pratik/ufw-log-scan
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Added portnames to bash variable

Browse Source
This commit is contained in:
Pratik
2019-04-22 21:17:35 +05:30
parent 783bdedf55
commit db7a6820af
1 changed files with 27 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

31
ufw.awk
View File

@@ -12,6 +12,27 @@
# Combine it with system-log file
# Give options to process only a certain number of day's log
declare port_programs=$(ss -lpntu |
awk 'BEGIN {FS=":"} NR>1&&$1!~"\\["{print $2, $4} NR>1&&$1~"\\["{print $4, $8}' |
awk '{
print $1,
substr($3,
index($3, "\"")+1,
index($3, ",")-index($3,"\"")-2) | "sort -u"}' |
awk '{
if (port_programs[$1]==""){
port_programs[$1]=$2
}else{
port_programs[$1]=port_programs[$1]","$2
}
}
END {
for (port in port_programs)
print port, port_programs[port]
}'
)
LC_ALL=C cat /var/log/ufw.log | mawk '
function GetValue(currentColumnValue, stringToSearch) {
if(currentColumnValue~"^"stringToSearch){
@@ -41,16 +62,17 @@ $0~/BLOCK/{
}
print EVENT, IN, OUT, SRC, DST, SRCPORT, DSTPORT, PROTO
}' | sort | uniq -c | sort -rn | column -t | awk '
}' | sort | uniq -c | sort -rn | column -t | awk -v port_programs_bash="$port_programs" '
BEGIN{
printf ("%6s %15s %10s %10s %15s %15s %8s %8s %8s\n", "Count", "Event-Type", "IN-BOUND?", "OUT-BOUND?", "SRC-Addr", "DST-Addr", "SRC-PORT", "DST-PORT", "Protocol")
print "-------------------------------------------------------------------------------------------------------"
printf ("%6s %15s %10s %10s %15s %15s %8s %8s %8s %20s\n", "Count", "Event-Type", "IN-BOUND?", "OUT-BOUND?", "SRC-Addr", "DST-Addr", "SRC-PORT", "DST-PORT", "Protocol", "Listeners")
print "-----------------------------------------------------------------------------------------------------------------------------"
}
{
total+=$1
SRC_IPS[$5]+=$1
DST_IPS[$6]+=$1
printf ("%6d %15s %10s %10s %15s %15s %8d %8d %8s\n", $1, $2, $3, $4, $5, $6, $7, $8, $9)
printf ("%6d %15s %10s %10s %15s %15s %8d %8d %8s %20s\n", $1, $2, $3, $4, $5, $6, $7, $8, $9,temp)
}
END {
print ""
@@ -75,5 +97,6 @@ $0~/BLOCK/{
print ""
print "Total records parsed = "total
}
'