IDS mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Prelude IDS

From: Krzysztof Zaraska <kzaraska () student uci agh edu pl>
Date: Thu, 7 Nov 2002 10:18:31 +0100 (CET)
[I think prelude-user is a more acceptable forum, so I put them in Cc:]

On Tue, 5 Nov 2002, Kavitha Srinivasan wrote:


Does anyone who has used prelude IDS know in which file the IDMEF messages 
are logged for the alerts detected in the absence of frontend and database.


[Disclaimer: I'm a Prelude developer :-)]

For XML IDMEF use:

prelude-manager --xmlmod -l /path/to/file

(xmlmod is not enabled in distribution config file)

Human-readable data by default config goes in /var/log/prelude.log, unless
you pass -l to textmod plugin, i.e:

prelude-manager --textmod -l /path/to/file

It can of course be combined, i.e:

prelude-manager --xmlmod -l /path/to/xml/file --textmod -l
/path/to/text/file

prelude-manager -h for complete list of options. 

The same effect can be accomplished by modifying setup in
/usr/local/etc/prelude-manager/prelude-manager.conf

BTW, configuration of plugins is independent, i.e. xmlmod does not care if
you have database support or not.  

// Krzysztof Zaraska * kzaraska (at) student.uci.agh.edu.pl
// Prelude IDS: http://www.prelude-ids.org/
// A dream will always triumph over reality, once it is given the chance.
//              -- Stanislaw Lem
Previous By Date Next
Previous By Thread Next

Current thread: