#============================================================================== # # Module: stonegate.pm # # Author: Peter Sundstrom (peter@ginini.com) # # Purpose: Converts Stonegate CSV logs to FW1 logexport format. # # Version: 1.0.0 # # Source: http://www.ginini.com/software/fwlogsum/converters/ # #============================================================================== use strict; use Text::ParseWords; # # Hash to store the descriptive name of the useful fields # my %col = ( 'timestamp' => 0, 'orig' => 2, 'action' => 6, 'proto' => 7, 'src' => 8, 'dst' => 9, 'srcprt' => 10, 'dstprt' => 11, 'rule' => 12, 'icmptype' => 22, 'icmpcode' => 23 ); # # Hash to convert action types # my %action = ( 'Allow' => 'accept', 'Discard' => 'drop', 'Reject' => 'reject' ); sub Convert { my $input = shift; open INPUT,$input or die "Can not open $input $!\n"; # # Output FW1 logexport header # print "num;date;time;orig;type;action;proto;src;dst;s_port;service;icmp-type;icmp-code;rule\n"; my $count=0; while () { next if (/^#/ or /^\S*$/); my @fields = parse_line(',',0,$_); $count++; Linecount($count) if $verbose; # # Only interested in allow/discard (and reject?) entries # next unless ($fields[$col{'action'}] =~ /allow|discard|reject/i); my ($date,$time) = split(/ /,$fields[$col{'timestamp'}]); my ($d,$m,$y) = split(/\./,$date); $m = sprintf("%02d",$m); my $rule = $fields[$col{'rule'}]; $rule =~ s/\@//; my $proto = lc($fields[$col{'proto'}]); $proto =~ s/ \(.*//; print "$count;$d$mon{$m}$y;$time;$fields[$col{'orig'}];log;$action{$fields[$col{'action'}]};$proto;$fields[$col{'src'}];$fields[$col{'dst'}];$fields[$col{'srcprt'}];$fields[$col{'dstprt'}];$fields[$col{'icmptype'}];$fields[$col{'icmpcode'}];$rule\n"; } close INPUT; } 1;