(no idea what "at DO" means - assuming this is standalone host running in a network you don't control, and you didn't say WHY you wanted to observe this - I'll assume its because you want to see if your service is leaking data).
While seeing what legitimate traffic exists is a starting point to securing your server, you need to be able to whitelist this traffic if you want to protect your server.
The right way to do this is to block direct egress traffic (i.e. TCP packets with state NEW leaving your host) on the firewall, and to configure a proxy (suggest squid) to log the traffic and enforce any subsequent policy.
With a single host that's slightly more tricky than on a network. And very tricky if you don't have physical access. You need to use network namespaces to contrain (or permit) NEW connections for different applications.
The problem with Wordpress is always the plugins - but any well written plugin should use the configured proxy.
Apt needs to be told to use the proxy.
For everything else, configure transparent proxying on port 80 and 443. Expect issues with anything using HTTPS.
In order to allow squid to connect out, you should replace the existing ExecStart line in the systemd unit file with a script which creates a new network namespace and removes the firewall rule.
For email, if you're not already running a local relay (e.g. postfix) either corskrew the traffic through squid or install a local MTA as a relay (which you'll also need to run in a modified netns).
I don't know if ufw is smart enough to understand multiple network namespaces running on the same host - I'd suggest just using iptables to manage the firewall.
DO BE VERY CAREFUL THAT YOU CONFIGURE YOUR PROXY/PROXIES to only allow inward connections from localhost - this can be set in the modified netns iptables and/or the configuration for the server.
Finally, the default config on squid should start logging all traffic it sees. You need to make further changes to the config to enforce a whitelist.
