$Id: ChangeLog,v 1.148 2012/04/17 10:43:39 morty Exp $ See the "NEWS" file for a summary. 20120417: - 0.46 20120416: - gui_mode_unknowns_pause_at: new option to pause at/after N unknowns 20120413: - FIX: in gui mode, flags use_sprintf and delete_if_unique set to "1" - gui mode: restart shortcut: alt-r - FIX: in gui mode, deleting a pattern does not dirty the config - gui mode: count of raw events processed and events per second - core: add -I all_configs to see all configs listed out - new built-in pat subpatterns: date_iso datetime_iso version - new built-in pat subpatterns: non_whitespace oid - gui mode: shortcuts for "go to top" and "go to bottom" - FIX: in gui mode, selecting category dest corrupts value 20101129: - new built-in pat subpattern "interface" - gui mode: status bar should show visible counter 20101128: - new built-in pat subpattern "real" - FIX: make sure all elements in pat are atomic i.e. in (?:...) - add RCS files to filename_ignore_patterns, i.e. .*,v 20101127: - gui mode: "show unknowns and matches" jumps to first match - gui mode: status bar should show knowns counter 20101125: - FIX: help says -b takes an option, but it doesn't 20080904: - add support for stripping recent Linux timestamps (Tim Meushaw) 20070725: - FIX: regression bug in application ID 20061003: - config: nowarn and local should not be order dependent 20061001: - gui mode: go to top, go to bottom, follow latest 20060928: - 0.45 - FIX: Tk 804.027 says labelPack takes "-side", not "side" - FIX: Tk 804.027 doesn't validate dests correctly; validation changed - FIX: Tk 804.027 gives annoying warning about Tk::Pane - FIX: Tk 804.027 has wrong size for misc configurables - core: deal with hostname that ends in .localdomain - gui mode: select by criteria - gui mode: find, clear find 20060921: - gui mode: status indication for total and unknown events - gui mode: help|about log_analysis 20060920: - 0.44 - core: "nowarn" in config to disable certain config warnings 20060914: - gui mode: gui_mode_config_savelocal: save only items changed locally - INCOMPATIBLE CHANGE: using the "gui_mode_config_savelocal" option will not recognize local modifications made from earlier versions of log_analysis. Be careful! - gui mode: save config: should do RCS - new variables: rcs_command gui_mode_config_save_does_rcs 20060913: - new variables: gui_mode_print_all gui_mode_save_all - new variables: gui_mode_save_events_file - gui mode: save events and print events should use is_local - gui mode: make the event config use is_local 20060912: - core: set nodename, osname, osrelease from uname(2) - gui mode: select knowns - FIX: gui mode: removing selected entries didn't update select count - gui mode: misc configurables should use is_local and wait for "ok" - gui mode: escape should kill windows - gui mode: gui_mode_save_config should use gui_mode_variable_config 20060908: - core: make delete_if_unique more space efficient 20060907: - core: @ifos to test for OS name - core: suppress_commands and suppress_footer should be user settable - document: @ifos suppress_commands suppress_footer 20060705: - core: add support for memory_size_command as part of footer 20051102: - core: commands_to_run should output in order - core: add support for "prepend var" and "prepend arr" (Ade Rixon) 20051009: - gui mode: configure all patterns 20050912: - gui mode: gui_mode_unknowns should care about input logtype 20050911: - gui mode: configure pattern: test dests 20050910: - gui mode: configure pattern: apply to existing unknowns 20050908: - gui mode: configure pattern: validate dests - gui mode: configure pattern: show values of match variables 20050906: - gui mode: configure pattern: deal with multiple selections 20050905: - gui mode: configure pattern: basics done! - gui mode: configure pattern: apply after pause 20050904: - gui mode: configure pattern: ongoing 20050903: - gui mode: configure pattern: ongoing 20050831: - remove Solaris 8+ msgids (Ade Rixon) 20050830: - gui mode: buttons to show unknowns matching a pattern 20050829: - gui mode: select unknowns, unselect all - gui mode: hide selected, hide unselected, unhide all - gui mode: selection count and hidden count on status bar 20050828: - gui mode: configure pattern should validate pattern against data 20050825: - core: minor performance boost: use English with -no_match_vars - gui mode: restrict operators from making changes - gui_mode_configure_disabled - gui_mode_configure_deny_users gui_mode_configure_deny_groups - gui_mode_configure_allow_users gui_mode_configure_allow_groups - INCOMPATIBLE CHANGES: no more gui_mode_configuration_disabled or gui_mode_ignore_disabled 20050823: - FIX: perform variable substitution for preprocessor directives - FIX: @@warn and all other processor directives should obey @@if 20050822: - report mode: report_mode_combine_nodes - report mode: report_mode_combine_shows_nodes - report mode: report_mode_combine_is_partway - regression tests for report_mode_combine_nodes and friends - document: report_mode_combine_nodes - document: