jas-/.bashrc

## .bashrc
# Default path of UFW parser
parse_ufw=/path/to/parse-ufw.awk

# Default path of UFW log
log_ufw=/var/log/ufw.log


# Function for filtering outbound comms
function ufw_out
{
  for host in $(awk -f ${parse_ufw} ${log_ufw} | awk '$4 == "OUT" && $7 !~ /^192|^127/{print $7}' | sort -u); do
    lookup=( $(host ${host} 2>/dev/null | tr ' ' '^') )
    [[ "${lookup[@]}" =~ NXDOMAIN ]] &&
      result=" - Lookup failed" ||
      result="$(echo "${lookup[@]}" | tr '^' ' ' | awk '{print $5}')"
    echo "${host} ${result}"
  done
}

# Function for filtering inbound comms
function ufw_in
{
  for host in $(awk -f ${parse_ufw} ${log_ufw} | awk '$4 == "IN" && $9 !~ /^192|^127/{print $9}' | sort -u); do
    lookup=( $(host ${host} 2>/dev/null | tr ' ' '^') )
    [[ "${lookup[@]}" =~ NXDOMAIN ]] &&
      result=" - Lookup failed" ||
      result="$(echo "${lookup[@]}" | tr '^' ' ' | awk '{print $5}')"
    echo "${host} ${result}"
  done
}

## parse-ufw.awk
#!/usr/bin/env awk

{
  total=match($0, /^([A-Za-z]+).*([0-9]?[0-9]+) ([0-9]+:[0-9]+:[0-9]+).*\[UFW (.*)\].*(IN|OUT=[a-z0-9]+).*SRC=([0-9]+\.[0-9]+\.[0-9]+\.[0-9]+).*DST=([0-9]+\.[0-9]+\.[0-9]+\.[0-9]+).*PROTO=([A-Z]+).*SPT=([0-9]+).*DPT=([0-9]+).*$/, obj)
  if (total > 0){
    gsub(/ /, "_", obj[4])
    split(obj[5], tobj, "=")
    obj[5] = (tobj[1] != "") ? tobj[1] : tobj[2]
    printf("%s %s %s %s %s %s %s %s %s %s\n", obj[1], obj[2], obj[3], obj[5], obj[8], obj[4], obj[7], obj[10], obj[6], obj[9])
  }
}
	# Default path of UFW parser
	parse_ufw=/path/to/parse-ufw.awk

	# Default path of UFW log
	log_ufw=/var/log/ufw.log


	# Function for filtering outbound comms
	function ufw_out
	{
	for host in $(awk -f ${parse_ufw} ${log_ufw} \| awk '$4 == "OUT" && $7 !~ /^192\|^127/{print $7}' \| sort -u); do
	lookup=( $(host ${host} 2>/dev/null \| tr ' ' '^') )
	[[ "${lookup[@]}" =~ NXDOMAIN ]] &&
	result=" - Lookup failed" \|\|
	result="$(echo "${lookup[@]}" \| tr '^' ' ' \| awk '{print $5}')"
	echo "${host} ${result}"
	done
	}

	# Function for filtering inbound comms
	function ufw_in
	{
	for host in $(awk -f ${parse_ufw} ${log_ufw} \| awk '$4 == "IN" && $9 !~ /^192\|^127/{print $9}' \| sort -u); do
	lookup=( $(host ${host} 2>/dev/null \| tr ' ' '^') )
	[[ "${lookup[@]}" =~ NXDOMAIN ]] &&
	result=" - Lookup failed" \|\|
	result="$(echo "${lookup[@]}" \| tr '^' ' ' \| awk '{print $5}')"
	echo "${host} ${result}"
	done
	}
	#!/usr/bin/env awk

	{
	total=match($0, /^([A-Za-z]+).([0-9]?[0-9]+) ([0-9]+:[0-9]+:[0-9]+).\[UFW (.)\].(IN\|OUT=[a-z0-9]+).SRC=([0-9]+\.[0-9]+\.[0-9]+\.[0-9]+).DST=([0-9]+\.[0-9]+\.[0-9]+\.[0-9]+).PROTO=([A-Z]+).SPT=([0-9]+).DPT=([0-9]+).$/, obj)
	if (total > 0){
	gsub(/ /, "_", obj[4])
	split(obj[5], tobj, "=")
	obj[5] = (tobj[1] != "") ? tobj[1] : tobj[2]
	printf("%s %s %s %s %s %s %s %s %s %s\n", obj[1], obj[2], obj[3], obj[5], obj[8], obj[4], obj[7], obj[10], obj[6], obj[9])
	}
	}