1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
|
Source: prelude-lml
Section: admin
Priority: extra
Maintainer: Mickael Profeta <profeta@debian.org>
Uploaders: Pierre Chifflier <pollux@debian.org>
Build-Depends: debhelper (>> 5.0.0),
libev-dev,
libprelude-dev (>> 0.9.7),
libpcre3-dev,
libgnutls-dev (>= 1.2.9),
libicu-dev,
quilt
Standards-Version: 3.8.4
Package: prelude-lml
Architecture: any
Depends: ${shlibs:Depends}, ${misc:Depends}
Recommends: rsyslog | system-log-daemon
Description: Security Information Management System [ Log Agent ]
Prelude is a Universal "Security Information Management" (SIM) system.
Its goals are performance and modularity. It is divided in two main
parts :
- the Prelude sensors, responsible for generating alerts, such as
snort sensor, featuring a signature engine, plugins for
protocol analysis, and intrusion detection plugins, and the Prelude
log monitoring lackey.
- the Prelude report server, collecting data from Prelude sensors,
and generating user-readable reports.
.
Prelude-LML is a signature based log analyzer monitoring logfile and
received syslog messages for suspicious activity. It handle events
generated by a large set of components, including but not limited to:
Apache, BigIP, Grsecurity, Honeyd, ipchains, Netfilter, ipfw, Nagios,
NTsyslog, NuFW, PAM, Portsentry, Postfix, Proftpd, ssh, etc.
|
