adding resolved hostnames to firewall DLF schema: some thoughts after having done some Lire fiddling

[Joost van Baal]

Hi,

I've been trying to enhance the iptables converter and Lire firewall
reports, to deal with resolved hostnames next to IP adresses in the DLF.

My initial idea was to convert logs to ascii-based DLF, do the resolving
in the DLF file, and feed this enhanced DLF to the rest of the Lire
processing chain.  However, this seems no longer possible: we are no
longer supporting plain ascii DLF's.  I guess I'll need to get the
iptables convertor fill the from_host and to_host fields some way.
Perhaps define an extra extended Firewall schema?

Anyway, while fiddling with this, I found some things in the code and
documentation.  The documentation stuff is just fixed by me in CVS (I
hope).

I've added one item to the BUGS list: I'd really love to see all
convertors migrated to the module-based setup (see the commit message).
I might get to it, one day...

So, I've found out the hard way that the fact that old-style dlf
convertors print ascii based DLF to stdout, does _not_ mean this output
is actually used for something.  Apparently, one can no longer fiddle
with the DLF's in an easy commandline shell-style way.  O well: guess
one can't have the best of both worlds.  I hope to be able to come up
with an extended firewall schema to do this soonish (or solve it in some
other way, I'll do some more thinking.)

Bye,

Joost

-- 
.    .                                        http://logreport.com/
| '.|                        /^LogReport$/
| Lire                                        http://logreport.org/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://lists.logreport.org/pipermail/development/attachments/20040321/a1b91cbe/attachment.bin