Exemplo n.º 1
0
 protected override void Updates(LogEvents Input)
 {
     if (Input.Type == LogEventType.LogDataExtractedEvent)
     {
         dataStore.InsertData(Input.ExecutionContext);
     }
     if (Input.Type == LogEventType.ThresholdBreachCheckEvent)
     {
         CheckForBreachBothWays(Input, false);
     }
     if (Input.Type == LogEventType.ThresholdBreachRecoveryCheckEvent)
     {
         CheckForBreachRecovery(Input);
     }
     if (Input.Type == LogEventType.LogReportGenerateEvent)
     {
         PrepareReport(Input);
     }
 }
Exemplo n.º 2
0
        protected override void CheckForBreachBothWays(LogEvents Input, bool positive)
        {
            dynamic intentionsOutCome = PrepareIntentionOutCome(Input);
            int     thresholdToCheck  = Int32.MaxValue;

            foreach (WorrySomeIntentions wsi in Input.ExecutionContext.Intentions)
            {
                if (wsi.InterestedField == DataPoints.DPLOverallTraffic)
                {
                    if (wsi.WhatToDo == Operations.AvgOf)
                    {
                        intentionsOutCome.AverageTPS = intentionsOutCome.totalCount / Input.ExecutionContext.timeWindoW;
                    }
                    else if (wsi.WhatToDo == Operations.CountOf)
                    {
                        thresholdToCheck = wsi.Threshold;
                    }
                }
            }
            bool         bNotify = false;
            LogEventType type;

            if (positive)
            {
                bNotify = intentionsOutCome.totalCount < thresholdToCheck ? true : false;
                type    = LogEventType.ThresholdBreachRecoveredEvent;
            }
            else
            {
                bNotify = intentionsOutCome.totalCount > thresholdToCheck ? true : false;
                type    = LogEventType.ThresholdBreachDetectedEvent;
            }


            if (bNotify)
            {
                Notify(type, intentionsOutCome);
            }
        }
Exemplo n.º 3
0
        protected override void Parse(LogEvents input)
        {
            List <String>  logLines         = input.ExecutionContext;
            List <LogData> logExtractedData = new List <LogData>();

            foreach (String str in logLines)
            {
                String[] val = str.Split(' ');
                //2018-03-27 03:14:45 naws131 10.100.86.134 GET /WSHandlerV2.ashx NAWS_USER_ID=6920513 443 10.1.20.3 - 200 15
                LogData  data = new LogData();
                DateTime dt;
                String   dateTime = val[0] + " " + val[1];
                DateTime.TryParse(dateTime, out dt);
                data.Time          = dt;
                data.ServerAddress = val[2];
                data.OriginatingIP = val[3];
                data.HttpVerb      = val[4];
                data.HttpResource  = val[5];
                data.QueryString   = val[6];
                int port = 0;
                Int32.TryParse(val[7], out port);
                data.Port          = port;
                data.DestinationIP = val[8];
                data.ClientID1     = val[9];
                int outval = 200;
                Int32.TryParse(val[10], out outval);
                data.HttpErrorCode = outval;
                Int32.TryParse(val[11], out outval);
                data.ResponseSize = outval;
                data.RawLog       = str;
                logExtractedData.Add(data);
            }
            if (logExtractedData.Count > 0)
            {
                Notify(logExtractedData);
            }
        }
Exemplo n.º 4
0
 protected abstract void Updates(LogEvents Input);
Exemplo n.º 5
0
 protected abstract void PrepareReport(LogEvents Input);
Exemplo n.º 6
0
 protected abstract void CheckForBreachRecovery(LogEvents Input);
Exemplo n.º 7
0
 protected abstract void CheckForBreachBothWays(LogEvents Input, bool positive);
Exemplo n.º 8
0
 public void Update(LogEvents Input)
 {
     Updates(Input);
 }
Exemplo n.º 9
0
 protected override void CheckForBreachRecovery(LogEvents Input)
 {
     CheckForBreachBothWays(Input, true);
 }