Permalink
Browse files

Import Logsurfer+ 1.7a

  • Loading branch information...
0 parents commit 48cee1ea0af318ce199ae9d3c283399d9f3ee4e8 @msantos committed Jun 7, 2010
112 ChangeLog
@@ -0,0 +1,112 @@
+Version 1.7 (logsurfer+)
+ + added -e option to begin processing from the current end
+ of the input log file ( normally used with -f )
+ + put double-quotes around regex expressions in dump file
+ + if the context argument to a pipe or report action is "-"
+ then the current context contents are piped into the command
+ this should shorten most context definitions
+ + added new action "echo" which simply echo's the output on
+ stdout, or to a file with optional >file & >>file 1st arg
+ + added a macro construct in context action fields, if "$lines"
+ exists in a context action (such as a command line) it will
+ be substituted by the number of lines in the context
+ + added syslog action to send a message into syslog
+ the first argument must be facility:level, the second arg
+ is a string to send to syslog
+
+Version 1.6b (logsurfer+)
+ + fixed -t option in getopts()
+
+Version 1.6a (logsurfer+)
+ Kerry Thompson kerry@crypt.gen.nz:
+ + corrected off-by-one in min_lines checking
+ + added min_lines context arg to logsurfer.conf man page
+
+Version 1.6 (logsurfer+)
+ Kerry Thompson kerry@crypt.gen.nz:
+ + added an optional parameter at the end of context definition
+ (just before action) specifying the minimum number of lines
+ collected which needs to be satisfied before performing action
+ + added -t option to explicity timeout contexts when exiting
+ default=off so contexts don't all trigger when we shut down
+ + only add lines to a context if the context has an action of
+ 'pipe' or 'report'. In other words, don't store lines in
+ memory which won't ever be used. The number of matching
+ lines in the context is still incremented. This allows contexts
+ to be created which can notify if we _don't_ see an event, such
+ as regular "syslog pings" from hosts.
+
+Version 1.5b
+ + Corrected off-by-one heap overflow and uninitialized pointer
+
+Version 1.5a
+ + Corrected minor bug in context timeouts
+
+Version 1.5
+ + Added y2k disclaimer
+ + Corrected authorship and copyright information
+ + Released
+
+Version 1.5beta2
+ + Patch for context linelimit added
+ + Changed Logsurfer URL to http://www.cert.dfn.de/eng/logsurf/
+
+Version 1.5beta
+ + Changed default dumpfile to /dev/null to avoid security problems.
+ You can specify the default location for the logsurfer.dump file
+ in the Makefile (see DEF_DUMPFILE). However - be aware that if using
+ a public writable directory someone can crate a sym-link for that
+ name and you'll write to another file. So I would suggest to use
+ the "-d" option while starting logsurfer to specify a dumpfilename.
+ + Added -DWARN_ROOT to print a warning if logsurfer is running as root.
+ + Added generic GNU "INSTALL" file
+ + Corrected version number in Makefile
+
+Version 1.41
+ + deleted two #error defines which caused problems on non
+ ansi-compilers
+
+Version 1.4
+ + fixed serious bug: rule processing stopped if a match_regex was
+ found (even if the not_match_regex dropped this rule)
+ + setup www-page http://www.cert.dfn.de/eng/team/wl/logsurfer/
+
+Version 1.3
+ + removed #error directive (this is only available on ansi
+ compilers)
+ + added output of logsurfer version number in the usage
+ output
+
+Version 1.2
+ + updated manpage of logsurfer.1 to include -f and the new
+ -p option
+ + added -p option to write pid to a file (for easier restarts)
+ + changed line handling to be independent from line length
+ (no fixed buffers for processing stuff)
+ + added --with-etcdir option for configure to specify the
+ default location of the logsurfer.conf file
+ + new "contrib" directory to collect helpful tools (added a script
+ "start-mail" and a tool "prtime" to start the collection)
+ + added a check if "const" is defined or not
+ + sendmail flushing has been improved (but is still not completly
+ reliable - it is only implemented as an additional help for
+ flushing the sendmail queue beside the time sendmail does it
+ by itself)
+ + -DSENDMAIL_FLUSH is now not longer default
+ + LDFLAGS in Makefile.in corrected
+ + trying to report linenumber on configuration errors
+ + the behaviour or fgets() at EOF is not portable - now using read()
+ + all header defines also for non ANSI C compilers available
+ + added sys/resource.h include because AIX header files are broken
+ + added srcdir and VPATH definition to Makefiles
+ + changed all #include "../config.h" to #include <config.h>
+ + added Makefile.in in man/ and src/ dir
+ + added PostScript version of regex documentation to package
+ + merged configure.in from the old regex dir to the new global one
+ + removed regex-0.12 dir and included regex.c and regex.h in the
+ logsurfer source dir
+
+Version 1.1
+ + splited the code into several peaces
+ + wrote a draft manual page
+
@@ -0,0 +1,14 @@
+/************************************************************************
+* Copyright 1995-1999 by DFN-CERT. All rights reserved.
