I know , I know, I have to get out of this Checkpoint-only land and am working on this ,but for today again comes the awk travelling diary on the Checkpoint firewall roads. As I mentioned before once you export firewall logs into human-readable format you can do lots of interesting things – for example script that gives statistics of how many times each Security rule was hit .
Be aware that this counts explicit Security rules only – i.e. the ones you see in Security tab of the Smartdashboard. No other rules you usually see in Smartview Tracker are counted – e.g. SmartDefense,Web Filtering etc. Also afterwards I sort it by number of hits to see what rules are used most:
awk -F\; ‘ {match($0,/rule: +([0-9]+)/,rules);rule_count[rules[1]]++} END {for (rule_number in rule_count) print ” Rule number: ” rule_number ” Hits: ” rule_count[rule_number]}’ ./fw.log.txt | sort -n -k5
Rule number: Hits: 1197330 Ignore this line as it counts non-matched lines I dont want to filter with additional conditions and added time processing Rule number: 2 Hits: 9 Rule number: 5 Hits: 366 Rule number: 11 Hits: 12296 Rule number: 9 Hits: 14457 Rule number: 0 Hits: 17094 Rule number: 1 Hits: 44066 Rule number: 7 Hits: 233643 Rule number: 10 Hits: 366275 Rule number: 6 Hits: 424639
Post a Comment