* 2007-10-18, prewikka-0.9.13: - Only perform additional database request when using Sensor localtime: this bring a performance improvement of about 36% on aggregated query, when using either frontend localtime (the default), or UTC time. - JQuery support: Port most of the javascript code to make use of JQuery. Add show/hide effect to CSS popup. More filtering functionality in the SensorListing view. - Cleanup the Authentication class, so that uper Prewikka layer can act depending whether the backend support user creation / deletion. Anonymous authentication is nowa plugin. - Better integration of CGI authentication allowing user listing and deletion. - Report template exception directly to the user. - Fix exception if an alert analyzer name is empty. - Fix problem when adding new Prewikka users (#262). - Fix exception when user has no permission set. - When changing password, we didn't try to match an empty 'current password' (which is a minor issue since the user is already authenticated). Thanks to Helmut Azbest for the fix. - Fix a typo making mod_python use the parent method (patch from Helmut Azbest ). - In the configuration file, recognize section even if there are whitespace at the beginning of the line. - Localization fixes, by Sebastien Tricaud , and Bjoern Weiland. * 2007-08-02, prewikka-0.9.12.1: - Fix a template compilation problem with certain version of Cheetah (Giandomenico De Tullio ) * 2007-08-01, prewikka-0.9.12: - Implement an Auto-Refresh system (fix #231). (including code from Paul Robert Marino ). - Ability to filter on missing/offline/online/unknown agents. Make more easier to read each agent status in collapsed mode. - Fix filter load/save/delete issue with translation. - New 'My account' tabs, under the Settings section (fix #241). - New messageid and analyzerid parameters, allowing link to a Prewikka alert from an external tool (previously required a database query in order to retrieve the database event id). - Don't redirect to user listing once an user preference are recorded. Fix changing of another user language by an user with PERM_USER_MANAGEMENT. Display target user language rather than current user language. - Improve the timeline control table layout. - Fix translation of string possibly using plural. * 2007-06-11, prewikka-0.9.11.4: - Fix PostgreSQL user deletion error. * 2007-05-29, prewikka-0.9.11.3: - Fix database schema version. * 2007-05-26, prewikka-0.9.11.2: - In case a database schema upgrade is required, or the Prewikka database does not exist, make the error available from the Prewikka console, rather than exiting badly (which previously required the user to parse its web server log in order to find out the problem). * 2007-05-25, prewikka-0.9.11.1: - Fix Apache CGI authentication. (Robin Gruyters) - Fix incorrect locale switch when accessing certain pages. * 2007-05-21, prewikka-0.9.11: - Prewikka has been internationalized: user might choose the language used in their settings tabs. Additionally, you might specify a default locale using the "default_locale" configuration keyword. - Brazilian Portuguese translation, by Edelberto Franco Silva. - French translation, by Sebastien Tricaud . - German translation, by Bjoern Weiland . - Russian translation, by Valentin Bogdanov . - Spanish translation, by Carlo G. AƱez M. . - New powerfull and scalable agent view, grouping agent together by Location and Node. - In the Alert/Heartbeat summary view, number analyzers backward so that it reflect the ordering in the analyzer list. - Improved support for resizing menu. - Fix a konqueror rendering bug with the inline filter. - Various bug fixes. * 2007-04-05, prewikka-0.9.10: - Don't show all source and target when they reach a predefined limit, instead provide an expansion link. - Add two new view in the Events section: CorrelationAlert and ToolAlert. - Ability to filter and aggregate on all IDMEF path. If the filtered path is an enumeration, automatically provide the list of possible value. - Add a combo box for the user to choose which criteria operator to use. - Provide an enumeration filter for the type of alert (Alert, CorrelationAlert, ToolAlert, OverflowAlert). - Prewikka can now aggregate by analyzer. - When a session expire and the user login, the user is redirected to the page he attempted to access when the session expired. - When an error occur, the default Prewikka layout is now preserved. - Correct handling of empty value for hash key generation. Fix #204. - Use new libpreludedb function that return the results as well as the number of results. This avoid using COUNT() in some places (namely, this speedup non aggregated view by ~50%). - Avoid iterating the list of database result more than needed. - Support IDMEF Action, SNMPService, and WebService class. - Improved support for small screen resolution. * 2007-02-06, prewikka-0.9.9: - Improve database performance by reducing the number of query. (Paul Robert Marino) - Activate CleanOutput filtering (lot of escaping fixes). - More action logging. - Bug