Anomaly detection Engine for Linux Logs (ADE)
Verifying that the amount of data is sufficient to create a model - verify
verify is a bash script which invokes the correct Java class after setting up the environment needed. verify determine if there is sufficient data to create a baseline of expected behavior during train against which the Linux logs being processed by analyze are compared.
Usage
Use verify to determine if there is sufficient data for train to create a model that is used by analyze to detect anomalies in Linux logs. verify extracts the information it needs from the JDBC compliant database which is populated by upload and analyze. The results are written to the file system when verify completes. If there is insufficient data then verify issues a message.
Notes
- Unless either a start date or a start date and end date are provided, verify will use all the information in the database to create a model.
Command syntax
| Command | Options selected |
|---|---|
| verify model-group | Processes all systems in the model group, starting with the first date with data in the database and continuing to the final date with data in the database |
| verify model-group start-date | Processes all systems in the model group, using data between the specified start date and the last date with data in the database |
| verify model-group start-date end-date | Processes all systems in the model group, using data between the specified start and end dates |
Restrictions
If verify indicated that there was insufficient data, train may not run successfully and will likely not produce a model which has a lot of explanatory power.