Beispiel #1
0
 def _read_from_xml(self, xml_element, trace_dict):
     '''Add event info defined in an XML events element'''
     self.trace_id = trace_dict[xml_element]
     # attributes
     for att_key in xml_element.attrib:
         if att_key == 'name':
             self.name = xml_element.attrib['name'].strip()
         elif att_key == 'debug':
             att_val = xml_element.attrib['debug'].strip()
             if att_val == 'true':
                 self.debug = True
             elif att_val == 'false':
                 self.debug = False
         else:
             self.context.parse_error(self.trace_id[0], 'rule element encountered an unexpected attribute: {0}'.format(att_key))
     # elements
     for rule_element in xml_element:
         element_name = rule_element.tag.split('}')[-1]
         element_value = rule_element.text
         if element_name == 'condition':
             self.condition = GearCondition(rule_element, trace_dict, self.context)
         elif element_name == 'action':
             self.action = GearAction(rule_element, trace_dict, self.context)
         elif element_name == 'description':
             self.description = element_value
         else:
             self.context.parse_error(self.trace_id[0], 'rules element encountered an unexpected element \'{0}\''.format(element_name))
     return
Beispiel #2
0
class GearRule(object):
    '''
    Gear rule 
    '''
    
    def __init__(self, init_xml_element, trace_dict, context):
        '''
        Constructor
        '''
        self.name = ''
        self.debug = context.gear_rule_debug
        self.description = ''
        self.condition = None
        self.action = None
        self.cur_event = None
        #self.cur_event = None
        self.trace_id = (0, 'rule')   # will be completed when read in name
        self.context = context
        if init_xml_element is not None:
            self._read_from_xml(init_xml_element, trace_dict)
        return
     
    def __str__(self):
        # TODO: Put in xml format?
        outstr = 'Rule ' + self.name + '\n'
        outstr += '  Desc: ' + self.description + '\n'
        outstr += '  Condition:\n'
        if self.condition is None:
            outstr += ' None'
        else:
            outstr += str(self.condition) + '\n'
        outstr += '  Action:\n'
        if self.action is None:
            outstr += ' None'
        else:
            outstr += str(self.action) + '\n'
        return outstr
    
    def _read_from_xml(self, xml_element, trace_dict):
        '''Add event info defined in an XML events element'''
        self.trace_id = trace_dict[xml_element]
        # attributes
        for att_key in xml_element.attrib:
            if att_key == 'name':
                self.name = xml_element.attrib['name'].strip()
            elif att_key == 'debug':
                att_val = xml_element.attrib['debug'].strip()
                if att_val == 'true':
                    self.debug = True
                elif att_val == 'false':
                    self.debug = False
            else:
                self.context.parse_error(self.trace_id[0], 'rule element encountered an unexpected attribute: {0}'.format(att_key))
        # elements
        for rule_element in xml_element:
            element_name = rule_element.tag.split('}')[-1]
            element_value = rule_element.text
            if element_name == 'condition':
                self.condition = GearCondition(rule_element, trace_dict, self.context)
            elif element_name == 'action':
                self.action = GearAction(rule_element, trace_dict, self.context)
            elif element_name == 'description':
                self.description = element_value
            else:
                self.context.parse_error(self.trace_id[0], 'rules element encountered an unexpected element \'{0}\''.format(element_name))
        return
    
    def resolve_and_validate(self):
        ''' Resolve and validate the rules '''
        if self.condition is None or self.action is None:
            self.context.parse_error(self.trace_id[0], '\'rule\' element requires both the \'condition\' and \'action\' sub-elements')
        self.condition.resolve_and_validate(self)
        self.action.resolve_and_validate(self)
        if self.debug is not None: 
            self.execute_suppression_stage = self.execute_suppression_stage_DEBUG
            self.execute_alert_stage = self.execute_alert_stage_DEBUG
        else:
            self.execute_suppression_stage = self.execute_suppression_stage_NORMAL
            self.execute_alert_stage = self.execute_alert_stage_NORMAL

        return
       
    def prime(self, event):
        ''' prime the condition ''' 
        #get_logger().debug('priming rule {0} with event {1}'.format(self.name, str(event)))
        self.cur_event = event
        self.condition.prime(event)
        return
    
    def accumulate(self, event):
        ''' Accumulate events '''
        #get_logger().debug('priming rule {0} with event {1}'.format(self.name, str(event)))
        self.cur_event = event
        self.condition.accumulate(event)
        return
    
    def execute_suppression_stage_NORMAL(self, pool, gear_ctl):
        ''' execute the rules '''
        self.cur_event = None
        truth_space = self.condition.get_truth_space(None)
        if truth_space is None or len(truth_space) == 0:
            return 
        # Accumulate suppressions
        for truth_point in truth_space:
            self.action.truth_point = truth_point   # Required to make GEAR variables work
            self.action.execute_accumulate_suppression_stage(truth_point, pool, self)
        # Finalize suppressions
        self.action.execute_finalize_suppression_stage(pool, self)
        return
    
    def execute_suppression_stage_DEBUG(self, pool, gear_ctl):
        ''' execute the rules '''
        get_logger().info(self.condition._state_str(None))
        self.execute_suppression_stage_NORMAL(pool, gear_ctl)
        return
    
    def execute_alert_stage_NORMAL(self, pool, gear_ctl):
        ''' execute the rules '''
        self.cur_event = None
        # Process create alerts
        if self.action.will_create_alerts() == False:
            return 
        # Not get the true values removing the events that were suppressed
        truth_space = self.condition.get_truth_space(pool.get_suppressed_incidents(), exclude_primes=True)
        if truth_space is None or len(truth_space) == 0:
            return None
        for truth_point in truth_space:
            self.action.truth_point = truth_point   # Required to make GEAR variables work
            self.action.execute_accumulate_alert_stage(truth_point, pool, self)
        return self.action.execute_create_alert_stage(pool, self)
    
    def execute_alert_stage_DEBUG(self, pool, gear_ctl):
        ''' execute the rules '''
        get_logger().info('Excluded events: {0}'.format(','.join([str(e.rec_id) for e in pool.get_suppressed_incidents()])))
        get_logger().info(self.condition._state_str(pool.get_suppressed_incidents()))
        return self.execute_alert_stage_NORMAL(pool, gear_ctl)
    
    def reset(self):
        '''Reset the rule'''
        self.condition.reset()
        self.action.reset()
        return
    
    def get_cross_ref(self):
        ''' Get a cross reference for this rule
            [ [event_ids_used_in_conditions], [event_ids_used_in_suppressions], [alert_ids]] '''
        result = []
        result.append(self.condition.get_cross_ref())
        result.extend(self.action.get_cross_ref())
        return result
    
    def get_used_locations(self):
        ''' get the used locations '''
        used_locs = set()
        t_used_locs = self.condition.get_used_locations()
        if t_used_locs is not None:
            used_locs.update(t_used_locs)
        t_used_locs = self.action.get_used_locations()
        if t_used_locs is not None:
            used_locs.update(t_used_locs)
        return used_locs
    
    def get_checked_event_info(self):
        ''' Return a list of (comp, event ids) that are processed by this rules condition
            return None if not deterministic (GEAR variable)
        '''
        return self.condition.get_checked_event_info()