From 6603c6f4a133c76e2781515cdededf1af2ae41b6 Mon Sep 17 00:00:00 2001
From: nanChen <nanChen@hololand.com>
Date: Sun, 11 Jan 2026 15:33:22 +0800
Subject: [PATCH] =?UTF-8?q?=E5=88=9D=E6=AC=A1=E6=8F=90=E4=BA=A4=E4=BB=A3?=
 =?UTF-8?q?=E7=A0=81?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 haobang-security-xdr/.idea/compiler.xml       |   22 +
 haobang-security-xdr/.idea/encodings.xml      |   11 +
 ..._ch_qos_logback_logback_classic_1_2_11.xml |   13 +
 ...en__ch_qos_logback_logback_core_1_2_11.xml |   13 +
 .../Maven__cn_hutool_hutool_all_5_8_16.xml    |   13 +
 ...stic_clients_elasticsearch_java_7_17_6.xml |   13 +
 ...com_alibaba_fastjson2_fastjson2_2_0_40.xml |   13 +
 .../Maven__com_alibaba_fastjson_1_2_83.xml    |   13 +
 ...ven__com_baomidou_mybatis_plus_3_5_3_1.xml |   13 +
 ...omidou_mybatis_plus_annotation_3_5_3_1.xml |   13 +
 ...idou_mybatis_plus_boot_starter_3_5_3_1.xml |   13 +
 ...com_baomidou_mybatis_plus_core_3_5_3_1.xml |   13 +
 ...aomidou_mybatis_plus_extension_3_5_3_1.xml |   13 +
 .../Maven__com_carrotsearch_hppc_0_8_1.xml    |   13 +
 .../Maven__com_fasterxml_classmate_1_5_1.xml  |   13 +
 ...ackson_core_jackson_annotations_2_13_3.xml |   13 +
 ...ackson_core_jackson_annotations_2_13_4.xml |   13 +
 ...erxml_jackson_core_jackson_core_2_13_3.xml |   13 +
 ...erxml_jackson_core_jackson_core_2_13_4.xml |   13 +
 ...l_jackson_core_jackson_databind_2_13_3.xml |   13 +
 ...aformat_jackson_dataformat_cbor_2_13_4.xml |   13 +
 ...format_jackson_dataformat_smile_2_13_4.xml |   13 +
 ...aformat_jackson_dataformat_yaml_2_13_4.xml |   13 +
 ..._datatype_jackson_datatype_jdk8_2_13_4.xml |   13 +
 ...atatype_jackson_datatype_jsr310_2_13_4.xml |   13 +
 ..._jackson_module_parameter_names_2_13_4.xml |   13 +
 ...__com_github_jsqlparser_jsqlparser_4_5.xml |   13 +
 ...ven__com_github_luben_zstd_jni_1_5_2_1.xml |   13 +
 ...com_github_pagehelper_pagehelper_5_3_2.xml |   13 +
 ...helper_spring_boot_autoconfigure_1_4_6.xml |   13 +
 ...r_pagehelper_spring_boot_starter_1_4_6.xml |   13 +
 ..._spullara_mustache_java_compiler_0_9_6.xml |   13 +
 ..._com_google_code_findbugs_jsr305_3_0_2.xml |   13 +
 ...Maven__com_google_code_gson_gson_2_9_1.xml |   13 +
 ...om_influxdb_influxdb_client_core_6_9_0.xml |   13 +
 ...om_influxdb_influxdb_client_java_6_9_0.xml |   13 +
 ...m_influxdb_influxdb_client_utils_6_9_0.xml |   13 +
 ...n__com_jayway_jsonpath_json_path_2_7_0.xml |   13 +
 ...om_mchange_mchange_commons_java_0_2_15.xml |   13 +
 ...reup_okhttp3_logging_interceptor_4_9_3.xml |   13 +
 ...ven__com_squareup_okhttp3_okhttp_4_9_3.xml |   13 +
 .../Maven__com_squareup_okio_okio_3_3_0.xml   |   13 +
 ...aven__com_squareup_okio_okio_jvm_3_3_0.xml |   13 +
 ...uareup_retrofit2_adapter_rxjava3_2_9_0.xml |   13 +
 ...quareup_retrofit2_converter_gson_2_9_0.xml |   13 +
 ...reup_retrofit2_converter_scalars_2_9_0.xml |   13 +
 ..._com_squareup_retrofit2_retrofit_2_9_0.xml |   13 +
 .../Maven__com_tdunning_t_digest_3_2.xml      |   13 +
 .../Maven__com_typesafe_config_1_4_2.xml      |   13 +
 ...ogle_android_json_0_0_20131108_vaadin1.xml |   13 +
 .../Maven__com_zaxxer_HikariCP_4_0_3.xml      |   13 +
 ...aven__commons_codec_commons_codec_1_15.xml |   13 +
 ..._io_lettuce_lettuce_core_6_1_9_RELEASE.xml |   13 +
 ...Maven__io_netty_netty_all_4_1_92_Final.xml |   13 +
 ...en__io_netty_netty_buffer_4_1_82_Final.xml |   13 +
 ...en__io_netty_netty_buffer_4_1_92_Final.xml |   13 +
 ...ven__io_netty_netty_codec_4_1_82_Final.xml |   13 +
 ...ven__io_netty_netty_codec_4_1_92_Final.xml |   13 +
 ..._io_netty_netty_codec_dns_4_1_92_Final.xml |   13 +
 ...netty_netty_codec_haproxy_4_1_92_Final.xml |   13 +
 ...o_netty_netty_codec_http2_4_1_92_Final.xml |   13 +
 ...io_netty_netty_codec_http_4_1_92_Final.xml |   13 +
 ...etty_netty_codec_memcache_4_1_92_Final.xml |   13 +
 ...io_netty_netty_codec_mqtt_4_1_92_Final.xml |   13 +
 ...o_netty_netty_codec_redis_4_1_92_Final.xml |   13 +
 ...io_netty_netty_codec_smtp_4_1_92_Final.xml |   13 +
 ...o_netty_netty_codec_socks_4_1_92_Final.xml |   13 +
 ...o_netty_netty_codec_stomp_4_1_92_Final.xml |   13 +
 ..._io_netty_netty_codec_xml_4_1_92_Final.xml |   13 +
 ...en__io_netty_netty_common_4_1_82_Final.xml |   13 +
 ...en__io_netty_netty_common_4_1_92_Final.xml |   13 +
 ...n__io_netty_netty_handler_4_1_82_Final.xml |   13 +
 ...n__io_netty_netty_handler_4_1_92_Final.xml |   13 +
 ...netty_netty_handler_proxy_4_1_92_Final.xml |   13 +
 ...ty_netty_handler_ssl_ocsp_4_1_92_Final.xml |   13 +
 ...__io_netty_netty_resolver_4_1_82_Final.xml |   13 +
 ...__io_netty_netty_resolver_4_1_92_Final.xml |   13 +
 ..._netty_netty_resolver_dns_4_1_92_Final.xml |   13 +
 ...esolver_dns_classes_macos_4_1_92_Final.xml |   13 +
 ...native_macos_osx_aarch_64_4_1_92_Final.xml |   13 +
 ...s_native_macos_osx_x86_64_4_1_92_Final.xml |   13 +
 ..._io_netty_netty_transport_4_1_82_Final.xml |   13 +
 ..._io_netty_netty_transport_4_1_92_Final.xml |   13 +
 ...y_transport_classes_epoll_4_1_92_Final.xml |   13 +
 ..._transport_classes_kqueue_4_1_92_Final.xml |   13 +
 ...tive_epoll_linux_aarch_64_4_1_92_Final.xml |   13 +
 ...native_epoll_linux_x86_64_4_1_92_Final.xml |   13 +
 ...ative_kqueue_osx_aarch_64_4_1_92_Final.xml |   13 +
 ..._native_kqueue_osx_x86_64_4_1_92_Final.xml |   13 +
 ...nsport_native_unix_common_4_1_82_Final.xml |   13 +
 ...nsport_native_unix_common_4_1_92_Final.xml |   13 +
 ...etty_netty_transport_rxtx_4_1_92_Final.xml |   13 +
 ...etty_netty_transport_sctp_4_1_92_Final.xml |   13 +
 ...netty_netty_transport_udt_4_1_92_Final.xml |   13 +
 ..._io_projectreactor_reactor_core_3_4_23.xml |   13 +
 ...ven__io_reactivex_rxjava3_rxjava_3_1_6.xml |   13 +
 ...ctivation_jakarta_activation_api_1_2_2.xml |   13 +
 ...nnotation_jakarta_annotation_api_1_3_5.xml |   13 +
 ...n__jakarta_json_jakarta_json_api_1_1_6.xml |   13 +
 ...alidation_jakarta_validation_api_2_0_2.xml |   13 +
 ...ta_xml_bind_jakarta_xml_bind_api_2_3_3.xml |   13 +
 .../Maven__joda_time_joda_time_2_9_9.xml      |   13 +
 ...aven__net_bytebuddy_byte_buddy_1_12_17.xml |   13 +
 ...net_bytebuddy_byte_buddy_agent_1_12_17.xml |   13 +
 .../Maven__net_java_dev_jna_jna_5_10_0.xml    |   13 +
 ...ven__net_minidev_accessors_smart_2_4_8.xml |   13 +
 .../Maven__net_minidev_json_smart_2_4_8.xml   |   13 +
 ...__net_sf_jopt_simple_jopt_simple_5_0_2.xml |   13 +
 ..._org_apache_commons_commons_csv_1_10_0.xml |   13 +
 ...rg_apache_commons_commons_lang3_3_12_0.xml |   13 +
 ...e_httpcomponents_httpasyncclient_4_1_5.xml |   13 +
 ...pache_httpcomponents_httpclient_4_5_13.xml |   13 +
 ..._apache_httpcomponents_httpcore_4_4_15.xml |   13 +
 ...che_httpcomponents_httpcore_nio_4_4_15.xml |   13 +
 ...__org_apache_kafka_kafka_clients_3_4_0.xml |   13 +
 ..._apache_logging_log4j_log4j_api_2_17_2.xml |   13 +
 ...he_logging_log4j_log4j_to_slf4j_2_17_2.xml |   13 +
 ..._lucene_lucene_analyzers_common_8_11_1.xml |   13 +
 ...e_lucene_lucene_backward_codecs_8_11_1.xml |   13 +
 ...__org_apache_lucene_lucene_core_8_11_1.xml |   13 +
 ...g_apache_lucene_lucene_grouping_8_11_1.xml |   13 +
 ...pache_lucene_lucene_highlighter_8_11_1.xml |   13 +
 ...__org_apache_lucene_lucene_join_8_11_1.xml |   13 +
 ...org_apache_lucene_lucene_memory_8_11_1.xml |   13 +
 ...__org_apache_lucene_lucene_misc_8_11_1.xml |   13 +
 ...rg_apache_lucene_lucene_queries_8_11_1.xml |   13 +
 ...pache_lucene_lucene_queryparser_8_11_1.xml |   13 +
 ...rg_apache_lucene_lucene_sandbox_8_11_1.xml |   13 +
 ..._apache_lucene_lucene_spatial3d_8_11_1.xml |   13 +
 ...rg_apache_lucene_lucene_suggest_8_11_1.xml |   13 +
 ..._tomcat_embed_tomcat_embed_core_9_0_65.xml |   13 +
 ...he_tomcat_embed_tomcat_embed_el_9_0_65.xml |   13 +
 ...at_embed_tomcat_embed_websocket_9_0_65.xml |   13 +
 ..._org_apiguardian_apiguardian_api_1_1_2.xml |   13 +
 ...Maven__org_assertj_assertj_core_3_22_0.xml |   13 +
 ...rg_checkerframework_checker_qual_3_5_0.xml |   13 +
 ...ven__org_eclipse_parsson_parsson_1_0_0.xml |   13 +
 ...lient_elasticsearch_rest_client_7_17_6.xml |   13 +
 ...icsearch_rest_high_level_client_7_17_6.xml |   13 +
 ...org_elasticsearch_elasticsearch_7_17_6.xml |   13 +
 ...elasticsearch_elasticsearch_cli_7_17_6.xml |   13 +
 ...lasticsearch_elasticsearch_core_7_17_6.xml |   13 +
 ...elasticsearch_elasticsearch_geo_7_17_6.xml |   13 +
 ...elasticsearch_elasticsearch_lz4_7_17_6.xml |   13 +
 ...lasticsearch_plugin_classloader_7_17_6.xml |   13 +
 ...csearch_elasticsearch_secure_sm_7_17_6.xml |   13 +
 ...csearch_elasticsearch_x_content_7_17_6.xml |   13 +
 ...plugin_aggs_matrix_stats_client_7_17_6.xml |   13 +
 ...rch_plugin_lang_mustache_client_7_17_6.xml |   13 +
 ...rch_plugin_mapper_extras_client_7_17_6.xml |   13 +
 ...earch_plugin_parent_join_client_7_17_6.xml |   13 +
 ...csearch_plugin_rank_eval_client_7_17_6.xml |   13 +
 .../Maven__org_graylog2_syslog4j_0_9_61.xml   |   13 +
 .../Maven__org_hamcrest_hamcrest_2_2.xml      |   13 +
 ...n__org_hdrhistogram_HdrHistogram_2_1_9.xml |   13 +
 ...idator_hibernate_validator_6_2_5_Final.xml |   13 +
 ...boss_logging_jboss_logging_3_4_3_Final.xml |   13 +
 .../Maven__org_jetbrains_annotations_13_0.xml |   13 +
 ..._jetbrains_kotlin_kotlin_stdlib_1_6_21.xml |   13 +
 ...ins_kotlin_kotlin_stdlib_common_1_6_21.xml |   13 +
 ...rains_kotlin_kotlin_stdlib_jdk7_1_6_21.xml |   13 +
 ...rains_kotlin_kotlin_stdlib_jdk8_1_6_21.xml |   13 +
 .../Maven__org_json_json_20231013.xml         |   13 +
 ..._org_junit_jupiter_junit_jupiter_5_8_2.xml |   13 +
 ..._org_junit_jupiter_junit_jupiter_5_9_2.xml |   13 +
 ..._junit_jupiter_junit_jupiter_api_5_8_2.xml |   13 +
 ...nit_jupiter_junit_jupiter_engine_5_8_2.xml |   13 +
 ...nit_jupiter_junit_jupiter_params_5_8_2.xml |   13 +
 ..._platform_junit_platform_commons_1_8_2.xml |   13 +
 ...t_platform_junit_platform_engine_1_8_2.xml |   13 +
 .../Maven__org_lz4_lz4_java_1_8_0.xml         |   13 +
 .../Maven__org_mockito_mockito_core_4_5_1.xml |   13 +
 ...rg_mockito_mockito_junit_jupiter_4_5_1.xml |   13 +
 .../Maven__org_mybatis_mybatis_3_5_10.xml     |   13 +
 ...aven__org_mybatis_mybatis_spring_2_1_1.xml |   13 +
 ...ybatis_spring_boot_autoconfigure_2_3_1.xml |   13 +
 ...boot_mybatis_spring_boot_starter_2_3_1.xml |   13 +
 .../Maven__org_objenesis_objenesis_3_2.xml    |   13 +
 ...Maven__org_opentest4j_opentest4j_1_2_0.xml |   13 +
 .../libraries/Maven__org_ow2_asm_asm_9_1.xml  |   13 +
 ...aven__org_postgresql_postgresql_42_5_4.xml |   13 +
 ...aven__org_projectlombok_lombok_1_18_24.xml |   13 +
 ...ven__org_quartz_scheduler_quartz_2_3_2.xml |   13 +
 ...reactivestreams_reactive_streams_1_0_4.xml |   13 +
 ...aven__org_skyscreamer_jsonassert_1_5_1.xml |   13 +
 .../Maven__org_slf4j_jul_to_slf4j_1_7_36.xml  |   13 +
 .../Maven__org_slf4j_slf4j_api_1_7_36.xml     |   13 +
 .../Maven__org_slf4j_slf4j_simple_2_0_7.xml   |   13 +
 ...springframework_boot_spring_boot_2_7_4.xml |   13 +
 ...k_boot_spring_boot_autoconfigure_2_7_4.xml |   13 +
 ...amework_boot_spring_boot_starter_2_7_4.xml |   13 +
 ...k_boot_spring_boot_starter_cache_2_7_4.xml |   13 +
 ..._boot_starter_data_elasticsearch_2_7_4.xml |   13 +
 ...t_spring_boot_starter_data_redis_2_7_4.xml |   13 +
 ...rk_boot_spring_boot_starter_jdbc_2_7_4.xml |   13 +
 ...rk_boot_spring_boot_starter_json_2_7_4.xml |   13 +
 ...boot_spring_boot_starter_logging_2_7_4.xml |   13 +
 ..._boot_spring_boot_starter_quartz_2_7_4.xml |   13 +
 ...rk_boot_spring_boot_starter_test_2_7_4.xml |   13 +
 ..._boot_spring_boot_starter_tomcat_2_7_4.xml |   13 +
 ...t_spring_boot_starter_validation_2_7_4.xml |   13 +
 ...ork_boot_spring_boot_starter_web_2_7_4.xml |   13 +
 ...gframework_boot_spring_boot_test_2_7_4.xml |   13 +
 ...t_spring_boot_test_autoconfigure_2_7_4.xml |   13 +
 ...amework_data_spring_data_commons_2_7_3.xml |   13 +
 ...k_data_spring_data_elasticsearch_4_4_3.xml |   13 +
 ...mework_data_spring_data_keyvalue_2_7_3.xml |   13 +
 ...framework_data_spring_data_redis_2_7_3.xml |   13 +
 ...ringframework_kafka_spring_kafka_2_8_9.xml |   13 +
 ...ringframework_retry_spring_retry_1_3_3.xml |   13 +
 ..._org_springframework_spring_aop_5_3_23.xml |   13 +
 ...rg_springframework_spring_beans_5_3_23.xml |   13 +
 ..._springframework_spring_context_5_3_23.xml |   13 +
 ...ramework_spring_context_support_5_3_23.xml |   13 +
 ...org_springframework_spring_core_5_3_23.xml |   13 +
 ...ringframework_spring_expression_5_3_23.xml |   13 +
 ..._org_springframework_spring_jcl_5_3_23.xml |   13 +
 ...org_springframework_spring_jdbc_5_3_23.xml |   13 +
 ...pringframework_spring_messaging_5_3_23.xml |   13 +
 ..._org_springframework_spring_oxm_5_3_23.xml |   13 +
 ...org_springframework_spring_test_5_3_23.xml |   13 +
 ...__org_springframework_spring_tx_5_3_23.xml |   13 +
 ..._org_springframework_spring_web_5_3_23.xml |   13 +
 ...g_springframework_spring_webmvc_5_3_23.xml |   13 +
 ..._org_xerial_snappy_snappy_java_1_1_8_4.xml |   13 +
 .../Maven__org_xmlunit_xmlunit_core_2_9_0.xml |   13 +
 .../Maven__org_yaml_snakeyaml_1_30.xml        |   13 +
 haobang-security-xdr/.idea/misc.xml           |   13 +
 haobang-security-xdr/.idea/modules.xml        |   11 +
 haobang-security-xdr/.idea/uiDesigner.xml     |  124 ++
 haobang-security-xdr/.idea/workspace.xml      | 1496 ++++++++++++++
 haobang-security-xdr/haobang-security-xdr.iml |   63 +
 haobang-security-xdr/hb-security-xdr.iml      |   63 +
 .../logs/syslog-client.2025-12-01.log         |    8 +
 haobang-security-xdr/logs/syslog-client.log   |    4 +
 haobang-security-xdr/logs/syslog-consumer.log | 1756 +++++++++++++++++
 .../logs/syslog-serve.2026-01-09.log          |  132 ++
 haobang-security-xdr/logs/syslog-serve.log    |   31 +
 haobang-security-xdr/pom.xml                  |  106 +
 haobang-security-xdr/syslog-client/.gitignore |   33 +
 .../logs/syslog-client.2025-12-17.log         |    9 +
 .../logs/syslog-client.2025-12-22.log         |    9 +
 .../syslog-client/logs/syslog-client.log      |    9 +
 haobang-security-xdr/syslog-client/mvnw       |  316 +++
 haobang-security-xdr/syslog-client/mvnw.cmd   |  188 ++
 haobang-security-xdr/syslog-client/pom.xml    |   61 +
 .../java/com/haobang/syslog/ClientClass.java  |   77 +
 .../com/haobang/syslog/MySyslogClient.java    |   38 +
 .../syslog/syslogClientApplication.java       |   26 +
 .../src/main/resources/application.properties |    1 +
 .../src/main/resources/logback.xml            |   42 +
 .../SysjavacollectApplicationTests.java       |   13 +
 .../syslog-consumer/Dockerfile                |   16 +
 .../syslog-consumer/doc/程序描述.md           |   14 +
 .../syslog-consumer/docker_run.txt            |   25 +
 haobang-security-xdr/syslog-consumer/pom.xml  |  210 ++
 .../java/com/Modules/Device/deviceInfo.java   |    4 +
 .../NormalData/LogNormalProcessor.java        |  568 ++++++
 .../Modules/NormalData/SysLogProcessor.java   |  404 ++++
 .../com/Modules/NormalData/logNormalData.java |  163 ++
 .../com/Modules/etl/TimeWindowCalculator.java |   77 +
 .../etl/handler/ArrayByteTypeHandler.java     |   47 +
 .../etl/handler/ArrayIntegerTypeHandler.java  |   43 +
 .../etl/handler/ArrayStringTypeHandler.java   |   43 +
 .../Modules/etl/handler/ETLRetryHandler.java  |   36 +
 .../etl/handler/TimestamptzTypeHandler.java   |   67 +
 .../main/java/com/common/entity/Alarm.java    |   78 +
 .../java/com/common/entity/AlarmVisit.java    |   78 +
 .../java/com/common/entity/ApiResponse.java   |   75 +
 .../main/java/com/common/entity/AppLog.java   |   74 +
 .../java/com/common/entity/AppLogEntity.java  |   40 +
 .../com/common/entity/DeviceCollectTask.java  |   98 +
 .../common/entity/DeviceCollectTaskTime.java  |   11 +
 .../com/common/entity/DeviceReceiveLog.java   |   65 +
 .../com/common/entity/DeviceStatsDTO.java     |   14 +
 .../main/java/com/common/entity/DmColumn.java |  131 ++
 .../com/common/entity/DmNormalizeRule.java    |  131 ++
 .../com/common/entity/GroupedSyslogData.java  |   35 +
 .../com/common/entity/RFC3164Message.java     |   16 +
 .../com/common/entity/RFC5424Message.java     |   29 +
 .../common/entity/RuleContent/ActionType.java |   46 +
 .../entity/RuleContent/CompleteColumn.java    |   26 +
 .../RuleContent/Complete_paramsType.java      |   37 +
 .../RuleContent/Cropper_paramsType.java       |   46 +
 .../entity/RuleContent/FilterParam.java       |   22 +
 .../entity/RuleContent/FiltersType.java       |    9 +
 .../entity/RuleContent/MappersType.java       |   91 +
 .../com/common/entity/RuleContent/Root.java   |  140 ++
 .../entity/RuleContent/RuleContent.java       |  139 ++
 .../entity/RuleContent/kv_paramsType.java     |   11 +
 .../common/entity/SecExceptionAlgorithm.java  |   27 +
 .../java/com/common/entity/SyslogMessage.java |   47 +
 .../common/entity/SyslogNonNormalMessage.java |  162 ++
 .../com/common/entity/SyslogNormalAlarm.java  |  383 ++++
 .../com/common/entity/SyslogNormalData.java   |  381 ++++
 .../java/com/common/entity/SyslogRequest.java |   90 +
 .../java/com/common/entity/XdrHoneypot.java   |  260 +++
 .../java/com/common/mapper/AlarmMapper.java   |   80 +
 .../com/common/mapper/AlarmVisitMapper.java   |   84 +
 .../java/com/common/mapper/AppLogMapper.java  |   41 +
 .../mapper/DeviceCollectTaskMapper.java       |  192 ++
 .../common/mapper/DeviceReceiveLogMapper.java |  124 ++
 .../com/common/mapper/DmColumnMapper.java     |   70 +
 .../common/mapper/DmNormalizeRuleMapper.java  |   46 +
 .../mapper/SecExceptionAlgorithmMapper.java   |   18 +
 .../mapper/SyslogNonNormalMessageMapper.java  |   88 +
 .../mapper/SyslogNormalAlarmMapper.java       |   84 +
 .../common/mapper/SyslogNormalDataMapper.java |  101 +
 .../com/common/mapper/XdrHoneypotMapper.java  |  108 +
 .../com/common/schedule/ETLOrchestrator.java  |  115 ++
 .../schedule/PartitionTableSchedule.java      |  122 ++
 .../com/common/schedule/ScheduledTask.java    |   58 +
 .../common/service/AccessLogAlertService.java |  397 ++++
 .../com/common/service/AppLogRepository.java  |   27 +
 .../com/common/service/ApplogService.java     |   68 +
 .../com/common/service/DataExtractor.java     |  210 ++
 .../java/com/common/service/DataLoader.java   |  120 ++
 .../com/common/service/DataTransformer.java   |  299 +++
 .../service/DeviceCollectTaskService.java     |  136 ++
 .../DeviceCollectTaskUpdateService.java       |  251 +++
 .../service/DeviceReceiveLogService.java      |   35 +
 .../service/DeviceStatsUpdateService.java     |  189 ++
 .../com/common/service/DmColumnService.java   |   29 +
 .../service/DmNormalizeRuleService.java       |  101 +
 .../common/service/ElasticsearchService.java  |  165 ++
 .../com/common/service/EsToDbSyncService.java |  132 ++
 .../common/service/InfluxSyslogService.java   |  212 ++
 .../service/LogDataCompleteService.java       |  258 +++
 .../common/service/LogDataFilterService.java  |  204 ++
 .../common/service/PartitionTableService.java |  227 +++
 .../SyslogNonNormalMessageService.java        |   82 +
 .../service/SyslogNormalDataService.java      |  132 ++
 .../com/common/service/SyslogService.java     |  183 ++
 .../impl/DeviceReceiveLogServiceImpl.java     |  161 ++
 .../service/impl/DmColumnServiceImpl.java     |   94 +
 .../SyslogNonNormalMessageServiceImpl.java    |  219 ++
 .../common/util/AlgorithmResultParser.java    |  323 +++
 .../main/java/com/common/util/JsonParser.java |  351 ++++
 .../java/com/common/util/KeyValueParser.java  |  135 ++
 .../java/com/common/util/KvTextParser.java    |  145 ++
 .../java/com/common/util/MyBatisUtil.java     |   89 +
 .../com/common/util/NestedJsonParserUtil.java |  510 +++++
 .../java/com/common/util/NestedJsonUtils.java |  169 ++
 .../java/com/common/util/RegexTextParser.java |  204 ++
 .../com/common/util/SpringContextUtil.java    |   34 +
 .../com/common/util/StringExtractorUtil.java  |  285 +++
 .../java/com/common/util/SyslogParser.java    |  355 ++++
 .../java/com/common/util/TextParserUtil.java  |  115 ++
 .../src/main/java/com/config/AppConfig.java   |  105 +
 .../src/main/java/com/config/CacheConfig.java |  120 ++
 .../src/main/java/com/config/RedisConfig.java |   59 +
 .../java/com/config/RestTemplateConfig.java   |   74 +
 .../main/java/com/config/ScheduleConfig.java  |   11 +
 .../java/com/config/ThreadPoolConfig.java     |   47 +
 .../src/main/java/com/config/WebConfig.java   |   56 +
 .../com/controllers/AppLogController.java     |   33 +
 .../java/com/controllers/CacheController.java |  219 ++
 .../com/controllers/DmColumnController.java   |   77 +
 .../java/com/controllers/ETLController.java   |   57 +
 .../controllers/GlobalExceptionHandler.java   |   49 +
 .../controllers/PartitionTableController.java |  114 ++
 .../com/controllers/SyslogController.java     |  390 ++++
 .../SyslogNonNormalMessageController.java     |  148 ++
 .../com/controllers/SyslogPushController.java |  122 ++
 .../main/java/com/influx/InfluxDBClient.java  |  233 +++
 .../main/java/com/influx/InfluxDBConfig.java  |   18 +
 .../java/com/influx/SyslogToInfluxApp.java    |   68 +
 .../java/com/influx/dto/SyslogQueryDto.java   |   24 +
 .../main/java/com/kafka/kafkalogconsumer.java |  158 ++
 .../java/com/kafka/kafkalogconsumerThead.java |  156 ++
 .../src/main/java/com/syslogApplication.java  |  142 ++
 .../main/resources/application-dev.properties |  125 ++
 .../resources/application-prod-zc.properties  |  124 ++
 .../resources/application-prod.properties     |  126 ++
 .../resources/application-test.properties     |   85 +
 .../src/main/resources/application.properties |  125 ++
 .../src/main/resources/logback.xml            |   39 +
 .../main/resources/mapper/AppLogMapper.xml    |   22 +
 .../mapper/DeviceCollectTaskMapper.xml        |   67 +
 .../mapper/DeviceReceiveLogMapper.xml         |  164 ++
 .../main/resources/mapper/DmColumnMapper.xml  |   95 +
 .../mapper/DmNormalizeRuleMapper.xml          |  160 ++
 .../mapper/SecExceptionAlgorithmMapper.xml    |   67 +
 .../mapper/SyslogNonNormalMessageMapper.xml   |  146 ++
 .../mapper/SyslogNormalAlarmMapper.xml        |  789 ++++++++
 .../mapper/SyslogNormalDataMapper.xml         |  925 +++++++++
 .../resources/mapper/XdrHoneypotMapper.xml    |   48 +
 .../src/main/resources/mybatis-config-dev.xml |   52 +
 .../src/main/resources/mybatis-config.xml     |   57 +
 .../src/test/java/SyslogParserDemo.java       |   78 +
 .../src/test/java/syslogMainTest.java         |    2 +
 .../syslog-consumer/syslogconsumer.iml        |  217 ++
 haobang-security-xdr/syslog-serve/.gitignore  |   33 +
 haobang-security-xdr/syslog-serve/Dockerfile  |   18 +
 .../syslog-serve/docker_run.txt               |   46 +
 .../syslog-serve/logs/syslog-consumer.log     |    7 +
 .../logs/syslog-serve-console.log             |    4 +
 .../syslog-serve/logs/syslog-serve.log        |   13 +
 haobang-security-xdr/syslog-serve/mvnw        |  316 +++
 haobang-security-xdr/syslog-serve/mvnw.cmd    |  188 ++
 haobang-security-xdr/syslog-serve/pom.xml     |  200 ++
 .../com/Modules/Device/DeviceProcess.java     |  162 ++
 .../DeviceCollect/DeviceCollectProcess.java   |    4 +
 .../src/main/java/com/SyslogServeMainApp.java |   39 +
 .../common/controller/CacheController.java    |   22 +
 .../DeviceCollectTaskController.java          |  136 ++
 .../controller/DeviceDeviceController.java    |   49 +
 .../controller/DeviceUnknownController.java   |  135 ++
 .../com/common/entity/DeviceCollectTask.java  |   99 +
 .../java/com/common/entity/DeviceDevice.java  |  376 ++++
 .../com/common/entity/DeviceReceiveLog.java   |   68 +
 .../java/com/common/entity/DeviceUnknown.java |   70 +
 .../mapper/DeviceCollectTaskMapper.java       |  143 ++
 .../com/common/mapper/DeviceDeviceMapper.java |   93 +
 .../common/mapper/DeviceReceiveLogMapper.java |   78 +
 .../common/mapper/DeviceUnknownMapper.java    |  110 ++
 .../service/DeviceCollectTaskService.java     |  136 ++
 .../common/service/DeviceDeviceService.java   |   31 +
 .../service/DeviceReceiveLogService.java      |   35 +
 .../common/service/DeviceUnknownService.java  |  108 +
 .../service/impl/DeviceDeviceServiceImpl.java |  103 +
 .../impl/DeviceReceiveLogServiceImpl.java     |  159 ++
 .../impl/DeviceUnknownServiceImpl.java        |  286 +++
 .../src/main/java/com/config/CacheConfig.java |  106 +
 .../src/main/java/com/config/RedisConfig.java |   58 +
 .../java/com/haobang/config/AppConfig.java    |  132 ++
 .../java/com/haobang/config/SyslogConfig.java |   63 +
 .../com/haobang/syslog/MySyslogClient.java    |   40 +
 .../com/haobang/syslog/MySyslogServer.java    |   58 +
 .../com/haobang/syslog/TestSyslogServer.java  |   47 +
 .../java/com/haobang/util/DeviceInfoUtil.java |  118 ++
 .../java/com/haobang/util/SafeCacheUtil.java  |  108 +
 .../com/haobang/util/SpringContextUtil.java   |   34 +
 .../main/java/com/haobang/util/TimeUtils.java |   45 +
 .../main/java/com/kafka/kafkaConsumer.java    |   62 +
 .../main/java/com/kafka/kafkaProducer.java    |  170 ++
 .../main/java/com/netty/SyslogMessage.java    |   75 +
 .../java/com/netty/SyslogMessageHandler.java  |  149 ++
 .../src/main/java/com/netty/SyslogServer.java |   84 +
 .../main/java/com/netty/SyslogServerBoth.java |  202 ++
 .../netty/SyslogTcpChannelInitializer.java    |   36 +
 .../netty/SyslogUdpChannelInitializer.java    |   25 +
 .../main/resources/application-dev.properties |   57 +
 .../resources/application-prod-zc.properties  |   56 +
 .../resources/application-prod.properties     |   55 +
 .../resources/application-test.properties     |   59 +
 .../src/main/resources/application.properties |   57 +
 .../src/main/resources/logback.xml            |   55 +
 .../mapper/DeviceCollectTaskMapper.xml        |   67 +
 .../resources/mapper/DeviceDeviceMapper.xml   |  238 +++
 .../mapper/DeviceReceiveLogMapper.xml         |  175 ++
 .../resources/mapper/DeviceUnknownMapper.xml  |  294 +++
 .../SysjavacollectApplicationTests.java       |   13 +
 .../syslog-serve/start-syslog-serve.sh        |   56 +
 .../syslog-serve/stop-syslog-serve.sh         |   48 +
 455 files changed, 32175 insertions(+)
 create mode 100644 haobang-security-xdr/.idea/compiler.xml
 create mode 100644 haobang-security-xdr/.idea/encodings.xml
 create mode 100644 haobang-security-xdr/.idea/libraries/Maven__ch_qos_logback_logback_classic_1_2_11.xml
 create mode 100644 haobang-security-xdr/.idea/libraries/Maven__ch_qos_logback_logback_core_1_2_11.xml
 create mode 100644 haobang-security-xdr/.idea/libraries/Maven__cn_hutool_hutool_all_5_8_16.xml
 create mode 100644 haobang-security-xdr/.idea/libraries/Maven__co_elastic_clients_elasticsearch_java_7_17_6.xml
 create mode 100644 haobang-security-xdr/.idea/libraries/Maven__com_alibaba_fastjson2_fastjson2_2_0_40.xml
 create mode 100644 haobang-security-xdr/.idea/libraries/Maven__com_alibaba_fastjson_1_2_83.xml
 create mode 100644 haobang-security-xdr/.idea/libraries/Maven__com_baomidou_mybatis_plus_3_5_3_1.xml
 create mode 100644 haobang-security-xdr/.idea/libraries/Maven__com_baomidou_mybatis_plus_annotation_3_5_3_1.xml
 create mode 100644 haobang-security-xdr/.idea/libraries/Maven__com_baomidou_mybatis_plus_boot_starter_3_5_3_1.xml
 create mode 100644 haobang-security-xdr/.idea/libraries/Maven__com_baomidou_mybatis_plus_core_3_5_3_1.xml
 create mode 100644 haobang-security-xdr/.idea/libraries/Maven__com_baomidou_mybatis_plus_extension_3_5_3_1.xml
 create mode 100644 haobang-security-xdr/.idea/libraries/Maven__com_carrotsearch_hppc_0_8_1.xml
 create mode 100644 haobang-security-xdr/.idea/libraries/Maven__com_fasterxml_classmate_1_5_1.xml
 create mode 100644 haobang-security-xdr/.idea/libraries/Maven__com_fasterxml_jackson_core_jackson_annotations_2_13_3.xml
 create mode 100644 haobang-security-xdr/.idea/libraries/Maven__com_fasterxml_jackson_core_jackson_annotations_2_13_4.xml
 create mode 100644 haobang-security-xdr/.idea/libraries/Maven__com_fasterxml_jackson_core_jackson_core_2_13_3.xml
 create mode 100644 haobang-security-xdr/.idea/libraries/Maven__com_fasterxml_jackson_core_jackson_core_2_13_4.xml
 create mode 100644 haobang-security-xdr/.idea/libraries/Maven__com_fasterxml_jackson_core_jackson_databind_2_13_3.xml
 create mode 100644 haobang-security-xdr/.idea/libraries/Maven__com_fasterxml_jackson_dataformat_jackson_dataformat_cbor_2_13_4.xml
 create mode 100644 haobang-security-xdr/.idea/libraries/Maven__com_fasterxml_jackson_dataformat_jackson_dataformat_smile_2_13_4.xml
 create mode 100644 haobang-security-xdr/.idea/libraries/Maven__com_fasterxml_jackson_dataformat_jackson_dataformat_yaml_2_13_4.xml
 create mode 100644 haobang-security-xdr/.idea/libraries/Maven__com_fasterxml_jackson_datatype_jackson_datatype_jdk8_2_13_4.xml
 create mode 100644 haobang-security-xdr/.idea/libraries/Maven__com_fasterxml_jackson_datatype_jackson_datatype_jsr310_2_13_4.xml
 create mode 100644 haobang-security-xdr/.idea/libraries/Maven__com_fasterxml_jackson_module_jackson_module_parameter_names_2_13_4.xml
 create mode 100644 haobang-security-xdr/.idea/libraries/Maven__com_github_jsqlparser_jsqlparser_4_5.xml
 create mode 100644 haobang-security-xdr/.idea/libraries/Maven__com_github_luben_zstd_jni_1_5_2_1.xml
 create mode 100644 haobang-security-xdr/.idea/libraries/Maven__com_github_pagehelper_pagehelper_5_3_2.xml
 create mode 100644 haobang-security-xdr/.idea/libraries/Maven__com_github_pagehelper_pagehelper_spring_boot_autoconfigure_1_4_6.xml
 create mode 100644 haobang-security-xdr/.idea/libraries/Maven__com_github_pagehelper_pagehelper_spring_boot_starter_1_4_6.xml
 create mode 100644 haobang-security-xdr/.idea/libraries/Maven__com_github_spullara_mustache_java_compiler_0_9_6.xml
 create mode 100644 haobang-security-xdr/.idea/libraries/Maven__com_google_code_findbugs_jsr305_3_0_2.xml
 create mode 100644 haobang-security-xdr/.idea/libraries/Maven__com_google_code_gson_gson_2_9_1.xml
 create mode 100644 haobang-security-xdr/.idea/libraries/Maven__com_influxdb_influxdb_client_core_6_9_0.xml
 create mode 100644 haobang-security-xdr/.idea/libraries/Maven__com_influxdb_influxdb_client_java_6_9_0.xml
 create mode 100644 haobang-security-xdr/.idea/libraries/Maven__com_influxdb_influxdb_client_utils_6_9_0.xml
 create mode 100644 haobang-security-xdr/.idea/libraries/Maven__com_jayway_jsonpath_json_path_2_7_0.xml
 create mode 100644 haobang-security-xdr/.idea/libraries/Maven__com_mchange_mchange_commons_java_0_2_15.xml
 create mode 100644 haobang-security-xdr/.idea/libraries/Maven__com_squareup_okhttp3_logging_interceptor_4_9_3.xml
 create mode 100644 haobang-security-xdr/.idea/libraries/Maven__com_squareup_okhttp3_okhttp_4_9_3.xml
 create mode 100644 haobang-security-xdr/.idea/libraries/Maven__com_squareup_okio_okio_3_3_0.xml
 create mode 100644 haobang-security-xdr/.idea/libraries/Maven__com_squareup_okio_okio_jvm_3_3_0.xml
 create mode 100644 haobang-security-xdr/.idea/libraries/Maven__com_squareup_retrofit2_adapter_rxjava3_2_9_0.xml
 create mode 100644 haobang-security-xdr/.idea/libraries/Maven__com_squareup_retrofit2_converter_gson_2_9_0.xml
 create mode 100644 haobang-security-xdr/.idea/libraries/Maven__com_squareup_retrofit2_converter_scalars_2_9_0.xml
 create mode 100644 haobang-security-xdr/.idea/libraries/Maven__com_squareup_retrofit2_retrofit_2_9_0.xml
 create mode 100644 haobang-security-xdr/.idea/libraries/Maven__com_tdunning_t_digest_3_2.xml
 create mode 100644 haobang-security-xdr/.idea/libraries/Maven__com_typesafe_config_1_4_2.xml
 create mode 100644 haobang-security-xdr/.idea/libraries/Maven__com_vaadin_external_google_android_json_0_0_20131108_vaadin1.xml
 create mode 100644 haobang-security-xdr/.idea/libraries/Maven__com_zaxxer_HikariCP_4_0_3.xml
 create mode 100644 haobang-security-xdr/.idea/libraries/Maven__commons_codec_commons_codec_1_15.xml
 create mode 100644 haobang-security-xdr/.idea/libraries/Maven__io_lettuce_lettuce_core_6_1_9_RELEASE.xml
 create mode 100644 haobang-security-xdr/.idea/libraries/Maven__io_netty_netty_all_4_1_92_Final.xml
 create mode 100644 haobang-security-xdr/.idea/libraries/Maven__io_netty_netty_buffer_4_1_82_Final.xml
 create mode 100644 haobang-security-xdr/.idea/libraries/Maven__io_netty_netty_buffer_4_1_92_Final.xml
 create mode 100644 haobang-security-xdr/.idea/libraries/Maven__io_netty_netty_codec_4_1_82_Final.xml
 create mode 100644 haobang-security-xdr/.idea/libraries/Maven__io_netty_netty_codec_4_1_92_Final.xml
 create mode 100644 haobang-security-xdr/.idea/libraries/Maven__io_netty_netty_codec_dns_4_1_92_Final.xml
 create mode 100644 haobang-security-xdr/.idea/libraries/Maven__io_netty_netty_codec_haproxy_4_1_92_Final.xml
 create mode 100644 haobang-security-xdr/.idea/libraries/Maven__io_netty_netty_codec_http2_4_1_92_Final.xml
 create mode 100644 haobang-security-xdr/.idea/libraries/Maven__io_netty_netty_codec_http_4_1_92_Final.xml
 create mode 100644 haobang-security-xdr/.idea/libraries/Maven__io_netty_netty_codec_memcache_4_1_92_Final.xml
 create mode 100644 haobang-security-xdr/.idea/libraries/Maven__io_netty_netty_codec_mqtt_4_1_92_Final.xml
 create mode 100644 haobang-security-xdr/.idea/libraries/Maven__io_netty_netty_codec_redis_4_1_92_Final.xml
 create mode 100644 haobang-security-xdr/.idea/libraries/Maven__io_netty_netty_codec_smtp_4_1_92_Final.xml
 create mode 100644 haobang-security-xdr/.idea/libraries/Maven__io_netty_netty_codec_socks_4_1_92_Final.xml
 create mode 100644 haobang-security-xdr/.idea/libraries/Maven__io_netty_netty_codec_stomp_4_1_92_Final.xml
 create mode 100644 haobang-security-xdr/.idea/libraries/Maven__io_netty_netty_codec_xml_4_1_92_Final.xml
 create mode 100644 haobang-security-xdr/.idea/libraries/Maven__io_netty_netty_common_4_1_82_Final.xml
 create mode 100644 haobang-security-xdr/.idea/libraries/Maven__io_netty_netty_common_4_1_92_Final.xml
 create mode 100644 haobang-security-xdr/.idea/libraries/Maven__io_netty_netty_handler_4_1_82_Final.xml
 create mode 100644 haobang-security-xdr/.idea/libraries/Maven__io_netty_netty_handler_4_1_92_Final.xml
 create mode 100644 haobang-security-xdr/.idea/libraries/Maven__io_netty_netty_handler_proxy_4_1_92_Final.xml
 create mode 100644 haobang-security-xdr/.idea/libraries/Maven__io_netty_netty_handler_ssl_ocsp_4_1_92_Final.xml
 create mode 100644 haobang-security-xdr/.idea/libraries/Maven__io_netty_netty_resolver_4_1_82_Final.xml
 create mode 100644 haobang-security-xdr/.idea/libraries/Maven__io_netty_netty_resolver_4_1_92_Final.xml
 create mode 100644 haobang-security-xdr/.idea/libraries/Maven__io_netty_netty_resolver_dns_4_1_92_Final.xml
 create mode 100644 haobang-security-xdr/.idea/libraries/Maven__io_netty_netty_resolver_dns_classes_macos_4_1_92_Final.xml
 create mode 100644 haobang-security-xdr/.idea/libraries/Maven__io_netty_netty_resolver_dns_native_macos_osx_aarch_64_4_1_92_Final.xml
 create mode 100644 haobang-security-xdr/.idea/libraries/Maven__io_netty_netty_resolver_dns_native_macos_osx_x86_64_4_1_92_Final.xml
 create mode 100644 haobang-security-xdr/.idea/libraries/Maven__io_netty_netty_transport_4_1_82_Final.xml
 create mode 100644 haobang-security-xdr/.idea/libraries/Maven__io_netty_netty_transport_4_1_92_Final.xml
 create mode 100644 haobang-security-xdr/.idea/libraries/Maven__io_netty_netty_transport_classes_epoll_4_1_92_Final.xml
 create mode 100644 haobang-security-xdr/.idea/libraries/Maven__io_netty_netty_transport_classes_kqueue_4_1_92_Final.xml
 create mode 100644 haobang-security-xdr/.idea/libraries/Maven__io_netty_netty_transport_native_epoll_linux_aarch_64_4_1_92_Final.xml
 create mode 100644 haobang-security-xdr/.idea/libraries/Maven__io_netty_netty_transport_native_epoll_linux_x86_64_4_1_92_Final.xml
 create mode 100644 haobang-security-xdr/.idea/libraries/Maven__io_netty_netty_transport_native_kqueue_osx_aarch_64_4_1_92_Final.xml
 create mode 100644 haobang-security-xdr/.idea/libraries/Maven__io_netty_netty_transport_native_kqueue_osx_x86_64_4_1_92_Final.xml
 create mode 100644 haobang-security-xdr/.idea/libraries/Maven__io_netty_netty_transport_native_unix_common_4_1_82_Final.xml
 create mode 100644 haobang-security-xdr/.idea/libraries/Maven__io_netty_netty_transport_native_unix_common_4_1_92_Final.xml
 create mode 100644 haobang-security-xdr/.idea/libraries/Maven__io_netty_netty_transport_rxtx_4_1_92_Final.xml
 create mode 100644 haobang-security-xdr/.idea/libraries/Maven__io_netty_netty_transport_sctp_4_1_92_Final.xml
 create mode 100644 haobang-security-xdr/.idea/libraries/Maven__io_netty_netty_transport_udt_4_1_92_Final.xml
 create mode 100644 haobang-security-xdr/.idea/libraries/Maven__io_projectreactor_reactor_core_3_4_23.xml
 create mode 100644 haobang-security-xdr/.idea/libraries/Maven__io_reactivex_rxjava3_rxjava_3_1_6.xml
 create mode 100644 haobang-security-xdr/.idea/libraries/Maven__jakarta_activation_jakarta_activation_api_1_2_2.xml
 create mode 100644 haobang-security-xdr/.idea/libraries/Maven__jakarta_annotation_jakarta_annotation_api_1_3_5.xml
 create mode 100644 haobang-security-xdr/.idea/libraries/Maven__jakarta_json_jakarta_json_api_1_1_6.xml
 create mode 100644 haobang-security-xdr/.idea/libraries/Maven__jakarta_validation_jakarta_validation_api_2_0_2.xml
 create mode 100644 haobang-security-xdr/.idea/libraries/Maven__jakarta_xml_bind_jakarta_xml_bind_api_2_3_3.xml
 create mode 100644 haobang-security-xdr/.idea/libraries/Maven__joda_time_joda_time_2_9_9.xml
 create mode 100644 haobang-security-xdr/.idea/libraries/Maven__net_bytebuddy_byte_buddy_1_12_17.xml
 create mode 100644 haobang-security-xdr/.idea/libraries/Maven__net_bytebuddy_byte_buddy_agent_1_12_17.xml
 create mode 100644 haobang-security-xdr/.idea/libraries/Maven__net_java_dev_jna_jna_5_10_0.xml
 create mode 100644 haobang-security-xdr/.idea/libraries/Maven__net_minidev_accessors_smart_2_4_8.xml
 create mode 100644 haobang-security-xdr/.idea/libraries/Maven__net_minidev_json_smart_2_4_8.xml
 create mode 100644 haobang-security-xdr/.idea/libraries/Maven__net_sf_jopt_simple_jopt_simple_5_0_2.xml
 create mode 100644 haobang-security-xdr/.idea/libraries/Maven__org_apache_commons_commons_csv_1_10_0.xml
 create mode 100644 haobang-security-xdr/.idea/libraries/Maven__org_apache_commons_commons_lang3_3_12_0.xml
 create mode 100644 haobang-security-xdr/.idea/libraries/Maven__org_apache_httpcomponents_httpasyncclient_4_1_5.xml
 create mode 100644 haobang-security-xdr/.idea/libraries/Maven__org_apache_httpcomponents_httpclient_4_5_13.xml
 create mode 100644 haobang-security-xdr/.idea/libraries/Maven__org_apache_httpcomponents_httpcore_4_4_15.xml
 create mode 100644 haobang-security-xdr/.idea/libraries/Maven__org_apache_httpcomponents_httpcore_nio_4_4_15.xml
 create mode 100644 haobang-security-xdr/.idea/libraries/Maven__org_apache_kafka_kafka_clients_3_4_0.xml
 create mode 100644 haobang-security-xdr/.idea/libraries/Maven__org_apache_logging_log4j_log4j_api_2_17_2.xml
 create mode 100644 haobang-security-xdr/.idea/libraries/Maven__org_apache_logging_log4j_log4j_to_slf4j_2_17_2.xml
 create mode 100644 haobang-security-xdr/.idea/libraries/Maven__org_apache_lucene_lucene_analyzers_common_8_11_1.xml
 create mode 100644 haobang-security-xdr/.idea/libraries/Maven__org_apache_lucene_lucene_backward_codecs_8_11_1.xml
 create mode 100644 haobang-security-xdr/.idea/libraries/Maven__org_apache_lucene_lucene_core_8_11_1.xml
 create mode 100644 haobang-security-xdr/.idea/libraries/Maven__org_apache_lucene_lucene_grouping_8_11_1.xml
 create mode 100644 haobang-security-xdr/.idea/libraries/Maven__org_apache_lucene_lucene_highlighter_8_11_1.xml
 create mode 100644 haobang-security-xdr/.idea/libraries/Maven__org_apache_lucene_lucene_join_8_11_1.xml
 create mode 100644 haobang-security-xdr/.idea/libraries/Maven__org_apache_lucene_lucene_memory_8_11_1.xml
 create mode 100644 haobang-security-xdr/.idea/libraries/Maven__org_apache_lucene_lucene_misc_8_11_1.xml
 create mode 100644 haobang-security-xdr/.idea/libraries/Maven__org_apache_lucene_lucene_queries_8_11_1.xml
 create mode 100644 haobang-security-xdr/.idea/libraries/Maven__org_apache_lucene_lucene_queryparser_8_11_1.xml
 create mode 100644 haobang-security-xdr/.idea/libraries/Maven__org_apache_lucene_lucene_sandbox_8_11_1.xml
 create mode 100644 haobang-security-xdr/.idea/libraries/Maven__org_apache_lucene_lucene_spatial3d_8_11_1.xml
 create mode 100644 haobang-security-xdr/.idea/libraries/Maven__org_apache_lucene_lucene_suggest_8_11_1.xml
 create mode 100644 haobang-security-xdr/.idea/libraries/Maven__org_apache_tomcat_embed_tomcat_embed_core_9_0_65.xml
 create mode 100644 haobang-security-xdr/.idea/libraries/Maven__org_apache_tomcat_embed_tomcat_embed_el_9_0_65.xml
 create mode 100644 haobang-security-xdr/.idea/libraries/Maven__org_apache_tomcat_embed_tomcat_embed_websocket_9_0_65.xml
 create mode 100644 haobang-security-xdr/.idea/libraries/Maven__org_apiguardian_apiguardian_api_1_1_2.xml
 create mode 100644 haobang-security-xdr/.idea/libraries/Maven__org_assertj_assertj_core_3_22_0.xml
 create mode 100644 haobang-security-xdr/.idea/libraries/Maven__org_checkerframework_checker_qual_3_5_0.xml
 create mode 100644 haobang-security-xdr/.idea/libraries/Maven__org_eclipse_parsson_parsson_1_0_0.xml
 create mode 100644 haobang-security-xdr/.idea/libraries/Maven__org_elasticsearch_client_elasticsearch_rest_client_7_17_6.xml
 create mode 100644 haobang-security-xdr/.idea/libraries/Maven__org_elasticsearch_client_elasticsearch_rest_high_level_client_7_17_6.xml
 create mode 100644 haobang-security-xdr/.idea/libraries/Maven__org_elasticsearch_elasticsearch_7_17_6.xml
 create mode 100644 haobang-security-xdr/.idea/libraries/Maven__org_elasticsearch_elasticsearch_cli_7_17_6.xml
 create mode 100644 haobang-security-xdr/.idea/libraries/Maven__org_elasticsearch_elasticsearch_core_7_17_6.xml
 create mode 100644 haobang-security-xdr/.idea/libraries/Maven__org_elasticsearch_elasticsearch_geo_7_17_6.xml
 create mode 100644 haobang-security-xdr/.idea/libraries/Maven__org_elasticsearch_elasticsearch_lz4_7_17_6.xml
 create mode 100644 haobang-security-xdr/.idea/libraries/Maven__org_elasticsearch_elasticsearch_plugin_classloader_7_17_6.xml
 create mode 100644 haobang-security-xdr/.idea/libraries/Maven__org_elasticsearch_elasticsearch_secure_sm_7_17_6.xml
 create mode 100644 haobang-security-xdr/.idea/libraries/Maven__org_elasticsearch_elasticsearch_x_content_7_17_6.xml
 create mode 100644 haobang-security-xdr/.idea/libraries/Maven__org_elasticsearch_plugin_aggs_matrix_stats_client_7_17_6.xml
 create mode 100644 haobang-security-xdr/.idea/libraries/Maven__org_elasticsearch_plugin_lang_mustache_client_7_17_6.xml
 create mode 100644 haobang-security-xdr/.idea/libraries/Maven__org_elasticsearch_plugin_mapper_extras_client_7_17_6.xml
 create mode 100644 haobang-security-xdr/.idea/libraries/Maven__org_elasticsearch_plugin_parent_join_client_7_17_6.xml
 create mode 100644 haobang-security-xdr/.idea/libraries/Maven__org_elasticsearch_plugin_rank_eval_client_7_17_6.xml
 create mode 100644 haobang-security-xdr/.idea/libraries/Maven__org_graylog2_syslog4j_0_9_61.xml
 create mode 100644 haobang-security-xdr/.idea/libraries/Maven__org_hamcrest_hamcrest_2_2.xml
 create mode 100644 haobang-security-xdr/.idea/libraries/Maven__org_hdrhistogram_HdrHistogram_2_1_9.xml
 create mode 100644 haobang-security-xdr/.idea/libraries/Maven__org_hibernate_validator_hibernate_validator_6_2_5_Final.xml
 create mode 100644 haobang-security-xdr/.idea/libraries/Maven__org_jboss_logging_jboss_logging_3_4_3_Final.xml
 create mode 100644 haobang-security-xdr/.idea/libraries/Maven__org_jetbrains_annotations_13_0.xml
 create mode 100644 haobang-security-xdr/.idea/libraries/Maven__org_jetbrains_kotlin_kotlin_stdlib_1_6_21.xml
 create mode 100644 haobang-security-xdr/.idea/libraries/Maven__org_jetbrains_kotlin_kotlin_stdlib_common_1_6_21.xml
 create mode 100644 haobang-security-xdr/.idea/libraries/Maven__org_jetbrains_kotlin_kotlin_stdlib_jdk7_1_6_21.xml
 create mode 100644 haobang-security-xdr/.idea/libraries/Maven__org_jetbrains_kotlin_kotlin_stdlib_jdk8_1_6_21.xml
 create mode 100644 haobang-security-xdr/.idea/libraries/Maven__org_json_json_20231013.xml
 create mode 100644 haobang-security-xdr/.idea/libraries/Maven__org_junit_jupiter_junit_jupiter_5_8_2.xml
 create mode 100644 haobang-security-xdr/.idea/libraries/Maven__org_junit_jupiter_junit_jupiter_5_9_2.xml
 create mode 100644 haobang-security-xdr/.idea/libraries/Maven__org_junit_jupiter_junit_jupiter_api_5_8_2.xml
 create mode 100644 haobang-security-xdr/.idea/libraries/Maven__org_junit_jupiter_junit_jupiter_engine_5_8_2.xml
 create mode 100644 haobang-security-xdr/.idea/libraries/Maven__org_junit_jupiter_junit_jupiter_params_5_8_2.xml
 create mode 100644 haobang-security-xdr/.idea/libraries/Maven__org_junit_platform_junit_platform_commons_1_8_2.xml
 create mode 100644 haobang-security-xdr/.idea/libraries/Maven__org_junit_platform_junit_platform_engine_1_8_2.xml
 create mode 100644 haobang-security-xdr/.idea/libraries/Maven__org_lz4_lz4_java_1_8_0.xml
 create mode 100644 haobang-security-xdr/.idea/libraries/Maven__org_mockito_mockito_core_4_5_1.xml
 create mode 100644 haobang-security-xdr/.idea/libraries/Maven__org_mockito_mockito_junit_jupiter_4_5_1.xml
 create mode 100644 haobang-security-xdr/.idea/libraries/Maven__org_mybatis_mybatis_3_5_10.xml
 create mode 100644 haobang-security-xdr/.idea/libraries/Maven__org_mybatis_mybatis_spring_2_1_1.xml
 create mode 100644 haobang-security-xdr/.idea/libraries/Maven__org_mybatis_spring_boot_mybatis_spring_boot_autoconfigure_2_3_1.xml
 create mode 100644 haobang-security-xdr/.idea/libraries/Maven__org_mybatis_spring_boot_mybatis_spring_boot_starter_2_3_1.xml
 create mode 100644 haobang-security-xdr/.idea/libraries/Maven__org_objenesis_objenesis_3_2.xml
 create mode 100644 haobang-security-xdr/.idea/libraries/Maven__org_opentest4j_opentest4j_1_2_0.xml
 create mode 100644 haobang-security-xdr/.idea/libraries/Maven__org_ow2_asm_asm_9_1.xml
 create mode 100644 haobang-security-xdr/.idea/libraries/Maven__org_postgresql_postgresql_42_5_4.xml
 create mode 100644 haobang-security-xdr/.idea/libraries/Maven__org_projectlombok_lombok_1_18_24.xml
 create mode 100644 haobang-security-xdr/.idea/libraries/Maven__org_quartz_scheduler_quartz_2_3_2.xml
 create mode 100644 haobang-security-xdr/.idea/libraries/Maven__org_reactivestreams_reactive_streams_1_0_4.xml
 create mode 100644 haobang-security-xdr/.idea/libraries/Maven__org_skyscreamer_jsonassert_1_5_1.xml
 create mode 100644 haobang-security-xdr/.idea/libraries/Maven__org_slf4j_jul_to_slf4j_1_7_36.xml
 create mode 100644 haobang-security-xdr/.idea/libraries/Maven__org_slf4j_slf4j_api_1_7_36.xml
 create mode 100644 haobang-security-xdr/.idea/libraries/Maven__org_slf4j_slf4j_simple_2_0_7.xml
 create mode 100644 haobang-security-xdr/.idea/libraries/Maven__org_springframework_boot_spring_boot_2_7_4.xml
 create mode 100644 haobang-security-xdr/.idea/libraries/Maven__org_springframework_boot_spring_boot_autoconfigure_2_7_4.xml
 create mode 100644 haobang-security-xdr/.idea/libraries/Maven__org_springframework_boot_spring_boot_starter_2_7_4.xml
 create mode 100644 haobang-security-xdr/.idea/libraries/Maven__org_springframework_boot_spring_boot_starter_cache_2_7_4.xml
 create mode 100644 haobang-security-xdr/.idea/libraries/Maven__org_springframework_boot_spring_boot_starter_data_elasticsearch_2_7_4.xml
 create mode 100644 haobang-security-xdr/.idea/libraries/Maven__org_springframework_boot_spring_boot_starter_data_redis_2_7_4.xml
 create mode 100644 haobang-security-xdr/.idea/libraries/Maven__org_springframework_boot_spring_boot_starter_jdbc_2_7_4.xml
 create mode 100644 haobang-security-xdr/.idea/libraries/Maven__org_springframework_boot_spring_boot_starter_json_2_7_4.xml
 create mode 100644 haobang-security-xdr/.idea/libraries/Maven__org_springframework_boot_spring_boot_starter_logging_2_7_4.xml
 create mode 100644 haobang-security-xdr/.idea/libraries/Maven__org_springframework_boot_spring_boot_starter_quartz_2_7_4.xml
 create mode 100644 haobang-security-xdr/.idea/libraries/Maven__org_springframework_boot_spring_boot_starter_test_2_7_4.xml
 create mode 100644 haobang-security-xdr/.idea/libraries/Maven__org_springframework_boot_spring_boot_starter_tomcat_2_7_4.xml
 create mode 100644 haobang-security-xdr/.idea/libraries/Maven__org_springframework_boot_spring_boot_starter_validation_2_7_4.xml
 create mode 100644 haobang-security-xdr/.idea/libraries/Maven__org_springframework_boot_spring_boot_starter_web_2_7_4.xml
 create mode 100644 haobang-security-xdr/.idea/libraries/Maven__org_springframework_boot_spring_boot_test_2_7_4.xml
 create mode 100644 haobang-security-xdr/.idea/libraries/Maven__org_springframework_boot_spring_boot_test_autoconfigure_2_7_4.xml
 create mode 100644 haobang-security-xdr/.idea/libraries/Maven__org_springframework_data_spring_data_commons_2_7_3.xml
 create mode 100644 haobang-security-xdr/.idea/libraries/Maven__org_springframework_data_spring_data_elasticsearch_4_4_3.xml
 create mode 100644 haobang-security-xdr/.idea/libraries/Maven__org_springframework_data_spring_data_keyvalue_2_7_3.xml
 create mode 100644 haobang-security-xdr/.idea/libraries/Maven__org_springframework_data_spring_data_redis_2_7_3.xml
 create mode 100644 haobang-security-xdr/.idea/libraries/Maven__org_springframework_kafka_spring_kafka_2_8_9.xml
 create mode 100644 haobang-security-xdr/.idea/libraries/Maven__org_springframework_retry_spring_retry_1_3_3.xml
 create mode 100644 haobang-security-xdr/.idea/libraries/Maven__org_springframework_spring_aop_5_3_23.xml
 create mode 100644 haobang-security-xdr/.idea/libraries/Maven__org_springframework_spring_beans_5_3_23.xml
 create mode 100644 haobang-security-xdr/.idea/libraries/Maven__org_springframework_spring_context_5_3_23.xml
 create mode 100644 haobang-security-xdr/.idea/libraries/Maven__org_springframework_spring_context_support_5_3_23.xml
 create mode 100644 haobang-security-xdr/.idea/libraries/Maven__org_springframework_spring_core_5_3_23.xml
 create mode 100644 haobang-security-xdr/.idea/libraries/Maven__org_springframework_spring_expression_5_3_23.xml
 create mode 100644 haobang-security-xdr/.idea/libraries/Maven__org_springframework_spring_jcl_5_3_23.xml
 create mode 100644 haobang-security-xdr/.idea/libraries/Maven__org_springframework_spring_jdbc_5_3_23.xml
 create mode 100644 haobang-security-xdr/.idea/libraries/Maven__org_springframework_spring_messaging_5_3_23.xml
 create mode 100644 haobang-security-xdr/.idea/libraries/Maven__org_springframework_spring_oxm_5_3_23.xml
 create mode 100644 haobang-security-xdr/.idea/libraries/Maven__org_springframework_spring_test_5_3_23.xml
 create mode 100644 haobang-security-xdr/.idea/libraries/Maven__org_springframework_spring_tx_5_3_23.xml
 create mode 100644 haobang-security-xdr/.idea/libraries/Maven__org_springframework_spring_web_5_3_23.xml
 create mode 100644 haobang-security-xdr/.idea/libraries/Maven__org_springframework_spring_webmvc_5_3_23.xml
 create mode 100644 haobang-security-xdr/.idea/libraries/Maven__org_xerial_snappy_snappy_java_1_1_8_4.xml
 create mode 100644 haobang-security-xdr/.idea/libraries/Maven__org_xmlunit_xmlunit_core_2_9_0.xml
 create mode 100644 haobang-security-xdr/.idea/libraries/Maven__org_yaml_snakeyaml_1_30.xml
 create mode 100644 haobang-security-xdr/.idea/misc.xml
 create mode 100644 haobang-security-xdr/.idea/modules.xml
 create mode 100644 haobang-security-xdr/.idea/uiDesigner.xml
 create mode 100644 haobang-security-xdr/.idea/workspace.xml
 create mode 100644 haobang-security-xdr/haobang-security-xdr.iml
 create mode 100644 haobang-security-xdr/hb-security-xdr.iml
 create mode 100644 haobang-security-xdr/logs/syslog-client.2025-12-01.log
 create mode 100644 haobang-security-xdr/logs/syslog-client.log
 create mode 100644 haobang-security-xdr/logs/syslog-consumer.log
 create mode 100644 haobang-security-xdr/logs/syslog-serve.2026-01-09.log
 create mode 100644 haobang-security-xdr/logs/syslog-serve.log
 create mode 100644 haobang-security-xdr/pom.xml
 create mode 100644 haobang-security-xdr/syslog-client/.gitignore
 create mode 100644 haobang-security-xdr/syslog-client/logs/syslog-client.2025-12-17.log
 create mode 100644 haobang-security-xdr/syslog-client/logs/syslog-client.2025-12-22.log
 create mode 100644 haobang-security-xdr/syslog-client/logs/syslog-client.log
 create mode 100644 haobang-security-xdr/syslog-client/mvnw
 create mode 100644 haobang-security-xdr/syslog-client/mvnw.cmd
 create mode 100644 haobang-security-xdr/syslog-client/pom.xml
 create mode 100644 haobang-security-xdr/syslog-client/src/main/java/com/haobang/syslog/ClientClass.java
 create mode 100644 haobang-security-xdr/syslog-client/src/main/java/com/haobang/syslog/MySyslogClient.java
 create mode 100644 haobang-security-xdr/syslog-client/src/main/java/com/haobang/syslog/syslogClientApplication.java
 create mode 100644 haobang-security-xdr/syslog-client/src/main/resources/application.properties
 create mode 100644 haobang-security-xdr/syslog-client/src/main/resources/logback.xml
 create mode 100644 haobang-security-xdr/syslog-client/src/test/java/com/haobang/syslog/SysjavacollectApplicationTests.java
 create mode 100644 haobang-security-xdr/syslog-consumer/Dockerfile
 create mode 100644 haobang-security-xdr/syslog-consumer/doc/程序描述.md
 create mode 100644 haobang-security-xdr/syslog-consumer/docker_run.txt
 create mode 100644 haobang-security-xdr/syslog-consumer/pom.xml
 create mode 100644 haobang-security-xdr/syslog-consumer/src/main/java/com/Modules/Device/deviceInfo.java
 create mode 100644 haobang-security-xdr/syslog-consumer/src/main/java/com/Modules/NormalData/LogNormalProcessor.java
 create mode 100644 haobang-security-xdr/syslog-consumer/src/main/java/com/Modules/NormalData/SysLogProcessor.java
 create mode 100644 haobang-security-xdr/syslog-consumer/src/main/java/com/Modules/NormalData/logNormalData.java
 create mode 100644 haobang-security-xdr/syslog-consumer/src/main/java/com/Modules/etl/TimeWindowCalculator.java
 create mode 100644 haobang-security-xdr/syslog-consumer/src/main/java/com/Modules/etl/handler/ArrayByteTypeHandler.java
 create mode 100644 haobang-security-xdr/syslog-consumer/src/main/java/com/Modules/etl/handler/ArrayIntegerTypeHandler.java
 create mode 100644 haobang-security-xdr/syslog-consumer/src/main/java/com/Modules/etl/handler/ArrayStringTypeHandler.java
 create mode 100644 haobang-security-xdr/syslog-consumer/src/main/java/com/Modules/etl/handler/ETLRetryHandler.java
 create mode 100644 haobang-security-xdr/syslog-consumer/src/main/java/com/Modules/etl/handler/TimestamptzTypeHandler.java
 create mode 100644 haobang-security-xdr/syslog-consumer/src/main/java/com/common/entity/Alarm.java
 create mode 100644 haobang-security-xdr/syslog-consumer/src/main/java/com/common/entity/AlarmVisit.java
 create mode 100644 haobang-security-xdr/syslog-consumer/src/main/java/com/common/entity/ApiResponse.java
 create mode 100644 haobang-security-xdr/syslog-consumer/src/main/java/com/common/entity/AppLog.java
 create mode 100644 haobang-security-xdr/syslog-consumer/src/main/java/com/common/entity/AppLogEntity.java
 create mode 100644 haobang-security-xdr/syslog-consumer/src/main/java/com/common/entity/DeviceCollectTask.java
 create mode 100644 haobang-security-xdr/syslog-consumer/src/main/java/com/common/entity/DeviceCollectTaskTime.java
 create mode 100644 haobang-security-xdr/syslog-consumer/src/main/java/com/common/entity/DeviceReceiveLog.java
 create mode 100644 haobang-security-xdr/syslog-consumer/src/main/java/com/common/entity/DeviceStatsDTO.java
 create mode 100644 haobang-security-xdr/syslog-consumer/src/main/java/com/common/entity/DmColumn.java
 create mode 100644 haobang-security-xdr/syslog-consumer/src/main/java/com/common/entity/DmNormalizeRule.java
 create mode 100644 haobang-security-xdr/syslog-consumer/src/main/java/com/common/entity/GroupedSyslogData.java
 create mode 100644 haobang-security-xdr/syslog-consumer/src/main/java/com/common/entity/RFC3164Message.java
 create mode 100644 haobang-security-xdr/syslog-consumer/src/main/java/com/common/entity/RFC5424Message.java
 create mode 100644 haobang-security-xdr/syslog-consumer/src/main/java/com/common/entity/RuleContent/ActionType.java
 create mode 100644 haobang-security-xdr/syslog-consumer/src/main/java/com/common/entity/RuleContent/CompleteColumn.java
 create mode 100644 haobang-security-xdr/syslog-consumer/src/main/java/com/common/entity/RuleContent/Complete_paramsType.java
 create mode 100644 haobang-security-xdr/syslog-consumer/src/main/java/com/common/entity/RuleContent/Cropper_paramsType.java
 create mode 100644 haobang-security-xdr/syslog-consumer/src/main/java/com/common/entity/RuleContent/FilterParam.java
 create mode 100644 haobang-security-xdr/syslog-consumer/src/main/java/com/common/entity/RuleContent/FiltersType.java
 create mode 100644 haobang-security-xdr/syslog-consumer/src/main/java/com/common/entity/RuleContent/MappersType.java
 create mode 100644 haobang-security-xdr/syslog-consumer/src/main/java/com/common/entity/RuleContent/Root.java
 create mode 100644 haobang-security-xdr/syslog-consumer/src/main/java/com/common/entity/RuleContent/RuleContent.java
 create mode 100644 haobang-security-xdr/syslog-consumer/src/main/java/com/common/entity/RuleContent/kv_paramsType.java
 create mode 100644 haobang-security-xdr/syslog-consumer/src/main/java/com/common/entity/SecExceptionAlgorithm.java
 create mode 100644 haobang-security-xdr/syslog-consumer/src/main/java/com/common/entity/SyslogMessage.java
 create mode 100644 haobang-security-xdr/syslog-consumer/src/main/java/com/common/entity/SyslogNonNormalMessage.java
 create mode 100644 haobang-security-xdr/syslog-consumer/src/main/java/com/common/entity/SyslogNormalAlarm.java
 create mode 100644 haobang-security-xdr/syslog-consumer/src/main/java/com/common/entity/SyslogNormalData.java
 create mode 100644 haobang-security-xdr/syslog-consumer/src/main/java/com/common/entity/SyslogRequest.java
 create mode 100644 haobang-security-xdr/syslog-consumer/src/main/java/com/common/entity/XdrHoneypot.java
 create mode 100644 haobang-security-xdr/syslog-consumer/src/main/java/com/common/mapper/AlarmMapper.java
 create mode 100644 haobang-security-xdr/syslog-consumer/src/main/java/com/common/mapper/AlarmVisitMapper.java
 create mode 100644 haobang-security-xdr/syslog-consumer/src/main/java/com/common/mapper/AppLogMapper.java
 create mode 100644 haobang-security-xdr/syslog-consumer/src/main/java/com/common/mapper/DeviceCollectTaskMapper.java
 create mode 100644 haobang-security-xdr/syslog-consumer/src/main/java/com/common/mapper/DeviceReceiveLogMapper.java
 create mode 100644 haobang-security-xdr/syslog-consumer/src/main/java/com/common/mapper/DmColumnMapper.java
 create mode 100644 haobang-security-xdr/syslog-consumer/src/main/java/com/common/mapper/DmNormalizeRuleMapper.java
 create mode 100644 haobang-security-xdr/syslog-consumer/src/main/java/com/common/mapper/SecExceptionAlgorithmMapper.java
 create mode 100644 haobang-security-xdr/syslog-consumer/src/main/java/com/common/mapper/SyslogNonNormalMessageMapper.java
 create mode 100644 haobang-security-xdr/syslog-consumer/src/main/java/com/common/mapper/SyslogNormalAlarmMapper.java
 create mode 100644 haobang-security-xdr/syslog-consumer/src/main/java/com/common/mapper/SyslogNormalDataMapper.java
 create mode 100644 haobang-security-xdr/syslog-consumer/src/main/java/com/common/mapper/XdrHoneypotMapper.java
 create mode 100644 haobang-security-xdr/syslog-consumer/src/main/java/com/common/schedule/ETLOrchestrator.java
 create mode 100644 haobang-security-xdr/syslog-consumer/src/main/java/com/common/schedule/PartitionTableSchedule.java
 create mode 100644 haobang-security-xdr/syslog-consumer/src/main/java/com/common/schedule/ScheduledTask.java
 create mode 100644 haobang-security-xdr/syslog-consumer/src/main/java/com/common/service/AccessLogAlertService.java
 create mode 100644 haobang-security-xdr/syslog-consumer/src/main/java/com/common/service/AppLogRepository.java
 create mode 100644 haobang-security-xdr/syslog-consumer/src/main/java/com/common/service/ApplogService.java
 create mode 100644 haobang-security-xdr/syslog-consumer/src/main/java/com/common/service/DataExtractor.java
 create mode 100644 haobang-security-xdr/syslog-consumer/src/main/java/com/common/service/DataLoader.java
 create mode 100644 haobang-security-xdr/syslog-consumer/src/main/java/com/common/service/DataTransformer.java
 create mode 100644 haobang-security-xdr/syslog-consumer/src/main/java/com/common/service/DeviceCollectTaskService.java
 create mode 100644 haobang-security-xdr/syslog-consumer/src/main/java/com/common/service/DeviceCollectTaskUpdateService.java
 create mode 100644 haobang-security-xdr/syslog-consumer/src/main/java/com/common/service/DeviceReceiveLogService.java
 create mode 100644 haobang-security-xdr/syslog-consumer/src/main/java/com/common/service/DeviceStatsUpdateService.java
 create mode 100644 haobang-security-xdr/syslog-consumer/src/main/java/com/common/service/DmColumnService.java
 create mode 100644 haobang-security-xdr/syslog-consumer/src/main/java/com/common/service/DmNormalizeRuleService.java
 create mode 100644 haobang-security-xdr/syslog-consumer/src/main/java/com/common/service/ElasticsearchService.java
 create mode 100644 haobang-security-xdr/syslog-consumer/src/main/java/com/common/service/EsToDbSyncService.java
 create mode 100644 haobang-security-xdr/syslog-consumer/src/main/java/com/common/service/InfluxSyslogService.java
 create mode 100644 haobang-security-xdr/syslog-consumer/src/main/java/com/common/service/LogDataCompleteService.java
 create mode 100644 haobang-security-xdr/syslog-consumer/src/main/java/com/common/service/LogDataFilterService.java
 create mode 100644 haobang-security-xdr/syslog-consumer/src/main/java/com/common/service/PartitionTableService.java
 create mode 100644 haobang-security-xdr/syslog-consumer/src/main/java/com/common/service/SyslogNonNormalMessageService.java
 create mode 100644 haobang-security-xdr/syslog-consumer/src/main/java/com/common/service/SyslogNormalDataService.java
 create mode 100644 haobang-security-xdr/syslog-consumer/src/main/java/com/common/service/SyslogService.java
 create mode 100644 haobang-security-xdr/syslog-consumer/src/main/java/com/common/service/impl/DeviceReceiveLogServiceImpl.java
 create mode 100644 haobang-security-xdr/syslog-consumer/src/main/java/com/common/service/impl/DmColumnServiceImpl.java
 create mode 100644 haobang-security-xdr/syslog-consumer/src/main/java/com/common/service/impl/SyslogNonNormalMessageServiceImpl.java
 create mode 100644 haobang-security-xdr/syslog-consumer/src/main/java/com/common/util/AlgorithmResultParser.java
 create mode 100644 haobang-security-xdr/syslog-consumer/src/main/java/com/common/util/JsonParser.java
 create mode 100644 haobang-security-xdr/syslog-consumer/src/main/java/com/common/util/KeyValueParser.java
 create mode 100644 haobang-security-xdr/syslog-consumer/src/main/java/com/common/util/KvTextParser.java
 create mode 100644 haobang-security-xdr/syslog-consumer/src/main/java/com/common/util/MyBatisUtil.java
 create mode 100644 haobang-security-xdr/syslog-consumer/src/main/java/com/common/util/NestedJsonParserUtil.java
 create mode 100644 haobang-security-xdr/syslog-consumer/src/main/java/com/common/util/NestedJsonUtils.java
 create mode 100644 haobang-security-xdr/syslog-consumer/src/main/java/com/common/util/RegexTextParser.java
 create mode 100644 haobang-security-xdr/syslog-consumer/src/main/java/com/common/util/SpringContextUtil.java
 create mode 100644 haobang-security-xdr/syslog-consumer/src/main/java/com/common/util/StringExtractorUtil.java
 create mode 100644 haobang-security-xdr/syslog-consumer/src/main/java/com/common/util/SyslogParser.java
 create mode 100644 haobang-security-xdr/syslog-consumer/src/main/java/com/common/util/TextParserUtil.java
 create mode 100644 haobang-security-xdr/syslog-consumer/src/main/java/com/config/AppConfig.java
 create mode 100644 haobang-security-xdr/syslog-consumer/src/main/java/com/config/CacheConfig.java
 create mode 100644 haobang-security-xdr/syslog-consumer/src/main/java/com/config/RedisConfig.java
 create mode 100644 haobang-security-xdr/syslog-consumer/src/main/java/com/config/RestTemplateConfig.java
 create mode 100644 haobang-security-xdr/syslog-consumer/src/main/java/com/config/ScheduleConfig.java
 create mode 100644 haobang-security-xdr/syslog-consumer/src/main/java/com/config/ThreadPoolConfig.java
 create mode 100644 haobang-security-xdr/syslog-consumer/src/main/java/com/config/WebConfig.java
 create mode 100644 haobang-security-xdr/syslog-consumer/src/main/java/com/controllers/AppLogController.java
 create mode 100644 haobang-security-xdr/syslog-consumer/src/main/java/com/controllers/CacheController.java
 create mode 100644 haobang-security-xdr/syslog-consumer/src/main/java/com/controllers/DmColumnController.java
 create mode 100644 haobang-security-xdr/syslog-consumer/src/main/java/com/controllers/ETLController.java
 create mode 100644 haobang-security-xdr/syslog-consumer/src/main/java/com/controllers/GlobalExceptionHandler.java
 create mode 100644 haobang-security-xdr/syslog-consumer/src/main/java/com/controllers/PartitionTableController.java
 create mode 100644 haobang-security-xdr/syslog-consumer/src/main/java/com/controllers/SyslogController.java
 create mode 100644 haobang-security-xdr/syslog-consumer/src/main/java/com/controllers/SyslogNonNormalMessageController.java
 create mode 100644 haobang-security-xdr/syslog-consumer/src/main/java/com/controllers/SyslogPushController.java
 create mode 100644 haobang-security-xdr/syslog-consumer/src/main/java/com/influx/InfluxDBClient.java
 create mode 100644 haobang-security-xdr/syslog-consumer/src/main/java/com/influx/InfluxDBConfig.java
 create mode 100644 haobang-security-xdr/syslog-consumer/src/main/java/com/influx/SyslogToInfluxApp.java
 create mode 100644 haobang-security-xdr/syslog-consumer/src/main/java/com/influx/dto/SyslogQueryDto.java
 create mode 100644 haobang-security-xdr/syslog-consumer/src/main/java/com/kafka/kafkalogconsumer.java
 create mode 100644 haobang-security-xdr/syslog-consumer/src/main/java/com/kafka/kafkalogconsumerThead.java
 create mode 100644 haobang-security-xdr/syslog-consumer/src/main/java/com/syslogApplication.java
 create mode 100644 haobang-security-xdr/syslog-consumer/src/main/resources/application-dev.properties
 create mode 100644 haobang-security-xdr/syslog-consumer/src/main/resources/application-prod-zc.properties
 create mode 100644 haobang-security-xdr/syslog-consumer/src/main/resources/application-prod.properties
 create mode 100644 haobang-security-xdr/syslog-consumer/src/main/resources/application-test.properties
 create mode 100644 haobang-security-xdr/syslog-consumer/src/main/resources/application.properties
 create mode 100644 haobang-security-xdr/syslog-consumer/src/main/resources/logback.xml
 create mode 100644 haobang-security-xdr/syslog-consumer/src/main/resources/mapper/AppLogMapper.xml
 create mode 100644 haobang-security-xdr/syslog-consumer/src/main/resources/mapper/DeviceCollectTaskMapper.xml
 create mode 100644 haobang-security-xdr/syslog-consumer/src/main/resources/mapper/DeviceReceiveLogMapper.xml
 create mode 100644 haobang-security-xdr/syslog-consumer/src/main/resources/mapper/DmColumnMapper.xml
 create mode 100644 haobang-security-xdr/syslog-consumer/src/main/resources/mapper/DmNormalizeRuleMapper.xml
 create mode 100644 haobang-security-xdr/syslog-consumer/src/main/resources/mapper/SecExceptionAlgorithmMapper.xml
 create mode 100644 haobang-security-xdr/syslog-consumer/src/main/resources/mapper/SyslogNonNormalMessageMapper.xml
 create mode 100644 haobang-security-xdr/syslog-consumer/src/main/resources/mapper/SyslogNormalAlarmMapper.xml
 create mode 100644 haobang-security-xdr/syslog-consumer/src/main/resources/mapper/SyslogNormalDataMapper.xml
 create mode 100644 haobang-security-xdr/syslog-consumer/src/main/resources/mapper/XdrHoneypotMapper.xml
 create mode 100644 haobang-security-xdr/syslog-consumer/src/main/resources/mybatis-config-dev.xml
 create mode 100644 haobang-security-xdr/syslog-consumer/src/main/resources/mybatis-config.xml
 create mode 100644 haobang-security-xdr/syslog-consumer/src/test/java/SyslogParserDemo.java
 create mode 100644 haobang-security-xdr/syslog-consumer/src/test/java/syslogMainTest.java
 create mode 100644 haobang-security-xdr/syslog-consumer/syslogconsumer.iml
 create mode 100644 haobang-security-xdr/syslog-serve/.gitignore
 create mode 100644 haobang-security-xdr/syslog-serve/Dockerfile
 create mode 100644 haobang-security-xdr/syslog-serve/docker_run.txt
 create mode 100644 haobang-security-xdr/syslog-serve/logs/syslog-consumer.log
 create mode 100644 haobang-security-xdr/syslog-serve/logs/syslog-serve-console.log
 create mode 100644 haobang-security-xdr/syslog-serve/logs/syslog-serve.log
 create mode 100644 haobang-security-xdr/syslog-serve/mvnw
 create mode 100644 haobang-security-xdr/syslog-serve/mvnw.cmd
 create mode 100644 haobang-security-xdr/syslog-serve/pom.xml
 create mode 100644 haobang-security-xdr/syslog-serve/src/main/java/com/Modules/Device/DeviceProcess.java
 create mode 100644 haobang-security-xdr/syslog-serve/src/main/java/com/Modules/DeviceCollect/DeviceCollectProcess.java
 create mode 100644 haobang-security-xdr/syslog-serve/src/main/java/com/SyslogServeMainApp.java
 create mode 100644 haobang-security-xdr/syslog-serve/src/main/java/com/common/controller/CacheController.java
 create mode 100644 haobang-security-xdr/syslog-serve/src/main/java/com/common/controller/DeviceCollectTaskController.java
 create mode 100644 haobang-security-xdr/syslog-serve/src/main/java/com/common/controller/DeviceDeviceController.java
 create mode 100644 haobang-security-xdr/syslog-serve/src/main/java/com/common/controller/DeviceUnknownController.java
 create mode 100644 haobang-security-xdr/syslog-serve/src/main/java/com/common/entity/DeviceCollectTask.java
 create mode 100644 haobang-security-xdr/syslog-serve/src/main/java/com/common/entity/DeviceDevice.java
 create mode 100644 haobang-security-xdr/syslog-serve/src/main/java/com/common/entity/DeviceReceiveLog.java
 create mode 100644 haobang-security-xdr/syslog-serve/src/main/java/com/common/entity/DeviceUnknown.java
 create mode 100644 haobang-security-xdr/syslog-serve/src/main/java/com/common/mapper/DeviceCollectTaskMapper.java
 create mode 100644 haobang-security-xdr/syslog-serve/src/main/java/com/common/mapper/DeviceDeviceMapper.java
 create mode 100644 haobang-security-xdr/syslog-serve/src/main/java/com/common/mapper/DeviceReceiveLogMapper.java
 create mode 100644 haobang-security-xdr/syslog-serve/src/main/java/com/common/mapper/DeviceUnknownMapper.java
 create mode 100644 haobang-security-xdr/syslog-serve/src/main/java/com/common/service/DeviceCollectTaskService.java
 create mode 100644 haobang-security-xdr/syslog-serve/src/main/java/com/common/service/DeviceDeviceService.java
 create mode 100644 haobang-security-xdr/syslog-serve/src/main/java/com/common/service/DeviceReceiveLogService.java
 create mode 100644 haobang-security-xdr/syslog-serve/src/main/java/com/common/service/DeviceUnknownService.java
 create mode 100644 haobang-security-xdr/syslog-serve/src/main/java/com/common/service/impl/DeviceDeviceServiceImpl.java
 create mode 100644 haobang-security-xdr/syslog-serve/src/main/java/com/common/service/impl/DeviceReceiveLogServiceImpl.java
 create mode 100644 haobang-security-xdr/syslog-serve/src/main/java/com/common/service/impl/DeviceUnknownServiceImpl.java
 create mode 100644 haobang-security-xdr/syslog-serve/src/main/java/com/config/CacheConfig.java
 create mode 100644 haobang-security-xdr/syslog-serve/src/main/java/com/config/RedisConfig.java
 create mode 100644 haobang-security-xdr/syslog-serve/src/main/java/com/haobang/config/AppConfig.java
 create mode 100644 haobang-security-xdr/syslog-serve/src/main/java/com/haobang/config/SyslogConfig.java
 create mode 100644 haobang-security-xdr/syslog-serve/src/main/java/com/haobang/syslog/MySyslogClient.java
 create mode 100644 haobang-security-xdr/syslog-serve/src/main/java/com/haobang/syslog/MySyslogServer.java
 create mode 100644 haobang-security-xdr/syslog-serve/src/main/java/com/haobang/syslog/TestSyslogServer.java
 create mode 100644 haobang-security-xdr/syslog-serve/src/main/java/com/haobang/util/DeviceInfoUtil.java
 create mode 100644 haobang-security-xdr/syslog-serve/src/main/java/com/haobang/util/SafeCacheUtil.java
 create mode 100644 haobang-security-xdr/syslog-serve/src/main/java/com/haobang/util/SpringContextUtil.java
 create mode 100644 haobang-security-xdr/syslog-serve/src/main/java/com/haobang/util/TimeUtils.java
 create mode 100644 haobang-security-xdr/syslog-serve/src/main/java/com/kafka/kafkaConsumer.java
 create mode 100644 haobang-security-xdr/syslog-serve/src/main/java/com/kafka/kafkaProducer.java
 create mode 100644 haobang-security-xdr/syslog-serve/src/main/java/com/netty/SyslogMessage.java
 create mode 100644 haobang-security-xdr/syslog-serve/src/main/java/com/netty/SyslogMessageHandler.java
 create mode 100644 haobang-security-xdr/syslog-serve/src/main/java/com/netty/SyslogServer.java
 create mode 100644 haobang-security-xdr/syslog-serve/src/main/java/com/netty/SyslogServerBoth.java
 create mode 100644 haobang-security-xdr/syslog-serve/src/main/java/com/netty/SyslogTcpChannelInitializer.java
 create mode 100644 haobang-security-xdr/syslog-serve/src/main/java/com/netty/SyslogUdpChannelInitializer.java
 create mode 100644 haobang-security-xdr/syslog-serve/src/main/resources/application-dev.properties
 create mode 100644 haobang-security-xdr/syslog-serve/src/main/resources/application-prod-zc.properties
 create mode 100644 haobang-security-xdr/syslog-serve/src/main/resources/application-prod.properties
 create mode 100644 haobang-security-xdr/syslog-serve/src/main/resources/application-test.properties
 create mode 100644 haobang-security-xdr/syslog-serve/src/main/resources/application.properties
 create mode 100644 haobang-security-xdr/syslog-serve/src/main/resources/logback.xml
 create mode 100644 haobang-security-xdr/syslog-serve/src/main/resources/mapper/DeviceCollectTaskMapper.xml
 create mode 100644 haobang-security-xdr/syslog-serve/src/main/resources/mapper/DeviceDeviceMapper.xml
 create mode 100644 haobang-security-xdr/syslog-serve/src/main/resources/mapper/DeviceReceiveLogMapper.xml
 create mode 100644 haobang-security-xdr/syslog-serve/src/main/resources/mapper/DeviceUnknownMapper.xml
 create mode 100644 haobang-security-xdr/syslog-serve/src/test/java/com/haobang/syslog/SysjavacollectApplicationTests.java
 create mode 100644 haobang-security-xdr/syslog-serve/start-syslog-serve.sh
 create mode 100644 haobang-security-xdr/syslog-serve/stop-syslog-serve.sh

diff --git a/haobang-security-xdr/.idea/compiler.xml b/haobang-security-xdr/.idea/compiler.xml
new file mode 100644
index 0000000..12f79bc
--- /dev/null
+++ b/haobang-security-xdr/.idea/compiler.xml
@@ -0,0 +1,22 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<project version="4">
+  <component name="CompilerConfiguration">
+    <annotationProcessing>
+      <profile default="true" name="Default" enabled="true" />
+      <profile name="Maven default annotation processors profile" enabled="true">
+        <sourceOutputDir name="target/generated-sources/annotations" />
+        <sourceTestOutputDir name="target/generated-test-sources/test-annotations" />
+        <outputRelativeToContentRoot value="true" />
+        <module name="syslog-client" />
+        <module name="syslog-serve" />
+        <module name="syslogconsumer" />
+      </profile>
+    </annotationProcessing>
+    <bytecodeTargetLevel>
+      <module name="haobang-security-xdr" target="1.8" />
+      <module name="syslog-client" target="1.8" />
+      <module name="syslog-serve" target="1.8" />
+      <module name="syslogconsumer" target="1.8" />
+    </bytecodeTargetLevel>
+  </component>
+</project>
\ No newline at end of file
diff --git a/haobang-security-xdr/.idea/encodings.xml b/haobang-security-xdr/.idea/encodings.xml
new file mode 100644
index 0000000..1a6ca91
--- /dev/null
+++ b/haobang-security-xdr/.idea/encodings.xml
@@ -0,0 +1,11 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<project version="4">
+  <component name="Encoding">
+    <file url="file://$PROJECT_DIR$" charset="UTF-8" />
+    <file url="file://$PROJECT_DIR$/syslog-client" charset="UTF-8" />
+    <file url="file://$PROJECT_DIR$/syslog-consumer" charset="UTF-8" />
+    <file url="file://$PROJECT_DIR$/syslog-consumer/docker_run.txt" charset="GBK" />
+    <file url="file://$PROJECT_DIR$/syslog-serve" charset="UTF-8" />
+    <file url="file://$PROJECT_DIR$/syslog-serve/docker_run.txt" charset="GBK" />
+  </component>
+</project>
\ No newline at end of file
diff --git a/haobang-security-xdr/.idea/libraries/Maven__ch_qos_logback_logback_classic_1_2_11.xml b/haobang-security-xdr/.idea/libraries/Maven__ch_qos_logback_logback_classic_1_2_11.xml
new file mode 100644
index 0000000..103c121
--- /dev/null
+++ b/haobang-security-xdr/.idea/libraries/Maven__ch_qos_logback_logback_classic_1_2_11.xml
@@ -0,0 +1,13 @@
+<component name="libraryTable">
+  <library name="Maven: ch.qos.logback:logback-classic:1.2.11">
+    <CLASSES>
+      <root url="jar://$USER_HOME$/.m2/repository/ch/qos/logback/logback-classic/1.2.11/logback-classic-1.2.11.jar!/" />
+    </CLASSES>
+    <JAVADOC>
+      <root url="jar://$USER_HOME$/.m2/repository/ch/qos/logback/logback-classic/1.2.11/logback-classic-1.2.11-javadoc.jar!/" />
+    </JAVADOC>
+    <SOURCES>
+      <root url="jar://$USER_HOME$/.m2/repository/ch/qos/logback/logback-classic/1.2.11/logback-classic-1.2.11-sources.jar!/" />
+    </SOURCES>
+  </library>
+</component>
\ No newline at end of file
diff --git a/haobang-security-xdr/.idea/libraries/Maven__ch_qos_logback_logback_core_1_2_11.xml b/haobang-security-xdr/.idea/libraries/Maven__ch_qos_logback_logback_core_1_2_11.xml
new file mode 100644
index 0000000..1e0339a
--- /dev/null
+++ b/haobang-security-xdr/.idea/libraries/Maven__ch_qos_logback_logback_core_1_2_11.xml
@@ -0,0 +1,13 @@
+<component name="libraryTable">
+  <library name="Maven: ch.qos.logback:logback-core:1.2.11">
+    <CLASSES>
+      <root url="jar://$USER_HOME$/.m2/repository/ch/qos/logback/logback-core/1.2.11/logback-core-1.2.11.jar!/" />
+    </CLASSES>
+    <JAVADOC>
+      <root url="jar://$USER_HOME$/.m2/repository/ch/qos/logback/logback-core/1.2.11/logback-core-1.2.11-javadoc.jar!/" />
+    </JAVADOC>
+    <SOURCES>
+      <root url="jar://$USER_HOME$/.m2/repository/ch/qos/logback/logback-core/1.2.11/logback-core-1.2.11-sources.jar!/" />
+    </SOURCES>
+  </library>
+</component>
\ No newline at end of file
diff --git a/haobang-security-xdr/.idea/libraries/Maven__cn_hutool_hutool_all_5_8_16.xml b/haobang-security-xdr/.idea/libraries/Maven__cn_hutool_hutool_all_5_8_16.xml
new file mode 100644
index 0000000..c90a489
--- /dev/null
+++ b/haobang-security-xdr/.idea/libraries/Maven__cn_hutool_hutool_all_5_8_16.xml
@@ -0,0 +1,13 @@
+<component name="libraryTable">
+  <library name="Maven: cn.hutool:hutool-all:5.8.16">
+    <CLASSES>
+      <root url="jar://$USER_HOME$/.m2/repository/cn/hutool/hutool-all/5.8.16/hutool-all-5.8.16.jar!/" />
+    </CLASSES>
+    <JAVADOC>
+      <root url="jar://$USER_HOME$/.m2/repository/cn/hutool/hutool-all/5.8.16/hutool-all-5.8.16-javadoc.jar!/" />
+    </JAVADOC>
+    <SOURCES>
+      <root url="jar://$USER_HOME$/.m2/repository/cn/hutool/hutool-all/5.8.16/hutool-all-5.8.16-sources.jar!/" />
+    </SOURCES>
+  </library>
+</component>
\ No newline at end of file
diff --git a/haobang-security-xdr/.idea/libraries/Maven__co_elastic_clients_elasticsearch_java_7_17_6.xml b/haobang-security-xdr/.idea/libraries/Maven__co_elastic_clients_elasticsearch_java_7_17_6.xml
new file mode 100644
index 0000000..549855d
--- /dev/null
+++ b/haobang-security-xdr/.idea/libraries/Maven__co_elastic_clients_elasticsearch_java_7_17_6.xml
@@ -0,0 +1,13 @@
+<component name="libraryTable">
+  <library name="Maven: co.elastic.clients:elasticsearch-java:7.17.6">
+    <CLASSES>
+      <root url="jar://$USER_HOME$/.m2/repository/co/elastic/clients/elasticsearch-java/7.17.6/elasticsearch-java-7.17.6.jar!/" />
+    </CLASSES>
+    <JAVADOC>
+      <root url="jar://$USER_HOME$/.m2/repository/co/elastic/clients/elasticsearch-java/7.17.6/elasticsearch-java-7.17.6-javadoc.jar!/" />
+    </JAVADOC>
+    <SOURCES>
+      <root url="jar://$USER_HOME$/.m2/repository/co/elastic/clients/elasticsearch-java/7.17.6/elasticsearch-java-7.17.6-sources.jar!/" />
+    </SOURCES>
+  </library>
+</component>
\ No newline at end of file
diff --git a/haobang-security-xdr/.idea/libraries/Maven__com_alibaba_fastjson2_fastjson2_2_0_40.xml b/haobang-security-xdr/.idea/libraries/Maven__com_alibaba_fastjson2_fastjson2_2_0_40.xml
new file mode 100644
index 0000000..f89acc6
--- /dev/null
+++ b/haobang-security-xdr/.idea/libraries/Maven__com_alibaba_fastjson2_fastjson2_2_0_40.xml
@@ -0,0 +1,13 @@
+<component name="libraryTable">
+  <library name="Maven: com.alibaba.fastjson2:fastjson2:2.0.40">
+    <CLASSES>
+      <root url="jar://$USER_HOME$/.m2/repository/com/alibaba/fastjson2/fastjson2/2.0.40/fastjson2-2.0.40.jar!/" />
+    </CLASSES>
+    <JAVADOC>
+      <root url="jar://$USER_HOME$/.m2/repository/com/alibaba/fastjson2/fastjson2/2.0.40/fastjson2-2.0.40-javadoc.jar!/" />
+    </JAVADOC>
+    <SOURCES>
+      <root url="jar://$USER_HOME$/.m2/repository/com/alibaba/fastjson2/fastjson2/2.0.40/fastjson2-2.0.40-sources.jar!/" />
+    </SOURCES>
+  </library>
+</component>
\ No newline at end of file
diff --git a/haobang-security-xdr/.idea/libraries/Maven__com_alibaba_fastjson_1_2_83.xml b/haobang-security-xdr/.idea/libraries/Maven__com_alibaba_fastjson_1_2_83.xml
new file mode 100644
index 0000000..afb99ee
--- /dev/null
+++ b/haobang-security-xdr/.idea/libraries/Maven__com_alibaba_fastjson_1_2_83.xml
@@ -0,0 +1,13 @@
+<component name="libraryTable">
+  <library name="Maven: com.alibaba:fastjson:1.2.83">
+    <CLASSES>
+      <root url="jar://$USER_HOME$/.m2/repository/com/alibaba/fastjson/1.2.83/fastjson-1.2.83.jar!/" />
+    </CLASSES>
+    <JAVADOC>
+      <root url="jar://$USER_HOME$/.m2/repository/com/alibaba/fastjson/1.2.83/fastjson-1.2.83-javadoc.jar!/" />
+    </JAVADOC>
+    <SOURCES>
+      <root url="jar://$USER_HOME$/.m2/repository/com/alibaba/fastjson/1.2.83/fastjson-1.2.83-sources.jar!/" />
+    </SOURCES>
+  </library>
+</component>
\ No newline at end of file
diff --git a/haobang-security-xdr/.idea/libraries/Maven__com_baomidou_mybatis_plus_3_5_3_1.xml b/haobang-security-xdr/.idea/libraries/Maven__com_baomidou_mybatis_plus_3_5_3_1.xml
new file mode 100644
index 0000000..8836b85
--- /dev/null
+++ b/haobang-security-xdr/.idea/libraries/Maven__com_baomidou_mybatis_plus_3_5_3_1.xml
@@ -0,0 +1,13 @@
+<component name="libraryTable">
+  <library name="Maven: com.baomidou:mybatis-plus:3.5.3.1">
+    <CLASSES>
+      <root url="jar://$USER_HOME$/.m2/repository/com/baomidou/mybatis-plus/3.5.3.1/mybatis-plus-3.5.3.1.jar!/" />
+    </CLASSES>
+    <JAVADOC>
+      <root url="jar://$USER_HOME$/.m2/repository/com/baomidou/mybatis-plus/3.5.3.1/mybatis-plus-3.5.3.1-javadoc.jar!/" />
+    </JAVADOC>
+    <SOURCES>
+      <root url="jar://$USER_HOME$/.m2/repository/com/baomidou/mybatis-plus/3.5.3.1/mybatis-plus-3.5.3.1-sources.jar!/" />
+    </SOURCES>
+  </library>
+</component>
\ No newline at end of file
diff --git a/haobang-security-xdr/.idea/libraries/Maven__com_baomidou_mybatis_plus_annotation_3_5_3_1.xml b/haobang-security-xdr/.idea/libraries/Maven__com_baomidou_mybatis_plus_annotation_3_5_3_1.xml
new file mode 100644
index 0000000..246a8a9
--- /dev/null
+++ b/haobang-security-xdr/.idea/libraries/Maven__com_baomidou_mybatis_plus_annotation_3_5_3_1.xml
@@ -0,0 +1,13 @@
+<component name="libraryTable">
+  <library name="Maven: com.baomidou:mybatis-plus-annotation:3.5.3.1">
+    <CLASSES>
+      <root url="jar://$USER_HOME$/.m2/repository/com/baomidou/mybatis-plus-annotation/3.5.3.1/mybatis-plus-annotation-3.5.3.1.jar!/" />
+    </CLASSES>
+    <JAVADOC>
+      <root url="jar://$USER_HOME$/.m2/repository/com/baomidou/mybatis-plus-annotation/3.5.3.1/mybatis-plus-annotation-3.5.3.1-javadoc.jar!/" />
+    </JAVADOC>
+    <SOURCES>
+      <root url="jar://$USER_HOME$/.m2/repository/com/baomidou/mybatis-plus-annotation/3.5.3.1/mybatis-plus-annotation-3.5.3.1-sources.jar!/" />
+    </SOURCES>
+  </library>
+</component>
\ No newline at end of file
diff --git a/haobang-security-xdr/.idea/libraries/Maven__com_baomidou_mybatis_plus_boot_starter_3_5_3_1.xml b/haobang-security-xdr/.idea/libraries/Maven__com_baomidou_mybatis_plus_boot_starter_3_5_3_1.xml
new file mode 100644
index 0000000..130cb8b
--- /dev/null
+++ b/haobang-security-xdr/.idea/libraries/Maven__com_baomidou_mybatis_plus_boot_starter_3_5_3_1.xml
@@ -0,0 +1,13 @@
+<component name="libraryTable">
+  <library name="Maven: com.baomidou:mybatis-plus-boot-starter:3.5.3.1">
+    <CLASSES>
+      <root url="jar://$USER_HOME$/.m2/repository/com/baomidou/mybatis-plus-boot-starter/3.5.3.1/mybatis-plus-boot-starter-3.5.3.1.jar!/" />
+    </CLASSES>
+    <JAVADOC>
+      <root url="jar://$USER_HOME$/.m2/repository/com/baomidou/mybatis-plus-boot-starter/3.5.3.1/mybatis-plus-boot-starter-3.5.3.1-javadoc.jar!/" />
+    </JAVADOC>
+    <SOURCES>
+      <root url="jar://$USER_HOME$/.m2/repository/com/baomidou/mybatis-plus-boot-starter/3.5.3.1/mybatis-plus-boot-starter-3.5.3.1-sources.jar!/" />
+    </SOURCES>
+  </library>
+</component>
\ No newline at end of file
diff --git a/haobang-security-xdr/.idea/libraries/Maven__com_baomidou_mybatis_plus_core_3_5_3_1.xml b/haobang-security-xdr/.idea/libraries/Maven__com_baomidou_mybatis_plus_core_3_5_3_1.xml
new file mode 100644
index 0000000..2410392
--- /dev/null
+++ b/haobang-security-xdr/.idea/libraries/Maven__com_baomidou_mybatis_plus_core_3_5_3_1.xml
@@ -0,0 +1,13 @@
+<component name="libraryTable">
+  <library name="Maven: com.baomidou:mybatis-plus-core:3.5.3.1">
+    <CLASSES>
+      <root url="jar://$USER_HOME$/.m2/repository/com/baomidou/mybatis-plus-core/3.5.3.1/mybatis-plus-core-3.5.3.1.jar!/" />
+    </CLASSES>
+    <JAVADOC>
+      <root url="jar://$USER_HOME$/.m2/repository/com/baomidou/mybatis-plus-core/3.5.3.1/mybatis-plus-core-3.5.3.1-javadoc.jar!/" />
+    </JAVADOC>
+    <SOURCES>
+      <root url="jar://$USER_HOME$/.m2/repository/com/baomidou/mybatis-plus-core/3.5.3.1/mybatis-plus-core-3.5.3.1-sources.jar!/" />
+    </SOURCES>
+  </library>
+</component>
\ No newline at end of file
diff --git a/haobang-security-xdr/.idea/libraries/Maven__com_baomidou_mybatis_plus_extension_3_5_3_1.xml b/haobang-security-xdr/.idea/libraries/Maven__com_baomidou_mybatis_plus_extension_3_5_3_1.xml
new file mode 100644
index 0000000..17daeeb
--- /dev/null
+++ b/haobang-security-xdr/.idea/libraries/Maven__com_baomidou_mybatis_plus_extension_3_5_3_1.xml
@@ -0,0 +1,13 @@
+<component name="libraryTable">
+  <library name="Maven: com.baomidou:mybatis-plus-extension:3.5.3.1">
+    <CLASSES>
+      <root url="jar://$USER_HOME$/.m2/repository/com/baomidou/mybatis-plus-extension/3.5.3.1/mybatis-plus-extension-3.5.3.1.jar!/" />
+    </CLASSES>
+    <JAVADOC>
+      <root url="jar://$USER_HOME$/.m2/repository/com/baomidou/mybatis-plus-extension/3.5.3.1/mybatis-plus-extension-3.5.3.1-javadoc.jar!/" />
+    </JAVADOC>
+    <SOURCES>
+      <root url="jar://$USER_HOME$/.m2/repository/com/baomidou/mybatis-plus-extension/3.5.3.1/mybatis-plus-extension-3.5.3.1-sources.jar!/" />
+    </SOURCES>
+  </library>
+</component>
\ No newline at end of file
diff --git a/haobang-security-xdr/.idea/libraries/Maven__com_carrotsearch_hppc_0_8_1.xml b/haobang-security-xdr/.idea/libraries/Maven__com_carrotsearch_hppc_0_8_1.xml
new file mode 100644
index 0000000..91b02a5
--- /dev/null
+++ b/haobang-security-xdr/.idea/libraries/Maven__com_carrotsearch_hppc_0_8_1.xml
@@ -0,0 +1,13 @@
+<component name="libraryTable">
+  <library name="Maven: com.carrotsearch:hppc:0.8.1">
+    <CLASSES>
+      <root url="jar://$USER_HOME$/.m2/repository/com/carrotsearch/hppc/0.8.1/hppc-0.8.1.jar!/" />
+    </CLASSES>
+    <JAVADOC>
+      <root url="jar://$USER_HOME$/.m2/repository/com/carrotsearch/hppc/0.8.1/hppc-0.8.1-javadoc.jar!/" />
+    </JAVADOC>
+    <SOURCES>
+      <root url="jar://$USER_HOME$/.m2/repository/com/carrotsearch/hppc/0.8.1/hppc-0.8.1-sources.jar!/" />
+    </SOURCES>
+  </library>
+</component>
\ No newline at end of file
diff --git a/haobang-security-xdr/.idea/libraries/Maven__com_fasterxml_classmate_1_5_1.xml b/haobang-security-xdr/.idea/libraries/Maven__com_fasterxml_classmate_1_5_1.xml
new file mode 100644
index 0000000..9aa1658
--- /dev/null
+++ b/haobang-security-xdr/.idea/libraries/Maven__com_fasterxml_classmate_1_5_1.xml
@@ -0,0 +1,13 @@
+<component name="libraryTable">
+  <library name="Maven: com.fasterxml:classmate:1.5.1">
+    <CLASSES>
+      <root url="jar://$USER_HOME$/.m2/repository/com/fasterxml/classmate/1.5.1/classmate-1.5.1.jar!/" />
+    </CLASSES>
+    <JAVADOC>
+      <root url="jar://$USER_HOME$/.m2/repository/com/fasterxml/classmate/1.5.1/classmate-1.5.1-javadoc.jar!/" />
+    </JAVADOC>
+    <SOURCES>
+      <root url="jar://$USER_HOME$/.m2/repository/com/fasterxml/classmate/1.5.1/classmate-1.5.1-sources.jar!/" />
+    </SOURCES>
+  </library>
+</component>
\ No newline at end of file
diff --git a/haobang-security-xdr/.idea/libraries/Maven__com_fasterxml_jackson_core_jackson_annotations_2_13_3.xml b/haobang-security-xdr/.idea/libraries/Maven__com_fasterxml_jackson_core_jackson_annotations_2_13_3.xml
new file mode 100644
index 0000000..d2bc2ff
--- /dev/null
+++ b/haobang-security-xdr/.idea/libraries/Maven__com_fasterxml_jackson_core_jackson_annotations_2_13_3.xml
@@ -0,0 +1,13 @@
+<component name="libraryTable">
+  <library name="Maven: com.fasterxml.jackson.core:jackson-annotations:2.13.3">
+    <CLASSES>
+      <root url="jar://$USER_HOME$/.m2/repository/com/fasterxml/jackson/core/jackson-annotations/2.13.3/jackson-annotations-2.13.3.jar!/" />
+    </CLASSES>
+    <JAVADOC>
+      <root url="jar://$USER_HOME$/.m2/repository/com/fasterxml/jackson/core/jackson-annotations/2.13.3/jackson-annotations-2.13.3-javadoc.jar!/" />
+    </JAVADOC>
+    <SOURCES>
+      <root url="jar://$USER_HOME$/.m2/repository/com/fasterxml/jackson/core/jackson-annotations/2.13.3/jackson-annotations-2.13.3-sources.jar!/" />
+    </SOURCES>
+  </library>
+</component>
\ No newline at end of file
diff --git a/haobang-security-xdr/.idea/libraries/Maven__com_fasterxml_jackson_core_jackson_annotations_2_13_4.xml b/haobang-security-xdr/.idea/libraries/Maven__com_fasterxml_jackson_core_jackson_annotations_2_13_4.xml
new file mode 100644
index 0000000..efe4b7a
--- /dev/null
+++ b/haobang-security-xdr/.idea/libraries/Maven__com_fasterxml_jackson_core_jackson_annotations_2_13_4.xml
@@ -0,0 +1,13 @@
+<component name="libraryTable">
+  <library name="Maven: com.fasterxml.jackson.core:jackson-annotations:2.13.4">
+    <CLASSES>
+      <root url="jar://$USER_HOME$/.m2/repository/com/fasterxml/jackson/core/jackson-annotations/2.13.4/jackson-annotations-2.13.4.jar!/" />
+    </CLASSES>
+    <JAVADOC>
+      <root url="jar://$USER_HOME$/.m2/repository/com/fasterxml/jackson/core/jackson-annotations/2.13.4/jackson-annotations-2.13.4-javadoc.jar!/" />
+    </JAVADOC>
+    <SOURCES>
+      <root url="jar://$USER_HOME$/.m2/repository/com/fasterxml/jackson/core/jackson-annotations/2.13.4/jackson-annotations-2.13.4-sources.jar!/" />
+    </SOURCES>
+  </library>
+</component>
\ No newline at end of file
diff --git a/haobang-security-xdr/.idea/libraries/Maven__com_fasterxml_jackson_core_jackson_core_2_13_3.xml b/haobang-security-xdr/.idea/libraries/Maven__com_fasterxml_jackson_core_jackson_core_2_13_3.xml
new file mode 100644
index 0000000..0b0630a
--- /dev/null
+++ b/haobang-security-xdr/.idea/libraries/Maven__com_fasterxml_jackson_core_jackson_core_2_13_3.xml
@@ -0,0 +1,13 @@
+<component name="libraryTable">
+  <library name="Maven: com.fasterxml.jackson.core:jackson-core:2.13.3">
+    <CLASSES>
+      <root url="jar://$USER_HOME$/.m2/repository/com/fasterxml/jackson/core/jackson-core/2.13.3/jackson-core-2.13.3.jar!/" />
+    </CLASSES>
+    <JAVADOC>
+      <root url="jar://$USER_HOME$/.m2/repository/com/fasterxml/jackson/core/jackson-core/2.13.3/jackson-core-2.13.3-javadoc.jar!/" />
+    </JAVADOC>
+    <SOURCES>
+      <root url="jar://$USER_HOME$/.m2/repository/com/fasterxml/jackson/core/jackson-core/2.13.3/jackson-core-2.13.3-sources.jar!/" />
+    </SOURCES>
+  </library>
+</component>
\ No newline at end of file
diff --git a/haobang-security-xdr/.idea/libraries/Maven__com_fasterxml_jackson_core_jackson_core_2_13_4.xml b/haobang-security-xdr/.idea/libraries/Maven__com_fasterxml_jackson_core_jackson_core_2_13_4.xml
new file mode 100644
index 0000000..d2fe6c0
--- /dev/null
+++ b/haobang-security-xdr/.idea/libraries/Maven__com_fasterxml_jackson_core_jackson_core_2_13_4.xml
@@ -0,0 +1,13 @@
+<component name="libraryTable">
+  <library name="Maven: com.fasterxml.jackson.core:jackson-core:2.13.4">
+    <CLASSES>
+      <root url="jar://$USER_HOME$/.m2/repository/com/fasterxml/jackson/core/jackson-core/2.13.4/jackson-core-2.13.4.jar!/" />
+    </CLASSES>
+    <JAVADOC>
+      <root url="jar://$USER_HOME$/.m2/repository/com/fasterxml/jackson/core/jackson-core/2.13.4/jackson-core-2.13.4-javadoc.jar!/" />
+    </JAVADOC>
+    <SOURCES>
+      <root url="jar://$USER_HOME$/.m2/repository/com/fasterxml/jackson/core/jackson-core/2.13.4/jackson-core-2.13.4-sources.jar!/" />
+    </SOURCES>
+  </library>
+</component>
\ No newline at end of file
diff --git a/haobang-security-xdr/.idea/libraries/Maven__com_fasterxml_jackson_core_jackson_databind_2_13_3.xml b/haobang-security-xdr/.idea/libraries/Maven__com_fasterxml_jackson_core_jackson_databind_2_13_3.xml
new file mode 100644
index 0000000..3b18a25
--- /dev/null
+++ b/haobang-security-xdr/.idea/libraries/Maven__com_fasterxml_jackson_core_jackson_databind_2_13_3.xml
@@ -0,0 +1,13 @@
+<component name="libraryTable">
+  <library name="Maven: com.fasterxml.jackson.core:jackson-databind:2.13.3">
+    <CLASSES>
+      <root url="jar://$USER_HOME$/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.13.3/jackson-databind-2.13.3.jar!/" />
+    </CLASSES>
+    <JAVADOC>
+      <root url="jar://$USER_HOME$/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.13.3/jackson-databind-2.13.3-javadoc.jar!/" />
+    </JAVADOC>
+    <SOURCES>
+      <root url="jar://$USER_HOME$/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.13.3/jackson-databind-2.13.3-sources.jar!/" />
+    </SOURCES>
+  </library>
+</component>
\ No newline at end of file
diff --git a/haobang-security-xdr/.idea/libraries/Maven__com_fasterxml_jackson_dataformat_jackson_dataformat_cbor_2_13_4.xml b/haobang-security-xdr/.idea/libraries/Maven__com_fasterxml_jackson_dataformat_jackson_dataformat_cbor_2_13_4.xml
new file mode 100644
index 0000000..7cf47a7
--- /dev/null
+++ b/haobang-security-xdr/.idea/libraries/Maven__com_fasterxml_jackson_dataformat_jackson_dataformat_cbor_2_13_4.xml
@@ -0,0 +1,13 @@
+<component name="libraryTable">
+  <library name="Maven: com.fasterxml.jackson.dataformat:jackson-dataformat-cbor:2.13.4">
+    <CLASSES>
+      <root url="jar://$USER_HOME$/.m2/repository/com/fasterxml/jackson/dataformat/jackson-dataformat-cbor/2.13.4/jackson-dataformat-cbor-2.13.4.jar!/" />
+    </CLASSES>
+    <JAVADOC>
+      <root url="jar://$USER_HOME$/.m2/repository/com/fasterxml/jackson/dataformat/jackson-dataformat-cbor/2.13.4/jackson-dataformat-cbor-2.13.4-javadoc.jar!/" />
+    </JAVADOC>
+    <SOURCES>
+      <root url="jar://$USER_HOME$/.m2/repository/com/fasterxml/jackson/dataformat/jackson-dataformat-cbor/2.13.4/jackson-dataformat-cbor-2.13.4-sources.jar!/" />
+    </SOURCES>
+  </library>
+</component>
\ No newline at end of file
diff --git a/haobang-security-xdr/.idea/libraries/Maven__com_fasterxml_jackson_dataformat_jackson_dataformat_smile_2_13_4.xml b/haobang-security-xdr/.idea/libraries/Maven__com_fasterxml_jackson_dataformat_jackson_dataformat_smile_2_13_4.xml
new file mode 100644
index 0000000..57d67e1
--- /dev/null
+++ b/haobang-security-xdr/.idea/libraries/Maven__com_fasterxml_jackson_dataformat_jackson_dataformat_smile_2_13_4.xml
@@ -0,0 +1,13 @@
+<component name="libraryTable">
+  <library name="Maven: com.fasterxml.jackson.dataformat:jackson-dataformat-smile:2.13.4">
+    <CLASSES>
+      <root url="jar://$USER_HOME$/.m2/repository/com/fasterxml/jackson/dataformat/jackson-dataformat-smile/2.13.4/jackson-dataformat-smile-2.13.4.jar!/" />
+    </CLASSES>
+    <JAVADOC>
+      <root url="jar://$USER_HOME$/.m2/repository/com/fasterxml/jackson/dataformat/jackson-dataformat-smile/2.13.4/jackson-dataformat-smile-2.13.4-javadoc.jar!/" />
+    </JAVADOC>
+    <SOURCES>
+      <root url="jar://$USER_HOME$/.m2/repository/com/fasterxml/jackson/dataformat/jackson-dataformat-smile/2.13.4/jackson-dataformat-smile-2.13.4-sources.jar!/" />
+    </SOURCES>
+  </library>
+</component>
\ No newline at end of file
diff --git a/haobang-security-xdr/.idea/libraries/Maven__com_fasterxml_jackson_dataformat_jackson_dataformat_yaml_2_13_4.xml b/haobang-security-xdr/.idea/libraries/Maven__com_fasterxml_jackson_dataformat_jackson_dataformat_yaml_2_13_4.xml
new file mode 100644
index 0000000..4099742
--- /dev/null
+++ b/haobang-security-xdr/.idea/libraries/Maven__com_fasterxml_jackson_dataformat_jackson_dataformat_yaml_2_13_4.xml
@@ -0,0 +1,13 @@
+<component name="libraryTable">
+  <library name="Maven: com.fasterxml.jackson.dataformat:jackson-dataformat-yaml:2.13.4">
+    <CLASSES>
+      <root url="jar://$USER_HOME$/.m2/repository/com/fasterxml/jackson/dataformat/jackson-dataformat-yaml/2.13.4/jackson-dataformat-yaml-2.13.4.jar!/" />
+    </CLASSES>
+    <JAVADOC>
+      <root url="jar://$USER_HOME$/.m2/repository/com/fasterxml/jackson/dataformat/jackson-dataformat-yaml/2.13.4/jackson-dataformat-yaml-2.13.4-javadoc.jar!/" />
+    </JAVADOC>
+    <SOURCES>
+      <root url="jar://$USER_HOME$/.m2/repository/com/fasterxml/jackson/dataformat/jackson-dataformat-yaml/2.13.4/jackson-dataformat-yaml-2.13.4-sources.jar!/" />
+    </SOURCES>
+  </library>
+</component>
\ No newline at end of file
diff --git a/haobang-security-xdr/.idea/libraries/Maven__com_fasterxml_jackson_datatype_jackson_datatype_jdk8_2_13_4.xml b/haobang-security-xdr/.idea/libraries/Maven__com_fasterxml_jackson_datatype_jackson_datatype_jdk8_2_13_4.xml
new file mode 100644
index 0000000..7d4d840
--- /dev/null
+++ b/haobang-security-xdr/.idea/libraries/Maven__com_fasterxml_jackson_datatype_jackson_datatype_jdk8_2_13_4.xml
@@ -0,0 +1,13 @@
+<component name="libraryTable">
+  <library name="Maven: com.fasterxml.jackson.datatype:jackson-datatype-jdk8:2.13.4">
+    <CLASSES>
+      <root url="jar://$USER_HOME$/.m2/repository/com/fasterxml/jackson/datatype/jackson-datatype-jdk8/2.13.4/jackson-datatype-jdk8-2.13.4.jar!/" />
+    </CLASSES>
+    <JAVADOC>
+      <root url="jar://$USER_HOME$/.m2/repository/com/fasterxml/jackson/datatype/jackson-datatype-jdk8/2.13.4/jackson-datatype-jdk8-2.13.4-javadoc.jar!/" />
+    </JAVADOC>
+    <SOURCES>
+      <root url="jar://$USER_HOME$/.m2/repository/com/fasterxml/jackson/datatype/jackson-datatype-jdk8/2.13.4/jackson-datatype-jdk8-2.13.4-sources.jar!/" />
+    </SOURCES>
+  </library>
+</component>
\ No newline at end of file
diff --git a/haobang-security-xdr/.idea/libraries/Maven__com_fasterxml_jackson_datatype_jackson_datatype_jsr310_2_13_4.xml b/haobang-security-xdr/.idea/libraries/Maven__com_fasterxml_jackson_datatype_jackson_datatype_jsr310_2_13_4.xml
new file mode 100644
index 0000000..4058ecd
--- /dev/null
+++ b/haobang-security-xdr/.idea/libraries/Maven__com_fasterxml_jackson_datatype_jackson_datatype_jsr310_2_13_4.xml
@@ -0,0 +1,13 @@
+<component name="libraryTable">
+  <library name="Maven: com.fasterxml.jackson.datatype:jackson-datatype-jsr310:2.13.4">
+    <CLASSES>
+      <root url="jar://$USER_HOME$/.m2/repository/com/fasterxml/jackson/datatype/jackson-datatype-jsr310/2.13.4/jackson-datatype-jsr310-2.13.4.jar!/" />
+    </CLASSES>
+    <JAVADOC>
+      <root url="jar://$USER_HOME$/.m2/repository/com/fasterxml/jackson/datatype/jackson-datatype-jsr310/2.13.4/jackson-datatype-jsr310-2.13.4-javadoc.jar!/" />
+    </JAVADOC>
+    <SOURCES>
+      <root url="jar://$USER_HOME$/.m2/repository/com/fasterxml/jackson/datatype/jackson-datatype-jsr310/2.13.4/jackson-datatype-jsr310-2.13.4-sources.jar!/" />
+    </SOURCES>
+  </library>
+</component>
\ No newline at end of file
diff --git a/haobang-security-xdr/.idea/libraries/Maven__com_fasterxml_jackson_module_jackson_module_parameter_names_2_13_4.xml b/haobang-security-xdr/.idea/libraries/Maven__com_fasterxml_jackson_module_jackson_module_parameter_names_2_13_4.xml
new file mode 100644
index 0000000..ddb8a0d
--- /dev/null
+++ b/haobang-security-xdr/.idea/libraries/Maven__com_fasterxml_jackson_module_jackson_module_parameter_names_2_13_4.xml
@@ -0,0 +1,13 @@
+<component name="libraryTable">
+  <library name="Maven: com.fasterxml.jackson.module:jackson-module-parameter-names:2.13.4">
+    <CLASSES>
+      <root url="jar://$USER_HOME$/.m2/repository/com/fasterxml/jackson/module/jackson-module-parameter-names/2.13.4/jackson-module-parameter-names-2.13.4.jar!/" />
+    </CLASSES>
+    <JAVADOC>
+      <root url="jar://$USER_HOME$/.m2/repository/com/fasterxml/jackson/module/jackson-module-parameter-names/2.13.4/jackson-module-parameter-names-2.13.4-javadoc.jar!/" />
+    </JAVADOC>
+    <SOURCES>
+      <root url="jar://$USER_HOME$/.m2/repository/com/fasterxml/jackson/module/jackson-module-parameter-names/2.13.4/jackson-module-parameter-names-2.13.4-sources.jar!/" />
+    </SOURCES>
+  </library>
+</component>
\ No newline at end of file
diff --git a/haobang-security-xdr/.idea/libraries/Maven__com_github_jsqlparser_jsqlparser_4_5.xml b/haobang-security-xdr/.idea/libraries/Maven__com_github_jsqlparser_jsqlparser_4_5.xml
new file mode 100644
index 0000000..798e8f4
--- /dev/null
+++ b/haobang-security-xdr/.idea/libraries/Maven__com_github_jsqlparser_jsqlparser_4_5.xml
@@ -0,0 +1,13 @@
+<component name="libraryTable">
+  <library name="Maven: com.github.jsqlparser:jsqlparser:4.5">
+    <CLASSES>
+      <root url="jar://$USER_HOME$/.m2/repository/com/github/jsqlparser/jsqlparser/4.5/jsqlparser-4.5.jar!/" />
+    </CLASSES>
+    <JAVADOC>
+      <root url="jar://$USER_HOME$/.m2/repository/com/github/jsqlparser/jsqlparser/4.5/jsqlparser-4.5-javadoc.jar!/" />
+    </JAVADOC>
+    <SOURCES>
+      <root url="jar://$USER_HOME$/.m2/repository/com/github/jsqlparser/jsqlparser/4.5/jsqlparser-4.5-sources.jar!/" />
+    </SOURCES>
+  </library>
+</component>
\ No newline at end of file
diff --git a/haobang-security-xdr/.idea/libraries/Maven__com_github_luben_zstd_jni_1_5_2_1.xml b/haobang-security-xdr/.idea/libraries/Maven__com_github_luben_zstd_jni_1_5_2_1.xml
new file mode 100644
index 0000000..ff97670
--- /dev/null
+++ b/haobang-security-xdr/.idea/libraries/Maven__com_github_luben_zstd_jni_1_5_2_1.xml
@@ -0,0 +1,13 @@
+<component name="libraryTable">
+  <library name="Maven: com.github.luben:zstd-jni:1.5.2-1">
+    <CLASSES>
+      <root url="jar://$USER_HOME$/.m2/repository/com/github/luben/zstd-jni/1.5.2-1/zstd-jni-1.5.2-1.jar!/" />
+    </CLASSES>
+    <JAVADOC>
+      <root url="jar://$USER_HOME$/.m2/repository/com/github/luben/zstd-jni/1.5.2-1/zstd-jni-1.5.2-1-javadoc.jar!/" />
+    </JAVADOC>
+    <SOURCES>
+      <root url="jar://$USER_HOME$/.m2/repository/com/github/luben/zstd-jni/1.5.2-1/zstd-jni-1.5.2-1-sources.jar!/" />
+    </SOURCES>
+  </library>
+</component>
\ No newline at end of file
diff --git a/haobang-security-xdr/.idea/libraries/Maven__com_github_pagehelper_pagehelper_5_3_2.xml b/haobang-security-xdr/.idea/libraries/Maven__com_github_pagehelper_pagehelper_5_3_2.xml
new file mode 100644
index 0000000..baadefc
--- /dev/null
+++ b/haobang-security-xdr/.idea/libraries/Maven__com_github_pagehelper_pagehelper_5_3_2.xml
@@ -0,0 +1,13 @@
+<component name="libraryTable">
+  <library name="Maven: com.github.pagehelper:pagehelper:5.3.2">
+    <CLASSES>
+      <root url="jar://$USER_HOME$/.m2/repository/com/github/pagehelper/pagehelper/5.3.2/pagehelper-5.3.2.jar!/" />
+    </CLASSES>
+    <JAVADOC>
+      <root url="jar://$USER_HOME$/.m2/repository/com/github/pagehelper/pagehelper/5.3.2/pagehelper-5.3.2-javadoc.jar!/" />
+    </JAVADOC>
+    <SOURCES>
+      <root url="jar://$USER_HOME$/.m2/repository/com/github/pagehelper/pagehelper/5.3.2/pagehelper-5.3.2-sources.jar!/" />
+    </SOURCES>
+  </library>
+</component>
\ No newline at end of file
diff --git a/haobang-security-xdr/.idea/libraries/Maven__com_github_pagehelper_pagehelper_spring_boot_autoconfigure_1_4_6.xml b/haobang-security-xdr/.idea/libraries/Maven__com_github_pagehelper_pagehelper_spring_boot_autoconfigure_1_4_6.xml
new file mode 100644
index 0000000..17c3b6b
--- /dev/null
+++ b/haobang-security-xdr/.idea/libraries/Maven__com_github_pagehelper_pagehelper_spring_boot_autoconfigure_1_4_6.xml
@@ -0,0 +1,13 @@
+<component name="libraryTable">
+  <library name="Maven: com.github.pagehelper:pagehelper-spring-boot-autoconfigure:1.4.6">
+    <CLASSES>
+      <root url="jar://$USER_HOME$/.m2/repository/com/github/pagehelper/pagehelper-spring-boot-autoconfigure/1.4.6/pagehelper-spring-boot-autoconfigure-1.4.6.jar!/" />
+    </CLASSES>
+    <JAVADOC>
+      <root url="jar://$USER_HOME$/.m2/repository/com/github/pagehelper/pagehelper-spring-boot-autoconfigure/1.4.6/pagehelper-spring-boot-autoconfigure-1.4.6-javadoc.jar!/" />
+    </JAVADOC>
+    <SOURCES>
+      <root url="jar://$USER_HOME$/.m2/repository/com/github/pagehelper/pagehelper-spring-boot-autoconfigure/1.4.6/pagehelper-spring-boot-autoconfigure-1.4.6-sources.jar!/" />
+    </SOURCES>
+  </library>
+</component>
\ No newline at end of file
diff --git a/haobang-security-xdr/.idea/libraries/Maven__com_github_pagehelper_pagehelper_spring_boot_starter_1_4_6.xml b/haobang-security-xdr/.idea/libraries/Maven__com_github_pagehelper_pagehelper_spring_boot_starter_1_4_6.xml
new file mode 100644
index 0000000..2ec1da7
--- /dev/null
+++ b/haobang-security-xdr/.idea/libraries/Maven__com_github_pagehelper_pagehelper_spring_boot_starter_1_4_6.xml
@@ -0,0 +1,13 @@
+<component name="libraryTable">
+  <library name="Maven: com.github.pagehelper:pagehelper-spring-boot-starter:1.4.6">
+    <CLASSES>
+      <root url="jar://$USER_HOME$/.m2/repository/com/github/pagehelper/pagehelper-spring-boot-starter/1.4.6/pagehelper-spring-boot-starter-1.4.6.jar!/" />
+    </CLASSES>
+    <JAVADOC>
+      <root url="jar://$USER_HOME$/.m2/repository/com/github/pagehelper/pagehelper-spring-boot-starter/1.4.6/pagehelper-spring-boot-starter-1.4.6-javadoc.jar!/" />
+    </JAVADOC>
+    <SOURCES>
+      <root url="jar://$USER_HOME$/.m2/repository/com/github/pagehelper/pagehelper-spring-boot-starter/1.4.6/pagehelper-spring-boot-starter-1.4.6-sources.jar!/" />
+    </SOURCES>
+  </library>
+</component>
\ No newline at end of file
diff --git a/haobang-security-xdr/.idea/libraries/Maven__com_github_spullara_mustache_java_compiler_0_9_6.xml b/haobang-security-xdr/.idea/libraries/Maven__com_github_spullara_mustache_java_compiler_0_9_6.xml
new file mode 100644
index 0000000..fcc6307
--- /dev/null
+++ b/haobang-security-xdr/.idea/libraries/Maven__com_github_spullara_mustache_java_compiler_0_9_6.xml
@@ -0,0 +1,13 @@
+<component name="libraryTable">
+  <library name="Maven: com.github.spullara.mustache.java:compiler:0.9.6">
+    <CLASSES>
+      <root url="jar://$USER_HOME$/.m2/repository/com/github/spullara/mustache/java/compiler/0.9.6/compiler-0.9.6.jar!/" />
+    </CLASSES>
+    <JAVADOC>
+      <root url="jar://$USER_HOME$/.m2/repository/com/github/spullara/mustache/java/compiler/0.9.6/compiler-0.9.6-javadoc.jar!/" />
+    </JAVADOC>
+    <SOURCES>
+      <root url="jar://$USER_HOME$/.m2/repository/com/github/spullara/mustache/java/compiler/0.9.6/compiler-0.9.6-sources.jar!/" />
+    </SOURCES>
+  </library>
+</component>
\ No newline at end of file
diff --git a/haobang-security-xdr/.idea/libraries/Maven__com_google_code_findbugs_jsr305_3_0_2.xml b/haobang-security-xdr/.idea/libraries/Maven__com_google_code_findbugs_jsr305_3_0_2.xml
new file mode 100644
index 0000000..42ab821
--- /dev/null
+++ b/haobang-security-xdr/.idea/libraries/Maven__com_google_code_findbugs_jsr305_3_0_2.xml
@@ -0,0 +1,13 @@
+<component name="libraryTable">
+  <library name="Maven: com.google.code.findbugs:jsr305:3.0.2">
+    <CLASSES>
+      <root url="jar://$USER_HOME$/.m2/repository/com/google/code/findbugs/jsr305/3.0.2/jsr305-3.0.2.jar!/" />
+    </CLASSES>
+    <JAVADOC>
+      <root url="jar://$USER_HOME$/.m2/repository/com/google/code/findbugs/jsr305/3.0.2/jsr305-3.0.2-javadoc.jar!/" />
+    </JAVADOC>
+    <SOURCES>
+      <root url="jar://$USER_HOME$/.m2/repository/com/google/code/findbugs/jsr305/3.0.2/jsr305-3.0.2-sources.jar!/" />
+    </SOURCES>
+  </library>
+</component>
\ No newline at end of file
diff --git a/haobang-security-xdr/.idea/libraries/Maven__com_google_code_gson_gson_2_9_1.xml b/haobang-security-xdr/.idea/libraries/Maven__com_google_code_gson_gson_2_9_1.xml
new file mode 100644
index 0000000..af521f2
--- /dev/null
+++ b/haobang-security-xdr/.idea/libraries/Maven__com_google_code_gson_gson_2_9_1.xml
@@ -0,0 +1,13 @@
+<component name="libraryTable">
+  <library name="Maven: com.google.code.gson:gson:2.9.1">
+    <CLASSES>
+      <root url="jar://$USER_HOME$/.m2/repository/com/google/code/gson/gson/2.9.1/gson-2.9.1.jar!/" />
+    </CLASSES>
+    <JAVADOC>
+      <root url="jar://$USER_HOME$/.m2/repository/com/google/code/gson/gson/2.9.1/gson-2.9.1-javadoc.jar!/" />
+    </JAVADOC>
+    <SOURCES>
+      <root url="jar://$USER_HOME$/.m2/repository/com/google/code/gson/gson/2.9.1/gson-2.9.1-sources.jar!/" />
+    </SOURCES>
+  </library>
+</component>
\ No newline at end of file
diff --git a/haobang-security-xdr/.idea/libraries/Maven__com_influxdb_influxdb_client_core_6_9_0.xml b/haobang-security-xdr/.idea/libraries/Maven__com_influxdb_influxdb_client_core_6_9_0.xml
new file mode 100644
index 0000000..b5264cd
--- /dev/null
+++ b/haobang-security-xdr/.idea/libraries/Maven__com_influxdb_influxdb_client_core_6_9_0.xml
@@ -0,0 +1,13 @@
+<component name="libraryTable">
+  <library name="Maven: com.influxdb:influxdb-client-core:6.9.0">
+    <CLASSES>
+      <root url="jar://$USER_HOME$/.m2/repository/com/influxdb/influxdb-client-core/6.9.0/influxdb-client-core-6.9.0.jar!/" />
+    </CLASSES>
+    <JAVADOC>
+      <root url="jar://$USER_HOME$/.m2/repository/com/influxdb/influxdb-client-core/6.9.0/influxdb-client-core-6.9.0-javadoc.jar!/" />
+    </JAVADOC>
+    <SOURCES>
+      <root url="jar://$USER_HOME$/.m2/repository/com/influxdb/influxdb-client-core/6.9.0/influxdb-client-core-6.9.0-sources.jar!/" />
+    </SOURCES>
+  </library>
+</component>
\ No newline at end of file
diff --git a/haobang-security-xdr/.idea/libraries/Maven__com_influxdb_influxdb_client_java_6_9_0.xml b/haobang-security-xdr/.idea/libraries/Maven__com_influxdb_influxdb_client_java_6_9_0.xml
new file mode 100644
index 0000000..4e49595
--- /dev/null
+++ b/haobang-security-xdr/.idea/libraries/Maven__com_influxdb_influxdb_client_java_6_9_0.xml
@@ -0,0 +1,13 @@
+<component name="libraryTable">
+  <library name="Maven: com.influxdb:influxdb-client-java:6.9.0">
+    <CLASSES>
+      <root url="jar://$USER_HOME$/.m2/repository/com/influxdb/influxdb-client-java/6.9.0/influxdb-client-java-6.9.0.jar!/" />
+    </CLASSES>
+    <JAVADOC>
+      <root url="jar://$USER_HOME$/.m2/repository/com/influxdb/influxdb-client-java/6.9.0/influxdb-client-java-6.9.0-javadoc.jar!/" />
+    </JAVADOC>
+    <SOURCES>
+      <root url="jar://$USER_HOME$/.m2/repository/com/influxdb/influxdb-client-java/6.9.0/influxdb-client-java-6.9.0-sources.jar!/" />
+    </SOURCES>
+  </library>
+</component>
\ No newline at end of file
diff --git a/haobang-security-xdr/.idea/libraries/Maven__com_influxdb_influxdb_client_utils_6_9_0.xml b/haobang-security-xdr/.idea/libraries/Maven__com_influxdb_influxdb_client_utils_6_9_0.xml
new file mode 100644
index 0000000..ff63e25
--- /dev/null
+++ b/haobang-security-xdr/.idea/libraries/Maven__com_influxdb_influxdb_client_utils_6_9_0.xml
@@ -0,0 +1,13 @@
+<component name="libraryTable">
+  <library name="Maven: com.influxdb:influxdb-client-utils:6.9.0">
+    <CLASSES>
+      <root url="jar://$USER_HOME$/.m2/repository/com/influxdb/influxdb-client-utils/6.9.0/influxdb-client-utils-6.9.0.jar!/" />
+    </CLASSES>
+    <JAVADOC>
+      <root url="jar://$USER_HOME$/.m2/repository/com/influxdb/influxdb-client-utils/6.9.0/influxdb-client-utils-6.9.0-javadoc.jar!/" />
+    </JAVADOC>
+    <SOURCES>
+      <root url="jar://$USER_HOME$/.m2/repository/com/influxdb/influxdb-client-utils/6.9.0/influxdb-client-utils-6.9.0-sources.jar!/" />
+    </SOURCES>
+  </library>
+</component>
\ No newline at end of file
diff --git a/haobang-security-xdr/.idea/libraries/Maven__com_jayway_jsonpath_json_path_2_7_0.xml b/haobang-security-xdr/.idea/libraries/Maven__com_jayway_jsonpath_json_path_2_7_0.xml
new file mode 100644
index 0000000..1f30adb
--- /dev/null
+++ b/haobang-security-xdr/.idea/libraries/Maven__com_jayway_jsonpath_json_path_2_7_0.xml
@@ -0,0 +1,13 @@
+<component name="libraryTable">
+  <library name="Maven: com.jayway.jsonpath:json-path:2.7.0">
+    <CLASSES>
+      <root url="jar://$USER_HOME$/.m2/repository/com/jayway/jsonpath/json-path/2.7.0/json-path-2.7.0.jar!/" />
+    </CLASSES>
+    <JAVADOC>
+      <root url="jar://$USER_HOME$/.m2/repository/com/jayway/jsonpath/json-path/2.7.0/json-path-2.7.0-javadoc.jar!/" />
+    </JAVADOC>
+    <SOURCES>
+      <root url="jar://$USER_HOME$/.m2/repository/com/jayway/jsonpath/json-path/2.7.0/json-path-2.7.0-sources.jar!/" />
+    </SOURCES>
+  </library>
+</component>
\ No newline at end of file
diff --git a/haobang-security-xdr/.idea/libraries/Maven__com_mchange_mchange_commons_java_0_2_15.xml b/haobang-security-xdr/.idea/libraries/Maven__com_mchange_mchange_commons_java_0_2_15.xml
new file mode 100644
index 0000000..84e0c93
--- /dev/null
+++ b/haobang-security-xdr/.idea/libraries/Maven__com_mchange_mchange_commons_java_0_2_15.xml
@@ -0,0 +1,13 @@
+<component name="libraryTable">
+  <library name="Maven: com.mchange:mchange-commons-java:0.2.15">
+    <CLASSES>
+      <root url="jar://$USER_HOME$/.m2/repository/com/mchange/mchange-commons-java/0.2.15/mchange-commons-java-0.2.15.jar!/" />
+    </CLASSES>
+    <JAVADOC>
+      <root url="jar://$USER_HOME$/.m2/repository/com/mchange/mchange-commons-java/0.2.15/mchange-commons-java-0.2.15-javadoc.jar!/" />
+    </JAVADOC>
+    <SOURCES>
+      <root url="jar://$USER_HOME$/.m2/repository/com/mchange/mchange-commons-java/0.2.15/mchange-commons-java-0.2.15-sources.jar!/" />
+    </SOURCES>
+  </library>
+</component>
\ No newline at end of file
diff --git a/haobang-security-xdr/.idea/libraries/Maven__com_squareup_okhttp3_logging_interceptor_4_9_3.xml b/haobang-security-xdr/.idea/libraries/Maven__com_squareup_okhttp3_logging_interceptor_4_9_3.xml
new file mode 100644
index 0000000..8ae3345
--- /dev/null
+++ b/haobang-security-xdr/.idea/libraries/Maven__com_squareup_okhttp3_logging_interceptor_4_9_3.xml
@@ -0,0 +1,13 @@
+<component name="libraryTable">
+  <library name="Maven: com.squareup.okhttp3:logging-interceptor:4.9.3">
+    <CLASSES>
+      <root url="jar://$USER_HOME$/.m2/repository/com/squareup/okhttp3/logging-interceptor/4.9.3/logging-interceptor-4.9.3.jar!/" />
+    </CLASSES>
+    <JAVADOC>
+      <root url="jar://$USER_HOME$/.m2/repository/com/squareup/okhttp3/logging-interceptor/4.9.3/logging-interceptor-4.9.3-javadoc.jar!/" />
+    </JAVADOC>
+    <SOURCES>
+      <root url="jar://$USER_HOME$/.m2/repository/com/squareup/okhttp3/logging-interceptor/4.9.3/logging-interceptor-4.9.3-sources.jar!/" />
+    </SOURCES>
+  </library>
+</component>
\ No newline at end of file
diff --git a/haobang-security-xdr/.idea/libraries/Maven__com_squareup_okhttp3_okhttp_4_9_3.xml b/haobang-security-xdr/.idea/libraries/Maven__com_squareup_okhttp3_okhttp_4_9_3.xml
new file mode 100644
index 0000000..da48dc8
--- /dev/null
+++ b/haobang-security-xdr/.idea/libraries/Maven__com_squareup_okhttp3_okhttp_4_9_3.xml
@@ -0,0 +1,13 @@
+<component name="libraryTable">
+  <library name="Maven: com.squareup.okhttp3:okhttp:4.9.3">
+    <CLASSES>
+      <root url="jar://$USER_HOME$/.m2/repository/com/squareup/okhttp3/okhttp/4.9.3/okhttp-4.9.3.jar!/" />
+    </CLASSES>
+    <JAVADOC>
+      <root url="jar://$USER_HOME$/.m2/repository/com/squareup/okhttp3/okhttp/4.9.3/okhttp-4.9.3-javadoc.jar!/" />
+    </JAVADOC>
+    <SOURCES>
+      <root url="jar://$USER_HOME$/.m2/repository/com/squareup/okhttp3/okhttp/4.9.3/okhttp-4.9.3-sources.jar!/" />
+    </SOURCES>
+  </library>
+</component>
\ No newline at end of file
diff --git a/haobang-security-xdr/.idea/libraries/Maven__com_squareup_okio_okio_3_3_0.xml b/haobang-security-xdr/.idea/libraries/Maven__com_squareup_okio_okio_3_3_0.xml
new file mode 100644
index 0000000..78d5f3a
--- /dev/null
+++ b/haobang-security-xdr/.idea/libraries/Maven__com_squareup_okio_okio_3_3_0.xml
@@ -0,0 +1,13 @@
+<component name="libraryTable">
+  <library name="Maven: com.squareup.okio:okio:3.3.0">
+    <CLASSES>
+      <root url="jar://$USER_HOME$/.m2/repository/com/squareup/okio/okio/3.3.0/okio-3.3.0.jar!/" />
+    </CLASSES>
+    <JAVADOC>
+      <root url="jar://$USER_HOME$/.m2/repository/com/squareup/okio/okio/3.3.0/okio-3.3.0-javadoc.jar!/" />
+    </JAVADOC>
+    <SOURCES>
+      <root url="jar://$USER_HOME$/.m2/repository/com/squareup/okio/okio/3.3.0/okio-3.3.0-sources.jar!/" />
+    </SOURCES>
+  </library>
+</component>
\ No newline at end of file
diff --git a/haobang-security-xdr/.idea/libraries/Maven__com_squareup_okio_okio_jvm_3_3_0.xml b/haobang-security-xdr/.idea/libraries/Maven__com_squareup_okio_okio_jvm_3_3_0.xml
new file mode 100644
index 0000000..0ea4e5c
--- /dev/null
+++ b/haobang-security-xdr/.idea/libraries/Maven__com_squareup_okio_okio_jvm_3_3_0.xml
@@ -0,0 +1,13 @@
+<component name="libraryTable">
+  <library name="Maven: com.squareup.okio:okio-jvm:3.3.0">
+    <CLASSES>
+      <root url="jar://$USER_HOME$/.m2/repository/com/squareup/okio/okio-jvm/3.3.0/okio-jvm-3.3.0.jar!/" />
+    </CLASSES>
+    <JAVADOC>
+      <root url="jar://$USER_HOME$/.m2/repository/com/squareup/okio/okio-jvm/3.3.0/okio-jvm-3.3.0-javadoc.jar!/" />
+    </JAVADOC>
+    <SOURCES>
+      <root url="jar://$USER_HOME$/.m2/repository/com/squareup/okio/okio-jvm/3.3.0/okio-jvm-3.3.0-sources.jar!/" />
+    </SOURCES>
+  </library>
+</component>
\ No newline at end of file
diff --git a/haobang-security-xdr/.idea/libraries/Maven__com_squareup_retrofit2_adapter_rxjava3_2_9_0.xml b/haobang-security-xdr/.idea/libraries/Maven__com_squareup_retrofit2_adapter_rxjava3_2_9_0.xml
new file mode 100644
index 0000000..c0977b2
--- /dev/null
+++ b/haobang-security-xdr/.idea/libraries/Maven__com_squareup_retrofit2_adapter_rxjava3_2_9_0.xml
@@ -0,0 +1,13 @@
+<component name="libraryTable">
+  <library name="Maven: com.squareup.retrofit2:adapter-rxjava3:2.9.0">
+    <CLASSES>
+      <root url="jar://$USER_HOME$/.m2/repository/com/squareup/retrofit2/adapter-rxjava3/2.9.0/adapter-rxjava3-2.9.0.jar!/" />
+    </CLASSES>
+    <JAVADOC>
+      <root url="jar://$USER_HOME$/.m2/repository/com/squareup/retrofit2/adapter-rxjava3/2.9.0/adapter-rxjava3-2.9.0-javadoc.jar!/" />
+    </JAVADOC>
+    <SOURCES>
+      <root url="jar://$USER_HOME$/.m2/repository/com/squareup/retrofit2/adapter-rxjava3/2.9.0/adapter-rxjava3-2.9.0-sources.jar!/" />
+    </SOURCES>
+  </library>
+</component>
\ No newline at end of file
diff --git a/haobang-security-xdr/.idea/libraries/Maven__com_squareup_retrofit2_converter_gson_2_9_0.xml b/haobang-security-xdr/.idea/libraries/Maven__com_squareup_retrofit2_converter_gson_2_9_0.xml
new file mode 100644
index 0000000..2a06d66
--- /dev/null
+++ b/haobang-security-xdr/.idea/libraries/Maven__com_squareup_retrofit2_converter_gson_2_9_0.xml
@@ -0,0 +1,13 @@
+<component name="libraryTable">
+  <library name="Maven: com.squareup.retrofit2:converter-gson:2.9.0">
+    <CLASSES>
+      <root url="jar://$USER_HOME$/.m2/repository/com/squareup/retrofit2/converter-gson/2.9.0/converter-gson-2.9.0.jar!/" />
+    </CLASSES>
+    <JAVADOC>
+      <root url="jar://$USER_HOME$/.m2/repository/com/squareup/retrofit2/converter-gson/2.9.0/converter-gson-2.9.0-javadoc.jar!/" />
+    </JAVADOC>
+    <SOURCES>
+      <root url="jar://$USER_HOME$/.m2/repository/com/squareup/retrofit2/converter-gson/2.9.0/converter-gson-2.9.0-sources.jar!/" />
+    </SOURCES>
+  </library>
+</component>
\ No newline at end of file
diff --git a/haobang-security-xdr/.idea/libraries/Maven__com_squareup_retrofit2_converter_scalars_2_9_0.xml b/haobang-security-xdr/.idea/libraries/Maven__com_squareup_retrofit2_converter_scalars_2_9_0.xml
new file mode 100644
index 0000000..1f6444d
--- /dev/null
+++ b/haobang-security-xdr/.idea/libraries/Maven__com_squareup_retrofit2_converter_scalars_2_9_0.xml
@@ -0,0 +1,13 @@
+<component name="libraryTable">
+  <library name="Maven: com.squareup.retrofit2:converter-scalars:2.9.0">
+    <CLASSES>
+      <root url="jar://$USER_HOME$/.m2/repository/com/squareup/retrofit2/converter-scalars/2.9.0/converter-scalars-2.9.0.jar!/" />
+    </CLASSES>
+    <JAVADOC>
+      <root url="jar://$USER_HOME$/.m2/repository/com/squareup/retrofit2/converter-scalars/2.9.0/converter-scalars-2.9.0-javadoc.jar!/" />
+    </JAVADOC>
+    <SOURCES>
+      <root url="jar://$USER_HOME$/.m2/repository/com/squareup/retrofit2/converter-scalars/2.9.0/converter-scalars-2.9.0-sources.jar!/" />
+    </SOURCES>
+  </library>
+</component>
\ No newline at end of file
diff --git a/haobang-security-xdr/.idea/libraries/Maven__com_squareup_retrofit2_retrofit_2_9_0.xml b/haobang-security-xdr/.idea/libraries/Maven__com_squareup_retrofit2_retrofit_2_9_0.xml
new file mode 100644
index 0000000..bb0a1ca
--- /dev/null
+++ b/haobang-security-xdr/.idea/libraries/Maven__com_squareup_retrofit2_retrofit_2_9_0.xml
@@ -0,0 +1,13 @@
+<component name="libraryTable">
+  <library name="Maven: com.squareup.retrofit2:retrofit:2.9.0">
+    <CLASSES>
+      <root url="jar://$USER_HOME$/.m2/repository/com/squareup/retrofit2/retrofit/2.9.0/retrofit-2.9.0.jar!/" />
+    </CLASSES>
+    <JAVADOC>
+      <root url="jar://$USER_HOME$/.m2/repository/com/squareup/retrofit2/retrofit/2.9.0/retrofit-2.9.0-javadoc.jar!/" />
+    </JAVADOC>
+    <SOURCES>
+      <root url="jar://$USER_HOME$/.m2/repository/com/squareup/retrofit2/retrofit/2.9.0/retrofit-2.9.0-sources.jar!/" />
+    </SOURCES>
+  </library>
+</component>
\ No newline at end of file
diff --git a/haobang-security-xdr/.idea/libraries/Maven__com_tdunning_t_digest_3_2.xml b/haobang-security-xdr/.idea/libraries/Maven__com_tdunning_t_digest_3_2.xml
new file mode 100644
index 0000000..f024cb0
--- /dev/null
+++ b/haobang-security-xdr/.idea/libraries/Maven__com_tdunning_t_digest_3_2.xml
@@ -0,0 +1,13 @@
+<component name="libraryTable">
+  <library name="Maven: com.tdunning:t-digest:3.2">
+    <CLASSES>
+      <root url="jar://$USER_HOME$/.m2/repository/com/tdunning/t-digest/3.2/t-digest-3.2.jar!/" />
+    </CLASSES>
+    <JAVADOC>
+      <root url="jar://$USER_HOME$/.m2/repository/com/tdunning/t-digest/3.2/t-digest-3.2-javadoc.jar!/" />
+    </JAVADOC>
+    <SOURCES>
+      <root url="jar://$USER_HOME$/.m2/repository/com/tdunning/t-digest/3.2/t-digest-3.2-sources.jar!/" />
+    </SOURCES>
+  </library>
+</component>
\ No newline at end of file
diff --git a/haobang-security-xdr/.idea/libraries/Maven__com_typesafe_config_1_4_2.xml b/haobang-security-xdr/.idea/libraries/Maven__com_typesafe_config_1_4_2.xml
new file mode 100644
index 0000000..fb9bfa6
--- /dev/null
+++ b/haobang-security-xdr/.idea/libraries/Maven__com_typesafe_config_1_4_2.xml
@@ -0,0 +1,13 @@
+<component name="libraryTable">
+  <library name="Maven: com.typesafe:config:1.4.2">
+    <CLASSES>
+      <root url="jar://$USER_HOME$/.m2/repository/com/typesafe/config/1.4.2/config-1.4.2.jar!/" />
+    </CLASSES>
+    <JAVADOC>
+      <root url="jar://$USER_HOME$/.m2/repository/com/typesafe/config/1.4.2/config-1.4.2-javadoc.jar!/" />
+    </JAVADOC>
+    <SOURCES>
+      <root url="jar://$USER_HOME$/.m2/repository/com/typesafe/config/1.4.2/config-1.4.2-sources.jar!/" />
+    </SOURCES>
+  </library>
+</component>
\ No newline at end of file
diff --git a/haobang-security-xdr/.idea/libraries/Maven__com_vaadin_external_google_android_json_0_0_20131108_vaadin1.xml b/haobang-security-xdr/.idea/libraries/Maven__com_vaadin_external_google_android_json_0_0_20131108_vaadin1.xml
new file mode 100644
index 0000000..3899977
--- /dev/null
+++ b/haobang-security-xdr/.idea/libraries/Maven__com_vaadin_external_google_android_json_0_0_20131108_vaadin1.xml
@@ -0,0 +1,13 @@
+<component name="libraryTable">
+  <library name="Maven: com.vaadin.external.google:android-json:0.0.20131108.vaadin1">
+    <CLASSES>
+      <root url="jar://$USER_HOME$/.m2/repository/com/vaadin/external/google/android-json/0.0.20131108.vaadin1/android-json-0.0.20131108.vaadin1.jar!/" />
+    </CLASSES>
+    <JAVADOC>
+      <root url="jar://$USER_HOME$/.m2/repository/com/vaadin/external/google/android-json/0.0.20131108.vaadin1/android-json-0.0.20131108.vaadin1-javadoc.jar!/" />
+    </JAVADOC>
+    <SOURCES>
+      <root url="jar://$USER_HOME$/.m2/repository/com/vaadin/external/google/android-json/0.0.20131108.vaadin1/android-json-0.0.20131108.vaadin1-sources.jar!/" />
+    </SOURCES>
+  </library>
+</component>
\ No newline at end of file
diff --git a/haobang-security-xdr/.idea/libraries/Maven__com_zaxxer_HikariCP_4_0_3.xml b/haobang-security-xdr/.idea/libraries/Maven__com_zaxxer_HikariCP_4_0_3.xml
new file mode 100644
index 0000000..b5eceb8
--- /dev/null
+++ b/haobang-security-xdr/.idea/libraries/Maven__com_zaxxer_HikariCP_4_0_3.xml
@@ -0,0 +1,13 @@
+<component name="libraryTable">
+  <library name="Maven: com.zaxxer:HikariCP:4.0.3">
+    <CLASSES>
+      <root url="jar://$USER_HOME$/.m2/repository/com/zaxxer/HikariCP/4.0.3/HikariCP-4.0.3.jar!/" />
+    </CLASSES>
+    <JAVADOC>
+      <root url="jar://$USER_HOME$/.m2/repository/com/zaxxer/HikariCP/4.0.3/HikariCP-4.0.3-javadoc.jar!/" />
+    </JAVADOC>
+    <SOURCES>
+      <root url="jar://$USER_HOME$/.m2/repository/com/zaxxer/HikariCP/4.0.3/HikariCP-4.0.3-sources.jar!/" />
+    </SOURCES>
+  </library>
+</component>
\ No newline at end of file
diff --git a/haobang-security-xdr/.idea/libraries/Maven__commons_codec_commons_codec_1_15.xml b/haobang-security-xdr/.idea/libraries/Maven__commons_codec_commons_codec_1_15.xml
new file mode 100644
index 0000000..7b02399
--- /dev/null
+++ b/haobang-security-xdr/.idea/libraries/Maven__commons_codec_commons_codec_1_15.xml
@@ -0,0 +1,13 @@
+<component name="libraryTable">
+  <library name="Maven: commons-codec:commons-codec:1.15">
+    <CLASSES>
+      <root url="jar://$USER_HOME$/.m2/repository/commons-codec/commons-codec/1.15/commons-codec-1.15.jar!/" />
+    </CLASSES>
+    <JAVADOC>
+      <root url="jar://$USER_HOME$/.m2/repository/commons-codec/commons-codec/1.15/commons-codec-1.15-javadoc.jar!/" />
+    </JAVADOC>
+    <SOURCES>
+      <root url="jar://$USER_HOME$/.m2/repository/commons-codec/commons-codec/1.15/commons-codec-1.15-sources.jar!/" />
+    </SOURCES>
+  </library>
+</component>
\ No newline at end of file
diff --git a/haobang-security-xdr/.idea/libraries/Maven__io_lettuce_lettuce_core_6_1_9_RELEASE.xml b/haobang-security-xdr/.idea/libraries/Maven__io_lettuce_lettuce_core_6_1_9_RELEASE.xml
new file mode 100644
index 0000000..057d829
--- /dev/null
+++ b/haobang-security-xdr/.idea/libraries/Maven__io_lettuce_lettuce_core_6_1_9_RELEASE.xml
@@ -0,0 +1,13 @@
+<component name="libraryTable">
+  <library name="Maven: io.lettuce:lettuce-core:6.1.9.RELEASE">
+    <CLASSES>
+      <root url="jar://$USER_HOME$/.m2/repository/io/lettuce/lettuce-core/6.1.9.RELEASE/lettuce-core-6.1.9.RELEASE.jar!/" />
+    </CLASSES>
+    <JAVADOC>
+      <root url="jar://$USER_HOME$/.m2/repository/io/lettuce/lettuce-core/6.1.9.RELEASE/lettuce-core-6.1.9.RELEASE-javadoc.jar!/" />
+    </JAVADOC>
+    <SOURCES>
+      <root url="jar://$USER_HOME$/.m2/repository/io/lettuce/lettuce-core/6.1.9.RELEASE/lettuce-core-6.1.9.RELEASE-sources.jar!/" />
+    </SOURCES>
+  </library>
+</component>
\ No newline at end of file
diff --git a/haobang-security-xdr/.idea/libraries/Maven__io_netty_netty_all_4_1_92_Final.xml b/haobang-security-xdr/.idea/libraries/Maven__io_netty_netty_all_4_1_92_Final.xml
new file mode 100644
index 0000000..f76f5f5
--- /dev/null
+++ b/haobang-security-xdr/.idea/libraries/Maven__io_netty_netty_all_4_1_92_Final.xml
@@ -0,0 +1,13 @@
+<component name="libraryTable">
+  <library name="Maven: io.netty:netty-all:4.1.92.Final">
+    <CLASSES>
+      <root url="jar://$USER_HOME$/.m2/repository/io/netty/netty-all/4.1.92.Final/netty-all-4.1.92.Final.jar!/" />
+    </CLASSES>
+    <JAVADOC>
+      <root url="jar://$USER_HOME$/.m2/repository/io/netty/netty-all/4.1.92.Final/netty-all-4.1.92.Final-javadoc.jar!/" />
+    </JAVADOC>
+    <SOURCES>
+      <root url="jar://$USER_HOME$/.m2/repository/io/netty/netty-all/4.1.92.Final/netty-all-4.1.92.Final-sources.jar!/" />
+    </SOURCES>
+  </library>
+</component>
\ No newline at end of file
diff --git a/haobang-security-xdr/.idea/libraries/Maven__io_netty_netty_buffer_4_1_82_Final.xml b/haobang-security-xdr/.idea/libraries/Maven__io_netty_netty_buffer_4_1_82_Final.xml
new file mode 100644
index 0000000..6b9b470
--- /dev/null
+++ b/haobang-security-xdr/.idea/libraries/Maven__io_netty_netty_buffer_4_1_82_Final.xml
@@ -0,0 +1,13 @@
+<component name="libraryTable">
+  <library name="Maven: io.netty:netty-buffer:4.1.82.Final">
+    <CLASSES>
+      <root url="jar://$USER_HOME$/.m2/repository/io/netty/netty-buffer/4.1.82.Final/netty-buffer-4.1.82.Final.jar!/" />
+    </CLASSES>
+    <JAVADOC>
+      <root url="jar://$USER_HOME$/.m2/repository/io/netty/netty-buffer/4.1.82.Final/netty-buffer-4.1.82.Final-javadoc.jar!/" />
+    </JAVADOC>
+    <SOURCES>
+      <root url="jar://$USER_HOME$/.m2/repository/io/netty/netty-buffer/4.1.82.Final/netty-buffer-4.1.82.Final-sources.jar!/" />
+    </SOURCES>
+  </library>
+</component>
\ No newline at end of file
diff --git a/haobang-security-xdr/.idea/libraries/Maven__io_netty_netty_buffer_4_1_92_Final.xml b/haobang-security-xdr/.idea/libraries/Maven__io_netty_netty_buffer_4_1_92_Final.xml
new file mode 100644
index 0000000..edea92b
--- /dev/null
+++ b/haobang-security-xdr/.idea/libraries/Maven__io_netty_netty_buffer_4_1_92_Final.xml
@@ -0,0 +1,13 @@
+<component name="libraryTable">
+  <library name="Maven: io.netty:netty-buffer:4.1.92.Final">
+    <CLASSES>
+      <root url="jar://$USER_HOME$/.m2/repository/io/netty/netty-buffer/4.1.92.Final/netty-buffer-4.1.92.Final.jar!/" />
+    </CLASSES>
+    <JAVADOC>
+      <root url="jar://$USER_HOME$/.m2/repository/io/netty/netty-buffer/4.1.92.Final/netty-buffer-4.1.92.Final-javadoc.jar!/" />
+    </JAVADOC>
+    <SOURCES>
+      <root url="jar://$USER_HOME$/.m2/repository/io/netty/netty-buffer/4.1.92.Final/netty-buffer-4.1.92.Final-sources.jar!/" />
+    </SOURCES>
+  </library>
+</component>
\ No newline at end of file
diff --git a/haobang-security-xdr/.idea/libraries/Maven__io_netty_netty_codec_4_1_82_Final.xml b/haobang-security-xdr/.idea/libraries/Maven__io_netty_netty_codec_4_1_82_Final.xml
new file mode 100644
index 0000000..c56d614
--- /dev/null
+++ b/haobang-security-xdr/.idea/libraries/Maven__io_netty_netty_codec_4_1_82_Final.xml
@@ -0,0 +1,13 @@
+<component name="libraryTable">
+  <library name="Maven: io.netty:netty-codec:4.1.82.Final">
+    <CLASSES>
+      <root url="jar://$USER_HOME$/.m2/repository/io/netty/netty-codec/4.1.82.Final/netty-codec-4.1.82.Final.jar!/" />
+    </CLASSES>
+    <JAVADOC>
+      <root url="jar://$USER_HOME$/.m2/repository/io/netty/netty-codec/4.1.82.Final/netty-codec-4.1.82.Final-javadoc.jar!/" />
+    </JAVADOC>
+    <SOURCES>
+      <root url="jar://$USER_HOME$/.m2/repository/io/netty/netty-codec/4.1.82.Final/netty-codec-4.1.82.Final-sources.jar!/" />
+    </SOURCES>
+  </library>
+</component>
\ No newline at end of file
diff --git a/haobang-security-xdr/.idea/libraries/Maven__io_netty_netty_codec_4_1_92_Final.xml b/haobang-security-xdr/.idea/libraries/Maven__io_netty_netty_codec_4_1_92_Final.xml
new file mode 100644
index 0000000..8f257d9
--- /dev/null
+++ b/haobang-security-xdr/.idea/libraries/Maven__io_netty_netty_codec_4_1_92_Final.xml
@@ -0,0 +1,13 @@
+<component name="libraryTable">
+  <library name="Maven: io.netty:netty-codec:4.1.92.Final">
+    <CLASSES>
+      <root url="jar://$USER_HOME$/.m2/repository/io/netty/netty-codec/4.1.92.Final/netty-codec-4.1.92.Final.jar!/" />
+    </CLASSES>
+    <JAVADOC>
+      <root url="jar://$USER_HOME$/.m2/repository/io/netty/netty-codec/4.1.92.Final/netty-codec-4.1.92.Final-javadoc.jar!/" />
+    </JAVADOC>
+    <SOURCES>
+      <root url="jar://$USER_HOME$/.m2/repository/io/netty/netty-codec/4.1.92.Final/netty-codec-4.1.92.Final-sources.jar!/" />
+    </SOURCES>
+  </library>
+</component>
\ No newline at end of file
diff --git a/haobang-security-xdr/.idea/libraries/Maven__io_netty_netty_codec_dns_4_1_92_Final.xml b/haobang-security-xdr/.idea/libraries/Maven__io_netty_netty_codec_dns_4_1_92_Final.xml
new file mode 100644
index 0000000..be9c952
--- /dev/null
+++ b/haobang-security-xdr/.idea/libraries/Maven__io_netty_netty_codec_dns_4_1_92_Final.xml
@@ -0,0 +1,13 @@
+<component name="libraryTable">
+  <library name="Maven: io.netty:netty-codec-dns:4.1.92.Final">
+    <CLASSES>
+      <root url="jar://$USER_HOME$/.m2/repository/io/netty/netty-codec-dns/4.1.92.Final/netty-codec-dns-4.1.92.Final.jar!/" />
+    </CLASSES>
+    <JAVADOC>
+      <root url="jar://$USER_HOME$/.m2/repository/io/netty/netty-codec-dns/4.1.92.Final/netty-codec-dns-4.1.92.Final-javadoc.jar!/" />
+    </JAVADOC>
+    <SOURCES>
+      <root url="jar://$USER_HOME$/.m2/repository/io/netty/netty-codec-dns/4.1.92.Final/netty-codec-dns-4.1.92.Final-sources.jar!/" />
+    </SOURCES>
+  </library>
+</component>
\ No newline at end of file
diff --git a/haobang-security-xdr/.idea/libraries/Maven__io_netty_netty_codec_haproxy_4_1_92_Final.xml b/haobang-security-xdr/.idea/libraries/Maven__io_netty_netty_codec_haproxy_4_1_92_Final.xml
new file mode 100644
index 0000000..79ed3fa
--- /dev/null
+++ b/haobang-security-xdr/.idea/libraries/Maven__io_netty_netty_codec_haproxy_4_1_92_Final.xml
@@ -0,0 +1,13 @@
+<component name="libraryTable">
+  <library name="Maven: io.netty:netty-codec-haproxy:4.1.92.Final">
+    <CLASSES>
+      <root url="jar://$USER_HOME$/.m2/repository/io/netty/netty-codec-haproxy/4.1.92.Final/netty-codec-haproxy-4.1.92.Final.jar!/" />
+    </CLASSES>
+    <JAVADOC>
+      <root url="jar://$USER_HOME$/.m2/repository/io/netty/netty-codec-haproxy/4.1.92.Final/netty-codec-haproxy-4.1.92.Final-javadoc.jar!/" />
+    </JAVADOC>
+    <SOURCES>
+      <root url="jar://$USER_HOME$/.m2/repository/io/netty/netty-codec-haproxy/4.1.92.Final/netty-codec-haproxy-4.1.92.Final-sources.jar!/" />
+    </SOURCES>
+  </library>
+</component>
\ No newline at end of file
diff --git a/haobang-security-xdr/.idea/libraries/Maven__io_netty_netty_codec_http2_4_1_92_Final.xml b/haobang-security-xdr/.idea/libraries/Maven__io_netty_netty_codec_http2_4_1_92_Final.xml
new file mode 100644
index 0000000..eef18fa
--- /dev/null
+++ b/haobang-security-xdr/.idea/libraries/Maven__io_netty_netty_codec_http2_4_1_92_Final.xml
@@ -0,0 +1,13 @@
+<component name="libraryTable">
+  <library name="Maven: io.netty:netty-codec-http2:4.1.92.Final">
+    <CLASSES>
+      <root url="jar://$USER_HOME$/.m2/repository/io/netty/netty-codec-http2/4.1.92.Final/netty-codec-http2-4.1.92.Final.jar!/" />
+    </CLASSES>
+    <JAVADOC>
+      <root url="jar://$USER_HOME$/.m2/repository/io/netty/netty-codec-http2/4.1.92.Final/netty-codec-http2-4.1.92.Final-javadoc.jar!/" />
+    </JAVADOC>
+    <SOURCES>
+      <root url="jar://$USER_HOME$/.m2/repository/io/netty/netty-codec-http2/4.1.92.Final/netty-codec-http2-4.1.92.Final-sources.jar!/" />
+    </SOURCES>
+  </library>
+</component>
\ No newline at end of file
diff --git a/haobang-security-xdr/.idea/libraries/Maven__io_netty_netty_codec_http_4_1_92_Final.xml b/haobang-security-xdr/.idea/libraries/Maven__io_netty_netty_codec_http_4_1_92_Final.xml
new file mode 100644
index 0000000..6680363
--- /dev/null
+++ b/haobang-security-xdr/.idea/libraries/Maven__io_netty_netty_codec_http_4_1_92_Final.xml
@@ -0,0 +1,13 @@
+<component name="libraryTable">
+  <library name="Maven: io.netty:netty-codec-http:4.1.92.Final">
+    <CLASSES>
+      <root url="jar://$USER_HOME$/.m2/repository/io/netty/netty-codec-http/4.1.92.Final/netty-codec-http-4.1.92.Final.jar!/" />
+    </CLASSES>
+    <JAVADOC>
+      <root url="jar://$USER_HOME$/.m2/repository/io/netty/netty-codec-http/4.1.92.Final/netty-codec-http-4.1.92.Final-javadoc.jar!/" />
+    </JAVADOC>
+    <SOURCES>
+      <root url="jar://$USER_HOME$/.m2/repository/io/netty/netty-codec-http/4.1.92.Final/netty-codec-http-4.1.92.Final-sources.jar!/" />
+    </SOURCES>
+  </library>
+</component>
\ No newline at end of file
diff --git a/haobang-security-xdr/.idea/libraries/Maven__io_netty_netty_codec_memcache_4_1_92_Final.xml b/haobang-security-xdr/.idea/libraries/Maven__io_netty_netty_codec_memcache_4_1_92_Final.xml
new file mode 100644
index 0000000..559a6cd
--- /dev/null
+++ b/haobang-security-xdr/.idea/libraries/Maven__io_netty_netty_codec_memcache_4_1_92_Final.xml
@@ -0,0 +1,13 @@
+<component name="libraryTable">
+  <library name="Maven: io.netty:netty-codec-memcache:4.1.92.Final">
+    <CLASSES>
+      <root url="jar://$USER_HOME$/.m2/repository/io/netty/netty-codec-memcache/4.1.92.Final/netty-codec-memcache-4.1.92.Final.jar!/" />
+    </CLASSES>
+    <JAVADOC>
+      <root url="jar://$USER_HOME$/.m2/repository/io/netty/netty-codec-memcache/4.1.92.Final/netty-codec-memcache-4.1.92.Final-javadoc.jar!/" />
+    </JAVADOC>
+    <SOURCES>
+      <root url="jar://$USER_HOME$/.m2/repository/io/netty/netty-codec-memcache/4.1.92.Final/netty-codec-memcache-4.1.92.Final-sources.jar!/" />
+    </SOURCES>
+  </library>
+</component>
\ No newline at end of file
diff --git a/haobang-security-xdr/.idea/libraries/Maven__io_netty_netty_codec_mqtt_4_1_92_Final.xml b/haobang-security-xdr/.idea/libraries/Maven__io_netty_netty_codec_mqtt_4_1_92_Final.xml
new file mode 100644
index 0000000..3fa6878
--- /dev/null
+++ b/haobang-security-xdr/.idea/libraries/Maven__io_netty_netty_codec_mqtt_4_1_92_Final.xml
@@ -0,0 +1,13 @@
+<component name="libraryTable">
+  <library name="Maven: io.netty:netty-codec-mqtt:4.1.92.Final">
+    <CLASSES>
+      <root url="jar://$USER_HOME$/.m2/repository/io/netty/netty-codec-mqtt/4.1.92.Final/netty-codec-mqtt-4.1.92.Final.jar!/" />
+    </CLASSES>
+    <JAVADOC>
+      <root url="jar://$USER_HOME$/.m2/repository/io/netty/netty-codec-mqtt/4.1.92.Final/netty-codec-mqtt-4.1.92.Final-javadoc.jar!/" />
+    </JAVADOC>
+    <SOURCES>
+      <root url="jar://$USER_HOME$/.m2/repository/io/netty/netty-codec-mqtt/4.1.92.Final/netty-codec-mqtt-4.1.92.Final-sources.jar!/" />
+    </SOURCES>
+  </library>
+</component>
\ No newline at end of file
diff --git a/haobang-security-xdr/.idea/libraries/Maven__io_netty_netty_codec_redis_4_1_92_Final.xml b/haobang-security-xdr/.idea/libraries/Maven__io_netty_netty_codec_redis_4_1_92_Final.xml
new file mode 100644
index 0000000..6136e00
--- /dev/null
+++ b/haobang-security-xdr/.idea/libraries/Maven__io_netty_netty_codec_redis_4_1_92_Final.xml
@@ -0,0 +1,13 @@
+<component name="libraryTable">
+  <library name="Maven: io.netty:netty-codec-redis:4.1.92.Final">
+    <CLASSES>
+      <root url="jar://$USER_HOME$/.m2/repository/io/netty/netty-codec-redis/4.1.92.Final/netty-codec-redis-4.1.92.Final.jar!/" />
+    </CLASSES>
+    <JAVADOC>
+      <root url="jar://$USER_HOME$/.m2/repository/io/netty/netty-codec-redis/4.1.92.Final/netty-codec-redis-4.1.92.Final-javadoc.jar!/" />
+    </JAVADOC>
+    <SOURCES>
+      <root url="jar://$USER_HOME$/.m2/repository/io/netty/netty-codec-redis/4.1.92.Final/netty-codec-redis-4.1.92.Final-sources.jar!/" />
+    </SOURCES>
+  </library>
+</component>
\ No newline at end of file
diff --git a/haobang-security-xdr/.idea/libraries/Maven__io_netty_netty_codec_smtp_4_1_92_Final.xml b/haobang-security-xdr/.idea/libraries/Maven__io_netty_netty_codec_smtp_4_1_92_Final.xml
new file mode 100644
index 0000000..51dd04d
--- /dev/null
+++ b/haobang-security-xdr/.idea/libraries/Maven__io_netty_netty_codec_smtp_4_1_92_Final.xml
@@ -0,0 +1,13 @@
+<component name="libraryTable">
+  <library name="Maven: io.netty:netty-codec-smtp:4.1.92.Final">
+    <CLASSES>
+      <root url="jar://$USER_HOME$/.m2/repository/io/netty/netty-codec-smtp/4.1.92.Final/netty-codec-smtp-4.1.92.Final.jar!/" />
+    </CLASSES>
+    <JAVADOC>
+      <root url="jar://$USER_HOME$/.m2/repository/io/netty/netty-codec-smtp/4.1.92.Final/netty-codec-smtp-4.1.92.Final-javadoc.jar!/" />
+    </JAVADOC>
+    <SOURCES>
+      <root url="jar://$USER_HOME$/.m2/repository/io/netty/netty-codec-smtp/4.1.92.Final/netty-codec-smtp-4.1.92.Final-sources.jar!/" />
+    </SOURCES>
+  </library>
+</component>
\ No newline at end of file
diff --git a/haobang-security-xdr/.idea/libraries/Maven__io_netty_netty_codec_socks_4_1_92_Final.xml b/haobang-security-xdr/.idea/libraries/Maven__io_netty_netty_codec_socks_4_1_92_Final.xml
new file mode 100644
index 0000000..e208cae
--- /dev/null
+++ b/haobang-security-xdr/.idea/libraries/Maven__io_netty_netty_codec_socks_4_1_92_Final.xml
@@ -0,0 +1,13 @@
+<component name="libraryTable">
+  <library name="Maven: io.netty:netty-codec-socks:4.1.92.Final">
+    <CLASSES>
+      <root url="jar://$USER_HOME$/.m2/repository/io/netty/netty-codec-socks/4.1.92.Final/netty-codec-socks-4.1.92.Final.jar!/" />
+    </CLASSES>
+    <JAVADOC>
+      <root url="jar://$USER_HOME$/.m2/repository/io/netty/netty-codec-socks/4.1.92.Final/netty-codec-socks-4.1.92.Final-javadoc.jar!/" />
+    </JAVADOC>
+    <SOURCES>
+      <root url="jar://$USER_HOME$/.m2/repository/io/netty/netty-codec-socks/4.1.92.Final/netty-codec-socks-4.1.92.Final-sources.jar!/" />
+    </SOURCES>
+  </library>
+</component>
\ No newline at end of file
diff --git a/haobang-security-xdr/.idea/libraries/Maven__io_netty_netty_codec_stomp_4_1_92_Final.xml b/haobang-security-xdr/.idea/libraries/Maven__io_netty_netty_codec_stomp_4_1_92_Final.xml
new file mode 100644
index 0000000..c0c0f67
--- /dev/null
+++ b/haobang-security-xdr/.idea/libraries/Maven__io_netty_netty_codec_stomp_4_1_92_Final.xml
@@ -0,0 +1,13 @@
+<component name="libraryTable">
+  <library name="Maven: io.netty:netty-codec-stomp:4.1.92.Final">
+    <CLASSES>
+      <root url="jar://$USER_HOME$/.m2/repository/io/netty/netty-codec-stomp/4.1.92.Final/netty-codec-stomp-4.1.92.Final.jar!/" />
+    </CLASSES>
+    <JAVADOC>
+      <root url="jar://$USER_HOME$/.m2/repository/io/netty/netty-codec-stomp/4.1.92.Final/netty-codec-stomp-4.1.92.Final-javadoc.jar!/" />
+    </JAVADOC>
+    <SOURCES>
+      <root url="jar://$USER_HOME$/.m2/repository/io/netty/netty-codec-stomp/4.1.92.Final/netty-codec-stomp-4.1.92.Final-sources.jar!/" />
+    </SOURCES>
+  </library>
+</component>
\ No newline at end of file
diff --git a/haobang-security-xdr/.idea/libraries/Maven__io_netty_netty_codec_xml_4_1_92_Final.xml b/haobang-security-xdr/.idea/libraries/Maven__io_netty_netty_codec_xml_4_1_92_Final.xml
new file mode 100644
index 0000000..f54bed3
--- /dev/null
+++ b/haobang-security-xdr/.idea/libraries/Maven__io_netty_netty_codec_xml_4_1_92_Final.xml
@@ -0,0 +1,13 @@
+<component name="libraryTable">
+  <library name="Maven: io.netty:netty-codec-xml:4.1.92.Final">
+    <CLASSES>
+      <root url="jar://$USER_HOME$/.m2/repository/io/netty/netty-codec-xml/4.1.92.Final/netty-codec-xml-4.1.92.Final.jar!/" />
+    </CLASSES>
+    <JAVADOC>
+      <root url="jar://$USER_HOME$/.m2/repository/io/netty/netty-codec-xml/4.1.92.Final/netty-codec-xml-4.1.92.Final-javadoc.jar!/" />
+    </JAVADOC>
+    <SOURCES>
+      <root url="jar://$USER_HOME$/.m2/repository/io/netty/netty-codec-xml/4.1.92.Final/netty-codec-xml-4.1.92.Final-sources.jar!/" />
+    </SOURCES>
+  </library>
+</component>
\ No newline at end of file
diff --git a/haobang-security-xdr/.idea/libraries/Maven__io_netty_netty_common_4_1_82_Final.xml b/haobang-security-xdr/.idea/libraries/Maven__io_netty_netty_common_4_1_82_Final.xml
new file mode 100644
index 0000000..eb3455a
--- /dev/null
+++ b/haobang-security-xdr/.idea/libraries/Maven__io_netty_netty_common_4_1_82_Final.xml
@@ -0,0 +1,13 @@
+<component name="libraryTable">
+  <library name="Maven: io.netty:netty-common:4.1.82.Final">
+    <CLASSES>
+      <root url="jar://$USER_HOME$/.m2/repository/io/netty/netty-common/4.1.82.Final/netty-common-4.1.82.Final.jar!/" />
+    </CLASSES>
+    <JAVADOC>
+      <root url="jar://$USER_HOME$/.m2/repository/io/netty/netty-common/4.1.82.Final/netty-common-4.1.82.Final-javadoc.jar!/" />
+    </JAVADOC>
+    <SOURCES>
+      <root url="jar://$USER_HOME$/.m2/repository/io/netty/netty-common/4.1.82.Final/netty-common-4.1.82.Final-sources.jar!/" />
+    </SOURCES>
+  </library>
+</component>
\ No newline at end of file
diff --git a/haobang-security-xdr/.idea/libraries/Maven__io_netty_netty_common_4_1_92_Final.xml b/haobang-security-xdr/.idea/libraries/Maven__io_netty_netty_common_4_1_92_Final.xml
new file mode 100644
index 0000000..51e2c8b
--- /dev/null
+++ b/haobang-security-xdr/.idea/libraries/Maven__io_netty_netty_common_4_1_92_Final.xml
@@ -0,0 +1,13 @@
+<component name="libraryTable">
+  <library name="Maven: io.netty:netty-common:4.1.92.Final">
+    <CLASSES>
+      <root url="jar://$USER_HOME$/.m2/repository/io/netty/netty-common/4.1.92.Final/netty-common-4.1.92.Final.jar!/" />
+    </CLASSES>
+    <JAVADOC>
+      <root url="jar://$USER_HOME$/.m2/repository/io/netty/netty-common/4.1.92.Final/netty-common-4.1.92.Final-javadoc.jar!/" />
+    </JAVADOC>
+    <SOURCES>
+      <root url="jar://$USER_HOME$/.m2/repository/io/netty/netty-common/4.1.92.Final/netty-common-4.1.92.Final-sources.jar!/" />
+    </SOURCES>
+  </library>
+</component>
\ No newline at end of file
diff --git a/haobang-security-xdr/.idea/libraries/Maven__io_netty_netty_handler_4_1_82_Final.xml b/haobang-security-xdr/.idea/libraries/Maven__io_netty_netty_handler_4_1_82_Final.xml
new file mode 100644
index 0000000..f669c41
--- /dev/null
+++ b/haobang-security-xdr/.idea/libraries/Maven__io_netty_netty_handler_4_1_82_Final.xml
@@ -0,0 +1,13 @@
+<component name="libraryTable">
+  <library name="Maven: io.netty:netty-handler:4.1.82.Final">
+    <CLASSES>
+      <root url="jar://$USER_HOME$/.m2/repository/io/netty/netty-handler/4.1.82.Final/netty-handler-4.1.82.Final.jar!/" />
+    </CLASSES>
+    <JAVADOC>
+      <root url="jar://$USER_HOME$/.m2/repository/io/netty/netty-handler/4.1.82.Final/netty-handler-4.1.82.Final-javadoc.jar!/" />
+    </JAVADOC>
+    <SOURCES>
+      <root url="jar://$USER_HOME$/.m2/repository/io/netty/netty-handler/4.1.82.Final/netty-handler-4.1.82.Final-sources.jar!/" />
+    </SOURCES>
+  </library>
+</component>
\ No newline at end of file
diff --git a/haobang-security-xdr/.idea/libraries/Maven__io_netty_netty_handler_4_1_92_Final.xml b/haobang-security-xdr/.idea/libraries/Maven__io_netty_netty_handler_4_1_92_Final.xml
new file mode 100644
index 0000000..1584179
--- /dev/null
+++ b/haobang-security-xdr/.idea/libraries/Maven__io_netty_netty_handler_4_1_92_Final.xml
@@ -0,0 +1,13 @@
+<component name="libraryTable">
+  <library name="Maven: io.netty:netty-handler:4.1.92.Final">
+    <CLASSES>
+      <root url="jar://$USER_HOME$/.m2/repository/io/netty/netty-handler/4.1.92.Final/netty-handler-4.1.92.Final.jar!/" />
+    </CLASSES>
+    <JAVADOC>
+      <root url="jar://$USER_HOME$/.m2/repository/io/netty/netty-handler/4.1.92.Final/netty-handler-4.1.92.Final-javadoc.jar!/" />
+    </JAVADOC>
+    <SOURCES>
+      <root url="jar://$USER_HOME$/.m2/repository/io/netty/netty-handler/4.1.92.Final/netty-handler-4.1.92.Final-sources.jar!/" />
+    </SOURCES>
+  </library>
+</component>
\ No newline at end of file
diff --git a/haobang-security-xdr/.idea/libraries/Maven__io_netty_netty_handler_proxy_4_1_92_Final.xml b/haobang-security-xdr/.idea/libraries/Maven__io_netty_netty_handler_proxy_4_1_92_Final.xml
new file mode 100644
index 0000000..58edae4
--- /dev/null
+++ b/haobang-security-xdr/.idea/libraries/Maven__io_netty_netty_handler_proxy_4_1_92_Final.xml
@@ -0,0 +1,13 @@
+<component name="libraryTable">
+  <library name="Maven: io.netty:netty-handler-proxy:4.1.92.Final">
+    <CLASSES>
+      <root url="jar://$USER_HOME$/.m2/repository/io/netty/netty-handler-proxy/4.1.92.Final/netty-handler-proxy-4.1.92.Final.jar!/" />
+    </CLASSES>
+    <JAVADOC>
+      <root url="jar://$USER_HOME$/.m2/repository/io/netty/netty-handler-proxy/4.1.92.Final/netty-handler-proxy-4.1.92.Final-javadoc.jar!/" />
+    </JAVADOC>
+    <SOURCES>
+      <root url="jar://$USER_HOME$/.m2/repository/io/netty/netty-handler-proxy/4.1.92.Final/netty-handler-proxy-4.1.92.Final-sources.jar!/" />
+    </SOURCES>
+  </library>
+</component>
\ No newline at end of file
diff --git a/haobang-security-xdr/.idea/libraries/Maven__io_netty_netty_handler_ssl_ocsp_4_1_92_Final.xml b/haobang-security-xdr/.idea/libraries/Maven__io_netty_netty_handler_ssl_ocsp_4_1_92_Final.xml
new file mode 100644
index 0000000..6e11e91
--- /dev/null
+++ b/haobang-security-xdr/.idea/libraries/Maven__io_netty_netty_handler_ssl_ocsp_4_1_92_Final.xml
@@ -0,0 +1,13 @@
+<component name="libraryTable">
+  <library name="Maven: io.netty:netty-handler-ssl-ocsp:4.1.92.Final">
+    <CLASSES>
+      <root url="jar://$USER_HOME$/.m2/repository/io/netty/netty-handler-ssl-ocsp/4.1.92.Final/netty-handler-ssl-ocsp-4.1.92.Final.jar!/" />
+    </CLASSES>
+    <JAVADOC>
+      <root url="jar://$USER_HOME$/.m2/repository/io/netty/netty-handler-ssl-ocsp/4.1.92.Final/netty-handler-ssl-ocsp-4.1.92.Final-javadoc.jar!/" />
+    </JAVADOC>
+    <SOURCES>
+      <root url="jar://$USER_HOME$/.m2/repository/io/netty/netty-handler-ssl-ocsp/4.1.92.Final/netty-handler-ssl-ocsp-4.1.92.Final-sources.jar!/" />
+    </SOURCES>
+  </library>
+</component>
\ No newline at end of file
diff --git a/haobang-security-xdr/.idea/libraries/Maven__io_netty_netty_resolver_4_1_82_Final.xml b/haobang-security-xdr/.idea/libraries/Maven__io_netty_netty_resolver_4_1_82_Final.xml
new file mode 100644
index 0000000..367dfa6
--- /dev/null
+++ b/haobang-security-xdr/.idea/libraries/Maven__io_netty_netty_resolver_4_1_82_Final.xml
@@ -0,0 +1,13 @@
+<component name="libraryTable">
+  <library name="Maven: io.netty:netty-resolver:4.1.82.Final">
+    <CLASSES>
+      <root url="jar://$USER_HOME$/.m2/repository/io/netty/netty-resolver/4.1.82.Final/netty-resolver-4.1.82.Final.jar!/" />
+    </CLASSES>
+    <JAVADOC>
+      <root url="jar://$USER_HOME$/.m2/repository/io/netty/netty-resolver/4.1.82.Final/netty-resolver-4.1.82.Final-javadoc.jar!/" />
+    </JAVADOC>
+    <SOURCES>
+      <root url="jar://$USER_HOME$/.m2/repository/io/netty/netty-resolver/4.1.82.Final/netty-resolver-4.1.82.Final-sources.jar!/" />
+    </SOURCES>
+  </library>
+</component>
\ No newline at end of file
diff --git a/haobang-security-xdr/.idea/libraries/Maven__io_netty_netty_resolver_4_1_92_Final.xml b/haobang-security-xdr/.idea/libraries/Maven__io_netty_netty_resolver_4_1_92_Final.xml
new file mode 100644
index 0000000..b8f548a
--- /dev/null
+++ b/haobang-security-xdr/.idea/libraries/Maven__io_netty_netty_resolver_4_1_92_Final.xml
@@ -0,0 +1,13 @@
+<component name="libraryTable">
+  <library name="Maven: io.netty:netty-resolver:4.1.92.Final">
+    <CLASSES>
+      <root url="jar://$USER_HOME$/.m2/repository/io/netty/netty-resolver/4.1.92.Final/netty-resolver-4.1.92.Final.jar!/" />
+    </CLASSES>
+    <JAVADOC>
+      <root url="jar://$USER_HOME$/.m2/repository/io/netty/netty-resolver/4.1.92.Final/netty-resolver-4.1.92.Final-javadoc.jar!/" />
+    </JAVADOC>
+    <SOURCES>
+      <root url="jar://$USER_HOME$/.m2/repository/io/netty/netty-resolver/4.1.92.Final/netty-resolver-4.1.92.Final-sources.jar!/" />
+    </SOURCES>
+  </library>
+</component>
\ No newline at end of file
diff --git a/haobang-security-xdr/.idea/libraries/Maven__io_netty_netty_resolver_dns_4_1_92_Final.xml b/haobang-security-xdr/.idea/libraries/Maven__io_netty_netty_resolver_dns_4_1_92_Final.xml
new file mode 100644
index 0000000..33b48f9
--- /dev/null
+++ b/haobang-security-xdr/.idea/libraries/Maven__io_netty_netty_resolver_dns_4_1_92_Final.xml
@@ -0,0 +1,13 @@
+<component name="libraryTable">
+  <library name="Maven: io.netty:netty-resolver-dns:4.1.92.Final">
+    <CLASSES>
+      <root url="jar://$USER_HOME$/.m2/repository/io/netty/netty-resolver-dns/4.1.92.Final/netty-resolver-dns-4.1.92.Final.jar!/" />
+    </CLASSES>
+    <JAVADOC>
+      <root url="jar://$USER_HOME$/.m2/repository/io/netty/netty-resolver-dns/4.1.92.Final/netty-resolver-dns-4.1.92.Final-javadoc.jar!/" />
+    </JAVADOC>
+    <SOURCES>
+      <root url="jar://$USER_HOME$/.m2/repository/io/netty/netty-resolver-dns/4.1.92.Final/netty-resolver-dns-4.1.92.Final-sources.jar!/" />
+    </SOURCES>
+  </library>
+</component>
\ No newline at end of file
diff --git a/haobang-security-xdr/.idea/libraries/Maven__io_netty_netty_resolver_dns_classes_macos_4_1_92_Final.xml b/haobang-security-xdr/.idea/libraries/Maven__io_netty_netty_resolver_dns_classes_macos_4_1_92_Final.xml
new file mode 100644
index 0000000..635a97f
--- /dev/null
+++ b/haobang-security-xdr/.idea/libraries/Maven__io_netty_netty_resolver_dns_classes_macos_4_1_92_Final.xml
@@ -0,0 +1,13 @@
+<component name="libraryTable">
+  <library name="Maven: io.netty:netty-resolver-dns-classes-macos:4.1.92.Final">
+    <CLASSES>
+      <root url="jar://$USER_HOME$/.m2/repository/io/netty/netty-resolver-dns-classes-macos/4.1.92.Final/netty-resolver-dns-classes-macos-4.1.92.Final.jar!/" />
+    </CLASSES>
+    <JAVADOC>
+      <root url="jar://$USER_HOME$/.m2/repository/io/netty/netty-resolver-dns-classes-macos/4.1.92.Final/netty-resolver-dns-classes-macos-4.1.92.Final-javadoc.jar!/" />
+    </JAVADOC>
+    <SOURCES>
+      <root url="jar://$USER_HOME$/.m2/repository/io/netty/netty-resolver-dns-classes-macos/4.1.92.Final/netty-resolver-dns-classes-macos-4.1.92.Final-sources.jar!/" />
+    </SOURCES>
+  </library>
+</component>
\ No newline at end of file
diff --git a/haobang-security-xdr/.idea/libraries/Maven__io_netty_netty_resolver_dns_native_macos_osx_aarch_64_4_1_92_Final.xml b/haobang-security-xdr/.idea/libraries/Maven__io_netty_netty_resolver_dns_native_macos_osx_aarch_64_4_1_92_Final.xml
new file mode 100644
index 0000000..d321d29
--- /dev/null
+++ b/haobang-security-xdr/.idea/libraries/Maven__io_netty_netty_resolver_dns_native_macos_osx_aarch_64_4_1_92_Final.xml
@@ -0,0 +1,13 @@
+<component name="libraryTable">
+  <library name="Maven: io.netty:netty-resolver-dns-native-macos:osx-aarch_64:4.1.92.Final">
+    <CLASSES>
+      <root url="jar://$USER_HOME$/.m2/repository/io/netty/netty-resolver-dns-native-macos/4.1.92.Final/netty-resolver-dns-native-macos-4.1.92.Final-osx-aarch_64.jar!/" />
+    </CLASSES>
+    <JAVADOC>
+      <root url="jar://$USER_HOME$/.m2/repository/io/netty/netty-resolver-dns-native-macos/4.1.92.Final/netty-resolver-dns-native-macos-4.1.92.Final-javadoc.jar!/" />
+    </JAVADOC>
+    <SOURCES>
+      <root url="jar://$USER_HOME$/.m2/repository/io/netty/netty-resolver-dns-native-macos/4.1.92.Final/netty-resolver-dns-native-macos-4.1.92.Final-sources.jar!/" />
+    </SOURCES>
+  </library>
+</component>
\ No newline at end of file
diff --git a/haobang-security-xdr/.idea/libraries/Maven__io_netty_netty_resolver_dns_native_macos_osx_x86_64_4_1_92_Final.xml b/haobang-security-xdr/.idea/libraries/Maven__io_netty_netty_resolver_dns_native_macos_osx_x86_64_4_1_92_Final.xml
new file mode 100644
index 0000000..8728eba
--- /dev/null
+++ b/haobang-security-xdr/.idea/libraries/Maven__io_netty_netty_resolver_dns_native_macos_osx_x86_64_4_1_92_Final.xml
@@ -0,0 +1,13 @@
+<component name="libraryTable">
+  <library name="Maven: io.netty:netty-resolver-dns-native-macos:osx-x86_64:4.1.92.Final">
+    <CLASSES>
+      <root url="jar://$USER_HOME$/.m2/repository/io/netty/netty-resolver-dns-native-macos/4.1.92.Final/netty-resolver-dns-native-macos-4.1.92.Final-osx-x86_64.jar!/" />
+    </CLASSES>
+    <JAVADOC>
+      <root url="jar://$USER_HOME$/.m2/repository/io/netty/netty-resolver-dns-native-macos/4.1.92.Final/netty-resolver-dns-native-macos-4.1.92.Final-javadoc.jar!/" />
+    </JAVADOC>
+    <SOURCES>
+      <root url="jar://$USER_HOME$/.m2/repository/io/netty/netty-resolver-dns-native-macos/4.1.92.Final/netty-resolver-dns-native-macos-4.1.92.Final-sources.jar!/" />
+    </SOURCES>
+  </library>
+</component>
\ No newline at end of file
diff --git a/haobang-security-xdr/.idea/libraries/Maven__io_netty_netty_transport_4_1_82_Final.xml b/haobang-security-xdr/.idea/libraries/Maven__io_netty_netty_transport_4_1_82_Final.xml
new file mode 100644
index 0000000..fc396f2
--- /dev/null
+++ b/haobang-security-xdr/.idea/libraries/Maven__io_netty_netty_transport_4_1_82_Final.xml
@@ -0,0 +1,13 @@
+<component name="libraryTable">
+  <library name="Maven: io.netty:netty-transport:4.1.82.Final">
+    <CLASSES>
+      <root url="jar://$USER_HOME$/.m2/repository/io/netty/netty-transport/4.1.82.Final/netty-transport-4.1.82.Final.jar!/" />
+    </CLASSES>
+    <JAVADOC>
+      <root url="jar://$USER_HOME$/.m2/repository/io/netty/netty-transport/4.1.82.Final/netty-transport-4.1.82.Final-javadoc.jar!/" />
+    </JAVADOC>
+    <SOURCES>
+      <root url="jar://$USER_HOME$/.m2/repository/io/netty/netty-transport/4.1.82.Final/netty-transport-4.1.82.Final-sources.jar!/" />
+    </SOURCES>
+  </library>
+</component>
\ No newline at end of file
diff --git a/haobang-security-xdr/.idea/libraries/Maven__io_netty_netty_transport_4_1_92_Final.xml b/haobang-security-xdr/.idea/libraries/Maven__io_netty_netty_transport_4_1_92_Final.xml
new file mode 100644
index 0000000..f637738
--- /dev/null
+++ b/haobang-security-xdr/.idea/libraries/Maven__io_netty_netty_transport_4_1_92_Final.xml
@@ -0,0 +1,13 @@
+<component name="libraryTable">
+  <library name="Maven: io.netty:netty-transport:4.1.92.Final">
+    <CLASSES>
+      <root url="jar://$USER_HOME$/.m2/repository/io/netty/netty-transport/4.1.92.Final/netty-transport-4.1.92.Final.jar!/" />
+    </CLASSES>
+    <JAVADOC>
+      <root url="jar://$USER_HOME$/.m2/repository/io/netty/netty-transport/4.1.92.Final/netty-transport-4.1.92.Final-javadoc.jar!/" />
+    </JAVADOC>
+    <SOURCES>
+      <root url="jar://$USER_HOME$/.m2/repository/io/netty/netty-transport/4.1.92.Final/netty-transport-4.1.92.Final-sources.jar!/" />
+    </SOURCES>
+  </library>
+</component>
\ No newline at end of file
diff --git a/haobang-security-xdr/.idea/libraries/Maven__io_netty_netty_transport_classes_epoll_4_1_92_Final.xml b/haobang-security-xdr/.idea/libraries/Maven__io_netty_netty_transport_classes_epoll_4_1_92_Final.xml
new file mode 100644
index 0000000..9455eb0
--- /dev/null
+++ b/haobang-security-xdr/.idea/libraries/Maven__io_netty_netty_transport_classes_epoll_4_1_92_Final.xml
@@ -0,0 +1,13 @@
+<component name="libraryTable">
+  <library name="Maven: io.netty:netty-transport-classes-epoll:4.1.92.Final">
+    <CLASSES>
+      <root url="jar://$USER_HOME$/.m2/repository/io/netty/netty-transport-classes-epoll/4.1.92.Final/netty-transport-classes-epoll-4.1.92.Final.jar!/" />
+    </CLASSES>
+    <JAVADOC>
+      <root url="jar://$USER_HOME$/.m2/repository/io/netty/netty-transport-classes-epoll/4.1.92.Final/netty-transport-classes-epoll-4.1.92.Final-javadoc.jar!/" />
+    </JAVADOC>
+    <SOURCES>
+      <root url="jar://$USER_HOME$/.m2/repository/io/netty/netty-transport-classes-epoll/4.1.92.Final/netty-transport-classes-epoll-4.1.92.Final-sources.jar!/" />
+    </SOURCES>
+  </library>
+</component>
\ No newline at end of file
diff --git a/haobang-security-xdr/.idea/libraries/Maven__io_netty_netty_transport_classes_kqueue_4_1_92_Final.xml b/haobang-security-xdr/.idea/libraries/Maven__io_netty_netty_transport_classes_kqueue_4_1_92_Final.xml
new file mode 100644
index 0000000..95fd744
--- /dev/null
+++ b/haobang-security-xdr/.idea/libraries/Maven__io_netty_netty_transport_classes_kqueue_4_1_92_Final.xml
@@ -0,0 +1,13 @@
+<component name="libraryTable">
+  <library name="Maven: io.netty:netty-transport-classes-kqueue:4.1.92.Final">
+    <CLASSES>
+      <root url="jar://$USER_HOME$/.m2/repository/io/netty/netty-transport-classes-kqueue/4.1.92.Final/netty-transport-classes-kqueue-4.1.92.Final.jar!/" />
+    </CLASSES>
+    <JAVADOC>
+      <root url="jar://$USER_HOME$/.m2/repository/io/netty/netty-transport-classes-kqueue/4.1.92.Final/netty-transport-classes-kqueue-4.1.92.Final-javadoc.jar!/" />
+    </JAVADOC>
+    <SOURCES>
+      <root url="jar://$USER_HOME$/.m2/repository/io/netty/netty-transport-classes-kqueue/4.1.92.Final/netty-transport-classes-kqueue-4.1.92.Final-sources.jar!/" />
+    </SOURCES>
+  </library>
+</component>
\ No newline at end of file
diff --git a/haobang-security-xdr/.idea/libraries/Maven__io_netty_netty_transport_native_epoll_linux_aarch_64_4_1_92_Final.xml b/haobang-security-xdr/.idea/libraries/Maven__io_netty_netty_transport_native_epoll_linux_aarch_64_4_1_92_Final.xml
new file mode 100644
index 0000000..0338550
--- /dev/null
+++ b/haobang-security-xdr/.idea/libraries/Maven__io_netty_netty_transport_native_epoll_linux_aarch_64_4_1_92_Final.xml
@@ -0,0 +1,13 @@
+<component name="libraryTable">
+  <library name="Maven: io.netty:netty-transport-native-epoll:linux-aarch_64:4.1.92.Final">
+    <CLASSES>
+      <root url="jar://$USER_HOME$/.m2/repository/io/netty/netty-transport-native-epoll/4.1.92.Final/netty-transport-native-epoll-4.1.92.Final-linux-aarch_64.jar!/" />
+    </CLASSES>
+    <JAVADOC>
+      <root url="jar://$USER_HOME$/.m2/repository/io/netty/netty-transport-native-epoll/4.1.92.Final/netty-transport-native-epoll-4.1.92.Final-javadoc.jar!/" />
+    </JAVADOC>
+    <SOURCES>
+      <root url="jar://$USER_HOME$/.m2/repository/io/netty/netty-transport-native-epoll/4.1.92.Final/netty-transport-native-epoll-4.1.92.Final-sources.jar!/" />
+    </SOURCES>
+  </library>
+</component>
\ No newline at end of file
diff --git a/haobang-security-xdr/.idea/libraries/Maven__io_netty_netty_transport_native_epoll_linux_x86_64_4_1_92_Final.xml b/haobang-security-xdr/.idea/libraries/Maven__io_netty_netty_transport_native_epoll_linux_x86_64_4_1_92_Final.xml
new file mode 100644
index 0000000..51b4c09
--- /dev/null
+++ b/haobang-security-xdr/.idea/libraries/Maven__io_netty_netty_transport_native_epoll_linux_x86_64_4_1_92_Final.xml
@@ -0,0 +1,13 @@
+<component name="libraryTable">
+  <library name="Maven: io.netty:netty-transport-native-epoll:linux-x86_64:4.1.92.Final">
+    <CLASSES>
+      <root url="jar://$USER_HOME$/.m2/repository/io/netty/netty-transport-native-epoll/4.1.92.Final/netty-transport-native-epoll-4.1.92.Final-linux-x86_64.jar!/" />
+    </CLASSES>
+    <JAVADOC>
+      <root url="jar://$USER_HOME$/.m2/repository/io/netty/netty-transport-native-epoll/4.1.92.Final/netty-transport-native-epoll-4.1.92.Final-javadoc.jar!/" />
+    </JAVADOC>
+    <SOURCES>
+      <root url="jar://$USER_HOME$/.m2/repository/io/netty/netty-transport-native-epoll/4.1.92.Final/netty-transport-native-epoll-4.1.92.Final-sources.jar!/" />
+    </SOURCES>
+  </library>
+</component>
\ No newline at end of file
diff --git a/haobang-security-xdr/.idea/libraries/Maven__io_netty_netty_transport_native_kqueue_osx_aarch_64_4_1_92_Final.xml b/haobang-security-xdr/.idea/libraries/Maven__io_netty_netty_transport_native_kqueue_osx_aarch_64_4_1_92_Final.xml
new file mode 100644
index 0000000..bb61321
--- /dev/null
+++ b/haobang-security-xdr/.idea/libraries/Maven__io_netty_netty_transport_native_kqueue_osx_aarch_64_4_1_92_Final.xml
@@ -0,0 +1,13 @@
+<component name="libraryTable">
+  <library name="Maven: io.netty:netty-transport-native-kqueue:osx-aarch_64:4.1.92.Final">
+    <CLASSES>
+      <root url="jar://$USER_HOME$/.m2/repository/io/netty/netty-transport-native-kqueue/4.1.92.Final/netty-transport-native-kqueue-4.1.92.Final-osx-aarch_64.jar!/" />
+    </CLASSES>
+    <JAVADOC>
+      <root url="jar://$USER_HOME$/.m2/repository/io/netty/netty-transport-native-kqueue/4.1.92.Final/netty-transport-native-kqueue-4.1.92.Final-javadoc.jar!/" />
+    </JAVADOC>
+    <SOURCES>
+      <root url="jar://$USER_HOME$/.m2/repository/io/netty/netty-transport-native-kqueue/4.1.92.Final/netty-transport-native-kqueue-4.1.92.Final-sources.jar!/" />
+    </SOURCES>
+  </library>
+</component>
\ No newline at end of file
diff --git a/haobang-security-xdr/.idea/libraries/Maven__io_netty_netty_transport_native_kqueue_osx_x86_64_4_1_92_Final.xml b/haobang-security-xdr/.idea/libraries/Maven__io_netty_netty_transport_native_kqueue_osx_x86_64_4_1_92_Final.xml
new file mode 100644
index 0000000..ebc3ca2
--- /dev/null
+++ b/haobang-security-xdr/.idea/libraries/Maven__io_netty_netty_transport_native_kqueue_osx_x86_64_4_1_92_Final.xml
@@ -0,0 +1,13 @@
+<component name="libraryTable">
+  <library name="Maven: io.netty:netty-transport-native-kqueue:osx-x86_64:4.1.92.Final">
+    <CLASSES>
+      <root url="jar://$USER_HOME$/.m2/repository/io/netty/netty-transport-native-kqueue/4.1.92.Final/netty-transport-native-kqueue-4.1.92.Final-osx-x86_64.jar!/" />
+    </CLASSES>
+    <JAVADOC>
+      <root url="jar://$USER_HOME$/.m2/repository/io/netty/netty-transport-native-kqueue/4.1.92.Final/netty-transport-native-kqueue-4.1.92.Final-javadoc.jar!/" />
+    </JAVADOC>
+    <SOURCES>
+      <root url="jar://$USER_HOME$/.m2/repository/io/netty/netty-transport-native-kqueue/4.1.92.Final/netty-transport-native-kqueue-4.1.92.Final-sources.jar!/" />
+    </SOURCES>
+  </library>
+</component>
\ No newline at end of file
diff --git a/haobang-security-xdr/.idea/libraries/Maven__io_netty_netty_transport_native_unix_common_4_1_82_Final.xml b/haobang-security-xdr/.idea/libraries/Maven__io_netty_netty_transport_native_unix_common_4_1_82_Final.xml
new file mode 100644
index 0000000..0797e93
--- /dev/null
+++ b/haobang-security-xdr/.idea/libraries/Maven__io_netty_netty_transport_native_unix_common_4_1_82_Final.xml
@@ -0,0 +1,13 @@
+<component name="libraryTable">
+  <library name="Maven: io.netty:netty-transport-native-unix-common:4.1.82.Final">
+    <CLASSES>
+      <root url="jar://$USER_HOME$/.m2/repository/io/netty/netty-transport-native-unix-common/4.1.82.Final/netty-transport-native-unix-common-4.1.82.Final.jar!/" />
+    </CLASSES>
+    <JAVADOC>
+      <root url="jar://$USER_HOME$/.m2/repository/io/netty/netty-transport-native-unix-common/4.1.82.Final/netty-transport-native-unix-common-4.1.82.Final-javadoc.jar!/" />
+    </JAVADOC>
+    <SOURCES>
+      <root url="jar://$USER_HOME$/.m2/repository/io/netty/netty-transport-native-unix-common/4.1.82.Final/netty-transport-native-unix-common-4.1.82.Final-sources.jar!/" />
+    </SOURCES>
+  </library>
+</component>
\ No newline at end of file
diff --git a/haobang-security-xdr/.idea/libraries/Maven__io_netty_netty_transport_native_unix_common_4_1_92_Final.xml b/haobang-security-xdr/.idea/libraries/Maven__io_netty_netty_transport_native_unix_common_4_1_92_Final.xml
new file mode 100644
index 0000000..d90e36e
--- /dev/null
+++ b/haobang-security-xdr/.idea/libraries/Maven__io_netty_netty_transport_native_unix_common_4_1_92_Final.xml
@@ -0,0 +1,13 @@
+<component name="libraryTable">
+  <library name="Maven: io.netty:netty-transport-native-unix-common:4.1.92.Final">
+    <CLASSES>
+      <root url="jar://$USER_HOME$/.m2/repository/io/netty/netty-transport-native-unix-common/4.1.92.Final/netty-transport-native-unix-common-4.1.92.Final.jar!/" />
+    </CLASSES>
+    <JAVADOC>
+      <root url="jar://$USER_HOME$/.m2/repository/io/netty/netty-transport-native-unix-common/4.1.92.Final/netty-transport-native-unix-common-4.1.92.Final-javadoc.jar!/" />
+    </JAVADOC>
+    <SOURCES>
+      <root url="jar://$USER_HOME$/.m2/repository/io/netty/netty-transport-native-unix-common/4.1.92.Final/netty-transport-native-unix-common-4.1.92.Final-sources.jar!/" />
+    </SOURCES>
+  </library>
+</component>
\ No newline at end of file
diff --git a/haobang-security-xdr/.idea/libraries/Maven__io_netty_netty_transport_rxtx_4_1_92_Final.xml b/haobang-security-xdr/.idea/libraries/Maven__io_netty_netty_transport_rxtx_4_1_92_Final.xml
new file mode 100644
index 0000000..3286404
--- /dev/null
+++ b/haobang-security-xdr/.idea/libraries/Maven__io_netty_netty_transport_rxtx_4_1_92_Final.xml
@@ -0,0 +1,13 @@
+<component name="libraryTable">
+  <library name="Maven: io.netty:netty-transport-rxtx:4.1.92.Final">
+    <CLASSES>
+      <root url="jar://$USER_HOME$/.m2/repository/io/netty/netty-transport-rxtx/4.1.92.Final/netty-transport-rxtx-4.1.92.Final.jar!/" />
+    </CLASSES>
+    <JAVADOC>
+      <root url="jar://$USER_HOME$/.m2/repository/io/netty/netty-transport-rxtx/4.1.92.Final/netty-transport-rxtx-4.1.92.Final-javadoc.jar!/" />
+    </JAVADOC>
+    <SOURCES>
+      <root url="jar://$USER_HOME$/.m2/repository/io/netty/netty-transport-rxtx/4.1.92.Final/netty-transport-rxtx-4.1.92.Final-sources.jar!/" />
+    </SOURCES>
+  </library>
+</component>
\ No newline at end of file
diff --git a/haobang-security-xdr/.idea/libraries/Maven__io_netty_netty_transport_sctp_4_1_92_Final.xml b/haobang-security-xdr/.idea/libraries/Maven__io_netty_netty_transport_sctp_4_1_92_Final.xml
new file mode 100644
index 0000000..0ffea6c
--- /dev/null
+++ b/haobang-security-xdr/.idea/libraries/Maven__io_netty_netty_transport_sctp_4_1_92_Final.xml
@@ -0,0 +1,13 @@
+<component name="libraryTable">
+  <library name="Maven: io.netty:netty-transport-sctp:4.1.92.Final">
+    <CLASSES>
+      <root url="jar://$USER_HOME$/.m2/repository/io/netty/netty-transport-sctp/4.1.92.Final/netty-transport-sctp-4.1.92.Final.jar!/" />
+    </CLASSES>
+    <JAVADOC>
+      <root url="jar://$USER_HOME$/.m2/repository/io/netty/netty-transport-sctp/4.1.92.Final/netty-transport-sctp-4.1.92.Final-javadoc.jar!/" />
+    </JAVADOC>
+    <SOURCES>
+      <root url="jar://$USER_HOME$/.m2/repository/io/netty/netty-transport-sctp/4.1.92.Final/netty-transport-sctp-4.1.92.Final-sources.jar!/" />
+    </SOURCES>
+  </library>
+</component>
\ No newline at end of file
diff --git a/haobang-security-xdr/.idea/libraries/Maven__io_netty_netty_transport_udt_4_1_92_Final.xml b/haobang-security-xdr/.idea/libraries/Maven__io_netty_netty_transport_udt_4_1_92_Final.xml
new file mode 100644
index 0000000..a929d8c
--- /dev/null
+++ b/haobang-security-xdr/.idea/libraries/Maven__io_netty_netty_transport_udt_4_1_92_Final.xml
@@ -0,0 +1,13 @@
+<component name="libraryTable">
+  <library name="Maven: io.netty:netty-transport-udt:4.1.92.Final">
+    <CLASSES>
+      <root url="jar://$USER_HOME$/.m2/repository/io/netty/netty-transport-udt/4.1.92.Final/netty-transport-udt-4.1.92.Final.jar!/" />
+    </CLASSES>
+    <JAVADOC>
+      <root url="jar://$USER_HOME$/.m2/repository/io/netty/netty-transport-udt/4.1.92.Final/netty-transport-udt-4.1.92.Final-javadoc.jar!/" />
+    </JAVADOC>
+    <SOURCES>
+      <root url="jar://$USER_HOME$/.m2/repository/io/netty/netty-transport-udt/4.1.92.Final/netty-transport-udt-4.1.92.Final-sources.jar!/" />
+    </SOURCES>
+  </library>
+</component>
\ No newline at end of file
diff --git a/haobang-security-xdr/.idea/libraries/Maven__io_projectreactor_reactor_core_3_4_23.xml b/haobang-security-xdr/.idea/libraries/Maven__io_projectreactor_reactor_core_3_4_23.xml
new file mode 100644
index 0000000..9f9338d
--- /dev/null
+++ b/haobang-security-xdr/.idea/libraries/Maven__io_projectreactor_reactor_core_3_4_23.xml
@@ -0,0 +1,13 @@
+<component name="libraryTable">
+  <library name="Maven: io.projectreactor:reactor-core:3.4.23">
+    <CLASSES>
+      <root url="jar://$USER_HOME$/.m2/repository/io/projectreactor/reactor-core/3.4.23/reactor-core-3.4.23.jar!/" />
+    </CLASSES>
+    <JAVADOC>
+      <root url="jar://$USER_HOME$/.m2/repository/io/projectreactor/reactor-core/3.4.23/reactor-core-3.4.23-javadoc.jar!/" />
+    </JAVADOC>
+    <SOURCES>
+      <root url="jar://$USER_HOME$/.m2/repository/io/projectreactor/reactor-core/3.4.23/reactor-core-3.4.23-sources.jar!/" />
+    </SOURCES>
+  </library>
+</component>
\ No newline at end of file
diff --git a/haobang-security-xdr/.idea/libraries/Maven__io_reactivex_rxjava3_rxjava_3_1_6.xml b/haobang-security-xdr/.idea/libraries/Maven__io_reactivex_rxjava3_rxjava_3_1_6.xml
new file mode 100644
index 0000000..30df38e
--- /dev/null
+++ b/haobang-security-xdr/.idea/libraries/Maven__io_reactivex_rxjava3_rxjava_3_1_6.xml
@@ -0,0 +1,13 @@
+<component name="libraryTable">
+  <library name="Maven: io.reactivex.rxjava3:rxjava:3.1.6">
+    <CLASSES>
+      <root url="jar://$USER_HOME$/.m2/repository/io/reactivex/rxjava3/rxjava/3.1.6/rxjava-3.1.6.jar!/" />
+    </CLASSES>
+    <JAVADOC>
+      <root url="jar://$USER_HOME$/.m2/repository/io/reactivex/rxjava3/rxjava/3.1.6/rxjava-3.1.6-javadoc.jar!/" />
+    </JAVADOC>
+    <SOURCES>
+      <root url="jar://$USER_HOME$/.m2/repository/io/reactivex/rxjava3/rxjava/3.1.6/rxjava-3.1.6-sources.jar!/" />
+    </SOURCES>
+  </library>
+</component>
\ No newline at end of file
diff --git a/haobang-security-xdr/.idea/libraries/Maven__jakarta_activation_jakarta_activation_api_1_2_2.xml b/haobang-security-xdr/.idea/libraries/Maven__jakarta_activation_jakarta_activation_api_1_2_2.xml
new file mode 100644
index 0000000..4b21a76
--- /dev/null
+++ b/haobang-security-xdr/.idea/libraries/Maven__jakarta_activation_jakarta_activation_api_1_2_2.xml
@@ -0,0 +1,13 @@
+<component name="libraryTable">
+  <library name="Maven: jakarta.activation:jakarta.activation-api:1.2.2">
+    <CLASSES>
+      <root url="jar://$USER_HOME$/.m2/repository/jakarta/activation/jakarta.activation-api/1.2.2/jakarta.activation-api-1.2.2.jar!/" />
+    </CLASSES>
+    <JAVADOC>
+      <root url="jar://$USER_HOME$/.m2/repository/jakarta/activation/jakarta.activation-api/1.2.2/jakarta.activation-api-1.2.2-javadoc.jar!/" />
+    </JAVADOC>
+    <SOURCES>
+      <root url="jar://$USER_HOME$/.m2/repository/jakarta/activation/jakarta.activation-api/1.2.2/jakarta.activation-api-1.2.2-sources.jar!/" />
+    </SOURCES>
+  </library>
+</component>
\ No newline at end of file
diff --git a/haobang-security-xdr/.idea/libraries/Maven__jakarta_annotation_jakarta_annotation_api_1_3_5.xml b/haobang-security-xdr/.idea/libraries/Maven__jakarta_annotation_jakarta_annotation_api_1_3_5.xml
new file mode 100644
index 0000000..39760fa
--- /dev/null
+++ b/haobang-security-xdr/.idea/libraries/Maven__jakarta_annotation_jakarta_annotation_api_1_3_5.xml
@@ -0,0 +1,13 @@
+<component name="libraryTable">
+  <library name="Maven: jakarta.annotation:jakarta.annotation-api:1.3.5">
+    <CLASSES>
+      <root url="jar://$USER_HOME$/.m2/repository/jakarta/annotation/jakarta.annotation-api/1.3.5/jakarta.annotation-api-1.3.5.jar!/" />
+    </CLASSES>
+    <JAVADOC>
+      <root url="jar://$USER_HOME$/.m2/repository/jakarta/annotation/jakarta.annotation-api/1.3.5/jakarta.annotation-api-1.3.5-javadoc.jar!/" />
+    </JAVADOC>
+    <SOURCES>
+      <root url="jar://$USER_HOME$/.m2/repository/jakarta/annotation/jakarta.annotation-api/1.3.5/jakarta.annotation-api-1.3.5-sources.jar!/" />
+    </SOURCES>
+  </library>
+</component>
\ No newline at end of file
diff --git a/haobang-security-xdr/.idea/libraries/Maven__jakarta_json_jakarta_json_api_1_1_6.xml b/haobang-security-xdr/.idea/libraries/Maven__jakarta_json_jakarta_json_api_1_1_6.xml
new file mode 100644
index 0000000..c1a8cf1
--- /dev/null
+++ b/haobang-security-xdr/.idea/libraries/Maven__jakarta_json_jakarta_json_api_1_1_6.xml
@@ -0,0 +1,13 @@
+<component name="libraryTable">
+  <library name="Maven: jakarta.json:jakarta.json-api:1.1.6">
+    <CLASSES>
+      <root url="jar://$USER_HOME$/.m2/repository/jakarta/json/jakarta.json-api/1.1.6/jakarta.json-api-1.1.6.jar!/" />
+    </CLASSES>
+    <JAVADOC>
+      <root url="jar://$USER_HOME$/.m2/repository/jakarta/json/jakarta.json-api/1.1.6/jakarta.json-api-1.1.6-javadoc.jar!/" />
+    </JAVADOC>
+    <SOURCES>
+      <root url="jar://$USER_HOME$/.m2/repository/jakarta/json/jakarta.json-api/1.1.6/jakarta.json-api-1.1.6-sources.jar!/" />
+    </SOURCES>
+  </library>
+</component>
\ No newline at end of file
diff --git a/haobang-security-xdr/.idea/libraries/Maven__jakarta_validation_jakarta_validation_api_2_0_2.xml b/haobang-security-xdr/.idea/libraries/Maven__jakarta_validation_jakarta_validation_api_2_0_2.xml
new file mode 100644
index 0000000..54f9c8a
--- /dev/null
+++ b/haobang-security-xdr/.idea/libraries/Maven__jakarta_validation_jakarta_validation_api_2_0_2.xml
@@ -0,0 +1,13 @@
+<component name="libraryTable">
+  <library name="Maven: jakarta.validation:jakarta.validation-api:2.0.2">
+    <CLASSES>
+      <root url="jar://$USER_HOME$/.m2/repository/jakarta/validation/jakarta.validation-api/2.0.2/jakarta.validation-api-2.0.2.jar!/" />
+    </CLASSES>
+    <JAVADOC>
+      <root url="jar://$USER_HOME$/.m2/repository/jakarta/validation/jakarta.validation-api/2.0.2/jakarta.validation-api-2.0.2-javadoc.jar!/" />
+    </JAVADOC>
+    <SOURCES>
+      <root url="jar://$USER_HOME$/.m2/repository/jakarta/validation/jakarta.validation-api/2.0.2/jakarta.validation-api-2.0.2-sources.jar!/" />
+    </SOURCES>
+  </library>
+</component>
\ No newline at end of file
diff --git a/haobang-security-xdr/.idea/libraries/Maven__jakarta_xml_bind_jakarta_xml_bind_api_2_3_3.xml b/haobang-security-xdr/.idea/libraries/Maven__jakarta_xml_bind_jakarta_xml_bind_api_2_3_3.xml
new file mode 100644
index 0000000..61d47cf
--- /dev/null
+++ b/haobang-security-xdr/.idea/libraries/Maven__jakarta_xml_bind_jakarta_xml_bind_api_2_3_3.xml
@@ -0,0 +1,13 @@
+<component name="libraryTable">
+  <library name="Maven: jakarta.xml.bind:jakarta.xml.bind-api:2.3.3">
+    <CLASSES>
+      <root url="jar://$USER_HOME$/.m2/repository/jakarta/xml/bind/jakarta.xml.bind-api/2.3.3/jakarta.xml.bind-api-2.3.3.jar!/" />
+    </CLASSES>
+    <JAVADOC>
+      <root url="jar://$USER_HOME$/.m2/repository/jakarta/xml/bind/jakarta.xml.bind-api/2.3.3/jakarta.xml.bind-api-2.3.3-javadoc.jar!/" />
+    </JAVADOC>
+    <SOURCES>
+      <root url="jar://$USER_HOME$/.m2/repository/jakarta/xml/bind/jakarta.xml.bind-api/2.3.3/jakarta.xml.bind-api-2.3.3-sources.jar!/" />
+    </SOURCES>
+  </library>
+</component>
\ No newline at end of file
diff --git a/haobang-security-xdr/.idea/libraries/Maven__joda_time_joda_time_2_9_9.xml b/haobang-security-xdr/.idea/libraries/Maven__joda_time_joda_time_2_9_9.xml
new file mode 100644
index 0000000..74405af
--- /dev/null
+++ b/haobang-security-xdr/.idea/libraries/Maven__joda_time_joda_time_2_9_9.xml
@@ -0,0 +1,13 @@
+<component name="libraryTable">
+  <library name="Maven: joda-time:joda-time:2.9.9">
+    <CLASSES>
+      <root url="jar://$USER_HOME$/.m2/repository/joda-time/joda-time/2.9.9/joda-time-2.9.9.jar!/" />
+    </CLASSES>
+    <JAVADOC>
+      <root url="jar://$USER_HOME$/.m2/repository/joda-time/joda-time/2.9.9/joda-time-2.9.9-javadoc.jar!/" />
+    </JAVADOC>
+    <SOURCES>
+      <root url="jar://$USER_HOME$/.m2/repository/joda-time/joda-time/2.9.9/joda-time-2.9.9-sources.jar!/" />
+    </SOURCES>
+  </library>
+</component>
\ No newline at end of file
diff --git a/haobang-security-xdr/.idea/libraries/Maven__net_bytebuddy_byte_buddy_1_12_17.xml b/haobang-security-xdr/.idea/libraries/Maven__net_bytebuddy_byte_buddy_1_12_17.xml
new file mode 100644
index 0000000..f828397
--- /dev/null
+++ b/haobang-security-xdr/.idea/libraries/Maven__net_bytebuddy_byte_buddy_1_12_17.xml
@@ -0,0 +1,13 @@
+<component name="libraryTable">
+  <library name="Maven: net.bytebuddy:byte-buddy:1.12.17">
+    <CLASSES>
+      <root url="jar://$USER_HOME$/.m2/repository/net/bytebuddy/byte-buddy/1.12.17/byte-buddy-1.12.17.jar!/" />
+    </CLASSES>
+    <JAVADOC>
+      <root url="jar://$USER_HOME$/.m2/repository/net/bytebuddy/byte-buddy/1.12.17/byte-buddy-1.12.17-javadoc.jar!/" />
+    </JAVADOC>
+    <SOURCES>
+      <root url="jar://$USER_HOME$/.m2/repository/net/bytebuddy/byte-buddy/1.12.17/byte-buddy-1.12.17-sources.jar!/" />
+    </SOURCES>
+  </library>
+</component>
\ No newline at end of file
diff --git a/haobang-security-xdr/.idea/libraries/Maven__net_bytebuddy_byte_buddy_agent_1_12_17.xml b/haobang-security-xdr/.idea/libraries/Maven__net_bytebuddy_byte_buddy_agent_1_12_17.xml
new file mode 100644
index 0000000..91d230b
--- /dev/null
+++ b/haobang-security-xdr/.idea/libraries/Maven__net_bytebuddy_byte_buddy_agent_1_12_17.xml
@@ -0,0 +1,13 @@
+<component name="libraryTable">
+  <library name="Maven: net.bytebuddy:byte-buddy-agent:1.12.17">
+    <CLASSES>
+      <root url="jar://$USER_HOME$/.m2/repository/net/bytebuddy/byte-buddy-agent/1.12.17/byte-buddy-agent-1.12.17.jar!/" />
+    </CLASSES>
+    <JAVADOC>
+      <root url="jar://$USER_HOME$/.m2/repository/net/bytebuddy/byte-buddy-agent/1.12.17/byte-buddy-agent-1.12.17-javadoc.jar!/" />
+    </JAVADOC>
+    <SOURCES>
+      <root url="jar://$USER_HOME$/.m2/repository/net/bytebuddy/byte-buddy-agent/1.12.17/byte-buddy-agent-1.12.17-sources.jar!/" />
+    </SOURCES>
+  </library>
+</component>
\ No newline at end of file
diff --git a/haobang-security-xdr/.idea/libraries/Maven__net_java_dev_jna_jna_5_10_0.xml b/haobang-security-xdr/.idea/libraries/Maven__net_java_dev_jna_jna_5_10_0.xml
new file mode 100644
index 0000000..a4880d8
--- /dev/null
+++ b/haobang-security-xdr/.idea/libraries/Maven__net_java_dev_jna_jna_5_10_0.xml
@@ -0,0 +1,13 @@
+<component name="libraryTable">
+  <library name="Maven: net.java.dev.jna:jna:5.10.0">
+    <CLASSES>
+      <root url="jar://$USER_HOME$/.m2/repository/net/java/dev/jna/jna/5.10.0/jna-5.10.0.jar!/" />
+    </CLASSES>
+    <JAVADOC>
+      <root url="jar://$USER_HOME$/.m2/repository/net/java/dev/jna/jna/5.10.0/jna-5.10.0-javadoc.jar!/" />
+    </JAVADOC>
+    <SOURCES>
+      <root url="jar://$USER_HOME$/.m2/repository/net/java/dev/jna/jna/5.10.0/jna-5.10.0-sources.jar!/" />
+    </SOURCES>
+  </library>
+</component>
\ No newline at end of file
diff --git a/haobang-security-xdr/.idea/libraries/Maven__net_minidev_accessors_smart_2_4_8.xml b/haobang-security-xdr/.idea/libraries/Maven__net_minidev_accessors_smart_2_4_8.xml
new file mode 100644
index 0000000..96bdf9f
--- /dev/null
+++ b/haobang-security-xdr/.idea/libraries/Maven__net_minidev_accessors_smart_2_4_8.xml
@@ -0,0 +1,13 @@
+<component name="libraryTable">
+  <library name="Maven: net.minidev:accessors-smart:2.4.8">
+    <CLASSES>
+      <root url="jar://$USER_HOME$/.m2/repository/net/minidev/accessors-smart/2.4.8/accessors-smart-2.4.8.jar!/" />
+    </CLASSES>
+    <JAVADOC>
+      <root url="jar://$USER_HOME$/.m2/repository/net/minidev/accessors-smart/2.4.8/accessors-smart-2.4.8-javadoc.jar!/" />
+    </JAVADOC>
+    <SOURCES>
+      <root url="jar://$USER_HOME$/.m2/repository/net/minidev/accessors-smart/2.4.8/accessors-smart-2.4.8-sources.jar!/" />
+    </SOURCES>
+  </library>
+</component>
\ No newline at end of file
diff --git a/haobang-security-xdr/.idea/libraries/Maven__net_minidev_json_smart_2_4_8.xml b/haobang-security-xdr/.idea/libraries/Maven__net_minidev_json_smart_2_4_8.xml
new file mode 100644
index 0000000..5ce913d
--- /dev/null
+++ b/haobang-security-xdr/.idea/libraries/Maven__net_minidev_json_smart_2_4_8.xml
@@ -0,0 +1,13 @@
+<component name="libraryTable">
+  <library name="Maven: net.minidev:json-smart:2.4.8">
+    <CLASSES>
+      <root url="jar://$USER_HOME$/.m2/repository/net/minidev/json-smart/2.4.8/json-smart-2.4.8.jar!/" />
+    </CLASSES>
+    <JAVADOC>
+      <root url="jar://$USER_HOME$/.m2/repository/net/minidev/json-smart/2.4.8/json-smart-2.4.8-javadoc.jar!/" />
+    </JAVADOC>
+    <SOURCES>
+      <root url="jar://$USER_HOME$/.m2/repository/net/minidev/json-smart/2.4.8/json-smart-2.4.8-sources.jar!/" />
+    </SOURCES>
+  </library>
+</component>
\ No newline at end of file
diff --git a/haobang-security-xdr/.idea/libraries/Maven__net_sf_jopt_simple_jopt_simple_5_0_2.xml b/haobang-security-xdr/.idea/libraries/Maven__net_sf_jopt_simple_jopt_simple_5_0_2.xml
new file mode 100644
index 0000000..29d567a
--- /dev/null
+++ b/haobang-security-xdr/.idea/libraries/Maven__net_sf_jopt_simple_jopt_simple_5_0_2.xml
@@ -0,0 +1,13 @@
+<component name="libraryTable">
+  <library name="Maven: net.sf.jopt-simple:jopt-simple:5.0.2">
+    <CLASSES>
+      <root url="jar://$USER_HOME$/.m2/repository/net/sf/jopt-simple/jopt-simple/5.0.2/jopt-simple-5.0.2.jar!/" />
+    </CLASSES>
+    <JAVADOC>
+      <root url="jar://$USER_HOME$/.m2/repository/net/sf/jopt-simple/jopt-simple/5.0.2/jopt-simple-5.0.2-javadoc.jar!/" />
+    </JAVADOC>
+    <SOURCES>
+      <root url="jar://$USER_HOME$/.m2/repository/net/sf/jopt-simple/jopt-simple/5.0.2/jopt-simple-5.0.2-sources.jar!/" />
+    </SOURCES>
+  </library>
+</component>
\ No newline at end of file
diff --git a/haobang-security-xdr/.idea/libraries/Maven__org_apache_commons_commons_csv_1_10_0.xml b/haobang-security-xdr/.idea/libraries/Maven__org_apache_commons_commons_csv_1_10_0.xml
new file mode 100644
index 0000000..48973fa
--- /dev/null
+++ b/haobang-security-xdr/.idea/libraries/Maven__org_apache_commons_commons_csv_1_10_0.xml
@@ -0,0 +1,13 @@
+<component name="libraryTable">
+  <library name="Maven: org.apache.commons:commons-csv:1.10.0">
+    <CLASSES>
+      <root url="jar://$USER_HOME$/.m2/repository/org/apache/commons/commons-csv/1.10.0/commons-csv-1.10.0.jar!/" />
+    </CLASSES>
+    <JAVADOC>
+      <root url="jar://$USER_HOME$/.m2/repository/org/apache/commons/commons-csv/1.10.0/commons-csv-1.10.0-javadoc.jar!/" />
+    </JAVADOC>
+    <SOURCES>
+      <root url="jar://$USER_HOME$/.m2/repository/org/apache/commons/commons-csv/1.10.0/commons-csv-1.10.0-sources.jar!/" />
+    </SOURCES>
+  </library>
+</component>
\ No newline at end of file
diff --git a/haobang-security-xdr/.idea/libraries/Maven__org_apache_commons_commons_lang3_3_12_0.xml b/haobang-security-xdr/.idea/libraries/Maven__org_apache_commons_commons_lang3_3_12_0.xml
new file mode 100644
index 0000000..0cebf9a
--- /dev/null
+++ b/haobang-security-xdr/.idea/libraries/Maven__org_apache_commons_commons_lang3_3_12_0.xml
@@ -0,0 +1,13 @@
+<component name="libraryTable">
+  <library name="Maven: org.apache.commons:commons-lang3:3.12.0">
+    <CLASSES>
+      <root url="jar://$USER_HOME$/.m2/repository/org/apache/commons/commons-lang3/3.12.0/commons-lang3-3.12.0.jar!/" />
+    </CLASSES>
+    <JAVADOC>
+      <root url="jar://$USER_HOME$/.m2/repository/org/apache/commons/commons-lang3/3.12.0/commons-lang3-3.12.0-javadoc.jar!/" />
+    </JAVADOC>
+    <SOURCES>
+      <root url="jar://$USER_HOME$/.m2/repository/org/apache/commons/commons-lang3/3.12.0/commons-lang3-3.12.0-sources.jar!/" />
+    </SOURCES>
+  </library>
+</component>
\ No newline at end of file
diff --git a/haobang-security-xdr/.idea/libraries/Maven__org_apache_httpcomponents_httpasyncclient_4_1_5.xml b/haobang-security-xdr/.idea/libraries/Maven__org_apache_httpcomponents_httpasyncclient_4_1_5.xml
new file mode 100644
index 0000000..d4096c9
--- /dev/null
+++ b/haobang-security-xdr/.idea/libraries/Maven__org_apache_httpcomponents_httpasyncclient_4_1_5.xml
@@ -0,0 +1,13 @@
+<component name="libraryTable">
+  <library name="Maven: org.apache.httpcomponents:httpasyncclient:4.1.5">
+    <CLASSES>
+      <root url="jar://$USER_HOME$/.m2/repository/org/apache/httpcomponents/httpasyncclient/4.1.5/httpasyncclient-4.1.5.jar!/" />
+    </CLASSES>
+    <JAVADOC>
+      <root url="jar://$USER_HOME$/.m2/repository/org/apache/httpcomponents/httpasyncclient/4.1.5/httpasyncclient-4.1.5-javadoc.jar!/" />
+    </JAVADOC>
+    <SOURCES>
+      <root url="jar://$USER_HOME$/.m2/repository/org/apache/httpcomponents/httpasyncclient/4.1.5/httpasyncclient-4.1.5-sources.jar!/" />
+    </SOURCES>
+  </library>
+</component>
\ No newline at end of file
diff --git a/haobang-security-xdr/.idea/libraries/Maven__org_apache_httpcomponents_httpclient_4_5_13.xml b/haobang-security-xdr/.idea/libraries/Maven__org_apache_httpcomponents_httpclient_4_5_13.xml
new file mode 100644
index 0000000..5620ea9
--- /dev/null
+++ b/haobang-security-xdr/.idea/libraries/Maven__org_apache_httpcomponents_httpclient_4_5_13.xml
@@ -0,0 +1,13 @@
+<component name="libraryTable">
+  <library name="Maven: org.apache.httpcomponents:httpclient:4.5.13">
+    <CLASSES>
+      <root url="jar://$USER_HOME$/.m2/repository/org/apache/httpcomponents/httpclient/4.5.13/httpclient-4.5.13.jar!/" />
+    </CLASSES>
+    <JAVADOC>
+      <root url="jar://$USER_HOME$/.m2/repository/org/apache/httpcomponents/httpclient/4.5.13/httpclient-4.5.13-javadoc.jar!/" />
+    </JAVADOC>
+    <SOURCES>
+      <root url="jar://$USER_HOME$/.m2/repository/org/apache/httpcomponents/httpclient/4.5.13/httpclient-4.5.13-sources.jar!/" />
+    </SOURCES>
+  </library>
+</component>
\ No newline at end of file
diff --git a/haobang-security-xdr/.idea/libraries/Maven__org_apache_httpcomponents_httpcore_4_4_15.xml b/haobang-security-xdr/.idea/libraries/Maven__org_apache_httpcomponents_httpcore_4_4_15.xml
new file mode 100644
index 0000000..d7e3f89
--- /dev/null
+++ b/haobang-security-xdr/.idea/libraries/Maven__org_apache_httpcomponents_httpcore_4_4_15.xml
@@ -0,0 +1,13 @@
+<component name="libraryTable">
+  <library name="Maven: org.apache.httpcomponents:httpcore:4.4.15">
+    <CLASSES>
+      <root url="jar://$USER_HOME$/.m2/repository/org/apache/httpcomponents/httpcore/4.4.15/httpcore-4.4.15.jar!/" />
+    </CLASSES>
+    <JAVADOC>
+      <root url="jar://$USER_HOME$/.m2/repository/org/apache/httpcomponents/httpcore/4.4.15/httpcore-4.4.15-javadoc.jar!/" />
+    </JAVADOC>
+    <SOURCES>
+      <root url="jar://$USER_HOME$/.m2/repository/org/apache/httpcomponents/httpcore/4.4.15/httpcore-4.4.15-sources.jar!/" />
+    </SOURCES>
+  </library>
+</component>
\ No newline at end of file
diff --git a/haobang-security-xdr/.idea/libraries/Maven__org_apache_httpcomponents_httpcore_nio_4_4_15.xml b/haobang-security-xdr/.idea/libraries/Maven__org_apache_httpcomponents_httpcore_nio_4_4_15.xml
new file mode 100644
index 0000000..80feb92
--- /dev/null
+++ b/haobang-security-xdr/.idea/libraries/Maven__org_apache_httpcomponents_httpcore_nio_4_4_15.xml
@@ -0,0 +1,13 @@
+<component name="libraryTable">
+  <library name="Maven: org.apache.httpcomponents:httpcore-nio:4.4.15">
+    <CLASSES>
+      <root url="jar://$USER_HOME$/.m2/repository/org/apache/httpcomponents/httpcore-nio/4.4.15/httpcore-nio-4.4.15.jar!/" />
+    </CLASSES>
+    <JAVADOC>
+      <root url="jar://$USER_HOME$/.m2/repository/org/apache/httpcomponents/httpcore-nio/4.4.15/httpcore-nio-4.4.15-javadoc.jar!/" />
+    </JAVADOC>
+    <SOURCES>
+      <root url="jar://$USER_HOME$/.m2/repository/org/apache/httpcomponents/httpcore-nio/4.4.15/httpcore-nio-4.4.15-sources.jar!/" />
+    </SOURCES>
+  </library>
+</component>
\ No newline at end of file
diff --git a/haobang-security-xdr/.idea/libraries/Maven__org_apache_kafka_kafka_clients_3_4_0.xml b/haobang-security-xdr/.idea/libraries/Maven__org_apache_kafka_kafka_clients_3_4_0.xml
new file mode 100644
index 0000000..fc39485
--- /dev/null
+++ b/haobang-security-xdr/.idea/libraries/Maven__org_apache_kafka_kafka_clients_3_4_0.xml
@@ -0,0 +1,13 @@
+<component name="libraryTable">
+  <library name="Maven: org.apache.kafka:kafka-clients:3.4.0">
+    <CLASSES>
+      <root url="jar://$USER_HOME$/.m2/repository/org/apache/kafka/kafka-clients/3.4.0/kafka-clients-3.4.0.jar!/" />
+    </CLASSES>
+    <JAVADOC>
+      <root url="jar://$USER_HOME$/.m2/repository/org/apache/kafka/kafka-clients/3.4.0/kafka-clients-3.4.0-javadoc.jar!/" />
+    </JAVADOC>
+    <SOURCES>
+      <root url="jar://$USER_HOME$/.m2/repository/org/apache/kafka/kafka-clients/3.4.0/kafka-clients-3.4.0-sources.jar!/" />
+    </SOURCES>
+  </library>
+</component>
\ No newline at end of file
diff --git a/haobang-security-xdr/.idea/libraries/Maven__org_apache_logging_log4j_log4j_api_2_17_2.xml b/haobang-security-xdr/.idea/libraries/Maven__org_apache_logging_log4j_log4j_api_2_17_2.xml
new file mode 100644
index 0000000..b6827fc
--- /dev/null
+++ b/haobang-security-xdr/.idea/libraries/Maven__org_apache_logging_log4j_log4j_api_2_17_2.xml
@@ -0,0 +1,13 @@
+<component name="libraryTable">
+  <library name="Maven: org.apache.logging.log4j:log4j-api:2.17.2">
+    <CLASSES>
+      <root url="jar://$USER_HOME$/.m2/repository/org/apache/logging/log4j/log4j-api/2.17.2/log4j-api-2.17.2.jar!/" />
+    </CLASSES>
+    <JAVADOC>
+      <root url="jar://$USER_HOME$/.m2/repository/org/apache/logging/log4j/log4j-api/2.17.2/log4j-api-2.17.2-javadoc.jar!/" />
+    </JAVADOC>
+    <SOURCES>
+      <root url="jar://$USER_HOME$/.m2/repository/org/apache/logging/log4j/log4j-api/2.17.2/log4j-api-2.17.2-sources.jar!/" />
+    </SOURCES>
+  </library>
+</component>
\ No newline at end of file
diff --git a/haobang-security-xdr/.idea/libraries/Maven__org_apache_logging_log4j_log4j_to_slf4j_2_17_2.xml b/haobang-security-xdr/.idea/libraries/Maven__org_apache_logging_log4j_log4j_to_slf4j_2_17_2.xml
new file mode 100644
index 0000000..d6d975a
--- /dev/null
+++ b/haobang-security-xdr/.idea/libraries/Maven__org_apache_logging_log4j_log4j_to_slf4j_2_17_2.xml
@@ -0,0 +1,13 @@
+<component name="libraryTable">
+  <library name="Maven: org.apache.logging.log4j:log4j-to-slf4j:2.17.2">
+    <CLASSES>
+      <root url="jar://$USER_HOME$/.m2/repository/org/apache/logging/log4j/log4j-to-slf4j/2.17.2/log4j-to-slf4j-2.17.2.jar!/" />
+    </CLASSES>
+    <JAVADOC>
+      <root url="jar://$USER_HOME$/.m2/repository/org/apache/logging/log4j/log4j-to-slf4j/2.17.2/log4j-to-slf4j-2.17.2-javadoc.jar!/" />
+    </JAVADOC>
+    <SOURCES>
+      <root url="jar://$USER_HOME$/.m2/repository/org/apache/logging/log4j/log4j-to-slf4j/2.17.2/log4j-to-slf4j-2.17.2-sources.jar!/" />
+    </SOURCES>
+  </library>
+</component>
\ No newline at end of file
diff --git a/haobang-security-xdr/.idea/libraries/Maven__org_apache_lucene_lucene_analyzers_common_8_11_1.xml b/haobang-security-xdr/.idea/libraries/Maven__org_apache_lucene_lucene_analyzers_common_8_11_1.xml
new file mode 100644
index 0000000..03d098d
--- /dev/null
+++ b/haobang-security-xdr/.idea/libraries/Maven__org_apache_lucene_lucene_analyzers_common_8_11_1.xml
@@ -0,0 +1,13 @@
+<component name="libraryTable">
+  <library name="Maven: org.apache.lucene:lucene-analyzers-common:8.11.1">
+    <CLASSES>
+      <root url="jar://$USER_HOME$/.m2/repository/org/apache/lucene/lucene-analyzers-common/8.11.1/lucene-analyzers-common-8.11.1.jar!/" />
+    </CLASSES>
+    <JAVADOC>
+      <root url="jar://$USER_HOME$/.m2/repository/org/apache/lucene/lucene-analyzers-common/8.11.1/lucene-analyzers-common-8.11.1-javadoc.jar!/" />
+    </JAVADOC>
+    <SOURCES>
+      <root url="jar://$USER_HOME$/.m2/repository/org/apache/lucene/lucene-analyzers-common/8.11.1/lucene-analyzers-common-8.11.1-sources.jar!/" />
+    </SOURCES>
+  </library>
+</component>
\ No newline at end of file
diff --git a/haobang-security-xdr/.idea/libraries/Maven__org_apache_lucene_lucene_backward_codecs_8_11_1.xml b/haobang-security-xdr/.idea/libraries/Maven__org_apache_lucene_lucene_backward_codecs_8_11_1.xml
new file mode 100644
index 0000000..a7c155c
--- /dev/null
+++ b/haobang-security-xdr/.idea/libraries/Maven__org_apache_lucene_lucene_backward_codecs_8_11_1.xml
@@ -0,0 +1,13 @@
+<component name="libraryTable">
+  <library name="Maven: org.apache.lucene:lucene-backward-codecs:8.11.1">
+    <CLASSES>
+      <root url="jar://$USER_HOME$/.m2/repository/org/apache/lucene/lucene-backward-codecs/8.11.1/lucene-backward-codecs-8.11.1.jar!/" />
+    </CLASSES>
+    <JAVADOC>
+      <root url="jar://$USER_HOME$/.m2/repository/org/apache/lucene/lucene-backward-codecs/8.11.1/lucene-backward-codecs-8.11.1-javadoc.jar!/" />
+    </JAVADOC>
+    <SOURCES>
+      <root url="jar://$USER_HOME$/.m2/repository/org/apache/lucene/lucene-backward-codecs/8.11.1/lucene-backward-codecs-8.11.1-sources.jar!/" />
+    </SOURCES>
+  </library>
+</component>
\ No newline at end of file
diff --git a/haobang-security-xdr/.idea/libraries/Maven__org_apache_lucene_lucene_core_8_11_1.xml b/haobang-security-xdr/.idea/libraries/Maven__org_apache_lucene_lucene_core_8_11_1.xml
new file mode 100644
index 0000000..839c759
--- /dev/null
+++ b/haobang-security-xdr/.idea/libraries/Maven__org_apache_lucene_lucene_core_8_11_1.xml
@@ -0,0 +1,13 @@
+<component name="libraryTable">
+  <library name="Maven: org.apache.lucene:lucene-core:8.11.1">
+    <CLASSES>
+      <root url="jar://$USER_HOME$/.m2/repository/org/apache/lucene/lucene-core/8.11.1/lucene-core-8.11.1.jar!/" />
+    </CLASSES>
+    <JAVADOC>
+      <root url="jar://$USER_HOME$/.m2/repository/org/apache/lucene/lucene-core/8.11.1/lucene-core-8.11.1-javadoc.jar!/" />
+    </JAVADOC>
+    <SOURCES>
+      <root url="jar://$USER_HOME$/.m2/repository/org/apache/lucene/lucene-core/8.11.1/lucene-core-8.11.1-sources.jar!/" />
+    </SOURCES>
+  </library>
+</component>
\ No newline at end of file
diff --git a/haobang-security-xdr/.idea/libraries/Maven__org_apache_lucene_lucene_grouping_8_11_1.xml b/haobang-security-xdr/.idea/libraries/Maven__org_apache_lucene_lucene_grouping_8_11_1.xml
new file mode 100644
index 0000000..f856244
--- /dev/null
+++ b/haobang-security-xdr/.idea/libraries/Maven__org_apache_lucene_lucene_grouping_8_11_1.xml
@@ -0,0 +1,13 @@
+<component name="libraryTable">
+  <library name="Maven: org.apache.lucene:lucene-grouping:8.11.1">
+    <CLASSES>
+      <root url="jar://$USER_HOME$/.m2/repository/org/apache/lucene/lucene-grouping/8.11.1/lucene-grouping-8.11.1.jar!/" />
+    </CLASSES>
+    <JAVADOC>
+      <root url="jar://$USER_HOME$/.m2/repository/org/apache/lucene/lucene-grouping/8.11.1/lucene-grouping-8.11.1-javadoc.jar!/" />
+    </JAVADOC>
+    <SOURCES>
+      <root url="jar://$USER_HOME$/.m2/repository/org/apache/lucene/lucene-grouping/8.11.1/lucene-grouping-8.11.1-sources.jar!/" />
+    </SOURCES>
+  </library>
+</component>
\ No newline at end of file
diff --git a/haobang-security-xdr/.idea/libraries/Maven__org_apache_lucene_lucene_highlighter_8_11_1.xml b/haobang-security-xdr/.idea/libraries/Maven__org_apache_lucene_lucene_highlighter_8_11_1.xml
new file mode 100644
index 0000000..527f2ea
--- /dev/null
+++ b/haobang-security-xdr/.idea/libraries/Maven__org_apache_lucene_lucene_highlighter_8_11_1.xml
@@ -0,0 +1,13 @@
+<component name="libraryTable">
+  <library name="Maven: org.apache.lucene:lucene-highlighter:8.11.1">
+    <CLASSES>
+      <root url="jar://$USER_HOME$/.m2/repository/org/apache/lucene/lucene-highlighter/8.11.1/lucene-highlighter-8.11.1.jar!/" />
+    </CLASSES>
+    <JAVADOC>
+      <root url="jar://$USER_HOME$/.m2/repository/org/apache/lucene/lucene-highlighter/8.11.1/lucene-highlighter-8.11.1-javadoc.jar!/" />
+    </JAVADOC>
+    <SOURCES>
+      <root url="jar://$USER_HOME$/.m2/repository/org/apache/lucene/lucene-highlighter/8.11.1/lucene-highlighter-8.11.1-sources.jar!/" />
+    </SOURCES>
+  </library>
+</component>
\ No newline at end of file
diff --git a/haobang-security-xdr/.idea/libraries/Maven__org_apache_lucene_lucene_join_8_11_1.xml b/haobang-security-xdr/.idea/libraries/Maven__org_apache_lucene_lucene_join_8_11_1.xml
new file mode 100644
index 0000000..b659de2
--- /dev/null
+++ b/haobang-security-xdr/.idea/libraries/Maven__org_apache_lucene_lucene_join_8_11_1.xml
@@ -0,0 +1,13 @@
+<component name="libraryTable">
+  <library name="Maven: org.apache.lucene:lucene-join:8.11.1">
+    <CLASSES>
+      <root url="jar://$USER_HOME$/.m2/repository/org/apache/lucene/lucene-join/8.11.1/lucene-join-8.11.1.jar!/" />
+    </CLASSES>
+    <JAVADOC>
+      <root url="jar://$USER_HOME$/.m2/repository/org/apache/lucene/lucene-join/8.11.1/lucene-join-8.11.1-javadoc.jar!/" />
+    </JAVADOC>
+    <SOURCES>
+      <root url="jar://$USER_HOME$/.m2/repository/org/apache/lucene/lucene-join/8.11.1/lucene-join-8.11.1-sources.jar!/" />
+    </SOURCES>
+  </library>
+</component>
\ No newline at end of file
diff --git a/haobang-security-xdr/.idea/libraries/Maven__org_apache_lucene_lucene_memory_8_11_1.xml b/haobang-security-xdr/.idea/libraries/Maven__org_apache_lucene_lucene_memory_8_11_1.xml
new file mode 100644
index 0000000..430d31e
--- /dev/null
+++ b/haobang-security-xdr/.idea/libraries/Maven__org_apache_lucene_lucene_memory_8_11_1.xml
@@ -0,0 +1,13 @@
+<component name="libraryTable">
+  <library name="Maven: org.apache.lucene:lucene-memory:8.11.1">
+    <CLASSES>
+      <root url="jar://$USER_HOME$/.m2/repository/org/apache/lucene/lucene-memory/8.11.1/lucene-memory-8.11.1.jar!/" />
+    </CLASSES>
+    <JAVADOC>
+      <root url="jar://$USER_HOME$/.m2/repository/org/apache/lucene/lucene-memory/8.11.1/lucene-memory-8.11.1-javadoc.jar!/" />
+    </JAVADOC>
+    <SOURCES>
+      <root url="jar://$USER_HOME$/.m2/repository/org/apache/lucene/lucene-memory/8.11.1/lucene-memory-8.11.1-sources.jar!/" />
+    </SOURCES>
+  </library>
+</component>
\ No newline at end of file
diff --git a/haobang-security-xdr/.idea/libraries/Maven__org_apache_lucene_lucene_misc_8_11_1.xml b/haobang-security-xdr/.idea/libraries/Maven__org_apache_lucene_lucene_misc_8_11_1.xml
new file mode 100644
index 0000000..da0d9a3
--- /dev/null
+++ b/haobang-security-xdr/.idea/libraries/Maven__org_apache_lucene_lucene_misc_8_11_1.xml
@@ -0,0 +1,13 @@
+<component name="libraryTable">
+  <library name="Maven: org.apache.lucene:lucene-misc:8.11.1">
+    <CLASSES>
+      <root url="jar://$USER_HOME$/.m2/repository/org/apache/lucene/lucene-misc/8.11.1/lucene-misc-8.11.1.jar!/" />
+    </CLASSES>
+    <JAVADOC>
+      <root url="jar://$USER_HOME$/.m2/repository/org/apache/lucene/lucene-misc/8.11.1/lucene-misc-8.11.1-javadoc.jar!/" />
+    </JAVADOC>
+    <SOURCES>
+      <root url="jar://$USER_HOME$/.m2/repository/org/apache/lucene/lucene-misc/8.11.1/lucene-misc-8.11.1-sources.jar!/" />
+    </SOURCES>
+  </library>
+</component>
\ No newline at end of file
diff --git a/haobang-security-xdr/.idea/libraries/Maven__org_apache_lucene_lucene_queries_8_11_1.xml b/haobang-security-xdr/.idea/libraries/Maven__org_apache_lucene_lucene_queries_8_11_1.xml
new file mode 100644
index 0000000..affc97a
--- /dev/null
+++ b/haobang-security-xdr/.idea/libraries/Maven__org_apache_lucene_lucene_queries_8_11_1.xml
@@ -0,0 +1,13 @@
+<component name="libraryTable">
+  <library name="Maven: org.apache.lucene:lucene-queries:8.11.1">
+    <CLASSES>
+      <root url="jar://$USER_HOME$/.m2/repository/org/apache/lucene/lucene-queries/8.11.1/lucene-queries-8.11.1.jar!/" />
+    </CLASSES>
+    <JAVADOC>
+      <root url="jar://$USER_HOME$/.m2/repository/org/apache/lucene/lucene-queries/8.11.1/lucene-queries-8.11.1-javadoc.jar!/" />
+    </JAVADOC>
+    <SOURCES>
+      <root url="jar://$USER_HOME$/.m2/repository/org/apache/lucene/lucene-queries/8.11.1/lucene-queries-8.11.1-sources.jar!/" />
+    </SOURCES>
+  </library>
+</component>
\ No newline at end of file
diff --git a/haobang-security-xdr/.idea/libraries/Maven__org_apache_lucene_lucene_queryparser_8_11_1.xml b/haobang-security-xdr/.idea/libraries/Maven__org_apache_lucene_lucene_queryparser_8_11_1.xml
new file mode 100644
index 0000000..d5ca944
--- /dev/null
+++ b/haobang-security-xdr/.idea/libraries/Maven__org_apache_lucene_lucene_queryparser_8_11_1.xml
@@ -0,0 +1,13 @@
+<component name="libraryTable">
+  <library name="Maven: org.apache.lucene:lucene-queryparser:8.11.1">
+    <CLASSES>
+      <root url="jar://$USER_HOME$/.m2/repository/org/apache/lucene/lucene-queryparser/8.11.1/lucene-queryparser-8.11.1.jar!/" />
+    </CLASSES>
+    <JAVADOC>
+      <root url="jar://$USER_HOME$/.m2/repository/org/apache/lucene/lucene-queryparser/8.11.1/lucene-queryparser-8.11.1-javadoc.jar!/" />
+    </JAVADOC>
+    <SOURCES>
+      <root url="jar://$USER_HOME$/.m2/repository/org/apache/lucene/lucene-queryparser/8.11.1/lucene-queryparser-8.11.1-sources.jar!/" />
+    </SOURCES>
+  </library>
+</component>
\ No newline at end of file
diff --git a/haobang-security-xdr/.idea/libraries/Maven__org_apache_lucene_lucene_sandbox_8_11_1.xml b/haobang-security-xdr/.idea/libraries/Maven__org_apache_lucene_lucene_sandbox_8_11_1.xml
new file mode 100644
index 0000000..6be77b4
--- /dev/null
+++ b/haobang-security-xdr/.idea/libraries/Maven__org_apache_lucene_lucene_sandbox_8_11_1.xml
@@ -0,0 +1,13 @@
+<component name="libraryTable">
+  <library name="Maven: org.apache.lucene:lucene-sandbox:8.11.1">
+    <CLASSES>
+      <root url="jar://$USER_HOME$/.m2/repository/org/apache/lucene/lucene-sandbox/8.11.1/lucene-sandbox-8.11.1.jar!/" />
+    </CLASSES>
+    <JAVADOC>
+      <root url="jar://$USER_HOME$/.m2/repository/org/apache/lucene/lucene-sandbox/8.11.1/lucene-sandbox-8.11.1-javadoc.jar!/" />
+    </JAVADOC>
+    <SOURCES>
+      <root url="jar://$USER_HOME$/.m2/repository/org/apache/lucene/lucene-sandbox/8.11.1/lucene-sandbox-8.11.1-sources.jar!/" />
+    </SOURCES>
+  </library>
+</component>
\ No newline at end of file
diff --git a/haobang-security-xdr/.idea/libraries/Maven__org_apache_lucene_lucene_spatial3d_8_11_1.xml b/haobang-security-xdr/.idea/libraries/Maven__org_apache_lucene_lucene_spatial3d_8_11_1.xml
new file mode 100644
index 0000000..6f49b27
--- /dev/null
+++ b/haobang-security-xdr/.idea/libraries/Maven__org_apache_lucene_lucene_spatial3d_8_11_1.xml
@@ -0,0 +1,13 @@
+<component name="libraryTable">
+  <library name="Maven: org.apache.lucene:lucene-spatial3d:8.11.1">
+    <CLASSES>
+      <root url="jar://$USER_HOME$/.m2/repository/org/apache/lucene/lucene-spatial3d/8.11.1/lucene-spatial3d-8.11.1.jar!/" />
+    </CLASSES>
+    <JAVADOC>
+      <root url="jar://$USER_HOME$/.m2/repository/org/apache/lucene/lucene-spatial3d/8.11.1/lucene-spatial3d-8.11.1-javadoc.jar!/" />
+    </JAVADOC>
+    <SOURCES>
+      <root url="jar://$USER_HOME$/.m2/repository/org/apache/lucene/lucene-spatial3d/8.11.1/lucene-spatial3d-8.11.1-sources.jar!/" />
+    </SOURCES>
+  </library>
+</component>
\ No newline at end of file
diff --git a/haobang-security-xdr/.idea/libraries/Maven__org_apache_lucene_lucene_suggest_8_11_1.xml b/haobang-security-xdr/.idea/libraries/Maven__org_apache_lucene_lucene_suggest_8_11_1.xml
new file mode 100644
index 0000000..f8dc08c
--- /dev/null
+++ b/haobang-security-xdr/.idea/libraries/Maven__org_apache_lucene_lucene_suggest_8_11_1.xml
@@ -0,0 +1,13 @@
+<component name="libraryTable">
+  <library name="Maven: org.apache.lucene:lucene-suggest:8.11.1">
+    <CLASSES>
+      <root url="jar://$USER_HOME$/.m2/repository/org/apache/lucene/lucene-suggest/8.11.1/lucene-suggest-8.11.1.jar!/" />
+    </CLASSES>
+    <JAVADOC>
+      <root url="jar://$USER_HOME$/.m2/repository/org/apache/lucene/lucene-suggest/8.11.1/lucene-suggest-8.11.1-javadoc.jar!/" />
+    </JAVADOC>
+    <SOURCES>
+      <root url="jar://$USER_HOME$/.m2/repository/org/apache/lucene/lucene-suggest/8.11.1/lucene-suggest-8.11.1-sources.jar!/" />
+    </SOURCES>
+  </library>
+</component>
\ No newline at end of file
diff --git a/haobang-security-xdr/.idea/libraries/Maven__org_apache_tomcat_embed_tomcat_embed_core_9_0_65.xml b/haobang-security-xdr/.idea/libraries/Maven__org_apache_tomcat_embed_tomcat_embed_core_9_0_65.xml
new file mode 100644
index 0000000..52023ae
--- /dev/null
+++ b/haobang-security-xdr/.idea/libraries/Maven__org_apache_tomcat_embed_tomcat_embed_core_9_0_65.xml
@@ -0,0 +1,13 @@
+<component name="libraryTable">
+  <library name="Maven: org.apache.tomcat.embed:tomcat-embed-core:9.0.65">
+    <CLASSES>
+      <root url="jar://$USER_HOME$/.m2/repository/org/apache/tomcat/embed/tomcat-embed-core/9.0.65/tomcat-embed-core-9.0.65.jar!/" />
+    </CLASSES>
+    <JAVADOC>
+      <root url="jar://$USER_HOME$/.m2/repository/org/apache/tomcat/embed/tomcat-embed-core/9.0.65/tomcat-embed-core-9.0.65-javadoc.jar!/" />
+    </JAVADOC>
+    <SOURCES>
+      <root url="jar://$USER_HOME$/.m2/repository/org/apache/tomcat/embed/tomcat-embed-core/9.0.65/tomcat-embed-core-9.0.65-sources.jar!/" />
+    </SOURCES>
+  </library>
+</component>
\ No newline at end of file
diff --git a/haobang-security-xdr/.idea/libraries/Maven__org_apache_tomcat_embed_tomcat_embed_el_9_0_65.xml b/haobang-security-xdr/.idea/libraries/Maven__org_apache_tomcat_embed_tomcat_embed_el_9_0_65.xml
new file mode 100644
index 0000000..7ebff9a
--- /dev/null
+++ b/haobang-security-xdr/.idea/libraries/Maven__org_apache_tomcat_embed_tomcat_embed_el_9_0_65.xml
