drop ufw log · parse rule changes + deny/allow stats · runs locally
BLOCK/ALLOW kernel lines · status table · iptables-style rules · multi-file merge
heuristic screener · log rotation gaps note truncated timelines · parses artifacts locally · not definitive proof