$Id: ChangeLog 684 2018-11-07 19:26:36Z bhockney $

Version 1.1.1 2018-11-08

- Add support for checksum fields for database logs for tcp, udp and icmp[v6].
- Use php strtotime instead of gnu getdate for time conversions for syslog.
- Conform to HTML 5, had used 4.01 transitional.
- Fix report summary to reflect correct included entries after aggregate criteria.
- Fix style sheet and move all css to sytle sheet.
- Fix missing date column on syslog reports in some configurations.
- Fix export report definition for data tables.
- Fix warning for null array with php>=7.2.
- Detect whether syslog parser is resolving geoip fields.
- Don't force geoip lookup with php for syslog unless geoip_php_lookup is set.
- Allow building of mysql ipv6 plugin without building syslog parser.
- Several minor html fixes.
- Move composer vendor directory outside main web tree.
- Build system updates.
- Documentation updates.
- Tweak report footer.
- Code cleanup.

Version 1.1.0 2016-08-05

- Add support for MaxMind geoip version 2 location databases.
- Add config option for postgresql join_collapse_limit for query planner.
- Use explicit semantic versioning.
- Drill-down on icmp type/code should only affect packets for v4 or v6 (syslog).
- Fix missing repeated lines (syslog).
- Fix problem with blank lines in logs (win_xp).
- Documentation updates.
- Tweak Makefile dependencies.
- Code cleanup.

Version 1.01 2014-10-31

- Configure: improve autodetect of build settings for database support.
- Configure: add knobs to specify database library and header directories.
- Explicity set AF_INET and AF_INET6 constants based on system values.
- Fix issues compiling under cygwin.

Version 1.00 2014-05-17

- Add support for ulogd version 2.
- Add support for snort database logs.
- Add support for Cisco IOS and Cisco PIX log formats (syslog).
- Add support for snort log files (syslog).
- Add support for netscreen log files (syslog).
- Add support for multiple table/view selection (database).
- Add IPv6 support for database logs, netfilter and ipfilter.
- Add support for RFC 5424 dates in netfilter log files.
- Add ip protocol number / name in ip headers section on packet detail page.
- Accept numeric criteria in binary notation (0b10010100)
- Output numeric fields in configurable format (decimal, hex, octal, binary).
- Substantial performance improvement with database logs.
- Only print fields on packet detail page where data exists.
- Only populate cache for fields appearing in report.
- Add option to populate cache for fields even when not in report.
- Work natively with postgresql inet column type.
- Implement php mysqli interface and use it when present.
- Test icmp_gateway column type separately from ip_saddr (database).
- For protocol-specific criteria/match, only check/display when relevant.
- Always use oob_time_sec when local_time does not exist (database).
- Add config parameter to set timezone if not set in php.ini (PHP >= 5.1).
- Sort blank source and destination port last for syslog (to match database).
- Fix matching by tcp options when not exact match (syslog).
- Fix parsing of ipfilter icmp code names.
- Fix display of service names to '-' when name doesn't resolve(database logs).
- Fix state maintenance when using alternate data source.
- Fix display of oob time to use date format string (database).
- Fix display of icmp gateway on packet detail page.
- Fix mysql and postgresql setup scripts for sample reports on some systems.
- Fix drill-down with arbitrary column defined in some cases (database).
- Fix page refresh when running report from report editor.
- Fix harmless PHP notice-level messages about undefined indexes, etc.
- Fix for netfilter when kernel logs uptime (syslog).
- Fix for Cisco PIX ID string variations.
- Gracefully continue on home page/report editor if no log table or view found.
- Remove outmoded option to update all in cache (database).
- Do not require or allow "AND" at start of additional WHERE clause (database).
- Use pcre instead of deprecated ereg functions internally.
- Allow trailing comments in conf file.
- Build system: use automake
- HTML fixes.
- Fix compiler warnings.
- Code cleanup.
- Documentation updates.

Version 0.94 2009-10-12

- Fix problem with sorting with ulogd and MySQL in some cases.
- Fix harmless PHP notice-level messages about undefined indexes, etc.
- Fix compatibility with legacy PHP and postgresql versions.
- Sort tables and reports alphabetically in report editor lists.
- HTML fixes.
- Fix compiler warnings.
- Code cleanup
- Documentation updates.

