Juniper 防火墙 - 可以报告流量分析的软件?

tag-icon tag-icon juniper
Juniper 防火墙 - 可以报告流量分析的软件?

我想找到一些开源软件(或相对便宜的软件),可以对 Juniper SSG(netscreen OS)防火墙的系统日志消息进行分析,并提供“热门目的地”、“热门协议”、“总体使用情况”等信息...

有人知道这样的工具吗?

答案1

我们决定使用 Manage Engine 的防火墙分析器。Cacti 的管理和维护难度太大,而 Splunk 无法满足我们的要求。

答案2

看一眼Splunk用于分析系统日志文件。

答案3

仙人掌是一个开源图形/警报解决方案,它与 syslog-NG(同样开源)之类的 Syslog 服务器以及系统日志插件,应该能满足您的需求。Cacti 很棒,虽然还没有尝试过该插件,但它在我要评估的(长)软件待办事项列表中。

答案4

您确定要使用商业解决方案吗?我编写了一个小型 Perl 脚本,可以执行相同的操作。看看它是否有用:

use strict;

my $log = shift;
my $n = shift || 5;

open FILE, $log or die "Can't open the file";

my %connections;
my %all_connections;

while (<FILE>){
    if (/^.*sent=(\d+) rcvd=(\d+) src=([\S+]+) dst=([\S+]+) src_port=(\d+) dst_port=(\d+).*$/){
        my ($src_ip, $dst_ip, $dst_port, $bytes) = ($3,$4, $6, $2);
        my $src_port = "";
        my ($src_int, $dst_int) = ("DMZ","TRUST");
        # Calculating Top users based on connection counts
        $connections{$src_int." => ".$dst_int}{conn_count}{$src_ip." => ".$dst_ip}++;
        $connections{$src_int." => ".$dst_int}{src_count}{$src_ip}++;
        $connections{$src_int." => ".$dst_int}{dst_count}{$dst_ip}++;

        # Calculating Top users based on bytes transferred
        $connections{$src_int." => ".$dst_int}{conn_bytes}{$src_ip." => ".$dst_ip} += $bytes;
        $connections{$src_int." => ".$dst_int}{src_bytes}{$src_ip}+= $bytes;
        $connections{$src_int." => ".$dst_int}{dst_bytes}{$dst_ip}+= $bytes;

        $all_connections{sprintf ("%-36s => %-36s (%-6d) %12s",$src_ip, $dst_ip, $dst_port)} += $bytes;
    }

}


foreach my $connection (sort keys %connections){
    print "--------------------------------------------------------------------------\n";
    print "STATISTICS FOR CONNECTION ", $connection, "\n";
    print "--------------------------------------------------------------------------\n";

    print "\nTop $n Connections by Bytes transferred\n";
    my $i = 0;
    printf ("%-56s %15s\n","Connection","Bytes Transferred");
    printf ("%-56s %15s\n","----------","-----------------");
    foreach my $conn_string (sort {$connections{$connection}{conn_bytes}{$b} <=> $connections{$connection}{conn_bytes}{$a} } keys %{$connections{$connection}{conn_bytes}}){
        last if $i > ($n-1);
        printf ("%-56s %15.0f\n", $conn_string, $connections{$connection}{conn_bytes}{$conn_string});
        $i++;
    }
    print "\n--------------------------------------------------------------------------\n";
    print "\nTop $n Source by Bytes transferred\n";
    my $i = 0;
    printf ("%-56s %15s\n","Source","Bytes Transferred");
    printf ("%-56s %15s\n","------","-----------------");
    foreach my $conn_string (sort {$connections{$connection}{src_bytes}{$b} <=> $connections{$connection}{src_bytes}{$a} } keys %{$connections{$connection}{src_bytes}}){
        last if $i > ($n-1);
        printf ("%-56s %15.0f\n", $conn_string, $connections{$connection}{src_bytes}{$conn_string});
        $i++;
    }

    print "\n--------------------------------------------------------------------------\n";
    print "\nTop $n Destination by Bytes transferred\n";
    my $i = 0;
    printf ("%-56s %15s\n","Destination","Bytes Transferred");
    printf ("%-56s %15s\n","-----------","-----------------");
    foreach my $conn_string (sort {$connections{$connection}{dst_bytes}{$b} <=> $connections{$connection}{dst_bytes}{$a} } keys %{$connections{$connection}{dst_bytes}}){
        last if $i > ($n-1);
        printf ("%-56s %15.0f\n", $conn_string, $connections{$connection}{dst_bytes}{$conn_string});
        $i++;
    }


    print "\n--------------------------------------------------------------------------\n";
    print "\nTop $n connections by Connection count\n";
    my $i = 0;
    printf ("%-56s %15s\n","Connection","Connection Count");
    printf ("%-56s %15s\n","----------","----------------");
    foreach my $conn_string (sort {$connections{$connection}{conn_count}{$b} <=> $connections{$connection}{conn_count}{$a} } keys %{$connections{$connection}{conn_count}}){
        last if $i > ($n-1);
        printf ("%-56s %15d\n", $conn_string, $connections{$connection}{conn_count}{$conn_string});
        $i++;
    }

    print "\n--------------------------------------------------------------------------\n";
    print "\nTop $n Source by Connection count\n";
    my $i = 0;
    printf ("%-56s %15s\n","Source","Connection Count");
    printf ("%-56s %15s\n","------","----------------");
    foreach my $conn_string (sort {$connections{$connection}{src_count}{$b} <=> $connections{$connection}{src_count}{$a} } keys %{$connections{$connection}{src_count}}){
        last if $i > ($n-1);
        printf ("%-56s %15d\n", $conn_string, $connections{$connection}{src_count}{$conn_string});
        $i++;
    }

    print "\n--------------------------------------------------------------------------\n";
    print "\nTop $n Destination by Connection count\n";
    my $i = 0;
    printf ("%-56s %15s\n","Destination","Connection Count");
    printf ("%-56s %15s\n","-----------","----------------");
    foreach my $conn_string (sort {$connections{$connection}{dst_count}{$b} <=> $connections{$connection}{dst_count}{$a} } keys %{$connections{$connection}{dst_count}}){
        last if $i > ($n-1);
        printf ("%-56s %15d\n", $conn_string, $connections{$connection}{dst_count}{$conn_string});
        $i++;
    }

    print "\n\n";


}

printf ("%-30s       %-36s  %-6s  %12s\n", "Source IP", "Destination IP", "Port", "Bytes");
printf ("%-30s       %-36s  %-6s  %12s\n", "-------------------------------", "------------------------------------", "------", "------------");
#map {print $_->[0]."\n"} @all_connections;

#print Dumper(\%all_connections);

foreach my $connection (sort {$all_connections{$b} <=> $all_connections{$a}} keys %all_connections)
{
    print "$connection  $all_connections{$connection}\n";
}

#map {printf ("%-36s (%-6d) => %-36s (%-6d) %12s\n", $_->[0], $_->[1], $_->[2], $_->[3], $_->[4])} sort {$b->[4] <=> $a->[4]} @all_connections;

相关内容