def compile_alarm_python_condition(alarm_str, log_format):
g = Grammar.from_file('alarm_language.pg')
# no actions for now
p = Parser(g, actions=actions)
res = p.parse(alarm_str)
# print(res)
res.remove_not()
res.semantic_analysis(build_log_parser(log_format))
res = res.python_condition()
return res
def front_end_alarm_compiler(alarm_str, log_format):
"""
This function represents front-end of alarm compiler. It does:
- syntax analysis
- semantic analysis
- generate IR
- optimizing IR
:param alarm_str:
:param log_format:
:return: object of AlarmQuery class
"""
g = Grammar.from_file('alarm_language.pg')
# no actions for now
p = Parser(g, actions=actions, debug=False)
res = p.parse(alarm_str)
# print(res)
res.remove_not()
res.semantic_analysis(build_log_parser(log_format))
return res
import sys
from pyspark import SparkContext
from pyspark.streaming import StreamingContext
from pyspark.streaming.kafka import KafkaUtils
from log_formatter import build_log_parser
log_format = """
brojka:=int;
</</> <brojka> </>/> </.*/>
"""
log_parser = build_log_parser(log_format)
def update_function(new_values, current):
if current is None:
current = []
if len(current) >= 10:
current.clear()
current.extend(new_values)
return current
def process_rdd_element(time, rdd_element):
# check if we have more then specified number of logs
log_lists = rdd_element[1]
if len(log_lists) >= 10:
def test_integration():
log_format = """
severity:=int;
facility:=int;
message:=string;
timestamp:=datetime(/\d{2}\.\d{2}\.\d{4}\.\s+\d{2}\:\d{2}\:\d{2}/);
scaling:=double;
<timestamp> </\s*,\s*/> <severity> </\s*,\s*/> <facility> </\s*,\s*/> <scaling> </\s*,\s*/> <message>
"""
log_str = '20.02.1995. 20:45:00, 3, 1, 1.5, "Ovo je moja pozdravna poruka, Vladimire"'
alarm_str = "scaling > 2 or severity<5 and facility >=0"
log_format = """
brojka:=int;
druga_brojka:=int;
_end:=/.*/;
/</ brojka />/ druga_brojka _end
"""
log_str = '<11>1 2019-04-08T01:08:12+02:00 12.12.12.1 FakeWebApp - msg77 - from:192.52.223.99 "GET /recipe HTTP/1.0" 200 4923 "Mozilla/5.0 (Macintosh; U; PPC Mac OS X 10_12_6) AppleWebKit/5361 (KHTML, like Gecko) Chrome/53.0.892.0 Safari/5361 "'
alarm_str = 'brojka == 11 or brojka > 12; count(11, last=3m12s, groupBy=[brojka, druga_brojka])'
# alarm_str = 'brojka == 11 or brojka > 12; count(11), last(12s), groupBy(brojka, druga_brojka)'
log_format = """
priority:=int;
version:=int;
_rest_of_line:=/.*/;
_lt:=/</;
_gt:=/>/;
_lt priority _gt version _rest_of_line
"""
alarm_str = "not(priority != 11 and priority != 13) and version==1"
log_format = """
priority := int;
version := int(/\d/);
timestamp := datetime(/\d{4}\-\d{2}\-\d{2}T\d{2}\:\d{2}\:\d{2}\+\d{2}\:\d{2}/);
_ws := /\s+/;
server_id := string(/\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}/);
app_name := string(/\w+/);
_dash := /\s+\-\s+/;
msg_id := string(/msg\d+/);
workstation_id := string(/\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}/);
/</ priority />/ version _ws timestamp _ws server_id _ws app_name _dash msg_id _dash _from:=/from:/ workstation_id _ws msg:=string(/.*/)
"""
alarm_str = "version == 1 and (priority > 10 and priority <= 14) or not timestamp@#2018#; count(10, groupBy=[server_id, workstation_id], last=1m30s) "
lp = build_log_parser(log_format)
l = lp.parse_log(log_str)
print(l)
res = front_end_alarm_compiler(alarm_str, log_format)
print(res)
# py_cond = compile_alarm_python_condition(alarm_str, log_format)
# print(py_cond)
# print(eval(py_cond))
pass