Version 0.93 2007-05-31

- Fix netfilter syslog parser for case where no log prefix and/or log host.
- Fix netfilter syslog parser to handle alternate date formats.
- Fix potential directory traversal vulnerability - CVE-2007-585.
- Fix MySQL setup script to grant needed additional rights.
- Makefile updates.
- Add webfwlog.conf parameter for syslog log file formats to parse.
- Tweak ipfilter parser.
- HTML fixes.
- Code cleanup.
- Documentation updates.

Version 0.92 2006-03-04

- Accept arbitrary column definition for SQL queries.
- Keep state properly for sort order on home page.
- Add links to home page and report editor on output page.
- Improve presentation for protocols other than tcp/udp/icmp.
- Fix matched record count when HAVING clause is invoked for ulog queries.
- Fix Makefiles to create directory structure if needed.
- Change name of allow_additional_where to allow_raw_sql in webfwlog.conf.
- Check MySQL version 5.0 for production release.
- Show progress indicator when updating hostnames cache as separate operation.
- Remove bash-ism from database setup scripts.
- Do not depend on access to mysql database in setup script
- Code cleanup.
- Documentation updates.

Version 0.91 2005-04-21

- Add support for ipfw log files.
- Add support for windows XP log files.
- Change name of entry page from webfwlog.php to index.php.
- Support PostgreSQL >= 7.1 (had required >= 7.3).
- Allow selection using ranges or multiple values for all numeric fields and protocol.
- Allow selection by regular expression for input/output interfaces and MAC address.
- Implement selection by earliest or latest logged packet for PostgreSQL.
- Allow selection by earliest or latest logged packet using oob time (ulogd).
- Add MAC address to packet detail page.
- Add total matched packets sum to report footer on summarized reports.
- Do not update hosts or populate cache while drilling down on unlimited report.
- Segregate populate cache segment time from update hostnames time.
- Add segment times to syslog output.
- Change 'Log Prefix' to 'Log Label'.
- Add default syslog file spec in webfwlog.conf.
- Get name of default_data_source parameter right in webfwlog.conf!
- Use temporary file instead of pipe for report definition with syslog parser.
- Use new PostgreSQL functions with php >= 4.2.
- Improve detection of MySQL and PostgreSQL library and header files.
- Do less work in configure when not building syslog parser.
- Do not print sql query on failure if allow_be_verbose is not set.
- Be explicit about sort order in SQL ORDER BY clause.
- Gracefully respond to bad report code in url.
- Print blank instead of 0 for source/destination port for icmp packets (syslog).
- Use dformat parameter from webfwlog.conf for presentation of syslog dates.
- Fix presentation of earliest and latest dates when only one packet matches (syslog).
- Fix presentation of hostname when IP does not resolve and is not in cache.
- Fix syslog parser when resolving hostnames and services when not updating cache.
- Fix syslog selection by date, local hostname or log label when test value contains ','.
- Fix evaluation of octal values in criteria (ulogd).
- Fix cache update/populate for summarized reports.
- Fix cache update with syslog parser and PostgreSQL.
- Fix hostnames cache update with PostgreSQL when not updating all with ulog.
- Fix services cache update when not updating all with ulog.
- Fix webfwlog crash with PostgreSQL and default data source of syslog.
- Fix case where no tcp options are selected to match.
- Fix drill-down on regular expression fields to match exact text displayed.
- Fix parsing of tcp sequence number with ipfilter.
- Fix case when page length is zero.
- Fix page refresh when drilling down.
- Fix state maintenance for data source after drill-down then return to main menu.
- Fix navigation after cancel on import/save/delete/export then return to main page.
- Fix navigation using back button from selection/sorting/criteria pages.
- Fix compiler warnings on some platforms
- Harden against SQL / HTML injection.
- Improve database setup scripts.
- Check for and require session ID propagation.
- Check for and require supported database server version at startup.
- Makefile revisions to support package managers.
- Tweak example report definitions.
- Add debug parameter to webfwlog.conf.
- Code cleanup.
- Documentation updates.

