Log parsing utils in contrib/reverse-dns

contrib/reverse-dns/README

@@ -0,0 +1,18 @@
+Hi.
+
+To translate my routers netstat-nat output into names that actually talk
+to me I have started writing to simple shell scripts. They require 
+
+log-queries
+log-facility=/var/log/dnsmasq.log
+
+to be set. With
+
+netstat-nat -n -4 | reverse_replace.sh 
+
+I get retranslated output.
+
+Sincerely,
+Joachim
+
+

contrib/reverse-dns/reverse_dns.sh

@@ -0,0 +1,29 @@
+#!/bin/bash
+# $Id: reverse_dns.sh 4 2015-02-17 20:14:59Z jo $
+#
+# Usage: reverse_dns.sh IP
+# Uses the dnsmasq query log to lookup the name 
+# that was last queried to return the given IP.
+#
+
+IP=$1
+qmIP=`echo $IP | sed 's#\.#\\.#g'`
+LOG=/var/log/dnsmasq.log
+
+IP_regex='^[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}$'
+
+if ! [[ $IP =~ $IP_regex ]]; then
+  echo -n $IP
+  exit
+fi
+
+NAME=`tac $LOG | \
+  grep " is $IP" | head -1 | \
+  sed "s#.* \([^ ]*\) is $qmIP.*#\1#" `
+
+if [ -z "$NAME" ]; then
+  echo -n $IP
+else
+  echo -n $NAME
+fi
+

contrib/reverse-dns/reverse_replace.sh

@@ -0,0 +1,28 @@
+#!/bin/bash
+# $Id: reverse_replace.sh 4 2015-02-17 20:14:59Z jo $
+#
+# Usage e.g.: netstat -n -4 | reverse_replace.sh 
+# Parses stdin for IP4 addresses and replaces them 
+# with names retrieved by reverse_dns.sh
+#
+
+DIR=$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )
+DNS=$DIR/reverse_dns.sh
+
+# sed regex
+IP_regex='[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}'
+
+while read LINE; do
+  if grep --quiet $IP_regex <<< "$LINE"; then
+    IPs=`sed "s#.*\b\($IP_regex\)\b.*#\1 #g" <<< "$LINE"`
+    IPs=($IPs)
+    for IP in "${IPs[@]}"
+    do
+      NAME=`$DNS $IP`
+      # echo "$NAME is $IP";
+      LINE="${LINE/$IP/$NAME}" 
+    done
+  fi
+  echo $LINE
+done < /dev/stdin
+