Anomaly detection Engine for Linux Logs (ADE)

Priming ADE - upload

upload is a bash script which invokes the correct Java class after setting up the environment needed. upload parses the log and loads the information into the JDBC compliant database for use by verify and train.

Usage


Use upload to initialize the ADE database. upload can process Linux logs in RFC 3164 or RFC 5424 format. The logs can be in either files stored in the file system or in “stdin”.

Notes

Command Options


Option Required Details
-d either -f or -d are required Name of directory to be loaded into ADE
-f either -f or -d are required Name of file to be loaded into ADE or “stdin”
-g no GMT offset of the system which created the log
-h no Print out help information
-o no Name of operating system that generated log, defaults to Linux
-s no System name
-years no Year of the message log, the default is that it contains the current day
-dump_parse_report no Creates a report of parsing failures

Restrictions


upload does not support merging of logs. If you upload data for an interval which already exists, the existing data will be replaced.