1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
|
v0.9.8
* Improved matching of netfilter and ipfilter input modules.
* Added support for Cisco FWSM (PIX).
* Improved netfilter parsing.
* Fix parsing with recent flex versions.
* Compilation fixes for *BSD.
* Fixed buffer sizes for some input modules.
* Added wflogs.dtd and wfchkintegrity.
v0.9.7
* Added wfchkintegrity tool, which enables to monitor changes in the
firewalling configuration.
* Removed "\e[1K\015" which was printed in realtime mode even when non
interactive.
* Fixed a small memory leak in realtime mode.
* Optimization of line counting in realtime mode.
* Still allow interactivity when interactive and realtime modes are both
enabled and logs are being on flood.
* Changed configure options --with-wfnetobjs-includes into
--with-wfnetobjs-incdir, and --with-wfnetobjs-library into
--with-wfnetobjs-libdir.
v0.9.6
* Issue no error if one or both port numbers are null (this happens sometimes
with forged packets).
* Added new interactive command 'filter'.
* While in non-interactive real-time mode (-R only), enable to fall back into
interactive mode with signal USR1.
* Compilation fixes for gcc 3.3.
* Small parsing improvement for netfilter input module.
v0.9.5
* New real-time mode ('-R' option).
* New interactive mode ('-I' option).
* Added new configure option --with-default-logfile, enabling to specify
the builtin default logfile.
* Added display of ECE and CWR tcp flags.
* Fixed a bug which prevented snort input module from working properly (snort
module does not set any input or output interface fields).
* Fixed pix input module which works now properly with every pix version
format.
v0.9.4
* Improved detection of libwfnetobjs (required for Debian packaging).
v0.9.3
* Implemented proper copy of wf_logentries list.
* Added nohit case for line parsing (valid line, but not a logline).
* Added output module option `lines' to enable to show only the n first lines.
* Added output module option `header' to choose not to output header and
footer lines.
v0.9.2
* Added extented date matching in filter expression.
* Added obfuscator mangling module, to replace log hostnames, dates, IP
addresses, or MAC addresses by dummy values (useful for publishing log
extracts).
* Added 'format' (which was not printed until then), 'chain', and 'branch'
options to xml output module.
* Added the ability to sort by source and destination MAC addresses.
* Added support of log files with several formats mixed (syslog), so multiple
input format can now be specified.
* Fixed a bug in dynamic modules search path handling.
* Added cisco_pix, cisco_ios, and snort input modules.
v0.9.1
* Compile filter expression before log parsing.
* Compilation fix for g++-3.2.
* Fixed a bug in whois resolution.
* Added different verbosity levels, with adequate messages.
* Added 'i' (case insensitive) modifier for filter expression regexps.
v0.9.0
* Small corrections for Debian packaging.
* Added configure options --with-wfnetobjs-includes and
--with-wfnetobjs-library which enable to specify the path to the
netobjs include and library directories.
* Changed configure option --with-{debug,profiling} into
--enable-{debug,profiling}.
* Removed printf's from output modules.
* Summary mode is not systematic anymore. It is now an option of output
modules which is set to true for text, html and human modules, and false
for others.
* Added filter expression (option -f).
v0.0.5
* make install didn't install man pages (Samuel Chaboisseau).
* Added --strict-parsing option.
* Long option --input-type becomes --input-format.
* Fixed a serious bug which could make wflogs sometimes crash when compiled
without debug mode (thanks to Samuel Chaboisseau).
* Fixed a bug in ipchains output module: flags were displayed as '-' even
for non TCP protocols, and only input interface name was shown.
* Bugfix: ICMP code was not parsed in netfilter input module.
* Added support for MAC addresses (only available from netfilter logs).
* Compilation fixes for g++ v3.1.
v0.0.4
* New configuration options for output modules text and html: IP reverse
resolution can now be set to no, yes (async if supported), or sync (sync
even if async is available), and whois query can now be set to no, yes,
or ifnodns (whois query takes place only if name resolution fails).
* ifs and ifd config options for summary output modes are now one config
option: interfaces.
* Added human output module: output a human readable report in natural
language. Firewalling newcomers may like it.
* We don't display icmp code anymore in HTML mode if we don't have to (type
without code associated)
* Fixed a bug in ipchains input module: parsed interface name was always
assigned to input. Now we take chainlabel (output and forward) into account.
* Added embryo of filtering via an expression. To be continued.
* New way of configuring module options, via the command line.
v0.0.3
* Added output sort option with multiple sort criterias.
* Added ipfilter module (input and output).
* Added logentry check function.
* Log format output modules (ipchains, netfilter) improvements.
* Text output module now displays icmp correctly.
* Pre-resolving of IP addresses (for better use with future async resolution).
* Asynchronous DNS resolution available if libadns is installed: this
speeds up things greatly.
* Added XML output module (thanks to Gregoire Hubert for his help).
* Added summary mode (activated by default).
* Default file to /var/log/messages if none is given.
v0.0.2
* First public release.
|
