Browse files

Import Logsurfer+ 1.7a

  • Loading branch information...
0 parents commit 48cee1ea0af318ce199ae9d3c283399d9f3ee4e8 @msantos committed Jun 7, 2010
112 ChangeLog
@@ -0,0 +1,112 @@
+Version 1.7 (logsurfer+)
+ + added -e option to begin processing from the current end
+ of the input log file ( normally used with -f )
+ + put double-quotes around regex expressions in dump file
+ + if the context argument to a pipe or report action is "-"
+ then the current context contents are piped into the command
+ this should shorten most context definitions
+ + added new action "echo" which simply echo's the output on
+ stdout, or to a file with optional >file & >>file 1st arg
+ + added a macro construct in context action fields, if "$lines"
+ exists in a context action (such as a command line) it will
+ be substituted by the number of lines in the context
+ + added syslog action to send a message into syslog
+ the first argument must be facility:level, the second arg
+ is a string to send to syslog
+Version 1.6b (logsurfer+)
+ + fixed -t option in getopts()
+Version 1.6a (logsurfer+)
+ Kerry Thompson
+ + corrected off-by-one in min_lines checking
+ + added min_lines context arg to logsurfer.conf man page
+Version 1.6 (logsurfer+)
+ Kerry Thompson
+ + added an optional parameter at the end of context definition
+ (just before action) specifying the minimum number of lines
+ collected which needs to be satisfied before performing action
+ + added -t option to explicity timeout contexts when exiting
+ default=off so contexts don't all trigger when we shut down
+ + only add lines to a context if the context has an action of
+ 'pipe' or 'report'. In other words, don't store lines in
+ memory which won't ever be used. The number of matching
+ lines in the context is still incremented. This allows contexts
+ to be created which can notify if we _don't_ see an event, such
+ as regular "syslog pings" from hosts.
+Version 1.5b
+ + Corrected off-by-one heap overflow and uninitialized pointer
+Version 1.5a
+ + Corrected minor bug in context timeouts
+Version 1.5
+ + Added y2k disclaimer
+ + Corrected authorship and copyright information
+ + Released
+Version 1.5beta2
+ + Patch for context linelimit added
+ + Changed Logsurfer URL to
+Version 1.5beta
+ + Changed default dumpfile to /dev/null to avoid security problems.
+ You can specify the default location for the logsurfer.dump file
+ in the Makefile (see DEF_DUMPFILE). However - be aware that if using
+ a public writable directory someone can crate a sym-link for that
+ name and you'll write to another file. So I would suggest to use
+ the "-d" option while starting logsurfer to specify a dumpfilename.
+ + Added -DWARN_ROOT to print a warning if logsurfer is running as root.
+ + Added generic GNU "INSTALL" file
+ + Corrected version number in Makefile
+Version 1.41
+ + deleted two #error defines which caused problems on non
+ ansi-compilers
+Version 1.4
+ + fixed serious bug: rule processing stopped if a match_regex was
+ found (even if the not_match_regex dropped this rule)
+ + setup www-page
+Version 1.3
+ + removed #error directive (this is only available on ansi
+ compilers)
+ + added output of logsurfer version number in the usage
+ output
+Version 1.2
+ + updated manpage of logsurfer.1 to include -f and the new
+ -p option
+ + added -p option to write pid to a file (for easier restarts)
+ + changed line handling to be independent from line length
+ (no fixed buffers for processing stuff)
+ + added --with-etcdir option for configure to specify the
+ default location of the logsurfer.conf file
+ + new "contrib" directory to collect helpful tools (added a script
+ "start-mail" and a tool "prtime" to start the collection)
+ + added a check if "const" is defined or not
+ + sendmail flushing has been improved (but is still not completly
+ reliable - it is only implemented as an additional help for
+ flushing the sendmail queue beside the time sendmail does it
+ by itself)
+ + -DSENDMAIL_FLUSH is now not longer default
+ + LDFLAGS in corrected
+ + trying to report linenumber on configuration errors
+ + the behaviour or fgets() at EOF is not portable - now using read()
+ + all header defines also for non ANSI C compilers available
+ + added sys/resource.h include because AIX header files are broken
+ + added srcdir and VPATH definition to Makefiles
+ + changed all #include "../config.h" to #include <config.h>
+ + added in man/ and src/ dir
+ + added PostScript version of regex documentation to package
+ + merged from the old regex dir to the new global one
+ + removed regex-0.12 dir and included regex.c and regex.h in the
+ logsurfer source dir
+Version 1.1
+ + splited the code into several peaces
+ + wrote a draft manual page
@@ -0,0 +1,14 @@
+* Copyright 1995-1999 by DFN-CERT. All rights reserved.
+* This material was originally written and compiled by Wolfgang Ley and
+* Uwe Ellermann at the DFN-CERT, Germany, in 1995-96
+* Redistribution and use in source and binary forms are permitted
+* provided that this entire copyright notice is duplicated in all such
+* copies.
+* This software is provided "as is" and without any expressed or implied
+* warranties, including, without limitation, the implied warranties of
+* merchantability and fitness for any particular purpose.
@@ -0,0 +1,176 @@
+Basic Installation
+ These are generic installation instructions.
+ The `configure' shell script attempts to guess correct values for
+various system-dependent variables used during compilation. It uses
+those values to create a `Makefile' in each directory of the package.
+It may also create one or more `.h' files containing system-dependent
+definitions. Finally, it creates a shell script `config.status' that
+you can run in the future to recreate the current configuration, a file
+`config.cache' that saves the results of its tests to speed up
+reconfiguring, and a file `config.log' containing compiler output
+(useful mainly for debugging `configure').
+ If you need to do unusual things to compile the package, please try
+to figure out how `configure' could check whether to do them, and mail
+diffs or instructions to the address given in the `README' so they can
