Prelude LML Changelog
New in version 1.0.0January 10th, 2012
- Minor changes since rc2.
- 2010-02-08, prelude-lml-1.0.0rc2:
- File notification improvement: some case where file notification was not working appropriately were fixed. Improve handling of file deletion (optionaly followed by file creation event).
- There was various case where the previous code would mishandle the metadata write/verification. All known issues are now fixed.
- There was no monitoring for standard input, everything was read once upon start and further input was ignored.
- Fix possible truncation of dispatched log, when the string contained multiples nul terminator. Fixes a regression of LML 1.0.0rc1.
- Statistics were missing for UDP server input.
- Minor events reporting improvement, and bug fixes.
- Improve large file handling.
- 2010-01-29, prelude-lml-1.0.0rc1:
- Support for character encoding and convertion to UTF-8. The user can specify a different character encoding for each files.
- Automatic character set detection if none is specified by the user, the implementation will attempt to detect the character set used for a given file. In case the detection fail, the system default will be used.
- Log entry are now converted to UTF-8 before processing. This fixes a problem where user could see incorrect characters in reported alert, since they were carrying data that could involve differents character set.
- Include Snare ruleset, courtesy of Nicholas Nachefski .
- [ModSecurity]: Events generated were missing some AdditionalData information.
- [NetFilters]: ruleset compatibility Ulogd, various improvement.
- Various bug fixes.
New in version 0.9.14 (October 17th, 2008)
- This release fixes a possible permission error that could happen when a given logfile was only accessible through a group-specific permission.
- The ModSecurity ruleset now provides much more descriptive classification text, adds regexps for [file ..], [line ...], and [tag ...] fields, and finetunes targets/types.
- Gamin/FAM support has been deprecated in favor of libev, fixing an SELinux issue.
- The polling architecture has been improved by using an operating system-specific backend when possible.
- This release monitors files that are not immediately available for reading on startup.
- Once the file can be monitored, libev provides notification.