|
These are the changes in the production branch which been added since the previous release. These changes are not available in the current production release, but they are available in the current production pre-release.
Bugs fixed:
Fixed JBoss Application Server format to handle brackets in the class field properly.
Fixed a bug which would cause an error when using single quotes in Salang expressions in command line arguments.
Fixed a performance issue with ISA W3C format, which could cause very slow processing (changed hash algorithm to rand_sum for filterinfo).
Fixed/improved autodetection of Aruba Wireless LAN Switch format, to handle DBUG lines, and leading KERNEL lines.
Fixed two small problem with Netegrity SiteMinder Access log autodetection and reporting, which could result in failed autodetection, and an error message when displaying the Server Domains and Single-page Summary.
Fixed a bug in the Kerio Mail Server plug-in where non-matching lines caused an error because v.remainder was not set. This bug would most likely have been seen if the log source was a directory containing logs in different formats.
Fixed a bug where apostrophes in email addresses could cause parsing issues with Microsoft Exchange 2000 W3C log files, resulting in truncated email addresses in reports.
Fixed a bug where the date offset option was applied repeatedly to carried-over collected log entries, potentially resulting in progressively greater offsets as log processing progressed, for certain formats (specifically, Microsoft IIS SMTP W3C format).
Fixed a bug where the MySQL socket entered in the Create Profile Wizard was not saved to the profile, and had to be re-entered before the database could be built.
Fixed a bug where MySQL profiles would show all 0 durations in session reports, if "maximum session duration" was set to 0.
Fixed a bug where Sawmill would report itself as 64-bit Windows when a bug report was submitted, when it was really 32-bit Windows, and vice versa.
Fixed a bug where database updates with a MySQL database could result in a database corruption which caused the Days report to show extra rows.
Fixed a bug which would cause an error ("Error renaming expired_main_table to main_table") when removing database data, if the removal resulted in no entries remaining in the database.
Fixed bug in the "NetScreen Log Format" plug-in where the message field was set to "(omitted)" if the line didn't match any of the expected patterns. Only messages with key value pairs where all of the values are in reports are correctly set to "(omitted)".
Fixed a bug with removing data from MySQL databases, where the itemnum table would still refer to the old data, resulting in phantom entries in the Calendar and other date controls.
Fixed a bug which could cause very high memory usage when processing a dataset with a very large number of log sources (e.g., thousands of log sources), containing corrupt files.
Fixed a bug which could cause an "empty node" error when processing SonicWall logs,if certain types of corrupt log entries were present.
Fixed bug in the "Aladdin eSafe Sessions Log Format v5/v6" plug-in where in version 5.2, the Profile field was omitted causing the Details to be placed in the Extended Results field and the Extended Result value to be lost.
Fixed a bug which could cause a crash when processing log data which used name/value pairs (listed fields), where the last field on a line was quoted.
Fixed a bug which could cause numbers to be truncated in log filters, when converting large integers from string to float representation.
Fixed an incompatibility of the encrypted source code, which resulted in an error about memmove() when building Sawmill from source on Fedora Core 9.
Fixed a bug where a parsing error during a multiprocessor build or update was not reported properly, causing the build/update to continue forever.
Fixed two bugs in the "JBoss Application Server Log Format" format that broke the Java exception stack trace report.
Fixed a bug where the order of multiple actions, in if/then/else conditions in Log Filters, would get randomly scrambled in the web interface, if there were more than ten of them.
Fixed a bug in Tipping Point IPS which prevented the "traffic capture available" and "slot and segment" fields from being extracted properly.
Fixed bug which would cause a database build to abort with an error, if the -v f option was used, and a log field value contained a $.
New features:
Added autodetection of binary Firewall-1 format (to report that Sawmill can't parse it without conversion).
Fixed bug in Salang utility subroutine parse_w3c_fields where database field creation did not happen for fields of type host and page. This subroutine is used where the W3C field header for a format is not consistent with the fields in the log, so it did not effect most W3C plug-ins. The bug was specifically causing the Novell Border Manger log format plug-in to lack reports for Client IP and URL.
