Buy Now Buy Download Tour

TextPipe Pro is adept at working with massive, multi-Gigabyte log files for security analysis.

TextPipe can be used to extract log information on firewall traffic, security breaches, and more. This helps network administrators to manage bandwidth, monitor web site visits, audit traffic, and ensure appropriate usage of networks by employees.

TextPipe can be used to extract from most enterprise firewalls including Check Point, Cisco PIX, SonicWALL, NetScreen, WatchGuard, and many more.

Example

The example below demonstrates cleaning a CheckPoint Firewall log for use with Computer Associates (CA) Network Forensics (eNWF). Network Forensics requires one event per line and each line in the same format.

Download checkpoint.zip

Sample input CheckPoint Firewall Log:

"Date","Time","Action","FW.Name","Direction","Source","Destination","Bytes","Rules","Protocol"
"datetime=26Aug2001","20:26:02","action=drop","fw_name=NFL-cp.NFL.gov","dir=inbound","src=139.67.8.235","dst=139.203.160.214","bytes=48","rule=29","proto=tcp/http"
"datetime=26Aug2001","20:26:02","action=drop","fw_name=NFL-cp.NFL.gov","dir=inbound","src=210.22.4.200","dst=139.203.133.42","bytes=48","rule=29","proto=tcp/http"
"datetime=26Aug2001","20:26:02","action=drop","fw_name=NFL-cp.NFL.gov","dir=inbound","src=200.211.147.23","dst=139.203.18.177","bytes=48","rule=29","proto=tcp/http"
"datetime=26Aug2001","20:26:02","action=drop","fw_name=NFL-cp.NFL.gov","dir=inbound","src=139.184.77.8","dst=139.203.141.128","bytes=48","rule=29","proto=tcp/http"
"datetime=26Aug2001","20:26:02","action=drop","fw_name=NFL-cp.NFL.gov","dir=inbound","src=61.129.122.129","dst=139.203.250.160","bytes=64","rule=29","proto=tcp/http"
"datetime=26Aug2001","20:26:02","action=drop","fw_name=NFL-cp.NFL.gov","dir=inbound","src=61.142.57.208","dst=139.203.67.133","bytes=48","rule=29","proto=tcp/http"
"datetime=26Aug2001","20:26:02","action=drop","fw_name=NFL-cp.NFL.gov","dir=inbound","src=206.247.102.9","dst=139.203.111.23","bytes=48","rule=29","proto=tcp/http"
"datetime=26Aug2001","20:26:02","action=drop","fw_name=NFL-cp.NFL.gov","dir=inbound","src=211.75.239.157","dst=139.203.152.208","bytes=48","rule=29","proto=tcp/http"
"datetime=26Aug2001","20:26:02","action=drop","fw_name=NFL-cp.NFL.gov","dir=inbound","src=209.165.171.246","dst=139.203.73.178","bytes=48","rule=29","proto=tcp/http"
"datetime=26Aug2001","20:26:02","action=drop","fw_name=NFL-cp.NFL.gov","dir=inbound","src=64.70.1.57","dst=139.203.241.128","bytes=48","rule=29","proto=tcp/http"
"datetime=26Aug2001","20:26:03","action=drop","fw_name=NFL-cp.NFL.gov","dir=inbound","src=61.138.33.102","dst=139.203.13.45","bytes=48","rule=29","proto=tcp/http"
"datetime=26Aug2001","20:26:03","action=drop","fw_name=NFL-cp.NFL.gov","dir=inbound","src=139.142.143.60","dst=139.203.131.222","bytes=48","rule=29","proto=tcp/http"
"datetime=26Aug2001","20:26:03","action=drop","fw_name=NFL-cp.NFL.gov","dir=inbound","src=139.184.155.183","dst=139.203.143.53","bytes=48","rule=29","proto=tcp/http"
"datetime=26Aug2001","20:26:03","action=drop","fw_name=NFL-cp.NFL.gov","dir=inbound","src=139.44.116.240","dst=139.203.241.7","bytes=48","rule=29","proto=tcp/http"
"datetime=26Aug2001","20:26:03","action=drop","fw_name=NFL-cp.NFL.gov","dir=inbound","src=61.141.206.1","dst=139.203.43.222","bytes=48","rule=29","proto=tcp/http"
"datetime=26Aug2001","20:26:03","action=drop","fw_name=NFL-cp.NFL.gov","dir=inbound","src=139.111.50.220","dst=139.203.31.197","bytes=48","rule=29","proto=tcp/http"
"datetime=26Aug2001","20:26:04","action=drop","fw_name=NFL-cp.NFL.gov","dir=inbound","src=194.244.77.147","dst=139.203.212.209","bytes=48","rule=29","proto=tcp/http"
"datetime=26Aug2001","20:26:04","action=drop","fw_name=NFL-cp.NFL.gov","dir=inbound","src=139.139.67.57","dst=139.203.219.68","bytes=48","rule=29","proto=tcp/http"
"datetime=26Aug2001","20:26:04","action=drop","fw_name=NFL-cp.NFL.gov","dir=inbound","src=139.142.136.156","dst=139.203.111.30","bytes=48","rule=29","proto=tcp/http"
"datetime=26Aug2001","20:26:04","action=drop","fw_name=NFL-cp.NFL.gov","dir=inbound","src=64.171.190.52","dst=139.203.15.41","bytes=48","rule=29","proto=tcp/http"

