==OSSEC v1.4 CHANGELOG (Oct 30, 2007)==

We are pleased to announce the general availability of OSSEC version 1.4.
This version comes with lots of new features, including:

-Support for reading database logs from PostgreSQL and MySQL.
 http://www.ossec.net/wiki/index.php/SQL_Logging
-Support for storing the alerts on MySQL and PostgreSQL.
 http://www.ossec.net/wiki/index.php/Know_How:DatabaseOutput
-Support for Prelude.
 http://www.ossec.net/wiki/index.php/Know_How:PreludeOutput
-Support for SonicWall logs, HP-UX ftpd, AIX 5.3 syslog, etc.


*If updating, make sure to upgrade the ossec server FIRST before any agent.



In addition to the above changes, this release comes with the following bug
fixes and new features:


-Added new sshd rules (for the "scanned from" events).

-Added multiple PIX rules (for account and config management).

-Added support for the new Linux process scheduler (SCHED_BATCH) to
reduce CPU utilization while syscheck is running.
(By Jeff Schroeder <jeffschroed at gmail.com>)

-Fixed vpopmail decoder that was not matching on logs without
an username.
(By Steve West <stevewest15 at gmail.com>)

-Added ossec-batch-manager to manage the addition of multiple agents
at the same time.
(By Jeff Schroeder <jeffschroeder at computer.org>).

-Added support for fstack-protector on Linux systems.
(By Jeff Schroeder <jeffschroeder at computer.org>).

-Fixed Netscreen decoder.
(Thanks to Tom <bicer.tom at gmail.com> for the info).

-Added multiple Netscreen rules.

-Added full support for sending the alerts to a database (MySQL and PostgreSQL).

-Added "enable" option to ossec-control.

-Added support for SonicWall logs.
(Thanks to Peter M. Abraham <peter.abraham at dynamicnet.net> for the info).

-Added support for MySQL generic and error logs.

-Added support for PostgreSQL logs.
(Thanks to Colby W. <colbyw at gmail.com> for the information).

-Added log file monitor to alert when the file is reduced or
rotated.

-Fixed some bugs/invalid URLs and typos in the installation scripts and code.
(By Slava Semushin <slava.semushin @ gmail.com>).

-Fixed problems with the wrong format on printf's calls.
Bug: http://www.ossec.net/bugs/show_bug.cgi?id=62
(By Slava Semushin <php-coder at altlinux.org>).

-Organized the way src/dst user names are used internally on ossec.
(By Sebastien Tricaud <toady at gscore.org>).

-Added additional rules for Solaris/HP-UX ftpd.
(Thanks to Michael Starks for the logs).

-Added support for automatic reloading the authentication keys without
restarting the server.

-Fixed a few Postfix rules to deal with insufficient disk space
errors.

-Changed the way syscheckd works, by reducing the ammount of reads
on each check (new lib that does md5 + sha1 at the same time).

-Added support for Prelude.
(By Sebastien Tricaud <toady at gscore.org>).

-Added named rule to detect zone transfer errors.
(By Leonardo Goldim <goldim at intranetworks.com.br>).

-Fixed help option in the Windows UI.
(Thanks to Michael Starks for the report).

-Improvements to the Cisco IOS decoder.
(By Trey Valenta <t at trey.net>).

-Fixed syscheck decoder, which was not working with the match/regex keyword. 
(Thanks to Dustin Lenz for the help and debug info).

-Fixed Unix Pam decoder to support session closed messages.
(By Chris Abernethy <brownoxford at gmail.com>).

-Fixed SSHD decoder to parse Solaris messages properly.

-Fixed pre-decoders to support AIX 5.3 syslog.



To download the new version:
http://www.ossec.net/main/downloads


We want to thank everyone who sent comments, suggestions
or just some nice words to us! We really appreciate the 
feedback!


Daniel B. Cid (in name of the OSSEC team).
http://www.ossec.net/main/about
http://www.ossec.net/announcements/v1.4-2007-10-30.txt