Build FW1 Cisco Netscreen PolicyFromLogs download for Linux

This is the Linux app named Build FW1 Cisco Netscreen PolicyFromLogs whose latest release can be downloaded as 360AnalyticsLtd-WooterWoot.zip. It can be run online in the free hosting provider OnWorks for workstations.

Build FW1 Cisco Netscreen PolicyFromLogs

DESCRIPTION:

These three tools build Checkpoint, Cisco ASA or Netscreen policys from logfiles. They write dbedit, access-list or set address, set service and set policy commands for the traffic seen in the logs, that can be cut and pasted into the firewalls. WOOT

Features

• Build Checkpoint FW-1 policies from exported logs and output in DBEDIT format
• Build Netscreen policies from syslog and output in ScreenOS 6 format
• Build Cisco ASA ACL's from syslog and output in access-list format
• Cut and paste the commands output into the firewall to create a policy
• Or output the rules in CSV format to cross check them (Netscreen, Checkpoint)
• .
• Baseline a test network and build a policy for the test firewall in one command!!
• Close open or 'test' rules and secure management connections
• Cross check traffic is seen on the correct interfaces
• Two filters each of which can filter against any part of the log entry
• Names resolved in the logs are used in policies but no object cmds are output
• Rename ACL's and use the access group statements to filter further (Cisco)
• Easy method of ignoring headers added by syslog servers
• FW-1: EASY TO EXECUTE ./choot logexport.log CMD Policy filter1 filter2
• DBEDIT cmd = Build rules and objects and output in DBEDIT format
• - DBEDIT mode requires a policy name before the filters.
• CSV cmd = Build rules and objects and output in CSV format
• DEBUG cmd = Output more verbose information - each entry grep | awk ...
• CISCO: EASY TO EXECUTE ./woot logfile CMDorACL filter1 filter2
• SRCINT cmd = use the source interface as the ACL name
• ACLNAME cmd = use access-gr cmds in file ACLNAME in same dir as woot
• DEBUG cmd = Output more verbose information - each entry ... | sort -u etc
• A name, an Access list name of your choice to which all ACE's will be assigned
• NETSCREEN: EASY TO EXECUTE ./nwoot logfile CMD filter1 filter2
• ZONE cmd = Build Rules and objects and output in Netscreen ScreenOS format
• CSV cmd = Build Rules and objects and output in CSV format
• DEBUG cmd = Output more verbose information - each entry grep | wc -l etc
• CHECKPOINT FW-1 EXAMPLE COMMANDS:
• ./choot logexport.log DBEDIT PolicyName eth2c0 161
• ./choot logexport.log CSV ServerName domain-udp
• ./choot logexport.log DEBUG 10.0.0 eth1c0
• or just
• ./choot logexport.log DBEDIT PolicyName
• ...if you want a policy built for all traffic seen
• CISCO EXAMPLE COMMANDS:
• cat access-groups-from-asa > ACLNAME
• ./woot ASA.log ACLNAME 10.10. \/53
• ./woot ASA.log SRCINT 12:01 10.10.10
• ./woot ASA.log testaclname 10.50. 10.10.10
• ./woot ASA.log DEBUG ServerName12 \/443
• ./woot ASA.log ACLNAME
• ...if you want all access lists built for all access group statements
• NETSCREEN EXAMPLE COMMANDS:
• ./nwoot Netscreen.log DEBUG 10.10. dst_port=53
• ./nwoot Netscreen.log ZONE 12:01 ServerName
• ./nwoot Netscreen.log CSV ZoneName 443
• ./nwoot Netscreen.log ZONE
• ...if you want all policys built for all zones
• !! I DONT RECOMMEND YOU USE THESE TOOLS ANYWHERE !! WOOT !!
• WRITTEN IN SIMPLE Perl - NEEDS ONLY STANDARD MODULES

Audience

Information Technology, Financial and Insurance Industry, System Administrators, Quality Engineers

User interface

Command-line

Programming Language

Perl

This is an application that can also be fetched from https://sourceforge.net/projects/wooterwoot/. It has been hosted in OnWorks in order to be run online in an easiest way from one of our free Operative Systems.