Closed dreamcat4 closed 4 years ago
Oh, and same thing for 'export to CSV' feature. It did not output any of the past connections history, that was no longer being displayed by the GUI at the time.
Seconded.
BTW: I tried to achieve this via stats.
daemon/statistics/stats.go
has hardwired constants:
const (
// max number of events to keep in the buffer
maxEvents = 50
// max number of entries for each By* map
maxStats = 25
)
So when I try to save the stats into a CSV, it only saves a maximum of 50 lines.
To get a full(er) log, I tried to increase the constant to 9999, rebuild + restart the daemon and noticed that the stats ui became unresponsive (not reacting to mouse/menu clicks) so this might be more involved than just changing the maxEvents
constant.
What I really want is to enable after the fact analysis, charting etc. so messing with the stats is the wrong way to achieve this.
What is needed is an option for a full logging of events. opensnitchd -debug
option almost does that, but not quite: many of the fields of interest (see below) are missing.
IOW: feature-request: all actions logged in full detail (CSV format similar to stats, is ideal):
The list of fields that would be cool to see in a full /var/log/opensnitchd-activity.log
when the option of --logevents
is enabled are (one event per line):
DateTime PID ProcName UserID UserName SrcIP DstIP SrcPort DstPort Proto RuleName Action
@arielf speaking of unmaintained projects there is also douane however neither of these software are actually finished and both were effectively abandoned by their respective authors for many months now.
hey, try out this branch guys/girls and see if it helps: https://github.com/gustavo-iniguez-goya/opensnitch
A problem I noticed today was that I could not access the information from the 'General' pane, after it had scrolled off of the bottom of the screen. Or after the connection had closed / whichever it was.
I cannot find how to access those past connections. It's as if they are not being stored or logged to anywhere. (IDK, maybe they are, but then it's not to the default main logfile of the daemon in /var/log.opensnitch.log).
This disappointed me a great deall because I really was unable to look back at any past / previous connection. Which is a functionality I would have expected to be fairly simple to implement in a unix environment. Just to write it out / dump it to disk somewhere.
Perhaps the software is not functioning as it was intended (a bug). Or I am not using it right? Or is it that this feature was not implemented?
I noticed that on another issue you requested the user to enable debugging mode. Which was for something else. So I am hoping that is not the reason for this stuff not appearing in the main log. Because surely this type of feature is not to be considered as a debugging feature, but rather something that should either be on all the time, or else enable-able by a setting ?