nanChen/ai-security-xdr
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
master
ai-security-xdr/haobang-security-xdr/logs/syslog-consumer.log

376 lines
46 KiB
Plaintext
Raw Permalink Normal View History

关联分析规则-数据降噪
2026-03-18 18:00:25 +08:00
2026-03-09 18:20:29.258 [main] INFO com.syslogApplication - Starting syslogApplication using Java 1.8.0_121 on LAPTOP-ARDUR3N0 with PID 31516 (E:\GIT_GOSAME\ai-security-xdr\haobang-security-xdr\syslog-consumer\target\classes started by chenc in E:\GIT_GOSAME\ai-security-xdr\haobang-security-xdr)
2026-03-09 18:20:29.258 [background-preinit] INFO o.h.validator.internal.util.Version - HV000001: Hibernate Validator 6.2.5.Final
2026-03-09 18:20:29.264 [main] INFO com.syslogApplication - No active profile set, falling back to 1 default profile: "default"
2026-03-09 18:20:32.501 [main] INFO o.s.d.r.c.RepositoryConfigurationDelegate - Multiple Spring Data modules found, entering strict repository configuration mode
2026-03-09 18:20:32.504 [main] INFO o.s.d.r.c.RepositoryConfigurationDelegate - Bootstrapping Spring Data Elasticsearch repositories in DEFAULT mode.
2026-03-09 18:20:33.247 [main] INFO o.s.d.r.c.RepositoryConfigurationDelegate - Finished Spring Data repository scanning in 735 ms. Found 1 Elasticsearch repository interfaces.
2026-03-09 18:20:33.255 [main] INFO o.s.d.r.c.RepositoryConfigurationDelegate - Multiple Spring Data modules found, entering strict repository configuration mode
2026-03-09 18:20:33.256 [main] INFO o.s.d.r.c.RepositoryConfigurationDelegate - Bootstrapping Spring Data Reactive Elasticsearch repositories in DEFAULT mode.
2026-03-09 18:20:33.435 [main] INFO o.s.d.r.c.RepositoryConfigurationExtensionSupport - Spring Data Reactive Elasticsearch - Could not safely identify store assignment for repository candidate interface com.common.service.AppLogRepository; If you want this repository to be a Reactive Elasticsearch repository, consider annotating your entities with one of these annotations: org.springframework.data.elasticsearch.annotations.Document (preferred), or consider extending one of the following types with your repository: org.springframework.data.elasticsearch.repository.ReactiveElasticsearchRepository
2026-03-09 18:20:33.435 [main] INFO o.s.d.r.c.RepositoryConfigurationDelegate - Finished Spring Data repository scanning in 179 ms. Found 0 Reactive Elasticsearch repository interfaces.
2026-03-09 18:20:33.460 [main] INFO o.s.d.r.c.RepositoryConfigurationDelegate - Multiple Spring Data modules found, entering strict repository configuration mode
2026-03-09 18:20:33.461 [main] INFO o.s.d.r.c.RepositoryConfigurationDelegate - Bootstrapping Spring Data Redis repositories in DEFAULT mode.
2026-03-09 18:20:33.643 [main] INFO o.s.d.r.c.RepositoryConfigurationExtensionSupport - Spring Data Redis - Could not safely identify store assignment for repository candidate interface com.common.service.AppLogRepository; If you want this repository to be a Redis repository, consider annotating your entities with one of these annotations: org.springframework.data.redis.core.RedisHash (preferred), or consider extending one of the following types with your repository: org.springframework.data.keyvalue.repository.KeyValueRepository
2026-03-09 18:20:33.643 [main] INFO o.s.d.r.c.RepositoryConfigurationDelegate - Finished Spring Data repository scanning in 167 ms. Found 0 Redis repository interfaces.
2026-03-09 18:20:34.518 [main] INFO o.s.b.w.e.tomcat.TomcatWebServer - Tomcat initialized with port(s): 8089 (http)
2026-03-09 18:20:34.530 [main] INFO o.a.coyote.http11.Http11NioProtocol - Initializing ProtocolHandler ["http-nio-8089"]
2026-03-09 18:20:34.531 [main] INFO o.a.catalina.core.StandardService - Starting service [Tomcat]
2026-03-09 18:20:34.531 [main] INFO o.a.catalina.core.StandardEngine - Starting Servlet engine: [Apache Tomcat/9.0.65]
2026-03-09 18:20:34.885 [main] INFO o.a.c.c.C.[.[.[/xdrservice] - Initializing Spring embedded WebApplicationContext
2026-03-09 18:20:34.885 [main] INFO o.s.b.w.s.c.ServletWebServerApplicationContext - Root WebApplicationContext: initialization completed in 5554 ms
2026-03-09 18:20:34.950 [main] INFO o.s.b.f.a.AutowiredAnnotationBeanPostProcessor - Autowired annotation is not supported on static fields: private static com.common.service.DmColumnService com.syslogApplication.dmColumnService
2026-03-09 18:20:37.863 [main] INFO com.influx.InfluxDBClient - InfluxDB connection successful: ready for queries and writes
2026-03-09 18:20:38.381 [main] WARN c.b.m.core.injector.AbstractMethod - [com.common.mapper.DeviceCollectTaskMapper.insert] Has been loaded by XML or SqlProvider or Mybatis's Annotation, so ignoring this injection for [class com.baomidou.mybatisplus.core.injector.methods.Insert]
2026-03-09 18:20:38.394 [main] WARN c.b.m.core.injector.AbstractMethod - [com.common.mapper.DeviceCollectTaskMapper.update] Has been loaded by XML or SqlProvider or Mybatis's Annotation, so ignoring this injection for [class com.baomidou.mybatisplus.core.injector.methods.Update]
2026-03-09 18:20:38.410 [main] WARN c.b.m.core.injector.AbstractMethod - [com.common.mapper.DeviceCollectTaskMapper.deleteById] Has been loaded by XML or SqlProvider or Mybatis's Annotation, so ignoring this injection for [class com.baomidou.mybatisplus.core.injector.methods.DeleteById]
2026-03-09 18:20:38.414 [main] WARN c.b.m.core.injector.AbstractMethod - [com.common.mapper.DeviceCollectTaskMapper.selectById] Has been loaded by XML or SqlProvider or Mybatis's Annotation, so ignoring this injection for [class com.baomidou.mybatisplus.core.injector.methods.SelectById]
2026-03-09 18:20:38.469 [main] ERROR c.b.m.core.MybatisConfiguration - mapper[com.common.mapper.SecExceptionAlgorithmMapper.findById] is ignored, because it exists, maybe from xml file
2026-03-09 18:20:44.376 [main] INFO c.c.s.RealtimeAnalysisScheduler - ========== <20><>ʼ<EFBFBD><CABC>ʵʱ<CAB5><CAB1><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> ==========
2026-03-09 18:20:44.398 [main] INFO com.zaxxer.hikari.HikariDataSource - HikariPool-SyslogConsumer - Starting...
2026-03-09 18:20:45.062 [main] INFO com.zaxxer.hikari.HikariDataSource - HikariPool-SyslogConsumer - Start completed.
2026-03-09 18:20:45.249 [main] INFO c.c.s.RealtimeAnalysisScheduler - <20><>ѯ<EFBFBD><D1AF> 0 <20><>ʵʱ<CAB5><CAB1><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
2026-03-09 18:20:45.250 [main] INFO c.c.s.RealtimeAnalysisScheduler - ========== ʵʱ<CAB5><CAB1><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ʼ<EFBFBD><CABC><EFBFBD><EFBFBD><EFBFBD><EFBFBD> ==========
2026-03-09 18:20:45.256 [main] INFO o.s.b.f.a.AutowiredAnnotationBeanPostProcessor - Autowired annotation is not supported on static fields: public static com.common.service.DeviceDeviceService com.common.service.AccessLogAlertService.deviceDeviceService
2026-03-09 18:20:45.296 [main] INFO c.c.service.AccessLogAlertService - <20><>ʼ<EFBFBD><CABC>AccessLogAlertService<63><65><EFBFBD>ϴδ<CFB4><CEB4><EFBFBD>ʱ<EFBFBD><CAB1>: 2026-03-09T18:19:45.296
2026-03-09 18:20:45.457 [main] INFO c.c.service.AccessLogAlertService - <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> 1 <20><><EFBFBD><EFBFBD><EFBFBD>õ<EFBFBD><C3B5><EFBFBD><E3B7A8><EFBFBD><EFBFBD>
2026-03-09 18:20:46.497 [main] INFO com.influx.InfluxDBClient - InfluxDB connection successful: ready for queries and writes
2026-03-09 18:20:46.694 [main] INFO com.common.util.MyBatisUtil - MyBatis <20><>ʼ<EFBFBD><CABC><EFBFBD>ɹ<EFBFBD>
2026-03-09 18:20:47.630 [main] INFO org.quartz.impl.StdSchedulerFactory - Using default implementation for ThreadExecutor
2026-03-09 18:20:47.642 [main] INFO o.quartz.core.SchedulerSignalerImpl - Initialized Scheduler Signaller of type: class org.quartz.core.SchedulerSignalerImpl
2026-03-09 18:20:47.643 [main] INFO org.quartz.core.QuartzScheduler - Quartz Scheduler v.2.3.2 created.
2026-03-09 18:20:47.644 [main] INFO org.quartz.simpl.RAMJobStore - RAMJobStore initialized.
2026-03-09 18:20:47.644 [main] INFO org.quartz.core.QuartzScheduler - Scheduler meta-data: Quartz Scheduler (v2.3.2) 'quartzScheduler' with instanceId 'NON_CLUSTERED'
初次提交代码
2026-01-11 15:33:22 +08:00
Scheduler class: 'org.quartz.core.QuartzScheduler' - running locally.
NOT STARTED.
Currently in standby mode.
Number of jobs executed: 0
Using thread pool 'org.quartz.simpl.SimpleThreadPool' - with 10 threads.
Using job-store 'org.quartz.simpl.RAMJobStore' - which does not support persistence. and is not clustered.
关联分析规则-数据降噪
2026-03-18 18:00:25 +08:00
2026-03-09 18:20:47.644 [main] INFO org.quartz.impl.StdSchedulerFactory - Quartz scheduler 'quartzScheduler' initialized from an externally provided properties instance.
2026-03-09 18:20:47.644 [main] INFO org.quartz.impl.StdSchedulerFactory - Quartz scheduler version: 2.3.2
2026-03-09 18:20:47.645 [main] INFO org.quartz.core.QuartzScheduler - JobFactory set to: org.springframework.scheduling.quartz.SpringBeanJobFactory@25297d52
2026-03-09 18:20:47.838 [main] INFO o.a.kafka.common.utils.AppInfoParser - Kafka version: 3.4.0
2026-03-09 18:20:47.838 [main] INFO o.a.kafka.common.utils.AppInfoParser - Kafka commitId: 2e1947d240607d53
2026-03-09 18:20:47.838 [main] INFO o.a.kafka.common.utils.AppInfoParser - Kafka startTimeMs: 1773051647836
2026-03-09 18:20:47.859 [main] INFO o.a.kafka.common.utils.AppInfoParser - Kafka version: 3.4.0
2026-03-09 18:20:47.859 [main] INFO o.a.kafka.common.utils.AppInfoParser - Kafka commitId: 2e1947d240607d53
2026-03-09 18:20:47.859 [main] INFO o.a.kafka.common.utils.AppInfoParser - Kafka startTimeMs: 1773051647859
2026-03-09 18:20:47.861 [main] INFO o.a.coyote.http11.Http11NioProtocol - Starting ProtocolHandler ["http-nio-8089"]
2026-03-09 18:20:47.878 [main] INFO o.s.b.w.e.tomcat.TomcatWebServer - Tomcat started on port(s): 8089 (http) with context path '/xdrservice'
2026-03-09 18:20:47.879 [main] INFO o.s.s.quartz.SchedulerFactoryBean - Starting Quartz Scheduler now
2026-03-09 18:20:47.880 [main] INFO org.quartz.core.QuartzScheduler - Scheduler quartzScheduler_$_NON_CLUSTERED started.
