ai-security-xdr/haobang-security-xdr/logs/syslog-serve.log

2026-01-10 13:26:58.023 [main] INFO  com.SyslogServeMainApp - Starting SyslogServeMainApp using Java 1.8.0_121 on LAPTOP-ARDUR3N0 with PID 26480 (E:\GIT_GOSAME\haobang-security-xdr\syslog-serve\target\classes started by chenc in E:\GIT_GOSAME\haobang-security-xdr)
2026-01-10 13:26:58.023 [background-preinit] INFO  o.h.validator.internal.util.Version - HV000001: Hibernate Validator 6.2.5.Final
2026-01-10 13:26:58.029 [main] INFO  com.SyslogServeMainApp - No active profile set, falling back to 1 default profile: "default"
2026-01-10 13:26:59.839 [main] INFO  o.s.d.r.c.RepositoryConfigurationDelegate - Multiple Spring Data modules found, entering strict repository configuration mode
2026-01-10 13:26:59.839 [main] INFO  o.s.d.r.c.RepositoryConfigurationDelegate - Bootstrapping Spring Data Redis repositories in DEFAULT mode.
2026-01-10 13:27:00.011 [main] INFO  o.s.d.r.c.RepositoryConfigurationDelegate - Finished Spring Data repository scanning in 153 ms. Found 0 Redis repository interfaces.
2026-01-10 13:27:00.592 [main] INFO  o.s.b.w.e.tomcat.TomcatWebServer - Tomcat initialized with port(s): 8189 (http)
2026-01-10 13:27:00.604 [main] INFO  o.a.coyote.http11.Http11NioProtocol - Initializing ProtocolHandler ["http-nio-8189"]
2026-01-10 13:27:00.604 [main] INFO  o.a.catalina.core.StandardService - Starting service [Tomcat]
2026-01-10 13:27:00.604 [main] INFO  o.a.catalina.core.StandardEngine - Starting Servlet engine: [Apache Tomcat/9.0.65]
2026-01-10 13:27:00.971 [main] INFO  o.a.c.c.C.[.[.[/syslogserve] - Initializing Spring embedded WebApplicationContext
2026-01-10 13:27:00.971 [main] INFO  o.s.b.w.s.c.ServletWebServerApplicationContext - Root WebApplicationContext: initialization completed in 2874 ms
2026-01-10 13:27:04.637 [main] INFO  o.a.coyote.http11.Http11NioProtocol - Starting ProtocolHandler ["http-nio-8189"]
2026-01-10 13:27:04.652 [main] INFO  o.s.b.w.e.tomcat.TomcatWebServer - Tomcat started on port(s): 8189 (http) with context path '/syslogserve'
2026-01-10 13:27:04.662 [main] INFO  com.SyslogServeMainApp - Started SyslogServeMainApp in 7.133 seconds (JVM running for 12.488)
2026-01-10 13:27:04.693 [main] INFO  com.SyslogServeMainApp - Application SyslogServer start !
