- Logfile monitoring has been enhanced with three new features:
(1) reporting on bursts of very similar/repeated messages
(2) reporting on expected yet missing messages (e.g. heartbeat messages)
(3) reporting on correlated events (e.g. event A is followed by event B
within X seconds)
- Better caching of UIDs/GIDs to reduce lookups
- Hostnames of clients are matched case-insensitively now
where an unauthorized client could download configuration and database
files from the server.
Full changes since 2.5.2:
- email logging has been rewritten for enhanced functionality. It's
now possible to filter messages different for each recipient, and
regular expressions can be used now for filtering
- new option SetMailPort allows to set a custom SMTP port
- in the configuration file, option values can now be set by evaluating
shell commands: Key = $( command )
- PortCheckInterface now allows a list as value
- new option SetConnectionTimeout allows to configure the client/server
connection timeout
- new option SetThrottle allows to configure throughput throttling for
the database download to the client
Changes:
- On request, there is now a global option LooseDirCheck ([false]/true) to
drop reports on directories with changes of size/mtime/ctime (resulting
from changes within the directory)
- An option to improve hidden process detection from within an OpenVZ
container has been added
- Port check now reports process pid, reporting to prelude is more
complete now
- A bug has been fixed whereby for files larger than 2GB, a filesize of
exactly 2GB could be inserted into the RDBMS (if logging to one)
supports them. This is determined by running ``configure --help'' in
do-configure target and set the shell variable _LATE_CONFIGURE_ARGS
which is then passed to CONFIGURE_ARGS.
- Remove --mandir and --infodir in ports' Makefile where applicable
Few ports use REINPLACE_CMD to achieve the same effect, remove them too.
- Correct some manual pages location from PREFIX/man to MANPREFIX/man
- Define INFO_PATH where necessary
- Document that .info files are installed in a subdirectory relative to
PREFIX/INFO_PATH and slightly change add-plist-info to use INFO_PATH and
subdirectory detection.
PR: ports/111470
Approved by: portmgr
Discussed with: stas (Mk/*), gerald (info related stuffs)
Tested by: pointyhat exp run
- library version update of related ports
Changelog libprelude:
- Hook class comparison function. Accept NULL, equal, not equal operator.
- Introduce better error checking in the idmef-class API, which is now
considered public and might be used by external application. Rename
error code to reflect the API.
- Change to the way IDMEF listed element are handled. Specifying negative
number as the position of the element from the low level API now allow
to position the element at the specified (reversed) index. Using the
high level API a negative index permit to address a list of element
backward (replace an element).
- Build fixes for SWIG > 1.3.27.
- Modify idmef_value_match() so that it always unroll listed value
(do it for both val1 and val2. Remove assertion, and let
idmef_value_type_compare() return an error code in case there is an issue.
- Handle path using IDMEF_LIST_APPEND or IDMEF_LIST_PREPEND as
path using an undefined list index on idmef_path_get() call.
- Make criteria parser accept (*) list index.
- Implement comparison function for all IDMEF object.
PR: ports/104328
Submitted by: maintainer (Robin Gruyters)
Approved by: portmgr (pav)
