PRELUDE // SNORT SENSOR
Added by Pierre Pichard about 8 years ago
Hello,
I would like to add SNORT sensor to PRELUDE.
I have followed the procédure but it does not run.
SNORT is installed on a VM. SNORT works good.
PRELUDE (manager,LML and correlator) is installed on other VM. I have created a SNORT profile and register SNORT sensor. I have succeeded.
I have restarted all PRELUDE services (prelude-manager, prelude-lml, prelude-correlator, prewikka)
The SNORT sensor does not appears in agents list on PREWIKKA's web gui
Then, i have found many configuration on the web, like :
- Snort's compilation (./configure --enable-prelude --with-mysql) = configure: WARNING: unrecognized options: --enable-prelude, --with-mysql
- Adding a line in the file snort.conf (output alert_prelude: profile=snort) = ERROR: /etc/snort/snort.conf(527) Unknown output plugin: "alert_prelude"
Can you help me for configure the SNORT sensor with PRELUDE ?
I have probably the same problem with the OSSEC sensor...
Thank you in advance for your quality support
PS :
PRELUDE version : 3.1.0
PRELUDE DB : MYSQL
SNORT version : 2.9.8.3
Both is installed on CENT-OS 6.8
Replies (1)
RE: PRELUDE // SNORT SENSOR - Added by Antoine LUONG almost 8 years ago
Hello,
You should follow the InstallingAgentThirdpartySnort wiki page (especially the last section).
Regards