Changelog prelude-manager-0.9.10:
- Make threshold act like a real threshold: pass every Nth events
in the defined amount of seconds.
- Allow mixing Limit and Threshold.
- Do not share the tresholding hash accross thresholding plugin instance:
previously, the shared hash would result in strange thresholding plugin
behavior if you had several instance of thresholding loaded.
- Various bug fixes concerning plugin instance un-subscribtion
(unsubscribtion of certain plugin was not triggered).
PR: ports/117416
Submitted by: maintainer (Robin Gruyters)
- Fix error when changing ownership of spool directory
Changelog prelude-manager 0.9.9:
- Update configuration template, add documentation for Prelude
generic TCP options.
- Implement modified patch from Pierre Chifflier <chifflier@inl.fr>
to fix the example log path (fix#224).
- Move IDMEF message normalization in the scheduler, rather than
doing it upon reception. This remove some load from the server
and allow Prelude-Manager own IDMEF messages to go through the
normalizer path.
- Implement heartbeat->analyzer normalization.
- Improve IPv4 / IPv6 address normalization.
IPv4 mapped IPv6 addresses are now mapped back to IPv4.
Additionally, the Normalize plugin now provide two additionals option:
ipv6-only: Map any incoming IPv4 address to IPv6.
keep-ipv4-mapped-ipv6: do not map IPv4 mapped IPv6 addresses back to
IPv4.
- Make a difference between exceptional report plugin failure (example:
a single message couldn't be processed) and "global" plugin failure
(example: database server is down). We use a different failover for
'exceptional' failure, so that we don't try to reinsert a bogus message
(fix#247).
- Start of a Prelude-Manager manpages (#236).
- Various bug fixes.
PR: ports/115233
Submitted by: maintainer (Robin Gruyters)
- Added user prelude with uid/gid 281
prelude-manager Changelog:
- Initial implementation of the 'thresholding' plugin, allowing you to
suppress events after a certain limit/threshold.
- Filters hooking to a reporting plugin are now OR'ed instead of being
AND'ed. AND is already possible by hooking filtering plugin one with
another.
- Improved error reporting.
- Minor bug fixes.
PR: 112416
Submitted by: Robin Gruyters <r.gruyters@yirdis.nl> (maintainer)
Changelog prelude-manager-0.9.7:
- Fix a startup problem on system with different address of different family
mapping to the same IP.
- Fix for system using the GnuLib poll replacement modules. The module was
broken when used in conjunction with server socket.
- Various portability fixes (this release should compile and run on OSX out
of the box).
PR: ports/107010
Submitted by: Robin Gruyters <r.gruyters@yirdis.nl> (maintainer)
Changelog prelude-manager-0.9.6:
- In case an IDMEF-Service object contain neither name or port
attribute, set name to "unknown" in order to avoid IDMEF DTD
validation issue.
- Normalize analyzer(*).node.
- Fix OpenBSD getaddrinfo() problem.
PR: ports/102593
Submitted by: maintainer (Robin Gruyters)
- Database support options moved to separate security/libpreludedb port,
which is has been added as dependency
- The port now uses GnuTLS instead of OpenSSL (indirectly, via libprelude
dependency)
- Convert to USE_AUTOTOOLS
Submitted by: Clement Laforet <sheepkiller@cultdeadsheep.org>
Add prelude-manager 0.8.7, System central logging point of prelude Network
Intrusion Detection.
prelude-manager : the manager is the central logging point. It receives
alerts from sensors and logs them using one or several plugins (the default
logging being to a text file, but logging to a database is also possible -
and recommended).
