--- sec-2.3.2/sec.pl	2005-08-26 13:54:32.000000000 +0100
+++ sec-2.3.2.new/sec.pl	2006-01-29 22:41:24.000000000 +0000
@@ -81,6 +81,7 @@
   @events
   $evstoresize
   $fromstart
+  $idmef_analyzer
   @inputfilepat
   @inputfiles
   %inputsrc
@@ -98,6 +99,9 @@
   @pending_events
   $pidfile
   $poll_timeout
+  $preludeavail
+  $prelude_options
+  $prelude_client
   $processedlines
   $quoting
   @readbuffer
@@ -123,12 +127,12 @@
 use IO::Handle;
 
 $syslogavail = eval { require Sys::Syslog };
+$preludeavail = eval { require Prelude };
 
 $SEC_VERSION = "2.3.2";
 
 
 # read options given in commandline
-
 GetOptions( "conf=s" => \@conffilepat,
             "input=s" => \@inputfilepat,
             "input_timeout=i" => \$input_timeout,
@@ -139,6 +143,7 @@
             "blocksize=i" => \$blocksize,
             "log=s" => \$logfile,
             "syslog=s" => \$syslogf,
+            "prelude=s" => \$prelude_options,
             "debug=i", \$debuglevel,
             "pid=s" => \$pidfile,
             "dump=s" => \$dumpfile,
@@ -174,6 +179,7 @@
   -blocksize=<io block size>
   -log=<logfile>
   -syslog=<facility>
+  -prelude=<prelude options>
   -debug=<debuglevel>
   -pid=<pidfile>
   -dump=<dumpfile>
@@ -351,6 +357,7 @@
 use constant ASSIGN		=> 19;
 use constant EVAL		=> 20;
 use constant CALL		=> 21;
+use constant PRELUDE		=> 22;
 
 use constant OPERAND		=> 0;
 use constant NEGATION		=> 1;
@@ -483,6 +490,73 @@
 
 
 
+# Action: open connection to prelude
+
+sub open_prelude {
+  my($idmef_analyzer_model, $idmef_analyzer_class, $idmef_analyzer_version);
+
+  if (!$preludeavail) {
+    if (-t STDERR  ||  -f STDERR) {
+      print STDERR "Can't load Prelude, exiting!\n";
+    }
+
+    child_cleanup();
+    exit(1);
+
+  }
+
+  my @prelude_argv = ($0, "--prelude");
+  push @prelude_argv, split(/\s+/, $prelude_options);
+  if (Prelude::prelude_init(scalar(@prelude_argv), \@prelude_argv) != 0) {
+    if (-t STDERR  ||  -f STDERR) {
+      print STDERR "Can't initialize prelude, exiting!\n";
+    }
+
+    child_cleanup();
+    exit(1);
+
+  }
+
+  if (Prelude::prelude_client_new(\$prelude_client, "sec") != 0) {
+    if (-t STDERR  ||  -f STDERR) {
+      print STDERR "Can't create prelude client, exiting!\n";
+    }
+
+    child_cleanup();
+    exit(1);
+
+  }
+
+  $idmef_analyzer = Prelude::prelude_client_get_analyzer($prelude_client);
+  Prelude::idmef_analyzer_set_model($idmef_analyzer, "SEC");
+  Prelude::idmef_analyzer_set_class($idmef_analyzer, "Correlator");
+  Prelude::idmef_analyzer_set_version($idmef_analyzer, $SEC_VERSION);
+
+  if (Prelude::prelude_client_start($prelude_client) != 0) {
+    if (-t STDERR  ||  -f STDERR) {
+      print STDERR "Can't start prelude client, exiting!\n";
+    }
+
+    child_cleanup();
+    exit(1);
+
+  }
+
+  my $flag = $Prelude::PRELUDE_CLIENT_FLAGS_ASYNC_TIMER;
+  if (Prelude::prelude_client_set_flags($prelude_client, $Prelude::PRELUDE_CLIENT_FLAGS_ASYNC_TIMER) != 0) {
+    if (-t STDERR  ||  -f STDERR) {
+      print STDERR "Can't set timer flag for prelude client, exiting!\n";
+    }
+
+    child_cleanup();
+    exit(1);
+
+  }
+
+}
+
+
+
 # Parameters: par1 - severity of the log message
 #             par2, par3, ... - strings to be logged
 # Action: strings par2, par3, ... will be equipped with timestamp and 
@@ -1019,6 +1093,8 @@
 
   }
 
+  elsif ($action =~ /^prelude$/i) { return PRELUDE; }
+
   elsif ($action =~ /^create\b\s*(\S*)\s*(\S*)\s*(.*)/i) { 
 
