summaryrefslogtreecommitdiff
path: root/net-analyzer/prelude-lml
diff options
context:
space:
mode:
authorV3n3RiX <venerix@redcorelinux.org>2017-10-09 18:53:29 +0100
committerV3n3RiX <venerix@redcorelinux.org>2017-10-09 18:53:29 +0100
commit4f2d7949f03e1c198bc888f2d05f421d35c57e21 (patch)
treeba5f07bf3f9d22d82e54a462313f5d244036c768 /net-analyzer/prelude-lml
reinit the tree, so we can have metadata
Diffstat (limited to 'net-analyzer/prelude-lml')
-rw-r--r--net-analyzer/prelude-lml/Manifest15
-rw-r--r--net-analyzer/prelude-lml/files/prelude-lml-3.0.0-conf.patch22
-rw-r--r--net-analyzer/prelude-lml/files/prelude-lml-3.0.0-configure.patch35
-rw-r--r--net-analyzer/prelude-lml/files/prelude-lml-3.0.0-run.patch14
-rw-r--r--net-analyzer/prelude-lml/files/prelude-lml-3.1.0-run.patch14
-rw-r--r--net-analyzer/prelude-lml/files/prelude-lml.initd26
-rw-r--r--net-analyzer/prelude-lml/files/prelude-lml.run4
-rw-r--r--net-analyzer/prelude-lml/files/prelude-lml.service13
-rw-r--r--net-analyzer/prelude-lml/metadata.xml23
-rw-r--r--net-analyzer/prelude-lml/prelude-lml-3.0.0.ebuild58
-rw-r--r--net-analyzer/prelude-lml/prelude-lml-3.1.0.ebuild53
-rw-r--r--net-analyzer/prelude-lml/prelude-lml-4.0.0.ebuild53
12 files changed, 330 insertions, 0 deletions
diff --git a/net-analyzer/prelude-lml/Manifest b/net-analyzer/prelude-lml/Manifest
new file mode 100644
index 000000000000..9a60b88bb16c
--- /dev/null
+++ b/net-analyzer/prelude-lml/Manifest
@@ -0,0 +1,15 @@
+AUX prelude-lml-3.0.0-conf.patch 716 SHA256 791ebcdf3001324ab241de296969a0824800d2bbbcb7d4112aa3c78d376be5e3 SHA512 6394d55bcbc68971ec35161618bb6c7ccde0aa1e9ae2149b38f41117ddd2559ce5992803be7209d34ac20e2c5c30970bd34d39b1e510ed34655d345a3bf0c6e5 WHIRLPOOL 7983c2786b93c287a369f7433d1a0ac511e004819bd2336f495f3252105b33b062b4cba44cf3ebda61c2f15dafe3faa7f53fdfd2db9fcb781332b0226a2e73c1
+AUX prelude-lml-3.0.0-configure.patch 1652 SHA256 3846ef20f267caeedd133e458bb39a5ef2e8cc47ebded853204133544c2a76ee SHA512 553958c119eb56a0e1c513d6c197f30ca8c178fe956a93c549d3fd70ac627b65f1adf50bbac834bae241c6a610355c021b1853aa217d81e44457ee7f8c66f3ac WHIRLPOOL 2deac2949b85e5154d0aa85ffa450c51a61eba5cd927532b3157d3dd64f9fdcd9f76c604fed3c56c91b355813b3ccd8775376d10ed3f545bb4f4028aa990081f
+AUX prelude-lml-3.0.0-run.patch 551 SHA256 09cededd138d34aa848a80d8463226f914c792f7499dddf49456ce17b5941d27 SHA512 e772e55194461070f0379f0e5e02b48a8c6f6f5f79b154db85bfa945f9af17c3fe6394d81403ab032d306fa3da15d871c6bf1280cea85e27b1cd2e70565783b7 WHIRLPOOL 232375525ea245fad76c08a185dc256a0fb3afc2e1bc05ca7e72f06e808cfd1631243be17c955fbb8af0f047e008fb79e501d3afee6d580011ef229c539fb194
