#==============================================================================
#
# Module:       cpedge.pm
#
# Author:       Peter Sundstrom (peter@ginini.com)
#
# Purpose:      Converts Checkpoint Edge logs.
#
# Version:      1.0.0
#
# Source:       http://www.ginini.com/software/fwlogsum/converters/
#
#==============================================================================

use strict;

sub Convert {
	my $input = shift;
	
	open INPUT, $input or die "Can not open $input $!\n";

	#
	# Output FW1 logexport header
	#
	print "num;date;time;orig;type;action;i/f_name;i/f_dir;proto;src;dst;service;s_port;icmp-type;icmp-code;rule;\n";

	my $count=0;
	
	while (<INPUT>) {
	
		next unless (/Src:/);

		chomp;
	
		$count++;
	
		Linecount($count) if $verbose;
	
		my ($y,$m,$d,$time) = /(\d{4}) (\w{3}) (\d+) (\d+:\d+:\d+)/;
		my $date="$d$m$y";

		my ($orig,$action,$direction,$proto,$src,$src_port,$dst,$dst_port,$icmp_type,$icmp_code,$rule,$interface);


		if (/Type:/) {
			$proto='icmp';

			($orig,$action,$direction,$src,$dst,$icmp_type,$icmp_code,$rule,$interface) = /(\d+\.\d+\.\d+\.\d+).*(Accepted|Dropped|Rejected)\s+(\w+).*Src:(\S+) Dst:(\S+) Type:(\d+) Code:(\d+).*Rule:(\S+) Interface:(\w+)/;
		}
		else {
			$proto='tcp';

			($orig,$action,$direction,$src,$src_port,$dst,$dst_port,$rule,$interface) = /(\d+\.\d+\.\d+\.\d+).*(Accepted|Dropped|Rejected)\s+(\w+).*Src:(\S+) SPort:(\S+) Dst:(\S+) DPort:(\S+).*Rule:(\S+) Interface:(\w+)/;
		}

		$direction = lc $direction;
  
		$action = 'drop' if ($action eq 'Dropped');
		$action = 'accept' if ($action eq 'Accepted');
		$action = 'reject' if ($action eq 'Rejected');

		print "$count;$date;$time;$orig;log;$action;$interface;$direction;$proto;$src;$dst;$dst_port;$src_port;$icmp_type;$icmp_code;$rule;\n";
	
	}

	close INPUT;
}

1;