OSDN -- Develop and Download Open Source Software

RSS
Download List

Project Description

Prelude-LML is a signature-based log analyzer monitoring your log file and received syslog messages for suspicious activity. It handle events generated by a large set of components, including but not limited to: APC Emu, BigIP, Cisco PIX, Clamav, Dell-OM, Grsecurity, Honeyd, ipchains, Netfilter, ipfw, Nokia ipso, Apache ModSecurity, Ms-SQL, Nagios, Norton Antivirus Corporate Edition, NTsyslog, Pam, Portsentry, Postfix, Proftpd, SSH, and others. It is part of Prelude, a hybrid Intrusion Detection framework implementing an open communication layer for use by any security application.

System Requirements

System requirement is not defined
Information regarding Project Releases and Project Resources. Note that the information here is a quote from Freecode.com page, and the downloads themselves may not be hosted on OSDN.

2008-10-17 23:46
0.9.14

This release fixes a possible permission error
that could happen
when a given logfile was only accessible through a
group-specific
permission. The ModSecurity ruleset now provides
much more descriptive
classification text, adds regexps for [file ..],
[line ...], and [tag
...] fields, and finetunes targets/types.
Gamin/FAM support has been
deprecated in favor of libev, fixing an SELinux
issue. The polling
architecture has been improved by using an
operating system-specific
backend when possible. This release monitors files
that are not
immediately available for reading on startup. Once
the file can be
monitored, libev provides notification.
Tags: Major feature enhancements

2008-08-22 02:23
0.9.13

A ModSecurity ruleset rewrite that handles the ModSecurity 2.0 log format. New rulesets for FreeBSD su attempts. An additional format in the default configuration to deal with the Apache error_log file format. Some classification has been normalized: Remote Login and Credentials Change have been introduced. The SSH ruleset has been improved. Automated regression tests on make check.
Tags: Major feature enhancements

2008-04-23 21:46
0.9.12

This release removes the successful/failure keyword from classification (use IDMEF completion). Analyzer class sanitization. Handles Nagios V2 log entry. Incorrect AdditionalData assignment in the SpamAssassin ruleset has been fixed. There is a new Suhosin ruleset. An invalid log file inconsistency alert that could be triggered in a rare case after a renaming detection has been fixed. The 1024 bytes per PCRE reference limit has been removed. There are minor bugfixes and build system cleanup.
Tags: Major feature enhancements

2007-12-17 18:12
0.9.11

Asterisk, Honeytrap, Kojoney, and Rishi support
were added. A performance regression due to the
introduction of OpenHostAPD (double LML
performance) was fixed. Ntsyslog and Linux bonding
rulesets were improved. A new "metadata" command
line option was added, allowing you to monitor log
files from the "head", "tail", or "last" analyzed
position. The LML logging format was improved.
Tags: Major feature enhancements

2007-08-08 19:33
0.9.10.1

SSH rules are now IPv6 compliant, allowing you to merge old IPv6 only rules with IPv4 rules. Incorrect target user assignment has been fixed in SSH rule, as well as incorrect PCRE reference in assessment.impact.description. CISCO router acl lists can now use names instead of numbers (this made rule id=500 in cisco-router.rules fail to alert on packet denys on newer cisco devices). Apache formatting when Apache logname or user is set has been fixed, as has invalid user.user_id(0).name assignment in SSH rule 1913. Various other bugfixes and minor improvements were also made.
Tags: Minor bugfixes

Project Resources

Project Page Download: Bugtracker Download: CVS Download: Changelog Home Page Download: List Download: TGZ