Provide an option to send Block Log entries in realtime to a syslog server

Edit Subject

Hi Eric,

When you say syslog server, do you mean local syslog or a server elsewhere? If it's a server elsewhere, who would run it? What log analysis tools do you have in mind?

1. Arbitrary. 127.0.0.1 for a server running on the same machine, or another address on the same LAN. If you implement TLS [RFC 5425], it could be anywhere.
2. Doesn't matter. Maybe a university student doing a research project.
3. Something like Splunk [www.splunk.com].

Now, imagine this feature being available in the Mobile product.

I see. So this is like standardized GhostRank with a configurable destination.

Hi Eric, thanks for posting this idea.

I'm not sure of the utility of this function for an average user? An advanced user may take Ghostery and modify the existing Ghostery destination URL to have the GhostRank data available to them, but for other users? (Coincidentally, there are at least 2 github projects doing this by kamburov and bhyde). Could you explain what you are trying to do so I could understand more clearly the purpose and usefulness for general public?

This differs from GhostRank in that it would be a live data feed, not a periodic summary. It's driven by a desire for interoperability, not a specific end result. What it's actually useful for might not even have been invented yet. Providing a standards-compliant outlet makes the information available without having to modify the Ghostery code base (and dealing with the licensing issues that entails).

There are a lot of hardware products that have interfaces the "average user" may never use, such as S/PDIF (or even HDMI) jacks on consumer HDTV receivers, or OBD-II diagnostic connectors on modern automobiles. Today, they might not care. Tomorrow, they may come home with a Blu-ray player or a CarMD device, and want to hook it up. There's no reason software can't be viewed the same way.

Let me remind you of a previous request that's somewhat related:

• http://getsatisfaction.com/ghostery/t...

Based on this, I'm going to propose three refinements:

1. Messages should be consistently formatted across Ghostery products to simplify parsing;
2. There should be a choice of logging "blocked items only" or "everything." The latter would include elements that are detected but not blocked (substituting the word "Detected" for "Blocked" in the first five message types enumerated above);
3. There should be a "Test" command (menu item and/or pushbutton) that would log a distinctive message. It could be used to verify the syslog settings were configured as desired (much as one might send a "test page" to a printer), but it's also a way to manually insert a delimiter.

Don't overthink this; it's intended to require a minimal amount of additional logic. (The technical questions are related to whether this can be implemented using nsISocketTransportService.)

If you have a warped sense of humor, and some "maker" skills, mod one of these to be computer-controlled:

• http://www.amazon.com/dp/B000LS1B3G

(There are better deals to be found elsewhere; I'm just citing Amazon because they provide a stable URL)

Then you implement a minimal syslog server that doesn't log anything; it just looks for Blocked messages for selected web bugs, and triggers the toy whenever it finds one.