This repository has been archived on 2025-02-12. You can view files and clone it, but cannot push or open issues or pull requests.
CLF/html/ChangeLog.txt

446 lines
20 KiB
Text
Raw Permalink Normal View History

2004-09-10 11:31:11 +00:00
$Id$
Feature Request:
Bugs:
1. Change code to allow for tailing spaces when looking at the expression field
3/10/2004
- Removing any reference to company name
3/9/2004
- Changed out company logo
- Added GPL notice to all libraries
1/21/2004
- Found a bug where a host would email off an alert with no text. I've put a stop gap fix in.
1/13/2004
- Fixed bug with msyslog.pgsql where SET STORAGE didn't have a space before it.
- Fixed bug where hour in time of rules would default to 18:00 for no good reason
- Fixed two problems with cloning rules: 1) order was not preserved 2) an imported version of the database couldn't clone because fields that were empty needed to have non-null defaults applied
- Forgot to merge in latest VPN reports
1/6/2004
- Added 'left menu' support for ACID and MRTG groups in security framework should the ever be added 8)
1/6/2004
- Added 'left menu' support for ACID and MRTG groups in security framework should the ever be added 8)
1/1/2004
- Fixed spelling error in with the word 'threshold' in the rules schema
- Fixed a bug in vacuumdb where it was 'ANALYZ' not 'ANALYZE'
12/19/2003
- Updated code to look into /opt/apache
12/10/2003
- Updated database to schema to not use compressed text fields(we'll see how this performs)
- working on adding interfaces to more lock data and other new stats with PostgreSQL V7.4
- cleaned up some button descriptions on the maintenance page, also added a lock view as well as a settings view
12/9/2003
- Finished rule.php support for basic timer maintenance. Need to add another page to graft timers onto rules.
- processlogs.php is now setup to support rule timers
- need to write rule expiration process
- started converting away from compressed text in hopes of providing faster data retrieval.... also pulled OIDs from DB definition
12/8/2003
- Adding support for date and time based rules with date ranges, day of week selections, as well as deleted rules, need to add interface to control rule timestamp properties
12/7/2003
- finished adding accumulation thresholds
12/3/2003
- adding support for both types of thresholds. Need to update web pages to reflect new radio buttons.
- added web configuration support for supression thresholds and accumulating thresholds, now onto updating the log processor
- basic supression works(kinda), need to verify functionality
12/2/2003
- customer profiles can now have multiple hosts added at once.
- fixed a stupid bug where <prev|refresh|next> didn't behave right. next would stop working if you started at oct-26-2003 and it would stay on oct-26-2003
- Added web-based framework and database schema to support alert supression thresholds
12/1/2003
- Updated processlogs.php code to better deal with single entry/no rules vs mutliple rules
11/19/2003
- Updated mail table to enforce unique login ids(effectively stopping two processes from running at the same time, one will crash and die(safely))
- Updated openmail and closeopenmail to use transaction support since PostgreSQL no longer does server-side auto-commit(ie. convert everything to transactions)
- Transaction support should now be officially added, will do some testing
11/18/2003
- Updating program for support with PostGreSQL V7.4
- Fixed host process table to reflect the fact that multiple hosts are in there by default
10/13/2003
- Added alert total to bottom of alert aggregation
10/6/2003
- finished support for alert aggregation
- updated 1stview to pull the current time and date
- fixed host.php bug where you could expire syslogs but not be forced to expire syslogs
10/5/2003
- still adding support for alert aggregation. Basic aggregation works plus alert zooming but need to add support for across the board for other alert queries
10/3/2003
- added ability to un/suspend log processors from the web interface
- updated maintenance to rebuild all indexes in an better manner(ie. grab the index list from the DB rather then by hand)
- added additional framework to do alert aggregation interface. Need to add 'aggregation code' for display
9/24/2003
- weeklyindexrebuild.php now pulls all indexes from the system and rebuilds them. The result is that the system will now rebuild any new indexes without manual reconfiguration.
9/15/2003
- launchid was not initiated correctly in the clonerule.
9/2/2003
- Fixed a bug where '\'s at the end of a line caused problems because we were not properly dealing with them in general. Fixed that.
8/23/2003
- Created another bug when fixing 5000 line paging. Timestamp was thrown off in view.php
8/18/2003
- Syncing changes from production smt environment: vacuumtsyslog.php
- Updated weeklyindexrebuild.php to account for the correct indexes
- Updated maint.php to account for the three new indexes for the launch program section
8/13/2003
- view.php has had several updates. Paging should now be fixed. Multiple searches appeared not to be working correctly.
