Comments on: Create communication matrix from CSV logexport http://stoneblog.stonesoft.com/2009/06/create-commuinication-matrix-from-csv-logexport/ Share knowledge about StoneGate Wed, 08 Feb 2012 09:11:13 +0000 hourly 1 http://wordpress.org/?v=3.3.1 By: Bernd Bornkessel http://stoneblog.stonesoft.com/2009/06/create-commuinication-matrix-from-csv-logexport/comment-page-1/#comment-103 Bernd Bornkessel Fri, 26 Jun 2009 15:09:29 +0000 http://stoneblog.stonesoft.com/?p=1418#comment-103 Hi, please make sure that you filter out any log entries like IPSec Info, Authentication, Accounting before you export the logs. Filter for events like "New Connection", "New Connection through VPN", "Connection Discarded" or any combination of these. Of course we could do this job also in the script. But as the export file would grow including all logentries, the script performance and memory consumption would increase radically. Perhaps you should also have a look to the fields of the exported csv File. The line resultFields = (7, 8, 9, 12, 14, 15) describes which fields of the export file are taken over to the result file. Remember to start counting from 0. The first field is "Src Addr", second "Dst Addr", third "Service", fourth "Dst Port". The last two ones are optional. In this case source NAT and destination NAT. Regards, Bernd Hi,

please make sure that you filter out any log entries like IPSec Info, Authentication, Accounting before you export the logs.
Filter for events like “New Connection”, “New Connection through VPN”, “Connection Discarded” or any combination of these.

Of course we could do this job also in the script. But as the export file would grow including all logentries, the script performance and memory consumption would increase radically.

Perhaps you should also have a look to the fields of the exported csv File. The line
resultFields = (7, 8, 9, 12, 14, 15)
describes which fields of the export file are taken over to the result file. Remember to start counting from 0. The first field is “Src Addr”, second “Dst Addr”, third “Service”, fourth “Dst Port”. The last two ones are optional. In this case source NAT and destination NAT.

Regards,
Bernd

]]> By: pakki http://stoneblog.stonesoft.com/2009/06/create-commuinication-matrix-from-csv-logexport/comment-page-1/#comment-101 pakki Wed, 24 Jun 2009 10:50:19 +0000 http://stoneblog.stonesoft.com/?p=1418#comment-101 Hi, sounds like a usefull tool. However, I tried this but I got results like "UDP 6394613". My python skills is not sufficient that I could fix that. :-( Hi, sounds like a usefull tool.

However, I tried this but I got results like “UDP 6394613″. My python skills is not sufficient that I could fix that. :-(

]]>