You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@eagle.apache.org by Edward Zhang <yo...@apache.org> on 2016/09/21 23:45:19 UTC
Re: Can You Give Me More Sample Data to Be Used for Training
Hi Xin Wu,
Sorry for late reply. Thanks for your interest in user profile but it looks
very hard to provide more sample data. Sometimes you need production data
to simulate your test.
But if you need sample data, probably you can write program to generate
random ip, user, read/write cmd etc and do some fault injection. Anyway its
purpose is to find out the obvious difference between training data and
test data.
2015-04-24 12:49:16,145 INFO FSNamesystem.audit: allowed=true
ugi=hdfs (auth:SIMPLE) ip=/10.0.2.15 cmd=getfileinfo src=/tmp
dst=null perm=null proto=rpc
2015-04-24 12:49:16,192 INFO FSNamesystem.audit: allowed=true
ugi=hdfs (auth:SIMPLE) ip=/10.0.2.15 cmd=getfileinfo
src=/user/ambari-qa dst=null perm=null proto=rpc
2015-04-24 12:49:20,518 INFO FSNamesystem.audit: allowed=true
ugi=hdfs (auth:SIMPLE) ip=/10.0.2.15 cmd=getfileinfo src=/tmp
dst=null perm=null proto=rpc
2015-04-24 12:49:20,570 INFO FSNamesystem.audit: allowed=true
ugi=hdfs (auth:SIMPLE) ip=/10.0.2.15 cmd=getfileinfo
src=/user/ambari-qa dst=null perm=null proto=rpc
2015-04-24 12:49:20,587 INFO FSNamesystem.audit: allowed=true
ugi=hdfs (auth:SIMPLE) ip=/10.0.2.15 cmd=getfileinfo src=/
dst=null perm=null proto=rpc
2015-04-24 12:49:20,664 INFO FSNamesystem.audit: allowed=true
ugi=hdfs (auth:SIMPLE) ip=/10.0.2.15 cmd=mkdirs src=/tmp dst=null
perm=hdfs:hdfs:rwxr-xr-x proto=rpc
2015-04-24 12:49:20,677 INFO FSNamesystem.audit: allowed=true
ugi=hdfs (auth:SIMPLE) ip=/10.0.2.15 cmd=getfileinfo src=/user
dst=null perm=null proto=rpc
2015-04-24 12:49:20,686 INFO FSNamesystem.audit: allowed=true
ugi=hdfs (auth:SIMPLE) ip=/10.0.2.15 cmd=mkdirs src=/user/ambari-qa
dst=null perm=hdfs:hdfs:rwxr-xr-x proto=rpc
2015-04-24 12:49:24,828 INFO FSNamesystem.audit: allowed=true
ugi=hdfs (auth:SIMPLE) ip=/10.0.2.15 cmd=getfileinfo src=/tmp
dst=null perm=null proto=rpc
2015-04-24 12:49:24,915 INFO FSNamesystem.audit: allowed=true
ugi=hdfs (auth:SIMPLE) ip=/10.0.2.15 cmd=setPermission src=/tmp
dst=null perm=hdfs:hdfs:rwxrwxrwx proto=rpc
2015-04-24 12:49:29,375 INFO FSNamesystem.audit: allowed=true
ugi=hdfs (auth:SIMPLE) ip=/10.0.2.15 cmd=getfileinfo
src=/user/ambari-qa dst=null perm=null proto=rpc
2015-04-24 12:49:29,453 INFO FSNamesystem.audit: allowed=true
ugi=hdfs (auth:SIMPLE) ip=/10.0.2.15 cmd=setPermission
src=/user/ambari-qa dst=null perm=hdfs:hdfs:rwxrwx--- proto=rpc
2015-04-24 12:49:33,542 INFO FSNamesystem.audit: allowed=true
ugi=hdfs (auth:SIMPLE) ip=/10.0.2.15 cmd=getfileinfo src=/tmp
dst=null perm=null proto=rpc
2015-04-24 12:49:37,844 INFO FSNamesystem.audit: allowed=true
ugi=hdfs (auth:SIMPLE) ip=/10.0.2.15 cmd=getfileinfo
src=/user/ambari-qa dst=null perm=null proto=rpc
2015-04-24 12:49:37,929 INFO FSNamesystem.audit: allowed=true
ugi=hdfs (auth:SIMPLE) ip=/10.0.2.15 cmd=setOwner
src=/user/ambari-qa dst=null perm=ambari-qa:hdfs:rwxrwx---
proto=rpc
2015-04-24 12:51:31,798 INFO FSNamesystem.audit: allowed=true
ugi=hdfs (auth:SIMPLE) ip=/10.0.2.15 cmd=getfileinfo
src=/apps/hbase/data dst=null perm=null proto=rpc
2015-04-24 12:51:31,863 INFO FSNamesystem.audit: allowed=true
ugi=hdfs (auth:SIMPLE) ip=/10.0.2.15 cmd=getfileinfo
src=/apps/hbase/staging dst=null perm=null proto=rpc
Thanks
Edward
On Sat, Sep 17, 2016 at 7:41 PM, 辛武 <xi...@pku.edu.cn> wrote:
> Dear Eagle Development Team:
> My name is Xin Wu, a college student of Peking University, and I am
> writing in the hope of your assistance to provide more sample data to me.
> First and foremost I know Eagle is the first activity monitoring
> system on the Hadoop-ecosystem for the detection of intrusion-related
> activities using behavior-based profiles of users. I am particularly
> interested in the project of Eagle and its ideas, at the same time, I also
> read the paper, Eagle: User Profile-based Anomaly Detection for Securing
> Hadoop Clusters. And I want to learn more, I need more sample data for
> research. Will you be able to supply more data to me?
> Looking forward to a prompt reply from you.
>
> Sincerely yours,
> Xin Wu
>