- In case an IDMEF-Service object contain neither name or port
attribute, set name to "unknown" in order to avoid IDMEF DTD
validation issue.
- Normalize analyzer(*).node.
PKG_SYSCONFDIR: 1) prelude-manager and 2) prelude (install by libprelude).
Consequently, PKG_SYSCONFSUBDIR can't be set to prelude-manager.
Corrected and PKGREVISION bumped.
- Enable write notification on queued write (Fix reverse relaying).
- Fix IDMEF message scheduler warning when plugin failover is enabled.
- Fix reverse relaying on some architecture due to thread safety
issue.
- Server scalability improvement in case of message burst.
- Start work on a normalization plugin. Very simple for now, mostly
sanitize IDMEF Address and IDMEF Service classes.
- When an analyzer have read and write permission to prelude-manager,
avoid acting as an echo server, don't send received message from this
analyzer to itself.
- When no listen address is specified, try to bind all
system address (both ipv4/ipv6).
- Send an alert to the peer on handshake failure, so that
the peer have some information on what happened.
- Consistency work accross all plugin logfile option.
- Various bug fixes and improvements.
- Only send TLS alert if there is one queued, fix a possible crash.
- Emit warning if prelude-failover problem arise.
- Improve error handling.
- Improve db plugin log option, "-" now mean stdout.
- Various bug fixes.
- prelude-manager has been updated to check the loaded revocation
list, if available. This was needed since the recent prelude-adduser
addition allowing to create analyzer revocation list.
- Remove line size limitation on specified IDMEF-criteria.
- Remove all ancillary groups as well as setgid-ing.
- Fix idmef-criteria-filter option conflict.
- Fix a possible crash if no listen address is specified, but a
reverse relay is used.
- Much better error reporting.
Prelude-Manager is a high availability server that accepts secured
connections from distributed sensors or other managers and saves
received events to a media specified by the user (database, logfile,
mail, etc).
sensors, managers, and a display console. This
is the manager. The Manager (there can be several
in an IDS network) accepts secured connections
from sensors and saves the alerts that Sensors
emit. This package installs the manager so that
mySql is used for alert storage.
This is one of several new Prelude packages.
