logdata-anomaly-miner
logdata-anomaly-miner copied to clipboard
ait-aecid
This tool parses log data and allows to define analysis pipelines for anomaly detection. It was designed to run the analysis with limited resources and lowest possible permissions to make it suitable...
# Make sure these boxes are signed before submitting your Pull Request -- thank you. # Must haves - [x] I have read and followed the contributing guide lines at...
It is possible to parse the following event `{"@timestamp": "2024-04-18T11:00:42.606Z", "message": "abc", "winlog": {"user": {"name": "SYSTEM", "type": "Well Known Group", "identifier": "S-1-5-18", "domain": "NT AUTHORITY"}, "process": {"pid": 2316, "thread": {"id":...
A common timestamp format is "2024-03-21T20:46:06.955Z", which has the "Z" in the end, representing UTC. I do not think that this is currently supported to be parsed with our %z...
Original issue: https://github.com/ait-aecid/logdata-anomaly-miner/issues/831 Fix: https://github.com/ait-aecid/logdata-anomaly-miner/issues/1230 Now this feature is not working anymore. Set learning to stop after 1 hour: ``` LearnMode: True LogResourceList: - 'file:///home/landauerm/test.log' Parser: - id: 'START' start:...
The warning "No timestamp was found for a log_atom" is generated when unparsed events occur. I dont think that a warning should occur in this case, because it can be...
The fields event_data and TargetImage are both optional in the config parser: ``` LearnMode: True LogResourceList: - 'file://home/ubuntu/test.yml' Parser: - id: event_id type: VariableByteDataModelElement name: 'event_id' args: '0123456789' - id:...
# Make sure these boxes are signed before submitting your Pull Request -- thank you. # Must haves - [x] I have read and followed the contributing guide lines at...
# Make sure these boxes are signed before submitting your Pull Request -- thank you. # Must haves - [x] I have read and followed the contributing guide lines at...
Running the NewMatchPathValueComboDetector with allow_missing_values set to True and then having both normal values and missing values (None) in the data results in an error when persisting: ``` Traceback (most...