Hi,
You could possibly do an offline analysis on a Linux machine for example.
Step 1: Compile list of applications & application-set
root# show applications | match application | match {
application test {
application test1 {
application pots {
application-set testing {
Copy the list of applications in a text file on Linux and filter out the application names only into another text file:
$ awk '{print $2}' application.txt > app.txt
$ cat app.txt
test
test1
pots
testingStep 2: Load or export the security policy section of config in another text file, e.g policy.txt
# show security policy | save /var/tmp/policy.txt
Step 3: Use below commands to filter applications not in use:
$ grep -v -w "$(grep -i application policy.txt | awk '{if (NF > 0) print $2}' | sed 's/.$//')" app.txtI believe this can be scripted further or automated in other languages as well.
Hope this helps.
Cheers,
Ashvin