2026-03-09 18:20:47.897 [main] INFO com.syslogApplication - Started syslogApplication in 19.043 seconds (JVM running for 24.576)
2026-03-09 18:20:48.685 [org.springframework.kafka.KafkaListenerEndpointContainer#0-1-C-1] INFO o.s.k.l.KafkaMessageListenerContainer - test-group-app: partitions assigned: []
2026-03-09 18:20:48.753 [org.springframework.kafka.KafkaListenerEndpointContainer#0-0-C-1] INFO o.s.k.l.KafkaMessageListenerContainer - test-group-app: partitions assigned: [test-topic-0]
2026-03-09 18:21:00.012 [scheduling-1] INFO com.common.schedule.ETLOrchestrator - ETL<54><4C><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ʼִ<CABC>У<EFBFBD><D0A3><EFBFBD>ʼʱ<CABC>䣺2026-03-09 18:15:00,<2C><><EFBFBD><EFBFBD>ʱ<EFBFBD>䣺2026-03-09 18:20:00
2026-03-09 18:21:00.017 [scheduling-1] INFO com.common.service.DataExtractor - <20><>ʼ<EFBFBD><CABC><EFBFBD><EFBFBD><EFBFBD><EFBFBD><E6BEAF><EFBFBD><EFBFBD>ָ<EFBFBD><D6B8>ʱ<EFBFBD>Χ<E4B7B6><CEA7><EFBFBD><EFBFBD><EFBFBD>ݣ<EFBFBD>ʱ<EFBFBD>Χ: 2026-03-09T18:15 - 2026-03-09T18:20
2026-03-09 18:21:00.017 [log-processor-1] INFO c.c.service.AccessLogAlertService - <20><>ʼִ<CABC>з<EFBFBD><D0B7><EFBFBD><EFBFBD><EFBFBD>־<EFBFBD><EFBFBD><E6BEAF><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
2026-03-09 18:21:00.017 [scheduling-5] INFO c.c.service.AccessLogAlertService - <20><>ʼִ<CABC>з<EFBFBD><D0B7><EFBFBD><EFBFBD><EFBFBD>־<EFBFBD><EFBFBD><E6BEAF><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
2026-03-09 18:21:00.099 [scheduling-6] INFO c.c.service.DeviceStatsUpdateService - <20><>ʼִ<CABC><D6B4><EFBFBD>豸ͳ<E8B1B8>Ƹ<EFBFBD><C6B8><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>...
2026-03-09 18:21:00.186 [scheduling-6] INFO c.c.service.DeviceStatsUpdateService - <20>豸ͳ<E8B1B8>Ƹ<EFBFBD><C6B8><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ɣ<EFBFBD><C9A3><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><E8B1B8><EFBFBD><EFBFBD>0<EFBFBD><30><EFBFBD><EFBFBD>ʱ<EFBFBD><CAB1>87ms
2026-03-09 18:21:00.186 [scheduling-6] INFO c.c.service.DeviceStatsUpdateService - <20><>ʼִ<CABC><D6B4><EFBFBD><EFBFBD>ɼ<EFBFBD>̽<EFBFBD><CCBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ʱ<EFBFBD><CAB1><EFBFBD><EFBFBD><EFBFBD>£<EFBFBD>ʱ<EFBFBD><CAB1>: 2026-03-09T18:21:00.186
2026-03-09 18:21:00.191 [scheduling-6] INFO c.c.s.DeviceCollectTaskUpdateService - <20><>ʼ<EFBFBD><CABC><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ɼ<EFBFBD><C9BC><EFBFBD><EFBFBD><EFBFBD>ʱ<EFBFBD><EFBFBD><E4A3AC>ǰʱ<C7B0><CAB1>: 2026-03-09T18:21:00.191
2026-03-09 18:21:00.243 [log-processor-1] INFO c.c.service.AccessLogAlertService - <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> 1 <20><><EFBFBD><EFBFBD><EFBFBD>õ<EFBFBD><C3B5><EFBFBD><E3B7A8><EFBFBD><EFBFBD>
2026-03-09 18:21:00.243 [scheduling-5] INFO c.c.service.AccessLogAlertService - <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> 1 <20><><EFBFBD><EFBFBD><EFBFBD>õ<EFBFBD><C3B5><EFBFBD><E3B7A8><EFBFBD><EFBFBD>
2026-03-09 18:21:00.250 [scheduling-1] INFO com.common.service.DataExtractor - ָ<><D6B8>ʱ<EFBFBD>Χ<E4B7B6><CEA7><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>: 0 <20><>
2026-03-09 18:21:00.250 [scheduling-1] INFO com.common.service.DataExtractor - û<><C3BB><EFBFBD><EFBFBD>Ҫ<EFBFBD><D2AA><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
2026-03-09 18:21:00.250 [scheduling-1] INFO com.common.schedule.ETLOrchestrator - <20><>ʱETL<54><4C><EFBFBD><EFBFBD>ִ<EFBFBD><D6B4><EFBFBD><EFBFBD><EFBFBD>ɣ<EFBFBD><C9A3><EFBFBD>ʱ: 0 <20><>
2026-03-09 18:21:00.250 [scheduling-1] INFO c.c.s.NormalizeRuleHitTimeService - <20><>ʼִ<CABC>з<EFBFBD><D0B7><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ʱ<EFBFBD><CAB1><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ʱ<EFBFBD>䣺2026-03-09T18:21:00.250
2026-03-09 18:21:00.672 [scheduling-6] INFO c.c.s.DeviceCollectTaskUpdateService - <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ɣ<EFBFBD><C9A3>ܼ<EFBFBD>: 48<34><38><EFBFBD>Ѹ<EFBFBD><D1B8><EFBFBD>: 1
2026-03-09 18:21:00.672 [scheduling-6] INFO c.c.service.DeviceStatsUpdateService - <20><EFBFBD>ɼ<EFBFBD>̽<EFBFBD><CCBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ʱ<EFBFBD><CAB1><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ɣ<EFBFBD><C9A3><EFBFBD>ʱ: 484ms
2026-03-09 18:21:00.833 [scheduling-5] INFO c.c.service.AccessLogAlertService - û<>з<EFBFBD><D0B7><EFBFBD><EFBFBD>µ<EFBFBD><C2B5><EFBFBD>־<EFBFBD><D6BE><EFBFBD>ݣ<EFBFBD><DDA3>ϴδ<CFB4><CEB4><EFBFBD>ʱ<EFBFBD><CAB1>: 2026-03-09T18:19:45.296
2026-03-09 18:21:00.833 [log-processor-1] INFO c.c.service.AccessLogAlertService - û<>з<EFBFBD><D0B7><EFBFBD><EFBFBD>µ<EFBFBD><C2B5><EFBFBD>־<EFBFBD><D6BE><EFBFBD>ݣ<EFBFBD><DDA3>ϴδ<CFB4><CEB4><EFBFBD>ʱ<EFBFBD><CAB1>: 2026-03-09T18:19:45.296
2026-03-09 18:21:00.915 [scheduling-1] INFO c.c.s.NormalizeRuleHitTimeService - <20><> syslog_normal_data <20><>ͳ<EFBFBD>Ƶ<EFBFBD> 0 <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>м<EFBFBD>¼
2026-03-09 18:21:00.915 [scheduling-1] INFO c.c.s.NormalizeRuleHitTimeService - <20><> syslog_normal_alarm <20><>ͳ<EFBFBD>Ƶ<EFBFBD> 0 <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>м<EFBFBD>¼
2026-03-09 18:21:00.915 [scheduling-1] INFO c.c.s.NormalizeRuleHitTimeService - <20>ϲ<EFBFBD><CFB2><EFBFBD><EFBFBD><EFBFBD>Ҫ<EFBFBD><D2AA><EFBFBD>µĹ<C2B5><C4B9><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>0
2026-03-09 18:21:01.069 [scheduling-1] INFO c.c.s.NormalizeRuleHitTimeService - <20><>ǰ<EFBFBD><C7B0><EFBFBD><EFBFBD>״̬<D7B4>Ĺ<EFBFBD><C4B9><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>173
2026-03-09 18:21:01.069 [scheduling-1] INFO c.c.s.NormalizeRuleHitTimeService - <20><>ʼ<EFBFBD><CABC><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>£<EFBFBD><C2A3><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>173<37><33><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>1
2026-03-09 18:21:01.070 [scheduling-1] INFO c.c.s.NormalizeRuleHitTimeService - <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ʱ<EFBFBD><CAB1><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ɣ<EFBFBD><C9A3><EFBFBD><EFBFBD>¹<EFBFBD><C2B9><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>0<EFBFBD><30><EFBFBD><EFBFBD>ʱ<EFBFBD><CAB1>820ms
2026-03-09 18:21:32.055 [http-nio-8089-exec-1] INFO o.s.web.servlet.DispatcherServlet - Initializing Servlet 'dispatcherServlet'
2026-03-09 18:21:32.060 [http-nio-8089-exec-1] INFO o.s.web.servlet.DispatcherServlet - Completed initialization in 5 ms
2026-03-09 18:21:32.233 [http-nio-8089-exec-1] INFO com.controllers.SyslogPushController - <20>յ<EFBFBD>syslog<6F><67><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>: SyslogRequest{ip='192.168.1.19', port=514, logContent='<0> 2026-01-12T14:37:53+08:00 ubuntu log_forward[3419]: {"flow_id": 1028204815001825, "serial_num": "CJFBT92", "src_ip": "120.238.245.132", "src_port": 60838, "dest_ip": "211.136.192.6", "dest_port": 53, "proto": "UDP", "app_proto": "dns", "direction": "CTS", "attacker_ip": "120.238.245.132", "victim_ip": "211.136.192.6", "rule_id": "0x20001e", "rule_name": "<22><><EFBFBD>ִ<EFBFBD><D6B4><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>DNS<4E><53><EFBFBD><EFBFBD><EFBFBD><EFBFBD>Ϊ", "attack_type": "<22><><EFBFBD><EFBFBD><EFBFBD><EFBFBD>̽", "severity": "1", "bulletin": "ȷ<><C8B7><EFBFBD>ܺ<EFBFBD><DCBA><EFBFBD><EFBFBD>Լ<EFBFBD><D4BC><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>Ϣ<EFBFBD><CFA2><EFBFBD><EFBFBD>ʱ<EFBFBD><CAB1><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>", "detail_info": "<22><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>DNSLOG<4F><47><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ַ", "vuln_type": "<22><><EFBFBD><EFBFBD><EFBFBD><EFBFBD>̽", "vuln_desc": "<22><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>DNSLOG<4F><47><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ַ", "vuln_harm": "<22><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>DNSLOG<4F><47><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ַ", "tags": "dnslog", "cnnvd_id": null, "cve_id": null, "killchain": "<22><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>", "enable": "<22><><EFBFBD><EFBFBD>", "attack_result": "<22><>ͼ", "attack_method": "Զ<><D4B6>", "site_app": null, "code_language": "ͨ<><CDA8>", "att_ck": "TA0002", "timestamp": "2026-01-12T14:37:53.588+0800", "custom": "{}", "feature_field": "", "feature_payload": "", "": null, "payload": "SQkBAAABAAAAAAAAB3BvbGxpbmcHb2FzdGlmeQNjb20AAAEAAQ==", "packet_size": 37, "pcap_file": ""}', protocol='TCP', facility='USER', severity='INFO'}
2026-03-09 18:21:32.234 [http-nio-8089-exec-1] INFO com.common.service.SyslogService - <20><>ʼ<EFBFBD><CABC><EFBFBD><EFBFBD>syslog<6F><67>Ϣ: IP=192.168.1.19, Port=514
2026-03-09 18:21:32.235 [http-nio-8089-exec-1] INFO com.common.service.SyslogService - TCP Syslog<6F><67>Ϣ<EFBFBD><CFA2><EFBFBD>ͳɹ<CDB3>: 192.168.1.19:514
2026-03-09 18:21:32.235 [http-nio-8089-exec-1] INFO com.controllers.SyslogPushController - Syslog<6F><67>Ϣ<EFBFBD><CFA2><EFBFBD>ͳɹ<CDB3>: IP=192.168.1.19, Port=514
2026-03-09 18:21:34.502 [org.springframework.kafka.KafkaListenerEndpointContainer#0-0-C-1] INFO c.Modules.NormalData.SysLogProcessor - <20><>ʼ<EFBFBD><CABC><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>Ϣ<EFBFBD><CFA2><EFBFBD><EFBFBD><EFBFBD><EFBFBD>: 1
2026-03-09 18:21:34.502 [log-processor-2] INFO c.Modules.NormalData.SysLogProcessor - <20>յ<EFBFBD>syslogmessage<67><65>[receive_time=20260309182133303 device_id=103 device_name=<3D><>˾<EFBFBD><CBBE><EFBFBD><EFBFBD><EFBFBD>ڲ<EFBFBD><DAB2><EFBFBD><EFBFBD><EFBFBD>̽<EFBFBD><CCBD> vendor=null data_type=json device_collect_id=1]<0> 2026-01-12T14:37:53+08:00 ubuntu log_forward[3419]: {"flow_id": 1028204815001825, "serial_num": "CJFBT92", "src_ip": "120.238.245.132", "src_port": 60838, "dest_ip": "211.136.192.6", "dest_port": 53, "proto": "UDP", "app_proto": "dns", "direction": "CTS", "attacker_ip": "120.238.245.132", "victim_ip": "211.136.192.6", "rule_id": "0x20001e", "rule_name": "???????????DNS???????", "attack_type": "???????", "severity": "1", "bulletin": "??????????????????????????????????", "detail_info": "????????????????DNSLOG?????????", "vuln_type": "???????", "vuln_desc": "????????????????DNSLOG?????????", "vuln_harm": "????????????????DNSLOG?????????", "tags": "dnslog", "cnnvd_id": null, "cve_id": null, "killchain": "??????", "enable": "????", "attack_result": "???", "attack_method": "???", "site_app": null, "code_language": "???", "att_ck": "TA0002", "timestamp": "2026-01-12T14:37:53.588+0800", "custom": "{}", "feature_field": "", "feature_payload": "", "": null, "payload": "SQkBAAABAAAAAAAAB3BvbGxpbmcHb2FzdGlmeQNjb20AAAEAAQ==", "packet_size": 37, "pcap_file": ""}
2026-03-09 18:21:40.696 [log-processor-2] ERROR c.M.NormalData.LogNormalProcessor - OrginalColumnMap <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ȡΪ<C8A1><CEAA>
2026-03-09 18:21:41.051 [log-processor-2] ERROR c.M.NormalData.LogNormalProcessor - OrginalColumnMap <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ȡΪ<C8A1><CEAA>
2026-03-09 18:21:41.062 [log-processor-2] ERROR c.M.NormalData.LogNormalProcessor - OrginalColumnMap <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ȡΪ<C8A1><CEAA>
2026-03-09 18:21:41.153 [log-processor-2] WARN c.c.service.LogDataFilterService - <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>-<2D><><EFBFBD>ݹ<EFBFBD><DDB9>˹<EFBFBD><CBB9><EFBFBD>Ϊ<EFBFBD>գ<EFBFBD>Ĭ<EFBFBD>ϲ<EFBFBD><CFB2><EFBFBD><EFBFBD><EFBFBD>!
