How To Install prelude-lml on Rocky Linux 8

In this tutorial we learn how to install prelude-lml on Rocky Linux 8. prelude-lml is Log analyzer sensor with IDMEF output

Introduction

In this tutorial we learn how to install prelude-lml on Rocky Linux 8.

What is `prelude-lml`

The Prelude Log Monitoring Lackey (LML) is the host-based sensor program part of the Prelude SIEM suite. It can act as a centralized log collector for local or remote systems, or as a simple log analyzer (such as swatch). It can run as a network server listening on a syslog port or analyze log files. It supports log files in the BSD syslog format and is able to analyze any log file by using the PCRE library. It can apply log file specific analysis through plugins such as PAX. It can send an alert to the Prelude Manager when a suspicious log entry is detected.

We can use yum or dnf to install prelude-lml on Rocky Linux 8. In this tutorial we discuss both methods but you only need to choose one of method to install prelude-lml.

Install prelude-lml on Rocky Linux 8 Using dnf

Update yum database with dnf using the following command.

sudo dnf makecache --refresh

After updating yum database, We can install prelude-lml using dnf by running the following command:

sudo dnf -y install prelude-lml

Install prelude-lml on Rocky Linux 8 Using yum

Update yum database with yum using the following command.

sudo yum makecache --refresh

After updating yum database, We can install prelude-lml using yum by running the following command:

sudo yum -y install prelude-lml

How To Uninstall prelude-lml on Rocky Linux 8

To uninstall only the prelude-lml package we can use the following command:

sudo dnf remove prelude-lml

prelude-lml Package Contents on Rocky Linux 8

/etc/prelude-lml
/etc/prelude-lml/plugins.rules
/etc/prelude-lml/prelude-lml.conf
/run/prelude-lml
/usr/lib/.build-id
/usr/lib/.build-id/03
/usr/lib/.build-id/03/ee9f1373f3df508d68d47aaf0e53464946d37c
/usr/lib/.build-id/1f
/usr/lib/.build-id/1f/1cf406f63a76b3f40696cf534604e2db0cda2e
/usr/lib/.build-id/44
/usr/lib/.build-id/44/2827591a1879cd2edbccc0047f1e395f99682b
/usr/lib/systemd/system/prelude-lml.service
/usr/lib/tmpfiles.d/prelude-lml.conf
/usr/lib64/prelude-lml
/usr/lib64/prelude-lml/debug.so
/usr/lib64/prelude-lml/pcre.so
/usr/sbin/prelude-lml
/usr/share/doc/prelude-lml
/usr/share/doc/prelude-lml/README
/usr/share/licenses/prelude-lml
/usr/share/licenses/prelude-lml/COPYING
/usr/share/licenses/prelude-lml/HACKING.README
/var/lib/prelude-lml

References

prelude-lml website

Summary

In this tutorial we learn how to install prelude-lml on Rocky Linux 8 using yum and dnf.