search

azet / capirca

Fork: Multi-platform ACL generation system
https://code.google.com/p/capirca
Apache License 2.0
0 stars 0 forks source link

Missing support for logging in SRX generator #25

Closed GoogleCodeExporter closed 9 years ago

GoogleCodeExporter commented 9 years ago 
What steps will reproduce the problem?
1. Create a term in an SRX policy
2. Add "action:: log"

term permit-web-services {
  destination-address:: WEB_SERVERS
  protocol:: tcp
  destination-port:: WEB_SERVICES
  action:: accept log
}

3. Run aclgen

What is the expected output? What do you see instead?
Expected (but no output since it's not a supported action):
policy permit-web-services {
  match {
    source-address any;
    destination-address WEB_SERVERS;
    application WEB_SERVICES-app;
  }
  then {
    permit;
    log {
      session-init;
    }
  }
}

Imho, it's enough to support session-init logging but you might consider adding 
support for session-close as well...

Original issue reported on code.google.com by m...@google.com on 21 Mar 2012 at 9:29

GoogleCodeExporter commented 9 years ago

Original comment by watson@google.com on 23 Mar 2012 at 5:29

GoogleCodeExporter commented 9 years ago 
I've added support for the optional logging:: keyword.
This appears to be working now.  Let me know if you see any issues.

Original comment by watson@google.com on 23 Mar 2012 at 5:52