update: sysutils/sec

classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|

update: sysutils/sec

Okan Demirmen
Update to 2.8.0 release.

Changelog:

  * added support for dynamic input files, and 'addinput' and 'dropinput'
    actions for managing dynamic inputs.
  * added support for signal emulation and 'sigemul' action.
  * added support for 'setltime' action.
  * starting from this version, the 'lcall' action supports the :>
  * operator.
  * added support for $+{_intcontext} match variable.
  * improved input file rotation handling.
  * improved action list parsing.
  * bugfixes for 'setwpos' action.
  * added support for creating dump files in JSON format, and
    the --dumpfjson and --nodumpfjson command line options.

Note JSON is optional, thus I'm keeping it out as a dependency.

OK?

Thanks,
Okan

Index: Makefile
===================================================================
RCS file: /home/open/cvs/ports/sysutils/sec/Makefile,v
retrieving revision 1.31
diff -u -p -r1.31 Makefile
--- Makefile 19 Dec 2017 14:14:27 -0000 1.31
+++ Makefile 31 Aug 2018 12:18:05 -0000
@@ -2,7 +2,7 @@
 
 COMMENT= simple event correlator
 
-V= 2.7.12
+V= 2.8.0
 DISTNAME= sec-${V}
 CATEGORIES= sysutils
 MASTER_SITES= https://github.com/simple-evcorr/sec/releases/download/${V}/
Index: distinfo
===================================================================
RCS file: /home/open/cvs/ports/sysutils/sec/distinfo,v
retrieving revision 1.26
diff -u -p -r1.26 distinfo
--- distinfo 19 Dec 2017 14:14:27 -0000 1.26
+++ distinfo 31 Aug 2018 12:18:09 -0000
@@ -1,2 +1,2 @@
-SHA256 (sec-2.7.12.tar.gz) = SrGfDpSZoHHB4H3d1FP6rSzeXn3i/xh/Dq+y0qYVqjg=
-SIZE (sec-2.7.12.tar.gz) = 134197
+SHA256 (sec-2.8.0.tar.gz) = v/qpeY1JWuuMFzdCDAPYdnUyqyaFFTeJ8hJYAOeELmE=
+SIZE (sec-2.8.0.tar.gz) = 143621

Reply | Threaded
Open this post in threaded view
|

Re: update: sysutils/sec

Stuart Henderson
On 2018/08/31 08:26, Okan Demirmen wrote:
> Update to 2.8.0 release.

>   * added support for creating dump files in JSON format, and
>     the --dumpfjson and --nodumpfjson command line options.
>
> Note JSON is optional, thus I'm keeping it out as a dependency.

Do you think it's worth mentioning p5-JSON in DESCR?

OK either way.

Reply | Threaded
Open this post in threaded view
|

Re: update: sysutils/sec

Okan Demirmen
On Tue 2018.09.04 at 11:30 +0100, Stuart Henderson wrote:
> On 2018/08/31 08:26, Okan Demirmen wrote:
> > Update to 2.8.0 release.
>
> >   * added support for creating dump files in JSON format, and
> >     the --dumpfjson and --nodumpfjson command line options.
> >
> > Note JSON is optional, thus I'm keeping it out as a dependency.
>
> Do you think it's worth mentioning p5-JSON in DESCR?

Good idea; in fact the DESCR is a bit old, so here's a complete diff
which updates that too.
 
Work OK?

Thanks!
 
Index: Makefile
===================================================================
RCS file: /home/open/cvs/ports/sysutils/sec/Makefile,v
retrieving revision 1.31
diff -u -p -r1.31 Makefile
--- Makefile 19 Dec 2017 14:14:27 -0000 1.31
+++ Makefile 31 Aug 2018 12:18:05 -0000
@@ -2,7 +2,7 @@
 
 COMMENT= simple event correlator
 
-V= 2.7.12
+V= 2.8.0
 DISTNAME= sec-${V}
 CATEGORIES= sysutils
 MASTER_SITES= https://github.com/simple-evcorr/sec/releases/download/${V}/
Index: distinfo
===================================================================
RCS file: /home/open/cvs/ports/sysutils/sec/distinfo,v
retrieving revision 1.26
diff -u -p -r1.26 distinfo
--- distinfo 19 Dec 2017 14:14:27 -0000 1.26
+++ distinfo 31 Aug 2018 12:18:09 -0000
@@ -1,2 +1,2 @@
-SHA256 (sec-2.7.12.tar.gz) = SrGfDpSZoHHB4H3d1FP6rSzeXn3i/xh/Dq+y0qYVqjg=
-SIZE (sec-2.7.12.tar.gz) = 134197
+SHA256 (sec-2.8.0.tar.gz) = v/qpeY1JWuuMFzdCDAPYdnUyqyaFFTeJ8hJYAOeELmE=
+SIZE (sec-2.8.0.tar.gz) = 143621
Index: pkg/DESCR
===================================================================
RCS file: /home/open/cvs/ports/sysutils/sec/pkg/DESCR,v
retrieving revision 1.2
diff -u -p -r1.2 DESCR
--- pkg/DESCR 5 Feb 2008 20:45:06 -0000 1.2
+++ pkg/DESCR 4 Sep 2018 11:55:51 -0000
@@ -1,13 +1,20 @@
-SEC is a free and platform independent event correlation tool that was
-designed to fill the gap between commercial event correlation systems
-and homegrown solutions that usually comprise of a few simple shell
-scripts.  SEC accepts input from regular files, named pipes, and
-standard input, making it suitable to employ with any application that
-is able to write its output to a file stream.  The SEC configuration is
-stored in text files as rules, each rule specifying an event matching
-condition, an action list, and optionally a Boolean expression whose
-truth value decides whether the rule can be applied at a given moment.
-Regular expressions are used for defining event matching conditions, and
-output events can be produced by executing user-specified shell scripts
-or programs (e.g., snmptrap or mail), by writing messages to pipes or
-files, and by various other means.
+SEC is an event correlation tool for advanced event processing which can be
+harnessed for event log monitoring, for network and security management, for
+fraud detection, and for any other task which involves event correlation. Event
+correlation is a procedure where a stream of events is processed, in order to
+detect (and act on) certain event groups that occur within predefined time
+windows. Unlike many other event correlation products which are heavyweight
+solutions, SEC is a lightweight and platform-independent event correlator which
+runs as a single process. The user can start it as a daemon, employ it in shell
+pipelines, execute it interactively in a terminal, run many SEC processes
+simultaneously for different tasks, and use it in a wide variety of other ways.
+
+SEC reads lines from files, named pipes, or standard input, matches the lines
+with patterns (like regular expressions or Perl subroutines) for recognizing
+input events, and correlates events according to the rules in its configuration
+file(s). SEC can produce output by executing external programs (e.g., snmptrap
+or mail), by writing to files, by sending data to TCP and UDP based servers, by
+calling precompiled Perl subroutines, etc.
+
+Note that the --dumpfjson option requires the presence of the Perl JSON module,
+available via the p5-JSON package.