+AUX prelude-lml-3.1.0-run.patch 551 SHA256 2f5820be46b9b8d627c67cd5c86a044153f8120456b968408c76ed7dc2f38ffd SHA512 20614c83925ec233d2fc5bf1c30df8b17031eb0448ef39095de6bce0c1ea489c82c542eb6b684afd26f05d6bc8f68ff5b6c0d04030de60036ef8bd2ed24a91d0 WHIRLPOOL f6d96a0766a9767d0a42f8216848115ae29590c08cb53f70692f22026cdbe863faccc14e0537c065d4ce901b3e88d20ae58605524d8f648e7133e249b3a1d773
+AUX prelude-lml.initd 563 SHA256 b995694ae2f8cf261e6bfc4e7ee626076b1950bd69abc6dcecfde72330862e06 SHA512 b49cac24757000932e0d0ef8b98ab543d12b3efef0944f57f6c6bb23c04473d2a1cfbeccaaffb456e4d5306c12b412a1809aacae00edf535a7f3d944dcef10ec WHIRLPOOL 4e027d66ab4373280bcde885a66240f3470115f85d85cb9dea6b688891dc23434f9e831e53708b306b1991f2979c40f938ba1e95ca62b8192d42429496150057
+AUX prelude-lml.run 125 SHA256 1110c1ab3c34fbe958aeb1150063682986fca148f0df8d47f4821dd5bea8bec0 SHA512 876f3c9c2c005cf146590e3c8718ae4fc04f80594ad2f279f6794e035a8ebed6b6499c6d8ac8268e8c953e615a79743eb24bf992a9857a743f75ca253aab95ad WHIRLPOOL cbbec598f4fb4af98626db4b967ea327195eae44d23cde0f60de73d53e3e07c00165a86ea96c2b854078694703a35b10ba46256e10de147a4a2bd2de89daa95c
+AUX prelude-lml.service 297 SHA256 9882cba23003fd9232f09e85d629ca1975471a56a98bb118c82c9389d057f142 SHA512 0faa91b3736fe111b08fdd3f03829c35a81133cfc54e677ebc423d4d9a29113744253fbee12f9b531494f2f39b549df54eec4cc5c7363375443113277fead87a WHIRLPOOL c5a1ac6551e228ee3b46efe19ad13f9e47879bd6bf7ab875ebf276ca9e4fce3716f86d87bc556531c4e7a177b27c0ded0e1ca0b9eef676938c56f5ea3146354a
+DIST prelude-lml-3.0.0.tar.gz 1391203 SHA256 53e3ccba2e3842e583739234366b6a5241dc6a8d18da501e6c9ff5e2b9792814 SHA512 f206407f99df394186466566608b434a94d4fdce3e5e8991a4236f2ee670f6ae2573adea22bc248fdfea760588e94160faa7260257aeaeb35c938e1bb886ee6c WHIRLPOOL 2b8ff99576e502461625897251726dd7c1e3a849e27816c64e931548d0ae76f12c125f444096f1aa1894c5f0fce206a7aa436de754a0ff8a3cc25fd475913fc6
+DIST prelude-lml-3.1.0.tar.gz 1408600 SHA256 32a7e2256ae3b87b84b3da05b60fed0bb5e3b32e2f6794516c435eda1d753384 SHA512 16fe23c410f6ee585513589c1f9435e0a7dded010ccfd8bb0a8744603e7e020378afee474f6146472afa39263052defddc8c9115235dbd3015727c18f625773b WHIRLPOOL c6b4e20ac64f18eb0dfc4f7740c767b54ea4a00e3a46fc8dcb985cbf9296eab0a3f4774c4d6efeea63766cb395abf24d96ff29f0f38f6dfee2d411b68d4b0619
+DIST prelude-lml-4.0.0.tar.gz 1435446 SHA256 bc12dcb8f1085694fff20801204f9350c2011f06fceeda3be03ec5a748ab4eef SHA512 e2ae3a754f722b19110a32ae9ab7d0d9ce5ceb256c04a2b56f6549802d605cfa741cef4687c8883b585a0dd59f3507ee2d1275f4eb05050d10d24ad068522ef8 WHIRLPOOL 14c93403e1607cbd8559dc05a8fc4bef41aa73af5e16bec72db9ea9e3981d15c037927e93cc1c591fd5559da1745e4763fe36c416f8d81bccff8f48104f16f2e
