IDS mailing list archives

Previous By Date Next
Previous By Thread Next

[Fwd: [prelude-devel] [ANNOUNCE]: Prelude LML 0.8.3 released]

From: oudot laurent <oudot.laurent () wanadoo fr>
Date: Sun, 27 Apr 2003 01:23:23 +0200


-------- Message d'origine --------
Sujet: [prelude-devel] [ANNOUNCE]: Prelude LML 0.8.3 released
Date: 26 Apr 2003 22:01:30 +0200
De: Yoann Vandoorselaere <yoann () prelude-ids org>
Répondre-A: yoann () prelude-ids org
A: prelude-user () prelude-ids org
CC: prelude-devel () prelude-ids org

Hi,

this new Prelude LML version contain a lot of bugfix, as well as
numerous improvements (support logfile metadata, 64 bits file offset,
workaround of the dnotify Linux kernel bug), and a lot of new rulesets.

See the detailed list of change below for more information.

Enjoy,


--- { CHANGES } ---

 - Yoann Vandoorselaere <yoann () prelude-ids org>:
   Implement logfile metadata:

   If there is metadata available and current logfile size is
   less than the specified metadata offset, assume the log got
   rotated, and start analyzing the file at offset 0.

   If there are metadata available and current logfile size is
   more or equal than the specified metadata offset: start analyzing
   the logfile from the specified offset. Unless the checksum doesn't
   match, in which case we'll issue an alert, and restart from 0.

 - Yoann Vandoorselaere <yoann () prelude-ids org>:
   Should now be able to read up to 2 ^ (64-1) bytes logfile.

 - Yoann Vandoorselaere <yoann () prelude-ids org>:
   Implemented runtime detection and workaround of the FAM (Dnotify)
   writev() bug. We go back to simple file polling if the bug is
   present.

 - Yoann Vandoorselaere <yoann () prelude-ids org>:
   Restart LML on SIGHUP, so that log rotation program might restart it.

 - Yoann Vandoorselaere <yoann () prelude-ids org>:
   Implemented handling of the source and destination address, by the
   Simple (signature) plugin.
        
 - Vincent Glaume <vglaume () exaprobe com>:
   Implemented handling of the "last" keyword, telling LML to stop
   matching regex against a line of log once one of them has been
   matched.

 - Yoann Vandoorselaere <yoann () prelude-ids org>:
   LML alert now carry LML version.

 - Yoann Vandoorselaere <yoann () prelude-ids org>:
   Modified the Debug plugin so that it use the shared LML API for
   sending alert. Also, Debug alert are now low priority.

 - Laurent Oudot <oudot.laurent () wanadoo fr>:
   Exim ruleset.

 - Stéphane Loeuillet <LeRoutier () wanadoo fr>:
   ProFTPD, vpopmail, qpopper rulesets.

 - Vincent Glaume <vglaume () exaprobe com>:
   Squid, NtSyslog, Ipso, Checkpoint, rulesets.



--- { DOWNLOAD } ---

http://prelude-ids.org/download/releases/prelude-lml-0.8.3.tar.gz
http://prelude-ids.org/download/releases/prelude-lml-0.8.3.tar.gz.sig
http://prelude-ids.org/download/releases/prelude-lml-0.8.3.tar.gz.md5


--- { MD5SUM } ---

2dd22a105da2c93a529202d2621e9c1c  prelude-lml-0.8.3.tar.gz



-- { OpenPGP key } ---

gpg --keyserver wwwkeys.pgp.net --recv-keys 0x23D2FAC3

Attachment: signature.asc
Description: 

------------------------------------------------------------------------------
INTRUSION PREVENTION: READY FOR PRIME TIME?
 
IntruShield now offers unprecedented Intrusion IntelligenceTM capabilities - 
including intrusion identification, relevancy, direction, impact and analysis - enabling a path to prevention. 
 
Download the latest white paper "Intrusion Prevention: Myths, Challenges, and Requirements" at: 
http://www.securityfocus.com/IntruVert-focus-ids
Previous By Date Next
Previous By Thread Next

Current thread: