/Holmes-Totem-Old

Primary LanguageScalaOtherNOASSERTION

TOTEM: A Framework for large-scale file analysis.

Installation:
If you have SBT installed, the command `sbt assembly` executed from the base directory will compile the source into a working JAR file.

If you do not already have SBT, the instructions here <http://www.scala-sbt.org/release/tutorial/Setup.html> are very good, and will get you set up.

After building, TOTEM can be run via: `java -jar target/scala-2.11/totem-assembly-1.0.jar config/totem.conf`

TOTEM depends on at least two external services - an HTTP fileserver, and a queueing server. TOTEM currently supports RabbitMQ as it's queueing server of choice.
Installation documents and packages for RabbitMQ can be found here: <http://www.rabbitmq.com/download.html>

Finally, TOTEM requires an HTTP server which it will use to access files described in its Jobs. Installation of an included HTTP file server is discussed in the Python Services section, but there is no reason that the user could not use another server of their choice.

Python Services:
Included services depend on the Tornado HTTP framework. This can be installed via `pip install tornado`

Dataflow:
The general case data workflow between actors is as follows:

Consumer <-> WorkGroup <-> WorkActor -> Producer

Config Settings:
All of the below settings can be seen within the conf.conf file in the <TOTEM_ROOT>/config/ directory. The required settings have been replicated below - there are no defaults hardcoded into TOTEM

zoo {
  version = "1.0.0"
  download_directory = "/tmp/"
  requeueKey = "requeue.static.totem"
  misbehaveKey = "misbehave.static.totem"

  rabbit_settings {
    host {
      server = "127.0.0.1"
      port = 5672
      username = "guest"
      password = "guest"
      vhost = "/"
    }
    exchange {
      name = "totem"
      type = "topic"
      durable = true
    }
    workqueue {
      name = "totem_input"
      routing_key = "work.static.totem"
      durable = true
      exclusive = false
      autodelete = false
    }
    resultsqueue {
      name = "totem_output"
      routing_key = "*.result.static.totem"
      durable = true
      exclusive = false
      autodelete = false
    }
  }

  enrichers {
    metadata {
      uri = ["http://127.0.0.1:7703/metadata/", "http://127.0.0.1:7707/metadata/"]
      resultRoutingKey = "metadata.result.static.zoo"
    }
    yara {
      uri = ["http://127.0.0.1:7701/yara/"]
      resultRoutingKey = "yara.result.static.zoo"
    }
  }
}