2026-03-09 18:21:41.611 [log-processor-2] ERROR c.c.service.LogDataFilterService - <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>˹<EFBFBD><CBB9><EFBFBD>ʧ<EFBFBD>ܻ<EFBFBD>filters_paramsΪ<73><CEAA>: null
2026-03-09 18:21:41.797 [org.springframework.kafka.KafkaListenerEndpointContainer#0-0-C-1] INFO c.Modules.NormalData.SysLogProcessor - <20><><EFBFBD>δ<EFBFBD><CEB4><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ɣ<EFBFBD><C9A3><EFBFBD><EFBFBD><EFBFBD>: 1
2026-03-09 18:22:00.006 [scheduling-1] INFO c.c.service.AccessLogAlertService - <20><>ʼִ<CABC>з<EFBFBD><D0B7><EFBFBD><EFBFBD><EFBFBD>־<EFBFBD><EFBFBD><E6BEAF><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
2026-03-09 18:22:00.006 [scheduling-4] INFO c.c.service.DeviceStatsUpdateService - <20><>ʼִ<CABC><D6B4><EFBFBD>豸ͳ<E8B1B8>Ƹ<EFBFBD><C6B8><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>...
2026-03-09 18:22:00.007 [log-processor-3] INFO c.c.service.AccessLogAlertService - <20><>ʼִ<CABC>з<EFBFBD><D0B7><EFBFBD><EFBFBD><EFBFBD>־<EFBFBD><EFBFBD><E6BEAF><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
2026-03-09 18:22:00.168 [scheduling-4] INFO c.c.service.DeviceStatsUpdateService - <20>豸ͳ<E8B1B8>Ƹ<EFBFBD><C6B8><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ɣ<EFBFBD><C9A3><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><E8B1B8><EFBFBD><EFBFBD>1<EFBFBD><31><EFBFBD><EFBFBD>ʱ<EFBFBD><CAB1>162ms
2026-03-09 18:22:00.168 [scheduling-4] INFO c.c.service.DeviceStatsUpdateService - <20><>ʼִ<CABC><D6B4><EFBFBD><EFBFBD>ɼ<EFBFBD>̽<EFBFBD><CCBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ʱ<EFBFBD><CAB1><EFBFBD><EFBFBD><EFBFBD>£<EFBFBD>ʱ<EFBFBD><CAB1>: 2026-03-09T18:22:00.168
2026-03-09 18:22:00.168 [scheduling-4] INFO c.c.s.DeviceCollectTaskUpdateService - <20><>ʼ<EFBFBD><CABC><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ɼ<EFBFBD><C9BC><EFBFBD><EFBFBD><EFBFBD>ʱ<EFBFBD><EFBFBD><E4A3AC>ǰʱ<C7B0><CAB1>: 2026-03-09T18:22:00.168
2026-03-09 18:22:00.236 [log-processor-3] INFO c.c.service.AccessLogAlertService - <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> 1 <20><><EFBFBD><EFBFBD><EFBFBD>õ<EFBFBD><C3B5><EFBFBD><E3B7A8><EFBFBD><EFBFBD>
2026-03-09 18:22:00.238 [scheduling-1] INFO c.c.service.AccessLogAlertService - <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> 1 <20><><EFBFBD><EFBFBD><EFBFBD>õ<EFBFBD><C3B5><EFBFBD><E3B7A8><EFBFBD><EFBFBD>
2026-03-09 18:22:00.602 [scheduling-4] INFO c.c.s.DeviceCollectTaskUpdateService - <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ɣ<EFBFBD><C9A3>ܼ<EFBFBD>: 48<34><38><EFBFBD>Ѹ<EFBFBD><D1B8><EFBFBD>: 1
2026-03-09 18:22:00.602 [scheduling-4] INFO c.c.service.DeviceStatsUpdateService - <20><EFBFBD>ɼ<EFBFBD>̽<EFBFBD><CCBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ʱ<EFBFBD><CAB1><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ɣ<EFBFBD><C9A3><EFBFBD>ʱ: 434ms
2026-03-09 18:22:00.638 [scheduling-1] INFO c.c.service.AccessLogAlertService - <20><>ȡ<EFBFBD><C8A1> 1 <20><><EFBFBD>µ<EFBFBD><C2B5><EFBFBD>־<EFBFBD><D6BE><EFBFBD>ݣ<EFBFBD>ʱ<EFBFBD>Χ: 2026-03-09T18:19:45.296 <20><> 2026-03-09T18:22:00.238
2026-03-09 18:22:00.638 [scheduling-1] INFO c.c.service.AccessLogAlertService - <20><>ʼ<EFBFBD><CABC><EFBFBD><EFBFBD><EFBFBD>㷨: <20><><EFBFBD><EFBFBD><EFBFBD>㷨3 (ID: 2004083121877696514)
2026-03-09 18:22:00.720 [scheduling-1] INFO c.c.service.AccessLogAlertService - <20><20><><EFBFBD><EFBFBD><EFBFBD>㷨3 δ<><CEB4><EFBFBD><EFBFBD>
2026-03-09 18:22:00.722 [scheduling-1] INFO c.c.service.AccessLogAlertService - <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD>־<EFBFBD><EFBFBD><E6BEAF><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ɣ<EFBFBD><C9A3>´ν<C2B4><CEBD><EFBFBD> 2026-03-09T18:22:00.238 <20><>ʼ<EFBFBD><CABC><EFBFBD><EFBFBD>
2026-03-09 18:22:00.785 [log-processor-3] INFO c.c.service.AccessLogAlertService - <20><>ȡ<EFBFBD><C8A1> 1 <20><><EFBFBD>µ<EFBFBD><C2B5><EFBFBD>־<EFBFBD><D6BE><EFBFBD>ݣ<EFBFBD>ʱ<EFBFBD>Χ: 2026-03-09T18:22:00.238 <20><> 2026-03-09T18:22:00.236
2026-03-09 18:22:00.785 [log-processor-3] INFO c.c.service.AccessLogAlertService - <20><>ʼ<EFBFBD><CABC><EFBFBD><EFBFBD><EFBFBD>㷨: <20><><EFBFBD><EFBFBD><EFBFBD>㷨3 (ID: 2004083121877696514)
2026-03-09 18:22:01.137 [log-processor-3] INFO c.c.service.AccessLogAlertService - <20><20><><EFBFBD><EFBFBD><EFBFBD>㷨3 δ<><CEB4><EFBFBD><EFBFBD>
2026-03-09 18:22:01.137 [log-processor-3] INFO c.c.service.AccessLogAlertService - <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD>־<EFBFBD><EFBFBD><E6BEAF><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ɣ<EFBFBD><C9A3>´ν<C2B4><CEBD><EFBFBD> 2026-03-09T18:22:00.236 <20><>ʼ<EFBFBD><CABC><EFBFBD><EFBFBD>
2026-03-09 18:23:00.003 [scheduling-6] INFO c.c.service.AccessLogAlertService - <20><>ʼִ<CABC>з<EFBFBD><D0B7><EFBFBD><EFBFBD><EFBFBD>־<EFBFBD><EFBFBD><E6BEAF><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
2026-03-09 18:23:00.003 [log-processor-4] INFO c.c.service.AccessLogAlertService - <20><>ʼִ<CABC>з<EFBFBD><D0B7><EFBFBD><EFBFBD><EFBFBD>־<EFBFBD><EFBFBD><E6BEAF><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
2026-03-09 18:23:00.084 [scheduling-7] INFO c.c.service.DeviceStatsUpdateService - <20><>ʼִ<CABC><D6B4><EFBFBD>豸ͳ<E8B1B8>Ƹ<EFBFBD><C6B8><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>...
2026-03-09 18:23:00.235 [scheduling-6] INFO c.c.service.AccessLogAlertService - <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> 1 <20><><EFBFBD><EFBFBD><EFBFBD>õ<EFBFBD><C3B5><EFBFBD><E3B7A8><EFBFBD><EFBFBD>
2026-03-09 18:23:00.235 [scheduling-7] INFO c.c.service.DeviceStatsUpdateService - <20>豸ͳ<E8B1B8>Ƹ<EFBFBD><C6B8><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ɣ<EFBFBD><C9A3><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><E8B1B8><EFBFBD><EFBFBD>1<EFBFBD><31><EFBFBD><EFBFBD>ʱ<EFBFBD><CAB1>151ms
2026-03-09 18:23:00.235 [log-processor-4] INFO c.c.service.AccessLogAlertService - <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> 1 <20><><EFBFBD><EFBFBD><EFBFBD>õ<EFBFBD><C3B5><EFBFBD><E3B7A8><EFBFBD><EFBFBD>
2026-03-09 18:23:00.235 [scheduling-7] INFO c.c.service.DeviceStatsUpdateService - <20><>ʼִ<CABC><D6B4><EFBFBD><EFBFBD>ɼ<EFBFBD>̽<EFBFBD><CCBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ʱ<EFBFBD><CAB1><EFBFBD><EFBFBD><EFBFBD>£<EFBFBD>ʱ<EFBFBD><CAB1>: 2026-03-09T18:23:00.235
2026-03-09 18:23:00.236 [scheduling-7] INFO c.c.s.DeviceCollectTaskUpdateService - <20><>ʼ<EFBFBD><CABC><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ɼ<EFBFBD><C9BC><EFBFBD><EFBFBD><EFBFBD>ʱ<EFBFBD><EFBFBD><E4A3AC>ǰʱ<C7B0><CAB1>: 2026-03-09T18:23:00.236
2026-03-09 18:23:00.444 [log-processor-4] INFO c.c.service.AccessLogAlertService - û<>з<EFBFBD><D0B7><EFBFBD><EFBFBD>µ<EFBFBD><C2B5><EFBFBD>־<EFBFBD><D6BE><EFBFBD>ݣ<EFBFBD><DDA3>ϴδ<CFB4><CEB4><EFBFBD>ʱ<EFBFBD><CAB1>: 2026-03-09T18:22:00.236
2026-03-09 18:23:00.452 [scheduling-6] INFO c.c.service.AccessLogAlertService - û<>з<EFBFBD><D0B7><EFBFBD><EFBFBD>µ<EFBFBD><C2B5><EFBFBD>־<EFBFBD><D6BE><EFBFBD>ݣ<EFBFBD><DDA3>ϴδ<CFB4><CEB4><EFBFBD>ʱ<EFBFBD><CAB1>: 2026-03-09T18:22:00.236
2026-03-09 18:23:00.684 [scheduling-7] INFO c.c.s.DeviceCollectTaskUpdateService - <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ɣ<EFBFBD><C9A3>ܼ<EFBFBD>: 48<34><38><EFBFBD>Ѹ<EFBFBD><D1B8><EFBFBD>: 1
2026-03-09 18:23:00.684 [scheduling-7] INFO c.c.service.DeviceStatsUpdateService - <20><EFBFBD>ɼ<EFBFBD>̽<EFBFBD><CCBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ʱ<EFBFBD><CAB1><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ɣ<EFBFBD><C9A3><EFBFBD>ʱ: 448ms
2026-03-09 18:23:01.145 [scheduling-2] INFO c.c.s.RealtimeAnalysisScheduler - ִ<>й<EFBFBD><D0B9><EFBFBD>: ruleId=4e134d65-1170-4d20-ab48-77f3fee6a765, ruleName=<3D><EFBFBD><E6BEAF><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>-<2D><><EFBFBD><EFBFBD>-V2, nextTime=2026-03-05T19:12, now=2026-03-09T18:23:00.971
2026-03-09 18:23:01.145 [scheduling-2] INFO c.c.s.impl.AnalysisRuleServiceImpl - ִ<><D6B4>ʵʱ<CAB5><CAB1><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>: ruleId=4e134d65-1170-4d20-ab48-77f3fee6a765
2026-03-09 18:23:01.608 [scheduling-2] INFO c.c.s.impl.RealtimeAnalysisEngine - <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ڲ<EFBFBD>ѯ<EFBFBD><D1AF>Χ: <20><><EFBFBD>ڴ<EFBFBD>С=5m<35><6D><EFBFBD><EFBFBD>ѯʱ<D1AF>Χ=[2026-03-09 18:18:00, 2026-03-09 18:23:00]
2026-03-09 18:23:01.608 [scheduling-2] INFO c.c.s.impl.RealtimeAnalysisEngine - <20><>ʼִ<CABC><D6B4>ʵʱ<CAB5><CAB1><EFBFBD><EFBFBD>: ruleId=4e134d65-1170-4d20-ab48-77f3fee6a765, ruleName=<3D><EFBFBD><E6BEAF><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>-<2D><><EFBFBD><EFBFBD>-V2, batchNo=20260309182301302, windowType=tumble, dataStartTime=2026-03-09 18:18:00, dataEndTime=2026-03-09 18:23:00
2026-03-09 18:23:03.009 [scheduling-2] INFO c.c.s.impl.RealtimeAnalysisEngine - <20><><EFBFBD>ɵ<EFBFBD>SQL: SELECT src_ip AS attack_ip,
dest_ip AS victim_ip,