+be considered for the next release. If at some point `config.cache'
+contains results you don't want to keep, you may remove or edit it.
+ The file `' is used to create `configure' by a program
+called `autoconf'. You only need `' if you want to change
+it or regenerate `configure' using a newer version of `autoconf'.
+The simplest way to compile this package is:
+ 1. `cd' to the directory containing the package's source code and type
+ `./configure' to configure the package for your system. If you're
+ using `csh' on an old version of System V, you might need to type
+ `sh ./configure' instead to prevent `csh' from trying to execute
+ `configure' itself.
+ Running `configure' takes a while. While running, it prints some
+ messages telling which features it is checking for.
+ 2. Type `make' to compile the package.
+ 3. Optionally, type `make check' to run any self-tests that come with
+ the package.
+ 4. Type `make install' to install the programs and any data files and
+ documentation.
+ 5. You can remove the program binaries and object files from the
+ source code directory by typing `make clean'. To also remove the
+ files that `configure' created (so you can compile the package for
+ a different kind of computer), type `make distclean'. There is
+ also a `make maintainer-clean' target, but that is intended mainly
+ for the package's developers. If you use it, you may have to get
+ all sorts of other programs in order to regenerate files that came
+ with the distribution.
+Compilers and Options
+ Some systems require unusual options for compilation or linking that
+the `configure' script does not know about. You can give `configure'
+initial values for variables by setting them in the environment. Using
+a Bourne-compatible shell, you can do that on the command line like
+ CC=c89 CFLAGS=-O2 LIBS=-lposix ./configure
+Or on systems that have the `env' program, you can do it like this:
+ env CPPFLAGS=-I/usr/local/include LDFLAGS=-s ./configure
+Compiling For Multiple Architectures
+ You can compile the package for more than one kind of computer at the
+same time, by placing the object files for each architecture in their
+own directory. To do this, you must use a version of `make' that
+supports the `VPATH' variable, such as GNU `make'. `cd' to the
+directory where you want the object files and executables to go and run
+the `configure' script. `configure' automatically checks for the
+source code in the directory that `configure' is in and in `..'.
+ If you have to use a `make' that does not supports the `VPATH'
+variable, you have to compile the package for one architecture at a time
+in the source code directory. After you have installed the package for
+one architecture, use `make distclean' before reconfiguring for another
+Installation Names
+ By default, `make install' will install the package's files in
+`/usr/local/bin', `/usr/local/man', etc. You can specify an
+installation prefix other than `/usr/local' by giving `configure' the
+option `--prefix=PATH'.
+ You can specify separate installation prefixes for
+architecture-specific files and architecture-independent files. If you
+give `configure' the option `--exec-prefix=PATH', the package will use
+PATH as the prefix for installing programs and libraries.
+Documentation and other data files will still use the regular prefix.
+ If the package supports it, you can cause programs to be installed
+with an extra prefix or suffix on their names by giving `configure' the
+option `--program-prefix=PREFIX' or `--program-suffix=SUFFIX'.
+Optional Features
+ Some packages pay attention to `--enable-FEATURE' options to
+`configure', where FEATURE indicates an optional part of the package.
+They may also pay attention to `--with-PACKAGE' options, where PACKAGE
+is something like `gnu-as' or `x' (for the X Window System). The
+`README' should mention any `--enable-' and `--with-' options that the
+package recognizes.
+ For packages that use the X Window System, `configure' can usually
+find the X include and library files automatically, but if it doesn't,
+you can use the `configure' options `--x-includes=DIR' and
+`--x-libraries=DIR' to specify their locations.
+Specifying the System Type
+ There may be some features `configure' can not figure out
+automatically, but needs to determine by the type of host the package
+will run on. Usually `configure' can figure that out, but if it prints
+a message saying it can not guess the host type, give it the
+`--host=TYPE' option. TYPE can either be a short name for the system
+type, such as `sun4', or a canonical name with three fields:
+See the file `config.sub' for the possible values of each field. If
+`config.sub' isn't included in this package, then this package doesn't
+need to know the host type.
+ If you are building compiler tools for cross-compiling, you can also
+use the `--target=TYPE' option to select the type of system they will
+produce code for and the `--build=TYPE' option to select the type of
+system on which you are compiling the package.
+Sharing Defaults
+ If you want to set default values for `configure' scripts to share,
+you can create a site shell script called `' that gives
+default values for variables like `CC', `cache_file', and `prefix'.
+`configure' looks for `PREFIX/share/' if it exists, then
+`PREFIX/etc/' if it exists. Or, you can set the
+`CONFIG_SITE' environment variable to the location of the site script.
+A warning: not all `configure' scripts look for a site script.
+Operation Controls
+ `configure' recognizes the following options to control how it
+ Use and save the results of the tests in FILE instead of
+ `./config.cache'. Set FILE to `/dev/null' to disable caching, for
+ debugging `configure'.
+ Print a summary of the options to `configure', and exit.
+ Do not print messages saying which checks are being made.
+ Look for the package's source code in directory DIR. Usually
+ `configure' can determine that directory automatically.
+ Print the version of Autoconf used to generate the `configure'
+ script, and exit.
+`configure' also accepts some other, not widely useful, options.
Oops, something went wrong.

0 comments on commit 48cee1e

Please sign in to comment.