@@ -0,0 +1,13 @@
+<component name="libraryTable">
+  <library name="Maven: org.apache.tomcat.embed:tomcat-embed-el:9.0.65">
+    <CLASSES>
+      <root url="jar://$USER_HOME$/.m2/repository/org/apache/tomcat/embed/tomcat-embed-el/9.0.65/tomcat-embed-el-9.0.65.jar!/" />
+    </CLASSES>
+    <JAVADOC>
+      <root url="jar://$USER_HOME$/.m2/repository/org/apache/tomcat/embed/tomcat-embed-el/9.0.65/tomcat-embed-el-9.0.65-javadoc.jar!/" />
+    </JAVADOC>
+    <SOURCES>
+      <root url="jar://$USER_HOME$/.m2/repository/org/apache/tomcat/embed/tomcat-embed-el/9.0.65/tomcat-embed-el-9.0.65-sources.jar!/" />
+    </SOURCES>
+  </library>
+</component>
\ No newline at end of file
diff --git a/haobang-security-xdr/.idea/libraries/Maven__org_apache_tomcat_embed_tomcat_embed_websocket_9_0_65.xml b/haobang-security-xdr/.idea/libraries/Maven__org_apache_tomcat_embed_tomcat_embed_websocket_9_0_65.xml
new file mode 100644
index 0000000..2b8a545
--- /dev/null
+++ b/haobang-security-xdr/.idea/libraries/Maven__org_apache_tomcat_embed_tomcat_embed_websocket_9_0_65.xml
@@ -0,0 +1,13 @@
+<component name="libraryTable">
+  <library name="Maven: org.apache.tomcat.embed:tomcat-embed-websocket:9.0.65">
+    <CLASSES>
+      <root url="jar://$USER_HOME$/.m2/repository/org/apache/tomcat/embed/tomcat-embed-websocket/9.0.65/tomcat-embed-websocket-9.0.65.jar!/" />
+    </CLASSES>
+    <JAVADOC>
+      <root url="jar://$USER_HOME$/.m2/repository/org/apache/tomcat/embed/tomcat-embed-websocket/9.0.65/tomcat-embed-websocket-9.0.65-javadoc.jar!/" />
+    </JAVADOC>
+    <SOURCES>
+      <root url="jar://$USER_HOME$/.m2/repository/org/apache/tomcat/embed/tomcat-embed-websocket/9.0.65/tomcat-embed-websocket-9.0.65-sources.jar!/" />
+    </SOURCES>
+  </library>
+</component>
\ No newline at end of file
diff --git a/haobang-security-xdr/.idea/libraries/Maven__org_apiguardian_apiguardian_api_1_1_2.xml b/haobang-security-xdr/.idea/libraries/Maven__org_apiguardian_apiguardian_api_1_1_2.xml
new file mode 100644
index 0000000..645e245
--- /dev/null
+++ b/haobang-security-xdr/.idea/libraries/Maven__org_apiguardian_apiguardian_api_1_1_2.xml
@@ -0,0 +1,13 @@
+<component name="libraryTable">
+  <library name="Maven: org.apiguardian:apiguardian-api:1.1.2">
+    <CLASSES>
+      <root url="jar://$USER_HOME$/.m2/repository/org/apiguardian/apiguardian-api/1.1.2/apiguardian-api-1.1.2.jar!/" />
+    </CLASSES>
+    <JAVADOC>
+      <root url="jar://$USER_HOME$/.m2/repository/org/apiguardian/apiguardian-api/1.1.2/apiguardian-api-1.1.2-javadoc.jar!/" />
+    </JAVADOC>
+    <SOURCES>
+      <root url="jar://$USER_HOME$/.m2/repository/org/apiguardian/apiguardian-api/1.1.2/apiguardian-api-1.1.2-sources.jar!/" />
+    </SOURCES>
+  </library>
+</component>
\ No newline at end of file
diff --git a/haobang-security-xdr/.idea/libraries/Maven__org_assertj_assertj_core_3_22_0.xml b/haobang-security-xdr/.idea/libraries/Maven__org_assertj_assertj_core_3_22_0.xml
new file mode 100644
index 0000000..a50d57f
--- /dev/null
+++ b/haobang-security-xdr/.idea/libraries/Maven__org_assertj_assertj_core_3_22_0.xml
@@ -0,0 +1,13 @@
+<component name="libraryTable">
+  <library name="Maven: org.assertj:assertj-core:3.22.0">
+    <CLASSES>
+      <root url="jar://$USER_HOME$/.m2/repository/org/assertj/assertj-core/3.22.0/assertj-core-3.22.0.jar!/" />
+    </CLASSES>
+    <JAVADOC>
+      <root url="jar://$USER_HOME$/.m2/repository/org/assertj/assertj-core/3.22.0/assertj-core-3.22.0-javadoc.jar!/" />
+    </JAVADOC>
+    <SOURCES>
+      <root url="jar://$USER_HOME$/.m2/repository/org/assertj/assertj-core/3.22.0/assertj-core-3.22.0-sources.jar!/" />
+    </SOURCES>
+  </library>
+</component>
\ No newline at end of file
diff --git a/haobang-security-xdr/.idea/libraries/Maven__org_checkerframework_checker_qual_3_5_0.xml b/haobang-security-xdr/.idea/libraries/Maven__org_checkerframework_checker_qual_3_5_0.xml
new file mode 100644
index 0000000..b38b75e
--- /dev/null
+++ b/haobang-security-xdr/.idea/libraries/Maven__org_checkerframework_checker_qual_3_5_0.xml
@@ -0,0 +1,13 @@
+<component name="libraryTable">
+  <library name="Maven: org.checkerframework:checker-qual:3.5.0">
+    <CLASSES>
+      <root url="jar://$USER_HOME$/.m2/repository/org/checkerframework/checker-qual/3.5.0/checker-qual-3.5.0.jar!/" />
+    </CLASSES>
+    <JAVADOC>
+      <root url="jar://$USER_HOME$/.m2/repository/org/checkerframework/checker-qual/3.5.0/checker-qual-3.5.0-javadoc.jar!/" />
+    </JAVADOC>
+    <SOURCES>
+      <root url="jar://$USER_HOME$/.m2/repository/org/checkerframework/checker-qual/3.5.0/checker-qual-3.5.0-sources.jar!/" />
+    </SOURCES>
+  </library>
+</component>
\ No newline at end of file
diff --git a/haobang-security-xdr/.idea/libraries/Maven__org_eclipse_parsson_parsson_1_0_0.xml b/haobang-security-xdr/.idea/libraries/Maven__org_eclipse_parsson_parsson_1_0_0.xml
new file mode 100644
index 0000000..d81fd9a
--- /dev/null
+++ b/haobang-security-xdr/.idea/libraries/Maven__org_eclipse_parsson_parsson_1_0_0.xml
@@ -0,0 +1,13 @@
+<component name="libraryTable">
+  <library name="Maven: org.eclipse.parsson:parsson:1.0.0">
+    <CLASSES>
+      <root url="jar://$USER_HOME$/.m2/repository/org/eclipse/parsson/parsson/1.0.0/parsson-1.0.0.jar!/" />
+    </CLASSES>
+    <JAVADOC>
+      <root url="jar://$USER_HOME$/.m2/repository/org/eclipse/parsson/parsson/1.0.0/parsson-1.0.0-javadoc.jar!/" />
+    </JAVADOC>
+    <SOURCES>
+      <root url="jar://$USER_HOME$/.m2/repository/org/eclipse/parsson/parsson/1.0.0/parsson-1.0.0-sources.jar!/" />
+    </SOURCES>
+  </library>
+</component>
\ No newline at end of file
diff --git a/haobang-security-xdr/.idea/libraries/Maven__org_elasticsearch_client_elasticsearch_rest_client_7_17_6.xml b/haobang-security-xdr/.idea/libraries/Maven__org_elasticsearch_client_elasticsearch_rest_client_7_17_6.xml
new file mode 100644
index 0000000..f3244df
--- /dev/null
+++ b/haobang-security-xdr/.idea/libraries/Maven__org_elasticsearch_client_elasticsearch_rest_client_7_17_6.xml
@@ -0,0 +1,13 @@
+<component name="libraryTable">
+  <library name="Maven: org.elasticsearch.client:elasticsearch-rest-client:7.17.6">
+    <CLASSES>
+      <root url="jar://$USER_HOME$/.m2/repository/org/elasticsearch/client/elasticsearch-rest-client/7.17.6/elasticsearch-rest-client-7.17.6.jar!/" />
+    </CLASSES>
+    <JAVADOC>
+      <root url="jar://$USER_HOME$/.m2/repository/org/elasticsearch/client/elasticsearch-rest-client/7.17.6/elasticsearch-rest-client-7.17.6-javadoc.jar!/" />
+    </JAVADOC>
+    <SOURCES>
+      <root url="jar://$USER_HOME$/.m2/repository/org/elasticsearch/client/elasticsearch-rest-client/7.17.6/elasticsearch-rest-client-7.17.6-sources.jar!/" />
+    </SOURCES>
+  </library>
+</component>
\ No newline at end of file
diff --git a/haobang-security-xdr/.idea/libraries/Maven__org_elasticsearch_client_elasticsearch_rest_high_level_client_7_17_6.xml b/haobang-security-xdr/.idea/libraries/Maven__org_elasticsearch_client_elasticsearch_rest_high_level_client_7_17_6.xml
new file mode 100644
index 0000000..ac413f3
--- /dev/null
+++ b/haobang-security-xdr/.idea/libraries/Maven__org_elasticsearch_client_elasticsearch_rest_high_level_client_7_17_6.xml
@@ -0,0 +1,13 @@
+<component name="libraryTable">
+  <library name="Maven: org.elasticsearch.client:elasticsearch-rest-high-level-client:7.17.6">
+    <CLASSES>
+      <root url="jar://$USER_HOME$/.m2/repository/org/elasticsearch/client/elasticsearch-rest-high-level-client/7.17.6/elasticsearch-rest-high-level-client-7.17.6.jar!/" />
+    </CLASSES>
+    <JAVADOC>
+      <root url="jar://$USER_HOME$/.m2/repository/org/elasticsearch/client/elasticsearch-rest-high-level-client/7.17.6/elasticsearch-rest-high-level-client-7.17.6-javadoc.jar!/" />
+    </JAVADOC>
+    <SOURCES>
+      <root url="jar://$USER_HOME$/.m2/repository/org/elasticsearch/client/elasticsearch-rest-high-level-client/7.17.6/elasticsearch-rest-high-level-client-7.17.6-sources.jar!/" />
+    </SOURCES>
+  </library>
+</component>
\ No newline at end of file
diff --git a/haobang-security-xdr/.idea/libraries/Maven__org_elasticsearch_elasticsearch_7_17_6.xml b/haobang-security-xdr/.idea/libraries/Maven__org_elasticsearch_elasticsearch_7_17_6.xml
new file mode 100644
index 0000000..a32e1f0
--- /dev/null
+++ b/haobang-security-xdr/.idea/libraries/Maven__org_elasticsearch_elasticsearch_7_17_6.xml
@@ -0,0 +1,13 @@
+<component name="libraryTable">
+  <library name="Maven: org.elasticsearch:elasticsearch:7.17.6">
+    <CLASSES>
+      <root url="jar://$USER_HOME$/.m2/repository/org/elasticsearch/elasticsearch/7.17.6/elasticsearch-7.17.6.jar!/" />
+    </CLASSES>
+    <JAVADOC>
+      <root url="jar://$USER_HOME$/.m2/repository/org/elasticsearch/elasticsearch/7.17.6/elasticsearch-7.17.6-javadoc.jar!/" />
+    </JAVADOC>
+    <SOURCES>
+      <root url="jar://$USER_HOME$/.m2/repository/org/elasticsearch/elasticsearch/7.17.6/elasticsearch-7.17.6-sources.jar!/" />
+    </SOURCES>
+  </library>
+</component>
\ No newline at end of file
diff --git a/haobang-security-xdr/.idea/libraries/Maven__org_elasticsearch_elasticsearch_cli_7_17_6.xml b/haobang-security-xdr/.idea/libraries/Maven__org_elasticsearch_elasticsearch_cli_7_17_6.xml
new file mode 100644
index 0000000..73519e7
--- /dev/null
+++ b/haobang-security-xdr/.idea/libraries/Maven__org_elasticsearch_elasticsearch_cli_7_17_6.xml
@@ -0,0 +1,13 @@
+<component name="libraryTable">
+  <library name="Maven: org.elasticsearch:elasticsearch-cli:7.17.6">
+    <CLASSES>
+      <root url="jar://$USER_HOME$/.m2/repository/org/elasticsearch/elasticsearch-cli/7.17.6/elasticsearch-cli-7.17.6.jar!/" />
+    </CLASSES>
+    <JAVADOC>
+      <root url="jar://$USER_HOME$/.m2/repository/org/elasticsearch/elasticsearch-cli/7.17.6/elasticsearch-cli-7.17.6-javadoc.jar!/" />
+    </JAVADOC>
+    <SOURCES>
+      <root url="jar://$USER_HOME$/.m2/repository/org/elasticsearch/elasticsearch-cli/7.17.6/elasticsearch-cli-7.17.6-sources.jar!/" />
+    </SOURCES>
+  </library>
+</component>
\ No newline at end of file
diff --git a/haobang-security-xdr/.idea/libraries/Maven__org_elasticsearch_elasticsearch_core_7_17_6.xml b/haobang-security-xdr/.idea/libraries/Maven__org_elasticsearch_elasticsearch_core_7_17_6.xml
new file mode 100644
index 0000000..872dd1e
--- /dev/null
+++ b/haobang-security-xdr/.idea/libraries/Maven__org_elasticsearch_elasticsearch_core_7_17_6.xml
@@ -0,0 +1,13 @@
+<component name="libraryTable">
+  <library name="Maven: org.elasticsearch:elasticsearch-core:7.17.6">
+    <CLASSES>
+      <root url="jar://$USER_HOME$/.m2/repository/org/elasticsearch/elasticsearch-core/7.17.6/elasticsearch-core-7.17.6.jar!/" />
+    </CLASSES>
+    <JAVADOC>
+      <root url="jar://$USER_HOME$/.m2/repository/org/elasticsearch/elasticsearch-core/7.17.6/elasticsearch-core-7.17.6-javadoc.jar!/" />
+    </JAVADOC>
+    <SOURCES>
+      <root url="jar://$USER_HOME$/.m2/repository/org/elasticsearch/elasticsearch-core/7.17.6/elasticsearch-core-7.17.6-sources.jar!/" />
+    </SOURCES>
+  </library>
+</component>
\ No newline at end of file
diff --git a/haobang-security-xdr/.idea/libraries/Maven__org_elasticsearch_elasticsearch_geo_7_17_6.xml b/haobang-security-xdr/.idea/libraries/Maven__org_elasticsearch_elasticsearch_geo_7_17_6.xml
new file mode 100644
index 0000000..a11e3f8
--- /dev/null
+++ b/haobang-security-xdr/.idea/libraries/Maven__org_elasticsearch_elasticsearch_geo_7_17_6.xml
@@ -0,0 +1,13 @@
+<component name="libraryTable">
+  <library name="Maven: org.elasticsearch:elasticsearch-geo:7.17.6">
+    <CLASSES>
+      <root url="jar://$USER_HOME$/.m2/repository/org/elasticsearch/elasticsearch-geo/7.17.6/elasticsearch-geo-7.17.6.jar!/" />
+    </CLASSES>
+    <JAVADOC>
+      <root url="jar://$USER_HOME$/.m2/repository/org/elasticsearch/elasticsearch-geo/7.17.6/elasticsearch-geo-7.17.6-javadoc.jar!/" />
+    </JAVADOC>
+    <SOURCES>
+      <root url="jar://$USER_HOME$/.m2/repository/org/elasticsearch/elasticsearch-geo/7.17.6/elasticsearch-geo-7.17.6-sources.jar!/" />
+    </SOURCES>
+  </library>
+</component>
\ No newline at end of file
diff --git a/haobang-security-xdr/.idea/libraries/Maven__org_elasticsearch_elasticsearch_lz4_7_17_6.xml b/haobang-security-xdr/.idea/libraries/Maven__org_elasticsearch_elasticsearch_lz4_7_17_6.xml
new file mode 100644
index 0000000..0688d3f
--- /dev/null
+++ b/haobang-security-xdr/.idea/libraries/Maven__org_elasticsearch_elasticsearch_lz4_7_17_6.xml
@@ -0,0 +1,13 @@
+<component name="libraryTable">
+  <library name="Maven: org.elasticsearch:elasticsearch-lz4:7.17.6">
+    <CLASSES>
+      <root url="jar://$USER_HOME$/.m2/repository/org/elasticsearch/elasticsearch-lz4/7.17.6/elasticsearch-lz4-7.17.6.jar!/" />
+    </CLASSES>
+    <JAVADOC>
+      <root url="jar://$USER_HOME$/.m2/repository/org/elasticsearch/elasticsearch-lz4/7.17.6/elasticsearch-lz4-7.17.6-javadoc.jar!/" />
+    </JAVADOC>
+    <SOURCES>
+      <root url="jar://$USER_HOME$/.m2/repository/org/elasticsearch/elasticsearch-lz4/7.17.6/elasticsearch-lz4-7.17.6-sources.jar!/" />
+    </SOURCES>
+  </library>
+</component>
\ No newline at end of file
diff --git a/haobang-security-xdr/.idea/libraries/Maven__org_elasticsearch_elasticsearch_plugin_classloader_7_17_6.xml b/haobang-security-xdr/.idea/libraries/Maven__org_elasticsearch_elasticsearch_plugin_classloader_7_17_6.xml
new file mode 100644
index 0000000..f82834d
--- /dev/null
+++ b/haobang-security-xdr/.idea/libraries/Maven__org_elasticsearch_elasticsearch_plugin_classloader_7_17_6.xml
@@ -0,0 +1,13 @@
+<component name="libraryTable">
+  <library name="Maven: org.elasticsearch:elasticsearch-plugin-classloader:7.17.6">
+    <CLASSES>
+      <root url="jar://$USER_HOME$/.m2/repository/org/elasticsearch/elasticsearch-plugin-classloader/7.17.6/elasticsearch-plugin-classloader-7.17.6.jar!/" />
+    </CLASSES>
+    <JAVADOC>
+      <root url="jar://$USER_HOME$/.m2/repository/org/elasticsearch/elasticsearch-plugin-classloader/7.17.6/elasticsearch-plugin-classloader-7.17.6-javadoc.jar!/" />
+    </JAVADOC>
+    <SOURCES>
+      <root url="jar://$USER_HOME$/.m2/repository/org/elasticsearch/elasticsearch-plugin-classloader/7.17.6/elasticsearch-plugin-classloader-7.17.6-sources.jar!/" />
+    </SOURCES>
+  </library>
+</component>
\ No newline at end of file
diff --git a/haobang-security-xdr/.idea/libraries/Maven__org_elasticsearch_elasticsearch_secure_sm_7_17_6.xml b/haobang-security-xdr/.idea/libraries/Maven__org_elasticsearch_elasticsearch_secure_sm_7_17_6.xml
new file mode 100644
index 0000000..81d1485
--- /dev/null
+++ b/haobang-security-xdr/.idea/libraries/Maven__org_elasticsearch_elasticsearch_secure_sm_7_17_6.xml
@@ -0,0 +1,13 @@
+<component name="libraryTable">
+  <library name="Maven: org.elasticsearch:elasticsearch-secure-sm:7.17.6">
+    <CLASSES>
+      <root url="jar://$USER_HOME$/.m2/repository/org/elasticsearch/elasticsearch-secure-sm/7.17.6/elasticsearch-secure-sm-7.17.6.jar!/" />
+    </CLASSES>
+    <JAVADOC>
+      <root url="jar://$USER_HOME$/.m2/repository/org/elasticsearch/elasticsearch-secure-sm/7.17.6/elasticsearch-secure-sm-7.17.6-javadoc.jar!/" />
+    </JAVADOC>
+    <SOURCES>
+      <root url="jar://$USER_HOME$/.m2/repository/org/elasticsearch/elasticsearch-secure-sm/7.17.6/elasticsearch-secure-sm-7.17.6-sources.jar!/" />
+    </SOURCES>
+  </library>
+</component>
\ No newline at end of file
diff --git a/haobang-security-xdr/.idea/libraries/Maven__org_elasticsearch_elasticsearch_x_content_7_17_6.xml b/haobang-security-xdr/.idea/libraries/Maven__org_elasticsearch_elasticsearch_x_content_7_17_6.xml
new file mode 100644
index 0000000..6e85560
--- /dev/null
+++ b/haobang-security-xdr/.idea/libraries/Maven__org_elasticsearch_elasticsearch_x_content_7_17_6.xml
@@ -0,0 +1,13 @@
+<component name="libraryTable">
+  <library name="Maven: org.elasticsearch:elasticsearch-x-content:7.17.6">
+    <CLASSES>
+      <root url="jar://$USER_HOME$/.m2/repository/org/elasticsearch/elasticsearch-x-content/7.17.6/elasticsearch-x-content-7.17.6.jar!/" />
+    </CLASSES>
+    <JAVADOC>
+      <root url="jar://$USER_HOME$/.m2/repository/org/elasticsearch/elasticsearch-x-content/7.17.6/elasticsearch-x-content-7.17.6-javadoc.jar!/" />
+    </JAVADOC>
+    <SOURCES>
+      <root url="jar://$USER_HOME$/.m2/repository/org/elasticsearch/elasticsearch-x-content/7.17.6/elasticsearch-x-content-7.17.6-sources.jar!/" />
+    </SOURCES>
+  </library>
+</component>
\ No newline at end of file
diff --git a/haobang-security-xdr/.idea/libraries/Maven__org_elasticsearch_plugin_aggs_matrix_stats_client_7_17_6.xml b/haobang-security-xdr/.idea/libraries/Maven__org_elasticsearch_plugin_aggs_matrix_stats_client_7_17_6.xml
new file mode 100644
index 0000000..a7fd31b
--- /dev/null
+++ b/haobang-security-xdr/.idea/libraries/Maven__org_elasticsearch_plugin_aggs_matrix_stats_client_7_17_6.xml
@@ -0,0 +1,13 @@
+<component name="libraryTable">
+  <library name="Maven: org.elasticsearch.plugin:aggs-matrix-stats-client:7.17.6">
+    <CLASSES>
+      <root url="jar://$USER_HOME$/.m2/repository/org/elasticsearch/plugin/aggs-matrix-stats-client/7.17.6/aggs-matrix-stats-client-7.17.6.jar!/" />
+    </CLASSES>
+    <JAVADOC>
+      <root url="jar://$USER_HOME$/.m2/repository/org/elasticsearch/plugin/aggs-matrix-stats-client/7.17.6/aggs-matrix-stats-client-7.17.6-javadoc.jar!/" />
+    </JAVADOC>
+    <SOURCES>
+      <root url="jar://$USER_HOME$/.m2/repository/org/elasticsearch/plugin/aggs-matrix-stats-client/7.17.6/aggs-matrix-stats-client-7.17.6-sources.jar!/" />
+    </SOURCES>
+  </library>
+</component>
\ No newline at end of file
diff --git a/haobang-security-xdr/.idea/libraries/Maven__org_elasticsearch_plugin_lang_mustache_client_7_17_6.xml b/haobang-security-xdr/.idea/libraries/Maven__org_elasticsearch_plugin_lang_mustache_client_7_17_6.xml
new file mode 100644
index 0000000..d92a931
--- /dev/null
+++ b/haobang-security-xdr/.idea/libraries/Maven__org_elasticsearch_plugin_lang_mustache_client_7_17_6.xml
@@ -0,0 +1,13 @@
+<component name="libraryTable">
+  <library name="Maven: org.elasticsearch.plugin:lang-mustache-client:7.17.6">
+    <CLASSES>
+      <root url="jar://$USER_HOME$/.m2/repository/org/elasticsearch/plugin/lang-mustache-client/7.17.6/lang-mustache-client-7.17.6.jar!/" />
+    </CLASSES>
+    <JAVADOC>
+      <root url="jar://$USER_HOME$/.m2/repository/org/elasticsearch/plugin/lang-mustache-client/7.17.6/lang-mustache-client-7.17.6-javadoc.jar!/" />
+    </JAVADOC>
+    <SOURCES>
+      <root url="jar://$USER_HOME$/.m2/repository/org/elasticsearch/plugin/lang-mustache-client/7.17.6/lang-mustache-client-7.17.6-sources.jar!/" />
+    </SOURCES>
+  </library>
+</component>
\ No newline at end of file
diff --git a/haobang-security-xdr/.idea/libraries/Maven__org_elasticsearch_plugin_mapper_extras_client_7_17_6.xml b/haobang-security-xdr/.idea/libraries/Maven__org_elasticsearch_plugin_mapper_extras_client_7_17_6.xml
new file mode 100644
index 0000000..fc63a56
--- /dev/null
+++ b/haobang-security-xdr/.idea/libraries/Maven__org_elasticsearch_plugin_mapper_extras_client_7_17_6.xml
@@ -0,0 +1,13 @@
+<component name="libraryTable">
+  <library name="Maven: org.elasticsearch.plugin:mapper-extras-client:7.17.6">
+    <CLASSES>
+      <root url="jar://$USER_HOME$/.m2/repository/org/elasticsearch/plugin/mapper-extras-client/7.17.6/mapper-extras-client-7.17.6.jar!/" />
+    </CLASSES>
+    <JAVADOC>
+      <root url="jar://$USER_HOME$/.m2/repository/org/elasticsearch/plugin/mapper-extras-client/7.17.6/mapper-extras-client-7.17.6-javadoc.jar!/" />
+    </JAVADOC>
+    <SOURCES>
+      <root url="jar://$USER_HOME$/.m2/repository/org/elasticsearch/plugin/mapper-extras-client/7.17.6/mapper-extras-client-7.17.6-sources.jar!/" />
+    </SOURCES>
+  </library>
+</component>
\ No newline at end of file
diff --git a/haobang-security-xdr/.idea/libraries/Maven__org_elasticsearch_plugin_parent_join_client_7_17_6.xml b/haobang-security-xdr/.idea/libraries/Maven__org_elasticsearch_plugin_parent_join_client_7_17_6.xml
new file mode 100644
index 0000000..da7a7bd
--- /dev/null
+++ b/haobang-security-xdr/.idea/libraries/Maven__org_elasticsearch_plugin_parent_join_client_7_17_6.xml
@@ -0,0 +1,13 @@
+<component name="libraryTable">
+  <library name="Maven: org.elasticsearch.plugin:parent-join-client:7.17.6">
+    <CLASSES>
+      <root url="jar://$USER_HOME$/.m2/repository/org/elasticsearch/plugin/parent-join-client/7.17.6/parent-join-client-7.17.6.jar!/" />
+    </CLASSES>
+    <JAVADOC>
+      <root url="jar://$USER_HOME$/.m2/repository/org/elasticsearch/plugin/parent-join-client/7.17.6/parent-join-client-7.17.6-javadoc.jar!/" />
+    </JAVADOC>
+    <SOURCES>
+      <root url="jar://$USER_HOME$/.m2/repository/org/elasticsearch/plugin/parent-join-client/7.17.6/parent-join-client-7.17.6-sources.jar!/" />
+    </SOURCES>
+  </library>
+</component>
\ No newline at end of file
diff --git a/haobang-security-xdr/.idea/libraries/Maven__org_elasticsearch_plugin_rank_eval_client_7_17_6.xml b/haobang-security-xdr/.idea/libraries/Maven__org_elasticsearch_plugin_rank_eval_client_7_17_6.xml
new file mode 100644
index 0000000..4314dd9
--- /dev/null
+++ b/haobang-security-xdr/.idea/libraries/Maven__org_elasticsearch_plugin_rank_eval_client_7_17_6.xml
@@ -0,0 +1,13 @@
+<component name="libraryTable">
+  <library name="Maven: org.elasticsearch.plugin:rank-eval-client:7.17.6">
+    <CLASSES>
+      <root url="jar://$USER_HOME$/.m2/repository/org/elasticsearch/plugin/rank-eval-client/7.17.6/rank-eval-client-7.17.6.jar!/" />
+    </CLASSES>
+    <JAVADOC>
+      <root url="jar://$USER_HOME$/.m2/repository/org/elasticsearch/plugin/rank-eval-client/7.17.6/rank-eval-client-7.17.6-javadoc.jar!/" />
+    </JAVADOC>
+    <SOURCES>
+      <root url="jar://$USER_HOME$/.m2/repository/org/elasticsearch/plugin/rank-eval-client/7.17.6/rank-eval-client-7.17.6-sources.jar!/" />
+    </SOURCES>
+  </library>
+</component>
\ No newline at end of file
diff --git a/haobang-security-xdr/.idea/libraries/Maven__org_graylog2_syslog4j_0_9_61.xml b/haobang-security-xdr/.idea/libraries/Maven__org_graylog2_syslog4j_0_9_61.xml
new file mode 100644
index 0000000..ca213ec
--- /dev/null
+++ b/haobang-security-xdr/.idea/libraries/Maven__org_graylog2_syslog4j_0_9_61.xml
@@ -0,0 +1,13 @@
+<component name="libraryTable">
+  <library name="Maven: org.graylog2:syslog4j:0.9.61">
+    <CLASSES>
+      <root url="jar://$USER_HOME$/.m2/repository/org/graylog2/syslog4j/0.9.61/syslog4j-0.9.61.jar!/" />
+    </CLASSES>
+    <JAVADOC>
+      <root url="jar://$USER_HOME$/.m2/repository/org/graylog2/syslog4j/0.9.61/syslog4j-0.9.61-javadoc.jar!/" />
+    </JAVADOC>
+    <SOURCES>
+      <root url="jar://$USER_HOME$/.m2/repository/org/graylog2/syslog4j/0.9.61/syslog4j-0.9.61-sources.jar!/" />
+    </SOURCES>
+  </library>
+</component>
\ No newline at end of file
diff --git a/haobang-security-xdr/.idea/libraries/Maven__org_hamcrest_hamcrest_2_2.xml b/haobang-security-xdr/.idea/libraries/Maven__org_hamcrest_hamcrest_2_2.xml
new file mode 100644
index 0000000..ae33eaf
--- /dev/null
+++ b/haobang-security-xdr/.idea/libraries/Maven__org_hamcrest_hamcrest_2_2.xml
@@ -0,0 +1,13 @@
+<component name="libraryTable">
+  <library name="Maven: org.hamcrest:hamcrest:2.2">
+    <CLASSES>
+      <root url="jar://$USER_HOME$/.m2/repository/org/hamcrest/hamcrest/2.2/hamcrest-2.2.jar!/" />
+    </CLASSES>
+    <JAVADOC>
+      <root url="jar://$USER_HOME$/.m2/repository/org/hamcrest/hamcrest/2.2/hamcrest-2.2-javadoc.jar!/" />
+    </JAVADOC>
+    <SOURCES>
+      <root url="jar://$USER_HOME$/.m2/repository/org/hamcrest/hamcrest/2.2/hamcrest-2.2-sources.jar!/" />
+    </SOURCES>
+  </library>
+</component>
\ No newline at end of file
diff --git a/haobang-security-xdr/.idea/libraries/Maven__org_hdrhistogram_HdrHistogram_2_1_9.xml b/haobang-security-xdr/.idea/libraries/Maven__org_hdrhistogram_HdrHistogram_2_1_9.xml
new file mode 100644
index 0000000..20c8278
--- /dev/null
+++ b/haobang-security-xdr/.idea/libraries/Maven__org_hdrhistogram_HdrHistogram_2_1_9.xml
@@ -0,0 +1,13 @@
+<component name="libraryTable">
+  <library name="Maven: org.hdrhistogram:HdrHistogram:2.1.9">
+    <CLASSES>
+      <root url="jar://$USER_HOME$/.m2/repository/org/hdrhistogram/HdrHistogram/2.1.9/HdrHistogram-2.1.9.jar!/" />
+    </CLASSES>
+    <JAVADOC>
+      <root url="jar://$USER_HOME$/.m2/repository/org/hdrhistogram/HdrHistogram/2.1.9/HdrHistogram-2.1.9-javadoc.jar!/" />
+    </JAVADOC>
+    <SOURCES>
+      <root url="jar://$USER_HOME$/.m2/repository/org/hdrhistogram/HdrHistogram/2.1.9/HdrHistogram-2.1.9-sources.jar!/" />
+    </SOURCES>
+  </library>
+</component>
\ No newline at end of file
diff --git a/haobang-security-xdr/.idea/libraries/Maven__org_hibernate_validator_hibernate_validator_6_2_5_Final.xml b/haobang-security-xdr/.idea/libraries/Maven__org_hibernate_validator_hibernate_validator_6_2_5_Final.xml
new file mode 100644
index 0000000..962927f
--- /dev/null
+++ b/haobang-security-xdr/.idea/libraries/Maven__org_hibernate_validator_hibernate_validator_6_2_5_Final.xml
@@ -0,0 +1,13 @@
+<component name="libraryTable">
+  <library name="Maven: org.hibernate.validator:hibernate-validator:6.2.5.Final">
+    <CLASSES>
+      <root url="jar://$USER_HOME$/.m2/repository/org/hibernate/validator/hibernate-validator/6.2.5.Final/hibernate-validator-6.2.5.Final.jar!/" />
+    </CLASSES>
+    <JAVADOC>
+      <root url="jar://$USER_HOME$/.m2/repository/org/hibernate/validator/hibernate-validator/6.2.5.Final/hibernate-validator-6.2.5.Final-javadoc.jar!/" />
+    </JAVADOC>
+    <SOURCES>
+      <root url="jar://$USER_HOME$/.m2/repository/org/hibernate/validator/hibernate-validator/6.2.5.Final/hibernate-validator-6.2.5.Final-sources.jar!/" />
+    </SOURCES>
+  </library>
+</component>
\ No newline at end of file
diff --git a/haobang-security-xdr/.idea/libraries/Maven__org_jboss_logging_jboss_logging_3_4_3_Final.xml b/haobang-security-xdr/.idea/libraries/Maven__org_jboss_logging_jboss_logging_3_4_3_Final.xml
new file mode 100644
index 0000000..167bd35
--- /dev/null
+++ b/haobang-security-xdr/.idea/libraries/Maven__org_jboss_logging_jboss_logging_3_4_3_Final.xml
@@ -0,0 +1,13 @@
+<component name="libraryTable">
+  <library name="Maven: org.jboss.logging:jboss-logging:3.4.3.Final">
+    <CLASSES>
+      <root url="jar://$USER_HOME$/.m2/repository/org/jboss/logging/jboss-logging/3.4.3.Final/jboss-logging-3.4.3.Final.jar!/" />
+    </CLASSES>
+    <JAVADOC>
+      <root url="jar://$USER_HOME$/.m2/repository/org/jboss/logging/jboss-logging/3.4.3.Final/jboss-logging-3.4.3.Final-javadoc.jar!/" />
+    </JAVADOC>
+    <SOURCES>
+      <root url="jar://$USER_HOME$/.m2/repository/org/jboss/logging/jboss-logging/3.4.3.Final/jboss-logging-3.4.3.Final-sources.jar!/" />
+    </SOURCES>
+  </library>
+</component>
\ No newline at end of file
diff --git a/haobang-security-xdr/.idea/libraries/Maven__org_jetbrains_annotations_13_0.xml b/haobang-security-xdr/.idea/libraries/Maven__org_jetbrains_annotations_13_0.xml
new file mode 100644
index 0000000..6523d97
--- /dev/null
+++ b/haobang-security-xdr/.idea/libraries/Maven__org_jetbrains_annotations_13_0.xml
@@ -0,0 +1,13 @@
+<component name="libraryTable">
+  <library name="Maven: org.jetbrains:annotations:13.0">
+    <CLASSES>
+      <root url="jar://$USER_HOME$/.m2/repository/org/jetbrains/annotations/13.0/annotations-13.0.jar!/" />
+    </CLASSES>
+    <JAVADOC>
+      <root url="jar://$USER_HOME$/.m2/repository/org/jetbrains/annotations/13.0/annotations-13.0-javadoc.jar!/" />
+    </JAVADOC>
+    <SOURCES>
+      <root url="jar://$USER_HOME$/.m2/repository/org/jetbrains/annotations/13.0/annotations-13.0-sources.jar!/" />
+    </SOURCES>
+  </library>
+</component>
\ No newline at end of file
diff --git a/haobang-security-xdr/.idea/libraries/Maven__org_jetbrains_kotlin_kotlin_stdlib_1_6_21.xml b/haobang-security-xdr/.idea/libraries/Maven__org_jetbrains_kotlin_kotlin_stdlib_1_6_21.xml
new file mode 100644
index 0000000..88f0d98
--- /dev/null
+++ b/haobang-security-xdr/.idea/libraries/Maven__org_jetbrains_kotlin_kotlin_stdlib_1_6_21.xml
@@ -0,0 +1,13 @@
+<component name="libraryTable">
+  <library name="Maven: org.jetbrains.kotlin:kotlin-stdlib:1.6.21">
+    <CLASSES>
+      <root url="jar://$USER_HOME$/.m2/repository/org/jetbrains/kotlin/kotlin-stdlib/1.6.21/kotlin-stdlib-1.6.21.jar!/" />
+    </CLASSES>
+    <JAVADOC>
+      <root url="jar://$USER_HOME$/.m2/repository/org/jetbrains/kotlin/kotlin-stdlib/1.6.21/kotlin-stdlib-1.6.21-javadoc.jar!/" />
+    </JAVADOC>
+    <SOURCES>
+      <root url="jar://$USER_HOME$/.m2/repository/org/jetbrains/kotlin/kotlin-stdlib/1.6.21/kotlin-stdlib-1.6.21-sources.jar!/" />
+    </SOURCES>
+  </library>
+</component>
\ No newline at end of file
diff --git a/haobang-security-xdr/.idea/libraries/Maven__org_jetbrains_kotlin_kotlin_stdlib_common_1_6_21.xml b/haobang-security-xdr/.idea/libraries/Maven__org_jetbrains_kotlin_kotlin_stdlib_common_1_6_21.xml
new file mode 100644
index 0000000..5f7ad7b
--- /dev/null
+++ b/haobang-security-xdr/.idea/libraries/Maven__org_jetbrains_kotlin_kotlin_stdlib_common_1_6_21.xml
@@ -0,0 +1,13 @@
+<component name="libraryTable">
+  <library name="Maven: org.jetbrains.kotlin:kotlin-stdlib-common:1.6.21">
+    <CLASSES>
+      <root url="jar://$USER_HOME$/.m2/repository/org/jetbrains/kotlin/kotlin-stdlib-common/1.6.21/kotlin-stdlib-common-1.6.21.jar!/" />
+    </CLASSES>
+    <JAVADOC>
+      <root url="jar://$USER_HOME$/.m2/repository/org/jetbrains/kotlin/kotlin-stdlib-common/1.6.21/kotlin-stdlib-common-1.6.21-javadoc.jar!/" />
+    </JAVADOC>
+    <SOURCES>
+      <root url="jar://$USER_HOME$/.m2/repository/org/jetbrains/kotlin/kotlin-stdlib-common/1.6.21/kotlin-stdlib-common-1.6.21-sources.jar!/" />
+    </SOURCES>
+  </library>
+</component>
\ No newline at end of file
diff --git a/haobang-security-xdr/.idea/libraries/Maven__org_jetbrains_kotlin_kotlin_stdlib_jdk7_1_6_21.xml b/haobang-security-xdr/.idea/libraries/Maven__org_jetbrains_kotlin_kotlin_stdlib_jdk7_1_6_21.xml
new file mode 100644
index 0000000..5db0168
--- /dev/null
+++ b/haobang-security-xdr/.idea/libraries/Maven__org_jetbrains_kotlin_kotlin_stdlib_jdk7_1_6_21.xml
@@ -0,0 +1,13 @@
+<component name="libraryTable">
+  <library name="Maven: org.jetbrains.kotlin:kotlin-stdlib-jdk7:1.6.21">
+    <CLASSES>
+      <root url="jar://$USER_HOME$/.m2/repository/org/jetbrains/kotlin/kotlin-stdlib-jdk7/1.6.21/kotlin-stdlib-jdk7-1.6.21.jar!/" />
+    </CLASSES>
+    <JAVADOC>
+      <root url="jar://$USER_HOME$/.m2/repository/org/jetbrains/kotlin/kotlin-stdlib-jdk7/1.6.21/kotlin-stdlib-jdk7-1.6.21-javadoc.jar!/" />
+    </JAVADOC>
+    <SOURCES>
+      <root url="jar://$USER_HOME$/.m2/repository/org/jetbrains/kotlin/kotlin-stdlib-jdk7/1.6.21/kotlin-stdlib-jdk7-1.6.21-sources.jar!/" />
+    </SOURCES>
+  </library>
+</component>
\ No newline at end of file
diff --git a/haobang-security-xdr/.idea/libraries/Maven__org_jetbrains_kotlin_kotlin_stdlib_jdk8_1_6_21.xml b/haobang-security-xdr/.idea/libraries/Maven__org_jetbrains_kotlin_kotlin_stdlib_jdk8_1_6_21.xml
new file mode 100644
index 0000000..287adb5
--- /dev/null
+++ b/haobang-security-xdr/.idea/libraries/Maven__org_jetbrains_kotlin_kotlin_stdlib_jdk8_1_6_21.xml
@@ -0,0 +1,13 @@
+<component name="libraryTable">
+  <library name="Maven: org.jetbrains.kotlin:kotlin-stdlib-jdk8:1.6.21">
+    <CLASSES>
+      <root url="jar://$USER_HOME$/.m2/repository/org/jetbrains/kotlin/kotlin-stdlib-jdk8/1.6.21/kotlin-stdlib-jdk8-1.6.21.jar!/" />
+    </CLASSES>
+    <JAVADOC>
+      <root url="jar://$USER_HOME$/.m2/repository/org/jetbrains/kotlin/kotlin-stdlib-jdk8/1.6.21/kotlin-stdlib-jdk8-1.6.21-javadoc.jar!/" />
+    </JAVADOC>
+    <SOURCES>
+      <root url="jar://$USER_HOME$/.m2/repository/org/jetbrains/kotlin/kotlin-stdlib-jdk8/1.6.21/kotlin-stdlib-jdk8-1.6.21-sources.jar!/" />
+    </SOURCES>
+  </library>
+</component>
\ No newline at end of file
diff --git a/haobang-security-xdr/.idea/libraries/Maven__org_json_json_20231013.xml b/haobang-security-xdr/.idea/libraries/Maven__org_json_json_20231013.xml
new file mode 100644
index 0000000..53d6483
--- /dev/null
+++ b/haobang-security-xdr/.idea/libraries/Maven__org_json_json_20231013.xml
@@ -0,0 +1,13 @@
+<component name="libraryTable">
+  <library name="Maven: org.json:json:20231013">
+    <CLASSES>
+      <root url="jar://$USER_HOME$/.m2/repository/org/json/json/20231013/json-20231013.jar!/" />
+    </CLASSES>
+    <JAVADOC>
+      <root url="jar://$USER_HOME$/.m2/repository/org/json/json/20231013/json-20231013-javadoc.jar!/" />
+    </JAVADOC>
+    <SOURCES>
+      <root url="jar://$USER_HOME$/.m2/repository/org/json/json/20231013/json-20231013-sources.jar!/" />
+    </SOURCES>
+  </library>
+</component>
\ No newline at end of file
diff --git a/haobang-security-xdr/.idea/libraries/Maven__org_junit_jupiter_junit_jupiter_5_8_2.xml b/haobang-security-xdr/.idea/libraries/Maven__org_junit_jupiter_junit_jupiter_5_8_2.xml
new file mode 100644
index 0000000..02dd763
--- /dev/null
+++ b/haobang-security-xdr/.idea/libraries/Maven__org_junit_jupiter_junit_jupiter_5_8_2.xml
@@ -0,0 +1,13 @@
+<component name="libraryTable">
+  <library name="Maven: org.junit.jupiter:junit-jupiter:5.8.2">
+    <CLASSES>
+      <root url="jar://$USER_HOME$/.m2/repository/org/junit/jupiter/junit-jupiter/5.8.2/junit-jupiter-5.8.2.jar!/" />
+    </CLASSES>
+    <JAVADOC>
+      <root url="jar://$USER_HOME$/.m2/repository/org/junit/jupiter/junit-jupiter/5.8.2/junit-jupiter-5.8.2-javadoc.jar!/" />
+    </JAVADOC>
+    <SOURCES>
+      <root url="jar://$USER_HOME$/.m2/repository/org/junit/jupiter/junit-jupiter/5.8.2/junit-jupiter-5.8.2-sources.jar!/" />
+    </SOURCES>
+  </library>
+</component>
\ No newline at end of file
diff --git a/haobang-security-xdr/.idea/libraries/Maven__org_junit_jupiter_junit_jupiter_5_9_2.xml b/haobang-security-xdr/.idea/libraries/Maven__org_junit_jupiter_junit_jupiter_5_9_2.xml
new file mode 100644
index 0000000..f54a127
--- /dev/null
+++ b/haobang-security-xdr/.idea/libraries/Maven__org_junit_jupiter_junit_jupiter_5_9_2.xml
@@ -0,0 +1,13 @@
+<component name="libraryTable">
+  <library name="Maven: org.junit.jupiter:junit-jupiter:5.9.2">
+    <CLASSES>
+      <root url="jar://$USER_HOME$/.m2/repository/org/junit/jupiter/junit-jupiter/5.9.2/junit-jupiter-5.9.2.jar!/" />
+    </CLASSES>
+    <JAVADOC>
+      <root url="jar://$USER_HOME$/.m2/repository/org/junit/jupiter/junit-jupiter/5.9.2/junit-jupiter-5.9.2-javadoc.jar!/" />
+    </JAVADOC>
+    <SOURCES>
+      <root url="jar://$USER_HOME$/.m2/repository/org/junit/jupiter/junit-jupiter/5.9.2/junit-jupiter-5.9.2-sources.jar!/" />
+    </SOURCES>
+  </library>
+</component>
\ No newline at end of file
diff --git a/haobang-security-xdr/.idea/libraries/Maven__org_junit_jupiter_junit_jupiter_api_5_8_2.xml b/haobang-security-xdr/.idea/libraries/Maven__org_junit_jupiter_junit_jupiter_api_5_8_2.xml
new file mode 100644
index 0000000..11e6f8b
--- /dev/null
+++ b/haobang-security-xdr/.idea/libraries/Maven__org_junit_jupiter_junit_jupiter_api_5_8_2.xml
@@ -0,0 +1,13 @@
+<component name="libraryTable">
+  <library name="Maven: org.junit.jupiter:junit-jupiter-api:5.8.2">
+    <CLASSES>
+      <root url="jar://$USER_HOME$/.m2/repository/org/junit/jupiter/junit-jupiter-api/5.8.2/junit-jupiter-api-5.8.2.jar!/" />
+    </CLASSES>
+    <JAVADOC>
+      <root url="jar://$USER_HOME$/.m2/repository/org/junit/jupiter/junit-jupiter-api/5.8.2/junit-jupiter-api-5.8.2-javadoc.jar!/" />
+    </JAVADOC>
+    <SOURCES>
+      <root url="jar://$USER_HOME$/.m2/repository/org/junit/jupiter/junit-jupiter-api/5.8.2/junit-jupiter-api-5.8.2-sources.jar!/" />
+    </SOURCES>
+  </library>
+</component>
\ No newline at end of file
diff --git a/haobang-security-xdr/.idea/libraries/Maven__org_junit_jupiter_junit_jupiter_engine_5_8_2.xml b/haobang-security-xdr/.idea/libraries/Maven__org_junit_jupiter_junit_jupiter_engine_5_8_2.xml
new file mode 100644
index 0000000..aca8711
--- /dev/null
+++ b/haobang-security-xdr/.idea/libraries/Maven__org_junit_jupiter_junit_jupiter_engine_5_8_2.xml
@@ -0,0 +1,13 @@
+<component name="libraryTable">
+  <library name="Maven: org.junit.jupiter:junit-jupiter-engine:5.8.2">
+    <CLASSES>
+      <root url="jar://$USER_HOME$/.m2/repository/org/junit/jupiter/junit-jupiter-engine/5.8.2/junit-jupiter-engine-5.8.2.jar!/" />
+    </CLASSES>
+    <JAVADOC>
+      <root url="jar://$USER_HOME$/.m2/repository/org/junit/jupiter/junit-jupiter-engine/5.8.2/junit-jupiter-engine-5.8.2-javadoc.jar!/" />
+    </JAVADOC>
+    <SOURCES>
+      <root url="jar://$USER_HOME$/.m2/repository/org/junit/jupiter/junit-jupiter-engine/5.8.2/junit-jupiter-engine-5.8.2-sources.jar!/" />
+    </SOURCES>
+  </library>
+</component>
\ No newline at end of file
diff --git a/haobang-security-xdr/.idea/libraries/Maven__org_junit_jupiter_junit_jupiter_params_5_8_2.xml b/haobang-security-xdr/.idea/libraries/Maven__org_junit_jupiter_junit_jupiter_params_5_8_2.xml
new file mode 100644
index 0000000..8bae46e
--- /dev/null
+++ b/haobang-security-xdr/.idea/libraries/Maven__org_junit_jupiter_junit_jupiter_params_5_8_2.xml
@@ -0,0 +1,13 @@
+<component name="libraryTable">
+  <library name="Maven: org.junit.jupiter:junit-jupiter-params:5.8.2">
+    <CLASSES>
+      <root url="jar://$USER_HOME$/.m2/repository/org/junit/jupiter/junit-jupiter-params/5.8.2/junit-jupiter-params-5.8.2.jar!/" />
+    </CLASSES>
+    <JAVADOC>
+      <root url="jar://$USER_HOME$/.m2/repository/org/junit/jupiter/junit-jupiter-params/5.8.2/junit-jupiter-params-5.8.2-javadoc.jar!/" />
+    </JAVADOC>
+    <SOURCES>
+      <root url="jar://$USER_HOME$/.m2/repository/org/junit/jupiter/junit-jupiter-params/5.8.2/junit-jupiter-params-5.8.2-sources.jar!/" />
+    </SOURCES>
+  </library>
+</component>
\ No newline at end of file
diff --git a/haobang-security-xdr/.idea/libraries/Maven__org_junit_platform_junit_platform_commons_1_8_2.xml b/haobang-security-xdr/.idea/libraries/Maven__org_junit_platform_junit_platform_commons_1_8_2.xml
new file mode 100644
index 0000000..55fcebc
--- /dev/null
+++ b/haobang-security-xdr/.idea/libraries/Maven__org_junit_platform_junit_platform_commons_1_8_2.xml
@@ -0,0 +1,13 @@
+<component name="libraryTable">
+  <library name="Maven: org.junit.platform:junit-platform-commons:1.8.2">
+    <CLASSES>
+      <root url="jar://$USER_HOME$/.m2/repository/org/junit/platform/junit-platform-commons/1.8.2/junit-platform-commons-1.8.2.jar!/" />
+    </CLASSES>
+    <JAVADOC>
+      <root url="jar://$USER_HOME$/.m2/repository/org/junit/platform/junit-platform-commons/1.8.2/junit-platform-commons-1.8.2-javadoc.jar!/" />
+    </JAVADOC>
+    <SOURCES>
+      <root url="jar://$USER_HOME$/.m2/repository/org/junit/platform/junit-platform-commons/1.8.2/junit-platform-commons-1.8.2-sources.jar!/" />
+    </SOURCES>
+  </library>
+</component>
\ No newline at end of file
diff --git a/haobang-security-xdr/.idea/libraries/Maven__org_junit_platform_junit_platform_engine_1_8_2.xml b/haobang-security-xdr/.idea/libraries/Maven__org_junit_platform_junit_platform_engine_1_8_2.xml
new file mode 100644
index 0000000..4e40324
--- /dev/null
+++ b/haobang-security-xdr/.idea/libraries/Maven__org_junit_platform_junit_platform_engine_1_8_2.xml
@@ -0,0 +1,13 @@
+<component name="libraryTable">
+  <library name="Maven: org.junit.platform:junit-platform-engine:1.8.2">
+    <CLASSES>
+      <root url="jar://$USER_HOME$/.m2/repository/org/junit/platform/junit-platform-engine/1.8.2/junit-platform-engine-1.8.2.jar!/" />
+    </CLASSES>
+    <JAVADOC>
+      <root url="jar://$USER_HOME$/.m2/repository/org/junit/platform/junit-platform-engine/1.8.2/junit-platform-engine-1.8.2-javadoc.jar!/" />
+    </JAVADOC>
+    <SOURCES>
+      <root url="jar://$USER_HOME$/.m2/repository/org/junit/platform/junit-platform-engine/1.8.2/junit-platform-engine-1.8.2-sources.jar!/" />
+    </SOURCES>
+  </library>
+</component>
\ No newline at end of file
diff --git a/haobang-security-xdr/.idea/libraries/Maven__org_lz4_lz4_java_1_8_0.xml b/haobang-security-xdr/.idea/libraries/Maven__org_lz4_lz4_java_1_8_0.xml
new file mode 100644
index 0000000..f4f8b78
--- /dev/null
+++ b/haobang-security-xdr/.idea/libraries/Maven__org_lz4_lz4_java_1_8_0.xml
@@ -0,0 +1,13 @@
+<component name="libraryTable">
+  <library name="Maven: org.lz4:lz4-java:1.8.0">
+    <CLASSES>
+      <root url="jar://$USER_HOME$/.m2/repository/org/lz4/lz4-java/1.8.0/lz4-java-1.8.0.jar!/" />
+    </CLASSES>
+    <JAVADOC>
+      <root url="jar://$USER_HOME$/.m2/repository/org/lz4/lz4-java/1.8.0/lz4-java-1.8.0-javadoc.jar!/" />
+    </JAVADOC>
+    <SOURCES>
+      <root url="jar://$USER_HOME$/.m2/repository/org/lz4/lz4-java/1.8.0/lz4-java-1.8.0-sources.jar!/" />
+    </SOURCES>
+  </library>
+</component>
\ No newline at end of file
diff --git a/haobang-security-xdr/.idea/libraries/Maven__org_mockito_mockito_core_4_5_1.xml b/haobang-security-xdr/.idea/libraries/Maven__org_mockito_mockito_core_4_5_1.xml
new file mode 100644
index 0000000..0a26d3f
--- /dev/null
+++ b/haobang-security-xdr/.idea/libraries/Maven__org_mockito_mockito_core_4_5_1.xml
@@ -0,0 +1,13 @@
+<component name="libraryTable">
+  <library name="Maven: org.mockito:mockito-core:4.5.1">
+    <CLASSES>
+      <root url="jar://$USER_HOME$/.m2/repository/org/mockito/mockito-core/4.5.1/mockito-core-4.5.1.jar!/" />
+    </CLASSES>
+    <JAVADOC>
+      <root url="jar://$USER_HOME$/.m2/repository/org/mockito/mockito-core/4.5.1/mockito-core-4.5.1-javadoc.jar!/" />
+    </JAVADOC>
+    <SOURCES>
+      <root url="jar://$USER_HOME$/.m2/repository/org/mockito/mockito-core/4.5.1/mockito-core-4.5.1-sources.jar!/" />
+    </SOURCES>
+  </library>
+</component>
\ No newline at end of file
diff --git a/haobang-security-xdr/.idea/libraries/Maven__org_mockito_mockito_junit_jupiter_4_5_1.xml b/haobang-security-xdr/.idea/libraries/Maven__org_mockito_mockito_junit_jupiter_4_5_1.xml
new file mode 100644
index 0000000..e2b19f4
--- /dev/null
+++ b/haobang-security-xdr/.idea/libraries/Maven__org_mockito_mockito_junit_jupiter_4_5_1.xml
@@ -0,0 +1,13 @@
+<component name="libraryTable">
+  <library name="Maven: org.mockito:mockito-junit-jupiter:4.5.1">
+    <CLASSES>
+      <root url="jar://$USER_HOME$/.m2/repository/org/mockito/mockito-junit-jupiter/4.5.1/mockito-junit-jupiter-4.5.1.jar!/" />
+    </CLASSES>
+    <JAVADOC>
+      <root url="jar://$USER_HOME$/.m2/repository/org/mockito/mockito-junit-jupiter/4.5.1/mockito-junit-jupiter-4.5.1-javadoc.jar!/" />
+    </JAVADOC>
+    <SOURCES>
+      <root url="jar://$USER_HOME$/.m2/repository/org/mockito/mockito-junit-jupiter/4.5.1/mockito-junit-jupiter-4.5.1-sources.jar!/" />
+    </SOURCES>
+  </library>
+</component>
\ No newline at end of file
diff --git a/haobang-security-xdr/.idea/libraries/Maven__org_mybatis_mybatis_3_5_10.xml b/haobang-security-xdr/.idea/libraries/Maven__org_mybatis_mybatis_3_5_10.xml
new file mode 100644
index 0000000..c44215f
--- /dev/null
+++ b/haobang-security-xdr/.idea/libraries/Maven__org_mybatis_mybatis_3_5_10.xml
@@ -0,0 +1,13 @@
+<component name="libraryTable">
+  <library name="Maven: org.mybatis:mybatis:3.5.10">
+    <CLASSES>
+      <root url="jar://$USER_HOME$/.m2/repository/org/mybatis/mybatis/3.5.10/mybatis-3.5.10.jar!/" />
+    </CLASSES>
+    <JAVADOC>
+      <root url="jar://$USER_HOME$/.m2/repository/org/mybatis/mybatis/3.5.10/mybatis-3.5.10-javadoc.jar!/" />
+    </JAVADOC>
+    <SOURCES>
+      <root url="jar://$USER_HOME$/.m2/repository/org/mybatis/mybatis/3.5.10/mybatis-3.5.10-sources.jar!/" />
+    </SOURCES>
+  </library>
+</component>
\ No newline at end of file
diff --git a/haobang-security-xdr/.idea/libraries/Maven__org_mybatis_mybatis_spring_2_1_1.xml b/haobang-security-xdr/.idea/libraries/Maven__org_mybatis_mybatis_spring_2_1_1.xml
new file mode 100644
index 0000000..8b9c000
--- /dev/null
+++ b/haobang-security-xdr/.idea/libraries/Maven__org_mybatis_mybatis_spring_2_1_1.xml
@@ -0,0 +1,13 @@
+<component name="libraryTable">
+  <library name="Maven: org.mybatis:mybatis-spring:2.1.1">
+    <CLASSES>
+      <root url="jar://$USER_HOME$/.m2/repository/org/mybatis/mybatis-spring/2.1.1/mybatis-spring-2.1.1.jar!/" />
+    </CLASSES>
+    <JAVADOC>
+      <root url="jar://$USER_HOME$/.m2/repository/org/mybatis/mybatis-spring/2.1.1/mybatis-spring-2.1.1-javadoc.jar!/" />
+    </JAVADOC>
+    <SOURCES>
+      <root url="jar://$USER_HOME$/.m2/repository/org/mybatis/mybatis-spring/2.1.1/mybatis-spring-2.1.1-sources.jar!/" />
+    </SOURCES>
+  </library>
+</component>
\ No newline at end of file
diff --git a/haobang-security-xdr/.idea/libraries/Maven__org_mybatis_spring_boot_mybatis_spring_boot_autoconfigure_2_3_1.xml b/haobang-security-xdr/.idea/libraries/Maven__org_mybatis_spring_boot_mybatis_spring_boot_autoconfigure_2_3_1.xml
new file mode 100644
index 0000000..a032828
--- /dev/null
+++ b/haobang-security-xdr/.idea/libraries/Maven__org_mybatis_spring_boot_mybatis_spring_boot_autoconfigure_2_3_1.xml
@@ -0,0 +1,13 @@
+<component name="libraryTable">
+  <library name="Maven: org.mybatis.spring.boot:mybatis-spring-boot-autoconfigure:2.3.1">
+    <CLASSES>
+      <root url="jar://$USER_HOME$/.m2/repository/org/mybatis/spring/boot/mybatis-spring-boot-autoconfigure/2.3.1/mybatis-spring-boot-autoconfigure-2.3.1.jar!/" />
+    </CLASSES>
+    <JAVADOC>
+      <root url="jar://$USER_HOME$/.m2/repository/org/mybatis/spring/boot/mybatis-spring-boot-autoconfigure/2.3.1/mybatis-spring-boot-autoconfigure-2.3.1-javadoc.jar!/" />
+    </JAVADOC>
+    <SOURCES>
+      <root url="jar://$USER_HOME$/.m2/repository/org/mybatis/spring/boot/mybatis-spring-boot-autoconfigure/2.3.1/mybatis-spring-boot-autoconfigure-2.3.1-sources.jar!/" />
+    </SOURCES>
+  </library>
+</component>
\ No newline at end of file
diff --git a/haobang-security-xdr/.idea/libraries/Maven__org_mybatis_spring_boot_mybatis_spring_boot_starter_2_3_1.xml b/haobang-security-xdr/.idea/libraries/Maven__org_mybatis_spring_boot_mybatis_spring_boot_starter_2_3_1.xml
new file mode 100644
index 0000000..4781289
--- /dev/null
+++ b/haobang-security-xdr/.idea/libraries/Maven__org_mybatis_spring_boot_mybatis_spring_boot_starter_2_3_1.xml
@@ -0,0 +1,13 @@
+<component name="libraryTable">
+  <library name="Maven: org.mybatis.spring.boot:mybatis-spring-boot-starter:2.3.1">
+    <CLASSES>
+      <root url="jar://$USER_HOME$/.m2/repository/org/mybatis/spring/boot/mybatis-spring-boot-starter/2.3.1/mybatis-spring-boot-starter-2.3.1.jar!/" />
+    </CLASSES>
+    <JAVADOC>
+      <root url="jar://$USER_HOME$/.m2/repository/org/mybatis/spring/boot/mybatis-spring-boot-starter/2.3.1/mybatis-spring-boot-starter-2.3.1-javadoc.jar!/" />
+    </JAVADOC>
+    <SOURCES>
+      <root url="jar://$USER_HOME$/.m2/repository/org/mybatis/spring/boot/mybatis-spring-boot-starter/2.3.1/mybatis-spring-boot-starter-2.3.1-sources.jar!/" />
+    </SOURCES>
+  </library>
+</component>
\ No newline at end of file
diff --git a/haobang-security-xdr/.idea/libraries/Maven__org_objenesis_objenesis_3_2.xml b/haobang-security-xdr/.idea/libraries/Maven__org_objenesis_objenesis_3_2.xml
new file mode 100644
index 0000000..d106a5e
--- /dev/null
+++ b/haobang-security-xdr/.idea/libraries/Maven__org_objenesis_objenesis_3_2.xml
@@ -0,0 +1,13 @@
+<component name="libraryTable">
+  <library name="Maven: org.objenesis:objenesis:3.2">
+    <CLASSES>
+      <root url="jar://$USER_HOME$/.m2/repository/org/objenesis/objenesis/3.2/objenesis-3.2.jar!/" />
+    </CLASSES>
+    <JAVADOC>
+      <root url="jar://$USER_HOME$/.m2/repository/org/objenesis/objenesis/3.2/objenesis-3.2-javadoc.jar!/" />
+    </JAVADOC>
+    <SOURCES>
+      <root url="jar://$USER_HOME$/.m2/repository/org/objenesis/objenesis/3.2/objenesis-3.2-sources.jar!/" />
+    </SOURCES>
+  </library>
+</component>
\ No newline at end of file
diff --git a/haobang-security-xdr/.idea/libraries/Maven__org_opentest4j_opentest4j_1_2_0.xml b/haobang-security-xdr/.idea/libraries/Maven__org_opentest4j_opentest4j_1_2_0.xml
new file mode 100644
index 0000000..5b7d0e0
--- /dev/null
+++ b/haobang-security-xdr/.idea/libraries/Maven__org_opentest4j_opentest4j_1_2_0.xml
@@ -0,0 +1,13 @@
+<component name="libraryTable">
+  <library name="Maven: org.opentest4j:opentest4j:1.2.0">
+    <CLASSES>
+      <root url="jar://$USER_HOME$/.m2/repository/org/opentest4j/opentest4j/1.2.0/opentest4j-1.2.0.jar!/" />
+    </CLASSES>
+    <JAVADOC>
+      <root url="jar://$USER_HOME$/.m2/repository/org/opentest4j/opentest4j/1.2.0/opentest4j-1.2.0-javadoc.jar!/" />
+    </JAVADOC>
+    <SOURCES>
+      <root url="jar://$USER_HOME$/.m2/repository/org/opentest4j/opentest4j/1.2.0/opentest4j-1.2.0-sources.jar!/" />
+    </SOURCES>
+  </library>
+</component>
\ No newline at end of file
diff --git a/haobang-security-xdr/.idea/libraries/Maven__org_ow2_asm_asm_9_1.xml b/haobang-security-xdr/.idea/libraries/Maven__org_ow2_asm_asm_9_1.xml
new file mode 100644
index 0000000..2c5c126
--- /dev/null
+++ b/haobang-security-xdr/.idea/libraries/Maven__org_ow2_asm_asm_9_1.xml
@@ -0,0 +1,13 @@
+<component name="libraryTable">
+  <library name="Maven: org.ow2.asm:asm:9.1">
+    <CLASSES>
+      <root url="jar://$USER_HOME$/.m2/repository/org/ow2/asm/asm/9.1/asm-9.1.jar!/" />
+    </CLASSES>
+    <JAVADOC>
+      <root url="jar://$USER_HOME$/.m2/repository/org/ow2/asm/asm/9.1/asm-9.1-javadoc.jar!/" />
+    </JAVADOC>
+    <SOURCES>
+      <root url="jar://$USER_HOME$/.m2/repository/org/ow2/asm/asm/9.1/asm-9.1-sources.jar!/" />
+    </SOURCES>
+  </library>
+</component>
\ No newline at end of file
diff --git a/haobang-security-xdr/.idea/libraries/Maven__org_postgresql_postgresql_42_5_4.xml b/haobang-security-xdr/.idea/libraries/Maven__org_postgresql_postgresql_42_5_4.xml
new file mode 100644
index 0000000..0f68257
--- /dev/null
+++ b/haobang-security-xdr/.idea/libraries/Maven__org_postgresql_postgresql_42_5_4.xml
@@ -0,0 +1,13 @@
+<component name="libraryTable">
+  <library name="Maven: org.postgresql:postgresql:42.5.4">
+    <CLASSES>
+      <root url="jar://$USER_HOME$/.m2/repository/org/postgresql/postgresql/42.5.4/postgresql-42.5.4.jar!/" />
+    </CLASSES>
+    <JAVADOC>
+      <root url="jar://$USER_HOME$/.m2/repository/org/postgresql/postgresql/42.5.4/postgresql-42.5.4-javadoc.jar!/" />
+    </JAVADOC>
+    <SOURCES>
+      <root url="jar://$USER_HOME$/.m2/repository/org/postgresql/postgresql/42.5.4/postgresql-42.5.4-sources.jar!/" />
+    </SOURCES>
+  </library>
+</component>
\ No newline at end of file
diff --git a/haobang-security-xdr/.idea/libraries/Maven__org_projectlombok_lombok_1_18_24.xml b/haobang-security-xdr/.idea/libraries/Maven__org_projectlombok_lombok_1_18_24.xml
new file mode 100644
index 0000000..2abc348
--- /dev/null
+++ b/haobang-security-xdr/.idea/libraries/Maven__org_projectlombok_lombok_1_18_24.xml
@@ -0,0 +1,13 @@
+<component name="libraryTable">
+  <library name="Maven: org.projectlombok:lombok:1.18.24">
+    <CLASSES>
+      <root url="jar://$USER_HOME$/.m2/repository/org/projectlombok/lombok/1.18.24/lombok-1.18.24.jar!/" />
+    </CLASSES>
+    <JAVADOC>
+      <root url="jar://$USER_HOME$/.m2/repository/org/projectlombok/lombok/1.18.24/lombok-1.18.24-javadoc.jar!/" />
+    </JAVADOC>
+    <SOURCES>
+      <root url="jar://$USER_HOME$/.m2/repository/org/projectlombok/lombok/1.18.24/lombok-1.18.24-sources.jar!/" />
+    </SOURCES>
+  </library>
+</component>
\ No newline at end of file
diff --git a/haobang-security-xdr/.idea/libraries/Maven__org_quartz_scheduler_quartz_2_3_2.xml b/haobang-security-xdr/.idea/libraries/Maven__org_quartz_scheduler_quartz_2_3_2.xml
new file mode 100644
index 0000000..3c19b44
--- /dev/null
+++ b/haobang-security-xdr/.idea/libraries/Maven__org_quartz_scheduler_quartz_2_3_2.xml
@@ -0,0 +1,13 @@
+<component name="libraryTable">
+  <library name="Maven: org.quartz-scheduler:quartz:2.3.2">
+    <CLASSES>
+      <root url="jar://$USER_HOME$/.m2/repository/org/quartz-scheduler/quartz/2.3.2/quartz-2.3.2.jar!/" />
+    </CLASSES>
+    <JAVADOC>
+      <root url="jar://$USER_HOME$/.m2/repository/org/quartz-scheduler/quartz/2.3.2/quartz-2.3.2-javadoc.jar!/" />
+    </JAVADOC>
+    <SOURCES>
+      <root url="jar://$USER_HOME$/.m2/repository/org/quartz-scheduler/quartz/2.3.2/quartz-2.3.2-sources.jar!/" />
+    </SOURCES>
+  </library>
+</component>
\ No newline at end of file
diff --git a/haobang-security-xdr/.idea/libraries/Maven__org_reactivestreams_reactive_streams_1_0_4.xml b/haobang-security-xdr/.idea/libraries/Maven__org_reactivestreams_reactive_streams_1_0_4.xml
new file mode 100644
index 0000000..29b7a65
--- /dev/null
+++ b/haobang-security-xdr/.idea/libraries/Maven__org_reactivestreams_reactive_streams_1_0_4.xml
@@ -0,0 +1,13 @@
+<component name="libraryTable">
+  <library name="Maven: org.reactivestreams:reactive-streams:1.0.4">
+    <CLASSES>
+      <root url="jar://$USER_HOME$/.m2/repository/org/reactivestreams/reactive-streams/1.0.4/reactive-streams-1.0.4.jar!/" />
+    </CLASSES>
+    <JAVADOC>
+      <root url="jar://$USER_HOME$/.m2/repository/org/reactivestreams/reactive-streams/1.0.4/reactive-streams-1.0.4-javadoc.jar!/" />
+    </JAVADOC>
+    <SOURCES>
+      <root url="jar://$USER_HOME$/.m2/repository/org/reactivestreams/reactive-streams/1.0.4/reactive-streams-1.0.4-sources.jar!/" />
+    </SOURCES>
+  </library>
+</component>
\ No newline at end of file
diff --git a/haobang-security-xdr/.idea/libraries/Maven__org_skyscreamer_jsonassert_1_5_1.xml b/haobang-security-xdr/.idea/libraries/Maven__org_skyscreamer_jsonassert_1_5_1.xml
new file mode 100644
index 0000000..73d721f
--- /dev/null
+++ b/haobang-security-xdr/.idea/libraries/Maven__org_skyscreamer_jsonassert_1_5_1.xml
@@ -0,0 +1,13 @@
+<component name="libraryTable">
+  <library name="Maven: org.skyscreamer:jsonassert:1.5.1">
+    <CLASSES>
+      <root url="jar://$USER_HOME$/.m2/repository/org/skyscreamer/jsonassert/1.5.1/jsonassert-1.5.1.jar!/" />
+    </CLASSES>
+    <JAVADOC>
+      <root url="jar://$USER_HOME$/.m2/repository/org/skyscreamer/jsonassert/1.5.1/jsonassert-1.5.1-javadoc.jar!/" />
+    </JAVADOC>
+    <SOURCES>
+      <root url="jar://$USER_HOME$/.m2/repository/org/skyscreamer/jsonassert/1.5.1/jsonassert-1.5.1-sources.jar!/" />
+    </SOURCES>
+  </library>
+</component>
\ No newline at end of file
diff --git a/haobang-security-xdr/.idea/libraries/Maven__org_slf4j_jul_to_slf4j_1_7_36.xml b/haobang-security-xdr/.idea/libraries/Maven__org_slf4j_jul_to_slf4j_1_7_36.xml
new file mode 100644
index 0000000..7dee608
--- /dev/null
+++ b/haobang-security-xdr/.idea/libraries/Maven__org_slf4j_jul_to_slf4j_1_7_36.xml
@@ -0,0 +1,13 @@
+<component name="libraryTable">
+  <library name="Maven: org.slf4j:jul-to-slf4j:1.7.36">
+    <CLASSES>
+      <root url="jar://$USER_HOME$/.m2/repository/org/slf4j/jul-to-slf4j/1.7.36/jul-to-slf4j-1.7.36.jar!/" />
+    </CLASSES>
+    <JAVADOC>
+      <root url="jar://$USER_HOME$/.m2/repository/org/slf4j/jul-to-slf4j/1.7.36/jul-to-slf4j-1.7.36-javadoc.jar!/" />
+    </JAVADOC>
+    <SOURCES>
+      <root url="jar://$USER_HOME$/.m2/repository/org/slf4j/jul-to-slf4j/1.7.36/jul-to-slf4j-1.7.36-sources.jar!/" />
+    </SOURCES>
+  </library>
+</component>
\ No newline at end of file
diff --git a/haobang-security-xdr/.idea/libraries/Maven__org_slf4j_slf4j_api_1_7_36.xml b/haobang-security-xdr/.idea/libraries/Maven__org_slf4j_slf4j_api_1_7_36.xml
new file mode 100644
index 0000000..d60f6ed
--- /dev/null
+++ b/haobang-security-xdr/.idea/libraries/Maven__org_slf4j_slf4j_api_1_7_36.xml
@@ -0,0 +1,13 @@
+<component name="libraryTable">
+  <library name="Maven: org.slf4j:slf4j-api:1.7.36">
+    <CLASSES>
+      <root url="jar://$USER_HOME$/.m2/repository/org/slf4j/slf4j-api/1.7.36/slf4j-api-1.7.36.jar!/" />
+    </CLASSES>
+    <JAVADOC>
+      <root url="jar://$USER_HOME$/.m2/repository/org/slf4j/slf4j-api/1.7.36/slf4j-api-1.7.36-javadoc.jar!/" />
+    </JAVADOC>
+    <SOURCES>
+      <root url="jar://$USER_HOME$/.m2/repository/org/slf4j/slf4j-api/1.7.36/slf4j-api-1.7.36-sources.jar!/" />
+    </SOURCES>
+  </library>
+</component>
\ No newline at end of file
diff --git a/haobang-security-xdr/.idea/libraries/Maven__org_slf4j_slf4j_simple_2_0_7.xml b/haobang-security-xdr/.idea/libraries/Maven__org_slf4j_slf4j_simple_2_0_7.xml
new file mode 100644
index 0000000..95803a3
--- /dev/null
+++ b/haobang-security-xdr/.idea/libraries/Maven__org_slf4j_slf4j_simple_2_0_7.xml
@@ -0,0 +1,13 @@
+<component name="libraryTable">
+  <library name="Maven: org.slf4j:slf4j-simple:2.0.7">
+    <CLASSES>
+      <root url="jar://$USER_HOME$/.m2/repository/org/slf4j/slf4j-simple/2.0.7/slf4j-simple-2.0.7.jar!/" />
+    </CLASSES>
+    <JAVADOC>
+      <root url="jar://$USER_HOME$/.m2/repository/org/slf4j/slf4j-simple/2.0.7/slf4j-simple-2.0.7-javadoc.jar!/" />
+    </JAVADOC>
+    <SOURCES>
+      <root url="jar://$USER_HOME$/.m2/repository/org/slf4j/slf4j-simple/2.0.7/slf4j-simple-2.0.7-sources.jar!/" />
+    </SOURCES>
+  </library>
+</component>
\ No newline at end of file
diff --git a/haobang-security-xdr/.idea/libraries/Maven__org_springframework_boot_spring_boot_2_7_4.xml b/haobang-security-xdr/.idea/libraries/Maven__org_springframework_boot_spring_boot_2_7_4.xml
new file mode 100644
index 0000000..e412c08
--- /dev/null
+++ b/haobang-security-xdr/.idea/libraries/Maven__org_springframework_boot_spring_boot_2_7_4.xml
@@ -0,0 +1,13 @@
+<component name="libraryTable">
+  <library name="Maven: org.springframework.boot:spring-boot:2.7.4">
+    <CLASSES>
+      <root url="jar://$USER_HOME$/.m2/repository/org/springframework/boot/spring-boot/2.7.4/spring-boot-2.7.4.jar!/" />
+    </CLASSES>
+    <JAVADOC>
+      <root url="jar://$USER_HOME$/.m2/repository/org/springframework/boot/spring-boot/2.7.4/spring-boot-2.7.4-javadoc.jar!/" />
+    </JAVADOC>
+    <SOURCES>
+      <root url="jar://$USER_HOME$/.m2/repository/org/springframework/boot/spring-boot/2.7.4/spring-boot-2.7.4-sources.jar!/" />
+    </SOURCES>
+  </library>
+</component>
\ No newline at end of file
diff --git a/haobang-security-xdr/.idea/libraries/Maven__org_springframework_boot_spring_boot_autoconfigure_2_7_4.xml b/haobang-security-xdr/.idea/libraries/Maven__org_springframework_boot_spring_boot_autoconfigure_2_7_4.xml
new file mode 100644
index 0000000..89b3b0c
--- /dev/null
+++ b/haobang-security-xdr/.idea/libraries/Maven__org_springframework_boot_spring_boot_autoconfigure_2_7_4.xml
@@ -0,0 +1,13 @@
+<component name="libraryTable">
+  <library name="Maven: org.springframework.boot:spring-boot-autoconfigure:2.7.4">
+    <CLASSES>
+      <root url="jar://$USER_HOME$/.m2/repository/org/springframework/boot/spring-boot-autoconfigure/2.7.4/spring-boot-autoconfigure-2.7.4.jar!/" />
+    </CLASSES>
+    <JAVADOC>
+      <root url="jar://$USER_HOME$/.m2/repository/org/springframework/boot/spring-boot-autoconfigure/2.7.4/spring-boot-autoconfigure-2.7.4-javadoc.jar!/" />
+    </JAVADOC>
+    <SOURCES>
+      <root url="jar://$USER_HOME$/.m2/repository/org/springframework/boot/spring-boot-autoconfigure/2.7.4/spring-boot-autoconfigure-2.7.4-sources.jar!/" />
+    </SOURCES>
+  </library>
+</component>
\ No newline at end of file
diff --git a/haobang-security-xdr/.idea/libraries/Maven__org_springframework_boot_spring_boot_starter_2_7_4.xml b/haobang-security-xdr/.idea/libraries/Maven__org_springframework_boot_spring_boot_starter_2_7_4.xml
new file mode 100644
index 0000000..0b3a9df
--- /dev/null
+++ b/haobang-security-xdr/.idea/libraries/Maven__org_springframework_boot_spring_boot_starter_2_7_4.xml
@@ -0,0 +1,13 @@
+<component name="libraryTable">
+  <library name="Maven: org.springframework.boot:spring-boot-starter:2.7.4">
+    <CLASSES>
+      <root url="jar://$USER_HOME$/.m2/repository/org/springframework/boot/spring-boot-starter/2.7.4/spring-boot-starter-2.7.4.jar!/" />
+    </CLASSES>
+    <JAVADOC>
+      <root url="jar://$USER_HOME$/.m2/repository/org/springframework/boot/spring-boot-starter/2.7.4/spring-boot-starter-2.7.4-javadoc.jar!/" />
+    </JAVADOC>
+    <SOURCES>
+      <root url="jar://$USER_HOME$/.m2/repository/org/springframework/boot/spring-boot-starter/2.7.4/spring-boot-starter-2.7.4-sources.jar!/" />
+    </SOURCES>
+  </library>
+</component>
\ No newline at end of file
diff --git a/haobang-security-xdr/.idea/libraries/Maven__org_springframework_boot_spring_boot_starter_cache_2_7_4.xml b/haobang-security-xdr/.idea/libraries/Maven__org_springframework_boot_spring_boot_starter_cache_2_7_4.xml
new file mode 100644
index 0000000..9d1e053
--- /dev/null
+++ b/haobang-security-xdr/.idea/libraries/Maven__org_springframework_boot_spring_boot_starter_cache_2_7_4.xml
@@ -0,0 +1,13 @@
+<component name="libraryTable">
+  <library name="Maven: org.springframework.boot:spring-boot-starter-cache:2.7.4">
+    <CLASSES>
+      <root url="jar://$USER_HOME$/.m2/repository/org/springframework/boot/spring-boot-starter-cache/2.7.4/spring-boot-starter-cache-2.7.4.jar!/" />
+    </CLASSES>
+    <JAVADOC>
+      <root url="jar://$USER_HOME$/.m2/repository/org/springframework/boot/spring-boot-starter-cache/2.7.4/spring-boot-starter-cache-2.7.4-javadoc.jar!/" />
+    </JAVADOC>
+    <SOURCES>
+      <root url="jar://$USER_HOME$/.m2/repository/org/springframework/boot/spring-boot-starter-cache/2.7.4/spring-boot-starter-cache-2.7.4-sources.jar!/" />
+    </SOURCES>
+  </library>
+</component>
\ No newline at end of file
diff --git a/haobang-security-xdr/.idea/libraries/Maven__org_springframework_boot_spring_boot_starter_data_elasticsearch_2_7_4.xml b/haobang-security-xdr/.idea/libraries/Maven__org_springframework_boot_spring_boot_starter_data_elasticsearch_2_7_4.xml
new file mode 100644
index 0000000..016e938
--- /dev/null
+++ b/haobang-security-xdr/.idea/libraries/Maven__org_springframework_boot_spring_boot_starter_data_elasticsearch_2_7_4.xml
@@ -0,0 +1,13 @@
+<component name="libraryTable">
+  <library name="Maven: org.springframework.boot:spring-boot-starter-data-elasticsearch:2.7.4">
+    <CLASSES>
+      <root url="jar://$USER_HOME$/.m2/repository/org/springframework/boot/spring-boot-starter-data-elasticsearch/2.7.4/spring-boot-starter-data-elasticsearch-2.7.4.jar!/" />
+    </CLASSES>
+    <JAVADOC>
+      <root url="jar://$USER_HOME$/.m2/repository/org/springframework/boot/spring-boot-starter-data-elasticsearch/2.7.4/spring-boot-starter-data-elasticsearch-2.7.4-javadoc.jar!/" />
+    </JAVADOC>
+    <SOURCES>
+      <root url="jar://$USER_HOME$/.m2/repository/org/springframework/boot/spring-boot-starter-data-elasticsearch/2.7.4/spring-boot-starter-data-elasticsearch-2.7.4-sources.jar!/" />
+    </SOURCES>
+  </library>
+</component>
\ No newline at end of file
diff --git a/haobang-security-xdr/.idea/libraries/Maven__org_springframework_boot_spring_boot_starter_data_redis_2_7_4.xml b/haobang-security-xdr/.idea/libraries/Maven__org_springframework_boot_spring_boot_starter_data_redis_2_7_4.xml
new file mode 100644
index 0000000..719af21
--- /dev/null
+++ b/haobang-security-xdr/.idea/libraries/Maven__org_springframework_boot_spring_boot_starter_data_redis_2_7_4.xml
@@ -0,0 +1,13 @@
+<component name="libraryTable">
+  <library name="Maven: org.springframework.boot:spring-boot-starter-data-redis:2.7.4">
+    <CLASSES>
+      <root url="jar://$USER_HOME$/.m2/repository/org/springframework/boot/spring-boot-starter-data-redis/2.7.4/spring-boot-starter-data-redis-2.7.4.jar!/" />
+    </CLASSES>
+    <JAVADOC>
+      <root url="jar://$USER_HOME$/.m2/repository/org/springframework/boot/spring-boot-starter-data-redis/2.7.4/spring-boot-starter-data-redis-2.7.4-javadoc.jar!/" />
+    </JAVADOC>
+    <SOURCES>
+      <root url="jar://$USER_HOME$/.m2/repository/org/springframework/boot/spring-boot-starter-data-redis/2.7.4/spring-boot-starter-data-redis-2.7.4-sources.jar!/" />
+    </SOURCES>
+  </library>
+</component>
\ No newline at end of file
diff --git a/haobang-security-xdr/.idea/libraries/Maven__org_springframework_boot_spring_boot_starter_jdbc_2_7_4.xml b/haobang-security-xdr/.idea/libraries/Maven__org_springframework_boot_spring_boot_starter_jdbc_2_7_4.xml
new file mode 100644
index 0000000..e8ce49c
--- /dev/null
+++ b/haobang-security-xdr/.idea/libraries/Maven__org_springframework_boot_spring_boot_starter_jdbc_2_7_4.xml
@@ -0,0 +1,13 @@
+<component name="libraryTable">
+  <library name="Maven: org.springframework.boot:spring-boot-starter-jdbc:2.7.4">
+    <CLASSES>
+      <root url="jar://$USER_HOME$/.m2/repository/org/springframework/boot/spring-boot-starter-jdbc/2.7.4/spring-boot-starter-jdbc-2.7.4.jar!/" />
+    </CLASSES>
+    <JAVADOC>
+      <root url="jar://$USER_HOME$/.m2/repository/org/springframework/boot/spring-boot-starter-jdbc/2.7.4/spring-boot-starter-jdbc-2.7.4-javadoc.jar!/" />
+    </JAVADOC>
+    <SOURCES>
+      <root url="jar://$USER_HOME$/.m2/repository/org/springframework/boot/spring-boot-starter-jdbc/2.7.4/spring-boot-starter-jdbc-2.7.4-sources.jar!/" />
+    </SOURCES>
+  </library>
+</component>
\ No newline at end of file
diff --git a/haobang-security-xdr/.idea/libraries/Maven__org_springframework_boot_spring_boot_starter_json_2_7_4.xml b/haobang-security-xdr/.idea/libraries/Maven__org_springframework_boot_spring_boot_starter_json_2_7_4.xml
new file mode 100644
index 0000000..cdc0851
--- /dev/null
+++ b/haobang-security-xdr/.idea/libraries/Maven__org_springframework_boot_spring_boot_starter_json_2_7_4.xml
@@ -0,0 +1,13 @@
+<component name="libraryTable">
+  <library name="Maven: org.springframework.boot:spring-boot-starter-json:2.7.4">
+    <CLASSES>
+      <root url="jar://$USER_HOME$/.m2/repository/org/springframework/boot/spring-boot-starter-json/2.7.4/spring-boot-starter-json-2.7.4.jar!/" />
+    </CLASSES>
+    <JAVADOC>
+      <root url="jar://$USER_HOME$/.m2/repository/org/springframework/boot/spring-boot-starter-json/2.7.4/spring-boot-starter-json-2.7.4-javadoc.jar!/" />
+    </JAVADOC>
+    <SOURCES>
+      <root url="jar://$USER_HOME$/.m2/repository/org/springframework/boot/spring-boot-starter-json/2.7.4/spring-boot-starter-json-2.7.4-sources.jar!/" />
+    </SOURCES>
+  </library>
+</component>
\ No newline at end of file
diff --git a/haobang-security-xdr/.idea/libraries/Maven__org_springframework_boot_spring_boot_starter_logging_2_7_4.xml b/haobang-security-xdr/.idea/libraries/Maven__org_springframework_boot_spring_boot_starter_logging_2_7_4.xml
new file mode 100644
index 0000000..2674cdf
--- /dev/null
+++ b/haobang-security-xdr/.idea/libraries/Maven__org_springframework_boot_spring_boot_starter_logging_2_7_4.xml
@@ -0,0 +1,13 @@
+<component name="libraryTable">
+  <library name="Maven: org.springframework.boot:spring-boot-starter-logging:2.7.4">
+    <CLASSES>
+      <root url="jar://$USER_HOME$/.m2/repository/org/springframework/boot/spring-boot-starter-logging/2.7.4/spring-boot-starter-logging-2.7.4.jar!/" />
+    </CLASSES>
+    <JAVADOC>
+      <root url="jar://$USER_HOME$/.m2/repository/org/springframework/boot/spring-boot-starter-logging/2.7.4/spring-boot-starter-logging-2.7.4-javadoc.jar!/" />
+    </JAVADOC>
+    <SOURCES>
+      <root url="jar://$USER_HOME$/.m2/repository/org/springframework/boot/spring-boot-starter-logging/2.7.4/spring-boot-starter-logging-2.7.4-sources.jar!/" />
+    </SOURCES>
+  </library>
+</component>
\ No newline at end of file
diff --git a/haobang-security-xdr/.idea/libraries/Maven__org_springframework_boot_spring_boot_starter_quartz_2_7_4.xml b/haobang-security-xdr/.idea/libraries/Maven__org_springframework_boot_spring_boot_starter_quartz_2_7_4.xml
new file mode 100644
index 0000000..d53377f
--- /dev/null
+++ b/haobang-security-xdr/.idea/libraries/Maven__org_springframework_boot_spring_boot_starter_quartz_2_7_4.xml
@@ -0,0 +1,13 @@
+<component name="libraryTable">
+  <library name="Maven: org.springframework.boot:spring-boot-starter-quartz:2.7.4">
+    <CLASSES>
+      <root url="jar://$USER_HOME$/.m2/repository/org/springframework/boot/spring-boot-starter-quartz/2.7.4/spring-boot-starter-quartz-2.7.4.jar!/" />
+    </CLASSES>
+    <JAVADOC>
+      <root url="jar://$USER_HOME$/.m2/repository/org/springframework/boot/spring-boot-starter-quartz/2.7.4/spring-boot-starter-quartz-2.7.4-javadoc.jar!/" />
+    </JAVADOC>
+    <SOURCES>
+      <root url="jar://$USER_HOME$/.m2/repository/org/springframework/boot/spring-boot-starter-quartz/2.7.4/spring-boot-starter-quartz-2.7.4-sources.jar!/" />
+    </SOURCES>
+  </library>
+</component>
\ No newline at end of file
diff --git a/haobang-security-xdr/.idea/libraries/Maven__org_springframework_boot_spring_boot_starter_test_2_7_4.xml b/haobang-security-xdr/.idea/libraries/Maven__org_springframework_boot_spring_boot_starter_test_2_7_4.xml
new file mode 100644
index 0000000..b165b2f
--- /dev/null
+++ b/haobang-security-xdr/.idea/libraries/Maven__org_springframework_boot_spring_boot_starter_test_2_7_4.xml
@@ -0,0 +1,13 @@
+<component name="libraryTable">
+  <library name="Maven: org.springframework.boot:spring-boot-starter-test:2.7.4">
+    <CLASSES>
+      <root url="jar://$USER_HOME$/.m2/repository/org/springframework/boot/spring-boot-starter-test/2.7.4/spring-boot-starter-test-2.7.4.jar!/" />
+    </CLASSES>
+    <JAVADOC>
+      <root url="jar://$USER_HOME$/.m2/repository/org/springframework/boot/spring-boot-starter-test/2.7.4/spring-boot-starter-test-2.7.4-javadoc.jar!/" />
+    </JAVADOC>
+    <SOURCES>
+      <root url="jar://$USER_HOME$/.m2/repository/org/springframework/boot/spring-boot-starter-test/2.7.4/spring-boot-starter-test-2.7.4-sources.jar!/" />
+    </SOURCES>
+  </library>
+</component>
\ No newline at end of file
diff --git a/haobang-security-xdr/.idea/libraries/Maven__org_springframework_boot_spring_boot_starter_tomcat_2_7_4.xml b/haobang-security-xdr/.idea/libraries/Maven__org_springframework_boot_spring_boot_starter_tomcat_2_7_4.xml
new file mode 100644
index 0000000..30a806d
--- /dev/null
+++ b/haobang-security-xdr/.idea/libraries/Maven__org_springframework_boot_spring_boot_starter_tomcat_2_7_4.xml
@@ -0,0 +1,13 @@
+<component name="libraryTable">
+  <library name="Maven: org.springframework.boot:spring-boot-starter-tomcat:2.7.4">
+    <CLASSES>
+      <root url="jar://$USER_HOME$/.m2/repository/org/springframework/boot/spring-boot-starter-tomcat/2.7.4/spring-boot-starter-tomcat-2.7.4.jar!/" />
+    </CLASSES>
+    <JAVADOC>
+      <root url="jar://$USER_HOME$/.m2/repository/org/springframework/boot/spring-boot-starter-tomcat/2.7.4/spring-boot-starter-tomcat-2.7.4-javadoc.jar!/" />
+    </JAVADOC>
+    <SOURCES>
+      <root url="jar://$USER_HOME$/.m2/repository/org/springframework/boot/spring-boot-starter-tomcat/2.7.4/spring-boot-starter-tomcat-2.7.4-sources.jar!/" />
+    </SOURCES>
+  </library>
+</component>
\ No newline at end of file
diff --git a/haobang-security-xdr/.idea/libraries/Maven__org_springframework_boot_spring_boot_starter_validation_2_7_4.xml b/haobang-security-xdr/.idea/libraries/Maven__org_springframework_boot_spring_boot_starter_validation_2_7_4.xml
new file mode 100644
index 0000000..9574e07
--- /dev/null
+++ b/haobang-security-xdr/.idea/libraries/Maven__org_springframework_boot_spring_boot_starter_validation_2_7_4.xml
@@ -0,0 +1,13 @@
+<component name="libraryTable">
+  <library name="Maven: org.springframework.boot:spring-boot-starter-validation:2.7.4">
+    <CLASSES>
+      <root url="jar://$USER_HOME$/.m2/repository/org/springframework/boot/spring-boot-starter-validation/2.7.4/spring-boot-starter-validation-2.7.4.jar!/" />
+    </CLASSES>
+    <JAVADOC>
+      <root url="jar://$USER_HOME$/.m2/repository/org/springframework/boot/spring-boot-starter-validation/2.7.4/spring-boot-starter-validation-2.7.4-javadoc.jar!/" />
+    </JAVADOC>
+    <SOURCES>
+      <root url="jar://$USER_HOME$/.m2/repository/org/springframework/boot/spring-boot-starter-validation/2.7.4/spring-boot-starter-validation-2.7.4-sources.jar!/" />
+    </SOURCES>
+  </library>
+</component>
\ No newline at end of file
diff --git a/haobang-security-xdr/.idea/libraries/Maven__org_springframework_boot_spring_boot_starter_web_2_7_4.xml b/haobang-security-xdr/.idea/libraries/Maven__org_springframework_boot_spring_boot_starter_web_2_7_4.xml
new file mode 100644
index 0000000..1ae1b67
--- /dev/null
+++ b/haobang-security-xdr/.idea/libraries/Maven__org_springframework_boot_spring_boot_starter_web_2_7_4.xml
@@ -0,0 +1,13 @@
+<component name="libraryTable">
+  <library name="Maven: org.springframework.boot:spring-boot-starter-web:2.7.4">
+    <CLASSES>
+      <root url="jar://$USER_HOME$/.m2/repository/org/springframework/boot/spring-boot-starter-web/2.7.4/spring-boot-starter-web-2.7.4.jar!/" />
+    </CLASSES>
+    <JAVADOC>
+      <root url="jar://$USER_HOME$/.m2/repository/org/springframework/boot/spring-boot-starter-web/2.7.4/spring-boot-starter-web-2.7.4-javadoc.jar!/" />
+    </JAVADOC>
+    <SOURCES>
+      <root url="jar://$USER_HOME$/.m2/repository/org/springframework/boot/spring-boot-starter-web/2.7.4/spring-boot-starter-web-2.7.4-sources.jar!/" />
+    </SOURCES>
+  </library>
+</component>
\ No newline at end of file
diff --git a/haobang-security-xdr/.idea/libraries/Maven__org_springframework_boot_spring_boot_test_2_7_4.xml b/haobang-security-xdr/.idea/libraries/Maven__org_springframework_boot_spring_boot_test_2_7_4.xml
new file mode 100644
index 0000000..ecffc1d
--- /dev/null
+++ b/haobang-security-xdr/.idea/libraries/Maven__org_springframework_boot_spring_boot_test_2_7_4.xml
@@ -0,0 +1,13 @@
+<component name="libraryTable">
+  <library name="Maven: org.springframework.boot:spring-boot-test:2.7.4">
+    <CLASSES>
+      <root url="jar://$USER_HOME$/.m2/repository/org/springframework/boot/spring-boot-test/2.7.4/spring-boot-test-2.7.4.jar!/" />
+    </CLASSES>
+    <JAVADOC>
+      <root url="jar://$USER_HOME$/.m2/repository/org/springframework/boot/spring-boot-test/2.7.4/spring-boot-test-2.7.4-javadoc.jar!/" />
+    </JAVADOC>
+    <SOURCES>
+      <root url="jar://$USER_HOME$/.m2/repository/org/springframework/boot/spring-boot-test/2.7.4/spring-boot-test-2.7.4-sources.jar!/" />
+    </SOURCES>
+  </library>
+</component>
\ No newline at end of file
diff --git a/haobang-security-xdr/.idea/libraries/Maven__org_springframework_boot_spring_boot_test_autoconfigure_2_7_4.xml b/haobang-security-xdr/.idea/libraries/Maven__org_springframework_boot_spring_boot_test_autoconfigure_2_7_4.xml
new file mode 100644
index 0000000..24e96e5
--- /dev/null
+++ b/haobang-security-xdr/.idea/libraries/Maven__org_springframework_boot_spring_boot_test_autoconfigure_2_7_4.xml
@@ -0,0 +1,13 @@
+<component name="libraryTable">
+  <library name="Maven: org.springframework.boot:spring-boot-test-autoconfigure:2.7.4">
+    <CLASSES>
+      <root url="jar://$USER_HOME$/.m2/repository/org/springframework/boot/spring-boot-test-autoconfigure/2.7.4/spring-boot-test-autoconfigure-2.7.4.jar!/" />
+    </CLASSES>
+    <JAVADOC>
+      <root url="jar://$USER_HOME$/.m2/repository/org/springframework/boot/spring-boot-test-autoconfigure/2.7.4/spring-boot-test-autoconfigure-2.7.4-javadoc.jar!/" />
+    </JAVADOC>
+    <SOURCES>
+      <root url="jar://$USER_HOME$/.m2/repository/org/springframework/boot/spring-boot-test-autoconfigure/2.7.4/spring-boot-test-autoconfigure-2.7.4-sources.jar!/" />
+    </SOURCES>
+  </library>
+</component>
\ No newline at end of file
diff --git a/haobang-security-xdr/.idea/libraries/Maven__org_springframework_data_spring_data_commons_2_7_3.xml b/haobang-security-xdr/.idea/libraries/Maven__org_springframework_data_spring_data_commons_2_7_3.xml
new file mode 100644
index 0000000..4de9886
--- /dev/null
+++ b/haobang-security-xdr/.idea/libraries/Maven__org_springframework_data_spring_data_commons_2_7_3.xml
@@ -0,0 +1,13 @@
+<component name="libraryTable">
+  <library name="Maven: org.springframework.data:spring-data-commons:2.7.3">
+    <CLASSES>
+      <root url="jar://$USER_HOME$/.m2/repository/org/springframework/data/spring-data-commons/2.7.3/spring-data-commons-2.7.3.jar!/" />
+    </CLASSES>
+    <JAVADOC>
+      <root url="jar://$USER_HOME$/.m2/repository/org/springframework/data/spring-data-commons/2.7.3/spring-data-commons-2.7.3-javadoc.jar!/" />
+    </JAVADOC>
+    <SOURCES>
+      <root url="jar://$USER_HOME$/.m2/repository/org/springframework/data/spring-data-commons/2.7.3/spring-data-commons-2.7.3-sources.jar!/" />
+    </SOURCES>
+  </library>
+</component>
\ No newline at end of file
diff --git a/haobang-security-xdr/.idea/libraries/Maven__org_springframework_data_spring_data_elasticsearch_4_4_3.xml b/haobang-security-xdr/.idea/libraries/Maven__org_springframework_data_spring_data_elasticsearch_4_4_3.xml
new file mode 100644
index 0000000..b1f9e4d
--- /dev/null
+++ b/haobang-security-xdr/.idea/libraries/Maven__org_springframework_data_spring_data_elasticsearch_4_4_3.xml
@@ -0,0 +1,13 @@
+<component name="libraryTable">
+  <library name="Maven: org.springframework.data:spring-data-elasticsearch:4.4.3">
+    <CLASSES>
+      <root url="jar://$USER_HOME$/.m2/repository/org/springframework/data/spring-data-elasticsearch/4.4.3/spring-data-elasticsearch-4.4.3.jar!/" />
+    </CLASSES>
+    <JAVADOC>
+      <root url="jar://$USER_HOME$/.m2/repository/org/springframework/data/spring-data-elasticsearch/4.4.3/spring-data-elasticsearch-4.4.3-javadoc.jar!/" />
+    </JAVADOC>
+    <SOURCES>
+      <root url="jar://$USER_HOME$/.m2/repository/org/springframework/data/spring-data-elasticsearch/4.4.3/spring-data-elasticsearch-4.4.3-sources.jar!/" />
+    </SOURCES>
+  </library>
+</component>
\ No newline at end of file
diff --git a/haobang-security-xdr/.idea/libraries/Maven__org_springframework_data_spring_data_keyvalue_2_7_3.xml b/haobang-security-xdr/.idea/libraries/Maven__org_springframework_data_spring_data_keyvalue_2_7_3.xml
new file mode 100644
index 0000000..d512c1b
--- /dev/null
+++ b/haobang-security-xdr/.idea/libraries/Maven__org_springframework_data_spring_data_keyvalue_2_7_3.xml
@@ -0,0 +1,13 @@
+<component name="libraryTable">
+  <library name="Maven: org.springframework.data:spring-data-keyvalue:2.7.3">
+    <CLASSES>
+      <root url="jar://$USER_HOME$/.m2/repository/org/springframework/data/spring-data-keyvalue/2.7.3/spring-data-keyvalue-2.7.3.jar!/" />
+    </CLASSES>
+    <JAVADOC>
+      <root url="jar://$USER_HOME$/.m2/repository/org/springframework/data/spring-data-keyvalue/2.7.3/spring-data-keyvalue-2.7.3-javadoc.jar!/" />
+    </JAVADOC>
+    <SOURCES>
+      <root url="jar://$USER_HOME$/.m2/repository/org/springframework/data/spring-data-keyvalue/2.7.3/spring-data-keyvalue-2.7.3-sources.jar!/" />
+    </SOURCES>
+  </library>
+</component>
\ No newline at end of file
diff --git a/haobang-security-xdr/.idea/libraries/Maven__org_springframework_data_spring_data_redis_2_7_3.xml b/haobang-security-xdr/.idea/libraries/Maven__org_springframework_data_spring_data_redis_2_7_3.xml
new file mode 100644
index 0000000..71cb323
--- /dev/null
+++ b/haobang-security-xdr/.idea/libraries/Maven__org_springframework_data_spring_data_redis_2_7_3.xml
@@ -0,0 +1,13 @@
+<component name="libraryTable">
+  <library name="Maven: org.springframework.data:spring-data-redis:2.7.3">
+    <CLASSES>
+      <root url="jar://$USER_HOME$/.m2/repository/org/springframework/data/spring-data-redis/2.7.3/spring-data-redis-2.7.3.jar!/" />
+    </CLASSES>
+    <JAVADOC>
+      <root url="jar://$USER_HOME$/.m2/repository/org/springframework/data/spring-data-redis/2.7.3/spring-data-redis-2.7.3-javadoc.jar!/" />
+    </JAVADOC>
+    <SOURCES>
+      <root url="jar://$USER_HOME$/.m2/repository/org/springframework/data/spring-data-redis/2.7.3/spring-data-redis-2.7.3-sources.jar!/" />
+    </SOURCES>
+  </library>
+</component>
\ No newline at end of file
diff --git a/haobang-security-xdr/.idea/libraries/Maven__org_springframework_kafka_spring_kafka_2_8_9.xml b/haobang-security-xdr/.idea/libraries/Maven__org_springframework_kafka_spring_kafka_2_8_9.xml
new file mode 100644
index 0000000..d5c6a3e
--- /dev/null
+++ b/haobang-security-xdr/.idea/libraries/Maven__org_springframework_kafka_spring_kafka_2_8_9.xml
@@ -0,0 +1,13 @@
+<component name="libraryTable">
+  <library name="Maven: org.springframework.kafka:spring-kafka:2.8.9">
+    <CLASSES>
+      <root url="jar://$USER_HOME$/.m2/repository/org/springframework/kafka/spring-kafka/2.8.9/spring-kafka-2.8.9.jar!/" />
+    </CLASSES>
+    <JAVADOC>
+      <root url="jar://$USER_HOME$/.m2/repository/org/springframework/kafka/spring-kafka/2.8.9/spring-kafka-2.8.9-javadoc.jar!/" />
+    </JAVADOC>
+    <SOURCES>
+      <root url="jar://$USER_HOME$/.m2/repository/org/springframework/kafka/spring-kafka/2.8.9/spring-kafka-2.8.9-sources.jar!/" />
+    </SOURCES>
+  </library>
+</component>
\ No newline at end of file
diff --git a/haobang-security-xdr/.idea/libraries/Maven__org_springframework_retry_spring_retry_1_3_3.xml b/haobang-security-xdr/.idea/libraries/Maven__org_springframework_retry_spring_retry_1_3_3.xml
new file mode 100644
index 0000000..bf84c4b
--- /dev/null
+++ b/haobang-security-xdr/.idea/libraries/Maven__org_springframework_retry_spring_retry_1_3_3.xml
@@ -0,0 +1,13 @@
+<component name="libraryTable">
+  <library name="Maven: org.springframework.retry:spring-retry:1.3.3">
+    <CLASSES>
+      <root url="jar://$USER_HOME$/.m2/repository/org/springframework/retry/spring-retry/1.3.3/spring-retry-1.3.3.jar!/" />
+    </CLASSES>
+    <JAVADOC>
+      <root url="jar://$USER_HOME$/.m2/repository/org/springframework/retry/spring-retry/1.3.3/spring-retry-1.3.3-javadoc.jar!/" />
+    </JAVADOC>
+    <SOURCES>
+      <root url="jar://$USER_HOME$/.m2/repository/org/springframework/retry/spring-retry/1.3.3/spring-retry-1.3.3-sources.jar!/" />
+    </SOURCES>
+  </library>
+</component>
\ No newline at end of file
diff --git a/haobang-security-xdr/.idea/libraries/Maven__org_springframework_spring_aop_5_3_23.xml b/haobang-security-xdr/.idea/libraries/Maven__org_springframework_spring_aop_5_3_23.xml
new file mode 100644
index 0000000..5201cf7
--- /dev/null
+++ b/haobang-security-xdr/.idea/libraries/Maven__org_springframework_spring_aop_5_3_23.xml
@@ -0,0 +1,13 @@
+<component name="libraryTable">
+  <library name="Maven: org.springframework:spring-aop:5.3.23">
+    <CLASSES>
+      <root url="jar://$USER_HOME$/.m2/repository/org/springframework/spring-aop/5.3.23/spring-aop-5.3.23.jar!/" />
+    </CLASSES>
+    <JAVADOC>
+      <root url="jar://$USER_HOME$/.m2/repository/org/springframework/spring-aop/5.3.23/spring-aop-5.3.23-javadoc.jar!/" />
+    </JAVADOC>
+    <SOURCES>
+      <root url="jar://$USER_HOME$/.m2/repository/org/springframework/spring-aop/5.3.23/spring-aop-5.3.23-sources.jar!/" />
+    </SOURCES>
+  </library>
+</component>
\ No newline at end of file
diff --git a/haobang-security-xdr/.idea/libraries/Maven__org_springframework_spring_beans_5_3_23.xml b/haobang-security-xdr/.idea/libraries/Maven__org_springframework_spring_beans_5_3_23.xml
new file mode 100644
index 0000000..1a4ad19
--- /dev/null
+++ b/haobang-security-xdr/.idea/libraries/Maven__org_springframework_spring_beans_5_3_23.xml
@@ -0,0 +1,13 @@
+<component name="libraryTable">
+  <library name="Maven: org.springframework:spring-beans:5.3.23">
+    <CLASSES>
+      <root url="jar://$USER_HOME$/.m2/repository/org/springframework/spring-beans/5.3.23/spring-beans-5.3.23.jar!/" />
+    </CLASSES>
+    <JAVADOC>
+      <root url="jar://$USER_HOME$/.m2/repository/org/springframework/spring-beans/5.3.23/spring-beans-5.3.23-javadoc.jar!/" />
+    </JAVADOC>
+    <SOURCES>
+      <root url="jar://$USER_HOME$/.m2/repository/org/springframework/spring-beans/5.3.23/spring-beans-5.3.23-sources.jar!/" />
+    </SOURCES>
+  </library>
+</component>
\ No newline at end of file
diff --git a/haobang-security-xdr/.idea/libraries/Maven__org_springframework_spring_context_5_3_23.xml b/haobang-security-xdr/.idea/libraries/Maven__org_springframework_spring_context_5_3_23.xml
new file mode 100644
index 0000000..55127d5
--- /dev/null
+++ b/haobang-security-xdr/.idea/libraries/Maven__org_springframework_spring_context_5_3_23.xml
@@ -0,0 +1,13 @@
+<component name="libraryTable">
+  <library name="Maven: org.springframework:spring-context:5.3.23">
+    <CLASSES>
+      <root url="jar://$USER_HOME$/.m2/repository/org/springframework/spring-context/5.3.23/spring-context-5.3.23.jar!/" />
+    </CLASSES>
+    <JAVADOC>
+      <root url="jar://$USER_HOME$/.m2/repository/org/springframework/spring-context/5.3.23/spring-context-5.3.23-javadoc.jar!/" />
+    </JAVADOC>
+    <SOURCES>
+      <root url="jar://$USER_HOME$/.m2/repository/org/springframework/spring-context/5.3.23/spring-context-5.3.23-sources.jar!/" />
+    </SOURCES>
+  </library>
+</component>
\ No newline at end of file
diff --git a/haobang-security-xdr/.idea/libraries/Maven__org_springframework_spring_context_support_5_3_23.xml b/haobang-security-xdr/.idea/libraries/Maven__org_springframework_spring_context_support_5_3_23.xml
new file mode 100644
index 0000000..127bbfd
--- /dev/null
+++ b/haobang-security-xdr/.idea/libraries/Maven__org_springframework_spring_context_support_5_3_23.xml
@@ -0,0 +1,13 @@
+<component name="libraryTable">
+  <library name="Maven: org.springframework:spring-context-support:5.3.23">
+    <CLASSES>
+      <root url="jar://$USER_HOME$/.m2/repository/org/springframework/spring-context-support/5.3.23/spring-context-support-5.3.23.jar!/" />
+    </CLASSES>
+    <JAVADOC>
+      <root url="jar://$USER_HOME$/.m2/repository/org/springframework/spring-context-support/5.3.23/spring-context-support-5.3.23-javadoc.jar!/" />
+    </JAVADOC>
+    <SOURCES>
+      <root url="jar://$USER_HOME$/.m2/repository/org/springframework/spring-context-support/5.3.23/spring-context-support-5.3.23-sources.jar!/" />
+    </SOURCES>
+  </library>
+</component>
\ No newline at end of file
diff --git a/haobang-security-xdr/.idea/libraries/Maven__org_springframework_spring_core_5_3_23.xml b/haobang-security-xdr/.idea/libraries/Maven__org_springframework_spring_core_5_3_23.xml
new file mode 100644
index 0000000..912deef
--- /dev/null
+++ b/haobang-security-xdr/.idea/libraries/Maven__org_springframework_spring_core_5_3_23.xml
@@ -0,0 +1,13 @@
+<component name="libraryTable">
+  <library name="Maven: org.springframework:spring-core:5.3.23">
+    <CLASSES>
+      <root url="jar://$USER_HOME$/.m2/repository/org/springframework/spring-core/5.3.23/spring-core-5.3.23.jar!/" />
+    </CLASSES>
+    <JAVADOC>
+      <root url="jar://$USER_HOME$/.m2/repository/org/springframework/spring-core/5.3.23/spring-core-5.3.23-javadoc.jar!/" />
+    </JAVADOC>
+    <SOURCES>
+      <root url="jar://$USER_HOME$/.m2/repository/org/springframework/spring-core/5.3.23/spring-core-5.3.23-sources.jar!/" />
+    </SOURCES>
+  </library>
+</component>
\ No newline at end of file
diff --git a/haobang-security-xdr/.idea/libraries/Maven__org_springframework_spring_expression_5_3_23.xml b/haobang-security-xdr/.idea/libraries/Maven__org_springframework_spring_expression_5_3_23.xml
new file mode 100644
index 0000000..f817d88
--- /dev/null
+++ b/haobang-security-xdr/.idea/libraries/Maven__org_springframework_spring_expression_5_3_23.xml
@@ -0,0 +1,13 @@
+<component name="libraryTable">
+  <library name="Maven: org.springframework:spring-expression:5.3.23">
+    <CLASSES>
+      <root url="jar://$USER_HOME$/.m2/repository/org/springframework/spring-expression/5.3.23/spring-expression-5.3.23.jar!/" />
+    </CLASSES>
+    <JAVADOC>
+      <root url="jar://$USER_HOME$/.m2/repository/org/springframework/spring-expression/5.3.23/spring-expression-5.3.23-javadoc.jar!/" />
+    </JAVADOC>
+    <SOURCES>
+      <root url="jar://$USER_HOME$/.m2/repository/org/springframework/spring-expression/5.3.23/spring-expression-5.3.23-sources.jar!/" />
+    </SOURCES>
+  </library>
+</component>
\ No newline at end of file
diff --git a/haobang-security-xdr/.idea/libraries/Maven__org_springframework_spring_jcl_5_3_23.xml b/haobang-security-xdr/.idea/libraries/Maven__org_springframework_spring_jcl_5_3_23.xml
new file mode 100644
index 0000000..70aa190
--- /dev/null
+++ b/haobang-security-xdr/.idea/libraries/Maven__org_springframework_spring_jcl_5_3_23.xml
@@ -0,0 +1,13 @@
+<component name="libraryTable">
+  <library name="Maven: org.springframework:spring-jcl:5.3.23">
+    <CLASSES>
+      <root url="jar://$USER_HOME$/.m2/repository/org/springframework/spring-jcl/5.3.23/spring-jcl-5.3.23.jar!/" />
+    </CLASSES>
+    <JAVADOC>
+      <root url="jar://$USER_HOME$/.m2/repository/org/springframework/spring-jcl/5.3.23/spring-jcl-5.3.23-javadoc.jar!/" />
+    </JAVADOC>
+    <SOURCES>
+      <root url="jar://$USER_HOME$/.m2/repository/org/springframework/spring-jcl/5.3.23/spring-jcl-5.3.23-sources.jar!/" />
+    </SOURCES>
+  </library>
+</component>
\ No newline at end of file
diff --git a/haobang-security-xdr/.idea/libraries/Maven__org_springframework_spring_jdbc_5_3_23.xml b/haobang-security-xdr/.idea/libraries/Maven__org_springframework_spring_jdbc_5_3_23.xml
new file mode 100644
index 0000000..7bd4be0
--- /dev/null
+++ b/haobang-security-xdr/.idea/libraries/Maven__org_springframework_spring_jdbc_5_3_23.xml
@@ -0,0 +1,13 @@
+<component name="libraryTable">
+  <library name="Maven: org.springframework:spring-jdbc:5.3.23">
+    <CLASSES>
+      <root url="jar://$USER_HOME$/.m2/repository/org/springframework/spring-jdbc/5.3.23/spring-jdbc-5.3.23.jar!/" />
+    </CLASSES>
+    <JAVADOC>
+      <root url="jar://$USER_HOME$/.m2/repository/org/springframework/spring-jdbc/5.3.23/spring-jdbc-5.3.23-javadoc.jar!/" />
+    </JAVADOC>
+    <SOURCES>
+      <root url="jar://$USER_HOME$/.m2/repository/org/springframework/spring-jdbc/5.3.23/spring-jdbc-5.3.23-sources.jar!/" />
+    </SOURCES>
+  </library>
+</component>
\ No newline at end of file
diff --git a/haobang-security-xdr/.idea/libraries/Maven__org_springframework_spring_messaging_5_3_23.xml b/haobang-security-xdr/.idea/libraries/Maven__org_springframework_spring_messaging_5_3_23.xml
new file mode 100644
index 0000000..2017820
--- /dev/null
+++ b/haobang-security-xdr/.idea/libraries/Maven__org_springframework_spring_messaging_5_3_23.xml
@@ -0,0 +1,13 @@
+<component name="libraryTable">
+  <library name="Maven: org.springframework:spring-messaging:5.3.23">
+    <CLASSES>
+      <root url="jar://$USER_HOME$/.m2/repository/org/springframework/spring-messaging/5.3.23/spring-messaging-5.3.23.jar!/" />
+    </CLASSES>
+    <JAVADOC>
+      <root url="jar://$USER_HOME$/.m2/repository/org/springframework/spring-messaging/5.3.23/spring-messaging-5.3.23-javadoc.jar!/" />
+    </JAVADOC>
+    <SOURCES>
+      <root url="jar://$USER_HOME$/.m2/repository/org/springframework/spring-messaging/5.3.23/spring-messaging-5.3.23-sources.jar!/" />
+    </SOURCES>
+  </library>
+</component>
\ No newline at end of file
diff --git a/haobang-security-xdr/.idea/libraries/Maven__org_springframework_spring_oxm_5_3_23.xml b/haobang-security-xdr/.idea/libraries/Maven__org_springframework_spring_oxm_5_3_23.xml
new file mode 100644
index 0000000..90e95d3
--- /dev/null
+++ b/haobang-security-xdr/.idea/libraries/Maven__org_springframework_spring_oxm_5_3_23.xml
@@ -0,0 +1,13 @@
+<component name="libraryTable">
+  <library name="Maven: org.springframework:spring-oxm:5.3.23">
+    <CLASSES>
+      <root url="jar://$USER_HOME$/.m2/repository/org/springframework/spring-oxm/5.3.23/spring-oxm-5.3.23.jar!/" />
+    </CLASSES>
+    <JAVADOC>
+      <root url="jar://$USER_HOME$/.m2/repository/org/springframework/spring-oxm/5.3.23/spring-oxm-5.3.23-javadoc.jar!/" />
+    </JAVADOC>
+    <SOURCES>
+      <root url="jar://$USER_HOME$/.m2/repository/org/springframework/spring-oxm/5.3.23/spring-oxm-5.3.23-sources.jar!/" />
+    </SOURCES>
+  </library>
+</component>
\ No newline at end of file
diff --git a/haobang-security-xdr/.idea/libraries/Maven__org_springframework_spring_test_5_3_23.xml b/haobang-security-xdr/.idea/libraries/Maven__org_springframework_spring_test_5_3_23.xml
new file mode 100644
index 0000000..2c3d0fa
--- /dev/null
+++ b/haobang-security-xdr/.idea/libraries/Maven__org_springframework_spring_test_5_3_23.xml
@@ -0,0 +1,13 @@
+<component name="libraryTable">
+  <library name="Maven: org.springframework:spring-test:5.3.23">
+    <CLASSES>
+      <root url="jar://$USER_HOME$/.m2/repository/org/springframework/spring-test/5.3.23/spring-test-5.3.23.jar!/" />
+    </CLASSES>
+    <JAVADOC>
+      <root url="jar://$USER_HOME$/.m2/repository/org/springframework/spring-test/5.3.23/spring-test-5.3.23-javadoc.jar!/" />
+    </JAVADOC>
+    <SOURCES>
+      <root url="jar://$USER_HOME$/.m2/repository/org/springframework/spring-test/5.3.23/spring-test-5.3.23-sources.jar!/" />
+    </SOURCES>
+  </library>
+</component>
\ No newline at end of file
diff --git a/haobang-security-xdr/.idea/libraries/Maven__org_springframework_spring_tx_5_3_23.xml b/haobang-security-xdr/.idea/libraries/Maven__org_springframework_spring_tx_5_3_23.xml
new file mode 100644
index 0000000..d2a052d
--- /dev/null
+++ b/haobang-security-xdr/.idea/libraries/Maven__org_springframework_spring_tx_5_3_23.xml
@@ -0,0 +1,13 @@
+<component name="libraryTable">
+  <library name="Maven: org.springframework:spring-tx:5.3.23">
+    <CLASSES>
+      <root url="jar://$USER_HOME$/.m2/repository/org/springframework/spring-tx/5.3.23/spring-tx-5.3.23.jar!/" />
+    </CLASSES>
+    <JAVADOC>
+      <root url="jar://$USER_HOME$/.m2/repository/org/springframework/spring-tx/5.3.23/spring-tx-5.3.23-javadoc.jar!/" />
+    </JAVADOC>
+    <SOURCES>
+      <root url="jar://$USER_HOME$/.m2/repository/org/springframework/spring-tx/5.3.23/spring-tx-5.3.23-sources.jar!/" />
+    </SOURCES>
+  </library>
+</component>
\ No newline at end of file
diff --git a/haobang-security-xdr/.idea/libraries/Maven__org_springframework_spring_web_5_3_23.xml b/haobang-security-xdr/.idea/libraries/Maven__org_springframework_spring_web_5_3_23.xml
new file mode 100644
index 0000000..402ec3d
--- /dev/null
+++ b/haobang-security-xdr/.idea/libraries/Maven__org_springframework_spring_web_5_3_23.xml
@@ -0,0 +1,13 @@
+<component name="libraryTable">
+  <library name="Maven: org.springframework:spring-web:5.3.23">
+    <CLASSES>
+      <root url="jar://$USER_HOME$/.m2/repository/org/springframework/spring-web/5.3.23/spring-web-5.3.23.jar!/" />
+    </CLASSES>
+    <JAVADOC>
+      <root url="jar://$USER_HOME$/.m2/repository/org/springframework/spring-web/5.3.23/spring-web-5.3.23-javadoc.jar!/" />
+    </JAVADOC>
+    <SOURCES>
+      <root url="jar://$USER_HOME$/.m2/repository/org/springframework/spring-web/5.3.23/spring-web-5.3.23-sources.jar!/" />
+    </SOURCES>
+  </library>
+</component>
\ No newline at end of file
diff --git a/haobang-security-xdr/.idea/libraries/Maven__org_springframework_spring_webmvc_5_3_23.xml b/haobang-security-xdr/.idea/libraries/Maven__org_springframework_spring_webmvc_5_3_23.xml
new file mode 100644
index 0000000..a350fc0
--- /dev/null
+++ b/haobang-security-xdr/.idea/libraries/Maven__org_springframework_spring_webmvc_5_3_23.xml
@@ -0,0 +1,13 @@
+<component name="libraryTable">
+  <library name="Maven: org.springframework:spring-webmvc:5.3.23">
+    <CLASSES>
+      <root url="jar://$USER_HOME$/.m2/repository/org/springframework/spring-webmvc/5.3.23/spring-webmvc-5.3.23.jar!/" />
+    </CLASSES>
+    <JAVADOC>
+      <root url="jar://$USER_HOME$/.m2/repository/org/springframework/spring-webmvc/5.3.23/spring-webmvc-5.3.23-javadoc.jar!/" />
+    </JAVADOC>
+    <SOURCES>
+      <root url="jar://$USER_HOME$/.m2/repository/org/springframework/spring-webmvc/5.3.23/spring-webmvc-5.3.23-sources.jar!/" />
+    </SOURCES>
+  </library>
+</component>
\ No newline at end of file
diff --git a/haobang-security-xdr/.idea/libraries/Maven__org_xerial_snappy_snappy_java_1_1_8_4.xml b/haobang-security-xdr/.idea/libraries/Maven__org_xerial_snappy_snappy_java_1_1_8_4.xml
new file mode 100644
index 0000000..91914a7
--- /dev/null
+++ b/haobang-security-xdr/.idea/libraries/Maven__org_xerial_snappy_snappy_java_1_1_8_4.xml
@@ -0,0 +1,13 @@
+<component name="libraryTable">
+  <library name="Maven: org.xerial.snappy:snappy-java:1.1.8.4">
+    <CLASSES>
+      <root url="jar://$USER_HOME$/.m2/repository/org/xerial/snappy/snappy-java/1.1.8.4/snappy-java-1.1.8.4.jar!/" />
+    </CLASSES>
+    <JAVADOC>
+      <root url="jar://$USER_HOME$/.m2/repository/org/xerial/snappy/snappy-java/1.1.8.4/snappy-java-1.1.8.4-javadoc.jar!/" />
+    </JAVADOC>
+    <SOURCES>
+      <root url="jar://$USER_HOME$/.m2/repository/org/xerial/snappy/snappy-java/1.1.8.4/snappy-java-1.1.8.4-sources.jar!/" />
+    </SOURCES>
+  </library>
+</component>
\ No newline at end of file
diff --git a/haobang-security-xdr/.idea/libraries/Maven__org_xmlunit_xmlunit_core_2_9_0.xml b/haobang-security-xdr/.idea/libraries/Maven__org_xmlunit_xmlunit_core_2_9_0.xml
new file mode 100644
index 0000000..4dc9e4b
--- /dev/null
+++ b/haobang-security-xdr/.idea/libraries/Maven__org_xmlunit_xmlunit_core_2_9_0.xml
@@ -0,0 +1,13 @@
+<component name="libraryTable">
+  <library name="Maven: org.xmlunit:xmlunit-core:2.9.0">
+    <CLASSES>
+      <root url="jar://$USER_HOME$/.m2/repository/org/xmlunit/xmlunit-core/2.9.0/xmlunit-core-2.9.0.jar!/" />
+    </CLASSES>
+    <JAVADOC>
+      <root url="jar://$USER_HOME$/.m2/repository/org/xmlunit/xmlunit-core/2.9.0/xmlunit-core-2.9.0-javadoc.jar!/" />
+    </JAVADOC>
+    <SOURCES>
+      <root url="jar://$USER_HOME$/.m2/repository/org/xmlunit/xmlunit-core/2.9.0/xmlunit-core-2.9.0-sources.jar!/" />
+    </SOURCES>
+  </library>
+</component>
\ No newline at end of file
diff --git a/haobang-security-xdr/.idea/libraries/Maven__org_yaml_snakeyaml_1_30.xml b/haobang-security-xdr/.idea/libraries/Maven__org_yaml_snakeyaml_1_30.xml
new file mode 100644
index 0000000..006ddf0
--- /dev/null
+++ b/haobang-security-xdr/.idea/libraries/Maven__org_yaml_snakeyaml_1_30.xml
@@ -0,0 +1,13 @@
+<component name="libraryTable">
+  <library name="Maven: org.yaml:snakeyaml:1.30">
+    <CLASSES>
+      <root url="jar://$USER_HOME$/.m2/repository/org/yaml/snakeyaml/1.30/snakeyaml-1.30.jar!/" />
+    </CLASSES>
+    <JAVADOC>
+      <root url="jar://$USER_HOME$/.m2/repository/org/yaml/snakeyaml/1.30/snakeyaml-1.30-javadoc.jar!/" />
+    </JAVADOC>
+    <SOURCES>
+      <root url="jar://$USER_HOME$/.m2/repository/org/yaml/snakeyaml/1.30/snakeyaml-1.30-sources.jar!/" />
+    </SOURCES>
+  </library>
+</component>
\ No newline at end of file
diff --git a/haobang-security-xdr/.idea/misc.xml b/haobang-security-xdr/.idea/misc.xml
new file mode 100644
index 0000000..d30d09e
--- /dev/null
+++ b/haobang-security-xdr/.idea/misc.xml
@@ -0,0 +1,13 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<project version="4">
+  <component name="MavenProjectsManager">
+    <option name="originalFiles">
+      <list>
+        <option value="$PROJECT_DIR$/pom.xml" />
+      </list>
+    </option>
+  </component>
+  <component name="ProjectRootManager" version="2" languageLevel="JDK_1_8" project-jdk-name="1.8" project-jdk-type="JavaSDK">
+    <output url="file://$PROJECT_DIR$/classes" />
+  </component>
+</project>
\ No newline at end of file
diff --git a/haobang-security-xdr/.idea/modules.xml b/haobang-security-xdr/.idea/modules.xml
new file mode 100644
index 0000000..3b805fa
--- /dev/null
+++ b/haobang-security-xdr/.idea/modules.xml
@@ -0,0 +1,11 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<project version="4">
+  <component name="ProjectModuleManager">
+    <modules>
+      <module fileurl="file://$PROJECT_DIR$/haobang-security-xdr.iml" filepath="$PROJECT_DIR$/haobang-security-xdr.iml" />
+      <module fileurl="file://$PROJECT_DIR$/syslog-client/syslog-client.iml" filepath="$PROJECT_DIR$/syslog-client/syslog-client.iml" />
+      <module fileurl="file://$PROJECT_DIR$/syslog-serve/syslog-serve.iml" filepath="$PROJECT_DIR$/syslog-serve/syslog-serve.iml" />
+      <module fileurl="file://$PROJECT_DIR$/syslog-consumer/syslogconsumer.iml" filepath="$PROJECT_DIR$/syslog-consumer/syslogconsumer.iml" />
+    </modules>
+  </component>
+</project>
\ No newline at end of file
diff --git a/haobang-security-xdr/.idea/uiDesigner.xml b/haobang-security-xdr/.idea/uiDesigner.xml
new file mode 100644
index 0000000..e96534f
--- /dev/null
+++ b/haobang-security-xdr/.idea/uiDesigner.xml
@@ -0,0 +1,124 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<project version="4">
+  <component name="Palette2">
+    <group name="Swing">
+      <item class="com.intellij.uiDesigner.HSpacer" tooltip-text="Horizontal Spacer" icon="/com/intellij/uiDesigner/icons/hspacer.png" removable="false" auto-create-binding="false" can-attach-label="false">
+        <default-constraints vsize-policy="1" hsize-policy="6" anchor="0" fill="1" />
+      </item>
+      <item class="com.intellij.uiDesigner.VSpacer" tooltip-text="Vertical Spacer" icon="/com/intellij/uiDesigner/icons/vspacer.png" removable="false" auto-create-binding="false" can-attach-label="false">
+        <default-constraints vsize-policy="6" hsize-policy="1" anchor="0" fill="2" />
+      </item>
+      <item class="javax.swing.JPanel" icon="/com/intellij/uiDesigner/icons/panel.png" removable="false" auto-create-binding="false" can-attach-label="false">
+        <default-constraints vsize-policy="3" hsize-policy="3" anchor="0" fill="3" />
+      </item>
+      <item class="javax.swing.JScrollPane" icon="/com/intellij/uiDesigner/icons/scrollPane.png" removable="false" auto-create-binding="false" can-attach-label="true">
+        <default-constraints vsize-policy="7" hsize-policy="7" anchor="0" fill="3" />
+      </item>
+      <item class="javax.swing.JButton" icon="/com/intellij/uiDesigner/icons/button.png" removable="false" auto-create-binding="true" can-attach-label="false">
+        <default-constraints vsize-policy="0" hsize-policy="3" anchor="0" fill="1" />
+        <initial-values>
+          <property name="text" value="Button" />
+        </initial-values>
+      </item>
+      <item class="javax.swing.JRadioButton" icon="/com/intellij/uiDesigner/icons/radioButton.png" removable="false" auto-create-binding="true" can-attach-label="false">
+        <default-constraints vsize-policy="0" hsize-policy="3" anchor="8" fill="0" />
+        <initial-values>
+          <property name="text" value="RadioButton" />
+        </initial-values>
+      </item>
+      <item class="javax.swing.JCheckBox" icon="/com/intellij/uiDesigner/icons/checkBox.png" removable="false" auto-create-binding="true" can-attach-label="false">
+        <default-constraints vsize-policy="0" hsize-policy="3" anchor="8" fill="0" />
+        <initial-values>
+          <property name="text" value="CheckBox" />
+        </initial-values>
+      </item>
+      <item class="javax.swing.JLabel" icon="/com/intellij/uiDesigner/icons/label.png" removable="false" auto-create-binding="false" can-attach-label="false">
+        <default-constraints vsize-policy="0" hsize-policy="0" anchor="8" fill="0" />
+        <initial-values>
+          <property name="text" value="Label" />
+        </initial-values>
+      </item>
+      <item class="javax.swing.JTextField" icon="/com/intellij/uiDesigner/icons/textField.png" removable="false" auto-create-binding="true" can-attach-label="true">
+        <default-constraints vsize-policy="0" hsize-policy="6" anchor="8" fill="1">
+          <preferred-size width="150" height="-1" />
+        </default-constraints>
+      </item>
+      <item class="javax.swing.JPasswordField" icon="/com/intellij/uiDesigner/icons/passwordField.png" removable="false" auto-create-binding="true" can-attach-label="true">
+        <default-constraints vsize-policy="0" hsize-policy="6" anchor="8" fill="1">
+          <preferred-size width="150" height="-1" />
+        </default-constraints>
+      </item>
+      <item class="javax.swing.JFormattedTextField" icon="/com/intellij/uiDesigner/icons/formattedTextField.png" removable="false" auto-create-binding="true" can-attach-label="true">
+        <default-constraints vsize-policy="0" hsize-policy="6" anchor="8" fill="1">
+          <preferred-size width="150" height="-1" />
+        </default-constraints>
+      </item>
+      <item class="javax.swing.JTextArea" icon="/com/intellij/uiDesigner/icons/textArea.png" removable="false" auto-create-binding="true" can-attach-label="true">
+        <default-constraints vsize-policy="6" hsize-policy="6" anchor="0" fill="3">
+          <preferred-size width="150" height="50" />
+        </default-constraints>
+      </item>
+      <item class="javax.swing.JTextPane" icon="/com/intellij/uiDesigner/icons/textPane.png" removable="false" auto-create-binding="true" can-attach-label="true">
+        <default-constraints vsize-policy="6" hsize-policy="6" anchor="0" fill="3">
+          <preferred-size width="150" height="50" />
+        </default-constraints>
+      </item>
+      <item class="javax.swing.JEditorPane" icon="/com/intellij/uiDesigner/icons/editorPane.png" removable="false" auto-create-binding="true" can-attach-label="true">
+        <default-constraints vsize-policy="6" hsize-policy="6" anchor="0" fill="3">
+          <preferred-size width="150" height="50" />
+        </default-constraints>
+      </item>
+      <item class="javax.swing.JComboBox" icon="/com/intellij/uiDesigner/icons/comboBox.png" removable="false" auto-create-binding="true" can-attach-label="true">
+        <default-constraints vsize-policy="0" hsize-policy="2" anchor="8" fill="1" />
+      </item>
+      <item class="javax.swing.JTable" icon="/com/intellij/uiDesigner/icons/table.png" removable="false" auto-create-binding="true" can-attach-label="false">
+        <default-constraints vsize-policy="6" hsize-policy="6" anchor="0" fill="3">
+          <preferred-size width="150" height="50" />
+        </default-constraints>
+      </item>
+      <item class="javax.swing.JList" icon="/com/intellij/uiDesigner/icons/list.png" removable="false" auto-create-binding="true" can-attach-label="false">
+        <default-constraints vsize-policy="6" hsize-policy="2" anchor="0" fill="3">
+          <preferred-size width="150" height="50" />
+        </default-constraints>
+      </item>
+      <item class="javax.swing.JTree" icon="/com/intellij/uiDesigner/icons/tree.png" removable="false" auto-create-binding="true" can-attach-label="false">
+        <default-constraints vsize-policy="6" hsize-policy="6" anchor="0" fill="3">
+          <preferred-size width="150" height="50" />
+        </default-constraints>
+      </item>
+      <item class="javax.swing.JTabbedPane" icon="/com/intellij/uiDesigner/icons/tabbedPane.png" removable="false" auto-create-binding="true" can-attach-label="false">
+        <default-constraints vsize-policy="3" hsize-policy="3" anchor="0" fill="3">
+          <preferred-size width="200" height="200" />
+        </default-constraints>
+      </item>
+      <item class="javax.swing.JSplitPane" icon="/com/intellij/uiDesigner/icons/splitPane.png" removable="false" auto-create-binding="false" can-attach-label="false">
+        <default-constraints vsize-policy="3" hsize-policy="3" anchor="0" fill="3">
+          <preferred-size width="200" height="200" />
+        </default-constraints>
+      </item>
+      <item class="javax.swing.JSpinner" icon="/com/intellij/uiDesigner/icons/spinner.png" removable="false" auto-create-binding="true" can-attach-label="true">
+        <default-constraints vsize-policy="0" hsize-policy="6" anchor="8" fill="1" />
+      </item>
+      <item class="javax.swing.JSlider" icon="/com/intellij/uiDesigner/icons/slider.png" removable="false" auto-create-binding="true" can-attach-label="false">
+        <default-constraints vsize-policy="0" hsize-policy="6" anchor="8" fill="1" />
+      </item>
+      <item class="javax.swing.JSeparator" icon="/com/intellij/uiDesigner/icons/separator.png" removable="false" auto-create-binding="false" can-attach-label="false">
+        <default-constraints vsize-policy="6" hsize-policy="6" anchor="0" fill="3" />
+      </item>
+      <item class="javax.swing.JProgressBar" icon="/com/intellij/uiDesigner/icons/progressbar.png" removable="false" auto-create-binding="true" can-attach-label="false">
+        <default-constraints vsize-policy="0" hsize-policy="6" anchor="0" fill="1" />
+      </item>
+      <item class="javax.swing.JToolBar" icon="/com/intellij/uiDesigner/icons/toolbar.png" removable="false" auto-create-binding="false" can-attach-label="false">
+        <default-constraints vsize-policy="0" hsize-policy="6" anchor="0" fill="1">
+          <preferred-size width="-1" height="20" />
+        </default-constraints>
+      </item>
+      <item class="javax.swing.JToolBar$Separator" icon="/com/intellij/uiDesigner/icons/toolbarSeparator.png" removable="false" auto-create-binding="false" can-attach-label="false">
+        <default-constraints vsize-policy="0" hsize-policy="0" anchor="0" fill="1" />
+      </item>
+      <item class="javax.swing.JScrollBar" icon="/com/intellij/uiDesigner/icons/scrollbar.png" removable="false" auto-create-binding="true" can-attach-label="false">
+        <default-constraints vsize-policy="6" hsize-policy="0" anchor="0" fill="2" />
+      </item>
+    </group>
+  </component>
+</project>
\ No newline at end of file
diff --git a/haobang-security-xdr/.idea/workspace.xml b/haobang-security-xdr/.idea/workspace.xml
new file mode 100644
index 0000000..b876d04
--- /dev/null
+++ b/haobang-security-xdr/.idea/workspace.xml
@@ -0,0 +1,1496 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<project version="4">
+  <component name="ChangeListManager">
+    <list default="true" id="eb21a6b1-6c26-4bc8-8602-0235369162f3" name="Default Changelist" comment="" />
+    <ignored path="$PROJECT_DIR$/target/" />
+    <ignored path="$PROJECT_DIR$/syslog-java-client/target/" />
+    <ignored path="$PROJECT_DIR$/syslog-java-serve/target/" />
+    <ignored path="$PROJECT_DIR$/syslog-serve/target/" />
+    <ignored path="$PROJECT_DIR$/syslog-client/target/" />
+    <ignored path="$PROJECT_DIR$/syslog-consumer/target/" />
+    <option name="EXCLUDED_CONVERTED_TO_IGNORED" value="true" />
+    <option name="SHOW_DIALOG" value="false" />
+    <option name="HIGHLIGHT_CONFLICTS" value="true" />
+    <option name="HIGHLIGHT_NON_ACTIVE_CHANGELIST" value="false" />
+    <option name="LAST_RESOLUTION" value="IGNORE" />
+  </component>
+  <component name="CoverageDataManager">
+    <SUITE FILE_PATH="coverage/haobang_security_xdr$syslogClientApplication.ic" NAME="syslogClientApplication Coverage Results" MODIFIED="1760436828313" SOURCE_PROVIDER="com.intellij.coverage.DefaultCoverageFileProvider" RUNNER="idea" COVERAGE_BY_TEST_ENABLED="false" COVERAGE_TRACING_ENABLED="false">
+      <FILTER>com.haobang.syslog.*</FILTER>
+    </SUITE>
+  </component>
+  <component name="DatabaseView">
+    <option name="SHOW_INTERMEDIATE" value="true" />
+    <option name="GROUP_DATA_SOURCES" value="true" />
+    <option name="GROUP_SCHEMA" value="true" />
+    <option name="GROUP_CONTENTS" value="false" />
+    <option name="SORT_POSITIONED" value="false" />
+    <option name="SHOW_EMPTY_GROUPS" value="false" />
+    <option name="AUTO_SCROLL_FROM_SOURCE" value="false" />
+    <option name="HIDDEN_KINDS">
+      <set />
+    </option>
+    <expand />
+    <select />
+  </component>
+  <component name="FUSProjectUsageTrigger">
+    <session id="-1037078244">
+      <usages-collector id="statistics.lifecycle.project">
+        <counts>
+          <entry key="project.closed" value="73" />
+          <entry key="project.open.time.0" value="2" />
+          <entry key="project.open.time.1" value="6" />
+          <entry key="project.open.time.10" value="3" />
+          <entry key="project.open.time.11" value="9" />
+          <entry key="project.open.time.12" value="15" />
+          <entry key="project.open.time.13" value="4" />
+          <entry key="project.open.time.14" value="7" />
+          <entry key="project.open.time.15" value="11" />
+          <entry key="project.open.time.16" value="6" />
+          <entry key="project.open.time.17" value="7" />
+          <entry key="project.open.time.18" value="7" />
+          <entry key="project.open.time.19" value="1" />
+          <entry key="project.open.time.2" value="2" />
+          <entry key="project.open.time.20" value="2" />
+          <entry key="project.open.time.21" value="2" />
+          <entry key="project.open.time.23" value="2" />
+          <entry key="project.open.time.26" value="1" />
+          <entry key="project.open.time.3" value="5" />
+          <entry key="project.open.time.38" value="1" />
+          <entry key="project.open.time.4" value="2" />
+          <entry key="project.open.time.6" value="1" />
+          <entry key="project.open.time.9" value="2" />
+          <entry key="project.opened" value="98" />
+        </counts>
+      </usages-collector>
+      <usages-collector id="statistics.file.extensions.open">
+        <counts>
+          <entry key="Dockerfile" value="19" />
+          <entry key="class" value="177" />
+          <entry key="cmd" value="2" />
+          <entry key="gitignore" value="1" />
+          <entry key="iml" value="44" />
+          <entry key="java" value="2096" />
+          <entry key="log" value="21" />
+          <entry key="md" value="11" />
+          <entry key="mvnw" value="1" />
+          <entry key="pom" value="8" />
+          <entry key="properties" value="321" />
+          <entry key="sh" value="2" />
+          <entry key="txt" value="51" />
+          <entry key="xml" value="344" />
+          <entry key="xsd" value="4" />
+        </counts>
+      </usages-collector>
+      <usages-collector id="statistics.file.types.open">
+        <counts>
+          <entry key="CLASS" value="177" />
+          <entry key="Enforced Plain Text" value="2" />
+          <entry key="IDEA_MODULE" value="44" />
+          <entry key="JAVA" value="2096" />
+          <entry key="Markdown" value="11" />
+          <entry key="PLAIN_TEXT" value="97" />
+          <entry key="Properties" value="321" />
+          <entry key="XML" value="354" />
+        </counts>
+      </usages-collector>
+      <usages-collector id="statistics.file.extensions.edit">
+        <counts>
+          <entry key="Dockerfile" value="130" />
+          <entry key="java" value="24208" />
+          <entry key="md" value="404" />
+          <entry key="properties" value="1178" />
+          <entry key="sh" value="11" />
+          <entry key="txt" value="346" />
+          <entry key="xml" value="1429" />
+        </counts>
+      </usages-collector>
+      <usages-collector id="statistics.file.types.edit">
+        <counts>
+          <entry key="Enforced Plain Text" value="11" />
+          <entry key="JAVA" value="24208" />
+          <entry key="Markdown" value="404" />
+          <entry key="PLAIN_TEXT" value="487" />
+          <entry key="Properties" value="1178" />
+          <entry key="SQL" value="26" />
+          <entry key="XML" value="1392" />
+        </counts>
+      </usages-collector>
+    </session>
+  </component>
+  <component name="FavoritesManager">
+    <favorites_list name="haobang-security-xdr" />
+  </component>
+  <component name="FileEditorManager">
+    <leaf SIDE_TABS_SIZE_LIMIT_KEY="300">
+      <file pinned="false" current-in-tab="true">
+        <entry file="file://$PROJECT_DIR$/syslog-consumer/src/main/resources/application.properties">
+          <provider selected="true" editor-type-id="text-editor">
+            <state relative-caret-position="492">
+              <caret line="125" lean-forward="true" selection-start-line="125" selection-end-line="125" />
+            </state>
+          </provider>
+        </entry>
+      </file>
+      <file pinned="false" current-in-tab="false">
+        <entry file="file://$PROJECT_DIR$/syslog-consumer/src/main/resources/application-dev.properties">
+          <provider selected="true" editor-type-id="text-editor">
+            <state relative-caret-position="308">
+              <caret line="14" column="19" lean-forward="true" selection-end-line="125" />
+            </state>
+          </provider>
+        </entry>
+      </file>
+      <file pinned="false" current-in-tab="false">
+        <entry file="file://$PROJECT_DIR$/syslog-consumer/src/main/resources/application-prod.properties">
+          <provider selected="true" editor-type-id="text-editor">
+            <state relative-caret-position="308">
+              <caret line="14" column="19" selection-end-line="125" selection-end-column="29" />
+            </state>
+          </provider>
+        </entry>
+      </file>
+      <file pinned="false" current-in-tab="false">
+        <entry file="file://$PROJECT_DIR$/syslog-consumer/src/main/java/com/Modules/NormalData/LogNormalProcessor.java">
+          <provider selected="true" editor-type-id="text-editor">
+            <state relative-caret-position="170">
+              <caret line="167" column="64" selection-start-line="167" selection-start-column="64" selection-end-line="167" selection-end-column="64" />
+            </state>
+          </provider>
+        </entry>
+      </file>
+      <file pinned="false" current-in-tab="false">
+        <entry file="file://$PROJECT_DIR$/syslog-consumer/src/main/java/com/Modules/NormalData/SysLogProcessor.java">
+          <provider selected="true" editor-type-id="text-editor">
+            <state relative-caret-position="5764">
+              <caret line="287" column="5" selection-start-line="287" selection-start-column="5" selection-end-line="287" selection-end-column="5" />
+            </state>
+          </provider>
+        </entry>
+      </file>
+      <file pinned="false" current-in-tab="false">
+        <entry file="file://$PROJECT_DIR$/syslog-consumer/src/main/java/com/syslogApplication.java">
+          <provider selected="true" editor-type-id="text-editor">
+            <state relative-caret-position="132">
+              <caret line="28" column="13" selection-start-line="28" selection-start-column="13" selection-end-line="28" selection-end-column="13" />
+            </state>
+          </provider>
+        </entry>
+      </file>
+      <file pinned="false" current-in-tab="false">
+        <entry file="file://$PROJECT_DIR$/syslog-consumer/src/main/java/com/controllers/SyslogController.java">
+          <provider selected="true" editor-type-id="text-editor">
+            <state relative-caret-position="770">
+              <caret line="54" column="22" selection-start-line="54" selection-start-column="18" selection-end-line="54" selection-end-column="22" />
+            </state>
+          </provider>
+        </entry>
+      </file>
+      <file pinned="false" current-in-tab="false">
+        <entry file="jar://$USER_HOME$/.m2/repository/org/springframework/spring-aop/5.3.23/spring-aop-5.3.23.jar!/org/springframework/aop/framework/ReflectiveMethodInvocation.class">
+          <provider selected="true" editor-type-id="text-editor">
+            <state relative-caret-position="748">
+              <caret line="35" column="66" selection-start-line="35" selection-start-column="66" selection-end-line="35" selection-end-column="66" />
+            </state>
+          </provider>
+        </entry>
+      </file>
+      <file pinned="false" current-in-tab="false">
+        <entry file="file://$PROJECT_DIR$/syslog-consumer/src/main/java/com/common/service/SyslogNormalDataService.java">
+          <provider selected="true" editor-type-id="text-editor">
+            <state relative-caret-position="880">
+              <caret line="54" column="5" selection-start-line="54" selection-start-column="5" selection-end-line="54" selection-end-column="5" />
+            </state>
+          </provider>
+        </entry>
+      </file>
+      <file pinned="false" current-in-tab="false">
+        <entry file="jar://$USER_HOME$/.m2/repository/org/springframework/spring-core/5.3.23/spring-core-5.3.23.jar!/org/springframework/cglib/proxy/MethodProxy.class">
+          <provider selected="true" editor-type-id="text-editor">
+            <state relative-caret-position="704">
+              <caret line="33" column="110" selection-start-line="33" selection-start-column="110" selection-end-line="33" selection-end-column="110" />
+            </state>
+          </provider>
+        </entry>
+      </file>
+    </leaf>
+  </component>
+  <component name="FileTemplateManagerImpl">
+    <option name="RECENT_TEMPLATES">
+      <list>
+        <option value="Interface" />
+        <option value="Class" />
+      </list>
+    </option>
+  </component>
+  <component name="FindInProjectRecents">
+    <findStrings>
+      <find>getMessagesByIdsAndCreatedAts</find>
+      <find>createdAts</find>
+      <find>UuidBatchRequest</find>
+      <find>attack_result</find>
+      <find>determineAttackResult</find>
+      <find>deviceDevice</find>
+      <find>DeviceReceiveLog</find>
+      <find>deviceIp</find>
+      <find>log_id</find>
+      <find>processApiResponse</find>
+      <find>处理API响应异常</find>
+      <find>未检测到告警</find>
+      <find>callAlgorithmApi</find>
+      <find>result</find>
+      <find>attackPorts</find>
+      <find>main</find>
+      <find>开始执行访问日志告警处理任务</find>
+      <find>SaveNormalData</find>
+      <find>SaveNonNormalMessage</find>
+      <find>Failed to Push syslog message</find>
+      <find>saveDeviceReceiveLog</find>
+      <find>DeviceCollectTask</find>
+      <find>lastFailTime</find>
+      <find>lastFailedTime</find>
+      <find>batchUpdateTimes</find>
+      <find>save</find>
+      <find>json</find>
+      <find>data_type:json</find>
+      <find>event_level</find>
+      <find>OrginalColumnMap</find>
+    </findStrings>
+    <replaceStrings>
+      <replace>public</replace>
+      <replace>com.common</replace>
+      <replace>syslog_normal_alarm</replace>
+    </replaceStrings>
+  </component>
+  <component name="IdeDocumentHistory">
+    <option name="CHANGED_PATHS">
+      <list>
+        <option value="$PROJECT_DIR$/syslog-consumer/src/main/java/com/controllers/SyslogController.java" />
+        <option value="$PROJECT_DIR$/syslog-consumer/docker_run.txt" />
+        <option value="$PROJECT_DIR$/syslog-serve/src/main/java/com/common/mapper/DeviceReceiveLogMapper.java" />
+        <option value="$PROJECT_DIR$/syslog-serve/src/main/java/com/common/service/DeviceReceiveLogService.java" />
+        <option value="$PROJECT_DIR$/syslog-serve/pom.xml" />
+        <option value="$PROJECT_DIR$/syslog-serve/src/main/java/com/common/service/impl/DeviceReceiveLogServiceImpl.java" />
+        <option value="$PROJECT_DIR$/syslog-serve/src/main/java/com/haobang/util/DeviceInfoUtil.java" />
+        <option value="$PROJECT_DIR$/syslog-serve/src/main/java/com/kafka/kafkaProducer.java" />
+        <option value="$PROJECT_DIR$/syslog-consumer/pom.xml" />
+        <option value="$PROJECT_DIR$/syslog-consumer/src/main/java/com/controllers/CacheController.java" />
+        <option value="$PROJECT_DIR$/syslog-consumer/src/main/java/com/common/service/IncrementalUpdateService.java" />
+        <option value="$PROJECT_DIR$/syslog-consumer/src/main/java/com/common/entity/DeviceStatsDTO.java" />
+        <option value="$PROJECT_DIR$/syslog-consumer/src/main/resources/mapper/DeviceReceiveLogMapper.xml" />
+        <option value="$PROJECT_DIR$/syslog-serve/stop-syslog-serve.sh" />
+        <option value="$PROJECT_DIR$/syslog-serve/start-syslog-serve.sh" />
+        <option value="$PROJECT_DIR$/syslog-serve/src/main/resources/application-prod-zc.properties" />
+        <option value="$PROJECT_DIR$/syslog-serve/docker_run.txt" />
+        <option value="$PROJECT_DIR$/syslog-consumer/src/main/java/com/common/entity/SyslogNormalData.java" />
+        <option value="$PROJECT_DIR$/syslog-consumer/src/main/java/com/common/entity/SecExceptionAlgorithm.java" />
+        <option value="$PROJECT_DIR$/syslog-consumer/src/main/java/com/common/mapper/SecExceptionAlgorithmMapper.java" />
+        <option value="$PROJECT_DIR$/syslog-consumer/src/main/resources/mapper/SecExceptionAlgorithmMapper.xml" />
+        <option value="$PROJECT_DIR$/syslog-consumer/src/main/java/com/Modules/etl/handler/TimestamptzTypeHandler.java" />
+        <option value="$PROJECT_DIR$/syslog-consumer/src/main/resources/mapper/SyslogNormalDataMapper.xml" />
+        <option value="$PROJECT_DIR$/syslog-consumer/src/main/java/com/common/util/AlgorithmResultParser.java" />
+        <option value="$PROJECT_DIR$/syslog-consumer/src/main/java/com/config/RestTemplateConfig.java" />
+        <option value="$PROJECT_DIR$/syslog-consumer/src/main/java/com/common/service/AccessLogAlertService.java" />
+        <option value="$PROJECT_DIR$/syslog-consumer/src/main/java/com/common/entity/Alarm.java" />
+        <option value="$PROJECT_DIR$/syslog-consumer/src/main/java/com/common/entity/AlarmVisit.java" />
+        <option value="$PROJECT_DIR$/syslog-consumer/src/main/java/com/common/service/DataTransformer.java" />
+        <option value="$PROJECT_DIR$/syslog-consumer/src/main/java/com/common/entity/GroupedSyslogData.java" />
+        <option value="$PROJECT_DIR$/syslog-consumer/src/main/java/com/common/mapper/SyslogNormalDataMapper.java" />
+        <option value="$PROJECT_DIR$/syslog-consumer/src/main/java/com/common/mapper/AlarmMapper.java" />
+        <option value="$PROJECT_DIR$/syslog-consumer/src/main/java/com/common/mapper/AlarmVisitMapper.java" />
+        <option value="$PROJECT_DIR$/syslog-serve/src/main/resources/application.properties" />
+        <option value="$PROJECT_DIR$/syslog-serve/src/main/resources/mapper/DeviceReceiveLogMapper.xml" />
+        <option value="$PROJECT_DIR$/syslog-serve/src/main/java/com/Modules/Device/DeviceProcess.java" />
+        <option value="$PROJECT_DIR$/syslog-serve/src/main/java/com/netty/SyslogMessageHandler.java" />
+        <option value="$PROJECT_DIR$/syslog-serve/src/main/java/com/common/entity/DeviceReceiveLog.java" />
+        <option value="$PROJECT_DIR$/syslog-consumer/src/main/java/com/common/entity/DeviceReceiveLog.java" />
+        <option value="$PROJECT_DIR$/syslog-consumer/src/main/java/com/common/entity/DeviceCollectTaskTime.java" />
+        <option value="$PROJECT_DIR$/syslog-consumer/src/main/java/com/common/mapper/DeviceReceiveLogMapper.java" />
+        <option value="$PROJECT_DIR$/syslog-consumer/src/main/java/com/common/service/DeviceStatsUpdateService.java" />
+        <option value="$PROJECT_DIR$/syslog-consumer/src/main/java/com/common/service/DeviceCollectTaskUpdateService.java" />
+        <option value="$PROJECT_DIR$/syslog-consumer/src/main/java/com/common/mapper/DeviceCollectTaskMapper.java" />
+        <option value="$PROJECT_DIR$/syslog-consumer/src/main/java/com/config/ThreadPoolConfig.java" />
+        <option value="$PROJECT_DIR$/syslog-consumer/src/main/java/com/common/schedule/ETLOrchestrator.java" />
+        <option value="$PROJECT_DIR$/syslog-consumer/src/main/java/com/common/service/impl/DeviceReceiveLogServiceImpl.java" />
+        <option value="$PROJECT_DIR$/syslog-consumer/src/main/java/com/common/mapper/SyslogNormalAlarmMapper.java" />
+        <option value="$PROJECT_DIR$/syslog-consumer/src/main/java/com/Modules/NormalData/LogNormalProcessor.java" />
+        <option value="$PROJECT_DIR$/syslog-consumer/src/main/java/com/common/service/SyslogNormalDataService.java" />
+        <option value="$PROJECT_DIR$/syslog-consumer/src/main/resources/application.properties" />
+      </list>
+    </option>
+  </component>
+  <component name="JsBuildToolGruntFileManager" detection-done="true" sorting="DEFINITION_ORDER" />
+  <component name="JsBuildToolPackageJson" detection-done="true" sorting="DEFINITION_ORDER" />
+  <component name="JsGulpfileManager">
+    <detection-done>true</detection-done>
+    <sorting>DEFINITION_ORDER</sorting>
+  </component>
+  <component name="MavenImportPreferences">
+    <option name="importingSettings">
+      <MavenImportingSettings>
+        <option name="importAutomatically" value="true" />
+      </MavenImportingSettings>
+    </option>
+  </component>
+  <component name="MavenProjectNavigator">
+    <treeState>
+      <expand>
+        <path>
+          <item name="" type="16c1761:MavenProjectsStructure$RootNode" />
+          <item name="security-xdr" type="9519ce18:MavenProjectsStructure$ProjectNode" />
+        </path>
+        <path>
+          <item name="" type="16c1761:MavenProjectsStructure$RootNode" />
+          <item name="security-xdr" type="9519ce18:MavenProjectsStructure$ProjectNode" />
+          <item name="Lifecycle" type="58874e2:MavenProjectsStructure$LifecycleNode" />
+        </path>
+        <path>
+          <item name="" type="16c1761:MavenProjectsStructure$RootNode" />
+          <item name="syslog-consumer" type="9519ce18:MavenProjectsStructure$ProjectNode" />
+        </path>
+        <path>
+          <item name="" type="16c1761:MavenProjectsStructure$RootNode" />
+          <item name="syslog-consumer" type="9519ce18:MavenProjectsStructure$ProjectNode" />
+          <item name="Lifecycle" type="58874e2:MavenProjectsStructure$LifecycleNode" />
+        </path>
+        <path>
+          <item name="" type="16c1761:MavenProjectsStructure$RootNode" />
+          <item name="syslog-serve" type="9519ce18:MavenProjectsStructure$ProjectNode" />
+        </path>
+        <path>
+          <item name="" type="16c1761:MavenProjectsStructure$RootNode" />
+          <item name="syslog-serve" type="9519ce18:MavenProjectsStructure$ProjectNode" />
+          <item name="Lifecycle" type="58874e2:MavenProjectsStructure$LifecycleNode" />
+        </path>
+      </expand>
+      <select />
+    </treeState>
+  </component>
+  <component name="ProjectFrameBounds" extendedState="6">
+    <option name="x" value="-8" />
+    <option name="y" value="-8" />
+    <option name="width" value="1534" />
+    <option name="height" value="963" />
+  </component>
+  <component name="ProjectView">
+    <navigator proportions="" version="1">
+      <foldersAlwaysOnTop value="true" />
+    </navigator>
+    <panes>
+      <pane id="ProjectPane">
+        <subPane>
+          <expand>
+            <path>
+              <item name="haobang-security-xdr" type="b2602c69:ProjectViewProjectNode" />
+              <item name="haobang-security-xdr" type="462c0819:PsiDirectoryNode" />
+            </path>
+            <path>
+              <item name="haobang-security-xdr" type="b2602c69:ProjectViewProjectNode" />
+              <item name="haobang-security-xdr" type="462c0819:PsiDirectoryNode" />
+              <item name="syslog-consumer" type="462c0819:PsiDirectoryNode" />
+            </path>
+            <path>
+              <item name="haobang-security-xdr" type="b2602c69:ProjectViewProjectNode" />
+              <item name="haobang-security-xdr" type="462c0819:PsiDirectoryNode" />
+              <item name="syslog-consumer" type="462c0819:PsiDirectoryNode" />
+              <item name="src" type="462c0819:PsiDirectoryNode" />
+            </path>
+            <path>
+              <item name="haobang-security-xdr" type="b2602c69:ProjectViewProjectNode" />
+              <item name="haobang-security-xdr" type="462c0819:PsiDirectoryNode" />
+              <item name="syslog-consumer" type="462c0819:PsiDirectoryNode" />
+              <item name="src" type="462c0819:PsiDirectoryNode" />
+              <item name="main" type="462c0819:PsiDirectoryNode" />
+            </path>
+            <path>
+              <item name="haobang-security-xdr" type="b2602c69:ProjectViewProjectNode" />
+              <item name="haobang-security-xdr" type="462c0819:PsiDirectoryNode" />
+              <item name="syslog-consumer" type="462c0819:PsiDirectoryNode" />
+              <item name="src" type="462c0819:PsiDirectoryNode" />
+              <item name="main" type="462c0819:PsiDirectoryNode" />
+              <item name="java" type="462c0819:PsiDirectoryNode" />
+            </path>
+            <path>
+              <item name="haobang-security-xdr" type="b2602c69:ProjectViewProjectNode" />
+              <item name="haobang-security-xdr" type="462c0819:PsiDirectoryNode" />
+              <item name="syslog-consumer" type="462c0819:PsiDirectoryNode" />
+              <item name="src" type="462c0819:PsiDirectoryNode" />
+              <item name="main" type="462c0819:PsiDirectoryNode" />
+              <item name="java" type="462c0819:PsiDirectoryNode" />
+              <item name="com" type="462c0819:PsiDirectoryNode" />
+            </path>
+            <path>
+              <item name="haobang-security-xdr" type="b2602c69:ProjectViewProjectNode" />
+              <item name="haobang-security-xdr" type="462c0819:PsiDirectoryNode" />
+              <item name="syslog-consumer" type="462c0819:PsiDirectoryNode" />
+              <item name="src" type="462c0819:PsiDirectoryNode" />
+              <item name="main" type="462c0819:PsiDirectoryNode" />
+              <item name="java" type="462c0819:PsiDirectoryNode" />
+              <item name="com" type="462c0819:PsiDirectoryNode" />
+              <item name="common" type="462c0819:PsiDirectoryNode" />
+            </path>
+            <path>
+              <item name="haobang-security-xdr" type="b2602c69:ProjectViewProjectNode" />
+              <item name="haobang-security-xdr" type="462c0819:PsiDirectoryNode" />
+              <item name="syslog-consumer" type="462c0819:PsiDirectoryNode" />
+              <item name="src" type="462c0819:PsiDirectoryNode" />
+              <item name="main" type="462c0819:PsiDirectoryNode" />
+              <item name="java" type="462c0819:PsiDirectoryNode" />
+              <item name="com" type="462c0819:PsiDirectoryNode" />
+              <item name="common" type="462c0819:PsiDirectoryNode" />
+              <item name="mapper" type="462c0819:PsiDirectoryNode" />
+            </path>
+            <path>
+              <item name="haobang-security-xdr" type="b2602c69:ProjectViewProjectNode" />
+              <item name="haobang-security-xdr" type="462c0819:PsiDirectoryNode" />
+              <item name="syslog-consumer" type="462c0819:PsiDirectoryNode" />
+              <item name="src" type="462c0819:PsiDirectoryNode" />
+              <item name="main" type="462c0819:PsiDirectoryNode" />
+              <item name="java" type="462c0819:PsiDirectoryNode" />
+              <item name="com" type="462c0819:PsiDirectoryNode" />
+              <item name="common" type="462c0819:PsiDirectoryNode" />
+              <item name="schedule" type="462c0819:PsiDirectoryNode" />
+            </path>
+            <path>
+              <item name="haobang-security-xdr" type="b2602c69:ProjectViewProjectNode" />
+              <item name="haobang-security-xdr" type="462c0819:PsiDirectoryNode" />
+              <item name="syslog-consumer" type="462c0819:PsiDirectoryNode" />
+              <item name="src" type="462c0819:PsiDirectoryNode" />
+              <item name="main" type="462c0819:PsiDirectoryNode" />
+              <item name="java" type="462c0819:PsiDirectoryNode" />
+              <item name="com" type="462c0819:PsiDirectoryNode" />
+              <item name="common" type="462c0819:PsiDirectoryNode" />
+              <item name="service" type="462c0819:PsiDirectoryNode" />
+            </path>
+            <path>
+              <item name="haobang-security-xdr" type="b2602c69:ProjectViewProjectNode" />
+              <item name="haobang-security-xdr" type="462c0819:PsiDirectoryNode" />
+              <item name="syslog-consumer" type="462c0819:PsiDirectoryNode" />
+              <item name="src" type="462c0819:PsiDirectoryNode" />
+              <item name="main" type="462c0819:PsiDirectoryNode" />
+              <item name="java" type="462c0819:PsiDirectoryNode" />
+              <item name="com" type="462c0819:PsiDirectoryNode" />
+              <item name="common" type="462c0819:PsiDirectoryNode" />
+              <item name="service" type="462c0819:PsiDirectoryNode" />
+              <item name="impl" type="462c0819:PsiDirectoryNode" />
+            </path>
+            <path>
+              <item name="haobang-security-xdr" type="b2602c69:ProjectViewProjectNode" />
+              <item name="haobang-security-xdr" type="462c0819:PsiDirectoryNode" />
+              <item name="syslog-consumer" type="462c0819:PsiDirectoryNode" />
+              <item name="src" type="462c0819:PsiDirectoryNode" />
+              <item name="main" type="462c0819:PsiDirectoryNode" />
+              <item name="java" type="462c0819:PsiDirectoryNode" />
+              <item name="com" type="462c0819:PsiDirectoryNode" />
+              <item name="controllers" type="462c0819:PsiDirectoryNode" />
+            </path>
+            <path>
+              <item name="haobang-security-xdr" type="b2602c69:ProjectViewProjectNode" />
+              <item name="haobang-security-xdr" type="462c0819:PsiDirectoryNode" />
+              <item name="syslog-consumer" type="462c0819:PsiDirectoryNode" />
+              <item name="src" type="462c0819:PsiDirectoryNode" />
+              <item name="main" type="462c0819:PsiDirectoryNode" />
+              <item name="java" type="462c0819:PsiDirectoryNode" />
+              <item name="com" type="462c0819:PsiDirectoryNode" />
+              <item name="kafka" type="462c0819:PsiDirectoryNode" />
+            </path>
+            <path>
+              <item name="haobang-security-xdr" type="b2602c69:ProjectViewProjectNode" />
+              <item name="haobang-security-xdr" type="462c0819:PsiDirectoryNode" />
+              <item name="syslog-consumer" type="462c0819:PsiDirectoryNode" />
+              <item name="src" type="462c0819:PsiDirectoryNode" />
+              <item name="main" type="462c0819:PsiDirectoryNode" />
+              <item name="java" type="462c0819:PsiDirectoryNode" />
+              <item name="com" type="462c0819:PsiDirectoryNode" />
+              <item name="Modules" type="462c0819:PsiDirectoryNode" />
+            </path>
+            <path>
+              <item name="haobang-security-xdr" type="b2602c69:ProjectViewProjectNode" />
+              <item name="haobang-security-xdr" type="462c0819:PsiDirectoryNode" />
+              <item name="syslog-consumer" type="462c0819:PsiDirectoryNode" />
+              <item name="src" type="462c0819:PsiDirectoryNode" />
+              <item name="main" type="462c0819:PsiDirectoryNode" />
+              <item name="java" type="462c0819:PsiDirectoryNode" />
+              <item name="com" type="462c0819:PsiDirectoryNode" />
+              <item name="Modules" type="462c0819:PsiDirectoryNode" />
+              <item name="NormalData" type="462c0819:PsiDirectoryNode" />
+            </path>
+            <path>
+              <item name="haobang-security-xdr" type="b2602c69:ProjectViewProjectNode" />
+              <item name="haobang-security-xdr" type="462c0819:PsiDirectoryNode" />
+              <item name="syslog-consumer" type="462c0819:PsiDirectoryNode" />
+              <item name="src" type="462c0819:PsiDirectoryNode" />
+              <item name="main" type="462c0819:PsiDirectoryNode" />
+              <item name="resources" type="462c0819:PsiDirectoryNode" />
+            </path>
+            <path>
+              <item name="haobang-security-xdr" type="b2602c69:ProjectViewProjectNode" />
+              <item name="haobang-security-xdr" type="462c0819:PsiDirectoryNode" />
+              <item name="syslog-consumer" type="462c0819:PsiDirectoryNode" />
+              <item name="src" type="462c0819:PsiDirectoryNode" />
+              <item name="main" type="462c0819:PsiDirectoryNode" />
+              <item name="resources" type="462c0819:PsiDirectoryNode" />
+              <item name="mapper" type="462c0819:PsiDirectoryNode" />
+            </path>
+            <path>
+              <item name="haobang-security-xdr" type="b2602c69:ProjectViewProjectNode" />
+              <item name="haobang-security-xdr" type="462c0819:PsiDirectoryNode" />
+              <item name="syslog-serve" type="462c0819:PsiDirectoryNode" />
+            </path>
+          </expand>
+          <select />
+        </subPane>
+      </pane>
+      <pane id="PackagesPane" />
+      <pane id="Scope" />
+    </panes>
+  </component>
+  <component name="PropertiesComponent">
+    <property name="RequestMappingsPanelOrder0" value="0" />
+    <property name="RequestMappingsPanelOrder1" value="1" />
+    <property name="RequestMappingsPanelWidth0" value="75" />
+    <property name="RequestMappingsPanelWidth1" value="75" />
+    <property name="WebServerToolWindowFactoryState" value="false" />
+    <property name="aspect.path.notification.shown" value="true" />
+    <property name="com.android.tools.idea.instantapp.provision.ProvisionBeforeRunTaskProvider.myTimeStamp" value="1768028996967" />
+    <property name="last_opened_file_path" value="$PROJECT_DIR$" />
+    <property name="nodejs_interpreter_path.stuck_in_default_project" value="undefined stuck path" />
+    <property name="nodejs_npm_path_reset_for_default_project" value="true" />
+    <property name="project.structure.last.edited" value="Modules" />
+    <property name="project.structure.proportion" value="0.15" />
+    <property name="project.structure.side.proportion" value="0.2" />
+    <property name="settings.editor.selected.configurable" value="configurable.group.language" />
+  </component>
+  <component name="RecentsManager">
+    <key name="MoveClassesOrPackagesDialog.RECENTS_KEY">
+      <recent name="com.haobang" />
+      <recent name="com.haobang.syslog" />
+      <recent name="com" />
+    </key>
+    <key name="CopyFile.RECENT_KEYS">
+      <recent name="E:\GIT_GOSAME\haobang-security-xdr\syslog-consumer\src\main\resources\mapper" />
+      <recent name="E:\GIT_GOSAME\haobang-security-xdr\syslog-serve\src\main\resources" />
+      <recent name="E:\GIT_GOSAME\haobang-security-xdr\syslog-consumer\src\main\resources" />
+      <recent name="E:\GIT_GOSAME\haobang-security-xdr\syslog-consumer\src\main\java\com\config" />
+    </key>
+    <key name="CopyClassDialog.RECENTS_KEY">
+      <recent name="com.controllers" />
+      <recent name="com.common.mapper" />
+      <recent name="com.common.entity" />
+      <recent name="com.common.controller" />
+    </key>
+    <key name="MoveFile.RECENT_KEYS">
+      <recent name="E:\GIT_GOSAME\haobang-security-xdr\syslog-consumer" />
+    </key>
+  </component>
+  <component name="RunDashboard">
+    <option name="configurationTypes">
+      <set>
+        <option value="SpringBootApplicationConfigurationType" />
+      </set>
+    </option>
+    <option name="ruleStates">
+      <list>
+        <RuleState>
+          <option name="name" value="ConfigurationTypeDashboardGroupingRule" />
+        </RuleState>
+        <RuleState>
+          <option name="name" value="StatusDashboardGroupingRule" />
+        </RuleState>
+      </list>
+    </option>
+    <option name="contentProportion" value="0.18398269" />
+  </component>
+  <component name="RunManager" selected="Spring Boot.syslogApplication">
+    <configuration name="ETLOrchestrator" type="Application" factoryName="Application" temporary="true" nameIsGenerated="true">
+      <option name="MAIN_CLASS_NAME" value="com.common.schedule.ETLOrchestrator" />
+      <module name="syslogconsumer" />
+      <extension name="coverage">
+        <pattern>
+          <option name="PATTERN" value="com.common.schedule.*" />
+          <option name="ENABLED" value="true" />
+        </pattern>
+      </extension>
+      <method v="2">
+        <option name="Make" enabled="true" />
+      </method>
+    </configuration>
+    <configuration name="NestedJsonParserUtil" type="Application" factoryName="Application" temporary="true" nameIsGenerated="true">
+      <option name="MAIN_CLASS_NAME" value="com.common.util.NestedJsonParserUtil" />
+      <module name="syslogconsumer" />
+      <extension name="coverage">
+        <pattern>
+          <option name="PATTERN" value="com.common.util.*" />
+          <option name="ENABLED" value="true" />
+        </pattern>
+      </extension>
+      <method v="2">
+        <option name="Make" enabled="true" />
+      </method>
+    </configuration>
+    <configuration name="logNormalData" type="Application" factoryName="Application" temporary="true" nameIsGenerated="true">
+      <option name="MAIN_CLASS_NAME" value="com.Modules.NormalData.logNormalData" />
+      <module name="syslogconsumer" />
+      <extension name="coverage">
+        <pattern>
+          <option name="PATTERN" value="com.Modules.NormalData.*" />
+          <option name="ENABLED" value="true" />
+        </pattern>
+      </extension>
+      <method v="2">
+        <option name="Make" enabled="true" />
+      </method>
+    </configuration>
+    <configuration name="SyslogServeMainApp" type="SpringBootApplicationConfigurationType" factoryName="Spring Boot">
+      <module name="syslog-serve" />
+      <option name="SPRING_BOOT_MAIN_CLASS" value="com.SyslogServeMainApp" />
+      <method v="2">
+        <option name="Make" enabled="true" />
+      </method>
+    </configuration>
+    <configuration name="syslogApplication" type="SpringBootApplicationConfigurationType" factoryName="Spring Boot" temporary="true" nameIsGenerated="true">
+      <module name="syslogconsumer" />
+      <extension name="coverage">
+        <pattern>
+          <option name="PATTERN" value="com.*" />
+          <option name="ENABLED" value="true" />
+        </pattern>
+      </extension>
+      <option name="SPRING_BOOT_MAIN_CLASS" value="com.syslogApplication" />
+      <method v="2">
+        <option name="Make" enabled="true" />
+      </method>
+    </configuration>
+    <configuration name="syslogClientApplication" type="SpringBootApplicationConfigurationType" factoryName="Spring Boot" temporary="true" nameIsGenerated="true">
+      <module name="syslog-client" />
+      <extension name="coverage">
+        <pattern>
+          <option name="PATTERN" value="com.haobang.syslog.*" />
+          <option name="ENABLED" value="true" />
+        </pattern>
+      </extension>
+      <option name="SPRING_BOOT_MAIN_CLASS" value="com.haobang.syslog.syslogClientApplication" />
+      <method v="2">
+        <option name="Make" enabled="true" />
+      </method>
+    </configuration>
+    <list>
+      <item itemvalue="Spring Boot.SyslogServeMainApp" />
+      <item itemvalue="Spring Boot.syslogClientApplication" />
+      <item itemvalue="Application.logNormalData" />
+      <item itemvalue="Application.NestedJsonParserUtil" />
+      <item itemvalue="Spring Boot.syslogApplication" />
+      <item itemvalue="Application.ETLOrchestrator" />
+    </list>
+    <recent_temporary>
+      <list>
+        <item itemvalue="Spring Boot.syslogApplication" />
+        <item itemvalue="Application.ETLOrchestrator" />
+        <item itemvalue="Spring Boot.syslogClientApplication" />
+        <item itemvalue="Application.NestedJsonParserUtil" />
+        <item itemvalue="Application.logNormalData" />
+      </list>
+    </recent_temporary>
+  </component>
+  <component name="SvnConfiguration">
+    <configuration />
+  </component>
+  <component name="TaskManager">
+    <task active="true" id="Default" summary="Default task">
+      <changelist id="eb21a6b1-6c26-4bc8-8602-0235369162f3" name="Default Changelist" comment="" />
+      <created>1758276742227</created>
+      <option name="number" value="Default" />
+      <option name="presentableId" value="Default" />
+      <updated>1758276742227</updated>
+      <workItem from="1758276746141" duration="259000" />
+      <workItem from="1758277067960" duration="1364000" />
+      <workItem from="1758511137308" duration="20585000" />
+      <workItem from="1758592191333" duration="17909000" />
+      <workItem from="1758682038351" duration="18558000" />
+      <workItem from="1758764873416" duration="4684000" />
+      <workItem from="1758867229918" duration="7465000" />
+      <workItem from="1759204088585" duration="3992000" />
+      <workItem from="1759798820189" duration="3392000" />
+      <workItem from="1759820157609" duration="23803000" />
+      <workItem from="1759933372516" duration="7273000" />
+      <workItem from="1759962655639" duration="874000" />
+      <workItem from="1759963544747" duration="2716000" />
+      <workItem from="1759975140530" duration="3833000" />
+      <workItem from="1759991867803" duration="18420000" />
+      <workItem from="1760064560162" duration="18286000" />
+      <workItem from="1760148364925" duration="12245000" />
+      <workItem from="1760167363654" duration="7977000" />
+      <workItem from="1760176581991" duration="922000" />
+      <workItem from="1760177567900" duration="1472000" />
+      <workItem from="1760179659392" duration="6336000" />
+      <workItem from="1760259063290" duration="35743000" />
+      <workItem from="1760295161050" duration="27902000" />
+      <workItem from="1760347598192" duration="14651000" />
+      <workItem from="1760408427864" duration="9644000" />
+      <workItem from="1760425196746" duration="11264000" />
+      <workItem from="1760496709392" duration="1821000" />
+      <workItem from="1760510397098" duration="2175000" />
+      <workItem from="1760512988930" duration="1992000" />
+      <workItem from="1760515461277" duration="7414000" />
+      <workItem from="1760580263984" duration="12389000" />
+      <workItem from="1760627209229" duration="1887000" />
+      <workItem from="1760667244914" duration="19925000" />
+      <workItem from="1760927651961" duration="22470000" />
+      <workItem from="1761013436658" duration="39389000" />
+      <workItem from="1761185226653" duration="2631000" />
+      <workItem from="1761190499973" duration="1029000" />
+      <workItem from="1761200763809" duration="11177000" />
+      <workItem from="1761265436617" duration="13200000" />
+      <workItem from="1761354878622" duration="10105000" />
+      <workItem from="1761494130540" duration="846000" />
+      <workItem from="1761530142859" duration="15360000" />
+      <workItem from="1761619970188" duration="12208000" />
+      <workItem from="1761670412895" duration="996000" />
+      <workItem from="1761750897668" duration="9603000" />
+      <workItem from="1761826396266" duration="660000" />
+      <workItem from="1761875475176" duration="36184000" />
+      <workItem from="1761927534647" duration="4124000" />
+      <workItem from="1762050735183" duration="31942000" />
+      <workItem from="1762133372679" duration="2291000" />
+      <workItem from="1762152565204" duration="22962000" />
+      <workItem from="1762226843947" duration="21344000" />
+      <workItem from="1762312414639" duration="16704000" />
+      <workItem from="1762420602808" duration="9901000" />
+      <workItem from="1762495906811" duration="1032000" />
+      <workItem from="1764212378350" duration="56000" />
+      <workItem from="1764212468399" duration="14276000" />
+      <workItem from="1764297436632" duration="17900000" />
+      <workItem from="1764559718850" duration="12509000" />
+      <workItem from="1764639521041" duration="7183000" />
+      <workItem from="1764728462174" duration="14084000" />
+      <workItem from="1764776704840" duration="1221000" />
+      <workItem from="1764829783949" duration="9268000" />
+      <workItem from="1764860545796" duration="3362000" />
+      <workItem from="1764901250011" duration="4934000" />
+      <workItem from="1765031683494" duration="2407000" />
+      <workItem from="1765037560769" duration="5295000" />
+      <workItem from="1765176199825" duration="9450000" />
+      <workItem from="1765261397254" duration="8228000" />
+      <workItem from="1765348103333" duration="17830000" />
+      <workItem from="1765417552565" duration="7826000" />
+      <workItem from="1765437844255" duration="1077000" />
+      <workItem from="1765443789195" duration="19428000" />
+      <workItem from="1765592691585" duration="6964000" />
+      <workItem from="1765765527073" duration="16236000" />
+      <workItem from="1765856612753" duration="1981000" />
+      <workItem from="1765870535749" duration="10216000" />
+      <workItem from="1765938092393" duration="18046000" />
+      <workItem from="1765985883538" duration="5304000" />
+      <workItem from="1766031823168" duration="5835000" />
+      <workItem from="1766109637725" duration="688000" />
+      <workItem from="1766132167427" duration="4061000" />
+      <workItem from="1766373790249" duration="21330000" />
+      <workItem from="1766628536152" duration="11265000" />
+      <workItem from="1766716288858" duration="14755000" />
+      <workItem from="1766812037008" duration="1439000" />
+      <workItem from="1766975290108" duration="4196000" />
+      <workItem from="1766989206839" duration="12927000" />
+      <workItem from="1767065627715" duration="11461000" />
+      <workItem from="1767152141464" duration="6840000" />
+      <workItem from="1767583717115" duration="21213000" />
+      <workItem from="1767669101322" duration="15567000" />
+      <workItem from="1767767645603" duration="883000" />
+      <workItem from="1767837317244" duration="1469000" />
+      <workItem from="1767925109318" duration="16792000" />
+      <workItem from="1768022297493" duration="5742000" />
+      <workItem from="1768115034577" duration="297000" />
+      <workItem from="1768115372655" duration="32000" />
+    </task>
+    <servers />
+  </component>
+  <component name="TestHistory">
+    <history-entry file="DmNormalizeRuleServiceTest_testTransaction - 2025.10.08 at 18h 32m 23s.xml">
+      <configuration name="DmNormalizeRuleServiceTest.testTransaction" configurationId="JUnit" />
+    </history-entry>
+    <history-entry file="DmNormalizeRuleServiceTest_testTransaction - 2025.10.08 at 18h 52m 32s.xml">
+      <configuration name="DmNormalizeRuleServiceTest.testTransaction" configurationId="JUnit" />
+    </history-entry>
+    <history-entry file="DmNormalizeRuleServiceTest_testTransaction - 2025.10.08 at 18h 53m 44s.xml">
+      <configuration name="DmNormalizeRuleServiceTest.testTransaction" configurationId="JUnit" />
+    </history-entry>
+    <history-entry file="DmNormalizeRuleServiceTest_testTransaction - 2025.10.08 at 18h 55m 05s.xml">
+      <configuration name="DmNormalizeRuleServiceTest.testTransaction" configurationId="JUnit" />
+    </history-entry>
+    <history-entry file="DmNormalizeRuleServiceTest_testTransaction - 2025.10.08 at 22h 53m 53s.xml">
+      <configuration name="DmNormalizeRuleServiceTest.testTransaction" configurationId="JUnit" />
+    </history-entry>
+    <history-entry file="DmNormalizeRuleServiceTest_testTransaction - 2025.10.08 at 22h 53m 56s.xml">
+      <configuration name="DmNormalizeRuleServiceTest.testTransaction" configurationId="JUnit" />
+    </history-entry>
+    <history-entry file="DmNormalizeRuleServiceTest_testService - 2025.10.12 at 21h 09m 23s.xml">
+      <configuration name="DmNormalizeRuleServiceTest.testService" configurationId="JUnit" />
+    </history-entry>
+    <history-entry file="DmNormalizeRuleServiceTest - 2025.10.13 at 02h 11m 49s.xml">
+      <configuration name="DmNormalizeRuleServiceTest" configurationId="JUnit" />
+    </history-entry>
+    <history-entry file="DmNormalizeRuleServiceTest_testTransaction - 2025.10.13 at 02h 12m 21s.xml">
+      <configuration name="DmNormalizeRuleServiceTest.testTransaction" configurationId="JUnit" />
+    </history-entry>
+    <history-entry file="DmNormalizeRuleServiceTest_testTransaction - 2025.10.13 at 02h 13m 50s.xml">
+      <configuration name="DmNormalizeRuleServiceTest.testTransaction" configurationId="JUnit" />
+    </history-entry>
+  </component>
+  <component name="TimeTrackingManager">
+    <option name="totallyTimeSpent" value="987203000" />
+  </component>
+  <component name="TodoView">
+    <todo-panel id="selected-file">
+      <is-autoscroll-to-source value="true" />
+    </todo-panel>
+    <todo-panel id="all">
+      <are-packages-shown value="true" />
+      <is-autoscroll-to-source value="true" />
+    </todo-panel>
+  </component>
+  <component name="ToolWindowManager">
+    <frame x="-8" y="-8" width="1936" height="1048" extended-state="6" />
+    <editor active="true" />
+    <layout>
+      <window_info active="true" content_ui="combo" id="Project" order="0" sideWeight="0.7047619" visible="true" weight="0.20362474" />
+      <window_info id="Structure" order="1" sideWeight="0.2952381" side_tool="true" weight="0.22068231" />
+      <window_info id="Image Layers" order="2" />
+      <window_info id="Designer" order="3" />
+      <window_info id="UI Designer" order="4" />
+      <window_info id="Capture Tool" order="5" />
+      <window_info id="Favorites" order="6" sideWeight="0.29026216" side_tool="true" weight="0.22867803" />
+      <window_info id="Web" order="7" sideWeight="0.2905983" side_tool="true" weight="0.22867803" />
+      <window_info anchor="bottom" id="Message" order="0" />
+      <window_info anchor="bottom" id="Find" order="1" weight="0.32896176" />
+      <window_info anchor="bottom" id="Run" order="2" sideWeight="0.7942431" visible="true" weight="0.38251367" />
+      <window_info anchor="bottom" id="Debug" order="3" weight="0.3737705" />
+      <window_info anchor="bottom" id="Cvs" order="4" weight="0.25" />
+      <window_info anchor="bottom" id="Inspection" order="5" weight="0.4" />
+      <window_info anchor="bottom" id="TODO" order="6" weight="0.32896176" />
+      <window_info anchor="bottom" id="Version Control" order="7" show_stripe_button="false" />
+      <window_info anchor="bottom" id="Spring" order="8" sideWeight="0.49946696" weight="0.32896176" />
+      <window_info anchor="bottom" id="Database Changes" order="9" show_stripe_button="false" />
+      <window_info anchor="bottom" id="Terminal" order="10" weight="0.32896176" />
+      <window_info anchor="bottom" id="Event Log" order="11" sideWeight="0.1748401" side_tool="true" weight="0.3504823" />
+      <window_info anchor="bottom" id="Messages" order="12" weight="0.33005464" />
+      <window_info anchor="bottom" id="Run Dashboard" order="13" sideWeight="0.8251599" weight="0.35409835" />
+      <window_info anchor="bottom" id="Java Enterprise" order="14" weight="0.3290461" />
+      <window_info anchor="right" id="Commander" internal_type="SLIDING" order="0" type="SLIDING" weight="0.4" />
+      <window_info anchor="right" id="Ant Build" order="1" weight="0.25" />
+      <window_info anchor="right" content_ui="combo" id="Hierarchy" order="2" weight="0.26066098" />
+      <window_info anchor="right" id="Palette" order="3" />
+      <window_info anchor="right" id="Capture Analysis" order="4" />
+      <window_info anchor="right" id="Theme Preview" order="5" />
+      <window_info anchor="right" id="Palette&#9;" order="6" />
+      <window_info anchor="right" id="Database" order="7" weight="0.32971507" />
+      <window_info anchor="right" id="Maven Projects" order="8" sideWeight="0.49861878" visible="true" weight="0.16204691" />
+      <window_info anchor="right" id="Coverage" order="9" sideWeight="0.5013812" side_tool="true" visible="true" weight="0.13219616" />
+      <window_info anchor="right" id="Bean Validation" order="10" weight="0.20788912" />
+    </layout>
+    <layout-to-restore>
+      <window_info active="true" content_ui="combo" id="Project" order="0" sideWeight="0.7047619" visible="true" weight="0.19989339" />
+      <window_info id="Structure" order="1" sideWeight="0.2952381" side_tool="true" weight="0.22068231" />
+      <window_info id="Image Layers" order="2" />
+      <window_info id="Designer" order="3" />
+      <window_info id="UI Designer" order="4" />
+      <window_info id="Capture Tool" order="5" />
+      <window_info id="Favorites" order="6" sideWeight="0.29026216" side_tool="true" weight="0.22867803" />
+      <window_info id="Web" order="7" sideWeight="0.2905983" side_tool="true" weight="0.22867803" />
+      <window_info anchor="bottom" id="Message" order="0" />
+      <window_info anchor="bottom" id="Find" order="1" weight="0.32896176" />
+      <window_info anchor="bottom" id="Run" order="2" sideWeight="0.7942431" weight="0.52021855" />
+      <window_info anchor="bottom" id="Debug" order="3" weight="0.43944266" />
+      <window_info anchor="bottom" id="Cvs" order="4" weight="0.25" />
+      <window_info anchor="bottom" id="Inspection" order="5" weight="0.4" />
+      <window_info anchor="bottom" id="TODO" order="6" weight="0.3290461" />
+      <window_info anchor="bottom" id="Version Control" order="7" show_stripe_button="false" />
+      <window_info anchor="bottom" id="Spring" order="8" sideWeight="0.49946696" weight="0.3290461" />
+      <window_info anchor="bottom" id="Database Changes" order="9" show_stripe_button="false" />
+      <window_info anchor="bottom" id="Terminal" order="10" weight="0.3290461" />
+      <window_info anchor="bottom" id="Event Log" order="11" sideWeight="0.1748401" side_tool="true" weight="0.3504823" />
+      <window_info anchor="bottom" id="Messages" order="12" weight="0.33005464" />
+      <window_info anchor="bottom" id="Run Dashboard" order="13" sideWeight="0.8251599" weight="0.32786885" />
+      <window_info anchor="bottom" id="Java Enterprise" order="14" weight="0.3290461" />
+      <window_info anchor="right" id="Commander" internal_type="SLIDING" order="0" type="SLIDING" weight="0.4" />
+      <window_info anchor="right" id="Ant Build" order="1" weight="0.25" />
+      <window_info anchor="right" content_ui="combo" id="Hierarchy" order="2" weight="0.26066098" />
+      <window_info anchor="right" id="Palette" order="3" />
+      <window_info anchor="right" id="Capture Analysis" order="4" />
+      <window_info anchor="right" id="Theme Preview" order="5" />
+      <window_info anchor="right" id="Palette&#9;" order="6" />
+      <window_info anchor="right" id="Database" order="7" weight="0.32995737" />
+      <window_info anchor="right" id="Maven Projects" order="8" sideWeight="0.49861878" visible="true" weight="0.16204691" />
+      <window_info anchor="right" id="Coverage" order="9" sideWeight="0.5013812" side_tool="true" visible="true" weight="0.13219616" />
+      <window_info anchor="right" id="Bean Validation" order="10" />
+    </layout-to-restore>
+  </component>
+  <component name="TypeScriptGeneratedFilesManager">
+    <option name="version" value="1" />
+  </component>
+  <component name="VcsContentAnnotationSettings">
+    <option name="myLimit" value="2678400000" />
+  </component>
+  <component name="XDebuggerManager">
+    <breakpoint-manager>
+      <breakpoints>
+        <line-breakpoint enabled="true" type="java-line">
+          <url>file://$PROJECT_DIR$/syslog-consumer/src/main/java/com/influx/InfluxDBClient.java</url>
+          <line>108</line>
+          <properties />
+          <option name="timeStamp" value="20" />
+        </line-breakpoint>
+        <line-breakpoint enabled="true" type="java-line">
+          <url>file://$PROJECT_DIR$/syslog-consumer/src/main/java/com/influx/InfluxDBClient.java</url>
+          <line>107</line>
+          <properties />
+          <option name="timeStamp" value="21" />
+        </line-breakpoint>
+        <line-breakpoint enabled="true" type="java-line">
+          <url>file://$PROJECT_DIR$/syslog-consumer/src/main/java/com/controllers/DmColumnController.java</url>
+          <line>50</line>
+          <properties />
+          <option name="timeStamp" value="61" />
+        </line-breakpoint>
+        <line-breakpoint enabled="true" type="java-line">
+          <url>file://$PROJECT_DIR$/syslog-consumer/src/main/java/com/controllers/DmColumnController.java</url>
+          <line>53</line>
+          <properties />
+          <option name="timeStamp" value="77" />
+        </line-breakpoint>
+        <line-breakpoint enabled="true" type="java-line">
+          <url>file://$PROJECT_DIR$/syslog-consumer/src/main/java/com/Modules/NormalData/logNormalData.java</url>
+          <line>81</line>
+          <properties />
+          <option name="timeStamp" value="104" />
+        </line-breakpoint>
+        <line-breakpoint enabled="true" type="java-line">
+          <url>file://$PROJECT_DIR$/syslog-consumer/src/main/java/com/common/util/NestedJsonParserUtil.java</url>
+          <line>488</line>
+          <properties />
+          <option name="timeStamp" value="111" />
+        </line-breakpoint>
+        <line-breakpoint enabled="true" type="java-line">
+          <url>file://$PROJECT_DIR$/syslog-consumer/src/main/java/com/common/service/LogDataFilterService.java</url>
+          <line>35</line>
+          <properties />
+          <option name="timeStamp" value="155" />
+        </line-breakpoint>
+        <line-breakpoint enabled="true" type="java-line">
+          <url>file://$PROJECT_DIR$/syslog-consumer/src/main/java/com/controllers/GlobalExceptionHandler.java</url>
+          <line>45</line>
+          <properties />
+          <option name="timeStamp" value="182" />
+        </line-breakpoint>
+        <line-breakpoint enabled="true" type="java-line">
+          <url>file://$PROJECT_DIR$/syslog-serve/src/main/java/com/common/service/impl/DeviceUnknownServiceImpl.java</url>
+          <line>69</line>
+          <properties />
+          <option name="timeStamp" value="185" />
+        </line-breakpoint>
+        <line-breakpoint enabled="true" type="java-line">
+          <url>file://$PROJECT_DIR$/syslog-serve/src/main/java/com/netty/SyslogMessageHandler.java</url>
+          <line>53</line>
+          <properties />
+          <option name="timeStamp" value="188" />
+        </line-breakpoint>
+        <line-breakpoint enabled="true" type="java-line">
+          <url>file://$PROJECT_DIR$/syslog-consumer/src/main/java/com/common/service/AccessLogAlertService.java</url>
+          <line>288</line>
+          <properties />
+          <option name="timeStamp" value="194" />
+        </line-breakpoint>
+        <line-breakpoint enabled="true" type="java-line">
+          <url>file://$PROJECT_DIR$/syslog-serve/src/main/java/com/netty/SyslogMessageHandler.java</url>
+          <line>66</line>
+          <properties />
+          <option name="timeStamp" value="199" />
+        </line-breakpoint>
+        <line-breakpoint enabled="true" type="java-line">
+          <url>file://$PROJECT_DIR$/syslog-serve/src/main/java/com/netty/SyslogMessageHandler.java</url>
+          <line>62</line>
+          <properties />
+          <option name="timeStamp" value="200" />
+        </line-breakpoint>
+        <line-breakpoint enabled="true" type="java-line">
+          <url>file://$PROJECT_DIR$/syslog-serve/src/main/java/com/kafka/kafkaProducer.java</url>
+          <line>127</line>
+          <properties />
+          <option name="timeStamp" value="201" />
+        </line-breakpoint>
+        <line-breakpoint enabled="true" type="java-line">
+          <url>file://$PROJECT_DIR$/syslog-consumer/src/main/java/com/common/service/SyslogNormalDataService.java</url>
+          <line>53</line>
+          <properties />
+          <option name="timeStamp" value="215" />
+        </line-breakpoint>
+        <line-breakpoint enabled="true" type="java-line">
+          <url>file://$PROJECT_DIR$/syslog-consumer/src/main/java/com/common/service/SyslogNormalDataService.java</url>
+          <line>49</line>
+          <properties />
+          <option name="timeStamp" value="216" />
+        </line-breakpoint>
+      </breakpoints>
+    </breakpoint-manager>
+  </component>
+  <component name="antWorkspaceConfiguration">
+    <option name="IS_AUTOSCROLL_TO_SOURCE" value="false" />
+    <option name="FILTER_TARGETS" value="false" />
+  </component>
+  <component name="editorHistoryManager">
+    <entry file="file://$PROJECT_DIR$/syslog-consumer/src/main/java/com/common/util/KeyValueParser.java">
+      <provider selected="true" editor-type-id="text-editor">
+        <state relative-caret-position="66">
+          <caret line="6" column="13" selection-start-line="6" selection-start-column="13" selection-end-line="6" selection-end-column="13" />
+        </state>
+      </provider>
+    </entry>
+    <entry file="file://$PROJECT_DIR$/syslog-consumer/src/main/java/com/common/util/JsonParser.java">
+      <provider selected="true" editor-type-id="text-editor">
+        <state relative-caret-position="66">
+          <caret line="16" column="13" selection-start-line="16" selection-start-column="13" selection-end-line="16" selection-end-column="13" />
+        </state>
+      </provider>
+    </entry>
+    <entry file="file://$PROJECT_DIR$/syslog-consumer/src/main/java/com/common/service/SyslogNonNormalMessageService.java">
+      <provider selected="true" editor-type-id="text-editor">
+        <state relative-caret-position="-22">
+          <caret line="12" column="17" selection-start-line="12" selection-start-column="17" selection-end-line="12" selection-end-column="17" />
+        </state>
+      </provider>
+    </entry>
+    <entry file="file://$PROJECT_DIR$/syslog-consumer/src/main/java/com/config/ScheduleConfig.java">
+      <provider selected="true" editor-type-id="text-editor">
+        <state relative-caret-position="176">
+          <caret line="10" column="1" lean-forward="true" selection-start-line="10" selection-start-column="1" selection-end-line="10" selection-end-column="1" />
+        </state>
+      </provider>
+    </entry>
+    <entry file="file://$PROJECT_DIR$/syslog-consumer/src/main/java/com/config/WebConfig.java">
+      <provider selected="true" editor-type-id="text-editor">
+        <state relative-caret-position="594">
+          <caret line="36" column="22" lean-forward="true" selection-start-line="36" selection-start-column="22" selection-end-line="36" selection-end-column="22" />
+        </state>
+      </provider>
+    </entry>
+    <entry file="file://$PROJECT_DIR$/syslog-consumer/src/main/java/com/config/RestTemplateConfig.java">
+      <provider selected="true" editor-type-id="text-editor">
+        <state relative-caret-position="440">
+          <caret line="59" lean-forward="true" selection-start-line="59" selection-end-line="59" />
+        </state>
+      </provider>
+    </entry>
+    <entry file="file://$PROJECT_DIR$/syslog-consumer/src/main/java/com/config/RedisConfig.java">
+      <provider selected="true" editor-type-id="text-editor">
+        <state relative-caret-position="110">
+          <caret line="12" column="13" selection-start-line="12" selection-start-column="13" selection-end-line="12" selection-end-column="13" />
+        </state>
+      </provider>
+    </entry>
+    <entry file="file://$PROJECT_DIR$/syslog-consumer/src/main/java/com/config/CacheConfig.java">
+      <provider selected="true" editor-type-id="text-editor">
+        <state relative-caret-position="110">
+          <caret line="22" column="13" selection-start-line="22" selection-start-column="13" selection-end-line="22" selection-end-column="13" />
+        </state>
+      </provider>
+    </entry>
+    <entry file="file://$PROJECT_DIR$/syslog-consumer/src/main/java/com/config/AppConfig.java">
+      <provider selected="true" editor-type-id="text-editor">
+        <state relative-caret-position="308">
+          <caret line="18" column="9" lean-forward="true" selection-start-line="18" selection-start-column="9" selection-end-line="18" selection-end-column="9" />
+        </state>
+      </provider>
+    </entry>
+    <entry file="file://$PROJECT_DIR$/syslog-consumer/src/main/java/com/common/util/SyslogParser.java">
+      <provider selected="true" editor-type-id="text-editor">
+        <state relative-caret-position="88">
+          <caret line="22" column="13" selection-start-line="22" selection-start-column="13" selection-end-line="22" selection-end-column="13" />
+        </state>
+      </provider>
+    </entry>
+    <entry file="file://$PROJECT_DIR$/syslog-consumer/src/main/java/com/common/util/StringExtractorUtil.java">
+      <provider selected="true" editor-type-id="text-editor">
+        <state relative-caret-position="647">
+          <caret line="195" column="2" selection-start-line="195" selection-start-column="2" selection-end-line="195" selection-end-column="44" />
+        </state>
+      </provider>
+    </entry>
+    <entry file="file://$PROJECT_DIR$/syslog-consumer/src/main/java/com/common/schedule/PartitionTableSchedule.java">
+      <provider selected="true" editor-type-id="text-editor">
+        <state relative-caret-position="374">
+          <caret line="43" column="7" lean-forward="true" selection-start-line="43" selection-start-column="7" selection-end-line="43" selection-end-column="7" />
+        </state>
+      </provider>
+    </entry>
+    <entry file="file://$PROJECT_DIR$/syslog-consumer/src/main/java/com/common/schedule/ScheduledTask.java">
+      <provider selected="true" editor-type-id="text-editor">
+        <state relative-caret-position="471">
+          <caret line="50" column="7" lean-forward="true" selection-start-line="50" selection-start-column="7" selection-end-line="50" selection-end-column="7" />
+        </state>
+      </provider>
+    </entry>
+    <entry file="file://$PROJECT_DIR$/syslog-consumer/src/main/java/com/common/service/DataExtractor.java">
+      <provider selected="true" editor-type-id="text-editor">
+        <state relative-caret-position="-3212">
+          <caret line="33" column="41" lean-forward="true" selection-start-line="33" selection-start-column="41" selection-end-line="33" selection-end-column="41" />
+        </state>
+      </provider>
+    </entry>
+    <entry file="file://$PROJECT_DIR$/syslog-consumer/src/main/java/com/common/util/SpringContextUtil.java">
+      <provider selected="true" editor-type-id="text-editor">
+        <state relative-caret-position="110">
+          <caret line="8" column="13" selection-start-line="8" selection-start-column="13" selection-end-line="8" selection-end-column="13" />
+        </state>
+      </provider>
+    </entry>
+    <entry file="file://$PROJECT_DIR$/syslog-consumer/src/main/java/com/common/util/RegexTextParser.java">
+      <provider selected="true" editor-type-id="text-editor">
+        <state relative-caret-position="176">
+          <caret line="11" column="13" selection-start-line="11" selection-start-column="13" selection-end-line="11" selection-end-column="13" />
+        </state>
+      </provider>
+    </entry>
+    <entry file="file://$PROJECT_DIR$/syslog-consumer/src/main/java/com/config/ThreadPoolConfig.java">
+      <provider selected="true" editor-type-id="text-editor">
+        <state relative-caret-position="440">
+          <caret line="31" column="47" lean-forward="true" selection-start-line="31" selection-start-column="47" selection-end-line="31" selection-end-column="47" />
+        </state>
+      </provider>
+    </entry>
+    <entry file="file://$PROJECT_DIR$/syslog-consumer/src/main/resources/mybatis-config-dev.xml">
+      <provider selected="true" editor-type-id="text-editor">
+        <state relative-caret-position="418">
+          <caret line="19" column="55" lean-forward="true" selection-start-line="19" selection-start-column="55" selection-end-line="19" selection-end-column="55" />
+        </state>
+      </provider>
+    </entry>
+    <entry file="file://$PROJECT_DIR$/syslog-consumer/src/main/java/com/common/service/DataTransformer.java">
+      <provider selected="true" editor-type-id="text-editor">
+        <state relative-caret-position="506">
+          <caret line="33" column="25" selection-start-line="33" selection-start-column="25" selection-end-line="33" selection-end-column="25" />
+        </state>
+      </provider>
+    </entry>
+    <entry file="file://$PROJECT_DIR$/syslog-consumer/src/main/java/com/Modules/NormalData/logNormalData.java">
+      <provider selected="true" editor-type-id="text-editor">
+        <state relative-caret-position="264">
+          <caret line="28" column="14" selection-start-line="28" selection-start-column="14" selection-end-line="28" selection-end-column="14" />
+        </state>
+      </provider>
+    </entry>
+    <entry file="file://$PROJECT_DIR$/syslog-consumer/src/main/java/com/common/service/DeviceCollectTaskService.java">
+      <provider selected="true" editor-type-id="text-editor">
+        <state relative-caret-position="1562">
+          <caret line="88" column="51" selection-start-line="88" selection-start-column="51" selection-end-line="88" selection-end-column="51" />
+        </state>
+      </provider>
+    </entry>
+    <entry file="file://$PROJECT_DIR$/syslog-consumer/src/main/java/com/common/entity/AppLogEntity.java">
+      <provider selected="true" editor-type-id="text-editor">
+        <state relative-caret-position="506">
+          <caret line="25" column="29" lean-forward="true" selection-start-line="25" selection-start-column="29" selection-end-line="25" selection-end-column="29" />
+        </state>
+      </provider>
+    </entry>
+    <entry file="jar://$USER_HOME$/.m2/repository/cn/hutool/hutool-all/5.8.16/hutool-all-5.8.16.jar!/cn/hutool/core/date/DateTime.class">
+      <provider selected="true" editor-type-id="text-editor">
+        <state relative-caret-position="176">
+          <caret line="24" column="54" selection-start-line="24" selection-start-column="54" selection-end-line="24" selection-end-column="54" />
+        </state>
+      </provider>
+    </entry>
+    <entry file="file://$PROJECT_DIR$/syslog-consumer/src/main/java/com/common/mapper/SyslogNormalAlarmMapper.java">
+      <provider selected="true" editor-type-id="text-editor">
+        <state relative-caret-position="422">
+          <caret line="69" column="73" selection-start-line="69" selection-start-column="73" selection-end-line="69" selection-end-column="73" />
+        </state>
+      </provider>
+    </entry>
+    <entry file="file://$PROJECT_DIR$/syslog-consumer/src/main/java/com/common/service/DeviceCollectTaskUpdateService.java">
+      <provider selected="true" editor-type-id="text-editor">
+        <state relative-caret-position="537">
+          <caret line="145" column="22" selection-start-line="145" selection-start-column="22" selection-end-line="145" selection-end-column="22" />
+        </state>
+      </provider>
+    </entry>
+    <entry file="file://$PROJECT_DIR$/syslog-consumer/src/main/java/com/common/service/DeviceStatsUpdateService.java">
+      <provider selected="true" editor-type-id="text-editor">
+        <state relative-caret-position="81">
+          <caret line="84" column="18" selection-start-line="84" selection-start-column="18" selection-end-line="84" selection-end-column="18" />
+        </state>
+      </provider>
+    </entry>
+    <entry file="file://$PROJECT_DIR$/syslog-consumer/src/main/java/com/common/service/DeviceReceiveLogService.java">
+      <provider selected="true" editor-type-id="text-editor">
+        <state relative-caret-position="293">
+          <caret line="30" column="16" selection-start-line="30" selection-start-column="16" selection-end-line="30" selection-end-column="16" />
+        </state>
+      </provider>
+    </entry>
+    <entry file="file://$PROJECT_DIR$/syslog-consumer/src/main/java/com/common/service/impl/DeviceReceiveLogServiceImpl.java">
+      <provider selected="true" editor-type-id="text-editor">
+        <state relative-caret-position="1173">
+          <caret line="136" selection-start-line="136" selection-end-line="136" />
+        </state>
+      </provider>
+    </entry>
+    <entry file="file://$PROJECT_DIR$/syslog-consumer/src/main/java/com/common/mapper/AppLogMapper.java">
+      <provider selected="true" editor-type-id="text-editor">
+        <state relative-caret-position="132">
+          <caret line="10" column="17" selection-start-line="10" selection-start-column="17" selection-end-line="10" selection-end-column="17" />
+        </state>
+      </provider>
+    </entry>
+    <entry file="file://$PROJECT_DIR$/syslog-consumer/src/main/java/com/controllers/ETLController.java">
+      <provider selected="true" editor-type-id="text-editor">
+        <state relative-caret-position="-415">
+          <caret line="17" column="13" selection-start-line="17" selection-start-column="13" selection-end-line="17" selection-end-column="13" />
+        </state>
+      </provider>
+    </entry>
+    <entry file="file://$PROJECT_DIR$/syslog-consumer/src/main/java/com/controllers/SyslogNonNormalMessageController.java">
+      <provider selected="true" editor-type-id="text-editor">
+        <state relative-caret-position="179">
+          <caret line="24" column="13" selection-start-line="24" selection-start-column="13" selection-end-line="24" selection-end-column="13" />
+        </state>
+      </provider>
+    </entry>
+    <entry file="file://$PROJECT_DIR$/syslog-consumer/src/main/java/com/controllers/SyslogPushController.java">
+      <provider selected="true" editor-type-id="text-editor">
+        <state relative-caret-position="-990">
+          <caret line="27" column="13" selection-start-line="27" selection-start-column="13" selection-end-line="27" selection-end-column="13" />
+        </state>
+      </provider>
+    </entry>
+    <entry file="file://$PROJECT_DIR$/syslog-consumer/src/main/java/com/common/schedule/ETLOrchestrator.java">
+      <provider selected="true" editor-type-id="text-editor">
+        <state relative-caret-position="145">
+          <caret line="92" column="36" selection-start-line="92" selection-start-column="36" selection-end-line="92" selection-end-column="36" />
+        </state>
+      </provider>
+    </entry>
+    <entry file="file://$PROJECT_DIR$/syslog-consumer/src/main/java/com/common/service/LogDataFilterService.java">
+      <provider selected="true" editor-type-id="text-editor">
+        <state relative-caret-position="286">
+          <caret line="24" column="19" selection-start-line="24" selection-start-column="19" selection-end-line="24" selection-end-column="19" />
+        </state>
+      </provider>
+    </entry>
+    <entry file="jar://C:/Program Files/Java/jdk1.8.0_121/src.zip!/java/util/Map.java">
+      <provider selected="true" editor-type-id="text-editor">
+        <state relative-caret-position="213">
+          <caret line="145" column="12" selection-start-line="145" selection-start-column="12" selection-end-line="145" selection-end-column="12" />
+        </state>
+      </provider>
+    </entry>
+    <entry file="file://$PROJECT_DIR$/syslog-consumer/src/main/java/com/common/service/impl/SyslogNonNormalMessageServiceImpl.java">
+      <provider selected="true" editor-type-id="text-editor">
+        <state relative-caret-position="213">
+          <caret line="25" column="13" selection-start-line="25" selection-start-column="13" selection-end-line="25" selection-end-column="13" />
+        </state>
+      </provider>
+    </entry>
+    <entry file="file://$PROJECT_DIR$/syslog-consumer/src/main/java/com/common/mapper/SyslogNormalDataMapper.java">
+      <provider selected="true" editor-type-id="text-editor">
+        <state relative-caret-position="198">
+          <caret line="16" column="8" selection-start-line="16" selection-start-column="8" selection-end-line="16" selection-end-column="8" />
+        </state>
+      </provider>
+    </entry>
+    <entry file="file://$PROJECT_DIR$/syslog-consumer/src/main/resources/mapper/SyslogNormalDataMapper.xml">
+      <provider selected="true" editor-type-id="text-editor">
+        <state relative-caret-position="3124">
+          <caret line="142" column="38" selection-start-line="142" selection-start-column="20" selection-end-line="142" selection-end-column="38" />
+        </state>
+      </provider>
+    </entry>
+    <entry file="file://$PROJECT_DIR$/syslog-consumer/src/main/resources/mapper/SyslogNormalAlarmMapper.xml">
+      <provider selected="true" editor-type-id="text-editor">
+        <state relative-caret-position="13354">
+          <caret line="607" column="75" selection-start-line="607" selection-start-column="75" selection-end-line="607" selection-end-column="75" />
+        </state>
+      </provider>
+    </entry>
+    <entry file="jar://$USER_HOME$/.m2/repository/org/springframework/spring-aop/5.3.23/spring-aop-5.3.23.jar!/org/springframework/aop/framework/CglibAopProxy.class">
+      <provider selected="true" editor-type-id="text-editor">
+        <state relative-caret-position="149">
+          <caret line="80" column="70" selection-start-line="80" selection-start-column="70" selection-end-line="80" selection-end-column="70" />
+        </state>
+      </provider>
+    </entry>
+    <entry file="file://$PROJECT_DIR$/syslog-consumer/docker_run.txt">
+      <provider selected="true" editor-type-id="text-editor">
+        <state relative-caret-position="374">
+          <caret line="17" column="171" selection-start-line="17" selection-end-line="17" selection-end-column="171" />
+        </state>
+      </provider>
+    </entry>
+    <entry file="file://$PROJECT_DIR$/syslog-consumer/src/main/resources/application-prod.properties">
+      <provider selected="true" editor-type-id="text-editor">
+        <state relative-caret-position="308">
+          <caret line="14" column="19" selection-end-line="125" selection-end-column="29" />
+        </state>
+      </provider>
+    </entry>
+    <entry file="file://$PROJECT_DIR$/syslog-consumer/src/main/java/com/Modules/NormalData/SysLogProcessor.java">
+      <provider selected="true" editor-type-id="text-editor">
+        <state relative-caret-position="5764">
+          <caret line="287" column="5" selection-start-line="287" selection-start-column="5" selection-end-line="287" selection-end-column="5" />
+        </state>
+      </provider>
+    </entry>
+    <entry file="file://$PROJECT_DIR$/syslog-consumer/src/main/java/com/syslogApplication.java">
+      <provider selected="true" editor-type-id="text-editor">
+        <state relative-caret-position="132">
+          <caret line="28" column="13" selection-start-line="28" selection-start-column="13" selection-end-line="28" selection-end-column="13" />
+        </state>
+      </provider>
+    </entry>
+    <entry file="file://$PROJECT_DIR$/syslog-consumer/src/main/java/com/controllers/SyslogController.java">
+      <provider selected="true" editor-type-id="text-editor">
+        <state relative-caret-position="770">
+          <caret line="54" column="22" selection-start-line="54" selection-start-column="18" selection-end-line="54" selection-end-column="22" />
+        </state>
+      </provider>
+    </entry>
+    <entry file="jar://$USER_HOME$/.m2/repository/org/springframework/spring-aop/5.3.23/spring-aop-5.3.23.jar!/org/springframework/aop/framework/ReflectiveMethodInvocation.class">
+      <provider selected="true" editor-type-id="text-editor">
+        <state relative-caret-position="748">
+          <caret line="35" column="66" selection-start-line="35" selection-start-column="66" selection-end-line="35" selection-end-column="66" />
+        </state>
+      </provider>
+    </entry>
+    <entry file="file://$PROJECT_DIR$/syslog-consumer/src/main/java/com/common/service/SyslogNormalDataService.java">
+      <provider selected="true" editor-type-id="text-editor">
+        <state relative-caret-position="880">
+          <caret line="54" column="5" selection-start-line="54" selection-start-column="5" selection-end-line="54" selection-end-column="5" />
+        </state>
+      </provider>
+    </entry>
+    <entry file="jar://$USER_HOME$/.m2/repository/org/springframework/spring-core/5.3.23/spring-core-5.3.23.jar!/org/springframework/cglib/proxy/MethodProxy.class">
+      <provider selected="true" editor-type-id="text-editor">
+        <state relative-caret-position="704">
+          <caret line="33" column="110" selection-start-line="33" selection-start-column="110" selection-end-line="33" selection-end-column="110" />
+        </state>
+      </provider>
+    </entry>
+    <entry file="file://$PROJECT_DIR$/syslog-consumer/src/main/java/com/Modules/NormalData/LogNormalProcessor.java">
+      <provider selected="true" editor-type-id="text-editor">
+        <state relative-caret-position="170">
+          <caret line="167" column="64" selection-start-line="167" selection-start-column="64" selection-end-line="167" selection-end-column="64" />
+        </state>
+      </provider>
+    </entry>
+    <entry file="file://$PROJECT_DIR$/syslog-consumer/src/main/resources/application-dev.properties">
+      <provider selected="true" editor-type-id="text-editor">
+        <state relative-caret-position="308">
+          <caret line="14" column="19" lean-forward="true" selection-end-line="125" />
+        </state>
+      </provider>
+    </entry>
+    <entry file="file://$PROJECT_DIR$/syslog-consumer/src/main/resources/application.properties">
+      <provider selected="true" editor-type-id="text-editor">
+        <state relative-caret-position="492">
+          <caret line="125" lean-forward="true" selection-start-line="125" selection-end-line="125" />
+        </state>
+      </provider>
+    </entry>
+  </component>
+  <component name="masterDetails">
+    <states>
+      <state key="ArquillianSettingsConfigurable.UI">
+        <settings>
+          <splitter-proportions>
+            <option name="proportions">
+              <list>
+                <option value="0.2" />
+              </list>
+            </option>
+          </splitter-proportions>
+        </settings>
+      </state>
+      <state key="ArtifactsStructureConfigurable.UI">
+        <settings>
+          <artifact-editor />
+          <splitter-proportions>
+            <option name="proportions">
+              <list>
+                <option value="0.2" />
+              </list>
+            </option>
+          </splitter-proportions>
+        </settings>
+      </state>
+      <state key="FacetStructureConfigurable.UI">
+        <settings>
+          <last-edited>Spring</last-edited>
+          <splitter-proportions>
+            <option name="proportions">
+              <list>
+                <option value="0.2" />
+              </list>
+            </option>
+          </splitter-proportions>
+        </settings>
+      </state>
+      <state key="GlobalLibrariesConfigurable.UI">
+        <settings>
+          <splitter-proportions>
+            <option name="proportions">
+              <list>
+                <option value="0.2" />
+              </list>
+            </option>
+          </splitter-proportions>
+        </settings>
+      </state>
+      <state key="JdkListConfigurable.UI">
+        <settings>
+          <last-edited>1.8</last-edited>
+          <splitter-proportions>
+            <option name="proportions">
+              <list>
+                <option value="0.2" />
+              </list>
+            </option>
+          </splitter-proportions>
+        </settings>
+      </state>
+      <state key="ModuleStructureConfigurable.UI">
+        <settings>
+          <last-edited>syslogconsumer</last-edited>
+          <splitter-proportions>
+            <option name="proportions">
+              <list>
+                <option value="0.2" />
+                <option value="0.6" />
+              </list>
+            </option>
+          </splitter-proportions>
+        </settings>
+      </state>
+      <state key="ProjectJDKs.UI">
+        <settings>
+          <last-edited>1.8</last-edited>
+          <splitter-proportions>
+            <option name="proportions">
+              <list>
+                <option value="0.2" />
+              </list>
+            </option>
+          </splitter-proportions>
+        </settings>
+      </state>
+      <state key="ProjectLibrariesConfigurable.UI">
+        <settings>
+          <last-edited>Maven: ch.qos.logback:logback-classic:1.2.11</last-edited>
+          <splitter-proportions>
+            <option name="proportions">
+              <list>
+                <option value="0.2" />
+              </list>
+            </option>
+          </splitter-proportions>
+        </settings>
+      </state>
+    </states>
+  </component>
+</project>
\ No newline at end of file
diff --git a/haobang-security-xdr/haobang-security-xdr.iml b/haobang-security-xdr/haobang-security-xdr.iml
new file mode 100644
index 0000000..a78fc07
--- /dev/null
+++ b/haobang-security-xdr/haobang-security-xdr.iml
@@ -0,0 +1,63 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<module org.jetbrains.idea.maven.project.MavenProjectsManager.isMavenModule="true" type="JAVA_MODULE" version="4">
+  <component name="NewModuleRootManager" LANGUAGE_LEVEL="JDK_1_8">
+    <output url="file://$MODULE_DIR$/target/classes" />
+    <output-test url="file://$MODULE_DIR$/target/test-classes" />
+    <content url="file://$MODULE_DIR$">
+      <excludeFolder url="file://$MODULE_DIR$/target" />
+    </content>
+    <orderEntry type="inheritedJdk" />
+    <orderEntry type="sourceFolder" forTests="false" />
+    <orderEntry type="library" name="Maven: org.springframework.boot:spring-boot-starter:2.7.4" level="project" />
+    <orderEntry type="library" name="Maven: org.springframework.boot:spring-boot:2.7.4" level="project" />
+    <orderEntry type="library" name="Maven: org.springframework:spring-context:5.3.23" level="project" />
+    <orderEntry type="library" name="Maven: org.springframework:spring-aop:5.3.23" level="project" />
+    <orderEntry type="library" name="Maven: org.springframework:spring-beans:5.3.23" level="project" />
+    <orderEntry type="library" name="Maven: org.springframework:spring-expression:5.3.23" level="project" />
+    <orderEntry type="library" name="Maven: org.springframework.boot:spring-boot-autoconfigure:2.7.4" level="project" />
+    <orderEntry type="library" name="Maven: org.springframework.boot:spring-boot-starter-logging:2.7.4" level="project" />
+    <orderEntry type="library" name="Maven: ch.qos.logback:logback-classic:1.2.11" level="project" />
+    <orderEntry type="library" name="Maven: ch.qos.logback:logback-core:1.2.11" level="project" />
+    <orderEntry type="library" name="Maven: org.apache.logging.log4j:log4j-to-slf4j:2.17.2" level="project" />
+    <orderEntry type="library" name="Maven: org.apache.logging.log4j:log4j-api:2.17.2" level="project" />
+    <orderEntry type="library" name="Maven: org.slf4j:jul-to-slf4j:1.7.36" level="project" />
+    <orderEntry type="library" name="Maven: jakarta.annotation:jakarta.annotation-api:1.3.5" level="project" />
+    <orderEntry type="library" name="Maven: org.springframework:spring-core:5.3.23" level="project" />
+    <orderEntry type="library" name="Maven: org.springframework:spring-jcl:5.3.23" level="project" />
+    <orderEntry type="library" name="Maven: org.yaml:snakeyaml:1.30" level="project" />
+    <orderEntry type="library" name="Maven: org.graylog2:syslog4j:0.9.61" level="project" />
+    <orderEntry type="library" name="Maven: joda-time:joda-time:2.9.9" level="project" />
+    <orderEntry type="library" name="Maven: org.apache.commons:commons-lang3:3.12.0" level="project" />
+    <orderEntry type="library" scope="TEST" name="Maven: org.springframework.boot:spring-boot-starter-test:2.7.4" level="project" />
+    <orderEntry type="library" scope="TEST" name="Maven: org.springframework.boot:spring-boot-test:2.7.4" level="project" />
+    <orderEntry type="library" scope="TEST" name="Maven: org.springframework.boot:spring-boot-test-autoconfigure:2.7.4" level="project" />
+    <orderEntry type="library" scope="TEST" name="Maven: com.jayway.jsonpath:json-path:2.7.0" level="project" />
+    <orderEntry type="library" scope="TEST" name="Maven: net.minidev:json-smart:2.4.8" level="project" />
+    <orderEntry type="library" scope="TEST" name="Maven: net.minidev:accessors-smart:2.4.8" level="project" />
+    <orderEntry type="library" scope="TEST" name="Maven: org.ow2.asm:asm:9.1" level="project" />
+    <orderEntry type="library" name="Maven: org.slf4j:slf4j-api:1.7.36" level="project" />
+    <orderEntry type="library" scope="TEST" name="Maven: jakarta.xml.bind:jakarta.xml.bind-api:2.3.3" level="project" />
+    <orderEntry type="library" scope="TEST" name="Maven: jakarta.activation:jakarta.activation-api:1.2.2" level="project" />
+    <orderEntry type="library" scope="TEST" name="Maven: org.assertj:assertj-core:3.22.0" level="project" />
+    <orderEntry type="library" scope="TEST" name="Maven: org.hamcrest:hamcrest:2.2" level="project" />
+    <orderEntry type="library" scope="TEST" name="Maven: org.junit.jupiter:junit-jupiter:5.8.2" level="project" />
+    <orderEntry type="library" scope="TEST" name="Maven: org.junit.jupiter:junit-jupiter-api:5.8.2" level="project" />
+    <orderEntry type="library" scope="TEST" name="Maven: org.opentest4j:opentest4j:1.2.0" level="project" />
+    <orderEntry type="library" scope="TEST" name="Maven: org.junit.platform:junit-platform-commons:1.8.2" level="project" />
+    <orderEntry type="library" scope="TEST" name="Maven: org.apiguardian:apiguardian-api:1.1.2" level="project" />
+    <orderEntry type="library" scope="TEST" name="Maven: org.junit.jupiter:junit-jupiter-params:5.8.2" level="project" />
+    <orderEntry type="library" scope="TEST" name="Maven: org.junit.jupiter:junit-jupiter-engine:5.8.2" level="project" />
+    <orderEntry type="library" scope="TEST" name="Maven: org.junit.platform:junit-platform-engine:1.8.2" level="project" />
+    <orderEntry type="library" scope="TEST" name="Maven: org.mockito:mockito-core:4.5.1" level="project" />
+    <orderEntry type="library" scope="TEST" name="Maven: net.bytebuddy:byte-buddy:1.12.17" level="project" />
+    <orderEntry type="library" scope="TEST" name="Maven: net.bytebuddy:byte-buddy-agent:1.12.17" level="project" />
+    <orderEntry type="library" scope="TEST" name="Maven: org.objenesis:objenesis:3.2" level="project" />
+    <orderEntry type="library" scope="TEST" name="Maven: org.mockito:mockito-junit-jupiter:4.5.1" level="project" />
+    <orderEntry type="library" scope="TEST" name="Maven: org.skyscreamer:jsonassert:1.5.1" level="project" />
+    <orderEntry type="library" scope="TEST" name="Maven: com.vaadin.external.google:android-json:0.0.20131108.vaadin1" level="project" />
+    <orderEntry type="library" scope="TEST" name="Maven: org.springframework:spring-test:5.3.23" level="project" />
+    <orderEntry type="library" scope="TEST" name="Maven: org.xmlunit:xmlunit-core:2.9.0" level="project" />
+    <orderEntry type="library" name="Maven: com.alibaba.fastjson2:fastjson2:2.0.40" level="project" />
+    <orderEntry type="library" name="Maven: cn.hutool:hutool-all:5.8.16" level="project" />
+  </component>
+</module>
\ No newline at end of file
diff --git a/haobang-security-xdr/hb-security-xdr.iml b/haobang-security-xdr/hb-security-xdr.iml
new file mode 100644
index 0000000..cea2e32
--- /dev/null
+++ b/haobang-security-xdr/hb-security-xdr.iml
@@ -0,0 +1,63 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<module org.jetbrains.idea.maven.project.MavenProjectsManager.isMavenModule="true" type="JAVA_MODULE" version="4">
+  <component name="NewModuleRootManager" LANGUAGE_LEVEL="JDK_1_8">
+    <output url="file://$MODULE_DIR$/target/classes" />
+    <output-test url="file://$MODULE_DIR$/target/test-classes" />
+    <content url="file://$MODULE_DIR$">
+      <excludeFolder url="file://$MODULE_DIR$/target" />
+    </content>
+    <orderEntry type="inheritedJdk" />
+    <orderEntry type="sourceFolder" forTests="false" />
+    <orderEntry type="library" name="Maven: org.springframework.boot:spring-boot-starter:2.7.4" level="project" />
+    <orderEntry type="library" name="Maven: org.springframework.boot:spring-boot:2.7.4" level="project" />
+    <orderEntry type="library" name="Maven: org.springframework:spring-context:5.3.23" level="project" />
+    <orderEntry type="library" name="Maven: org.springframework:spring-aop:5.3.23" level="project" />
+    <orderEntry type="library" name="Maven: org.springframework:spring-beans:5.3.23" level="project" />
+    <orderEntry type="library" name="Maven: org.springframework:spring-expression:5.3.23" level="project" />
+    <orderEntry type="library" name="Maven: org.springframework.boot:spring-boot-autoconfigure:2.7.4" level="project" />
+    <orderEntry type="library" name="Maven: org.springframework.boot:spring-boot-starter-logging:2.7.4" level="project" />
+    <orderEntry type="library" name="Maven: ch.qos.logback:logback-classic:1.2.11" level="project" />
+    <orderEntry type="library" name="Maven: ch.qos.logback:logback-core:1.2.11" level="project" />
+    <orderEntry type="library" name="Maven: org.apache.logging.log4j:log4j-to-slf4j:2.17.2" level="project" />
+    <orderEntry type="library" name="Maven: org.apache.logging.log4j:log4j-api:2.17.2" level="project" />
+    <orderEntry type="library" name="Maven: org.slf4j:jul-to-slf4j:1.7.36" level="project" />
+    <orderEntry type="library" name="Maven: jakarta.annotation:jakarta.annotation-api:1.3.5" level="project" />
+    <orderEntry type="library" name="Maven: org.springframework:spring-core:5.3.23" level="project" />
+    <orderEntry type="library" name="Maven: org.springframework:spring-jcl:5.3.23" level="project" />
+    <orderEntry type="library" name="Maven: org.yaml:snakeyaml:1.30" level="project" />
+    <orderEntry type="library" name="Maven: org.graylog2:syslog4j:0.9.59" level="project" />
+    <orderEntry type="library" name="Maven: joda-time:joda-time:2.9.7" level="project" />
+    <orderEntry type="library" name="Maven: org.apache.commons:commons-lang3:3.12.0" level="project" />
+    <orderEntry type="library" scope="TEST" name="Maven: org.springframework.boot:spring-boot-starter-test:2.7.4" level="project" />
+    <orderEntry type="library" scope="TEST" name="Maven: org.springframework.boot:spring-boot-test:2.7.4" level="project" />
+    <orderEntry type="library" scope="TEST" name="Maven: org.springframework.boot:spring-boot-test-autoconfigure:2.7.4" level="project" />
+    <orderEntry type="library" scope="TEST" name="Maven: com.jayway.jsonpath:json-path:2.7.0" level="project" />
+    <orderEntry type="library" scope="TEST" name="Maven: net.minidev:json-smart:2.4.8" level="project" />
+    <orderEntry type="library" scope="TEST" name="Maven: net.minidev:accessors-smart:2.4.8" level="project" />
+    <orderEntry type="library" scope="TEST" name="Maven: org.ow2.asm:asm:9.1" level="project" />
+    <orderEntry type="library" name="Maven: org.slf4j:slf4j-api:1.7.36" level="project" />
+    <orderEntry type="library" scope="TEST" name="Maven: jakarta.xml.bind:jakarta.xml.bind-api:2.3.3" level="project" />
+    <orderEntry type="library" scope="TEST" name="Maven: jakarta.activation:jakarta.activation-api:1.2.2" level="project" />
+    <orderEntry type="library" scope="TEST" name="Maven: org.assertj:assertj-core:3.22.0" level="project" />
+    <orderEntry type="library" scope="TEST" name="Maven: org.hamcrest:hamcrest:2.2" level="project" />
+    <orderEntry type="library" scope="TEST" name="Maven: org.junit.jupiter:junit-jupiter:5.8.2" level="project" />
+    <orderEntry type="library" scope="TEST" name="Maven: org.junit.jupiter:junit-jupiter-api:5.8.2" level="project" />
+    <orderEntry type="library" scope="TEST" name="Maven: org.opentest4j:opentest4j:1.2.0" level="project" />
+    <orderEntry type="library" scope="TEST" name="Maven: org.junit.platform:junit-platform-commons:1.8.2" level="project" />
+    <orderEntry type="library" scope="TEST" name="Maven: org.apiguardian:apiguardian-api:1.1.2" level="project" />
+    <orderEntry type="library" scope="TEST" name="Maven: org.junit.jupiter:junit-jupiter-params:5.8.2" level="project" />
+    <orderEntry type="library" scope="TEST" name="Maven: org.junit.jupiter:junit-jupiter-engine:5.8.2" level="project" />
+    <orderEntry type="library" scope="TEST" name="Maven: org.junit.platform:junit-platform-engine:1.8.2" level="project" />
+    <orderEntry type="library" scope="TEST" name="Maven: org.mockito:mockito-core:4.5.1" level="project" />
+    <orderEntry type="library" scope="TEST" name="Maven: net.bytebuddy:byte-buddy:1.12.17" level="project" />
+    <orderEntry type="library" scope="TEST" name="Maven: net.bytebuddy:byte-buddy-agent:1.12.17" level="project" />
+    <orderEntry type="library" scope="TEST" name="Maven: org.objenesis:objenesis:3.2" level="project" />
+    <orderEntry type="library" scope="TEST" name="Maven: org.mockito:mockito-junit-jupiter:4.5.1" level="project" />
+    <orderEntry type="library" scope="TEST" name="Maven: org.skyscreamer:jsonassert:1.5.1" level="project" />
+    <orderEntry type="library" scope="TEST" name="Maven: com.vaadin.external.google:android-json:0.0.20131108.vaadin1" level="project" />
+    <orderEntry type="library" scope="TEST" name="Maven: org.springframework:spring-test:5.3.23" level="project" />
+    <orderEntry type="library" scope="TEST" name="Maven: org.xmlunit:xmlunit-core:2.9.0" level="project" />
+    <orderEntry type="library" name="Maven: com.alibaba.fastjson2:fastjson2:2.0.40" level="project" />
+    <orderEntry type="library" name="Maven: cn.hutool:hutool-all:5.8.16" level="project" />
+  </component>
+</module>
\ No newline at end of file
diff --git a/haobang-security-xdr/logs/syslog-client.2025-12-01.log b/haobang-security-xdr/logs/syslog-client.2025-12-01.log
new file mode 100644
index 0000000..98fbe35
--- /dev/null
+++ b/haobang-security-xdr/logs/syslog-client.2025-12-01.log
@@ -0,0 +1,8 @@
+2025-12-01 14:54:33.447 [main] INFO  c.h.syslog.syslogClientApplication - Starting syslogClientApplication using Java 1.8.0_121 on LAPTOP-ARDUR3N0 with PID 30688 (E:\GIT_GOSAME\haobang-security-xdr\syslog-client\target\classes started by chenc in E:\GIT_GOSAME\haobang-security-xdr)
+2025-12-01 14:54:33.451 [main] INFO  c.h.syslog.syslogClientApplication - No active profile set, falling back to 1 default profile: "default"
+2025-12-01 14:54:34.030 [main] INFO  c.h.syslog.syslogClientApplication - Started syslogClientApplication in 0.983 seconds (JVM running for 11.611)
+2025-12-01 14:54:34.045 [TCP] INFO  com.haobang.syslog.ClientClass - 设置syslog端口：514
+2025-12-01 14:55:09.158 [main] INFO  c.h.syslog.syslogClientApplication - Starting syslogClientApplication using Java 1.8.0_121 on LAPTOP-ARDUR3N0 with PID 30652 (E:\GIT_GOSAME\haobang-security-xdr\syslog-client\target\classes started by chenc in E:\GIT_GOSAME\haobang-security-xdr)
+2025-12-01 14:55:09.165 [main] INFO  c.h.syslog.syslogClientApplication - No active profile set, falling back to 1 default profile: "default"
+2025-12-01 14:55:10.188 [main] INFO  c.h.syslog.syslogClientApplication - Started syslogClientApplication in 1.799 seconds (JVM running for 8.423)
+2025-12-01 14:55:10.209 [TCP] INFO  com.haobang.syslog.ClientClass - 设置syslog端口：514
diff --git a/haobang-security-xdr/logs/syslog-client.log b/haobang-security-xdr/logs/syslog-client.log
new file mode 100644
index 0000000..83b468e
--- /dev/null
+++ b/haobang-security-xdr/logs/syslog-client.log
@@ -0,0 +1,4 @@
+2025-12-17 23:59:44.041 [main] INFO  c.h.syslog.syslogClientApplication - Starting syslogClientApplication using Java 1.8.0_121 on LAPTOP-ARDUR3N0 with PID 17184 (E:\GIT_GOSAME\haobang-security-xdr\syslog-client\target\classes started by chenc in E:\GIT_GOSAME\haobang-security-xdr)
+2025-12-17 23:59:44.061 [main] INFO  c.h.syslog.syslogClientApplication - No active profile set, falling back to 1 default profile: "default"
+2025-12-17 23:59:45.393 [main] INFO  c.h.syslog.syslogClientApplication - Started syslogClientApplication in 2.275 seconds (JVM running for 9.275)
+2025-12-17 23:59:45.440 [TCP] INFO  com.haobang.syslog.ClientClass - 设置syslog端口：514
diff --git a/haobang-security-xdr/logs/syslog-consumer.log b/haobang-security-xdr/logs/syslog-consumer.log
new file mode 100644
index 0000000..3ec2a32
--- /dev/null
+++ b/haobang-security-xdr/logs/syslog-consumer.log
@@ -0,0 +1,1756 @@
+2026-01-10 13:27:26.100 [main] INFO  com.syslogApplication - Starting syslogApplication using Java 1.8.0_121 on LAPTOP-ARDUR3N0 with PID 12944 (E:\GIT_GOSAME\haobang-security-xdr\syslog-consumer\target\classes started by chenc in E:\GIT_GOSAME\haobang-security-xdr)
+2026-01-10 13:27:26.104 [background-preinit] INFO  o.h.validator.internal.util.Version - HV000001: Hibernate Validator 6.2.5.Final
+2026-01-10 13:27:26.108 [main] INFO  com.syslogApplication - No active profile set, falling back to 1 default profile: "default"
+2026-01-10 13:27:28.693 [main] INFO  o.s.d.r.c.RepositoryConfigurationDelegate - Multiple Spring Data modules found, entering strict repository configuration mode
+2026-01-10 13:27:28.693 [main] INFO  o.s.d.r.c.RepositoryConfigurationDelegate - Bootstrapping Spring Data Elasticsearch repositories in DEFAULT mode.
