[prev in list] [next in list] [prev in thread] [next in thread]
List: sidewinder
Subject: Re: [Sidewinder] Documentation tool\script available???
From: sidewinder-admin () adeptech ! com
Date: 2003-08-01 10:46:25
[Download RAW message or body]
Yes, I wrote a script, that takes the cf acl q output and format in a
csv-format, maybe this will help you out:
----------------
~$ cat sidewinder/acl2csv.pl
#!/usr/bin/perl -w
# Written by kg@abacom.net (Klaus Groeger) April 2003
# No guaranty, no copyright, free to distribute, free to alter
# It is not nice, but it works (for me)
# Please, if you alter the script and the result works, send me a copy
#
# Works on Sidewinder up to 52107
# This script makes a TAB-delimited output from "cf acl q"
# Call it like this: "cf acl q | ./acl2csv.pl > file.txt"
# Don't forget to make a "chtype admn:scrp ./acl2csv.pl" if you
# want to use it one your Sidewinder
# One may easily import the output to Excel or something else
while(<STDIN>) {
# first we merge each acl to one line
if (/^acl/) {
chomp;
chop if (/\\$/i);
$line = $_;
}else{
chomp;
chop if (/\\$/);
s/^\s*(\S.*$)/$1/;
$line = $line . $_;
}
if ($line =~ (/lastchangedby=/)) {
$line =~ s/(^.* )lastchangedby.*/$1/;
#print $line ."\n"; ##debugging
# write the tables
# Subnet Table
if ($line =~ /table=subnet/) {
$line=~/^.*?table=(.*?)\s*name=(.*?)\sburb=(.*?)\s*bits=(.*?)\sipaddr=([\d\.]*)\s.*$/;
$ts_object=$1;
$ts_name=$2;
$ts_burb=$3;
$ts_bits=$4;
$ts_ipaddr=$5;
if ($line=~/.*comments=/) {
$ts_comment=$line;
$ts_comment=~ s/^.*\bcomments=(.*)\s$/$1/;
}else{$ts_comment="None";}
print
("$ts_object\t$ts_name\t$ts_burb\t$ts_ipaddr\t$ts_bits\t$ts_comment\n");
}
# Host Table
if ($line =~ /table=host.*burb=/) {
$line=~/^.*?table=(.*?)\s*name=(.*?)\sburb=(.*?)\sipaddrs=(.*?)\s.*$/;
$th_object=$1;
$th_name=$2;
$th_burb=$3;
$th_ipaddr=$4;
if ($line=~/.*comments=/) {
$th_comment=$line;
$th_comment=~ s/^.*\bcomments=(.*)\s$/$1/;
}else{$th_comment="None";}
print ("$th_object\t$th_name\t$th_burb\tIP:
$th_ipaddr\t\t$th_comment\n");
}
# Table Ip-Addrs
if ($line =~ /table=ipaddr.*burb=/) {
$line=~/^.*?table=(.*?)\s*name=(.*?)\sburb=(.*?)\s.*$/;
$ti_object=$1;
$ti_name=$2;
$ti_burb=$3;
if ($line=~/.*comments=/) {
$ti_comment=$line;
$ti_comment=~ s/^.*\bcomments=(.*)\s$/$1/;
}else{$ti_comment="None";}
print ("$ti_object\tIP:
$ti_name\t$ti_burb\t\t\t$ti_comment\n");
}
# Netgroup Table
if ($line =~ /table=netgroup/) {
$line=~/^.*?table=(.*?)\s*name=(.*?)\sburb=(.*?)\smembers=(.*?)\s.*$/;
$tn_object=$1;
$tn_name=$2;
$tn_burb=$3;
@tn_members=sort(split(/,/,$4));
if ($line=~/.*comments=/) {
$tn_comment=$line;
$tn_comment=~ s/^.*\bcomments=(.*)\s$/$1/;
}else{$tn_comment="None";}
print
("$tn_object\t$tn_name\t$tn_burb\tMembers\t\t$tn_comment\n");
$count=@tn_members; # print ("$count\n");
for ($i=0; $i<$count; $i++) {
print ("\t\t\t$tn_members[$i]\n");
}
}
# NetMap Table
if ($line =~ /table=netmap/) {
$line=~/^.*?table=(.*?)\s*name=(.*?)\sburb=(.*?)\smembers=(.*?)\s.*$/;
$tm_object=$1;
$tm_name=$2;
$tm_burb=$3;
@tm_members=sort(split(/,/,$4));
if ($line=~/.*comments=/) {
$tm_comment=$line;
$tm_comment=~ s/^.*\bcomments=(.*)\s$/$1/;
}else{$tm_comment="None";}
print
("$tm_object\t$tm_name\t$tm_burb\tMembers\t\t$tm_comment\n");
$count=@tm_members; # print ("$count\n");
for ($i=0; $i<$count; $i++) {
print ("\t\t\t$tm_members[$i]\n");
}
}
