[miker]

So, I have a rulebase with several hundred rules, which I would like to optimize, by moving the most-used rules towards the top of the rulebase. I'm quite familiar with methods for taking fw.log and determining what rules have the highest hit counts.

However, this rulebase has many rules set not to log. Naturally, in this case, I cannot use fw.log to determine hit counts on such rules. Is there any way for me to do this?

I suspect 'fw monitor' may have this functionality since it seems to have some awareness of the application level (e.g. you can use 'accept' and 'deny' as expressions), but I can't find any documentation that you can use it to search on rules. Is there an 'fw monitor' expression to do this?

If not with 'fw monitor', is there another method for determining this information? Obviously, I could turn on logging on all the rules, but is there anything besides that?