############################################## # Configuration for the Prelude LML Sensor # ############################################## [Prelude LML] # Address where the Prelude Manager Server is listening on. # if value is "127.0.0.1", the connection will occur throught # an UNIX socket. # # This entry is disabled. The default is to use the entry # located in sensors-default.conf... You may overwrite the # default address for this sensor by uncommenting this entry. # manager-addr = 192.168.0.2; # Configuration for the UDP message receiver. # commented out by default since most people only want to # monitor files. # # [Udp-Srvr] # # port = 514 # addr = 0.0.0.0 # # Files to monitor # file = /var/log/auth.log file = /var/log/messages #################################### # Here start plugins configuration # #################################### [SimpleMod] ruleset=/usr/local/etc/prelude-lml/ruleset/simple.rules; # [Debug] # # This plugin issue an alert for each packet. # Carefull to the loging activity it generate.