BuzzSaw::Filter::UserClassifier - A BuzzSaw event filter for classifying users
This documentation refers to BuzzSaw::Filter::UserClassifier version 0.10.4
my @filters = [BuzzSaw::Filter::SSH->new(), BuzzSaw::Filter::Cosign->new(), BuzzSaw::Filter::UserClassifier->new()]; while ( defined( my $line = $fh->getline ) ) { my %event = $parser->parse_line($line); my ( $store, @all_tags); for my $filter (@filters) { my ( $accept, @tags ) = $filter->check(\%event, $store); if ($accept) { if ( $accept > 0 ) { $store = 1; } push @all_tags, @tags; } } if ($store) { # store log entry in DB } }
This is a Moose class which provides a filter which implements the BuzzSaw::Filter role. It is used to post-process entries where a previous filter in the stack has requested that it be stored into the database. If an entry of interest has a value set for the userid attribute then this module will classify the type of username (root, nonperson, real, others) using the BuzzSaw::UserClassifier module. This module will return a tag with a user_is_ prefix, like user_is_root or user_is_real. This module will not affect whether (or not) the entry is stored into the database. This module is designed to be used at the end of the filter stack so that it can process the results of all filters which might set a value for the userid attribute.
userid
user_is_
user_is_root
user_is_real
The BuzzSaw project provides a suite of tools for processing log file entries. Entries in files are parsed and filtered into a set of events of interest which are stored in a database. A report generation framework is also available which makes it easy to generate regular reports regarding the events discovered.
The short name of the module. The default is to use the final part of the Perl module name lower-cased (e.g. the name of BuzzSaw::Filter::UserClassifier is userclassifier).
BuzzSaw::Filter::UserClassifier
userclassifier
This method checks to see if any previous filter in the stack has requested that the log entry be stored (the $votes counter). If an entry of interest has a value set for the userid attribute then this module will classify the type of username (root, nonperson, real, others) using the BuzzSaw::UserClassifier module. This module will return a tag with a user_is_ prefix, like user_is_root or user_is_real. This module will not affect whether (or not) the entry is stored into the database. This module is designed to be used at the end of the filter stack so that it can process the results of all filters which might set a value for the userid attribute.
$votes
This module is powered by Moose. This module implements the BuzzSaw::Filter Moose role.
BuzzSaw, BuzzSaw::Parser
This is the list of platforms on which we have tested this software. We expect this software to work on any Unix-like platform which is supported by Perl.
ScientificLinux6
Please report any bugs or problems (or praise!) to bugs@lcfg.org, feedback and patches are also always very welcome.
Stephen Quinney <squinney@inf.ed.ac.uk>
Copyright (C) 2013 University of Edinburgh. All rights reserved.
This library is free software; you can redistribute it and/or modify it under the terms of the GPL, version 2 or later.
To install BuzzSaw::DB, copy and paste the appropriate command in to your terminal.
cpanm
cpanm BuzzSaw::DB
CPAN shell
perl -MCPAN -e shell install BuzzSaw::DB
For more information on module installation, please visit the detailed CPAN module installation guide.