Armadito-Prelude
================

PREREQUISITES

Firstly, you need to build libprelude and set up a prelude SIEM server.
Note that Armadito Prelude in perl needs both having libprelude.so in LD_LIBRARY_PATH and lib prelude Perl libs in @INC (Prelude.so and Prelude.pm).
Also at execution, these requirements must be met, including for a complete 'make test'. You can see and example in run.sh.

Prelude SIEM registration example :

~/prelude/install/bin/prelude-admin register "armadito-prelude" "idmef:w" 192.168.56.101 --uid 1000 --gid 1000

USAGE

Once requirements are met, you can use it as you wish.
Using crontab might be one of the best solution if you want to configure the frequency of alerts uploads to prelude SIEM.
Also, setting a maximum alerts count by execution allows you to control the flow of alerts processed (--max option).

Example :

Send up to 10 alerts from Armadito Antivirus on-access protection each minute :

* * * * * ~/prelude/install/bin/armadito-prelude -i ~/armadito/git/armadito-av/build/linux/out/install/armadito-av/var/spool/armadito/ --max 10

INSTALLATION

To install this module type the following:

   perl Makefile.PL INSTALL_BASE=~/install_path_of_libprelude
   make
   make test
   make install

DEPENDENCIES

This module requires these other modules and libraries:

UNIVERSAL::require inc::Module::Install XML::Bare

Ubuntu :
 libuniversal-require-perl libmodule-install-perl libxml-bare-perl

COPYRIGHT

Copyright (C) 2006-2010 OCS Inventory contributors
Copyright (C) 2010-2012 FusionInventory Team
Copyright (C) 2016 by Teclib'

LICENSE

Licensed under GPLv3+. 
