security/prelude, the Hybrid IDS framework

Contributed by mbalmer on 2006-07-06 from the 2ids||!2ids dept.

security/prelude has been imported to our ports tree:

Prelude is an opensource Hybrid IDS framework, which is able to use different sensors like snort or nepenthes, log files from hostapd etc. Some flavors are also available for libpreludedb, in order to work either with PostgreSQL, MySQL or SQLite DBMS.

net/snort got also a flavor in order to be built with prelude support, and net/nepenthes will probably follow.

See http://www.prelude-ids.org/ for details on prelude.

(Comments are closed)

Comments

By Anonymous Coward (217.12.147.5) on 2006-07-06 16:26

this journal becomes more and more offtopic... :)
Comments
1. By Anonymous Coward (204.108.8.5) on 2006-07-06 16:44
  
  > this journal becomes more and more offtopic... :)
  
  Submit something you see are more "on topic" than ports information.
  Comments
  1. By dingo (69.246.68.23) on 2006-07-06 17:18
    
    > > this journal becomes more and more offtopic... :)
    >
    > Submit something you see are more "on topic" than ports information.
    
    hifn article anyone? I never saw a company rep post to a OpenBSD mailing list trying to defend their position on closed documentation before. How is that not news worthy? Theo's response clearly represented OpenBSD's goals. This is something I would want non-openbsd users or non-subscribers to read.
    
    Why wern't the heated misc@ or tech@ discussions of late posted? Don't tell me because I didn't submit, why would I need to? I would just copy and paste... but I will if thats what it takes.
    
    I'd rather see no posts than ports. What is this, freshmeat.net now?
    
    Comments
    
    By Anonymous Coward (213.119.198.211) on 2006-07-06 17:31
    
    > > > this journal becomes more and more offtopic... :)
    > >
    > > Submit something you see are more "on topic" than ports information.
    >
    > hifn article anyone? I never saw a company rep post to a OpenBSD mailing list trying to defend their position on closed documentation before. How is that not news worthy? Theo's response clearly represented OpenBSD's goals. This is something I would want non-openbsd users or non-subscribers to read.
    >
    > Why wern't the heated misc@ or tech@ discussions of late posted? Don't tell me because I didn't submit, why would I need to? I would just copy and paste... but I will if thats what it takes.
    >
    > I'd rather see no posts than ports. What is this, freshmeat.net now?
    
    there are people (like me) that like this kind of posts
    ps: What is this, a mailinglist mirror now? ;-)
    
    Comments
    
    By dingo (69.246.68.23) on 2006-07-06 17:58
    
    > > Why wern't the heated misc@ or tech@ discussions of late posted? Don't tell me because I didn't submit, why would I need to? I would just copy and paste... but I will if thats what it takes.
    >
    > there are people (like me) that like this kind of posts
    > ps: What is this, a mailinglist mirror now? ;-)
    
    I guess so. This port was posted to ports@ June 6.
    
    Comments
    
    By Anonymous Coward (204.108.8.5) on 2006-07-06 18:51
    
    >
    > I guess so. This port was posted to ports@ June 6.
    
    And it was committed on the 26th. So? This is a community driven site, to see something it has to be submitted. Apparently the people submitting want to see ports information. ;)
2. By nico (66.183.177.86) on 2006-07-07 17:23
  
  > this journal becomes more and more offtopic... :)
  
  I disagree. This is exactly the kind of stuff that I come to the OpenBSD Journal for. I don't want to read freshmeat and whatever other sites, wading through every high-school linux user's latest re-invention of some wheel using the latest kewl programming language. This news is OpenBSD-specific; where else can I get that kind of focus on my favourite OS and its various tools and applications?
  
  The ports announcements on the OpenBSD Journal tell me two things:
  1) the kind of stuff I can use OpenBSD for at work as well as to self-educate, and
  2) the kind of stuff that I didn't even know was out there, but it's really great that I found out.
  
