- [User] Fixes a bug with the geolocator
- [User] Fixes a bug causing a crash when no country was found by the geolocator
- [User] Fixes bugs related to corner cases (empty logs, wrong parser for log, empty geolocation data)
- [User] Updated DB-IP country file to Jun 2024 version.
- [User] Refreshed the style a bit, removed Fira Sans and updated versions of CSS and JS frameworks
- [Code] Move options and some code in their own dir
- [Code] Add rendering view parsing (useful in development; no views yet)
- Country DB now stores country name.
- [User] New output format
ufw
generates directives to blacklist IPs requesting URLs matching a pattern. For users of the Uncomplicated Firewall. - [User] new option
--no-geo
skips geolocation, which is terribly costly in the current implementation. - [User] Updated DB-IP country file to Dec 2022 version.
- [User] Changed name of SQLite output format to sqlite3
- [User] It is now possible to start analysis from a sqlite3 DB generated by log_sense, breaking parsing and generation in two steps.
- [User] Check for correctness of I/O formats before launching analysis
- [User] Streak report has been renames Session. Limited the number of URLs shown in each session, to avoid buffer?/memory overflows when an IP requests a massive amount of URLs.
- [User] Added an IP-per-hour visits report.
- [Code] A rather extensive refactoring of the source code to remove code duplications and improve code structure.
- [Code] Rubocop-ped various files
- [Code] Added text renderer to DataTable, which sanitizes input and further reduces risks of XSS and log poisoning attacks
- [Code] CDN links have been ported into the Emitter module and used in the Embedded Ruby Templates (erbs). This simplifies version updates of Javascript libraries used in reports.
- [User] Updated DB-IP country file.
- [User] Added reports “Missed Pages by IP” and “Missed Resources by IP”. It can help pinpoint attack sources.
- [User] Added report “Combined Platform”, which puts together Browser, OS, and IP.
- [User] Summary now shows total size transferred.
- [User] Added link to DB-IP page for IPs in some tables.
- [User] Added count of IPs by Country.
- [User] Improved textual report: values in cells holding multiple values (e.g. IPs) are now shown in distinct lines in the cell. A new option -r limits the number of lines shown per cell.
- [Default] The number of rows initially shown in HTML reports is now 25.
- [Default] Default for number of entries in textual report is now 100 (used to be 900).
- [Fixed] The size column in HTML reports is now sorted numerically.
- [Code] Improved performances of DataTable rendering, using the dataRender flag.
- [Code] Use trim_mode in ERB to avoid empty lines in HTML output.
- [Code] Moved to the debug gem.
- [Gem] Updated email and author’s name.
- [User] Option –input-files allows to specify input files in addition to passing filenames to the command line
- [User] Minor changes to the layout of HTML reports
- [User] Add version number in reports
- [Fixed] Duplicated entries in navigation
- [Code] Updated and added minitest(s)
- [User] Present Unique Visits / day as integer
- [User] Added Country and Streaks report for rails
- [User] Changed Streak report in Apache
- [Gem] Updated DB-IP
- [Gem] Updated Bundle
- [Code] Refactored all reports, so that they are specified in the same way
- [Code] Refactor warning message in textual reports
- [Code] Build HTML menu for report specification
- [Code] Various refactoring passes on the code
- [User] New textual report for Apache
- [User] New option -w sets maximum width of URL, Path, and Description columns in textual reports
- [User] Removed option -i, since input filenames are now taken as direct arguments
- [User] Allow multiple files in input
- [Fixed] Complain if input format is not supported
- [Code] Refactoring of reports to manage better output to multiple formats
- [User] The Apache Log report now organizes page requests in four
tables:
- success on HTML pages
- success on other resources
- failures on HTML pages
- failures on other resources
- [User] Increased the default limit of pages in reports to 900
- [User] The return status in now included in the page and resources reports
- [User] The “Attack” table has been removed, since the data can be gotten from the previous tables
- [Fixed] HTML pages are those with extension “.html” and “.htm”
- [Fixed] Wrong data on summary table of the apache report has been fixed
- [Fixed] Better JavaScript escaping to avoid log poisoning
- [Fixed] Strengthened the Apache log parser
- [Gem] Moved repository to Github and fixes to gemspec
- [Code] HTML reports now generate JSON data which is shared between DataTable and Vega Light: this should reduce page size and loading time of HTML reports
- [Doc] Added screenshot and fixed some text
- [Doc] Fixes requirements on Ruby version
- [Code] Strengthened parsing of Apache Logs (added WebDav and other methods)
- [Code] Removed dependency from
apache_log-parser
and implemented our own parser for the combined format.