Update to 0.9.2. Changes:

- Get rid of the 1024 characters per line limitation (defined as per
  the syslog RFC), since LML is not limited to parsing input from syslog
  anymore.
- Handle events in Clamav logging format as well as syslog.
- Abstracted Squid chain regex to allow parsing of data directly
  from Squid log files.
- Introduced support for openhostapd.
- Began expanding rulesets with additional_data and vendor-specific
  classification data.
- Various ruleset updates and bug fixes.

Prelude-LML is a signature based log analyzer monitoring logfile and
received syslog messages for suspicious activity. It handle events
generated by a large set of components, including but not limited to:
BigIP, Grsecurity, Honeyd, ipchains, Netfilter, ipfw, Nokia ipso,
Nagios, Norton Antivirus Corporate Edition, NTsyslog, PAM, Portsentry,
Postfix, Proftpd, ssh, etc.

1 files changed, 4 insertions, 2 deletions

diff --git a/security/prelude-lml/Makefile b/security/prelude-lml/Makefile
index 2a9f5b17cbf..44d30f437eb 100644
--- a/security/prelude-lml/Makefile
+++ b/security/prelude-lml/Makefile
@@ -1,7 +1,7 @@
-# $NetBSD: Makefile,v 1.1.1.1 2006/01/29 15:56:42 shannonjr Exp $
+# $NetBSD: Makefile,v 1.2 2006/01/31 10:46:31 shannonjr Exp $
 #
 
-DISTNAME=		prelude-lml-0.9.1
+DISTNAME=		prelude-lml-0.9.2
 CATEGORIES=		security
 MASTER_SITES=		http://www.prelude-ids.org/download/releases/
 
@@ -25,11 +25,13 @@ CONFIGURE_ARGS+=        --localstatedir=${VARBASE:Q}
 RCD_SCRIPTS=		preludelml
 PRELUDE_USER?=		_prelude
 PRELUDE_GROUP?=		_prelude
+PRELUDE_LML_PID_DIR=	${VARBASE:Q}/run/prelude-lml
 PRELUDE_HOME=		${VARBASE:Q}/prelude-lml
 PKG_USERS=	${PRELUDE_USER}:${PRELUDE_GROUP}::Prelude\ IDS:${PRELUDE_HOME}:${NOLOGIN}
 PKG_GROUPS=	${PRELUDE_GROUP}
 FILES_SUBST+=	PRELUDE_LML_PID_DIR=${PRELUDE_LML_PID_DIR:Q}
 FILES_SUBST+=	PRELUDE_USER=${PRELUDE_USER:Q}
+FILES_SUBST+=	PRELUDE_GROUP=${PRELUDE_GROUP:Q}
 
 SUBST_CLASSES+=         code
 SUBST_STAGE.code=       post-patch