# -*-text-*-

wflogs unified TODO
====================

(lines are sorted by order of decreasing priority)
There are still many other things to do, most of them being disseminated in
the code, marked with @@[0-9].
0 is the lowest priority, 9 is the highest.
This mark is often preceded with a few letters, standing for the name of the
person who could prioritarily be interested in solving it.
RV: me (Herv Eychenne)
ALL: potentially everyone
MV: Mickael Vera (a friend of mine)


Generic stuff
-------------
To do:
- implement config file mecanism
- implement support for "last message repeated" (syslog)
- maybe consider sorting by default
- see what is stored into chain and branch, and harmonize input modules
- harmonize names between output module options and filter and sort criterias
- document return codes in manpage
- enable to colorize lines acoording to filter rules
- snort input module should parse alert files (and non syslog ones) directly
- add a config option to human, text, and html output modules, enabling not
  to output unique caracteristics for each line, but write them only once in
  the beginning
- handle i18n seriously
- maybe support for compressed files? (but zcat file.gz | wflogs ... -
  would do the job)
- add a check() method to each input module
- add timeout on whois and DNS requests
- GUI in Qt
- filter expressions:
  - implement things like port = sport || dport
  - expression optimizer
- implement disk cache
- XML input module (output module is already available)
To do, but not show stoppers:
- now that there is an ipfilter module, check that wallfire compiles under
  *BSD!


logs library
------------
To do:
To do, but not show stoppers:


wflogs
------
To do:
To do, but not show stoppers:
- debug option is not functionnal (is it really useful?)


Input modules
-------------
To do:
To do, but not show stoppers:
- ipfilter: check if MAC addr is part of the logs. If yes, parse it.

Output module
-------------
To do:
To do, but not show stoppers:
- html: hilight certain lines according to a configuration file
- ipfilter: check if MAC addr is part of the logs. If yes, display it.


Debian packaging
----------------
To do:
- do a libwflogs package with logs/ directory (depending on libwfconvert)
To do, but not show stoppers:

Redhat packaging
----------------
Do it, please! (I won't)
