Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 340929

Summary: net-analyzer/Prelude-Correlator - Prelude-IDS Correlation engine
Product: Gentoo Linux Reporter: Krzysiek <krzysztof>
Component: New packagesAssignee: Default Assignee for New Packages <maintainer-wanted>
Status: RESOLVED FIXED    
Severity: enhancement CC: blueness, netmon
Priority: High    
Version: unspecified   
Hardware: All   
OS: Linux   
URL: http://www.prelude-technologies.com/en/solutions/correlation-engine/index.html
Whiteboard:
Package list:
Runtime testing required: ---
Attachments: prelude-correlator-1.0.0.ebuild
prelude-correlator-1.0.0.ebuild
prelude-correlator.tar.bz2

Description Krzysiek 2010-10-14 06:10:00 UTC 
Prelude-Correlator allows conducting multistream correlations thanks to a powerful programming language for writing correlation rules. With any type of alert able to be correlated, event analysis becomes simpler, quicker and more incisive.

Reproducible: Always
Comment 1 John Sennesael 2011-01-18 03:03:29 UTC 
Created attachment 260091 [details]
prelude-correlator-1.0.0.ebuild

I attached a working ebuild for prelude-correlator 1.0.0
Depends on python >=2.6 and >=libprelude-1.0.0
The prelude documentation mentions python>=2.4 is only needed, but the changelog mentions 2.6, so i made it 2.6 just in case.
Comment 2 John Sennesael 2011-01-18 03:57:44 UTC 
Created attachment 260096 [details]
prelude-correlator-1.0.0.ebuild

Uploaded new ebuild with a small change:
  libprelude needs to be emerged with use flag 'easy-bindings' enabled, or prelude-correlator won't run.

Added: 
RDEPEND="${DEPEND} >=dev-libs/libprelude-1.0.0[easy-bindings]"
Comment 3 Anthony Basile gentoo-dev 2011-01-20 21:41:38 UTC 
(In reply to comment #2)
> Created an attachment (id=260096) [details]
> updated ebuild.
> 
> Uploaded new ebuild with a small change:
>   libprelude needs to be emerged with use flag 'easy-bindings' enabled, or
> prelude-correlator won't run.
> 
> Added: 
> RDEPEND="${DEPEND} >=dev-libs/libprelude-1.0.0[easy-bindings]"
> 

It looks useful.  I'll commit this to my overlay (http://git.overlays.gentoo.org/gitweb/?p=dev/blueness.git;a=summary) and play with it.  If I think its something the community can use, I'll proxy commit and maintain for you.
Comment 4 John Sennesael 2011-01-21 13:01:00 UTC 
Created attachment 260428 [details]
prelude-correlator.tar.bz2

Uploaded new ebuild with the following changes recommended by blueness:

* Fixed bug where the -c option would be ignored by prelude-correlator (patch included in files/
* Added rdepend for prelude-manager
* Added init script for prelude-correlator.
Comment 5 Thomas ANDREJAK 2018-01-26 22:02:50 UTC 
Can you close this ticket ? Prelude-Correlator 4.0 is in the portage tree