Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Log and/or post in chat for FindSpam Rules which take more than a defined amount of time #7041

Merged
merged 4 commits into from
Jun 2, 2022
Merged

Log and/or post in chat for FindSpam Rules which take more than a defined amount of time #7041

merged 4 commits into from
Jun 2, 2022

Conversation

makyen
Copy link
Contributor

@makyen makyen commented May 31, 2022

Log and/or post to chat high elapsed times for individual runs of each detection Rule

This is primarily for debugging and/or monitoring how long individual runs of a Rule (detection) takes. Output is to the console and/or into rooms with the "long-rule-times" role (new role).

The general definitions are:

# (<Log level>, <text prepended to chat message>, <minimum elapsed time>)
('debug', '', 1),  # > 1 s: Log a "debug" level message for the Rule; No chat message
('info', 'High ', 10),  # > 10 s: Log an "info" for the Rule and output to chat as "High "
('warning', '**Very High** ', 30),  # > 30 s: Log a "warning" and output to chat as bold "Very High"

Each Rule can define its own levels for these outputs, including turning them off. The main watchlist tends to be the rule that takes up the most time. It is currently using:

('debug', '', 10),
('info', 'High ', 20),
('warning', '**Very High** ', 45),

Output to chat will not, currently, be enabled.

In order for there to be chat messages posted, there needs to be a room defined in rooms.yml with the "long-rule-times" role. There currently isn't one. If we want this output in chat under normal operation, I recommend we set up a new room on chat.MSE for this output (e.g. "Charcoal Test MSE"). Putting it on chat.MSE will have the least impact on SmokeDetector chat rate limiting. The output provided isn't something which most users can do anything about, so there's not a lot of benefit for having it in Charcoal HQ.

A unique rule_id is now mandatory for each detection Rule

As part of this, each Rule is required to have a unique rule_id, in addition to the reason. The reason, such as "potentially bad keyword in {}" may be used on any number of detection Rule entries, but the rule_id must be unique. This is so any characteristics of the detection can be uniquely matched to the Rule when someone is investigating the output. If the first, and only the first, Rule registered with a particular reason does not have a rule_id, then the reason is used as the rule_id for that Rule.

Example chat messages

You can see the following example output in chat here.

High Rule elapsed time: 20.67 s: potentially bad keyword in {}: main watchlist for stackoverflow.com/q/72441471
High Rule elapsed time: 10.81 s: potentially bad IP for hostname in {}: potentially bad IP for hostname in {} for stackoverflow.com/q/72441597
High Rule elapsed time: 10.81 s: bad IP for hostname in {}: bad IP for hostname in {} for stackoverflow.com/q/72441597
Very High Rule elapsed time: 49.21 s: potentially bad keyword in {}: main watchlist for pt.stackoverflow.com/q/554267

Testing for this was done in the Makyen Test 02 chat room around here.

@makyen
Log and tell debug rooms about excessive Rule elapsed time
a474708
@makyen
Require rule_id; reason is default for first Rule w/ reason
4677205 
This makes rule_id required for all Rules created with create_rule(),
which adds the Rule to the FindSpam.rules list. For the first, and
only the first, Rule with a particular reason, the reason is used
as the default rule_id, if one isn't provided.
@makyen
Allow Rules to individually define elapsed_time_reporting
5813829 
Example in FindSpam.rule_watched_keywords. In addition, using
elapsed_time_reporting={} will disable reporting for the Rule.
@makyen
Use more colloquial names in rule_id for watch/blacklists
0813ff6
@makyen makyen added type: feature request Shinies. area: spamchecks Detections or the process of testing posts. (No space in the label, is because of Hacktoberfest) area: chat system labels May 31, 2022
@makyen makyen changed the title Log and/or post in chat for FindSpam Rules which take more that a defined amount of time Log and/or post in chat for FindSpam Rules which take more than a defined amount of time Jun 1, 2022
@makyen makyen merged commit 538c596 into master Jun 2, 2022
@makyen makyen deleted the Mak-log-and-tell-excessive-rule-time branch June 2, 2022 18:11
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
area: chat system area: spamchecks Detections or the process of testing posts. (No space in the label, is because of Hacktoberfest) type: feature request Shinies.
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
1 participant
@makyen