Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 340929 - net-analyzer/Prelude-Correlator - Prelude-IDS Correlation engine
Summary: net-analyzer/Prelude-Correlator - Prelude-IDS Correlation engine
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Linux
Classification: Unclassified
Component: New packages (show other bugs)
Hardware: All Linux
: High enhancement (vote)
Assignee: Default Assignee for New Packages
URL: http://www.prelude-technologies.com/e...
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2010-10-14 06:10 UTC by Krzysiek
Modified: 2018-01-26 23:37 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---


Attachments
prelude-correlator-1.0.0.ebuild (prelude-correlator-1.0.0.ebuild,790 bytes, text/plain)
2011-01-18 03:03 UTC, John Sennesael
Details
prelude-correlator-1.0.0.ebuild (prelude-correlator-1.0.0.ebuild,867 bytes, text/plain)
2011-01-18 03:57 UTC, John Sennesael
Details
prelude-correlator.tar.bz2 (prelude-correlator.tar.bz2,2.86 KB, application/x-bzip-compressed-tar)
2011-01-21 13:01 UTC, John Sennesael
Details

Note You need to log in before you can comment on or make changes to this bug.
Description Krzysiek 2010-10-14 06:10:00 UTC
Prelude-Correlator allows conducting multistream correlations thanks to a powerful programming language for writing correlation rules. With any type of alert able to be correlated, event analysis becomes simpler, quicker and more incisive.

Reproducible: Always
Comment 1 John Sennesael 2011-01-18 03:03:29 UTC
Created attachment 260091 [details]
prelude-correlator-1.0.0.ebuild

I attached a working ebuild for prelude-correlator 1.0.0
Depends on python >=2.6 and >=libprelude-1.0.0
The prelude documentation mentions python>=2.4 is only needed, but the changelog mentions 2.6, so i made it 2.6 just in case.
Comment 2 John Sennesael 2011-01-18 03:57:44 UTC
Created attachment 260096 [details]
prelude-correlator-1.0.0.ebuild

Uploaded new ebuild with a small change:
  libprelude needs to be emerged with use flag 'easy-bindings' enabled, or prelude-correlator won't run.

Added: 
RDEPEND="${DEPEND} >=dev-libs/libprelude-1.0.0[easy-bindings]"
Comment 3 Anthony Basile gentoo-dev 2011-01-20 21:41:38 UTC
(In reply to comment #2)
> Created an attachment (id=260096) [details]
> updated ebuild.
> 
> Uploaded new ebuild with a small change:
>   libprelude needs to be emerged with use flag 'easy-bindings' enabled, or
> prelude-correlator won't run.
> 
> Added: 
> RDEPEND="${DEPEND} >=dev-libs/libprelude-1.0.0[easy-bindings]"
> 

It looks useful.  I'll commit this to my overlay (http://git.overlays.gentoo.org/gitweb/?p=dev/blueness.git;a=summary) and play with it.  If I think its something the community can use, I'll proxy commit and maintain for you.
Comment 4 John Sennesael 2011-01-21 13:01:00 UTC
Created attachment 260428 [details]
prelude-correlator.tar.bz2

Uploaded new ebuild with the following changes recommended by blueness:

* Fixed bug where the -c option would be ignored by prelude-correlator (patch included in files/
* Added rdepend for prelude-manager
* Added init script for prelude-correlator.
Comment 5 Thomas ANDREJAK 2018-01-26 22:02:50 UTC
Can you close this ticket ? Prelude-Correlator 4.0 is in the portage tree