2004-02-05 : long time since last "ChangeLog" update but lots of things changed
  - GD back-end is now deprecated (but still present).
	use PS (ghostscript) now for better graphs
  - HeartBeat parameters are now configurable in the config file
  - CGI.pm is used instead of old cgi-lib.pl
  - General code/style clean-up everywhere
  - PDF report generation (via command line, not from piwi web interface)
  - TimeZone is now auto-detected if not set in the config file
  - many more thing i have forgotten and i am too lazy to gather from CVS commits

2003-12-19 :
  - create piwi-0-8 branch for current stable release (HEAD for libpreludedb based piwi)

2003-12-05 :
  - Classes/BaseObject/Criteria/Filter.pm :
  - Filters.pl :
	fix a bug that added CreateTime to a custom filter
	new property for a Criteria, could be temporary (never stored in .flt)
	fixed some code indentation

2003-12-03 :
  - Classes/Statistics.pm :
	display_png() now returns 0 on error
	keep Statistic->Label() when creating PS based image
  - Functions/ps.pl :
	postscript() now returns 0 on error, 1 on success
  - Stats.pl :
	only require GD perl module if GD back-end is chosen
  - generated/Filters/invalid filter.flt :
	removed as it was filling error log with useless SQL errors

2003-10-21 : (Functions/Filtered_Links.pl)
  - Classification.* and Impact.* are facultative so avoid a warning when they are not present

2003-10-21 : (Functions/_AlertDetails.pl)
  - Cut ASCII PayLoad dump better (and avoid cutting <br> in the half)

2003-10-19 : (Templates/piechart.ps, Functions/ps.pl)
  - Remove a second definition of the 'comment' postscript function which was unsused
  - Fix a bug on histograms in stats : value draw on bar where not on the right Y value (plain value instead of percent)

2003-10-16 : (Templates/AlertList_Filters)
  - to select a radio HTML element, we have to use 'checked', not 'selected' : found by James Horvat

2003-10-15 : (Classes/Statistic.pm, Templates/*.ps, Functions/ps.pl, TopAttackers.pl, Templates/TopAttackers_Filters)
  - implemented vbar histogram PS back-end, on by default in Stats
  - 'Source only' by default in TopAttackers.pl

2003-10-12 : (Stats.pl, Classes/Statistic.pm)
  - Start cleaning graph generation
  - implemented pie-chart PS back-end, on by default

2003-10-11 : (TopAttack*s.pl, Templates/TopAttack*s*, prelude-ids.ps)
  - replace Templates/TopAttack*s.ps files by a single piechart.ps
  - move prelude-ids.ps common PS to Templates/ directory

2003-10-09 : (TopAttack*s.pl, Templates/TopAttack*s*, Functions/ps.pl)
  - Finish PS back-end for TopAttacks
  - Rewrite TopAttackers, separating data extraction from display
  - We now have 3 back-end (HTML, PS, GD) for TopAttacks and TopAttackers
  
    for know, changing back-end by hand, using ?backend=HTML or =PS or =GD

2003-09-25 : (Templates/AlertDetails, Functions/_AlertDetails.pl, Functions/Sensor_Tree.pl, HeartBeat.pl)
  - Handle NULL values as they are no more quoted in new prelude versions

2003-09-24 : (Classes/User.pm, Functions/install_tests.pl)
  - Now dies when it is not able to read the Profiles/USERNAME.user file (apache not able to read it)
  - Add a test to index.pl and test/index.pl to check file permissions on Profiles/ directory

2003-09-23 : (Classes/User.pm, Docs/Gentoo/*)
  - Now display both current IP and USERNAME.user IP when then do not match (for debugging purpose)
  - Add CVS ebuilds for prelude and piwi (were removed from Portage)

2003-09-18 : (TopAttackers.pl, TopAttacks.pl, Functions/pie.pl, Functions/ps.pl, Docs/INSTALL-gentoo.txt)
  - Add preliminary postscript back-end to TopAttacks.pl (use ?backend=PS)
  - Add preliminary gentoo specific installation instructions

2003-09-12 : (Classes/User.pm)
  - Add UserName parsing when using some SSL/LDAP/Certificates to login
      Code contributed by Olaf Gellert (Thanks guy)

2003-09-04 : (Templates/AlertDetails)
  - Bug in external link generation
      Fixed by Nicolas Delon

2003-07-28 : (Functions/_AlertDetails.pl, AlertDetails.pl)
  - Yoann changed AlertDetail.pl layout

