1#
2# RuleOption.yml
3#
4
5#
6# Parameters for judging rules used in FsAccessLogAnalyzer.exe are edited in this file.
7#
8#
9#
10# 2012/04/27 Overview of Adjustments
11#   - Warning when the same archive is mounted 10 times within 3 minutes
12#   - Warning when the same file is opened 5 times within 30 seconds
13#   - Warning when flushed 10 times within 20 seconds
14#   - Warning when total size of non-aligning reads exceeds 512 KB for the same file
15#   - Warning when 20 small writes occur within 30 seconds
16#
17
18#
19# Adjusts parameters for detecting mount > unmount > mount processes in a short time period.
20#
21#
22# Supported Archives
23# �- Save data
24# �- Expanded save data
25#
26# Detects when the specified number of mounts to the archive (MountDetectCount) occurs within the observation time (ObservationTime).
27#
28#
29# Example: Detecting when 10 mounts to the same archive occur within 3 minutes
30#     MountDetectCount: 10
31#     ObservationTime: 300000
32#
33FrequencyMountUnmount:
34    # Observation Time (units: ms)
35    ObservationTime: 180000
36    # Displays a warning if this number of mounts is detected within the observation time.
37    MountDetectCount: 10
38
39#
40# Adjusts parameters for detecting open > close > open processes for the same file in a short time period.
41#
42#
43# Detects when the same file is opened the specified number of times (OpenDetectCount) within the observation time (ObservationTime).
44#
45#
46# Example: Detecting when the same file is opened 5 times within 30 seconds
47#     OpenDetectCount: 5
48#     ObservationTime: 10000
49#
50FrequencyOpenClose:
51    # Observation Time (units: ms)
52    ObservationTime: 30000
53    # Displays a warning if this number of file opens is detected within the observation time.
54    ThresholdOpenCount: 5
55
56#
57# Adjusts parameters for detecting excess flushes of the same file in a short time period.
58#
59#
60# Detects when the same file is write flushed the specified number of times (OpenDetectCount) within the observation time (ObservationTime).
61#
62#
63# Example: Detecting when the same file is write flushed 10 times within 10 seconds
64#     OpenDetectCount: 10
65#     ObservationTime: 10000
66#
67FrequencyFlush:
68    # Observation Time (units: ms)
69    ObservationTime: 20000
70    # Displays a warning if this number of flushes is detected within the observation time.
71    ThresholdFlushCount: 10
72    # Refresh time until re-detection is possible (units: ms)
73    RefreshTime: 10000
74
75#
76# Adjusts parameters for detecting small non-aligning ROMFS sequential read accesses.
77#
78#
79# (In BGM streaming playback, detects whether there is an access pattern prone to skipping because non-aligning buffers were used and loaded)
80#
81#
82# Detects when a specified number of non-aligning buffer reads (ThresholdReadCount) or more occur, or when the size of the buffer reads reaches a specified size (TotalReadSize) or larger.
83#
84#
85#
86# Example: Detecting when there are 10 reads or the size of the reads exceeds 16 KB
87#    ThresholdReadCount: 10
88#    TotalReadSize: 16384
89#
90NotAlignedSequentialRead:
91    # Displays a warning if this number of non-aligning reads occurs
92    ThresholdReadCount: 99999999
93    # Displays a warning if the total size of non-aligning reads exceeds this value
94    TotalReadSize: 524288
95
96#
97# Adjusts parameters for detecting small and frequent writes to the same file.
98#
99# Detects when writes smaller than ThresholdSize occur the specified number of times (ThresholdWriteCount) or more within the observation time (ObservationTime), and when the total size of the writes reaches a specified size (ThresholdTotalSize) or larger.
100#
101#
102#
103# Once it has been judged that a small write has been made to a file, that file is not detected again until the refresh time elapses.
104#
105#
106# Example: Detecting when writes of less than 8 KB to the expanded save data archive occur 20 times within 30 seconds, and when the total size of the writes exceeds 32 KB
107#
108#    ObservationTime: 10000
109#    ThresholdWriteCount: 20
110#    TotalReadSize: 16384
111#    ExtThresholdSize: 8192
112#    ExtThresholdTotalSize: 32000
113#
114FrequencySmallWrite:
115    # Observation Time (units: ms)
116    ObservationTime: 30000
117    # Refresh time until re-detection is possible (units: ms)
118    RefreshTime: 20000
119    # Displays a warning if this number of small writes or more is detected within the observation time
120    ThresholdWriteCount: 20
121    # Writes to the save data archive of less than this size are judged to be small writes
122    SaveThresholdSize: 64
123    # Displays a warning if the total size of small writes to the save data archive exceeds this value within the observation period
124    SaveThresholdTotalSize: 99999999
125    # Writes to the expanded save data archive of less than this size are judged to be small writes
126    ExtThresholdSize: 8192
127    # Displays a warning if the total size of small writes to the expanded save data archive exceeds this value within the observation period
128    ExtThresholdTotalSize: 99999999
129
130