  I vote for keeping them coming. Same with the developer blogs. It's a lot less time spent than wading through the various OpenBSD mailing lists, and there's often a more thorough description of the software.
  Comments
  1. By renzo (81.171.23.52) on 2006-07-08 08:36
    
    > I vote for keeping them coming. Same with the developer blogs. It's a lot less time spent than wading through the various OpenBSD mailing lists, and there's often a more thorough description of the software.
    >
    
    Me to.
    The only thing I want to comment is to put ports posts on a separate page or some option to show only the kind of posts you are interested in. But i am not the one pulling the strings around here. :)
By Anonymous Coward (195.238.139.50) on 2006-07-06 17:31

Is snort already patched to work with prelude?
Comments
1. By jasper (80.60.145.215) on 2006-07-06 20:22 http://humppa.nl
  > Is snort already patched to work with prelude?
  Jep, a flavor has been added:
  - add a "prelude" flavor, snort can be used as a sensor by prelude. >/pre>
By cellx (216.201.130.149) on 2006-07-06 21:28

Is there any plans on getting divert ability into the PF. IPFW on freeBSD can do this already to work with Snort inline mode.

anything on the roadmap?
w00f
cellx
By Anonymous Coward (61.73.87.71) on 2006-07-07 02:36

and missed a hifn news..
Comments
1. By Anonymous Coward (69.70.207.240) on 2006-07-07 18:27
  
  > and missed a hifn news..
  >
  >
  What news? New news?
By Whiners (203.58.120.11) djm@ on 2006-07-07 04:51

All you people who are whining about mbalmer@'s posts, please either submit your own stories for things that interest you, start your own OpenBSD interest site or go away.
Comments
1. By Anonymous Coward (61.73.87.71) on 2006-07-07 07:18
  
  > All you people who are whining about mbalmer@'s posts, please either
  >submit your own stories for things that interest you, start your own ?>OpenBSD interest site or go away.
  
  Marc Balmer ignored a users submit stories.
  
  people submit a stories, but mbaler posted a only ports stories.
  also, when, users posted a comment about this situation, he deleted a comment.
  
  would you find a other user's recent submit stories on undeadly.org ?
  
  do not exist.
  
  just, you can find a 'posted by mbalmer@'
  
  why he continue post a port story on undeadly.org?
  
  why?
  
  undeadly.org is for only openbsd developer site? right?
  
  no, no, no
  Comments
  1. By Anonymous Coward (61.73.87.71) on 2006-07-07 08:09
    
    please delete a my comment.
    
    i gonna away.
    
    sorry my rude word
    
    Comments
    
    By Janne Johansson (130.237.95.193) jj@inet6.se on 2006-07-07 10:42
    
    > please delete a my comment.
    > i gonna away.
    > sorry my rude word
    
    Nah, stick around, whine, make sure no news gets posted at all.
    
    You (in plural) already made the ports items go away. Just a little bit
    more and we'll kill all news for good.
    
    Then we can wait a couple of weeks and then start ranting on misc@ on why there is no news outlet and start whining about that.
    
    How hard could it have been to just ignore the 1-ports-newsitem-a-day?
    Really.
    
    Comments
    
    By wob (12.109.229.8) wob@bonch.org on 2006-07-07 15:57
    
    > > please delete a my comment.
    > > i gonna away.
    > > sorry my rude word
    >
    > Nah, stick around, whine, make sure no news gets posted at all.
    >
    > You (in plural) already made the ports items go away. Just a little bit
    > more and we'll kill all news for good.
    >
    > Then we can wait a couple of weeks and then start ranting on misc@ on why there is no news outlet and start whining about that.
    >
    > How hard could it have been to just ignore the 1-ports-newsitem-a-day?
    > Really.
    >
    
    That's what I don't get. It's not like this site is completely flooded with news stories that one more about ports is going to overload someones reading.
    
