123 lines
2.6 KiB
YAML
123 lines
2.6 KiB
YAML
ingestion:
|
|
log_path: "/path/to/log/file/transfer.log"
|
|
net_interface: "ens4"
|
|
disk_device: "vda1"
|
|
systemctl_services:
|
|
- service1.service
|
|
- service2.service
|
|
|
|
transformation:
|
|
window_size: "30s"
|
|
db_path: "data/pipeline_test.duckdb"
|
|
|
|
drain:
|
|
depth: 4
|
|
sim_threshold: 0.4
|
|
max_children: 100
|
|
max_clusters: 1000
|
|
masking_patterns:
|
|
- name: "loglevel"
|
|
pattern: '^(\S+)'
|
|
replace: "<LOGLEVEL>"
|
|
type: "string"
|
|
|
|
- name: ""
|
|
pattern: '(\d{4}-\d{2}-\d{2})'
|
|
replace: "<DATE>"
|
|
type: "string"
|
|
|
|
- name: ""
|
|
pattern: '(\d{2}:\d{2}:\d{2}\.\d{6})'
|
|
replace: "<TIME>"
|
|
type: "string"
|
|
|
|
- name: "uuid"
|
|
pattern: '\b[0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{12}\b'
|
|
replace: "<UUID>"
|
|
type: "string"
|
|
|
|
- name: ""
|
|
pattern: '\+\]'
|
|
replace: "<SESSION>"
|
|
type: "string"
|
|
|
|
- name: ""
|
|
pattern: "(/[a-zA-Z0-9._-]+)+"
|
|
replace: "<PATH>"
|
|
type: "string"
|
|
|
|
- name: ""
|
|
pattern: '(sync-file-reader|checksum|xp-network-(?:sender|receiver)|aes-crypt)-\d+:'
|
|
replace: "<MODULE>:"
|
|
type: "string"
|
|
|
|
- name: "datarate"
|
|
pattern: 'datarate=\s*(\d+(?:\.\d+)?)'
|
|
replace: "<datarate>"
|
|
type: "float"
|
|
|
|
- name: "duration"
|
|
pattern: 'duration=\s*(\d+(?:\.\d+)?)'
|
|
replace: "<duration>"
|
|
type: "float"
|
|
|
|
- name: "throughput"
|
|
pattern: 'throughput=\s*(\d+(?:\.\d+)?)'
|
|
replace: "<throughput>"
|
|
type: "float"
|
|
|
|
- name: "filesize"
|
|
pattern: '(\d+(?:\.\d+)?)\s*(?:MByte|GByte|MiB|GiB|GB|MB|KB)'
|
|
replace: "<filesize>"
|
|
type: "float"
|
|
|
|
- name: "hostport"
|
|
pattern: '([a-zA-Z0-9.-]+:\d+)'
|
|
replace: "<HOSTPORT>"
|
|
type: "string"
|
|
|
|
- name: ""
|
|
pattern: '\b(\d+(?:\.\d+)?)\b'
|
|
replace: "<NUM>"
|
|
type: "float"
|
|
|
|
detector:
|
|
method: "ensemble"
|
|
ensemble:
|
|
enabled: true
|
|
method: "sead"
|
|
contamination: 0.15
|
|
sead:
|
|
eta: 0.1
|
|
lambda: 0.01
|
|
auto_scaling:
|
|
enabled: true
|
|
high_threshold: 75.0
|
|
critical_threshold: 90.
|
|
high_duration: 90.0
|
|
critical_duration: 120.0
|
|
down_threshold: 50.0
|
|
down_duration: 120.0
|
|
rrcf_variants:
|
|
fast:
|
|
num_trees: 50
|
|
tree_size: 32
|
|
threshold_percentile: 0.85
|
|
mid:
|
|
num_trees: 150
|
|
tree_size: 64
|
|
threshold_percentile: 0.85
|
|
slow:
|
|
num_trees: 200
|
|
tree_size: 128
|
|
threshold_percentile: 0.85
|
|
copod:
|
|
buffer_size: 50
|
|
threshold: 0.3
|
|
mad:
|
|
threshold: 3.5
|
|
calibration_size: 50
|
|
|
|
output:
|
|
feature_log_path: "logs/features.jsonl"
|
|
anomaly_log_path: "logs/anomalies.jsonl"
|