+EBUILD prelude-lml-3.0.0.ebuild 1109 SHA256 768b4272c75d463dd9f10998f50732e81f7f9d6349de3fd47203f37882f6587b SHA512 aa73cbe3ef1c8da02224fb03ea7a8f43f1eaf41563bb922428cae527a83378db76a8ead23b5247cc2c0688f47ed32a6c966967f7d9729ea5b9e3505492afae14 WHIRLPOOL 52812eb47af7878ffcef72fdfdf0f1112f91d34d47a43cdd03df8f1e1a61ac6f4fc39be0fdd42c8894ed244ca885c650e8d8696776f0203d9b706e1f3270a2d5
+EBUILD prelude-lml-3.1.0.ebuild 967 SHA256 1a0480c775788a447bb1a689caffa9935e5c43e84630142109b8bec4d0ea3fa3 SHA512 43e1ce24d1a1929b6848cb1cc66d9d2fad451b9c952a2e816cc4266f2d52c411cb0d892696c7fc6abf8e4da654cf633a0f3aae4ca7713eccc1102746a3bade73 WHIRLPOOL cd93c732d8bda14a48e316fb6ab306cbc688e77bad1681a5c0eecad158223ecb470ef0b4dcba4ab904c094ae62dfe4e0898cc0aa6f73b45b0a4b0be58a2b2406
+EBUILD prelude-lml-4.0.0.ebuild 974 SHA256 425fca975d9c6b5bbec1fd66ae5fc8088764a3c062960a80dffde438569dd1cb SHA512 c5b5b976364e17a1cd34a7b260b75891a75d8211a808e34551134e6e5419bf004865ea26589ccaed712aaabc31e42e27fdac3c68c61a4068ad46ac4efe7641a2 WHIRLPOOL 50b2bea8bdd3e320dc49e8c2ebc82ccac7eb12b04c2634c8e30c6d3b40bcf0b806950c4f953d18bcccdf5df0392479e1fd6e21af140886dc6d98c16a093051d9
+MISC ChangeLog 1098 SHA256 c5ec6c79f5bf67f073db7ba82603c770f2a42b1ef573157565519813f6395af1 SHA512 392d73d948598e38d1cd76476dfb14a750813e70afa61e70228bec7cc8ddf47926e7155b54686b897775fffd9f20f2648ee5e6724980ac3bc63777d2ead58662 WHIRLPOOL 9088465f99e2124f86afb62053cc263a4ae88bf928da1b5ed25740d5aa8a10b420eac1341cdbb0b898499d0fc95957452092ba1bf2b08314120b7286c52bb98e
+MISC metadata.xml 859 SHA256 91debff3a251eb2857043a0f3a93e505cca6bb9c24356eea2b3954c36eccc199 SHA512 8a5d558c9a92c34f3a9eb082c2295422cf834c158bf295cdb2c85f6bde1c242d6e350299ef53b8a6556eb736c1ea7cb825723354a370b419a338021b8ca6e724 WHIRLPOOL 392b6f40750fadf41636bc9cac4cdebe7d9436ecfd6d959af8dbebe890301a9f99dac73d00f47628a0f7ede4a6c9aa4890f0899e5934a38dc482cd8a138361c1
diff --git a/net-analyzer/prelude-lml/files/prelude-lml-3.0.0-conf.patch b/net-analyzer/prelude-lml/files/prelude-lml-3.0.0-conf.patch
new file mode 100644
index 000000000000..dab4ea8a6bb1
--- /dev/null
+++ b/net-analyzer/prelude-lml/files/prelude-lml-3.0.0-conf.patch
@@ -0,0 +1,22 @@
+--- a/prelude-lml.conf
++++ b/prelude-lml.conf
+@@ -92,7 +92,7 @@
+ time-format = "%b %d %H:%M:%S"
+ prefix-regex = "^(?P<timestamp>.{15}) (?P<hostname>\S+) (?:(?P<process>\S+?)(?:\[(?P<pid>[0-9]+)\])?: )?"
