# -*-text-*- wflogs unified TODO ==================== (lines are sorted by order of decreasing priority) There are still many other things to do, most of them being disseminated in the code, marked with @@[0-9]. 0 is the lowest priority, 9 is the highest. This mark is often preceded with a few letters, standing for the name of the person who could prioritarily be interested in solving it. RV: me (Hervé Eychenne) ALL: potentially everyone MV: Mickael Vera (a friend of mine) Generic stuff ------------- To do: - implement config file mecanism - implement support for "last message repeated" (syslog) - maybe consider sorting by default - see what is stored into chain and branch, and harmonize input modules - harmonize names between output module options and filter and sort criterias - document return codes in manpage - enable to colorize lines acoording to filter rules - snort input module should parse alert files (and non syslog ones) directly - add a config option to human, text, and html output modules, enabling not to output unique caracteristics for each line, but write them only once in the beginning - handle i18n seriously - maybe support for compressed files? (but zcat file.gz | wflogs ... - would do the job) - add a check() method to each input module - add timeout on whois and DNS requests - implement non-regression tests (dejagnu?) - GUI in Qt - filter expressions: - implement things like port = sport || dport - expression optimizer - implement disk cache - XML input module (output module is already available) To do, but not show stoppers: - now that there is an ipfilter module, check that wallfire compiles under *BSD! logs library ------------ To do: To do, but not show stoppers: wflogs ------ To do: To do, but not show stoppers: - debug option is not functionnal (is it really useful?) Input modules ------------- To do: To do, but not show stoppers: - ipfilter: check if MAC addr is part of the logs. If yes, parse it. Output module ------------- To do: To do, but not show stoppers: - html: hilight certain lines according to a configuration file - ipfilter: check if MAC addr is part of the logs. If yes, display it. Debian packaging ---------------- To do: - do a libwflogs package with logs/ directory (depending on libwfconvert) To do, but not show stoppers: Redhat packaging ---------------- Do it, please! (I won't)