Prelude is a Hybrid IDS that uses IDMEF to receive alert information from external devices. If you are a Prelude user and wish to send your OSSEC alerts to Prelude, do the following:
You must have the Prelude libraries installed on the OSSEC server.
Before you run the “./install.sh” script execute the following to compile OSSEC with prelude support.
# cd ossec-hids-* # cd src; make setprelude; cd .. # ./install.sh
Just add the following entry to your ossec.conf inside the <global> section.
You can define your own profile and set the log level from which you can send alerts to prelude with those parameters. Once again in the <global> section.