- [rulesets]: Remove successful/failure keyword from classification
(use IDMEF completion). Analyzer class sanitization.
- [nagios] Handle Nagios V2 log entry (fix#283).
- [spamassassin] Fix incorrect AdditionalData assignement.
- New Suhosin ruleset, by Sebastien Tricaud <toady@inl.fr>
- Fix invalid logfile inconsistency alert that could be triggered
in a rare case, after a renaming detection. Alert improvement.
- On logfile inconsistency alert, do not re-analyze the whole file.
- Remove the 1024 bytes per PCRE reference limit.
- Minor bug fixes, build system cleanup.
- Fix a bug where some rules marked silent would trigger an alert.
- Load Sonicwall and Spamassassin ruleset by default.
- Fix rule syntax problem in Sonicwall ruleset.
- Fix rule indexing problem in Squid ruleset.
- Postfix rule consistency fix.
2) Changed permissions on plugins.rules and prelude-lml.conf so that
prelude-lml can run unpriviledged
3) Changed confdir in configure so that plugins.rules and prelude-lml.conf
are found.
Changes in 0.9.5:
- Experimental context support (ala SEC): we now handle
multiline log matching.
- Update PAX rules so that it use the new context feature.
- Don't exit on statistics signal, improve statistics precision,
make them easier to read.
- Fix some problem with user & group options.
- text-output argument is optional.
- New experimental ruleset: Sonicwall and Spamassassin. These
need to be manually hooked to pcre.rules if you plan to use
them.
- Fix FAM activation switches.
sensors, managers, and a display console.
Prelude-lml is the log file analyzer. It scans
system log files and generates IDMEF alerts to
the prelude-manager based on signature rulesets.
This is one of sever new Prelude packages.