2026-01-10 13:27:04.694 [main] INFO  com.netty.SyslogServer - Starting Syslog server with TCP port 514 and UDP port 514
2026-01-10 13:27:05.069 [pool-3-thread-2] INFO  com.netty.SyslogServer - TCP Syslog server started on port 514
2026-01-10 13:27:05.069 [pool-3-thread-1] INFO  com.netty.SyslogServer - UDP Syslog server started on port 514
2026-01-10 13:27:05.069 [main] INFO  com.netty.SyslogServer - Both TCP and UDP Syslog servers are running
2026-01-10 13:38:58.993 [nioEventLoopGroup-5-1] INFO  com.netty.SyslogMessageHandler - Received syslog from 192.168.0.103:65442: <0> 2026-01-10T05:28:32+08:00 ubuntu log_forward[3419]: {"timestamp":"2026-01-10T05:28:32.806781+0800","flow_id":1671852309144385,"community_id":"uLeKRLkXu9m0D0DNn6wIg7CcdOs=","serial_num":"CJFBT92","origin":"eno4","xdr_log_type":"http","vxlan_vni":256,"src_ip":"172.16.121.137","src_port":51114,"dest_ip":"110.43.89.7","dest_port":80,"proto":"TCP","app_proto":"http","tcp_sequence":3553898360,"tcp_ack_sequence":3537707565,"ether":{"src_mac":"90:f1:b0:fb:81:a1","dest_mac":"a4:7b:2c:21:03:79"},"host":"rq.lbcct.cloud.duba.net","host_md5":"51cfa6d0981c8eb355a9b3af716da08d","uri":"/query?1767994112","uri_md5":"f28f2c62d0dd01c355caa05815d93d99","referer":"","method":"POST","protocol":"HTTP/1.1","status":200,"req_content_type":"application/x-www-form-urlencoded","request_headers":"host: rq.lbcct.cloud.duba.net\r\naccept: */*\r\ncontent-length: 85\r\ncontent-type: application/x-www-form-urlencoded\r\n","rsp_content_type":"text/plain","response_headers":"server: Tengine/1.5.2\r\ndate: Fri, 09 Jan 2026 21:28:32 GMT\r\ncontent-type: text/plain\r\nContent-Length: 54\r\nConnection: keep-alive\r\nContent-Tag: 1936292435\r\n"}
2026-01-10 13:38:59.375 [nioEventLoopGroup-5-1] INFO  com.zaxxer.hikari.HikariDataSource - HikariPool-1 - Starting...
2026-01-10 13:38:59.994 [nioEventLoopGroup-5-1] INFO  com.zaxxer.hikari.HikariDataSource - HikariPool-1 - Start completed.
2026-01-10 13:39:00.321 [nioEventLoopGroup-5-1] ERROR com.Modules.Device.DeviceProcess - 设备请求的Host IP非系统注册，请联系管理员添加设备信息！
2026-01-10 13:39:00.321 [nioEventLoopGroup-5-1] INFO  com.netty.SyslogMessageHandler - syslog message 的请求设备IP:192.168.0.103非系统注册，暂不做处理！
2026-01-10 13:39:00.579 [nioEventLoopGroup-5-1] INFO  c.c.s.impl.DeviceUnknownServiceImpl - 更新设备最后发现时间成功，ID: 16
2026-01-10 13:59:49.596 [HikariPool-1 housekeeper] WARN  com.zaxxer.hikari.pool.HikariPool - HikariPool-1 - Thread starvation or clock leap detected (housekeeper delta=5m51s158ms35µs500ns).
2026-01-10 14:08:50.222 [nioEventLoopGroup-5-2] INFO  com.netty.SyslogMessageHandler - Received syslog from 192.168.0.103:59772: <0> 2026-01-10T05:28:32+08:00 ubuntu log_forward[3419]: {"timestamp":"2026-01-10T05:28:32.806781+0800","flow_id":1671852309144385,"community_id":"uLeKRLkXu9m0D0DNn6wIg7CcdOs=","serial_num":"CJFBT92","origin":"eno4","xdr_log_type":"http","vxlan_vni":256,"src_ip":"172.16.121.137","src_port":51114,"dest_ip":"110.43.89.7","dest_port":80,"proto":"TCP","app_proto":"http","tcp_sequence":3553898360,"tcp_ack_sequence":3537707565,"ether":{"src_mac":"90:f1:b0:fb:81:a1","dest_mac":"a4:7b:2c:21:03:79"},"host":"rq.lbcct.cloud.duba.net","host_md5":"51cfa6d0981c8eb355a9b3af716da08d","uri":"/query?1767994112","uri_md5":"f28f2c62d0dd01c355caa05815d93d99","referer":"","method":"POST","protocol":"HTTP/1.1","status":200,"req_content_type":"application/x-www-form-urlencoded","request_headers":"host: rq.lbcct.cloud.duba.net\r\naccept: */*\r\ncontent-length: 85\r\ncontent-type: application/x-www-form-urlencoded\r\n","rsp_content_type":"text/plain","response_headers":"server: Tengine/1.5.2\r\ndate: Fri, 09 Jan 2026 21:28:32 GMT\r\ncontent-type: text/plain\r\nContent-Length: 54\r\nConnection: keep-alive\r\nContent-Tag: 1936292435\r\n"}
2026-01-10 14:08:55.232 [nioEventLoopGroup-5-2] WARN  com.zaxxer.hikari.pool.PoolBase - HikariPool-1 - Failed to validate connection org.postgresql.jdbc.PgConnection@53953cd1 (This connection has been closed.). Possibly consider using a shorter maxLifetime value.