report_mode_combine_shows_nodes - document: report_mode_output_node_per_category - document: report_mode_combine_is_partway - document: logserver concerns 20050817: - -I eval:$type - FIX: pat{port} should require a minimum of one digit - new pat: anything - new pat: whitespace - gui mode: configure patterns: beginning support 20050816: - gui mode: improve responsiveness when paused - FIX: hang when a log starts with two LASTs (Dénes Ferenc Laborc) 20050815: - gui mode: pause button and pause menu item 20050814: - delete_if_unique -- feature to clean up after UNIQUE - regression tests for delete_if_unique - document: delete_if_unique - new pat: ssh_id - assorted config changes 20050811: - deal with multi-line sendmail messages by including the first line - assorted config changes 20050804: - 0.43 20050404: - add some new patterns for DNS and ipmon 20040408: - have -U print out unknowns as the script runs - new pat: mail_address 20040206: - rule request by Andrew Collier 20031022: - bz2 support in config 20030425: - more config changes - new pats: mac and hex 20030409: - sendmail 8.12.x stuff suggested by W C Waggoner 20030408: - assorted config changes suggested by Jose M Duart 20030402: - 0.42 - INCOMPATIBLE CHANGE: dests may no longer contain backslash. - gui_mode: gui_mode_event_config: configure selected event 20030401: - documentation and regression test updates 20030331: - FIX: other_host_message and derived categories were broken - generate man pages from pod using pod2man rather than perldoc - regression tests for nodename, derive 20020727: - FIX: perl 5.8.0 warning 20020415: - action: keep_open - daemon mode: daemon_mode_foreground 20020414: - autoload Tk/resizebutton.pm from distribution location - upgrade autoconf to 2.53 20020412: - gui mode: resize buttons for hlists - gui mode: misc configurables - cleanup: real mode should conflict with daemon_mode 20020411: - FIX: gui mode: "dest" should be saved last - gui mode: gui_mode_configuration_disabled - gui mode: gui_mode_ignore_disabled - new internal logtype: plain 20020410: - cleanup: more pack arrays - gui mode: misc configurables: initial support - FIX: gui mode: view event config sometimes causes a hang on exit - FIX: multiple dests gives a warning - FIX: error rather than weird warning if unknown type for -t - add scan detection to internal config - report_mode_output_node_per_category - FIX: daylight savings bug near midnight if -d cross daylight savings 20020409: - real_mode_no_actions_unless_is_daemon - daemon mode, daemon_mode, daemon_mode_pid_file - gui mode: bound to default action - dest_delete: remove a dest from pattern - cleanup: style caching in gui_mode_color - FIX: gui mode: beep for second event - gui mode: autosave menu option under file 20020408: - 0.41 - gui mode: "dirty" config - gui mode: better dialog for dirty exit - priority in dest config - report mode: support for priority in dest config 20020406: - gui mode: view event config: apply changes in color 20020405: - gui mode: view event config: do_action, description - cleanup: make arrays for standard packing args 20020404: - gui mode: view event config: auto refresh - gui mode: view event config: color - gui mode: view event config: properties 20020403: - cleanup: rename "h" tag from "node" to "host" - gui mode: view event config: "add" should check for duplicates - FIX: gui mode: "nested" events aren't printed by print_event_tree - gui mode: view event config: preliminary support - cleanup: catch program errors in GUI mode with Tk::Error - cleanup: do color lookup only if needed 20020402: - color, description, and do_action in dest and event config, too - gui mode: save-on-exit dialog - FIX: days_ago doesn't always get loaded properly from config - cleanup: rename "tag" as "match", use tag names instead of tags - cleanup: no more need for gui_mode_child_pid - regression test: old versions of perl - FIX: gui mode: deep recursion in gui mode - cleanup: use "after" instead of "fileevent" in gui mode - cleanup: don't modify optional_log_files - FIX: gui mode: dynamically grab GUI selections for print and save 20020401: - -F: use minimal config - -i: suppress (most) default includes - -D: define preprocessor directives - FIX: remove a couple of perl5.6isms for 5.00503 support - FIX: corrupted patterns: pat{host}/g should be pat{host} - FIX: gui mode: updates to count should have color 20020331: - gui mode: more ignore options - remove tests from public distro - make ignores work in regular mode, too - gui_mode_config_autosave, gui_mode_config_file - gui mode: savable user config - gui mode: no backlogs 20020330: - event config - priority, ignore - cleanup: make ignore more general - cleanup: make ignore more efficient - cleanup: use config_die more - cleanup: config_arguments to make config code cleaner - cleanup: parser should have a full state machine 20020329: - gui mode: select all 20020328: - detect if a pattern or dest for a pattern has been duplicated - keep_all_raw_logs to keep all raw logs in %A (real_mode only) - gui mode: savable config - cleanup: better data structure for patterns, dests - FIX: gui mode: alt-q exits with non-zero exit code - gui mode: save should warn for overwrite - gui mode: gui filter support for print and save - gui mode: view raw logs - FIX: add var was acting like set var - cleanup: implement config_file via preprocessor variable - -t: type force; type_force config variable - open_command_is_continuous: for tail -f, tcpdump, etc. in real_mode - cleanup: review &real_mode_check_function - cleanup: move &open_command,&type calls into &open,&process_handle - make open_command and decompression_rules work in real_mode - FIX: real/gui mode: log lines not yet terminated by newline 20020326: - FIX: real/gui mode: real mode doesn't handle compressed files right - FIX: gui mode: -g -I evals dies early - FIX: real/gui mode: fseek/seek 20020325: - 0.40 - gui mode: save selected events - cleanup: remove gui_mode_entry; use gui_mode_hashref - gui mode: save all events - FIX: gui mode sometimes dies with errors about seek - gui mode: print all events - gui mode: ignore (for now, just category + data) - document: do_action, use_pipe, action_format, default_action_format - document: throttle, throttle_format, default_throttle_format - document: \n, \t, \\ in tags, print_format, print_command 20020324: - gui mode: status - gui mode: faster exit 20020323: - handling for \n, \t, \\ wherever tags are processed - gui mode: print selected events 20020320: - cleanup: $name_pat => $pat{name} - document $pat{name}, undocument $name_pat - -I pats - real mode: do_action - action: use_stdin - action: throttle, throttle_format, default_throttle_format - action: action_format, default_action_format 20020316: - configurable pattern space $pat{name}, ie. $pat{ip} 20020315: - FIX: temp file is sometimes deleted before it's read - cleanup: use File::Basename instead of sub basename - cleanup: use $prog instead of $0 - make test: file, gz, command, gz+command with pipe, gz+command with no pipe 20020315: - 0.39 - FIX: wtmp.gz stopped working - document: real mode color, colors, -g, gui_mode, gui_mode_modifier - document: -I actions, -I colors - document: action:, command:, window:, window_command - document: default_login_action, login_action, -b, real_mode_backlogs - document: days_ago and real_mode interaction - document: description 20010828: - workaround for log case problem 20010811: - gui mode: color support 20010809: - new category config: description (ie. for your operators) - gui mode description support 20010808: - -I actions - action config: action:, command:, window:, window_command - login config: default_login_action, login_action - login menu entry - action menu entry 20010807: - -g for a primitive gui mode (requires Tk). - gui mode: way to resize fields - variables: gui_mode, gui_mode_modifier - event menu with "clear counts" and "login" - switch gui from ROText to HList 20010724: - real_mode_output_format now takes %R for the raw log line 20010718: - real mode color - cleanup: improve variable importing 20010716: - 0.38 20010715: - new dest syntactic sugar: you can explicitly say "CATEGORY". - INCOMPATIBLE CHANGE: config_version is now mandatory - linux kernel firewall categories now don't print source port 20010714: - new dest: UNIQUE category, ie. method to handle "unique" counts 20010713: - cleanup: let changes to catch-22 variables take immediate effect 20010712: - document per-category config, sort, filter, derive 20010711: - more per-category filters: and, or, none - default_filter 20010710: - derivable categories: add, subtract, remove 20010709: - per-category config - per-category filters: >=, <=, <, >, =, !=, top N, bottom N, top_strict N, bottom_strict N, top_strict N%, etc. - per-category sorting: reverse, value, number/string/funky, none - default_sort is more flexible (ie. reverse, value, etc.) - @@error, @@warn: directives to send the user a message - filename_ignore_patterns: patterns of filenames to ignore when including dirs 20010709: - patch from Nicolas Chuche to allow full use strict mode 20010701: - INCOMPATIBLE CHANGE: date_format defaults to %Y_%m_%d - INCOMPATIBLE CHANGE: -o should not output to standard out (see -O). - -O (or output_file_and_stdout): also output to standard out - cleanup: replace range detection with explicit $in_multiday variable - allow simple days-ago in a range (ie. -d7-1 for last week's logs). 