Get a list of rules without logging

Get a list of rules without logging.

Rules without logging are rules that do not produce log records when they match packets. Many organizations require all, or nearly all, rules, to produce logs, thus a list of rules without a log keyword may let you ensure that your policy complies with your organization's requirements. With the exception of Cisco devices, these rules are always excluded from the list of unused rules since an absence of log records does not confirm that no traffic was matched.

Note: For Cisco devices, AFA does not rely on logs to determine if a rule is unused.

For information about consolidated rules, see POLICY OPTIMIZATION page.

Resource Name:

/api/v1/rule/policy-optimization/{deviceTreeName}/withoutlogging

Request Method: GET

Request Parameters:

Element

Type

Description

deviceTreeName
Mandatory

string

Tree name of the device.

(To get the entity name for a device, see Device names in the ASMS APIs. If the entity is a group, use the name from the UI).
pageNumber
optional		 Integer The page number to include in the response. Default value : 0 (Value 0 means first page).
pageSize
optional		 Integer The number of results to include on each page in the response. Default value : 50.
ruleDisplayType
optional 		string

Determines the amount of details included in the response.

Available values :

  • BASIC: The source, destination and service contain network objects and services that only have canonized names.

  • FULL: The source destination and service contain the all network objects and services.

  • DISPLAY: Source, destination and service are partially filled and contain icons and NAT type data.

  • SLIM: Similar to the BASIC but without a link

Response:

Code

Description
200

Operation completed successfully

400

Validation error

401

Unauthorized

Request examples 

curl -X GET "https://[localhost]/afa/api/v1/rule/policy-optimization/{deviceTreeName}/withoutlogging?pageNumber=0&pageSize=50&ruleDisplayType=DISPLAY" -H "accept: */*"

Response examples

Copy 
{
  "content": [
    {
      "deviceId": 6,
      "ruleId": "11",
      "ruleNum": "13",
      "source": [
        {
          "originalName": "all",
          "canonizedName": "all",
          "natType": "NONE",
          "invalidNamedObject": false
        }
      ],
      "isNegateSource": false,
      "destination": [
        {
          "originalName": "all",
          "canonizedName": "all",
          "natType": "NONE",
          "invalidNamedObject": false
        }
      ],
      "isNegateDestination": false,
      "service": [
        {
          "originalName": "ICMP_ANY",
          "canonizedName": "ICMP_ANY",
          "invalidNamedObject": false
        }
      ],
      "isNegateService": false,
      "action": "accept",
      "comment": [
        "FireFlow #401| allow pings"
      ],
      "enable": "enable",
      "log": "disable",
      "documentation": {
        "business criticality": "",
        "business partner": "",
        "documentation": "",
        "business applications": ""
      },
      "additionalData": {
        "schedule": [
          {
            "value": "always"
          }
        ],
        "from": [
          {
            "value": "VPNclient"
          }
        ],
        "to": [
          {
            "value": "port16"
          }
        ]
      },
      "isValidUserSourceModel": true
    }
  ],
  "pageable": {
    "sort": {
      "sorted": false,
      "unsorted": true,
      "empty": true
    },
    "pageSize": 50,
    "pageNumber": 0,
    "offset": 0,
    "paged": true,
    "unpaged": false
  },
  "totalPages": 1,
  "totalElements": 1,
  "last": true,
  "number": 0,
  "size": 50,
  "numberOfElements": 1,
  "sort": {
    "sorted": false,
    "unsorted": true,
    "empty": true
  },
  "first": true,
  "empty": false
}