Max Landauer

I added a line with status code 999: ``` 2021-05-17 13:25:14 New path(es) detected NewMatchPathDetector: "DefaultNewMatchPathDetector" (1 lines) /accesslog: 127.0.0.1 - - [17/May/2021:11:25:14 +0000] "GET / HTTP/1.1" 200 11229 "-"...

I do not understand why time.time() is used - as discussed in issue https://github.com/ait-aecid/logdata-anomaly-miner/issues/1230 the stop_learning_time should be based on the time from the logs, and not the real time....

If we use the AminerStartTimestamp, we could just as well set the time where the AMiner switches the training mode in absolute timestamps. However, we introduced the stop_learning_time because we...

The parameter is still missing in the AnalysisValidationSchema.py

Tested on: Distributor ID: Ubuntu Description: Ubuntu 22.10 Release: 22.10 Codename: kinetic

Yes, the format can be adapted, but then the Z is not read as the timezone. This means that the timestamp of the log atom is not correct, which can...

I don't know yet how to realize this. The issue is just to make sure that we do not forget about the feedback we received and discuss it in the...

Maybe it is also a good idea to provide sample configurations (only the relevant section of the config.yml) with every description of component. These examples should already exist anyway (demo...

Also, https://github.com/ait-aecid/logdata-anomaly-miner/tree/main/source/root/usr/share/doc/logdata-anomaly-miner/aminer is outdated, e.g., it is missing some detectors. We should make sure to only create the documentation once and then cross-link it to the Wiki and other relevant...

They are mainly for displaying the anomalies in a SIEM (for example, a lot of low-severity alerts can be less critical than a few high-severity alerts) and numeric correlation (for...