Hello Everyone,
I am trying to monitor network packets I send to a certain specific ip address and also check if I have sent packets for that particular ip at regular intervals(something like a heartbeat). I am forwarding the network output from wireshark to a csv file and reading it at OCEP using csv adapter.
In order to check for missing events/heart beat (this is used to check if a server responds to ping once every hour) I followed this link
4326322 and
[http://docs.oracle.com/cd/E21764_01/doc.1111/e14476/examples.htm]
I have configured the OCEP. This is the query I am firing
SELECT Packets.ipdst AS ipdst,Packets.ipsrc AS ipsrc,Packets.framelen AS framelen,"Error-Missing Event" AS alertType
from FilterNetworkPackets
MATCH_RECOGNIZE (
PARTITION BY ipdst
MEASURES Ipdst_Packets.ipdst AS ipdst,
Ipdst_Packets.ipsrc AS ipsrc,
Ipdst_Packets.framelen AS framelen
ALL MATCHES
include timer events
PATTERN( Ipdst_Packets*)
DURATION 10 DEFINE Ipdst_Packets AS ipdst = "xx.xx.xx.xx")
AS Packets
I have configured heartbeat(10000) on the input channel as well.
I get output in which some packets are repeated. I dont know how to get notification for missing events after the duration has elapsed, please help me.
Thanks in advance
Shilpa