Rule runner
Introduction
The rule-runner is a testing utility for the rules - core and templated.
This utility is part of the server deployment.
Installation
Download to your laptop
Extract to some folder
Add the folder to the PATH
export PATH=$PATH:<path of the extracted directory>
Usage
A - Validate rule structure and syntax
➜ indeni-knowledge git:(develop) ✗ rule-runner compile rules/templatebased/checkpoint/CheckPointDebugProcessesFileRotationNoVsxRule.yaml
2020-05-07 14:54:18,676 INFO -- Starting rule runner
2020-05-07 14:54:19,995 INFO -- Reading file: rules/templatebased/checkpoint/CheckPointDebugProcessesFileRotationNoVsxRule.yaml
2020-05-07 14:54:19,998 INFO -- Compiling rule...
2020-05-07 14:54:20,207 INFO -- Compiled rule:
Name: CheckPointDebugProcessesFileRotationNoVsxRule
Friendly name: Check Point Devices (Non-VSX): Debugging file is rotating too fast
Description: Indeni will alert if usermode process debuggin files are rotating too fast.
Categories: [HealthChecks]
Default Action: AlertNotificationSettings(15)
Severity: ERROR
Interval: DEFAULT
Parameters:
-
Name: High_Threshold_of_Store_use
Friendly name: High Threshold of Usage
Description: indeni will evaluate the current utilization vs the limit and trigger an issue if the percentage of usage crosses this number.
Category:
Type: DOUBLE
Default: 3.0
2020-05-07 14:54:20,207 INFO -- Existing
B. Test rule with configuration file