preludedb-admin - Man Page
tool to copy, move, delete, save or restore a prelude database
Synopsis
preludedb-admin copy|count|delete|load|move|optimize|save|update arguments
Description
preludedb-admin can be used to copy, move, delete, save, update or restore a Prelude database, partly or in whole, while preserving IDMEF data consistency.
Mandatory arguments
- copy
Make a copy of a Prelude database to another database.
- count
Count the number of events in a Prelude database.
- delete
Delete content of a Prelude database.
- load
Load a Prelude database from a file.
- move
Move content of a Prelude database to another database.
- optimize
Optimize a Prelude database by deleting orphaned data.
- save
Save a Prelude database to a file.
- update
Update data in a Prelude database.
Running a command without providing arguments will display a detailed help.
Examples
Obtaining help on a specific command:
# preludedb-admin save Usage : save <alert|heartbeat> <database> <filename> [options] Example: preludedb-admin save alert "type=mysql name=dbname user=prelude" outputfile Save messages from <database> into [filename]. If no filename argument is provided, data will be written to standard output. Database arguments: type : Type of database (mysql/pgsql). name : Name of the database. user : User to access the database. pass : Password to access the database. Valid options: --offset <offset> : Skip processing until 'offset' events. --count <count> : Process at most count events. --query-logging [filename] : Log SQL query to the specified file. --criteria <criteria> : Only process events matching criteria. --events-per-transaction : Maximum number of event to process per transaction (default 1000).
Preludedb-admin can be useful to delete events from a prelude database :
preludedb-admin delete alert --criteria <criteria> "type=<mysql> name=<dbname> user=<prelude-user> pass=<pass>"
where criteria is an IDMEF criteria :
preludedb-admin delete alert --criteria "alert.classification.text == 'UDP packet dropped'" "type=mysql name=prelude user=prelude-user pass=prelude-pass"
This will delete all event with the classification text "UDP packet dropped" from the database.
See Also
The Prelude Handbook: https://www.prelude-siem.org/projects/prelude/wiki/ManualUser
Prelude homepage: http://www.prelude-siem.com/
Creating filter using IDMEF Criteria: https://www.prelude-siem.org/projects/prelude/wiki/IDMEFCriteria
Prelude IDMEF Path: https://www.prelude-siem.org/projects/prelude/wiki/IDMEFPath
Bugs
To report a bug, please visit https://www.prelude-siem.org/
Author
This manpage was Written by Pierre Chifflier.
Copyright
Copyright © 2006-2020 CS GROUP - France.
This is free software. You may redistribute copies of it under the terms of the GNU General Public License <http://www.gnu.org/licenses/gpl.html>. There is NO WARRANTY, to the extent permitted by law.