+*
+* This material was originally written and compiled by Wolfgang Ley and
+* Uwe Ellermann at the DFN-CERT, Germany, in 1995-96
+*
+* Redistribution and use in source and binary forms are permitted
+* provided that this entire copyright notice is duplicated in all such
+* copies.
+*
+* This software is provided "as is" and without any expressed or implied
+* warranties, including, without limitation, the implied warranties of
+* merchantability and fitness for any particular purpose.
+************************************************************************/
176 INSTALL
@@ -0,0 +1,176 @@
+Basic Installation
+==================
+
+ These are generic installation instructions.
+
+ The `configure' shell script attempts to guess correct values for
+various system-dependent variables used during compilation. It uses
+those values to create a `Makefile' in each directory of the package.
+It may also create one or more `.h' files containing system-dependent
+definitions. Finally, it creates a shell script `config.status' that
+you can run in the future to recreate the current configuration, a file
+`config.cache' that saves the results of its tests to speed up
+reconfiguring, and a file `config.log' containing compiler output
+(useful mainly for debugging `configure').
+
+ If you need to do unusual things to compile the package, please try
+to figure out how `configure' could check whether to do them, and mail
+diffs or instructions to the address given in the `README' so they can
+be considered for the next release. If at some point `config.cache'
+contains results you don't want to keep, you may remove or edit it.
+
+ The file `configure.in' is used to create `configure' by a program
+called `autoconf'. You only need `configure.in' if you want to change
+it or regenerate `configure' using a newer version of `autoconf'.
+
+The simplest way to compile this package is:
+
+ 1. `cd' to the directory containing the package's source code and type
+ `./configure' to configure the package for your system. If you're
+ using `csh' on an old version of System V, you might need to type
+ `sh ./configure' instead to prevent `csh' from trying to execute
+ `configure' itself.
+
+ Running `configure' takes a while. While running, it prints some
+ messages telling which features it is checking for.
+
+ 2. Type `make' to compile the package.
+
+ 3. Optionally, type `make check' to run any self-tests that come with
+ the package.
+
+ 4. Type `make install' to install the programs and any data files and
+ documentation.
+
+ 5. You can remove the program binaries and object files from the
+ source code directory by typing `make clean'. To also remove the
+ files that `configure' created (so you can compile the package for
+ a different kind of computer), type `make distclean'. There is
+ also a `make maintainer-clean' target, but that is intended mainly
+ for the package's developers. If you use it, you may have to get
+ all sorts of other programs in order to regenerate files that came
+ with the distribution.
+
+Compilers and Options
+=====================
+
+ Some systems require unusual options for compilation or linking that
+the `configure' script does not know about. You can give `configure'
+initial values for variables by setting them in the environment. Using
+a Bourne-compatible shell, you can do that on the command line like
+this:
+ CC=c89 CFLAGS=-O2 LIBS=-lposix ./configure
+
+Or on systems that have the `env' program, you can do it like this:
+ env CPPFLAGS=-I/usr/local/include LDFLAGS=-s ./configure
+
+Compiling For Multiple Architectures
+====================================
+
+ You can compile the package for more than one kind of computer at the
+same time, by placing the object files for each architecture in their
+own directory. To do this, you must use a version of `make' that
+supports the `VPATH' variable, such as GNU `make'. `cd' to the
+directory where you want the object files and executables to go and run
+the `configure' script. `configure' automatically checks for the
+source code in the directory that `configure' is in and in `..'.
