blacknon
Lookback command like viddy
Hello,
I really like hwatch. One major missing feature for me is a native loopback command, like the one I have in Viddy with viddy --lookback /tmp/.tmpx5zOXc/backup.sqlite
Regards,
Thank you Issue.
I don't fully understand Viddy's functions, but I understand that it probably refers to the function of logging and reviewing later. Currently, the following functions are available, so I think you can achieve what you want by using either of them.
- Use
--logfile <logfile>option- Logs are recorded in the specified PATH in json format.
- You can start hwatch again from the recorded log and continue from where you left off.
- Use
--aftercommand <after_command>option- The execution result is stored in the
${HWATCH_DATA}environment variable in json format, and the specified command can be executed. By using this environment variable in the script to be executed, you can record in any format, such as DB or text.
- The execution result is stored in the
If you have a different use case in mind, please comment again.
I don't fully understand Viddy's functions, but I understand that it probably refers to the function of logging and reviewing later.
Yes, exactly. In production, when upgrading or performing CyberSec tasks, it's great to have log files. This way, you can write postmortems or provide an exact timeline of when an action occurred using these files many days/weeks later. It would be great to have an option to enable auto-logging, similar to what Viddy does by default.
watch ping 1.1.1.1 -c 1
When you exit you automatically get
Backup saved at /tmp/.tmp9zXDIk/backup.sqlite
Run `viddy --lookback /tmp/.tmp9zXDIk/backup.sqlite` to load backup
Also, if I understand correctly, the --logfile option is not a log viewer. It allows you to start logging from a certain point. In the use case of looking back, I don't want to add any more logs; I just want to view what I've already done.
Thank you, Maybe I understand.
I think it would be good if there was a function to simply view the log specified with --logfile.
I will consider whether to implement another option in addition to the --logfile option, or to make it exclusive by adding the --logview option, etc.
It is probably a simple feature, so I think it can be implemented in the next version.
Yeah exactly I think it make sense to get both feature :)
Do you want me to open a new ticket to enable auto logging like viddy does as I mentionned in my previous comment ?
Thanks for your quick answer !
Thanks for reply.
Do you want me to open a new ticket to enable auto logging like viddy does as I mentionned in my previous comment ?
Yes, it might be better to create a separate issue for the automatic logging function. However, implementing that might be difficult.
The reason is that in hwatch, settings are added as options to the $HWATCH environment variable, and there is no configuration file.
To automatically obtain logs, it is assumed that you write something like export HWATCH=-l /path/to/dir/$(date +%Y%m%d_%H%M%S)_hwatch.log in your shell rc file, or specify it with an alias.
For this reason, if you want to implement this, you will need to consider creating a configuration file separately.
To automatically obtain logs, it is assumed that you write something like export HWATCH=-l /path/to/dir/$(date +%Y%m%d_%H%M%S)_hwatch.log in your shell rc file, or specify it with an alias.
Not at all in my use case, I'm just asking for autosaving like Viddy does. As you can see, it just creates a random directory inside tmp (using this crate: tempfile) and puts the lockback file there. Also, Viddy only allows you to disable the autosave file (as it's turned on by default). But yes, if you want to add more options, it will be much more complex than having a boolean flag.