check_prelude

[LittleYu]

It says that check_prelude gets the events logged by prelude to a MySQL database but I don't really understand how to configure it and how it might be used for security. As in I'm actually making my own rules to detect intrusion with Suricata but I'd like to implement that on nagios (as in nagios gets the alerts and show them) and I'm wondering if check_prelude would be able to do that?

[lmiltchev]

This is a 3rd party plugin (not one of our official plugins), and we are not familiar with it. We can try to help you, but we cannot guarantee that the plugin will work (well) with Nagios XI.

Here's the plugin's usage:

Code: Select all

[root@main-nagios-xi libexec]# ./check_prelude.pl --help

check_prelude.pl v1.0 by Andre Lammel <[email protected]

check_prelude.pl - check for prelude events in an MySQL Database
                   as used my libpreludedb.

The program counts messages with severities medium and high.
It then produces a WARNING or an CRITICAL based on the limits given

Usage: check_prelude.pl <severity high max events> <severity medium max events>
       check_prelude.pl --help gives this help

Too many events with severity high   produce a CRITICAL
Too many events with severity medium produce a WARNING
All other results produce a OK

You can test the plugin from the command line on your system to make sure it works, and create a new command, and a service in Nagios XI by following the document below:

https://assets.nagios.com/downloads/nag ... ios-XI.pdf

If you had a specific question about the plugin, you would need to contact the plugin's owner.

If you need help with creating the command or the service in Nagios XI, please let us know. We can assist you with that.