You like to know which element in a List is used?
Find the elements which are never used?
Ok here is my solution :-)
First of all you need the following two rules
|Find List Matches|
|[✔] Enabled [✘] Disabled in Cloud|
Applies to: [✔] Requests [✔] Responses [✔] Embedded Objects
This rule you have to place right after the place where the list is used in the policy.
For easier finding you should give the user defined variable blocked_by a unique name.Normally I use the ListName.
Ok this was the Policy Part.
Now the tricky part....
A few month ago I posted a PDStorage analyzer... (you find all here PDs experiences)
You need to have a linux or cygwin installation with perl.
Also you need to have a trusted SSH Access from this installation to your Proxy. (ssh access without login - example: use ssh-copy-id to exange keys)
Using this you can do the following....
> ./PDs.pl -g -s <IP-PROXY> | grep LIST_USE
LIST_USE|GLB_BLACKLIST (Host)|Last_used|ADS.CNN.COM = 2016-05-13 13:11:32
LIST_USE|GLB_BLACKLIST (Host)|First_used|ADS.CNN.COM = 2016-05-01 13:07:34
LIST_USE|GLB_BLACKLIST (Host)|count|ADS.CNN.COM = 244
LIST_USE|GLB_WHITELIST (Pattern)|Last_used|regex(^(http|https|ftp)://[^/]*.onenote.com.*) = 2016-05-30 07:33:01
LIST_USE|GLB_WHITELIST (Pattern)|First_used|regex(^(http|https|ftp)://[^/]*.onenote.com.*) = 2016-01-20 17:53:34
LIST_USE|GLB_WHITELIST (Pattern)|count|regex(^(http|https|ftp)://[^/]*.onenote.com.*) = 233433
Now you have all informations you are looking for......
The matched entry,
The last and first seen date
and how often this entry matches during this time period.
If your Global PDs is not syncronized over all proxies you'll have to ask every proxy and merge the results together.
If it is syncronized you have to ask only one proxy.
You can only see entries requested during the last 99 days. Older entries will be deleted from the PDs...
A workaround might be to request all entries every 3 month and store them for later use.