRX Command
> 
> After I spent a bit of time building an op script to print policy matches
> out in a nicely formatted table, I notice that this feature is now available
> for all policies even without the "then count" action from 12.1:
> 
> show security policies hit-count
> 
> Cheers,
> 
> Ben
> 
> On 24/09/2013, at 8:45 AM, Edward Dore
> <edward.dore at freethought-internet.co.uk> wrote:
> 
>> You'll need to add the "count" action to the "then" statement on each
> security policy if you want to track the number of times that the policy has
> been matched.
>> 
>> Edward Dore
>> Freethought Internet
>> 
>> On 23 Sep 2013, at 23:08, Harri Makela wrote:
>> 
>>> Hi All
>>> 
>>> Is there any command in SRX which I can use to check "number of times FW
> policy has been used". Actually I want to clear all FW policies which are
> not being used for last 12 months or so.  I don`t know much about scripting
> but can try to get some help if I can think of a command which can be rung
> through different zones combinations.
>>> 
>>> 
>>> Thanks in Advance !
>>> HM
>>> _______________________________________________
>>> juniper-nsp mailing list juniper-nsp at puck.nether.net 
>>> https://puck.nether.net/mailman/listinfo/juniper-nsp
>> 
>> _______________________________________________
>> juniper-nsp mailing list juniper-nsp at puck.nether.net 
>> https://puck.nether.net/mailman/listinfo/juniper-nsp
>> 
> 
> 
> _______________________________________________
> juniper-nsp mailing list juniper-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp
>

More information about the juniper-nsp mailing list