This is the initial release candidate for OSSEC 2.1.1-2 for ASL environments.

Changelog:
-Added additional rules to detect the enumeration of extensions
(Patch by Chris Bailes <chris at paeenterprises.co.uk>).

-Added support for glob (regular expressions) when specifying the directories
to check on syscheck.

-Added support for syslog-ng ISODATE (conforming to ISO-8601) date formats
in the syslog header.

-Added support for rsyslog non-standard date format (RFC 5425).

-Added the log testing tool to the default build (now available at
/var/ossec/bin/ossec-logtest ).

-Added agentless script for Foundry switches
(Thanks to Matt <mgoldsberry at gmail.com> for the help).

-Added support for real time integrity checking.

-Added support for sending OSSEC alerts to twitter via active response.

-Added support for Windows DHCP logs
(Thanks to phishphreek@gmail.com for the help).

-Adding changes to support ASA/FWSM on the agentless monitoring
(Thanks to Michael Starks for the patch)

-Added option to restart an ossec agent remotely.

-Added agent config on the manager side.

-Added the ability to fully build an Windows ossec agent directly from
the (Linux) server.

-Fixed rootcheck to do not monitor read-only file systems during the
rc_sys_check
(Reported by Dennis Golden).

-Fixed Windows policy that was looking for the wrong value to check if
the firewall
was enabled or not
(Reported by Aaron Bliss).

-Fixed debian rules that were matching on Juniper messages
(Reported by Reggie Griffin).

-Fixed yum rules that we matching on another events.

-Fixed syscheck_control that was segfaulting on 64 bit systems.

-Fixed mcafee rule that was triggering deleted viruses as uncontained
(Thanks to Michael Starks for the patch).

-Fixed sshd rule to support new log format
(Thanks to j.bromley at bristol.ac.uk for the report).

-Fixed ssh_integrity_check_linux agentless script that had some extra spaces
causing it to hang
(Thanks to Mark Ibrahim for the report).

-Fixed support for systems without proper syslog hostname (solaris 8/9
most of the time).

-Added System32 Restore directory to the list of ignore files for
integrity checking
(it was causing too many false positives).

-Fixed iptables active-response scripts that was not properly deleted
all the entries.

-Added agentless devices to the listing tools (agent_control -l,
syscheck_control, -l ,etc).

-Fixed bug when reading /dev/fd on FreeBSD that was causing ossec to loop.
(Patch by Danny Fullerton - dfullerton at mantor.org )

-Fixed file descriptor leak on execd.
(Patch by Slava Semushin - php-coder at altlinux.org )

-Fixed bug where descriptions with new lines would break the alert file.
(Reported by Bill Mathews <billford at gmail.com>)

-Fixed init scripts for Darwin.
(patch by Peter <peter.wolanin at acquia.com>)

-Added support for strftime on globbed files.

-Added the option to decrease syscheck sleep time to 0 (and run as fast as possible).
(thanks to Michael Altfield <michael.sa at gmail.com> for the suggestion)


To Upgrade:
yum --enablerepo=asl-2.0-testing upgrade ossec-hids