Retrieving DFW Rule Statistics From NSX API
search cancel

Retrieving DFW Rule Statistics From NSX API

book

Article ID: 409357

calendar_today

Updated On:

Products

VMware vDefend Firewall

Issue/Introduction

How to retrieve rule stats from the DFW via API call. 

Environment

NSX 4.x and later

Resolution

Option 1:

Run the following API Call:

GET /policy/api/v1/infra/domains/{domain-id}/security-policies/{security-policy-id}/rules/{rule-id}/statistics

Example Response:

{
  "results" : [
        {
            "rule": "TestRule",
            "packet_count": 3806,
            "session_count": 819,
            "hit_count": 345,
            "byte_count": 322989,
            "popularity_index": 85,
            "max_popularity_index": 85,
            "max_session_count": 819,
            "total_session_count": 881
        }
    ],
    "cursor" : 1,
    "result_count" : 1

Option 2:

 

Run the following API Call:

GET https://NSX-MGR-IP/policy/api/v1/agg-service-genericstats/rawstats/summation

Look for "DFWRuleStats in the output:

sub_type_id = The Rule ID, so rule id 1003.

last_update_time = Last update time for the rule, use https://www.epochconverter.com/ to convert the value to an date. 

In the data_values field, each number represents a stat for the rule. 

Packet Count, Byte Count, Hit Count, and Session Count. 

So [ 6, 1628, 6, 6, 0, 0, 0 ] is 6 packet count, 1628  byte count, 6 hit count, and 6 session count. 

"feature_stack" : "DFWRuleStats",
        "stat_type" : 0,
        "type_id" : "D",
        "sub_type_id" : "1003",                                        <<<< RuleID
        "last_update_time" : 1738171215458,                       
        "data_values" : [ 6, 1628, 6, 6, 0, 0, 0 ]                     <<<< 6 PACKET COUNT, 1628 BYTE COUNT, 6 Hit COUNT, 6 SESSION COUNT, 0,0,0

 

Powered by Wolken Software