Welcome! Log In Create A New Profile


Log display spam: ''Ignore [this] permanently'' context item?

Posted by Anonymous User 
Log display spamming. Request ''Ignore [this] permanently'' context item? Not allow, just ignore/stop displaying this exact activity.

Have two IANA block lists loaded, in order to keep an eye on incoming LAN activity.
Certain IPs and ports are spamming the log display in the PB window. Their traffic overwhelms this activity list pane quickly.
Do NOT want to 'ALLOW' these IPs or activities /simply because they’re spamming the log-list./

Would Love, Love, Love a context-click option _to not display_ activity of the selected ‘source/destination/protocol’ connection pairs. An exceptions list file (a’la IGNORE.P2cool smiley to record these connections to be ignored (essentially, continue blocking, just don’t display on-screen anymore. Log in log file, but do-not-display in the PB activity list/pane on-screen.

With this enhancement, the only traffic that would display on-screen would be anomalous, heretofore unseen IP/port activity, worthy of drawing our eye to PB’s activity monitoring window. Server operators can ALLOW the IP/port, IGNORE it (do nothing—have it to continue to log and display for further monitoring), or continue BLOCKing it but deem it not-display-worthy (activity investigated, want activity blocked, but no longer ·displayed· in the log window.)

Seem like an easy enough enhancement? Before sending an event line to the PB log display window, vete it past the IGNORE.P2B list. If .source. AND .destination. AND .protocol. exist in ignore.p2b file, write event to log file but skip displaying in activity window on-screen. You already have code to compare activities with .P2B lists, so the code would be familiar. Users would be under no obligation to use this feature, but extending functionality makes PB even more useful to we who use PB for active security monitoring.
Re: Log display spam: ''Ignore [this] permanently'' context item?
April 05, 2010 11:11AM
I agree, this sounds like a good idea.  It's actually currently being tracked on our Issue Tracker as Issue #174 - if you're interested in this feature, you should "Star" that issue, as we use the number of Stars an issue has as an indication of our users' interest in something when we're prioritizing what to work on next.  No promises of course, but we do generally try to work on things that people care about.

Thanks for the nice writeup about this suggestion,

        ---  Mark  ---

Edit: Fixed url linking mistake.

Lead developer of PeerBlock

Edited 2 time(s). Last edit at 04/06/2010 11:00AM by MarkSide.
Sorry, only registered users may post in this forum.

Click here to login