Login or Register to Ask a Question and Join Our Community

Linux and UNIX Man Pages

Linux & Unix Commands - Search Man Pages

preludedb-admin(1) [debian man page]

Prelude(1)							   User Commands							Prelude(1)

NAME

       preludedb-admin - tool to copy, move, delete, save or restore a prelude database

SYNOPSIS

       preludedb-admin copy|move|delete|load|save arguments

DESCRIPTION

       preludedb-admin can be used to copy, move, delete, save or restore a prelude database, partly or in whole, while preserving IDMEF data con-
       sistency.

       Mandatory arguments

       copy   Make a copy of a Prelude database to another database.

       delete Delete content of a Prelude database.

       load   Load a Prelude database from a file.

       move   Move content of a Prelude database to another database.

       save   Save a Prelude database to a file.

       Running a command without providing arguments will display a detailed help.

EXAMPLES

       Obtaining help on a specific command:

	      # preludedb-admin save
	      Usage  : save <alert|heartbeat> <database> <filename> [options]
	      Example: preludedb-admin save alert "type=mysql name=dbname user=prelude" outputfile

	      Save messages from <database> into [filename].
	      If no filename argument is provided, data will be written to standard output.

	      Database arguments:
		type  : Type of database (mysql/pgsql).
		name  : Name of the database.
		user  : User to access the database.
		pass  : Password to access the database.

	      Valid options:
		--offset <offset>		: Skip processing until 'offset' events.
		--count <count> 		: Process at most count events.
		--query-logging [filename]	: Log SQL query to the specified file.
		--criteria <criteria>		: Only process events matching criteria.
		--events-per-transaction	: Maximum number of event to process per transaction (default 1000).

       Preludedb-admin can be useful to delete events from a prelude database :

	      preludedb-admin delete alert --criteria <criteria> "type=<mysql> name=<dbname> user=<prelude-user> pass=<pass>"

       where criteria is an IDMEF criteria :

	      preludedb-admin delete alert --criteria "alert.classification.text == 'UDP packet dropped'" "type=mysql name=prelude user=prelude-user pass=prelude-pass"

       This will delete all event with the classification text "UDP packet dropped" from the database.

SEE ALSO

       The Prelude Handbook: https://trac.prelude-ids.org/wiki/PreludeHandbook

       Prelude homepage: http://www.prelude-ids.com/

       Creating filter using IDMEF Criteria: https://trac.prelude-ids.org/wiki/IDMEFCriteria

       Prelude IDMEF Path: https://trac.prelude-ids.org/wiki/IDMEFPath

BUGS

       To report a bug, please visit https://trac.prelude-ids.org/

AUTHOR

       This manpage was Written by Pierre Chifflier.

COPYRIGHT

       Copyright (C) 2006 PreludeIDS Technologies.
       This  is  free  software.   You	 may   redistribute   copies   of   it	 under	 the   terms   of   the   GNU	General   Public   License
       <http://www.gnu.org/licenses/gpl.html>.	There is NO WARRANTY, to the extent permitted by law.

preludedb-admin 						     June 2007								Prelude(1)

Check Out this Related Man Page

dupdp-admin(1)						      General Commands Manual						    dupdp-admin(1)

NAME

       dupdb-admin - Manage the duplicate database for apport-retrace.

SYNOPSIS

       dupdb-admin -f dbpath status

       dupdb-admin -f dbpath dump

       dupdb-admin -f dbpath changeid oldid newid

DESCRIPTION

       apport-retrace(1)  has the capability of checking for duplicate bugs (amonst other things). It uses an SQLite database for keeping track of
       master bugs.  dupdb-admin is a small tool to manage that database.

       The central concept in that database is a "crash signature", a string that uniquely identifies a particular crash. It  is  built  from  the
       executable path name, the signal number or exception name, and the topmost functions of the stack trace.

       The  database maps crash signatures to the 'master' crash id and thus can close duplicate crash reports with a reference to that master ID.
       It also tracks the status of crashes (open/fixed in a particular version) to be able to identify regressions.

MODES

       status Print general status of the duplicate db. For now, it only shows the time when the database was "consolidated" last, i. e. when  the
	      bug states (open/fixed) in the SQLite database where updated to the actual states in the bug tracking system.

       dump   Print a list of all database entries.

       changeid
	      Change the associated crash ID for a particular crash.

OPTIONS

       -f path, --database-file=path
	      Instead  of processing the new crash reports in /var/crash/, report a particular report in an arbitrary file location.  This is use-
	      ful for copying a crash report to a machine with internet connection and reporting it from there. This defaults to  ~./apport_dupli-
	      cates.db.

AUTHOR

       apport and the accompanying tools are developed by Martin Pitt <martin.pitt@ubuntu.com>.

Martin Pitt							  August 01, 2007						    dupdp-admin(1)
Man Page