GSP
Quick Navigator
Search Site

Unix VPS
A - Starter
B - Basic
C - Preferred
D - Commercial
MPS - Dedicated
Previous VPSs
* Sign Up! *

Support
Contact Us
Online Help
Handbooks
Domain Status
Man Pages

FAQ
Virtual Servers
Pricing
Billing
Technical

Network
Facilities
Connectivity
Topology Map

Miscellaneous
Server Agreement
Year 2038
Credits
 

USA Flag

 

 

Man Pages
Prelude(1) User Commands Prelude(1)

preludedb-admin - tool to copy, move, delete, save or restore a prelude database

preludedb-admin copy|count|delete|load|move|optimize|save|update arguments

preludedb-admin can be used to copy, move, delete, save, update or restore a Prelude database, partly or in whole, while preserving IDMEF data consistency.

Mandatory arguments

Make a copy of a Prelude database to another database.
Count the number of events in a Prelude database.
Delete content of a Prelude database.
Load a Prelude database from a file.
Move content of a Prelude database to another database.
Optimize a Prelude database by deleting orphaned data.
Save a Prelude database to a file.
Update data in a Prelude database.

Running a command without providing arguments will display a detailed help.

Obtaining help on a specific command:

# preludedb-admin save
Usage  : save <alert|heartbeat> <database> <filename> [options]
Example: preludedb-admin save alert "type=mysql name=dbname user=prelude" outputfile
Save messages from <database> into [filename].
If no filename argument is provided, data will be written to standard output.
Database arguments:


  type  : Type of database (mysql/pgsql).


  name  : Name of the database.


  user  : User to access the database.


  pass  : Password to access the database.
Valid options:


  --offset <offset>               : Skip processing until 'offset' events.


  --count <count>                 : Process at most count events.


  --query-logging [filename]      : Log SQL query to the specified file.


  --criteria <criteria>           : Only process events matching criteria.


  --events-per-transaction        : Maximum number of event to process per transaction (default 1000).

Preludedb-admin can be useful to delete events from a prelude database :

preludedb-admin delete alert --criteria <criteria> "type=<mysql> name=<dbname> user=<prelude-user> pass=<pass>"

where criteria is an IDMEF criteria :

preludedb-admin delete alert --criteria "alert.classification.text == 'UDP packet dropped'" "type=mysql name=prelude user=prelude-user pass=prelude-pass"

This will delete all event with the classification text "UDP packet dropped" from the database.

The Prelude Handbook: https://www.prelude-siem.org/projects/prelude/wiki/ManualUser

Prelude homepage: http://www.prelude-siem.com/

Creating filter using IDMEF Criteria: https://www.prelude-siem.org/projects/prelude/wiki/IDMEFCriteria

Prelude IDMEF Path: https://www.prelude-siem.org/projects/prelude/wiki/IDMEFPath

To report a bug, please visit https://www.prelude-siem.org/

This manpage was Written by Pierre Chifflier.

Copyright © 2006-2020 CS GROUP - France.
This is free software. You may redistribute copies of it under the terms of the GNU General Public License <http://www.gnu.org/licenses/gpl.html>. There is NO WARRANTY, to the extent permitted by law.

June 2012 preludedb-admin
Search for    or go to Top of page |  Section 1 |  Main Index

Powered by GSP Visit the GSP FreeBSD Man Page Interface.
Output converted with ManDoc.