From 4e1f21b776edb855f6831410d26b51a50a7772dc Mon Sep 17 00:00:00 2001 From: shannonjr Date: Tue, 31 Jan 2006 10:46:31 +0000 Subject: Update to 0.9.2. Changes: - Get rid of the 1024 characters per line limitation (defined as per the syslog RFC), since LML is not limited to parsing input from syslog anymore. - Handle events in Clamav logging format as well as syslog. - Abstracted Squid chain regex to allow parsing of data directly from Squid log files. - Introduced support for openhostapd. - Began expanding rulesets with additional_data and vendor-specific classification data. - Various ruleset updates and bug fixes. Prelude-LML is a signature based log analyzer monitoring logfile and received syslog messages for suspicious activity. It handle events generated by a large set of components, including but not limited to: BigIP, Grsecurity, Honeyd, ipchains, Netfilter, ipfw, Nokia ipso, Nagios, Norton Antivirus Corporate Edition, NTsyslog, PAM, Portsentry, Postfix, Proftpd, ssh, etc. --- security/prelude-lml/Makefile | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) (limited to 'security/prelude-lml/Makefile') diff --git a/security/prelude-lml/Makefile b/security/prelude-lml/Makefile index 2a9f5b17cbf..44d30f437eb 100644 --- a/security/prelude-lml/Makefile +++ b/security/prelude-lml/Makefile @@ -1,7 +1,7 @@ -# $NetBSD: Makefile,v 1.1.1.1 2006/01/29 15:56:42 shannonjr Exp $ +# $NetBSD: Makefile,v 1.2 2006/01/31 10:46:31 shannonjr Exp $ # -DISTNAME= prelude-lml-0.9.1 +DISTNAME= prelude-lml-0.9.2 CATEGORIES= security MASTER_SITES= http://www.prelude-ids.org/download/releases/ @@ -25,11 +25,13 @@ CONFIGURE_ARGS+= --localstatedir=${VARBASE:Q} RCD_SCRIPTS= preludelml PRELUDE_USER?= _prelude PRELUDE_GROUP?= _prelude +PRELUDE_LML_PID_DIR= ${VARBASE:Q}/run/prelude-lml PRELUDE_HOME= ${VARBASE:Q}/prelude-lml PKG_USERS= ${PRELUDE_USER}:${PRELUDE_GROUP}::Prelude\ IDS:${PRELUDE_HOME}:${NOLOGIN} PKG_GROUPS= ${PRELUDE_GROUP} FILES_SUBST+= PRELUDE_LML_PID_DIR=${PRELUDE_LML_PID_DIR:Q} FILES_SUBST+= PRELUDE_USER=${PRELUDE_USER:Q} +FILES_SUBST+= PRELUDE_GROUP=${PRELUDE_GROUP:Q} SUBST_CLASSES+= code SUBST_STAGE.code= post-patch -- cgit v1.2.3