- Needed to add lastid as hidden var if the variable was set
- Needed to use urlencode on top of htmlspecialcharacters, filters were broken because of it
8/11/2003
- 1stfilter.php doesn't list 'global' filters that you down own
- modified view.php to not let the user save a filter with no description
- added support to delete all of a user's filters(ie. do before delete)
- another problem popped up with filter.php when I added the delete user filter option
8/1/2003
- processlogs.php now supports launching external programs!
7/31/2003
- Updated vacuumdb.php to do a full vacuum of the TSyslog table. Why? Because the system doesn't reclaim disk space or use old delete space for some reason
- Almost finished adding launch program code, need to test.
7/27/2003
- Added weeklyindexrebuild.php which rebuilds all indexes at 5am Sunday morning
7/23/2003
- Continue the programming of the 'launch' ability into the system. Will need to touch code for clearing stale processors
- Adding another maintenance option for viewing the log volume breakout of every host in the Syslog_TArchive table
- Just shoot me: I have added reindexing support to the maintenance page. I have also updated vacuumdb to reindex before the vacuum
- Updating maintenance displays to show what the object types are, views, tables, etc..
- Can now reindex the all of the SMT-related/created indexes from the maintenance page
7/22/2003
- Updating software to include a basic maintenance page
- Create script to do 'vacuum analyze TSyslog', the system will attempt to vacuum every hour
- Added maintenance section to allow for web-based manual db vacuum
- Cleaned up maintance page to do 'analyze'.
- Adjusted 'hourly' script to analyze, not vacuum
7/21/2003
- Updated processor.php to allow clearing of stale processors via the web browser
- Updated processlogs.php to update processed ID's via the same delete transaction
- processlogs.php no longer can clear stale processes, it now issues alerts in the event the system is taking longer than an hour between runs
- 1stequiptype.php did not properly exit if user did not have permissions 8(
- Found a bug in the BottomQuery portion of the distinction section for view.php. It was requesting entries from TSyslog, not tarchive. 8(
- Basic launch administration is finished. Need to extend rules to support launching.
- Updated rule.php to allow for the launch field.
- Fixed a problem where using premade rules only pulled the description + expression. Updated to pull severity, facility, rule-or-level, and launchid
7/20/2003
- Found BIG BUG with how the system pulls syslogs. It turns out that some systems are able to force SMT to think it is learning data @ 1/1/2003. In any case, the system is inserting records but it is not accounting for them. It was alerting but not deleting them. 8( I fixed it.
- I also fixed how the system calculates timeframes.
- Added new index to TSyslog for host & TSyslog_ID to hopefully allow for faster searching
7/16/2003
- processlogs.php is more vocal about cleanup
- changed page access so the system checks to see if the client connection is coming on a port < 443, if so then error
- there was a bug with view.php asking for BottomTopQuery instead of BottomQuery. Fixed
7/9/2003
- processlogs.php wasn't queueing to 64K before migrating logs over. The system now dumps out debug output for every 64K block
7/8/2003
- alert.php now adjusted to join both tables
- Found an issue with hosts.php where deleting a host deleted syslogs but not alerts related to those logs. Fixed that problem. 8)
- Processlogs.php is alsmost finished. 8)
- processlogs.php is done. Time to load another build onto dangermen.com!
- Fixed expirelogs.php to expire off of the archive table, nightlyroguecheck also checks both tables
7/7/2003
- Will be working to have TSyslog archive logs to a different table after processing. The result should be a giant speed up! Starting after 0.212
- Created an archive table. view.php now pulls from the archive table & current table
- alert.php needs to be adjusted.
- processlogs.php needs to push from one table to another
- Initial results are very positive
6/13/2003
- Found a but where host.php doesn't delete a processor association for a host that has been deleted. 8(
3/31/2003
- Fixed a bug in processlogs.php where it was submitting emails w/ subject using $host instead of $loghost
3/20/2003
- Finished adding 'per host' rate alerting
- Cleaned up rate-warning emails include the hostname in the subject line of the email
- Updated processor.php to only list those hosts where that have not been assigned. 8)
- We don't just make the syslog product you buy, we make the syslog product you buy better!
3/19/2003
- Found a bug in view.php where saving filters was not saving 'facility & severity' rules
- Update to pgsql.msyslog table to re-include premade hosts for SMT
- Modifed customer.php to allow setting 'edit' attribute on a per-host basis
- Added support for users to edit rules assuming they have 'permission' to do so. 8)
- Broke user cloning, forgot to adjust for destination user as well as new attributes, all fixed
- Added individual host log rate warnings, added per host rate warnings to host.php, need to do processlogs.php
2/21/2003
- Updated view.php as it was not having difficulties marking lines in red when multiple matches would be happening
2/3/2003
- Finished basic function comments in pix.php, should probably rename the library
1/27/2003
- Fixed a problem with numberofmonth where it was not going up to December.
