Pantek Library
Hosting Provided By
CybrHost
High Speed Hosting
Mailing Lists: securityfocus.com > focus-ids > 03 > 040562.html (Request Expert securityfocus.com Support)

[Fwd: [prelude-devel] [ANNOUNCE]: Prelude LML 0.8.3 released]

From: oudot laurent <oudot.laurent(at)wanadoo.fr>
Date: Sat Apr 26 2003 - 19:23:23 EDT

  • Message d'origine -------- Sujet: [prelude-devel] [ANNOUNCE]: Prelude LML 0.8.3 released Date: 26 Apr 2003 22:01:30 +0200 De: Yoann Vandoorselaere <yoann@prelude-ids.org> Répondre-A: yoann@prelude-ids.org A: prelude-user@prelude-ids.org CC: prelude-devel@prelude-ids.org

Hi,

this new Prelude LML version contain a lot of bugfix, as well as numerous improvements (support logfile metadata, 64 bits file offset, workaround of the dnotify Linux kernel bug), and a lot of new rulesets.

See the detailed list of change below for more information.

Enjoy,

  • { CHANGES } ---
    • Yoann Vandoorselaere <yoann@prelude-ids.org>: Implement logfile metadata:

    If there is metadata available and current logfile size is     less than the specified metadata offset, assume the log got     rotated, and start analyzing the file at offset 0.

    If there are metadata available and current logfile size is     more or equal than the specified metadata offset: start analyzing     the logfile from the specified offset. Unless the checksum doesn't     match, in which case we'll issue an alert, and restart from 0.

  • Yoann Vandoorselaere <yoann@prelude-ids.org>: Should now be able to read up to 2 ^ (64-1) bytes logfile.
  • Yoann Vandoorselaere <yoann@prelude-ids.org>: Implemented runtime detection and workaround of the FAM (Dnotify) writev() bug. We go back to simple file polling if the bug is present.
  • Yoann Vandoorselaere <yoann@prelude-ids.org>: Restart LML on SIGHUP, so that log rotation program might restart it.
  • Yoann Vandoorselaere <yoann@prelude-ids.org>: Implemented handling of the source and destination address, by the Simple (signature) plugin.
  • Vincent Glaume <vglaume@exaprobe.com>: Implemented handling of the "last" keyword, telling LML to stop matching regex against a line of log once one of them has been matched.
  • Yoann Vandoorselaere <yoann@prelude-ids.org>: LML alert now carry LML version.
  • Yoann Vandoorselaere <yoann@prelude-ids.org>: Modified the Debug plugin so that it use the shared LML API for sending alert. Also, Debug alert are now low priority.
  • Laurent Oudot <oudot.laurent@wanadoo.fr>: Exim ruleset.
  • Stéphane Loeuillet <LeRoutier@wanadoo.fr>: ProFTPD, vpopmail, qpopper rulesets.
  • Vincent Glaume <vglaume@exaprobe.com>: Squid, NtSyslog, Ipso, Checkpoint, rulesets.
    • { DOWNLOAD } --- 
http://prelude-ids.org/download/releases/prelude-lml-0.8.3.tar.gzhttp://prelude-ids.org/download/releases/prelude-lml-0.8.3.tar.gz.sighttp://prelude-ids.org/download/releases/prelude-lml-0.8.3.tar.gz.md5
  • { MD5SUM } ---
2dd22a105da2c93a529202d2621e9c1c prelude-lml-0.8.3.tar.gz
  • { OpenPGP key } ---

gpg --keyserver wwwkeys.pgp.net --recv-keys 0x23D2FAC3

Do you need help?X


INTRUSION PREVENTION: READY FOR PRIME TIME?   IntruShield now offers unprecedented Intrusion IntelligenceTM capabilities - including intrusion identification, relevancy, direction, impact and analysis - enabling a path to prevention.  

Download the latest white paper "Intrusion Prevention: Myths, Challenges, and Requirements" at: http://www.securityfocus.com/IntruVert-focus-ids

Received on Mon Apr 28 10:12:00 2003

This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 14:01:11 EDT

Contact Us  Legal Notices  Order Services Online 
Pantek Home  Privacy Policy  IT news  Site Map  Pantek Library