preludedb-admin

Langue: en

Autres versions - même langue

Version: 370988 (fedora - 01/12/10)

Section: 1 (Commandes utilisateur)

Sommaire

NAME

preludedb-admin - tool to copy, move, delete, save or restore a prelude database

SYNOPSIS

preludedb-admin copy|move|delete|load|save arguments

DESCRIPTION

preludedb-admin can be used to copy, move, delete, save or restore a prelude database, partly or in whole, while preserving IDMEF data consistency.

Mandatory arguments

copy
Make a copy of a Prelude database to another database.
delete
Delete content of a Prelude database.
load
Load a Prelude database from a file.
move
Move content of a Prelude database to another database.
save
Save a Prelude database to a file.

Running a command without providing arguments will display a detailed help.

EXAMPLES

Obtaining help on a specific command: 
 # preludedb-admin save
 Usage  : save <alert|heartbeat> <database> <filename> [options]
 Example: preludedb-admin save alert "type=mysql name=dbname user=prelude" outputfile
 
 Save messages from <database> into [filename].
 If no filename argument is provided, data will be written to standard output.
 
 Database arguments:
   type  : Type of database (mysql/pgsql).
   name  : Name of the database.
   user  : User to access the database.
   pass  : Password to access the database.
 
 Valid options:
   --offset <offset>               : Skip processing until 'offset' events.
   --count <count>                 : Process at most count events.
   --query-logging [filename]      : Log SQL query to the specified file.
   --criteria <criteria>           : Only process events matching criteria.
   --events-per-transaction        : Maximum number of event to process per transaction (default 1000).

Preludedb-admin can be useful to delete events from a prelude database :

 preludedb-admin delete alert --criteria <criteria> "type=<mysql> name=<dbname> user=<prelude-user> pass=<pass>"

where criteria is an IDMEF criteria :

 preludedb-admin delete alert --criteria "alert.classification.text == 'UDP packet dropped'" "type=mysql name=prelude user=prelude-user pass=prelude-pass"

This will delete all event with the classification text "UDP packet dropped" from the database.

SEE ALSO

The Prelude Handbook: https://trac.prelude-ids.org/wiki/PreludeHandbook Prelude homepage: http://www.prelude-ids.com/ Creating filter using IDMEF Criteria: https://trac.prelude-ids.org/wiki/IDMEFCriteria Prelude IDMEF Path: https://trac.prelude-ids.org/wiki/IDMEFPath

BUGS

To report a bug, please visit https://trac.prelude-ids.org/

AUTHOR

This manpage was Written by Pierre Chifflier. Copyright © 2006 PreludeIDS Technologies.
This is free software. You may redistribute copies of it under the terms of the GNU General Public License <http://www.gnu.org/licenses/gpl.html>. There is NO WARRANTY, to the extent permitted by law.