+ file = /var/log/messages
+-file = /var/log/secure
++file = /var/log/auth.log
+ # udp-server = 0.0.0.0
+ # tcp-server = 0.0.0.0
+ # tcp-tls-server = 0.0.0.0
+--- a/prelude-lml.conf.in
++++ b/prelude-lml.conf.in
+@@ -92,7 +92,7 @@
+ time-format = "%b %d %H:%M:%S"
+ prefix-regex = "^(?P<timestamp>.{15}) (?P<hostname>\S+) (?:(?P<process>\S+?)(?:\[(?P<pid>[0-9]+)\])?: )?"
+ file = /var/log/messages
+-file = /var/log/secure
++file = /var/log/auth.log
+ # udp-server = 0.0.0.0
+ # tcp-server = 0.0.0.0
+ # tcp-tls-server = 0.0.0.0
diff --git a/net-analyzer/prelude-lml/files/prelude-lml-3.0.0-configure.patch b/net-analyzer/prelude-lml/files/prelude-lml-3.0.0-configure.patch
new file mode 100644
index 000000000000..154a261eb5ad
--- /dev/null
+++ b/net-analyzer/prelude-lml/files/prelude-lml-3.0.0-configure.patch
@@ -0,0 +1,35 @@
+--- a/configure.in
++++ b/configure.in
+@@ -107,10 +107,13 @@
+ dnl **************************************************
+ GNUTLS_MIN_VERSION=1.0.17
+
+-PKG_CHECK_MODULES([LIBGNUTLS], [gnutls >= $GNUTLS_MIN_VERSION], [],
+- [AM_PATH_LIBGNUTLS($GNUTLS_MIN_VERSION, enable_gnutls=yes, enable_gnutls=no)])
+-
+-AC_CHECK_HEADER(gnutls/gnutls.h, enable_gnutls=yes, enable_gnutls=no)
++AC_ARG_ENABLE(gnutls, AC_HELP_STRING(--enable-gnutls, Define whether GnuTLS provides gnutls_hash_get_len function), , enable_gnutls="yes")
++if test x$enable_gnutls = xyes; then
++ PKG_CHECK_MODULES([LIBGNUTLS], [gnutls >= $GNUTLS_MIN_VERSION], [],
++ [AM_PATH_LIBGNUTLS($GNUTLS_MIN_VERSION, enable_gnutls=yes, enable_gnutls=no)])
++
++ AC_CHECK_HEADER(gnutls/gnutls.h, enable_gnutls=yes, enable_gnutls=no)
++fi
+
+ if test x$enable_gnutls = xyes; then
+ AC_DEFINE_UNQUOTED(HAVE_GNUTLS, , Tell whether GnuTLS is available for TCP-TLS support)
+@@ -125,8 +128,12 @@
+ dnl * Check for libICU *
+ dnl **************************************************
+
+-PKG_CHECK_MODULES([ICU], [icu >= 3.0], [enable_icu=yes],
+- [AC_CHECK_ICU(3.8, enable_icu=yes, enable_icu=no)])
++AC_ARG_ENABLE(icu, AC_HELP_STRING(--enable-icu, Tell whether libicu is available for encoding convertion), , enable_icu="yes")
++
++if test x$enable_icu = xyes; then
++ PKG_CHECK_MODULES([ICU], [icu >= 3.0], [enable_icu=yes],
++ [AC_CHECK_ICU(3.8, enable_icu=yes, enable_icu=no)])
++fi
+ if test x$enable_icu = xyes; then
+ AC_DEFINE_UNQUOTED(HAVE_LIBICU, , Tell whether libicu is available for encoding convertion)
+ fi
