示例#1
0
 def __init__(self, name, inQueues, outQueue, config_dict=None, number=0):
     '''The constructor.'''
     get_logger().debug('metadata = %s', config_dict['events_metadata'])
     # TODO: Should really parse by comma into list 
     #self.event_meta = EventsMetadata([config_dict['events_metadata']])
     # Dummy Analysis info
     self.ai1 = AnalysisInfo('location_test')
     self.ai1.add_event_info('Example0', 1, 2, 3)
     self.ai1.add_event_info('Example1', 3, 3, 5)
     self.ai1.add_event_info('Example2', 3, None, None)        
     self.ai1.add_event_info('Example3', 3, None, None) 
     self.ai1.add_event_info('Example4', 3, None, None) 
     self.ai1.add_event_info('Example5', 3, None, None) 
     # TODO: Handle alert metadata 
     if 'mode' in config_dict:
         self.mode = config_dict['mode']
     else:
         self.mode = POOL_MODE_OCCURRED
     if 'initial_pool_duration' in config_dict:
         self.duration = int(config_dict['initial_pool_duration'])
         get_logger().debug('Duration override %s', str(self.duration))
     else:
         self.duration = 20
     self.pool = IncidentPool.new_pool(self.mode, self.duration, None, self.close_callback)
     # TODO: creation of alerts
     self.count = 0  # start with 1
     get_logger().debug('Creating SimpleEventAnalyzerAllAlert')
     EventAnalyzer.__init__(self, name, inQueues, outQueue, config_dict=config_dict, number=number)
     return
示例#2
0
class SimpleEventAnalyzerWithPool(EventAnalyzer):
    '''Analyzer that simple creates an alert from every event it gets
    '''
    
    def __init__(self, name, inQueues, outQueue, config_dict=None, number=0):
        '''The constructor.'''
        get_logger().debug('metadata = %s', config_dict['events_metadata'])
        # TODO: Should really parse by comma into list 
        #self.event_meta = EventsMetadata([config_dict['events_metadata']])
        # Dummy Analysis info
        self.ai1 = AnalysisInfo('location_test')
        self.ai1.add_event_info('Example0', 1, 2, 3)
        self.ai1.add_event_info('Example1', 3, 3, 5)
        self.ai1.add_event_info('Example2', 3, None, None)        
        self.ai1.add_event_info('Example3', 3, None, None) 
        self.ai1.add_event_info('Example4', 3, None, None) 
        self.ai1.add_event_info('Example5', 3, None, None) 
        # TODO: Handle alert metadata 
        if 'mode' in config_dict:
            self.mode = config_dict['mode']
        else:
            self.mode = POOL_MODE_OCCURRED
        if 'initial_pool_duration' in config_dict:
            self.duration = int(config_dict['initial_pool_duration'])
            get_logger().debug('Duration override %s', str(self.duration))
        else:
            self.duration = 20
        self.pool = IncidentPool.new_pool(self.mode, self.duration, None, self.close_callback)
        # TODO: creation of alerts
        self.count = 0  # start with 1
        get_logger().debug('Creating SimpleEventAnalyzerAllAlert')
        EventAnalyzer.__init__(self, name, inQueues, outQueue, config_dict=config_dict, number=number)
        return
        
    def close_callback(self, reason):
        '''Process pool being closed ''' 
        get_logger().debug('close_callback called')
        move_forward, make_alerts = self.pool.get_active_incidents()
        for event in make_alerts:
            self.count += 1
            alert = SampleAlert(self.count, 'Alert 02', datetime.now())
            alert.raw_data = 'From ' + str(event.rec_id) + ':' + event.event_id
            self.send_alert(alert)
        new_pool = IncidentPool.new_pool(self.duration, self.mode, self.close_callback)
        for event in move_forward:
            new_pool.add_incident(event)
        self.pool = new_pool
        return            
        
    def will_analyze_event(self, event):
        '''See if the item will be processed by this analyzer
        
           True is yes it will be
           
           For example this could compare the event's id to the 
           list of event ids processed'''
        if event.get_event_id() in self.ai1.event_info:
            get_logger().debug('will_analyze_event for %s called -- True', event.get_event_id())
            return True
        else:
            get_logger().debug('will_analyze_event for %s called -- False', event.get_event_id())
            return False
    
    def will_analyze_alert(self, alert):
        '''See if the item will be processed by this analyzer
        
           True is yes it will be
           
           For example this could compare the alert's id to the 
           list of alert ids processed'''
        get_logger().debug('will_analyze_alert called -- False')
        return False
        
    def analyze_event(self, event):
        '''The analyze method performs the analysis and determines if alerts
        should be created for conditions that require administrator action.'''
        get_logger().debug('analyze_event called' + str(event))  
        worked = False
        while worked == False:
            try:
                self.pool.add_incident(event)
                worked = True
            except IncidentPoolClosedError:
                time.sleep(2)
                worked = False
        # Now process the pool
        self.process_pool(event, self.pool)
        return
    
    def process_pool(self, event, pool):
        if event.get_event_id() == 'Example5':
            suppress_these = pool.get_incidents(event.get_type(), 'Example2')
            pool.suppresses(event, suppress_these)
        return
  
    def analyze_alert(self, alert):
        '''The analyze method performs the analysis and determines if alerts
        should be created for conditions that require administrator action.'''
        return
    
    def handle_control_msg(self, control_msg):
        ''' Handle control messages '''
        get_logger().debug('Recieved control message %s',str(control_msg))
        if control_msg.msg_type == CONTROL_MSG_TYPE_FLUSH and self.pool.state == POOL_STATE_RUNNING:
            right_now = datetime.now()
            self.pool.close(right_now, right_now, POOL_CLOSE_REASON_FLUSH )