#------------------------------------------------------------------------------- # Name: import_quar.py # purpose: read a textfile with output from FortiOS diag command, # create output for importing again (e.g. to different FGT) # # usage: import_quar [filename] or import_quar < filename # output: quarlist.bcmd # author: Wolfgang Beneicke # # created: 2023-02-10 # copyright: (c) 2023 BENEICKE EDV-Beratung, Heidelberg, Germany # Licence: use as you please #------------------------------------------------------------------------------- import sys import datetime as dt # strptime(), datetime def main(): outfile = 'quarlist.bcmd' now = dt.datetime.now() f = open(sys.argv[1],'r') if (len(sys.argv) > 1) else sys.stdin # get the input with f: qlist = f.readlines() with open(outfile,'w') as out: input_fmt = '%b %d %H:%M:%S %Y' read = written = 0 for line in qlist: read += 1 items = line.split() # match line against pattern; here: 12 items if len(items) != 12: continue # a.b.c.d Sun Feb 5 18:32:44 2023 Sun Feb 12 18:32:44 2023 IPS # items: # 0: IPv4 # 1-5: start date=wd mon day time year # 6-10: expiry date # 11: source (admin/dlp/ips/av/dos) IPv4 = items[0] source = items[11] source = source[:5].lower() # max 5 chars # if source is misspelled, 'dlp' will be used by FortiOS # leave out weekday # startdate = dt.datetime.strptime(' '.join(items[2:6]), input_fmt) expirydate = dt.datetime.strptime(' '.join(items[7:11]), input_fmt) # calc duration from expiry date and current time duration = (now - expirydate).seconds if duration > 0: print(f"diag user quarantine add src4 {IPv4} {duration} {source}", file=out) written += 1 print(f'{written} output commands written to file {outfile}, {read-written} lines discarded') if __name__ == '__main__': main()