origin_event_name AS alarm_name,
ARRAY_AGG(DISTINCT src_port) AS attack_port,
ARRAY_AGG(DISTINCT dest_port) AS victim_port,
MAX(event_level) AS alarm_level,
MODE() WITHIN GROUP (ORDER BY dest_domain) AS dns_info,
MODE() WITHIN GROUP (ORDER BY origin_event_type) AS alarm_type,
COUNT(dest_ip) AS log_count,
MAX(attack_result) AS attack_result,
ARRAY_AGG(DISTINCT http_req_header) AS http_req_header,
ARRAY_AGG(DISTINCT http_req_body) AS http_req_body,
ARRAY_AGG(DISTINCT http_resp_header) AS http_resp_header,
ARRAY_AGG(DISTINCT http_resp_body) AS http_resp_body,
ARRAY_AGG(DISTINCT http_url) AS victim_web_url,
ARRAY_AGG(DISTINCT id) AS origin_log_ids,
MIN(log_time) AS log_start_at,
MAX(log_time) AS log_end_at,
ARRAY_AGG(DISTINCT device_id) AS device_id,
ARRAY_AGG(DISTINCT payload) AS payload,
TUMBLE(log_time, INTERVAL '5 MINUTE') AS window_time
FROM syslog_normal_alarm AS t
WHERE log_time >= '2026-03-09 18:18:00' AND log_time < '2026-03-09 18:23:00' AND src_ip != '127.0.0.1' AND event_level >= 1
GROUP BY src_ip, dest_ip, origin_event_name, TUMBLE(log_time, INTERVAL '5 MINUTE')
初次提交代码
2026-01-11 15:33:22 +08:00
关联分析规则-数据降噪
2026-03-18 18:00:25 +08:00
2026-03-09 18:23:03.655 [scheduling-2] INFO c.c.s.impl.RealtimeAnalysisEngine - <20><><EFBFBD><EFBFBD>ִ<EFBFBD>гɹ<D0B3>: ruleId=4e134d65-1170-4d20-ab48-77f3fee6a765, processedCount=1, alarmCount=1
2026-03-09 18:23:03.970 [scheduling-2] INFO c.c.s.i.RuleExecutionTimeServiceImpl - <20><><EFBFBD>¹<EFBFBD><C2B9><EFBFBD><EFBFBD>´<EFBFBD>ִ<EFBFBD><D6B4>ʱ<EFBFBD>䣬ruleId=4e134d65-1170-4d20-ab48-77f3fee6a765, ruleName=<3D><EFBFBD><E6BEAF><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>-<2D><><EFBFBD><EFBFBD>-V2, windowType=tumble, nextExecuteTime=2026-03-09 18:28:00
2026-03-09 18:23:03.970 [scheduling-2] INFO c.c.s.RealtimeAnalysisScheduler - <20><><EFBFBD>ε<EFBFBD><CEB5><EFBFBD>ִ<EFBFBD>й<EFBFBD><D0B9><EFBFBD><EFBFBD><EFBFBD>: 1, <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>: 0
2026-03-09 18:24:00.001 [scheduling-5] INFO c.c.service.AccessLogAlertService - <20><>ʼִ<CABC>з<EFBFBD><D0B7><EFBFBD><EFBFBD><EFBFBD>־<EFBFBD><EFBFBD><E6BEAF><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
2026-03-09 18:24:00.001 [log-processor-5] INFO c.c.service.AccessLogAlertService - <20><>ʼִ<CABC>з<EFBFBD><D0B7><EFBFBD><EFBFBD><EFBFBD>־<EFBFBD><EFBFBD><E6BEAF><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
2026-03-09 18:24:00.077 [scheduling-9] INFO c.c.service.DeviceStatsUpdateService - <20><>ʼִ<CABC><D6B4><EFBFBD>豸ͳ<E8B1B8>Ƹ<EFBFBD><C6B8><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>...
2026-03-09 18:24:00.226 [scheduling-5] INFO c.c.service.AccessLogAlertService - <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> 1 <20><><EFBFBD><EFBFBD><EFBFBD>õ<EFBFBD><C3B5><EFBFBD><E3B7A8><EFBFBD><EFBFBD>
2026-03-09 18:24:00.229 [scheduling-9] INFO c.c.service.DeviceStatsUpdateService - <20>豸ͳ<E8B1B8>Ƹ<EFBFBD><C6B8><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ɣ<EFBFBD><C9A3><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><E8B1B8><EFBFBD><EFBFBD>1<EFBFBD><31><EFBFBD><EFBFBD>ʱ<EFBFBD><CAB1>152ms
2026-03-09 18:24:00.229 [log-processor-5] INFO c.c.service.AccessLogAlertService - <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> 1 <20><><EFBFBD><EFBFBD><EFBFBD>õ<EFBFBD><C3B5><EFBFBD><E3B7A8><EFBFBD><EFBFBD>
2026-03-09 18:24:00.229 [scheduling-9] INFO c.c.service.DeviceStatsUpdateService - <20><>ʼִ<CABC><D6B4><EFBFBD><EFBFBD>ɼ<EFBFBD>̽<EFBFBD><CCBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ʱ<EFBFBD><CAB1><EFBFBD><EFBFBD><EFBFBD>£<EFBFBD>ʱ<EFBFBD><CAB1>: 2026-03-09T18:24:00.229
2026-03-09 18:24:00.229 [scheduling-9] INFO c.c.s.DeviceCollectTaskUpdateService - <20><>ʼ<EFBFBD><CABC><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ɼ<EFBFBD><C9BC><EFBFBD><EFBFBD><EFBFBD>ʱ<EFBFBD><EFBFBD><E4A3AC>ǰʱ<C7B0><CAB1>: 2026-03-09T18:24:00.229
2026-03-09 18:24:00.419 [log-processor-5] INFO c.c.service.AccessLogAlertService - û<>з<EFBFBD><D0B7><EFBFBD><EFBFBD>µ<EFBFBD><C2B5><EFBFBD>־<EFBFBD><D6BE><EFBFBD>ݣ<EFBFBD><DDA3>ϴδ<CFB4><CEB4><EFBFBD>ʱ<EFBFBD><CAB1>: 2026-03-09T18:22:00.236
2026-03-09 18:24:00.423 [scheduling-5] INFO c.c.service.AccessLogAlertService - û<>з<EFBFBD><D0B7><EFBFBD><EFBFBD>µ<EFBFBD><C2B5><EFBFBD>־<EFBFBD><D6BE><EFBFBD>ݣ<EFBFBD><DDA3>ϴδ<CFB4><CEB4><EFBFBD>ʱ<EFBFBD><CAB1>: 2026-03-09T18:22:00.236
2026-03-09 18:24:00.673 [scheduling-9] INFO c.c.s.DeviceCollectTaskUpdateService - <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ɣ<EFBFBD><C9A3>ܼ<EFBFBD>: 48<34><38><EFBFBD>Ѹ<EFBFBD><D1B8><EFBFBD>: 1
2026-03-09 18:24:00.673 [scheduling-9] INFO c.c.service.DeviceStatsUpdateService - <20><EFBFBD>ɼ<EFBFBD>̽<EFBFBD><CCBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ʱ<EFBFBD><CAB1><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ɣ<EFBFBD><C9A3><EFBFBD>ʱ: 444ms
2026-03-09 18:25:00.003 [scheduling-3] INFO c.c.service.AccessLogAlertService - <20><>ʼִ<CABC>з<EFBFBD><D0B7><EFBFBD><EFBFBD><EFBFBD>־<EFBFBD><EFBFBD><E6BEAF><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
2026-03-09 18:25:00.003 [log-processor-6] INFO c.c.service.AccessLogAlertService - <20><>ʼִ<CABC>з<EFBFBD><D0B7><EFBFBD><EFBFBD><EFBFBD>־<EFBFBD><EFBFBD><E6BEAF><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
2026-03-09 18:25:00.079 [scheduling-2] INFO c.c.service.DeviceStatsUpdateService - <20><>ʼִ<CABC><D6B4><EFBFBD>豸ͳ<E8B1B8>Ƹ<EFBFBD><C6B8><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>...
2026-03-09 18:25:00.230 [log-processor-6] INFO c.c.service.AccessLogAlertService - <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> 1 <20><><EFBFBD><EFBFBD><EFBFBD>õ<EFBFBD><C3B5><EFBFBD><E3B7A8><EFBFBD><EFBFBD>
2026-03-09 18:25:00.230 [scheduling-2] INFO c.c.service.DeviceStatsUpdateService - <20>豸ͳ<E8B1B8>Ƹ<EFBFBD><C6B8><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ɣ<EFBFBD><C9A3><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><E8B1B8><EFBFBD><EFBFBD>1<EFBFBD><31><EFBFBD><EFBFBD>ʱ<EFBFBD><CAB1>151ms
2026-03-09 18:25:00.230 [scheduling-3] INFO c.c.service.AccessLogAlertService - <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> 1 <20><><EFBFBD><EFBFBD><EFBFBD>õ<EFBFBD><C3B5><EFBFBD><E3B7A8><EFBFBD><EFBFBD>
2026-03-09 18:25:00.230 [scheduling-2] INFO c.c.service.DeviceStatsUpdateService - <20><>ʼִ<CABC><D6B4><EFBFBD><EFBFBD>ɼ<EFBFBD>̽<EFBFBD><CCBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ʱ<EFBFBD><CAB1><EFBFBD><EFBFBD><EFBFBD>£<EFBFBD>ʱ<EFBFBD><CAB1>: 2026-03-09T18:25:00.230
2026-03-09 18:25:00.230 [scheduling-2] INFO c.c.s.DeviceCollectTaskUpdateService - <20><>ʼ<EFBFBD><CABC><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ɼ<EFBFBD><C9BC><EFBFBD><EFBFBD><EFBFBD>ʱ<EFBFBD><EFBFBD><E4A3AC>ǰʱ<C7B0><CAB1>: 2026-03-09T18:25:00.230
2026-03-09 18:25:00.420 [log-processor-6] INFO c.c.service.AccessLogAlertService - û<>з<EFBFBD><D0B7><EFBFBD><EFBFBD>µ<EFBFBD><C2B5><EFBFBD>־<EFBFBD><D6BE><EFBFBD>ݣ<EFBFBD><DDA3>ϴδ<CFB4><CEB4><EFBFBD>ʱ<EFBFBD><CAB1>: 2026-03-09T18:22:00.236
2026-03-09 18:25:00.420 [scheduling-3] INFO c.c.service.AccessLogAlertService - û<>з<EFBFBD><D0B7><EFBFBD><EFBFBD>µ<EFBFBD><C2B5><EFBFBD>־<EFBFBD><D6BE><EFBFBD>ݣ<EFBFBD><DDA3>ϴδ<CFB4><CEB4><EFBFBD>ʱ<EFBFBD><CAB1>: 2026-03-09T18:22:00.236
2026-03-09 18:25:00.667 [scheduling-2] INFO c.c.s.DeviceCollectTaskUpdateService - <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ɣ<EFBFBD><C9A3>ܼ<EFBFBD>: 48<34><38><EFBFBD>Ѹ<EFBFBD><D1B8><EFBFBD>: 1
2026-03-09 18:25:00.667 [scheduling-2] INFO c.c.service.DeviceStatsUpdateService - <20><EFBFBD>ɼ<EFBFBD>̽<EFBFBD><CCBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ʱ<EFBFBD><CAB1><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ɣ<EFBFBD><C9A3><EFBFBD>ʱ: 437ms
2026-03-09 18:26:00.003 [scheduling-2] INFO c.c.service.AccessLogAlertService - <20><>ʼִ<CABC>з<EFBFBD><D0B7><EFBFBD><EFBFBD><EFBFBD>־<EFBFBD><EFBFBD><E6BEAF><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
2026-03-09 18:26:00.003 [scheduling-7] INFO com.common.schedule.ETLOrchestrator - ETL<54><4C><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ʼִ<CABC>У<EFBFBD><D0A3><EFBFBD>ʼʱ<CABC>䣺2026-03-09 18:20:00,<2C><><EFBFBD><EFBFBD>ʱ<EFBFBD>䣺2026-03-09 18:25:00
2026-03-09 18:26:00.003 [scheduling-7] INFO com.common.service.DataExtractor - <20><>ʼ<EFBFBD><CABC><EFBFBD><EFBFBD><EFBFBD><EFBFBD><E6BEAF><EFBFBD><EFBFBD>ָ<EFBFBD><D6B8>ʱ<EFBFBD>Χ<E4B7B6><CEA7><EFBFBD><EFBFBD><EFBFBD>ݣ<EFBFBD>ʱ<EFBFBD>Χ: 2026-03-09T18:20 - 2026-03-09T18:25
2026-03-09 18:26:00.003 [log-processor-7] INFO c.c.service.AccessLogAlertService - <20><>ʼִ<CABC>з<EFBFBD><D0B7><EFBFBD><EFBFBD><EFBFBD>־<EFBFBD><EFBFBD><E6BEAF><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
2026-03-09 18:26:00.080 [scheduling-10] INFO c.c.service.DeviceStatsUpdateService - <20><>ʼִ<CABC><D6B4><EFBFBD>豸ͳ<E8B1B8>Ƹ<EFBFBD><C6B8><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>...
