See ChangeLog for the complete change list. Release 0.45 on 2006-09-28: Bug Fixes: - FIX: Tk 804.027 says labelPack takes "-side", not "side" - FIX: Tk 804.027 doesn't validate dests correctly; validation changed - FIX: Tk 804.027 gives annoying warning about Tk::Pane - FIX: Tk 804.027 has wrong size for misc configurables - core: deal with hostname that ends in .localdomain New Features: - gui mode: find, clear find - gui mode: select by criteria - gui mode: status indication for total and unknown events - gui mode: help|about log_analysis Miscellaneous pattern and config updates Release 0.44 on 2006-09-20: INCOMPATIBLE CHANGES: - no more gui_mode_configuration_disabled or gui_mode_ignore_disabled - using the "gui_mode_config_savelocal" option will not recognize local modifications made from earlier versions of log_analysis. Be careful! Bug fixes: - FIX: hang when a log starts with two LASTs (Dénes Ferenc Laborc) - FIX: perform variable substitution for preprocessor directives - FIX: @@warn and all other processor directives should obey @@if - FIX: gui mode: removing selected entries didn't update select count - FIX: pat{port} should require a minimum of one digit New features: - GUI pattern editing, complete with regex suggester. - delete_if_unique: can be used to reduce garbage during a scan. - various new report modes for loghost/logserver scenarios see: report_mode_combine_nodes, report_mode_combine_shows_nodes, report_mode_combine_is_partway - gui mode config save can save only "locally" changed items - gui mode config save can automatically check-in config to RCS - set nodename, osname, and osrelease from uname(2) instead of uname(1) - gui mode: select all, select unknowns, select knowns, unselect all - gui mode: hide selected, hide unselected, unhide all - gui mode: selection count and hidden count on status bar - gui mode: gui_mode_configure_disabled to prevent users from config changes - gui_mode_configure_deny_users gui_mode_configure_deny_groups - gui_mode_configure_allow_users gui_mode_configure_allow_groups - core: add support for "prepend var" and "prepend arr" (Ade Rixon) - remove Solaris 8+ msgids (Ade Rixon) - core: @ifos to test for OS name - core: add support for memory_size_command as part of footer - new pats: anything whitespace ssh_id - variables for suppress_footer and suppress_commands - deal with multi-line sendmail messages by including the first line - -I eval:$type - gui mode: pause button and pause menu item - core: "nowarn" in config to disable certain config warnings Miscellaneous pattern and config updates Release 0.43 on 2005-08-04: New features: - have -U print out unknowns as the script runs - new pats: hex, mac, mail_address - support for bz2-compressed files Miscellaneous pattern and config updates Release 0.42 on 2003-04-02: Incompatible changes: - dests may no longer contain backslash. Bug fixes: - FIX: other_host_message and derived categories were broken - FIX: perl 5.8.0 warning - FIX: multiple dests gives a warning - FIX: error rather than weird warning if unknown type for -t - FIX: daylight savings bug near midnight if -d cross daylight savings - FIX: gui mode: beep for second event - FIX: gui mode: "dest" should be saved last - FIX: gui mode: view event config sometimes causes a hang on exit New features: - action: keep_open - new internal logtype: plain - add scan detection to internal config - report_mode_output_node_per_category - real_mode_no_actions_unless_is_daemon - dest_delete: remove a dest from pattern - daemon mode, daemon_mode, daemon_mode_pid_file - daemon mode: daemon_mode_foreground - gui mode: autosave menu option under file - gui mode: resize buttons for hlists - gui mode: misc configurables: initial support - gui mode: misc configurables - gui mode: gui_mode_configuration_disabled - gui mode: gui_mode_ignore_disabled - gui_mode: gui_mode_event_config: configure selected event - gui mode: bound to default action Release 0.41 on 2002-04-08: Bug fixes: - FIX: days_ago doesn't always get loaded properly from config - FIX: remove a couple of perl5.6isms for 5.00503 support - FIX: corrupted patterns: pat{host}/g should be pat{host} - FIX: add var was acting like set var - FIX: real/gui mode: log lines not yet terminated by newline - FIX: real/gui mode: real mode doesn't handle compressed files right - FIX: real/gui mode: fseek/seek - FIX: gui mode: "nested" events aren't printed by print_event_tree - FIX: gui mode: deep recursion in gui mode - FIX: gui mode: dynamically grab GUI selections for print and save - FIX: gui mode: updates to count should have color - FIX: gui