diff --git a/net-analyzer/prelude-lml/files/prelude-lml-3.0.0-run.patch b/net-analyzer/prelude-lml/files/prelude-lml-3.0.0-run.patch
new file mode 100644
index 000000000000..8b4e65216cca
--- /dev/null
+++ b/net-analyzer/prelude-lml/files/prelude-lml-3.0.0-run.patch
@@ -0,0 +1,14 @@
+--- a/configure.in
++++ b/configure.in
+@@ -187,9 +187,9 @@
+ configdir=$SYSCONFDIR/prelude-lml
+ prelude_lml_conf=$configdir/prelude-lml.conf
+ regex_conf=$configdir/plugins.rules
+-metadata_dir=$LOCALSTATEDIR/lib/prelude-lml
++metadata_dir=$LOCALSTATEDIR/prelude-lml
+ plugindir=$LIBDIR/prelude-lml
+-lml_run_dir=$LOCALSTATEDIR/run/prelude-lml
++lml_run_dir=/run/prelude-lml
+
+ AC_DEFINE_UNQUOTED(PRELUDE_LML_CONF, "$prelude_lml_conf", Path to the LML configuration file)
+ AC_DEFINE_UNQUOTED(LOG_PLUGIN_DIR, "$plugindir", Prelude-LML report plugin directory)
diff --git a/net-analyzer/prelude-lml/files/prelude-lml-3.1.0-run.patch b/net-analyzer/prelude-lml/files/prelude-lml-3.1.0-run.patch
new file mode 100644
index 000000000000..a9eba7760d36
--- /dev/null
+++ b/net-analyzer/prelude-lml/files/prelude-lml-3.1.0-run.patch
@@ -0,0 +1,14 @@
+--- a/configure.ac
++++ b/configure.ac
+@@ -209,9 +209,9 @@
+ configdir=$SYSCONFDIR/prelude-lml
+ prelude_lml_conf=$configdir/prelude-lml.conf
+ regex_conf=$configdir/plugins.rules
+-metadata_dir=$LOCALSTATEDIR/lib/prelude-lml
++metadata_dir=$LOCALSTATEDIR/prelude-lml
+ plugindir=$LIBDIR/prelude-lml
+-lml_run_dir=$LOCALSTATEDIR/run/prelude-lml
++lml_run_dir=/run/prelude-lml
+
+ AC_DEFINE_UNQUOTED(PRELUDE_LML_CONF, "$prelude_lml_conf", Path to the LML configuration file)
+ AC_DEFINE_UNQUOTED(LOG_PLUGIN_DIR, "$plugindir", Prelude-LML report plugin directory)
diff --git a/net-analyzer/prelude-lml/files/prelude-lml.initd b/net-analyzer/prelude-lml/files/prelude-lml.initd
new file mode 100644
index 000000000000..0e1dd2e0f4fc
--- /dev/null
+++ b/net-analyzer/prelude-lml/files/prelude-lml.initd
@@ -0,0 +1,26 @@
+#!/sbin/openrc-run
+# Copyright 1999-2016 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+BIN_LML=/usr/bin/prelude-lml
+PID_LML=/run/prelude-lml/prelude-lml.pid
+
+depend() {
+ need net
+ after prelude-manager
+}
+
+start() {
+ ebegin "Starting prelude-lml"
+ checkpath -d -m 0755 -o root:root /run/prelude-lml
+ start-stop-daemon --start --exec $BIN_LML \
+ --pidfile $PID_LML -- -d -P $PID_LML
+ eend $?
+}
+
+stop() {
+ ebegin "Stopping prelude-lml"
+ start-stop-daemon --stop --exec $BIN_LML \
+ --pidfile $PID_LML
+ eend $?
