Prelude-Correlator allows conducting multistream correlations thanks to a powerful programming language for writing correlation rules. With any type of alert able to be correlated, event analysis becomes simpler, quicker and more incisive. Reproducible: Always
Created attachment 260091 [details] prelude-correlator-1.0.0.ebuild I attached a working ebuild for prelude-correlator 1.0.0 Depends on python >=2.6 and >=libprelude-1.0.0 The prelude documentation mentions python>=2.4 is only needed, but the changelog mentions 2.6, so i made it 2.6 just in case.
Created attachment 260096 [details] prelude-correlator-1.0.0.ebuild Uploaded new ebuild with a small change: libprelude needs to be emerged with use flag 'easy-bindings' enabled, or prelude-correlator won't run. Added: RDEPEND="${DEPEND} >=dev-libs/libprelude-1.0.0[easy-bindings]"
(In reply to comment #2) > Created an attachment (id=260096) [details] > updated ebuild. > > Uploaded new ebuild with a small change: > libprelude needs to be emerged with use flag 'easy-bindings' enabled, or > prelude-correlator won't run. > > Added: > RDEPEND="${DEPEND} >=dev-libs/libprelude-1.0.0[easy-bindings]" > It looks useful. I'll commit this to my overlay (http://git.overlays.gentoo.org/gitweb/?p=dev/blueness.git;a=summary) and play with it. If I think its something the community can use, I'll proxy commit and maintain for you.
Created attachment 260428 [details] prelude-correlator.tar.bz2 Uploaded new ebuild with the following changes recommended by blueness: * Fixed bug where the -c option would be ignored by prelude-correlator (patch included in files/ * Added rdepend for prelude-manager * Added init script for prelude-correlator.
Can you close this ticket ? Prelude-Correlator 4.0 is in the portage tree