1Prelude(1)                       User Commands                      Prelude(1)
2
3
4

NAME

6       preludedb-admin - tool to copy, move, delete, save or restore a prelude
7       database
8

SYNOPSIS

10       preludedb-admin copy|move|delete|load|save arguments
11

DESCRIPTION

13       preludedb-admin can be used to copy, move, delete, save  or  restore  a
14       prelude  database, partly or in whole, while preserving IDMEF data con‐
15       sistency.
16
17       Mandatory arguments
18
19       copy   Make a copy of a Prelude database to another database.
20
21       delete Delete content of a Prelude database.
22
23       load   Load a Prelude database from a file.
24
25       move   Move content of a Prelude database to another database.
26
27       save   Save a Prelude database to a file.
28
29       Running a command without providing arguments will display  a  detailed
30       help.
31

EXAMPLES

33       Obtaining help on a specific command:
34
35              # preludedb-admin save
36              Usage  : save <alert|heartbeat> <database> <filename> [options]
37              Example: preludedb-admin save alert "type=mysql name=dbname user=prelude" outputfile
38
39              Save messages from <database> into [filename].
40              If no filename argument is provided, data will be written to standard output.
41
42              Database arguments:
43                type  : Type of database (mysql/pgsql).
44                name  : Name of the database.
45                user  : User to access the database.
46                pass  : Password to access the database.
47
48              Valid options:
49                --offset <offset>               : Skip processing until 'offset' events.
50                --count <count>                 : Process at most count events.
51                --query-logging [filename]      : Log SQL query to the specified file.
52                --criteria <criteria>           : Only process events matching criteria.
53                --events-per-transaction        : Maximum number of event to process per transaction (default 1000).
54
55       Preludedb-admin  can be useful to delete events from a prelude database
56       :
57
58              preludedb-admin delete alert --criteria <criteria> "type=<mysql> name=<dbname> user=<prelude-user> pass=<pass>"
59
60       where criteria is an IDMEF criteria :
61
62              preludedb-admin delete alert --criteria "alert.classification.text == 'UDP packet dropped'" "type=mysql name=prelude user=prelude-user pass=prelude-pass"
63
64       This will delete all event with the  classification  text  "UDP  packet
65       dropped" from the database.
66

SEE ALSO

68       The Prelude Handbook: https://trac.prelude-ids.org/wiki/PreludeHandbook
69
70       Prelude homepage: http://www.prelude-ids.com/
71
72       Creating    filter    using   IDMEF   Criteria:   https://trac.prelude-
73       ids.org/wiki/IDMEFCriteria
74
75       Prelude IDMEF Path: https://trac.prelude-ids.org/wiki/IDMEFPath
76

BUGS

78       To report a bug, please visit https://trac.prelude-ids.org/
79

AUTHOR

81       This manpage was Written by Pierre Chifflier.
82

84       Copyright © 2006 PreludeIDS Technologies.
85       This is free software.  You may redistribute copies  of  it  under  the
86       terms       of       the      GNU      General      Public      License
87       <http://www.gnu.org/licenses/gpl.html>.  There is NO WARRANTY,  to  the
88       extent permitted by law.
89
90
91
92preludedb-admin                    June 2007                        Prelude(1)
Impressum