Prelude/prelude-manager

Aus SchnallIchNet
Wechseln zu: Navigation, Suche

prelude-manager.conf

config-file of prelude-manager

global options

listen = 127.0.0.1

this is ok if you have a manager per host
if you want this manager to collect data from other hosts
you will have to bind him to an other address

# user = prelude
# group = prelude

User and group are commented out!
For testing ok, but change if everythis is configured propperly

ipv6-only

since i'm running IPv6 i will set 'ipv6-only' for gathered addresses.
this causes the manager to convert all addresses to an ipv6-address
for raw ipv4 addresses this will cause converting to ::ffff:192.168.0.1

section [db]

i will not explain database-settings in here.
well documented in the config file and nothing special!

section [XmlMod]

validate
format
logfile = /var/log/prelude-xml.log

tells the XmlMod-module to validate xml
format human readable
and write it to log-file instead to stderr

section [Debug]

logfile = /var/log/prelude.log

turns on debug-log and setting it to a file since i dont want that on stderr

section [TextMod]

logfile = /var/log/prelude.log

not sure what it will do. same description as for section [Debug]
but has only one value to configure; the log-file. i think i want that ... so configuring it! ;-)

section [smtp]

sender = prelude-manager@myhost.tld
recipients = admin@myhost.tld
smtp-server = localhost
subject = Prelude-Alert: $alert.classification.text
template = /etc/prelude-manager/email.template
dbtype = mysql
dbname = prelude
dbuser = prelude
dbpass = sUp3RsEcur3
dbhost = db-hostname

copied /usr/share/doc/prelude-manager/smtp/template.example to /etc/prelude-manager/email.template
the rest is self-explaining i think
if the smtp-server is NOT running on localhost please give aproppriate ip/hostname
the db*-parameters are for the smtp-plugin to get a CorrelationAlert from the database.

section [prelude]

here the main prelude-options/config-vals are set!
i'll keep the default-vals which come from systemOS

Achtung.jpeg Not all OS'es allow to overwrite OS-settings. Prelude will display a WARNING if so!

Filtering plugins configuration

from here the base-config is ready!
configuring the filtering-plugins now...
nothing to configure here for now...

Final config-steps

prelude-admin add prelude-manager --uid 0 --gid 0

generate an prelude admin-user
this may take a long time generating the key's
debian-lenny did that allready for me... no need to do that by hand!

Von „https://schnallich.net/index.php?title=Prelude/prelude-manager&oldid=808