Prelude Library (http://www.prelude-ids.com)
The Prelude Library is brought to you by PreludeIDS Technologies (http://www.prelude-ids.com).


Prelude Library Overview
========================

The Prelude Library is used to make sensor developers' life better by 
providing features used by every sensor:

    - Manager(s) Connection management (with fallback in case all 
      configured Managers are down, and automatic reconnection).
    
    - Interface to communicate with the Prelude Manager.
    
    - Asynchronous Message interface (allowing sensor to emmit message 
      without blocking, even if there is latency on the wire).

    - Asynchronous timer interface.

    - Generic configuration API, providing a generic abstraction for 
      command-line, configuration file option, and wide option support.

    - Wide option managment allowing sensor-exported options to be directly 
      accessible from the Manager administrative console.

    - Generic plugin API.




Prelude Communication
=====================

    Prelude IDS uses unique optimized implementation of the XML based IDMEF 
    message format to transmit alerts between the sensors and the manager 
    and between managers.
    
    Using IDMEF, Prelude provides a generic method for virtually any type 
    of sensors to describe precisely the content of an alert.



IRC
===

If there's something you just can't find out elsewhere, you want to 
give feedback directly to the authors or you're just bored, visit 
#prelude on irc.freenode.net



Get Support
===========


Prelude-user mailing list archives can be accessed at:
	http://lists.prelude-ids.org


Commercial Support is available through the PreludeIDS Technologies company:
	http://www.prelude-ids.com, [email protected]



Help development
================

1. SUBMITTING PATCHES

The Prelude source is constantly changing. If you want to submit a patch,
please do so from the most recent CVS source tree, subscribe to the 
prelude-devel mailing list by sending a mail to:

        [email protected]

and post your patch with a description of functionality.
You can also attach patches to bugs on 

        http://trac.prelude-ids.org


2. BUGS

If you find any bugs, please report them to:

	http://trac.prelude-ids.org

Please make sure that what you're reporting is actually a BUG and not
a problem on your side.


3. SUGGESTIONS

Subscribe to prelude-devel and give us your suggestions.



How to install the Prelude Library
==================================


1. Prelude Library installation

If you don't want to build the Prelude Library yourself, you can get 
prebuild rpm and debian packages at http://www.prelude-ids.org.

If you want to build Prelude, unpack the tarball and cd into the
newly created directory. Then type :

	./configure
	make
	
If everything works, su to root and type:

	make install



2. Generic sensor installation

First, all sensors get some generic configuration files, installed in:
 - $prefix/etc/prelude/default/idmef-client.conf [specific to sensor]
 - $prefix/etc/prelude/default/global.conf [used by sensor and manager]

Theses file contains entry that *may* be shared between several sensor.
If a sensor provides the same entry in it's own configuration file,
then the sensor will by default use it's own entry.

Example of a shared entry (in the default provided generic sensor 
configuration file) is :

server-addr = 127.0.0.1:4690 || x.x.x.x;

Which tells the sensor to try to connect to both 127.0.0.1:4690 
and x.x.x.x:4690. If both connections work, only the first will be used,
but the contrary would happen if you were to use : 

server-addr = 127.0.0.1:4690 && x.x.x.x;

Which mean that both connections should be okay for a sensor message to
be considered to be successfully sent.


When linked against the Prelude Library, the sensors should be registered 
in order to setup the sensor for the first time.

If you start a sensor without registering it, it'll print out a message
like :


"
Basic file configuration does not exist. Please run :
prelude-adduser register prelude-lml "idmef:w admin:r" <manager address>
program on the analyzer host to setup this analyzer.
"


Starting this program with the sensor provided arguments will start
the registration procedure for this sensor.


The prelude-adduser program will ask you to start the prelude-adduser program 
on the Manager host:

" 
  You now need to start "prelude-adduser" on the server host where
  you need to register to:

  use: "prelude-admin registration-server <analyzer-name>"
"

"analyzer-name" should be substituted by the name of your Manager
(prelude-manager is the default, unless you provided a customized 
analyzer-name option on the prelude-manager command line, or in it's
configuration file).

The manager host prelude-adduser program will provide you a randomly 
generated password to be used when sensor side prelude-adduser request it.

The prelude-adduser program will then ask you several question, and it will
connect to the manager-adduser program. If authentication is okay, the sensors 
and the Manager will be able to exchange their certificates.