If you are interested in seeing which filter rules in your defined rule set have been matched (or used) over time, you can use the ipsec -f display command. There is a field displayed for each filter rule called "FilterMatches". It will be 0 if the filter rule has not been matched. Or if it has been matched, it will indicate the number of times a packet matched the rule.
If you want to see which filter rules were used for a specific connection, the SMF 119, subtype 2 contains an "IP filter" section that indicates the inbound and outbound filter rule names that were matched for that connection. The SMF 119, subtype 2 is also available through a Network Management Interface (NMI). The NMI is defined in the IP Programmer's Guide & Reference. I am not aware of a sample for the NMI.
------------------------------
Joyce Anne Porter
------------------------------
Original Message:
Sent: Fri December 08, 2023 06:21 AM
From: Colin Paice
Subject: Is is possible to get summary statistics on IP filtering rule usage?
I would like to see which of my rules have been used. Is there a command to do this?
It looks like there is a IPSEC NMI interface to get this data, but I cant see how to do this, as I could not find any samples etc to get me started
Colin