Changelog
v1.1.1 - 2012.05.29
- time format in logger changed.
- alert count and meta alert count performance in WUI increased.
- bug fix in thread for system/user periodic queries added.
v1.1.0 - 2012.04.17
- configure script can now prepare test build as well.
- added example Python scripts (triggers and filters) to the documentation.
- implemented ppcheck application for testing preprocessor's configuration offline.
- persistent storage's content to IDMEF dumper (pdump) is now installed, by default.
- alerts dropped by the preprocessor are no longer saved in data base.
- added workaround for missing GNU C macros when using Intel's compiler.
- added support for toolchain selection in configure script (intel and gcc).
- new preprocessor's features:
- less-than comparison
- greater-than comparison
- all relations (<,>,==) now support automatic numbers parsing to compare them as numbers, not as strings.
- rule's output formatters allowing to preprocess data from given field(s), before running comparison:
- tsProc - timestamp to data/time converter
- sub - subsrtaction
- add - addition
- mul - multiply
- div - division
- sig - signum function
- min - minumum selection
- max - maximum selection
- abs - absolute value
- ceil - round up value
- floor - round down value
- round - round to nearest integer
- mod - compute modulo arithmetic
- added more tests for external libraries, required for compilation.
- JPGraph 3.5.0b1 introduced in WUI.
- thread for system/user periodic queries added.
- alerts time series performance in WUI increased.
v1.0.10 - 2012.03.21
- remove unwanted characters fixed.
v1.0.9 - 2012.03.20
- WUI brackets fix added.
- setting names for Acarm-ng working threads added.
v1.0.8 - 2012.03.16
- input prelude bug fix for services without name added.
- additional tests for input prelude and rfcio components added.
- minor PHP style fixes in WUI added.
- default WUI time set to 1 day.
- handling execution time exceeded in WUI added.
v1.0.7 - 2012.02.13
- bugfix for restorer added.
- logging progress of restoring data base content added.
v1.0.6 - 2012.02.09
- displaying heatmap in WUI improved.
- removal of unwanted characters in input prelude.
- SQL queries for restoring Acarm-ng state simplified.
v1.0.5 - 2012.01.25
- fixed invalid selection of root meta alerts.
- installation and troubleshooting documents contains now more hints.
- fixed error when displaying images on some systems.
v1.0.4 - 2012.01.18
Minor bugfix release (backport of old bug).
- added default timezone for WUI.
v1.0.4 - 2012.01.18
Minor bugfix release (backport of old bug).
- added default timezone for WUI.
v1.0.3 - 2012.01.17
Minor bugfix release.
- assertion in new event filter fixed.
v1.0.2 - 2011.12.14
More enhancements of build and config.
- configuration file is now named 'main_config.xml'.
- libraries and applications are now automatically striped when installing release build.
- added flags for separating installation directories into different paths.
v1.0.1 - 2011.12.01
Minor bugfix release.
- fixed missing configure flags.
- added DESTDIR support to the make (for standard linux compliance).
v1.0.0 - 2011.11.21
Official, fully-featured version of ACARM-ng. This release has many improvements inside that makes it easier to write new plugins. Command line options and default start script have been provided to be more user friendly. Big change is addition of API for writing filters in Python. Also some configure-and-build improvements are present. Since new features make config file bigger, one of the improvements is possibility to include parts of the config files from other files.
- fixed unknown error issue when persistency::postgres fails to connect.
- more descriptive console error messages added.
- fixed non-updating copy of some elements when performing 'make install'.
- added command line arguments, like automatic daemonizing, dropping privileges, etc...
- config file inclusion added.
- data base creation scripts are now automatically installed when 'make install' is run.
- added pseudo-collection of all leafs to meta-alert's tree element, when accessed with string facade.
- added severity and certainty as a meta-alert's tree element, when accessed with string facade.
- algorithms dedicated for use in C++ are now more robust: - const and non-const versions are supported. - smart and raw pointers are supported as arguments.
- comparisons with regular expressions in preprocessor rules.
- support for SnortSam firewall reconfiguration tool (as a trigger).
- fixed compatibility issue with postgres 9.1 and previous releases.
- fixed condition for warning on data abse cleanup taking too long.
- added preprocessors for triggers.
- added heartbeats for external service (dshiled), when using ipblacklist filter.
- unified string-access between preprocessor and Python API - the same syntax is used now (except for the collections).
- Python interface for writing filters has been created.
v0.3.3 - 2011.11.07
Minor bugfix release.
- fixed timezone in WUI, when DB server is not configured in UTC.
v0.3.2 - 2011.09.21
Minor bugfix release.
- fixed "path too long" bug in string-access facade.
v0.3.1 - 2011.09.07
Minor bugfix release.
- fixed dependency issue - release code does not include test headers.
- fixed compilation with icc (intel toolchain) on hosts with machine-dependent includes in /usr/include/<machine> implicit directory.
v0.3.0 - 2011.08.31
Third major release. Most important changes are automatic tests for used elements while running ./configure, integration with Python (currently triggers can be written as a Python scripts), miscellaneous WUI updates and heartbeats.
- Python interface for writing triggers has been created.
- added support for Python scripts (via Persistency::Facades::StrAccess and PythonAPI interfaces).
- Prado 3.1.9 introduced for WUI.
- added tests to configure script - now each requirement is tested, before delivery.
- clean-up in project's root directory.
- added heartbeats visualization to WUI.
- added logs of all actions in WUI (browsable via WUI).
v0.2.1 - 2011.06.07
Bugfix release.
- data base version string fix.
v0.2.0 - 2011.05.30
Second major release, including new filters, intel toolchain support, simplified installer from sources, API updates and more.
- separation of types representing processors' name and type (API update).
- fixed invalid handling of ECL in processors (aka: many-to-many ECL bug).
- documentation updates.
- simplified autotools-like compile and installation wrapper.
- new version of build process.
- added dedicated thread for signals handling (ensures no dead locks are possible when sending signals).
- main branch is now publicly available.
- filters:
- new event
- users monitor
- content similarity
- icc support (intel toolchain).
v0.1.2 - 2011.05.31
Bugfix release.
- fixed build for new version of libpqxx.
v0.1.1 - 2011.04.13
Bugfix release.
- fixed issue with same-name filter not appending to correlated entry.
v0.1.0 - 2011.02.14
First version of ACARM-ng has been finally released.
- WUI (Web User Interface) for data visualization
- All elements loadable as plugins
- Preprocessor for rejecting unwanted alerts
- gcc support
- Multi-threaded processing
- First version of framework (API)
- Common algorithms for (meta-)alerts processing
- Flexible notification with triggers
- Flexible correlation and processing with filters
- Flexible data collection with inputs
- Flexible data storage with persistency modules
- Logging to:
- file
- screen
- syslog
- null (discards logs)
- Removal of debug logs in release mode
- filters:
- one to one
- many to one
- one to many
- many to many
- event chain
- DNS resolver
- IP blacklist
- same name
- inputs:
- prelude
- file (IDMEF)
- triggers:
- gadu-gadu
- jabber
- file output (IDMEF)
- external application
- persistency modules:
- postgres
- stub (no persistent storage)
- application to dump alerts from persistent storage
- WUI options:
- access to alerts
- access to correlated alerts (aka: meta-alerts)
- access to analyzers
- heat map
- alerts count in time plot
- meta alerts count in time plot
- alerts types plot
- alerts severities plot