Prelude LML

Software Screenshot:
Prelude LML
Software Details:
Version: 1.0.0
Upload Date: 15 Apr 15
Developer: Prelude Team
Distribution Type: Freeware
Downloads: 8

Rating: 1.5/5 (Total Votes: 2)

Prelude-LML is a signature-based log analyzer monitoring your log file and received syslog messages for suspicious activity.

It handle events generated by a large set of components, including but not limited to: APC Emu, BigIP, Cisco PIX, Clamav, Dell-OM, Grsecurity, Honeyd, ipchains, Netfilter, ipfw, Nokia ipso, Apache ModSecurity, Ms-SQL, Nagios, Norton Antivirus Corporate Edition, NTsyslog, Pam, Portsentry, Postfix, Proftpd, SSH, and others.

What is new in this release:

  • Minor changes since rc2.
  • 2010-02-08, prelude-lml-1.0.0rc2:
  • File notification improvement: some case where file notification was not working appropriately were fixed. Improve handling of file deletion (optionaly followed by file creation event).
  • There was various case where the previous code would mishandle the metadata write/verification. All known issues are now fixed.
  • There was no monitoring for standard input, everything was read once upon start and further input was ignored.
  • Fix possible truncation of dispatched log, when the string contained multiples nul terminator. Fixes a regression of LML 1.0.0rc1.
  • Statistics were missing for UDP server input.
  • Minor events reporting improvement, and bug fixes.
  • Improve large file handling.
  • 2010-01-29, prelude-lml-1.0.0rc1:
  • Support for character encoding and convertion to UTF-8. The user can specify a different character encoding for each files.
  • Automatic character set detection if none is specified by the user, the implementation will attempt to detect the character set used for a given file. In case the detection fail, the system default will be used.
  • Log entry are now converted to UTF-8 before processing. This fixes a problem where user could see incorrect characters in reported alert, since they were carrying data that could involve differents character set.
  • Include Snare ruleset, courtesy of Nicholas Nachefski .
  • [ModSecurity]: Events generated were missing some AdditionalData information.
  • [NetFilters]: ruleset compatibility Ulogd, various improvement.
  • Various bug fixes.

What is new in version 0.9.14:

  • This release fixes a possible permission error that could happen when a given logfile was only accessible through a group-specific permission.
  • The ModSecurity ruleset now provides much more descriptive classification text, adds regexps for [file ..], [line ...], and [tag ...] fields, and finetunes targets/types.
  • Gamin/FAM support has been deprecated in favor of libev, fixing an SELinux issue.
  • The polling architecture has been improved by using an operating system-specific backend when possible.
  • This release monitors files that are not immediately available for reading on startup.
  • Once the file can be monitored, libev provides notification.

Similar Software

httplog
httplog

3 Jun 15

alLANBilling
alLANBilling

3 Jun 15

log_analysis
log_analysis

14 Apr 15

JTail
JTail

3 Jun 15

Comments to Prelude LML

Comments not found
Add Comment
Turn on images!