1Prelude(1)                       User Commands                      Prelude(1)
2
3
4

NAME

6       preludedb-admin - tool to copy, move, delete, save or restore a prelude
7       database
8

SYNOPSIS

10       preludedb-admin copy|move|delete|load|save arguments
11

DESCRIPTION

13       preludedb-admin can be used to copy, move, delete, save  or  restore  a
14       prelude  database, partly or in whole, while preserving IDMEF data con‐
15       sistency.
16
17       Mandatory arguments
18
19       copy   Make a copy of a Prelude database to another database.
20
21       delete Delete content of a Prelude database.
22
23       load   Load a Prelude database from a file.
24
25       move   Move content of a Prelude database to another database.
26
27       save   Save a Prelude database to a file.
28
29       Running a command without providing arguments will display  a  detailed
30       help.
31

EXAMPLES

33       Obtaining help on a specific command:
34
35              # preludedb-admin save
36              Usage  : save <alert|heartbeat> <database> <filename> [options]
37              Example: preludedb-admin save alert "type=mysql name=dbname user=prelude" outputfile
38
39              Save messages from <database> into [filename].
40              If no filename argument is provided, data will be written to standard output.
41
42              Database arguments:
43                type  : Type of database (mysql/pgsql).
44                name  : Name of the database.
45                user  : User to access the database.
46                pass  : Password to access the database.
47
48              Valid options:
49                --offset <offset>               : Skip processing until 'offset' events.
50                --count <count>                 : Process at most count events.
51                --query-logging [filename]      : Log SQL query to the specified file.
52                --criteria <criteria>           : Only process events matching criteria.
53                --events-per-transaction        : Maximum number of event to process per transaction (default 1000).
54
55       Preludedb-admin  can be useful to delete events from a prelude database
56       :
57
58              preludedb-admin delete alert --criteria <criteria> "type=<mysql> name=<dbname> user=<prelude-user> pass=<pass>"
59
60       where criteria is an IDMEF criteria :
61
62              preludedb-admin delete alert --criteria "alert.classification.text == 'UDP packet dropped'" "type=mysql name=prelude user=prelude-user pass=prelude-pass"
63
64       This will delete all event with the  classification  text  "UDP  packet
65       dropped" from the database.
66

SEE ALSO

68       The    Prelude   Handbook:   https://www.prelude-siem.org/projects/pre
69       lude/wiki/ManualUser
70
71       Prelude homepage: http://www.prelude-siem.com/
72
73       Creating   filter   using    IDMEF    Criteria:    https://www.prelude-
74       siem.org/projects/prelude/wiki/IDMEFCriteria
75
76       Prelude    IDMEF    Path:    https://www.prelude-siem.org/projects/pre
77       lude/wiki/IDMEFPath
78

BUGS

80       To report a bug, please visit https://www.prelude-siem.org/
81

AUTHOR

83       This manpage was Written by Pierre Chifflier.
84

86       Copyright © 2006-2018 CS-SI.
87       This is free software.  You may redistribute copies  of  it  under  the
88       terms       of       the      GNU      General      Public      License
89       <http://www.gnu.org/licenses/gpl.html>.  There is NO WARRANTY,  to  the
90       extent permitted by law.
91
92
93
94preludedb-admin                    June 2012                        Prelude(1)
Impressum