apparmor_notify: group like entries together when using -v with -s. Eg:

$ sudo apparmor_notify -s 1 -v Profile: /usr/lib/firefox-3.6.3/firefox-*bin Operation: exec Name: /usr/bin/apturl Denied: ::x Logfile: /var/log/audit/audit.log Profile: /usr/sbin/ntpd Operation: open Name: /var/lib/ntp/ntp.conf.dhcp Denied: r:: Logfile: /var/log/audit/audit.log (3 total) AppArmor denials: 4 (since Wed Apr 7 22:57:56 2010) For more information, please see: https://wiki.ubuntu.com/DebuggingApparmor
2025-03-04 08:24:42 +01:00 · 2010-04-08 22:57:04 -05:00 · 2010-04-08 22:57:04 -05:00 · 0254d63fdc
commit 0254d63fdc
parent b0a9f46bb7
1 changed files with 19 additions and 1 deletions
--- a/utils/apparmor_notify
+++ b/utils/apparmor_notify
@ -428,6 +428,8 @@ sub do_notify {
 }

 sub show_since {
+    my %msg_hash;
+    my @msg_list;
    my $count = 0;
    while(my $msg = <LOGFILE>) {
        my @attrib = parse_message($msg, $_[0]);
@ -436,9 +438,25 @@ sub show_since {
        my $m = format_message(@attrib);
        $m ne "" or next;

-        $opt_v and print "$m\n";
+        if ($opt_v) {
+            if (exists($msg_hash{$m})) {
+                $msg_hash{$m}++;
+            } else {
+                $msg_hash{$m} = 1;
+                push(@msg_list, $m);
+            }
+        }
        $count++;
    }
+    if ($opt_v) {
+        foreach my $m (@msg_list) {
+            print "$m";
+            if ($msg_hash{$m} gt 1) {
+                print "($msg_hash{$m} total)\n";
+            }
+            print "\n";
+        }
+    }
    return $count;
 }