def __init__(self, name, inQueues, outQueue, config_dict=None, number=0): '''The constructor.''' get_logger().debug('metadata = %s', config_dict['events_metadata']) # TODO: Should really parse by comma into list #self.event_meta = EventsMetadata([config_dict['events_metadata']]) # Dummy Analysis info self.ai1 = AnalysisInfo('location_test') self.ai1.add_event_info('Example0', 1, 2, 3) self.ai1.add_event_info('Example1', 3, 3, 5) self.ai1.add_event_info('Example2', 3, None, None) self.ai1.add_event_info('Example3', 3, None, None) self.ai1.add_event_info('Example4', 3, None, None) self.ai1.add_event_info('Example5', 3, None, None) # TODO: Handle alert metadata if 'mode' in config_dict: self.mode = config_dict['mode'] else: self.mode = POOL_MODE_OCCURRED if 'initial_pool_duration' in config_dict: self.duration = int(config_dict['initial_pool_duration']) get_logger().debug('Duration override %s', str(self.duration)) else: self.duration = 20 self.pool = IncidentPool.new_pool(self.mode, self.duration, None, self.close_callback) # TODO: creation of alerts self.count = 0 # start with 1 get_logger().debug('Creating SimpleEventAnalyzerAllAlert') EventAnalyzer.__init__(self, name, inQueues, outQueue, config_dict=config_dict, number=number) return
def close_callback(self, reason): '''Process pool being closed ''' get_logger().debug('close_callback called') move_forward, make_alerts = self.pool.get_active_incidents() for event in make_alerts: self.count += 1 alert = SampleAlert(self.count, 'Alert 02', datetime.now()) alert.raw_data = 'From ' + str(event.rec_id) + ':' + event.event_id self.send_alert(alert) new_pool = IncidentPool.new_pool(self.duration, self.mode, self.close_callback) for event in move_forward: new_pool.add_incident(event) self.pool = new_pool return
def close_event_pool_callback(self, reason, last_rec_id): ''' Close callback ''' self.trace_info(str(self.number), 'Pool closed. Reason = {0} Last event = {1}'.format(POOL_CLOSE_REASON_AS_STRING[reason], str(last_rec_id))) get_logger().debug('Close_callback called') get_logger().debug(' Pool closing: {0}'.format(str(self.event_pool))) new_alerts = self.close_pool(self.event_pool) for alert in new_alerts: get_logger().debug(' ALERT: creating {0}'.format(str(alert))) alert_mgr = get_service(SERVICE_ALERT_MGR) alert_mgr.add_suppressions(alert, self.event_pool.get_suppressed(alert)) self.prioritize_and_send_alerts(new_alerts) if self.checkpoint is not None: self.checkpoint.set_checkpoint_from_pool() if reason != POOL_CLOSE_REASON_SHUTDOWN: new_pool = IncidentPool.next_pool(self.event_pool) for event in new_pool.moved_forward: self.prime_event(event, new_pool) self.event_pool = new_pool return
def __init__(self, xml_ruleset_file, config_dict=None, event_input=False, alert_input=False, number=0, name='unnamed', trace=None, send_alert=None, use_checkpoint=True): ''' Load the list of specified xml ruleset file ''' dict.__init__(self) if use_checkpoint == True: self.checkpoint = RulesetEventCheckpoint(name, self) else: self.checkpoint = None GearEngine.