commit 48b57a5158cf6a14e5e86c021534f336ffc2969f
Author: Yoann Vandoorselaere <yoann.v@prelude-technologies.com>
Date:   2010-03-16

    Update NEWS, bump version number

 NEWS                                 |   17 ++++++++++++++++-
 prelude_correlator.egg-info/PKG-INFO |    2 +-
 setup.py                             |    2 +-
 3 files changed, 18 insertions(+), 3 deletions(-)

commit 3472e42c3fc5ba30d3cc32cf985a4250f9b731f1
Author: Yoann Vandoorselaere <yoann.v@prelude-technologies.com>
Date:   2010-03-16

    Do not generate CorrelationAlert for multiples successful authentication
    
    The current BruteForce plugin implementation was generating Correlation
    Event for multiples, successfull login events.
    
    In the future, we might want to include successfull authentication following
    a number of failed events, so that generated CorrelationAlert includes full
    details.

 PreludeCorrelator/plugins/bruteforce.py |    6 ++++++
 1 files changed, 6 insertions(+), 0 deletions(-)

commit 82465fd06f62b12274cfd92ae23ddf1bd8e61417
Author: F. Yhuel <fyhuel@prelude-technologies.com>
Date:   2010-03-16

    Fix correlator exception with empty list
    
    With recent versions of libprelude, the IDMEF class Set() method
    properly handle empty lists, but raises an exception on None input value.
    Therefore, the three lines removed in this patch, which were casting
    empty list into None, used to trigger a prelude-correlator exception,
    when prelude-correlator was receiving IDMEF alerts without sources or
    targets.
    
    Signed-off-by: Yoann Vandoorselaere <yoann.v@prelude-technologies.com>

 PreludeCorrelator/idmef.py |    4 ----
 1 files changed, 0 insertions(+), 4 deletions(-)

commit 5a358aa37acd702f8e6e5185df9f2743d2284818
Author: Yoann Vandoorselaere <yoann.v@prelude-technologies.com>
Date:   2010-03-10

    Log to syslog when daemon mode is used
    
    When Prelude-Correlator is started as a daemon, make sure we use
    syslog for logging.

 PreludeCorrelator/log.py  |   14 ++++++++++----
 PreludeCorrelator/main.py |    8 ++++----
 2 files changed, 14 insertions(+), 8 deletions(-)

commit 7cd300069d788c4366846e2ca600aa46c8e45cf6
Author: Yoann Vandoorselaere <yoann.v@prelude-technologies.com>
Date:   2010-03-10

    Temporarily disable documentation code installation
    
    This install in the wrong prefix, and we have no concrete solution
    for this without breaking other part of the system.

 setup.py |    8 +-------
 1 files changed, 1 insertions(+), 7 deletions(-)

commit 8a1e4979e472b4041ddcbec2584bdb9c5e6afdbc
Author: Yoann Vandoorselaere <yoann.v@prelude-technologies.com>
Date:   2010-03-08

    Update NEWS, bump version

 NEWS                                 |    5 +++++
 prelude_correlator.egg-info/PKG-INFO |    2 +-
 setup.py                             |    2 +-
 3 files changed, 7 insertions(+), 2 deletions(-)

commit c82ad3f2f36440d7799dfd662134d453239fabb9
Author: Yoann Vandoorselaere <yoann.v@prelude-technologies.com>
Date:   2010-03-08

    Include docs/sample-plugin to SOURCES
    
    Closes #372.

 prelude_correlator.egg-info/SOURCES.txt |    3 +++
 1 files changed, 3 insertions(+), 0 deletions(-)

commit 287448ad663f8fc0911636c04f6fd7145711676f
Author: Yoann Vandoorselaere <yoann.v@prelude-technologies.com>
Date:   2010-03-05

    Update NEWS, bump version number.

 NEWS                                 |   13 +++++++++++++
 prelude_correlator.egg-info/PKG-INFO |    2 +-
 setup.py                             |    2 +-
 3 files changed, 15 insertions(+), 2 deletions(-)

commit 59ef7693efb2125bab0ed4eeb08d7f703a504839
Author: Yoann Vandoorselaere <yoann.v@prelude-technologies.com>
Date:   2010-03-05

    Remove SpamHausDrop database from GIT repository
    
    The file is updated/included upon each releases. There is no need
    to track it within the GIT repository.

 PreludeCorrelator/plugins/spamhaus_drop.dat |  198 ---------------------------
 1 files changed, 0 insertions(+), 198 deletions(-)
 delete mode 100644 PreludeCorrelator/plugins/spamhaus_drop.dat

commit 2390952d41db673386c620d0fd8ce4720f0b89f6
Author: Yoann Vandoorselaere <yoann.v@prelude-technologies.com>
Date:   2010-03-05

    Prevent double escape of context identifiers
    
    Prelude-Correlator wasn't properly updating context (and thus, didn't
    generate correlation events) since context identifiers were escaped
    twice.

 PreludeCorrelator/context.py |    2 --
 1 files changed, 0 insertions(+), 2 deletions(-)

commit e0d28d24a950fe912818c3059145b3cb970df790
Author: Yoann Vandoorselaere <yoann.v@prelude-technologies.com>
Date:   2010-02-26

    Add a sample-plugin example

 docs/sample-plugin/myplugin/__init__.py |    1 +
 docs/sample-plugin/myplugin/main.py     |    6 ++++++
 docs/sample-plugin/setup.py             |   13 +++++++++++++
 setup.py                                |    9 +++++++--
 4 files changed, 27 insertions(+), 2 deletions(-)
 create mode 100644 docs/sample-plugin/myplugin/__init__.py
 create mode 100644 docs/sample-plugin/myplugin/main.py
 create mode 100644 docs/sample-plugin/setup.py

commit bba0e398a994fc3a59674dadc192f3423ff86475
Author: Yoann Vandoorselaere <yoann.v@prelude-technologies.com>
Date:   2010-02-09

    Introduce version checking for Unpickled elements
    
    This introduce version compatibility check when unpickling a context, if
    the Context implementation version has changed, then the old Context won't
    be restaured. This avoid runtime exception if/when Context attributes changes.

 PreludeCorrelator/context.py |   11 +++++++++++
 1 files changed, 11 insertions(+), 0 deletions(-)

commit a1331040dde79f1975b09596ad6ea1518d88d307
Author: Yoann Vandoorselaere <yoann.v@prelude-ids.com>
Date:   2010-02-01

    Fix generated tarball name, release rc2

 NEWS                                 |    6 ++++++
 prelude_correlator.egg-info/PKG-INFO |    2 +-
 setup.py                             |    2 +-
 3 files changed, 8 insertions(+), 2 deletions(-)

commit 5eb328b52d97abcccf4e69349099bd98d03d3173
Author: Yoann Vandoorselaere <yoann.v@prelude-ids.com>
Date:   2010-02-01

    Update Spamhaus Drop database

 PreludeCorrelator/plugins/spamhaus_drop.dat |    4 +++-
 1 files changed, 3 insertions(+), 1 deletions(-)

commit d55227226321824d406c28704bb4bcffbc68d5d8
Author: Yoann Vandoorselaere <yoann.v@prelude-ids.com>
Date:   2010-01-29

    Update NEWS, bump version number

 NEWS                                 |   49 ++++++++++++++++++++++++++++++++++
 prelude_correlator.egg-info/PKG-INFO |    2 +-
 setup.py                             |    2 +-
 3 files changed, 51 insertions(+), 2 deletions(-)

commit ea4f2c2cc0c1101029bc151a6889c0dedd49aeaa
Author: Yoann Vandoorselaere <yoann.v@prelude-ids.com>
Date:   2010-01-20

    Update Spamhaus Drop database

 PreludeCorrelator/plugins/spamhaus_drop.dat |   21 ++++++++++++++++-----
 1 files changed, 16 insertions(+), 5 deletions(-)

commit 3c35a8870f623504d0976f3487bcb59b1bcb3c18
Author: Yoann Vandoorselaere <yoann.v@prelude-ids.com>
Date:   2010-01-20

    Firewall plugin improvement
    
    The plugin will now report CorrelationAlert for events / sets of events
    that appear to have passed through a firewall known to protect the target
    machine.
    
    If no firewall ever emit block concerning a given host, then this host
    is considered un-protected, and there is no point in reporting
    CorrelationAlert.
    
    The 'flush-protected-hosts' variable allow you to define how much
    time a given target hosts should be considered as protected when a
    firewall drop is noticed for this machine.

 PreludeCorrelator/plugins/firewall.py |   89 ++++++++++++++++++++++++++------
 prelude-correlator.conf               |   21 +++++++-
 2 files changed, 90 insertions(+), 20 deletions(-)

commit 847312c095e14782b10613d2448080916b120ef1
Author: Yoann Vandoorselaere <yoann.v@prelude-ids.com>
Date:   2010-01-20

    Fix for recent libprelude version
    
    Recent libprelude version are able to correctly return list of
    IDMEFValue, don't raise an exception about it.

 PreludeCorrelator/idmef.py |    6 ++----
 1 files changed, 2 insertions(+), 4 deletions(-)

commit 69ab7f2a89ad1ee5c8730c8624c787fda7c2e33f
Author: Yoann Vandoorselaere <yoann.v@prelude-ids.com>
Date:   2010-01-20

    Provide a specialized function for escaping context name

 PreludeCorrelator/context.py              |   21 +++++++++++++++++++++
 PreludeCorrelator/plugins/bruteforce.py   |    4 ++--
 PreludeCorrelator/plugins/dshield.py      |    2 +-
 PreludeCorrelator/plugins/firewall.py     |    2 +-
 PreludeCorrelator/plugins/opensshauth.py  |    2 +-
 PreludeCorrelator/plugins/scan.py         |    6 +++---
 PreludeCorrelator/plugins/spamhausdrop.py |    2 +-
 PreludeCorrelator/plugins/worm.py         |    4 ++--
 8 files changed, 32 insertions(+), 11 deletions(-)

commit f9fc0099aa838b491ce872ea70384bd9df24b711
Author: Yoann Vandoorselaere <yoann.v@prelude-ids.com>
Date:   2010-01-16

    ez_setup.py attempted to download inexistant setuptools version
    
    This is a regression of commit 6f9328ecd837da5cfbe9b6bd6614020e95d3e8e2,
    where we lowered setuptools requirement so that prelude-correlator would
    work out of the box with most distribution setuptools package.
    
    However, in case where setuptools isn't available on the system, and
    ez_setup.py attempt to download it, old setuptools version packages
    are not available for newer Python version.
    
    Fix this problem by forcing a recent version specifically when
    downloading setuptools.

 ez_setup.py |    5 +++--
 1 files changed, 3 insertions(+), 2 deletions(-)

commit e7242744d539aa6c3e4baa421403a2bcea43836f
Author: Yoann Vandoorselaere <yoann.v@prelude-ids.com>
Date:   2010-01-16

    [Worm]: only add related events to the CorrelationAlert

 PreludeCorrelator/plugins/worm.py |   14 +++++++++-----
 1 files changed, 9 insertions(+), 5 deletions(-)

commit 09ba679044b70608144e24b01dae982011469682
Author: Yoann Vandoorselaere <yoann.v@prelude-ids.com>
Date:   2010-01-16

    Context class improvement: overwrite, and new update method
    
    Context initialization now take an optional 'overwrite' argument. This
    argument, if set to False, mean that the Context() will be returned
    un-modified if it already exist. If it doesn't, it will be created.
    
    There is now a new update() method, which provide exactly the same
    functionality as calling Context() with the 'update=True' argument.
    This is useful since some plugin might want to defer an update to
    another place in the code.
    
    Remove CheckAndDecThreshold() method. This function can be replaced
    by using Context.update() along with the Context.getUpdateCount()
    method.
    
    [Scan]: Update to the new Context API (removal of CheckAndDecThreshold).
    Improve the plugin so that it report CorrelationAlert after the
    timer expire, not after the threshold is reached.

 PreludeCorrelator/context.py      |   79 +++++++++++++++++++++---------------
 PreludeCorrelator/plugins/scan.py |   33 +++++----------
 2 files changed, 57 insertions(+), 55 deletions(-)

commit 88cee2590c571092aef170c3cd6edeee77fe85a7
Author: Yoann Vandoorselaere <yoann.v@prelude-ids.com>
Date:   2010-01-16

    Do not start Timer if they have no expiration time

 PreludeCorrelator/context.py |    2 +-
 1 files changed, 1 insertions(+), 1 deletions(-)

commit 8df4661a39fc563a53bf32452a569d796550b6bc
Author: Yoann Vandoorselaere <yoann.v@prelude-ids.com>
Date:   2010-01-15

    Sort dump of context statistics
    
    When dumping context statistics, sort the context by threshold. This
    can make debugging easier.

 PreludeCorrelator/context.py |   10 ++++++++++
 1 files changed, 10 insertions(+), 0 deletions(-)

commit c7e9a2c7aa7daa1943b62e0224640d6f2370ab3c
Author: Yoann Vandoorselaere <yoann.v@prelude-ids.com>
Date:   2010-01-15

    Fix timer issue on reset()
    
    Since the introduction of IDMEF.reset(), timer reset was not working
    due to a conflict in the method being called. Remove the IDMEF.reset()
    method since it is a NOP anyway, and store each received events in a
    newly allocated IDMEF instance.

 PreludeCorrelator/idmef.py |    3 ---
 PreludeCorrelator/main.py  |    4 +---
 2 files changed, 1 insertions(+), 6 deletions(-)

commit 1f4c6bb0cac0876cc9b19dc12d703fc8e53e7151
Author: Yoann Vandoorselaere <yoann.v@prelude-ids.com>
Date:   2010-01-15

    [OpenSSHAuth]: fix potential issue on exit
    
    Move the alert() function out of the OpenSSHAuth class, making it a
    constant, so that it can be successfuly pickled by Python when saving
    related context. Avoid possible exception on exit.

 PreludeCorrelator/plugins/opensshauth.py |   18 +++++++++---------
 1 files changed, 9 insertions(+), 9 deletions(-)

commit 39afc4f0c32251b3a2d44b8635d65de0f41d5080
Author: Yoann Vandoorselaere <yoann.v@prelude-ids.com>
Date:   2010-01-15

    [FirewallPlugin]: ability to queue multiples events
    
    The plugin can now report 'non firewall block' for multiples events
    at a time.

 PreludeCorrelator/plugins/firewall.py |   17 +++++++++--------
 1 files changed, 9 insertions(+), 8 deletions(-)

commit 88d7d04acb73c7d4f4de9fc20f41c0126fa2396e
Author: Yoann Vandoorselaere <yoann.v@prelude-ids.com>
Date:   2010-01-15

    [OpenSSHAuth]: Fix reference to Correlated Alert
    
    Each reference was set twice, and we were creating new reference
    even for already known authentication type.

 PreludeCorrelator/plugins/opensshauth.py |   11 ++++++-----
 1 files changed, 6 insertions(+), 5 deletions(-)

commit ff30acda325998e93034bfa806305df906e5da7e
Author: Yoann Vandoorselaere <yoann.v@prelude-ids.com>
Date:   2010-01-15

    BruteForce plugin improvement
    
    Do not stop reporting a bruteForce when the threshold is reached, rather
    wait until the Context expire. Improve alert description, and do not
    filter out success login.
    
    Use alert_on_expire in order to queue as much login attempt as possible

 PreludeCorrelator/plugins/bruteforce.py |   25 +++++++++----------------
 1 files changed, 9 insertions(+), 16 deletions(-)

commit 9ff291c40bbb45d9c63f2c7fa1c556b9a3d50a43
Author: Yoann Vandoorselaere <yoann.v@prelude-ids.com>
Date:   2010-01-14

    Update SpamHaus database

 PreludeCorrelator/plugins/spamhaus_drop.dat |   63 ++++++++++++++++++++------
 1 files changed, 48 insertions(+), 15 deletions(-)

commit 784ec4a8c0b011281257b72a4464481998567a84
Author: Yoann Vandoorselaere <yoann.v@prelude-ids.com>
Date:   2010-01-10

    DetectTime correction for Dshield generated CorrelationAlert

 PreludeCorrelator/plugins/dshield.py |    1 -
 1 files changed, 0 insertions(+), 1 deletions(-)

commit f5405a473624c96c61666774fae0e459b9c42c89
Author: Yoann Vandoorselaere <yoann.v@prelude-ids.com>
Date:   2010-01-10

    Disable BusinessHour correlation by default since it is very verbose

 prelude-correlator.conf |    7 +++++--
 1 files changed, 5 insertions(+), 2 deletions(-)

commit 0f1b91eb9904512d49b368c2b757ec45491584c2
Author: Yoann Vandoorselaere <yoann.v@prelude-ids.com>
Date:   2010-01-10

    Correctly set CorrelationAlert DetectTime
    
    Modify addAlertReference() so that the reported CorrelationAlert
    DetectTime match the time of the first event that was detected.
    
    From IDMEF RFC 4765, section 4.2.2:
    DetectTime
    
    The time the event(s) leading up to the alert was detected. In the case
    of more than one event, the time the first event was detected.  In some
    circumstances, this may not be the same value as CreateTime.

 PreludeCorrelator/idmef.py |   15 ++++++++++++++-
 PreludeCorrelator/main.py  |    2 +-
 2 files changed, 15 insertions(+), 2 deletions(-)

commit de58c2c83efb4c5339e172ec6f928004770bbcad
Author: Yoann Vandoorselaere <yoann.v@prelude-ids.com>
Date:   2009-12-23

    Fix exception in case of unsupported address format

 PreludeCorrelator/plugins/spamhausdrop.py |    7 ++++++-
 1 files changed, 6 insertions(+), 1 deletions(-)

commit 6f9328ecd837da5cfbe9b6bd6614020e95d3e8e2
Author: Yoann Vandoorselaere <yoann.v@prelude-ids.com>
Date:   2009-12-18

    Update ez_setup.py, lower setuptools requirement

 ez_setup.py |   10 +++++++++-
 1 files changed, 9 insertions(+), 1 deletions(-)

commit 4ec941a82ad936a1085ab28225cdde41de2f857f
Author: Yoann Vandoorselaere <yoann.v@prelude-ids.com>
Date:   2009-12-18

    Implement the Context.stats() method
    
    Dump useful statistics concerning the context.

 PreludeCorrelator/context.py |   12 ++++++++----
 1 files changed, 8 insertions(+), 4 deletions(-)

commit eec8622dab5eff5ff2865e555ff57b0054b05291
Author: Yoann Vandoorselaere <yoann.v@prelude-ids.com>
Date:   2009-12-17

    Make it possible to change context option on update
    
    This introduce the setOptions() and getOptions() method, and allow
    to update Context options on class initialization.

 PreludeCorrelator/context.py |   48 ++++++++++++++++++++++++-----------------
 1 files changed, 28 insertions(+), 20 deletions(-)

commit cdea049014e69f6398d75b932361667348f3c451
Author: Yoann Vandoorselaere <yoann.v@prelude-ids.com>
Date:   2009-12-17

    OpenSSHAuth CorrelationAlert now handle multiples events
    
    Previously, we would generate a single CorrelationAlert each time a
    different authentication method was used.
    
    The OpenSSHAuth plugin has been modified so that it can now generate
    a single CorrelationAlert for multiples authentication method used in
    a given time slice.

 PreludeCorrelator/plugins/opensshauth.py |   21 ++++++++++++---------
 1 files changed, 12 insertions(+), 9 deletions(-)

commit 547a9b9cda2cb7d82436b280a2da4ff32d482d55
Author: Yoann Vandoorselaere <yoann.v@prelude-ids.com>
Date:   2009-12-17

    Fix SpamhausDrop context creation

 PreludeCorrelator/plugins/spamhausdrop.py |    2 +-
 1 files changed, 1 insertions(+), 1 deletions(-)

commit a55f1b4f2c7d89cebca62c34e02ad48d4dbab24d
Author: Yoann Vandoorselaere <yoann.v@prelude-ids.com>
Date:   2009-12-17

    Update context directly from the __new__() method

 PreludeCorrelator/context.py |   29 ++++++++++++++++-------------
 1 files changed, 16 insertions(+), 13 deletions(-)

commit 9d9d1e85bc07468cd0128a3c77a2bd08931e292b
Author: Yoann Vandoorselaere <yoann.v@prelude-ids.com>
Date:   2009-12-16

    Prefix Timer variable, to prevent potential conflict with Context class variable

 PreludeCorrelator/context.py |   30 +++++++++++++++---------------
 1 files changed, 15 insertions(+), 15 deletions(-)

commit 28681237e015ab42475072c015c03d82725980cf
Author: Yoann Vandoorselaere <yoann.v@prelude-ids.com>
Date:   2009-11-24

    Make informational plugin output more consistant

 PreludeCorrelator/pluginmanager.py |    4 ++--
 1 files changed, 2 insertions(+), 2 deletions(-)

commit bd2ca57c54a193977ee7ecb59afed40e87c4599b
Author: Yoann Vandoorselaere <yoann.v@prelude-ids.com>
Date:   2009-11-05

    Spamhaus CorrelationAlert now handle multiples events
    
    Previously, we would generate a single Spamhaus CorrelationAlert for
    each events where the source address would match the Spamhaus database.
    
    The Spamhaus plugin has been modified so that it now generate
    CorrelationAlert for multiples event received from the same source.

 PreludeCorrelator/plugins/spamhausdrop.py |   13 ++++++-------
 1 files changed, 6 insertions(+), 7 deletions(-)

commit fa87b9fb76c1bada36c07312c9e96b8ab6efbed6
Author: Yoann Vandoorselaere <yoann.v@prelude-ids.com>
Date:   2009-11-04

    Context initialization now handle an IDMEF parameters
    
    If the context creation/update function is called with an IDMEF message
    parameter, then we automatically call addAlertReference on the context
    CorrelationAlert using the provided message as the parameter.

 PreludeCorrelator/context.py            |   24 ++++++++++++++++--------
 PreludeCorrelator/plugins/bruteforce.py |    6 ++----
 PreludeCorrelator/plugins/dshield.py    |    7 ++-----
 PreludeCorrelator/plugins/firewall.py   |    3 +--
 PreludeCorrelator/plugins/scan.py       |    9 ++-------
 PreludeCorrelator/plugins/worm.py       |    3 +--
 6 files changed, 24 insertions(+), 28 deletions(-)

commit a3ef40e92baa240b1d11b2d54aa8588d321cd356
Author: Yoann Vandoorselaere <yoann.v@prelude-ids.com>
Date:   2009-11-04

    Implement context getUpdateCount() method
    
    This allow for a plugin to know how much time a context has been updated.

