SIMPLE SOLUTIONS

PRELUDE-MANAGER(1) - Linux man page online | User commands

Collects and normalize events.

Chapter
prelude-manager(1) General Commands Manual prelude-manager(1)

NAME

prelude-manager - Collects and normalize events.

SYNOPSIS

prelude-manager [options]

DESCRIPTION

Prelude Manager is a high-availability server which can collect, filter, relay, reverse- relay, normalize and store events. Events can come from registered analyzers and/or man‐ agers. The common usage is to store nomalized events into a database, thus this can be extended to store information in plain text or xml files.

OPTIONS

Some prelude-manager option are contextual, they have to be prefixed by another. --prelude Prelude generic options --profile=<name> Profile to use for this analyzer --heartbeat-interval=<interval> Number of seconds between two heartbeat --server-addr=<address> Address where this sensor should report to (addr:port) --analyzer-name=<name> Name for this analyzer --db=<INAME> Options for the libpreludedb plugin -t, --type=<type> Type of database (mysql/pgsql/sqlite3) -l, --log=<file name> Log all queries in a file, should be only used for debugging purpose -h, --host=<address> The host where the database server is running (in case of client/server database) -f, --file=<file name> The file where the database is stored (in case of file based database) -p, --port=<port number> The port where the database server is listening (in case of client/server database) -d, --name=<name> The name of the database where the alerts will be stored -u, --user=<user> User of the database (in case of client/server database) -P, --pass=<password> Password for the user (in case of client/server database) --debug=<INAME> Option for the debug plugin -o, --object=<name> Name of IDMEF object to print (no object provided will print the entire message) -l, --logfile=<file name> Specify output file to use (default to stdout) --relaying=<INAME> Relaying plugin option -p, --parent-managers=<address> List of managers address:port pair where messages should be sent to --textmod=<INAME> Option for the textmod plugin -l, --logfile=<file name> Specify logfile to use --xmlmod=<INAME> Option for the xmlmod plugin -l, --logfile=<file name> Specify output file to use -v, --validate=<xml> Validate IDMEF XML output against DTD -f, --format=<format> Format XML output so that it is readable -d, --disable-buffering=<boolean> Disable output file buffering to prevent truncated tags --idmef-criteria-filter=<INAME> Filter message based on IDMEF criteria -r, --rule=<rule> Filter rule, or filename containing rule --hook=<value> Where the filter should be hooked (reporting|reverse-relaying|plugin name) --config=<file name> Configuration file to use -v, --version Print version number -D, --debug-level=<level> Run in debug mode -d, --daemon Run in daemon mode -P, --pidfile=<file name> Write Prelude PID to pidfile -c, --child-managers=<address> List of managers address:port pair where messages should be gathered from -l, --listen=<address> Address the sensors server should listen on (addr:port) -f, --failover=<boolean> Enable failover for specified report plugin -h, --help Print help

FILES

/etc/prelude/prelude-manager.conf - the configuration file

BUGS

This man page hadn't been proof-read yet.

SEE ALSO

prelude-adduser(1)
prelude-manager(1)
This manual Reference Other manuals
prelude-manager(1) referred by audisp-prelude(8) | audisp-prelude.conf(5)
refer to
Download raw manual
Main page General Commands Manual (+12866) № 1 (+39907)
Go top