[rsbac] gtkila: Log Analyzer for RSBAC, 1st pre-version
Amon Ott
ao at rsbac.org
Mon Apr 4 09:43:23 CEST 2005
On Freitag 01 April 2005 12:51, Jonas Weismueller wrote:
> I have developed the gtkila (GPL) log analyzer for RSBAC as a
project
> part of my study. It is written in C and gtk+ (plus interfaces are
> generated by Glade/libglade).
> It has been my first project bigger than, reading two numbers of
> stdin, add them and print them on stdout ;)
> Personallay, I have learned a lot and preogress will be going on.
>
> You can download gtkila from the SVN repository:
>
http://svn.rsbac.mprivacy-update.de/viewsvn.php?project=rsbac&path=/ila/gtkila/
> svn://rsbac.mprivacy-update.de/rsbac/ila/gtkila
I strongly encourage everyone to test this log analyser. We really
need a way to efficiently review what happened on a secured system.
> Feedback
> ----------------
> Features:
> - Open a RSBAC log file for analysis
> - Watch a log file in real time (default /var/log/syslog), you can
> change this part in the settings, wherever you defined RSBAC to log
> - right-click context menu for a real time log table to display the
> File/ Dir settings of a file/dir
> - Search and sort function for a log table
>
> Not working at the moment is:
> - the regular expression search and of course some more or less bugs
> - Open a logging File crashes with too huge files (fix is in
progress)
> - Show File/ Dir settings works for FD objects only
I have added a project to the RSBAC bugtracker at
http://bugtracker.rsbac.org
(https://ssl.kundenserver.de/bugtracker.rsbac.org) with MrRagga as
developer. Please also use the bugtracker, it can speed up
development and debugging enormously.
> Questionnaire
> ------------------------
> INSTALLATION:
> Any installation problems?
Before being able to compile, I had to install some -dev packages,
e.g. libgtk2.0-dev. Otherwise the latest code compiled and started
fine.
> Suggestions to improve the installation?
There should be some more info in INSTALL and/or README regarding what
rights are needed to run the program. In most cases the predefined
"Auditor" role should be sufficient. To lookup attribute values, you
need more.
> LOGGING - Open File:
> Do you think this feature is usefull in daily administration work
> unsing RSBAC?
Yes, once it is completely stable, we will most likely use it for
analysis of customer server logs.
> What features are missing?
This can also be added to the bugtracker, severity "feature".
> LOGGING - Real Time:
> What dou you think about the Real Time Logging facility and the
option
> to show the File/ Dir settings of a certain program?
Very useful to see what is going on. Interactive attribute checking is
a big plus in design and should be extended e.g. to see current role
or a process etc.
> Agreement:
> -------------------
> Do you agree, that your comments will be published as a part of a
> documentation (Answer: yes or no)
Yes.
> Publish your name/email address? (Answer: name only, email only,
both,
> nothing)
Name and Mail are fine. Some spam protection before going online,
please.
> It would be great to have some feedback before sunday night.
Sorry for being late. :)
Amon.
--
http://www.rsbac.org - GnuPG: 2048g/5DEAAA30 2002-10-22
More information about the rsbac
mailing list