 PreludeCorrelator/context.py |    6 ++++++
 1 files changed, 6 insertions(+), 0 deletions(-)

commit a85cd9d1a64fdb70caee79c784d0aeef80078d71
Author: Yoann Vandoorselaere <yoann.v@prelude-ids.com>
Date:   2009-11-04

    Use the easy addAlertReference() method

 PreludeCorrelator/plugins/firewall.py |    5 +----
 1 files changed, 1 insertions(+), 4 deletions(-)

commit d0cf6f5de42fae009c78bf6d56483676d08af6a7
Author: Yoann Vandoorselaere <yoann.v@prelude-ids.com>
Date:   2009-11-04

    Make it possible for plugin to specify a function to be called on expire.

 PreludeCorrelator/context.py |    5 ++++-
 1 files changed, 4 insertions(+), 1 deletions(-)

commit dfb338b8f0e4e3b2a8c0ea7f0f3c64f60f0c4fc1
Author: Yoann Vandoorselaere <yoann.v@prelude-ids.com>
Date:   2009-11-03

    Update NEWS, bump version.

 NEWS                                 |    6 ++++++
 prelude_correlator.egg-info/PKG-INFO |    2 +-
 setup.py                             |    2 +-
 3 files changed, 8 insertions(+), 2 deletions(-)

commit 6db3c3ec0abf676c6d0df9f8385cb384127b94cf
Author: Yoann Vandoorselaere <yoann.v@prelude-ids.com>
Date:   2009-11-03

    Include spamhaus_drop.dat in the source distribution (closes #364).

 PreludeCorrelator/plugins/spamhaus_drop.dat |    2 +-
 prelude_correlator.egg-info/SOURCES.txt     |    1 +
 2 files changed, 2 insertions(+), 1 deletions(-)

commit 9531ba192bd2a97ff0012dddf39d527313fd2527
Author: Yoann Vandoorselaere <yoann.v@prelude-ids.com>
Date:   2009-11-02

    Forgot version bump, and dshield database update. This is included in beta7.

 PreludeCorrelator/plugins/spamhaus_drop.dat |   27 +++++++++++++++------------
 prelude_correlator.egg-info/PKG-INFO        |    2 +-
 prelude_correlator.egg-info/SOURCES.txt     |    2 +-
 setup.py                                    |    2 +-
 4 files changed, 18 insertions(+), 15 deletions(-)

commit d3c6c5aae5ddd818789afeab57610b581ca75907
Author: Yoann Vandoorselaere <yoann.v@prelude-ids.com>
Date:   2009-11-02

    Update NEWS, bump version.

 NEWS |   26 ++++++++++++++++++++++++++
 1 files changed, 26 insertions(+), 0 deletions(-)

commit 4c25c0c989901d4e93a107fbb94c9f71b3fe94f5
Author: Yoann Vandoorselaere <yoann.v@prelude-ids.com>
Date:   2009-10-29

    Update configuration template.

 prelude-correlator.conf |    1 +
 1 files changed, 1 insertions(+), 0 deletions(-)

commit 89d5e77f6ce7e9e81469d530018fc215d4bcfe55
Author: Yoann Vandoorselaere <yoann.v@prelude-ids.com>
Date:   2009-10-29

    Improve WormPlugin accuracy
    
    The plugin used to alert when seeing an alert to a given target, and
    this same alert going back to the source. This can happen in a number
    of case (example: Netbios alert triggered by Snort).
    
    As of now, the plugin will wait for the events to be repeated against
    at least 5 differents hosts.

 PreludeCorrelator/plugins/worm.py |   19 +++++++++++++++----
 1 files changed, 15 insertions(+), 4 deletions(-)

commit 347fafde9eee6fc2a1d222ec12b1b59c86219573
Author: Yoann Vandoorselaere <yoann.v@prelude-ids.com>
Date:   2009-10-29

    Dshield CorrelationAlert now handle multiples events
    
    Previously, we would generate a single Dshield CorrelationAlert for
    each events where the source address would match the Dshield database.
    
    The Dshield plugin has been modified so that it now generate
    CorrelationAlert for multiples event received from the same source.

 PreludeCorrelator/plugins/dshield.py |   21 ++++++++++++---------
 1 files changed, 12 insertions(+), 9 deletions(-)

commit a6733c6dec30acc9001766d7ce2455d154eafb7c
Author: Yoann Vandoorselaere <yoann.v@prelude-ids.com>
Date:   2009-10-29

    Clarify statistical reports

 PreludeCorrelator/main.py |    6 +++---
 1 files changed, 3 insertions(+), 3 deletions(-)

commit eff07e086cf3bbbd16763f45a7d87c8ccbe08119
Author: Yoann Vandoorselaere <yoann.v@prelude-ids.com>
Date:   2009-10-29

    Worm plugin CorrelationAlert was missing a reference to the initial event

 PreludeCorrelator/plugins/worm.py |    1 +
 1 files changed, 1 insertions(+), 0 deletions(-)

commit 1b69bef64601b8fdb2b8714afc674dd505fa30a0
Author: Yoann Vandoorselaere <yoann.v@prelude-ids.com>
Date:   2009-09-15

    Handle plugin loading error gracefully
    
    Emit a warning if plugin loading trigger an exception, but continue
    loading the system.

 PreludeCorrelator/pluginmanager.py |    7 ++++++-
 1 files changed, 6 insertions(+), 1 deletions(-)

commit 6ee57df63e37d926055658c142dcff892e6fdcac
Author: Wes Young <wes@barely3am.com>
Date:   2009-09-13

    Initial SpamhausDrop plugin implementation (closes #363)

 PreludeCorrelator/plugins/spamhaus_drop.dat  |  149 ++++++++++++++++++++++++++
 PreludeCorrelator/plugins/spamhausdrop.py    |  117 ++++++++++++++++++++
 prelude_correlator.egg-info/SOURCES.txt      |    3 +-
 prelude_correlator.egg-info/entry_points.txt |    1 +
 setup.py                                     |   31 +++---
 5 files changed, 287 insertions(+), 14 deletions(-)
 create mode 100644 PreludeCorrelator/plugins/spamhaus_drop.dat
 create mode 100644 PreludeCorrelator/plugins/spamhausdrop.py

commit f6e8e61145ce659ef6c97b15225918bf2a48f824
Author: Yoann Vandoorselaere <yoann.v@prelude-ids.com>
Date:   2009-09-11

    Python 2.4 backward compatibility
    
    The logging 'extra' keyword is only available in Python 2.5 and higher,
    do not use it when running an older Python version.

 PreludeCorrelator/log.py |   23 +++++++++++++++++------
 1 files changed, 17 insertions(+), 6 deletions(-)

commit 1856adb6dd15982fe2c79be1d8d6d11166828270
Author: Yoann Vandoorselaere <yoann.v@prelude-ids.com>
Date:   2009-07-10

    Do not discard --root parameters if prefix is absolute
    
    os.path.join() will discard previous path if it meet a member which
    is absolute, thus we now handle the root separatly.

 setup.py |    2 +-
 1 files changed, 1 insertions(+), 1 deletions(-)

commit 7348a4a38c5aa4f34aac1808744dbbf446421836
Author: Yoann Vandoorselaere <yoann.v@prelude-ids.com>
Date:   2009-07-09

    Update NEWS, bump version

 NEWS                                 |   37 +++++++++++++++++++++++++++++++++-
 prelude_correlator.egg-info/PKG-INFO |    2 +-
 setup.py                             |    2 +-
 3 files changed, 38 insertions(+), 3 deletions(-)

commit a04256bf251cc054aff0c56e06c1f5ef56a47e27
Author: Yoann Vandoorselaere <yoann.v@prelude-ids.com>
Date:   2009-07-09

    Method for configuration option value retrieval no take an optional type argument
    
    This argument might be used to indicate the type of the value returned
    (the default is str). Update the dshield plugin so that it specify an
    int and float return type for the reload and timeout options.

 PreludeCorrelator/config.py          |    4 ++--
 PreludeCorrelator/pluginmanager.py   |    4 ++--
 PreludeCorrelator/plugins/dshield.py |    4 ++--
 3 files changed, 6 insertions(+), 6 deletions(-)

commit 45fc6e84cf78c98ba3a84f7d1b3e27c087618855
Author: Yoann Vandoorselaere <yoann.v@prelude-ids.com>
Date:   2009-07-09

    Do not distribute siteconfig.py

 prelude_correlator.egg-info/SOURCES.txt |    1 -
 1 files changed, 0 insertions(+), 1 deletions(-)

commit 68a5806ff499eec4e4a6816135b75f7ffbc66d0f
Author: Yoann Vandoorselaere <yoann.v@prelude-ids.com>
Date:   2009-07-09

    Make use of the command line specified configuration file, if any

 PreludeCorrelator/log.py  |    5 ++---
 PreludeCorrelator/main.py |   12 +++++++-----
 2 files changed, 9 insertions(+), 8 deletions(-)

commit f53d00d53ed2c121e9e5e28176fcb363d548f21c
Author: Yoann Vandoorselaere <yoann.v@prelude-ids.com>
Date:   2009-07-09

    Whitespace police

 NEWS |    6 +++---
 1 files changed, 3 insertions(+), 3 deletions(-)

commit ff0620bac4d12033e1a13cf8469d200dce2424dc
Author: Yoann Vandoorselaere <yoann.v@prelude-ids.com>
Date:   2009-07-09

    Abstracting access to data/configuration files
    
    This provide an abstraction layer over the way PreludeCorrelator
    access data and configuration files, depending on its installation method.
    
    When PreludeCorrelator is installed as an EGG, data/configuration
    files should be self contained within the package. We set the zip_false
    flags to False so that PreludeCorrelator can expect data written to the
    data files to be persistant accross run.
    
    However, for standard prelude-correlator installation, we keep
    using /etc/prelude-correlator as the configuration directory, and
    /var/lib/prelude-correlator as the data directory.
    
    This additionally introduce a default configuration file, which
    installation location depend on the type of installation.

 PreludeCorrelator/context.py             |   11 ++++--
 PreludeCorrelator/log.py                 |    5 ++-
 PreludeCorrelator/main.py                |   14 ++++++---
 PreludeCorrelator/pluginmanager.py       |    1 -
 PreludeCorrelator/plugins/dshield.py     |    4 +-
 PreludeCorrelator/require.py             |   44 ++++++++++++++++++++++++++++
 prelude-correlator.conf                  |   47 ++++++++++++++++++++++++++++++
 prelude_correlator.egg-info/SOURCES.txt  |    4 ++
 prelude_correlator.egg-info/not-zip-safe |    1 +
 setup.py                                 |   38 ++++++++++++++++++++++--
 10 files changed, 152 insertions(+), 17 deletions(-)
 create mode 100644 PreludeCorrelator/require.py
 create mode 100644 prelude-correlator.conf
 create mode 100644 prelude_correlator.egg-info/not-zip-safe

commit aca0ffd929fedec7f0d37bb6f29d270877e6b108
Author: Yoann Vandoorselaere <yoann.v@prelude-ids.com>
Date:   2009-07-08

    HTTPConnection does not support timeout keyword with Python < 2.6

 PreludeCorrelator/plugins/dshield.py |    5 ++++-
 1 files changed, 4 insertions(+), 1 deletions(-)

commit 8efd56a7635f69b2a40fb52961d1a519fda3026f
Author: Yoann Vandoorselaere <yoann.v@prelude-ids.com>
Date:   2009-07-09

    Fix configuration and /var/lib directory in case installation prefix is "/usr"

 setup.py |   38 ++++++++++++++++++++++++++++----------
 1 files changed, 28 insertions(+), 10 deletions(-)

commit b283c52df126a98893458655bc493609c2692628
Author: Yoann Vandoorselaere <yoann.v@prelude-ids.com>
Date:   2009-07-06

    Explicitly close the context file descriptor on save.

 PreludeCorrelator/context.py |    1 +
 1 files changed, 1 insertions(+), 0 deletions(-)

commit a08f613cf167d71692e9ff61582618d901a90e84
Author: Yoann Vandoorselaere <yoann.v@prelude-ids.com>
Date:   2009-07-06

    Make it possible to specify your own DShield database file
    
    This is useful on system with no direct internet access, so that
    a static DShield database can be used by using the 'filename'
    option in combination with a 'reload' option set to 0.

 PreludeCorrelator/plugins/dshield.py |   38 +++++++++++++++++----------------
 1 files changed, 20 insertions(+), 18 deletions(-)

commit 026a18e4b194c15fb7096f11c2252658e022c984
Author: Yoann Vandoorselaere <yoann.v@prelude-ids.com>
Date:   2009-07-06

    Introduce a new plugin logging mechanism

 PreludeCorrelator/pluginmanager.py   |   24 +++++++++++++++++++++++-
 PreludeCorrelator/plugins/dshield.py |    4 ++--
 2 files changed, 25 insertions(+), 3 deletions(-)

commit 44b54ff1ad6ce7a2f5b78e32dc7ee6c1587e3d37
Author: Yoann Vandoorselaere <yoann.v@prelude-ids.com>
Date:   2009-07-06

    Dshield plugin fixes
    
    The dshield plugin didn't report any events since address loaded
    from the DSHIELD database weren't correctly normalized.
    
    This also fixes reloading of the DShield database, which was not
    working in previous version due to the timer not being started.
    
    Additionally, generated alerts now include additional details.

 PreludeCorrelator/plugins/dshield.py |   21 +++++++++++++++------
 1 files changed, 15 insertions(+), 6 deletions(-)

commit dff006a3873a116de2ce242048af373328fd0152
Author: Yoann Vandoorselaere <yoann.v@prelude-ids.com>
Date:   2009-07-06

    Specify our own Prelude callback so that log entry are normalized

 PreludeCorrelator/log.py |   32 +++++++++++++++++++++++++++++++-
 1 files changed, 31 insertions(+), 1 deletions(-)

commit 73a0f921c59db07a1edc2a7bc596e2635ba3be41
Author: Yoann Vandoorselaere <yoann.v@prelude-ids.com>
Date:   2009-06-24

    Fix rare IDMEF:Set() exception
    
    A rare exception would occur when IDMEF:Set() was called with
    an empty list/tuple as the value argument. This case is now
    handled specificaly for consistancy with IDMEF:Get() (which
    can return an empty tuple in case the retrieved path is empty
    and ambiguous).

 PreludeCorrelator/idmef.py |    6 ++++++
 1 files changed, 6 insertions(+), 0 deletions(-)

commit a238a64eca0150a9e26f1516f40c2a49882c6a37
Author: Yoann Vandoorselaere <yoann.v@prelude-ids.com>
Date:   2009-06-24

    Return empty tuple rather than an empty list.

 PreludeCorrelator/idmef.py |    2 +-
 1 files changed, 1 insertions(+), 1 deletions(-)

commit ddf3a07d34ebcb73d560c09af914faa9c343b9bd
Author: Yoann Vandoorselaere <yoann.v@prelude-ids.com>
Date:   2009-06-24

    Implement a plugin signaling method.
    
    Make it possible for plugin to define a 'signal' method that will
    get called when prelude-correlator handle a signal (can be used to
    perform special handling before exit, statistics or debugging purposes).

 PreludeCorrelator/main.py          |   10 ++++++----
 PreludeCorrelator/pluginmanager.py |   10 ++++++++++
 2 files changed, 16 insertions(+), 4 deletions(-)

commit a61959b597a3bc942fc912ac28040b8e3cb57dcd
Author: Yoann Vandoorselaere <yoann@nobody.(none)>
Date:   2009-06-24

    Implement new Timer utility methods
    
    This implement some Timer utility methods: elapsed() return the number
    of second elapsed since the timer started, hasExpired() return True
    or False depending on whether the timer already expired or not, and
    check() will call the timer callback if the timer has expired.

 PreludeCorrelator/context.py |   14 +++++++++++---
 1 files changed, 11 insertions(+), 3 deletions(-)

commit f3da833d9fe0b6c2d12806ba7ea5a27616f78f94
Author: Yoann Vandoorselaere <yoann.v@prelude-ids.com>
Date:   2009-06-18

    Update NEWS, bump version.

 NEWS                                 |   28 ++++++++++++++++++++++++++++
 prelude_correlator.egg-info/PKG-INFO |    2 +-
 setup.py                             |    2 +-
 3 files changed, 30 insertions(+), 2 deletions(-)

commit 2f1c606dc8ffeffa74422c6cbbe0b8bdaac1ad92
Author: Yoann Vandoorselaere <yoann.v@prelude-ids.com>
Date:   2009-06-18

    Cast timeout to float, fixes exception.

 PreludeCorrelator/plugins/dshield.py |    2 +-
 1 files changed, 1 insertions(+), 1 deletions(-)

commit 37945571d4674342ef2b5f2d9583654c6c79d2a2
Author: Yoann Vandoorselaere <yoann.v@prelude-ids.com>
Date:   2009-06-18

    Implement our own Config class
    
    Simplify the code as much as possible, implement our own Configuration
    class, including some helpers. Remove globals.

 PreludeCorrelator/config.py             |   46 +++++++++++++++++++++++++++++++
 PreludeCorrelator/main.py               |    4 ++-
 PreludeCorrelator/pluginmanager.py      |   43 ++++++++---------------------
 prelude_correlator.egg-info/SOURCES.txt |    1 +
 4 files changed, 62 insertions(+), 32 deletions(-)
 create mode 100644 PreludeCorrelator/config.py

commit abb33fa2dcbbd4163dccd1f7bf74d34a9db0c387
Author: Yoann Vandoorselaere <yoann.v@prelude-ids.com>
Date:   2009-06-18

    Make it possible to disable plugin
    
    It is now possible to add the following setting in prelude-correlator.conf:
    [PluginClassName]
    disable = true
    
    This fixes #354.

 PreludeCorrelator/pluginmanager.py |   14 ++++++++++++++
 1 files changed, 14 insertions(+), 0 deletions(-)

commit 5491e0920a4fc71263a7a9c9dd2bf38dd2baceb5
Author: Yoann Vandoorselaere <yoann.v@prelude-ids.com>
Date:   2009-06-18

    Correct invalid variable name.
    
    This prevented prelude-correlator from starting in daemon mode when
    using the '--pidfile' option. Fixes #355.

 PreludeCorrelator/main.py |    2 +-
 1 files changed, 1 insertions(+), 1 deletions(-)

commit 3af1674916e3850ae4af9dce2341113180edf484
Author: Yoann Vandoorselaere <yoann.v@prelude-ids.com>
Date:   2009-06-18

    Dshield connection timeout
    
    Implement a timeout for Dshield.org server connection. The default
    is 10 seconds, and might be modified from the prelude-correlator.conf
    configuration file. This prevent Dshield host list loading from
    blocking forever, and fixes #353.

 PreludeCorrelator/plugins/dshield.py |    5 +++--
 1 files changed, 3 insertions(+), 2 deletions(-)

commit 1cc0b307bce48106744c93caae41311dcb126be9
Author: Yoann Vandoorselaere <yoann.v@prelude-ids.com>
Date:   2009-06-18

    Catch exception on plugin loading
    
    Prevent prelude-correlator from abording if a plugin fail. Emit
    a warning explaining why a given plugin couldn't load, and continue
    processing.

 PreludeCorrelator/pluginmanager.py |    8 +++++++-
 1 files changed, 7 insertions(+), 1 deletions(-)

commit 0ebfb4976ae927cfc1766fd28c3e0e0f023d7be2
Author: Yoann Vandoorselaere <yoann.v@prelude-ids.com>
Date:   2009-06-18

    Use module __version__ for version Bookkeeping

 PreludeCorrelator/__init__.py |   20 ++++++++++++++++++++
 PreludeCorrelator/main.py     |    5 +----
 2 files changed, 21 insertions(+), 4 deletions(-)

commit 0cc9a6c8ccbd4891454e84d1240fe6773528c88b
Author: Yoann Vandoorselaere <yoann.v@prelude-ids.com>
Date:   2009-06-18

    Read plugin configuration from prelude-correlator.conf

 PreludeCorrelator/pluginmanager.py |    2 +-
 1 files changed, 1 insertions(+), 1 deletions(-)

commit 48169894c0ced9744f3e52ee399944750764ef7f
Author: Yoann Vandoorselaere <yoann.v@prelude-ids.com>
Date:   2009-06-18

    Implement logging subsystem.
    
    Implement PreludeCorrelator.log, providing basic logging functionality,
    and spread its use accross correlator sources. Avoid using global as
    much as possible.

 PreludeCorrelator/context.py            |    6 ++--
 PreludeCorrelator/log.py                |   44 ++++++++++++++++++++++
 PreludeCorrelator/main.py               |   61 ++++++++++++++++++-------------
 PreludeCorrelator/pluginmanager.py      |    7 +++-
 PreludeCorrelator/plugins/dshield.py    |    9 +++--
 prelude_correlator.egg-info/SOURCES.txt |    1 +
 6 files changed, 95 insertions(+), 33 deletions(-)
 create mode 100644 PreludeCorrelator/log.py

commit 259f3dfabaeb9db19f2182d7174f4a10c77f3fa3
Author: Yoann Vandoorselaere <yoann.v@prelude-ids.com>
Date:   2009-06-17

    Correct copyright notice, add missing AUTHORS, COPYING, HACKING.README files.

 AUTHORS                                 |    2 +
 COPYING                                 |  340 +++++++++++++++++++++++++++++++
 HACKING.README                          |   14 ++
 PreludeCorrelator/context.py            |    2 +-
 PreludeCorrelator/idmef.py              |    2 +-
 PreludeCorrelator/main.py               |    2 +-
 PreludeCorrelator/pluginmanager.py      |    2 +-
 PreludeCorrelator/plugins/firewall.py   |    2 +-
 PreludeCorrelator/utils.py              |    2 +-
 prelude_correlator.egg-info/SOURCES.txt |    4 +
 10 files changed, 366 insertions(+), 6 deletions(-)
 create mode 100644 AUTHORS
 create mode 100644 COPYING
 create mode 100644 HACKING.README

commit 968b9397ff195c20089e04445f8e2b05941cfe1b
Author: Yoann Vandoorselaere <yoann.v@prelude-ids.com>
Date:   2009-06-17

    Update NEWS, bump version number.

