logdata-anomaly-miner 0.0.7-1 / etc / aminer / conf-available / generic / NtpParsingModel.py

This file is indexed.

/etc/aminer/conf-available/generic/NtpParsingModel.py is in logdata-anomaly-miner 0.0.7-1.

This file is owned by root:root, with mode 0o644.

The actual contents of the file can be viewed below. 

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
from aminer.parsing import DecimalIntegerValueModelElement
from aminer.parsing import DelimitedDataModelElement
from aminer.parsing import FirstMatchModelElement
from aminer.parsing import FixedDataModelElement
from aminer.parsing import IpAddressDataModelElement
from aminer.parsing import OptionalMatchModelElement
from aminer.parsing import SequenceModelElement
from aminer.parsing import VariableByteDataModelElement

def getModel():
  interfaceNameModel=VariableByteDataModelElement('interface', '0123456789abcdefghijklmnopqrstuvwxyz.')

  typeChildren=[]
  typeChildren.append(SequenceModelElement('exit', [
      FixedDataModelElement('s0', 'ntpd exiting on signal '),
      DecimalIntegerValueModelElement('signal')
  ]))

  typeChildren.append(SequenceModelElement('listen-drop', [
      FixedDataModelElement('s0', 'Listen and drop on '),
      DecimalIntegerValueModelElement('fd'),
      FixedDataModelElement('s1', ' '),
      interfaceNameModel,
      FixedDataModelElement('s2', ' '),
      FirstMatchModelElement('address', [
          IpAddressDataModelElement('ipv4'),
          DelimitedDataModelElement('ipv6', ' '),
      ]),
      FixedDataModelElement('s3', ' UDP 123')
  ]))

  typeChildren.append(SequenceModelElement('listen-normal', [
      FixedDataModelElement('s0', 'Listen normally on '),
      DecimalIntegerValueModelElement('fd'),
      FixedDataModelElement('s1', ' '),
      interfaceNameModel,
      FixedDataModelElement('s2', ' '),
      IpAddressDataModelElement('ip'),
      FirstMatchModelElement('msg', [
          FixedDataModelElement('port-new', ':123'),
          FixedDataModelElement('port-old', ' UDP 123')
      ])
  ]))

  typeChildren.append(SequenceModelElement('listen-routing', [
      FixedDataModelElement('s0', 'Listening on routing socket on fd #'),
      DecimalIntegerValueModelElement('fd'),
      FixedDataModelElement('s1', ' for interface updates')
  ]))

  typeChildren.append(FixedDataModelElement('new-interfaces', 'new interface(s) found: waking up resolver'))

  typeChildren.append(FixedDataModelElement('ntp-io', 'ntp_io: estimated max descriptors: 1024, initial socket boundary: 16'))

  typeChildren.append(FixedDataModelElement('peers-refreshed', 'peers refreshed'))

  typeChildren.append(SequenceModelElement('precision', [
      FixedDataModelElement('s0', 'proto: precision = '),
      DelimitedDataModelElement('precision', ' '),
      FixedDataModelElement('s1', ' usec')
  ]))

  model=SequenceModelElement('ntpd', [FixedDataModelElement('sname', 'ntpd['),
      DecimalIntegerValueModelElement('pid'),
      FixedDataModelElement('s0', ']: '),
      FirstMatchModelElement('msg', typeChildren)])
  return(model)

APT Browse - Built by Thomas Orozco.