[I think prelude-user is a more acceptable forum, so I put them in Cc:]
On Tue, 5 Nov 2002, Kavitha Srinivasan wrote:
> Does anyone who has used prelude IDS know in which file the IDMEF messages
> are logged for the alerts detected in the absence of frontend and database.
[Disclaimer: I'm a Prelude developer :-)]
For XML IDMEF use:
prelude-manager --xmlmod -l /path/to/file
(xmlmod is not enabled in distribution config file)
Human-readable data by default config goes in /var/log/prelude.log, unless
you pass -l to textmod plugin, i.e:
prelude-manager --textmod -l /path/to/file
It can of course be combined, i.e:
prelude-manager --xmlmod -l /path/to/xml/file --textmod -l
/path/to/text/file
prelude-manager -h for complete list of options.
The same effect can be accomplished by modifying setup in
/usr/local/etc/prelude-manager/prelude-manager.conf
BTW, configuration of plugins is independent, i.e. xmlmod does not care if
you have database support or not.
// Krzysztof Zaraska * kzaraska (at) student.uci.agh.edu.pl
// Prelude IDS: http://www.prelude-ids.org/
// A dream will always triumph over reality, once it is given the chance.
// -- Stanislaw Lem
Received on Nov 07 2002
Intro
