$Id: ChangeLog 733 2013-05-23 14:04:42Z bw $

Version 1.4 2013-05-23
- Added IPv6 support to ipfilter parser
- Added rsyslog timestamp format (RFC5424) to netfilter parser
- Modified DNS forward resolution to only use same protocol as reverse
- Various small fixes in parsers and compiler warnings

Version 1.3 2011-11-11
- Added general IPv6 support, currently only the netfilter parser and dns
  cache make use of it
- Added DNS cache initialization with a hosts file
- Extended Cisco PIX/ASA parser, it also uses the dns cache now
- Various small fixes

Version 1.2 2010-10-10
- Extended netfilter and Cisco PIX/ASA parsers
- Removed interactive reporting mode
- Removed Windows XP firewall log parser
- Large amounts of fixes

Version 1.1 2006-04-17
- Several parser modifications triggered by log submissions
- Added GNU adns support
- Various small fixes

Version 1.0 2004-04-25
- Made status page interactive
- Added dynamic memory allocation and fixed memory leaks
- Added basic ipfw and fwsm support
- Added stateful start to realtime response mode
- Added command line option to set report title
- Added port number to -X option
- Added CIDR support for host inclusion/exclusion
- Created web page for submission of unrecognized entries
- Updated HTML DTD to XHTML 1.1
- Updated CSS and inverted the color scheme
- Small parser improvements
- Various small fixes

Version 0.9.3 2003-06-23
- Added inclusion/exclusion functions to the command line
- Added external stylesheet embedding in realtime response mode
- All html colors are done with css styles now
- Unified some output functions, small cleanups
- Small parser improvements
- Various small fixes

Version 0.9.2 2003-04-08
- Fixed problems with multiple input file support, whois resolver and
  status web server page reload

Version 0.9.1 2003-03-22
- Added multiple input file support
- Various small fixes

Version 0.9 2002-08-20
- Added NetScreen support
- Added basic PIX version 6 support to Cisco PIX parser
- Added Elsa Lancom support contributed by Mirko Zeibig
- Added -M (maximum) option as suggested by Bram Vandoren
- Added php frontend (rewrite of a script by Kyle Amon)
- Added IPv6 support to status web server
- Various small fixes

Version 0.8.1 2002-05-15
- Modified several output functions to improve portability

Version 0.8 2002-05-08
- Added Snort support
- Added support for sending summaries by email (-T option)
- Made zlib and gettext support compile time options (-V shows options used)
- Changes in the parsers and CIDR code
- Various small fixes

Version 0.7.1 2002-04-04
was not officially released

Version 0.7 2002-03-27
- Several realtime response improvements
- Added support for configuration changes while running
- Added support for include files in configuration files
- Status page can be sorted and supports the at_least option
- SIGUSR1 reopens the log file, SIGHUP rereads the configuration file
- Documentation was updated
- HTML output now mostly uses inline CSS for colors and fonts
- Added support for external stylesheets and basic HTML color names
- The default configuration file is not parsed anymore if an alternative
  configuration file is specified
- Rewrote parts of the ipfilter parser to support resolved IP addresses
  in logs
- Various small fixes

Version 0.6 2002-02-24
- Added chain and branch selection/exclusion options
- Added Windows XP firewall log parser
- Added option to drop privileges when running as daemon
- Added traditional chinese translation (the existing is simplified chinese)
- Various small fixes

Version 0.5.2 2002-01-27
- Added 'title' option: The title of the summary and the realtime
  response status page can be customized in the configuration file
- Added -e option: 'show end times', -t now only shows start times
- Added -N option: 'resolve service names' is a new option and off by
  default now
- Added swedish translation
- I18n adjustments, small fixes

Version 0.5.1 2001-11-18
- Various fixes: whois code, mode selection, endianness problems, realtime
  response with destination/port distinction, forward chain blocking for
  iptables, international encoding, portability
- Added chinese and portuguese translations

Version 0.5 2001-10-11
- Added internationalization support with german as first language
- Added support for input from stdin in all modes
- Added options to specify paths for notifications and response scripts
- Made the check for correct ipchains rules a config file option
- Modified realtime response reaction behaviour when attacker insists
- Added display of selected parser options in realtime response status page
- Added automatic refresh of realtime response status page
- FreeBSD portablility fixes
- Various small fixes

Version 0.4 2001-08-19
- Added whois information lookup
- Added sorting by end time
- Changed pid file handling
- Renamed and introduced new listen_to option (bind_to)
- Implemented SIGHUP handling (e.g. for log rotation)
- Updated CGI scripts
- Added init script for redhat linux
- Various small fixes

Version 0.3.1 2001-05-25
- Rewrote netfilter prefix parsing code
- Made long list/chain/branch/interface names the default
- Fixed a sorting stability problem
- OpenBSD portability changes
- Various small fixes

Version 0.3 2001-04-08
- Rewrote realtime response mode to use external scripts for notifications
  and responses
- Added a first version of Cisco PIX parser
- Added 'last message repeated' handling code
- Unrecognized text is now only displayed in verbose mode

Version 0.2.1 2001-03-09
- Added compressed input file support
- Added total packet length sum option
- Added support for long chain/branch/interface names
- Modified time output (summary shows times of packet log entries, log
  times mode shows times of all entries)
- Various small fixes and cleanups

Version 0.2 2001-02-10
- Added ipfilter support
- Added host and port selection/exclusion support
- Added support for parser selection
- Realtime response mode is available also in non-ipchains and non-root
  environments now
- Various small fixes

Version 0.1.3 2001-01-22
- Replaced the sorting algorithm with a stunningly fast linked list mergesort
- Added two more sorting modes
- Added PID file for realtime response mode
- Added CIDR notation support to known host feature

Version 0.1.2 2001-01-16
- Fixed some remaining problems in realtime response mode

Version 0.1.1 2001-01-12
- Various small fixes

Version 0.1 2001-01-07
- Rewrote IP Address handling code
- Small parser and output extensions
- Added mode collision detection
- Fixed time calculation problem and warp detection

Version 0.0.28 2000-12-26
- Rewrote ipchains parser (converted to flex)
- Added support for Cisco uptime log format

Version 0.0.27 2000-12-08
- Solaris portability patches
- Added at_least option

Version 0.0.26 2000-11-11
- Added basic Cisco support
- Various small fixes

Version 0.0.25 2000-11-06
- Added basic netfilter support
- Several internal optimizations
- Various small fixes

Version 0.0.24 2000-11-01
- Extended the man page and added some options to the command line that
  were available only in the configuration file
- Various fixes and code cleanups
- Improved web interface

Version 0.0.23 2000-10-27
- Colors of the HTML output can be changed in the configuration file
- Multiple actions can be combined in realtime response mode
- Added mail notification option to realtime response mode
- Added sort order options
- Added daemon status display through own web server

Version 0.0.22 2000-10-23
- Better sample configuration
- Improved CGI demos
- Various small fixes

Version 0.0.21 2000-10-22
- Initial public release
