http://bugzilla.opensuse.org/show_bug.cgi?id=1015000 Bug ID: 1015000 Summary: Prelude SIEM non-functional - Install has many problems Classification: openSUSE Product: openSUSE Distribution Version: Leap 42.2 Hardware: Other OS: All Status: NEW Severity: Critical Priority: P5 - None Component: Other Assignee: bnc-team-screening@forge.provo.novell.com Reporter: tonysu@su-networking.com QA Contact: qa-bugs@suse.de Found By: --- Blocker: --- Created attachment 705961 --> http://bugzilla.opensuse.org/attachment.cgi?id=705961&action=edit prelude-manager error even when using the default provided config I noticed a Web result says that Fedora has currently pulled Preclude SIEM until unspecified issues can be worked out. I'd recommend the same for SUSE/openSUSE unless someone can describe a working install and setup. Despite the packages in repository, it does look like someone has removed the SUSE documentation on the Preclude website. First, it should be noted that there is practically no documentation about this app. Since it seems to be a largely a collection of modules, it should probably be installed with a pattern(If a pattern is created, I would also suggest a startup/setup script that includes starting up and possibly enabling the systemd preclude services). But, using the old Fedora documentation on the Preclude website, it looks like the following should be installed if using MySQL as the database (PgSql and SQlite are supported alternatives and packages exist for those database connectors). zypper in libprelude libpreludedb prelude-manager prelude-lml prelude-correlator prewikka ibpreludedb-doc mariadb libpreludedb-mysql The recommended package preclude-notify does not exist in the 42.2 repo. The above installs three systemd services preclude-correlator.service preclude-manager.service preclude-lml.service Attempting to start the above services, preclude-correlator.service starts with no error. But, preclude-manager is messed up in a variety of ways. - On first attempt, journalctl -xe returns an error that the binary is pointing to a non-existent config file at /etc/prelude/default/global.conf So, I created the necessary directories and copied the file from the following to the above to satisfy that requirement /etc/prelude-manager/prelude-manager.conf But, even that fails with the error in the attachment (A segmentation fault) So, it seems that the 42.2 packages like Fedora are thoroughly broken, too bad for a very promising app. I suppose if I wanted to try harder, I can always try building from source... -- You are receiving this mail because: You are on the CC list for the bug.