Ausführliche Beschreibung | Prelude is a Universal "Security Information Management" (SIM) system.
Its goals are performance and modularity. It is divided in two main
parts :
- the Prelude sensors, responsible for generating alerts, such as
snort sensor, featuring a signature engine, plugins for
protocol analysis, and intrusion detection plugins, and the Prelude
log monitoring lackey.
- the Prelude report server, collecting data from Prelude sensors,
and generating user-readable reports.
.
Prelude-LML is a signature based log analyzer monitoring logfile and
received syslog messages for suspicious activity. It handle events
generated by a large set of components, including but not limited to:
Apache, BigIP, Grsecurity, Honeyd, ipchains, Netfilter, ipfw, Nagios,
NTsyslog, NuFW, PAM, Portsentry, Postfix, Proftpd, ssh, etc.
|