| line |
true |
false |
branch |
|
20
|
0 |
0 |
if ($logline) |
|
25
|
0 |
0 |
if ($logline =~ /NetScreen device_id/ and $logline =~ /action=/) { } |
|
|
0 |
0 |
elsif ($logline =~ /
�
� # This should also work for syslog formatted CP logs
� # which is why there's no start of line anchor "^".
�
� \d\d?:\d\d?:\d\d?\s # HH:MM:SS
� (accept|drop|reject|encrypt|decrypt)\s # action
�
� /x) { } |
|
|
0 |
0 |
elsif ($logline =~ /%(PIX|FWSM)-\d+-\d+:/) { } |
|
|
0 |
0 |
elsif ($logline =~ /Packet log:/) { } |
|
|
0 |
0 |
elsif ($logline =~ /kernel:\sRULE\s\d+\s--/) { } |
|
|
0 |
0 |
elsif ($logline =~ /ipmon\[\d+\]:\s/) { } |
|
|
0 |
0 |
elsif ($logline =~ /\spf:\s/) { } |
|
104
|
0 |
0 |
if (open PROTOCOLS, '/etc/protocols') { } |
|
106
|
0 |
0 |
unless (/^#/) |
|
130
|
0 |
0 |
if (open SERVICES, '
|
|
132
|
0 |
0 |
unless (/^#/) |
|
161
|
0 |
0 |
if ($logline =~ /tcp|mss|win \d+$/) |
|
177
|
0 |
0 |
if ($logline =~ /\[\|domain\]$/ or $logline =~ /\[\|isakmp\]$/ or $logline =~ / NTPv\d, / or $logline =~ / SYSLOG / or $logline =~ / UDP, / or $logline =~ / SIP, / or $logline =~ / NBT UDP PACKET/) |
|
199
|
0 |
0 |
if ($logline =~ / ICMP (.+), /) |
|
228
|
0 |
0 |
if ($protocol eq 'icmp') { } |
|
271
|
0 |
0 |
if ($protocol eq 'icmp') { } |
|
275
|
0 |
0 |
if ($logline =~ / icmp-type /) |
|
280
|
0 |
0 |
if ($logline =~ / icmp-code /) |
|
315
|
0 |
0 |
if ($logline =~ m[
�
� %PIX-6-30201[35]:\s
� Built\s(in|out)bound\s([\d\w]+)\sconnection\s\d+\s
� for\s.+:(.+)/(\d+)(?:\s\(.+\))?\s
� to\s.+:(.+)/(\d+)\s.*
�
� ]x) |
|
329
|
0 |
0 |
if ($1 eq 'in') { } |
|
337
|
0 |
0 |
if ($logline =~ /
�
� %PIX-5-304001:\s
� (.+)
� \sAccessed\sURL\s
� (.+):
�
� /x) |
|
354
|
0 |
0 |
if ($logline =~ m[
�
� %PIX-6-106015:\sDeny\s
� (\w+)\s\(.+\)\s
� from\s(.+)/\d+\s
� to\s(.+)/(\d+)\s
�
� ]x) |
|
371
|
0 |
0 |
if ($logline =~ m[
�
� #%PIX-3-305005:\sNo\stranslation\sgroup\sfound\sfor\s
� #(\w+)\ssrc\s.+:
� #(.+)/\d+\sdst\s.+:
� #(.+)/(\d+)
�
� %PIX-3-305005:\sNo\stranslation\sgroup\sfound\sfor\s
� (\w+)\ssrc\s.+:
� ([-._\d\w]+)(?:/\d+)?\sdst\s.+:
� ([-._\d\w]+)(?:/(\d+)|\s\((.+)\))
�
� ]x) |
|
397
|
0 |
0 |
if ($logline =~ m[
� %PIX-3-106011:\sDeny\sinbound\s\(No\sxlate\)\s
� (\w+)\ssrc\s.+:
� ([-._\d\w]+)(?:/\d+)?\sdst\s.+:
� ([-._\d\w]+)(?:/(\d+)|\s\((.+)\))
�
� ]x) |
|
416
|
0 |
0 |
if ($action and $source and $destination and $protocol and $port) { } |
|
462
|
0 |
0 |
if ($action eq 'p') { } |
|
|
0 |
0 |
elsif ($action eq 'b') { } |
|
471
|
0 |
0 |
if ($protocol eq 'icmp') { } |
|
486
|
0 |
0 |
if ($sourcePort < 1024) |
|
487
|
0 |
0 |
if ($port > 1023) |
|
493
|
0 |
0 |
if ($sourcePort < $port) |
|
518
|
0 |
0 |
if ($protocol eq 'icmp') { } |
|
531
|
0 |
0 |
if ($logline =~ /REDIRECT/) { } |
|
545
|
0 |
0 |
if ($action == '-') |