+2026-01-10 13:27:29.287 [main] INFO  o.s.d.r.c.RepositoryConfigurationDelegate - Finished Spring Data repository scanning in 588 ms. Found 1 Elasticsearch repository interfaces.
+2026-01-10 13:27:29.294 [main] INFO  o.s.d.r.c.RepositoryConfigurationDelegate - Multiple Spring Data modules found, entering strict repository configuration mode
+2026-01-10 13:27:29.294 [main] INFO  o.s.d.r.c.RepositoryConfigurationDelegate - Bootstrapping Spring Data Reactive Elasticsearch repositories in DEFAULT mode.
+2026-01-10 13:27:29.457 [main] INFO  o.s.d.r.c.RepositoryConfigurationExtensionSupport - Spring Data Reactive Elasticsearch - Could not safely identify store assignment for repository candidate interface com.common.service.AppLogRepository; If you want this repository to be a Reactive Elasticsearch repository, consider annotating your entities with one of these annotations: org.springframework.data.elasticsearch.annotations.Document (preferred), or consider extending one of the following types with your repository: org.springframework.data.elasticsearch.repository.ReactiveElasticsearchRepository
+2026-01-10 13:27:29.457 [main] INFO  o.s.d.r.c.RepositoryConfigurationDelegate - Finished Spring Data repository scanning in 161 ms. Found 0 Reactive Elasticsearch repository interfaces.
+2026-01-10 13:27:29.479 [main] INFO  o.s.d.r.c.RepositoryConfigurationDelegate - Multiple Spring Data modules found, entering strict repository configuration mode
+2026-01-10 13:27:29.479 [main] INFO  o.s.d.r.c.RepositoryConfigurationDelegate - Bootstrapping Spring Data Redis repositories in DEFAULT mode.
+2026-01-10 13:27:29.655 [main] INFO  o.s.d.r.c.RepositoryConfigurationExtensionSupport - Spring Data Redis - Could not safely identify store assignment for repository candidate interface com.common.service.AppLogRepository; If you want this repository to be a Redis repository, consider annotating your entities with one of these annotations: org.springframework.data.redis.core.RedisHash (preferred), or consider extending one of the following types with your repository: org.springframework.data.keyvalue.repository.KeyValueRepository
+2026-01-10 13:27:29.655 [main] INFO  o.s.d.r.c.RepositoryConfigurationDelegate - Finished Spring Data repository scanning in 163 ms. Found 0 Redis repository interfaces.
+2026-01-10 13:27:30.440 [main] INFO  o.s.b.w.e.tomcat.TomcatWebServer - Tomcat initialized with port(s): 8089 (http)
+2026-01-10 13:27:30.451 [main] INFO  o.a.coyote.http11.Http11NioProtocol - Initializing ProtocolHandler ["http-nio-8089"]
+2026-01-10 13:27:30.451 [main] INFO  o.a.catalina.core.StandardService - Starting service [Tomcat]
+2026-01-10 13:27:30.451 [main] INFO  o.a.catalina.core.StandardEngine - Starting Servlet engine: [Apache Tomcat/9.0.65]
+2026-01-10 13:27:30.727 [main] INFO  o.a.c.c.C.[.[.[/xdrservice] - Initializing Spring embedded WebApplicationContext
+2026-01-10 13:27:30.727 [main] INFO  o.s.b.w.s.c.ServletWebServerApplicationContext - Root WebApplicationContext: initialization completed in 4552 ms
+2026-01-10 13:27:30.777 [main] INFO  o.s.b.f.a.AutowiredAnnotationBeanPostProcessor - Autowired annotation is not supported on static fields: private static com.common.service.DmColumnService com.syslogApplication.dmColumnService
+2026-01-10 13:27:33.588 [main] INFO  com.influx.InfluxDBClient - InfluxDB connection successful: ready for queries and writes
+2026-01-10 13:27:33.860 [main] WARN  c.b.m.core.injector.AbstractMethod - [com.common.mapper.DeviceCollectTaskMapper.insert] Has been loaded by XML or SqlProvider or Mybatis's Annotation, so ignoring this injection for [class com.baomidou.mybatisplus.core.injector.methods.Insert]
+2026-01-10 13:27:33.875 [main] WARN  c.b.m.core.injector.AbstractMethod - [com.common.mapper.DeviceCollectTaskMapper.update] Has been loaded by XML or SqlProvider or Mybatis's Annotation, so ignoring this injection for [class com.baomidou.mybatisplus.core.injector.methods.Update]
+2026-01-10 13:27:33.907 [main] WARN  c.b.m.core.injector.AbstractMethod - [com.common.mapper.DeviceCollectTaskMapper.deleteById] Has been loaded by XML or SqlProvider or Mybatis's Annotation, so ignoring this injection for [class com.baomidou.mybatisplus.core.injector.methods.DeleteById]
+2026-01-10 13:27:33.910 [main] WARN  c.b.m.core.injector.AbstractMethod - [com.common.mapper.DeviceCollectTaskMapper.selectById] Has been loaded by XML or SqlProvider or Mybatis's Annotation, so ignoring this injection for [class com.baomidou.mybatisplus.core.injector.methods.SelectById]
+2026-01-10 13:27:33.960 [main] ERROR c.b.m.core.MybatisConfiguration - mapper[com.common.mapper.SecExceptionAlgorithmMapper.findById] is ignored, because it exists, maybe from xml file
+2026-01-10 13:27:38.866 [main] INFO  c.c.service.AccessLogAlertService - 初始化AccessLogAlertService，上次处理时间: 2026-01-10T13:25:38.866
+2026-01-10 13:27:38.882 [main] INFO  com.zaxxer.hikari.HikariDataSource - HikariPool-1 - Starting...
+2026-01-10 13:27:39.100 [main] INFO  com.zaxxer.hikari.HikariDataSource - HikariPool-1 - Start completed.
+2026-01-10 13:27:39.131 [main] INFO  c.c.service.AccessLogAlertService - 加载了 2 个启用的算法配置
+2026-01-10 13:27:39.940 [main] INFO  com.influx.InfluxDBClient - InfluxDB connection successful: ready for queries and writes
+2026-01-10 13:27:40.248 [main] INFO  com.common.util.MyBatisUtil - MyBatis 初始化成功
+2026-01-10 13:27:41.102 [main] INFO  org.quartz.impl.StdSchedulerFactory - Using default implementation for ThreadExecutor
+2026-01-10 13:27:41.112 [main] INFO  o.quartz.core.SchedulerSignalerImpl - Initialized Scheduler Signaller of type: class org.quartz.core.SchedulerSignalerImpl
+2026-01-10 13:27:41.112 [main] INFO  org.quartz.core.QuartzScheduler - Quartz Scheduler v.2.3.2 created.
+2026-01-10 13:27:41.112 [main] INFO  org.quartz.simpl.RAMJobStore - RAMJobStore initialized.
+2026-01-10 13:27:41.112 [main] INFO  org.quartz.core.QuartzScheduler - Scheduler meta-data: Quartz Scheduler (v2.3.2) 'quartzScheduler' with instanceId 'NON_CLUSTERED'
+  Scheduler class: 'org.quartz.core.QuartzScheduler' - running locally.
+  NOT STARTED.
+  Currently in standby mode.
+  Number of jobs executed: 0
+  Using thread pool 'org.quartz.simpl.SimpleThreadPool' - with 10 threads.
+  Using job-store 'org.quartz.simpl.RAMJobStore' - which does not support persistence. and is not clustered.
+
+2026-01-10 13:27:41.112 [main] INFO  org.quartz.impl.StdSchedulerFactory - Quartz scheduler 'quartzScheduler' initialized from an externally provided properties instance.
+2026-01-10 13:27:41.112 [main] INFO  org.quartz.impl.StdSchedulerFactory - Quartz scheduler version: 2.3.2
+2026-01-10 13:27:41.112 [main] INFO  org.quartz.core.QuartzScheduler - JobFactory set to: org.springframework.scheduling.quartz.SpringBeanJobFactory@1de78f97
+2026-01-10 13:27:41.285 [main] INFO  o.a.kafka.common.utils.AppInfoParser - Kafka version: 3.4.0
+2026-01-10 13:27:41.285 [main] INFO  o.a.kafka.common.utils.AppInfoParser - Kafka commitId: 2e1947d240607d53
+2026-01-10 13:27:41.285 [main] INFO  o.a.kafka.common.utils.AppInfoParser - Kafka startTimeMs: 1768022861284
+2026-01-10 13:27:41.303 [main] INFO  o.a.kafka.common.utils.AppInfoParser - Kafka version: 3.4.0
+2026-01-10 13:27:41.303 [main] INFO  o.a.kafka.common.utils.AppInfoParser - Kafka commitId: 2e1947d240607d53
+2026-01-10 13:27:41.304 [main] INFO  o.a.kafka.common.utils.AppInfoParser - Kafka startTimeMs: 1768022861303
+2026-01-10 13:27:41.304 [main] INFO  o.a.coyote.http11.Http11NioProtocol - Starting ProtocolHandler ["http-nio-8089"]
+2026-01-10 13:27:41.320 [main] INFO  o.s.b.w.e.tomcat.TomcatWebServer - Tomcat started on port(s): 8089 (http) with context path '/xdrservice'
+2026-01-10 13:27:41.320 [main] INFO  o.s.s.quartz.SchedulerFactoryBean - Starting Quartz Scheduler now
+2026-01-10 13:27:41.320 [main] INFO  org.quartz.core.QuartzScheduler - Scheduler quartzScheduler_$_NON_CLUSTERED started.
+2026-01-10 13:27:41.338 [main] INFO  com.syslogApplication - Started syslogApplication in 15.567 seconds (JVM running for 20.706)
+2026-01-10 13:27:43.685 [org.springframework.kafka.KafkaListenerEndpointContainer#0-1-C-1] INFO  o.s.k.l.KafkaMessageListenerContainer - agent-syslog-group: partitions assigned: []
+2026-01-10 13:27:43.685 [org.springframework.kafka.KafkaListenerEndpointContainer#0-0-C-1] INFO  o.s.k.l.KafkaMessageListenerContainer - agent-syslog-group: partitions assigned: []
+2026-01-10 13:28:00.008 [log-processor-1] INFO  c.c.service.AccessLogAlertService - 开始执行访问日志告警处理任务
+2026-01-10 13:28:00.008 [scheduling-1] INFO  c.c.service.AccessLogAlertService - 开始执行访问日志告警处理任务
+2026-01-10 13:28:00.027 [scheduling-4] INFO  c.c.service.DeviceStatsUpdateService - 开始执行设备统计更新任务...
+2026-01-10 13:28:00.027 [scheduling-3] WARN  c.c.s.i.DeviceReceiveLogServiceImpl - 删除时间点2026-01-08T13:28:00.003晚于默认保留时间2026-01-03T13:28:00.027，使用默认时间
+2026-01-10 13:28:00.038 [scheduling-1] INFO  c.c.service.AccessLogAlertService - 加载了 2 个启用的算法配置
+2026-01-10 13:28:00.039 [log-processor-1] INFO  c.c.service.AccessLogAlertService - 加载了 2 个启用的算法配置
+2026-01-10 13:28:00.044 [scheduling-3] INFO  c.c.s.i.DeviceReceiveLogServiceImpl - 删除2026-01-03T13:28:00.027天前的日志，共删除0条
+2026-01-10 13:28:00.057 [scheduling-3] INFO  com.common.schedule.ETLOrchestrator - 定时清理任务完成，删除0条2天前的日志
+2026-01-10 13:28:00.367 [scheduling-4] INFO  c.c.service.DeviceStatsUpdateService - 设备统计更新完成，处理设备数：2，耗时：340ms
+2026-01-10 13:28:00.367 [scheduling-4] INFO  c.c.service.DeviceStatsUpdateService - 开始执行设备采集探针任务时间更新，时间: 2026-01-10T13:28:00.367
+2026-01-10 13:28:00.369 [scheduling-4] INFO  c.c.s.DeviceCollectTaskUpdateService - 开始批量更新设备采集任务时间，当前时间: 2026-01-10T13:28:00.369
+2026-01-10 13:28:00.396 [scheduling-1] INFO  c.c.service.AccessLogAlertService - 获取到 938 条新的日志数据，时间范围: 2026-01-10T13:25:38.866 到 2026-01-10T13:28:00.039
+2026-01-10 13:28:00.396 [scheduling-1] INFO  c.c.service.AccessLogAlertService - 开始处理算法: Webshell 算法 (ID: 2004037120094425090)
+2026-01-10 13:28:00.475 [log-processor-1] INFO  c.c.service.AccessLogAlertService - 获取到 942 条新的日志数据，时间范围: 2026-01-10T13:25:38.866 到 2026-01-10T13:28:00.039
+2026-01-10 13:28:00.475 [log-processor-1] INFO  c.c.service.AccessLogAlertService - 开始处理算法: Webshell 算法 (ID: 2004037120094425090)
+2026-01-10 13:28:02.619 [log-processor-1] ERROR c.c.service.AccessLogAlertService - 调用算法API异常 [URL: http://192.168.4.33:5001/Webshell]: I/O error on POST request for "http://192.168.4.33:5001/Webshell": Connection refused: connect; nested exception is java.net.ConnectException: Connection refused: connect
+org.springframework.web.client.ResourceAccessException: I/O error on POST request for "http://192.168.4.33:5001/Webshell": Connection refused: connect; nested exception is java.net.ConnectException: Connection refused: connect
+	at org.springframework.web.client.RestTemplate.doExecute(RestTemplate.java:785)
+	at org.springframework.web.client.RestTemplate.execute(RestTemplate.java:711)
+	at org.springframework.web.client.RestTemplate.exchange(RestTemplate.java:602)
+	at com.common.service.AccessLogAlertService.callAlgorithmApi(AccessLogAlertService.java:275)
+	at com.common.service.AccessLogAlertService.processAlgorithm(AccessLogAlertService.java:153)
+	at com.common.service.AccessLogAlertService.processAccessLogAlert(AccessLogAlertService.java:122)
+	at com.common.service.AccessLogAlertService$$FastClassBySpringCGLIB$$4807ae0a.invoke(<generated>)
+	at org.springframework.cglib.proxy.MethodProxy.invoke(MethodProxy.java:218)
+	at org.springframework.aop.framework.CglibAopProxy$CglibMethodInvocation.invokeJoinpoint(CglibAopProxy.java:793)
+	at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:163)
+	at org.springframework.aop.framework.CglibAopProxy$CglibMethodInvocation.proceed(CglibAopProxy.java:763)
+	at org.springframework.aop.interceptor.AsyncExecutionInterceptor.lambda$invoke$0(AsyncExecutionInterceptor.java:115)
+	at java.util.concurrent.FutureTask.run(FutureTask.java:266)
+	at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
+	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
+	at java.lang.Thread.run(Thread.java:745)
+Caused by: java.net.ConnectException: Connection refused: connect
+	at java.net.DualStackPlainSocketImpl.waitForConnect(Native Method)
+	at java.net.DualStackPlainSocketImpl.socketConnect(DualStackPlainSocketImpl.java:85)
+	at java.net.AbstractPlainSocketImpl.doConnect(AbstractPlainSocketImpl.java:350)
+	at java.net.AbstractPlainSocketImpl.connectToAddress(AbstractPlainSocketImpl.java:206)
+	at java.net.AbstractPlainSocketImpl.connect(AbstractPlainSocketImpl.java:188)
+	at java.net.PlainSocketImpl.connect(PlainSocketImpl.java:172)
+	at java.net.SocksSocketImpl.connect(SocksSocketImpl.java:392)
+	at java.net.Socket.connect(Socket.java:589)
+	at sun.net.NetworkClient.doConnect(NetworkClient.java:175)
+	at sun.net.www.http.HttpClient.openServer(HttpClient.java:432)
+	at sun.net.www.http.HttpClient.openServer(HttpClient.java:527)
+	at sun.net.www.http.HttpClient.<init>(HttpClient.java:211)
+	at sun.net.www.http.HttpClient.New(HttpClient.java:308)
+	at sun.net.www.http.HttpClient.New(HttpClient.java:326)
+	at sun.net.www.protocol.http.HttpURLConnection.getNewHttpClient(HttpURLConnection.java:1202)
+	at sun.net.www.protocol.http.HttpURLConnection.plainConnect0(HttpURLConnection.java:1138)
+	at sun.net.www.protocol.http.HttpURLConnection.plainConnect(HttpURLConnection.java:1032)
+	at sun.net.www.protocol.http.HttpURLConnection.connect(HttpURLConnection.java:966)
+	at org.springframework.http.client.SimpleBufferingClientHttpRequest.executeInternal(SimpleBufferingClientHttpRequest.java:76)
+	at org.springframework.http.client.AbstractBufferingClientHttpRequest.executeInternal(AbstractBufferingClientHttpRequest.java:48)
+	at org.springframework.http.client.AbstractClientHttpRequest.execute(AbstractClientHttpRequest.java:66)
+	at org.springframework.http.client.InterceptingClientHttpRequest$InterceptingRequestExecution.execute(InterceptingClientHttpRequest.java:109)
+	at com.config.RestTemplateConfig$LoggingInterceptor.intercept(RestTemplateConfig.java:62)
+	at org.springframework.http.client.InterceptingClientHttpRequest$InterceptingRequestExecution.execute(InterceptingClientHttpRequest.java:93)
+	at org.springframework.http.client.InterceptingClientHttpRequest.executeInternal(InterceptingClientHttpRequest.java:77)
+	at org.springframework.http.client.AbstractBufferingClientHttpRequest.executeInternal(AbstractBufferingClientHttpRequest.java:48)
+	at org.springframework.http.client.AbstractClientHttpRequest.execute(AbstractClientHttpRequest.java:66)
+	at org.springframework.web.client.RestTemplate.doExecute(RestTemplate.java:776)
+	... 15 common frames omitted
+2026-01-10 13:28:02.619 [scheduling-1] ERROR c.c.service.AccessLogAlertService - 调用算法API异常 [URL: http://192.168.4.33:5001/Webshell]: I/O error on POST request for "http://192.168.4.33:5001/Webshell": Connection refused: connect; nested exception is java.net.ConnectException: Connection refused: connect
+org.springframework.web.client.ResourceAccessException: I/O error on POST request for "http://192.168.4.33:5001/Webshell": Connection refused: connect; nested exception is java.net.ConnectException: Connection refused: connect
+	at org.springframework.web.client.RestTemplate.doExecute(RestTemplate.java:785)
+	at org.springframework.web.client.RestTemplate.execute(RestTemplate.java:711)
+	at org.springframework.web.client.RestTemplate.exchange(RestTemplate.java:602)
+	at com.common.service.AccessLogAlertService.callAlgorithmApi(AccessLogAlertService.java:275)
+	at com.common.service.AccessLogAlertService.processAlgorithm(AccessLogAlertService.java:153)
+	at com.common.service.AccessLogAlertService.processAccessLogAlert(AccessLogAlertService.java:122)
+	at com.common.service.AccessLogAlertService.safeProcessTask(AccessLogAlertService.java:387)
+	at com.common.service.AccessLogAlertService$$FastClassBySpringCGLIB$$4807ae0a.invoke(<generated>)
+	at org.springframework.cglib.proxy.MethodProxy.invoke(MethodProxy.java:218)
+	at org.springframework.aop.framework.CglibAopProxy.invokeMethod(CglibAopProxy.java:386)
+	at org.springframework.aop.framework.CglibAopProxy.access$000(CglibAopProxy.java:85)
+	at org.springframework.aop.framework.CglibAopProxy$DynamicAdvisedInterceptor.intercept(CglibAopProxy.java:704)
+	at com.common.service.AccessLogAlertService$$EnhancerBySpringCGLIB$$b85131f2.safeProcessTask(<generated>)
+	at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
+	at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
+	at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
+	at java.lang.reflect.Method.invoke(Method.java:498)
+	at org.springframework.scheduling.support.ScheduledMethodRunnable.run(ScheduledMethodRunnable.java:84)
+	at org.springframework.scheduling.support.DelegatingErrorHandlingRunnable.run(DelegatingErrorHandlingRunnable.java:54)
+	at org.springframework.scheduling.concurrent.ReschedulingRunnable.run(ReschedulingRunnable.java:95)
+	at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511)
+	at java.util.concurrent.FutureTask.run(FutureTask.java:266)
+	at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.access$201(ScheduledThreadPoolExecutor.java:180)
+	at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.run(ScheduledThreadPoolExecutor.java:293)
+	at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
+	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
+	at java.lang.Thread.run(Thread.java:745)
+Caused by: java.net.ConnectException: Connection refused: connect
+	at java.net.DualStackPlainSocketImpl.waitForConnect(Native Method)
+	at java.net.DualStackPlainSocketImpl.socketConnect(DualStackPlainSocketImpl.java:85)
+	at java.net.AbstractPlainSocketImpl.doConnect(AbstractPlainSocketImpl.java:350)
+	at java.net.AbstractPlainSocketImpl.connectToAddress(AbstractPlainSocketImpl.java:206)
+	at java.net.AbstractPlainSocketImpl.connect(AbstractPlainSocketImpl.java:188)
+	at java.net.PlainSocketImpl.connect(PlainSocketImpl.java:172)
+	at java.net.SocksSocketImpl.connect(SocksSocketImpl.java:392)
+	at java.net.Socket.connect(Socket.java:589)
+	at sun.net.NetworkClient.doConnect(NetworkClient.java:175)
+	at sun.net.www.http.HttpClient.openServer(HttpClient.java:432)
+	at sun.net.www.http.HttpClient.openServer(HttpClient.java:527)
+	at sun.net.www.http.HttpClient.<init>(HttpClient.java:211)
+	at sun.net.www.http.HttpClient.New(HttpClient.java:308)
+	at sun.net.www.http.HttpClient.New(HttpClient.java:326)
+	at sun.net.www.protocol.http.HttpURLConnection.getNewHttpClient(HttpURLConnection.java:1202)
+	at sun.net.www.protocol.http.HttpURLConnection.plainConnect0(HttpURLConnection.java:1138)
+	at sun.net.www.protocol.http.HttpURLConnection.plainConnect(HttpURLConnection.java:1032)
+	at sun.net.www.protocol.http.HttpURLConnection.connect(HttpURLConnection.java:966)
+	at org.springframework.http.client.SimpleBufferingClientHttpRequest.executeInternal(SimpleBufferingClientHttpRequest.java:76)
+	at org.springframework.http.client.AbstractBufferingClientHttpRequest.executeInternal(AbstractBufferingClientHttpRequest.java:48)
+	at org.springframework.http.client.AbstractClientHttpRequest.execute(AbstractClientHttpRequest.java:66)
+	at org.springframework.http.client.InterceptingClientHttpRequest$InterceptingRequestExecution.execute(InterceptingClientHttpRequest.java:109)
+	at com.config.RestTemplateConfig$LoggingInterceptor.intercept(RestTemplateConfig.java:62)
+	at org.springframework.http.client.InterceptingClientHttpRequest$InterceptingRequestExecution.execute(InterceptingClientHttpRequest.java:93)
+	at org.springframework.http.client.InterceptingClientHttpRequest.executeInternal(InterceptingClientHttpRequest.java:77)
+	at org.springframework.http.client.AbstractBufferingClientHttpRequest.executeInternal(AbstractBufferingClientHttpRequest.java:48)
+	at org.springframework.http.client.AbstractClientHttpRequest.execute(AbstractClientHttpRequest.java:66)
+	at org.springframework.web.client.RestTemplate.doExecute(RestTemplate.java:776)
+	... 26 common frames omitted
+2026-01-10 13:28:02.623 [log-processor-1] ERROR c.c.service.AccessLogAlertService - 调用算法API失败: http://192.168.4.33:5001/Webshell - 无响应
+2026-01-10 13:28:02.623 [scheduling-1] ERROR c.c.service.AccessLogAlertService - 调用算法API失败: http://192.168.4.33:5001/Webshell - 无响应
+2026-01-10 13:28:02.623 [log-processor-1] INFO  c.c.service.AccessLogAlertService - 开始处理算法: 测试算法1111 (ID: 2004133377664204801)
+2026-01-10 13:28:02.623 [scheduling-1] INFO  c.c.service.AccessLogAlertService - 开始处理算法: 测试算法1111 (ID: 2004133377664204801)
+2026-01-10 13:28:03.611 [scheduling-4] INFO  c.c.s.DeviceCollectTaskUpdateService - 批量更新完成，总计: 4，已更新: 1
+2026-01-10 13:28:03.611 [scheduling-4] INFO  c.c.service.DeviceStatsUpdateService - 设备采集探针任务时间更新完成，耗时: 3244ms
+2026-01-10 13:28:04.729 [scheduling-1] ERROR c.c.service.AccessLogAlertService - 调用算法API异常 [URL: http://192.168.4.33:5001/outtoin_php]: I/O error on POST request for "http://192.168.4.33:5001/outtoin_php": Connection refused: connect; nested exception is java.net.ConnectException: Connection refused: connect
+org.springframework.web.client.ResourceAccessException: I/O error on POST request for "http://192.168.4.33:5001/outtoin_php": Connection refused: connect; nested exception is java.net.ConnectException: Connection refused: connect
+	at org.springframework.web.client.RestTemplate.doExecute(RestTemplate.java:785)
+	at org.springframework.web.client.RestTemplate.execute(RestTemplate.java:711)
+	at org.springframework.web.client.RestTemplate.exchange(RestTemplate.java:602)
+	at com.common.service.AccessLogAlertService.callAlgorithmApi(AccessLogAlertService.java:275)
+	at com.common.service.AccessLogAlertService.processAlgorithm(AccessLogAlertService.java:153)
+	at com.common.service.AccessLogAlertService.processAccessLogAlert(AccessLogAlertService.java:122)
+	at com.common.service.AccessLogAlertService.safeProcessTask(AccessLogAlertService.java:387)
+	at com.common.service.AccessLogAlertService$$FastClassBySpringCGLIB$$4807ae0a.invoke(<generated>)
+	at org.springframework.cglib.proxy.MethodProxy.invoke(MethodProxy.java:218)
+	at org.springframework.aop.framework.CglibAopProxy.invokeMethod(CglibAopProxy.java:386)
+	at org.springframework.aop.framework.CglibAopProxy.access$000(CglibAopProxy.java:85)
+	at org.springframework.aop.framework.CglibAopProxy$DynamicAdvisedInterceptor.intercept(CglibAopProxy.java:704)
+	at com.common.service.AccessLogAlertService$$EnhancerBySpringCGLIB$$b85131f2.safeProcessTask(<generated>)
+	at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
+	at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
+	at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
+	at java.lang.reflect.Method.invoke(Method.java:498)
+	at org.springframework.scheduling.support.ScheduledMethodRunnable.run(ScheduledMethodRunnable.java:84)
+	at org.springframework.scheduling.support.DelegatingErrorHandlingRunnable.run(DelegatingErrorHandlingRunnable.java:54)
+	at org.springframework.scheduling.concurrent.ReschedulingRunnable.run(ReschedulingRunnable.java:95)
+	at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511)
+	at java.util.concurrent.FutureTask.run(FutureTask.java:266)
+	at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.access$201(ScheduledThreadPoolExecutor.java:180)
+	at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.run(ScheduledThreadPoolExecutor.java:293)
+	at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
+	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
+	at java.lang.Thread.run(Thread.java:745)
+Caused by: java.net.ConnectException: Connection refused: connect
+	at java.net.DualStackPlainSocketImpl.waitForConnect(Native Method)
+	at java.net.DualStackPlainSocketImpl.socketConnect(DualStackPlainSocketImpl.java:85)
+	at java.net.AbstractPlainSocketImpl.doConnect(AbstractPlainSocketImpl.java:350)
+	at java.net.AbstractPlainSocketImpl.connectToAddress(AbstractPlainSocketImpl.java:206)
+	at java.net.AbstractPlainSocketImpl.connect(AbstractPlainSocketImpl.java:188)
+	at java.net.PlainSocketImpl.connect(PlainSocketImpl.java:172)
+	at java.net.SocksSocketImpl.connect(SocksSocketImpl.java:392)
+	at java.net.Socket.connect(Socket.java:589)
+	at sun.net.NetworkClient.doConnect(NetworkClient.java:175)
+	at sun.net.www.http.HttpClient.openServer(HttpClient.java:432)
+	at sun.net.www.http.HttpClient.openServer(HttpClient.java:527)
+	at sun.net.www.http.HttpClient.<init>(HttpClient.java:211)
+	at sun.net.www.http.HttpClient.New(HttpClient.java:308)
+	at sun.net.www.http.HttpClient.New(HttpClient.java:326)
+	at sun.net.www.protocol.http.HttpURLConnection.getNewHttpClient(HttpURLConnection.java:1202)
+	at sun.net.www.protocol.http.HttpURLConnection.plainConnect0(HttpURLConnection.java:1138)
+	at sun.net.www.protocol.http.HttpURLConnection.plainConnect(HttpURLConnection.java:1032)
+	at sun.net.www.protocol.http.HttpURLConnection.connect(HttpURLConnection.java:966)
+	at org.springframework.http.client.SimpleBufferingClientHttpRequest.executeInternal(SimpleBufferingClientHttpRequest.java:76)
+	at org.springframework.http.client.AbstractBufferingClientHttpRequest.executeInternal(AbstractBufferingClientHttpRequest.java:48)
+	at org.springframework.http.client.AbstractClientHttpRequest.execute(AbstractClientHttpRequest.java:66)
+	at org.springframework.http.client.InterceptingClientHttpRequest$InterceptingRequestExecution.execute(InterceptingClientHttpRequest.java:109)
+	at com.config.RestTemplateConfig$LoggingInterceptor.intercept(RestTemplateConfig.java:62)
+	at org.springframework.http.client.InterceptingClientHttpRequest$InterceptingRequestExecution.execute(InterceptingClientHttpRequest.java:93)
+	at org.springframework.http.client.InterceptingClientHttpRequest.executeInternal(InterceptingClientHttpRequest.java:77)
+	at org.springframework.http.client.AbstractBufferingClientHttpRequest.executeInternal(AbstractBufferingClientHttpRequest.java:48)
+	at org.springframework.http.client.AbstractClientHttpRequest.execute(AbstractClientHttpRequest.java:66)
+	at org.springframework.web.client.RestTemplate.doExecute(RestTemplate.java:776)
+	... 26 common frames omitted
+2026-01-10 13:28:04.739 [scheduling-1] ERROR c.c.service.AccessLogAlertService - 调用算法API失败: http://192.168.4.33:5001/outtoin_php - 无响应
+2026-01-10 13:28:04.739 [scheduling-1] INFO  c.c.service.AccessLogAlertService - 访问日志告警处理任务完成，下次将从 2026-01-10T13:28:00.039 开始处理
+2026-01-10 13:28:04.746 [log-processor-1] ERROR c.c.service.AccessLogAlertService - 调用算法API异常 [URL: http://192.168.4.33:5001/outtoin_php]: I/O error on POST request for "http://192.168.4.33:5001/outtoin_php": Connection refused: connect; nested exception is java.net.ConnectException: Connection refused: connect
+org.springframework.web.client.ResourceAccessException: I/O error on POST request for "http://192.168.4.33:5001/outtoin_php": Connection refused: connect; nested exception is java.net.ConnectException: Connection refused: connect
+	at org.springframework.web.client.RestTemplate.doExecute(RestTemplate.java:785)
+	at org.springframework.web.client.RestTemplate.execute(RestTemplate.java:711)
+	at org.springframework.web.client.RestTemplate.exchange(RestTemplate.java:602)
+	at com.common.service.AccessLogAlertService.callAlgorithmApi(AccessLogAlertService.java:275)
+	at com.common.service.AccessLogAlertService.processAlgorithm(AccessLogAlertService.java:153)
+	at com.common.service.AccessLogAlertService.processAccessLogAlert(AccessLogAlertService.java:122)
+	at com.common.service.AccessLogAlertService$$FastClassBySpringCGLIB$$4807ae0a.invoke(<generated>)
+	at org.springframework.cglib.proxy.MethodProxy.invoke(MethodProxy.java:218)
+	at org.springframework.aop.framework.CglibAopProxy$CglibMethodInvocation.invokeJoinpoint(CglibAopProxy.java:793)
+	at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:163)
+	at org.springframework.aop.framework.CglibAopProxy$CglibMethodInvocation.proceed(CglibAopProxy.java:763)
+	at org.springframework.aop.interceptor.AsyncExecutionInterceptor.lambda$invoke$0(AsyncExecutionInterceptor.java:115)
+	at java.util.concurrent.FutureTask.run(FutureTask.java:266)
+	at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
+	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
+	at java.lang.Thread.run(Thread.java:745)
+Caused by: java.net.ConnectException: Connection refused: connect
+	at java.net.DualStackPlainSocketImpl.waitForConnect(Native Method)
+	at java.net.DualStackPlainSocketImpl.socketConnect(DualStackPlainSocketImpl.java:85)
+	at java.net.AbstractPlainSocketImpl.doConnect(AbstractPlainSocketImpl.java:350)
+	at java.net.AbstractPlainSocketImpl.connectToAddress(AbstractPlainSocketImpl.java:206)
+	at java.net.AbstractPlainSocketImpl.connect(AbstractPlainSocketImpl.java:188)
+	at java.net.PlainSocketImpl.connect(PlainSocketImpl.java:172)
+	at java.net.SocksSocketImpl.connect(SocksSocketImpl.java:392)
+	at java.net.Socket.connect(Socket.java:589)
+	at sun.net.NetworkClient.doConnect(NetworkClient.java:175)
+	at sun.net.www.http.HttpClient.openServer(HttpClient.java:432)
+	at sun.net.www.http.HttpClient.openServer(HttpClient.java:527)
+	at sun.net.www.http.HttpClient.<init>(HttpClient.java:211)
+	at sun.net.www.http.HttpClient.New(HttpClient.java:308)
+	at sun.net.www.http.HttpClient.New(HttpClient.java:326)
+	at sun.net.www.protocol.http.HttpURLConnection.getNewHttpClient(HttpURLConnection.java:1202)
+	at sun.net.www.protocol.http.HttpURLConnection.plainConnect0(HttpURLConnection.java:1138)
+	at sun.net.www.protocol.http.HttpURLConnection.plainConnect(HttpURLConnection.java:1032)
+	at sun.net.www.protocol.http.HttpURLConnection.connect(HttpURLConnection.java:966)
+	at org.springframework.http.client.SimpleBufferingClientHttpRequest.executeInternal(SimpleBufferingClientHttpRequest.java:76)
+	at org.springframework.http.client.AbstractBufferingClientHttpRequest.executeInternal(AbstractBufferingClientHttpRequest.java:48)
+	at org.springframework.http.client.AbstractClientHttpRequest.execute(AbstractClientHttpRequest.java:66)
+	at org.springframework.http.client.InterceptingClientHttpRequest$InterceptingRequestExecution.execute(InterceptingClientHttpRequest.java:109)
+	at com.config.RestTemplateConfig$LoggingInterceptor.intercept(RestTemplateConfig.java:62)
+	at org.springframework.http.client.InterceptingClientHttpRequest$InterceptingRequestExecution.execute(InterceptingClientHttpRequest.java:93)
+	at org.springframework.http.client.InterceptingClientHttpRequest.executeInternal(InterceptingClientHttpRequest.java:77)
+	at org.springframework.http.client.AbstractBufferingClientHttpRequest.executeInternal(AbstractBufferingClientHttpRequest.java:48)
+	at org.springframework.http.client.AbstractClientHttpRequest.execute(AbstractClientHttpRequest.java:66)
+	at org.springframework.web.client.RestTemplate.doExecute(RestTemplate.java:776)
+	... 15 common frames omitted
+2026-01-10 13:28:04.754 [log-processor-1] ERROR c.c.service.AccessLogAlertService - 调用算法API失败: http://192.168.4.33:5001/outtoin_php - 无响应
+2026-01-10 13:28:04.754 [log-processor-1] INFO  c.c.service.AccessLogAlertService - 访问日志告警处理任务完成，下次将从 2026-01-10T13:28:00.039 开始处理
+2026-01-10 13:29:00.009 [scheduling-3] INFO  c.c.service.DeviceStatsUpdateService - 开始执行设备统计更新任务...
+2026-01-10 13:29:00.013 [scheduling-4] WARN  c.c.s.i.DeviceReceiveLogServiceImpl - 删除时间点2026-01-08T13:29:00.003晚于默认保留时间2026-01-03T13:29:00.013，使用默认时间
+2026-01-10 13:29:00.026 [scheduling-4] INFO  c.c.s.i.DeviceReceiveLogServiceImpl - 删除2026-01-03T13:29:00.013天前的日志，共删除0条
+2026-01-10 13:29:00.035 [scheduling-4] INFO  com.common.schedule.ETLOrchestrator - 定时清理任务完成，删除0条2天前的日志
+2026-01-10 13:29:00.318 [scheduling-3] INFO  c.c.service.DeviceStatsUpdateService - 设备统计更新完成，处理设备数：2，耗时：309ms
+2026-01-10 13:29:00.318 [scheduling-3] INFO  c.c.service.DeviceStatsUpdateService - 开始执行设备采集探针任务时间更新，时间: 2026-01-10T13:29:00.318
+2026-01-10 13:29:00.318 [scheduling-3] INFO  c.c.s.DeviceCollectTaskUpdateService - 开始批量更新设备采集任务时间，当前时间: 2026-01-10T13:29:00.318
+2026-01-10 13:29:03.556 [scheduling-3] INFO  c.c.s.DeviceCollectTaskUpdateService - 批量更新完成，总计: 4，已更新: 1
+2026-01-10 13:29:03.556 [scheduling-3] INFO  c.c.service.DeviceStatsUpdateService - 设备采集探针任务时间更新完成，耗时: 3238ms
+2026-01-10 13:34:08.884 [main] INFO  com.syslogApplication - Starting syslogApplication using Java 1.8.0_121 on LAPTOP-ARDUR3N0 with PID 22388 (E:\GIT_GOSAME\haobang-security-xdr\syslog-consumer\target\classes started by chenc in E:\GIT_GOSAME\haobang-security-xdr)
+2026-01-10 13:34:08.887 [background-preinit] INFO  o.h.validator.internal.util.Version - HV000001: Hibernate Validator 6.2.5.Final
+2026-01-10 13:34:08.889 [main] INFO  com.syslogApplication - No active profile set, falling back to 1 default profile: "default"
+2026-01-10 13:34:11.245 [main] INFO  o.s.d.r.c.RepositoryConfigurationDelegate - Multiple Spring Data modules found, entering strict repository configuration mode
+2026-01-10 13:34:11.247 [main] INFO  o.s.d.r.c.RepositoryConfigurationDelegate - Bootstrapping Spring Data Elasticsearch repositories in DEFAULT mode.
+2026-01-10 13:34:11.934 [main] INFO  o.s.d.r.c.RepositoryConfigurationDelegate - Finished Spring Data repository scanning in 681 ms. Found 1 Elasticsearch repository interfaces.
+2026-01-10 13:34:11.934 [main] INFO  o.s.d.r.c.RepositoryConfigurationDelegate - Multiple Spring Data modules found, entering strict repository configuration mode
+2026-01-10 13:34:11.934 [main] INFO  o.s.d.r.c.RepositoryConfigurationDelegate - Bootstrapping Spring Data Reactive Elasticsearch repositories in DEFAULT mode.
+2026-01-10 13:34:12.025 [main] INFO  o.s.d.r.c.RepositoryConfigurationExtensionSupport - Spring Data Reactive Elasticsearch - Could not safely identify store assignment for repository candidate interface com.common.service.AppLogRepository; If you want this repository to be a Reactive Elasticsearch repository, consider annotating your entities with one of these annotations: org.springframework.data.elasticsearch.annotations.Document (preferred), or consider extending one of the following types with your repository: org.springframework.data.elasticsearch.repository.ReactiveElasticsearchRepository
+2026-01-10 13:34:12.025 [main] INFO  o.s.d.r.c.RepositoryConfigurationDelegate - Finished Spring Data repository scanning in 86 ms. Found 0 Reactive Elasticsearch repository interfaces.
+2026-01-10 13:34:12.031 [main] INFO  o.s.d.r.c.RepositoryConfigurationDelegate - Multiple Spring Data modules found, entering strict repository configuration mode
+2026-01-10 13:34:12.031 [main] INFO  o.s.d.r.c.RepositoryConfigurationDelegate - Bootstrapping Spring Data Redis repositories in DEFAULT mode.
+2026-01-10 13:34:12.152 [main] INFO  o.s.d.r.c.RepositoryConfigurationExtensionSupport - Spring Data Redis - Could not safely identify store assignment for repository candidate interface com.common.service.AppLogRepository; If you want this repository to be a Redis repository, consider annotating your entities with one of these annotations: org.springframework.data.redis.core.RedisHash (preferred), or consider extending one of the following types with your repository: org.springframework.data.keyvalue.repository.KeyValueRepository
+2026-01-10 13:34:12.152 [main] INFO  o.s.d.r.c.RepositoryConfigurationDelegate - Finished Spring Data repository scanning in 112 ms. Found 0 Redis repository interfaces.
+2026-01-10 13:34:12.700 [main] INFO  o.s.b.w.e.tomcat.TomcatWebServer - Tomcat initialized with port(s): 8089 (http)
+2026-01-10 13:34:12.706 [main] INFO  o.a.coyote.http11.Http11NioProtocol - Initializing ProtocolHandler ["http-nio-8089"]
+2026-01-10 13:34:12.706 [main] INFO  o.a.catalina.core.StandardService - Starting service [Tomcat]
+2026-01-10 13:34:12.706 [main] INFO  o.a.catalina.core.StandardEngine - Starting Servlet engine: [Apache Tomcat/9.0.65]
+2026-01-10 13:34:12.902 [main] INFO  o.a.c.c.C.[.[.[/xdrservice] - Initializing Spring embedded WebApplicationContext
+2026-01-10 13:34:12.902 [main] INFO  o.s.b.w.s.c.ServletWebServerApplicationContext - Root WebApplicationContext: initialization completed in 3923 ms
+2026-01-10 13:34:12.945 [main] INFO  o.s.b.f.a.AutowiredAnnotationBeanPostProcessor - Autowired annotation is not supported on static fields: private static com.common.service.DmColumnService com.syslogApplication.dmColumnService
+2026-01-10 13:34:15.402 [main] INFO  com.influx.InfluxDBClient - InfluxDB connection successful: ready for queries and writes
+2026-01-10 13:34:15.623 [main] WARN  c.b.m.core.injector.AbstractMethod - [com.common.mapper.DeviceCollectTaskMapper.insert] Has been loaded by XML or SqlProvider or Mybatis's Annotation, so ignoring this injection for [class com.baomidou.mybatisplus.core.injector.methods.Insert]
+2026-01-10 13:34:15.634 [main] WARN  c.b.m.core.injector.AbstractMethod - [com.common.mapper.DeviceCollectTaskMapper.update] Has been loaded by XML or SqlProvider or Mybatis's Annotation, so ignoring this injection for [class com.baomidou.mybatisplus.core.injector.methods.Update]
+2026-01-10 13:34:15.659 [main] WARN  c.b.m.core.injector.AbstractMethod - [com.common.mapper.DeviceCollectTaskMapper.deleteById] Has been loaded by XML or SqlProvider or Mybatis's Annotation, so ignoring this injection for [class com.baomidou.mybatisplus.core.injector.methods.DeleteById]
+2026-01-10 13:34:15.664 [main] WARN  c.b.m.core.injector.AbstractMethod - [com.common.mapper.DeviceCollectTaskMapper.selectById] Has been loaded by XML or SqlProvider or Mybatis's Annotation, so ignoring this injection for [class com.baomidou.mybatisplus.core.injector.methods.SelectById]
+2026-01-10 13:34:15.701 [main] ERROR c.b.m.core.MybatisConfiguration - mapper[com.common.mapper.SecExceptionAlgorithmMapper.findById] is ignored, because it exists, maybe from xml file
+2026-01-10 13:34:19.854 [main] INFO  c.c.service.AccessLogAlertService - 初始化AccessLogAlertService，上次处理时间: 2026-01-10T13:32:19.854
+2026-01-10 13:34:19.874 [main] INFO  com.zaxxer.hikari.HikariDataSource - HikariPool-1 - Starting...
+2026-01-10 13:34:20.472 [main] INFO  com.zaxxer.hikari.HikariDataSource - HikariPool-1 - Start completed.
+2026-01-10 13:34:20.572 [main] INFO  c.c.service.AccessLogAlertService - 加载了 1 个启用的算法配置
+2026-01-10 13:34:21.190 [main] INFO  com.influx.InfluxDBClient - InfluxDB connection successful: ready for queries and writes
+2026-01-10 13:34:21.459 [main] INFO  com.common.util.MyBatisUtil - MyBatis 初始化成功
+2026-01-10 13:34:22.148 [main] INFO  org.quartz.impl.StdSchedulerFactory - Using default implementation for ThreadExecutor
+2026-01-10 13:34:22.153 [main] INFO  o.quartz.core.SchedulerSignalerImpl - Initialized Scheduler Signaller of type: class org.quartz.core.SchedulerSignalerImpl
+2026-01-10 13:34:22.153 [main] INFO  org.quartz.core.QuartzScheduler - Quartz Scheduler v.2.3.2 created.
+2026-01-10 13:34:22.153 [main] INFO  org.quartz.simpl.RAMJobStore - RAMJobStore initialized.
+2026-01-10 13:34:22.153 [main] INFO  org.quartz.core.QuartzScheduler - Scheduler meta-data: Quartz Scheduler (v2.3.2) 'quartzScheduler' with instanceId 'NON_CLUSTERED'
+  Scheduler class: 'org.quartz.core.QuartzScheduler' - running locally.
+  NOT STARTED.
+  Currently in standby mode.
+  Number of jobs executed: 0
+  Using thread pool 'org.quartz.simpl.SimpleThreadPool' - with 10 threads.
+  Using job-store 'org.quartz.simpl.RAMJobStore' - which does not support persistence. and is not clustered.
+
+2026-01-10 13:34:22.153 [main] INFO  org.quartz.impl.StdSchedulerFactory - Quartz scheduler 'quartzScheduler' initialized from an externally provided properties instance.
+2026-01-10 13:34:22.153 [main] INFO  org.quartz.impl.StdSchedulerFactory - Quartz scheduler version: 2.3.2
+2026-01-10 13:34:22.153 [main] INFO  org.quartz.core.QuartzScheduler - JobFactory set to: org.springframework.scheduling.quartz.SpringBeanJobFactory@4c18b432
+2026-01-10 13:34:22.288 [main] INFO  o.a.kafka.common.utils.AppInfoParser - Kafka version: 3.4.0
+2026-01-10 13:34:22.288 [main] INFO  o.a.kafka.common.utils.AppInfoParser - Kafka commitId: 2e1947d240607d53
+2026-01-10 13:34:22.288 [main] INFO  o.a.kafka.common.utils.AppInfoParser - Kafka startTimeMs: 1768023262287
+2026-01-10 13:34:22.300 [main] INFO  o.a.kafka.common.utils.AppInfoParser - Kafka version: 3.4.0
+2026-01-10 13:34:22.300 [main] INFO  o.a.kafka.common.utils.AppInfoParser - Kafka commitId: 2e1947d240607d53
+2026-01-10 13:34:22.300 [main] INFO  o.a.kafka.common.utils.AppInfoParser - Kafka startTimeMs: 1768023262300
+2026-01-10 13:34:22.300 [main] INFO  o.a.coyote.http11.Http11NioProtocol - Starting ProtocolHandler ["http-nio-8089"]
+2026-01-10 13:34:22.314 [main] INFO  o.s.b.w.e.tomcat.TomcatWebServer - Tomcat started on port(s): 8089 (http) with context path '/xdrservice'
+2026-01-10 13:34:22.315 [main] INFO  o.s.s.quartz.SchedulerFactoryBean - Starting Quartz Scheduler now
+2026-01-10 13:34:22.315 [main] INFO  org.quartz.core.QuartzScheduler - Scheduler quartzScheduler_$_NON_CLUSTERED started.
+2026-01-10 13:34:22.325 [main] INFO  com.syslogApplication - Started syslogApplication in 13.911 seconds (JVM running for 17.788)
+2026-01-10 13:34:24.501 [org.springframework.kafka.KafkaListenerEndpointContainer#0-0-C-1] WARN  o.apache.kafka.clients.NetworkClient - [Consumer clientId=consumer-test-group-app-1, groupId=test-group-app] Connection to node -1 (/192.168.222.130:9092) could not be established. Broker may not be available.
+2026-01-10 13:34:24.501 [org.springframework.kafka.KafkaListenerEndpointContainer#0-1-C-1] WARN  o.apache.kafka.clients.NetworkClient - [Consumer clientId=consumer-test-group-app-2, groupId=test-group-app] Connection to node -1 (/192.168.222.130:9092) could not be established. Broker may not be available.
+2026-01-10 13:34:24.502 [org.springframework.kafka.KafkaListenerEndpointContainer#0-1-C-1] WARN  o.apache.kafka.clients.NetworkClient - [Consumer clientId=consumer-test-group-app-2, groupId=test-group-app] Bootstrap broker 192.168.222.130:9092 (id: -1 rack: null) disconnected
+2026-01-10 13:34:24.502 [org.springframework.kafka.KafkaListenerEndpointContainer#0-0-C-1] WARN  o.apache.kafka.clients.NetworkClient - [Consumer clientId=consumer-test-group-app-1, groupId=test-group-app] Bootstrap broker 192.168.222.130:9092 (id: -1 rack: null) disconnected
+2026-01-10 13:34:26.667 [org.springframework.kafka.KafkaListenerEndpointContainer#0-0-C-1] WARN  o.apache.kafka.clients.NetworkClient - [Consumer clientId=consumer-test-group-app-1, groupId=test-group-app] Connection to node -1 (/192.168.222.130:9092) could not be established. Broker may not be available.
+2026-01-10 13:34:26.667 [org.springframework.kafka.KafkaListenerEndpointContainer#0-1-C-1] WARN  o.apache.kafka.clients.NetworkClient - [Consumer clientId=consumer-test-group-app-2, groupId=test-group-app] Connection to node -1 (/192.168.222.130:9092) could not be established. Broker may not be available.
+2026-01-10 13:34:26.667 [org.springframework.kafka.KafkaListenerEndpointContainer#0-0-C-1] WARN  o.apache.kafka.clients.NetworkClient - [Consumer clientId=consumer-test-group-app-1, groupId=test-group-app] Bootstrap broker 192.168.222.130:9092 (id: -1 rack: null) disconnected
+2026-01-10 13:34:26.668 [org.springframework.kafka.KafkaListenerEndpointContainer#0-1-C-1] WARN  o.apache.kafka.clients.NetworkClient - [Consumer clientId=consumer-test-group-app-2, groupId=test-group-app] Bootstrap broker 192.168.222.130:9092 (id: -1 rack: null) disconnected
+2026-01-10 13:34:28.841 [org.springframework.kafka.KafkaListenerEndpointContainer#0-1-C-1] WARN  o.apache.kafka.clients.NetworkClient - [Consumer clientId=consumer-test-group-app-2, groupId=test-group-app] Connection to node -1 (/192.168.222.130:9092) could not be established. Broker may not be available.
+2026-01-10 13:34:28.841 [org.springframework.kafka.KafkaListenerEndpointContainer#0-0-C-1] WARN  o.apache.kafka.clients.NetworkClient - [Consumer clientId=consumer-test-group-app-1, groupId=test-group-app] Connection to node -1 (/192.168.222.130:9092) could not be established. Broker may not be available.
+2026-01-10 13:34:28.841 [org.springframework.kafka.KafkaListenerEndpointContainer#0-1-C-1] WARN  o.apache.kafka.clients.NetworkClient - [Consumer clientId=consumer-test-group-app-2, groupId=test-group-app] Bootstrap broker 192.168.222.130:9092 (id: -1 rack: null) disconnected
+2026-01-10 13:34:28.841 [org.springframework.kafka.KafkaListenerEndpointContainer#0-0-C-1] WARN  o.apache.kafka.clients.NetworkClient - [Consumer clientId=consumer-test-group-app-1, groupId=test-group-app] Bootstrap broker 192.168.222.130:9092 (id: -1 rack: null) disconnected
+2026-01-10 13:34:31.078 [org.springframework.kafka.KafkaListenerEndpointContainer#0-0-C-1] WARN  o.apache.kafka.clients.NetworkClient - [Consumer clientId=consumer-test-group-app-1, groupId=test-group-app] Connection to node -1 (/192.168.222.130:9092) could not be established. Broker may not be available.
+2026-01-10 13:34:31.079 [org.springframework.kafka.KafkaListenerEndpointContainer#0-0-C-1] WARN  o.apache.kafka.clients.NetworkClient - [Consumer clientId=consumer-test-group-app-1, groupId=test-group-app] Bootstrap broker 192.168.222.130:9092 (id: -1 rack: null) disconnected
+2026-01-10 13:34:31.131 [org.springframework.kafka.KafkaListenerEndpointContainer#0-1-C-1] WARN  o.apache.kafka.clients.NetworkClient - [Consumer clientId=consumer-test-group-app-2, groupId=test-group-app] Connection to node -1 (/192.168.222.130:9092) could not be established. Broker may not be available.
+2026-01-10 13:34:31.131 [org.springframework.kafka.KafkaListenerEndpointContainer#0-1-C-1] WARN  o.apache.kafka.clients.NetworkClient - [Consumer clientId=consumer-test-group-app-2, groupId=test-group-app] Bootstrap broker 192.168.222.130:9092 (id: -1 rack: null) disconnected
+2026-01-10 13:34:33.568 [org.springframework.kafka.KafkaListenerEndpointContainer#0-0-C-1] WARN  o.apache.kafka.clients.NetworkClient - [Consumer clientId=consumer-test-group-app-1, groupId=test-group-app] Connection to node -1 (/192.168.222.130:9092) could not be established. Broker may not be available.
+2026-01-10 13:34:33.568 [org.springframework.kafka.KafkaListenerEndpointContainer#0-0-C-1] WARN  o.apache.kafka.clients.NetworkClient - [Consumer clientId=consumer-test-group-app-1, groupId=test-group-app] Bootstrap broker 192.168.222.130:9092 (id: -1 rack: null) disconnected
+2026-01-10 13:34:33.652 [org.springframework.kafka.KafkaListenerEndpointContainer#0-1-C-1] WARN  o.apache.kafka.clients.NetworkClient - [Consumer clientId=consumer-test-group-app-2, groupId=test-group-app] Connection to node -1 (/192.168.222.130:9092) could not be established. Broker may not be available.
+2026-01-10 13:34:33.652 [org.springframework.kafka.KafkaListenerEndpointContainer#0-1-C-1] WARN  o.apache.kafka.clients.NetworkClient - [Consumer clientId=consumer-test-group-app-2, groupId=test-group-app] Bootstrap broker 192.168.222.130:9092 (id: -1 rack: null) disconnected
+2026-01-10 13:34:36.327 [org.springframework.kafka.KafkaListenerEndpointContainer#0-0-C-1] WARN  o.apache.kafka.clients.NetworkClient - [Consumer clientId=consumer-test-group-app-1, groupId=test-group-app] Connection to node -1 (/192.168.222.130:9092) could not be established. Broker may not be available.
+2026-01-10 13:34:36.327 [org.springframework.kafka.KafkaListenerEndpointContainer#0-0-C-1] WARN  o.apache.kafka.clients.NetworkClient - [Consumer clientId=consumer-test-group-app-1, groupId=test-group-app] Bootstrap broker 192.168.222.130:9092 (id: -1 rack: null) disconnected
+2026-01-10 13:34:36.596 [org.springframework.kafka.KafkaListenerEndpointContainer#0-1-C-1] WARN  o.apache.kafka.clients.NetworkClient - [Consumer clientId=consumer-test-group-app-2, groupId=test-group-app] Connection to node -1 (/192.168.222.130:9092) could not be established. Broker may not be available.
+2026-01-10 13:34:36.596 [org.springframework.kafka.KafkaListenerEndpointContainer#0-1-C-1] WARN  o.apache.kafka.clients.NetworkClient - [Consumer clientId=consumer-test-group-app-2, groupId=test-group-app] Bootstrap broker 192.168.222.130:9092 (id: -1 rack: null) disconnected
+2026-01-10 13:34:39.418 [org.springframework.kafka.KafkaListenerEndpointContainer#0-0-C-1] WARN  o.apache.kafka.clients.NetworkClient - [Consumer clientId=consumer-test-group-app-1, groupId=test-group-app] Connection to node -1 (/192.168.222.130:9092) could not be established. Broker may not be available.
+2026-01-10 13:34:39.418 [org.springframework.kafka.KafkaListenerEndpointContainer#0-0-C-1] WARN  o.apache.kafka.clients.NetworkClient - [Consumer clientId=consumer-test-group-app-1, groupId=test-group-app] Bootstrap broker 192.168.222.130:9092 (id: -1 rack: null) disconnected
+2026-01-10 13:34:39.545 [org.springframework.kafka.KafkaListenerEndpointContainer#0-1-C-1] WARN  o.apache.kafka.clients.NetworkClient - [Consumer clientId=consumer-test-group-app-2, groupId=test-group-app] Connection to node -1 (/192.168.222.130:9092) could not be established. Broker may not be available.
+2026-01-10 13:34:39.545 [org.springframework.kafka.KafkaListenerEndpointContainer#0-1-C-1] WARN  o.apache.kafka.clients.NetworkClient - [Consumer clientId=consumer-test-group-app-2, groupId=test-group-app] Bootstrap broker 192.168.222.130:9092 (id: -1 rack: null) disconnected
+2026-01-10 13:34:42.599 [org.springframework.kafka.KafkaListenerEndpointContainer#0-1-C-1] WARN  o.apache.kafka.clients.NetworkClient - [Consumer clientId=consumer-test-group-app-2, groupId=test-group-app] Connection to node -1 (/192.168.222.130:9092) could not be established. Broker may not be available.
+2026-01-10 13:34:42.599 [org.springframework.kafka.KafkaListenerEndpointContainer#0-1-C-1] WARN  o.apache.kafka.clients.NetworkClient - [Consumer clientId=consumer-test-group-app-2, groupId=test-group-app] Bootstrap broker 192.168.222.130:9092 (id: -1 rack: null) disconnected
+2026-01-10 13:34:42.716 [org.springframework.kafka.KafkaListenerEndpointContainer#0-0-C-1] WARN  o.apache.kafka.clients.NetworkClient - [Consumer clientId=consumer-test-group-app-1, groupId=test-group-app] Connection to node -1 (/192.168.222.130:9092) could not be established. Broker may not be available.
+2026-01-10 13:34:42.716 [org.springframework.kafka.KafkaListenerEndpointContainer#0-0-C-1] WARN  o.apache.kafka.clients.NetworkClient - [Consumer clientId=consumer-test-group-app-1, groupId=test-group-app] Bootstrap broker 192.168.222.130:9092 (id: -1 rack: null) disconnected
+2026-01-10 13:34:45.607 [org.springframework.kafka.KafkaListenerEndpointContainer#0-1-C-1] WARN  o.apache.kafka.clients.NetworkClient - [Consumer clientId=consumer-test-group-app-2, groupId=test-group-app] Connection to node -1 (/192.168.222.130:9092) could not be established. Broker may not be available.
+2026-01-10 13:34:45.607 [org.springframework.kafka.KafkaListenerEndpointContainer#0-1-C-1] WARN  o.apache.kafka.clients.NetworkClient - [Consumer clientId=consumer-test-group-app-2, groupId=test-group-app] Bootstrap broker 192.168.222.130:9092 (id: -1 rack: null) disconnected
+2026-01-10 13:34:45.917 [org.springframework.kafka.KafkaListenerEndpointContainer#0-0-C-1] WARN  o.apache.kafka.clients.NetworkClient - [Consumer clientId=consumer-test-group-app-1, groupId=test-group-app] Connection to node -1 (/192.168.222.130:9092) could not be established. Broker may not be available.
+2026-01-10 13:34:45.917 [org.springframework.kafka.KafkaListenerEndpointContainer#0-0-C-1] WARN  o.apache.kafka.clients.NetworkClient - [Consumer clientId=consumer-test-group-app-1, groupId=test-group-app] Bootstrap broker 192.168.222.130:9092 (id: -1 rack: null) disconnected
+2026-01-10 13:34:48.857 [org.springframework.kafka.KafkaListenerEndpointContainer#0-1-C-1] WARN  o.apache.kafka.clients.NetworkClient - [Consumer clientId=consumer-test-group-app-2, groupId=test-group-app] Connection to node -1 (/192.168.222.130:9092) could not be established. Broker may not be available.
+2026-01-10 13:34:48.857 [org.springframework.kafka.KafkaListenerEndpointContainer#0-1-C-1] WARN  o.apache.kafka.clients.NetworkClient - [Consumer clientId=consumer-test-group-app-2, groupId=test-group-app] Bootstrap broker 192.168.222.130:9092 (id: -1 rack: null) disconnected
+2026-01-10 13:34:48.933 [org.springframework.kafka.KafkaListenerEndpointContainer#0-0-C-1] WARN  o.apache.kafka.clients.NetworkClient - [Consumer clientId=consumer-test-group-app-1, groupId=test-group-app] Connection to node -1 (/192.168.222.130:9092) could not be established. Broker may not be available.
+2026-01-10 13:34:48.933 [org.springframework.kafka.KafkaListenerEndpointContainer#0-0-C-1] WARN  o.apache.kafka.clients.NetworkClient - [Consumer clientId=consumer-test-group-app-1, groupId=test-group-app] Bootstrap broker 192.168.222.130:9092 (id: -1 rack: null) disconnected
+2026-01-10 13:37:22.456 [main] INFO  com.syslogApplication - Starting syslogApplication using Java 1.8.0_121 on LAPTOP-ARDUR3N0 with PID 28304 (E:\GIT_GOSAME\haobang-security-xdr\syslog-consumer\target\classes started by chenc in E:\GIT_GOSAME\haobang-security-xdr)
+2026-01-10 13:37:22.456 [background-preinit] INFO  o.h.validator.internal.util.Version - HV000001: Hibernate Validator 6.2.5.Final
+2026-01-10 13:37:22.462 [main] INFO  com.syslogApplication - No active profile set, falling back to 1 default profile: "default"
+2026-01-10 13:37:24.921 [main] INFO  o.s.d.r.c.RepositoryConfigurationDelegate - Multiple Spring Data modules found, entering strict repository configuration mode
+2026-01-10 13:37:24.923 [main] INFO  o.s.d.r.c.RepositoryConfigurationDelegate - Bootstrapping Spring Data Elasticsearch repositories in DEFAULT mode.
+2026-01-10 13:37:25.427 [main] INFO  o.s.d.r.c.RepositoryConfigurationDelegate - Finished Spring Data repository scanning in 500 ms. Found 1 Elasticsearch repository interfaces.
+2026-01-10 13:37:25.433 [main] INFO  o.s.d.r.c.RepositoryConfigurationDelegate - Multiple Spring Data modules found, entering strict repository configuration mode
+2026-01-10 13:37:25.434 [main] INFO  o.s.d.r.c.RepositoryConfigurationDelegate - Bootstrapping Spring Data Reactive Elasticsearch repositories in DEFAULT mode.
+2026-01-10 13:37:25.530 [main] INFO  o.s.d.r.c.RepositoryConfigurationExtensionSupport - Spring Data Reactive Elasticsearch - Could not safely identify store assignment for repository candidate interface com.common.service.AppLogRepository; If you want this repository to be a Reactive Elasticsearch repository, consider annotating your entities with one of these annotations: org.springframework.data.elasticsearch.annotations.Document (preferred), or consider extending one of the following types with your repository: org.springframework.data.elasticsearch.repository.ReactiveElasticsearchRepository
+2026-01-10 13:37:25.530 [main] INFO  o.s.d.r.c.RepositoryConfigurationDelegate - Finished Spring Data repository scanning in 96 ms. Found 0 Reactive Elasticsearch repository interfaces.
+2026-01-10 13:37:25.543 [main] INFO  o.s.d.r.c.RepositoryConfigurationDelegate - Multiple Spring Data modules found, entering strict repository configuration mode
+2026-01-10 13:37:25.544 [main] INFO  o.s.d.r.c.RepositoryConfigurationDelegate - Bootstrapping Spring Data Redis repositories in DEFAULT mode.
+2026-01-10 13:37:25.674 [main] INFO  o.s.d.r.c.RepositoryConfigurationExtensionSupport - Spring Data Redis - Could not safely identify store assignment for repository candidate interface com.common.service.AppLogRepository; If you want this repository to be a Redis repository, consider annotating your entities with one of these annotations: org.springframework.data.redis.core.RedisHash (preferred), or consider extending one of the following types with your repository: org.springframework.data.keyvalue.repository.KeyValueRepository
+2026-01-10 13:37:25.674 [main] INFO  o.s.d.r.c.RepositoryConfigurationDelegate - Finished Spring Data repository scanning in 123 ms. Found 0 Redis repository interfaces.
+2026-01-10 13:37:26.366 [main] INFO  o.s.b.w.e.tomcat.TomcatWebServer - Tomcat initialized with port(s): 8089 (http)
+2026-01-10 13:37:26.375 [main] INFO  o.a.coyote.http11.Http11NioProtocol - Initializing ProtocolHandler ["http-nio-8089"]
+2026-01-10 13:37:26.375 [main] INFO  o.a.catalina.core.StandardService - Starting service [Tomcat]
+2026-01-10 13:37:26.375 [main] INFO  o.a.catalina.core.StandardEngine - Starting Servlet engine: [Apache Tomcat/9.0.65]
+2026-01-10 13:37:26.607 [main] INFO  o.a.c.c.C.[.[.[/xdrservice] - Initializing Spring embedded WebApplicationContext
+2026-01-10 13:37:26.607 [main] INFO  o.s.b.w.s.c.ServletWebServerApplicationContext - Root WebApplicationContext: initialization completed in 4071 ms
+2026-01-10 13:37:26.664 [main] INFO  o.s.b.f.a.AutowiredAnnotationBeanPostProcessor - Autowired annotation is not supported on static fields: private static com.common.service.DmColumnService com.syslogApplication.dmColumnService
+2026-01-10 13:37:29.183 [main] INFO  com.influx.InfluxDBClient - InfluxDB connection successful: ready for queries and writes
+2026-01-10 13:37:29.471 [main] WARN  c.b.m.core.injector.AbstractMethod - [com.common.mapper.DeviceCollectTaskMapper.insert] Has been loaded by XML or SqlProvider or Mybatis's Annotation, so ignoring this injection for [class com.baomidou.mybatisplus.core.injector.methods.Insert]
+2026-01-10 13:37:29.485 [main] WARN  c.b.m.core.injector.AbstractMethod - [com.common.mapper.DeviceCollectTaskMapper.update] Has been loaded by XML or SqlProvider or Mybatis's Annotation, so ignoring this injection for [class com.baomidou.mybatisplus.core.injector.methods.Update]
+2026-01-10 13:37:29.515 [main] WARN  c.b.m.core.injector.AbstractMethod - [com.common.mapper.DeviceCollectTaskMapper.deleteById] Has been loaded by XML or SqlProvider or Mybatis's Annotation, so ignoring this injection for [class com.baomidou.mybatisplus.core.injector.methods.DeleteById]
+2026-01-10 13:37:29.519 [main] WARN  c.b.m.core.injector.AbstractMethod - [com.common.mapper.DeviceCollectTaskMapper.selectById] Has been loaded by XML or SqlProvider or Mybatis's Annotation, so ignoring this injection for [class com.baomidou.mybatisplus.core.injector.methods.SelectById]
+2026-01-10 13:37:29.559 [main] ERROR c.b.m.core.MybatisConfiguration - mapper[com.common.mapper.SecExceptionAlgorithmMapper.findById] is ignored, because it exists, maybe from xml file
+2026-01-10 13:37:33.821 [main] INFO  c.c.service.AccessLogAlertService - 初始化AccessLogAlertService，上次处理时间: 2026-01-10T13:35:33.821
+2026-01-10 13:37:33.836 [main] INFO  com.zaxxer.hikari.HikariDataSource - HikariPool-1 - Starting...
+2026-01-10 13:37:34.436 [main] INFO  com.zaxxer.hikari.HikariDataSource - HikariPool-1 - Start completed.
+2026-01-10 13:37:34.537 [main] INFO  c.c.service.AccessLogAlertService - 加载了 1 个启用的算法配置
+2026-01-10 13:37:35.447 [main] INFO  com.influx.InfluxDBClient - InfluxDB connection successful: ready for queries and writes
+2026-01-10 13:37:35.554 [main] INFO  com.common.util.MyBatisUtil - MyBatis 初始化成功
+2026-01-10 13:37:36.442 [main] INFO  org.quartz.impl.StdSchedulerFactory - Using default implementation for ThreadExecutor
+2026-01-10 13:37:36.455 [main] INFO  o.quartz.core.SchedulerSignalerImpl - Initialized Scheduler Signaller of type: class org.quartz.core.SchedulerSignalerImpl
+2026-01-10 13:37:36.455 [main] INFO  org.quartz.core.QuartzScheduler - Quartz Scheduler v.2.3.2 created.
+2026-01-10 13:37:36.456 [main] INFO  org.quartz.simpl.RAMJobStore - RAMJobStore initialized.
+2026-01-10 13:37:36.456 [main] INFO  org.quartz.core.QuartzScheduler - Scheduler meta-data: Quartz Scheduler (v2.3.2) 'quartzScheduler' with instanceId 'NON_CLUSTERED'
+  Scheduler class: 'org.quartz.core.QuartzScheduler' - running locally.
+  NOT STARTED.
+  Currently in standby mode.
+  Number of jobs executed: 0
+  Using thread pool 'org.quartz.simpl.SimpleThreadPool' - with 10 threads.
+  Using job-store 'org.quartz.simpl.RAMJobStore' - which does not support persistence. and is not clustered.
+
+2026-01-10 13:37:36.456 [main] INFO  org.quartz.impl.StdSchedulerFactory - Quartz scheduler 'quartzScheduler' initialized from an externally provided properties instance.
+2026-01-10 13:37:36.456 [main] INFO  org.quartz.impl.StdSchedulerFactory - Quartz scheduler version: 2.3.2
+2026-01-10 13:37:36.456 [main] INFO  org.quartz.core.QuartzScheduler - JobFactory set to: org.springframework.scheduling.quartz.SpringBeanJobFactory@43f50bfe
+2026-01-10 13:37:36.628 [main] INFO  o.a.kafka.common.utils.AppInfoParser - Kafka version: 3.4.0
+2026-01-10 13:37:36.629 [main] INFO  o.a.kafka.common.utils.AppInfoParser - Kafka commitId: 2e1947d240607d53
+2026-01-10 13:37:36.629 [main] INFO  o.a.kafka.common.utils.AppInfoParser - Kafka startTimeMs: 1768023456627
+2026-01-10 13:37:36.645 [main] INFO  o.a.kafka.common.utils.AppInfoParser - Kafka version: 3.4.0
+2026-01-10 13:37:36.647 [main] INFO  o.a.kafka.common.utils.AppInfoParser - Kafka commitId: 2e1947d240607d53
+2026-01-10 13:37:36.647 [main] INFO  o.a.kafka.common.utils.AppInfoParser - Kafka startTimeMs: 1768023456645
+2026-01-10 13:37:36.649 [main] INFO  o.a.coyote.http11.Http11NioProtocol - Starting ProtocolHandler ["http-nio-8089"]
+2026-01-10 13:37:36.662 [main] INFO  o.s.b.w.e.tomcat.TomcatWebServer - Tomcat started on port(s): 8089 (http) with context path '/xdrservice'
+2026-01-10 13:37:36.662 [main] INFO  o.s.s.quartz.SchedulerFactoryBean - Starting Quartz Scheduler now
+2026-01-10 13:37:36.662 [main] INFO  org.quartz.core.QuartzScheduler - Scheduler quartzScheduler_$_NON_CLUSTERED started.
+2026-01-10 13:37:36.681 [main] INFO  com.syslogApplication - Started syslogApplication in 14.581 seconds (JVM running for 19.802)
+2026-01-10 13:37:37.161 [org.springframework.kafka.KafkaListenerEndpointContainer#0-1-C-1] INFO  o.s.k.l.KafkaMessageListenerContainer - test-group-app: partitions assigned: []
+2026-01-10 13:37:37.188 [org.springframework.kafka.KafkaListenerEndpointContainer#0-0-C-1] INFO  o.s.k.l.KafkaMessageListenerContainer - test-group-app: partitions assigned: [test-topic-0]
+2026-01-10 13:38:00.019 [log-processor-1] INFO  c.c.service.AccessLogAlertService - 开始执行访问日志告警处理任务
+2026-01-10 13:38:00.019 [scheduling-2] INFO  c.c.service.AccessLogAlertService - 开始执行访问日志告警处理任务
+2026-01-10 13:38:00.108 [scheduling-1] WARN  c.c.s.i.DeviceReceiveLogServiceImpl - 删除时间点2026-01-08T13:38:00.010晚于默认保留时间2026-01-03T13:38:00.108，使用默认时间
+2026-01-10 13:38:00.194 [scheduling-2] INFO  c.c.service.AccessLogAlertService - 加载了 1 个启用的算法配置
+2026-01-10 13:38:00.198 [log-processor-1] INFO  c.c.service.AccessLogAlertService - 加载了 1 个启用的算法配置
+2026-01-10 13:38:00.202 [scheduling-1] INFO  c.c.s.i.DeviceReceiveLogServiceImpl - 删除2026-01-03T13:38:00.108天前的日志，共删除0条
+2026-01-10 13:38:00.287 [scheduling-1] INFO  com.common.schedule.ETLOrchestrator - 定时清理任务完成，删除0条2天前的日志
+2026-01-10 13:38:00.374 [scheduling-4] INFO  c.c.service.DeviceStatsUpdateService - 开始执行设备统计更新任务...
+2026-01-10 13:38:00.463 [scheduling-4] INFO  c.c.service.DeviceStatsUpdateService - 设备统计更新完成，处理设备数：0，耗时：89ms
+2026-01-10 13:38:00.463 [scheduling-4] INFO  c.c.service.DeviceStatsUpdateService - 开始执行设备采集探针任务时间更新，时间: 2026-01-10T13:38:00.463
+2026-01-10 13:38:00.469 [scheduling-4] INFO  c.c.s.DeviceCollectTaskUpdateService - 开始批量更新设备采集任务时间，当前时间: 2026-01-10T13:38:00.469
+2026-01-10 13:38:00.637 [scheduling-2] INFO  c.c.service.AccessLogAlertService - 没有发现新的日志数据，上次处理时间: 2026-01-10T13:35:33.821
+2026-01-10 13:38:00.639 [log-processor-1] INFO  c.c.service.AccessLogAlertService - 没有发现新的日志数据，上次处理时间: 2026-01-10T13:35:33.821
+2026-01-10 13:38:00.974 [scheduling-4] INFO  c.c.s.DeviceCollectTaskUpdateService - 批量更新完成，总计: 48，已更新: 1
+2026-01-10 13:38:00.975 [scheduling-4] INFO  c.c.service.DeviceStatsUpdateService - 设备采集探针任务时间更新完成，耗时: 510ms
+2026-01-10 13:38:58.615 [http-nio-8089-exec-1] INFO  o.s.web.servlet.DispatcherServlet - Initializing Servlet 'dispatcherServlet'
+2026-01-10 13:38:58.616 [http-nio-8089-exec-1] INFO  o.s.web.servlet.DispatcherServlet - Completed initialization in 1 ms
+2026-01-10 13:38:58.863 [http-nio-8089-exec-1] INFO  com.controllers.SyslogPushController - 收到syslog发送请求: SyslogRequest{ip='192.168.0.103', port=514, logContent='<0> 2026-01-10T05:28:32+08:00 ubuntu log_forward[3419]: {"timestamp":"2026-01-10T05:28:32.806781+0800","flow_id":1671852309144385,"community_id":"uLeKRLkXu9m0D0DNn6wIg7CcdOs=","serial_num":"CJFBT92","origin":"eno4","xdr_log_type":"http","vxlan_vni":256,"src_ip":"172.16.121.137","src_port":51114,"dest_ip":"110.43.89.7","dest_port":80,"proto":"TCP","app_proto":"http","tcp_sequence":3553898360,"tcp_ack_sequence":3537707565,"ether":{"src_mac":"90:f1:b0:fb:81:a1","dest_mac":"a4:7b:2c:21:03:79"},"host":"rq.lbcct.cloud.duba.net","host_md5":"51cfa6d0981c8eb355a9b3af716da08d","uri":"/query?1767994112","uri_md5":"f28f2c62d0dd01c355caa05815d93d99","referer":"","method":"POST","protocol":"HTTP/1.1","status":200,"req_content_type":"application/x-www-form-urlencoded","request_headers":"host: rq.lbcct.cloud.duba.net\r\naccept: */*\r\ncontent-length: 85\r\ncontent-type: application/x-www-form-urlencoded\r\n","rsp_content_type":"text/plain","response_headers":"server: Tengine/1.5.2\r\ndate: Fri, 09 Jan 2026 21:28:32 GMT\r\ncontent-type: text/plain\r\nContent-Length: 54\r\nConnection: keep-alive\r\nContent-Tag: 1936292435\r\n"}', protocol='TCP', facility='USER', severity='INFO'}
+2026-01-10 13:38:58.863 [http-nio-8089-exec-1] INFO  com.common.service.SyslogService - 开始发送syslog消息: IP=192.168.0.103, Port=514
+2026-01-10 13:38:58.864 [http-nio-8089-exec-1] INFO  com.common.service.SyslogService - TCP Syslog消息发送成功: 192.168.0.103:514
+2026-01-10 13:38:58.864 [http-nio-8089-exec-1] INFO  com.controllers.SyslogPushController - Syslog消息发送成功: IP=192.168.0.103, Port=514
+2026-01-10 13:39:00.090 [scheduling-8] INFO  c.c.service.DeviceStatsUpdateService - 开始执行设备统计更新任务...
+2026-01-10 13:39:00.093 [scheduling-1] WARN  c.c.s.i.DeviceReceiveLogServiceImpl - 删除时间点2026-01-08T13:39:00.010晚于默认保留时间2026-01-03T13:39:00.093，使用默认时间
+2026-01-10 13:39:00.173 [scheduling-8] INFO  c.c.service.DeviceStatsUpdateService - 设备统计更新完成，处理设备数：0，耗时：83ms
+2026-01-10 13:39:00.173 [scheduling-8] INFO  c.c.service.DeviceStatsUpdateService - 开始执行设备采集探针任务时间更新，时间: 2026-01-10T13:39:00.173
+2026-01-10 13:39:00.173 [scheduling-8] INFO  c.c.s.DeviceCollectTaskUpdateService - 开始批量更新设备采集任务时间，当前时间: 2026-01-10T13:39:00.173
+2026-01-10 13:39:00.178 [scheduling-1] INFO  c.c.s.i.DeviceReceiveLogServiceImpl - 删除2026-01-03T13:39:00.093天前的日志，共删除0条
+2026-01-10 13:39:00.272 [scheduling-1] INFO  com.common.schedule.ETLOrchestrator - 定时清理任务完成，删除0条2天前的日志
+2026-01-10 13:39:00.633 [scheduling-8] INFO  c.c.s.DeviceCollectTaskUpdateService - 批量更新完成，总计: 48，已更新: 1
+2026-01-10 13:39:00.633 [scheduling-8] INFO  c.c.service.DeviceStatsUpdateService - 设备采集探针任务时间更新完成，耗时: 460ms
+2026-01-10 13:40:00.010 [scheduling-5] INFO  c.c.service.AccessLogAlertService - 开始执行访问日志告警处理任务
+2026-01-10 13:40:00.011 [log-processor-2] INFO  c.c.service.AccessLogAlertService - 开始执行访问日志告警处理任务
+2026-01-10 13:40:00.092 [scheduling-9] WARN  c.c.s.i.DeviceReceiveLogServiceImpl - 删除时间点2026-01-08T13:40:00.010晚于默认保留时间2026-01-03T13:40:00.092，使用默认时间
+2026-01-10 13:40:00.095 [scheduling-3] INFO  c.c.service.DeviceStatsUpdateService - 开始执行设备统计更新任务...
+2026-01-10 13:40:00.173 [scheduling-9] INFO  c.c.s.i.DeviceReceiveLogServiceImpl - 删除2026-01-03T13:40:00.092天前的日志，共删除0条
+2026-01-10 13:40:00.179 [log-processor-2] INFO  c.c.service.AccessLogAlertService - 加载了 1 个启用的算法配置
+2026-01-10 13:40:00.182 [scheduling-5] INFO  c.c.service.AccessLogAlertService - 加载了 1 个启用的算法配置
+2026-01-10 13:40:00.184 [scheduling-3] INFO  c.c.service.DeviceStatsUpdateService - 设备统计更新完成，处理设备数：0，耗时：89ms
+2026-01-10 13:40:00.185 [scheduling-3] INFO  c.c.service.DeviceStatsUpdateService - 开始执行设备采集探针任务时间更新，时间: 2026-01-10T13:40:00.185
+2026-01-10 13:40:00.185 [scheduling-3] INFO  c.c.s.DeviceCollectTaskUpdateService - 开始批量更新设备采集任务时间，当前时间: 2026-01-10T13:40:00.185
+2026-01-10 13:40:00.256 [scheduling-9] INFO  com.common.schedule.ETLOrchestrator - 定时清理任务完成，删除0条2天前的日志
+2026-01-10 13:40:00.300 [log-processor-2] INFO  c.c.service.AccessLogAlertService - 没有发现新的日志数据，上次处理时间: 2026-01-10T13:35:33.821
+2026-01-10 13:40:00.307 [scheduling-5] INFO  c.c.service.AccessLogAlertService - 没有发现新的日志数据，上次处理时间: 2026-01-10T13:35:33.821
+2026-01-10 13:40:00.709 [scheduling-3] INFO  c.c.s.DeviceCollectTaskUpdateService - 批量更新完成，总计: 48，已更新: 1
+2026-01-10 13:40:00.710 [scheduling-3] INFO  c.c.service.DeviceStatsUpdateService - 设备采集探针任务时间更新完成，耗时: 525ms
+2026-01-10 13:41:00.004 [scheduling-2] INFO  com.common.schedule.ETLOrchestrator - ETL任务开始执行，开始时间：2026-01-10 13:35:00,结束时间：2026-01-10 13:40:00
+2026-01-10 13:41:00.010 [scheduling-2] INFO  com.common.service.DataExtractor - 开始处理指定时间范围内访问日志数据，时间范围: 2026-01-10T13:35 - 2026-01-10T13:40
+2026-01-10 13:41:00.086 [scheduling-9] WARN  c.c.s.i.DeviceReceiveLogServiceImpl - 删除时间点2026-01-08T13:41:00.003晚于默认保留时间2026-01-03T13:41:00.086，使用默认时间
+2026-01-10 13:41:00.089 [scheduling-10] INFO  c.c.service.DeviceStatsUpdateService - 开始执行设备统计更新任务...
+2026-01-10 13:41:00.168 [scheduling-9] INFO  c.c.s.i.DeviceReceiveLogServiceImpl - 删除2026-01-03T13:41:00.086天前的日志，共删除0条
+2026-01-10 13:41:00.178 [scheduling-10] INFO  c.c.service.DeviceStatsUpdateService - 设备统计更新完成，处理设备数：0，耗时：89ms
+2026-01-10 13:41:00.178 [scheduling-10] INFO  c.c.service.DeviceStatsUpdateService - 开始执行设备采集探针任务时间更新，时间: 2026-01-10T13:41:00.178
+2026-01-10 13:41:00.178 [scheduling-10] INFO  c.c.s.DeviceCollectTaskUpdateService - 开始批量更新设备采集任务时间，当前时间: 2026-01-10T13:41:00.178
+2026-01-10 13:41:00.184 [scheduling-2] INFO  com.common.service.DataExtractor - 指定时间范围分组数据量: 0 组
+2026-01-10 13:41:00.184 [scheduling-2] INFO  com.common.service.DataExtractor - 没有需要处理的数据
+2026-01-10 13:41:00.185 [scheduling-2] INFO  com.common.service.DataExtractor - 开始处理告警类型指定时间范围内数据，时间范围: 2026-01-10T13:35 - 2026-01-10T13:40
+2026-01-10 13:41:00.250 [scheduling-9] INFO  com.common.schedule.ETLOrchestrator - 定时清理任务完成，删除0条2天前的日志
+2026-01-10 13:41:00.277 [scheduling-2] INFO  com.common.service.DataExtractor - 指定时间范围分组数据量: 0 组
+2026-01-10 13:41:00.277 [scheduling-2] INFO  com.common.service.DataExtractor - 没有需要处理的数据
+2026-01-10 13:41:00.278 [scheduling-2] INFO  com.common.schedule.ETLOrchestrator - 定时ETL任务执行完成，耗时: 0 秒
+2026-01-10 13:41:00.662 [scheduling-10] INFO  c.c.s.DeviceCollectTaskUpdateService - 批量更新完成，总计: 48，已更新: 1
+2026-01-10 13:41:00.662 [scheduling-10] INFO  c.c.service.DeviceStatsUpdateService - 设备采集探针任务时间更新完成，耗时: 484ms
+2026-01-10 13:42:00.010 [scheduling-4] INFO  c.c.service.AccessLogAlertService - 开始执行访问日志告警处理任务
+2026-01-10 13:42:00.010 [log-processor-3] INFO  c.c.service.AccessLogAlertService - 开始执行访问日志告警处理任务
+2026-01-10 13:42:00.092 [scheduling-6] INFO  c.c.service.DeviceStatsUpdateService - 开始执行设备统计更新任务...
+2026-01-10 13:42:00.095 [scheduling-8] WARN  c.c.s.i.DeviceReceiveLogServiceImpl - 删除时间点2026-01-08T13:42:00.010晚于默认保留时间2026-01-03T13:42:00.095，使用默认时间
+2026-01-10 13:42:00.175 [scheduling-6] INFO  c.c.service.DeviceStatsUpdateService - 设备统计更新完成，处理设备数：0，耗时：83ms
+2026-01-10 13:42:00.175 [scheduling-6] INFO  c.c.service.DeviceStatsUpdateService - 开始执行设备采集探针任务时间更新，时间: 2026-01-10T13:42:00.175
+2026-01-10 13:42:00.175 [scheduling-6] INFO  c.c.s.DeviceCollectTaskUpdateService - 开始批量更新设备采集任务时间，当前时间: 2026-01-10T13:42:00.175
+2026-01-10 13:42:00.178 [log-processor-3] INFO  c.c.service.AccessLogAlertService - 加载了 1 个启用的算法配置
+2026-01-10 13:42:00.180 [scheduling-8] INFO  c.c.s.i.DeviceReceiveLogServiceImpl - 删除2026-01-03T13:42:00.095天前的日志，共删除0条
+2026-01-10 13:42:00.181 [scheduling-4] INFO  c.c.service.AccessLogAlertService - 加载了 1 个启用的算法配置
+2026-01-10 13:42:00.263 [scheduling-8] INFO  com.common.schedule.ETLOrchestrator - 定时清理任务完成，删除0条2天前的日志
+2026-01-10 13:42:00.316 [log-processor-3] INFO  c.c.service.AccessLogAlertService - 没有发现新的日志数据，上次处理时间: 2026-01-10T13:35:33.821
+2026-01-10 13:42:00.320 [scheduling-4] INFO  c.c.service.AccessLogAlertService - 没有发现新的日志数据，上次处理时间: 2026-01-10T13:35:33.821
+2026-01-10 13:42:00.629 [scheduling-6] INFO  c.c.s.DeviceCollectTaskUpdateService - 批量更新完成，总计: 48，已更新: 1
+2026-01-10 13:42:00.629 [scheduling-6] INFO  c.c.service.DeviceStatsUpdateService - 设备采集探针任务时间更新完成，耗时: 454ms
+2026-01-10 13:43:00.085 [scheduling-6] INFO  c.c.service.DeviceStatsUpdateService - 开始执行设备统计更新任务...
+2026-01-10 13:43:00.088 [scheduling-2] WARN  c.c.s.i.DeviceReceiveLogServiceImpl - 删除时间点2026-01-08T13:43:00.005晚于默认保留时间2026-01-03T13:43:00.088，使用默认时间
+2026-01-10 13:43:00.171 [scheduling-6] INFO  c.c.service.DeviceStatsUpdateService - 设备统计更新完成，处理设备数：0，耗时：86ms
+2026-01-10 13:43:00.172 [scheduling-6] INFO  c.c.service.DeviceStatsUpdateService - 开始执行设备采集探针任务时间更新，时间: 2026-01-10T13:43:00.171
+2026-01-10 13:43:00.172 [scheduling-6] INFO  c.c.s.DeviceCollectTaskUpdateService - 开始批量更新设备采集任务时间，当前时间: 2026-01-10T13:43:00.172
+2026-01-10 13:43:00.173 [scheduling-2] INFO  c.c.s.i.DeviceReceiveLogServiceImpl - 删除2026-01-03T13:43:00.088天前的日志，共删除0条
+2026-01-10 13:43:00.255 [scheduling-2] INFO  com.common.schedule.ETLOrchestrator - 定时清理任务完成，删除0条2天前的日志
+2026-01-10 13:43:00.713 [scheduling-6] INFO  c.c.s.DeviceCollectTaskUpdateService - 批量更新完成，总计: 48，已更新: 1
+2026-01-10 13:43:00.713 [scheduling-6] INFO  c.c.service.DeviceStatsUpdateService - 设备采集探针任务时间更新完成，耗时: 541ms
+2026-01-10 13:44:00.012 [scheduling-6] INFO  c.c.service.AccessLogAlertService - 开始执行访问日志告警处理任务
+2026-01-10 13:44:00.012 [log-processor-4] INFO  c.c.service.AccessLogAlertService - 开始执行访问日志告警处理任务
+2026-01-10 13:44:00.089 [scheduling-7] WARN  c.c.s.i.DeviceReceiveLogServiceImpl - 删除时间点2026-01-08T13:44:00.012晚于默认保留时间2026-01-03T13:44:00.089，使用默认时间
+2026-01-10 13:44:00.097 [scheduling-8] INFO  c.c.service.DeviceStatsUpdateService - 开始执行设备统计更新任务...
+2026-01-10 13:44:00.176 [scheduling-7] INFO  c.c.s.i.DeviceReceiveLogServiceImpl - 删除2026-01-03T13:44:00.089天前的日志，共删除0条
+2026-01-10 13:44:00.178 [log-processor-4] INFO  c.c.service.AccessLogAlertService - 加载了 1 个启用的算法配置
+2026-01-10 13:44:00.183 [scheduling-8] INFO  c.c.service.DeviceStatsUpdateService - 设备统计更新完成，处理设备数：0，耗时：86ms
+2026-01-10 13:44:00.183 [scheduling-8] INFO  c.c.service.DeviceStatsUpdateService - 开始执行设备采集探针任务时间更新，时间: 2026-01-10T13:44:00.183
+2026-01-10 13:44:00.183 [scheduling-8] INFO  c.c.s.DeviceCollectTaskUpdateService - 开始批量更新设备采集任务时间，当前时间: 2026-01-10T13:44:00.183
+2026-01-10 13:44:00.183 [scheduling-6] INFO  c.c.service.AccessLogAlertService - 加载了 1 个启用的算法配置
+2026-01-10 13:44:00.257 [scheduling-7] INFO  com.common.schedule.ETLOrchestrator - 定时清理任务完成，删除0条2天前的日志
+2026-01-10 13:44:00.315 [log-processor-4] INFO  c.c.service.AccessLogAlertService - 没有发现新的日志数据，上次处理时间: 2026-01-10T13:35:33.821
+2026-01-10 13:44:00.321 [scheduling-6] INFO  c.c.service.AccessLogAlertService - 没有发现新的日志数据，上次处理时间: 2026-01-10T13:35:33.821
+2026-01-10 13:44:00.716 [scheduling-8] INFO  c.c.s.DeviceCollectTaskUpdateService - 批量更新完成，总计: 48，已更新: 1
+2026-01-10 13:44:00.716 [scheduling-8] INFO  c.c.service.DeviceStatsUpdateService - 设备采集探针任务时间更新完成，耗时: 533ms
+2026-01-10 13:45:00.092 [scheduling-7] WARN  c.c.s.i.DeviceReceiveLogServiceImpl - 删除时间点2026-01-08T13:45:00.011晚于默认保留时间2026-01-03T13:45:00.092，使用默认时间
+2026-01-10 13:45:00.095 [scheduling-10] INFO  c.c.service.DeviceStatsUpdateService - 开始执行设备统计更新任务...
+2026-01-10 13:45:00.174 [scheduling-7] INFO  c.c.s.i.DeviceReceiveLogServiceImpl - 删除2026-01-03T13:45:00.092天前的日志，共删除0条
+2026-01-10 13:45:00.183 [scheduling-10] INFO  c.c.service.DeviceStatsUpdateService - 设备统计更新完成，处理设备数：0，耗时：88ms
+2026-01-10 13:45:00.183 [scheduling-10] INFO  c.c.service.DeviceStatsUpdateService - 开始执行设备采集探针任务时间更新，时间: 2026-01-10T13:45:00.183
+2026-01-10 13:45:00.183 [scheduling-10] INFO  c.c.s.DeviceCollectTaskUpdateService - 开始批量更新设备采集任务时间，当前时间: 2026-01-10T13:45:00.183
+2026-01-10 13:45:00.255 [scheduling-7] INFO  com.common.schedule.ETLOrchestrator - 定时清理任务完成，删除0条2天前的日志
+2026-01-10 13:45:00.671 [scheduling-10] INFO  c.c.s.DeviceCollectTaskUpdateService - 批量更新完成，总计: 48，已更新: 1
+2026-01-10 13:45:00.671 [scheduling-10] INFO  c.c.service.DeviceStatsUpdateService - 设备采集探针任务时间更新完成，耗时: 488ms
+2026-01-10 13:46:00.014 [scheduling-7] INFO  c.c.service.AccessLogAlertService - 开始执行访问日志告警处理任务
+2026-01-10 13:46:00.014 [scheduling-1] INFO  com.common.schedule.ETLOrchestrator - ETL任务开始执行，开始时间：2026-01-10 13:40:00,结束时间：2026-01-10 13:45:00
+2026-01-10 13:46:00.014 [scheduling-1] INFO  com.common.service.DataExtractor - 开始处理指定时间范围内访问日志数据，时间范围: 2026-01-10T13:40 - 2026-01-10T13:45
+2026-01-10 13:46:00.014 [log-processor-5] INFO  c.c.service.AccessLogAlertService - 开始执行访问日志告警处理任务
+2026-01-10 13:46:00.098 [scheduling-2] WARN  c.c.s.i.DeviceReceiveLogServiceImpl - 删除时间点2026-01-08T13:46:00.014晚于默认保留时间2026-01-03T13:46:00.098，使用默认时间
+2026-01-10 13:46:00.099 [scheduling-4] INFO  c.c.service.DeviceStatsUpdateService - 开始执行设备统计更新任务...
+2026-01-10 13:46:00.177 [scheduling-7] INFO  c.c.service.AccessLogAlertService - 加载了 1 个启用的算法配置
+2026-01-10 13:46:00.181 [scheduling-2] INFO  c.c.s.i.DeviceReceiveLogServiceImpl - 删除2026-01-03T13:46:00.098天前的日志，共删除0条
+2026-01-10 13:46:00.191 [scheduling-4] INFO  c.c.service.DeviceStatsUpdateService - 设备统计更新完成，处理设备数：0，耗时：92ms
+2026-01-10 13:46:00.191 [scheduling-4] INFO  c.c.service.DeviceStatsUpdateService - 开始执行设备采集探针任务时间更新，时间: 2026-01-10T13:46:00.191
+2026-01-10 13:46:00.192 [scheduling-4] INFO  c.c.s.DeviceCollectTaskUpdateService - 开始批量更新设备采集任务时间，当前时间: 2026-01-10T13:46:00.192
+2026-01-10 13:46:00.224 [scheduling-1] INFO  com.common.service.DataExtractor - 指定时间范围分组数据量: 0 组
+2026-01-10 13:46:00.224 [scheduling-1] INFO  com.common.service.DataExtractor - 没有需要处理的数据
+2026-01-10 13:46:00.224 [scheduling-1] INFO  com.common.service.DataExtractor - 开始处理告警类型指定时间范围内数据，时间范围: 2026-01-10T13:40 - 2026-01-10T13:45
+2026-01-10 13:46:00.263 [scheduling-2] INFO  com.common.schedule.ETLOrchestrator - 定时清理任务完成，删除0条2天前的日志
+2026-01-10 13:46:00.312 [scheduling-1] INFO  com.common.service.DataExtractor - 指定时间范围分组数据量: 0 组
+2026-01-10 13:46:00.312 [scheduling-1] INFO  com.common.service.DataExtractor - 没有需要处理的数据
+2026-01-10 13:46:00.313 [scheduling-1] INFO  com.common.schedule.ETLOrchestrator - 定时ETL任务执行完成，耗时: 0 秒
+2026-01-10 13:46:00.519 [log-processor-5] INFO  c.c.service.AccessLogAlertService - 加载了 1 个启用的算法配置
+2026-01-10 13:46:00.614 [scheduling-7] INFO  c.c.service.AccessLogAlertService - 没有发现新的日志数据，上次处理时间: 2026-01-10T13:35:33.821
+2026-01-10 13:46:00.736 [scheduling-4] INFO  c.c.s.DeviceCollectTaskUpdateService - 批量更新完成，总计: 48，已更新: 1
+2026-01-10 13:46:00.736 [scheduling-4] INFO  c.c.service.DeviceStatsUpdateService - 设备采集探针任务时间更新完成，耗时: 545ms
+2026-01-10 13:46:00.898 [log-processor-5] INFO  c.c.service.AccessLogAlertService - 没有发现新的日志数据，上次处理时间: 2026-01-10T13:35:33.821
+2026-01-10 13:47:00.096 [scheduling-2] INFO  c.c.service.DeviceStatsUpdateService - 开始执行设备统计更新任务...
+2026-01-10 13:47:00.097 [scheduling-4] WARN  c.c.s.i.DeviceReceiveLogServiceImpl - 删除时间点2026-01-08T13:47:00.010晚于默认保留时间2026-01-03T13:47:00.097，使用默认时间
+2026-01-10 13:47:00.183 [scheduling-4] INFO  c.c.s.i.DeviceReceiveLogServiceImpl - 删除2026-01-03T13:47:00.097天前的日志，共删除0条
+2026-01-10 13:47:00.183 [scheduling-2] INFO  c.c.service.DeviceStatsUpdateService - 设备统计更新完成，处理设备数：0，耗时：87ms
+2026-01-10 13:47:00.183 [scheduling-2] INFO  c.c.service.DeviceStatsUpdateService - 开始执行设备采集探针任务时间更新，时间: 2026-01-10T13:47:00.183
+2026-01-10 13:47:00.183 [scheduling-2] INFO  c.c.s.DeviceCollectTaskUpdateService - 开始批量更新设备采集任务时间，当前时间: 2026-01-10T13:47:00.183
+2026-01-10 13:47:00.268 [scheduling-4] INFO  com.common.schedule.ETLOrchestrator - 定时清理任务完成，删除0条2天前的日志
+2026-01-10 13:47:00.693 [scheduling-2] INFO  c.c.s.DeviceCollectTaskUpdateService - 批量更新完成，总计: 48，已更新: 1
+2026-01-10 13:47:00.693 [scheduling-2] INFO  c.c.service.DeviceStatsUpdateService - 设备采集探针任务时间更新完成，耗时: 510ms
+2026-01-10 13:48:00.010 [scheduling-10] INFO  c.c.service.AccessLogAlertService - 开始执行访问日志告警处理任务
+2026-01-10 13:48:00.010 [log-processor-6] INFO  c.c.service.AccessLogAlertService - 开始执行访问日志告警处理任务
+2026-01-10 13:48:00.092 [scheduling-9] WARN  c.c.s.i.DeviceReceiveLogServiceImpl - 删除时间点2026-01-08T13:48:00.010晚于默认保留时间2026-01-03T13:48:00.092，使用默认时间
+2026-01-10 13:48:00.096 [scheduling-6] INFO  c.c.service.DeviceStatsUpdateService - 开始执行设备统计更新任务...
+2026-01-10 13:48:00.174 [scheduling-9] INFO  c.c.s.i.DeviceReceiveLogServiceImpl - 删除2026-01-03T13:48:00.092天前的日志，共删除0条
+2026-01-10 13:48:00.177 [log-processor-6] INFO  c.c.service.AccessLogAlertService - 加载了 1 个启用的算法配置
+2026-01-10 13:48:00.177 [scheduling-10] INFO  c.c.service.AccessLogAlertService - 加载了 1 个启用的算法配置
+2026-01-10 13:48:00.182 [scheduling-6] INFO  c.c.service.DeviceStatsUpdateService - 设备统计更新完成，处理设备数：0，耗时：86ms
+2026-01-10 13:48:00.182 [scheduling-6] INFO  c.c.service.DeviceStatsUpdateService - 开始执行设备采集探针任务时间更新，时间: 2026-01-10T13:48:00.182
+2026-01-10 13:48:00.182 [scheduling-6] INFO  c.c.s.DeviceCollectTaskUpdateService - 开始批量更新设备采集任务时间，当前时间: 2026-01-10T13:48:00.182
+2026-01-10 13:48:00.254 [scheduling-9] INFO  com.common.schedule.ETLOrchestrator - 定时清理任务完成，删除0条2天前的日志
+2026-01-10 13:48:00.325 [log-processor-6] INFO  c.c.service.AccessLogAlertService - 没有发现新的日志数据，上次处理时间: 2026-01-10T13:35:33.821
+2026-01-10 13:48:00.692 [scheduling-10] INFO  c.c.service.AccessLogAlertService - 没有发现新的日志数据，上次处理时间: 2026-01-10T13:35:33.821
+2026-01-10 13:48:00.702 [scheduling-6] INFO  c.c.s.DeviceCollectTaskUpdateService - 批量更新完成，总计: 48，已更新: 1
+2026-01-10 13:48:00.703 [scheduling-6] INFO  c.c.service.DeviceStatsUpdateService - 设备采集探针任务时间更新完成，耗时: 521ms
+2026-01-10 13:49:00.091 [scheduling-9] WARN  c.c.s.i.DeviceReceiveLogServiceImpl - 删除时间点2026-01-08T13:49:00.010晚于默认保留时间2026-01-03T13:49:00.091，使用默认时间
+2026-01-10 13:49:00.096 [scheduling-6] INFO  c.c.service.DeviceStatsUpdateService - 开始执行设备统计更新任务...
+2026-01-10 13:49:00.175 [scheduling-9] INFO  c.c.s.i.DeviceReceiveLogServiceImpl - 删除2026-01-03T13:49:00.091天前的日志，共删除0条
+2026-01-10 13:49:00.183 [scheduling-6] INFO  c.c.service.DeviceStatsUpdateService - 设备统计更新完成，处理设备数：0，耗时：87ms
+2026-01-10 13:49:00.183 [scheduling-6] INFO  c.c.service.DeviceStatsUpdateService - 开始执行设备采集探针任务时间更新，时间: 2026-01-10T13:49:00.183
+2026-01-10 13:49:00.183 [scheduling-6] INFO  c.c.s.DeviceCollectTaskUpdateService - 开始批量更新设备采集任务时间，当前时间: 2026-01-10T13:49:00.183
+2026-01-10 13:49:00.255 [scheduling-9] INFO  com.common.schedule.ETLOrchestrator - 定时清理任务完成，删除0条2天前的日志
+2026-01-10 13:49:00.753 [scheduling-6] INFO  c.c.s.DeviceCollectTaskUpdateService - 批量更新完成，总计: 48，已更新: 1
+2026-01-10 13:49:00.753 [scheduling-6] INFO  c.c.service.DeviceStatsUpdateService - 设备采集探针任务时间更新完成，耗时: 570ms
+2026-01-10 13:50:00.012 [scheduling-2] INFO  c.c.service.AccessLogAlertService - 开始执行访问日志告警处理任务
+2026-01-10 13:50:00.013 [log-processor-7] INFO  c.c.service.AccessLogAlertService - 开始执行访问日志告警处理任务
+2026-01-10 13:50:00.093 [scheduling-7] INFO  c.c.service.DeviceStatsUpdateService - 开始执行设备统计更新任务...
+2026-01-10 13:50:00.105 [scheduling-1] WARN  c.c.s.i.DeviceReceiveLogServiceImpl - 删除时间点2026-01-08T13:50:00.012晚于默认保留时间2026-01-03T13:50:00.105，使用默认时间
+2026-01-10 13:50:00.176 [scheduling-7] INFO  c.c.service.DeviceStatsUpdateService - 设备统计更新完成，处理设备数：0，耗时：83ms
+2026-01-10 13:50:00.177 [scheduling-7] INFO  c.c.service.DeviceStatsUpdateService - 开始执行设备采集探针任务时间更新，时间: 2026-01-10T13:50:00.177
+2026-01-10 13:50:00.177 [scheduling-7] INFO  c.c.s.DeviceCollectTaskUpdateService - 开始批量更新设备采集任务时间，当前时间: 2026-01-10T13:50:00.177
+2026-01-10 13:50:00.182 [log-processor-7] INFO  c.c.service.AccessLogAlertService - 加载了 1 个启用的算法配置
+2026-01-10 13:50:00.187 [scheduling-2] INFO  c.c.service.AccessLogAlertService - 加载了 1 个启用的算法配置
+2026-01-10 13:50:00.214 [scheduling-1] INFO  c.c.s.i.DeviceReceiveLogServiceImpl - 删除2026-01-03T13:50:00.105天前的日志，共删除0条
+2026-01-10 13:50:00.297 [scheduling-1] INFO  com.common.schedule.ETLOrchestrator - 定时清理任务完成，删除0条2天前的日志
+2026-01-10 13:50:00.317 [log-processor-7] INFO  c.c.service.AccessLogAlertService - 没有发现新的日志数据，上次处理时间: 2026-01-10T13:35:33.821
+2026-01-10 13:50:00.394 [scheduling-2] INFO  c.c.service.AccessLogAlertService - 没有发现新的日志数据，上次处理时间: 2026-01-10T13:35:33.821
+2026-01-10 13:50:00.683 [scheduling-7] INFO  c.c.s.DeviceCollectTaskUpdateService - 批量更新完成，总计: 48，已更新: 1
+2026-01-10 13:50:00.683 [scheduling-7] INFO  c.c.service.DeviceStatsUpdateService - 设备采集探针任务时间更新完成，耗时: 506ms
+2026-01-10 13:51:00.008 [scheduling-5] INFO  com.common.schedule.ETLOrchestrator - ETL任务开始执行，开始时间：2026-01-10 13:45:00,结束时间：2026-01-10 13:50:00
+2026-01-10 13:51:00.008 [scheduling-5] INFO  com.common.service.DataExtractor - 开始处理指定时间范围内访问日志数据，时间范围: 2026-01-10T13:45 - 2026-01-10T13:50
+2026-01-10 13:51:00.093 [scheduling-8] INFO  c.c.service.DeviceStatsUpdateService - 开始执行设备统计更新任务...
+2026-01-10 13:51:00.094 [scheduling-4] WARN  c.c.s.i.DeviceReceiveLogServiceImpl - 删除时间点2026-01-08T13:51:00.008晚于默认保留时间2026-01-03T13:51:00.094，使用默认时间
+2026-01-10 13:51:00.168 [scheduling-5] INFO  com.common.service.DataExtractor - 指定时间范围分组数据量: 0 组
+2026-01-10 13:51:00.168 [scheduling-5] INFO  com.common.service.DataExtractor - 没有需要处理的数据
+2026-01-10 13:51:00.168 [scheduling-5] INFO  com.common.service.DataExtractor - 开始处理告警类型指定时间范围内数据，时间范围: 2026-01-10T13:45 - 2026-01-10T13:50
+2026-01-10 13:51:00.176 [scheduling-8] INFO  c.c.service.DeviceStatsUpdateService - 设备统计更新完成，处理设备数：0，耗时：83ms
+2026-01-10 13:51:00.176 [scheduling-4] INFO  c.c.s.i.DeviceReceiveLogServiceImpl - 删除2026-01-03T13:51:00.094天前的日志，共删除0条
+2026-01-10 13:51:00.176 [scheduling-8] INFO  c.c.service.DeviceStatsUpdateService - 开始执行设备采集探针任务时间更新，时间: 2026-01-10T13:51:00.176
+2026-01-10 13:51:00.176 [scheduling-8] INFO  c.c.s.DeviceCollectTaskUpdateService - 开始批量更新设备采集任务时间，当前时间: 2026-01-10T13:51:00.176
+2026-01-10 13:51:00.253 [scheduling-5] INFO  com.common.service.DataExtractor - 指定时间范围分组数据量: 0 组
+2026-01-10 13:51:00.253 [scheduling-5] INFO  com.common.service.DataExtractor - 没有需要处理的数据
+2026-01-10 13:51:00.253 [scheduling-5] INFO  com.common.schedule.ETLOrchestrator - 定时ETL任务执行完成，耗时: 0 秒
+2026-01-10 13:51:00.265 [scheduling-4] INFO  com.common.schedule.ETLOrchestrator - 定时清理任务完成，删除0条2天前的日志
+2026-01-10 13:51:00.684 [scheduling-8] INFO  c.c.s.DeviceCollectTaskUpdateService - 批量更新完成，总计: 48，已更新: 1
+2026-01-10 13:51:00.684 [scheduling-8] INFO  c.c.service.DeviceStatsUpdateService - 设备采集探针任务时间更新完成，耗时: 508ms
+2026-01-10 13:52:00.009 [scheduling-9] INFO  c.c.service.AccessLogAlertService - 开始执行访问日志告警处理任务
+2026-01-10 13:52:00.010 [log-processor-8] INFO  c.c.service.AccessLogAlertService - 开始执行访问日志告警处理任务
+2026-01-10 13:52:00.094 [scheduling-8] WARN  c.c.s.i.DeviceReceiveLogServiceImpl - 删除时间点2026-01-08T13:52:00.009晚于默认保留时间2026-01-03T13:52:00.094，使用默认时间
+2026-01-10 13:52:00.095 [scheduling-4] INFO  c.c.service.DeviceStatsUpdateService - 开始执行设备统计更新任务...
+2026-01-10 13:52:00.175 [scheduling-9] INFO  c.c.service.AccessLogAlertService - 加载了 1 个启用的算法配置
+2026-01-10 13:52:00.176 [log-processor-8] INFO  c.c.service.AccessLogAlertService - 加载了 1 个启用的算法配置
+2026-01-10 13:52:00.179 [scheduling-8] INFO  c.c.s.i.DeviceReceiveLogServiceImpl - 删除2026-01-03T13:52:00.094天前的日志，共删除0条
+2026-01-10 13:52:00.183 [scheduling-4] INFO  c.c.service.DeviceStatsUpdateService - 设备统计更新完成，处理设备数：0，耗时：88ms
+2026-01-10 13:52:00.183 [scheduling-4] INFO  c.c.service.DeviceStatsUpdateService - 开始执行设备采集探针任务时间更新，时间: 2026-01-10T13:52:00.183
+2026-01-10 13:52:00.183 [scheduling-4] INFO  c.c.s.DeviceCollectTaskUpdateService - 开始批量更新设备采集任务时间，当前时间: 2026-01-10T13:52:00.183
+2026-01-10 13:52:00.263 [scheduling-8] INFO  com.common.schedule.ETLOrchestrator - 定时清理任务完成，删除0条2天前的日志
+2026-01-10 13:52:00.308 [scheduling-9] INFO  c.c.service.AccessLogAlertService - 没有发现新的日志数据，上次处理时间: 2026-01-10T13:35:33.821
+2026-01-10 13:52:00.393 [log-processor-8] INFO  c.c.service.AccessLogAlertService - 没有发现新的日志数据，上次处理时间: 2026-01-10T13:35:33.821
+2026-01-10 13:52:00.663 [scheduling-4] INFO  c.c.s.DeviceCollectTaskUpdateService - 批量更新完成，总计: 48，已更新: 1
+2026-01-10 13:52:00.663 [scheduling-4] INFO  c.c.service.DeviceStatsUpdateService - 设备采集探针任务时间更新完成，耗时: 480ms
+2026-01-10 13:53:00.094 [scheduling-8] WARN  c.c.s.i.DeviceReceiveLogServiceImpl - 删除时间点2026-01-08T13:53:00.009晚于默认保留时间2026-01-03T13:53:00.094，使用默认时间
+2026-01-10 13:53:00.094 [scheduling-6] INFO  c.c.service.DeviceStatsUpdateService - 开始执行设备统计更新任务...
+2026-01-10 13:53:00.180 [scheduling-8] INFO  c.c.s.i.DeviceReceiveLogServiceImpl - 删除2026-01-03T13:53:00.094天前的日志，共删除0条
+2026-01-10 13:53:00.184 [scheduling-6] INFO  c.c.service.DeviceStatsUpdateService - 设备统计更新完成，处理设备数：0，耗时：90ms
+2026-01-10 13:53:00.184 [scheduling-6] INFO  c.c.service.DeviceStatsUpdateService - 开始执行设备采集探针任务时间更新，时间: 2026-01-10T13:53:00.184
+2026-01-10 13:53:00.184 [scheduling-6] INFO  c.c.s.DeviceCollectTaskUpdateService - 开始批量更新设备采集任务时间，当前时间: 2026-01-10T13:53:00.184
+2026-01-10 13:53:00.264 [scheduling-8] INFO  com.common.schedule.ETLOrchestrator - 定时清理任务完成，删除0条2天前的日志
+2026-01-10 13:53:00.682 [scheduling-6] INFO  c.c.s.DeviceCollectTaskUpdateService - 批量更新完成，总计: 48，已更新: 1
+2026-01-10 13:53:00.683 [scheduling-6] INFO  c.c.service.DeviceStatsUpdateService - 设备采集探针任务时间更新完成，耗时: 499ms
+2026-01-10 13:53:58.080 [scheduling-2] INFO  c.c.service.AccessLogAlertService - 开始执行访问日志告警处理任务
+2026-01-10 13:53:58.080 [log-processor-9] INFO  c.c.service.AccessLogAlertService - 开始执行访问日志告警处理任务
+2026-01-10 13:53:58.163 [scheduling-1] WARN  c.c.s.i.DeviceReceiveLogServiceImpl - 删除时间点2026-01-08T13:53:58.080晚于默认保留时间2026-01-03T13:53:58.163，使用默认时间
+2026-01-10 13:53:58.164 [scheduling-3] INFO  c.c.service.DeviceStatsUpdateService - 开始执行设备统计更新任务...
+2026-01-10 13:53:58.243 [scheduling-1] INFO  c.c.s.i.DeviceReceiveLogServiceImpl - 删除2026-01-03T13:53:58.163天前的日志，共删除0条
+2026-01-10 13:53:58.245 [scheduling-2] INFO  c.c.service.AccessLogAlertService - 加载了 1 个启用的算法配置
+2026-01-10 13:53:58.250 [scheduling-3] INFO  c.c.service.DeviceStatsUpdateService - 设备统计更新完成，处理设备数：0，耗时：86ms
+2026-01-10 13:53:58.250 [scheduling-3] INFO  c.c.service.DeviceStatsUpdateService - 开始执行设备采集探针任务时间更新，时间: 2026-01-10T13:53:58.250
+2026-01-10 13:53:58.251 [scheduling-3] INFO  c.c.s.DeviceCollectTaskUpdateService - 开始批量更新设备采集任务时间，当前时间: 2026-01-10T13:53:58.251
+2026-01-10 13:53:58.251 [log-processor-9] INFO  c.c.service.AccessLogAlertService - 加载了 1 个启用的算法配置
+2026-01-10 13:53:58.324 [scheduling-1] INFO  com.common.schedule.ETLOrchestrator - 定时清理任务完成，删除0条2天前的日志
+2026-01-10 13:53:58.492 [log-processor-9] INFO  c.c.service.AccessLogAlertService - 没有发现新的日志数据，上次处理时间: 2026-01-10T13:35:33.821
+2026-01-10 13:53:58.697 [scheduling-3] INFO  c.c.s.DeviceCollectTaskUpdateService - 批量更新完成，总计: 48，已更新: 1
+2026-01-10 13:53:58.697 [scheduling-3] INFO  c.c.service.DeviceStatsUpdateService - 设备采集探针任务时间更新完成，耗时: 446ms
+2026-01-10 13:53:58.737 [scheduling-2] INFO  c.c.service.AccessLogAlertService - 没有发现新的日志数据，上次处理时间: 2026-01-10T13:35:33.821
+2026-01-10 13:59:54.078 [HikariPool-1 housekeeper] WARN  com.zaxxer.hikari.pool.HikariPool - HikariPool-1 - Thread starvation or clock leap detected (housekeeper delta=5m51s169ms755µs800ns).
+2026-01-10 14:00:21.164 [scheduling-7] INFO  c.c.service.AccessLogAlertService - 开始执行访问日志告警处理任务
+2026-01-10 14:00:21.164 [scheduling-8] INFO  com.common.schedule.ETLOrchestrator - ETL任务开始执行，开始时间：2026-01-10 13:55:00,结束时间：2026-01-10 14:00:00
+2026-01-10 14:00:21.164 [scheduling-8] INFO  com.common.service.DataExtractor - 开始处理指定时间范围内访问日志数据，时间范围: 2026-01-10T13:55 - 2026-01-10T14:00
+2026-01-10 14:00:21.164 [log-processor-10] INFO  c.c.service.AccessLogAlertService - 开始执行访问日志告警处理任务
+2026-01-10 14:00:26.187 [log-processor-10] WARN  com.zaxxer.hikari.pool.PoolBase - HikariPool-1 - Failed to validate connection org.postgresql.jdbc.PgConnection@7c2603ab (This connection has been closed.). Possibly consider using a shorter maxLifetime value.
+2026-01-10 14:00:26.187 [scheduling-8] WARN  com.zaxxer.hikari.pool.PoolBase - HikariPool-1 - Failed to validate connection org.postgresql.jdbc.PgConnection@296964cd (This connection has been closed.). Possibly consider using a shorter maxLifetime value.
+2026-01-10 14:00:26.187 [scheduling-7] WARN  com.zaxxer.hikari.pool.PoolBase - HikariPool-1 - Failed to validate connection org.postgresql.jdbc.PgConnection@5da1fd68 (This connection has been closed.). Possibly consider using a shorter maxLifetime value.
+2026-01-10 14:00:26.187 [scheduling-4] WARN  com.zaxxer.hikari.pool.PoolBase - HikariPool-1 - Failed to validate connection org.postgresql.jdbc.PgConnection@7e34d60 (This connection has been closed.). Possibly consider using a shorter maxLifetime value.
+2026-01-10 14:00:26.187 [scheduling-9] WARN  com.zaxxer.hikari.pool.PoolBase - HikariPool-1 - Failed to validate connection org.postgresql.jdbc.PgConnection@654d837b (This connection has been closed.). Possibly consider using a shorter maxLifetime value.
+2026-01-10 14:00:31.199 [scheduling-9] WARN  com.zaxxer.hikari.pool.PoolBase - HikariPool-1 - Failed to validate connection org.postgresql.jdbc.PgConnection@a4c44d (This connection has been closed.). Possibly consider using a shorter maxLifetime value.
+2026-01-10 14:00:31.199 [log-processor-10] WARN  com.zaxxer.hikari.pool.PoolBase - HikariPool-1 - Failed to validate connection org.postgresql.jdbc.PgConnection@6722cb96 (This connection has been closed.). Possibly consider using a shorter maxLifetime value.
+2026-01-10 14:00:31.199 [scheduling-4] WARN  com.zaxxer.hikari.pool.PoolBase - HikariPool-1 - Failed to validate connection org.postgresql.jdbc.PgConnection@510720d2 (This connection has been closed.). Possibly consider using a shorter maxLifetime value.
+2026-01-10 14:00:31.199 [scheduling-8] WARN  com.zaxxer.hikari.pool.PoolBase - HikariPool-1 - Failed to validate connection org.postgresql.jdbc.PgConnection@818833a (This connection has been closed.). Possibly consider using a shorter maxLifetime value.
+2026-01-10 14:00:31.199 [scheduling-7] WARN  com.zaxxer.hikari.pool.PoolBase - HikariPool-1 - Failed to validate connection org.postgresql.jdbc.PgConnection@32621718 (This connection has been closed.). Possibly consider using a shorter maxLifetime value.
+2026-01-10 14:00:31.284 [scheduling-9] WARN  c.c.s.i.DeviceReceiveLogServiceImpl - 删除时间点2026-01-08T14:00:21.164晚于默认保留时间2026-01-03T14:00:31.284，使用默认时间
+2026-01-10 14:00:31.285 [scheduling-4] INFO  c.c.service.DeviceStatsUpdateService - 开始执行设备统计更新任务...
+2026-01-10 14:00:31.368 [scheduling-9] INFO  c.c.s.i.DeviceReceiveLogServiceImpl - 删除2026-01-03T14:00:31.284天前的日志，共删除0条
+2026-01-10 14:00:31.370 [scheduling-7] INFO  c.c.service.AccessLogAlertService - 加载了 1 个启用的算法配置
+2026-01-10 14:00:31.370 [scheduling-8] INFO  com.common.service.DataExtractor - 指定时间范围分组数据量: 0 组
+2026-01-10 14:00:31.370 [scheduling-8] INFO  com.common.service.DataExtractor - 没有需要处理的数据
+2026-01-10 14:00:31.370 [log-processor-10] INFO  c.c.service.AccessLogAlertService - 加载了 1 个启用的算法配置
+2026-01-10 14:00:31.370 [scheduling-8] INFO  com.common.service.DataExtractor - 开始处理告警类型指定时间范围内数据，时间范围: 2026-01-10T13:55 - 2026-01-10T14:00
+2026-01-10 14:00:31.373 [scheduling-4] INFO  c.c.service.DeviceStatsUpdateService - 设备统计更新完成，处理设备数：0，耗时：88ms
+2026-01-10 14:00:31.373 [scheduling-4] INFO  c.c.service.DeviceStatsUpdateService - 开始执行设备采集探针任务时间更新，时间: 2026-01-10T14:00:31.373
+2026-01-10 14:00:31.373 [scheduling-4] INFO  c.c.s.DeviceCollectTaskUpdateService - 开始批量更新设备采集任务时间，当前时间: 2026-01-10T14:00:31.373
+2026-01-10 14:00:31.452 [scheduling-9] INFO  com.common.schedule.ETLOrchestrator - 定时清理任务完成，删除0条2天前的日志
+2026-01-10 14:00:31.459 [scheduling-8] INFO  com.common.service.DataExtractor - 指定时间范围分组数据量: 0 组
+2026-01-10 14:00:31.459 [scheduling-8] INFO  com.common.service.DataExtractor - 没有需要处理的数据
+2026-01-10 14:00:31.459 [scheduling-8] INFO  com.common.schedule.ETLOrchestrator - 定时ETL任务执行完成，耗时: 10 秒
+2026-01-10 14:00:31.790 [scheduling-7] INFO  c.c.service.AccessLogAlertService - 没有发现新的日志数据，上次处理时间: 2026-01-10T13:35:33.821
+2026-01-10 14:00:31.795 [log-processor-10] INFO  c.c.service.AccessLogAlertService - 没有发现新的日志数据，上次处理时间: 2026-01-10T13:35:33.821
+2026-01-10 14:00:31.905 [scheduling-4] INFO  c.c.s.DeviceCollectTaskUpdateService - 批量更新完成，总计: 48，已更新: 1
+2026-01-10 14:00:31.905 [scheduling-4] INFO  c.c.service.DeviceStatsUpdateService - 设备采集探针任务时间更新完成，耗时: 532ms
+2026-01-10 14:01:00.001 [scheduling-2] INFO  com.common.schedule.ETLOrchestrator - ETL任务开始执行，开始时间：2026-01-10 13:55:00,结束时间：2026-01-10 14:00:00
+2026-01-10 14:01:00.001 [scheduling-2] INFO  com.common.service.DataExtractor - 开始处理指定时间范围内访问日志数据，时间范围: 2026-01-10T13:55 - 2026-01-10T14:00
+2026-01-10 14:01:00.087 [scheduling-9] WARN  c.c.s.i.DeviceReceiveLogServiceImpl - 删除时间点2026-01-08T14:01:00.001晚于默认保留时间2026-01-03T14:01:00.087，使用默认时间
+2026-01-10 14:01:00.102 [scheduling-3] INFO  c.c.service.DeviceStatsUpdateService - 开始执行设备统计更新任务...
+2026-01-10 14:01:00.172 [scheduling-9] INFO  c.c.s.i.DeviceReceiveLogServiceImpl - 删除2026-01-03T14:01:00.087天前的日志，共删除0条
+2026-01-10 14:01:00.173 [scheduling-2] INFO  com.common.service.DataExtractor - 指定时间范围分组数据量: 0 组
+2026-01-10 14:01:00.173 [scheduling-2] INFO  com.common.service.DataExtractor - 没有需要处理的数据
+2026-01-10 14:01:00.173 [scheduling-2] INFO  com.common.service.DataExtractor - 开始处理告警类型指定时间范围内数据，时间范围: 2026-01-10T13:55 - 2026-01-10T14:00
+2026-01-10 14:01:00.191 [scheduling-3] INFO  c.c.service.DeviceStatsUpdateService - 设备统计更新完成，处理设备数：0，耗时：89ms
+2026-01-10 14:01:00.192 [scheduling-3] INFO  c.c.service.DeviceStatsUpdateService - 开始执行设备采集探针任务时间更新，时间: 2026-01-10T14:01:00.192
+2026-01-10 14:01:00.192 [scheduling-3] INFO  c.c.s.DeviceCollectTaskUpdateService - 开始批量更新设备采集任务时间，当前时间: 2026-01-10T14:01:00.192
+2026-01-10 14:01:00.256 [scheduling-9] INFO  com.common.schedule.ETLOrchestrator - 定时清理任务完成，删除0条2天前的日志
+2026-01-10 14:01:00.266 [scheduling-2] INFO  com.common.service.DataExtractor - 指定时间范围分组数据量: 0 组
+2026-01-10 14:01:00.266 [scheduling-2] INFO  com.common.service.DataExtractor - 没有需要处理的数据
+2026-01-10 14:01:00.266 [scheduling-2] INFO  com.common.schedule.ETLOrchestrator - 定时ETL任务执行完成，耗时: 0 秒
+2026-01-10 14:01:00.678 [scheduling-3] INFO  c.c.s.DeviceCollectTaskUpdateService - 批量更新完成，总计: 48，已更新: 1
+2026-01-10 14:01:00.678 [scheduling-3] INFO  c.c.service.DeviceStatsUpdateService - 设备采集探针任务时间更新完成，耗时: 486ms
+2026-01-10 14:02:00.009 [scheduling-6] INFO  c.c.service.AccessLogAlertService - 开始执行访问日志告警处理任务
+2026-01-10 14:02:00.010 [log-processor-1] INFO  c.c.service.AccessLogAlertService - 开始执行访问日志告警处理任务
+2026-01-10 14:02:00.095 [scheduling-1] WARN  c.c.s.i.DeviceReceiveLogServiceImpl - 删除时间点2026-01-08T14:02:00.009晚于默认保留时间2026-01-03T14:02:00.095，使用默认时间
+2026-01-10 14:02:00.095 [scheduling-10] INFO  c.c.service.DeviceStatsUpdateService - 开始执行设备统计更新任务...
+2026-01-10 14:02:00.180 [scheduling-1] INFO  c.c.s.i.DeviceReceiveLogServiceImpl - 删除2026-01-03T14:02:00.095天前的日志，共删除0条
+2026-01-10 14:02:00.180 [log-processor-1] INFO  c.c.service.AccessLogAlertService - 加载了 1 个启用的算法配置
+2026-01-10 14:02:00.181 [scheduling-6] INFO  c.c.service.AccessLogAlertService - 加载了 1 个启用的算法配置
+2026-01-10 14:02:00.187 [scheduling-10] INFO  c.c.service.DeviceStatsUpdateService - 设备统计更新完成，处理设备数：0，耗时：92ms
+2026-01-10 14:02:00.187 [scheduling-10] INFO  c.c.service.DeviceStatsUpdateService - 开始执行设备采集探针任务时间更新，时间: 2026-01-10T14:02:00.187
+2026-01-10 14:02:00.187 [scheduling-10] INFO  c.c.s.DeviceCollectTaskUpdateService - 开始批量更新设备采集任务时间，当前时间: 2026-01-10T14:02:00.187
+2026-01-10 14:02:00.265 [scheduling-1] INFO  com.common.schedule.ETLOrchestrator - 定时清理任务完成，删除0条2天前的日志
+2026-01-10 14:02:00.666 [log-processor-1] INFO  c.c.service.AccessLogAlertService - 没有发现新的日志数据，上次处理时间: 2026-01-10T13:35:33.821
+2026-01-10 14:02:00.666 [scheduling-6] INFO  c.c.service.AccessLogAlertService - 没有发现新的日志数据，上次处理时间: 2026-01-10T13:35:33.821
+2026-01-10 14:02:00.715 [scheduling-10] INFO  c.c.s.DeviceCollectTaskUpdateService - 批量更新完成，总计: 48，已更新: 1
+2026-01-10 14:02:00.715 [scheduling-10] INFO  c.c.service.DeviceStatsUpdateService - 设备采集探针任务时间更新完成，耗时: 528ms
+2026-01-10 14:03:00.088 [scheduling-1] INFO  c.c.service.DeviceStatsUpdateService - 开始执行设备统计更新任务...
+2026-01-10 14:03:00.088 [scheduling-10] WARN  c.c.s.i.DeviceReceiveLogServiceImpl - 删除时间点2026-01-08T14:03:00.003晚于默认保留时间2026-01-03T14:03:00.088，使用默认时间
+2026-01-10 14:03:00.175 [scheduling-10] INFO  c.c.s.i.DeviceReceiveLogServiceImpl - 删除2026-01-03T14:03:00.088天前的日志，共删除0条
+2026-01-10 14:03:00.176 [scheduling-1] INFO  c.c.service.DeviceStatsUpdateService - 设备统计更新完成，处理设备数：0，耗时：88ms
+2026-01-10 14:03:00.176 [scheduling-1] INFO  c.c.service.DeviceStatsUpdateService - 开始执行设备采集探针任务时间更新，时间: 2026-01-10T14:03:00.176
+2026-01-10 14:03:00.176 [scheduling-1] INFO  c.c.s.DeviceCollectTaskUpdateService - 开始批量更新设备采集任务时间，当前时间: 2026-01-10T14:03:00.176
+2026-01-10 14:03:00.263 [scheduling-10] INFO  com.common.schedule.ETLOrchestrator - 定时清理任务完成，删除0条2天前的日志
+2026-01-10 14:03:00.752 [scheduling-1] INFO  c.c.s.DeviceCollectTaskUpdateService - 批量更新完成，总计: 48，已更新: 1
+2026-01-10 14:03:00.752 [scheduling-1] INFO  c.c.service.DeviceStatsUpdateService - 设备采集探针任务时间更新完成，耗时: 576ms
+2026-01-10 14:04:00.003 [scheduling-8] INFO  c.c.service.AccessLogAlertService - 开始执行访问日志告警处理任务
+2026-01-10 14:04:00.003 [log-processor-2] INFO  c.c.service.AccessLogAlertService - 开始执行访问日志告警处理任务
+2026-01-10 14:04:00.093 [scheduling-5] WARN  c.c.s.i.DeviceReceiveLogServiceImpl - 删除时间点2026-01-08T14:04:00.003晚于默认保留时间2026-01-03T14:04:00.093，使用默认时间
+2026-01-10 14:04:00.174 [scheduling-8] INFO  c.c.service.AccessLogAlertService - 加载了 1 个启用的算法配置
+2026-01-10 14:04:00.174 [log-processor-2] INFO  c.c.service.AccessLogAlertService - 加载了 1 个启用的算法配置
+2026-01-10 14:04:00.180 [scheduling-5] INFO  c.c.s.i.DeviceReceiveLogServiceImpl - 删除2026-01-03T14:04:00.093天前的日志，共删除0条
+2026-01-10 14:04:00.268 [scheduling-5] INFO  com.common.schedule.ETLOrchestrator - 定时清理任务完成，删除0条2天前的日志
+2026-01-10 14:04:00.300 [log-processor-2] INFO  c.c.service.AccessLogAlertService - 没有发现新的日志数据，上次处理时间: 2026-01-10T13:35:33.821
+2026-01-10 14:04:00.300 [scheduling-8] INFO  c.c.service.AccessLogAlertService - 没有发现新的日志数据，上次处理时间: 2026-01-10T13:35:33.821
+2026-01-10 14:04:00.372 [scheduling-3] INFO  c.c.service.DeviceStatsUpdateService - 开始执行设备统计更新任务...
+2026-01-10 14:04:00.467 [scheduling-3] INFO  c.c.service.DeviceStatsUpdateService - 设备统计更新完成，处理设备数：0，耗时：95ms
+2026-01-10 14:04:00.468 [scheduling-3] INFO  c.c.service.DeviceStatsUpdateService - 开始执行设备采集探针任务时间更新，时间: 2026-01-10T14:04:00.468
+2026-01-10 14:04:00.468 [scheduling-3] INFO  c.c.s.DeviceCollectTaskUpdateService - 开始批量更新设备采集任务时间，当前时间: 2026-01-10T14:04:00.468
+2026-01-10 14:04:00.952 [scheduling-3] INFO  c.c.s.DeviceCollectTaskUpdateService - 批量更新完成，总计: 48，已更新: 1
+2026-01-10 14:04:00.952 [scheduling-3] INFO  c.c.service.DeviceStatsUpdateService - 设备采集探针任务时间更新完成，耗时: 484ms
+2026-01-10 14:05:00.087 [scheduling-9] WARN  c.c.s.i.DeviceReceiveLogServiceImpl - 删除时间点2026-01-08T14:05:00.001晚于默认保留时间2026-01-03T14:05:00.087，使用默认时间
+2026-01-10 14:05:00.120 [scheduling-10] INFO  c.c.service.DeviceStatsUpdateService - 开始执行设备统计更新任务...
+2026-01-10 14:05:00.170 [scheduling-9] INFO  c.c.s.i.DeviceReceiveLogServiceImpl - 删除2026-01-03T14:05:00.087天前的日志，共删除0条
+2026-01-10 14:05:00.211 [scheduling-10] INFO  c.c.service.DeviceStatsUpdateService - 设备统计更新完成，处理设备数：0，耗时：91ms
+2026-01-10 14:05:00.212 [scheduling-10] INFO  c.c.service.DeviceStatsUpdateService - 开始执行设备采集探针任务时间更新，时间: 2026-01-10T14:05:00.212
+2026-01-10 14:05:00.212 [scheduling-10] INFO  c.c.s.DeviceCollectTaskUpdateService - 开始批量更新设备采集任务时间，当前时间: 2026-01-10T14:05:00.212
+2026-01-10 14:05:00.255 [scheduling-9] INFO  com.common.schedule.ETLOrchestrator - 定时清理任务完成，删除0条2天前的日志
+2026-01-10 14:05:01.063 [scheduling-10] INFO  c.c.s.DeviceCollectTaskUpdateService - 批量更新完成，总计: 48，已更新: 1
+2026-01-10 14:05:01.063 [scheduling-10] INFO  c.c.service.DeviceStatsUpdateService - 设备采集探针任务时间更新完成，耗时: 851ms
+2026-01-10 14:06:00.004 [scheduling-9] INFO  c.c.service.AccessLogAlertService - 开始执行访问日志告警处理任务
+2026-01-10 14:06:00.004 [log-processor-3] INFO  c.c.service.AccessLogAlertService - 开始执行访问日志告警处理任务
+2026-01-10 14:06:00.004 [scheduling-5] INFO  com.common.schedule.ETLOrchestrator - ETL任务开始执行，开始时间：2026-01-10 14:00:00,结束时间：2026-01-10 14:05:00
+2026-01-10 14:06:00.004 [scheduling-5] INFO  com.common.service.DataExtractor - 开始处理指定时间范围内访问日志数据，时间范围: 2026-01-10T14:00 - 2026-01-10T14:05
+2026-01-10 14:06:00.092 [scheduling-2] INFO  c.c.service.DeviceStatsUpdateService - 开始执行设备统计更新任务...
+2026-01-10 14:06:00.109 [scheduling-10] WARN  c.c.s.i.DeviceReceiveLogServiceImpl - 删除时间点2026-01-08T14:06:00.004晚于默认保留时间2026-01-03T14:06:00.109，使用默认时间
+2026-01-10 14:06:00.171 [scheduling-9] INFO  c.c.service.AccessLogAlertService - 加载了 1 个启用的算法配置
+2026-01-10 14:06:00.171 [log-processor-3] INFO  c.c.service.AccessLogAlertService - 加载了 1 个启用的算法配置
+2026-01-10 14:06:00.180 [scheduling-2] INFO  c.c.service.DeviceStatsUpdateService - 设备统计更新完成，处理设备数：0，耗时：88ms
+2026-01-10 14:06:00.180 [scheduling-2] INFO  c.c.service.DeviceStatsUpdateService - 开始执行设备采集探针任务时间更新，时间: 2026-01-10T14:06:00.180
+2026-01-10 14:06:00.180 [scheduling-2] INFO  c.c.s.DeviceCollectTaskUpdateService - 开始批量更新设备采集任务时间，当前时间: 2026-01-10T14:06:00.180
+2026-01-10 14:06:00.208 [scheduling-10] INFO  c.c.s.i.DeviceReceiveLogServiceImpl - 删除2026-01-03T14:06:00.109天前的日志，共删除0条
+2026-01-10 14:06:00.208 [scheduling-5] INFO  com.common.service.DataExtractor - 指定时间范围分组数据量: 0 组
+2026-01-10 14:06:00.208 [scheduling-5] INFO  com.common.service.DataExtractor - 没有需要处理的数据
+2026-01-10 14:06:00.209 [scheduling-5] INFO  com.common.service.DataExtractor - 开始处理告警类型指定时间范围内数据，时间范围: 2026-01-10T14:00 - 2026-01-10T14:05
+2026-01-10 14:06:00.293 [scheduling-10] INFO  com.common.schedule.ETLOrchestrator - 定时清理任务完成，删除0条2天前的日志
+2026-01-10 14:06:00.293 [scheduling-5] INFO  com.common.service.DataExtractor - 指定时间范围分组数据量: 0 组
+2026-01-10 14:06:00.293 [scheduling-5] INFO  com.common.service.DataExtractor - 没有需要处理的数据
+2026-01-10 14:06:00.297 [scheduling-5] INFO  com.common.schedule.ETLOrchestrator - 定时ETL任务执行完成，耗时: 0 秒
+2026-01-10 14:06:00.315 [log-processor-3] INFO  c.c.service.AccessLogAlertService - 没有发现新的日志数据，上次处理时间: 2026-01-10T13:35:33.821
+2026-01-10 14:06:00.316 [scheduling-9] INFO  c.c.service.AccessLogAlertService - 没有发现新的日志数据，上次处理时间: 2026-01-10T13:35:33.821
+2026-01-10 14:06:00.674 [scheduling-2] INFO  c.c.s.DeviceCollectTaskUpdateService - 批量更新完成，总计: 48，已更新: 1
+2026-01-10 14:06:00.674 [scheduling-2] INFO  c.c.service.DeviceStatsUpdateService - 设备采集探针任务时间更新完成，耗时: 494ms
+2026-01-10 14:07:00.090 [scheduling-2] INFO  c.c.service.DeviceStatsUpdateService - 开始执行设备统计更新任务...
+2026-01-10 14:07:00.090 [scheduling-10] WARN  c.c.s.i.DeviceReceiveLogServiceImpl - 删除时间点2026-01-08T14:07:00.003晚于默认保留时间2026-01-03T14:07:00.090，使用默认时间
+2026-01-10 14:07:00.178 [scheduling-10] INFO  c.c.s.i.DeviceReceiveLogServiceImpl - 删除2026-01-03T14:07:00.090天前的日志，共删除0条
+2026-01-10 14:07:00.178 [scheduling-2] INFO  c.c.service.DeviceStatsUpdateService - 设备统计更新完成，处理设备数：0，耗时：88ms
+2026-01-10 14:07:00.179 [scheduling-2] INFO  c.c.service.DeviceStatsUpdateService - 开始执行设备采集探针任务时间更新，时间: 2026-01-10T14:07:00.179
+2026-01-10 14:07:00.179 [scheduling-2] INFO  c.c.s.DeviceCollectTaskUpdateService - 开始批量更新设备采集任务时间，当前时间: 2026-01-10T14:07:00.179
+2026-01-10 14:07:00.263 [scheduling-10] INFO  com.common.schedule.ETLOrchestrator - 定时清理任务完成，删除0条2天前的日志
+2026-01-10 14:07:00.695 [scheduling-2] INFO  c.c.s.DeviceCollectTaskUpdateService - 批量更新完成，总计: 48，已更新: 1
+2026-01-10 14:07:00.695 [scheduling-2] INFO  c.c.service.DeviceStatsUpdateService - 设备采集探针任务时间更新完成，耗时: 516ms
+2026-01-10 14:08:00.002 [scheduling-3] INFO  c.c.service.AccessLogAlertService - 开始执行访问日志告警处理任务
+2026-01-10 14:08:00.002 [log-processor-4] INFO  c.c.service.AccessLogAlertService - 开始执行访问日志告警处理任务
+2026-01-10 14:08:00.096 [scheduling-2] INFO  c.c.service.DeviceStatsUpdateService - 开始执行设备统计更新任务...
+2026-01-10 14:08:00.096 [scheduling-4] WARN  c.c.s.i.DeviceReceiveLogServiceImpl - 删除时间点2026-01-08T14:08:00.002晚于默认保留时间2026-01-03T14:08:00.096，使用默认时间
+2026-01-10 14:08:00.170 [scheduling-3] INFO  c.c.service.AccessLogAlertService - 加载了 1 个启用的算法配置
+2026-01-10 14:08:00.170 [log-processor-4] INFO  c.c.service.AccessLogAlertService - 加载了 1 个启用的算法配置
+2026-01-10 14:08:00.181 [scheduling-4] INFO  c.c.s.i.DeviceReceiveLogServiceImpl - 删除2026-01-03T14:08:00.096天前的日志，共删除0条
+2026-01-10 14:08:00.184 [scheduling-2] INFO  c.c.service.DeviceStatsUpdateService - 设备统计更新完成，处理设备数：0，耗时：88ms
+2026-01-10 14:08:00.185 [scheduling-2] INFO  c.c.service.DeviceStatsUpdateService - 开始执行设备采集探针任务时间更新，时间: 2026-01-10T14:08:00.185
+2026-01-10 14:08:00.185 [scheduling-2] INFO  c.c.s.DeviceCollectTaskUpdateService - 开始批量更新设备采集任务时间，当前时间: 2026-01-10T14:08:00.185
+2026-01-10 14:08:00.271 [scheduling-4] INFO  com.common.schedule.ETLOrchestrator - 定时清理任务完成，删除0条2天前的日志
+2026-01-10 14:08:00.310 [log-processor-4] INFO  c.c.service.AccessLogAlertService - 没有发现新的日志数据，上次处理时间: 2026-01-10T13:35:33.821
+2026-01-10 14:08:00.311 [scheduling-3] INFO  c.c.service.AccessLogAlertService - 没有发现新的日志数据，上次处理时间: 2026-01-10T13:35:33.821
+2026-01-10 14:08:00.636 [scheduling-2] INFO  c.c.s.DeviceCollectTaskUpdateService - 批量更新完成，总计: 48，已更新: 1
+2026-01-10 14:08:00.636 [scheduling-2] INFO  c.c.service.DeviceStatsUpdateService - 设备采集探针任务时间更新完成，耗时: 451ms
+2026-01-10 14:08:50.215 [http-nio-8089-exec-3] INFO  com.controllers.SyslogPushController - 收到syslog发送请求: SyslogRequest{ip='192.168.0.103', port=514, logContent='<0> 2026-01-10T05:28:32+08:00 ubuntu log_forward[3419]: {"timestamp":"2026-01-10T05:28:32.806781+0800","flow_id":1671852309144385,"community_id":"uLeKRLkXu9m0D0DNn6wIg7CcdOs=","serial_num":"CJFBT92","origin":"eno4","xdr_log_type":"http","vxlan_vni":256,"src_ip":"172.16.121.137","src_port":51114,"dest_ip":"110.43.89.7","dest_port":80,"proto":"TCP","app_proto":"http","tcp_sequence":3553898360,"tcp_ack_sequence":3537707565,"ether":{"src_mac":"90:f1:b0:fb:81:a1","dest_mac":"a4:7b:2c:21:03:79"},"host":"rq.lbcct.cloud.duba.net","host_md5":"51cfa6d0981c8eb355a9b3af716da08d","uri":"/query?1767994112","uri_md5":"f28f2c62d0dd01c355caa05815d93d99","referer":"","method":"POST","protocol":"HTTP/1.1","status":200,"req_content_type":"application/x-www-form-urlencoded","request_headers":"host: rq.lbcct.cloud.duba.net\r\naccept: */*\r\ncontent-length: 85\r\ncontent-type: application/x-www-form-urlencoded\r\n","rsp_content_type":"text/plain","response_headers":"server: Tengine/1.5.2\r\ndate: Fri, 09 Jan 2026 21:28:32 GMT\r\ncontent-type: text/plain\r\nContent-Length: 54\r\nConnection: keep-alive\r\nContent-Tag: 1936292435\r\n"}', protocol='TCP', facility='USER', severity='INFO'}
+2026-01-10 14:08:50.215 [http-nio-8089-exec-3] INFO  com.common.service.SyslogService - 开始发送syslog消息: IP=192.168.0.103, Port=514
+2026-01-10 14:08:50.219 [http-nio-8089-exec-3] INFO  com.common.service.SyslogService - TCP Syslog消息发送成功: 192.168.0.103:514
+2026-01-10 14:08:50.219 [http-nio-8089-exec-3] INFO  com.controllers.SyslogPushController - Syslog消息发送成功: IP=192.168.0.103, Port=514
+2026-01-10 14:08:56.198 [org.springframework.kafka.KafkaListenerEndpointContainer#0-0-C-1] INFO  c.Modules.NormalData.SysLogProcessor - 开始处理批次消息，数量: 1
+2026-01-10 14:08:56.198 [log-processor-5] INFO  c.Modules.NormalData.SysLogProcessor - 收到syslogmessage：[receive_time=20260110140855438 device_id=248 device_name=开发环境设备-HOME vendor=HFish data_type=json device_collect_id=1]<0> 2026-01-10T05:28:32+08:00 ubuntu log_forward[3419]: {"timestamp":"2026-01-10T05:28:32.806781+0800","flow_id":1671852309144385,"community_id":"uLeKRLkXu9m0D0DNn6wIg7CcdOs=","serial_num":"CJFBT92","origin":"eno4","xdr_log_type":"http","vxlan_vni":256,"src_ip":"172.16.121.137","src_port":51114,"dest_ip":"110.43.89.7","dest_port":80,"proto":"TCP","app_proto":"http","tcp_sequence":3553898360,"tcp_ack_sequence":3537707565,"ether":{"src_mac":"90:f1:b0:fb:81:a1","dest_mac":"a4:7b:2c:21:03:79"},"host":"rq.lbcct.cloud.duba.net","host_md5":"51cfa6d0981c8eb355a9b3af716da08d","uri":"/query?1767994112","uri_md5":"f28f2c62d0dd01c355caa05815d93d99","referer":"","method":"POST","protocol":"HTTP/1.1","status":200,"req_content_type":"application/x-www-form-urlencoded","request_headers":"host: rq.lbcct.cloud.duba.net\r\naccept: */*\r\ncontent-length: 85\r\ncontent-type: application/x-www-form-urlencoded\r\n","rsp_content_type":"text/plain","response_headers":"server: Tengine/1.5.2\r\ndate: Fri, 09 Jan 2026 21:28:32 GMT\r\ncontent-type: text/plain\r\nContent-Length: 54\r\nConnection: keep-alive\r\nContent-Tag: 1936292435\r\n"}
+2026-01-10 14:09:00.088 [scheduling-4] WARN  c.c.s.i.DeviceReceiveLogServiceImpl - 删除时间点2026-01-08T14:09:00.002晚于默认保留时间2026-01-03T14:09:00.088，使用默认时间
+2026-01-10 14:09:00.107 [scheduling-10] INFO  c.c.service.DeviceStatsUpdateService - 开始执行设备统计更新任务...
+2026-01-10 14:09:00.178 [scheduling-4] INFO  c.c.s.i.DeviceReceiveLogServiceImpl - 删除2026-01-03T14:09:00.088天前的日志，共删除0条
+2026-01-10 14:09:00.262 [scheduling-4] INFO  com.common.schedule.ETLOrchestrator - 定时清理任务完成，删除0条2天前的日志
+2026-01-10 14:09:00.297 [scheduling-10] INFO  c.c.service.DeviceStatsUpdateService - 设备统计更新完成，处理设备数：1，耗时：190ms
+2026-01-10 14:09:00.297 [scheduling-10] INFO  c.c.service.DeviceStatsUpdateService - 开始执行设备采集探针任务时间更新，时间: 2026-01-10T14:09:00.297
+2026-01-10 14:09:00.297 [scheduling-10] INFO  c.c.s.DeviceCollectTaskUpdateService - 开始批量更新设备采集任务时间，当前时间: 2026-01-10T14:09:00.297
+2026-01-10 14:09:00.740 [scheduling-10] INFO  c.c.s.DeviceCollectTaskUpdateService - 批量更新完成，总计: 48，已更新: 1
+2026-01-10 14:09:00.740 [scheduling-10] INFO  c.c.service.DeviceStatsUpdateService - 设备采集探针任务时间更新完成，耗时: 443ms
+2026-01-10 14:09:01.651 [log-processor-5] WARN  c.c.service.LogDataFilterService - 泛化规则-数据过滤规则为空，默认不处理!
+2026-01-10 14:10:19.341 [scheduling-6] INFO  c.c.service.AccessLogAlertService - 开始执行访问日志告警处理任务
+2026-01-10 14:10:19.341 [HikariPool-1 housekeeper] WARN  com.zaxxer.hikari.pool.HikariPool - HikariPool-1 - Thread starvation or clock leap detected (housekeeper delta=1m25s115ms628µs300ns).
+2026-01-10 14:10:19.341 [log-processor-6] INFO  c.c.service.AccessLogAlertService - 开始执行访问日志告警处理任务
+2026-01-10 14:10:19.346 [org.springframework.kafka.KafkaListenerEndpointContainer#0-0-C-1] WARN  c.Modules.NormalData.SysLogProcessor - 批次处理超时，已处理: 0/1
+2026-01-10 14:10:20.390 [scheduling-9] WARN  c.c.s.i.DeviceReceiveLogServiceImpl - 删除时间点2026-01-08T14:10:19.341晚于默认保留时间2026-01-03T14:10:20.390，使用默认时间
+2026-01-10 14:10:20.390 [scheduling-5] INFO  c.c.service.DeviceStatsUpdateService - 开始执行设备统计更新任务...
+2026-01-10 14:10:20.562 [scheduling-6] INFO  c.c.service.AccessLogAlertService - 加载了 1 个启用的算法配置
+2026-01-10 14:10:20.562 [log-processor-6] INFO  c.c.service.AccessLogAlertService - 加载了 1 个启用的算法配置
+2026-01-10 14:10:20.688 [scheduling-9] INFO  c.c.s.i.DeviceReceiveLogServiceImpl - 删除2026-01-03T14:10:20.390天前的日志，共删除0条
+2026-01-10 14:10:37.594 [scheduling-9] INFO  com.common.schedule.ETLOrchestrator - 定时清理任务完成，删除0条2天前的日志
+2026-01-10 14:10:37.594 [scheduling-5] INFO  c.c.service.DeviceStatsUpdateService - 设备统计更新完成，处理设备数：1，耗时：17204ms
+2026-01-10 14:10:37.594 [log-processor-6] INFO  c.c.service.AccessLogAlertService - 没有发现新的日志数据，上次处理时间: 2026-01-10T13:35:33.821
+2026-01-10 14:10:37.594 [scheduling-5] INFO  c.c.service.DeviceStatsUpdateService - 开始执行设备采集探针任务时间更新，时间: 2026-01-10T14:10:37.594
+2026-01-10 14:10:37.595 [scheduling-5] INFO  c.c.s.DeviceCollectTaskUpdateService - 开始批量更新设备采集任务时间，当前时间: 2026-01-10T14:10:37.595
+2026-01-10 14:10:40.009 [org.springframework.kafka.KafkaListenerEndpointContainer#0-1-C-1] INFO  o.s.k.l.KafkaMessageListenerContainer - test-group-app: partitions assigned: [test-topic-0]
+2026-01-10 14:10:40.017 [org.springframework.kafka.KafkaListenerEndpointContainer#0-0-C-1] ERROR o.a.k.c.c.i.ConsumerCoordinator - [Consumer clientId=consumer-test-group-app-1, groupId=test-group-app] Offset commit failed on partition test-topic-0 at offset 477: The coordinator is not aware of this member.
+2026-01-10 14:10:40.021 [org.springframework.kafka.KafkaListenerEndpointContainer#0-0-C-1] ERROR o.s.k.l.KafkaMessageListenerContainer - Consumer exception
+java.lang.IllegalStateException: This error handler cannot process 'org.apache.kafka.clients.consumer.CommitFailedException's; no record information is available
+	at org.springframework.kafka.listener.DefaultErrorHandler.handleOtherException(DefaultErrorHandler.java:157)
+	at org.springframework.kafka.listener.KafkaMessageListenerContainer$ListenerConsumer.handleConsumerException(KafkaMessageListenerContainer.java:1812)
+	at org.springframework.kafka.listener.KafkaMessageListenerContainer$ListenerConsumer.run(KafkaMessageListenerContainer.java:1301)
+	at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511)
+	at java.util.concurrent.FutureTask.run$$$capture(FutureTask.java:266)
+	at java.util.concurrent.FutureTask.run(FutureTask.java)
+	at java.lang.Thread.run(Thread.java:745)
+Caused by: org.apache.kafka.clients.consumer.CommitFailedException: Commit cannot be completed since the group has already rebalanced and assigned the partitions to another member. This means that the time between subsequent calls to poll() was longer than the configured max.poll.interval.ms, which typically implies that the poll loop is spending too much time message processing. You can address this either by increasing max.poll.interval.ms or by reducing the maximum size of batches returned in poll() with max.poll.records.
+	at org.apache.kafka.clients.consumer.internals.ConsumerCoordinator$OffsetCommitResponseHandler.handle(ConsumerCoordinator.java:1441)
+	at org.apache.kafka.clients.consumer.internals.ConsumerCoordinator$OffsetCommitResponseHandler.handle(ConsumerCoordinator.java:1341)
+	at org.apache.kafka.clients.consumer.internals.AbstractCoordinator$CoordinatorResponseHandler.onSuccess(AbstractCoordinator.java:1260)
+	at org.apache.kafka.clients.consumer.internals.AbstractCoordinator$CoordinatorResponseHandler.onSuccess(AbstractCoordinator.java:1235)
+	at org.apache.kafka.clients.consumer.internals.RequestFuture$1.onSuccess(RequestFuture.java:206)
+	at org.apache.kafka.clients.consumer.internals.RequestFuture.fireSuccess(RequestFuture.java:169)
+	at org.apache.kafka.clients.consumer.internals.RequestFuture.complete(RequestFuture.java:129)
+	at org.apache.kafka.clients.consumer.internals.ConsumerNetworkClient$RequestFutureCompletionHandler.fireCompletion(ConsumerNetworkClient.java:617)
+	at org.apache.kafka.clients.consumer.internals.ConsumerNetworkClient.firePendingCompletedRequests(ConsumerNetworkClient.java:427)
+	at org.apache.kafka.clients.consumer.internals.ConsumerNetworkClient.poll(ConsumerNetworkClient.java:312)
+	at org.apache.kafka.clients.consumer.internals.ConsumerNetworkClient.poll(ConsumerNetworkClient.java:230)
+	at org.apache.kafka.clients.consumer.internals.ConsumerNetworkClient.poll(ConsumerNetworkClient.java:214)
+	at org.apache.kafka.clients.consumer.internals.ConsumerCoordinator.commitOffsetsSync(ConsumerCoordinator.java:1174)
+	at org.apache.kafka.clients.consumer.KafkaConsumer.commitSync(KafkaConsumer.java:1502)
+	at org.springframework.kafka.listener.KafkaMessageListenerContainer$ListenerConsumer.doCommitSync(KafkaMessageListenerContainer.java:3062)
+	at org.springframework.kafka.listener.KafkaMessageListenerContainer$ListenerConsumer.commitSync(KafkaMessageListenerContainer.java:3057)
+	at org.springframework.kafka.listener.KafkaMessageListenerContainer$ListenerConsumer.commitIfNecessary(KafkaMessageListenerContainer.java:3043)
+	at org.springframework.kafka.listener.KafkaMessageListenerContainer$ListenerConsumer.processCommits(KafkaMessageListenerContainer.java:2835)
+	at org.springframework.kafka.listener.KafkaMessageListenerContainer$ListenerConsumer.pollAndInvoke(KafkaMessageListenerContainer.java:1329)
+	at org.springframework.kafka.listener.KafkaMessageListenerContainer$ListenerConsumer.run(KafkaMessageListenerContainer.java:1255)
+	... 4 common frames omitted
+2026-01-10 14:10:40.021 [org.springframework.kafka.KafkaListenerEndpointContainer#0-0-C-1] INFO  o.s.k.l.KafkaMessageListenerContainer - test-group-app: partitions lost: [test-topic-0]
+2026-01-10 14:10:40.033 [org.springframework.kafka.KafkaListenerEndpointContainer#0-0-C-1] INFO  o.s.k.l.KafkaMessageListenerContainer - test-group-app: partitions revoked: [test-topic-0]
+2026-01-10 14:10:40.078 [scheduling-6] INFO  c.c.service.AccessLogAlertService - 没有发现新的日志数据，上次处理时间: 2026-01-10T13:35:33.821
+2026-01-10 14:10:40.486 [scheduling-5] INFO  c.c.s.DeviceCollectTaskUpdateService - 批量更新完成，总计: 48，已更新: 1
+2026-01-10 14:10:40.487 [scheduling-5] INFO  c.c.service.DeviceStatsUpdateService - 设备采集探针任务时间更新完成，耗时: 2893ms
+2026-01-10 14:10:40.514 [org.springframework.kafka.KafkaListenerEndpointContainer#0-1-C-1] INFO  c.Modules.NormalData.SysLogProcessor - 开始处理批次消息，数量: 1
+2026-01-10 14:10:40.514 [log-processor-7] INFO  c.Modules.NormalData.SysLogProcessor - 收到syslogmessage：[receive_time=20260110140855438 device_id=248 device_name=开发环境设备-HOME vendor=HFish data_type=json device_collect_id=1]<0> 2026-01-10T05:28:32+08:00 ubuntu log_forward[3419]: {"timestamp":"2026-01-10T05:28:32.806781+0800","flow_id":1671852309144385,"community_id":"uLeKRLkXu9m0D0DNn6wIg7CcdOs=","serial_num":"CJFBT92","origin":"eno4","xdr_log_type":"http","vxlan_vni":256,"src_ip":"172.16.121.137","src_port":51114,"dest_ip":"110.43.89.7","dest_port":80,"proto":"TCP","app_proto":"http","tcp_sequence":3553898360,"tcp_ack_sequence":3537707565,"ether":{"src_mac":"90:f1:b0:fb:81:a1","dest_mac":"a4:7b:2c:21:03:79"},"host":"rq.lbcct.cloud.duba.net","host_md5":"51cfa6d0981c8eb355a9b3af716da08d","uri":"/query?1767994112","uri_md5":"f28f2c62d0dd01c355caa05815d93d99","referer":"","method":"POST","protocol":"HTTP/1.1","status":200,"req_content_type":"application/x-www-form-urlencoded","request_headers":"host: rq.lbcct.cloud.duba.net\r\naccept: */*\r\ncontent-length: 85\r\ncontent-type: application/x-www-form-urlencoded\r\n","rsp_content_type":"text/plain","response_headers":"server: Tengine/1.5.2\r\ndate: Fri, 09 Jan 2026 21:28:32 GMT\r\ncontent-type: text/plain\r\nContent-Length: 54\r\nConnection: keep-alive\r\nContent-Tag: 1936292435\r\n"}
+2026-01-10 14:10:40.565 [log-processor-7] WARN  c.c.service.LogDataFilterService - 泛化规则-数据过滤规则为空，默认不处理!
+2026-01-10 14:10:55.526 [org.springframework.kafka.KafkaListenerEndpointContainer#0-1-C-1] INFO  c.Modules.NormalData.SysLogProcessor - 批次处理完成，总数: 1
+2026-01-10 14:10:55.549 [org.springframework.kafka.KafkaListenerEndpointContainer#0-1-C-1] INFO  o.s.k.l.KafkaMessageListenerContainer - test-group-app: partitions revoked: [test-topic-0]
+2026-01-10 14:10:55.564 [org.springframework.kafka.KafkaListenerEndpointContainer#0-1-C-1] INFO  o.s.k.l.KafkaMessageListenerContainer - test-group-app: partitions assigned: []
+2026-01-10 14:10:55.570 [org.springframework.kafka.KafkaListenerEndpointContainer#0-0-C-1] INFO  o.s.k.l.KafkaMessageListenerContainer - test-group-app: partitions assigned: [test-topic-0]
+2026-01-10 14:11:00.002 [scheduling-8] INFO  com.common.schedule.ETLOrchestrator - ETL任务开始执行，开始时间：2026-01-10 14:05:00,结束时间：2026-01-10 14:10:00
+2026-01-10 14:11:00.002 [scheduling-8] INFO  com.common.service.DataExtractor - 开始处理指定时间范围内访问日志数据，时间范围: 2026-01-10T14:05 - 2026-01-10T14:10
+2026-01-10 14:11:00.085 [scheduling-9] WARN  c.c.s.i.DeviceReceiveLogServiceImpl - 删除时间点2026-01-08T14:11:00.002晚于默认保留时间2026-01-03T14:11:00.085，使用默认时间
+2026-01-10 14:11:00.088 [scheduling-3] INFO  c.c.service.DeviceStatsUpdateService - 开始执行设备统计更新任务...
+2026-01-10 14:11:00.171 [scheduling-9] INFO  c.c.s.i.DeviceReceiveLogServiceImpl - 删除2026-01-03T14:11:00.085天前的日志，共删除0条
+2026-01-10 14:11:00.171 [scheduling-8] INFO  com.common.service.DataExtractor - 指定时间范围分组数据量: 0 组
+2026-01-10 14:11:00.171 [scheduling-8] INFO  com.common.service.DataExtractor - 没有需要处理的数据
+2026-01-10 14:11:00.171 [scheduling-8] INFO  com.common.service.DataExtractor - 开始处理告警类型指定时间范围内数据，时间范围: 2026-01-10T14:05 - 2026-01-10T14:10
+2026-01-10 14:11:00.256 [scheduling-8] INFO  com.common.service.DataExtractor - 指定时间范围分组数据量: 0 组
+2026-01-10 14:11:00.256 [scheduling-8] INFO  com.common.service.DataExtractor - 没有需要处理的数据
+2026-01-10 14:11:00.256 [scheduling-8] INFO  com.common.schedule.ETLOrchestrator - 定时ETL任务执行完成，耗时: 0 秒
+2026-01-10 14:11:00.575 [scheduling-3] INFO  c.c.service.DeviceStatsUpdateService - 设备统计更新完成，处理设备数：1，耗时：487ms
+2026-01-10 14:11:00.575 [scheduling-3] INFO  c.c.service.DeviceStatsUpdateService - 开始执行设备采集探针任务时间更新，时间: 2026-01-10T14:11:00.575
+2026-01-10 14:11:00.575 [scheduling-3] INFO  c.c.s.DeviceCollectTaskUpdateService - 开始批量更新设备采集任务时间，当前时间: 2026-01-10T14:11:00.575
+2026-01-10 14:11:00.847 [scheduling-9] INFO  com.common.schedule.ETLOrchestrator - 定时清理任务完成，删除0条2天前的日志
+2026-01-10 14:11:01.055 [scheduling-3] INFO  c.c.s.DeviceCollectTaskUpdateService - 批量更新完成，总计: 48，已更新: 1
+2026-01-10 14:11:01.055 [scheduling-3] INFO  c.c.service.DeviceStatsUpdateService - 设备采集探针任务时间更新完成，耗时: 480ms
+2026-01-10 14:12:00.012 [scheduling-2] INFO  c.c.service.AccessLogAlertService - 开始执行访问日志告警处理任务
+2026-01-10 14:12:00.012 [log-processor-8] INFO  c.c.service.AccessLogAlertService - 开始执行访问日志告警处理任务
+2026-01-10 14:12:00.096 [scheduling-7] WARN  c.c.s.i.DeviceReceiveLogServiceImpl - 删除时间点2026-01-08T14:12:00.011晚于默认保留时间2026-01-03T14:12:00.096，使用默认时间
+2026-01-10 14:12:00.133 [scheduling-10] INFO  c.c.service.DeviceStatsUpdateService - 开始执行设备统计更新任务...
+2026-01-10 14:12:00.180 [scheduling-7] INFO  c.c.s.i.DeviceReceiveLogServiceImpl - 删除2026-01-03T14:12:00.096天前的日志，共删除0条
+2026-01-10 14:12:00.180 [scheduling-2] INFO  c.c.service.AccessLogAlertService - 加载了 1 个启用的算法配置
+2026-01-10 14:12:00.183 [log-processor-8] INFO  c.c.service.AccessLogAlertService - 加载了 1 个启用的算法配置
+2026-01-10 14:12:00.263 [scheduling-7] INFO  com.common.schedule.ETLOrchestrator - 定时清理任务完成，删除0条2天前的日志
+2026-01-10 14:12:00.295 [scheduling-2] INFO  c.c.service.AccessLogAlertService - 获取到 2 条新的日志数据，时间范围: 2026-01-10T13:35:33.821 到 2026-01-10T14:12:00.180
+2026-01-10 14:12:00.297 [scheduling-2] INFO  c.c.service.AccessLogAlertService - 开始处理算法: 测试算法3 (ID: 2004083121877696514)
+2026-01-10 14:12:00.307 [scheduling-10] INFO  c.c.service.DeviceStatsUpdateService - 设备统计更新完成，处理设备数：1，耗时：174ms
+2026-01-10 14:12:00.307 [scheduling-10] INFO  c.c.service.DeviceStatsUpdateService - 开始执行设备采集探针任务时间更新，时间: 2026-01-10T14:12:00.307
+2026-01-10 14:12:00.307 [scheduling-10] INFO  c.c.s.DeviceCollectTaskUpdateService - 开始批量更新设备采集任务时间，当前时间: 2026-01-10T14:12:00.307
+2026-01-10 14:12:00.625 [log-processor-8] INFO  c.c.service.AccessLogAlertService - 获取到 2 条新的日志数据，时间范围: 2026-01-10T13:35:33.821 到 2026-01-10T14:12:00.183
+2026-01-10 14:12:00.625 [log-processor-8] INFO  c.c.service.AccessLogAlertService - 开始处理算法: 测试算法3 (ID: 2004083121877696514)
+2026-01-10 14:12:00.784 [scheduling-10] INFO  c.c.s.DeviceCollectTaskUpdateService - 批量更新完成，总计: 48，已更新: 1
+2026-01-10 14:12:00.784 [scheduling-10] INFO  c.c.service.DeviceStatsUpdateService - 设备采集探针任务时间更新完成，耗时: 477ms
+2026-01-10 14:12:02.417 [scheduling-2] ERROR c.c.service.AccessLogAlertService - 调用算法API异常 [URL: http://192.168.4.33:5001/Webshell]: I/O error on POST request for "http://192.168.4.33:5001/Webshell": Connection refused: connect; nested exception is java.net.ConnectException: Connection refused: connect
+org.springframework.web.client.ResourceAccessException: I/O error on POST request for "http://192.168.4.33:5001/Webshell": Connection refused: connect; nested exception is java.net.ConnectException: Connection refused: connect
+	at org.springframework.web.client.RestTemplate.doExecute(RestTemplate.java:785)
+	at org.springframework.web.client.RestTemplate.execute(RestTemplate.java:711)
+	at org.springframework.web.client.RestTemplate.exchange(RestTemplate.java:602)
+	at com.common.service.AccessLogAlertService.callAlgorithmApi(AccessLogAlertService.java:275)
+	at com.common.service.AccessLogAlertService.processAlgorithm(AccessLogAlertService.java:153)
+	at com.common.service.AccessLogAlertService.processAccessLogAlert(AccessLogAlertService.java:122)
+	at com.common.service.AccessLogAlertService.safeProcessTask(AccessLogAlertService.java:387)
+	at com.common.service.AccessLogAlertService$$FastClassBySpringCGLIB$$4807ae0a.invoke(<generated>)
+	at org.springframework.cglib.proxy.MethodProxy.invoke(MethodProxy.java:218)
+	at org.springframework.aop.framework.CglibAopProxy.invokeMethod(CglibAopProxy.java:386)
+	at org.springframework.aop.framework.CglibAopProxy.access$000(CglibAopProxy.java:85)
+	at org.springframework.aop.framework.CglibAopProxy$DynamicAdvisedInterceptor.intercept(CglibAopProxy.java:704)
+	at com.common.service.AccessLogAlertService$$EnhancerBySpringCGLIB$$a38bc9af.safeProcessTask(<generated>)
+	at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
+	at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
+	at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
+	at java.lang.reflect.Method.invoke(Method.java:498)
+	at org.springframework.scheduling.support.ScheduledMethodRunnable.run(ScheduledMethodRunnable.java:84)
+	at org.springframework.scheduling.support.DelegatingErrorHandlingRunnable.run(DelegatingErrorHandlingRunnable.java:54)
+	at org.springframework.scheduling.concurrent.ReschedulingRunnable.run(ReschedulingRunnable.java:95)
+	at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511)
+	at java.util.concurrent.FutureTask.run$$$capture(FutureTask.java:266)
+	at java.util.concurrent.FutureTask.run(FutureTask.java)
+	at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.access$201(ScheduledThreadPoolExecutor.java:180)
+	at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.run(ScheduledThreadPoolExecutor.java:293)
+	at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
+	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
+	at java.lang.Thread.run(Thread.java:745)
+Caused by: java.net.ConnectException: Connection refused: connect
+	at java.net.DualStackPlainSocketImpl.waitForConnect(Native Method)
+	at java.net.DualStackPlainSocketImpl.socketConnect(DualStackPlainSocketImpl.java:85)
+	at java.net.AbstractPlainSocketImpl.doConnect(AbstractPlainSocketImpl.java:350)
+	at java.net.AbstractPlainSocketImpl.connectToAddress(AbstractPlainSocketImpl.java:206)
+	at java.net.AbstractPlainSocketImpl.connect(AbstractPlainSocketImpl.java:188)
+	at java.net.PlainSocketImpl.connect(PlainSocketImpl.java:172)
+	at java.net.SocksSocketImpl.connect(SocksSocketImpl.java:392)
+	at java.net.Socket.connect(Socket.java:589)
+	at sun.net.NetworkClient.doConnect(NetworkClient.java:175)
+	at sun.net.www.http.HttpClient.openServer(HttpClient.java:432)
+	at sun.net.www.http.HttpClient.openServer(HttpClient.java:527)
+	at sun.net.www.http.HttpClient.<init>(HttpClient.java:211)
+	at sun.net.www.http.HttpClient.New(HttpClient.java:308)
+	at sun.net.www.http.HttpClient.New(HttpClient.java:326)
+	at sun.net.www.protocol.http.HttpURLConnection.getNewHttpClient(HttpURLConnection.java:1202)
+	at sun.net.www.protocol.http.HttpURLConnection.plainConnect0(HttpURLConnection.java:1138)
+	at sun.net.www.protocol.http.HttpURLConnection.plainConnect(HttpURLConnection.java:1032)
+	at sun.net.www.protocol.http.HttpURLConnection.connect(HttpURLConnection.java:966)
+	at org.springframework.http.client.SimpleBufferingClientHttpRequest.executeInternal(SimpleBufferingClientHttpRequest.java:76)
+	at org.springframework.http.client.AbstractBufferingClientHttpRequest.executeInternal(AbstractBufferingClientHttpRequest.java:48)
+	at org.springframework.http.client.AbstractClientHttpRequest.execute(AbstractClientHttpRequest.java:66)
+	at org.springframework.http.client.InterceptingClientHttpRequest$InterceptingRequestExecution.execute(InterceptingClientHttpRequest.java:109)
+	at com.config.RestTemplateConfig$LoggingInterceptor.intercept(RestTemplateConfig.java:62)
+	at org.springframework.http.client.InterceptingClientHttpRequest$InterceptingRequestExecution.execute(InterceptingClientHttpRequest.java:93)
+	at org.springframework.http.client.InterceptingClientHttpRequest.executeInternal(InterceptingClientHttpRequest.java:77)
+	at org.springframework.http.client.AbstractBufferingClientHttpRequest.executeInternal(AbstractBufferingClientHttpRequest.java:48)
+	at org.springframework.http.client.AbstractClientHttpRequest.execute(AbstractClientHttpRequest.java:66)
+	at org.springframework.web.client.RestTemplate.doExecute(RestTemplate.java:776)
+	... 27 common frames omitted
+2026-01-10 14:12:02.421 [scheduling-2] ERROR c.c.service.AccessLogAlertService - 调用算法API失败: http://192.168.4.33:5001/Webshell - 无响应
+2026-01-10 14:12:02.421 [scheduling-2] INFO  c.c.service.AccessLogAlertService - 访问日志告警处理任务完成，下次将从 2026-01-10T14:12:00.180 开始处理
+2026-01-10 14:12:02.728 [log-processor-8] ERROR c.c.service.AccessLogAlertService - 调用算法API异常 [URL: http://192.168.4.33:5001/Webshell]: I/O error on POST request for "http://192.168.4.33:5001/Webshell": Connection refused: connect; nested exception is java.net.ConnectException: Connection refused: connect
+org.springframework.web.client.ResourceAccessException: I/O error on POST request for "http://192.168.4.33:5001/Webshell": Connection refused: connect; nested exception is java.net.ConnectException: Connection refused: connect
+	at org.springframework.web.client.RestTemplate.doExecute(RestTemplate.java:785)
+	at org.springframework.web.client.RestTemplate.execute(RestTemplate.java:711)
+	at org.springframework.web.client.RestTemplate.exchange(RestTemplate.java:602)
+	at com.common.service.AccessLogAlertService.callAlgorithmApi(AccessLogAlertService.java:275)
+	at com.common.service.AccessLogAlertService.processAlgorithm(AccessLogAlertService.java:153)
+	at com.common.service.AccessLogAlertService.processAccessLogAlert(AccessLogAlertService.java:122)
+	at com.common.service.AccessLogAlertService$$FastClassBySpringCGLIB$$4807ae0a.invoke(<generated>)
+	at org.springframework.cglib.proxy.MethodProxy.invoke(MethodProxy.java:218)
+	at org.springframework.aop.framework.CglibAopProxy$CglibMethodInvocation.invokeJoinpoint(CglibAopProxy.java:793)
+	at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:163)
+	at org.springframework.aop.framework.CglibAopProxy$CglibMethodInvocation.proceed(CglibAopProxy.java:763)
+	at org.springframework.aop.interceptor.AsyncExecutionInterceptor.lambda$invoke$0(AsyncExecutionInterceptor.java:115)
+	at java.util.concurrent.FutureTask.run$$$capture(FutureTask.java:266)
+	at java.util.concurrent.FutureTask.run(FutureTask.java)
+	at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
+	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
+	at java.lang.Thread.run(Thread.java:745)
+Caused by: java.net.ConnectException: Connection refused: connect
+	at java.net.DualStackPlainSocketImpl.waitForConnect(Native Method)
+	at java.net.DualStackPlainSocketImpl.socketConnect(DualStackPlainSocketImpl.java:85)
+	at java.net.AbstractPlainSocketImpl.doConnect(AbstractPlainSocketImpl.java:350)
+	at java.net.AbstractPlainSocketImpl.connectToAddress(AbstractPlainSocketImpl.java:206)
+	at java.net.AbstractPlainSocketImpl.connect(AbstractPlainSocketImpl.java:188)
+	at java.net.PlainSocketImpl.connect(PlainSocketImpl.java:172)
+	at java.net.SocksSocketImpl.connect(SocksSocketImpl.java:392)
+	at java.net.Socket.connect(Socket.java:589)
+	at sun.net.NetworkClient.doConnect(NetworkClient.java:175)
+	at sun.net.www.http.HttpClient.openServer(HttpClient.java:432)
+	at sun.net.www.http.HttpClient.openServer(HttpClient.java:527)
+	at sun.net.www.http.HttpClient.<init>(HttpClient.java:211)
+	at sun.net.www.http.HttpClient.New(HttpClient.java:308)
+	at sun.net.www.http.HttpClient.New(HttpClient.java:326)
+	at sun.net.www.protocol.http.HttpURLConnection.getNewHttpClient(HttpURLConnection.java:1202)
+	at sun.net.www.protocol.http.HttpURLConnection.plainConnect0(HttpURLConnection.java:1138)
+	at sun.net.www.protocol.http.HttpURLConnection.plainConnect(HttpURLConnection.java:1032)
+	at sun.net.www.protocol.http.HttpURLConnection.connect(HttpURLConnection.java:966)
+	at org.springframework.http.client.SimpleBufferingClientHttpRequest.executeInternal(SimpleBufferingClientHttpRequest.java:76)
+	at org.springframework.http.client.AbstractBufferingClientHttpRequest.executeInternal(AbstractBufferingClientHttpRequest.java:48)
+	at org.springframework.http.client.AbstractClientHttpRequest.execute(AbstractClientHttpRequest.java:66)
+	at org.springframework.http.client.InterceptingClientHttpRequest$InterceptingRequestExecution.execute(InterceptingClientHttpRequest.java:109)
+	at com.config.RestTemplateConfig$LoggingInterceptor.intercept(RestTemplateConfig.java:62)
+	at org.springframework.http.client.InterceptingClientHttpRequest$InterceptingRequestExecution.execute(InterceptingClientHttpRequest.java:93)
+	at org.springframework.http.client.InterceptingClientHttpRequest.executeInternal(InterceptingClientHttpRequest.java:77)
+	at org.springframework.http.client.AbstractBufferingClientHttpRequest.executeInternal(AbstractBufferingClientHttpRequest.java:48)
+	at org.springframework.http.client.AbstractClientHttpRequest.execute(AbstractClientHttpRequest.java:66)
+	at org.springframework.web.client.RestTemplate.doExecute(RestTemplate.java:776)
+	... 16 common frames omitted
+2026-01-10 14:12:02.744 [log-processor-8] ERROR c.c.service.AccessLogAlertService - 调用算法API失败: http://192.168.4.33:5001/Webshell - 无响应
+2026-01-10 14:12:02.744 [log-processor-8] INFO  c.c.service.AccessLogAlertService - 访问日志告警处理任务完成，下次将从 2026-01-10T14:12:00.183 开始处理
+2026-01-10 14:13:00.092 [scheduling-7] INFO  c.c.service.DeviceStatsUpdateService - 开始执行设备统计更新任务...
+2026-01-10 14:13:00.097 [scheduling-10] WARN  c.c.s.i.DeviceReceiveLogServiceImpl - 删除时间点2026-01-08T14:13:00.007晚于默认保留时间2026-01-03T14:13:00.097，使用默认时间
+2026-01-10 14:13:00.183 [scheduling-10] INFO  c.c.s.i.DeviceReceiveLogServiceImpl - 删除2026-01-03T14:13:00.097天前的日志，共删除0条
+2026-01-10 14:13:00.267 [scheduling-7] INFO  c.c.service.DeviceStatsUpdateService - 设备统计更新完成，处理设备数：1，耗时：176ms
+2026-01-10 14:13:00.267 [scheduling-7] INFO  c.c.service.DeviceStatsUpdateService - 开始执行设备采集探针任务时间更新，时间: 2026-01-10T14:13:00.267
+2026-01-10 14:13:00.267 [scheduling-7] INFO  c.c.s.DeviceCollectTaskUpdateService - 开始批量更新设备采集任务时间，当前时间: 2026-01-10T14:13:00.267
+2026-01-10 14:13:00.268 [scheduling-10] INFO  com.common.schedule.ETLOrchestrator - 定时清理任务完成，删除0条2天前的日志
+2026-01-10 14:13:00.753 [scheduling-7] INFO  c.c.s.DeviceCollectTaskUpdateService - 批量更新完成，总计: 48，已更新: 1
+2026-01-10 14:13:00.753 [scheduling-7] INFO  c.c.service.DeviceStatsUpdateService - 设备采集探针任务时间更新完成，耗时: 486ms
+2026-01-10 14:14:00.005 [scheduling-5] INFO  c.c.service.AccessLogAlertService - 开始执行访问日志告警处理任务
+2026-01-10 14:14:00.005 [log-processor-9] INFO  c.c.service.AccessLogAlertService - 开始执行访问日志告警处理任务
+2026-01-10 14:14:00.092 [scheduling-7] INFO  c.c.service.DeviceStatsUpdateService - 开始执行设备统计更新任务...
+2026-01-10 14:14:00.094 [scheduling-10] WARN  c.c.s.i.DeviceReceiveLogServiceImpl - 删除时间点2026-01-08T14:14:00.005晚于默认保留时间2026-01-03T14:14:00.094，使用默认时间
+2026-01-10 14:14:00.179 [log-processor-9] INFO  c.c.service.AccessLogAlertService - 加载了 1 个启用的算法配置
+2026-01-10 14:14:00.179 [scheduling-5] INFO  c.c.service.AccessLogAlertService - 加载了 1 个启用的算法配置
+2026-01-10 14:14:00.181 [scheduling-10] INFO  c.c.s.i.DeviceReceiveLogServiceImpl - 删除2026-01-03T14:14:00.094天前的日志，共删除0条
+2026-01-10 14:14:00.264 [scheduling-7] INFO  c.c.service.DeviceStatsUpdateService - 设备统计更新完成，处理设备数：1，耗时：172ms
+2026-01-10 14:14:00.265 [scheduling-7] INFO  c.c.service.DeviceStatsUpdateService - 开始执行设备采集探针任务时间更新，时间: 2026-01-10T14:14:00.265
+2026-01-10 14:14:00.265 [scheduling-7] INFO  c.c.s.DeviceCollectTaskUpdateService - 开始批量更新设备采集任务时间，当前时间: 2026-01-10T14:14:00.265
+2026-01-10 14:14:00.265 [scheduling-10] INFO  com.common.schedule.ETLOrchestrator - 定时清理任务完成，删除0条2天前的日志
+2026-01-10 14:14:00.415 [scheduling-5] INFO  c.c.service.AccessLogAlertService - 没有发现新的日志数据，上次处理时间: 2026-01-10T14:12:00.183
+2026-01-10 14:14:00.627 [log-processor-9] INFO  c.c.service.AccessLogAlertService - 没有发现新的日志数据，上次处理时间: 2026-01-10T14:12:00.183
+2026-01-10 14:14:00.779 [scheduling-7] INFO  c.c.s.DeviceCollectTaskUpdateService - 批量更新完成，总计: 48，已更新: 1
+2026-01-10 14:14:00.779 [scheduling-7] INFO  c.c.service.DeviceStatsUpdateService - 设备采集探针任务时间更新完成，耗时: 514ms
+2026-01-10 14:15:00.094 [scheduling-7] INFO  c.c.service.DeviceStatsUpdateService - 开始执行设备统计更新任务...
+2026-01-10 14:15:00.095 [scheduling-10] WARN  c.c.s.i.DeviceReceiveLogServiceImpl - 删除时间点2026-01-08T14:15:00.009晚于默认保留时间2026-01-03T14:15:00.095，使用默认时间
+2026-01-10 14:15:00.181 [scheduling-10] INFO  c.c.s.i.DeviceReceiveLogServiceImpl - 删除2026-01-03T14:15:00.095天前的日志，共删除0条
+2026-01-10 14:15:00.261 [scheduling-7] INFO  c.c.service.DeviceStatsUpdateService - 设备统计更新完成，处理设备数：1，耗时：167ms
+2026-01-10 14:15:00.261 [scheduling-7] INFO  c.c.service.DeviceStatsUpdateService - 开始执行设备采集探针任务时间更新，时间: 2026-01-10T14:15:00.261
+2026-01-10 14:15:00.261 [scheduling-7] INFO  c.c.s.DeviceCollectTaskUpdateService - 开始批量更新设备采集任务时间，当前时间: 2026-01-10T14:15:00.261
+2026-01-10 14:15:00.267 [scheduling-10] INFO  com.common.schedule.ETLOrchestrator - 定时清理任务完成，删除0条2天前的日志
+2026-01-10 14:15:01.087 [scheduling-7] INFO  c.c.s.DeviceCollectTaskUpdateService - 批量更新完成，总计: 48，已更新: 1
+2026-01-10 14:15:01.087 [scheduling-7] INFO  c.c.service.DeviceStatsUpdateService - 设备采集探针任务时间更新完成，耗时: 826ms
+2026-01-10 14:16:00.010 [scheduling-2] INFO  c.c.service.AccessLogAlertService - 开始执行访问日志告警处理任务
+2026-01-10 14:16:00.011 [log-processor-10] INFO  c.c.service.AccessLogAlertService - 开始执行访问日志告警处理任务
+2026-01-10 14:16:00.011 [scheduling-6] INFO  com.common.schedule.ETLOrchestrator - ETL任务开始执行，开始时间：2026-01-10 14:10:00,结束时间：2026-01-10 14:15:00
+2026-01-10 14:16:00.011 [scheduling-6] INFO  com.common.service.DataExtractor - 开始处理指定时间范围内访问日志数据，时间范围: 2026-01-10T14:10 - 2026-01-10T14:15
+2026-01-10 14:16:00.095 [scheduling-8] INFO  c.c.service.DeviceStatsUpdateService - 开始执行设备统计更新任务...
+2026-01-10 14:16:00.095 [scheduling-9] WARN  c.c.s.i.DeviceReceiveLogServiceImpl - 删除时间点2026-01-08T14:16:00.010晚于默认保留时间2026-01-03T14:16:00.095，使用默认时间
+2026-01-10 14:16:00.180 [scheduling-9] INFO  c.c.s.i.DeviceReceiveLogServiceImpl - 删除2026-01-03T14:16:00.095天前的日志，共删除0条
+2026-01-10 14:16:00.181 [scheduling-2] INFO  c.c.service.AccessLogAlertService - 加载了 1 个启用的算法配置
+2026-01-10 14:16:00.181 [log-processor-10] INFO  c.c.service.AccessLogAlertService - 加载了 1 个启用的算法配置
+2026-01-10 14:16:00.263 [scheduling-9] INFO  com.common.schedule.ETLOrchestrator - 定时清理任务完成，删除0条2天前的日志
+2026-01-10 14:16:00.264 [scheduling-8] INFO  c.c.service.DeviceStatsUpdateService - 设备统计更新完成，处理设备数：1，耗时：169ms
+2026-01-10 14:16:00.264 [scheduling-8] INFO  c.c.service.DeviceStatsUpdateService - 开始执行设备采集探针任务时间更新，时间: 2026-01-10T14:16:00.264
+2026-01-10 14:16:00.264 [scheduling-8] INFO  c.c.s.DeviceCollectTaskUpdateService - 开始批量更新设备采集任务时间，当前时间: 2026-01-10T14:16:00.264
+2026-01-10 14:16:00.320 [log-processor-10] INFO  c.c.service.AccessLogAlertService - 没有发现新的日志数据，上次处理时间: 2026-01-10T14:12:00.183
+2026-01-10 14:16:00.320 [scheduling-2] INFO  c.c.service.AccessLogAlertService - 没有发现新的日志数据，上次处理时间: 2026-01-10T14:12:00.183
+2026-01-10 14:16:00.477 [scheduling-6] INFO  com.common.service.DataExtractor - 指定时间范围分组数据量: 0 组
+2026-01-10 14:16:00.478 [scheduling-6] INFO  com.common.service.DataExtractor - 没有需要处理的数据
+2026-01-10 14:16:00.478 [scheduling-6] INFO  com.common.service.DataExtractor - 开始处理告警类型指定时间范围内数据，时间范围: 2026-01-10T14:10 - 2026-01-10T14:15
+2026-01-10 14:16:00.564 [scheduling-6] INFO  com.common.service.DataExtractor - 指定时间范围分组数据量: 0 组
+2026-01-10 14:16:00.564 [scheduling-6] INFO  com.common.service.DataExtractor - 没有需要处理的数据
+2026-01-10 14:16:00.564 [scheduling-6] INFO  com.common.schedule.ETLOrchestrator - 定时ETL任务执行完成，耗时: 0 秒
+2026-01-10 14:16:00.740 [scheduling-8] INFO  c.c.s.DeviceCollectTaskUpdateService - 批量更新完成，总计: 48，已更新: 1
+2026-01-10 14:16:00.740 [scheduling-8] INFO  c.c.service.DeviceStatsUpdateService - 设备采集探针任务时间更新完成，耗时: 476ms
+2026-01-10 14:17:00.091 [scheduling-9] WARN  c.c.s.i.DeviceReceiveLogServiceImpl - 删除时间点2026-01-08T14:17:00.006晚于默认保留时间2026-01-03T14:17:00.091，使用默认时间
+2026-01-10 14:17:00.091 [scheduling-10] INFO  c.c.service.DeviceStatsUpdateService - 开始执行设备统计更新任务...
+2026-01-10 14:17:00.175 [scheduling-9] INFO  c.c.s.i.DeviceReceiveLogServiceImpl - 删除2026-01-03T14:17:00.091天前的日志，共删除0条
+2026-01-10 14:17:00.261 [scheduling-9] INFO  com.common.schedule.ETLOrchestrator - 定时清理任务完成，删除0条2天前的日志
+2026-01-10 14:17:00.267 [scheduling-10] INFO  c.c.service.DeviceStatsUpdateService - 设备统计更新完成，处理设备数：1，耗时：176ms
+2026-01-10 14:17:00.267 [scheduling-10] INFO  c.c.service.DeviceStatsUpdateService - 开始执行设备采集探针任务时间更新，时间: 2026-01-10T14:17:00.267
+2026-01-10 14:17:00.267 [scheduling-10] INFO  c.c.s.DeviceCollectTaskUpdateService - 开始批量更新设备采集任务时间，当前时间: 2026-01-10T14:17:00.267
+2026-01-10 14:17:00.725 [scheduling-10] INFO  c.c.s.DeviceCollectTaskUpdateService - 批量更新完成，总计: 48，已更新: 1
+2026-01-10 14:17:00.726 [scheduling-10] INFO  c.c.service.DeviceStatsUpdateService - 设备采集探针任务时间更新完成，耗时: 459ms
+2026-01-10 14:18:00.002 [scheduling-1] INFO  c.c.service.AccessLogAlertService - 开始执行访问日志告警处理任务
+2026-01-10 14:18:00.002 [log-processor-1] INFO  c.c.service.AccessLogAlertService - 开始执行访问日志告警处理任务
+2026-01-10 14:18:00.087 [scheduling-5] WARN  c.c.s.i.DeviceReceiveLogServiceImpl - 删除时间点2026-01-08T14:18:00.002晚于默认保留时间2026-01-03T14:18:00.087，使用默认时间
+2026-01-10 14:18:00.172 [scheduling-5] INFO  c.c.s.i.DeviceReceiveLogServiceImpl - 删除2026-01-03T14:18:00.087天前的日志，共删除0条
+2026-01-10 14:18:00.175 [log-processor-1] INFO  c.c.service.AccessLogAlertService - 加载了 1 个启用的算法配置
+2026-01-10 14:18:00.256 [scheduling-5] INFO  com.common.schedule.ETLOrchestrator - 定时清理任务完成，删除0条2天前的日志
+2026-01-10 14:18:00.328 [log-processor-1] INFO  c.c.service.AccessLogAlertService - 没有发现新的日志数据，上次处理时间: 2026-01-10T14:12:00.183
+2026-01-10 14:18:00.382 [scheduling-7] INFO  c.c.service.DeviceStatsUpdateService - 开始执行设备统计更新任务...
+2026-01-10 14:18:00.468 [scheduling-1] INFO  c.c.service.AccessLogAlertService - 加载了 1 个启用的算法配置
+2026-01-10 14:18:00.555 [scheduling-7] INFO  c.c.service.DeviceStatsUpdateService - 设备统计更新完成，处理设备数：1，耗时：173ms
+2026-01-10 14:18:00.555 [scheduling-7] INFO  c.c.service.DeviceStatsUpdateService - 开始执行设备采集探针任务时间更新，时间: 2026-01-10T14:18:00.555
+2026-01-10 14:18:00.555 [scheduling-7] INFO  c.c.s.DeviceCollectTaskUpdateService - 开始批量更新设备采集任务时间，当前时间: 2026-01-10T14:18:00.555
+2026-01-10 14:18:00.625 [scheduling-1] INFO  c.c.service.AccessLogAlertService - 没有发现新的日志数据，上次处理时间: 2026-01-10T14:12:00.183
+2026-01-10 14:18:01.081 [scheduling-7] INFO  c.c.s.DeviceCollectTaskUpdateService - 批量更新完成，总计: 48，已更新: 1
+2026-01-10 14:18:01.081 [scheduling-7] INFO  c.c.service.DeviceStatsUpdateService - 设备采集探针任务时间更新完成，耗时: 526ms
+2026-01-10 14:19:00.096 [scheduling-8] INFO  c.c.service.DeviceStatsUpdateService - 开始执行设备统计更新任务...
+2026-01-10 14:19:00.097 [scheduling-5] WARN  c.c.s.i.DeviceReceiveLogServiceImpl - 删除时间点2026-01-08T14:19:00.013晚于默认保留时间2026-01-03T14:19:00.097，使用默认时间
+2026-01-10 14:19:00.186 [scheduling-5] INFO  c.c.s.i.DeviceReceiveLogServiceImpl - 删除2026-01-03T14:19:00.097天前的日志，共删除0条
+2026-01-10 14:19:00.271 [scheduling-8] INFO  c.c.service.DeviceStatsUpdateService - 设备统计更新完成，处理设备数：1，耗时：175ms
+2026-01-10 14:19:00.271 [scheduling-5] INFO  com.common.schedule.ETLOrchestrator - 定时清理任务完成，删除0条2天前的日志
+2026-01-10 14:19:00.271 [scheduling-8] INFO  c.c.service.DeviceStatsUpdateService - 开始执行设备采集探针任务时间更新，时间: 2026-01-10T14:19:00.271
+2026-01-10 14:19:00.271 [scheduling-8] INFO  c.c.s.DeviceCollectTaskUpdateService - 开始批量更新设备采集任务时间，当前时间: 2026-01-10T14:19:00.271
+2026-01-10 14:19:00.757 [scheduling-8] INFO  c.c.s.DeviceCollectTaskUpdateService - 批量更新完成，总计: 48，已更新: 1
+2026-01-10 14:19:00.757 [scheduling-8] INFO  c.c.service.DeviceStatsUpdateService - 设备采集探针任务时间更新完成，耗时: 486ms
+2026-01-10 14:20:00.000 [scheduling-4] INFO  c.c.service.AccessLogAlertService - 开始执行访问日志告警处理任务
+2026-01-10 14:20:00.016 [log-processor-2] INFO  c.c.service.AccessLogAlertService - 开始执行访问日志告警处理任务
+2026-01-10 14:20:00.084 [scheduling-8] INFO  c.c.service.DeviceStatsUpdateService - 开始执行设备统计更新任务...
