Anomaly detection Engine for Linux Logs (ADE)
Priming ADE - upload
upload is a bash script which invokes the correct Java class after setting up the environment needed. upload parses the log and loads the information into the JDBC compliant database for use by verify and train.
Usage
Use upload to initialize the ADE database. upload can process Linux logs in RFC 3164 or RFC 5424 format. The logs can be in either files stored in the file system or in “stdin”.
Notes
- If the -d option is specified ADE will attempt to load all files in the directory
- ADE supports both files which are compressed with gzip and files which are not compressed
Command Options
| Option | Required | Details |
|---|---|---|
| -d | either -f or -d are required | Name of directory to be loaded into ADE |
| -f | either -f or -d are required | Name of file to be loaded into ADE or “stdin” |
| -g | no | GMT offset of the system which created the log |
| -h | no | Print out help information |
| -o | no | Name of operating system that generated log, defaults to Linux |
| -s | no | System name |
| -years | no | Year of the message log, the default is that it contains the current day |
| -dump_parse_report | no | Creates a report of parsing failures |
Restrictions
upload does not support merging of logs. If you upload data for an interval which already exists, the existing data will be replaced.