OSSEC changelog (3.5.0) scott@atomicorp.com

Release Maintainers

Dan Parriott Scott R. Shinn (http://www.atomicorp.com) Dominik Lisiak

Contributors on this release

• (@atomicturtle) Scott Shinn - Maintainer
• (@ddpbsd) Dan Parriot - Maintainer
• (@drsjb80) Steve Beaty - Community
• (@sempervictus) Boris Lukashev - Community

Release notes:

This would have been a minor 3.4.1 update if it wasnt for Boris Lukashev of https://www.sempervictus.com contributing a much needed update to multi-line log analysis. Previous usage of multi-line in OSSEC in the past was limited in processing events that did not use indentiation, a fairly common modern practice for readability. This update adds a new type: multi-line_indented to handle this condition (Example: postgresql).

Maintenance fixes in this release also address issue #1781, which affected maild when calling an external program, and add support for Fedora 31

Whats New:

• (@atomicturtle) - Fedora 31 Support
• (@sempervictus) - Implement multi-line collection for indented logs #1780
• (@drsjb80) - Added authentication log file location for debian-based systems #1784

General

• (@ddpbsd) - Fix for Issue #1781, corrects issues with program sending mail