These three tools build Checkpoint, Cisco ASA or Netscreen policys from logfiles. They write dbedit, access-list or set address, set service and set policy commands for the traffic seen in the logs, that can be cut and pasted into the firewalls. WOOT

Features

  • Build Checkpoint FW-1 policies from exported logs and output in DBEDIT format
  • Build Netscreen policies from syslog and output in ScreenOS 6 format
  • Build Cisco ASA ACL's from syslog and output in access-list format
  • Cut and paste the commands output into the firewall to create a policy
  • Or output the rules in CSV format to cross check them (Netscreen, Checkpoint)
  • .
  • Baseline a test network and build a policy for the test firewall in one command!!
  • Close open or 'test' rules and secure management connections
  • Cross check traffic is seen on the correct interfaces
  • Two filters each of which can filter against any part of the log entry
  • Names resolved in the logs are used in policies but no object cmds are output
  • Rename ACL's and use the access group statements to filter further (Cisco)
  • Easy method of ignoring headers added by syslog servers
  • FW-1: EASY TO EXECUTE ./choot logexport.log CMD Policy filter1 filter2
  • DBEDIT cmd = Build rules and objects and output in DBEDIT format
  • - DBEDIT mode requires a policy name before the filters.
  • CSV cmd = Build rules and objects and output in CSV format
  • DEBUG cmd = Output more verbose information - each entry grep | awk ...
  • CISCO: EASY TO EXECUTE ./woot logfile CMDorACL filter1 filter2
  • SRCINT cmd = use the source interface as the ACL name
  • ACLNAME cmd = use access-gr cmds in file ACLNAME in same dir as woot
  • DEBUG cmd = Output more verbose information - each entry ... | sort -u etc
  • A name, an Access list name of your choice to which all ACE's will be assigned
  • NETSCREEN: EASY TO EXECUTE ./nwoot logfile CMD filter1 filter2
  • ZONE cmd = Build Rules and objects and output in Netscreen ScreenOS format
  • CSV cmd = Build Rules and objects and output in CSV format
  • DEBUG cmd = Output more verbose information - each entry grep | wc -l etc
  • CHECKPOINT FW-1 EXAMPLE COMMANDS:
  • ./choot logexport.log DBEDIT PolicyName eth2c0 161
  • ./choot logexport.log CSV ServerName domain-udp
  • ./choot logexport.log DEBUG 10.0.0 eth1c0
  • or just
  • ./choot logexport.log DBEDIT PolicyName
  • ...if you want a policy built for all traffic seen
  • CISCO EXAMPLE COMMANDS:
  • cat access-groups-from-asa > ACLNAME
  • ./woot ASA.log ACLNAME 10.10. \/53
  • ./woot ASA.log SRCINT 12:01 10.10.10
  • ./woot ASA.log testaclname 10.50. 10.10.10
  • ./woot ASA.log DEBUG ServerName12 \/443
  • ./woot ASA.log ACLNAME
  • ...if you want all access lists built for all access group statements
  • NETSCREEN EXAMPLE COMMANDS:
  • ./nwoot Netscreen.log DEBUG 10.10. dst_port=53
  • ./nwoot Netscreen.log ZONE 12:01 ServerName
  • ./nwoot Netscreen.log CSV ZoneName 443
  • ./nwoot Netscreen.log ZONE
  • ...if you want all policys built for all zones
  • !! I DONT RECOMMEND YOU USE THESE TOOLS ANYWHERE !! WOOT !!
  • WRITTEN IN SIMPLE Perl - NEEDS ONLY STANDARD MODULES

Project Activity

See All Activity >

Follow Build FW1 Cisco Netscreen PolicyFromLogs

Build FW1 Cisco Netscreen PolicyFromLogs Web Site

Other Useful Business Software

WhatsUp® Gold - Ranked #1 For Network Monitoring WhatsUp® Gold - Ranked #1 For Network Monitoring Icon
WhatsUp® Gold - Ranked #1 For Network Monitoring Icon

Automatically discover anything connected to your network with the industry's best flexible licensing. Free trial of our award-winning software

The industry’s best network monitoring software, WhatsUp® Gold includes: Hybrid Cloud Monitoring, Real-Time Performance Monitoring, Automatic and Manual Failover and Extended Visibility to Distributed Networks. Trusted by thousands of organizations worldwide. WhatsUp® Gold - More Visibility. Better Performance. Less Cost. Try it free for 30 days.
1/2
How many devices do you monitor on your company's network?
2/2
One last question before you visit our site:

When do you plan to purchase a network performance monitoring solution?

Rate This Project

Login To Rate This Project

User Reviews

Be the first to post a review of Build FW1 Cisco Netscreen PolicyFromLogs!

Additional Project Details

Languages

English

Intended Audience

Information Technology, Financial and Insurance Industry, System Administrators, Quality Engineers

User Interface

Command-line

Programming Language

Perl

Registered

2010-03-01