2026-03-09 18:26:00.229 [log-processor-7] INFO c.c.service.AccessLogAlertService - <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> 1 <20><><EFBFBD><EFBFBD><EFBFBD>õ<EFBFBD><C3B5><EFBFBD><E3B7A8><EFBFBD><EFBFBD>
2026-03-09 18:26:00.229 [scheduling-7] INFO com.common.service.DataExtractor - ָ<><D6B8>ʱ<EFBFBD>Χ<E4B7B6><CEA7><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>: 1 <20><>
2026-03-09 18:26:00.229 [scheduling-10] INFO c.c.service.DeviceStatsUpdateService - <20>豸ͳ<E8B1B8>Ƹ<EFBFBD><C6B8><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ɣ<EFBFBD><C9A3><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><E8B1B8><EFBFBD><EFBFBD>1<EFBFBD><31><EFBFBD><EFBFBD>ʱ<EFBFBD><CAB1>149ms
2026-03-09 18:26:00.229 [scheduling-2] INFO c.c.service.AccessLogAlertService - <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> 1 <20><><EFBFBD><EFBFBD><EFBFBD>õ<EFBFBD><C3B5><EFBFBD><E3B7A8><EFBFBD><EFBFBD>
2026-03-09 18:26:00.229 [scheduling-10] INFO c.c.service.DeviceStatsUpdateService - <20><>ʼִ<CABC><D6B4><EFBFBD><EFBFBD>ɼ<EFBFBD>̽<EFBFBD><CCBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ʱ<EFBFBD><CAB1><EFBFBD><EFBFBD><EFBFBD>£<EFBFBD>ʱ<EFBFBD><CAB1>: 2026-03-09T18:26:00.229
2026-03-09 18:26:00.229 [scheduling-10] INFO c.c.s.DeviceCollectTaskUpdateService - <20><>ʼ<EFBFBD><CABC><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ɼ<EFBFBD><C9BC><EFBFBD><EFBFBD><EFBFBD>ʱ<EFBFBD><EFBFBD><E4A3AC>ǰʱ<C7B0><CAB1>: 2026-03-09T18:26:00.229
2026-03-09 18:26:00.420 [scheduling-2] INFO c.c.service.AccessLogAlertService - û<>з<EFBFBD><D0B7><EFBFBD><EFBFBD>µ<EFBFBD><C2B5><EFBFBD>־<EFBFBD><D6BE><EFBFBD>ݣ<EFBFBD><DDA3>ϴδ<CFB4><CEB4><EFBFBD>ʱ<EFBFBD><CAB1>: 2026-03-09T18:22:00.236
2026-03-09 18:26:00.424 [log-processor-7] INFO c.c.service.AccessLogAlertService - û<>з<EFBFBD><D0B7><EFBFBD><EFBFBD>µ<EFBFBD><C2B5><EFBFBD>־<EFBFBD><D6BE><EFBFBD>ݣ<EFBFBD><DDA3>ϴδ<CFB4><CEB4><EFBFBD>ʱ<EFBFBD><CAB1>: 2026-03-09T18:22:00.236
2026-03-09 18:26:00.656 [scheduling-7] INFO com.common.service.DataLoader - <20><EFBFBD><E6BEAF><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ɣ<EFBFBD><C9A3>ɹ<EFBFBD>: 1 <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>: 1 <20><>
2026-03-09 18:26:00.668 [scheduling-10] INFO c.c.s.DeviceCollectTaskUpdateService - <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ɣ<EFBFBD><C9A3>ܼ<EFBFBD>: 48<34><38><EFBFBD>Ѹ<EFBFBD><D1B8><EFBFBD>: 1
2026-03-09 18:26:00.668 [scheduling-10] INFO c.c.service.DeviceStatsUpdateService - <20><EFBFBD>ɼ<EFBFBD>̽<EFBFBD><CCBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ʱ<EFBFBD><CAB1><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ɣ<EFBFBD><C9A3><EFBFBD>ʱ: 439ms
2026-03-09 18:26:00.737 [scheduling-7] INFO com.common.service.DataExtractor - <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ݴ<EFBFBD><DDB4><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>: 1/1 (100.00%)
2026-03-09 18:26:00.737 [scheduling-7] INFO com.common.service.DataExtractor - <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ݴ<EFBFBD><DDB4><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ɣ<EFBFBD><C9A3><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> 1 <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
2026-03-09 18:26:00.737 [scheduling-7] INFO com.common.schedule.ETLOrchestrator - <20><>ʱETL<54><4C><EFBFBD><EFBFBD>ִ<EFBFBD><D6B4><EFBFBD><EFBFBD><EFBFBD>ɣ<EFBFBD><C9A3><EFBFBD>ʱ: 0 <20><>
2026-03-09 18:26:00.737 [scheduling-7] INFO c.c.s.NormalizeRuleHitTimeService - <20><>ʼִ<CABC>з<EFBFBD><D0B7><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ʱ<EFBFBD><CAB1><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ʱ<EFBFBD>䣺2026-03-09T18:26:00.737
2026-03-09 18:26:01.294 [scheduling-7] INFO c.c.s.NormalizeRuleHitTimeService - <20><> syslog_normal_data <20><>ͳ<EFBFBD>Ƶ<EFBFBD> 1 <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>м<EFBFBD>¼
2026-03-09 18:26:01.294 [scheduling-7] INFO c.c.s.NormalizeRuleHitTimeService - <20><> syslog_normal_alarm <20><>ͳ<EFBFBD>Ƶ<EFBFBD> 1 <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>м<EFBFBD>¼
2026-03-09 18:26:01.294 [scheduling-7] INFO c.c.s.NormalizeRuleHitTimeService - <20>ϲ<EFBFBD><CFB2><EFBFBD><EFBFBD><EFBFBD>Ҫ<EFBFBD><D2AA><EFBFBD>µĹ<C2B5><C4B9><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>2
2026-03-09 18:26:01.444 [scheduling-7] INFO c.c.s.NormalizeRuleHitTimeService - <20><>ǰ<EFBFBD><C7B0><EFBFBD><EFBFBD>״̬<D7B4>Ĺ<EFBFBD><C4B9><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>173
2026-03-09 18:26:01.444 [scheduling-7] INFO c.c.s.NormalizeRuleHitTimeService - <20><>ʼ<EFBFBD><CABC><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>£<EFBFBD><C2A3><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>173<37><33><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>1
2026-03-09 18:26:01.761 [scheduling-7] INFO c.c.s.NormalizeRuleHitTimeService - <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ʱ<EFBFBD><CAB1><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ɣ<EFBFBD><C9A3><EFBFBD><EFBFBD>¹<EFBFBD><C2B9><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>2<EFBFBD><32><EFBFBD><EFBFBD>ʱ<EFBFBD><CAB1>1024ms
2026-03-09 18:27:00.005 [scheduling-6] INFO c.c.service.AccessLogAlertService - <20><>ʼִ<CABC>з<EFBFBD><D0B7><EFBFBD><EFBFBD><EFBFBD>־<EFBFBD><EFBFBD><E6BEAF><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
2026-03-09 18:27:00.005 [log-processor-8] INFO c.c.service.AccessLogAlertService - <20><>ʼִ<CABC>з<EFBFBD><D0B7><EFBFBD><EFBFBD><EFBFBD>־<EFBFBD><EFBFBD><E6BEAF><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
2026-03-09 18:27:00.078 [scheduling-5] INFO c.c.service.DeviceStatsUpdateService - <20><>ʼִ<CABC><D6B4><EFBFBD>豸ͳ<E8B1B8>Ƹ<EFBFBD><C6B8><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>...
2026-03-09 18:27:00.233 [scheduling-6] INFO c.c.service.AccessLogAlertService - <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> 1 <20><><EFBFBD><EFBFBD><EFBFBD>õ<EFBFBD><C3B5><EFBFBD><E3B7A8><EFBFBD><EFBFBD>
2026-03-09 18:27:00.234 [scheduling-5] INFO c.c.service.DeviceStatsUpdateService - <20>豸ͳ<E8B1B8>Ƹ<EFBFBD><C6B8><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ɣ<EFBFBD><C9A3><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><E8B1B8><EFBFBD><EFBFBD>1<EFBFBD><31><EFBFBD><EFBFBD>ʱ<EFBFBD><CAB1>156ms
2026-03-09 18:27:00.234 [scheduling-5] INFO c.c.service.DeviceStatsUpdateService - <20><>ʼִ<CABC><D6B4><EFBFBD><EFBFBD>ɼ<EFBFBD>̽<EFBFBD><CCBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ʱ<EFBFBD><CAB1><EFBFBD><EFBFBD><EFBFBD>£<EFBFBD>ʱ<EFBFBD><CAB1>: 2026-03-09T18:27:00.234
2026-03-09 18:27:00.234 [scheduling-5] INFO c.c.s.DeviceCollectTaskUpdateService - <20><>ʼ<EFBFBD><CABC><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ɼ<EFBFBD><C9BC><EFBFBD><EFBFBD><EFBFBD>ʱ<EFBFBD><EFBFBD><E4A3AC>ǰʱ<C7B0><CAB1>: 2026-03-09T18:27:00.234
2026-03-09 18:27:00.480 [scheduling-6] INFO c.c.service.AccessLogAlertService - û<>з<EFBFBD><D0B7><EFBFBD><EFBFBD>µ<EFBFBD><C2B5><EFBFBD>־<EFBFBD><D6BE><EFBFBD>ݣ<EFBFBD><DDA3>ϴδ<CFB4><CEB4><EFBFBD>ʱ<EFBFBD><CAB1>: 2026-03-09T18:22:00.236
2026-03-09 18:27:00.494 [log-processor-8] INFO c.c.service.AccessLogAlertService - <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> 1 <20><><EFBFBD><EFBFBD><EFBFBD>õ<EFBFBD><C3B5><EFBFBD><E3B7A8><EFBFBD><EFBFBD>
2026-03-09 18:27:00.704 [scheduling-5] INFO c.c.s.DeviceCollectTaskUpdateService - <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ɣ<EFBFBD><C9A3>ܼ<EFBFBD>: 48<34><38><EFBFBD>Ѹ<EFBFBD><D1B8><EFBFBD>: 1
2026-03-09 18:27:00.704 [scheduling-5] INFO c.c.service.DeviceStatsUpdateService - <20><EFBFBD>ɼ<EFBFBD>̽<EFBFBD><CCBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ʱ<EFBFBD><CAB1><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ɣ<EFBFBD><C9A3><EFBFBD>ʱ: 470ms
2026-03-09 18:27:00.755 [log-processor-8] INFO c.c.service.AccessLogAlertService - û<>з<EFBFBD><D0B7><EFBFBD><EFBFBD>µ<EFBFBD><C2B5><EFBFBD>־<EFBFBD><D6BE><EFBFBD>ݣ<EFBFBD><DDA3>ϴδ<CFB4><CEB4><EFBFBD>ʱ<EFBFBD><CAB1>: 2026-03-09T18:22:00.236
2026-03-09 18:28:00.004 [scheduling-3] INFO c.c.service.AccessLogAlertService - <20><>ʼִ<CABC>з<EFBFBD><D0B7><EFBFBD><EFBFBD><EFBFBD>־<EFBFBD><EFBFBD><E6BEAF><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
2026-03-09 18:28:00.004 [log-processor-9] INFO c.c.service.AccessLogAlertService - <20><>ʼִ<CABC>з<EFBFBD><D0B7><EFBFBD><EFBFBD><EFBFBD>־<EFBFBD><EFBFBD><E6BEAF><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
2026-03-09 18:28:00.081 [scheduling-10] INFO c.c.service.DeviceStatsUpdateService - <20><>ʼִ<CABC><D6B4><EFBFBD>豸ͳ<E8B1B8>Ƹ<EFBFBD><C6B8><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>...
