Giter Club home page Giter Club logo

fg_log_parser's Introduction

Fortigate Log Parser

Parses a Fortigate traffic log and presents a communication matrix. The communication matrix has the form:

Source IP
    Destination IP
        Destination Port
            Protocol
                Count
                Rcvdbytes
                Sentbytes

Features

  • Missing values will be substituted with β€˜None’
  • Log format can be specified with parameters for srcip, dstip, dport, protocol, rcvdbytes, sentbytes fields.
  • Default logfile format is the fortigate traffic log. The log format can be adjusted to other log formats, for example iptables logs.
  • Export to .csv format is possible

Example Session

$ python fg_log_parser.py -b -f example.log 
192.168.1.3
    1.2.3.4
	    443
		    TCP
			    count
				    1
			    rcvdbytes
				    11798
			    sentbytes
				    1686
    4.4.5.5
	    443
		    TCP
			    count
				    1
			    rcvdbytes
				    7642
			    sentbytes
				    1621
    1.1.2.2
	    443
		    TCP
			    count
				    1
			    rcvdbytes
				    29710
			    sentbytes
				    3174
    8.8.8.8
	    53
		    UDP
			    count
				    10
			    rcvdbytes
				    2001

Usage

The help message contains information about general options and log format options.

Usage: fg_log_parser.py

$ python fg_log_parser.py --help
Fortigate Log Parser
Parses a Fortigate logfile and presents a communication matrix.

Usage: fg_log_parser.py
    fg_log_parser.py (-f <logfile> | --file <logfile>) [options]

Options:
    -s --showaction         Show action field.
    -b --countbytes         Count bytes for each communication quartet
    -h --help               Show this message
    -v --verbose            Activate verbose messages
    --version               Shows version information
    -n --noipcheck          Do not check if src and dst ip are present
    -c --csv                Print matrix in csv format (default is nested format)

    Log Format Options (case sensitive):
    --srcipfield=<srcipfield>       Src ip address field [default: srcip]
    --dstipfield=<dstipfield>       Dst ip address field [default: dstip]
    --dstportfield=<dstportfield>   Dst port field [default: dstport]
    --protofield=<protofield>       Protocol field [default: proto]


    If countbytes options is set you may have to specify:
    --sentbytesfield=<sentbytesfield>  Field for sent bytes [default: sentbyte]
    --rcvdbytesfield=<rcvdbytesfield>  Field for rcvd bytes [default: rcvdbyte]

Examples:
    Parse Fortigate Log:
        fg_log_parser.py -f fg.log
    Parse Iptables Log:
        fg_log_parser.py -f filter --srcipfield=SRC --dstipfield=DST --dstportfield=DPT --protofield=PROTO
    Parse Fortianalyzer Log:
        fg_log_parser.py -f faz.log --srcipfield=src --dstipfield=dst

Tests

The python doctest module is used for tests. The tests are located either in the function docstring directly or in the logfiles.test file. Some common logfiles with different logformats are in testlogs/ and are tested each time.

fg_log_parser's People

Contributors

oelu avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    πŸ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. πŸ“ŠπŸ“ˆπŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❀️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.