To boost up the performance, now we trust the proxy cache.
I add some changes to the proxy.cgi to configure the proxy and the
squidclamav in the right way.
I also add a hook that allows us to generate a new configuration
if the cgi script will be launched from the shell.
Fixes#10367.
http://sourceforge.net/projects/swatch/
With swatch you can easily monitor (growing) log files
in realtime and create email alerts based on log file content.
e.g. with a config file like this:
watchfor /Priority\: ([1|2])/
echo=normal
mail=alerts@your.domain,subject=[SNORT] Priority $1 Alert
and a swatch command like this:
swatch --daemon -c /var/ipfire/snort/swatchrc --input-record-separator='\n\n' -t /var/log/snort/alert
you can setup email alerts for SNORT alerts.
This still needs an active MTA (e.g. dma or postfix).
some users has reported problems with the realtek vendor modules.
-problems at link detection with r8101.
-problems with igmpproxy with r8169.
so we switch to the original kernel modul. (vendor drivers are used for
xen because r8169 crash here)
Very useful for analyzing multicast traffic directly on the router/
firewall without the need for a large software like vlc or the like.
http://www.videolan.org/projects/multicat.html
Simple and efficient multicast and transport stream manipulation
The multicat package contains a set of tools designed to easily and
efficiently manipulate multicast streams in general, and MPEG-2
Transport Streams (ISO/IEC 13818-1) in particular.
The multicat suite of applications is very lightweight and designed
to operate in tight environments. Memory and CPU usages are kept to
a minimum, and they feature only one thread of execution.
multicat needs bitstream as a build dependency
http://www.videolan.org/developers/bitstream.html
Major change in these patches for the user is the addition
of a whitelist item for up and downstream interfaces.
Excerpt from one of patches:
Defines a whitelist for multicast groups. The network address must be in the following
format 'a.b.c.d/n'. If you want to allow one single group use a network mask of /32,
i.e. 'a.b.c.d/32'.
By default all multicast groups are allowed on any downstream interface. If at least one
whitelist entry is defined, all igmp membership reports for not explicitly whitelisted
multicast groups will be ignored and therefore not be served by igmpproxy. This is especially
useful, if your provider does only allow a predefined set of multicast groups. These whitelists
are only obeyed by igmpproxy itself, they won't prevent any other igmp client running on the
same machine as igmpproxy from requesting 'unallowed' multicast groups.
You may specify as many whitelist entries as needed. Although you should keep it as simple as
possible, as this list is parsed for every membership report and therefore this increases igmp
response times. Often used or large groups should be defined first, as parsing ends as soon as
a group matches an entry.