 NEWS                                 |   50 ++++++++++++++++++++++++++++++++++
 prelude_correlator.egg-info/PKG-INFO |    2 +-
 setup.py                             |    2 +-
 3 files changed, 52 insertions(+), 2 deletions(-)
 create mode 100644 NEWS

commit e7ddc929be7501509f1f4cd9d1d041d62d677a9c
Author: Yoann Vandoorselaere <yoann.v@prelude-ids.com>
Date:   2009-06-17

    Include GIT generated Changelog when making source distribution

 prelude_correlator.egg-info/SOURCES.txt |    1 +
 setup.py                                |   12 +++++++++++-
 2 files changed, 12 insertions(+), 1 deletions(-)

commit e7ad5d78f602b4e3e9dde163e04b07fe52201541
Author: Yoann Vandoorselaere <yoann.v@prelude-ids.com>
Date:   2009-06-17

    Increase default threshold for bruteUser to 5

 PreludeCorrelator/plugins/bruteforce.py |    2 +-
 1 files changed, 1 insertions(+), 1 deletions(-)

commit c7abd9f715c598a9c808e7ea26ded51d0913465b
Author: Yoann Vandoorselaere <yoann.v@prelude-ids.com>
Date:   2009-06-17

    Catch exception to secure Timer callback.

 PreludeCorrelator/context.py |    5 ++++-
 1 files changed, 4 insertions(+), 1 deletions(-)

commit 0aee836d8beb0a61964308ccdbf7f58a924508b9
Author: Yoann Vandoorselaere <yoann.v@prelude-ids.com>
Date:   2009-06-17

    Do not reset threshold and alert_on_expire on update.

 PreludeCorrelator/context.py |    6 +++---
 1 files changed, 3 insertions(+), 3 deletions(-)

commit eaab47a015e97d7641230541b1c90f443cc9b021
Author: Yoann Vandoorselaere <yoann.v@prelude-ids.com>
Date:   2009-06-17

    Fix DShield host list download address, raise exception if download fail

 PreludeCorrelator/plugins/dshield.py |    4 ++--
 1 files changed, 2 insertions(+), 2 deletions(-)

commit 8b9f933853ca325e98430f8789cfe78cff46d7fe
Author: Yoann Vandoorselaere <yoann.v@prelude-ids.com>
Date:   2009-06-17

    Fix missing argument to BruteForce plugins function.
    Thanks Pierre Chifflier <p.chifflier@inl.fr> for pointing this out.

 PreludeCorrelator/plugins/bruteforce.py |    4 ++--
 1 files changed, 2 insertions(+), 2 deletions(-)

commit c8c59ce8f3d3d459b8472233a489be4bff4ffa79
Author: Yoann Vandoorselaere <yoann.v@prelude-ids.com>
Date:   2009-06-17

    Fix multiple IDMEF.match() issues
    
    Locate a regex match anywhere in the input string.
    Handle case where we match the input string but there is no captured
    substring by returning True in place of an empty tuple.
    
    Thanks to Pierre Chifflier <p.chifflier@inl.fr> for pointing this out.

 PreludeCorrelator/idmef.py |    9 ++++++---
 1 files changed, 6 insertions(+), 3 deletions(-)

commit 9e679501c0367a8682308fef3078c5431ba2a90d
Author: Yoann Vandoorselaere <yoann.v@prelude-ids.com>
Date:   2009-06-17

    Automate reference of IDMEF Alert within CorrelationAlert.
    
    Automate as much as possible reference making to IDMEF Alert into
    CorrelationAlert by adding a specialized 'addAlertReference()'
    method to the IDMEF class. Make ruleset smaller, less error prone.

 PreludeCorrelator/context.py              |    1 -
 PreludeCorrelator/idmef.py                |    7 +++++++
 PreludeCorrelator/plugins/bruteforce.py   |   10 ++--------
 PreludeCorrelator/plugins/businesshour.py |    5 +----
 PreludeCorrelator/plugins/dshield.py      |    5 +----
 PreludeCorrelator/plugins/opensshauth.py  |    5 +----
 PreludeCorrelator/plugins/scan.py         |   15 +++------------
 PreludeCorrelator/plugins/worm.py         |    5 +----
 8 files changed, 16 insertions(+), 37 deletions(-)

commit 0a15cb85700b10c8fb1249dd252d5b8a292af23e
Author: Yoann Vandoorselaere <yoann.v@prelude-ids.com>
Date:   2009-06-17

    More typo fixes.

 PreludeCorrelator/pluginmanager.py |    4 ++--
 1 files changed, 2 insertions(+), 2 deletions(-)

commit 47855e88f2bf2988b540839c1ae3ede736849ffc
Author: Yoann Vandoorselaere <yoann.v@prelude-ids.com>
Date:   2009-06-17

    Fix typo.

 PreludeCorrelator/pluginmanager.py |    4 ++--
 1 files changed, 2 insertions(+), 2 deletions(-)

commit 04df89e00cf7ab7d30ab76e32b0017b8839b3205
Author: Yoann Vandoorselaere <yoann.v@prelude-ids.com>
Date:   2009-06-15

    Use setuptools for distribution and plugins.

 PreludeCorrelator/main.py                        |  163 +++++++++++++
 PreludeCorrelator/pluginmanager.py               |   66 +++++
 PreludeCorrelator/plugins.py                     |   74 ------
 PreludeCorrelator/plugins/bruteforce.py          |   74 ++++++
 PreludeCorrelator/plugins/businesshour.py        |   44 ++++
 PreludeCorrelator/plugins/dshield.py             |   89 +++++++
 PreludeCorrelator/plugins/firewall.py            |   52 ++++
 PreludeCorrelator/plugins/opensshauth.py         |   56 +++++
 PreludeCorrelator/plugins/scan.py                |  110 +++++++++
 PreludeCorrelator/plugins/worm.py                |   58 +++++
 ez_setup.py                                      |  276 ++++++++++++++++++++++
 prelude_correlator.egg-info/PKG-INFO             |   34 +++
 prelude_correlator.egg-info/SOURCES.txt          |   23 ++
 prelude_correlator.egg-info/dependency_links.txt |    1 +
 prelude_correlator.egg-info/entry_points.txt     |   14 +
 prelude_correlator.egg-info/top_level.txt        |    1 +
 ruleset/brute-force.py                           |   74 ------
 ruleset/business-hour.py                         |   44 ----
 ruleset/dshield.py                               |   89 -------
 ruleset/firewall.py                              |   52 ----
 ruleset/openssh-multiple-authtypes.py            |   56 -----
 ruleset/scan.py                                  |  110 ---------
 ruleset/worm.py                                  |   58 -----
 scripts/prelude-correlator                       |  153 ------------
 setup.py                                         |   77 +++++-
 25 files changed, 1124 insertions(+), 724 deletions(-)
 create mode 100644 PreludeCorrelator/main.py
 create mode 100644 PreludeCorrelator/pluginmanager.py
 delete mode 100644 PreludeCorrelator/plugins.py
 create mode 100644 PreludeCorrelator/plugins/__init__.py
 create mode 100644 PreludeCorrelator/plugins/bruteforce.py
 create mode 100644 PreludeCorrelator/plugins/businesshour.py
 create mode 100644 PreludeCorrelator/plugins/dshield.py
 create mode 100644 PreludeCorrelator/plugins/firewall.py
 create mode 100644 PreludeCorrelator/plugins/opensshauth.py
 create mode 100644 PreludeCorrelator/plugins/scan.py
 create mode 100644 PreludeCorrelator/plugins/worm.py
 create mode 100644 ez_setup.py
 create mode 100644 prelude_correlator.egg-info/PKG-INFO
 create mode 100644 prelude_correlator.egg-info/SOURCES.txt
 create mode 100644 prelude_correlator.egg-info/dependency_links.txt
 create mode 100644 prelude_correlator.egg-info/entry_points.txt
 create mode 100644 prelude_correlator.egg-info/top_level.txt
 delete mode 100644 ruleset/brute-force.py
 delete mode 100644 ruleset/business-hour.py
 delete mode 100644 ruleset/dshield.py
 delete mode 100644 ruleset/firewall.py
 delete mode 100644 ruleset/openssh-multiple-authtypes.py
 delete mode 100644 ruleset/scan.py
 delete mode 100644 ruleset/worm.py
 delete mode 100755 scripts/prelude-correlator

commit ff64f43360f3f080dbed4bed2e20390dd818309e
Author: Yoann Vandoorselaere <yoann.v@prelude-ids.com>
Date:   2009-06-12

    Initial README file.

 README |   72 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
 1 files changed, 72 insertions(+), 0 deletions(-)
 create mode 100644 README

commit ac3ff498168d8448242a195ca4d673e834e1f6ff
Author: Yoann Vandoorselaere <yoann.v@prelude-ids.com>
Date:   2009-06-12

    Fix for Python 2.6 deprecation warning, no need to provide arguments to the parent method.

 PreludeCorrelator/context.py |    2 +-
 1 files changed, 1 insertions(+), 1 deletions(-)

commit 8d799dc07d4d36104c816758ea0747d88138ed04
Author: Yoann Vandoorselaere <yoann.v@prelude-ids.com>
Date:   2009-06-12

    Rename from pycor to prelude-correlator.

 setup.py |    2 +-
 1 files changed, 1 insertions(+), 1 deletions(-)

commit 2a3f31197137ffac4c2c504e411330c75a987b14
Author: Yoann Vandoorselaere <yoann.v@prelude-ids.com>
Date:   2009-06-12

    Libprelude version check, require 0.9.23.

 scripts/prelude-correlator |    5 ++++-
 setup.py                   |    2 ++
 2 files changed, 6 insertions(+), 1 deletions(-)

commit 0f88217ca0704f5861eca87ad8d7a8e67a0c1165
Author: Yoann Vandoorselaere <yoann.v@prelude-ids.com>
Date:   2009-06-12

    Whitespace police.

 setup.py |    4 ++--
 1 files changed, 2 insertions(+), 2 deletions(-)

commit f6a8a98b20e73651819096fbda3a93b88f20b69d
Author: Yoann Vandoorselaere <yoann.v@prelude-ids.com>
Date:   2009-06-11

    Correct business hour detection, thanks J. Ignacio Ormeño <nacho.orme@gmail.com> for pointing this out.

 ruleset/business-hour.py |    3 ++-
 1 files changed, 2 insertions(+), 1 deletions(-)

commit 1fe4240a65c58749e840b1f706ba08a3d07978b6
Author: Yoann Vandoorselaere <yoann.v@prelude-ids.com>
Date:   2009-05-04

    Rename from pycor to prelude-correlator

 PreludeCorrelator/context.py          |  144 +++++++++++++++++++++++++++++++
 PreludeCorrelator/idmef.py            |  115 +++++++++++++++++++++++++
 PreludeCorrelator/plugins.py          |   74 ++++++++++++++++
 PreludeCorrelator/utils.py            |   42 +++++++++
 pycor/context.py                      |  144 -------------------------------
 pycor/idmef.py                        |  115 -------------------------
 pycor/plugins.py                      |   74 ----------------
 pycor/utils.py                        |   42 ---------
 ruleset/brute-force.py                |    4 +-
 ruleset/business-hour.py              |    4 +-
 ruleset/dshield.py                    |    8 +-
 ruleset/firewall.py                   |    4 +-
 ruleset/openssh-multiple-authtypes.py |    4 +-
 ruleset/scan.py                       |    4 +-
 ruleset/worm.py                       |    4 +-
 scripts/prelude-correlator            |  150 +++++++++++++++++++++++++++++++++
 scripts/pycor                         |  150 ---------------------------------
 setup.py                              |   24 +++---
 18 files changed, 553 insertions(+), 553 deletions(-)
 create mode 100644 PreludeCorrelator/__init__.py
 create mode 100644 PreludeCorrelator/context.py
 create mode 100644 PreludeCorrelator/idmef.py
 create mode 100644 PreludeCorrelator/plugins.py
 create mode 100644 PreludeCorrelator/utils.py
 delete mode 100644 pycor/__init__.py
 delete mode 100644 pycor/context.py
 delete mode 100644 pycor/idmef.py
 delete mode 100644 pycor/plugins.py
 delete mode 100644 pycor/utils.py
 create mode 100755 scripts/prelude-correlator
 delete mode 100755 scripts/pycor

commit 999ae1f75807a788d3edef182a58608fe569226b
Author: Yoann Vandoorselaere <yoann.v@prelude-ids.com>
Date:   2009-05-04

    Remove everything in preparation for the import of the Python Correlator version.

 AUTHORS                                            |    2 -
 COPYING                                            |  340 ----
 HACKING.README                                     |   14 -
 INSTALL                                            |  236 ---
 Makefile.am                                        |   21 -
 NEWS                                               |   42 -
 autogen.sh                                         |    9 -
 configure.in                                       |  191 --
 libmissing/Makefile.am                             |  184 --
 libmissing/dummy.c                                 |   42 -
 libmissing/gettimeofday.c                          |  142 --
 libmissing/m4/extensions.m4                        |   82 -
 libmissing/m4/gettimeofday.m4                      |  101 -
 libmissing/m4/gnulib-cache.m4                      |   37 -
 libmissing/m4/gnulib-common.m4                     |   91 -
 libmissing/m4/gnulib-comp.m4                       |  196 --
 libmissing/m4/gnulib-tool.m4                       |   57 -
 libmissing/m4/include_next.m4                      |  110 -
 libmissing/m4/onceonly.m4                          |   90 -
 libmissing/m4/string_h.m4                          |   89 -
 libmissing/m4/strpbrk.m4                           |   18 -
 libmissing/m4/strsep.m4                            |   24 -
 libmissing/m4/sys_time_h.m4                        |   57 -
 libmissing/string.in.h                             |  585 ------
 libmissing/strpbrk.c                               |   42 -
 libmissing/strsep.c                                |   58 -
 libmissing/sys_time.in.h                           |   52 -
 m4/as-ac-expand.m4                                 |   43 -
 m4/ax_c_check_flag.m4                              |   90 -
 m4/ax_ld_check_flag.m4                             |   98 -
 m4/libprelude.m4                                   |  176 --
 plugins/Makefile.am                                |    1 -
 plugins/lua/Makefile.am                            |   15 -
 plugins/lua/lib.lua                                |  159 --
 plugins/lua/lua-idmef-value.c                      |  154 --
 plugins/lua/lua-idmef-value.h                      |   26 -
 plugins/lua/lua-idmef.c                            |  511 -----
 plugins/lua/lua-idmef.h                            |   26 -
 plugins/lua/lua-timer.c                            |  296 ---
 plugins/lua/lua-timer.h                            |   28 -
 plugins/lua/lua.c                                  |  337 ----
 plugins/lua/regex.c                                |  524 -----
 plugins/lua/regex.h                                |   31 -
 plugins/lua/ruleset/Makefile.am                    |    3 -
 plugins/lua/ruleset/brute-force.lua                |   79 -
 plugins/lua/ruleset/business-hour.lua              |   40 -
 plugins/lua/ruleset/dshield.lua                    |   98 -
 plugins/lua/ruleset/firewall.lua                   |   64 -
 plugins/lua/ruleset/openssh-multiple-authtypes.lua |   69 -
 plugins/lua/ruleset/scan.lua                       |  116 --
 plugins/lua/ruleset/worm.lua                       |   65 -
 plugins/pcre/Makefile.am                           |   18 -
 plugins/pcre/capture-string.c                      |  155 --
 plugins/pcre/capture-string.h                      |   43 -
 plugins/pcre/pcre-context.c                        | 1052 ----------
 plugins/pcre/pcre-context.h                        |  116 --
 plugins/pcre/pcre-mod.c                            | 2108 --------------------
 plugins/pcre/pcre-mod.h                            |   97 -
 plugins/pcre/pcre-parser.c                         |  173 --
 plugins/pcre/pcre-parser.h                         |   25 -
 plugins/pcre/rule-object.c                         |  393 ----
 plugins/pcre/rule-object.h                         |   40 -
 plugins/pcre/rule-regex.c                          |  347 ----
 plugins/pcre/rule-regex.h                          |   30 -
 plugins/pcre/ruleset/Makefile.am                   |    8 -
 plugins/pcre/ruleset/brute-force.rules             |   95 -
 plugins/pcre/ruleset/business-hour.rules           |   53 -
 plugins/pcre/ruleset/example.rules                 |   37 -
 plugins/pcre/ruleset/firewall.rules                |   66 -
 plugins/pcre/ruleset/pcre.rules                    |   11 -
 plugins/pcre/ruleset/scan.rules                    |  120 --
 plugins/pcre/ruleset/worm.rules                    |   72 -
 plugins/pcre/value-container.c                     |  728 -------
 plugins/pcre/value-container.h                     |   47 -
 prelude-correlator.conf.in                         |   26 -
 src/Makefile.am                                    |   12 -
 src/correlation-plugins.c                          |  117 --
 src/include/Makefile.am                            |    4 -
 src/include/correlation-plugins.h                  |   31 -
 src/include/prelude-correlator.h                   |   41 -
 src/prelude-correlator.c                           |  515 -----
 81 files changed, 0 insertions(+), 12541 deletions(-)
 delete mode 100644 AUTHORS
 delete mode 100644 COPYING
 delete mode 100644 ChangeLog
 delete mode 100644 HACKING.README
 delete mode 100644 INSTALL
 delete mode 100644 Makefile.am
 delete mode 100644 NEWS
 delete mode 100644 README
 delete mode 100755 autogen.sh
 delete mode 100644 configure.in
 delete mode 100644 libmissing/Makefile.am
 delete mode 100644 libmissing/dummy.c
 delete mode 100644 libmissing/gettimeofday.c
 delete mode 100644 libmissing/m4/extensions.m4
 delete mode 100644 libmissing/m4/gettimeofday.m4
 delete mode 100644 libmissing/m4/gnulib-cache.m4
 delete mode 100644 libmissing/m4/gnulib-common.m4
 delete mode 100644 libmissing/m4/gnulib-comp.m4
 delete mode 100644 libmissing/m4/gnulib-tool.m4
 delete mode 100644 libmissing/m4/include_next.m4
 delete mode 100644 libmissing/m4/onceonly.m4
 delete mode 100644 libmissing/m4/string_h.m4
 delete mode 100644 libmissing/m4/strpbrk.m4
 delete mode 100644 libmissing/m4/strsep.m4
 delete mode 100644 libmissing/m4/sys_time_h.m4
 delete mode 100644 libmissing/string.in.h
 delete mode 100644 libmissing/strpbrk.c
 delete mode 100644 libmissing/strsep.c
 delete mode 100644 libmissing/sys_time.in.h
 delete mode 100644 m4/as-ac-expand.m4
 delete mode 100644 m4/ax_c_check_flag.m4
 delete mode 100644 m4/ax_ld_check_flag.m4
 delete mode 100644 m4/libprelude.m4
 delete mode 100644 plugins/Makefile.am
 delete mode 100644 plugins/lua/Makefile.am
 delete mode 100644 plugins/lua/lib.lua
 delete mode 100644 plugins/lua/lua-idmef-value.c
 delete mode 100644 plugins/lua/lua-idmef-value.h
 delete mode 100644 plugins/lua/lua-idmef.c
 delete mode 100644 plugins/lua/lua-idmef.h
 delete mode 100644 plugins/lua/lua-timer.c
 delete mode 100644 plugins/lua/lua-timer.h
 delete mode 100644 plugins/lua/lua.c
 delete mode 100644 plugins/lua/regex.c
 delete mode 100644 plugins/lua/regex.h
 delete mode 100644 plugins/lua/ruleset/Makefile.am
 delete mode 100644 plugins/lua/ruleset/brute-force.lua
 delete mode 100644 plugins/lua/ruleset/business-hour.lua
 delete mode 100644 plugins/lua/ruleset/dshield.lua
 delete mode 100644 plugins/lua/ruleset/firewall.lua
 delete mode 100644 plugins/lua/ruleset/openssh-multiple-authtypes.lua
 delete mode 100644 plugins/lua/ruleset/scan.lua
 delete mode 100644 plugins/lua/ruleset/worm.lua
 delete mode 100644 plugins/pcre/Makefile.am
 delete mode 100644 plugins/pcre/capture-string.c
 delete mode 100644 plugins/pcre/capture-string.h
 delete mode 100644 plugins/pcre/pcre-context.c
 delete mode 100644 plugins/pcre/pcre-context.h
 delete mode 100644 plugins/pcre/pcre-mod.c
 delete mode 100644 plugins/pcre/pcre-mod.h
 delete mode 100644 plugins/pcre/pcre-parser.c
 delete mode 100644 plugins/pcre/pcre-parser.h
 delete mode 100644 plugins/pcre/rule-object.c
 delete mode 100644 plugins/pcre/rule-object.h
 delete mode 100644 plugins/pcre/rule-regex.c
 delete mode 100644 plugins/pcre/rule-regex.h
 delete mode 100644 plugins/pcre/ruleset/Makefile.am
 delete mode 100644 plugins/pcre/ruleset/brute-force.rules
 delete mode 100644 plugins/pcre/ruleset/business-hour.rules
 delete mode 100644 plugins/pcre/ruleset/example.rules
 delete mode 100644 plugins/pcre/ruleset/firewall.rules
 delete mode 100644 plugins/pcre/ruleset/pcre.rules
 delete mode 100644 plugins/pcre/ruleset/scan.rules
 delete mode 100644 plugins/pcre/ruleset/worm.rules
 delete mode 100644 plugins/pcre/value-container.c
 delete mode 100644 plugins/pcre/value-container.h
 delete mode 100644 prelude-correlator.conf.in
 delete mode 100644 src/Makefile.am
 delete mode 100644 src/correlation-plugins.c
 delete mode 100644 src/include/Makefile.am
 delete mode 100644 src/include/correlation-plugins.h
 delete mode 100644 src/include/prelude-correlator.h
 delete mode 100644 src/prelude-correlator.c

commit 8f4e3dd9051dd2127f11240f4936a23128905a6a
Author: Yoann Vandoorselaere <yoann.v@prelude-ids.com>
Date:   2009-04-28

    Fix exception.

 ruleset/dshield.py |    2 +-
 1 files changed, 1 insertions(+), 1 deletions(-)

commit 6d03bbedffbbef787bb86975b2ed166153657762
Author: Yoann Vandoorselaere <yoann.v@prelude-ids.com>
Date:   2009-04-28