     $context = $1;
@@ -3616,6 +3692,13 @@
  
     }
 
+    elsif ($src_ref->[$i] == PRELUDE) {
+
+      push @{$dest_ref}, PRELUDE;
+      ++$i;
+
+    }
+
     elsif ($src_ref->[$i] == CREATECONTEXT) {
 
       push @{$dest_ref}, CREATECONTEXT;
@@ -3850,6 +3933,8 @@
   my($event, @event, $alias, @aliases, @params);
   my($variable, $value, $code, @retval, $evalok);
   my($key, $ref);
+  my($idmef_time, $idmef_message, $idmef_alert);
+  my($idmef_path, $idmef_value);
 
 
   $i = 0;
@@ -4024,6 +4109,80 @@
 
     }
 
+    elsif ($actionlist->[$i] == PRELUDE) {
+
+      if (Prelude::idmef_message_new(\$idmef_message) == 0) {
+
+        Prelude::idmef_time_new_from_gettimeofday(\$idmef_time);
+        Prelude::idmef_message_new_alert($idmef_message, \$idmef_alert);
+        Prelude::idmef_alert_set_analyzer($idmef_alert, $idmef_analyzer, -1);
+        Prelude::idmef_alert_set_create_time($idmef_alert, $idmef_time);
+
+        # split into fields
+        my @fields = split(/[^\\];/, $text);
+
+        foreach my $field (@fields) {
+
+          $field =~ s/\\;/;/;
+          my ($object, $value) = split(/=/, $field);
+          $object =~ s/^\s*//;
+          $object =~ s/\s*$//;
+          $value =~ s/^\s*//;
+          $value =~ s/\s*$//;
+
+          if (Prelude::idmef_path_new(\$idmef_path, $object) == 0) {
+
+            if (Prelude::idmef_value_new_from_path(\$idmef_value, $idmef_path, $value) == 0) {
+
+              if (Prelude::idmef_path_set($idmef_path, $idmef_message, $idmef_value) == 0) {
+
+                Prelude::idmef_path_destroy($idmef_path);
+
+              } else {
+
+                if ($debuglevel >= LOG_WARN) {
+                  log_msg(LOG_WARN,
+                        "Can't set idmef_value for path $object!");
+                }
+
+              }
+
+            } else {
+
+              if ($debuglevel >= LOG_WARN) {
+                log_msg(LOG_WARN,
+                      "Can't create new idmef_value for path $object!");
+              }
+
+            }
+
+          } else {
+
+            if ($debuglevel >= LOG_WARN) {
+              log_msg(LOG_WARN,
+                    "Can't create new idmef_path $object!");
+            }
+
+          }
+
+        }
+
+        Prelude::prelude_client_send_idmef($prelude_client, $idmef_message);
+        Prelude::idmef_message_destroy($idmef_message);
+
+      } else {
+
+        if ($debuglevel >= LOG_WARN) {
+          log_msg(LOG_WARN,
+                  "Can't create new idmef_message!");
+        }
+
+      }
+
+      ++$i;
+
+    }
+
     elsif ($actionlist->[$i] == CREATECONTEXT) {
 
       $context = $actionlist->[$i+1];
@@ -5169,6 +5328,12 @@
  
     }
 
+    elsif ($actionlist->[$i] == PRELUDE) {
+
+      ++$i;
+
+    }
+
     elsif ($actionlist->[$i] == CREATECONTEXT) {
  
       subst_string(\@subst_modified, $actionlist->[$i+1], $token);
@@ -6661,6 +6826,13 @@
  
     }
 
+    elsif ($actionlist->[$i] == PRELUDE) {
+
+      $result .= "prelude";
+      ++$i;
+
+    }
+
     elsif ($actionlist->[$i] == CREATECONTEXT) { 
 
       $result .= "create " . $actionlist->[$i+1] . " " . $actionlist->[$i+2];
@@ -7827,6 +7999,14 @@
 
     }
 
+    # reopen prelude connection
+    if (defined($prelude_options)) {
+
+      Prelude::prelude_client_destroy($prelude_client, $Prelude::PRELUDE_CLIENT_EXIT_STATUS_SUCCESS);
+      open_prelude();
+
+    }
+
     # set flags back to zero
 
     $refresh = 0;
@@ -7874,6 +8054,13 @@
 
     }
 
+    if (defined($prelude_options)) {
+
+      Prelude::prelude_client_destroy($prelude_client, $Prelude::PRELUDE_CLIENT_EXIT_STATUS_SUCCESS);
+      open_prelude();
+
+    }
+
     $openlog = 0;
 
   }
@@ -8841,8 +9028,9 @@
 
 ### Open logfile
 
-if (defined($logfile))  { open_logfile($logfile); }
-if (defined($syslogf))  { open_syslog($syslogf); }
+if (defined($logfile))         { open_logfile($logfile); }
+if (defined($syslogf))         { open_syslog($syslogf); }
+if (defined($prelude_options)) { open_prelude(); }
 
 log_msg(LOG_NOTICE, "Simple Event Correlator version $SEC_VERSION");