2003-07-23 :
  - DBD::mysql 2.9002 won't work with piwi, i'm working on it
      http://rt.cpan.org/NoAuth/Bug.html?ShowHeaders=3016&id=3016
  - changed the $sth->execute(x,y); syntax for :
       $sth->bind_param(1,x, {TYPE => DBI::SQL_INTEGER });
       $sth->bind_param(2,y, {TYPE => DBI::SQL_INTEGER });
       $sth->execute();
  - started integrating sensor-tree (see Sensor_Tree.pl) into Filters.pl

2003-06-16 : v0.8.0.0
  - Yoann added some information to AlertList page and changed layout a bit
  - Thanks to Landmir, we're now able to sort by timestamp while grouping

2003-06-08 :
  - HeartBeat page now looks better under IE (only tested under Mozilla before)
  - HeartBeat page auto-refreshes itself, see $conf{'refresh'} in config. file (same as for AlertList/Filters.pl page)
  - Until i rewrite AUTH from scratch, index.pl page would directly redirect to Filters.pl page (i does nothing but disturbing people for now)
  - Nb Results by page was not kept when filtering after grouping (nb_resbypage overriden by nb_resbygroup), fixed
  - index.pl page now check for current configuration, redirects to Filters.pl if OK but on test/index.pl on failure (misconfiguration/installation problem)

2003-06-07 :
  - new HeartBeat / Sensor status page. replaces the old one which was pure crap (and not very usable)
    see new HeartBeat.pl file

2003-06-05 :
  - added a new configuration option : GMTdiff (difference from GMT to LocalTime, used for AlertList display and upcoming new HeartBeat page)
     was first requested by Patrick Erler, a long time ago

2003-06-04 : the "group me crazy" release
  - complete rewrite of the grouping functions.
    should now be faster
    could now navigate between pages while grouping
    could also group by Impact.severity, Analyzer.model, Analyzer.analyzerid and Target Address
    ... more to come
  - new configuration options (to change default element nb per page)

2003-06-03 :
  - changed piwi graphical style a bit.
    New theme by Orlin DAMYANOV from GrandLink Network (grandlink.org)

2003-05-27 :
  - display CreateTime instead of DetectTime when DetectTime is missing (optionnal field)

2003-05-23 :
  - changed the way alerts with multiple Classification objects are handled (problem seen with patched snort as the sensor)

2003-05-21 :
  - add some tests in Stats.pl page on 'From' and 'To' parameters format

2003-05-20 :
  - IPv6 addresses could also contain some '.', when using IPv4 compat. addresses. so, changed regexs in rules.pl

2003-05-14 :
  - script extension was hardcoded in index.pl (dummy auth page) fixed
      bug reported by girona (uses fnord as web server, so CGI=.cgi only)
      same for several other pages

  - add some tips to rules.pl (LML ruleset builder)
  - use \w instead of [A-Za-z\d] in rules

2003-04-26 :
  - integrated external processing code from Olaf GELLERT

2003-04-25 :
  - in packet view, some field were not visible (white on white)
    => changed hard-coded colors into a new style in .css file
    YEP, same changelog entry as 2003-03-26 (i forgot UDP packets)
  - added Attack Type number and Target number collumns to TopAttackers page (mainly to test my attacker scoring routines)
  - fixed Payload Hexa+ASCII Dump display when it contained HTML (AlertDetails*.pl)
  - remove a duplicated function

2003-04-24 :
  - support IPv4 DF (Don't Fragment) flag in AlertDetails/packet view
  - provide defaults for dbhost (localhost), dbname (prelude), dbuser (prelude)
  - add a check for GD::Graph in HeartBeat page (do not display graph if module missing)
  - add an INSTALLATION TEST PAGE (/test/index.pl) that would tell you what is wrong

2003-04-23 :
  - mark perl module Date::Calc as mandatory
  - now checks for GD::Graph in Stats.pl page
  - refine error messages : divide it in 2 categories : debug & error. debug are displayed only when debug=1 in config file. error are always displayed.
  - now complains on the screen if there is a problem connecting to the DB (mostly a misconfiguration in Functions/config.pl)

2003-04-21 :
  - seems PostgreSQL users have reasons to hate me : "ERROR:  Argument of AND must be type boolean, not type integer". fixed
  - other Pg specific bug in HeartBeat page. partially fixed. it displays the page at least (internal server error before)
  - a bunch of code clean-up everywhere but nothing to notice on user side

