prelude-manager (1) Linux Manual Page
prelude-manager – Collects and normalize events.
Synopsis
prelude-manager [options]Description
Prelude Manager is a high-availability server which can collect, filter, relay, reverse-relay, normalize and store events. Events can come from registered analyzers and/or managers. The common usage is to store nomalized events into a database, thus this can be extended to store informations in plain text or xml files.Options
Some prelude-manager option are contextual, they have to be prefixed by another.–prelude Prelude generic options
–profile=<name> Profile to use for this analyzer
–heartbeat-interval=<interval> Number of seconds between two heartbeat
–server-addr=<address> Address where this sensor should report to (addr:port)
–analyzer-name=<name> Name for this analyzer
- –db=<INAME>
- Options for the libpreludedb plugin
-t, –type=<type> Type of database (mysql/pgsql/sqlite3)
-l, –log=<file name> Log all queries in a file, should be only used for debugging purpose
-h, –host=<address> The host where the database server is running (in case of client/server database)
-f, –file=<file name> The file where the database is stored (in case of file based database)
-p, –port=<port number> The port where the database server is listening (in case of client/server database)
-d, –name=<name> The name of the database where the alerts will be stored
-u, –user=<user> User of the database (in case of client/server database)
-P, –pass=<password> Password for the user (in case of client/server database)
- –debug=<INAME> Option for the debug plugin
-o, –object=<name> Name of IDMEF object to print (no object provided will print the entire message)
-l, –logfile=<file name> Specify output file to use (default to stdout)
- –relaying=<INAME> Relaying plugin option
-p, –parent-managers=<address> List of managers address:port pair where messages should be sent to
- –textmod=<INAME> Option for the textmod plugin
-l, –logfile=<file name> Specify logfile to use
- –xmlmod=<INAME> Option for the xmlmod plugin
-l, –logfile=<file name> Specify output file to use
-v, –validate=<xml> Validate IDMEF XML output against DTD
-f, –format=<format> Format XML output so that it is readable
-d, –disable-buffering=<boolean> Disable output file buffering to prevent truncated tags
–idmef-criteria-filter=<INAME> Filter message based on IDMEF criteria
-r, –rule=<rule> Filter rule, or filename containing rule
–hook=<value> Where the filter should be hooked (reporting|reverse-relaying|plugin name)
- –config=<file name> Configuration file to use
- –debug=<INAME> Option for the debug plugin
- -v, –version
- Print version number
- -D, –debug-level=<level>
- Run in debug mode
- -d, –daemon
- Run in daemon mode
- -P, –pidfile=<file name>
- Write Prelude PID to pidfile
- -c, –child-managers=<address>
- List of managers address:port pair where messages should be gathered from
- -l, –listen=<address>
- Address the sensors server should listen on (addr:port)
- -f, –failover=<boolean>
- Enable failover for specified report plugin
- -h, –help
- Print help