1prelude-manager(1) General Commands Manual prelude-manager(1)
2
6 prelude-manager - Collects and normalize events.
7
9 prelude-manager [options]
10
12 Prelude Manager is a high-availability server which can collect, fil‐
13 ter, relay, reverse-relay, normalize and store events. Events can come
14 from registered analyzers and/or managers. The common usage is to store
15 nomalized events into a database, thus this can be extended to store
16 informations in plain text or xml files.
17
20 Some prelude-manager option are contextual, they have to be prefixed by
21 another.
22 --prelude Prelude generic options
24 --profile=<name> Profile to use for this analyzer
26 --heartbeat-interval=<interval> Number of seconds between two heartbeat
28 --server-addr=<address> Address where this sensor should report to
30 (addr:port)
31 --analyzer-name=<name> Name for this analyzer
33 --db=<INAME>
36 Options for the libpreludedb plugin
37 -t, --type=<type> Type of database (mysql/pgsql/sqlite3)
39 -l, --log=<file name> Log all queries in a file, should be only
41 used for debugging purpose
42 -h, --host=<address> The host where the database server is running
44 (in case of client/server database)
45 -f, --file=<file name> The file where the database is stored (in
47 case of file based database)
48 -p, --port=<port number> The port where the database server is
50 listening (in case of client/server database)
51 -d, --name=<name> The name of the database where the alerts will
53 be stored
54 -u, --user=<user> User of the database (in case of client/server
56 database)
57 -P, --pass=<password> Password for the user (in case of
59 client/server database)
60 --debug=<INAME>
64 Option for the debug plugin
65 -o, --object=<name> Name of IDMEF object to print (no object pro‐
67 vided will print the entire message)
68 -l, --logfile=<file name> Specify output file to use (default to
70 stdout)
71 --relaying=<INAME>
75 Relaying plugin option
76 -p, --parent-managers=<address> List of managers address:port pair
78 where messages should be sent to
79 --textmod=<INAME>
83 Option for the textmod plugin
84 -l, --logfile=<file name> Specify logfile to use
86 --xmlmod=<INAME>
90 Option for the xmlmod plugin
91 -l, --logfile=<file name> Specify output file to use
93 -v, --validate=<xml> Validate IDMEF XML output against DTD
95 -f, --format=<format> Format XML output so that it is readable
97 -d, --disable-buffering=<boolean> Disable output file buffering to
99 prevent truncated tags
100 --idmef-criteria-filter=<INAME> Filter message based on IDMEF cri‐
102 teria
103 -r, --rule=<rule> Filter rule, or filename containing rule
105 --hook=<value> Where the filter should be hooked (report‐
107 ing|reverse-relaying|plugin name)
108 --config=<file name>
112 Configuration file to use
113 -v, --version
115 Print version number
116 -D, --debug-level=<level>
118 Run in debug mode
119 -d, --daemon
121 Run in daemon mode
122 -P, --pidfile=<file name>
124 Write Prelude PID to pidfile
125 -c, --child-managers=<address>
127 List of managers address:port pair where messages should be gath‐
128 ered from
129 -l, --listen=<address>
131 Address the sensors server should listen on (addr:port)
132 -f, --failover=<boolean>
134 Enable failover for specified report plugin
135 -h, --help
137 Print help
138
141 /etc/prelude/prelude-manager.conf - the configuration file
142
145 This man page hadn't been proof-read yet.
146
149 prelude-adduser(1)
150 prelude-manager(1)