I'm having issues when following this tutorial:
I've successfully installed the prelude manager, sensor-agent and web gui (prewikka). My prelude lml sensor is registered, events are populating and I'm able to query via the web gui, so everything is working as it should as far as prelude is concerned.
My problem is Snort. Specifically, I get error "FATAL ERROR: unknown output plugin: 'alert_prelude'" when starting snort. I did compile with the --enable-prelude option, and was originally getting this error:
*** The libprelude-config script installed by LIBPRELUDE could not be found
*** If LIBPRELUDE was installed in PREFIX, make sure PREFIX/bin is in
*** your path, or set the LIBPRELUDE_CONFIG environment variable to the
*** full path to libprelude-config.
I did an 'updatedb', then 'locate libprelude-config' after receiving this error and nothing was returned. I found that really odd because as I said before, prelude is 100% functional and you would think this would have been installed already.
Anyway, after googling around, I found that installing the following packages eliminate the above error:
'libprelude-dev' and 'libpreludedb-dev'
I thought I was in the clear, but I still get the FATAL ERROR: unknown output plugin: 'alert_prelude' when starting snort.
This is what is in my snort.conf:
output alert_prelude: profile=snort
I've tried uncommenting the top line too, but no luck.
I'm installing on Ubuntu 7.10-server and using the newest version of snort (18.104.22.168).
Any help would be appreciated.
Thanks in advance,