    Remove debug spew.

 ruleset/dshield.py |    3 ---
 1 files changed, 0 insertions(+), 3 deletions(-)

commit 8d6b27e90fa43a115fc6e3cf71f4edc729f0ded5
Author: Yoann Vandoorselaere <yoann.v@prelude-ids.com>
Date:   2009-04-28

    Make it possible to modify default server, uri, and reload time from the configuration.

 ruleset/dshield.py |   75 +++++++++++++++++++++++++++------------------------
 1 files changed, 40 insertions(+), 35 deletions(-)

commit dbf5b7a90a727335cc77635c46a45bf5d847a073
Author: Yoann Vandoorselaere <yoann.v@prelude-ids.com>
Date:   2009-04-28

    Basic configuration handling. Ability for a plugin to be disabled by default.

 pycor/plugins.py |   32 +++++++++++++++++++++++++++-----
 1 files changed, 27 insertions(+), 5 deletions(-)

commit e6f21e5f2fdc109c9e8b4ff55ebb96254e0eab68
Author: Yoann Vandoorselaere <yoann.v@prelude-ids.com>
Date:   2009-04-28

    Correctly set IDMEFAnalyzer class, model, manufacturer and version.

 scripts/pycor |    3 ++-
 1 files changed, 2 insertions(+), 1 deletions(-)

commit 514b54775e2eb8ec32bf86f1941cc571f18c1a40
Author: Yoann Vandoorselaere <yoann.v@prelude-ids.com>
Date:   2009-04-24

    Make dry-run actually work.

 scripts/pycor |   15 +++++++--------
 1 files changed, 7 insertions(+), 8 deletions(-)

commit 23320cbeed85d0fd35ebd60be84fe7c53807eeb1
Author: Yoann Vandoorselaere <yoann.v@prelude-ids.com>
Date:   2009-04-23

    Handle Pickle EOFError, and fixes possible exception when pickling the
    Timer class.

 pycor/context.py |   32 ++++++++++++++++++++------------
 1 files changed, 20 insertions(+), 12 deletions(-)

commit dca3ec050b8eacc92072b050476c45de28afb0e5
Author: Yoann Vandoorselaere <yoann.v@prelude-ids.com>
Date:   2009-04-23

    If IDMEF.Get() return None, and flatten is set, only return an empty tuple
    if the path is ambiguous (would return a list).

 pycor/idmef.py |    9 ++++++---
 1 files changed, 6 insertions(+), 3 deletions(-)

commit 239beabd00892142849e7cff5f70d8e1d17a5e82
Author: Yoann Vandoorselaere <yoann.v@prelude-ids.com>
Date:   2009-04-23

    Fix exception, use Python hasattr().

 ruleset/openssh-multiple-authtypes.py |    2 +-
 1 files changed, 1 insertions(+), 1 deletions(-)

commit 6c63d701b086dfcbed1c49d7e589eacffd95303d
Author: Yoann Vandoorselaere <yoann.v@prelude-ids.com>
Date:   2009-04-23

    Add option usage, and version option.

 scripts/pycor |    4 ++--
 1 files changed, 2 insertions(+), 2 deletions(-)

commit ca510f44a0ab388ace611e164b87994312fa08ff
Author: Yoann Vandoorselaere <yoann.v@prelude-ids.com>
Date:   2009-04-22

    Update permission prefix.

 scripts/pycor |    2 +-
 1 files changed, 1 insertions(+), 1 deletions(-)

commit c0352463fca2497b4e4889b8c0e1f3c24865b02c
Author: Yoann Vandoorselaere <yoann.v@prelude-ids.com>
Date:   2009-04-22

    Prefix with OPERATOR_, as done in libprelude 0.9.22.

 pycor/idmef.py |    2 +-
 1 files changed, 1 insertions(+), 1 deletions(-)

commit 82a1a8d91eb62a7a5386b1f6164c435749c616c4
Author: Yoann Vandoorselaere <yoann.v@prelude-ids.com>
Date:   2009-04-17

    Avoid duplicate check, and compile the regex ourselve.

 ruleset/brute-force.py |   28 ++++++++++++----------------
 1 files changed, 12 insertions(+), 16 deletions(-)

commit a2f10d0284d81e36bad1ff9bb2b27db789740cd5
Author: Yoann Vandoorselaere <yoann.v@prelude-ids.com>
Date:   2009-04-17

    Compile the regexp.

 ruleset/firewall.py |    4 ++--
 1 files changed, 2 insertions(+), 2 deletions(-)

commit d5e36c5baa89a2d0537a612ff75113d1123cea62
Author: Yoann Vandoorselaere <yoann.v@prelude-ids.com>
Date:   2009-04-17

    Make Get() return an empty list if flatten is specified and there is no value. Remove regex cache since recent Python version already does that. Force the caller to compile the regex by himself.

 pycor/idmef.py |   38 ++++++++++++++++++++++++++------------
 1 files changed, 26 insertions(+), 12 deletions(-)

commit 43260497d1781ac804f3882978703b35ab3e9a80
Author: Yoann Vandoorselaere <yoann.v@prelude-ids.com>
Date:   2009-04-17

    Add template method.

 pycor/plugins.py |    5 +++--
 1 files changed, 3 insertions(+), 2 deletions(-)

commit f4058a19b5b812d1630e39ac595b4b419e6c8de4
Author: Yoann Vandoorselaere <yoann.v@prelude-ids.com>
Date:   2009-04-17

    Code cleanup.

 ruleset/openssh-multiple-authtypes.py |   17 ++++-------------
 1 files changed, 4 insertions(+), 13 deletions(-)

commit 9e00917193146c98c071d1680442a2dd13904f75
Author: Yoann Vandoorselaere <yoann.v@prelude-ids.com>
Date:   2009-04-17

    Remove explicit flatten() usage, the Get() method now automatically perform it
    as the default.

 ruleset/brute-force.py                |    9 ++++-----
 ruleset/dshield.py                    |    3 +--
 ruleset/openssh-multiple-authtypes.py |    7 +++----
 ruleset/scan.py                       |    9 ++++-----
 ruleset/worm.py                       |    8 +++-----
 5 files changed, 15 insertions(+), 21 deletions(-)

commit f0b020b1ea8242d8d25a7a7dfdb83b7796d14bbf
Author: Yoann Vandoorselaere <yoann.v@prelude-ids.com>
Date:   2009-04-17

    Add flatten argument to the Get() method, which default value is True. When retrieving a listed path, the default is to flatten it.

 pycor/idmef.py |   13 ++++++++++---
 1 files changed, 10 insertions(+), 3 deletions(-)

commit 14343076a4dc317bbdd8b69331413f8c84d7f36b
Author: Yoann Vandoorselaere <yoann.v@prelude-ids.com>
Date:   2009-04-16

    Port firewall ruleset from Lua.

 ruleset/firewall.py |   52 +++++++++++++++++++++++++++++++++++++++++++++++++++
 1 files changed, 52 insertions(+), 0 deletions(-)
 create mode 100644 ruleset/firewall.py

commit ef1190f65735d4d0d4942ef3cfd54f47fa6b14c7
Author: Yoann Vandoorselaere <yoann.v@prelude-ids.com>
Date:   2009-04-16

    Reset attribute on expire.

 pycor/context.py |   10 +++++-----
 1 files changed, 5 insertions(+), 5 deletions(-)

commit 18daeac9678a901573a9287e3af661fa196c0564
Author: Yoann Vandoorselaere <yoann.v@prelude-ids.com>
Date:   2009-04-16

    Ability to provide a replacement value with the Get() method.

 pycor/idmef.py |    3 +++
 1 files changed, 3 insertions(+), 0 deletions(-)

commit 6c117cd6edfdd650a90f937ae39ef70997efbcac
Author: Yoann Vandoorselaere <yoann.v@prelude-ids.com>
Date:   2009-04-16

    Use idmef.match().

 ruleset/brute-force.py |    6 +++---
 ruleset/worm.py        |    2 +-
 2 files changed, 4 insertions(+), 4 deletions(-)

commit 6d61bde131d0cfb9a4088430eaa4ecb509501a16
Author: Yoann Vandoorselaere <yoann.v@prelude-ids.com>
Date:   2009-04-16

    Remove debug spew.

 pycor/context.py |    2 --
 1 files changed, 0 insertions(+), 2 deletions(-)

commit 42c1b79ceff692bc8a2387ed6c221a10cdd49920
Author: Yoann Vandoorselaere <yoann.v@prelude-ids.com>
Date:   2009-04-16

    Fix reset().

 pycor/idmef.py |    2 +-
 1 files changed, 1 insertions(+), 1 deletions(-)

commit aef261f60cf0d53ae2b55686157170407b8b728f
Author: Yoann Vandoorselaere <yoann.v@prelude-ids.com>
Date:   2009-04-16

    Implement match() as an IDMEF method. Cache compiled regex. Remove
    IDMEF.Get() cache, since the implementation is not correct.

 pycor/idmef.py         |   36 ++++++++++++++++++++++++++++--------
 pycor/utils.py         |   20 --------------------
 ruleset/brute-force.py |    4 ++--
 3 files changed, 30 insertions(+), 30 deletions(-)

commit 3aea295e229203ad9e727422b9bbb68bfca9e61c
Author: Yoann Vandoorselaere <yoann.v@prelude-ids.com>
Date:   2009-04-16

    Automatic reloading of DShield data.

 ruleset/dshield.py |   20 +++++++++++---------
 1 files changed, 11 insertions(+), 9 deletions(-)

commit 8c531f43800736a228c7e51235c30902cfa4ff56
Author: Yoann Vandoorselaere <yoann.v@prelude-ids.com>
Date:   2009-04-16

    Rewrite Timer() implementation. Implement the stats() function.

 pycor/context.py |   83 +++++++++++++++++++++++++++++++----------------------
 1 files changed, 48 insertions(+), 35 deletions(-)

commit a28b0c0cad14b28691a6da9b06c097bf2df43a53
Author: Yoann Vandoorselaere <yoann.v@prelude-ids.com>
Date:   2009-04-16

    Improved dry-run mode. Print statistics on SIGQUIT.

 scripts/pycor |   30 ++++++++++++++++++++----------
 1 files changed, 20 insertions(+), 10 deletions(-)

commit 6ef8076667b0ec142470eec5b5f270330696a547
Author: Yoann Vandoorselaere <yoann.v@prelude-ids.com>
Date:   2009-04-16

    Fix typo.

 ruleset/worm.py |    2 +-
 1 files changed, 1 insertions(+), 1 deletions(-)

commit fc11b5760f8bfb9e6e1cb107997aeb1b11015501
Author: Yoann Vandoorselaere <yoann.v@prelude-ids.com>
Date:   2009-04-15

    Port scan ruleset from Lua.

 ruleset/scan.py |  111 +++++++++++++++++++++++++++++++++++++++++++++++++++++++
 1 files changed, 111 insertions(+), 0 deletions(-)
 create mode 100644 ruleset/scan.py

commit 2506a61307f32f991e32f7b72c6bd96a00f78da9
Author: Yoann Vandoorselaere <yoann.v@prelude-ids.com>
Date:   2009-04-15

    Only alert on expire if destroy() is called from a timer. Always stop context timer on destroy()

 pycor/context.py |    9 ++++++---
 1 files changed, 6 insertions(+), 3 deletions(-)

commit e777603e26c6023067b4ac39d82ef8f1b0010a2d
Author: Yoann Vandoorselaere <yoann.v@prelude-ids.com>
Date:   2009-04-15

    Wake up timer every second, implement signal handling and context loading/saving.

 scripts/pycor |   51 +++++++++++++++++++++++++++++++++++++++++----------
 1 files changed, 41 insertions(+), 10 deletions(-)

commit 275d6c41aa0e45f74de037d87e6fb6bf5e62f755
Author: Yoann Vandoorselaere <yoann.v@prelude-ids.com>
Date:   2009-04-15

    Implement simple context timer. Context() will now return the currently
    existing context (if any) when updated=True is passed as argument.
    
    Implement load() and save() function to unpickle() and pickle() context
    and timer.

 pycor/context.py |  102 +++++++++++++++++++++++++++++++++++++++++++++--------
 1 files changed, 86 insertions(+), 16 deletions(-)

commit 15eccc8415434b8a9e7f50b1c94399dd8a91bb2d
Author: Yoann Vandoorselaere <yoann.v@prelude-ids.com>
Date:   2009-04-15

    Update all ruleset to use the context.search, and context.destroy method.

 ruleset/brute-force.py                |    4 ++--
 ruleset/dshield.py                    |    2 +-
 ruleset/openssh-multiple-authtypes.py |    2 +-
 ruleset/worm.py                       |    7 ++++---
 4 files changed, 8 insertions(+), 7 deletions(-)

commit c26e3a0868ab25154e8aac1d63497b60c2ba7e4e
Author: Yoann Vandoorselaere <yoann.v@prelude-ids.com>
Date:   2009-04-15

    Implement __getstate__ and __setstate__ method, so that an IDMEF instance can be pickled() and unpickled().

 pycor/idmef.py |   25 +++++++++++++++++++++++++
 1 files changed, 25 insertions(+), 0 deletions(-)

commit 69552104c32221def0acc681c4296ffd1c41b605
Author: Yoann Vandoorselaere <yoann.v@prelude-ids.com>
Date:   2009-04-15

    Improved exception printing. Implement getPluginCount().

 pycor/plugins.py |   16 ++++++++++------
 1 files changed, 10 insertions(+), 6 deletions(-)

commit ebd9b33531ea8f034811342d1e5daf0ad7b48553
Author: Yoann Vandoorselaere <yoann.v@prelude-ids.com>
Date:   2009-04-15

    flatten the list before looping through it.

 ruleset/brute-force.py |    2 +-
 1 files changed, 1 insertions(+), 1 deletions(-)

commit 6c4d0d1c997d6e6a67b4a3d914aa3799bca4870c
Author: Yoann Vandoorselaere <yoann.v@prelude-ids.com>
Date:   2009-04-15

    Fixup indentation.

 pycor/plugins.py |   28 ++++++++++++++--------------
 1 files changed, 14 insertions(+), 14 deletions(-)

commit 8b94cb1a0ff8b46c414ed65ec2c3c4bcd1e8b607
Author: Yoann Vandoorselaere <yoann.v@prelude-ids.com>
Date:   2009-04-15

    Launch the plugin by ourself. Additionally, handle plugin exception.

 pycor/plugins.py |   11 +++++++++--
 1 files changed, 9 insertions(+), 2 deletions(-)

commit 0e15af1b3364415c8e1ec11134f6889bd467f848
Author: Yoann Vandoorselaere <yoann.v@prelude-ids.com>
Date:   2009-04-15

    Fix typo.

 ruleset/dshield.py |    4 ++--
 1 files changed, 2 insertions(+), 2 deletions(-)

commit 1eac1bff75bef38cd106fcfc819bf92591afd9ec
Author: Yoann Vandoorselaere <yoann.v@prelude-ids.com>
Date:   2009-04-15

    Fix exception on NULL value.

 pycor/utils.py |    5 +++--
 1 files changed, 3 insertions(+), 2 deletions(-)

commit a68086c1078f73c7f7256c2db6b4a97fc78e9c29
Author: Yoann Vandoorselaere <yoann@nobody.(none)>
Date:   2009-04-14

    Avoid exception if path already exist.

 setup.py |    4 +++-
 1 files changed, 3 insertions(+), 1 deletions(-)

commit 37c8f69b2cb0335bb82fd3e21a5abc9c0e0e45d8
Author: Yoann Vandoorselaere <yoann@nobody.(none)>
Date:   2009-04-14

    Use path provided by siteconfig as base plugins path.

 pycor/plugins.py |    6 +++---
 1 files changed, 3 insertions(+), 3 deletions(-)

commit 2b1fdd134e8ea87085b4ea903ebb0933707e8193
Author: Yoann Vandoorselaere <yoann@nobody.(none)>
Date:   2009-04-14

    Use siteconfig.lib_dir to store internal data.

 ruleset/dshield.py |    6 +++---
 1 files changed, 3 insertions(+), 3 deletions(-)

commit 8efbba657a5f31c7170179e503c6fd22a347c048
Author: Yoann Vandoorselaere <yoann@nobody.(none)>
Date:   2009-04-14

    Install rulesets, create siteconfig.

 setup.py |   30 +++++++++++++++++++++++++++---
 1 files changed, 27 insertions(+), 3 deletions(-)

commit 6e0169ae478671ee81794ff007a1bda2fc7a2085
Author: Yoann Vandoorselaere <yoann.v@prelude-ids.com>
Date:   2009-04-14

    Add missing IDMEF import.

 ruleset/dshield.py |    1 +
 1 files changed, 1 insertions(+), 0 deletions(-)

commit 898a34c64006a9b0b34c018383f8fe20021f5a20
Author: Yoann Vandoorselaere <yoann.v@prelude-ids.com>
Date:   2009-04-14

    Rename to pycor

 ruleset/brute-force.py                |    6 +++---
 ruleset/business-hour.py              |    4 ++--
 ruleset/dshield.py                    |    6 +++---
 ruleset/openssh-multiple-authtypes.py |    6 +++---
 ruleset/worm.py                       |    6 +++---
 scripts/pycor                         |    4 ++--
 setup.py                              |    4 ++--
 7 files changed, 18 insertions(+), 18 deletions(-)

commit 448f449326b7bcd7f7f1f80f77d0c94e8caa3fa2
Author: Yoann Vandoorselaere <yoann.v@prelude-ids.com>
Date:   2009-04-14

    Initial Correlation rule port from Lua.

 ruleset/brute-force.py                |   79 ++++++++++++++++++++++++++++++
 ruleset/business-hour.py              |   43 +++++++++++++++++
 ruleset/dshield.py                    |   85 +++++++++++++++++++++++++++++++++
 ruleset/openssh-multiple-authtypes.py |   66 +++++++++++++++++++++++++
 ruleset/worm.py                       |   59 +++++++++++++++++++++++
 5 files changed, 332 insertions(+), 0 deletions(-)
 create mode 100644 ruleset/brute-force.py
 create mode 100644 ruleset/business-hour.py
 create mode 100644 ruleset/dshield.py
 create mode 100644 ruleset/openssh-multiple-authtypes.py
 create mode 100644 ruleset/worm.py

commit 64f7907d158aabf900a58edcde86f267c52bfd3b
Author: Yoann Vandoorselaere <yoann.v@prelude-ids.com>
Date:   2009-04-14

    Initial infrastructure.

 pycor/context.py  |   52 +++++++++++++++++++++++++
 pycor/idmef.py    |   43 +++++++++++++++++++++
 pycor/plugins.py  |   40 +++++++++++++++++++
 pycor/utils.py    |   61 +++++++++++++++++++++++++++++
 scripts/pycor     |  109 +++++++++++++++++++++++++++++++++++++++++++++++++++++
 setup.py          |   12 ++++++
 6 files changed, 317 insertions(+), 0 deletions(-)
 create mode 100644 pycor/__init__.py
 create mode 100644 pycor/context.py
 create mode 100644 pycor/idmef.py
 create mode 100644 pycor/plugins.py
 create mode 100644 pycor/utils.py
 create mode 100755 scripts/pycor
 create mode 100644 setup.py

commit 1b332d1f0d065f96b8495a8a37c4759cf38ca599
Author: Yoann Vandoorselaere <yoann.v@prelude-ids.com>
Date:   2009-04-06

    Use local.

 plugins/lua/ruleset/dshield.lua |    9 ++++-----
 1 files changed, 4 insertions(+), 5 deletions(-)

commit 50b81355e20c434a4b29bc052bf598cd4d1686fa
Author: Yoann Vandoorselaere <yoann.v@prelude-ids.com>
Date:   2009-04-06

    Add logging from Lua ruleset. Define info(), warn(), and error() logging function,
    available from Lua, using prelude_log().

 plugins/lua/lua.c               |   34 ++++++++++++++++++++++++++++++++++
 plugins/lua/ruleset/dshield.lua |    5 ++---
 2 files changed, 36 insertions(+), 3 deletions(-)

commit 60da7db7d6d0d39fc2c857d45d7d83da556bdd2d
Author: Yoann Vandoorselaere <yoann.v@prelude-ids.com>
Date:   2009-04-06

    Rewrite of the DShield ruleset featuring:
    
    - Improved performance: the dshield database is loaded once upon start, and a hash table
      is created to store the database value. This avoid loading and iterating a 10000 line
      file each time an alert is passed to the ruleset.
    
    - Automatic Dshield database download: this is done using the external socket and lfs
      module. The ruleset will refuse to load if you do not have these module installed.
    
