Skip to content

Home

Jump to bottom Edit New page
David Hoelzer edited this page Apr 3, 2016 · 9 revisions

Welcome to the DAD wiki!

** Important Note ** Please note that over the past week I've been making a large number of improvements for efficiency of inserts. This has lead to a decision to fundamentally change how events or currently stored. Committed changes over the past week have doubled insert performance. The planned shift in the architecture is expected to increase that by at least 500%. Additionally, the adjustments will improve display, searching and correlation performance by an estimated 10,000%, though I might be too optimistic there.

This change will fundamentally change how events are stored, eliminating the positions table and related fields. The best advice would be to begin storing text logs long term now for reimportation when the changes are made. To this end, the automatic deletion of processed logs after 24 hours has been disabled in the log importer. ** End Notice **

DAD Dashboard DAD has undergone some really substantial changes in the last few months. It went from being an absolutely mess of PHP, Java, Perl and JavaScript to being almost entirely Ruby on Rails. Of course, there's still some JavaScript in there and I have not yet gotten around to rewriting the syslog listener as a Ruby script, but that's coming soon. As of May, 2015, DAD is able to hit sustained insert rates of more than 200 events per second on a small 16 gig development server.

More than anything else I decided to get this Wiki running to start documenting useful jobs that DAD is great for searching for and alerting on. Bear in mind that the software is absolutely, unequivocally, Alpha software at the moment. For example, even though I have the entire rights and user management system sitting in a directory, I have violated my own standards for getting that incorporated first in favor of some fast functionality. What this means is that DAD is likely rife with vulnerabilities, and I know it. Frankly, you have the ability to jam Ruby code right into it as an automated job so I'm not too worried just yet. :)

Anyway, what you're likely most interested in for the moment are example jobs:

Example Jobs

Add a custom footer
Add a custom sidebar
Clone this wiki locally