ufwlog

A program to parse, format and export ufw log.

Please see here for CLI README.

Installation

cargo install ufwlog

Usage

The UfwLog struct is a parsed log record. You can use it to filter, export, etc.

fn main() -> Result<(), ufwlog::error::Error> {
    // input log path then get a vec contains UfwLog struct
    let logs: Vec<ufwlog::UfwLog> = ufwlog::Ufwlog::from_file("./ufw.log")?;
    // filter record
    let filtered = logs
        .iter()
        .filter(|log| log.event == ufwlog::LoggedEvent::Block) // only block event
        .filter(|log| log.src == "127.0.0.1") // package from 127.0.0.1
        .collect::<Vec<&ufwlog::UfwLog>>();

    // export to csv file
    let csv_exporter = ufwlog::export::csv::Exporter;
    csv_exporter.export(filtered,  &mut std::io::stdout()); // print csv content to stdout
}

See docs.rs for full API docs.

Reporting

Because reference of UFW log is too few and some difference between version, config, etc. this program may have something uncovered.

If you find any problem, just create an issue with original log.

You can de-identification original log content, but keep type. Otherwise, it will make me make mistake judgment. For example, if a new field FID=5232 changed to FID=XXXX when reporting, I will add FID as string because of X char. In this case, you can change record to FID=1234 because data type is same as origin log.

Developing

cargo fmt
cargo clippy

run test:

cargo test --workspace # all
cargo test -p ufwlog # library
cargo test -p ufwlog-cli # binary

Check workspace struct:

cargo tree --workspace

Also, you can use prek to check code/files before committing:

prek install # install pre-commit hooks
prek run # run all hooks

Library

cargo check --lib

Binary

cargo run -p ufwlog-cli -- [parameters]

You can omit the -p part because of default members setting.

LICENSE

MPL 2.0