2026-03-09 18:28:00.231 [scheduling-10] INFO c.c.service.DeviceStatsUpdateService - <20>豸ͳ<E8B1B8>Ƹ<EFBFBD><C6B8><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ɣ<EFBFBD><C9A3><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><E8B1B8><EFBFBD><EFBFBD>1<EFBFBD><31><EFBFBD><EFBFBD>ʱ<EFBFBD><CAB1>150ms
2026-03-09 18:28:00.231 [log-processor-9] INFO c.c.service.AccessLogAlertService - <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> 1 <20><><EFBFBD><EFBFBD><EFBFBD>õ<EFBFBD><C3B5><EFBFBD><E3B7A8><EFBFBD><EFBFBD>
2026-03-09 18:28:00.231 [scheduling-10] INFO c.c.service.DeviceStatsUpdateService - <20><>ʼִ<CABC><D6B4><EFBFBD><EFBFBD>ɼ<EFBFBD>̽<EFBFBD><CCBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ʱ<EFBFBD><CAB1><EFBFBD><EFBFBD><EFBFBD>£<EFBFBD>ʱ<EFBFBD><CAB1>: 2026-03-09T18:28:00.231
2026-03-09 18:28:00.231 [scheduling-10] INFO c.c.s.DeviceCollectTaskUpdateService - <20><>ʼ<EFBFBD><CABC><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ɼ<EFBFBD><C9BC><EFBFBD><EFBFBD><EFBFBD>ʱ<EFBFBD><EFBFBD><E4A3AC>ǰʱ<C7B0><CAB1>: 2026-03-09T18:28:00.231
2026-03-09 18:28:00.231 [scheduling-3] INFO c.c.service.AccessLogAlertService - <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> 1 <20><><EFBFBD><EFBFBD><EFBFBD>õ<EFBFBD><C3B5><EFBFBD><E3B7A8><EFBFBD><EFBFBD>
2026-03-09 18:28:00.429 [log-processor-9] INFO c.c.service.AccessLogAlertService - û<>з<EFBFBD><D0B7><EFBFBD><EFBFBD>µ<EFBFBD><C2B5><EFBFBD>־<EFBFBD><D6BE><EFBFBD>ݣ<EFBFBD><DDA3>ϴδ<CFB4><CEB4><EFBFBD>ʱ<EFBFBD><CAB1>: 2026-03-09T18:22:00.236
2026-03-09 18:28:00.529 [scheduling-3] INFO c.c.service.AccessLogAlertService - û<>з<EFBFBD><D0B7><EFBFBD><EFBFBD>µ<EFBFBD><C2B5><EFBFBD>־<EFBFBD><D6BE><EFBFBD>ݣ<EFBFBD><DDA3>ϴδ<CFB4><CEB4><EFBFBD>ʱ<EFBFBD><CAB1>: 2026-03-09T18:22:00.236
2026-03-09 18:28:00.637 [scheduling-10] INFO c.c.s.DeviceCollectTaskUpdateService - <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ɣ<EFBFBD><C9A3>ܼ<EFBFBD>: 48<34><38><EFBFBD>Ѹ<EFBFBD><D1B8><EFBFBD>: 1
2026-03-09 18:28:00.638 [scheduling-10] INFO c.c.service.DeviceStatsUpdateService - <20><EFBFBD>ɼ<EFBFBD>̽<EFBFBD><CCBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ʱ<EFBFBD><CAB1><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ɣ<EFBFBD><C9A3><EFBFBD>ʱ: 406ms
2026-03-09 18:28:00.865 [scheduling-8] INFO c.c.s.RealtimeAnalysisScheduler - ִ<>й<EFBFBD><D0B9><EFBFBD>: ruleId=4e134d65-1170-4d20-ab48-77f3fee6a765, ruleName=<3D><EFBFBD><E6BEAF><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>-<2D><><EFBFBD><EFBFBD>-V2, nextTime=2026-03-09T18:28, now=2026-03-09T18:28:00.711
2026-03-09 18:28:00.865 [scheduling-8] INFO c.c.s.impl.AnalysisRuleServiceImpl - ִ<><D6B4>ʵʱ<CAB5><CAB1><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>: ruleId=4e134d65-1170-4d20-ab48-77f3fee6a765
2026-03-09 18:28:01.335 [scheduling-8] INFO c.c.s.impl.RealtimeAnalysisEngine - <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ڲ<EFBFBD>ѯ<EFBFBD><D1AF>Χ: <20><><EFBFBD>ڴ<EFBFBD>С=5m<35><6D><EFBFBD><EFBFBD>ѯʱ<D1AF>Χ=[2026-03-09 18:23:00, 2026-03-09 18:28:00]
2026-03-09 18:28:01.335 [scheduling-8] INFO c.c.s.impl.RealtimeAnalysisEngine - <20><>ʼִ<CABC><D6B4>ʵʱ<CAB5><CAB1><EFBFBD><EFBFBD>: ruleId=4e134d65-1170-4d20-ab48-77f3fee6a765, ruleName=<3D><EFBFBD><E6BEAF><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>-<2D><><EFBFBD><EFBFBD>-V2, batchNo=20260309182801024, windowType=tumble, dataStartTime=2026-03-09 18:23:00, dataEndTime=2026-03-09 18:28:00
2026-03-09 18:28:02.580 [scheduling-8] INFO c.c.s.impl.RealtimeAnalysisEngine - <20><><EFBFBD>ɵ<EFBFBD>SQL: SELECT src_ip AS attack_ip,
dest_ip AS victim_ip,
origin_event_name AS alarm_name,
ARRAY_AGG(DISTINCT src_port) AS attack_port,
ARRAY_AGG(DISTINCT dest_port) AS victim_port,
MAX(event_level) AS alarm_level,
MODE() WITHIN GROUP (ORDER BY dest_domain) AS dns_info,
MODE() WITHIN GROUP (ORDER BY origin_event_type) AS alarm_type,
COUNT(dest_ip) AS log_count,
MAX(attack_result) AS attack_result,
ARRAY_AGG(DISTINCT http_req_header) AS http_req_header,
ARRAY_AGG(DISTINCT http_req_body) AS http_req_body,
ARRAY_AGG(DISTINCT http_resp_header) AS http_resp_header,
ARRAY_AGG(DISTINCT http_resp_body) AS http_resp_body,
ARRAY_AGG(DISTINCT http_url) AS victim_web_url,
ARRAY_AGG(DISTINCT id) AS origin_log_ids,
MIN(log_time) AS log_start_at,
MAX(log_time) AS log_end_at,
ARRAY_AGG(DISTINCT device_id) AS device_id,
ARRAY_AGG(DISTINCT payload) AS payload,
TUMBLE(log_time, INTERVAL '5 MINUTE') AS window_time
FROM syslog_normal_alarm AS t
WHERE log_time >= '2026-03-09 18:23:00' AND log_time < '2026-03-09 18:28:00' AND src_ip != '127.0.0.1' AND event_level >= 1
GROUP BY src_ip, dest_ip, origin_event_name, TUMBLE(log_time, INTERVAL '5 MINUTE')
初次提交代码
2026-01-11 15:33:22 +08:00
关联分析规则-数据降噪
2026-03-18 18:00:25 +08:00
2026-03-09 18:28:03.047 [scheduling-8] INFO c.c.s.impl.RealtimeAnalysisEngine - <20><><EFBFBD><EFBFBD>ִ<EFBFBD>гɹ<D0B3>: ruleId=4e134d65-1170-4d20-ab48-77f3fee6a765, processedCount=0, alarmCount=0
2026-03-09 18:28:03.362 [scheduling-8] INFO c.c.s.i.RuleExecutionTimeServiceImpl - <20><><EFBFBD>¹<EFBFBD><C2B9><EFBFBD><EFBFBD>´<EFBFBD>ִ<EFBFBD><D6B4>ʱ<EFBFBD>䣬ruleId=4e134d65-1170-4d20-ab48-77f3fee6a765, ruleName=<3D><EFBFBD><E6BEAF><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>-<2D><><EFBFBD><EFBFBD>-V2, windowType=tumble, nextExecuteTime=2026-03-09 18:33:00
2026-03-09 18:28:03.362 [scheduling-8] INFO c.c.s.RealtimeAnalysisScheduler - <20><><EFBFBD>ε<EFBFBD><CEB5><EFBFBD>ִ<EFBFBD>й<EFBFBD><D0B9><EFBFBD><EFBFBD><EFBFBD>: 1, <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>: 0
2026-03-09 18:29:00.006 [scheduling-5] INFO c.c.service.AccessLogAlertService - <20><>ʼִ<CABC>з<EFBFBD><D0B7><EFBFBD><EFBFBD><EFBFBD>־<EFBFBD><EFBFBD><E6BEAF><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
2026-03-09 18:29:00.006 [log-processor-10] INFO c.c.service.AccessLogAlertService - <20><>ʼִ<CABC>з<EFBFBD><D0B7><EFBFBD><EFBFBD><EFBFBD>־<EFBFBD><EFBFBD><E6BEAF><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
2026-03-09 18:29:00.081 [scheduling-2] INFO c.c.service.DeviceStatsUpdateService - <20><>ʼִ<CABC><D6B4><EFBFBD>豸ͳ<E8B1B8>Ƹ<EFBFBD><C6B8><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>...
2026-03-09 18:29:00.236 [scheduling-5] INFO c.c.service.AccessLogAlertService - <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> 1 <20><><EFBFBD><EFBFBD><EFBFBD>õ<EFBFBD><C3B5><EFBFBD><E3B7A8><EFBFBD><EFBFBD>
2026-03-09 18:29:00.236 [log-processor-10] INFO c.c.service.AccessLogAlertService - <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> 1 <20><><EFBFBD><EFBFBD><EFBFBD>õ<EFBFBD><C3B5><EFBFBD><E3B7A8><EFBFBD><EFBFBD>
2026-03-09 18:29:00.240 [scheduling-2] INFO c.c.service.DeviceStatsUpdateService - <20>豸ͳ<E8B1B8>Ƹ<EFBFBD><C6B8><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ɣ<EFBFBD><C9A3><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><E8B1B8><EFBFBD><EFBFBD>1<EFBFBD><31><EFBFBD><EFBFBD>ʱ<EFBFBD><CAB1>159ms
2026-03-09 18:29:00.240 [scheduling-2] INFO c.c.service.DeviceStatsUpdateService - <20><>ʼִ<CABC><D6B4><EFBFBD><EFBFBD>ɼ<EFBFBD>̽<EFBFBD><CCBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ʱ<EFBFBD><CAB1><EFBFBD><EFBFBD><EFBFBD>£<EFBFBD>ʱ<EFBFBD><CAB1>: 2026-03-09T18:29:00.240
2026-03-09 18:29:00.240 [scheduling-2] INFO c.c.s.DeviceCollectTaskUpdateService - <20><>ʼ<EFBFBD><CABC><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ɼ<EFBFBD><C9BC><EFBFBD><EFBFBD><EFBFBD>ʱ<EFBFBD><EFBFBD><E4A3AC>ǰʱ<C7B0><CAB1>: 2026-03-09T18:29:00.240
2026-03-09 18:29:00.487 [scheduling-5] INFO c.c.service.AccessLogAlertService - û<>з<EFBFBD><D0B7><EFBFBD><EFBFBD>µ<EFBFBD><C2B5><EFBFBD>־<EFBFBD><D6BE><EFBFBD>ݣ<EFBFBD><DDA3>ϴδ<CFB4><CEB4><EFBFBD>ʱ<EFBFBD><CAB1>: 2026-03-09T18:22:00.236
2026-03-09 18:29:00.488 [log-processor-10] INFO c.c.service.AccessLogAlertService - û<>з<EFBFBD><D0B7><EFBFBD><EFBFBD>µ<EFBFBD><C2B5><EFBFBD>־<EFBFBD><D6BE><EFBFBD>ݣ<EFBFBD><DDA3>ϴδ<CFB4><CEB4><EFBFBD>ʱ<EFBFBD><CAB1>: 2026-03-09T18:22:00.236
2026-03-09 18:29:00.702 [scheduling-2] INFO c.c.s.DeviceCollectTaskUpdateService - <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ɣ<EFBFBD><C9A3>ܼ<EFBFBD>: 48<34><38><EFBFBD>Ѹ<EFBFBD><D1B8><EFBFBD>: 1
2026-03-09 18:29:00.702 [scheduling-2] INFO c.c.service.DeviceStatsUpdateService - <20><EFBFBD>ɼ<EFBFBD>̽<EFBFBD><CCBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ʱ<EFBFBD><CAB1><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ɣ<EFBFBD><C9A3><EFBFBD>ʱ: 462ms
2026-03-09 18:30:00.005 [scheduling-2] INFO c.c.service.AccessLogAlertService - <20><>ʼִ<CABC>з<EFBFBD><D0B7><EFBFBD><EFBFBD><EFBFBD>־<EFBFBD><EFBFBD><E6BEAF><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
2026-03-09 18:30:00.005 [log-processor-1] INFO c.c.service.AccessLogAlertService - <20><>ʼִ<CABC>з<EFBFBD><D0B7><EFBFBD><EFBFBD><EFBFBD>־<EFBFBD><EFBFBD><E6BEAF><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
2026-03-09 18:30:00.081 [scheduling-8] INFO c.c.service.DeviceStatsUpdateService - <20><>ʼִ<CABC><D6B4><EFBFBD>豸ͳ<E8B1B8>Ƹ<EFBFBD><C6B8><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>...