mode: alt-q exits with non-zero exit code - FIX: gui mode: -g -I evals dies early New features: - priority, ignore, ie: priority: IGNORE - event config, ie: event: match category: user logged in match data: eviluser color: red event: match hostname: annoyingverbosehost priority: IGNORE - color, description, do_action, and priority also in dest, ie: pattern: user ($pat{user}) logged in color: red description: user logged in to the hostname indicated do_action: mail-admin priority: IGNORE format: $1 dest: user logged in - -D: define preprocessor directives - -F: use minimal config - -i: suppress (most) default includes - -t: type force; type_force config variable - real/gui mode: keep_all_raw_logs to keep all raw logs in %A - real/gui mode: open_command_is_continuous: for tail -f, tcpdump, etc. - real/gui mode: make open_command and decompression_rules work - gui mode: view event config - gui mode: more ignore options - gui mode: savable user config - gui mode: no backlogs - gui mode: gui_mode_config_autosave, gui_mode_config_file - gui mode: select all - gui mode: gui filter support for print and save - gui mode: view raw logs Release 0.40 on 2002-03-25: Bug fixes: - FIX: gui mode sometimes dies with errors about seek - FIX: temp file is sometimes deleted before it's read New features: - real mode: do_action, to run an action (ie. page admin, mail admin) when an event is seen - gui mode: print events (all or selected) - gui mode: save events (all or selected) - action: use_pipe, to send the event to the action on stdin - action: throttle, to not run an action (ie. page admin) more often than specified - configurable pattern space $pat{name}, ie. $pat{ip} - gui mode: ignore (for now, just category + data) - gui mode: save selected events - all places where tag substitution occurs now support \n, \t, \\ Release 0.39 on 2002-03-15: Bug fixes: - FIX: wtmp.gz stopped working New features: - -g for a primitive gui mode (requires Tk). - real mode color support - real_mode_output_format now takes %R for the raw log line - action config: action:, command:, window:, window_command - login config: default_login_action, login_action - -I actions, -I colors Release 0.38 on 2001-07-16: Incompatible changes: - date_format defaults to %Y_%m_%d - -o no longer also outputs to standard out. Add -O for the old behavior. - config_version is now mandatory New features: - per-category config - output filters (per-category and default) - more sorting options (per-category and default) - derived category support - new "UNIQUE" pattern destination class - @@error and @@warn preprocessor directives - filename_ignore_patterns: patterns of filenames to ignore when including dirs - allow simple days-ago in a range (ie. -d7-1 for last week's logs). Release 0.37 on 2002-06-29: Incompatible changes: - the new default sort is "funky". This takes somewhat longer for large data sets, but it handles numbers and IPs much better. - "end" has been replaced with "@@end" (because of the preprocessor.) New features: - -r: real mode: continuous, tail -f style output - real mode log rollover detection - new variables real_mode_sleep_interval, real_mode_check_interval - funky sort: sort numbers separately to handle IP address better - new global variable: default_sort. Can be set to string, funky, or numeric, defaults to funky - real_output_format: new global for the output in real_mode - field widths (optional) for tags (ie. %10n, %-10n) - preprocessor directives a la aide: @@define, @@undef, @@ifdef, @@ifndef, @@ifhost, @@else, @@endif, @@ifhost, @@{VAR} - implement and allow: -d range with -a - new required config variable: output_message_all_days_in_range - -I patterns - -I help - -I log_types Release 0.36 on 2001-03-15: Incompatible changes: - change -F to -I internal_config - change -D to -I evals Bug fixes: - FIX: syslog server with exactly one logging host and none of its own log messages doesn't get noticed as multiple hosts - FIX: 3rd field in raw_rules defined as false should not be an error New features: - -I log_files: show actual log files to be parsed - -I config_versions - file_version: declares the file version for config files - support for a range of days, ie. -d 2001_02_01-2001_02_28 - -I categories: list all categories (ie. from configs and implicit) - pipe_decompress_to_open: don't use a tempfile - domain: allow either manual setting, or use /etc/resolv.conf domain - localize hostnames/nodenames relative to domain - leave_FQDNs_alone: don't localize hostnames/nodenames - Support for -d as absolute date, ie. 2001_03_02 For older News, see the Changelog.