-
Notifications
You must be signed in to change notification settings - Fork 0
/
example_config.yaml
60 lines (60 loc) · 1.76 KB
/
example_config.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
LearnMode: true
LogResourceList:
- file:///home/viktor/projects/aminer-configuration-engine/output/NewMatchPathValueComboDetector/apache/russellmitchell/ace_R1_S2884/data/train1.log
Parser:
- id: START
start: true
type: ApacheAccessParsingModel
name: parser
Input:
timestamp_paths:
- /model/time
- /model/@timestamp/time
- /model/with_df/time
- /model/type/execve/time
- /model/type/proctitle/time
- /model/type/syscall/time
- /model/type/path/time
- /model/type/login/time
- /model/type/sockaddr/time
- /model/type/unknown/time
- /model/type/cred_refr/time
- /model/type/user_start/time
- /model/type/user_acct/time
- /model/type/user_auth/time
- /model/type/user_login/time
- /model/type/cred_disp/time
- /model/type/service_start/time
- /model/type/service_stop/time
- /model/type/user_end/time
- /model/type/user_cmd/time
- /model/type/cred_acq/time
- /model/type/avc/time
- /model/type/user_bprm_fcaps/time
- /model/datetime
Analysis:
- type: NewMatchPathValueComboDetector
id: NewMatchPathValueComboDetector_Co-OccurrenceCombos_id0
persistence_id: id0_Co-OccurrenceCombos
paths:
- /model/client_ip/client_ip
- /model/combined
- /model/combined/combined
- /model/combined/combined/referer
- /model/combined/combined/user_agent
- /model/fm/request/method
- /model/fm/request/version
- /model/status_code
output_logline: true
- type: NewMatchPathDetector
id: NewMatchPathDetector
suppress: true
- type: VerboseUnparsedAtomHandler
id: VerboseUnparsedAtomHandler
suppress: true
EventHandlers:
- id: stpefile
type: StreamPrinterEventHandler
json: true
pretty: false
output_file_path: /tmp/aminer_out.json