Versions Compared

Old Version 10

changes.mady.by.user Former user

Saved on

compared with

New Version 11

changes.mady.by.user Former user

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  • Patterns syntax is used to identify two login attempts, received through the authStream, to the same account by two different IP addresses within 10 seconds. Such two events are named as a1 and b1.
  • The arrow (->) denoted that b1 should occur after a1.
  • The condition given inside brackets is used to capture events with the same user name but different IP addresses.
  • The keyword 'within' specifies that this pattern should occur inside a 10,000 milliseconds time interval.
  • Few attributes are selected and inserted to the alertStream.
  • 'every' keyword ensures that CEP keeps searching for this pattern for every event received. If this keyword is omitted, CEP will search for the pattern only once, and any subsequent events will be discarded.

Prerequisites

For a list of prerequisites, please refer to the prerequisites section in Setting up CEP SamplesSee Prerequisites in CEP Samples Setup page.

Building the

...

sample

Start the WSO2 CEP server with the sample

...

configuration numbered 0104. For instructions, see Starting sample CEP configurations. This sample configuration does the following:

  • Creates <CEP_HOME>/repository/conf

...

  • /stream-manager-config.xml file, which is used to create the stream definitions

...

  • for the sample.

...

  • Points the default Axis2 repo

...

  • to

...

  • <CEP_HOME>/sample/artifacts/0104 (by default, the Axis2 repo is <CEP_HOME>/repository/deployment/server)

...

  • .

Executing the

...

sample

  1. Open

    another terminal and switch

    a new terminal, go to <CEP_HOME>/samples/consumers/wso2-event and run ant from there.

    This will build the sample wso2event

    It builds the sample wso2event consumer and

    execute

    executes it.

    Info

    Do not close this terminal

    as it

    . It is required to keep the server running

    in order to receive events and view them

    and receiving events.

  2. From

    Open another terminal

    switch

    , go to <CEP_HOME>/samples/producers/login-info

    /

    and

    run

    run ant

    from

     from there.

    This will build and run the



    It builds and runs the wso2event producer, which

    will send some

    sends sample login information to the CEP server.

    From

  3. On this terminal,

    you will be able to view the

    see details of the

    events sent.

    Once the step 3 is done successfully, you will be able to see the output events (alerts on suspicious login attempts) received from the CEP via the terminal opened in step 2.

    Info
    titleNote

    Since this sample uses random data and time-based patterns, different executions may result in produce different results. In some instances, if you limit the number of events sent to a very low number such as 3 or 4, you may not see a result at all.

    Below For example, given below is the console output of the consumer when sending 6 events from the producer.

    Image RemovedImage Added