Prelude-LML is a signature based log analyzer monitoring your logfile and received syslog messages for suspicious activity. It handle events generated by a large set of components, including but not limited to: APC Emu, BigIP, Cisco PIX, Clamav, Dell-OM, Grsecurity, Honeyd, ipchains, Netfilter, ipfw, Nokia ipso, Apache ModSecurity, Ms-SQL, Nagios, Norton Antivirus Corporate Edition, NTsyslog, Pam, Portsentry, Postfix, Proftpd, ssh, etc.
Prelude-LML was written in order to easily integrate third party product, most particularly product that can't be modified directly to use the Prelude library.
Author: Yoann Vandoorselaere <yoann [at] prelude-ids [dot] org>
Author: The prelude-IDS Project <http://www [dot] prelude-ids [dot] org>
Maintainer: The T2 Project <t2 [at] t2-project [dot] org>
Build time (on reference hardware): 20% (relative to binutils)2
Installed size (on reference hardware): 0.55 MB, 77 files
Dependencies (build time detected): bash binutils bzip2 coreutils diffutils fam file findutils flex gawk gcc glibc gnutls grep libgcrypt libgpg-error libprelude libtasn1 linux-header m4 make mktemp net-tools pcre sed sysfiles tar util-linux zlib
Installed files (on reference hardware): n.a.
2) Compatible with Linux From Scratch's "Standard Build Unit" (SBU).