> What else do you want /need to know about the crash analyzer in addition > to the changelog of 2.0.2_3.1.08? > > Thomas
Well **finding** the 'changelog of 2.0.2_3.1.08' would be a good start! So for the *sake* of others reading this, here it is: I had to 'fight' this text out of 'sourceforge' resources: http://sourceforge.net/projects/assp/files/ASSP%20V2%20multithreading/changelog.txt/download *************QUOTED**************** ------------------------------------------------- fixed in 2.0.1_3.1.08: experimental: - ASSP now has an automatic self learning crash detection system included. This feature uses the folder 'base/crash_repo' as crash respository. >From the time a new connection is astablished for an incoming mail, a unique file is opend in the crash respository and all received data (and some other stuff) is stored there. These files are removed from the folder, if the message is finished processed anyway. If Perl/ASSP is crashing, the crash respository will contain all files, that where opened at crash time. If assp is (re)starting, it will look in to the crash respository, will clean up the folder from unneeded (too short) files and read all header lines from all remaining files in to a HMM 'Hidden-Markov-Model'. The HMM is used to compute the likelihood of possible word or string combinations. So we can "ask" the HMM: "what words will possibly follow this word or word combination ?". HMM will "answer" with a list of words and there likelihood, that it expects to follow our string. ASSP will compute a crash likelihood value for each incoming mail, if the header is received and - it will block the mail, if it expects, that further processing the mail, will cash assp. This feature is disabled per default. To enable it, you have three options: 1. change line 193 of assp.pl to: our $enableCrashAnalyzer = 1; 2. use the commandline switch : --enableCrashAnalyzer:=1 3. add the line : $main::enableCrashAnalyzer = 1; to the stub set in CorrectASSPcfg.pm For extended information about what this feature is doing, set 'ConnectionLog' to on (better to verbose or diagnostic -> more info) Currently this feature is EXPERIMENTAL !!! It will not block any mail. If you want this feature to block mails, you must uncommend the line 46760 of assp.pl (remove the # from # return 1 if $value > $limit; ) The number of files used from the crash respository to build the HMM is restricted to a value of (NumComWorkers * 10), because the HMM needs alot of memory. please follow this recommendations: 1. keep an eye on the crash respository - to prevent to high memory usage 2. never copy .eml files to the crash respository - instead duplicate possible very bad files in the crash respository to speed up the HMM learning process 3. it is often smarter to look in to the crash respository files and to build a preHeaderRe to block such mails ------------------------------------------------- ***********END QUOTED************* Please realize this is in *boring* 'plain text mail format'! Hence the 'view format' (readability) will be 'poor'... :) ..."Mutter, mutter and grumble".... Thomas, thanks but the ASS [changelog.txt] is !not part of ASSP's auto updates procedure. Could you please enhance this 'change note' into a readable document, and distribute *please* Peter ------------------------------------------------------------------------------ All of the data generated in your IT infrastructure is seriously valuable. Why? It contains a definitive record of application performance, security threats, fraudulent activity, and more. Splunk takes this data and makes sense of it. IT sense. And common sense. http://p.sf.net/sfu/splunk-d2d-c2 _______________________________________________ Assp-test mailing list Assp-test@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-test
