Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
 

show security policies hit-count

Syntax

Description

Display the utility rate of security policies according to the number of hits they receive. The number of hits can be listed without an order or sorted in either ascending or descending order, and they can be restricted to the number of hits that fall above or below a specific count or within a range. Data is shown for all zones associated with the policies or named zones.

In a cluster, the count is a sum of all the Services Processing Cards (SPC) hit counts; it is cluster-wide. If a Packet Forwarding Engine (PFE) in a node is in failover mode, but does not reboot, the counter persists. If a node reboots, the PFE in the node also reboots, and the counter is cleared. During an in-service software upgrade (ISSU), all PFEs reboot, therefore all counters are cleared.

Use this command without options to display the number of hits in random order for all security policies and for all zones.

Options

  • ascending—(Optional) Displays the number of hits for security policies in ascending order.

  • descending—(Optional) Displays the number of hits for security policies in descending order.

  • from-zone zone-name—(Optional) Displays the number of hits for security policies associated with the named source zone.

  • greater-than count—(Optional) Displays security policies for which the number of hits is greater than the specified number.

    Range: 0 through 4,294,967,295

  • less-than count—(Optional) Displays security policies for which the number of hits is less than the specified number.

    Range: 0 through 4,294,967,295

  • logical-system—Displays the logical system name.

  • root-logical-system—Displays root logical system as default.

  • tenant—Displays the name of the tenant system.

  • to-zone zone-name—(Optional) Displays the number of hits for security policies associated with the named destination zone.

Required Privilege Level

view

Output Fields

Table 1 lists the output fields for the show security policies hit-count command. Output fields are listed in the approximate order in which they appear.

Table 1: show security policies hit-count Output Fields

Field Name

Field Description

index

Displays the policy sequence number

from-zone

Name of the source zone

to-zone

Name of the destination zone

name

Name of the security policy

policy count

Number of hits for each security policy

tenant

Displays the name of the tenant system.

Sample Output

show security policies hit-count

Sample Output

show security policies hit-count ascending

Sample Output

show security policies hit-count descending greater-than 70 less-than 100

Sample Output

show security policies hit-count from-zone untrust to-zone trust

Sample Output

show security policies hit-count tenant all

Release Information

Command introduced in Junos OS Release 12.1.

The index output field is added to the show security policies hit-count command to display the number of sessions redirected in Junos OS Release 18.2R1.

The tenant option is introduced in Junos OS Release 18.3R1.