The following is the changelog for OSSEC version 2.4.

Changelog:

 Added more options to filter by user and srcip on reportd.
 Fixed init script for gentoo that was failing if OSSEC was not installed at /var/ossec. http://ossec.uservoice.com/pages/18254-general/suggestions/284923-etc-init-d-ossec-installation-reference
 Fixed false positives on su/sudo trojan signature for Ubuntu. http://ohioloco.ubuntuforums.org/showthread.php?p=8494734
 Added rules for Tru64 ftpd. (By Stephen Kreusch).
 Added rules for True64 rshd. (By Stephen Kreusch).
 Added rules for HP-UX cimserver. (By Stephen Kreusch).
 Added rules for Microsoft Security Essentials
 Patched system audit checks to look at /etc/php.ini. (By Scott R. Shinn).
 Added MySQL timestamp to the schema (to improve performance). (By Scott R. Shinn).
 Fixed a memory leak on the Windows agent that was not properly closing the sockets. It will cause a port exhaustion if the manager becames unavailablefor a long period of time. (By Paul Southerington).
 Fixed false positive in the rootcheck trojan rule for du.(Reported by Brian Mastenbrook).
 Added rules to Ignore cron logout messages on Ubuntu/Debian.
 Fixed bug where the only the first lines of the logs were stored in the database output.
 Added support for logging from the agentless.(By Jeremy Rossi )
 Added additional rules options to the tag (cve, link). (By Jeremy Rossi ).
 Improved Prelude support by adding detailed change information on the integrity checking events.(By Jeremy Rossi ).
 Adding Windows netsh active response - for Windows 2003 and up (By http://windowsnerd.com/).
 Improved ossec-logtest to be used for the forensic analysis of log files http://www.ossec.net/dcid/?p=192
 Added daily summaries/reports option.
 Fixed bug where overwritten rules were not using the new ignore time. (Reported by Peter M. Abraham).
 Fixed wrong path to ipf on the firewall-drop active response for Solaris. (Reported by Borut Podlipnik).
 Fixed bug on the courier rules for failed login (Reported by atomicturtle).
 Fixed bugs found by clang.(Patch by Jeremy Rossi ).
 Added ’diff’ option to rules (check_diff).
 Added rules to ignore crawlers causing 404s (MSN, Google, Yahoo, etc).
 Added rules to alert on Postfix starting and stopping.
 Improved decoder to match on Snare logs from Vista.
 Fixed performance issue when the FTS queue was too large. (reported by Burks, Doug )
 Added one-way option to the agent, to deal with systems where the manager can’t talk back and respond to the keep alive requests.
 Fixed bug on smbd rules.(reported by trevor.a.b.mcleod@gmail.com)
 Fixed bug on ossec_dbd that was crashing with the check_diff option enabled. (reported by Dan)
 Added showlogs option to the daily reports.
 Fixed bug on the fts queue that was getting duplicated entries (reported by Cristian Paul Peñaranda Roja)
 Removed false positive from the cback worm rootkit detection rule. (reported by Erik Zettel )