+
+ If you have to use a `make' that does not supports the `VPATH'
+variable, you have to compile the package for one architecture at a time
+in the source code directory. After you have installed the package for
+one architecture, use `make distclean' before reconfiguring for another
+architecture.
+
+Installation Names
+==================
+
+ By default, `make install' will install the package's files in
+`/usr/local/bin', `/usr/local/man', etc. You can specify an
+installation prefix other than `/usr/local' by giving `configure' the
+option `--prefix=PATH'.
+
+ You can specify separate installation prefixes for
+architecture-specific files and architecture-independent files. If you
+give `configure' the option `--exec-prefix=PATH', the package will use
+PATH as the prefix for installing programs and libraries.
+Documentation and other data files will still use the regular prefix.
+
+ If the package supports it, you can cause programs to be installed
+with an extra prefix or suffix on their names by giving `configure' the
+option `--program-prefix=PREFIX' or `--program-suffix=SUFFIX'.
+
+Optional Features
+=================
+
+ Some packages pay attention to `--enable-FEATURE' options to
+`configure', where FEATURE indicates an optional part of the package.
+They may also pay attention to `--with-PACKAGE' options, where PACKAGE
+is something like `gnu-as' or `x' (for the X Window System). The
+`README' should mention any `--enable-' and `--with-' options that the
+package recognizes.
+
+ For packages that use the X Window System, `configure' can usually
+find the X include and library files automatically, but if it doesn't,
+you can use the `configure' options `--x-includes=DIR' and
+`--x-libraries=DIR' to specify their locations.
+
+Specifying the System Type
+==========================
+
+ There may be some features `configure' can not figure out
+automatically, but needs to determine by the type of host the package
+will run on. Usually `configure' can figure that out, but if it prints
+a message saying it can not guess the host type, give it the
+`--host=TYPE' option. TYPE can either be a short name for the system
+type, such as `sun4', or a canonical name with three fields:
+ CPU-COMPANY-SYSTEM
+
+See the file `config.sub' for the possible values of each field. If
+`config.sub' isn't included in this package, then this package doesn't
+need to know the host type.
+
+ If you are building compiler tools for cross-compiling, you can also
+use the `--target=TYPE' option to select the type of system they will
+produce code for and the `--build=TYPE' option to select the type of
+system on which you are compiling the package.
+
+Sharing Defaults
+================
+
+ If you want to set default values for `configure' scripts to share,
+you can create a site shell script called `config.site' that gives
+default values for variables like `CC', `cache_file', and `prefix'.
+`configure' looks for `PREFIX/share/config.site' if it exists, then
+`PREFIX/etc/config.site' if it exists. Or, you can set the
+`CONFIG_SITE' environment variable to the location of the site script.
+A warning: not all `configure' scripts look for a site script.
+
+Operation Controls
+==================
+
+ `configure' recognizes the following options to control how it
+operates.
+
+`--cache-file=FILE'
+ Use and save the results of the tests in FILE instead of
+ `./config.cache'. Set FILE to `/dev/null' to disable caching, for
+ debugging `configure'.
+
+`--help'
+ Print a summary of the options to `configure', and exit.
+
+`--quiet'
+`--silent'
+`-q'
+ Do not print messages saying which checks are being made.
+
+`--srcdir=DIR'
+ Look for the package's source code in directory DIR. Usually
+ `configure' can determine that directory automatically.
+
+`--version'
+ Print the version of Autoconf used to generate the `configure'
+ script, and exit.
+
+`configure' also accepts some other, not widely useful, options.
+
Oops, something went wrong.

0 comments on commit 48cee1e

Please sign in to comment.