Hi Tomas, I am sure you will not get a biased response from here :) Anyway, I am not a prelude expert (or even an user*), but I don't think they have the amount of log analysis rules and correlations that we have on ossec. Also, their rules follow the old log analysis format of trying everything (instead of the tree design present on ossec, where the logs are properly decoded before analysis)...
Maybe Sebastien or other Prelude+OSSEC user can answer it better. *but I did look at their rules and their code for a bit, before replying :) Thanks, -- Daniel B. Cid dcid ( at ) ossec.net On 9/28/07, Tomas Olsson <[EMAIL PROTECTED]> wrote: > > Great! > > By the way: how differ OSSEC from the prelude-lml? > > /Tomas > > > Daniel Cid wrote: > > Hi Tomas, > > > > Sebastien Tricaud sent us a patch to add support for IDMEF on ossec, > > so it can communicate with Prelude. If you are interested in alpha > > versions, you can try it out at: > > > > http://www.ossec.net/files/snapshots/ossec-hids-070927.tar.gz > > > > *Just need to run the following before compiling: cd src; make > > setprelude; cd ..; > > > > Thanks, > > > > -- > > Daniel B. Cid > > dcid ( at ) ossec.net > > > > On 9/25/07, Tomas Olsson <[EMAIL PROTECTED]> wrote: > > > >> Hi, > >> > >> Has anybody done any work on converting OSSEC alerts into IDMEF > >> (http://www.rfc-editor.org/rfc/rfc4765.txt)? > >> > >> /Tomas > >> > >> > >> > >
