You can construct arbitrary queries over Firewall Insights metrics by
method in the
Cloud Monitoring version 3 API documentation.
The following sections describe relevant details for accessing Firewall Insights metrics data:
- For an overview of metrics, time series, and resources, see the metric model in the Cloud Monitoring version 3 API documentation.
- For information about how to read these metrics, see Reading metric data.
Viewing Firewall Insights metrics
Firewall Insights gathers metrics data for the last time a firewall rule was applied to allow or deny traffic (timestamp) and for the number of hits on a firewall rule for the retention period.
The metric for tracking firewall hit counts is defined per virtual machine (VM) instance and per Virtual Private Cloud (VPC) subnet.
Per-instance (VM) metrics provide hit count and last used timestamp information for a VM's network interface. Per-subnet metrics provide hit count information for individual firewall rules.
You can view metrics for Firewall Insights on the Google Cloud metrics page.
To view metrics for a virtual machine (VM) interface in the Google Cloud Console, see Using the VM network interface details screen.
Reporting frequency and retention
firewall rule hit count metric is exported to Monitoring
every minute. Monitoring data retention is six weeks. You can analyze any time
interval within the prior six weeks in one-minute intervals.
Filtering and aggregation
By aggregating the hit counts for virtual machine (VM) instances, you can observe the overall hit counts for each firewall rule that accumulate for all traffic flowing in your VPC network.
For an example, see the use case Detecting
sudden increases in the hit count for
ingress deny firewall rules.
Using Monitoring dashboards and alerts
You can use Monitoring dashboards and their associated charts to visualize the data for the Firewall Insights metrics described in the preceding sections.