2026-03-09 18:30:00.233 [scheduling-2] INFO c.c.service.AccessLogAlertService - <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> 1 <20><><EFBFBD><EFBFBD><EFBFBD>õ<EFBFBD><C3B5><EFBFBD><E3B7A8><EFBFBD><EFBFBD>
2026-03-09 18:30:00.233 [log-processor-1] INFO c.c.service.AccessLogAlertService - <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> 1 <20><><EFBFBD><EFBFBD><EFBFBD>õ<EFBFBD><C3B5><EFBFBD><E3B7A8><EFBFBD><EFBFBD>
2026-03-09 18:30:00.235 [scheduling-8] INFO c.c.service.DeviceStatsUpdateService - <20>豸ͳ<E8B1B8>Ƹ<EFBFBD><C6B8><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ɣ<EFBFBD><C9A3><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><E8B1B8><EFBFBD><EFBFBD>1<EFBFBD><31><EFBFBD><EFBFBD>ʱ<EFBFBD><CAB1>154ms
2026-03-09 18:30:00.235 [scheduling-8] INFO c.c.service.DeviceStatsUpdateService - <20><>ʼִ<CABC><D6B4><EFBFBD><EFBFBD>ɼ<EFBFBD>̽<EFBFBD><CCBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ʱ<EFBFBD><CAB1><EFBFBD><EFBFBD><EFBFBD>£<EFBFBD>ʱ<EFBFBD><CAB1>: 2026-03-09T18:30:00.235
2026-03-09 18:30:00.235 [scheduling-8] INFO c.c.s.DeviceCollectTaskUpdateService - <20><>ʼ<EFBFBD><CABC><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ɼ<EFBFBD><C9BC><EFBFBD><EFBFBD><EFBFBD>ʱ<EFBFBD><EFBFBD><E4A3AC>ǰʱ<C7B0><CAB1>: 2026-03-09T18:30:00.235
2026-03-09 18:30:00.430 [log-processor-1] INFO c.c.service.AccessLogAlertService - û<>з<EFBFBD><D0B7><EFBFBD><EFBFBD>µ<EFBFBD><C2B5><EFBFBD>־<EFBFBD><D6BE><EFBFBD>ݣ<EFBFBD><DDA3>ϴδ<CFB4><CEB4><EFBFBD>ʱ<EFBFBD><CAB1>: 2026-03-09T18:22:00.236
2026-03-09 18:30:00.501 [scheduling-2] INFO c.c.service.AccessLogAlertService - û<>з<EFBFBD><D0B7><EFBFBD><EFBFBD>µ<EFBFBD><C2B5><EFBFBD>־<EFBFBD><D6BE><EFBFBD>ݣ<EFBFBD><DDA3>ϴδ<CFB4><CEB4><EFBFBD>ʱ<EFBFBD><CAB1>: 2026-03-09T18:22:00.236
2026-03-09 18:30:00.639 [scheduling-8] INFO c.c.s.DeviceCollectTaskUpdateService - <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ɣ<EFBFBD><C9A3>ܼ<EFBFBD>: 48<34><38><EFBFBD>Ѹ<EFBFBD><D1B8><EFBFBD>: 1
2026-03-09 18:30:00.639 [scheduling-8] INFO c.c.service.DeviceStatsUpdateService - <20><EFBFBD>ɼ<EFBFBD>̽<EFBFBD><CCBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ʱ<EFBFBD><CAB1><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ɣ<EFBFBD><C9A3><EFBFBD>ʱ: 404ms
2026-03-09 18:31:00.006 [scheduling-3] INFO c.c.service.AccessLogAlertService - <20><>ʼִ<CABC>з<EFBFBD><D0B7><EFBFBD><EFBFBD><EFBFBD>־<EFBFBD><EFBFBD><E6BEAF><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
2026-03-09 18:31:00.006 [log-processor-2] INFO c.c.service.AccessLogAlertService - <20><>ʼִ<CABC>з<EFBFBD><D0B7><EFBFBD><EFBFBD><EFBFBD>־<EFBFBD><EFBFBD><E6BEAF><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
2026-03-09 18:31:00.006 [scheduling-8] INFO com.common.schedule.ETLOrchestrator - ETL<54><4C><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ʼִ<CABC>У<EFBFBD><D0A3><EFBFBD>ʼʱ<CABC>䣺2026-03-09 18:25:00,<2C><><EFBFBD><EFBFBD>ʱ<EFBFBD>䣺2026-03-09 18:30:00
2026-03-09 18:31:00.006 [scheduling-8] INFO com.common.service.DataExtractor - <20><>ʼ<EFBFBD><CABC><EFBFBD><EFBFBD><EFBFBD><EFBFBD><E6BEAF><EFBFBD><EFBFBD>ָ<EFBFBD><D6B8>ʱ<EFBFBD>Χ<E4B7B6><CEA7><EFBFBD><EFBFBD><EFBFBD>ݣ<EFBFBD>ʱ<EFBFBD>Χ: 2026-03-09T18:25 - 2026-03-09T18:30
2026-03-09 18:31:00.084 [scheduling-10] INFO c.c.service.DeviceStatsUpdateService - <20><>ʼִ<CABC><D6B4><EFBFBD>豸ͳ<E8B1B8>Ƹ<EFBFBD><C6B8><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>...
2026-03-09 18:31:00.235 [scheduling-8] INFO com.common.service.DataExtractor - ָ<><D6B8>ʱ<EFBFBD>Χ<E4B7B6><CEA7><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>: 0 <20><>
2026-03-09 18:31:00.235 [log-processor-2] INFO c.c.service.AccessLogAlertService - <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> 1 <20><><EFBFBD><EFBFBD><EFBFBD>õ<EFBFBD><C3B5><EFBFBD><E3B7A8><EFBFBD><EFBFBD>
2026-03-09 18:31:00.235 [scheduling-3] INFO c.c.service.AccessLogAlertService - <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> 1 <20><><EFBFBD><EFBFBD><EFBFBD>õ<EFBFBD><C3B5><EFBFBD><E3B7A8><EFBFBD><EFBFBD>
2026-03-09 18:31:00.235 [scheduling-8] INFO com.common.service.DataExtractor - û<><C3BB><EFBFBD><EFBFBD>Ҫ<EFBFBD><D2AA><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
2026-03-09 18:31:00.235 [scheduling-8] INFO com.common.schedule.ETLOrchestrator - <20><>ʱETL<54><4C><EFBFBD><EFBFBD>ִ<EFBFBD><D6B4><EFBFBD><EFBFBD><EFBFBD>ɣ<EFBFBD><C9A3><EFBFBD>ʱ: 0 <20><>
2026-03-09 18:31:00.235 [scheduling-8] INFO c.c.s.NormalizeRuleHitTimeService - <20><>ʼִ<CABC>з<EFBFBD><D0B7><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ʱ<EFBFBD><CAB1><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ʱ<EFBFBD>䣺2026-03-09T18:31:00.235
2026-03-09 18:31:00.236 [scheduling-10] INFO c.c.service.DeviceStatsUpdateService - <20>豸ͳ<E8B1B8>Ƹ<EFBFBD><C6B8><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ɣ<EFBFBD><C9A3><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><E8B1B8><EFBFBD><EFBFBD>1<EFBFBD><31><EFBFBD><EFBFBD>ʱ<EFBFBD><CAB1>152ms
2026-03-09 18:31:00.236 [scheduling-10] INFO c.c.service.DeviceStatsUpdateService - <20><>ʼִ<CABC><D6B4><EFBFBD><EFBFBD>ɼ<EFBFBD>̽<EFBFBD><CCBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ʱ<EFBFBD><CAB1><EFBFBD><EFBFBD><EFBFBD>£<EFBFBD>ʱ<EFBFBD><CAB1>: 2026-03-09T18:31:00.236
2026-03-09 18:31:00.236 [scheduling-10] INFO c.c.s.DeviceCollectTaskUpdateService - <20><>ʼ<EFBFBD><CABC><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ɼ<EFBFBD><C9BC><EFBFBD><EFBFBD><EFBFBD>ʱ<EFBFBD><EFBFBD><E4A3AC>ǰʱ<C7B0><CAB1>: 2026-03-09T18:31:00.236
2026-03-09 18:31:00.515 [scheduling-3] INFO c.c.service.AccessLogAlertService - û<>з<EFBFBD><D0B7><EFBFBD><EFBFBD>µ<EFBFBD><C2B5><EFBFBD>־<EFBFBD><D6BE><EFBFBD>ݣ<EFBFBD><DDA3>ϴδ<CFB4><CEB4><EFBFBD>ʱ<EFBFBD><CAB1>: 2026-03-09T18:22:00.236
2026-03-09 18:31:00.519 [log-processor-2] INFO c.c.service.AccessLogAlertService - û<>з<EFBFBD><D0B7><EFBFBD><EFBFBD>µ<EFBFBD><C2B5><EFBFBD>־<EFBFBD><D6BE><EFBFBD>ݣ<EFBFBD><DDA3>ϴδ<CFB4><CEB4><EFBFBD>ʱ<EFBFBD><CAB1>: 2026-03-09T18:22:00.236
2026-03-09 18:31:00.629 [scheduling-10] INFO c.c.s.DeviceCollectTaskUpdateService - <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ɣ<EFBFBD><C9A3>ܼ<EFBFBD>: 48<34><38><EFBFBD>Ѹ<EFBFBD><D1B8><EFBFBD>: 1
2026-03-09 18:31:00.629 [scheduling-10] INFO c.c.service.DeviceStatsUpdateService - <20><EFBFBD>ɼ<EFBFBD>̽<EFBFBD><CCBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ʱ<EFBFBD><CAB1><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ɣ<EFBFBD><C9A3><EFBFBD>ʱ: 393ms
2026-03-09 18:31:00.758 [scheduling-8] INFO c.c.s.NormalizeRuleHitTimeService - <20><> syslog_normal_data <20><>ͳ<EFBFBD>Ƶ<EFBFBD> 1 <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>м<EFBFBD>¼
2026-03-09 18:31:00.758 [scheduling-8] INFO c.c.s.NormalizeRuleHitTimeService - <20><> syslog_normal_alarm <20><>ͳ<EFBFBD>Ƶ<EFBFBD> 1 <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>м<EFBFBD>¼
2026-03-09 18:31:00.758 [scheduling-8] INFO c.c.s.NormalizeRuleHitTimeService - <20>ϲ<EFBFBD><CFB2><EFBFBD><EFBFBD><EFBFBD>Ҫ<EFBFBD><D2AA><EFBFBD>µĹ<C2B5><C4B9><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>2
2026-03-09 18:31:00.910 [scheduling-8] INFO c.c.s.NormalizeRuleHitTimeService - <20><>ǰ<EFBFBD><C7B0><EFBFBD><EFBFBD>״̬<D7B4>Ĺ<EFBFBD><C4B9><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>173
2026-03-09 18:31:00.910 [scheduling-8] INFO c.c.s.NormalizeRuleHitTimeService - <20><>ʼ<EFBFBD><CABC><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>£<EFBFBD><C2A3><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>173<37><33><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>1
2026-03-09 18:31:00.910 [scheduling-8] INFO c.c.s.NormalizeRuleHitTimeService - <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ʱ<EFBFBD><CAB1><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ɣ<EFBFBD><C9A3><EFBFBD><EFBFBD>¹<EFBFBD><C2B9><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>0<EFBFBD><30><EFBFBD><EFBFBD>ʱ<EFBFBD><CAB1>675ms
2026-03-09 18:32:00.001 [scheduling-8] INFO c.c.service.AccessLogAlertService - <20><>ʼִ<CABC>з<EFBFBD><D0B7><EFBFBD><EFBFBD><EFBFBD>־<EFBFBD><EFBFBD><E6BEAF><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
2026-03-09 18:32:00.001 [log-processor-3] INFO c.c.service.AccessLogAlertService - <20><>ʼִ<CABC>з<EFBFBD><D0B7><EFBFBD><EFBFBD><EFBFBD>־<EFBFBD><EFBFBD><E6BEAF><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
2026-03-09 18:32:00.077 [scheduling-1] INFO c.c.service.DeviceStatsUpdateService - <20><>ʼִ<CABC><D6B4><EFBFBD>豸ͳ<E8B1B8>Ƹ<EFBFBD><C6B8><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>...