+2026-01-10 14:20:00.101 [scheduling-3] WARN  c.c.s.i.DeviceReceiveLogServiceImpl - 删除时间点2026-01-08T14:20:00.016晚于默认保留时间2026-01-03T14:20:00.101，使用默认时间
+2026-01-10 14:20:00.174 [scheduling-4] INFO  c.c.service.AccessLogAlertService - 加载了 1 个启用的算法配置
+2026-01-10 14:20:00.184 [log-processor-2] INFO  c.c.service.AccessLogAlertService - 加载了 1 个启用的算法配置
+2026-01-10 14:20:00.189 [scheduling-3] INFO  c.c.s.i.DeviceReceiveLogServiceImpl - 删除2026-01-03T14:20:00.101天前的日志，共删除0条
+2026-01-10 14:20:00.254 [scheduling-8] INFO  c.c.service.DeviceStatsUpdateService - 设备统计更新完成，处理设备数：1，耗时：170ms
+2026-01-10 14:20:00.254 [scheduling-8] INFO  c.c.service.DeviceStatsUpdateService - 开始执行设备采集探针任务时间更新，时间: 2026-01-10T14:20:00.254
+2026-01-10 14:20:00.254 [scheduling-8] INFO  c.c.s.DeviceCollectTaskUpdateService - 开始批量更新设备采集任务时间，当前时间: 2026-01-10T14:20:00.254
+2026-01-10 14:20:00.276 [scheduling-3] INFO  com.common.schedule.ETLOrchestrator - 定时清理任务完成，删除0条2天前的日志
+2026-01-10 14:20:00.418 [scheduling-4] INFO  c.c.service.AccessLogAlertService - 没有发现新的日志数据，上次处理时间: 2026-01-10T14:12:00.183
+2026-01-10 14:20:00.421 [log-processor-2] INFO  c.c.service.AccessLogAlertService - 没有发现新的日志数据，上次处理时间: 2026-01-10T14:12:00.183
+2026-01-10 14:20:00.723 [scheduling-8] INFO  c.c.s.DeviceCollectTaskUpdateService - 批量更新完成，总计: 48，已更新: 1
+2026-01-10 14:20:00.723 [scheduling-8] INFO  c.c.service.DeviceStatsUpdateService - 设备采集探针任务时间更新完成，耗时: 469ms
+2026-01-10 14:21:00.002 [scheduling-6] INFO  com.common.schedule.ETLOrchestrator - ETL任务开始执行，开始时间：2026-01-10 14:15:00,结束时间：2026-01-10 14:20:00
+2026-01-10 14:21:00.003 [scheduling-6] INFO  com.common.service.DataExtractor - 开始处理指定时间范围内访问日志数据，时间范围: 2026-01-10T14:15 - 2026-01-10T14:20
+2026-01-10 14:21:00.089 [scheduling-1] WARN  c.c.s.i.DeviceReceiveLogServiceImpl - 删除时间点2026-01-08T14:21:00.002晚于默认保留时间2026-01-03T14:21:00.089，使用默认时间
+2026-01-10 14:21:00.103 [scheduling-7] INFO  c.c.service.DeviceStatsUpdateService - 开始执行设备统计更新任务...
+2026-01-10 14:21:00.174 [scheduling-6] INFO  com.common.service.DataExtractor - 指定时间范围分组数据量: 0 组
+2026-01-10 14:21:00.174 [scheduling-6] INFO  com.common.service.DataExtractor - 没有需要处理的数据
+2026-01-10 14:21:00.174 [scheduling-6] INFO  com.common.service.DataExtractor - 开始处理告警类型指定时间范围内数据，时间范围: 2026-01-10T14:15 - 2026-01-10T14:20
+2026-01-10 14:21:00.174 [scheduling-1] INFO  c.c.s.i.DeviceReceiveLogServiceImpl - 删除2026-01-03T14:21:00.089天前的日志，共删除0条
+2026-01-10 14:21:00.261 [scheduling-1] INFO  com.common.schedule.ETLOrchestrator - 定时清理任务完成，删除0条2天前的日志
+2026-01-10 14:21:00.262 [scheduling-6] INFO  com.common.service.DataExtractor - 指定时间范围分组数据量: 0 组
+2026-01-10 14:21:00.262 [scheduling-6] INFO  com.common.service.DataExtractor - 没有需要处理的数据
+2026-01-10 14:21:00.262 [scheduling-6] INFO  com.common.schedule.ETLOrchestrator - 定时ETL任务执行完成，耗时: 0 秒
+2026-01-10 14:21:00.281 [scheduling-7] INFO  c.c.service.DeviceStatsUpdateService - 设备统计更新完成，处理设备数：1，耗时：178ms
+2026-01-10 14:21:00.281 [scheduling-7] INFO  c.c.service.DeviceStatsUpdateService - 开始执行设备采集探针任务时间更新，时间: 2026-01-10T14:21:00.281
+2026-01-10 14:21:00.281 [scheduling-7] INFO  c.c.s.DeviceCollectTaskUpdateService - 开始批量更新设备采集任务时间，当前时间: 2026-01-10T14:21:00.281
+2026-01-10 14:21:00.766 [scheduling-7] INFO  c.c.s.DeviceCollectTaskUpdateService - 批量更新完成，总计: 48，已更新: 1
+2026-01-10 14:21:00.766 [scheduling-7] INFO  c.c.service.DeviceStatsUpdateService - 设备采集探针任务时间更新完成，耗时: 485ms
+2026-01-10 14:22:00.014 [scheduling-9] INFO  c.c.service.AccessLogAlertService - 开始执行访问日志告警处理任务
+2026-01-10 14:22:00.014 [log-processor-3] INFO  c.c.service.AccessLogAlertService - 开始执行访问日志告警处理任务
+2026-01-10 14:22:00.097 [scheduling-5] WARN  c.c.s.i.DeviceReceiveLogServiceImpl - 删除时间点2026-01-08T14:22:00.014晚于默认保留时间2026-01-03T14:22:00.097，使用默认时间
+2026-01-10 14:22:00.097 [scheduling-2] INFO  c.c.service.DeviceStatsUpdateService - 开始执行设备统计更新任务...
+2026-01-10 14:22:00.182 [log-processor-3] INFO  c.c.service.AccessLogAlertService - 加载了 1 个启用的算法配置
+2026-01-10 14:22:00.182 [scheduling-5] INFO  c.c.s.i.DeviceReceiveLogServiceImpl - 删除2026-01-03T14:22:00.097天前的日志，共删除0条
+2026-01-10 14:22:00.265 [scheduling-5] INFO  com.common.schedule.ETLOrchestrator - 定时清理任务完成，删除0条2天前的日志
+2026-01-10 14:22:00.277 [scheduling-2] INFO  c.c.service.DeviceStatsUpdateService - 设备统计更新完成，处理设备数：1，耗时：180ms
+2026-01-10 14:22:00.277 [scheduling-2] INFO  c.c.service.DeviceStatsUpdateService - 开始执行设备采集探针任务时间更新，时间: 2026-01-10T14:22:00.277
+2026-01-10 14:22:00.277 [scheduling-2] INFO  c.c.s.DeviceCollectTaskUpdateService - 开始批量更新设备采集任务时间，当前时间: 2026-01-10T14:22:00.277
+2026-01-10 14:22:00.418 [log-processor-3] INFO  c.c.service.AccessLogAlertService - 没有发现新的日志数据，上次处理时间: 2026-01-10T14:12:00.183
+2026-01-10 14:22:00.766 [scheduling-2] INFO  c.c.s.DeviceCollectTaskUpdateService - 批量更新完成，总计: 48，已更新: 1
+2026-01-10 14:22:00.766 [scheduling-2] INFO  c.c.service.DeviceStatsUpdateService - 设备采集探针任务时间更新完成，耗时: 489ms
+2026-01-10 14:22:00.771 [scheduling-9] INFO  c.c.service.AccessLogAlertService - 加载了 1 个启用的算法配置
+2026-01-10 14:22:00.890 [scheduling-9] INFO  c.c.service.AccessLogAlertService - 没有发现新的日志数据，上次处理时间: 2026-01-10T14:12:00.183
+2026-01-10 14:23:00.088 [scheduling-5] INFO  c.c.service.DeviceStatsUpdateService - 开始执行设备统计更新任务...
+2026-01-10 14:23:00.089 [scheduling-2] WARN  c.c.s.i.DeviceReceiveLogServiceImpl - 删除时间点2026-01-08T14:23:00.004晚于默认保留时间2026-01-03T14:23:00.089，使用默认时间
+2026-01-10 14:23:00.176 [scheduling-2] INFO  c.c.s.i.DeviceReceiveLogServiceImpl - 删除2026-01-03T14:23:00.089天前的日志，共删除0条
+2026-01-10 14:23:00.258 [scheduling-5] INFO  c.c.service.DeviceStatsUpdateService - 设备统计更新完成，处理设备数：1，耗时：170ms
+2026-01-10 14:23:00.258 [scheduling-5] INFO  c.c.service.DeviceStatsUpdateService - 开始执行设备采集探针任务时间更新，时间: 2026-01-10T14:23:00.258
+2026-01-10 14:23:00.258 [scheduling-5] INFO  c.c.s.DeviceCollectTaskUpdateService - 开始批量更新设备采集任务时间，当前时间: 2026-01-10T14:23:00.258
+2026-01-10 14:23:00.261 [scheduling-2] INFO  com.common.schedule.ETLOrchestrator - 定时清理任务完成，删除0条2天前的日志
+2026-01-10 14:23:01.079 [scheduling-5] INFO  c.c.s.DeviceCollectTaskUpdateService - 批量更新完成，总计: 48，已更新: 1
+2026-01-10 14:23:01.079 [scheduling-5] INFO  c.c.service.DeviceStatsUpdateService - 设备采集探针任务时间更新完成，耗时: 821ms
+2026-01-10 14:24:00.008 [log-processor-4] INFO  c.c.service.AccessLogAlertService - 开始执行访问日志告警处理任务
+2026-01-10 14:24:00.008 [scheduling-3] INFO  c.c.service.AccessLogAlertService - 开始执行访问日志告警处理任务
+2026-01-10 14:24:00.090 [scheduling-6] INFO  c.c.service.DeviceStatsUpdateService - 开始执行设备统计更新任务...
+2026-01-10 14:24:00.090 [scheduling-1] WARN  c.c.s.i.DeviceReceiveLogServiceImpl - 删除时间点2026-01-08T14:24:00.008晚于默认保留时间2026-01-03T14:24:00.090，使用默认时间
+2026-01-10 14:24:00.175 [log-processor-4] INFO  c.c.service.AccessLogAlertService - 加载了 1 个启用的算法配置
+2026-01-10 14:24:00.178 [scheduling-1] INFO  c.c.s.i.DeviceReceiveLogServiceImpl - 删除2026-01-03T14:24:00.090天前的日志，共删除0条
+2026-01-10 14:24:00.263 [scheduling-6] INFO  c.c.service.DeviceStatsUpdateService - 设备统计更新完成，处理设备数：1，耗时：173ms
+2026-01-10 14:24:00.263 [scheduling-6] INFO  c.c.service.DeviceStatsUpdateService - 开始执行设备采集探针任务时间更新，时间: 2026-01-10T14:24:00.263
+2026-01-10 14:24:00.263 [scheduling-1] INFO  com.common.schedule.ETLOrchestrator - 定时清理任务完成，删除0条2天前的日志
+2026-01-10 14:24:00.263 [scheduling-6] INFO  c.c.s.DeviceCollectTaskUpdateService - 开始批量更新设备采集任务时间，当前时间: 2026-01-10T14:24:00.263
+2026-01-10 14:24:00.406 [log-processor-4] INFO  c.c.service.AccessLogAlertService - 没有发现新的日志数据，上次处理时间: 2026-01-10T14:12:00.183
+2026-01-10 14:24:00.468 [scheduling-3] INFO  c.c.service.AccessLogAlertService - 加载了 1 个启用的算法配置
+2026-01-10 14:24:00.703 [scheduling-6] INFO  c.c.s.DeviceCollectTaskUpdateService - 批量更新完成，总计: 48，已更新: 1
+2026-01-10 14:24:00.703 [scheduling-6] INFO  c.c.service.DeviceStatsUpdateService - 设备采集探针任务时间更新完成，耗时: 440ms
+2026-01-10 14:24:00.714 [scheduling-3] INFO  c.c.service.AccessLogAlertService - 没有发现新的日志数据，上次处理时间: 2026-01-10T14:12:00.183
+2026-01-10 14:25:00.094 [scheduling-6] WARN  c.c.s.i.DeviceReceiveLogServiceImpl - 删除时间点2026-01-08T14:25:00.010晚于默认保留时间2026-01-03T14:25:00.094，使用默认时间
+2026-01-10 14:25:00.096 [scheduling-1] INFO  c.c.service.DeviceStatsUpdateService - 开始执行设备统计更新任务...
+2026-01-10 14:25:00.179 [scheduling-6] INFO  c.c.s.i.DeviceReceiveLogServiceImpl - 删除2026-01-03T14:25:00.094天前的日志，共删除0条
+2026-01-10 14:25:00.262 [scheduling-6] INFO  com.common.schedule.ETLOrchestrator - 定时清理任务完成，删除0条2天前的日志
+2026-01-10 14:25:00.273 [scheduling-1] INFO  c.c.service.DeviceStatsUpdateService - 设备统计更新完成，处理设备数：1，耗时：177ms
+2026-01-10 14:25:00.273 [scheduling-1] INFO  c.c.service.DeviceStatsUpdateService - 开始执行设备采集探针任务时间更新，时间: 2026-01-10T14:25:00.273
+2026-01-10 14:25:00.273 [scheduling-1] INFO  c.c.s.DeviceCollectTaskUpdateService - 开始批量更新设备采集任务时间，当前时间: 2026-01-10T14:25:00.273
+2026-01-10 14:25:00.829 [scheduling-1] INFO  c.c.s.DeviceCollectTaskUpdateService - 批量更新完成，总计: 48，已更新: 1
+2026-01-10 14:25:00.829 [scheduling-1] INFO  c.c.service.DeviceStatsUpdateService - 设备采集探针任务时间更新完成，耗时: 556ms
+2026-01-10 14:25:15.949 [http-nio-8089-exec-5] INFO  com.controllers.SyslogPushController - 收到syslog发送请求: SyslogRequest{ip='192.168.0.103', port=514, logContent='<0> 2026-01-10T13:47:27+08:00 ubuntu log_forward[3419]: {"timestamp":"2026-01-10T13:47:27.249503+0800","flow_id":767115114538067,"community_id":"fFU2gDB2+pyUS6xQpAqqLdPLG4k=","serial_num":"CJFBT92","origin":"eno4","xdr_log_type":"http","vxlan_vni":256,"src_ip":"192.168.2.81","src_port":51018,"dest_ip":"120.241.131.42","dest_port":80,"proto":"TCP","app_proto":"http","tcp_sequence":423808413,"tcp_ack_sequence":3371175627,"ether":{},"host":"szextshort.weixin.qq.com","host_md5":"d7745538302ebc766b77ca8a4f3dd735","uri":"/mmtls/1abfe317","uri_md5":"e889825636e4d22b1d364b6bd6400ad5","agent":"MicroMessenger Client","referer":"","method":"POST","protocol":"HTTP/1.1","req_content_type":"application/octet-stream","request_headers":"accept: */*\r\ncache-control: no-cache\r\nconnection: Keep-Alive\r\ncontent-length: 2579\r\ncontent-type: application/octet-stream\r\nHost: szextshort.weixin.qq.com\r\nUpgrade: mmtls\r\nUser-Agent: MicroMessenger Client\r\n","rsp_content_type":"","response_headers":""}', protocol='TCP', facility='USER', severity='INFO'}
+2026-01-10 14:25:15.949 [http-nio-8089-exec-5] INFO  com.common.service.SyslogService - 开始发送syslog消息: IP=192.168.0.103, Port=514
+2026-01-10 14:25:15.950 [http-nio-8089-exec-5] INFO  com.common.service.SyslogService - TCP Syslog消息发送成功: 192.168.0.103:514
+2026-01-10 14:25:15.950 [http-nio-8089-exec-5] INFO  com.controllers.SyslogPushController - Syslog消息发送成功: IP=192.168.0.103, Port=514
+2026-01-10 14:25:16.513 [org.springframework.kafka.KafkaListenerEndpointContainer#0-0-C-1] INFO  c.Modules.NormalData.SysLogProcessor - 开始处理批次消息，数量: 1
+2026-01-10 14:25:16.513 [log-processor-6] INFO  c.Modules.NormalData.SysLogProcessor - 收到syslogmessage：[receive_time=20260110142515957 device_id=248 device_name=开发环境设备-HOME vendor=HFish data_type=json device_collect_id=1]<0> 2026-01-10T13:47:27+08:00 ubuntu log_forward[3419]: {"timestamp":"2026-01-10T13:47:27.249503+0800","flow_id":767115114538067,"community_id":"fFU2gDB2+pyUS6xQpAqqLdPLG4k=","serial_num":"CJFBT92","origin":"eno4","xdr_log_type":"http","vxlan_vni":256,"src_ip":"192.168.2.81","src_port":51018,"dest_ip":"120.241.131.42","dest_port":80,"proto":"TCP","app_proto":"http","tcp_sequence":423808413,"tcp_ack_sequence":3371175627,"ether":{},"host":"szextshort.weixin.qq.com","host_md5":"d7745538302ebc766b77ca8a4f3dd735","uri":"/mmtls/1abfe317","uri_md5":"e889825636e4d22b1d364b6bd6400ad5","agent":"MicroMessenger Client","referer":"","method":"POST","protocol":"HTTP/1.1","req_content_type":"application/octet-stream","request_headers":"accept: */*\r\ncache-control: no-cache\r\nconnection: Keep-Alive\r\ncontent-length: 2579\r\ncontent-type: application/octet-stream\r\nHost: szextshort.weixin.qq.com\r\nUpgrade: mmtls\r\nUser-Agent: MicroMessenger Client\r\n","rsp_content_type":"","response_headers":""}
+2026-01-10 14:25:16.554 [log-processor-6] WARN  c.c.service.LogDataFilterService - 泛化规则-数据过滤规则为空，默认不处理!
+2026-01-10 14:25:17.148 [org.springframework.kafka.KafkaListenerEndpointContainer#0-0-C-1] INFO  c.Modules.NormalData.SysLogProcessor - 批次处理完成，总数: 1
+2026-01-10 14:26:00.002 [scheduling-4] INFO  c.c.service.AccessLogAlertService - 开始执行访问日志告警处理任务
+2026-01-10 14:26:00.002 [log-processor-5] INFO  c.c.service.AccessLogAlertService - 开始执行访问日志告警处理任务
+2026-01-10 14:26:00.002 [scheduling-2] INFO  com.common.schedule.ETLOrchestrator - ETL任务开始执行，开始时间：2026-01-10 14:20:00,结束时间：2026-01-10 14:25:00
+2026-01-10 14:26:00.003 [scheduling-2] INFO  com.common.service.DataExtractor - 开始处理指定时间范围内访问日志数据，时间范围: 2026-01-10T14:20 - 2026-01-10T14:25
+2026-01-10 14:26:00.086 [scheduling-8] INFO  c.c.service.DeviceStatsUpdateService - 开始执行设备统计更新任务...
+2026-01-10 14:26:00.086 [scheduling-5] WARN  c.c.s.i.DeviceReceiveLogServiceImpl - 删除时间点2026-01-08T14:26:00.002晚于默认保留时间2026-01-03T14:26:00.086，使用默认时间
+2026-01-10 14:26:00.172 [scheduling-5] INFO  c.c.s.i.DeviceReceiveLogServiceImpl - 删除2026-01-03T14:26:00.086天前的日志，共删除0条
+2026-01-10 14:26:00.172 [scheduling-2] INFO  com.common.service.DataExtractor - 指定时间范围分组数据量: 0 组
+2026-01-10 14:26:00.172 [scheduling-2] INFO  com.common.service.DataExtractor - 没有需要处理的数据
+2026-01-10 14:26:00.172 [scheduling-2] INFO  com.common.service.DataExtractor - 开始处理告警类型指定时间范围内数据，时间范围: 2026-01-10T14:20 - 2026-01-10T14:25
+2026-01-10 14:26:00.172 [log-processor-5] INFO  c.c.service.AccessLogAlertService - 加载了 1 个启用的算法配置
+2026-01-10 14:26:00.172 [scheduling-4] INFO  c.c.service.AccessLogAlertService - 加载了 1 个启用的算法配置
+2026-01-10 14:26:00.252 [scheduling-5] INFO  com.common.schedule.ETLOrchestrator - 定时清理任务完成，删除0条2天前的日志
+2026-01-10 14:26:00.258 [scheduling-8] INFO  c.c.service.DeviceStatsUpdateService - 设备统计更新完成，处理设备数：1，耗时：172ms
+2026-01-10 14:26:00.258 [scheduling-8] INFO  c.c.service.DeviceStatsUpdateService - 开始执行设备采集探针任务时间更新，时间: 2026-01-10T14:26:00.258
+2026-01-10 14:26:00.259 [scheduling-8] INFO  c.c.s.DeviceCollectTaskUpdateService - 开始批量更新设备采集任务时间，当前时间: 2026-01-10T14:26:00.259
+2026-01-10 14:26:00.259 [scheduling-2] INFO  com.common.service.DataExtractor - 指定时间范围分组数据量: 0 组
+2026-01-10 14:26:00.259 [scheduling-2] INFO  com.common.service.DataExtractor - 没有需要处理的数据
+2026-01-10 14:26:00.259 [scheduling-2] INFO  com.common.schedule.ETLOrchestrator - 定时ETL任务执行完成，耗时: 0 秒
+2026-01-10 14:26:00.323 [log-processor-5] INFO  c.c.service.AccessLogAlertService - 获取到 1 条新的日志数据，时间范围: 2026-01-10T14:12:00.183 到 2026-01-10T14:26:00.172
+2026-01-10 14:26:00.323 [log-processor-5] INFO  c.c.service.AccessLogAlertService - 开始处理算法: 测试算法3 (ID: 2004083121877696514)
+2026-01-10 14:26:00.414 [scheduling-4] INFO  c.c.service.AccessLogAlertService - 获取到 1 条新的日志数据，时间范围: 2026-01-10T14:12:00.183 到 2026-01-10T14:26:00.172
+2026-01-10 14:26:00.414 [scheduling-4] INFO  c.c.service.AccessLogAlertService - 开始处理算法: 测试算法3 (ID: 2004083121877696514)
+2026-01-10 14:26:00.773 [scheduling-8] INFO  c.c.s.DeviceCollectTaskUpdateService - 批量更新完成，总计: 48，已更新: 1
+2026-01-10 14:26:00.773 [scheduling-8] INFO  c.c.service.DeviceStatsUpdateService - 设备采集探针任务时间更新完成，耗时: 514ms
+2026-01-10 14:26:02.434 [log-processor-5] ERROR c.c.service.AccessLogAlertService - 调用算法API异常 [URL: http://192.168.4.33:5001/Webshell]: I/O error on POST request for "http://192.168.4.33:5001/Webshell": Connection refused: connect; nested exception is java.net.ConnectException: Connection refused: connect
+org.springframework.web.client.ResourceAccessException: I/O error on POST request for "http://192.168.4.33:5001/Webshell": Connection refused: connect; nested exception is java.net.ConnectException: Connection refused: connect
+	at org.springframework.web.client.RestTemplate.doExecute(RestTemplate.java:785)
+	at org.springframework.web.client.RestTemplate.execute(RestTemplate.java:711)
+	at org.springframework.web.client.RestTemplate.exchange(RestTemplate.java:602)
+	at com.common.service.AccessLogAlertService.callAlgorithmApi(AccessLogAlertService.java:275)
+	at com.common.service.AccessLogAlertService.processAlgorithm(AccessLogAlertService.java:153)
+	at com.common.service.AccessLogAlertService.processAccessLogAlert(AccessLogAlertService.java:122)
+	at com.common.service.AccessLogAlertService$$FastClassBySpringCGLIB$$4807ae0a.invoke(<generated>)
+	at org.springframework.cglib.proxy.MethodProxy.invoke(MethodProxy.java:218)
+	at org.springframework.aop.framework.CglibAopProxy$CglibMethodInvocation.invokeJoinpoint(CglibAopProxy.java:793)
+	at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:163)
+	at org.springframework.aop.framework.CglibAopProxy$CglibMethodInvocation.proceed(CglibAopProxy.java:763)
+	at org.springframework.aop.interceptor.AsyncExecutionInterceptor.lambda$invoke$0(AsyncExecutionInterceptor.java:115)
+	at java.util.concurrent.FutureTask.run$$$capture(FutureTask.java:266)
+	at java.util.concurrent.FutureTask.run(FutureTask.java)
+	at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
+	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
+	at java.lang.Thread.run(Thread.java:745)
+Caused by: java.net.ConnectException: Connection refused: connect
+	at java.net.DualStackPlainSocketImpl.waitForConnect(Native Method)
+	at java.net.DualStackPlainSocketImpl.socketConnect(DualStackPlainSocketImpl.java:85)
+	at java.net.AbstractPlainSocketImpl.doConnect(AbstractPlainSocketImpl.java:350)
+	at java.net.AbstractPlainSocketImpl.connectToAddress(AbstractPlainSocketImpl.java:206)
+	at java.net.AbstractPlainSocketImpl.connect(AbstractPlainSocketImpl.java:188)
+	at java.net.PlainSocketImpl.connect(PlainSocketImpl.java:172)
+	at java.net.SocksSocketImpl.connect(SocksSocketImpl.java:392)
+	at java.net.Socket.connect(Socket.java:589)
+	at sun.net.NetworkClient.doConnect(NetworkClient.java:175)
+	at sun.net.www.http.HttpClient.openServer(HttpClient.java:432)
+	at sun.net.www.http.HttpClient.openServer(HttpClient.java:527)
+	at sun.net.www.http.HttpClient.<init>(HttpClient.java:211)
+	at sun.net.www.http.HttpClient.New(HttpClient.java:308)
+	at sun.net.www.http.HttpClient.New(HttpClient.java:326)
+	at sun.net.www.protocol.http.HttpURLConnection.getNewHttpClient(HttpURLConnection.java:1202)
+	at sun.net.www.protocol.http.HttpURLConnection.plainConnect0(HttpURLConnection.java:1138)
+	at sun.net.www.protocol.http.HttpURLConnection.plainConnect(HttpURLConnection.java:1032)
+	at sun.net.www.protocol.http.HttpURLConnection.connect(HttpURLConnection.java:966)
+	at org.springframework.http.client.SimpleBufferingClientHttpRequest.executeInternal(SimpleBufferingClientHttpRequest.java:76)
+	at org.springframework.http.client.AbstractBufferingClientHttpRequest.executeInternal(AbstractBufferingClientHttpRequest.java:48)
+	at org.springframework.http.client.AbstractClientHttpRequest.execute(AbstractClientHttpRequest.java:66)
+	at org.springframework.http.client.InterceptingClientHttpRequest$InterceptingRequestExecution.execute(InterceptingClientHttpRequest.java:109)
+	at com.config.RestTemplateConfig$LoggingInterceptor.intercept(RestTemplateConfig.java:62)
+	at org.springframework.http.client.InterceptingClientHttpRequest$InterceptingRequestExecution.execute(InterceptingClientHttpRequest.java:93)
+	at org.springframework.http.client.InterceptingClientHttpRequest.executeInternal(InterceptingClientHttpRequest.java:77)
+	at org.springframework.http.client.AbstractBufferingClientHttpRequest.executeInternal(AbstractBufferingClientHttpRequest.java:48)
+	at org.springframework.http.client.AbstractClientHttpRequest.execute(AbstractClientHttpRequest.java:66)
+	at org.springframework.web.client.RestTemplate.doExecute(RestTemplate.java:776)
+	... 16 common frames omitted
+2026-01-10 14:26:02.449 [log-processor-5] ERROR c.c.service.AccessLogAlertService - 调用算法API失败: http://192.168.4.33:5001/Webshell - 无响应
+2026-01-10 14:26:02.449 [log-processor-5] INFO  c.c.service.AccessLogAlertService - 访问日志告警处理任务完成，下次将从 2026-01-10T14:26:00.172 开始处理
+2026-01-10 14:26:02.528 [scheduling-4] ERROR c.c.service.AccessLogAlertService - 调用算法API异常 [URL: http://192.168.4.33:5001/Webshell]: I/O error on POST request for "http://192.168.4.33:5001/Webshell": Connection refused: connect; nested exception is java.net.ConnectException: Connection refused: connect
+org.springframework.web.client.ResourceAccessException: I/O error on POST request for "http://192.168.4.33:5001/Webshell": Connection refused: connect; nested exception is java.net.ConnectException: Connection refused: connect
+	at org.springframework.web.client.RestTemplate.doExecute(RestTemplate.java:785)
+	at org.springframework.web.client.RestTemplate.execute(RestTemplate.java:711)
+	at org.springframework.web.client.RestTemplate.exchange(RestTemplate.java:602)
+	at com.common.service.AccessLogAlertService.callAlgorithmApi(AccessLogAlertService.java:275)
+	at com.common.service.AccessLogAlertService.processAlgorithm(AccessLogAlertService.java:153)
+	at com.common.service.AccessLogAlertService.processAccessLogAlert(AccessLogAlertService.java:122)
+	at com.common.service.AccessLogAlertService.safeProcessTask(AccessLogAlertService.java:387)
+	at com.common.service.AccessLogAlertService$$FastClassBySpringCGLIB$$4807ae0a.invoke(<generated>)
+	at org.springframework.cglib.proxy.MethodProxy.invoke(MethodProxy.java:218)
+	at org.springframework.aop.framework.CglibAopProxy.invokeMethod(CglibAopProxy.java:386)
+	at org.springframework.aop.framework.CglibAopProxy.access$000(CglibAopProxy.java:85)
+	at org.springframework.aop.framework.CglibAopProxy$DynamicAdvisedInterceptor.intercept(CglibAopProxy.java:704)
+	at com.common.service.AccessLogAlertService$$EnhancerBySpringCGLIB$$a38bc9af.safeProcessTask(<generated>)
+	at sun.reflect.GeneratedMethodAccessor147.invoke(Unknown Source)
+	at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
+	at java.lang.reflect.Method.invoke(Method.java:498)
+	at org.springframework.scheduling.support.ScheduledMethodRunnable.run(ScheduledMethodRunnable.java:84)
+	at org.springframework.scheduling.support.DelegatingErrorHandlingRunnable.run(DelegatingErrorHandlingRunnable.java:54)
+	at org.springframework.scheduling.concurrent.ReschedulingRunnable.run(ReschedulingRunnable.java:95)
+	at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511)
+	at java.util.concurrent.FutureTask.run$$$capture(FutureTask.java:266)
+	at java.util.concurrent.FutureTask.run(FutureTask.java)
+	at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.access$201(ScheduledThreadPoolExecutor.java:180)
+	at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.run(ScheduledThreadPoolExecutor.java:293)
+	at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
+	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
+	at java.lang.Thread.run(Thread.java:745)
+Caused by: java.net.ConnectException: Connection refused: connect
+	at java.net.DualStackPlainSocketImpl.waitForConnect(Native Method)
+	at java.net.DualStackPlainSocketImpl.socketConnect(DualStackPlainSocketImpl.java:85)
+	at java.net.AbstractPlainSocketImpl.doConnect(AbstractPlainSocketImpl.java:350)
+	at java.net.AbstractPlainSocketImpl.connectToAddress(AbstractPlainSocketImpl.java:206)
+	at java.net.AbstractPlainSocketImpl.connect(AbstractPlainSocketImpl.java:188)
+	at java.net.PlainSocketImpl.connect(PlainSocketImpl.java:172)
+	at java.net.SocksSocketImpl.connect(SocksSocketImpl.java:392)
+	at java.net.Socket.connect(Socket.java:589)
+	at sun.net.NetworkClient.doConnect(NetworkClient.java:175)
+	at sun.net.www.http.HttpClient.openServer(HttpClient.java:432)
+	at sun.net.www.http.HttpClient.openServer(HttpClient.java:527)
+	at sun.net.www.http.HttpClient.<init>(HttpClient.java:211)
+	at sun.net.www.http.HttpClient.New(HttpClient.java:308)
+	at sun.net.www.http.HttpClient.New(HttpClient.java:326)
+	at sun.net.www.protocol.http.HttpURLConnection.getNewHttpClient(HttpURLConnection.java:1202)
+	at sun.net.www.protocol.http.HttpURLConnection.plainConnect0(HttpURLConnection.java:1138)
+	at sun.net.www.protocol.http.HttpURLConnection.plainConnect(HttpURLConnection.java:1032)
+	at sun.net.www.protocol.http.HttpURLConnection.connect(HttpURLConnection.java:966)
+	at org.springframework.http.client.SimpleBufferingClientHttpRequest.executeInternal(SimpleBufferingClientHttpRequest.java:76)
+	at org.springframework.http.client.AbstractBufferingClientHttpRequest.executeInternal(AbstractBufferingClientHttpRequest.java:48)
+	at org.springframework.http.client.AbstractClientHttpRequest.execute(AbstractClientHttpRequest.java:66)
+	at org.springframework.http.client.InterceptingClientHttpRequest$InterceptingRequestExecution.execute(InterceptingClientHttpRequest.java:109)
+	at com.config.RestTemplateConfig$LoggingInterceptor.intercept(RestTemplateConfig.java:62)
+	at org.springframework.http.client.InterceptingClientHttpRequest$InterceptingRequestExecution.execute(InterceptingClientHttpRequest.java:93)
+	at org.springframework.http.client.InterceptingClientHttpRequest.executeInternal(InterceptingClientHttpRequest.java:77)
+	at org.springframework.http.client.AbstractBufferingClientHttpRequest.executeInternal(AbstractBufferingClientHttpRequest.java:48)
+	at org.springframework.http.client.AbstractClientHttpRequest.execute(AbstractClientHttpRequest.java:66)
+	at org.springframework.web.client.RestTemplate.doExecute(RestTemplate.java:776)
+	... 26 common frames omitted
+2026-01-10 14:26:02.543 [scheduling-4] ERROR c.c.service.AccessLogAlertService - 调用算法API失败: http://192.168.4.33:5001/Webshell - 无响应
+2026-01-10 14:26:02.543 [scheduling-4] INFO  c.c.service.AccessLogAlertService - 访问日志告警处理任务完成，下次将从 2026-01-10T14:26:00.172 开始处理
+2026-01-10 14:27:00.097 [scheduling-5] INFO  c.c.service.DeviceStatsUpdateService - 开始执行设备统计更新任务...
+2026-01-10 14:27:00.097 [scheduling-8] WARN  c.c.s.i.DeviceReceiveLogServiceImpl - 删除时间点2026-01-08T14:27:00.013晚于默认保留时间2026-01-03T14:27:00.097，使用默认时间
+2026-01-10 14:27:00.181 [scheduling-8] INFO  c.c.s.i.DeviceReceiveLogServiceImpl - 删除2026-01-03T14:27:00.097天前的日志，共删除0条
+2026-01-10 14:27:00.265 [scheduling-8] INFO  com.common.schedule.ETLOrchestrator - 定时清理任务完成，删除0条2天前的日志
+2026-01-10 14:27:00.270 [scheduling-5] INFO  c.c.service.DeviceStatsUpdateService - 设备统计更新完成，处理设备数：1，耗时：173ms
+2026-01-10 14:27:00.270 [scheduling-5] INFO  c.c.service.DeviceStatsUpdateService - 开始执行设备采集探针任务时间更新，时间: 2026-01-10T14:27:00.270
+2026-01-10 14:27:00.270 [scheduling-5] INFO  c.c.s.DeviceCollectTaskUpdateService - 开始批量更新设备采集任务时间，当前时间: 2026-01-10T14:27:00.270
+2026-01-10 14:27:00.748 [scheduling-5] INFO  c.c.s.DeviceCollectTaskUpdateService - 批量更新完成，总计: 48，已更新: 1
+2026-01-10 14:27:00.748 [scheduling-5] INFO  c.c.service.DeviceStatsUpdateService - 设备采集探针任务时间更新完成，耗时: 478ms
+2026-01-10 14:28:00.002 [scheduling-6] INFO  c.c.service.AccessLogAlertService - 开始执行访问日志告警处理任务
+2026-01-10 14:28:00.002 [log-processor-7] INFO  c.c.service.AccessLogAlertService - 开始执行访问日志告警处理任务
+2026-01-10 14:28:00.085 [scheduling-5] INFO  c.c.service.DeviceStatsUpdateService - 开始执行设备统计更新任务...
+2026-01-10 14:28:00.085 [scheduling-9] WARN  c.c.s.i.DeviceReceiveLogServiceImpl - 删除时间点2026-01-08T14:28:00.002晚于默认保留时间2026-01-03T14:28:00.085，使用默认时间
+2026-01-10 14:28:00.172 [scheduling-6] INFO  c.c.service.AccessLogAlertService - 加载了 1 个启用的算法配置
+2026-01-10 14:28:00.173 [scheduling-9] INFO  c.c.s.i.DeviceReceiveLogServiceImpl - 删除2026-01-03T14:28:00.085天前的日志，共删除0条
+2026-01-10 14:28:00.173 [log-processor-7] INFO  c.c.service.AccessLogAlertService - 加载了 1 个启用的算法配置
+2026-01-10 14:28:00.257 [scheduling-5] INFO  c.c.service.DeviceStatsUpdateService - 设备统计更新完成，处理设备数：1，耗时：172ms
+2026-01-10 14:28:00.257 [scheduling-5] INFO  c.c.service.DeviceStatsUpdateService - 开始执行设备采集探针任务时间更新，时间: 2026-01-10T14:28:00.257
+2026-01-10 14:28:00.257 [scheduling-5] INFO  c.c.s.DeviceCollectTaskUpdateService - 开始批量更新设备采集任务时间，当前时间: 2026-01-10T14:28:00.257
+2026-01-10 14:28:00.257 [scheduling-9] INFO  com.common.schedule.ETLOrchestrator - 定时清理任务完成，删除0条2天前的日志
+2026-01-10 14:28:00.322 [scheduling-6] INFO  c.c.service.AccessLogAlertService - 没有发现新的日志数据，上次处理时间: 2026-01-10T14:26:00.172
+2026-01-10 14:28:00.415 [log-processor-7] INFO  c.c.service.AccessLogAlertService - 没有发现新的日志数据，上次处理时间: 2026-01-10T14:26:00.172
+2026-01-10 14:28:00.725 [scheduling-5] INFO  c.c.s.DeviceCollectTaskUpdateService - 批量更新完成，总计: 48，已更新: 1
+2026-01-10 14:28:00.725 [scheduling-5] INFO  c.c.service.DeviceStatsUpdateService - 设备采集探针任务时间更新完成，耗时: 468ms
+2026-01-10 14:29:00.089 [scheduling-7] INFO  c.c.service.DeviceStatsUpdateService - 开始执行设备统计更新任务...
+2026-01-10 14:29:00.089 [scheduling-10] WARN  c.c.s.i.DeviceReceiveLogServiceImpl - 删除时间点2026-01-08T14:29:00.003晚于默认保留时间2026-01-03T14:29:00.089，使用默认时间
+2026-01-10 14:29:00.172 [scheduling-10] INFO  c.c.s.i.DeviceReceiveLogServiceImpl - 删除2026-01-03T14:29:00.089天前的日志，共删除0条
+2026-01-10 14:29:00.262 [scheduling-10] INFO  com.common.schedule.ETLOrchestrator - 定时清理任务完成，删除0条2天前的日志
+2026-01-10 14:29:00.262 [scheduling-7] INFO  c.c.service.DeviceStatsUpdateService - 设备统计更新完成，处理设备数：1，耗时：173ms
+2026-01-10 14:29:00.262 [scheduling-7] INFO  c.c.service.DeviceStatsUpdateService - 开始执行设备采集探针任务时间更新，时间: 2026-01-10T14:29:00.262
+2026-01-10 14:29:00.262 [scheduling-7] INFO  c.c.s.DeviceCollectTaskUpdateService - 开始批量更新设备采集任务时间，当前时间: 2026-01-10T14:29:00.262
+2026-01-10 14:29:00.715 [scheduling-7] INFO  c.c.s.DeviceCollectTaskUpdateService - 批量更新完成，总计: 48，已更新: 1
+2026-01-10 14:29:00.715 [scheduling-7] INFO  c.c.service.DeviceStatsUpdateService - 设备采集探针任务时间更新完成，耗时: 453ms
+2026-01-10 14:30:00.009 [scheduling-2] INFO  c.c.service.AccessLogAlertService - 开始执行访问日志告警处理任务
+2026-01-10 14:30:00.009 [log-processor-8] INFO  c.c.service.AccessLogAlertService - 开始执行访问日志告警处理任务
+2026-01-10 14:30:00.093 [scheduling-8] INFO  c.c.service.DeviceStatsUpdateService - 开始执行设备统计更新任务...
+2026-01-10 14:30:00.094 [scheduling-4] WARN  c.c.s.i.DeviceReceiveLogServiceImpl - 删除时间点2026-01-08T14:30:00.009晚于默认保留时间2026-01-03T14:30:00.094，使用默认时间
+2026-01-10 14:30:00.179 [scheduling-4] INFO  c.c.s.i.DeviceReceiveLogServiceImpl - 删除2026-01-03T14:30:00.094天前的日志，共删除0条
+2026-01-10 14:30:00.179 [log-processor-8] INFO  c.c.service.AccessLogAlertService - 加载了 1 个启用的算法配置
+2026-01-10 14:30:00.179 [scheduling-2] INFO  c.c.service.AccessLogAlertService - 加载了 1 个启用的算法配置
+2026-01-10 14:30:00.263 [scheduling-8] INFO  c.c.service.DeviceStatsUpdateService - 设备统计更新完成，处理设备数：1，耗时：170ms
+2026-01-10 14:30:00.263 [scheduling-8] INFO  c.c.service.DeviceStatsUpdateService - 开始执行设备采集探针任务时间更新，时间: 2026-01-10T14:30:00.263
+2026-01-10 14:30:00.263 [scheduling-8] INFO  c.c.s.DeviceCollectTaskUpdateService - 开始批量更新设备采集任务时间，当前时间: 2026-01-10T14:30:00.263
+2026-01-10 14:30:00.264 [scheduling-4] INFO  com.common.schedule.ETLOrchestrator - 定时清理任务完成，删除0条2天前的日志
+2026-01-10 14:30:00.329 [scheduling-2] INFO  c.c.service.AccessLogAlertService - 没有发现新的日志数据，上次处理时间: 2026-01-10T14:26:00.172
+2026-01-10 14:30:00.624 [log-processor-8] INFO  c.c.service.AccessLogAlertService - 没有发现新的日志数据，上次处理时间: 2026-01-10T14:26:00.172
+2026-01-10 14:30:00.726 [scheduling-8] INFO  c.c.s.DeviceCollectTaskUpdateService - 批量更新完成，总计: 48，已更新: 1
+2026-01-10 14:30:00.727 [scheduling-8] INFO  c.c.service.DeviceStatsUpdateService - 设备采集探针任务时间更新完成，耗时: 464ms
+2026-01-10 14:31:00.011 [scheduling-10] INFO  com.common.schedule.ETLOrchestrator - ETL任务开始执行，开始时间：2026-01-10 14:25:00,结束时间：2026-01-10 14:30:00
+2026-01-10 14:31:00.011 [scheduling-10] INFO  com.common.service.DataExtractor - 开始处理指定时间范围内访问日志数据，时间范围: 2026-01-10T14:25 - 2026-01-10T14:30
+2026-01-10 14:31:00.095 [scheduling-8] INFO  c.c.service.DeviceStatsUpdateService - 开始执行设备统计更新任务...
+2026-01-10 14:31:00.275 [scheduling-8] INFO  c.c.service.DeviceStatsUpdateService - 设备统计更新完成，处理设备数：1，耗时：180ms
+2026-01-10 14:31:00.275 [scheduling-8] INFO  c.c.service.DeviceStatsUpdateService - 开始执行设备采集探针任务时间更新，时间: 2026-01-10T14:31:00.275
+2026-01-10 14:31:00.275 [scheduling-8] INFO  c.c.s.DeviceCollectTaskUpdateService - 开始批量更新设备采集任务时间，当前时间: 2026-01-10T14:31:00.275
+2026-01-10 14:31:00.480 [scheduling-10] INFO  com.common.service.DataExtractor - 指定时间范围分组数据量: 0 组
+2026-01-10 14:31:00.480 [scheduling-10] INFO  com.common.service.DataExtractor - 没有需要处理的数据
+2026-01-10 14:31:00.481 [scheduling-10] INFO  com.common.service.DataExtractor - 开始处理告警类型指定时间范围内数据，时间范围: 2026-01-10T14:25 - 2026-01-10T14:30
+2026-01-10 14:31:00.569 [scheduling-10] INFO  com.common.service.DataExtractor - 指定时间范围分组数据量: 0 组
+2026-01-10 14:31:00.569 [scheduling-10] INFO  com.common.service.DataExtractor - 没有需要处理的数据
+2026-01-10 14:31:00.569 [scheduling-10] INFO  com.common.schedule.ETLOrchestrator - 定时ETL任务执行完成，耗时: 0 秒
+2026-01-10 14:31:00.774 [scheduling-8] INFO  c.c.s.DeviceCollectTaskUpdateService - 批量更新完成，总计: 48，已更新: 1
+2026-01-10 14:31:00.774 [scheduling-8] INFO  c.c.service.DeviceStatsUpdateService - 设备采集探针任务时间更新完成，耗时: 499ms
+2026-01-10 14:31:05.022 [scheduling-4] WARN  com.zaxxer.hikari.pool.PoolBase - HikariPool-1 - Failed to validate connection org.postgresql.jdbc.PgConnection@7cb5b9e1 (This connection has been closed.). Possibly consider using a shorter maxLifetime value.
+2026-01-10 14:31:05.395 [scheduling-4] WARN  c.c.s.i.DeviceReceiveLogServiceImpl - 删除时间点2026-01-08T14:31:00.011晚于默认保留时间2026-01-03T14:31:05.395，使用默认时间
+2026-01-10 14:31:05.480 [scheduling-4] INFO  c.c.s.i.DeviceReceiveLogServiceImpl - 删除2026-01-03T14:31:05.395天前的日志，共删除0条
+2026-01-10 14:31:05.563 [scheduling-4] INFO  com.common.schedule.ETLOrchestrator - 定时清理任务完成，删除0条2天前的日志
+2026-01-10 14:32:00.005 [scheduling-5] INFO  c.c.service.AccessLogAlertService - 开始执行访问日志告警处理任务
+2026-01-10 14:32:00.005 [log-processor-9] INFO  c.c.service.AccessLogAlertService - 开始执行访问日志告警处理任务
+2026-01-10 14:32:00.087 [scheduling-2] WARN  c.c.s.i.DeviceReceiveLogServiceImpl - 删除时间点2026-01-08T14:32:00.005晚于默认保留时间2026-01-03T14:32:00.087，使用默认时间
+2026-01-10 14:32:00.088 [scheduling-1] INFO  c.c.service.DeviceStatsUpdateService - 开始执行设备统计更新任务...
+2026-01-10 14:32:00.171 [scheduling-2] INFO  c.c.s.i.DeviceReceiveLogServiceImpl - 删除2026-01-03T14:32:00.087天前的日志，共删除0条
+2026-01-10 14:32:00.178 [log-processor-9] INFO  c.c.service.AccessLogAlertService - 加载了 1 个启用的算法配置
+2026-01-10 14:32:00.179 [scheduling-5] INFO  c.c.service.AccessLogAlertService - 加载了 1 个启用的算法配置
+2026-01-10 14:32:00.254 [scheduling-2] INFO  com.common.schedule.ETLOrchestrator - 定时清理任务完成，删除0条2天前的日志
+2026-01-10 14:32:00.256 [scheduling-1] INFO  c.c.service.DeviceStatsUpdateService - 设备统计更新完成，处理设备数：1，耗时：168ms
+2026-01-10 14:32:00.257 [scheduling-1] INFO  c.c.service.DeviceStatsUpdateService - 开始执行设备采集探针任务时间更新，时间: 2026-01-10T14:32:00.257
+2026-01-10 14:32:00.257 [scheduling-1] INFO  c.c.s.DeviceCollectTaskUpdateService - 开始批量更新设备采集任务时间，当前时间: 2026-01-10T14:32:00.257
+2026-01-10 14:32:00.653 [log-processor-9] INFO  c.c.service.AccessLogAlertService - 没有发现新的日志数据，上次处理时间: 2026-01-10T14:26:00.172
+2026-01-10 14:32:00.653 [scheduling-5] INFO  c.c.service.AccessLogAlertService - 没有发现新的日志数据，上次处理时间: 2026-01-10T14:26:00.172
+2026-01-10 14:32:00.694 [scheduling-1] INFO  c.c.s.DeviceCollectTaskUpdateService - 批量更新完成，总计: 48，已更新: 1
+2026-01-10 14:32:00.694 [scheduling-1] INFO  c.c.service.DeviceStatsUpdateService - 设备采集探针任务时间更新完成，耗时: 437ms
+2026-01-10 14:33:00.090 [scheduling-2] WARN  c.c.s.i.DeviceReceiveLogServiceImpl - 删除时间点2026-01-08T14:33:00.008晚于默认保留时间2026-01-03T14:33:00.090，使用默认时间
+2026-01-10 14:33:00.091 [scheduling-10] INFO  c.c.service.DeviceStatsUpdateService - 开始执行设备统计更新任务...
+2026-01-10 14:33:00.173 [scheduling-2] INFO  c.c.s.i.DeviceReceiveLogServiceImpl - 删除2026-01-03T14:33:00.090天前的日志，共删除0条
+2026-01-10 14:33:00.255 [scheduling-2] INFO  com.common.schedule.ETLOrchestrator - 定时清理任务完成，删除0条2天前的日志
+2026-01-10 14:33:00.260 [scheduling-10] INFO  c.c.service.DeviceStatsUpdateService - 设备统计更新完成，处理设备数：1，耗时：169ms
+2026-01-10 14:33:00.260 [scheduling-10] INFO  c.c.service.DeviceStatsUpdateService - 开始执行设备采集探针任务时间更新，时间: 2026-01-10T14:33:00.260
+2026-01-10 14:33:00.260 [scheduling-10] INFO  c.c.s.DeviceCollectTaskUpdateService - 开始批量更新设备采集任务时间，当前时间: 2026-01-10T14:33:00.260
+2026-01-10 14:33:00.763 [scheduling-10] INFO  c.c.s.DeviceCollectTaskUpdateService - 批量更新完成，总计: 48，已更新: 1
+2026-01-10 14:33:00.763 [scheduling-10] INFO  c.c.service.DeviceStatsUpdateService - 设备采集探针任务时间更新完成，耗时: 503ms
+2026-01-10 14:34:00.002 [scheduling-9] INFO  c.c.service.AccessLogAlertService - 开始执行访问日志告警处理任务
+2026-01-10 14:34:00.002 [log-processor-10] INFO  c.c.service.AccessLogAlertService - 开始执行访问日志告警处理任务
+2026-01-10 14:34:00.086 [scheduling-2] WARN  c.c.s.i.DeviceReceiveLogServiceImpl - 删除时间点2026-01-08T14:34:00.002晚于默认保留时间2026-01-03T14:34:00.086，使用默认时间
+2026-01-10 14:34:00.087 [scheduling-8] INFO  c.c.service.DeviceStatsUpdateService - 开始执行设备统计更新任务...
+2026-01-10 14:34:00.169 [scheduling-2] INFO  c.c.s.i.DeviceReceiveLogServiceImpl - 删除2026-01-03T14:34:00.086天前的日志，共删除0条
+2026-01-10 14:34:00.174 [log-processor-10] INFO  c.c.service.AccessLogAlertService - 加载了 1 个启用的算法配置
+2026-01-10 14:34:00.176 [scheduling-9] INFO  c.c.service.AccessLogAlertService - 加载了 1 个启用的算法配置
+2026-01-10 14:34:00.244 [scheduling-2] INFO  com.common.schedule.ETLOrchestrator - 定时清理任务完成，删除0条2天前的日志
+2026-01-10 14:34:00.257 [scheduling-8] INFO  c.c.service.DeviceStatsUpdateService - 设备统计更新完成，处理设备数：1，耗时：170ms
+2026-01-10 14:34:00.257 [scheduling-8] INFO  c.c.service.DeviceStatsUpdateService - 开始执行设备采集探针任务时间更新，时间: 2026-01-10T14:34:00.257
+2026-01-10 14:34:00.257 [scheduling-8] INFO  c.c.s.DeviceCollectTaskUpdateService - 开始批量更新设备采集任务时间，当前时间: 2026-01-10T14:34:00.257
+2026-01-10 14:34:00.295 [log-processor-10] INFO  c.c.service.AccessLogAlertService - 没有发现新的日志数据，上次处理时间: 2026-01-10T14:26:00.172
+2026-01-10 14:34:00.299 [scheduling-9] INFO  c.c.service.AccessLogAlertService - 没有发现新的日志数据，上次处理时间: 2026-01-10T14:26:00.172
+2026-01-10 14:34:00.724 [scheduling-8] INFO  c.c.s.DeviceCollectTaskUpdateService - 批量更新完成，总计: 48，已更新: 1
+2026-01-10 14:34:00.724 [scheduling-8] INFO  c.c.service.DeviceStatsUpdateService - 设备采集探针任务时间更新完成，耗时: 467ms
+2026-01-10 14:35:00.102 [scheduling-7] WARN  c.c.s.i.DeviceReceiveLogServiceImpl - 删除时间点2026-01-08T14:35:00.018晚于默认保留时间2026-01-03T14:35:00.102，使用默认时间
+2026-01-10 14:35:00.102 [scheduling-8] INFO  c.c.service.DeviceStatsUpdateService - 开始执行设备统计更新任务...
+2026-01-10 14:35:00.186 [scheduling-7] INFO  c.c.s.i.DeviceReceiveLogServiceImpl - 删除2026-01-03T14:35:00.102天前的日志，共删除0条
+2026-01-10 14:35:00.270 [scheduling-7] INFO  com.common.schedule.ETLOrchestrator - 定时清理任务完成，删除0条2天前的日志
+2026-01-10 14:35:00.275 [scheduling-8] INFO  c.c.service.DeviceStatsUpdateService - 设备统计更新完成，处理设备数：1，耗时：173ms
+2026-01-10 14:35:00.275 [scheduling-8] INFO  c.c.service.DeviceStatsUpdateService - 开始执行设备采集探针任务时间更新，时间: 2026-01-10T14:35:00.275
+2026-01-10 14:35:00.275 [scheduling-8] INFO  c.c.s.DeviceCollectTaskUpdateService - 开始批量更新设备采集任务时间，当前时间: 2026-01-10T14:35:00.275
+2026-01-10 14:35:00.800 [scheduling-8] INFO  c.c.s.DeviceCollectTaskUpdateService - 批量更新完成，总计: 48，已更新: 1
+2026-01-10 14:35:00.800 [scheduling-8] INFO  c.c.service.DeviceStatsUpdateService - 设备采集探针任务时间更新完成，耗时: 525ms
+2026-01-10 14:36:00.002 [scheduling-5] INFO  c.c.service.AccessLogAlertService - 开始执行访问日志告警处理任务
+2026-01-10 14:36:00.002 [log-processor-1] INFO  c.c.service.AccessLogAlertService - 开始执行访问日志告警处理任务
+2026-01-10 14:36:00.002 [scheduling-6] INFO  com.common.schedule.ETLOrchestrator - ETL任务开始执行，开始时间：2026-01-10 14:30:00,结束时间：2026-01-10 14:35:00
+2026-01-10 14:36:00.003 [scheduling-6] INFO  com.common.service.DataExtractor - 开始处理指定时间范围内访问日志数据，时间范围: 2026-01-10T14:30 - 2026-01-10T14:35
+2026-01-10 14:36:00.088 [scheduling-1] WARN  c.c.s.i.DeviceReceiveLogServiceImpl - 删除时间点2026-01-08T14:36:00.002晚于默认保留时间2026-01-03T14:36:00.088，使用默认时间
+2026-01-10 14:36:00.104 [scheduling-4] INFO  c.c.service.DeviceStatsUpdateService - 开始执行设备统计更新任务...
+2026-01-10 14:36:00.173 [scheduling-1] INFO  c.c.s.i.DeviceReceiveLogServiceImpl - 删除2026-01-03T14:36:00.088天前的日志，共删除0条
+2026-01-10 14:36:00.174 [scheduling-5] INFO  c.c.service.AccessLogAlertService - 加载了 1 个启用的算法配置
+2026-01-10 14:36:00.174 [scheduling-6] INFO  com.common.service.DataExtractor - 指定时间范围分组数据量: 0 组
+2026-01-10 14:36:00.174 [scheduling-6] INFO  com.common.service.DataExtractor - 没有需要处理的数据
+2026-01-10 14:36:00.174 [scheduling-6] INFO  com.common.service.DataExtractor - 开始处理告警类型指定时间范围内数据，时间范围: 2026-01-10T14:30 - 2026-01-10T14:35
+2026-01-10 14:36:00.255 [scheduling-1] INFO  com.common.schedule.ETLOrchestrator - 定时清理任务完成，删除0条2天前的日志
+2026-01-10 14:36:00.263 [scheduling-6] INFO  com.common.service.DataExtractor - 指定时间范围分组数据量: 0 组
+2026-01-10 14:36:00.263 [scheduling-6] INFO  com.common.service.DataExtractor - 没有需要处理的数据
+2026-01-10 14:36:00.263 [scheduling-6] INFO  com.common.schedule.ETLOrchestrator - 定时ETL任务执行完成，耗时: 0 秒
+2026-01-10 14:36:00.282 [scheduling-4] INFO  c.c.service.DeviceStatsUpdateService - 设备统计更新完成，处理设备数：1，耗时：178ms
+2026-01-10 14:36:00.282 [scheduling-4] INFO  c.c.service.DeviceStatsUpdateService - 开始执行设备采集探针任务时间更新，时间: 2026-01-10T14:36:00.282
+2026-01-10 14:36:00.282 [scheduling-4] INFO  c.c.s.DeviceCollectTaskUpdateService - 开始批量更新设备采集任务时间，当前时间: 2026-01-10T14:36:00.282
+2026-01-10 14:36:00.307 [scheduling-5] INFO  c.c.service.AccessLogAlertService - 没有发现新的日志数据，上次处理时间: 2026-01-10T14:26:00.172
+2026-01-10 14:36:00.471 [log-processor-1] INFO  c.c.service.AccessLogAlertService - 加载了 1 个启用的算法配置
+2026-01-10 14:36:00.765 [scheduling-4] INFO  c.c.s.DeviceCollectTaskUpdateService - 批量更新完成，总计: 48，已更新: 1
+2026-01-10 14:36:00.766 [scheduling-4] INFO  c.c.service.DeviceStatsUpdateService - 设备采集探针任务时间更新完成，耗时: 484ms
+2026-01-10 14:36:00.900 [log-processor-1] INFO  c.c.service.AccessLogAlertService - 没有发现新的日志数据，上次处理时间: 2026-01-10T14:26:00.172
+2026-01-10 14:37:00.093 [scheduling-7] WARN  c.c.s.i.DeviceReceiveLogServiceImpl - 删除时间点2026-01-08T14:37:00.013晚于默认保留时间2026-01-03T14:37:00.093，使用默认时间
+2026-01-10 14:37:00.093 [scheduling-4] INFO  c.c.service.DeviceStatsUpdateService - 开始执行设备统计更新任务...
+2026-01-10 14:37:00.178 [scheduling-7] INFO  c.c.s.i.DeviceReceiveLogServiceImpl - 删除2026-01-03T14:37:00.093天前的日志，共删除0条
+2026-01-10 14:37:00.259 [scheduling-7] INFO  com.common.schedule.ETLOrchestrator - 定时清理任务完成，删除0条2天前的日志
+2026-01-10 14:37:00.573 [scheduling-4] INFO  c.c.service.DeviceStatsUpdateService - 设备统计更新完成，处理设备数：1，耗时：480ms
+2026-01-10 14:37:00.573 [scheduling-4] INFO  c.c.service.DeviceStatsUpdateService - 开始执行设备采集探针任务时间更新，时间: 2026-01-10T14:37:00.573
+2026-01-10 14:37:00.573 [scheduling-4] INFO  c.c.s.DeviceCollectTaskUpdateService - 开始批量更新设备采集任务时间，当前时间: 2026-01-10T14:37:00.573
+2026-01-10 14:37:01.144 [scheduling-4] INFO  c.c.s.DeviceCollectTaskUpdateService - 批量更新完成，总计: 48，已更新: 1
+2026-01-10 14:37:01.145 [scheduling-4] INFO  c.c.service.DeviceStatsUpdateService - 设备采集探针任务时间更新完成，耗时: 572ms
+2026-01-10 14:38:00.012 [scheduling-9] INFO  c.c.service.AccessLogAlertService - 开始执行访问日志告警处理任务
+2026-01-10 14:38:00.012 [log-processor-2] INFO  c.c.service.AccessLogAlertService - 开始执行访问日志告警处理任务
+2026-01-10 14:38:00.095 [scheduling-8] INFO  c.c.service.DeviceStatsUpdateService - 开始执行设备统计更新任务...
+2026-01-10 14:38:00.095 [scheduling-10] WARN  c.c.s.i.DeviceReceiveLogServiceImpl - 删除时间点2026-01-08T14:38:00.012晚于默认保留时间2026-01-03T14:38:00.095，使用默认时间
+2026-01-10 14:38:00.178 [scheduling-10] INFO  c.c.s.i.DeviceReceiveLogServiceImpl - 删除2026-01-03T14:38:00.095天前的日志，共删除0条
+2026-01-10 14:38:00.179 [log-processor-2] INFO  c.c.service.AccessLogAlertService - 加载了 1 个启用的算法配置
+2026-01-10 14:38:00.180 [scheduling-9] INFO  c.c.service.AccessLogAlertService - 加载了 1 个启用的算法配置
+2026-01-10 14:38:00.262 [scheduling-10] INFO  com.common.schedule.ETLOrchestrator - 定时清理任务完成，删除0条2天前的日志
+2026-01-10 14:38:00.262 [scheduling-8] INFO  c.c.service.DeviceStatsUpdateService - 设备统计更新完成，处理设备数：1，耗时：167ms
+2026-01-10 14:38:00.262 [scheduling-8] INFO  c.c.service.DeviceStatsUpdateService - 开始执行设备采集探针任务时间更新，时间: 2026-01-10T14:38:00.262
+2026-01-10 14:38:00.262 [scheduling-8] INFO  c.c.s.DeviceCollectTaskUpdateService - 开始批量更新设备采集任务时间，当前时间: 2026-01-10T14:38:00.262
+2026-01-10 14:38:00.320 [log-processor-2] INFO  c.c.service.AccessLogAlertService - 没有发现新的日志数据，上次处理时间: 2026-01-10T14:26:00.172
+2026-01-10 14:38:00.320 [scheduling-9] INFO  c.c.service.AccessLogAlertService - 没有发现新的日志数据，上次处理时间: 2026-01-10T14:26:00.172
+2026-01-10 14:38:00.755 [scheduling-8] INFO  c.c.s.DeviceCollectTaskUpdateService - 批量更新完成，总计: 48，已更新: 1
+2026-01-10 14:38:00.755 [scheduling-8] INFO  c.c.service.DeviceStatsUpdateService - 设备采集探针任务时间更新完成，耗时: 493ms
+2026-01-10 14:39:00.095 [scheduling-10] WARN  c.c.s.i.DeviceReceiveLogServiceImpl - 删除时间点2026-01-08T14:39:00.011晚于默认保留时间2026-01-03T14:39:00.095，使用默认时间
+2026-01-10 14:39:00.096 [scheduling-1] INFO  c.c.service.DeviceStatsUpdateService - 开始执行设备统计更新任务...
+2026-01-10 14:39:00.179 [scheduling-10] INFO  c.c.s.i.DeviceReceiveLogServiceImpl - 删除2026-01-03T14:39:00.095天前的日志，共删除0条
+2026-01-10 14:39:00.262 [scheduling-1] INFO  c.c.service.DeviceStatsUpdateService - 设备统计更新完成，处理设备数：1，耗时：166ms
+2026-01-10 14:39:00.262 [scheduling-10] INFO  com.common.schedule.ETLOrchestrator - 定时清理任务完成，删除0条2天前的日志
+2026-01-10 14:39:00.262 [scheduling-1] INFO  c.c.service.DeviceStatsUpdateService - 开始执行设备采集探针任务时间更新，时间: 2026-01-10T14:39:00.262
+2026-01-10 14:39:00.262 [scheduling-1] INFO  c.c.s.DeviceCollectTaskUpdateService - 开始批量更新设备采集任务时间，当前时间: 2026-01-10T14:39:00.262
+2026-01-10 14:39:00.713 [scheduling-1] INFO  c.c.s.DeviceCollectTaskUpdateService - 批量更新完成，总计: 48，已更新: 1
+2026-01-10 14:39:00.714 [scheduling-1] INFO  c.c.service.DeviceStatsUpdateService - 设备采集探针任务时间更新完成，耗时: 452ms
+2026-01-10 14:40:00.013 [scheduling-3] INFO  c.c.service.AccessLogAlertService - 开始执行访问日志告警处理任务
+2026-01-10 14:40:00.013 [log-processor-3] INFO  c.c.service.AccessLogAlertService - 开始执行访问日志告警处理任务
+2026-01-10 14:40:00.104 [scheduling-6] WARN  c.c.s.i.DeviceReceiveLogServiceImpl - 删除时间点2026-01-08T14:40:00.013晚于默认保留时间2026-01-03T14:40:00.104，使用默认时间
+2026-01-10 14:40:00.105 [scheduling-4] INFO  c.c.service.DeviceStatsUpdateService - 开始执行设备统计更新任务...
+2026-01-10 14:40:00.176 [log-processor-3] INFO  c.c.service.AccessLogAlertService - 加载了 1 个启用的算法配置
+2026-01-10 14:40:00.178 [scheduling-3] INFO  c.c.service.AccessLogAlertService - 加载了 1 个启用的算法配置
+2026-01-10 14:40:00.190 [scheduling-6] INFO  c.c.s.i.DeviceReceiveLogServiceImpl - 删除2026-01-03T14:40:00.104天前的日志，共删除0条
+2026-01-10 14:40:00.274 [scheduling-6] INFO  com.common.schedule.ETLOrchestrator - 定时清理任务完成，删除0条2天前的日志
+2026-01-10 14:40:00.274 [scheduling-4] INFO  c.c.service.DeviceStatsUpdateService - 设备统计更新完成，处理设备数：1，耗时：169ms
+2026-01-10 14:40:00.274 [scheduling-4] INFO  c.c.service.DeviceStatsUpdateService - 开始执行设备采集探针任务时间更新，时间: 2026-01-10T14:40:00.274
+2026-01-10 14:40:00.274 [scheduling-4] INFO  c.c.s.DeviceCollectTaskUpdateService - 开始批量更新设备采集任务时间，当前时间: 2026-01-10T14:40:00.274
+2026-01-10 14:40:00.281 [log-processor-3] INFO  c.c.service.AccessLogAlertService - 没有发现新的日志数据，上次处理时间: 2026-01-10T14:26:00.172
+2026-01-10 14:40:00.536 [scheduling-3] INFO  c.c.service.AccessLogAlertService - 没有发现新的日志数据，上次处理时间: 2026-01-10T14:26:00.172
+2026-01-10 14:40:00.747 [scheduling-4] INFO  c.c.s.DeviceCollectTaskUpdateService - 批量更新完成，总计: 48，已更新: 1
+2026-01-10 14:40:00.747 [scheduling-4] INFO  c.c.service.DeviceStatsUpdateService - 设备采集探针任务时间更新完成，耗时: 473ms
+2026-01-10 14:41:00.013 [scheduling-8] INFO  com.common.schedule.ETLOrchestrator - ETL任务开始执行，开始时间：2026-01-10 14:35:00,结束时间：2026-01-10 14:40:00
+2026-01-10 14:41:00.013 [scheduling-8] INFO  com.common.service.DataExtractor - 开始处理指定时间范围内访问日志数据，时间范围: 2026-01-10T14:35 - 2026-01-10T14:40
+2026-01-10 14:41:00.095 [scheduling-10] INFO  c.c.service.DeviceStatsUpdateService - 开始执行设备统计更新任务...
+2026-01-10 14:41:00.097 [scheduling-6] WARN  c.c.s.i.DeviceReceiveLogServiceImpl - 删除时间点2026-01-08T14:41:00.013晚于默认保留时间2026-01-03T14:41:00.097，使用默认时间
+2026-01-10 14:41:00.179 [scheduling-8] INFO  com.common.service.DataExtractor - 指定时间范围分组数据量: 0 组
+2026-01-10 14:41:00.179 [scheduling-8] INFO  com.common.service.DataExtractor - 没有需要处理的数据
+2026-01-10 14:41:00.179 [scheduling-8] INFO  com.common.service.DataExtractor - 开始处理告警类型指定时间范围内数据，时间范围: 2026-01-10T14:35 - 2026-01-10T14:40
+2026-01-10 14:41:00.180 [scheduling-6] INFO  c.c.s.i.DeviceReceiveLogServiceImpl - 删除2026-01-03T14:41:00.097天前的日志，共删除0条
+2026-01-10 14:41:00.262 [scheduling-8] INFO  com.common.service.DataExtractor - 指定时间范围分组数据量: 0 组
+2026-01-10 14:41:00.262 [scheduling-10] INFO  c.c.service.DeviceStatsUpdateService - 设备统计更新完成，处理设备数：1，耗时：167ms
+2026-01-10 14:41:00.262 [scheduling-8] INFO  com.common.service.DataExtractor - 没有需要处理的数据
+2026-01-10 14:41:00.262 [scheduling-10] INFO  c.c.service.DeviceStatsUpdateService - 开始执行设备采集探针任务时间更新，时间: 2026-01-10T14:41:00.262
+2026-01-10 14:41:00.262 [scheduling-8] INFO  com.common.schedule.ETLOrchestrator - 定时ETL任务执行完成，耗时: 0 秒
+2026-01-10 14:41:00.262 [scheduling-10] INFO  c.c.s.DeviceCollectTaskUpdateService - 开始批量更新设备采集任务时间，当前时间: 2026-01-10T14:41:00.262
+2026-01-10 14:41:00.265 [scheduling-6] INFO  com.common.schedule.ETLOrchestrator - 定时清理任务完成，删除0条2天前的日志
+2026-01-10 14:41:00.698 [scheduling-10] INFO  c.c.s.DeviceCollectTaskUpdateService - 批量更新完成，总计: 48，已更新: 1
+2026-01-10 14:41:00.698 [scheduling-10] INFO  c.c.service.DeviceStatsUpdateService - 设备采集探针任务时间更新完成，耗时: 436ms
+2026-01-10 14:42:00.001 [log-processor-4] INFO  c.c.service.AccessLogAlertService - 开始执行访问日志告警处理任务
+2026-01-10 14:42:00.001 [scheduling-5] INFO  c.c.service.AccessLogAlertService - 开始执行访问日志告警处理任务
+2026-01-10 14:42:00.081 [scheduling-7] WARN  c.c.s.i.DeviceReceiveLogServiceImpl - 删除时间点2026-01-08T14:42:00.001晚于默认保留时间2026-01-03T14:42:00.081，使用默认时间
+2026-01-10 14:42:00.101 [scheduling-9] INFO  c.c.service.DeviceStatsUpdateService - 开始执行设备统计更新任务...
+2026-01-10 14:42:00.161 [scheduling-7] INFO  c.c.s.i.DeviceReceiveLogServiceImpl - 删除2026-01-03T14:42:00.081天前的日志，共删除0条
+2026-01-10 14:42:00.166 [log-processor-4] INFO  c.c.service.AccessLogAlertService - 加载了 1 个启用的算法配置
+2026-01-10 14:42:00.166 [scheduling-5] INFO  c.c.service.AccessLogAlertService - 加载了 1 个启用的算法配置
+2026-01-10 14:42:00.240 [scheduling-7] INFO  com.common.schedule.ETLOrchestrator - 定时清理任务完成，删除0条2天前的日志
+2026-01-10 14:42:00.271 [scheduling-9] INFO  c.c.service.DeviceStatsUpdateService - 设备统计更新完成，处理设备数：1，耗时：170ms
+2026-01-10 14:42:00.271 [scheduling-9] INFO  c.c.service.DeviceStatsUpdateService - 开始执行设备采集探针任务时间更新，时间: 2026-01-10T14:42:00.271
+2026-01-10 14:42:00.272 [scheduling-9] INFO  c.c.s.DeviceCollectTaskUpdateService - 开始批量更新设备采集任务时间，当前时间: 2026-01-10T14:42:00.272
+2026-01-10 14:42:00.272 [log-processor-4] INFO  c.c.service.AccessLogAlertService - 没有发现新的日志数据，上次处理时间: 2026-01-10T14:26:00.172
+2026-01-10 14:42:00.272 [scheduling-5] INFO  c.c.service.AccessLogAlertService - 没有发现新的日志数据，上次处理时间: 2026-01-10T14:26:00.172
+2026-01-10 14:42:00.748 [scheduling-9] INFO  c.c.s.DeviceCollectTaskUpdateService - 批量更新完成，总计: 48，已更新: 1
+2026-01-10 14:42:00.749 [scheduling-9] INFO  c.c.service.DeviceStatsUpdateService - 设备采集探针任务时间更新完成，耗时: 478ms
+2026-01-10 14:43:00.091 [scheduling-7] INFO  c.c.service.DeviceStatsUpdateService - 开始执行设备统计更新任务...
+2026-01-10 14:43:00.095 [scheduling-9] WARN  c.c.s.i.DeviceReceiveLogServiceImpl - 删除时间点2026-01-08T14:43:00.010晚于默认保留时间2026-01-03T14:43:00.095，使用默认时间
+2026-01-10 14:43:00.179 [scheduling-9] INFO  c.c.s.i.DeviceReceiveLogServiceImpl - 删除2026-01-03T14:43:00.095天前的日志，共删除0条
+2026-01-10 14:43:00.262 [scheduling-7] INFO  c.c.service.DeviceStatsUpdateService - 设备统计更新完成，处理设备数：1，耗时：171ms
+2026-01-10 14:43:00.262 [scheduling-7] INFO  c.c.service.DeviceStatsUpdateService - 开始执行设备采集探针任务时间更新，时间: 2026-01-10T14:43:00.262
+2026-01-10 14:43:00.262 [scheduling-7] INFO  c.c.s.DeviceCollectTaskUpdateService - 开始批量更新设备采集任务时间，当前时间: 2026-01-10T14:43:00.262
+2026-01-10 14:43:00.263 [scheduling-9] INFO  com.common.schedule.ETLOrchestrator - 定时清理任务完成，删除0条2天前的日志
+2026-01-10 14:43:00.724 [scheduling-7] INFO  c.c.s.DeviceCollectTaskUpdateService - 批量更新完成，总计: 48，已更新: 1
+2026-01-10 14:43:00.724 [scheduling-7] INFO  c.c.service.DeviceStatsUpdateService - 设备采集探针任务时间更新完成，耗时: 462ms
+2026-01-10 14:44:00.010 [scheduling-3] INFO  c.c.service.AccessLogAlertService - 开始执行访问日志告警处理任务
+2026-01-10 14:44:00.011 [log-processor-6] INFO  c.c.service.AccessLogAlertService - 开始执行访问日志告警处理任务
+2026-01-10 14:44:00.093 [scheduling-10] INFO  c.c.service.DeviceStatsUpdateService - 开始执行设备统计更新任务...
+2026-01-10 14:44:00.097 [scheduling-6] WARN  c.c.s.i.DeviceReceiveLogServiceImpl - 删除时间点2026-01-08T14:44:00.011晚于默认保留时间2026-01-03T14:44:00.097，使用默认时间
+2026-01-10 14:44:00.177 [scheduling-3] INFO  c.c.service.AccessLogAlertService - 加载了 1 个启用的算法配置
+2026-01-10 14:44:00.183 [scheduling-6] INFO  c.c.s.i.DeviceReceiveLogServiceImpl - 删除2026-01-03T14:44:00.097天前的日志，共删除0条
+2026-01-10 14:44:00.183 [log-processor-6] INFO  c.c.service.AccessLogAlertService - 加载了 1 个启用的算法配置
+2026-01-10 14:44:00.253 [scheduling-10] INFO  c.c.service.DeviceStatsUpdateService - 设备统计更新完成，处理设备数：1，耗时：160ms
+2026-01-10 14:44:00.253 [scheduling-10] INFO  c.c.service.DeviceStatsUpdateService - 开始执行设备采集探针任务时间更新，时间: 2026-01-10T14:44:00.253
+2026-01-10 14:44:00.253 [scheduling-10] INFO  c.c.s.DeviceCollectTaskUpdateService - 开始批量更新设备采集任务时间，当前时间: 2026-01-10T14:44:00.253
+2026-01-10 14:44:00.266 [scheduling-6] INFO  com.common.schedule.ETLOrchestrator - 定时清理任务完成，删除0条2天前的日志
+2026-01-10 14:44:00.320 [scheduling-3] INFO  c.c.service.AccessLogAlertService - 没有发现新的日志数据，上次处理时间: 2026-01-10T14:26:00.172
+2026-01-10 14:44:00.413 [log-processor-6] INFO  c.c.service.AccessLogAlertService - 没有发现新的日志数据，上次处理时间: 2026-01-10T14:26:00.172
+2026-01-10 14:44:00.756 [scheduling-10] INFO  c.c.s.DeviceCollectTaskUpdateService - 批量更新完成，总计: 48，已更新: 1
+2026-01-10 14:44:00.756 [scheduling-10] INFO  c.c.service.DeviceStatsUpdateService - 设备采集探针任务时间更新完成，耗时: 503ms
+2026-01-10 14:45:00.084 [scheduling-10] WARN  c.c.s.i.DeviceReceiveLogServiceImpl - 删除时间点2026-01-08T14:45:00.002晚于默认保留时间2026-01-03T14:45:00.084，使用默认时间
+2026-01-10 14:45:00.085 [scheduling-6] INFO  c.c.service.DeviceStatsUpdateService - 开始执行设备统计更新任务...
+2026-01-10 14:45:00.166 [scheduling-10] INFO  c.c.s.i.DeviceReceiveLogServiceImpl - 删除2026-01-03T14:45:00.084天前的日志，共删除0条
+2026-01-10 14:45:00.247 [scheduling-10] INFO  com.common.schedule.ETLOrchestrator - 定时清理任务完成，删除0条2天前的日志
+2026-01-10 14:45:00.260 [scheduling-6] INFO  c.c.service.DeviceStatsUpdateService - 设备统计更新完成，处理设备数：1，耗时：175ms
+2026-01-10 14:45:00.260 [scheduling-6] INFO  c.c.service.DeviceStatsUpdateService - 开始执行设备采集探针任务时间更新，时间: 2026-01-10T14:45:00.260
+2026-01-10 14:45:00.260 [scheduling-6] INFO  c.c.s.DeviceCollectTaskUpdateService - 开始批量更新设备采集任务时间，当前时间: 2026-01-10T14:45:00.260
+2026-01-10 14:45:01.026 [scheduling-6] INFO  c.c.s.DeviceCollectTaskUpdateService - 批量更新完成，总计: 48，已更新: 1
+2026-01-10 14:45:01.026 [scheduling-6] INFO  c.c.service.DeviceStatsUpdateService - 设备采集探针任务时间更新完成，耗时: 766ms
+2026-01-10 14:46:00.001 [scheduling-7] INFO  c.c.service.AccessLogAlertService - 开始执行访问日志告警处理任务
+2026-01-10 14:46:00.001 [log-processor-5] INFO  c.c.service.AccessLogAlertService - 开始执行访问日志告警处理任务
+2026-01-10 14:46:00.001 [scheduling-9] INFO  com.common.schedule.ETLOrchestrator - ETL任务开始执行，开始时间：2026-01-10 14:40:00,结束时间：2026-01-10 14:45:00
+2026-01-10 14:46:00.001 [scheduling-9] INFO  com.common.service.DataExtractor - 开始处理指定时间范围内访问日志数据，时间范围: 2026-01-10T14:40 - 2026-01-10T14:45
+2026-01-10 14:46:00.103 [scheduling-2] INFO  c.c.service.DeviceStatsUpdateService - 开始执行设备统计更新任务...
+2026-01-10 14:46:00.167 [scheduling-7] INFO  c.c.service.AccessLogAlertService - 加载了 1 个启用的算法配置
+2026-01-10 14:46:00.171 [scheduling-9] INFO  com.common.service.DataExtractor - 指定时间范围分组数据量: 0 组
+2026-01-10 14:46:00.171 [scheduling-9] INFO  com.common.service.DataExtractor - 没有需要处理的数据
+2026-01-10 14:46:00.171 [log-processor-5] INFO  c.c.service.AccessLogAlertService - 加载了 1 个启用的算法配置
+2026-01-10 14:46:00.171 [scheduling-9] INFO  com.common.service.DataExtractor - 开始处理告警类型指定时间范围内数据，时间范围: 2026-01-10T14:40 - 2026-01-10T14:45
+2026-01-10 14:46:00.256 [scheduling-9] INFO  com.common.service.DataExtractor - 指定时间范围分组数据量: 0 组
+2026-01-10 14:46:00.256 [scheduling-9] INFO  com.common.service.DataExtractor - 没有需要处理的数据
+2026-01-10 14:46:00.256 [scheduling-9] INFO  com.common.schedule.ETLOrchestrator - 定时ETL任务执行完成，耗时: 0 秒
+2026-01-10 14:46:00.279 [scheduling-2] INFO  c.c.service.DeviceStatsUpdateService - 设备统计更新完成，处理设备数：1，耗时：176ms
+2026-01-10 14:46:00.279 [scheduling-2] INFO  c.c.service.DeviceStatsUpdateService - 开始执行设备采集探针任务时间更新，时间: 2026-01-10T14:46:00.279
+2026-01-10 14:46:00.279 [scheduling-2] INFO  c.c.s.DeviceCollectTaskUpdateService - 开始批量更新设备采集任务时间，当前时间: 2026-01-10T14:46:00.279
+2026-01-10 14:46:00.394 [scheduling-8] WARN  c.c.s.i.DeviceReceiveLogServiceImpl - 删除时间点2026-01-08T14:46:00.001晚于默认保留时间2026-01-03T14:46:00.394，使用默认时间
+2026-01-10 14:46:00.407 [log-processor-5] INFO  c.c.service.AccessLogAlertService - 没有发现新的日志数据，上次处理时间: 2026-01-10T14:26:00.172
+2026-01-10 14:46:00.475 [scheduling-8] INFO  c.c.s.i.DeviceReceiveLogServiceImpl - 删除2026-01-03T14:46:00.394天前的日志，共删除0条
+2026-01-10 14:46:00.559 [scheduling-8] INFO  com.common.schedule.ETLOrchestrator - 定时清理任务完成，删除0条2天前的日志
+2026-01-10 14:46:00.630 [scheduling-7] INFO  c.c.service.AccessLogAlertService - 没有发现新的日志数据，上次处理时间: 2026-01-10T14:26:00.172
+2026-01-10 14:46:00.798 [scheduling-2] INFO  c.c.s.DeviceCollectTaskUpdateService - 批量更新完成，总计: 48，已更新: 1
+2026-01-10 14:46:00.798 [scheduling-2] INFO  c.c.service.DeviceStatsUpdateService - 设备采集探针任务时间更新完成，耗时: 519ms
+2026-01-10 14:46:57.053 [main] INFO  com.syslogApplication - Starting syslogApplication using Java 1.8.0_121 on LAPTOP-ARDUR3N0 with PID 29532 (E:\GIT_GOSAME\haobang-security-xdr\syslog-consumer\target\classes started by chenc in E:\GIT_GOSAME\haobang-security-xdr)
+2026-01-10 14:46:57.053 [background-preinit] INFO  o.h.validator.internal.util.Version - HV000001: Hibernate Validator 6.2.5.Final
+2026-01-10 14:46:57.058 [main] INFO  com.syslogApplication - No active profile set, falling back to 1 default profile: "default"
+2026-01-10 14:47:00.045 [main] INFO  o.s.d.r.c.RepositoryConfigurationDelegate - Multiple Spring Data modules found, entering strict repository configuration mode
+2026-01-10 14:47:00.045 [main] INFO  o.s.d.r.c.RepositoryConfigurationDelegate - Bootstrapping Spring Data Elasticsearch repositories in DEFAULT mode.
+2026-01-10 14:47:00.496 [main] INFO  o.s.d.r.c.RepositoryConfigurationDelegate - Finished Spring Data repository scanning in 444 ms. Found 1 Elasticsearch repository interfaces.
+2026-01-10 14:47:00.500 [main] INFO  o.s.d.r.c.RepositoryConfigurationDelegate - Multiple Spring Data modules found, entering strict repository configuration mode
+2026-01-10 14:47:00.500 [main] INFO  o.s.d.r.c.RepositoryConfigurationDelegate - Bootstrapping Spring Data Reactive Elasticsearch repositories in DEFAULT mode.
+2026-01-10 14:47:00.596 [main] INFO  o.s.d.r.c.RepositoryConfigurationExtensionSupport - Spring Data Reactive Elasticsearch - Could not safely identify store assignment for repository candidate interface com.common.service.AppLogRepository; If you want this repository to be a Reactive Elasticsearch repository, consider annotating your entities with one of these annotations: org.springframework.data.elasticsearch.annotations.Document (preferred), or consider extending one of the following types with your repository: org.springframework.data.elasticsearch.repository.ReactiveElasticsearchRepository
+2026-01-10 14:47:00.597 [main] INFO  o.s.d.r.c.RepositoryConfigurationDelegate - Finished Spring Data repository scanning in 93 ms. Found 0 Reactive Elasticsearch repository interfaces.
+2026-01-10 14:47:00.621 [main] INFO  o.s.d.r.c.RepositoryConfigurationDelegate - Multiple Spring Data modules found, entering strict repository configuration mode
+2026-01-10 14:47:00.623 [main] INFO  o.s.d.r.c.RepositoryConfigurationDelegate - Bootstrapping Spring Data Redis repositories in DEFAULT mode.
+2026-01-10 14:47:00.724 [main] INFO  o.s.d.r.c.RepositoryConfigurationExtensionSupport - Spring Data Redis - Could not safely identify store assignment for repository candidate interface com.common.service.AppLogRepository; If you want this repository to be a Redis repository, consider annotating your entities with one of these annotations: org.springframework.data.redis.core.RedisHash (preferred), or consider extending one of the following types with your repository: org.springframework.data.keyvalue.repository.KeyValueRepository
+2026-01-10 14:47:00.724 [main] INFO  o.s.d.r.c.RepositoryConfigurationDelegate - Finished Spring Data repository scanning in 94 ms. Found 0 Redis repository interfaces.
+2026-01-10 14:47:01.438 [main] INFO  o.s.b.w.e.tomcat.TomcatWebServer - Tomcat initialized with port(s): 8089 (http)
+2026-01-10 14:47:01.445 [main] INFO  o.a.coyote.http11.Http11NioProtocol - Initializing ProtocolHandler ["http-nio-8089"]
+2026-01-10 14:47:01.445 [main] INFO  o.a.catalina.core.StandardService - Starting service [Tomcat]
+2026-01-10 14:47:01.446 [main] INFO  o.a.catalina.core.StandardEngine - Starting Servlet engine: [Apache Tomcat/9.0.65]
+2026-01-10 14:47:01.674 [main] INFO  o.a.c.c.C.[.[.[/xdrservice] - Initializing Spring embedded WebApplicationContext
+2026-01-10 14:47:01.674 [main] INFO  o.s.b.w.s.c.ServletWebServerApplicationContext - Root WebApplicationContext: initialization completed in 4533 ms
+2026-01-10 14:47:01.728 [main] INFO  o.s.b.f.a.AutowiredAnnotationBeanPostProcessor - Autowired annotation is not supported on static fields: private static com.common.service.DmColumnService com.syslogApplication.dmColumnService
+2026-01-10 14:47:04.308 [main] INFO  com.influx.InfluxDBClient - InfluxDB connection successful: ready for queries and writes
+2026-01-10 14:47:04.626 [main] WARN  c.b.m.core.injector.AbstractMethod - [com.common.mapper.DeviceCollectTaskMapper.insert] Has been loaded by XML or SqlProvider or Mybatis's Annotation, so ignoring this injection for [class com.baomidou.mybatisplus.core.injector.methods.Insert]
+2026-01-10 14:47:04.642 [main] WARN  c.b.m.core.injector.AbstractMethod - [com.common.mapper.DeviceCollectTaskMapper.update] Has been loaded by XML or SqlProvider or Mybatis's Annotation, so ignoring this injection for [class com.baomidou.mybatisplus.core.injector.methods.Update]
+2026-01-10 14:47:04.665 [main] WARN  c.b.m.core.injector.AbstractMethod - [com.common.mapper.DeviceCollectTaskMapper.deleteById] Has been loaded by XML or SqlProvider or Mybatis's Annotation, so ignoring this injection for [class com.baomidou.mybatisplus.core.injector.methods.DeleteById]
+2026-01-10 14:47:04.682 [main] WARN  c.b.m.core.injector.AbstractMethod - [com.common.mapper.DeviceCollectTaskMapper.selectById] Has been loaded by XML or SqlProvider or Mybatis's Annotation, so ignoring this injection for [class com.baomidou.mybatisplus.core.injector.methods.SelectById]
+2026-01-10 14:47:04.730 [main] ERROR c.b.m.core.MybatisConfiguration - mapper[com.common.mapper.SecExceptionAlgorithmMapper.findById] is ignored, because it exists, maybe from xml file
+2026-01-10 14:47:09.423 [main] INFO  c.c.service.AccessLogAlertService - 初始化AccessLogAlertService，上次处理时间: 2026-01-10T14:45:09.423
+2026-01-10 14:47:09.448 [main] INFO  com.zaxxer.hikari.HikariDataSource - HikariPool-1 - Starting...
+2026-01-10 14:47:10.068 [main] INFO  com.zaxxer.hikari.HikariDataSource - HikariPool-1 - Start completed.
+2026-01-10 14:47:10.178 [main] INFO  c.c.service.AccessLogAlertService - 加载了 1 个启用的算法配置
+2026-01-10 14:47:11.197 [main] INFO  com.influx.InfluxDBClient - InfluxDB connection successful: ready for queries and writes
+2026-01-10 14:47:11.323 [main] INFO  com.common.util.MyBatisUtil - MyBatis 初始化成功
+2026-01-10 14:47:12.312 [main] INFO  org.quartz.impl.StdSchedulerFactory - Using default implementation for ThreadExecutor
+2026-01-10 14:47:12.320 [main] INFO  o.quartz.core.SchedulerSignalerImpl - Initialized Scheduler Signaller of type: class org.quartz.core.SchedulerSignalerImpl
+2026-01-10 14:47:12.320 [main] INFO  org.quartz.core.QuartzScheduler - Quartz Scheduler v.2.3.2 created.
+2026-01-10 14:47:12.320 [main] INFO  org.quartz.simpl.RAMJobStore - RAMJobStore initialized.
+2026-01-10 14:47:12.320 [main] INFO  org.quartz.core.QuartzScheduler - Scheduler meta-data: Quartz Scheduler (v2.3.2) 'quartzScheduler' with instanceId 'NON_CLUSTERED'
+  Scheduler class: 'org.quartz.core.QuartzScheduler' - running locally.
+  NOT STARTED.
+  Currently in standby mode.
+  Number of jobs executed: 0
+  Using thread pool 'org.quartz.simpl.SimpleThreadPool' - with 10 threads.
+  Using job-store 'org.quartz.simpl.RAMJobStore' - which does not support persistence. and is not clustered.
+
+2026-01-10 14:47:12.320 [main] INFO  org.quartz.impl.StdSchedulerFactory - Quartz scheduler 'quartzScheduler' initialized from an externally provided properties instance.
+2026-01-10 14:47:12.320 [main] INFO  org.quartz.impl.StdSchedulerFactory - Quartz scheduler version: 2.3.2
+2026-01-10 14:47:12.320 [main] INFO  org.quartz.core.QuartzScheduler - JobFactory set to: org.springframework.scheduling.quartz.SpringBeanJobFactory@481f2acb
+2026-01-10 14:47:12.481 [main] INFO  o.a.kafka.common.utils.AppInfoParser - Kafka version: 3.4.0
+2026-01-10 14:47:12.481 [main] INFO  o.a.kafka.common.utils.AppInfoParser - Kafka commitId: 2e1947d240607d53
+2026-01-10 14:47:12.481 [main] INFO  o.a.kafka.common.utils.AppInfoParser - Kafka startTimeMs: 1768027632481
+2026-01-10 14:47:12.500 [main] INFO  o.a.kafka.common.utils.AppInfoParser - Kafka version: 3.4.0
+2026-01-10 14:47:12.500 [main] INFO  o.a.kafka.common.utils.AppInfoParser - Kafka commitId: 2e1947d240607d53
+2026-01-10 14:47:12.500 [main] INFO  o.a.kafka.common.utils.AppInfoParser - Kafka startTimeMs: 1768027632500
+2026-01-10 14:47:12.502 [main] INFO  o.a.coyote.http11.Http11NioProtocol - Starting ProtocolHandler ["http-nio-8089"]
+2026-01-10 14:47:12.514 [main] INFO  o.s.b.w.e.tomcat.TomcatWebServer - Tomcat started on port(s): 8089 (http) with context path '/xdrservice'
+2026-01-10 14:47:12.514 [main] INFO  o.s.s.quartz.SchedulerFactoryBean - Starting Quartz Scheduler now
+2026-01-10 14:47:12.514 [main] INFO  org.quartz.core.QuartzScheduler - Scheduler quartzScheduler_$_NON_CLUSTERED started.
+2026-01-10 14:47:12.527 [main] INFO  com.syslogApplication - Started syslogApplication in 15.978 seconds (JVM running for 21.192)
+2026-01-10 14:47:27.968 [org.springframework.kafka.KafkaListenerEndpointContainer#0-1-C-1] INFO  o.s.k.l.KafkaMessageListenerContainer - test-group-app: partitions assigned: []
+2026-01-10 14:47:27.981 [org.springframework.kafka.KafkaListenerEndpointContainer#0-0-C-1] INFO  o.s.k.l.KafkaMessageListenerContainer - test-group-app: partitions assigned: [test-topic-0]
+2026-01-10 14:48:00.016 [scheduling-2] INFO  c.c.service.AccessLogAlertService - 开始执行访问日志告警处理任务
+2026-01-10 14:48:00.016 [log-processor-1] INFO  c.c.service.AccessLogAlertService - 开始执行访问日志告警处理任务
+2026-01-10 14:48:00.104 [scheduling-3] INFO  c.c.service.DeviceStatsUpdateService - 开始执行设备统计更新任务...
+2026-01-10 14:48:00.194 [log-processor-1] INFO  c.c.service.AccessLogAlertService - 加载了 1 个启用的算法配置
+2026-01-10 14:48:00.194 [scheduling-2] INFO  c.c.service.AccessLogAlertService - 加载了 1 个启用的算法配置
+2026-01-10 14:48:00.287 [scheduling-3] INFO  c.c.service.DeviceStatsUpdateService - 设备统计更新完成，处理设备数：1，耗时：183ms
+2026-01-10 14:48:00.287 [scheduling-3] INFO  c.c.service.DeviceStatsUpdateService - 开始执行设备采集探针任务时间更新，时间: 2026-01-10T14:48:00.287
+2026-01-10 14:48:00.290 [scheduling-3] INFO  c.c.s.DeviceCollectTaskUpdateService - 开始批量更新设备采集任务时间，当前时间: 2026-01-10T14:48:00.290
+2026-01-10 14:48:00.401 [scheduling-1] WARN  c.c.s.i.DeviceReceiveLogServiceImpl - 删除时间点2026-01-08T14:48:00.006晚于默认保留时间2026-01-03T14:48:00.401，使用默认时间
+2026-01-10 14:48:00.485 [scheduling-1] INFO  c.c.s.i.DeviceReceiveLogServiceImpl - 删除2026-01-03T14:48:00.401天前的日志，共删除0条
+2026-01-10 14:48:00.569 [scheduling-1] INFO  com.common.schedule.ETLOrchestrator - 定时清理任务完成，删除0条2天前的日志
+2026-01-10 14:48:00.666 [scheduling-2] INFO  c.c.service.AccessLogAlertService - 没有发现新的日志数据，上次处理时间: 2026-01-10T14:45:09.423
+2026-01-10 14:48:00.666 [log-processor-1] INFO  c.c.service.AccessLogAlertService - 没有发现新的日志数据，上次处理时间: 2026-01-10T14:45:09.423
+2026-01-10 14:48:00.797 [scheduling-3] INFO  c.c.s.DeviceCollectTaskUpdateService - 批量更新完成，总计: 48，已更新: 1
+2026-01-10 14:48:00.797 [scheduling-3] INFO  c.c.service.DeviceStatsUpdateService - 设备采集探针任务时间更新完成，耗时: 510ms
+2026-01-10 14:48:21.353 [http-nio-8089-exec-1] INFO  o.s.web.servlet.DispatcherServlet - Initializing Servlet 'dispatcherServlet'
+2026-01-10 14:48:21.356 [http-nio-8089-exec-1] INFO  o.s.web.servlet.DispatcherServlet - Completed initialization in 3 ms
+2026-01-10 14:48:21.557 [http-nio-8089-exec-1] INFO  com.controllers.SyslogPushController - 收到syslog发送请求: SyslogRequest{ip='192.168.0.103', port=514, logContent='<0> 2026-01-10T05:28:32+08:00 ubuntu log_forward[3419]: {"timestamp":"2026-01-10T05:28:32.806781+0800","flow_id":1671852309144385,"community_id":"uLeKRLkXu9m0D0DNn6wIg7CcdOs=","serial_num":"CJFBT92","origin":"eno4","xdr_log_type":"http","vxlan_vni":256,"src_ip":"172.16.121.137","src_port":51114,"dest_ip":"110.43.89.7","dest_port":80,"proto":"TCP","app_proto":"http","tcp_sequence":3553898360,"tcp_ack_sequence":3537707565,"ether":{"src_mac":"90:f1:b0:fb:81:a1","dest_mac":"a4:7b:2c:21:03:79"},"host":"rq.lbcct.cloud.duba.net","host_md5":"51cfa6d0981c8eb355a9b3af716da08d","uri":"/query?1767994112","uri_md5":"f28f2c62d0dd01c355caa05815d93d99","referer":"","method":"POST","protocol":"HTTP/1.1","status":200,"req_content_type":"application/x-www-form-urlencoded","request_headers":"host: rq.lbcct.cloud.duba.net\r\naccept: */*\r\ncontent-length: 85\r\ncontent-type: application/x-www-form-urlencoded\r\n","rsp_content_type":"text/plain","response_headers":"server: Tengine/1.5.2\r\ndate: Fri, 09 Jan 2026 21:28:32 GMT\r\ncontent-type: text/plain\r\nContent-Length: 54\r\nConnection: keep-alive\r\nContent-Tag: 1936292435\r\n"}', protocol='TCP', facility='USER', severity='INFO'}
+2026-01-10 14:48:21.558 [http-nio-8089-exec-1] INFO  com.common.service.SyslogService - 开始发送syslog消息: IP=192.168.0.103, Port=514
+2026-01-10 14:48:21.559 [http-nio-8089-exec-1] INFO  com.common.service.SyslogService - TCP Syslog消息发送成功: 192.168.0.103:514
+2026-01-10 14:48:21.559 [http-nio-8089-exec-1] INFO  com.controllers.SyslogPushController - Syslog消息发送成功: IP=192.168.0.103, Port=514
+2026-01-10 14:48:21.989 [org.springframework.kafka.KafkaListenerEndpointContainer#0-0-C-1] INFO  c.Modules.NormalData.SysLogProcessor - 开始处理批次消息，数量: 1
+2026-01-10 14:48:21.991 [log-processor-2] INFO  c.Modules.NormalData.SysLogProcessor - 收到syslogmessage：[receive_time=20260110144821572 device_id=248 device_name=开发环境设备-HOME vendor=HFish data_type=json device_collect_id=1]<0> 2026-01-10T05:28:32+08:00 ubuntu log_forward[3419]: {"timestamp":"2026-01-10T05:28:32.806781+0800","flow_id":1671852309144385,"community_id":"uLeKRLkXu9m0D0DNn6wIg7CcdOs=","serial_num":"CJFBT92","origin":"eno4","xdr_log_type":"http","vxlan_vni":256,"src_ip":"172.16.121.137","src_port":51114,"dest_ip":"110.43.89.7","dest_port":80,"proto":"TCP","app_proto":"http","tcp_sequence":3553898360,"tcp_ack_sequence":3537707565,"ether":{"src_mac":"90:f1:b0:fb:81:a1","dest_mac":"a4:7b:2c:21:03:79"},"host":"rq.lbcct.cloud.duba.net","host_md5":"51cfa6d0981c8eb355a9b3af716da08d","uri":"/query?1767994112","uri_md5":"f28f2c62d0dd01c355caa05815d93d99","referer":"","method":"POST","protocol":"HTTP/1.1","status":200,"req_content_type":"application/x-www-form-urlencoded","request_headers":"host: rq.lbcct.cloud.duba.net\r\naccept: */*\r\ncontent-length: 85\r\ncontent-type: application/x-www-form-urlencoded\r\n","rsp_content_type":"text/plain","response_headers":"server: Tengine/1.5.2\r\ndate: Fri, 09 Jan 2026 21:28:32 GMT\r\ncontent-type: text/plain\r\nContent-Length: 54\r\nConnection: keep-alive\r\nContent-Tag: 1936292435\r\n"}
+2026-01-10 14:48:27.681 [log-processor-2] WARN  c.c.service.LogDataFilterService - 泛化规则-数据过滤规则为空，默认不处理!
+2026-01-10 14:48:45.272 [org.springframework.kafka.KafkaListenerEndpointContainer#0-0-C-1] INFO  c.Modules.NormalData.SysLogProcessor - 批次处理完成，总数: 1
+2026-01-10 14:49:00.096 [scheduling-8] INFO  c.c.service.DeviceStatsUpdateService - 开始执行设备统计更新任务...
+2026-01-10 14:49:00.096 [scheduling-7] WARN  c.c.s.i.DeviceReceiveLogServiceImpl - 删除时间点2026-01-08T14:49:00.012晚于默认保留时间2026-01-03T14:49:00.096，使用默认时间
+2026-01-10 14:49:00.185 [scheduling-7] INFO  c.c.s.i.DeviceReceiveLogServiceImpl - 删除2026-01-03T14:49:00.096天前的日志，共删除0条
+2026-01-10 14:49:00.267 [scheduling-7] INFO  com.common.schedule.ETLOrchestrator - 定时清理任务完成，删除0条2天前的日志
+2026-01-10 14:49:00.283 [scheduling-8] INFO  c.c.service.DeviceStatsUpdateService - 设备统计更新完成，处理设备数：1，耗时：187ms
+2026-01-10 14:49:00.283 [scheduling-8] INFO  c.c.service.DeviceStatsUpdateService - 开始执行设备采集探针任务时间更新，时间: 2026-01-10T14:49:00.283
+2026-01-10 14:49:00.283 [scheduling-8] INFO  c.c.s.DeviceCollectTaskUpdateService - 开始批量更新设备采集任务时间，当前时间: 2026-01-10T14:49:00.283
+2026-01-10 14:49:00.813 [scheduling-8] INFO  c.c.s.DeviceCollectTaskUpdateService - 批量更新完成，总计: 48，已更新: 1
+2026-01-10 14:49:00.813 [scheduling-8] INFO  c.c.service.DeviceStatsUpdateService - 设备采集探针任务时间更新完成，耗时: 530ms
diff --git a/haobang-security-xdr/logs/syslog-serve.2026-01-09.log b/haobang-security-xdr/logs/syslog-serve.2026-01-09.log
new file mode 100644
index 0000000..2e734af
--- /dev/null
+++ b/haobang-security-xdr/logs/syslog-serve.2026-01-09.log
@@ -0,0 +1,132 @@
+2026-01-09 11:00:51.832 [main] INFO  com.SyslogServeMainApp - Starting SyslogServeMainApp using Java 1.8.0_121 on LAPTOP-ARDUR3N0 with PID 18748 (E:\GIT_GOSAME\haobang-security-xdr\syslog-serve\target\classes started by chenc in E:\GIT_GOSAME\haobang-security-xdr)
+2026-01-09 11:00:51.832 [background-preinit] INFO  o.h.validator.internal.util.Version - HV000001: Hibernate Validator 6.2.5.Final
+2026-01-09 11:00:51.840 [main] INFO  com.SyslogServeMainApp - No active profile set, falling back to 1 default profile: "default"
+2026-01-09 11:00:53.934 [main] INFO  o.s.d.r.c.RepositoryConfigurationDelegate - Multiple Spring Data modules found, entering strict repository configuration mode
+2026-01-09 11:00:53.938 [main] INFO  o.s.d.r.c.RepositoryConfigurationDelegate - Bootstrapping Spring Data Redis repositories in DEFAULT mode.
+2026-01-09 11:00:54.173 [main] INFO  o.s.d.r.c.RepositoryConfigurationDelegate - Finished Spring Data repository scanning in 220 ms. Found 0 Redis repository interfaces.
+2026-01-09 11:00:54.772 [main] INFO  o.s.b.w.e.tomcat.TomcatWebServer - Tomcat initialized with port(s): 8189 (http)
+2026-01-09 11:00:54.780 [main] INFO  o.a.coyote.http11.Http11NioProtocol - Initializing ProtocolHandler ["http-nio-8189"]
+2026-01-09 11:00:54.781 [main] INFO  o.a.catalina.core.StandardService - Starting service [Tomcat]
+2026-01-09 11:00:54.781 [main] INFO  o.a.catalina.core.StandardEngine - Starting Servlet engine: [Apache Tomcat/9.0.65]
+2026-01-09 11:00:55.055 [main] INFO  o.a.c.c.C.[.[.[/syslogserve] - Initializing Spring embedded WebApplicationContext
+2026-01-09 11:00:55.055 [main] INFO  o.s.b.w.s.c.ServletWebServerApplicationContext - Root WebApplicationContext: initialization completed in 3122 ms
+2026-01-09 11:01:00.030 [main] INFO  o.a.coyote.http11.Http11NioProtocol - Starting ProtocolHandler ["http-nio-8189"]
+2026-01-09 11:01:00.049 [main] INFO  o.s.b.w.e.tomcat.TomcatWebServer - Tomcat started on port(s): 8189 (http) with context path '/syslogserve'
+2026-01-09 11:01:00.062 [main] INFO  com.SyslogServeMainApp - Started SyslogServeMainApp in 8.727 seconds (JVM running for 13.906)
+2026-01-09 11:01:00.109 [main] INFO  com.SyslogServeMainApp - Application SyslogServer start !
+2026-01-09 11:01:00.109 [main] INFO  com.netty.SyslogServer - Starting Syslog server with TCP port 514 and UDP port 514
+2026-01-09 11:01:00.831 [pool-3-thread-2] INFO  com.netty.SyslogServer - TCP Syslog server started on port 514
+2026-01-09 11:01:00.832 [pool-3-thread-1] INFO  com.netty.SyslogServer - UDP Syslog server started on port 514
+2026-01-09 11:01:00.832 [main] INFO  com.netty.SyslogServer - Both TCP and UDP Syslog servers are running
+2026-01-09 11:01:49.047 [nioEventLoopGroup-5-1] INFO  com.netty.SyslogMessageHandler - Received syslog from 192.168.1.19:56244: <0> 2026-01-09T07:39:59+08:00 ubuntu log_forward[3419]: {"timestamp":"2026-01-09T07:39:59.845554+0800","flow_id":1102849895591141,"community_id":"aT54c1tW1hhcT3lcsk2zR5FrSPQ=","serial_num":"CJFBT92","origin":"eno4","xdr_log_type":"http","vxlan_vni":256,"src_ip":"172.16.121.137","src_port":58657,"dest_ip":"112.34.111.149","dest_port":80,"proto":"TCP","app_proto":"http","tcp_sequence":4101951934,"tcp_ack_sequence":1757098085,"ether":{},"uri":"","referer":"","method":"\u0015\u0000\u0000\u0001\u0000\u0001\u0000\\x94\\x93p\\xfb\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000","protocol":"","req_content_type":"","request_headers":"\u0015  \r\n","rsp_content_type":"","response_headers":""}
+2026-01-09 11:01:51.280 [nioEventLoopGroup-5-1] ERROR com.netty.SyslogMessageHandler - Exception in channel handler
+org.springframework.data.redis.RedisConnectionFailureException: Unable to connect to Redis; nested exception is io.lettuce.core.RedisConnectionException: Unable to connect to localhost:6379
+	at org.springframework.data.redis.connection.lettuce.LettuceConnectionFactory$ExceptionTranslatingConnectionProvider.translateException(LettuceConnectionFactory.java:1689)
+	at org.springframework.data.redis.connection.lettuce.LettuceConnectionFactory$ExceptionTranslatingConnectionProvider.getConnection(LettuceConnectionFactory.java:1597)
+	at org.springframework.data.redis.connection.lettuce.LettuceConnectionFactory$SharedConnection.getNativeConnection(LettuceConnectionFactory.java:1383)
+	at org.springframework.data.redis.connection.lettuce.LettuceConnectionFactory$SharedConnection.getConnection(LettuceConnectionFactory.java:1366)
+	at org.springframework.data.redis.connection.lettuce.LettuceConnectionFactory.getSharedConnection(LettuceConnectionFactory.java:1093)
+	at org.springframework.data.redis.connection.lettuce.LettuceConnectionFactory.getConnection(LettuceConnectionFactory.java:421)
+	at org.springframework.data.redis.cache.DefaultRedisCacheWriter.execute(DefaultRedisCacheWriter.java:304)
+	at org.springframework.data.redis.cache.DefaultRedisCacheWriter.get(DefaultRedisCacheWriter.java:130)
+	at org.springframework.data.redis.cache.RedisCache.lookup(RedisCache.java:89)
+	at org.springframework.cache.support.AbstractValueAdaptingCache.get(AbstractValueAdaptingCache.java:58)
+	at org.springframework.cache.transaction.TransactionAwareCacheDecorator.get(TransactionAwareCacheDecorator.java:80)
+	at org.springframework.cache.interceptor.AbstractCacheInvoker.doGet(AbstractCacheInvoker.java:73)
+	at org.springframework.cache.interceptor.CacheAspectSupport.findInCaches(CacheAspectSupport.java:571)
+	at org.springframework.cache.interceptor.CacheAspectSupport.findCachedItem(CacheAspectSupport.java:536)
+	at org.springframework.cache.interceptor.CacheAspectSupport.execute(CacheAspectSupport.java:402)
+	at org.springframework.cache.interceptor.CacheAspectSupport.execute(CacheAspectSupport.java:345)
+	at org.springframework.cache.interceptor.CacheInterceptor.invoke(CacheInterceptor.java:64)
+	at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:186)
+	at org.springframework.aop.framework.CglibAopProxy$CglibMethodInvocation.proceed(CglibAopProxy.java:763)
+	at org.springframework.aop.framework.CglibAopProxy$DynamicAdvisedInterceptor.intercept(CglibAopProxy.java:708)
+	at com.common.service.impl.DeviceDeviceServiceImpl$$EnhancerBySpringCGLIB$$bac109c0.getByIpSafely(<generated>)
+	at com.Modules.Device.DeviceProcess.<init>(DeviceProcess.java:49)
+	at com.netty.SyslogMessageHandler.channelRead0(SyslogMessageHandler.java:47)
+	at io.netty.channel.SimpleChannelInboundHandler.channelRead(SimpleChannelInboundHandler.java:99)
+	at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:444)
+	at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:420)
+	at io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:412)
+	at io.netty.handler.codec.MessageToMessageDecoder.channelRead(MessageToMessageDecoder.java:103)
+	at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:444)
+	at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:420)
+	at io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:412)
+	at io.netty.handler.codec.ByteToMessageDecoder.fireChannelRead(ByteToMessageDecoder.java:346)
+	at io.netty.handler.codec.ByteToMessageDecoder.channelRead(ByteToMessageDecoder.java:318)
+	at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:444)
+	at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:420)
+	at io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:412)
+	at io.netty.channel.DefaultChannelPipeline$HeadContext.channelRead(DefaultChannelPipeline.java:1410)
+	at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:440)
+	at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:420)
+	at io.netty.channel.DefaultChannelPipeline.fireChannelRead(DefaultChannelPipeline.java:919)
+	at io.netty.channel.nio.AbstractNioByteChannel$NioByteUnsafe.read(AbstractNioByteChannel.java:166)
+	at io.netty.channel.nio.NioEventLoop.processSelectedKey(NioEventLoop.java:788)
+	at io.netty.channel.nio.NioEventLoop.processSelectedKeysOptimized(NioEventLoop.java:724)
+	at io.netty.channel.nio.NioEventLoop.processSelectedKeys(NioEventLoop.java:650)
+	at io.netty.channel.nio.NioEventLoop.run(NioEventLoop.java:562)
+	at io.netty.util.concurrent.SingleThreadEventExecutor$4.run(SingleThreadEventExecutor.java:997)
+	at io.netty.util.internal.ThreadExecutorMap$2.run(ThreadExecutorMap.java:74)
+	at io.netty.util.concurrent.FastThreadLocalRunnable.run(FastThreadLocalRunnable.java:30)
+	at java.lang.Thread.run(Thread.java:745)
+Caused by: io.lettuce.core.RedisConnectionException: Unable to connect to localhost:6379
+	at io.lettuce.core.RedisConnectionException.create(RedisConnectionException.java:78)
+	at io.lettuce.core.RedisConnectionException.create(RedisConnectionException.java:56)
+	at io.lettuce.core.AbstractRedisClient.getConnection(AbstractRedisClient.java:330)
+	at io.lettuce.core.RedisClient.connect(RedisClient.java:216)
+	at org.springframework.data.redis.connection.lettuce.StandaloneConnectionProvider.lambda$getConnection$1(StandaloneConnectionProvider.java:115)
+	at java.util.Optional.orElseGet(Optional.java:267)
+	at org.springframework.data.redis.connection.lettuce.StandaloneConnectionProvider.getConnection(StandaloneConnectionProvider.java:115)
+	at org.springframework.data.redis.connection.lettuce.LettuceConnectionFactory$ExceptionTranslatingConnectionProvider.getConnection(LettuceConnectionFactory.java:1595)
+	... 47 common frames omitted
+Caused by: java.nio.channels.ClosedChannelException: null
+	at io.netty.channel.nio.AbstractNioChannel.doClose(AbstractNioChannel.java:502)
+	at io.netty.channel.socket.nio.NioSocketChannel.doClose(NioSocketChannel.java:349)
+	at io.netty.channel.AbstractChannel$AbstractUnsafe.doClose0(AbstractChannel.java:754)
+	at io.netty.channel.AbstractChannel$AbstractUnsafe.close(AbstractChannel.java:731)
+	at io.netty.channel.AbstractChannel$AbstractUnsafe.close(AbstractChannel.java:620)
+	at io.netty.channel.DefaultChannelPipeline$HeadContext.close(DefaultChannelPipeline.java:1352)
+	at io.netty.channel.AbstractChannelHandlerContext.invokeClose(AbstractChannelHandlerContext.java:749)
+	at io.netty.channel.AbstractChannelHandlerContext.access$1200(AbstractChannelHandlerContext.java:61)
+	at io.netty.channel.AbstractChannelHandlerContext$11.run(AbstractChannelHandlerContext.java:732)
+	at io.netty.util.concurrent.AbstractEventExecutor.runTask(AbstractEventExecutor.java:174)
+	at io.netty.util.concurrent.AbstractEventExecutor.safeExecute(AbstractEventExecutor.java:167)
+	at io.netty.util.concurrent.SingleThreadEventExecutor.runAllTasks(SingleThreadEventExecutor.java:470)
+	at io.netty.channel.nio.NioEventLoop.run(NioEventLoop.java:569)
+	... 4 common frames omitted
+2026-01-09 11:29:32.247 [nioEventLoopGroup-5-2] INFO  com.netty.SyslogMessageHandler - Received syslog from 192.168.1.19:54671: <0> 2026-01-09T07:39:59+08:00 ubuntu log_forward[3419]: {"timestamp":"2026-01-09T07:39:59.845554+0800","flow_id":1102849895591141,"community_id":"aT54c1tW1hhcT3lcsk2zR5FrSPQ=","serial_num":"CJFBT92","origin":"eno4","xdr_log_type":"http","vxlan_vni":256,"src_ip":"172.16.121.137","src_port":58657,"dest_ip":"112.34.111.149","dest_port":80,"proto":"TCP","app_proto":"http","tcp_sequence":4101951934,"tcp_ack_sequence":1757098085,"ether":{},"uri":"","referer":"","method":"\u0015\u0000\u0000\u0001\u0000\u0001\u0000\\x94\\x93p\\xfb\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000","protocol":"","req_content_type":"","request_headers":"\u0015  \r\n","rsp_content_type":"","response_headers":""}
+2026-01-09 11:29:32.384 [nioEventLoopGroup-5-2] INFO  com.zaxxer.hikari.HikariDataSource - HikariPool-1 - Starting...
+2026-01-09 11:29:33.051 [nioEventLoopGroup-5-2] INFO  com.zaxxer.hikari.HikariDataSource - HikariPool-1 - Start completed.
+2026-01-09 11:38:58.872 [nioEventLoopGroup-5-3] INFO  com.netty.SyslogMessageHandler - Received syslog from 192.168.1.19:52850: <0> 2026-01-09T07:39:59+08:00 ubuntu log_forward[3419]: {"timestamp":"2026-01-09T07:39:59.845554+0800","flow_id":1102849895591141,"community_id":"aT54c1tW1hhcT3lcsk2zR5FrSPQ=","serial_num":"CJFBT92","origin":"eno4","xdr_log_type":"http","vxlan_vni":256,"src_ip":"172.16.121.137","src_port":58657,"dest_ip":"112.34.111.149","dest_port":80,"proto":"TCP","app_proto":"http","tcp_sequence":4101951934,"tcp_ack_sequence":1757098085,"ether":{},"uri":"","referer":"","method":"\u0015\u0000\u0000\u0001\u0000\u0001\u0000\\x94\\x93p\\xfb\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000","protocol":"","req_content_type":"","request_headers":"\u0015  \r\n","rsp_content_type":"","response_headers":""}
+2026-01-09 11:47:57.824 [nioEventLoopGroup-5-4] INFO  com.netty.SyslogMessageHandler - Received syslog from 192.168.1.19:57928: <0> 2026-01-09T07:39:59+08:00 ubuntu log_forward[3419]: {"timestamp":"2026-01-09T07:39:59.845554+0800","flow_id":1102849895591141,"community_id":"aT54c1tW1hhcT3lcsk2zR5FrSPQ=","serial_num":"CJFBT92","origin":"eno4","xdr_log_type":"http","vxlan_vni":256,"src_ip":"172.16.121.137","src_port":58657,"dest_ip":"112.34.111.149","dest_port":80,"proto":"TCP","app_proto":"http","tcp_sequence":4101951934,"tcp_ack_sequence":1757098085,"ether":{},"uri":"","referer":"","method":"\u0015\u0000\u0000\u0001\u0000\u0001\u0000\\x94\\x93p\\xfb\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000","protocol":"","req_content_type":"","request_headers":"\u0015  \r\n","rsp_content_type":"","response_headers":""}
+2026-01-09 15:27:55.550 [nioEventLoopGroup-5-5] INFO  com.netty.SyslogMessageHandler - Received syslog from 192.168.1.19:55192: <0> 2026-01-09T07:39:59+08:00 ubuntu log_forward[3419]: {"timestamp":"2026-01-09T07:39:59.845554+0800","flow_id":1102849895591141,"community_id":"aT54c1tW1hhcT3lcsk2zR5FrSPQ=","serial_num":"CJFBT92","origin":"eno4","xdr_log_type":"http","vxlan_vni":256,"src_ip":"172.16.121.137","src_port":58657,"dest_ip":"112.34.111.149","dest_port":80,"proto":"TCP","app_proto":"http","tcp_sequence":4101951934,"tcp_ack_sequence":1757098085,"ether":{},"uri":"","referer":"","method":"\u0015\u0000\u0000\u0001\u0000\u0001\u0000\\x94\\x93p\\xfb\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000","protocol":"","req_content_type":"","request_headers":"\u0015  \r\n","rsp_content_type":"","response_headers":""}
+2026-01-09 15:36:44.239 [nioEventLoopGroup-5-6] INFO  com.netty.SyslogMessageHandler - Received syslog from 192.168.1.19:49951: <0> 2026-01-09T07:39:59+08:00 ubuntu log_forward[3419]: {"timestamp":"2026-01-09T07:39:59.845554+0800","flow_id":1102849895591141,"community_id":"aT54c1tW1hhcT3lcsk2zR5FrSPQ=","serial_num":"CJFBT92","origin":"eno4","xdr_log_type":"http","vxlan_vni":256,"src_ip":"172.16.121.137","src_port":58657,"dest_ip":"112.34.111.149","dest_port":80,"proto":"TCP","app_proto":"http","tcp_sequence":4101951934,"tcp_ack_sequence":1757098085,"ether":{},"uri":"","referer":"","method":"\u0015\u0000\u0000\u0001\u0000\u0001\u0000\\x94\\x93p\\xfb\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000","protocol":"","req_content_type":"","request_headers":"\u0015  \r\n","rsp_content_type":"","response_headers":""}
+2026-01-09 15:57:14.712 [HikariPool-1 housekeeper] WARN  com.zaxxer.hikari.pool.HikariPool - HikariPool-1 - Thread starvation or clock leap detected (housekeeper delta=5m37s501ms654µs800ns).
+2026-01-09 17:25:52.192 [nioEventLoopGroup-5-7] INFO  com.netty.SyslogMessageHandler - Received syslog from 192.168.1.19:52890: <0> 2026-01-09T17:09:15+08:00 ubuntu log_forward[3419]: {"timestamp":"2026-01-09T17:09:15.160715+0800","flow_id":1198350732579968,"community_id":"q1DYMZcSdDgmfpAj9ozxmTzKNbY=","serial_num":"CJFBT92","origin":"eno4","xdr_log_type":"http","vxlan_vni":256,"src_ip":"172.16.121.137","src_port":41736,"dest_ip":"120.232.164.162","dest_port":80,"proto":"TCP","app_proto":"http","tcp_sequence":3497657839,"tcp_ack_sequence":95825740,"ether":{"src_mac":"90:f1:b0:fb:81:a1","dest_mac":"a4:7b:2c:21:03:79"},"host":"pull-hs-f5.flive.douyincdn.com","host_md5":"2b821a78621370fb0703c0c8076651ee","uri":"/thirdgame/stream-118644793116984074.flv?arch_hrchy=w1&enfpresource=2&exp_hrchy=w1&expire=1768553531&major_anchor_level=common&mtu_probe=false&protocol_stack=rust&rtm_sei_bypass=1&rtm_sstream_tag=fcdn_v3&sign=708e6204542769e1be14e825a3075aac&t_id=037-20260109165209EC0131706463F07583DF-WnNoS5&unique_id=stream-118644793116984074_778_flv&volcSecret=708e6204542769e1be14e825a3075aac&volcTime=1768553531&edgeup=v1&pt=v4&ptag=v4&_session_id=037-20260109165209EC0131706463F07583DF-WnNoS5.1767949754287.-940398464&abr_pts=-2100","uri_md5":"7dfeefd12fae0a1654ba0cd0a980789e","agent":"LiveIO_ANDROID","referer":"","method":"GET","protocol":"HTTP/1.1","status":302,"req_content_type":"","request_headers":"user-agent: LiveIO_ANDROID\r\naccept: */*\r\nconnection: Close\r\nhost: pull-hs-f5.flive.douyincdn.com\r\n","rsp_content_type":"video/x-flv","response_headers":"access-control-allow-methods: GET,POST,OPTIONS\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: X-Server-Ip\r\ncache-control: no-cache\r\nconnection: close\r\ncontent-type: video/x-flv\r\nLocation: http://39.175.244.72/thirdgame/stream-118644793116984074.flv?302_type=extreme_cold_aggr&302_type_code=04&_session_id=037-20260109165209EC0131706463F07583DF-WnNoS5.1767949754287.-940398464&abr_pts=-2100&align_delay=10&arch_hrchy=w1&domain=pull-hs-f5.flive.douyincdn.com&edgeup=v1&enable_pts_align=1&enfpresource=2&exp_hrchy=w1&expire=1768553531&fp_user_url=http%3A%2F%2Fpull-hs-f5.flive.douyincdn.com%2Fthirdgame%2Fstream-118644793116984074.flv%3Farch_hrchy%3Dw1%26enfpresource%3D2%26exp_hrchy%3Dw1%26expire%3D1768553531%26major_anchor_level%3Dcommon%26mtu_probe%3Dfalse%26protocol_stack%3Drust%26rtm_sei_bypass%3D1%26rtm_sstream_tag%3Dfcdn_v3%26sign%3D708e6204542769e1be14e825a3075aac%26t_id%3D037-20260109165209EC0131706463F07583DF-WnNoS5%26unique_id%3Dstream-118644793116984074_778_flv%26volcSecret%3D708e6204542769e1be14e825a3075aac%26volcTime%3D1768553531%26edgeup%3Dv1%26pt%3Dv4%26ptag%3Dv4%26_session_id%3D037-20260109165209EC0131706463F07583DF-WnNoS5.1767949754287.-940398464%26abr_pts%3D-2100&hls_redirect_domain=bytefcdnrd.com&major_anchor_level=common&manage_ip=&mtu_probe=false&node_id=&pro_type=http&protocol_stack=rust&pt=v4&ptag=v4&redirect_from=pod.cn-6pz3yu.lvdb.nss&redirect_to=fc.cn-cn2316g2&redirect_to_ip=39.175.244.72&rtm_sei_bypass=1&rtm_sstream_tag=fcdn_v3&sign=708e6204542769e1be14e825a3075aac&t_id=037-20260109165209EC0131706463F07583DF-WnNoS5&unique_id=stream-118644793116984074_778_flv&vhost=push-rtmp-hs-f5.douyincdn.com&volcSecret=708e6204542769e1be14e825a3075aac&volcTime=1768553531\r\nServer: Bytedance NSS\r\nTiming-Allow-Origin: *\r\nVia: n120-232-164-132\r\nX-Cache-Status: Miss\r\nX-Client-Ip: 120.230.79.196\r\nX-Has-Token: 917220198\r\nX-Response-Timecost: {\"time_to_source\":-1,\"total_time\":-1}\r\nX-Server-Ip: 120.232.164.132\r\n"}
+2026-01-09 18:01:54.416 [nioEventLoopGroup-5-8] INFO  com.netty.SyslogMessageHandler - Received syslog from 192.168.1.19:51626: <0> 2026-01-09T17:09:15+08:00 ubuntu log_forward[3419]: {"timestamp":"2026-01-09T17:09:15.160715+0800","flow_id":1198350732579968,"community_id":"q1DYMZcSdDgmfpAj9ozxmTzKNbY=","serial_num":"CJFBT92","origin":"eno4","xdr_log_type":"http","vxlan_vni":256,"src_ip":"172.16.121.137","src_port":41736,"dest_ip":"120.232.164.162","dest_port":80,"proto":"TCP","app_proto":"http","tcp_sequence":3497657839,"tcp_ack_sequence":95825740,"ether":{"src_mac":"90:f1:b0:fb:81:a1","dest_mac":"a4:7b:2c:21:03:79"},"host":"pull-hs-f5.flive.douyincdn.com","host_md5":"2b821a78621370fb0703c0c8076651ee","uri":"/thirdgame/stream-118644793116984074.flv?arch_hrchy=w1&enfpresource=2&exp_hrchy=w1&expire=1768553531&major_anchor_level=common&mtu_probe=false&protocol_stack=rust&rtm_sei_bypass=1&rtm_sstream_tag=fcdn_v3&sign=708e6204542769e1be14e825a3075aac&t_id=037-20260109165209EC0131706463F07583DF-WnNoS5&unique_id=stream-118644793116984074_778_flv&volcSecret=708e6204542769e1be14e825a3075aac&volcTime=1768553531&edgeup=v1&pt=v4&ptag=v4&_session_id=037-20260109165209EC0131706463F07583DF-WnNoS5.1767949754287.-940398464&abr_pts=-2100","uri_md5":"7dfeefd12fae0a1654ba0cd0a980789e","agent":"LiveIO_ANDROID","referer":"","method":"GET","protocol":"HTTP/1.1","status":302,"req_content_type":"","request_headers":"user-agent: LiveIO_ANDROID\r\naccept: */*\r\nconnection: Close\r\nhost: pull-hs-f5.flive.douyincdn.com\r\n","rsp_content_type":"video/x-flv","response_headers":"access-control-allow-methods: GET,POST,OPTIONS\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: X-Server-Ip\r\ncache-control: no-cache\r\nconnection: close\r\ncontent-type: video/x-flv\r\nLocation: http://39.175.244.72/thirdgame/stream-118644793116984074.flv?302_type=extreme_cold_aggr&302_type_code=04&_session_id=037-20260109165209EC0131706463F07583DF-WnNoS5.1767949754287.-940398464&abr_pts=-2100&align_delay=10&arch_hrchy=w1&domain=pull-hs-f5.flive.douyincdn.com&edgeup=v1&enable_pts_align=1&enfpresource=2&exp_hrchy=w1&expire=1768553531&fp_user_url=http%3A%2F%2Fpull-hs-f5.flive.douyincdn.com%2Fthirdgame%2Fstream-118644793116984074.flv%3Farch_hrchy%3Dw1%26enfpresource%3D2%26exp_hrchy%3Dw1%26expire%3D1768553531%26major_anchor_level%3Dcommon%26mtu_probe%3Dfalse%26protocol_stack%3Drust%26rtm_sei_bypass%3D1%26rtm_sstream_tag%3Dfcdn_v3%26sign%3D708e6204542769e1be14e825a3075aac%26t_id%3D037-20260109165209EC0131706463F07583DF-WnNoS5%26unique_id%3Dstream-118644793116984074_778_flv%26volcSecret%3D708e6204542769e1be14e825a3075aac%26volcTime%3D1768553531%26edgeup%3Dv1%26pt%3Dv4%26ptag%3Dv4%26_session_id%3D037-20260109165209EC0131706463F07583DF-WnNoS5.1767949754287.-940398464%26abr_pts%3D-2100&hls_redirect_domain=bytefcdnrd.com&major_anchor_level=common&manage_ip=&mtu_probe=false&node_id=&pro_type=http&protocol_stack=rust&pt=v4&ptag=v4&redirect_from=pod.cn-6pz3yu.lvdb.nss&redirect_to=fc.cn-cn2316g2&redirect_to_ip=39.175.244.72&rtm_sei_bypass=1&rtm_sstream_tag=fcdn_v3&sign=708e6204542769e1be14e825a3075aac&t_id=037-20260109165209EC0131706463F07583DF-WnNoS5&unique_id=stream-118644793116984074_778_flv&vhost=push-rtmp-hs-f5.douyincdn.com&volcSecret=708e6204542769e1be14e825a3075aac&volcTime=1768553531\r\nServer: Bytedance NSS\r\nTiming-Allow-Origin: *\r\nVia: n120-232-164-132\r\nX-Cache-Status: Miss\r\nX-Client-Ip: 120.230.79.196\r\nX-Has-Token: 917220198\r\nX-Response-Timecost: {\"time_to_source\":-1,\"total_time\":-1}\r\nX-Server-Ip: 120.232.164.132\r\n"}
+2026-01-09 18:10:56.132 [nioEventLoopGroup-5-9] INFO  com.netty.SyslogMessageHandler - Received syslog from 192.168.1.19:63324: <0> 2026-01-09T17:09:15+08:00 ubuntu log_forward[3419]: {"timestamp":"2026-01-09T17:09:15.160715+0800","flow_id":1198350732579968,"community_id":"q1DYMZcSdDgmfpAj9ozxmTzKNbY=","serial_num":"CJFBT92","origin":"eno4","xdr_log_type":"http","vxlan_vni":256,"src_ip":"172.16.121.137","src_port":41736,"dest_ip":"120.232.164.162","dest_port":80,"proto":"TCP","app_proto":"http","tcp_sequence":3497657839,"tcp_ack_sequence":95825740,"ether":{"src_mac":"90:f1:b0:fb:81:a1","dest_mac":"a4:7b:2c:21:03:79"},"host":"pull-hs-f5.flive.douyincdn.com","host_md5":"2b821a78621370fb0703c0c8076651ee","uri":"/thirdgame/stream-118644793116984074.flv?arch_hrchy=w1&enfpresource=2&exp_hrchy=w1&expire=1768553531&major_anchor_level=common&mtu_probe=false&protocol_stack=rust&rtm_sei_bypass=1&rtm_sstream_tag=fcdn_v3&sign=708e6204542769e1be14e825a3075aac&t_id=037-20260109165209EC0131706463F07583DF-WnNoS5&unique_id=stream-118644793116984074_778_flv&volcSecret=708e6204542769e1be14e825a3075aac&volcTime=1768553531&edgeup=v1&pt=v4&ptag=v4&_session_id=037-20260109165209EC0131706463F07583DF-WnNoS5.1767949754287.-940398464&abr_pts=-2100","uri_md5":"7dfeefd12fae0a1654ba0cd0a980789e","agent":"LiveIO_ANDROID","referer":"","method":"GET","protocol":"HTTP/1.1","status":302,"req_content_type":"","request_headers":"user-agent: LiveIO_ANDROID\r\naccept: */*\r\nconnection: Close\r\nhost: pull-hs-f5.flive.douyincdn.com\r\n","rsp_content_type":"video/x-flv","response_headers":"access-control-allow-methods: GET,POST,OPTIONS\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: X-Server-Ip\r\ncache-control: no-cache\r\nconnection: close\r\ncontent-type: video/x-flv\r\nLocation: http://39.175.244.72/thirdgame/stream-118644793116984074.flv?302_type=extreme_cold_aggr&302_type_code=04&_session_id=037-20260109165209EC0131706463F07583DF-WnNoS5.1767949754287.-940398464&abr_pts=-2100&align_delay=10&arch_hrchy=w1&domain=pull-hs-f5.flive.douyincdn.com&edgeup=v1&enable_pts_align=1&enfpresource=2&exp_hrchy=w1&expire=1768553531&fp_user_url=http%3A%2F%2Fpull-hs-f5.flive.douyincdn.com%2Fthirdgame%2Fstream-118644793116984074.flv%3Farch_hrchy%3Dw1%26enfpresource%3D2%26exp_hrchy%3Dw1%26expire%3D1768553531%26major_anchor_level%3Dcommon%26mtu_probe%3Dfalse%26protocol_stack%3Drust%26rtm_sei_bypass%3D1%26rtm_sstream_tag%3Dfcdn_v3%26sign%3D708e6204542769e1be14e825a3075aac%26t_id%3D037-20260109165209EC0131706463F07583DF-WnNoS5%26unique_id%3Dstream-118644793116984074_778_flv%26volcSecret%3D708e6204542769e1be14e825a3075aac%26volcTime%3D1768553531%26edgeup%3Dv1%26pt%3Dv4%26ptag%3Dv4%26_session_id%3D037-20260109165209EC0131706463F07583DF-WnNoS5.1767949754287.-940398464%26abr_pts%3D-2100&hls_redirect_domain=bytefcdnrd.com&major_anchor_level=common&manage_ip=&mtu_probe=false&node_id=&pro_type=http&protocol_stack=rust&pt=v4&ptag=v4&redirect_from=pod.cn-6pz3yu.lvdb.nss&redirect_to=fc.cn-cn2316g2&redirect_to_ip=39.175.244.72&rtm_sei_bypass=1&rtm_sstream_tag=fcdn_v3&sign=708e6204542769e1be14e825a3075aac&t_id=037-20260109165209EC0131706463F07583DF-WnNoS5&unique_id=stream-118644793116984074_778_flv&vhost=push-rtmp-hs-f5.douyincdn.com&volcSecret=708e6204542769e1be14e825a3075aac&volcTime=1768553531\r\nServer: Bytedance NSS\r\nTiming-Allow-Origin: *\r\nVia: n120-232-164-132\r\nX-Cache-Status: Miss\r\nX-Client-Ip: 120.230.79.196\r\nX-Has-Token: 917220198\r\nX-Response-Timecost: {\"time_to_source\":-1,\"total_time\":-1}\r\nX-Server-Ip: 120.232.164.132\r\n"}
+2026-01-09 18:17:37.914 [nioEventLoopGroup-5-10] INFO  com.netty.SyslogMessageHandler - Received syslog from 192.168.1.19:64167: <0> 2026-01-09T17:09:15+08:00 ubuntu log_forward[3419]: {"timestamp":"2026-01-09T17:09:15.160715+0800","flow_id":1198350732579968,"community_id":"q1DYMZcSdDgmfpAj9ozxmTzKNbY=","serial_num":"CJFBT92","origin":"eno4","xdr_log_type":"http","vxlan_vni":256,"src_ip":"172.16.121.137","src_port":41736,"dest_ip":"120.232.164.162","dest_port":80,"proto":"TCP","app_proto":"http","tcp_sequence":3497657839,"tcp_ack_sequence":95825740,"ether":{"src_mac":"90:f1:b0:fb:81:a1","dest_mac":"a4:7b:2c:21:03:79"},"host":"pull-hs-f5.flive.douyincdn.com","host_md5":"2b821a78621370fb0703c0c8076651ee","uri":"/thirdgame/stream-118644793116984074.flv?arch_hrchy=w1&enfpresource=2&exp_hrchy=w1&expire=1768553531&major_anchor_level=common&mtu_probe=false&protocol_stack=rust&rtm_sei_bypass=1&rtm_sstream_tag=fcdn_v3&sign=708e6204542769e1be14e825a3075aac&t_id=037-20260109165209EC0131706463F07583DF-WnNoS5&unique_id=stream-118644793116984074_778_flv&volcSecret=708e6204542769e1be14e825a3075aac&volcTime=1768553531&edgeup=v1&pt=v4&ptag=v4&_session_id=037-20260109165209EC0131706463F07583DF-WnNoS5.1767949754287.-940398464&abr_pts=-2100","uri_md5":"7dfeefd12fae0a1654ba0cd0a980789e","agent":"LiveIO_ANDROID","referer":"","method":"GET","protocol":"HTTP/1.1","status":302,"req_content_type":"","request_headers":"user-agent: LiveIO_ANDROID\r\naccept: */*\r\nconnection: Close\r\nhost: pull-hs-f5.flive.douyincdn.com\r\n","rsp_content_type":"video/x-flv","response_headers":"access-control-allow-methods: GET,POST,OPTIONS\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: X-Server-Ip\r\ncache-control: no-cache\r\nconnection: close\r\ncontent-type: video/x-flv\r\nLocation: http://39.175.244.72/thirdgame/stream-118644793116984074.flv?302_type=extreme_cold_aggr&302_type_code=04&_session_id=037-20260109165209EC0131706463F07583DF-WnNoS5.1767949754287.-940398464&abr_pts=-2100&align_delay=10&arch_hrchy=w1&domain=pull-hs-f5.flive.douyincdn.com&edgeup=v1&enable_pts_align=1&enfpresource=2&exp_hrchy=w1&expire=1768553531&fp_user_url=http%3A%2F%2Fpull-hs-f5.flive.douyincdn.com%2Fthirdgame%2Fstream-118644793116984074.flv%3Farch_hrchy%3Dw1%26enfpresource%3D2%26exp_hrchy%3Dw1%26expire%3D1768553531%26major_anchor_level%3Dcommon%26mtu_probe%3Dfalse%26protocol_stack%3Drust%26rtm_sei_bypass%3D1%26rtm_sstream_tag%3Dfcdn_v3%26sign%3D708e6204542769e1be14e825a3075aac%26t_id%3D037-20260109165209EC0131706463F07583DF-WnNoS5%26unique_id%3Dstream-118644793116984074_778_flv%26volcSecret%3D708e6204542769e1be14e825a3075aac%26volcTime%3D1768553531%26edgeup%3Dv1%26pt%3Dv4%26ptag%3Dv4%26_session_id%3D037-20260109165209EC0131706463F07583DF-WnNoS5.1767949754287.-940398464%26abr_pts%3D-2100&hls_redirect_domain=bytefcdnrd.com&major_anchor_level=common&manage_ip=&mtu_probe=false&node_id=&pro_type=http&protocol_stack=rust&pt=v4&ptag=v4&redirect_from=pod.cn-6pz3yu.lvdb.nss&redirect_to=fc.cn-cn2316g2&redirect_to_ip=39.175.244.72&rtm_sei_bypass=1&rtm_sstream_tag=fcdn_v3&sign=708e6204542769e1be14e825a3075aac&t_id=037-20260109165209EC0131706463F07583DF-WnNoS5&unique_id=stream-118644793116984074_778_flv&vhost=push-rtmp-hs-f5.douyincdn.com&volcSecret=708e6204542769e1be14e825a3075aac&volcTime=1768553531\r\nServer: Bytedance NSS\r\nTiming-Allow-Origin: *\r\nVia: n120-232-164-132\r\nX-Cache-Status: Miss\r\nX-Client-Ip: 120.230.79.196\r\nX-Has-Token: 917220198\r\nX-Response-Timecost: {\"time_to_source\":-1,\"total_time\":-1}\r\nX-Server-Ip: 120.232.164.132\r\n"}
+2026-01-09 18:26:22.954 [main] INFO  com.SyslogServeMainApp - Starting SyslogServeMainApp using Java 1.8.0_121 on LAPTOP-ARDUR3N0 with PID 25676 (E:\GIT_GOSAME\haobang-security-xdr\syslog-serve\target\classes started by chenc in E:\GIT_GOSAME\haobang-security-xdr)
+2026-01-09 18:26:22.954 [background-preinit] INFO  o.h.validator.internal.util.Version - HV000001: Hibernate Validator 6.2.5.Final
+2026-01-09 18:26:22.956 [main] INFO  com.SyslogServeMainApp - No active profile set, falling back to 1 default profile: "default"
+2026-01-09 18:26:24.953 [main] INFO  o.s.d.r.c.RepositoryConfigurationDelegate - Multiple Spring Data modules found, entering strict repository configuration mode
+2026-01-09 18:26:24.954 [main] INFO  o.s.d.r.c.RepositoryConfigurationDelegate - Bootstrapping Spring Data Redis repositories in DEFAULT mode.
+2026-01-09 18:26:25.122 [main] INFO  o.s.d.r.c.RepositoryConfigurationDelegate - Finished Spring Data repository scanning in 153 ms. Found 0 Redis repository interfaces.
+2026-01-09 18:26:25.561 [main] INFO  o.s.b.w.e.tomcat.TomcatWebServer - Tomcat initialized with port(s): 8189 (http)
+2026-01-09 18:26:25.561 [main] INFO  o.a.coyote.http11.Http11NioProtocol - Initializing ProtocolHandler ["http-nio-8189"]
+2026-01-09 18:26:25.561 [main] INFO  o.a.catalina.core.StandardService - Starting service [Tomcat]
+2026-01-09 18:26:25.561 [main] INFO  o.a.catalina.core.StandardEngine - Starting Servlet engine: [Apache Tomcat/9.0.65]
+2026-01-09 18:26:25.813 [main] INFO  o.a.c.c.C.[.[.[/syslogserve] - Initializing Spring embedded WebApplicationContext
+2026-01-09 18:26:25.813 [main] INFO  o.s.b.w.s.c.ServletWebServerApplicationContext - Root WebApplicationContext: initialization completed in 2787 ms
+2026-01-09 18:26:29.613 [main] INFO  o.a.coyote.http11.Http11NioProtocol - Starting ProtocolHandler ["http-nio-8189"]
+2026-01-09 18:26:29.627 [main] INFO  o.s.b.w.e.tomcat.TomcatWebServer - Tomcat started on port(s): 8189 (http) with context path '/syslogserve'
+2026-01-09 18:26:29.636 [main] INFO  com.SyslogServeMainApp - Started SyslogServeMainApp in 7.135 seconds (JVM running for 11.565)
+2026-01-09 18:26:29.675 [main] INFO  com.SyslogServeMainApp - Application SyslogServer start !
+2026-01-09 18:26:29.675 [main] INFO  com.netty.SyslogServer - Starting Syslog server with TCP port 514 and UDP port 514
+2026-01-09 18:26:30.117 [pool-3-thread-2] INFO  com.netty.SyslogServer - TCP Syslog server started on port 514
+2026-01-09 18:26:30.117 [pool-3-thread-1] INFO  com.netty.SyslogServer - UDP Syslog server started on port 514
+2026-01-09 18:26:30.118 [main] INFO  com.netty.SyslogServer - Both TCP and UDP Syslog servers are running
+2026-01-09 18:26:32.082 [nioEventLoopGroup-5-1] INFO  com.netty.SyslogMessageHandler - Received syslog from 192.168.1.19:57387: <0> 2026-01-09T17:09:15+08:00 ubuntu log_forward[3419]: {"timestamp":"2026-01-09T17:09:15.160715+0800","flow_id":1198350732579968,"community_id":"q1DYMZcSdDgmfpAj9ozxmTzKNbY=","serial_num":"CJFBT92","origin":"eno4","xdr_log_type":"http","vxlan_vni":256,"src_ip":"172.16.121.137","src_port":41736,"dest_ip":"120.232.164.162","dest_port":80,"proto":"TCP","app_proto":"http","tcp_sequence":3497657839,"tcp_ack_sequence":95825740,"ether":{"src_mac":"90:f1:b0:fb:81:a1","dest_mac":"a4:7b:2c:21:03:79"},"host":"pull-hs-f5.flive.douyincdn.com","host_md5":"2b821a78621370fb0703c0c8076651ee","uri":"/thirdgame/stream-118644793116984074.flv?arch_hrchy=w1&enfpresource=2&exp_hrchy=w1&expire=1768553531&major_anchor_level=common&mtu_probe=false&protocol_stack=rust&rtm_sei_bypass=1&rtm_sstream_tag=fcdn_v3&sign=708e6204542769e1be14e825a3075aac&t_id=037-20260109165209EC0131706463F07583DF-WnNoS5&unique_id=stream-118644793116984074_778_flv&volcSecret=708e6204542769e1be14e825a3075aac&volcTime=1768553531&edgeup=v1&pt=v4&ptag=v4&_session_id=037-20260109165209EC0131706463F07583DF-WnNoS5.1767949754287.-940398464&abr_pts=-2100","uri_md5":"7dfeefd12fae0a1654ba0cd0a980789e","agent":"LiveIO_ANDROID","referer":"","method":"GET","protocol":"HTTP/1.1","status":302,"req_content_type":"","request_headers":"user-agent: LiveIO_ANDROID\r\naccept: */*\r\nconnection: Close\r\nhost: pull-hs-f5.flive.douyincdn.com\r\n","rsp_content_type":"video/x-flv","response_headers":"access-control-allow-methods: GET,POST,OPTIONS\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: X-Server-Ip\r\ncache-control: no-cache\r\nconnection: close\r\ncontent-type: video/x-flv\r\nLocation: http://39.175.244.72/thirdgame/stream-118644793116984074.flv?302_type=extreme_cold_aggr&302_type_code=04&_session_id=037-20260109165209EC0131706463F07583DF-WnNoS5.1767949754287.-940398464&abr_pts=-2100&align_delay=10&arch_hrchy=w1&domain=pull-hs-f5.flive.douyincdn.com&edgeup=v1&enable_pts_align=1&enfpresource=2&exp_hrchy=w1&expire=1768553531&fp_user_url=http%3A%2F%2Fpull-hs-f5.flive.douyincdn.com%2Fthirdgame%2Fstream-118644793116984074.flv%3Farch_hrchy%3Dw1%26enfpresource%3D2%26exp_hrchy%3Dw1%26expire%3D1768553531%26major_anchor_level%3Dcommon%26mtu_probe%3Dfalse%26protocol_stack%3Drust%26rtm_sei_bypass%3D1%26rtm_sstream_tag%3Dfcdn_v3%26sign%3D708e6204542769e1be14e825a3075aac%26t_id%3D037-20260109165209EC0131706463F07583DF-WnNoS5%26unique_id%3Dstream-118644793116984074_778_flv%26volcSecret%3D708e6204542769e1be14e825a3075aac%26volcTime%3D1768553531%26edgeup%3Dv1%26pt%3Dv4%26ptag%3Dv4%26_session_id%3D037-20260109165209EC0131706463F07583DF-WnNoS5.1767949754287.-940398464%26abr_pts%3D-2100&hls_redirect_domain=bytefcdnrd.com&major_anchor_level=common&manage_ip=&mtu_probe=false&node_id=&pro_type=http&protocol_stack=rust&pt=v4&ptag=v4&redirect_from=pod.cn-6pz3yu.lvdb.nss&redirect_to=fc.cn-cn2316g2&redirect_to_ip=39.175.244.72&rtm_sei_bypass=1&rtm_sstream_tag=fcdn_v3&sign=708e6204542769e1be14e825a3075aac&t_id=037-20260109165209EC0131706463F07583DF-WnNoS5&unique_id=stream-118644793116984074_778_flv&vhost=push-rtmp-hs-f5.douyincdn.com&volcSecret=708e6204542769e1be14e825a3075aac&volcTime=1768553531\r\nServer: Bytedance NSS\r\nTiming-Allow-Origin: *\r\nVia: n120-232-164-132\r\nX-Cache-Status: Miss\r\nX-Client-Ip: 120.230.79.196\r\nX-Has-Token: 917220198\r\nX-Response-Timecost: {\"time_to_source\":-1,\"total_time\":-1}\r\nX-Server-Ip: 120.232.164.132\r\n"}
+2026-01-09 18:26:32.265 [nioEventLoopGroup-5-1] INFO  com.zaxxer.hikari.HikariDataSource - HikariPool-1 - Starting...
+2026-01-09 18:26:32.842 [nioEventLoopGroup-5-1] INFO  com.zaxxer.hikari.HikariDataSource - HikariPool-1 - Start completed.
diff --git a/haobang-security-xdr/logs/syslog-serve.log b/haobang-security-xdr/logs/syslog-serve.log
new file mode 100644
index 0000000..01a0676
--- /dev/null
+++ b/haobang-security-xdr/logs/syslog-serve.log
@@ -0,0 +1,31 @@
+2026-01-10 13:26:58.023 [main] INFO  com.SyslogServeMainApp - Starting SyslogServeMainApp using Java 1.8.0_121 on LAPTOP-ARDUR3N0 with PID 26480 (E:\GIT_GOSAME\haobang-security-xdr\syslog-serve\target\classes started by chenc in E:\GIT_GOSAME\haobang-security-xdr)
+2026-01-10 13:26:58.023 [background-preinit] INFO  o.h.validator.internal.util.Version - HV000001: Hibernate Validator 6.2.5.Final
+2026-01-10 13:26:58.029 [main] INFO  com.SyslogServeMainApp - No active profile set, falling back to 1 default profile: "default"
+2026-01-10 13:26:59.839 [main] INFO  o.s.d.r.c.RepositoryConfigurationDelegate - Multiple Spring Data modules found, entering strict repository configuration mode
+2026-01-10 13:26:59.839 [main] INFO  o.s.d.r.c.RepositoryConfigurationDelegate - Bootstrapping Spring Data Redis repositories in DEFAULT mode.
+2026-01-10 13:27:00.011 [main] INFO  o.s.d.r.c.RepositoryConfigurationDelegate - Finished Spring Data repository scanning in 153 ms. Found 0 Redis repository interfaces.
+2026-01-10 13:27:00.592 [main] INFO  o.s.b.w.e.tomcat.TomcatWebServer - Tomcat initialized with port(s): 8189 (http)
+2026-01-10 13:27:00.604 [main] INFO  o.a.coyote.http11.Http11NioProtocol - Initializing ProtocolHandler ["http-nio-8189"]
+2026-01-10 13:27:00.604 [main] INFO  o.a.catalina.core.StandardService - Starting service [Tomcat]
+2026-01-10 13:27:00.604 [main] INFO  o.a.catalina.core.StandardEngine - Starting Servlet engine: [Apache Tomcat/9.0.65]
+2026-01-10 13:27:00.971 [main] INFO  o.a.c.c.C.[.[.[/syslogserve] - Initializing Spring embedded WebApplicationContext
+2026-01-10 13:27:00.971 [main] INFO  o.s.b.w.s.c.ServletWebServerApplicationContext - Root WebApplicationContext: initialization completed in 2874 ms
+2026-01-10 13:27:04.637 [main] INFO  o.a.coyote.http11.Http11NioProtocol - Starting ProtocolHandler ["http-nio-8189"]
+2026-01-10 13:27:04.652 [main] INFO  o.s.b.w.e.tomcat.TomcatWebServer - Tomcat started on port(s): 8189 (http) with context path '/syslogserve'
+2026-01-10 13:27:04.662 [main] INFO  com.SyslogServeMainApp - Started SyslogServeMainApp in 7.133 seconds (JVM running for 12.488)
+2026-01-10 13:27:04.693 [main] INFO  com.SyslogServeMainApp - Application SyslogServer start !
+2026-01-10 13:27:04.694 [main] INFO  com.netty.SyslogServer - Starting Syslog server with TCP port 514 and UDP port 514
+2026-01-10 13:27:05.069 [pool-3-thread-2] INFO  com.netty.SyslogServer - TCP Syslog server started on port 514
+2026-01-10 13:27:05.069 [pool-3-thread-1] INFO  com.netty.SyslogServer - UDP Syslog server started on port 514
+2026-01-10 13:27:05.069 [main] INFO  com.netty.SyslogServer - Both TCP and UDP Syslog servers are running
+2026-01-10 13:38:58.993 [nioEventLoopGroup-5-1] INFO  com.netty.SyslogMessageHandler - Received syslog from 192.168.0.103:65442: <0> 2026-01-10T05:28:32+08:00 ubuntu log_forward[3419]: {"timestamp":"2026-01-10T05:28:32.806781+0800","flow_id":1671852309144385,"community_id":"uLeKRLkXu9m0D0DNn6wIg7CcdOs=","serial_num":"CJFBT92","origin":"eno4","xdr_log_type":"http","vxlan_vni":256,"src_ip":"172.16.121.137","src_port":51114,"dest_ip":"110.43.89.7","dest_port":80,"proto":"TCP","app_proto":"http","tcp_sequence":3553898360,"tcp_ack_sequence":3537707565,"ether":{"src_mac":"90:f1:b0:fb:81:a1","dest_mac":"a4:7b:2c:21:03:79"},"host":"rq.lbcct.cloud.duba.net","host_md5":"51cfa6d0981c8eb355a9b3af716da08d","uri":"/query?1767994112","uri_md5":"f28f2c62d0dd01c355caa05815d93d99","referer":"","method":"POST","protocol":"HTTP/1.1","status":200,"req_content_type":"application/x-www-form-urlencoded","request_headers":"host: rq.lbcct.cloud.duba.net\r\naccept: */*\r\ncontent-length: 85\r\ncontent-type: application/x-www-form-urlencoded\r\n","rsp_content_type":"text/plain","response_headers":"server: Tengine/1.5.2\r\ndate: Fri, 09 Jan 2026 21:28:32 GMT\r\ncontent-type: text/plain\r\nContent-Length: 54\r\nConnection: keep-alive\r\nContent-Tag: 1936292435\r\n"}
+2026-01-10 13:38:59.375 [nioEventLoopGroup-5-1] INFO  com.zaxxer.hikari.HikariDataSource - HikariPool-1 - Starting...
+2026-01-10 13:38:59.994 [nioEventLoopGroup-5-1] INFO  com.zaxxer.hikari.HikariDataSource - HikariPool-1 - Start completed.
+2026-01-10 13:39:00.321 [nioEventLoopGroup-5-1] ERROR com.Modules.Device.DeviceProcess - 设备请求的Host IP非系统注册，请联系管理员添加设备信息！
+2026-01-10 13:39:00.321 [nioEventLoopGroup-5-1] INFO  com.netty.SyslogMessageHandler - syslog message 的请求设备IP:192.168.0.103非系统注册，暂不做处理！
+2026-01-10 13:39:00.579 [nioEventLoopGroup-5-1] INFO  c.c.s.impl.DeviceUnknownServiceImpl - 更新设备最后发现时间成功，ID: 16
+2026-01-10 13:59:49.596 [HikariPool-1 housekeeper] WARN  com.zaxxer.hikari.pool.HikariPool - HikariPool-1 - Thread starvation or clock leap detected (housekeeper delta=5m51s158ms35µs500ns).
+2026-01-10 14:08:50.222 [nioEventLoopGroup-5-2] INFO  com.netty.SyslogMessageHandler - Received syslog from 192.168.0.103:59772: <0> 2026-01-10T05:28:32+08:00 ubuntu log_forward[3419]: {"timestamp":"2026-01-10T05:28:32.806781+0800","flow_id":1671852309144385,"community_id":"uLeKRLkXu9m0D0DNn6wIg7CcdOs=","serial_num":"CJFBT92","origin":"eno4","xdr_log_type":"http","vxlan_vni":256,"src_ip":"172.16.121.137","src_port":51114,"dest_ip":"110.43.89.7","dest_port":80,"proto":"TCP","app_proto":"http","tcp_sequence":3553898360,"tcp_ack_sequence":3537707565,"ether":{"src_mac":"90:f1:b0:fb:81:a1","dest_mac":"a4:7b:2c:21:03:79"},"host":"rq.lbcct.cloud.duba.net","host_md5":"51cfa6d0981c8eb355a9b3af716da08d","uri":"/query?1767994112","uri_md5":"f28f2c62d0dd01c355caa05815d93d99","referer":"","method":"POST","protocol":"HTTP/1.1","status":200,"req_content_type":"application/x-www-form-urlencoded","request_headers":"host: rq.lbcct.cloud.duba.net\r\naccept: */*\r\ncontent-length: 85\r\ncontent-type: application/x-www-form-urlencoded\r\n","rsp_content_type":"text/plain","response_headers":"server: Tengine/1.5.2\r\ndate: Fri, 09 Jan 2026 21:28:32 GMT\r\ncontent-type: text/plain\r\nContent-Length: 54\r\nConnection: keep-alive\r\nContent-Tag: 1936292435\r\n"}
+2026-01-10 14:08:55.232 [nioEventLoopGroup-5-2] WARN  com.zaxxer.hikari.pool.PoolBase - HikariPool-1 - Failed to validate connection org.postgresql.jdbc.PgConnection@53953cd1 (This connection has been closed.). Possibly consider using a shorter maxLifetime value.
+2026-01-10 14:25:15.953 [nioEventLoopGroup-5-3] INFO  com.netty.SyslogMessageHandler - Received syslog from 192.168.0.103:65302: <0> 2026-01-10T13:47:27+08:00 ubuntu log_forward[3419]: {"timestamp":"2026-01-10T13:47:27.249503+0800","flow_id":767115114538067,"community_id":"fFU2gDB2+pyUS6xQpAqqLdPLG4k=","serial_num":"CJFBT92","origin":"eno4","xdr_log_type":"http","vxlan_vni":256,"src_ip":"192.168.2.81","src_port":51018,"dest_ip":"120.241.131.42","dest_port":80,"proto":"TCP","app_proto":"http","tcp_sequence":423808413,"tcp_ack_sequence":3371175627,"ether":{},"host":"szextshort.weixin.qq.com","host_md5":"d7745538302ebc766b77ca8a4f3dd735","uri":"/mmtls/1abfe317","uri_md5":"e889825636e4d22b1d364b6bd6400ad5","agent":"MicroMessenger Client","referer":"","method":"POST","protocol":"HTTP/1.1","req_content_type":"application/octet-stream","request_headers":"accept: */*\r\ncache-control: no-cache\r\nconnection: Keep-Alive\r\ncontent-length: 2579\r\ncontent-type: application/octet-stream\r\nHost: szextshort.weixin.qq.com\r\nUpgrade: mmtls\r\nUser-Agent: MicroMessenger Client\r\n","rsp_content_type":"","response_headers":""}
+2026-01-10 14:48:21.561 [nioEventLoopGroup-5-4] INFO  com.netty.SyslogMessageHandler - Received syslog from 192.168.0.103:64558: <0> 2026-01-10T05:28:32+08:00 ubuntu log_forward[3419]: {"timestamp":"2026-01-10T05:28:32.806781+0800","flow_id":1671852309144385,"community_id":"uLeKRLkXu9m0D0DNn6wIg7CcdOs=","serial_num":"CJFBT92","origin":"eno4","xdr_log_type":"http","vxlan_vni":256,"src_ip":"172.16.121.137","src_port":51114,"dest_ip":"110.43.89.7","dest_port":80,"proto":"TCP","app_proto":"http","tcp_sequence":3553898360,"tcp_ack_sequence":3537707565,"ether":{"src_mac":"90:f1:b0:fb:81:a1","dest_mac":"a4:7b:2c:21:03:79"},"host":"rq.lbcct.cloud.duba.net","host_md5":"51cfa6d0981c8eb355a9b3af716da08d","uri":"/query?1767994112","uri_md5":"f28f2c62d0dd01c355caa05815d93d99","referer":"","method":"POST","protocol":"HTTP/1.1","status":200,"req_content_type":"application/x-www-form-urlencoded","request_headers":"host: rq.lbcct.cloud.duba.net\r\naccept: */*\r\ncontent-length: 85\r\ncontent-type: application/x-www-form-urlencoded\r\n","rsp_content_type":"text/plain","response_headers":"server: Tengine/1.5.2\r\ndate: Fri, 09 Jan 2026 21:28:32 GMT\r\ncontent-type: text/plain\r\nContent-Length: 54\r\nConnection: keep-alive\r\nContent-Tag: 1936292435\r\n"}
diff --git a/haobang-security-xdr/pom.xml b/haobang-security-xdr/pom.xml
new file mode 100644
index 0000000..967feb6
--- /dev/null
+++ b/haobang-security-xdr/pom.xml
@@ -0,0 +1,106 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+         xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 https://maven.apache.org/xsd/maven-4.0.0.xsd">
+    <modelVersion>4.0.0</modelVersion>
+    <parent>
+        <groupId>org.springframework.boot</groupId>
+        <artifactId>spring-boot-starter-parent</artifactId>
+        <version>2.7.4</version>
+        <relativePath/> <!-- lookup parent from repository -->
+    </parent>
+    <groupId>com.haobang</groupId>
+    <artifactId>security-xdr</artifactId>
+    <version>1.0.0</version>
+    <name>security-xdr</name>
+    <description>security project for Spring Boot</description>
+    <properties>
+        <java.version>1.8</java.version>
+    </properties>
+    <packaging>pom</packaging>
+    <modules>
+        <module>syslog-client</module>
+        <module>syslog-serve</module>
+        <module>syslog-consumer</module>
+    </modules>
+
+    <dependencies>
+        <dependency>
+            <groupId>org.springframework.boot</groupId>
+            <artifactId>spring-boot-starter</artifactId>
+        </dependency>
+        <dependency>
+            <groupId>org.graylog2</groupId>
+            <artifactId>syslog4j</artifactId>
+            <version>0.9.61</version> <!-- 请根据最新版本进行更新 -->
+        </dependency>
+
+        <dependency>
+            <groupId>org.springframework.boot</groupId>
+            <artifactId>spring-boot-starter-test</artifactId>
+            <scope>test</scope>
+        </dependency>
+        <!-- https://mvnrepository.com/artifact/com.alibaba.fastjson2/fastjson2 -->
+        <dependency>
+            <groupId>com.alibaba.fastjson2</groupId>
+            <artifactId>fastjson2</artifactId>
+            <version>2.0.40</version>
+        </dependency>
+
+        <dependency>
+            <groupId>cn.hutool</groupId>
+            <artifactId>hutool-all</artifactId>
+            <version>5.8.16</version>
+        </dependency>
+
+    </dependencies>
+
+    <build>
+        <plugins>
+            <plugin>
+                <groupId>org.springframework.boot</groupId>
+                <artifactId>spring-boot-maven-plugin</artifactId>
+            </plugin>
+        </plugins>
+    </build>
+
+    <repositories>
+        <!--阿里云主仓库，代理了maven central和jcenter仓库-->
+        <repository>
+            <id>aliyun</id>
+            <name>aliyun</name>
+            <url>https://maven.aliyun.com/repository/public</url>
+            <releases>
+                <enabled>true</enabled>
+            </releases>
+            <snapshots>
+                <enabled>false</enabled>
+            </snapshots>
+        </repository>
+        <!--阿里云代理Spring 官方仓库-->
+        <repository>
+            <id>spring-milestones</id>
+            <name>Spring Milestones</name>
+            <url>https://maven.aliyun.com/repository/spring</url>
+            <releases>
+                <enabled>true</enabled>
+            </releases>
+            <snapshots>
+                <enabled>false</enabled>
+            </snapshots>
+        </repository>
+    </repositories>
+    <pluginRepositories>
+        <!--阿里云代理Spring 插件仓库-->
+        <pluginRepository>
+            <id>spring-plugin</id>
+            <name>spring-plugin</name>
+            <url>https://maven.aliyun.com/repository/spring-plugin</url>
+            <releases>
+                <enabled>true</enabled>
+            </releases>
+            <snapshots>
+                <enabled>false</enabled>
+            </snapshots>
+        </pluginRepository>
+    </pluginRepositories>
+</project>
diff --git a/haobang-security-xdr/syslog-client/.gitignore b/haobang-security-xdr/syslog-client/.gitignore
new file mode 100644
index 0000000..549e00a
--- /dev/null
+++ b/haobang-security-xdr/syslog-client/.gitignore
@@ -0,0 +1,33 @@
+HELP.md
+target/
+!.mvn/wrapper/maven-wrapper.jar
+!**/src/main/**/target/
+!**/src/test/**/target/
+
+### STS ###
+.apt_generated
+.classpath
+.factorypath
+.project
+.settings
+.springBeans
+.sts4-cache
+
+### IntelliJ IDEA ###
+.idea
+*.iws
+*.iml
+*.ipr
+
+### NetBeans ###
+/nbproject/private/
+/nbbuild/
+/dist/
+/nbdist/
+/.nb-gradle/
+build/
+!**/src/main/**/build/
+!**/src/test/**/build/
+
+### VS Code ###
+.vscode/
diff --git a/haobang-security-xdr/syslog-client/logs/syslog-client.2025-12-17.log b/haobang-security-xdr/syslog-client/logs/syslog-client.2025-12-17.log
new file mode 100644
index 0000000..cbe8979
--- /dev/null
+++ b/haobang-security-xdr/syslog-client/logs/syslog-client.2025-12-17.log
@@ -0,0 +1,9 @@
+2025-12-17 14:39:34.796 [main] INFO  o.s.b.t.c.SpringBootTestContextBootstrapper - Neither @ContextConfiguration nor @ContextHierarchy found for test class [com.haobang.syslog.SysjavacollectApplicationTests], using SpringBootContextLoader
+2025-12-17 14:39:34.815 [main] INFO  o.s.t.c.s.AbstractContextLoader - Could not detect default resource locations for test class [com.haobang.syslog.SysjavacollectApplicationTests]: no resource found for suffixes {-context.xml, Context.groovy}.
+2025-12-17 14:39:34.818 [main] INFO  o.s.t.c.s.AnnotationConfigContextLoaderUtils - Could not detect default configuration classes for test class [com.haobang.syslog.SysjavacollectApplicationTests]: SysjavacollectApplicationTests does not declare any static, non-private, non-final, nested classes annotated with @Configuration.
+2025-12-17 14:39:35.050 [main] INFO  o.s.b.t.c.SpringBootTestContextBootstrapper - Found @SpringBootConfiguration com.haobang.syslog.syslogClientApplication for test class com.haobang.syslog.SysjavacollectApplicationTests
+2025-12-17 14:39:35.355 [main] INFO  o.s.b.t.c.SpringBootTestContextBootstrapper - Loaded default TestExecutionListener class names from location [META-INF/spring.factories]: [org.springframework.boot.test.mock.mockito.MockitoTestExecutionListener, org.springframework.boot.test.mock.mockito.ResetMocksTestExecutionListener, org.springframework.boot.test.autoconfigure.restdocs.RestDocsTestExecutionListener, org.springframework.boot.test.autoconfigure.web.client.MockRestServiceServerResetTestExecutionListener, org.springframework.boot.test.autoconfigure.web.servlet.MockMvcPrintOnlyOnFailureTestExecutionListener, org.springframework.boot.test.autoconfigure.web.servlet.WebDriverTestExecutionListener, org.springframework.boot.test.autoconfigure.webservices.client.MockWebServiceServerTestExecutionListener, org.springframework.test.context.web.ServletTestExecutionListener, org.springframework.test.context.support.DirtiesContextBeforeModesTestExecutionListener, org.springframework.test.context.event.ApplicationEventsTestExecutionListener, org.springframework.test.context.support.DependencyInjectionTestExecutionListener, org.springframework.test.context.support.DirtiesContextTestExecutionListener, org.springframework.test.context.transaction.TransactionalTestExecutionListener, org.springframework.test.context.jdbc.SqlScriptsTestExecutionListener, org.springframework.test.context.event.EventPublishingTestExecutionListener]
+2025-12-17 14:39:35.386 [main] INFO  o.s.b.t.c.SpringBootTestContextBootstrapper - Using TestExecutionListeners: [org.springframework.test.context.support.DirtiesContextBeforeModesTestExecutionListener@2e32ccc5, org.springframework.test.context.event.ApplicationEventsTestExecutionListener@748741cb, org.springframework.boot.test.mock.mockito.MockitoTestExecutionListener@3e44f2a5, org.springframework.boot.test.autoconfigure.SpringBootDependencyInjectionTestExecutionListener@295cf707, org.springframework.test.context.support.DirtiesContextTestExecutionListener@1130520d, org.springframework.test.context.event.EventPublishingTestExecutionListener@5f77d0f9, org.springframework.boot.test.mock.mockito.ResetMocksTestExecutionListener@463fd068, org.springframework.boot.test.autoconfigure.restdocs.RestDocsTestExecutionListener@895e367, org.springframework.boot.test.autoconfigure.web.client.MockRestServiceServerResetTestExecutionListener@1b266842, org.springframework.boot.test.autoconfigure.web.servlet.MockMvcPrintOnlyOnFailureTestExecutionListener@7a3793c7, org.springframework.boot.test.autoconfigure.web.servlet.WebDriverTestExecutionListener@42b3b079, org.springframework.boot.test.autoconfigure.webservices.client.MockWebServiceServerTestExecutionListener@651aed93]
+2025-12-17 14:39:35.994 [main] INFO  c.h.s.SysjavacollectApplicationTests - Starting SysjavacollectApplicationTests using Java 1.8.0_121 on LAPTOP-ARDUR3N0 with PID 19572 (started by chenc in E:\GIT_GOSAME\haobang-security-xdr\syslog-client)
+2025-12-17 14:39:35.996 [main] INFO  c.h.s.SysjavacollectApplicationTests - No active profile set, falling back to 1 default profile: "default"
+2025-12-17 14:39:37.054 [main] INFO  c.h.s.SysjavacollectApplicationTests - Started SysjavacollectApplicationTests in 1.581 seconds (JVM running for 3.837)
diff --git a/haobang-security-xdr/syslog-client/logs/syslog-client.2025-12-22.log b/haobang-security-xdr/syslog-client/logs/syslog-client.2025-12-22.log
new file mode 100644
index 0000000..67ab32d
--- /dev/null
+++ b/haobang-security-xdr/syslog-client/logs/syslog-client.2025-12-22.log
@@ -0,0 +1,9 @@
+2025-12-22 20:42:30.617 [main] INFO  o.s.b.t.c.SpringBootTestContextBootstrapper - Neither @ContextConfiguration nor @ContextHierarchy found for test class [com.haobang.syslog.SysjavacollectApplicationTests], using SpringBootContextLoader
+2025-12-22 20:42:30.638 [main] INFO  o.s.t.c.s.AbstractContextLoader - Could not detect default resource locations for test class [com.haobang.syslog.SysjavacollectApplicationTests]: no resource found for suffixes {-context.xml, Context.groovy}.
+2025-12-22 20:42:30.640 [main] INFO  o.s.t.c.s.AnnotationConfigContextLoaderUtils - Could not detect default configuration classes for test class [com.haobang.syslog.SysjavacollectApplicationTests]: SysjavacollectApplicationTests does not declare any static, non-private, non-final, nested classes annotated with @Configuration.
+2025-12-22 20:42:30.867 [main] INFO  o.s.b.t.c.SpringBootTestContextBootstrapper - Found @SpringBootConfiguration com.haobang.syslog.syslogClientApplication for test class com.haobang.syslog.SysjavacollectApplicationTests
+2025-12-22 20:42:31.110 [main] INFO  o.s.b.t.c.SpringBootTestContextBootstrapper - Loaded default TestExecutionListener class names from location [META-INF/spring.factories]: [org.springframework.boot.test.mock.mockito.MockitoTestExecutionListener, org.springframework.boot.test.mock.mockito.ResetMocksTestExecutionListener, org.springframework.boot.test.autoconfigure.restdocs.RestDocsTestExecutionListener, org.springframework.boot.test.autoconfigure.web.client.MockRestServiceServerResetTestExecutionListener, org.springframework.boot.test.autoconfigure.web.servlet.MockMvcPrintOnlyOnFailureTestExecutionListener, org.springframework.boot.test.autoconfigure.web.servlet.WebDriverTestExecutionListener, org.springframework.boot.test.autoconfigure.webservices.client.MockWebServiceServerTestExecutionListener, org.springframework.test.context.web.ServletTestExecutionListener, org.springframework.test.context.support.DirtiesContextBeforeModesTestExecutionListener, org.springframework.test.context.event.ApplicationEventsTestExecutionListener, org.springframework.test.context.support.DependencyInjectionTestExecutionListener, org.springframework.test.context.support.DirtiesContextTestExecutionListener, org.springframework.test.context.transaction.TransactionalTestExecutionListener, org.springframework.test.context.jdbc.SqlScriptsTestExecutionListener, org.springframework.test.context.event.EventPublishingTestExecutionListener]
+2025-12-22 20:42:31.144 [main] INFO  o.s.b.t.c.SpringBootTestContextBootstrapper - Using TestExecutionListeners: [org.springframework.test.context.support.DirtiesContextBeforeModesTestExecutionListener@748741cb, org.springframework.test.context.event.ApplicationEventsTestExecutionListener@3e44f2a5, org.springframework.boot.test.mock.mockito.MockitoTestExecutionListener@295cf707, org.springframework.boot.test.autoconfigure.SpringBootDependencyInjectionTestExecutionListener@1130520d, org.springframework.test.context.support.DirtiesContextTestExecutionListener@5f77d0f9, org.springframework.test.context.event.EventPublishingTestExecutionListener@463fd068, org.springframework.boot.test.mock.mockito.ResetMocksTestExecutionListener@895e367, org.springframework.boot.test.autoconfigure.restdocs.RestDocsTestExecutionListener@1b266842, org.springframework.boot.test.autoconfigure.web.client.MockRestServiceServerResetTestExecutionListener@7a3793c7, org.springframework.boot.test.autoconfigure.web.servlet.MockMvcPrintOnlyOnFailureTestExecutionListener@42b3b079, org.springframework.boot.test.autoconfigure.web.servlet.WebDriverTestExecutionListener@651aed93, org.springframework.boot.test.autoconfigure.webservices.client.MockWebServiceServerTestExecutionListener@4dd6fd0a]
+2025-12-22 20:42:31.702 [main] INFO  c.h.s.SysjavacollectApplicationTests - Starting SysjavacollectApplicationTests using Java 1.8.0_121 on LAPTOP-ARDUR3N0 with PID 34572 (started by chenc in E:\GIT_GOSAME\haobang-security-xdr\syslog-client)
+2025-12-22 20:42:31.705 [main] INFO  c.h.s.SysjavacollectApplicationTests - No active profile set, falling back to 1 default profile: "default"
+2025-12-22 20:42:32.775 [main] INFO  c.h.s.SysjavacollectApplicationTests - Started SysjavacollectApplicationTests in 1.543 seconds (JVM running for 3.696)
diff --git a/haobang-security-xdr/syslog-client/logs/syslog-client.log b/haobang-security-xdr/syslog-client/logs/syslog-client.log
new file mode 100644
index 0000000..cc45e79
--- /dev/null
+++ b/haobang-security-xdr/syslog-client/logs/syslog-client.log
@@ -0,0 +1,9 @@
+2025-12-29 15:11:36.187 [main] INFO  o.s.b.t.c.SpringBootTestContextBootstrapper - Neither @ContextConfiguration nor @ContextHierarchy found for test class [com.haobang.syslog.SysjavacollectApplicationTests], using SpringBootContextLoader
+2025-12-29 15:11:36.197 [main] INFO  o.s.t.c.s.AbstractContextLoader - Could not detect default resource locations for test class [com.haobang.syslog.SysjavacollectApplicationTests]: no resource found for suffixes {-context.xml, Context.groovy}.
+2025-12-29 15:11:36.197 [main] INFO  o.s.t.c.s.AnnotationConfigContextLoaderUtils - Could not detect default configuration classes for test class [com.haobang.syslog.SysjavacollectApplicationTests]: SysjavacollectApplicationTests does not declare any static, non-private, non-final, nested classes annotated with @Configuration.
+2025-12-29 15:11:36.334 [main] INFO  o.s.b.t.c.SpringBootTestContextBootstrapper - Found @SpringBootConfiguration com.haobang.syslog.syslogClientApplication for test class com.haobang.syslog.SysjavacollectApplicationTests
+2025-12-29 15:11:36.455 [main] INFO  o.s.b.t.c.SpringBootTestContextBootstrapper - Loaded default TestExecutionListener class names from location [META-INF/spring.factories]: [org.springframework.boot.test.mock.mockito.MockitoTestExecutionListener, org.springframework.boot.test.mock.mockito.ResetMocksTestExecutionListener, org.springframework.boot.test.autoconfigure.restdocs.RestDocsTestExecutionListener, org.springframework.boot.test.autoconfigure.web.client.MockRestServiceServerResetTestExecutionListener, org.springframework.boot.test.autoconfigure.web.servlet.MockMvcPrintOnlyOnFailureTestExecutionListener, org.springframework.boot.test.autoconfigure.web.servlet.WebDriverTestExecutionListener, org.springframework.boot.test.autoconfigure.webservices.client.MockWebServiceServerTestExecutionListener, org.springframework.test.context.web.ServletTestExecutionListener, org.springframework.test.context.support.DirtiesContextBeforeModesTestExecutionListener, org.springframework.test.context.event.ApplicationEventsTestExecutionListener, org.springframework.test.context.support.DependencyInjectionTestExecutionListener, org.springframework.test.context.support.DirtiesContextTestExecutionListener, org.springframework.test.context.transaction.TransactionalTestExecutionListener, org.springframework.test.context.jdbc.SqlScriptsTestExecutionListener, org.springframework.test.context.event.EventPublishingTestExecutionListener]
+2025-12-29 15:11:36.468 [main] INFO  o.s.b.t.c.SpringBootTestContextBootstrapper - Using TestExecutionListeners: [org.springframework.test.context.support.DirtiesContextBeforeModesTestExecutionListener@748741cb, org.springframework.test.context.event.ApplicationEventsTestExecutionListener@3e44f2a5, org.springframework.boot.test.mock.mockito.MockitoTestExecutionListener@295cf707, org.springframework.boot.test.autoconfigure.SpringBootDependencyInjectionTestExecutionListener@1130520d, org.springframework.test.context.support.DirtiesContextTestExecutionListener@5f77d0f9, org.springframework.test.context.event.EventPublishingTestExecutionListener@463fd068, org.springframework.boot.test.mock.mockito.ResetMocksTestExecutionListener@895e367, org.springframework.boot.test.autoconfigure.restdocs.RestDocsTestExecutionListener@1b266842, org.springframework.boot.test.autoconfigure.web.client.MockRestServiceServerResetTestExecutionListener@7a3793c7, org.springframework.boot.test.autoconfigure.web.servlet.MockMvcPrintOnlyOnFailureTestExecutionListener@42b3b079, org.springframework.boot.test.autoconfigure.web.servlet.WebDriverTestExecutionListener@651aed93, org.springframework.boot.test.autoconfigure.webservices.client.MockWebServiceServerTestExecutionListener@4dd6fd0a]
+2025-12-29 15:11:36.743 [main] INFO  c.h.s.SysjavacollectApplicationTests - Starting SysjavacollectApplicationTests using Java 1.8.0_121 on LAPTOP-ARDUR3N0 with PID 26068 (started by chenc in E:\GIT_GOSAME\haobang-security-xdr\syslog-client)
+2025-12-29 15:11:36.744 [main] INFO  c.h.s.SysjavacollectApplicationTests - No active profile set, falling back to 1 default profile: "default"
+2025-12-29 15:11:37.190 [main] INFO  c.h.s.SysjavacollectApplicationTests - Started SysjavacollectApplicationTests in 0.687 seconds (JVM running for 1.833)
diff --git a/haobang-security-xdr/syslog-client/mvnw b/haobang-security-xdr/syslog-client/mvnw
new file mode 100644
index 0000000..8a8fb22
--- /dev/null
+++ b/haobang-security-xdr/syslog-client/mvnw
@@ -0,0 +1,316 @@
+#!/bin/sh
+# ----------------------------------------------------------------------------
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements.  See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership.  The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License.  You may obtain a copy of the License at
+#
+#    https://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied.  See the License for the
+# specific language governing permissions and limitations
+# under the License.
+# ----------------------------------------------------------------------------
+
+# ----------------------------------------------------------------------------
+# Maven Start Up Batch script
+#
+# Required ENV vars:
+# ------------------
+#   JAVA_HOME - location of a JDK home dir
+#
+# Optional ENV vars
+# -----------------
+#   M2_HOME - location of maven2's installed home dir
+#   MAVEN_OPTS - parameters passed to the Java VM when running Maven
+#     e.g. to debug Maven itself, use
+#       set MAVEN_OPTS=-Xdebug -Xrunjdwp:transport=dt_socket,server=y,suspend=y,address=8000
+#   MAVEN_SKIP_RC - flag to disable loading of mavenrc files
+# ----------------------------------------------------------------------------
+
+if [ -z "$MAVEN_SKIP_RC" ] ; then
+
+  if [ -f /usr/local/etc/mavenrc ] ; then
+    . /usr/local/etc/mavenrc
+  fi
+
+  if [ -f /etc/mavenrc ] ; then
+    . /etc/mavenrc
+  fi
+
+  if [ -f "$HOME/.mavenrc" ] ; then
+    . "$HOME/.mavenrc"
+  fi
+
+fi
+
+# OS specific support.  $var _must_ be set to either true or false.
+cygwin=false;
+darwin=false;
+mingw=false
+case "`uname`" in
+  CYGWIN*) cygwin=true ;;
+  MINGW*) mingw=true;;
+  Darwin*) darwin=true
+    # Use /usr/libexec/java_home if available, otherwise fall back to /Library/Java/Home
+    # See https://developer.apple.com/library/mac/qa/qa1170/_index.html
+    if [ -z "$JAVA_HOME" ]; then
+      if [ -x "/usr/libexec/java_home" ]; then
+        export JAVA_HOME="`/usr/libexec/java_home`"
+      else
+        export JAVA_HOME="/Library/Java/Home"
+      fi
+    fi
+    ;;
+esac
+
+if [ -z "$JAVA_HOME" ] ; then
+  if [ -r /etc/gentoo-release ] ; then
+    JAVA_HOME=`java-config --jre-home`
+  fi
+fi
+
+if [ -z "$M2_HOME" ] ; then
+  ## resolve links - $0 may be a link to maven's home
+  PRG="$0"
+
+  # need this for relative symlinks
+  while [ -h "$PRG" ] ; do
+    ls=`ls -ld "$PRG"`
+    link=`expr "$ls" : '.*-> \(.*\)$'`
+    if expr "$link" : '/.*' > /dev/null; then
+      PRG="$link"
+    else
+      PRG="`dirname "$PRG"`/$link"
+    fi
+  done
+
+  saveddir=`pwd`
+
+  M2_HOME=`dirname "$PRG"`/..
+
+  # make it fully qualified
+  M2_HOME=`cd "$M2_HOME" && pwd`
+
+  cd "$saveddir"
+  # echo Using m2 at $M2_HOME
+fi
+
+# For Cygwin, ensure paths are in UNIX format before anything is touched
+if $cygwin ; then
+  [ -n "$M2_HOME" ] &&
+    M2_HOME=`cygpath --unix "$M2_HOME"`
+  [ -n "$JAVA_HOME" ] &&
+    JAVA_HOME=`cygpath --unix "$JAVA_HOME"`
+  [ -n "$CLASSPATH" ] &&
+    CLASSPATH=`cygpath --path --unix "$CLASSPATH"`
+fi
+
+# For Mingw, ensure paths are in UNIX format before anything is touched
+if $mingw ; then
+  [ -n "$M2_HOME" ] &&
+    M2_HOME="`(cd "$M2_HOME"; pwd)`"
+  [ -n "$JAVA_HOME" ] &&
+    JAVA_HOME="`(cd "$JAVA_HOME"; pwd)`"
+fi
+
+if [ -z "$JAVA_HOME" ]; then
+  javaExecutable="`which javac`"
+  if [ -n "$javaExecutable" ] && ! [ "`expr \"$javaExecutable\" : '\([^ ]*\)'`" = "no" ]; then
+    # readlink(1) is not available as standard on Solaris 10.
+    readLink=`which readlink`
+    if [ ! `expr "$readLink" : '\([^ ]*\)'` = "no" ]; then
+      if $darwin ; then
+        javaHome="`dirname \"$javaExecutable\"`"
+        javaExecutable="`cd \"$javaHome\" && pwd -P`/javac"
+      else
+        javaExecutable="`readlink -f \"$javaExecutable\"`"
+      fi
+      javaHome="`dirname \"$javaExecutable\"`"
+      javaHome=`expr "$javaHome" : '\(.*\)/bin'`
+      JAVA_HOME="$javaHome"
+      export JAVA_HOME
+    fi
+  fi
+fi
+
+if [ -z "$JAVACMD" ] ; then
+  if [ -n "$JAVA_HOME"  ] ; then
+    if [ -x "$JAVA_HOME/jre/sh/java" ] ; then
+      # IBM's JDK on AIX uses strange locations for the executables
+      JAVACMD="$JAVA_HOME/jre/sh/java"
+    else
+      JAVACMD="$JAVA_HOME/bin/java"
+    fi
+  else
+    JAVACMD="`\\unset -f command; \\command -v java`"
+  fi
+fi
+
+if [ ! -x "$JAVACMD" ] ; then
+  echo "Error: JAVA_HOME is not defined correctly." >&2
+  echo "  We cannot execute $JAVACMD" >&2
+  exit 1
+fi
+
+if [ -z "$JAVA_HOME" ] ; then
+  echo "Warning: JAVA_HOME environment variable is not set."
+fi
+
+CLASSWORLDS_LAUNCHER=org.codehaus.plexus.classworlds.launcher.Launcher
+
+# traverses directory structure from process work directory to filesystem root
+# first directory with .mvn subdirectory is considered project base directory
+find_maven_basedir() {
+
+  if [ -z "$1" ]
+  then
+    echo "Path not specified to find_maven_basedir"
+    return 1
+  fi
+
+  basedir="$1"
+  wdir="$1"
+  while [ "$wdir" != '/' ] ; do
+    if [ -d "$wdir"/.mvn ] ; then
+      basedir=$wdir
+      break
+    fi
+    # workaround for JBEAP-8937 (on Solaris 10/Sparc)
+    if [ -d "${wdir}" ]; then
+      wdir=`cd "$wdir/.."; pwd`
+    fi
+    # end of workaround
+  done
+  echo "${basedir}"
+}
+
+# concatenates all lines of a file
+concat_lines() {
+  if [ -f "$1" ]; then
+    echo "$(tr -s '\n' ' ' < "$1")"
+  fi
+}
+
+BASE_DIR=`find_maven_basedir "$(pwd)"`
+if [ -z "$BASE_DIR" ]; then
+  exit 1;
+fi
+
+##########################################################################################
+# Extension to allow automatically downloading the maven-wrapper.jar from Maven-central
+# This allows using the maven wrapper in projects that prohibit checking in binary data.
+##########################################################################################
+if [ -r "$BASE_DIR/.mvn/wrapper/maven-wrapper.jar" ]; then
+    if [ "$MVNW_VERBOSE" = true ]; then
+      echo "Found .mvn/wrapper/maven-wrapper.jar"
+    fi
+else
+    if [ "$MVNW_VERBOSE" = true ]; then
+      echo "Couldn't find .mvn/wrapper/maven-wrapper.jar, downloading it ..."
+    fi
+    if [ -n "$MVNW_REPOURL" ]; then
+      jarUrl="$MVNW_REPOURL/org/apache/maven/wrapper/maven-wrapper/3.1.0/maven-wrapper-3.1.0.jar"
+    else
+      jarUrl="https://repo.maven.apache.org/maven2/org/apache/maven/wrapper/maven-wrapper/3.1.0/maven-wrapper-3.1.0.jar"
+    fi
+    while IFS="=" read key value; do
+      case "$key" in (wrapperUrl) jarUrl="$value"; break ;;
+      esac
+    done < "$BASE_DIR/.mvn/wrapper/maven-wrapper.properties"
+    if [ "$MVNW_VERBOSE" = true ]; then
+      echo "Downloading from: $jarUrl"
+    fi
+    wrapperJarPath="$BASE_DIR/.mvn/wrapper/maven-wrapper.jar"
+    if $cygwin; then
+      wrapperJarPath=`cygpath --path --windows "$wrapperJarPath"`
+    fi
+
+    if command -v wget > /dev/null; then
+        if [ "$MVNW_VERBOSE" = true ]; then
+          echo "Found wget ... using wget"
+        fi
+        if [ -z "$MVNW_USERNAME" ] || [ -z "$MVNW_PASSWORD" ]; then
+            wget "$jarUrl" -O "$wrapperJarPath" || rm -f "$wrapperJarPath"
+        else
+            wget --http-user=$MVNW_USERNAME --http-password=$MVNW_PASSWORD "$jarUrl" -O "$wrapperJarPath" || rm -f "$wrapperJarPath"
+        fi
+    elif command -v curl > /dev/null; then
+        if [ "$MVNW_VERBOSE" = true ]; then
+          echo "Found curl ... using curl"
+        fi
+        if [ -z "$MVNW_USERNAME" ] || [ -z "$MVNW_PASSWORD" ]; then
+            curl -o "$wrapperJarPath" "$jarUrl" -f
+        else
+            curl --user $MVNW_USERNAME:$MVNW_PASSWORD -o "$wrapperJarPath" "$jarUrl" -f
+        fi
+
+    else
+        if [ "$MVNW_VERBOSE" = true ]; then
+          echo "Falling back to using Java to download"
+        fi
+        javaClass="$BASE_DIR/.mvn/wrapper/MavenWrapperDownloader.java"
+        # For Cygwin, switch paths to Windows format before running javac
+        if $cygwin; then
+          javaClass=`cygpath --path --windows "$javaClass"`
+        fi
+        if [ -e "$javaClass" ]; then
+            if [ ! -e "$BASE_DIR/.mvn/wrapper/MavenWrapperDownloader.class" ]; then
+                if [ "$MVNW_VERBOSE" = true ]; then
+                  echo " - Compiling MavenWrapperDownloader.java ..."
+                fi
+                # Compiling the Java class
+                ("$JAVA_HOME/bin/javac" "$javaClass")
+            fi
+            if [ -e "$BASE_DIR/.mvn/wrapper/MavenWrapperDownloader.class" ]; then
+                # Running the downloader
+                if [ "$MVNW_VERBOSE" = true ]; then
+                  echo " - Running MavenWrapperDownloader.java ..."
+                fi
+                ("$JAVA_HOME/bin/java" -cp .mvn/wrapper MavenWrapperDownloader "$MAVEN_PROJECTBASEDIR")
+            fi
+        fi
+    fi
+fi
+##########################################################################################
+# End of extension
+##########################################################################################
+
+export MAVEN_PROJECTBASEDIR=${MAVEN_BASEDIR:-"$BASE_DIR"}
+if [ "$MVNW_VERBOSE" = true ]; then
+  echo $MAVEN_PROJECTBASEDIR
+fi
+MAVEN_OPTS="$(concat_lines "$MAVEN_PROJECTBASEDIR/.mvn/jvm.config") $MAVEN_OPTS"
+
+# For Cygwin, switch paths to Windows format before running java
+if $cygwin; then
+  [ -n "$M2_HOME" ] &&
+    M2_HOME=`cygpath --path --windows "$M2_HOME"`
+  [ -n "$JAVA_HOME" ] &&
+    JAVA_HOME=`cygpath --path --windows "$JAVA_HOME"`
+  [ -n "$CLASSPATH" ] &&
+    CLASSPATH=`cygpath --path --windows "$CLASSPATH"`
+  [ -n "$MAVEN_PROJECTBASEDIR" ] &&
+    MAVEN_PROJECTBASEDIR=`cygpath --path --windows "$MAVEN_PROJECTBASEDIR"`
+fi
+
+# Provide a "standardized" way to retrieve the CLI args that will
+# work with both Windows and non-Windows executions.
+MAVEN_CMD_LINE_ARGS="$MAVEN_CONFIG $@"
+export MAVEN_CMD_LINE_ARGS
+
+WRAPPER_LAUNCHER=org.apache.maven.wrapper.MavenWrapperMain
+
+exec "$JAVACMD" \
+  $MAVEN_OPTS \
+  $MAVEN_DEBUG_OPTS \
+  -classpath "$MAVEN_PROJECTBASEDIR/.mvn/wrapper/maven-wrapper.jar" \
+  "-Dmaven.home=${M2_HOME}" \
+  "-Dmaven.multiModuleProjectDirectory=${MAVEN_PROJECTBASEDIR}" \
+  ${WRAPPER_LAUNCHER} $MAVEN_CONFIG "$@"
diff --git a/haobang-security-xdr/syslog-client/mvnw.cmd b/haobang-security-xdr/syslog-client/mvnw.cmd
new file mode 100644
index 0000000..1d8ab01
--- /dev/null
+++ b/haobang-security-xdr/syslog-client/mvnw.cmd
@@ -0,0 +1,188 @@
+@REM ----------------------------------------------------------------------------
+@REM Licensed to the Apache Software Foundation (ASF) under one
+@REM or more contributor license agreements.  See the NOTICE file
+@REM distributed with this work for additional information
+@REM regarding copyright ownership.  The ASF licenses this file
+@REM to you under the Apache License, Version 2.0 (the
+@REM "License"); you may not use this file except in compliance
+@REM with the License.  You may obtain a copy of the License at
+@REM
+@REM    https://www.apache.org/licenses/LICENSE-2.0
+@REM
+@REM Unless required by applicable law or agreed to in writing,
+@REM software distributed under the License is distributed on an
+@REM "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+@REM KIND, either express or implied.  See the License for the
+@REM specific language governing permissions and limitations
+@REM under the License.
+@REM ----------------------------------------------------------------------------
+
+@REM ----------------------------------------------------------------------------
+@REM Maven Start Up Batch script
+@REM
+@REM Required ENV vars:
+@REM JAVA_HOME - location of a JDK home dir
+@REM
+@REM Optional ENV vars
+@REM M2_HOME - location of maven2's installed home dir
+@REM MAVEN_BATCH_ECHO - set to 'on' to enable the echoing of the batch commands
+@REM MAVEN_BATCH_PAUSE - set to 'on' to wait for a keystroke before ending
+@REM MAVEN_OPTS - parameters passed to the Java VM when running Maven
+@REM     e.g. to debug Maven itself, use
+@REM set MAVEN_OPTS=-Xdebug -Xrunjdwp:transport=dt_socket,server=y,suspend=y,address=8000
+@REM MAVEN_SKIP_RC - flag to disable loading of mavenrc files
+@REM ----------------------------------------------------------------------------
+
+@REM Begin all REM lines with '@' in case MAVEN_BATCH_ECHO is 'on'
+@echo off
+@REM set title of command window
+title %0
+@REM enable echoing by setting MAVEN_BATCH_ECHO to 'on'
+@if "%MAVEN_BATCH_ECHO%" == "on"  echo %MAVEN_BATCH_ECHO%
+
+@REM set %HOME% to equivalent of $HOME
+if "%HOME%" == "" (set "HOME=%HOMEDRIVE%%HOMEPATH%")
+
+@REM Execute a user defined script before this one
+if not "%MAVEN_SKIP_RC%" == "" goto skipRcPre
+@REM check for pre script, once with legacy .bat ending and once with .cmd ending
+if exist "%USERPROFILE%\mavenrc_pre.bat" call "%USERPROFILE%\mavenrc_pre.bat" %*
+if exist "%USERPROFILE%\mavenrc_pre.cmd" call "%USERPROFILE%\mavenrc_pre.cmd" %*
+:skipRcPre
+
+@setlocal
+
+set ERROR_CODE=0
+
+@REM To isolate internal variables from possible post scripts, we use another setlocal
+@setlocal
+
+@REM ==== START VALIDATION ====
+if not "%JAVA_HOME%" == "" goto OkJHome
+
+echo.
+echo Error: JAVA_HOME not found in your environment. >&2
+echo Please set the JAVA_HOME variable in your environment to match the >&2
+echo location of your Java installation. >&2
+echo.
+goto error
+
+:OkJHome
+if exist "%JAVA_HOME%\bin\java.exe" goto init
+
+echo.
+echo Error: JAVA_HOME is set to an invalid directory. >&2
+echo JAVA_HOME = "%JAVA_HOME%" >&2
+echo Please set the JAVA_HOME variable in your environment to match the >&2
+echo location of your Java installation. >&2
+echo.
+goto error
+
+@REM ==== END VALIDATION ====
+
+:init
+
+@REM Find the project base dir, i.e. the directory that contains the folder ".mvn".
+@REM Fallback to current working directory if not found.
+
+set MAVEN_PROJECTBASEDIR=%MAVEN_BASEDIR%
+IF NOT "%MAVEN_PROJECTBASEDIR%"=="" goto endDetectBaseDir
+
+set EXEC_DIR=%CD%
+set WDIR=%EXEC_DIR%
+:findBaseDir
+IF EXIST "%WDIR%"\.mvn goto baseDirFound
+cd ..
+IF "%WDIR%"=="%CD%" goto baseDirNotFound
+set WDIR=%CD%
+goto findBaseDir
+
+:baseDirFound
+set MAVEN_PROJECTBASEDIR=%WDIR%
+cd "%EXEC_DIR%"
+goto endDetectBaseDir
+
+:baseDirNotFound
+set MAVEN_PROJECTBASEDIR=%EXEC_DIR%
+cd "%EXEC_DIR%"
+
+:endDetectBaseDir
+
+IF NOT EXIST "%MAVEN_PROJECTBASEDIR%\.mvn\jvm.config" goto endReadAdditionalConfig
+
+@setlocal EnableExtensions EnableDelayedExpansion
+for /F "usebackq delims=" %%a in ("%MAVEN_PROJECTBASEDIR%\.mvn\jvm.config") do set JVM_CONFIG_MAVEN_PROPS=!JVM_CONFIG_MAVEN_PROPS! %%a
+@endlocal & set JVM_CONFIG_MAVEN_PROPS=%JVM_CONFIG_MAVEN_PROPS%
+
+:endReadAdditionalConfig
+
+SET MAVEN_JAVA_EXE="%JAVA_HOME%\bin\java.exe"
+set WRAPPER_JAR="%MAVEN_PROJECTBASEDIR%\.mvn\wrapper\maven-wrapper.jar"
+set WRAPPER_LAUNCHER=org.apache.maven.wrapper.MavenWrapperMain
+
+set DOWNLOAD_URL="https://repo.maven.apache.org/maven2/org/apache/maven/wrapper/maven-wrapper/3.1.0/maven-wrapper-3.1.0.jar"
+
+FOR /F "usebackq tokens=1,2 delims==" %%A IN ("%MAVEN_PROJECTBASEDIR%\.mvn\wrapper\maven-wrapper.properties") DO (
+    IF "%%A"=="wrapperUrl" SET DOWNLOAD_URL=%%B
+)
+
+@REM Extension to allow automatically downloading the maven-wrapper.jar from Maven-central
+@REM This allows using the maven wrapper in projects that prohibit checking in binary data.
+if exist %WRAPPER_JAR% (
+    if "%MVNW_VERBOSE%" == "true" (
+        echo Found %WRAPPER_JAR%
+    )
+) else (
+    if not "%MVNW_REPOURL%" == "" (
+        SET DOWNLOAD_URL="%MVNW_REPOURL%/org/apache/maven/wrapper/maven-wrapper/3.1.0/maven-wrapper-3.1.0.jar"
+    )
+    if "%MVNW_VERBOSE%" == "true" (
+        echo Couldn't find %WRAPPER_JAR%, downloading it ...
+        echo Downloading from: %DOWNLOAD_URL%
+    )
+
+    powershell -Command "&{"^
+		"$webclient = new-object System.Net.WebClient;"^
+		"if (-not ([string]::IsNullOrEmpty('%MVNW_USERNAME%') -and [string]::IsNullOrEmpty('%MVNW_PASSWORD%'))) {"^
+		"$webclient.Credentials = new-object System.Net.NetworkCredential('%MVNW_USERNAME%', '%MVNW_PASSWORD%');"^
+		"}"^
+		"[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12; $webclient.DownloadFile('%DOWNLOAD_URL%', '%WRAPPER_JAR%')"^
+		"}"
+    if "%MVNW_VERBOSE%" == "true" (
+        echo Finished downloading %WRAPPER_JAR%
+    )
+)
+@REM End of extension
+
+@REM Provide a "standardized" way to retrieve the CLI args that will
+@REM work with both Windows and non-Windows executions.
+set MAVEN_CMD_LINE_ARGS=%*
+
+%MAVEN_JAVA_EXE% ^
+  %JVM_CONFIG_MAVEN_PROPS% ^
+  %MAVEN_OPTS% ^
+  %MAVEN_DEBUG_OPTS% ^
+  -classpath %WRAPPER_JAR% ^
+  "-Dmaven.multiModuleProjectDirectory=%MAVEN_PROJECTBASEDIR%" ^
+  %WRAPPER_LAUNCHER% %MAVEN_CONFIG% %*
+if ERRORLEVEL 1 goto error
+goto end
+
+:error
+set ERROR_CODE=1
+
+:end
+@endlocal & set ERROR_CODE=%ERROR_CODE%
+
+if not "%MAVEN_SKIP_RC%"=="" goto skipRcPost
+@REM check for post script, once with legacy .bat ending and once with .cmd ending
+if exist "%USERPROFILE%\mavenrc_post.bat" call "%USERPROFILE%\mavenrc_post.bat"
+if exist "%USERPROFILE%\mavenrc_post.cmd" call "%USERPROFILE%\mavenrc_post.cmd"
+:skipRcPost
+
+@REM pause the script if MAVEN_BATCH_PAUSE is set to 'on'
+if "%MAVEN_BATCH_PAUSE%"=="on" pause
+
+if "%MAVEN_TERMINATE_CMD%"=="on" exit %ERROR_CODE%
+
+cmd /C exit /B %ERROR_CODE%
diff --git a/haobang-security-xdr/syslog-client/pom.xml b/haobang-security-xdr/syslog-client/pom.xml
new file mode 100644
index 0000000..9882a5f
--- /dev/null
+++ b/haobang-security-xdr/syslog-client/pom.xml
@@ -0,0 +1,61 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+         xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 https://maven.apache.org/xsd/maven-4.0.0.xsd">
+    <modelVersion>4.0.0</modelVersion>
+    <parent>
+        <groupId>org.springframework.boot</groupId>
+        <artifactId>spring-boot-starter-parent</artifactId>
+        <version>2.7.4</version>
+        <relativePath/> <!-- lookup parent from repository -->
+    </parent>
+    <groupId>com.haobang</groupId>
+    <artifactId>syslog-client</artifactId>
+    <version>1.0.0</version>
+    <name>syslog-client</name>
+    <description>syslog-clien</description>
+    <packaging>jar</packaging>
+    <properties>
+        <java.version>1.8</java.version>
+    </properties>
+    <dependencies>
+        <dependency>
+            <groupId>org.springframework.boot</groupId>
+            <artifactId>spring-boot-starter</artifactId>
+        </dependency>
+
+        <dependency>
+            <groupId>org.graylog2</groupId>
+            <artifactId>syslog4j</artifactId>
+            <version>0.9.61</version>
+        </dependency>
+
+        <dependency>
+            <groupId>org.springframework.boot</groupId>
+            <artifactId>spring-boot-starter-test</artifactId>
+            <scope>test</scope>
+        </dependency>
+        <!-- https://mvnrepository.com/artifact/com.alibaba.fastjson2/fastjson2 -->
+        <dependency>
+            <groupId>com.alibaba.fastjson2</groupId>
+            <artifactId>fastjson2</artifactId>
+            <version>2.0.40</version>
+        </dependency>
+
+        <dependency>
+            <groupId>cn.hutool</groupId>
+            <artifactId>hutool-all</artifactId>
+            <version>5.8.16</version>
+        </dependency>
+
+    </dependencies>
+
+    <build>
+        <plugins>
+            <plugin>
+                <groupId>org.springframework.boot</groupId>
+                <artifactId>spring-boot-maven-plugin</artifactId>
+            </plugin>
+        </plugins>
+    </build>
+
+</project>
diff --git a/haobang-security-xdr/syslog-client/src/main/java/com/haobang/syslog/ClientClass.java b/haobang-security-xdr/syslog-client/src/main/java/com/haobang/syslog/ClientClass.java
new file mode 100644
index 0000000..01556fd
--- /dev/null
+++ b/haobang-security-xdr/syslog-client/src/main/java/com/haobang/syslog/ClientClass.java
@@ -0,0 +1,77 @@
+package com.haobang.syslog;
+
+import org.graylog2.syslog4j.Syslog;
+import org.graylog2.syslog4j.SyslogConstants;
+import org.graylog2.syslog4j.SyslogIF;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+import java.net.URLDecoder;
+
+public class ClientClass implements Runnable{
+    private static final Logger logger = LoggerFactory.getLogger(ClientClass.class);
+    //控制循环结束的
+    private boolean flag = true;
+    private static ClientClass ClientClass = null;
+    private ClientClass() {
+    }
+    public static synchronized ClientClass getClient()
+    {
+        if(ClientClass == null)
+    ClientClass = new ClientClass ();
+        return ClientClass ;
+}
+    @Override
+    public void run() {
+        try {
+            //初始化标识位
+            flag = true;
+            //以传输名称的形式来传输实例化的协议类型
+            String prot = Thread.currentThread().getName();
+            //获取syslog的操作类，使用udp协议。syslog支持"udp", "tcp", "unix_syslog", "unix_socket"协议
+            SyslogIF syslog = Syslog.getInstance(prot);
+            //设置syslog服务器端地址   地址为之前你服务器的地址
+            //syslog.getConfig().setHost("192.168.222.131");
+            syslog.getConfig().setHost("0.0.0.0");
+            //设置syslog接收端口，默认514
+            syslog.getConfig().setPort(514);
+            logger.info("设置syslog端口：514");
+            //拼接syslog日志
+           // String str = "operator Protocol sky====> "+ Thread.currentThread().getName();
+           // String str ="<14>1 2025-10-14T05:49:35Z cb5a5f07595c supermario 9 portrait -{\"source\":\"portrait\",\"uuid\":\"1a26ac6e-2d77-4ada-b560-1abbcae1de98\",\"host\":{\"cpuConcurrency\":8,\"fonts\":[\"Rockwell\",\"Calibri\",\"Gadugi\",\"Leelawadee UI\",\"Bahnschrift\",\"DengXian\",\"Roboto\",\"DejaVu Sans Mono\",\"Open Sans\",\"Source Han Serif CN\"],\"hasUnity\":false,\"language\":\"zh-CN\",\"memory\":0,\"os\":\"Windows 10.0\",\"render\":\"ANGLE (Intel, Intel(R) UHD Graphics 620 Direct3D9Ex vs_3_0 ps_3_0, igdumdim32.dll-30.0.101.1338)\",\"screenResolution\":[1366,768],\"timezone\":\"Asia/Shanghai\",\"touchSupport\":true},\"network\":{\"externalIP\":{\"ip\":\"60.190.198.14\"},\"internalIP\":{\"ip\":\"\"},\"realIP\":{\"ip\":\"60.190.198.14\"}},\"browser\":{\"arch\":\"\",\"bitness\":\"\",\"canvasFingerprint\":\"7031cc506eaded347eb1b596677ec7be\",\"canvas_fp\":\"7031cc506eaded347eb1b596677ec7be\",\"canvas_fp2\":\"7031cc506eaded347eb1b596677ec7be\",\"chrome_ext\":[\"Google Office\"],\"fp2\":\"559732dbe9bafced9536c77a6c020f88\",\"is_private\":false,\"mobile\":false,\"model\":\"\",\"name\":\"Chrome\",\"os\":\"Windows 10.0\",\"tid\":\"s:16951889730ae4d6af8-b3b4b-5ede70.22c7306819e72dd14e3e5c5644e49ed42a44d857ca55f6df0acd0460f510f15f\",\"version\":\"94.0.4606.71\",\"versionNumber\":94,\"webgl_fp\":\"487f7b22f68312d2c1bbc93b1aea445b\",\"webgl_fp2\":\"487f7b22f68312d2c1bbc93b1aea445b\"},\"social\":{},\"extra\":{\"version\":\"1.1\"},\"node\":\"AQSE\"}";
+
+            //String str="<14>1 2025-10-21T03:00:00Z e731cb058e44 supermario 8 scanner-{    \"source\": \"scanner\",    \"id\": \"1efbe83b4eb1bdd8c3aede950a7cecda\",    \"time\": \"2025-10-21T03:00:00Z\",    \"proto\": \"tcp\",    \"start_time\": \"2025-10-21T03:02:40.635861443Z\",  \"end_time\": \"2025-10-21T03:02:41.830497611Z\",    \"src_ip\": \"165.227.62.247\",    \"src_port\": \"29011\",    \"dest_ip\": \"172.21.7.10\",    \"dest_port\": [        8888    ],    \"src_mac\": \"\",    \"pcap_file\": null,    \"events\": [        {            \"dest_port\": \"8888\",            \"scan_type\": [                \"unknown_conn\",                \"TCP-Syn\"            ],            \"start_time\": 1761015760.635861,            \"end_time\": 1761015761.830498,            \"dumb_captures\": null        }    ],    \"scantypes\": [        \"unknown_conn\",        \"TCP-Syn\"    ],    \"send_email\": true,    \"agent_id\": \"110edf34-6a68-4853-bdaf-2991c5f837f0\",    \"node\": \"N3zA\"}";
+            String str="{\"source\":\"honeypot\",\"id\":\"0b1f271b-8a9a-4005-b86d-74b594962a5a\",\"start_time\":\"2023-07-24T07:24:24.040214306Z\",\"time\":\"2023-07-24T07:24:24.072782762Z\",\"risk_level\":4,\"connection\":\"8c404933-dbb5-4f85-b995-439b46ee5a17\",\"file_info\":null,\"extra\":{\"payload\":{\"format\":\"line\",\"name\":{\"cn\":\"攻击载荷\",\"en\":\"payload\"},\"value\":\"\"},\"uid\":{\"format\":\"line\",\"name\":{\"cn\":\"\",\"en\":\"\"},\"uid\":\"00f854a8-87f1-4421-9f1d-bc282352e161\",\"value\":\"\"}},\"type\":\"WEB_ATTACK_SCANNER\",\"agent_sn\":\"4b10fa4c-f9ef-47d5-b5c7-e30e0093412d\",\"agent_name\":\"agent_211\",\"honeypot_id\":\"9591b17cc30d9b54780d32541b9e4a9f4322134369a18cd444c1ec61135ac4e7\",\"honeypot_name\":\"fastjson\",\"src_ip\":\"10.2.3.122\",\"src_port\":36414,\"src_mac\":\"\",\"dest_ip\":\"10.9.32.211\",\"dest_port\":60035,\"proxy_ip\":null,\"node\":\"p3zZ\"}";
+           // String str ="2021-09-23T08:53:10+08:00 14b52b9261e0 supermario[9]: {\"source\":\"honeypot\",\"id\":\"ee0dceca-a598-49bf-be30-9aae9e941969\",\"start_time\":\"2021-09-23T08:53:09.068027625Z\",\"time\":\"2021-09-23T08:53:10.746983324Z\",\"risk_level\":2,\"connection\":\"202c56f9-24e9-4246-8f2a-14994ce6564b\",\"file_info\":null,\"extra\":{\"note\":{\"format\":\"line\",\"name\":{\"cn\":\"登陆详情\",\"en\":\"Extra Note\"},\"value\":\"user public key not allowed\"},\"success\":{\"format\":\"line\",\"name\":{\"cn\":\"登录是否成功\",\"en\":\"Success or not\"},\"value\":\"no\"},\"username\":{\"format\":\"line\",\"name\":{\"cn\":\"用户名\",\"en\":\"Username\"},\"value\":\"root\"}},\"type_id\":\"key_login\",\"agent_sn\":\"5f32e437-ba85-4b15-a646-f6f4ca3fe6c3\",\"agent_name\":\"abc\",\"honeypot_id\":\"3e9bce4eef09405941284fdd1a91124c01bcd9186440798a9ace96b7f7493330\",\"honeypot_name\":\"ssh\",\"src_ip\":\"172.16.96.1\",\"src_port\":56854,\"src_mac\":\"8a:e9:fe:38:71:64\",\"dest_ip\":\"172.16.96.64\",\"dest_port\":1234,\"proxy_ip\":null}";
+            //String str ="<14>1 2025-10-14T11:52:26Z 5f46d3be75e1 supermario 128 honeypot_event - {\"source\":\"honeypot\",\"id\":\"f6a13c35-bf9d-4da6-a181-50ce23e7ef6a\",\"start_time\":\"2023-09-03T11:07:02.50167643Z\",\"time\":\"2023-09-03T11:16:18.883885281Z\",\"risk_level\":4,\"connection\":\"b18f3fbe-3fbf-4495-815f-ff26f6fb0bdf\",\"file_info\":null,\"extra\":{\"payload\":{\"format\":\"line\",\"name\":{\"cn\":\"攻击载荷\",\"en\":\"payload\"},\"value\":\"\"},\"uid\":{\"format\":\"line\",\"name\":{\"cn\":\"\",\"en\":\"\"},\"uid\":\"b4cbc73c-25d0-4429-ae1b-a856cdf1a651\",\"value\":\"\"}},\"type\":\"WEB_ATTACK_SCANNER\",\"agent_sn\":\"caa7da42-0cca-4cb1-b501-1f1eb2b588d5\",\"agent_name\":\" 教育局蜜罐探针\",\"honeypot_id\":\"11a9ac6bdf38ae2aaa49ec4f1b4a921bff71952cb9f175bdd8ee1f0497057bc6\",\"honeypot_name\":\"茂名市中小学管理平台管理后台-test\",\"src_ip\":\"117.50.189.7\",\"src_port\":58512,\"src_mac\":\"\",\"dest_ip\":\"192.168.222.2\",\"dest_port\":9200,\"proxy_ip\":null,\"node\":\"WRx3\"}" ;
+
+            //String str ="<14>1 2023-09-06T02:02:39Z 48ec296b34c7 supermario 85 agent - {\"sn\":\"8cf9a388-578e-4b30-ac4b-098a46dde642\",\"name\":\"茂名市住房和城乡建设局蜜罐探针\",\"send\":true,\"host\":\"172.25.142.16\",\"type\":\"agent_connect\",\"event_type_display_name\":{\"en\":\"Agent Connect Event\",\"cn\":\"探针连接建立\"},\"node\":\"WRx3\"}";
+
+
+            System.out.println("+++++++++++++start++++++++++++");
+            System.out.println("syslog message push: "+str );
+            syslog.log(SyslogConstants.LEVEL_DEBUG, URLDecoder.decode(str,"utf-8"));
+            /*while(flag) {
+                //等级为debug
+                syslog.log(SyslogConstants.LEVEL_DEBUG, URLDecoder.decode(str,"utf-8"));
+                //给程序缓冲时间，没有缓冲时间接受不到数据
+                Thread.sleep(100);
+            }*/
+            syslog.shutdown();
+            System.out.println(Thread.currentThread().getName()+" end");
+        } catch (Exception e) {
+            System.err.println("出错了");
+            e.printStackTrace();
+        }
+    }
+    public void shutdown() {
+        try {
+            //线程停止
+            Thread.sleep(2000);
+            //改变标识位
+            flag = false;
+        } catch (InterruptedException e) {
+            e.printStackTrace();
+        }
+    }
+}
diff --git a/haobang-security-xdr/syslog-client/src/main/java/com/haobang/syslog/MySyslogClient.java b/haobang-security-xdr/syslog-client/src/main/java/com/haobang/syslog/MySyslogClient.java
new file mode 100644
index 0000000..3af26fe
--- /dev/null
+++ b/haobang-security-xdr/syslog-client/src/main/java/com/haobang/syslog/MySyslogClient.java
@@ -0,0 +1,38 @@
+package com.haobang.syslog;
+
+import com.alibaba.fastjson2.JSONObject;
+import org.graylog2.syslog4j.Syslog;
+import org.graylog2.syslog4j.SyslogConstants;
+import org.graylog2.syslog4j.SyslogIF;
+
+import java.io.UnsupportedEncodingException;
+import java.net.URLDecoder;
+import java.util.Date;
+
+public class MySyslogClient {
+    private static final String HOST = "127.0.0.1";
+    private static final int PORT = 514;
+
+    public void generate() {
+        SyslogIF syslog = Syslog.getInstance(SyslogConstants.UDP);
+        syslog.getConfig().setHost(HOST);
+        syslog.getConfig().setPort(PORT);
+
+        StringBuffer buffer = new StringBuffer();
+        buffer.append("约会时间:" + new Date().toString().substring(4,20) + ";")
+                .append("羞答答的美女:" + "我是阿南啦" + ";")
+                .append("暗号:" + "万般皆下品，唯有编码屌88888223346" + ";");
+        JSONObject jsonObject = new JSONObject();
+        jsonObject.put("message", buffer.toString());
+        try {
+            syslog.log(0, URLDecoder.decode(jsonObject.toString(), "utf-8"));
+        } catch (UnsupportedEncodingException e) {
+            System.out.println("generate log get exception " + e);
+        }
+        System.out.println("哎呀，老娘的第N次dating，竟然还得先搭讪!");
+    }
+
+    public static void main(String[] args) {
+        new MySyslogClient().generate();
+    }
+}
\ No newline at end of file
diff --git a/haobang-security-xdr/syslog-client/src/main/java/com/haobang/syslog/syslogClientApplication.java b/haobang-security-xdr/syslog-client/src/main/java/com/haobang/syslog/syslogClientApplication.java
new file mode 100644
index 0000000..a208eb8
--- /dev/null
+++ b/haobang-security-xdr/syslog-client/src/main/java/com/haobang/syslog/syslogClientApplication.java
@@ -0,0 +1,26 @@
+package com.haobang.syslog;
+
+
+import org.springframework.boot.SpringApplication;
+import org.springframework.boot.autoconfigure.SpringBootApplication;
+
+@SpringBootApplication
+public class syslogClientApplication {
+
+
+
+    public static void main(String[] args) {
+        SpringApplication.run(syslogClientApplication.class, args);
+
+        //获取UDP客户端线程
+        // Thread UDPClient = new Thread(ClientClass.getClient(),"UDP");
+        //获取TCP客户端线程
+        Thread TCPClient = new Thread(ClientClass.getClient(),"TCP");
+        //启动线程
+        TCPClient.start();
+
+    }
+}
+
+
+
diff --git a/haobang-security-xdr/syslog-client/src/main/resources/application.properties b/haobang-security-xdr/syslog-client/src/main/resources/application.properties
new file mode 100644
index 0000000..8b13789
--- /dev/null
+++ b/haobang-security-xdr/syslog-client/src/main/resources/application.properties
@@ -0,0 +1 @@
+
diff --git a/haobang-security-xdr/syslog-client/src/main/resources/logback.xml b/haobang-security-xdr/syslog-client/src/main/resources/logback.xml
new file mode 100644
index 0000000..ab6ec2e
--- /dev/null
+++ b/haobang-security-xdr/syslog-client/src/main/resources/logback.xml
@@ -0,0 +1,42 @@
+<?xml version="1.0" encoding="UTF-8"?>
+
+<configuration >
+
+    <!-- 定义日志输出格式 -->
+    <property name="LOG_PATTERN" value="%d{yyyy-MM-dd HH:mm:ss.SSS} [%thread] %-5level %logger{36} - %msg%n" />
+
+    <!-- 控制台输出 -->
+    <appender name="CONSOLE" class="ch.qos.logback.core.ConsoleAppender">
+        <encoder>
+            <pattern>${LOG_PATTERN}</pattern>
+        </encoder>
+    </appender>
+
+
+    <!-- 文件输出，每天滚动 -->
+    <appender name="FILE" class="ch.qos.logback.core.rolling.RollingFileAppender">
+        <file>logs/syslog-client.log</file>
+        <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
+            <!-- 每天滚动 -->
+            <fileNamePattern>logs/syslog-client.%d{yyyy-MM-dd}.log</fileNamePattern>
+            <!-- 保留30天的历史 -->
+            <maxHistory>30</maxHistory>
+        </rollingPolicy>
+        <encoder>
+            <pattern>${LOG_PATTERN}</pattern>
+        </encoder>
+    </appender>
+
+    <!-- 设置日志级别 -->
+    <root level="INFO">
+        <appender-ref ref="CONSOLE" />
+        <appender-ref ref="FILE" />
+    </root>
+
+    <!-- 可以设置特定包的日志级别 -->
+    <!-- 例如，将com.example包的日志级别设置为DEBUG -->
+    <!--
+    <logger name="com.example" level="DEBUG" />
+    -->
+
+</configuration>
\ No newline at end of file
diff --git a/haobang-security-xdr/syslog-client/src/test/java/com/haobang/syslog/SysjavacollectApplicationTests.java b/haobang-security-xdr/syslog-client/src/test/java/com/haobang/syslog/SysjavacollectApplicationTests.java
new file mode 100644
index 0000000..238afed
--- /dev/null
+++ b/haobang-security-xdr/syslog-client/src/test/java/com/haobang/syslog/SysjavacollectApplicationTests.java
@@ -0,0 +1,13 @@
+package com.haobang.syslog;
+
+import org.junit.jupiter.api.Test;
+import org.springframework.boot.test.context.SpringBootTest;
+
+@SpringBootTest
+class SysjavacollectApplicationTests {
+
+    @Test
+    void contextLoads() {
+    }
+
+}
diff --git a/haobang-security-xdr/syslog-consumer/Dockerfile b/haobang-security-xdr/syslog-consumer/Dockerfile
new file mode 100644
index 0000000..b674b5d
--- /dev/null
+++ b/haobang-security-xdr/syslog-consumer/Dockerfile
@@ -0,0 +1,16 @@
+FROM openjdk:8
+
+MAINTAINER chenchunan@139.com
+
+# 创建程序运行和日志目录
+RUN mkdir -p /app
+RUN mkdir -p /app/logs
+WORKDIR /app
+# 挂载日志运行目录
+VOLUME /app/logs
+
+ADD syslog-consumer-1.0.0.jar   syslog-consumer.jar
+EXPOSE 8089
+CMD java -jar  syslog-consumer.jar
+
+
diff --git a/haobang-security-xdr/syslog-consumer/doc/程序描述.md b/haobang-security-xdr/syslog-consumer/doc/程序描述.md
new file mode 100644
index 0000000..865a61b
--- /dev/null
+++ b/haobang-security-xdr/syslog-consumer/doc/程序描述.md
@@ -0,0 +1,14 @@
+#程序功能描述
+##订阅消费kafka 
+1、消费syslog 日志文件指定的 topic
+2、syslog 日志信息存储入 iinfluxdb
+3、9月25日之前先保存进入 postgres 数据库。 演示当前业务数据处理流程。
+4、日志信息收取后匹配数据泛化配置信息，解析数据并入库到标准表。
+
+#更新日志
+##日期：2025-11-27
+1、补充alarm 表 orgin_log_ids 字段的原始日志ID获取、数据插入。
+
+
+ 
+
diff --git a/haobang-security-xdr/syslog-consumer/docker_run.txt b/haobang-security-xdr/syslog-consumer/docker_run.txt
new file mode 100644
index 0000000..3ca58f2
--- /dev/null
+++ b/haobang-security-xdr/syslog-consumer/docker_run.txt
@@ -0,0 +1,25 @@
+
+--0.�л�����˴��Ŀ¼
+cd /opt/syslog/docker/consumer
+
+--ͨ��Dockerfile�ļ��������� (���ã�
+docker build -f /opt/syslog/docker/consumer/Dockerfile -t syslog-consumer:v1.0
+
+--1.�鿴����������
+docker ps -a
+
+--2.ֹͣ���� ��ɾ��
+docker stop  ct-syslog-consumer  &&  docker  rm ct-syslog-consumer
+
+--3.���docker image�ļ� (Dockerfile ��ǰĿ¼��
+docker build -t syslog-consumer:v1.X.X  .