    - Automatic Dshield database update: using a timer, once a week.

 plugins/lua/ruleset/dshield.lua |   99 +++++++++++++++++++++++++--------------
 1 files changed, 63 insertions(+), 36 deletions(-)

commit 590f7a066264433896580fbb02b400dea2edb9f8
Author: Yoann Vandoorselaere <yoann.v@prelude-ids.com>
Date:   2009-04-06

    Now default to install dshield.lua

 plugins/lua/ruleset/Makefile.am |    2 +-
 1 files changed, 1 insertions(+), 1 deletions(-)

commit 60c3c7ee97cefd7ce2fa139c6066f121680c6fb4
Author: Yoann Vandoorselaere <yoann.v@prelude-ids.com>
Date:   2009-04-06

    Use PRELUDE_CORRELATOR_LIB_DIR

 Makefile.am |    2 +-
 1 files changed, 1 insertions(+), 1 deletions(-)

commit 524e1fd851a274a690591beff5672129af082f4a
Author: Yoann Vandoorselaere <yoann.v@prelude-ids.com>
Date:   2009-04-06

    Define PRELUDE_CORRELATOR_LIB_DIR, and make it available from Lua ruleset.

 configure.in      |    8 ++++----
 plugins/lua/lua.c |    5 +++--
 2 files changed, 7 insertions(+), 6 deletions(-)

commit 1d8bc688930fc9f6fd57b06d02eb8e82d749efc5
Author: Yoann Vandoorselaere <yoann.v@prelude-ids.com>
Date:   2009-04-06

    Do not stop loading if a given Lua ruleset fail.

 plugins/lua/lua.c |    4 ++--
 1 files changed, 2 insertions(+), 2 deletions(-)

commit c67c449046fd304ebb8310e7967afd0e5176f1ce
Author: Yoann Vandoorselaere <yoann.v@prelude-ids.com>
Date:   2009-04-06

    Complete Lua Timer() implementation. An Lua callback function can
    now be associated with the Lua Timer. Additionally, the start() and reset()
    method has been simplified.

 plugins/lua/lib.lua     |   19 ++++-----
 plugins/lua/lua-timer.c |   98 ++++++++++++++++++++++++++++-------------------
 plugins/lua/lua-timer.h |    2 +-
 3 files changed, 68 insertions(+), 51 deletions(-)

commit b2445d678233016ee6c5affae231853e772048ed
Author: Yoann Vandoorselaere <yoann.v@prelude-ids.com>
Date:   2009-04-06

    Fix Lua compilation problem.

 plugins/lua/lib.lua |    6 +++---
 1 files changed, 3 insertions(+), 3 deletions(-)

commit 313494db244f441e886ffc6b74230f669dde2aed
Author: Yoann Vandoorselaere <yoann.v@prelude-ids.com>
Date:   2009-04-03

    Re-implement normalize_ip() using string.format(). This speedup and simplify
    the function greatly.

 plugins/lua/ruleset/dshield.lua |   21 +++------------------
 1 files changed, 3 insertions(+), 18 deletions(-)

commit 0014175d8a4f331a7e6360a255fb2fa33bd5d391
Author: Yoann Vandoorselaere <yoann.v@prelude-ids.com>
Date:   2009-04-03

    Rename table_lookup to table.find
    Rename table_dump to table.dump

 plugins/lua/lib.lua          |    8 ++++----
 plugins/lua/ruleset/scan.lua |    2 +-
 2 files changed, 5 insertions(+), 5 deletions(-)

commit 22d954217e9183e053805a16110adcb384092cbe
Author: Yoann Vandoorselaere <yoann.v@prelude-ids.com>
Date:   2009-04-03

    Replace dshield split() function implementation with a generic string.split()
    implementation defined in lib.lua. Additionally, this version will provide
    much better performance.

 plugins/lua/lib.lua             |   21 +++++++++++++++++++++
 plugins/lua/ruleset/dshield.lua |   28 ++--------------------------
 2 files changed, 23 insertions(+), 26 deletions(-)

commit 962194945eba0d109c814c6996e1eb9e8ebabd62
Author: Yoann Vandoorselaere <yoann.v@prelude-ids.com>
Date:   2009-04-03

    Whitespace police.

 plugins/lua/ruleset/dshield.lua |  112 +++++++++++++++++++-------------------
 1 files changed, 56 insertions(+), 56 deletions(-)

commit b711f0b8b82f6aaf7b1deab8b0fe519e88b0e15b
Author: Yoann Vandoorselaere <yoann.v@prelude-ids.com>
Date:   2009-04-03

    Implement patch by Jeffrey C. Ollie <jeff@ocjtech.us>, which make IDMEF:getraw()
    return a nil value (in place of nothing) if the retrieved element is empty.
    
    This fixes an Lua error that occur when calling IDMEF:set() using the result of
    IDMEF:getraw() on an empty element.

 plugins/lua/lua-idmef.c |    6 ++++--
 1 files changed, 4 insertions(+), 2 deletions(-)

commit 9fef7ba11eb184b2959f9962bd7cef1792521c1c
Author: Sebastien Tricaud <s.tricaud@inl.fr>
Date:   2009-01-19

    Add correlation rule to match IP addresses against the dshield database. Do not add this rule in Makefile.am since the dshield mirror installation is required before using this rule (it can't be used as is).

 plugins/lua/ruleset/dshield.lua |  112 +++++++++++++++++++++++++++++++++++++++
 1 files changed, 112 insertions(+), 0 deletions(-)
 create mode 100644 plugins/lua/ruleset/dshield.lua

commit 9b254915391697660c31938bc615dba52d791b4f
Author: Yoann Vandoorselaere <yoann.v@prelude-ids.com>
Date:   2008-11-06

    Implement multiple OpenSSH authentication type correlation, courtesy of
    Sebastien Tricaud <s.tricaud@inl.fr>

 plugins/lua/ruleset/Makefile.am                    |    2 +-
 plugins/lua/ruleset/openssh-multiple-authtypes.lua |   69 ++++++++++++++++++++
 2 files changed, 70 insertions(+), 1 deletions(-)
 create mode 100644 plugins/lua/ruleset/openssh-multiple-authtypes.lua

commit ddc32c038b765791d76373254fb9af65bd607197
Author: Yoann Vandoorselaere <yoann.v@prelude-ids.com>
Date:   2008-10-27

    Handle idmef-data type.

 plugins/lua/regex.c |   43 +++++++++++++++++++++++++++++++++++++++++++
 1 files changed, 43 insertions(+), 0 deletions(-)

commit a97661985ed175c0a4347d754713707e3996a815
Author: Yoann Vandoorselaere <yoann.v@prelude-ids.com>
Date:   2008-09-24

    Include signal.h, should fix #318.

 src/prelude-correlator.c |    1 +
 1 files changed, 1 insertions(+), 0 deletions(-)

commit 3ea15328290ea14cb3b16a29868e0d82da63b835
Author: Yoann Vandoorselaere <yoann.v@prelude-ids.com>
Date:   2008-09-24

    s/Prelude-LML/Prelude-Correlator/

 configure.in |    6 +++---
 1 files changed, 3 insertions(+), 3 deletions(-)

commit afc1345b9c66c71613a6611ceae1f41eca13e4a4
Author: Yoann Vandoorselaere <yoann.v@prelude-ids.com>
Date:   2008-08-01

    Fix impact severity / description path, thanks
    Scott Olihovik <skippylou@gmail.com> for pointing it out!

 plugins/lua/ruleset/brute-force.lua |    4 ++--
 1 files changed, 2 insertions(+), 2 deletions(-)

commit 48fd46a6f54cf6d942b595d1df5b64bb1994114b
Author: Yoann Vandoorselaere <yoann.v@prelude-ids.com>
Date:   2008-07-11

    Update NEWS, bump version number.

 NEWS         |    9 +++++++++
 configure.in |    2 +-
 2 files changed, 10 insertions(+), 1 deletions(-)

commit b7da90b80d37aa3bb5f81a99066ecaf6a3c78a09
Author: Yoann Vandoorselaere <yoann.v@prelude-ids.com>
Date:   2008-07-11

    Update GnuLib code.

 libmissing/m4/gnulib-comp.m4 |   12 ++++++------
 libmissing/m4/onceonly.m4    |   15 +++++++++------
 2 files changed, 15 insertions(+), 12 deletions(-)

commit b36343eec281c201ea63144f89b11e68aaf55766
Author: Yoann Vandoorselaere <yoann.v@prelude-ids.com>
Date:   2008-07-11

    Add AUTHORS file.

 AUTHORS |    2 ++
 1 files changed, 2 insertions(+), 0 deletions(-)

commit 37dacec517e98dfae1f65db074809ac109207f49
Author: Yoann Vandoorselaere <yoann.v@prelude-ids.com>
Date:   2008-07-11

    Allow to set 'nil' IDMEF value. This fixes the second issue
    referenced by #297. (fix #297).

 plugins/lua/lua-idmef.c |   31 +++++++++++++++++++++----------
 1 files changed, 21 insertions(+), 10 deletions(-)

commit 079b4d9c2bdd83b85215c82c5eb474009c76fd4b
Author: Yoann Vandoorselaere <yoann.v@prelude-ids.com>
Date:   2008-07-11

    Fix ctx:set() typo, this fixes one of the problem referenced
    by ticket #297. refs #297.

 plugins/lua/ruleset/brute-force.lua |    8 ++++----
 1 files changed, 4 insertions(+), 4 deletions(-)

commit a06a868bd8262a3a649f24f62306b38fd65439cb
Author: Yoann Vandoorselaere <yoann.v@prelude-ids.com>
Date:   2008-07-03

    Update NEWS, bump version number.

 NEWS         |   16 ++++++++++++++++
 configure.in |    2 +-
 2 files changed, 17 insertions(+), 1 deletions(-)

commit ee0187fb7b4037ef859063108d51f34e3eb5e9e5
Author: Yoann Vandoorselaere <yoann.v@prelude-ids.com>
Date:   2008-07-03

    Update GnuLib code.

 libmissing/m4/gnulib-tool.m4 |   28 ++++++++++++++++++++++++++--
 1 files changed, 26 insertions(+), 2 deletions(-)

commit 6b796622854479e73a8d7f723df0de5b3ad9b3c8
Author: Yoann Vandoorselaere <yoann.v@prelude-ids.com>
Date:   2008-07-03

    Fix problem with business-hour ruleset, of updating a non
    existing context. This rule does not need a context at all,
    rather a simple IDMEF object is sufficiant.

 plugins/lua/ruleset/business-hour.lua |   16 ++++++++--------
 1 files changed, 8 insertions(+), 8 deletions(-)

commit f391f90a8929290f4d3c10fe8678f4352e5a6b2a
Author: Yoann Vandoorselaere <yoann.v@prelude-ids.com>
Date:   2008-07-03

    Always return a table when retrieving multiple path (even
    with empty path). Fix #295.

 plugins/lua/lua-idmef.c |    6 ++++--
 1 files changed, 4 insertions(+), 2 deletions(-)

commit 86fc1fc9719552b2771963e0820fe07fbf034b01
Author: Yoann Vandoorselaere <yoann.v@prelude-ids.com>
Date:   2008-06-30

    Correct multi-path detection (was not working with exactly two IDMEF
    path). Should fix #295.

 plugins/lua/lua-idmef.c |   12 +++++-------
 1 files changed, 5 insertions(+), 7 deletions(-)

commit 50d9546385af8a84c9650c24308a35ba0311dee6
Author: Yoann Vandoorselaere <yoann.v@prelude-ids.com>
Date:   2008-06-27

    Fix invalid installation path under certain conditions, thanks
    to Steve Grubb <sgrubb@redhat.com> for pointing that out.

 Makefile.am                     |    8 ++++----
 NEWS                            |    5 +++++
 configure.in                    |   30 ++++++++++++++++--------------
 plugins/lua/ruleset/Makefile.am |    2 +-
 prelude-correlator.conf.in      |    2 +-
 5 files changed, 27 insertions(+), 20 deletions(-)

commit 53713b75d327c96b200c1a85bd669ad298530878
Author: Yoann Vandoorselaere <yoann.v@prelude-ids.com>
Date:   2008-06-27

    Update NEWS, bump version number.

 NEWS         |    8 ++++++++
 configure.in |    2 +-
 2 files changed, 9 insertions(+), 1 deletions(-)

commit 41ae2f7d5c3f0ccb7ba64134ba04b19d0b5e681d
Author: Yoann Vandoorselaere <yoann.v@prelude-ids.com>
Date:   2008-06-27

    Check for both lua5.1.pc and lua.pc: differents distributions seems
    to use different default. Thanks to Steve Grubb <sgrubb@redhat.com>
    for pointing that out.

 configure.in |    6 +++---
 1 files changed, 3 insertions(+), 3 deletions(-)

commit 1a787a54040be71f8a29eeea874e38f5281b328e
Author: Yoann Vandoorselaere <yoann.v@prelude-ids.com>
Date:   2008-06-27

    Always use $(DESTDIR), thanks to Steve Grubb <sgrubb@redhat.com> for
    pointing that out.

 Makefile.am |    2 +-
 1 files changed, 1 insertions(+), 1 deletions(-)

commit 68b7c5f96d1a25b7d6239e43542fd41aeac7ba0b
Author: Yoann Vandoorselaere <yoann.v@prelude-ids.com>
Date:   2008-06-27

    Initial Prelude-Correlator beta release.

 NEWS |    4 ++++
 1 files changed, 4 insertions(+), 0 deletions(-)

commit 68906da88e781846f918fe46572e38567db452e6
Author: Yoann Vandoorselaere <yoann.v@prelude-ids.com>
Date:   2008-06-27

    Update GnuLib code.

 libmissing/Makefile.am           |   40 ++-
 libmissing/dummy.c               |   10 +-
 libmissing/gettimeofday.c        |    8 +-
 libmissing/m4/absolute-header.m4 |   44 ---
 libmissing/m4/extensions.m4      |   56 +++-
 libmissing/m4/gnulib-cache.m4    |    9 +-
 libmissing/m4/gnulib-common.m4   |   73 +++++-
 libmissing/m4/gnulib-comp.m4     |  125 +++++++-
 libmissing/m4/include_next.m4    |  110 +++++++
 libmissing/m4/onceonly.m4        |   87 ++++++
 libmissing/m4/onceonly_2_57.m4   |   86 ------
 libmissing/m4/string_h.m4        |   23 ++-
 libmissing/m4/strsep.m4          |    7 +-
 libmissing/m4/sys_time_h.m4      |    6 +-
 libmissing/string.in.h           |  585 ++++++++++++++++++++++++++++++++++++++
 libmissing/string_.h             |  550 -----------------------------------
 libmissing/strpbrk.c             |    2 +-
 libmissing/strsep.c              |    2 +-
 libmissing/sys_time.in.h         |   52 ++++
 libmissing/sys_time_.h           |   44 ---
 20 files changed, 1122 insertions(+), 797 deletions(-)
 delete mode 100644 libmissing/m4/absolute-header.m4
 create mode 100644 libmissing/m4/include_next.m4
 create mode 100644 libmissing/m4/onceonly.m4
 delete mode 100644 libmissing/m4/onceonly_2_57.m4
 create mode 100644 libmissing/string.in.h
 delete mode 100644 libmissing/string_.h
 create mode 100644 libmissing/sys_time.in.h
 delete mode 100644 libmissing/sys_time_.h

commit b4ebc8d681fd5899fcf528b700ed6b248dd1204e
Author: Yoann Vandoorselaere <yoann.v@prelude-ids.com>
Date:   2008-06-27

    Build system update.

 configure.in               |  132 +++++++++++++++++++-------------
 m4/as-ac-expand.m4         |   43 ++++++++++
 m4/ax_c_check_flag.m4      |   90 ++++++++++++++++++++++
 m4/ax_cflags_gcc_option.m4 |  183 --------------------------------------------
 m4/ax_ld_check_flag.m4     |   98 +++++++++++++++++++++++
 plugins/lua/Makefile.am    |    4 +-
 src/Makefile.am            |    3 +-
 7 files changed, 316 insertions(+), 237 deletions(-)
 create mode 100644 m4/as-ac-expand.m4
 create mode 100644 m4/ax_c_check_flag.m4
 delete mode 100644 m4/ax_cflags_gcc_option.m4
 create mode 100644 m4/ax_ld_check_flag.m4

commit 1d7765d94acc18670bc17976912ba92f0fa9bb28
Author: Yoann Vandoorselaere <yoann.v@prelude-ids.com>
Date:   2008-06-25

    Remove debug output, coding style fixes.

 plugins/lua/lua.c |   54 ++++++++++++++++++++++++++++------------------------
 1 files changed, 29 insertions(+), 25 deletions(-)

commit d21d6eb4157fdafe4dad3d93c57eab6edd90700d
Author: Yoann Vandoorselaere <yoann.v@prelude-ids.com>
Date:   2008-06-25

    Deprecate PCRE plugin: remove from the build.

 configure.in        |    2 --
 plugins/Makefile.am |    2 +-
 2 files changed, 1 insertions(+), 3 deletions(-)

commit ae065f04e9507eaff577ec0939ae2269d5ef30ca
Author: Yoann Vandoorselaere <yoann.v@prelude-ids.com>
Date:   2008-06-25

    Port old PCRE business-hour ruleset to LUA.

 plugins/lua/ruleset/Makefile.am       |    2 +-
 plugins/lua/ruleset/business-hour.lua |   40 +++++++++++++++++++++++++++++++++
 2 files changed, 41 insertions(+), 1 deletions(-)
 create mode 100644 plugins/lua/ruleset/business-hour.lua

commit b11161d3ffb30fab1980f15fb9fc88943d4a1349
Author: Yoann Vandoorselaere <yoann.v@prelude-ids.com>
Date:   2008-06-25

    Implement IDMEFTime retrieval. Kill warning.

 plugins/lua/regex.c |   61 +++++++++++++++++++++++++++++++++++++++++++++++++-
 1 files changed, 59 insertions(+), 2 deletions(-)

commit dd3a0b7f11b3014785a16789519506c1f825a42f
Author: Yoann Vandoorselaere <yoann.v@prelude-ids.com>
Date:   2008-06-25

    Allow the user to run LUA code out of the LUA rule running function,
    useful to setup global variable.
    
    Kill warning.

 plugins/lua/lua.c |    4 +++-
 1 files changed, 3 insertions(+), 1 deletions(-)

commit 9b3d5ed92287d7615d04cd469dbdc9e7e397c3db
Author: Yoann Vandoorselaere <yoann.v@prelude-ids.com>
Date:   2008-06-25

    Fix warnings.

 plugins/lua/regex.h |    4 ++++
 1 files changed, 4 insertions(+), 0 deletions(-)

commit f1341641ccaf26af509cb569c16e464789212127
Author: Yoann Vandoorselaere <yoann.v@prelude-ids.com>
Date:   2008-06-24

    Correct polling timeout.

 src/prelude-correlator.c |    2 +-
 1 files changed, 1 insertions(+), 1 deletions(-)

commit 47fabb3a9360aeb9869f913b5d86d6a076c40135
Author: Yoann Vandoorselaere <yoann.v@prelude-ids.com>
Date:   2008-06-24

    Print out the number of rulesets loaded.

 plugins/lua/lua.c |    6 ++++++
 1 files changed, 6 insertions(+), 0 deletions(-)

commit 9ce2087f60eba89b77f6468a285641aaa6525a41
Author: Yoann Vandoorselaere <yoann.v@prelude-ids.com>
Date:   2008-06-24

    Setup a default instance of the LUA plugin.

 prelude-correlator.conf.in |    4 ++--
 1 files changed, 2 insertions(+), 2 deletions(-)

commit 0076e214ab5595e5a0b23480511da164336287d8
Author: Yoann Vandoorselaere <yoann.v@prelude-ids.com>
Date:   2008-06-24

    Rename option to something more obvious.

 plugins/lua/lua.c |    2 +-
 1 files changed, 1 insertions(+), 1 deletions(-)

commit 7910923ed3eaf691108231e7f4a9b07249243b71
Author: Yoann Vandoorselaere <yoann.v@prelude-ids.com>
Date:   2008-06-24

    distcheck fixes.

 plugins/lua/Makefile.am         |    2 ++
 plugins/lua/ruleset/Makefile.am |    2 +-
 2 files changed, 3 insertions(+), 1 deletions(-)

commit b378694cb6452a12b3710dbae646669f5491cd86
Author: Yoann Vandoorselaere <yoann.v@prelude-ids.com>
Date:   2008-03-03

    Error handling improvements, bug fixes.

 plugins/lua/lua-idmef.c |   51 ++++++++++++-----------
 plugins/lua/regex.c     |  102 +++++++++++++++++++++++++++++-----------------
 2 files changed, 91 insertions(+), 62 deletions(-)

commit bf409267b7cac469e48ff98b86ccf4695ca50366
Author: Yoann Vandoorselaere <yoann.v@prelude-ids.com>
Date:   2008-03-03

    Run each ruleset independantly, this require that all ruleset
    export a single function to be ran. Bug fixes / enhancements
    to all rulesets.

 plugins/lua/lua.c                   |  128 ++++++++++++++++++++++-------------
 plugins/lua/ruleset/brute-force.lua |   20 +++--
 plugins/lua/ruleset/firewall.lua    |   35 ++++++----
 plugins/lua/ruleset/scan.lua        |   19 +++---
 plugins/lua/ruleset/worm.lua        |   19 +++--
 5 files changed, 136 insertions(+), 85 deletions(-)

commit d8e3ad974aa28fe966cb239fc03350abe457524b
Author: Yoann Vandoorselaere <yoann.v@prelude-ids.com>
Date:   2008-03-03

    Add some utility function, make the code compatible with LUA < 5.1

 plugins/lua/lib.lua |  136 ++++++++++++++++++++-------------------------------
 1 files changed, 53 insertions(+), 83 deletions(-)

commit d87926607f169103e1036b8c834040986fc5f3eb
Author: Yoann Vandoorselaere <yoann.v@prelude-ids.com>
Date:   2008-03-01

    We now have two specialized method, IDMEF:get(), which return
    result converted to LUA datatype, and IDMEF:getraw(), returning
    raw IDMEFValue user data.

 plugins/lua/lib.lua                 |    4 +-
 plugins/lua/lua-idmef.c             |  146 ++++++++++-------------------------
 plugins/lua/ruleset/brute-force.lua |   14 ++--
 plugins/lua/ruleset/firewall.lua    |   10 +-
 plugins/lua/ruleset/scan.lua        |   18 ++--
 plugins/lua/ruleset/worm.lua        |    6 +-
 6 files changed, 68 insertions(+), 130 deletions(-)

commit 5ddb9d462ce79e1c77bef55ae5a8155e3c4239b1
Author: Yoann Vandoorselaere <yoann.v@prelude-ids.com>
Date:   2008-03-01

    Fix broken string initialization.

 plugins/lua/regex.c |    6 ++----
 1 files changed, 2 insertions(+), 4 deletions(-)

commit d69fa4f33a1e0f1f6fa7f9bd1aa41ff6323b2fe6
Author: Yoann Vandoorselaere <yoann.v@prelude-ids.com>
Date:   2008-03-01

    Implement IDMEF:getAnalyzerID(), allowing to retrieve the last
    analyzerID in an analyzerID list. Make use of it in LUA rulesets.
    Implement correct EventSweep unique target detection, fix #253.

 plugins/lua/lib.lua                 |   20 +++++++++++++++
 plugins/lua/ruleset/brute-force.lua |    4 +-
 plugins/lua/ruleset/firewall.lua    |    2 +-
 plugins/lua/ruleset/scan.lua        |   47 +++++++++++++++++++++-------------
 plugins/lua/ruleset/worm.lua        |    2 +-
 5 files changed, 53 insertions(+), 22 deletions(-)

commit d319f32337ba3ae3d9f489a2bfe82e122c7aa15d
Author: Yoann Vandoorselaere <yoann.v@prelude-ids.com>
Date:   2008-03-01

    Implement IDMEF:get2(), allowing to retrieve an IDMEF value converted
    to LUA, rather than a plain IDMEFValue. We will need to merge both get()
    and get2() method somehow.

 plugins/lua/lua-idmef.c |   50 +++++++++++++++-
 plugins/lua/regex.c     |  152 ++++++++++++++++++++++++++++++++++++++++++++++-
 2 files changed, 198 insertions(+), 4 deletions(-)

commit 545c33becd552019a6457ff291f988856c8a42d4
Author: Yoann Vandoorselaere <yoann.v@prelude-ids.com>
Date:   2008-02-29

    Fix memory leak.

 plugins/lua/lua-idmef.c |    1 +
 plugins/lua/lua.c       |    1 +
 2 files changed, 2 insertions(+), 0 deletions(-)

commit 594f20a5be35791822e4e17087f5590051f4d9ab
Author: Yoann Vandoorselaere <yoann.v@prelude-ids.com>
Date:   2008-02-29

    Implement IDMEF:match() method, replacing global match function.
    This new function is also capable of handling mure more type of
    situation: single / multiple path, whether the result should be
    flatened out or not, etc. Set the default output to flatened, and
    port the rulesets accordingly.
    