Version 0.90 2004-11-11

- Add support for system logs in netfilter and ipchains format (linux),
       and ipfilter format (BSD, etc.)
- Allow netmask when selecting by IP address.
- Allow multiple IP address selection criteria.
- Add input controls for all fields on criteria menu.
- Allow criteria specification in hex and octal.
- Add Always Populate Cache as run-time option for reports.
- When updating cache as manually, by default only update cache for
       entries added with Populate Cache option.
- Add button to resolve hostnames and update cache on packet detail page.
- Add meta-refresh setting to report definition.
- Always compute total matching lines on LIMITed report.
- Update last_accessed time when saving report.
- Allow webfwlog tables to be in separate database (MySQL) or schema (PostgreSQL).
- Allow override of data source at runtime (suggested by Steven Van Acker).
- Print 1/0 instead of t/f for TCP Options for PostgreSQL ulogd.
- Reorganize and update database setup scripts.
- Add failsafe defaults for config file parameters.
- Make note of default settings in webfwlog.conf.
- Add 'none' as db type.
- Change show_sql to be_verbose to be appropriate to all data sources.
- Allow unix domain sockets for PostgreSQL.
- Allow PHP 4.1 when using PostgreSQL (had required PHP 4.2).
- Use configure script to automate building and installation.
- Fix broken buttons after saving report definition.
- Fix status message and html page title to show correct report code in editor.
- Fix case where the test value of a criterion = 0.
- Fix problem with no display of resolved hostnames on packet detail page
       with PostgreSQL.
- Fix problem with no display of resolved hostnames on packet detail page
       when ip stored as text in ulogd.
- Always print SQL query if it fails.
- Update documentation.

Version 0.87 2004-6-1

- Add support for multiple ports and ranges.
- Add selection controls on report editor for min and max count.
- Improve presentation of fragmentation offset field.
- Only update hostnames / services appearing in report when updated at runtime.
- When updating cache at runtime update cache before running query!
- Add multiple paging links.
- Fix paging while drilling down.
- HTML changes for reasonable rendering on Netscape 4.xx.

Version 0.86 2004-4-10
- Fix problem with multiple sorts using report header links.
- Fix problem with resolved hostnames on packet page with non-int field types.
- Fix problem reloading page after using help links on report editor page.
- Minor documentation updates.

Version 0.85 2004-2-2
- Add config file option to change location of PHP saved session data.
- Add config options to tune PHP.
- Add resolved service names on packet detail page.
- Update scripts for MySQL and PostgreSQL.
- Fix PostgreSQL problem on drill-down on count column.
- Fix drill-down on count column for icmp.
- Fix broken cancel button on update cache page.
- Force flush of output during cache update.
 
Version 0.84a 2004-1-16
- Fix bug for drill-down on count column.

Version 0.84 2004-1-13
- Added ability to sort reports on main page.
- Add Update Cache button on main page.
- Add resolved hostnames on packet detail page.
- Fix drill-down for non-tcp protocols.
- Suppress icmp packets when drilling-down on tcp or udp port.
- Suppress blank last page for limited reports when matching rows are a
    multiple of page length.
- Print more meaningful row info in footer of limited reports.
- Make row info part of table.
- Use sessions instead of cookies for state maintenance.

Version 0.83 2003-12-15
- Fix to allow intuitive navigation with browser 'back' and 'refresh'
    buttons while 'drilling-down'.
- Make tab order on forms more intuitive.
- Give each functional page a descriptive name for better navigation.
- Use client-side filesystem instead of server-side for import and export.
- Only select tcp packets on drill-down on tcp options.
- Fix for display when sport or dport = 0 (was blank).
- Fix sample reports with 'HAVING' clause.
- Clean up debugging code.
- Do not need to force oob time in sample reports.

Version 0.82 2003-11-23
- Add PostgreSQL support.
- Add support for log-ip-as-string.
- Fix cache update when keys are duplicated.
- Add more status output during cache update.
- Use common cache update code.
- Minor html fix in report editor documentation.
- Add additional parameter checking.
- Make labels on earliest and latest columns unique.

Version 0.81 2003-11-18
- Added documentation for report editor.
- Fix compatibility with PHP 4.1.
- Gracefully respond to missing config file.

Version 0.8 2003-11-15
- Initial public release.
