Viewing Firewall Insights metrics

You can construct arbitrary queries over Firewall Insights metrics by using the projects.timeSeries.list request method in the Cloud Monitoring version 3 API documentation.

The following sections describe relevant details for accessing Firewall Insights metrics data:

  • For an overview of metrics, time series, and resources, see the metric model in the Cloud Monitoring version 3 API documentation.
  • For information about how to read these metrics, see Reading metric data.

Viewing Firewall Insights metrics

Firewall Insights gathers metrics data for the last time a firewall rule was applied to allow or deny traffic (timestamp) and for the number of hits on a firewall rule for the retention period.

  • firewallinsights.googleapis.com/subnet/firewall_hit_count
  • firewallinsights.googleapis.com/subnet/firewall_last_used_timestamp
  • firewallinsights.googleapis.com/vm/firewall_hit_count
  • firewallinsights.googleapis.com/vm/firewall_last_used_timestamp

The metric for tracking firewall hit counts is defined per virtual machine (VM) instance and per Virtual Private Cloud (VPC) subnet.

Per-instance (VM) metrics provide hit count and last used timestamp information for a VM's network interface. Per-subnet metrics provide hit count information for individual firewall rules.

You can view metrics for Firewall Insights on the Google Cloud metrics page.

To view metrics for a virtual machine (VM) interface in the Google Cloud Console, see Using the VM network interface details screen.

Reporting frequency and retention

The firewall rule hit count metric is exported to Monitoring every minute. Monitoring data retention is six weeks. You can analyze any time interval within the prior six weeks in one-minute intervals.

Filtering and aggregation

By aggregating the hit counts for virtual machine (VM) instances, you can observe the overall hit counts for each firewall rule that accumulate for all traffic flowing in your VPC network.

For an example, see the use case Detecting sudden increases in the hit count for ingress deny firewall rules.

Using Monitoring dashboards and alerts

You can use Monitoring dashboards and their associated charts to visualize the data for the Firewall Insights metrics described in the preceding sections.

To monitor these metrics in Monitoring, you can create custom dashboards. You can also add alerts based on these metrics.