    Rulesets bug fixes..

 plugins/lua/lua-idmef.c             |   77 ++++++++++++++++++++++++++++--
 plugins/lua/lua.c                   |   47 ------------------
 plugins/lua/regex.c                 |   88 ++++++++++++++++++++++++++++-------
 plugins/lua/regex.h                 |    4 +-
 plugins/lua/ruleset/brute-force.lua |   31 ++++++------
 plugins/lua/ruleset/firewall.lua    |   14 +++---
 plugins/lua/ruleset/scan.lua        |   21 ++++----
 plugins/lua/ruleset/worm.lua        |   55 +++++++++++-----------
 8 files changed, 206 insertions(+), 131 deletions(-)

commit 9f70ee146b07a284398a504d3fc4d046ace224d2
Author: Yoann Vandoorselaere <yoann.v@prelude-ids.com>
Date:   2008-02-29

    Cleanup table dump function, rename to tabledump()

 plugins/lua/lib.lua |   14 ++++++++++++--
 1 files changed, 12 insertions(+), 2 deletions(-)

commit 5a46314729cd5b73f81951fbb4defbed143fd748
Author: Yoann Vandoorselaere <yoann.v@prelude-ids.com>
Date:   2008-02-29

    Port scan.rules and worm.rules to the LUA plugin.

 plugins/lua/ruleset/scan.lua |  103 ++++++++++++++++++++++++++++++++++++++++++
 plugins/lua/ruleset/worm.lua |   63 +++++++++++++++++++++++++
 2 files changed, 166 insertions(+), 0 deletions(-)
 create mode 100644 plugins/lua/ruleset/scan.lua
 create mode 100644 plugins/lua/ruleset/worm.lua

commit 4d48d9b1843417e30a0024d621291ab6220d17b4
Author: Yoann Vandoorselaere <yoann.v@prelude-ids.com>
Date:   2008-02-29

    Ruleset fixes and optimisation: take advantage of provided LUA
    features.

 plugins/lua/ruleset/brute-force.lua |  112 +++++++++++++++++++---------------
 plugins/lua/ruleset/firewall.lua    |   40 ++++++-------
 2 files changed, 81 insertions(+), 71 deletions(-)

commit 1d7363915262b1f817544a2e354f9882007f6283
Author: Yoann Vandoorselaere <yoann.v@prelude-ids.com>
Date:   2008-02-29

    Proper LUA indentation for LUA class support code.

 plugins/lua/lib.lua |   94 +++++++++++++++++++++++++++-----------------------
 1 files changed, 51 insertions(+), 43 deletions(-)

commit 64ff5bd1343671b5ac33852711d1667ba5ccf53d
Author: Yoann Vandoorselaere <yoann.v@prelude-ids.com>
Date:   2008-02-28

    Remove explicit call to lua_gc().

 plugins/lua/lua-timer.c |    2 +-
 1 files changed, 1 insertions(+), 1 deletions(-)

commit 6f813fb4bba9b065b3755a5a6f8d9c7b8d7d8885
Author: Yoann Vandoorselaere <yoann.v@prelude-ids.com>
Date:   2008-02-28

    Port PCRE firewall.rules to LUA plugin.

 plugins/lua/ruleset/firewall.lua |   59 ++++++++++++++++++++++++++++++++++++++
 1 files changed, 59 insertions(+), 0 deletions(-)
 create mode 100644 plugins/lua/ruleset/firewall.lua

commit 8475cef365e99d9d5b2add70cd9d10f6972d1d42
Author: Yoann Vandoorselaere <yoann.v@prelude-ids.com>
Date:   2008-02-28

    Moved dump() debugging function to lib.lua, handle new match
    return value.

 plugins/lua/ruleset/brute-force.lua |   21 +++++----------------
 1 files changed, 5 insertions(+), 16 deletions(-)

commit df3bf003b3ab210b2082de519995f6bbec2c499a
Author: Yoann Vandoorselaere <yoann.v@prelude-ids.com>
Date:   2008-02-28

    Return nil if match can not find match.

 plugins/lua/lua.c |   43 ++++---------------------------------------
 1 files changed, 4 insertions(+), 39 deletions(-)

commit 73e675d31e9400e6d4f64bcf2b9a6de849473a1f
Author: Yoann Vandoorselaere <yoann.v@prelude-ids.com>
Date:   2008-02-28

    Implement alert_on_expire keyword, add a debug function.

 plugins/lua/lib.lua |   28 +++++++++++++++++++++++++++-
 1 files changed, 27 insertions(+), 1 deletions(-)

commit 1a0c8f79fa309674f8544ca4cdfc9da1ff9da40e
Author: Yoann Vandoorselaere <yoann.v@prelude-ids.com>
Date:   2008-02-28

    Initial LUA support for prelude-correlator. The only
    ruleset ported is brute-force.rules.

 configure.in                        |   23 ++-
 plugins/Makefile.am                 |    2 +-
 plugins/lua/Makefile.am             |   11 +
 plugins/lua/lib.lua                 |  107 +++++++++
 plugins/lua/lua-idmef-value.c       |  154 ++++++++++++
 plugins/lua/lua-idmef-value.h       |   26 ++
 plugins/lua/lua-idmef.c             |  443 +++++++++++++++++++++++++++++++++++
 plugins/lua/lua-idmef.h             |   26 ++
 plugins/lua/lua-timer.c             |  276 ++++++++++++++++++++++
 plugins/lua/lua-timer.h             |   28 +++
 plugins/lua/lua.c                   |  337 ++++++++++++++++++++++++++
 plugins/lua/regex.c                 |  200 ++++++++++++++++
 plugins/lua/regex.h                 |   25 ++
 plugins/lua/ruleset/Makefile.am     |    3 +
 plugins/lua/ruleset/brute-force.lua |   71 ++++++
 15 files changed, 1729 insertions(+), 3 deletions(-)
 create mode 100644 plugins/lua/Makefile.am
 create mode 100644 plugins/lua/lib.lua
 create mode 100644 plugins/lua/lua-idmef-value.c
 create mode 100644 plugins/lua/lua-idmef-value.h
 create mode 100644 plugins/lua/lua-idmef.c
 create mode 100644 plugins/lua/lua-idmef.h
 create mode 100644 plugins/lua/lua-timer.c
 create mode 100644 plugins/lua/lua-timer.h
 create mode 100644 plugins/lua/lua.c
 create mode 100644 plugins/lua/regex.c
 create mode 100644 plugins/lua/regex.h
 create mode 100644 plugins/lua/ruleset/Makefile.am
 create mode 100644 plugins/lua/ruleset/brute-force.lua

commit 4e8ce825c79376ccb483c98c2887a04ea9de8292
Author: Yoann Vandoorselaere <yoann.v@prelude-ids.com>
Date:   2008-02-28

    Whitespace police.

 plugins/pcre/pcre-parser.c |   38 +++++++++++++++++++-------------------
 1 files changed, 19 insertions(+), 19 deletions(-)

commit cc7a0927bb9bff5b7417b2a3ee82e5eba406ad49
Author: Sebastien Tricaud <s.tricaud@inl.fr>
Date:   2007-11-28

    (feature): Add the possibility to daemonize the correlator

 src/prelude-correlator.c |   31 +++++++++++++++++++++++++++++++
 1 files changed, 31 insertions(+), 0 deletions(-)

commit 6cdeec3d4221b500d4282c133132efc27f95c1db
Author: Sebastien Tricaud <s.tricaud@inl.fr>
Date:   2007-11-28

    (typo): Not LML but Correlator

 configure.in |    4 ++--
 1 files changed, 2 insertions(+), 2 deletions(-)

commit 72adb9cb8205d0d5033be6d32955c027c9f33f24
Author: Yoann Vandoorselaere <yoann.v@prelude-ids.com>
Date:   2007-09-26

    The user can now provide infinite number of "elseif" command.
    "elif" is now accepted as a shortcut for "elseif".
    Both left and right if operand can now be context.

 plugins/pcre/pcre-mod.c |  207 ++++++++++++++++++++++++++++-------------------
 1 files changed, 123 insertions(+), 84 deletions(-)

commit d4675d031efbef6e2ccb0db315535cd4481b1621
Author: Yoann Vandoorselaere <yoann.v@prelude-ids.com>
Date:   2007-09-26

    Whitespace police.

 plugins/pcre/value-container.c |  166 ++++++++++++++++++++--------------------
 1 files changed, 83 insertions(+), 83 deletions(-)

commit bed47370fcbd90dc05c0675a15a2dbfb050b29d0
Author: Yoann Vandoorselaere <yoann.v@prelude-ids.com>
Date:   2007-09-26

    Whitespace police.

 plugins/pcre/pcre-context.c |  260 +++++++++++++++++++++---------------------
 1 files changed, 130 insertions(+), 130 deletions(-)

commit f53e0c99b78e45f215564aabf4a4efb2b2ad3590
Author: Yoann Vandoorselaere <yoann.v@prelude-ids.com>
Date:   2007-09-17

    Fix regression with if comparison returning always true.

 plugins/pcre/pcre-mod.c |    2 +-
 1 files changed, 1 insertions(+), 1 deletions(-)

commit 9712f1e078a5b76cdd1fb39a643940d07bfc46e8
Author: Yoann Vandoorselaere <yoann.v@prelude-ids.com>
Date:   2007-09-05

    Rework logging priority, use prelude_plugin_instance_unsubscribe().

 configure.in              |    2 +-
 src/correlation-plugins.c |   17 +++++++----------
 2 files changed, 8 insertions(+), 11 deletions(-)

commit 9c64cf646ab55df6a29b11311becdea524825560
Author: Yoann Vandoorselaere <yoann.v@prelude-ids.com>
Date:   2007-09-05

    Whitespace police.

 src/correlation-plugins.c |   20 ++++++++++----------
 1 files changed, 10 insertions(+), 10 deletions(-)

commit f7f825b91caa6f8310b94b7648b4b061f1f6df91
Author: Yoann Vandoorselaere <yoann.v@prelude-ids.com>
Date:   2007-07-19

    Add not equal (!=) if operator.

 plugins/pcre/pcre-mod.c |    4 +++-
 1 files changed, 3 insertions(+), 1 deletions(-)

commit 59697e8651fa9717c7911f243db508113b8e441a
Author: Yoann Vandoorselaere <yoann.v@prelude-ids.com>
Date:   2007-07-19

    Add missing prototype.

 plugins/pcre/pcre-context.h |   12 +++++++-----
 1 files changed, 7 insertions(+), 5 deletions(-)

commit 22dc9563e9162e62dcb120a79d5ad236ef42da42
Author: Yoann Vandoorselaere <yoann.v@prelude-ids.com>
Date:   2007-07-19

    Whitespace police.

 plugins/pcre/pcre-mod.c |  510 +++++++++++++++++++++++-----------------------
 1 files changed, 255 insertions(+), 255 deletions(-)

commit bff57476bffd6cf806be45ef9ec276d10237fea2
Author: Yoann Vandoorselaere <yoann.v@prelude-ids.com>
Date:   2007-06-11

    Whitespace police.

 src/prelude-correlator.c |   96 +++++++++++++++++++++++-----------------------
 1 files changed, 48 insertions(+), 48 deletions(-)

commit c47259c0892ed5e3ed2d8e7f510fb9d6c58ed2b1
Author: Yoann Vandoorselaere <yoann.v@prelude-ids.com>
Date:   2007-06-11

    Call prelude_deinit() on exit().

 src/prelude-correlator.c |    2 ++
 1 files changed, 2 insertions(+), 0 deletions(-)

commit 010fafd665fce56d82751ae3884eeabdd84dd536
Author: Yoann Vandoorselaere <yoann.v@prelude-ids.com>
Date:   2007-06-04

    Hook business-hour.rules.

 plugins/pcre/ruleset/Makefile.am |    1 +
 plugins/pcre/ruleset/pcre.rules  |    3 ++-
 2 files changed, 3 insertions(+), 1 deletions(-)

commit fb31d7cd982ae3e2a2d1c058a9e1c3ba707aea8b
Author: Yoann Vandoorselaere <yoann.v@prelude-ids.com>
Date:   2007-06-04

    New ruleset: business-hour.rules
    
    Use "schedule" rule to determine when we are on business hour. Raise
    CorrelationAlert for Alert with suceeded completion when we are not
    on business hour.

 plugins/pcre/ruleset/business-hour.rules |   53 ++++++++++++++++++++++++++++++
 1 files changed, 53 insertions(+), 0 deletions(-)
 create mode 100644 plugins/pcre/ruleset/business-hour.rules

commit a8a713375cee72a1251a7a645c8abc2d793e4ef5
Author: Yoann Vandoorselaere <yoann.v@prelude-ids.com>
Date:   2007-04-20

    Remove debug spew.

 plugins/pcre/pcre-context.c |    4 +---
 plugins/pcre/pcre-mod.c     |    2 --
 2 files changed, 1 insertions(+), 5 deletions(-)

commit 6bf2b0efe3ef349b752d832a39bf0f1bd4a0722f
Author: Yoann Vandoorselaere <yoann.v@prelude-ids.com>
Date:   2007-04-20

    Add a new "unique" keyword that might now be used when creating a context. Upon
    each insertion of an incoming IDMEF alert in a context, we check that the context
    doesn't already carry the value pointed to by the unique path.
    
    When using this setting, the threshold check is issued against the number of different
    unique path known in the context.
    
    This fix eventsweep detection.

 plugins/pcre/pcre-context.c     |  107 +++++++++++++++++++++++++++++++++------
 plugins/pcre/pcre-context.h     |    3 +
 plugins/pcre/pcre-mod.c         |   30 ++++++++---
 plugins/pcre/ruleset/scan.rules |    2 +-
 4 files changed, 116 insertions(+), 26 deletions(-)

commit fd80932c24a2ecc7640e67ba54be5c48e1bcfdce
Author: Yoann Vandoorselaere <yoann.v@prelude-ids.com>
Date:   2007-04-20

    Remove debug spew.

 plugins/pcre/value-container.c |    2 --
 1 files changed, 0 insertions(+), 2 deletions(-)

commit 6f3629bcca6edebc00fef1b5177b7dada1746324
Author: Yoann Vandoorselaere <yoann.v@prelude-ids.com>
Date:   2007-04-14

    Module path migration: move /trunk/prelude-correlator /prelude-correlator/trunk

commit 3b02f49319b6a885a2b2da7e72b5198b2da25a3c
Author: Yoann Vandoorselaere <yoann.v@prelude-ids.com>
Date:   2007-04-12

    Correctly set Analyzer->model, Analyzer->class and Analyzer->Version.

 src/prelude-correlator.c |    4 ++--
 1 files changed, 2 insertions(+), 2 deletions(-)

commit 2fe5cf180e54fdb783d8e1cb00a2488e8c91ca17
Author: Yoann Vandoorselaere <yoann.v@prelude-ids.com>
Date:   2007-04-10

    Update.

 libmissing/string_.h   |   12 +++++++++---
 libmissing/sys_time_.h |    6 +++---
 2 files changed, 12 insertions(+), 6 deletions(-)

commit bc5bd50fb593d154e52c78899f188d5c2f423ea4
Author: Yoann Vandoorselaere <yoann.v@prelude-ids.com>
Date:   2007-03-30

    Improve merging. Require libprelude-0.9.13.2.

 plugins/pcre/rule-object.c |  140 +++++++++++++++-----------------------------
 1 files changed, 48 insertions(+), 92 deletions(-)

commit c5a15de94ad56d415f76085ef89b6e82987302f1
Author: Yoann Vandoorselaere <yoann.v@prelude-ids.com>
Date:   2007-03-30

    Improve merging. Require libprelude-0.9.13.2.

 configure.in |    2 +-
 1 files changed, 1 insertions(+), 1 deletions(-)

commit 9a276c783a4f387b188f262d7e4b3975c3587e4c
Author: Yoann Vandoorselaere <yoann.v@prelude-ids.com>
Date:   2007-03-24

    When merging message, compare field by field, and explicitly skip port and portlist comparison. This is done to avoid merge failure since source->service tend to be different for each correlated message. In the future, it might be a good idea to generate a portlist.

 plugins/pcre/rule-object.c |  129 +++++++++++++++++++++++++++++++++++++-------
 1 files changed, 110 insertions(+), 19 deletions(-)

commit 979ccb2cd7869ae85f9cb3590ba41dbf9a671a3e
Author: Yoann Vandoorselaere <yoann.v@prelude-ids.com>
Date:   2007-03-24

    Fix leak due to missing prelude_io_close().

 plugins/pcre/pcre-context.c |    1 +
 1 files changed, 1 insertions(+), 0 deletions(-)

commit 6586fbace443ec45b8bfe68af51d3c29e42abd1a
Author: Yoann Vandoorselaere <yoann.v@prelude-ids.com>
Date:   2007-03-24

    Fix problem with if/for parsing.

 plugins/pcre/pcre-mod.c |   25 +++++++++++++++----------
 1 files changed, 15 insertions(+), 10 deletions(-)

commit f61f3413690723aec0c451b0572eb9731037a62a
Author: Yoann Vandoorselaere <yoann.v@prelude-ids.com>
Date:   2007-03-23

    Fix EVENTSCAN detection. Correct correlation_alert.name.

 plugins/pcre/ruleset/scan.rules |   17 +++++++----------
 1 files changed, 7 insertions(+), 10 deletions(-)

commit ff16564697a221c8bd65c8f412ced40f48e861b8
Author: Yoann Vandoorselaere <yoann.v@prelude-ids.com>
Date:   2007-03-22

    Register SIGQUIT signal. This signal can now be used to get a dump of all available contexts, and their value.

 plugins/pcre/pcre-mod.c |   14 +++++++++++---
 1 files changed, 11 insertions(+), 3 deletions(-)

commit 01b8fb7bdf222bb35d1d4a24a1db24940c15a2c7
Author: Yoann Vandoorselaere <yoann.v@prelude-ids.com>
Date:   2007-03-22

    Fix print-input / print-output option, so that they use their optional arguments. Additionally, add a small API for plugin to register signal.

 src/correlation-plugins.c         |   14 +++++++++-
 src/include/correlation-plugins.h |    2 +
 src/include/prelude-correlator.h  |    4 +++
 src/prelude-correlator.c          |   51 ++++++++++++++++++++++++++++++------
 4 files changed, 61 insertions(+), 10 deletions(-)

commit d297f973bdb8c3921c299256876baaeea8dd4763
Author: Yoann Vandoorselaere <yoann.v@prelude-ids.com>
Date:   2007-03-22

    Implement pcre_context_print() and pcre_context_print_all(). Restore timer for any type of context.

 plugins/pcre/pcre-context.c |   65 +++++++++++++++++++++++++++++++++++++++++--
 plugins/pcre/pcre-context.h |    4 ++
 2 files changed, 66 insertions(+), 3 deletions(-)

commit 408813a8f9db1096a8a4d890a9bf6d18b033403a
Author: Yoann Vandoorselaere <yoann.v@prelude-ids.com>
Date:   2007-03-22

    Remove netdb.h inclusion.

 plugins/pcre/rule-regex.c |    1 -
 1 files changed, 0 insertions(+), 1 deletions(-)

commit c4b3e6ad79f25df4389948878d4ccdb08550fa80
Author: Yoann Vandoorselaere <yoann.v@prelude-ids.com>
Date:   2007-03-20

    Add plugin subdir.

 Makefile.am |    2 +-
 1 files changed, 1 insertions(+), 1 deletions(-)

commit 600b5c5f73b3fa850a7eaa3c24461c56776ddde8
Author: Yoann Vandoorselaere <yoann.v@prelude-ids.com>
Date:   2007-03-20

    GnuLib + distcheck work.

 configure.in    |   22 +++++++++++++++++++++-
 src/Makefile.am |    7 ++++---
 2 files changed, 25 insertions(+), 4 deletions(-)

commit 65d2488d61195696478b4f75bbe054c9b3520103
Author: Yoann Vandoorselaere <yoann.v@prelude-ids.com>
Date:   2007-03-20

    GnuLib + distcheck work.

 plugins/pcre/Makefile.am |    4 ++--
 1 files changed, 2 insertions(+), 2 deletions(-)

commit aee2ea4f3f75fb131effbce310a8bb2de6a1ed9e
Author: Yoann Vandoorselaere <yoann.v@prelude-ids.com>
Date:   2007-03-20

    Format string fixes.

 src/prelude-correlator.c |    2 +-
 1 files changed, 1 insertions(+), 1 deletions(-)

commit 285dd30069dfe0a5f328e123aff907b35d663bcb
Author: Yoann Vandoorselaere <yoann.v@prelude-ids.com>
Date:   2007-03-20

    Add support for GnuLib.

