[prev in list] [next in list] [prev in thread] [next in thread]
List: focus-ids
Subject: [Fwd: [prelude-devel] [ANNOUNCE]: Prelude LML 0.8.3 released]
From: oudot laurent <oudot.laurent () wanadoo ! fr>
Date: 2003-04-26 23:23:23
[Download RAW message or body]
-------- Message d'origine --------
Sujet: [prelude-devel] [ANNOUNCE]: Prelude LML 0.8.3 released
Date: 26 Apr 2003 22:01:30 +0200
De: Yoann Vandoorselaere <yoann@prelude-ids.org>
Répondre-A: yoann@prelude-ids.org
A: prelude-user@prelude-ids.org
CC: prelude-devel@prelude-ids.org
Hi,
this new Prelude LML version contain a lot of bugfix, as well as
numerous improvements (support logfile metadata, 64 bits file offset,
workaround of the dnotify Linux kernel bug), and a lot of new rulesets.
See the detailed list of change below for more information.
Enjoy,
--- { CHANGES } ---
- Yoann Vandoorselaere <yoann@prelude-ids.org>:
Implement logfile metadata:
If there is metadata available and current logfile size is
less than the specified metadata offset, assume the log got
rotated, and start analyzing the file at offset 0.
If there are metadata available and current logfile size is
more or equal than the specified metadata offset: start analyzing
the logfile from the specified offset. Unless the checksum doesn't
match, in which case we'll issue an alert, and restart from 0.
- Yoann Vandoorselaere <yoann@prelude-ids.org>:
Should now be able to read up to 2 ^ (64-1) bytes logfile.
- Yoann Vandoorselaere <yoann@prelude-ids.org>:
Implemented runtime detection and workaround of the FAM (Dnotify)
writev() bug. We go back to simple file polling if the bug is
present.
- Yoann Vandoorselaere <yoann@prelude-ids.org>:
Restart LML on SIGHUP, so that log rotation program might restart it.
- Yoann Vandoorselaere <yoann@prelude-ids.org>:
Implemented handling of the source and destination address, by the
Simple (signature) plugin.
- Vincent Glaume <vglaume@exaprobe.com>:
Implemented handling of the "last" keyword, telling LML to stop
matching regex against a line of log once one of them has been
matched.
- Yoann Vandoorselaere <yoann@prelude-ids.org>:
LML alert now carry LML version.
- Yoann Vandoorselaere <yoann@prelude-ids.org>:
Modified the Debug plugin so that it use the shared LML API for
sending alert. Also, Debug alert are now low priority.
- Laurent Oudot <oudot.laurent@wanadoo.fr>:
Exim ruleset.
- Stéphane Loeuillet <LeRoutier@wanadoo.fr>:
ProFTPD, vpopmail, qpopper rulesets.
- Vincent Glaume <vglaume@exaprobe.com>:
Squid, NtSyslog, Ipso, Checkpoint, rulesets.
--- { DOWNLOAD } ---
http://prelude-ids.org/download/releases/prelude-lml-0.8.3.tar.gz
http://prelude-ids.org/download/releases/prelude-lml-0.8.3.tar.gz.sig
http://prelude-ids.org/download/releases/prelude-lml-0.8.3.tar.gz.md5
--- { MD5SUM } ---
2dd22a105da2c93a529202d2621e9c1c prelude-lml-0.8.3.tar.gz
-- { OpenPGP key } ---
gpg --keyserver wwwkeys.pgp.net --recv-keys 0x23D2FAC3
["signature.asc" (application/pgp-signature)]
------------------------------------------------------------------------------
INTRUSION PREVENTION: READY FOR PRIME TIME?
IntruShield now offers unprecedented Intrusion IntelligenceTM capabilities -
including intrusion identification, relevancy, direction, impact and analysis - \
enabling a path to prevention.
Download the latest white paper "Intrusion Prevention: Myths, Challenges, and \
Requirements" at: http://www.securityfocus.com/IntruVert-focus-ids
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic