Change log for LogESP
- systemd daemon scripts for logespd, logesp-uwsgi
- Default search window is 1 day for log events, 7 for rule events
- Log event db index for
parsed_atfield - Rule event db index for
date_stampfield
- Django version vulnerabilities
- Hang on shutdown due to uwsgi not exiting properly
- Rule efficiency tweaks, rules no longer run every minute if not fired
- More security in default nginx setup
make updatereloads uwsgi properly- UI color scheme is easier to look at (based on xterm-256color/vim)
- Inline documentation in SIEM templates
- Inline documentation in Risk form templates
- Inline documentation in Asset form templates
- Package vendor, more IPs to software assets
- Block/allow lists for limit rules (match lists)
- Dead process rule option for limit rules (
reverse_logicattribute)
make updatereboot option- Recurring parser DB errors
- Parser threads now successfully update themselves
- Many filters to limit rules
- Parse helper types for simpler config updates
- Event fields for netflows, web server logs, and more
- Email alerts for rules
- Password change pages
- Sanity check for entry field lengths, etc.
- Documentation
logespscript for controlling daemonshostname,domain_name, and IP addresses to sw assets
- Improved risk management workflows
- Split username field into
source_user,target_user - Improved event search (more fields, better formatting)
- Limit rules only sleep ~60s after not firing
- Rule types are now modular
- Parse helpers now work if parser fails
- Daemon thread errors are logged to LOG_DAEMON
- Parser and sentry can now be run separately (distributed environments)
- Rule events now track source/dest host count
- Rules and searches use more regular expressions
- logesp daemon runs without privileges
- Parser threads re-read parsers/helpers every 6,000 events or 10 minutes
log_sourceandsource_processcan be set inconfig/parser.conf
- Helper logic for single-field parse helpers
- First test release