Configurable Keyboard Shortcuts
Are there any keyboard shortcuts in the sguil 0.7 client? (besides F1-F9)
I'm not a big mouse user, and the following features would be nice to have
Event History (Ctrl-E?) View Transcript (Ctrl-T?) Wireshark (?)
Quick Queries (Ctrl-Q to bring up the menu, and then 'e' to go to event queries, ...) This would presumably require some way to move between fields in a event/result item, to highlight the source or dst IP. maybe the arrow keys or ctrl-f would be good for that. Or the menus could be changed to allow you to choose which IP to query.
Toggle Reverse DNS (Ctrl-R?) Toggle Show Packet Toggle Show Rule
Open the context menus (right click)... MS uses the 'properties key', as well as shift-F10 for this.
Close popup windows (Escape and/or Ctrl-W?) Alt-F4 is too hard :p
F1-F8 actions with comments (Shift-Fn or Alt-Fn?)
- TAB key does nothing productive
- jump to search box (Alt-S or Ctrl-F?)
Main Window Navigation:
- PgUp/PgDn/Home/End don't do anything. :(
- Alternatives to Up/Down arrows, such as Ctrl-N or similar?
- Switch frames (between High, Medium, Low, etc) (TAB?)
- Switch Tabs (top tabs, Realtime, Escalated, etc) (Ctrl-TAB?)
Sorting results... Personally, I'm used to file managers where Ctrl-F3 sorts by name, CTRL-F5 by date, ... the ability to do that in Sguil would be nice.
Ideally, these shortcuts would be editable in sguil.conf
I did see a patch for changing some Fn shortcuts for MAC clients, but it was for 0.5.
Other UI quirks / requests
TAB key does nothing productive in transcript window.
Sometimes the event which was highlighted no longer appears highlighted when you come back to sguil from wireshark or a popup. This makes it very difficult to remember exactly which event you were looking at.
View Transcript-Force New and Wireshark-Force New don't do anything different for me on Fedora 9 (ALL the commands open a new window)
Maximize & restore the sections for High/med/low, and switch between 1 box and 3 (I know this last part is in the config file, but a hotkey for it would be nice too).
Copy event name to clipboard? (add this as an item on the context menu?)
I don't know TCL, or any UI programming for that matter, but I'd be happy to work on the config file if there's an exportable list of 'commands' and a way to map keys to them.
Trying to choose similar shortcuts as Wireshark uses might be a good idea. (not that I'm very familiar with them, atm.)
--Barrygould 05:49, 29 July 2008 (UTC)