+
+--4.����docker �ļ�
+docker run --restart unless-stopped -e TZ=Asia/Shanghai -d --name ct-syslog-consumer -p 8089:8089 -v /home/syslog/logs:/app/logs --privileged=true   syslog-consumer:v1.X.X
+�ڳ�CMD��
+docker run --restart unless-stopped -e TZ=Asia/Shanghai -d --name ct-syslog-consumer -p 8089:8089 -v /data/syslog/logs:/app/logs --privileged=true   syslog-consumer:v1.X.X
+
+--������������
+docker run  -d --name ct-syslog-consumer -p 8089:8089 --privileged=true   syslog-consumer:v1.X.X
+
+
diff --git a/haobang-security-xdr/syslog-consumer/pom.xml b/haobang-security-xdr/syslog-consumer/pom.xml
new file mode 100644
index 0000000..458989c
--- /dev/null
+++ b/haobang-security-xdr/syslog-consumer/pom.xml
@@ -0,0 +1,210 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<project xmlns="http://maven.apache.org/POM/4.0.0"
+         xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+         xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
+    <parent>
+        <artifactId>security-xdr</artifactId>
+        <groupId>com.haobang</groupId>
+        <version>1.0.0</version>
+    </parent>
+    <modelVersion>4.0.0</modelVersion>
+    <name>syslog-consumer</name>
+    <artifactId>syslog-consumer</artifactId>
+    <version>1.0.0</version>
+    <properties>
+        <java.version>1.8</java.version>
+        <influxdb-client.version>6.9.0</influxdb-client.version>
+        <slf4j.version>1.7.36</slf4j.version>
+        <logback.version>1.2.11</logback.version>
+        <config.version>1.4.2</config.version>
+        <junit.version>5.9.2</junit.version>
+        <maven.compiler.source>1.8</maven.compiler.source>
+        <maven.compiler.target>1.8</maven.compiler.target>
+
+        <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
+        <mybatis.version>3.5.10</mybatis.version>
+        <postgresql.version>42.5.4</postgresql.version>
+        <pagehelper.version>1.4.6</pagehelper.version>
+    </properties>
+    <description>syslog-consumer</description>
+    <packaging>jar</packaging>
+
+    <dependencies>
+        <!-- Spring Boot Starter (包含事务管理) -->
+        <dependency>
+            <groupId>org.springframework.boot</groupId>
+            <artifactId>spring-boot-starter</artifactId>
+            <version>2.7.4</version>
+        </dependency>
+
+        <dependency>
+            <groupId>org.springframework.boot</groupId>
+            <artifactId>spring-boot-starter-web</artifactId>
+        </dependency>
+
+        <dependency>
+            <groupId>org.apache.kafka</groupId>
+            <artifactId>kafka-clients</artifactId>
+            <version>3.4.0</version>
+        </dependency>
+        <dependency>
+            <groupId>org.springframework.kafka</groupId>
+            <artifactId>spring-kafka</artifactId>
+        </dependency>
+
+        <dependency>
+            <groupId>org.slf4j</groupId>
+            <artifactId>slf4j-simple</artifactId>
+            <version>2.0.7</version>
+        </dependency>
+        <!-- InfluxDB Client for Java -->
+        <dependency>
+            <groupId>com.influxdb</groupId>
+            <artifactId>influxdb-client-java</artifactId>
+            <version>${influxdb-client.version}</version>
+        </dependency>
+
+        <!-- 配置管理 -->
+        <dependency>
+            <groupId>com.typesafe</groupId>
+            <artifactId>config</artifactId>
+            <version>${config.version}</version>
+        </dependency>
+
+        <!-- 日志 -->
+        <dependency>
+            <groupId>org.slf4j</groupId>
+            <artifactId>slf4j-api</artifactId>
+            <version>${slf4j.version}</version>
+        </dependency>
+
+        <dependency>
+            <groupId>ch.qos.logback</groupId>
+            <artifactId>logback-classic</artifactId>
+            <version>${logback.version}</version>
+        </dependency>
+
+        <!-- MyBatis核心库 -->
+        <dependency>
+            <groupId>org.mybatis</groupId>
+            <artifactId>mybatis</artifactId>
+            <version>${mybatis.version}</version>
+        </dependency>
+
+        <!-- PostgreSQL驱动 -->
+        <dependency>
+            <groupId>org.postgresql</groupId>
+            <artifactId>postgresql</artifactId>
+            <version>${postgresql.version}</version>
+        </dependency>
+
+        <dependency>
+            <groupId>com.fasterxml.jackson.core</groupId>
+            <artifactId>jackson-databind</artifactId>
+            <version>2.13.3</version>
+        </dependency>
+
+
+        <dependency>
+            <groupId>org.mybatis.spring.boot</groupId>
+            <artifactId>mybatis-spring-boot-starter</artifactId>
+            <version>2.3.1</version>
+        </dependency>
+
+        <dependency>
+            <groupId>org.springframework.boot</groupId>
+            <artifactId>spring-boot-starter-jdbc</artifactId>
+        </dependency>
+
+        <dependency>
+            <groupId>org.json</groupId>
+            <artifactId>json</artifactId>
+            <version>20231013</version>
+        </dependency>
+
+        <dependency>
+            <groupId>org.projectlombok</groupId>
+            <artifactId>lombok</artifactId>
+            <version>1.18.24</version>
+            <scope>provided</scope>
+        </dependency>
+
+        <dependency>
+            <groupId>com.alibaba</groupId>
+            <artifactId>fastjson</artifactId>
+            <version>1.2.83</version>
+        </dependency>
+
+
+        <dependency>
+            <groupId>org.springframework.boot</groupId>
+            <artifactId>spring-boot-starter-validation</artifactId>
+        </dependency>
+        <!-- 如果使用 Quartz 调度器（可选） -->
+        <dependency>
+            <groupId>org.springframework.boot</groupId>
+            <artifactId>spring-boot-starter-quartz</artifactId>
+        </dependency>
+
+
+        <!-- Spring Boot 缓存 -->
+        <dependency>
+            <groupId>org.springframework.boot</groupId>
+            <artifactId>spring-boot-starter-cache</artifactId>
+        </dependency>
+
+        <!-- Redis 缓存实现 -->
+        <dependency>
+            <groupId>org.springframework.boot</groupId>
+            <artifactId>spring-boot-starter-data-redis</artifactId>
+        </dependency>
+
+        <dependency>
+            <groupId>com.fasterxml.jackson.datatype</groupId>
+            <artifactId>jackson-datatype-jsr310</artifactId>
+        </dependency>
+
+        <!-- Elasticsearch -->
+        <dependency>
+            <groupId>org.springframework.boot</groupId>
+            <artifactId>spring-boot-starter-data-elasticsearch</artifactId>
+        </dependency>
+
+        <dependency>
+            <groupId>com.baomidou</groupId>
+            <artifactId>mybatis-plus-boot-starter</artifactId>
+            <version>3.5.3.1</version>
+        </dependency>
+
+        <!-- PageHelper分页插件 -->
+        <dependency>
+            <groupId>com.github.pagehelper</groupId>
+            <artifactId>pagehelper-spring-boot-starter</artifactId>
+            <version>${pagehelper.version}</version>
+        </dependency>
+
+                        <!-- 测试 -->
+        <dependency>
+            <groupId>org.junit.jupiter</groupId>
+            <artifactId>junit-jupiter</artifactId>
+            <version>${junit.version}</version>
+            <scope>test</scope>
+        </dependency>
+    </dependencies>
+
+    <build>
+        <plugins>
+            <plugin>
+                <groupId>org.springframework.boot</groupId>
+                <artifactId>spring-boot-maven-plugin</artifactId>
+            </plugin>
+        </plugins>
+        <resources>
+            <resource>
+                <directory>src/main/resources</directory>
+                <filtering>false</filtering>
+            </resource>
+        </resources>
+    </build>
+
+</project>
\ No newline at end of file
diff --git a/haobang-security-xdr/syslog-consumer/src/main/java/com/Modules/Device/deviceInfo.java b/haobang-security-xdr/syslog-consumer/src/main/java/com/Modules/Device/deviceInfo.java
new file mode 100644
index 0000000..385a2cd
--- /dev/null
+++ b/haobang-security-xdr/syslog-consumer/src/main/java/com/Modules/Device/deviceInfo.java
@@ -0,0 +1,4 @@
+package com.Modules.Device;
+
+public class deviceInfo {
+}
diff --git a/haobang-security-xdr/syslog-consumer/src/main/java/com/Modules/NormalData/LogNormalProcessor.java b/haobang-security-xdr/syslog-consumer/src/main/java/com/Modules/NormalData/LogNormalProcessor.java
new file mode 100644
index 0000000..5f7c89c
--- /dev/null
+++ b/haobang-security-xdr/syslog-consumer/src/main/java/com/Modules/NormalData/LogNormalProcessor.java
@@ -0,0 +1,568 @@
+package com.Modules.NormalData;
+import cn.hutool.core.date.DateTime;
+import com.common.entity.XdrHoneypot;
+import com.common.mapper.XdrHoneypotMapper;
+import com.common.service.SyslogNonNormalMessageService;
+import com.common.util.*;
+import com.config.AppConfig;
+import org.apache.ibatis.session.SqlSession;
+import org.springframework.beans.factory.annotation.Autowired;
+import com.common.entity.SyslogMessage;
+import com.influx.SyslogToInfluxApp;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import com.common.service.DmNormalizeRuleService;
+import com.common.service.DmColumnService;
+import com.common.service.SyslogNormalDataService;
+import com.common.entity.DmColumn;
+import com.common.service.impl.DmColumnServiceImpl;
+import com.common.mapper.DmColumnMapper;
+import org.springframework.stereotype.Service;
+import org.springframework.web.bind.annotation.RestController;
+import com.common.mapper.DmColumnMapper;
+import com.common.mapper.DmNormalizeRuleMapper;
+import java.sql.Timestamp;
+import java.util.*;
+
+import org.springframework.stereotype.Component;
+import com.fasterxml.jackson.core.type.TypeReference;
+import com.fasterxml.jackson.databind.ObjectMapper;
+
+import org.json.JSONObject;
+import com.common.entity.RuleContent.*;
+import com.common.entity.SyslogNonNormalMessage;
+import org.joda.time.LocalDateTime;
+import com.common.service.LogDataFilterService;
+import com.common.service.LogDataCompleteService;
+import com.common.service.DeviceCollectTaskService;
+import com.common.entity.DeviceCollectTask;
+
+public class LogNormalProcessor {
+    private static final Logger logger = LoggerFactory.getLogger(LogNormalProcessor.class);
+
+    private String  strLogMsg  ;
+    private String  strKafkaMessage;
+    private String strDeviceInfo;
+    private String strDataType ="json" ;
+    private Map<String, Object> messageMap ;
+    private Map<String, String> deviceInfoMap ;
+    private String  strSyslogUUID  ;
+    private String  strSyslogTopic  ;
+    private boolean isSaveNonNormal =false ;
+
+    @Autowired
+    public DmNormalizeRuleService dmNormalizeRuleService ;
+    @Autowired
+    public DmColumnService dmColumnService  ;
+    @Autowired
+    public SyslogNormalDataService syslogNormalDataService =SpringContextUtil.getBean(SyslogNormalDataService.class);
+    @Autowired
+    private SyslogNonNormalMessageService messageService =SpringContextUtil.getBean(SyslogNonNormalMessageService.class);
+    @Autowired
+    private  LogDataFilterService logDataFilterService=  SpringContextUtil.getBean(LogDataFilterService.class);
+
+    @Autowired
+    private  LogDataCompleteService  logDataCompleteService=  SpringContextUtil.getBean(LogDataCompleteService.class);
+    @Autowired
+    private  DeviceCollectTaskService  deviceCollectTaskService=  SpringContextUtil.getBean(DeviceCollectTaskService.class);
+
+
+    @Autowired
+    SyslogNonNormalMessage syslogNonNormalMessage=new SyslogNonNormalMessage();
+
+    @Autowired
+    DmColumnMapper  dmColumnMapper;
+    @Autowired
+    DmNormalizeRuleMapper dmNormalizeRuleMapper;
+
+    private static  List<Map<String, Object>> dmNormalizeRuleList;
+    private static  List<Map<String, Object>> dmColumnList;
+    private static  LinkedHashMap<String, Object>   OrginalColumnMap ;
+
+    public  LogNormalProcessor( String LogMsg, String syslogUUID,String syslogTopic) {
+
+        /** 标准化数据处理步骤 */
+        //初始化 （获取syslog_normal_data 表全部字段的属性、设备ID对应的规则设置、转化成JSON）
+        //判断数据解析类型（json、键值、xml、正则表达式、分割符）解析syslogMessage 字段转成 HashMAP
+        //匹配规则内容，获取字段映射关系配置，抽取命中的字段名称、数值
+        //判断字段内容及类型，根据数据类型属性，进行内容转换。
+        //生成insert SQL语句、执行入库操作。
+        strKafkaMessage=LogMsg;
+        strSyslogUUID=syslogUUID;
+        strSyslogTopic=syslogTopic;
+
+        if(!LogMsg.isEmpty()) {
+            strLogMsg = SyslogParser.substringAfterFirstCloseBracket(LogMsg);
+            strDeviceInfo=SyslogParser.substringBeforeFirstChar(LogMsg,']');
+        }
+        else{
+            LogMsg="[receive_time=20251118165909470 device_id=1 device_name=honeypot vendor=changting data_type=json device_collect_id=1]<14>1 2025-09-24T11:52:26Z 5f46d3be75e1 supermario 128 honeypot_event - {\"source\":\"honeypot1\",\"id\":\"f6a13c35-bf9d-4da6-a181-50ce23e7ef6a\",\"start_time\":\"2023-09-03T11:07:02.50167643Z\",\"time\":\"2023-09-03T11:16:18.883885281Z\",\"risk_level\":4,\"connection\":\"b18f3fbe-3fbf-4495-815f-ff26f6fb0bdf\",\"file_info\":null,\"extra\":{\"payload\":{\"format\":\"line\",\"name\":{\"cn\":\"攻击载荷\",\"en\":\"payload\"},\"value\":\"\"},\"uid\":{\"format\":\"line\",\"name\":{\"cn\":\"\",\"en\":\"\"},\"uid\":\"b4cbc73c-25d0-4429-ae1b-a856cdf1a651\",\"value\":\"\"}},\"type\":\"WEB_ATTACK_SCANNER\",\"agent_sn\":\"caa7da42-0cca-4cb1-b501-1f1eb2b588d5\",\"agent_name\":\" 教育局蜜罐探针\",\"honeypot_id\":\"11a9ac6bdf38ae2aaa49ec4f1b4a921bff71952cb9f175bdd8ee1f0497057bc6\",\"honeypot_name\":\"茂名市中小学管理平台管理后台\",\"src_ip\":\"117.50.189.7\",\"src_port\":58512,\"src_mac\":\"\",\"dest_ip\":\"192.168.222.2\",\"dest_port\":9200,\"proxy_ip\":null,\"node\":\"WRx3\"}";
+            strLogMsg="<14>1 2025-09-24T11:52:26Z 5f46d3be75e1 supermario 128 honeypot_event - {\"source\":\"honeypot1\",\"id\":\"f6a13c35-bf9d-4da6-a181-50ce23e7ef6a\",\"start_time\":\"2023-09-03T11:07:02.50167643Z\",\"time\":\"2023-09-03T11:16:18.883885281Z\",\"risk_level\":4,\"connection\":\"b18f3fbe-3fbf-4495-815f-ff26f6fb0bdf\",\"file_info\":null,\"extra\":{\"payload\":{\"format\":\"line\",\"name\":{\"cn\":\"攻击载荷\",\"en\":\"payload\"},\"value\":\"\"},\"uid\":{\"format\":\"line\",\"name\":{\"cn\":\"\",\"en\":\"\"},\"uid\":\"b4cbc73c-25d0-4429-ae1b-a856cdf1a651\",\"value\":\"\"}},\"type\":\"WEB_ATTACK_SCANNER\",\"agent_sn\":\"caa7da42-0cca-4cb1-b501-1f1eb2b588d5\",\"agent_name\":\" 教育局蜜罐探针\",\"honeypot_id\":\"11a9ac6bdf38ae2aaa49ec4f1b4a921bff71952cb9f175bdd8ee1f0497057bc6\",\"honeypot_name\":\"茂名市中小学管理平台管理后台\",\"src_ip\":\"117.50.189.7\",\"src_port\":58512,\"src_mac\":\"\",\"dest_ip\":\"192.168.222.2\",\"dest_port\":9200,\"proxy_ip\":null,\"node\":\"WRx3\"}";
+            strDeviceInfo=SyslogParser.substringBeforeFirstChar(LogMsg,']');
+        }
+    }
+    /**
+     * 初始化数据init()
+     */
+    public void init()
+    {
+        Map<String,String> mapdev  =SyslogParser.parseKeyValuePairs(strDeviceInfo);
+        deviceInfoMap=mapdev;
+        //获取日志对应的设备ID
+        long deviceID=Long.parseLong(mapdev.get("device_id"));
+        System.out.println("device_id:"+deviceID );
+        strDataType=mapdev.get("data_type");
+        //getDeviceID(strLogMsg);
+        try{
+            // 通过工具类获取Service实例
+            dmColumnService= SpringContextUtil.getBean(DmColumnService.class);
+            dmNormalizeRuleService= SpringContextUtil.getBean(DmNormalizeRuleService.class);
+            if(deviceID>0) {
+                dmNormalizeRuleList = dmNormalizeRuleService.selectByDeviceIdAuto(deviceID);
+            }
+            //dmColumnList=dmColumnService.selectAllNormal();
+            //System.out.println("dmColumnList size:"+ dmColumnList.size());
+
+            //OrginalColumnMap=getMessageToMap(strLogMsg);
+            //解析SyslogMessage
+            //SyslogMessage logMsg = SyslogParser.parse(strLogMsg);
+            //设备对应的规则normal rule Map 进行标准化数据处理
+            for (int i = 0; i < dmNormalizeRuleList.size(); i++) {
+                try {
+                    Map<String, Object> dmNormalizeRule = dmNormalizeRuleList.get(i);
+                    String data_type = dmNormalizeRule.get("data_type").toString();
+                    //数据类型及格式不符，则break;
+                    System.out.println("索引: " + i + ", 值: " + dmNormalizeRule);
+                    System.out.println("normalrule  ID: " + dmNormalizeRule.get("id") + ", display_name:" + dmNormalizeRule.get("display_name") + " data_type:" + dmNormalizeRule.get("data_type"));
+                    //数据类型不匹配，则跳过规则
+                    //if (!data_type.equals(strDataType))  break;
+
+                    //获取syslog message 文本解析配置项
+                    OrginalColumnMap = getMessageToMap(dmNormalizeRule, strLogMsg, data_type);
+                    if ((OrginalColumnMap == null) || (OrginalColumnMap.size()==0)) {
+                        logger.error("OrginalColumnMap 对象获取为空");
+                        //保存非标日志信息
+                        syslogNonNormalMessage.setReason("Log解析异常");
+                        syslogNonNormalMessage.setReasonDetail("log解析异常,返回规则名称："+dmNormalizeRule.get("display_name") +",OrginalColumnMap 对象获取为空");
+                        if(isSaveNonNormal==false)
+                        SaveNonNormalMessage(deviceID, DateTime.now());
+                        continue;
+                    }
+                    List<HashMap<String, Object>> destColumnList = getRuleContentMappers(dmNormalizeRule);
+                    //解析字段匹配已命中的配置规则字段
+                    List<HashMap<String, Object>> ruleColumnList = getNormalColumnList(OrginalColumnMap, destColumnList);
+                    //System.out.println("ruleColumnList  :"+ ruleColumnList);
+                    Map<String, Object> destMap = getColumnMap(ruleColumnList);
+                    //List<HashMap<String ,Object>>   destMap2= getCompleteColumnsList(dmNormalizeRule);
+
+                    //数据处理-过滤规则
+                    if (logDataFilterService.evaluateFilterRule(dmNormalizeRule.get("rule_content").toString(), destMap))
+                        continue;
+
+                    //数据处理-补全规则
+                    logDataCompleteService.processDataCompletion(dmNormalizeRule.get("rule_content").toString(), destMap);
+                    //long ruleid=Long.parseLong(dmNormalizeRule.get("id").toString());
+                    SaveNormalData(deviceID, DateTime.now(), destMap, Long.parseLong(dmNormalizeRule.get("id").toString()), dmNormalizeRule.get("name").toString());
+
+                } catch (Exception ex) {
+                    logger.error("泛化规则处理失败：" + ex.getMessage());
+                    System.out.println(ex.getMessage());
+                    /**
+                    //保存非标日志信息
+                    syslogNonNormalMessage.setReason("泛化规则处理失败");
+                    syslogNonNormalMessage.setReasonDetail("泛化规则处理失败,失败详情："+ ex.getMessage());
+                    SaveNonNormalMessage(deviceID,DateTime.now());
+                     **/
+
+                }
+            }
+        }
+        catch (Exception ex)
+        {
+            logger.error("处理初始化异常："+ex.getMessage());
+            System.out.println(ex.getMessage());
+        }
+
+    }
+
+
+    //获取数据泛化规则的列表字段，提取 Cropper_params
+    public  Cropper_paramsType  getCropperParams(  Map<String, Object> dmNormalizeRule )
+    {
+        Cropper_paramsType  cropperParams = new Cropper_paramsType();
+        try {
+            JSONObject jsonObject = new JSONObject( dmNormalizeRule.get("rule_content").toString());
+            if (jsonObject.isEmpty()) return null;
+
+            cropperParams.sethead_key(jsonObject.getJSONObject("cropper_params").get("head_key").toString());
+            //需要判断是否字符串head_offset是否空
+            cropperParams.sethead_offset(Integer.parseInt(jsonObject.getJSONObject("cropper_params").get("head_offset").toString()));
+            cropperParams.settail_key(jsonObject.getJSONObject("cropper_params").get("tail_key").toString());
+            //需要判断是否字符串tail_offset是否空
+            cropperParams.settail_offset( Integer.parseInt(jsonObject.getJSONObject("cropper_params").get("tail_offset").toString()));
+            return cropperParams;
+    }catch (Exception ex) {
+            logger.error("getCropperParams："+ex.getMessage());
+            return null;
+        }
+
+    }
+
+
+    public  List<HashMap<String ,Object>>  getRuleContentMappers(  Map<String, Object> dmNormalizeRule )
+    {
+        List<HashMap<String, Object>>   filedList =null;
+        ObjectMapper objectMapper = new ObjectMapper();
+        try {
+            // 转换为list Map
+            //Map<String, Object> rule_contentMap = objectMapper.readValue( dmNormalizeRule.get("rule_content").toString(),  Map.class);
+            //if (rule_contentMap.isEmpty()) return null;
+            JSONObject jsonObject = new JSONObject( dmNormalizeRule.get("rule_content").toString());
+            if (jsonObject.isEmpty()) return null;
+            ObjectMapper objectMapper_mappers = new ObjectMapper();
+            filedList =readJsonToList( jsonObject.get("mappers").toString() );
+
+        }catch (Exception ex) {
+            logger.error("getRuleContentMappers异常："+ex.getMessage());
+        }
+        return filedList;
+    }
+
+
+
+    public  List<HashMap<String, Object>>  getCompleteColumnsList(  Map<String, Object> dmNormalizeRule )
+    {
+        List<HashMap<String, Object>>   filedList =null;
+        ObjectMapper objectMapper = new ObjectMapper();
+        try {
+            // 转换为list Map
+            //Map<String, Object> rule_contentMap = objectMapper.readValue( dmNormalizeRule.get("rule_content").toString(),  Map.class);
+            //if (rule_contentMap.isEmpty()) return null;
+            JSONObject jsonObject = new JSONObject( dmNormalizeRule.get("rule_content").toString());
+            if (jsonObject.isEmpty()) return null;
+            ObjectMapper objectMapper_mappers = new ObjectMapper();
+            filedList =readJsonToList( jsonObject.get("complete_columns").toString() );
+
+        }catch (Exception ex) {
+            logger.error("getCompleteColumnsList："+ex.getMessage());
+        }
+        return filedList;
+    }
+    /**
+     * 将JSON 字符串转换为 List<HashMap<String, Object>>
+     */
+    public static List<HashMap<String, Object>> readJsonToList(String jsonStr) {
+        ObjectMapper objectMapper = new ObjectMapper();
+        try {
+            return objectMapper.readValue(
+                    jsonStr,
+                    new TypeReference<List<HashMap<String, Object>>>() {}
+            );
+        } catch (Exception e) {
+
+            logger.error("readJsonToList 解析失败："+jsonStr);
+            //throw new RuntimeException("JSON 解析失败: " + e.getMessage(), e);
+            return null;
+        }
+    }
+    /**\
+     * 判断日志信息的数据类型
+     * @param logMsg
+     * @return
+     */
+    public    String  getLogDataType( String logMsg)
+    {
+        //判断日志信息的数据类型(json、regex、kv、sep、xml）
+        //默认返回json
+        return "json";
+    }
+
+    public    int  getDeviceID( String logMsg)
+    {
+        //解析日志信息头部，获取device_id
+        // 默认返回device_id =1
+        return 1;
+    }
+    //获取log 内容字段及数据值
+    public    LinkedHashMap<String, Object>  getMessageToMap( String MsgContent )
+    {
+        LinkedHashMap<String, Object> linkMap =null;
+        if(strDataType.equals("json")) {
+            //json 类型
+            //解析SyslogMessage
+            SyslogMessage msg = SyslogParser.parse(MsgContent);
+            System.out.println("解析结果-log content: " + msg.getMessage().toString());
+            String complexJson = "{\"source\":\"honeypot1\",\"id\":\"f6a13c35-bf9d-4da6-a181-50ce23e7ef6a\",\"start_time\":\"2023-09-03T11:07:02.50167643Z\",\"time\":\"2023-09-03T11:16:18.883885281Z\",\"risk_level\":4,\"connection\":\"b18f3fbe-3fbf-4495-815f-ff26f6fb0bdf\",\"file_info\":null,\"extra\":{\"payload\":{\"format\":\"line\",\"name\":{\"cn\":\"攻击载荷\",\"en\":\"payload\"},\"value\":\"\"},\"uid\":{\"format\":\"line\",\"name\":{\"cn\":\"\",\"en\":\"\"},\"uid\":\"b4cbc73c-25d0-4429-ae1b-a856cdf1a651\",\"value\":\"\"}},\"type\":\"WEB_ATTACK_SCANNER\",\"agent_sn\":\"caa7da42-0cca-4cb1-b501-1f1eb2b588d5\",\"agent_name\":\" 教育局蜜罐探针\",\"honeypot_id\":\"11a9ac6bdf38ae2aaa49ec4f1b4a921bff71952cb9f175bdd8ee1f0497057bc6\",\"honeypot_name\":\"茂名市中小学管理平台管理后台\",\"src_ip\":\"117.50.189.7\",\"src_port\":58512,\"src_mac\":\"\",\"dest_ip\":\"192.168.222.2\",\"dest_port\":9200,\"proxy_ip\":null,\"node\":\"WRx3\"}";
+            System.out.println("complexJson content: " + complexJson);
+            //静态字符串、编码有问题，临时用 静态字符串做测试，流程环境没问题
+            if(AppConfig.geRunEnvironment‌().equals("dev")) {
+                //LinkedHashMap<String, Object> flatMap = JsonParser.parseJsonToFlatMap(complexJson);
+                LinkedHashMap<String, Object> flatMap =JsonParser.jsonToMap(complexJson);
+                flatMap.forEach((key, value) -> System.out.println(key + " = " + value));
+                return flatMap;
+            }
+            else
+            {
+                //LinkedHashMap<String, Object> flatMap = JsonParser.parseJsonToFlatMap(msg.getMessage());
+                LinkedHashMap<String, Object> flatMap =JsonParser.jsonToMap(msg.getMessage());
+                flatMap.forEach((key, value) -> System.out.println(key + " = " + value));
+                return flatMap;
+            }
+        }
+        else if(strDataType.equals("kv")) //key-value 键值类型
+        {
+            return null;
+        }
+        else if(strDataType.equals("sep")) //分隔符
+        {
+            return null;
+        }
+        else if(strDataType.equals("xml")) //类型 xml
+        {
+            return null;
+        }
+        else if(strDataType.equals("regex")) //正则表达式
+        {
+            return null;
+        }
+        // List<Map<String, Object>> rulelst=dmNormalizeRuleService.selectByDeviceId((long)1);
+        return linkMap;
+    }
+
+
+    //获取log message内容字段及数据值
+    public    LinkedHashMap<String, Object>  getMessageToMap( Map<String, Object> dmNormalizeRule,  String MsgContent ,  String dataType)
+    {
+        LinkedHashMap<String, Object> linkMap = new LinkedHashMap<>();
+        try {
+            //String decode =dmNormalizeRule.get("decode").toString();
+            Cropper_paramsType  cropperParams = getCropperParams(dmNormalizeRule);
+            if (dataType.equals("json")) {
+                String strJson = logNormalData.ParserMessageJsonType(MsgContent, cropperParams);
+                LinkedHashMap<String, Object> result1 = NestedJsonParserUtil.safeParseJson(strJson);
+                LinkedHashMap<String, Object> flattened = NestedJsonUtils.flattenNestedJson(result1);
+                return flattened;
+                //parseJsonToFlatMap 复杂的json转换、解析过程有异常
+                //return JsonParser.parseJsonToFlatMap(strJson);
+               // return JsonParser.jsonToMap(strJson);
+            }
+            else if (dataType.equals("kv")) //key-value 键值类型
+            {
+                String strKeyVal = logNormalData.ParserMessageJsonType(MsgContent, cropperParams);
+                KvTextParser kvTextParser =new KvTextParser();
+                kv_paramsType kvparams=logNormalData.getkv_paramsType( dmNormalizeRule);
+                linkMap=  kvTextParser.parseKvText(strKeyVal,kvparams);
+                return linkMap;
+            }
+            else if (dataType.equals("sep")) //分隔符
+            {
+                //获取分隔符
+                String SepKey=logNormalData.sepType(dmNormalizeRule);
+                String strSep = logNormalData.ParserMessageJsonType(MsgContent, cropperParams);
+                linkMap= TextParserUtil.parseSeparatedText(strSep, SepKey);
+                return linkMap;
+            }
+            else if (dataType.equals("xml")) //类型 xml
+            {
+                return linkMap;
+            }
+            else if (dataType.equals("regex")) //正则表达式
+            {
+                String strRegex = logNormalData.ParserMessageJsonType(MsgContent, cropperParams);
+                String regexp= logNormalData.Regexp(dmNormalizeRule);
+                linkMap= RegexTextParser.parseWithRegex(strRegex,regexp );
+                return linkMap;
+            }
+        }catch (Exception ex) {
+            logger.error("getMessageToMap："+ex.getMessage());
+            return  null;
+        }
+        return linkMap;
+    }
+
+    /**
+     * 根据设备ID获取配置规则
+     * @param device_id
+     * @return List<Map<String, Object>>
+     */
+    public     List<Map<String, Object>> getRuleList( long  device_id)
+    {
+        List<Map<String, Object>> rulelst=dmNormalizeRuleService.selectByDeviceId((long)1);
+        if (rulelst!=null)
+        {
+            System.out.println("rulelst: " + rulelst);
+        }
+        else{
+            logger.error(" List<Map<String, Object>> rulelst is null！" );
+        }
+        return rulelst;
+    }
+
+    /**
+     *  查找命中配置规则的字段及数值
+     * @param destColumnList   泛化目标字段list
+     * @param destColumnList  日志源字段及数值list
+     * @return
+     */
+    public List<HashMap<String,Object>>  getNormalColumnList(  LinkedHashMap<String, Object> orginColumnMap ,List<HashMap<String, Object>> destColumnList   )
+    {
+        List<HashMap<String, Object>>  columnlist =new ArrayList<>();
+        // 原始解析字段遍历泛化规则目标字段
+        for (Map.Entry<String, Object > entry : orginColumnMap.entrySet()) {
+            //System.out.println(entry.getKey() + ": " + entry.getValue());
+            for (Map<String, Object> map : destColumnList) {
+                //System.out.println( "origin_field: " +  map.get("origin_field").toString());
+                if ( map.get("origin_field").toString().equals(entry.getKey()) ) {
+                    System.out.println(map);
+                    Map<String, Object> normalColumMap =new LinkedHashMap<>();
+                    normalColumMap.put("origin_field",entry.getKey() );
+                    normalColumMap.put("dest_field",map.get("dest_field").toString());
+                    normalColumMap.put("action",(HashMap<String, Object>)map.get("action") );
+                    //normalColumMap.put("mapping ",entry.getKey() );
+                    normalColumMap.put("origin_field_value",entry.getValue() );
+                   // System.out.println("action: " +  map.get("action").toString());
+                    if(  ((HashMap<String, Object>)map.get("action")).get("type").equals("equal"))
+                        //直接赋值
+                        normalColumMap.put("dest_field_value",entry.getValue() );
+                    else if(((HashMap<String, Object>)map.get("action")).get("type").equals("mapping"))
+                    {
+                        //mapping 映射枚举值
+                        normalColumMap.put("dest_field_value",entry.getValue() );
+                        normalColumMap.put("action_param",((HashMap<String, Object>)map.get("action")).get("param") );
+                        HashMap<String, Object> action_param=(HashMap<String, Object>)((HashMap<String, Object>)map.get("action")).get("param") ;
+                        //匹配并获取映射枚举值
+                        normalColumMap.put("dest_field_value",getMappingValue(action_param ,entry.getValue().toString() ));
+                    }
+                    else if(((HashMap<String, Object>)map.get("action")).get("type").equals("time\""))
+                    {
+                        //time 类型
+                        normalColumMap.put("dest_field_value",entry.getValue() );
+                    }
+                    columnlist.add((HashMap<String, Object>)normalColumMap);
+
+                    //System.out.println( "normalColumMap: " +normalColumMap);
+                    break;
+                }
+            }
+        }
+        return columnlist;
+    }
+
+    /**
+     * paramMapping Map匹配查找对应的值
+     * @param paramMappingValueMap
+     * @param
+     * @return
+     */
+    public Object getMappingValue(HashMap<String, Object> paramMappingValueMap,String value)
+    {
+        HashMap<String, Object> Map= (HashMap<String, Object>)paramMappingValueMap.get("mapping");
+        for (Map.Entry<String, Object > entry : Map.entrySet()) {
+            if ( entry.getKey().equals(value) ) {
+                return  entry.getValue();
+            }
+        }
+        return null;
+    }
+
+    /**
+     * 获取字段Map，包含字段field及Value值
+     * @param normalColumnList
+     * @return
+     */
+    public Map<String, Object > getColumnMap( List<HashMap<String,Object>>  normalColumnList )
+    {
+        Map<String, Object > columnMap= new HashMap<>();
+        for (Map<String, Object> map : normalColumnList) {
+            columnMap.put(map.get("dest_field").toString(),map.get("dest_field_value"));
+        }
+        return columnMap;
+    }
+
+    /**
+     * 保存数据到标准化表
+     * @param deviceId
+     * @param logtime
+     * @param logColumnMap
+     */
+    public void SaveNormalData(long deviceId , DateTime  logtime,  Map<String, Object > logColumnMap, long normalizeRuleId ,String normalizeRuleName)
+    {
+        try {
+            if(logColumnMap.isEmpty() )
+            {
+                logger.error("SaveNormalData ->logColumnMap 为空，syslogUUID:" +this.strSyslogUUID);
+                //保存非标日志信息
+                syslogNonNormalMessage.setReason("未命中规则");
+                syslogNonNormalMessage.setReasonDetail("失败详情：logColumnMap对象字段为空"   );
+                if(isSaveNonNormal==false)
+                SaveNonNormalMessage(deviceId,DateTime.now());
+                return ;
+            }
+            Map<String, Object> columnMap = logColumnMap;
+            columnMap.put("device_id", deviceId);
+            columnMap.put("log_time", logtime);
+            columnMap.put("id", UUID.randomUUID().toString());
+            columnMap.put("normalize_rule_id", normalizeRuleId);
+            columnMap.put("normalize_rule_name", normalizeRuleName);
+            columnMap.put("syslog_uuid", this.strSyslogUUID);
+            columnMap.put("syslog_topic", this.strSyslogTopic);
+            System.out.println("columnMap："+columnMap);
+            syslogNormalDataService.insertDynamic(columnMap);
+        } catch (Exception e) {
+            logger.error("SaveNormalData失败 " );
+            //保存非标日志信息
+            syslogNonNormalMessage.setReason("入库失败");
+            syslogNonNormalMessage.setReasonDetail("入库失败,normalizeRuleName :"+normalizeRuleName+",失败详情："+ e.getMessage());
+            if(isSaveNonNormal==false)
+            SaveNonNormalMessage(deviceId,DateTime.now());
+            throw new RuntimeException("SaveNormalData 失败: " + e.getMessage(), e);
+        }
+    }
+
+    public void SaveNonNormalMessage(long deviceId , DateTime logtime)
+    {
+        try {
+            SyslogNonNormalMessage normalMessage =new  SyslogNonNormalMessage() ;
+            //获取日志对应的设备ID
+            Integer collect_id= Integer.parseInt(this.deviceInfoMap.get("device_collect_id"));
+            DeviceCollectTask deviceCollectTask=deviceCollectTaskService.getById(collect_id);
+            normalMessage.setId( UUID.randomUUID().toString());
+            normalMessage.setDeviceId((int)deviceId);
+            normalMessage.setLogTime(logtime.toLocalDateTime());
+            normalMessage.setRuleTime(logtime.toLocalDateTime());
+            normalMessage.setSyslogMessage(this.strLogMsg);
+            normalMessage.setSyslogTopic(this.strSyslogTopic);
+            normalMessage.setSyslogUuid(this.strSyslogUUID);
+            normalMessage.setHeaderMessage(this.strDeviceInfo);
+            normalMessage.setEtlNode("etlgo");
+            normalMessage.setReason( syslogNonNormalMessage.getReason());
+            normalMessage.setReasonDetail( syslogNonNormalMessage.getReasonDetail());
+            //采集探针名称
+            normalMessage.setRuleResult("FAIL");
+            normalMessage.setDeviceName(deviceInfoMap.get("device_name"));
+            normalMessage.setCollectTaskId(collect_id);
+            if(deviceCollectTask!=null)
+            normalMessage.setCollectTaskName(deviceCollectTask.getTaskName());
+            this.messageService.saveMessage(normalMessage );
+            isSaveNonNormal=true;
+
+        } catch (Exception e) {
+            logger.error("SaveNonNormalMessage  失败：" );
+            throw new RuntimeException("SaveNonNormalMessage 失败: " + e.getMessage(), e);
+        }
+    }
+
+
+    public static void main(String[] args) {
+
+        String strlogMessage= "<14>1 2025-09-24T11:52:26Z 5f46d3be75e1 supermario 128 honeypot_event - {\"source\":\"honeypot1\",\"id\":\"f6a13c35-bf9d-4da6-a181-50ce23e7ef6a\",\"start_time\":\"2023-09-03T11:07:02.50167643Z\",\"time\":\"2023-09-03T11:16:18.883885281Z\",\"risk_level\":4,\"connection\":\"b18f3fbe-3fbf-4495-815f-ff26f6fb0bdf\",\"file_info\":null,\"extra\":{\"payload\":{\"format\":\"line\",\"name\":{\"cn\":\"攻击载荷\",\"en\":\"payload\"},\"value\":\"\"},\"uid\":{\"format\":\"line\",\"name\":{\"cn\":\"\",\"en\":\"\"},\"uid\":\"b4cbc73c-25d0-4429-ae1b-a856cdf1a651\",\"value\":\"\"}},\"type\":\"WEB_ATTACK_SCANNER\",\"agent_sn\":\"caa7da42-0cca-4cb1-b501-1f1eb2b588d5\",\"agent_name\":\" 教育局蜜罐探针\",\"honeypot_id\":\"11a9ac6bdf38ae2aaa49ec4f1b4a921bff71952cb9f175bdd8ee1f0497057bc6\",\"honeypot_name\":\"茂名市中小学管理平台管理后台\",\"src_ip\":\"117.50.189.7\",\"src_port\":58512,\"src_mac\":\"\",\"dest_ip\":\"192.168.222.2\",\"dest_port\":9200,\"proxy_ip\":null,\"node\":\"WRx3\"}";
+        String strMsgContent= "{\"source\":\"honeypot1\",\"id\":\"f6a13c35-bf9d-4da6-a181-50ce23e7ef6a\",\"start_time\":\"2023-09-03T11:07:02.50167643Z\",\"time\":\"2023-09-03T11:16:18.883885281Z\",\"risk_level\":4,\"connection\":\"b18f3fbe-3fbf-4495-815f-ff26f6fb0bdf\",\"file_info\":null,\"extra\":{\"payload\":{\"format\":\"line\",\"name\":{\"cn\":\"攻击载荷\",\"en\":\"payload\"},\"value\":\"\"},\"uid\":{\"format\":\"line\",\"name\":{\"cn\":\"\",\"en\":\"\"},\"uid\":\"b4cbc73c-25d0-4429-ae1b-a856cdf1a651\",\"value\":\"\"}},\"type\":\"WEB_ATTACK_SCANNER\",\"agent_sn\":\"caa7da42-0cca-4cb1-b501-1f1eb2b588d5\",\"agent_name\":\" 教育局蜜罐探针\",\"honeypot_id\":\"11a9ac6bdf38ae2aaa49ec4f1b4a921bff71952cb9f175bdd8ee1f0497057bc6\",\"honeypot_name\":\"茂名市中小学管理平台管理后台\",\"src_ip\":\"117.50.189.7\",\"src_port\":58512,\"src_mac\":\"\",\"dest_ip\":\"192.168.222.2\",\"dest_port\":9200,\"proxy_ip\":null,\"node\":\"WRx3\"}";
+        //Map<String, Object> flatMap  =(new logNormalData()).getMessageToMap(strMsgContent);
+        //flatMap.forEach((key, value) -> System.out.println(key + " = " + value));
+        //LogNormalProcessor  logData =new LogNormalProcessor(strlogMessage,);
+        //logData.init();
+    }
+}
+
+
+
diff --git a/haobang-security-xdr/syslog-consumer/src/main/java/com/Modules/NormalData/SysLogProcessor.java b/haobang-security-xdr/syslog-consumer/src/main/java/com/Modules/NormalData/SysLogProcessor.java
new file mode 100644
index 0000000..f98bdbf
--- /dev/null
+++ b/haobang-security-xdr/syslog-consumer/src/main/java/com/Modules/NormalData/SysLogProcessor.java
@@ -0,0 +1,404 @@
+package com.Modules.NormalData;
+
+import com.influx.InfluxDBClient;
+import com.common.util.SyslogParser;
+import com.config.AppConfig;
+import com.influxdb.client.domain.WritePrecision;
+import com.influxdb.client.write.Point;
+import lombok.extern.slf4j.Slf4j;
+import org.apache.kafka.clients.consumer.ConsumerRecord;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.beans.factory.annotation.Qualifier;
+import org.springframework.beans.factory.annotation.Value;
+import org.springframework.kafka.annotation.KafkaListener;
+import org.springframework.kafka.support.Acknowledgment;
+import org.springframework.scheduling.annotation.Async;
+import org.springframework.stereotype.Component;
+
+import java.util.ArrayList;
+import java.util.List;
+import java.util.Map;
+import java.util.UUID;
+import java.util.concurrent.CompletableFuture;
+import java.util.concurrent.Executor;
+import java.util.concurrent.TimeUnit;
+import java.util.concurrent.atomic.AtomicInteger;
+import java.time.LocalDate;
+import java.time.LocalDate;
+import java.time.format.DateTimeFormatter;
+@Slf4j
+@Component
+public class SysLogProcessor {
+
+    @Autowired
+    @Qualifier("logNormalProcessorExecutor")
+    private Executor taskExecutor;
+
+    @Value("${app.processor.batch-size:100}")
+    private int batchSize;
+
+    @Value("${app.processor.process-timeout-ms:30000}")
+    private long processTimeoutMs;
+
+    private final AtomicInteger totalProcessed = new AtomicInteger(0);
+    private final AtomicInteger currentBatchCount = new AtomicInteger(0);
+    // 初始化 InfluxDB 客户端
+    private final com.influx.InfluxDBClient influxClient  = new InfluxDBClient();
+    /**
+     * 方案一：直接多线程并行处理（推荐）
+     * 单线程消费，每条消息独立提交给线程池处理
+     */
+    public void listen(List<String> records, Acknowledgment ack) {
+        try {
+            // 处理业务逻辑
+            for (String record : records) {
+                System.out.println(record);
+            }
+            // 手动提交偏移量
+            ack.acknowledge();  // 告诉Kafka这条消息已成功处理
+        } catch (Exception e) {
+            // 不提交偏移量，消息会被重新消费
+        }
+    }
+    @KafkaListener(
+            topics = "${spring.kafka.consumer.topic:agent-syslog-topic}",
+            concurrency = "2"  // 多线程消费
+    )
+    public void consumeAndParallelProcess(List<ConsumerRecord<String, String>> records, Acknowledgment ack) {
+        if (records.isEmpty()) {
+            ack.acknowledge();
+            return;
+        }
+        log.info("开始处理批次消息，数量: {}", records.size());
+        currentBatchCount.set(records.size());
+
+        try {
+            List<CompletableFuture<Void>> processingFutures = new ArrayList<>();
+
+            // 为每条消息创建独立的处理任务
+            for (ConsumerRecord<String, String> record : records) {
+                CompletableFuture<Void> future = CompletableFuture.runAsync(() -> {
+                    try {
+                        // 异步处理单条消息
+                        log.info("收到syslogmessage："+ record.value());
+                        processSingleMessageAsync(record);
+                    } catch (Exception e) {
+                        log.error("处理消息失败, topic: {}, partition: {}, offset: {}",
+                                record.topic(), record.partition(), record.offset(), e);
+                    } finally {
+                        // 计数器递减
+                        if (currentBatchCount.decrementAndGet() == 0) {
+                            log.debug("批次所有消息处理完成");
+                        }
+                    }
+                }, taskExecutor);
+
+                processingFutures.add(future);
+            }
+
+            // 等待所有处理任务完成（带超时）
+            CompletableFuture<Void> allFutures = CompletableFuture.allOf(
+                    processingFutures.toArray(new CompletableFuture[0])
+            );
+
+            try {
+                allFutures.get(processTimeoutMs, TimeUnit.MILLISECONDS);
+                log.info("批次处理完成，总数: {}", records.size());
+            } catch (java.util.concurrent.TimeoutException e) {
+                log.warn("批次处理超时，已处理: {}/{}",
+                        records.size() - currentBatchCount.get(), records.size());
+            }
+
+            // 提交偏移量
+            ack.acknowledge();
+            totalProcessed.addAndGet(records.size());
+
+        } catch (Exception e) {
+            log.error("消费处理异常", e);
+            ack.acknowledge(); // 异常情况下也提交偏移量，避免阻塞
+        }
+    }
+
+    /**
+     * 方案二：分批多线程处理
+     * 将大批次拆分为小批次进行并行处理
+     */
+    /**
+    @KafkaListener(
+            topics = "${kafka.topic.log-normal-batch:log-normal-topic-batch}",
+            concurrency = "1"
+    )
+     */
+    public void consumeAndBatchProcess(List<ConsumerRecord<String, String>> records,
+                                       Acknowledgment ack) {
+        if (records.isEmpty()) {
+            ack.acknowledge();
+            return;
+        }
+
+        log.info("开始分批处理消息，总数: {}", records.size());
+
+        try {
+            List<CompletableFuture<Void>> batchFutures = new ArrayList<>();
+
+            // 将消息列表拆分为多个批次进行并行处理
+            for (int i = 0; i < records.size(); i += batchSize) {
+                int end = Math.min(i + batchSize, records.size());
+                final List<ConsumerRecord<String, String>> batch = records.subList(i, end);
+                final int batchIndex = i / batchSize + 1;
+
+                CompletableFuture<Void> batchFuture = CompletableFuture.runAsync(() -> {
+                    try {
+                        processMessageBatch(batch, batchIndex);
+                    } catch (Exception e) {
+                        log.error("批次处理异常, 批次: {}", batchIndex, e);
+                    }
+                }, taskExecutor);
+
+                batchFutures.add(batchFuture);
+            }
+
+            // 等待所有批次处理完成
+            CompletableFuture<Void> allBatches = CompletableFuture.allOf(
+                    batchFutures.toArray(new CompletableFuture[0])
+            );
+
+            allBatches.get(processTimeoutMs, TimeUnit.MILLISECONDS);
+
+            // 提交偏移量
+            ack.acknowledge();
+            log.info("全部分批处理完成，总数: {}", records.size());
+            totalProcessed.addAndGet(records.size());
+
+        } catch (Exception e) {
+            log.error("分批消费处理异常", e);
+            ack.acknowledge();
+        }
+    }
+
+    /**
+     * 方案三：带优先级的处理
+     * 根据消息内容决定处理优先级
+     */
+    /**
+    @KafkaListener(
+            topics = "${kafka.topic.log-normal-priority:log-normal-topic-priority}",
+            concurrency = "1"
+    )
+     */
+    public void consumeWithPriority(List<ConsumerRecord<String, String>> records,
+                                    Acknowledgment ack) {
+        if (records.isEmpty()) {
+            ack.acknowledge();
+            return;
+        }
+
+        log.info("开始优先级处理消息，数量: {}", records.size());
+
+        try {
+            List<CompletableFuture<Void>> highPriorityFutures = new ArrayList<>();
+            List<CompletableFuture<Void>> normalPriorityFutures = new ArrayList<>();
+
+            // 根据消息内容分类处理
+            for (ConsumerRecord<String, String> record : records) {
+                CompletableFuture<Void> future = CompletableFuture.runAsync(() -> {
+                    processSingleMessageAsync(record);
+                }, taskExecutor);
+
+                // 根据消息内容判断优先级（这里简单根据key判断）
+                if (isHighPriorityMessage(record)) {
+                    highPriorityFutures.add(future);
+                } else {
+                    normalPriorityFutures.add(future);
+                }
+            }
+
+            // 优先处理高优先级任务
+            if (!highPriorityFutures.isEmpty()) {
+                CompletableFuture.allOf(
+                        highPriorityFutures.toArray(new CompletableFuture[0])
+                ).get(processTimeoutMs / 2, TimeUnit.MILLISECONDS);
+                log.info("高优先级消息处理完成: {}", highPriorityFutures.size());
+            }
+
+            // 然后处理普通优先级任务
+            if (!normalPriorityFutures.isEmpty()) {
+                CompletableFuture.allOf(
+                        normalPriorityFutures.toArray(new CompletableFuture[0])
+                ).get(processTimeoutMs / 2, TimeUnit.MILLISECONDS);
+                log.info("普通优先级消息处理完成: {}", normalPriorityFutures.size());
+            }
+
+            ack.acknowledge();
+            totalProcessed.addAndGet(records.size());
+
+        } catch (Exception e) {
+            log.error("优先级消费处理异常", e);
+            ack.acknowledge();
+        }
+    }
+
+    /**
+     * 异步处理单条消息
+     */
+    @Async("logNormalProcessorExecutor")
+    public void processSingleMessageAsync(ConsumerRecord<String, String> record) {
+        long startTime = System.currentTimeMillis();
+
+        try {
+            // 模拟消息解析
+            //String message = parseMessage(record);
+            // 模拟业务处理
+            //processBusinessLogic(message);
+
+            String sysLogUUID =getSysLogUUID();
+            String strDeviceInfo= SyslogParser.substringBeforeFirstChar(record.value(),']');
+            Map<String,String> mapdev  =SyslogParser.parseKeyValuePairs(strDeviceInfo);
+
+            // 初始化 InfluxDB 客户端
+            Point point = Point.measurement("syslog_security_"+sysLogUUID.substring(0,8) )
+                    .addTag("device_id", mapdev.get("device_id")) // 添加设备ID标签
+                    .addTag("device_collect_id", mapdev.get("device_collect_id")) // 添加探针ID标签
+                    .addTag("uuid", sysLogUUID)   //syslog uuid
+                    .addTag("topic", AppConfig.getTopic())  //kafka topic
+                    .addField("message", record.value()) // 添加字段
+                    .addField("receive_time", mapdev.get("receive_time")) // 添加字段
+                    .addField("uuid", sysLogUUID)
+                    .time(System.currentTimeMillis(), WritePrecision.MS) ;// 毫秒级时间戳
+            influxClient.writePointBlocking(point);
+
+            System.out.println("influxdb wirte syslog ,value:"+  record.key());
+            // 日志信息插入pg XdrHoneypot 表
+            //insertSingleRecord( record.value());
+
+            //String syslogMessage= AppConfig.geRunEnvironment‌().equals("test")? record.value().substring(34) : record.value();
+            String syslogMessage= record.value();
+            //剔除测试环境本机syslog新增的头部信息
+            LogNormalProcessor logNormalProcessor = new LogNormalProcessor(syslogMessage,sysLogUUID,AppConfig.getTopic());
+            //LogNormalProcessor logNormalProcessor =new LogNormalProcessor(record.value());
+            logNormalProcessor.init();
+            System.out.println("insert  postgres syslog ,value:"+  record.key());
+            long costTime = System.currentTimeMillis() - startTime;
+            log.debug("消息处理完成, offset: {}, 耗时: {}ms", record.offset(), costTime);
+
+        } catch (Exception e) {
+            log.error("异步处理消息失败, offset: {}", record.offset(), e);
+            // 这里可以添加重试逻辑或死信队列处理
+        }
+    }
+
+
+
+
+
+    /**
+     * 处理消息批次
+     */
+    private void processMessageBatch(List<ConsumerRecord<String, String>> batch, int batchIndex) {
+        long startTime = System.currentTimeMillis();
+        log.debug("开始处理批次: {}, 数量: {}", batchIndex, batch.size());
+
+        try {
+            List<CompletableFuture<Void>> futures = new ArrayList<>();
+
+            // 批次内并行处理
+            for (ConsumerRecord<String, String> record : batch) {
+                CompletableFuture<Void> future = CompletableFuture.runAsync(() -> {
+                    processSingleMessageAsync(record);
+                }, taskExecutor);
+                futures.add(future);
+            }
+
+            // 等待批次内所有任务完成
+            CompletableFuture.allOf(futures.toArray(new CompletableFuture[0]))
+                    .get(processTimeoutMs, TimeUnit.MILLISECONDS);
+
+            long costTime = System.currentTimeMillis() - startTime;
+            log.info("批次处理完成: {}, 数量: {}, 总耗时: {}ms",
+                    batchIndex, batch.size(), costTime);
+
+        } catch (Exception e) {
+            log.error("批次处理异常: {}", batchIndex, e);
+        }
+    }
+
+    /**
+     * 判断是否为高优先级消息
+     */
+    private boolean isHighPriorityMessage(ConsumerRecord<String, String> record) {
+        // 简单的优先级判断逻辑
+        // 可以根据key、header、或消息内容来判断
+        return record.key() != null &&
+                (record.key().contains("ERROR") || record.key().contains("URGENT"));
+    }
+
+    /**
+     * 消息解析（模拟）
+     */
+    private String parseMessage(ConsumerRecord<String, String> record) {
+        // 模拟解析耗时
+        try {
+            Thread.sleep(1);
+        } catch (InterruptedException e) {
+            Thread.currentThread().interrupt();
+        }
+        return record.value();
+    }
+
+    /**
+     * 业务逻辑处理（模拟）
+     */
+    private void processBusinessLogic(String message) {
+        // 模拟业务处理耗时
+        try {
+            Thread.sleep(5); // 模拟5ms处理时间
+        } catch (InterruptedException e) {
+            Thread.currentThread().interrupt();
+        }
+
+        // 这里可以添加具体的业务逻辑
+        // 例如：数据转换、验证、丰富等
+    }
+
+    /**
+     * 获取处理统计信息
+     */
+    public ProcessingStats getProcessingStats() {
+        return new ProcessingStats(
+                totalProcessed.get(),
+                currentBatchCount.get()
+        );
+    }
+
+    /**
+     * 处理统计信息类
+     */
+    public static class ProcessingStats {
+        private final int totalProcessed;
+        private final int currentBatchCount;
+
+        public ProcessingStats(int totalProcessed, int currentBatchCount) {
+            this.totalProcessed = totalProcessed;
+            this.currentBatchCount = currentBatchCount;
+        }
+
+        public int getTotalProcessed() { return totalProcessed; }
+        public int getCurrentBatchCount() { return currentBatchCount; }
+    }
+
+    /**
+     * 获取日志信息UUID，格式: yyyyMMddxxxxxxxx
+     * @return
+     */
+    private static String  getSysLogUUID ()
+    {
+        // 获取当前日期
+        LocalDate currentDate = LocalDate.now();
+        // 定义格式 (yyyyMMdd)
+        DateTimeFormatter formatter = DateTimeFormatter.ofPattern("yyyyMMdd");
+        // 格式化日期
+        String formattedDate = currentDate.format(formatter);
+        return formattedDate +"-"+ UUID.randomUUID() ;
+    }
+
+}
diff --git a/haobang-security-xdr/syslog-consumer/src/main/java/com/Modules/NormalData/logNormalData.java b/haobang-security-xdr/syslog-consumer/src/main/java/com/Modules/NormalData/logNormalData.java
new file mode 100644
index 0000000..8c88411
--- /dev/null
+++ b/haobang-security-xdr/syslog-consumer/src/main/java/com/Modules/NormalData/logNormalData.java
@@ -0,0 +1,163 @@
+package com.Modules.NormalData;
+import com.common.entity.RuleContent.Cropper_paramsType;
+
+import org.json.JSONObject;
+import org.springframework.beans.factory.annotation.Autowired;
+import com.common.entity.SyslogMessage;
+import com.common.util.JsonParser;
+import com.common.util.SyslogParser;
+
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import com.common.service.DmNormalizeRuleService;
+import com.common.service.DmColumnService;
+
+import java.util.List;
+import java.util.Map;
+import com.common.util.StringExtractorUtil;
+import com.common.entity.RuleContent.kv_paramsType;
+
+
+public class logNormalData {
+
+    private static final Logger logger = LoggerFactory.getLogger(logNormalData.class);
+
+    private String  strLogMsg  ;
+    private Map<String, Object> messageMap ;
+    @Autowired
+    public DmNormalizeRuleService dmNormalizeRuleService =new DmNormalizeRuleService();
+    @Autowired
+    public DmColumnService dmColumnService  ;
+
+    public  logNormalData( String LogMsg) {
+
+        strLogMsg=LogMsg;
+        /** 处理步骤 */
+        //初始化 （获取syslog_normal_data 表全部字段的属性、设备ID对应的规则设置、转化成JSON）
+        //判断数据解析类型（json、键值、xml、正则表达式、分割符）解析syslogMessage 字段转成 HashMAP
+        //匹配规则内容，获取字段映射关系配置，抽取命中的字段名称、数值
+        //判断字段内容及类型，根据数据类型属性，进行内容转换。
+        //生成insert SQL语句、执行入库操作。
+    }
+
+    public    Map<String, Object>  getMessageToMap( String MsgContent)
+    {
+        //解析SyslogMessage
+        SyslogMessage msg = SyslogParser.parse(MsgContent);
+        System.out.println("解析结果-log content: " + msg.getMessage().toString());
+        Map<String, Object> flatMap = JsonParser.parseJsonToFlatMap(msg.getMessage().toString());
+        flatMap.forEach((key, value) -> System.out.println(key + " = " + value));
+        List<Map<String, Object>> rulelst=dmNormalizeRuleService.selectByDeviceId((long)1);
+        return flatMap;
+    }
+
+
+    public     List<Map<String, Object>> getRuleList( long  device_id)
+    {
+        List<Map<String, Object>> rulelst=dmNormalizeRuleService.selectByDeviceId((long)1);
+        if (rulelst!=null)
+        {
+            System.out.println("rulelst: " + rulelst);
+        }
+        return rulelst;
+    }
+
+    /**
+     *  解析数据项内容，Json格式类型
+     * @param MsgContent
+     * @param cropperParams
+     * @return
+     */
+    public static String  ParserMessageJsonType(String  MsgContent , Cropper_paramsType cropperParams)
+    {
+        System.out.println("ParserMessageJsonType  MsgContent:" +MsgContent );
+        if(cropperParams ==null) {
+           return  removeBOM(JsonParser.extractJsonFromLogMessage(MsgContent));
+        }
+        String strJson ="";
+        if(cropperParams.gettail_key().equals("") && cropperParams.gettail_offset()==0 ) {
+             strJson = StringExtractorUtil.extractFromStartToEnd(MsgContent, cropperParams.gethead_key(), cropperParams.gethead_offset());
+            System.out.println("ParserMessageJsonType extractFromStartToEnd strJson" +strJson );
+        }
+        else {
+            strJson= StringExtractorUtil.extract(MsgContent,cropperParams.gethead_key(),cropperParams.gethead_offset(),cropperParams.gettail_key(),cropperParams.gettail_offset() );
+            //return removeBOM(MsgContent).trim();
+        }
+        return removeBOM(strJson).trim();
+    }
+
+    public static String removeBOM(String s) {
+        if (s != null && s.startsWith("\uFEFF")) {
+            return s.substring(1);
+        }
+        return s;
+    }
+
+
+    //获取数据泛化规则的rule_content列表字段，kv类型提取 kv_params 节点值
+    public static kv_paramsType  getkv_paramsType( Map<String, Object> dmNormalizeRule )
+    {
+        kv_paramsType  kvParams = new kv_paramsType();
+        try {
+            JSONObject jsonObject = new JSONObject( dmNormalizeRule.get("rule_content").toString());
+            if (jsonObject.isEmpty()) return null;
+            kvParams.setInternal(jsonObject.getJSONObject("kv_params").get("internal").toString());
+            kvParams.setExternal(jsonObject.getJSONObject("kv_params").get("external").toString());
+            kvParams.setL_trim(jsonObject.getJSONObject("kv_params").get("l_trim").toString());
+            kvParams.setR_trim( jsonObject.getJSONObject("kv_params").get("r_trim").toString());
+            return kvParams;
+        }catch (Exception ex) {
+            logger.error("getkv_paramsType："+ex.getMessage());
+            return null;
+        }
+    }
+    //获取数据泛化规则的rule_content列表字段，sep类型提取 sep 节点值（分隔符）
+    public static String sepType( Map<String, Object> dmNormalizeRule )
+    {
+
+        try {
+            JSONObject jsonObject = new JSONObject( dmNormalizeRule.get("rule_content").toString());
+            if (jsonObject.isEmpty()) return null;
+            return   jsonObject.get("sep").toString();
+        }catch (Exception ex) {
+            logger.error("regexp："+ex.getMessage());
+            return null;
+        }
+    }
+
+    //获取数据泛化规则的rule_content列表字段，regex类型提取 regexp 节点值（分隔符）
+    public static String Regexp ( Map <String, Object> dmNormalizeRule )
+    {
+
+        try {
+            JSONObject jsonObject = new JSONObject( dmNormalizeRule.get("rule_content").toString());
+            if (jsonObject.isEmpty()) return null;
+            return   jsonObject.get("regexp").toString();
+        }catch (Exception ex) {
+            logger.error("sepType："+ex.getMessage());
+            return null;
+        }
+    }
+    public static void main(String[] args) {
+
+        String strlogMessage= "<14>1 2025-09-24T11:52:26Z 5f46d3be75e1 supermario 128 honeypot_event - {\"source\":\"honeypot1\",\"id\":\"f6a13c35-bf9d-4da6-a181-50ce23e7ef6a\",\"start_time\":\"2023-09-03T11:07:02.50167643Z\",\"time\":\"2023-09-03T11:16:18.883885281Z\",\"risk_level\":4,\"connection\":\"b18f3fbe-3fbf-4495-815f-ff26f6fb0bdf\",\"file_info\":null,\"extra\":{\"payload\":{\"format\":\"line\",\"name\":{\"cn\":\"攻击载荷\",\"en\":\"payload\"},\"value\":\"\"},\"uid\":{\"format\":\"line\",\"name\":{\"cn\":\"\",\"en\":\"\"},\"uid\":\"b4cbc73c-25d0-4429-ae1b-a856cdf1a651\",\"value\":\"\"}},\"type\":\"WEB_ATTACK_SCANNER\",\"agent_sn\":\"caa7da42-0cca-4cb1-b501-1f1eb2b588d5\",\"agent_name\":\" 教育局蜜罐探针\",\"honeypot_id\":\"11a9ac6bdf38ae2aaa49ec4f1b4a921bff71952cb9f175bdd8ee1f0497057bc6\",\"honeypot_name\":\"茂名市中小学管理平台管理后台\",\"src_ip\":\"117.50.189.7\",\"src_port\":58512,\"src_mac\":\"\",\"dest_ip\":\"192.168.222.2\",\"dest_port\":9200,\"proxy_ip\":null,\"node\":\"WRx3\"}";
+        String strMsgContent= "{\"source\":\"honeypot1\",\"id\":\"f6a13c35-bf9d-4da6-a181-50ce23e7ef6a\",\"start_time\":\"2023-09-03T11:07:02.50167643Z\",\"time\":\"2023-09-03T11:16:18.883885281Z\",\"risk_level\":4,\"connection\":\"b18f3fbe-3fbf-4495-815f-ff26f6fb0bdf\",\"file_info\":null,\"extra\":{\"payload\":{\"format\":\"line\",\"name\":{\"cn\":\"攻击载荷\",\"en\":\"payload\"},\"value\":\"\"},\"uid\":{\"format\":\"line\",\"name\":{\"cn\":\"\",\"en\":\"\"},\"uid\":\"b4cbc73c-25d0-4429-ae1b-a856cdf1a651\",\"value\":\"\"}},\"type\":\"WEB_ATTACK_SCANNER\",\"agent_sn\":\"caa7da42-0cca-4cb1-b501-1f1eb2b588d5\",\"agent_name\":\" 教育局蜜罐探针\",\"honeypot_id\":\"11a9ac6bdf38ae2aaa49ec4f1b4a921bff71952cb9f175bdd8ee1f0497057bc6\",\"honeypot_name\":\"茂名市中小学管理平台管理后台\",\"src_ip\":\"117.50.189.7\",\"src_port\":58512,\"src_mac\":\"\",\"dest_ip\":\"192.168.222.2\",\"dest_port\":9200,\"proxy_ip\":null,\"node\":\"WRx3\"}";
+        //Map<String, Object> flatMap  =(new logNormalData()).getMessageToMap(strMsgContent);
+        //flatMap.forEach((key, value) -> System.out.println(key + " = " + value));
+        logNormalData  logData =new logNormalData( strlogMessage);
+        Cropper_paramsType cropperParams =new Cropper_paramsType();
+        cropperParams.settail_offset(0);
+        cropperParams.settail_key("");
+        cropperParams.sethead_key("{");
+        cropperParams.sethead_offset(-1);
+        String str= ParserMessageJsonType(strlogMessage,cropperParams);
+        System.out.println("parser msg:"+str);
+
+        //List<Map<String, Object>> rulelst= logData.getRuleList(1);
+
+
+    }
+}
+
+
+
diff --git a/haobang-security-xdr/syslog-consumer/src/main/java/com/Modules/etl/TimeWindowCalculator.java b/haobang-security-xdr/syslog-consumer/src/main/java/com/Modules/etl/TimeWindowCalculator.java
new file mode 100644
index 0000000..4f04c3e
--- /dev/null
+++ b/haobang-security-xdr/syslog-consumer/src/main/java/com/Modules/etl/TimeWindowCalculator.java
@@ -0,0 +1,77 @@
+package com.Modules.etl;
+
+import java.time.LocalDateTime;
+import java.time.format.DateTimeFormatter;
+import java.time.temporal.ChronoUnit;
+
+public class TimeWindowCalculator {
+
+    /**
+     * 获取前一个5分钟完整时间周期的开始时间和结束时间
+     * @param currentTime 当前任务调度时间
+     * @return 包含开始时间和结束时间的数组，[0]=开始时间，[1]=结束时间
+     */
+    public static LocalDateTime[] getPrevious5MinuteWindow(LocalDateTime currentTime) {
+        // 获取当前时间的分钟数
+        int currentMinute = currentTime.getMinute();
+
+        // 计算前一个5分钟周期的结束分钟数（向下取整到5的倍数）
+        int previousWindowEndMinute = (currentMinute / 5) * 5;
+
+        // 构建前一个周期的结束时间
+        LocalDateTime previousWindowEnd = currentTime
+                .withMinute(previousWindowEndMinute)
+                .withSecond(0)
+                .withNano(0);
+
+        // 前一个周期的开始时间是结束时间减去5分钟
+        LocalDateTime previousWindowStart = previousWindowEnd.minusMinutes(5);
+
+        return new LocalDateTime[]{previousWindowStart, previousWindowEnd};
+    }
+
+    /**
+     * 重载方法：使用当前系统时间
+     */
+    public static LocalDateTime[] getPrevious5MinuteWindow() {
+        return getPrevious5MinuteWindow(LocalDateTime.now());
+    }
+
+    public static void main(String[] args) {
+        // 测试用例
+        DateTimeFormatter formatter = DateTimeFormatter.ofPattern("yyyy-MM-dd HH:mm:ss");
+
+        // 测试1: 15:06:00
+        LocalDateTime testTime1 = LocalDateTime.of(2025, 11, 18, 15, 7, 15);
+        LocalDateTime[] window1 = getPrevious5MinuteWindow(testTime1);
+        System.out.println("当前时间: " + testTime1.format(formatter));
+        System.out.println("前一个5分钟周期: " +
+                window1[0].format(formatter) + " - " +
+                window1[1].format(formatter));
+        System.out.println();
+
+        // 测试2: 15:10:00
+        LocalDateTime testTime2 = LocalDateTime.of(2025, 11, 18, 15, 12, 20);
+        LocalDateTime[] window2 = getPrevious5MinuteWindow(testTime2);
+        System.out.println("当前时间: " + testTime2.format(formatter));
+        System.out.println("前一个5分钟周期: " +
+                window2[0].format(formatter) + " - " +
+                window2[1].format(formatter));
+        System.out.println();
+
+        // 测试3: 整点情况 16:00:00
+        LocalDateTime testTime3 = LocalDateTime.of(2025, 11, 18, 16, 0, 15);
+        LocalDateTime[] window3 = getPrevious5MinuteWindow(testTime3);
+        System.out.println("当前时间: " + testTime3.format(formatter));
+        System.out.println("前一个5分钟周期: " +
+                window3[0].format(formatter) + " - " +
+                window3[1].format(formatter));
+        System.out.println();
+
+        // 测试4: 使用当前系统时间
+        LocalDateTime[] currentWindow = getPrevious5MinuteWindow();
+        System.out.println("当前系统时间的前一个5分钟周期: " +
+                currentWindow[0].format(formatter) + " - " +
+                currentWindow[1].format(formatter));
+    }
+}
\ No newline at end of file
diff --git a/haobang-security-xdr/syslog-consumer/src/main/java/com/Modules/etl/handler/ArrayByteTypeHandler.java b/haobang-security-xdr/syslog-consumer/src/main/java/com/Modules/etl/handler/ArrayByteTypeHandler.java
new file mode 100644
index 0000000..484cb34
--- /dev/null
+++ b/haobang-security-xdr/syslog-consumer/src/main/java/com/Modules/etl/handler/ArrayByteTypeHandler.java
@@ -0,0 +1,47 @@
+package com.Modules.etl.handler;
+
+
+
+import org.apache.ibatis.type.BaseTypeHandler;
+import org.apache.ibatis.type.JdbcType;
+import org.apache.ibatis.type.MappedJdbcTypes;
+import org.apache.ibatis.type.MappedTypes;
+import java.sql.*;
+
+@MappedTypes(byte[][].class)
+@MappedJdbcTypes(JdbcType.ARRAY)
+public class ArrayByteTypeHandler extends BaseTypeHandler<byte[][]> {
+
+    @Override
+    public void setNonNullParameter(PreparedStatement ps, int i, byte[][] parameter, JdbcType jdbcType) throws SQLException {
+        Array array = ps.getConnection().createArrayOf("bytea", parameter);
+        ps.setArray(i, array);
+    }
+
+    @Override
+    public byte[][] getNullableResult(ResultSet rs, String columnName) throws SQLException {
+        return getArray(rs.getArray(columnName));
+    }
+
+    @Override
+    public byte[][] getNullableResult(ResultSet rs, int columnIndex) throws SQLException {
+        return getArray(rs.getArray(columnIndex));
+    }
+
+    @Override
+    public byte[][] getNullableResult(CallableStatement cs, int columnIndex) throws SQLException {
+        return getArray(cs.getArray(columnIndex));
+    }
+
+    private byte[][] getArray(Array array) throws SQLException {
+        if (array != null) {
+            Object[] objArray = (Object[]) array.getArray();
+            byte[][] result = new byte[objArray.length][];
+            for (int i = 0; i < objArray.length; i++) {
+                result[i] = (byte[]) objArray[i];
+            }
+            return result;
+        }
+        return null;
+    }
+}
\ No newline at end of file
diff --git a/haobang-security-xdr/syslog-consumer/src/main/java/com/Modules/etl/handler/ArrayIntegerTypeHandler.java b/haobang-security-xdr/syslog-consumer/src/main/java/com/Modules/etl/handler/ArrayIntegerTypeHandler.java
new file mode 100644
index 0000000..0a40ce1
--- /dev/null
+++ b/haobang-security-xdr/syslog-consumer/src/main/java/com/Modules/etl/handler/ArrayIntegerTypeHandler.java
@@ -0,0 +1,43 @@
+package com.Modules.etl.handler;
+
+
+import org.apache.ibatis.type.BaseTypeHandler;
+import org.apache.ibatis.type.JdbcType;
+import org.apache.ibatis.type.MappedJdbcTypes;
+import org.apache.ibatis.type.MappedTypes;
+import java.sql.*;
+import java.util.Arrays;
+
+@MappedTypes(Integer[].class)
+@MappedJdbcTypes(JdbcType.ARRAY)
+public class ArrayIntegerTypeHandler extends BaseTypeHandler<Integer[]> {
+
+    @Override
+    public void setNonNullParameter(PreparedStatement ps, int i, Integer[] parameter, JdbcType jdbcType) throws SQLException {
+        Array array = ps.getConnection().createArrayOf("integer", parameter);
+        ps.setArray(i, array);
+    }
+
+    @Override
+    public Integer[] getNullableResult(ResultSet rs, String columnName) throws SQLException {
+        return getArray(rs.getArray(columnName));
+    }
+
+    @Override
+    public Integer[] getNullableResult(ResultSet rs, int columnIndex) throws SQLException {
+        return getArray(rs.getArray(columnIndex));
+    }
+
+    @Override
+    public Integer[] getNullableResult(CallableStatement cs, int columnIndex) throws SQLException {
+        return getArray(cs.getArray(columnIndex));
+    }
+
+    private Integer[] getArray(Array array) throws SQLException {
+        if (array != null) {
+            Object[] objArray = (Object[]) array.getArray();
+            return Arrays.copyOf(objArray, objArray.length, Integer[].class);
+        }
+        return null;
+    }
+}
\ No newline at end of file
diff --git a/haobang-security-xdr/syslog-consumer/src/main/java/com/Modules/etl/handler/ArrayStringTypeHandler.java b/haobang-security-xdr/syslog-consumer/src/main/java/com/Modules/etl/handler/ArrayStringTypeHandler.java
new file mode 100644
index 0000000..174364f
--- /dev/null
+++ b/haobang-security-xdr/syslog-consumer/src/main/java/com/Modules/etl/handler/ArrayStringTypeHandler.java
@@ -0,0 +1,43 @@
+package com.Modules.etl.handler;
+
+
+import org.apache.ibatis.type.BaseTypeHandler;
+import org.apache.ibatis.type.JdbcType;
+import org.apache.ibatis.type.MappedJdbcTypes;
+import org.apache.ibatis.type.MappedTypes;
+import java.sql.*;
+import java.util.Arrays;
+
+@MappedTypes(String[].class)
+@MappedJdbcTypes(JdbcType.ARRAY)
+public class ArrayStringTypeHandler extends BaseTypeHandler<String[]> {
+
+    @Override
+    public void setNonNullParameter(PreparedStatement ps, int i, String[] parameter, JdbcType jdbcType) throws SQLException {
+        Array array = ps.getConnection().createArrayOf("text", parameter);
+        ps.setArray(i, array);
+    }
+
+    @Override
+    public String[] getNullableResult(ResultSet rs, String columnName) throws SQLException {
+        return getArray(rs.getArray(columnName));
+    }
+
+    @Override
+    public String[] getNullableResult(ResultSet rs, int columnIndex) throws SQLException {
+        return getArray(rs.getArray(columnIndex));
+    }
+
+    @Override
+    public String[] getNullableResult(CallableStatement cs, int columnIndex) throws SQLException {
+        return getArray(cs.getArray(columnIndex));
+    }
+
+    private String[] getArray(Array array) throws SQLException {
+        if (array != null) {
+            Object[] objArray = (Object[]) array.getArray();
+            return Arrays.copyOf(objArray, objArray.length, String[].class);
+        }
+        return null;
+    }
+}
\ No newline at end of file
diff --git a/haobang-security-xdr/syslog-consumer/src/main/java/com/Modules/etl/handler/ETLRetryHandler.java b/haobang-security-xdr/syslog-consumer/src/main/java/com/Modules/etl/handler/ETLRetryHandler.java
new file mode 100644
index 0000000..919ee53
--- /dev/null
+++ b/haobang-security-xdr/syslog-consumer/src/main/java/com/Modules/etl/handler/ETLRetryHandler.java
@@ -0,0 +1,36 @@
+package com.Modules.etl.handler;
+
+
+import lombok.extern.slf4j.Slf4j;
+import org.springframework.retry.annotation.Backoff;
+import org.springframework.retry.annotation.Recover;
+import org.springframework.retry.annotation.Retryable;
+import org.springframework.stereotype.Component;
+
+@Slf4j
+@Component
+public class ETLRetryHandler {
+
+    /**
+     * 带重试机制的ETL任务执行
+     */
+    @Retryable(value = Exception.class, maxAttempts = 3, backoff = @Backoff(delay = 5000))
+    public void executeWithRetry(Runnable etlTask) {
+        try {
+            etlTask.run();
+        } catch (Exception e) {
+            log.warn("ETL任务执行失败，准备重试", e);
+            throw e;
+        }
+    }
+
+    /**
+     * 重试失败后的恢复处理
+     */
+    @Recover
+    public void recover(Exception e, Runnable etlTask) {
+        log.error("ETL任务重试多次后仍然失败", e);
+        // 这里可以发送告警通知、记录失败状态等
+        throw new RuntimeException("ETL任务最终执行失败", e);
+    }
+}
\ No newline at end of file
diff --git a/haobang-security-xdr/syslog-consumer/src/main/java/com/Modules/etl/handler/TimestamptzTypeHandler.java b/haobang-security-xdr/syslog-consumer/src/main/java/com/Modules/etl/handler/TimestamptzTypeHandler.java
new file mode 100644
index 0000000..d839f92
--- /dev/null
+++ b/haobang-security-xdr/syslog-consumer/src/main/java/com/Modules/etl/handler/TimestamptzTypeHandler.java
@@ -0,0 +1,67 @@
+package com.Modules.etl.handler;
+
+
+import org.apache.ibatis.type.BaseTypeHandler;
+import org.apache.ibatis.type.JdbcType;
+import org.apache.ibatis.type.MappedTypes;
+
+import java.sql.*;
+import java.time.Instant;
+import java.time.LocalDateTime;
+import java.time.ZoneId;
+import java.time.ZoneOffset;
+
+@MappedTypes(LocalDateTime.class)
+public class TimestamptzTypeHandler extends BaseTypeHandler<LocalDateTime> {
+
+    @Override
+    public void setNonNullParameter(PreparedStatement ps, int i,
+                                    LocalDateTime parameter, JdbcType jdbcType)
+            throws SQLException {
+        if (parameter == null) {
+            ps.setTimestamp(i, null);
+        } else {
+            // 转换为Timestamp
+            ps.setTimestamp(i, Timestamp.valueOf(parameter));
+        }
+    }
+
+    @Override
+    public LocalDateTime getNullableResult(ResultSet rs, String columnName)
+            throws SQLException {
+        Timestamp timestamp = rs.getTimestamp(columnName);
+        return convertToLocalDateTime(timestamp);
+    }
+
+    @Override
+    public LocalDateTime getNullableResult(ResultSet rs, int columnIndex)
+            throws SQLException {
+        Timestamp timestamp = rs.getTimestamp(columnIndex);
+        return convertToLocalDateTime(timestamp);
+    }
+
+    @Override
+    public LocalDateTime getNullableResult(CallableStatement cs, int columnIndex)
+            throws SQLException {
+        Timestamp timestamp = cs.getTimestamp(columnIndex);
+        return convertToLocalDateTime(timestamp);
+    }
+
+    private LocalDateTime convertToLocalDateTime(Timestamp timestamp) {
+        if (timestamp == null) {
+            return null;
+        }
+
+        try {
+            // 方法1: 直接从Timestamp转换
+            return timestamp.toLocalDateTime();
+
+            // 方法2: 通过Instant转换（处理时区）
+            // Instant instant = timestamp.toInstant();
+            // return LocalDateTime.ofInstant(instant, ZoneId.systemDefault());
+
+        } catch (Exception e) {
+            throw new RuntimeException("Failed to convert TIMESTAMPTZ to LocalDateTime", e);
+        }
+    }
+}
\ No newline at end of file
diff --git a/haobang-security-xdr/syslog-consumer/src/main/java/com/common/entity/Alarm.java b/haobang-security-xdr/syslog-consumer/src/main/java/com/common/entity/Alarm.java
new file mode 100644
index 0000000..e3c947f
--- /dev/null
+++ b/haobang-security-xdr/syslog-consumer/src/main/java/com/common/entity/Alarm.java
@@ -0,0 +1,78 @@
+package com.common.entity;
+
+
+import lombok.Builder;
+import lombok.Data;
+import java.time.LocalDateTime;
+
+@Data
+@Builder
+public class Alarm {
+    private String id;
+    private LocalDateTime createdAt;
+    private String alarmName;
+    private String alarmLevel;
+    private String alarmType;
+    private String alarmMajorType;
+    private String alarmMinorType;
+    private Integer alarmAreaId;
+    private String[] attackIp;
+    private String[] victimIp;
+    private String[] victimWebUrl;
+    private Integer[] attackChainPhase;
+    private Integer[] deviceId;
+    private String[] tag;
+    private String comment;
+    private String[] originLogIds;
+    private String queryId;
+    private Integer judgedState;
+    private Integer disposedState;
+    private String dispositionAdvice;
+    private Integer attackResult;
+    private Integer fall;
+    private byte[] payload;
+    private Integer[] operateEvent;
+    private Integer[] attackPort;
+    private Integer[] victimPort;
+    private String attackMethod;
+    private String businessExt;
+    private LocalDateTime logStartAt;
+    private LocalDateTime logEndAt;
+    private String httpStatus;
+    private String dnsInfo;
+    private String accountInfo;
+    private String attackerInfo;
+    private String victimInfo;
+    private String suspiciousAction;
+    private String vulnInfo;
+    private String weakPwd;
+    private String complianceBaseline;
+    private String fileInfo;
+    private String fileTags;
+    private String endpointInfo;
+    private String endpointProtection;
+    private String originInfo;
+    private String protocolInfo;
+    private String emailInfo;
+    private String sensitiveData;
+    private Integer hitIntelligence;
+    private String windowTime;
+    private LocalDateTime updatedAt;
+    private String engineType;
+    private String attackIpPic;
+    private String victimIpPic;
+    private LocalDateTime operationAt;
+    private String attackDirection;
+    private LocalDateTime etlTime;
+    private Integer logCount;
+    private Integer isAssetHit;
+    private Boolean focused;
+    private Boolean baseFocused;
+    private Boolean isUpdated;
+    private int alarmSource;
+    private String[] httpReqHeaders;
+    private String[] httpReqBodys;
+    private String[] httpRespHeaders;
+    private String[] httpRespBodys;
+
+}
\ No newline at end of file
diff --git a/haobang-security-xdr/syslog-consumer/src/main/java/com/common/entity/AlarmVisit.java b/haobang-security-xdr/syslog-consumer/src/main/java/com/common/entity/AlarmVisit.java
new file mode 100644
index 0000000..5f5f5a8
--- /dev/null
+++ b/haobang-security-xdr/syslog-consumer/src/main/java/com/common/entity/AlarmVisit.java
@@ -0,0 +1,78 @@
+package com.common.entity;
+
+
+import lombok.Builder;
+import lombok.Data;
+
+import java.time.LocalDateTime;
+
+@Data
+@Builder
+public class AlarmVisit {
+    private String id;
+    private LocalDateTime createdAt;
+    private String alarmName;
+    private String alarmLevel;
+    private String alarmType;
+    private String alarmMajorType;
+    private String alarmMinorType;
+    private Integer alarmAreaId;
+    private String[] attackIp;
+    private String[] victimIp;
+    private String[] victimWebUrl;
+    private Integer[] attackChainPhase;
+    private Integer[] deviceId;
+    private String[] tag;
+    private String comment;
+    private String[] originLogIds;
+    private String queryId;
+    private Integer judgedState;
+    private Integer disposedState;
+    private String dispositionAdvice;
+    private Integer attackResult;
+    private Integer fall;
+    private byte[] payload;
+    private Integer[] operateEvent;
+    private Integer[] attackPort;
+    private Integer[] victimPort;
+    private String attackMethod;
+    private String businessExt;
+    private LocalDateTime logStartAt;
+    private LocalDateTime logEndAt;
+    private String httpStatus;
+    private String dnsInfo;
+    private String accountInfo;
+    private String attackerInfo;
+    private String victimInfo;
+    private String suspiciousAction;
+    private String vulnInfo;
+    private String weakPwd;
+    private String complianceBaseline;
+    private String fileInfo;
+    private String fileTags;
+    private String endpointInfo;
+    private String endpointProtection;
+    private String originInfo;
+    private String protocolInfo;
+    private String emailInfo;
+    private String sensitiveData;
+    private Integer hitIntelligence;
+    private String windowTime;
+    private LocalDateTime updatedAt;
+    private String engineType;
+    private String attackIpPic;
+    private String victimIpPic;
+    private LocalDateTime operationAt;
+    private String attackDirection;
+    private LocalDateTime etlTime;
+    private Integer logCount;
+    private Integer isAssetHit;
+    private Boolean focused;
+    private Boolean baseFocused;
+    private Boolean isUpdated;
+    private int alarmSource;
+    private String[] httpReqHeaders;
+    private String[] httpReqBodys;
+    private String[] httpRespHeaders;
+    private String[] httpRespBodys;
+}
\ No newline at end of file
diff --git a/haobang-security-xdr/syslog-consumer/src/main/java/com/common/entity/ApiResponse.java b/haobang-security-xdr/syslog-consumer/src/main/java/com/common/entity/ApiResponse.java
new file mode 100644
index 0000000..1b972a7
--- /dev/null
+++ b/haobang-security-xdr/syslog-consumer/src/main/java/com/common/entity/ApiResponse.java
@@ -0,0 +1,75 @@
+package com.common.entity;
+
+public class ApiResponse<T> {
+
+    private boolean success;
+    private String message;
+    private T data;
+    private String errorCode;
+
+    // 成功响应
+    public static <T> ApiResponse<T> success(T data) {
+        ApiResponse<T> response = new ApiResponse<>();
+        response.setSuccess(true);
+        response.setMessage("操作成功");
+        response.setData(data);
+        return response;
+    }
+
+    public static <T> ApiResponse<T> success(String message, T data) {
+        ApiResponse<T> response = new ApiResponse<>();
+        response.setSuccess(true);
+        response.setMessage(message);
+        response.setData(data);
+        return response;
+    }
+
+    // 失败响应
+    public static <T> ApiResponse<T> error(String message) {
+        ApiResponse<T> response = new ApiResponse<>();
+        response.setSuccess(false);
+        response.setMessage(message);
+        return response;
+    }
+
+    public static <T> ApiResponse<T> error(String message, String errorCode) {
+        ApiResponse<T> response = new ApiResponse<>();
+        response.setSuccess(false);
+        response.setMessage(message);
+        response.setErrorCode(errorCode);
+        return response;
+    }
+
+    // Getter和Setter方法
+    public boolean isSuccess() {
+        return success;
+    }
+
+    public void setSuccess(boolean success) {
+        this.success = success;
+    }
+
+    public String getMessage() {
+        return message;
+    }
+
+    public void setMessage(String message) {
+        this.message = message;
+    }
+
+    public T getData() {
+        return data;
+    }
+
+    public void setData(T data) {
+        this.data = data;
+    }
+
+    public String getErrorCode() {
+        return errorCode;
+    }
+
+    public void setErrorCode(String errorCode) {
+        this.errorCode = errorCode;
+    }
+}
\ No newline at end of file
diff --git a/haobang-security-xdr/syslog-consumer/src/main/java/com/common/entity/AppLog.java b/haobang-security-xdr/syslog-consumer/src/main/java/com/common/entity/AppLog.java
new file mode 100644
index 0000000..0f33b81
--- /dev/null
+++ b/haobang-security-xdr/syslog-consumer/src/main/java/com/common/entity/AppLog.java
@@ -0,0 +1,74 @@
+package com.common.entity;
+
+
+import lombok.Data;
+import org.springframework.data.annotation.Id;
+import org.springframework.data.elasticsearch.annotations.Document;
+import org.springframework.data.elasticsearch.annotations.Field;
+import org.springframework.data.elasticsearch.annotations.FieldType;
+
+import java.util.Date;
+
+@Data
+//@Document(indexName = "applog-#{T(java.time.LocalDate).now().format(T(java.time.format.DateTimeFormatter).ofPattern('yyyyMMdd'))}")
+public class AppLog {
+
+    // ES元数据字段
+    @Id
+    private String id;
+
+    @Field(type = FieldType.Keyword)
+    private String index;
+
+    @Field(type = FieldType.Keyword)
+    private String type = "_doc";
+
+    @Field(type = FieldType.Float)
+    private Float score = 1.0f;
+
+    // 日志内容字段（对应_source）
+    @Field(name = "dtTime", type = FieldType.Long)
+    private Long dtTime;
+
+    @Field(name = "collecttime", type = FieldType.Long)
+    private Long collectTime;
+
+    @Field(name = "logType", type = FieldType.Keyword)
+    private String logType;
+
+    @Field(name = "traceId", type = FieldType.Keyword)
+    private String traceId;
+
+    @Field(name = "method", type = FieldType.Text)
+    private String method;
+
+    @Field(name = "appName", type = FieldType.Keyword)
+    private String appName;
+
+    @Field(name = "ip", type = FieldType.Keyword)
+    private String ip;
+
+    @Field(name = "className", type = FieldType.Text)
+    private String className;
+
+    @Field(name = "env", type = FieldType.Keyword)
+    private String env;
+
+    @Field(name = "content", type = FieldType.Text)
+    private String content;
+
+    @Field(name = "threadName", type = FieldType.Text)
+    private String threadName;
+
+    @Field(name = "logLevel", type = FieldType.Keyword)
+    private String logLevel;
+
+    @Field(name = "seq", type = FieldType.Keyword)
+    private String seq;
+
+    @Field(name = "_indexed_at", type = FieldType.Long)
+    private Long indexedAt;
+
+    // 系统字段
+    private Date createTime = new Date();
+}
\ No newline at end of file
diff --git a/haobang-security-xdr/syslog-consumer/src/main/java/com/common/entity/AppLogEntity.java b/haobang-security-xdr/syslog-consumer/src/main/java/com/common/entity/AppLogEntity.java
new file mode 100644
index 0000000..45edc6f
--- /dev/null
+++ b/haobang-security-xdr/syslog-consumer/src/main/java/com/common/entity/AppLogEntity.java
@@ -0,0 +1,40 @@
+package com.common.entity;
+
+
+import lombok.Data;
+
+import java.time.LocalDateTime;
+
+@Data
+public class AppLogEntity {
+    private Long id;
+
+    // ES元数据字段
+    private String esIndex;
+    private String esType = "_doc";
+    private String esId;
+    private Float esScore = 1.0f;
+
+    // 日志内容字段
+    private Long dtTime;
+    private Long collectTime;
+    private String logType;
+    private String traceId;
+    private String method;
+    private String appName;
+    private String ip;
+    private String className;
+    private String env;
+    private String content;
+    private String threadName;
+    private String logLevel;
+    private String seq;
+    private Long indexedAt;
+
+    // 分区字段
+    private LocalDateTime logDate;
+
+    // 系统字段
+    private LocalDateTime createdAt;
+    private LocalDateTime updatedAt;
+}
\ No newline at end of file
diff --git a/haobang-security-xdr/syslog-consumer/src/main/java/com/common/entity/DeviceCollectTask.java b/haobang-security-xdr/syslog-consumer/src/main/java/com/common/entity/DeviceCollectTask.java
new file mode 100644
index 0000000..0517eba
--- /dev/null
+++ b/haobang-security-xdr/syslog-consumer/src/main/java/com/common/entity/DeviceCollectTask.java
@@ -0,0 +1,98 @@
+package com.common.entity;
+
+import java.time.OffsetDateTime;
+
+public class DeviceCollectTask {
+    private Integer id;
+    private OffsetDateTime createdAt;
+    private OffsetDateTime updatedAt;
+    private OffsetDateTime deletedAt;
+    private Integer deviceId;
+    private Integer method;
+    private String taskName;
+    private OffsetDateTime firstTime;
+    private OffsetDateTime lastSuccessTime;
+    private OffsetDateTime lastFailedTime;
+    private Integer detailId;
+    private Integer epm;
+    private Integer epmPeak;
+    private Integer processArchitecture;
+    private Integer taskCount;
+    private OffsetDateTime recentDiscoverTime;
+    private Integer epmUpperLimit;
+
+    // Getter and Setter 方法
+    public Integer getId() { return id; }
+    public void setId(Integer id) { this.id = id; }
+
+    public OffsetDateTime getCreatedAt() { return createdAt; }
+    public void setCreatedAt(OffsetDateTime createdAt) { this.createdAt = createdAt; }
+
+    public OffsetDateTime getUpdatedAt() { return updatedAt; }
+    public void setUpdatedAt(OffsetDateTime updatedAt) { this.updatedAt = updatedAt; }
+
+    public OffsetDateTime getDeletedAt() { return deletedAt; }
+    public void setDeletedAt(OffsetDateTime deletedAt) { this.deletedAt = deletedAt; }
+
+    public Integer getDeviceId() { return deviceId; }
+    public void setDeviceId(Integer deviceId) { this.deviceId = deviceId; }
+
+    public Integer getMethod() { return method; }
+    public void setMethod(Integer method) { this.method = method; }
+
+    public String getTaskName() { return taskName; }
+    public void setTaskName(String taskName) { this.taskName = taskName; }
+
+    public OffsetDateTime getFirstTime() { return firstTime; }
+    public void setFirstTime(OffsetDateTime firstTime) { this.firstTime = firstTime; }
+
+    public OffsetDateTime getLastSuccessTime() { return lastSuccessTime; }
+    public void setLastSuccessTime(OffsetDateTime lastSuccessTime) { this.lastSuccessTime = lastSuccessTime; }
+
+    public OffsetDateTime getLastFailedTime() { return lastFailedTime; }
+    public void setLastFailedTime(OffsetDateTime lastFailedTime) { this.lastFailedTime = lastFailedTime; }
+
+    public Integer getDetailId() { return detailId; }
+    public void setDetailId(Integer detailId) { this.detailId = detailId; }
+
+    public Integer getEpm() { return epm; }
+    public void setEpm(Integer epm) { this.epm = epm; }
+
+    public Integer getEpmPeak() { return epmPeak; }
+    public void setEpmPeak(Integer epmPeak) { this.epmPeak = epmPeak; }
+
+    public Integer getProcessArchitecture() { return processArchitecture; }
+    public void setProcessArchitecture(Integer processArchitecture) { this.processArchitecture = processArchitecture; }
+
+    public Integer getTaskCount() { return taskCount; }
+    public void setTaskCount(Integer taskCount) { this.taskCount = taskCount; }
+
+    public OffsetDateTime getRecentDiscoverTime() { return recentDiscoverTime; }
+    public void setRecentDiscoverTime(OffsetDateTime recentDiscoverTime) { this.recentDiscoverTime = recentDiscoverTime; }
+
+    public Integer getEpmUpperLimit() { return epmUpperLimit; }
+    public void setEpmUpperLimit(Integer epmUpperLimit) { this.epmUpperLimit = epmUpperLimit; }
+
+    @Override
+    public String toString() {
+        return "DeviceCollectTask{" +
+                "id=" + id +
+                ", createdAt=" + createdAt +
+                ", updatedAt=" + updatedAt +
+                ", deletedAt=" + deletedAt +
+                ", deviceId=" + deviceId +
+                ", method=" + method +
+                ", taskName='" + taskName + '\'' +
+                ", firstTime=" + firstTime +
+                ", lastSuccessTime=" + lastSuccessTime +
+                ", lastFailedTime=" + lastFailedTime +
+                ", detailId=" + detailId +
+                ", epm=" + epm +
+                ", epmPeak=" + epmPeak +
+                ", processArchitecture=" + processArchitecture +
+                ", taskCount=" + taskCount +
+                ", recentDiscoverTime=" + recentDiscoverTime +
+                ", epmUpperLimit=" + epmUpperLimit +
+                '}';
+    }
+}
\ No newline at end of file
diff --git a/haobang-security-xdr/syslog-consumer/src/main/java/com/common/entity/DeviceCollectTaskTime.java b/haobang-security-xdr/syslog-consumer/src/main/java/com/common/entity/DeviceCollectTaskTime.java
new file mode 100644
index 0000000..b545e36
--- /dev/null
+++ b/haobang-security-xdr/syslog-consumer/src/main/java/com/common/entity/DeviceCollectTaskTime.java
@@ -0,0 +1,11 @@
+package com.common.entity;
+
+import lombok.Data;
+import java.time.LocalDateTime;
+@Data
+public class DeviceCollectTaskTime {
+    private String deviceCollectId;
+    private LocalDateTime firstTime;          // 首次成功时间
+    private LocalDateTime lastSuccessTime;    // 最后成功时间
+    private LocalDateTime lastFailTime;       // 最后失败时间
+}
\ No newline at end of file
diff --git a/haobang-security-xdr/syslog-consumer/src/main/java/com/common/entity/DeviceReceiveLog.java b/haobang-security-xdr/syslog-consumer/src/main/java/com/common/entity/DeviceReceiveLog.java
new file mode 100644
index 0000000..86fbb2a
--- /dev/null
+++ b/haobang-security-xdr/syslog-consumer/src/main/java/com/common/entity/DeviceReceiveLog.java
@@ -0,0 +1,65 @@
+package com.common.entity;
+
+import lombok.Data;
+import lombok.AllArgsConstructor;
+import lombok.NoArgsConstructor;
+import lombok.Builder;
+
+import java.time.LocalDateTime;
+import com.fasterxml.jackson.annotation.JsonFormat;
+
+@Data
+@Builder
+@NoArgsConstructor
+@AllArgsConstructor
+public class DeviceReceiveLog {
+    /**
+     * 主键ID
+     */
+    private Long id;
+
+    /**
+     * 记录创建时间（UTC时间）
+     */
+    @JsonFormat(pattern = "yyyy-MM-dd HH:mm:ss")
+    private LocalDateTime createdAt;
+
+    /**
+     * 采集探针ID
+     */
+    private Integer deviceCollectId;
+
+    /**
+     * 设备ID
+     */
+    private Integer deviceId;
+
+    /**
+     * 设备IP（PostgreSQL inet类型，用String处理）
+     */
+    private String deviceIp;
+
+    /**
+     * 日志收到时间
+     */
+    @JsonFormat(pattern = "yyyy-MM-dd HH:mm:ss")
+    private LocalDateTime receiveTime;
+
+    /**
+     * 接收时间字符串（冗余字段）
+     */
+    private String receiveTimeStr;
+
+    /**
+     * 原始syslog消息
+     */
+    private String syslogMessage;
+
+    // 推送是否成功
+    private Boolean pushSuccess;
+    /**
+     * 分页参数（非表字段）
+     */
+    private Integer pageNum;
+    private Integer pageSize;
+}
\ No newline at end of file
diff --git a/haobang-security-xdr/syslog-consumer/src/main/java/com/common/entity/DeviceStatsDTO.java b/haobang-security-xdr/syslog-consumer/src/main/java/com/common/entity/DeviceStatsDTO.java
new file mode 100644
index 0000000..8bf43af
--- /dev/null
+++ b/haobang-security-xdr/syslog-consumer/src/main/java/com/common/entity/DeviceStatsDTO.java
@@ -0,0 +1,14 @@
+package com.common.entity;
+
+
+
+import lombok.Data;
+import java.time.LocalDateTime;
+
+@Data
+public class DeviceStatsDTO {
+    private Long deviceId;
+    private LocalDateTime lastReceiveTime;
+    private Integer parseCount;
+    private Integer nonLogCount;
+}
\ No newline at end of file
diff --git a/haobang-security-xdr/syslog-consumer/src/main/java/com/common/entity/DmColumn.java b/haobang-security-xdr/syslog-consumer/src/main/java/com/common/entity/DmColumn.java
new file mode 100644
index 0000000..fd440d1
--- /dev/null
+++ b/haobang-security-xdr/syslog-consumer/src/main/java/com/common/entity/DmColumn.java
@@ -0,0 +1,131 @@
+package com.common.entity;
+
+
+import java.time.LocalDateTime;
+
+public class DmColumn {
+    private Long id;
+    private LocalDateTime createdAt;
+    private LocalDateTime updatedAt;
+    private LocalDateTime deletedAt;
+    private String name;
+    private String displayName;
+    private Long storageDataType;
+    private Long businessDataType;
+    private Boolean isBuiltIn;
+    private Boolean isHidden;
+    private Boolean isNotNormalizable;
+    private Boolean isRequired;
+    private Integer categoryId;
+    private Integer customAssetCategoryId;
+    private Boolean isVirtual;
+    private Integer tableId;
+    private Integer assetTableId;
+    private Integer columnSetId;
+    private Integer baseType;
+    private Integer userTaskId;
+    private Long createdById;
+    private Long createDept;
+    private Long createBy;
+    private LocalDateTime createTime;
+    private Long updateBy;
+    private LocalDateTime updateTime;
+
+    // 构造方法
+    public DmColumn() {}
+
+    public DmColumn(String name, String displayName) {
+        this.name = name;
+        this.displayName = displayName;
+    }
+
+    // getter 和 setter 方法
+    public Long getId() { return id; }
+    public void setId(Long id) { this.id = id; }
+
+    public LocalDateTime getCreatedAt() { return createdAt; }
+    public void setCreatedAt(LocalDateTime createdAt) { this.createdAt = createdAt; }
+
+    public LocalDateTime getUpdatedAt() { return updatedAt; }
+    public void setUpdatedAt(LocalDateTime updatedAt) { this.updatedAt = updatedAt; }
+
+    public LocalDateTime getDeletedAt() { return deletedAt; }
+    public void setDeletedAt(LocalDateTime deletedAt) { this.deletedAt = deletedAt; }
+
+    public String getName() { return name; }
+    public void setName(String name) { this.name = name; }
+
+    public String getDisplayName() { return displayName; }
+    public void setDisplayName(String displayName) { this.displayName = displayName; }
+
+    public Long getStorageDataType() { return storageDataType; }
+    public void setStorageDataType(Long storageDataType) { this.storageDataType = storageDataType; }
+
+    public Long getBusinessDataType() { return businessDataType; }
+    public void setBusinessDataType(Long businessDataType) { this.businessDataType = businessDataType; }
+
+    public Boolean getIsBuiltIn() { return isBuiltIn; }
+    public void setIsBuiltIn(Boolean isBuiltIn) { this.isBuiltIn = isBuiltIn; }
+
+    public Boolean getIsHidden() { return isHidden; }
+    public void setIsHidden(Boolean isHidden) { this.isHidden = isHidden; }
+
+    public Boolean getIsNotNormalizable() { return isNotNormalizable; }
+    public void setIsNotNormalizable(Boolean isNotNormalizable) { this.isNotNormalizable = isNotNormalizable; }
+
+    public Boolean getIsRequired() { return isRequired; }
+    public void setIsRequired(Boolean isRequired) { this.isRequired = isRequired; }
+
+    public Integer getCategoryId() { return categoryId; }
+    public void setCategoryId(Integer categoryId) { this.categoryId = categoryId; }
+
+    public Integer getCustomAssetCategoryId() { return customAssetCategoryId; }
+    public void setCustomAssetCategoryId(Integer customAssetCategoryId) { this.customAssetCategoryId = customAssetCategoryId; }
+
+    public Boolean getIsVirtual() { return isVirtual; }
+    public void setIsVirtual(Boolean isVirtual) { this.isVirtual = isVirtual; }
+
+    public Integer getTableId() { return tableId; }
+    public void setTableId(Integer tableId) { this.tableId = tableId; }
+
+    public Integer getAssetTableId() { return assetTableId; }
+    public void setAssetTableId(Integer assetTableId) { this.assetTableId = assetTableId; }
+
+    public Integer getColumnSetId() { return columnSetId; }
+    public void setColumnSetId(Integer columnSetId) { this.columnSetId = columnSetId; }
+
+    public Integer getBaseType() { return baseType; }
+    public void setBaseType(Integer baseType) { this.baseType = baseType; }
+
+    public Integer getUserTaskId() { return userTaskId; }
+    public void setUserTaskId(Integer userTaskId) { this.userTaskId = userTaskId; }
+
+    public Long getCreatedById() { return createdById; }
+    public void setCreatedById(Long createdById) { this.createdById = createdById; }
+
+    public Long getCreateDept() { return createDept; }
+    public void setCreateDept(Long createDept) { this.createDept = createDept; }
+
+    public Long getCreateBy() { return createBy; }
+    public void setCreateBy(Long createBy) { this.createBy = createBy; }
+
+    public LocalDateTime getCreateTime() { return createTime; }
+    public void setCreateTime(LocalDateTime createTime) { this.createTime = createTime; }
+
+    public Long getUpdateBy() { return updateBy; }
+    public void setUpdateBy(Long updateBy) { this.updateBy = updateBy; }
+
+    public LocalDateTime getUpdateTime() { return updateTime; }
+    public void setUpdateTime(LocalDateTime updateTime) { this.updateTime = updateTime; }
+
+    @Override
+    public String toString() {
+        return "DmColumn{" +
+                "id=" + id +
+                ", name='" + name + '\'' +
+                ", displayName='" + displayName + '\'' +
+                ", isBuiltIn=" + isBuiltIn +
+                ", isHidden=" + isHidden +
+                '}';
+    }
+}
\ No newline at end of file
diff --git a/haobang-security-xdr/syslog-consumer/src/main/java/com/common/entity/DmNormalizeRule.java b/haobang-security-xdr/syslog-consumer/src/main/java/com/common/entity/DmNormalizeRule.java
new file mode 100644
index 0000000..8eb7c0f
--- /dev/null
+++ b/haobang-security-xdr/syslog-consumer/src/main/java/com/common/entity/DmNormalizeRule.java
@@ -0,0 +1,131 @@
+package com.common.entity;
+
+import java.time.LocalDateTime;
+
+public class DmNormalizeRule {
+    private Long id;
+    private LocalDateTime createdAt;
+    private LocalDateTime updatedAt;
+    private LocalDateTime deletedAt;
+    private String name;
+    private String displayName;
+    private String description;
+    private Boolean isBuiltIn;
+    private Boolean isRunning;
+    private LocalDateTime firstDataSavedAt;
+    private String dataType;
+    private Integer fieldCateId;
+    private String logParsed;
+    private String[] sampleLogs;
+    private Boolean isDataMergeEnabled;
+    private Long dataMergeInterval;
+    private String dataMergeTimeUnit;
+    private Long dataMergeRowLimit;
+    private String dataMergeColumns;
+    private Short dataStorageMedium;
+    private Integer createdById;
+    private Integer groupId;
+    private String ruleContent;
+    private String builtInVersion;
+    private String tenantId;
+    private LocalDateTime createTime;
+    private LocalDateTime updateTime;
+    private Long createBy;
+    private Long updateBy;
+    private String delFlag;
+    private Long createDept;
+
+    // getters and setters
+    public Long getId() { return id; }
+    public void setId(Long id) { this.id = id; }
+
+    public LocalDateTime getCreatedAt() { return createdAt; }
+    public void setCreatedAt(LocalDateTime createdAt) { this.createdAt = createdAt; }
+
+    public LocalDateTime getUpdatedAt() { return updatedAt; }
+    public void setUpdatedAt(LocalDateTime updatedAt) { this.updatedAt = updatedAt; }
+
+    public LocalDateTime getDeletedAt() { return deletedAt; }
+    public void setDeletedAt(LocalDateTime deletedAt) { this.deletedAt = deletedAt; }
+
+    public String getName() { return name; }
+    public void setName(String name) { this.name = name; }
+
+    public String getDisplayName() { return displayName; }
+    public void setDisplayName(String displayName) { this.displayName = displayName; }
+
+    public String getDescription() { return description; }
+    public void setDescription(String description) { this.description = description; }
+
+    public Boolean getIsBuiltIn() { return isBuiltIn; }
+    public void setIsBuiltIn(Boolean isBuiltIn) { this.isBuiltIn = isBuiltIn; }
+
+    public Boolean getIsRunning() { return isRunning; }
+    public void setIsRunning(Boolean isRunning) { this.isRunning = isRunning; }
+
+    public LocalDateTime getFirstDataSavedAt() { return firstDataSavedAt; }
+    public void setFirstDataSavedAt(LocalDateTime firstDataSavedAt) { this.firstDataSavedAt = firstDataSavedAt; }
+
+    public String getDataType() { return dataType; }
+    public void setDataType(String dataType) { this.dataType = dataType; }
+
+    public Integer getFieldCateId() { return fieldCateId; }
+    public void setFieldCateId(Integer fieldCateId) { this.fieldCateId = fieldCateId; }
+
+    public String getLogParsed() { return logParsed; }
+    public void setLogParsed(String logParsed) { this.logParsed = logParsed; }
+
+    public String[] getSampleLogs() { return sampleLogs; }
+    public void setSampleLogs(String[] sampleLogs) { this.sampleLogs = sampleLogs; }
+
+    public Boolean getIsDataMergeEnabled() { return isDataMergeEnabled; }
+    public void setIsDataMergeEnabled(Boolean isDataMergeEnabled) { this.isDataMergeEnabled = isDataMergeEnabled; }
+
+    public Long getDataMergeInterval() { return dataMergeInterval; }
+    public void setDataMergeInterval(Long dataMergeInterval) { this.dataMergeInterval = dataMergeInterval; }
+
+    public String getDataMergeTimeUnit() { return dataMergeTimeUnit; }
+    public void setDataMergeTimeUnit(String dataMergeTimeUnit) { this.dataMergeTimeUnit = dataMergeTimeUnit; }
+
+    public Long getDataMergeRowLimit() { return dataMergeRowLimit; }
+    public void setDataMergeRowLimit(Long dataMergeRowLimit) { this.dataMergeRowLimit = dataMergeRowLimit; }
+
+    public String getDataMergeColumns() { return dataMergeColumns; }
+    public void setDataMergeColumns(String dataMergeColumns) { this.dataMergeColumns = dataMergeColumns; }
+
+    public Short getDataStorageMedium() { return dataStorageMedium; }
+    public void setDataStorageMedium(Short dataStorageMedium) { this.dataStorageMedium = dataStorageMedium; }
+
+    public Integer getCreatedById() { return createdById; }
+    public void setCreatedById(Integer createdById) { this.createdById = createdById; }
+
+    public Integer getGroupId() { return groupId; }
+    public void setGroupId(Integer groupId) { this.groupId = groupId; }
+
+    public String getRuleContent() { return ruleContent; }
+    public void setRuleContent(String ruleContent) { this.ruleContent = ruleContent; }
+
+    public String getBuiltInVersion() { return builtInVersion; }
+    public void setBuiltInVersion(String builtInVersion) { this.builtInVersion = builtInVersion; }
+
+    public String getTenantId() { return tenantId; }
+    public void setTenantId(String tenantId) { this.tenantId = tenantId; }
+
+    public LocalDateTime getCreateTime() { return createTime; }
+    public void setCreateTime(LocalDateTime createTime) { this.createTime = createTime; }
+
+    public LocalDateTime getUpdateTime() { return updateTime; }
+    public void setUpdateTime(LocalDateTime updateTime) { this.updateTime = updateTime; }
+
+    public Long getCreateBy() { return createBy; }
+    public void setCreateBy(Long createBy) { this.createBy = createBy; }
+
+    public Long getUpdateBy() { return updateBy; }
+    public void setUpdateBy(Long updateBy) { this.updateBy = updateBy; }
+
+    public String getDelFlag() { return delFlag; }
+    public void setDelFlag(String delFlag) { this.delFlag = delFlag; }
+
+    public Long getCreateDept() { return createDept; }
+    public void setCreateDept(Long createDept) { this.createDept = createDept; }
+}
\ No newline at end of file
diff --git a/haobang-security-xdr/syslog-consumer/src/main/java/com/common/entity/GroupedSyslogData.java b/haobang-security-xdr/syslog-consumer/src/main/java/com/common/entity/GroupedSyslogData.java
new file mode 100644
index 0000000..8a69423
--- /dev/null
+++ b/haobang-security-xdr/syslog-consumer/src/main/java/com/common/entity/GroupedSyslogData.java
@@ -0,0 +1,35 @@
+package com.common.entity;
+import lombok.Data;
+import java.time.LocalDateTime;
+
+@Data
+public class GroupedSyslogData {
+    private String logDate;
+    private String srcIp;
+    private String destIp;
+    private String[] attackIps;
+    private String originEventName;
+    private Integer attackResult;  // 单个attack_result值
+    private LocalDateTime minLogTime;
+    private LocalDateTime maxLogTime;
+    private Long logCount;
+    private String[] victimIps;
+    private Integer[] deviceIds;
+    private String[] originLogIds;
+    private Integer maxEventLevel;
+    private String firstEventType;
+    private String eventType;
+    private String minEventType;
+    private Integer[] attackPorts;
+    private Integer[] victimPorts;
+    private String[] httpStatusCodes;
+    private byte[][] payloadSamples;
+    private String[] httpReqHeaders;
+    private String[] httpReqBodys;
+    private String[] httpRespHeaders;
+    private String[] httpRespBodys;
+    private String victimIpsStr;
+    private Integer[] allAttackResults;  // 所有不同的attack_result值
+    private Integer mostCommonAttackResult;  // 最常见的attack_result值
+
+}
\ No newline at end of file
diff --git a/haobang-security-xdr/syslog-consumer/src/main/java/com/common/entity/RFC3164Message.java b/haobang-security-xdr/syslog-consumer/src/main/java/com/common/entity/RFC3164Message.java
new file mode 100644
index 0000000..08a4284
--- /dev/null
+++ b/haobang-security-xdr/syslog-consumer/src/main/java/com/common/entity/RFC3164Message.java
@@ -0,0 +1,16 @@
+package com.common.entity;
+
+public class RFC3164Message extends SyslogMessage {
+    private String tag;
+
+    public String getTag() { return tag; }
+    public void setTag(String tag) { this.tag = tag; }
+
+    @Override
+    public String toString() {
+        return String.format("RFC3164 [Facility: %d, Severity: %d, Host: %s, Tag: %s, Time: %s, Msg: %s]",
+                facility, severity, hostname, tag, timestamp, message);
+    }
+
+
+}
diff --git a/haobang-security-xdr/syslog-consumer/src/main/java/com/common/entity/RFC5424Message.java b/haobang-security-xdr/syslog-consumer/src/main/java/com/common/entity/RFC5424Message.java
new file mode 100644
index 0000000..cf8558c
--- /dev/null
+++ b/haobang-security-xdr/syslog-consumer/src/main/java/com/common/entity/RFC5424Message.java
@@ -0,0 +1,29 @@
+package com.common.entity;
+
+import java.util.HashMap;
+import java.util.Map;
+
+public class  RFC5424Message extends SyslogMessage {
+    private int version;
+    private Map<String, Map<String, String>> structuredData;
+
+    public RFC5424Message() {
+        this.structuredData = new HashMap<>();
+    }
+
+    public int getVersion() {
+        return version;
+    }
+
+    public void setVersion(int version) {
+        this.version = version;
+    }
+
+    public Map<String, Map<String, String>> getStructuredData() {
+        return structuredData;
+    }
+
+    public void setStructuredData(Map<String, Map<String, String>> structuredData) {
+        this.structuredData = structuredData;
+    }
+}
diff --git a/haobang-security-xdr/syslog-consumer/src/main/java/com/common/entity/RuleContent/ActionType.java b/haobang-security-xdr/syslog-consumer/src/main/java/com/common/entity/RuleContent/ActionType.java
new file mode 100644
index 0000000..3bdcab1
--- /dev/null
+++ b/haobang-security-xdr/syslog-consumer/src/main/java/com/common/entity/RuleContent/ActionType.java
@@ -0,0 +1,46 @@
+package com.common.entity.RuleContent;
+
+
+public class ActionType {
+    private String type;
+    private String relation_parser_id;
+    private Object sparser_param;
+    private Object param;
+
+    // Constructors
+    public ActionType() {}
+
+    // Getters and Setters
+    public String gettype() {
+        return type;
+    }
+
+    public void settype(String type) {
+        this.type = type;
+    }
+
+    public String getrelation_parser_id() {
+        return relation_parser_id;
+    }
+
+    public void setrelation_parser_id(String relation_parser_id) {
+        this.relation_parser_id = relation_parser_id;
+    }
+
+    public Object getsparser_param() {
+        return sparser_param;
+    }
+
+    public void setsparser_param(Object sparser_param) {
+        this.sparser_param = sparser_param;
+    }
+
+    public Object getparam() {
+        return param;
+    }
+
+    public void setparam(Object param) {
+        this.param = param;
+    }
+
+}
\ No newline at end of file
diff --git a/haobang-security-xdr/syslog-consumer/src/main/java/com/common/entity/RuleContent/CompleteColumn.java b/haobang-security-xdr/syslog-consumer/src/main/java/com/common/entity/RuleContent/CompleteColumn.java
new file mode 100644
index 0000000..60188e5
--- /dev/null
+++ b/haobang-security-xdr/syslog-consumer/src/main/java/com/common/entity/RuleContent/CompleteColumn.java
@@ -0,0 +1,26 @@
+package com.common.entity.RuleContent;
+
+
+import lombok.Data;
+import java.util.List;
+
+@Data
+public class CompleteColumn {
+    private String columnName;           // 要补全的字段名
+    private Object value;                // 补全的值
+    private String filtersRelation;      // 条件关系: "and" 或 "or"
+    private List<Condition> conditions;  // 条件列表
+
+    // 导入数据相关字段（扩展功能）
+    private String importedDataTableName;
+    private String filtersImportedRelation;
+    private List<Condition> importedConditions;
+    private List<CompleteColumn> completeImportedColumns;
+}
+
+@Data
+class Condition {
+    private String columnName;  // 条件字段名
+    private String op;          // 操作符: =, !=, in, zero_len, contain, regexp
+    private Object value;       // 条件值
+}
\ No newline at end of file
diff --git a/haobang-security-xdr/syslog-consumer/src/main/java/com/common/entity/RuleContent/Complete_paramsType.java b/haobang-security-xdr/syslog-consumer/src/main/java/com/common/entity/RuleContent/Complete_paramsType.java
new file mode 100644
index 0000000..5bf9a30
--- /dev/null
+++ b/haobang-security-xdr/syslog-consumer/src/main/java/com/common/entity/RuleContent/Complete_paramsType.java
@@ -0,0 +1,37 @@
+package com.common.entity.RuleContent;
+
+
+public class Complete_paramsType {
+    private String name;
+    private String value;
+    private FiltersType filters;
+
+    // Constructors
+    public Complete_paramsType() {}
+
+    // Getters and Setters
+    public String getname() {
+        return name;
+    }
+
+    public void setname(String name) {
+        this.name = name;
+    }
+
+    public String getvalue() {
+        return value;
+    }
+
+    public void setvalue(String value) {
+        this.value = value;
+    }
+
+    public FiltersType getfilters() {
+        return filters;
+    }
+
+    public void setfilters(FiltersType filters) {
+        this.filters = filters;
+    }
+
+}
\ No newline at end of file
diff --git a/haobang-security-xdr/syslog-consumer/src/main/java/com/common/entity/RuleContent/Cropper_paramsType.java b/haobang-security-xdr/syslog-consumer/src/main/java/com/common/entity/RuleContent/Cropper_paramsType.java
new file mode 100644
index 0000000..11c7b38
--- /dev/null
+++ b/haobang-security-xdr/syslog-consumer/src/main/java/com/common/entity/RuleContent/Cropper_paramsType.java
@@ -0,0 +1,46 @@
+package com.common.entity.RuleContent;
+
+
+public class Cropper_paramsType {
+    private String head_key;
+    private Integer head_offset;
+    private String tail_key;
+    private Integer tail_offset;
+
+    // Constructors
+    public Cropper_paramsType() {}
+
+    // Getters and Setters
+    public String gethead_key() {
+        return head_key;
+    }
+
+    public void sethead_key(String head_key) {
+        this.head_key = head_key;
+    }
+
+    public Integer gethead_offset() {
+        return head_offset;
+    }
+
+    public void sethead_offset(Integer head_offset) {
+        this.head_offset = head_offset;
+    }
+
+    public String gettail_key() {
+        return tail_key;
+    }
+
+    public void settail_key(String tail_key) {
+        this.tail_key = tail_key;
+    }
+
+    public Integer gettail_offset() {
+        return tail_offset;
+    }
+
+    public void settail_offset(Integer tail_offset) {
+        this.tail_offset = tail_offset;
+    }
+
+}
diff --git a/haobang-security-xdr/syslog-consumer/src/main/java/com/common/entity/RuleContent/FilterParam.java b/haobang-security-xdr/syslog-consumer/src/main/java/com/common/entity/RuleContent/FilterParam.java
new file mode 100644
index 0000000..42371e4
--- /dev/null
+++ b/haobang-security-xdr/syslog-consumer/src/main/java/com/common/entity/RuleContent/FilterParam.java
@@ -0,0 +1,22 @@
+package com.common.entity.RuleContent;
+
+import lombok.Data;
+import java.util.List;
+
+@Data
+public class FilterParam {
+    private List<FilterGroup> filtersParams;
+}
+
+@Data
+class FilterGroup {
+    private List<FilterExpression> expressions;
+    private String filtersRelation;  // "and" 或 "or"
+}
+
+@Data
+class FilterExpression {
+    private String columnName;  // 字段名
+    private String op;          // 操作符: =, !=, in, zero_len, contain, regexp
+    private Object value;       // 值，可能是字符串、数组等
+}
\ No newline at end of file
diff --git a/haobang-security-xdr/syslog-consumer/src/main/java/com/common/entity/RuleContent/FiltersType.java b/haobang-security-xdr/syslog-consumer/src/main/java/com/common/entity/RuleContent/FiltersType.java
new file mode 100644
index 0000000..e5de0f4
--- /dev/null
+++ b/haobang-security-xdr/syslog-consumer/src/main/java/com/common/entity/RuleContent/FiltersType.java
@@ -0,0 +1,9 @@
+package com.common.entity.RuleContent;
+
+public class FiltersType {
+
+    // Constructors
+    public FiltersType() {}
+
+    // Getters and Setters
+}
\ No newline at end of file
diff --git a/haobang-security-xdr/syslog-consumer/src/main/java/com/common/entity/RuleContent/MappersType.java b/haobang-security-xdr/syslog-consumer/src/main/java/com/common/entity/RuleContent/MappersType.java
new file mode 100644
index 0000000..dc58492
--- /dev/null
+++ b/haobang-security-xdr/syslog-consumer/src/main/java/com/common/entity/RuleContent/MappersType.java
@@ -0,0 +1,91 @@
+package com.common.entity.RuleContent;
+
+
+public class MappersType {
+    private Integer capture_group_index;
+    private String origin_field;
+    private String src_field;
+    private String dest_field;
+    private String value;
+    private String assigned_value;
+    private Integer strategy;
+    private String mapping_rule_name;
+    private ActionType action;
+
+    // Constructors
+    public MappersType() {}
+
+    // Getters and Setters
+    public Integer getcapture_group_index() {
+        return capture_group_index;
+    }
+
+    public void setcapture_group_index(Integer capture_group_index) {
+        this.capture_group_index = capture_group_index;
+    }
+
+    public String getorigin_field() {
+        return origin_field;
+    }
+
+    public void setorigin_field(String origin_field) {
+        this.origin_field = origin_field;
+    }
+
+    public String getsrc_field() {
+        return src_field;
+    }
+
+    public void setsrc_field(String src_field) {
+        this.src_field = src_field;
+    }
+
+    public String getdest_field() {
+        return dest_field;
+    }
+
+    public void setdest_field(String dest_field) {
+        this.dest_field = dest_field;
+    }
+
+    public String getvalue() {
+        return value;
+    }
+
+    public void setvalue(String value) {
+        this.value = value;
+    }
+
+    public String getassigned_value() {
+        return assigned_value;
+    }
+
+    public void setassigned_value(String assigned_value) {
+        this.assigned_value = assigned_value;
+    }
+
+    public Integer getstrategy() {
+        return strategy;
+    }
+
+    public void setstrategy(Integer strategy) {
+        this.strategy = strategy;
+    }
+
+    public String getmapping_rule_name() {
+        return mapping_rule_name;
+    }
+
+    public void setmapping_rule_name(String mapping_rule_name) {
+        this.mapping_rule_name = mapping_rule_name;
+    }
+
+    public ActionType getaction() {
+        return action;
+    }
+
+    public void setaction(ActionType action) {
+        this.action = action;
+    }
+
+}
\ No newline at end of file
diff --git a/haobang-security-xdr/syslog-consumer/src/main/java/com/common/entity/RuleContent/Root.java b/haobang-security-xdr/syslog-consumer/src/main/java/com/common/entity/RuleContent/Root.java
new file mode 100644
index 0000000..2d94c46
--- /dev/null
+++ b/haobang-security-xdr/syslog-consumer/src/main/java/com/common/entity/RuleContent/Root.java
@@ -0,0 +1,140 @@
+package com.common.entity.RuleContent;
+import java.util.List;
+import java.util.ArrayList;
+import com.fasterxml.jackson.annotation.JsonProperty;
+import com.common.entity.RuleContent.*;
+
+
+public class Root {
+    private Integer field_cate_id;
+    private Integer field_cate_table_name;
+    private String rule_name;
+    private String data_type;
+    private String decode;
+    private List<String> keywords;
+    private Cropper_paramsType cropper_params;
+    private Object second_parsers;
+    private Object second_parsers_v2;
+    private List<MappersType> mappers;
+    private String filters_params;
+    private List<Complete_paramsType> complete_params;
+    private String complete_columns;
+    private Integer data_storage_medium;
+
+    // Constructors
+    public Root() {}
+
+    // Getters and Setters
+    public Integer getfield_cate_id() {
+        return field_cate_id;
+    }
+
+    public void setfield_cate_id(Integer field_cate_id) {
+        this.field_cate_id = field_cate_id;
+    }
+
+    public Integer getfield_cate_table_name() {
+        return field_cate_table_name;
+    }
+
+    public void setfield_cate_table_name(Integer field_cate_table_name) {
+        this.field_cate_table_name = field_cate_table_name;
+    }
+
+    public String getrule_name() {
+        return rule_name;
+    }
+
+    public void setrule_name(String rule_name) {
+        this.rule_name = rule_name;
+    }
+
+    public String getdata_type() {
+        return data_type;
+    }
+
+    public void setdata_type(String data_type) {
+        this.data_type = data_type;
+    }
+
+    public String getdecode() {
+        return decode;
+    }
+
+    public void setdecode(String decode) {
+        this.decode = decode;
+    }
+
+    public List<String> getkeywords() {
+        return keywords;
+    }
+
+    public void setkeywords(List<String> keywords) {
+        this.keywords = keywords;
+    }
+
+    public Cropper_paramsType getcropper_params() {
+        return cropper_params;
+    }
+
+    public void setcropper_params(Cropper_paramsType cropper_params) {
+        this.cropper_params = cropper_params;
+    }
+
+    public Object getsecond_parsers() {
+        return second_parsers;
+    }
+
+    public void setsecond_parsers(Object second_parsers) {
+        this.second_parsers = second_parsers;
+    }
+
+    public Object getsecond_parsers_v2() {
+        return second_parsers_v2;
+    }
+
+    public void setsecond_parsers_v2(Object second_parsers_v2) {
+        this.second_parsers_v2 = second_parsers_v2;
+    }
+
+    public List<MappersType> getmappers() {
+        return mappers;
+    }
+
+    public void setmappers(List<MappersType> mappers) {
+        this.mappers = mappers;
+    }
+
+    public String getfilters_params() {
+        return filters_params;
+    }
+
+    public void setfilters_params(String filters_params) {
+        this.filters_params = filters_params;
+    }
+
+    public List<Complete_paramsType> getcomplete_params() {
+        return complete_params;
+    }
+
+    public void setcomplete_params(List<Complete_paramsType> complete_params) {
+        this.complete_params = complete_params;
+    }
+
+    public String getcomplete_columns() {
+        return complete_columns;
+    }
+
+    public void setcomplete_columns(String complete_columns) {
+        this.complete_columns = complete_columns;
+    }
+
+    public Integer getdata_storage_medium() {
+        return data_storage_medium;
+    }
+
+    public void setdata_storage_medium(Integer data_storage_medium) {
+        this.data_storage_medium = data_storage_medium;
+    }
+
+}
\ No newline at end of file
diff --git a/haobang-security-xdr/syslog-consumer/src/main/java/com/common/entity/RuleContent/RuleContent.java b/haobang-security-xdr/syslog-consumer/src/main/java/com/common/entity/RuleContent/RuleContent.java
new file mode 100644
index 0000000..0e614cf
--- /dev/null
+++ b/haobang-security-xdr/syslog-consumer/src/main/java/com/common/entity/RuleContent/RuleContent.java
@@ -0,0 +1,139 @@
+package com.common.entity.RuleContent;
+import java.util.List;
+import java.util.ArrayList;
+import com.fasterxml.jackson.annotation.JsonProperty;
+import com.common.entity.RuleContent.*;
+public class RuleContent {
+
+    private Integer field_cate_id;
+    private Integer field_cate_table_name;
+    private String rule_name;
+    private String data_type;
+    private String decode;
+    private List<String> keywords;
+    private Cropper_paramsType cropper_params;
+    private Object second_parsers;
+    private Object second_parsers_v2;
+    private List<MappersType> mappers;
+    private String filters_params;
+    private List<Complete_paramsType> complete_params;
+    private String complete_columns;
+    private Integer data_storage_medium;
+
+    // Constructors
+    public RuleContent() {}
+
+    // Getters and Setters
+    public Integer getfield_cate_id() {
+        return field_cate_id;
+    }
+
+    public void setfield_cate_id(Integer field_cate_id) {
+        this.field_cate_id = field_cate_id;
+    }
+
+    public Integer getfield_cate_table_name() {
+        return field_cate_table_name;
+    }
+
+    public void setfield_cate_table_name(Integer field_cate_table_name) {
+        this.field_cate_table_name = field_cate_table_name;
+    }
+
+    public String getrule_name() {
+        return rule_name;
+    }
+
+    public void setrule_name(String rule_name) {
+        this.rule_name = rule_name;
+    }
+
+    public String getdata_type() {
+        return data_type;
+    }
+
+    public void setdata_type(String data_type) {
+        this.data_type = data_type;
+    }
+
+    public String getdecode() {
+        return decode;
+    }
+
+    public void setdecode(String decode) {
+        this.decode = decode;
+    }
+
+    public List<String> getkeywords() {
+        return keywords;
+    }
+
+    public void setkeywords(List<String> keywords) {
+        this.keywords = keywords;
+    }
+
+    public Cropper_paramsType getcropper_params() {
+        return cropper_params;
+    }
+
+    public void setcropper_params(Cropper_paramsType cropper_params) {
+        this.cropper_params = cropper_params;
+    }
+
+    public Object getsecond_parsers() {
+        return second_parsers;
+    }
+
+    public void setsecond_parsers(Object second_parsers) {
+        this.second_parsers = second_parsers;
+    }
+
+    public Object getsecond_parsers_v2() {
+        return second_parsers_v2;
+    }
+
+    public void setsecond_parsers_v2(Object second_parsers_v2) {
+        this.second_parsers_v2 = second_parsers_v2;
+    }
+
+    public List<MappersType> getmappers() {
+        return mappers;
+    }
+
+    public void setmappers(List<MappersType> mappers) {
+        this.mappers = mappers;
+    }
+
+    public String getfilters_params() {
+        return filters_params;
+    }
+
+    public void setfilters_params(String filters_params) {
+        this.filters_params = filters_params;
+    }
+
+    public List<Complete_paramsType> getcomplete_params() {
+        return complete_params;
+    }
+
+    public void setcomplete_params(List<Complete_paramsType> complete_params) {
+        this.complete_params = complete_params;
+    }
+
+    public String getcomplete_columns() {
+        return complete_columns;
+    }
+
+    public void setcomplete_columns(String complete_columns) {
+        this.complete_columns = complete_columns;
+    }
+
+    public Integer getdata_storage_medium() {
+        return data_storage_medium;
+    }
+
+    public void setdata_storage_medium(Integer data_storage_medium) {
+        this.data_storage_medium = data_storage_medium;
+    }
+
+}
diff --git a/haobang-security-xdr/syslog-consumer/src/main/java/com/common/entity/RuleContent/kv_paramsType.java b/haobang-security-xdr/syslog-consumer/src/main/java/com/common/entity/RuleContent/kv_paramsType.java
new file mode 100644
index 0000000..ec61a0a
--- /dev/null
+++ b/haobang-security-xdr/syslog-consumer/src/main/java/com/common/entity/RuleContent/kv_paramsType.java
@@ -0,0 +1,11 @@
+package com.common.entity.RuleContent;
+
+import lombok.Data;
+
+@Data
+public class kv_paramsType {
+    private String internal;
+    private String external;
+    private String l_trim;
+    private String r_trim;
+}
diff --git a/haobang-security-xdr/syslog-consumer/src/main/java/com/common/entity/SecExceptionAlgorithm.java b/haobang-security-xdr/syslog-consumer/src/main/java/com/common/entity/SecExceptionAlgorithm.java
new file mode 100644
index 0000000..fecd784
--- /dev/null
+++ b/haobang-security-xdr/syslog-consumer/src/main/java/com/common/entity/SecExceptionAlgorithm.java
@@ -0,0 +1,27 @@
+package com.common.entity;
+
+import lombok.Data;
+import java.time.LocalDateTime;
+
+@Data
+public class SecExceptionAlgorithm {
+    private Long id;
+    private String algorithmName;
+    private String exceptionType;
+    private String dataSource;
+    private Integer status; // 1启用
+    private String description;
+    private String configInfo;
+    private String operatorZipUrl;
+    private String remark;
+    private String createBy;
+    private LocalDateTime createTime;
+    private String updateBy;
+    private LocalDateTime updateTime;
+    private String tenantId;
+    private String delFlag;
+    private Long createDept;
+    private String apiUrl; // API URL
+    private String apiMethod; // GET/POST
+    private String respUrl;
+}
\ No newline at end of file
diff --git a/haobang-security-xdr/syslog-consumer/src/main/java/com/common/entity/SyslogMessage.java b/haobang-security-xdr/syslog-consumer/src/main/java/com/common/entity/SyslogMessage.java
new file mode 100644
index 0000000..b198f82
--- /dev/null
+++ b/haobang-security-xdr/syslog-consumer/src/main/java/com/common/entity/SyslogMessage.java
@@ -0,0 +1,47 @@
+package com.common.entity;
+
+import java.time.OffsetDateTime;
+import java.util.HashMap;
+import java.util.Map;
+
+// 基础 Syslog 消息类
+public abstract class SyslogMessage {
+    protected int priority;
+    protected int facility;
+    protected int severity;
+    protected String hostname;
+    protected String appName;
+    protected String procId;
+    protected String msgId;
+    protected String message;
+    protected OffsetDateTime timestamp;
+
+    // Getters and Setters
+    public int getPriority() { return priority; }
+    public void setPriority(int priority) {
+        this.priority = priority;
+        this.facility = priority / 8;
+        this.severity = priority % 8;
+    }
+
+    public int getFacility() { return facility; }
+    public int getSeverity() { return severity; }
+    public String getHostname() { return hostname; }
+    public void setHostname(String hostname) { this.hostname = hostname; }
+    public String getAppName() { return appName; }
+    public void setAppName(String appName) { this.appName = appName; }
+    public String getProcId() { return procId; }
+    public void setProcId(String procId) { this.procId = procId; }
+    public String getMsgId() { return msgId; }
+    public void setMsgId(String msgId) { this.msgId = msgId; }
+    public String getMessage() { return message; }
+    public void setMessage(String message) { this.message = message; }
+    public OffsetDateTime getTimestamp() { return timestamp; }
+    public void setTimestamp(OffsetDateTime timestamp) { this.timestamp = timestamp; }
+
+    @Override
+    public String toString() {
+        return String.format("Facility: %d, Severity: %d, Host: %s, App: %s, Time: %s, Msg: %s",
+                facility, severity, hostname, appName, timestamp, message);
+    }
+}
diff --git a/haobang-security-xdr/syslog-consumer/src/main/java/com/common/entity/SyslogNonNormalMessage.java b/haobang-security-xdr/syslog-consumer/src/main/java/com/common/entity/SyslogNonNormalMessage.java
new file mode 100644
index 0000000..8e97c16
--- /dev/null
+++ b/haobang-security-xdr/syslog-consumer/src/main/java/com/common/entity/SyslogNonNormalMessage.java
@@ -0,0 +1,162 @@
+package com.common.entity;
+
+
+import com.baomidou.mybatisplus.annotation.*;
+import lombok.Data;
+import lombok.EqualsAndHashCode;
+
+import java.time.LocalDateTime;
+import java.time.OffsetDateTime;
+
+/**
+ * 非标日志实体类
+ */
+@Data
+@EqualsAndHashCode(callSuper = false)
+@TableName("syslog_non_normal_message")
+public class SyslogNonNormalMessage {
+
+    /**
+     * 非标ID
+     */
+    @TableId(value = "id", type = IdType.INPUT)
+    private String id;
+
+    /**
+     * 记录时间（UTC时区）
+     */
+    @TableField("created_at")
+    private OffsetDateTime createdAt;
+
+    /**
+     * log处理时间
+     */
+    @TableField("log_time")
+    private LocalDateTime logTime;
+
+    /**
+     * 设备ID
+     */
+    @TableField("device_id")
+    private Integer deviceId;
+
+    /**
+     * 原始日志
+     */
+    @TableField("syslog_message")
+    private String syslogMessage;
+
+    /**
+     * 安全日志ID
+     */
+    @TableField("syslog_uuid")
+    private String syslogUuid;
+
+    /**
+     * kafka topic
+     */
+    @TableField("syslog_topic")
+    private String syslogTopic;
+
+    /**
+     * 租户ID
+     */
+    @TableField("tenant_id")
+    private String tenantId;
+
+    /**
+     * 创建时间
+     */
+    @TableField("create_time")
+    private LocalDateTime createTime;
+
+    /**
+     * 更新时间
+     */
+    @TableField("update_time")
+    private LocalDateTime updateTime;
+
+    /**
+     * 创建者
+     */
+    @TableField("create_by")
+    private Long createBy;
+
+    /**
+     * 更新者
+     */
+    @TableField("update_by")
+    private Long updateBy;
+
+    /**
+     * 创建部门
+     */
+    @TableField("create_dept")
+    private Long createDept;
+
+    /**
+     * 采集头部消息
+     */
+    @TableField("header_message")
+    private String headerMessage;
+
+    /**
+     * 接收时间
+     */
+    @TableField("receive_time")
+    private LocalDateTime receiveTime;
+
+    /**
+     * 泛化时间
+     */
+    @TableField("rule_time")
+    private LocalDateTime ruleTime;
+
+    /**
+     * 设备名称
+     */
+    @TableField("device_name")
+    private String deviceName;
+
+    /**
+     * ETL处理节点
+     */
+    @TableField("etl_node")
+    private String etlNode;
+
+    /**
+     * 采集任务ID
+     */
+    @TableField("collect_task_id")
+    private Integer collectTaskId;
+
+    /**
+     * 采集任务名称
+     */
+    @TableField("collect_task_name")
+    private String collectTaskName;
+
+    /**
+     * 非标原因
+     */
+    @TableField("reason")
+    private String reason;
+
+    /**
+     * 详细原因
+     */
+    @TableField("reason_detail")
+    private String reasonDetail;
+
+    /**
+     * 泛化结果
+     */
+    @TableField("rule_result")
+    private String ruleResult;
+
+    /**
+     * 删除标志
+     */
+    @TableField("del_flag")
+    private String delFlag;
+}
\ No newline at end of file
diff --git a/haobang-security-xdr/syslog-consumer/src/main/java/com/common/entity/SyslogNormalAlarm.java b/haobang-security-xdr/syslog-consumer/src/main/java/com/common/entity/SyslogNormalAlarm.java
new file mode 100644
index 0000000..85ce568
--- /dev/null
+++ b/haobang-security-xdr/syslog-consumer/src/main/java/com/common/entity/SyslogNormalAlarm.java
@@ -0,0 +1,383 @@
+package com.common.entity;
+
+import lombok.Data;
+
+import java.math.BigDecimal;
+import java.time.LocalDateTime;
+
+@Data
+public class SyslogNormalAlarm {
+    private String id;
+    private LocalDateTime createdAt;
+    private LocalDateTime logTime;
+    private Integer deviceId;
+    private String webshellType;
+    private String vuirsType;
+    private String vuirsUrl;
+    private String classFilename;
+    private String classPath;
+    private String parentClass;
+    private String jarPath;
+    private String classMd5;
+    private String classLoader;
+    private String classHashcode;
+    private String classLoaderHashcode;
+    private String tcNameip;
+    private String performSql;
+    private String tcAccount;
+    private String tcAppname;
+    private String processUname;
+    private String pProcessUname;
+    private String containerName;
+    private String containerId;
+    private String httpRespServer;
+    private Long srcipId;
+    private String cdnip;
+    private String natip;
+    private String mailSender;
+    private String mailReceiver;
+    private String vpnMac;
+    private String vpnOs;
+    private String vpnUser;
+    private String vpnGroupname;
+    private String vpnAccessIp;
+    private Boolean destIpApt;
+    private String originAttackResult;
+    private String description;
+    private String solution;
+    private String attackCause;
+    private String username;
+    private String tcFlowId;
+    private String loginResult;
+    private String cmdline;
+    private String originAttackAction;
+    private String victimDomain;
+    private String vpnDeviceid;
+    private String vpnAccessAction;
+    private Long fileAccessTime;
+    private String fileName;
+    private String tcClass;
+    private String tcName2;
+    private Long loginLasttime;
+    private String originPermissions;
+    private String beginPermissions;
+    private Long printTime;
+    private String printer;
+    private String printerType;
+    private Long printPages;
+    private Long printCopies;
+    private String srcDevice;
+    private String dstDevice;
+    private String srcFile;
+    private String srcFileType;
+    private String srcFilePath;
+    private String dstFile;
+    private String dstFileType;
+    private String dstFilePath;
+    private String dlpPolicyName;
+    private String dlpPolicyType;
+    private String dstUploadUrl;
+    private String processUuid;
+    private String pProcessUuid;
+    private String env;
+    private String bruteForceService;
+    private String vuirsName;
+    private Long httpReqLength;
+    private String httpReqContentType;
+    private String tcScanPort;
+    private String tcLabels;
+    private String httpRespContentType;
+    private String dnsMsgType;
+    private String dnsAnswerLength;
+    private Boolean dnsIoc;
+    private BigDecimal txBytes;
+    private BigDecimal rxBytes;
+    private BigDecimal allBytes;
+    private Long durationTime;
+    private String mailAttachName;
+    private String mailSubject;
+    private String mailMessage;
+    private String mailSendServer;
+    private String mailAgent;
+    private String tlsVersion;
+    private String tlsServerCert;
+    private String tlsServerSuite;
+    private String tlsClientSuitesLen;
+    private String tlsJa3;
+    private String tlsJa3s;
+    private String vpnAccessPort;
+    private String logTopic;
+    private Long collectTime;
+    private Boolean srcIsIntranetip;
+    private Boolean srcIpIoc;
+    private Boolean srcIpApt;
+    private String srcipName;
+    private String tcClient;
+    private Long srcipOrganizationId;
+    private Boolean destIpIntranetip;
+    private Boolean destIpIoc;
+    private Long desipId;
+    private String desipName;
+    private String tcHostip;
+    private Long desipOrganizationId;
+    private String originConfidence;
+    private String originMalscore;
+    private String attackerIcampaign;
+    private Long attackerHostAssetId;
+    private Long attackerOrganizationId;
+    private Long victimHostAssetId;
+    private Long victimOrganizationId;
+    private Long logoutTime;
+    private String httpReqLine;
+    private String desipSecurityScopeId;
+    private String srcipSecurityScopeId;
+    private Long httpRespLength;
+    private String tcAttackType;
+    private String tcRealip;
+    private String attackerIpLists;
+    private String loginPassword;
+    private String detail;
+    private String attackerCountryCode;
+    private String attackerRegionCode;
+    private String victimRegionCode;
+    private String payload;
+    private String httpReferer;
+    private String httpUserAgent;
+    private String httpSession;
+    private String httpQueryString;
+    private String filePath;
+    private String filePermission;
+    private String loginAbnormalType;
+    private String fileTag;
+    private String filePlatform;
+    private String targetIp;
+    private String collectDate;
+    private String tcClientIp;
+    private String tcServerIp;
+    private String tcExternalip;
+    private Long httpStatusCode;
+    private String deviceDomian;
+    private String srcIpStr;
+    private String srcPortStr;
+    private String destIpStr;
+    private String destPortStr;
+    private String pcap;
+    private String ioc;
+    private String maliciousFamily;
+    private String vulnCve;
+    private String aliyunType;
+    private String attackerHostAssetName;
+    private String attackerOrganizationName;
+    private String ctId;
+    private String cveList;
+    private String desipOrganizationName;
+    private String destIpGroup;
+    private String fileGid;
+    private String fileOwner;
+    private String fileOwnergroup;
+    private String fileUid;
+    private String httpRespCookie;
+    private String originRuleId;
+    private String originRuleName;
+    private String serviceName;
+    private String srcIpAssetGroup;
+    private String srcipOrganizationName;
+    private String victimHostAssetName;
+    private Long httpRespCodes;
+    private String victimOrganizationName;
+    private String tcType;
+    private String direction;
+    private String httpReqCookie;
+    private String httpReqProtocol;
+    private String httpReqHeaderRaw;
+    private String httpUrl;
+    private String uname;
+    private String originHostname;
+    private String originOs;
+    private String originAgentMac;
+    private String originHostId;
+    private String originAgentVersion;
+    private String originAgentId;
+    private String originAgentName;
+    private String originWorkGroup;
+    private String originAssetGroup;
+    private Long originLocalPort;
+    private String originAgentIp;
+    private String originInternalIp;
+    private String originExternalIp;
+    private String originLocalAddr;
+    private Long agentId;
+    private String agentName;
+    private String tcTitle;
+    private String logId;
+    private LocalDateTime eventDate;
+    private Long eventTimeTs;
+    private Integer eventLevel;
+    private String srcIp;
+    private Long srcPort;
+    private String destIp;
+    private Long destPort;
+    private Long eventTime;
+    private String attackerCountry;
+    private String srcMac;
+    private String destMac;
+    private String proto;
+    private Long devId;
+    private Long createdTime;
+    private String srcCountry;
+    private String srcCountryCode;
+    private String srcRegion;
+    private String srcRegionCode;
+    private String srcCity;
+    private String srcLon;
+    private String httpMethod;
+    private String httpHost;
+    private String httpReqHeader;
+    private String httpReqBody;
+    private String httpRespHeader;
+    private String httpRespBody;
+    private String fileType;
+    private String fileMd5;
+    private String fileSize;
+    private String process;
+    private Long startTime;
+    private String action;
+    private String attackerRegion;
+    private Long endTime;
+    private Long fileCreatedTime;
+    private Long fileModifiedTime;
+    private String tcMiguanScanPort;
+    private String processPath;
+    private String parentProcessPath;
+    private String gname;
+    private String exeName;
+    private String exePath;
+    private Long loginTime;
+    private Long loginTimes;
+    private String checkItem;
+    private String checkType;
+    private String attackerIp;
+    private Long attackerPort;
+    private String victimIp;
+    private Long victimPort;
+    private String attackerCity;
+    private String attackerLon;
+    private String attackerLat;
+    private String victimCountry;
+    private String victimRegion;
+    private String victimCity;
+    private String victimLon;
+    private String victimLat;
+    private String originEventId;
+    private String originEventName;
+    private String originEventCategory;
+    private String originEventLevel;
+    private String originAttackChain;
+    private String engineType;
+    private String evilPayload;
+    private String httpRespStatus;
+    private String dnsQuery;
+    private String dnsQueryType;
+    private String dnsTtl;
+    private String dnsAnswer;
+    private String dnsSubdomains;
+    private String fileSha256;
+    private String fileSsdeep;
+    private String victimCountryCode;
+    private String httpXffIp;
+    private String tcMiguanClass;
+    private String pid;
+    private String ppid;
+    private String processName;
+    private String backdoorType;
+    private String tty;
+    private String sudoUser;
+    private String sudoGroup;
+    private String originEventType;
+    private String destDomain;
+    private String shellCmdline;
+    private String parentCmdline;
+    private String attackChain;
+    private String processTree;
+    private String hostFileSha256;
+    private String hostFileMd5;
+    private String hostFileSize;
+    private String hostFileType;
+    private String destCountry;
+    private String destCountryCode;
+    private String logOrigin;
+    private String destRegion;
+    private String srcLat;
+    private String destRegionCode;
+    private String destCity;
+    private String destLon;
+    private String destLat;
+    private Integer eventCategory;
+    private Integer attackResult;
+    private String probeIp;
+    private String deviceIp;
+    private String deviceManufacturer;
+    private String deviceName;
+    private String productName;
+    private String id1;
+    private Long count;
+    private String countReason;
+    private Integer eventType;
+    private String protocol;
+    private String shellCmd;
+    private String parentName;
+    private String hostFilePath;
+    private String uid;
+    private Integer fall;
+    private String tcMiguanServerIp;
+    private Integer devType;
+    private Integer collectMethod;
+    private Integer fieldCateId;
+    private Integer deviceType;
+    private String tcMiguanClientIp;
+    private String tcMiguanName;
+    private Long originTotalPackages;
+    private Long originTotalBytes;
+    private Long originPeakPackagesRate;
+    private Long originPeakBytesRate;
+    private Long originPeakFlowsRate;
+    private String aptOrgname;
+    private String aptOrgmsg;
+    private String mailMessageId;
+    private String mailBcc;
+    private String mailSize;
+    private String mailAttachHashcode;
+    private String mailUrl;
+    private String mailCc;
+    private String algorithm;
+    private String miningpoolIp;
+    private String processMd5;
+    private String pprocessMd5;
+    private String sourceServername;
+    private String originSourceServername;
+    private String mailFilename;
+    private String dstUploadAppname;
+    private Long targetPort;
+    private String gid;
+    private String originUid;
+    private String originGid;
+    private Long targetPorts;
+    private String tcMiguanName1;
+    private String tcMiguanClass1;
+    private Long etlTime;
+    private String tcMiguanScanPort2;
+    private String desipSecurityScope;
+    private String srcipSecurityScope;
+    private Long collectTimeTs;
+    private String tcMiguanScanPort1;
+    private String srcDevName;
+    private String collectProtocol;
+    private String destinationSystemType;
+    private String destinationSystem;
+    private String etlHost;
+    private Integer normalizeRuleId;
+    private String normalizeRuleName;
+    private String syslogUuid;
+    private String syslogTopic;
+
+}
\ No newline at end of file
diff --git a/haobang-security-xdr/syslog-consumer/src/main/java/com/common/entity/SyslogNormalData.java b/haobang-security-xdr/syslog-consumer/src/main/java/com/common/entity/SyslogNormalData.java
new file mode 100644
index 0000000..df9168a
--- /dev/null
+++ b/haobang-security-xdr/syslog-consumer/src/main/java/com/common/entity/SyslogNormalData.java
@@ -0,0 +1,381 @@
+package com.common.entity;
+
+import lombok.Data;
+import java.math.BigDecimal;
+import java.time.LocalDateTime;
+
+@Data
+public class SyslogNormalData {
+    private String id;
+    private LocalDateTime createdAt;
+    private LocalDateTime logTime;
+    private Integer deviceId;
+    private String webshellType;
+    private String vuirsType;
+    private String vuirsUrl;
+    private String classFilename;
+    private String classPath;
+    private String parentClass;
+    private String jarPath;
+    private String classMd5;
+    private String classLoader;
+    private String classHashcode;
+    private String classLoaderHashcode;
+    private String tcNameip;
+    private String performSql;
+    private String tcAccount;
+    private String tcAppname;
+    private String processUname;
+    private String pProcessUname;
+    private String containerName;
+    private String containerId;
+    private String httpRespServer;
+    private Long srcipId;
+    private String cdnip;
+    private String natip;
+    private String mailSender;
+    private String mailReceiver;
+    private String vpnMac;
+    private String vpnOs;
+    private String vpnUser;
+    private String vpnGroupname;
+    private String vpnAccessIp;
+    private Boolean destIpApt;
+    private String originAttackResult;
+    private String description;
+    private String solution;
+    private String attackCause;
+    private String username;
+    private String tcFlowId;
+    private String loginResult;
+    private String cmdline;
+    private String originAttackAction;
+    private String victimDomain;
+    private String vpnDeviceid;
+    private String vpnAccessAction;
+    private Long fileAccessTime;
+    private String fileName;
+    private String tcClass;
+    private String tcName2;
+    private Long loginLasttime;
+    private String originPermissions;
+    private String beginPermissions;
+    private Long printTime;
+    private String printer;
+    private String printerType;
+    private Long printPages;
+    private Long printCopies;
+    private String srcDevice;
+    private String dstDevice;
+    private String srcFile;
+    private String srcFileType;
+    private String srcFilePath;
+    private String dstFile;
+    private String dstFileType;
+    private String dstFilePath;
+    private String dlpPolicyName;
+    private String dlpPolicyType;
+    private String dstUploadUrl;
+    private String processUuid;
+    private String pProcessUuid;
+    private String env;
+    private String bruteForceService;
+    private String vuirsName;
+    private Long httpReqLength;
+    private String httpReqContentType;
+    private String tcScanPort;
+    private String tcLabels;
+    private String httpRespContentType;
+    private String dnsMsgType;
+    private String dnsAnswerLength;
+    private Boolean dnsIoc;
+    private BigDecimal txBytes;
+    private BigDecimal rxBytes;
+    private BigDecimal allBytes;
+    private Long durationTime;
+    private String mailAttachName;
+    private String mailSubject;
+    private String mailMessage;
+    private String mailSendServer;
+    private String mailAgent;
+    private String tlsVersion;
+    private String tlsServerCert;
+    private String tlsServerSuite;
+    private String tlsClientSuitesLen;
+    private String tlsJa3;
+    private String tlsJa3s;
+    private String vpnAccessPort;
+    private String logTopic;
+    private Long collectTime;
+    private Boolean srcIsIntranetip;
+    private Boolean srcIpIoc;
+    private Boolean srcIpApt;
+    private String srcipName;
+    private String tcClient;
+    private Long srcipOrganizationId;
+    private Boolean destIpIntranetip;
+    private Boolean destIpIoc;
+    private Long desipId;
+    private String desipName;
+    private String tcHostip;
+    private Long desipOrganizationId;
+    private String originConfidence;
+    private String originMalscore;
+    private String attackerIcampaign;
+    private Long attackerHostAssetId;
+    private Long attackerOrganizationId;
+    private Long victimHostAssetId;
+    private Long victimOrganizationId;
+    private Long logoutTime;
+    private String httpReqLine;
+    private String desipSecurityScopeId;
+    private String srcipSecurityScopeId;
+    private Long httpRespLength;
+    private String tcAttackType;
+    private String tcRealip;
+    private String attackerIpLists;
+    private String loginPassword;
+    private String detail;
+    private String attackerCountryCode;
+    private String attackerRegionCode;
+    private String victimRegionCode;
+    private String payload;
+    private String httpReferer;
+    private String httpUserAgent;
+    private String httpSession;
+    private String httpQueryString;
+    private String filePath;
+    private String filePermission;
+    private String loginAbnormalType;
+    private String fileTag;
+    private String filePlatform;
+    private String targetIp;
+    private String collectDate;
+    private String tcClientIp;
+    private String tcServerIp;
+    private String tcExternalip;
+    private Long httpStatusCode;
+    private String deviceDomian;
+    private String srcIpStr;
+    private String srcPortStr;
+    private String destIpStr;
+    private String destPortStr;
+    private String pcap;
+    private String ioc;
+    private String maliciousFamily;
+    private String vulnCve;
+    private String aliyunType;
+    private String attackerHostAssetName;
+    private String attackerOrganizationName;
+    private String ctId;
+    private String cveList;
+    private String desipOrganizationName;
+    private String destIpGroup;
+    private String fileGid;
+    private String fileOwner;
+    private String fileOwnergroup;
+    private String fileUid;
+    private String httpRespCookie;
+    private String originRuleId;
+    private String originRuleName;
+    private String serviceName;
+    private String srcIpAssetGroup;
+    private String srcipOrganizationName;
+    private String victimHostAssetName;
+    private Long httpRespCodes;
+    private String victimOrganizationName;
+    private String tcType;
+    private String direction;
+    private String httpReqCookie;
+    private String httpReqProtocol;
+    private String httpReqHeaderRaw;
+    private String httpUrl;
+    private String uname;
+    private String originHostname;
+    private String originOs;
+    private String originAgentMac;
+    private String originHostId;
+    private String originAgentVersion;
+    private String originAgentId;
+    private String originAgentName;
+    private String originWorkGroup;
+    private String originAssetGroup;
+    private Long originLocalPort;
+    private String originAgentIp;
+    private String originInternalIp;
+    private String originExternalIp;
+    private String originLocalAddr;
+    private Long agentId;
+    private String agentName;
+    private String tcTitle;
+    private String logId;
+    private LocalDateTime eventDate;
+    private Long eventTimeTs;
+    private Integer eventLevel;
+    private String srcIp;
+    private Long srcPort;
+    private String destIp;
+    private Long destPort;
+    private Long eventTime;
+    private String attackerCountry;
+    private String srcMac;
+    private String destMac;
+    private String proto;
+    private Long devId;
+    private Long createdTime;
+    private String srcCountry;
+    private String srcCountryCode;
+    private String srcRegion;
+    private String srcRegionCode;
+    private String srcCity;
+    private String srcLon;
+    private String httpMethod;
+    private String httpHost;
+    private String httpReqHeader;
+    private String httpReqBody;
+    private String httpRespHeader;
+    private String httpRespBody;
+    private String fileType;
+    private String fileMd5;
+    private String fileSize;
+    private String process;
+    private Long startTime;
+    private String action;
+    private String attackerRegion;
+    private Long endTime;
+    private Long fileCreatedTime;
+    private Long fileModifiedTime;
+    private String tcMiguanScanPort;
+    private String processPath;
+    private String parentProcessPath;
+    private String gname;
+    private String exeName;
+    private String exePath;
+    private Long loginTime;
+    private Long loginTimes;
+    private String checkItem;
+    private String checkType;
+    private String attackerIp;
+    private Long attackerPort;
+    private String victimIp;
+    private Long victimPort;
+    private String attackerCity;
+    private String attackerLon;
+    private String attackerLat;
+    private String victimCountry;
+    private String victimRegion;
+    private String victimCity;
+    private String victimLon;
+    private String victimLat;
+    private String originEventId;
+    private String originEventName;
+    private String originEventCategory;
+    private String originEventLevel;
+    private String originAttackChain;
+    private String engineType;
+    private String evilPayload;
+    private String httpRespStatus;
+    private String dnsQuery;
+    private String dnsQueryType;
+    private String dnsTtl;
+    private String dnsAnswer;
+    private String dnsSubdomains;
+    private String fileSha256;
+    private String fileSsdeep;
+    private String victimCountryCode;
+    private String httpXffIp;
+    private String tcMiguanClass;
+    private String pid;
+    private String ppid;
+    private String processName;
+    private String backdoorType;
+    private String tty;
+    private String sudoUser;
+    private String sudoGroup;
+    private String originEventType;
+    private String destDomain;
+    private String shellCmdline;
+    private String parentCmdline;
+    private String attackChain;
+    private String processTree;
+    private String hostFileSha256;
+    private String hostFileMd5;
+    private String hostFileSize;
+    private String hostFileType;
+    private String destCountry;
+    private String destCountryCode;
+    private String logOrigin;
+    private String destRegion;
+    private String srcLat;
+    private String destRegionCode;
+    private String destCity;
+    private String destLon;
+    private String destLat;
+    private Integer eventCategory;
+    private Integer attackResult;
+    private String probeIp;
+    private String deviceIp;
+    private String deviceManufacturer;
+    private String deviceName;
+    private String productName;
+    private String id1;
+    private Long count;
+    private String countReason;
+    private Integer eventType;
+    private String protocol;
+    private String shellCmd;
+    private String parentName;
+    private String hostFilePath;
+    private String uid;
+    private Integer fall;
+    private String tcMiguanServerIp;
+    private Integer devType;
+    private Integer collectMethod;
+    private Integer fieldCateId;
+    private Integer deviceType;
+    private String tcMiguanClientIp;
+    private String tcMiguanName;
+    private Long originTotalPackages;
+    private Long originTotalBytes;
+    private Long originPeakPackagesRate;
+    private Long originPeakBytesRate;
+    private Long originPeakFlowsRate;
+    private String aptOrgname;
+    private String aptOrgmsg;
+    private String mailMessageId;
+    private String mailBcc;
+    private String mailSize;
+    private String mailAttachHashcode;
+    private String mailUrl;
+    private String mailCc;
+    private String algorithm;
+    private String miningpoolIp;
+    private String processMd5;
+    private String pprocessMd5;
+    private String sourceServername;
+    private String originSourceServername;
+    private String mailFilename;
+    private String dstUploadAppname;
+    private Long targetPort;
+    private String gid;
+    private String originUid;
+    private String originGid;
+    private Long targetPorts;
+    private String tcMiguanName1;
+    private String tcMiguanClass1;
+    private Long etlTime;
+    private String tcMiguanScanPort2;
+    private String desipSecurityScope;
+    private String srcipSecurityScope;
+    private Long collectTimeTs;
+    private String tcMiguanScanPort1;
+    private String srcDevName;
+    private String collectProtocol;
+    private String destinationSystemType;
+    private String destinationSystem;
+    private String etlHost;
+    private Integer normalizeRuleId;
+    private String normalizeRuleName;
+    private String syslogUuid;
+    private String syslogTopic;
+}
\ No newline at end of file
diff --git a/haobang-security-xdr/syslog-consumer/src/main/java/com/common/entity/SyslogRequest.java b/haobang-security-xdr/syslog-consumer/src/main/java/com/common/entity/SyslogRequest.java
new file mode 100644
index 0000000..b04848f
--- /dev/null
+++ b/haobang-security-xdr/syslog-consumer/src/main/java/com/common/entity/SyslogRequest.java
@@ -0,0 +1,90 @@
+package com.common.entity;
+
+import javax.validation.constraints.NotBlank;
+import javax.validation.constraints.NotNull;
+
+public class SyslogRequest {
+
+    @NotBlank(message = "IP地址不能为空")
+    private String ip;
+
+    @NotNull(message = "端口号不能为空")
+    private Integer port;
+
+    @NotBlank(message = "日志内容不能为空")
+    private String logContent;
+
+    private String protocol = "UDP"; // 默认UDP协议
+    private String facility = "USER"; // 设施
+    private String severity = "INFO"; // 严重级别
+
+    // 构造函数
+    public SyslogRequest() {}
+
+    public SyslogRequest(String ip, Integer port, String logContent) {
+        this.ip = ip;
+        this.port = port;
+        this.logContent = logContent;
+    }
+
+    // Getter和Setter方法
+    public String getIp() {
+        return ip;
+    }
+
+    public void setIp(String ip) {
+        this.ip = ip;
+    }
+
+    public Integer getPort() {
+        return port;
+    }
+
+    public void setPort(Integer port) {
+        this.port = port;
+    }
+
+    public String getLogContent() {
+        return logContent;
+    }
+
+    public void setLogContent(String logContent) {
+        this.logContent = logContent;
+    }
+
+    public String getProtocol() {
+        return protocol;
+    }
+
+    public void setProtocol(String protocol) {
+        this.protocol = protocol;
+    }
+
+    public String getFacility() {
+        return facility;
+    }
+
+    public void setFacility(String facility) {
+        this.facility = facility;
+    }
+
+    public String getSeverity() {
+        return severity;
+    }
+
+    public void setSeverity(String severity) {
+        this.severity = severity;
+    }
+
+    @Override
+    public String toString() {
+        return "SyslogRequest{" +
+                "ip='" + ip + '\'' +
+                ", port=" + port +
+                ", logContent='" + logContent + '\'' +
+                ", protocol='" + protocol + '\'' +
+                ", facility='" + facility + '\'' +
+                ", severity='" + severity + '\'' +
+                '}';
+    }
+}
\ No newline at end of file
diff --git a/haobang-security-xdr/syslog-consumer/src/main/java/com/common/entity/XdrHoneypot.java b/haobang-security-xdr/syslog-consumer/src/main/java/com/common/entity/XdrHoneypot.java
new file mode 100644
index 0000000..fe4871d
--- /dev/null
+++ b/haobang-security-xdr/syslog-consumer/src/main/java/com/common/entity/XdrHoneypot.java
@@ -0,0 +1,260 @@
+package com.common.entity;
+
+import java.time.LocalDateTime;
+
+/**
+ * XDR Honeypot 实体类
+ * 对应数据库表 xdr_honeypot
+ */
+public class XdrHoneypot {
+    private Long id;
+    private String vcsource;
+    private String dstartTime;
+    private String dtime;
+    private String riskLevel;
+    private String vcconnection;
+    private String fileInfo;
+    private String extra;
+    private String vctype;
+    private String agentSn;
+    private String agentName;
+    private String honeypotId;
+    private String honeypotName;
+    private String srcIp;
+    private String srcPort;
+    private String srcMac;
+    private String destIp;
+    private String destPort;
+    private String proxyIp;
+    private String node;
+    private LocalDateTime createTime;
+
+    // 默认构造函数
+    public XdrHoneypot() {
+        this.createTime = LocalDateTime.now();
+    }
+
+    // 带参构造函数
+    public XdrHoneypot(String vcsource, String dstartTime, String dtime, String riskLevel,
+                       String vcconnection, String fileInfo, String extra, String vctype,
+                       String agentSn, String agentName, String honeypotId, String honeypotName,
+                       String srcIp, String srcPort, String srcMac, String destIp,
+                       String destPort, String proxyIp, String node) {
+        this();
+        this.vcsource = vcsource;
+        this.dstartTime = dstartTime;
+        this.dtime = dtime;
+        this.riskLevel = riskLevel;
+        this.vcconnection = vcconnection;
+        this.fileInfo = fileInfo;
+        this.extra = extra;
+        this.vctype = vctype;
+        this.agentSn = agentSn;
+        this.agentName = agentName;
+        this.honeypotId = honeypotId;
+        this.honeypotName = honeypotName;
+        this.srcIp = srcIp;
+        this.srcPort = srcPort;
+        this.srcMac = srcMac;
+        this.destIp = destIp;
+        this.destPort = destPort;
+        this.proxyIp = proxyIp;
+        this.node = node;
+    }
+
+    // Getter 和 Setter 方法
+    public Long getId() {
+        return id;
+    }
+
+    public void setId(Long id) {
+        this.id = id;
+    }
+
+    public String getVcsource() {
+        return vcsource;
+    }
+
+    public void setVcsource(String vcsource) {
+        this.vcsource = vcsource;
+    }
+
+    public String getDstartTime() {
+        return dstartTime;
+    }
+
+    public void setDstartTime(String dstartTime) {
+        this.dstartTime = dstartTime;
+    }
+
+    public String getDtime() {
+        return dtime;
+    }
+
+    public void setDtime(String dtime) {
+        this.dtime = dtime;
+    }
+
+    public String getRiskLevel() {
+        return riskLevel;
+    }
+
+    public void setRiskLevel(String riskLevel) {
+        this.riskLevel = riskLevel;
+    }
+
+    public String getVcconnection() {
+        return vcconnection;
+    }
+
+    public void setVcconnection(String vcconnection) {
+        this.vcconnection = vcconnection;
+    }
+
+    public String getFileInfo() {
+        return fileInfo;
+    }
+
+    public void setFileInfo(String fileInfo) {
+        this.fileInfo = fileInfo;
+    }
+
+    public String getExtra() {
+        return extra;
+    }
+
+    public void setExtra(String extra) {
+        this.extra = extra;
+    }
+
+    public String getVctype() {
+        return vctype;
+    }
+
+    public void setVctype(String vctype) {
+        this.vctype = vctype;
+    }
+
+    public String getAgentSn() {
+        return agentSn;
+    }
+
+    public void setAgentSn(String agentSn) {
+        this.agentSn = agentSn;
+    }
+
+    public String getAgentName() {
+        return agentName;
+    }
+
+    public void setAgentName(String agentName) {
+        this.agentName = agentName;
+    }
+
+    public String getHoneypotId() {
+        return honeypotId;
+    }
+
+    public void setHoneypotId(String honeypotId) {
+        this.honeypotId = honeypotId;
+    }
+
+    public String getHoneypotName() {
+        return honeypotName;
+    }
+
+    public void setHoneypotName(String honeypotName) {
+        this.honeypotName = honeypotName;
+    }
+
+    public String getSrcIp() {
+        return srcIp;
+    }
+
+    public void setSrcIp(String srcIp) {
+        this.srcIp = srcIp;
+    }
+
+    public String getSrcPort() {
+        return srcPort;
+    }
+
+    public void setSrcPort(String srcPort) {
+        this.srcPort = srcPort;
+    }
+
+    public String getSrcMac() {
+        return srcMac;
+    }
+
+    public void setSrcMac(String srcMac) {
+        this.srcMac = srcMac;
+    }
+
+    public String getDestIp() {
+        return destIp;
+    }
+
+    public void setDestIp(String destIp) {
+        this.destIp = destIp;
+    }
+
+    public String getDestPort() {
+        return destPort;
+    }
+
+    public void setDestPort(String destPort) {
+        this.destPort = destPort;
+    }
+
+    public String getProxyIp() {
+        return proxyIp;
+    }
+
+    public void setProxyIp(String proxyIp) {
+        this.proxyIp = proxyIp;
+    }
+
+    public String getNode() {
+        return node;
+    }
+
+    public void setNode(String node) {
+        this.node = node;
+    }
+
+    public LocalDateTime getCreateTime() {
+        return createTime;
+    }
+
+    public void setCreateTime(LocalDateTime createTime) {
+        this.createTime = createTime;
+    }
+
+    @Override
+    public String toString() {
+        return "XdrHoneypot{" +
+                "id=" + id +
+                ", vcsource='" + vcsource + '\'' +
+                ", dstartTime='" + dstartTime + '\'' +
+                ", dtime='" + dtime + '\'' +
+                ", riskLevel='" + riskLevel + '\'' +
+                ", vcconnection='" + vcconnection + '\'' +
+                ", fileInfo='" + fileInfo + '\'' +
+                ", extra='" + extra + '\'' +
+                ", vctype='" + vctype + '\'' +
+                ", agentSn='" + agentSn + '\'' +
+                ", agentName='" + agentName + '\'' +
+                ", honeypotId='" + honeypotId + '\'' +
+                ", honeypotName='" + honeypotName + '\'' +
+                ", srcIp='" + srcIp + '\'' +
+                ", srcPort='" + srcPort + '\'' +
+                ", srcMac='" + srcMac + '\'' +
+                ", destIp='" + destIp + '\'' +
+                ", destPort='" + destPort + '\'' +
+                ", proxyIp='" + proxyIp + '\'' +
+                ", node='" + node + '\'' +
+                ", createTime=" + createTime +
+                '}';
+    }
+}
\ No newline at end of file
diff --git a/haobang-security-xdr/syslog-consumer/src/main/java/com/common/mapper/AlarmMapper.java b/haobang-security-xdr/syslog-consumer/src/main/java/com/common/mapper/AlarmMapper.java
new file mode 100644
index 0000000..61adaf9
--- /dev/null
+++ b/haobang-security-xdr/syslog-consumer/src/main/java/com/common/mapper/AlarmMapper.java
@@ -0,0 +1,80 @@
+package com.common.mapper;
+
+import com.common.entity.Alarm;
+import org.apache.ibatis.annotations.*;
+import java.util.List;
+
+
+@Mapper
+public interface AlarmMapper {
+
+    /**
+     * 批量插入告警数据
+     */
+    @Insert({"<script>",
+            "INSERT INTO alarm (",
+            "id, created_at, alarm_name, alarm_level, alarm_type, ",
+            "alarm_major_type, alarm_minor_type,alarm_area_id, attack_ip, victim_ip, ",
+            "device_id, comment,origin_log_ids,log_start_at, log_end_at, http_status, ",
+            "attack_port, victim_port, attack_method, etl_time, log_count, ",
+            "attack_chain_phase, disposition_advice, attack_direction, ",
+            "judged_state, disposed_state, attack_result, fall, payload, " ,
+            "http_req_header  , http_req_body,http_resp_header , http_resp_body ",
+            ") VALUES ",
+            "<foreach collection='list' item='item' separator=','>",
+            "( #{item.id}, #{item.createdAt}, #{item.alarmName}, #{item.alarmLevel}, ",
+            "#{item.alarmType}, #{item.alarmMajorType}, #{item.alarmMinorType}, #{item.alarmAreaId}, ",
+            "#{item.attackIp, typeHandler=com.Modules.etl.handler.ArrayStringTypeHandler}, ",
+            "#{item.victimIp, typeHandler=com.Modules.etl.handler.ArrayStringTypeHandler}, ",
+            "#{item.deviceId, typeHandler=com.Modules.etl.handler.ArrayIntegerTypeHandler}, ",
+            "#{item.comment}, " ,
+            "#{item.originLogIds, typeHandler=com.Modules.etl.handler.ArrayStringTypeHandler}, ",
+            "#{item.logStartAt}, #{item.logEndAt}, #{item.httpStatus}, ",
+            "#{item.attackPort, typeHandler=com.Modules.etl.handler.ArrayIntegerTypeHandler}, ",
+            "#{item.victimPort, typeHandler=com.Modules.etl.handler.ArrayIntegerTypeHandler}, ",
+            "#{item.attackMethod}, #{item.etlTime}, #{item.logCount}, ",
+            "#{item.attackChainPhase, typeHandler=com.Modules.etl.handler.ArrayIntegerTypeHandler}, ",
+            "#{item.dispositionAdvice}, #{item.attackDirection}, ",
+            "#{item.judgedState}, #{item.disposedState}, #{item.attackResult}, #{item.fall}, ",
+            "#{item.payload}, ",
+            "#{item.httpReqHeaders, typeHandler=com.Modules.etl.handler.ArrayStringTypeHandler}, ",
+            "#{item.httpReqBodys, typeHandler=com.Modules.etl.handler.ArrayStringTypeHandler}, ",
+            "#{item.httpRespHeaders, typeHandler=com.Modules.etl.handler.ArrayStringTypeHandler}, ",
+            "#{item.httpRespBodys, typeHandler=com.Modules.etl.handler.ArrayStringTypeHandler})",
+            "</foreach>",
+            "</script>"})
+    void batchInsert(@Param("list") List<Alarm> alarmList);
+
+    /**
+     * 单条插入告警数据
+     */
+    @Insert("INSERT INTO alarm (" +
+            "id, created_at, alarm_name, alarm_level, alarm_type, " +
+            "alarm_major_type, alarm_minor_type,alarm_area_id, attack_ip, victim_ip, " +
+            "device_id, comment,origin_log_ids, log_start_at, log_end_at, http_status, " +
+            "attack_port, victim_port, attack_method, etl_time, log_count, " +
+            "attack_chain_phase, disposition_advice, attack_direction, " +
+            "judged_state, disposed_state, attack_result, fall, payload, " +
+            "http_req_header  , http_req_body,http_resp_header , http_resp_body " +
+            ") VALUES (" +
+            "#{id}, #{createdAt}, #{alarmName}, #{alarmLevel}, " +
+            "#{alarmType}, #{alarmMajorType}, #{alarmMinorType}, #{alarmAreaId}, " +
+            "#{attackIp, typeHandler=com.Modules.etl.handler.ArrayStringTypeHandler}, " +
+            "#{victimIp, typeHandler=com.Modules.etl.handler.ArrayStringTypeHandler}, " +
+            "#{deviceId, typeHandler=com.Modules.etl.handler.ArrayIntegerTypeHandler}, " +
+            "#{comment}, " +
+            "#{originLogIds, typeHandler=com.Modules.etl.handler.ArrayStringTypeHandler}, " +
+            "#{logStartAt}, #{logEndAt}, #{httpStatus}, " +
+            "#{attackPort, typeHandler=com.Modules.etl.handler.ArrayIntegerTypeHandler}, " +
+            "#{victimPort, typeHandler=com.Modules.etl.handler.ArrayIntegerTypeHandler}, " +
+            "#{attackMethod}, #{etlTime}, #{logCount}, " +
+            "#{attackChainPhase, typeHandler=com.Modules.etl.handler.ArrayIntegerTypeHandler}, " +
+            "#{dispositionAdvice}, #{attackDirection}, " +
+            "#{judgedState}, #{disposedState}, #{attackResult}, #{fall}, #{payload}, " +
+            "#{httpReqHeaders, typeHandler=com.Modules.etl.handler.ArrayStringTypeHandler}, " +
+            "#{httpReqBodys, typeHandler=com.Modules.etl.handler.ArrayStringTypeHandler}, " +
+            "#{httpRespHeaders, typeHandler=com.Modules.etl.handler.ArrayStringTypeHandler}, " +
+            "#{httpRespBodys, typeHandler=com.Modules.etl.handler.ArrayStringTypeHandler}   " +
+            ")")
+    void insert(Alarm alarm);
+}
\ No newline at end of file
diff --git a/haobang-security-xdr/syslog-consumer/src/main/java/com/common/mapper/AlarmVisitMapper.java b/haobang-security-xdr/syslog-consumer/src/main/java/com/common/mapper/AlarmVisitMapper.java
new file mode 100644
index 0000000..8d3cfd2
--- /dev/null
+++ b/haobang-security-xdr/syslog-consumer/src/main/java/com/common/mapper/AlarmVisitMapper.java
@@ -0,0 +1,84 @@
+package com.common.mapper;
+
+import com.common.entity.Alarm;
+import com.common.entity.AlarmVisit;
+import org.apache.ibatis.annotations.Insert;
+import org.apache.ibatis.annotations.Mapper;
+import org.apache.ibatis.annotations.Param;
+
+import java.util.List;
+
+
+@Mapper
+public interface AlarmVisitMapper {
+
+    /**
+     * 批量插入告警数据
+     */
+    @Insert({"<script>",
+            "INSERT INTO alarm_visit (",
+            "id, created_at, alarm_name, alarm_level, alarm_type, ",
+            "alarm_major_type, alarm_minor_type,alarm_area_id, attack_ip, victim_ip, ",
+            "device_id, comment,origin_log_ids,log_start_at, log_end_at, http_status, ",
+            "attack_port, victim_port, attack_method, etl_time, log_count, ",
+            "attack_chain_phase, disposition_advice, attack_direction, ",
+            "judged_state, disposed_state, attack_result, fall, payload, " ,
+            "http_req_header  , http_req_body,http_resp_header , http_resp_body ",
+            ") VALUES ",
+            "<foreach collection='list' item='item' separator=','>",
+            "(#{item.id}, #{item.createdAt}, #{item.alarmName}, #{item.alarmLevel}, ",
+            "#{item.alarmType}, #{item.alarmMajorType}, #{item.alarmMinorType}, #{item.alarmAreaId}, ",
+            "#{item.attackIp, typeHandler=com.Modules.etl.handler.ArrayStringTypeHandler}, ",
+            "#{item.victimIp, typeHandler=com.Modules.etl.handler.ArrayStringTypeHandler}, ",
+            "#{item.deviceId, typeHandler=com.Modules.etl.handler.ArrayIntegerTypeHandler}, ",
+            "#{item.comment}, " ,
+            "#{item.originLogIds, typeHandler=com.Modules.etl.handler.ArrayStringTypeHandler}, ",
+            "#{item.logStartAt}, #{item.logEndAt}, #{item.httpStatus}, ",
+            "#{item.attackPort, typeHandler=com.Modules.etl.handler.ArrayIntegerTypeHandler}, ",
+            "#{item.victimPort, typeHandler=com.Modules.etl.handler.ArrayIntegerTypeHandler}, ",
+            "#{item.attackMethod}, #{item.etlTime}, #{item.logCount}, ",
+            "#{item.attackChainPhase, typeHandler=com.Modules.etl.handler.ArrayIntegerTypeHandler}, ",
+            "#{item.dispositionAdvice}, #{item.attackDirection}, ",
+            "#{item.judgedState}, #{item.disposedState}, #{item.attackResult}, #{item.fall}, ",
+            "#{item.payload}, ",
+            "#{item.httpReqHeaders, typeHandler=com.Modules.etl.handler.ArrayStringTypeHandler}, ",
+            "#{item.httpReqBodys, typeHandler=com.Modules.etl.handler.ArrayStringTypeHandler}, ",
+            "#{item.httpRespHeaders, typeHandler=com.Modules.etl.handler.ArrayStringTypeHandler}, ",
+            "#{item.httpRespBodys, typeHandler=com.Modules.etl.handler.ArrayStringTypeHandler}) ",
+            "</foreach>",
+            "</script>"})
+    void batchInsert(@Param("list") List<AlarmVisit> alarmList);
+
+    /**
+     * 单条插入告警数据
+     */
+    @Insert("INSERT INTO alarm_visit (" +
+            "id, created_at, alarm_name, alarm_level, alarm_type, " +
+            "alarm_major_type, alarm_minor_type,alarm_area_id, attack_ip, victim_ip, " +
+            "device_id, comment,origin_log_ids, log_start_at, log_end_at, http_status, " +
+            "attack_port, victim_port, attack_method, etl_time, log_count, " +
+            "attack_chain_phase, disposition_advice, attack_direction, " +
+            "judged_state, disposed_state, attack_result, fall, payload, " +
+            "http_req_header  , http_req_body,http_resp_header , http_resp_body " +
+            ") VALUES (" +
+            "#{id}, #{createdAt}, #{alarmName}, #{alarmLevel}, " +
+            "#{alarmType}, #{alarmMajorType}, #{alarmMinorType}, #{alarmAreaId}, " +
+            "#{attackIp, typeHandler=com.Modules.etl.handler.ArrayStringTypeHandler}, " +
+            "#{victimIp, typeHandler=com.Modules.etl.handler.ArrayStringTypeHandler}, " +
+            "#{deviceId, typeHandler=com.Modules.etl.handler.ArrayIntegerTypeHandler}, " +
+            "#{comment}, " +
+            "#{originLogIds, typeHandler=com.Modules.etl.handler.ArrayStringTypeHandler}, " +
+            "#{logStartAt}, #{logEndAt}, #{httpStatus}, " +
+            "#{attackPort, typeHandler=com.Modules.etl.handler.ArrayIntegerTypeHandler}, " +
+            "#{victimPort, typeHandler=com.Modules.etl.handler.ArrayIntegerTypeHandler}, " +
+            "#{attackMethod}, #{etlTime}, #{logCount}, " +
+            "#{attackChainPhase, typeHandler=com.Modules.etl.handler.ArrayIntegerTypeHandler}, " +
+            "#{dispositionAdvice}, #{attackDirection}, " +
+            "#{judgedState}, #{disposedState}, #{attackResult}, #{fall}, #{payload}, " +
+            "#{httpReqHeaders, typeHandler=com.Modules.etl.handler.ArrayStringTypeHandler}, " +
+            "#{httpReqBodys, typeHandler=com.Modules.etl.handler.ArrayStringTypeHandler}, " +
+            "#{httpRespHeaders, typeHandler=com.Modules.etl.handler.ArrayStringTypeHandler}, " +
+            "#{httpRespBodys, typeHandler=com.Modules.etl.handler.ArrayStringTypeHandler}   " +
+            ")")
+    void insert(AlarmVisit alarm);
+}
\ No newline at end of file
diff --git a/haobang-security-xdr/syslog-consumer/src/main/java/com/common/mapper/AppLogMapper.java b/haobang-security-xdr/syslog-consumer/src/main/java/com/common/mapper/AppLogMapper.java
new file mode 100644
index 0000000..7d91a44
--- /dev/null
+++ b/haobang-security-xdr/syslog-consumer/src/main/java/com/common/mapper/AppLogMapper.java
@@ -0,0 +1,41 @@
+package com.common.mapper;
+
+
+import com.common.entity.AppLogEntity;
+import org.apache.ibatis.annotations.*;
+
+import java.time.LocalDateTime;
+import java.util.List;
+
+@Mapper
+public interface AppLogMapper {
+
+    /**
+     * 插入日志
+     */
+    @Insert("INSERT INTO applog (es_index, es_type, es_id, es_score, dt_time, collect_time, log_type, " +
+            "trace_id, method, app_name, ip, class_name, env, content, thread_name, log_level, seq, " +
+            "indexed_at, log_date, created_at, updated_at) " +
+            "VALUES (#{esIndex}, #{esType}, #{esId}, #{esScore}, #{dtTime}, #{collectTime}, #{logType}, " +
+            "#{traceId}, #{method}, #{appName}, #{ip}, #{className}, #{env}, #{content}, #{threadName}, " +
+            "#{logLevel}, #{seq}, #{indexedAt}, #{logDate}, #{createdAt}, #{updatedAt})")
+    @Options(useGeneratedKeys = true, keyProperty = "id")
+    int insert(AppLogEntity appLog);
+
+    /**
+     * 批量插入
+     */
+    int batchInsert(@Param("list") List<AppLogEntity> appLogs);
+
+    /**
+     * 根据ES ID检查是否存在
+     */
+    @Select("SELECT COUNT(1) FROM applog WHERE es_id = #{esId}")
+    boolean existsByEsId(String esId);
+
+    /**
+     * 根据ES ID和索引检查是否存在
+     */
+    @Select("SELECT COUNT(1) FROM applog WHERE es_id = #{esId} AND es_index = #{esIndex}")
+    boolean existsByEsIdAndIndex(@Param("esId") String esId, @Param("esIndex") String esIndex);
+}
\ No newline at end of file
diff --git a/haobang-security-xdr/syslog-consumer/src/main/java/com/common/mapper/DeviceCollectTaskMapper.java b/haobang-security-xdr/syslog-consumer/src/main/java/com/common/mapper/DeviceCollectTaskMapper.java
new file mode 100644
index 0000000..3a05666
--- /dev/null
+++ b/haobang-security-xdr/syslog-consumer/src/main/java/com/common/mapper/DeviceCollectTaskMapper.java
@@ -0,0 +1,192 @@
+package com.common.mapper;
+
+import com.common.entity.DeviceCollectTask;
+import org.apache.ibatis.annotations.*;
+import java.util.List;
+import java.util.Map;
+import org.apache.ibatis.annotations.Mapper;
+import org.apache.ibatis.annotations.Param;
+import org.apache.ibatis.annotations.Update;
+import com.baomidou.mybatisplus.core.mapper.BaseMapper;
+import java.time.LocalDateTime;
+import java.util.List;
+
+@Mapper
+public interface DeviceCollectTaskMapper extends BaseMapper<DeviceCollectTask>{
+
+    /**
+     * 根据ID查询采集任务
+     */
+    @Select("SELECT * FROM device_collect_task WHERE id = #{id}")
+    DeviceCollectTask selectById(Integer id);
+
+    /**
+     * 查询所有采集任务
+     */
+    @Select("SELECT * FROM device_collect_task")
+    List<DeviceCollectTask> selectAll();
+
+    /**
+     * 根据设备ID查询采集任务
+     */
+    @Select("SELECT * FROM device_collect_task WHERE device_id = #{deviceId}")
+    List<DeviceCollectTask> selectByDeviceId(Integer deviceId);
+
+    /**
+     * 根据方法类型查询采集任务
+     */
+    @Select("SELECT * FROM device_collect_task WHERE method = #{method}")
+    List<DeviceCollectTask> selectByMethod(Integer method);
+
+    /**
+     * 根据任务名称模糊查询
+     */
+    @Select("SELECT * FROM device_collect_task WHERE task_name LIKE CONCAT('%', #{taskName}, '%')")
+    List<DeviceCollectTask> selectByTaskNameLike(String taskName);
+
+    /**
+     * 查询成功的采集任务
+     */
+    @Select("SELECT * FROM device_collect_task WHERE last_success_time IS NOT NULL")
+    List<DeviceCollectTask> selectSuccessTasks();
+
+    /**
+     * 查询失败的采集任务
+     */
+    @Select("SELECT * FROM device_collect_task WHERE last_failed_time IS NOT NULL")
+    List<DeviceCollectTask> selectFailedTasks();
+
+    /**
+     * 多条件组合查询
+     */
+    List<DeviceCollectTask> selectByCondition(DeviceCollectTask condition);
+
+    /**
+     * 插入采集任务
+     */
+    @Insert("INSERT INTO device_collect_task (created_at, updated_at, device_id, method, task_name, " +
+            "first_time, last_success_time, last_failed_time, detail_id, epm, epm_peak, " +
+            "process_architecture, task_count, recent_discover_time, epm_upper_limit) " +
+            "VALUES (NOW(), NOW(), #{deviceId}, #{method}, #{taskName}, #{firstTime}, " +
+            "#{lastSuccessTime}, #{lastFailedTime}, #{detailId}, #{epm}, #{epmPeak}, " +
+            "#{processArchitecture}, #{taskCount}, #{recentDiscoverTime}, #{epmUpperLimit})")
+    @Options(useGeneratedKeys = true, keyProperty = "id")
+    int insert(DeviceCollectTask task);
+
+    /**
+     * 更新采集任务
+     */
+    @Update("UPDATE device_collect_task SET " +
+            "updated_at = NOW(), " +
+            "device_id = #{deviceId}, " +
+            "method = #{method}, " +
+            "task_name = #{taskName}, " +
+            "first_time = #{firstTime}, " +
+            "last_success_time = #{lastSuccessTime}, " +
+            "last_failed_time = #{lastFailedTime}, " +
+            "detail_id = #{detailId}, " +
+            "epm = #{epm}, " +
+            "epm_peak = #{epmPeak}, " +
+            "process_architecture = #{processArchitecture}, " +
+            "task_count = #{taskCount}, " +
+            "recent_discover_time = #{recentDiscoverTime}, " +
+            "epm_upper_limit = #{epmUpperLimit} " +
+            "WHERE id = #{id}")
+    int update(DeviceCollectTask task);
+
+    /**
+     * 删除采集任务
+     */
+    @Delete("DELETE FROM device_collect_task WHERE id = #{id}")
+    int deleteById(Integer id);
+
+    /**
+     * 根据设备ID删除采集任务
+     */
+    @Delete("DELETE FROM device_collect_task WHERE device_id = #{deviceId}")
+    int deleteByDeviceId(Integer deviceId);
+
+    /**
+     * 更新任务成功状态
+     */
+    @Update("UPDATE device_collect_task SET " +
+            "last_success_time = NOW(), " +
+            "updated_at = NOW(), " +
+            "task_count = COALESCE(task_count, 0) + 1 " +
+            "WHERE id = #{id}")
+    int updateSuccessStatus(Integer id);
+
+    /**
+     * 更新任务失败状态
+     */
+    @Update("UPDATE device_collect_task SET " +
+            "last_failed_time = NOW(), " +
+            "updated_at = NOW() " +
+            "WHERE id = #{id}")
+    int updateFailedStatus(Integer id);
+
+    /**
+     * 更新EPM指标
+     */
+    @Update("UPDATE device_collect_task SET " +
+            "epm = #{epm}, " +
+            "epm_peak = GREATEST(COALESCE(epm_peak, 0), #{epm}), " +
+            "updated_at = NOW() " +
+            "WHERE id = #{id}")
+    int updateEpm(@Param("id") Integer id, @Param("epm") Integer epm);
+
+    /**
+     * 统计设备采集任务数量
+     */
+    @Select("SELECT COUNT(*) FROM device_collect_task WHERE device_id = #{deviceId}")
+    int countByDeviceId(Integer deviceId);
+
+    /**
+     * 获取设备的最新采集任务
+     */
+    @Select("SELECT * FROM device_collect_task WHERE device_id = #{deviceId} ORDER BY updated_at DESC LIMIT 1")
+    DeviceCollectTask selectLatestByDeviceId(Integer deviceId);
+
+
+    /**
+     * 批量更新设备采集任务的时间
+     */
+    @Update("<script>" +
+            "<foreach collection='tasks' item='task' separator=';'>" +
+            "UPDATE device_collect_task SET " +
+            "  first_time = CASE " +
+            "    WHEN first_time IS NULL AND #{task.firstTime}::TIMESTAMP IS NOT NULL THEN #{task.firstTime}::TIMESTAMP " +
+            "    ELSE first_time " +
+            "  END, " +
+            "  last_success_time = #{task.lastSuccessTime}::TIMESTAMP, " +
+            "  last_failed_time = #{task.lastFailedTime}::TIMESTAMP, " +
+            "  updated_at = #{task.updatedAt}::TIMESTAMP " +
+            "WHERE id = #{task.id}" +
+            "</foreach>" +
+            "</script>")
+    int batchUpdateTimes(@Param("tasks") List<DeviceCollectTask> tasks);
+
+    /**
+     * 更新单个任务的时间
+     */
+    @Update("UPDATE device_collect_task " +
+            "SET first_time = CASE " +
+            "    WHEN first_time IS NULL AND #{firstTime}::TIMESTAMP IS NOT NULL THEN #{firstTime}::TIMESTAMP " +
+            "    ELSE first_time " +
+            "  END, " +
+            "  last_success_time = #{lastSuccessTime}::TIMESTAMP, " +
+            "  last_failed_time = #{lastFailTime}::TIMESTAMP, " +
+            "  updated_at = #{updateTime}::TIMESTAMP " +
+            "WHERE id = #{deviceCollectId}")
+    int updateTaskTime(@Param("deviceCollectId") String deviceCollectId,
+                       @Param("firstTime") LocalDateTime firstTime,
+                       @Param("lastSuccessTime") LocalDateTime lastSuccessTime,
+                       @Param("lastFailTime") LocalDateTime lastFailTime,
+                       @Param("updateTime") LocalDateTime updateTime);
+
+    /**
+     * 查询所有设备任务
+     */
+    @Select("SELECT * FROM device_collect_task")
+    List<DeviceCollectTask> selectAllTasks();
+}
\ No newline at end of file
diff --git a/haobang-security-xdr/syslog-consumer/src/main/java/com/common/mapper/DeviceReceiveLogMapper.java b/haobang-security-xdr/syslog-consumer/src/main/java/com/common/mapper/DeviceReceiveLogMapper.java
new file mode 100644
index 0000000..cf38883
--- /dev/null
+++ b/haobang-security-xdr/syslog-consumer/src/main/java/com/common/mapper/DeviceReceiveLogMapper.java
@@ -0,0 +1,124 @@
+package com.common.mapper;
+
+
+import com.common.entity.DeviceCollectTaskTime;
+import com.common.entity.DeviceReceiveLog;
+import org.apache.ibatis.annotations.Mapper;
+import org.apache.ibatis.annotations.Param;
+
+import java.time.LocalDateTime;
+import java.util.List;
+import java.util.Map;
+import org.apache.ibatis.annotations.Param;
+import org.apache.ibatis.annotations.Select;
+@Mapper
+public interface DeviceReceiveLogMapper {
+
+    /**
+     * 插入单条记录
+     */
+    int insert(DeviceReceiveLog log);
+
+    /**
+     * 批量插入记录
+     */
+    int batchInsert(@Param("list") List<DeviceReceiveLog> logs);
+
+    /**
+     * 根据ID查询
+     */
+    DeviceReceiveLog selectById(@Param("id") Long id);
+
+    /**
+     * 根据设备ID查询
+     */
+    List<DeviceReceiveLog> selectByDeviceId(@Param("deviceId") Integer deviceId);
+
+    /**
+     * 根据采集探针ID查询
+     */
+    List<DeviceReceiveLog> selectByCollectId(@Param("collectId") Integer collectId);
+
+    /**
+     * 根据IP地址查询
+     */
+    List<DeviceReceiveLog> selectByDeviceIp(@Param("deviceIp") String deviceIp);
+
+    /**
+     * 根据时间范围查询
+     */
+    List<DeviceReceiveLog> selectByTimeRange(
+            @Param("startTime") LocalDateTime startTime,
+            @Param("endTime") LocalDateTime endTime);
+
+    /**
+     * 多条件组合查询
+     */
+    List<DeviceReceiveLog> selectByCondition(DeviceReceiveLog condition);
+
+    /**
+     * 统计设备接收日志数量
+     */
+    Long countByCondition(DeviceReceiveLog condition);
+
+    /**
+     * 根据时间范围删除旧数据
+     */
+    int deleteByTimeRange(
+            @Param("startTime") LocalDateTime startTime,
+            @Param("endTime") LocalDateTime endTime);
+
+    /**
+     * 获取最近N条记录
+     */
+    List<DeviceReceiveLog> selectRecent(@Param("limit") Integer limit);
+
+    /**
+     * 按设备分组统计日志数量
+     */
+    List<Map<String, Object>> countByDeviceGroup();
+
+
+    /**
+     * 查询当天每个设备的最新成功时间
+     */
+    @Select("SELECT device_collect_id, MAX(created_at) AS last_success_time " +
+            "FROM device_receive_log " +
+            "WHERE push_success = true " +
+            "AND created_at >= CURRENT_DATE " +
+            "GROUP BY device_collect_id")
+    List<DeviceCollectTaskTime> selectDailySuccessTimes();
+
+    /**
+     * 查询当天每个设备的最新失败时间
+     */
+    @Select("SELECT device_collect_id, MAX(created_at) AS last_fail_time " +
+            "FROM device_receive_log " +
+            "WHERE push_success = false " +
+            "AND created_at >= CURRENT_DATE " +
+            "GROUP BY device_collect_id")
+    List<DeviceCollectTaskTime> selectDailyFailTimes();
+
+    /**
+     * 查询每个设备的首次成功时间（历史最早）
+     */
+    @Select("SELECT device_collect_id, MIN(created_at) AS first_success_time " +
+            "FROM device_receive_log " +
+            "WHERE push_success = true " +
+            "GROUP BY device_collect_id")
+    List<DeviceCollectTaskTime> selectFirstSuccessTimes();
+
+    /**
+     * 查询指定时间范围内的成功记录
+     */
+    @Select("SELECT device_collect_id, MIN(created_at) AS first_time, " +
+            "MAX(created_at) AS last_success_time " +
+            "FROM device_receive_log " +
+            "WHERE push_success = true " +
+            "AND created_at >= #{startTime} " +
+            "AND created_at < #{endTime} " +
+            "GROUP BY device_collect_id")
+    List<DeviceCollectTaskTime> selectSuccessTimesByRange(
+            @Param("startTime") LocalDateTime startTime,
+            @Param("endTime") LocalDateTime endTime);
+}
diff --git a/haobang-security-xdr/syslog-consumer/src/main/java/com/common/mapper/DmColumnMapper.java b/haobang-security-xdr/syslog-consumer/src/main/java/com/common/mapper/DmColumnMapper.java
new file mode 100644
index 0000000..5ecc359
--- /dev/null
+++ b/haobang-security-xdr/syslog-consumer/src/main/java/com/common/mapper/DmColumnMapper.java
@@ -0,0 +1,70 @@
+package com.common.mapper;
+
+
+import com.common.entity.DmColumn;
+import org.apache.ibatis.annotations.*;
+
+import java.util.List;
+import java.util.Map;
+
+@Mapper
+public interface DmColumnMapper {
+
+    // 查询所有列
+    @Select("SELECT * FROM dm_column WHERE deleted_at IS NULL")
+    List<DmColumn> findAll();
+
+    // 根据ID查询
+   // @Select("SELECT * FROM dm_column WHERE id = #{id} AND deleted_at IS NULL")
+    DmColumn findById(Long id);
+
+    // 根据名称查询
+    @Select("SELECT * FROM dm_column WHERE name = #{name} AND deleted_at IS NULL")
+    DmColumn findByName(String name);
+
+    // 根据显示名称模糊查询
+    @Select("SELECT * FROM dm_column WHERE display_name LIKE CONCAT('%', #{displayName}, '%') AND deleted_at IS NULL")
+    List<DmColumn> findByDisplayName(String displayName);
+
+    // 根据是否内置查询
+    @Select("SELECT * FROM dm_column WHERE is_built_in = #{isBuiltIn} AND deleted_at IS NULL")
+    List<DmColumn> findByIsBuiltIn(Boolean isBuiltIn);
+
+    // 插入数据
+    @Insert("INSERT INTO dm_column (created_at, updated_at, name, display_name, storage_data_type, " +
+            "business_data_type, is_built_in, is_hidden, is_not_normalizable, is_required, category_id, " +
+            "custom_asset_category_id, is_virtual, table_id, asset_table_id, column_set_id, base_type, " +
+            "user_task_id, created_by_id, create_dept, create_by, create_time, update_by, update_time) " +
+            "VALUES (NOW(), NOW(), #{name}, #{displayName}, #{storageDataType}, #{businessDataType}, " +
+            "#{isBuiltIn}, #{isHidden}, #{isNotNormalizable}, #{isRequired}, #{categoryId}, " +
+            "#{customAssetCategoryId}, #{isVirtual}, #{tableId}, #{assetTableId}, #{columnSetId}, " +
+            "#{baseType}, #{userTaskId}, #{createdById}, #{createDept}, #{createBy}, #{createTime}, " +
+            "#{updateBy}, #{updateTime})")
+    @Options(useGeneratedKeys = true, keyProperty = "id")
+    int insert(DmColumn dmColumn);
+
+    // 批量插入
+    @Insert("<script>" +
+            "INSERT INTO dm_column (created_at, updated_at, name, display_name, is_built_in, is_hidden) " +
+            "VALUES " +
+            "<foreach collection='list' item='item' separator=','>" +
+            "(NOW(), NOW(), #{item.name}, #{item.displayName}, #{item.isBuiltIn}, #{item.isHidden})" +
+            "</foreach>" +
+            "</script>")
+    int batchInsert(List<DmColumn> dmColumns);
+
+    // 查询条件构造（使用XML方式）
+    List<DmColumn> findByCondition(DmColumn condition);
+
+    // 统计数量
+    @Select("SELECT COUNT(*) FROM dm_column WHERE deleted_at IS NULL")
+    Long count();
+
+
+    /**
+     *  查询所有数据标准化字段
+     * @param
+     * @return 数据标准化字段
+     */
+    List<Map<String, Object>>  selectAllNormal();
+}
\ No newline at end of file
diff --git a/haobang-security-xdr/syslog-consumer/src/main/java/com/common/mapper/DmNormalizeRuleMapper.java b/haobang-security-xdr/syslog-consumer/src/main/java/com/common/mapper/DmNormalizeRuleMapper.java
new file mode 100644
index 0000000..abea148
--- /dev/null
+++ b/haobang-security-xdr/syslog-consumer/src/main/java/com/common/mapper/DmNormalizeRuleMapper.java
@@ -0,0 +1,46 @@
+package com.common.mapper;
+import org.apache.ibatis.annotations.Mapper;
+import org.apache.ibatis.annotations.Param;
+import com.common.entity.DmNormalizeRule;
+import java.util.List;
+import java.util.Map;
+
+@Mapper
+public interface DmNormalizeRuleMapper {
+
+    /**
+     * 根据ID查询数据标准化规则
+     * @param id 主键ID
+     * @return 数据标准化规则对象
+     */
+    DmNormalizeRule selectById(@Param("id") Long id);
+
+    /**
+     * 根据Device ID查询数据标准化规则
+     * @param id  主键device ID
+     * @return 数据标准化规则对象
+     */
+    List<Map<String, Object>> selectByDeviceId(@Param("id") Long id);
+
+    /**
+     * 根据ID更新数据标准化规则
+     * @param rule 数据标准化规则对象
+     * @return 更新影响的行数
+     */
+    int updateById(DmNormalizeRule rule);
+
+    /**
+     * 根据ID和租户ID查询（带租户隔离）
+     * @param id 主键ID
+     * @param tenantId 租户ID
+     * @return 数据标准化规则对象
+     */
+    DmNormalizeRule selectByIdAndTenant(@Param("id") Long id, @Param("tenantId") String tenantId);
+
+    /**
+     * 根据ID和租户ID更新（带租户隔离）
+     * @param rule 数据标准化规则对象
+     * @return 更新影响的行数
+     */
+    int updateByIdAndTenant(DmNormalizeRule rule);
+}
\ No newline at end of file
diff --git a/haobang-security-xdr/syslog-consumer/src/main/java/com/common/mapper/SecExceptionAlgorithmMapper.java b/haobang-security-xdr/syslog-consumer/src/main/java/com/common/mapper/SecExceptionAlgorithmMapper.java
new file mode 100644
index 0000000..7144fe8
--- /dev/null
+++ b/haobang-security-xdr/syslog-consumer/src/main/java/com/common/mapper/SecExceptionAlgorithmMapper.java
@@ -0,0 +1,18 @@
+// SecExceptionAlgorithmMapper.java
+package com.common.mapper;
+
+import com.common.entity.SecExceptionAlgorithm;
+import org.apache.ibatis.annotations.Mapper;
+import org.apache.ibatis.annotations.Select;
+import org.apache.ibatis.annotations.Param;
+import java.util.List;
+
+@Mapper
+public interface SecExceptionAlgorithmMapper {
+
+    @Select("SELECT * FROM sec_exception_algorithm WHERE status = 1 AND del_flag = '0'")
+    List<SecExceptionAlgorithm> findEnabledAlgorithms();
+
+    @Select("SELECT * FROM sec_exception_algorithm WHERE id = #{id}")
+    SecExceptionAlgorithm findById(@Param("id") Long id);
+}
\ No newline at end of file
diff --git a/haobang-security-xdr/syslog-consumer/src/main/java/com/common/mapper/SyslogNonNormalMessageMapper.java b/haobang-security-xdr/syslog-consumer/src/main/java/com/common/mapper/SyslogNonNormalMessageMapper.java
new file mode 100644
index 0000000..fe4550d
--- /dev/null
+++ b/haobang-security-xdr/syslog-consumer/src/main/java/com/common/mapper/SyslogNonNormalMessageMapper.java
@@ -0,0 +1,88 @@
+package com.common.mapper;
+
+
+import com.baomidou.mybatisplus.core.mapper.BaseMapper;
+import com.common.entity.SyslogNonNormalMessage;
+import org.apache.ibatis.annotations.Mapper;
+import org.apache.ibatis.annotations.Param;
+import org.apache.ibatis.annotations.Select;
+
+import java.time.LocalDateTime;
+import java.util.List;
+import java.util.Map;
+
+/**
+ * 非标日志Mapper接口
+ */
+@Mapper
+public interface SyslogNonNormalMessageMapper extends BaseMapper<SyslogNonNormalMessage> {
+
+    /**
+     * 批量插入非标日志
+     * @param list 日志列表
+     * @return 插入数量
+     */
+    int batchInsert(@Param("list") List<SyslogNonNormalMessage> list);
+
+    /**
+     * 根据时间段查询非标日志
+     * @param startTime 开始时间
+     * @param endTime 结束时间
+     * @return 日志列表
+     */
+    @Select("SELECT * FROM syslog_non_normal_message WHERE log_time BETWEEN #{startTime} AND #{endTime} AND del_flag = '0'")
+    List<SyslogNonNormalMessage> findByTimeRange(@Param("startTime") LocalDateTime startTime,
+                                                 @Param("endTime") LocalDateTime endTime);
+
+    /**
+     * 根据设备ID和状态统计
+     * @param deviceId 设备ID
+     * @param ruleResult 规则结果
+     * @return 统计结果
+     */
+    @Select("SELECT COUNT(*) as count FROM syslog_non_normal_message " +
+            "WHERE device_id = #{deviceId} AND rule_result = #{ruleResult} AND del_flag = '0'")
+    Map<String, Object> countByDeviceAndResult(@Param("deviceId") Integer deviceId,
+                                               @Param("ruleResult") String ruleResult);
+
+    /**
+     * 逻辑删除非标日志
+     * @param id 日志ID
+     * @return 更新数量
+     */
+    @Select("UPDATE syslog_non_normal_message SET del_flag = '1', update_time = NOW() WHERE id = #{id}")
+    int logicalDelete(@Param("id") String id);
+
+
+
+    /**
+     * 根据ID和创建时间批量查询非标日志
+     * @param ids ID列表
+     * @param createdAts 创建时间列表
+     * @return 非标日志列表
+     */
+    List<SyslogNonNormalMessage> getMessagesByIdsAndCreatedAts(
+            @Param("ids") List<String> ids,
+            @Param("createdAts") List<String> createdAts);
+
+    /**
+     * 根据ID列表批量查询非标日志
+     * @param ids ID列表
+     * @return 非标日志列表
+     */
+    List<SyslogNonNormalMessage> getMessagesByIds(@Param("ids") List<String> ids);
+
+    /**
+     * 批量更新del_flag字段
+     * @param messages 需要更新的非标日志列表
+     * @return 更新记录数
+     */
+    int updateBatchDelFlag(@Param("messages") List<SyslogNonNormalMessage> messages);
+
+    /**
+     * 批量更新记录
+     * @param messages 需要更新的非标日志列表
+     * @return 更新记录数
+     */
+    int updateBatch(@Param("messages") List<SyslogNonNormalMessage> messages);
+}
\ No newline at end of file
diff --git a/haobang-security-xdr/syslog-consumer/src/main/java/com/common/mapper/SyslogNormalAlarmMapper.java b/haobang-security-xdr/syslog-consumer/src/main/java/com/common/mapper/SyslogNormalAlarmMapper.java
new file mode 100644
index 0000000..06061dc
--- /dev/null
+++ b/haobang-security-xdr/syslog-consumer/src/main/java/com/common/mapper/SyslogNormalAlarmMapper.java
@@ -0,0 +1,84 @@
+package com.common.mapper;
+
+import com.common.entity.GroupedSyslogData;
+import com.common.entity.SyslogNormalData;
+import com.common.entity.SyslogNormalAlarm;
+import org.apache.ibatis.annotations.Mapper;
+import org.apache.ibatis.annotations.Param;
+import org.apache.ibatis.annotations.Select;
+
+import java.time.LocalDateTime;
+import java.util.List;
+import java.util.Map;
+
+@Mapper
+public interface SyslogNormalAlarmMapper {
+
+    /**
+     * 动态插入数据 - 使用 Map
+     */
+    int insertDynamic(@Param("dataMap") Map<String, Object> dataMap);
+
+    /**
+     * 动态插入数据 - 使用实体类
+     */
+    int insertByEntity(SyslogNormalAlarm entity);
+
+    /**
+     * 批量插入数据
+     */
+    int batchInsert(@Param("dataList") List<Map<String, Object>> dataList);
+
+
+    /**
+     * 统计24小时内分组数据量
+     */
+    @Select("SELECT count(1) as group_count from ( select  " +
+            "to_char(log_time, 'YYYYMMDD') || '_' || " +
+            "dest_ip || '_' || " +
+            "origin_event_name " +
+            "FROM syslog_normal_alarm " +
+            "WHERE log_time >= #{startTime} AND log_time < #{endTime} " +
+            "AND event_level >= 1 AND src_ip NOT IN ('127.0.0.1', '127.0.0.2') " +
+            "GROUP BY to_char(log_time, 'YYYYMMDD'),src_ip, dest_ip, origin_event_name  )" )
+    Long count24HoursGroupedData(@Param("startTime") LocalDateTime startTime,
+                                 @Param("endTime") LocalDateTime endTime);
+
+    /**
+     * 分页查询分组数据
+     */
+    @Select("SELECT " +
+            "to_char(log_time, 'YYYYMMDD') as log_date, " +
+            " MIN(origin_event_type)  AS first_event_type, " +
+            "ARRAY_AGG(DISTINCT  host(src_ip)::text)  as  attack_ips, " +
+            "origin_event_name, " +
+            "MIN(log_time) as min_log_time, " +
+            "MAX(log_time) as max_log_time, " +
+            "COUNT(1) as log_count, " +
+            "ARRAY_AGG(DISTINCT  host(dest_ip)::text) as victim_ips, " +
+            "ARRAY_AGG(DISTINCT device_id) as device_ids, " +
+            "ARRAY_AGG(DISTINCT id) as origin_log_ids, " +
+            "MAX(event_level) as max_event_level, " +
+            "MAX(origin_event_type) as event_type, " +
+            "MIN(event_type) as min_event_type, " +
+            "ARRAY_AGG(DISTINCT src_port::int4) as attack_ports, " +
+            "ARRAY_AGG(DISTINCT dest_port::int4) as victim_ports, " +
+            "ARRAY_AGG(DISTINCT http_resp_codes::text) as http_status_codes, " +
+            "ARRAY_AGG(DISTINCT payload::BYTEA) as payload_samples, " +
+            "ARRAY_AGG(DISTINCT http_req_header) as httpReqHeaders, " +
+            "ARRAY_AGG(DISTINCT http_req_body) as httpReqBodys, " +
+            "ARRAY_AGG(DISTINCT http_resp_header) as httpRespHeaders, " +
+            "ARRAY_AGG(DISTINCT http_resp_body) as httpRespBodys, " +
+            "STRING_AGG(DISTINCT COALESCE(host(dest_ip)::text, ''), ',') as victim_ips_str " +
+            "FROM syslog_normal_alarm  " +
+            "WHERE log_time >= #{startTime} AND log_time < #{endTime} " +
+            "AND event_level >= 1 AND src_ip NOT IN ('127.0.0.1', '127.0.0.2') " +
+            "GROUP BY to_char(log_time, 'YYYYMMDD'), src_ip, dest_ip, origin_event_name  " +
+            "ORDER BY log_date, dest_ip, origin_event_name  " +
+            "LIMIT #{pageSize} OFFSET #{offset}")
+    List<GroupedSyslogData> select24HoursGroupedDataByPage(
+            @Param("startTime") LocalDateTime startTime,
+            @Param("endTime") LocalDateTime endTime,
+            @Param("offset") int offset,
+            @Param("pageSize") int pageSize);
+}
\ No newline at end of file
diff --git a/haobang-security-xdr/syslog-consumer/src/main/java/com/common/mapper/SyslogNormalDataMapper.java b/haobang-security-xdr/syslog-consumer/src/main/java/com/common/mapper/SyslogNormalDataMapper.java
new file mode 100644
index 0000000..3335ac4
--- /dev/null
+++ b/haobang-security-xdr/syslog-consumer/src/main/java/com/common/mapper/SyslogNormalDataMapper.java
@@ -0,0 +1,101 @@
+package com.common.mapper;
+
+import com.common.entity.GroupedSyslogData;
+import com.common.entity.SyslogNormalData;
+import org.apache.ibatis.annotations.Mapper;
+import org.apache.ibatis.annotations.Param;
+import java.util.Map;
+import org.apache.ibatis.annotations.Select;
+import java.time.LocalDateTime;
+import java.util.List;
+@Mapper
+public interface SyslogNormalDataMapper {
+
+    /**
+     * 动态插入数据 - 使用 Map
+     */
+    int insertDynamic(@Param("dataMap") Map<String, Object> dataMap);
+
+    /**
+     * 动态插入数据 - 使用实体类
+     */
+    int insertByEntity(SyslogNormalData entity);
+
+    /**
+     * 批量插入数据
+     */
+    int batchInsert(@Param("dataList") java.util.List<Map<String, Object>> dataList);
+
+
+    /**
+     * 统计24小时内分组数据量
+     */
+    @Select("SELECT count(1) as group_count from ( select  " +
+            "to_char(log_time, 'YYYYMMDD') || '_' || " +
+            "dest_ip || '_' || " +
+            "origin_event_name " +
+            "FROM syslog_normal_data " +
+            "WHERE log_time >= #{startTime} AND log_time < #{endTime} " +
+            "AND   http_resp_codes =200 and   origin_event_type <> ''   and  origin_event_name='访问日志'  AND src_ip NOT IN ('127.0.0.1', '127.0.0.2') " +
+            "GROUP BY to_char(log_time, 'YYYYMMDD'),src_ip, dest_ip, origin_event_name  )" )
+    Long count24HoursGroupedData(@Param("startTime") LocalDateTime startTime,
+                                 @Param("endTime") LocalDateTime endTime);
+
+    /**
+     * 分页查询分组数据
+     */
+    @Select("SELECT " +
+            "to_char(log_time, 'YYYYMMDD') as log_date, " +
+            " MIN(origin_event_type)  AS first_event_type, " +
+            "ARRAY_AGG(DISTINCT  host(src_ip)::text)  as  attack_ips, " +
+            "origin_event_name, " +
+            "MIN(log_time) as min_log_time, " +
+            "MAX(log_time) as max_log_time, " +
+            "COUNT(1) as log_count, " +
+            "ARRAY_AGG(DISTINCT  host(dest_ip)::text) as victim_ips, " +
+            "ARRAY_AGG(DISTINCT device_id) as device_ids, " +
+            "ARRAY_AGG(DISTINCT id) as origin_log_ids, " +
+            "MAX(event_level) as max_event_level, " +
+            "MAX(origin_event_type) as event_type, " +
+            "MIN(event_type) as min_event_type, " +
+            "ARRAY_AGG(DISTINCT src_port::int4) as attack_ports, " +
+            "ARRAY_AGG(DISTINCT dest_port::int4) as victim_ports, " +
+            "ARRAY_AGG(DISTINCT http_resp_codes::text) as http_status_codes, " +
+            "ARRAY_AGG(DISTINCT payload::BYTEA) as payload_samples, " +
+            "ARRAY_AGG(DISTINCT http_req_header) as httpReqHeaders, " +
+            "ARRAY_AGG(DISTINCT http_req_body) as httpReqBodys, " +
+            "ARRAY_AGG(DISTINCT http_resp_header) as httpRespHeaders, " +
+            "ARRAY_AGG(DISTINCT http_resp_body) as httpRespBodys, " +
+            "STRING_AGG(DISTINCT COALESCE(host(dest_ip)::text, ''), ',') as victim_ips_str " +
+            "FROM syslog_normal_data " +
+            "WHERE log_time >= #{startTime} AND log_time < #{endTime} " +
+            "AND   http_resp_codes =200 and   origin_event_type <> ''   and  origin_event_name='访问日志' AND src_ip NOT IN ('127.0.0.1', '127.0.0.2') " +
+            "GROUP BY to_char(log_time, 'YYYYMMDD'), src_ip, dest_ip, origin_event_name  " +
+            "ORDER BY log_date, dest_ip, origin_event_name  " +
+            "LIMIT #{pageSize} OFFSET #{offset}")
+    List<GroupedSyslogData> select24HoursGroupedDataByPage(
+            @Param("startTime") LocalDateTime startTime,
+            @Param("endTime") LocalDateTime endTime,
+            @Param("offset") int offset,
+            @Param("pageSize") int pageSize);
+
+    /**
+     * 查询指定时间后的所需字段（使用XML映射）
+     * 注意：参数类型保持为LocalDateTime，但实际映射时使用类型处理器转换
+     */
+    List<SyslogNormalData> findRequiredFieldsAfterTime(@Param("startTime") LocalDateTime startTime);
+
+    /**
+     * 分页查询所需字段
+     */
+    List<SyslogNormalData> findRequiredFieldsByPage(
+            @Param("startTime") LocalDateTime startTime,
+            @Param("limit") int limit,
+            @Param("offset") int offset
+    );
+    @Select("SELECT * FROM syslog_normal_data WHERE created_at >= #{startTime, jdbcType=TIMESTAMP} ORDER BY created_at ASC")
+    List<SyslogNormalData> findAfterTime(@Param("startTime") LocalDateTime startTime);
+
+    @Select("SELECT * FROM syslog_normal_data WHERE id = #{id}")
+    SyslogNormalData findById(@Param("id") String id);
+}
\ No newline at end of file
diff --git a/haobang-security-xdr/syslog-consumer/src/main/java/com/common/mapper/XdrHoneypotMapper.java b/haobang-security-xdr/syslog-consumer/src/main/java/com/common/mapper/XdrHoneypotMapper.java
new file mode 100644
index 0000000..a1b178a
--- /dev/null
+++ b/haobang-security-xdr/syslog-consumer/src/main/java/com/common/mapper/XdrHoneypotMapper.java
@@ -0,0 +1,108 @@
+package com.common.mapper;
+
+import com.common.entity.XdrHoneypot;
+import org.apache.ibatis.annotations.*;
+
+import java.util.List;
+
+/**
+ * XDR Honeypot Mapper 接口
+ */
+public interface XdrHoneypotMapper {
+
+    /**
+     * 插入单条记录
+     */
+    @Insert("INSERT INTO xdr_honeypot (vcsource, dstart_time, dtime, risk_level, vcconnection, " +
+            "file_info, extra, vctype, agent_sn, agent_name, honeypot_id, honeypot_name, " +
+            "src_ip, src_port, src_mac, dest_ip, dest_port, proxy_ip, node) " +
+            "VALUES (#{vcsource}, #{dstartTime}, #{dtime}, #{riskLevel}, #{vcconnection}, " +
+            "#{fileInfo}, #{extra}, #{vctype}, #{agentSn}, #{agentName}, #{honeypotId}, #{honeypotName}, " +
+            "#{srcIp}, #{srcPort}, #{srcMac}, #{destIp}, #{destPort}, #{proxyIp}, #{node})")
+    @Options(useGeneratedKeys = true, keyProperty = "id")
+    int insert(XdrHoneypot xdrHoneypot);
+
+    /**
+     * 批量插入记录
+     */
+    int batchInsert(List<XdrHoneypot> xdrHoneypotList);
+
+    /**
+     * 根据ID查询记录
+     */
+    @Select("SELECT * FROM xdr_honeypot WHERE id = #{id}")
+    @Results({
+            @Result(property = "id", column = "id"),
+            @Result(property = "vcsource", column = "vcsource"),
+            @Result(property = "dstartTime", column = "dstart_time"),
+            @Result(property = "dtime", column = "dtime"),
+            @Result(property = "riskLevel", column = "risk_level"),
+            @Result(property = "vcconnection", column = "vcconnection"),
+            @Result(property = "fileInfo", column = "file_info"),
+            @Result(property = "extra", column = "extra"),
+            @Result(property = "vctype", column = "vctype"),
+            @Result(property = "agentSn", column = "agent_sn"),
+            @Result(property = "agentName", column = "agent_name"),
+            @Result(property = "honeypotId", column = "honeypot_id"),
+            @Result(property = "honeypotName", column = "honeypot_name"),
+            @Result(property = "srcIp", column = "src_ip"),
+            @Result(property = "srcPort", column = "src_port"),
+            @Result(property = "srcMac", column = "src_mac"),
+            @Result(property = "destIp", column = "dest_ip"),
+            @Result(property = "destPort", column = "dest_port"),
+            @Result(property = "proxyIp", column = "proxy_ip"),
+            @Result(property = "node", column = "node")
+    })
+    XdrHoneypot selectById(Long id);
+
+    /**
+     * 查询所有记录
+     */
+    @Select("SELECT * FROM xdr_honeypot ORDER BY id DESC")
+    @Results({
+            @Result(property = "dstartTime", column = "dstart_time"),
+            @Result(property = "riskLevel", column = "risk_level"),
+            @Result(property = "fileInfo", column = "file_info"),
+            @Result(property = "agentSn", column = "agent_sn"),
+            @Result(property = "agentName", column = "agent_name"),
+            @Result(property = "honeypotId", column = "honeypot_id"),
+            @Result(property = "honeypotName", column = "honeypot_name"),
+            @Result(property = "srcIp", column = "src_ip"),
+            @Result(property = "srcPort", column = "src_port"),
+            @Result(property = "srcMac", column = "src_mac"),
+            @Result(property = "destIp", column = "dest_ip"),
+            @Result(property = "destPort", column = "dest_port"),
+            @Result(property = "proxyIp", column = "proxy_ip")
+    })
+    List<XdrHoneypot> selectAll();
+
+    /**
+     * 根据源IP查询记录
+     */
+    @Select("SELECT * FROM xdr_honeypot WHERE src_ip = #{srcIp} ORDER BY dtime DESC")
+    List<XdrHoneypot> selectBySrcIp(String srcIp);
+
+    /**
+     * 根据风险等级查询记录
+     */
+    @Select("SELECT * FROM xdr_honeypot WHERE risk_level = #{riskLevel} ORDER BY dtime DESC")
+    List<XdrHoneypot> selectByRiskLevel(String riskLevel);
+
+    /**
+     * 更新记录
+     */
+    @Update("UPDATE xdr_honeypot SET risk_level = #{riskLevel}, extra = #{extra} WHERE id = #{id}")
+    int update(XdrHoneypot xdrHoneypot);
+
+    /**
+     * 根据ID删除记录
+     */
+    @Delete("DELETE FROM xdr_honeypot WHERE id = #{id}")
+    int delete(Long id);
+
+    /**
+     * 统计总记录数
+     */
+    @Select("SELECT COUNT(*) FROM xdr_honeypot")
+    long count();
+}
\ No newline at end of file
diff --git a/haobang-security-xdr/syslog-consumer/src/main/java/com/common/schedule/ETLOrchestrator.java b/haobang-security-xdr/syslog-consumer/src/main/java/com/common/schedule/ETLOrchestrator.java
new file mode 100644
index 0000000..01ceba9
--- /dev/null
+++ b/haobang-security-xdr/syslog-consumer/src/main/java/com/common/schedule/ETLOrchestrator.java
@@ -0,0 +1,115 @@
+package com.common.schedule;
+
+
+import com.common.service.DataExtractor;
+import  com.Modules.etl.handler.ETLRetryHandler;
+import lombok.extern.slf4j.Slf4j;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.scheduling.annotation.Scheduled;
+import org.springframework.stereotype.Component;
+import com.Modules.etl.TimeWindowCalculator;
+
+import java.time.LocalDateTime;
+import java.time.format.DateTimeFormatter;
+import com.common.service.DeviceReceiveLogService;
+import lombok.RequiredArgsConstructor;
+@Slf4j
+@Component
+@RequiredArgsConstructor
+public class ETLOrchestrator {
+
+    @Autowired
+    private DataExtractor dataExtractor;
+
+    @Autowired
+    private ETLRetryHandler retryHandler;
+
+    @Autowired
+    private  DeviceReceiveLogService deviceReceiveLogService;
+    /**
+     * 定时任务 - 从每小时第1分钟开始，5分钟间隔执行
+     */
+    @Scheduled(cron = "0 1/5 * * * ?")
+    public void scheduledETL() {
+        //log.info("开始定时ETL任务");
+        long startTime = System.currentTimeMillis();
+        DateTimeFormatter formatter = DateTimeFormatter.ofPattern("yyyy-MM-dd HH:mm:ss");
+        LocalDateTime[] currentWindow=TimeWindowCalculator.getPrevious5MinuteWindow();
+        String strStartTime= currentWindow[0].format(formatter);
+        String strEndTime= currentWindow[1].format(formatter);
+        log.info("ETL任务开始执行，开始时间：{},结束时间：{}",strStartTime,strEndTime );
+        try {
+            //retryHandler.executeWithRetry(() -> dataExtractor.extractAndProcess24HoursGroupedData());
+            retryHandler.executeWithRetry(() -> dataExtractor.extractAndProcessQueryHoursGroupedData(strStartTime,strEndTime ));
+            retryHandler.executeWithRetry(() -> dataExtractor.extractAndProcessQueryHoursAlarm(strStartTime,strEndTime ));
+            long endTime = System.currentTimeMillis();
+            long duration = (endTime - startTime) / 1000;
+            log.info("定时ETL任务执行完成，耗时: {} 秒", duration);
+
+        } catch (Exception e) {
+            log.error("定时ETL任务执行失败", e);
+        }
+    }
+
+    /**
+     * 手动触发ETL任务
+     */
+    public void triggerETLManually() {
+        log.info("手动触发ETL任务");
+        try {
+            //retryHandler.executeWithRetry(() ->
+                    //dataExtractor.extractAndProcess24HoursGroupedData());
+            retryHandler.executeWithRetry(() ->
+                    dataExtractor.extractAndProcessQueryHoursGroupedData("2025-11-01 00:00:00","2025-11-15 00:00:00"));
+            log.info("手动ETL任务执行完成");
+        } catch (Exception e) {
+            log.error("手动ETL任务执行失败", e);
+            throw new RuntimeException("ETL任务执行失败", e);
+        }
+    }
+
+    /**
+     * 手动触发ETL任务,参数开始时间，结束时间
+     * @param startTime
+     * @param endTime
+     */
+    public void triggerETLManuallyByTime(String startTime ,String endTime) {
+        log.info("手动触发ETL任务");
+        try {
+            retryHandler.executeWithRetry(() ->
+                    dataExtractor.extractAndProcessQueryHoursGroupedData( startTime ,  endTime ));
+            retryHandler.executeWithRetry(() -> dataExtractor.extractAndProcessQueryHoursAlarm(startTime,endTime ));
+            log.info("手动ETL任务执行完成");
+        } catch (Exception e) {
+            log.error("手动ETL任务执行失败", e);
+            throw new RuntimeException("ETL任务执行失败", e);
+        }
+    }
+
+    /**
+     * 每天凌晨3点清理2天前的数据
+     */
+    //@Scheduled(cron = "0 0 3 * * ?")
+    @Scheduled(cron = "0 * * * * ?")
+    public void cleanupOldLogs() {
+        try {
+            LocalDateTime cutoffTime = LocalDateTime.now().minusDays(2);
+            int deleted = deviceReceiveLogService.deleteOldLogs(cutoffTime);
+            log.info("定时清理任务完成，删除{}条2天前的日志", deleted);
+        } catch (Exception e) {
+            log.error("定时清理日志失败", e);
+        }
+    }
+
+
+    public static void main(String[] args) {
+
+        LocalDateTime befor= LocalDateTime.of(2025, 11, 1, 0, 0  ,0); // 默认2025年11月
+        LocalDateTime cutoffTime = LocalDateTime.now().minusDays(2);
+        DateTimeFormatter formatter = DateTimeFormatter.ofPattern("yyyy-MM-dd HH:mm:ss");
+        System.out.println(befor.format(formatter).toString());
+        System.out.println(cutoffTime.format(formatter).toString());
+    }
+
+
+}
\ No newline at end of file
diff --git a/haobang-security-xdr/syslog-consumer/src/main/java/com/common/schedule/PartitionTableSchedule.java b/haobang-security-xdr/syslog-consumer/src/main/java/com/common/schedule/PartitionTableSchedule.java
new file mode 100644
index 0000000..709b1b7
--- /dev/null
+++ b/haobang-security-xdr/syslog-consumer/src/main/java/com/common/schedule/PartitionTableSchedule.java
@@ -0,0 +1,122 @@
+package com.common.schedule;
+
+import com.common.service.PartitionTableService;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.scheduling.annotation.Scheduled;
+import org.springframework.stereotype.Component;
+import com.common.service.PartitionTableService;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.scheduling.annotation.Scheduled;
+import org.springframework.stereotype.Component;
+import java.util.List;
+@Component
+public class PartitionTableSchedule {
+
+    private static final Logger logger = LoggerFactory.getLogger(PartitionTableSchedule.class);
+
+    @Autowired
+    private PartitionTableService partitionTableService;
+
+    /**
+     * 每月15日凌晨1点执行
+     * cron表达式: 秒 分 时 日 月 周
+     */
+    @Scheduled(cron = "0 0 1 15 * ?")
+    public void createNextMonthPartitionTables() {
+        logger.info("开始执行创建下个月分区表任务...");
+
+        try {
+            int partitionCount = partitionTableService.getNextMonthPartitionCount();
+            logger.info("需要创建 {} 个分区表", partitionCount);
+
+            partitionTableService.createNextMonthPartitionTable();
+
+            logger.info("创建下个月分区表任务完成");
+        } catch (Exception e) {
+            logger.error("定时创建分区表任务失败: {}", e.getMessage(), e);
+        }
+    }
+
+    /**
+     * 测试任务 - 每分钟执行一次（开发环境使用）
+     * 生产环境注释或删除此方法
+     */
+    //@Scheduled(cron = "0 * * * * ?")
+    public void testCreatePartitionTables() {
+        logger.info("测试任务: 开始创建分区表...");
+        partitionTableService.createNextMonthPartitionTable();
+        logger.info("测试任务: 分区表创建完成");
+    }
+
+    /**
+     * 每天检查一次分区表状态（可选）
+     */
+    @Scheduled(cron = "0 0 2 * * ?")
+    public void checkPartitionTableStatus() {
+        logger.info("开始检查分区表状态...");
+        // 这里可以添加分区表状态检查逻辑
+        logger.info("分区表状态检查完成");
+    }
+
+
+    /**
+     * 每天检查第二天的分区表状态 - 凌晨2点执行
+     */
+    @Scheduled(cron = "0 0 2 * * ?")
+    public void checkTomorrowPartitionTable() {
+        logger.info("开始检查第二天的分区表状态...");
+
+        try {
+            PartitionTableService.PartitionTableStatus status =
+                    partitionTableService.checkTomorrowPartitionTable();
+
+            if (status.isExists()) {
+                logger.info("第二天分区表已存在: {}", status.getTableName());
+            } else if (status.isCreated()) {
+                logger.info("第二天分区表创建成功: {}", status.getTableName());
+            } else {
+                logger.warn("第二天分区表检查异常: {}", status.getMessage());
+                // 这里添加告警通知，比如发送邮件、短信等
+                //sendAlertNotification(status);
+            }
+
+        } catch (Exception e) {
+            logger.error("检查第二天分区表失败: {}", e.getMessage(), e);
+        }
+    }
+
+    /**
+     * 每周一检查未来7天的分区表状态
+     */
+    @Scheduled(cron = "0 0 3 * * MON")
+    public void checkNextWeekPartitionTables() {
+        logger.info("开始检查未来7天的分区表状态...");
+
+        try {
+            List<PartitionTableService.PartitionTableStatus> statusList = partitionTableService.checkFuturePartitionTables(7);
+
+            int missingCount = 0;
+            for (PartitionTableService.PartitionTableStatus status : statusList) {
+                if (!status.isExists()) {
+                    missingCount++;
+                    logger.warn("未来分区表缺失: {}", status.getTableName());
+                }
+            }
+
+            if (missingCount > 0) {
+                logger.warn("发现 {} 个未来分区表缺失", missingCount);
+                // 可以触发自动创建或发送告警
+            } else {
+                logger.info("未来7天分区表状态正常");
+            }
+
+        } catch (Exception e) {
+            logger.error("检查未来分区表失败: {}", e.getMessage(), e);
+        }
+    }
+
+}
\ No newline at end of file
diff --git a/haobang-security-xdr/syslog-consumer/src/main/java/com/common/schedule/ScheduledTask.java b/haobang-security-xdr/syslog-consumer/src/main/java/com/common/schedule/ScheduledTask.java
new file mode 100644
index 0000000..07656ce
--- /dev/null
+++ b/haobang-security-xdr/syslog-consumer/src/main/java/com/common/schedule/ScheduledTask.java
@@ -0,0 +1,58 @@
+package com.common.schedule;
+
+
+
+
+import com.common.service.EsToDbSyncService;
+import lombok.extern.slf4j.Slf4j;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.scheduling.annotation.Scheduled;
+import org.springframework.stereotype.Component;
+
+import java.time.LocalDate;
+import java.time.format.DateTimeFormatter;
+
+//众诚运维日志数据计划任务
+@Slf4j
+//@Component
+public class ScheduledTask {
+
+    @Autowired
+    private EsToDbSyncService esToDbSyncService;
+
+    private static final DateTimeFormatter INDEX_FORMATTER = DateTimeFormatter.ofPattern("yyyyMMdd");
+
+    /**
+     * 每天1点同步昨天的数据
+     */
+   //c
+    public void syncYesterdayData() {
+        log.info("开始执行昨天数据同步任务");
+        LocalDate yesterday = LocalDate.now().minusDays(1);
+        String indexName = "applog-" + yesterday.format(INDEX_FORMATTER);
+        esToDbSyncService.syncEsLogsByIndexToDatabase(indexName);
+        log.info("昨天数据同步任务完成");
+    }
+
+    /**
+     * 每天1,5,9,13,17,21点同步今天的数据
+     */
+   // @Scheduled(cron = "0 0 1,5,9,13,17,21 * * ?")
+    public void syncTodayData() {
+        log.info("开始执行今天数据同步任务");
+        LocalDate today = LocalDate.now();
+        String indexName = "applog-" + today.format(INDEX_FORMATTER);
+        esToDbSyncService.syncEsLogsByIndexToDatabase(indexName);
+        log.info("今天数据同步任务完成");
+    }
+
+    /**
+     * 手动同步指定日期的数据（可用于测试）
+     */
+    public void syncSpecificDateData(LocalDate date) {
+        log.info("开始执行指定日期数据同步任务: {}", date);
+        String indexName = "applog-" + date.format(INDEX_FORMATTER);
+        esToDbSyncService.syncEsLogsByIndexToDatabase(indexName);
+        log.info("指定日期数据同步任务完成: {}", date);
+    }
+}
\ No newline at end of file
diff --git a/haobang-security-xdr/syslog-consumer/src/main/java/com/common/service/AccessLogAlertService.java b/haobang-security-xdr/syslog-consumer/src/main/java/com/common/service/AccessLogAlertService.java
new file mode 100644
index 0000000..3a5f33a
--- /dev/null
+++ b/haobang-security-xdr/syslog-consumer/src/main/java/com/common/service/AccessLogAlertService.java
@@ -0,0 +1,397 @@
+package com.common.service;
+
+
+
+import com.alibaba.fastjson.JSON;
+import com.alibaba.fastjson.JSONArray;
+import com.alibaba.fastjson.JSONObject;
+import com.common.entity.AlarmVisit;
+import com.common.entity.SecExceptionAlgorithm;
+import com.common.entity.SyslogNormalData;
+import lombok.extern.slf4j.Slf4j;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.beans.factory.annotation.Value;
+import org.springframework.http.*;
+import org.springframework.scheduling.annotation.Async;
+import org.springframework.scheduling.annotation.EnableAsync;
+import org.springframework.scheduling.annotation.EnableScheduling;
+import org.springframework.scheduling.annotation.Scheduled;
+import org.springframework.stereotype.Service;
+import org.springframework.transaction.annotation.Transactional;
+import org.springframework.web.client.RestTemplate;
+
+import javax.annotation.PostConstruct;
+import java.time.LocalDateTime;
+import java.time.ZoneId;
+import java.time.ZonedDateTime;
+import java.time.format.DateTimeFormatter;
+import java.util.*;
+import java.util.concurrent.ConcurrentHashMap;
+import java.util.concurrent.atomic.AtomicBoolean;
+import com.common.mapper.*;
+import java.net.InetAddress;
+import com.common.util.AlgorithmResultParser;
+@Slf4j
+@Service
+@EnableScheduling
+@EnableAsync
+public class AccessLogAlertService {
+    @Autowired
+    private AlgorithmResultParser algorithmResultParser;
+    @Autowired
+    private RestTemplate restTemplate;
+
+    @Autowired
+    private SyslogNormalDataMapper syslogNormalDataMapper;
+
+    @Autowired
+    private SecExceptionAlgorithmMapper secExceptionAlgorithmMapper;
+
+    @Autowired
+    private AlarmVisitMapper alarmVisitMapper;
+
+    // 记录上次处理的时间戳
+    private LocalDateTime lastProcessTime;
+
+    // 时间格式化器
+    private static final DateTimeFormatter DATE_TIME_FORMATTER =
+            DateTimeFormatter.ofPattern("yyyy-MM-dd HH:mm:ss.SSS");
+
+    // 存储算法配置的缓存
+    private Map<Long, SecExceptionAlgorithm> algorithmCache = new ConcurrentHashMap<>();
+
+    @PostConstruct
+    public void init() {
+        // 初始化时设置为当前时间减2分钟
+        lastProcessTime = LocalDateTime.now().minusMinutes(2);
+        log.info("初始化AccessLogAlertService，上次处理时间: {}", lastProcessTime);
+
+        // 加载启用的算法配置到缓存
+        loadAlgorithmConfigs();
+    }
+
+    /**
+     * 加载启用的算法配置
+     */
+    private void loadAlgorithmConfigs() {
+        try {
+            List<SecExceptionAlgorithm> enabledAlgorithms = secExceptionAlgorithmMapper.findEnabledAlgorithms();
+            algorithmCache.clear();
+            for (SecExceptionAlgorithm algorithm : enabledAlgorithms) {
+                algorithmCache.put(algorithm.getId(), algorithm);
+            }
+            log.info("加载了 {} 个启用的算法配置", algorithmCache.size());
+        } catch (Exception e) {
+            log.error("加载算法配置失败: {}", e.getMessage(), e);
+        }
+    }
+
+    /**
+     * 定时任务入口 - 每2分钟执行一次
+     */
+    @Scheduled(cron = "0 */2 * * * ?")