fixes with the error pages Back/Retry buttons. - Fix error on group by user (#191). - Fix template compilation error with Cheetah version 2 (#184). * 2006-11-23, prewikka-0.9.8: - Save/load user configuration when using CGI authentication mode (#181). - Show Prewikka version in the About page (#177). - Use Python logging facility (available backend: stderr, file, smtp, syslog), multiple simultaneous handler supported (#113). - Fix anonymous authentication. - Fix external process going into zombie state (#178). - Fix sqlite schema (#180). - Display correct alertident for invalid CorrelationAlert analyzerid/messageid pair. - prewikka-httpd should now log the source address. - Thread safety fixes. * 2006-08-18, prewikka-0.9.7.1: - Fix filter interface bug introduced in 0.9.7. - Improved error reporting on filter creation. - Rename command configuration section to host_commands. * 2006-08-16, prewikka-0.9.7: - Use preludedb_delete_(alert|heartbeat)_from_list(). Require libpreludedb 0.9.9. Provide a deletion performance improvement of around 3000%. - Handle multiple listed source/target properly. Separate source/target in the message listing. - Make host command/Information link available from the Sensor listing. - Always take care of the "external_link_new_window" configuration parameter. - Make external command handling more generic. Allow to specify command line arguments. - Allow to define unlimited number of external commands rather than only a defined subset (fix #134). - Avoid toggling several popup at once in the HeartbeatListing. - Only provide lookup capability for known network address type (fix #76). - New address and node name lookup provided through prelude-ids.com service. - Link to new prelude-ids.com port lookup instead of broken portsdb database (fix #162). - Various bug fixes. * 2006-07-27, prewikka-0.9.6: - CGI authentication module, from Tilman Baumann . - Correct libpreludedb runtime version check. - Show multiple source/target in message listing/summary. - Fix invalid use of socket.inet_ntoa() to read ICMP Gateway Address, which is stored as string (#156). - Fix aggregation on IDMEF-Path that are not string. - Fix setup.py --root option (#166). * 2006-05-04, prewikka-0.9.5: - Fix 'Filter on Target' link (fix #148). - Fix alert summary exception with alert including file permission (fix #149). - Fix creation of an empty __init__.py file in lib/site-packages (#147). - Print currently installed version on libpreludedb requirement error. - Make sure /usr/bin/env is expanded. * 2006-04-13, prewikka-0.9.4: - Intelligent display for CorrelationAlert. Include correlated alert information in the alert listing. - Intelligent printing of Network centric information. - Fix Cheetah compilation for the heartbeat page. - Correct handling of AdditionalData containing an integer 0. - Handle ignore_atomic_event AdditionalData key (used by CorrelationAlert to hide linked-in alert). - Fix aggregation when done simultaneously on multiple fields. - Aggregation on fields other than "address" was not working well. * 2005-01-10, prewikka-0.9.3: - Distribute SQLite schema. - Fix exception in the heartbeat analysis view when the heartbeat_count or heartbeat_error_margin settings are explicitly set (#124). - Fix Cheetah 1.0 heartbeat listing exception (#119). - Open external link in new windows by default. Add a configuration option to disable opening external link in new window (#61). - Provide the ability to specify the configuration file that Prewikka use (#117). - Sanitize the limit parameter in case the input value is not correct instead of triggering an exception (#118). - Handle the preludeDB "file" setting (for use with SQLite like database). - Fix filter saving issue in the heartbeat listing. - Fix unlimited timeline option in heartbeat listing. - Various bug fixes. * 2005-12-07, prewikka-0.9.2: - Correct Analyzer path when unwiding aggregated alert. - Add an "Unlimited" timeline option. - Fix classification escaping problem that could lead to empty listing when unwiding alert with classification text containing backslash. - Don't print un-necessary separator when the protocol field is empty in the alert listing. - Improve Correlation Alert display. Allow focus both on the Correlation Alert summary and on the correlated alert listing. - Don't propagate the "save" parameter, so that the user don't end up saving settings without knowing about it. * 2005-11-30, prewikka-0.9.1: - Resolve the protocol number from the message summary view. - Separate port and protocol value, so that we don't end up linking the protocol to portdb if there is no port. - Ability to setup IDMEF filter using iana_protocol_name and iana_protocol_number. - Sanitize timeline years value on system which does not support time exceeding 2^31-1. Fix #104. - Mark CorrelationAlert explicitly in the AlertListing. - Make inline filter mark more visible. - Ability for the user to save settings for the current view. - New --address and --port option to prewikka-httpd. - Fix a