diff --git a/ufw.awk b/ufw.awk index 8988ec3..300ee42 100755 --- a/ufw.awk +++ b/ufw.awk @@ -12,6 +12,27 @@ # Combine it with system-log file # Give options to process only a certain number of day's log +declare port_programs=$(ss -lpntu | + awk 'BEGIN {FS=":"} NR>1&&$1!~"\\["{print $2, $4} NR>1&&$1~"\\["{print $4, $8}' | + awk '{ + print $1, + substr($3, + index($3, "\"")+1, + index($3, ",")-index($3,"\"")-2) | "sort -u"}' | + awk '{ + if (port_programs[$1]==""){ + port_programs[$1]=$2 + }else{ + port_programs[$1]=port_programs[$1]","$2 + } + } + END { + for (port in port_programs) + print port, port_programs[port] + }' +) + + LC_ALL=C cat /var/log/ufw.log | mawk ' function GetValue(currentColumnValue, stringToSearch) { if(currentColumnValue~"^"stringToSearch){ @@ -41,16 +62,17 @@ $0~/BLOCK/{ } print EVENT, IN, OUT, SRC, DST, SRCPORT, DSTPORT, PROTO -}' | sort | uniq -c | sort -rn | column -t | awk ' +}' | sort | uniq -c | sort -rn | column -t | awk -v port_programs_bash="$port_programs" ' BEGIN{ - printf ("%6s %15s %10s %10s %15s %15s %8s %8s %8s\n", "Count", "Event-Type", "IN-BOUND?", "OUT-BOUND?", "SRC-Addr", "DST-Addr", "SRC-PORT", "DST-PORT", "Protocol") - print "-------------------------------------------------------------------------------------------------------" + printf ("%6s %15s %10s %10s %15s %15s %8s %8s %8s %20s\n", "Count", "Event-Type", "IN-BOUND?", "OUT-BOUND?", "SRC-Addr", "DST-Addr", "SRC-PORT", "DST-PORT", "Protocol", "Listeners") + print "-----------------------------------------------------------------------------------------------------------------------------" + } { total+=$1 SRC_IPS[$5]+=$1 DST_IPS[$6]+=$1 - printf ("%6d %15s %10s %10s %15s %15s %8d %8d %8s\n", $1, $2, $3, $4, $5, $6, $7, $8, $9) + printf ("%6d %15s %10s %10s %15s %15s %8d %8d %8s %20s\n", $1, $2, $3, $4, $5, $6, $7, $8, $9,temp) } END { print "" @@ -75,5 +97,6 @@ $0~/BLOCK/{ print "" print "Total records parsed = "total + } ' \ No newline at end of file