/

preludedb-admin (1) Linux Manual Page

ByLinux Manual Posted on Updated on

NAME

preludedb-admin – tool to copy, move, delete, save or restore a prelude database

SYNOPSIS

preludedb-admin copy|move|delete|load|save arguments

DESCRIPTION

preludedb-admin can be used to copy, move, delete, save or restore a prelude database, partly or in whole, while preserving IDMEF data consistency.

Mandatory arguments

copy

Make a copy of a Prelude database to another database.

delete

Delete content of a Prelude database.

load

Load a Prelude database from a file.

move

Move content of a Prelude database to another database.

save

Save a Prelude database to a file.

Running a command without providing arguments will display a detailed help.

EXAMPLES

Obtaining help on a specific command: 


#preludedb - admin save
Usage : save<alert | heartbeat><database><filename>[options] Example : preludedb - admin save alert "type=mysql name=dbname user=prelude" outputfile
                                                                                       Save messages from<database>
                                                                                           into[filename]
                                                                                               .If no filename argument is provided,
    data will be written to standard output.Database arguments : type : Type of database(mysql / pgsql).name : Name of the database.user : User to access the database.pass : Password to access the database.Valid options : --offset<offset> : Skip processing until 'offset' events.--count<count> : Process at most count events.--query - logging[filename] : Log SQL query to the specified file.--criteria<criteria> : Only process events matching criteria.--events - per - transaction : Maximum number of event to process per transaction(default 1000).

Preludedb-admin can be useful to delete events from a prelude database : 

preludedb-admin delete alert --criteria <criteria> "type=<mysql> name=<dbname> user=<prelude-user> pass=<pass>"

where criteria is an IDMEF criteria : 

preludedb-admin delete alert --criteria "alert.classification.text == 'UDP packet dropped'" "type=mysql name=prelude user=prelude-user pass=prelude-pass"

This will delete all event with the classification text "UDP packet dropped" from the database.

SEE ALSO

The Prelude Handbook: https://www.prelude-siem.org/projects/prelude/wiki/ManualUser

Prelude homepage: http://www.prelude-siem.com/

Creating filter using IDMEF Criteria: https://www.prelude-siem.org/projects/prelude/wiki/IDMEFCriteria

Prelude IDMEF Path: https://www.prelude-siem.org/projects/prelude/wiki/IDMEFPath

BUGS

To report a bug, please visit https://www.prelude-siem.org/

AUTHOR

This manpage was Written by Pierre Chifflier.

COPYRIGHT

Copyright © 2006-2016 CS-SI.
This is free software. You may redistribute copies of it under the terms of the GNU General Public License <http://www.gnu.org/licenses/gpl.html>. There is NO WARRANTY, to the extent permitted by law.

Index

Leave a Reply

Your email address will not be published. Required fields are marked *