bug where clicking the IP address popup would cause Firefox to go back to the top of the page. Fix #112. - Don't hardcode path to /usr/bin/python, but resort to /usr/bin/env to find it. * 2005-09-20, prewikka-0.9.0: - 0.9.0 final. - Minor rendering fix. - Handle service.iana_protocol_name / service.iana_protocol_number as well as service.protocol. * 2005-09-05, prewikka-0.9.0-rc12: - Correct Konqueror rendering. - Minor bugfix with timeline selection. - Minor UI tweak. * 2005-08-25, prewikka-0.9.0-rc11: - The Summary view now support showing CorrelationAlert. - Avoid mangling URL query string on form input. - Handle possibly null AdditionalData properly. - Don't default to 'low' severity. - Allow the user to set analyzerID inline filter. - Make sure we keep aggregation in per analyzer view. - Keep inline filter object sorted, and merge them if there are duplicate. - When the same object is specified more than once, OR both. - Various cleanup, bugfix. * 2005-08-17, prewikka-0.9.0-rc10: - Allow configuration entry without space after the ':' separator. - More operator (case insensitive operator, regex operator). - Show target file in the message listing. - Much more information in the alert summary view. Especially useful for users of integrity checker. * 2005-08-02, prewikka-0.9.0-rc9: - New experimental mod_python handler. - Use the same template for user creation as for user modification. The interface is much cleaner, and more consistant. - Fix Invalid parameters exception on 'delete all'. - Print all analyzer, whether they have an analyzerID or not. This provide more analyzer information. - Show Analyzer Node location, Classification Ident, and Process path in the MessageSummary view. - Correct SNMP/Web Service, and some other Process/File filter path. - Allow for correct '\' escaping when creating filters. - Internet Explorer rendering tweak. - Various bugfix. * 2005-06-17, prewikka-0.9.0-rc8: - Use relative path everywhere. - Some escaping fixes. - Fix Filter formula check. - Ability to filter on alert.classification.ident. - Fix aggregated classification link in expanded list entry. - Various bugfix, English typo. * 2005-06-16, prewikka-0.9.0-rc7: - Prewikka now work and render perfectly with IE 6.0. - XHTML conformance in most of the code. - Fix possible exception with filtered classification text. - Allow filtering on heartbeat.analyzer.name. * 2005-06-01, prewikka-0.9.0-rc6: - Implement alert/heartbeat select all for deletion. - Fix handling of alert without classification. - Fix HTML code problem. Try to make the W3C validator happy. Fix Javascript warnings. Correct URL escaping. Make it work better in Apple's Safari browser. - More error checking when saving custom filter. Error out in case a filter reference non existing criteria. Add the substr operator. - Fix bug in the whole alert/heartbeat navigation system, simplify and cleanup the code, always report the current filtered field 'action' to the user. - Make the mouse pointer behave like it does for javascript links on Alert listing table head. - Fix alert mixup when expanding an aggregated classification with different severity. - Fix low/mid/high/none severity filtering. - Fix a bug where agents with multiple address would disappear. - Avoid Authentication Failed message when the user didn't try to authenticate (the session does not exist). - UI tweak for the detailed alert/heartbeat view. - Link source and destination port to portdb. - Add an heartbeat_error_margin configuration keyword. - Saving modification to an existing filter now work. - Make prewikka.cgi catch exceptions that are raised during the prewikka initialization step and display an error screen to the user instead of a server internal error. - Don't display message checkbox and delete button if the user don't have the PERM_IDMEF_ALTER permission - Fix module importation on MacOSX. - Various bugfix. * 2005-04-17, prewikka-0.9.0-rc5: - Fix classification filters in the alert listing. - Let the user provide the path to external command (whois, traceroute). - Fix prewikka exception on 'info' severity. - Fix broken installation permission. - Fix bad template variable initialization resulting in an exception with Cheetah 0.9.16. - Fix alert deletion in un-agreggated mode. - Fix GMT offset calculation. - Fix a problem when appending more filters in the alert list view. - Update Auth cookie expiration time. - Fix escaping issue. * 2005-04-05, prewikka-0.9.0-rc4: - Minor UI tweak. - Fix a problem when changing password. - Remove trailling space from config entry. - Display all analyzer address in agent listing. - Fix some bug in the authentication system, that would refuse login for no appearent reasons. - Set default session expiration time to 60 minutes. * 2005-03-31, prewikka-0.9.0-rc3: - Installation cleanup / bugfix. - Fix database authentication failure. - Fix error page. * 2005-03-31, prewikka-0.9.0-rc2 - Fix a loading problem when the database is not created. * 2005-03-29, prewikka-0.9.0-rc1: - Initial release