prelude-manager - Man Page

Collects and normalize events.

Synopsis

prelude-manager [options]

Description

Prelude Manager is a high-availability server which can collect, filter, relay, reverse-relay, normalize and store events. Events can come from registered analyzers and/or managers. The common usage is to store nomalized events into a database, thus this can be extended to store informations in plain text or xml files.

Options

Some prelude-manager option are contextual, they have to be prefixed by another.

--prelude
Prelude generic options
--profile=<name>
Profile to use for this analyzer
--heartbeat-interval=<interval>
Number of seconds between two heartbeat
--server-addr=<address>
Address where this sensor should report to (addr:port)
--analyzer-name=<name>
Name for this analyzer
--db=<INAME>

Options for the libpreludedb plugin

-t, --type=<type> Type of database (mysql/pgsql/sqlite3)

-l, --log=<file name> Log all queries in a file, should be only used for debugging purpose

-h, --host=<address> The host where the database server is running (in case of client/server database)

-f, --file=<file name> The file where the database is stored (in case of file based database)

-p, --port=<port number> The port where the database server is listening (in case of client/server database)

-d, --name=<name> The name of the database where the alerts will be stored

-u, --user=<user> User of the database (in case of client/server database)

-P, --pass=<password> Password for the user (in case of client/server database)

--debug=<INAME>

Option for the debug plugin

-o, --object=<name> Name of IDMEF object to print (no object provided will print the entire message)

-l, --logfile=<file name> Specify output file to use (default to stdout)

--relaying=<INAME>

Relaying plugin option

-p, --parent-managers=<address> List of managers address:port pair where messages should be sent to

--textmod=<INAME>

Option for the textmod plugin

-l, --logfile=<file name> Specify logfile to use

--xmlmod=<INAME>

Option for the xmlmod plugin

-l, --logfile=<file name> Specify output file to use

-v, --validate=<xml> Validate IDMEF XML output against DTD

-f, --format=<format> Format XML output so that it is readable

-d, --disable-buffering=<boolean> Disable output file buffering to prevent truncated tags

--idmef-criteria-filter=<INAME> Filter message based on IDMEF criteria

-r, --rule=<rule> Filter rule, or filename containing rule

--hook=<value> Where the filter should be hooked (reporting|reverse-relaying|plugin name)

--config=<file name>

Configuration file to use

-v,  --version

Print version number

-D,  --debug-level=<level>

Run in debug mode

-d,  --daemon

Run in daemon mode

-P,  --pidfile=<file name>

Write Prelude PID to pidfile

-c,  --child-managers=<address>

List of managers address:port pair where messages should be gathered from

-l,  --listen=<address>

Address the sensors server should listen on (addr:port)

-f,  --failover=<boolean>

Enable failover for specified report plugin

-h,  --help

Print help

Files

/etc/prelude/prelude-manager.conf - the configuration file

Bugs

This man page hadn't been proof-read yet.

See Also

prelude-adduser(1)