OSSEC version 0.9-3 (0.9 update 3) is available. Caveats: * Make sure to fully stop ossec before updating. * Make sure to update your server before any agent. * You don't need to have the 0.9 (or 0.9-1) installed to use it. It has the following new features and fixes: -Added support for Windows firewall logs (Thanks Joe Dance for the help). -Improved pix rules (thanks Jerome Tytgat ). -More named rules. -Fixed description with typos. (thanks Gerardin Philippe ). -Fixed command line options for list_agent (thanks Patrick Roelke for the patch). -Changed logcollector behavior for checking file rotation (comparing inode of the open fd with the real file name). -Changed logcollector behavior for checking if the file has more data. We are now forcing an fgetc and looking for EOF (old method using stats was broken on some Windows versions). -Fixed problem with Endianess on some platforms (specially Linux sparc). Thanks to Charlie (gentuxx) for the information and testing. -Fixed rotation issue for log files with a variable name. (Thanks |SaMaN| for the report). -Windows agent should not exit if syscheck is disabled. (Thanks |SaMaN| for the report). -Fixed alert level on e-mail messages (bug http://www.ossec.net/bugs/show_bug.cgi?id=31). -Added more modsecurity rules. -Added support for HP-UX (Thanks Nick Baronian for testing). -Added support for Microsoft FTP logs (Thanks Rick McClinton for logs and testing). -Added support for Microsoft Exchange logs (IIS SMTP) (Thanks Dennis Borkhus-Veto for the logs). -More rules for sendmail (rejected due to pre-greeting). (thanks Jerome Tytgat ). To download the new version: http://www.ossec.net/en/downloads.html Thanks for all the contributors! Daniel B. Cid (in name of the OSSEC team). http://www.ossec.net/en/about.html#dev-team http://www.ossec.net/announcements/v09-3-2006-10-20.txt