[Apparmor-dev] I coded a logprof improvement
John Johansen
jjohansen at suse.de
Wed Dec 12 23:14:34 MST 2007
On Tue, Dec 11, 2007 at 05:06:15AM -0700, adnarim wrote:
> Hi,
> I wanna show you logprofIM. It's a ruby script I coded to improve
> logprof a bit. logprof itself can read marks in the syslog with the
> -m "MARK" switch This feature (to read marks) is used afaik only with
> genprof to profile a certain app.
> I myself use logprof regulary to check for AppArmor-complaints in the
> log and possible accesss violations and to update a rule which I had set
> up to strict. What I found really annonying is that logprof always scans
> the whole syslog/messagelog for AppArmor messages and doesn't remind how
> far it read it the last time used. So it asks always the same questions
> again and again everytime you execute logprof until you delete the logfile.
> But deleting it everytime you executed logprof isn't something which is
> a good way of handling this imo and is not always wanted.
>
> So I coded a ruby-script which manages log marks for logprof. If you
> start logprofIM it reads from a file (by default saved in
> $HOME/.logprofIM/mind) which marks it has already set and gives you the
> choice to choose between them or simply to use the newest or oldest
> (or no) mark and passes it to logprof.
> After logprof finished, logprofIM will set a new mark (if you want it
> asks you first) into the syslog and also saves it in .logprofIM/mind. So
> the next time you start it you can advice logprof just to parse the
> syslog from this point.
>
> To see all features execute: logprofIM -h
>
> Any feedback is really welcome :)
>
this is a nice extension of logprof, I haven't really spent time with
the code yet but I will get to it soon. I have two questions, one
to you and one to the community in general.
What licence do you want to use for logprofIM?
The question to the community is, should this functionality be included
in logprof, or should we leave it in a separate executable. I am
inclined to say that this is a natural extension to logprof and it
would be best to if it could be included directly into logprof.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 194 bytes
Desc: not available
Url : http://forge.novell.com/pipermail/apparmor-dev/attachments/20071212/520568fc/attachment.pgp
More information about the Apparmor-dev
mailing list