Sign In with your
Trend Micro Account
Need Help?
Need More Help?

Create a technical support case if you need further support.

show np rule-stats

    • Updated:
    • 31 Jul 2017
    • Product/Version:
    • TippingPoint IPS N-series All
    • TippingPoint IPS NX-series All
    • TippingPoint IPS S-series All
    • TippingPoint NGFW All
    • TippingPoint SecBlade All
    • TippingPoint TPS All
    • TippingPoint Virtual TPS All
    • Platform:
Summary
The "show np rule-stats" CLI command displays the top 20 triggered filters and allows the user to view the effect a particular filter has on the IPS. The command is useful for troubleshooting performance issues.
Details
Public

SAMPLE OUTPUT===============

# show np rule-stats 
 
  Filter      Flows  Success  % Total  % Success
    5876     706346        0       39       0.00  
   10762      36353        0       22       0.00
    8096      36353        0        9       0.00   
    8078      20978        0        1       0.00   
    2397      15430        0        8       0.00   
    9421       7870        0        4       0.00   
    8610       2755        0        1       0.00   
    2402      30275    10745        1      35.49   
    8350       2505        0        1       0.00   
    4044       2234        0        1       0.00   
    4152       2234        0        1       0.00   
    4046       2234        0        1       0.00   
    6515       1499        0        0       0.00   
    6545       1499        0        0       0.00   
    4616       1499        0        0       0.00   
    5456       1499        0        0       0.00   
    5457       1499        0        0       0.00   
    9292       1159        0        0       0.00  
   10562       1159        0        0       0.00   
    5571        604        0        0       0.00
    Total of 875984 flows

EXPLANATION ===========

ColumnDescription
FilterFilter number
FlowsNumber of flows that have come to the Smart-Path
SuccessNumber of times this filter has matched. In this example we received 706,346 flows and none matched filter 5876.
% TotalA ratio of the flows that were brought to the Smart-Path by this filter to the total number of flows that went to inspection.
% SuccessNumber of Successes divided by the number of Flows

In the above example, filters 5876 and 10762 might be candidates to disable in order to gain some performance.Filter 2402 should not be under consideration due to its high success rate.

Note: Care should be taken when disabling filters. Read the filter description to make sure that your systems are patched for that particular vulnerability. If your systems have been patched, it may be safe to disable that filter.

You have the ability to reset the rule statistics, this is especially beneficial for IPS units that have been up for an extended time. The command only shows the top 20 based on number of flows. To reset this counter and generate a current Top 20 issue the following command via the CLI execute the following command "clear np rule-stats" If a filter has any successes over time, it would be prudent to leave it on. If the filter has not logged successes but is responsible for bring a large percentage of the traffic to inspection, some performance might be regained by turning that particular filter off.

Premium
Internal
Rating:
Category:
Configure; Troubleshoot; Deploy
Solution Id:
TP000085624
Feedback
Did this article help you?

Thank you for your feedback!

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.

If you need additional help, you may try to contact the support team. Contact Support


To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.