尝试过滤未启用日志的防火墙安全策略。
我刚刚对策略进行了 GREP 处理,该策略提供了与“操作和日志设置”匹配的策略的输出。但我不知道有什么过滤机制。
#zcat config.gz | egrep permit\|deny\|log | grep policy
set security policies from-zone Trust to-zone Untrust policy 44 then permit
set security policies from-zone Trust to-zone Untrust policy 44 then log session-init
set security policies from-zone Trust to-zone Untrust policy 34 then permit
set security policies from-zone Trust to-zone Untrust policy 34 then log session-init
set security policies from-zone Trust to-zone Untrust policy 82 then permit
set security policies from-zone Trust to-zone Untrust policy 82 then log session-init
set security policies from-zone Trust to-zone Untrust policy 82 then log session-close
set security policies from-zone Trust to-zone Untrust policy 73 then deny
set security policies from-zone Trust to-zone Untrust policy 73 then log session-close
set security policies from-zone Trust to-zone Untrust policy 72 then deny
set security policies from-zone Trust to-zone Untrust policy 72 then log session-close
set security policies from-zone Trust to-zone Untrust policy 67 then permit
set security policies from-zone Trust to-zone Untrust policy 53 then permit
set security policies from-zone Trust to-zone Untrust policy 53 then log session-init
set security policies from-zone Trust to-zone Untrust policy 30 then deny
set security policies from-zone Trust to-zone Untrust policy 30 then log session-close
set security policies from-zone Trust to-zone Untrust policy 75 then permit
set security policies from-zone Trust to-zone Untrust policy 75 then log session-init
set security policies from-zone Trust to-zone Untrust policy 76 then permit
set security policies from-zone Trust to-zone Untrust policy 28 then permit
set security policies from-zone Trust to-zone Untrust policy 28 then log session-init
set security policies from-zone Trust to-zone Untrust policy 50 then permit
set security policies from-zone Trust to-zone Untrust policy 50 then log session-init
set security policies from-zone Trust to-zone Untrust policy 51 then permit
set security policies from-zone Trust to-zone Untrust policy 51 then log session-init
set security policies from-zone Trust to-zone Untrust policy 55 then permit
set security policies from-zone Trust to-zone Untrust policy 55 then log session-init
set security policies from-zone Trust to-zone Untrust policy 56 then permit
set security policies from-zone Trust to-zone Untrust policy 79 then permit
set security policies from-zone Trust to-zone Untrust policy 79 then log session-init
set security policies from-zone Trust to-zone Untrust policy 57 then permit
set security policies from-zone Trust to-zone Untrust policy 57 then log session-init
set security policies from-zone Trust to-zone Untrust policy 58 then permit
set security policies from-zone Trust to-zone Untrust policy 58 then log session-init
我想知道没有启用日志的策略。
示例: “策略 67”只有允许语句但未记录。 应过滤并显示策略名称。
最佳答案
使用 GNU awk 实现真正的多维数组:
$ cat tst.awk
/permit|deny|log/ && /policy/ { present[$9][$11] }
END {
for (policy in present) {
if ( !( "log" in present[policy] ) ) {
print policy
}
}
}
$ awk -f tst.awk file
56
67
76
使用任何 awk:
$ cat tst.awk
/permit|deny|log/ && /policy/ { policies[$9]; present[$9,$11] }
END {
for (policy in policies) {
if ( !( (policy,"log") in present ) ) {
print policy
}
}
}
通过上述方法,您可以编写 if 语句来测试您喜欢的每个策略的任何状态组合。
关于awk - 查找没有关键字的行/在给定的行对中,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/55844671/