Beefy Boxes and Bandwidth Generously Provided by pair Networks
Clear questions and runnable code
get the best and fastest answer
 
PerlMonks  

CheckPoint rule auditor

by semio (Friar)
on Jul 12, 2002 at 04:08 UTC ( #181207=sourcecode: print w/ replies, xml ) Need Help??

Category: Utility Scripts
Author/Contact Info
Description: This script was designed to help me gain insight into rule utilization on the Check Point Firewalls I maintain e.g. rules most heavily used or, conversely, rules not being used at all. Its input is any semi-colon delimited file created using logexport on the Firewall. Works on 4.1 and NG

#!/usr/bin/perl -w

use Text::ParseWords; 

use strict;

my (@lines, @fields, @rules, @date, @time, @rearranged);
my ($item, $date, $time, $rule);
my %count;

if($#ARGV <0) { 
print "usage: cpruleauditor <CheckPoint CSV File> \n";
exit 0;
} 

my $log = $ARGV[0];

open (LOGFILE, "$log") || die "Could not open file: $! \n";
@lines = <LOGFILE>;
close (LOGFILE);

my $header = $lines[0]; 

@fields = quotewords(";",0,$header);

my $count = 0;

validate();

print "Processing file.....please be patient \n\n";

my $value;

foreach $value (@fields) {
if ($value =~ /rule/) {
$rule = $count;
}
if ($value =~ /date/) {
$date = $count;
}
if ($value =~ /time/) {
$time = $count;
}
$count++;
}

shift @lines;

foreach $item (@lines) {
@fields = quotewords(";",0,$item);
unless ($fields[$rule] lt 1  ) { 
push (@rules, $fields[$rule]);
}
push (@date, $fields[$date]);
push (@time, $fields[$time]);
}

my $enddate = @date - 1;
my $endtime = @time - 1;

print "The log file covers the period \n";
print "$date[0] $time[0] to $date[$enddate] $time[$endtime] \n\n";

count_rules(@rules);

@rearranged = sort{$a <=> $b} keys %count;

foreach (@rearranged) {
print "rule number \t $_ \t appears \t $count{$_} \t time(s) \n";
}

sub validate {
if ($fields[0] !~ /num/) {
print "The file specified does not appear to be a valid CheckPoint CSV
+ file \n";
exit 0;
}
}

sub count_rules {
map { $count{$_}++ }  @rules;
return %count;
}

Comment on CheckPoint rule auditor
Download Code
Re: CheckPoint rule auditor
by Cmdr_Tofu (Scribe) on Mar 25, 2004 at 18:46 UTC
    How do you get a Checkpoint CSV file? I am trying to parse the Checkpoint Objects_5.c file

Back to Code Catacombs

Log In?
Username:
Password:

What's my password?
Create A New User
Node Status?
node history
Node Type: sourcecode [id://181207]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others examining the Monastery: (5)
As of 2014-12-19 03:59 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    Is guessing a good strategy for surviving in the IT business?





    Results (70 votes), past polls