You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@eagle.apache.org by qingwen220 <gi...@git.apache.org> on 2016/10/27 10:13:01 UTC
[GitHub] incubator-eagle pull request #573: EAGLE-681: Add new publisher AlertEagleSt...
GitHub user qingwen220 opened a pull request:
https://github.com/apache/incubator-eagle/pull/573
EAGLE-681: Add new publisher AlertEagleStorePlugin
https://issues.apache.org/jira/browse/EAGLE-681
You can merge this pull request into a Git repository by running:
$ git pull https://github.com/qingwen220/incubator-eagle EAGLE-681
Alternatively you can review and apply these changes as the patch at:
https://github.com/apache/incubator-eagle/pull/573.patch
To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:
This closes #573
----
commit 17a778e82d571f4409bcafceb33284be830e8499
Author: Zhao, Qingwen <qi...@apache.org>
Date: 2016-10-27T05:16:25Z
add eagleStorePlugin
commit 0b0dff360359659f78e070c3c6d11ba029a17503
Author: Zhao, Qingwen <qi...@apache.org>
Date: 2016-10-27T10:09:51Z
add alerts rest api for InMemMetadataDaoImpl
----
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastructure@apache.org or file a JIRA ticket
with INFRA.
---
[GitHub] incubator-eagle issue #573: EAGLE-681: Add new publisher AlertEagleStorePlug...
Posted by qingwen220 <gi...@git.apache.org>.
Github user qingwen220 commented on the issue:
https://github.com/apache/incubator-eagle/pull/573
http://localhost:9090/rest/metadata/alerts/batch
`[
{
"alertId": "c961dae1-b023-4851-a908-d1dc2cc138bd",
"siteId": "sandbox",
"appIds": [
"HDFSAUDITLOGAPPLICATION_SANDBOX"
],
"policyId": "test",
"policyValue": "from HDFS_AUDIT_LOG_ENRICHED_STREAM_SANDBOX[str:contains(src,'/tmp/test') and ((cmd=='rename' and str:contains(dst, '.Trash')) or cmd=='delete')] select * insert into hdfs_audit_log_enriched_stream_out",
"alertTimestamp": 0,
"alertData": {
"securityZone": "NA",
"dst": "/user/hdfs/.Trash/Current/tmp/test/subtest/private1477563438822",
"sensitivityType": "NA",
"src": "/tmp/test/subtest/private",
"allowed": "true",
"host": "192.168.0.1",
"cmd": "rename",
"user": "hdfs",
"timestamp": "2016-10-27 18:17:18"
}
},
{
"alertId": "9ac087e8-8e44-4f86-8a45-09942b48c9bf",
"siteId": "sandbox",
"appIds": [
"HDFSAUDITLOGAPPLICATION_SANDBOX"
],
"policyId": "test",
"policyValue": "from HDFS_AUDIT_LOG_ENRICHED_STREAM_SANDBOX[str:contains(src,'/tmp/test') and ((cmd=='rename' and str:contains(dst, '.Trash')) or cmd=='delete')] select * insert into hdfs_audit_log_enriched_stream_out",
"alertTimestamp": 0,
"alertData": {
"securityZone": "NA",
"dst": "/user/hdfs/.Trash/Current/tmp/test/subtest/private1477563487890",
"sensitivityType": "NA",
"src": "/tmp/test/subtest/private",
"allowed": "true",
"host": "192.168.0.1",
"cmd": "rename",
"user": "hdfs",
"timestamp": "2016-10-27 18:18:07"
}
}
]`
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastructure@apache.org or file a JIRA ticket
with INFRA.
---
[GitHub] incubator-eagle pull request #573: EAGLE-681: Add new publisher AlertEagleSt...
Posted by asfgit <gi...@git.apache.org>.
Github user asfgit closed the pull request at:
https://github.com/apache/incubator-eagle/pull/573
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastructure@apache.org or file a JIRA ticket
with INFRA.
---