Beefy Boxes and Bandwidth Generously Provided by pair Networks
Your skill will accomplish
what the force of many cannot
 
PerlMonks  

CheckPoint rule auditor

by semio (Friar)
on Jul 12, 2002 at 04:08 UTC ( [id://181207]=sourcecode: print w/replies, xml ) Need Help??
Category: Utility Scripts
Author/Contact Info
Description: This script was designed to help me gain insight into rule utilization on the Check Point Firewalls I maintain e.g. rules most heavily used or, conversely, rules not being used at all. Its input is any semi-colon delimited file created using logexport on the Firewall. Works on 4.1 and NG

#!/usr/bin/perl -w

use Text::ParseWords; 

use strict;

my (@lines, @fields, @rules, @date, @time, @rearranged);
my ($item, $date, $time, $rule);
my %count;

if($#ARGV <0) { 
print "usage: cpruleauditor <CheckPoint CSV File> \n";
exit 0;
} 

my $log = $ARGV[0];

open (LOGFILE, "$log") || die "Could not open file: $! \n";
@lines = <LOGFILE>;
close (LOGFILE);

my $header = $lines[0]; 

@fields = quotewords(";",0,$header);

my $count = 0;

validate();

print "Processing file.....please be patient \n\n";

my $value;

foreach $value (@fields) {
if ($value =~ /rule/) {
$rule = $count;
}
if ($value =~ /date/) {
$date = $count;
}
if ($value =~ /time/) {
$time = $count;
}
$count++;
}

shift @lines;

foreach $item (@lines) {
@fields = quotewords(";",0,$item);
unless ($fields[$rule] lt 1  ) { 
push (@rules, $fields[$rule]);
}
push (@date, $fields[$date]);
push (@time, $fields[$time]);
}

my $enddate = @date - 1;
my $endtime = @time - 1;

print "The log file covers the period \n";
print "$date[0] $time[0] to $date[$enddate] $time[$endtime] \n\n";

count_rules(@rules);

@rearranged = sort{$a <=> $b} keys %count;

foreach (@rearranged) {
print "rule number \t $_ \t appears \t $count{$_} \t time(s) \n";
}

sub validate {
if ($fields[0] !~ /num/) {
print "The file specified does not appear to be a valid CheckPoint CSV
+ file \n";
exit 0;
}
}

sub count_rules {
map { $count{$_}++ }  @rules;
return %count;
}
Replies are listed 'Best First'.
Re: CheckPoint rule auditor
by Cmdr_Tofu (Scribe) on Mar 25, 2004 at 18:46 UTC
    How do you get a Checkpoint CSV file? I am trying to parse the Checkpoint Objects_5.c file

Log In?
Username:
Password:

What's my password?
Create A New User
Domain Nodelet?
Node Status?
node history
Node Type: sourcecode [id://181207]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this?Last hourOther CB clients
Other Users?
Others sharing their wisdom with the Monastery: (3)
As of 2024-11-10 08:35 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?
    chatterbot is...






    Results (37 votes). Check out past polls.