Provided by: preludedb-utils_5.2.0-2build3_all bug

NAME
       preludedb-admin - tool to copy, move, delete, save or restore a prelude database


SYNOPSIS
       preludedb-admin copy|count|delete|load|move|optimize|save|update arguments


DESCRIPTION
       preludedb-admin  can  be  used  to  copy,  move, delete, save, update or restore a Prelude
       database, partly or in whole, while preserving IDMEF data consistency.

       Mandatory arguments

       copy   Make a copy of a Prelude database to another database.

       count  Count the number of events in a Prelude database.

       delete Delete content of a Prelude database.

       load   Load a Prelude database from a file.

       move   Move content of a Prelude database to another database.

       optimize
              Optimize a Prelude database by deleting orphaned data.

       save   Save a Prelude database to a file.

       update Update data in a Prelude database.

       Running a command without providing arguments will display a detailed help.


EXAMPLES
       Obtaining help on a specific command:

              # preludedb-admin save
              Usage  : save <alert|heartbeat> <database> <filename> [options]
              Example: preludedb-admin save alert "type=mysql name=dbname user=prelude" outputfile

              Save messages from <database> into [filename].
              If no filename argument is provided, data will be written to standard output.

              Database arguments:
                type  : Type of database (mysql/pgsql).
                name  : Name of the database.
                user  : User to access the database.
                pass  : Password to access the database.

              Valid options:
                --offset <offset>               : Skip processing until 'offset' events.
                --count <count>                 : Process at most count events.
                --query-logging [filename]      : Log SQL query to the specified file.
                --criteria <criteria>           : Only process events matching criteria.
                --events-per-transaction        : Maximum number of event to process per transaction (default 1000).

       Preludedb-admin can be useful to delete events from a prelude database :

              preludedb-admin delete alert --criteria <criteria> "type=<mysql> name=<dbname> user=<prelude-user> pass=<pass>"

       where criteria is an IDMEF criteria :

              preludedb-admin delete alert --criteria "alert.classification.text == 'UDP packet dropped'" "type=mysql name=prelude user=prelude-user pass=prelude-pass"

       This will delete all event with the classification text  "UDP  packet  dropped"  from  the
       database.


SEE ALSO
       The Prelude Handbook: https://www.prelude-siem.org/projects/prelude/wiki/ManualUser

       Prelude homepage: http://www.prelude-siem.com/

       Creating        filter        using       IDMEF       Criteria:       https://www.prelude-
       siem.org/projects/prelude/wiki/IDMEFCriteria

       Prelude IDMEF Path: https://www.prelude-siem.org/projects/prelude/wiki/IDMEFPath


BUGS
       To report a bug, please visit https://www.prelude-siem.org/


AUTHOR
       This manpage was Written by Pierre Chifflier.


COPYRIGHT
       Copyright © 2006-2020 CS GROUP - France.
       This is free software.  You may redistribute copies of it  under  the  terms  of  the  GNU
       General  Public  License <http://www.gnu.org/licenses/gpl.html>.  There is NO WARRANTY, to
       the extent permitted by law.