#!/bin/sh

###########################################
# Firewall-1 Summarizer 		  #
# (c) Daniel Grahn			  #
# daniel.grahn@pakom.se                   #
# http://daniel.granlundkommunikation.nu  #
###########################################
# Usage: fw1_sum.sh logfile(s)		  #
###########################################
# Tested On Checkpoint Firewall-1 4.1 Sp3 #
# Logfiles                                #
# OS: Linux/FreeBSD/Tru64/Solaris         #
###########################################
# Change appropiate parameters            #
#                                         #
# --------------------------------------- #
# Known bugs: Checkpoint "fuckup" on log  #
# format, workaround in progress          #
###########################################

help1()
{
        echo ""
        echo ""
        echo " Usage: [fw1_sum.sh logfile(s)]"
        echo ""
        echo ""
}

if [ "$1" != "" ] ; then

DATE=`date +%Y%m%d`
VER=0.9
HOST=`hostname`
SEP=";"
FW=`tail -4 $1|awk -F $SEP '{ print $4 }'`    # ORIGIN FW
LINES=`cat $1|wc -l`
LDATE=`tail -4 $1 | awk -F $SEP '{ print $2 }'` # DATE IN LOG
STIME=`head -2 $1 | grep -v date | grep -v time| awk -F $SEP '{ print $2,$3 }'`
ETIME=`tail -4 $1 | grep -v date | grep -v time| awk -F $SEP '{ print $2,$3 }' | sort -d | tail -1`
S2='num;date;time;orig;type;action;alert;i/f_name;i/f_dir;proto;src;dst;service;s_port;rule;reason:;len;xlatesrc;xlatedst;xlatesport;xlatedport;icmp-type;icmp-code;product;message;user;port:;IKE Log:;Negotiation Id:;srckeyid;dstkeyid;scheme:;methods:;encryption failure:;reason;sys_msgs'
S3=`head -1 $1`

	#SORT ON SOURCE IP AND DROP/REJECT
	echo ""
	echo " Firewall-1 Log Summarizer [$DATE]"
	echo ""
	echo " Log date:      [$LDATE]"
	echo " Timeline:      [$STIME] - [$ETIME]"
	echo " Host:          [$HOST]"
	echo " Firewall:      [$FW]"
	echo " File:          [$1]"
	echo " Sort order:    [Source IP]"
	echo " Total records: [$LINES]"
	echo " Delimiter:     [$SEP]" 
	echo " Version:       [$VER]"
	echo ""
	echo "-[BOF]-"
	echo ""
	head -1 $1|awk -F $SEP '{ print "accur"," ",$6,"\t",$10,"\t",$11,"\t",$12,"\t",$13,"\t",$15 }'
	echo "------------------------------------------------------------"
	echo ""
	cat -s $1|awk -F $SEP '{ print "[]",$6,"\t",$10,"\t",$11,"\t",$12,"\t",$13,"\t",$15 }'|grep -v ctl|grep -v action|grep -v accept|grep -v decrypt|grep -v encrypt|grep -v authcrypt|grep -v keyinst|grep -v act31|sort -b -g -k 2,3|uniq -c|sort -k 2 -b -s
	echo ""
	echo "-[EOF]-"
	echo ""

else

	help1

fi