Introduction
This sample demonstrates how to set up an execution plan with queries to detect suspicious login attempts to a user account. It generates an alert if it detects two or more login attempts to the same user account from different IP addresses within a short time period.
This sample uses wso2event for both inputs and outputs.
Prerequisites
For a list of prerequisites, please refer to the prerequisites section in Setting up CEP Samples.
Building the Sample
Start the WSO2 CEP server with the sample number as ./wso2cep-samples.sh -sn 0104 (or on Windows, wso2cep-samples.bat -sn 0104). This will start up the server with the configuration files required for this sample.
Here when executing the sample with above command, there are some operations done in the background. There is a file called "stream-manager-config.xml" copied to the <CEP_HOME>/repository/conf from the artifacts directory of the sample. This file will be used in the server startup to create the stream definitions to run the sample.
Then, default Axis2 repo will be pointed to the directory <CEP_HOME>/sample/artifacts/0104 (by default Axis2 repo is <CEP_HOME>/repository/deployment/server). There will be limited functionality in sample server startup mode, so don't perform other tasks in the server when it is start-up in the sample mode.
...