1、完善kafka 接收消息进行sm4 解密

2、新增IP联动封禁相关的API接口，供探针模块进行调用。

haobang-security-xdr/syslog-consumer/src/main/java/com/Modules/NormalData/LogNormalProcessor.java

@@ -79,9 +79,9 @@ public class LogNormalProcessor {
     @Autowired
     DmNormalizeRuleMapper dmNormalizeRuleMapper;
 
-    private static  List<Map<String, Object>> dmNormalizeRuleList;
-    private static  List<Map<String, Object>> dmColumnList;
-    private static  LinkedHashMap<String, Object>   OrginalColumnMap ;
+    private   List<Map<String, Object>> dmNormalizeRuleList;
+    private   List<Map<String, Object>> dmColumnList;
+    private   LinkedHashMap<String, Object>   OrginalColumnMap ;
 
     public  LogNormalProcessor( String LogMsg, String syslogUUID,String syslogTopic) {
 
@@ -489,7 +489,15 @@ public class LogNormalProcessor {
     {
         Map<String, Object > columnMap= new HashMap<>();
         for (Map<String, Object> map : normalColumnList) {
-            columnMap.put(map.get("dest_field").toString(),map.get("dest_field_value"));
+
+            Object destFieldValue = map.get("dest_field_value");
+            // 判断 dest_field_value 是否为 String 且包含 "\u0000"
+            if (destFieldValue instanceof String && ((String) destFieldValue).contains("\u0000")) {
+                // 替换掉所有 "\u0000" 字符
+                destFieldValue = ((String) destFieldValue).replace("\u0000", "");
+            }
+            columnMap.put(map.get("dest_field").toString(), destFieldValue);
+            //columnMap.put(map.get("dest_field").toString(),map.get("dest_field_value"));
         }
         return columnMap;
     }

haobang-security-xdr/syslog-consumer/src/main/java/com/Modules/NormalData/SysLogProcessor.java

@@ -26,6 +26,9 @@ import java.util.concurrent.atomic.AtomicInteger;
 import java.time.LocalDate;
 import java.time.LocalDate;
 import java.time.format.DateTimeFormatter;
+
+import com.common.util.Sm4Util;
+import com.config.AppConfig;
 @Slf4j
 @Component
 public class SysLogProcessor {
@@ -40,10 +43,14 @@ public class SysLogProcessor {
     @Value("${app.processor.process-timeout-ms:30000}")
     private long processTimeoutMs;
 
+    private static String  strhexKey=AppConfig.getSM4Key();
     private final AtomicInteger totalProcessed = new AtomicInteger(0);
     private final AtomicInteger currentBatchCount = new AtomicInteger(0);
     // 初始化 InfluxDB 客户端
     private final com.influx.InfluxDBClient influxClient  = new InfluxDBClient();
+
+
+
     /**
      * 方案一：直接多线程并行处理（推荐）
      * 单线程消费，每条消息独立提交给线程池处理
@@ -80,7 +87,7 @@ public class SysLogProcessor {
                 CompletableFuture<Void> future = CompletableFuture.runAsync(() -> {
                     try {
                         // 异步处理单条消息
-                        log.info("收到syslogmessage："+ record.value());
+                        log.info("收到syslogmessage："+ Sm4Util.decryptCbc(record.value(), strhexKey));
                         processSingleMessageAsync(record);
                     } catch (Exception e) {
                         log.error("处理消息失败, topic: {}, partition: {}, offset: {}",
@@ -251,8 +258,13 @@ public class SysLogProcessor {
             // 模拟业务处理
             //processBusinessLogic(message);
 
+            //Message进行SM4解密
+            String Sm4message=Sm4Util.decryptCbc(record.value(), strhexKey);
+            System.out.println("Sm4message:"+Sm4message);
+
+
             String sysLogUUID =getSysLogUUID();
-            String strDeviceInfo= SyslogParser.substringBeforeFirstChar(record.value(),']');
+            String strDeviceInfo= SyslogParser.substringBeforeFirstChar(Sm4message,']');
             Map<String,String> mapdev  =SyslogParser.parseKeyValuePairs(strDeviceInfo);
 
             // 初始化 InfluxDB 客户端
@@ -261,7 +273,7 @@ public class SysLogProcessor {
                     .addTag("device_collect_id", mapdev.get("device_collect_id")) // 添加探针ID标签
                     .addTag("uuid", sysLogUUID)   //syslog uuid
                     .addTag("topic", AppConfig.getTopic())  //kafka topic
-                    .addField("message", record.value()) // 添加字段
+                    .addField("message", Sm4message) // 添加字段
                     .addField("receive_time", mapdev.get("receive_time")) // 添加字段
                     .addField("uuid", sysLogUUID)
                     .time(System.currentTimeMillis(), WritePrecision.MS) ;// 毫秒级时间戳
@@ -272,7 +284,7 @@ public class SysLogProcessor {
             //insertSingleRecord( record.value());
 
             //String syslogMessage= AppConfig.geRunEnvironment‌().equals("test")? record.value().substring(34) : record.value();
-            String syslogMessage= record.value();
+            String syslogMessage= Sm4message;
             //剔除测试环境本机syslog新增的头部信息
             LogNormalProcessor logNormalProcessor = new LogNormalProcessor(syslogMessage,sysLogUUID,AppConfig.getTopic());
             //LogNormalProcessor logNormalProcessor =new LogNormalProcessor(record.value());