Text only | Text with Images

OPNsense Forum

English Forums => Intrusion Detection and Prevention => Topic started by: sol on April 21, 2020, 09:52:48 AM

Title: show total number of active drop and alert rules
Post by: sol on April 21, 2020, 09:52:48 AM
Hi there,

How can I list the total number of active drop and alert rules?
Is it possible in the gui or are there any commands for the shell.

Thx.
Title: Re: show total number of active drop and alert rules
Post by: MTR on May 04, 2020, 12:53:40 AM
Count all enabled rules:
Code Select
# sqlite3 -readonly /usr/local/etc/suricata/rules/rules.sqlite "SELECT COUNT(*) FROM rules WHERE enabled = True;"

Count only enabled 'drop' rules:
Code Select
# sqlite3 -readonly /usr/local/etc/suricata/rules/rules.sqlite "SELECT COUNT(*) FROM rules WHERE enabled = True AND action LIKE 'drop';"

Count only enabled 'alert' rules:
Code Select
# sqlite3 -readonly /usr/local/etc/suricata/rules/rules.sqlite "SELECT COUNT(*) FROM rules WHERE enabled = True AND action LIKE 'alert';"

Title: Re: show total number of active drop and alert rules
Post by: sol on May 05, 2020, 11:19:40 AM
Perfect!
Thank you very much!
Title: Re: show total number of active drop and alert rules
Post by: MTR on May 05, 2020, 12:32:09 PM
You're welcome.  :)
Text only | Text with Images