Display source port listener programs

2019-04-23 20:01:33 +05:30
parent 36bc35ace9
commit b2e4cb2548
1 changed files with 76 additions and 59 deletions
--- a/ufw.awk
+++ b/ufw.awk
@@ -11,6 +11,11 @@
 # Display the GEO-location for source & destination IP
 # Combine it with system-log file
 # Give options to process only a certain number of day's log
+# Check if mawk is available -> if yes, use that
+
+# Since changing language improves performance
+LC_ALL=C 
+

 declare port_programs=$(ss -lpntu | 
    awk 'BEGIN {FS=":"} 
@@ -38,7 +43,12 @@ declare port_programs=$(ss -lpntu |
                print port, port_programs[port]
    }')

-LC_ALL=C cat /var/log/ufw.log | mawk '
+function getProgramName() {
+    echo port_programs | grep $1
+}
+
+cat /var/log/ufw.log | 
+    mawk '
        function GetValue(currentColumnValue, stringToSearch) {
            if(currentColumnValue~"^"stringToSearch){
                sub(stringToSearch"=", "", currentColumnValue)
@@ -67,21 +77,29 @@ $0~/BLOCK/{
            }
            
            print EVENT, IN, OUT, SRC, DST, SRCPORT, DSTPORT, PROTO
-}' | sort | uniq -c | sort -rn | column -t | awk -v port_programs_bash="$port_programs" '
+    }' | 
+    sort | uniq -c | sort -rn | column -t | 
+    awk -v port_programs_bash="$port_programs" '
        BEGIN{
-        printf ("%6s %15s %10s %10s %15s %15s %8s %8s %8s %20s\n", "Count", "Event-Type", "IN-BOUND?", "OUT-BOUND?", "SRC-Addr", "DST-Addr", "SRC-PORT", "DST-PORT", "Protocol", "Listeners")
+            printf ("%6s %15s %10s %10s %15s %15s %8s %8s %8s %20s\n", "Count", "Event-Type", "IN-BOUND?", "OUT-BOUND?", "SRC-Addr", "DST-Addr", "SRC-PORT", "DST-PORT", "Protocol", "Port-Listeners")
            print "-----------------------------------------------------------------------------------------------------------------------------"

+            #Deserialize the port_programs_bash
+            split(port_programs_bash, temp)
+            for (i=2;i<=length(temp);i+=2) {
+                port_programs[temp[i-1]]=temp[i]
+            }
+            i=0
        }
            {
            total+=$1
            SRC_IPS[$5]+=$1
            DST_IPS[$6]+=$1
-        printf ("%6d %15s %10s %10s %15s %15s %8d %8d %8s %20s\n", $1, $2, $3, $4, $5, $6, $7, $8, $9,temp)
+            printf ("%6d %15s %10s %10s %15s %15s %8d %8d %8s %20s\n", $1, $2, $3, $4, $5, $6, $7, $8, $9,port_programs[$7])
        }
        END	{
            print ""
-        print "Top 5 most blocked Destination IPs"
+            print "Top-5 Most-blocked Destination-IPs"
            print "-----","-----", "-----", "-----", "-----", "-----"
            printf ("%16s\t%5s \n", "IP", "Count")

@@ -92,7 +110,7 @@ $0~/BLOCK/{
            }

            print " "
-        print "Top 5 most blocked Source IPs"
+            print "Top-5 Most-blocked Source-IPs"
            print "-----","-----", "-----", "-----", "-----"
            printf ("%16s\t%5s \n", "IP", "Count")
            for (IP in SRC_IPS){
@@ -102,6 +120,5 @@ $0~/BLOCK/{

            print ""
            print "Total records parsed = "total
-
        }
 '