Prelude-LML is a signature-based log analyzer monitoring your log file and received syslog messages for suspicious activity. It handle events generated by a large set of components, including but not limited to: APC Emu, BigIP, Cisco PIX, Clamav, Dell-OM, Grsecurity, Honeyd, ipchains, Netfilter, ipfw, Nokia ipso, Apache ModSecurity, Ms-SQL, Nagios, Norton Antivirus Corporate Edition, NTsyslog, Pam, Portsentry, Postfix, Proftpd, SSH, and others. It is part of Prelude, a hybrid Intrusion Detection framework implementing an open communication layer for use by any security application.
License: GNU General Public License (GPL)
Changes:
This release removes the successful/failure keyword from classification (use IDMEF completion). Analyzer class sanitization. Handles Nagios V2 log entry. Incorrect AdditionalData assignment in the SpamAssassin ruleset has been fixed. There is a new Suhosin ruleset. An invalid log file inconsistency alert that could be triggered in a rare case after a renaming detection has been fixed. The 1024 bytes per PCRE reference limit has been removed. There are minor bugfixes and build system cleanup.