Sample output format for Network Forensics:

08/26/2001	20:26:02	drop	NFL-cp.NFL.gov	inbound	61.142.57.208	139.203.67.133	48	29	HTTP 
08/26/2001	20:26:02	drop	NFL-cp.NFL.gov	inbound	206.247.102.9	139.203.111.23	48	29	HTTP 
08/26/2001	20:26:02	drop	NFL-cp.NFL.gov	inbound	211.75.239.157	139.203.152.208	48	29	HTTP 
08/26/2001	20:26:02	drop	NFL-cp.NFL.gov	inbound	209.165.171.246	139.203.73.178	48	29	HTTP 
08/26/2001	20:26:02	drop	NFL-cp.NFL.gov	inbound	64.70.1.57	139.203.241.128	48	29	HTTP 
08/26/2001	20:26:03	drop	NFL-cp.NFL.gov	inbound	61.138.33.102	139.203.13.45	48	29	HTTP 
08/26/2001	20:26:03	drop	NFL-cp.NFL.gov	inbound	139.142.143.60	139.203.131.222	48	29	HTTP 
08/26/2001	20:26:03	drop	NFL-cp.NFL.gov	inbound	139.184.155.183	139.203.143.53	48	29	HTTP 
08/26/2001	20:26:03	drop	NFL-cp.NFL.gov	inbound	139.44.116.240	139.203.241.7	48	29	HTTP 
08/26/2001	20:26:03	drop	NFL-cp.NFL.gov	inbound	139.44.116.240	139.203.241.7	48	29	HTTP 
08/26/2001	20:26:03	drop	NFL-cp.NFL.gov	inbound	139.44.116.240	139.203.241.8	48	29	HTTP 
08/26/2001	20:26:03	drop	NFL-cp.NFL.gov	inbound	139.44.116.240	139.203.241.9	48	29	HTTP 
08/26/2001	20:26:03	drop	NFL-cp.NFL.gov	inbound	139.44.116.240	139.203.241.10	48	29	HTTP 
08/26/2001	20:26:03	accept	NFL-cp.NFL.gov	inbound	139.44.116.240	139.203.241.11	48	29	TELNET 
08/26/2001	20:26:03	drop	NFL-cp.NFL.gov	inbound	139.44.116.240	139.203.241.7	48	29	TELNET 
08/26/2001	20:26:03	drop	NFL-cp.NFL.gov	inbound	139.44.116.240	139.203.241.7	48	29	TELNET 
08/26/2001	20:26:03	drop	NFL-cp.NFL.gov	inbound	139.44.116.240	139.203.241.8	48	29	TELNET 
08/26/2001	20:26:03	drop	NFL-cp.NFL.gov	inbound	139.44.116.240	139.203.241.9	48	29	TELNET 
08/26/2001	20:26:03	drop	NFL-cp.NFL.gov	inbound	139.44.116.240	139.203.241.10	48	29	TELNET 

Buy Now Buy Download Tour