deeper log model

2026-04-27 13:42:49 -04:00
parent 9ac96cee9a
commit e62f46b68c
17 changed files with 670 additions and 47 deletions
--- a/app/services/log_analyzer.py
+++ b/app/services/log_analyzer.py
@@ -109,6 +109,39 @@ def _rule_matches(message: str, pattern: str) -> bool:
        return False


+def summarize_event_slice(events: list[dict]) -> list[dict]:
+    findings: list[dict] = []
+    seen: set[tuple[str, str, str, str]] = set()
+    for event in sorted(events or [], key=lambda item: item.get("epoch", 0.0)):
+        message = event.get("message", "")
+        event_nf = str(event.get("nf", "")).upper()
+        event_node = event.get("node", "")
+        for category, patterns in load_category_patterns().items():
+            for rule in patterns:
+                rule_nf = str(rule["nf"]).upper()
+                if rule_nf != event_nf:
+                    continue
+                if not _rule_matches(message, rule["pattern"]):
+                    continue
+                key = (category, rule_nf, event_node, rule["description"])
+                if key in seen:
+                    continue
+                seen.add(key)
+                findings.append(
+                    {
+                        "category": category,
+                        "nf": rule_nf,
+                        "node": event_node,
+                        "severity": rule["severity"],
+                        "description": rule["description"],
+                        "remediation": rule["remediation"],
+                        "message": message,
+                        "timestamp": event.get("timestamp", ""),
+                    }
+                )
+    return findings
+
+
 # ── Category/NF mapping for Alertmanager alerts ──────────────────────────────

 def _alert_category(alert: dict) -> str: