Prelude LML Changelog

New in version 1.0.0

January 10th, 2012
  • Minor changes since rc2.
  • 2010-02-08, prelude-lml-1.0.0rc2:
  • File notification improvement: some case where file notification was not working appropriately were fixed. Improve handling of file deletion (optionaly followed by file creation event).
  • There was various case where the previous code would mishandle the metadata write/verification. All known issues are now fixed.
  • There was no monitoring for standard input, everything was read once upon start and further input was ignored.
  • Fix possible truncation of dispatched log, when the string contained multiples nul terminator. Fixes a regression of LML 1.0.0rc1.
  • Statistics were missing for UDP server input.
  • Minor events reporting improvement, and bug fixes.
  • Improve large file handling.
  • 2010-01-29, prelude-lml-1.0.0rc1:
  • Support for character encoding and convertion to UTF-8. The user can specify a different character encoding for each files.
  • Automatic character set detection if none is specified by the user, the implementation will attempt to detect the character set used for a given file. In case the detection fail, the system default will be used.
  • Log entry are now converted to UTF-8 before processing. This fixes a problem where user could see incorrect characters in reported alert, since they were carrying data that could involve differents character set.
  • Include Snare ruleset, courtesy of Nicholas Nachefski .
  • [ModSecurity]: Events generated were missing some AdditionalData information.
  • [NetFilters]: ruleset compatibility Ulogd, various improvement.
  • Various bug fixes.

New in version 0.9.14 (October 17th, 2008)

  • This release fixes a possible permission error that could happen when a given logfile was only accessible through a group-specific permission.
  • The ModSecurity ruleset now provides much more descriptive classification text, adds regexps for [file ..], [line ...], and [tag ...] fields, and finetunes targets/types.
  • Gamin/FAM support has been deprecated in favor of libev, fixing an SELinux issue.
  • The polling architecture has been improved by using an operating system-specific backend when possible.
  • This release monitors files that are not immediately available for reading on startup.
  • Once the file can be monitored, libev provides notification.