From 2702130b0613e11803abf50d5fbd4753db06b5a4 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Pavel=20K=C3=A1cha?= <ph@cesnet.cz>
Date: Tue, 13 Jun 2017 15:59:27 +0200
Subject: [PATCH] Added README

---
 warden3/contrib/connectors/hp-labrea/README | 67 +++++++++++++++++++++
 1 file changed, 67 insertions(+)
 create mode 100644 warden3/contrib/connectors/hp-labrea/README

diff --git a/warden3/contrib/connectors/hp-labrea/README b/warden3/contrib/connectors/hp-labrea/README
new file mode 100644
index 0000000..6c8be9c
--- /dev/null
+++ b/warden3/contrib/connectors/hp-labrea/README
@@ -0,0 +1,67 @@
+Warden LaBrea connector 0.1 for Warden 3.X
+==========================================
+
+Introduction
+------------
+
+labrea-idea.py is a daemon, meant for continuous watching of LaBrea log files
+and generation of Idea_ format of corresponding security events. It is
+usually run in correspondence with warden_filer daemon, which picks the
+resulting events up and feeds them to the Warden_ server. Connector supports
+sliding window aggregation, so sets of connections with the same source are
+reported as one event (within aggregation window).
+
+
+Dependencies
+------------
+
+ 1. Platform
+
+    Python 2.7+
+
+ 2. Python packages
+
+    warden_filer 3.0+ (recommended)
+
+
+Usage
+-----
+
+        ./labrea-idea.py [options] logfile ...
+
+        Options:
+          -h, --help            show this help message and exit
+          -w WINDOW, --window=WINDOW
+                                max detection window (default: 900)
+          -t TIMEOUT, --timeout=TIMEOUT
+                                detection timeout (default: 300)
+          -n NAME, --name=NAME  Warden client name
+          --test                Add Test category
+          -o, --oneshot         process files and quit (do not daemonize)
+          --poll=POLL           log file polling interval
+          -d DIR, --dir=DIR     Target directory (mandatory)
+          -p PID, --pid=PID     create PID file with this name (default: /var/run
+                                /labrea-idea.pid)
+          -u UID, --uid=UID     user id to run under
+          -g GID, --gid=GID     group id to run under
+          -v, --verbose         turn on debug logging
+          --log=LOG             syslog facility or log file name (default: local7)
+          --realtime            use system time along with log timestamps (default)
+          --norealtime          don't system time, use solely log timestamps
+
+
+Configuration
+-------------
+
+However, the daemon is usually run by init script (example one is a part of
+the distribution, along with sample logrotate definition). Options then can
+be configured by /etc/sysconfig/labrea-idea or /etc/defaults/labrea-idea,
+depending on your distribution custom, where at least PARAMS variable has
+to be specified (for others, see the init script).
+    
+.. _Warden: https://warden.cesnet.cz/
+.. _Idea: https://idea.cesnet.cz/
+
+------------------------------------------------------------------------------
+
+Copyright (C) 2017 Cesnet z.s.p.o
-- 
GitLab