 Makefile.am                      |    4 +-
 libmissing/Makefile.am           |  168 ++++++++++++
 libmissing/dummy.c               |   44 +++
 libmissing/gettimeofday.c        |  142 ++++++++++
 libmissing/m4/absolute-header.m4 |   44 +++
 libmissing/m4/extensions.m4      |   58 ++++
 libmissing/m4/gettimeofday.m4    |  101 +++++++
 libmissing/m4/gnulib-cache.m4    |   32 +++
 libmissing/m4/gnulib-common.m4   |   22 ++
 libmissing/m4/gnulib-comp.m4     |  103 +++++++
 libmissing/m4/gnulib-tool.m4     |   33 +++
 libmissing/m4/onceonly_2_57.m4   |   86 ++++++
 libmissing/m4/string_h.m4        |   78 ++++++
 libmissing/m4/strpbrk.m4         |   18 ++
 libmissing/m4/strsep.m4          |   21 ++
 libmissing/m4/sys_time_h.m4      |   61 +++++
 libmissing/string_.h             |  544 ++++++++++++++++++++++++++++++++++++++
 libmissing/strpbrk.c             |   42 +++
 libmissing/strsep.c              |   58 ++++
 libmissing/sys_time_.h           |   44 +++
 20 files changed, 1701 insertions(+), 2 deletions(-)
 create mode 100644 libmissing/Makefile.am
 create mode 100644 libmissing/dummy.c
 create mode 100644 libmissing/gettimeofday.c
 create mode 100644 libmissing/m4/absolute-header.m4
 create mode 100644 libmissing/m4/extensions.m4
 create mode 100644 libmissing/m4/gettimeofday.m4
 create mode 100644 libmissing/m4/gnulib-cache.m4
 create mode 100644 libmissing/m4/gnulib-common.m4
 create mode 100644 libmissing/m4/gnulib-comp.m4
 create mode 100644 libmissing/m4/gnulib-tool.m4
 create mode 100644 libmissing/m4/onceonly_2_57.m4
 create mode 100644 libmissing/m4/string_h.m4
 create mode 100644 libmissing/m4/strpbrk.m4
 create mode 100644 libmissing/m4/strsep.m4
 create mode 100644 libmissing/m4/sys_time_h.m4
 create mode 100644 libmissing/string_.h
 create mode 100644 libmissing/strpbrk.c
 create mode 100644 libmissing/strsep.c
 create mode 100644 libmissing/sys_time_.h

commit 70284ed2446d686d4775c8eb80305b5cc76260b9
Author: Yoann Vandoorselaere <yoann.v@prelude-ids.com>
Date:   2006-12-23

    More error checking when loading context from disk. Use prelude_extract_int32_safe() to read context timeout. Fix an useless warning.

 plugins/pcre/pcre-context.c |   16 ++++++++++------
 1 files changed, 10 insertions(+), 6 deletions(-)

commit 3d7fd93de62ef049b798e4f9385e9e194529e23c
Author: Yoann Vandoorselaere <yoann.v@prelude-ids.com>
Date:   2006-12-23

    Use RETSIGTYPE

 src/prelude-correlator.c |    2 +-
 1 files changed, 1 insertions(+), 1 deletions(-)

commit 97a9edea72a014c79fe6dd1aed4a93ccfdf780a4
Author: Yoann Vandoorselaere <yoann.v@prelude-ids.com>
Date:   2006-12-23

    Make timeout explicit int32_t: we need to know it's size for portable context saving.

 plugins/pcre/pcre-context.h |    2 +-
 1 files changed, 1 insertions(+), 1 deletions(-)

commit 6b7f2826a3bc6fac93f70ff9a14231ab4a71eb3a
Author: Yoann Vandoorselaere <yoann.v@prelude-ids.com>
Date:   2006-12-23

    Fixes time.h inclusion.

 plugins/pcre/pcre-mod.c    |    2 +-
 plugins/pcre/rule-object.c |    1 -
 plugins/pcre/rule-regex.c  |    1 -
 3 files changed, 1 insertions(+), 3 deletions(-)

commit 519010d628a4d91d7beb7fc8a21b9bb4958c1f5b
Author: Yoann Vandoorselaere <yoann.v@prelude-ids.com>
Date:   2006-12-23

    Remove un-needed check. s/prelude-lml/prelude-correlator/

 configure.in |    3 +--
 1 files changed, 1 insertions(+), 2 deletions(-)

commit 7371f4ce83014c1c01d6a07f12ad0c71b5622fb0
Author: Yoann Vandoorselaere <yoann.v@prelude-ids.com>
Date:   2006-11-14

    Slight ruleset fix

 plugins/pcre/ruleset/brute-force.rules |    2 +-
 1 files changed, 1 insertions(+), 1 deletions(-)

commit 4273c58b00694ce9da8cdfbf83e964c5fa16bbaa
Author: Yoann Vandoorselaere <yoann.v@prelude-ids.com>
Date:   2006-11-14

    Correct context pattern matching.

 plugins/pcre/pcre-context.c |    5 ++++-
 1 files changed, 4 insertions(+), 1 deletions(-)

commit 4e9893c6eed76608dbb82ae39a5660fe51569a26
Author: Yoann Vandoorselaere <yoann.v@prelude-ids.com>
Date:   2006-11-13

    Try to avoid code duplication. All context operation now have regexp searching capability.
    Allow separate code block in the form 'if 1 { }'. Remove debug spew.

 plugins/pcre/pcre-context.c    |   40 +++++++++--
 plugins/pcre/pcre-context.h    |    2 +-
 plugins/pcre/pcre-mod.c        |  141 ++++++++++++++++++----------------------
 plugins/pcre/value-container.c |   28 +-------
 4 files changed, 101 insertions(+), 110 deletions(-)

commit b4cb9acf7b075796c9cb85b84910de466bc2ec07
Author: Yoann Vandoorselaere <yoann.v@prelude-ids.com>
Date:   2006-11-13

    - Handle addition on IDMEF context assignement.
    - Handle checking multiple "not" context.
    - Handle reset of multiple timer context.
    - Update rulesets accordingly.

 plugins/pcre/pcre-mod.c                |  355 +++++++++++++++++---------------
 plugins/pcre/ruleset/brute-force.rules |   57 +++---
 plugins/pcre/ruleset/pcre.rules        |    5 +-
 plugins/pcre/ruleset/scan.rules        |  122 +++++------
 plugins/pcre/ruleset/worm.rules        |   43 ++--
 5 files changed, 294 insertions(+), 288 deletions(-)

commit d57f5aee7f90878e4a53573d50efe99a6ff3f146
Author: Yoann Vandoorselaere <yoann.v@prelude-ids.com>
Date:   2006-11-10

    Keep the '$' variable prefix, so that we can do more checking at higher level

 plugins/pcre/pcre-parser.c |    2 +-
 1 files changed, 1 insertions(+), 1 deletions(-)

commit 6e9cc33f9c0b7af67c82320e81e73d74ea1ad426
Author: Yoann Vandoorselaere <yoann.v@prelude-ids.com>
Date:   2006-11-09

    Implement "else if" and "else" command. Various bug fix in "if" command handling. Implement assignement of multiple values.

 plugins/pcre/pcre-mod.c |  254 +++++++++++++++++++++++++++++++++--------------
 1 files changed, 179 insertions(+), 75 deletions(-)

commit 753cbebe46b3b05f497bc45d94481382a11090b2
Author: Yoann Vandoorselaere <yoann.v@prelude-ids.com>
Date:   2006-11-09

    List initialization.

 plugins/pcre/value-container.c |    3 +++
 1 files changed, 3 insertions(+), 0 deletions(-)

commit aca3060a4782c9841cd50e7b44cc3646c639dfcb
Author: Yoann Vandoorselaere <yoann.v@prelude-ids.com>
Date:   2006-11-09

    Cleanup. Make it possible to have a variable list index.

 plugins/pcre/value-container.c |  172 +++++++++++++++++++++++++---------------
 1 files changed, 108 insertions(+), 64 deletions(-)

commit 4171b7d9441b77dcf1bf87648800a2969e431def
Author: Yoann Vandoorselaere <yoann.v@prelude-ids.com>
Date:   2006-11-09

    Round float values before converting them to string.

 plugins/pcre/pcre-context.c |    4 ++--
 1 files changed, 2 insertions(+), 2 deletions(-)

commit 2df2310304bc6cf9c6238b287d12f85214ab4be1
Author: Yoann Vandoorselaere <yoann.v@prelude-ids.com>
Date:   2006-11-09

    Fix raw IDMEF list copy (example: target = target).

 plugins/pcre/rule-object.c |   28 ++++++++++++++++++++++++----
 1 files changed, 24 insertions(+), 4 deletions(-)

commit 9c46d91fa0437aa232ad5114bcc91974b57c3a99
Author: Yoann Vandoorselaere <yoann.v@prelude-ids.com>
Date:   2006-11-07

    Remove debugging spew.

 plugins/pcre/pcre-context.c |    4 +---
 1 files changed, 1 insertions(+), 3 deletions(-)

commit c203f26415f56e1ad6a4d41de6c87569f804959e
Author: Yoann Vandoorselaere <yoann.v@prelude-ids.com>
Date:   2006-11-07

    Datatype fix. Fix a possible memory leak on context destruction.

 plugins/pcre/pcre-mod.c |    6 ++++--
 1 files changed, 4 insertions(+), 2 deletions(-)

commit 4afecad331368702a46f825d8e819b800d44baf1
Author: Yoann Vandoorselaere <yoann.v@prelude-ids.com>
Date:   2006-11-07

    Error handling cleanup

 plugins/pcre/pcre-context.c |   14 +++++++-------
 plugins/pcre/pcre-context.h |    2 +-
 plugins/pcre/pcre-mod.c     |    7 ++++---
 3 files changed, 12 insertions(+), 11 deletions(-)

commit 7c06af2224d424ca07c5bf4e7c95febf05d22bdf
Author: Yoann Vandoorselaere <yoann.v@prelude-ids.com>
Date:   2006-11-07

    Remove old unused code.

 plugins/pcre/pcre-mod.c   |  167 +--------------------------------------------
 plugins/pcre/pcre-mod.h   |    5 +-
 plugins/pcre/rule-regex.c |    5 --
 3 files changed, 4 insertions(+), 173 deletions(-)

commit 06dbe37970f1f4a698f698817413285642a73540
Author: Yoann Vandoorselaere <yoann.v@prelude-ids.com>
Date:   2006-11-07

    Remove unused global

 plugins/pcre/ruleset/worm.rules |    4 ----
 1 files changed, 0 insertions(+), 4 deletions(-)

commit 9bae44a50e16747ef129200b10b362d2f9a6c3af
Author: Yoann Vandoorselaere <yoann.v@prelude-ids.com>
Date:   2006-11-06

    Let pcre-context resolve the IDMEF message.

 plugins/pcre/value-container.c |   16 ++++++++++------
 1 files changed, 10 insertions(+), 6 deletions(-)

commit c2b54aec6f2b8eb383ed00cd45f981fd1d5549fa
Author: Yoann Vandoorselaere <yoann.v@prelude-ids.com>
Date:   2006-11-06

    As of now, context require the '$' prefix.

 plugins/pcre/ruleset/brute-force.rules |   12 ++++++------
 plugins/pcre/ruleset/scan.rules        |   18 +++++++++---------
 plugins/pcre/ruleset/worm.rules        |   11 +++++------
 3 files changed, 20 insertions(+), 21 deletions(-)

commit e93d0f0989b7b714ce66778a0e5775401de2f842
Author: Yoann Vandoorselaere <yoann.v@prelude-ids.com>
Date:   2006-11-06

    removed.

 plugins/pcre/context-save-restore.c |  453 -----------------------------------
 plugins/pcre/context-save-restore.h |   26 --
 2 files changed, 0 insertions(+), 479 deletions(-)
 delete mode 100644 plugins/pcre/context-save-restore.c
 delete mode 100644 plugins/pcre/context-save-restore.h

commit f3376ab494c620e01388dd48a1897b3200c2ce0f
Author: Yoann Vandoorselaere <yoann.v@prelude-ids.com>
Date:   2006-11-06

    Move context save/restore to pcre-context.c. pcre_context_set_value_from_string() can now resolve IDMEF context. Various bugfix.

 plugins/pcre/Makefile.am    |    1 -
 plugins/pcre/pcre-context.c |  474 +++++++++++++++++++++++++++++++++++++++++--
 plugins/pcre/pcre-context.h |    7 +-
 plugins/pcre/pcre-mod.c     |   21 +-
 4 files changed, 472 insertions(+), 31 deletions(-)

commit f3ec88793424cb55daef617b132196e63922d6e8
Author: Yoann Vandoorselaere <yoann.v@prelude-ids.com>
Date:   2006-11-06

    Allow 'if' command without comparison value. Useful to check whether a context exist. Ability to check several context at once.

 plugins/pcre/pcre-mod.c |   82 ++++++++++++++++++++++++++++++++--------------
 1 files changed, 57 insertions(+), 25 deletions(-)

commit bfbddea4c3b277c84265e17d44df28953834768d
Author: Yoann Vandoorselaere <yoann.v@prelude-ids.com>
Date:   2006-11-06

    Check that context name is always prefixed with '$', error out if it is not. Fix a bug with 'alert' operation not being added to the good path (out of if/for branch).

 plugins/pcre/pcre-mod.c |   29 ++++++++++++++++++++++-------
 1 files changed, 22 insertions(+), 7 deletions(-)

commit 22f06ebebf63f48f8c132ae94b5fd49f582fa32b
Author: Yoann Vandoorselaere <yoann.v@prelude-ids.com>
Date:   2006-11-04

    Slight reordering

 plugins/pcre/pcre-mod.c |    4 ++--
 1 files changed, 2 insertions(+), 2 deletions(-)

commit 75cdb40c276171e596c41248dded0a5f1ba04fa2
Author: Yoann Vandoorselaere <yoann.v@prelude-ids.com>
Date:   2006-11-04

    Fix double free

 plugins/pcre/pcre-context.c |    3 ---
 1 files changed, 0 insertions(+), 3 deletions(-)

commit da25297bbde1005c975aca273cc0173b7595f982
Author: Yoann Vandoorselaere <yoann.v@prelude-ids.com>
Date:   2006-11-03

    Demonstration of newer feature

 plugins/pcre/ruleset/example.rules |   37 ++++++++++++++++++++++++++++++++++++
 1 files changed, 37 insertions(+), 0 deletions(-)
 create mode 100644 plugins/pcre/ruleset/example.rules

commit 13b6c0b7326c9f85f7c8ff45c824a8238e8201d9
Author: Yoann Vandoorselaere <yoann.v@prelude-ids.com>
Date:   2006-11-03

    Complete rework of the pcre plugin. Support for dynamic rule scripting:
    - Context might now embed IDMEF, string, or float value.
    - Support for if/for.
    - Rule might be triggered through a crontab like schedule rather than an alert pattern.
    - Context might reference other context.

 plugins/pcre/Makefile.am               |   11 +-
 plugins/pcre/context-save-restore.c    |   94 ++-
 plugins/pcre/pcre-context.c            |  449 ++++++++++
 plugins/pcre/pcre-context.h            |  104 +++
 plugins/pcre/pcre-mod.c                | 1485 ++++++++++++++++++++++---------
 plugins/pcre/pcre-mod.h                |   65 +--
 plugins/pcre/pcre-parser.c             |  173 ++++
 plugins/pcre/pcre-parser.h             |   25 +
 plugins/pcre/rule-object.c             |   19 +-
 plugins/pcre/rule-object.h             |    3 +-
 plugins/pcre/rule-regex.c              |   89 +--
 plugins/pcre/rule-regex.h              |    2 +-
 plugins/pcre/ruleset/brute-force.rules |   15 +-
 plugins/pcre/ruleset/firewall.rules    |   25 +-
 plugins/pcre/ruleset/scan.rules        |   21 +-
 plugins/pcre/ruleset/worm.rules        |   30 +-
 plugins/pcre/value-container.c         |  268 +++++-
 plugins/pcre/value-container.h         |    6 +-
 18 files changed, 2205 insertions(+), 679 deletions(-)
 create mode 100644 plugins/pcre/pcre-context.c
 create mode 100644 plugins/pcre/pcre-context.h
 create mode 100644 plugins/pcre/pcre-parser.c
 create mode 100644 plugins/pcre/pcre-parser.h

commit 0659aece52cdaa747dea290183f788c667d2d8c0
Author: Yoann Vandoorselaere <yoann.v@prelude-ids.com>
Date:   2006-11-03

    The alert might remain cached after it is sent, only add the analyzer object once, remove it afterwise.

 src/prelude-correlator.c |    8 +++++++-
 1 files changed, 7 insertions(+), 1 deletions(-)

commit 56c785a08f976ec42940529ff05a60d8cf80a0bf
Author: Yoann Vandoorselaere <yoann.v@prelude-ids.com>
Date:   2006-10-19

    Revert un-necessary code modification

 plugins/pcre/value-container.c |   11 -----------
 plugins/pcre/value-container.h |    2 --
 2 files changed, 0 insertions(+), 13 deletions(-)

commit 6d240d3932f0f061f17dfe1d61bcd3c9b4821a07
Author: Yoann Vandoorselaere <yoann.v@prelude-ids.com>
Date:   2006-10-19

    Cache the prelude_msg_t object since it's used by the IDMEF message.

 plugins/pcre/context-save-restore.c |    4 +++-
 1 files changed, 3 insertions(+), 1 deletions(-)

commit 4dd46ec5ee3fcbf115df0dad2239d8796353176d
Author: Yoann Vandoorselaere <yoann.v@prelude-ids.com>
Date:   2006-10-19

    - Require libprelude 0.9.11. Define a runtime savedir.
    - Ability to save & restore context accross prelude-correlator run.

 Makefile.am                         |    1 +
 configure.in                        |    5 +-
 plugins/pcre/Makefile.am            |    2 +-
 plugins/pcre/context-save-restore.c |  401 +++++++++++++++++++++++++++++++++++
 plugins/pcre/context-save-restore.h |   26 +++
 plugins/pcre/pcre-mod.c             |  111 ++++++++--
 plugins/pcre/pcre-mod.h             |   16 ++-
 plugins/pcre/value-container.c      |   11 +
 plugins/pcre/value-container.h      |    2 +
 9 files changed, 553 insertions(+), 22 deletions(-)
 create mode 100644 plugins/pcre/context-save-restore.c
 create mode 100644 plugins/pcre/context-save-restore.h

commit f19b6a8c4420aa8ca89c43d90712c9979db77e2a
Author: Yoann Vandoorselaere <yoann.v@prelude-ids.com>
Date:   2006-10-17

    Make sure the destroy() function is called once for each plugin instance on exit.

 src/correlation-plugins.c         |   17 +++++++++++++++++
 src/include/correlation-plugins.h |    3 +++
 src/prelude-correlator.c          |    2 ++
 3 files changed, 22 insertions(+), 0 deletions(-)

commit 770a0daa0f600d3fdf31d8e95ba2bba1932a953f
Author: Gene Ramon Gomez <ggomez@ragingwire.com>
Date:   2006-08-25

    Implement floating threshold windows

 plugins/pcre/ruleset/brute-force.rules |   12 ++++-
 plugins/pcre/ruleset/firewall.rules    |   23 +++++----
 plugins/pcre/ruleset/scan.rules        |   94 ++++++++++++++++++--------------
 plugins/pcre/ruleset/worm.rules        |    7 ++-
 4 files changed, 81 insertions(+), 55 deletions(-)

commit 41b5ef67d1078a7396fb26cea538c35d78c9fcf4
Author: Gene Ramon Gomez <ggomez@ragingwire.com>
Date:   2006-08-25

    Fix required field regex

 plugins/pcre/ruleset/brute-force.rules |    8 ++++----
 plugins/pcre/ruleset/scan.rules        |    4 ++--
 2 files changed, 6 insertions(+), 6 deletions(-)

commit 0d10b4b97c039b0a1603fd4fe3cfdeeda3d9a02a
Author: Yoann Vandoorselaere <yoann.v@prelude-ids.com>
Date:   2006-08-23

    New rules format. The new format take into account the order in which the operation
    are specified rather than applying our own order. New ruleset keyword: "reset_timer"
    and "check_correlation".

 plugins/pcre/pcre-mod.c                |  432 ++++++++++++++++++++++++-------
 plugins/pcre/pcre-mod.h                |   40 ++--
 plugins/pcre/rule-regex.c              |  249 ++-----------------
 plugins/pcre/ruleset/brute-force.rules |   66 +++---
 plugins/pcre/ruleset/firewall.rules    |   35 ++--
 plugins/pcre/ruleset/scan.rules        |  102 ++++----
 plugins/pcre/ruleset/worm.rules        |   45 +++-
 plugins/pcre/value-container.c         |    2 +-
 8 files changed, 521 insertions(+), 450 deletions(-)

commit b694b32f14e123657f37890ca96ebf2f7d34b538
Author: Gene Ramon Gomez <ggomez@ragingwire.com>
Date:   2006-08-21

    Implement Eventscan/Eventsweep/Eventstorm rules

 plugins/pcre/ruleset/Makefile.am |    6 ++-
 plugins/pcre/ruleset/pcre.rules  |    7 ++-
 plugins/pcre/ruleset/scan.rules  |  102 ++++++++++++++++++++++++++++++++++++++
 3 files changed, 112 insertions(+), 3 deletions(-)
 create mode 100644 plugins/pcre/ruleset/scan.rules

commit e699c22930d012ba837047a7ef31a6a05ce11806
Author: Gene Ramon Gomez <ggomez@ragingwire.com>
Date:   2006-08-21

    Fix documentation

 plugins/pcre/ruleset/brute-force.rules |   22 +++++-----------------
 plugins/pcre/ruleset/firewall.rules    |    4 ++--
 plugins/pcre/ruleset/worm.rules        |    7 ++++---
 3 files changed, 11 insertions(+), 22 deletions(-)

commit 0f5c18fe6212e69ecbdec45abec849a4cee3412f
Author: Yoann Vandoorselaere <yoann.v@prelude-ids.com>
Date:   2006-08-17

    Fix linked list corruption on prelude_string_destroy().

 plugins/pcre/value-container.c |    8 +++++---
 1 files changed, 5 insertions(+), 3 deletions(-)

commit 4cd0360630d69bf53751f4489141cc2d25865e9f
Author: Yoann Vandoorselaere <yoann.v@prelude-ids.com>
Date:   2006-08-16

    Use the left operand as the path, since it's where append/prepend attribute might be used.

 plugins/pcre/rule-object.c |    4 ++--
 1 files changed, 2 insertions(+), 2 deletions(-)

commit 865eaed59251a6ff80abd990aea9aa43b5fb767e
Author: Yoann Vandoorselaere <yoann.v@prelude-ids.com>
Date:   2006-08-15

    Fix parsing of value with escaped character.

