def setUp(self):
self.config = configuration.Config()
self.logger = logging.Logger(self.config)
self.evgen = event.EventGenerator()
self.ticker = None
self.cache = cache.EventCache(self.config, self.logger, self.ticker)
self.cm = contexts.ContextManager(self.config, self.logger,
self.ticker, self.cache)
self.eh = TestEventHandler()
def setUp(self):
self.queue = Queue.Queue(1000)
# slight hack to determine the path of this module, so that the XML
# files can always be loaded from the same path (the current path can't
# be used, because it depends on how the test is executed):
self.basedir = os.path.dirname(
os.path.abspath(sys.modules[__name__].__file__)) + "/"
self.config = configuration.Config()
self.config.simulation = True
self.config.realtime = False
self.logger = logging.Logger(self.config)
def __init__(self, config=None, aftercrash=False):
self.aftercrash = aftercrash
self.stop_processing = False
# configuration
if config == None:
self.config = configuration.Config()
else:
self.config = config
# logging
self.logger = logging.Logger(self.config)
self.logger.logNotice("Starting ace (a correlation engine).")
# number of inputs and outputs
self.num_inputs = len(self.config.input)
self.num_outputs = len(self.config.output)
self.logger.logInfo("CE has %d source(s) and %d sink(s)." %
(self.num_inputs, self.num_outputs))
# queues (-> output needs a separate queue for each sink)
self.input_queue = Queue.Queue(self.config.input_queue_max_size)
self.output_queues = [
Queue.Queue(self.config.output_queue_max_size)
for i in range(self.num_outputs)
]
# ticker
self.ticker = ticker.Ticker(self.config, self.logger)
# input
self.sources = []
for i in range(self.num_inputs):
source = sources.get_source(
self.config.input[i]['source'].split(':')[0])
self.sources.append(
source(i, self.config, self.logger, self.input_queue))
# core
self.core = core.EventHandler(self.config, self.logger, self.ticker,
self.input_queue, self.output_queues)
# output
self.sinks = []
for i in range(self.num_outputs):
sink = sinks.get_sink(self.config.output[i]['sink'].split(':')[0])
if self.config.simulation:
sink.daemon = True # lets ace exit, in case the core crashes
self.sinks.append(
sink(i, self.config, self.logger, self.output_queues[i]))
# set up signal handlers
signal.signal(signal.SIGHUP,
self.sighupHandler) # initiates a rule reload
signal.signal(signal.SIGTERM,
self.sigtermHandler) # initiates a CE shutdown
signal.signal(signal.SIGINT,
self.sigintHandler) # initiates an immediate CE shutdown
# initialise RPC server if requested
if self.config.rpcserver:
self.rpchandler = rpc.RPCHandler(self.config, self.logger, self,
self.core)
def setUp(self):
self.config = configuration.Config()
self.logger = logging.Logger(self.config)
EventLogger = action_plugins.get_plugin("logevents")
self.eventlogger = EventLogger(None, None, None)
self.evgen = event.EventGenerator()
# -> wait forever (or shorter, if a SIGTERM initiates a shutdown,
# or a thread crashes)
self.logger.logInfo("Master: waiting for events or SIGTERM.")
while not self.stop_processing:
if not self.allThreadsAlive():
# thread died
# -> exit
# (note: we could also try to restart the affected thread)
self.logger.logErr(
"Master: a child thread died - exiting.")
self.finish()
time.sleep(self.config.thread_sleep_time)
# events may be left in the queues
if self.input_queue.qsize() > 0:
self.logger.logInfo("Master: " + str(self.input_queue.qsize()) +
" events left in input queue.")
for i in range(len(self.output_queues)):
if self.output_queues[i].qsize() > 0:
self.logger.logInfo("Master: %d events left in output queue %d."\
% (self.output_queues[i].qsize(), i))
# all done
self.logger.logNotice("All threads finished - exiting.")
self.logger.close()
# main function - for testing only
if __name__ == '__main__':
config = configuration.Config(ipython_console=True)
master = Master(config)
master.run()
def setUp(self): self.basedir = os.path.dirname(os.path.abspath(sys.modules[__name__].__file__))+"/" self.config = configuration.Config() self.config.loglevel = 0 self.config.verbosity = 0 self.config.realtime = False
def setUp(self):
self.config = configuration.Config()
self.logger = logging.Logger(self.config)
self.ticker = ticker.Ticker(self.config, self.logger)
def setUp(self):
self.config = configuration.Config()
self.config.simulation = True
self.config.fast_exit = False
self.logger = logging.Logger(self.config)
'status': element.attrib['status']}
descriptionfunc = None
attributefuncs = {}
for child in element:
if child.tag == TAG_NAME:
eventdata['name'] = self.parseRuleElement(child)
elif child.tag == TAG_DESCRIPTION:
descriptionfunc = self.parseRuleElement(child)
elif child.tag == TAG_ATTRIBUTE:
(key, func) = self.parseRuleElement(child)
attributefuncs[key] = func
else:
assert(False)
return (inject, self.components.event(eventdata, descriptionfunc, attributefuncs))
elif element.tag == TAG_NAME:
return element.text.strip()
elif element.tag == TAG_DESCRIPTION:
return self.parseMixedContent(element)
elif element.tag == TAG_ATTRIBUTE:
return (element.attrib['name'], self.parseMixedContent(element))
else:
self.logger.logErr("Unhandled XML element: " + element.tag)
assert(False) # untreated XML element - should never happen
# main - for testing only
if __name__ == '__main__':
from ace.util import configuration, logging
config = configuration.Config()
logger = logging.Logger(config)
rulemanager = RuleManager(config, logger)