February 6th, 2002, 03:25 PM
Checkpoint Question (etsh911)
We are currently using some PERL scripts to extract the IP's of all objects from our objects.C file and then running a daily script (occurences.pl) for a period of 30-days to determine which objects in the firewall have not been used for that 30 days, so they can be reviewed and possibly removed at the end of the 30 day period.
So basically, once we have a file containing all the object IP's....Approximately 4000 objects , we run the PERL script which takes the ASCII log file and compares the IP list to it. Anything that is not matched in the log file, is written to an output file which then becomes the new input for the next day.
SO..My question is once we have the list of IP's that have not been used, and we run another script to associate the object name with each IP address, is there any way to also determine which rule(s) each object is being used in. We are currently doing this manually and it is a very long process as you could imagine. I am not sure if this is possible, but it doesn't hurt to ask....
February 6th, 2002, 04:02 PM
I think what your looking for is fwprint at http://nic.com/~dave/Security/fwprint.html this babe could translate most of FW-1 files to human readable output, check the documentation on the -n flag, I think it's what your looking for.
February 6th, 2002, 04:58 PM
Beautiful....looks like this is exactly what I am looking for. I will be trying it out today though to make sure. thanks alot!!
February 6th, 2002, 05:04 PM