 plugins/pcre/value-container.c |   12 ++++++------
 1 files changed, 6 insertions(+), 6 deletions(-)

commit 3bdf02d56da4c3d43417770efd92d44e76126939
Author: Yoann Vandoorselaere <yoann.v@prelude-ids.com>
Date:   2006-08-15

    Modify value-container so that we can now handle listed value. That is, when a pattern
    match several element and store them in a single value, the value can be addressed using
    an index (positive, or negative for backward indexing). Updated the rules to match the
    new variable format.

 plugins/pcre/ruleset/brute-force.rules |   20 ++--
 plugins/pcre/ruleset/firewall.rules    |    8 +-
 plugins/pcre/ruleset/worm.rules        |   10 +-
 plugins/pcre/value-container.c         |  158 +++++++++++++++++++++-----------
 4 files changed, 124 insertions(+), 72 deletions(-)

commit 75c738043b07395f9851fad3e6a1ce30ad9620fd
Author: Yoann Vandoorselaere <yoann.v@prelude-ids.com>
Date:   2006-08-14

    Make capture-string handle negative index, so that listed value can be handled backward.

 plugins/pcre/capture-string.c |   18 +++++++++++++-----
 plugins/pcre/capture-string.h |    4 ++--
 2 files changed, 15 insertions(+), 7 deletions(-)

commit e0aaf79168a38a0ac67e0220aa9ac52442ef3ae1
Author: Yoann Vandoorselaere <yoann.v@prelude-ids.com>
Date:   2006-08-14

    Handle context destruction of listed value.

 plugins/pcre/rule-regex.c |   24 ++++++++++++++++--------
 1 files changed, 16 insertions(+), 8 deletions(-)

commit 162f710330740d7af18a3aad0c5785ebb473d1e5
Author: Yoann Vandoorselaere <yoann.v@prelude-ids.com>
Date:   2006-08-14

    Alway copy source/target object to the created CorrelationAlert.

 plugins/pcre/ruleset/brute-force.rules |   17 +++++++++--------
 1 files changed, 9 insertions(+), 8 deletions(-)

commit 4f1041a973473193af80665860a0fc49e2b6cc34
Author: Yoann Vandoorselaere <yoann.v@prelude-ids.com>
Date:   2006-08-14

    Using the pre_action keyword, this detection can be performed in 1 rules instead of 2.

 plugins/pcre/ruleset/worm.rules |   34 +++++++++-------------------------
 1 files changed, 9 insertions(+), 25 deletions(-)

commit 8f8c7ea66ad186252c52742940c34e477fd7fddb
Author: Yoann Vandoorselaere <yoann.v@prelude-ids.com>
Date:   2006-08-14

    Fix a bug with context that both require and create context.

 plugins/pcre/rule-regex.c |   36 ++++++++++++++++++++++++++++++++----
 1 files changed, 32 insertions(+), 4 deletions(-)

commit 6e374b18620d67a5e0d1d67e8ebdd9ea5e090d2c
Author: Yoann Vandoorselaere <yoann.v@prelude-ids.com>
Date:   2006-08-14

    Handle NULL value.

 plugins/pcre/rule-object.c |    6 ++++--
 1 files changed, 4 insertions(+), 2 deletions(-)

commit b99d7dbb3a3875a7b67b3b15d1c7341acd0cf623
Author: Yoann Vandoorselaere <yoann.v@prelude-ids.com>
Date:   2006-08-13

    Add missing copyright notice.

 plugins/pcre/capture-string.c     |   23 +++++++++++++++++++++++
 src/correlation-plugins.c         |   23 +++++++++++++++++++++++
 src/include/correlation-plugins.h |   23 +++++++++++++++++++++++
 src/include/prelude-correlator.h  |   23 +++++++++++++++++++++++
 src/prelude-correlator.c          |   23 +++++++++++++++++++++++
 5 files changed, 115 insertions(+), 0 deletions(-)

commit e5fff4d75bc6c118d8522bfeec8b881e5a99293f
Author: Yoann Vandoorselaere <yoann.v@prelude-ids.com>
Date:   2006-08-13

    Fix a warning.

 plugins/pcre/value-container.c |    4 ++--
 1 files changed, 2 insertions(+), 2 deletions(-)

commit b0f1fd9f1db981a591eed4be448cbf9c4657c551
Author: Gene Ramon Gomez <ggomez@ragingwire.com>
Date:   2006-08-07

    Default disables added

 plugins/pcre/ruleset/pcre.rules |    8 +++++---
 1 files changed, 5 insertions(+), 3 deletions(-)

commit 7dce477167ff6fa61b70571462714f7749a86830
Author: Yoann Vandoorselaere <yoann.v@prelude-ids.com>
Date:   2006-08-07

    Implement automatic object comparison, when copying IDMEFAlert data to the generated CorrelationAlert. That way, we never end up with duplicated object within the generated CorrelationAlert. Require latest libprelude work.

 plugins/pcre/rule-object.c |   75 +++++++++++++++++++++++++++++++++++++++-----
 1 files changed, 67 insertions(+), 8 deletions(-)

commit 0069d9025c5c5c167619b1b9287f58e2bf3cdbfd
Author: Yoann Vandoorselaere <yoann.v@prelude-ids.com>
Date:   2006-07-31

    Fix brute-force ruleset

 plugins/pcre/ruleset/brute-force.rules |   10 +++++++---
 1 files changed, 7 insertions(+), 3 deletions(-)

commit feefb8170f59c99c4240157f821a004442f18bb1
Author: Yoann Vandoorselaere <yoann.v@prelude-ids.com>
Date:   2006-07-31

    Declare pcre_context_set_idmef() function

 plugins/pcre/pcre-mod.h |    2 ++
 1 files changed, 2 insertions(+), 0 deletions(-)

commit 47ffa04aaeb8020fb2660fa05ff637424dd6f45d
Author: Yoann Vandoorselaere <yoann.v@prelude-ids.com>
Date:   2006-07-31

    Do not install correlation-plugins.h private header

 src/include/Makefile.am |    3 ++-
 1 files changed, 2 insertions(+), 1 deletions(-)

commit 8edc64efd768f74295434d4a7bad2a67f14ef03a
Author: Yoann Vandoorselaere <yoann.v@prelude-ids.com>
Date:   2006-07-31

    Introduce pcre_context_set_idmef() to set the IDMEF object after context creation.
    
    Since the IDMEF object might be set after context creation, we have to iterate through
    newly created context in order to set the object.

 plugins/pcre/pcre-mod.c   |   22 +++++++++++++++-------
 plugins/pcre/rule-regex.c |   43 ++++++++++++++++++++++++++-----------------
 2 files changed, 41 insertions(+), 24 deletions(-)

commit 5aff39f0bfab045dad297e1c0337800af0f1f5b8
Author: Yoann Vandoorselaere <yoann.v@prelude-ids.com>
Date:   2006-07-30

    Fix dist.

 HACKING.README          |   14 ++++++++++++++
 src/include/Makefile.am |    2 +-
 2 files changed, 15 insertions(+), 1 deletions(-)
 create mode 100644 HACKING.README

commit 3425099580bc2bba680c5db6ba2fe308bde81499
Author: Yoann Vandoorselaere <yoann.v@prelude-ids.com>
Date:   2006-07-13

    Require libprelude >= 0.9.10

 configure.in |    2 +-
 1 files changed, 1 insertions(+), 1 deletions(-)

commit eb1cc0f1bd236e13f60da57bd72d9e4d10edf5a6
Author: Yoann Vandoorselaere <yoann.v@prelude-ids.com>
Date:   2006-07-05

    Fix IDMEF path leak on error.

 plugins/pcre/rule-object.c |    1 +
 1 files changed, 1 insertions(+), 0 deletions(-)

commit 2d9f70dca69cefca2716bdec30c9373f8d7fcde1
Author: Yoann Vandoorselaere <yoann.v@prelude-ids.com>
Date:   2006-06-29

    Use multiple context + IDMEF object copy feature.

 plugins/pcre/ruleset/brute-force.rules |   23 ++++++++++++++---------
 plugins/pcre/ruleset/worm.rules        |   19 ++++++++++++-------
 2 files changed, 26 insertions(+), 16 deletions(-)

commit d4f1375916e8974711e6406fe1cf09565780d9d9
Author: Yoann Vandoorselaere <yoann.v@prelude-ids.com>
Date:   2006-06-29

    Remove last keyword, which prevented processing of further rules. Use add_context rather than new_context, in order to not miss packet drop. Make use of object copy in the generated alerts.

 plugins/pcre/ruleset/firewall.rules |   12 +++++++-----
 1 files changed, 7 insertions(+), 5 deletions(-)

commit 06d356a6aec12ba5098b1ba4c4f886812c1df0cd
Author: Yoann Vandoorselaere <yoann.v@prelude-ids.com>
Date:   2006-06-29

    All list are now flat. Make handling multiple value much simpler.

 plugins/pcre/value-container.c |   46 ++++++++++++++++++---------------------
 1 files changed, 21 insertions(+), 25 deletions(-)

commit fc6b270efaf2ad0b5f407acbd3654083eff222ff
Author: Yoann Vandoorselaere <yoann.v@prelude-ids.com>
Date:   2006-06-29

    Fix typo.

 plugins/pcre/rule-regex.c |    2 +-
 1 files changed, 1 insertions(+), 1 deletions(-)

commit 28be4eab32ca40a7836a28a59bc528ef96705b41
Author: Yoann Vandoorselaere <yoann.v@prelude-ids.com>
Date:   2006-06-29

    Avoid un-necessary copy, by using capture_string_get_parent()

 plugins/pcre/rule-regex.c |   19 +++++++++++++------
 1 files changed, 13 insertions(+), 6 deletions(-)

commit 470075ef640ec25bfcb1ab4835fefe1f694ba7b4
Author: Yoann Vandoorselaere <yoann.v@prelude-ids.com>
Date:   2006-06-29

    Ooops.

 plugins/pcre/capture-string.h |    2 ++
 1 files changed, 2 insertions(+), 0 deletions(-)

commit 65e3fe0634e995233118e917168f823467a90d19
Author: Yoann Vandoorselaere <yoann.v@prelude-ids.com>
Date:   2006-06-29

    Implement capture_string_get_parent().

 plugins/pcre/capture-string.c |   17 ++++++++++++++---
 1 files changed, 14 insertions(+), 3 deletions(-)

commit 6363d20f146f60246139096cbe129b8968b76ad6
Author: Yoann Vandoorselaere <yoann.v@prelude-ids.com>
Date:   2006-06-27

    Add missing

 prelude-correlator.conf.in |   26 ++++++++++++++++++++++++++
 1 files changed, 26 insertions(+), 0 deletions(-)
 create mode 100644 prelude-correlator.conf.in

commit 68bb2ba05de12d6349ff78ab6682e969678853ad
Author: Yoann Vandoorselaere <yoann.v@prelude-ids.com>
Date:   2006-06-23

    Don't check for ambiguous IDMEF path. Now allowed for copy. Miscelaneous bug fixes

 plugins/pcre/rule-object.c |   14 +++++---------
 1 files changed, 5 insertions(+), 9 deletions(-)

commit 71bcb86253d016bd76a5da63cc58ccbfd1ee244c
Author: Yoann Vandoorselaere <yoann.v@prelude-ids.com>
Date:   2006-06-16

    Install worm.rules

 plugins/pcre/ruleset/Makefile.am |    2 +-
 1 files changed, 1 insertions(+), 1 deletions(-)

commit 73d33ac417861f2e7e9051195d87ab305f30afb4
Author: Yoann Vandoorselaere <yoann.v@prelude-ids.com>
Date:   2006-06-16

    Configuration file handling. Install default file.

 Makefile.am              |   19 ++++++++++++++++++-
 configure.in             |    7 +++++++
 src/prelude-correlator.c |   21 +++++++++++++++++++--
 3 files changed, 44 insertions(+), 3 deletions(-)

commit ae98abc0c878a1eb6bc191090d725bd50c2d2be9
Author: Yoann Vandoorselaere <yoann.v@prelude-ids.com>
Date:   2006-06-16

    Fix potential double free.

 plugins/pcre/value-container.c |    3 ++-
 1 files changed, 2 insertions(+), 1 deletions(-)

commit 1a0da29fbff3a500ea1b4b2452883d89ffdd0ede
Author: Yoann Vandoorselaere <yoann.v@prelude-ids.com>
Date:   2006-06-09

    Preliminary support for object to object copy. Won't work until recent object copy
    work is checked in libprelude repository.

 plugins/pcre/rule-object.c |   28 ++++++++++++++++++++++++----
 1 files changed, 24 insertions(+), 4 deletions(-)

commit 86d806db40a691ee694401a5a673bed0edf873c6
Author: Yoann Vandoorselaere <yoann.v@prelude-ids.com>
Date:   2006-06-09

    In the near future, correlation rule are going to be able to use IDMEF object
    copy. This mean that a correlation alert might be raised from a received alert,
    using the received message as the "base" message. In this case, we want to reset
    the alert messageID so that libprelude automatically allocate a new one. We also
    manually set the correlator analyzer object, since libprelude will assume we already
    did it if the analyzer list is not empty.

 src/prelude-correlator.c |   14 ++++++++++++--
 1 files changed, 12 insertions(+), 2 deletions(-)

commit a17965a527d99caab5510502529965fc4c635380
Author: Yoann Vandoorselaere <yoann.v@prelude-ids.com>
Date:   2006-06-07

    Port worm.rules from old SEC format.

 plugins/pcre/ruleset/pcre.rules |    3 +-
 plugins/pcre/ruleset/worm.rules |   56 ++++++++++++--------------------------
 2 files changed, 20 insertions(+), 39 deletions(-)

commit 05eb1017f8806a71d3169a32d7b53b676378dd1f
Author: Yoann Vandoorselaere <yoann.v@prelude-ids.com>
Date:   2006-06-07

    Print context name

 plugins/pcre/pcre-mod.c |    4 ++--
 1 files changed, 2 insertions(+), 2 deletions(-)

commit 0e9b9546c60c9a336c249379065e89b5c6753139
Author: Yoann Vandoorselaere <yoann.v@prelude-ids.com>
Date:   2006-05-31

    Implement support for creating multiple context from retrieved value that
    are listed. Open a new room of possibility.

 plugins/pcre/rule-regex.c      |   57 ++++++----
 plugins/pcre/value-container.c |  230 +++++++++++++++++++++++++++++++++++-----
 plugins/pcre/value-container.h |    3 +
 3 files changed, 239 insertions(+), 51 deletions(-)

commit fe4e58c4b0d5fc8fd9db7b7c8ebf411bd641e792
Author: Yoann Vandoorselaere <yoann.v@prelude-ids.com>
Date:   2006-05-31

    Fix some parser problem.

 plugins/pcre/pcre-mod.c |   18 +++++++++---------
 1 files changed, 9 insertions(+), 9 deletions(-)

commit 88f68c81a40569b935a53dbf18d2efc589e11c46
Author: Yoann Vandoorselaere <yoann.v@prelude-ids.com>
Date:   2006-05-30

    Prevent last keyword from affecting other rules

 plugins/pcre/ruleset/firewall.rules |    6 +++---
 1 files changed, 3 insertions(+), 3 deletions(-)

commit d46fa75a380115e12d55789e68ff5d314d59ad62
Author: Yoann Vandoorselaere <yoann.v@prelude-ids.com>
Date:   2006-05-30

    Cosmetic changes

 plugins/pcre/ruleset/brute-force.rules |    6 +++---
 1 files changed, 3 insertions(+), 3 deletions(-)

commit c2a45680460d80e903920de61c820d896d424ad8
Author: Yoann Vandoorselaere <yoann.v@prelude-ids.com>
Date:   2006-05-26

    Correctly set dry-run option callback.

 src/prelude-correlator.c |    2 +-
 1 files changed, 1 insertions(+), 1 deletions(-)

commit aa2241efb103b8534d9e82d04ccc188359c080c4
Author: Gene Ramon Gomez <ggomez@ragingwire.com>
Date:   2006-05-14

    Add credit header to brute-force.rules, start worm.rules

 plugins/pcre/ruleset/brute-force.rules |   23 +++++++++
 plugins/pcre/ruleset/worm.rules        |   78 ++++++++++++++++++++++++++++++++
 2 files changed, 101 insertions(+), 0 deletions(-)
 create mode 100644 plugins/pcre/ruleset/worm.rules

commit 8b32563209e881cc46417499d23e80d9cc9119fa
Author: Yoann Vandoorselaere <yoann.v@prelude-ids.com>
Date:   2006-05-04

    Detailed error message

 plugins/pcre/pcre-mod.c |    4 ++--
 1 files changed, 2 insertions(+), 2 deletions(-)

commit 447f7eb2835cc8c28a8f00eb20805ae4d5d4fdb1
Author: Yoann Vandoorselaere <yoann.v@prelude-ids.com>
Date:   2006-04-28

    Implement --dry-run mode.

 src/prelude-correlator.c |   24 ++++++++++++++++++------
 1 files changed, 18 insertions(+), 6 deletions(-)

commit 779128368af57b5c2832083af9858962f42ce003
Author: Yoann Vandoorselaere <yoann.v@prelude-ids.com>
Date:   2006-04-28

    Correct the way correlation check are done.

 plugins/pcre/pcre-mod.c   |   23 ++++++-----
 plugins/pcre/pcre-mod.h   |    2 +-
 plugins/pcre/rule-regex.c |   94 +++++++++++++++++++++++++++------------------
 3 files changed, 69 insertions(+), 50 deletions(-)

commit 4833fd413e371d4d4303cd6f350ff3d335a52418
Author: Yoann Vandoorselaere <yoann.v@prelude-ids.com>
Date:   2006-04-28

    Correct last/silent usage.

 plugins/pcre/ruleset/brute-force.rules |    2 +-
 plugins/pcre/ruleset/firewall.rules    |   12 +++++++-----
 2 files changed, 8 insertions(+), 6 deletions(-)

commit df294bfa320c9711f5c8d92a54243d07ddc57655
Author: Yoann Vandoorselaere <yoann.v@prelude-ids.com>
Date:   2006-04-27

     r8189@arwen:  yoann | 2006-04-27 18:12:09 +0200
     New string capture interface. Needed for future listed value handling.

 plugins/pcre/Makefile.am       |    4 +-
 plugins/pcre/capture-string.c  |  113 +++++++++++++++++++++++
 plugins/pcre/capture-string.h  |   41 +++++++++
 plugins/pcre/rule-object.c     |    4 +-
 plugins/pcre/rule-object.h     |    4 +-
 plugins/pcre/rule-regex.c      |  196 +++++++++++++++++++++++-----------------
 plugins/pcre/value-container.c |   23 +++--
 plugins/pcre/value-container.h |    4 +-
 8 files changed, 290 insertions(+), 99 deletions(-)
 create mode 100644 plugins/pcre/capture-string.c
 create mode 100644 plugins/pcre/capture-string.h

commit 61bc98e595fb9226fd7293135245f64803e270ef
Author: Yoann Vandoorselaere <yoann.v@prelude-ids.com>
Date:   2006-04-27

     r8188@arwen:  yoann | 2006-04-27 16:12:55 +0200
     Import prelude-correlator.

 COPYING                                |  340 ++++++++++
 INSTALL                                |  236 +++++++
 Makefile.am                            |    3 +
 autogen.sh                             |    9 +
 configure.in                           |  115 ++++
 m4/ax_cflags_gcc_option.m4             |  183 ++++++
 m4/libprelude.m4                       |  176 +++++
 plugins/Makefile.am                    |    1 +
 plugins/pcre/Makefile.am               |   10 +
 plugins/pcre/pcre-mod.c                | 1113 ++++++++++++++++++++++++++++++++
 plugins/pcre/pcre-mod.h                |  123 ++++
 plugins/pcre/rule-object.c             |  252 +++++++
 plugins/pcre/rule-object.h             |   39 ++
 plugins/pcre/rule-regex.c              |  515 +++++++++++++++
 plugins/pcre/rule-regex.h              |   30 +
 plugins/pcre/ruleset/Makefile.am       |    3 +
 plugins/pcre/ruleset/brute-force.rules |   56 ++
 plugins/pcre/ruleset/firewall.rules    |   59 ++
 plugins/pcre/ruleset/pcre.rules        |    3 +
 plugins/pcre/value-container.c         |  283 ++++++++
 plugins/pcre/value-container.h         |   42 ++
 src/Makefile.am                        |   10 +
 src/correlation-plugins.c              |   68 ++
 src/include/Makefile.am                |    3 +
 src/include/correlation-plugins.h      |    3 +
 src/include/prelude-correlator.h       |   14 +
 src/prelude-correlator.c               |  378 +++++++++++
 27 files changed, 4067 insertions(+), 0 deletions(-)
 create mode 100644 AUTHORS
 create mode 100644 COPYING
 create mode 100644 ChangeLog
 create mode 100644 INSTALL
 create mode 100644 Makefile.am
 create mode 100644 NEWS
 create mode 100644 README
 create mode 100755 autogen.sh
 create mode 100644 configure.in
 create mode 100644 m4/ax_cflags_gcc_option.m4
 create mode 100644 m4/libprelude.m4
 create mode 100644 plugins/Makefile.am
 create mode 100644 plugins/pcre/Makefile.am
 create mode 100644 plugins/pcre/pcre-mod.c
 create mode 100644 plugins/pcre/pcre-mod.h
 create mode 100644 plugins/pcre/rule-object.c
 create mode 100644 plugins/pcre/rule-object.h
 create mode 100644 plugins/pcre/rule-regex.c
 create mode 100644 plugins/pcre/rule-regex.h
 create mode 100644 plugins/pcre/ruleset/Makefile.am
 create mode 100644 plugins/pcre/ruleset/brute-force.rules
 create mode 100644 plugins/pcre/ruleset/firewall.rules
 create mode 100644 plugins/pcre/ruleset/pcre.rules
 create mode 100644 plugins/pcre/value-container.c
 create mode 100644 plugins/pcre/value-container.h
 create mode 100644 src/Makefile.am
 create mode 100644 src/correlation-plugins.c
 create mode 100644 src/include/Makefile.am
 create mode 100644 src/include/correlation-plugins.h
 create mode 100644 src/include/prelude-correlator.h
 create mode 100644 src/prelude-correlator.c

commit e97bb55961f2450538f36c46011b8046b1ceb72b
Author: Yoann Vandoorselaere <yoann.v@prelude-ids.com>
Date:   2006-04-27

    prelude-correlator module.
