We have several user subnets that we want to start securing but no one knows all the ports and such that are currently in use. We dont have the time to open everthing up one by one over the next month or so. We have put a permit any any log and have started logging all the connections and such.
Is there a utility or an easy way to condense all this connection information in the syslogs and build an ACL from it?