Release Notes: The Portsentry regexp has been modified slightly to pickup unknown/illegal scan types. There is a check for iptables whether the protocol value is valid or not.
Release Notes: Fixes to timestamps for Sonic Wall log files and erroneous destruction of the ServerConnection object.
Release Notes: No longer forcing connection closure for filtered events, and a fix for a bug when deal with address exchanging.
Release Notes: Support for NetBSD ipfilter and NetScreen firewall logs, breaking out some of the code into Perl object modules for handling Event, Log, and Filter storage, implementing HTTP keepalives to provide a robust upload mechanism, recoded dequeue logic, and new event stack thresholds.
Release Notes: This release no longer uses the 'chain' concept with iptables, which proved to be too much of a hassle. It uses GMT offset with date/time decoding fallback. The source port is passed to the mNW server.
Release Notes: The regular expression for iptables, which was not catching packets without a MAC address, has been fixed.
Release Notes: This release adds support for the NetBSD ipfilter/ipmon firewall combination. There is a minor bugfix for when a user used the default location for the firewall log (the client wouldn't run).
Release Notes: A major code cleanup, multiple log support, support for standard spo_csv (snort) format and a modified version (which supports SIDs), database functionality in the client (user can store attacks into a local database), improved performance of WatchBlock by dropping usage of dbm, and a new logrotate configuration file.
Release Notes: Uploading of snort ID tags (requires a modified csv plugin and recompile of snort), additional logic to try to determine a valid ICMP packet type for sonic walls, and adjustments for iptables disliking leading zeros on each octet of the IP address for the 'WatchBlock' firewalling hooks.
Release Notes: A bug where the client was not properly saving the last record across various log files was - which potentially causes the last record to be erroneously inserted for a syslog 'last message repeated' message - has been fixed.