Beefy Boxes and Bandwidth Generously Provided by pair Networks
P is for Practical
 
PerlMonks  

CheckPoint rule auditor

by semio (Friar)
on Jul 12, 2002 at 04:08 UTC ( #181207=sourcecode: print w/ replies, xml ) Need Help??

Category: Utility Scripts
Author/Contact Info Dave K, davk@comcast.net
Description: This script was designed to help me gain insight into rule utilization on the Check Point Firewalls I maintain e.g. rules most heavily used or, conversely, rules not being used at all. Its input is any semi-colon delimited file created using logexport on the Firewall. Works on 4.1 and NG

#!/usr/bin/perl -w

use Text::ParseWords; 

use strict;

my (@lines, @fields, @rules, @date, @time, @rearranged);
my ($item, $date, $time, $rule);
my %count;

if($#ARGV <0) { 
print "usage: cpruleauditor <CheckPoint CSV File> \n";
exit 0;
} 

my $log = $ARGV[0];

open (LOGFILE, "$log") || die "Could not open file: $! \n";
@lines = <LOGFILE>;
close (LOGFILE);

my $header = $lines[0]; 

@fields = quotewords(";",0,$header);

my $count = 0;

validate();

print "Processing file.....please be patient \n\n";

my $value;

foreach $value (@fields) {
if ($value =~ /rule/) {
$rule = $count;
}
if ($value =~ /date/) {
$date = $count;
}
if ($value =~ /time/) {
$time = $count;
}
$count++;
}

shift @lines;

foreach $item (@lines) {
@fields = quotewords(";",0,$item);
unless ($fields[$rule] lt 1  ) { 
push (@rules, $fields[$rule]);
}
push (@date, $fields[$date]);
push (@time, $fields[$time]);
}

my $enddate = @date - 1;
my $endtime = @time - 1;

print "The log file covers the period \n";
print "$date[0] $time[0] to $date[$enddate] $time[$endtime] \n\n";

count_rules(@rules);

@rearranged = sort{$a <=> $b} keys %count;

foreach (@rearranged) {
print "rule number \t $_ \t appears \t $count{$_} \t time(s) \n";
}

sub validate {
if ($fields[0] !~ /num/) {
print "The file specified does not appear to be a valid CheckPoint CSV
+ file \n";
exit 0;
}
}

sub count_rules {
map { $count{$_}++ }  @rules;
return %count;
}

Comment on CheckPoint rule auditor
Download Code
Re: CheckPoint rule auditor
by Cmdr_Tofu (Scribe) on Mar 25, 2004 at 18:46 UTC
    How do you get a Checkpoint CSV file? I am trying to parse the Checkpoint Objects_5.c file

Back to Code Catacombs

Log In?
Username:
Password:

What's my password?
Create A New User
Node Status?
node history
Node Type: sourcecode [id://181207]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others having an uproarious good time at the Monastery: (6)
As of 2014-07-13 09:40 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    When choosing user names for websites, I prefer to use:








    Results (249 votes), past polls