Prelude/prelude-manager
Inhaltsverzeichnis
prelude-manager.conf
config-file of prelude-manager
global options
listen = 127.0.0.1
this is ok if you have a manager per host
if you want this manager to collect data from other hosts
you will have to bind him to an other address
# user = prelude # group = prelude
User and group are commented out!
For testing ok, but change if everythis is configured propperly
ipv6-only
since i'm running IPv6 i will set 'ipv6-only' for gathered addresses.
this causes the manager to convert all addresses to an ipv6-address
for raw ipv4 addresses this will cause converting to ::ffff:192.168.0.1
section [db]
i will not explain database-settings in here.
well documented in the config file and nothing special!
section [XmlMod]
validate format logfile = /var/log/prelude-xml.log
tells the XmlMod-module to validate xml
format human readable
and write it to log-file instead to stderr
section [Debug]
logfile = /var/log/prelude.log
turns on debug-log and setting it to a file since i dont want that on stderr
section [TextMod]
logfile = /var/log/prelude.log
not sure what it will do. same description as for section [Debug]
but has only one value to configure; the log-file. i think i want that ... so configuring it! ;-)
section [smtp]
sender = prelude-manager@myhost.tld recipients = admin@myhost.tld smtp-server = localhost subject = Prelude-Alert: $alert.classification.text template = /etc/prelude-manager/email.template dbtype = mysql dbname = prelude dbuser = prelude dbpass = sUp3RsEcur3 dbhost = db-hostname
copied /usr/share/doc/prelude-manager/smtp/template.example to /etc/prelude-manager/email.template
the rest is self-explaining i think
if the smtp-server is NOT running on localhost please give aproppriate ip/hostname
the db*-parameters are for the smtp-plugin to get a CorrelationAlert from the database.
Filtering plugins configuration
from here the base-config is ready!
configuring the filtering-plugins now...