magichour.api.local.modeleval package¶
Submodules¶
magichour.api.local.modeleval.apply module¶
-
magichour.api.local.modeleval.apply.apply_events(events, windows, mp=False)¶
-
magichour.api.local.modeleval.apply.apply_templates(templates, loglines, mp=True, process_auditd=False)¶ Applies the templates on an iterable. This function creates a list of TimedTemplate named tuples. In effect this will produce a list of which templates occurred at which times. -1 is the template_id that is used for a logline which was unable to be matched to a template.
The templates accepted by this function is exactly the output of functions in template.py This function has the option of running in either multiprocessing mode (mp=True by default) or not.
Parameters: - templates – iterable Templates to apply
- loglines – loglines which will be examined
- Kwargs:
- mp: whether or not to run in multiprocessing mode (default: True) process_auditd: whether or not to use specialized auditd processing (default: False)
Returns: a list of TimedTemplate named tuples that represent which templates occurred at which times in the log file. Return type: timed_templates
-
magichour.api.local.modeleval.apply.count_templates(window)¶
-
magichour.api.local.modeleval.apply.counter_issubset(counter1, counter2)¶
-
magichour.api.local.modeleval.apply.process_auditd_line(templates, logline)¶
-
magichour.api.local.modeleval.apply.process_line(templates, logline)¶
magichour.api.local.modeleval.window module¶
-
magichour.api.local.modeleval.window.modeleval_window(timed_templates, window_size=60, remove_junk_drawer=False)¶