Rule runner

Introduction

The rule-runner is a testing utility for the rules - core and templated.

This utility is part of the server deployment.

Installation

  • Download to your laptop

  • Extract to some folder

  • Add the folder to the PATH
    export PATH=$PATH:<path of the extracted directory>

 

Usage

A - Validate rule structure and syntax

➜ indeni-knowledge git:(develop) ✗ rule-runner compile rules/templatebased/checkpoint/CheckPointDebugProcessesFileRotationNoVsxRule.yaml 2020-05-07 14:54:18,676 INFO -- Starting rule runner 2020-05-07 14:54:19,995 INFO -- Reading file: rules/templatebased/checkpoint/CheckPointDebugProcessesFileRotationNoVsxRule.yaml 2020-05-07 14:54:19,998 INFO -- Compiling rule... 2020-05-07 14:54:20,207 INFO -- Compiled rule: Name: CheckPointDebugProcessesFileRotationNoVsxRule Friendly name: Check Point Devices (Non-VSX): Debugging file is rotating too fast Description: Indeni will alert if usermode process debuggin files are rotating too fast. Categories: [HealthChecks] Default Action: AlertNotificationSettings(15) Severity: ERROR Interval: DEFAULT Parameters: - Name: High_Threshold_of_Store_use Friendly name: High Threshold of Usage Description: indeni will evaluate the current utilization vs the limit and trigger an issue if the percentage of usage crosses this number. Category: Type: DOUBLE Default: 3.0 2020-05-07 14:54:20,207 INFO -- Existing

 

B. Test rule with configuration file