+}
diff --git a/net-analyzer/prelude-lml/files/prelude-lml.run b/net-analyzer/prelude-lml/files/prelude-lml.run
new file mode 100644
index 000000000000..75f2ef89adda
--- /dev/null
+++ b/net-analyzer/prelude-lml/files/prelude-lml.run
@@ -0,0 +1,4 @@
+# Configuration to create /run/prelude-lml directory
+# Used as part of systemd's tmpfiles
+
+d /run/prelude-lml 0755 root root
diff --git a/net-analyzer/prelude-lml/files/prelude-lml.service b/net-analyzer/prelude-lml/files/prelude-lml.service
new file mode 100644
index 000000000000..9d9230c6ff4c
--- /dev/null
+++ b/net-analyzer/prelude-lml/files/prelude-lml.service
@@ -0,0 +1,13 @@
+[Unit]
+Description=Prelude-LML service
+DefaultDependencies=no
+After=remote_fs.target prelude-manager.service
+
+[Service]
+ExecStart=/usr/bin/prelude-lml -d -P /run/prelude-lml/prelude-lml.pid
+Type=forking
+PIDFile=/run/prelude-lml/prelude-lml.pid
+Restart=always
+
+[Install]
+WantedBy=multi-user.target
diff --git a/net-analyzer/prelude-lml/metadata.xml b/net-analyzer/prelude-lml/metadata.xml
new file mode 100644
index 000000000000..9aa90946ee78
--- /dev/null
+++ b/net-analyzer/prelude-lml/metadata.xml
@@ -0,0 +1,23 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd">
+<pkgmetadata>
+ <maintainer type="person">
+ <email>thomas.andrejak@gmail.com</email>
+ <name>Thomas Andrejak</name>
+ </maintainer>
+ <maintainer type="project">
+ <email>proxy-maint@gentoo.org</email>
+ <name>Proxy Maintainers</name>
+ </maintainer>
+ <longdescription lang="en">
+ Prelude-LML is a log analyser that allows Prelude to collect and
+ analyze information from all kind of applications emitting logs or
+ syslog messages in order to detect suspicious activities and transform
+ them into Prelude-IDMEF alerts. Prelude-LML handles events generated
+ by a large set of applications
+ </longdescription>
+ <use>
+ <flag name="tls">Enables Prelude LML support Syslog through TLS
+ using <pkg>net-libs/gnutls</pkg>.</flag>
+ </use>
+</pkgmetadata>
diff --git a/net-analyzer/prelude-lml/prelude-lml-3.0.0.ebuild b/net-analyzer/prelude-lml/prelude-lml-3.0.0.ebuild
new file mode 100644
index 000000000000..62c96afbdf87
--- /dev/null
+++ b/net-analyzer/prelude-lml/prelude-lml-3.0.0.ebuild
@@ -0,0 +1,58 @@
+# Copyright 1999-2016 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=6
+
+inherit autotools eutils systemd
+
+DESCRIPTION="The prelude log analyzer"
+HOMEPAGE="https://www.prelude-siem.org"
+SRC_URI="https://www.prelude-siem.org/pkg/src/3.0.0/${P}.tar.gz"
+
+LICENSE="GPL-2+"
+SLOT="0"
+KEYWORDS="~amd64 ~x86"
+IUSE="tls icu"
+
+RDEPEND="dev-libs/libprelude
+ dev-libs/libpcre
+ icu? ( dev-libs/icu )
+ tls? ( net-libs/gnutls )"
+
+DEPEND="${RDEPEND}
+ virtual/pkgconfig"
+
+PATCHES=(
+ "${FILESDIR}/${P}-configure.patch"
+ "${FILESDIR}/${P}-conf.patch"
+ "${FILESDIR}/${P}-run.patch"
+)
+
+src_prepare() {
+ default_src_prepare
+
+ mv "${S}/configure.in" "${S}/configure.ac" || die "mv failed"
