[jira] [Commented] (EAGLE-681) Add new publisher AlertEagleStorePlugin

Thu, 27 Oct 2016 03:22:49 -0700 

    [ 
https://issues.apache.org/jira/browse/EAGLE-681?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15611455#comment-15611455
 ] 

ASF GitHub Bot commented on EAGLE-681:
--------------------------------------

Github user qingwen220 commented on the issue:

    https://github.com/apache/incubator-eagle/pull/573
  
    http://localhost:9090/rest/metadata/alerts/batch
    
    `[
        {
            "alertId": "c961dae1-b023-4851-a908-d1dc2cc138bd",
            "siteId": "sandbox",
            "appIds": [
                "HDFSAUDITLOGAPPLICATION_SANDBOX"
            ],
            "policyId": "test",
            "policyValue": "from 
HDFS_AUDIT_LOG_ENRICHED_STREAM_SANDBOX[str:contains(src,'/tmp/test') and 
((cmd=='rename' and str:contains(dst, '.Trash')) or cmd=='delete')] select * 
insert into hdfs_audit_log_enriched_stream_out",
            "alertTimestamp": 0,
            "alertData": {
                "securityZone": "NA",
                "dst": 
"/user/hdfs/.Trash/Current/tmp/test/subtest/private1477563438822",
                "sensitivityType": "NA",
                "src": "/tmp/test/subtest/private",
                "allowed": "true",
                "host": "192.168.0.1",
                "cmd": "rename",
                "user": "hdfs",
                "timestamp": "2016-10-27 18:17:18"
            }
        },
        {
            "alertId": "9ac087e8-8e44-4f86-8a45-09942b48c9bf",
            "siteId": "sandbox",
            "appIds": [
                "HDFSAUDITLOGAPPLICATION_SANDBOX"
            ],
            "policyId": "test",
            "policyValue": "from 
HDFS_AUDIT_LOG_ENRICHED_STREAM_SANDBOX[str:contains(src,'/tmp/test') and 
((cmd=='rename' and str:contains(dst, '.Trash')) or cmd=='delete')] select * 
insert into hdfs_audit_log_enriched_stream_out",
            "alertTimestamp": 0,
            "alertData": {
                "securityZone": "NA",
                "dst": 
"/user/hdfs/.Trash/Current/tmp/test/subtest/private1477563487890",
                "sensitivityType": "NA",
                "src": "/tmp/test/subtest/private",
                "allowed": "true",
                "host": "192.168.0.1",
                "cmd": "rename",
                "user": "hdfs",
                "timestamp": "2016-10-27 18:18:07"
            }
        }
    ]`


> Add new publisher AlertEagleStorePlugin 
> ----------------------------------------
>
>                 Key: EAGLE-681
>                 URL: https://issues.apache.org/jira/browse/EAGLE-681
>             Project: Eagle
>          Issue Type: New Feature
>    Affects Versions: v0.5.0
>            Reporter: Zhao, Qingwen
>            Assignee: Zhao, Qingwen
>             Fix For: v0.5.0
>
>
> In Eagle 0.5, only three types of publishers supported: email, kafka, slack.  
> Users may be want to view all the alerts on the web, which requires eagle to 
> store the alert into database. 



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Reply via email to