1/14/2003
- Updated processlogs to be a little more carefull about 'divide by zero' errors when calculating speed numbers
- Updated vacuumdb script to vacuumdb the securityframework instance as well as SMT.
1/13/2003
- Included default host 'localhost' with one rule that responds to root@localhost
1/12/2003
- Made sure smt will work with mod_auth_pgsql
12/4/2002
- addmail function was missing a appostrophe protection for SQL insertion
- Took out a debug message in the clonedenial rules section
11/26/2002
- Removed dropdenials as I already had dropdenial. dropdenails was referenced in rule.php
- Adding lots of comments, need to finish this task
10/23/2002
- vacuumdb now does the vacuum inside PHP as cleanpgsqlnightly isn't working quite right.
10/1/2002
- emails issued by processlogs now append the name of the box for which the alert belongs
- the alert page now has a 'refresh' option
- discovered another bug in alert.php where viewing alerts by host doesn't work anymore 8(
- making alerts available to customers, that was the problem.
- alerts should now be viewable by users
9/29/2002
- Pulled some debugging code
- Made more premade rule adjustments
9/23/2002
- still working on the reporting engine
9/20/2002
- expire.php, archive.php, nightlyroguecheck.php, processlogs.php all use php-cli mode 8)
- working on reports to breakdown data procesing into smaller chunks
9/2/2002
- Finished first report: cisco-pix-bandwidthbreakdown.php
- Updated nightlyroguecheck.php to check logs from the last day to now
9/1/2002
- More work on the reporting framework
8/31/2002
- Begin adding support for pix utilization reports
8/30/2002
- Updated database indexes to have cencatenated index for TSyslog on host,date, & time
- Updated the customer view so that the filter type wasn't a text box but hidden as it should be.
8/28/2002
- Fixed yet another bug with the customer view where hostdropdown where logincanseehost as we were passing it host instead of hostid
8/28/2002
- Fixed a bug with SMT w/ view.php and filters using facility & severity, the code even mentioned it was broken
8/27/2002
- Missing a bunch of indexes on alerts & syslogs, we want indexs for time and date
8/26/2002
- Updated processlogs to provide more details about time frames
8/24/2002
- Fixed a problem with the premade rules not correctly saving the rule type.
8/23/2002
- Fixed a problem with using facility & severity and not matching rules correctly in both view.php & processlogs.php
- Added hostname as part of subject line in SMT report
- Found more problems with facility & severity with view, appears processlogs.php is also flawed
- Okay, so major fixes were made to processlogs.php and to view to finish up proper support for facility and severity
8/22/2002
- Took out an 'Expression:' debug statement
- Did some adjustment to the time stamping of 'processlogs.php'
8/13/2002
- Added support for 's and \'s in the filtering code
- Premade rules now supports 's and \'s. Also fixed new problems with rules page. Filters appears good as well
- Started updating premade hosts for cloning
- Pixes, LocalDirectors, CatOS Switches, and IOS Routers are now ready for cloning
- IOS Switches and VPN devices remain
8/12/2002
- Took out all of the premade rules from the Syslog_TPremade as they were overkill and unnecessary
8/10/2002
- Updated rule.php & processlogs.php to correctly support \'s & "'"s
8/8/2002
- nightlyroguecheck had a few bugs, fixed
- view.php was missing an AND for viewing syslogs for hosts assigned to a customer
8/5/2002
- Added pagma no-cache and 300 second refresh to alert.php
- Displays time & date of last syslog message when query generates logs > 5000 alerts, provides info in relation to query timeframe
7/28/2002
- Added the ability to view the next 5000 lines should someone want to.
7/26/2002
- added the ability to administer equipment types
- Fixed bug with emails where there wasn't an \r issues with each \n
- Fixed bug where emails contained HTML color codes
- ViewSaves would enable after anyone saved a syslog entry. Now it only enables after the logged in user saves something
7/24/2002
- There was an issue with filterid not being set correctly so filter.php could not properly tell between an add and a modfiy
- Added navigation buttons to alerts page
- Cloning of rules only appears if there is more than one host
- Delete page slimmed down to only allow optional deletion of syslog messages
- Saved results page displays error if there are no saved syslogs in the savedata table
- Changed version number to V0.99.20B
- SecurityFramework while a separate package has been sufficiently integrated into SMT
7/23/2002
- Filters are broken in that setting filters to facility & severity only 'includes' regardless of setting
- Fixed problem with filters, they were 'half implemented'
7/21/2002
- All users of the appropriate security level will see the saved syslog option
- Had to change Filter Type: Rule, etc...