+    @Async
+    public void processAccessLogAlert() {
+        log.info("开始执行访问日志告警处理任务");
+
+        try {
+            // 1. 刷新算法配置缓存
+            loadAlgorithmConfigs();
+
+            if (algorithmCache.isEmpty()) {
+                log.warn("没有启用的算法配置，跳过本次处理");
+                return;
+            }
+
+            // 2. 获取上次处理时间之后的日志数据
+            LocalDateTime currentTime = LocalDateTime.now();
+            //List<SyslogNormalData> newLogs = syslogNormalDataMapper.findAfterTime(lastProcessTime);
+            List<SyslogNormalData> newLogs = syslogNormalDataMapper.findRequiredFieldsAfterTime(lastProcessTime);
+            //List<SyslogNormalData> newLogs =algorithmResultParser.buildNewLogsFromExample();
+            if (newLogs.isEmpty()) {
+                log.info("没有发现新的日志数据，上次处理时间: {}", lastProcessTime);
+                return;
+            }
+
+            log.info("获取到 {} 条新的日志数据，时间范围: {} 到 {}",
+                    newLogs.size(), lastProcessTime, currentTime);
+
+            // 3. 处理每条启用的算法配置
+            for (SecExceptionAlgorithm algorithm : algorithmCache.values()) {
+                try {
+                    processAlgorithm(algorithm, newLogs);
+                } catch (Exception e) {
+                    log.error("处理算法配置失败 [算法ID: {}, 算法名称: {}]: {}",
+                            algorithm.getId(), algorithm.getAlgorithmName(), e.getMessage(), e);
+                }
+            }
+
+            // 4. 更新处理时间
+            lastProcessTime = currentTime;
+            log.info("访问日志告警处理任务完成，下次将从 {} 开始处理", lastProcessTime);
+
+        } catch (Exception e) {
+            log.error("访问日志告警处理任务异常: {}", e.getMessage(), e);
+        }
+    }
+
+    /**
+     * 处理单个算法配置
+     */
+    private void processAlgorithm(SecExceptionAlgorithm algorithm, List<SyslogNormalData> logs) {
+        log.info("开始处理算法: {} (ID: {})", algorithm.getAlgorithmName(), algorithm.getId());
+
+        // 1. 构建API请求参数
+        JSONArray requestBody = buildRequestBody(logs);
+
+        if (requestBody.isEmpty()) {
+            log.info("算法 {} 无有效的请求参数，跳过", algorithm.getAlgorithmName());
+            return;
+        }
+
+        // 2. 调用Python算子API
+        ResponseEntity<String> response = callAlgorithmApi(algorithm, requestBody);
+
+        if (response == null || !response.getStatusCode().is2xxSuccessful()) {
+            log.error("调用算法API失败: {} - {}", algorithm.getApiUrl(),
+                    response != null ? response.getStatusCode() : "无响应");
+            return;
+        }
+
+        // 直接解析响应体为JSONArray
+        JSONArray results = JSON.parseArray(response.getBody());
+        if (results == null || results.isEmpty()) {
+            log.info("算法 {} 未检测到告警", algorithm.getAlgorithmName());
+            return;
+        }
+
+
+        // 3. 解析API响应并写入告警表
+        processApiResponse(algorithm, response.getBody(), logs);
+    }
+
+    /**
+     * 构建API请求体
+     */
+    private JSONArray buildRequestBody(List<SyslogNormalData> logs) {
+        JSONArray requestArray = new JSONArray();
+
+        for (SyslogNormalData logData : logs) {
+            JSONObject logObject = new JSONObject();
+
+            // 按照要求的格式构建请求参数
+            logObject.put("_id", logData.getId() != null ? logData.getId() : "");
+            logObject.put("_index", "es1:skyeye-file-" +
+                    LocalDateTime.now().format(DateTimeFormatter.ofPattern("yyyy.MM.dd")));
+            logObject.put("_source.@timestamp",
+                    ZonedDateTime.of(logData.getLogTime(), ZoneId.systemDefault())
+                            .format(DateTimeFormatter.ISO_OFFSET_DATE_TIME));
+            logObject.put("_source.@version", "6");
+            logObject.put("_source.access_time",
+                    logData.getLogTime().format(DATE_TIME_FORMATTER));
+            logObject.put("_source.device_ip",
+                    logData.getDeviceIp() != null ? logData.getDeviceIp()  : "");
+            logObject.put("_source.dip",
+                    logData.getDestIp() != null ? logData.getDestIp()  : "");
+            logObject.put("_source.dport", logData.getDestPort() != null ? logData.getDestPort() : 0);
+            logObject.put("_source.dst_mac", logData.getDestMac() != null ? logData.getDestMac() : "");
+            logObject.put("_source.file_dir", logData.getHostFilePath() != null ? 1 : 0);
+            logObject.put("_source.file_md5", logData.getFileMd5() != null ? logData.getFileMd5() : "");
+            logObject.put("_source.filename", logData.getFileName() != null ? logData.getFileName() : "");
+
+            // Geo信息
+            JSONObject geoDip = new JSONObject();
+            geoDip.put("city_name", logData.getDestCity() != null ? logData.getDestCity() : "");
+            geoDip.put("continent_code", "");
+            geoDip.put("country_code2", "");
+            geoDip.put("country_name", logData.getDestCountry() != null ? logData.getDestCountry() : "");
+            geoDip.put("latitude", logData.getDestLat() != null ? logData.getDestLat() : "");
+            geoDip.put("longitude", logData.getDestLon() != null ? logData.getDestLon() : "");
+
+            JSONObject geoSip = new JSONObject();
+            geoSip.put("city_name", logData.getSrcCity() != null ? logData.getSrcCity() : "");
+            geoSip.put("continent_code", "");
+            geoSip.put("country_code2", logData.getSrcCountryCode() != null ? logData.getSrcCountryCode() : "");
+            geoSip.put("country_name", logData.getSrcCountry() != null ? logData.getSrcCountry() : "");
+            geoSip.put("latitude", logData.getSrcLat() != null ? logData.getSrcLat() : "");
+            geoSip.put("longitude", logData.getSrcLon() != null ? logData.getSrcLon() : "");
+
+            logObject.put("_source.geo_dip", geoDip);
+            logObject.put("_source.geo_sip", geoSip);
+
+            // HTTP相关字段
+            logObject.put("_source.host", logData.getHttpHost() != null ? logData.getHttpHost() : "");
+            logObject.put("_source.host_md5", logData.getHostFileMd5() != null ? logData.getHostFileMd5() : "");
+            logObject.put("_source.host_raw", logData.getHttpReqHeaderRaw() != null ? logData.getHttpReqHeaderRaw() : "");
+            logObject.put("_source.host_reraw",
+                    logData.getHttpReqHeaderRaw() != null ?
+                            new StringBuilder(logData.getHttpReqHeaderRaw()).reverse().toString() : "");
+            logObject.put("_source.method", logData.getHttpMethod() != null ? logData.getHttpMethod() : "");
+            logObject.put("_source.mime_type",
+                    logData.getHttpRespContentType() != null ? logData.getHttpRespContentType() : "");
+            logObject.put("_source.priv_info", "{\"product_type\": \"sensor\"}");
+            logObject.put("_source.proto", logData.getProto() != null ? logData.getProto() : "");
+            logObject.put("_source.referer", logData.getHttpReferer() != null ? logData.getHttpReferer() : "");
+            logObject.put("_source.serial_num", UUID.randomUUID().toString().substring(0, 9));
+            logObject.put("_source.sess_key", new Random().nextInt());
+            logObject.put("_source.sip",
+                    logData.getSrcIp() != null ? logData.getSrcIp() : "");
+            logObject.put("_source.sport", logData.getSrcPort() != null ? logData.getSrcPort() : 0);
+            logObject.put("_source.src_mac", logData.getSrcMac() != null ? logData.getSrcMac() : "");
+            logObject.put("_source.status",
+                    logData.getHttpStatusCode() != null ? String.valueOf(logData.getHttpStatusCode()) : "");
+            logObject.put("_source.uri", logData.getHttpUrl() != null ? logData.getHttpUrl() : "");
+            logObject.put("_source.uri_md5",
+                    logData.getHttpUrl() != null ?
+                            UUID.nameUUIDFromBytes(logData.getHttpUrl().getBytes()).toString() : "");
+            logObject.put("_source.vendor_id", "");
+            logObject.put("_source.vlan_id", "");
+            logObject.put("_type", "skyeye-file");
+
+            requestArray.add(logObject);
+        }
+
+        return requestArray;
+    }
+
+    /**
+     * 调用算法API
+     */
+    private ResponseEntity<String> callAlgorithmApi(SecExceptionAlgorithm algorithm, JSONArray requestBody) {
+        try {
+            HttpHeaders headers = new HttpHeaders();
+            headers.setContentType(MediaType.APPLICATION_JSON);
+            headers.set("Accept", MediaType.APPLICATION_JSON_VALUE);
+
+            HttpEntity<String> requestEntity;
+            if ("GET".equalsIgnoreCase(algorithm.getApiMethod())) {
+                // 对于GET请求，将参数放在URL中
+                String url = algorithm.getApiUrl() + "?data=" + requestBody.toJSONString();
+                requestEntity = new HttpEntity<>(headers);
+                return restTemplate.exchange(url, HttpMethod.GET, requestEntity, String.class);
+            } else {
+                // POST请求
+                requestEntity = new HttpEntity<>(requestBody.toJSONString(), headers);
+                return restTemplate.exchange(algorithm.getApiUrl(), HttpMethod.POST, requestEntity, String.class);
+            }
+        } catch (Exception e) {
+            log.error("调用算法API异常 [URL: {}]: {}", algorithm.getApiUrl(), e.getMessage(), e);
+            return null;
+        }
+    }
+
+    /**
+     * 处理API响应
+     */
+    @Transactional
+    private void processApiResponse(SecExceptionAlgorithm algorithm, String responseBody, List<SyslogNormalData> logs) {
+        try {
+            //JSONObject responseJson = JSON.parseObject(responseBody);
+            JSONArray results = JSON.parseArray(responseBody);
+            /**
+            if (responseJson == null || !responseJson.containsKey("results")) {
+                log.warn("算法API返回格式异常: {}", responseBody);
+                return;
+            }
+
+            JSONArray results = responseJson.getJSONArray("results");
+            if (results == null || results.isEmpty()) {
+                log.info("算法 {} 未检测到告警", algorithm.getAlgorithmName());
+                return;
+            }
+            **/
+            int alarmCount = 0;
+            for (int i = 0; i < results.size(); i++) {
+                JSONObject alarmResult = results.getJSONObject(i);
+
+                // 创建告警记录
+                AlarmVisit alarmVisit = AlarmVisit.builder()
+                        .id(UUID.randomUUID().toString())
+                        .createdAt(LocalDateTime.now())
+                        .alarmName(alarmResult.getString("dname"))
+                        .alarmLevel("未知") // 可根据算法类型设置，默认未知
+                        .alarmType(algorithm.getExceptionType())
+                        .victimWebUrl(new String[]{alarmResult.getString("url")})
+                        .logStartAt(parseDateTime(alarmResult.getString("access_time")))
+                        .attackIp(new String[]{alarmResult.getString("sip")})
+                        .victimIp(new String[]{alarmResult.getString("dip")})
+                        .httpStatus(alarmResult.getString("status_code"))
+                        .comment(alarmResult.getString("reason") + " - " + alarmResult.getString("origin_field"))
+                        .originLogIds(new String[]{alarmResult.getString("log_id")})
+                        .engineType("Python算子")
+                        .logCount(1)
+                        .alarmSource(2) // 算子告警
+                        .attackResult(-1)
+                        .fall(0)
+                        .attackDirection("other")
+                        .etlTime(LocalDateTime.now())
+                        .isAssetHit(0)
+                        .focused(false)
+                        .baseFocused(false)
+                        .isUpdated(false)
+                        .judgedState(0)
+                        .disposedState(0)
+                        .dispositionAdvice("研判后处置")
+                        .build();
+
+                // 保存告警记录
+                alarmVisitMapper.insert(alarmVisit);
+                alarmCount++;
+            }
+
+            log.info("算法 {} 生成 {} 条告警记录", algorithm.getAlgorithmName(), alarmCount);
+
+        } catch (Exception e) {
+            log.error("处理API响应异常: {}", e.getMessage(), e);
+            throw new RuntimeException("处理API响应失败", e);
+        }
+    }
+
+    /**
+     * 解析时间字符串
+     */
+    private LocalDateTime parseDateTime(String timeStr) {
+        try {
+            if (timeStr == null || timeStr.isEmpty()) {
+                return LocalDateTime.now();
+            }
+
+            // 尝试多种时间格式
+            try {
+                return LocalDateTime.parse(timeStr);
+            } catch (Exception e) {
+                LocalDateTime localDateTime = LocalDateTime.parse(
+                        timeStr,
+                        DateTimeFormatter.ofPattern("yyyy-MM-dd HH:mm:ss.SSS")
+                );
+                return LocalDateTime.now(ZoneId.systemDefault());
+            }
+        } catch (Exception e) {
+            log.warn("时间解析失败: {}, 使用当前时间", timeStr);
+            return LocalDateTime.now();
+        }
+    }
+
+    /**
+     * 批量处理开关 - 避免重复处理
+     */
+    private AtomicBoolean processing = new AtomicBoolean(false);
+
+    /**
+     * 安全的定时任务入口
+     */
+    @Scheduled(cron = "0 */2 * * * ?")
+    public void safeProcessTask() {
+        if (processing.compareAndSet(false, true)) {
+            try {
+                processAccessLogAlert();
+            } finally {
+                processing.set(false);
+            }
+        } else {
+            log.warn("上一个任务仍在执行中，跳过本次执行");
+        }
+    }
+
+
+}
\ No newline at end of file
diff --git a/haobang-security-xdr/syslog-consumer/src/main/java/com/common/service/AppLogRepository.java b/haobang-security-xdr/syslog-consumer/src/main/java/com/common/service/AppLogRepository.java
new file mode 100644
index 0000000..e74f7e5
--- /dev/null
+++ b/haobang-security-xdr/syslog-consumer/src/main/java/com/common/service/AppLogRepository.java
@@ -0,0 +1,27 @@
+package com.common.service;
+
+
+import com.common.entity.AppLog;
+import org.springframework.data.elasticsearch.repository.ElasticsearchRepository;
+import org.springframework.stereotype.Repository;
+
+import java.util.List;
+
+//@Repository
+public interface AppLogRepository extends ElasticsearchRepository<AppLog, String> {
+
+    /**
+     * 根据应用名称和日志级别查询
+     */
+    List<AppLog> findByAppNameAndLogLevel(String appName, String logLevel);
+
+    /**
+     * 根据时间范围查询
+     */
+    List<AppLog> findByDtTimeBetween(Long startTime, Long endTime);
+
+    /**
+     * 根据索引名称查询
+     */
+    List<AppLog> findByIndex(String index);
+}
\ No newline at end of file
diff --git a/haobang-security-xdr/syslog-consumer/src/main/java/com/common/service/ApplogService.java b/haobang-security-xdr/syslog-consumer/src/main/java/com/common/service/ApplogService.java
new file mode 100644
index 0000000..7396f58
--- /dev/null
+++ b/haobang-security-xdr/syslog-consumer/src/main/java/com/common/service/ApplogService.java
@@ -0,0 +1,68 @@
+package com.common.service;
+
+
+import com.common.entity.AppLogEntity;
+import com.common.mapper.AppLogMapper;
+import lombok.extern.slf4j.Slf4j;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.stereotype.Service;
+import org.springframework.transaction.annotation.Transactional;
+
+import java.time.LocalDateTime;
+import java.util.List;
+import java.util.stream.Collectors;
+
+@Slf4j
+@Service
+public class ApplogService {
+
+    @Autowired
+    private AppLogMapper appLogMapper;
+
+    /**
+     * 保存日志到数据库（去重）
+     */
+    @Transactional
+    public void saveAppLogWithDeduplication(AppLogEntity appLog) {
+        // 检查是否已存在
+        boolean exists = appLogMapper.existsByEsIdAndIndex(appLog.getEsId(), appLog.getEsIndex());
+
+        if (!exists) {
+            appLog.setCreatedAt(LocalDateTime.now());
+            appLog.setUpdatedAt(LocalDateTime.now());
+            appLogMapper.insert(appLog);
+            log.info("保存日志到数据库, ES ID: {}", appLog.getEsId());
+        } else {
+            log.debug("日志已存在，跳过保存, ES ID: {}", appLog.getEsId());
+        }
+    }
+
+    /**
+     * 批量保存日志到数据库（去重）
+     */
+    @Transactional
+    public int batchSaveAppLogsWithDeduplication(List<AppLogEntity> appLogs) {
+        if (appLogs == null || appLogs.isEmpty()) {
+            return 0;
+        }
+
+        // 过滤已存在的记录
+        List<AppLogEntity> newLogs = appLogs.stream()
+                .filter(log -> !appLogMapper.existsByEsIdAndIndex(log.getEsId(), log.getEsIndex()))
+                .peek(log -> {
+                    log.setCreatedAt(LocalDateTime.now());
+                    log.setUpdatedAt(LocalDateTime.now());
+                }).collect(Collectors.toList());
+
+
+        if (!newLogs.isEmpty()) {
+            appLogMapper.batchInsert(newLogs);
+            log.info("批量保存 {} 条日志到数据库，跳过 {} 条重复数据",
+                    newLogs.size(), appLogs.size() - newLogs.size());
+        } else {
+            log.info("所有 {} 条日志均已存在，跳过保存", appLogs.size());
+        }
+
+        return newLogs.size();
+    }
+}
\ No newline at end of file
diff --git a/haobang-security-xdr/syslog-consumer/src/main/java/com/common/service/DataExtractor.java b/haobang-security-xdr/syslog-consumer/src/main/java/com/common/service/DataExtractor.java
new file mode 100644
index 0000000..423dca3
--- /dev/null
+++ b/haobang-security-xdr/syslog-consumer/src/main/java/com/common/service/DataExtractor.java
@@ -0,0 +1,210 @@
+package com.common.service;
+
+
+
+import com.common.entity.AlarmVisit;
+import com.common.entity.GroupedSyslogData;
+import com.common.mapper.SyslogNormalDataMapper;
+import com.common.mapper.SyslogNormalAlarmMapper;
+import lombok.extern.slf4j.Slf4j;
+import org.apache.catalina.mapper.Mapper;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.beans.factory.annotation.Value;
+import org.springframework.stereotype.Component;
+import com.common.entity.Alarm;
+import java.time.LocalDateTime;
+import java.util.List;
+import java.time.LocalDateTime;
+import java.time.format.DateTimeFormatter;
+import java.time.format.DateTimeParseException;
+@Slf4j
+@Component
+public class DataExtractor {
+
+    @Autowired
+    private SyslogNormalDataMapper syslogNormalDataMapper;
+    @Autowired
+    private SyslogNormalAlarmMapper syslogNormalAlarmMapper;
+    @Autowired
+    private DataTransformer dataTransformer;
+
+    @Autowired
+    private DataLoader dataLoader;
+
+    @Value("${etl.batch.page-size:1000}")
+    private int pageSize;
+
+
+    /**
+     * 抽取并处理指定时间范围内的分组访问日志数据
+     */
+    public void extractAndProcessQueryHoursGroupedData( String  strStartTime ,String strEndTime  ) {
+
+        DateTimeFormatter formatter = DateTimeFormatter.ofPattern("yyyy-MM-dd HH:mm:ss");
+
+        LocalDateTime endTime = LocalDateTime.parse(strEndTime, formatter);
+        LocalDateTime startTime = LocalDateTime.parse(strStartTime, formatter);
+
+        log.info("开始处理指定时间范围内访问日志数据，时间范围: {} - {}", startTime, endTime);
+
+        try {
+            // 获取分组数据总量
+            Long totalGroups = syslogNormalDataMapper.count24HoursGroupedData(startTime, endTime);
+            log.info("指定时间范围分组数据量: {} 组", totalGroups);
+
+            if (totalGroups == 0) {
+                log.info("没有需要处理的数据");
+                return;
+            }
+
+            int totalPages = (int) Math.ceil((double) totalGroups / pageSize);
+            long totalProcessed = 0;
+
+            for (int page = 1; page <= totalPages; page++) {
+                int offset = (page - 1) * pageSize;
+                syslogNormalDataMapper.select24HoursGroupedDataByPage(
+                        startTime, endTime, offset, pageSize);
+                // 分页查询分组数据
+              List<GroupedSyslogData> groupedDataList =
+                        syslogNormalDataMapper.select24HoursGroupedDataByPage(
+                                startTime, endTime, offset, pageSize);
+
+                if (!groupedDataList.isEmpty()) {
+                    // 转换并加载数据
+                    List<AlarmVisit> alarmList = dataTransformer.transformGroupedDataVisit(groupedDataList);
+                    //dataLoader.batchInsertAlarms(alarmList);
+                    dataLoader.batchInsertAlarmVisits(alarmList);
+                    totalProcessed += groupedDataList.size();
+                    double progress = (double) totalProcessed / totalGroups * 100;
+                    log.info("分组数据处理进度: {}/{} ({}%)",
+                            totalProcessed, totalGroups, String.format("%.2f", progress));
+                }
+
+                // 内存管理
+                if (page % 50 == 0) {
+                    System.gc();
+                    log.debug("执行GC清理内存");
+                }
+            }
+
+            log.info("分组数据处理完成，共处理 {} 组数据", totalProcessed);
+
+        } catch (Exception e) {
+            log.error("访问日志数据抽取处理失败", e);
+            throw new RuntimeException("ETL处理失败", e);
+        }
+    }
+    /**
+     * 抽取并处理指定时间范围内的分组告警类型数据
+     */
+    public void extractAndProcessQueryHoursAlarm( String  strStartTime ,String strEndTime  ) {
+
+        DateTimeFormatter formatter = DateTimeFormatter.ofPattern("yyyy-MM-dd HH:mm:ss");
+        LocalDateTime endTime = LocalDateTime.parse(strEndTime, formatter);
+        LocalDateTime startTime = LocalDateTime.parse(strStartTime, formatter);
+
+        log.info("开始处理告警类型指定时间范围内数据，时间范围: {} - {}", startTime, endTime);
+
+        try {
+            // 获取分组数据总量
+            Long totalGroups = syslogNormalAlarmMapper.count24HoursGroupedData(startTime, endTime);
+            log.info("指定时间范围分组数据量: {} 组", totalGroups);
+            if (totalGroups == 0) {
+                log.info("没有需要处理的数据");
+                return;
+            }
+
+            int totalPages = (int) Math.ceil((double) totalGroups / pageSize);
+            long totalProcessed = 0;
+
+            for (int page = 1; page <= totalPages; page++) {
+                int offset = (page - 1) * pageSize;
+                syslogNormalAlarmMapper.select24HoursGroupedDataByPage(
+                        startTime, endTime, offset, pageSize);
+                // 分页查询分组数据
+                List<GroupedSyslogData> groupedDataList =
+                        syslogNormalAlarmMapper.select24HoursGroupedDataByPage(
+                                startTime, endTime, offset, pageSize);
+
+                if (!groupedDataList.isEmpty()) {
+                    // 转换并加载数据
+                    List<Alarm> alarmList = dataTransformer.transformGroupedData(groupedDataList);
+                    dataLoader.batchInsertAlarms(alarmList);
+
+                    totalProcessed += groupedDataList.size();
+                    double progress = (double) totalProcessed / totalGroups * 100;
+                    log.info("分组数据处理进度: {}/{} ({}%)",
+                            totalProcessed, totalGroups, String.format("%.2f", progress));
+                }
+
+                // 内存管理
+                if (page % 50 == 0) {
+                    System.gc();
+                    log.debug("执行GC清理内存");
+                }
+            }
+
+            log.info("分组数据处理完成，共处理 {} 组数据", totalProcessed);
+
+        } catch (Exception e) {
+            log.error("告警日志数据抽取处理失败", e);
+            throw new RuntimeException("ETL处理失败", e);
+        }
+    }
+    /**
+     * 抽取并处理24小时内分组数据
+     */
+    public void extractAndProcess24HoursGroupedData() {
+
+        LocalDateTime endTime = LocalDateTime.now();
+        LocalDateTime startTime = endTime.minusHours(24);
+
+        log.info("开始处理24小时内数据，时间范围: {} - {}", startTime, endTime);
+
+        try {
+            // 获取分组数据总量
+            Long totalGroups = syslogNormalDataMapper.count24HoursGroupedData(startTime, endTime);
+            log.info("24小时内分组数据量: {} 组", totalGroups);
+
+            if (totalGroups == 0) {
+                log.info("没有需要处理的数据");
+                return;
+            }
+
+            int totalPages = (int) Math.ceil((double) totalGroups / pageSize);
+            long totalProcessed = 0;
+
+            for (int page = 1; page <= totalPages; page++) {
+                int offset = (page - 1) * pageSize;
+
+                // 分页查询分组数据
+                List<GroupedSyslogData> groupedDataList =
+                        syslogNormalDataMapper.select24HoursGroupedDataByPage(
+                                startTime, endTime, offset, pageSize);
+
+                if (!groupedDataList.isEmpty()) {
+                    // 转换并加载数据
+                    List<Alarm> alarmList = dataTransformer.transformGroupedData(groupedDataList);
+                    dataLoader.batchInsertAlarms(alarmList);
+
+                    totalProcessed += groupedDataList.size();
+                    double progress = (double) totalProcessed / totalGroups * 100;
+                    log.info("分组数据处理进度: {}/{} ({:.2f}%)",
+                            totalProcessed, totalGroups, progress);
+                }
+
+                // 内存管理
+                if (page % 50 == 0) {
+                    System.gc();
+                    log.debug("执行GC清理内存");
+                }
+            }
+
+            log.info("分组数据处理完成，共处理 {} 组数据", totalProcessed);
+
+        } catch (Exception e) {
+            log.error("数据抽取处理失败", e);
+            throw new RuntimeException("ETL处理失败", e);
+        }
+    }
+}
\ No newline at end of file
diff --git a/haobang-security-xdr/syslog-consumer/src/main/java/com/common/service/DataLoader.java b/haobang-security-xdr/syslog-consumer/src/main/java/com/common/service/DataLoader.java
new file mode 100644
index 0000000..491ca79
--- /dev/null
+++ b/haobang-security-xdr/syslog-consumer/src/main/java/com/common/service/DataLoader.java
@@ -0,0 +1,120 @@
+package com.common.service;
+
+
+
+import com.common.entity.Alarm;
+import com.common.entity.AlarmVisit;
+import com.common.mapper.AlarmMapper;
+import com.common.mapper.AlarmVisitMapper;
+import lombok.extern.slf4j.Slf4j;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.stereotype.Component;
+import org.springframework.transaction.annotation.Propagation;
+import org.springframework.transaction.annotation.Transactional;
+
+import java.util.ArrayList;
+import java.util.List;
+import java.util.stream.Collectors;
+import java.util.stream.IntStream;
+
+@Slf4j
+@Component
+public class DataLoader {
+
+    @Autowired
+    private AlarmMapper alarmMapper;
+    @Autowired
+    private AlarmVisitMapper alarmVisitMapper;
+    /**
+     * 批量入库告警数据
+     */
+    @Transactional(propagation = Propagation.REQUIRED, rollbackFor = Exception.class)
+    public void batchInsertAlarms(List<Alarm> alarmList) {
+        if (alarmList == null || alarmList.isEmpty()) {
+            log.info("没有需要入库的告警类型数据");
+            return;
+        }
+
+        int batchSize = 500; // 每批500条
+        List<List<Alarm>> batches = partitionList(alarmList, batchSize);
+        int totalSuccess = 0;
+
+        for (int i = 0; i < batches.size(); i++) {
+            List<Alarm> batch = batches.get(i);
+            try {
+                alarmMapper.batchInsert(batch);
+                totalSuccess += batch.size();
+                log.debug("第 {} 批数据入库成功，本批 {} 条", i + 1, batch.size());
+            } catch (Exception e) {
+                log.error("第 {} 批数据批量入库失败，尝试单条插入", i + 1, e);
+                int singleSuccess = insertOneByOne(batch);
+                totalSuccess += singleSuccess;
+            }
+        }
+
+        log.info("告警数据入库完成，成功: {} 条，总数: {} 条", totalSuccess, alarmList.size());
+    }
+
+
+    /**
+     * 批量入库访问日志告警数据
+     */
+    @Transactional(propagation = Propagation.REQUIRED, rollbackFor = Exception.class)
+    public void batchInsertAlarmVisits(List<AlarmVisit> alarmList) {
+        if (alarmList == null || alarmList.isEmpty()) {
+            log.info("没有需要入库的访问日志数据");
+            return;
+        }
+
+        int batchSize = 500; // 每批500条
+        List<List<AlarmVisit>> batches = partitionList(alarmList, batchSize);
+        int totalSuccess = 0;
+
+        for (int i = 0; i < batches.size(); i++) {
+            List<AlarmVisit> batch = batches.get(i);
+            try {
+                alarmVisitMapper.batchInsert(batch);
+                totalSuccess += batch.size();
+                log.debug("第 {} 批数据入库成功，本批 {} 条", i + 1, batch.size());
+            } catch (Exception e) {
+                log.error("第 {} 批数据批量入库失败，尝试单条插入", i + 1, e);
+                int singleSuccess = insertVisitOneByOne(batch);
+                totalSuccess += singleSuccess;
+            }
+        }
+
+        log.info("访问日志告警数据入库完成，成功: {} 条，总数: {} 条", totalSuccess, alarmList.size());
+    }
+
+
+    private int insertOneByOne(List<Alarm> alarmList) {
+        int successCount = 0;
+        for (Alarm alarm : alarmList) {
+            try {
+                alarmMapper.insert(alarm);
+                successCount++;
+            } catch (Exception e) {
+                log.error("单条插入告警失败: {}", alarm.getId(), e);
+            }
+        }
+        return successCount;
+    }
+
+    private int insertVisitOneByOne(List<AlarmVisit> alarmList) {
+        int successCount = 0;
+        for (AlarmVisit alarm : alarmList) {
+            try {
+                alarmVisitMapper.insert(alarm);
+                successCount++;
+            } catch (Exception e) {
+                log.error("单条插入告警失败: {}", alarm.getId(), e);
+            }
+        }
+        return successCount;
+    }
+    private <T> List<List<T>> partitionList(List<T> list, int size) {
+        return IntStream.range(0, (list.size() + size - 1) / size)
+                .mapToObj(i -> list.subList(i * size, Math.min((i + 1) * size, list.size())))
+                .collect(Collectors.toList());
+    }
+}
\ No newline at end of file
diff --git a/haobang-security-xdr/syslog-consumer/src/main/java/com/common/service/DataTransformer.java b/haobang-security-xdr/syslog-consumer/src/main/java/com/common/service/DataTransformer.java
new file mode 100644
index 0000000..d27961c
--- /dev/null
+++ b/haobang-security-xdr/syslog-consumer/src/main/java/com/common/service/DataTransformer.java
@@ -0,0 +1,299 @@
+package com.common.service;
+
+
+
+import com.common.entity.Alarm;
+import com.common.entity.AlarmVisit;
+import com.common.entity.GroupedSyslogData;
+import lombok.extern.slf4j.Slf4j;
+import org.apache.commons.lang3.StringUtils;
+import org.springframework.stereotype.Component;
+
+import java.time.LocalDateTime;
+import java.util.ArrayList;
+import java.util.List;
+import java.util.UUID;
+
+@Slf4j
+@Component
+public class DataTransformer {
+
+    /**
+     * 转换分组数据为告警记录
+     */
+    public List<Alarm> transformGroupedData(List<GroupedSyslogData> groupedDataList) {
+        List<Alarm> alarmList = new ArrayList<>(groupedDataList.size());
+
+        for (GroupedSyslogData groupedData : groupedDataList) {
+            Alarm alarm = transformSingleGroupedData(groupedData);
+            if (alarm != null) {
+                alarmList.add(alarm);
+            }
+        }
+
+        return alarmList;
+    }
+
+    /**
+     * 转换分组数据为告警记录
+     */
+    public List<AlarmVisit> transformGroupedDataVisit(List<GroupedSyslogData> groupedDataList) {
+        List<AlarmVisit> alarmList = new ArrayList<>(groupedDataList.size());
+
+        for (GroupedSyslogData groupedData : groupedDataList) {
+            AlarmVisit alarm = transformSingleGroupedDataVisit(groupedData);
+            if (alarm != null) {
+                alarmList.add(alarm);
+            }
+        }
+
+        return alarmList;
+    }
+
+    private Alarm transformSingleGroupedData(GroupedSyslogData groupedData) {
+        try {
+            return Alarm.builder()
+                    .id(UUID.randomUUID().toString())
+                    .createdAt(LocalDateTime.now())
+                    .alarmName( groupedData.getOriginEventName())
+                    .alarmLevel(convertAlarmLevel(groupedData.getMaxEventLevel()))
+                    .alarmType(getAlarmType(groupedData.getFirstEventType(),groupedData.getEventType()))
+                    .alarmMajorType(groupedData.getEventType())
+                    .alarmMinorType(groupedData.getMinEventType())
+                    .alarmAreaId(0)
+                    .attackIp(groupedData.getAttackIps())
+                    .victimIp(groupedData.getVictimIps())
+                    .victimWebUrl(null)
+                    .attackChainPhase(new Integer[]{-1})
+                    .deviceId(groupedData.getDeviceIds())
+                    .tag(null)
+                    .comment(buildComment(groupedData))
+                    .originLogIds(groupedData.getOriginLogIds())
+                    .queryId(null)
+                    .judgedState(0)
+                    .disposedState(0)
+                    .dispositionAdvice("研判后处置")
+                    .attackResult(determineAttackResult(groupedData))
+                    .fall(0)
+                    .payload(extractPayloadSample(groupedData.getPayloadSamples()))
+                    .operateEvent(null)
+                    .attackPort(groupedData.getAttackPorts())
+                    .victimPort(groupedData.getVictimPorts())
+                    .attackMethod(groupedData.getOriginEventName())
+                    .businessExt(null)
+                    .logStartAt(groupedData.getMinLogTime())
+                    .logEndAt(groupedData.getMaxLogTime())
+                    .httpStatus(convertHttpStatus(groupedData.getHttpStatusCodes()))
+                    .dnsInfo(null)
+                    .accountInfo(null)
+                    .attackerInfo(null)
+                    .victimInfo(null)
+                    .suspiciousAction(null)
+                    .vulnInfo(null)
+                    .weakPwd(null)
+                    .complianceBaseline(null)
+                    .fileInfo(null)
+                    .fileTags(null)
+                    .endpointInfo(null)
+                    .endpointProtection(null)
+                    .originInfo(null)
+                    .protocolInfo(null)
+                    .emailInfo(null)
+                    .sensitiveData(null)
+                    .hitIntelligence(0)
+                    .windowTime(null)
+                    .updatedAt(LocalDateTime.now())
+                    .engineType(null)
+                    .attackIpPic(null)
+                    .victimIpPic(null)
+                    .operationAt(null)
+                    .attackDirection("other")
+                    .etlTime(LocalDateTime.now())
+                    .logCount(groupedData.getLogCount().intValue())
+                    .isAssetHit(0)
+                    .focused(false)
+                    .baseFocused(false)
+                    .isUpdated(false)
+                    .httpReqHeaders(groupedData.getHttpReqHeaders())
+                    .httpReqBodys(groupedData.getHttpReqBodys())
+                    .httpRespHeaders(groupedData.getHttpRespHeaders())
+                    .httpRespBodys(groupedData.getHttpRespBodys())
+                    .build();
+
+        } catch (Exception e) {
+            log.error("转换分组数据失败: {}", groupedData, e);
+            return null;
+        }
+    }
+
+    private AlarmVisit transformSingleGroupedDataVisit(GroupedSyslogData groupedData) {
+        try {
+            return AlarmVisit.builder()
+                    .id(UUID.randomUUID().toString())
+                    .createdAt(LocalDateTime.now())
+                    .alarmName( groupedData.getOriginEventName())
+                    .alarmLevel(convertAlarmLevel(groupedData.getMaxEventLevel()))
+                    .alarmType(getAlarmType(groupedData.getFirstEventType(),groupedData.getEventType()))
+                    .alarmMajorType(groupedData.getEventType())
+                    .alarmMinorType(groupedData.getMinEventType())
+                    .alarmAreaId(0)
+                    .attackIp(groupedData.getAttackIps())
+                    .victimIp(groupedData.getVictimIps())
+                    .victimWebUrl(null)
+                    .attackChainPhase(new Integer[]{-1})
+                    .deviceId(groupedData.getDeviceIds())
+                    .tag(null)
+                    .comment(buildComment(groupedData))
+                    .originLogIds(groupedData.getOriginLogIds())
+                    .queryId(null)
+                    .judgedState(0)
+                    .disposedState(0)
+                    .dispositionAdvice("研判后处置")
+                    .attackResult(determineAttackResult(groupedData))
+                    .fall(0)
+                    .payload(extractPayloadSample(groupedData.getPayloadSamples()))
+                    .operateEvent(null)
+                    .attackPort(groupedData.getAttackPorts())
+                    .victimPort(groupedData.getVictimPorts())
+                    .attackMethod(groupedData.getOriginEventName())
+                    .businessExt(null)
+                    .logStartAt(groupedData.getMinLogTime())
+                    .logEndAt(groupedData.getMaxLogTime())
+                    .httpStatus(convertHttpStatus(groupedData.getHttpStatusCodes()))
+                    .dnsInfo(null)
+                    .accountInfo(null)
+                    .attackerInfo(null)
+                    .victimInfo(null)
+                    .suspiciousAction(null)
+                    .vulnInfo(null)
+                    .weakPwd(null)
+                    .complianceBaseline(null)
+                    .fileInfo(null)
+                    .fileTags(null)
+                    .endpointInfo(null)
+                    .endpointProtection(null)
+                    .originInfo(null)
+                    .protocolInfo(null)
+                    .emailInfo(null)
+                    .sensitiveData(null)
+                    .hitIntelligence(0)
+                    .windowTime(null)
+                    .updatedAt(LocalDateTime.now())
+                    .engineType(null)
+                    .attackIpPic(null)
+                    .victimIpPic(null)
+                    .operationAt(null)
+                    .attackDirection("other")
+                    .etlTime(LocalDateTime.now())
+                    .logCount(groupedData.getLogCount().intValue())
+                    .isAssetHit(0)
+                    .focused(false)
+                    .baseFocused(false)
+                    .isUpdated(false)
+                    .httpReqHeaders(groupedData.getHttpReqHeaders())
+                    .httpReqBodys(groupedData.getHttpReqBodys())
+                    .httpRespHeaders(groupedData.getHttpRespHeaders())
+                    .httpRespBodys(groupedData.getHttpRespBodys())
+                    .build();
+
+        } catch (Exception e) {
+            log.error("转换分组数据失败: {}", groupedData, e);
+            return null;
+        }
+    }
+
+    private String  getAlarmType(String firstEventType,String eventType) {
+        if (firstEventType.equals(""))
+            return firstEventType;
+        else
+            return eventType;
+    }
+    /**
+     * 确定attack_result的值
+     */
+    private Integer determineAttackResult(GroupedSyslogData groupedData) {
+        // 优先使用单个attack_result值
+        if (groupedData.getAttackResult() != null) {
+            return groupedData.getAttackResult();
+        }
+
+        // 如果没有单个值，使用最常见的值
+        if (groupedData.getMostCommonAttackResult() != null) {
+            return groupedData.getMostCommonAttackResult();
+        }
+
+        // 如果有多值，取第一个非空值
+        if (groupedData.getAllAttackResults() != null && groupedData.getAllAttackResults().length > 0) {
+            for (Integer result : groupedData.getAllAttackResults()) {
+                if (result != null) {
+                    return result;
+                }
+            }
+        }
+
+        // 默认值
+        return -1;
+    }
+
+    /**
+     * 提取payload样本
+     */
+    private byte[] extractPayloadSample(byte[][] payloadSamples) {
+        if (payloadSamples == null || payloadSamples.length == 0) {
+            return null;
+        }
+        // 返回第一个样本
+        return payloadSamples[0];
+    }
+
+    /**
+     * 构建comment字段
+     */
+    private String buildComment(GroupedSyslogData groupedData) {
+        String victimIpsStr;
+        if (StringUtils.isNotBlank(groupedData.getVictimIpsStr())) {
+            victimIpsStr = groupedData.getVictimIpsStr();
+        } else if (groupedData.getVictimIps() != null && groupedData.getVictimIps().length > 0) {
+            victimIpsStr = String.join(",", groupedData.getVictimIps());
+        } else {
+            victimIpsStr = "未知";
+        }
+
+        return String.format(
+                "24小时内，检测到%s上产生%s告警：\n告警名称：%s\n攻击IP：%s\n攻击结果：%d",
+                victimIpsStr,
+                convertAlarmLevel(groupedData.getMaxEventLevel()),
+                groupedData.getOriginEventName(),
+                convertAttackIps(groupedData.getAttackIps()),
+                determineAttackResult(groupedData)
+        );
+    }
+
+    private String convertAlarmLevel(Integer eventLevel) {
+        if (eventLevel == null) return "未知";
+        switch (eventLevel) {
+            case 0: return "安全(无威胁)";
+            case 1: return "低危";
+            case 2: return "中危";
+            case 3: return "高危";
+            case 4: return "超危";
+            default: return "未知";
+        }
+    }
+
+    private String convertHttpStatus(String[] httpStatusCodes) {
+        if (httpStatusCodes == null || httpStatusCodes.length == 0) {
+            return null;
+        }
+        return String.join(",", httpStatusCodes);
+    }
+
+    private String convertAttackIps(String[] attackIps) {
+        if (attackIps == null || attackIps.length == 0) {
+            return null;
+        }
+        return String.join(",", attackIps);
+    }
+
+
+}
\ No newline at end of file
diff --git a/haobang-security-xdr/syslog-consumer/src/main/java/com/common/service/DeviceCollectTaskService.java b/haobang-security-xdr/syslog-consumer/src/main/java/com/common/service/DeviceCollectTaskService.java
new file mode 100644
index 0000000..b77e8f4
--- /dev/null
+++ b/haobang-security-xdr/syslog-consumer/src/main/java/com/common/service/DeviceCollectTaskService.java
@@ -0,0 +1,136 @@
+package com.common.service;
+
+import com.common.entity.DeviceCollectTask;
+import com.common.mapper.DeviceCollectTaskMapper;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.cache.annotation.CacheConfig;
+import org.springframework.cache.annotation.CacheEvict;
+import org.springframework.cache.annotation.Cacheable;
+import org.springframework.cache.annotation.CachePut;
+import org.springframework.stereotype.Service;
+import java.util.List;
+
+@Service
+@CacheConfig(cacheNames = "collectTask")
+public class DeviceCollectTaskService {
+
+    @Autowired
+    private DeviceCollectTaskMapper deviceCollectTaskMapper;
+
+    /**
+     * 根据ID查询采集任务 - 缓存
+     */
+    @Cacheable(key = "'id:' + #id")
+    public DeviceCollectTask getById(Integer id) {
+        return deviceCollectTaskMapper.selectById(id);
+    }
+
+    /**
+     * 查询所有采集任务 - 缓存
+     */
+    @Cacheable(key = "'all'")
+    public List<DeviceCollectTask> getAll() {
+        return deviceCollectTaskMapper.selectAll();
+    }
+
+    /**
+     * 根据设备ID查询采集任务 - 缓存
+     */
+    @Cacheable(key = "'device:' + #deviceId")
+    public List<DeviceCollectTask> getByDeviceId(Integer deviceId) {
+        return deviceCollectTaskMapper.selectByDeviceId(deviceId);
+    }
+
+    /**
+     * 根据方法类型查询采集任务
+     */
+    public List<DeviceCollectTask> getByMethod(Integer method) {
+        return deviceCollectTaskMapper.selectByMethod(method);
+    }
+
+    /**
+     * 多条件组合查询
+     */
+    public List<DeviceCollectTask> getByCondition(DeviceCollectTask condition) {
+        return deviceCollectTaskMapper.selectByCondition(condition);
+    }
+
+    /**
+     * 新增采集任务 - 清除相关缓存
+     */
+    @CacheEvict(allEntries = true)
+    public int create(DeviceCollectTask task) {
+        return deviceCollectTaskMapper.insert(task);
+    }
+
+    /**
+     * 更新采集任务 - 更新缓存
+     */
+    @CachePut(key = "'id:' + #task.id")
+    @CacheEvict(key = "'device:' + #task.deviceId")
+    public DeviceCollectTask update(DeviceCollectTask task) {
+        deviceCollectTaskMapper.update(task);
+        return deviceCollectTaskMapper.selectById(task.getId());
+    }
+
+    /**
+     * 删除采集任务 - 清除缓存
+     */
+    @CacheEvict(key = "'id:' + #id")
+    public int delete(Integer id) {
+        return deviceCollectTaskMapper.deleteById(id);
+    }
+
+    /**
+     * 标记任务成功 - 更新缓存
+     */
+    @CacheEvict(key = "'id:' + #id")
+    public int markSuccess(Integer id) {
+        return deviceCollectTaskMapper.updateSuccessStatus(id);
+    }
+
+    /**
+     * 标记任务失败 - 更新缓存
+     */
+    @CacheEvict(key = "'id:' + #id")
+    public int markFailed(Integer id) {
+        return deviceCollectTaskMapper.updateFailedStatus(id);
+    }
+
+    /**
+     * 更新EPM指标 - 更新缓存
+     */
+    @CacheEvict(key = "'id:' + #id")
+    public int updateEpm(Integer id, Integer epm) {
+        return deviceCollectTaskMapper.updateEpm(id, epm);
+    }
+
+    /**
+     * 查询成功的任务
+     */
+    public List<DeviceCollectTask> getSuccessTasks() {
+        return deviceCollectTaskMapper.selectSuccessTasks();
+    }
+
+    /**
+     * 查询失败的任务
+     */
+    public List<DeviceCollectTask> getFailedTasks() {
+        return deviceCollectTaskMapper.selectFailedTasks();
+    }
+
+    /**
+     * 获取设备的最新采集任务
+     */
+    @Cacheable(key = "'latest:device:' + #deviceId")
+    public DeviceCollectTask getLatestByDeviceId(Integer deviceId) {
+        return deviceCollectTaskMapper.selectLatestByDeviceId(deviceId);
+    }
+
+    /**
+     * 统计设备任务数量
+     */
+    public int countByDeviceId(Integer deviceId) {
+        return deviceCollectTaskMapper.countByDeviceId(deviceId);
+    }
+}
\ No newline at end of file
diff --git a/haobang-security-xdr/syslog-consumer/src/main/java/com/common/service/DeviceCollectTaskUpdateService.java b/haobang-security-xdr/syslog-consumer/src/main/java/com/common/service/DeviceCollectTaskUpdateService.java
new file mode 100644
index 0000000..df06571
--- /dev/null
+++ b/haobang-security-xdr/syslog-consumer/src/main/java/com/common/service/DeviceCollectTaskUpdateService.java
@@ -0,0 +1,251 @@
+package com.common.service;
+
+
+import com.common.entity.*;
+import com.common.mapper.DeviceCollectTaskMapper;
+import com.common.mapper.DeviceReceiveLogMapper;
+import lombok.RequiredArgsConstructor;
+import lombok.extern.slf4j.Slf4j;
+import org.springframework.stereotype.Service;
+import org.springframework.transaction.annotation.Transactional;
+import org.springframework.util.CollectionUtils;
+
+import java.time.LocalDate;
+import java.time.LocalDateTime;
+import java.util.HashMap;
+import java.util.List;
+import java.util.Map;
+import java.util.stream.Collectors;
+import java.time.ZoneOffset;
+@Slf4j
+@Service
+@RequiredArgsConstructor
+public class DeviceCollectTaskUpdateService {
+
+    private final DeviceReceiveLogMapper deviceReceiveLogMapper;
+    private final DeviceCollectTaskMapper deviceCollectTaskMapper;
+
+    /**
+     * 主处理方法：更新所有设备任务的时间信息
+     */
+    @Transactional(rollbackFor = Exception.class)
+    public void updateAllDeviceTaskTimes() {
+        log.info("开始更新设备采集任务时间，当前时间: {}", LocalDateTime.now());
+
+        // 1. 查询所有设备任务
+        List<DeviceCollectTask> allTasks = deviceCollectTaskMapper.selectAllTasks();
+        if (CollectionUtils.isEmpty(allTasks)) {
+            log.info("没有找到设备采集任务");
+            return;
+        }
+
+        // 2. 查询设备接收日志的时间信息
+        Map<String, DeviceCollectTaskTime> successTimes = getDeviceSuccessTimes();
+        Map<String, DeviceCollectTaskTime> failTimes = getDeviceFailTimes();
+
+        // 3. 更新任务时间
+        LocalDateTime updateTime = LocalDateTime.now();
+        int updatedCount = 0;
+
+        for (DeviceCollectTask task : allTasks) {
+            String deviceCollectId = task.getId().toString();
+
+            // 获取成功时间
+            DeviceCollectTaskTime successTime = successTimes.get(deviceCollectId);
+            DeviceCollectTaskTime failTime = failTimes.get(deviceCollectId);
+
+            // 准备更新时间
+            LocalDateTime firstTime = task.getFirstTime().toLocalDateTime();
+            LocalDateTime lastSuccessTime = null;
+            LocalDateTime lastFailTime = null;
+
+            // 设置最后成功时间
+            if (successTime != null && successTime.getLastSuccessTime() != null) {
+                lastSuccessTime = successTime.getLastSuccessTime();
+
+                // 如果first_time为空，且这是首次成功，则设置first_time
+                if (firstTime == null && successTime.getFirstTime() != null) {
+                    firstTime = successTime.getFirstTime();
+                }
+            }
+
+            // 设置最后失败时间
+            if (failTime != null && failTime.getLastFailTime() != null) {
+                lastFailTime = failTime.getLastFailTime();
+            }
+
+            // 如果有更新，则执行更新
+            if (lastSuccessTime != null || lastFailTime != null) {
+                int result = deviceCollectTaskMapper.updateTaskTime(
+                        deviceCollectId,
+                        firstTime,
+                        lastSuccessTime,
+                        lastFailTime,
+                        updateTime
+                );
+
+                if (result > 0) {
+                    updatedCount++;
+                    log.debug("更新设备任务时间成功，设备ID: {}, 首次时间: {}, 最后成功: {}, 最后失败: {}",
+                            deviceCollectId, firstTime, lastSuccessTime, lastFailTime);
+                }
+            }
+        }
+
+        log.info("设备采集任务时间更新完成，总计: {}，已更新: {}", allTasks.size(), updatedCount);
+    }
+
+    /**
+     * 批量更新版本（性能更好）
+     */
+    @Transactional(rollbackFor = Exception.class)
+    public void batchUpdateDeviceTaskTimes() {
+        log.info("开始批量更新设备采集任务时间，当前时间: {}", LocalDateTime.now());
+
+        // 1. 查询所有设备任务
+        List<DeviceCollectTask> allTasks = deviceCollectTaskMapper.selectAllTasks();
+        if (CollectionUtils.isEmpty(allTasks)) {
+            return;
+        }
+
+        // 2. 查询时间信息
+        Map<String, DeviceCollectTaskTime> successTimes = getDeviceSuccessTimes();
+        Map<String, DeviceCollectTaskTime> failTimes = getDeviceFailTimes();
+
+        // 3. 批量更新
+        LocalDateTime updateTime = LocalDateTime.now();
+
+        for (DeviceCollectTask task : allTasks) {
+            String deviceCollectId = task.getId().toString();
+
+            // 获取成功和失败时间
+            DeviceCollectTaskTime successTime = successTimes.get(deviceCollectId);
+            DeviceCollectTaskTime failTime = failTimes.get(deviceCollectId);
+
+            // 更新成功时间
+            if (successTime != null) {
+                // 如果first_time为空，则设置首次成功时间
+                if (task.getFirstTime() == null && successTime.getFirstTime() != null) {
+                    task.setFirstTime(successTime.getFirstTime().atOffset(ZoneOffset.UTC));
+                }
+
+                // 设置最后成功时间
+                if (successTime.getLastSuccessTime() != null) {
+                    task.setLastSuccessTime(successTime.getLastSuccessTime().atOffset(ZoneOffset.UTC));
+                }
+            }
+
+            // 更新失败时间
+            if (failTime != null && failTime.getLastFailTime() != null) {
+                task.setLastFailedTime(failTime.getLastFailTime().atOffset(ZoneOffset.UTC));
+            }
+
+            task.setUpdatedAt(updateTime.atOffset(ZoneOffset.UTC));
+        }
+
+        // 4. 批量更新到数据库
+        int updatedCount = deviceCollectTaskMapper.batchUpdateTimes(allTasks);
+        log.info("批量更新完成，总计: {}，已更新: {}", allTasks.size(), updatedCount);
+    }
+
+    /**
+     * 获取设备的成功时间信息
+     */
+    private Map<String, DeviceCollectTaskTime> getDeviceSuccessTimes() {
+        // 查询当天的最新成功时间
+        List<DeviceCollectTaskTime> dailySuccess = deviceReceiveLogMapper.selectDailySuccessTimes();
+
+        // 查询首次成功时间（历史）
+        List<DeviceCollectTaskTime> firstSuccess = deviceReceiveLogMapper.selectFirstSuccessTimes();
+
+        // 合并结果
+        Map<String, DeviceCollectTaskTime> result = new HashMap<>();
+
+        // 处理首次成功时间
+        for (DeviceCollectTaskTime first : firstSuccess) {
+            DeviceCollectTaskTime time = new DeviceCollectTaskTime();
+            time.setDeviceCollectId(first.getDeviceCollectId());
+            time.setFirstTime(first.getFirstTime());
+            result.put(first.getDeviceCollectId(), time);
+        }
+
+        // 处理当天成功时间
+        for (DeviceCollectTaskTime daily : dailySuccess) {
+            String deviceId = daily.getDeviceCollectId();
+            DeviceCollectTaskTime time = result.getOrDefault(deviceId, new DeviceCollectTaskTime());
+            time.setDeviceCollectId(deviceId);
+            time.setLastSuccessTime(daily.getLastSuccessTime());
+            result.put(deviceId, time);
+        }
+
+        return result;
+    }
+
+    /**
+     * 获取设备的失败时间信息
+     */
+    private Map<String, DeviceCollectTaskTime> getDeviceFailTimes() {
+        List<DeviceCollectTaskTime> failTimes = deviceReceiveLogMapper.selectDailyFailTimes();
+        return failTimes.stream()
+                .collect(Collectors.toMap(
+                        DeviceCollectTaskTime::getDeviceCollectId,
+                        ft -> ft,
+                        (existing, replacement) -> {
+                            // 如果存在重复，取更晚的时间
+                            if (existing.getLastFailTime() != null &&
+                                    replacement.getLastFailTime() != null &&
+                                    replacement.getLastFailTime().isAfter(existing.getLastFailTime())) {
+                                return replacement;
+                            }
+                            return existing;
+                        }
+                ));
+    }
+
+    /**
+     * 增量更新：只处理最近一段时间的数据
+     */
+    @Transactional(rollbackFor = Exception.class)
+    public void incrementalUpdate(int hours) {
+        LocalDateTime endTime = LocalDateTime.now();
+        LocalDateTime startTime = endTime.minusHours(hours);
+
+        log.info("开始增量更新设备采集任务时间，时间范围: {} 到 {}", startTime, endTime);
+
+        // 查询指定时间范围内的成功记录
+        List<DeviceCollectTaskTime> successTimes = deviceReceiveLogMapper.selectSuccessTimesByRange(startTime, endTime);
+
+        if (CollectionUtils.isEmpty(successTimes)) {
+            log.info("没有找到增量数据");
+            return;
+        }
+
+        LocalDateTime updateTime = LocalDateTime.now();
+        int updatedCount = 0;
+
+        for (DeviceCollectTaskTime successTime : successTimes) {
+            // 查询现有任务
+            DeviceCollectTask task = deviceCollectTaskMapper.selectOne(
+                    new com.baomidou.mybatisplus.core.conditions.query.QueryWrapper<DeviceCollectTask>()
+                            .eq("id", successTime.getDeviceCollectId())
+            );
+
+            if (task != null) {
+                // 更新任务时间
+                int result = deviceCollectTaskMapper.updateTaskTime(
+                        successTime.getDeviceCollectId(),
+                        task.getFirstTime() == null ? successTime.getFirstTime() : null,
+                        successTime.getLastSuccessTime(),
+                        null,  // 失败时间需要单独查询
+                        updateTime
+                );
+
+                if (result > 0) {
+                    updatedCount++;
+                }
+            }
+        }
+
+        log.info("增量更新完成，处理记录: {}，更新任务: {}", successTimes.size(), updatedCount);
+    }
+}
\ No newline at end of file
diff --git a/haobang-security-xdr/syslog-consumer/src/main/java/com/common/service/DeviceReceiveLogService.java b/haobang-security-xdr/syslog-consumer/src/main/java/com/common/service/DeviceReceiveLogService.java
new file mode 100644
index 0000000..de1765b
--- /dev/null
+++ b/haobang-security-xdr/syslog-consumer/src/main/java/com/common/service/DeviceReceiveLogService.java
@@ -0,0 +1,35 @@
+package com.common.service;
+
+
+
+import com.common.entity.DeviceReceiveLog;
+import com.github.pagehelper.PageInfo;
+
+import java.time.LocalDateTime;
+import java.util.List;
+import java.util.Map;
+
+public interface DeviceReceiveLogService {
+
+    // 插入操作
+    Long insertLog(DeviceReceiveLog log);
+    int batchInsertLogs(List<DeviceReceiveLog> logs);
+
+    // 查询操作
+    DeviceReceiveLog getById(Long id);
+    List<DeviceReceiveLog> getByDeviceId(Integer deviceId);
+    List<DeviceReceiveLog> getByCollectId(Integer collectId);
+    List<DeviceReceiveLog> getByTimeRange(LocalDateTime startTime, LocalDateTime endTime);
+    List<DeviceReceiveLog> getByCondition(DeviceReceiveLog condition);
+    PageInfo<DeviceReceiveLog> getByConditionPage(DeviceReceiveLog condition, Integer pageNum, Integer pageSize);
+
+    // 统计操作
+    Long countByCondition(DeviceReceiveLog condition);
+    List<Map<String, Object>> getDeviceLogStatistics();
+
+    // 删除操作
+    int deleteOldLogs(LocalDateTime beforeTime);
+
+    // 获取最近日志
+    List<DeviceReceiveLog> getRecentLogs(Integer limit);
+}
\ No newline at end of file
diff --git a/haobang-security-xdr/syslog-consumer/src/main/java/com/common/service/DeviceStatsUpdateService.java b/haobang-security-xdr/syslog-consumer/src/main/java/com/common/service/DeviceStatsUpdateService.java
new file mode 100644
index 0000000..05cee44
--- /dev/null
+++ b/haobang-security-xdr/syslog-consumer/src/main/java/com/common/service/DeviceStatsUpdateService.java
@@ -0,0 +1,189 @@
+package com.common.service;
+
+
+import com.common.entity.DeviceStatsDTO;
+import lombok.extern.slf4j.Slf4j;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.jdbc.core.JdbcTemplate;
+import org.springframework.jdbc.core.RowMapper;
+import org.springframework.scheduling.annotation.Scheduled;
+import org.springframework.stereotype.Service;
+import org.springframework.transaction.annotation.Transactional;
+
+import java.sql.ResultSet;
+import java.sql.SQLException;
+import java.time.LocalDateTime;
+import java.time.format.DateTimeFormatter;
+import java.util.List;
+import com.common.service.DeviceCollectTaskUpdateService;
+import org.springframework.scheduling.annotation.Scheduled;
+import org.springframework.stereotype.Component;
+import lombok.RequiredArgsConstructor;
+
+@Slf4j
+@Service
+@Component
+@RequiredArgsConstructor
+public class DeviceStatsUpdateService {
+
+    @Autowired
+    private final DeviceCollectTaskUpdateService updateService;
+    private static final DateTimeFormatter DATE_FORMATTER =
+            DateTimeFormatter.ofPattern("yyyyMMdd");
+
+    @Autowired
+    private JdbcTemplate jdbcTemplate;
+
+    // SQL 模板定义
+    private static final String COLLECT_DEVICE_STATS_SQL =
+            "WITH device_receive_stats AS ( " +
+                    "    SELECT device_id, MAX(receive_time) AS last_receive_time " +
+                    "    FROM %s " +
+                    "    WHERE receive_time >= CURRENT_DATE " +
+                    "    GROUP BY device_id " +
+                    "), " +
+                    "parse_stats AS ( " +
+                    "    SELECT device_id, COUNT(*) AS parse_count " +
+                    "    FROM ( " +
+                    "        SELECT device_id FROM %s " +
+                    "        WHERE created_at >= CURRENT_DATE " +
+                    "        UNION ALL " +
+                    "        SELECT device_id FROM %s " +
+                    "        WHERE created_at >= CURRENT_DATE " +
+                    "    ) t " +
+                    "    GROUP BY device_id " +
+                    "), " +
+                    "non_log_stats AS ( " +
+                    "    SELECT device_id, COUNT(*) AS non_log_count " +
+                    "    FROM %s " +
+                    "    WHERE created_at >= CURRENT_DATE " +
+                    "    GROUP BY device_id " +
+                    "), " +
+                    "combined_stats AS ( " +
+                    "    SELECT COALESCE(r.device_id, p.device_id, n.device_id) AS device_id, " +
+                    "           r.last_receive_time, " +
+                    "           COALESCE(p.parse_count, 0) AS parse_count, " +
+                    "           COALESCE(n.non_log_count, 0) AS non_log_count " +
+                    "    FROM device_receive_stats r " +
+                    "    FULL OUTER JOIN parse_stats p ON r.device_id = p.device_id " +
+                    "    FULL OUTER JOIN non_log_stats n ON COALESCE(r.device_id, p.device_id) = n.device_id " +
+                    ") " +
+                    "SELECT * FROM combined_stats";
+
+    private static final String UPDATE_DEVICE_STATS_SQL =
+            "UPDATE device_device " +
+                    "SET last_receive_time = ?, " +
+                    "    today_parse_count = ?, " +
+                    "    today_non_log_count = ?, " +
+                    "    updated_at = NOW() " +
+                    "WHERE id = ?";
+
+    /**
+     * 每分钟执行一次统计更新（秒：0，分：*，时：*）
+     */
+    @Scheduled(cron = "0 * * * * ?")
+    @Transactional
+    public void updateDeviceStats() {
+        long startTime = System.currentTimeMillis();
+        log.info("开始执行设备统计更新任务...");
+
+        try {
+            // 获取当前日期，用于动态表名
+            String today = LocalDateTime.now().format(DATE_FORMATTER);
+
+            // 统计每个设备的当天数据
+            List<DeviceStatsDTO> deviceStats = collectDeviceStats(today);
+
+            // 批量更新 device_device 表
+            batchUpdateDeviceStats(deviceStats);
+
+            long endTime = System.currentTimeMillis();
+            log.info("设备统计更新完成，处理设备数：{}，耗时：{}ms",
+                    deviceStats.size(), (endTime - startTime));
+
+            // 批量更新 device_collect_task 表
+            updateDeviceCollectTaskTimes();
+
+        } catch (Exception e) {
+            log.error("设备统计更新任务执行失败", e);
+            throw e;
+        }
+    }
+
+    /**
+     * 收集设备统计信息
+     */
+    private List<DeviceStatsDTO> collectDeviceStats(String today) {
+        // 构建动态表名
+        String receiveLogTable = "device_receive_log";
+        String normalDataTable = "syslog_normal_data_" + today;
+        String normalAlarmTable = "syslog_normal_alarm_" + today;
+        String nonNormalTable = "syslog_non_normal_message_" + today;
+
+        String sql = String.format(
+                COLLECT_DEVICE_STATS_SQL,
+                receiveLogTable,
+                normalDataTable,
+                normalAlarmTable,
+                nonNormalTable
+        );
+
+        return jdbcTemplate.query(sql, new RowMapper<DeviceStatsDTO>() {
+            @Override
+            public DeviceStatsDTO mapRow(ResultSet rs, int rowNum) throws SQLException {
+                DeviceStatsDTO dto = new DeviceStatsDTO();
+                dto.setDeviceId(rs.getLong("device_id"));
+
+                java.sql.Timestamp timestamp = rs.getTimestamp("last_receive_time");
+                if (timestamp != null) {
+                    dto.setLastReceiveTime(timestamp.toLocalDateTime());
+                }
+
+                dto.setParseCount(rs.getInt("parse_count"));
+                dto.setNonLogCount(rs.getInt("non_log_count"));
+                return dto;
+            }
+        });
+    }
+
+    /**
+     * 批量更新设备统计信息
+     */
+    private void batchUpdateDeviceStats(List<DeviceStatsDTO> deviceStats) {
+        if (deviceStats.isEmpty()) {
+            return;
+        }
+
+        // 使用批量更新提高性能
+        List<Object[]> batchArgs = deviceStats.stream()
+                .map(dto -> new Object[] {
+                        dto.getLastReceiveTime(),
+                        dto.getParseCount(),
+                        dto.getNonLogCount(),
+                        dto.getDeviceId()
+                })
+                .collect(java.util.stream.Collectors.toList());
+
+        int[] updateCounts = jdbcTemplate.batchUpdate(UPDATE_DEVICE_STATS_SQL, batchArgs);
+
+        log.debug("批量更新完成，影响行数：{}", updateCounts.length);
+    }
+
+
+    public void updateDeviceCollectTaskTimes() {
+        log.info("开始执行设备采集探针任务时间更新，时间: {}", LocalDateTime.now());
+
+        try {
+            long startTime = System.currentTimeMillis();
+
+            // 使用批量更新方法
+            updateService.batchUpdateDeviceTaskTimes();
+
+            long endTime = System.currentTimeMillis();
+            log.info("设备采集探针任务时间更新完成，耗时: {}ms", endTime - startTime);
+
+        } catch (Exception e) {
+            log.error("执行设备采集探针任务时间更新失败", e);
+        }
+    }
+}
\ No newline at end of file
diff --git a/haobang-security-xdr/syslog-consumer/src/main/java/com/common/service/DmColumnService.java b/haobang-security-xdr/syslog-consumer/src/main/java/com/common/service/DmColumnService.java
new file mode 100644
index 0000000..1c55882
--- /dev/null
+++ b/haobang-security-xdr/syslog-consumer/src/main/java/com/common/service/DmColumnService.java
@@ -0,0 +1,29 @@
+package com.common.service;
+
+import com.common.entity.DmColumn;
+import java.util.List;
+import java.util.Map;
+
+public interface DmColumnService {
+
+    List<DmColumn> findAll();
+
+    DmColumn findById(Long id);
+
+    DmColumn findByDmColumnId(Long id);
+
+    DmColumn findByName(String name);
+
+    List<DmColumn> findByDisplayName(String displayName);
+
+    List<DmColumn> findByIsBuiltIn(Boolean isBuiltIn);
+
+    int insert(DmColumn dmColumn);
+
+    int batchInsert(List<DmColumn> dmColumns);
+
+    List<DmColumn> findByCondition(DmColumn condition);
+    Long count();
+
+    List<Map<String, Object>>  selectAllNormal();
+}
\ No newline at end of file
diff --git a/haobang-security-xdr/syslog-consumer/src/main/java/com/common/service/DmNormalizeRuleService.java b/haobang-security-xdr/syslog-consumer/src/main/java/com/common/service/DmNormalizeRuleService.java
new file mode 100644
index 0000000..58e7090
--- /dev/null
+++ b/haobang-security-xdr/syslog-consumer/src/main/java/com/common/service/DmNormalizeRuleService.java
@@ -0,0 +1,101 @@
+package com.common.service;
+
+import com.common.entity.XdrHoneypot;
+import com.common.mapper.XdrHoneypotMapper;
+import com.common.util.MyBatisUtil;
+import com.influx.SyslogToInfluxApp;
+import org.apache.ibatis.annotations.Param;
+import org.apache.ibatis.session.SqlSession;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.cache.annotation.CacheConfig;
+import org.springframework.cache.annotation.Cacheable;
+import org.springframework.stereotype.Service;
+
+import com.common.mapper.DmNormalizeRuleMapper;
+import com.common.entity.DmNormalizeRule;
+
+import java.util.List;
+import java.util.Map;
+
+
+
+@Service
+@CacheConfig(cacheNames = "normalizeRule")
+public class DmNormalizeRuleService {
+
+    @Autowired
+    private DmNormalizeRuleMapper dmNormalizeRuleMapper;
+
+    private static final Logger logger = LoggerFactory.getLogger(DmNormalizeRuleService.class);
+
+
+    /**
+     * 根据ID查询规则
+     */
+    @Cacheable(key = "'id:' + #id")
+    public DmNormalizeRule getById(Long id) {
+        return dmNormalizeRuleMapper.selectById(id);
+    }
+
+    /**
+     * 根据ID和租户查询规则
+     */
+    public DmNormalizeRule getByIdAndTenant(Long id, String tenantId) {
+        return dmNormalizeRuleMapper.selectByIdAndTenant(id, tenantId);
+    }
+    /**
+     * 根据ID更新规则
+     */
+    public boolean updateById(DmNormalizeRule rule) {
+        // 设置更新时间
+        rule.setUpdatedAt(java.time.LocalDateTime.now());
+        rule.setUpdateTime(java.time.LocalDateTime.now());
+        int result = dmNormalizeRuleMapper.updateById(rule);
+        return result > 0;
+    }
+
+    /**
+     * 根据ID和租户更新规则
+     */
+    public boolean updateByIdAndTenant(DmNormalizeRule rule) {
+        // 设置更新时间
+        rule.setUpdatedAt(java.time.LocalDateTime.now());
+        rule.setUpdateTime(java.time.LocalDateTime.now());
+        int result = dmNormalizeRuleMapper.updateByIdAndTenant(rule);
+        return result > 0;
+    }
+    /**
+     * 根据device ID 获取normal rule 信息
+     */
+    @Cacheable(key = "'deviceId:' + #id")
+    public List<Map<String, Object>> selectByDeviceId(  Long id)
+    {
+        try (SqlSession sqlSession = MyBatisUtil.getSqlSession()) {
+            dmNormalizeRuleMapper = sqlSession.getMapper(DmNormalizeRuleMapper.class);
+
+            List<Map<String, Object>>  ruleMap=dmNormalizeRuleMapper.selectByDeviceId(id);
+            sqlSession.commit();
+            return ruleMap;
+
+        } catch (Exception e) {
+            logger.error("DmNormalizeRuleService MyBatisUtil getSqlSession 异常", e);
+        }
+        return null;
+    }
+
+    /**
+     * 根据device ID 获取关联的Normalize Rule 信息
+     * @param id
+     * @return
+     */
+    @Cacheable(key = "'deviceId:' + #id")
+    public List<Map<String, Object>> selectByDeviceIdAuto( Long id)
+    {
+        System.out.println("调用selectByDeviceIdAuto 方法,id:"+id);
+        List<Map<String, Object>>  ruleMap=dmNormalizeRuleMapper.selectByDeviceId(id);
+        return ruleMap;
+    }
+
+}
\ No newline at end of file
diff --git a/haobang-security-xdr/syslog-consumer/src/main/java/com/common/service/ElasticsearchService.java b/haobang-security-xdr/syslog-consumer/src/main/java/com/common/service/ElasticsearchService.java
new file mode 100644
index 0000000..4dd7b48
--- /dev/null
+++ b/haobang-security-xdr/syslog-consumer/src/main/java/com/common/service/ElasticsearchService.java
@@ -0,0 +1,165 @@
+package com.common.service;
+
+
+
+import com.common.entity.AppLog;
+import com.common.service.AppLogRepository;
+import lombok.extern.slf4j.Slf4j;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.data.elasticsearch.core.ElasticsearchRestTemplate;
+import org.springframework.data.elasticsearch.core.IndexOperations;
+import org.springframework.data.elasticsearch.core.document.Document;
+import org.springframework.data.elasticsearch.core.mapping.IndexCoordinates;
+import org.springframework.stereotype.Service;
+
+import java.time.LocalDate;
+import java.time.format.DateTimeFormatter;
+import java.util.List;
+import java.util.stream.Collectors;
+import java.util.Collections;
+@Slf4j
+@Service
+public class ElasticsearchService {
+
+    @Autowired
+    private AppLogRepository appLogRepository;
+
+    @Autowired
+    private ElasticsearchRestTemplate elasticsearchRestTemplate;
+
+    private static final DateTimeFormatter INDEX_FORMATTER = DateTimeFormatter.ofPattern("yyyyMMdd");
+
+    /**
+     * 保存日志到ES
+     */
+    public void saveAppLog(AppLog appLog) {
+        try {
+            // 设置索引名为当天的日期
+            String indexName = "applog-" + LocalDate.now().format(INDEX_FORMATTER);
+            appLog.setIndex(indexName);
+
+            // 检查索引是否存在，不存在则创建
+            IndexOperations indexOps = elasticsearchRestTemplate.indexOps(IndexCoordinates.of(indexName));
+            if (!indexOps.exists()) {
+                indexOps.create();
+                Document mapping = indexOps.createMapping(AppLog.class);
+                indexOps.putMapping(mapping);
+                log.info("创建ES索引: {}", indexName);
+            }
+
+            // 保存数据
+            appLogRepository.save(appLog);
+            log.info("成功保存日志到ES, ID: {}, Index: {}", appLog.getId(), indexName);
+
+        } catch (Exception e) {
+            log.error("保存日志到ES失败", e);
+            throw new RuntimeException("保存ES日志失败", e);
+        }
+    }
+
+    /**
+     * 批量保存日志
+     */
+    public void saveAppLogs(List<AppLog> appLogs) {
+        try {
+            String indexName = "applog-" + LocalDate.now().format(INDEX_FORMATTER);
+
+            // 设置所有日志的索引
+            appLogs.forEach(log -> log.setIndex(indexName));
+
+            // 检查索引是否存在，不存在则创建
+            IndexOperations indexOps = elasticsearchRestTemplate.indexOps(IndexCoordinates.of(indexName));
+            if (!indexOps.exists()) {
+                indexOps.create();
+                Document mapping = indexOps.createMapping(AppLog.class);
+                indexOps.putMapping(mapping);
+                log.info("创建ES索引: {}", indexName);
+            }
+
+            appLogRepository.saveAll(appLogs);
+            log.info("批量保存 {} 条日志到ES索引: {}", appLogs.size(), indexName);
+
+        } catch (Exception e) {
+            log.error("批量保存日志到ES失败", e);
+            throw new RuntimeException("批量保存ES日志失败", e);
+        }
+    }
+
+    /**
+     * 根据日期获取索引中的日志
+     */
+    public List<AppLog> getLogsByDate(LocalDate date) {
+        String indexName = "applog-" + date.format(INDEX_FORMATTER);
+        IndexCoordinates indexCoordinates = IndexCoordinates.of(indexName);
+
+        try {
+            // 检查索引是否存在
+            IndexOperations indexOps = elasticsearchRestTemplate.indexOps(indexCoordinates);
+            if (!indexOps.exists()) {
+                log.info("索引 {} 不存在", indexName);
+                return Collections.emptyList();
+            }
+
+            // 使用ElasticsearchRestTemplate查询指定索引
+            return elasticsearchRestTemplate.search(
+                    org.springframework.data.elasticsearch.core.query.Query.findAll(),
+                    AppLog.class,
+                    indexCoordinates
+            ).get().map(result -> {
+                AppLog appLog = result.getContent();
+                appLog.setIndex(indexName); // 设置索引名称
+                appLog.setScore(result.getScore()); // 设置评分
+                return appLog;
+            }).collect(Collectors.toList());
+        } catch (Exception e) {
+            log.warn("查询ES索引 {} 失败", indexName, e);
+            return Collections.emptyList();
+        }
+    }
+
+    /**
+     * 根据ID检查日志是否存在
+     */
+    public boolean existsById(String id, LocalDate date) {
+        String indexName = "applog-" + date.format(INDEX_FORMATTER);
+        IndexCoordinates indexCoordinates = IndexCoordinates.of(indexName);
+
+        try {
+            //return elasticsearchRestTemplate.exists(id, AppLog.class, indexCoordinates);
+            return elasticsearchRestTemplate.exists(id,  indexCoordinates);
+        } catch (Exception e) {
+            log.warn("检查日志存在性失败, ID: {}, Index: {}", id, indexName);
+            return false;
+        }
+    }
+
+    /**
+     * 根据索引名称获取日志
+     */
+    public List<AppLog> getLogsByIndex(String indexName) {
+        IndexCoordinates indexCoordinates = IndexCoordinates.of(indexName);
+
+        try {
+            // 检查索引是否存在
+            IndexOperations indexOps = elasticsearchRestTemplate.indexOps(indexCoordinates);
+            if (!indexOps.exists()) {
+                log.info("索引 {} 不存在", indexName);
+                return Collections.emptyList();
+            }
+
+            return elasticsearchRestTemplate.search(
+                    org.springframework.data.elasticsearch.core.query.Query.findAll(),
+                    AppLog.class,
+                    indexCoordinates
+            ).get().map(result -> {
+                AppLog appLog = result.getContent();
+                appLog.setIndex(indexName);
+                appLog.setScore(result.getScore());
+                return appLog;
+            }).collect(Collectors.toList());
+        } catch (Exception e) {
+            log.warn("查询ES索引 {} 失败", indexName, e);
+            return Collections.emptyList();
+        }
+    }
+}
\ No newline at end of file
diff --git a/haobang-security-xdr/syslog-consumer/src/main/java/com/common/service/EsToDbSyncService.java b/haobang-security-xdr/syslog-consumer/src/main/java/com/common/service/EsToDbSyncService.java
new file mode 100644
index 0000000..8619a25
--- /dev/null
+++ b/haobang-security-xdr/syslog-consumer/src/main/java/com/common/service/EsToDbSyncService.java
@@ -0,0 +1,132 @@
+package com.common.service;
+
+import com.common.entity.AppLog;
+import com.common.entity.AppLogEntity;
+import lombok.extern.slf4j.Slf4j;
+import org.springframework.beans.BeanUtils;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.stereotype.Service;
+
+import java.time.Instant;
+import java.time.LocalDate;
+import java.time.LocalDateTime;
+import java.time.ZoneId;
+import java.util.List;
+import java.util.stream.Collectors;
+
+@Slf4j
+@Service
+public class EsToDbSyncService {
+
+    @Autowired
+    private ElasticsearchService elasticsearchService;
+
+    @Autowired
+    private ApplogService ApplogService;
+
+    /**
+     * 同步指定日期的ES日志到数据库
+     */
+    public void syncEsLogsToDatabase(LocalDate date) {
+        log.info("开始同步ES日志到数据库，日期: {}", date);
+
+        try {
+            // 从ES获取指定日期的日志
+            List<AppLog> esLogs = elasticsearchService.getLogsByDate(date);
+
+            if (esLogs.isEmpty()) {
+                log.info("ES中未找到 {} 的日志数据", date);
+                return;
+            }
+
+            log.info("从ES索引 applog-{} 获取到 {} 条日志",
+                    date.format(java.time.format.DateTimeFormatter.ofPattern("yyyyMMdd")),
+                    esLogs.size());
+
+            // 转换为数据库实体
+            List<AppLogEntity> dbLogs = esLogs.stream()
+                    .map(this::convertToEntity)
+                    .collect(Collectors.toList());
+
+            // 批量保存到数据库（自动去重）
+            int savedCount = ApplogService.batchSaveAppLogsWithDeduplication(dbLogs);
+
+            log.info("同步完成，成功保存 {} 条日志到数据库", savedCount);
+
+        } catch (Exception e) {
+            log.error("同步ES日志到数据库失败，日期: {}", date, e);
+            throw new RuntimeException("同步失败", e);
+        }
+    }
+
+    /**
+     * 同步指定索引的ES日志到数据库
+     */
+    public void syncEsLogsByIndexToDatabase(String indexName) {
+        log.info("开始同步ES索引 {} 的日志到数据库", indexName);
+
+        try {
+            // 从ES获取指定索引的日志
+            List<AppLog> esLogs = elasticsearchService.getLogsByIndex(indexName);
+
+            if (esLogs.isEmpty()) {
+                log.info("ES索引 {} 中未找到日志数据", indexName);
+                return;
+            }
+
+            log.info("从ES索引 {} 获取到 {} 条日志", indexName, esLogs.size());
+
+            // 转换为数据库实体
+            List<AppLogEntity> dbLogs = esLogs.stream()
+                    .map(this::convertToEntity)
+                    .collect(Collectors.toList());
+
+            // 批量保存到数据库（自动去重）
+            int savedCount = ApplogService.batchSaveAppLogsWithDeduplication(dbLogs);
+
+            log.info("同步完成，成功保存 {} 条日志到数据库", savedCount);
+
+        } catch (Exception e) {
+            log.error("同步ES索引 {} 的日志到数据库失败", indexName, e);
+            throw new RuntimeException("同步失败", e);
+        }
+    }
+
+    /**
+     * 将ES实体转换为数据库实体
+     */
+    private AppLogEntity convertToEntity(AppLog esLog) {
+        AppLogEntity entity = new AppLogEntity();
+
+        // 复制ES元数据字段
+        entity.setEsId(esLog.getId());
+        entity.setEsIndex(esLog.getIndex());
+        entity.setEsType(esLog.getType());
+        entity.setEsScore(esLog.getScore());
+
+        // 复制日志内容字段
+        entity.setDtTime(esLog.getDtTime());
+        entity.setCollectTime(esLog.getCollectTime());
+        entity.setLogType(esLog.getLogType());
+        entity.setTraceId(esLog.getTraceId());
+        entity.setMethod(esLog.getMethod());
+        entity.setAppName(esLog.getAppName());
+        entity.setIp(esLog.getIp());
+        entity.setClassName(esLog.getClassName());
+        entity.setEnv(esLog.getEnv());
+        entity.setContent(esLog.getContent());
+        entity.setThreadName(esLog.getThreadName());
+        entity.setLogLevel(esLog.getLogLevel());
+        entity.setSeq(esLog.getSeq());
+        entity.setIndexedAt(esLog.getIndexedAt());
+
+        // 转换时间字段
+        if (esLog.getDtTime() != null) {
+            entity.setLogDate(Instant.ofEpochMilli(esLog.getDtTime())
+                    .atZone(ZoneId.systemDefault())
+                    .toLocalDateTime());
+        }
+
+        return entity;
+    }
+}
\ No newline at end of file
diff --git a/haobang-security-xdr/syslog-consumer/src/main/java/com/common/service/InfluxSyslogService.java b/haobang-security-xdr/syslog-consumer/src/main/java/com/common/service/InfluxSyslogService.java
new file mode 100644
index 0000000..40994fb
--- /dev/null
+++ b/haobang-security-xdr/syslog-consumer/src/main/java/com/common/service/InfluxSyslogService.java
@@ -0,0 +1,212 @@
+package com.common.service;
+
+ import com.influx.InfluxDBClient;
+import lombok.extern.slf4j.Slf4j;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.stereotype.Service;
+import java.time.Instant;
+import java.time.LocalDateTime;
+import java.time.ZoneId;
+import java.time.format.DateTimeFormatter;
+import java.time.temporal.ChronoUnit;
+import java.util.List;
+import java.util.Map;
+ import java.util.ArrayList;
+ import org.springframework.util.CollectionUtils;
+ import java.util.Collections;
+ import java.util.HashMap;
+
+@Slf4j
+@Service
+public class InfluxSyslogService {
+
+    //@Autowired
+    //private InfluxDBClient influxDBClient;
+    // 初始化 InfluxDB 客户端
+    //@Autowired
+    private final com.influx.InfluxDBClient influxDBClient  = new InfluxDBClient();
+
+    private static final DateTimeFormatter TABLE_DATE_FORMATTER = DateTimeFormatter.ofPattern("yyyyMMdd");
+    private static final DateTimeFormatter INPUT_DATE_FORMATTER = DateTimeFormatter.ISO_DATE_TIME;
+
+    /**
+     * 接口1：按时间范围查询（最长一天）
+     */
+    public List<Map<String, Object>> queryByTimeRange(String startTime, String endTime) {
+        try {
+            Instant start = parseInstant(startTime);
+            Instant end = parseInstant(endTime);
+
+            validateTimeRange(start, end);
+
+            // 生成需要查询的表名（处理跨天情况）
+            List<String> measurementNames = generateMeasurementNames(start, end);
+            List<Map<String, Object>> allResults = new ArrayList<>();
+
+            for (String measurement : measurementNames) {
+                List<Map<String, Object>> results = influxDBClient.queryByTimeRange(measurement, start, end);
+                allResults.addAll(results);
+            }
+
+            log.info("按时间范围查询成功，查询表: {}, 返回记录数: {}", measurementNames, allResults.size());
+            return allResults;
+
+        } catch (Exception e) {
+            log.error("按时间范围查询失败: {}", e.getMessage());
+            throw new RuntimeException("查询失败: " + e.getMessage(), e);
+        }
+    }
+
+    /**
+     * 接口2：按UUID查询详细日志
+     */
+    public List<Map<String, Object>> queryByUuid(String uuid) {
+        try {
+            // 从UUID中提取日期部分
+            String datePart = extractDateFromUuid(uuid);
+            String measurement = "syslog_security_" + datePart;
+
+            List<Map<String, Object>> results = influxDBClient.queryByUuid(measurement, uuid);
+
+            log.info("按UUID查询成功，表: {}, UUID: {}, 返回记录数: {}", measurement, uuid, results.size());
+            return results;
+
+        } catch (Exception e) {
+            log.error("按UUID查询失败: {}", e.getMessage());
+            throw new RuntimeException("查询失败: " + e.getMessage(), e);
+        }
+    }
+
+
+
+    /**
+     * 接口3：按设备ID和时间范围查询
+     */
+    public List<Map<String, Object>> queryByDeviceIdAndTime(String deviceId, String startTime, String endTime) {
+        try {
+            Instant start = parseInstant(startTime);
+            Instant end = parseInstant(endTime);
+
+            validateTimeRange(start, end);
+
+            List<String> measurementNames = generateMeasurementNames(start, end);
+            List<Map<String, Object>> allResults = new ArrayList<>();
+
+            for (String measurement : measurementNames) {
+                List<Map<String, Object>> results = influxDBClient.queryByDeviceIdAndTime(measurement, deviceId, start, end);
+                allResults.addAll(results);
+            }
+
+            log.info("按设备ID查询成功，设备: {}, 返回记录数: {}", deviceId, allResults.size());
+            return allResults;
+
+        } catch (Exception e) {
+            log.error("按设备ID查询失败: {}", e.getMessage());
+            throw new RuntimeException("查询失败: " + e.getMessage(), e);
+        }
+    }
+
+    /**
+     * 接口4：模糊查询message内容
+     */
+    public List<Map<String, Object>> queryByMessageContent(String startTime, String endTime, String keyword) {
+        try {
+            Instant start = parseInstant(startTime);
+            Instant end = parseInstant(endTime);
+
+            validateTimeRange(start, end);
+            validateKeyword(keyword);
+
+            List<String> measurementNames = generateMeasurementNames(start, end);
+            List<Map<String, Object>> allResults = new ArrayList<>();
+
+            for (String measurement : measurementNames) {
+                List<Map<String, Object>> results = influxDBClient.queryByMessageContent(measurement, start, end, keyword);
+                allResults.addAll(results);
+            }
+
+            log.info("模糊查询成功，关键字: {}, 返回记录数: {}", keyword, allResults.size());
+            return allResults;
+
+        } catch (Exception e) {
+            log.error("模糊查询失败: {}", e.getMessage());
+            throw new RuntimeException("查询失败: " + e.getMessage(), e);
+        }
+    }
+    public Map<String, List<Map<String, Object>>> queryByUuids(List<String> uuids) {
+        if (CollectionUtils.isEmpty(uuids)) {
+            return Collections.emptyMap();
+        }
+        Map<String, List<Map<String, Object>>> resultMap = new HashMap<>();
+        for (String uuid : uuids) {
+            // 查询单个UUID的日志
+            List<Map<String, Object>> logList = queryByUuid(uuid);
+            resultMap.put(uuid, logList);
+        }
+        return resultMap;
+    }
+    /**
+     * 从UUID中提取日期部分
+     */
+    private String extractDateFromUuid(String uuid) {
+        if (uuid == null || uuid.length() < 8) {
+            throw new IllegalArgumentException("UUID格式不正确，无法提取日期");
+        }
+        return uuid.substring(0, 8);
+    }
+
+    /**
+     * 解析时间字符串为Instant
+     */
+    private Instant parseInstant(String timeString) {
+        try {
+            return Instant.parse(timeString);
+        } catch (Exception e) {
+            throw new IllegalArgumentException("时间格式不正确，请使用ISO格式，例如: 2023-11-20T00:00:00Z");
+        }
+    }
+
+    /**
+     * 验证时间范围（最长一天）
+     */
+    private void validateTimeRange(Instant start, Instant end) {
+        long hours = ChronoUnit.HOURS.between(start, end);
+        if (hours > 24) {
+            throw new IllegalArgumentException("查询时间范围不能超过24小时");
+        }
+        if (start.isAfter(end)) {
+            throw new IllegalArgumentException("开始时间不能晚于结束时间");
+        }
+    }
+
+    /**
+     * 验证搜索关键字
+     */
+    private void validateKeyword(String keyword) {
+        if (keyword == null || keyword.trim().isEmpty()) {
+            throw new IllegalArgumentException("搜索关键字不能为空");
+        }
+        if (keyword.length() > 32) {
+            throw new IllegalArgumentException("搜索关键字长度不能超过32个字符");
+        }
+    }
+
+    /**
+     * 生成需要查询的表名列表（处理跨天情况）
+     */
+    private List<String> generateMeasurementNames(Instant start, Instant end) {
+        List<String> measurements = new ArrayList<>();
+
+        LocalDateTime startDate = LocalDateTime.ofInstant(start, ZoneId.of("UTC"));
+        LocalDateTime endDate = LocalDateTime.ofInstant(end, ZoneId.of("UTC"));
+
+        LocalDateTime currentDate = startDate;
+        while (!currentDate.toLocalDate().isAfter(endDate.toLocalDate())) {
+            String dateStr = currentDate.format(TABLE_DATE_FORMATTER);
+            measurements.add("syslog_security_" + dateStr);
+            currentDate = currentDate.plusDays(1);
+        }
+
+        return measurements;
+    }
+}
\ No newline at end of file
diff --git a/haobang-security-xdr/syslog-consumer/src/main/java/com/common/service/LogDataCompleteService.java b/haobang-security-xdr/syslog-consumer/src/main/java/com/common/service/LogDataCompleteService.java
new file mode 100644
index 0000000..584044c
--- /dev/null
+++ b/haobang-security-xdr/syslog-consumer/src/main/java/com/common/service/LogDataCompleteService.java
@@ -0,0 +1,258 @@
+package com.common.service;
+
+
+
+import com.alibaba.fastjson.JSON;
+import com.alibaba.fastjson.JSONArray;
+import com.alibaba.fastjson.JSONObject;
+
+import lombok.RequiredArgsConstructor;
+import lombok.extern.slf4j.Slf4j;
+import org.springframework.stereotype.Service;
+import org.springframework.util.StringUtils;
+
+import java.util.List;
+import java.util.Map;
+import java.util.regex.Pattern;
+
+@Slf4j
+@Service
+@RequiredArgsConstructor
+public class LogDataCompleteService {
+
+
+    /**
+     * 处理日志数据补全
+     */
+    public boolean processDataCompletion(String ruleContent,Map<String, Object> destMap) {
+        try {
+            boolean hasCompleted = false;
+            if (executeCompleteRule(ruleContent, destMap)) {
+                    hasCompleted = true;
+            }
+            if (hasCompleted) {
+                log.debug("数据补全完成: {}", destMap.get("id"));
+            } else {
+                log.debug("数据无需补全: {}", destMap.get("id"));
+            }
+            return hasCompleted;
+        } catch (Exception e) {
+            log.error("处理数据补全时发生错误: {}", e.getMessage(), e);
+            return false;
+        }
+    }
+
+    /**
+     * 执行补全规则
+     */
+    private boolean executeCompleteRule(String ruleContent, Map<String, Object> destMap) {
+        try {
+            JSONObject ruleJson = JSON.parseObject(ruleContent);
+            JSONArray completeColumns = ruleJson.getJSONArray("complete_columns");
+
+            if (completeColumns == null || completeColumns.isEmpty()) {
+                log.warn("补全规则为空");
+                return false;
+            }
+
+            boolean hasCompleted = false;
+
+            // 遍历所有补全配置
+            for (int i = 0; i < completeColumns.size(); i++) {
+                JSONObject completeConfig = completeColumns.getJSONObject(i);
+                 if (executeCompleteConfig(completeConfig, destMap)) {
+                    hasCompleted = true;
+                }
+            }
+
+            return hasCompleted;
+
+        } catch (Exception e) {
+            log.error("解析补全规则失败: {}", e.getMessage());
+            return false;
+        }
+    }
+
+    /**
+     * 执行单个补全配置
+     */
+    private boolean executeCompleteConfig(JSONObject completeConfig, Map<String, Object> destMap) {
+        try {
+            String columnName = completeConfig.getString("column_name");
+            Object value = completeConfig.get("value");
+            JSONArray conditions = completeConfig.getJSONArray("conditions");
+            String relation = completeConfig.getString("filters_relation");
+
+            // 检查目标字段是否已存在
+            if (destMap.containsKey(columnName) && destMap.get(columnName) != null) {
+                log.debug("字段 {} 已存在，跳过补全", columnName);
+                return false;
+            }
+
+            // 检查条件是否满足
+            boolean conditionsMet = evaluateConditions(conditions, relation, destMap);
+
+            if (conditionsMet) {
+                // 执行补全操作
+                destMap.put(columnName, value);
+                log.debug("字段 {} 补全完成，值: {}", columnName, value);
+                return true;
+            }
+
+            return false;
+
+        } catch (Exception e) {
+            log.error("执行补全配置失败: {}", e.getMessage());
+            return false;
+        }
+    }
+
+    /**
+     * 评估条件
+     */
+    private boolean evaluateConditions(JSONArray conditions, String relation, Map<String, Object> destMap) {
+        if (conditions == null || conditions.isEmpty()) {
+            return true; // 无条件，直接通过
+        }
+
+        // 根据关系类型评估
+        if ("or".equalsIgnoreCase(relation)) {
+            return evaluateOrConditions(conditions, destMap);
+        } else {
+            // 默认使用 AND 关系
+            return evaluateAndConditions(conditions, destMap);
+        }
+    }
+
+    /**
+     * 评估 AND 关系的条件
+     */
+    private boolean evaluateAndConditions(JSONArray conditions, Map<String, Object> destMap) {
+        for (int i = 0; i < conditions.size(); i++) {
+            JSONObject condition = conditions.getJSONObject(i);
+            if (!evaluateCondition(condition, destMap)) {
+                return false;
+            }
+        }
+        return true;
+    }
+
+    /**
+     * 评估 OR 关系的条件
+     */
+    private boolean evaluateOrConditions(JSONArray conditions, Map<String, Object> destMap) {
+        for (int i = 0; i < conditions.size(); i++) {
+            JSONObject condition = conditions.getJSONObject(i);
+            if (evaluateCondition(condition, destMap)) {
+                return true;
+            }
+        }
+        return false;
+    }
+
+    /**
+     * 评估单个条件
+     */
+    private boolean evaluateCondition(JSONObject condition, Map<String, Object> destMap) {
+        String columnName = condition.getString("column_name");
+        String op = condition.getString("op");
+        Object value = condition.get("value");
+
+        // 从目标Map中获取字段值
+        Object fieldValue = destMap.get(columnName);
+        if (fieldValue == null) {
+            fieldValue = ""; // 处理null值
+        }
+
+        String fieldValueStr = fieldValue.toString();
+
+        try {
+            switch (op) {
+                case "=":
+                    return equals(fieldValueStr, value);
+                case "!=":
+                    return notEquals(fieldValueStr, value);
+                case "in":
+                    return in(fieldValueStr, value);
+                case "zero_len":
+                    return zeroLen(fieldValueStr, value);
+                case "contain":
+                    return contain(fieldValueStr, value);
+                case "regexp":
+                    return regexp(fieldValueStr, value);
+                default:
+                    log.warn("未知的操作符: {}", op);
+                    return false;
+            }
+        } catch (Exception e) {
+            log.error("评估条件失败: {}{}{}, 错误: {}", columnName, op, value, e.getMessage());
+            return false;
+        }
+    }
+
+    /**
+     * 等于操作
+     */
+    private boolean equals(String fieldValue, Object value) {
+        if (value == null) return false;
+        return fieldValue.equals(value.toString());
+    }
+
+    /**
+     * 不等于操作
+     */
+    private boolean notEquals(String fieldValue, Object value) {
+        if (value == null) return true;
+        return !fieldValue.equals(value.toString());
+    }
+
+    /**
+     * IN 操作
+     */
+    private boolean in(String fieldValue, Object value) {
+        if (value instanceof JSONArray) {
+            JSONArray array = (JSONArray) value;
+            for (Object item : array) {
+                if (fieldValue.equals(item.toString())) {
+                    return true;
+                }
+            }
+            return false;
+        }
+        return false;
+    }
+
+    /**
+     * 非空检查操作
+     */
+    private boolean zeroLen(String fieldValue, Object value) {
+        boolean isEmpty = !StringUtils.hasText(fieldValue);
+        boolean expected = Boolean.parseBoolean(value.toString());
+        return isEmpty == expected;
+    }
+
+    /**
+     * 包含操作
+     */
+    private boolean contain(String fieldValue, Object value) {
+        if (value == null) return false;
+        return fieldValue.contains(value.toString());
+    }
+
+    /**
+     * 正则表达式匹配
+     */
+    private boolean regexp(String fieldValue, Object value) {
+        if (value == null) return false;
+        try {
+            Pattern pattern = Pattern.compile(value.toString());
+            return pattern.matcher(fieldValue).matches();
+        } catch (Exception e) {
+            log.error("正则表达式编译失败: {}, 错误: {}", value, e.getMessage());
+            return false;
+        }
+    }
+
+
+
+}
\ No newline at end of file
diff --git a/haobang-security-xdr/syslog-consumer/src/main/java/com/common/service/LogDataFilterService.java b/haobang-security-xdr/syslog-consumer/src/main/java/com/common/service/LogDataFilterService.java
new file mode 100644
index 0000000..993601c
--- /dev/null
+++ b/haobang-security-xdr/syslog-consumer/src/main/java/com/common/service/LogDataFilterService.java
@@ -0,0 +1,204 @@
+package com.common.service;
+
+
+import com.alibaba.fastjson.JSON;
+import com.alibaba.fastjson.JSONArray;
+import com.alibaba.fastjson.JSONObject;
+import com.common.mapper.SyslogNormalDataMapper;
+import lombok.RequiredArgsConstructor;
+import lombok.extern.slf4j.Slf4j;
+import org.springframework.stereotype.Service;
+import org.springframework.util.StringUtils;
+
+import java.util.List;
+import java.util.Map;
+import java.util.regex.Pattern;
+
+@Slf4j
+@Service
+@RequiredArgsConstructor
+public class LogDataFilterService {
+
+    /**
+     * 评估过滤规则
+     */
+    public boolean evaluateFilterRule(String ruleContent, Map<String, Object> destMap) {
+        try {
+            JSONObject ruleJson = JSON.parseObject(ruleContent);
+            if (ruleJson.containsKey("filters_params")  ) {
+                JSONObject filtersParamsObj = ruleJson.getJSONObject("filters_params");
+                JSONArray filtersParams = filtersParamsObj.getJSONArray("expressions");
+
+                if (filtersParams == null || filtersParams.isEmpty()) {
+                    log.warn("泛化规则-数据过滤规则为空，默认不处理!");
+                    return false;
+                }
+                // 遍历所有过滤组，只要满足任一过滤组即可
+                for (int i = 0; i < filtersParams.size(); i++) {
+                    JSONObject filterGroup = filtersParams.getJSONObject(i);
+                    if (evaluateFilterGroup(filterGroup, destMap)) {
+                        return true;
+                    }
+                }
+            }
+            return false;
+
+        } catch (Exception e) {
+            log.error("解析过滤规则失败或filters_params为空: {}", e.getMessage());
+            return false;
+        }
+    }
+
+    /**
+     * 评估过滤组
+     */
+    private boolean evaluateFilterGroup(JSONObject filterGroup, Map<String, Object> destMap) {
+        try {
+            //JSONObject expressions_obj = filterGroup.getJSONObject("expressions");
+            JSONArray expressions = filterGroup.getJSONArray("expressions");
+            String relation = filterGroup.getString("filters_relation");
+
+            if (expressions == null || expressions.isEmpty()) {
+                return false;
+            }
+
+            // 根据关系类型评估
+            if ("or".equalsIgnoreCase(relation)) {
+                return evaluateOrExpressions(expressions, destMap);
+            } else {
+                // 默认使用 AND 关系
+                return evaluateAndExpressions(expressions, destMap);
+            }
+        } catch (Exception e) {
+            log.error("评估过滤组evaluateFilterGroup解析json失败: {}", e.getMessage());
+            return false;
+        }
+    }
+
+    /**
+     * 评估 AND 关系的表达式
+     */
+    private boolean evaluateAndExpressions(JSONArray expressions, Map<String, Object> destMap) {
+        for (int i = 0; i < expressions.size(); i++) {
+            JSONObject expression = expressions.getJSONObject(i);
+            if (!evaluateExpression(expression, destMap)) {
+                return false;
+            }
+        }
+        return true;
+    }
+
+    /**
+     * 评估 OR 关系的表达式
+     */
+    private boolean evaluateOrExpressions(JSONArray expressions, Map<String, Object> destMap) {
+        for (int i = 0; i < expressions.size(); i++) {
+            JSONObject expression = expressions.getJSONObject(i);
+            if (evaluateExpression(expression, destMap)) {
+                return true;
+            }
+        }
+        return false;
+    }
+
+    /**
+     * 评估单个表达式
+     */
+    private boolean evaluateExpression(JSONObject expression, Map<String, Object> destMap) {
+        String columnName = expression.getString("column_name");
+        String op = expression.getString("op");
+        Object value = expression.get("value");
+
+        // 从目标Map中获取字段值
+        Object fieldValue = destMap.get(columnName);
+        if (fieldValue == null) {
+            fieldValue = ""; // 处理null值
+        }
+
+        String fieldValueStr = fieldValue.toString();
+
+        try {
+            switch (op) {
+                case "=":
+                    return equals(fieldValueStr, value);
+                case "!=":
+                    return notEquals(fieldValueStr, value);
+                case "in":
+                    return in(fieldValueStr, value);
+                case "zero_len":
+                    return zeroLen(fieldValueStr, value);
+                case "contain":
+                    return contain(fieldValueStr, value);
+                case "regexp":
+                    return regexp(fieldValueStr, value);
+                default:
+                    log.warn("未知的操作符: {}", op);
+                    return false;
+            }
+        } catch (Exception e) {
+            log.error("评估表达式失败: {}{}{}, 错误: {}", columnName, op, value, e.getMessage());
+            return false;
+        }
+    }
+
+    /**
+     * 等于操作
+     */
+    private boolean equals(String fieldValue, Object value) {
+        return fieldValue.equals(value.toString());
+    }
+
+    /**
+     * 不等于操作
+     */
+    private boolean notEquals(String fieldValue, Object value) {
+        return !fieldValue.equals(value.toString());
+    }
+
+    /**
+     * IN 操作
+     */
+    private boolean in(String fieldValue, Object value) {
+        if (value instanceof JSONArray) {
+            JSONArray array = (JSONArray) value;
+            for (Object item : array) {
+                if (fieldValue.equals(item.toString())) {
+                    return true;
+                }
+            }
+            return false;
+        }
+        return false;
+    }
+
+    /**
+     * 长度检查操作
+     */
+    private boolean zeroLen(String fieldValue, Object value) {
+        boolean isEmpty = !StringUtils.hasText(fieldValue);
+        boolean expected = Boolean.parseBoolean(value.toString());
+        return isEmpty == expected;
+    }
+
+    /**
+     * 包含操作
+     */
+    private boolean contain(String fieldValue, Object value) {
+        return fieldValue.contains(value.toString());
+    }
+
+    /**
+     * 正则表达式匹配
+     */
+    private boolean regexp(String fieldValue, Object value) {
+        try {
+            Pattern pattern = Pattern.compile(value.toString());
+            return pattern.matcher(fieldValue).matches();
+        } catch (Exception e) {
+            log.error("正则表达式编译失败: {}, 错误: {}", value, e.getMessage());
+            return false;
+        }
+    }
+
+
+}
\ No newline at end of file
diff --git a/haobang-security-xdr/syslog-consumer/src/main/java/com/common/service/PartitionTableService.java b/haobang-security-xdr/syslog-consumer/src/main/java/com/common/service/PartitionTableService.java
new file mode 100644
index 0000000..c20c17a
--- /dev/null
+++ b/haobang-security-xdr/syslog-consumer/src/main/java/com/common/service/PartitionTableService.java
@@ -0,0 +1,227 @@
+package com.common.service;
+
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.jdbc.core.JdbcTemplate;
+import org.springframework.stereotype.Service;
+
+import java.time.LocalDate;
+import java.time.format.DateTimeFormatter;
+import java.time.temporal.TemporalAdjusters;
+
+import java.util.ArrayList;
+
+import java.util.List;
+import java.util.Map;
+import java.util.HashMap;
+@Service
+public class PartitionTableService {
+
+    private static final Logger logger = LoggerFactory.getLogger(PartitionTableService.class);
+
+    @Autowired
+    private JdbcTemplate jdbcTemplate;
+
+    private static final DateTimeFormatter DATE_FORMATTER = DateTimeFormatter.ofPattern("yyyyMMdd");
+    private static final DateTimeFormatter SQL_DATE_FORMATTER = DateTimeFormatter.ofPattern("yyyy-MM-dd");
+    private static final DateTimeFormatter DISPLAY_FORMATTER = DateTimeFormatter.ofPattern("yyyy年MM月dd日");
+    /**
+     * 检查第二天的分区表状态
+     */
+    public PartitionTableStatus checkTomorrowPartitionTable() {
+        PartitionTableStatus status = new PartitionTableStatus();
+
+        try {
+            LocalDate tomorrow = LocalDate.now().plusDays(1);
+            String tableName = "syslog_normal_data_" + tomorrow.format(DATE_FORMATTER);
+
+            status.setCheckDate(tomorrow);
+            status.setTableName(tableName);
+            status.setExists(isTableExists(tableName));
+
+            if (!status.isExists()) {
+                // 如果不存在，尝试创建
+                boolean created = createDailyPartitionTable(tomorrow);
+                status.setCreated(created);
+                status.setMessage(created ? "分区表创建成功" : "分区表创建失败");
+            } else {
+                status.setCreated(false);
+                status.setMessage("分区表已存在");
+            }
+
+            logger.info("第二天分区表检查完成: {}", status);
+
+        } catch (Exception e) {
+            status.setExists(false);
+            status.setCreated(false);
+            status.setMessage("检查过程中发生错误: " + e.getMessage());
+            logger.error("检查第二天分区表失败: {}", e.getMessage(), e);
+        }
+
+        return status;
+    }
+    /**
+     * 获取分区表统计信息
+     */
+    public Map<String, Object> getPartitionTableStats() {
+        Map<String, Object> stats = new HashMap<>();
+
+        try {
+            // 统计总分区表数量
+            String countSql = "SELECT COUNT(*) FROM information_schema.tables " +
+                    "WHERE table_schema = 'public' AND table_name LIKE 'syslog_normal_data_%'";
+            Integer totalCount = jdbcTemplate.queryForObject(countSql, Integer.class);
+            stats.put("totalPartitionTables", totalCount != null ? totalCount : 0);
+
+            // 获取最近创建的分区表
+            String recentSql = "SELECT table_name FROM information_schema.tables " +
+                    "WHERE table_schema = 'public' AND table_name LIKE 'syslog_normal_data_%' " +
+                    "ORDER BY table_name DESC LIMIT 5";
+            List<String> recentTables = jdbcTemplate.queryForList(recentSql, String.class);
+            stats.put("recentTables", recentTables);
+
+            // 检查明天分区表状态
+            PartitionTableStatus tomorrowStatus = checkTomorrowPartitionTable();
+            stats.put("tomorrowStatus", tomorrowStatus);
+
+        } catch (Exception e) {
+            logger.error("获取分区表统计信息失败: {}", e.getMessage());
+            stats.put("error", e.getMessage());
+        }
+
+        return stats;
+    }
+    /**
+     * 检查未来多天的分区表状态
+     */
+    public List<PartitionTableStatus> checkFuturePartitionTables(int days) {
+        List<PartitionTableStatus> statusList = new ArrayList<>();
+
+        for (int i = 1; i <= days; i++) {
+            LocalDate checkDate = LocalDate.now().plusDays(i);
+            String tableName = "syslog_normal_data_" + checkDate.format(DATE_FORMATTER);
+
+            PartitionTableStatus status = new PartitionTableStatus();
+            status.setCheckDate(checkDate);
+            status.setTableName(tableName);
+            status.setExists(isTableExists(tableName));
+            status.setMessage(status.isExists() ? "已存在" : "未创建");
+
+            statusList.add(status);
+        }
+
+        return statusList;
+    }
+    /**
+     * 创建下个月的分区表
+     */
+    public void createNextMonthPartitionTable() {
+        try {
+            // 获取下个月的第一天
+            LocalDate nextMonthFirstDay = LocalDate.now()
+                    .plusMonths(1)
+                    .with(TemporalAdjusters.firstDayOfMonth());
+
+            // 创建下个月每天的分区表
+            LocalDate currentDay = nextMonthFirstDay;
+            LocalDate nextMonthLastDay = nextMonthFirstDay.with(TemporalAdjusters.lastDayOfMonth());
+
+            while (!currentDay.isAfter(nextMonthLastDay)) {
+                createDailyPartitionTable(currentDay);
+                currentDay = currentDay.plusDays(1);
+            }
+
+            logger.info("成功创建下个月所有分区表");
+
+        } catch (Exception e) {
+            logger.error("创建分区表失败: {}", e.getMessage(), e);
+        }
+    }
+
+
+    /**
+     * 创建指定日期的分区表
+     */
+    public boolean createDailyPartitionTable(LocalDate date) {
+        try {
+            String tableName = "syslog_normal_data_" + date.format(DATE_FORMATTER);
+            String nextDay = date.plusDays(1).format(SQL_DATE_FORMATTER);
+            String currentDay = date.format(SQL_DATE_FORMATTER);
+
+            String sql = String.format(
+                    "CREATE TABLE IF NOT EXISTS %s PARTITION OF syslog_normal_data " +
+                            "FOR VALUES FROM ('%s') TO ('%s')",
+                    tableName, currentDay, nextDay
+            );
+
+            jdbcTemplate.execute(sql);
+            logger.info("成功创建分区表: {}", tableName);
+            return true;
+
+        } catch (Exception e) {
+            logger.error("创建分区表失败，日期: {}，错误: {}", date, e.getMessage());
+            return false;
+        }
+    }
+    /**
+     * 检查表是否存在
+     */
+    public boolean isTableExists(String tableName) {
+        try {
+            String sql = "SELECT EXISTS (SELECT FROM information_schema.tables WHERE table_schema = 'public' AND table_name = ?)";
+            return jdbcTemplate.queryForObject(sql, Boolean.class, tableName);
+        } catch (Exception e) {
+            logger.error("检查表是否存在失败: {}", e.getMessage());
+            return false;
+        }
+    }
+
+    /**
+     * 获取下个月需要创建的分区表数量
+     */
+    public int getNextMonthPartitionCount() {
+        LocalDate nextMonthFirstDay = LocalDate.now()
+                .plusMonths(1)
+                .with(TemporalAdjusters.firstDayOfMonth());
+        LocalDate nextMonthLastDay = nextMonthFirstDay.with(TemporalAdjusters.lastDayOfMonth());
+        return nextMonthLastDay.getDayOfMonth();
+    }
+
+    /**
+     * 分区表状态类
+     */
+    public static class PartitionTableStatus {
+        private LocalDate checkDate;
+        private String tableName;
+        private boolean exists;
+        private boolean created;
+        private String message;
+
+        // Getter and Setter 方法
+        public LocalDate getCheckDate() { return checkDate; }
+        public void setCheckDate(LocalDate checkDate) { this.checkDate = checkDate; }
+
+        public String getTableName() { return tableName; }
+        public void setTableName(String tableName) { this.tableName = tableName; }
+
+        public boolean isExists() { return exists; }
+        public void setExists(boolean exists) { this.exists = exists; }
+
+        public boolean isCreated() { return created; }
+        public void setCreated(boolean created) { this.created = created; }
+
+        public String getMessage() { return message; }
+        public void setMessage(String message) { this.message = message; }
+
+        public String getDisplayDate() {
+            return checkDate != null ? checkDate.format(DISPLAY_FORMATTER) : "";
+        }
+
+        @Override
+        public String toString() {
+            return String.format("PartitionTableStatus{date=%s, table=%s, exists=%s, created=%s, message='%s'}",
+                    getDisplayDate(), tableName, exists, created, message);
+        }
+    }
+}
\ No newline at end of file
diff --git a/haobang-security-xdr/syslog-consumer/src/main/java/com/common/service/SyslogNonNormalMessageService.java b/haobang-security-xdr/syslog-consumer/src/main/java/com/common/service/SyslogNonNormalMessageService.java
new file mode 100644
index 0000000..fd02737
--- /dev/null
+++ b/haobang-security-xdr/syslog-consumer/src/main/java/com/common/service/SyslogNonNormalMessageService.java
@@ -0,0 +1,82 @@
+package com.common.service;
+
+
+import com.baomidou.mybatisplus.extension.service.IService;
+import com.common.entity.SyslogNonNormalMessage;
+
+import java.time.LocalDateTime;
+import java.util.List;
+
+/**
+ * 非标日志服务接口
+ */
+public interface SyslogNonNormalMessageService extends IService<SyslogNonNormalMessage> {
+
+    /**
+     * 保存非标日志
+     * @param message 日志对象
+     * @return 是否成功
+     */
+    boolean saveMessage(SyslogNonNormalMessage message);
+
+    /**
+     * 批量保存非标日志
+     * @param messages 日志列表
+     * @return 插入数量
+     */
+    int saveBatchMessages(List<SyslogNonNormalMessage> messages);
+
+    /**
+     * 更新非标日志
+     * @param message 日志对象
+     * @return 是否成功
+     */
+    boolean updateMessage(SyslogNonNormalMessage message);
+
+    /**
+     * 逻辑删除非标日志
+     * @param id 日志ID
+     * @return 是否成功
+     */
+    boolean deleteMessage(String id);
+
+    /**
+     * 根据ID查询非标日志
+     * @param id 日志ID
+     * @return 日志对象
+     */
+    SyslogNonNormalMessage getMessageById(String id);
+
+    /**
+     * 根据条件查询非标日志
+     * @param deviceId 设备ID
+     * @param startTime 开始时间
+     * @param endTime 结束时间
+     * @param ruleResult 规则结果
+     * @return 日志列表
+     */
+    List<SyslogNonNormalMessage> queryMessages(Integer deviceId, LocalDateTime startTime,
+                                               LocalDateTime endTime, String ruleResult);
+
+
+    /**
+     * 根据ID和创建时间批量查询非标日志
+     */
+    List<SyslogNonNormalMessage> getMessagesByIdsAndCreatedAts(
+                 List<String> ids,   List<String> createdAts);
+
+    /**
+     * 根据ID列表批量查询非标日志
+     */
+    List<SyslogNonNormalMessage> getMessagesByIds(List<String> ids);
+
+    /**
+     * 批量更新del_flag字段
+     */
+    int updateBatchDelFlag(List<SyslogNonNormalMessage> messages);
+
+    /**
+     * 批量更新记录
+     */
+    int updateBatch(List<SyslogNonNormalMessage> messages);
+}
\ No newline at end of file
diff --git a/haobang-security-xdr/syslog-consumer/src/main/java/com/common/service/SyslogNormalDataService.java b/haobang-security-xdr/syslog-consumer/src/main/java/com/common/service/SyslogNormalDataService.java
new file mode 100644
index 0000000..40e9847
--- /dev/null
+++ b/haobang-security-xdr/syslog-consumer/src/main/java/com/common/service/SyslogNormalDataService.java
@@ -0,0 +1,132 @@
+package com.common.service;
+
+import com.common.entity.SyslogNormalData;
+import com.common.mapper.SyslogNormalDataMapper;
+import com.common.mapper.SyslogNormalAlarmMapper;
+
+import com.influx.SyslogToInfluxApp;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.stereotype.Service;
+import org.springframework.transaction.annotation.Transactional;
+import java.net.InetAddress;
+import java.net.UnknownHostException;
+
+import java.util.List;
+import java.util.Map;
+
+@Service
+public class SyslogNormalDataService {
+    private static final Logger logger = LoggerFactory.getLogger(SyslogNormalDataService.class);
+    @Autowired
+    private SyslogNormalDataMapper syslogNormalDataMapper;
+    @Autowired
+    private SyslogNormalAlarmMapper syslogNormalAlarmMapper;
+
+
+    /**
+     * 动态插入单条数据 - Map方式
+     */
+    @Transactional
+    public int insertDynamic(Map<String, Object> dataMap) {
+        // 设置必要字段的默认值
+        if (!dataMap.containsKey("created_at")) {
+            dataMap.put("created_at", new java.util.Date());
+        }
+        if (!dataMap.containsKey("log_time")) {
+            dataMap.put("log_time", new java.util.Date());
+        }
+        if (dataMap.containsKey("tc_hostip")) {
+            if(!isValidIP(dataMap.get("tc_hostip").toString()))
+            {
+                String hostip=dataMap.get("tc_hostip").toString();
+                logger.error("tc_hostip 字段非IP类型，值为：{}，将赋值为null",hostip);
+                dataMap.remove("tc_hostip");
+
+            }
+        }
+        //判断是否包含event_level (事件级别）,区分告警日志和访问日志，分别进入不同的标准化数据表
+        if (dataMap != null && dataMap.get("event_level") != null) {
+            return syslogNormalAlarmMapper.insertDynamic(dataMap);
+        }
+        else
+            return syslogNormalDataMapper.insertDynamic(dataMap);
+    }
+
+    /**
+     * 插入单条数据 - 实体类方式
+     */
+    @Transactional
+    public int insertByEntity(SyslogNormalData entity) {
+        // 设置必要字段的默认值
+        if (entity.getCreatedAt() == null) {
+            entity.setCreatedAt(java.time.LocalDateTime.now());
+        }
+        if (entity.getLogTime() == null) {
+            entity.setLogTime(java.time.LocalDateTime.now());
+        }
+        return syslogNormalDataMapper.insertByEntity(entity);
+    }
+
+    /**
+     * 批量插入数据
+     */
+    @Transactional
+    public int batchInsert(List<Map<String, Object>> dataList) {
+        if (dataList == null || dataList.isEmpty()) {
+            return 0;
+        }
+
+        // 为每条数据设置必要字段的默认值
+        for (Map<String, Object> data : dataList) {
+            if (!data.containsKey("created_at")) {
+                data.put("created_at", new java.util.Date());
+            }
+            if (!data.containsKey("log_time")) {
+                data.put("log_time", new java.util.Date());
+            }
+        }
+        return syslogNormalDataMapper.batchInsert(dataList);
+    }
+
+    /**
+     * 转换实体类为Map
+     */
+    public Map<String, Object> convertEntityToMap(SyslogNormalData entity) {
+        // 使用反射或对象映射工具将实体类转换为Map
+        // 这里可以使用 Jackson 的 ObjectMapper 或 Spring 的 BeanUtils
+        org.springframework.beans.BeanWrapper wrapper = new org.springframework.beans.BeanWrapperImpl(entity);
+        java.util.Map<String, Object> result = new java.util.HashMap<>();
+
+        for (java.beans.PropertyDescriptor pd : wrapper.getPropertyDescriptors()) {
+            String propertyName = pd.getName();
+            if (!"class".equals(propertyName)) {
+                Object value = wrapper.getPropertyValue(propertyName);
+                if (value != null) {
+                    // 将驼峰命名转换为下划线命名
+                    String columnName = camelToSnake(propertyName);
+                    result.put(columnName, value);
+                }
+            }
+        }
+
+        return result;
+    }
+    // 字符串是否为IP
+    public static boolean isValidIP(String ipString) {
+        try {
+            InetAddress.getByName(ipString);
+            // 额外检查：确保不是域名（简单检查）
+            return ipString.matches(".*\\d+\\..*");
+        } catch (UnknownHostException e) {
+            return false;
+        }
+    }
+    /**
+     * 驼峰命名转下划线命名
+     */
+    private String camelToSnake(String str) {
+        return str.replaceAll("([a-z])([A-Z])", "$1_$2").toLowerCase();
+    }
+}
\ No newline at end of file
diff --git a/haobang-security-xdr/syslog-consumer/src/main/java/com/common/service/SyslogService.java b/haobang-security-xdr/syslog-consumer/src/main/java/com/common/service/SyslogService.java
new file mode 100644
index 0000000..4f6b7f2
--- /dev/null
+++ b/haobang-security-xdr/syslog-consumer/src/main/java/com/common/service/SyslogService.java
@@ -0,0 +1,183 @@
+package com.common.service;
+
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.springframework.stereotype.Service;
+
+import java.io.IOException;
+import java.net.DatagramPacket;
+import java.net.DatagramSocket;
+import java.net.InetAddress;
+import java.net.SocketException;
+import java.text.SimpleDateFormat;
+import java.util.Date;
+import com.common.entity.*;
+import java.io.IOException;
+import java.io.OutputStream;
+import java.net.Socket;
+import java.net.UnknownHostException;
+
+@Service
+public class SyslogService {
+
+    private static final Logger logger = LoggerFactory.getLogger(SyslogService.class);
+
+    /**
+     * 发送syslog消息
+     */
+    public boolean sendSyslogMessage(SyslogRequest request) {
+        logger.info("开始发送syslog消息: IP={}, Port={}", request.getIp(), request.getPort());
+
+        try {
+            //String syslogMessage = formatSyslogMessage(request);
+            String syslogMessage =request.getLogContent();
+                    logger.debug("传入的syslog消息: {}", syslogMessage);
+
+            if ("UDP".equalsIgnoreCase(request.getProtocol())) {
+                return sendUdpSyslog(request.getIp(), request.getPort(), syslogMessage);
+            } else {
+                return sendTcpSyslog(request.getIp(), request.getPort(), syslogMessage);
+            }
+
+        } catch (Exception e) {
+            logger.error("发送syslog消息失败", e);
+            return false;
+        }
+    }
+
+    /**
+     * 格式化syslog消息
+     */
+    private String formatSyslogMessage(SyslogRequest request) {
+        // 计算PRI值 (Facility * 8 + Severity)
+        int pri = calculatePri(request.getFacility(), request.getSeverity());
+
+        // 时间戳
+        String timestamp = new SimpleDateFormat("MMM dd HH:mm:ss").format(new Date());
+
+        // 主机名
+        String hostname = "myapp";
+
+        // 构建syslog消息
+        return String.format("<%d>%s %s %s", pri, timestamp, hostname, request.getLogContent());
+    }
+
+    /**
+     * 计算PRI值
+     */
+    private int calculatePri(String facility, String severity) {
+        int facilityValue = getFacilityValue(facility);
+        int severityValue = getSeverityValue(severity);
+        return facilityValue * 8 + severityValue;
+    }
+
+    private int getFacilityValue(String facility) {
+        switch (facility.toUpperCase()) {
+            case "KERN": return 0;
+            case "USER": return 1;
+            case "MAIL": return 2;
+            case "DAEMON": return 3;
+            case "AUTH": return 4;
+            case "SYSLOG": return 5;
+            case "LPR": return 6;
+            case "NEWS": return 7;
+            case "UUCP": return 8;
+            case "CRON": return 9;
+            case "AUTHPRIV": return 10;
+            case "FTP": return 11;
+            case "LOCAL0": return 16;
+            case "LOCAL1": return 17;
+            case "LOCAL2": return 18;
+            case "LOCAL3": return 19;
+            case "LOCAL4": return 20;
+            case "LOCAL5": return 21;
+            case "LOCAL6": return 22;
+            case "LOCAL7": return 23;
+            default: return 1; // 默认USER
+        }
+    }
+
+    private int getSeverityValue(String severity) {
+        switch (severity.toUpperCase()) {
+            case "EMERG": return 0;
+            case "ALERT": return 1;
+            case "CRIT": return 2;
+            case "ERR": return 3;
+            case "WARNING": return 4;
+            case "NOTICE": return 5;
+            case "INFO": return 6;
+            case "DEBUG": return 7;
+            default: return 6; // 默认INFO
+        }
+    }
+
+    /**
+     * 通过UDP发送syslog消息
+     */
+    private boolean sendUdpSyslog(String ip, int port, String message) {
+        try (DatagramSocket socket = new DatagramSocket()) {
+            InetAddress address = InetAddress.getByName(ip);
+            byte[] buffer = message.getBytes();
+            DatagramPacket packet = new DatagramPacket(buffer, buffer.length, address, port);
+            socket.send(packet);
+            logger.info("Syslog消息发送成功");
+            return true;
+        } catch (SocketException e) {
+            logger.error("创建Socket失败", e);
+            return false;
+        } catch (IOException e) {
+            logger.error("发送数据失败", e);
+            return false;
+        }
+    }
+
+    /**
+     * 通过TCP发送syslog消息
+     */
+    private boolean sendTcpSyslog(String ip, int port, String message) {
+        Socket socket = null;
+        OutputStream outputStream = null;
+
+        try {
+            // 创建TCP socket连接
+            socket = new Socket(ip, port);
+
+            // 设置连接超时和读取超时（可选）
+            socket.setSoTimeout(5000); // 5秒超时
+
+            // 获取输出流
+            outputStream = socket.getOutputStream();
+
+            // 发送消息，TCP通常需要以换行符结束
+            byte[] buffer = (message + "\n").getBytes();
+            outputStream.write(buffer);
+            outputStream.flush(); // 确保数据发送
+
+            logger.info("TCP Syslog消息发送成功: {}:{}", ip, port);
+            return true;
+
+        } catch (UnknownHostException e) {
+            logger.error("无法解析主机地址: {}", ip, e);
+            return false;
+        } catch (IOException e) {
+            logger.error("TCP连接或发送数据失败: {}:{}", ip, port, e);
+            return false;
+        } finally {
+            // 关闭资源
+            if (outputStream != null) {
+                try {
+                    outputStream.close();
+                } catch (IOException e) {
+                    logger.warn("关闭输出流时发生异常", e);
+                }
+            }
+            if (socket != null) {
+                try {
+                    socket.close();
+                } catch (IOException e) {
+                    logger.warn("关闭socket时发生异常", e);
+                }
+            }
+        }
+    }
+}
\ No newline at end of file
diff --git a/haobang-security-xdr/syslog-consumer/src/main/java/com/common/service/impl/DeviceReceiveLogServiceImpl.java b/haobang-security-xdr/syslog-consumer/src/main/java/com/common/service/impl/DeviceReceiveLogServiceImpl.java
new file mode 100644
index 0000000..304c3e6
--- /dev/null
+++ b/haobang-security-xdr/syslog-consumer/src/main/java/com/common/service/impl/DeviceReceiveLogServiceImpl.java
@@ -0,0 +1,161 @@
+package com.common.service.impl;
+
+
+import com.common.entity.DeviceReceiveLog;
+import com.common.mapper.DeviceReceiveLogMapper;
+import com.common.service.DeviceReceiveLogService;
+import com.github.pagehelper.PageHelper;
+import com.github.pagehelper.PageInfo;
+import lombok.RequiredArgsConstructor;
+import lombok.extern.slf4j.Slf4j;
+import org.springframework.stereotype.Service;
+import org.springframework.transaction.annotation.Transactional;
+
+import java.time.LocalDateTime;
+import java.util.List;
+import java.util.Map;
+
+@Slf4j
+@Service
+@RequiredArgsConstructor
+public class DeviceReceiveLogServiceImpl implements DeviceReceiveLogService {
+
+    private final DeviceReceiveLogMapper deviceReceiveLogMapper;
+
+    @Override
+    @Transactional(rollbackFor = Exception.class)
+    public Long insertLog(DeviceReceiveLog log) {
+        // 设置默认时间
+        if (log.getCreatedAt() == null) {
+            log.setCreatedAt(LocalDateTime.now());
+        }
+
+        if (log.getReceiveTimeStr() == null && log.getReceiveTime() != null) {
+            log.setReceiveTimeStr(log.getReceiveTime().toString());
+        }
+
+        deviceReceiveLogMapper.insert(log);
+       // log.info("插入设备接收日志成功，ID: {}", log.getId());
+        return log.getId();
+    }
+
+    @Override
+    @Transactional(rollbackFor = Exception.class)
+    public int batchInsertLogs(List<DeviceReceiveLog> logs) {
+        if (logs == null || logs.isEmpty()) {
+            return 0;
+        }
+
+        // 批量处理，每1000条提交一次
+        int batchSize = 1000;
+        int totalInserted = 0;
+
+        for (int i = 0; i < logs.size(); i += batchSize) {
+            int end = Math.min(i + batchSize, logs.size());
+            List<DeviceReceiveLog> batchList = logs.subList(i, end);
+
+            // 设置默认值
+            batchList.forEach(log -> {
+                if (log.getCreatedAt() == null) {
+                    log.setCreatedAt(LocalDateTime.now());
+                }
+                if (log.getReceiveTimeStr() == null && log.getReceiveTime() != null) {
+                    log.setReceiveTimeStr(log.getReceiveTime().toString());
+                }
+            });
+
+            int inserted = deviceReceiveLogMapper.batchInsert(batchList);
+            totalInserted += inserted;
+            log.info("批量插入进度: {}/{}", end, logs.size());
+        }
+
+        return totalInserted;
+    }
+
+    @Override
+    public DeviceReceiveLog getById(Long id) {
+        return deviceReceiveLogMapper.selectById(id);
+    }
+
+    @Override
+    public List<DeviceReceiveLog> getByDeviceId(Integer deviceId) {
+        return deviceReceiveLogMapper.selectByDeviceId(deviceId);
+    }
+
+    @Override
+    public List<DeviceReceiveLog> getByCollectId(Integer collectId) {
+        return deviceReceiveLogMapper.selectByCollectId(collectId);
+    }
+
+    @Override
+    public List<DeviceReceiveLog> getByTimeRange(LocalDateTime startTime, LocalDateTime endTime) {
+        if (startTime == null || endTime == null) {
+            throw new IllegalArgumentException("时间范围不能为空");
+        }
+        if (startTime.isAfter(endTime)) {
+            throw new IllegalArgumentException("开始时间不能晚于结束时间");
+        }
+        return deviceReceiveLogMapper.selectByTimeRange(startTime, endTime);
+    }
+
+    @Override
+    public List<DeviceReceiveLog> getByCondition(DeviceReceiveLog condition) {
+        return deviceReceiveLogMapper.selectByCondition(condition);
+    }
+
+    @Override
+    public PageInfo<DeviceReceiveLog> getByConditionPage(DeviceReceiveLog condition, Integer pageNum, Integer pageSize) {
+        if (pageNum == null || pageNum < 1) {
+            pageNum = 1;
+        }
+        if (pageSize == null || pageSize < 1) {
+            pageSize = 10;
+        }
+
+        PageHelper.startPage(pageNum, pageSize);
+        List<DeviceReceiveLog> list = deviceReceiveLogMapper.selectByCondition(condition);
+        return new PageInfo<>(list);
+    }
+
+    @Override
+    public Long countByCondition(DeviceReceiveLog condition) {
+        return deviceReceiveLogMapper.countByCondition(condition);
+    }
+
+    @Override
+    public List<Map<String, Object>> getDeviceLogStatistics() {
+        return deviceReceiveLogMapper.countByDeviceGroup();
+    }
+
+    @Override
+    @Transactional(rollbackFor = Exception.class)
+    public int deleteOldLogs(LocalDateTime beforeTime) {
+        if (beforeTime == null) {
+            throw new IllegalArgumentException("删除时间点不能为空");
+        }
+
+
+        LocalDateTime endTime = LocalDateTime.now().minusDays(7); // 默认保留7天
+        if (beforeTime.isAfter(endTime)) {
+            log.warn("删除时间点{}晚于默认保留时间{}，使用默认时间", beforeTime, endTime);
+            beforeTime = endTime;
+        }
+
+
+        int deleted = deviceReceiveLogMapper.deleteByTimeRange(
+                LocalDateTime.of(2025, 11, 1, 0, 0,0) , // 默认2025年11月
+                beforeTime
+        );
+
+        log.info("删除{}天前的日志，共删除{}条", beforeTime, deleted);
+        return deleted;
+    }
+
+    @Override
+    public List<DeviceReceiveLog> getRecentLogs(Integer limit) {
+        if (limit == null || limit < 1) {
+            limit = 50; // 默认返回50条
+        }
+        return deviceReceiveLogMapper.selectRecent(limit);
+    }
+}
\ No newline at end of file
diff --git a/haobang-security-xdr/syslog-consumer/src/main/java/com/common/service/impl/DmColumnServiceImpl.java b/haobang-security-xdr/syslog-consumer/src/main/java/com/common/service/impl/DmColumnServiceImpl.java
new file mode 100644
index 0000000..8f80d4c
--- /dev/null
+++ b/haobang-security-xdr/syslog-consumer/src/main/java/com/common/service/impl/DmColumnServiceImpl.java
@@ -0,0 +1,94 @@
+package com.common.service.impl;
+
+
+import com.common.entity.DmColumn;
+import com.common.mapper.DmColumnMapper;
+import com.common.mapper.DmNormalizeRuleMapper;
+import com.common.service.DmColumnService;
+import com.common.service.DmNormalizeRuleService;
+import com.common.util.MyBatisUtil;
+import org.apache.ibatis.session.SqlSession;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.stereotype.Service;
+//import org.springframework.transaction.annotation.Transactional;
+
+import java.util.List;
+import java.util.Map;
+
+@Service
+public class DmColumnServiceImpl implements DmColumnService {
+    private static final Logger logger = LoggerFactory.getLogger(DmColumnServiceImpl.class);
+
+    @Autowired
+    private DmColumnMapper dmColumnMapper;
+
+    @Override
+    public List<DmColumn> findAll() {
+        return dmColumnMapper.findAll();
+    }
+
+    @Override
+    public DmColumn findById(Long id) {
+
+        try (SqlSession sqlSession = MyBatisUtil.getSqlSession()) {
+            logger.info(" begin DmColumnServiceImpl->findById" );
+            dmColumnMapper = sqlSession.getMapper(DmColumnMapper.class);
+            return dmColumnMapper.findById(id);
+        } catch (Exception e) {
+            logger.error("DmColumnServiceImpl findById MyBatisUtil getSqlSession 异常", e);
+        }
+        logger.error("DmColumn  is null" );
+        return null;
+
+
+    }
+    @Override
+    public DmColumn findByDmColumnId(Long id) {
+        return dmColumnMapper.findById(id);
+    }
+    @Override
+    public DmColumn findByName(String name) {
+        return dmColumnMapper.findByName(name);
+    }
+
+    @Override
+    public List<DmColumn> findByDisplayName(String displayName) {
+        return dmColumnMapper.findByDisplayName(displayName);
+    }
+
+    @Override
+    public List<DmColumn> findByIsBuiltIn(Boolean isBuiltIn) {
+        return dmColumnMapper.findByIsBuiltIn(isBuiltIn);
+    }
+
+    @Override
+    //@Transactional
+    public int insert(DmColumn dmColumn) {
+        return dmColumnMapper.insert(dmColumn);
+    }
+
+    @Override
+    //@Transactional
+    public int batchInsert(List<DmColumn> dmColumns) {
+        return dmColumnMapper.batchInsert(dmColumns);
+    }
+
+    @Override
+    public List<DmColumn> findByCondition(DmColumn condition) {
+        return dmColumnMapper.findByCondition(condition);
+    }
+
+    @Override
+    public Long count() {
+        return dmColumnMapper.count();
+    }
+
+    @Override
+    public List<Map<String, Object>> selectAllNormal()
+    {
+        return dmColumnMapper.selectAllNormal();
+    }
+
+}
\ No newline at end of file
diff --git a/haobang-security-xdr/syslog-consumer/src/main/java/com/common/service/impl/SyslogNonNormalMessageServiceImpl.java b/haobang-security-xdr/syslog-consumer/src/main/java/com/common/service/impl/SyslogNonNormalMessageServiceImpl.java
new file mode 100644
index 0000000..0922b31
--- /dev/null
+++ b/haobang-security-xdr/syslog-consumer/src/main/java/com/common/service/impl/SyslogNonNormalMessageServiceImpl.java
@@ -0,0 +1,219 @@
+package com.common.service.impl;
+
+
+
+import com.baomidou.mybatisplus.core.conditions.query.LambdaQueryWrapper;
+import com.baomidou.mybatisplus.extension.service.impl.ServiceImpl;
+import com.common.entity.SyslogNonNormalMessage;
+import com.common.mapper.SyslogNonNormalMessageMapper;
+import com.common.service.SyslogNonNormalMessageService;
+import lombok.extern.slf4j.Slf4j;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.stereotype.Service;
+import org.springframework.transaction.annotation.Transactional;
+
+import java.time.LocalDateTime;
+import java.time.OffsetDateTime;
+import java.time.ZoneOffset;
+import java.util.List;
+import java.util.UUID;
+
+/**
+ * 非标日志服务实现类
+ */
+@Slf4j
+@Service
+public class SyslogNonNormalMessageServiceImpl
+        extends ServiceImpl<SyslogNonNormalMessageMapper, SyslogNonNormalMessage>
+        implements SyslogNonNormalMessageService {
+
+    @Autowired
+    private SyslogNonNormalMessageMapper messageMapper;
+
+    @Override
+    @Transactional(rollbackFor = Exception.class)
+    public boolean saveMessage(SyslogNonNormalMessage message) {
+        try {
+            // 设置ID（如果未提供）
+            if (message.getId() == null || message.getId().isEmpty()) {
+                message.setId(generateMessageId());
+            }
+
+            // 设置默认值
+            if (message.getCreatedAt() == null) {
+                // 设置为当前UTC时间
+                message.setCreatedAt(OffsetDateTime.now(ZoneOffset.UTC));
+            }
+
+            if (message.getCreateTime() == null) {
+                message.setCreateTime(LocalDateTime.now());
+            }
+
+            if (message.getUpdateTime() == null) {
+                message.setUpdateTime(LocalDateTime.now());
+            }
+
+            if (message.getDelFlag() == null || message.getDelFlag().isEmpty()) {
+                message.setDelFlag("0");
+            }
+
+            if (message.getRuleResult() == null || message.getRuleResult().isEmpty()) {
+                message.setRuleResult("FAIL");
+            }
+
+            if (message.getTenantId() == null || message.getTenantId().isEmpty()) {
+                message.setTenantId("000000");
+            }
+
+            // 执行插入
+            return this.save(message);
+        } catch (Exception e) {
+            log.error("保存非标日志失败: {}", e.getMessage(), e);
+            throw new RuntimeException("保存非标日志失败", e);
+        }
+    }
+
+    @Override
+    @Transactional(rollbackFor = Exception.class)
+    public int saveBatchMessages(List<SyslogNonNormalMessage> messages) {
+        if (messages == null || messages.isEmpty()) {
+            return 0;
+        }
+
+        try {
+            // 为每条记录设置默认值
+            for (SyslogNonNormalMessage message : messages) {
+                if (message.getId() == null || message.getId().isEmpty()) {
+                    message.setId(generateMessageId());
+                }
+
+                if (message.getCreatedAt() == null) {
+                    message.setCreatedAt(OffsetDateTime.now(ZoneOffset.UTC));
+                }
+
+                if (message.getCreateTime() == null) {
+                    message.setCreateTime(LocalDateTime.now());
+                }
+
+                if (message.getUpdateTime() == null) {
+                    message.setUpdateTime(LocalDateTime.now());
+                }
+
+                if (message.getDelFlag() == null || message.getDelFlag().isEmpty()) {
+                    message.setDelFlag("0");
+                }
+
+                if (message.getRuleResult() == null || message.getRuleResult().isEmpty()) {
+                    message.setRuleResult("FAIL");
+                }
+
+                if (message.getTenantId() == null || message.getTenantId().isEmpty()) {
+                    message.setTenantId("000000");
+                }
+            }
+
+            // 批量插入
+            return messageMapper.batchInsert(messages);
+        } catch (Exception e) {
+            log.error("批量保存非标日志失败: {}", e.getMessage(), e);
+            throw new RuntimeException("批量保存非标日志失败", e);
+        }
+    }
+
+    @Override
+    @Transactional(rollbackFor = Exception.class)
+    public boolean updateMessage(SyslogNonNormalMessage message) {
+        try {
+            // 设置更新时间
+            message.setUpdateTime(LocalDateTime.now());
+
+            // 构建更新条件
+            LambdaQueryWrapper<SyslogNonNormalMessage> wrapper = new LambdaQueryWrapper<>();
+            wrapper.eq(SyslogNonNormalMessage::getId, message.getId())
+                    .eq(SyslogNonNormalMessage::getDelFlag, "0");
+
+            return this.update(message, wrapper);
+        } catch (Exception e) {
+            log.error("更新非标日志失败: {}", e.getMessage(), e);
+            throw new RuntimeException("更新非标日志失败", e);
+        }
+    }
+
+    @Override
+    @Transactional(rollbackFor = Exception.class)
+    public boolean deleteMessage(String id) {
+        try {
+            // 逻辑删除，设置del_flag为1
+            return messageMapper.logicalDelete(id) > 0;
+        } catch (Exception e) {
+            log.error("删除非标日志失败: {}", e.getMessage(), e);
+            throw new RuntimeException("删除非标日志失败", e);
+        }
+    }
+
+    @Override
+    public SyslogNonNormalMessage getMessageById(String id) {
+        try {
+            LambdaQueryWrapper<SyslogNonNormalMessage> wrapper = new LambdaQueryWrapper<>();
+            wrapper.eq(SyslogNonNormalMessage::getId, id)
+                    .eq(SyslogNonNormalMessage::getDelFlag, "0");
+
+            return this.getOne(wrapper);
+        } catch (Exception e) {
+            log.error("查询非标日志失败: {}", e.getMessage(), e);
+            throw new RuntimeException("查询非标日志失败", e);
+        }
+    }
+
+    @Override
+    public List<SyslogNonNormalMessage> queryMessages(Integer deviceId, LocalDateTime startTime,
+                                                      LocalDateTime endTime, String ruleResult) {
+        try {
+            return messageMapper.findByTimeRange(startTime, endTime);
+        } catch (Exception e) {
+            log.error("查询非标日志失败: {}", e.getMessage(), e);
+            throw new RuntimeException("查询非标日志失败", e);
+        }
+    }
+    /**
+     * 根据ID和创建时间批量查询非标日志
+     */
+    @Override
+    public List<SyslogNonNormalMessage> getMessagesByIdsAndCreatedAts(
+            List<String> ids, List<String> createdAts) {
+        return messageMapper.getMessagesByIdsAndCreatedAts(ids, createdAts);
+    }
+
+    /**
+     * 根据ID列表批量查询非标日志
+     */
+    @Override
+    public List<SyslogNonNormalMessage> getMessagesByIds(List<String> ids) {
+        return messageMapper.getMessagesByIds(ids);
+    }
+
+    /**
+     * 批量更新del_flag字段
+     */
+    @Override
+    @Transactional(rollbackFor = Exception.class)
+    public int updateBatchDelFlag(List<SyslogNonNormalMessage> messages) {
+        return messageMapper.updateBatchDelFlag(messages);
+    }
+
+    /**
+     * 批量更新记录
+     */
+    @Override
+    @Transactional(rollbackFor = Exception.class)
+    public int updateBatch(List<SyslogNonNormalMessage> messages) {
+        return messageMapper.updateBatch(messages);
+    }
+    /**
+     * 生成消息ID
+     */
+    private String generateMessageId() {
+        // 使用UUID生成唯一ID
+        return   UUID.randomUUID().toString().replace("-", "").substring(0, 20);
+    }
+}
\ No newline at end of file
diff --git a/haobang-security-xdr/syslog-consumer/src/main/java/com/common/util/AlgorithmResultParser.java b/haobang-security-xdr/syslog-consumer/src/main/java/com/common/util/AlgorithmResultParser.java
new file mode 100644
index 0000000..4436d14
--- /dev/null
+++ b/haobang-security-xdr/syslog-consumer/src/main/java/com/common/util/AlgorithmResultParser.java
@@ -0,0 +1,323 @@
+package com.common.util;
+
+
+
+import com.alibaba.fastjson.JSON;
+import com.alibaba.fastjson.JSONArray;
+import com.alibaba.fastjson.JSONObject;
+import com.common.entity.SyslogNormalData;
+import lombok.extern.slf4j.Slf4j;
+import org.springframework.stereotype.Component;
+
+import java.time.LocalDateTime;
+import java.time.format.DateTimeFormatter;
+import java.util.ArrayList;
+import java.util.List;
+import java.util.UUID;
+
+@Slf4j
+@Component
+public class AlgorithmResultParser {
+
+    private static final DateTimeFormatter[] DATE_FORMATTERS = {
+            DateTimeFormatter.ofPattern("yyyy-MM-dd HH:mm:ss"),
+            DateTimeFormatter.ofPattern("yyyy/MM/dd HH:mm:ss"),
+            DateTimeFormatter.ofPattern("yyyy-MM-dd HH:mm:ss.SSS"),
+            DateTimeFormatter.ofPattern("yyyy-MM-dd'T'HH:mm:ss"),
+            DateTimeFormatter.ofPattern("yyyy-MM-dd'T'HH:mm:ss.SSS")
+    };
+
+    /**
+     * 构建示例JSON对应的newLogs
+     */
+    public List<SyslogNormalData> buildNewLogsFromExample() {
+        String exampleJson = "[\n" +
+                "    {\n" +
+                "        \"_index\": \"es:skyeye-weblog-2025.09.30\",\n" +
+                "        \"access_time\": \"2025-09-30 12:05:00\",\n" +
+                "        \"dip\": \"10.20.30.51\",\n" +
+                "        \"dname\": \"网页木马流量\",\n" +
+                "        \"dtype\": \"疑似木马活动\",\n" +
+                "        \"host\": \"\",\n" +
+                "        \"log_id\": \"hidden-002\",\n" +
+                "        \"origin_field\": \"匹配到文件名: shell.php:.jpg 与 匹配到恶意请求: exec=dir\",\n" +
+                "        \"reason\": \"源IP 203.0.113.51 访问 目的IP 10.20.30.51 异常，入度=0, 出度=0, 独立访客=1，匹配到文件名: shell.php:.jpg，匹配到恶意请求: exec=dir\",\n" +
+                "        \"referer\": \"\",\n" +
+                "        \"sip\": \"203.0.113.51\",\n" +
+                "        \"status_code\": 200,\n" +
+                "        \"url\": \"/admin/shell.php:.jpg\"\n" +
+                "    }\n" +
+                "]";
+
+        return parseJsonToLogs(exampleJson);
+    }
+
+    /**
+     * 解析JSON字符串为SyslogNormalData列表
+     */
+    public List<SyslogNormalData> parseJsonToLogs(String jsonStr) {
+        List<SyslogNormalData> logs = new ArrayList<>();
+
+        try {
+            JSONArray jsonArray = JSON.parseArray(jsonStr);
+
+            for (int i = 0; i < jsonArray.size(); i++) {
+                JSONObject jsonObj = jsonArray.getJSONObject(i);
+                SyslogNormalData logData = convertJsonObject(jsonObj);
+                if (logData != null) {
+                    logs.add(logData);
+                }
+            }
+
+            log.info("成功解析 {} 条日志数据", logs.size());
+
+        } catch (Exception e) {
+            log.error("解析JSON失败: {}", e.getMessage(), e);
+        }
+
+        return logs;
+    }
+
+    /**
+     * 转换单个JSON对象
+     */
+    private SyslogNormalData convertJsonObject(JSONObject jsonObj) {
+        try {
+            SyslogNormalData logData = new SyslogNormalData();
+
+            // 基础字段
+            logData.setId(getString(jsonObj, "log_id", UUID.randomUUID().toString()));
+            logData.setSyslogUuid(UUID.randomUUID().toString());
+            logData.setLogId(getString(jsonObj, "log_id"));
+
+            // 时间字段
+            LocalDateTime now = LocalDateTime.now();
+            logData.setCreatedAt(now);
+            logData.setEventDate(now);
+
+            String accessTime = getString(jsonObj, "access_time");
+            if (accessTime != null && !accessTime.isEmpty()) {
+                LocalDateTime logTime = parseDateTime(accessTime);
+                logData.setLogTime(logTime != null ? logTime : now);
+            } else {
+                logData.setLogTime(now);
+            }
+
+            // IP字段
+            logData.setSrcIp(getString(jsonObj, "sip"));
+            logData.setDestIp(getString(jsonObj, "dip"));
+            logData.setSrcIpStr(getString(jsonObj, "sip"));
+            logData.setDestIpStr(getString(jsonObj, "dip"));
+
+            // HTTP字段
+            logData.setHttpUrl(getString(jsonObj, "url"));
+            logData.setHttpHost(getString(jsonObj, "host"));
+            logData.setHttpReferer(getString(jsonObj, "referer"));
+            logData.setHttpStatusCode(getLong(jsonObj, "status_code", 200L));
+            logData.setHttpMethod("GET");
+
+            // 安全检测字段
+            logData.setAttackResult(1);
+            logData.setEventCategory(1);
+            logData.setEventType(1);
+            logData.setEventLevel(3);
+            logData.setEngineType(getString(jsonObj, "dtype"));
+            logData.setOriginRuleName(getString(jsonObj, "dname"));
+            logData.setOriginEventName(getString(jsonObj, "dname"));
+            logData.setDescription(getString(jsonObj, "reason"));
+            logData.setOriginAttackResult(getString(jsonObj, "origin_field"));
+
+            // 协议
+            logData.setProto("http");
+            logData.setSyslogTopic("algorithm_detection");
+
+            // 从origin_field提取额外信息
+            String originField = getString(jsonObj, "origin_field");
+            if (originField != null) {
+                extractAdditionalInfo(logData, originField);
+            }
+
+            // 设置索引信息
+            logData.setId(getString(jsonObj, "_index"));
+
+            return logData;
+
+        } catch (Exception e) {
+            log.error("转换JSON对象失败: {}", e.getMessage());
+            return null;
+        }
+    }
+
+    /**
+     * 从origin_field提取额外信息
+     */
+    private void extractAdditionalInfo(SyslogNormalData logData, String originField) {
+        // 提取文件名
+        if (originField.contains("文件名:")) {
+            String[] parts = originField.split("文件名:");
+            if (parts.length > 1) {
+                String fileInfo = parts[1].split("与")[0].trim();
+                logData.setFileName(fileInfo);
+                logData.setFileType(determineFileType(fileInfo));
+
+                if (fileInfo.toLowerCase().contains("shell")) {
+                    logData.setWebshellType("疑似Webshell");
+                    logData.setBackdoorType("网页后门");
+                }
+            }
+        }
+
+        // 提取恶意请求
+        if (originField.contains("恶意请求:")) {
+            String[] parts = originField.split("恶意请求:");
+            if (parts.length > 1) {
+                String maliciousRequest = parts[1].trim();
+                logData.setCmdline(maliciousRequest);
+                logData.setShellCmdline(maliciousRequest);
+                logData.setDetail(maliciousRequest);
+
+                // 检查是否是命令执行
+                if (maliciousRequest.contains("exec=") ||
+                        maliciousRequest.contains("cmd=") ||
+                        maliciousRequest.contains("system(")) {
+                    logData.setOriginAttackAction("命令执行");
+                }
+            }
+        }
+    }
+
+    /**
+     * 根据文件名确定文件类型
+     */
+    private String determineFileType(String fileName) {
+        if (fileName == null) return "";
+
+        fileName = fileName.toLowerCase();
+
+        if (fileName.endsWith(".php") || fileName.contains(".php:")) {
+            return "php";
+        } else if (fileName.endsWith(".jsp")) {
+            return "jsp";
+        } else if (fileName.endsWith(".asp") || fileName.endsWith(".aspx")) {
+            return "asp";
+        } else if (fileName.endsWith(".jpg") || fileName.endsWith(".jpeg")) {
+            return "image";
+        } else if (fileName.endsWith(".png")) {
+            return "image";
+        } else if (fileName.endsWith(".gif")) {
+            return "image";
+        } else if (fileName.endsWith(".bmp")) {
+            return "image";
+        } else if (fileName.endsWith(".exe")) {
+            return "executable";
+        } else if (fileName.endsWith(".dll")) {
+            return "library";
+        } else if (fileName.endsWith(".bat") || fileName.endsWith(".cmd")) {
+            return "batch";
+        } else if (fileName.endsWith(".sh")) {
+            return "shell";
+        } else if (fileName.endsWith(".py")) {
+            return "python";
+        } else if (fileName.endsWith(".js")) {
+            return "javascript";
+        } else if (fileName.endsWith(".html") || fileName.endsWith(".htm")) {
+            return "html";
+        } else if (fileName.endsWith(".css")) {
+            return "css";
+        } else if (fileName.endsWith(".xml")) {
+            return "xml";
+        } else if (fileName.endsWith(".json")) {
+            return "json";
+        } else if (fileName.endsWith(".txt")) {
+            return "text";
+        } else if (fileName.endsWith(".pdf")) {
+            return "pdf";
+        } else if (fileName.endsWith(".doc") || fileName.endsWith(".docx")) {
+            return "document";
+        } else if (fileName.endsWith(".xls") || fileName.endsWith(".xlsx")) {
+            return "spreadsheet";
+        } else if (fileName.endsWith(".zip") || fileName.endsWith(".rar") ||
+                fileName.endsWith(".7z") || fileName.endsWith(".tar") ||
+                fileName.endsWith(".gz")) {
+            return "archive";
+        } else {
+            return "unknown";
+        }
+    }
+
+    /**
+     * 解析时间字符串
+     */
+    private LocalDateTime parseDateTime(String timeStr) {
+        if (timeStr == null || timeStr.isEmpty()) {
+            return LocalDateTime.now();
+        }
+
+        for (DateTimeFormatter formatter : DATE_FORMATTERS) {
+            try {
+                return LocalDateTime.parse(timeStr, formatter);
+            } catch (Exception e) {
+                // 继续尝试下一个格式
+            }
+        }
+
+        // 如果所有格式都失败，尝试其他格式
+        try {
+            // 尝试处理带有时区的时间格式
+            if (timeStr.contains("T")) {
+                return LocalDateTime.parse(timeStr,
+                        DateTimeFormatter.ISO_LOCAL_DATE_TIME);
+            }
+
+            // 尝试处理日期部分
+            if (timeStr.length() >= 10) {
+                String datePart = timeStr.substring(0, 10);
+                return LocalDateTime.parse(datePart + "T00:00:00");
+            }
+        } catch (Exception e) {
+            log.warn("无法解析时间字符串: {}, 使用当前时间", timeStr);
+        }
+
+        return LocalDateTime.now();
+    }
+
+    /**
+     * 安全获取字符串字段
+     */
+    private String getString(JSONObject jsonObj, String key) {
+        return getString(jsonObj, key, "");
+    }
+
+    private String getString(JSONObject jsonObj, String key, String defaultValue) {
+        try {
+            String value = jsonObj.getString(key);
+            return value != null ? value : defaultValue;
+        } catch (Exception e) {
+            return defaultValue;
+        }
+    }
+
+    /**
+     * 安全获取Long字段
+     */
+    private Long getLong(JSONObject jsonObj, String key, Long defaultValue) {
+        try {
+            Long value = jsonObj.getLong(key);
+            return value != null ? value : defaultValue;
+        } catch (Exception e) {
+            return defaultValue;
+        }
+    }
+
+    /**
+     * 安全获取Integer字段
+     */
+    private Integer getInteger(JSONObject jsonObj, String key, Integer defaultValue) {
+        try {
+            Integer value = jsonObj.getInteger(key);
+            return value != null ? value : defaultValue;
+        } catch (Exception e) {
+            return defaultValue;
+        }
+    }
+}
\ No newline at end of file
diff --git a/haobang-security-xdr/syslog-consumer/src/main/java/com/common/util/JsonParser.java b/haobang-security-xdr/syslog-consumer/src/main/java/com/common/util/JsonParser.java
new file mode 100644
index 0000000..c9b118b
--- /dev/null
+++ b/haobang-security-xdr/syslog-consumer/src/main/java/com/common/util/JsonParser.java
@@ -0,0 +1,351 @@
+package com.common.util;
+import com.fasterxml.jackson.databind.JsonNode;
+import com.fasterxml.jackson.databind.ObjectMapper;
+import com.fasterxml.jackson.databind.node.JsonNodeType;
+import com.common.entity.*;
+import java.time.LocalDateTime;
+import java.time.format.DateTimeFormatter;
+import com.fasterxml.jackson.databind.ObjectMapper;
+import java.util.*;
+import java.util.Map.Entry;
+import org.json.JSONObject;
+import org.json.JSONArray;
+import com.fasterxml.jackson.core.type.TypeReference;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+public class JsonParser  {
+
+    private static final ObjectMapper objectMapper = new ObjectMapper();
+    private static final Logger logger = LoggerFactory.getLogger(JsonParser.class);
+
+    public static void main(String[] args) {
+        String logMessage = "<15>Sep 24 12:06:59 LAPTOP-ARDUR3N0 <15>2025-09-24T11:52:26Z 5f46d3be75e1 supermario 128 honeypot_event - {\"source\":\"honeypot\",\"id\":\"f6a13c35-bf9d-4da6-a181-50ce23e7ef6a\",\"start_time\":\"2023-09-03T11:07:02.50167643Z\",\"time\":\"2023-09-03T11:16:18.883885281Z\",\"risk_level\":4,\"connection\":\"b18f3fbe-3fbf-4495-815f-ff26f6fb0bdf\",\"file_info\":null,\"extra\":{\"payload\":{\"format\":\"line\",\"name\":{\"cn\":\"攻击载荷\",\"en\":\"payload\"},\"value\":\"\"},\"uid\":{\"format\":\"line\",\"name\":{\"cn\":\"\",\"en\":\"\"},\"uid\":\"b4cbc73c-25d0-4429-ae1b-a856cdf1a651\",\"value\":\"\"}},\"type\":\"WEB_ATTACK_SCANNER\",\"agent_sn\":\"caa7da42-0cca-4cb1-b501-1f1eb2b588d5\",\"agent_name\":\" 教育局蜜罐探针\",\"honeypot_id\":\"11a9ac6bdf38ae2aaa49ec4f1b4a921bff71952cb9f175bdd8ee1f0497057bc6\",\"honeypot_name\":\"茂名市中小学管理平台管理后台\",\"src_ip\":\"117.50.189.7\",\"src_port\":58512,\"src_mac\":\"\",\"dest_ip\":\"192.168.222.2\",\"dest_port\":9200,\"proxy_ip\":null,\"node\":\"WRx3\"}";
+        System.out.println(logMessage);
+        try {
+            XdrHoneypot xdrHoneypot = parseLogMessageToXdrHoneypot(logMessage);
+            System.out.println("解析成功！");
+            System.out.println(xdrHoneypot);
+        } catch (Exception e) {
+            System.err.println("解析失败: " + e.getMessage());
+            e.printStackTrace();
+        }
+
+        // 多层嵌套 JSON
+        String complexJson = "{\"source\":\"honeypot1\",\"id\":\"f6a13c35-bf9d-4da6-a181-50ce23e7ef6a\",\"start_time\":\"2023-09-03T11:07:02.50167643Z\",\"time\":\"2023-09-03T11:16:18.883885281Z\",\"risk_level\":4,\"connection\":\"b18f3fbe-3fbf-4495-815f-ff26f6fb0bdf\",\"file_info\":null,\"extra\":{\"payload\":{\"format\":\"line\",\"name\":{\"cn\":\"攻击载荷\",\"en\":\"payload\"},\"value\":\"\"},\"uid\":{\"format\":\"line\",\"name\":{\"cn\":\"\",\"en\":\"\"},\"uid\":\"b4cbc73c-25d0-4429-ae1b-a856cdf1a651\",\"value\":\"\"}},\"type\":\"WEB_ATTACK_SCANNER\",\"agent_sn\":\"caa7da42-0cca-4cb1-b501-1f1eb2b588d5\",\"agent_name\":\" 教育局蜜罐探针\",\"honeypot_id\":\"11a9ac6bdf38ae2aaa49ec4f1b4a921bff71952cb9f175bdd8ee1f0497057bc6\",\"honeypot_name\":\"茂名市中小学管理平台管理后台\",\"src_ip\":\"117.50.189.7\",\"src_port\":58512,\"src_mac\":\"\",\"dest_ip\":\"192.168.222.2\",\"dest_port\":9200,\"proxy_ip\":null,\"node\":\"WRx3\"}";
+
+        System.out.println("=== 扁平化 Map 解析结果 ===");
+        Map<String, Object> flatMap = parseJsonToFlatMap(complexJson);
+        flatMap.forEach((key, value) -> System.out.println(key + " = " + value));
+
+        System.out.println("\n=== 嵌套结构 Map 解析结果 ===");
+        Map<String, Object> nestedMap = parseJsonToNestedMap(complexJson);
+        printMap(nestedMap);
+
+        System.out.println("\n=== 特定值访问示例 ===");
+        // 访问特定值
+        System.out.println("extra.payload.format: " + flatMap.get("extra.payload.format"));
+        System.out.println("extra.payload.format: " + flatMap.get("extra.payload.name.cn"));
+    }
+
+    /**
+     * 从日志消息中解析 JSON 并转换为 XdrHoneypot 对象
+     */
+    public static XdrHoneypot parseLogMessageToXdrHoneypot(String logMessage) throws Exception {
+        // 1. 提取 JSON 部分
+        String jsonString = extractJsonFromLogMessage(logMessage);
+
+        // 2. 解析 JSON
+        JsonNode jsonNode = objectMapper.readTree(jsonString);
+
+        // 3. 创建并填充 XdrHoneypot 对象
+        XdrHoneypot xdrHoneypot = new XdrHoneypot();
+
+        // 设置字段值
+        xdrHoneypot.setVcsource(getStringValue(jsonNode, "source"));
+        xdrHoneypot.setDstartTime(getStringValue(jsonNode, "start_time"));
+        xdrHoneypot.setDtime(getStringValue(jsonNode, "time"));
+        xdrHoneypot.setRiskLevel(getStringValue(jsonNode, "risk_level"));
+        xdrHoneypot.setVcconnection(getStringValue(jsonNode, "connection"));
+        xdrHoneypot.setFileInfo(getStringValue(jsonNode, "file_info"));
+        xdrHoneypot.setExtra(getExtraAsString(jsonNode.get("extra")));
+        xdrHoneypot.setVctype(getStringValue(jsonNode, "type"));
+        xdrHoneypot.setAgentSn(getStringValue(jsonNode, "agent_sn"));
+        xdrHoneypot.setAgentName(getStringValue(jsonNode, "agent_name"));
+        xdrHoneypot.setHoneypotId(getStringValue(jsonNode, "honeypot_id"));
+        xdrHoneypot.setHoneypotName(getStringValue(jsonNode, "honeypot_name"));
+        xdrHoneypot.setSrcIp(getStringValue(jsonNode, "src_ip"));
+        xdrHoneypot.setSrcPort(getStringValue(jsonNode, "src_port"));
+        xdrHoneypot.setSrcMac(getStringValue(jsonNode, "src_mac"));
+        xdrHoneypot.setDestIp(getStringValue(jsonNode, "dest_ip"));
+        xdrHoneypot.setDestPort(getStringValue(jsonNode, "dest_port"));
+        xdrHoneypot.setProxyIp(getStringValue(jsonNode, "proxy_ip"));
+        xdrHoneypot.setNode(getStringValue(jsonNode, "node"));
+        xdrHoneypot.setCreateTime(LocalDateTime.now());
+
+        return xdrHoneypot;
+    }
+
+    /**
+     * 从日志消息中提取 JSON 部分
+     */
+    public  static String extractJsonFromLogMessage(String logMessage) {
+        // 查找第一个 { 和最后一个 } 的位置
+        int startIndex = logMessage.indexOf('{');
+        int endIndex = logMessage.lastIndexOf('}');
+
+        if (startIndex == -1 || endIndex == -1 || endIndex <= startIndex) {
+            throw new IllegalArgumentException("日志消息中未找到有效的 JSON 内容");
+        }
+        return logMessage.substring(startIndex, endIndex + 1);
+
+    }
+
+    /**
+     * 安全地获取字符串值
+     */
+    private static String getStringValue(JsonNode jsonNode, String fieldName) {
+        JsonNode fieldNode = jsonNode.get(fieldName);
+        if (fieldNode == null || fieldNode.isNull()) {
+            return null;
+        }
+
+        if (fieldNode.isTextual()) {
+            return fieldNode.asText();
+        } else {
+            // 对于非文本类型（如数字），转换为字符串
+            return fieldNode.toString();
+        }
+    }
+
+    /**
+     * 将 extra 字段转换为 JSON 字符串
+     */
+    private static String getExtraAsString(JsonNode extraNode) {
+        if (extraNode == null || extraNode.isNull()) {
+            return null;
+        }
+        try {
+            return objectMapper.writeValueAsString(extraNode);
+        } catch (Exception e) {
+            // 如果序列化失败，返回原始字符串
+            return extraNode.toString();
+        }
+    }
+
+
+    /**
+     * 解析 JSON 字符串为扁平化的 Map
+     * @param jsonStr JSON 字符串
+     * @return 扁平化的 Map，key 使用点号表示嵌套路径
+     */
+    public static LinkedHashMap<String, Object> parseJsonToFlatMap(String jsonStr) {
+        try {
+            LinkedHashMap<String, Object> resultMap = new LinkedHashMap<>();
+            if(!isValidJson(jsonStr))
+            {
+                System.out.println("parseJsonToFlatMap() json str:"+jsonStr);
+                System.out.println("isValidJson(string) is false");
+                return null;
+            }
+
+            TypeReference<Map<String, Object>> typeRef = new TypeReference<Map<String, Object>>() {};
+            Object jsonObject =  objectMapper.readValue(jsonStr, typeRef);
+            //Object jsonObject = objectMapper.readValue(jsonStr.trim(), Object.class);
+            flattenJson("", jsonObject, resultMap);
+            return resultMap;
+        } catch (Exception e) {
+            //System.out.println("Exception ex.message:"+ e.getMessage());
+            logger.error("parseJsonToFlatMap  ex.message:{}", e.getMessage());
+            throw new RuntimeException("parseJsonToFlatMap JSON 解析失败", e);
+        }
+    }
+
+    /**
+     * 递归扁平化 JSON 对象
+     */
+    private static void flattenJson(String currentPath, Object jsonObject, Map<String, Object> resultMap) {
+
+        try {
+            if (jsonObject instanceof Map) {
+                // 处理 JSON 对象
+                Map<?, ?> map = (Map<?, ?>) jsonObject;
+                for (Entry<?, ?> entry : map.entrySet()) {
+                    String key = entry.getKey().toString();
+                    String newPath = currentPath.isEmpty() ? key : currentPath + "." + key;
+                    flattenJson(newPath, entry.getValue(), resultMap);
+                }
+            } else if (jsonObject instanceof List) {
+                // 处理 JSON 数组
+                List<?> list = (List<?>) jsonObject;
+                for (int i = 0; i < list.size(); i++) {
+                    String newPath = currentPath + "[" + i + "]";
+                    flattenJson(newPath, list.get(i), resultMap);
+                }
+            } else {
+                // 基本类型值
+                resultMap.put(currentPath, jsonObject);
+            }
+
+        } catch (Exception e) {
+            System.out.println("Exception ex.message:"+ e.getMessage());
+
+            throw new RuntimeException("flattenJson 处理异常", e);
+        }
+    }
+
+    /**
+     * 保持嵌套结构的 JSON 解析
+     */
+    public static Map<String, Object> parseJsonToNestedMap(String jsonStr) {
+        try {
+            return objectMapper.readValue(jsonStr, Map.class);
+        } catch (Exception e) {
+            throw new RuntimeException("parseJsonToNestedMap() JSON 解析失败", e);
+        }
+    }
+    /**
+     * 打印 Map 内容
+     */
+    public static void printMap(Map<String, Object> map) {
+        printMap("", map, 0);
+}
+
+    private static void printMap(String prefix, Map<String, Object> map, int indent) {
+       // String indentStr = "  ".repeat(indent);
+        StringBuilder sb = new StringBuilder();
+        for (int i = 0; i < indent; i++) {
+            sb.append(" ");
+        }
+        String indentStr = sb.toString();
+
+        for (Entry<String, Object> entry : map.entrySet()) {
+            String key = entry.getKey();
+            Object value = entry.getValue();
+            String fullKey = prefix.isEmpty() ? key : prefix + "." + key;
+
+            if (value instanceof Map) {
+                System.out.println(indentStr + key + ":");
+                printMap(fullKey, (Map<String, Object>) value, indent + 1);
+            } else if (value instanceof List) {
+                System.out.println(indentStr + key + ":");
+                printList(fullKey, (List<Object>) value, indent + 1);
+            } else {
+                System.out.println(indentStr + key + " = " + value);
+            }
+        }
+    }
+
+    private static void printList(String prefix, List<Object> list, int indent) {
+        //String indentStr = "  ".repeat(indent);
+
+        StringBuilder sb = new StringBuilder();
+        for (int i = 0; i < indent; i++) {
+            sb.append(" ");
+        }
+        String indentStr = sb.toString();
+        for (int i = 0; i < list.size(); i++) {
+            Object value = list.get(i);
+            String itemKey = prefix + "[" + i + "]";
+
+            if (value instanceof Map) {
+                System.out.println(indentStr + "[" + i + "]:");
+                printMap(itemKey, (Map<String, Object>) value, indent + 1);
+            } else if (value instanceof List) {
+                System.out.println(indentStr + "[" + i + "]:");
+                printList(itemKey, (List<Object>) value, indent + 1);
+            } else {
+                System.out.println(indentStr + "[" + i + "] = " + value);
+            }
+        }
+    }
+
+
+
+
+    /**
+     * 将 JSONObject 转换为 Map
+     */
+    public static LinkedHashMap<String, Object> jsonToMap(String jsonString) {
+        try {
+            JSONObject jsonObject = new JSONObject(jsonString.trim());
+            return toMap(jsonObject);
+        } catch (Exception e) {
+            throw new RuntimeException("jsonToMap 转换失败: " + e.getMessage(), e);
+        }
+    }
+
+    /**
+     * 递归转换 JSONObject 到 Map
+     */
+    private static LinkedHashMap<String, Object> toMap(JSONObject jsonObject) {
+        LinkedHashMap<String, Object> map = new LinkedHashMap<>();
+        Iterator<String> keys = jsonObject.keys();
+
+        while (keys.hasNext()) {
+            String key = keys.next();
+            Object value = jsonObject.get(key);
+
+            if (value instanceof JSONObject) {
+                // 嵌套对象
+                value = toMap((JSONObject) value);
+            } else if (value instanceof JSONArray) {
+                // 数组
+                value = toList((JSONArray) value);
+            }
+
+            map.put(key, value);
+        }
+        return map;
+    }
+
+    /**
+     * 递归转换 JSONArray 到 List
+     */
+    private static List<Object> toList(JSONArray array) {
+        List<Object> list = new ArrayList<>();
+        for (int i = 0; i < array.length(); i++) {
+            Object value = array.get(i);
+            if (value instanceof JSONObject) {
+                value = toMap((JSONObject) value);
+            } else if (value instanceof JSONArray) {
+                value = toList((JSONArray) value);
+            }
+            list.add(value);
+        }
+        return list;
+    }
+
+
+
+    /**
+     * 预处理 JSON 字符串
+     */
+    public static Optional<String> preprocessJson(String jsonString) {
+        if (jsonString == null) {
+            return Optional.empty();
+        }
+        String trimmed = jsonString.trim();
+        // 处理空字符串
+        if (trimmed.isEmpty()) {
+            return Optional.empty();
+        }
+        // 处理 BOM
+        if (trimmed.startsWith("\uFEFF")) {
+            trimmed = trimmed.substring(1).trim();
+            if (trimmed.isEmpty()) {
+                return Optional.empty();
+            }
+        }
+
+        return Optional.of(trimmed);
+    }
+
+    /**
+     * 检查 JSON 字符串是否有效
+     */
+    public static boolean isValidJson(String jsonString) {
+        return preprocessJson(jsonString).isPresent();
+    }
+
+}
diff --git a/haobang-security-xdr/syslog-consumer/src/main/java/com/common/util/KeyValueParser.java b/haobang-security-xdr/syslog-consumer/src/main/java/com/common/util/KeyValueParser.java
new file mode 100644
index 0000000..fb6f5cb
--- /dev/null
+++ b/haobang-security-xdr/syslog-consumer/src/main/java/com/common/util/KeyValueParser.java
@@ -0,0 +1,135 @@
+package com.common.util;
+import java.util.HashMap;
+import java.util.Map;
+import java.util.regex.Matcher;
+import java.util.regex.Pattern;
+
+public class KeyValueParser {
+
+    /**
+     * 解析键值对字符串
+     * @param input 输入字符串
+     * @return 解析后的键值对Map
+     */
+    public static Map<String, String> parseKeyValueString(String input) {
+        Map<String, String> result = new HashMap<>();
+
+        // 移除首尾的方括号（如果存在）
+        String cleanedInput = input.trim();
+        if (cleanedInput.startsWith("[") && cleanedInput.endsWith("]")) {
+            cleanedInput = cleanedInput.substring(1, cleanedInput.length() - 1);
+        }
+
+        // 使用正则表达式匹配键值对
+        // 匹配模式：键=值，值可以包含任意字符（包括空格和标点）
+        Pattern pattern = Pattern.compile("(\\w+)=([^=]+?)(?=\\s+\\w+=|$)");
+        Matcher matcher = pattern.matcher(cleanedInput);
+
+        while (matcher.find()) {
+            String key = matcher.group(1);
+            String value = matcher.group(2).trim();
+            result.put(key, value);
+        }
+
+        return result;
+    }
+
+    /**
+     * 简单的分割解析方法（适用于格式规整的情况）
+     * @param input 输入字符串
+     * @return 解析后的键值对Map
+     */
+    public static Map<String, String> parseBySplit(String input) {
+        Map<String, String> result = new HashMap<>();
+
+        // 移除首尾的方括号
+        String cleanedInput = input.trim();
+        if (cleanedInput.startsWith("[") && cleanedInput.endsWith("]")) {
+            cleanedInput = cleanedInput.substring(1, cleanedInput.length() - 1);
+        }
+
+        // 按空格分割，但保留值中的空格
+        String[] pairs = cleanedInput.split("\\s+(?=\\w+=)");
+
+        for (String pair : pairs) {
+            int equalsIndex = pair.indexOf('=');
+            if (equalsIndex > 0) {
+                String key = pair.substring(0, equalsIndex);
+                String value = pair.substring(equalsIndex + 1);
+                result.put(key, value);
+            }
+        }
+
+        return result;
+    }
+
+    /**
+     * 从文本中提取第一个 [] 包裹的键值对字符串并转换为 Map
+     *
+     * @param text 包含键值对的原始文本
+     * @return 包含键值对的 Map
+     * @throws IllegalArgumentException 如果格式不正确
+     */
+    public static Map<String, String> parseKeyValuePairs(String text) {
+        if (text == null || text.trim().isEmpty()) {
+            throw new IllegalArgumentException("Input text cannot be null or empty");
+        }
+
+        // 查找第一个 [ 和对应的 ]
+        int start = text.indexOf('[');
+        int end = text.indexOf(']', start + 1);
+
+        if (start == -1 || end == -1) {
+            throw new IllegalArgumentException("No valid [] pair found in text");
+        }
+
+        // 提取 [] 内的内容
+        String content = text.substring(start + 1, end).trim();
+        if (content.isEmpty()) {
+            return new HashMap<>(); // 返回空Map
+        }
+
+        // 分割键值对
+        String[] pairs = content.split("\\s+");
+        Map<String, String> result = new HashMap<>();
+
+        for (String pair : pairs) {
+            // 分割键和值
+            int equalSign = pair.indexOf('=');
+            if (equalSign == -1) {
+                throw new IllegalArgumentException("Invalid key-value pair format: " + pair);
+            }
+
+            String key = pair.substring(0, equalSign).trim();
+            String value = pair.substring(equalSign + 1).trim();
+
+            if (key.isEmpty()) {
+                throw new IllegalArgumentException("Key cannot be empty in pair: " + pair);
+            }
+
+            result.put(key, value);
+        }
+
+        return result;
+    }
+    public static void main(String[] args) {
+        String input = "[name=非工作时间访问 riskLevel=中 riskMain=账号 appName=蜜罐系统-企信外网 riskDesc=账号在2025-04-27，通过47.94.211.49客户端IP在非常用访问时间2025-04-27 15:38:54，进行了业务访问]";
+
+        System.out.println("=== 使用正则表达式解析 ===");
+        Map<String, String> result1 = parseKeyValueString(input);
+        for (Map.Entry<String, String> entry : result1.entrySet()) {
+            System.out.println(entry.getKey() + ": " + entry.getValue());
+        }
+
+        System.out.println("\n=== 使用分割方法解析 ===");
+        Map<String, String> result2 = parseBySplit(input);
+        for (Map.Entry<String, String> entry : result2.entrySet()) {
+            System.out.println(entry.getKey() + ": " + entry.getValue());
+        }
+
+        System.out.println("\n=== 获取特定字段 ===");
+        System.out.println("应用名称: " + result1.get("appName"));
+        System.out.println("风险等级: " + result1.get("riskLevel"));
+        System.out.println("风险描述: " + result1.get("riskDesc"));
+    }
+}
\ No newline at end of file
diff --git a/haobang-security-xdr/syslog-consumer/src/main/java/com/common/util/KvTextParser.java b/haobang-security-xdr/syslog-consumer/src/main/java/com/common/util/KvTextParser.java
new file mode 100644
index 0000000..b614ce7
--- /dev/null
+++ b/haobang-security-xdr/syslog-consumer/src/main/java/com/common/util/KvTextParser.java
@@ -0,0 +1,145 @@
+package com.common.util;
+
+import org.springframework.stereotype.Component;
+import java.util.HashMap;
+import java.util.LinkedHashMap;
+import java.util.Map;
+import java.util.regex.Matcher;
+import java.util.regex.Pattern;
+import com.common.entity.RuleContent.kv_paramsType;
+
+@Component
+public class KvTextParser {
+
+    /**
+     * 解析键值对类型的文本数据
+     * @param text 要解析的文本
+     * @param params 解析参数配置
+     * @return 解析后的Map对象
+     */
+    public LinkedHashMap<String, Object> parseKvText(String text, kv_paramsType params) {
+        LinkedHashMap<String, Object> result = new LinkedHashMap<>();
+
+        if (text == null || text.trim().isEmpty()) {
+            return result;
+        }
+
+        // 获取分隔符配置
+        String internal = params.getInternal(); // KV内部分隔符，如"="
+        String external = params.getExternal(); // KV之间分隔符，如空格
+        String lTrim = params.getL_trim();     // 左修剪字符
+        String rTrim = params.getR_trim();     // 右修剪字符
+
+        // 转义分隔符，用于正则表达式
+        String escapedExternal = Pattern.quote(external);
+        String escapedInternal = Pattern.quote(internal);
+
+        try {
+            // 使用外部KV分隔符分割字符串
+            String[] kvPairs = text.split(escapedExternal);
+
+            for (String kvPair : kvPairs) {
+                if (kvPair == null || kvPair.trim().isEmpty()) {
+                    continue;
+                }
+
+                // 使用内部分隔符分割键值对
+                String[] parts = kvPair.split(escapedInternal, 2); // 限制分割为2部分
+
+                if (parts.length == 2) {
+                    String key = parts[0].trim();
+                    String value = parts[1].trim();
+
+                    // 应用修剪
+                    key = applyTrim(key, lTrim, rTrim);
+                    value = applyTrim(value, lTrim, rTrim);
+
+                    // 移除可能的引号
+                    value = removeQuotes(value);
+
+                    result.put(key, value);
+                } else if (parts.length == 1) {
+                    // 只有key没有value的情况
+                    String key = applyTrim(parts[0].trim(), lTrim, rTrim);
+                    result.put(key, "");
+                }
+            }
+        } catch (Exception e) {
+            throw new RuntimeException("解析键值对文本时发生错误: " + e.getMessage(), e);
+        }
+
+        return result;
+    }
+
+    /**
+     * 应用字符串修剪
+     */
+    private String applyTrim(String str, String lTrim, String rTrim) {
+        if (str == null) return "";
+
+        String result = str;
+
+        // 左修剪
+        if (lTrim != null && !lTrim.isEmpty()) {
+            result = result.replaceAll("^[" + Pattern.quote(lTrim) + "]+", "");
+        }
+
+        // 右修剪
+        if (rTrim != null && !rTrim.isEmpty()) {
+            result = result.replaceAll("[" + Pattern.quote(rTrim) + "]+$", "");
+        }
+
+        return result;
+    }
+
+    /**
+     * 移除字符串两端的引号
+     */
+    private String removeQuotes(String str) {
+        if (str == null || str.length() < 2) {
+            return str;
+        }
+
+        // 检查是否被引号包围
+        if ((str.startsWith("\"") && str.endsWith("\"")) ||
+                (str.startsWith("'") && str.endsWith("'"))) {
+            return str.substring(1, str.length() - 1);
+        }
+
+        return str;
+    }
+
+    /**
+     * 使用正则表达式解析更复杂的键值对格式
+     * 适用于包含特殊字符的值
+     */
+    public  LinkedHashMap<String, Object> parseKvTextWithRegex(String text, kv_paramsType params) {
+      //  Map<String, String> result = new HashMap<>();
+        LinkedHashMap<String, Object> result = new LinkedHashMap<>();
+        if (text == null || text.trim().isEmpty()) {
+            return result;
+        }
+
+        String internal = Pattern.quote(params.getInternal());
+        String external = Pattern.quote(params.getExternal());
+
+        // 构建正则表达式模式
+        // 匹配格式: key=value 或 key="包含空格的value"
+        String patternStr = "(\\w+)" + internal + "(\"[^\"]*\"|[^" + external + "]*)";
+        Pattern pattern = Pattern.compile(patternStr);
+        Matcher matcher = pattern.matcher(text);
+
+        while (matcher.find()) {
+            String key = matcher.group(1);
+            String value = matcher.group(2);
+
+            // 移除引号并应用修剪
+            value = removeQuotes(value);
+            value = applyTrim(value, params.getL_trim(), params.getR_trim());
+
+            result.put(key, value);
+        }
+
+        return result;
+    }
+}
\ No newline at end of file
diff --git a/haobang-security-xdr/syslog-consumer/src/main/java/com/common/util/MyBatisUtil.java b/haobang-security-xdr/syslog-consumer/src/main/java/com/common/util/MyBatisUtil.java
new file mode 100644
index 0000000..a7f2854
--- /dev/null
+++ b/haobang-security-xdr/syslog-consumer/src/main/java/com/common/util/MyBatisUtil.java
@@ -0,0 +1,89 @@
+package com.common.util;
+
+import org.springframework.beans.factory.annotation.Autowired;
+import org.apache.ibatis.io.Resources;
+import org.apache.ibatis.session.SqlSession;
+import org.apache.ibatis.session.SqlSessionFactory;
+import org.apache.ibatis.session.SqlSessionFactoryBuilder;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+import java.io.IOException;
+import java.io.InputStream;
+import java.util.function.Function;
+import org.springframework.stereotype.Component;
+/**
+ * MyBatis 工具类
+ */
+
+
+@Component
+public class MyBatisUtil {
+    private static final Logger logger = LoggerFactory.getLogger(MyBatisUtil.class);
+    private static SqlSessionFactory sqlSessionFactory;
+    @Autowired
+    private SqlSessionFactory autoWiredSqlSessionFactory;
+    static {
+        init();
+    }
+    private static void init() {
+        try {
+            String resource = "mybatis-config.xml";
+            InputStream inputStream = Resources.getResourceAsStream(resource);
+            sqlSessionFactory = new SqlSessionFactoryBuilder().build(inputStream);
+            logger.info("MyBatis 初始化成功");
+        } catch (IOException e) {
+            logger.error("初始化MyBatis失败", e);
+            throw new RuntimeException("初始化MyBatis失败", e);
+        }
+    }
+    public static SqlSession getSqlSession() {
+        return sqlSessionFactory.openSession();
+    }
+
+    public static SqlSessionFactory getSqlSessionFactory() {
+        return sqlSessionFactory;
+    }
+
+    /**
+     * 获取 SqlSession（自动提交事务）
+     */
+    public static SqlSession getSqlSessionAutoCommit() {
+        return sqlSessionFactory.openSession(true);
+    }
+
+    /**
+     * 执行查询操作（自动管理资源）
+     */
+    public static <T> T executeQuery(Function<SqlSession, T> function) {
+        SqlSession sqlSession = getSqlSession();
+        try {
+            return function.apply(sqlSession);
+        } finally {
+            sqlSession.close();
+        }
+    }
+
+    /**
+     * 执行更新操作（自动提交事务和管理资源）
+     */
+    public static <T> T executeUpdate(Function<SqlSession, T> function) {
+        SqlSession sqlSession = getSqlSession();
+        try {
+            T result = function.apply(sqlSession);
+            sqlSession.commit();
+            return result;
+        } catch (Exception e) {
+            sqlSession.rollback();
+            throw new RuntimeException("数据库操作失败", e);
+        } finally {
+            sqlSession.close();
+        }
+    }
+    /**
+     * 重新初始化（用于配置热更新）
+     */
+    public static void reload() {
+        init();
+    }
+}
\ No newline at end of file
diff --git a/haobang-security-xdr/syslog-consumer/src/main/java/com/common/util/NestedJsonParserUtil.java b/haobang-security-xdr/syslog-consumer/src/main/java/com/common/util/NestedJsonParserUtil.java
new file mode 100644
index 0000000..5cfd4cf
--- /dev/null
+++ b/haobang-security-xdr/syslog-consumer/src/main/java/com/common/util/NestedJsonParserUtil.java
@@ -0,0 +1,510 @@
+package com.common.util;
+
+import com.fasterxml.jackson.core.JsonProcessingException;
+import com.fasterxml.jackson.core.type.TypeReference;
+import com.fasterxml.jackson.databind.ObjectMapper;
+import com.fasterxml.jackson.databind.DeserializationFeature;
+import com.fasterxml.jackson.databind.JsonNode;
+import com.fasterxml.jackson.core.JsonParser;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+import java.util.*;
+import java.util.regex.Pattern;
+import java.util.regex.Matcher;
+
+public class NestedJsonParserUtil {
+
+    private static final Logger logger = LoggerFactory.getLogger(NestedJsonParserUtil.class);
+
+    // 配置ObjectMapper，启用容错特性
+    private static final ObjectMapper objectMapper = new ObjectMapper()
+            .configure(DeserializationFeature.FAIL_ON_UNKNOWN_PROPERTIES, false)
+            .configure(DeserializationFeature.FAIL_ON_INVALID_SUBTYPE, false)
+            .configure(DeserializationFeature.ACCEPT_EMPTY_STRING_AS_NULL_OBJECT, true)
+            .configure(DeserializationFeature.ACCEPT_SINGLE_VALUE_AS_ARRAY, true)
+            .configure(JsonParser.Feature.ALLOW_UNQUOTED_FIELD_NAMES, true)
+            .configure(JsonParser.Feature.ALLOW_SINGLE_QUOTES, true)
+            .configure(JsonParser.Feature.ALLOW_UNQUOTED_CONTROL_CHARS, true)
+            .configure(JsonParser.Feature.ALLOW_BACKSLASH_ESCAPING_ANY_CHARACTER, true);
+
+    /**
+     * 安全的JSON字符串转Map方法（支持嵌套结构）
+     */
+    public static LinkedHashMap<String, Object> safeParseJson(String jsonStr) {
+        return safeParseJson(jsonStr, new LinkedHashMap<>());
+    }
+
+    /**
+     * 安全的JSON字符串转Map方法（支持嵌套结构和自定义选项）
+     */
+    public static LinkedHashMap<String, Object> safeParseJson(String jsonStr, LinkedHashMap<String, Object> options) {
+        if (jsonStr == null || jsonStr.trim().isEmpty()) {
+            logger.warn("JSON字符串为空或null");
+            //return Collections.emptyMap();
+            return null;
+        }
+
+        // 获取选项,嵌套3层
+        int maxDepth = (Integer) options.getOrDefault("maxDepth", 3);
+        boolean allowUnquoted = (Boolean) options.getOrDefault("allowUnquoted", true);
+        boolean allowSingleQuotes = (Boolean) options.getOrDefault("allowSingleQuotes", true);
+
+        try {
+            // 1. 预处理JSON字符串
+           // String processedJson = preprocessJsonString(jsonStr, allowUnquoted, allowSingleQuotes);
+            String processedJson =jsonStr;
+
+            System.out.println("processedJson:"+processedJson);
+            // 2. 深度验证嵌套结构
+            //validateNestedStructure(processedJson, maxDepth);
+            //ObjectMapper mapper = new ObjectMapper(); // 这里使用Jackson
+            //System.out.println( mapper.readTree(processedJson));
+
+            //TypeReference<Map<String, String>> typeRef1 = new TypeReference<Map<String, String>>() {};
+            //Map<String, String> result1 =  objectMapper.readValue(processedJson, typeRef1);
+
+
+            // 3. 尝试解析
+            TypeReference<Map<String, Object>> typeRef = new TypeReference<Map<String, Object>>() {};
+            Map<String, Object> result =  objectMapper.readValue(processedJson, typeRef);
+
+            // 4. 后处理：清理和验证解析结果
+            return postProcessParsedData(result, maxDepth);
+
+        } catch (JsonProcessingException e) {
+            logger.error("JSON解析失败json:{} 错误消息： {}",jsonStr, e.getMessage());
+
+            // 5. 尝试修复并重新解析
+            try {
+                String fixedJson = tryFixNestedJson(jsonStr, maxDepth);
+                if (!fixedJson.equals(jsonStr)) {
+                    TypeReference<Map<String, Object>> typeRef = new TypeReference<Map<String, Object>>() {};
+                    Map<String, Object> result = objectMapper.readValue(fixedJson, typeRef);
+                    return postProcessParsedData(result, maxDepth);
+                }
+            } catch (Exception ex) {
+                logger.error("JSON修复后解析仍然失败", ex);
+            }
+            return null;
+            //return Collections.emptyMap();
+
+        } catch (Exception e) {
+            logger.error("JSON解析发生未知异常", e);
+            return null;
+        }
+    }
+
+    /**
+     * 解析JSON为JsonNode（更灵活的嵌套处理）
+     */
+    public static JsonNode safeParseJsonNode(String jsonStr) {
+        if (jsonStr == null || jsonStr.trim().isEmpty()) {
+            return objectMapper.createObjectNode();
+        }
+
+        try {
+            String processedJson = preprocessJsonString(jsonStr, true, true);
+            return objectMapper.readTree(processedJson);
+        } catch (Exception e) {
+            logger.error("解析JSON为JsonNode失败", e);
+            try {
+                String fixedJson = tryFixNestedJson(jsonStr, 10);
+                return objectMapper.readTree(fixedJson);
+            } catch (Exception ex) {
+                logger.error("修复后解析JSON Node仍然失败", ex);
+                return objectMapper.createObjectNode();
+            }
+        }
+    }
+
+    /**
+     * 预处理JSON字符串（增强版）
+     */
+    private static String preprocessJsonString(String jsonStr, boolean allowUnquoted, boolean allowSingleQuotes) {
+        if (jsonStr == null) {
+            return "{}";
+        }
+
+        String processed = jsonStr.trim();
+
+        // 移除BOM字符
+        if (processed.startsWith("\uFEFF")) {
+            processed = processed.substring(1);
+        }
+
+        // 处理不同编码的空白字符
+        processed = processed.replaceAll("[\\u00A0\\u2007\\u202F]", " ");
+
+        // 确保字符串以{开头，以}结尾
+        if (!processed.startsWith("{") && !processed.startsWith("[")) {
+            // 尝试检测是否是JSONP格式
+            if (processed.contains("(") && processed.contains(")")) {
+                processed = extractJsonFromJsonp(processed);
+            } else {
+                // 如果不是JSON对象或数组，尝试包装成对象
+                processed = "{\"data\": " + processed + "}";
+            }
+        }
+
+        // 根据选项处理引号
+        if (!allowSingleQuotes) {
+            processed = convertSingleQuotesToDouble(processed);
+        }
+
+        return processed;
+    }
+
+    /**
+     * 从JSONP中提取JSON
+     */
+    private static String extractJsonFromJsonp(String jsonp) {
+        try {
+            int start = jsonp.indexOf('(');
+            int end = jsonp.lastIndexOf(')');
+            if (start != -1 && end != -1 && end > start) {
+                return jsonp.substring(start + 1, end);
+            }
+        } catch (Exception e) {
+            logger.warn("JSONP提取失败", e);
+        }
+        return "{}";
+    }
+
+    /**
+     * 验证嵌套结构深度
+     */
+    private static void validateNestedStructure(String jsonStr, int maxDepth) {
+        int depth = calculateJsonDepth(jsonStr);
+        if (depth > maxDepth) {
+            throw new IllegalArgumentException("JSON嵌套深度超过限制: " + depth + " > " + maxDepth);
+        }
+    }
+
+    /**
+     * 计算JSON最大嵌套深度
+     */
+    private static int calculateJsonDepth(String jsonStr) {
+        int maxDepth = 0;
+        int currentDepth = 0;
+
+        for (int i = 0; i < jsonStr.length(); i++) {
+            char c = jsonStr.charAt(i);
+            if (c == '{' || c == '[') {
+                currentDepth++;
+                maxDepth = Math.max(maxDepth, currentDepth);
+            } else if (c == '}' || c == ']') {
+                currentDepth--;
+            }
+
+            if (currentDepth < 0) {
+                throw new IllegalArgumentException("calculateJsonDepth() JSON括号不匹配");
+            }
+        }
+
+        if (currentDepth != 0) {
+            throw new IllegalArgumentException("calculateJsonDepth() JSON括号不匹配");
+        }
+
+        return maxDepth;
+    }
+
+    /**
+     * 尝试修复嵌套JSON
+     */
+    private static String tryFixNestedJson(String jsonStr, int maxDepth) {
+        if (jsonStr == null) {
+            return "{}";
+        }
+
+        String fixed = jsonStr.trim();
+
+        try {
+            // 修复步骤序列
+            fixed = fixJsonpWrapper(fixed);
+            fixed = fixUnescapedQuotesInNestedJson(fixed);
+            fixed = fixSingleQuotes(fixed);
+            fixed = fixUnescapedBackslashes(fixed);
+            fixed = fixTrailingCommas(fixed);
+            fixed = fixMissingQuotesInNestedJson(fixed);
+            fixed = fixNumericIssues(fixed);
+            fixed = fixBooleanIssues(fixed);
+            fixed = fixNullIssues(fixed);
+            fixed = fixArrayIssues(fixed);
+
+            logger.info("尝试修复嵌套JSON字符串");
+            return fixed;
+
+        } catch (Exception e) {
+            logger.warn("嵌套JSON修复过程中发生异常", e);
+            return jsonStr;
+        }
+    }
+
+    /**
+     * 修复JSONP包装
+     */
+    private static String fixJsonpWrapper(String json) {
+        if (json.matches("^[a-zA-Z_$][a-zA-Z0-9_$]*\\s*\\(") && json.contains(")")) {
+            return extractJsonFromJsonp(json);
+        }
+        return json;
+    }
+
+    /**
+     * 修复嵌套JSON中的未转义引号
+     */
+    private static String fixUnescapedQuotesInNestedJson(String json) {
+        StringBuilder sb = new StringBuilder();
+        boolean inString = false;
+        char prevChar = 0;
+        int braceCount = 0;
+        int bracketCount = 0;
+
+        for (int i = 0; i < json.length(); i++) {
+            char c = json.charAt(i);
+
+            // 跟踪嵌套级别
+            if (c == '{') braceCount++;
+            if (c == '}') braceCount--;
+            if (c == '[') bracketCount++;
+            if (c == ']') bracketCount--;
+
+            // 处理字符串状态
+            if (c == '"' && prevChar != '\\') {
+                inString = !inString;
+                sb.append(c);
+            } else if (inString && c == '"' && prevChar == '\\') {
+                sb.append(c);
+            } else if (inString && c == '"') {
+                // 在字符串中遇到未转义的双引号，需要转义
+                sb.append("\\\"");
+            } else {
+                sb.append(c);
+            }
+
+            prevChar = c;
+        }
+
+        return sb.toString();
+    }
+
+    /**
+     * 修复嵌套JSON中缺失的引号
+     */
+    private static String fixMissingQuotesInNestedJson(String json) {
+        // 使用更复杂的正则表达式来修复嵌套对象中的键
+        Pattern pattern = Pattern.compile("([{,{]\\s*)([a-zA-Z_$][a-zA-Z0-9_$]*)(\\s*:\\s*)");
+        Matcher matcher = pattern.matcher(json);
+        StringBuffer result = new StringBuffer();
+
+        while (matcher.find()) {
+            String replacement = matcher.group(1) + "\"" + matcher.group(2) + "\"" + matcher.group(3);
+            matcher.appendReplacement(result, Matcher.quoteReplacement(replacement));
+        }
+        matcher.appendTail(result);
+
+        return result.toString();
+    }
+
+    /**
+     * 修复数字问题
+     */
+    private static String fixNumericIssues(String json) {
+        // 修复前导零的数字
+        json = json.replaceAll(":\\s*0+(\\d+)", ":$1");
+        // 修复缺失小数点的数字
+        json = json.replaceAll(":\\s*(\\d+)\\.(\\s*[,\\}])", ":$1.0$2");
+        return json;
+    }
+
+    /**
+     * 修复布尔值问题
+     */
+    private static String fixBooleanIssues(String json) {
+        json = json.replaceAll(":\\s*true", ":true");
+        json = json.replaceAll(":\\s*false", ":false");
+        json = json.replaceAll(":\\s*TRUE", ":true");
+        json = json.replaceAll(":\\s*FALSE", ":false");
+        return json;
+    }
+
+    /**
+     * 修复null值问题
+     */
+    private static String fixNullIssues(String json) {
+        json = json.replaceAll(":\\s*null", ":null");
+        json = json.replaceAll(":\\s*NULL", ":null");
+        json = json.replaceAll(":\\s*Null", ":null");
+        return json;
+    }
+
+    /**
+     * 修复数组问题
+     */
+    private static String fixArrayIssues(String json) {
+        // 修复数组中的尾随逗号
+        //json = json.replaceAll(",(\s*])", "$1");
+       // json =json.replaceAll(",(\s[}\])])", "$1");
+        return json;
+    }
+
+    /**
+     * 单引号转双引号
+     */
+    private static String fixSingleQuotes(String json) {
+        return convertSingleQuotesToDouble(json);
+    }
+
+    /**
+     * 单引号转双引号（智能转换，不转换字符串内的单引号）
+     */
+    private static String convertSingleQuotesToDouble(String json) {
+        StringBuilder sb = new StringBuilder();
+        boolean inDoubleString = false;
+        boolean inSingleString = false;
+        char prevChar = 0;
+
+        for (int i = 0; i < json.length(); i++) {
+            char c = json.charAt(i);
+
+            if (c == '"' && prevChar != '\\') {
+                inDoubleString = !inDoubleString;
+                sb.append(c);
+            } else if (c == '\'' && prevChar != '\\' && !inDoubleString) {
+                if (!inSingleString) {
+                    sb.append('"');
+                    inSingleString = true;
+                } else {
+                    sb.append('"');
+                    inSingleString = false;
+                }
+            } else {
+                sb.append(c);
+            }
+
+            prevChar = c;
+        }
+
+        return sb.toString();
+    }
+
+    /**
+     * 修复未转义的反斜杠
+     */
+    private static String fixUnescapedBackslashes(String json) {
+        // 简单的反斜杠转义，注意不要破坏已经转义的内容
+        return json.replace("\\", "\\\\").replace("\\\\\"", "\\\"");
+    }
+
+    /**
+     * 修复尾随逗号
+     */
+    private static String fixTrailingCommas(String json) {
+        // 移除对象和数组中的尾随逗号
+        //json = json.replaceAll(",(\s*[}\]])", "$1");
+        return json;
+    }
+
+    /**
+     * 后处理解析的数据
+     */
+    private static LinkedHashMap<String, Object> postProcessParsedData(Map<String, Object> data, int maxDepth) {
+        if (data == null) {
+            //return Collections.emptyMap();
+            return null;
+        }
+
+        // 深度清理和验证
+        return cleanNestedData(data, 0, maxDepth);
+    }
+
+    /**
+     * 清理嵌套数据
+     */
+    @SuppressWarnings("unchecked")
+    private static LinkedHashMap<String, Object> cleanNestedData(Map<String, Object> data, int currentDepth, int maxDepth) {
+        if (currentDepth > maxDepth) {
+            logger.warn("数据嵌套过深，进行截断");
+           // return Collections.emptyMap();
+            return null;
+        }
+
+        LinkedHashMap<String, Object> cleaned = new LinkedHashMap<>();
+
+        for (Map.Entry<String, Object> entry : data.entrySet()) {
+            String key = entry.getKey();
+            Object value = entry.getValue();
+
+            // 清理键
+            String cleanedKey = key.trim();
+
+            // 清理值
+            Object cleanedValue = cleanValue(value, currentDepth + 1, maxDepth);
+
+            cleaned.put(cleanedKey, cleanedValue);
+        }
+
+        return cleaned;
+    }
+
+    /**
+     * 清理值
+     */
+    @SuppressWarnings("unchecked")
+    private static Object cleanValue(Object value, int currentDepth, int maxDepth) {
+        if (value == null) {
+            return null;
+        }
+
+        if (value instanceof Map) {
+            return cleanNestedData((Map<String, Object>) value, currentDepth, maxDepth);
+        } else if (value instanceof List) {
+            List<Object> cleanedList = new ArrayList<>();
+            for (Object item : (List<?>) value) {
+                cleanedList.add(cleanValue(item, currentDepth + 1, maxDepth));
+            }
+            return cleanedList;
+        } else if (value instanceof String) {
+            return ((String) value).trim();
+        }
+
+        return value;
+    }
+
+    public static void main(String[] args) {
+        // 测试复杂的嵌套JSON
+        String complexJson = "{\"source\":\"portrait\",\"uuid\":\"1a26ac6e-2d77-4ada-b560-1abbcae1de98\",\"host\":{\"cpuConcurrency\":8,\"fonts\":[\"Rockwell\",\"Calibri\",\"Gadugi\",\"Leelawadee UI\",\"Bahnschrift\",\"DengXian\",\"Roboto\",\"DejaVu Sans Mono\",\"Open Sans\",\"Source Han Serif CN\"],\"hasUnity\":false,\"language\":\"zh-CN\",\"memory\":0,\"os\":\"Windows 10.0\",\"render\":\"ANGLE (Intel, Intel(R) UHD Graphics 620 Direct3D9Ex vs_3_0 ps_3_0, igdumdim32.dll-30.0.101.1338)\",\"screenResolution\":[1366,768],\"timezone\":\"Asia/Shanghai\",\"touchSupport\":true},\"network\":{\"externalIP\":{\"ip\":\"60.190.198.14\"},\"internalIP\":{\"ip\":\"\"},\"realIP\":{\"ip\":\"60.190.198.14\"}},\"browser\":{\"arch\":\"\",\"bitness\":\"\",\"canvasFingerprint\":\"7031cc506eaded347eb1b596677ec7be\",\"canvas_fp\":\"7031cc506eaded347eb1b596677ec7be\",\"canvas_fp2\":\"7031cc506eaded347eb1b596677ec7be\",\"chrome_ext\":[\"Google Office\"],\"fp2\":\"559732dbe9bafced9536c77a6c020f88\",\"is_private\":false,\"mobile\":false,\"model\":\"\",\"name\":\"Chrome\",\"os\":\"Windows 10.0\",\"tid\":\"s:16951889730ae4d6af8-b3b4b-5ede70.22c7306819e72dd14e3e5c5644e49ed42a44d857ca55f6df0acd0460f510f15f\",\"version\":\"94.0.4606.71\",\"versionNumber\":94,\"webgl_fp\":\"487f7b22f68312d2c1bbc93b1aea445b\",\"webgl_fp2\":\"487f7b22f68312d2c1bbc93b1aea445b\"},\"social\":{},\"extra\":{\"version\":\"1.1\"},\"node\":\"AQSE\"}";
+
+            //String complexJson ="{\"sn\":\"8cf9a388-578e-4b30-ac4b-098a46dde642\",\"name\":\"茂名市住房和城乡建设局蜜罐探针\",\"send\":true,\"host\":\"172.25.142.16\",\"type\":\"agent_connect\",\"event_type_display_name\":{\"en\":\"Agent Connect Event\",\"cn\":\"探针连接建立\"},\"node\":\"WRx3\"}";
+        // 测试有问题的嵌套JSON
+        String problematicJson = "{\"source\":\"portrait\",\"uuid\":\"1a26ac6e-2d77-4ada-b560-1abbcae1de98\",\"host\":{\"cpuConcurrency\":8,\"fonts\":[\"Rockwell\",\"Calibri\",\"Gadugi\",\"Leelawadee UI\",\"Bahnschrift\",\"DengXian\",\"Roboto\",\"DejaVu Sans Mono\",\"Open Sans\",\"Source Han Serif CN\"],\"hasUnity\":false,\"language\":\"zh-CN\",\"memory\":0,\"os\":\"Windows 10.0\",\"render\":\"ANGLE (Intel, Intel(R) UHD Graphics 620 Direct3D9Ex vs_3_0 ps_3_0, igdumdim32.dll-30.0.101.1338)\",\"screenResolution\":[1366,768],\"timezone\":\"Asia/Shanghai\",\"touchSupport\":true},\"network\":{\"externalIP\":{\"ip\":\"60.190.198.14\"},\"internalIP\":{\"ip\":\"\"},\"realIP\":{\"ip\":\"60.190.198.14\"}},\"browser\":{\"arch\":\"\",\"bitness\":\"\",\"canvasFingerprint\":\"7031cc506eaded347eb1b596677ec7be\",\"canvas_fp\":\"7031cc506eaded347eb1b596677ec7be\",\"canvas_fp2\":\"7031cc506eaded347eb1b596677ec7be\",\"chrome_ext\":[\"Google Office\"],\"fp2\":\"559732dbe9bafced9536c77a6c020f88\",\"is_private\":false,\"mobile\":false,\"model\":\"\",\"name\":\"Chrome\",\"os\":\"Windows 10.0\",\"tid\":\"s:16951889730ae4d6af8-b3b4b-5ede70.22c7306819e72dd14e3e5c5644e49ed42a44d857ca55f6df0acd0460f510f15f\",\"version\":\"94.0.4606.71\",\"versionNumber\":94,\"webgl_fp\":\"487f7b22f68312d2c1bbc93b1aea445b\",\"webgl_fp2\":\"487f7b22f68312d2c1bbc93b1aea445b\"},\"social\":{},\"extra\":{\"version\":\"1.1\"},\"node\":\"AQSE\"}";
+
+        // 测试解析
+        System.out.println("=== 正常嵌套JSON解析 ===");
+        LinkedHashMap<String, Object> result1 = NestedJsonParserUtil.safeParseJson(complexJson);
+        System.out.println("解析结果: " + result1);
+
+        System.out.println("\\n=== 有问题嵌套JSON解析 ===");
+        LinkedHashMap<String, Object> result2 = NestedJsonParserUtil.safeParseJson(problematicJson);
+        System.out.println("解析结果: " + result2);
+
+        /**
+        System.out.println("\\n=== 嵌套值获取 ===");
+        String userName = NestedJsonUtils.getNestedString(result1, "user.name");
+        Integer userAge = NestedJsonUtils.getNestedInteger(result1, "user.profile.age");
+        String city = NestedJsonUtils.getNestedString(result1, "user.profile.address.city");
+
+        System.out.println("用户名: " + userName);
+        System.out.println("年龄: " + userAge);
+        System.out.println("城市: " + city);
+         **/
+        System.out.println("\\n=== 扁平化处理 ===");
+
+        LinkedHashMap<String, Object> flattened = NestedJsonUtils.flattenNestedJson(result1);
+        System.out.println("扁平化结果: " + flattened);
+
+    }
+
+
+}
\ No newline at end of file
diff --git a/haobang-security-xdr/syslog-consumer/src/main/java/com/common/util/NestedJsonUtils.java b/haobang-security-xdr/syslog-consumer/src/main/java/com/common/util/NestedJsonUtils.java
new file mode 100644
index 0000000..13061a9
--- /dev/null
+++ b/haobang-security-xdr/syslog-consumer/src/main/java/com/common/util/NestedJsonUtils.java
@@ -0,0 +1,169 @@
+package com.common.util;
+import com.fasterxml.jackson.core.JsonProcessingException;
+import com.fasterxml.jackson.core.type.TypeReference;
+import com.fasterxml.jackson.databind.ObjectMapper;
+import com.fasterxml.jackson.databind.DeserializationFeature;
+import com.fasterxml.jackson.databind.JsonNode;
+import com.fasterxml.jackson.core.JsonParser;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+import java.util.*;
+import java.util.regex.Pattern;
+import java.util.regex.Matcher;
+
+/**
+ * 嵌套JSON专门处理工具
+ */
+public class NestedJsonUtils {
+
+    private static final Logger logger = LoggerFactory.getLogger(NestedJsonUtils.class);
+
+    /**
+     * 安全地获取嵌套值
+     */
+    public static Object getNestedValue(Map<String, Object> data, String path) {
+        return getNestedValue(data, path, null);
+    }
+
+    /**
+     * 安全地获取嵌套值（带默认值）
+     */
+    @SuppressWarnings("unchecked")
+    public static Object getNestedValue(Map<String, Object> data, String path, Object defaultValue) {
+        if (data == null || path == null || path.trim().isEmpty()) {
+            return defaultValue;
+        }
+
+        String[] keys = path.split("\\.");
+        Object current = data;
+
+        for (String key : keys) {
+            if (current instanceof Map) {
+                current = ((Map<String, Object>) current).get(key);
+            } else {
+                return defaultValue;
+            }
+
+            if (current == null) {
+                return defaultValue;
+            }
+        }
+
+        return current != null ? current : defaultValue;
+    }
+
+    /**
+     * 安全地获取嵌套字符串
+     */
+    public static String getNestedString(Map<String, Object> data, String path) {
+        return getNestedString(data, path, null);
+    }
+
+    public static String getNestedString(Map<String, Object> data, String path, String defaultValue) {
+        Object value = getNestedValue(data, path, defaultValue);
+        return value != null ? value.toString() : defaultValue;
+    }
+
+    /**
+     * 安全地获取嵌套整数
+     */
+    public static Integer getNestedInteger(Map<String, Object> data, String path) {
+        return getNestedInteger(data, path, null);
+    }
+
+    public static Integer getNestedInteger(Map<String, Object> data, String path, Integer defaultValue) {
+        Object value = getNestedValue(data, path, defaultValue);
+
+        if (value instanceof Integer) {
+            return (Integer) value;
+        } else if (value instanceof String) {
+            try {
+                return Integer.parseInt((String) value);
+            } catch (NumberFormatException e) {
+                logger.warn("无法将值转换为整数: {}", value);
+                return defaultValue;
+            }
+        } else if (value instanceof Number) {
+            return ((Number) value).intValue();
+        }
+
+        return defaultValue;
+    }
+
+    /**
+     * 安全地获取嵌套Map
+     */
+    @SuppressWarnings("unchecked")
+    public static Map<String, Object> getNestedMap(Map<String, Object> data, String path) {
+        Object value = getNestedValue(data, path, Collections.emptyMap());
+
+        if (value instanceof Map) {
+            return (Map<String, Object>) value;
+        }
+
+        return Collections.emptyMap();
+    }
+
+    /**
+     * 安全地获取嵌套列表
+     */
+    @SuppressWarnings("unchecked")
+    public static List<Object> getNestedList(Map<String, Object> data, String path) {
+        Object value = getNestedValue(data, path, Collections.emptyList());
+
+        if (value instanceof List) {
+            return (List<Object>) value;
+        }
+
+        return Collections.emptyList();
+    }
+
+    /**
+     * 扁平化嵌套JSON
+     */
+    public static LinkedHashMap<String, Object> flattenNestedJson(LinkedHashMap<String, Object> data) {
+        return flattenNestedJson(data, null);
+    }
+
+    /**
+     * 扁平化嵌套JSON（带前缀）
+     */
+    @SuppressWarnings("unchecked")
+    public static LinkedHashMap<String, Object> flattenNestedJson(Map<String, Object> data, String prefix) {
+        LinkedHashMap<String, Object> flattened = new LinkedHashMap<>();
+        String currentPrefix = prefix != null ? prefix + "." : "";
+
+        for (Map.Entry<String, Object> entry : data.entrySet()) {
+            String key = entry.getKey();
+            Object value = entry.getValue();
+            String fullKey = currentPrefix + key;
+
+            if (value instanceof Map) {
+                flattened.putAll(flattenNestedJson((Map<String, Object>) value, fullKey));
+            } else if (value instanceof List) {
+                // 处理列表，可以按索引展开或保持为列表
+                flattened.put(fullKey, value);
+            } else {
+                flattened.put(fullKey, value);
+            }
+        }
+
+        return flattened;
+    }
+
+    /**
+     * 验证嵌套JSON结构
+     */
+    public static boolean validateNestedStructure(Map<String, Object> data, String schema) {
+
+        // 项目中可以使用JSON Schema验证库
+        try {
+            // 这里可以实现自定义的结构验证逻辑
+            return data != null && !data.isEmpty();
+        } catch (Exception e) {
+            logger.error("嵌套结构验证失败", e);
+            return false;
+        }
+    }
+}
diff --git a/haobang-security-xdr/syslog-consumer/src/main/java/com/common/util/RegexTextParser.java b/haobang-security-xdr/syslog-consumer/src/main/java/com/common/util/RegexTextParser.java
new file mode 100644
index 0000000..0532920
--- /dev/null
+++ b/haobang-security-xdr/syslog-consumer/src/main/java/com/common/util/RegexTextParser.java
@@ -0,0 +1,204 @@
+package com.common.util;
+
+import org.springframework.stereotype.Component;
+import java.util.LinkedHashMap;
+import java.util.regex.Matcher;
+import java.util.regex.Pattern;
+
+/**
+ * 正则表达式文本解析工具类
+ */
+@Component
+public class RegexTextParser {
+
+    /**
+     * 使用正则表达式解析文本数据
+     * @param text 原始文本
+     * @param regex 正则表达式（必须包含捕获组）
+     * @return LinkedHashMap对象，key为序号字符串，value为实际值
+     */
+    public static LinkedHashMap<String, Object> parseWithRegex(String text, String regex) {
+        LinkedHashMap<String, Object> resultMap = new LinkedHashMap<>();
+
+        if (text == null || text.trim().isEmpty()) {
+            return resultMap;
+        }
+
+        if (regex == null || regex.isEmpty()) {
+            throw new IllegalArgumentException("正则表达式不能为空");
+        }
+
+        try {
+            Pattern pattern = Pattern.compile(regex);
+            Matcher matcher = pattern.matcher(text);
+
+            if (matcher.find()) {
+                // 获取所有捕获组（从group(1)开始，group(0)是整个匹配）
+                int groupCount = matcher.groupCount();
+
+                if (groupCount == 0) {
+                    // 如果没有捕获组，将整个匹配作为第一个元素
+                    resultMap.put("1", matcher.group(0));
+                } else {
+                    // 遍历所有捕获组
+                    for (int i = 1; i <= groupCount; i++) {
+                        String value = matcher.group(i);
+                        resultMap.put(String.valueOf(i), value != null ? value.trim() : "");
+                    }
+                }
+            }
+
+            return resultMap;
+
+        } catch (Exception e) {
+            throw new RuntimeException("正则表达式解析失败: " + e.getMessage(), e);
+        }
+    }
+
+    /**
+     * 使用正则表达式解析文本数据（支持多次匹配）
+     * @param text 原始文本
+     * @param regex 正则表达式
+     * @param matchAll 是否匹配所有结果
+     * @return LinkedHashMap对象，key为匹配序号，value为实际值
+     */
+    public static LinkedHashMap<String, Object> parseWithRegex(String text, String regex, boolean matchAll) {
+        LinkedHashMap<String, Object> resultMap = new LinkedHashMap<>();
+
+        if (text == null || text.trim().isEmpty()) {
+            return resultMap;
+        }
+
+        if (regex == null || regex.isEmpty()) {
+            throw new IllegalArgumentException("正则表达式不能为空");
+        }
+
+        if (!matchAll) {
+            return parseWithRegex(text, regex);
+        }
+
+        try {
+            Pattern pattern = Pattern.compile(regex);
+            Matcher matcher = pattern.matcher(text);
+
+            int matchCount = 0;
+            while (matcher.find()) {
+                matchCount++;
+                int groupCount = matcher.groupCount();
+
+                if (groupCount == 0) {
+                    // 如果没有捕获组，将整个匹配作为一个元素
+                    resultMap.put(String.valueOf(matchCount), matcher.group(0));
+                } else {
+                    // 对于每个匹配，将捕获组按顺序存储
+                    for (int i = 1; i <= groupCount; i++) {
+                        String key = matchCount + "_" + i; // 格式：匹配序号_组号
+                        String value = matcher.group(i);
+                        resultMap.put(key, value != null ? value.trim() : "");
+                    }
+                }
+            }
+
+            return resultMap;
+
+        } catch (Exception e) {
+            throw new RuntimeException("正则表达式解析失败: " + e.getMessage(), e);
+        }
+    }
+
+    /**
+     * 使用正则表达式解析文本数据（带类型转换）
+     * @param text 原始文本
+     * @param regex 正则表达式
+     * @param valueType 值类型
+     * @return LinkedHashMap对象
+     */
+    public static LinkedHashMap<String, Object> parseWithRegex(String text, String regex, ValueType valueType) {
+        LinkedHashMap<String, Object> resultMap = parseWithRegex(text, regex);
+
+        // 应用类型转换
+        resultMap.replaceAll((key, value) -> convertValue(value.toString(), valueType));
+
+        return resultMap;
+    }
+
+    /**
+     * 使用正则表达式分割文本（类似String.split但返回LinkedHashMap）
+     * @param text 原始文本
+     * @param regex 分割正则表达式
+     * @return LinkedHashMap对象
+     */
+    public static LinkedHashMap<String, Object> splitWithRegex(String text, String regex) {
+        LinkedHashMap<String, Object> resultMap = new LinkedHashMap<>();
+
+        if (text == null || text.trim().isEmpty()) {
+            return resultMap;
+        }
+
+        if (regex == null || regex.isEmpty()) {
+            throw new IllegalArgumentException("分割正则表达式不能为空");
+        }
+
+        try {
+            String[] parts = text.split(regex, -1); // 使用-1保留空字符串
+
+            for (int i = 0; i < parts.length; i++) {
+                resultMap.put(String.valueOf(i + 1), parts[i].trim());
+            }
+
+            return resultMap;
+
+        } catch (Exception e) {
+            throw new RuntimeException("正则表达式分割失败: " + e.getMessage(), e);
+        }
+    }
+
+    /**
+     * 提取引号内的内容（专用方法，处理示例中的情况）
+     * @param text 原始文本
+     * @return LinkedHashMap对象
+     */
+    public static LinkedHashMap<String, Object> extractQuotedContent(String text) {
+        // 正则表达式匹配双引号内的内容，忽略转义引号
+        String regex = "\"([^\"]*)\"";
+        return parseWithRegex(text, regex, true);
+    }
+
+    /**
+     * 值类型枚举
+     */
+    public enum ValueType {
+        STRING, INTEGER, LONG, DOUBLE, BOOLEAN, DATE
+    }
+
+    /**
+     * 值类型转换
+     */
+    private static Object convertValue(String value, ValueType valueType) {
+        if (value == null || value.isEmpty()) {
+            return null;
+        }
+
+        try {
+            switch (valueType) {
+                case INTEGER:
+                    return Integer.parseInt(value);
+                case LONG:
+                    return Long.parseLong(value);
+                case DOUBLE:
+                    return Double.parseDouble(value);
+                case BOOLEAN:
+                    return Boolean.parseBoolean(value) || "1".equals(value) || "true".equalsIgnoreCase(value);
+                case DATE:
+                    // 简单日期解析，实际项目中可以使用DateTimeFormatter
+                    return java.sql.Timestamp.valueOf(value);
+                case STRING:
+                default:
+                    return value;
+            }
+        } catch (Exception e) {
+            // 转换失败时返回原始字符串
+            return value;
+        }
+    }
+}
\ No newline at end of file
diff --git a/haobang-security-xdr/syslog-consumer/src/main/java/com/common/util/SpringContextUtil.java b/haobang-security-xdr/syslog-consumer/src/main/java/com/common/util/SpringContextUtil.java
new file mode 100644
index 0000000..b4c98ab
--- /dev/null
+++ b/haobang-security-xdr/syslog-consumer/src/main/java/com/common/util/SpringContextUtil.java
@@ -0,0 +1,34 @@
+package com.common.util;
+
+import org.springframework.beans.BeansException;
+import org.springframework.context.ApplicationContext;
+import org.springframework.context.ApplicationContextAware;
+import org.springframework.stereotype.Component;
+
+@Component
+public class SpringContextUtil implements ApplicationContextAware {
+
+    private static ApplicationContext applicationContext;
+
+    @Override
+    public void setApplicationContext(ApplicationContext applicationContext) throws BeansException {
+        SpringContextUtil.applicationContext = applicationContext;
+    }
+
+    public static ApplicationContext getApplicationContext() {
+        return applicationContext;
+    }
+
+    public static <T> T getBean(Class<T> clazz) {
+        return applicationContext.getBean(clazz);
+    }
+
+    public static <T> T getBean(String name, Class<T> clazz) {
+        return applicationContext.getBean(name, clazz);
+    }
+
+    // 专门获取 Mapper 的方法
+    public static <T> T getMapper(Class<T> mapperClass) {
+        return applicationContext.getBean(mapperClass);
+    }
+}
\ No newline at end of file
diff --git a/haobang-security-xdr/syslog-consumer/src/main/java/com/common/util/StringExtractorUtil.java b/haobang-security-xdr/syslog-consumer/src/main/java/com/common/util/StringExtractorUtil.java
new file mode 100644
index 0000000..beb969f
--- /dev/null
+++ b/haobang-security-xdr/syslog-consumer/src/main/java/com/common/util/StringExtractorUtil.java
@@ -0,0 +1,285 @@
+package com.common.util;
+
+public class StringExtractorUtil {
+
+    /**
+     * 简化的字符串截取方法
+     * @param text 原始文本
+     * @param startChar 开始字符
+     * @param startOffset 开始偏移量（负数表示向前）
+     * @param endChar 结束字符
+     * @param endOccurrence 结束字符第几次出现
+     * @return 截取的字符串
+     */
+    public static String extract(String text, char startChar, int startOffset,
+                                 char endChar, int endOccurrence) {
+        if (text == null) return "";
+
+        int startIndex = text.indexOf(startChar);
+        if (startIndex == -1) return "";
+
+        // 计算实际开始位置
+        int actualStart = Math.max(0, startIndex + startOffset);
+        if (actualStart >= text.length()) return "";
+
+        // 查找结束字符
+        int currentIndex = actualStart;
+        int count = 0;
+
+        while (currentIndex < text.length()) {
+            if (text.charAt(currentIndex) == endChar) {
+                count++;
+                if (count == endOccurrence) {
+                    return text.substring(actualStart, currentIndex);
+                }
+            }
+            currentIndex++;
+        }
+        return ""; // 未找到足够的结束字符
+    }
+    /**
+     * 从文本中截取字符串，从指定起始字符串的第0位开始，直到文本末尾
+     * @param text 原始文本
+     * @param startString 起始字符串
+     * @return 截取后的字符串，如果起始字符串不存在则返回空字符串
+     */
+    public static String extractFromStartToEnd(String text, String startString) {
+        if (text == null || startString == null) {
+            return "";
+        }
+
+        // 查找起始字符串的位置
+        int startIndex = text.indexOf(startString);
+        if (startIndex == -1) {
+            return ""; // 起始字符串不存在
+        }
+
+        // 从起始字符串的第0位开始截取到文本末尾
+        return text.substring(startIndex);
+    }
+
+    /**
+     * 从文本中截取字符串，从指定起始字符串的指定位置开始，直到文本末尾
+     * @param text 原始文本
+     * @param startString 起始字符串
+     * @param startOffset 起始偏移量（从起始字符串开始计算）
+     * @return 截取后的字符串
+     */
+    public static String extractFromStartToEnd(String text, String startString, int startOffset) {
+        if (text == null || startString == null) {
+            return "";
+        }
+
+        int startIndex = text.indexOf(startString);
+        if (startIndex == -1) {
+            return "";
+        }
+
+        // 计算实际开始位置
+        int actualStartIndex = startIndex + startOffset;
+
+        // 确保开始位置在有效范围内
+        if (actualStartIndex < 0) {
+            actualStartIndex = 0;
+        } else if (actualStartIndex >= text.length()) {
+            return "";
+        }
+
+        return text.substring(actualStartIndex);
+    }
+
+    /**
+     * 从文本中截取字符串，从指定起始字符串开始，到指定结束字符串为止
+     * @param text 原始文本
+     * @param startString 起始字符串
+     * @param endString 结束字符串
+     * @return 截取后的字符串
+     */
+    public static String extractBetweenStrings(String text, String startString, String endString) {
+        if (text == null || startString == null || endString == null) {
+            return "";
+        }
+
+        int startIndex = text.indexOf(startString);
+        if (startIndex == -1) {
+            return "";
+        }
+
+        // 从起始字符串位置开始查找结束字符串
+        int endIndex = text.indexOf(endString, startIndex + startString.length());
+        if (endIndex == -1) {
+            // 如果找不到结束字符串，则截取到文本末尾
+            return text.substring(startIndex);
+        }
+
+        return text.substring(startIndex, endIndex + endString.length());
+    }
+
+    /**
+     * 高级版本：支持多个起始字符串选项和容错处理
+     * @param text 原始文本
+     * @param possibleStartStrings 可能的起始字符串数组（按优先级排序）
+     * @return 截取后的字符串
+     */
+    public static String extractWithFallback(String text, String[] possibleStartStrings) {
+        if (text == null || possibleStartStrings == null || possibleStartStrings.length == 0) {
+            return "";
+        }
+
+        // 尝试每个可能的起始字符串
+        for (String startString : possibleStartStrings) {
+            int startIndex = text.indexOf(startString);
+            if (startIndex != -1) {
+                return text.substring(startIndex);
+            }
+        }
+
+        return ""; // 所有起始字符串都不存在
+    }
+
+
+    /**
+     * 字符串截取方法
+     * @param text 原始文本
+     * @param startStr 开始字符串
+     * @param startOffset 开始偏移量（负数表示向前）
+     * @param endStr 结束字符串
+     * @param endOffset 结束偏移量（负数表示向前）
+     * @return 截取的字符串
+     */
+    public static String extract(String text, String startStr, int startOffset,
+                                 String endStr, int endOffset) {
+        if (text == null || text.isEmpty()) {
+            return "";
+        }
+
+        int startIndex = 0;
+        int endIndex = text.length();
+
+        // 处理开始位置
+        if (startStr != null && !startStr.isEmpty()) {
+            int foundStartIndex = text.indexOf(startStr);
+            if (foundStartIndex == -1) {
+                return ""; // 未找到开始字符串
+            }
+            startIndex = foundStartIndex + startStr.length() + startOffset;
+            startIndex = Math.max(0, Math.min(startIndex, text.length()));
+        } else {
+            // 没有开始字符串，直接使用偏移量
+            startIndex = Math.max(0, startOffset);
+            startIndex = Math.min(startIndex, text.length());
+        }
+
+        // 处理结束位置
+        if (endStr != null && !endStr.isEmpty()) {
+            int foundEndIndex = text.indexOf(endStr, startIndex);
+            if (foundEndIndex == -1) {
+                return ""; // 未找到结束字符串
+            }
+            endIndex = foundEndIndex + endOffset;
+            endIndex = Math.max(0, Math.min(endIndex, text.length()));
+        } else if (endOffset != 0) {
+            // 没有结束字符串但有结束偏移量
+            endIndex = startIndex + endOffset;
+            endIndex = Math.max(0, Math.min(endIndex, text.length()));
+        }
+        // 如果结束字符串为空且结束偏移量为0，则endIndex保持为文本长度（截取到最后）
+
+        // 验证位置有效性
+        if (startIndex >= endIndex || startIndex >= text.length()) {
+            return "";
+        }
+
+        return text.substring(startIndex, endIndex);
+    }
+
+    public static void main(String[] args) {
+        // 测试示例
+        String text = "这是一段前置文本，然后是我们需要的内容，这是后续文本。";
+        String startString = "然后";
+
+        System.out.println("=== 基本用法：从起始字符串第0位开始到文本末尾 ===");
+        String result1 = extractFromStartToEnd(text, startString);
+        System.out.println("结果1: " + result1);
+
+        System.out.println("\n=== 使用偏移量：从起始字符串第2位开始 ===");
+        String result2 = extractFromStartToEnd(text, startString, 2);
+        System.out.println("结果2: " + result2);
+
+        System.out.println("\n=== 在两个字符串之间截取 ===");
+        String result3 = extractBetweenStrings(text, "然后", "后续");
+        System.out.println("结果3: " + result3);
+
+        System.out.println("\n=== 使用多个可能的起始字符串 ===");
+        String[] startOptions = {"不存在的字符串", "然后", "这是"};
+        String result4 = extractWithFallback(text, startOptions);
+        System.out.println("结果4: " + result4);
+
+        System.out.println("\n=== 处理边界情况 ===");
+        // 测试起始字符串不存在的情况
+        String result5 = extractFromStartToEnd(text, "不存在的字符串");
+        System.out.println("起始字符串不存在: '" + result5 + "'");
+
+        // 测试空文本
+        String result6 = extractFromStartToEnd("", startString);
+        System.out.println("空文本: '" + result6 + "'");
+
+        // 测试实际应用场景
+        System.out.println("\n=== 实际应用示例 ===");
+        String logText = "2024-01-15 10:30:25 [INFO] User login successful. User ID: 12345, Session: abcdef";
+        String logStart = "[INFO]";
+
+        String logResult = extractFromStartToEnd(logText, logStart);
+        System.out.println("日志内容: " + logResult);
+
+        // 只提取消息部分（去掉日志级别）
+        String messageResult = extractFromStartToEnd(logText, logStart, logStart.length());
+        System.out.println("纯消息: " + messageResult.trim());
+    }
+
+
+
+    /**
+     * 简化的文本截取方法
+     * @param text 原始文本
+     * @param startString 起始字符串
+     * @return 从起始字符串开始到文本末尾的内容
+     */
+    public static String extract(String text, String startString) {
+        // 参数检查
+        if (text == null || startString == null) {
+            return "";
+        }
+
+        // 查找起始字符串
+        int startIndex = text.indexOf(startString);
+
+        // 如果找到起始字符串，则截取从该位置到末尾的内容
+        if (startIndex != -1) {
+            return text.substring(startIndex);
+        }
+
+        return ""; // 起始字符串不存在
+    }
+
+    public static void main22(String[] args) {
+        // 示例使用
+        String exampleText = "前置内容，这是起始点，这是我们需要的内容，继续到文本结束。";
+        String start = "这是起始点";
+
+        String result = extract(exampleText, start);
+        System.out.println("截取结果: " + result);
+
+        // 如果起始字符串不存在
+        String noResult = extract(exampleText, "不存在的字符串");
+        System.out.println("起始不存在: '" + noResult + "'");
+
+        String example = "前置文本{这是要截取的内容}后置文本";
+
+        // 从 { 前1位开始，到第一个 } 结束
+      //  String result = extract(example, '{', 0, '}', 0);
+        //System.out.println("截取结果: " + result); // 输出: 前置文本{
+    }
+
+
+}
\ No newline at end of file
diff --git a/haobang-security-xdr/syslog-consumer/src/main/java/com/common/util/SyslogParser.java b/haobang-security-xdr/syslog-consumer/src/main/java/com/common/util/SyslogParser.java
new file mode 100644
index 0000000..b27c9cf
--- /dev/null
+++ b/haobang-security-xdr/syslog-consumer/src/main/java/com/common/util/SyslogParser.java
@@ -0,0 +1,355 @@
+package com.common.util;
+
+import java.time.LocalDateTime;
+import java.time.OffsetDateTime;
+import java.time.ZoneOffset;
+import java.time.format.DateTimeFormatter;
+import java.time.format.DateTimeParseException;
+import java.util.HashMap;
+import java.util.Map;
+import java.util.regex.Matcher;
+import java.util.regex.Pattern;
+import com.common.entity.SyslogMessage;
+import com.common.entity.RFC3164Message;
+import com.common.entity.RFC5424Message;
+import com.influx.SyslogToInfluxApp;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import java.util.*;
+import com.fasterxml.jackson.databind.ObjectMapper;
+import com.fasterxml.jackson.core.JsonProcessingException;
+import java.util.Locale;
+
+public class SyslogParser {
+    private static final Logger logger = LoggerFactory.getLogger(SyslogToInfluxApp.class);
+    // RFC 5424 正则表达式
+    private static final Pattern RFC5424_PATTERN = Pattern.compile(
+            "^<(?<pri>\\d{1,3})>(?<version>\\d+) " +
+                    "(?<timestamp>\\S+) " +
+                    "(?<host>\\S+) " +
+                    "(?<app>\\S+) " +
+                    "(?<pid>\\S+) " +
+                    "(?<msgid>\\S+) " +
+                    "(?<sd>(?:-|\\[.*\\]))" +
+                    "(?: (?<message>.+))?$"
+    );
+
+    // RFC 3164 正则表达式
+    private static final Pattern RFC3164_PATTERN = Pattern.compile(
+            "^<(?<pri>\\d{1,3})>" +
+                    "(?<timestamp>[A-Z][a-z]{2}\\s+\\d{1,2}\\s+\\d{2}:\\d{2}:\\d{2}) " +
+                    "(?<host>\\S+) " +
+                    "(?<content>.+)$"
+    );
+
+    // RFC 3164 时间戳格式
+    private static final DateTimeFormatter RFC3164_FORMATTER =
+            DateTimeFormatter.ofPattern("MMM dd HH:mm:ss");
+
+    /**
+     * 解析 Syslog 消息，自动检测格式
+     */
+    public static SyslogMessage parse(String logLine) {
+        if (logLine == null || logLine.trim().isEmpty()) {
+            throw new IllegalArgumentException("Log line cannot be null or empty");
+        }
+        // 尝试解析为 RFC 5424 格式
+        try {
+            RFC5424Message msg5424 = parseRFC5424(logLine);
+            if (msg5424 != null) {
+                return msg5424;
+            }
+        } catch (Exception e) {
+            // 继续尝试 RFC 3164
+        }
+
+        // 尝试解析为 RFC 3164 格式
+        try {
+            RFC3164Message msg3164 = parseRFC3164(logLine);
+            if (msg3164 != null) {
+                return msg3164;
+            }
+        } catch (Exception e) {
+            // 解析失败
+        }
+        // 解析非标数据格式，提取字符【{】自后的内容
+        try {
+            String  content   = extractJsonStringNew(logLine);
+            RFC5424Message msgClass  =new RFC5424Message();
+            if (content != null) {
+                msgClass.setMessage(content.toString());
+                return msgClass;
+            }
+        } catch (Exception e) {
+            // 解析失败
+        }
+        throw new IllegalArgumentException("Unable to parse syslog message: " + logLine);
+    }
+
+    /**
+     * 解析 RFC 5424 格式
+     */
+    public static RFC5424Message parseRFC5424(String logLine) {
+        Matcher matcher = RFC5424_PATTERN.matcher(logLine);
+        if (!matcher.find()) {
+            return null;
+        }
+        RFC5424Message message = new RFC5424Message();
+        // 解析优先级
+        int pri = Integer.parseInt(matcher.group("pri"));
+        message.setPriority(pri);
+
+        // 解析版本
+        message.setVersion(Integer.parseInt(matcher.group("version")));
+
+        // 解析时间戳 (RFC 3339 格式)
+        String timestampStr = matcher.group("timestamp");
+        try {
+            message.setTimestamp(OffsetDateTime.parse(timestampStr));
+        } catch (DateTimeParseException e) {
+            throw new IllegalArgumentException("Invalid RFC5424 timestamp: " + timestampStr, e);
+        }
+        // 解析其他字段
+        message.setHostname(matcher.group("host"));
+        message.setAppName(matcher.group("app"));
+        message.setProcId(matcher.group("pid"));
+        message.setMsgId(matcher.group("msgid"));
+
+        // 解析结构化数据
+        String sd = matcher.group("sd");
+        if (!"-".equals(sd)) {
+            message.setStructuredData(parseStructuredData(sd));
+        }
+        // 解析消息内容
+        String msg = matcher.group("message");
+        if (msg != null) {
+            message.setMessage(msg.trim());
+        }
+        return message;
+    }
+
+    /**
+     * 解析 RFC 3164 格式
+     */
+    public static RFC3164Message parseRFC3164(String logLine) {
+        Matcher matcher = RFC3164_PATTERN.matcher(logLine);
+        if (!matcher.find()) {
+            return null;
+        }
+
+        RFC3164Message message = new RFC3164Message();
+
+        // 解析优先级
+        int pri = Integer.parseInt(matcher.group("pri"));
+        message.setPriority(pri);
+
+        // 解析时间戳 (需要特殊处理，因为没有年份)
+        String timestampStr = matcher.group("timestamp");
+        message.setTimestamp(parseRFC3164Timestamp(timestampStr));
+
+        // 解析主机名
+        message.setHostname(matcher.group("host"));
+
+        // 解析内容和标签
+        String content = matcher.group("content");
+        parseRFC3164Content(content, message);
+
+        return message;
+    }
+
+    /**
+     * 解析 RFC 3164 时间戳
+     */
+    private static OffsetDateTime parseRFC3164Timestamp(String timestampStr) {
+        try {
+            // 添加当前年份，因为 RFC3164 时间戳不包含年份
+            String currentYear = String.valueOf(java.time.Year.now().getValue());
+            String fullTimestamp = currentYear + " " + timestampStr;
+
+            DateTimeFormatter formatter = DateTimeFormatter.ofPattern("yyyy MMM dd HH:mm:ss", Locale.US);
+            LocalDateTime localDateTime = LocalDateTime.parse(fullTimestamp, formatter);
+           // DateTimeFormatter formatter = DateTimeFormatter.ofPattern("yyyy MMM dd HH:mm:ss", Locale.US);
+
+            // 假设为系统默认时区
+            return localDateTime.atOffset(ZoneOffset.systemDefault().getRules().getOffset(localDateTime));
+        } catch (DateTimeParseException e) {
+            throw new IllegalArgumentException("Invalid RFC3164 timestamp: " + timestampStr, e);
+        }
+    }
+
+    /**
+     * 解析 RFC 3164 内容部分
+     */
+    private static void parseRFC3164Content(String content, RFC3164Message message) {
+        // 尝试匹配标签格式: app[pid]:
+        Pattern tagPattern = Pattern.compile("^(?<tag>\\S+?)(?:\\[(?<pid>\\d+)\\])?:\\s*(?<message>.*)$");
+        Matcher tagMatcher = tagPattern.matcher(content);
+
+        if (tagMatcher.find()) {
+            message.setTag(tagMatcher.group("tag"));
+            String pid = tagMatcher.group("pid");
+            if (pid != null) {
+                message.setProcId(pid);
+            }
+            message.setMessage(tagMatcher.group("message").trim());
+        } else {
+            // 如果没有标签格式，整个内容作为消息
+            message.setTag("");
+            message.setMessage(content.trim());
+        }
+
+        // 对于 RFC3164，appName 通常与 tag 相同
+        message.setAppName(message.getTag());
+    }
+
+    /**
+     * 解析结构化数据
+     */
+    private static Map<String, Map<String, String>> parseStructuredData(String sd) {
+        Map<String, Map<String, String>> structuredData = new HashMap<>();
+
+        // 简单的结构化数据解析，实际应用可能需要更复杂的解析
+        Pattern sdPattern = Pattern.compile("\\[(?<id>[^\\]]+)\\]");
+        Pattern paramPattern = Pattern.compile("(?<key>[^=\\s]+)=\"(?<value>[^\"]*)\"");
+
+        Matcher sdMatcher = sdPattern.matcher(sd);
+        while (sdMatcher.find()) {
+            String sdElement = sdMatcher.group("id");
+            Map<String, String> params = new HashMap<>();
+
+            Matcher paramMatcher = paramPattern.matcher(sdElement);
+            while (paramMatcher.find()) {
+                params.put(paramMatcher.group("key"), paramMatcher.group("value"));
+            }
+            // 使用第一个参数作为键，或者生成一个键
+            String key = params.containsKey("sdId") ? params.get("sdId") :
+                    "element" + structuredData.size();
+            structuredData.put(key, params);
+        }
+        return structuredData;
+    }
+
+
+    /**
+     * 提取 JSON 字符串（不解析）
+     */
+    public static Optional<String> extractJsonString(String syslogMessage) {
+        try {
+            if (syslogMessage == null) return Optional.empty();
+
+            int jsonStart = syslogMessage.indexOf('{');
+            if (jsonStart == -1) return Optional.empty();
+            return Optional.of(syslogMessage.substring(jsonStart));
+        } catch (Exception e) {
+            return Optional.empty();
+        }
+    }
+
+    /**
+     * 提取 JSON 字符串（不解析）
+     */
+    public static String  extractJsonStringNew (String syslogMessage) {
+        try {
+            if (syslogMessage == null) return "";
+
+            int jsonStart = syslogMessage.indexOf('{');
+            if (jsonStart == -1) return "";
+
+            return  syslogMessage.substring(jsonStart);
+        } catch (Exception e) {
+            return "";
+        }
+    }
+
+    /**
+     * 截取字符串中第一个 ']' 之后的所有内容
+     *
+     * @param text 原始字符串
+     * @return 第一个 ']' 之后的内容，如果没有 ']' 则返回空字符串
+     */
+    public static String substringAfterFirstCloseBracket(String text) {
+        if (text == null) {
+            return "";
+        }
+
+        int closeBracketIndex = text.indexOf(']');
+
+        if (closeBracketIndex == -1) {
+            return ""; // 没有找到 ']'，返回空字符串
+        }
+
+        // 返回 ']' 之后的内容（+1 是为了跳过 ']' 本身）
+        return text.substring(closeBracketIndex + 1);
+    }
+
+    /**
+     * 截取字符串中第一个指定字符之前的所有内容
+     *
+     * @param text 原始字符串
+     * @param delimiterChar 分隔字符
+     * @return 分隔字符之前的内容
+     */
+    public static String substringBeforeFirstChar(String text, char delimiterChar) {
+        if (text == null) {
+            return "";
+        }
+
+        int delimiterIndex = text.indexOf(delimiterChar);
+
+        if (delimiterIndex == -1) {
+            return text;
+        }
+        return text.substring(0, delimiterIndex+1);
+    }
+
+    /**
+     * 从文本中提取第一个 [] 包裹的键值对字符串并转换为 Map
+     *
+     * @param text 包含键值对的原始文本
+     * @return 包含键值对的 Map
+     * @throws IllegalArgumentException 如果格式不正确
+     */
+    public static Map<String, String> parseKeyValuePairs(String text) {
+        if (text == null || text.trim().isEmpty()) {
+            throw new IllegalArgumentException("Input text cannot be null or empty");
+        }
+
+        // 查找第一个 [ 和对应的 ]
+        int start = text.indexOf('[');
+        int end = text.indexOf(']', start + 1);
+
+        if (start == -1 || end == -1) {
+            throw new IllegalArgumentException("No valid [] pair found in text");
+        }
+
+        // 提取 [] 内的内容
+        String content = text.substring(start + 1, end).trim();
+        if (content.isEmpty()) {
+            return new HashMap<>(); // 返回空Map
+        }
+
+        // 分割键值对
+        String[] pairs = content.split("\\s+");
+        Map<String, String> result = new HashMap<>();
+
+        for (String pair : pairs) {
+            // 分割键和值
+            int equalSign = pair.indexOf('=');
+            if (equalSign == -1) {
+                throw new IllegalArgumentException("Invalid key-value pair format: " + pair);
+            }
+
+            String key = pair.substring(0, equalSign).trim();
+            String value = pair.substring(equalSign + 1).trim();
+
+            if (key.isEmpty()) {
+                throw new IllegalArgumentException("Key cannot be empty in pair: " + pair);
+            }
+
+            result.put(key, value);
+        }
+
+        return result;
+    }
+}
+
diff --git a/haobang-security-xdr/syslog-consumer/src/main/java/com/common/util/TextParserUtil.java b/haobang-security-xdr/syslog-consumer/src/main/java/com/common/util/TextParserUtil.java
new file mode 100644
index 0000000..9cc7ff5
--- /dev/null
+++ b/haobang-security-xdr/syslog-consumer/src/main/java/com/common/util/TextParserUtil.java
@@ -0,0 +1,115 @@
+package com.common.util;
+
+
+import org.springframework.stereotype.Component;
+import java.util.LinkedHashMap;
+import java.util.Map;
+
+/**
+ * 分隔符文本解析工具类
+ */
+@Component
+public class TextParserUtil {
+
+    /**
+     * 解析分隔符类型的文本数据
+     * @param text 原始文本
+     * @param sepKey 分隔符（字符或字符串）
+     * @return LinkedHashMap对象，key为序号字符串，value为实际值
+     */
+    public static LinkedHashMap<String, Object> parseSeparatedText(String text, String sepKey) {
+        LinkedHashMap<String, Object> resultMap = new LinkedHashMap<>();
+
+        if (text == null || text.trim().isEmpty()) {
+            return resultMap;
+        }
+
+        if (sepKey == null || sepKey.isEmpty()) {
+            // 如果分隔符为空，将整个文本作为第一个元素
+            resultMap.put("1", text.trim());
+            return resultMap;
+        }
+
+        // 使用分隔符分割文本
+        String[] parts = text.split(sepKey, -1); // 使用-1保留空字符串
+
+        // 将分割后的部分放入LinkedHashMap，键为字符串形式的序号
+        for (int i = 0; i < parts.length; i++) {
+            resultMap.put(String.valueOf(i + 1), parts[i].trim());
+        }
+
+        return resultMap;
+    }
+
+    /**
+     * 解析分隔符文本并过滤空值
+     * @param text 原始文本
+     * @param sepKey 分隔符
+     * @param removeEmpty 是否移除空值
+     * @return LinkedHashMap对象
+     */
+    public static LinkedHashMap<String, Object> parseSeparatedText(String text, String sepKey, boolean removeEmpty) {
+        LinkedHashMap<String, Object> resultMap = parseSeparatedText(text, sepKey);
+
+        if (removeEmpty) {
+            resultMap.entrySet().removeIf(entry ->
+                    entry.getValue() == null ||
+                            entry.getValue().toString().isEmpty());
+        }
+
+        return resultMap;
+    }
+
+    /**
+     * 解析分隔符文本并转换为特定类型
+     * @param text 原始文本
+     * @param sepKey 分隔符
+     * @param valueType 值类型（STRING, INTEGER, LONG, DOUBLE, BOOLEAN）
+     * @return LinkedHashMap对象
+     */
+    public static LinkedHashMap<String, Object> parseSeparatedTextWithType(
+            String text, String sepKey, ValueType valueType) {
+        LinkedHashMap<String, Object> resultMap = parseSeparatedText(text, sepKey);
+
+        if (valueType != ValueType.STRING) {
+            resultMap.replaceAll((key, value) -> convertValue(value.toString(), valueType));
+        }
+
+        return resultMap;
+    }
+
+    /**
+     * 值类型枚举
+     */
+    public enum ValueType {
+        STRING, INTEGER, LONG, DOUBLE, BOOLEAN
+    }
+
+    /**
+     * 值类型转换
+     */
+    private static Object convertValue(String value, ValueType valueType) {
+        if (value == null || value.isEmpty()) {
+            return null;
+        }
+
+        try {
+            switch (valueType) {
+                case INTEGER:
+                    return Integer.parseInt(value);
+                case LONG:
+                    return Long.parseLong(value);
+                case DOUBLE:
+                    return Double.parseDouble(value);
+                case BOOLEAN:
+                    return Boolean.parseBoolean(value) || "1".equals(value);
+                case STRING:
+                default:
+                    return value;
+            }
+        } catch (NumberFormatException e) {
+            // 转换失败时返回原始字符串
+            return value;
+        }
+    }
+}
\ No newline at end of file
diff --git a/haobang-security-xdr/syslog-consumer/src/main/java/com/config/AppConfig.java b/haobang-security-xdr/syslog-consumer/src/main/java/com/config/AppConfig.java
new file mode 100644
index 0000000..59c5e2c
--- /dev/null
+++ b/haobang-security-xdr/syslog-consumer/src/main/java/com/config/AppConfig.java
@@ -0,0 +1,105 @@
+package com.config;
+
+import com.typesafe.config.Config;
+import com.typesafe.config.ConfigFactory;
+import org.springframework.context.annotation.Bean;
+
+import java.io.File;
+
+public class AppConfig {
+    private static final Config config;
+
+    static {
+        // 加载配置文件
+        File configFile = new File("application.properties");
+        if (configFile.exists()) {
+            config = ConfigFactory.parseFile(configFile);
+        } else {
+            config = ConfigFactory.load("application.properties");
+        }
+    }
+    // Syslog 配置
+    public static int getSyslogTcpPort() {
+        return config.getInt("syslog.tcp.port");
+    }
+
+    public static int getSyslogUdpPort() {
+        return config.getInt("syslog.udp.port");
+    }
+
+    public static int getSyslogMaxFrameLength() {
+        return config.getInt("syslog.max.frame.length");
+    }
+
+    public static int getSyslogBufferSize() {
+        return config.getInt("syslog.buffer.size");
+    }
+
+    // InfluxDB 配置
+    public static String getInfluxUrl() {
+        return config.getString("influxdb.url");
+    }
+
+    public static String getInfluxToken() {
+        return config.getString("influxdb.token");
+    }
+
+    public static String getInfluxOrg() {
+        return config.getString("influxdb.org");
+    }
+
+    public static String getInfluxBucket() {
+        return config.getString("influxdb.bucket");
+    }
+
+    public static int getInfluxBatchSize() {
+        return config.getInt("influxdb.batch.size");
+    }
+
+    public static int getInfluxFlushInterval() {
+        return config.getInt("influxdb.flush.interval");
+    }
+
+    public static int getInfluxRetryAttempts() {
+        return config.getInt("influxdb.retry.attempts");
+    }
+
+    public static int getInfluxRetryDelay() {
+        return config.getInt("influxdb.retry.delay");
+    }
+
+    // 应用配置
+    public static int getWorkerThreads() {
+        return config.getInt("app.worker.threads");
+    }
+
+    public static int getMaxQueueSize() {
+        return config.getInt("app.max.queue.size");
+    }
+
+    public static boolean isMetricsEnabled() {   return config.getBoolean("app.metrics.enabled");   }
+
+    //kafka consumer应用配置
+
+    public static String getBootstrapServers() {
+        return config.getString("spring.kafka.consumer.bootstrap-servers");
+    }
+
+    public static String getGroupId() {
+        return config.getString("spring.kafka.consumer.group-id");
+    }
+
+    public static String getAutoOffsetReset() {
+        return config.getString("spring.kafka.consumer.auto-offset-reset");
+    }
+
+    public static boolean getEnableAutoCommit() { return config.getBoolean("spring.kafka.consumer.enable-auto-commit");     }
+
+    public static String getAutoCommitIntervalMS() {      return config.getString("spring.kafka.consumer.auto-commit-interval");}
+
+    public static String getTopic() {  return config.getString("spring.kafka.consumer.topic"); }
+
+    public static String geRunEnvironment‌() {  return config.getString("server.run.environment"); }
+
+
+}
diff --git a/haobang-security-xdr/syslog-consumer/src/main/java/com/config/CacheConfig.java b/haobang-security-xdr/syslog-consumer/src/main/java/com/config/CacheConfig.java
new file mode 100644
index 0000000..4daedcf
--- /dev/null
+++ b/haobang-security-xdr/syslog-consumer/src/main/java/com/config/CacheConfig.java
@@ -0,0 +1,120 @@
+package com.config;
+
+import com.fasterxml.jackson.databind.ObjectMapper;
+import com.fasterxml.jackson.databind.jsontype.BasicPolymorphicTypeValidator;
+import com.fasterxml.jackson.databind.jsontype.PolymorphicTypeValidator;
+import com.fasterxml.jackson.datatype.jsr310.JavaTimeModule;
+import org.springframework.cache.CacheManager;
+import org.springframework.cache.annotation.EnableCaching;
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.data.redis.cache.RedisCacheConfiguration;
+import org.springframework.data.redis.cache.RedisCacheManager;
+import org.springframework.data.redis.connection.RedisConnectionFactory;
+import org.springframework.data.redis.serializer.GenericJackson2JsonRedisSerializer;
+import org.springframework.data.redis.serializer.RedisSerializationContext;
+import org.springframework.data.redis.serializer.StringRedisSerializer;
+import com.fasterxml.jackson.databind.DeserializationFeature;
+import java.time.Duration;
+import java.util.Collections;
+import org.springframework.context.annotation.Primary;
+@Configuration
+@EnableCaching  // 启用缓存
+public class CacheConfig {
+
+    /**
+     * 配置支持类型信息的 ObjectMapper
+     */
+    @Bean
+    public ObjectMapper objectMapper() {
+        ObjectMapper mapper = new ObjectMapper();
+
+        // 注册 Java 8 日期时间支持
+        mapper.registerModule(new JavaTimeModule());
+
+        // 禁用将日期序列化为时间戳
+        mapper.disable(com.fasterxml.jackson.databind.SerializationFeature.WRITE_DATES_AS_TIMESTAMPS);
+
+        // 启用类型信息，解决 LinkedHashMap 转换问题
+        PolymorphicTypeValidator ptv = BasicPolymorphicTypeValidator.builder()
+                .allowIfSubType("com.common.entity.")    // 允许你的实体类包
+                .allowIfSubType("java.util.ArrayList")   // 允许 ArrayList
+                .allowIfSubType("java.util.LinkedList")  // 允许 LinkedList
+                .allowIfBaseType("java.util.List")       // 允许 List 接口
+                .allowIfBaseType("java.lang.Object")     // 允许 Object 类型
+                .build();
+
+        // 忽略未知属性
+        mapper.configure(DeserializationFeature.FAIL_ON_UNKNOWN_PROPERTIES, false); // [citation:1][citation:5][citation:7]
+        // 遇到无效子类型时不立即失败，为你自定义反序列化逻辑留出空间
+        mapper.configure(DeserializationFeature.FAIL_ON_INVALID_SUBTYPE, false); // [citation:2][citation:5]
+
+        // 激活默认类型信息
+        mapper.activateDefaultTyping(
+                ptv,
+                ObjectMapper.DefaultTyping.NON_FINAL,
+                com.fasterxml.jackson.annotation.JsonTypeInfo.As.PROPERTY
+        );
+
+        return mapper;
+    }
+
+
+    /**
+     * Redis 缓存配置
+     */
+    @Bean
+    public RedisCacheConfiguration redisCacheConfiguration() {
+        ObjectMapper mapper = objectMapper();
+        GenericJackson2JsonRedisSerializer serializer = new GenericJackson2JsonRedisSerializer(mapper);
+
+        return RedisCacheConfiguration.defaultCacheConfig()
+                .entryTtl(Duration.ofMinutes(30))
+                .disableCachingNullValues()
+                .serializeKeysWith(RedisSerializationContext.SerializationPair
+                        .fromSerializer(new StringRedisSerializer()))
+                .serializeValuesWith(RedisSerializationContext.SerializationPair
+                        .fromSerializer(serializer));
+    }
+
+    @Bean
+    public CacheManager cacheManager(RedisConnectionFactory factory) {
+        ObjectMapper mapper = objectMapper();
+        GenericJackson2JsonRedisSerializer serializer = new GenericJackson2JsonRedisSerializer(mapper);
+
+        RedisCacheConfiguration deviceConfig = RedisCacheConfiguration.defaultCacheConfig()
+                .entryTtl(Duration.ofHours(1))
+                .serializeKeysWith(RedisSerializationContext.SerializationPair
+                        .fromSerializer(new StringRedisSerializer()))
+                .serializeValuesWith(RedisSerializationContext.SerializationPair
+                        .fromSerializer(serializer));
+
+        RedisCacheConfiguration collectTaskConfig = RedisCacheConfiguration.defaultCacheConfig()
+                .entryTtl(Duration.ofHours(1))
+                .serializeKeysWith(RedisSerializationContext.SerializationPair
+                        .fromSerializer(new StringRedisSerializer()))
+                .serializeValuesWith(RedisSerializationContext.SerializationPair
+                        .fromSerializer(serializer));
+        RedisCacheConfiguration normalizeRuleConfig = RedisCacheConfiguration.defaultCacheConfig()
+                .entryTtl(Duration.ofHours(1))
+                .serializeKeysWith(RedisSerializationContext.SerializationPair
+                        .fromSerializer(new StringRedisSerializer()))
+                .serializeValuesWith(RedisSerializationContext.SerializationPair
+                        .fromSerializer(serializer));
+        return RedisCacheManager.builder(factory)
+                .cacheDefaults(redisCacheConfiguration())
+                .withInitialCacheConfigurations(Collections.singletonMap(
+                        "device", deviceConfig
+                ))
+                .withInitialCacheConfigurations(Collections.singletonMap(
+
+                        "collectTask",collectTaskConfig
+                ))
+                .withInitialCacheConfigurations(Collections.singletonMap(
+
+                        "normalizeRule",normalizeRuleConfig
+                ))
+                .transactionAware()
+                .build();
+    }
+}
\ No newline at end of file
diff --git a/haobang-security-xdr/syslog-consumer/src/main/java/com/config/RedisConfig.java b/haobang-security-xdr/syslog-consumer/src/main/java/com/config/RedisConfig.java
new file mode 100644
index 0000000..3bd7321
--- /dev/null
+++ b/haobang-security-xdr/syslog-consumer/src/main/java/com/config/RedisConfig.java
@@ -0,0 +1,59 @@
+package com.config;
+
+import com.fasterxml.jackson.databind.ObjectMapper;
+import com.fasterxml.jackson.datatype.jsr310.JavaTimeModule;
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.data.redis.connection.RedisConnectionFactory;
+import org.springframework.data.redis.core.RedisTemplate;
+import org.springframework.data.redis.serializer.Jackson2JsonRedisSerializer;
+import org.springframework.data.redis.serializer.StringRedisSerializer;
+
+@Configuration
+public class RedisConfig {
+
+
+    @Bean
+    public RedisTemplate<String, Object> redisTemplate(RedisConnectionFactory factory) {
+        RedisTemplate<String, Object> template = new RedisTemplate<>();
+        template.setConnectionFactory(factory);
+
+        // 使用 Jackson2JsonRedisSerializer 并指定类型
+        Jackson2JsonRedisSerializer<Object> serializer = new Jackson2JsonRedisSerializer<>(Object.class);
+
+        ObjectMapper mapper = new ObjectMapper();
+        mapper.registerModule(new JavaTimeModule());
+        mapper.activateDefaultTyping(
+                mapper.getPolymorphicTypeValidator(),
+                ObjectMapper.DefaultTyping.NON_FINAL
+        );
+        serializer.setObjectMapper(mapper);
+
+        template.setKeySerializer(new StringRedisSerializer());
+        template.setValueSerializer(serializer);
+        template.setHashKeySerializer(new StringRedisSerializer());
+        template.setHashValueSerializer(serializer);
+        template.afterPropertiesSet();
+
+        return template;
+    }
+/**
+   public RedisTemplate<String, Object> redisTemplate(RedisConnectionFactory connectionFactory) {
+       RedisTemplate<String, Object> template = new RedisTemplate<>();
+       template.setConnectionFactory(connectionFactory);
+
+       // 使用StringRedisSerializer来序列化和反序列化redis的key值
+       template.setKeySerializer(new StringRedisSerializer());
+       // 使用Jackson2JsonRedisSerializer来序列化和反序列化redis的value值
+       Jackson2JsonRedisSerializer<Object> serializer = new Jackson2JsonRedisSerializer<>(Object.class);
+       template.setValueSerializer(serializer);
+
+       // Hash的key和value也分别设置序列化器
+       template.setHashKeySerializer(new StringRedisSerializer());
+       template.setHashValueSerializer(serializer);
+
+       template.afterPropertiesSet();
+       return template;
+   }
+**/
+}
\ No newline at end of file
diff --git a/haobang-security-xdr/syslog-consumer/src/main/java/com/config/RestTemplateConfig.java b/haobang-security-xdr/syslog-consumer/src/main/java/com/config/RestTemplateConfig.java
new file mode 100644
index 0000000..469a736
--- /dev/null
+++ b/haobang-security-xdr/syslog-consumer/src/main/java/com/config/RestTemplateConfig.java
@@ -0,0 +1,74 @@
+
+package com.config;
+
+
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.http.client.ClientHttpRequestInterceptor;
+import org.springframework.http.client.SimpleClientHttpRequestFactory;
+import org.springframework.web.client.RestTemplate;
+
+import java.util.ArrayList;
+import java.util.List;
+
+@Configuration
+public class RestTemplateConfig {
+
+    private static final Logger log = LoggerFactory.getLogger(RestTemplateConfig.class);
+
+    @Bean
+    public RestTemplate restTemplate() {
+        SimpleClientHttpRequestFactory factory = new SimpleClientHttpRequestFactory();
+        factory.setConnectTimeout(30000); // 30秒连接超时
+        factory.setReadTimeout(60000);    // 60秒读取超时
+
+        RestTemplate restTemplate = new RestTemplate(factory);
+
+        // 添加自定义日志拦截器，控制日志输出
+        List<ClientHttpRequestInterceptor> interceptors = new ArrayList<>();
+        interceptors.add(new LoggingInterceptor());
+        restTemplate.setInterceptors(interceptors);
+
+        return restTemplate;
+    }
+
+    /**
+     * 自定义日志拦截器，控制请求/响应日志
+     */
+    public static class LoggingInterceptor implements ClientHttpRequestInterceptor {
+
+        @Override
+        public org.springframework.http.client.ClientHttpResponse intercept(
+                org.springframework.http.HttpRequest request,
+                byte[] body,
+                org.springframework.http.client.ClientHttpRequestExecution execution)
+                throws java.io.IOException {
+
+            // 记录请求信息
+            log.debug("请求URL: {}", request.getURI());
+            log.debug("请求方法: {}", request.getMethod());
+            log.debug("请求头: {}", request.getHeaders());
+
+            // 记录请求体（限制长度）
+            if (log.isDebugEnabled() && body != null) {
+                String requestBody = new String(body, "UTF-8");
+                int printLength = Math.min(200, requestBody.length());
+                log.debug("请求体 (前{}字符): {}", printLength, requestBody.substring(0, printLength));
+            }
+
+            // 执行请求
+            org.springframework.http.client.ClientHttpResponse response = execution.execute(request, body);
+
+            // 记录响应信息
+            log.debug("响应状态码: {}", response.getStatusCode());
+            log.debug("响应头: {}", response.getHeaders());
+
+            // 注意：这里不要直接读取响应体，否则会导致后续无法读取
+            // 使用BufferingClientHttpResponseWrapper包装响应
+
+            return response;
+        }
+    }
+}
\ No newline at end of file
diff --git a/haobang-security-xdr/syslog-consumer/src/main/java/com/config/ScheduleConfig.java b/haobang-security-xdr/syslog-consumer/src/main/java/com/config/ScheduleConfig.java
new file mode 100644
index 0000000..bceec98
--- /dev/null
+++ b/haobang-security-xdr/syslog-consumer/src/main/java/com/config/ScheduleConfig.java
@@ -0,0 +1,11 @@
+package com.config;
+
+import org.springframework.context.annotation.Configuration;
+import org.springframework.scheduling.annotation.EnableScheduling;
+import org.springframework.scheduling.annotation.Scheduled;
+
+@Configuration
+@EnableScheduling
+public class ScheduleConfig {
+    // 启用定时任务支持
+}
\ No newline at end of file
diff --git a/haobang-security-xdr/syslog-consumer/src/main/java/com/config/ThreadPoolConfig.java b/haobang-security-xdr/syslog-consumer/src/main/java/com/config/ThreadPoolConfig.java
new file mode 100644
index 0000000..c3f86fb
--- /dev/null
+++ b/haobang-security-xdr/syslog-consumer/src/main/java/com/config/ThreadPoolConfig.java
@@ -0,0 +1,47 @@
+package com.config;
+
+import org.springframework.beans.factory.annotation.Value;
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.scheduling.annotation.EnableAsync;
+import org.springframework.scheduling.concurrent.ThreadPoolTaskExecutor;
+
+import java.util.concurrent.Executor;
+import java.util.concurrent.ThreadPoolExecutor;
+import org.springframework.context.annotation.Primary;
+@Configuration
+@EnableAsync
+public class ThreadPoolConfig {
+
+    @Value("${app.processor.thread-pool.core-pool-size:10}")
+    private int corePoolSize;
+
+    @Value("${app.processor.thread-pool.max-pool-size:20}")
+    private int maxPoolSize;
+
+    @Value("${app.processor.thread-pool.queue-capacity:2000}")
+    private int queueCapacity;
+
+    @Value("${app.processor.thread-pool.keep-alive-seconds:60}")
+    private int keepAliveSeconds;
+
+    @Bean("logNormalProcessorExecutor")
+    @Primary  // 添加这个注解
+    public Executor logNormalProcessorExecutor() {
+        ThreadPoolTaskExecutor executor = new ThreadPoolTaskExecutor();
+        executor.setCorePoolSize(corePoolSize);
+        executor.setMaxPoolSize(maxPoolSize);
+        executor.setQueueCapacity(queueCapacity);
+        executor.setKeepAliveSeconds(keepAliveSeconds);
+        executor.setThreadNamePrefix("log-processor-");
+
+        // 拒绝策略：由调用线程处理该任务（保证不丢失消息）
+        executor.setRejectedExecutionHandler(new ThreadPoolExecutor.CallerRunsPolicy());
+
+        // 等待所有任务结束后再关闭线程池
+        executor.setWaitForTasksToCompleteOnShutdown(true);
+        executor.setAwaitTerminationSeconds(60);
+        executor.initialize();
+        return executor;
+    }
+}
\ No newline at end of file
diff --git a/haobang-security-xdr/syslog-consumer/src/main/java/com/config/WebConfig.java b/haobang-security-xdr/syslog-consumer/src/main/java/com/config/WebConfig.java
new file mode 100644
index 0000000..5f52013
--- /dev/null
+++ b/haobang-security-xdr/syslog-consumer/src/main/java/com/config/WebConfig.java
@@ -0,0 +1,56 @@
+package com.config;
+
+
+import com.fasterxml.jackson.databind.DeserializationFeature;
+import com.fasterxml.jackson.databind.ObjectMapper;
+import com.fasterxml.jackson.datatype.jsr310.JavaTimeModule;
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.http.converter.HttpMessageConverter;
+import org.springframework.http.converter.json.MappingJackson2HttpMessageConverter;
+import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;
+
+import java.util.List;
+
+@Configuration
+public class WebConfig implements WebMvcConfigurer {
+
+    /**
+     * 创建专门用于 HTTP 请求的 ObjectMapper
+     */
+    @Bean
+    public ObjectMapper httpObjectMapper() {
+        ObjectMapper mapper = new ObjectMapper();
+
+        // 注册 Java 8 日期时间支持
+        mapper.registerModule(new JavaTimeModule());
+
+        // 禁用将日期序列化为时间戳
+        mapper.disable(com.fasterxml.jackson.databind.SerializationFeature.WRITE_DATES_AS_TIMESTAMPS);
+
+        // 忽略未知属性
+        mapper.configure(DeserializationFeature.FAIL_ON_UNKNOWN_PROPERTIES, false);
+
+        // 确保禁用所有类型信息
+        mapper.deactivateDefaultTyping();
+
+        return mapper;
+    }
+
+    /**
+     * 创建 HTTP 消息转换器
+     */
+    @Bean
+    public MappingJackson2HttpMessageConverter mappingJackson2HttpMessageConverter() {
+        return new MappingJackson2HttpMessageConverter(httpObjectMapper());
+    }
+
+    /**
+     * 注册消息转换器到 Spring MVC
+     */
+    @Override
+    public void configureMessageConverters(List<HttpMessageConverter<?>> converters) {
+        // 将 Jackson 转换器添加到转换器列表的开头
+        converters.add(0, mappingJackson2HttpMessageConverter());
+    }
+}
\ No newline at end of file
diff --git a/haobang-security-xdr/syslog-consumer/src/main/java/com/controllers/AppLogController.java b/haobang-security-xdr/syslog-consumer/src/main/java/com/controllers/AppLogController.java
new file mode 100644
index 0000000..7de58d0
--- /dev/null
+++ b/haobang-security-xdr/syslog-consumer/src/main/java/com/controllers/AppLogController.java
@@ -0,0 +1,33 @@
+package com.controllers;
+
+
+import com.common.entity.AppLog;
+import com.common.service.ElasticsearchService;
+import lombok.extern.slf4j.Slf4j;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.web.bind.annotation.*;
+
+import java.util.UUID;
+
+@Slf4j
+@RestController
+@RequestMapping("/api/applog")
+public class AppLogController {
+
+    @Autowired
+    private ElasticsearchService elasticsearchService;
+
+    /**
+     * 保存日志到ES
+     */
+    @PostMapping
+    public String saveAppLog(@RequestBody AppLog appLog) {
+        // 生成唯一ID（如果前端没有提供）
+        if (appLog.getId() == null) {
+            appLog.setId(UUID.randomUUID().toString());
+        }
+
+        elasticsearchService.saveAppLog(appLog);
+        return "保存成功";
+    }
+}
\ No newline at end of file
diff --git a/haobang-security-xdr/syslog-consumer/src/main/java/com/controllers/CacheController.java b/haobang-security-xdr/syslog-consumer/src/main/java/com/controllers/CacheController.java
new file mode 100644
index 0000000..7634e34
--- /dev/null
+++ b/haobang-security-xdr/syslog-consumer/src/main/java/com/controllers/CacheController.java
@@ -0,0 +1,219 @@
+package com.controllers;
+
+
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.cache.Cache;
+import org.springframework.cache.CacheManager;
+import org.springframework.data.redis.core.RedisTemplate;
+import org.springframework.http.ResponseEntity;
+import org.springframework.web.bind.annotation.*;
+
+import java.util.*;
+import java.util.stream.Collectors;
+
+
+@RestController
+@RequestMapping("/api/cache")
+public class CacheController {
+
+    @Autowired
+    private RedisTemplate<String, Object> redisTemplate;
+
+    @Autowired(required = false)
+    private CacheManager cacheManager;
+
+    /**
+     * 获取指定key的缓存值
+     */
+    @GetMapping("/key/{key}")
+    public ResponseEntity<Map<String, Object>> getCacheValue(@PathVariable String key) {
+        try {
+            Object value = redisTemplate.opsForValue().get(key);
+            Map<String, Object> result = new HashMap<>();
+            result.put("key", key);
+            result.put("value", value);
+            result.put("exists", value != null);
+            return ResponseEntity.ok(result);
+        } catch (Exception e) {
+            Map<String, Object> errorMap = new HashMap<>();
+            errorMap.put("error", "获取缓存失败");
+            errorMap.put("message", e.getMessage());
+            return ResponseEntity.badRequest().body(errorMap);
+        }
+    }
+
+    /**
+     * 清除指定key的缓存
+     */
+    @DeleteMapping("/key/{key}")
+    public ResponseEntity<Map<String, Object>> deleteCache(@PathVariable String key) {
+        try {
+            Boolean deleted = redisTemplate.delete(key);
+            Map<String, Object> result = new HashMap<>();
+            result.put("key", key);
+            result.put("deleted", deleted);
+            result.put("message", deleted ? "缓存删除成功" : "缓存不存在");
+            return ResponseEntity.ok(result);
+        } catch (Exception e) {
+            Map<String, Object> errorMap = new HashMap<>();
+            errorMap.put("error", "删除缓存失败");
+            errorMap.put("message", e.getMessage());
+            return ResponseEntity.badRequest()
+                    .body(errorMap);
+        }
+    }
+
+
+    /**
+     * 清除所有缓存（清空整个Redis数据库）
+     * 警告：这是一个危险操作，会清空所有数据
+     */
+    @DeleteMapping("/all")
+    public ResponseEntity<Map<String, Object>> clearAllCache() {
+        try {
+            // 获取当前数据库的所有key
+            Set<String> keys = redisTemplate.keys("*");
+            Long deletedCount = 0L;
+
+            if (keys != null && !keys.isEmpty()) {
+                deletedCount = redisTemplate.delete(keys);
+            }
+
+            Map<String, Object> result = new HashMap<>();
+            result.put("operation", "clearAll");
+            result.put("deletedCount", deletedCount);
+            result.put("message", "所有缓存已清除");
+            result.put("warning", "此操作会清空整个Redis数据库，请谨慎使用！");
+            return ResponseEntity.ok(result);
+        } catch (Exception e) {
+            Map<String, Object> errorMap = new HashMap<>();
+            errorMap.put("error", "清除所有缓存失败");
+            errorMap.put("message", e.getMessage());
+            return ResponseEntity.badRequest()
+                    .body(errorMap);
+        }
+    }
+
+    /**
+     * 清除指定缓存名称的所有缓存（通过CacheManager）
+     * 例如：deviceCache、userCache等
+     */
+    @DeleteMapping("/name/{cacheName}")
+    public ResponseEntity<Map<String, Object>> clearCacheByName(@PathVariable String cacheName) {
+        try {
+            if (cacheManager == null) {
+                Map<String, Object> errorMap = new HashMap<>();
+                errorMap.put("error", "CacheManager未配置");
+                errorMap.put("message", "无法通过CacheManager清除缓存");
+                return ResponseEntity.badRequest()
+                        .body(errorMap);
+            }
+
+            Cache cache = cacheManager.getCache(cacheName);
+            if (cache == null) {
+                Map<String, Object> errorMap = new HashMap<>();
+                errorMap.put("cacheName", cacheName);
+                errorMap.put("message", "缓存不存在");
+                errorMap.put("availableCaches",  cacheManager.getCacheNames());
+                return ResponseEntity.ok(errorMap);
+            }
+
+            cache.clear();
+
+            Map<String, Object> result = new HashMap<>();
+            result.put("cacheName", cacheName);
+            result.put("operation", "clear");
+            result.put("message", "缓存区域已清空");
+            return ResponseEntity.ok(result);
+        } catch (Exception e) {
+            Map<String, Object> errorMap = new HashMap<>();
+            errorMap.put("error", "清除缓存失败");
+            errorMap.put("message", e.getMessage());
+            return ResponseEntity.badRequest()
+                    .body(errorMap);
+        }
+    }
+
+    /**
+     * 获取所有缓存名称（通过CacheManager）
+     */
+    @GetMapping("/names")
+    public ResponseEntity<Map<String, Object>> getAllCacheNames() {
+        try {
+            if (cacheManager == null) {
+                Map<String, Object> errorMap = new HashMap<>();
+                errorMap.put("caches",  Collections.emptyList());
+                errorMap.put("message","CacheManager未配置");
+                return ResponseEntity.ok(errorMap);
+            }
+
+            Collection<String> cacheNames = cacheManager.getCacheNames();
+            Map<String, Object> result = new HashMap<>();
+            result.put("count", cacheNames.size());
+            result.put("caches", cacheNames);
+            return ResponseEntity.ok(result);
+        } catch (Exception e) {
+            Map<String, Object> errorMap = new HashMap<>();
+            errorMap.put("error", "获取缓存名称失败");
+            errorMap.put("message",e.getMessage());
+            return ResponseEntity.badRequest()
+                    .body(errorMap);
+        }
+    }
+
+    /**
+     * 获取所有Redis key（按模式搜索）
+     */
+    @GetMapping("/redis-keys")
+    public ResponseEntity<Map<String, Object>> getRedisKeys(@RequestParam(required = false, defaultValue = "*") String pattern) {
+        try {
+            Set<String> keys = redisTemplate.keys(pattern);
+            if (keys == null) {
+                keys = Collections.emptySet();
+            }
+
+            // 获取key对应的value类型（可选）
+            List<Map<String, Object>> keyDetails = keys.stream()
+                    .limit(100) // 限制返回数量，避免数据量太大
+                    .map(key -> {
+                        Map<String, Object> detail = new HashMap<>();
+                        detail.put("key", key);
+                        try {
+                            // 获取key的类型
+                            String type = redisTemplate.type(key).name();
+                            detail.put("type", type);
+
+                            // 获取TTL（过期时间）
+                            Long ttl = redisTemplate.getExpire(key);
+                            detail.put("ttl", ttl);
+
+                            // 获取key的大小（估计值）
+                            if ("STRING".equals(type)) {
+                                Object value = redisTemplate.opsForValue().get(key);
+                                detail.put("size", value != null ? value.toString().length() : 0);
+                            }
+                        } catch (Exception e) {
+                            detail.put("error", e.getMessage());
+                        }
+                        return detail;
+                    })
+                    .collect(Collectors.toList());
+
+            Map<String, Object> result = new HashMap<>();
+            result.put("pattern", pattern);
+            result.put("totalKeys", keys.size());
+            result.put("returnedKeys", keyDetails.size());
+            result.put("keys", keyDetails);
+            result.put("message", keys.size() > 100 ? "只显示前100个key" : "所有key已列出");
+
+            return ResponseEntity.ok(result);
+        } catch (Exception e) {
+            Map<String, Object> errorMap = new HashMap<>();
+            errorMap.put("error", "获取Redis keys失败");
+            errorMap.put("message",e.getMessage());
+            return ResponseEntity.badRequest()
+                    .body(errorMap);
+        }
+    }
+
+}
\ No newline at end of file
diff --git a/haobang-security-xdr/syslog-consumer/src/main/java/com/controllers/DmColumnController.java b/haobang-security-xdr/syslog-consumer/src/main/java/com/controllers/DmColumnController.java
new file mode 100644
index 0000000..d4096c5
--- /dev/null
+++ b/haobang-security-xdr/syslog-consumer/src/main/java/com/controllers/DmColumnController.java
@@ -0,0 +1,77 @@
+package com.controllers;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.boot.autoconfigure.AutoConfigureOrder;
+import org.springframework.http.ResponseEntity;
+import org.springframework.web.bind.annotation.PathVariable;
+import org.springframework.web.bind.annotation.RestController;
+
+import org.springframework.web.bind.annotation.GetMapping;
+import org.springframework.web.bind.annotation.RequestMapping;
+
+import com.common.service.DmColumnService;
+import com.common.entity.DmColumn;
+import com.common.service.DmNormalizeRuleService;
+import com.common.entity.DmNormalizeRule;
+
+import com.Modules.NormalData.LogNormalProcessor;
+
+import java.util.HashMap;
+import java.util.List;
+import java.util.Map;
+import java.util.UUID;
+
+
+@RestController
+//@RequestMapping("/api")
+public class DmColumnController {
+    @Autowired
+    private  DmColumnService dmColumnService;
+    @Autowired
+    private  DmNormalizeRuleService dmNormalizeRuleService;
+
+    private static HashMap OrginalColumnMap ;
+
+    public DmColumnController(DmColumnService dmColumnService) {
+        this.dmColumnService = dmColumnService;
+    }
+
+    @GetMapping("/")
+    public String home() {
+        return "🚀 Spring Boot 应用运行正常！";
+    }
+
+    @GetMapping("/dmcolumn")
+    public String getUsers() {
+
+        return "用户列表";
+    }
+
+    @GetMapping("/dmcolumn/id")
+    public String getDmcolumnByID () {
+        //DmColumn  dmColumn=dmColumnService.findById((long)682);
+        DmColumn  dmColumn=dmColumnService.findByDmColumnId((long)682);
+        //List<Map<String, Object>> columnList=dmColumnService.selectAllNormal();
+        //List<Map<String, Object>> rulelst=  dmNormalizeRuleService.selectByDeviceIdAuto((long)1);
+        //OrginalColumnMap= getMessageToMap(strLogMsg);
+       LogNormalProcessor  logNormalProcessor=new LogNormalProcessor( "", UUID.randomUUID().toString(),"test-topic");
+       logNormalProcessor.init();
+
+        return dmColumn.getDisplayName()  ;
+        //return dmColumn.getDisplayName()  ;
+
+
+    }
+    @GetMapping("/rule/id/{id}")
+    public  ResponseEntity<DmNormalizeRule> getById(@PathVariable Long id) {
+        System.out.println("rule_id："+id.toString());
+        DmNormalizeRule dmNormalizeRule=dmNormalizeRuleService.getById(id);
+        System.out.println("dmNormalizeRuleService："+dmNormalizeRule.toString());
+        return  ResponseEntity.ok(dmNormalizeRule);
+    }
+
+
+    @RequestMapping("/hello")
+    public String hello() {
+        return "Hello World";
+    }
+}
diff --git a/haobang-security-xdr/syslog-consumer/src/main/java/com/controllers/ETLController.java b/haobang-security-xdr/syslog-consumer/src/main/java/com/controllers/ETLController.java
new file mode 100644
index 0000000..d0d6e5c
--- /dev/null
+++ b/haobang-security-xdr/syslog-consumer/src/main/java/com/controllers/ETLController.java
@@ -0,0 +1,57 @@
+package com.controllers;
+
+
+
+import com.Modules.etl.handler.ETLRetryHandler;
+import com.common.schedule.ETLOrchestrator;
+import lombok.extern.slf4j.Slf4j;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.http.ResponseEntity;
+import org.springframework.web.bind.annotation.GetMapping;
+import org.springframework.web.bind.annotation.PostMapping;
+import org.springframework.web.bind.annotation.RequestMapping;
+import org.springframework.web.bind.annotation.RestController;
+
+@Slf4j
+@RestController
+@RequestMapping("/api/etl")
+public class ETLController {
+
+    @Autowired
+    private ETLOrchestrator etlOrchestrator;
+    /**
+     * 手动触发ETL任务
+     */
+    @PostMapping("/trigger")
+    public ResponseEntity<String> triggerETL() {
+        log.info("接收到手动触发ETL任务请求");
+        try {
+            etlOrchestrator.triggerETLManually();
+            return ResponseEntity.ok("ETL任务执行成功");
+        } catch (Exception e) {
+            log.error("ETL任务执行失败", e);
+            return ResponseEntity.status(500)
+                    .body("ETL任务执行失败: " + e.getMessage());
+        }
+    }
+
+    @PostMapping("/trigger/time")
+    public ResponseEntity<String> triggerETLbyTime(String startTime ,String endTime ) {
+        log.info("接收到手动触发ETL任务请求, 开始时间：{},结束时间：{}",startTime,endTime );
+        try {
+            etlOrchestrator.triggerETLManuallyByTime(startTime,endTime);
+            return ResponseEntity.ok("ETL任务执行成功");
+        } catch (Exception e) {
+            log.error("ETL任务执行失败", e);
+            return ResponseEntity.status(500)
+                    .body("ETL任务执行失败: " + e.getMessage());
+        }
+    }
+    /**
+     * 健康检查接口
+     */
+    @PostMapping("/health")
+    public ResponseEntity<String> healthCheck() {
+        return ResponseEntity.ok("ETL服务运行正常");
+    }
+}
\ No newline at end of file
diff --git a/haobang-security-xdr/syslog-consumer/src/main/java/com/controllers/GlobalExceptionHandler.java b/haobang-security-xdr/syslog-consumer/src/main/java/com/controllers/GlobalExceptionHandler.java
new file mode 100644
index 0000000..6b8f70d
--- /dev/null
+++ b/haobang-security-xdr/syslog-consumer/src/main/java/com/controllers/GlobalExceptionHandler.java
@@ -0,0 +1,49 @@
+package com.controllers;
+
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.springframework.http.HttpStatus;
+import org.springframework.validation.BindingResult;
+import org.springframework.validation.FieldError;
+import org.springframework.web.bind.MethodArgumentNotValidException;
+import org.springframework.web.bind.annotation.ExceptionHandler;
+import org.springframework.web.bind.annotation.ResponseStatus;
+import org.springframework.web.bind.annotation.RestControllerAdvice;
+import com.common.entity.*;
+
+import java.util.List;
+import java.util.stream.Collectors;
+
+@RestControllerAdvice
+public class GlobalExceptionHandler {
+
+    private static final Logger logger = LoggerFactory.getLogger(GlobalExceptionHandler.class);
+
+    /**
+     * 处理参数验证异常
+     */
+    @ExceptionHandler(MethodArgumentNotValidException.class)
+    @ResponseStatus(HttpStatus.BAD_REQUEST)
+    public ApiResponse<Object> handleValidationException(MethodArgumentNotValidException ex) {
+        BindingResult bindingResult = ex.getBindingResult();
+        List<FieldError> fieldErrors = bindingResult.getFieldErrors();
+
+        String errorMessage = fieldErrors.stream()
+                .map(error -> error.getField() + ": " + error.getDefaultMessage())
+                .collect(Collectors.joining("; "));
+
+        logger.warn("参数验证失败: {}", errorMessage);
+
+        return ApiResponse.error("参数验证失败: " + errorMessage, "VALIDATION_ERROR");
+    }
+
+    /**
+     * 处理其他异常
+     */
+    @ExceptionHandler(Exception.class)
+    @ResponseStatus(HttpStatus.INTERNAL_SERVER_ERROR)
+    public ApiResponse<Object> handleException(Exception ex) {
+        logger.error("系统异常", ex);
+        return ApiResponse.error("系统内部错误", "INTERNAL_ERROR");
+    }
+}
\ No newline at end of file
diff --git a/haobang-security-xdr/syslog-consumer/src/main/java/com/controllers/PartitionTableController.java b/haobang-security-xdr/syslog-consumer/src/main/java/com/controllers/PartitionTableController.java
new file mode 100644
index 0000000..bc8ab75
--- /dev/null
+++ b/haobang-security-xdr/syslog-consumer/src/main/java/com/controllers/PartitionTableController.java
@@ -0,0 +1,114 @@
+package com.controllers;
+
+import com.common.service.PartitionTableService;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.web.bind.annotation.*;
+
+import java.util.HashMap;
+import java.util.Map;
+import java.util.List;
+import java.util.ArrayList;
+
+@RestController
+@RequestMapping("/api/partition")
+public class PartitionTableController {
+
+    @Autowired
+    private PartitionTableService partitionTableService;
+
+    /**
+     * 检查第二天的分区表状态
+     */
+    @GetMapping("/check-tomorrow")
+    public Map<String, Object> checkTomorrowPartition() {
+        Map<String, Object> result = new HashMap<>();
+
+        try {
+            PartitionTableService.PartitionTableStatus status =
+                    partitionTableService.checkTomorrowPartitionTable();
+
+            result.put("success", true);
+            result.put("data", status);
+            result.put("message", "检查完成");
+
+        } catch (Exception e) {
+            result.put("success", false);
+            result.put("message", "检查失败: " + e.getMessage());
+        }
+
+        return result;
+    }
+
+    /**
+     * 检查未来多天的分区表状态
+     */
+    @GetMapping("/check-future")
+    public Map<String, Object> checkFuturePartitions(@RequestParam(defaultValue = "7") int days) {
+        Map<String, Object> result = new HashMap<>();
+
+        try {
+            List<PartitionTableService.PartitionTableStatus>   statusList = partitionTableService.checkFuturePartitionTables(days);
+
+            result.put("success", true);
+            result.put("data", statusList);
+            result.put("count", statusList.size());
+            result.put("message", String.format("检查了未来 %d 天的分区表状态", days));
+
+        } catch (Exception e) {
+            result.put("success", false);
+            result.put("message", "检查失败: " + e.getMessage());
+        }
+
+        return result;
+    }
+
+    /**
+     * 获取分区表统计信息
+     */
+    @GetMapping("/stats")
+    public Map<String, Object> getPartitionStats() {
+        return partitionTableService.getPartitionTableStats();
+    }
+
+    /**
+     * 手动创建指定日期的分区表
+     */
+    @PostMapping("/create")
+    public Map<String, Object> createPartition(@RequestParam String date) {
+        Map<String, Object> result = new HashMap<>();
+
+        try {
+            // 日期格式: yyyy-MM-dd
+            java.time.LocalDate localDate = java.time.LocalDate.parse(date);
+            boolean success = partitionTableService.createDailyPartitionTable(localDate);
+
+            result.put("success", success);
+            result.put("message", success ? "分区表创建成功" : "分区表创建失败");
+
+        } catch (Exception e) {
+            result.put("success", false);
+            result.put("message", "创建失败: " + e.getMessage());
+        }
+
+        return result;
+    }
+
+    /**
+     * 手动触发创建下个月所有分区表
+     */
+    @PostMapping("/create-next-month")
+    public Map<String, Object> createNextMonthPartition() {
+        Map<String, Object> result = new HashMap<>();
+
+        try {
+            partitionTableService.createNextMonthPartitionTable();
+            result.put("success", true);
+            result.put("message", "分区表创建任务已触发");
+        } catch (Exception e) {
+            result.put("success", false);
+            result.put("message", "分区表创建失败: " + e.getMessage());
+        }
+
+        return result;
+    }
+}
\ No newline at end of file
diff --git a/haobang-security-xdr/syslog-consumer/src/main/java/com/controllers/SyslogController.java b/haobang-security-xdr/syslog-consumer/src/main/java/com/controllers/SyslogController.java
new file mode 100644
index 0000000..b5630cb
--- /dev/null
+++ b/haobang-security-xdr/syslog-consumer/src/main/java/com/controllers/SyslogController.java
@@ -0,0 +1,390 @@
+package com.controllers;
+
+
+
+
+import com.common.entity.ApiResponse;
+import com.influx.dto.SyslogQueryDto;
+import com.common.service.InfluxSyslogService;
+import lombok.extern.slf4j.Slf4j;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.validation.annotation.Validated;
+import org.springframework.web.bind.annotation.*;
+import javax.validation.Valid;
+import javax.validation.constraints.NotBlank;
+import java.util.List;
+import java.util.Map;
+import lombok.Data;
+import javax.validation.constraints.NotEmpty;
+import javax.validation.constraints.Size;
+import com.Modules.NormalData.LogNormalProcessor;
+import com.common.entity.SyslogNonNormalMessage;
+import java.util.*;
+import java.util.stream.Collectors;
+import com.common.service.SyslogNonNormalMessageService;
+import java.time.LocalDateTime;
+
+@Slf4j
+@Validated
+@RestController
+@RequestMapping("/api/syslog")
+public class SyslogController {
+
+    @Autowired
+    private InfluxSyslogService syslogService;
+    @Autowired
+    private SyslogNonNormalMessageService messageService;
+    /**
+     * 接口1：按时间范围查询
+     * GET /api/syslog/time-range?startTime=2023-11-20T00:00:00Z&endTime=2023-11-20T23:59:59Z
+     */
+    @GetMapping("/time-range")
+    public ApiResponse<List<Map<String, Object>>> queryByTimeRange(
+            @RequestParam @NotBlank(message = "开始时间不能为空") String startTime,
+            @RequestParam @NotBlank(message = "结束时间不能为空") String endTime) {
+
+        log.info("收到时间范围查询请求: startTime={}, endTime={}", startTime, endTime);
+        List<Map<String, Object>> results = syslogService.queryByTimeRange(startTime, endTime);
+        return ApiResponse.success(results);
+    }
+
+    /**
+     * 接口2：按UUID查询详细日志
+     * GET /api/syslog/uuid/{uuid}
+     */
+    @GetMapping("/uuid/{uuid}")
+    public ApiResponse<List<Map<String, Object>>> queryByUuid(
+            @PathVariable @NotBlank(message = "UUID不能为空") String uuid) {
+
+        log.info("收到UUID查询请求: uuid={}", uuid);
+        List<Map<String, Object>> results = syslogService.queryByUuid(uuid);
+        return ApiResponse.success(results);
+    }
+
+    /**
+     * 接口3：按设备ID和时间范围查询
+     * GET /api/syslog/device?deviceId=device123&startTime=2023-11-20T00:00:00Z&endTime=2023-11-20T23:59:59Z
+     */
+    @GetMapping("/device")
+    public ApiResponse<List<Map<String, Object>>> queryByDeviceId(
+            @RequestParam @NotBlank(message = "设备ID不能为空") String deviceId,
+            @RequestParam @NotBlank(message = "开始时间不能为空") String startTime,
+            @RequestParam @NotBlank(message = "结束时间不能为空") String endTime) {
+
+        log.info("收到设备ID查询请求: deviceId={}, startTime={}, endTime={}", deviceId, startTime, endTime);
+        List<Map<String, Object>> results = syslogService.queryByDeviceIdAndTime(deviceId, startTime, endTime);
+        return ApiResponse.success(results);
+    }
+
+    /**
+     * 接口4：模糊查询message内容
+     * GET /api/syslog/search?startTime=2023-11-20T00:00:00Z&endTime=2023-11-20T23:59:59Z&keyword=error
+     */
+    @GetMapping("/search")
+    public ApiResponse<List<Map<String, Object>>> searchByMessage(
+            @RequestParam @NotBlank(message = "开始时间不能为空") String startTime,
+            @RequestParam @NotBlank(message = "结束时间不能为空") String endTime,
+            @RequestParam @NotBlank(message = "搜索关键字不能为空") String keyword) {
+
+        log.info("收到模糊查询请求: startTime={}, endTime={}, keyword={}", startTime, endTime, keyword);
+        List<Map<String, Object>> results = syslogService.queryByMessageContent(startTime, endTime, keyword);
+        return ApiResponse.success(results);
+    }
+    /**
+     * 接口：按多个UUID批量查询详细日志
+     * POST /api/syslog/uuids
+     * 请求体：{"uuids": ["uuid1", "uuid2", "uuid3"]}
+     */
+    @PostMapping("/uuids")
+    public ApiResponse<Map<String, List<Map<String, Object>>>> queryByUuids(
+            @RequestBody @Valid UuidBatchRequest request) {
+
+        log.info("收到批量UUID查询请求，数量: {}", request.getUuids().size());
+        Map<String, List<Map<String, Object>>> results = syslogService.queryByUuids(request.getUuids());
+        return ApiResponse.success(results);
+    }
+
+
+    /**
+     * 非标日志再次泛化处理
+     * 入参：List<Map<String, Object>> 多个map方式 两个参数: id, created_at
+     * 返回：ApiResponse<List<Map<String, Object>>>
+     */
+    @PostMapping("/re-generalize")
+    public ApiResponse<List<Map<String, Object>>> reGeneralizeNonNormalMessages(
+            @RequestBody List<Map<String, String>> paramList) {
+
+        List<Map<String, Object>> results = new ArrayList<>();
+
+        try {
+            log.info("开始非标日志再次泛化处理，处理记录数: {}", paramList.size());
+
+            // 1. 参数校验
+            if (paramList == null || paramList.isEmpty()) {
+                return ApiResponse.error("参数不能为空");
+            }
+            if (paramList.size()>100) {
+                return ApiResponse.error("再次泛化处理一次不能超过100条记录");
+            }
+            // 2. 提取参数并查询非标日志记录
+            List<String> ids = new ArrayList<>();
+            //List<LocalDateTime> createdAts = new ArrayList<>();
+            List<String> createdAts = new ArrayList<>();
+            for (Map<String, String> param : paramList) {
+                String id = (String) param.get("id");
+                String createdAtObj = param.get("created_at");
+
+                if (id != null) {
+                    ids.add(id);
+                    createdAts.add(  createdAtObj);
+                }
+            }
+
+            if (ids.isEmpty()) {
+                return ApiResponse.error("有效的ID列表为空");
+            }
+
+            // 3. 批量查询非标日志记录
+            List<SyslogNonNormalMessage> messages = messageService.getMessagesByIdsAndCreatedAts(ids, createdAts);
+
+            if (messages.isEmpty()) {
+                return ApiResponse.error("未找到对应的非标日志记录");
+            }
+
+            log.info("查询到非标日志记录数: {}", messages.size());
+
+            // 4. 按照syslog_uuid分组，确保相同uuid只处理一次
+            Map<String, List<SyslogNonNormalMessage>> uuidGroups = messages.stream()
+                    .filter(msg -> msg.getSyslogUuid() != null && !msg.getSyslogUuid().trim().isEmpty())
+                    .collect(Collectors.groupingBy(SyslogNonNormalMessage::getSyslogUuid));
+
+            // 处理没有syslog_uuid的记录
+            List<SyslogNonNormalMessage> noUuidMessages = messages.stream()
+                    .filter(msg -> msg.getSyslogUuid() == null || msg.getSyslogUuid().trim().isEmpty())
+                    .collect(Collectors.toList());
+
+            log.info("按syslog_uuid分组后组数: {}, 无UUID记录数: {}", uuidGroups.size(), noUuidMessages.size());
+
+            // 5. 处理每个分组，相同uuid只泛化一次
+            Map<String, Boolean> uuidProcessResult = new HashMap<>();
+            Map<String, String> uuidProcessMessage = new HashMap<>();
+
+            for (Map.Entry<String, List<SyslogNonNormalMessage>> entry : uuidGroups.entrySet()) {
+                String syslogUuid = entry.getKey();
+                List<SyslogNonNormalMessage> groupMessages = entry.getValue();
+
+                if (groupMessages.isEmpty()) {
+                    continue;
+                }
+
+                // 取第一条记录进行泛化处理（相同uuid的日志内容应该相同）
+                SyslogNonNormalMessage firstMessage = groupMessages.get(0);
+                boolean processSuccess = false;
+                String processMessage = "";
+
+                try {
+                    // 构建泛化处理器需要的参数
+                    String headerMessage = firstMessage.getHeaderMessage() != null ? firstMessage.getHeaderMessage() : "";
+                    String syslogMessage = firstMessage.getSyslogMessage() != null ? firstMessage.getSyslogMessage() : "";
+                    String combinedMessage = headerMessage + syslogMessage;
+                    String syslogTopic = firstMessage.getSyslogTopic();
+
+                    log.debug("开始泛化处理，syslog_uuid: {}, topic: {}", syslogUuid, syslogTopic);
+
+                    // 调用泛化处理类
+                    LogNormalProcessor logNormalProcessor = new LogNormalProcessor(
+                            combinedMessage, syslogUuid, syslogTopic);
+                    logNormalProcessor.init();
+
+                    processSuccess = true;
+                    processMessage = "泛化处理成功";
+                    log.debug("泛化处理成功，syslog_uuid: {}", syslogUuid);
+
+                } catch (Exception e) {
+                    processSuccess = false;
+                    processMessage = "泛化处理失败: " + e.getMessage();
+                    log.error("泛化处理失败，syslog_uuid: {}, 错误: {}", syslogUuid, e.getMessage(), e);
+                }
+
+                uuidProcessResult.put(syslogUuid, processSuccess);
+                uuidProcessMessage.put(syslogUuid, processMessage);
+            }
+
+            // 6. 批量更新处理结果和del_flag
+            List<SyslogNonNormalMessage> messagesToUpdate = new ArrayList<>();
+
+            // 处理有UUID的记录
+            for (SyslogNonNormalMessage message : messages) {
+                Map<String, Object> resultItem = new HashMap<>();
+                resultItem.put("id", message.getId());
+                resultItem.put("created_at", message.getCreatedAt());
+                resultItem.put("syslog_uuid", message.getSyslogUuid());
+
+                String syslogUuid = message.getSyslogUuid();
+                if (syslogUuid != null && !syslogUuid.trim().isEmpty() && uuidProcessResult.containsKey(syslogUuid)) {
+                    boolean success = uuidProcessResult.get(syslogUuid);
+                    String msg = uuidProcessMessage.get(syslogUuid);
+
+                    resultItem.put("success", success);
+                    resultItem.put("message", msg);
+
+                    // 更新记录状态，无论成功失败都标记del_flag为1（表示已处理）
+                    message.setDelFlag("1");
+                    messagesToUpdate.add(message);
+                } else if (syslogUuid == null || syslogUuid.trim().isEmpty()) {
+                    // 没有syslog_uuid的记录
+                    resultItem.put("success", false);
+                    resultItem.put("message", "syslog_uuid为空，无法进行泛化处理");
+                    message.setDelFlag("1"); // 仍然标记为已处理
+                    messagesToUpdate.add(message);
+                }
+
+                results.add(resultItem);
+            }
+
+            // 7. 批量更新数据库
+            if (!messagesToUpdate.isEmpty()) {
+                int updateCount = messageService.updateBatchDelFlag(messagesToUpdate);
+                log.info("批量更新del_flag完成，更新记录数: {}", updateCount);
+            }
+
+            // 8. 统计处理结果
+            long successCount = results.stream()
+                    .filter(result -> Boolean.TRUE.equals(result.get("success")))
+                    .count();
+
+            String finalMessage = String.format("处理完成，成功: %d, 失败: %d",
+                    successCount, results.size() - successCount);
+
+            log.info("非标日志再次泛化处理完成，{}", finalMessage);
+
+            return ApiResponse.success(finalMessage, results);
+
+        } catch (Exception e) {
+            log.error("非标日志再次泛化处理异常: {}", e.getMessage(), e);
+            //return ApiResponse.error("处理异常: " + e.getMessage(), results);
+            return ApiResponse.error("处理异常: " + e.getMessage());
+        }
+    }
+
+    /**
+     * 非标日志再次泛化处理 - 简化版本（仅通过ID批量处理）
+     */
+    //@PostMapping("/regeneralize-by-ids")
+    public ApiResponse<List<Map<String, Object>>> reGeneralizeByIds(
+            @RequestBody List<String> ids) {
+
+        List<Map<String, Object>> results = new ArrayList<>();
+
+        try {
+            if (ids == null || ids.isEmpty()) {
+                return ApiResponse.error("ID列表不能为空");
+            }
+
+            log.info("开始通过ID批量泛化处理，ID数量: {}", ids.size());
+
+            // 查询记录
+            List<SyslogNonNormalMessage> messages = messageService.getMessagesByIds(ids);
+
+            if (messages.isEmpty()) {
+                return ApiResponse.error("未找到对应的非标日志记录");
+            }
+
+            // 按syslog_uuid分组
+            Map<String, List<SyslogNonNormalMessage>> uuidGroups = messages.stream()
+                    .filter(msg -> msg.getSyslogUuid() != null && !msg.getSyslogUuid().trim().isEmpty())
+                    .collect(Collectors.groupingBy(SyslogNonNormalMessage::getSyslogUuid));
+
+            List<SyslogNonNormalMessage> noUuidMessages = messages.stream()
+                    .filter(msg -> msg.getSyslogUuid() == null || msg.getSyslogUuid().trim().isEmpty())
+                    .collect(Collectors.toList());
+
+            // 处理每个uuid组
+            for (String syslogUuid : uuidGroups.keySet()) {
+                List<SyslogNonNormalMessage> groupMessages = uuidGroups.get(syslogUuid);
+                SyslogNonNormalMessage firstMessage = groupMessages.get(0);
+
+                boolean processSuccess = false;
+                String processMessage = "";
+
+                try {
+                    String headerMessage = firstMessage.getHeaderMessage() != null ?
