preludedb-admin - Online in the Cloud

Run preludedb-admin in OnWorks free hosting provider over Ubuntu Online, Fedora Online, Windows online emulator or MAC OS online emulator

This is the command preludedb-admin that can be run in the OnWorks free hosting provider using one of our multiple free online workstations such as Ubuntu Online, Fedora Online, Windows online emulator or MAC OS online emulator

Run in Ubuntu Run in Fedora Run in Windows Sim Run in MACOS Sim

PROGRAM:

NAME

preludedb-admin - tool to copy, move, delete, save or restore a prelude database

SYNOPSIS

preludedb-admin copy|move|delete|load|save arguments

DESCRIPTION

preludedb-admin can be used to copy, move, delete, save or restore a prelude database,
partly or in whole, while preserving IDMEF data consistency.

Mandatory arguments

copy Make a copy of a Prelude database to another database.

delete Delete content of a Prelude database.

load Load a Prelude database from a file.

move Move content of a Prelude database to another database.

save Save a Prelude database to a file.

Running a command without providing arguments will display a detailed help.

EXAMPLES

Obtaining help on a specific command:

# preludedb-admin save
Usage : save <alert|heartbeat> <database> <filename> [options]
Example: preludedb-admin save alert "type=mysql name=dbname user=prelude" outputfile

Save messages from <database> into [filename].
If no filename argument is provided, data will be written to standard output.

Database arguments:
type : Type of database (mysql/pgsql).
name : Name of the database.
user : User to access the database.
pass : Password to access the database.

Valid options:
--offset <offset> : Skip processing until 'offset' events.
--count <count> : Process at most count events.
--query-logging [filename] : Log SQL query to the specified file.
--criteria <criteria> : Only process events matching criteria.
--events-per-transaction : Maximum number of event to process per transaction (default 1000).

Preludedb-admin can be useful to delete events from a prelude database :

preludedb-admin delete alert --criteria <criteria> "type=<mysql> name=<dbname> user=<prelude-user> pass=<pass>"

where criteria is an IDMEF criteria :

preludedb-admin delete alert --criteria "alert.classification.text == 'UDP packet dropped'" "type=mysql name=prelude user=prelude-user pass=prelude-pass"

This will delete all event with the classification text "UDP packet dropped" from the
database.

Use preludedb-admin online using onworks.net services