Hi Xin Wu, Sorry for late reply. Thanks for your interest in user profile but it looks very hard to provide more sample data. Sometimes you need production data to simulate your test.
But if you need sample data, probably you can write program to generate random ip, user, read/write cmd etc and do some fault injection. Anyway its purpose is to find out the obvious difference between training data and test data. 2015-04-24 12:49:16,145 INFO FSNamesystem.audit: allowed=true ugi=hdfs (auth:SIMPLE) ip=/10.0.2.15 cmd=getfileinfo src=/tmp dst=null perm=null proto=rpc 2015-04-24 12:49:16,192 INFO FSNamesystem.audit: allowed=true ugi=hdfs (auth:SIMPLE) ip=/10.0.2.15 cmd=getfileinfo src=/user/ambari-qa dst=null perm=null proto=rpc 2015-04-24 12:49:20,518 INFO FSNamesystem.audit: allowed=true ugi=hdfs (auth:SIMPLE) ip=/10.0.2.15 cmd=getfileinfo src=/tmp dst=null perm=null proto=rpc 2015-04-24 12:49:20,570 INFO FSNamesystem.audit: allowed=true ugi=hdfs (auth:SIMPLE) ip=/10.0.2.15 cmd=getfileinfo src=/user/ambari-qa dst=null perm=null proto=rpc 2015-04-24 12:49:20,587 INFO FSNamesystem.audit: allowed=true ugi=hdfs (auth:SIMPLE) ip=/10.0.2.15 cmd=getfileinfo src=/ dst=null perm=null proto=rpc 2015-04-24 12:49:20,664 INFO FSNamesystem.audit: allowed=true ugi=hdfs (auth:SIMPLE) ip=/10.0.2.15 cmd=mkdirs src=/tmp dst=null perm=hdfs:hdfs:rwxr-xr-x proto=rpc 2015-04-24 12:49:20,677 INFO FSNamesystem.audit: allowed=true ugi=hdfs (auth:SIMPLE) ip=/10.0.2.15 cmd=getfileinfo src=/user dst=null perm=null proto=rpc 2015-04-24 12:49:20,686 INFO FSNamesystem.audit: allowed=true ugi=hdfs (auth:SIMPLE) ip=/10.0.2.15 cmd=mkdirs src=/user/ambari-qa dst=null perm=hdfs:hdfs:rwxr-xr-x proto=rpc 2015-04-24 12:49:24,828 INFO FSNamesystem.audit: allowed=true ugi=hdfs (auth:SIMPLE) ip=/10.0.2.15 cmd=getfileinfo src=/tmp dst=null perm=null proto=rpc 2015-04-24 12:49:24,915 INFO FSNamesystem.audit: allowed=true ugi=hdfs (auth:SIMPLE) ip=/10.0.2.15 cmd=setPermission src=/tmp dst=null perm=hdfs:hdfs:rwxrwxrwx proto=rpc 2015-04-24 12:49:29,375 INFO FSNamesystem.audit: allowed=true ugi=hdfs (auth:SIMPLE) ip=/10.0.2.15 cmd=getfileinfo src=/user/ambari-qa dst=null perm=null proto=rpc 2015-04-24 12:49:29,453 INFO FSNamesystem.audit: allowed=true ugi=hdfs (auth:SIMPLE) ip=/10.0.2.15 cmd=setPermission src=/user/ambari-qa dst=null perm=hdfs:hdfs:rwxrwx--- proto=rpc 2015-04-24 12:49:33,542 INFO FSNamesystem.audit: allowed=true ugi=hdfs (auth:SIMPLE) ip=/10.0.2.15 cmd=getfileinfo src=/tmp dst=null perm=null proto=rpc 2015-04-24 12:49:37,844 INFO FSNamesystem.audit: allowed=true ugi=hdfs (auth:SIMPLE) ip=/10.0.2.15 cmd=getfileinfo src=/user/ambari-qa dst=null perm=null proto=rpc 2015-04-24 12:49:37,929 INFO FSNamesystem.audit: allowed=true ugi=hdfs (auth:SIMPLE) ip=/10.0.2.15 cmd=setOwner src=/user/ambari-qa dst=null perm=ambari-qa:hdfs:rwxrwx--- proto=rpc 2015-04-24 12:51:31,798 INFO FSNamesystem.audit: allowed=true ugi=hdfs (auth:SIMPLE) ip=/10.0.2.15 cmd=getfileinfo src=/apps/hbase/data dst=null perm=null proto=rpc 2015-04-24 12:51:31,863 INFO FSNamesystem.audit: allowed=true ugi=hdfs (auth:SIMPLE) ip=/10.0.2.15 cmd=getfileinfo src=/apps/hbase/staging dst=null perm=null proto=rpc Thanks Edward On Sat, Sep 17, 2016 at 7:41 PM, 辛武 <xi...@pku.edu.cn> wrote: > Dear Eagle Development Team: > My name is Xin Wu, a college student of Peking University, and I am > writing in the hope of your assistance to provide more sample data to me. > First and foremost I know Eagle is the first activity monitoring > system on the Hadoop-ecosystem for the detection of intrusion-related > activities using behavior-based profiles of users. I am particularly > interested in the project of Eagle and its ideas, at the same time, I also > read the paper, Eagle: User Profile-based Anomaly Detection for Securing > Hadoop Clusters. And I want to learn more, I need more sample data for > research. Will you be able to supply more data to me? > Looking forward to a prompt reply from you. > > Sincerely yours, > Xin Wu >