<html> <head> <title>Brouette - Event collector for prelude manager</title> </head> <body> <div align="center"> <h1>Brouette<br/>event collector for prelude manager</h1> </div> <h2>Introduction</h2> <table> <tr> <td> <img src="brouette-in-action.png"> </td> <td> <b>Brouette</b> is a monitoring tool that capture events from prelude manager using the <a href="https://trac.prelude-ids.org/trac/libprelude/libprelude-prelude-connection-pool.html#prelude-connection-pool-check-event">prelude connection pool event checker</a>.<br/> Its purpose is to help security managers and/or administrators to see in real time what's going on in their network. It is a desktop oriented application, which uses the <a href="http://www.galago-project.org">notify library</a>. </td> </tr> </table> <h2>Installation</h2> It requires a working prelude environment. You might get some help in the <a href="https://trac.prelude-ids.org/wiki/PreludeHandbook">Prelude Handbook</a> if nothing is installed.<br/> Once you have prelude manager up and running, you have to register your sensor. It only needs read access rights.<br/> <p> On brouette side, register it using: <pre> prelude-adduser register "brouette" "idmef:r admin:r" 127.0.0.1 --uid desktop_user_uid --gid desktop_user_gid </pre> If <b>127.0.0.1</b> is the address where your manager is listening. Replace <b>desktop_user_uid</b> and <b>desktop_user_gid</b> by your respective user and group id.<br/> </p> <p> On your manager side, please run: <pre> prelude-adduser registration-server prelude-manager </pre> if <b>prelude-manager</b> is the name of your manager.<br/> </p> For detailed informations about this procedure, please refer to the <a href="https://trac.prelude-ids.org/wiki/RegisteringASensor">Registering a Sensor</a> section in the Prelude Handbook. <h2>Usage</h2> Just run: <pre> brouette 127.0.0.1 </pre> If <b>127.0.0.1</b> is the address where your manager is listening.<br/> You can now enjoy being disturbed by any alert event :-) Please tune your IDS for less annoying informations. </body> </html>