proc-maillog:
- Use "-d yesterday" to get more correct statistics on the typical case of
rotating logs at midnight.
- Add smtpd connection statistics.
- Remove per-user top 10 lists.
proc-messages:
- Message updates:
- New messages: Cyrus, HP printers, ISC dhcpd, NetBSD kernel, Net-SNMP
and ProFTPD.
- Account for views in more BIND named messages.
- Handle rsnapshot, smartd and Sipura SIP phones/gateways.
- Logic fixes:
- Facilities don't always have a trailing colon (esp. on non-UNIX).
- Remove sequence number and extra timestamp from Cisco messages.
- Keep $origin per-host, so "last message repeated" is logged correctly.
- Log only remote host when counting warnings for different software,
so the thresholds are tripped more easily (the account used is not
considered as important, since dictionary attacks are common).
- Code maintenance:
- Modernise Perl subroutine calls (no ampersand).
- Centralise host[addr] string parsing.
- Some whitespace cleanup.
- Configuration changes:
- Update $LOCAL (should go into a config file).
roller:
- Use "uname -n" instead of "netname", so network connectivity is not used.
proc-httpd-errors:
- Ignore Digest startup.
- Ignore first signal repeat.
- Remove PID from unresponsive child warning.
proc-ipmon:
- Handle ip-filter v4.
proc-maillog:
- Put back user and host limits (10).
proc-messages:
- Ignore empty lines from SCSI errors.
- Added daemons: cyrus 2.2, jabber v2, rsynconly wrapper, BIND 9.3, ntpd v4.
- Weed out more NetBSD-current messages.
- Recognize more proftpd messages.
- Ignore more racoon messages.
proc-xferlog:
- Handle deleted files.
- List all incoming and deleted files.
- logroll now rolls wtmpx and httpd-ssl as well (no reporting)
- proc-ipmon adds scan analysis and log data summary
- proc-news now produces a sorted domain-only readership report
Add support for:
- repeating IMAP and HORDE warnings.
- new cyrus versions: lmtpd, master
- net-snmp as a new name for ucd-snmp
- recognize more NetBSD boot messages and new devices
- new daemons: netsaint, pptpd
- use pflogsumm to process maillog (postfix only)
