/

prelude-manager (1) Linux Manual Page

ByLinux Manual Posted on Updated on

NAME

prelude-manager – Collects and normalize events.

SYNOPSIS

prelude-manager [options]

DESCRIPTION

Prelude Manager is a high-availability server which can collect, filter, relay, reverse-relay, normalize and store events. Events can come from registered analyzers and/or managers. The common usage is to store nomalized events into a database, thus this can be extended to store informations in plain text or xml files.

OPTIONS

Some prelude-manager option are contextual, they have to be prefixed by another.

–prelude Prelude generic options

–profile=<name> Profile to use for this analyzer

–heartbeat-interval=<interval> Number of seconds between two heartbeat

–server-addr=<address> Address where this sensor should report to (addr:port)

–analyzer-name=<name> Name for this analyzer

–db=<INAME>

Options for the libpreludedb plugin

-t, –type=<type> Type of database (mysql/pgsql/sqlite3)

-l, –log=<file name> Log all queries in a file, should be only used for debugging purpose

-h, –host=<address> The host where the database server is running (in case of client/server database)

-f, –file=<file name> The file where the database is stored (in case of file based database)

-p, –port=<port number> The port where the database server is listening (in case of client/server database)

-d, –name=<name> The name of the database where the alerts will be stored

-u, –user=<user> User of the database (in case of client/server database)

-P, –pass=<password> Password for the user (in case of client/server database)

–debug=<INAME> Option for the debug plugin

-o, –object=<name> Name of IDMEF object to print (no object provided will print the entire message)

-l, –logfile=<file name> Specify output file to use (default to stdout)

–relaying=<INAME> Relaying plugin option

-p, –parent-managers=<address> List of managers address:port pair where messages should be sent to

–textmod=<INAME> Option for the textmod plugin

-l, –logfile=<file name> Specify logfile to use

–xmlmod=<INAME> Option for the xmlmod plugin

-l, –logfile=<file name> Specify output file to use

-v, –validate=<xml> Validate IDMEF XML output against DTD

-f, –format=<format> Format XML output so that it is readable

-d, –disable-buffering=<boolean> Disable output file buffering to prevent truncated tags

–idmef-criteria-filter=<INAME> Filter message based on IDMEF criteria

-r, –rule=<rule> Filter rule, or filename containing rule

–hook=<value> Where the filter should be hooked (reporting|reverse-relaying|plugin name)

–config=<file name> Configuration file to use

-v, –version

Print version number

-D, –debug-level=<level>

Run in debug mode

-d, –daemon

Run in daemon mode

-P, –pidfile=<file name>

Write Prelude PID to pidfile

-c, –child-managers=<address>

List of managers address:port pair where messages should be gathered from

-l, –listen=<address>

Address the sensors server should listen on (addr:port)

-f, –failover=<boolean>

Enable failover for specified report plugin

-h, –help

Print help

FILES

/etc/prelude/prelude-manager.conf – the configuration file

BUGS

This man page hadn’t been proof-read yet.

SEE ALSO

prelude-adduser(1)

Index

Leave a Reply

Your email address will not be published. Required fields are marked *