pkg/33892: misc/logsurfer: updated version (1.6b) is available

[svs+pr%grep.ru@localhost]

>Number:         33892
>Category:       pkg
>Synopsis:       misc/logsurfer: updated version (1.6b) is available
>Confidential:   no
>Severity:       non-critical
>Priority:       medium
>Responsible:    pkg-manager
>State:          open
>Class:          change-request
>Submitter-Id:   net
>Arrival-Date:   Sat Jul 01 18:55:00 +0000 2006
>Originator:     Sergey Svishchev
>Release:        
>Organization:
>Environment:
>Description:
>From http://www.crypt.gen.nz/logsurfer/ :

Logsurfer+ is a branched version of the standard Logsurfer package from 
DFN-CERT, it has been modified to add a few features to improve what can be 
done with it. The following is a list of Logsurfer+ 1.6 features which are in 
addition to the standard Logsurfer 1.5 release:

* An optional parameter at the end of context definitions ( just before action 
) specifying the minimum number of lines collected which needs to be satisfied 
before performing the action. This min_lines argument can be used for detecting 
events such as firewall attacks where we are only interested in events which 
generate more than x log entries ( like packet drops from a single source IP 
address ).

* Added -t command line option to explicity timeout contexts when exiting, 
therefore running the action for all contexts. The default is off, so contexts 
don't all trigger their actions when logsurfer is shut down.

* Changed context rule execution so that we only store lines in a context if 
the context has an action of 'pipe' or 'report'. In other words, don't store 
lines in memory which won't ever be used. The number of matching lines in the 
context is still incremented. This allows contexts to be created which can 
notify if we don't see an event, such as regular "syslog pings" from hosts.
>How-To-Repeat:

>Fix:
http://www.crypt.gen.nz/logsurfer/logsurfer-15b-16b.patch