Brouette
event collector for prelude manager

Introduction

Brouette is a monitoring tool that capture events from prelude manager using the prelude connection pool event checker.
Its purpose is to help security managers and/or administrators to see in real time what's going on in their network. It is a desktop oriented application, which uses the notify library.

Installation

It requires a working prelude environment. You might get some help in the Prelude Handbook if nothing is installed.
Once you have prelude manager up and running, you have to register your sensor. It only needs read access rights.

On brouette side, register it using: 

prelude-adduser register "brouette" "idmef:r admin:r" 127.0.0.1 --uid desktop_user_uid --gid desktop_user_gid
If 127.0.0.1 is the address where your manager is listening. Replace desktop_user_uid and desktop_user_gid by your respective user and group id.

On your manager side, please run: 

prelude-adduser registration-server prelude-manager
if prelude-manager is the name of your manager.

For detailed informations about this procedure, please refer to the Registering a Sensor section in the Prelude Handbook.

Usage

Just run: 
brouette 127.0.0.1
If 127.0.0.1 is the address where your manager is listening.
You can now enjoy being disturbed by any alert event :-) Please tune your IDS for less annoying informations.