Re: Processing checkpoint web visualization tool XML-output with Perl

[Jannis Kafkoulas <jasecml () yahoo com>]

Hola Javier,

If  I understood well while readind the abstract ofiller/odumper are tools for processing fw objects only but not the 
whole config. Is that correct or am I mistaken?

Anyway, what I want to do is following.
We have our CP rules organized in groups, each of them containig the rules 
belonging to one project. These groups of rules have a text header line above them.
Well, now I'd like to read all of the rules and produce reports one for each of the groups.
My strategy is to first use the visualization tool. This way I get everything in XML. And this is my problem at the 
moment:-).
I started reading XML, XSL and the Perl Modules and I started already with XPath.
The problem is now reading all the rules between two <header_text> elements, i.e. the rules belonging to this group.
Whatever I tried I allways got the whole rule set, so I can't know which rules belong to a specific group of rules. I 
think, the problem is that the <header_text> nodes are also implemented as rules and these <rule> nodes are siblings to 
the other rules, so I can't use the <header_text> rule as a parent node to its including rules...
All the fw rules have the same parent, to say that more clearly.
I don't know whether XPath is the right tool in this case.


Peter (Milleson),

Thanks for your example in TreeBuilder, I'll give it a try too.


Frederik,

This is only for log processing, I think. 
Nevertheless, thanks for the hint, I'll need this too for the next project "which fw rule has been used when last?".


Thanks to anyone for the answers

Saludos and cheers
Jannis

--- Javier Reyna <jreyna () onlinet com mx> schrieb am Di, 24.2.2009:

> Von: Javier Reyna <jreyna () onlinet com mx>
> Betreff: Re: Processing checkpoint web visualization tool XML-output with Perl
> An: "Jannis Kafkoulas" <jasecml () yahoo com>
> CC: security-basics () securityfocus com
> Datum: Dienstag, 24. Februar 2009, 13:09
> What information do you need to extract?
>
> Maybe you'll find usefull the tool developed by Martin
> Hoz. ofiller/odumper, it reads 
> the configuration from checkpoint and dump it to csv file. 
>
> Check it out:
>
> http://www.chatscope.com/ofiller/
>
>
> On Mon, Feb 23, 2009 at 07:32:30AM -0800, Jannis Kafkoulas
> wrote:
> > Hi,
> >
> > I have to extract information from the CP NG ruleset.
> > Of cource I'd like to have this done
> automatically.
> > I think using the "advanced (XML) Format"
> method is the best I can do.
> > I decided to process the output with XML::Modules in
> Perl.
> > But the problem is I'm a very newbie in XML 
> > (just started working through it:-( ).
> > So, did someone the Job already in order to give me
> some hints which Modules to use the best?
> > Thanks a lot for any help
> >
> > jannis
> >
> >
> >       
>
> -- 
> Saludos!
> ________________
>
> Javier Reyna 
> CCSE WCSE ISS-CS NSP JNCIA-FWV
> Consultor en Seguridad
> jreyna () onlinet com mx
> www.onlinet.com.mx
>  ,,__
>  o" )~
>  ''''