This section explains how to install Nepenthes, including Prelude support, from the tarball available from the main website. However, Nepenthes might be included with your distribution as a package and it would be easier to install it this way.
Get the sources¶
Prelude support is included in the vanilla Nepenthes distribution.
Download Nepenthes from http://nepenthes.mwcollect.org/download
Then, compile and install Nepenthes using the following:
$ ./configure --enable-prelude $ make # make install
In order to enable Nepenthes to communicate with Prelude-Manager, activate the following section in $prefix/etc/nepenthes/nepenthes.conf:
"logprelude.so", "log-prelude.conf", ""
You might change the default analyzer-name and analyzer profile by editing $prefix/etc/nepenthes/log-prelude.conf.
Registering Nepenthes profile¶
You now you need to create Nepenthes profile with a command like:
$ prelude-admin register nepenthes "idmef:w admin:r" <manager address> --uid X --gid X
and follow the instructions. If the registration is successful - you are ready to test your installation. Please check the Agents Registration Page for more details about sensors registration.
Before running Nepenthes, please make sure to read the General Configuration Page. It is very important for the server-addr parameters to be set to the Prelude-Manager address.
See the nepenthes manual pages and documentation for more options.