 |
Alarms by type Tue, 06 Oct 2009 I want to share a new graph I have done for OSSIM "Executive Panel". It shows most generated alarms in a radar. I hope you will find it useful.  To create it just edit a graph, go to "Category -> Config Import" and paste the following:
plugin_custom_sql::
YTo0OntzOjY6InBsdWdpbiI7czoyMjoicGx
1Z2luX2NvbmZpZ19leGNoYW5nZSI7czoxMT
oicGx1Z2luX29wdHMiO2E6Mjc6e3M6ODoiZ
3JhcGhfZGIiO3M6NToib3NzaW0iO3M6OToi
Z3JhcGhfc3FsIjtzOjI0NDoic2VsZWN0IEN
PTkNBVChTVUJTVFJJTkcoUkVQTEFDRShwbH
VnaW5fc2lkLm5hbWUsImRpcmVjdGl2ZV9ld
mVudDogIiwiIiksMSwxNyksIi4uLiIpLCBj
b3VudCgqKSBhcyBudW0gZnJvbSBhbGFybSw
gcGx1Z2luX3NpZCAKd2hlcmUgYWxhcm0ucG
x1Z2luX2lkID0gcGx1Z2luX3NpZC5wbHVna
W5faWQgYW5kIAphbGFybS5wbHVnaW5fc2lk
ID0gcGx1Z2luX3NpZC5zaWQKZ3JvdXAgYnk
gYWxhcm0ucGx1Z2luX3NpZCBsaW1pdCA4Oy
I7czoxMToiZ3JhcGhfdGl0bGUiO3M6MDoiI
jtzOjEwOiJncmFwaF90eXBlIjtzOjU6InJh
ZGFyIjtzOjE4OiJncmFwaF9sZWdlbmRfZml
lbGQiO3M6Mzoicm93IjtzOjE2OiJncmFwaF
9wbG90c2hhZG93IjtzOjE6IjEiO3M6MTU6I
mdyYXBoX3BpZV90aGVtZSI7czo1OiJ3YXRl
ciI7czoxNzoiZ3JhcGhfcGllXzNkYW5nbGU
iO3M6MjoiNDUiO3M6MTc6ImdyYXBoX3BpZV
9leHBsb2RlIjtzOjM6ImFsbCI7czoyMToiZ
3JhcGhfcGllX2V4cGxvZGVfcG9zIjtzOjE6
IjEiO3M6MjI6ImdyYXBoX3BpZV9hbnRpYWx
pYXNpbmciO3M6MToiMSI7czoxNjoiZ3JhcG
hfcGllX2NlbnRlciI7czo0OiIwLjIzIjtzO
jE4OiJncmFwaF9wb2ludF9sZWdlbmQiO3M6
MDoiIjtzOjE3OiJncmFwaF9zaG93X3ZhbHV
lcyI7czoxOiIwIjtzOjExOiJncmFwaF9jb2
xvciI7czo3OiIjMDAwMDgwIjtzOjE0OiJnc
mFwaF9ncmFkaWVudCI7czoxOiIwIjtzOjEw
OiJncmFwaF9saW5rIjtzOjA6IiI7czoxNjo
iZ3JhcGhfcmFkYXJfZmlsbCI7czoxOiIxIj
tzOjExOiJncmFwaF95X21pbiI7czoxOiIwI
jtzOjExOiJncmFwaF95X21heCI7czoxOiIw
IjtzOjExOiJncmFwaF94X21pbiI7czoxOiI
wIjtzOjExOiJncmFwaF94X21heCI7czoxOi
IwIjtzOjExOiJncmFwaF95X3RvcCI7czoxO
iIwIjtzOjExOiJncmFwaF95X2JvdCI7czox
OiIwIjtzOjExOiJncmFwaF94X3RvcCI7czo
xOiIwIjtzOjExOiJncmFwaF94X2JvdCI7cz
oxOiIwIjtzOjE1OiJleHBvcnRlZF9wbHVna
W4iO3M6MTc6InBsdWdpbl9jdXN0b21fc3Fs
Ijt9czoxMToid2luZG93X29wdHMiO2E6Mzp
7czoyOiJpZCI7czozOiIxeDMiO3M6NToidG
l0bGUiO3M6MTQ6IkFsYXJtcyBieSBUeXBlI
jtzOjQ6ImhlbHAiO3M6MDoiIjt9czoxMToi
bWV0cmljX29wdHMiO2E6NDp7czoxNDoiZW5
hYmxlX21ldHJpY3MiO3M6MToiMCI7czoxMD
oibWV0cmljX3NxbCI7czowOiIiO3M6MTM6I
mxvd190aHJlc2hvbGQiO2k6MDtzOjE0OiJo
aWdoX3RocmVzaG9sZCI7aTowO319
And, on the other hand, if you are curious about the SQL query, here it is:
select CONCAT(SUBSTRING(REPLACE(plugin_sid.name,"directive_event: ",""),1,17),"..."), count(*) as num from alarm, plugin_sid
where alarm.plugin_id = plugin_sid.plugin_id and
alarm.plugin_sid = plugin_sid.sid
group by alarm.plugin_sid limit 8;
posted at: 14:59 | path: /ossim/configs | permanent link to this entry | 0 comments | |
Categories
/ (4) Santiago Gonzalez (feel free to get in touch) Friend's blogs: 
Archives Tags | |||||||||||||||||||||||||||||||||||||||||||||||||
| ||||||
