debian man page for preludedb-admin

Debian Man Pages All Man Pages Latest Topics Forum Categories

Query: preludedb-admin

OS: debian

Section: 1

Format: Original Unix Latex Style Formatted with HTML and a Horizontal Scroll Bar

Prelude(1)							   User Commands							Prelude(1)


NAME

       preludedb-admin - tool to copy, move, delete, save or restore a prelude database


SYNOPSIS

       preludedb-admin copy|move|delete|load|save arguments


DESCRIPTION

       preludedb-admin can be used to copy, move, delete, save or restore a prelude database, partly or in whole, while preserving IDMEF data con-
       sistency.

       Mandatory arguments

       copy   Make a copy of a Prelude database to another database.

       delete Delete content of a Prelude database.

       load   Load a Prelude database from a file.

       move   Move content of a Prelude database to another database.

       save   Save a Prelude database to a file.

       Running a command without providing arguments will display a detailed help.


EXAMPLES

       Obtaining help on a specific command:

	      # preludedb-admin save
	      Usage  : save <alert|heartbeat> <database> <filename> [options]
	      Example: preludedb-admin save alert "type=mysql name=dbname user=prelude" outputfile

	      Save messages from <database> into [filename].
	      If no filename argument is provided, data will be written to standard output.

	      Database arguments:
		type  : Type of database (mysql/pgsql).
		name  : Name of the database.
		user  : User to access the database.
		pass  : Password to access the database.

	      Valid options:
		--offset <offset>		: Skip processing until 'offset' events.
		--count <count> 		: Process at most count events.
		--query-logging [filename]	: Log SQL query to the specified file.
		--criteria <criteria>		: Only process events matching criteria.
		--events-per-transaction	: Maximum number of event to process per transaction (default 1000).

       Preludedb-admin can be useful to delete events from a prelude database :

	      preludedb-admin delete alert --criteria <criteria> "type=<mysql> name=<dbname> user=<prelude-user> pass=<pass>"

       where criteria is an IDMEF criteria :

	      preludedb-admin delete alert --criteria "alert.classification.text == 'UDP packet dropped'" "type=mysql name=prelude user=prelude-user pass=prelude-pass"

       This will delete all event with the classification text "UDP packet dropped" from the database.


SEE ALSO

       The Prelude Handbook: https://trac.prelude-ids.org/wiki/PreludeHandbook

       Prelude homepage: http://www.prelude-ids.com/

       Creating filter using IDMEF Criteria: https://trac.prelude-ids.org/wiki/IDMEFCriteria

       Prelude IDMEF Path: https://trac.prelude-ids.org/wiki/IDMEFPath


BUGS

       To report a bug, please visit https://trac.prelude-ids.org/


AUTHOR

       This manpage was Written by Pierre Chifflier.


COPYRIGHT

       Copyright (C) 2006 PreludeIDS Technologies.
       This  is  free  software.   You	 may   redistribute   copies   of   it	 under	 the   terms   of   the   GNU	General   Public   License
       <http://www.gnu.org/licenses/gpl.html>.	There is NO WARRANTY, to the extent permitted by law.

preludedb-admin 						     June 2007								Prelude(1)
Related Man Pages
prelude-admin(1) - debian
sqlobject-admin(1) - debian
audisp-prelude(8) - debian
nutop(8) - debian
mongodb::gridfs(3pm) - debian
Similar Topics in the Unix Linux Community
shell or admin fires the db
libprelude 0.9.18 (Default branch)
SQL admin tool
Code for alerting admin regarding process
Please help me with query regarding RHCE certification