+                            firstMessage.getHeaderMessage() : "";
+                    String syslogMessage = firstMessage.getSyslogMessage() != null ?
+                            firstMessage.getSyslogMessage() : "";
+                    String combinedMessage = headerMessage + syslogMessage;
+
+                    LogNormalProcessor processor = new LogNormalProcessor(
+                            combinedMessage, syslogUuid, firstMessage.getSyslogTopic());
+                    processor.init();
+
+                    processSuccess = true;
+                    processMessage = "处理成功";
+                } catch (Exception e) {
+                    processSuccess = false;
+                    processMessage = "处理失败: " + e.getMessage();
+                }
+
+                // 更新该组所有记录
+                for (SyslogNonNormalMessage msg : groupMessages) {
+                    Map<String, Object> resultItem = new HashMap<>();
+                    resultItem.put("id", msg.getId());
+                    resultItem.put("syslog_uuid", msg.getSyslogUuid());
+                    resultItem.put("success", processSuccess);
+                    resultItem.put("message", processMessage);
+                    results.add(resultItem);
+
+                    msg.setDelFlag("1");
+                }
+            }
+
+            // 处理没有UUID的记录
+            for (SyslogNonNormalMessage msg : noUuidMessages) {
+                Map<String, Object> resultItem = new HashMap<>();
+                resultItem.put("id", msg.getId());
+                resultItem.put("syslog_uuid", msg.getSyslogUuid());
+                resultItem.put("success", false);
+                resultItem.put("message", "syslog_uuid为空，无法进行泛化处理");
+                results.add(resultItem);
+
+                msg.setDelFlag("1");
+            }
+
+            // 批量更新
+            if (!messages.isEmpty()) {
+                messageService.updateBatch(messages);
+            }
+
+            long successCount = results.stream()
+                    .filter(result -> Boolean.TRUE.equals(result.get("success")))
+                    .count();
+
+            String finalMessage = String.format("处理完成，成功: %d, 失败: %d",
+                    successCount, results.size() - successCount);
+
+            return ApiResponse.success(finalMessage, results);
+
+        } catch (Exception e) {
+            log.error("通过ID批量泛化处理异常: {}", e.getMessage(), e);
+            //return ApiResponse.error("处理异常: " + e.getMessage(), results);
+            return ApiResponse.error("处理异常: " + e.getMessage());
+        }
+    }
+
+
+    // 请求体DTO
+    @Data
+    public class UuidBatchRequest {
+        @NotEmpty(message = "UUID列表不能为空")
+        @Size(max = 100, message = "一次最多查询100个UUID")
+        private List<@NotBlank(message = "UUID不能为空") String> uuids;
+    }
+    /**
+         * 统一异常处理
+         */
+        @ExceptionHandler(Exception.class)
+        public ApiResponse<Object> handleException(Exception e) {
+            log.error("API处理异常: {}", e.getMessage(), e);
+            return ApiResponse.error(e.getMessage());
+    }
+}
\ No newline at end of file
diff --git a/haobang-security-xdr/syslog-consumer/src/main/java/com/controllers/SyslogNonNormalMessageController.java b/haobang-security-xdr/syslog-consumer/src/main/java/com/controllers/SyslogNonNormalMessageController.java
new file mode 100644
index 0000000..4ca8203
--- /dev/null
+++ b/haobang-security-xdr/syslog-consumer/src/main/java/com/controllers/SyslogNonNormalMessageController.java
@@ -0,0 +1,148 @@
+package com.controllers;
+
+
+import com.common.entity.SyslogNonNormalMessage;
+import com.common.service.SyslogNonNormalMessageService;
+import lombok.RequiredArgsConstructor;
+import lombok.extern.slf4j.Slf4j;
+import org.springframework.format.annotation.DateTimeFormat;
+import org.springframework.http.ResponseEntity;
+import org.springframework.web.bind.annotation.*;
+
+import javax.validation.Valid;
+import java.time.LocalDateTime;
+import java.util.List;
+import java.time.LocalDateTime;
+import java.util.HashMap;
+import java.util.List;
+import java.util.Map;
+
+@Slf4j
+@RestController
+@RequestMapping("/syslog/non-normal")
+@RequiredArgsConstructor
+
+public class SyslogNonNormalMessageController {
+    private final SyslogNonNormalMessageService messageService;
+
+    /**
+     * 接收单条非标日志
+     */
+    @PostMapping("/message")
+    public ResponseEntity<Boolean> receiveMessage(@Valid @RequestBody SyslogNonNormalMessage message) {
+        log.info("接收到非标日志消息: {}", message.getSyslogUuid());
+        boolean result = messageService.saveMessage(message);
+        return ResponseEntity.ok(result);
+    }
+
+
+    /**
+     * 新增非标日志
+     */
+    @PostMapping("/save")
+
+    public ResponseEntity<Map<String, Object>> saveMessage(@RequestBody SyslogNonNormalMessage message) {
+        Map<String, Object> result = new HashMap<>();
+        try {
+            boolean success = messageService.saveMessage(message);
+            if (success) {
+                result.put("success", true);
+                result.put("message", "保存成功");
+                result.put("data", message.getId());
+                return ResponseEntity.ok(result);
+            } else {
+                result.put("success", false);
+                result.put("message", "保存失败");
+                return ResponseEntity.badRequest().body(result);
+            }
+        } catch (Exception e) {
+            log.error("保存非标日志异常: {}", e.getMessage(), e);
+            result.put("success", false);
+            result.put("message", "保存异常: " + e.getMessage());
+            return ResponseEntity.internalServerError().body(result);
+        }
+    }
+    /**
+     * 根据ID查询
+     */
+    @GetMapping("/message/{id}")
+    public ResponseEntity<SyslogNonNormalMessage> getMessage(@PathVariable String id) {
+        SyslogNonNormalMessage message = messageService.getById(id);
+        return ResponseEntity.ok(message);
+    }
+
+
+    /**
+     * 批量新增非标日志
+     */
+    @PostMapping("/batch-save")
+
+    public ResponseEntity<Map<String, Object>> batchSaveMessages(@RequestBody List<SyslogNonNormalMessage> messages) {
+        Map<String, Object> result = new HashMap<>();
+        try {
+            int count = messageService.saveBatchMessages(messages);
+            result.put("success", true);
+            result.put("message", "批量保存成功");
+            result.put("data", count);
+            return ResponseEntity.ok(result);
+        } catch (Exception e) {
+            log.error("批量保存非标日志异常: {}", e.getMessage(), e);
+            result.put("success", false);
+            result.put("message", "批量保存异常: " + e.getMessage());
+            return ResponseEntity.internalServerError().body(result);
+        }
+    }
+    /**
+     * 删除非标日志
+     */
+    @DeleteMapping("/delete/{id}")
+
+    public ResponseEntity<Map<String, Object>> deleteMessage(
+           @PathVariable String id) {
+        Map<String, Object> result = new HashMap<>();
+        try {
+            boolean success = messageService.deleteMessage(id);
+            if (success) {
+                result.put("success", true);
+                result.put("message", "删除成功");
+                return ResponseEntity.ok(result);
+            } else {
+                result.put("success", false);
+                result.put("message", "删除失败，记录不存在");
+                return ResponseEntity.badRequest().body(result);
+            }
+        } catch (Exception e) {
+            log.error("删除非标日志异常: {}", e.getMessage(), e);
+            result.put("success", false);
+            result.put("message", "删除异常: " + e.getMessage());
+            return ResponseEntity.internalServerError().body(result);
+        }
+    }
+
+    /**
+     * 查询非标日志详情
+     */
+    @GetMapping("/detail/{id}")
+    public ResponseEntity<Map<String, Object>> getMessageDetail(
+            @PathVariable String id) {
+        Map<String, Object> result = new HashMap<>();
+        try {
+            SyslogNonNormalMessage message = messageService.getMessageById(id);
+            if (message != null) {
+                result.put("success", true);
+                result.put("message", "查询成功");
+                result.put("data", message);
+                return ResponseEntity.ok(result);
+            } else {
+                result.put("success", false);
+                result.put("message", "记录不存在或已被删除");
+                return ResponseEntity.badRequest().body(result);
+            }
+        } catch (Exception e) {
+            log.error("查询非标日志详情异常: {}", e.getMessage(), e);
+            result.put("success", false);
+            result.put("message", "查询异常: " + e.getMessage());
+            return ResponseEntity.internalServerError().body(result);
+        }
+    }
+}
\ No newline at end of file
diff --git a/haobang-security-xdr/syslog-consumer/src/main/java/com/controllers/SyslogPushController.java b/haobang-security-xdr/syslog-consumer/src/main/java/com/controllers/SyslogPushController.java
new file mode 100644
index 0000000..e2d7ffd
--- /dev/null
+++ b/haobang-security-xdr/syslog-consumer/src/main/java/com/controllers/SyslogPushController.java
@@ -0,0 +1,122 @@
+package com.controllers;
+import org.springframework.web.bind.annotation.PostMapping;
+import org.springframework.web.bind.annotation.RestController;
+
+import org.springframework.web.bind.annotation.GetMapping;
+import org.springframework.web.bind.annotation.RequestMapping;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.validation.annotation.Validated;
+import org.springframework.web.bind.annotation.*;
+
+import javax.validation.Valid;
+
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.validation.annotation.Validated;
+import org.springframework.web.bind.annotation.*;
+
+import javax.validation.Valid;
+import com.common.service.SyslogService;
+import com.common.entity.*;
+
+@RestController
+@RequestMapping("/syslog")
+@Validated
+public class SyslogPushController {
+
+    private static final Logger logger = LoggerFactory.getLogger(SyslogPushController.class);
+
+    @Autowired
+    private SyslogService syslogService;
+
+    /**
+     * 发送syslog消息
+     * POST /syslog/send
+     */
+    @PostMapping("/send")
+    public ApiResponse<String> sendSyslog( @RequestBody SyslogRequest request) {
+        logger.info("收到syslog发送请求: {}", request);
+
+        try {
+            boolean success = syslogService.sendSyslogMessage(request);
+            if (success) {
+                logger.info("Syslog消息发送成功: IP={}, Port={}", request.getIp(), request.getPort());
+                return ApiResponse.success("Syslog消息发送成功", "消息已成功发送到 " + request.getIp() + ":" + request.getPort());
+            } else {
+                logger.error("Syslog消息发送失败: IP={}, Port={}", request.getIp(), request.getPort());
+                return ApiResponse.error("Syslog消息发送失败", "SYSLOG_SEND_FAILED");
+            }
+
+        } catch (Exception e) {
+            logger.error("处理syslog请求时发生异常", e);
+            return ApiResponse.error("系统内部错误: " + e.getMessage(), "INTERNAL_ERROR");
+        }
+    }
+
+    /**
+     * 批量发送syslog消息
+     * POST /api/syslog/batch-send
+     */
+    @PostMapping("/batch-send")
+    public ApiResponse<BatchSendResult> batchSendSyslog(@Valid @RequestBody BatchSyslogRequest request) {
+        logger.info("收到批量syslog发送请求，共{}条消息", request.getLogs().size());
+
+        int successCount = 0;
+        int failCount = 0;
+
+        for (SyslogRequest logRequest : request.getLogs()) {
+            boolean success = syslogService.sendSyslogMessage(logRequest);
+            if (success) {
+                successCount++;
+            } else {
+                failCount++;
+            }
+        }
+
+        BatchSendResult result = new BatchSendResult(successCount, failCount);
+        logger.info("批量发送完成: 成功={}, 失败={}", successCount, failCount);
+
+        return ApiResponse.success("批量发送完成", result);
+    }
+
+    /**
+     * 批量发送请求DTO
+     */
+    public static class BatchSyslogRequest {
+        @Valid
+        private java.util.List<SyslogRequest> logs;
+
+        public java.util.List<SyslogRequest> getLogs() {
+            return logs;
+        }
+
+        public void setLogs(java.util.List<SyslogRequest> logs) {
+            this.logs = logs;
+        }
+    }
+
+    /**
+     * 批量发送结果DTO
+     */
+    public static class BatchSendResult {
+        private int successCount;
+        private int failCount;
+
+        public BatchSendResult(int successCount, int failCount) {
+            this.successCount = successCount;
+            this.failCount = failCount;
+        }
+
+        // Getter方法
+        public int getSuccessCount() {
+            return successCount;
+        }
+
+        public int getFailCount() {
+            return failCount;
+        }
+    }
+}
\ No newline at end of file
diff --git a/haobang-security-xdr/syslog-consumer/src/main/java/com/influx/InfluxDBClient.java b/haobang-security-xdr/syslog-consumer/src/main/java/com/influx/InfluxDBClient.java
new file mode 100644
index 0000000..eeb666a
--- /dev/null
+++ b/haobang-security-xdr/syslog-consumer/src/main/java/com/influx/InfluxDBClient.java
@@ -0,0 +1,233 @@
+package com.influx;
+
+import com.influxdb.client.InfluxDBClientFactory;
+import com.influxdb.client.WriteApi;
+import com.influxdb.client.WriteApiBlocking;
+import com.influxdb.client.domain.HealthCheck;
+import com.influxdb.client.write.Point;
+import com.config.AppConfig;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import com.influxdb.query.FluxRecord;
+import com.influxdb.query.FluxTable;
+import java.util.ArrayList;
+import java.util.HashMap;
+import java.util.List;
+import java.util.Map;
+import com.influxdb.client.QueryApi;
+import java.time.Instant;
+import java.time.format.DateTimeFormatter;
+
+
+public class InfluxDBClient implements AutoCloseable {
+    private static final Logger logger = LoggerFactory.getLogger(InfluxDBClient.class);
+
+    private final com.influxdb.client.InfluxDBClient influxDB;
+    private final WriteApi writeApi;
+    private final WriteApiBlocking writeApiBlocking;
+    private final String bucket;
+    private final String org;
+    private final QueryApi queryApi;
+
+    public InfluxDBClient() {
+
+        this.influxDB = InfluxDBClientFactory.create(
+                AppConfig.getInfluxUrl(),
+                AppConfig.getInfluxToken().toCharArray(),
+                AppConfig.getInfluxOrg(),
+                AppConfig.getInfluxBucket()
+        );
+        this.writeApi = influxDB.makeWriteApi(InfluxDBConfig.getWriteOptions());
+        this.writeApiBlocking = influxDB.getWriteApiBlocking();
+        this.bucket = AppConfig.getInfluxBucket();
+        this.org = AppConfig.getInfluxOrg();
+        this.queryApi = influxDB.getQueryApi();
+
+        // 检查连接状态
+        checkConnection();
+    }
+
+    private void checkConnection() {
+        try {
+            HealthCheck health = influxDB.health();
+            if (health.getStatus() == HealthCheck.StatusEnum.PASS) {
+                logger.info("InfluxDB connection successful: {}", health.getMessage());
+            } else {
+                logger.warn("InfluxDB health check: {}", health.getMessage());
+            }
+        } catch (Exception e) {
+            logger.error("Failed to connect to InfluxDB: {}", e.getMessage());
+            throw new RuntimeException("InfluxDB connection failed", e);
+        }
+    }
+
+    /**
+     * 写入数据点（异步）
+     */
+    public void writePoint(Point point) {
+        try {
+            writeApi.writePoint(point);
+        } catch (Exception e) {
+            logger.error("Failed to write point to InfluxDB: {}", e.getMessage());
+            throw e;
+        }
+    }
+
+    /**
+     * 写入数据点（同步，用于重要数据）
+     */
+    public void writePointBlocking(Point point) {
+        try {
+            writeApiBlocking.writePoint(point);
+        } catch (Exception e) {
+            logger.error("Failed to write point to InfluxDB (blocking): {}", e.getMessage());
+            throw e;
+        }
+
+    }
+
+    /**
+     * 写入原始 Line Protocol（异步）
+     */
+    public void writeRecord(String lineProtocol) {
+        try {
+            writeApi.writeRecord(InfluxDBConfig.getWritePrecision(),lineProtocol);
+        } catch (Exception e) {
+            logger.error("Failed to write record to InfluxDB: {}", e.getMessage());
+        }
+    }
+    /**
+     * 基础查询 - 查询所有数据
+     */
+    public List<FluxTable> queryAllData(String measurement) {
+        String fluxQuery = String.format(
+                "from(bucket: \"%s\") " +
+                        "|> range(start: -1d) " +
+                        "|> filter(fn: (r) => r._field != \"uuid\") " + // 新增此行，过滤掉field列的uuid
+                        "|> filter(fn: (r) => r._measurement == \"%s\")",
+                bucket, measurement
+        );
+
+        QueryApi queryApi = influxDB.getQueryApi();
+        return queryApi.query(fluxQuery, org);
+    }
+
+
+    /**
+     * 执行Flux查询并返回结果列表
+     */
+    public List<Map<String, Object>> queryFlux(String fluxQuery) {
+        List<Map<String, Object>> resultList = new ArrayList<>();
+        try {
+            List<FluxTable> tables = queryApi.query(fluxQuery, org);
+
+            for (FluxTable table : tables) {
+                for (FluxRecord record : table.getRecords()) {
+                    Map<String, Object> dataMap = new HashMap<>();
+
+                    // 添加时间戳
+                    dataMap.put("time", record.getTime());
+
+                    // 添加测量名称
+                    dataMap.put("measurement", record.getMeasurement());
+
+                    // 添加所有字段值
+                    dataMap.putAll(record.getValues());
+
+                    resultList.add(dataMap);
+                }
+            }
+            logger.debug("Query executed successfully, returned {} records", resultList.size());
+        } catch (Exception e) {
+            logger.error("Failed to execute Flux query: {}", e.getMessage());
+            throw new RuntimeException("Query execution failed", e);
+        }
+        return resultList;
+    }
+
+    /**
+     * 按时间范围查询数据
+     */
+    public List<Map<String, Object>> queryByTimeRange(String measurement, Instant startTime, Instant stopTime) {
+        String fluxQuery = String.format(
+                "from(bucket: \"%s\") " +
+                        "|> range(start: %s, stop: %s) " +
+                        "|> filter(fn: (r) => r._measurement == \"%s\") " +
+                        "|> filter(fn: (r) => r._field != \"uuid\") " + // 新增此行，过滤掉field列的uuid
+                        "|> pivot(rowKey: [\"_time\"], columnKey: [\"_field\"], valueColumn: \"_value\")",
+                bucket, startTime, stopTime, measurement
+        );
+        return queryFlux(fluxQuery);
+    }
+
+    /**
+     * 按UUID查询特定记录
+     */
+    public List<Map<String, Object>> queryByUuid(String measurement, String uuid) {
+        String fluxQuery = String.format(
+                "from(bucket: \"%s\") " +
+                        "|> range(start: 0) " +
+                        "|> filter(fn: (r) => r._measurement == \"%s\") " +
+                        "|> filter(fn: (r) => r.uuid == \"%s\") " +
+                        "|> filter(fn: (r) => r._field != \"uuid\") " + // 新增此行，过滤掉field列的uuid
+                        "|> pivot(rowKey: [\"_time\"], columnKey: [\"_field\"], valueColumn: \"_value\")",
+                bucket, measurement, uuid
+        );
+        return queryFlux(fluxQuery);
+    }
+
+    /**
+     * 按设备ID和时间范围查询
+     */
+    public List<Map<String, Object>> queryByDeviceIdAndTime(String measurement, String deviceId, Instant startTime, Instant stopTime) {
+        String fluxQuery = String.format(
+                "from(bucket: \"%s\") " +
+                        "|> range(start: %s, stop: %s) " +
+                        "|> filter(fn: (r) => r._measurement == \"%s\") " +
+                        "|> filter(fn: (r) => r.device_id == \"%s\") " +
+                        "|> filter(fn: (r) => r._field != \"uuid\") " + // 新增此行，过滤掉field列的uuid
+                        "|> pivot(rowKey: [\"_time\"], columnKey: [\"_field\"], valueColumn: \"_value\")",
+                bucket, startTime, stopTime, measurement, deviceId
+        );
+        return queryFlux(fluxQuery);
+    }
+
+    /**
+     * 模糊查询message内容
+     */
+    public List<Map<String, Object>> queryByMessageContent(String measurement, Instant startTime, Instant stopTime, String keyword) {
+        String fluxQuery = String.format(
+                "from(bucket: \"%s\") " +
+                        "|> range(start: %s, stop: %s) " +
+                        "|> filter(fn: (r) => r._measurement == \"%s\") " +
+                        "|> filter(fn: (r) => r._field == \"message\") " +
+                        "|> filter(fn: (r) => r._value =~ /.*%s.*/) " +
+                        "|> filter(fn: (r) => r._field != \"uuid\") " + // 新增此行，过滤掉field列的uuid
+                        "|> pivot(rowKey: [\"_time\"], columnKey: [\"_field\"], valueColumn: \"_value\")",
+                bucket, startTime, stopTime, measurement, keyword
+        );
+        return queryFlux(fluxQuery);
+    }
+
+
+
+    @Override
+    public void close() {
+        if (writeApi != null) {
+            writeApi.close();
+        }
+        if (influxDB != null) {
+            influxDB.close();
+        }
+        logger.info("InfluxDB client closed");
+    }
+
+    // Getter 方法
+    public String getBucket() {
+        return bucket;
+    }
+
+    public String getOrg() {
+        return org;
+    }
+}
\ No newline at end of file
diff --git a/haobang-security-xdr/syslog-consumer/src/main/java/com/influx/InfluxDBConfig.java b/haobang-security-xdr/syslog-consumer/src/main/java/com/influx/InfluxDBConfig.java
new file mode 100644
index 0000000..8184240
--- /dev/null
+++ b/haobang-security-xdr/syslog-consumer/src/main/java/com/influx/InfluxDBConfig.java
@@ -0,0 +1,18 @@
+package com.influx;
+import com.influxdb.client.WriteOptions;
+import com.influxdb.client.domain.WritePrecision;
+
+public class InfluxDBConfig {
+    public static WriteOptions getWriteOptions() {
+        return WriteOptions.builder()
+                .batchSize(com.config.AppConfig.getInfluxBatchSize())
+                .flushInterval(com.config.AppConfig.getInfluxFlushInterval())
+                .jitterInterval(1000)
+                .retryInterval(com.config.AppConfig.getInfluxRetryDelay())
+                .build();
+    }
+
+    public static WritePrecision getWritePrecision() {
+        return WritePrecision.MS; // 毫秒精度
+    }
+}
\ No newline at end of file
diff --git a/haobang-security-xdr/syslog-consumer/src/main/java/com/influx/SyslogToInfluxApp.java b/haobang-security-xdr/syslog-consumer/src/main/java/com/influx/SyslogToInfluxApp.java
new file mode 100644
index 0000000..851886b
--- /dev/null
+++ b/haobang-security-xdr/syslog-consumer/src/main/java/com/influx/SyslogToInfluxApp.java
@@ -0,0 +1,68 @@
+package com.influx;
+
+
+import com.config.AppConfig;
+import com.influx.InfluxDBClient;
+import com.influxdb.client.*;
+import com.influxdb.client.domain.WritePrecision;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import com.influxdb.client.write.Point;
+import java.util.concurrent.CompletableFuture;
+import com.influxdb.query.FluxTable;
+import java.util.List;
+
+public class SyslogToInfluxApp {
+    private static final Logger logger = LoggerFactory.getLogger(SyslogToInfluxApp.class);
+
+    private com.influx.InfluxDBClient influxClient;
+
+
+    public static void main(String[] args) {
+        SyslogToInfluxApp app = new SyslogToInfluxApp();
+        app.start("<15>2025-09-26T11:47:18Z 5f46d3be75e1 supermario 128 honeypot_event - {\"source\":\"honeypot\",\"id\":\"f6a13c35-bf9d-4da6-a181-50ce23e7ef6a\",\"start_time\":\"2023-09-03T11:07:02.50167643Z\",\"time\":\"2023-09-03T11:16:18.883885281Z\",\"risk_level\":4,\"connection\":\"b18f3fbe-3fbf-4495-815f-ff26f6fb0bdf\",\"file_info\":null,\"extra\":{\"payload\":{\"format\":\"line\",\"name\":{\"cn\":\"攻击载荷\",\"en\":\"payload\"},\"value\":\"\"},\"uid\":{\"format\":\"line\",\"name\":{\"cn\":\"\",\"en\":\"\"},\"uid\":\"b4cbc73c-25d0-4429-ae1b-a856cdf1a651\",\"value\":\"\"}},\"type\":\"WEB_ATTACK_SCANNER\",\"agent_sn\":\"caa7da42-0cca-4cb1-b501-1f1eb2b588d5\",\"agent_name\":\" 教育局蜜罐探针\",\"honeypot_id\":\"11a9ac6bdf38ae2aaa49ec4f1b4a921bff71952cb9f175bdd8ee1f0497057bc6\",\"honeypot_name\":\"茂名市中小学管理平台管理后台\",\"src_ip\":\"117.50.189.7\",\"src_port\":58512,\"src_mac\":\"\",\"dest_ip\":\"192.168.222.2\",\"dest_port\":9200,\"proxy_ip\":null,\"node\":\"WRx3\"}" );
+        // 添加关闭钩子
+       // Runtime.getRuntime().addShutdownHook(new Thread(app::stop));
+    }
+
+    public void start(String syslog) {
+        try {
+            logger.info("Starting Syslog to InfluxDB application...");
+
+            // 初始化 InfluxDB 客户端
+            influxClient = new InfluxDBClient();
+            influxClient.writeRecord(syslog);
+            Point point = Point.measurement("syslog_normal")
+                    .addTag("ip", "localhost")       // 添加标签
+                    .addField("info",syslog)          // 添加字段
+                    .addField("clientid","CC-202500110092")          // 添加字段
+                    .addField("clientname","CC-honeypot92")          // 添加字段
+                    .addField("source","honeypot")          // 添加字段
+                    .time(System.currentTimeMillis(), WritePrecision.MS) ;// 毫秒级时间戳
+
+            //influxClient.writePointBlocking(point);
+            List<FluxTable>  logTables =influxClient.queryAllData("syslog_normal");
+            System.out.println("influxdb wirte syslog ok");
+            // 初始化 Syslog 解析器
+           // SyslogParser parser = new SyslogParser();
+
+            // 启动 Syslog 服务器
+            //syslogServer = new SyslogServer(parser, influxClient);
+            //CompletableFuture<Void> serverFuture = syslogServer.start();
+         /*
+            serverFuture.whenComplete((result, error) -> {
+                if (error != null) {
+                    logger.error("Failed to start syslog server", error);
+                    System.exit(1);
+                }
+            });
+          */
+            // 等待服务器启动完成
+          //  serverFuture.join();
+
+        } catch (Exception e) {
+            logger.error("Failed to write log function error", e);
+        }
+    }
+
+}
\ No newline at end of file
diff --git a/haobang-security-xdr/syslog-consumer/src/main/java/com/influx/dto/SyslogQueryDto.java b/haobang-security-xdr/syslog-consumer/src/main/java/com/influx/dto/SyslogQueryDto.java
new file mode 100644
index 0000000..38baba2
--- /dev/null
+++ b/haobang-security-xdr/syslog-consumer/src/main/java/com/influx/dto/SyslogQueryDto.java
@@ -0,0 +1,24 @@
+package com.influx.dto;
+
+import lombok.Data;
+import javax.validation.constraints.NotBlank;
+import javax.validation.constraints.Size;
+import java.time.Instant;
+
+@Data
+public class SyslogQueryDto {
+
+    @NotBlank(message = "开始时间不能为空")
+    private String startTime;
+
+    @NotBlank(message = "结束时间不能为空")
+    private String endTime;
+
+    private String deviceId;
+
+    @Size(max = 32, message = "搜索关键字长度不能超过32个字符")
+    private String keyword;
+
+    @NotBlank(message = "UUID不能为空")
+    private String uuid;
+}
diff --git a/haobang-security-xdr/syslog-consumer/src/main/java/com/kafka/kafkalogconsumer.java b/haobang-security-xdr/syslog-consumer/src/main/java/com/kafka/kafkalogconsumer.java
new file mode 100644
index 0000000..4a02221
--- /dev/null
+++ b/haobang-security-xdr/syslog-consumer/src/main/java/com/kafka/kafkalogconsumer.java
@@ -0,0 +1,158 @@
+package  com.kafka;
+import com.common.entity.SyslogMessage;
+import com.common.entity.XdrHoneypot;
+import com.common.mapper.XdrHoneypotMapper;
+import com.common.util.MyBatisUtil;
+import com.common.util.SyslogParser;
+import com.influxdb.client.domain.WritePrecision;
+import com.influxdb.client.write.Point;
+import org.apache.ibatis.session.SqlSession;
+import org.apache.kafka.clients.consumer.*;
+import org.apache.kafka.common.serialization.StringDeserializer;
+import java.time.Duration;
+import java.time.format.DateTimeFormatter;
+import java.util.*;
+
+import com.influx.InfluxDBClient;
+import com.common.util.JsonParser;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import  com.common.util.JsonParser;
+import com.config.AppConfig;
+import com.Modules.NormalData.LogNormalProcessor;
+import java.time.LocalDate;
+import java.time.format.DateTimeFormatter;
+
+public class kafkalogconsumer {
+
+    private static final Logger logger = LoggerFactory.getLogger(kafkalogconsumer.class);
+    private static final DateTimeFormatter formatter = DateTimeFormatter.ofPattern("yyyy-MM-dd HH:mm:ss");
+    private static final Random random = new Random();
+
+     public  kafkalogconsumer() {
+         Run();
+     }
+
+    public static void main(String[] args) {
+        Run();
+    }
+    public static void Run()
+    {
+        // 配置消费者属性
+        //Properties props = new Properties();
+        //props.put(ConsumerConfig.BOOTSTRAP_SERVERS_CONFIG, "192.168.222.130:9092");
+       // props.put(ConsumerConfig.GROUP_ID_CONFIG, "test-group-app");
+        Properties props = new Properties();
+        props.put(ConsumerConfig.BOOTSTRAP_SERVERS_CONFIG, AppConfig.getBootstrapServers());
+        props.put(ConsumerConfig.GROUP_ID_CONFIG, AppConfig.getGroupId());
+        props.put(ConsumerConfig.KEY_DESERIALIZER_CLASS_CONFIG, StringDeserializer.class.getName());
+        props.put(ConsumerConfig.VALUE_DESERIALIZER_CLASS_CONFIG, StringDeserializer.class.getName());
+
+        // 可选配置
+        //props.put(ConsumerConfig.AUTO_OFFSET_RESET_CONFIG, "none"); // 从最早的消息开始消费
+        //props.put(ConsumerConfig.AUTO_OFFSET_RESET_CONFIG, "earliest"); // 从最早的消息开始消费
+        //props.put(ConsumerConfig.ENABLE_AUTO_COMMIT_CONFIG, "true"); // 自动提交偏移量
+        //props.put(ConsumerConfig.AUTO_COMMIT_INTERVAL_MS_CONFIG, "1000"); // 自动提交间隔
+        //props.put(ConsumerConfig.MAX_POLL_RECORDS_CONFIG, 1000); // 设置单次拉取最大消息数[citation:6]
+        props.put(ConsumerConfig.AUTO_OFFSET_RESET_CONFIG, AppConfig.getAutoOffsetReset()); // 从last开始消费
+        props.put(ConsumerConfig.ENABLE_AUTO_COMMIT_CONFIG, AppConfig.getEnableAutoCommit()); // 自动提交偏移量
+        props.put(ConsumerConfig.AUTO_COMMIT_INTERVAL_MS_CONFIG,AppConfig.getAutoCommitIntervalMS()); // 自动提交间隔
+
+        // 创建消费者实例
+        Consumer<String, String> consumer = new KafkaConsumer<>(props);
+        try {
+            // 订阅主题
+            consumer.subscribe(Collections.singletonList(AppConfig.getTopic()));
+
+            System.out.println("开始消费消息...");
+            com.influx.InfluxDBClient influxClient  = new InfluxDBClient();
+            // 持续消费消息
+            while (true) {
+                // 拉取消息（等待最多100毫秒）
+                ConsumerRecords<String, String> records = consumer.poll(Duration.ofMillis(100));
+                for (ConsumerRecord<String, String> record : records) {
+                    logger.info("收到syslogmessage："+ record.value());
+                    System.out.printf(
+                            "收到消息: 主题=%s, 分区=%d, 偏移量=%d, 键=%s, 值=%s%n",
+                            record.topic(),
+                            record.partition(),
+                            record.offset(),
+                            record.key(),
+                            record.value()
+                    );
+                    String sysLogUUID =getSysLogUUID();
+                    String strDeviceInfo=SyslogParser.substringBeforeFirstChar(record.value(),']');
+                    Map<String,String> mapdev  =SyslogParser.parseKeyValuePairs(strDeviceInfo);
+
+                    // 初始化 InfluxDB 客户端
+                    Point point = Point.measurement("syslog_security")
+                            .addTag("deviceid", mapdev.get("device_id")) // 添加标签
+                            .addTag("uuid", sysLogUUID)   //syslog uuid
+                            .addTag("topic", AppConfig.getTopic())  //kafka topic
+                            .addField("message", record.value()) // 添加字段
+                            .time(System.currentTimeMillis(), WritePrecision.MS) ;// 毫秒级时间戳
+                    influxClient.writePointBlocking(point);
+                    System.out.println("influxdb wirte syslog ,value:"+  record.key());
+                    // 日志信息插入pg XdrHoneypot 表
+                    //insertSingleRecord( record.value());
+                    System.out.println("insert  postgres syslog ,value:"+  record.key());
+
+                    //String syslogMessage= AppConfig.geRunEnvironment‌().equals("test")? record.value().substring(34) : record.value();
+                    String syslogMessage= record.value();
+                    //剔除测试环境本机syslog新增的头部信息
+                    LogNormalProcessor logNormalProcessor = new LogNormalProcessor(syslogMessage,sysLogUUID,AppConfig.getTopic());
+                    //LogNormalProcessor logNormalProcessor =new LogNormalProcessor(record.value());
+                    logNormalProcessor.init();
+                }
+                // 手动提交偏移量（如果禁用自动提交）
+                 consumer.commitSync();
+            }
+        } catch (Exception e) {
+            e.printStackTrace();
+        } finally {
+            // 关闭消费者
+            consumer.close();
+        }
+    }
+    /**
+     * 获取日志信息UUID，格式: yyyyMMddxxxxxxxx
+     * @return
+     */
+    private static String  getSysLogUUID ()
+    {
+        // 获取当前日期
+        LocalDate currentDate = LocalDate.now();
+        // 定义格式 (yyyyMMdd)
+        DateTimeFormatter formatter = DateTimeFormatter.ofPattern("yyyyMMdd");
+        // 格式化日期
+        String formattedDate = currentDate.format(formatter);
+        return formattedDate +"-"+ UUID.randomUUID() ;
+    }
+
+    /**
+     * 单条记录插入演示
+     */
+    private static void insertSingleRecord(String  strlog) {
+        logger.info("=== 单条记录插入演示 ===");
+
+        try (SqlSession sqlSession = MyBatisUtil.getSqlSession()) {
+            XdrHoneypotMapper mapper = sqlSession.getMapper(XdrHoneypotMapper.class);
+
+            // 创建测试数据
+            //XdrHoneypot record = createTestXdrHoneypot(1);
+            XdrHoneypot record = JsonParser.parseLogMessageToXdrHoneypot( strlog);
+            // 插入记录
+            int result = mapper.insert(record);
+            sqlSession.commit();
+
+            if (result > 0) {
+                logger.info("单条记录插入成功，ID: {}", record.getId());
+                logger.info("插入的数据: {}", record);
+            } else {
+                logger.error("单条记录插入失败");
+            }
+        } catch (Exception e) {
+            logger.error("单条记录插入出错", e);
+        }
+    }
+}
diff --git a/haobang-security-xdr/syslog-consumer/src/main/java/com/kafka/kafkalogconsumerThead.java b/haobang-security-xdr/syslog-consumer/src/main/java/com/kafka/kafkalogconsumerThead.java
new file mode 100644
index 0000000..f32f89b
--- /dev/null
+++ b/haobang-security-xdr/syslog-consumer/src/main/java/com/kafka/kafkalogconsumerThead.java
@@ -0,0 +1,156 @@
+package com.kafka;
+
+import com.Modules.NormalData.LogNormalProcessor;
+import com.common.entity.XdrHoneypot;
+import com.common.mapper.XdrHoneypotMapper;
+import com.common.util.JsonParser;
+import com.common.util.MyBatisUtil;
+import com.common.util.SyslogParser;
+import com.config.AppConfig;
+import com.influx.InfluxDBClient;
+import com.influxdb.client.domain.WritePrecision;
+import com.influxdb.client.write.Point;
+import org.apache.ibatis.session.SqlSession;
+import org.apache.kafka.clients.consumer.*;
+import org.apache.kafka.common.serialization.StringDeserializer;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+import java.time.Duration;
+import java.time.LocalDate;
+import java.time.format.DateTimeFormatter;
+import java.util.*;
+
+public class kafkalogconsumerThead {
+
+    private static final Logger logger = LoggerFactory.getLogger(kafkalogconsumerThead.class);
+    private static final DateTimeFormatter formatter = DateTimeFormatter.ofPattern("yyyy-MM-dd HH:mm:ss");
+    private static final Random random = new Random();
+
+     public kafkalogconsumerThead() {
+         Run();
+     }
+
+    public static void main(String[] args) {
+        Run();
+    }
+    public static void Run()
+    {
+        // 配置消费者属性
+        //Properties props = new Properties();
+        //props.put(ConsumerConfig.BOOTSTRAP_SERVERS_CONFIG, "192.168.222.130:9092");
+       // props.put(ConsumerConfig.GROUP_ID_CONFIG, "test-group-app");
+        Properties props = new Properties();
+        props.put(ConsumerConfig.BOOTSTRAP_SERVERS_CONFIG, AppConfig.getBootstrapServers());
+        props.put(ConsumerConfig.GROUP_ID_CONFIG, AppConfig.getGroupId());
+        props.put(ConsumerConfig.KEY_DESERIALIZER_CLASS_CONFIG, StringDeserializer.class.getName());
+        props.put(ConsumerConfig.VALUE_DESERIALIZER_CLASS_CONFIG, StringDeserializer.class.getName());
+
+        // 可选配置
+        //props.put(ConsumerConfig.AUTO_OFFSET_RESET_CONFIG, "none"); // 从最早的消息开始消费
+        //props.put(ConsumerConfig.AUTO_OFFSET_RESET_CONFIG, "earliest"); // 从最早的消息开始消费
+        //props.put(ConsumerConfig.ENABLE_AUTO_COMMIT_CONFIG, "true"); // 自动提交偏移量
+        //props.put(ConsumerConfig.AUTO_COMMIT_INTERVAL_MS_CONFIG, "1000"); // 自动提交间隔
+        //props.put(ConsumerConfig.MAX_POLL_RECORDS_CONFIG, 1000); // 设置单次拉取最大消息数[citation:6]
+        props.put(ConsumerConfig.AUTO_OFFSET_RESET_CONFIG, AppConfig.getAutoOffsetReset()); // 从last开始消费
+        props.put(ConsumerConfig.ENABLE_AUTO_COMMIT_CONFIG, AppConfig.getEnableAutoCommit()); // 自动提交偏移量
+        props.put(ConsumerConfig.AUTO_COMMIT_INTERVAL_MS_CONFIG,AppConfig.getAutoCommitIntervalMS()); // 自动提交间隔
+
+        // 创建消费者实例
+        Consumer<String, String> consumer = new KafkaConsumer<>(props);
+        try {
+            // 订阅主题
+            consumer.subscribe(Collections.singletonList(AppConfig.getTopic()));
+
+            System.out.println("开始消费消息...");
+            InfluxDBClient influxClient  = new InfluxDBClient(); ;
+            // 持续消费消息
+            while (true) {
+                // 拉取消息（等待最多100毫秒）
+                ConsumerRecords<String, String> records = consumer.poll(Duration.ofMillis(100));
+                for (ConsumerRecord<String, String> record : records) {
+                    logger.info("收到syslogmessage："+ record.value());
+                    System.out.printf(
+                            "收到消息: 主题=%s, 分区=%d, 偏移量=%d, 键=%s, 值=%s%n",
+                            record.topic(),
+                            record.partition(),
+                            record.offset(),
+                            record.key(),
+                            record.value()
+                    );
+                    String sysLogUUID =getSysLogUUID();
+                    String strDeviceInfo=SyslogParser.substringBeforeFirstChar(record.value(),']');
+                    Map<String,String> mapdev  =SyslogParser.parseKeyValuePairs(strDeviceInfo);
+
+                    // 初始化 InfluxDB 客户端
+                    Point point = Point.measurement("syslog_security")
+                            .addTag("deviceid", mapdev.get("device_id")) // 添加标签
+                            .addTag("uuid", sysLogUUID)   //syslog uuid
+                            .addTag("topic", AppConfig.getTopic())  //kafka topic
+                            .addField("message", record.value()) // 添加字段
+                            .time(System.currentTimeMillis(), WritePrecision.MS) ;// 毫秒级时间戳
+                    influxClient.writePointBlocking(point);
+                    System.out.println("influxdb wirte syslog ,value:"+  record.key());
+                    // 日志信息插入pg XdrHoneypot 表
+                    //insertSingleRecord( record.value());
+                    System.out.println("insert  postgres syslog ,value:"+  record.key());
+
+                    //String syslogMessage= AppConfig.geRunEnvironment‌().equals("test")? record.value().substring(34) : record.value();
+                    String syslogMessage= record.value();
+                    //剔除测试环境本机syslog新增的头部信息
+                    LogNormalProcessor logNormalProcessor = new LogNormalProcessor(syslogMessage,sysLogUUID,AppConfig.getTopic());
+                    //LogNormalProcessor logNormalProcessor =new LogNormalProcessor(record.value());
+                    logNormalProcessor.init();
+                }
+                // 手动提交偏移量（如果禁用自动提交）
+                // consumer.commitSync();
+            }
+        } catch (Exception e) {
+            e.printStackTrace();
+        } finally {
+            // 关闭消费者
+            consumer.close();
+        }
+    }
+    /**
+     * 获取日志信息UUID，格式: yyyyMMddxxxxxxxx
+     * @return
+     */
+    private static String  getSysLogUUID ()
+    {
+        // 获取当前日期
+        LocalDate currentDate = LocalDate.now();
+        // 定义格式 (yyyyMMdd)
+        DateTimeFormatter formatter = DateTimeFormatter.ofPattern("yyyyMMdd");
+        // 格式化日期
+        String formattedDate = currentDate.format(formatter);
+        return formattedDate +"-"+ UUID.randomUUID() ;
+    }
+
+    /**
+     * 单条记录插入演示
+     */
+    private static void insertSingleRecord(String  strlog) {
+        logger.info("=== 单条记录插入演示 ===");
+
+        try (SqlSession sqlSession = MyBatisUtil.getSqlSession()) {
+            XdrHoneypotMapper mapper = sqlSession.getMapper(XdrHoneypotMapper.class);
+
+            // 创建测试数据
+            //XdrHoneypot record = createTestXdrHoneypot(1);
+            XdrHoneypot record = JsonParser.parseLogMessageToXdrHoneypot( strlog);
+            // 插入记录
+            int result = mapper.insert(record);
+            sqlSession.commit();
+
+            if (result > 0) {
+                logger.info("单条记录插入成功，ID: {}", record.getId());
+                logger.info("插入的数据: {}", record);
+            } else {
+                logger.error("单条记录插入失败");
+            }
+        } catch (Exception e) {
+            logger.error("单条记录插入出错", e);
+        }
+    }
+}
diff --git a/haobang-security-xdr/syslog-consumer/src/main/java/com/syslogApplication.java b/haobang-security-xdr/syslog-consumer/src/main/java/com/syslogApplication.java
new file mode 100644
index 0000000..27a4b00
--- /dev/null
+++ b/haobang-security-xdr/syslog-consumer/src/main/java/com/syslogApplication.java
@@ -0,0 +1,142 @@
+package com;
+import com.common.entity.DmColumn;
+import com.common.entity.DmNormalizeRule;
+import com.common.mapper.DmNormalizeRuleMapper;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.boot.SpringApplication;
+import org.springframework.boot.autoconfigure.SpringBootApplication;
+import  com.kafka.kafkalogconsumer;
+
+import com.common.entity.XdrHoneypot;
+import com.common.mapper.XdrHoneypotMapper;
+import com.common.util.MyBatisUtil;
+import org.apache.ibatis.session.SqlSession;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import java.time.LocalDateTime;
+import java.time.format.DateTimeFormatter;
+import java.util.List;
+import java.util.Map;
+import java.util.Random;
+import org.springframework.transaction.annotation.EnableTransactionManagement;
+import org.mybatis.spring.annotation.MapperScan;
+import com.Modules.NormalData.logNormalData;
+import com.common.service.DmColumnService;
+
+@MapperScan("com.common.mapper")
+@EnableTransactionManagement  // 启用事务管理
+@SpringBootApplication
+public class syslogApplication {
+
+    private static final Logger logger = LoggerFactory.getLogger(syslogApplication.class);
+    private static final DateTimeFormatter formatter = DateTimeFormatter.ofPattern("yyyy-MM-dd HH:mm:ss");
+    private static final Random random = new Random();
+@Autowired
+ private static DmColumnService dmColumnService;
+
+    /**
+     *
+     * 应用程序主入口方法
+     *
+     * @param args 命令行参数
+     */
+    public static void main(String[] args) {
+
+        // 启动Spring Boot应用
+        SpringApplication.run(syslogApplication.class, args);
+        //insertSingleRecord();
+        //testTransaction();
+       // logNormalData  logData =new logNormalData( "");
+        //List<Map<String, Object>> rulelst= logData.getRuleList(1);
+      // kafkalogconsumer  logconsumer=new kafkalogconsumer();
+       //logconsumer.Run();
+
+    }
+
+    public static void testTransaction() {
+
+        try (SqlSession sqlSession = MyBatisUtil.getSqlSession()) {
+            DmNormalizeRuleMapper rulemapper = sqlSession.getMapper(DmNormalizeRuleMapper.class);
+            List<Map<String, Object>>  rulelst= rulemapper.selectByDeviceId((long)1);
+            DmNormalizeRule rule1 = rulemapper.selectById((long)1);
+            sqlSession.commit();
+
+            if (!rule1.equals(null)) {
+                System.out.println("查询结果: " + rule1);
+            } else {
+
+            }
+        } catch (Exception e) {
+            System.out.println("异常消息: " + e.getMessage());
+        }
+        // DmNormalizeRule rule = dmNormalizeRuleService.getById(1L);
+
+        /**测试更新（写事务）
+         if (rule != null) {
+         rule.setDescription("测试更新描述");
+         boolean success = dmNormalizeRuleService.updateById(rule);
+         System.out.println("更新结果: " + success);
+         }
+         **/
+    }
+    /**
+     * 单条记录插入演示
+     */
+    private static void insertSingleRecord() {
+        logger.info("=== 单条记录插入演示 ===");
+
+        try (SqlSession sqlSession = MyBatisUtil.getSqlSession()) {
+            XdrHoneypotMapper Xdrmapper = sqlSession.getMapper(XdrHoneypotMapper.class);
+
+            // 创建测试数据
+            XdrHoneypot record = createTestXdrHoneypot(1);
+            // 插入记录
+            int result = Xdrmapper.insert(record);
+            sqlSession.commit();
+
+            if (result > 0) {
+                logger.info("单条记录插入成功，ID: {}", record.getId());
+                logger.info("插入的数据: {}", record);
+            } else {
+                logger.error("单条记录插入失败");
+            }
+        } catch (Exception e) {
+            logger.error("单条记录插入出错", e);
+        }
+    }
+    /**
+     * 创建测试用的 XdrHoneypot 数据
+     */
+    private static XdrHoneypot createTestXdrHoneypot(int index) {
+        String timestamp = LocalDateTime.now().format(formatter);
+
+        return new XdrHoneypot(
+                "vc-source-" + index,
+                timestamp,
+                timestamp,
+                getRandomRiskLevel(),
+                "connection-" + index,
+                "file-info-" + index,
+                "额外信息-" + index + " - 测试数据",
+                "vctype-" + (index % 3 + 1),
+                "agent-sn-" + index,
+                "agent-name-" + index,
+                "honeypot-id-" + index,
+                "honeypot-name-" + index,
+                "192.168." + (index % 255) + "." + (index % 255),
+                String.valueOf(8000 + index),
+                "00:1B:44:11:3A:B" + (index % 10),
+                "10.0.0." + index,
+                String.valueOf(80 + index),
+                "proxy-" + index + ".example.com",
+                "node-" + index
+        );
+    }
+    /**
+     * 获取随机风险等级
+     */
+    private static String getRandomRiskLevel() {
+        String[] levels = {"LOW", "MEDIUM", "HIGH", "CRITICAL"};
+        return levels[random.nextInt(levels.length)];
+    }
+}
diff --git a/haobang-security-xdr/syslog-consumer/src/main/resources/application-dev.properties b/haobang-security-xdr/syslog-consumer/src/main/resources/application-dev.properties
new file mode 100644
index 0000000..684d278
--- /dev/null
+++ b/haobang-security-xdr/syslog-consumer/src/main/resources/application-dev.properties
@@ -0,0 +1,125 @@
+#Server Configuration
+server.port=8089
+server.servlet.context-path=/xdrservice
+#server.address=0.0.0.0
+server.tomcat.uri-encoding=UTF-8
+server.error.include-message=always
+server.error.include-binding-errors=always
+
+#run.environment:  dev|test|pro
+server.run.environment=dev
+
+
+# Syslog Server Configuration
+syslog.tcp.port=514
+syslog.udp.port=514
+syslog.max.frame.length=65536
+syslog.buffer.size=1000
+
+# InfluxDB 2.7 Configuration
+influxdb.url=http://192.168.222.131:8086
+influxdb.token=3Tvu-IZWtaY03UDkbUDlufD0kxn85keo9LhYQcv2Cxk0LJmXqqHkNVrO664DbaJAYwoGI7UIg904KqZC7Q_ZFA==
+influxdb.org=yelang
+influxdb.bucket=yelangbucket
+influxdb.batch.size=1000
+influxdb.flush.interval=1000
+influxdb.retry.attempts=3
+influxdb.retry.delay=1000
+
+# Application Configuration
+app.worker.threads=4
+app.max.queue.size=10000
+app.metrics.enabled=true
+
+
+#database Configuration
+spring.datasource.url=jdbc:postgresql://117.72.68.72:54329/ecosys
+spring.datasource.username=postgres
+spring.datasource.password=TnLanWaidYSwTSG5
+spring.datasource.driver-class-name=org.postgresql.Driver
+
+# mybatis Configuration
+mybatis.mapper-locations=classpath:mapper/*.xml
+mybatis.type-aliases-package=com.common.entity
+
+#mybatis handler ��
+mybatis.configuration.default-statement-timeout=30
+mybatis.configuration.default-fetch-size=1000
+mybatis.configuration.map-underscore-to-camel-case=true
+mybatis.type-handlers-package=com.Modules.etl.handler
+mybatis-plus.configuration.map-underscore-to-camel-case=true
+mybatis-plus.type-handlers-package=com.Modules.etl.handler
+# kafka Configuration
+spring.kafka.consumer.bootstrap-servers=192.168.222.130:9092
+spring.kafka.consumer.group-id=test-group-app
+spring.kafka.consumer.auto-offset-reset=latest
+spring.kafka.consumer.enable-auto-commit=false 
+spring.kafka.consumer.auto-commit-interval=1000
+spring.kafka.consumer.topic=test-topic
+
+spring.kafka.consumer.max-poll-records=1000
+spring.kafka.consumer.properties.max.poll.interval.ms=300000
+spring.kafka.consumer.properties.session.timeout.ms=45000
+
+#spring.kafka.consumer.key-deserializer: org.apache.kafka.common.serialization.StringDeserializer
+#spring.kafka.consumer.value-deserializer: org.apache.kafka.common.serialization.StringDeserializer
+spring.kafka.consumer.fetch-min-size= 1048576
+spring.kafka.listener.ack-mode= manual
+spring.kafka.listener.concurrency= 2  
+spring.kafka.listener.type=batch
+
+
+# ��ʱ��������
+spring.task.scheduling.pool.size=10
+
+# ��־����
+logging.level.com.common.schedule=INFO
+logging.level.com.common.service=INFO
+
+# �������������
+partition.check.tomorrow.enabled=true
+partition.check.future.days=7
+partition.auto.create=true
+
+# ����������������
+spring.redis.host=localhost
+spring.redis.port=6379
+# ���루���û���������룬����ʡ�ԣ�
+spring.redis.password=
+spring.redis.database=0
+spring.redis.timeout=2000
+
+spring.redis.lettuce.pool.max-active=8
+spring.redis.lettuce.pool.max-wait=-1
+spring.redis.lettuce.pool.max-idle=8
+spring.redis.lettuce.pool.min-idle=0
+# ������������ʱ��϶̣��������
+spring.cache.redis.time-to-live=600000
+
+
+# Ӧ�ô���������
+app.processor.thread-pool.core-pool-size=10
+app.processor.thread-pool.max-pool-size=20
+app.processor.thread-pool.queue-capacity=2000
+app.processor.thread-pool.keep-alive-seconds=60
+app.processor.batch-size=100
+app.processor.process-timeout-ms=30000
+
+
+# ���� Elasticsearch
+# Elasticsearch���ӵ�ַ
+spring.elasticsearch.uris=http://192.168.1.174:9200
+# ���� Elasticsearch �û���
+spring.elasticsearch.username=CONTAINER_NAME
+# ���� Elasticsearch ����
+spring.elasticsearch.password=t2NZCiajmdazxBrF
+# ���ӳ�ʱʱ��
+spring.elasticsearch.connection-timeout=10s
+# Socket ��ʱʱ��
+spring.elasticsearch.socket-timeout=30s
+
+
+# ETL����
+etl.batch.page-size=1000
+etl.batch.insert-batch-size=500
+etl.schedule.cron=0 0 2 * * ?
diff --git a/haobang-security-xdr/syslog-consumer/src/main/resources/application-prod-zc.properties b/haobang-security-xdr/syslog-consumer/src/main/resources/application-prod-zc.properties
new file mode 100644
index 0000000..e63b756
--- /dev/null
+++ b/haobang-security-xdr/syslog-consumer/src/main/resources/application-prod-zc.properties
@@ -0,0 +1,124 @@
+#Server Configuration  [zhongcheng]
+server.port=8089
+server.servlet.context-path=/xdrservice
+#server.address=0.0.0.0
+server.tomcat.uri-encoding=UTF-8
+server.error.include-message=always
+server.error.include-binding-errors=always
+
+#run.environment:  dev|test|prod
+server.run.environment=prod
+
+
+# Syslog Server Configuration
+syslog.tcp.port=514
+syslog.udp.port=514
+syslog.max.frame.length=65536
+syslog.buffer.size=1000
+
+# InfluxDB 2.7 Configuration
+influxdb.url=http://10.11.2.141:8087
+influxdb.token=_dTKzcUbYIKSo5jvLVExYki1L4wyuRKsm5XxB90CqYBzgu7GpQD-VCB4cHSd9XOhVQIBl5ke-XaL82JHsogW7Q==
+influxdb.org=influxdb
+influxdb.bucket=yelangbucket
+influxdb.batch.size=1000
+influxdb.flush.interval=1000
+influxdb.retry.attempts=3
+influxdb.retry.delay=1000
+
+# Application Configuration
+app.worker.threads=4
+app.max.queue.size=10000
+app.metrics.enabled=true
+
+
+#database Configuration
+spring.datasource.url=jdbc:postgresql://10.11.2.141:5432/ecosys
+spring.datasource.username=ecosys
+spring.datasource.password=wsYDPjrpNZPrkPrR
+spring.datasource.driver-class-name=org.postgresql.Driver
+
+# mybatis Configuration
+mybatis.mapper-locations=classpath:mapper/*.xml
+mybatis.type-aliases-package=com.common.entity
+
+#mybatis handler ��
+mybatis.configuration.default-statement-timeout=30
+mybatis.configuration.default-fetch-size=1000
+mybatis.configuration.map-underscore-to-camel-case=true
+mybatis.type-handlers-package=com.Modules.etl.handler
+mybatis-plus.configuration.map-underscore-to-camel-case=true
+mybatis-plus.type-handlers-package=com.Modules.etl.handler
+
+# kafka Configuration
+spring.kafka.consumer.bootstrap-servers=10.11.2.142:9092
+spring.kafka.consumer.group-id=agent-syslog-group
+spring.kafka.consumer.auto-offset-reset=latest
+spring.kafka.consumer.enable-auto-commit=true
+spring.kafka.consumer.auto-commit-interval=1000
+spring.kafka.consumer.topic=agent-syslog-topic
+
+
+spring.kafka.consumer.max-poll-records=1000
+spring.kafka.consumer.properties.max.poll.interval.ms=300000
+spring.kafka.consumer.properties.session.timeout.ms=45000
+
+#spring.kafka.consumer.key-deserializer: org.apache.kafka.common.serialization.StringDeserializer
+#spring.kafka.consumer.value-deserializer: org.apache.kafka.common.serialization.StringDeserializer
+spring.kafka.consumer.fetch-min-size= 1048576
+spring.kafka.listener.ack-mode= manual
+spring.kafka.listener.concurrency= 2  
+spring.kafka.listener.type=batch
+
+# ��ʱ��������
+spring.task.scheduling.pool.size=10
+
+# ��־����
+logging.level.com.common.schedule=INFO
+logging.level.com.common.service=INFO
+
+# �������������
+partition.check.tomorrow.enabled=true
+partition.check.future.days=7
+partition.auto.create=true
+
+
+# ����������������
+spring.redis.host=10.11.2.142
+spring.redis.port=6379
+# ���루���û���������룬����ʡ�ԣ�
+spring.redis.password=redis_edP6N6
+spring.redis.database=0
+spring.redis.timeout=5000
+#spring.redis.password=${REDIS_PASSWORD:default_prod_password}
+
+spring.redis.lettuce.pool.max-active=20
+spring.redis.lettuce.pool.max-wait=5000
+spring.redis.lettuce.pool.max-idle=10
+spring.redis.lettuce.pool.min-idle=5
+# ������������ʱ��ϳ�
+spring.cache.redis.time-to-live=3600000
+
+# Ӧ�ô���������
+app.processor.thread-pool.core-pool-size=10
+app.processor.thread-pool.max-pool-size=20
+app.processor.thread-pool.queue-capacity=2000
+app.processor.thread-pool.keep-alive-seconds=60
+app.processor.batch-size=100
+app.processor.process-timeout-ms=30000
+
+# ���� Elasticsearch
+# Elasticsearch���ӵ�ַ
+spring.elasticsearch.uris=http://192.168.1.174:9200
+# ���� Elasticsearch �û���
+spring.elasticsearch.username=CONTAINER_NAME
+# ���� Elasticsearch ����
+spring.elasticsearch.password=t2NZCiajmdazxBrF
+# ���ӳ�ʱʱ��
+spring.elasticsearch.connection-timeout=10s
+# Socket ��ʱʱ��
+spring.elasticsearch.socket-timeout=30s
+# ETL����
+etl.batch.page-size=1000
+etl.batch.insert-batch-size=500
+etl.schedule.cron=0 0 2 * * ?
diff --git a/haobang-security-xdr/syslog-consumer/src/main/resources/application-prod.properties b/haobang-security-xdr/syslog-consumer/src/main/resources/application-prod.properties
new file mode 100644
index 0000000..f4428fe
--- /dev/null
+++ b/haobang-security-xdr/syslog-consumer/src/main/resources/application-prod.properties
@@ -0,0 +1,126 @@
+#Server Configuration
+server.port=8089
+server.servlet.context-path=/xdrservice
+#server.address=0.0.0.0
+server.tomcat.uri-encoding=UTF-8
+server.error.include-message=always
+server.error.include-binding-errors=always
+
+#run.environment:  dev|test|pro
+server.run.environment=pro
+
+
+# Syslog Server Configuration
+syslog.tcp.port=514
+syslog.udp.port=514
+syslog.max.frame.length=65536
+syslog.buffer.size=1000
+
+# InfluxDB 2.7 Configuration
+influxdb.url=http://192.168.4.26:8087
+influxdb.token=LFjXZyRxTf1V84oN-wwjhSjS4qIK-ZMoHzQJB67ir3qHNSBVJbMcTkPuNmM0cNxvzFEDWLYNzrz1VJKMitY5hw==
+influxdb.org=influxdb
+influxdb.bucket=yelangbucket
+influxdb.batch.size=1000
+influxdb.flush.interval=1000
+influxdb.retry.attempts=3
+influxdb.retry.delay=1000
+
+# Application Configuration
+app.worker.threads=4
+app.max.queue.size=10000
+app.metrics.enabled=true
+
+
+#database Configuration
+spring.datasource.url=jdbc:postgresql://192.168.4.26:5432/ecosys
+spring.datasource.username=postgres
+spring.datasource.password=caZ2TcmXNSW8L2Ap
+spring.datasource.driver-class-name=org.postgresql.Driver
+
+# mybatis Configuration
+mybatis.mapper-locations=classpath:mapper/*.xml
+mybatis.type-aliases-package=com.common.entity
+#mybatis handler ��
+mybatis.configuration.default-statement-timeout=30
+mybatis.configuration.default-fetch-size=1000
+mybatis.configuration.map-underscore-to-camel-case=true
+mybatis.type-handlers-package=com.Modules.etl.handler
+mybatis-plus.configuration.map-underscore-to-camel-case=true
+mybatis-plus.type-handlers-package=com.Modules.etl.handler
+
+# kafka Configuration
+spring.kafka.consumer.bootstrap-servers=192.168.4.26:9092
+spring.kafka.consumer.group-id=agent-syslog-group
+spring.kafka.consumer.auto-offset-reset=latest
+spring.kafka.consumer.enable-auto-commit=false 
+spring.kafka.consumer.auto-commit-interval=1000
+spring.kafka.consumer.topic=agent-syslog-topic
+
+
+spring.kafka.consumer.max-poll-records=1000
+spring.kafka.consumer.properties.max.poll.interval.ms=300000
+spring.kafka.consumer.properties.session.timeout.ms=45000
+
+spring.kafka.consumer.fetch-min-size= 1048576
+spring.kafka.listener.ack-mode= manual
+spring.kafka.listener.concurrency= 2  
+spring.kafka.listener.type=batch
+
+
+# ��ʱ��������
+spring.task.scheduling.pool.size=10
+
+# ��־����
+logging.level.com.common.schedule=INFO
+logging.level.com.common.service=INFO
+
+# �������������
+partition.check.tomorrow.enabled=true
+partition.check.future.days=7
+partition.auto.create=true
+
+
+# ����������������
+spring.redis.host=192.168.4.26
+spring.redis.port=6379
+# ���루���û���������룬����ʡ�ԣ�
+spring.redis.password=123456
+spring.redis.database=0
+spring.redis.timeout=5000
+#spring.redis.password=${REDIS_PASSWORD:default_prod_password}
+
+spring.redis.lettuce.pool.max-active=20
+spring.redis.lettuce.pool.max-wait=5000
+spring.redis.lettuce.pool.max-idle=10
+spring.redis.lettuce.pool.min-idle=5
+
+# ������������ʱ��ϳ�
+spring.cache.redis.time-to-live=3600000
+
+# Ӧ�ô���������
+app.processor.thread-pool.core-pool-size=10
+app.processor.thread-pool.max-pool-size=20
+app.processor.thread-pool.queue-capacity=2000
+app.processor.thread-pool.keep-alive-seconds=60
+app.processor.batch-size=100
+app.processor.process-timeout-ms=30000
+
+
+# ���� Elasticsearch
+# Elasticsearch���ӵ�ַ
+spring.elasticsearch.uris=http://192.168.1.174:9200
+# ���� Elasticsearch �û���
+spring.elasticsearch.username=CONTAINER_NAME
+# ���� Elasticsearch ����
+spring.elasticsearch.password=t2NZCiajmdazxBrF
+# ���ӳ�ʱʱ��
+spring.elasticsearch.connection-timeout=10s
+# Socket ��ʱʱ��
+spring.elasticsearch.socket-timeout=30s
+
+
+# ETL����
+etl.batch.page-size=1000
+etl.batch.insert-batch-size=500
+etl.schedule.cron=0 0 2 * * ?
\ No newline at end of file
diff --git a/haobang-security-xdr/syslog-consumer/src/main/resources/application-test.properties b/haobang-security-xdr/syslog-consumer/src/main/resources/application-test.properties
new file mode 100644
index 0000000..13c29b2
--- /dev/null
+++ b/haobang-security-xdr/syslog-consumer/src/main/resources/application-test.properties
@@ -0,0 +1,85 @@
+#Server Configuration
+server.port=8089
+server.servlet.context-path=/xdrservice
+#server.address=0.0.0.0
+server.tomcat.uri-encoding=UTF-8
+server.error.include-message=always
+server.error.include-binding-errors=always
+
+#run.environment:  dev|test|pro
+server.run.environment=test
+
+
+# Syslog Server Configuration
+syslog.tcp.port=514
+syslog.udp.port=514
+syslog.max.frame.length=65536
+syslog.buffer.size=1000
+
+# InfluxDB 2.7 Configuration
+influxdb.url=http://192.168.4.32:8087
+influxdb.token=53sfHaJOmBnrWxVhsZ4SzfiguSkTxYeqXR1cXgt4Q4zan43LcbXw7JOKmOOOWMppNQv6TDNyW1RVctqr5sslzw==
+influxdb.org=influxdb
+influxdb.bucket=yelangbucket
+influxdb.batch.size=1000
+influxdb.flush.interval=1000
+influxdb.retry.attempts=3
+influxdb.retry.delay=1000
+
+# Application Configuration
+app.worker.threads=4
+app.max.queue.size=10000
+app.metrics.enabled=true
+
+
+#database Configuration
+spring.datasource.url=jdbc:postgresql://192.168.4.32:5432/ecosys
+spring.datasource.username=user_eSER8N
+spring.datasource.password=password_QCYKj6
+spring.datasource.driver-class-name=org.postgresql.Driver
+
+# mybatis Configuration
+mybatis.mapper-locations=classpath:mapper/*.xml
+mybatis.type-aliases-package=com.common.entity
+mybatis.configuration.map-underscore-to-camel-case=true
+mybatis-plus.configuration.map-underscore-to-camel-case=true
+mybatis-plus.type-handlers-package=com.Modules.etl.handler
+# kafka Configuration
+spring.kafka.consumer.bootstrap-servers=192.168.4.32:9092
+spring.kafka.consumer.group-id=agent-syslog-group
+spring.kafka.consumer.auto-offset-reset=latest
+spring.kafka.consumer.enable-auto-commit=true
+spring.kafka.consumer.auto-commit-interval=1000
+spring.kafka.consumer.topic=agent-syslog-topic
+
+
+
+# ��ʱ��������
+spring.task.scheduling.pool.size=10
+
+# ��־����
+logging.level.com.common.schedule=INFO
+logging.level.com.common.service=INFO
+
+# �������������
+partition.check.tomorrow.enabled=true
+partition.check.future.days=7
+partition.auto.create=true
+
+
+# ����������������
+spring.redis.host=192.168.4.32
+spring.redis.port=6379
+# ���루���û���������룬����ʡ�ԣ�
+spring.redis.password=redis_edP6N6
+spring.redis.database=0
+spring.redis.timeout=5000
+#spring.redis.password=${REDIS_PASSWORD:default_prod_password}
+
+spring.redis.lettuce.pool.max-active=20
+spring.redis.lettuce.pool.max-wait=5000
+spring.redis.lettuce.pool.max-idle=10
+spring.redis.lettuce.pool.min-idle=5
+
+# ������������ʱ��ϳ�
+spring.cache.redis.time-to-live=3600000
\ No newline at end of file
diff --git a/haobang-security-xdr/syslog-consumer/src/main/resources/application.properties b/haobang-security-xdr/syslog-consumer/src/main/resources/application.properties
new file mode 100644
index 0000000..684d278
--- /dev/null
+++ b/haobang-security-xdr/syslog-consumer/src/main/resources/application.properties
@@ -0,0 +1,125 @@
+#Server Configuration
+server.port=8089
+server.servlet.context-path=/xdrservice
+#server.address=0.0.0.0
+server.tomcat.uri-encoding=UTF-8
+server.error.include-message=always
+server.error.include-binding-errors=always
+
+#run.environment:  dev|test|pro
+server.run.environment=dev
+
+
+# Syslog Server Configuration
+syslog.tcp.port=514
+syslog.udp.port=514
+syslog.max.frame.length=65536
+syslog.buffer.size=1000
+
+# InfluxDB 2.7 Configuration
+influxdb.url=http://192.168.222.131:8086
+influxdb.token=3Tvu-IZWtaY03UDkbUDlufD0kxn85keo9LhYQcv2Cxk0LJmXqqHkNVrO664DbaJAYwoGI7UIg904KqZC7Q_ZFA==
+influxdb.org=yelang
+influxdb.bucket=yelangbucket
+influxdb.batch.size=1000
+influxdb.flush.interval=1000
+influxdb.retry.attempts=3
+influxdb.retry.delay=1000
+
+# Application Configuration
+app.worker.threads=4
+app.max.queue.size=10000
+app.metrics.enabled=true
+
+
+#database Configuration
+spring.datasource.url=jdbc:postgresql://117.72.68.72:54329/ecosys
+spring.datasource.username=postgres
+spring.datasource.password=TnLanWaidYSwTSG5
+spring.datasource.driver-class-name=org.postgresql.Driver
+
+# mybatis Configuration
+mybatis.mapper-locations=classpath:mapper/*.xml
+mybatis.type-aliases-package=com.common.entity
+
+#mybatis handler ��
+mybatis.configuration.default-statement-timeout=30
+mybatis.configuration.default-fetch-size=1000
+mybatis.configuration.map-underscore-to-camel-case=true
+mybatis.type-handlers-package=com.Modules.etl.handler
+mybatis-plus.configuration.map-underscore-to-camel-case=true
+mybatis-plus.type-handlers-package=com.Modules.etl.handler
+# kafka Configuration
+spring.kafka.consumer.bootstrap-servers=192.168.222.130:9092
+spring.kafka.consumer.group-id=test-group-app
+spring.kafka.consumer.auto-offset-reset=latest
+spring.kafka.consumer.enable-auto-commit=false 
+spring.kafka.consumer.auto-commit-interval=1000
+spring.kafka.consumer.topic=test-topic
+
+spring.kafka.consumer.max-poll-records=1000
+spring.kafka.consumer.properties.max.poll.interval.ms=300000
+spring.kafka.consumer.properties.session.timeout.ms=45000
+
+#spring.kafka.consumer.key-deserializer: org.apache.kafka.common.serialization.StringDeserializer
+#spring.kafka.consumer.value-deserializer: org.apache.kafka.common.serialization.StringDeserializer
+spring.kafka.consumer.fetch-min-size= 1048576
+spring.kafka.listener.ack-mode= manual
+spring.kafka.listener.concurrency= 2  
+spring.kafka.listener.type=batch
+
+
+# ��ʱ��������
+spring.task.scheduling.pool.size=10
+
+# ��־����
+logging.level.com.common.schedule=INFO
+logging.level.com.common.service=INFO
+
+# �������������
+partition.check.tomorrow.enabled=true
+partition.check.future.days=7
+partition.auto.create=true
+
+# ����������������
+spring.redis.host=localhost
+spring.redis.port=6379
+# ���루���û���������룬����ʡ�ԣ�
+spring.redis.password=
+spring.redis.database=0
+spring.redis.timeout=2000
+
+spring.redis.lettuce.pool.max-active=8
+spring.redis.lettuce.pool.max-wait=-1
+spring.redis.lettuce.pool.max-idle=8
+spring.redis.lettuce.pool.min-idle=0
+# ������������ʱ��϶̣��������
+spring.cache.redis.time-to-live=600000
+
+
+# Ӧ�ô���������
+app.processor.thread-pool.core-pool-size=10
+app.processor.thread-pool.max-pool-size=20
+app.processor.thread-pool.queue-capacity=2000
+app.processor.thread-pool.keep-alive-seconds=60
+app.processor.batch-size=100
+app.processor.process-timeout-ms=30000
+
+
+# ���� Elasticsearch
+# Elasticsearch���ӵ�ַ
+spring.elasticsearch.uris=http://192.168.1.174:9200
+# ���� Elasticsearch �û���
+spring.elasticsearch.username=CONTAINER_NAME
+# ���� Elasticsearch ����
+spring.elasticsearch.password=t2NZCiajmdazxBrF
+# ���ӳ�ʱʱ��
+spring.elasticsearch.connection-timeout=10s
+# Socket ��ʱʱ��
+spring.elasticsearch.socket-timeout=30s
+
+
+# ETL����
+etl.batch.page-size=1000
+etl.batch.insert-batch-size=500
+etl.schedule.cron=0 0 2 * * ?
diff --git a/haobang-security-xdr/syslog-consumer/src/main/resources/logback.xml b/haobang-security-xdr/syslog-consumer/src/main/resources/logback.xml
new file mode 100644
index 0000000..596186a
--- /dev/null
+++ b/haobang-security-xdr/syslog-consumer/src/main/resources/logback.xml
@@ -0,0 +1,39 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<configuration>
+    <appender name="CONSOLE" class="ch.qos.logback.core.ConsoleAppender">
+        <encoder>
+            <pattern>%d{yyyy-MM-dd HH:mm:ss.SSS} [%thread] %-5level %logger{36} - %msg%n</pattern>
+        </encoder>
+    </appender>
+
+    <appender name="FILE" class="ch.qos.logback.core.rolling.RollingFileAppender">
+        <file>logs/syslog-consumer.log</file>
+        <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
+            <fileNamePattern>logs/syslog-consumer.%d{yyyy-MM-dd}.log</fileNamePattern>
+
+            <!-- 保留的日志文件的最大天数 -->
+            <maxHistory>1</maxHistory>
+            <!-- 所有归档日志文件的总大小上限 -->
+            <totalSizeCap>15GB</totalSizeCap>
+            <!-- 启动时是否清理过期日志 -->
+            <cleanHistoryOnStart>true</cleanHistoryOnStart>
+        </rollingPolicy>
+        <encoder>
+            <pattern>%d{yyyy-MM-dd HH:mm:ss.SSS} [%thread] %-5level %logger{36} - %msg%n</pattern>
+        </encoder>
+    </appender>
+
+
+    <root level="INFO">
+        <appender-ref ref="CONSOLE" />
+        <appender-ref ref="FILE" />
+    </root>
+
+    <logger name="com.influx" level="INFO" />
+    <logger name="io.netty" level="WARN" />
+
+    <!-- 专门屏蔽ProducerConfig的INFO日志 -->
+    <logger name="org.apache.kafka.clients.producer.ProducerConfig" level="WARN"/>
+    <!-- 或者更通用地，屏蔽整个Kafka客户端包的INFO日志 -->
+    <logger name="org.apache.kafka.clients" level="WARN"/>
+</configuration>
\ No newline at end of file
diff --git a/haobang-security-xdr/syslog-consumer/src/main/resources/mapper/AppLogMapper.xml b/haobang-security-xdr/syslog-consumer/src/main/resources/mapper/AppLogMapper.xml
new file mode 100644
index 0000000..1feee39
--- /dev/null
+++ b/haobang-security-xdr/syslog-consumer/src/main/resources/mapper/AppLogMapper.xml
@@ -0,0 +1,22 @@
+<?xml version="1.0" encoding="UTF-8" ?>
+<!DOCTYPE mapper PUBLIC "-//mybatis.org//DTD Mapper 3.0//EN" "http://mybatis.org/dtd/mybatis-3-mapper.dtd">
+<mapper namespace="com.example.esdemo.mapper.AppLogMapper">
+
+    <insert id="batchInsert" parameterType="list">
+        INSERT INTO applog (
+        es_index, es_type, es_id, es_score, dt_time, collect_time, log_type,
+        trace_id, method, app_name, ip, class_name, env, content, thread_name,
+        log_level, seq, indexed_at, log_date, created_at, updated_at
+        ) VALUES
+        <foreach collection="list" item="item" separator=",">
+            (
+            #{item.esIndex}, #{item.esType}, #{item.esId}, #{item.esScore}, #{item.dtTime},
+            #{item.collectTime}, #{item.logType}, #{item.traceId}, #{item.method},
+            #{item.appName}, #{item.ip}, #{item.className}, #{item.env}, #{item.content},
+            #{item.threadName}, #{item.logLevel}, #{item.seq}, #{item.indexedAt},
+            #{item.logDate}, #{item.createdAt}, #{item.updatedAt}
+            )
+        </foreach>
+    </insert>
+
+</mapper>
\ No newline at end of file
diff --git a/haobang-security-xdr/syslog-consumer/src/main/resources/mapper/DeviceCollectTaskMapper.xml b/haobang-security-xdr/syslog-consumer/src/main/resources/mapper/DeviceCollectTaskMapper.xml
new file mode 100644
index 0000000..f224846
--- /dev/null
+++ b/haobang-security-xdr/syslog-consumer/src/main/resources/mapper/DeviceCollectTaskMapper.xml
@@ -0,0 +1,67 @@
+<?xml version="1.0" encoding="UTF-8" ?>
+<!DOCTYPE mapper PUBLIC "-//mybatis.org//DTD Mapper 3.0//EN"
+        "http://mybatis.org/dtd/mybatis-3-mapper.dtd">
+
+<mapper namespace="com.common.mapper.DeviceCollectTaskMapper">
+
+    <resultMap id="BaseResultMap" type="com.common.entity.DeviceCollectTask">
+        <id column="id" property="id" />
+        <result column="created_at" property="createdAt" />
+        <result column="updated_at" property="updatedAt" />
+        <result column="deleted_at" property="deletedAt" />
+        <result column="device_id" property="deviceId" />
+        <result column="method" property="method" />
+        <result column="task_name" property="taskName" />
+        <result column="first_time" property="firstTime" />
+        <result column="last_success_time" property="lastSuccessTime" />
+        <result column="last_failed_time" property="lastFailedTime" />
+        <result column="detail_id" property="detailId" />
+        <result column="epm" property="epm" />
+        <result column="epm_peak" property="epmPeak" />
+        <result column="process_architecture" property="processArchitecture" />
+        <result column="task_count" property="taskCount" />
+        <result column="recent_discover_time" property="recentDiscoverTime" />
+        <result column="epm_upper_limit" property="epmUpperLimit" />
+    </resultMap>
+
+    <sql id="Base_Column_List">
+        id, created_at, updated_at, deleted_at, device_id, method, task_name,
+        first_time, last_success_time, last_failed_time, detail_id, epm, epm_peak,
+        process_architecture, task_count, recent_discover_time, epm_upper_limit
+    </sql>
+
+    <!-- 多条件组合查询 -->
+    <select id="selectByCondition" parameterType="com.common.entity.DeviceCollectTask" resultMap="BaseResultMap">
+        SELECT <include refid="Base_Column_List" />
+        FROM device_collect_task
+        <where>
+            <if test="deviceId != null">
+                AND device_id = #{deviceId}
+            </if>
+            <if test="method != null">
+                AND method = #{method}
+            </if>
+            <if test="taskName != null and taskName != ''">
+                AND task_name LIKE CONCAT('%', #{taskName}, '%')
+            </if>
+            <if test="detailId != null">
+                AND detail_id = #{detailId}
+            </if>
+            <if test="processArchitecture != null">
+                AND process_architecture = #{processArchitecture}
+            </if>
+            <if test="epmUpperLimit != null">
+                AND epm_upper_limit = #{epmUpperLimit}
+            </if>
+            <!-- 时间范围查询 -->
+            <if test="firstTime != null">
+                AND first_time >= #{firstTime}
+            </if>
+            <if test="lastSuccessTime != null">
+                AND last_success_time >= #{lastSuccessTime}
+            </if>
+        </where>
+        ORDER BY updated_at DESC
+    </select>
+
+</mapper>
\ No newline at end of file
diff --git a/haobang-security-xdr/syslog-consumer/src/main/resources/mapper/DeviceReceiveLogMapper.xml b/haobang-security-xdr/syslog-consumer/src/main/resources/mapper/DeviceReceiveLogMapper.xml
new file mode 100644
index 0000000..e07532e
--- /dev/null
+++ b/haobang-security-xdr/syslog-consumer/src/main/resources/mapper/DeviceReceiveLogMapper.xml
@@ -0,0 +1,164 @@
+<?xml version="1.0" encoding="UTF-8" ?>
+<!DOCTYPE mapper PUBLIC "-//mybatis.org//DTD Mapper 3.0//EN"
+        "http://mybatis.org/dtd/mybatis-3-mapper.dtd">
+<mapper namespace="com.common.mapper.DeviceReceiveLogMapper">
+
+    <!-- 结果映射 -->
+    <resultMap id="BaseResultMap" type="com.common.entity.DeviceReceiveLog">
+        <id column="id" property="id" />
+        <result column="created_at" property="createdAt" />
+        <result column="device_collect_id" property="deviceCollectId" />
+        <result column="device_id" property="deviceId" />
+        <result column="device_ip" property="deviceIp" />
+        <result column="receive_time" property="receiveTime" />
+        <result column="receive_time_str" property="receiveTimeStr" />
+        <result column="syslog_message" property="syslogMessage" />
+    </resultMap>
+
+    <!-- 插入单条记录 -->
+    <insert id="insert" parameterType="com.common.entity.DeviceReceiveLog" useGeneratedKeys="true" keyProperty="id">
+        INSERT INTO device_receive_log (
+            created_at,
+            device_collect_id,
+            device_id,
+            device_ip,
+            receive_time,
+            receive_time_str,
+            syslog_message
+        ) VALUES (
+            COALESCE(#{createdAt}, NOW() AT TIME ZONE 'utc'),
+            #{deviceCollectId},
+            #{deviceId},
+            #{deviceIp}::inet,
+            #{receiveTime},
+            #{receiveTimeStr},
+            #{syslogMessage}
+        )
+    </insert>
+
+    <!-- 批量插入（高性能） -->
+    <insert id="batchInsert" parameterType="java.util.List">
+        INSERT INTO device_receive_log (
+        created_at,
+        device_collect_id,
+        device_id,
+        device_ip,
+        receive_time,
+        receive_time_str,
+        syslog_message
+        ) VALUES
+        <foreach collection="list" item="item" separator=",">
+            (
+            COALESCE(#{item.createdAt}, NOW() AT TIME ZONE 'utc'),
+            #{item.deviceCollectId},
+            #{item.deviceId},
+            #{item.deviceIp}::inet,
+            #{item.receiveTime},
+            #{item.receiveTimeStr},
+            #{item.syslogMessage}
+            )
+        </foreach>
+    </insert>
+
+    <!-- 根据ID查询 -->
+    <select id="selectById" resultMap="BaseResultMap">
+        SELECT * FROM device_receive_log
+        WHERE id = #{id}
+    </select>
+
+    <!-- 根据设备ID查询 -->
+    <select id="selectByDeviceId" resultMap="BaseResultMap">
+        SELECT * FROM device_receive_log
+        WHERE device_id = #{deviceId}
+        ORDER BY receive_time DESC
+    </select>
+
+    <!-- 根据采集探针ID查询 -->
+    <select id="selectByCollectId" resultMap="BaseResultMap">
+        SELECT * FROM device_receive_log
+        WHERE device_collect_id = #{collectId}
+        ORDER BY receive_time DESC
+    </select>
+
+    <!-- 根据IP地址查询（使用PostgreSQL的inet操作符） -->
+    <select id="selectByDeviceIp" resultMap="BaseResultMap">
+        SELECT * FROM device_receive_log
+        WHERE device_ip >>= #{deviceIp}::inet
+        ORDER BY receive_time DESC
+    </select>
+
+    <!-- 根据时间范围查询（利用created_at索引） -->
+    <select id="selectByTimeRange" resultMap="BaseResultMap">
+        SELECT * FROM device_receive_log
+        WHERE created_at BETWEEN #{startTime} AND #{endTime}
+        ORDER BY created_at DESC
+    </select>
+
+    <!-- 多条件组合查询（动态SQL） -->
+    <select id="selectByCondition" parameterType="com.common.entity.DeviceReceiveLog" resultMap="BaseResultMap">
+        SELECT * FROM device_receive_log
+        <where>
+            <if test="deviceId != null">
+                AND device_id = #{deviceId}
+            </if>
+            <if test="deviceCollectId != null">
+                AND device_collect_id = #{deviceCollectId}
+            </if>
+            <if test="deviceIp != null and deviceIp != ''">
+                AND device_ip >>= #{deviceIp}::inet
+            </if>
+            <if test="receiveTime != null">
+                AND receive_time >= #{receiveTime}
+            </if>
+            <if test="syslogMessage != null and syslogMessage != ''">
+                AND syslog_message LIKE CONCAT('%', #{syslogMessage}, '%')
+            </if>
+        </where>
+        ORDER BY created_at DESC
+    </select>
+
+    <!-- 统计数量 -->
+    <select id="countByCondition" parameterType="com.common.entity.DeviceReceiveLog" resultType="java.lang.Long">
+        SELECT COUNT(*) FROM device_receive_log
+        <where>
+            <if test="deviceId != null">
+                AND device_id = #{deviceId}
+            </if>
+            <if test="deviceCollectId != null">
+                AND device_collect_id = #{deviceCollectId}
+            </if>
+            <if test="deviceIp != null and deviceIp != ''">
+                AND device_ip >>= #{deviceIp}::inet
+            </if>
+            <if test="receiveTime != null">
+                AND receive_time >= #{receiveTime}
+            </if>
+        </where>
+    </select>
+
+    <!-- 删除时间范围内的数据 -->
+    <delete id="deleteByTimeRange">
+        DELETE FROM device_receive_log
+        WHERE created_at BETWEEN #{startTime} AND #{endTime}
+    </delete>
+
+    <!-- 获取最近N条记录 -->
+    <select id="selectRecent" resultMap="BaseResultMap">
+        SELECT * FROM device_receive_log
+        ORDER BY created_at DESC
+        LIMIT #{limit}
+    </select>
+
+    <!-- 按设备分组统计 -->
+    <select id="countByDeviceGroup" resultType="java.util.Map">
+        SELECT
+            device_id,
+            COUNT(*) as log_count,
+            MIN(receive_time) as first_receive_time,
+            MAX(receive_time) as last_receive_time
+        FROM device_receive_log
+        GROUP BY device_id
+        ORDER BY log_count DESC
+    </select>
+
+</mapper>
\ No newline at end of file
diff --git a/haobang-security-xdr/syslog-consumer/src/main/resources/mapper/DmColumnMapper.xml b/haobang-security-xdr/syslog-consumer/src/main/resources/mapper/DmColumnMapper.xml
new file mode 100644
index 0000000..c72ee92
--- /dev/null
+++ b/haobang-security-xdr/syslog-consumer/src/main/resources/mapper/DmColumnMapper.xml
@@ -0,0 +1,95 @@
+<?xml version="1.0" encoding="UTF-8" ?>
+<!DOCTYPE mapper PUBLIC "-//mybatis.org//DTD Mapper 3.0//EN"
+        "http://mybatis.org/dtd/mybatis-3-mapper.dtd">
+
+<mapper namespace="com.common.mapper.DmColumnMapper">
+
+    <resultMap id="BaseResultMap" type="com.common.entity.DmColumn">
+
+        <id column="id" property="id" jdbcType="BIGINT"/>
+        <result column="created_at" property="createdAt"/>
+        <result column="updated_at" property="updatedAt" />
+        <result column="deleted_at" property="deletedAt" />
+        <result column="name" property="name" jdbcType="VARCHAR"/>
+        <result column="display_name" property="displayName" jdbcType="VARCHAR"/>
+        <result column="storage_data_type" property="storageDataType" jdbcType="BIGINT"/>
+        <result column="business_data_type" property="businessDataType" jdbcType="BIGINT"/>
+        <result column="is_built_in" property="isBuiltIn" jdbcType="BOOLEAN"/>
+        <result column="is_hidden" property="isHidden" jdbcType="BOOLEAN"/>
+        <result column="is_not_normalizable" property="isNotNormalizable" jdbcType="BOOLEAN"/>
+        <result column="is_required" property="isRequired" jdbcType="BOOLEAN"/>
+        <result column="category_id" property="categoryId" jdbcType="INTEGER"/>
+        <result column="custom_asset_category_id" property="customAssetCategoryId" jdbcType="INTEGER"/>
+        <result column="is_virtual" property="isVirtual" jdbcType="BOOLEAN"/>
+        <result column="table_id" property="tableId" jdbcType="INTEGER"/>
+        <result column="asset_table_id" property="assetTableId" jdbcType="INTEGER"/>
+        <result column="column_set_id" property="columnSetId" jdbcType="INTEGER"/>
+        <result column="base_type" property="baseType" jdbcType="INTEGER"/>
+        <result column="user_task_id" property="userTaskId" jdbcType="INTEGER"/>
+        <result column="created_by_id" property="createdById" jdbcType="BIGINT"/>
+        <result column="create_dept" property="createDept" jdbcType="BIGINT"/>
+        <result column="create_by" property="createBy" jdbcType="BIGINT"/>
+        <result column="create_time" property="createTime"/>
+        <result column="update_by" property="updateBy" jdbcType="BIGINT"/>
+        <result column="update_time" property="updateTime"/>
+    </resultMap>
+
+    <!-- 条件查询 -->
+    <select id="findByCondition" parameterType="com.common.entity.DmColumn" resultMap="BaseResultMap">
+        SELECT * FROM dm_column
+        WHERE deleted_at IS NULL
+        <if test="name != null and name != ''">
+            AND name = #{name}
+        </if>
+        <if test="displayName != null and displayName != ''">
+            AND display_name LIKE CONCAT('%', #{displayName}, '%')
+        </if>
+        <if test="isBuiltIn != null">
+            AND is_built_in = #{isBuiltIn}
+        </if>
+        <if test="isHidden != null">
+            AND is_hidden = #{isHidden}
+        </if>
+        <if test="isRequired != null">
+            AND is_required = #{isRequired}
+        </if>
+        <if test="categoryId != null">
+            AND category_id = #{categoryId}
+        </if>
+        <if test="tableId != null">
+            AND table_id = #{tableId}
+        </if>
+        ORDER BY id DESC
+    </select>
+
+
+
+    <select id="findById" parameterType="java.lang.Long" resultMap="BaseResultMap">
+         SELECT Id, created_at::timestamp as created_at ,
+          updated_at::timestamp as updated_at , deleted_at::timestamp as deleted_at , name, display_name,
+        storage_data_type, business_data_type, is_built_in, is_hidden,
+        is_not_normalizable, is_required, category_id, custom_asset_category_id,
+        is_virtual, table_id, asset_table_id, column_set_id, base_type,
+        user_task_id, created_by_id, create_dept, create_by, create_time::timestamp as create_time ,
+        update_by, update_time::timestamp as update_time
+         FROM dm_column
+        WHERE   id = #{id} AND deleted_at IS NULL
+    </select>
+
+
+    <!-- 查询全部正常字段-->
+
+    <select id="selectAllNormal" parameterType="java.lang.Long" resultType="java.util.LinkedHashMap">
+     SELECT Id, created_at::timestamp as created_at ,
+          updated_at::timestamp as updated_at , deleted_at::timestamp as deleted_at , name, display_name,
+        storage_data_type, business_data_type, is_built_in, is_hidden,
+        is_not_normalizable, is_required, category_id, custom_asset_category_id,
+        is_virtual, table_id, asset_table_id, column_set_id, base_type,
+        user_task_id, created_by_id, create_dept, create_by, create_time::timestamp as create_time ,
+        update_by, update_time::timestamp as update_time
+         FROM dm_column
+    where  deleted_at is  null and id  in ( select  distinct column_id  from dm_field_table_column  where   deleted_at is null
+    )
+ </select>
+
+</mapper>
\ No newline at end of file
diff --git a/haobang-security-xdr/syslog-consumer/src/main/resources/mapper/DmNormalizeRuleMapper.xml b/haobang-security-xdr/syslog-consumer/src/main/resources/mapper/DmNormalizeRuleMapper.xml
new file mode 100644
index 0000000..17b945a
--- /dev/null
+++ b/haobang-security-xdr/syslog-consumer/src/main/resources/mapper/DmNormalizeRuleMapper.xml
@@ -0,0 +1,160 @@
+<?xml version="1.0" encoding="UTF-8" ?>
+<!DOCTYPE mapper PUBLIC "-//mybatis.org//DTD Mapper 3.0//EN" "http://mybatis.org/dtd/mybatis-3-mapper.dtd">
+<mapper namespace="com.common.mapper.DmNormalizeRuleMapper">
+
+    <resultMap id="BaseResultMap" type="com.common.entity.DmNormalizeRule">
+        <id column="id" property="id" />
+        <result column="created_at" property="createdAt" />
+        <result column="updated_at" property="updatedAt" />
+        <result column="deleted_at" property="deletedAt" />
+        <result column="name" property="name" />
+        <result column="display_name" property="displayName" />
+        <result column="description" property="description" />
+        <result column="is_built_in" property="isBuiltIn" />
+        <result column="is_running" property="isRunning" />
+        <result column="first_data_saved_at" property="firstDataSavedAt" />
+        <result column="data_type" property="dataType" />
+        <result column="field_cate_id" property="fieldCateId" />
+        <result column="log_parsed" property="logParsed" />
+        <result column="sample_logs" property="sampleLogs" typeHandler="org.apache.ibatis.type.ArrayTypeHandler" />
+        <result column="is_data_merge_enabled" property="isDataMergeEnabled" />
+        <result column="data_merge_interval" property="dataMergeInterval" />
+        <result column="data_merge_time_unit" property="dataMergeTimeUnit" />
+        <result column="data_merge_row_limit" property="dataMergeRowLimit" />
+        <result column="data_merge_columns" property="dataMergeColumns" />
+        <result column="data_storage_medium" property="dataStorageMedium" />
+        <result column="created_by_id" property="createdById" />
+        <result column="group_id" property="groupId" />
+        <result column="rule_content" property="ruleContent" />
+        <result column="built_in_version" property="builtInVersion" />
+        <result column="tenant_id" property="tenantId" />
+        <result column="create_time" property="createTime" />
+        <result column="update_time" property="updateTime" />
+        <result column="create_by" property="createBy" />
+        <result column="update_by" property="updateBy" />
+        <result column="del_flag" property="delFlag" />
+        <result column="create_dept" property="createDept" />
+    </resultMap>
+
+    <sql id="Base_Column_List">
+        id, created_at, updated_at, deleted_at, name, display_name, description,
+        is_built_in, is_running, first_data_saved_at, data_type, field_cate_id,
+        log_parsed, sample_logs, is_data_merge_enabled, data_merge_interval,
+        data_merge_time_unit, data_merge_row_limit, data_merge_columns,
+        data_storage_medium, created_by_id, group_id, rule_content,
+        built_in_version, tenant_id, create_time, update_time, create_by,
+        update_by, del_flag, create_dept
+    </sql>
+
+    <!-- 根据ID查询 -->
+    <select id="selectById" parameterType="java.lang.Long" resultMap="BaseResultMap">
+
+        SELECT
+        id,
+        created_at::timestamp as created_at,  <!-- 转换为 timestamp -->
+        updated_at::timestamp as updated_at,
+        deleted_at::timestamp as deleted_at,
+        first_data_saved_at::timestamp as first_data_saved_at,
+        create_time::timestamp as create_time,
+        update_time::timestamp as update_time,
+        name, display_name, description, is_built_in, is_running,
+        data_type, field_cate_id, log_parsed, sample_logs,
+        is_data_merge_enabled, data_merge_interval, data_merge_time_unit,
+        data_merge_row_limit, data_merge_columns, data_storage_medium,
+        created_by_id, group_id, rule_content, built_in_version, tenant_id,
+        create_by, update_by, del_flag, create_dept
+        FROM dm_normalize_rule
+        WHERE id = #{id} AND del_flag = '0'
+
+    </select>
+
+
+    <!-- 根据ID查询 -->
+    <select id="selectByDeviceId" parameterType="java.lang.Long" resultType="java.util.LinkedHashMap">
+
+        SELECT
+        id,
+        created_at::timestamp as created_at,  <!-- 转换为 timestamp -->
+        updated_at::timestamp as updated_at,
+        deleted_at::timestamp as deleted_at,
+        first_data_saved_at::timestamp as first_data_saved_at,
+        create_time::timestamp as create_time,
+        update_time::timestamp as update_time,
+        name, display_name, description, is_built_in, is_running,
+        data_type, field_cate_id, log_parsed, sample_logs,
+        is_data_merge_enabled, data_merge_interval, data_merge_time_unit,
+        data_merge_row_limit, data_merge_columns, data_storage_medium,
+        created_by_id, group_id, rule_content, built_in_version, tenant_id,
+        create_by, update_by, del_flag, create_dept
+        FROM dm_normalize_rule
+        WHERE id  in ( select  normalize_rule_id   from dm_normalize_rule_device  where device_id =#{id})  AND del_flag = '0'
+    </select>
+
+
+    <!-- 根据ID和租户ID查询 -->
+    <select id="selectByIdAndTenant" resultMap="BaseResultMap">
+        SELECT
+        <include refid="Base_Column_List" />
+        FROM dm_normalize_rule
+        WHERE id = #{id} AND tenant_id = #{tenantId} AND del_flag = '0'
+    </select>
+
+    <!-- 根据ID更新 -->
+    <update id="updateById" parameterType="com.common.entity.DmNormalizeRule">
+        UPDATE dm_normalize_rule
+        <set>
+            <if test="updatedAt != null">updated_at = #{updatedAt},</if>
+            <if test="name != null">name = #{name},</if>
+            <if test="displayName != null">display_name = #{displayName},</if>
+            <if test="description != null">description = #{description},</if>
+            <if test="isBuiltIn != null">is_built_in = #{isBuiltIn},</if>
+            <if test="isRunning != null">is_running = #{isRunning},</if>
+            <if test="firstDataSavedAt != null">first_data_saved_at = #{firstDataSavedAt},</if>
+            <if test="dataType != null">data_type = #{dataType},</if>
+            <if test="fieldCateId != null">field_cate_id = #{fieldCateId},</if>
+            <if test="logParsed != null">log_parsed = #{logParsed},</if>
+            <if test="sampleLogs != null">sample_logs = #{sampleLogs, typeHandler=org.apache.ibatis.type.ArrayTypeHandler},</if>
+            <if test="isDataMergeEnabled != null">is_data_merge_enabled = #{isDataMergeEnabled},</if>
+            <if test="dataMergeInterval != null">data_merge_interval = #{dataMergeInterval},</if>
+            <if test="dataMergeTimeUnit != null">data_merge_time_unit = #{dataMergeTimeUnit},</if>
+            <if test="dataMergeRowLimit != null">data_merge_row_limit = #{dataMergeRowLimit},</if>
+            <if test="dataMergeColumns != null">data_merge_columns = #{dataMergeColumns},</if>
+            <if test="dataStorageMedium != null">data_storage_medium = #{dataStorageMedium},</if>
+            <if test="ruleContent != null">rule_content = #{ruleContent},</if>
+            <if test="builtInVersion != null">built_in_version = #{builtInVersion},</if>
+            <if test="updateTime != null">update_time = #{updateTime},</if>
+            <if test="updateBy != null">update_by = #{updateBy},</if>
+        </set>
+        WHERE id = #{id} AND del_flag = '0'
+    </update>
+
+    <!-- 根据ID和租户ID更新 -->
+    <update id="updateByIdAndTenant" parameterType="com.common.entity.DmNormalizeRule">
+        UPDATE dm_normalize_rule
+        <set>
+            <if test="updatedAt != null">updated_at = #{updatedAt},</if>
+            <if test="name != null">name = #{name},</if>
+            <if test="displayName != null">display_name = #{displayName},</if>
+            <if test="description != null">description = #{description},</if>
+            <if test="isBuiltIn != null">is_built_in = #{isBuiltIn},</if>
+            <if test="isRunning != null">is_running = #{isRunning},</if>
+            <if test="firstDataSavedAt != null">first_data_saved_at = #{firstDataSavedAt},</if>
+            <if test="dataType != null">data_type = #{dataType},</if>
+            <if test="fieldCateId != null">field_cate_id = #{fieldCateId},</if>
+            <if test="logParsed != null">log_parsed = #{logParsed},</if>
+            <if test="sampleLogs != null">sample_logs = #{sampleLogs, typeHandler=org.apache.ibatis.type.ArrayTypeHandler},</if>
+            <if test="isDataMergeEnabled != null">is_data_merge_enabled = #{isDataMergeEnabled},</if>
+            <if test="dataMergeInterval != null">data_merge_interval = #{dataMergeInterval},</if>
+            <if test="dataMergeTimeUnit != null">data_merge_time_unit = #{dataMergeTimeUnit},</if>
+            <if test="dataMergeRowLimit != null">data_merge_row_limit = #{dataMergeRowLimit},</if>
+            <if test="dataMergeColumns != null">data_merge_columns = #{dataMergeColumns},</if>
+            <if test="dataStorageMedium != null">data_storage_medium = #{dataStorageMedium},</if>
+            <if test="ruleContent != null">rule_content = #{ruleContent},</if>
+            <if test="builtInVersion != null">built_in_version = #{builtInVersion},</if>
+            <if test="updateTime != null">update_time = #{updateTime},</if>
+            <if test="updateBy != null">update_by = #{updateBy},</if>
+        </set>
+        WHERE id = #{id} AND tenant_id = #{tenantId} AND del_flag = '0'
+    </update>
+
+</mapper>
\ No newline at end of file
diff --git a/haobang-security-xdr/syslog-consumer/src/main/resources/mapper/SecExceptionAlgorithmMapper.xml b/haobang-security-xdr/syslog-consumer/src/main/resources/mapper/SecExceptionAlgorithmMapper.xml
new file mode 100644
index 0000000..57deac6
--- /dev/null
+++ b/haobang-security-xdr/syslog-consumer/src/main/resources/mapper/SecExceptionAlgorithmMapper.xml
@@ -0,0 +1,67 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE mapper PUBLIC "-//mybatis.org//DTD Mapper 3.0//EN"
+        "http://mybatis.org/dtd/mybatis-3-mapper.dtd">
+<mapper namespace="com.common.mapper.SecExceptionAlgorithmMapper">
+
+    <!-- 基本的结果映射，与注解方式一致 -->
+    <resultMap id="algorithmResultMap" type="com.common.entity.SecExceptionAlgorithm">
+        <id property="id" column="id" jdbcType="BIGINT"/>
+        <result property="algorithmName" column="algorithm_name" jdbcType="VARCHAR"/>
+        <result property="exceptionType" column="exception_type" jdbcType="VARCHAR"/>
+        <result property="dataSource" column="data_source" jdbcType="VARCHAR"/>
+        <result property="status" column="status" jdbcType="SMALLINT"/>
+        <result property="description" column="description" jdbcType="VARCHAR"/>
+        <result property="configInfo" column="config_info" jdbcType="VARCHAR"/>
+        <result property="operatorZipUrl" column="operator_zip_url" jdbcType="VARCHAR"/>
+        <result property="remark" column="remark" jdbcType="VARCHAR"/>
+        <result property="createBy" column="create_by" jdbcType="VARCHAR"/>
+        <result property="createTime" column="create_time" jdbcType="TIMESTAMP"/>
+        <result property="updateBy" column="update_by" jdbcType="VARCHAR"/>
+        <result property="updateTime" column="update_time" jdbcType="TIMESTAMP"/>
+        <result property="tenantId" column="tenant_id" jdbcType="VARCHAR"/>
+        <result property="delFlag" column="del_flag" jdbcType="CHAR"/>
+        <result property="createDept" column="create_dept" jdbcType="BIGINT"/>
+        <result property="apiUrl" column="api_url" jdbcType="VARCHAR"/>
+        <result property="apiMethod" column="api_method" jdbcType="VARCHAR"/>
+        <result property="respUrl" column="resp_url" jdbcType="VARCHAR"/>
+    </resultMap>
+
+    <!-- 使用XML方式定义的findById方法 -->
+    <select id="findById" parameterType="java.lang.Long" resultMap="algorithmResultMap">
+        SELECT *
+        FROM sec_exception_algorithm
+        WHERE id = #{id, jdbcType=BIGINT}
+    </select>
+
+    <!-- 批量查询 -->
+    <select id="findByIds" parameterType="java.util.List" resultMap="algorithmResultMap">
+        SELECT *
+        FROM sec_exception_algorithm
+        WHERE id IN
+        <foreach collection="list" item="id" open="(" separator="," close=")">
+            #{id, jdbcType=BIGINT}
+        </foreach>
+        AND status = 1 AND del_flag = '0'
+    </select>
+
+    <!-- 条件查询 -->
+    <select id="findByCondition" parameterType="java.util.Map" resultMap="algorithmResultMap">
+        SELECT *
+        FROM sec_exception_algorithm
+        WHERE del_flag = '0'
+        <if test="status != null">
+            AND status = #{status, jdbcType=SMALLINT}
+        </if>
+        <if test="exceptionType != null and exceptionType != ''">
+            AND exception_type = #{exceptionType, jdbcType=VARCHAR}
+        </if>
+        <if test="dataSource != null and dataSource != ''">
+            AND data_source = #{dataSource, jdbcType=VARCHAR}
+        </if>
+        <if test="algorithmName != null and algorithmName != ''">
+            AND algorithm_name LIKE CONCAT('%', #{algorithmName, jdbcType=VARCHAR}, '%')
+        </if>
+        ORDER BY create_time DESC
+    </select>
+
+</mapper>
\ No newline at end of file
diff --git a/haobang-security-xdr/syslog-consumer/src/main/resources/mapper/SyslogNonNormalMessageMapper.xml b/haobang-security-xdr/syslog-consumer/src/main/resources/mapper/SyslogNonNormalMessageMapper.xml
new file mode 100644
index 0000000..510de01
--- /dev/null
+++ b/haobang-security-xdr/syslog-consumer/src/main/resources/mapper/SyslogNonNormalMessageMapper.xml
@@ -0,0 +1,146 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE mapper PUBLIC "-//mybatis.org//DTD Mapper 3.0//EN" "http://mybatis.org/dtd/mybatis-3-mapper.dtd">
+<mapper namespace="com.common.mapper.SyslogNonNormalMessageMapper">
+
+    <!-- 基础结果映射 -->
+    <resultMap id="BaseResultMap" type="com.common.entity.SyslogNonNormalMessage">
+        <id column="id" property="id" />
+        <result column="created_at" property="createdAt" />
+        <result column="log_time" property="logTime" />
+        <result column="device_id" property="deviceId" />
+        <result column="syslog_message" property="syslogMessage" />
+        <result column="syslog_uuid" property="syslogUuid" />
+        <result column="syslog_topic" property="syslogTopic" />
+        <result column="tenant_id" property="tenantId" />
+        <result column="create_time" property="createTime" />
+        <result column="update_time" property="updateTime" />
+        <result column="create_by" property="createBy" />
+        <result column="update_by" property="updateBy" />
+        <result column="create_dept" property="createDept" />
+        <result column="header_message" property="headerMessage" />
+        <result column="receive_time" property="receiveTime" />
+        <result column="rule_time" property="ruleTime" />
+        <result column="device_name" property="deviceName" />
+        <result column="etl_node" property="etlNode" />
+        <result column="collect_task_id" property="collectTaskId" />
+        <result column="collect_task_name" property="collectTaskName" />
+        <result column="reason" property="reason" />
+        <result column="reason_detail" property="reasonDetail" />
+        <result column="rule_result" property="ruleResult" />
+        <result column="del_flag" property="delFlag" />
+    </resultMap>
+
+    <!-- 批量插入 -->
+    <insert id="batchInsert" parameterType="java.util.List">
+        INSERT INTO syslog_non_normal_message (
+        id, created_at, log_time, device_id, syslog_message,
+        syslog_uuid, syslog_topic, tenant_id, create_time,
+        update_time, create_by, update_by, create_dept,
+        header_message, receive_time, rule_time, device_name,
+        etl_node, collect_task_id, collect_task_name, reason,
+        reason_detail, rule_result, del_flag
+        ) VALUES
+        <foreach collection="list" item="item" separator=",">
+            (
+            #{item.id},
+            #{item.createdAt},
+            #{item.logTime},
+            #{item.deviceId},
+            #{item.syslogMessage},
+            #{item.syslogUuid},
+            #{item.syslogTopic},
+            #{item.tenantId},
+            #{item.createTime},
+            #{item.updateTime},
+            #{item.createBy},
+            #{item.updateBy},
+            #{item.createDept},
+            #{item.headerMessage},
+            #{item.receiveTime},
+            #{item.ruleTime},
+            #{item.deviceName},
+            #{item.etlNode},
+            #{item.collectTaskId},
+            #{item.collectTaskName},
+            #{item.reason},
+            #{item.reasonDetail},
+            #{item.ruleResult},
+            #{item.delFlag}
+            )
+        </foreach>
+    </insert>
+
+    <!-- 动态更新 -->
+    <update id="updateByCondition" parameterType="com.common.entity.SyslogNonNormalMessage">
+        UPDATE syslog_non_normal_message
+        <set>
+            <if test="logTime != null">log_time = #{logTime},</if>
+            <if test="deviceId != null">device_id = #{deviceId},</if>
+            <if test="syslogMessage != null and syslogMessage != ''">syslog_message = #{syslogMessage},</if>
+            <if test="syslogUuid != null and syslogUuid != ''">syslog_uuid = #{syslogUuid},</if>
+            <if test="syslogTopic != null and syslogTopic != ''">syslog_topic = #{syslogTopic},</if>
+            <if test="tenantId != null and tenantId != ''">tenant_id = #{tenantId},</if>
+            <if test="updateTime != null">update_time = #{updateTime},</if>
+            <if test="updateBy != null">update_by = #{updateBy},</if>
+            <if test="headerMessage != null and headerMessage != ''">header_message = #{headerMessage},</if>
+            <if test="receiveTime != null">receive_time = #{receiveTime},</if>
+            <if test="ruleTime != null">rule_time = #{ruleTime},</if>
+            <if test="deviceName != null and deviceName != ''">device_name = #{deviceName},</if>
+            <if test="etlNode != null and etlNode != ''">etl_node = #{etlNode},</if>
+            <if test="collectTaskId != null">collect_task_id = #{collectTaskId},</if>
+            <if test="collectTaskName != null and collectTaskName != ''">collect_task_name = #{collectTaskName},</if>
+            <if test="reason != null and reason != ''">reason = #{reason},</if>
+            <if test="reasonDetail != null and reasonDetail != ''">reason_detail = #{reasonDetail},</if>
+            <if test="ruleResult != null and ruleResult != ''">rule_result = #{ruleResult},</if>
+            <if test="delFlag != null and delFlag != ''">del_flag = #{delFlag},</if>
+        </set>
+        WHERE id = #{id} AND del_flag = '0'
+    </update>
+
+    <!-- 根据条件查询 -->
+    <select id="selectByCondition" parameterType="map" resultMap="BaseResultMap">
+        SELECT * FROM syslog_non_normal_message
+        WHERE del_flag = '0'
+        <if test="deviceId != null">AND device_id = #{deviceId}</if>
+        <if test="tenantId != null and tenantId != ''">AND tenant_id = #{tenantId}</if>
+        <if test="ruleResult != null and ruleResult != ''">AND rule_result = #{ruleResult}</if>
+        <if test="collectTaskId != null">AND collect_task_id = #{collectTaskId}</if>
+        <if test="startTime != null">AND log_time >= #{startTime}</if>
+        <if test="endTime != null">AND log_time &lt;= #{endTime}</if>
+        <if test="deviceName != null and deviceName != ''">AND device_name LIKE CONCAT('%', #{deviceName}, '%')</if>
+        ORDER BY log_time DESC
+    </select>
+
+
+    <!-- 根据ID和创建时间批量查询 -->
+    <select id="getMessagesByIdsAndCreatedAts" resultType="com.common.entity.SyslogNonNormalMessage">
+        SELECT * FROM syslog_non_normal_message
+        WHERE del_flag = '0'
+        AND (
+        <foreach collection="ids" item="id" index="index" separator=" OR ">
+            (id = #{id} AND created_at = #{createdAts[${index}]}::timestamptz)
+        </foreach>
+        )
+    </select>
+
+    <!-- 根据ID列表批量查询 -->
+    <select id="getMessagesByIds" resultType="com.common.entity.SyslogNonNormalMessage">
+        SELECT * FROM syslog_non_normal_message
+        WHERE del_flag = '0'
+        AND id IN
+        <foreach collection="ids" item="id" open="(" separator="," close=")">
+            #{id}
+        </foreach>
+    </select>
+
+    <!-- 批量更新del_flag -->
+    <update id="updateBatchDelFlag">
+        UPDATE syslog_non_normal_message
+        SET del_flag = '1',
+        update_time = NOW()
+        WHERE id IN
+        <foreach collection="messages" item="item" open="(" separator="," close=")">
+            #{item.id}
+        </foreach>
+    </update>
+</mapper>
\ No newline at end of file
diff --git a/haobang-security-xdr/syslog-consumer/src/main/resources/mapper/SyslogNormalAlarmMapper.xml b/haobang-security-xdr/syslog-consumer/src/main/resources/mapper/SyslogNormalAlarmMapper.xml
new file mode 100644
index 0000000..d20226a
--- /dev/null
+++ b/haobang-security-xdr/syslog-consumer/src/main/resources/mapper/SyslogNormalAlarmMapper.xml
@@ -0,0 +1,789 @@
+<?xml version="1.0" encoding="UTF-8" ?>
+<!DOCTYPE mapper PUBLIC "-//mybatis.org//DTD Mapper 3.0//EN"
+        "http://mybatis.org/dtd/mybatis-3-mapper.dtd">
+<mapper namespace="com.common.mapper.SyslogNormalAlarmMapper">
+
+    <insert id="insertDynamic" parameterType="map">
+        INSERT INTO syslog_normal_alarm
+        <trim prefix="(" suffix=")" suffixOverrides=",">
+            <if test="dataMap.id != null">id,</if>
+            <if test="dataMap.created_at != null">created_at,</if>
+            <if test="dataMap.log_time != null">log_time,</if>
+            <if test="dataMap.device_id != null">device_id,</if>
+            <if test="dataMap.webshell_type != null">webshell_type,</if>
+            <if test="dataMap.vuirs_type != null">vuirs_type,</if>
+            <if test="dataMap.vuirs_url != null">vuirs_url,</if>
+            <if test="dataMap.class_filename != null">class_filename,</if>
+            <if test="dataMap.class_path != null">class_path,</if>
+            <if test="dataMap.parent_class != null">parent_class,</if>
+            <if test="dataMap.jar_path != null">jar_path,</if>
+            <if test="dataMap.class_md5 != null">class_md5,</if>
+            <if test="dataMap.class_loader != null">class_loader,</if>
+            <if test="dataMap.class_hashcode != null">class_hashcode,</if>
+            <if test="dataMap.class_loader_hashcode != null">class_loader_hashcode,</if>
+            <if test="dataMap.tc_nameip != null">tc_nameip,</if>
+            <if test="dataMap.perform_sql != null">perform_sql,</if>
+            <if test="dataMap.tc_account != null">tc_account,</if>
+            <if test="dataMap.tc_appname != null">tc_appname,</if>
+            <if test="dataMap.process_uname != null">process_uname,</if>
+            <if test="dataMap.p_process_uname != null">p_process_uname,</if>
+            <if test="dataMap.container_name != null">container_name,</if>
+            <if test="dataMap.container_id != null">container_id,</if>
+            <if test="dataMap.http_resp_server != null">http_resp_server,</if>
+            <if test="dataMap.srcip_id != null">srcip_id,</if>
+            <if test="dataMap.cdnip != null">cdnip,</if>
+            <if test="dataMap.natip != null">natip,</if>
+            <if test="dataMap.mail_sender != null">mail_sender,</if>
+            <if test="dataMap.mail_receiver != null">mail_receiver,</if>
+            <if test="dataMap.vpn_mac != null">vpn_mac,</if>
+            <if test="dataMap.vpn_os != null">vpn_os,</if>
+            <if test="dataMap.vpn_user != null">vpn_user,</if>
+            <if test="dataMap.vpn_groupname != null">vpn_groupname,</if>
+            <if test="dataMap.vpn_access_ip != null">vpn_access_ip,</if>
+            <if test="dataMap.dest_ip_apt != null">dest_ip_apt,</if>
+            <if test="dataMap.origin_attack_result != null">origin_attack_result,</if>
+            <if test="dataMap.description != null">description,</if>
+            <if test="dataMap.solution != null">solution,</if>
+            <if test="dataMap.attack_cause != null">attack_cause,</if>
+            <if test="dataMap.username != null">username,</if>
+            <if test="dataMap.tc_flow_id != null">tc_flow_id,</if>
+            <if test="dataMap.login_result != null">login_result,</if>
+            <if test="dataMap.cmdline != null">cmdline,</if>
+            <if test="dataMap.origin_attack_action != null">origin_attack_action,</if>
+            <if test="dataMap.victim_domain != null">victim_domain,</if>
+            <if test="dataMap.vpn_deviceid != null">vpn_deviceid,</if>
+            <if test="dataMap.vpn_access_action != null">vpn_access_action,</if>
+            <if test="dataMap.file_access_time != null">file_access_time,</if>
+            <if test="dataMap.file_name != null">file_name,</if>
+            <if test="dataMap.tc_class != null">tc_class,</if>
+            <if test="dataMap.tc_name2 != null">tc_name2,</if>
+            <if test="dataMap.login_lasttime != null">login_lasttime,</if>
+            <if test="dataMap.origin_permissions != null">origin_permissions,</if>
+            <if test="dataMap.begin_permissions != null">begin_permissions,</if>
+            <if test="dataMap.print_time != null">print_time,</if>
+            <if test="dataMap.printer != null">printer,</if>
+            <if test="dataMap.printer_type != null">printer_type,</if>
+            <if test="dataMap.print_pages != null">print_pages,</if>
+            <if test="dataMap.print_copies != null">print_copies,</if>
+            <if test="dataMap.src_device != null">src_device,</if>
+            <if test="dataMap.dst_device != null">dst_device,</if>
+            <if test="dataMap.src_file != null">src_file,</if>
+            <if test="dataMap.src_file_type != null">src_file_type,</if>
+            <if test="dataMap.src_file_path != null">src_file_path,</if>
+            <if test="dataMap.dst_file != null">dst_file,</if>
+            <if test="dataMap.dst_file_type != null">dst_file_type,</if>
+            <if test="dataMap.dst_file_path != null">dst_file_path,</if>
+            <if test="dataMap.dlp_policy_name != null">dlp_policy_name,</if>
+            <if test="dataMap.dlp_policy_type != null">dlp_policy_type,</if>
+            <if test="dataMap.dst_upload_url != null">dst_upload_url,</if>
+            <if test="dataMap.process_uuid != null">process_uuid,</if>
+            <if test="dataMap.p_process_uuid != null">p_process_uuid,</if>
+            <if test="dataMap.env != null">env,</if>
+            <if test="dataMap.brute_force_service != null">brute_force_service,</if>
+            <if test="dataMap.vuirs_name != null">vuirs_name,</if>
+            <if test="dataMap.http_req_length != null">http_req_length,</if>
+            <if test="dataMap.http_req_content_type != null">http_req_content_type,</if>
+            <if test="dataMap.tc_scan_port != null">tc_scan_port,</if>
+            <if test="dataMap.tc_labels != null">tc_labels,</if>
+            <if test="dataMap.http_resp_content_type != null">http_resp_content_type,</if>
+            <if test="dataMap.dns_msg_type != null">dns_msg_type,</if>
+            <if test="dataMap.dns_answer_length != null">dns_answer_length,</if>
+            <if test="dataMap.dns_ioc != null">dns_ioc,</if>
+            <if test="dataMap.tx_bytes != null">tx_bytes,</if>
+            <if test="dataMap.rx_bytes != null">rx_bytes,</if>
+            <if test="dataMap.all_bytes != null">all_bytes,</if>
+            <if test="dataMap.duration_time != null">duration_time,</if>
+            <if test="dataMap.mail_attach_name != null">mail_attach_name,</if>
+            <if test="dataMap.mail_subject != null">mail_subject,</if>
+            <if test="dataMap.mail_message != null">mail_message,</if>
+            <if test="dataMap.mail_send_server != null">mail_send_server,</if>
+            <if test="dataMap.mail_agent != null">mail_agent,</if>
+            <if test="dataMap.tls_version != null">tls_version,</if>
+            <if test="dataMap.tls_server_cert != null">tls_server_cert,</if>
+            <if test="dataMap.tls_server_suite != null">tls_server_suite,</if>
+            <if test="dataMap.tls_client_suites_len != null">tls_client_suites_len,</if>
+            <if test="dataMap.tls_ja3 != null">tls_ja3,</if>
+            <if test="dataMap.tls_ja3s != null">tls_ja3s,</if>
+            <if test="dataMap.vpn_access_port != null">vpn_access_port,</if>
+            <if test="dataMap.log_topic != null">log_topic,</if>
+            <if test="dataMap.collect_time != null">collect_time,</if>
+            <if test="dataMap.src_is_intranetip != null">src_is_intranetip,</if>
+            <if test="dataMap.src_ip_ioc != null">src_ip_ioc,</if>
+            <if test="dataMap.src_ip_apt != null">src_ip_apt,</if>
+            <if test="dataMap.srcip_name != null">srcip_name,</if>
+            <if test="dataMap.tc_client != null">tc_client,</if>
+            <if test="dataMap.srcip_organization_id != null">srcip_organization_id,</if>
+            <if test="dataMap.dest_ip_intranetip != null">dest_ip_intranetip,</if>
+            <if test="dataMap.dest_ip_ioc != null">dest_ip_ioc,</if>
+            <if test="dataMap.desip_id != null">desip_id,</if>
+            <if test="dataMap.desip_name != null">desip_name,</if>
+            <if test="dataMap.tc_hostip != null">tc_hostip,</if>
+            <if test="dataMap.desip_organization_id != null">desip_organization_id,</if>
+            <if test="dataMap.origin_confidence != null">origin_confidence,</if>
+            <if test="dataMap.origin_malscore != null">origin_malscore,</if>
+            <if test="dataMap.attacker_icampaign != null">attacker_icampaign,</if>
+            <if test="dataMap.attacker_host_asset_id != null">attacker_host_asset_id,</if>
+            <if test="dataMap.attacker_organization_id != null">attacker_organization_id,</if>
+            <if test="dataMap.victim_host_asset_id != null">victim_host_asset_id,</if>
+            <if test="dataMap.victim_organization_id != null">victim_organization_id,</if>
+            <if test="dataMap.logout_time != null">logout_time,</if>
+            <if test="dataMap.http_req_line != null">http_req_line,</if>
+            <if test="dataMap.desip_security_scope_id != null">desip_security_scope_id,</if>
+            <if test="dataMap.srcip_security_scope_id != null">srcip_security_scope_id,</if>
+            <if test="dataMap.http_resp_length != null">http_resp_length,</if>
+            <if test="dataMap.tc_attack_type != null">tc_attack_type,</if>
+            <if test="dataMap.tc_realip != null">tc_realip,</if>
+            <if test="dataMap.attacker_ip_lists != null">attacker_ip_lists,</if>
+            <if test="dataMap.login_password != null">login_password,</if>
+            <if test="dataMap.detail != null">detail,</if>
+            <if test="dataMap.attacker_country_code != null">attacker_country_code,</if>
+            <if test="dataMap.attacker_region_code != null">attacker_region_code,</if>
+            <if test="dataMap.victim_region_code != null">victim_region_code,</if>
+            <if test="dataMap.payload != null">payload,</if>
+            <if test="dataMap.http_referer != null">http_referer,</if>
+            <if test="dataMap.http_user_agent != null">http_user_agent,</if>
+            <if test="dataMap.http_session != null">http_session,</if>
+            <if test="dataMap.http_query_string != null">http_query_string,</if>
+            <if test="dataMap.file_path != null">file_path,</if>
+            <if test="dataMap.file_permission != null">file_permission,</if>
+            <if test="dataMap.login_abnormal_type != null">login_abnormal_type,</if>
+            <if test="dataMap.file_tag != null">file_tag,</if>
+            <if test="dataMap.file_platform != null">file_platform,</if>
+            <if test="dataMap.target_ip != null">target_ip,</if>
+            <if test="dataMap.collect_date != null">collect_date,</if>
+            <if test="dataMap.tc_client_ip != null">tc_client_ip,</if>
+            <if test="dataMap.tc_server_ip != null">tc_server_ip,</if>
+            <if test="dataMap.tc_externalip != null">tc_externalip,</if>
+            <if test="dataMap.http_status_code != null">http_status_code,</if>
+            <if test="dataMap.device_domian != null">device_domian,</if>
+            <if test="dataMap.src_ip_str != null">src_ip_str,</if>
+            <if test="dataMap.src_port_str != null">src_port_str,</if>
+            <if test="dataMap.dest_ip_str != null">dest_ip_str,</if>
+            <if test="dataMap.dest_port_str != null">dest_port_str,</if>
+            <if test="dataMap.pcap != null">pcap,</if>
+            <if test="dataMap.ioc != null">ioc,</if>
+            <if test="dataMap.malicious_family != null">malicious_family,</if>
+            <if test="dataMap.vuln_cve != null">vuln_cve,</if>
+            <if test="dataMap.aliyun_type != null">aliyun_type,</if>
+            <if test="dataMap.attacker_host_asset_name != null">attacker_host_asset_name,</if>
+            <if test="dataMap.attacker_organization_name != null">attacker_organization_name,</if>
+            <if test="dataMap.ct_id != null">ct_id,</if>
+            <if test="dataMap.cve_list != null">cve_list,</if>
+            <if test="dataMap.desip_organization_name != null">desip_organization_name,</if>
+            <if test="dataMap.dest_ip_group != null">dest_ip_group,</if>
+            <if test="dataMap.file_gid != null">file_gid,</if>
+            <if test="dataMap.file_owner != null">file_owner,</if>
+            <if test="dataMap.file_ownergroup != null">file_ownergroup,</if>
+            <if test="dataMap.file_uid != null">file_uid,</if>
+            <if test="dataMap.http_resp_cookie != null">http_resp_cookie,</if>
+            <if test="dataMap.origin_rule_id != null">origin_rule_id,</if>
+            <if test="dataMap.origin_rule_name != null">origin_rule_name,</if>
+            <if test="dataMap.service_name != null">service_name,</if>
+            <if test="dataMap.src_ip_asset_group != null">src_ip_asset_group,</if>
+            <if test="dataMap.srcip_organization_name != null">srcip_organization_name,</if>
+            <if test="dataMap.victim_host_asset_name != null">victim_host_asset_name,</if>
+            <if test="dataMap.http_resp_codes != null">http_resp_codes,</if>
+            <if test="dataMap.victim_organization_name != null">victim_organization_name,</if>
+            <if test="dataMap.tc_type != null">tc_type,</if>
+            <if test="dataMap.direction != null">direction,</if>
+            <if test="dataMap.http_req_cookie != null">http_req_cookie,</if>
+            <if test="dataMap.http_req_protocol != null">http_req_protocol,</if>
+            <if test="dataMap.http_req_header_raw != null">http_req_header_raw,</if>
+            <if test="dataMap.http_url != null">http_url,</if>
+            <if test="dataMap.uname != null">uname,</if>
+            <if test="dataMap.origin_hostname != null">origin_hostname,</if>
+            <if test="dataMap.origin_os != null">origin_os,</if>
+            <if test="dataMap.origin_agent_mac != null">origin_agent_mac,</if>
+            <if test="dataMap.origin_host_id != null">origin_host_id,</if>
+            <if test="dataMap.origin_agent_version != null">origin_agent_version,</if>
+            <if test="dataMap.origin_agent_id != null">origin_agent_id,</if>
+            <if test="dataMap.origin_agent_name != null">origin_agent_name,</if>
+            <if test="dataMap.origin_work_group != null">origin_work_group,</if>
+            <if test="dataMap.origin_asset_group != null">origin_asset_group,</if>
+            <if test="dataMap.origin_local_port != null">origin_local_port,</if>
+            <if test="dataMap.origin_agent_ip != null">origin_agent_ip,</if>
+            <if test="dataMap.origin_internal_ip != null">origin_internal_ip,</if>
+            <if test="dataMap.origin_external_ip != null">origin_external_ip,</if>
+            <if test="dataMap.origin_local_addr != null">origin_local_addr,</if>
+            <if test="dataMap.agent_id != null">agent_id,</if>
+            <if test="dataMap.agent_name != null">agent_name,</if>
+            <if test="dataMap.tc_title != null">tc_title,</if>
+            <if test="dataMap.log_id != null">log_id,</if>
+            <if test="dataMap.event_date != null">event_date,</if>
+            <if test="dataMap.event_time_ts != null">event_time_ts,</if>
+            <if test="dataMap.event_level != null">event_level,</if>
+            <if test="dataMap.src_ip != null">src_ip ,</if>
+            <if test="dataMap.src_port != null">src_port,</if>
+            <if test="dataMap.dest_ip != null">dest_ip,</if>
+            <if test="dataMap.dest_port != null">dest_port,</if>
+            <if test="dataMap.event_time != null">event_time,</if>
+            <if test="dataMap.attacker_country != null">attacker_country,</if>
+            <if test="dataMap.src_mac != null">src_mac,</if>
+            <if test="dataMap.dest_mac != null">dest_mac,</if>
+            <if test="dataMap.proto != null">proto,</if>
+            <if test="dataMap.dev_id != null">dev_id,</if>
+            <if test="dataMap.created_time != null">created_time,</if>
+            <if test="dataMap.src_country != null">src_country,</if>
+            <if test="dataMap.src_country_code != null">src_country_code,</if>
+            <if test="dataMap.src_region != null">src_region,</if>
+            <if test="dataMap.src_region_code != null">src_region_code,</if>
+            <if test="dataMap.src_city != null">src_city,</if>
+            <if test="dataMap.src_lon != null">src_lon,</if>
+            <if test="dataMap.http_method != null">http_method,</if>
+            <if test="dataMap.http_host != null">http_host,</if>
+            <if test="dataMap.http_req_header != null">http_req_header,</if>
+            <if test="dataMap.http_req_body != null">http_req_body,</if>
+            <if test="dataMap.http_resp_header != null">http_resp_header,</if>
+            <if test="dataMap.http_resp_body != null">http_resp_body,</if>
+            <if test="dataMap.file_type != null">file_type,</if>
+            <if test="dataMap.file_md5 != null">file_md5,</if>
+            <if test="dataMap.file_size != null">file_size,</if>
+            <if test="dataMap.process != null">process,</if>
+            <if test="dataMap.start_time != null">start_time,</if>
+            <if test="dataMap.action != null">action,</if>
+            <if test="dataMap.attacker_region != null">attacker_region,</if>
+            <if test="dataMap.end_time != null">end_time,</if>
+            <if test="dataMap.file_created_time != null">file_created_time,</if>
+            <if test="dataMap.file_modified_time != null">file_modified_time,</if>
+            <if test="dataMap.tc_miguan_scan_port != null">tc_miguan_scan_port,</if>
+            <if test="dataMap.process_path != null">process_path,</if>
+            <if test="dataMap.parent_process_path != null">parent_process_path,</if>
+            <if test="dataMap.gname != null">gname,</if>
+            <if test="dataMap.exe_name != null">exe_name,</if>
+            <if test="dataMap.exe_path != null">exe_path,</if>
+            <if test="dataMap.login_time != null">login_time,</if>
+            <if test="dataMap.login_times != null">login_times,</if>
+            <if test="dataMap.check_item != null">check_item,</if>
+            <if test="dataMap.check_type != null">check_type,</if>
+            <if test="dataMap.attacker_ip != null">attacker_ip,</if>
+            <if test="dataMap.attacker_port != null">attacker_port,</if>
+            <if test="dataMap.victim_ip != null">victim_ip,</if>
+            <if test="dataMap.victim_port != null">victim_port,</if>
+            <if test="dataMap.attacker_city != null">attacker_city,</if>
+            <if test="dataMap.attacker_lon != null">attacker_lon,</if>
+            <if test="dataMap.attacker_lat != null">attacker_lat,</if>
+            <if test="dataMap.victim_country != null">victim_country,</if>
+            <if test="dataMap.victim_region != null">victim_region,</if>
+            <if test="dataMap.victim_city != null">victim_city,</if>
+            <if test="dataMap.victim_lon != null">victim_lon,</if>
+            <if test="dataMap.victim_lat != null">victim_lat,</if>
+            <if test="dataMap.origin_event_id != null">origin_event_id,</if>
+            <if test="dataMap.origin_event_name != null">origin_event_name,</if>
+            <if test="dataMap.origin_event_category != null">origin_event_category,</if>
+            <if test="dataMap.origin_event_level != null">origin_event_level,</if>
+            <if test="dataMap.origin_attack_chain != null">origin_attack_chain,</if>
+            <if test="dataMap.engine_type != null">engine_type,</if>
+            <if test="dataMap.evil_payload != null">evil_payload,</if>
+            <if test="dataMap.http_resp_status != null">http_resp_status,</if>
+            <if test="dataMap.dns_query != null">dns_query,</if>
+            <if test="dataMap.dns_query_type != null">dns_query_type,</if>
+            <if test="dataMap.dns_ttl != null">dns_ttl,</if>
+            <if test="dataMap.dns_answer != null">dns_answer,</if>
+            <if test="dataMap.dns_subdomains != null">dns_subdomains,</if>
+            <if test="dataMap.file_sha256 != null">file_sha256,</if>
+            <if test="dataMap.file_ssdeep != null">file_ssdeep,</if>
+            <if test="dataMap.victim_country_code != null">victim_country_code,</if>
+            <if test="dataMap.http_xff_ip != null">http_xff_ip,</if>
+            <if test="dataMap.tc_miguan_class != null">tc_miguan_class,</if>
+            <if test="dataMap.pid != null">pid,</if>
+            <if test="dataMap.ppid != null">ppid,</if>
+            <if test="dataMap.process_name != null">process_name,</if>
+            <if test="dataMap.backdoor_type != null">backdoor_type,</if>
+            <if test="dataMap.tty != null">tty,</if>
+            <if test="dataMap.sudo_user != null">sudo_user,</if>
+            <if test="dataMap.sudo_group != null">sudo_group,</if>
+            <if test="dataMap.origin_event_type != null">origin_event_type,</if>
+            <if test="dataMap.dest_domain != null">dest_domain,</if>
+            <if test="dataMap.shell_cmdline != null">shell_cmdline,</if>
+            <if test="dataMap.parent_cmdline != null">parent_cmdline,</if>
+            <if test="dataMap.attack_chain != null">attack_chain,</if>
+            <if test="dataMap.process_tree != null">process_tree,</if>
+            <if test="dataMap.host_file_sha256 != null">host_file_sha256,</if>
+            <if test="dataMap.host_file_md5 != null">host_file_md5,</if>
+            <if test="dataMap.host_file_size != null">host_file_size,</if>
+            <if test="dataMap.host_file_type != null">host_file_type,</if>
+            <if test="dataMap.dest_country != null">dest_country,</if>
+            <if test="dataMap.dest_country_code != null">dest_country_code,</if>
+            <if test="dataMap.log_origin != null">log_origin,</if>
+            <if test="dataMap.dest_region != null">dest_region,</if>
+            <if test="dataMap.src_lat != null">src_lat,</if>
+            <if test="dataMap.dest_region_code != null">dest_region_code,</if>
+            <if test="dataMap.dest_city != null">dest_city,</if>
+            <if test="dataMap.dest_lon != null">dest_lon,</if>
+            <if test="dataMap.dest_lat != null">dest_lat,</if>
+            <if test="dataMap.event_category != null">event_category,</if>
+            <if test="dataMap.attack_result != null">attack_result,</if>
+            <if test="dataMap.probe_ip != null">probe_ip,</if>
+            <if test="dataMap.device_ip != null">device_ip,</if>
+            <if test="dataMap.device_manufacturer != null">device_manufacturer,</if>
+            <if test="dataMap.device_name != null">device_name,</if>
+            <if test="dataMap.product_name != null">product_name,</if>
+            <if test="dataMap.__id != null">__id,</if>
+            <if test="dataMap.__count != null">__count,</if>
+            <if test="dataMap.__count_reason != null">__count_reason,</if>
+            <if test="dataMap.event_type != null">event_type,</if>
+            <if test="dataMap.protocol != null">protocol,</if>
+            <if test="dataMap.shell_cmd != null">shell_cmd,</if>
+            <if test="dataMap.parent_name != null">parent_name,</if>
+            <if test="dataMap.host_file_path != null">host_file_path,</if>
+            <if test="dataMap.uid != null">uid,</if>
+            <if test="dataMap.fall != null">fall,</if>
+            <if test="dataMap.tc_miguan_server_ip != null">tc_miguan_server_ip,</if>
+            <if test="dataMap.dev_type != null">dev_type,</if>
+            <if test="dataMap.collect_method != null">collect_method,</if>
+            <if test="dataMap.field_cate_id != null">field_cate_id,</if>
+            <if test="dataMap.device_type != null">device_type,</if>
+            <if test="dataMap.tc_miguan_client_ip != null">tc_miguan_client_ip,</if>
+            <if test="dataMap.tc_miguan_name != null">tc_miguan_name,</if>
+            <if test="dataMap.origin_total_packages != null">origin_total_packages,</if>
+            <if test="dataMap.origin_total_bytes != null">origin_total_bytes,</if>
+            <if test="dataMap.origin_peak_packages_rate != null">origin_peak_packages_rate,</if>
+            <if test="dataMap.origin_peak_bytes_rate != null">origin_peak_bytes_rate,</if>
+            <if test="dataMap.origin_peak_flows_rate != null">origin_peak_flows_rate,</if>
+            <if test="dataMap.apt_orgname != null">apt_orgname,</if>
+            <if test="dataMap.apt_orgmsg != null">apt_orgmsg,</if>
+            <if test="dataMap.mail_message_id != null">mail_message_id,</if>
+            <if test="dataMap.mail_bcc != null">mail_bcc,</if>
+            <if test="dataMap.mail_size != null">mail_size,</if>
+            <if test="dataMap.mail_attach_hashcode != null">mail_attach_hashcode,</if>
+            <if test="dataMap.mail_url != null">mail_url,</if>
+            <if test="dataMap.mail_cc != null">mail_cc,</if>
+            <if test="dataMap.algorithm != null">algorithm,</if>
+            <if test="dataMap.miningpool_ip != null">miningpool_ip,</if>
+            <if test="dataMap.process_md5 != null">process_md5,</if>
+            <if test="dataMap.pprocess_md5 != null">pprocess_md5,</if>
+            <if test="dataMap.source_servername != null">source_servername,</if>
+            <if test="dataMap.origin_source_servername != null">origin_source_servername,</if>
+            <if test="dataMap.mail_filename != null">mail_filename,</if>
+            <if test="dataMap.dst_upload_appname != null">dst_upload_appname,</if>
+            <if test="dataMap.target_port != null">target_port,</if>
+            <if test="dataMap.gid != null">gid,</if>
+            <if test="dataMap.origin_uid != null">origin_uid,</if>
+            <if test="dataMap.origin_gid != null">origin_gid,</if>
+            <if test="dataMap.target_ports != null">target_ports,</if>
+            <if test="dataMap.tc_miguan_name1 != null">tc_miguan_name1,</if>
+            <if test="dataMap.tc_miguan_class1 != null">tc_miguan_class1,</if>
+            <if test="dataMap.etl_time != null">etl_time,</if>
+            <if test="dataMap.tc_miguan_scan_port2 != null">tc_miguan_scan_port2,</if>
+            <if test="dataMap.desip_security_scope != null">desip_security_scope,</if>
+            <if test="dataMap.srcip_security_scope != null">srcip_security_scope,</if>
+            <if test="dataMap.collect_time_ts != null">collect_time_ts,</if>
+            <if test="dataMap.tc_miguan_scan_port1 != null">tc_miguan_scan_port1,</if>
+            <if test="dataMap.src_dev_name != null">src_dev_name,</if>
+            <if test="dataMap.collect_protocol != null">collect_protocol,</if>
+            <if test="dataMap.destination_system_type != null">destination_system_type,</if>
+            <if test="dataMap.destination_system != null">destination_system,</if>
+            <if test="dataMap.etl_host != null">etl_host,</if>
+            <if test="dataMap.normalize_rule_id != null">normalize_rule_id,</if>
+            <if test="dataMap.normalize_rule_name != null">normalize_rule_name,</if>
+            <if test="dataMap.syslog_uuid != null">syslog_uuid,</if>
+            <if test="dataMap.syslog_topic != null">syslog_topic,</if>
+        </trim>
+        VALUES
+        <trim prefix="(" suffix=")" suffixOverrides=",">
+            <if test="dataMap.id != null">#{dataMap.id},</if>
+            <if test="dataMap.created_at != null">#{dataMap.created_at},</if>
+            <if test="dataMap.log_time != null">#{dataMap.log_time},</if>
+            <if test="dataMap.device_id != null">#{dataMap.device_id},</if>
+            <if test="dataMap.webshell_type != null">#{dataMap.webshell_type},</if>
+            <if test="dataMap.vuirs_type != null">#{dataMap.vuirs_type},</if>
+            <if test="dataMap.vuirs_url != null">#{dataMap.vuirs_url},</if>
+            <if test="dataMap.class_filename != null">#{dataMap.class_filename},</if>
+            <if test="dataMap.class_path != null">#{dataMap.class_path},</if>
+            <if test="dataMap.parent_class != null">#{dataMap.parent_class},</if>
+            <if test="dataMap.jar_path != null">#{dataMap.jar_path},</if>
+            <if test="dataMap.class_md5 != null">#{dataMap.class_md5},</if>
+            <if test="dataMap.class_loader != null">#{dataMap.class_loader},</if>
+            <if test="dataMap.class_hashcode != null">#{dataMap.class_hashcode},</if>
+            <if test="dataMap.class_loader_hashcode != null">#{dataMap.class_loader_hashcode},</if>
+            <if test="dataMap.tc_nameip != null">#{dataMap.tc_nameip},</if>
+            <if test="dataMap.perform_sql != null">#{dataMap.perform_sql},</if>
+            <if test="dataMap.tc_account != null">#{dataMap.tc_account},</if>
+            <if test="dataMap.tc_appname != null">#{dataMap.tc_appname},</if>
+            <if test="dataMap.process_uname != null">#{dataMap.process_uname},</if>
+            <if test="dataMap.p_process_uname != null">#{dataMap.p_process_uname},</if>
+            <if test="dataMap.container_name != null">#{dataMap.container_name},</if>
+            <if test="dataMap.container_id != null">#{dataMap.container_id},</if>
+            <if test="dataMap.http_resp_server != null">#{dataMap.http_resp_server},</if>
+            <if test="dataMap.srcip_id != null">#{dataMap.srcip_id},</if>
+            <if test="dataMap.cdnip != null">#{dataMap.cdnip}::inet,</if>
+            <if test="dataMap.natip != null">#{dataMap.natip}::inet,</if>
+            <if test="dataMap.mail_sender != null">#{dataMap.mail_sender},</if>
+            <if test="dataMap.mail_receiver != null">#{dataMap.mail_receiver},</if>
+            <if test="dataMap.vpn_mac != null">#{dataMap.vpn_mac},</if>
+            <if test="dataMap.vpn_os != null">#{dataMap.vpn_os},</if>
+            <if test="dataMap.vpn_user != null">#{dataMap.vpn_user},</if>
+            <if test="dataMap.vpn_groupname != null">#{dataMap.vpn_groupname},</if>
+            <if test="dataMap.vpn_access_ip != null">#{dataMap.vpn_access_ip},</if>
+            <if test="dataMap.dest_ip_apt != null">#{dataMap.dest_ip_apt},</if>
+            <if test="dataMap.origin_attack_result != null">#{dataMap.origin_attack_result},</if>
+            <if test="dataMap.description != null">#{dataMap.description},</if>
+            <if test="dataMap.solution != null">#{dataMap.solution},</if>
+            <if test="dataMap.attack_cause != null">#{dataMap.attack_cause},</if>
+            <if test="dataMap.username != null">#{dataMap.username},</if>
+            <if test="dataMap.tc_flow_id != null">#{dataMap.tc_flow_id},</if>
+            <if test="dataMap.login_result != null">#{dataMap.login_result},</if>
+            <if test="dataMap.cmdline != null">#{dataMap.cmdline},</if>
+            <if test="dataMap.origin_attack_action != null">#{dataMap.origin_attack_action},</if>
+            <if test="dataMap.victim_domain != null">#{dataMap.victim_domain},</if>
+            <if test="dataMap.vpn_deviceid != null">#{dataMap.vpn_deviceid},</if>
+            <if test="dataMap.vpn_access_action != null">#{dataMap.vpn_access_action},</if>
+            <if test="dataMap.file_access_time != null">#{dataMap.file_access_time},</if>
+            <if test="dataMap.file_name != null">#{dataMap.file_name},</if>
+            <if test="dataMap.tc_class != null">#{dataMap.tc_class},</if>
+            <if test="dataMap.tc_name2 != null">#{dataMap.tc_name2},</if>
+            <if test="dataMap.login_lasttime != null">#{dataMap.login_lasttime},</if>
+            <if test="dataMap.origin_permissions != null">#{dataMap.origin_permissions},</if>
+            <if test="dataMap.begin_permissions != null">#{dataMap.begin_permissions},</if>
+            <if test="dataMap.print_time != null">#{dataMap.print_time},</if>
+            <if test="dataMap.printer != null">#{dataMap.printer},</if>
+            <if test="dataMap.printer_type != null">#{dataMap.printer_type},</if>
+            <if test="dataMap.print_pages != null">#{dataMap.print_pages},</if>
+            <if test="dataMap.print_copies != null">#{dataMap.print_copies},</if>
+            <if test="dataMap.src_device != null">#{dataMap.src_device},</if>
+            <if test="dataMap.dst_device != null">#{dataMap.dst_device},</if>
+            <if test="dataMap.src_file != null">#{dataMap.src_file},</if>
+            <if test="dataMap.src_file_type != null">#{dataMap.src_file_type},</if>
+            <if test="dataMap.src_file_path != null">#{dataMap.src_file_path},</if>
+            <if test="dataMap.dst_file != null">#{dataMap.dst_file},</if>
+            <if test="dataMap.dst_file_type != null">#{dataMap.dst_file_type},</if>
+            <if test="dataMap.dst_file_path != null">#{dataMap.dst_file_path},</if>
+            <if test="dataMap.dlp_policy_name != null">#{dataMap.dlp_policy_name},</if>
+            <if test="dataMap.dlp_policy_type != null">#{dataMap.dlp_policy_type},</if>
+            <if test="dataMap.dst_upload_url != null">#{dataMap.dst_upload_url},</if>
+            <if test="dataMap.process_uuid != null">#{dataMap.process_uuid},</if>
+            <if test="dataMap.p_process_uuid != null">#{dataMap.p_process_uuid},</if>
+            <if test="dataMap.env != null">#{dataMap.env},</if>
+            <if test="dataMap.brute_force_service != null">#{dataMap.brute_force_service},</if>
+            <if test="dataMap.vuirs_name != null">#{dataMap.vuirs_name},</if>
+            <if test="dataMap.http_req_length != null">#{dataMap.http_req_length},</if>
+            <if test="dataMap.http_req_content_type != null">#{dataMap.http_req_content_type},</if>
+            <if test="dataMap.tc_scan_port != null">#{dataMap.tc_scan_port}::inet,</if>
+            <if test="dataMap.tc_labels != null">#{dataMap.tc_labels}::inet,</if>
+            <if test="dataMap.http_resp_content_type != null">#{dataMap.http_resp_content_type},</if>
+            <if test="dataMap.dns_msg_type != null">#{dataMap.dns_msg_type},</if>
+            <if test="dataMap.dns_answer_length != null">#{dataMap.dns_answer_length},</if>
+            <if test="dataMap.dns_ioc != null">#{dataMap.dns_ioc},</if>
+            <if test="dataMap.tx_bytes != null">#{dataMap.tx_bytes}::double precision,</if>
+            <if test="dataMap.rx_bytes != null">#{dataMap.rx_bytes}::double precision,</if>
+            <if test="dataMap.all_bytes != null">#{dataMap.all_bytes}::double precision,</if>
+            <if test="dataMap.duration_time != null">#{dataMap.duration_time},</if>
+            <if test="dataMap.mail_attach_name != null">#{dataMap.mail_attach_name},</if>
+            <if test="dataMap.mail_subject != null">#{dataMap.mail_subject},</if>
+            <if test="dataMap.mail_message != null">#{dataMap.mail_message},</if>
+            <if test="dataMap.mail_send_server != null">#{dataMap.mail_send_server},</if>
+            <if test="dataMap.mail_agent != null">#{dataMap.mail_agent},</if>
+            <if test="dataMap.tls_version != null">#{dataMap.tls_version},</if>
+            <if test="dataMap.tls_server_cert != null">#{dataMap.tls_server_cert},</if>
+            <if test="dataMap.tls_server_suite != null">#{dataMap.tls_server_suite},</if>
+            <if test="dataMap.tls_client_suites_len != null">#{dataMap.tls_client_suites_len},</if>
+            <if test="dataMap.tls_ja3 != null">#{dataMap.tls_ja3},</if>
+            <if test="dataMap.tls_ja3s != null">#{dataMap.tls_ja3s},</if>
+            <if test="dataMap.vpn_access_port != null">#{dataMap.vpn_access_port},</if>
+            <if test="dataMap.log_topic != null">#{dataMap.log_topic},</if>
+            <if test="dataMap.collect_time != null">#{dataMap.collect_time},</if>
+            <if test="dataMap.src_is_intranetip != null">#{dataMap.src_is_intranetip},</if>
+            <if test="dataMap.src_ip_ioc != null">#{dataMap.src_ip_ioc},</if>
+            <if test="dataMap.src_ip_apt != null">#{dataMap.src_ip_apt},</if>
+            <if test="dataMap.srcip_name != null">#{dataMap.srcip_name},</if>
+            <if test="dataMap.tc_client != null">#{dataMap.tc_client},</if>
+            <if test="dataMap.srcip_organization_id != null">#{dataMap.srcip_organization_id},</if>
+            <if test="dataMap.dest_ip_intranetip != null">#{dataMap.dest_ip_intranetip},</if>
+            <if test="dataMap.dest_ip_ioc != null">#{dataMap.dest_ip_ioc},</if>
+            <if test="dataMap.desip_id != null">#{dataMap.desip_id},</if>
+            <if test="dataMap.desip_name != null">#{dataMap.desip_name},</if>
+            <if test="dataMap.tc_hostip != null">#{dataMap.tc_hostip}::inet,</if>
+            <if test="dataMap.desip_organization_id != null">#{dataMap.desip_organization_id},</if>
+            <if test="dataMap.origin_confidence != null">#{dataMap.origin_confidence},</if>
+            <if test="dataMap.origin_malscore != null">#{dataMap.origin_malscore},</if>
+            <if test="dataMap.attacker_icampaign != null">#{dataMap.attacker_icampaign},</if>
+            <if test="dataMap.attacker_host_asset_id != null">#{dataMap.attacker_host_asset_id},</if>
+            <if test="dataMap.attacker_organization_id != null">#{dataMap.attacker_organization_id},</if>
+            <if test="dataMap.victim_host_asset_id != null">#{dataMap.victim_host_asset_id},</if>
+            <if test="dataMap.victim_organization_id != null">#{dataMap.victim_organization_id},</if>
+            <if test="dataMap.logout_time != null">#{dataMap.logout_time},</if>
+            <if test="dataMap.http_req_line != null">#{dataMap.http_req_line},</if>
+            <if test="dataMap.desip_security_scope_id != null">#{dataMap.desip_security_scope_id},</if>
+            <if test="dataMap.srcip_security_scope_id != null">#{dataMap.srcip_security_scope_id},</if>
+            <if test="dataMap.http_resp_length != null">#{dataMap.http_resp_length},</if>
+            <if test="dataMap.tc_attack_type != null">#{dataMap.tc_attack_type},</if>
+            <if test="dataMap.tc_realip != null">#{dataMap.tc_realip}::inet,</if>
+            <if test="dataMap.attacker_ip_lists != null">#{dataMap.attacker_ip_lists},</if>
+            <if test="dataMap.login_password != null">#{dataMap.login_password},</if>
+            <if test="dataMap.detail != null">#{dataMap.detail},</if>
+            <if test="dataMap.attacker_country_code != null">#{dataMap.attacker_country_code},</if>
+            <if test="dataMap.attacker_region_code != null">#{dataMap.attacker_region_code},</if>
+            <if test="dataMap.victim_region_code != null">#{dataMap.victim_region_code},</if>
+            <if test="dataMap.payload != null">#{dataMap.payload},</if>
+            <if test="dataMap.http_referer != null">#{dataMap.http_referer},</if>
+            <if test="dataMap.http_user_agent != null">#{dataMap.http_user_agent},</if>
+            <if test="dataMap.http_session != null">#{dataMap.http_session},</if>
+            <if test="dataMap.http_query_string != null">#{dataMap.http_query_string},</if>
+            <if test="dataMap.file_path != null">#{dataMap.file_path},</if>
+            <if test="dataMap.file_permission != null">#{dataMap.file_permission},</if>
+            <if test="dataMap.login_abnormal_type != null">#{dataMap.login_abnormal_type},</if>
+            <if test="dataMap.file_tag != null">#{dataMap.file_tag},</if>
+            <if test="dataMap.file_platform != null">#{dataMap.file_platform},</if>
+            <if test="dataMap.target_ip != null">#{dataMap.target_ip}::inet,</if>
+            <if test="dataMap.collect_date != null">#{dataMap.collect_date},</if>
+            <if test="dataMap.tc_client_ip != null">#{dataMap.tc_client_ip}::inet,</if>
+            <if test="dataMap.tc_server_ip != null">#{dataMap.tc_server_ip}::inet,</if>
+            <if test="dataMap.tc_externalip != null">#{dataMap.tc_externalip}::inet,</if>
+            <if test="dataMap.http_status_code != null">#{dataMap.http_status_code},</if>
+            <if test="dataMap.device_domian != null">#{dataMap.device_domian},</if>
+            <if test="dataMap.src_ip_str != null">#{dataMap.src_ip_str},</if>
+            <if test="dataMap.src_port_str != null">#{dataMap.src_port_str},</if>
+            <if test="dataMap.dest_ip_str != null">  #{dataMap.dest_ip_str} ,</if>
+            <if test="dataMap.dest_port_str != null">CAST(#{dataMap.dest_port_str} AS text),</if>
+            <if test="dataMap.pcap != null">#{dataMap.pcap},</if>
+            <if test="dataMap.ioc != null">#{dataMap.ioc},</if>
+            <if test="dataMap.malicious_family != null">#{dataMap.malicious_family},</if>
+            <if test="dataMap.vuln_cve != null">#{dataMap.vuln_cve},</if>
+            <if test="dataMap.aliyun_type != null">#{dataMap.aliyun_type},</if>
+            <if test="dataMap.attacker_host_asset_name != null">#{dataMap.attacker_host_asset_name},</if>
+            <if test="dataMap.attacker_organization_name != null">#{dataMap.attacker_organization_name},</if>
+            <if test="dataMap.ct_id != null">#{dataMap.ct_id},</if>
+            <if test="dataMap.cve_list != null">#{dataMap.cve_list},</if>
+            <if test="dataMap.desip_organization_name != null">#{dataMap.desip_organization_name},</if>
+            <if test="dataMap.dest_ip_group != null">#{dataMap.dest_ip_group},</if>
+            <if test="dataMap.file_gid != null">#{dataMap.file_gid},</if>
+            <if test="dataMap.file_owner != null">#{dataMap.file_owner},</if>
+            <if test="dataMap.file_ownergroup != null">#{dataMap.file_ownergroup},</if>
+            <if test="dataMap.file_uid != null">#{dataMap.file_uid},</if>
+            <if test="dataMap.http_resp_cookie != null">#{dataMap.http_resp_cookie},</if>
+            <if test="dataMap.origin_rule_id != null">#{dataMap.origin_rule_id},</if>
+            <if test="dataMap.origin_rule_name != null">#{dataMap.origin_rule_name},</if>
+            <if test="dataMap.service_name != null">#{dataMap.service_name},</if>
+            <if test="dataMap.src_ip_asset_group != null">#{dataMap.src_ip_asset_group},</if>
+            <if test="dataMap.srcip_organization_name != null">#{dataMap.srcip_organization_name},</if>
+            <if test="dataMap.victim_host_asset_name != null">#{dataMap.victim_host_asset_name},</if>
+            <if test="dataMap.http_resp_codes != null">#{dataMap.http_resp_codes}::bigint,</if>
+            <if test="dataMap.victim_organization_name != null">#{dataMap.victim_organization_name},</if>
+            <if test="dataMap.tc_type != null">#{dataMap.tc_type},</if>
+            <if test="dataMap.direction != null">#{dataMap.direction},</if>
+            <if test="dataMap.http_req_cookie != null">#{dataMap.http_req_cookie},</if>
+            <if test="dataMap.http_req_protocol != null">#{dataMap.http_req_protocol},</if>
+            <if test="dataMap.http_req_header_raw != null">#{dataMap.http_req_header_raw},</if>
+            <if test="dataMap.http_url != null">#{dataMap.http_url},</if>
+            <if test="dataMap.uname != null">#{dataMap.uname},</if>
+            <if test="dataMap.origin_hostname != null">#{dataMap.origin_hostname},</if>
+            <if test="dataMap.origin_os != null">#{dataMap.origin_os},</if>
+            <if test="dataMap.origin_agent_mac != null">#{dataMap.origin_agent_mac},</if>
+            <if test="dataMap.origin_host_id != null">#{dataMap.origin_host_id},</if>
+            <if test="dataMap.origin_agent_version != null">#{dataMap.origin_agent_version},</if>
+            <if test="dataMap.origin_agent_id != null">#{dataMap.origin_agent_id},</if>
+            <if test="dataMap.origin_agent_name != null">#{dataMap.origin_agent_name},</if>
+            <if test="dataMap.origin_work_group != null">#{dataMap.origin_work_group},</if>
+            <if test="dataMap.origin_asset_group != null">#{dataMap.origin_asset_group},</if>
+            <if test="dataMap.origin_local_port != null">#{dataMap.origin_local_port},</if>
+            <if test="dataMap.origin_agent_ip != null">#{dataMap.origin_agent_ip}::inet,</if>
+            <if test="dataMap.origin_internal_ip != null">#{dataMap.origin_internal_ip}::inet,</if>
+            <if test="dataMap.origin_external_ip != null">#{dataMap.origin_external_ip}::inet,</if>
+            <if test="dataMap.origin_local_addr != null">#{dataMap.origin_local_addr}::inet,</if>
+            <if test="dataMap.agent_id != null">#{dataMap.agent_id},</if>
+            <if test="dataMap.agent_name != null">#{dataMap.agent_name},</if>
+            <if test="dataMap.tc_title != null">#{dataMap.tc_title},</if>
+            <if test="dataMap.log_id != null">#{dataMap.log_id},</if>
+            <if test="dataMap.event_date != null">#{dataMap.event_date},</if>
+            <if test="dataMap.event_time_ts != null">#{dataMap.event_time_ts},</if>
+            <if test="dataMap.event_level != null">#{dataMap.event_level}::int ,</if>
+            <if test="dataMap.src_ip != null">#{dataMap.src_ip}::inet,</if>
+            <if test="dataMap.src_port != null">#{dataMap.src_port}::BIGINT ,</if>
+            <if test="dataMap.dest_ip != null">#{dataMap.dest_ip}::inet,</if>
+            <if test="dataMap.dest_port != null">#{dataMap.dest_port}::BIGINT,</if>
+            <if test="dataMap.event_time != null">#{dataMap.event_time},</if>
+            <if test="dataMap.attacker_country != null">#{dataMap.attacker_country},</if>
+            <if test="dataMap.src_mac != null">#{dataMap.src_mac},</if>
+            <if test="dataMap.dest_mac != null">#{dataMap.dest_mac},</if>
+            <if test="dataMap.proto != null">#{dataMap.proto},</if>
+            <if test="dataMap.dev_id != null">#{dataMap.dev_id},</if>
+            <if test="dataMap.created_time != null">#{dataMap.created_time},</if>
+            <if test="dataMap.src_country != null">#{dataMap.src_country},</if>
+            <if test="dataMap.src_country_code != null">#{dataMap.src_country_code},</if>
+            <if test="dataMap.src_region != null">#{dataMap.src_region},</if>
+            <if test="dataMap.src_region_code != null">#{dataMap.src_region_code},</if>
+            <if test="dataMap.src_city != null">#{dataMap.src_city},</if>
+            <if test="dataMap.src_lon != null">#{dataMap.src_lon},</if>
+            <if test="dataMap.http_method != null">#{dataMap.http_method},</if>
+            <if test="dataMap.http_host != null">#{dataMap.http_host},</if>
+            <if test="dataMap.http_req_header != null">#{dataMap.http_req_header},</if>
+            <if test="dataMap.http_req_body != null">#{dataMap.http_req_body},</if>
+            <if test="dataMap.http_resp_header != null">#{dataMap.http_resp_header},</if>
+            <if test="dataMap.http_resp_body != null">#{dataMap.http_resp_body},</if>
+            <if test="dataMap.file_type != null">#{dataMap.file_type},</if>
+            <if test="dataMap.file_md5 != null">#{dataMap.file_md5},</if>
+            <if test="dataMap.file_size != null">#{dataMap.file_size},</if>
+            <if test="dataMap.process != null">#{dataMap.process},</if>
+            <if test="dataMap.start_time != null">#{dataMap.start_time},</if>
+            <if test="dataMap.action != null">#{dataMap.action},</if>
+            <if test="dataMap.attacker_region != null">#{dataMap.attacker_region},</if>
+            <if test="dataMap.end_time != null">#{dataMap.end_time},</if>
+            <if test="dataMap.file_created_time != null">#{dataMap.file_created_time},</if>
+            <if test="dataMap.file_modified_time != null">#{dataMap.file_modified_time},</if>
+            <if test="dataMap.tc_miguan_scan_port != null">#{dataMap.tc_miguan_scan_port}::inet,</if>
+            <if test="dataMap.process_path != null">#{dataMap.process_path},</if>
+            <if test="dataMap.parent_process_path != null">#{dataMap.parent_process_path},</if>
+            <if test="dataMap.gname != null">#{dataMap.gname},</if>
+            <if test="dataMap.exe_name != null">#{dataMap.exe_name},</if>
+            <if test="dataMap.exe_path != null">#{dataMap.exe_path},</if>
+            <if test="dataMap.login_time != null">#{dataMap.login_time},</if>
+            <if test="dataMap.login_times != null">#{dataMap.login_times},</if>
+            <if test="dataMap.check_item != null">#{dataMap.check_item},</if>
+            <if test="dataMap.check_type != null">#{dataMap.check_type},</if>
+            <if test="dataMap.attacker_ip != null">#{dataMap.attacker_ip}::inet,</if>
+            <if test="dataMap.attacker_port != null">#{dataMap.attacker_port},</if>
+            <if test="dataMap.victim_ip != null">#{dataMap.victim_ip}::inet,</if>
+            <if test="dataMap.victim_port != null">#{dataMap.victim_port},</if>
+            <if test="dataMap.attacker_city != null">#{dataMap.attacker_city},</if>
+            <if test="dataMap.attacker_lon != null">#{dataMap.attacker_lon},</if>
+            <if test="dataMap.attacker_lat != null">#{dataMap.attacker_lat},</if>
+            <if test="dataMap.victim_country != null">#{dataMap.victim_country},</if>
+            <if test="dataMap.victim_region != null">#{dataMap.victim_region},</if>
+            <if test="dataMap.victim_city != null">#{dataMap.victim_city},</if>
+            <if test="dataMap.victim_lon != null">#{dataMap.victim_lon},</if>
+            <if test="dataMap.victim_lat != null">#{dataMap.victim_lat},</if>
+            <if test="dataMap.origin_event_id != null">#{dataMap.origin_event_id},</if>
+            <if test="dataMap.origin_event_name != null">#{dataMap.origin_event_name},</if>
+            <if test="dataMap.origin_event_category != null">#{dataMap.origin_event_category},</if>
+            <if test="dataMap.origin_event_level != null">#{dataMap.origin_event_level},</if>
+            <if test="dataMap.origin_attack_chain != null">#{dataMap.origin_attack_chain},</if>
+            <if test="dataMap.engine_type != null">#{dataMap.engine_type},</if>
+            <if test="dataMap.evil_payload != null">#{dataMap.evil_payload},</if>
+            <if test="dataMap.http_resp_status != null">#{dataMap.http_resp_status},</if>
+            <if test="dataMap.dns_query != null">#{dataMap.dns_query},</if>
+            <if test="dataMap.dns_query_type != null">#{dataMap.dns_query_type},</if>
+            <if test="dataMap.dns_ttl != null">#{dataMap.dns_ttl},</if>
+            <if test="dataMap.dns_answer != null">#{dataMap.dns_answer},</if>
+            <if test="dataMap.dns_subdomains != null">#{dataMap.dns_subdomains},</if>
+            <if test="dataMap.file_sha256 != null">#{dataMap.file_sha256},</if>
+            <if test="dataMap.file_ssdeep != null">#{dataMap.file_ssdeep},</if>
+            <if test="dataMap.victim_country_code != null">#{dataMap.victim_country_code},</if>
+            <if test="dataMap.http_xff_ip != null">#{dataMap.http_xff_ip},</if>
+            <if test="dataMap.tc_miguan_class != null">#{dataMap.tc_miguan_class}::inet,</if>
+            <if test="dataMap.pid != null">#{dataMap.pid},</if>
+            <if test="dataMap.ppid != null">#{dataMap.ppid},</if>
+            <if test="dataMap.process_name != null">#{dataMap.process_name},</if>
+            <if test="dataMap.backdoor_type != null">#{dataMap.backdoor_type},</if>
+            <if test="dataMap.tty != null">#{dataMap.tty},</if>
+            <if test="dataMap.sudo_user != null">#{dataMap.sudo_user},</if>
+            <if test="dataMap.sudo_group != null">#{dataMap.sudo_group},</if>
+            <if test="dataMap.origin_event_type != null">#{dataMap.origin_event_type},</if>
+            <if test="dataMap.dest_domain != null">#{dataMap.dest_domain},</if>
+            <if test="dataMap.shell_cmdline != null">#{dataMap.shell_cmdline},</if>
+            <if test="dataMap.parent_cmdline != null">#{dataMap.parent_cmdline},</if>
+            <if test="dataMap.attack_chain != null">#{dataMap.attack_chain},</if>
+            <if test="dataMap.process_tree != null">#{dataMap.process_tree},</if>
+            <if test="dataMap.host_file_sha256 != null">#{dataMap.host_file_sha256},</if>
+            <if test="dataMap.host_file_md5 != null">#{dataMap.host_file_md5},</if>
+            <if test="dataMap.host_file_size != null">#{dataMap.host_file_size},</if>
+            <if test="dataMap.host_file_type != null">#{dataMap.host_file_type},</if>
+            <if test="dataMap.dest_country != null">#{dataMap.dest_country},</if>
+            <if test="dataMap.dest_country_code != null">#{dataMap.dest_country_code},</if>
+            <if test="dataMap.log_origin != null">#{dataMap.log_origin},</if>
+            <if test="dataMap.dest_region != null">#{dataMap.dest_region},</if>
+            <if test="dataMap.src_lat != null">#{dataMap.src_lat},</if>
+            <if test="dataMap.dest_region_code != null">#{dataMap.dest_region_code},</if>
+            <if test="dataMap.dest_city != null">#{dataMap.dest_city},</if>
+            <if test="dataMap.dest_lon != null">#{dataMap.dest_lon},</if>
+            <if test="dataMap.dest_lat != null">#{dataMap.dest_lat},</if>
+            <if test="dataMap.event_category != null">#{dataMap.event_category},</if>
+            <if test="dataMap.attack_result != null">#{dataMap.attack_result},</if>
+            <if test="dataMap.probe_ip != null">#{dataMap.probe_ip}::inet,</if>
+            <if test="dataMap.device_ip != null">#{dataMap.device_ip}::inet,</if>
+            <if test="dataMap.device_manufacturer != null">#{dataMap.device_manufacturer},</if>
+            <if test="dataMap.device_name != null">#{dataMap.device_name},</if>
+            <if test="dataMap.product_name != null">#{dataMap.product_name},</if>
+            <if test="dataMap.__id != null">#{dataMap.__id},</if>
+            <if test="dataMap.__count != null">#{dataMap.__count},</if>
+            <if test="dataMap.__count_reason != null">#{dataMap.__count_reason},</if>
+            <if test="dataMap.event_type != null">#{dataMap.event_type}::int,</if>
+            <if test="dataMap.protocol != null">#{dataMap.protocol},</if>
+            <if test="dataMap.shell_cmd != null">#{dataMap.shell_cmd},</if>
+            <if test="dataMap.parent_name != null">#{dataMap.parent_name},</if>
+            <if test="dataMap.host_file_path != null">#{dataMap.host_file_path},</if>
+            <if test="dataMap.uid != null">#{dataMap.uid},</if>
+            <if test="dataMap.fall != null">#{dataMap.fall},</if>
+            <if test="dataMap.tc_miguan_server_ip != null">#{dataMap.tc_miguan_server_ip}::inet,</if>
+            <if test="dataMap.dev_type != null">#{dataMap.dev_type},</if>
+            <if test="dataMap.collect_method != null">#{dataMap.collect_method},</if>
+            <if test="dataMap.field_cate_id != null">#{dataMap.field_cate_id},</if>
+            <if test="dataMap.device_type != null">#{dataMap.device_type},</if>
+            <if test="dataMap.tc_miguan_client_ip != null">#{dataMap.tc_miguan_client_ip}::inet,</if>
+            <if test="dataMap.tc_miguan_name != null">#{dataMap.tc_miguan_name}::inet,</if>
+            <if test="dataMap.origin_total_packages != null">#{dataMap.origin_total_packages},</if>
+            <if test="dataMap.origin_total_bytes != null">#{dataMap.origin_total_bytes},</if>
+            <if test="dataMap.origin_peak_packages_rate != null">#{dataMap.origin_peak_packages_rate},</if>
+            <if test="dataMap.origin_peak_bytes_rate != null">#{dataMap.origin_peak_bytes_rate},</if>
+            <if test="dataMap.origin_peak_flows_rate != null">#{dataMap.origin_peak_flows_rate},</if>
+            <if test="dataMap.apt_orgname != null">#{dataMap.apt_orgname},</if>
+            <if test="dataMap.apt_orgmsg != null">#{dataMap.apt_orgmsg},</if>
+            <if test="dataMap.mail_message_id != null">#{dataMap.mail_message_id},</if>
+            <if test="dataMap.mail_bcc != null">#{dataMap.mail_bcc},</if>
+            <if test="dataMap.mail_size != null">#{dataMap.mail_size},</if>
+            <if test="dataMap.mail_attach_hashcode != null">#{dataMap.mail_attach_hashcode},</if>
+            <if test="dataMap.mail_url != null">#{dataMap.mail_url},</if>
+            <if test="dataMap.mail_cc != null">#{dataMap.mail_cc},</if>
+            <if test="dataMap.algorithm != null">#{dataMap.algorithm},</if>
+            <if test="dataMap.miningpool_ip != null">#{dataMap.miningpool_ip}::inet,</if>
+            <if test="dataMap.process_md5 != null">#{dataMap.process_md5},</if>
+            <if test="dataMap.pprocess_md5 != null">#{dataMap.pprocess_md5},</if>
+            <if test="dataMap.source_servername != null">#{dataMap.source_servername},</if>
+            <if test="dataMap.origin_source_servername != null">#{dataMap.origin_source_servername},</if>
+            <if test="dataMap.mail_filename != null">#{dataMap.mail_filename},</if>
+            <if test="dataMap.dst_upload_appname != null">#{dataMap.dst_upload_appname},</if>
+            <if test="dataMap.target_port != null">#{dataMap.target_port},</if>
+            <if test="dataMap.gid != null">#{dataMap.gid},</if>
+            <if test="dataMap.origin_uid != null">#{dataMap.origin_uid},</if>
+            <if test="dataMap.origin_gid != null">#{dataMap.origin_gid},</if>
+            <if test="dataMap.target_ports != null">#{dataMap.target_ports},</if>
+            <if test="dataMap.tc_miguan_name1 != null">#{dataMap.tc_miguan_name1},</if>
+            <if test="dataMap.tc_miguan_class1 != null">#{dataMap.tc_miguan_class1},</if>
+            <if test="dataMap.etl_time != null">#{dataMap.etl_time},</if>
+            <if test="dataMap.tc_miguan_scan_port2 != null">#{dataMap.tc_miguan_scan_port2},</if>
+            <if test="dataMap.desip_security_scope != null">#{dataMap.desip_security_scope},</if>
+            <if test="dataMap.srcip_security_scope != null">#{dataMap.srcip_security_scope},</if>
+            <if test="dataMap.collect_time_ts != null">#{dataMap.collect_time_ts},</if>
+            <if test="dataMap.tc_miguan_scan_port1 != null">#{dataMap.tc_miguan_scan_port1}::inet,</if>
+            <if test="dataMap.src_dev_name != null">#{dataMap.src_dev_name},</if>
+            <if test="dataMap.collect_protocol != null">#{dataMap.collect_protocol},</if>
+            <if test="dataMap.destination_system_type != null">#{dataMap.destination_system_type},</if>
+            <if test="dataMap.destination_system != null">#{dataMap.destination_system},</if>
+            <if test="dataMap.etl_host != null">#{dataMap.etl_host},</if>
+            <if test="dataMap.normalize_rule_id != null">#{dataMap.normalize_rule_id},</if>
+            <if test="dataMap.normalize_rule_name != null">#{dataMap.normalize_rule_name},</if>
+            <if test="dataMap.syslog_uuid != null">#{dataMap.syslog_uuid},</if>
+            <if test="dataMap.syslog_topic != null">#{dataMap.syslog_topic},</if>
+        </trim>
+    </insert>
+
+    <!-- 使用实体类插入 -->
+    <insert id="insertByEntity" parameterType="com.common.entity.SyslogNormalData">
+        INSERT INTO syslog_normal_alarm
+        <trim prefix="(" suffix=")" suffixOverrides=",">
+            <if test="id != null">id,</if>
+            <if test="createdAt != null">created_at,</if>
+            <if test="logTime != null">log_time,</if>
+            <if test="deviceId != null">device_id,</if>
+            <!-- 其他字段类似，按照驼峰命名法 -->
+        </trim>
+        VALUES
+        <trim prefix="(" suffix=")" suffixOverrides=",">
+            <if test="id != null">#{id},</if>
+            <if test="createdAt != null">#{createdAt},</if>
+            <if test="logTime != null">#{logTime},</if>
+            <if test="deviceId != null">#{deviceId},</if>
+            <!-- 其他字段类似 -->
+        </trim>
+    </insert>
+
+    <!-- 批量插入 -->
+    <insert id="batchInsert" parameterType="map">
+        INSERT INTO syslog_normal_alarm
+        (id, log_time, src_ip, dest_ip, event_level)
+        VALUES
+        <foreach collection="dataList" item="item" separator=",">
+            (#{item.id}, #{item.log_time}, #{item.src_ip}, #{item.dest_ip}, #{item.event_level})
+        </foreach>
+    </insert>
+
+</mapper>
\ No newline at end of file
diff --git a/haobang-security-xdr/syslog-consumer/src/main/resources/mapper/SyslogNormalDataMapper.xml b/haobang-security-xdr/syslog-consumer/src/main/resources/mapper/SyslogNormalDataMapper.xml
new file mode 100644
index 0000000..f0af541
--- /dev/null
+++ b/haobang-security-xdr/syslog-consumer/src/main/resources/mapper/SyslogNormalDataMapper.xml
@@ -0,0 +1,925 @@
+<?xml version="1.0" encoding="UTF-8" ?>
+<!DOCTYPE mapper PUBLIC "-//mybatis.org//DTD Mapper 3.0//EN"
+        "http://mybatis.org/dtd/mybatis-3-mapper.dtd">
+<mapper namespace="com.common.mapper.SyslogNormalDataMapper">
+    <!-- 定义部分字段的结果映射 -->
+    <resultMap id="requiredFieldsMap" type="com.common.entity.SyslogNormalData">
+        <!-- 基础字段 -->
+        <id property="id" column="id" jdbcType="VARCHAR"/>
+        <result property="createdAt" column="created_at"
+                typeHandler="com.Modules.etl.handler.TimestamptzTypeHandler"/>
+        <result property="logTime" column="log_time"
+                typeHandler="com.Modules.etl.handler.TimestamptzTypeHandler"/>
+
+        <!-- 构建请求体所需的字段 -->
+        <result property="deviceIp" column="device_ip" jdbcType="VARCHAR"/>
+        <result property="destIp" column="dest_ip" jdbcType="VARCHAR"/>
+        <result property="destPort" column="dest_port" jdbcType="BIGINT"/>
+        <result property="destMac" column="dest_mac" jdbcType="VARCHAR"/>
+        <result property="srcIp" column="src_ip" jdbcType="VARCHAR"/>
+        <result property="srcPort" column="src_port" jdbcType="BIGINT"/>
+        <result property="srcMac" column="src_mac" jdbcType="VARCHAR"/>
+        <result property="hostFilePath" column="host_file_path" jdbcType="VARCHAR"/>
+        <result property="fileMd5" column="file_md5" jdbcType="VARCHAR"/>
+        <result property="fileName" column="file_name" jdbcType="VARCHAR"/>
+        <result property="destCity" column="dest_city" jdbcType="VARCHAR"/>
+        <result property="destCountry" column="dest_country" jdbcType="VARCHAR"/>
+        <result property="destLat" column="dest_lat" jdbcType="VARCHAR"/>
+        <result property="destLon" column="dest_lon" jdbcType="VARCHAR"/>
+        <result property="srcCity" column="src_city" jdbcType="VARCHAR"/>
+        <result property="srcCountry" column="src_country" jdbcType="VARCHAR"/>
+        <result property="srcCountryCode" column="src_country_code" jdbcType="VARCHAR"/>
+        <result property="srcLat" column="src_lat" jdbcType="VARCHAR"/>
+        <result property="srcLon" column="src_lon" jdbcType="VARCHAR"/>
+        <result property="httpHost" column="http_host" jdbcType="VARCHAR"/>
+        <result property="hostFileMd5" column="host_file_md5" jdbcType="VARCHAR"/>
+        <result property="httpReqHeaderRaw" column="http_req_header_raw" jdbcType="VARCHAR"/>
+        <result property="httpMethod" column="http_method" jdbcType="VARCHAR"/>
+        <result property="httpRespContentType" column="http_resp_content_type" jdbcType="VARCHAR"/>
+        <result property="proto" column="proto" jdbcType="VARCHAR"/>
+        <result property="httpReferer" column="http_referer" jdbcType="VARCHAR"/>
+        <result property="httpUrl" column="http_url" jdbcType="VARCHAR"/>
+        <result property="httpStatusCode" column="http_status_code" jdbcType="BIGINT"/>
+        <result property="vlanId" column="vlan_id" jdbcType="VARCHAR"/>
+
+        <!-- 其他可能需要的字段（可选） -->
+        <result property="eventDate" column="event_date"
+                typeHandler="com.Modules.etl.handler.TimestamptzTypeHandler"/>
+        <result property="attackResult" column="attack_result" jdbcType="INTEGER"/>
+        <result property="engineType" column="engine_type" jdbcType="VARCHAR"/>
+        <result property="syslogUuid" column="syslog_uuid" jdbcType="VARCHAR"/>
+        <result property="syslogTopic" column="syslog_topic" jdbcType="VARCHAR"/>
+    </resultMap>
+
+    <!-- 只查询构建API请求体所需的字段 -->
+    <select id="findRequiredFieldsAfterTime" resultMap="requiredFieldsMap">
+        SELECT
+            id,
+            created_at,
+            log_time,
+            device_ip,
+            dest_ip,
+            dest_port,
+            dest_mac,
+            src_ip,
+            src_port,
+            src_mac,
+            host_file_path,
+            file_md5,
+            file_name,
+            dest_city,
+            dest_country,
+            dest_lat,
+            dest_lon,
+            src_city,
+            src_country,
+            src_country_code,
+            src_lat,
+            src_lon,
+            http_host,
+            host_file_md5,
+            http_req_header_raw,
+            http_method,
+            http_resp_content_type,
+            proto,
+            http_referer,
+            http_url,
+            http_status_code,
+            -- 可选字段
+            event_date,
+            attack_result,
+            engine_type,
+            syslog_uuid,
+            syslog_topic
+        FROM syslog_normal_data
+        WHERE created_at >= #{startTime}
+        ORDER BY created_at ASC
+        <!--  LIMIT 1000 -->
+    </select>
+
+    <!-- 分页查询版本 -->
+    <select id="findRequiredFieldsByPage" resultMap="requiredFieldsMap">
+        SELECT
+            id,
+            created_at,
+            log_time,
+            device_ip,
+            dest_ip,
+            dest_port,
+            dest_mac,
+            src_ip,
+            src_port,
+            src_mac,
+            host_file_path,
+            file_md5,
+            file_name,
+            dest_city,
+            dest_country,
+            dest_lat,
+            dest_lon,
+            src_city,
+            src_country,
+            src_country_code,
+            src_lat,
+            src_lon,
+            http_host,
+            host_file_md5,
+            http_req_header_raw,
+            http_method,
+            http_resp_content_type,
+            proto,
+            http_referer,
+            http_url,
+            http_status_code,
+            vlan_id
+        FROM syslog_normal_data
+        WHERE created_at >= #{startTime}
+        ORDER BY created_at ASC
+        <!-- LIMIT #{limit} OFFSET #{offset} -->
+
+    </select>
+
+    <insert id="insertDynamic" parameterType="map">
+        INSERT INTO syslog_normal_data
+        <trim prefix="(" suffix=")" suffixOverrides=",">
+            <if test="dataMap.id != null">id,</if>
+            <if test="dataMap.created_at != null">created_at,</if>
+            <if test="dataMap.log_time != null">log_time,</if>
+            <if test="dataMap.device_id != null">device_id,</if>
+            <if test="dataMap.webshell_type != null">webshell_type,</if>
+            <if test="dataMap.vuirs_type != null">vuirs_type,</if>
+            <if test="dataMap.vuirs_url != null">vuirs_url,</if>
+            <if test="dataMap.class_filename != null">class_filename,</if>
+            <if test="dataMap.class_path != null">class_path,</if>
+            <if test="dataMap.parent_class != null">parent_class,</if>
+            <if test="dataMap.jar_path != null">jar_path,</if>
+            <if test="dataMap.class_md5 != null">class_md5,</if>
+            <if test="dataMap.class_loader != null">class_loader,</if>
+            <if test="dataMap.class_hashcode != null">class_hashcode,</if>
+            <if test="dataMap.class_loader_hashcode != null">class_loader_hashcode,</if>
+            <if test="dataMap.tc_nameip != null">tc_nameip,</if>
+            <if test="dataMap.perform_sql != null">perform_sql,</if>
+            <if test="dataMap.tc_account != null">tc_account,</if>
+            <if test="dataMap.tc_appname != null">tc_appname,</if>
+            <if test="dataMap.process_uname != null">process_uname,</if>
+            <if test="dataMap.p_process_uname != null">p_process_uname,</if>
+            <if test="dataMap.container_name != null">container_name,</if>
+            <if test="dataMap.container_id != null">container_id,</if>
+            <if test="dataMap.http_resp_server != null">http_resp_server,</if>
+            <if test="dataMap.srcip_id != null">srcip_id,</if>
+            <if test="dataMap.cdnip != null">cdnip,</if>
+            <if test="dataMap.natip != null">natip,</if>
+            <if test="dataMap.mail_sender != null">mail_sender,</if>
+            <if test="dataMap.mail_receiver != null">mail_receiver,</if>
+            <if test="dataMap.vpn_mac != null">vpn_mac,</if>
+            <if test="dataMap.vpn_os != null">vpn_os,</if>
+            <if test="dataMap.vpn_user != null">vpn_user,</if>
+            <if test="dataMap.vpn_groupname != null">vpn_groupname,</if>
+            <if test="dataMap.vpn_access_ip != null">vpn_access_ip,</if>
+            <if test="dataMap.dest_ip_apt != null">dest_ip_apt,</if>
+            <if test="dataMap.origin_attack_result != null">origin_attack_result,</if>
+            <if test="dataMap.description != null">description,</if>
+            <if test="dataMap.solution != null">solution,</if>
+            <if test="dataMap.attack_cause != null">attack_cause,</if>
+            <if test="dataMap.username != null">username,</if>
+            <if test="dataMap.tc_flow_id != null">tc_flow_id,</if>
+            <if test="dataMap.login_result != null">login_result,</if>
+            <if test="dataMap.cmdline != null">cmdline,</if>
+            <if test="dataMap.origin_attack_action != null">origin_attack_action,</if>
+            <if test="dataMap.victim_domain != null">victim_domain,</if>
+            <if test="dataMap.vpn_deviceid != null">vpn_deviceid,</if>
+            <if test="dataMap.vpn_access_action != null">vpn_access_action,</if>
+            <if test="dataMap.file_access_time != null">file_access_time,</if>
+            <if test="dataMap.file_name != null">file_name,</if>
+            <if test="dataMap.tc_class != null">tc_class,</if>
+            <if test="dataMap.tc_name2 != null">tc_name2,</if>
+            <if test="dataMap.login_lasttime != null">login_lasttime,</if>
+            <if test="dataMap.origin_permissions != null">origin_permissions,</if>
+            <if test="dataMap.begin_permissions != null">begin_permissions,</if>
+            <if test="dataMap.print_time != null">print_time,</if>
+            <if test="dataMap.printer != null">printer,</if>
+            <if test="dataMap.printer_type != null">printer_type,</if>
+            <if test="dataMap.print_pages != null">print_pages,</if>
+            <if test="dataMap.print_copies != null">print_copies,</if>
+            <if test="dataMap.src_device != null">src_device,</if>
+            <if test="dataMap.dst_device != null">dst_device,</if>
+            <if test="dataMap.src_file != null">src_file,</if>
+            <if test="dataMap.src_file_type != null">src_file_type,</if>
+            <if test="dataMap.src_file_path != null">src_file_path,</if>
+            <if test="dataMap.dst_file != null">dst_file,</if>
+            <if test="dataMap.dst_file_type != null">dst_file_type,</if>
+            <if test="dataMap.dst_file_path != null">dst_file_path,</if>
+            <if test="dataMap.dlp_policy_name != null">dlp_policy_name,</if>
+            <if test="dataMap.dlp_policy_type != null">dlp_policy_type,</if>
+            <if test="dataMap.dst_upload_url != null">dst_upload_url,</if>
+            <if test="dataMap.process_uuid != null">process_uuid,</if>
+            <if test="dataMap.p_process_uuid != null">p_process_uuid,</if>
+            <if test="dataMap.env != null">env,</if>
+            <if test="dataMap.brute_force_service != null">brute_force_service,</if>
+            <if test="dataMap.vuirs_name != null">vuirs_name,</if>
+            <if test="dataMap.http_req_length != null">http_req_length,</if>
+            <if test="dataMap.http_req_content_type != null">http_req_content_type,</if>
+            <if test="dataMap.tc_scan_port != null">tc_scan_port,</if>
+            <if test="dataMap.tc_labels != null">tc_labels,</if>
+            <if test="dataMap.http_resp_content_type != null">http_resp_content_type,</if>
+            <if test="dataMap.dns_msg_type != null">dns_msg_type,</if>
+            <if test="dataMap.dns_answer_length != null">dns_answer_length,</if>
+            <if test="dataMap.dns_ioc != null">dns_ioc,</if>
+            <if test="dataMap.tx_bytes != null">tx_bytes,</if>
+            <if test="dataMap.rx_bytes != null">rx_bytes,</if>
+            <if test="dataMap.all_bytes != null">all_bytes,</if>
+            <if test="dataMap.duration_time != null">duration_time,</if>
+            <if test="dataMap.mail_attach_name != null">mail_attach_name,</if>
+            <if test="dataMap.mail_subject != null">mail_subject,</if>
+            <if test="dataMap.mail_message != null">mail_message,</if>
+            <if test="dataMap.mail_send_server != null">mail_send_server,</if>
+            <if test="dataMap.mail_agent != null">mail_agent,</if>
+            <if test="dataMap.tls_version != null">tls_version,</if>
+            <if test="dataMap.tls_server_cert != null">tls_server_cert,</if>
+            <if test="dataMap.tls_server_suite != null">tls_server_suite,</if>
+            <if test="dataMap.tls_client_suites_len != null">tls_client_suites_len,</if>
+            <if test="dataMap.tls_ja3 != null">tls_ja3,</if>
+            <if test="dataMap.tls_ja3s != null">tls_ja3s,</if>
+            <if test="dataMap.vpn_access_port != null">vpn_access_port,</if>
+            <if test="dataMap.log_topic != null">log_topic,</if>
+            <if test="dataMap.collect_time != null">collect_time,</if>
+            <if test="dataMap.src_is_intranetip != null">src_is_intranetip,</if>
+            <if test="dataMap.src_ip_ioc != null">src_ip_ioc,</if>
+            <if test="dataMap.src_ip_apt != null">src_ip_apt,</if>
+            <if test="dataMap.srcip_name != null">srcip_name,</if>
+            <if test="dataMap.tc_client != null">tc_client,</if>
+            <if test="dataMap.srcip_organization_id != null">srcip_organization_id,</if>
+            <if test="dataMap.dest_ip_intranetip != null">dest_ip_intranetip,</if>
+            <if test="dataMap.dest_ip_ioc != null">dest_ip_ioc,</if>
+            <if test="dataMap.desip_id != null">desip_id,</if>
+            <if test="dataMap.desip_name != null">desip_name,</if>
+            <if test="dataMap.tc_hostip != null">tc_hostip,</if>
+            <if test="dataMap.desip_organization_id != null">desip_organization_id,</if>
+            <if test="dataMap.origin_confidence != null">origin_confidence,</if>
+            <if test="dataMap.origin_malscore != null">origin_malscore,</if>
+            <if test="dataMap.attacker_icampaign != null">attacker_icampaign,</if>
+            <if test="dataMap.attacker_host_asset_id != null">attacker_host_asset_id,</if>
+            <if test="dataMap.attacker_organization_id != null">attacker_organization_id,</if>
+            <if test="dataMap.victim_host_asset_id != null">victim_host_asset_id,</if>
+            <if test="dataMap.victim_organization_id != null">victim_organization_id,</if>
+            <if test="dataMap.logout_time != null">logout_time,</if>
+            <if test="dataMap.http_req_line != null">http_req_line,</if>
+            <if test="dataMap.desip_security_scope_id != null">desip_security_scope_id,</if>
+            <if test="dataMap.srcip_security_scope_id != null">srcip_security_scope_id,</if>
+            <if test="dataMap.http_resp_length != null">http_resp_length,</if>
+            <if test="dataMap.tc_attack_type != null">tc_attack_type,</if>
+            <if test="dataMap.tc_realip != null">tc_realip,</if>
+            <if test="dataMap.attacker_ip_lists != null">attacker_ip_lists,</if>
+            <if test="dataMap.login_password != null">login_password,</if>
+            <if test="dataMap.detail != null">detail,</if>
+            <if test="dataMap.attacker_country_code != null">attacker_country_code,</if>
+            <if test="dataMap.attacker_region_code != null">attacker_region_code,</if>
+            <if test="dataMap.victim_region_code != null">victim_region_code,</if>
+            <if test="dataMap.payload != null">payload,</if>
+            <if test="dataMap.http_referer != null">http_referer,</if>
+            <if test="dataMap.http_user_agent != null">http_user_agent,</if>
+            <if test="dataMap.http_session != null">http_session,</if>
+            <if test="dataMap.http_query_string != null">http_query_string,</if>
+            <if test="dataMap.file_path != null">file_path,</if>
+            <if test="dataMap.file_permission != null">file_permission,</if>
+            <if test="dataMap.login_abnormal_type != null">login_abnormal_type,</if>
+            <if test="dataMap.file_tag != null">file_tag,</if>
+            <if test="dataMap.file_platform != null">file_platform,</if>
+            <if test="dataMap.target_ip != null">target_ip,</if>
+            <if test="dataMap.collect_date != null">collect_date,</if>
+            <if test="dataMap.tc_client_ip != null">tc_client_ip,</if>
+            <if test="dataMap.tc_server_ip != null">tc_server_ip,</if>
+            <if test="dataMap.tc_externalip != null">tc_externalip,</if>
+            <if test="dataMap.http_status_code != null">http_status_code,</if>
+            <if test="dataMap.device_domian != null">device_domian,</if>
+            <if test="dataMap.src_ip_str != null">src_ip_str,</if>
+            <if test="dataMap.src_port_str != null">src_port_str,</if>
+            <if test="dataMap.dest_ip_str != null">dest_ip_str,</if>
+            <if test="dataMap.dest_port_str != null">dest_port_str,</if>
+            <if test="dataMap.pcap != null">pcap,</if>
+            <if test="dataMap.ioc != null">ioc,</if>
+            <if test="dataMap.malicious_family != null">malicious_family,</if>
+            <if test="dataMap.vuln_cve != null">vuln_cve,</if>
+            <if test="dataMap.aliyun_type != null">aliyun_type,</if>
+            <if test="dataMap.attacker_host_asset_name != null">attacker_host_asset_name,</if>
+            <if test="dataMap.attacker_organization_name != null">attacker_organization_name,</if>
+            <if test="dataMap.ct_id != null">ct_id,</if>
+            <if test="dataMap.cve_list != null">cve_list,</if>
+            <if test="dataMap.desip_organization_name != null">desip_organization_name,</if>
+            <if test="dataMap.dest_ip_group != null">dest_ip_group,</if>
+            <if test="dataMap.file_gid != null">file_gid,</if>
+            <if test="dataMap.file_owner != null">file_owner,</if>
+            <if test="dataMap.file_ownergroup != null">file_ownergroup,</if>
+            <if test="dataMap.file_uid != null">file_uid,</if>
+            <if test="dataMap.http_resp_cookie != null">http_resp_cookie,</if>
+            <if test="dataMap.origin_rule_id != null">origin_rule_id,</if>
+            <if test="dataMap.origin_rule_name != null">origin_rule_name,</if>
+            <if test="dataMap.service_name != null">service_name,</if>
+            <if test="dataMap.src_ip_asset_group != null">src_ip_asset_group,</if>
+            <if test="dataMap.srcip_organization_name != null">srcip_organization_name,</if>
+            <if test="dataMap.victim_host_asset_name != null">victim_host_asset_name,</if>
+            <if test="dataMap.http_resp_codes != null">http_resp_codes,</if>
+            <if test="dataMap.victim_organization_name != null">victim_organization_name,</if>
