def __init__(self,
aminerConfig,
propertyPath,
binDefinition,
reportInterval,
reportEventHandlers,
resetAfterReportFlag=True,
persistenceId='Default'):
"""Initialize the analysis component.
@param reportInterval delay in seconds between creation of two
reports. The parameter is applied to the parsed record data
time, not the system time. Hence reports can be delayed when
no data is received."""
self.lastReportTime = None
self.nextReportTime = 0.0
self.propertyPath = propertyPath
self.binDefinition = binDefinition
self.histogramData = {}
self.reportInterval = reportInterval
self.reportEventHandlers = reportEventHandlers
self.resetAfterReportFlag = resetAfterReportFlag
self.persistenceId = persistenceId
self.nextPersistTime = None
PersistencyUtil.addPersistableComponent(self)
self.persistenceFileName = AMinerConfig.buildPersistenceFileName(
aminerConfig, 'PathDependentHistogramAnalysis', persistenceId)
persistenceData = PersistencyUtil.loadJson(self.persistenceFileName)
if persistenceData is not None:
raise Exception('No data reading, def merge yet')
def __init__(self, aminerConfig, parallelCheckCount, correlationTestCount, \
maxFailCount, anomalyEventHandlers, persistenceId='Default', recordCountBeforeEvent=0x10000):
"""Initialize the detector. This will also trigger reading
or creation of persistence storage location.
@param parallelCheckCount number of rule detection checks
to run in parallel.
@param correlationTestCount number of tests to perform on a rule under
test.
@param maxFailCount maximal number of test failures so that
rule is still eligible for reporting."""
self.lastTimestamp = 0.0
self.parallelCheckCount = parallelCheckCount
self.correlationTestCount = correlationTestCount
self.maxFailCount = maxFailCount
self.anomalyEventHandlers = anomalyEventHandlers
self.maxRuleAttributes = 5
self.lastUnhandledMatch = None
self.nextPersistTime = None
self.totalRecords = 0
self.recordCountBeforeEvent = recordCountBeforeEvent
PersistencyUtil.addPersistableComponent(self)
self.persistenceFileName = AMinerConfig.buildPersistenceFileName(
aminerConfig, 'TimeCorrelationDetector', persistenceId)
persistenceData = PersistencyUtil.loadJson(self.persistenceFileName)
if persistenceData is None:
self.featureList = []
self.eventCountTable = [
0
] * parallelCheckCount * parallelCheckCount * 2
self.eventDeltaTable = [
0
] * parallelCheckCount * parallelCheckCount * 2
def __init__(self, aminerConfig, anomalyEventHandlers, timestampPath,
analyzePathList, minBinElements, minBinTime, syncBinsFlag=True,
debugMode=False, persistenceId='Default'):
"""Initialize the detector. This will also trigger reading
or creation of persistence storage location.
@param timestampPath if not None, use this path value for
timestamp based bins.
@param analyzePathList list of match pathes to analyze in
this detector.
@param minBinElements evaluate the latest bin only after at
least that number of elements was added to it.
@param minBinTime evaluate the latest bin only when the first
element is received after minBinTime has elapsed.
@param syncBinsFlag if true the bins of all analyzed path values
have to be filled enough to trigger analysis.
@param debugMode if true, generate an analysis report even
when average of last bin was within expected range."""
self.anomalyEventHandlers = anomalyEventHandlers
self.timestampPath = timestampPath
self.minBinElements = minBinElements
self.minBinTime = minBinTime
self.syncBinsFlag = syncBinsFlag
self.debugMode = debugMode
self.nextPersistTime = None
PersistencyUtil.addPersistableComponent(self)
self.persistenceFileName = AMinerConfig.buildPersistenceFileName(aminerConfig, \
'MatchValueAverageChangeDetector', persistenceId)
persistenceData = PersistencyUtil.loadJson(self.persistenceFileName)
if persistenceData is None:
self.statData = []
for path in analyzePathList:
self.statData.append((path, [],))
def __init__(self,
aminerConfig,
histogramDefs,
reportInterval,
reportEventHandlers,
resetAfterReportFlag=True,
persistenceId='Default'):
"""Initialize the analysis component.
@param histogramDefs is a list of tuples containing the target
property path to analyze and the BinDefinition to apply for
binning.
@param reportInterval delay in seconds between creation of two
reports. The parameter is applied to the parsed record data
time, not the system time. Hence reports can be delayed when
no data is received."""
self.lastReportTime = None
self.nextReportTime = 0.0
self.histogramData = []
for (path, binDefinition) in histogramDefs:
self.histogramData.append(HistogramData(path, binDefinition))
self.reportInterval = reportInterval
self.reportEventHandlers = reportEventHandlers
self.resetAfterReportFlag = resetAfterReportFlag
self.persistenceId = persistenceId
self.nextPersistTime = None
PersistencyUtil.addPersistableComponent(self)
self.persistenceFileName = AMinerConfig.buildPersistenceFileName(
aminerConfig, 'HistogramAnalysis', persistenceId)
persistenceData = PersistencyUtil.loadJson(self.persistenceFileName)
if persistenceData != None:
raise Exception('No data reading, def merge yet')
def __init__(self,
aminerConfig,
targetPath,
anomalyEventHandlers,
persistenceId='Default',
autoIncludeFlag=False,
defaultInterval=3600,
realertInterval=86400,
outputLogLine=True):
"""Initialize the detector. This will also trigger reading
or creation of persistence storage location.
