T2 package - trunk - prelude-lml - Prelude Sensor for analyzing logs and collecting Syslog events

prelude-lml: Prelude Sensor for analyzing logs and collecting Syslog events¹

Prelude-LML is a signature based log analyzer monitoring your logfile and received syslog messages for suspicious activity. It handle events generated by a large set of components, including but not limited to: APC Emu, BigIP, Cisco PIX, Clamav, Dell-OM, Grsecurity, Honeyd, ipchains, Netfilter, ipfw, Nokia ipso, Apache ModSecurity, Ms-SQL, Nagios, Norton Antivirus Corporate Edition, NTsyslog, Pam, Portsentry, Postfix, Proftpd, ssh, etc.

Prelude-LML was written in order to easily integrate third party product, most particularly product that can't be modified directly to use the Prelude library.

... part of T2, get it here

URL: http://www.prelude-ids.org

Author: Yoann Vandoorselaere <yoann [at] prelude-ids [dot] org>
Author: The prelude-IDS Project <http://www [dot] prelude-ids [dot] org>
Maintainer: The T2 Project <t2 [at] t2-project [dot] org>

License: OpenSource
Status: Stable
Version: 1.0.0

Download: http://www.prelude-technologies.com/download/releases/prelude-lml prelude-lml-1.0.0.tar.gz

T2 source: prelude-lml.cache
T2 source: prelude-lml.conf
T2 source: prelude-lml.desc
T2 source: prelude-lml.init

Build time (on reference hardware): 35% (relative to binutils)²

Installed size (on reference hardware): 0.64 MB, 81 files

Dependencies (build time detected): 00-dirtree binutils coreutils diffutils findutils gawk gnutls grep icu4c libgcrypt libgpg-error libprelude libtasn1 libtool linux-header m4 make pcre pkgconfig sed sysfiles tar zlib

Installed files (on reference hardware): [show]