__init__(self, name, number, trace, self.checkpoint) self.version_id = None self.trace_id = (0, str(self.number)) #line 0, trace level 1 self.conf_dict = config_dict self.send_alert = send_alert self.alert_input = alert_input self.event_input = event_input # See if debug environment variable temp_debug = upper(os.environ.get(TEAL_TEST_GEAR_RULE_DEBUG, 'NO')) if temp_debug == 'YES' or temp_debug == 'NORMAL': self.gear_rule_debug = 'N' elif temp_debug == 'VERBOSE': self.gear_rule_debug = 'V' else: self.gear_rule_debug = None if self.alert_input: get_logger().warning('Only event analyzers are supported by GEAR at this time') raise ValueError if not event_input: # and not alert_input get_logger().warning('GEAR analyzer must be an event analyzer') raise ValueError self.trace_debug(self.trace_id[1], 'Initializing ruleset id={0} name={1} file={2}'.format(self.number, self.name, xml_ruleset_file)) ## Determine mode if get_service(SERVICE_TIME_MODE) is not None and get_service(SERVICE_TIME_MODE) == 'time_logged': self.mode = POOL_MODE_LOGGED else: self.mode = POOL_MODE_OCCURRED # See if overridden in config dict if config_dict is not None and SERVICE_TIME_MODE in config_dict: conf_rm = config_dict[SERVICE_TIME_MODE] if conf_rm == 'time_logged': if self.mode != POOL_MODE_LOGGED: self.trace_info(self.trace_id[1], 'Time mode forced to time_logged') self.mode = POOL_MODE_LOGGED elif conf_rm == 'time_occurred': if self.mode != POOL_MODE_OCCURRED: self.trace_info(self.trace_id[1], 'Time mode forced to time_occurred') self.mode = POOL_MODE_OCCURRED else: self.config_error('Invalid configuration specification for {0}: {1}'.format(SERVICE_TIME_MODE, config_dict[SERVICE_TIME_MODE])) self[GRSE_GEAR_CTL] = GearControl(self) self[GRSE_EVENTS] = AnalysisInfo(self) self[GRSE_CONSTANTS] = GearConstants(self) self[GRSE_POOL_CTL] = GearPoolControl(config_dict, self) self[GRSE_ANALYZE] = GearAnalyzeRules(self) self[GRSE_TEMPLATES] = GearTemplates(self) self.xml_ruleset_file = xml_ruleset_file self.description = 'Loaded from file {0}'.format(str(xml_ruleset_file)) self._parse_file(xml_ruleset_file) # Check how to determine how to decided if will analyze if self[GRSE_GEAR_CTL].use_event_regx: self.will_analyze_event = self.will_analyze_event_regx self.will_analyze_event_validation = self.will_analyze_event_validation_regx # Templates don't resolve and validate self[GRSE_CONSTANTS].resolve_and_validate() self[GRSE_ANALYZE].resolve_and_validate() #self[GRSE_POOL_CLOSURE].resolve_and_validate() self[GRSE_POOL_CTL].resolve_and_validate() if self.event_input: if (not self[GRSE_GEAR_CTL].use_event_regx) and \ len(self[GRSE_EVENTS].event_info) == 0: self.parse_error(self.trace_id[0], 'events to analyze must be specified either using the \'events\' element or the \'will_analyze\' element') # Setup the initial pool # Only use timers if in realtime mode if get_service(SERVICE_RUN_MODE) is not None and get_service(SERVICE_RUN_MODE) == RUN_MODE_REALTIME: t_use_timer = True if os.environ.get(TEAL_TEST_POOL_TIMERS_OFF, 'NO') == 'YES': get_logger().warning('Timers were turned off by environment variable: {0}'.format(TEAL_TEST_POOL_TIMERS_OFF)) t_use_timer = False else: t_use_timer = False # create the pool self.event_pool = IncidentPool.new_pool(self.mode, self._get_init_duration(), self._get_max_duration(), self.close_event_pool_callback, msg_target=MsgTargetLogger(self.get_tracer(), prefix='GTP[{0}.P]'.format(self.number)), use_timer=t_use_timer, arrival_check_ctl=self[GRSE_POOL_CTL][GPCL_ARRIVAL_RATE_EXTENSION]) # Check environment variable to see if alert prioritization should be done if upper(os.environ.get(TEAL_ALERT_PRIORITIZATION, 'YES')) == 'YES': self.prioritize_and_send_alerts = self._prioritize_and_send_alerts_ACTIVE else: get_logger().info('Alert prioritization has been turned off') self.prioritize_and_send_alerts = self._prioritize_and_send_alerts_NO_PRIORITY return