IDS mailing list archives
[Fwd: [prelude-devel] [ANNOUNCE]: Prelude LML 0.8.3 released]
From: oudot laurent <oudot.laurent () wanadoo fr>
Date: Sun, 27 Apr 2003 01:23:23 +0200
-------- Message d'origine -------- Sujet: [prelude-devel] [ANNOUNCE]: Prelude LML 0.8.3 released Date: 26 Apr 2003 22:01:30 +0200 De: Yoann Vandoorselaere <yoann () prelude-ids org> Répondre-A: yoann () prelude-ids org A: prelude-user () prelude-ids org CC: prelude-devel () prelude-ids org Hi, this new Prelude LML version contain a lot of bugfix, as well as numerous improvements (support logfile metadata, 64 bits file offset, workaround of the dnotify Linux kernel bug), and a lot of new rulesets. See the detailed list of change below for more information. Enjoy, --- { CHANGES } --- - Yoann Vandoorselaere <yoann () prelude-ids org>: Implement logfile metadata: If there is metadata available and current logfile size is less than the specified metadata offset, assume the log got rotated, and start analyzing the file at offset 0. If there are metadata available and current logfile size is more or equal than the specified metadata offset: start analyzing the logfile from the specified offset. Unless the checksum doesn't match, in which case we'll issue an alert, and restart from 0. - Yoann Vandoorselaere <yoann () prelude-ids org>: Should now be able to read up to 2 ^ (64-1) bytes logfile. - Yoann Vandoorselaere <yoann () prelude-ids org>: Implemented runtime detection and workaround of the FAM (Dnotify) writev() bug. We go back to simple file polling if the bug is present. - Yoann Vandoorselaere <yoann () prelude-ids org>: Restart LML on SIGHUP, so that log rotation program might restart it. - Yoann Vandoorselaere <yoann () prelude-ids org>: Implemented handling of the source and destination address, by the Simple (signature) plugin. - Vincent Glaume <vglaume () exaprobe com>: Implemented handling of the "last" keyword, telling LML to stop matching regex against a line of log once one of them has been matched. - Yoann Vandoorselaere <yoann () prelude-ids org>: LML alert now carry LML version. - Yoann Vandoorselaere <yoann () prelude-ids org>: Modified the Debug plugin so that it use the shared LML API for sending alert. Also, Debug alert are now low priority. - Laurent Oudot <oudot.laurent () wanadoo fr>: Exim ruleset. - Stéphane Loeuillet <LeRoutier () wanadoo fr>: ProFTPD, vpopmail, qpopper rulesets. - Vincent Glaume <vglaume () exaprobe com>: Squid, NtSyslog, Ipso, Checkpoint, rulesets. --- { DOWNLOAD } --- http://prelude-ids.org/download/releases/prelude-lml-0.8.3.tar.gz http://prelude-ids.org/download/releases/prelude-lml-0.8.3.tar.gz.sig http://prelude-ids.org/download/releases/prelude-lml-0.8.3.tar.gz.md5 --- { MD5SUM } --- 2dd22a105da2c93a529202d2621e9c1c prelude-lml-0.8.3.tar.gz -- { OpenPGP key } --- gpg --keyserver wwwkeys.pgp.net --recv-keys 0x23D2FAC3
Attachment:
signature.asc
Description:
------------------------------------------------------------------------------ INTRUSION PREVENTION: READY FOR PRIME TIME? IntruShield now offers unprecedented Intrusion IntelligenceTM capabilities - including intrusion identification, relevancy, direction, impact and analysis - enabling a path to prevention. Download the latest white paper "Intrusion Prevention: Myths, Challenges, and Requirements" at: http://www.securityfocus.com/IntruVert-focus-ids
Current thread:
- [Fwd: [prelude-devel] [ANNOUNCE]: Prelude LML 0.8.3 released] oudot laurent (Apr 28)