lassie-announce Mailing List for DAD
Status: Beta
Brought to you by:
dshoelzer
You can subscribe to this list here.
2007 |
Jan
|
Feb
|
Mar
(5) |
Apr
(4) |
May
|
Jun
|
Jul
|
Aug
|
Sep
|
Oct
|
Nov
|
Dec
|
---|
From: Announcements f. t. D. s. <las...@li...> - 2007-04-27 00:11:06
|
If you are running the most current version of DAD (0.04 or higher) then you will want to obtain the latest copy of the scheduler from the SVN tree. This scheduler resolves the memory leak that was discovered on Monday. |
From: Announcements f. t. D. s. <las...@li...> - 2007-04-24 06:36:49
|
After the release of 0.04 yesterday we realized that the pointer to the newer PHP 5.2.1 created significant issues with the install process. This is a re-release of 0.04 with an updated installation script and installation instructions. It is critical that you read the RTF step by step in order to install DAD successfully. =20 |
From: Announcements f. t. D. s. <las...@li...> - 2007-04-22 14:54:57
|
DAD is now largely feature complete when it comes to log management. This is a major milestone. It means that you can do the following with DAD right now:=20 =20 *Aggregate and alert on Windows event logs=20 *Aggregate, carve and alert on Syslogs=20 *Carve arbitrary log file formats and alert on them=20 *Schedule arbitrary jobs to run periodically or persistently=20 *Edit carving rules online through the web interface=20 =20 =20 We strongly encourage everyone who is using DAD to update to this version ASAP so that we can shake out as many bugs as possible. As soon as everything appears to be stable we will migrate the Scheduler to a Windows service so that it will no longer be necessary to even log into the console of the DAD server. In fact, this will make the system resilient during reboots and patching as well.=20 =20 If you experience any problems, please let us know through the forums! The installation should go smoothly if you follow the directions carefully, but if you run into troubles please let us know how we can streamline the installation for you even more. |
From: Announcements f. t. D. s. <las...@li...> - 2007-04-12 22:23:45
|
Thanks to Jason Kiebzak for discovering a bug in the aggregator that prevented it from flushing out the insert queues even when there were no events currently pending. The repaired file has been pushed into the SVN tree. |
From: Announcements f. t. D. s. <las...@li...> - 2007-03-21 14:34:42
|
This morning we discovered a bug in the pruner. When copying events from the pruning table back into the events table, it could occur that an event would be selected by more than one pruning statement to remain in the table. The result of this is that the same event with a duplicate dad_sys_event_id was trying to be inserted into the table, at which point the pruner would break. The temporary fix for this is to allow the database to automatically renumber elements as they are inserted back into dad_sys_events. =20 WHAT DOES THIS MEAN FOR ME? What this means is that, yes, you should update your aggregator to the most current version in SVN. It also means that it can happen that you will find that pruning will produce some duplicate events. It also means that as the days go by, the number of duplicate events will increase. We are working on a more permanent solution which will involve gluing all of the pruning selects into a single INSERT...SELECT statement, but we wish to evaluate the performance impact on this since multiple selects of this type usually cause MySQL to ignore its indexes. |
From: Announcements f. t. D. s. <las...@li...> - 2007-03-18 17:47:57
|
The groomer appears to have been repaired in the SVN release. As a reminder, this is still considered to be at an Alpha level. =20 Overall the performance is quite good. At one test install site pruning against more than 20 million records only took fifteen minutes for the entire process. We will add an interface to the GUI to allow you to more easily manage the retention times of specific events in the future. =20 The SVN release has some significant bug fixes and feature additions for the SQL Query maintenance in the Log Analysis tab. The only two features outstanding are coupling of user security roles to queries and an "Update" feature to allow for easy editing of queries. |
From: Announcements f. t. D. s. <las...@li...> - 2007-03-16 18:26:01
|
Grooming has been reenabled. This is Alpha code of an EXTREME variety. It has only been through very basic testing and the code has very little tolerance for database issues. If a database error results, the groomer will immediately kill the aggregator and, provided you accept the changes here, the aggregator will NOT restart automatically so that we can track down any unforeseen issues. =20 If you install this version, PLEASE PLEASE PLEASE tell us about any issues that you experience. Also, please understand that you CAN LOSE EVENTS to this change. |
From: Announcements f. t. D. s. <las...@li...> - 2007-03-14 20:23:29
|
If you are interested in trying out the SVN version, we would appreciate any feedback or problem reports. The SVN push was made from a running DAD test server here at CyberDefense, so we know that it is functioning (though Alpha). The most notable addition is the ability to manage/configure systems to monitor through the "Maintenance" tab under the "Systems" option. =20 Please note that if you have a running DAD server already, you will need to import the new menu options out of the SQL starter data and add the appropriate tables from the schema file. In the future we will try to put together some sort of script to help to manage schema and database adjustments in more of an automatic fashion. |
From: Announcements f. t. D. s. <las...@li...> - 2007-03-14 19:40:26
|
Testing the list |