I'd recommend using Eventia Reporter for that purpose. Since R65 HFA02 the "Rule Base Analysis" report has been doing what its supposed to do, ie keeping track of rules without messing it up (as previous versions often did). The Eventia Reporter suite comes at a price though, dont forget its Check Point we're talking about ;-) On the upside the Reporter server will give you a lot more than just rule base analysis, there are lots of nice reports to play with, and since it can run on SPLAT (and VMware) its not necessarily expensive to implement in terms of hardware/OS costs.
Doing this job with Smartview Tracker will be tedious, but using the "Rule UID" you should be able to at least pinpoint the correct rule regardless of changes you've made in the rulebase. Exactly how tedious it will be depends on the size of your logs and how often you rotate them (since you would have to filter logs X number of days back to see when it was last used, every rotation means opening a new logfile to filter = manual job). Another approach is to export all logs to text files and then search them for the relevant UID, that would at least save you the manual labor of changing logfiles if you rotate them often. Just a few cents on my part. brgds, André S. -----Original Message----- From: Mailing list for discussion of Firewall-1 [mailto:[email protected]] On Behalf Of a bv Posted At: 8. juni 2009 10:49 Posted To: FireWall-1 mailinglist Conversation: [FW-1] Observing the rules Subject: [FW-1] Observing the rules Hi list, There are many rules on our R65 and when someone needs we add temporary rules but mostly the user who needs the temp rule dont warn us when he/she no longer needs it , and also we cant follow . So how can these rules effectively be observed , how often used or not used since x time? Are there any tricks on Smartview Tracker? What is the best practise? regards Scanned by Check Point Total Security Gateway. ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [email protected] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [email protected] ================================================= Scanned by Check Point Total Security Gateway. ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [email protected] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [email protected] =================================================
