Re: Prelude IDS

[I think prelude-user is a more acceptable forum, so I put them in Cc:]

On Tue, 5 Nov 2002, Kavitha Srinivasan wrote:

> Does anyone who has used prelude IDS know in which file the IDMEF messages
> are logged for the alerts detected in the absence of frontend and database.

[Disclaimer: I'm a Prelude developer :-)]

For XML IDMEF use:

prelude-manager --xmlmod -l /path/to/file

(xmlmod is not enabled in distribution config file)

Human-readable data by default config goes in /var/log/prelude.log, unless you pass -l to textmod plugin, i.e:

Do you need help?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

prelude-manager --textmod -l /path/to/file

It can of course be combined, i.e:

prelude-manager --xmlmod -l /path/to/xml/file --textmod -l /path/to/text/file

prelude-manager -h for complete list of options.

The same effect can be accomplished by modifying setup in /usr/local/etc/prelude-manager/prelude-manager.conf

BTW, configuration of plugins is independent, i.e. xmlmod does not care if you have database support or not.

// Krzysztof Zaraska * kzaraska (at) student.uci.agh.edu.pl
// Prelude IDS: 
http://www.prelude-ids.org/
// A dream will always triumph over reality, once it is given the chance.
//		-- Stanislaw Lem