@param targetPath to extract a source identification value
from each logatom."""
self.targetPath = targetPath
self.anomalyEventHandlers = anomalyEventHandlers
self.autoIncludeFlag = autoIncludeFlag
self.defaultInterval = defaultInterval
self.realertInterval = realertInterval
# This timestamps is compared with timestamp values from log atoms
# for activation of alerting logic. The first timestamp from logs
# above this value will trigger alerting.
self.nextCheckTimestamp = 0
self.lastSeenTimestamp = 0
self.nextPersistTime = None
self.outputLogLine = outputLogLine
self.aminerConfig = aminerConfig
PersistencyUtil.addPersistableComponent(self)
self.persistenceFileName = AMinerConfig.buildPersistenceFileName(
aminerConfig, self.__class__.__name__, persistenceId)
persistenceData = PersistencyUtil.loadJson(self.persistenceFileName)
if persistenceData is None:
self.expectedValuesDict = {}
else:
self.expectedValuesDict = persistenceData
def __init__(self,
aminerConfig,
targetPathList,
anomalyEventHandlers,
persistenceId='Default',
allowMissingValuesFlag=False,
autoIncludeFlag=False,
outputLogLine=True):
"""Initialize the detector. This will also trigger reading
or creation of persistence storage location.
@param targetPathList the list of values to extract from each
match to create the value combination to be checked.
@param allowMissingValuesFlag when set to True, the detector
will also use matches, where one of the pathes from targetPathList
does not refer to an existing parsed data object.
@param autoIncludeFlag when set to True, this detector will
report a new value only the first time before including it
in the known values set automatically."""
self.targetPathList = targetPathList
self.anomalyEventHandlers = anomalyEventHandlers
self.allowMissingValuesFlag = allowMissingValuesFlag
self.autoIncludeFlag = autoIncludeFlag
self.outputLogLine = outputLogLine
self.aminerConfig = aminerConfig
self.persistenceFileName = AMinerConfig.buildPersistenceFileName(
aminerConfig, self.__class__.__name__, persistenceId)
self.nextPersistTime = None
self.loadPersistencyData()
PersistencyUtil.addPersistableComponent(self)
def __init__(self, aminerConfig, anomalyEventHandlers, \
persistenceId='Default', autoIncludeFlag=False, outputLogLine=True):
"""Initialize the detector. This will also trigger reading
or creation of persistence storage location."""
self.anomalyEventHandlers = anomalyEventHandlers
self.autoIncludeFlag = autoIncludeFlag
self.nextPersistTime = None
self.outputLogLine = outputLogLine
self.aminerConfig = aminerConfig
PersistencyUtil.addPersistableComponent(self)
self.persistenceFileName = AMinerConfig.buildPersistenceFileName(
aminerConfig, self.__class__.__name__, persistenceId)
persistenceData = PersistencyUtil.loadJson(self.persistenceFileName)
if persistenceData is None:
self.knownPathSet = set()
else:
self.knownPathSet = set(persistenceData)
def __init__(self, aminerConfig, ruleset, anomalyEventHandlers, persistenceId='Default'):
"""Initialize the detector. This will also trigger reading
or creation of persistence storage location.
@param ruleset a list of MatchRule rules with appropriate
CorrelationRules attached as actions."""
self.eventClassificationRuleset = ruleset
self.anomalyEventHandlers = anomalyEventHandlers
self.nextPersistTime = time.time()+600.0
self.historyAEvents = []
self.historyBEvents = []
eventCorrelationSet = set()
for rule in self.eventClassificationRuleset:
if rule.matchAction.artefactARules is not None:
eventCorrelationSet |= set(rule.matchAction.artefactARules)
if rule.matchAction.artefactBRules is not None:
eventCorrelationSet |= set(rule.matchAction.artefactBRules)
self.eventCorrelationRuleset = list(eventCorrelationSet)
PersistencyUtil.addPersistableComponent(self)
self.persistenceFileName = AMinerConfig.buildPersistenceFileName(
aminerConfig, 'TimeCorrelationViolationDetector', persistenceId)
def __init__(self, programName, aminerConfig):
self.programName = programName
self.analysisContext = AnalysisContext(aminerConfig)
self.runAnalysisLoopFlag = True
self.logStreamsByName = {}
self.persistenceFileName = AMinerConfig.buildPersistenceFileName(
self.analysisContext.aminerConfig,
self.__class__.__name__ + '/RepositioningData')
self.nextPersistTime = time.time() + 600
self.repositioningDataDict = {}
self.masterControlSocket = None
self.remoteControlSocket = None
# This dictionary provides a lookup list from file descriptor
# to associated object for handling the data to and from the given
# descriptor. Currently supported handler objects are:
# * Parent process socket
# * Remote control listening socket
# * LogStreams
# * Remote control connections
self.trackedFdsDict = {}
# Override the signal handler to allow graceful shutdown.
def gracefulShutdownHandler(_signo, _stackFrame):
"""This is the signal handler function to react on typical
shutdown signals."""
print('%s: caught signal, shutting down' % programName,
file=sys.stderr)
self.runAnalysisLoopFlag = False
import signal
signal.signal(signal.SIGHUP, gracefulShutdownHandler)
signal.signal(signal.SIGINT, gracefulShutdownHandler)
signal.signal(signal.SIGTERM, gracefulShutdownHandler)
# Do this on at the end of the initialization to avoid having
# partially initialized objects inside the registry.
self.analysisContext.addTimeTriggeredComponent(self)
