prelude-manager - Collects and normalize events.

       This man page hadn't been proof-read yet.

       Prelude  Manager is a high-availability server which can collect, filter, relay, reverse-relay, normalize
       and store events. Events can come from registered analyzers and/or managers. The common usage is to store
       nomalized events into a database, thus this can be extended to store information in  plain  text  or  xml
       files.

/etc/prelude/prelude-manager.conf - the configuration file

       prelude-manager - Collects and normalize events.

       Some prelude-manager option are contextual, they have to be prefixed by another.

       --prelude Prelude generic options

       --profile=<name> Profile to use for this analyzer

       --heartbeat-interval=<interval> Number of seconds between two heartbeat

       --server-addr=<address> Address where this sensor should report to (addr:port)

       --analyzer-name=<name> Name for this analyzer

       --db=<INAME>
            Options for the libpreludedb plugin

            -t,--type=<type> Type of database (mysql/pgsql/sqlite3)

            -l,--log=<filename> Log all queries in a file, should be only used for debugging purpose

            -h,--host=<address>  The  host  where  the  database  server  is running (in case of client/server
            database)

            -f,--file=<filename> The file where the database is stored (in case of file based database)

            -p,--port=<portnumber> The port where the database server is listening (in case  of  client/server
            database)

            -d,--name=<name> The name of the database where the alerts will be stored

            -u,--user=<user> User of the database (in case of client/server database)

            -P,--pass=<password> Password for the user (in case of client/server database)

       --debug=<INAME>
            Option for the debug plugin

            -o,--object=<name> Name of IDMEF object to print (no object provided will print the entire message)

            -l,--logfile=<filename> Specify output file to use (default to stdout)

       --relaying=<INAME>
            Relaying plugin option

            -p,--parent-managers=<address> List of managers address:port pair where messages should be sent to

       --textmod=<INAME>
            Option for the textmod plugin

            -l,--logfile=<filename> Specify logfile to use

       --xmlmod=<INAME>
            Option for the xmlmod plugin

            -l,--logfile=<filename> Specify output file to use

            -v,--validate=<xml> Validate IDMEF XML output against DTD

            -f,--format=<format> Format XML output so that it is readable

            -d,--disable-buffering=<boolean> Disable output file buffering to prevent truncated tags

            --idmef-criteria-filter=<INAME> Filter message based on IDMEF criteria

            -r,--rule=<rule> Filter rule, or filename containing rule

            --hook=<value> Where the filter should be hooked (reporting|reverse-relaying|plugin name)

       --config=<filename>
            Configuration file to use

       -v,--version
            Print version number

       -D,--debug-level=<level>
            Run in debug mode

       -d,--daemon
            Run in daemon mode

       -P,--pidfile=<filename>
            Write Prelude PID to pidfile

       -c,--child-managers=<address>
            List of managers address:port pair where messages should be gathered from

       -l,--listen=<address>
            Address the sensors server should listen on (addr:port)

       -f,--failover=<boolean>
            Enable failover for specified report plugin

       -h,--help
            Print help

prelude-adduser(1)

                                                                                              prelude-manager(1)

prelude-manager[options]