AMINERREMOTECONTROL(1) | logdata-anomaly-miner User Man | AMINERREMOTECONTROL(1) |
aminerremotecontrol - lightweight tool for log checking, log analysis
aminerremotecontrol [[--exec command] | [--exec-file file]] [OPTIONS]...
This manual page documents briefly the aminerremotecontrol command. The command executes arbitrary remote control commands in a running AMiner child process. As child process is usually running with lowered privileges or SELinux/AppArmor confinement, you may observe unexpected results when accessing resources outside the child process, e.g. files. For more details see also packaged documentation at /usr/share/doc/logdata-anomaly-miner.
Print a property of the running AMinerConfig:
Print the complete AMinerConfig:
Print a property of the running AMinerConfig, change it and confirm the changed value by printing it again:
with long options starting with two dashes ('-'). A summary of options is included below. For a complete description, see the info(1) files.
--control-socket, -c socket
--exec, -e command
--exec-file, -f file
--data, -d data
--string-response, -s
Read more about which properties can be changed in the Valid Property Names section.
example: aminerremotecontrol --exec "change_attribute_of_registered_analysis_component(analysis_context, 'NewMatchPath', 'auto_include_flag', False)"
example: aminerremotecontrol --exec "rename_registered_analysis_component(analysis_context,'NewMatchPath','NewMatchPathDetector')"
example: aminerremotecontrol --exec "add_handler_to_atom_filter_and_register_analysis_component(analysis_context, 'AtomFilter', NewMatchPathDetector(analysis_context.aminer_config, analysis_context.atomizer_factory.atom_handler_list, auto_include_flag=True), 'NewMatchPathDet')"
example: aminerremotecontrol --exec "print_config_property(analysis_context,'LogResourceList')"
print_attribute_of_registered_analysis_component(analysis_context,component_name, attribute)
example: aminerremotecontrol --exec "print_attribute_of_registered_analysis_component(analysis_context,'NewMatchPath', 'auto_include_flag')"
example: aminerremotecontrol --exec "print_current_config(analysis_context)" --string-response
example: aminerremotecontrol --exec "save_current_config(analysis_context,'/tmp/')"
example: aminerremotecontrol --exec "persist_all()"
example: aminerremotecontrol --exec "create_backup()"
example: aminerremotecontrol --exec "list_backups()"
example: aminerremotecontrol --exec "allowlist_event_in_component(analysis_context,'EnhancedNewMatchPathValueComboDetector','new/path')"
example: aminerremotecontrol --exec "allowlist_event_in_component(analysis_context,'MissingMatchPathValueDetector','new/path',-11)"
example: aminerremotecontrol --exec "allowlist_event_in_component(analysis_context,'NewMatchPathDetector',['new/path'])"
example: aminerremotecontrol --exec "allowlist_event_in_component(analysis_context,'NewMatchPathValueComboDetector','new/path')"
example: aminerremotecontrol --exec "dump_events_from_history(analysis_context,'VolatileLogarithmicBackoffEventHistory',12)"
example: aminerremotecontrol --exec "ignore_events_from_history(analysis_context,'VolatileLogarithmicBackoffEventHistory',[12,13,15])"
example: aminerremotecontrol --exec "list_events_from_history(analysis_context,'VolatileLogarithmicBackoffEventHistory',600)"
example: aminerremotecontrol --exec "allowlist_events_from_history(analysis_context,'VolatileLogarithmicBackoffEventHistory',[12,13,15])"
Example: aminerremotecontrol --exec "change_config_property(analysis_context, 'MailAlerting.TargetAddress', 'root@localhost')"
Define a target e-mail address to send alerts to. When undefined, no e-mail notification hooks are added.
Example: aminerremotecontrol --exec "change_config_property(analysis_context, 'MailAlerting.FromAddress', 'root@localhost')"
Sender address of e-mail alerts.
Example: aminerremotecontrol --exec "change_config_property(analysis_context, 'MailAlerting.SubjectPrefix', 'AMiner Alerts:')"
Define, which text should be prepended to the standard aminer subject. Defaults to "AMiner Alerts:"
Example: aminerremotecontrol --exec "change_config_property(analysis_context, 'MailAlerting.EventCollectTime', 10)"
Define how many seconds to wait after a first event triggered the alerting procedure before really sending out the e-mail. In that timespan, events are collected and will be sent all using a single e-mail. Defaults to 10 seconds.
Example: aminerremotecontrol --exec "change_config_property(analysis_context, 'MailAlerting.MinAlertGap', 600)"
Define the minimum time between two alert e-mails in seconds to avoid spamming. All events during this timespan are collected and sent out with the next report. Defaults to 600 seconds.
Example: aminerremotecontrol --exec "change_config_property(analysis_context, 'MailAlerting.MaxAlertGap', 1000)"
Define the maximum time between two alert e-mails in seconds. When undefined this defaults to "MailAlerting.MinAlertGap". Otherwise this will activate an exponential backoff to reduce messages during permanent error states by increasing the alert gap by 50% when more alert-worthy events were recorded while the previous gap time was not yet elapsed.
Example: aminerremotecontrol --exec "change_config_property(analysis_context, 'MailAlerting.MaxEventsPerMessage', 1000)"
Define how many events should be included in one alert mail at most. This defaults to 1000.
Example: aminerremotecontrol --exec "change_config_property(analysis_context, 'LogPrefix', ' Original log line: ')"
Most analysis components implement the output_log_line-property, which is True by default. Define a prefix to the original captured log lines. This defaults to ''.
Example: aminerremotecontrol --exec "change_config_property(analysis_context, 'Resources.MaxMemoryUsage', -1)"
This property limits the maximal possible RAM in MB which the AMiner process can use. Be careful at choosing the value, as a shortage of memory causes a MemoryError. This defaults to -1, which means that there is no limit.
Example: aminerremotecontrol --exec "change_config_property(analysis_context, 'Core.PersistencePeriod', 300)"
Use this property to change the time between persisting data in analysis components. Defaults to 600 seconds.
Example: aminerremotecontrol --exec "change_config_property(analysis_context, 'Log.StatisticsLevel', 2)"
Change the amount of data saved in statistics. Possible stat-levels are 0 for no statistics, 1 for normal statistic level and 2 for verbose statistics. Defaults to 1.
Example: aminerremotecontrol --exec "change_config_property(analysis_context, 'Log.DebugLevel', 2)"
Change the debug logging level. Possible debug-levels are 0 for no logging, 1 for normal output (INFO and above), 2 for printing all debug information. Defaults to 1.
Example: aminerremotecontrol --exec "change_config_property(analysis_context, 'Log.StatisticsPeriod', 360)"
Change how often statistics are logged and reset. This defaults to 3600 seconds.
Report bugs via your distribution's bug tracking system. For bugs in the the software trunk, report via at
Markus Wurzenberger <>
Copyright © 2016 Markus Wurzenberger
This manual page was written for the Debian system (and may be used by others).
Permission is granted to copy, distribute and/or modify this document under the terms of the GNU General Public License, Version 3.
On Debian systems, the complete text of the GNU General Public License can be found in /usr/share/common-licenses/GPL.
01/31/2021 | logdata-anomaly-miner |