|
|
|
|
|
|
|
|
 |
 |
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [FW-1] Nokia Resolution 9772
Howdy folks. If you are a Perl guru or just want to hear my Rant for 2001 Q4, read on! My case got closed (Subject: Resolution 9772 will not function (Nokia Case 77960,) but not resolved. Actually, the fix is that the resolution now/today begins with a disclaimer: This script is provided as-is for quick solutions or as examples. Some may justify further development. Nokia does not guarantee their operation and in no way assumes liability for effect as a result of their use. They are not supported. If the original author or Perl gurus want to help the user community out on this one, here is some of the relevant issues with the script known as Resolution 9772. First, I'd like to thank Dameon D. Welch-Abernathy (a.k.a. PhoneBoy) for helpfully discussing this with me, including pointing out that in his book "Some of what this script collects can actually be done from the management console itself (e.g. looking at the firewall's tables). Page 133 in my book documents several examples of this (and yes, I know the Nokia SEs either have a copy of the book already or *will* have it soon). " I'd also like to thank Jerald Josephs (CISSP, CCSE/Senior Technical Advisor - Global Support and Services/Nokia Internet Communications)for taking the time to make Nokia's official position clear: "Most of the scripts we have in our possession, which are not yet in the Knowledge Base, come from customers like you. No one at Nokia wrote them. We consider them to be thoughtful contributions, but they have not been QA'd. We collectively do not know if each script works or not or even if the script is one that we would recommend. "They are offered in an attempt to provide a working example. "It is left as an exercise to the user to determine if the script does what they think it should do. If it doesn't, the user may choose to modify the script or not use it. That's it." This makes clear that not only is Perl on IPSO unsupported, but so are any shell or perl scripts that you might download from them that are intended to perhaps be run on a non-Nokia/Checkpoint functional device, i.e., might instead be run on a dedicated machine to gather stats on or across a large distributed install base. Finally, I feel compelled to mention that whenever you single a few folks out for recognition or thanks, you always leave too many of the other folks out of the list. Thanks for answering my many questions go out to Brian Lightfoot, Jeremy Whistance, Jason McFarland (all of UM Healthcare), Jody Brazil (Fishnet Security) and the rest of the many folks I am guilty of failing to mention -- you know who you are. I don't think I can post the code since a support contract is required to get at it, but let's get on with its problems: > Here is what is known about the script Nokia provides to monitor and > report > FireWall-1 statistics: > > After localizing the relevant variables, when this is attempted to run, > it > returns the error > "Cannot find global.pm." > The perl was downloaded from Nokia's support site last year, but the > versions haven't changed: > Beagle[admin]# perl -v > > This is perl, version 5.005_02 built for i386-freebsd > > Copyright 1987-1998, Larry Wall > > Perl may be copied only under the terms of either the Artistic License > or > the > GNU General Public License, which may be found in the Perl 5.0 source > kit. > > Complete documentation for Perl, including FAQ lists, should be found on > this system using `man perl' or `perldoc perl'. If you have access to > the > Internet, point your browser at http://www.perl.com/, the Perl Home > Page. > ======================================================================== > ==== > ==== > Below are the details of this case: > > Subject: issue pertaining to perl script. > Description: > Please contact Customer at: Pager> Serial#: 8A002941789 > Support Agt+Expiry:14457 1yr Essential SS + AR(NSP1004XXX) 26.09.2002 > Fishnet Securities is the support VAR. > Model:IP440 > IPSO Version:3.3 FCS3 > FW/SP:4.1 SP3 > Hot Fixes Applied:RDP hotfix > Installation:Distributed(D)/Single(S):D > VRRP(Y/N):N > ======================================================================== > ==== > ==== > From PERL rocketscientist #1: > My big two concerns are the location of the Global and Rsh modules. > Second > is the missing log function, but that may be provided by one of these > two > missing modules. > ======================================================================== > ==== > ==== > From PERL rocketscientist #2: > I don't think the program is complete. It seems to be missing the > "log" subroutine. I already checked, and you didn't cut it off. What > you gave me is what Nokia has on their support site. I could be wrong, > but a statement like log("Starting Log"); looks like a function call > passing "Starting Log" to it. It's used throughout the program. Any > chance we can get the actual program and not the cut-and-paste version? > > There are other things I don't know about the code like what goes in > .ssh/firewalls. Some sort of identity string for ssh I think, but I'm > pretty sure I can figure it out. Too bad there's not a manual. If we > run > it on beagle, that won't be an issue. > ======================================================================== > ==== > ==== > From PERL rocketscientist #3: > Things I'd like to know or would otherwise point out that Brian did > not... > > I would like to know what CPAN modules are needed for Socket, Global, > and > RSH (I believe Socket and RSH should be simple enough to find, but have > had > difficulty finding Global. (I'm not even sure that I see RSH being used, > and > would hope it wasn't since SSH is the encrypted replacement for it). > > There is a flip-flop between the use of "log" and "&log". "log" on > it's > own is a built in command for perl to return the Natural Logarithm of > the > provided expression. This makes me assume "&log" (which calls a > subroutine > named log) was the intended use, but I find no subroutine by that name. > > What libraries are required that are accessed in /var/local/lib? > > ======================================================================== > ==== > ==== > That is all. > Regards, > Raymond Shelton > ITS Network Services > UM Health Care > umh.edu is not responsible for my mistakes. =============================================== To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ===============================================
|
||||||||||
 |
 |
 |
 |
 |
 |
 |
 |
 |
|
