You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@eagle.apache.org by Edward Zhang <yo...@apache.org> on 2016/09/21 23:45:19 UTC

Re: Can You Give Me More Sample Data to Be Used for Training

Hi Xin Wu,

Sorry for late reply. Thanks for your interest in user profile but it looks
very hard to provide more sample data. Sometimes you need production data
to simulate your test.

But if you need sample data, probably you can write program to generate
random ip, user, read/write cmd etc and do some fault injection. Anyway its
purpose is to find out the obvious difference between training data and
test data.

2015-04-24 12:49:16,145 INFO FSNamesystem.audit: allowed=true
ugi=hdfs (auth:SIMPLE) ip=/10.0.2.15  cmd=getfileinfo    src=/tmp
dst=null   perm=null  proto=rpc
2015-04-24 12:49:16,192 INFO FSNamesystem.audit: allowed=true
ugi=hdfs (auth:SIMPLE) ip=/10.0.2.15  cmd=getfileinfo
src=/user/ambari-qa    dst=null   perm=null  proto=rpc
2015-04-24 12:49:20,518 INFO FSNamesystem.audit: allowed=true
ugi=hdfs (auth:SIMPLE) ip=/10.0.2.15  cmd=getfileinfo    src=/tmp
dst=null   perm=null  proto=rpc
2015-04-24 12:49:20,570 INFO FSNamesystem.audit: allowed=true
ugi=hdfs (auth:SIMPLE) ip=/10.0.2.15  cmd=getfileinfo
src=/user/ambari-qa    dst=null   perm=null  proto=rpc
2015-04-24 12:49:20,587 INFO FSNamesystem.audit: allowed=true
ugi=hdfs (auth:SIMPLE) ip=/10.0.2.15  cmd=getfileinfo    src=/
dst=null   perm=null  proto=rpc
2015-04-24 12:49:20,664 INFO FSNamesystem.audit: allowed=true
ugi=hdfs (auth:SIMPLE) ip=/10.0.2.15  cmd=mkdirs src=/tmp   dst=null
perm=hdfs:hdfs:rwxr-xr-x   proto=rpc
2015-04-24 12:49:20,677 INFO FSNamesystem.audit: allowed=true
ugi=hdfs (auth:SIMPLE) ip=/10.0.2.15  cmd=getfileinfo    src=/user
dst=null   perm=null  proto=rpc
2015-04-24 12:49:20,686 INFO FSNamesystem.audit: allowed=true
ugi=hdfs (auth:SIMPLE) ip=/10.0.2.15  cmd=mkdirs src=/user/ambari-qa
 dst=null   perm=hdfs:hdfs:rwxr-xr-x   proto=rpc
2015-04-24 12:49:24,828 INFO FSNamesystem.audit: allowed=true
ugi=hdfs (auth:SIMPLE) ip=/10.0.2.15  cmd=getfileinfo    src=/tmp
dst=null   perm=null  proto=rpc
2015-04-24 12:49:24,915 INFO FSNamesystem.audit: allowed=true
ugi=hdfs (auth:SIMPLE) ip=/10.0.2.15  cmd=setPermission  src=/tmp
dst=null   perm=hdfs:hdfs:rwxrwxrwx   proto=rpc
2015-04-24 12:49:29,375 INFO FSNamesystem.audit: allowed=true
ugi=hdfs (auth:SIMPLE) ip=/10.0.2.15  cmd=getfileinfo
src=/user/ambari-qa    dst=null   perm=null  proto=rpc
2015-04-24 12:49:29,453 INFO FSNamesystem.audit: allowed=true
ugi=hdfs (auth:SIMPLE) ip=/10.0.2.15  cmd=setPermission
src=/user/ambari-qa    dst=null   perm=hdfs:hdfs:rwxrwx---   proto=rpc
2015-04-24 12:49:33,542 INFO FSNamesystem.audit: allowed=true
ugi=hdfs (auth:SIMPLE) ip=/10.0.2.15  cmd=getfileinfo    src=/tmp
dst=null   perm=null  proto=rpc
2015-04-24 12:49:37,844 INFO FSNamesystem.audit: allowed=true
ugi=hdfs (auth:SIMPLE) ip=/10.0.2.15  cmd=getfileinfo
src=/user/ambari-qa    dst=null   perm=null  proto=rpc
2015-04-24 12:49:37,929 INFO FSNamesystem.audit: allowed=true
ugi=hdfs (auth:SIMPLE) ip=/10.0.2.15  cmd=setOwner
src=/user/ambari-qa    dst=null   perm=ambari-qa:hdfs:rwxrwx---
proto=rpc
2015-04-24 12:51:31,798 INFO FSNamesystem.audit: allowed=true
ugi=hdfs (auth:SIMPLE) ip=/10.0.2.15  cmd=getfileinfo
src=/apps/hbase/data   dst=null   perm=null  proto=rpc
2015-04-24 12:51:31,863 INFO FSNamesystem.audit: allowed=true
ugi=hdfs (auth:SIMPLE) ip=/10.0.2.15  cmd=getfileinfo
src=/apps/hbase/staging    dst=null   perm=null  proto=rpc


Thanks

Edward


On Sat, Sep 17, 2016 at 7:41 PM, 辛武 <xi...@pku.edu.cn> wrote:

> Dear Eagle Development Team:
>     My name is Xin Wu, a college student of Peking University, and I am
> writing in the hope of your assistance to provide more sample data to me.
>     First and foremost I know Eagle is the first activity monitoring
> system on the Hadoop-ecosystem for the detection of intrusion-related
> activities using behavior-based profiles of users. I am particularly
> interested in the project of Eagle and its ideas, at the same time, I also
> read the paper, Eagle: User Profile-based Anomaly Detection for Securing
> Hadoop Clusters. And I want to learn more, I need more sample data for
> research. Will you be able to supply more data to me?
>     Looking forward to a prompt reply from you.
>
>  Sincerely yours,
>                                                                    Xin Wu
>