DetectMate Service is a framework for building modular services that communicate via NNG messaging.
With uv (recommended):
uv sync --devWith pip and virtualenv:
python -m venv venv
source venv/bin/activate
pip install -e .If you plan to contribute to the development of this package, follow these steps to set up the dev environment and install pre-commit hooks (using prek)
uv sync --dev
uv run prek installRun the tests:
uv run pytest -qRun the tests with coverage (add --cov-report=html to generate an HTML report):
uv run pytest --cov=. --cov-report=term-missingTo use the Service class, you can create a subclass that implements the process method. Here's an example:
import pynng
from service.core import Service
class DemoService(Service):
def process(self, raw_message: bytes) -> bytes | None:
return None # No actual processing in this demo
service = DemoService()
with service:
with pynng.Req0(dial=service.settings.manager_addr) as req:
for cmd in ("ping", "status", "stop"):
print(f">>> {cmd}")
req.send(cmd.encode("utf-8"))
reply = req.recv().decode("utf-8", "ignore")
print(f"<<< {reply}")You can also run the service using the command line interface (CLI). It takes configuration files as arguments:
Example configuration files can be found in the tests/config directory.
Start the service:
uv run detectmate start --settings examples/service_settings.yamlGet the service status:
uv run detectmate status --settings examples/service_settings.yamlStop the service:
uv run detectmate stop --settings examples/service_settings.yamlA containerized demonstration of the DetectMate log analysis pipeline. The demo runs three services (reader, parser, detector) that process audit logs to detect anomalies, with a test script that feeds log lines through the complete pipeline and reports detected anomalies.
Terminal 1 (keep running to see service logs):
docker compose up reader parser detectorTerminal 2 (run after services are up):
# Wait a few seconds for services to be ready, then:
docker compose up demo