protected override void Updates(LogEvents Input) { if (Input.Type == LogEventType.LogDataExtractedEvent) { dataStore.InsertData(Input.ExecutionContext); } if (Input.Type == LogEventType.ThresholdBreachCheckEvent) { CheckForBreachBothWays(Input, false); } if (Input.Type == LogEventType.ThresholdBreachRecoveryCheckEvent) { CheckForBreachRecovery(Input); } if (Input.Type == LogEventType.LogReportGenerateEvent) { PrepareReport(Input); } }
protected override void CheckForBreachBothWays(LogEvents Input, bool positive) { dynamic intentionsOutCome = PrepareIntentionOutCome(Input); int thresholdToCheck = Int32.MaxValue; foreach (WorrySomeIntentions wsi in Input.ExecutionContext.Intentions) { if (wsi.InterestedField == DataPoints.DPLOverallTraffic) { if (wsi.WhatToDo == Operations.AvgOf) { intentionsOutCome.AverageTPS = intentionsOutCome.totalCount / Input.ExecutionContext.timeWindoW; } else if (wsi.WhatToDo == Operations.CountOf) { thresholdToCheck = wsi.Threshold; } } } bool bNotify = false; LogEventType type; if (positive) { bNotify = intentionsOutCome.totalCount < thresholdToCheck ? true : false; type = LogEventType.ThresholdBreachRecoveredEvent; } else { bNotify = intentionsOutCome.totalCount > thresholdToCheck ? true : false; type = LogEventType.ThresholdBreachDetectedEvent; } if (bNotify) { Notify(type, intentionsOutCome); } }
protected override void Parse(LogEvents input) { List <String> logLines = input.ExecutionContext; List <LogData> logExtractedData = new List <LogData>(); foreach (String str in logLines) { String[] val = str.Split(' '); //2018-03-27 03:14:45 naws131 10.100.86.134 GET /WSHandlerV2.ashx NAWS_USER_ID=6920513 443 10.1.20.3 - 200 15 LogData data = new LogData(); DateTime dt; String dateTime = val[0] + " " + val[1]; DateTime.TryParse(dateTime, out dt); data.Time = dt; data.ServerAddress = val[2]; data.OriginatingIP = val[3]; data.HttpVerb = val[4]; data.HttpResource = val[5]; data.QueryString = val[6]; int port = 0; Int32.TryParse(val[7], out port); data.Port = port; data.DestinationIP = val[8]; data.ClientID1 = val[9]; int outval = 200; Int32.TryParse(val[10], out outval); data.HttpErrorCode = outval; Int32.TryParse(val[11], out outval); data.ResponseSize = outval; data.RawLog = str; logExtractedData.Add(data); } if (logExtractedData.Count > 0) { Notify(logExtractedData); } }
protected abstract void Updates(LogEvents Input);
protected abstract void PrepareReport(LogEvents Input);
protected abstract void CheckForBreachRecovery(LogEvents Input);
protected abstract void CheckForBreachBothWays(LogEvents Input, bool positive);
public void Update(LogEvents Input) { Updates(Input); }
protected override void CheckForBreachRecovery(LogEvents Input) { CheckForBreachBothWays(Input, true); }