[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[ossec-dev] Re: Ossec as a prelude analyzer patch

To: ossec-dev@xxxxxxxxxxxxxxxx
Subject: [ossec-dev] Re: Ossec as a prelude analyzer patch
From: "Daniel Cid" <dcid@xxxxxxxxx>
Date: Mon, 24 Sep 2007 22:44:07 -0300
Authentication-results: mx.google.com; spf=pass (google.com: domain of dcid@xxxxxxxxx designates 64.233.182.191 as permitted sender) smtp.mail=dcid@xxxxxxxxx
Cc: "Sebastien Tricaud" <toady@xxxxxxxxxx>

Hi Sebastien,

Thanks for the patch. I just committed it, but I need that you test it to make
sure it all works. I made some changes to the code and merged it all on
prelude.c (instead of filling analysisd.c with too much stuff). Take a
look at it and
let me know...

http://www.ossec.net/files/snapshots/ossec-hids-070924.tar.gz

Thanks,

--
Daniel B. Cid
dcid ( at ) ossec.net

On 9/16/07, Sebastien Tricaud <toady@xxxxxxxxxx> wrote:
> Hello people,
>
> The attached patch (upon cvs head) makes OSSEC being a Prelude IDS
> (http://www.prelude-ids.org) sensor.
> (It is a set of three files: the patch from cvs diff and prelude.{c,h}
> which for random reasons wasn't in my diff despite a cvs add).
>
> Prelude IDS is a hybrid IDS, that provides richer capabilities to
> existing sensors :
> - Unified and modular framework (see
> http://www.wallinfire.net/files/prelude-userarch.png)
> - Graphical interface with filtering capabilities
> - Alerts correlation (prelude-correlator)
> - Notification (http://www.wallinfire.net/brouette/,
> http://www.gscore.org/blog/index.php/post/2007/03/27/New-brouette-theme)
> - IDMEF compliant (For a short introduction, see
> http://www.gscore.org/blog/index.php/post/2007/08/13/IDMEF-for-dummies-part-1)
> - ...
>
> The idea is to have OSSEC being able to work with the Prelude Framework
> to do the job it is good at, namely HIDS.
>
> If you want to start with the OSSEC and Prelude IDS integration, please
> read the Prelude Handbook:
> https://trac.prelude-ids.org/wiki/PreludeHandbook
>
> To register your OSSEC sensor, keep in mind that the Prelude is ported
> to the analysis part of the code. Since the Analysis part is running as
> ossec user, you must register your sensor as the ossec user.
>
> On my machine, I had to do:
> prelude-adduser register ossec "idmef:w" localhost --uid 1007 --gid 1007
>
> and:
> prelude-admin registration-server prelude-manager
>
> And that all! You can then see OSSEC alerts in the Prewikka GUI.
>
>
> As usual, feedback appreciated ;-) enjoy!
>
> Sebastien.
>
>
>

References:
- [ossec-dev] Ossec as a prelude analyzer patch
  - From: Sebastien Tricaud

Prev by Date: [ossec-dev] [Bug 77] [PATCH] Dont' install scripts for all firewalls in agent installation
Next by Date: [ossec-dev] Re: Web UI XHTML Validation Patch
Previous by thread: [ossec-dev] Ossec as a prelude analyzer patch
Next by thread: [ossec-dev] [Bug 74] New: Deal with help option
Index(es):
- Date
- Thread

OSSEC home | Main Index | Thread Index

OSSEC project: www.ossec.net.
Mailling list information: http://www.ossec.net/en/mailing_lists.html.