etc/opt/prelude/prelude-lml
etc/opt/prelude/prelude-lml/plugins.rules
etc/opt/prelude/prelude-lml/prelude-lml.conf
etc/opt/prelude/prelude-lml/ruleset
etc/opt/prelude/prelude-lml/ruleset/apc-emu.rules
etc/opt/prelude/prelude-lml/ruleset/arbor.rules
etc/opt/prelude/prelude-lml/ruleset/arpwatch.rules
etc/opt/prelude/prelude-lml/ruleset/asterisk.rules
etc/opt/prelude/prelude-lml/ruleset/bonding.rules
etc/opt/prelude/prelude-lml/ruleset/cacti-thold.rules
etc/opt/prelude/prelude-lml/ruleset/checkpoint.rules
etc/opt/prelude/prelude-lml/ruleset/cisco-asa.rules
etc/opt/prelude/prelude-lml/ruleset/cisco-common.rules
etc/opt/prelude/prelude-lml/ruleset/cisco-css.rules
etc/opt/prelude/prelude-lml/ruleset/cisco-ips.rules
etc/opt/prelude/prelude-lml/ruleset/cisco-router.rules
etc/opt/prelude/prelude-lml/ruleset/cisco-vpn.rules
etc/opt/prelude/prelude-lml/ruleset/clamav.rules
etc/opt/prelude/prelude-lml/ruleset/dell-om.rules
etc/opt/prelude/prelude-lml/ruleset/f5-bigip.rules
etc/opt/prelude/prelude-lml/ruleset/grsecurity.rules
etc/opt/prelude/prelude-lml/ruleset/honeyd.rules
etc/opt/prelude/prelude-lml/ruleset/honeytrap.rules
etc/opt/prelude/prelude-lml/ruleset/httpd.rules
etc/opt/prelude/prelude-lml/ruleset/ipchains.rules
etc/opt/prelude/prelude-lml/ruleset/ipfw.rules
etc/opt/prelude/prelude-lml/ruleset/kojoney.rules
etc/opt/prelude/prelude-lml/ruleset/linksys-wap11.rules
etc/opt/prelude/prelude-lml/ruleset/modsecurity.rules
etc/opt/prelude/prelude-lml/ruleset/ms-cluster.rules
etc/opt/prelude/prelude-lml/ruleset/ms-sql.rules
etc/opt/prelude/prelude-lml/ruleset/nagios.rules
etc/opt/prelude/prelude-lml/ruleset/navce.rules
etc/opt/prelude/prelude-lml/ruleset/netapp-ontap.rules
etc/opt/prelude/prelude-lml/ruleset/netfilter.rules
etc/opt/prelude/prelude-lml/ruleset/netscreen.rules
etc/opt/prelude/prelude-lml/ruleset/ntsyslog.rules
etc/opt/prelude/prelude-lml/ruleset/openhostapd.rules
etc/opt/prelude/prelude-lml/ruleset/pam.rules
etc/opt/prelude/prelude-lml/ruleset/pcanywhere.rules
etc/opt/prelude/prelude-lml/ruleset/pcre.rules
etc/opt/prelude/prelude-lml/ruleset/portsentry.rules
etc/opt/prelude/prelude-lml/ruleset/postfix.rules
etc/opt/prelude/prelude-lml/ruleset/ppp.rules
etc/opt/prelude/prelude-lml/ruleset/proftpd.rules
etc/opt/prelude/prelude-lml/ruleset/qpopper.rules
etc/opt/prelude/prelude-lml/ruleset/rishi.rules
etc/opt/prelude/prelude-lml/ruleset/selinux.rules
etc/opt/prelude/prelude-lml/ruleset/sendmail.rules
etc/opt/prelude/prelude-lml/ruleset/shadow-utils.rules
etc/opt/prelude/prelude-lml/ruleset/single.rules
etc/opt/prelude/prelude-lml/ruleset/snare_windows.rules
etc/opt/prelude/prelude-lml/ruleset/sonicwall.rules
etc/opt/prelude/prelude-lml/ruleset/spamassassin.rules
etc/opt/prelude/prelude-lml/ruleset/squid.rules
etc/opt/prelude/prelude-lml/ruleset/ssh.rules
etc/opt/prelude/prelude-lml/ruleset/su.rules
etc/opt/prelude/prelude-lml/ruleset/sudo.rules
etc/opt/prelude/prelude-lml/ruleset/suhosin.rules
etc/opt/prelude/prelude-lml/ruleset/tripwire.rules
etc/opt/prelude/prelude-lml/ruleset/vigor.rules
etc/opt/prelude/prelude-lml/ruleset/vpopmail.rules
etc/opt/prelude/prelude-lml/ruleset/webmin.rules
etc/opt/prelude/prelude-lml/ruleset/wu-ftp.rules
etc/rc.d/rcX.d/X66prelude-lml
opt/prelude/bin/prelude-lml
opt/prelude/include/prelude-lml
opt/prelude/include/prelude-lml/prelude-lml.h
opt/prelude/lib/prelude-lml
opt/prelude/lib/prelude-lml/debug.la
opt/prelude/lib/prelude-lml/debug.so
opt/prelude/lib/prelude-lml/pcre.la
opt/prelude/lib/prelude-lml/pcre.so
sbin/init.d/prelude-lml
var/adm/dependencies/prelude-lml
var/adm/descs/prelude-lml
var/adm/flists/prelude-lml
var/adm/md5sums/prelude-lml
var/adm/packages/prelude-lml
var/opt/prelude/lib
var/opt/prelude/lib/prelude-lml

¹) This page was automatically generated from the T2 package source. Corrections, such as dead links, URL changes or typos need to be performed directly on that source.

²) Compatible with Linux From Scratch's "Standard Build Unit" (SBU).

prelude-lml: Prelude Sensor for analyzing logs and collecting Syslog events1

prelude-lml: Prelude Sensor for analyzing logs and collecting Syslog events¹