HTTPS SSH
###### INFO ######

Profile Generator is independent part of a project called AnomalyDetection, it's purpsose is to transform the log files gathered using preprocessor using statistic methods and creating profiles for preprocessor. The current version enables analysis using a simple algorithm based on the average and more complex models such as autoregressive time series and Holt-Winters.


## INSTALLATION ##

Profil generator: to enable this package you will need r-base-core in the system Fedora 15, you can install it using the following commands from the root user level in the CLI

yum install R-core


# CONFIGURATIONS #

Profile Generator for SNORT AnomalyDetection usage: 

-h  --help Print this usage and exit
-l  --log Specify input logfile (required) (default: "/var/log/snort/ADLog600.txt")
-p  --profile Specify output profile file (required) (default: "/etc/profile.txt")
-m  --method Specify method of profile generation (default: BASE method of profile generation)
-a  --ahead Number of future periods to predict (default: 604800/log.interval - best for BASE method of profile generation)
-v  --verbose Verbose mode
-d  --deviation Deviation in percent (default: 5%)

Methods of profile generation:
 
    * AR 	Autoregressive time series model
    * HW 	Holt-Winters model
    * BASE 	Base model

Example call for Holt-Winters algorithm :

./ad_profilegenerator.r -l /var/log/ADLog600.txt -p /etc/profile.txt -a 50 -m HW -v


## REQUIREMENTS ## 

* Log file :

- log has to be continous in time
- all of the intervals must be the same 

Log file format :

col. 1. Date in format dd-mm-yy (standard ISO 8601)
col. 2. Time in format hh:mm:ss
col. 3. Locale's abbreviated weekday name.
col. 4. Log interval
col. 5...n	Value for each counter.

Profile file format :

col. 1. Date in format dd-mm-yy (standard ISO 8601)
col. 2. Day of week (Monday = 1 ... Sunday = 7)
col. 3. ime in format hh:mm:ss
col. 4. Log interval
col. 5...n	MIN / MAX value for each counter