Skip site navigation (1)Skip section navigation (2)

FreeBSD Manual Pages

  
 
  

home | help
Prelude(1)			 User Commands			    Prelude(1)

NAME
       preludedb-admin - tool to copy, move, delete, save or restore a prelude
       database

SYNOPSIS
       preludedb-admin copy|move|delete|load|save arguments

DESCRIPTION
       preludedb-admin can be used to copy, move, delete, save	or  restore  a
       prelude	database, partly or in whole, while preserving IDMEF data con-
       sistency.

       Mandatory arguments

       copy   Make a copy of a Prelude database	to another database.

       delete Delete content of	a Prelude database.

       load   Load a Prelude database from a file.

       move   Move content of a	Prelude	database to another database.

       save   Save a Prelude database to a file.

       Running a command without providing arguments will display  a  detailed
       help.

EXAMPLES
       Obtaining help on a specific command:

	      #	preludedb-admin	save
	      Usage  : save <alert|heartbeat> <database> <filename> [options]
	      Example: preludedb-admin save alert "type=mysql name=dbname user=prelude"	outputfile

	      Save messages from <database> into [filename].
	      If no filename argument is provided, data	will be	written	to standard output.

	      Database arguments:
		type  :	Type of	database (mysql/pgsql).
		name  :	Name of	the database.
		user  :	User to	access the database.
		pass  :	Password to access the database.

	      Valid options:
		--offset <offset>		: Skip processing until	'offset' events.
		--count	<count>			: Process at most count	events.
		--query-logging	[filename]	: Log SQL query	to the specified file.
		--criteria <criteria>		: Only process events matching criteria.
		--events-per-transaction	: Maximum number of event to process per transaction (default 1000).

       Preludedb-admin	can be useful to delete	events from a prelude database
       :

	      preludedb-admin delete alert --criteria <criteria> "type=<mysql> name=<dbname> user=<prelude-user> pass=<pass>"

       where criteria is an IDMEF criteria :

	      preludedb-admin delete alert --criteria "alert.classification.text == 'UDP packet	dropped'" "type=mysql name=prelude user=prelude-user pass=prelude-pass"

       This will delete	all event with the  classification  text  "UDP	packet
       dropped"	from the database.

SEE ALSO
       The    Prelude	Handbook:   https://www.prelude-siem.org/projects/pre-
       lude/wiki/ManualUser

       Prelude homepage: http://www.prelude-siem.com/

       Creating	  filter   using    IDMEF    Criteria:	  https://www.prelude-
       siem.org/projects/prelude/wiki/IDMEFCriteria

       Prelude	  IDMEF	   Path:    https://www.prelude-siem.org/projects/pre-
       lude/wiki/IDMEFPath

BUGS
       To report a bug,	please visit https://www.prelude-siem.org/

AUTHOR
       This manpage was	Written	by Pierre Chifflier.

COPYRIGHT
       Copyright (C) 2006-2015 CS-SI.
       This is free software.  You may redistribute copies  of	it  under  the
       terms   of  the	GNU  General  Public  License  <http://www.gnu.org/li-
       censes/gpl.html>.  There	is NO WARRANTY,	to  the	 extent	 permitted  by
       law.

preludedb-admin			   June	2012			    Prelude(1)

NAME | SYNOPSIS | DESCRIPTION | EXAMPLES | SEE ALSO | BUGS | AUTHOR | COPYRIGHT

Want to link to this manual page? Use this URL:
<https://www.freebsd.org/cgi/man.cgi?query=preludedb-admin&sektion=1&manpath=FreeBSD+13.0-RELEASE+and+Ports>

home | help