# Servicegroup Table
if ($line =~ /table=servicegroup/) {
$line=~/^.*?table=(.*?)\s*name=(.*?)\smembers=(.*?)\s.*$/;
$tsw_object=$1;
$tsw_name=$2;
@tsw_members=sort(split(/,/,$3));
print ("$tsw_object\t$tsw_name\t\tMembers\n");
$count=@tsw_members; # print ("$count\n");
for ($i=0; $i<$count; $i++) {
print ("\t\t\t$tsw_members[$i]\n");
}
}
if ($line =~ /pos=/) {
$pos=$line;
$name=$line;
$agent=$line;
$service=$line;
$action=$line;
$sourceburb=$line;
$source=$line;
$destburb=$line;
$dest=$line;
$nat=$line;
$redir=$line;
$comments=$line;
$pos=~ s/.*\spos=(\d*?)\s.*/$1/;
$action=~ s/.*\saction=(.*?)\s.*/$1/;
if ($agent=~/.*agent=/) {$agent=~s/.*agent=(.*?)\s.*/$1/;
}else{$agent="all";}
if ($service=~/.*service=/)
{$service=~s/.*service=(.*?)\s.*/$1/;
}else{$service="all";}
if ($destburb=~/.*destburb=/)
{$destburb=~s/^.*destburb=(.*?)\s.*/$1/;
}else{$destburb="all";}
if ($dest=~/.*dest=/) { $dest=~s/.*dest=(.*?)\s.*/$1/;
}else{$dest="all";}
if ($sourceburb=~/.*sourceburb=/)
{$sourceburb=~s/.*sourceburb=(.*?)\s.*$/$1/;
}else{$sourceburb=$destburb;}
if ($source=~/.*source=/) { $source=~s/.*source=(.*?)\s.*/$1/;
}else{$source="all";}
if ($nat=~/.*nataddr=/) {$nat=~s/.*nataddr=(.*?)\s.*/$1/;
}else{$nat="None";}
if ($redir=~/.*redir=/) { $redir=~s/.*redir=(.*?)\s.*/$1/;
}else{$redir="None";}
if ($name =~/\bname=\'/) {
$name =~ s/.*\bname=\'(.*?)\'\s.*/$1/;
}else{
$name =~ s/.*\bname=(.*?)\s.*/$1/;}
if ($comments=~/.*comments=/) {
$comments=~ s/^.*\bcomments=(.*)\s$/$1/;
}else{$comments="None";}
print
("$pos\t$name\t$agent\t$service\t$action\t$sourceburb\t$source\t$destburb\t$dest\t$nat\t$redir\t$comments\n");
} # end of: if ($line =~ /pos=/) {
} # end of: if ($line =~ (/lastchangedby=/)) {
} # end of: while
print
("Pos\tName\tAgent\tService\tAction\tS-Burb\tSource\tD-Burb\tDest\tNat-Addr\tRedirect\tComments\n");
-------------
Am Thu, Jul 31, 2003 at 12:36:47PM -0500 schrieb sidewinder-admin@adeptech.com:
> Greetings everyone,
> I was wondering if anyone has a documentation tool or script that they know
> of to use on Sidewinder (any version above 5.2). My scripting abilities are
> severely lacking, and I'm required to provide information to my internal
> auditors such as proxies in use, acl's etc, and right now, I have a manual
> process that really is poor and hard to keep up to date. If anyone has
> figured out a way to parse a cf acl q into a readable format that tells you
> the burbs involved, hosts using the acl etc, or if you know of a tool that
> can do this, I would be extremely appreciative.
> Thanks
>
> Charles D. Schuppan
> Network Services
> Lead Network Analyst
> mailto:charles.schuppan@ecolab.com
> Phone: 651-726-5413
> Cell: 651-775-8230
>
> _______________________________________________
> Sidewinder mailing list
> Sidewinder@adeptech.com
> http://mail.adeptech.com/mailman/listinfo/sidewinder
--
Mit freundlichen Grüßen
Klaus Gröger
----
Klaus Groeger Abacom GmbH & Co. KG
mail: kg@abacom.net Konrad-Zuse-Str. 1
fon: +49 5271 967-120 37671 Hoexter
fax: +49 5271 967-267 Germany
----------------------------------------------------------------------------
I no longer need to punish, deceive, or compromise myself, unless I want to stay \
employed.
_______________________________________________
Sidewinder mailing list
Sidewinder@adeptech.com
http://mail.adeptech.com/mailman/listinfo/sidewinder
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic