jonbirge
commented
2 months ago I think this may require completely redoing how the logs are handled, so that the number of columns can be completely different based on the type of log. We'll then have to use semantic handling of the log header (or meta data) to determine how to process the data. While doing this, it would probably make sense to finally have the entire table stored locally rather than recreating the extra columns and data on the fly whenever a change (like sorting) occurs. This means having an internal table model that is updated (instead of the DOM directly being updated) and then having a routine that takes the internal table model and updates the page DOM, attempting to minimize the appearance of changes. This would at least be better separation of concerns and multiple people could work on each part in parallel. In other words, this is a way low priority and only worth doing if anybody else starts caring about this project.
It would be helpful to see the host name from the http request when deciding if something is malicious or not.