def __init__(self, name, inQueues, outQueue, config_dict=None, number=0):
'''The constructor.'''
get_logger().debug('metadata = %s', config_dict['events_metadata'])
# TODO: Should really parse by comma into list
#self.event_meta = EventsMetadata([config_dict['events_metadata']])
# Dummy Analysis info
self.ai1 = AnalysisInfo('location_test')
self.ai1.add_event_info('Example0', 1, 2, 3)
self.ai1.add_event_info('Example1', 3, 3, 5)
self.ai1.add_event_info('Example2', 3, None, None)
self.ai1.add_event_info('Example3', 3, None, None)
self.ai1.add_event_info('Example4', 3, None, None)
self.ai1.add_event_info('Example5', 3, None, None)
# TODO: Handle alert metadata
if 'mode' in config_dict:
self.mode = config_dict['mode']
else:
self.mode = POOL_MODE_OCCURRED
if 'initial_pool_duration' in config_dict:
self.duration = int(config_dict['initial_pool_duration'])
get_logger().debug('Duration override %s', str(self.duration))
else:
self.duration = 20
self.pool = IncidentPool.new_pool(self.mode, self.duration, None, self.close_callback)
# TODO: creation of alerts
self.count = 0 # start with 1
get_logger().debug('Creating SimpleEventAnalyzerAllAlert')
EventAnalyzer.__init__(self, name, inQueues, outQueue, config_dict=config_dict, number=number)
return
class SimpleEventAnalyzerWithPool(EventAnalyzer):
'''Analyzer that simple creates an alert from every event it gets
'''
def __init__(self, name, inQueues, outQueue, config_dict=None, number=0):
'''The constructor.'''
get_logger().debug('metadata = %s', config_dict['events_metadata'])
# TODO: Should really parse by comma into list
#self.event_meta = EventsMetadata([config_dict['events_metadata']])
# Dummy Analysis info
self.ai1 = AnalysisInfo('location_test')
self.ai1.add_event_info('Example0', 1, 2, 3)
self.ai1.add_event_info('Example1', 3, 3, 5)
self.ai1.add_event_info('Example2', 3, None, None)
self.ai1.add_event_info('Example3', 3, None, None)
self.ai1.add_event_info('Example4', 3, None, None)
self.ai1.add_event_info('Example5', 3, None, None)
# TODO: Handle alert metadata
if 'mode' in config_dict:
self.mode = config_dict['mode']
else:
self.mode = POOL_MODE_OCCURRED
if 'initial_pool_duration' in config_dict:
self.duration = int(config_dict['initial_pool_duration'])
get_logger().debug('Duration override %s', str(self.duration))
else:
self.duration = 20
self.pool = IncidentPool.new_pool(self.mode, self.duration, None, self.close_callback)
# TODO: creation of alerts
self.count = 0 # start with 1
get_logger().debug('Creating SimpleEventAnalyzerAllAlert')
EventAnalyzer.__init__(self, name, inQueues, outQueue, config_dict=config_dict, number=number)
return
def close_callback(self, reason):
'''Process pool being closed '''
get_logger().debug('close_callback called')
move_forward, make_alerts = self.pool.get_active_incidents()
for event in make_alerts:
self.count += 1
alert = SampleAlert(self.count, 'Alert 02', datetime.now())
alert.raw_data = 'From ' + str(event.rec_id) + ':' + event.event_id
self.send_alert(alert)
new_pool = IncidentPool.new_pool(self.duration, self.mode, self.close_callback)
for event in move_forward:
new_pool.add_incident(event)
self.pool = new_pool
return
def will_analyze_event(self, event):
'''See if the item will be processed by this analyzer
True is yes it will be
For example this could compare the event's id to the
list of event ids processed'''
if event.get_event_id() in self.ai1.event_info:
get_logger().debug('will_analyze_event for %s called -- True', event.get_event_id())
return True
else:
get_logger().debug('will_analyze_event for %s called -- False', event.get_event_id())
return False
def will_analyze_alert(self, alert):
'''See if the item will be processed by this analyzer
True is yes it will be
For example this could compare the alert's id to the
list of alert ids processed'''
get_logger().debug('will_analyze_alert called -- False')
return False
def analyze_event(self, event):
'''The analyze method performs the analysis and determines if alerts
should be created for conditions that require administrator action.'''
get_logger().debug('analyze_event called' + str(event))
worked = False
while worked == False:
try:
self.pool.add_incident(event)
worked = True
except IncidentPoolClosedError:
time.sleep(2)
worked = False
# Now process the pool
self.process_pool(event, self.pool)
return
def process_pool(self, event, pool):
if event.get_event_id() == 'Example5':
suppress_these = pool.get_incidents(event.get_type(), 'Example2')
pool.suppresses(event, suppress_these)
return
def analyze_alert(self, alert):
'''The analyze method performs the analysis and determines if alerts
should be created for conditions that require administrator action.'''
return
def handle_control_msg(self, control_msg):
''' Handle control messages '''
get_logger().debug('Recieved control message %s',str(control_msg))
if control_msg.msg_type == CONTROL_MSG_TYPE_FLUSH and self.pool.state == POOL_STATE_RUNNING:
right_now = datetime.now()
self.pool.close(right_now, right_now, POOL_CLOSE_REASON_FLUSH )
