1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
|
.TH Prelude "1" "June 2012" "preludedb-admin" "User Commands"
.SH NAME
preludedb-admin \- tool to copy, move, delete, save or restore a prelude database
.SH SYNOPSIS
.B preludedb-admin
\fIcopy|count|delete|load|move|optimize|save|update\fR \fIarguments\fR
.SH DESCRIPTION
.\" Add any additional description here
.PP
preludedb-admin can be used to copy, move, delete, save, update or restore
a Prelude database, partly or in whole, while preserving IDMEF data consistency.
.PP
Mandatory arguments
.TP
\fBcopy\fR
Make a copy of a Prelude database to another database.
.TP
\fBcount\fR
Count the number of events in a Prelude database.
.TP
\fBdelete\fR
Delete content of a Prelude database.
.TP
\fBload\fR
Load a Prelude database from a file.
.TP
\fBmove\fR
Move content of a Prelude database to another database.
.TP
\fBoptimize\fR
Optimize a Prelude database by deleting orphaned data.
.TP
\fBsave\fR
Save a Prelude database to a file.
.TP
\fBupdate\fR
Update data in a Prelude database.
.PP
Running a command without providing arguments will display a detailed help.
.SH EXAMPLES
Obtaining help on a specific command:
.RS
.nf
# preludedb-admin save
Usage : save <alert|heartbeat> <database> <filename> [options]
Example: preludedb-admin save alert "type=mysql name=dbname user=prelude" outputfile
Save messages from <database> into [filename].
If no filename argument is provided, data will be written to standard output.
Database arguments:
type : Type of database (mysql/pgsql).
name : Name of the database.
user : User to access the database.
pass : Password to access the database.
Valid options:
--offset <offset> : Skip processing until 'offset' events.
--count <count> : Process at most count events.
--query-logging [filename] : Log SQL query to the specified file.
--criteria <criteria> : Only process events matching criteria.
--events-per-transaction : Maximum number of event to process per transaction (default 1000).
.fi
.RE
Preludedb-admin can be useful to delete events from a prelude database :
.RS
.nf
preludedb-admin delete alert --criteria <criteria> "type=<mysql> name=<dbname> user=<prelude-user> pass=<pass>"
.fi
.RE
where \fIcriteria\fR is an IDMEF criteria :
.RS
.nf
preludedb-admin delete alert --criteria "alert.classification.text == 'UDP packet dropped'" "type=mysql name=prelude user=prelude-user pass=prelude-pass"
.fi
.RE
This will delete all event with the classification text "UDP packet dropped" from the database.
.SH SEE ALSO
The Prelude Handbook: \fIhttps://www.prelude-siem.org/projects/prelude/wiki/ManualUser\fR
.P
Prelude homepage: \fIhttp://www.prelude-siem.com/\fR
.P
Creating filter using IDMEF Criteria: \fIhttps://www.prelude-siem.org/projects/prelude/wiki/IDMEFCriteria\fR
.P
Prelude IDMEF Path: \fIhttps://www.prelude-siem.org/projects/prelude/wiki/IDMEFPath\fR
.SH BUGS
To report a bug, please visit \fIhttps://www.prelude-siem.org/\fR
.SH AUTHOR
This manpage was Written by Pierre Chifflier.
.SH COPYRIGHT
Copyright \(co 2006-2020 CS GROUP - France.
.br
This is free software. You may redistribute copies of it under the terms of
the GNU General Public License <http://www.gnu.org/licenses/gpl.html>.
There is NO WARRANTY, to the extent permitted by law.
|
