Sending output to prelude

Prelude is a Hybrid IDS that uses IDMEF to receive alert information from external devices. If you are a Prelude user and wish to send your OSSEC alerts to Prelude, do the following:

Enabling Prelude Support

Note

You must have the Prelude libraries installed on the OSSEC server.

Before you run the ”./install.sh” script execute the following to compile OSSEC with prelude support.

# cd ossec-hids-*
# cd src; make setprelude; cd ..
# ./install.sh

Enable Prelude output in the configuration

Just add the following entry to your ossec.conf inside the <global> section.

<prelude_output>yes</prelude_output>

Prelude extra options

You can define your own profile and set the log level from which you can send alerts to prelude with those parameters. Once again in the <global> section.

<prelude_profile>MyOssecProfile</prelude_profile>
<prelude_log_level>6</prelude_log_level>

Table Of Contents

Previous topic

Daily E-Mail Reports

Next topic

Active Response