DESCRIPTION
-----------

Prelude PFlogger is an OpenBSD PF sensor for Prelude-IDS (http://www.prelude-ids.org),
a distributed, hybrid IDS under the GPL license.

Prelude PFlogger simply listen on the pflog0 virtual network interface where PF redirect
logged packet, and send alerts to the Prelude Manager.
Prelude PFlogger does not need pflogd in order to work, and both Prelude PFlogger and pflogd
can run on same host.

Prelude PFlogger has been developped and tested on OpenBSD >= 3.2 (the last release is 3.4 at
the current time) on i386 plateform, however it should work on other plateform, if you use
Prelude PFlogger on other plateforms please send me a mail to delon.nicolas@wanadoo.fr so
that I can update this file.

REQUIREMENTS
-------------

Prelude PFlogger needs libpcap and openssl that are provided in the default OpenBSD install.
It also needs libprelude which is the base component of every Prelude-IDS programs and that you
can gather at http://www.prelude-ids.org.

BUGS
----

If you get a message like this:
"""
pid 12069: Fatal error '_waitq_insert: Already in queue' at line 280 in file /usr/src/lib/libc_r/uthread/uthread_priority_queue.c (errno = 4)
zsh: abort (core dumped)  prelude-pflogger
"""

when Prelude PFlogger exists, it is a known pthread OpenBSD bug, it typically happened with OpenBSD 3.2.
It is ok for OpenBSD 3.4 (I don't know for OpenBSD 3.3).

LICENSE
-------

Prelude PFlogger is under the GPL license, see the file COPYING.