Log parsing utils in contrib/reverse-dns

3 files changed, 75 insertions, 0 deletions

diff --git a/contrib/reverse-dns/README b/contrib/reverse-dns/README
new file mode 100644
index 0000000..f87eb77
--- /dev/null
+++ b/contrib/reverse-dns/README
@@ -0,0 +1,18 @@
+Hi.

+

+To translate my routers netstat-nat output into names that actually talk

+to me I have started writing to simple shell scripts. They require 

+

+log-queries

+log-facility=/var/log/dnsmasq.log

+

+to be set. With

+

+netstat-nat -n -4 | reverse_replace.sh 

+

+I get retranslated output.

+

+Sincerely,

+Joachim

+

+

diff --git a/contrib/reverse-dns/reverse_dns.sh b/contrib/reverse-dns/reverse_dns.sh
new file mode 100644
index 0000000..c0fff30
--- /dev/null
+++ b/contrib/reverse-dns/reverse_dns.sh
@@ -0,0 +1,29 @@
+#!/bin/bash
+# $Id: reverse_dns.sh 4 2015-02-17 20:14:59Z jo $
+#
+# Usage: reverse_dns.sh IP
+# Uses the dnsmasq query log to lookup the name 
+# that was last queried to return the given IP.
+#
+
+IP=$1
+qmIP=`echo $IP | sed 's#\.#\\.#g'`
+LOG=/var/log/dnsmasq.log
+
+IP_regex='^[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}$'
+
+if ! [[ $IP =~ $IP_regex ]]; then
+  echo -n $IP
+  exit
+fi
+
+NAME=`tac $LOG | \
+  grep " is $IP" | head -1 | \
+  sed "s#.* \([^ ]*\) is $qmIP.*#\1#" `
+
+if [ -z "$NAME" ]; then
+  echo -n $IP
+else
+  echo -n $NAME
+fi
+
diff --git a/contrib/reverse-dns/reverse_replace.sh b/contrib/reverse-dns/reverse_replace.sh
new file mode 100644
index 0000000..a11c164
--- /dev/null
+++ b/contrib/reverse-dns/reverse_replace.sh
@@ -0,0 +1,28 @@
+#!/bin/bash
+# $Id: reverse_replace.sh 4 2015-02-17 20:14:59Z jo $
+#
+# Usage e.g.: netstat -n -4 | reverse_replace.sh 
+# Parses stdin for IP4 addresses and replaces them 
+# with names retrieved by reverse_dns.sh
+#
+
+DIR=$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )
+DNS=$DIR/reverse_dns.sh
+
+# sed regex
+IP_regex='[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}'
+
+while read LINE; do
+  if grep --quiet $IP_regex <<< "$LINE"; then
+    IPs=`sed "s#.*\b\($IP_regex\)\b.*#\1 #g" <<< "$LINE"`
+    IPs=($IPs)
+    for IP in "${IPs[@]}"
+    do
+      NAME=`$DNS $IP`
+      # echo "$NAME is $IP";
+      LINE="${LINE/$IP/$NAME}" 
+    done
+  fi
+  echo $LINE
+done < /dev/stdin
+