Prelude/prelude-manager: Unterschied zwischen den Versionen
Cbs (Diskussion | Beiträge) |
Cbs (Diskussion | Beiträge) |
||
Zeile 67: | Zeile 67: | ||
'''nothing to configure here for now...'''<br/> | '''nothing to configure here for now...'''<br/> | ||
− | + | ==Final config-steps== | |
prelude-admin add prelude-manager --uid 0 --gid 0 | prelude-admin add prelude-manager --uid 0 --gid 0 | ||
generate an prelude admin-user<br/> | generate an prelude admin-user<br/> | ||
this may take a long time generating the key's<br/> | this may take a long time generating the key's<br/> | ||
debian-lenny did that allready for me... no need to do that by hand!<br/> | debian-lenny did that allready for me... no need to do that by hand!<br/> |
Version vom 1. Juli 2010, 09:20 Uhr
Inhaltsverzeichnis
prelude-manager.conf
config-file of prelude-manager
global options
listen = 127.0.0.1
this is ok if you have a manager per host
if you want this manager to collect data from other hosts
you will have to bind him to an other address
# user = prelude # group = prelude
User and group are commented out!
For testing ok, but change if everythis is configured propperly
ipv6-only
since i'm running IPv6 i will set 'ipv6-only' for gathered addresses.
this causes the manager to convert all addresses to an ipv6-address
for raw ipv4 addresses this will cause converting to ::ffff:192.168.0.1
section [db]
i will not explain database-settings in here.
well documented in the config file and nothing special!
section [XmlMod]
validate format logfile = /var/log/prelude-xml.log
tells the XmlMod-module to validate xml
format human readable
and write it to log-file instead to stderr
section [Debug]
logfile = /var/log/prelude.log
turns on debug-log and setting it to a file since i dont want that on stderr
section [TextMod]
logfile = /var/log/prelude.log
not sure what it will do. same description as for section [Debug]
but has only one value to configure; the log-file. i think i want that ... so configuring it! ;-)
section [smtp]
sender = prelude-manager@myhost.tld recipients = admin@myhost.tld smtp-server = localhost subject = Prelude-Alert: $alert.classification.text template = /etc/prelude-manager/email.template dbtype = mysql dbname = prelude dbuser = prelude dbpass = sUp3RsEcur3 dbhost = db-hostname
copied /usr/share/doc/prelude-manager/smtp/template.example to /etc/prelude-manager/email.template
the rest is self-explaining i think
if the smtp-server is NOT running on localhost please give aproppriate ip/hostname
the db*-parameters are for the smtp-plugin to get a CorrelationAlert from the database.
section [prelude]
here the main prelude-options/config-vals are set!
i'll keep the default-vals which come from systemOS
Not all OS'es allow to overwrite OS-settings. Prelude will display a WARNING if so! |
Filtering plugins configuration
from here the base-config is ready!
configuring the filtering-plugins now...
nothing to configure here for now...
Final config-steps
prelude-admin add prelude-manager --uid 0 --gid 0
generate an prelude admin-user
this may take a long time generating the key's
debian-lenny did that allready for me... no need to do that by hand!