    If you don't like it, don't read it. If you don't think there's enough, send more content. It's that simple.
2. By Venture37 (217.22.88.123) venture37 AT hotmail DOT com on 2006-07-08 04:30 www.geeklan.co.uk
  
  > All you people who are whining about mbalmer@'s posts, please either submit your own stories for things that interest you, start your own OpenBSD interest site or go away.
  
  yeah, right.
  So, you submit a update on a previously published story regarding a piece of software which now runs on OpenBSD (ok, its not part of the ports tree)
  & that gets published & deleted.
  
  http://swik.net/OpenBSD/OpenBSD+Journal+Feed/Darwin+Streaming+Server+on+OpenBSD+Update/d5b6
  
  http://undeadly.org/cgi?action=article&sid=20060526024550&mode=expanded
  
  & anyway, why post the ports info here when there is a ports-changes@ mailing list?!
  Comments
  1. By Anonymous Coward (64.81.82.25) on 2006-07-08 05:09
    
    > > All you people who are whining about mbalmer@'s posts, please either submit your own stories for things that interest you, start your own OpenBSD interest site or go away.
    >
    > yeah, right.
    > So, you submit a update on a previously published story regarding a piece of software which now runs on OpenBSD (ok, its not part of the ports tree)
    > & that gets published & deleted.
    >
    > http://swik.net/OpenBSD/OpenBSD+Journal+Feed/Darwin+Streaming+Server+on+OpenBSD+Update/d5b6
    >
    > http://undeadly.org/cgi?action=article&sid=20060526024550&mode=expanded
    >
    > & anyway, why post the ports info here when there is a ports-changes@ mailing list?!
    
    What's it hurting? If you don't like it, don't read it.
    
    Like somebody mentioned, there's not 100's of posts per day like on a mailing list. And while M Balmer's posts on misc@ are usually overly abrasive, I think he does a great job on here posting things of interest to people other than yourself.
By DS (68.104.220.48) on 2006-07-08 09:08

This is great news. Snort is a fine NIDS, but Prelude has a good thing cooking with their hybrid approach and support for multiple, disperate sensors. prelude-lml is a good niche to fill and I'm glad to see a port available for my favorite OS now (as well as the new snort flavor for integration.)

To the whiners bitching about the ports postings, come off it. It's as pertinent of news as anything. The developer blogs have been bloody fascinating and people bitched about those at first. You really can't make some people happy.

mbalmer: keep it up, you're still in this-news-is-good-news mode. Glad to see coverage of the ports tree.

Latest Articles

Wed, Apr 17
- 05:33 In -current, default write format for tar(1) changed to "pax" (7)
Wed, Apr 10
- 18:50 OpenSMTPD 7.5.0p0 Released (2)
Tue, Apr 09
- 04:49 20 years since "and we're just starting": undeadly.org turns 20 (2024-04-09) (13)
Fri, Apr 05
- 06:16 OpenBSD 7.5 released (2)
Thu, Mar 28
- 18:18 LibreSSL 3.8.4 and 3.9.1 released (0)
Tue, Mar 12
- 06:53 OpenSSH 9.7/9.7p1 released! (0)
Mon, Mar 11
- 11:28 Game of Trees 0.97 released (0)
Sun, Mar 10
- 09:06 LibreSSL versions 3.8.3 and 3.9.0 released (0)
Fri, Mar 08
- 06:46 OpenBGPD 8.4 released (0)

Credits

Copyright © 2004-2008 Daniel Hartmeier. All rights reserved. Articles and comments are copyright their respective authors, submission implies license to publish on this web site. Contents of the archive prior to April 2nd 2004 as well as images and HTML templates were copied from the fabulous original deadly.org with Jose's and Jim's kind permission. This journal runs as CGI with httpd(8) on OpenBSD, the source code is BSD licensed. undeadly \Un*dead"ly\, a. Not subject to death; immortal. [Obs.]