NAME
prelude-manager - Collects and normalize events.
SYNOPSIS
prelude-manager [options]
DESCRIPTION
Prelude Manager is a high-availability server which can collect,
filter, relay, reverse-relay, normalize and store events. Events can
come from registered analyzers and/or managers. The common usage is to
store nomalized events into a database, thus this can be extended to
store informations in plain text or xml files.
OPTIONS
Some prelude-manager option are contextual, they have to be prefixed by
another.
--prelude Prelude generic options
--profile=<name> Profile to use for this analyzer
--heartbeat-interval=<interval> Number of seconds between two heartbeat
--server-addr=<address> Address where this sensor should report to
(addr:port)
--analyzer-name=<name> Name for this analyzer
--db=<INAME>
Options for the libpreludedb plugin
-t, --type=<type> Type of database (mysql/pgsql/sqlite3)
-l, --log=<file name> Log all queries in a file, should be only
used for debugging purpose
-h, --host=<address> The host where the database server is running
(in case of client/server database)
-f, --file=<file name> The file where the database is stored (in
case of file based database)
-p, --port=<port number> The port where the database server is
listening (in case of client/server database)
-d, --name=<name> The name of the database where the alerts will
be stored
-u, --user=<user> User of the database (in case of client/server
database)
-P, --pass=<password> Password for the user (in case of
client/server database)
--debug=<INAME>
Option for the debug plugin
-o, --object=<name> Name of IDMEF object to print (no object
provided will print the entire message)
-l, --logfile=<file name> Specify output file to use (default to
stdout)
--relaying=<INAME>
Relaying plugin option
-p, --parent-managers=<address> List of managers address:port pair
where messages should be sent to
--textmod=<INAME>
Option for the textmod plugin
-l, --logfile=<file name> Specify logfile to use
--xmlmod=<INAME>
Option for the xmlmod plugin
-l, --logfile=<file name> Specify output file to use
-v, --validate=<xml> Validate IDMEF XML output against DTD
-f, --format=<format> Format XML output so that it is readable
-d, --disable-buffering=<boolean> Disable output file buffering to
prevent truncated tags
--idmef-criteria-filter=<INAME> Filter message based on IDMEF
criteria
-r, --rule=<rule> Filter rule, or filename containing rule
--hook=<value> Where the filter should be hooked
(reporting|reverse-relaying|plugin name)
--config=<file name>
Configuration file to use
-v, --version
Print version number
-D, --debug-level=<level>
Run in debug mode
-d, --daemon
Run in daemon mode
-P, --pidfile=<file name>
Write Prelude PID to pidfile
-c, --child-managers=<address>
List of managers address:port pair where messages should be
gathered from
-l, --listen=<address>
Address the sensors server should listen on (addr:port)
-f, --failover=<boolean>
Enable failover for specified report plugin
-h, --help
Print help
FILES
/etc/prelude/prelude-manager.conf - the configuration file
BUGS
This man page hadn’t been proof-read yet.
SEE ALSO
prelude-adduser(1)
prelude-manager(1)