2003-03-26 :
  - in packet view, some field were not visible (white on white)
    => changed hard-coded colors into a new style in .css file

2003-03-21 :
  - fix TopAttack*s crash bug

2003-03-03 :
  - added current page number. requested by Guillaume LEHMANN

2003-02-12 :
  - seems latest release was for perl 5.8 users only. fixed it

2003-02-08 :
  - massive library reorganization
  - two people using the same username won't make conflicting Temp files anymore

2003-02-07
  - Start of the new Login dialog. (type anything in log & pass for now)
  - now won't complain if you haven't got GD::Graph or GD::Graph3d in Statistics

2003-02-06 :
  - massive HTML code clean-up

2003-02-05 :
  - code fusion everywhere. index.pl now redirects to Filters.pl
  - graph label bug (in statistics) is fixed (labels are back)

2003-02-04 :
  - more code cleanup
  - basic sorting for grouping aware views (index.pl & Filters.pl)

2003-02-03 :
  - fixed some nasty name-space bugs with mod_perl that came with yesterday big release.
     if still problems with mod_perl, please switch to CGI mode until fixed
  - now use modules 'strict' and 'warnings' everywhere

2003-02-02 :
  - name resolution could be turned off (see config.pl)
  - no more send your page as Referer header when external link
  - new cron job script to update ettercap DB files periodically
  - added some Grouping functions to index.pl page (CPU intensive)

2003-02-01 :
  - added first draft for User-Profiles. only access restricted by IP for now
      for more info, read Docs/user_file_format.txt and Profiles/guest.user
  - added time-based statistics to Filters.pl page for stored filters (.flt)
  - more info extracted from IP headers in packet view
  - possibility to delete alerts by filter if User-Profile allows it

2003-01-31 :
  - added ethernet card vendor lookup code from Laurent Oudot (see packet view)

2003-01-30 :
  - code is now in CVS
  - Yoann and girona identified a bug with debian perl ("Inappropriate ioctl for device" on open ). fixed
  - Yoann corrected some bugs in my code in HeartBeat.pl

2003-01-29 :
  - started working on user-profiles/management
  - avoid an image caching artefact in TopAttackers

2003-01-28 :
  - new page : Heart Beat, see if sensors are alive or not (for Yoann)
  - corrected Heart Beat graph, newer heartbeat on the right
  - TopAttackers page now show Sources (Attackers) by Default

2003-01-25 :
  - bug-fixes :
     - filters could not be saved
     - page navigation was not working anymore in Filters view
     - gave 2 data series to pie chart in TopAttack[er]s (1 only displayed)
     - do not display table header any more if no data in table
  - stats not yet an official feature, please be patient and you'll be happy

2003-01-24 :
  - still some code clean-up
  - started working on time-based statistics. more to say later

2003-01-23 :
  - major filter code rewrite. bugs arround, better wait one day or two.

2003-01-22 :
  - now encodes < and > in packet PayLoad to avoid included text to be interpreted (for Alexandre Laffont)
  - one more new view for AlertDetails. this time, it is packet view (who said useless ?)
      fields not yet extracted are in red

2003-01-21 :
  - did not realise that my error_log was full of warnings. little less now
  - changed archive format to .tar.gz (to make toady happy ;) )
  - display every Classification.name in Alert lists, not only first (for Voisin)
  - some code clean-up in db.pl (remove lots of ugly 'if')

2003-01-20 :
  - to ease IDMEF understanding, there is now a new way to see AlertDetails.
     In AlertDetails.pl page, click "See plain XML version" and enjoy IDMEF
  - added a refresh on AlertList. associated configuration directive is $conf{'refresh'} => Eric Belhomme (fr.comp.securite)
  - a new layout for AlertLists. one alert per line (3 lines per alert before) and more info. => $conf{'AlertList_style'}

2003-01-19 : ("PostgreSQL also exists but my Front-End did not run with it" edition)
  - added 'dbport' configuration option, if your DB server is not listening to its default port (3306 for mysql)
  - added 'extension' config. option for those that want scripts to have another extension (.pl as default)
  - workaround for several PostgreSQL problems (connection string and LIMIT syntax, TopAttackers GROUP BY thanks to krzyzstof)
  - do not display anymore 'Source/Target' column in TopAttackers.pl if we only display Sources or only Targets
  - changed all 'Cnt' aliases in queries (TopAttackers & TopAttack) because DBD::Pg
      is buggy and returns 'cnt' (in lower-case) as field name => DBD::Pg bug
  - changed extra/nsr2flt.pl to put REPORT entries in red as those are security holes. (INFO entries do not change)