Enhanced Blue Coat W3C plug-in to recognize SGOS 5 logs, and to report the supplier ID field.
Enhanced Kerio Mailserver log format to support version 6.5 logs, and to track each type of status (delivered, delayed, etc.) with a separate numerical field, and to support the spam and security logs.
Enhanced Communigate Pro format to track IMAP logins.
Enhanced IMail support to report delivery errors, and to report messages delivered/relayed separately.
Added support for Astaro Security Gateway log format.
Added support for WebSTAR Proxy log format.
Added support for SmarterMail log format.
Added support for Trend Micro Interscan VirusWall 6 log format.
Added support for Array Networks Array SPX log format.
Added support for Cell Technology IPS log format.
Added support for DeepMail IMAP/POP3/SMTP Server log format.
Added support for tinyproxy log format.
Enhanced Symantec Mail Security support, to handle a different type of log file (different version of SMS).
Added support for analyzing Microsoft Internet Information Services (IIS) web server logs, logged to a syslog server.
Added support for another date specification for the Apache Custom log format.
Modified the Apache Custom plug-in to treat the uri_stem field the same way it treats the page field. Only one of these two fields should exist in the same report. (uri_stem is from %U in the customization string.)
Added support for Radware DefensePro log format.
Enhanced support for IronPort C-Series logs, to track aborted messages better, by including separate events, and a separate numerical field ("message deliveries aborted"), reporting intended recipients who did not receive their messages due to the filtering.
Added tracking of number-of-recipients in Microsoft Exchange 2007 log data (CSV).
Added support for Atlassian JIRA log format.
Improved support for "Windows Event Log Format (dumpevt.exe export)", to support Directory Services logs, and variable time formats.
Modified the "Anti-Spam SMTP Proxy (ASSP) Log Format" plug-in to support for log format variation with neither queue IDs nor "is disconnected" messages. In this variant, the only way to tell an event has ended is if the sender changes. As with other variants with no queue IDs, it is assumed that events are logged sequentially and are not interleaved.
Added support for Watchguard Firebox X Core e-Series Log Format.
Modified the Kiwi Syslog Daemon plug-in "Kiwi (mm-dd-yyyy dates)" to support a date/time variation with single digit month/day, / instead of -, space instead of tab between date and time, and no seconds on the time.
Added a new profile option, log.processing.output.field_delimiter (-fd), which controls the delimiter between fields, in the output generated by the "process logs" action.
Added a new profile option, log.processing.output.suppress_output_header (-soh), which suppresses the header (list of fields, on the first line), in the output generated by the "process logs" action.
Added a new profile option, log.processing.output.output_date_time_format, which controls the format of timestamps in the output generated by the "process logs" action.
Enhanced Ironport C-Series support to handle Delayed HAT REJECT sessions, so when that option is turned on in the C-Series, Sawmill will report early rejections by recipient domain (and sender domain).
Enhanced Ironport C-Series plug-in to track all actions types, and to report them with a pie chart in the Actions report.
Enhanced ISA W3C log format parsing to handle W3C logs with variant headers (tab-separated with spaces in field names).
Enhanced Ironport C-Series log format to report quarantined messages better.
Enhanced Secure Computing Sidewinder Firewall format to collect fac, area, type, and pri fields, and to support lines without extra data info/syslog.
Added support for RaidenMAIL log format.
Added support for eSafe version 6.1 to the "Aladdin eSafe Sessions Log Format v5" plug-in. The name has been changed to reflect v6 support.
Enhanced Ironport C Series support to report two new numerical fields: "messages spam positive" and "messages virus positive."
Added support for a variant of Citrix Netscaler (with event number before the message).
Added support Adobe branded Flash logs, and improved session display slightly.
Enhanced Firewall-1 (fw logexport export) Log Format to report geographic, ISP, organization, and domain information.
Added support for a new variant of Fortigate 60B log format.
Added support for geographic fields in Firewall-1 NG (text export) Log Format.
Added support for F5 Load Balancer format.
Added support for CCProxy version 6.61 to the plug-in for "Youngzsoft CCProxy Log Format".
|