20010630: - cleanup: treat version as a string, compare using funky_cmp 20010629: - 0.37 20010326: - cleanup: don't update count in real_mode; memory leak 20010325: - real mode log rollover detection - new variables real_mode_sleep_interval, real_mode_check_interval - funky sort: sort numbers separately to handle IP address better - new global variable: default_sort. Can be set to string, funky, or numeric, defaults to funky - INCOMPATIBLE CHANGE: new default sort is "funky" 20010324: - -r: continuous, tail -f style output - real_output_format: new global for the output in real_mode - field widths (optional) for tags (ie. %10n, %-10n) 20010321: - preprocessor directives a la aide: @@define, @@undef, @@ifdef, @@ifndef, @@ifhost, @@else, @@endif, @@ifhost, @@{VAR} - INCOMPATIBLE CHANGE: replace end with @@end - implement and allow: -d range with -a - new required config variable: output_message_all_days_in_range 20010318: - -I patterns - -I help - -I log_types 20010315: - 0.36 - document -o - make -I internal_config and -v run before any config is looked at - -I log_files: show actual log files to be parsed 20010313: - FIX: syslog server with exactly one logging host and none of its own log messages doesn't get noticed as multiple hosts - complete code review - -I config_versions - change in multiple-host message - file_version: declares the file version for config files - support for a range of days, ie. -d 2001_02_01-2001_02_28 - internally merge old and new configs 20010310: - -I categories: list all categories (ie. from configs and implicit) - pipe_decompress_to_open: don't use a tempfile - document decompression + open_command interaction (ie. tempfile) - minor rule updates - localize hostnames/nodenames relative to domain - domain: allow either manual setting, or use /etc/resolv.conf domain - leave_FQDNs_alone: don't localize hostnames/nodenames 20010309: - FIX: 3rd field in raw_rules defined as false should not be an error - Support for -d as absolute date, ie. 2001_03_02; tested 1902-2037. - INCOMPATIBLE CHANGE: change -F to -I internal_config - INCOMPATIBLE CHANGE: change -D to -I evals 20010111: - 0.35 20010108: - more elegant solution to making local user configs higher priority 20010103: - make local user configs higher priority 20010101: - document: new config, SKIP, LAST, multiple categories, word_pat, use_sprintf, counts - make new config rules implicitly end with \s*$ 20001220: - replace all /usr/local instances with prefix 20001219: - modified my local copy of automake to do chmod 755 instead of 777. What's up with that? 20001217: - implement SKIP in new framework - implement LAST in new framework - optional use_sprintf for format - implement counts - logging to mutiple categories - convert old internal config to new framework 20001208: - INCOMPATIBLE CHANGE: no more 4th field code hook for raw_rules. If you were using it, let me know why and if I can't think of a workaround, I'll add it back in. - added in various fancy config options - added in word_pat - took care of last message issues 20001207: - document SIGINT stuff 20001206: - fixed bug: repeating internal config gives errors, found by Paul Jakma 20001129: - -S: suppress output footer 20001031: - 0.34 - minor rules updates 20000828: - catch SIG_INT for early output - priority support, with new "priority" variable 20000827: - make -U output the type - -u unknownsdir: trick to make writing rules easier - INCOMPATIBLE CHANGE: take required_log_file out of the config; it wasn't playing nicely with everything else. If you were using it, please revert to the old version and let me know. - minor rule updates 20000819: - 0.33 - autoconf support to autodetect perl location - minor rule updates 20000616: - 0.32 20000612: - sendmail 8.10 queue IDs - allow whitespace at the beginning of config lines 20000418: - 0.31 - more documentation, samples 20000416: - 0.29 - fixed "-" vs. "_" sloppiness in old config, standardizing on "_" - make -p only be legal when mail_address or -m - assorted documentation - strip leading whitespace from blocks, vars 20000412: - pgp_rules, -p 20000119: - mail_user_pat 20000114: - umask bugfix 20000113: - decompression_rules - do proper temp files - umask - skip old files 20000112: - include version info in standard output - fix -U - change -U to *only* output unknowns - document problem with % in crontab 20000106: - -v - allow_nodenames - check patterns - reorganize docs 20000105: - -o to generate an output file - show_all, days_ago, output_file in config - base unknowns on types rather than files - merge unknowns into count - -N for process all nodenames 20000104: - strftime for date_format (global and extension) - sort categories - document catch-22 20000103: - ignore_categories - priority_categories 20000102: - tag substitution for mail_comand - include, and include_if_exists - include_dir, include_dir_if_exists 20000101: - import PATH - import nodename, osname, osrelease 19991231: - process_tags - cleaned up implied ^ - open_command - pre_date_hook 19991230: - implemented "remove arr" - fixed a bug where optional scalars would be default to a null value - documentation - redid config_version into its own keyword 19991229: - sendmail handler - a bit of error checking when building the config 19991228: - generic config mechanism for arbitrary log types - show elapsed time - usage function - -D to dump default config - -s to suppress running extra commands - version check - wrote sulog handler - added an "eval code" item - got "last message repeated" working - include files 19991227: - added huge amounts of capability; not even recognizable 19991223: - converted to perl (from sh), renamed to log_analysis (from do_log) 19990607: - original version