aws-samples / aws-iot-device-defender-agent-sdk-python Goto Github PK
View Code? Open in Web Editor NEWExample implementation of a Device Defender metrics collection agent, and other Device Defender Python samples.
License: Apache License 2.0
Example implementation of a Device Defender metrics collection agent, and other Device Defender Python samples.
License: Apache License 2.0
it seems does not work now .
2020-06-15 04:31:52,432 - AWSIoTPythonSDK.core.protocol.mqtt_core - ERROR - Connect timed out
Traceback (most recent call last):
File "agent.py", line 174, in
main()
File "agent.py", line 140, in main
iot_client.connect()
File "agent.py", line 77, in connect
self.iot_client.connect()
File "/usr/local/lib/python2.7/dist-packages/AWSIoTPythonSDK/MQTTLib.py", line 513, in connect
return self._mqtt_core.connect(keepAliveIntervalSecond)
File "/usr/local/lib/python2.7/dist-packages/AWSIoTPythonSDK/core/protocol/mqtt_core.py", line 199, in connect
raise connectTimeoutException()
AWSIoTPythonSDK.exception.AWSIoTExceptions.connectTimeoutException
Hi,
I was just wondering if you are planning a new release pointing to the latest version of awsiotsdk?
I've followed the instructions to deploy this function to a Greengrass Core running on a Rasperry Pi, and I'm seeing an issue in my logs:
[2018-12-12T16:09:58.94Z][FATAL]-lambda_runtime.py:356,Failed to initialize Lambda runtime due to exception: cannot import name _psutil_linux
This message is showing up in /greengrass/ggc/var/log/user/us-east-1/myaccountid/greengrass_defender_metrics_lambda.log
.
I've tried re-installing psutil locally, re-copied it into the metrics_lambda and then zipping a new version of the function and uploading it to the Lambda console, redeployed to the GG group, but without success.
Based on my understanding of how this should work, the Lambda function running on the GG device should pull its dependencies from the included dependencies uploaded as part of the zip folder, but the version of psutil included does not seem to be the right version. Is this because I ran pip install psutil
on OSX and not on a Linux machine?
Describe the bug
Can't seem to be able to configure AWS Device Defender Security Profile with the data Bytes In / Bytes Out that Greengrass device defender sends from this Python SDK.
To Reproduce
Greengrass component setup using the following (this component is using aws-iot-device-defender-agent-sdk-python
)
"aws.greengrass.DeviceDefender": {
"componentVersion": "3.0.0",
"configurationUpdate": {
"merge": "{\"SampleIntervalSeconds\":300,\"UseInstaller\":true}"
}
}
Security Profile with following criteria (here as IaC, can be created manually in AWS Console):
{
name: "BytesIn",
criteria: {
comparisonOperator: "less-than-equals",
consecutiveDatapointsToAlarm: 1,
consecutiveDatapointsToClear: 3,
durationSeconds: 300,
value: {
count: "100000",
},
},
metric: "aws:all-bytes-in",
suppressAlerts: true,
}
Expected behavior
Between two data points of 5 min interval, we never have more than 100000 Bytes sent. It should not alarm.
Actual behavior
Instead it alarms, most probably because instead of making the difference in bytes between two data points, what's being pushed is a cumulative BytesIn values which never cease to increase over time?
Should this component be changed to send delta between two datapoints to be compatible with a Security Profile? Or otherwise how can we use the BytesIn BytesOut data as pushed by this component in a Device Defender Security Profile?
More Information
Navigating to Defend -> Detect -> Security Profile -> Defender Metrics -> Bytes In.
The resulting graph looks like this:
As you can see Bytes In
is steadily growing. From one data point to another (at 5 min Interval), there is never more than a 50,000 Bytes difference. Our IoT device is supposed to push and pull data at a steady rate (the graph confirms it is indeed the case).
We would like to setup a defender rule in our security profile around these metrics (BytesIn and Out). Essentially saying that between two data points (5 min interval) there should never be more than 100,000 Bytes difference (bumping a bit the previous 50,000 value). How can we do this with our security profile rule?
Our understanding was that the rule we talked about earlier would do just this:
But it alarms unfortunately. And when it does, it shows the total number of BytesIn : 34104770 which is the sum of two Bytes In
metric that are sent within 5 min interval.
So if the rule itself for "aws:all-bytes-in" (in the security profile) is doing a sum of what's being sent during the interval Duration
, then that means that the rule anticipates the metrics to send a delta of Bytes In
rather than a cumulative value we would think.
Otherwise, if we are mistaken, then how can we use the Bytes In
/ Bytes Out
metrics as it is currently being sent by this component into a Device Defender Security Profile: how can we put a threashold on something that never stops growing?
NB: this problem was originally described in the aws-greengrass-device-defender
. aws-greengrass/aws-greengrass-device-defender#3
We have been asked to log this issue directly here as the Greengrass Component appears to be just a wrapper around this SDK.
Thanks a lot for your help!
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.