7/15/2002
- Changed 'Rule Type: Rule, Log Level, and Both' to 'expression, facility + severity, and expression, facility & severity"
- Added scripts directory w/ expire, processlogs, and a /tmp debug tool
- Fixed renaming so that only syslogs may be renamed. 8)
- Added nightlyroguecheck script to call the nightlyroguecheck.php script(checks for hosts who log but aren't defined)
- I though "Multiple filter expressions appear to be broken when viewing syslogs", I was wrong.
- Fixed 'color' problem with alert.php
7/10/2002
- Adjusted pgsql.msyslog so we do not use 'char' but 'varchar'
5/29/2002
- Still working on processlogs.php to update processed ids for those hosts w/ no rules
- View.php line 321 appears to have issues
5/28/2002
- began work on processlogs.php to cover those hosts who are assigned to a processor but have no rules assigned.
- customer.php and processor.php now check for duplicates/single assignments as appropriate
5/12/2002
- processlogs.php is finished(in terms of configuration)
5/11/2002
- Started working on processlogs.php
5/10/2002
- expire.php was only written to support a single expiration time and not a time per host.
5/9/2002
- view.php updated to start supporting thost_id
5/8/2002
- 1sthost.php and hosts.php should be converted to support thost_id
- 1stcustomer.php and customer.php should be converted to support thost_id
- 1stprocessor.php and processor.php should be converted to support thost_id
5/7/2002
- Started working on converting the system from using _host as a key to THost_ID
4/11/2002
- Fixed 1stcustomer.php as the form did not 'close' for either form
- Fixed alert.php color coding
- I had to install 'distinct on' in the SQL log selection as some log entries appeared more than once.
4/4/2002
- Added code to fix duplicate entries in emails
- Changed version to V0.99.01B
3/18/2002
- Log data is color coded
- A new version of processlogs.php is out w/ debug msgs in it. Working good on Harley.
- Took debug out of 'saving syslogs'.
- Save Syslogs now supports using "'" 8( Much work left to do w/ 's
- Can now view data by 'user and host type'
- Started work on deleting hosts from the system and accounting for host rules
- adding a host no longer shows the 'renaming fields'
2/24/2002
- Hosts menu allows synchronizing other tables when renaming hosts
- Fixed paging
2/22/2002
- Denial chains are complete. 8)
2/19/2002
- working on processlogsnew.php which cache's host rules & denial rules at the beginning to minimize DB access
2/18/2002
- Updated pages to announce how long they took to process
- Clone rules broken, sequence not working
- Fixed cloned rules as they were calling for the premade sequence number not the rule sequence number
2/17/2002
- Final support included for priority & severity
- Created archive, supports dumping data to std out for bzip2 8)
- Denial chain support added to system, processlogs.php all that remains
2/16/2002
- View, Alerts, and View Saves all use colors to convey severity
- Filters support severity
2/15/2002
- Changed named to Syslog Management Tool(for now)
- Viewer now supports filters using facility and severity
2/13/2002
- Updated view to look like a Berbee product. 8)
2/12/2002
- Made some progress on using filters w/ facilty & severity. Very buggy
2/11/2002
- View logs produces repeates... think unnecessary Syslog_TRules invovled.
- Process logs was a bit messaged up, the old delvierymessage variable instead of deliverymessage
- Per host/per person email now works
- Added code to msyslog to support writing facility & severity to the log messages
- Working on scheme where rules & filters can be filter/rules,filter/rules & log levels, or just log levels
2/10/2002
- Can now clone customer accounts
- Added stale processor auto-cleaning code so the system will clean up 'old processors' after 30 minutes
- System sends an alert email if the system recieves some 3000+ log entries in a given sample.
- Nightly system issues emails notifying for hosts who are logging to the system but are not defined as hosts in the system
2/9/2002
- Updated code to use PGSQL V7.2 8) Can you say bigserial, no table lock vacuum, and much more? 8)
- Looking into using the transaction interface.
- host properties isn't properly keeping the alert log expiration time <= syslog expiration time
- View host had a issue with 'view data from last five minutes'
- View Saves had the group context wrong, denying access to the page if the group >= 2(ie noc or better)
- Filter administration is should be finished