+
+ eautoreconf
+}
+
+src_configure() {
+ econf \
+ --localstatedir=/var \
+ $(use_enable icu) \
+ $(use_enable tls gnutls)
+}
+
+src_install() {
+ default_src_install
+
+ rm -rv "${D}/run" || die "rm failed"
+ keepdir /var/${PN}
+
+ prune_libtool_files --modules
+
+ systemd_dounit "${FILESDIR}/${PN}.service"
+ systemd_newtmpfilesd "${FILESDIR}/${PN}.run" "${PN}.conf"
+
+ newinitd "${FILESDIR}/${PN}.initd" "${PN}"
+}
diff --git a/net-analyzer/prelude-lml/prelude-lml-3.1.0.ebuild b/net-analyzer/prelude-lml/prelude-lml-3.1.0.ebuild
new file mode 100644
index 000000000000..97d2cf351889
--- /dev/null
+++ b/net-analyzer/prelude-lml/prelude-lml-3.1.0.ebuild
@@ -0,0 +1,53 @@
+# Copyright 1999-2016 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=6
+
+inherit autotools systemd
+
+DESCRIPTION="The prelude log analyzer"
+HOMEPAGE="https://www.prelude-siem.org"
+SRC_URI="https://www.prelude-siem.org/pkg/src/${PV}/${P}.tar.gz"
+
+LICENSE="GPL-2+"
+SLOT="0"
+KEYWORDS="~amd64 ~x86"
+IUSE="ssl icu"
+
+RDEPEND="~dev-libs/libprelude-${PV}
+ dev-libs/libpcre
+ icu? ( dev-libs/icu )
+ ssl? ( net-libs/gnutls:= )"
+
+DEPEND="${RDEPEND}
+ virtual/pkgconfig"
+
+PATCHES=(
+ "${FILESDIR}/${P}-run.patch"
+)
+
+src_prepare() {
+ default
+
+ eautoreconf
+}
+
+src_configure() {
+ econf \
+ --localstatedir="${EPREFIX}/var" \
+ $(use_with ssl libgnutls-prefix)
+}
+
+src_install() {
+ default
+
+ rm -rv "${ED%/}/run" || die "rm failed"
+ keepdir /var/${PN}
+
+ find "${D}" -name '*.la' -delete || die
+
+ systemd_dounit "${FILESDIR}/${PN}.service"
+ systemd_newtmpfilesd "${FILESDIR}/${PN}.run" "${PN}.conf"
+
+ newinitd "${FILESDIR}/${PN}.initd" "${PN}"
+}
diff --git a/net-analyzer/prelude-lml/prelude-lml-4.0.0.ebuild b/net-analyzer/prelude-lml/prelude-lml-4.0.0.ebuild
new file mode 100644
index 000000000000..89563e4bb103
--- /dev/null
+++ b/net-analyzer/prelude-lml/prelude-lml-4.0.0.ebuild
@@ -0,0 +1,53 @@
+# Copyright 1999-2017 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=6
+
+inherit autotools systemd
+
+DESCRIPTION="The prelude log analyzer"
+HOMEPAGE="https://www.prelude-siem.org"
+SRC_URI="https://www.prelude-siem.org/pkg/src/${PV}/${P}.tar.gz"
+
+LICENSE="GPL-2+"
+SLOT="0"
+KEYWORDS="~amd64 ~x86"
+IUSE="icu ssl"
+
+RDEPEND="~dev-libs/libprelude-${PV}
+ dev-libs/libpcre
+ icu? ( dev-libs/icu )
+ ssl? ( net-libs/gnutls:= )"
+
+DEPEND="${RDEPEND}
+ virtual/pkgconfig"
+
+PATCHES=(
+ "${FILESDIR}/${PN}-3.1.0-run.patch"
+)
+
+src_prepare() {
+ default
+
+ eautoreconf
+}
+
+src_configure() {
+ econf \
+ --localstatedir="${EPREFIX}/var" \
+ $(use_with ssl libgnutls-prefix)
+}
+
+src_install() {
+ default
+
+ rm -rv "${ED%/}/run" || die "rm failed"
+ keepdir /var/${PN}
+
+ find "${D}" -name '*.la' -delete || die
+
+ systemd_dounit "${FILESDIR}/${PN}.service"
+ systemd_newtmpfilesd "${FILESDIR}/${PN}.run" "${PN}.conf"
+
+ newinitd "${FILESDIR}/${PN}.initd" "${PN}"
+}