beenull/crowdsec
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

expose metrics to file

Browse source
This commit is contained in:
Emanuel Seemann 2023-09-20 14:28:11 +02:00
parent e69ed4db6a
commit ba7a5a3afe
No known key found for this signature in database
2 changed files with 45 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

40
pkg/bayesiantrain/inference.go
View file

@ -2,6 +2,7 @@ package bayesiantrain
import ( import (
"fmt" "fmt"
"os"
"github.com/antonmedv/expr" "github.com/antonmedv/expr"
"github.com/antonmedv/expr/vm" "github.com/antonmedv/expr/vm"
@ -15,7 +16,14 @@ type fakeBucket struct {
label int label int
} }
func (f *fakeBucket) scoreTrainedClassifier(results map[string]BayesianResult, exprCache map[string]vm.Program, prior float32, threshold float32) int { type inferenceResult struct {
ip string
prediction int
label int
probability float32
}
func (f *fakeBucket) scoreTrainedClassifier(results map[string]BayesianResult, exprCache map[string]vm.Program, prior float32, threshold float32, resultChan chan<- inferenceResult) int {
var posterior float32 var posterior float32
var queue leakybucket.Queue var queue leakybucket.Queue
var program vm.Program var program vm.Program
@ -23,6 +31,8 @@ func (f *fakeBucket) scoreTrainedClassifier(results map[string]BayesianResult, e
var ok bool var ok bool
var guillotinecache map[string]bool var guillotinecache map[string]bool
ip := f.events[0].Meta["source_ip"]
label := f.label
guillotinecache = make(map[string]bool) guillotinecache = make(map[string]bool)
for index, evt := range f.events { for index, evt := range f.events {
@ -60,9 +70,35 @@ func (f *fakeBucket) scoreTrainedClassifier(results map[string]BayesianResult, e
} }
if posterior >= threshold { if posterior >= threshold {
resultChan <- inferenceResult{ip, 1, label, posterior}
return 1 return 1
} }
} }
resultChan <- inferenceResult{ip, 0, label, posterior}
return 0 return 0
} }
func saveResultsToDisk(inputChan <-chan inferenceResult) {
var res inferenceResult
var str string
var more bool
f, err := os.Create("inference_result.csv")
if err != nil {
fmt.Printf("%s", err)
}
f.WriteString("ip,probability,label\n")
defer f.Close()
for {
res, more = <-inputChan
if !more {
return
}
str = fmt.Sprint(res.ip, ",", res.probability, ",", res.label, "\n")
f.WriteString(str)
}
}

8
pkg/bayesiantrain/trainer.go
View file

@ -143,12 +143,16 @@ func (s *LogEventStorage) GenerateBucketMetrics(threshold float32) error {
var falseNegative int var falseNegative int
var truePositive int var truePositive int
var trueNegative int var trueNegative int
var inferenceChannel chan inferenceResult
inferenceChannel = make(chan inferenceResult, 20)
prior := float32(s.nEvilIps) / float32(s.total) prior := float32(s.nEvilIps) / float32(s.total)
go saveResultsToDisk(inferenceChannel)
for _, bucket := range s.ParsedIpEvents { for _, bucket := range s.ParsedIpEvents {
res = bucket.scoreTrainedClassifier(s.CachedHypotheses, s.exprCache, prior, threshold) res = bucket.scoreTrainedClassifier(s.CachedHypotheses, s.exprCache, prior, threshold, inferenceChannel)
if res < 0 { if res < 0 {
return fmt.Errorf("generatebucketmetrics returned an error, aborting") return fmt.Errorf("generatebucketmetrics returned an error, aborting")
} }
@ -167,6 +171,8 @@ func (s *LogEventStorage) GenerateBucketMetrics(threshold float32) error {
} }
} }
close(inferenceChannel)
fmt.Println("raw : ", falsePositive, falseNegative, truePositive, trueNegative) fmt.Println("raw : ", falsePositive, falseNegative, truePositive, trueNegative)
printBucketMetrics(falsePositive, falseNegative, truePositive, trueNegative) printBucketMetrics(falsePositive, falseNegative, truePositive, trueNegative)