I use CentOS 6.7. I installed packages with yum install.
So I had no errors during installation.

Regards

You should then install the prelude-manager-smtp-plugin package from the repository.

Ok i installed this plugin and i have not the message that was displayed when I rebooted prelude-manager (cf host1.png).
Everything seems Ok but after a few secondes prelude-manager, prelude-lml and prelude-correlator will be down . And when i commented the smtp section, it will be ok. You can see my smtp configuration:

[smtp]
sender = admin@xxxxx.fr
smtp-server = smtp.xxxxx.fr
subject = Alert: $alert.classification.text
template = /etc/prelude-manager/smtp-template/mail.template1

dbtype = mysql
dbname = xxxxxx
dbuser = xxxxxx
dbpass = xxxxxx
dbhost = localhost

correlated-alert-template = /etc/prelude-manager/smtp-template/mail.template1

You seem to have forgotten the recipients configuration parameter.

I configured the recipients parameter but I always have the same.

[smtp]
sender = admin@xxxxx.fr
recipients = recep@gmail.com
smtp-server = smtp.xxxxx.fr
subject = Alert: $alert.classification.text
template = /etc/prelude-manager/smtp-template/mail.template1

dbtype = mysql
dbname = xxxxxx
dbuser = xxxxxx
dbpass = xxxxxx
dbhost = localhost

Please stop the prelude-manager service and post the output of the command 'prelude-manager --debug'.

Are you sure you uncommented the [smtp] section in the configuration file?

Sorry I thought it was already done. So now i uncommented this and i have

01 Oct 13:25:45 (process:6258) INFO: Subscribing Normalize to active decoding plugins.
01 Oct 13:25:45 (process:6258) INFO: server started (listening on 127.0.0.1 port 4690).
01 Oct 13:25:45 (process:6258) INFO: Subscribing db[default] to active reporting plugins.
01 Oct 13:25:45 (process:6258) INFO: SMTP: connection to smtp-xxxx.fr succeeded.
01 Oct 13:25:45 (process:6258) INFO: Subscribing SMTP[test] to active reporting plugins.
01 Oct 13:25:45 (process:6258) INFO: Subscribing Debug[default] to active reporting plugins.
version: <empty>
heartbeat:
analyzer(0):
analyzerid: 2999950199843006
name: prelude-manager
manufacturer: http://www.prelude-ids.com
model: Prelude Manager
version: 1.2.6
class: Concentrator
ostype: Linux
osversion: 2.6.32-573.7.1.el6.x86_64
node:
category: unknown (0)
location: Le Mans
name: My IDS Snort
address(0):
category: ipv4-addr (7)
address: 127.0.0.1
process:
name: prelude-manager
pid: 6258
path: /usr/bin/prelude-manager
create_time: 01/10/2015 13:25:45.258706 +02:00
heartbeat_interval: 600
additional_data(0):
meaning: Analyzer status
type: string (0)
data: starting
additional_data(1):
meaning: Analyzer SHA1
type: string (0)
data: 6aecc7d9304249a1d45d15c53e90b9856bf5d98a

So it seems to be working... For further configuration-related questions please use the forum User.

it seems to work but it not working because after starting prelude-manager, it will be out of service.
Ok no problem, i will use the forum user for further questions.

Are you saying the manager in debug mode stopped working immediately after the output #625-11?

I meant that when i uncommente the [smtp] section in the configuration file and i start prelude-manager,
it seems to work. But after a few secondes it will be down.

Now everything works good. I get an email when there are a brute force attack. but in every 10 minutes,
I am obliged to restart the servers prelude-manager, prelude-lml and prelude-correlator.
What you thinks about??