Software Details:
Version: 1.0.0
Upload Date: 15 Apr 15
Distribution Type: Freeware
Downloads: 8
Prelude-LML is a signature-based log analyzer monitoring your log file and received syslog messages for suspicious activity.
It handle events generated by a large set of components, including but not limited to: APC Emu, BigIP, Cisco PIX, Clamav, Dell-OM, Grsecurity, Honeyd, ipchains, Netfilter, ipfw, Nokia ipso, Apache ModSecurity, Ms-SQL, Nagios, Norton Antivirus Corporate Edition, NTsyslog, Pam, Portsentry, Postfix, Proftpd, SSH, and others.
What is new in this release:
- Minor changes since rc2.
- 2010-02-08, prelude-lml-1.0.0rc2:
- File notification improvement: some case where file notification was not working appropriately were fixed. Improve handling of file deletion (optionaly followed by file creation event).
- There was various case where the previous code would mishandle the metadata write/verification. All known issues are now fixed.
- There was no monitoring for standard input, everything was read once upon start and further input was ignored.
- Fix possible truncation of dispatched log, when the string contained multiples nul terminator. Fixes a regression of LML 1.0.0rc1.
- Statistics were missing for UDP server input.
- Minor events reporting improvement, and bug fixes.
- Improve large file handling.
- 2010-01-29, prelude-lml-1.0.0rc1:
- Support for character encoding and convertion to UTF-8. The user can specify a different character encoding for each files.
- Automatic character set detection if none is specified by the user, the implementation will attempt to detect the character set used for a given file. In case the detection fail, the system default will be used.
- Log entry are now converted to UTF-8 before processing. This fixes a problem where user could see incorrect characters in reported alert, since they were carrying data that could involve differents character set.
- Include Snare ruleset, courtesy of Nicholas Nachefski .
- [ModSecurity]: Events generated were missing some AdditionalData information.
- [NetFilters]: ruleset compatibility Ulogd, various improvement.
- Various bug fixes.
What is new in version 0.9.14:
- This release fixes a possible permission error that could happen when a given logfile was only accessible through a group-specific permission.
- The ModSecurity ruleset now provides much more descriptive classification text, adds regexps for [file ..], [line ...], and [tag ...] fields, and finetunes targets/types.
- Gamin/FAM support has been deprecated in favor of libev, fixing an SELinux issue.
- The polling architecture has been improved by using an operating system-specific backend when possible.
- This release monitors files that are not immediately available for reading on startup.
- Once the file can be monitored, libev provides notification.
Comments not found