2026-03-09 18:32:00.226 [scheduling-8] INFO c.c.service.AccessLogAlertService - <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> 1 <20><><EFBFBD><EFBFBD><EFBFBD>õ<EFBFBD><C3B5><EFBFBD><E3B7A8><EFBFBD><EFBFBD>
2026-03-09 18:32:00.226 [log-processor-3] INFO c.c.service.AccessLogAlertService - <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> 1 <20><><EFBFBD><EFBFBD><EFBFBD>õ<EFBFBD><C3B5><EFBFBD><E3B7A8><EFBFBD><EFBFBD>
2026-03-09 18:32:00.232 [scheduling-1] INFO c.c.service.DeviceStatsUpdateService - <20>豸ͳ<E8B1B8>Ƹ<EFBFBD><C6B8><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ɣ<EFBFBD><C9A3><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><E8B1B8><EFBFBD><EFBFBD>1<EFBFBD><31><EFBFBD><EFBFBD>ʱ<EFBFBD><CAB1>155ms
2026-03-09 18:32:00.232 [scheduling-1] INFO c.c.service.DeviceStatsUpdateService - <20><>ʼִ<CABC><D6B4><EFBFBD><EFBFBD>ɼ<EFBFBD>̽<EFBFBD><CCBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ʱ<EFBFBD><CAB1><EFBFBD><EFBFBD><EFBFBD>£<EFBFBD>ʱ<EFBFBD><CAB1>: 2026-03-09T18:32:00.232
2026-03-09 18:32:00.233 [scheduling-1] INFO c.c.s.DeviceCollectTaskUpdateService - <20><>ʼ<EFBFBD><CABC><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ɼ<EFBFBD><C9BC><EFBFBD><EFBFBD><EFBFBD>ʱ<EFBFBD><EFBFBD><E4A3AC>ǰʱ<C7B0><CAB1>: 2026-03-09T18:32:00.233
2026-03-09 18:32:00.461 [scheduling-8] INFO c.c.service.AccessLogAlertService - û<>з<EFBFBD><D0B7><EFBFBD><EFBFBD>µ<EFBFBD><C2B5><EFBFBD>־<EFBFBD><D6BE><EFBFBD>ݣ<EFBFBD><DDA3>ϴδ<CFB4><CEB4><EFBFBD>ʱ<EFBFBD><CAB1>: 2026-03-09T18:22:00.236
2026-03-09 18:32:00.505 [log-processor-3] INFO c.c.service.AccessLogAlertService - û<>з<EFBFBD><D0B7><EFBFBD><EFBFBD>µ<EFBFBD><C2B5><EFBFBD>־<EFBFBD><D6BE><EFBFBD>ݣ<EFBFBD><DDA3>ϴδ<CFB4><CEB4><EFBFBD>ʱ<EFBFBD><CAB1>: 2026-03-09T18:22:00.236
2026-03-09 18:32:00.640 [scheduling-1] INFO c.c.s.DeviceCollectTaskUpdateService - <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ɣ<EFBFBD><C9A3>ܼ<EFBFBD>: 48<34><38><EFBFBD>Ѹ<EFBFBD><D1B8><EFBFBD>: 1
2026-03-09 18:32:00.640 [scheduling-1] INFO c.c.service.DeviceStatsUpdateService - <20><EFBFBD>ɼ<EFBFBD>̽<EFBFBD><CCBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ʱ<EFBFBD><CAB1><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ɣ<EFBFBD><C9A3><EFBFBD>ʱ: 408ms
2026-03-09 18:33:00.002 [scheduling-10] INFO c.c.service.AccessLogAlertService - <20><>ʼִ<CABC>з<EFBFBD><D0B7><EFBFBD><EFBFBD><EFBFBD>־<EFBFBD><EFBFBD><E6BEAF><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
2026-03-09 18:33:00.002 [log-processor-4] INFO c.c.service.AccessLogAlertService - <20><>ʼִ<CABC>з<EFBFBD><D0B7><EFBFBD><EFBFBD><EFBFBD>־<EFBFBD><EFBFBD><E6BEAF><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
2026-03-09 18:33:00.078 [scheduling-3] INFO c.c.service.DeviceStatsUpdateService - <20><>ʼִ<CABC><D6B4><EFBFBD>豸ͳ<E8B1B8>Ƹ<EFBFBD><C6B8><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>...
2026-03-09 18:33:00.228 [log-processor-4] INFO c.c.service.AccessLogAlertService - <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> 1 <20><><EFBFBD><EFBFBD><EFBFBD>õ<EFBFBD><C3B5><EFBFBD><E3B7A8><EFBFBD><EFBFBD>
2026-03-09 18:33:00.228 [scheduling-10] INFO c.c.service.AccessLogAlertService - <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> 1 <20><><EFBFBD><EFBFBD><EFBFBD>õ<EFBFBD><C3B5><EFBFBD><E3B7A8><EFBFBD><EFBFBD>
2026-03-09 18:33:00.230 [scheduling-6] INFO c.c.s.RealtimeAnalysisScheduler - ִ<>й<EFBFBD><D0B9><EFBFBD>: ruleId=4e134d65-1170-4d20-ab48-77f3fee6a765, ruleName=<3D><EFBFBD><E6BEAF><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>-<2D><><EFBFBD><EFBFBD>-V2, nextTime=2026-03-09T18:33, now=2026-03-09T18:33:00.002
2026-03-09 18:33:00.230 [scheduling-6] INFO c.c.s.impl.AnalysisRuleServiceImpl - ִ<><D6B4>ʵʱ<CAB5><CAB1><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>: ruleId=4e134d65-1170-4d20-ab48-77f3fee6a765
2026-03-09 18:33:00.232 [scheduling-3] INFO c.c.service.DeviceStatsUpdateService - <20>豸ͳ<E8B1B8>Ƹ<EFBFBD><C6B8><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ɣ<EFBFBD><C9A3><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><E8B1B8><EFBFBD><EFBFBD>1<EFBFBD><31><EFBFBD><EFBFBD>ʱ<EFBFBD><CAB1>154ms
2026-03-09 18:33:00.232 [scheduling-3] INFO c.c.service.DeviceStatsUpdateService - <20><>ʼִ<CABC><D6B4><EFBFBD><EFBFBD>ɼ<EFBFBD>̽<EFBFBD><CCBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ʱ<EFBFBD><CAB1><EFBFBD><EFBFBD><EFBFBD>£<EFBFBD>ʱ<EFBFBD><CAB1>: 2026-03-09T18:33:00.232
2026-03-09 18:33:00.232 [scheduling-3] INFO c.c.s.DeviceCollectTaskUpdateService - <20><>ʼ<EFBFBD><CABC><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ɼ<EFBFBD><C9BC><EFBFBD><EFBFBD><EFBFBD>ʱ<EFBFBD><EFBFBD><E4A3AC>ǰʱ<C7B0><CAB1>: 2026-03-09T18:33:00.232
2026-03-09 18:33:00.426 [scheduling-10] INFO c.c.service.AccessLogAlertService - û<>з<EFBFBD><D0B7><EFBFBD><EFBFBD>µ<EFBFBD><C2B5><EFBFBD>־<EFBFBD><D6BE><EFBFBD>ݣ<EFBFBD><DDA3>ϴδ<CFB4><CEB4><EFBFBD>ʱ<EFBFBD><CAB1>: 2026-03-09T18:22:00.236
2026-03-09 18:33:00.494 [log-processor-4] INFO c.c.service.AccessLogAlertService - û<>з<EFBFBD><D0B7><EFBFBD><EFBFBD>µ<EFBFBD><C2B5><EFBFBD>־<EFBFBD><D6BE><EFBFBD>ݣ<EFBFBD><DDA3>ϴδ<CFB4><CEB4><EFBFBD>ʱ<EFBFBD><CAB1>: 2026-03-09T18:22:00.236
2026-03-09 18:33:00.634 [scheduling-3] INFO c.c.s.DeviceCollectTaskUpdateService - <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ɣ<EFBFBD><C9A3>ܼ<EFBFBD>: 48<34><38><EFBFBD>Ѹ<EFBFBD><D1B8><EFBFBD>: 1
2026-03-09 18:33:00.634 [scheduling-3] INFO c.c.service.DeviceStatsUpdateService - <20><EFBFBD>ɼ<EFBFBD>̽<EFBFBD><CCBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ʱ<EFBFBD><CAB1><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ɣ<EFBFBD><C9A3><EFBFBD>ʱ: 402ms
2026-03-09 18:33:00.688 [scheduling-6] INFO c.c.s.impl.RealtimeAnalysisEngine - <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ڲ<EFBFBD>ѯ<EFBFBD><D1AF>Χ: <20><><EFBFBD>ڴ<EFBFBD>С=5m<35><6D><EFBFBD><EFBFBD>ѯʱ<D1AF>Χ=[2026-03-09 18:28:00, 2026-03-09 18:33:00]
2026-03-09 18:33:00.688 [scheduling-6] INFO c.c.s.impl.RealtimeAnalysisEngine - <20><>ʼִ<CABC><D6B4>ʵʱ<CAB5><CAB1><EFBFBD><EFBFBD>: ruleId=4e134d65-1170-4d20-ab48-77f3fee6a765, ruleName=<3D><EFBFBD><E6BEAF><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>-<2D><><EFBFBD><EFBFBD>-V2, batchNo=20260309183300381, windowType=tumble, dataStartTime=2026-03-09 18:28:00, dataEndTime=2026-03-09 18:33:00
2026-03-09 18:33:01.943 [scheduling-6] INFO c.c.s.impl.RealtimeAnalysisEngine - <20><><EFBFBD>ɵ<EFBFBD>SQL: SELECT src_ip AS attack_ip,
dest_ip AS victim_ip,
origin_event_name AS alarm_name,
ARRAY_AGG(DISTINCT src_port) AS attack_port,
ARRAY_AGG(DISTINCT dest_port) AS victim_port,
MAX(event_level) AS alarm_level,
MODE() WITHIN GROUP (ORDER BY dest_domain) AS dns_info,
MODE() WITHIN GROUP (ORDER BY origin_event_type) AS alarm_type,
COUNT(dest_ip) AS log_count,
MAX(attack_result) AS attack_result,
ARRAY_AGG(DISTINCT http_req_header) AS http_req_header,
ARRAY_AGG(DISTINCT http_req_body) AS http_req_body,
ARRAY_AGG(DISTINCT http_resp_header) AS http_resp_header,
ARRAY_AGG(DISTINCT http_resp_body) AS http_resp_body,
ARRAY_AGG(DISTINCT http_url) AS victim_web_url,
ARRAY_AGG(DISTINCT id) AS origin_log_ids,
MIN(log_time) AS log_start_at,
MAX(log_time) AS log_end_at,
ARRAY_AGG(DISTINCT device_id) AS device_id,
ARRAY_AGG(DISTINCT payload) AS payload,
TUMBLE(log_time, INTERVAL '5 MINUTE') AS window_time
FROM syslog_normal_alarm AS t
WHERE log_time >= '2026-03-09 18:28:00' AND log_time < '2026-03-09 18:33:00' AND src_ip != '127.0.0.1' AND event_level >= 1
GROUP BY src_ip, dest_ip, origin_event_name, TUMBLE(log_time, INTERVAL '5 MINUTE')
初次提交代码
2026-01-11 15:33:22 +08:00
关联分析规则-数据降噪
2026-03-18 18:00:25 +08:00
2026-03-09 18:33:02.410 [scheduling-6] INFO c.c.s.impl.RealtimeAnalysisEngine - <20><><EFBFBD><EFBFBD>ִ<EFBFBD>гɹ<D0B3>: ruleId=4e134d65-1170-4d20-ab48-77f3fee6a765, processedCount=0, alarmCount=0
2026-03-09 18:33:02.717 [scheduling-6] INFO c.c.s.i.RuleExecutionTimeServiceImpl - <20><><EFBFBD>¹<EFBFBD><C2B9><EFBFBD><EFBFBD>´<EFBFBD>ִ<EFBFBD><D6B4>ʱ<EFBFBD>䣬ruleId=4e134d65-1170-4d20-ab48-77f3fee6a765, ruleName=<3D><EFBFBD><E6BEAF><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>-<2D><><EFBFBD><EFBFBD>-V2, windowType=tumble, nextExecuteTime=2026-03-09 18:38:00
2026-03-09 18:33:02.718 [scheduling-6] INFO c.c.s.RealtimeAnalysisScheduler - <20><><EFBFBD>ε<EFBFBD><CEB5><EFBFBD>ִ<EFBFBD>й<EFBFBD><D0B9><EFBFBD><EFBFBD><EFBFBD>: 1, <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>: 0
Reference in New Issue Copy Permalink