[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Summarizing IP logging

To: iptraf-users@seul.org
Subject: Re: Summarizing IP logging
From: "Peter K. Lee" <pkl@duke.edu>
Date: 16 May 2002 11:54:12 -0400
Delivered-To: archiver@seul.org
Delivered-To: iptraf-users-outgoing@seul.org
Delivered-To: iptraf-users@seul.org
Delivery-Date: Thu, 16 May 2002 11:42:27 -0400
In-Reply-To: <20020516151641.98903.qmail@web13108.mail.yahoo.com>
References: <20020516151641.98903.qmail@web13108.mail.yahoo.com>
Reply-To: iptraf-users@seul.org
Sender: owner-iptraf-users@seul.org

You are absolutely correct, in daemonized mode, not only are the curses
libraries being called, the entire curses program IS running (you just
don't see it), which is NOT the lean-mean monitoring code that you're
envisioning.

The problem inherent with the code is that the sniffing engine and the
gui are not loosely coupled, but rather directly embedded together (and
there are actually several of these limiting the analysis as mentioned
before to several different things).  I also agree with you that this is
not the *ideal* method, but at this point, separating the two would take
some major internal restructuring to make it happen.

On the top of my head, I think the best approach to this would be to use
threading instead of forking, and creating the gui as a separate thread
that gets invoked if requested, but if not, then the sniffing engine +
logging just runs in the background.

If there's enough interest for this, I suppose I could do it, but can't
promise that it'll happen any day soon...  If anyone else is willing to
do this, take a look at AirTraf, I borrowed ncurses stuff heavily from
iptraf when layering the gui on top, but I have the engine separated
from the gui using pthreads.

-Peter

On Thu, 2002-05-16 at 11:16, Greg Fenton wrote:
> --- "Peter K. Lee" <pkl@duke.edu> wrote:
> >  
> > >  - How much work would it be to build a version of iptraf that just
> > >    supports daemon mode/command-line interface (i.e. no curses)?
> > 
> > Yes, and no.  No because its already supported and you don't need to
> > build a new version. ;)
> > 
> > below is the snippet of 'iptraf -h' command...
> > 
> 
> Yes, but looking at the code it appears that the curses libraries
> are being called even in daemon mode.  I wonder if there are any
> downsides to this (for example, size of application, complexity
> of code, possible security issues, etc...).
> 
> The "new version" I envision would strip out any unnecessary
> dependencies leaving us a lean-and-mean daemon for monitoring
> and logging network traffic.
> 
> ...but maybe I've misread the code.  I admit, I only spent
> 15 minutes or so glancing over it.
> 
> greg_fenton.
> 
> =====
> Greg Fenton
> greg_fenton@yahoo.com
> 
> __________________________________________________
> Do You Yahoo!?
> LAUNCH - Your Yahoo! Music Experience
> http://launch.yahoo.com
> 
>

References:
- Re: Summarizing IP logging
  - From: Greg Fenton <greg_fenton@yahoo.com>

Prev by Date: R: Summarizing IP logging
Next by Date: Re: Log analysis requirements
Prev by thread: Re: Summarizing IP logging
Next by thread: Re: Summarizing IP logging
Index(es):
- Date
- Thread