Den4t
commented
4 years ago I also append a question here. Seems to be a correlation rules changed in newer version, f.e. post_aggregation_field not work any more, is this true ?
Closed qttrl closed 4 years ago
Den4t
commented
4 years ago I also append a question here. Seems to be a correlation rules changed in newer version, f.e. post_aggregation_field not work any more, is this true ?
adubovikov
commented
4 years ago @qttrl you can do it using semicolon separator:
10.0.0.1;192.168.0.2@Den4t sorry, are you talking about "post execute function" ?
Den4t
commented
4 years ago No, about this (from wiki): { "source_field": "data_header.from_user", "lookup_id": 54, "lookup_match_field": "data_header.method", "lookup_match_value": [ "INVITE" ], "input_function": "data.forEach(function(el) {if(el.charAt(0) === '0') data.push(el.substr(1));});return data", "lookup_match_first": true, "lookup_profile": "default", "lookup_field": "data_header->>calling_number", "post_aggregation_field": "sid", "lookup_range": [ -300, 200 ] },
i do not find post_aggregation_field in sources, but find something similar: append_sid, not yet figured out what this exactly for. Correlations mappins from my current early seven homer not work in fresh hommer, if need, i can post this mappings here.
adubovikov
commented
4 years ago I think you are talking about this: https://github.com/sipcapture/homer-app/blob/nodejs/server/classes/searchdata.js#L630-L667
Den4t
commented
4 years ago Yes.
adubovikov
commented
4 years ago so, just checked one more time. You can use now: append_sid = true. I will append all sid to the correlation array that you can use. Can you please test it ?
Den4t
commented
4 years ago At first look - not work, but may be i do somethiing wrong with corr. rules, will do investigate in detail, need to look at debug, report here later.
Den4t
commented
4 years ago Hi ! I managed to build a correlation scheme similar to the early homer7 with help of append_sid. If i right undestand, append_sid directive in corr. rule is accumulate sid's from current rule request, and this sid's will be appended to request in next rule. Am i right ?
adubovikov
commented
4 years ago Hi Dennis,
this is correct.
Regards, Alexandr
On Thu, 2 Jul 2020 at 11:12, Dennis notifications@github.com wrote:
Hi ! I managed to build a correlation scheme similar to the early homer7 with help of append_sid. If i right undestand, append_sid directive in corr. rule is accumulate sid's from current rule request, and this sid's will be appended to request in next rule. Am i right ?
— You are receiving this because you were assigned. Reply to this email directly, view it on GitHub https://github.com/sipcapture/homer-app/issues/353#issuecomment-652889268, or unsubscribe https://github.com/notifications/unsubscribe-auth/ABCN2JMFZ7Z3DBAV2AJUD4DRZRFOJANCNFSM4NKNKKUQ .
Could I request some help to do correlation mapping in homer? I don't find any documentation on this and am quite lost because I can query on database information I want to get but struggle to customize the schema on homer user interface to get this same information using json. I've seen a documentation page on https://github.com/sipcapture/homer-app/wiki/Examples:-Correlation-MAPPING but has very little information as to what each field does, what fields can I add and how it queries the database.
For example: if I wanted to create a field where I can search for multiple results (source ip AND destination ip) with only 1 ip how would i map this is the schema?