2003-01-18 :
  - finished the nsr2flt script. (generates filters based on a nessus report)
     usage : perl extra/nsr2flt.pl nessus_report.nsr generated/Filters/
       (idea taken from Laurent Oudot's nessus correlation scripts)
  - made filter comments multiline (needed for nessus comments)
  - implemented the Front-End part of 'passive source machine OS fingerprint lookup'
     this needs a version of Prelude not yet released (patched by Laurent Oudot, not yet in CVS)
     that would store the attacker OS fingerprint in a new AdditionalData field

2003-01-17 :
  - improved the LML .rules factory with some 'meta' : just place $PORT, $PID, $IP, $HOSTNAME and it would replace them with their regex equivalent
  - did a command line equivalent (extra/transform.pl) => requested by Vincent Glaume
  - added the 'M' operator (and counterpart !M) to FilterFactory. use '%' as a wildcard

2003-01-16 :
  - updated the ssh .rules file to add informations that were in the log but not in prelude stored data

2003-01-15a :
  - got rid of every 'local $::var' declarations and added some 'undef $var'. should remove most mod_perl caching problems 
      (under Apache::PerlRun, still problems with Apache::Registry)
  - when a filter is not valid (generates bad SQL), don't try to display results and only allow edition or deletion
  - a new tool is born : LML regex tester. just click on '*' in the Link bar

2003-01-15 :
  - some work to ease templating in AlertList and AlertDetails
  - display service name if known, next to tcp/udp port on AlertList
  - display 'unknown' instead of nothing when source/target address is not known
  - correlation on TCP/UDP port (just click a port number)
  - correlation for Classification.name, Source/Target Address/Port, Impact.severity, Service.protocol now also possible from AlertDetails page
  - seems operator > and < were not working => fixed

2003-01-13 :
  - new documentation about the filter file format : Docs/flt_file_format.txt
  - crontab/cleanup_db.pl now display an 'usage' message when miss-used
  - warn user to change the chwon line in INSTALL.txt if apache user isn't nobody.nobody
  - added a BUGS.txt in Docs directory
  - marqued Apache::DBI as optional in INSTALL.txt when using mod_perl

2003-01-12 :
  - you can now delete alerts from the DB using filters : (yep, those .flt files generated by the 'Filter Factory')
     $perl crontab/cleanup_db.pl generated/Filters/ICMP.flt

     a) this script is intended to be used from a cron job or by hand !!!
     b) you can use it with several .flt at a time (for batch cleanup)
     c) deleting is known to be sslllooowwww, it can't be sped up (not much at least)

  - added number of alerts/attacks per filter on "Filter Factory" page
  - changed AlertList presentation a bit.
  - Payload Hexadecimal Dump was really badly displayed because of non-proportional font => fixed + added an ASCII only version (thanks docelic)
  - in AlertList and Filters, clicking the attack name (Classification.name) now displays a filter based on this name.
      => same system for Source & Target Address
      => also added this to TopAttackers & TopAttack views
  - make use of DBI quote method, should be safer. also encodes URL a little (to avoid spaces and other chars that would break URLs)
  - allow negation in filter formula "(A AND !B)" or "NOT (A AND B)"

2003-01-11 :
  - custom Filter view now allow multi-criteria filters
  - added a Filter list in the link bar, on top of every page for quick access
  - possibility to add/concat filters together to make a new one (requested by krzysztof)
  - some interface clean-up

2003-01-10 :
  - added a new filter to TopAttackers, to choose Source/Target/Both
  - added cleanup_db.pl in ./crontab/ to help deleting false positives
  - added png_gen_test.pl in ./test/ to test image generation from browser
  - remove '-Tw' and 'use strict;' from perl script to avoid too much warnings
  - added a custom Filter view (would evolve in the future)
  - now display IP address instead of 'n/a' in graphic when non-resolved

2003-01-09 :
  - take real informations for AdditionalData in AlertDetail (girona)
  - added a config option $::debug => toggles perl debug on screen
  - move all config. directive from $::XXX to $conf{'XXX'} -> cleaner (docelic)
  - if GD::Graph was missing, displayed static PNG in TopAttackers -> fixed (girona)
  - now warns the user when it can't generate graphs because of improper rights on image directory (girona)
  - now warns when libgd was compiled without freetype support

2003-01-08 : Initial public release
