# # RuleOption.yml # # # Parameters for judging rules used in FsAccessLogAnalyzer.exe are edited in this file. # # # # 2012/4/27 Overview of Adjustments # - Warning when the same archive is mounted 10 times within 3 minutes # - Warning when the same file is opened 5 times within 30 seconds # - Warning when flushed 10 times within 20 seconds # - Warning when total size of non-aligning reads exceeds 512 KB for the same file # - Warning when 20 small writes occur within 30 seconds # # # Adjusts parameters for detecting mount > unmount > mount processes in a short time period. # # # Supported Archives # - Save data # - Expanded save data # # Detects when the specified number of mounts to the archive (MountDetectCount) occurs within the observation time (ObservationTime). # # # Example: Detecting when 10 mounts to the same archive occur within 3 minutes # MountDetectCount: 10 # ObservationTime: 300000 # FrequencyMountUnmount: # Observation Time (units: ms) ObservationTime: 180000 # Displays a warning if this number of mounts is detected within the observation time. MountDetectCount: 10 # # Adjusts parameters for detecting open > close > open processes for the same file in a short time period. # # # Detects when the same file is opened the specified number of times (OpenDetectCount) within the observation time (ObservationTime). # # # Example: Detecting when the same file is opened 5 times within 30 seconds # OpenDetectCount: 5 # ObservationTime: 10000 # FrequencyOpenClose: # Observation Time (units: ms) ObservationTime: 30000 # Displays a warning if this number of file opens is detected within the observation time. ThresholdOpenCount: 5 # # Adjusts parameters for detecting excess flushes of the same file in a short time period. # # # Detects when the same file is write flushed the specified number of times (OpenDetectCount) within the observation time (ObservationTime). # # # Example: Detecting when the same file is write flushed 10 times within 10 seconds # OpenDetectCount: 10 # ObservationTime: 10000 # FrequencyFlush: # Observation Time (units: ms) ObservationTime: 20000 # Displays a warning if this number of flushes is detected within the observation time. ThresholdFlushCount: 10 # Refresh time until re-detection is possible (units: ms) RefreshTime: 10000 # # Adjusts parameters for detecting small non-aligning ROMFS sequential read accesses. # # # (In BGM streaming playback, detects whether there is an access pattern prone to skipping because non-aligning buffers were used and loaded) # # # Detects when a specified number of non-aligning buffer reads (ThresholdReadCount) or more occur, or when the size of the buffer reads reaches a specified size (TotalReadSize) or larger. # # # # Example: Detecting when there are 10 reads or the size of the reads exceeds 16 KB # ThresholdReadCount: 10 # TotalReadSize: 16384 # NotAlignedSequentialRead: # Displays a warning if this number of non-aligning reads occurs ThresholdReadCount: 99999999 # Displays a warning if the total size of non-aligning reads exceeds this value TotalReadSize: 524288 # # Adjusts parameters for detecting small and frequent writes to the same file. # # Detects when writes smaller than ThresholdSize occur the specified number of times (ThresholdWriteCount) or more within the observation time (ObservationTime), and when the total size of the writes reaches a specified size (ThresholdTotalSize) or larger. # # # # Once it has been judged that a small write has been made to a file, that file is not detected again until the refresh time elapses. # # # Example: Detecting when writes of less than 8 KB to the expanded save data archive occur 20 times within 30 seconds, and when the total size of the writes exceeds 32 KB # # ObservationTime: 10000 # ThresholdWriteCount: 20 # TotalReadSize: 16384 # ExtThresholdSize: 8192 # ExtThresholdTotalSize: 32000 # FrequencySmallWrite: # Observation Time (units: ms) ObservationTime: 30000 # Refresh time until re-detection is possible (units: ms) RefreshTime: 20000 # Displays a warning if this number of small writes or more is detected within the observation time ThresholdWriteCount: 20 # Writes to the save data archive of less than this size are judged to be small writes SaveThresholdSize: 64 # Displays a warning if the total size of small writes to the save data archive exceeds this value within the observation period SaveThresholdTotalSize: 99999999 # Writes to the expanded save data archive of less than this size are judged to be small writes ExtThresholdSize: 8192 # Displays a warning if the total size of small writes to the expanded save data archive exceeds this value within the observation period ExtThresholdTotalSize: 99999999