1Prelude(1)                       User Commands                      Prelude(1)
2
3
4

NAME

6       preludedb-admin - tool to copy, move, delete, save or restore a prelude
7       database
8

SYNOPSIS

10       preludedb-admin copy|count|delete|load|move|optimize|save|update  argu‐
11       ments
12

DESCRIPTION

14       preludedb-admin  can  be  used  to  copy, move, delete, save, update or
15       restore a Prelude database, partly or in whole, while preserving  IDMEF
16       data consistency.
17
18       Mandatory arguments
19
20       copy   Make a copy of a Prelude database to another database.
21
22       count  Count the number of events in a Prelude database.
23
24       delete Delete content of a Prelude database.
25
26       load   Load a Prelude database from a file.
27
28       move   Move content of a Prelude database to another database.
29
30       optimize
31              Optimize a Prelude database by deleting orphaned data.
32
33       save   Save a Prelude database to a file.
34
35       update Update data in a Prelude database.
36
37       Running  a  command without providing arguments will display a detailed
38       help.
39

EXAMPLES

41       Obtaining help on a specific command:
42
43              # preludedb-admin save
44              Usage  : save <alert|heartbeat> <database> <filename> [options]
45              Example: preludedb-admin save alert "type=mysql name=dbname user=prelude" outputfile
46
47              Save messages from <database> into [filename].
48              If no filename argument is provided, data will be written to standard output.
49
50              Database arguments:
51                type  : Type of database (mysql/pgsql).
52                name  : Name of the database.
53                user  : User to access the database.
54                pass  : Password to access the database.
55
56              Valid options:
57                --offset <offset>               : Skip processing until 'offset' events.
58                --count <count>                 : Process at most count events.
59                --query-logging [filename]      : Log SQL query to the specified file.
60                --criteria <criteria>           : Only process events matching criteria.
61                --events-per-transaction        : Maximum number of event to process per transaction (default 1000).
62
63       Preludedb-admin can be useful to delete events from a prelude  database
64       :
65
66              preludedb-admin delete alert --criteria <criteria> "type=<mysql> name=<dbname> user=<prelude-user> pass=<pass>"
67
68       where criteria is an IDMEF criteria :
69
70              preludedb-admin delete alert --criteria "alert.classification.text == 'UDP packet dropped'" "type=mysql name=prelude user=prelude-user pass=prelude-pass"
71
72       This  will  delete  all  event with the classification text "UDP packet
73       dropped" from the database.
74

SEE ALSO

76       The   Prelude   Handbook:    https://www.prelude-siem.org/projects/pre‐
77       lude/wiki/ManualUser
78
79       Prelude homepage: http://www.prelude-siem.com/
80
81       Creating    filter    using    IDMEF   Criteria:   https://www.prelude-
82       siem.org/projects/prelude/wiki/IDMEFCriteria
83
84       Prelude    IDMEF    Path:    https://www.prelude-siem.org/projects/pre‐
85       lude/wiki/IDMEFPath
86

BUGS

88       To report a bug, please visit https://www.prelude-siem.org/
89

AUTHOR

91       This manpage was Written by Pierre Chifflier.
92

COPYRIGHT

94       Copyright © 2006-2019 CS-SI.
95       This  is  free  software.   You may redistribute copies of it under the
96       terms      of      the      GNU      General       Public       License
97       <http://www.gnu.org/licenses/gpl.html>.   There  is NO WARRANTY, to the
98       extent permitted by law.
99
100
101
102preludedb-admin                    June 2012                        Prelude(1)