[j-nsp] SRX Command

Maarten van der Hoek maarten at vanderhoek.nl
Wed Sep 25 02:38:11 EDT 2013 

Hi Ben,

Thanx!
We'll play with it :)

Maarten

-----Oorspronkelijk bericht-----
Van: Ben Dale [mailto:bdale at comlinx.com.au] 
Verzonden: dinsdag 24 september 2013 9:16
Aan: Maarten van der Hoek
CC: juniper-nsp at puck.nether.net
Onderwerp: Re: [j-nsp] SRX Command

Just blew the dust off it and it still works ; )

http://pastebin.com/xiszACPf

If you're applying this to a chassis cluster, you may need to replace the
line:

for-each ($policies-list/security-context/policies) {

with 

for-each
($policies-list/multi-routing-engine-item/security-context/policies) {

Enjoy,

Ben

On 24/09/2013, at 4:43 PM, Maarten van der Hoek <maarten at vanderhoek.nl>
wrote:

> Hi Ben,
> 
> Did you succeed in building that script ?
> (e.g. do you have it somewhere ? ;-) )
> 
> We've been playing with exports and then import in Excel...but still 
> not very nice..
> A better solution would be nice.
> (we can't you Junos-Space / or so because most deployments are in 
> separate Small / Branch offices)
> 
> Brgds,
> 
> Maarten van der Hoek
> 
> -----Oorspronkelijk bericht-----
> Van: juniper-nsp [mailto:juniper-nsp-bounces at puck.nether.net] Namens 
> Ben Dale
> Verzonden: dinsdag 24 september 2013 6:46
> Aan: Edward Dore
> CC: juniper-nsp at puck.nether.net; Harri Makela
> Onderwerp: Re: [j-nsp] SRX Command
> 
> After I spent a bit of time building an op script to print policy 
> matches out in a nicely formatted table, I notice that this feature is 
> now available for all policies even without the "then count" action from
12.1:
> 
> show security policies hit-count
> 
> Cheers,
> 
> Ben
> 
> On 24/09/2013, at 8:45 AM, Edward Dore 
> <edward.dore at freethought-internet.co.uk> wrote:
> 
>> You'll need to add the "count" action to the "then" statement on each
> security policy if you want to track the number of times that the 
> policy has been matched.
>> 
>> Edward Dore
>> Freethought Internet
>> 
>> On 23 Sep 2013, at 23:08, Harri Makela wrote:
>> 
>>> Hi All
>>> 
>>> Is there any command in SRX which I can use to check "number of 
>>> times FW
> policy has been used". Actually I want to clear all FW policies which 
> are not being used for last 12 months or so.  I don`t know much about 
> scripting but can try to get some help if I can think of a command 
> which can be rung through different zones combinations.
>>> 
>>> 
>>> Thanks in Advance !
>>> HM
>>> _______________________________________________
>>> juniper-nsp mailing list juniper-nsp at puck.nether.net 
>>> https://puck.nether.net/mailman/listinfo/juniper-nsp
>> 
>> _______________________________________________
>> juniper-nsp mailing list juniper-nsp at puck.nether.net 
>> https://puck.nether.net/mailman/listinfo/juniper-nsp
>> 
> 
> 
> _______________________________________________
> juniper-nsp mailing list juniper-nsp at puck.nether.net 
> https://puck.nether.net/mailman/listinfo/juniper-nsp
>

More information about the juniper-nsp mailing list