From OSSEC Wiki
Contents |
[edit]
How to enable Prelude Support?
Prelude is a Hybrid IDS that uses IDMEF to receive alert information from external devices.
If you are a Prelude user and wish to send your OSSEC alerts to Prelude, do the following:
[edit]
Enable Prelude Support
- You must have the Prelude libraries installed on the OSSEC server.
Before you run the "./install.sh" script, execute the following:
$ cd ossec-hids-xx $ cd src; make setprelude; cd .. $ ./install.sh
[edit]
Enable Prelude output in the configuration
Just add the following entry to your ossec.conf:
<prelude_output>yes</prelude_output>
[edit]
Prelude extra options
You can define your own profile and set the log level from which you can send alerts to prelude with those parameters:
<prelude_profile>MyOssecProfile</prelude_profile> <prelude_log_level>6</prelude_log_level>