preludedb-admin man page on DragonFly
Printed from http://www.polarhome.com/service/man/?qf=preludedb-admin&af=0&tf=2&of=DragonFly
Prelude(1) User Commands Prelude(1)
NAME
preludedb-admin - tool to copy, move, delete, save or restore a prelude
database
SYNOPSIS
preludedb-admin copy|move|delete|load|save arguments
DESCRIPTION
preludedb-admin can be used to copy, move, delete, save or restore a
prelude database, partly or in whole, while preserving IDMEF data con‐
sistency.
Mandatory arguments
copy Make a copy of a Prelude database to another database.
delete Delete content of a Prelude database.
load Load a Prelude database from a file.
move Move content of a Prelude database to another database.
save Save a Prelude database to a file.
Running a command without providing arguments will display a detailed
help.
EXAMPLES
Obtaining help on a specific command:
# preludedb-admin save
Usage : save <alert|heartbeat> <database> <filename> [options]
Example: preludedb-admin save alert "type=mysql name=dbname user=prelude" outputfile
Save messages from <database> into [filename].
If no filename argument is provided, data will be written to standard output.
Database arguments:
type : Type of database (mysql/pgsql).
name : Name of the database.
user : User to access the database.
pass : Password to access the database.
Valid options:
--offset <offset> : Skip processing until 'offset' events.
--count <count> : Process at most count events.
--query-logging [filename] : Log SQL query to the specified file.
--criteria <criteria> : Only process events matching criteria.
--events-per-transaction : Maximum number of event to process per transaction (default 1000).
Preludedb-admin can be useful to delete events from a prelude database
:
preludedb-admin delete alert --criteria <criteria> "type=<mysql> name=<dbname> user=<prelude-user> pass=<pass>"
where criteria is an IDMEF criteria :
preludedb-admin delete alert --criteria "alert.classification.text == 'UDP packet dropped'" "type=mysql name=prelude user=prelude-user pass=prelude-pass"
This will delete all event with the classification text "UDP packet
dropped" from the database.
SEE ALSO
The Prelude Handbook: https://dev.prelude-ids.com/wiki/prelude/Manu‐
alUser
Prelude homepage: http://www.prelude-ids.com/
Creating filter using IDMEF Criteria: https://dev.prelude-
ids.com/wiki/IDMEFCriteria
Prelude IDMEF Path: https://dev.prelude-ids.com/wiki/prelude/IDMEFPath
BUGS
To report a bug, please visit https://dev.prelude-ids.com/
AUTHOR
This manpage was Written by Pierre Chifflier.
COPYRIGHT
Copyright © 2006-2012 CS-SI.
This is free software. You may redistribute copies of it under the
terms of the GNU General Public License
<http://www.gnu.org/licenses/gpl.html>. There is NO WARRANTY, to the
extent permitted by law.
preludedb-admin June 2012 Prelude(1)
[top]
List of man pages available for DragonFly
Copyright (c) for man pages and the logo by the respective OS vendor.
For those who want to learn more, the polarhome community provides shell access and support.
[legal]
[privacy]
[GNU]
[policy]
[cookies]
[netiquette]
[sponsors]
[FAQ]
Polarhome, production since 1999.
Member of Polarhome portal.
Based on Fawad Halim's script.
....................................................................
|
Vote for polarhome
|