I'm working on a firewall audit where we are trying to tighten access from the LAN out to the Internet.
We have an access-list entry that logs the traffic going outbound and this is being sent to our Kiwi syslog server.
I'm looking for a way to take all of these syslog entries and convert them to access-list entries so they can be added to the firewall config.
I found the following 2 links below that show perl scripts that can do this but they're not working so well for me. I'm trying to run them on a Windows machine and I'm far from a Perl expert.
Has anyone else out there had a similar task and can you help shed some light on how you accomplished this?