2026-01-10 14:25:15.953 [nioEventLoopGroup-5-3] INFO  com.netty.SyslogMessageHandler - Received syslog from 192.168.0.103:65302: <0> 2026-01-10T13:47:27+08:00 ubuntu log_forward[3419]: {"timestamp":"2026-01-10T13:47:27.249503+0800","flow_id":767115114538067,"community_id":"fFU2gDB2+pyUS6xQpAqqLdPLG4k=","serial_num":"CJFBT92","origin":"eno4","xdr_log_type":"http","vxlan_vni":256,"src_ip":"192.168.2.81","src_port":51018,"dest_ip":"120.241.131.42","dest_port":80,"proto":"TCP","app_proto":"http","tcp_sequence":423808413,"tcp_ack_sequence":3371175627,"ether":{},"host":"szextshort.weixin.qq.com","host_md5":"d7745538302ebc766b77ca8a4f3dd735","uri":"/mmtls/1abfe317","uri_md5":"e889825636e4d22b1d364b6bd6400ad5","agent":"MicroMessenger Client","referer":"","method":"POST","protocol":"HTTP/1.1","req_content_type":"application/octet-stream","request_headers":"accept: */*\r\ncache-control: no-cache\r\nconnection: Keep-Alive\r\ncontent-length: 2579\r\ncontent-type: application/octet-stream\r\nHost: szextshort.weixin.qq.com\r\nUpgrade: mmtls\r\nUser-Agent: MicroMessenger Client\r\n","rsp_content_type":"","response_headers":""}
2026-01-10 14:48:21.561 [nioEventLoopGroup-5-4] INFO  com.netty.SyslogMessageHandler - Received syslog from 192.168.0.103:64558: <0> 2026-01-10T05:28:32+08:00 ubuntu log_forward[3419]: {"timestamp":"2026-01-10T05:28:32.806781+0800","flow_id":1671852309144385,"community_id":"uLeKRLkXu9m0D0DNn6wIg7CcdOs=","serial_num":"CJFBT92","origin":"eno4","xdr_log_type":"http","vxlan_vni":256,"src_ip":"172.16.121.137","src_port":51114,"dest_ip":"110.43.89.7","dest_port":80,"proto":"TCP","app_proto":"http","tcp_sequence":3553898360,"tcp_ack_sequence":3537707565,"ether":{"src_mac":"90:f1:b0:fb:81:a1","dest_mac":"a4:7b:2c:21:03:79"},"host":"rq.lbcct.cloud.duba.net","host_md5":"51cfa6d0981c8eb355a9b3af716da08d","uri":"/query?1767994112","uri_md5":"f28f2c62d0dd01c355caa05815d93d99","referer":"","method":"POST","protocol":"HTTP/1.1","status":200,"req_content_type":"application/x-www-form-urlencoded","request_headers":"host: rq.lbcct.cloud.duba.net\r\naccept: */*\r\ncontent-length: 85\r\ncontent-type: application/x-www-form-urlencoded\r\n","rsp_content_type":"text/plain","response_headers":"server: Tengine/1.5.2\r\ndate: Fri, 09 Jan 2026 21:28:32 GMT\r\ncontent-type: text/plain\r\nContent-Length: 54\r\nConnection: keep-alive\r\nContent-Tag: 1936292435\r\n"}