cancel
Showing results for 
Search instead for 
Did you mean: 
Create a Post
Highlighted

Tufin 'automatic policy generator' and R80

I saw a post about 2 years ago around APG (automatic policy generator) and R80 and it was stated that it was not on roadmap.  Would like to know if this is still the case or if it's possible to use this tool to sift through log data for the sake of crafting policies from logs?  I have tried unsuccessfully to run the cli tool and have it successfully convert the logs to the format necessary for tufin to read this in for the purpose of having detailed output of the connections that have been serviced by the firewall.

Was trying to use SmartEvent but unless you have "Sessions" enabled it is not possible to generate Network Activity reports - you only get drops so cannot use this product to obtain the desired results.

--Juan

4 Replies
Highlighted

Re: Tufin 'automatic policy generator' and R80

Have you tried the latest Tufin version 18.3?

Tags (1)
0 Kudos
Highlighted

Re: Tufin 'automatic policy generator' and R80

I'm using version 19.1.  Using the following command to try to read old logs:

 

st_apg_collect -m 1 -f /checkpoint/april_logs --from="2019-04-06" --to="2019-04-07" --policy-name=<Policy_Name>

 

it kicks off:

 

Writing logs to: /checkpoint/april_logs (truncating original file)
Searching for log files on server...
Searching 2019-04-06_124508_6.log...
Searching 2019-04-06_235900.log...
Searching 2019-04-07_000000.log...
[root@TufinOS checkpoint]#

 

and result is an empty file after an hour of processing:

[root@TufinOS checkpoint]# ls -alh
total 8.0K
drwxr-xr-x 2 root root 4.0K Apr 24 19:32 .
dr-xr-xr-x 24 root root 4.0K Apr 22 07:16 ..
-rw-r--r-- 1 root root 0 Apr 24 15:34 april_logs

I have verified and reverified my information, that there are logs/indexes in this timeframe but for whatever reason the data is not being extracted.

Highlighted

Re: Tufin 'automatic policy generator' and R80

and what Tufin support said on this?

Re: Tufin 'automatic policy generator' and R80

There is a known bug which they were working on - still no resolution customer switched to a different solution.