devel:alertengine
Differences
This shows you the differences between two versions of the page.
|
devel:alertengine [2008/06/19 08:16] thomaska Created the start of alertengine doc |
devel:alertengine [2008/06/19 08:38] (current) thomaska added comment aboud where lookup choices can be found |
||
|---|---|---|---|
| Line 9: | Line 9: | ||
| Understanding how we check a filtergroup against an alert is where most of the complexity of the system comes into light. Each filtergroup has filtergroupcontents which designate how the set of filters the contents specify should be combined. The filtergroupcontents is where 'inclusion', 'exclusion', 'and' and 'add inverse' (simply a negated add) opperations are set up. | Understanding how we check a filtergroup against an alert is where most of the complexity of the system comes into light. Each filtergroup has filtergroupcontents which designate how the set of filters the contents specify should be combined. The filtergroupcontents is where 'inclusion', 'exclusion', 'and' and 'add inverse' (simply a negated add) opperations are set up. | ||
| - | To actually see if an alert matches we simply compile all the expressions in a filter into a Django-ORM lookup and do a 'SELECT COUNT(*) FROM ...' which will tell us if our filter matches. The mapping we generate is combined with standard ORM lookups except for a few special cases like IP's. The following mapping shows how the current (as of 2008-06-19) mapping is setup from database table+column to the ORM: | + | To actually see if an alert matches we simply compile all the expressions in a filter into a Django-ORM lookup and do a 'SELECT COUNT(*) FROM ...' which will tell us if our filter matches. The mapping we generate is combined with standard ORM lookups except for a few special cases like IP's. The following mapping shows how the current (as of 2008-06-19) mapping is setup from database table+column to the ORM (MatchField.CHOICES contains the sameinformation): |
| alertq.alertqid: id | alertq.alertqid: id | ||
| Line 159: | Line 159: | ||
| vlan.vlanid: netbox__organization__vlan__id | vlan.vlanid: netbox__organization__vlan__id | ||
| vlan.vlan: netbox__organization__vlan__vlan | vlan.vlan: netbox__organization__vlan__vlan | ||
| - | |||
| - | The following Python code was used to compute the mapping overview in this wiki: | ||
| - | |||
| - | <code python> | ||
| - | for key,value in MatchField.VALUE_MAP.items(): | ||
| - | a = MatchField.FOREIGN_MAP[key.split('.')[0]] | ||
| - | if a: a += '__' | ||
| - | print '%30s: %s%s\n' % (key, a, value) | ||
| - | </code> | ||
| - | |||
devel/alertengine.1213863398.txt.gz ยท Last modified: 2008/06/19 08:16 by thomaska
Page Tools
