- Make the Prelude-LML UDP server IPv6 compatible.
- Implement 'idmef-alter' and 'idmef-alter-force' option, alloing
to include static values into IDMEF events generated using a given
format.
- New PPP/PPTPD/L2TP ruleset, by Alexander Afonyashin <firm <at> iname.com>,
with slight modification from Pierre Chifflier <p.chifflier <at> inl.fr>.
Close#340.
- Fix CISCO VPN ruleset so that the 'Authentication rejected' rule will
trigger even if the 'server' field does not contain a word (fix#328).
- Remove dos-style end-of-lines (Closes#338)
- Fixes possible off by one when parsing variable reference number, and
remove un-needed check that would always evaluate to TRUE.Thanks
Steve Grubb <sgrubb <at> redhat.com> for reporting this problem (and
running flexelint on the Prelude sources)!
- Update for libtool 2.x compatibility.
- This simplify the whole regular expression handling a lot, making the
code much easier to read, and fixing potential problem with ovector
assignement. This code should also improve performance by a small
factor.
- Change CISCO references urls to their new location, add CISCO ASA rule
to handle discarded tcp or udp packets.
- Various fixes and update.
- [rulesets]: Remove successful/failure keyword from classification
(use IDMEF completion). Analyzer class sanitization.
- [nagios] Handle Nagios V2 log entry (fix#283).
- [spamassassin] Fix incorrect AdditionalData assignement.
- New Suhosin ruleset, by Sebastien Tricaud <toady@inl.fr>
- Fix invalid logfile inconsistency alert that could be triggered
in a rare case, after a renaming detection. Alert improvement.
- On logfile inconsistency alert, do not re-analyze the whole file.
- Remove the 1024 bytes per PCRE reference limit.
- Minor bug fixes, build system cleanup.
- Fix a bug where some rules marked silent would trigger an alert.
- Load Sonicwall and Spamassassin ruleset by default.
- Fix rule syntax problem in Sonicwall ruleset.
- Fix rule indexing problem in Squid ruleset.
- Postfix rule consistency fix.
2) Changed permissions on plugins.rules and prelude-lml.conf so that
prelude-lml can run unpriviledged
3) Changed confdir in configure so that plugins.rules and prelude-lml.conf
are found.
Changes in 0.9.5:
- Experimental context support (ala SEC): we now handle
multiline log matching.
- Update PAX rules so that it use the new context feature.
- Don't exit on statistics signal, improve statistics precision,
make them easier to read.
- Fix some problem with user & group options.
- text-output argument is optional.
- New experimental ruleset: Sonicwall and Spamassassin. These
need to be manually hooked to pcre.rules if you plan to use
them.
- Fix FAM activation switches.
sensors, managers, and a display console.
Prelude-lml is the log file analyzer. It scans
system log files and generates IDMEF alerts to
the prelude-manager based on signature rulesets.
This is one of sever new Prelude packages.
