I have to process FW1 log alert on daily basis. I' getting tired with dashboard log alert that comes together with FW1. And the worst thing is; for a decent reporting; extra amount of money needed to buy Eventia log reporting module. I end up using fwlogsum a tool written in perl. Since i need to process on windows machine; and i'm totally fuck up with windows script; i decided to use perl as automated tools equipped with the MIME::Lite and NET::SMTP. Here's the script.
use Time::Local;
use MIME::Lite;
use Net::SMTP;
#Global variable
$base="X:/Where i work/";
$logdir="X:/New log dir/";
$rawlogdir="X:/Original log directory/";
$appen="_xyzs.log";
$today = timelocal(localtime);
@yesterday = localtime ($today - (24*60*60));
$d=@yesterday[3];
$m=@yesterday[4]+1;
$year=@yesterday[5]+1900;
#formatting date
if ( $d <>
$day = "0$d";
}else{
$day = $d;
}
if ( $m <>
$month = "0$m";
}else{
$month = $m;
}
#New file created
$LEAfile ="$rawlogdir$year-$month-$day$appen";
$exportfile="$logdir$year$month$day.log";
@filelist=("$base$year$month$day-accept.html", "$base$year$month$day-drop.html" ,"$base$year$month$day-attack.html");
#Processing file
`fwm logexport -d ";" -n -p -i "$LEAfile" -o "$logdir$year$month$day.log"`;
`perl "$base"fwlogsum -w -ra -S -l "$exportfile" -o "@filelist[0]" -H "Accepted Traffics for $day-$month-$year" -v`;
`perl "$base"fwlogsum -w -rx -S -l "$exportfile" -o "@filelist[1]" -H "Drop Traffics for $day-$month-$year" -v`;
`perl "$base"fwlogsum -w -rt -S -l "$exportfile" -o "@filelist[2]" -H "Attack Traffics for $day-$month-$year" -v`;
#Sending the report; reference code to Martin Zahn / 05.01.2003
my $from_address = 'fwreport@pencacaimachine.relaks.com.au';
my $to_address = 'my_master@relaks.com.au';
my $mail_host = '172.16.100.1';
### Adjust subject and body message
my $subject = "Firewall report for $day-$month-$year";
my $message_body = "Please Refer to attachment\n";
### Filename
my $my_report1 = "$base$year$month$day-accept.html";
my $your_report1 = "$year$month$day-accept.html";
my $my_report2 = "$base$year$month$day-drop.html";
my $your_report2 = "$year$month$day-drop.html";
my $my_report3 = "$base$year$month$day-attack.html";
my $your_report3 = "$year$month$day-attack.html";
### Create the multipart container
$msg = MIME::Lite->new (
From => $from_address,
To => $to_address,
Subject => $subject,
Type =>'multipart/mixed'
) or die "Error creating multipart container: $!\n";
### Add the text message part
$msg->attach (
Type => 'TEXT',
Data => $message_body
) or die "Error adding the text message part: $!\n";
### Add the Report 1
$msg->attach (
Type => 'text/plain',
Path => "$my_report1",
Filename => "$your_report1",
Disposition => 'attachment'
) or die "Error adding $file_html: $!\n";
### Add the Report 2
$msg->attach (
Type => 'text/plain',
Path => "$my_report2",
Filename => "$your_report2",
Disposition => 'attachment'
) or die "Error adding $file_html: $!\n";
### Add the Report 3
$msg->attach (
Type => 'text/plain',
Path => $my_report3,
Filename => $your_report3,
Disposition => 'attachment'
) or die "Error adding $file_html: $!\n";
### Send the Message
MIME::Lite->send('smtp', $mail_host, Timeout=>60);
$msg->send;
###Clean up Report
unlink (@filelist);
So now; i only have to check my mailbox for the log report summary. Only when there is something wierd on the reporting; then only i turn to FW1 dashboard.
Saturday, September 09, 2006
Subscribe to:
Posts (Atom)