+            <if test="dataMap.tc_type != null">tc_type,</if>
+            <if test="dataMap.direction != null">direction,</if>
+            <if test="dataMap.http_req_cookie != null">http_req_cookie,</if>
+            <if test="dataMap.http_req_protocol != null">http_req_protocol,</if>
+            <if test="dataMap.http_req_header_raw != null">http_req_header_raw,</if>
+            <if test="dataMap.http_url != null">http_url,</if>
+            <if test="dataMap.uname != null">uname,</if>
+            <if test="dataMap.origin_hostname != null">origin_hostname,</if>
+            <if test="dataMap.origin_os != null">origin_os,</if>
+            <if test="dataMap.origin_agent_mac != null">origin_agent_mac,</if>
+            <if test="dataMap.origin_host_id != null">origin_host_id,</if>
+            <if test="dataMap.origin_agent_version != null">origin_agent_version,</if>
+            <if test="dataMap.origin_agent_id != null">origin_agent_id,</if>
+            <if test="dataMap.origin_agent_name != null">origin_agent_name,</if>
+            <if test="dataMap.origin_work_group != null">origin_work_group,</if>
+            <if test="dataMap.origin_asset_group != null">origin_asset_group,</if>
+            <if test="dataMap.origin_local_port != null">origin_local_port,</if>
+            <if test="dataMap.origin_agent_ip != null">origin_agent_ip,</if>
+            <if test="dataMap.origin_internal_ip != null">origin_internal_ip,</if>
+            <if test="dataMap.origin_external_ip != null">origin_external_ip,</if>
+            <if test="dataMap.origin_local_addr != null">origin_local_addr,</if>
+            <if test="dataMap.agent_id != null">agent_id,</if>
+            <if test="dataMap.agent_name != null">agent_name,</if>
+            <if test="dataMap.tc_title != null">tc_title,</if>
+            <if test="dataMap.log_id != null">log_id,</if>
+            <if test="dataMap.event_date != null">event_date,</if>
+            <if test="dataMap.event_time_ts != null">event_time_ts,</if>
+            <if test="dataMap.event_level != null">event_level,</if>
+            <if test="dataMap.src_ip != null">src_ip ,</if>
+            <if test="dataMap.src_port != null">src_port,</if>
+            <if test="dataMap.dest_ip != null">dest_ip,</if>
+            <if test="dataMap.dest_port != null">dest_port,</if>
+            <if test="dataMap.event_time != null">event_time,</if>
+            <if test="dataMap.attacker_country != null">attacker_country,</if>
+            <if test="dataMap.src_mac != null">src_mac,</if>
+            <if test="dataMap.dest_mac != null">dest_mac,</if>
+            <if test="dataMap.proto != null">proto,</if>
+            <if test="dataMap.dev_id != null">dev_id,</if>
+            <if test="dataMap.created_time != null">created_time,</if>
+            <if test="dataMap.src_country != null">src_country,</if>
+            <if test="dataMap.src_country_code != null">src_country_code,</if>
+            <if test="dataMap.src_region != null">src_region,</if>
+            <if test="dataMap.src_region_code != null">src_region_code,</if>
+            <if test="dataMap.src_city != null">src_city,</if>
+            <if test="dataMap.src_lon != null">src_lon,</if>
+            <if test="dataMap.http_method != null">http_method,</if>
+            <if test="dataMap.http_host != null">http_host,</if>
+            <if test="dataMap.http_req_header != null">http_req_header,</if>
+            <if test="dataMap.http_req_body != null">http_req_body,</if>
+            <if test="dataMap.http_resp_header != null">http_resp_header,</if>
+            <if test="dataMap.http_resp_body != null">http_resp_body,</if>
+            <if test="dataMap.file_type != null">file_type,</if>
+            <if test="dataMap.file_md5 != null">file_md5,</if>
+            <if test="dataMap.file_size != null">file_size,</if>
+            <if test="dataMap.process != null">process,</if>
+            <if test="dataMap.start_time != null">start_time,</if>
+            <if test="dataMap.action != null">action,</if>
+            <if test="dataMap.attacker_region != null">attacker_region,</if>
+            <if test="dataMap.end_time != null">end_time,</if>
+            <if test="dataMap.file_created_time != null">file_created_time,</if>
+            <if test="dataMap.file_modified_time != null">file_modified_time,</if>
+            <if test="dataMap.tc_miguan_scan_port != null">tc_miguan_scan_port,</if>
+            <if test="dataMap.process_path != null">process_path,</if>
+            <if test="dataMap.parent_process_path != null">parent_process_path,</if>
+            <if test="dataMap.gname != null">gname,</if>
+            <if test="dataMap.exe_name != null">exe_name,</if>
+            <if test="dataMap.exe_path != null">exe_path,</if>
+            <if test="dataMap.login_time != null">login_time,</if>
+            <if test="dataMap.login_times != null">login_times,</if>
+            <if test="dataMap.check_item != null">check_item,</if>
+            <if test="dataMap.check_type != null">check_type,</if>
+            <if test="dataMap.attacker_ip != null">attacker_ip,</if>
+            <if test="dataMap.attacker_port != null">attacker_port,</if>
+            <if test="dataMap.victim_ip != null">victim_ip,</if>
+            <if test="dataMap.victim_port != null">victim_port,</if>
+            <if test="dataMap.attacker_city != null">attacker_city,</if>
+            <if test="dataMap.attacker_lon != null">attacker_lon,</if>
+            <if test="dataMap.attacker_lat != null">attacker_lat,</if>
+            <if test="dataMap.victim_country != null">victim_country,</if>
+            <if test="dataMap.victim_region != null">victim_region,</if>
+            <if test="dataMap.victim_city != null">victim_city,</if>
+            <if test="dataMap.victim_lon != null">victim_lon,</if>
+            <if test="dataMap.victim_lat != null">victim_lat,</if>
+            <if test="dataMap.origin_event_id != null">origin_event_id,</if>
+            <if test="dataMap.origin_event_name != null">origin_event_name,</if>
+            <if test="dataMap.origin_event_category != null">origin_event_category,</if>
+            <if test="dataMap.origin_event_level != null">origin_event_level,</if>
+            <if test="dataMap.origin_attack_chain != null">origin_attack_chain,</if>
+            <if test="dataMap.engine_type != null">engine_type,</if>
+            <if test="dataMap.evil_payload != null">evil_payload,</if>
+            <if test="dataMap.http_resp_status != null">http_resp_status,</if>
+            <if test="dataMap.dns_query != null">dns_query,</if>
+            <if test="dataMap.dns_query_type != null">dns_query_type,</if>
+            <if test="dataMap.dns_ttl != null">dns_ttl,</if>
+            <if test="dataMap.dns_answer != null">dns_answer,</if>
+            <if test="dataMap.dns_subdomains != null">dns_subdomains,</if>
+            <if test="dataMap.file_sha256 != null">file_sha256,</if>
+            <if test="dataMap.file_ssdeep != null">file_ssdeep,</if>
+            <if test="dataMap.victim_country_code != null">victim_country_code,</if>
+            <if test="dataMap.http_xff_ip != null">http_xff_ip,</if>
+            <if test="dataMap.tc_miguan_class != null">tc_miguan_class,</if>
+            <if test="dataMap.pid != null">pid,</if>
+            <if test="dataMap.ppid != null">ppid,</if>
+            <if test="dataMap.process_name != null">process_name,</if>
+            <if test="dataMap.backdoor_type != null">backdoor_type,</if>
+            <if test="dataMap.tty != null">tty,</if>
+            <if test="dataMap.sudo_user != null">sudo_user,</if>
+            <if test="dataMap.sudo_group != null">sudo_group,</if>
+            <if test="dataMap.origin_event_type != null">origin_event_type,</if>
+            <if test="dataMap.dest_domain != null">dest_domain,</if>
+            <if test="dataMap.shell_cmdline != null">shell_cmdline,</if>
+            <if test="dataMap.parent_cmdline != null">parent_cmdline,</if>
+            <if test="dataMap.attack_chain != null">attack_chain,</if>
+            <if test="dataMap.process_tree != null">process_tree,</if>
+            <if test="dataMap.host_file_sha256 != null">host_file_sha256,</if>
+            <if test="dataMap.host_file_md5 != null">host_file_md5,</if>
+            <if test="dataMap.host_file_size != null">host_file_size,</if>
+            <if test="dataMap.host_file_type != null">host_file_type,</if>
+            <if test="dataMap.dest_country != null">dest_country,</if>
+            <if test="dataMap.dest_country_code != null">dest_country_code,</if>
+            <if test="dataMap.log_origin != null">log_origin,</if>
+            <if test="dataMap.dest_region != null">dest_region,</if>
+            <if test="dataMap.src_lat != null">src_lat,</if>
+            <if test="dataMap.dest_region_code != null">dest_region_code,</if>
+            <if test="dataMap.dest_city != null">dest_city,</if>
+            <if test="dataMap.dest_lon != null">dest_lon,</if>
+            <if test="dataMap.dest_lat != null">dest_lat,</if>
+            <if test="dataMap.event_category != null">event_category,</if>
+            <if test="dataMap.attack_result != null">attack_result,</if>
+            <if test="dataMap.probe_ip != null">probe_ip,</if>
+            <if test="dataMap.device_ip != null">device_ip,</if>
+            <if test="dataMap.device_manufacturer != null">device_manufacturer,</if>
+            <if test="dataMap.device_name != null">device_name,</if>
+            <if test="dataMap.product_name != null">product_name,</if>
+            <if test="dataMap.__id != null">__id,</if>
+            <if test="dataMap.__count != null">__count,</if>
+            <if test="dataMap.__count_reason != null">__count_reason,</if>
+            <if test="dataMap.event_type != null">event_type,</if>
+            <if test="dataMap.protocol != null">protocol,</if>
+            <if test="dataMap.shell_cmd != null">shell_cmd,</if>
+            <if test="dataMap.parent_name != null">parent_name,</if>
+            <if test="dataMap.host_file_path != null">host_file_path,</if>
+            <if test="dataMap.uid != null">uid,</if>
+            <if test="dataMap.fall != null">fall,</if>
+            <if test="dataMap.tc_miguan_server_ip != null">tc_miguan_server_ip,</if>
+            <if test="dataMap.dev_type != null">dev_type,</if>
+            <if test="dataMap.collect_method != null">collect_method,</if>
+            <if test="dataMap.field_cate_id != null">field_cate_id,</if>
+            <if test="dataMap.device_type != null">device_type,</if>
+            <if test="dataMap.tc_miguan_client_ip != null">tc_miguan_client_ip,</if>
+            <if test="dataMap.tc_miguan_name != null">tc_miguan_name,</if>
+            <if test="dataMap.origin_total_packages != null">origin_total_packages,</if>
+            <if test="dataMap.origin_total_bytes != null">origin_total_bytes,</if>
+            <if test="dataMap.origin_peak_packages_rate != null">origin_peak_packages_rate,</if>
+            <if test="dataMap.origin_peak_bytes_rate != null">origin_peak_bytes_rate,</if>
+            <if test="dataMap.origin_peak_flows_rate != null">origin_peak_flows_rate,</if>
+            <if test="dataMap.apt_orgname != null">apt_orgname,</if>
+            <if test="dataMap.apt_orgmsg != null">apt_orgmsg,</if>
+            <if test="dataMap.mail_message_id != null">mail_message_id,</if>
+            <if test="dataMap.mail_bcc != null">mail_bcc,</if>
+            <if test="dataMap.mail_size != null">mail_size,</if>
+            <if test="dataMap.mail_attach_hashcode != null">mail_attach_hashcode,</if>
+            <if test="dataMap.mail_url != null">mail_url,</if>
+            <if test="dataMap.mail_cc != null">mail_cc,</if>
+            <if test="dataMap.algorithm != null">algorithm,</if>
+            <if test="dataMap.miningpool_ip != null">miningpool_ip,</if>
+            <if test="dataMap.process_md5 != null">process_md5,</if>
+            <if test="dataMap.pprocess_md5 != null">pprocess_md5,</if>
+            <if test="dataMap.source_servername != null">source_servername,</if>
+            <if test="dataMap.origin_source_servername != null">origin_source_servername,</if>
+            <if test="dataMap.mail_filename != null">mail_filename,</if>
+            <if test="dataMap.dst_upload_appname != null">dst_upload_appname,</if>
+            <if test="dataMap.target_port != null">target_port,</if>
+            <if test="dataMap.gid != null">gid,</if>
+            <if test="dataMap.origin_uid != null">origin_uid,</if>
+            <if test="dataMap.origin_gid != null">origin_gid,</if>
+            <if test="dataMap.target_ports != null">target_ports,</if>
+            <if test="dataMap.tc_miguan_name1 != null">tc_miguan_name1,</if>
+            <if test="dataMap.tc_miguan_class1 != null">tc_miguan_class1,</if>
+            <if test="dataMap.etl_time != null">etl_time,</if>
+            <if test="dataMap.tc_miguan_scan_port2 != null">tc_miguan_scan_port2,</if>
+            <if test="dataMap.desip_security_scope != null">desip_security_scope,</if>
+            <if test="dataMap.srcip_security_scope != null">srcip_security_scope,</if>
+            <if test="dataMap.collect_time_ts != null">collect_time_ts,</if>
+            <if test="dataMap.tc_miguan_scan_port1 != null">tc_miguan_scan_port1,</if>
+            <if test="dataMap.src_dev_name != null">src_dev_name,</if>
+            <if test="dataMap.collect_protocol != null">collect_protocol,</if>
+            <if test="dataMap.destination_system_type != null">destination_system_type,</if>
+            <if test="dataMap.destination_system != null">destination_system,</if>
+            <if test="dataMap.etl_host != null">etl_host,</if>
+            <if test="dataMap.normalize_rule_id != null">normalize_rule_id,</if>
+            <if test="dataMap.normalize_rule_name != null">normalize_rule_name,</if>
+            <if test="dataMap.syslog_uuid != null">syslog_uuid,</if>
+            <if test="dataMap.syslog_topic != null">syslog_topic,</if>
+        </trim>
+        VALUES
+        <trim prefix="(" suffix=")" suffixOverrides=",">
+            <if test="dataMap.id != null">#{dataMap.id},</if>
+            <if test="dataMap.created_at != null">#{dataMap.created_at},</if>
+            <if test="dataMap.log_time != null">#{dataMap.log_time},</if>
+            <if test="dataMap.device_id != null">#{dataMap.device_id},</if>
+            <if test="dataMap.webshell_type != null">#{dataMap.webshell_type},</if>
+            <if test="dataMap.vuirs_type != null">#{dataMap.vuirs_type},</if>
+            <if test="dataMap.vuirs_url != null">#{dataMap.vuirs_url},</if>
+            <if test="dataMap.class_filename != null">#{dataMap.class_filename},</if>
+            <if test="dataMap.class_path != null">#{dataMap.class_path},</if>
+            <if test="dataMap.parent_class != null">#{dataMap.parent_class},</if>
+            <if test="dataMap.jar_path != null">#{dataMap.jar_path},</if>
+            <if test="dataMap.class_md5 != null">#{dataMap.class_md5},</if>
+            <if test="dataMap.class_loader != null">#{dataMap.class_loader},</if>
+            <if test="dataMap.class_hashcode != null">#{dataMap.class_hashcode},</if>
+            <if test="dataMap.class_loader_hashcode != null">#{dataMap.class_loader_hashcode},</if>
+            <if test="dataMap.tc_nameip != null">#{dataMap.tc_nameip},</if>
+            <if test="dataMap.perform_sql != null">#{dataMap.perform_sql},</if>
+            <if test="dataMap.tc_account != null">#{dataMap.tc_account},</if>
+            <if test="dataMap.tc_appname != null">#{dataMap.tc_appname},</if>
+            <if test="dataMap.process_uname != null">#{dataMap.process_uname},</if>
+            <if test="dataMap.p_process_uname != null">#{dataMap.p_process_uname},</if>
+            <if test="dataMap.container_name != null">#{dataMap.container_name},</if>
+            <if test="dataMap.container_id != null">#{dataMap.container_id},</if>
+            <if test="dataMap.http_resp_server != null">#{dataMap.http_resp_server},</if>
+            <if test="dataMap.srcip_id != null">#{dataMap.srcip_id},</if>
+            <if test="dataMap.cdnip != null">#{dataMap.cdnip}::inet,</if>
+            <if test="dataMap.natip != null">#{dataMap.natip}::inet,</if>
+            <if test="dataMap.mail_sender != null">#{dataMap.mail_sender},</if>
+            <if test="dataMap.mail_receiver != null">#{dataMap.mail_receiver},</if>
+            <if test="dataMap.vpn_mac != null">#{dataMap.vpn_mac},</if>
+            <if test="dataMap.vpn_os != null">#{dataMap.vpn_os},</if>
+            <if test="dataMap.vpn_user != null">#{dataMap.vpn_user},</if>
+            <if test="dataMap.vpn_groupname != null">#{dataMap.vpn_groupname},</if>
+            <if test="dataMap.vpn_access_ip != null">#{dataMap.vpn_access_ip},</if>
+            <if test="dataMap.dest_ip_apt != null">#{dataMap.dest_ip_apt},</if>
+            <if test="dataMap.origin_attack_result != null">#{dataMap.origin_attack_result},</if>
+            <if test="dataMap.description != null">#{dataMap.description},</if>
+            <if test="dataMap.solution != null">#{dataMap.solution},</if>
+            <if test="dataMap.attack_cause != null">#{dataMap.attack_cause},</if>
+            <if test="dataMap.username != null">#{dataMap.username},</if>
+            <if test="dataMap.tc_flow_id != null">#{dataMap.tc_flow_id},</if>
+            <if test="dataMap.login_result != null">#{dataMap.login_result},</if>
+            <if test="dataMap.cmdline != null">#{dataMap.cmdline},</if>
+            <if test="dataMap.origin_attack_action != null">#{dataMap.origin_attack_action},</if>
+            <if test="dataMap.victim_domain != null">#{dataMap.victim_domain},</if>
+            <if test="dataMap.vpn_deviceid != null">#{dataMap.vpn_deviceid},</if>
+            <if test="dataMap.vpn_access_action != null">#{dataMap.vpn_access_action},</if>
+            <if test="dataMap.file_access_time != null">#{dataMap.file_access_time},</if>
+            <if test="dataMap.file_name != null">#{dataMap.file_name},</if>
+            <if test="dataMap.tc_class != null">#{dataMap.tc_class},</if>
+            <if test="dataMap.tc_name2 != null">#{dataMap.tc_name2},</if>
+            <if test="dataMap.login_lasttime != null">#{dataMap.login_lasttime},</if>
+            <if test="dataMap.origin_permissions != null">#{dataMap.origin_permissions},</if>
+            <if test="dataMap.begin_permissions != null">#{dataMap.begin_permissions},</if>
+            <if test="dataMap.print_time != null">#{dataMap.print_time},</if>
+            <if test="dataMap.printer != null">#{dataMap.printer},</if>
+            <if test="dataMap.printer_type != null">#{dataMap.printer_type},</if>
+            <if test="dataMap.print_pages != null">#{dataMap.print_pages},</if>
+            <if test="dataMap.print_copies != null">#{dataMap.print_copies},</if>
+            <if test="dataMap.src_device != null">#{dataMap.src_device},</if>
+            <if test="dataMap.dst_device != null">#{dataMap.dst_device},</if>
+            <if test="dataMap.src_file != null">#{dataMap.src_file},</if>
+            <if test="dataMap.src_file_type != null">#{dataMap.src_file_type},</if>
+            <if test="dataMap.src_file_path != null">#{dataMap.src_file_path},</if>
+            <if test="dataMap.dst_file != null">#{dataMap.dst_file},</if>
+            <if test="dataMap.dst_file_type != null">#{dataMap.dst_file_type},</if>
+            <if test="dataMap.dst_file_path != null">#{dataMap.dst_file_path},</if>
+            <if test="dataMap.dlp_policy_name != null">#{dataMap.dlp_policy_name},</if>
+            <if test="dataMap.dlp_policy_type != null">#{dataMap.dlp_policy_type},</if>
+            <if test="dataMap.dst_upload_url != null">#{dataMap.dst_upload_url},</if>
+            <if test="dataMap.process_uuid != null">#{dataMap.process_uuid},</if>
+            <if test="dataMap.p_process_uuid != null">#{dataMap.p_process_uuid},</if>
+            <if test="dataMap.env != null">#{dataMap.env},</if>
+            <if test="dataMap.brute_force_service != null">#{dataMap.brute_force_service},</if>
+            <if test="dataMap.vuirs_name != null">#{dataMap.vuirs_name},</if>
+            <if test="dataMap.http_req_length != null">#{dataMap.http_req_length},</if>
+            <if test="dataMap.http_req_content_type != null">#{dataMap.http_req_content_type},</if>
+            <if test="dataMap.tc_scan_port != null">#{dataMap.tc_scan_port}::inet,</if>
+            <if test="dataMap.tc_labels != null">#{dataMap.tc_labels}::inet,</if>
+            <if test="dataMap.http_resp_content_type != null">#{dataMap.http_resp_content_type},</if>
+            <if test="dataMap.dns_msg_type != null">#{dataMap.dns_msg_type},</if>
+            <if test="dataMap.dns_answer_length != null">#{dataMap.dns_answer_length},</if>
+            <if test="dataMap.dns_ioc != null">#{dataMap.dns_ioc},</if>
+            <if test="dataMap.tx_bytes != null">#{dataMap.tx_bytes}::double precision,</if>
+            <if test="dataMap.rx_bytes != null">#{dataMap.rx_bytes}::double precision,</if>
+            <if test="dataMap.all_bytes != null">#{dataMap.all_bytes}::double precision,</if>
+            <if test="dataMap.duration_time != null">#{dataMap.duration_time},</if>
+            <if test="dataMap.mail_attach_name != null">#{dataMap.mail_attach_name},</if>
+            <if test="dataMap.mail_subject != null">#{dataMap.mail_subject},</if>
+            <if test="dataMap.mail_message != null">#{dataMap.mail_message},</if>
+            <if test="dataMap.mail_send_server != null">#{dataMap.mail_send_server},</if>
+            <if test="dataMap.mail_agent != null">#{dataMap.mail_agent},</if>
+            <if test="dataMap.tls_version != null">#{dataMap.tls_version},</if>
+            <if test="dataMap.tls_server_cert != null">#{dataMap.tls_server_cert},</if>
+            <if test="dataMap.tls_server_suite != null">#{dataMap.tls_server_suite},</if>
+            <if test="dataMap.tls_client_suites_len != null">#{dataMap.tls_client_suites_len},</if>
+            <if test="dataMap.tls_ja3 != null">#{dataMap.tls_ja3},</if>
+            <if test="dataMap.tls_ja3s != null">#{dataMap.tls_ja3s},</if>
+            <if test="dataMap.vpn_access_port != null">#{dataMap.vpn_access_port},</if>
+            <if test="dataMap.log_topic != null">#{dataMap.log_topic},</if>
+            <if test="dataMap.collect_time != null">#{dataMap.collect_time},</if>
+            <if test="dataMap.src_is_intranetip != null">#{dataMap.src_is_intranetip},</if>
+            <if test="dataMap.src_ip_ioc != null">#{dataMap.src_ip_ioc},</if>
+            <if test="dataMap.src_ip_apt != null">#{dataMap.src_ip_apt},</if>
+            <if test="dataMap.srcip_name != null">#{dataMap.srcip_name},</if>
+            <if test="dataMap.tc_client != null">#{dataMap.tc_client},</if>
+            <if test="dataMap.srcip_organization_id != null">#{dataMap.srcip_organization_id},</if>
+            <if test="dataMap.dest_ip_intranetip != null">#{dataMap.dest_ip_intranetip},</if>
+            <if test="dataMap.dest_ip_ioc != null">#{dataMap.dest_ip_ioc},</if>
+            <if test="dataMap.desip_id != null">#{dataMap.desip_id},</if>
+            <if test="dataMap.desip_name != null">#{dataMap.desip_name},</if>
+            <if test="dataMap.tc_hostip != null">#{dataMap.tc_hostip}::inet,</if>
+            <if test="dataMap.desip_organization_id != null">#{dataMap.desip_organization_id},</if>
+            <if test="dataMap.origin_confidence != null">#{dataMap.origin_confidence},</if>
+            <if test="dataMap.origin_malscore != null">#{dataMap.origin_malscore},</if>
+            <if test="dataMap.attacker_icampaign != null">#{dataMap.attacker_icampaign},</if>
+            <if test="dataMap.attacker_host_asset_id != null">#{dataMap.attacker_host_asset_id},</if>
+            <if test="dataMap.attacker_organization_id != null">#{dataMap.attacker_organization_id},</if>
+            <if test="dataMap.victim_host_asset_id != null">#{dataMap.victim_host_asset_id},</if>
+            <if test="dataMap.victim_organization_id != null">#{dataMap.victim_organization_id},</if>
+            <if test="dataMap.logout_time != null">#{dataMap.logout_time},</if>
+            <if test="dataMap.http_req_line != null">#{dataMap.http_req_line},</if>
+            <if test="dataMap.desip_security_scope_id != null">#{dataMap.desip_security_scope_id},</if>
+            <if test="dataMap.srcip_security_scope_id != null">#{dataMap.srcip_security_scope_id},</if>
+            <if test="dataMap.http_resp_length != null">#{dataMap.http_resp_length},</if>
+            <if test="dataMap.tc_attack_type != null">#{dataMap.tc_attack_type},</if>
+            <if test="dataMap.tc_realip != null">#{dataMap.tc_realip}::inet,</if>
+            <if test="dataMap.attacker_ip_lists != null">#{dataMap.attacker_ip_lists},</if>
+            <if test="dataMap.login_password != null">#{dataMap.login_password},</if>
+            <if test="dataMap.detail != null">#{dataMap.detail},</if>
+            <if test="dataMap.attacker_country_code != null">#{dataMap.attacker_country_code},</if>
+            <if test="dataMap.attacker_region_code != null">#{dataMap.attacker_region_code},</if>
+            <if test="dataMap.victim_region_code != null">#{dataMap.victim_region_code},</if>
+            <if test="dataMap.payload != null">#{dataMap.payload},</if>
+            <if test="dataMap.http_referer != null">#{dataMap.http_referer},</if>
+            <if test="dataMap.http_user_agent != null">#{dataMap.http_user_agent},</if>
+            <if test="dataMap.http_session != null">#{dataMap.http_session},</if>
+            <if test="dataMap.http_query_string != null">#{dataMap.http_query_string},</if>
+            <if test="dataMap.file_path != null">#{dataMap.file_path},</if>
+            <if test="dataMap.file_permission != null">#{dataMap.file_permission},</if>
+            <if test="dataMap.login_abnormal_type != null">#{dataMap.login_abnormal_type},</if>
+            <if test="dataMap.file_tag != null">#{dataMap.file_tag},</if>
+            <if test="dataMap.file_platform != null">#{dataMap.file_platform},</if>
+            <if test="dataMap.target_ip != null">#{dataMap.target_ip}::inet,</if>
+            <if test="dataMap.collect_date != null">#{dataMap.collect_date},</if>
+            <if test="dataMap.tc_client_ip != null">#{dataMap.tc_client_ip}::inet,</if>
+            <if test="dataMap.tc_server_ip != null">#{dataMap.tc_server_ip}::inet,</if>
+            <if test="dataMap.tc_externalip != null">#{dataMap.tc_externalip}::inet,</if>
+            <if test="dataMap.http_status_code != null">#{dataMap.http_status_code},</if>
+            <if test="dataMap.device_domian != null">#{dataMap.device_domian},</if>
+            <if test="dataMap.src_ip_str != null">#{dataMap.src_ip_str},</if>
+            <if test="dataMap.src_port_str != null">#{dataMap.src_port_str},</if>
+            <if test="dataMap.dest_ip_str != null">  #{dataMap.dest_ip_str} ,</if>
+            <if test="dataMap.dest_port_str != null">CAST(#{dataMap.dest_port_str} AS text),</if>
+            <if test="dataMap.pcap != null">#{dataMap.pcap},</if>
+            <if test="dataMap.ioc != null">#{dataMap.ioc},</if>
+            <if test="dataMap.malicious_family != null">#{dataMap.malicious_family},</if>
+            <if test="dataMap.vuln_cve != null">#{dataMap.vuln_cve},</if>
+            <if test="dataMap.aliyun_type != null">#{dataMap.aliyun_type},</if>
+            <if test="dataMap.attacker_host_asset_name != null">#{dataMap.attacker_host_asset_name},</if>
+            <if test="dataMap.attacker_organization_name != null">#{dataMap.attacker_organization_name},</if>
+            <if test="dataMap.ct_id != null">#{dataMap.ct_id},</if>
+            <if test="dataMap.cve_list != null">#{dataMap.cve_list},</if>
+            <if test="dataMap.desip_organization_name != null">#{dataMap.desip_organization_name},</if>
+            <if test="dataMap.dest_ip_group != null">#{dataMap.dest_ip_group},</if>
+            <if test="dataMap.file_gid != null">#{dataMap.file_gid},</if>
+            <if test="dataMap.file_owner != null">#{dataMap.file_owner},</if>
+            <if test="dataMap.file_ownergroup != null">#{dataMap.file_ownergroup},</if>
+            <if test="dataMap.file_uid != null">#{dataMap.file_uid},</if>
+            <if test="dataMap.http_resp_cookie != null">#{dataMap.http_resp_cookie},</if>
+            <if test="dataMap.origin_rule_id != null">#{dataMap.origin_rule_id},</if>
+            <if test="dataMap.origin_rule_name != null">#{dataMap.origin_rule_name},</if>
+            <if test="dataMap.service_name != null">#{dataMap.service_name},</if>
+            <if test="dataMap.src_ip_asset_group != null">#{dataMap.src_ip_asset_group},</if>
+            <if test="dataMap.srcip_organization_name != null">#{dataMap.srcip_organization_name},</if>
+            <if test="dataMap.victim_host_asset_name != null">#{dataMap.victim_host_asset_name},</if>
+            <if test="dataMap.http_resp_codes != null">#{dataMap.http_resp_codes}::bigint,</if>
+            <if test="dataMap.victim_organization_name != null">#{dataMap.victim_organization_name},</if>
+            <if test="dataMap.tc_type != null">#{dataMap.tc_type},</if>
+            <if test="dataMap.direction != null">#{dataMap.direction},</if>
+            <if test="dataMap.http_req_cookie != null">#{dataMap.http_req_cookie},</if>
+            <if test="dataMap.http_req_protocol != null">#{dataMap.http_req_protocol},</if>
+            <if test="dataMap.http_req_header_raw != null">#{dataMap.http_req_header_raw},</if>
+            <if test="dataMap.http_url != null">#{dataMap.http_url},</if>
+            <if test="dataMap.uname != null">#{dataMap.uname},</if>
+            <if test="dataMap.origin_hostname != null">#{dataMap.origin_hostname},</if>
+            <if test="dataMap.origin_os != null">#{dataMap.origin_os},</if>
+            <if test="dataMap.origin_agent_mac != null">#{dataMap.origin_agent_mac},</if>
+            <if test="dataMap.origin_host_id != null">#{dataMap.origin_host_id},</if>
+            <if test="dataMap.origin_agent_version != null">#{dataMap.origin_agent_version},</if>
+            <if test="dataMap.origin_agent_id != null">#{dataMap.origin_agent_id},</if>
+            <if test="dataMap.origin_agent_name != null">#{dataMap.origin_agent_name},</if>
+            <if test="dataMap.origin_work_group != null">#{dataMap.origin_work_group},</if>
+            <if test="dataMap.origin_asset_group != null">#{dataMap.origin_asset_group},</if>
+            <if test="dataMap.origin_local_port != null">#{dataMap.origin_local_port},</if>
+            <if test="dataMap.origin_agent_ip != null">#{dataMap.origin_agent_ip}::inet,</if>
+            <if test="dataMap.origin_internal_ip != null">#{dataMap.origin_internal_ip}::inet,</if>
+            <if test="dataMap.origin_external_ip != null">#{dataMap.origin_external_ip}::inet,</if>
+            <if test="dataMap.origin_local_addr != null">#{dataMap.origin_local_addr}::inet,</if>
+            <if test="dataMap.agent_id != null">#{dataMap.agent_id},</if>
+            <if test="dataMap.agent_name != null">#{dataMap.agent_name},</if>
+            <if test="dataMap.tc_title != null">#{dataMap.tc_title},</if>
+            <if test="dataMap.log_id != null">#{dataMap.log_id},</if>
+            <if test="dataMap.event_date != null">#{dataMap.event_date},</if>
+            <if test="dataMap.event_time_ts != null">#{dataMap.event_time_ts},</if>
+            <if test="dataMap.event_level != null">#{dataMap.event_level}::int ,</if>
+            <if test="dataMap.src_ip != null">#{dataMap.src_ip}::inet,</if>
+            <if test="dataMap.src_port != null">#{dataMap.src_port}::BIGINT ,</if>
+            <if test="dataMap.dest_ip != null">#{dataMap.dest_ip}::inet,</if>
+            <if test="dataMap.dest_port != null">#{dataMap.dest_port}::BIGINT,</if>
+            <if test="dataMap.event_time != null">#{dataMap.event_time},</if>
+            <if test="dataMap.attacker_country != null">#{dataMap.attacker_country},</if>
+            <if test="dataMap.src_mac != null">#{dataMap.src_mac},</if>
+            <if test="dataMap.dest_mac != null">#{dataMap.dest_mac},</if>
+            <if test="dataMap.proto != null">#{dataMap.proto},</if>
+            <if test="dataMap.dev_id != null">#{dataMap.dev_id},</if>
+            <if test="dataMap.created_time != null">#{dataMap.created_time},</if>
+            <if test="dataMap.src_country != null">#{dataMap.src_country},</if>
+            <if test="dataMap.src_country_code != null">#{dataMap.src_country_code},</if>
+            <if test="dataMap.src_region != null">#{dataMap.src_region},</if>
+            <if test="dataMap.src_region_code != null">#{dataMap.src_region_code},</if>
+            <if test="dataMap.src_city != null">#{dataMap.src_city},</if>
+            <if test="dataMap.src_lon != null">#{dataMap.src_lon},</if>
+            <if test="dataMap.http_method != null">#{dataMap.http_method},</if>
+            <if test="dataMap.http_host != null">#{dataMap.http_host},</if>
+            <if test="dataMap.http_req_header != null">#{dataMap.http_req_header},</if>
+            <if test="dataMap.http_req_body != null">#{dataMap.http_req_body},</if>
+            <if test="dataMap.http_resp_header != null">#{dataMap.http_resp_header},</if>
+            <if test="dataMap.http_resp_body != null">#{dataMap.http_resp_body},</if>
+            <if test="dataMap.file_type != null">#{dataMap.file_type},</if>
+            <if test="dataMap.file_md5 != null">#{dataMap.file_md5},</if>
+            <if test="dataMap.file_size != null">#{dataMap.file_size},</if>
+            <if test="dataMap.process != null">#{dataMap.process},</if>
+            <if test="dataMap.start_time != null">#{dataMap.start_time},</if>
+            <if test="dataMap.action != null">#{dataMap.action},</if>
+            <if test="dataMap.attacker_region != null">#{dataMap.attacker_region},</if>
+            <if test="dataMap.end_time != null">#{dataMap.end_time},</if>
+            <if test="dataMap.file_created_time != null">#{dataMap.file_created_time},</if>
+            <if test="dataMap.file_modified_time != null">#{dataMap.file_modified_time},</if>
+            <if test="dataMap.tc_miguan_scan_port != null">#{dataMap.tc_miguan_scan_port}::inet,</if>
+            <if test="dataMap.process_path != null">#{dataMap.process_path},</if>
+            <if test="dataMap.parent_process_path != null">#{dataMap.parent_process_path},</if>
+            <if test="dataMap.gname != null">#{dataMap.gname},</if>
+            <if test="dataMap.exe_name != null">#{dataMap.exe_name},</if>
+            <if test="dataMap.exe_path != null">#{dataMap.exe_path},</if>
+            <if test="dataMap.login_time != null">#{dataMap.login_time},</if>
+            <if test="dataMap.login_times != null">#{dataMap.login_times},</if>
+            <if test="dataMap.check_item != null">#{dataMap.check_item},</if>
+            <if test="dataMap.check_type != null">#{dataMap.check_type},</if>
+            <if test="dataMap.attacker_ip != null">#{dataMap.attacker_ip}::inet,</if>
+            <if test="dataMap.attacker_port != null">#{dataMap.attacker_port},</if>
+            <if test="dataMap.victim_ip != null">#{dataMap.victim_ip}::inet,</if>
+            <if test="dataMap.victim_port != null">#{dataMap.victim_port},</if>
+            <if test="dataMap.attacker_city != null">#{dataMap.attacker_city},</if>
+            <if test="dataMap.attacker_lon != null">#{dataMap.attacker_lon},</if>
+            <if test="dataMap.attacker_lat != null">#{dataMap.attacker_lat},</if>
+            <if test="dataMap.victim_country != null">#{dataMap.victim_country},</if>
+            <if test="dataMap.victim_region != null">#{dataMap.victim_region},</if>
+            <if test="dataMap.victim_city != null">#{dataMap.victim_city},</if>
+            <if test="dataMap.victim_lon != null">#{dataMap.victim_lon},</if>
+            <if test="dataMap.victim_lat != null">#{dataMap.victim_lat},</if>
+            <if test="dataMap.origin_event_id != null">#{dataMap.origin_event_id},</if>
+            <if test="dataMap.origin_event_name != null">#{dataMap.origin_event_name},</if>
+            <if test="dataMap.origin_event_category != null">#{dataMap.origin_event_category},</if>
+            <if test="dataMap.origin_event_level != null">#{dataMap.origin_event_level},</if>
+            <if test="dataMap.origin_attack_chain != null">#{dataMap.origin_attack_chain},</if>
+            <if test="dataMap.engine_type != null">#{dataMap.engine_type},</if>
+            <if test="dataMap.evil_payload != null">#{dataMap.evil_payload},</if>
+            <if test="dataMap.http_resp_status != null">#{dataMap.http_resp_status},</if>
+            <if test="dataMap.dns_query != null">#{dataMap.dns_query},</if>
+            <if test="dataMap.dns_query_type != null">#{dataMap.dns_query_type},</if>
+            <if test="dataMap.dns_ttl != null">#{dataMap.dns_ttl},</if>
+            <if test="dataMap.dns_answer != null">#{dataMap.dns_answer},</if>
+            <if test="dataMap.dns_subdomains != null">#{dataMap.dns_subdomains},</if>
+            <if test="dataMap.file_sha256 != null">#{dataMap.file_sha256},</if>
+            <if test="dataMap.file_ssdeep != null">#{dataMap.file_ssdeep},</if>
+            <if test="dataMap.victim_country_code != null">#{dataMap.victim_country_code},</if>
+            <if test="dataMap.http_xff_ip != null">#{dataMap.http_xff_ip},</if>
+            <if test="dataMap.tc_miguan_class != null">#{dataMap.tc_miguan_class}::inet,</if>
+            <if test="dataMap.pid != null">#{dataMap.pid},</if>
+            <if test="dataMap.ppid != null">#{dataMap.ppid},</if>
+            <if test="dataMap.process_name != null">#{dataMap.process_name},</if>
+            <if test="dataMap.backdoor_type != null">#{dataMap.backdoor_type},</if>
+            <if test="dataMap.tty != null">#{dataMap.tty},</if>
+            <if test="dataMap.sudo_user != null">#{dataMap.sudo_user},</if>
+            <if test="dataMap.sudo_group != null">#{dataMap.sudo_group},</if>
+            <if test="dataMap.origin_event_type != null">#{dataMap.origin_event_type},</if>
+            <if test="dataMap.dest_domain != null">#{dataMap.dest_domain},</if>
+            <if test="dataMap.shell_cmdline != null">#{dataMap.shell_cmdline},</if>
+            <if test="dataMap.parent_cmdline != null">#{dataMap.parent_cmdline},</if>
+            <if test="dataMap.attack_chain != null">#{dataMap.attack_chain},</if>
+            <if test="dataMap.process_tree != null">#{dataMap.process_tree},</if>
+            <if test="dataMap.host_file_sha256 != null">#{dataMap.host_file_sha256},</if>
+            <if test="dataMap.host_file_md5 != null">#{dataMap.host_file_md5},</if>
+            <if test="dataMap.host_file_size != null">#{dataMap.host_file_size},</if>
+            <if test="dataMap.host_file_type != null">#{dataMap.host_file_type},</if>
+            <if test="dataMap.dest_country != null">#{dataMap.dest_country},</if>
+            <if test="dataMap.dest_country_code != null">#{dataMap.dest_country_code},</if>
+            <if test="dataMap.log_origin != null">#{dataMap.log_origin},</if>
+            <if test="dataMap.dest_region != null">#{dataMap.dest_region},</if>
+            <if test="dataMap.src_lat != null">#{dataMap.src_lat},</if>
+            <if test="dataMap.dest_region_code != null">#{dataMap.dest_region_code},</if>
+            <if test="dataMap.dest_city != null">#{dataMap.dest_city},</if>
+            <if test="dataMap.dest_lon != null">#{dataMap.dest_lon},</if>
+            <if test="dataMap.dest_lat != null">#{dataMap.dest_lat},</if>
+            <if test="dataMap.event_category != null">#{dataMap.event_category},</if>
+            <if test="dataMap.attack_result != null">#{dataMap.attack_result},</if>
+            <if test="dataMap.probe_ip != null">#{dataMap.probe_ip}::inet,</if>
+            <if test="dataMap.device_ip != null">#{dataMap.device_ip}::inet,</if>
+            <if test="dataMap.device_manufacturer != null">#{dataMap.device_manufacturer},</if>
+            <if test="dataMap.device_name != null">#{dataMap.device_name},</if>
+            <if test="dataMap.product_name != null">#{dataMap.product_name},</if>
+            <if test="dataMap.__id != null">#{dataMap.__id},</if>
+            <if test="dataMap.__count != null">#{dataMap.__count},</if>
+            <if test="dataMap.__count_reason != null">#{dataMap.__count_reason},</if>
+            <if test="dataMap.event_type != null">#{dataMap.event_type}::int,</if>
+            <if test="dataMap.protocol != null">#{dataMap.protocol},</if>
+            <if test="dataMap.shell_cmd != null">#{dataMap.shell_cmd},</if>
+            <if test="dataMap.parent_name != null">#{dataMap.parent_name},</if>
+            <if test="dataMap.host_file_path != null">#{dataMap.host_file_path},</if>
+            <if test="dataMap.uid != null">#{dataMap.uid},</if>
+            <if test="dataMap.fall != null">#{dataMap.fall},</if>
+            <if test="dataMap.tc_miguan_server_ip != null">#{dataMap.tc_miguan_server_ip}::inet,</if>
+            <if test="dataMap.dev_type != null">#{dataMap.dev_type},</if>
+            <if test="dataMap.collect_method != null">#{dataMap.collect_method},</if>
+            <if test="dataMap.field_cate_id != null">#{dataMap.field_cate_id},</if>
+            <if test="dataMap.device_type != null">#{dataMap.device_type},</if>
+            <if test="dataMap.tc_miguan_client_ip != null">#{dataMap.tc_miguan_client_ip}::inet,</if>
+            <if test="dataMap.tc_miguan_name != null">#{dataMap.tc_miguan_name}::inet,</if>
+            <if test="dataMap.origin_total_packages != null">#{dataMap.origin_total_packages},</if>
+            <if test="dataMap.origin_total_bytes != null">#{dataMap.origin_total_bytes},</if>
+            <if test="dataMap.origin_peak_packages_rate != null">#{dataMap.origin_peak_packages_rate},</if>
+            <if test="dataMap.origin_peak_bytes_rate != null">#{dataMap.origin_peak_bytes_rate},</if>
+            <if test="dataMap.origin_peak_flows_rate != null">#{dataMap.origin_peak_flows_rate},</if>
+            <if test="dataMap.apt_orgname != null">#{dataMap.apt_orgname},</if>
+            <if test="dataMap.apt_orgmsg != null">#{dataMap.apt_orgmsg},</if>
+            <if test="dataMap.mail_message_id != null">#{dataMap.mail_message_id},</if>
+            <if test="dataMap.mail_bcc != null">#{dataMap.mail_bcc},</if>
+            <if test="dataMap.mail_size != null">#{dataMap.mail_size},</if>
+            <if test="dataMap.mail_attach_hashcode != null">#{dataMap.mail_attach_hashcode},</if>
+            <if test="dataMap.mail_url != null">#{dataMap.mail_url},</if>
+            <if test="dataMap.mail_cc != null">#{dataMap.mail_cc},</if>
+            <if test="dataMap.algorithm != null">#{dataMap.algorithm},</if>
+            <if test="dataMap.miningpool_ip != null">#{dataMap.miningpool_ip}::inet,</if>
+            <if test="dataMap.process_md5 != null">#{dataMap.process_md5},</if>
+            <if test="dataMap.pprocess_md5 != null">#{dataMap.pprocess_md5},</if>
+            <if test="dataMap.source_servername != null">#{dataMap.source_servername},</if>
+            <if test="dataMap.origin_source_servername != null">#{dataMap.origin_source_servername},</if>
+            <if test="dataMap.mail_filename != null">#{dataMap.mail_filename},</if>
+            <if test="dataMap.dst_upload_appname != null">#{dataMap.dst_upload_appname},</if>
+            <if test="dataMap.target_port != null">#{dataMap.target_port},</if>
+            <if test="dataMap.gid != null">#{dataMap.gid},</if>
+            <if test="dataMap.origin_uid != null">#{dataMap.origin_uid},</if>
+            <if test="dataMap.origin_gid != null">#{dataMap.origin_gid},</if>
+            <if test="dataMap.target_ports != null">#{dataMap.target_ports},</if>
+            <if test="dataMap.tc_miguan_name1 != null">#{dataMap.tc_miguan_name1},</if>
+            <if test="dataMap.tc_miguan_class1 != null">#{dataMap.tc_miguan_class1},</if>
+            <if test="dataMap.etl_time != null">#{dataMap.etl_time},</if>
+            <if test="dataMap.tc_miguan_scan_port2 != null">#{dataMap.tc_miguan_scan_port2},</if>
+            <if test="dataMap.desip_security_scope != null">#{dataMap.desip_security_scope},</if>
+            <if test="dataMap.srcip_security_scope != null">#{dataMap.srcip_security_scope},</if>
+            <if test="dataMap.collect_time_ts != null">#{dataMap.collect_time_ts},</if>
+            <if test="dataMap.tc_miguan_scan_port1 != null">#{dataMap.tc_miguan_scan_port1}::inet,</if>
+            <if test="dataMap.src_dev_name != null">#{dataMap.src_dev_name},</if>
+            <if test="dataMap.collect_protocol != null">#{dataMap.collect_protocol},</if>
+            <if test="dataMap.destination_system_type != null">#{dataMap.destination_system_type},</if>
+            <if test="dataMap.destination_system != null">#{dataMap.destination_system},</if>
+            <if test="dataMap.etl_host != null">#{dataMap.etl_host},</if>
+            <if test="dataMap.normalize_rule_id != null">#{dataMap.normalize_rule_id},</if>
+            <if test="dataMap.normalize_rule_name != null">#{dataMap.normalize_rule_name},</if>
+            <if test="dataMap.syslog_uuid != null">#{dataMap.syslog_uuid},</if>
+            <if test="dataMap.syslog_topic != null">#{dataMap.syslog_topic},</if>
+        </trim>
+    </insert>
+
+    <!-- 使用实体类插入 -->
+    <insert id="insertByEntity" parameterType="com.common.entity.SyslogNormalData">
+        INSERT INTO syslog_normal_data
+        <trim prefix="(" suffix=")" suffixOverrides=",">
+            <if test="id != null">id,</if>
+            <if test="createdAt != null">created_at,</if>
+            <if test="logTime != null">log_time,</if>
+            <if test="deviceId != null">device_id,</if>
+            <!-- 其他字段类似，按照驼峰命名法 -->
+        </trim>
+        VALUES
+        <trim prefix="(" suffix=")" suffixOverrides=",">
+            <if test="id != null">#{id},</if>
+            <if test="createdAt != null">#{createdAt},</if>
+            <if test="logTime != null">#{logTime},</if>
+            <if test="deviceId != null">#{deviceId},</if>
+            <!-- 其他字段类似 -->
+        </trim>
+    </insert>
+
+    <!-- 批量插入 -->
+    <insert id="batchInsert" parameterType="map">
+        INSERT INTO syslog_normal_data
+        (id, log_time, src_ip, dest_ip, event_level)
+        VALUES
+        <foreach collection="dataList" item="item" separator=",">
+            (#{item.id}, #{item.log_time}, #{item.src_ip}, #{item.dest_ip}, #{item.event_level})
+        </foreach>
+    </insert>
+
+</mapper>
\ No newline at end of file
diff --git a/haobang-security-xdr/syslog-consumer/src/main/resources/mapper/XdrHoneypotMapper.xml b/haobang-security-xdr/syslog-consumer/src/main/resources/mapper/XdrHoneypotMapper.xml
new file mode 100644
index 0000000..ab123b9
--- /dev/null
+++ b/haobang-security-xdr/syslog-consumer/src/main/resources/mapper/XdrHoneypotMapper.xml
@@ -0,0 +1,48 @@
+<?xml version="1.0" encoding="UTF-8" ?>
+<!DOCTYPE mapper
+        PUBLIC "-//mybatis.org//DTD Mapper 3.0//EN"
+        "http://mybatis.org/dtd/mybatis-3-mapper.dtd">
+<mapper namespace="com.common.mapper.XdrHoneypotMapper">
+
+    <resultMap id="xdrHoneypotResultMap" type="com.common.entity.XdrHoneypot">
+        <id property="id" column="id"/>
+        <result property="vcsource" column="vcsource"/>
+        <result property="dstartTime" column="dstart_time"/>
+        <result property="dtime" column="dtime"/>
+        <result property="riskLevel" column="risk_level"/>
+        <result property="vcconnection" column="vcconnection"/>
+        <result property="fileInfo" column="file_info"/>
+        <result property="extra" column="extra"/>
+        <result property="vctype" column="vctype"/>
+        <result property="agentSn" column="agent_sn"/>
+        <result property="agentName" column="agent_name"/>
+        <result property="honeypotId" column="honeypot_id"/>
+        <result property="honeypotName" column="honeypot_name"/>
+        <result property="srcIp" column="src_ip"/>
+        <result property="srcPort" column="src_port"/>
+        <result property="srcMac" column="src_mac"/>
+        <result property="destIp" column="dest_ip"/>
+        <result property="destPort" column="dest_port"/>
+        <result property="proxyIp" column="proxy_ip"/>
+        <result property="node" column="node"/>
+    </resultMap>
+
+    <!-- 批量插入 -->
+    <insert id="batchInsert" parameterType="java.util.List" useGeneratedKeys="true" keyProperty="id">
+        INSERT INTO xdr_honeypot (
+        vcsource, dstart_time, dtime, risk_level, vcconnection,
+        file_info, extra, vctype, agent_sn, agent_name,
+        honeypot_id, honeypot_name, src_ip, src_port, src_mac,
+        dest_ip, dest_port, proxy_ip, node
+        ) VALUES
+        <foreach collection="list" item="item" index="index" separator=",">
+            (
+            #{item.vcsource}, #{item.dstartTime}, #{item.dtime}, #{item.riskLevel}, #{item.vcconnection},
+            #{item.fileInfo}, #{item.extra}, #{item.vctype}, #{item.agentSn}, #{item.agentName},
+            #{item.honeypotId}, #{item.honeypotName}, #{item.srcIp}, #{item.srcPort}, #{item.srcMac},
+            #{item.destIp}, #{item.destPort}, #{item.proxyIp}, #{item.node}
+            )
+        </foreach>
+    </insert>
+
+</mapper>
\ No newline at end of file
diff --git a/haobang-security-xdr/syslog-consumer/src/main/resources/mybatis-config-dev.xml b/haobang-security-xdr/syslog-consumer/src/main/resources/mybatis-config-dev.xml
new file mode 100644
index 0000000..2959192
--- /dev/null
+++ b/haobang-security-xdr/syslog-consumer/src/main/resources/mybatis-config-dev.xml
@@ -0,0 +1,52 @@
+<?xml version="1.0" encoding="UTF-8" ?>
+<!DOCTYPE configuration
+        PUBLIC "-//mybatis.org//DTD Config 3.0//EN"
+        "http://mybatis.org/dtd/mybatis-3-config.dtd">
+<configuration>
+
+    <properties>
+        <property name="driver" value="org.postgresql.Driver"/>
+        <property name="url" value="jdbc:postgresql://192.168.1.174:5432/ecosys"/>
+        <property name="username" value="postgres"/>
+        <property name="password" value="TnLanWaidYSwTSG5"/>
+    </properties>
+
+    <settings>
+        <setting name="mapUnderscoreToCamelCase" value="true"/>
+        <setting name="logImpl" value="SLF4J"/>
+        <setting name="cacheEnabled" value="true"/>
+        <setting name="lazyLoadingEnabled" value="true"/>
+        <setting name="multipleResultSetsEnabled" value="true"/>
+        <setting name="useGeneratedKeys" value="true"/>
+        <setting name="defaultStatementTimeout" value="30"/>
+    </settings>
+
+    <typeAliases>
+        <typeAlias type="com.common.entity.XdrHoneypot" alias="XdrHoneypot"/>
+        <package name="com.common.entity"/>
+    </typeAliases>
+
+    <environments default="development">
+        <environment id="development">
+            <transactionManager type="JDBC"/>
+            <dataSource type="POOLED">
+                <property name="driver" value="${driver}"/>
+                <property name="url" value="${url}"/>
+                <property name="username" value="${username}"/>
+                <property name="password" value="${password}"/>
+                <property name="poolMaximumActiveConnections" value="20"/>
+                <property name="poolMaximumIdleConnections" value="10"/>
+                <property name="poolMaximumCheckoutTime" value="20000"/>
+                <property name="poolTimeToWait" value="20000"/>
+            </dataSource>
+        </environment>
+    </environments>
+
+    <mappers>
+        <mapper class="com.common.mapper.XdrHoneypotMapper"/>
+        <mapper class="com.common.mapper.DmNormalizeRuleMapper"/>
+        <mapper resource="mapper/XdrHoneypotMapper.xml"/>
+        <mapper resource="mapper/DmNormalizeRuleMapper.xml"/>
+    </mappers>
+
+</configuration>
\ No newline at end of file
diff --git a/haobang-security-xdr/syslog-consumer/src/main/resources/mybatis-config.xml b/haobang-security-xdr/syslog-consumer/src/main/resources/mybatis-config.xml
new file mode 100644
index 0000000..e1b8281
--- /dev/null
+++ b/haobang-security-xdr/syslog-consumer/src/main/resources/mybatis-config.xml
@@ -0,0 +1,57 @@
+<?xml version="1.0" encoding="UTF-8" ?>
+<!DOCTYPE configuration
+        PUBLIC "-//mybatis.org//DTD Config 3.0//EN"
+        "http://mybatis.org/dtd/mybatis-3-config.dtd">
+<configuration>
+
+    <properties>
+        <property name="driver" value="org.postgresql.Driver"/>
+        <property name="url" value="jdbc:postgresql://192.168.4.26:5432/ecosys"/>
+        <property name="username" value="postgres"/>
+        <property name="password" value="caZ2TcmXNSW8L2Ap"/>
+    </properties>
+
+    <settings>
+        <setting name="mapUnderscoreToCamelCase" value="true"/>
+        <setting name="logImpl" value="SLF4J"/>
+        <setting name="cacheEnabled" value="true"/>
+        <setting name="lazyLoadingEnabled" value="true"/>
+        <setting name="multipleResultSetsEnabled" value="true"/>
+        <setting name="useGeneratedKeys" value="true"/>
+        <setting name="defaultStatementTimeout" value="30"/>
+    </settings>
+
+    <typeAliases>
+        <typeAlias type="com.common.entity.XdrHoneypot" alias="XdrHoneypot"/>
+        <package name="com.common.entity"/>
+    </typeAliases>
+
+    <environments default="development">
+        <environment id="development">
+            <transactionManager type="JDBC"/>
+            <dataSource type="POOLED">
+                <property name="driver" value="${driver}"/>
+                <property name="url" value="${url}"/>
+                <property name="username" value="${username}"/>
+                <property name="password" value="${password}"/>
+                <property name="poolMaximumActiveConnections" value="20"/>
+                <property name="poolMaximumIdleConnections" value="10"/>
+                <property name="poolMaximumCheckoutTime" value="20000"/>
+                <property name="poolTimeToWait" value="20000"/>
+            </dataSource>
+        </environment>
+    </environments>
+
+    <mappers>
+        <mapper class="com.common.mapper.XdrHoneypotMapper"/>
+        <mapper class="com.common.mapper.DmNormalizeRuleMapper"/>
+        <mapper class="com.common.mapper.DmColumnMapper"/>
+        <mapper class="com.common.mapper.SyslogNormalDataMapper"/>
+
+        <mapper resource="mapper/XdrHoneypotMapper.xml"/>
+        <mapper resource="mapper/DmNormalizeRuleMapper.xml"/>
+        <mapper resource="mapper/DmColumnMapper.xml"/>
+        <mapper resource="mapper/SyslogNormalDataMapper.xml"/>
+    </mappers>
+
+</configuration>
\ No newline at end of file
diff --git a/haobang-security-xdr/syslog-consumer/src/test/java/SyslogParserDemo.java b/haobang-security-xdr/syslog-consumer/src/test/java/SyslogParserDemo.java
new file mode 100644
index 0000000..1da7334
--- /dev/null
+++ b/haobang-security-xdr/syslog-consumer/src/test/java/SyslogParserDemo.java
@@ -0,0 +1,78 @@
+import com.common.entity.*;
+import com.common.util.SyslogParser;
+import java.util.Locale;
+import java.util.Optional;
+
+public class SyslogParserDemo {
+    public static void main(String[] args) {
+        // RFC 5424 测试用例
+        String[] rfc5424Logs = {
+                "<4>2025-09-14T16:27:09+08:00 hcss-ecs-9dc5 HFish[2946163]: {\"title\":\"HFish Threat Alert\",\"client\":\"内置节点\"}",
+                "<34>1 2023-10-27T14:30:15.123Z web-server-01 myapp 1234 ID47 - This is a test message",
+                "<165>1 2023-10-27T15:45:30.000+08:00 firewall01 sshd 5678 - [event source=\"auth\" result=\"failure\"] Failed password for user",
+                "<14>1 2023-10-27T16:20:45.789Z db-server-01 postgres 9012 DB01 [metrics query_time=\"150ms\" rows=100] SELECT completed",
+                "<14>1 2025-09-24T11:52:26Z 5f46d3be75e1 supermario 128 honeypot_event - {\"source\":\"honeypot1\",\"id\":\"f6a13c35-bf9d-4da6-a181-50ce23e7ef6a\",\"start_time\":\"2023-09-03T11:07:02.50167643Z\",\"time\":\"2023-09-03T11:16:18.883885281Z\",\"risk_level\":4,\"connection\":\"b18f3fbe-3fbf-4495-815f-ff26f6fb0bdf\",\"file_info\":null,\"extra\":{\"payload\":{\"format\":\"line\",\"name\":{\"cn\":\"攻击载荷\",\"en\":\"payload\"},\"value\":\"\"},\"uid\":{\"format\":\"line\",\"name\":{\"cn\":\"\",\"en\":\"\"},\"uid\":\"b4cbc73c-25d0-4429-ae1b-a856cdf1a651\",\"value\":\"\"}},\"type\":\"WEB_ATTACK_SCANNER\",\"agent_sn\":\"caa7da42-0cca-4cb1-b501-1f1eb2b588d5\",\"agent_name\":\" 教育局蜜罐探针\",\"honeypot_id\":\"11a9ac6bdf38ae2aaa49ec4f1b4a921bff71952cb9f175bdd8ee1f0497057bc6\",\"honeypot_name\":\"茂名市中小学管理平台管理后台\",\"src_ip\":\"117.50.189.7\",\"src_port\":58512,\"src_mac\":\"\",\"dest_ip\":\"192.168.222.2\",\"dest_port\":9200,\"proxy_ip\":null,\"node\":\"WRx3\"}",
+                "<4>2025-09-14T16:27:09+08:00 hcss-ecs-9dc5 HFish[2946163]: {\"title\":\"HFish Threat Alert\",\"client\":\"内置节点\",\"client_ip\":\"192.168.11.133\",\"attack_type\":\"attack\",\"scan_type\":\"\",\"scan_port\":\"\",\"class\":\"端口监听\",\"type\":\"TCP\",\"name\":\"TCP端口监听\",\"account\":\"\",\"src_ip\":\"36.154.189.226\",\"src_port\":\"29604\",\"dst_ip\":\"192.168.11.133\",\"dst_port\":\"445\",\"geo\":\"中国-江苏\",\"time\":\"2025-09-14 16:27:09\",\"threat_name\":\"\",\"threat_level\":\"other\",\"info\":\"36.154.189.226:29604 already connected.\",\"labels\":\"\",\"labels_cn\":\"\",\"AuthInfo\":null}"
+        };
+
+        // RFC 3164 测试用例
+        String[] rfc3164Logs = {
+                "<15>Oct 9 21:15:55 LAPTOP-ARDUR3N0  alan:  honeypot_event",
+                "<34>Oct 27 14:30:15 web01 sshd[1234]: Failed password for root",
+                "<13>Oct 27 15:45:30 firewall01 %ASA-6-302013: Built outbound TCP connection",
+                "<7>Oct 27 16:20:45 appserver kernel: USB device disconnected"
+        };
+
+
+        System.out.println("=== RFC 5424 格式解析 ===");
+        for (String log : rfc5424Logs) {
+
+            try {
+                SyslogMessage msg = SyslogParser.parse(log);
+                System.out.println("原始日志: " + log);
+                System.out.println("解析结果: " + msg);
+
+                System.out.println("---");
+
+
+            } catch (Exception e) {
+                System.err.println("解析失败: " + log);
+                System.err.println("错误: " + e.getMessage());
+               //Optional msg1=SyslogParser.extractJsonString(log);
+                // System.err.println("内容解析结果: " +   msg1.toString());
+            }
+        }
+
+        System.out.println("\n=== RFC 3164 格式解析 ===");
+        for (String log : rfc3164Logs) {
+            try {
+                SyslogMessage msg = SyslogParser.parse(log);
+                System.out.println("原始日志: " + log);
+                System.out.println("解析结果: " + msg);
+                System.out.println("---");
+            } catch (Exception e) {
+                System.err.println("解析失败: " + log);
+                System.err.println("错误: " + e.getMessage());
+            }
+        }
+
+        // 测试自动检测
+        System.out.println("\n=== 混合格式自动检测 ===");
+        String[] mixedLogs = {
+                "<34>1 2023-10-27T14:30:15.123Z web01 myapp 1234 - - Test RFC5424",
+                "<13>Oct 27 15:45:30 web02 kernel: Test RFC3164"
+        };
+
+        for (String log : mixedLogs) {
+            try {
+                SyslogMessage msg = SyslogParser.parse(log);
+                System.out.println("检测到格式: " + msg.getClass().getSimpleName());
+                System.out.println("解析结果: " + msg);
+                System.out.println("---");
+            } catch (Exception e) {
+                System.err.println("解析失败: " + log);
+                System.err.println("错误: " + e.getMessage());
+            }
+        }
+    }
+}
\ No newline at end of file
diff --git a/haobang-security-xdr/syslog-consumer/src/test/java/syslogMainTest.java b/haobang-security-xdr/syslog-consumer/src/test/java/syslogMainTest.java
new file mode 100644
index 0000000..adf964e
--- /dev/null
+++ b/haobang-security-xdr/syslog-consumer/src/test/java/syslogMainTest.java
@@ -0,0 +1,2 @@
+public class syslogMainTest {
+}
diff --git a/haobang-security-xdr/syslog-consumer/syslogconsumer.iml b/haobang-security-xdr/syslog-consumer/syslogconsumer.iml
new file mode 100644
index 0000000..51d3ca8
--- /dev/null
+++ b/haobang-security-xdr/syslog-consumer/syslogconsumer.iml
@@ -0,0 +1,217 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<module org.jetbrains.idea.maven.project.MavenProjectsManager.isMavenModule="true" type="JAVA_MODULE" version="4">
+  <component name="FacetManager">
+    <facet type="Spring" name="Spring">
+      <configuration />
+    </facet>
+    <facet type="web" name="Web">
+      <configuration>
+        <webroots />
+        <sourceRoots>
+          <root url="file://$MODULE_DIR$/src/main/java" />
+          <root url="file://$MODULE_DIR$/src/main/resources" />
+        </sourceRoots>
+      </configuration>
+    </facet>
+  </component>
+  <component name="NewModuleRootManager" LANGUAGE_LEVEL="JDK_1_8">
+    <output url="file://$MODULE_DIR$/target/classes" />
+    <output-test url="file://$MODULE_DIR$/target/test-classes" />
+    <content url="file://$MODULE_DIR$">
+      <sourceFolder url="file://$MODULE_DIR$/src/main/java" isTestSource="false" />
+      <sourceFolder url="file://$MODULE_DIR$/src/main/resources" type="java-resource" />
+      <sourceFolder url="file://$MODULE_DIR$/src/test/java" isTestSource="true" />
+      <excludeFolder url="file://$MODULE_DIR$/target" />
+    </content>
+    <orderEntry type="inheritedJdk" />
+    <orderEntry type="sourceFolder" forTests="false" />
+    <orderEntry type="library" name="Maven: org.springframework.boot:spring-boot-starter:2.7.4" level="project" />
+    <orderEntry type="library" name="Maven: org.springframework.boot:spring-boot:2.7.4" level="project" />
+    <orderEntry type="library" name="Maven: org.springframework.boot:spring-boot-autoconfigure:2.7.4" level="project" />
+    <orderEntry type="library" name="Maven: org.springframework.boot:spring-boot-starter-logging:2.7.4" level="project" />
+    <orderEntry type="library" name="Maven: org.apache.logging.log4j:log4j-to-slf4j:2.17.2" level="project" />
+    <orderEntry type="library" name="Maven: org.apache.logging.log4j:log4j-api:2.17.2" level="project" />
+    <orderEntry type="library" name="Maven: org.slf4j:jul-to-slf4j:1.7.36" level="project" />
+    <orderEntry type="library" name="Maven: jakarta.annotation:jakarta.annotation-api:1.3.5" level="project" />
+    <orderEntry type="library" name="Maven: org.springframework:spring-core:5.3.23" level="project" />
+    <orderEntry type="library" name="Maven: org.springframework:spring-jcl:5.3.23" level="project" />
+    <orderEntry type="library" name="Maven: org.yaml:snakeyaml:1.30" level="project" />
+    <orderEntry type="library" name="Maven: org.springframework.boot:spring-boot-starter-web:2.7.4" level="project" />
+    <orderEntry type="library" name="Maven: org.springframework.boot:spring-boot-starter-json:2.7.4" level="project" />
+    <orderEntry type="library" name="Maven: com.fasterxml.jackson.datatype:jackson-datatype-jdk8:2.13.4" level="project" />
+    <orderEntry type="library" name="Maven: com.fasterxml.jackson.module:jackson-module-parameter-names:2.13.4" level="project" />
+    <orderEntry type="library" name="Maven: org.springframework.boot:spring-boot-starter-tomcat:2.7.4" level="project" />
+    <orderEntry type="library" name="Maven: org.apache.tomcat.embed:tomcat-embed-core:9.0.65" level="project" />
+    <orderEntry type="library" name="Maven: org.apache.tomcat.embed:tomcat-embed-websocket:9.0.65" level="project" />
+    <orderEntry type="library" name="Maven: org.springframework:spring-web:5.3.23" level="project" />
+    <orderEntry type="library" name="Maven: org.springframework:spring-beans:5.3.23" level="project" />
+    <orderEntry type="library" name="Maven: org.springframework:spring-webmvc:5.3.23" level="project" />
+    <orderEntry type="library" name="Maven: org.springframework:spring-aop:5.3.23" level="project" />
+    <orderEntry type="library" name="Maven: org.springframework:spring-expression:5.3.23" level="project" />
+    <orderEntry type="library" name="Maven: org.apache.kafka:kafka-clients:3.4.0" level="project" />
+    <orderEntry type="library" scope="RUNTIME" name="Maven: com.github.luben:zstd-jni:1.5.2-1" level="project" />
+    <orderEntry type="library" name="Maven: org.lz4:lz4-java:1.8.0" level="project" />
+    <orderEntry type="library" scope="RUNTIME" name="Maven: org.xerial.snappy:snappy-java:1.1.8.4" level="project" />
+    <orderEntry type="library" name="Maven: org.springframework.kafka:spring-kafka:2.8.9" level="project" />
+    <orderEntry type="library" name="Maven: org.springframework:spring-context:5.3.23" level="project" />
+    <orderEntry type="library" name="Maven: org.springframework:spring-messaging:5.3.23" level="project" />
+    <orderEntry type="library" name="Maven: org.springframework:spring-tx:5.3.23" level="project" />
+    <orderEntry type="library" name="Maven: org.springframework.retry:spring-retry:1.3.3" level="project" />
+    <orderEntry type="library" name="Maven: com.google.code.findbugs:jsr305:3.0.2" level="project" />
+    <orderEntry type="library" name="Maven: org.slf4j:slf4j-simple:2.0.7" level="project" />
+    <orderEntry type="library" name="Maven: com.influxdb:influxdb-client-java:6.9.0" level="project" />
+    <orderEntry type="library" name="Maven: com.influxdb:influxdb-client-core:6.9.0" level="project" />
+    <orderEntry type="library" name="Maven: com.influxdb:influxdb-client-utils:6.9.0" level="project" />
+    <orderEntry type="library" name="Maven: com.squareup.okio:okio:3.3.0" level="project" />
+    <orderEntry type="library" name="Maven: com.squareup.okio:okio-jvm:3.3.0" level="project" />
+    <orderEntry type="library" name="Maven: org.jetbrains.kotlin:kotlin-stdlib-jdk8:1.6.21" level="project" />
+    <orderEntry type="library" name="Maven: org.jetbrains.kotlin:kotlin-stdlib-jdk7:1.6.21" level="project" />
+    <orderEntry type="library" name="Maven: com.squareup.okhttp3:okhttp:4.9.3" level="project" />
+    <orderEntry type="library" name="Maven: org.jetbrains.kotlin:kotlin-stdlib:1.6.21" level="project" />
+    <orderEntry type="library" name="Maven: org.jetbrains.kotlin:kotlin-stdlib-common:1.6.21" level="project" />
+    <orderEntry type="library" name="Maven: org.jetbrains:annotations:13.0" level="project" />
+    <orderEntry type="library" name="Maven: com.squareup.retrofit2:retrofit:2.9.0" level="project" />
+    <orderEntry type="library" name="Maven: com.squareup.okhttp3:logging-interceptor:4.9.3" level="project" />
+    <orderEntry type="library" name="Maven: org.apache.commons:commons-csv:1.10.0" level="project" />
+    <orderEntry type="library" name="Maven: com.google.code.gson:gson:2.9.1" level="project" />
+    <orderEntry type="library" name="Maven: io.reactivex.rxjava3:rxjava:3.1.6" level="project" />
+    <orderEntry type="library" name="Maven: org.reactivestreams:reactive-streams:1.0.4" level="project" />
+    <orderEntry type="library" name="Maven: com.squareup.retrofit2:adapter-rxjava3:2.9.0" level="project" />
+    <orderEntry type="library" name="Maven: com.squareup.retrofit2:converter-scalars:2.9.0" level="project" />
+    <orderEntry type="library" name="Maven: com.squareup.retrofit2:converter-gson:2.9.0" level="project" />
+    <orderEntry type="library" name="Maven: com.typesafe:config:1.4.2" level="project" />
+    <orderEntry type="library" name="Maven: org.slf4j:slf4j-api:1.7.36" level="project" />
+    <orderEntry type="library" name="Maven: ch.qos.logback:logback-classic:1.2.11" level="project" />
+    <orderEntry type="library" name="Maven: ch.qos.logback:logback-core:1.2.11" level="project" />
+    <orderEntry type="library" name="Maven: org.mybatis:mybatis:3.5.10" level="project" />
+    <orderEntry type="library" name="Maven: org.postgresql:postgresql:42.5.4" level="project" />
+    <orderEntry type="library" scope="RUNTIME" name="Maven: org.checkerframework:checker-qual:3.5.0" level="project" />
+    <orderEntry type="library" name="Maven: com.fasterxml.jackson.core:jackson-databind:2.13.3" level="project" />
+    <orderEntry type="library" name="Maven: com.fasterxml.jackson.core:jackson-annotations:2.13.4" level="project" />
+    <orderEntry type="library" name="Maven: com.fasterxml.jackson.core:jackson-core:2.13.4" level="project" />
+    <orderEntry type="library" name="Maven: org.mybatis.spring.boot:mybatis-spring-boot-starter:2.3.1" level="project" />
+    <orderEntry type="library" name="Maven: org.mybatis.spring.boot:mybatis-spring-boot-autoconfigure:2.3.1" level="project" />
+    <orderEntry type="library" name="Maven: org.mybatis:mybatis-spring:2.1.1" level="project" />
+    <orderEntry type="library" name="Maven: org.springframework.boot:spring-boot-starter-jdbc:2.7.4" level="project" />
+    <orderEntry type="library" name="Maven: com.zaxxer:HikariCP:4.0.3" level="project" />
+    <orderEntry type="library" name="Maven: org.springframework:spring-jdbc:5.3.23" level="project" />
+    <orderEntry type="library" name="Maven: org.json:json:20231013" level="project" />
+    <orderEntry type="library" scope="PROVIDED" name="Maven: org.projectlombok:lombok:1.18.24" level="project" />
+    <orderEntry type="library" name="Maven: com.alibaba:fastjson:1.2.83" level="project" />
+    <orderEntry type="library" name="Maven: org.springframework.boot:spring-boot-starter-validation:2.7.4" level="project" />
+    <orderEntry type="library" name="Maven: org.apache.tomcat.embed:tomcat-embed-el:9.0.65" level="project" />
+    <orderEntry type="library" name="Maven: org.hibernate.validator:hibernate-validator:6.2.5.Final" level="project" />
+    <orderEntry type="library" name="Maven: jakarta.validation:jakarta.validation-api:2.0.2" level="project" />
+    <orderEntry type="library" name="Maven: org.jboss.logging:jboss-logging:3.4.3.Final" level="project" />
+    <orderEntry type="library" name="Maven: com.fasterxml:classmate:1.5.1" level="project" />
+    <orderEntry type="library" name="Maven: org.springframework.boot:spring-boot-starter-quartz:2.7.4" level="project" />
+    <orderEntry type="library" name="Maven: org.springframework:spring-context-support:5.3.23" level="project" />
+    <orderEntry type="library" name="Maven: org.quartz-scheduler:quartz:2.3.2" level="project" />
+    <orderEntry type="library" name="Maven: com.mchange:mchange-commons-java:0.2.15" level="project" />
+    <orderEntry type="library" name="Maven: org.springframework.boot:spring-boot-starter-cache:2.7.4" level="project" />
+    <orderEntry type="library" name="Maven: org.springframework.boot:spring-boot-starter-data-redis:2.7.4" level="project" />
+    <orderEntry type="library" name="Maven: org.springframework.data:spring-data-redis:2.7.3" level="project" />
+    <orderEntry type="library" name="Maven: org.springframework.data:spring-data-keyvalue:2.7.3" level="project" />
+    <orderEntry type="library" name="Maven: org.springframework:spring-oxm:5.3.23" level="project" />
+    <orderEntry type="library" name="Maven: io.lettuce:lettuce-core:6.1.9.RELEASE" level="project" />
+    <orderEntry type="library" name="Maven: io.netty:netty-common:4.1.82.Final" level="project" />
+    <orderEntry type="library" name="Maven: io.netty:netty-handler:4.1.82.Final" level="project" />
+    <orderEntry type="library" name="Maven: io.netty:netty-resolver:4.1.82.Final" level="project" />
+    <orderEntry type="library" name="Maven: io.netty:netty-buffer:4.1.82.Final" level="project" />
+    <orderEntry type="library" name="Maven: io.netty:netty-transport-native-unix-common:4.1.82.Final" level="project" />
+    <orderEntry type="library" name="Maven: io.netty:netty-codec:4.1.82.Final" level="project" />
+    <orderEntry type="library" name="Maven: io.netty:netty-transport:4.1.82.Final" level="project" />
+    <orderEntry type="library" name="Maven: io.projectreactor:reactor-core:3.4.23" level="project" />
+    <orderEntry type="library" name="Maven: com.fasterxml.jackson.datatype:jackson-datatype-jsr310:2.13.4" level="project" />
+    <orderEntry type="library" name="Maven: org.springframework.boot:spring-boot-starter-data-elasticsearch:2.7.4" level="project" />
+    <orderEntry type="library" name="Maven: org.springframework.data:spring-data-elasticsearch:4.4.3" level="project" />
+    <orderEntry type="library" name="Maven: org.springframework.data:spring-data-commons:2.7.3" level="project" />
+    <orderEntry type="library" name="Maven: org.elasticsearch.client:elasticsearch-rest-high-level-client:7.17.6" level="project" />
+    <orderEntry type="library" name="Maven: org.elasticsearch:elasticsearch:7.17.6" level="project" />
+    <orderEntry type="library" name="Maven: org.elasticsearch:elasticsearch-core:7.17.6" level="project" />
+    <orderEntry type="library" name="Maven: org.elasticsearch:elasticsearch-secure-sm:7.17.6" level="project" />
+    <orderEntry type="library" name="Maven: org.elasticsearch:elasticsearch-x-content:7.17.6" level="project" />
+    <orderEntry type="library" name="Maven: com.fasterxml.jackson.dataformat:jackson-dataformat-smile:2.13.4" level="project" />
+    <orderEntry type="library" name="Maven: com.fasterxml.jackson.dataformat:jackson-dataformat-yaml:2.13.4" level="project" />
+    <orderEntry type="library" name="Maven: com.fasterxml.jackson.dataformat:jackson-dataformat-cbor:2.13.4" level="project" />
+    <orderEntry type="library" name="Maven: org.elasticsearch:elasticsearch-geo:7.17.6" level="project" />
+    <orderEntry type="library" name="Maven: org.elasticsearch:elasticsearch-lz4:7.17.6" level="project" />
+    <orderEntry type="library" name="Maven: org.apache.lucene:lucene-core:8.11.1" level="project" />
+    <orderEntry type="library" name="Maven: org.apache.lucene:lucene-analyzers-common:8.11.1" level="project" />
+    <orderEntry type="library" name="Maven: org.apache.lucene:lucene-backward-codecs:8.11.1" level="project" />
+    <orderEntry type="library" name="Maven: org.apache.lucene:lucene-grouping:8.11.1" level="project" />
+    <orderEntry type="library" name="Maven: org.apache.lucene:lucene-highlighter:8.11.1" level="project" />
+    <orderEntry type="library" name="Maven: org.apache.lucene:lucene-join:8.11.1" level="project" />
+    <orderEntry type="library" name="Maven: org.apache.lucene:lucene-memory:8.11.1" level="project" />
+    <orderEntry type="library" name="Maven: org.apache.lucene:lucene-misc:8.11.1" level="project" />
+    <orderEntry type="library" name="Maven: org.apache.lucene:lucene-queries:8.11.1" level="project" />
+    <orderEntry type="library" name="Maven: org.apache.lucene:lucene-queryparser:8.11.1" level="project" />
+    <orderEntry type="library" name="Maven: org.apache.lucene:lucene-sandbox:8.11.1" level="project" />
+    <orderEntry type="library" name="Maven: org.apache.lucene:lucene-spatial3d:8.11.1" level="project" />
+    <orderEntry type="library" name="Maven: org.apache.lucene:lucene-suggest:8.11.1" level="project" />
+    <orderEntry type="library" name="Maven: org.elasticsearch:elasticsearch-cli:7.17.6" level="project" />
+    <orderEntry type="library" name="Maven: net.sf.jopt-simple:jopt-simple:5.0.2" level="project" />
+    <orderEntry type="library" name="Maven: com.carrotsearch:hppc:0.8.1" level="project" />
+    <orderEntry type="library" name="Maven: com.tdunning:t-digest:3.2" level="project" />
+    <orderEntry type="library" name="Maven: org.hdrhistogram:HdrHistogram:2.1.9" level="project" />
+    <orderEntry type="library" name="Maven: net.java.dev.jna:jna:5.10.0" level="project" />
+    <orderEntry type="library" scope="RUNTIME" name="Maven: org.elasticsearch:elasticsearch-plugin-classloader:7.17.6" level="project" />
+    <orderEntry type="library" name="Maven: org.elasticsearch.plugin:mapper-extras-client:7.17.6" level="project" />
+    <orderEntry type="library" name="Maven: org.elasticsearch.plugin:parent-join-client:7.17.6" level="project" />
+    <orderEntry type="library" name="Maven: org.elasticsearch.plugin:aggs-matrix-stats-client:7.17.6" level="project" />
+    <orderEntry type="library" name="Maven: org.elasticsearch.plugin:rank-eval-client:7.17.6" level="project" />
+    <orderEntry type="library" name="Maven: org.elasticsearch.plugin:lang-mustache-client:7.17.6" level="project" />
+    <orderEntry type="library" name="Maven: com.github.spullara.mustache.java:compiler:0.9.6" level="project" />
+    <orderEntry type="library" name="Maven: co.elastic.clients:elasticsearch-java:7.17.6" level="project" />
+    <orderEntry type="library" name="Maven: jakarta.json:jakarta.json-api:1.1.6" level="project" />
+    <orderEntry type="library" name="Maven: org.eclipse.parsson:parsson:1.0.0" level="project" />
+    <orderEntry type="library" name="Maven: org.elasticsearch.client:elasticsearch-rest-client:7.17.6" level="project" />
+    <orderEntry type="library" name="Maven: org.apache.httpcomponents:httpclient:4.5.13" level="project" />
+    <orderEntry type="library" name="Maven: org.apache.httpcomponents:httpcore:4.4.15" level="project" />
+    <orderEntry type="library" name="Maven: org.apache.httpcomponents:httpasyncclient:4.1.5" level="project" />
+    <orderEntry type="library" name="Maven: org.apache.httpcomponents:httpcore-nio:4.4.15" level="project" />
+    <orderEntry type="library" name="Maven: commons-codec:commons-codec:1.15" level="project" />
+    <orderEntry type="library" name="Maven: com.baomidou:mybatis-plus-boot-starter:3.5.3.1" level="project" />
+    <orderEntry type="library" name="Maven: com.baomidou:mybatis-plus:3.5.3.1" level="project" />
+    <orderEntry type="library" name="Maven: com.baomidou:mybatis-plus-extension:3.5.3.1" level="project" />
+    <orderEntry type="library" name="Maven: com.baomidou:mybatis-plus-core:3.5.3.1" level="project" />
+    <orderEntry type="library" name="Maven: com.baomidou:mybatis-plus-annotation:3.5.3.1" level="project" />
+    <orderEntry type="library" name="Maven: com.github.pagehelper:pagehelper-spring-boot-starter:1.4.6" level="project" />
+    <orderEntry type="library" name="Maven: com.github.pagehelper:pagehelper-spring-boot-autoconfigure:1.4.6" level="project" />
+    <orderEntry type="library" name="Maven: com.github.pagehelper:pagehelper:5.3.2" level="project" />
+    <orderEntry type="library" name="Maven: com.github.jsqlparser:jsqlparser:4.5" level="project" />
+    <orderEntry type="library" scope="TEST" name="Maven: org.junit.jupiter:junit-jupiter:5.9.2" level="project" />
+    <orderEntry type="library" scope="TEST" name="Maven: org.junit.jupiter:junit-jupiter-api:5.8.2" level="project" />
+    <orderEntry type="library" scope="TEST" name="Maven: org.opentest4j:opentest4j:1.2.0" level="project" />
+    <orderEntry type="library" scope="TEST" name="Maven: org.junit.platform:junit-platform-commons:1.8.2" level="project" />
+    <orderEntry type="library" scope="TEST" name="Maven: org.apiguardian:apiguardian-api:1.1.2" level="project" />
+    <orderEntry type="library" scope="TEST" name="Maven: org.junit.jupiter:junit-jupiter-params:5.8.2" level="project" />
+    <orderEntry type="library" scope="TEST" name="Maven: org.junit.jupiter:junit-jupiter-engine:5.8.2" level="project" />
+    <orderEntry type="library" scope="TEST" name="Maven: org.junit.platform:junit-platform-engine:1.8.2" level="project" />
+    <orderEntry type="library" name="Maven: org.graylog2:syslog4j:0.9.61" level="project" />
+    <orderEntry type="library" name="Maven: joda-time:joda-time:2.9.9" level="project" />
+    <orderEntry type="library" name="Maven: org.apache.commons:commons-lang3:3.12.0" level="project" />
+    <orderEntry type="library" scope="TEST" name="Maven: org.springframework.boot:spring-boot-starter-test:2.7.4" level="project" />
+    <orderEntry type="library" scope="TEST" name="Maven: org.springframework.boot:spring-boot-test:2.7.4" level="project" />
+    <orderEntry type="library" scope="TEST" name="Maven: org.springframework.boot:spring-boot-test-autoconfigure:2.7.4" level="project" />
+    <orderEntry type="library" scope="TEST" name="Maven: com.jayway.jsonpath:json-path:2.7.0" level="project" />
+    <orderEntry type="library" scope="TEST" name="Maven: net.minidev:json-smart:2.4.8" level="project" />
+    <orderEntry type="library" scope="TEST" name="Maven: net.minidev:accessors-smart:2.4.8" level="project" />
+    <orderEntry type="library" scope="TEST" name="Maven: org.ow2.asm:asm:9.1" level="project" />
+    <orderEntry type="library" scope="TEST" name="Maven: jakarta.xml.bind:jakarta.xml.bind-api:2.3.3" level="project" />
+    <orderEntry type="library" scope="TEST" name="Maven: jakarta.activation:jakarta.activation-api:1.2.2" level="project" />
+    <orderEntry type="library" scope="TEST" name="Maven: org.assertj:assertj-core:3.22.0" level="project" />
+    <orderEntry type="library" scope="TEST" name="Maven: org.hamcrest:hamcrest:2.2" level="project" />
+    <orderEntry type="library" scope="TEST" name="Maven: org.mockito:mockito-core:4.5.1" level="project" />
+    <orderEntry type="library" scope="TEST" name="Maven: net.bytebuddy:byte-buddy:1.12.17" level="project" />
+    <orderEntry type="library" scope="TEST" name="Maven: net.bytebuddy:byte-buddy-agent:1.12.17" level="project" />
+    <orderEntry type="library" scope="TEST" name="Maven: org.objenesis:objenesis:3.2" level="project" />
+    <orderEntry type="library" scope="TEST" name="Maven: org.mockito:mockito-junit-jupiter:4.5.1" level="project" />
+    <orderEntry type="library" scope="TEST" name="Maven: org.skyscreamer:jsonassert:1.5.1" level="project" />
+    <orderEntry type="library" scope="TEST" name="Maven: com.vaadin.external.google:android-json:0.0.20131108.vaadin1" level="project" />
+    <orderEntry type="library" scope="TEST" name="Maven: org.springframework:spring-test:5.3.23" level="project" />
+    <orderEntry type="library" scope="TEST" name="Maven: org.xmlunit:xmlunit-core:2.9.0" level="project" />
+    <orderEntry type="library" name="Maven: com.alibaba.fastjson2:fastjson2:2.0.40" level="project" />
+    <orderEntry type="library" name="Maven: cn.hutool:hutool-all:5.8.16" level="project" />
+  </component>
+</module>
\ No newline at end of file
diff --git a/haobang-security-xdr/syslog-serve/.gitignore b/haobang-security-xdr/syslog-serve/.gitignore
new file mode 100644
index 0000000..549e00a
--- /dev/null
+++ b/haobang-security-xdr/syslog-serve/.gitignore
@@ -0,0 +1,33 @@
+HELP.md
+target/
+!.mvn/wrapper/maven-wrapper.jar
+!**/src/main/**/target/
+!**/src/test/**/target/
+
+### STS ###
+.apt_generated
+.classpath
+.factorypath
+.project
+.settings
+.springBeans
+.sts4-cache
+
+### IntelliJ IDEA ###
+.idea
+*.iws
+*.iml
+*.ipr
+
+### NetBeans ###
+/nbproject/private/
+/nbbuild/
+/dist/
+/nbdist/
+/.nb-gradle/
+build/
+!**/src/main/**/build/
+!**/src/test/**/build/
+
+### VS Code ###
+.vscode/
diff --git a/haobang-security-xdr/syslog-serve/Dockerfile b/haobang-security-xdr/syslog-serve/Dockerfile
new file mode 100644
index 0000000..69856a3
--- /dev/null
+++ b/haobang-security-xdr/syslog-serve/Dockerfile
@@ -0,0 +1,18 @@
+FROM openjdk:8
+
+MAINTAINER chenchunan@139.com
+
+# 创建程序运行和日志目录
+RUN mkdir -p /app
+RUN mkdir -p /app/logs
+WORKDIR /app
+# 挂载日志运行目录
+VOLUME /app/logs
+
+ADD syslog-serve-1.0.0.jar   syslog-serve.jar
+EXPOSE 8089
+EXPOSE 514
+
+CMD java -jar  syslog-serve.jar
+
+
diff --git a/haobang-security-xdr/syslog-serve/docker_run.txt b/haobang-security-xdr/syslog-serve/docker_run.txt
new file mode 100644
index 0000000..caabee0
--- /dev/null
+++ b/haobang-security-xdr/syslog-serve/docker_run.txt
@@ -0,0 +1,46 @@
+
+
+
+--0.�л�����˴��Ŀ¼
+cd /opt/syslog/docker/serve
+
+--0.ͨ��Dockerfile�ļ���������
+--docker build -f /opt/syslog/docker/serve/Dockerfile -t syslog-serve:v1.0
+--���docker image�ļ� (Dockerfile ��ǰĿ¼��
+docker build -t syslog-serve:v1.X.X  .
+
+--1.�鿴����������
+docker ps -a
+
+--2.ֹͣ���� ��ɾ��
+docker stop   ct-syslog-serve  &&  docker  rm ct-syslog-serve
+docker rmi ����ID(XXXXX)
+
+--3.���docker image�ļ� (Dockerfile ��ǰĿ¼��
+docker build -t syslog-serve:v1.X.X  .
+
+--4.����docker �ļ�
+docker run --restart unless-stopped -e TZ=Asia/Shanghai  -d --name ct-syslog-serve -p 514:514 -p 8189:8189 -v /home/syslog/logs:/app/logs --privileged=true   syslog-serve:v1.X.X
+docker run --restart unless-stopped -e TZ=Asia/Shanghai  -d --name ct-syslog-serve -p 514:514/udp -p 514:514/tcp -p 8189:8189 -v /home/syslog/logs:/app/logs --privileged=true   syslog-serve:v1.X.X
+
+ZC CMD��
+docker run --restart unless-stopped -e TZ=Asia/Shanghai  -d --name ct-syslog-serve -p 514:514 -p 8189:8189 -v /data/syslog/logs:/app/logs --privileged=true   syslog-serve:v1.X.X
+
+docker run --restart unless-stopped -e TZ=Asia/Shanghai  -d --name ct-syslog-serve -p 514:514/udp -p 514:514/tcp -p 8189:8189 -v /data/syslog/logs:/app/logs --privileged=true   syslog-serve:v1.X.X
+--������������
+docker run  -d --name ct-syslog-serve -p 514:514 --privileged=true   syslog-serve:v1.0
+
+
+-----jar ����
+--cmd ����
+nohup java -server -Xms512m -Xmx1024m -XX:+UseG1GC -Duser.timezone=Asia/Shanghai -jar syslog-serve-1.0.0.jar > /data/syslog/logs/syslog-serve-console.log 2>&1 &
+--cmd �鿴
+ps -ef | grep 'syslog-serve-1.0.0.jar' | grep -v grep
+# �������� Java ����
+ps -ef | grep java | grep -v grep
+
+# ʾ������� PID �� 12345
+kill 12345
+# ͨ��������ֹͣ
+# ǿ��ֹͣ
+pkill  -9 -f "syslog-serve-1.0.0.jar"
\ No newline at end of file
diff --git a/haobang-security-xdr/syslog-serve/logs/syslog-consumer.log b/haobang-security-xdr/syslog-serve/logs/syslog-consumer.log
new file mode 100644
index 0000000..fcb8168
--- /dev/null
+++ b/haobang-security-xdr/syslog-serve/logs/syslog-consumer.log
@@ -0,0 +1,7 @@
+2025-12-03 02:00:00.002 [scheduling-2] INFO  c.c.schedule.PartitionTableSchedule - 开始检查第二天的分区表状态...
+2025-12-03 02:00:00.002 [scheduling-1] INFO  c.c.schedule.PartitionTableSchedule - 开始检查分区表状态...
+2025-12-03 02:00:00.004 [scheduling-1] INFO  c.c.schedule.PartitionTableSchedule - 分区表状态检查完成
+2025-12-03 02:00:00.016 [scheduling-2] INFO  com.zaxxer.hikari.HikariDataSource - HikariPool-1 - Starting...
+2025-12-03 02:00:00.249 [scheduling-2] INFO  com.zaxxer.hikari.HikariDataSource - HikariPool-1 - Start completed.
+2025-12-03 02:00:00.283 [scheduling-2] INFO  c.c.service.PartitionTableService - 第二天分区表检查完成: PartitionTableStatus{date=2025年12月04日, table=syslog_normal_data_20251204, exists=true, created=false, message='分区表已存在'}
+2025-12-03 02:00:00.284 [scheduling-2] INFO  c.c.schedule.PartitionTableSchedule - 第二天分区表已存在: syslog_normal_data_20251204
diff --git a/haobang-security-xdr/syslog-serve/logs/syslog-serve-console.log b/haobang-security-xdr/syslog-serve/logs/syslog-serve-console.log
new file mode 100644
index 0000000..9cfe145
--- /dev/null
+++ b/haobang-security-xdr/syslog-serve/logs/syslog-serve-console.log
@@ -0,0 +1,4 @@
+nohup: 忽略输入
+Unrecognized option: -syslog-serve-1.0.0.jar
+Error: Could not create the Java Virtual Machine.
+Error: A fatal exception has occurred. Program will exit.
diff --git a/haobang-security-xdr/syslog-serve/logs/syslog-serve.log b/haobang-security-xdr/syslog-serve/logs/syslog-serve.log
new file mode 100644
index 0000000..ea15e05
--- /dev/null
+++ b/haobang-security-xdr/syslog-serve/logs/syslog-serve.log
@@ -0,0 +1,13 @@
+2025-12-29 15:11:48.634 [main] INFO  o.s.b.t.c.SpringBootTestContextBootstrapper - Neither @ContextConfiguration nor @ContextHierarchy found for test class [com.haobang.syslog.SysjavacollectApplicationTests], using SpringBootContextLoader
+2025-12-29 15:11:48.635 [main] INFO  o.s.t.c.s.AbstractContextLoader - Could not detect default resource locations for test class [com.haobang.syslog.SysjavacollectApplicationTests]: no resource found for suffixes {-context.xml, Context.groovy}.
+2025-12-29 15:11:48.635 [main] INFO  o.s.t.c.s.AnnotationConfigContextLoaderUtils - Could not detect default configuration classes for test class [com.haobang.syslog.SysjavacollectApplicationTests]: SysjavacollectApplicationTests does not declare any static, non-private, non-final, nested classes annotated with @Configuration.
+2025-12-29 15:11:48.785 [main] INFO  o.s.b.t.c.SpringBootTestContextBootstrapper - Found @SpringBootConfiguration com.SyslogServeMainApp for test class com.haobang.syslog.SysjavacollectApplicationTests
+2025-12-29 15:11:48.918 [main] INFO  o.s.b.t.c.SpringBootTestContextBootstrapper - Loaded default TestExecutionListener class names from location [META-INF/spring.factories]: [org.springframework.boot.test.mock.mockito.MockitoTestExecutionListener, org.springframework.boot.test.mock.mockito.ResetMocksTestExecutionListener, org.springframework.boot.test.autoconfigure.restdocs.RestDocsTestExecutionListener, org.springframework.boot.test.autoconfigure.web.client.MockRestServiceServerResetTestExecutionListener, org.springframework.boot.test.autoconfigure.web.servlet.MockMvcPrintOnlyOnFailureTestExecutionListener, org.springframework.boot.test.autoconfigure.web.servlet.WebDriverTestExecutionListener, org.springframework.boot.test.autoconfigure.webservices.client.MockWebServiceServerTestExecutionListener, org.springframework.test.context.web.ServletTestExecutionListener, org.springframework.test.context.support.DirtiesContextBeforeModesTestExecutionListener, org.springframework.test.context.event.ApplicationEventsTestExecutionListener, org.springframework.test.context.support.DependencyInjectionTestExecutionListener, org.springframework.test.context.support.DirtiesContextTestExecutionListener, org.springframework.test.context.transaction.TransactionalTestExecutionListener, org.springframework.test.context.jdbc.SqlScriptsTestExecutionListener, org.springframework.test.context.event.EventPublishingTestExecutionListener]
+2025-12-29 15:11:48.938 [main] INFO  o.s.b.t.c.SpringBootTestContextBootstrapper - Using TestExecutionListeners: [org.springframework.test.context.web.ServletTestExecutionListener@479ceda0, org.springframework.test.context.support.DirtiesContextBeforeModesTestExecutionListener@6d07a63d, org.springframework.test.context.event.ApplicationEventsTestExecutionListener@571c5681, org.springframework.boot.test.mock.mockito.MockitoTestExecutionListener@488d1cd7, org.springframework.boot.test.autoconfigure.SpringBootDependencyInjectionTestExecutionListener@68dc098b, org.springframework.test.context.support.DirtiesContextTestExecutionListener@38ba6ce3, org.springframework.test.context.transaction.TransactionalTestExecutionListener@d278d2b, org.springframework.test.context.jdbc.SqlScriptsTestExecutionListener@2d6c53fc, org.springframework.test.context.event.EventPublishingTestExecutionListener@25f4878b, org.springframework.boot.test.mock.mockito.ResetMocksTestExecutionListener@4e423aa2, org.springframework.boot.test.autoconfigure.restdocs.RestDocsTestExecutionListener@7fbdb894, org.springframework.boot.test.autoconfigure.web.client.MockRestServiceServerResetTestExecutionListener@3081f72c, org.springframework.boot.test.autoconfigure.web.servlet.MockMvcPrintOnlyOnFailureTestExecutionListener@3148f668, org.springframework.boot.test.autoconfigure.web.servlet.WebDriverTestExecutionListener@6e005dc9, org.springframework.boot.test.autoconfigure.webservices.client.MockWebServiceServerTestExecutionListener@7ceb3185]
+2025-12-29 15:11:49.275 [main] INFO  c.h.s.SysjavacollectApplicationTests - Starting SysjavacollectApplicationTests using Java 1.8.0_121 on LAPTOP-ARDUR3N0 with PID 18832 (started by chenc in E:\GIT_GOSAME\haobang-security-xdr\syslog-serve)
+2025-12-29 15:11:49.275 [main] INFO  c.h.s.SysjavacollectApplicationTests - No active profile set, falling back to 1 default profile: "default"
+2025-12-29 15:11:49.301 [background-preinit] INFO  o.h.validator.internal.util.Version - HV000001: Hibernate Validator 6.2.5.Final
+2025-12-29 15:11:50.763 [main] INFO  o.s.d.r.c.RepositoryConfigurationDelegate - Multiple Spring Data modules found, entering strict repository configuration mode
+2025-12-29 15:11:50.766 [main] INFO  o.s.d.r.c.RepositoryConfigurationDelegate - Bootstrapping Spring Data Redis repositories in DEFAULT mode.
+2025-12-29 15:11:50.890 [main] INFO  o.s.d.r.c.RepositoryConfigurationDelegate - Finished Spring Data repository scanning in 110 ms. Found 0 Redis repository interfaces.
+2025-12-29 15:11:58.435 [main] INFO  c.h.s.SysjavacollectApplicationTests - Started SysjavacollectApplicationTests in 9.452 seconds (JVM running for 10.738)
diff --git a/haobang-security-xdr/syslog-serve/mvnw b/haobang-security-xdr/syslog-serve/mvnw
new file mode 100644
index 0000000..8a8fb22
--- /dev/null
+++ b/haobang-security-xdr/syslog-serve/mvnw
@@ -0,0 +1,316 @@
+#!/bin/sh
+# ----------------------------------------------------------------------------
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements.  See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership.  The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License.  You may obtain a copy of the License at
+#
+#    https://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied.  See the License for the
+# specific language governing permissions and limitations
+# under the License.
+# ----------------------------------------------------------------------------
+
+# ----------------------------------------------------------------------------
+# Maven Start Up Batch script
+#
+# Required ENV vars:
+# ------------------
+#   JAVA_HOME - location of a JDK home dir
+#
+# Optional ENV vars
+# -----------------
+#   M2_HOME - location of maven2's installed home dir
+#   MAVEN_OPTS - parameters passed to the Java VM when running Maven
+#     e.g. to debug Maven itself, use
+#       set MAVEN_OPTS=-Xdebug -Xrunjdwp:transport=dt_socket,server=y,suspend=y,address=8000
+#   MAVEN_SKIP_RC - flag to disable loading of mavenrc files
+# ----------------------------------------------------------------------------
+
+if [ -z "$MAVEN_SKIP_RC" ] ; then
+
+  if [ -f /usr/local/etc/mavenrc ] ; then
+    . /usr/local/etc/mavenrc
+  fi
+
+  if [ -f /etc/mavenrc ] ; then
+    . /etc/mavenrc
+  fi
+
+  if [ -f "$HOME/.mavenrc" ] ; then
+    . "$HOME/.mavenrc"
+  fi
+
+fi
+
+# OS specific support.  $var _must_ be set to either true or false.
+cygwin=false;
+darwin=false;
+mingw=false
+case "`uname`" in
+  CYGWIN*) cygwin=true ;;
+  MINGW*) mingw=true;;
+  Darwin*) darwin=true
+    # Use /usr/libexec/java_home if available, otherwise fall back to /Library/Java/Home
+    # See https://developer.apple.com/library/mac/qa/qa1170/_index.html
+    if [ -z "$JAVA_HOME" ]; then
+      if [ -x "/usr/libexec/java_home" ]; then
+        export JAVA_HOME="`/usr/libexec/java_home`"
+      else
+        export JAVA_HOME="/Library/Java/Home"
+      fi
+    fi
+    ;;
+esac
+
+if [ -z "$JAVA_HOME" ] ; then
+  if [ -r /etc/gentoo-release ] ; then
+    JAVA_HOME=`java-config --jre-home`
+  fi
+fi
+
+if [ -z "$M2_HOME" ] ; then
+  ## resolve links - $0 may be a link to maven's home
+  PRG="$0"
+
+  # need this for relative symlinks
+  while [ -h "$PRG" ] ; do
+    ls=`ls -ld "$PRG"`
+    link=`expr "$ls" : '.*-> \(.*\)$'`
+    if expr "$link" : '/.*' > /dev/null; then
+      PRG="$link"
+    else
+      PRG="`dirname "$PRG"`/$link"
+    fi
+  done
+
+  saveddir=`pwd`
+
+  M2_HOME=`dirname "$PRG"`/..
+
+  # make it fully qualified
+  M2_HOME=`cd "$M2_HOME" && pwd`
+
+  cd "$saveddir"
+  # echo Using m2 at $M2_HOME
+fi
+
+# For Cygwin, ensure paths are in UNIX format before anything is touched
+if $cygwin ; then
+  [ -n "$M2_HOME" ] &&
+    M2_HOME=`cygpath --unix "$M2_HOME"`
+  [ -n "$JAVA_HOME" ] &&
+    JAVA_HOME=`cygpath --unix "$JAVA_HOME"`
+  [ -n "$CLASSPATH" ] &&
+    CLASSPATH=`cygpath --path --unix "$CLASSPATH"`
+fi
+
+# For Mingw, ensure paths are in UNIX format before anything is touched
+if $mingw ; then
+  [ -n "$M2_HOME" ] &&
+    M2_HOME="`(cd "$M2_HOME"; pwd)`"
+  [ -n "$JAVA_HOME" ] &&
+    JAVA_HOME="`(cd "$JAVA_HOME"; pwd)`"
+fi
+
+if [ -z "$JAVA_HOME" ]; then
+  javaExecutable="`which javac`"
+  if [ -n "$javaExecutable" ] && ! [ "`expr \"$javaExecutable\" : '\([^ ]*\)'`" = "no" ]; then
+    # readlink(1) is not available as standard on Solaris 10.
+    readLink=`which readlink`
+    if [ ! `expr "$readLink" : '\([^ ]*\)'` = "no" ]; then
+      if $darwin ; then
+        javaHome="`dirname \"$javaExecutable\"`"
+        javaExecutable="`cd \"$javaHome\" && pwd -P`/javac"
+      else
+        javaExecutable="`readlink -f \"$javaExecutable\"`"
+      fi
+      javaHome="`dirname \"$javaExecutable\"`"
+      javaHome=`expr "$javaHome" : '\(.*\)/bin'`
+      JAVA_HOME="$javaHome"
+      export JAVA_HOME
+    fi
+  fi
+fi
+
+if [ -z "$JAVACMD" ] ; then
+  if [ -n "$JAVA_HOME"  ] ; then
+    if [ -x "$JAVA_HOME/jre/sh/java" ] ; then
+      # IBM's JDK on AIX uses strange locations for the executables
+      JAVACMD="$JAVA_HOME/jre/sh/java"
+    else
+      JAVACMD="$JAVA_HOME/bin/java"
+    fi
+  else
+    JAVACMD="`\\unset -f command; \\command -v java`"
+  fi
+fi
+
+if [ ! -x "$JAVACMD" ] ; then
+  echo "Error: JAVA_HOME is not defined correctly." >&2
+  echo "  We cannot execute $JAVACMD" >&2
+  exit 1
+fi
+
+if [ -z "$JAVA_HOME" ] ; then
+  echo "Warning: JAVA_HOME environment variable is not set."
+fi
+
+CLASSWORLDS_LAUNCHER=org.codehaus.plexus.classworlds.launcher.Launcher
+
+# traverses directory structure from process work directory to filesystem root
+# first directory with .mvn subdirectory is considered project base directory
+find_maven_basedir() {
+
+  if [ -z "$1" ]
+  then
+    echo "Path not specified to find_maven_basedir"
+    return 1
+  fi
+
+  basedir="$1"
+  wdir="$1"
+  while [ "$wdir" != '/' ] ; do
+    if [ -d "$wdir"/.mvn ] ; then
+      basedir=$wdir
+      break
+    fi
+    # workaround for JBEAP-8937 (on Solaris 10/Sparc)
+    if [ -d "${wdir}" ]; then
+      wdir=`cd "$wdir/.."; pwd`
+    fi
+    # end of workaround
+  done
+  echo "${basedir}"
+}
+
+# concatenates all lines of a file
+concat_lines() {
+  if [ -f "$1" ]; then
+    echo "$(tr -s '\n' ' ' < "$1")"
+  fi
+}
+
+BASE_DIR=`find_maven_basedir "$(pwd)"`
+if [ -z "$BASE_DIR" ]; then
+  exit 1;
+fi
+
+##########################################################################################
+# Extension to allow automatically downloading the maven-wrapper.jar from Maven-central
+# This allows using the maven wrapper in projects that prohibit checking in binary data.
+##########################################################################################
+if [ -r "$BASE_DIR/.mvn/wrapper/maven-wrapper.jar" ]; then
+    if [ "$MVNW_VERBOSE" = true ]; then
+      echo "Found .mvn/wrapper/maven-wrapper.jar"
+    fi
+else
+    if [ "$MVNW_VERBOSE" = true ]; then
+      echo "Couldn't find .mvn/wrapper/maven-wrapper.jar, downloading it ..."
+    fi
+    if [ -n "$MVNW_REPOURL" ]; then
+      jarUrl="$MVNW_REPOURL/org/apache/maven/wrapper/maven-wrapper/3.1.0/maven-wrapper-3.1.0.jar"
+    else
+      jarUrl="https://repo.maven.apache.org/maven2/org/apache/maven/wrapper/maven-wrapper/3.1.0/maven-wrapper-3.1.0.jar"
+    fi
+    while IFS="=" read key value; do
+      case "$key" in (wrapperUrl) jarUrl="$value"; break ;;
+      esac
+    done < "$BASE_DIR/.mvn/wrapper/maven-wrapper.properties"
+    if [ "$MVNW_VERBOSE" = true ]; then
+      echo "Downloading from: $jarUrl"
+    fi
+    wrapperJarPath="$BASE_DIR/.mvn/wrapper/maven-wrapper.jar"
+    if $cygwin; then
+      wrapperJarPath=`cygpath --path --windows "$wrapperJarPath"`
+    fi
+
+    if command -v wget > /dev/null; then
+        if [ "$MVNW_VERBOSE" = true ]; then
+          echo "Found wget ... using wget"
+        fi
+        if [ -z "$MVNW_USERNAME" ] || [ -z "$MVNW_PASSWORD" ]; then
+            wget "$jarUrl" -O "$wrapperJarPath" || rm -f "$wrapperJarPath"
+        else
+            wget --http-user=$MVNW_USERNAME --http-password=$MVNW_PASSWORD "$jarUrl" -O "$wrapperJarPath" || rm -f "$wrapperJarPath"
+        fi
+    elif command -v curl > /dev/null; then
+        if [ "$MVNW_VERBOSE" = true ]; then
+          echo "Found curl ... using curl"
+        fi
+        if [ -z "$MVNW_USERNAME" ] || [ -z "$MVNW_PASSWORD" ]; then
+            curl -o "$wrapperJarPath" "$jarUrl" -f
+        else
+            curl --user $MVNW_USERNAME:$MVNW_PASSWORD -o "$wrapperJarPath" "$jarUrl" -f
+        fi
+
+    else
+        if [ "$MVNW_VERBOSE" = true ]; then
+          echo "Falling back to using Java to download"
+        fi
+        javaClass="$BASE_DIR/.mvn/wrapper/MavenWrapperDownloader.java"
+        # For Cygwin, switch paths to Windows format before running javac
+        if $cygwin; then
+          javaClass=`cygpath --path --windows "$javaClass"`
+        fi
+        if [ -e "$javaClass" ]; then
+            if [ ! -e "$BASE_DIR/.mvn/wrapper/MavenWrapperDownloader.class" ]; then
+                if [ "$MVNW_VERBOSE" = true ]; then
+                  echo " - Compiling MavenWrapperDownloader.java ..."
+                fi
+                # Compiling the Java class
+                ("$JAVA_HOME/bin/javac" "$javaClass")
+            fi
+            if [ -e "$BASE_DIR/.mvn/wrapper/MavenWrapperDownloader.class" ]; then
+                # Running the downloader
+                if [ "$MVNW_VERBOSE" = true ]; then
+                  echo " - Running MavenWrapperDownloader.java ..."
+                fi
+                ("$JAVA_HOME/bin/java" -cp .mvn/wrapper MavenWrapperDownloader "$MAVEN_PROJECTBASEDIR")
+            fi
+        fi
+    fi
+fi
+##########################################################################################
+# End of extension
+##########################################################################################
+
+export MAVEN_PROJECTBASEDIR=${MAVEN_BASEDIR:-"$BASE_DIR"}
+if [ "$MVNW_VERBOSE" = true ]; then
+  echo $MAVEN_PROJECTBASEDIR
+fi
+MAVEN_OPTS="$(concat_lines "$MAVEN_PROJECTBASEDIR/.mvn/jvm.config") $MAVEN_OPTS"
+
+# For Cygwin, switch paths to Windows format before running java
+if $cygwin; then
+  [ -n "$M2_HOME" ] &&
+    M2_HOME=`cygpath --path --windows "$M2_HOME"`
+  [ -n "$JAVA_HOME" ] &&
+    JAVA_HOME=`cygpath --path --windows "$JAVA_HOME"`
+  [ -n "$CLASSPATH" ] &&
+    CLASSPATH=`cygpath --path --windows "$CLASSPATH"`
+  [ -n "$MAVEN_PROJECTBASEDIR" ] &&
+    MAVEN_PROJECTBASEDIR=`cygpath --path --windows "$MAVEN_PROJECTBASEDIR"`
+fi
+
+# Provide a "standardized" way to retrieve the CLI args that will
+# work with both Windows and non-Windows executions.
+MAVEN_CMD_LINE_ARGS="$MAVEN_CONFIG $@"
+export MAVEN_CMD_LINE_ARGS
+
+WRAPPER_LAUNCHER=org.apache.maven.wrapper.MavenWrapperMain
+
+exec "$JAVACMD" \
+  $MAVEN_OPTS \
+  $MAVEN_DEBUG_OPTS \
+  -classpath "$MAVEN_PROJECTBASEDIR/.mvn/wrapper/maven-wrapper.jar" \
+  "-Dmaven.home=${M2_HOME}" \
+  "-Dmaven.multiModuleProjectDirectory=${MAVEN_PROJECTBASEDIR}" \
+  ${WRAPPER_LAUNCHER} $MAVEN_CONFIG "$@"
diff --git a/haobang-security-xdr/syslog-serve/mvnw.cmd b/haobang-security-xdr/syslog-serve/mvnw.cmd
new file mode 100644
index 0000000..1d8ab01
--- /dev/null
+++ b/haobang-security-xdr/syslog-serve/mvnw.cmd
@@ -0,0 +1,188 @@
+@REM ----------------------------------------------------------------------------
+@REM Licensed to the Apache Software Foundation (ASF) under one
+@REM or more contributor license agreements.  See the NOTICE file
+@REM distributed with this work for additional information
+@REM regarding copyright ownership.  The ASF licenses this file
+@REM to you under the Apache License, Version 2.0 (the
+@REM "License"); you may not use this file except in compliance
+@REM with the License.  You may obtain a copy of the License at
+@REM
+@REM    https://www.apache.org/licenses/LICENSE-2.0
+@REM
+@REM Unless required by applicable law or agreed to in writing,
+@REM software distributed under the License is distributed on an
+@REM "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+@REM KIND, either express or implied.  See the License for the
+@REM specific language governing permissions and limitations
+@REM under the License.
+@REM ----------------------------------------------------------------------------
+
+@REM ----------------------------------------------------------------------------
+@REM Maven Start Up Batch script
+@REM
+@REM Required ENV vars:
+@REM JAVA_HOME - location of a JDK home dir
+@REM
+@REM Optional ENV vars
+@REM M2_HOME - location of maven2's installed home dir
+@REM MAVEN_BATCH_ECHO - set to 'on' to enable the echoing of the batch commands
+@REM MAVEN_BATCH_PAUSE - set to 'on' to wait for a keystroke before ending
+@REM MAVEN_OPTS - parameters passed to the Java VM when running Maven
+@REM     e.g. to debug Maven itself, use
+@REM set MAVEN_OPTS=-Xdebug -Xrunjdwp:transport=dt_socket,server=y,suspend=y,address=8000
+@REM MAVEN_SKIP_RC - flag to disable loading of mavenrc files
+@REM ----------------------------------------------------------------------------
+
+@REM Begin all REM lines with '@' in case MAVEN_BATCH_ECHO is 'on'
+@echo off
+@REM set title of command window
+title %0
+@REM enable echoing by setting MAVEN_BATCH_ECHO to 'on'
+@if "%MAVEN_BATCH_ECHO%" == "on"  echo %MAVEN_BATCH_ECHO%
+
+@REM set %HOME% to equivalent of $HOME
+if "%HOME%" == "" (set "HOME=%HOMEDRIVE%%HOMEPATH%")
+
+@REM Execute a user defined script before this one
+if not "%MAVEN_SKIP_RC%" == "" goto skipRcPre
+@REM check for pre script, once with legacy .bat ending and once with .cmd ending
+if exist "%USERPROFILE%\mavenrc_pre.bat" call "%USERPROFILE%\mavenrc_pre.bat" %*
+if exist "%USERPROFILE%\mavenrc_pre.cmd" call "%USERPROFILE%\mavenrc_pre.cmd" %*
+:skipRcPre
+
+@setlocal
+
+set ERROR_CODE=0
+
+@REM To isolate internal variables from possible post scripts, we use another setlocal
+@setlocal
+
+@REM ==== START VALIDATION ====
+if not "%JAVA_HOME%" == "" goto OkJHome
+
+echo.
+echo Error: JAVA_HOME not found in your environment. >&2
+echo Please set the JAVA_HOME variable in your environment to match the >&2
+echo location of your Java installation. >&2
+echo.
+goto error
+
+:OkJHome
+if exist "%JAVA_HOME%\bin\java.exe" goto init
+
+echo.
+echo Error: JAVA_HOME is set to an invalid directory. >&2
+echo JAVA_HOME = "%JAVA_HOME%" >&2
+echo Please set the JAVA_HOME variable in your environment to match the >&2
+echo location of your Java installation. >&2
+echo.
+goto error
+
+@REM ==== END VALIDATION ====
+
+:init
+
+@REM Find the project base dir, i.e. the directory that contains the folder ".mvn".
+@REM Fallback to current working directory if not found.
+
+set MAVEN_PROJECTBASEDIR=%MAVEN_BASEDIR%
+IF NOT "%MAVEN_PROJECTBASEDIR%"=="" goto endDetectBaseDir
+
+set EXEC_DIR=%CD%
+set WDIR=%EXEC_DIR%
+:findBaseDir
+IF EXIST "%WDIR%"\.mvn goto baseDirFound
+cd ..
+IF "%WDIR%"=="%CD%" goto baseDirNotFound
+set WDIR=%CD%
+goto findBaseDir
+
+:baseDirFound
+set MAVEN_PROJECTBASEDIR=%WDIR%
+cd "%EXEC_DIR%"
+goto endDetectBaseDir
+
+:baseDirNotFound
+set MAVEN_PROJECTBASEDIR=%EXEC_DIR%
+cd "%EXEC_DIR%"
+
+:endDetectBaseDir
+
+IF NOT EXIST "%MAVEN_PROJECTBASEDIR%\.mvn\jvm.config" goto endReadAdditionalConfig
+
+@setlocal EnableExtensions EnableDelayedExpansion
+for /F "usebackq delims=" %%a in ("%MAVEN_PROJECTBASEDIR%\.mvn\jvm.config") do set JVM_CONFIG_MAVEN_PROPS=!JVM_CONFIG_MAVEN_PROPS! %%a
+@endlocal & set JVM_CONFIG_MAVEN_PROPS=%JVM_CONFIG_MAVEN_PROPS%
+
+:endReadAdditionalConfig
+
+SET MAVEN_JAVA_EXE="%JAVA_HOME%\bin\java.exe"
+set WRAPPER_JAR="%MAVEN_PROJECTBASEDIR%\.mvn\wrapper\maven-wrapper.jar"
+set WRAPPER_LAUNCHER=org.apache.maven.wrapper.MavenWrapperMain
+
+set DOWNLOAD_URL="https://repo.maven.apache.org/maven2/org/apache/maven/wrapper/maven-wrapper/3.1.0/maven-wrapper-3.1.0.jar"
+
+FOR /F "usebackq tokens=1,2 delims==" %%A IN ("%MAVEN_PROJECTBASEDIR%\.mvn\wrapper\maven-wrapper.properties") DO (
+    IF "%%A"=="wrapperUrl" SET DOWNLOAD_URL=%%B
+)
+
+@REM Extension to allow automatically downloading the maven-wrapper.jar from Maven-central
+@REM This allows using the maven wrapper in projects that prohibit checking in binary data.
+if exist %WRAPPER_JAR% (
+    if "%MVNW_VERBOSE%" == "true" (
+        echo Found %WRAPPER_JAR%
+    )
+) else (
+    if not "%MVNW_REPOURL%" == "" (
+        SET DOWNLOAD_URL="%MVNW_REPOURL%/org/apache/maven/wrapper/maven-wrapper/3.1.0/maven-wrapper-3.1.0.jar"
+    )
+    if "%MVNW_VERBOSE%" == "true" (
+        echo Couldn't find %WRAPPER_JAR%, downloading it ...
+        echo Downloading from: %DOWNLOAD_URL%
+    )
+
+    powershell -Command "&{"^
+		"$webclient = new-object System.Net.WebClient;"^
+		"if (-not ([string]::IsNullOrEmpty('%MVNW_USERNAME%') -and [string]::IsNullOrEmpty('%MVNW_PASSWORD%'))) {"^
+		"$webclient.Credentials = new-object System.Net.NetworkCredential('%MVNW_USERNAME%', '%MVNW_PASSWORD%');"^
+		"}"^
+		"[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12; $webclient.DownloadFile('%DOWNLOAD_URL%', '%WRAPPER_JAR%')"^
+		"}"
+    if "%MVNW_VERBOSE%" == "true" (
+        echo Finished downloading %WRAPPER_JAR%
+    )
+)
+@REM End of extension
+
+@REM Provide a "standardized" way to retrieve the CLI args that will
+@REM work with both Windows and non-Windows executions.
+set MAVEN_CMD_LINE_ARGS=%*
+
+%MAVEN_JAVA_EXE% ^
+  %JVM_CONFIG_MAVEN_PROPS% ^
+  %MAVEN_OPTS% ^
+  %MAVEN_DEBUG_OPTS% ^
+  -classpath %WRAPPER_JAR% ^
+  "-Dmaven.multiModuleProjectDirectory=%MAVEN_PROJECTBASEDIR%" ^
+  %WRAPPER_LAUNCHER% %MAVEN_CONFIG% %*
+if ERRORLEVEL 1 goto error
+goto end
+
+:error
+set ERROR_CODE=1
+
+:end
+@endlocal & set ERROR_CODE=%ERROR_CODE%
+
+if not "%MAVEN_SKIP_RC%"=="" goto skipRcPost
+@REM check for post script, once with legacy .bat ending and once with .cmd ending
+if exist "%USERPROFILE%\mavenrc_post.bat" call "%USERPROFILE%\mavenrc_post.bat"
+if exist "%USERPROFILE%\mavenrc_post.cmd" call "%USERPROFILE%\mavenrc_post.cmd"
+:skipRcPost
+
+@REM pause the script if MAVEN_BATCH_PAUSE is set to 'on'
+if "%MAVEN_BATCH_PAUSE%"=="on" pause
+
+if "%MAVEN_TERMINATE_CMD%"=="on" exit %ERROR_CODE%
+
+cmd /C exit /B %ERROR_CODE%
diff --git a/haobang-security-xdr/syslog-serve/pom.xml b/haobang-security-xdr/syslog-serve/pom.xml
new file mode 100644
index 0000000..7467e0e
--- /dev/null
+++ b/haobang-security-xdr/syslog-serve/pom.xml
@@ -0,0 +1,200 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+         xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 https://maven.apache.org/xsd/maven-4.0.0.xsd">
+    <modelVersion>4.0.0</modelVersion>
+    <parent>
+        <artifactId>security-xdr</artifactId>
+        <groupId>com.haobang</groupId>
+        <version>1.0.0</version>
+    </parent>
+    <groupId>com.haobang</groupId>
+    <artifactId>syslog-serve</artifactId>
+    <version>1.0.0</version>
+    <name>syslog-serve</name>
+    <description>hb-security-xdr  project for Spring Boot</description>
+    <properties>
+        <java.version>1.8</java.version>
+        <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
+        <netty.version>4.1.92.Final</netty.version>
+        <slf4j.version>1.7.36</slf4j.version>
+        <mybatis.version>3.5.10</mybatis.version>
+        <postgresql.version>42.5.4</postgresql.version>
+        <pagehelper.version>1.4.6</pagehelper.version>
+    </properties>
+    <dependencies>
+
+        <dependency>
+            <groupId>org.springframework.boot</groupId>
+            <artifactId>spring-boot-starter</artifactId>
+        </dependency>
+
+        <dependency>
+            <groupId>org.springframework.boot</groupId>
+            <artifactId>spring-boot-starter-web</artifactId>
+        </dependency>
+
+        <dependency>
+            <groupId>org.graylog2</groupId>
+            <artifactId>syslog4j</artifactId>
+            <version>0.9.61</version>
+        </dependency>
+
+
+        <!-- https://mvnrepository.com/artifact/com.alibaba.fastjson2/fastjson2 -->
+        <dependency>
+            <groupId>com.alibaba.fastjson2</groupId>
+            <artifactId>fastjson2</artifactId>
+            <version>2.0.40</version>
+        </dependency>
+
+        <dependency>
+            <groupId>cn.hutool</groupId>
+            <artifactId>hutool-all</artifactId>
+            <version>5.8.16</version>
+        </dependency>
+        <dependency>
+            <groupId>org.apache.kafka</groupId>
+            <artifactId>kafka-clients</artifactId>
+            <version>3.4.0</version>
+        </dependency>
+
+
+
+        <!-- Netty 核心库 -->
+        <dependency>
+            <groupId>io.netty</groupId>
+            <artifactId>netty-all</artifactId>
+            <version>4.1.92.Final</version>
+        </dependency>
+
+        <!-- 日志框架 -->
+        <dependency>
+            <groupId>org.slf4j</groupId>
+            <artifactId>slf4j-api</artifactId>
+            <version>${slf4j.version}</version>
+        </dependency>
+
+        <dependency>
+            <groupId>org.slf4j</groupId>
+            <artifactId>slf4j-simple</artifactId>
+            <version>2.0.7</version>
+        </dependency>
+
+        <dependency>
+            <groupId>org.springframework.boot</groupId>
+            <artifactId>spring-boot-starter</artifactId>
+        </dependency>
+        <dependency>
+            <groupId>com.typesafe</groupId>
+            <artifactId>config</artifactId>
+            <version>1.4.2</version>
+        </dependency>
+
+
+        <!-- json 框架 -->
+        <dependency>
+            <groupId>com.fasterxml.jackson.core</groupId>
+            <artifactId>jackson-core</artifactId>
+            <version>2.13.3</version>
+        </dependency>
+        <dependency>
+            <groupId>com.fasterxml.jackson.core</groupId>
+            <artifactId>jackson-annotations</artifactId>
+            <version>2.13.3</version>
+        </dependency>
+        <dependency>
+            <groupId>com.fasterxml.jackson.core</groupId>
+            <artifactId>jackson-databind</artifactId>
+            <version>2.13.3</version>
+        </dependency>
+        <!-- Logback Classic (包含了Logback核心和SLF4J的绑定) -->
+        <dependency>
+            <groupId>ch.qos.logback</groupId>
+            <artifactId>logback-classic</artifactId>
+            <version>1.2.11</version>
+        </dependency>
+
+
+        <!-- MyBatis核心库 -->
+        <dependency>
+            <groupId>org.mybatis</groupId>
+            <artifactId>mybatis</artifactId>
+            <version>${mybatis.version}</version>
+        </dependency>
+
+        <!-- PostgreSQL驱动 -->
+        <dependency>
+            <groupId>org.postgresql</groupId>
+            <artifactId>postgresql</artifactId>
+            <version>${postgresql.version}</version>
+        </dependency>
+
+        <dependency>
+            <groupId>com.fasterxml.jackson.core</groupId>
+            <artifactId>jackson-databind</artifactId>
+            <version>2.13.3</version>
+        </dependency>
+
+
+        <dependency>
+            <groupId>org.mybatis.spring.boot</groupId>
+            <artifactId>mybatis-spring-boot-starter</artifactId>
+            <version>2.3.1</version>
+        </dependency>
+
+        <!-- Spring Boot 缓存 -->
+        <dependency>
+            <groupId>org.springframework.boot</groupId>
+            <artifactId>spring-boot-starter-cache</artifactId>
+        </dependency>
+
+        <!-- Redis 缓存实现 -->
+        <dependency>
+            <groupId>org.springframework.boot</groupId>
+            <artifactId>spring-boot-starter-data-redis</artifactId>
+        </dependency>
+
+        <dependency>
+            <groupId>com.fasterxml.jackson.datatype</groupId>
+            <artifactId>jackson-datatype-jsr310</artifactId>
+        </dependency>
+
+
+        <!-- Lombok (可选，简化代码) -->
+        <dependency>
+            <groupId>org.projectlombok</groupId>
+            <artifactId>lombok</artifactId>
+            <optional>true</optional>
+        </dependency>
+
+        <!-- Validation -->
+        <dependency>
+            <groupId>org.springframework.boot</groupId>
+            <artifactId>spring-boot-starter-validation</artifactId>
+        </dependency>
+
+        <!-- PageHelper分页插件 -->
+        <dependency>
+            <groupId>com.github.pagehelper</groupId>
+            <artifactId>pagehelper-spring-boot-starter</artifactId>
+            <version>${pagehelper.version}</version>
+        </dependency>
+
+    </dependencies>
+
+    <build>
+        <plugins>
+            <plugin>
+                <groupId>org.springframework.boot</groupId>
+                <artifactId>spring-boot-maven-plugin</artifactId>
+            </plugin>
+        </plugins>
+        <resources>
+            <resource>
+                <directory>src/main/resources</directory>
+                <filtering>false</filtering>
+            </resource>
+        </resources>
+    </build>
+
+</project>
diff --git a/haobang-security-xdr/syslog-serve/src/main/java/com/Modules/Device/DeviceProcess.java b/haobang-security-xdr/syslog-serve/src/main/java/com/Modules/Device/DeviceProcess.java
new file mode 100644
index 0000000..c07f90f
--- /dev/null
+++ b/haobang-security-xdr/syslog-serve/src/main/java/com/Modules/Device/DeviceProcess.java
@@ -0,0 +1,162 @@
+package com.Modules.Device;
+
+
+import com.common.entity.DeviceDevice;
+import com.haobang.config.AppConfig;
+import com.kafka.kafkaProducer;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.springframework.beans.factory.annotation.Autowired;
+import com.common.service.DeviceDeviceService;
+import com.common.service.DeviceUnknownService;
+import com.common.service.DeviceCollectTaskService;
+import com.haobang.util.SpringContextUtil;
+
+import java.time.format.DateTimeFormatter;
+import java.util.List;
+import com.common.entity.DeviceUnknown;
+import com.common.entity.DeviceCollectTask;
+import org.springframework.stereotype.Service;
+import java.time.LocalDateTime;
+import com.common.service.DeviceReceiveLogService;
+import com.common.entity.DeviceReceiveLog;
+
+import org.springframework.cache.CacheManager;
+
+public class DeviceProcess {
+
+    private static final Logger logger = LoggerFactory.getLogger(DeviceProcess.class);
+
+    @Autowired
+    public static DeviceDeviceService  deviceDeviceService =SpringContextUtil.getBean(DeviceDeviceService.class);
+    @Autowired
+    public static DeviceUnknownService  deviceUnknownService =SpringContextUtil.getBean(DeviceUnknownService.class);
+    @Autowired
+    public static DeviceCollectTaskService  deviceCollectTaskService =SpringContextUtil.getBean(DeviceCollectTaskService.class);
+
+    @Autowired
+    public static DeviceReceiveLogService  deviceReceiveLogService =SpringContextUtil.getBean(DeviceReceiveLogService.class);
+
+
+    @Autowired
+    private DeviceDevice deviceDevice  ;
+    @Autowired
+    private  DeviceReceiveLog devicelog;
+    private String sourceIP;
+
+    public  DeviceProcess(String source_ip) {
+        sourceIP=source_ip;
+        List<DeviceDevice> deviceList = deviceDeviceService.getByIpSafely(source_ip);
+        if (deviceList.size() >0)
+        {
+            deviceDevice= deviceList.get(0);
+        }
+    }
+    public DeviceDevice  getDeviceDevice()
+    {
+        if(deviceDevice!=null)  return this.deviceDevice;
+        return null;
+    }
+
+    public DeviceReceiveLog  getDeviceReceiveLog()
+    {
+        if(devicelog!=null)  return this.devicelog;
+        return null;
+    }
+    public  int getDeviceID(String source_ip)
+    {
+        //默认deviceId =-1
+        int  deviceId=-1 ;
+        List<DeviceDevice>  deviceList=  deviceDeviceService.getByIpSafely(source_ip);
+        if(deviceList.isEmpty()) {
+            logger.error("设备请求的Host IP非系统注册，请联系管理员添加设备信息！");
+            return deviceId;
+        }
+        if(deviceList.size()>1)
+        {
+            logger.error("设备请求的Host IP注册超过一条记录，请联系管理员处理！");
+            return deviceId;
+        }
+        return   deviceList.get(0).getId();
+    }
+
+    public   boolean IsBelongDeviceCollectTask( )
+    {
+        //当前判断是否归属
+        if(deviceDevice!=null )
+        {
+            int deviceCollectId =AppConfig.getDeviceCollectId();
+            if(deviceDevice.getDeviceCollectId()!=deviceCollectId)
+            {
+                logger.error("设备请求的Host IP不属于当前采集探针任务,请联系管理员核实！");
+                return false;
+            }
+        }
+        return true;
+    }
+    public boolean saveDeviceUnknow(String networkProtocol)
+    {
+        DeviceUnknown deviceUnknown =new DeviceUnknown() ;
+        List<DeviceUnknown> deviceList =deviceUnknownService.getDevicesByIp(this.sourceIP);
+        // 获取当前时间
+        LocalDateTime currentTime = LocalDateTime.now();
+        try
+        {
+            //已有deviceUnknow记录则更新最后发现时间
+            if(deviceList.size()>0)
+            {
+                deviceUnknownService.updateLastTime( deviceList.get(0).getId(),currentTime );
+                System.out.println("更新未知设备的最后发现时间,IP:"+this.sourceIP);
+            }
+            else {
+                //创建未知设备记录
+                DeviceCollectTask   deviceCollectTask= deviceCollectTaskService.getById(AppConfig.getDeviceCollectId());
+                deviceUnknown.setDeviceCollectId( AppConfig.getDeviceCollectId());
+                deviceUnknown.setDeviceIp( this.sourceIP);
+                deviceUnknown.setFirstTime(currentTime);
+                if(deviceCollectTask!=null)   deviceUnknown.setDeviceCollectName(deviceCollectTask.getTaskName());
+                deviceUnknown.setNetworkProtocol( networkProtocol );
+                deviceUnknown.setOrganizationId(0);
+                deviceUnknownService.createDevice(deviceUnknown);
+                logger.info("请求的Host IP :{}为未知，已创建记录 ",this.sourceIP);
+            }
+        }
+        catch(Exception e) {
+            logger.error("saveDeviceUnknow exception", e);
+        }
+
+
+        return true;
+    }
+
+
+    public boolean saveDeviceReceiveLog(String syslog ,boolean isSuccess ) {
+
+        // 获取当前时间
+        LocalDateTime now = LocalDateTime.now();
+        // 定义格式化器，包含毫秒
+        DateTimeFormatter formatter = DateTimeFormatter.ofPattern("yyyyMMddHHmmssSSS");
+        // 转换为字符串
+        String timeString = now.format(formatter);
+
+        try {
+            // 创建设备接收日志对象
+            devicelog= DeviceReceiveLog.builder()
+                    .deviceId(deviceDevice.getId())
+                    .deviceCollectId(AppConfig.getDeviceCollectId())
+                    .deviceIp(deviceDevice.getIp())
+                    .receiveTime(now)
+                    .receiveTimeStr(timeString)
+                    .syslogMessage(syslog)
+                    .pushSuccess(isSuccess)
+                    .build();
+            deviceReceiveLogService.insertLog(devicelog);
+        } catch (Exception e) {
+            logger.error("saveDeviceReceiveLog exception", e);
+            return false;
+        }
+        return true;
+    }
+
+
+}
diff --git a/haobang-security-xdr/syslog-serve/src/main/java/com/Modules/DeviceCollect/DeviceCollectProcess.java b/haobang-security-xdr/syslog-serve/src/main/java/com/Modules/DeviceCollect/DeviceCollectProcess.java
new file mode 100644
index 0000000..3ba2fa4
--- /dev/null
+++ b/haobang-security-xdr/syslog-serve/src/main/java/com/Modules/DeviceCollect/DeviceCollectProcess.java
@@ -0,0 +1,4 @@
+package com.Modules.DeviceCollect;
+
+public class DeviceCollectProcess {
+}
diff --git a/haobang-security-xdr/syslog-serve/src/main/java/com/SyslogServeMainApp.java b/haobang-security-xdr/syslog-serve/src/main/java/com/SyslogServeMainApp.java
new file mode 100644
index 0000000..503886e
--- /dev/null
+++ b/haobang-security-xdr/syslog-serve/src/main/java/com/SyslogServeMainApp.java
@@ -0,0 +1,39 @@
+package com;
+import com.haobang.config.SyslogConfig;
+import com.kafka.kafkaProducer;
+import org.mybatis.spring.annotation.MapperScan;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.boot.SpringApplication;
+import org.springframework.boot.autoconfigure.SpringBootApplication;
+import com.netty.SyslogServer;
+import  com.haobang.config.AppConfig;
+import org.springframework.cache.annotation.EnableCaching;
+import org.springframework.context.annotation.Configuration;
+import com.netty.SyslogServerBoth;
+
+@MapperScan("com.common.mapper")
+@SpringBootApplication
+public class SyslogServeMainApp {
+
+    private static final Logger logger = LoggerFactory.getLogger(SyslogServeMainApp.class);
+
+    public static void main(String[] args) {
+        SpringApplication.run(SyslogServeMainApp.class, args);
+        try {
+            //System.out.println("syslogConfig TcpPort: "+  AppConfig.getSyslogTcpPort());
+            int tcpPort = args.length > 0 ? Integer.parseInt(args[0]) : AppConfig.getSyslogTcpPort() ;
+            int udpPort = args.length > 1 ? Integer.parseInt(args[1]) : AppConfig.getSyslogUdpPort();
+            //SyslogServer server = new SyslogServer(tcpPort, udpPort);
+            SyslogServerBoth server = new SyslogServerBoth(tcpPort, udpPort);
+            logger.info("Application SyslogServer start !");
+            server.start();
+
+        }catch ( Exception ex)
+        {
+            System.out.println("Application Catch Error message: "+ex.getMessage());
+            logger.error("Application Catch Error message: "+ex.getMessage());
+        }
+    }
+}
diff --git a/haobang-security-xdr/syslog-serve/src/main/java/com/common/controller/CacheController.java b/haobang-security-xdr/syslog-serve/src/main/java/com/common/controller/CacheController.java
new file mode 100644
index 0000000..2d1d1fb
--- /dev/null
+++ b/haobang-security-xdr/syslog-serve/src/main/java/com/common/controller/CacheController.java
@@ -0,0 +1,22 @@
+package com.common.controller;
+import com.common.entity.DeviceDevice;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.web.bind.annotation.*;
+import org.springframework.data.redis.core.RedisTemplate;
+
+@RestController
+@RequestMapping("/api/cache")
+public class CacheController {
+
+    @Autowired
+    private RedisTemplate<String, Object> redisTemplate;
+
+    @GetMapping("/key/{key}")
+    public DeviceDevice getCacheValue(@PathVariable String key) {
+
+        // 这里先尝试作为字符串键获取
+        System.out.println("key:" +key);
+        //System.out.println(redisTemplate.opsForHash().entries(key).toString());
+        return (DeviceDevice) redisTemplate.opsForValue().get(key);
+    }
+}
\ No newline at end of file
diff --git a/haobang-security-xdr/syslog-serve/src/main/java/com/common/controller/DeviceCollectTaskController.java b/haobang-security-xdr/syslog-serve/src/main/java/com/common/controller/DeviceCollectTaskController.java
new file mode 100644
index 0000000..eaffb62
--- /dev/null
+++ b/haobang-security-xdr/syslog-serve/src/main/java/com/common/controller/DeviceCollectTaskController.java
@@ -0,0 +1,136 @@
+package com.common.controller;
+
+import com.common.entity.DeviceCollectTask;
+import com.common.service.DeviceCollectTaskService;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.http.ResponseEntity;
+import org.springframework.web.bind.annotation.*;
+import java.util.List;
+
+@RestController
+@RequestMapping("/api/collect-tasks")
+public class DeviceCollectTaskController {
+
+    @Autowired
+    private DeviceCollectTaskService deviceCollectTaskService;
+
+    /**
+     * 根据ID查询采集任务
+     */
+    @GetMapping("/{id}")
+    public ResponseEntity<DeviceCollectTask> getById(@PathVariable Integer id) {
+        DeviceCollectTask task = deviceCollectTaskService.getById(id);
+        return ResponseEntity.ok(task);
+    }
+
+    /**
+     * 查询所有采集任务
+     */
+    @GetMapping
+    public ResponseEntity<List<DeviceCollectTask>> getAll() {
+        List<DeviceCollectTask> tasks = deviceCollectTaskService.getAll();
+        return ResponseEntity.ok(tasks);
+    }
+
+    /**
+     * 根据设备ID查询采集任务
+     */
+    @GetMapping("/device/{deviceId}")
+    public ResponseEntity<List<DeviceCollectTask>> getByDeviceId(@PathVariable Integer deviceId) {
+        List<DeviceCollectTask> tasks = deviceCollectTaskService.getByDeviceId(deviceId);
+        return ResponseEntity.ok(tasks);
+    }
+
+    /**
+     * 多条件查询采集任务
+     */
+    @PostMapping("/search")
+    public ResponseEntity<List<DeviceCollectTask>> search(@RequestBody DeviceCollectTask condition) {
+        List<DeviceCollectTask> tasks = deviceCollectTaskService.getByCondition(condition);
+        return ResponseEntity.ok(tasks);
+    }
+
+    /**
+     * 新增采集任务
+     */
+    @PostMapping
+    public ResponseEntity<DeviceCollectTask> create(@RequestBody DeviceCollectTask task) {
+        deviceCollectTaskService.create(task);
+        return ResponseEntity.ok(task);
+    }
+
+    /**
+     * 更新采集任务
+     */
+    @PutMapping("/{id}")
+    public ResponseEntity<DeviceCollectTask> update(@PathVariable Integer id,
+                                                    @RequestBody DeviceCollectTask task) {
+        task.setId(id);
+        DeviceCollectTask updatedTask = deviceCollectTaskService.update(task);
+        return ResponseEntity.ok(updatedTask);
+    }
+
+    /**
+     * 删除采集任务
+     */
+    @DeleteMapping("/{id}")
+    public ResponseEntity<Void> delete(@PathVariable Integer id) {
+        deviceCollectTaskService.delete(id);
+        return ResponseEntity.noContent().build();
+    }
+
+    /**
+     * 标记任务成功
+     */
+    @PostMapping("/{id}/success")
+    public ResponseEntity<Void> markSuccess(@PathVariable Integer id) {
+        deviceCollectTaskService.markSuccess(id);
+        return ResponseEntity.ok().build();
+    }
+
+    /**
+     * 标记任务失败
+     */
+    @PostMapping("/{id}/failed")
+    public ResponseEntity<Void> markFailed(@PathVariable Integer id) {
+        deviceCollectTaskService.markFailed(id);
+        return ResponseEntity.ok().build();
+    }
+
+    /**
+     * 更新EPM指标
+     */
+    @PutMapping("/{id}/epm")
+    public ResponseEntity<Void> updateEpm(@PathVariable Integer id,
+                                          @RequestParam Integer epm) {
+        deviceCollectTaskService.updateEpm(id, epm);
+        return ResponseEntity.ok().build();
+    }
+
+    /**
+     * 查询成功的任务
+     */
+    @GetMapping("/success")
+    public ResponseEntity<List<DeviceCollectTask>> getSuccessTasks() {
+        List<DeviceCollectTask> tasks = deviceCollectTaskService.getSuccessTasks();
+        return ResponseEntity.ok(tasks);
+    }
+
+    /**
+     * 查询失败的任务
+     */
+    @GetMapping("/failed")
+    public ResponseEntity<List<DeviceCollectTask>> getFailedTasks() {
+        List<DeviceCollectTask> tasks = deviceCollectTaskService.getFailedTasks();
+        return ResponseEntity.ok(tasks);
+    }
+
+    /**
+     * 获取设备最新任务
+     */
+    @GetMapping("/device/{deviceId}/latest")
+    public ResponseEntity<DeviceCollectTask> getLatestByDeviceId(@PathVariable Integer deviceId) {
+        DeviceCollectTask task = deviceCollectTaskService.getLatestByDeviceId(deviceId);
+        return ResponseEntity.ok(task);
+    }
+}
\ No newline at end of file
diff --git a/haobang-security-xdr/syslog-serve/src/main/java/com/common/controller/DeviceDeviceController.java b/haobang-security-xdr/syslog-serve/src/main/java/com/common/controller/DeviceDeviceController.java
new file mode 100644
index 0000000..8601e9c
--- /dev/null
+++ b/haobang-security-xdr/syslog-serve/src/main/java/com/common/controller/DeviceDeviceController.java
@@ -0,0 +1,49 @@
+package com.common.controller;
+
+
+import com.common.entity.DeviceDevice;
+import com.common.service.DeviceDeviceService;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.web.bind.annotation.*;
+
+import java.util.List;
+
+@RestController
+@RequestMapping("/api/devices")
+public class DeviceDeviceController {
+
+    @Autowired
+    private DeviceDeviceService deviceDeviceService;
+
+    @GetMapping("/{id}")
+    public DeviceDevice getById(@PathVariable Integer id) {
+        System.out.println("device_id："+id.toString());
+        DeviceDevice deviceDevice=deviceDeviceService.getById(id);
+        System.out.println("deviceDeviceService："+deviceDevice.toString());
+        return deviceDeviceService.getById(id);
+    }
+
+    @GetMapping
+    public List<DeviceDevice> getAll() {
+        return deviceDeviceService.getAll();
+    }
+
+    @GetMapping("/search")
+    public List<DeviceDevice> searchByName(@RequestParam String name) {
+        return deviceDeviceService.getByNameLike(name);
+    }
+
+    @GetMapping("/ip/{ip}")
+    public List<DeviceDevice> getByIp(@PathVariable String ip) {
+
+        List<DeviceDevice> deviceDevicelist =deviceDeviceService.getByIpSafely(ip);
+        System.out.println("deviceDeviceService："+deviceDevicelist.get(0).toString());
+
+        return deviceDeviceService.getByIpSafely(ip);
+    }
+
+    @GetMapping("/monitoring")
+    public List<DeviceDevice> getMonitoringDevices() {
+        return deviceDeviceService.getMonitoringDevices();
+    }
+}
\ No newline at end of file
diff --git a/haobang-security-xdr/syslog-serve/src/main/java/com/common/controller/DeviceUnknownController.java b/haobang-security-xdr/syslog-serve/src/main/java/com/common/controller/DeviceUnknownController.java
new file mode 100644
index 0000000..afcbd36
--- /dev/null
+++ b/haobang-security-xdr/syslog-serve/src/main/java/com/common/controller/DeviceUnknownController.java
@@ -0,0 +1,135 @@
+package com.common.controller;
+
+
+import com.common.entity.DeviceUnknown;
+import com.common.service.DeviceUnknownService;
+import lombok.RequiredArgsConstructor;
+import org.springframework.http.ResponseEntity;
+import org.springframework.validation.annotation.Validated;
+import org.springframework.web.bind.annotation.*;
+
+import javax.validation.Valid;
+import java.util.HashMap;
+import java.util.List;
+import java.util.Map;
+
+@RestController
+@RequestMapping("/api/device-unknown")
+@RequiredArgsConstructor
+@Validated
+public class DeviceUnknownController {
+
+    private final DeviceUnknownService deviceUnknownService;
+
+    /**
+     * 创建设备记录
+     */
+    @PostMapping
+    public ResponseEntity<Map<String, Object>> createDevice(@Valid @RequestBody DeviceUnknown device) {
+        Long id = deviceUnknownService.createDevice(device);
+        Map<String, Object> result = new HashMap<>();
+        result.put("success", true);
+        result.put("id", id);
+        result.put("message", "设备记录创建成功");
+        return ResponseEntity.ok(result);
+    }
+
+    /**
+     * 批量创建设备记录
+     */
+    @PostMapping("/batch")
+    public ResponseEntity<Map<String, Object>> batchCreateDevices(@Valid @RequestBody List<DeviceUnknown> devices) {
+        int count = deviceUnknownService.batchCreateDevices(devices);
+        Map<String, Object> result = new HashMap<>();
+        result.put("success", true);
+        result.put("count", count);
+        result.put("message", "批量创建设备记录成功");
+        return ResponseEntity.ok(result);
+    }
+
+    /**
+     * 根据ID获取设备信息
+     */
+    @GetMapping("/{id}")
+    public ResponseEntity<Map<String, Object>> getDeviceById(@PathVariable Long id) {
+        DeviceUnknown device = deviceUnknownService.getDeviceById(id);
+        Map<String, Object> result = new HashMap<>();
+        result.put("success", true);
+        result.put("data", device);
+        return ResponseEntity.ok(result);
+    }
+
+    /**
+     * 根据IP查询设备
+     */
+    @GetMapping("/ip/{deviceIp}")
+    public ResponseEntity<Map<String, Object>> getDevicesByIp(@PathVariable String deviceIp) {
+        List<DeviceUnknown> devices = deviceUnknownService.getDevicesByIp(deviceIp);
+        Map<String, Object> result = new HashMap<>();
+        result.put("success", true);
+        result.put("data", devices);
+        result.put("total", devices.size());
+        return ResponseEntity.ok(result);
+    }
+
+    /**
+     * 根据组织ID查询设备
+     */
+    @GetMapping("/organization/{organizationId}")
+    public ResponseEntity<Map<String, Object>> getDevicesByOrganizationId(@PathVariable Integer organizationId) {
+        List<DeviceUnknown> devices = deviceUnknownService.getDevicesByOrganizationId(organizationId);
+        Map<String, Object> result = new HashMap<>();
+        result.put("success", true);
+        result.put("data", devices);
+        result.put("total", devices.size());
+        return ResponseEntity.ok(result);
+    }
+
+    /**
+     * 分页查询设备
+     */
+    @GetMapping("/page")
+    public ResponseEntity<Map<String, Object>> getDevicesByPage(
+            @RequestParam(defaultValue = "1") int pageNum,
+            @RequestParam(defaultValue = "10") int pageSize) {
+        List<DeviceUnknown> devices = deviceUnknownService.getDevicesByPage(pageNum, pageSize);
+        long total = deviceUnknownService.getTotalCount();
+
+        Map<String, Object> result = new HashMap<>();
+        result.put("success", true);
+        result.put("data", devices);
+        result.put("pageNum", pageNum);
+        result.put("pageSize", pageSize);
+        result.put("total", total);
+        result.put("pages", (int) Math.ceil((double) total / pageSize));
+        return ResponseEntity.ok(result);
+    }
+
+    /**
+     * 更新设备信息
+     */
+    @PutMapping("/{id}")
+    public ResponseEntity<Map<String, Object>> updateDevice(
+            @PathVariable Long id,
+            @Valid @RequestBody DeviceUnknown device) {
+        device.setId(id);
+        boolean success = deviceUnknownService.updateDevice(device);
+
+        Map<String, Object> result = new HashMap<>();
+        result.put("success", success);
+        result.put("message", success ? "设备更新成功" : "设备更新失败");
+        return ResponseEntity.ok(result);
+    }
+
+    /**
+     * 删除设备
+     */
+    @DeleteMapping("/{id}")
+    public ResponseEntity<Map<String, Object>> deleteDevice(@PathVariable Long id) {
+        boolean success = deviceUnknownService.deleteDevice(id);
+        Map<String, Object> result = new HashMap<>();
+        result.put("success", success);
+        result.put("message", success ? "设备删除成功" : "设备删除失败");
+        return ResponseEntity.ok(result);
+    }
+}
diff --git a/haobang-security-xdr/syslog-serve/src/main/java/com/common/entity/DeviceCollectTask.java b/haobang-security-xdr/syslog-serve/src/main/java/com/common/entity/DeviceCollectTask.java
new file mode 100644
index 0000000..9d28b64
--- /dev/null
+++ b/haobang-security-xdr/syslog-serve/src/main/java/com/common/entity/DeviceCollectTask.java
@@ -0,0 +1,99 @@
+package com.common.entity;
+
+
+import java.time.OffsetDateTime;
+
+public class DeviceCollectTask {
+    private Integer id;
+    private OffsetDateTime createdAt;
+    private OffsetDateTime updatedAt;
+    private OffsetDateTime deletedAt;
+    private Integer deviceId;
+    private Integer method;
+    private String taskName;
+    private OffsetDateTime firstTime;
+    private OffsetDateTime lastSuccessTime;
+    private OffsetDateTime lastFailedTime;
+    private Integer detailId;
+    private Integer epm;
+    private Integer epmPeak;
+    private Integer processArchitecture;
+    private Integer taskCount;
+    private OffsetDateTime recentDiscoverTime;
+    private Integer epmUpperLimit;
+
+    // Getter and Setter 方法
+    public Integer getId() { return id; }
+    public void setId(Integer id) { this.id = id; }
+
+    public OffsetDateTime getCreatedAt() { return createdAt; }
+    public void setCreatedAt(OffsetDateTime createdAt) { this.createdAt = createdAt; }
+
+    public OffsetDateTime getUpdatedAt() { return updatedAt; }
+    public void setUpdatedAt(OffsetDateTime updatedAt) { this.updatedAt = updatedAt; }
+
+    public OffsetDateTime getDeletedAt() { return deletedAt; }
+    public void setDeletedAt(OffsetDateTime deletedAt) { this.deletedAt = deletedAt; }
+
+    public Integer getDeviceId() { return deviceId; }
+    public void setDeviceId(Integer deviceId) { this.deviceId = deviceId; }
+
+    public Integer getMethod() { return method; }
+    public void setMethod(Integer method) { this.method = method; }
+
+    public String getTaskName() { return taskName; }
+    public void setTaskName(String taskName) { this.taskName = taskName; }
+
+    public OffsetDateTime getFirstTime() { return firstTime; }
+    public void setFirstTime(OffsetDateTime firstTime) { this.firstTime = firstTime; }
+
+    public OffsetDateTime getLastSuccessTime() { return lastSuccessTime; }
+    public void setLastSuccessTime(OffsetDateTime lastSuccessTime) { this.lastSuccessTime = lastSuccessTime; }
+
+    public OffsetDateTime getLastFailedTime() { return lastFailedTime; }
+    public void setLastFailedTime(OffsetDateTime lastFailedTime) { this.lastFailedTime = lastFailedTime; }
+
+    public Integer getDetailId() { return detailId; }
+    public void setDetailId(Integer detailId) { this.detailId = detailId; }
+
+    public Integer getEpm() { return epm; }
+    public void setEpm(Integer epm) { this.epm = epm; }
+
+    public Integer getEpmPeak() { return epmPeak; }
+    public void setEpmPeak(Integer epmPeak) { this.epmPeak = epmPeak; }
+
+    public Integer getProcessArchitecture() { return processArchitecture; }
+    public void setProcessArchitecture(Integer processArchitecture) { this.processArchitecture = processArchitecture; }
+
+    public Integer getTaskCount() { return taskCount; }
+    public void setTaskCount(Integer taskCount) { this.taskCount = taskCount; }
+
+    public OffsetDateTime getRecentDiscoverTime() { return recentDiscoverTime; }
+    public void setRecentDiscoverTime(OffsetDateTime recentDiscoverTime) { this.recentDiscoverTime = recentDiscoverTime; }
+
+    public Integer getEpmUpperLimit() { return epmUpperLimit; }
+    public void setEpmUpperLimit(Integer epmUpperLimit) { this.epmUpperLimit = epmUpperLimit; }
+
+    @Override
+    public String toString() {
+        return "DeviceCollectTask{" +
+                "id=" + id +
+                ", createdAt=" + createdAt +
+                ", updatedAt=" + updatedAt +
+                ", deletedAt=" + deletedAt +
+                ", deviceId=" + deviceId +
+                ", method=" + method +
+                ", taskName='" + taskName + '\'' +
+                ", firstTime=" + firstTime +
+                ", lastSuccessTime=" + lastSuccessTime +
+                ", lastFailedTime=" + lastFailedTime +
+                ", detailId=" + detailId +
+                ", epm=" + epm +
+                ", epmPeak=" + epmPeak +
+                ", processArchitecture=" + processArchitecture +
+                ", taskCount=" + taskCount +
+                ", recentDiscoverTime=" + recentDiscoverTime +
+                ", epmUpperLimit=" + epmUpperLimit +
+                '}';
+    }
+}
\ No newline at end of file
diff --git a/haobang-security-xdr/syslog-serve/src/main/java/com/common/entity/DeviceDevice.java b/haobang-security-xdr/syslog-serve/src/main/java/com/common/entity/DeviceDevice.java
new file mode 100644
index 0000000..4025256
--- /dev/null
+++ b/haobang-security-xdr/syslog-serve/src/main/java/com/common/entity/DeviceDevice.java
@@ -0,0 +1,376 @@
+package com.common.entity;
+
+
+import java.time.LocalDateTime;
+import java.time.OffsetDateTime;
+public class DeviceDevice {
+    public Integer id;
+    public LocalDateTime  createdAt;
+    public LocalDateTime updatedAt;
+    public LocalDateTime deletedAt;
+    public String name;
+    public String ip;
+    public Integer deviceGroup;
+    public Integer deviceType;
+    public String vendor;
+    public String productName;
+    public Integer organizationId;
+    public LocalDateTime lastReceiveTime;
+    public Integer agentId;
+    public Integer detailId;
+    public Integer controlAgentId;
+    public LocalDateTime licenseStartTime;
+    public LocalDateTime licenseEndTime;
+    public Boolean isMonitoring;
+    public Long securityScopeId;
+    public Long ownerId;
+    public Long sshConfigId;
+    public Short status;
+    public Long createdById;
+    public Integer decodeType;
+    public Integer missPolicy;
+    public String tenantId;
+    public LocalDateTime createTime;
+    public LocalDateTime updateTime;
+    public Long createBy;
+    public Long updateBy;
+    public String delFlag;
+    public String managerName;
+    public Integer todayParseCount;
+    public Integer todayNonLogCount;
+    public Long createDept;
+    public Integer deviceCollectId;
+
+
+    // Getter and Setter methods
+    public Integer getId() {
+        return id;
+    }
+
+    public void setId(Integer id) {
+        this.id = id;
+    }
+
+    public LocalDateTime getCreatedAt() {
+        return createdAt;
+    }
+
+    public void setCreatedAt(LocalDateTime createdAt) {
+        this.createdAt = createdAt;
+    }
+
+    public LocalDateTime getUpdatedAt() {
+        return updatedAt;
+    }
+
+    public void setUpdatedAt(LocalDateTime updatedAt) {
+        this.updatedAt = updatedAt;
+    }
+
+    public LocalDateTime getDeletedAt() {
+        return deletedAt;
+    }
+
+    public void setDeletedAt(LocalDateTime deletedAt) {
+        this.deletedAt = deletedAt;
+    }
+
+    public String getName() {
+        return name;
+    }
+
+    public void setName(String name) {
+        this.name = name;
+    }
+
+    public String getIp() {
+        return ip;
+    }
+
+    public void setIp(String ip) {
+        this.ip = ip;
+    }
+
+    public Integer getDeviceGroup() {
+        return deviceGroup;
+    }
+
+    public void setDeviceGroup(Integer deviceGroup) {
+        this.deviceGroup = deviceGroup;
+    }
+
+    public Integer getDeviceType() {
+        return deviceType;
+    }
+
+    public void setDeviceType(Integer deviceType) {
+        this.deviceType = deviceType;
+    }
+
+    public String getVendor() {
+        return vendor;
+    }
+
+    public void setVendor(String vendor) {
+        this.vendor = vendor;
+    }
+
+    public String getProductName() {
+        return productName;
+    }
+
+    public void setProductName(String productName) {
+        this.productName = productName;
+    }
+
+    public Integer getOrganizationId() {
+        return organizationId;
+    }
+
+    public void setOrganizationId(Integer organizationId) {
+        this.organizationId = organizationId;
+    }
+
+    public LocalDateTime getLastReceiveTime() {
+        return lastReceiveTime;
+    }
+
+    public void setLastReceiveTime(LocalDateTime lastReceiveTime) {
+        this.lastReceiveTime = lastReceiveTime;
+    }
+
+    public Integer getAgentId() {
+        return agentId;
+    }
+
+    public void setAgentId(Integer agentId) {
+        this.agentId = agentId;
+    }
+
+    public Integer getDetailId() {
+        return detailId;
+    }
+
+    public void setDetailId(Integer detailId) {
+        this.detailId = detailId;
+    }
+
+    public Integer getControlAgentId() {
+        return controlAgentId;
+    }
+
+    public void setControlAgentId(Integer controlAgentId) {
+        this.controlAgentId = controlAgentId;
+    }
+
+    public LocalDateTime getLicenseStartTime() {
+        return licenseStartTime;
+    }
+
+    public void setLicenseStartTime(LocalDateTime licenseStartTime) {
+        this.licenseStartTime = licenseStartTime;
+    }
+
+    public LocalDateTime getLicenseEndTime() {
+        return licenseEndTime;
+    }
+
+    public void setLicenseEndTime(LocalDateTime licenseEndTime) {
+        this.licenseEndTime = licenseEndTime;
+    }
+
+    public Boolean getIsMonitoring() {
+        return isMonitoring;
+    }
+
+    public void setIsMonitoring(Boolean isMonitoring) {
+        this.isMonitoring = isMonitoring;
+    }
+
+    public Long getSecurityScopeId() {
+        return securityScopeId;
+    }
+
+    public void setSecurityScopeId(Long securityScopeId) {
+        this.securityScopeId = securityScopeId;
+    }
+
+    public Long getOwnerId() {
+        return ownerId;
+    }
+
+    public void setOwnerId(Long ownerId) {
+        this.ownerId = ownerId;
+    }
+
+    public Long getSshConfigId() {
+        return sshConfigId;
+    }
+
+    public void setSshConfigId(Long sshConfigId) {
+        this.sshConfigId = sshConfigId;
+    }
+
+    public Short getStatus() {
+        return status;
+    }
+
+    public void setStatus(Short status) {
+        this.status = status;
+    }
+
+    public Long getCreatedById() {
+        return createdById;
+    }
+
+    public void setCreatedById(Long createdById) {
+        this.createdById = createdById;
+    }
+
+    public Integer getDecodeType() {
+        return decodeType;
+    }
+
+    public void setDecodeType(Integer decodeType) {
+        this.decodeType = decodeType;
+    }
+
+    public Integer getMissPolicy() {
+        return missPolicy;
+    }
+
+    public void setMissPolicy(Integer missPolicy) {
+        this.missPolicy = missPolicy;
+    }
+
+    public String getTenantId() {
+        return tenantId;
+    }
+
+    public void setTenantId(String tenantId) {
+        this.tenantId = tenantId;
+    }
+
+    public LocalDateTime getCreateTime() {
+        return createTime;
+    }
+
+    public void setCreateTime(LocalDateTime createTime) {
+        this.createTime = createTime;
+    }
+
+    public LocalDateTime getUpdateTime() {
+        return updateTime;
+    }
+
+    public void setUpdateTime(LocalDateTime updateTime) {
+        this.updateTime = updateTime;
+    }
+
+    public Long getCreateBy() {
+        return createBy;
+    }
+
+    public void setCreateBy(Long createBy) {
+        this.createBy = createBy;
+    }
+
+    public Long getUpdateBy() {
+        return updateBy;
+    }
+
+    public void setUpdateBy(Long updateBy) {
+        this.updateBy = updateBy;
+    }
+
+    public String getDelFlag() {
+        return delFlag;
+    }
+
+    public void setDelFlag(String delFlag) {
+        this.delFlag = delFlag;
+    }
+
+    public String getManagerName() {
+        return managerName;
+    }
+
+    public void setManagerName(String managerName) {
+        this.managerName = managerName;
+    }
+
+    public Integer getTodayParseCount() {
+        return todayParseCount;
+    }
+
+    public void setTodayParseCount(Integer todayParseCount) {
+        this.todayParseCount = todayParseCount;
+    }
+
+    public Integer getTodayNonLogCount() {
+        return todayNonLogCount;
+    }
+
+    public void setTodayNonLogCount(Integer todayNonLogCount) {
+        this.todayNonLogCount = todayNonLogCount;
+    }
+
+    public Long getCreateDept() {
+        return createDept;
+    }
+
+    public void setCreateDept(Long createDept) {
+        this.createDept = createDept;
+    }
+
+    public Integer getDeviceCollectId() {
+        return deviceCollectId;
+    }
+
+    public void setDeviceCollectId(Integer deviceCollectId) {
+        this.deviceCollectId = deviceCollectId;
+    }
+
+    @Override
+    public String toString() {
+        return "DeviceDevice{" +
+                "id=" + id +
+                ", createdAt=" + createdAt +
+                ", updatedAt=" + updatedAt +
+                ", deletedAt=" + deletedAt +
+                ", name='" + name + '\'' +
+                ", ip='" + ip + '\'' +
+                ", deviceGroup=" + deviceGroup +
+                ", deviceType=" + deviceType +
+                ", vendor='" + vendor + '\'' +
+                ", productName='" + productName + '\'' +
+                ", organizationId=" + organizationId +
+                ", lastReceiveTime=" + lastReceiveTime +
+                ", agentId=" + agentId +
+                ", detailId=" + detailId +
+                ", controlAgentId=" + controlAgentId +
+                ", licenseStartTime=" + licenseStartTime +
+                ", licenseEndTime=" + licenseEndTime +
+                ", isMonitoring=" + isMonitoring +
+                ", securityScopeId=" + securityScopeId +
+                ", ownerId=" + ownerId +
+                ", sshConfigId=" + sshConfigId +
+                ", status=" + status +
+                ", createdById=" + createdById +
+                ", decodeType=" + decodeType +
+                ", missPolicy=" + missPolicy +
+                ", tenantId='" + tenantId + '\'' +
+                ", createTime=" + createTime +
+                ", updateTime=" + updateTime +
+                ", createBy=" + createBy +
+                ", updateBy=" + updateBy +
+                ", delFlag='" + delFlag + '\'' +
+                ", managerName='" + managerName + '\'' +
+                ", todayParseCount=" + todayParseCount +
+                ", todayNonLogCount=" + todayNonLogCount +
+                ", createDept=" + createDept +
+                ", deviceCollectId=" + deviceCollectId +
+                '}';
+    }
+
+}
\ No newline at end of file
diff --git a/haobang-security-xdr/syslog-serve/src/main/java/com/common/entity/DeviceReceiveLog.java b/haobang-security-xdr/syslog-serve/src/main/java/com/common/entity/DeviceReceiveLog.java
new file mode 100644
index 0000000..f6e4529
--- /dev/null
+++ b/haobang-security-xdr/syslog-serve/src/main/java/com/common/entity/DeviceReceiveLog.java
@@ -0,0 +1,68 @@
+package com.common.entity;
+
+import lombok.Data;
+import lombok.AllArgsConstructor;
+import lombok.NoArgsConstructor;
+import lombok.Builder;
+
+import java.time.LocalDateTime;
+import com.fasterxml.jackson.annotation.JsonFormat;
+
+@Data
+@Builder
+@NoArgsConstructor
+@AllArgsConstructor
+public class DeviceReceiveLog {
+    /**
+     * 主键ID
+     */
+    private Long id;
+
+    /**
+     * 记录创建时间（UTC时间）
+     */
+    @JsonFormat(pattern = "yyyy-MM-dd HH:mm:ss")
+    private LocalDateTime createdAt;
+
+    /**
+     * 采集探针ID
+     */
+    private Integer deviceCollectId;
+
+    /**
+     * 设备ID
+     */
+    private Integer deviceId;
+
+    /**
+     * 设备IP（PostgreSQL inet类型，用String处理）
+     */
+    private String deviceIp;
+
+    /**
+     * 日志收到时间
+     */
+    @JsonFormat(pattern = "yyyy-MM-dd HH:mm:ss")
+    private LocalDateTime receiveTime;
+
+    /**
+     * 接收时间字符串（冗余字段）
+     */
+    private String receiveTimeStr;
+
+    /**
+     * 原始syslog消息
+     */
+    private String syslogMessage;
+
+    /**
+     * 是否推送成功
+     */
+    private boolean pushSuccess;
+
+    /**
+     * 分页参数（非表字段）
+     */
+    private Integer pageNum;
+    private Integer pageSize;
+}
\ No newline at end of file
diff --git a/haobang-security-xdr/syslog-serve/src/main/java/com/common/entity/DeviceUnknown.java b/haobang-security-xdr/syslog-serve/src/main/java/com/common/entity/DeviceUnknown.java
new file mode 100644
index 0000000..c6deab1
--- /dev/null
+++ b/haobang-security-xdr/syslog-serve/src/main/java/com/common/entity/DeviceUnknown.java
@@ -0,0 +1,70 @@
+package com.common.entity;
+
+
+import com.fasterxml.jackson.annotation.JsonFormat;
+import lombok.Data;
+import javax.validation.constraints.NotBlank;
+import javax.validation.constraints.NotNull;
+import java.time.LocalDateTime;
+
+@Data
+public class DeviceUnknown {
+    /**
+     * 主键ID
+     */
+    private Long id;
+
+    /**
+     * 记录创建时间
+     */
+    @JsonFormat(pattern = "yyyy-MM-dd HH:mm:ss")
+    private LocalDateTime createdAt;
+
+    /**
+     * 采集探针ID
+     */
+    @NotNull(message = "采集探针ID不能为空")
+    private Integer deviceCollectId;
+
+    /**
+     * 采集探针名称
+     */
+    @NotBlank(message = "采集探针名称不能为空")
+    private String deviceCollectName;
+
+    /**
+     * 设备IP
+     */
+    @NotBlank(message = "设备IP不能为空")
+    private String deviceIp;
+
+    /**
+     * 首次发现时间
+     */
+    @JsonFormat(pattern = "yyyy-MM-dd HH:mm:ss")
+    @NotNull(message = "首次发现时间不能为空")
+    private LocalDateTime firstTime;
+
+    /**
+     * 最后发现时间
+     */
+    @JsonFormat(pattern = "yyyy-MM-dd HH:mm:ss")
+    @NotNull(message = "最后发现时间不能为空")
+    private LocalDateTime lastTime;
+
+    /**
+     * 组织ID
+     */
+    //@NotNull(message = "组织ID不能为空")
+    private Integer organizationId;
+
+    /**
+     * 网络协议 (TCP|UDP)
+     */
+    private String networkProtocol = "TCP";
+
+    /**
+     * 来源方式 (SYSTEM|USER)
+     */
+    private String sourceMethod = "SYSTEM";
+}
\ No newline at end of file
diff --git a/haobang-security-xdr/syslog-serve/src/main/java/com/common/mapper/DeviceCollectTaskMapper.java b/haobang-security-xdr/syslog-serve/src/main/java/com/common/mapper/DeviceCollectTaskMapper.java
new file mode 100644
index 0000000..e7bf3c6
--- /dev/null
+++ b/haobang-security-xdr/syslog-serve/src/main/java/com/common/mapper/DeviceCollectTaskMapper.java
@@ -0,0 +1,143 @@
+package com.common.mapper;
+
+import com.common.entity.DeviceCollectTask;
+import org.apache.ibatis.annotations.*;
+import java.util.List;
+import java.util.Map;
+
+@Mapper
+public interface DeviceCollectTaskMapper {
+
+    /**
+     * 根据ID查询采集任务
+     */
+    @Select("SELECT * FROM device_collect_task WHERE id = #{id}")
+    DeviceCollectTask selectById(Integer id);
+
+    /**
+     * 查询所有采集任务
+     */
+    @Select("SELECT * FROM device_collect_task")
+    List<DeviceCollectTask> selectAll();
+
+    /**
+     * 根据设备ID查询采集任务
+     */
+    @Select("SELECT * FROM device_collect_task WHERE device_id = #{deviceId}")
+    List<DeviceCollectTask> selectByDeviceId(Integer deviceId);
+
+    /**
+     * 根据方法类型查询采集任务
+     */
+    @Select("SELECT * FROM device_collect_task WHERE method = #{method}")
+    List<DeviceCollectTask> selectByMethod(Integer method);
+
+    /**
+     * 根据任务名称模糊查询
+     */
+    @Select("SELECT * FROM device_collect_task WHERE task_name LIKE CONCAT('%', #{taskName}, '%')")
+    List<DeviceCollectTask> selectByTaskNameLike(String taskName);
+
+    /**
+     * 查询成功的采集任务
+     */
+    @Select("SELECT * FROM device_collect_task WHERE last_success_time IS NOT NULL")
+    List<DeviceCollectTask> selectSuccessTasks();
+
+    /**
+     * 查询失败的采集任务
+     */
+    @Select("SELECT * FROM device_collect_task WHERE last_failed_time IS NOT NULL")
+    List<DeviceCollectTask> selectFailedTasks();
+
+    /**
+     * 多条件组合查询
+     */
+    List<DeviceCollectTask> selectByCondition(DeviceCollectTask condition);
+
+    /**
+     * 插入采集任务
+     */
+    @Insert("INSERT INTO device_collect_task (created_at, updated_at, device_id, method, task_name, " +
+            "first_time, last_success_time, last_failed_time, detail_id, epm, epm_peak, " +
+            "process_architecture, task_count, recent_discover_time, epm_upper_limit) " +
+            "VALUES (NOW(), NOW(), #{deviceId}, #{method}, #{taskName}, #{firstTime}, " +
+            "#{lastSuccessTime}, #{lastFailedTime}, #{detailId}, #{epm}, #{epmPeak}, " +
+            "#{processArchitecture}, #{taskCount}, #{recentDiscoverTime}, #{epmUpperLimit})")
+    @Options(useGeneratedKeys = true, keyProperty = "id")
+    int insert(DeviceCollectTask task);
+
+    /**
+     * 更新采集任务
+     */
+    @Update("UPDATE device_collect_task SET " +
+            "updated_at = NOW(), " +
+            "device_id = #{deviceId}, " +
+            "method = #{method}, " +
+            "task_name = #{taskName}, " +
+            "first_time = #{firstTime}, " +
+            "last_success_time = #{lastSuccessTime}, " +
+            "last_failed_time = #{lastFailedTime}, " +
+            "detail_id = #{detailId}, " +
+            "epm = #{epm}, " +
+            "epm_peak = #{epmPeak}, " +
+            "process_architecture = #{processArchitecture}, " +
+            "task_count = #{taskCount}, " +
+            "recent_discover_time = #{recentDiscoverTime}, " +
+            "epm_upper_limit = #{epmUpperLimit} " +
+            "WHERE id = #{id}")
+    int update(DeviceCollectTask task);
+
+    /**
+     * 删除采集任务
+     */
+    @Delete("DELETE FROM device_collect_task WHERE id = #{id}")
+    int deleteById(Integer id);
+
+    /**
+     * 根据设备ID删除采集任务
+     */
+    @Delete("DELETE FROM device_collect_task WHERE device_id = #{deviceId}")
+    int deleteByDeviceId(Integer deviceId);
+
+    /**
+     * 更新任务成功状态
+     */
+    @Update("UPDATE device_collect_task SET " +
+            "last_success_time = NOW(), " +
+            "updated_at = NOW(), " +
+            "task_count = COALESCE(task_count, 0) + 1 " +
+            "WHERE id = #{id}")
+    int updateSuccessStatus(Integer id);
+
+    /**
+     * 更新任务失败状态
+     */
+    @Update("UPDATE device_collect_task SET " +
+            "last_failed_time = NOW(), " +
+            "updated_at = NOW() " +
+            "WHERE id = #{id}")
+    int updateFailedStatus(Integer id);
+
+    /**
+     * 更新EPM指标
+     */
+    @Update("UPDATE device_collect_task SET " +
+            "epm = #{epm}, " +
+            "epm_peak = GREATEST(COALESCE(epm_peak, 0), #{epm}), " +
+            "updated_at = NOW() " +
+            "WHERE id = #{id}")
+    int updateEpm(@Param("id") Integer id, @Param("epm") Integer epm);
+
+    /**
+     * 统计设备采集任务数量
+     */
+    @Select("SELECT COUNT(*) FROM device_collect_task WHERE device_id = #{deviceId}")
+    int countByDeviceId(Integer deviceId);
+
+    /**
+     * 获取设备的最新采集任务
+     */
+    @Select("SELECT * FROM device_collect_task WHERE device_id = #{deviceId} ORDER BY updated_at DESC LIMIT 1")
+    DeviceCollectTask selectLatestByDeviceId(Integer deviceId);
+}
\ No newline at end of file
diff --git a/haobang-security-xdr/syslog-serve/src/main/java/com/common/mapper/DeviceDeviceMapper.java b/haobang-security-xdr/syslog-serve/src/main/java/com/common/mapper/DeviceDeviceMapper.java
new file mode 100644
index 0000000..dfe4373
--- /dev/null
+++ b/haobang-security-xdr/syslog-serve/src/main/java/com/common/mapper/DeviceDeviceMapper.java
@@ -0,0 +1,93 @@
+package com.common.mapper;
+
+
+import com.common.entity.DeviceDevice;
+import org.apache.ibatis.annotations.Mapper;
+import org.apache.ibatis.annotations.Param;
+
+import java.util.List;
+import java.util.Map;
+
+@Mapper
+public interface DeviceDeviceMapper {
+
+    /**
+     * 根据ID查询设备
+     */
+    DeviceDevice selectById(Integer id);
+
+    /**
+     * 查询所有设备
+     */
+    List<DeviceDevice> selectAll();
+
+    /**
+     * 根据IP地址查询设备
+     */
+    List<DeviceDevice> selectByIp(String ip);
+
+    /**
+     * 根据设备名称模糊查询
+     */
+    List<DeviceDevice> selectByNameLike(String name);
+
+    /**
+     * 根据设备组查询
+     */
+    List<DeviceDevice> selectByDeviceGroup(Integer deviceGroup);
+
+    /**
+     * 根据设备类型查询
+     */
+    List<DeviceDevice> selectByDeviceType(Integer deviceType);
+
+    /**
+     * 根据组织ID查询
+     */
+    List<DeviceDevice> selectByOrganizationId(Integer organizationId);
+
+    /**
+     * 根据状态查询设备
+     */
+    List<DeviceDevice> selectByStatus(Short status);
+
+    /**
+     * 多条件组合查询
+     */
+    List<DeviceDevice> selectByCondition(DeviceDevice condition);
+
+    /**
+     * 动态条件查询
+     */
+    List<DeviceDevice> selectByMap(Map<String, Object> params);
+
+    /**
+     * 分页查询
+     */
+    List<DeviceDevice> selectByPage(@Param("offset") int offset, @Param("limit") int limit);
+
+    /**
+     * 统计设备数量
+     */
+    Long count();
+
+    /**
+     * 根据条件统计数量
+     */
+    Long countByCondition(DeviceDevice condition);
+
+    /**
+     * 查询监控中的设备
+     */
+    List<DeviceDevice> selectMonitoringDevices();
+
+    /**
+     * 查询未删除的设备（del_flag = '0'）
+     */
+    List<DeviceDevice> selectActiveDevices();
+
+    /**
+     * 根据厂商查询设备
+     */
+    List<DeviceDevice> selectByVendor(String vendor);
+}
\ No newline at end of file
diff --git a/haobang-security-xdr/syslog-serve/src/main/java/com/common/mapper/DeviceReceiveLogMapper.java b/haobang-security-xdr/syslog-serve/src/main/java/com/common/mapper/DeviceReceiveLogMapper.java
new file mode 100644
index 0000000..5d24400
--- /dev/null
+++ b/haobang-security-xdr/syslog-serve/src/main/java/com/common/mapper/DeviceReceiveLogMapper.java
@@ -0,0 +1,78 @@
+package com.common.mapper;
+
+
+import com.common.entity.DeviceReceiveLog;
+import org.apache.ibatis.annotations.Mapper;
+import org.apache.ibatis.annotations.Param;
+
+import java.time.LocalDateTime;
+import java.util.List;
+import java.util.Map;
+
+@Mapper
+public interface DeviceReceiveLogMapper {
+
+    /**
+     * 插入单条记录
+     */
+    int insert(DeviceReceiveLog log);
+
+    /**
+     * 批量插入记录
+     */
+    int batchInsert(@Param("list") List<DeviceReceiveLog> logs);
+
+    /**
+     * 根据ID查询
+     */
+    DeviceReceiveLog selectById(@Param("id") Long id);
+
+    /**
+     * 根据设备ID查询
+     */
+    List<DeviceReceiveLog> selectByDeviceId(@Param("deviceId") Integer deviceId);
+
+    /**
+     * 根据采集探针ID查询
+     */
+    List<DeviceReceiveLog> selectByCollectId(@Param("collectId") Integer collectId);
+
+    /**
+     * 根据IP地址查询
+     */
+    List<DeviceReceiveLog> selectByDeviceIp(@Param("deviceIp") String deviceIp);
+
+    /**
+     * 根据时间范围查询
+     */
+    List<DeviceReceiveLog> selectByTimeRange(
+            @Param("startTime") LocalDateTime startTime,
+            @Param("endTime") LocalDateTime endTime);
+
+    /**
+     * 多条件组合查询
+     */
+    List<DeviceReceiveLog> selectByCondition(DeviceReceiveLog condition);
+
+    /**
+     * 统计设备接收日志数量
+     */
+    Long countByCondition(DeviceReceiveLog condition);
+
+    /**
+     * 根据时间范围删除旧数据
+     */
+    int deleteByTimeRange(
+            @Param("startTime") LocalDateTime startTime,
+            @Param("endTime") LocalDateTime endTime);
+
+    /**
+     * 获取最近N条记录
+     */
+    List<DeviceReceiveLog> selectRecent(@Param("limit") Integer limit);
+
+    /**
+     * 按设备分组统计日志数量
+     */
+    List<Map<String, Object>> countByDeviceGroup();
+}
\ No newline at end of file
diff --git a/haobang-security-xdr/syslog-serve/src/main/java/com/common/mapper/DeviceUnknownMapper.java b/haobang-security-xdr/syslog-serve/src/main/java/com/common/mapper/DeviceUnknownMapper.java
new file mode 100644
index 0000000..837827b
--- /dev/null
+++ b/haobang-security-xdr/syslog-serve/src/main/java/com/common/mapper/DeviceUnknownMapper.java
@@ -0,0 +1,110 @@
+package com.common.mapper;
+
+
+import com.common.entity.DeviceUnknown;
+import org.apache.ibatis.annotations.Mapper;
+import org.apache.ibatis.annotations.Param;
+import java.util.List;
+import java.time.LocalDateTime;
+
+@Mapper
+public interface DeviceUnknownMapper {
+
+    /**
+     * 插入设备记录
+     * @param device 设备对象
+     * @return 影响行数
+     */
+    int insert(DeviceUnknown device);
+
+    /**
+     * 批量插入设备记录
+     * @param devices 设备列表
+     * @return 影响行数
+     */
+    int batchInsert(@Param("devices") List<DeviceUnknown> devices);
+
+    /**
+     * 根据ID查询设备
+     * @param id 设备ID
+     * @return 设备对象
+     */
+    DeviceUnknown selectById(@Param("id") Long id);
+
+    /**
+     * 根据IP查询设备
+     * @param deviceIp 设备IP
+     * @return 设备列表
+     */
+    List<DeviceUnknown> selectByIp(@Param("deviceIp") String deviceIp);
+
+    /**
+     * 根据组织ID查询设备
+     * @param organizationId 组织ID
+     * @return 设备列表
+     */
+    List<DeviceUnknown> selectByOrganizationId(@Param("organizationId") Integer organizationId);
+
+    /**
+     * 查询所有设备
+     * @return 设备列表
+     */
+    List<DeviceUnknown> selectAll();
+
+    /**
+     * 分页查询设备
+     * @param offset 偏移量
+     * @param limit 每页数量
+     * @return 设备列表
+     */
+    List<DeviceUnknown> selectPage(@Param("offset") int offset, @Param("limit") int limit);
+
+    /**
+     * 根据条件查询设备
+     * @param device 查询条件
+     * @return 设备列表
+     */
+    List<DeviceUnknown> selectByCondition(DeviceUnknown device);
+
+    /**
+     * 根据ID更新设备信息
+     * @param device 设备对象
+     * @return 影响行数
+     */
+    int updateById(DeviceUnknown device);
+
+    /**
+     * 更新最后发现时间
+     * @param id 设备ID
+     * @param lastTime 最后发现时间
+     * @return 影响行数
+     */
+    int updateLastTime(@Param("id") Long id, @Param("lastTime") LocalDateTime lastTime);
+
+    /**
+     * 根据ID删除设备
+     * @param id 设备ID
+     * @return 影响行数
+     */
+    int deleteById(@Param("id") Long id);
+
+    /**
+     * 根据组织ID删除设备
+     * @param organizationId 组织ID
+     * @return 影响行数
+     */
+    int deleteByOrganizationId(@Param("organizationId") Integer organizationId);
+
+    /**
+     * 统计设备数量
+     * @return 设备总数
+     */
+    Long count();
+
+    /**
+     * 根据条件统计设备数量
+     * @param device 查询条件
+     * @return 设备数量
+     */
+    Long countByCondition(DeviceUnknown device);
+}
\ No newline at end of file
diff --git a/haobang-security-xdr/syslog-serve/src/main/java/com/common/service/DeviceCollectTaskService.java b/haobang-security-xdr/syslog-serve/src/main/java/com/common/service/DeviceCollectTaskService.java
new file mode 100644
index 0000000..b77e8f4
--- /dev/null
+++ b/haobang-security-xdr/syslog-serve/src/main/java/com/common/service/DeviceCollectTaskService.java
@@ -0,0 +1,136 @@
+package com.common.service;
+
+import com.common.entity.DeviceCollectTask;
+import com.common.mapper.DeviceCollectTaskMapper;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.cache.annotation.CacheConfig;
+import org.springframework.cache.annotation.CacheEvict;
+import org.springframework.cache.annotation.Cacheable;
+import org.springframework.cache.annotation.CachePut;
+import org.springframework.stereotype.Service;
+import java.util.List;
+
+@Service
+@CacheConfig(cacheNames = "collectTask")
+public class DeviceCollectTaskService {
+
+    @Autowired
+    private DeviceCollectTaskMapper deviceCollectTaskMapper;
+
+    /**
+     * 根据ID查询采集任务 - 缓存
+     */
+    @Cacheable(key = "'id:' + #id")
+    public DeviceCollectTask getById(Integer id) {
+        return deviceCollectTaskMapper.selectById(id);
+    }
+
+    /**
+     * 查询所有采集任务 - 缓存
+     */
+    @Cacheable(key = "'all'")
+    public List<DeviceCollectTask> getAll() {
+        return deviceCollectTaskMapper.selectAll();
+    }
+
+    /**
+     * 根据设备ID查询采集任务 - 缓存
+     */
+    @Cacheable(key = "'device:' + #deviceId")
+    public List<DeviceCollectTask> getByDeviceId(Integer deviceId) {
+        return deviceCollectTaskMapper.selectByDeviceId(deviceId);
+    }
+
+    /**
+     * 根据方法类型查询采集任务
+     */
+    public List<DeviceCollectTask> getByMethod(Integer method) {
+        return deviceCollectTaskMapper.selectByMethod(method);
+    }
+
+    /**
+     * 多条件组合查询
+     */
+    public List<DeviceCollectTask> getByCondition(DeviceCollectTask condition) {
+        return deviceCollectTaskMapper.selectByCondition(condition);
+    }
+
+    /**
+     * 新增采集任务 - 清除相关缓存
+     */
+    @CacheEvict(allEntries = true)
+    public int create(DeviceCollectTask task) {
+        return deviceCollectTaskMapper.insert(task);
+    }
+
+    /**
+     * 更新采集任务 - 更新缓存
+     */
+    @CachePut(key = "'id:' + #task.id")
+    @CacheEvict(key = "'device:' + #task.deviceId")
+    public DeviceCollectTask update(DeviceCollectTask task) {
+        deviceCollectTaskMapper.update(task);
+        return deviceCollectTaskMapper.selectById(task.getId());
+    }
+
+    /**
+     * 删除采集任务 - 清除缓存
+     */
+    @CacheEvict(key = "'id:' + #id")
+    public int delete(Integer id) {
+        return deviceCollectTaskMapper.deleteById(id);
+    }
+
+    /**
+     * 标记任务成功 - 更新缓存
+     */
+    @CacheEvict(key = "'id:' + #id")
+    public int markSuccess(Integer id) {
+        return deviceCollectTaskMapper.updateSuccessStatus(id);
+    }
+
+    /**
+     * 标记任务失败 - 更新缓存
+     */
+    @CacheEvict(key = "'id:' + #id")
+    public int markFailed(Integer id) {
+        return deviceCollectTaskMapper.updateFailedStatus(id);
+    }
+
+    /**
+     * 更新EPM指标 - 更新缓存
+     */
+    @CacheEvict(key = "'id:' + #id")
+    public int updateEpm(Integer id, Integer epm) {
+        return deviceCollectTaskMapper.updateEpm(id, epm);
+    }
+
+    /**
+     * 查询成功的任务
+     */
+    public List<DeviceCollectTask> getSuccessTasks() {
+        return deviceCollectTaskMapper.selectSuccessTasks();
+    }
+
+    /**
+     * 查询失败的任务
+     */
+    public List<DeviceCollectTask> getFailedTasks() {
+        return deviceCollectTaskMapper.selectFailedTasks();
+    }
+
+    /**
+     * 获取设备的最新采集任务
+     */
+    @Cacheable(key = "'latest:device:' + #deviceId")
+    public DeviceCollectTask getLatestByDeviceId(Integer deviceId) {
+        return deviceCollectTaskMapper.selectLatestByDeviceId(deviceId);
+    }
+
+    /**
+     * 统计设备任务数量
+     */
+    public int countByDeviceId(Integer deviceId) {
+        return deviceCollectTaskMapper.countByDeviceId(deviceId);
+    }
+}
\ No newline at end of file
diff --git a/haobang-security-xdr/syslog-serve/src/main/java/com/common/service/DeviceDeviceService.java b/haobang-security-xdr/syslog-serve/src/main/java/com/common/service/DeviceDeviceService.java
new file mode 100644
index 0000000..c9deb58
--- /dev/null
+++ b/haobang-security-xdr/syslog-serve/src/main/java/com/common/service/DeviceDeviceService.java
@@ -0,0 +1,31 @@
+package com.common.service;
+
+import com.common.entity.DeviceDevice;
+import java.util.List;
+import java.util.Map;
+
+public interface DeviceDeviceService {
+
+    DeviceDevice getByIdSafely(Integer id);
+    List<DeviceDevice> getByIpSafely(String ip);
+
+    DeviceDevice getById(Integer id);
+
+    List<DeviceDevice> getAll();
+
+    List<DeviceDevice> getByIp(String ip);
+
+    List<DeviceDevice> getByNameLike(String name);
+
+    List<DeviceDevice> getByCondition(DeviceDevice condition);
+
+    List<DeviceDevice> getByMap(Map<String, Object> params);
+
+    List<DeviceDevice> getByPage(int pageNum, int pageSize);
+
+    Long getCount();
+
+    List<DeviceDevice> getMonitoringDevices();
+
+    List<DeviceDevice> getActiveDevices();
+}
\ No newline at end of file
diff --git a/haobang-security-xdr/syslog-serve/src/main/java/com/common/service/DeviceReceiveLogService.java b/haobang-security-xdr/syslog-serve/src/main/java/com/common/service/DeviceReceiveLogService.java
new file mode 100644
index 0000000..de1765b
--- /dev/null
+++ b/haobang-security-xdr/syslog-serve/src/main/java/com/common/service/DeviceReceiveLogService.java
@@ -0,0 +1,35 @@
+package com.common.service;
+
+
+
+import com.common.entity.DeviceReceiveLog;
+import com.github.pagehelper.PageInfo;
+
+import java.time.LocalDateTime;
+import java.util.List;
+import java.util.Map;
+
+public interface DeviceReceiveLogService {
+
+    // 插入操作
+    Long insertLog(DeviceReceiveLog log);
+    int batchInsertLogs(List<DeviceReceiveLog> logs);
+
+    // 查询操作
+    DeviceReceiveLog getById(Long id);
+    List<DeviceReceiveLog> getByDeviceId(Integer deviceId);
+    List<DeviceReceiveLog> getByCollectId(Integer collectId);
+    List<DeviceReceiveLog> getByTimeRange(LocalDateTime startTime, LocalDateTime endTime);
+    List<DeviceReceiveLog> getByCondition(DeviceReceiveLog condition);
+    PageInfo<DeviceReceiveLog> getByConditionPage(DeviceReceiveLog condition, Integer pageNum, Integer pageSize);
+
+    // 统计操作
+    Long countByCondition(DeviceReceiveLog condition);
+    List<Map<String, Object>> getDeviceLogStatistics();
+
+    // 删除操作
+    int deleteOldLogs(LocalDateTime beforeTime);
+
+    // 获取最近日志
+    List<DeviceReceiveLog> getRecentLogs(Integer limit);
+}
\ No newline at end of file
diff --git a/haobang-security-xdr/syslog-serve/src/main/java/com/common/service/DeviceUnknownService.java b/haobang-security-xdr/syslog-serve/src/main/java/com/common/service/DeviceUnknownService.java
new file mode 100644
index 0000000..47c9f28
--- /dev/null
+++ b/haobang-security-xdr/syslog-serve/src/main/java/com/common/service/DeviceUnknownService.java
@@ -0,0 +1,108 @@
+package com.common.service;
+
+
+
+import com.common.entity.DeviceUnknown;
+import java.util.List;
+import java.time.LocalDateTime;
+
+public interface DeviceUnknownService {
+
+    /**
+     * 创建设备记录
+     * @param device 设备信息
+     * @return 创建的设备ID
+     */
+    Long createDevice(DeviceUnknown device);
+
+    /**
+     * 批量创建设备记录
+     * @param devices 设备列表
+     * @return 成功创建的记录数
+     */
+    int batchCreateDevices(List<DeviceUnknown> devices);
+
+    /**
+     * 根据ID获取设备信息
+     * @param id 设备ID
+     * @return 设备信息
+     */
+    DeviceUnknown getDeviceById(Long id);
+
+    /**
+     * 根据IP获取设备列表
+     * @param deviceIp 设备IP
+     * @return 设备列表
+     */
+    List<DeviceUnknown> getDevicesByIp(String deviceIp);
+
+    /**
+     * 根据组织ID获取设备列表
+     * @param organizationId 组织ID
+     * @return 设备列表
+     */
+    List<DeviceUnknown> getDevicesByOrganizationId(Integer organizationId);
+
+    /**
+     * 获取所有设备列表
+     * @return 设备列表
+     */
+    List<DeviceUnknown> getAllDevices();
+
+    /**
+     * 分页查询设备列表
+     * @param pageNum 页码
+     * @param pageSize 每页大小
+     * @return 设备列表
+     */
+    List<DeviceUnknown> getDevicesByPage(int pageNum, int pageSize);
+
+    /**
+     * 根据条件查询设备列表
+     * @param device 查询条件
+     * @return 设备列表
+     */
+    List<DeviceUnknown> searchDevices(DeviceUnknown device);
+
+    /**
+     * 更新设备信息
+     * @param device 设备信息
+     * @return 是否成功
+     */
+    boolean updateDevice(DeviceUnknown device);
+
+    /**
+     * 更新设备的最后发现时间
+     * @param id 设备ID
+     * @param lastTime 最后发现时间
+     * @return 是否成功
+     */
+    boolean updateLastTime(Long id, LocalDateTime lastTime);
+
+    /**
+     * 删除设备
+     * @param id 设备ID
+     * @return 是否成功
+     */
+    boolean deleteDevice(Long id);
+
+    /**
+     * 根据组织ID删除设备
+     * @param organizationId 组织ID
+     * @return 删除的记录数
+     */
+    int deleteDevicesByOrganizationId(Integer organizationId);
+
+    /**
+     * 获取设备总数
+     * @return 设备总数
+     */
+    long getTotalCount();
+
+    /**
+     * 根据条件获取设备数量
+     * @param device 查询条件
+     * @return 设备数量
+     */
+    long getCountByCondition(DeviceUnknown device);
+}
\ No newline at end of file
diff --git a/haobang-security-xdr/syslog-serve/src/main/java/com/common/service/impl/DeviceDeviceServiceImpl.java b/haobang-security-xdr/syslog-serve/src/main/java/com/common/service/impl/DeviceDeviceServiceImpl.java
new file mode 100644
index 0000000..c79521a
--- /dev/null
+++ b/haobang-security-xdr/syslog-serve/src/main/java/com/common/service/impl/DeviceDeviceServiceImpl.java
@@ -0,0 +1,103 @@
+package com.common.service.impl;
+
+
+import com.common.entity.DeviceDevice;
+import com.common.mapper.DeviceDeviceMapper;
+import com.common.service.DeviceDeviceService;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.stereotype.Service;
+
+import java.util.List;
+import java.util.Map;
+import org.springframework.cache.annotation.CacheConfig;
+import org.springframework.cache.annotation.Cacheable;
+import com.haobang.util.SafeCacheUtil;
+
+@CacheConfig(cacheNames = "device")
+@Service
+public class DeviceDeviceServiceImpl implements DeviceDeviceService {
+
+    @Autowired
+    private DeviceDeviceMapper deviceDeviceMapper;
+
+
+    @Autowired
+    private SafeCacheUtil safeCacheUtil;
+
+    /**
+     * 使用安全的缓存方法
+     */
+    @Cacheable(  key = "'device:id:' +#id")
+    @Override
+    public DeviceDevice getByIdSafely(Integer id) {
+        String cacheKey = "device:id:" + id;
+        return safeCacheUtil.getSafe(cacheKey, DeviceDevice.class,
+                () -> deviceDeviceMapper.selectById(id));
+    }
+
+    /**
+     * 使用安全的列表缓存方法
+     */
+    @Cacheable(  key = "'device:ip:' + #ip")
+    @Override
+    public List<DeviceDevice> getByIpSafely(String ip) {
+        String cacheKey = "device:ip:" + ip;
+        return safeCacheUtil.getSafeList(cacheKey, DeviceDevice.class,
+                () -> deviceDeviceMapper.selectByIp(ip));
+    }
+
+    @Cacheable(  key = "'device:id:' +#id")
+    @Override
+    public DeviceDevice getById(Integer id) {
+        System.out.println("exec deviceDeviceMapper.selectById :" + id.toString());
+        return deviceDeviceMapper.selectById(id);
+    }
+
+    @Override
+    public List<DeviceDevice> getAll() {
+        return deviceDeviceMapper.selectAll();
+    }
+
+    @Cacheable(  key = "'device:ip:' + #ip")
+    @Override
+    public List<DeviceDevice> getByIp(String ip) {
+
+        return deviceDeviceMapper.selectByIp(ip);
+    }
+
+    @Override
+    public List<DeviceDevice> getByNameLike(String name) {
+        return deviceDeviceMapper.selectByNameLike(name);
+    }
+
+    @Override
+    public List<DeviceDevice> getByCondition(DeviceDevice condition) {
+        return deviceDeviceMapper.selectByCondition(condition);
+    }
+
+    @Override
+    public List<DeviceDevice> getByMap(Map<String, Object> params) {
+        return deviceDeviceMapper.selectByMap(params);
+    }
+
+    @Override
+    public List<DeviceDevice> getByPage(int pageNum, int pageSize) {
+        int offset = (pageNum - 1) * pageSize;
+        return deviceDeviceMapper.selectByPage(offset, pageSize);
+    }
+
+    @Override
+    public Long getCount() {
+        return deviceDeviceMapper.count();
+    }
+
+    @Override
+    public List<DeviceDevice> getMonitoringDevices() {
+        return deviceDeviceMapper.selectMonitoringDevices();
+    }
+
+    @Override
+    public List<DeviceDevice> getActiveDevices() {
+        return deviceDeviceMapper.selectActiveDevices();
+    }
+}
\ No newline at end of file
diff --git a/haobang-security-xdr/syslog-serve/src/main/java/com/common/service/impl/DeviceReceiveLogServiceImpl.java b/haobang-security-xdr/syslog-serve/src/main/java/com/common/service/impl/DeviceReceiveLogServiceImpl.java
new file mode 100644
index 0000000..d0766be
--- /dev/null
+++ b/haobang-security-xdr/syslog-serve/src/main/java/com/common/service/impl/DeviceReceiveLogServiceImpl.java
@@ -0,0 +1,159 @@
+package com.common.service.impl;
+
+
+import com.common.entity.DeviceReceiveLog;
+import com.common.mapper.DeviceReceiveLogMapper;
+import com.common.service.DeviceReceiveLogService;
+import com.github.pagehelper.PageHelper;
+import com.github.pagehelper.PageInfo;
+import lombok.RequiredArgsConstructor;
+import lombok.extern.slf4j.Slf4j;
+import org.springframework.stereotype.Service;
+import org.springframework.transaction.annotation.Transactional;
+
+import java.time.LocalDateTime;
+import java.util.List;
+import java.util.Map;
+
+@Slf4j
+@Service
+@RequiredArgsConstructor
+public class DeviceReceiveLogServiceImpl implements DeviceReceiveLogService {
+
+    private final DeviceReceiveLogMapper deviceReceiveLogMapper;
+
+    @Override
+    @Transactional(rollbackFor = Exception.class)
+    public Long insertLog(DeviceReceiveLog log) {
+        // 设置默认时间
+        if (log.getCreatedAt() == null) {
+            log.setCreatedAt(LocalDateTime.now());
+        }
+
+        if (log.getReceiveTimeStr() == null && log.getReceiveTime() != null) {
+            log.setReceiveTimeStr(log.getReceiveTime().toString());
+        }
+
+        deviceReceiveLogMapper.insert(log);
+       // log.info("插入设备接收日志成功，ID: {}", log.getId());
+        return log.getId();
+    }
+
+    @Override
+    @Transactional(rollbackFor = Exception.class)
+    public int batchInsertLogs(List<DeviceReceiveLog> logs) {
+        if (logs == null || logs.isEmpty()) {
+            return 0;
+        }
+
+        // 批量处理，每1000条提交一次
+        int batchSize = 1000;
+        int totalInserted = 0;
+
+        for (int i = 0; i < logs.size(); i += batchSize) {
+            int end = Math.min(i + batchSize, logs.size());
+            List<DeviceReceiveLog> batchList = logs.subList(i, end);
+
+            // 设置默认值
+            batchList.forEach(log -> {
+                if (log.getCreatedAt() == null) {
+                    log.setCreatedAt(LocalDateTime.now());
+                }
+                if (log.getReceiveTimeStr() == null && log.getReceiveTime() != null) {
+                    log.setReceiveTimeStr(log.getReceiveTime().toString());
+                }
+            });
+
+            int inserted = deviceReceiveLogMapper.batchInsert(batchList);
+            totalInserted += inserted;
+            log.info("批量插入进度: {}/{}", end, logs.size());
+        }
+
+        return totalInserted;
+    }
+
+    @Override
+    public DeviceReceiveLog getById(Long id) {
+        return deviceReceiveLogMapper.selectById(id);
+    }
+
+    @Override
+    public List<DeviceReceiveLog> getByDeviceId(Integer deviceId) {
+        return deviceReceiveLogMapper.selectByDeviceId(deviceId);
+    }
+
+    @Override
+    public List<DeviceReceiveLog> getByCollectId(Integer collectId) {
+        return deviceReceiveLogMapper.selectByCollectId(collectId);
+    }
+
+    @Override
+    public List<DeviceReceiveLog> getByTimeRange(LocalDateTime startTime, LocalDateTime endTime) {
+        if (startTime == null || endTime == null) {
+            throw new IllegalArgumentException("时间范围不能为空");
+        }
+        if (startTime.isAfter(endTime)) {
+            throw new IllegalArgumentException("开始时间不能晚于结束时间");
+        }
+        return deviceReceiveLogMapper.selectByTimeRange(startTime, endTime);
+    }
+
+    @Override
+    public List<DeviceReceiveLog> getByCondition(DeviceReceiveLog condition) {
+        return deviceReceiveLogMapper.selectByCondition(condition);
+    }
+
+    @Override
+    public PageInfo<DeviceReceiveLog> getByConditionPage(DeviceReceiveLog condition, Integer pageNum, Integer pageSize) {
+        if (pageNum == null || pageNum < 1) {
+            pageNum = 1;
+        }
+        if (pageSize == null || pageSize < 1) {
+            pageSize = 10;
+        }
+
+        PageHelper.startPage(pageNum, pageSize);
+        List<DeviceReceiveLog> list = deviceReceiveLogMapper.selectByCondition(condition);
+        return new PageInfo<>(list);
+    }
+
+    @Override
+    public Long countByCondition(DeviceReceiveLog condition) {
+        return deviceReceiveLogMapper.countByCondition(condition);
+    }
+
+    @Override
+    public List<Map<String, Object>> getDeviceLogStatistics() {
+        return deviceReceiveLogMapper.countByDeviceGroup();
+    }
+
+    @Override
+    @Transactional(rollbackFor = Exception.class)
+    public int deleteOldLogs(LocalDateTime beforeTime) {
+        if (beforeTime == null) {
+            throw new IllegalArgumentException("删除时间点不能为空");
+        }
+
+        LocalDateTime endTime = LocalDateTime.now().minusDays(30); // 默认保留30天
+        if (beforeTime.isAfter(endTime)) {
+            log.warn("删除时间点{}晚于默认保留时间{}，使用默认时间", beforeTime, endTime);
+            beforeTime = endTime;
+        }
+
+        int deleted = deviceReceiveLogMapper.deleteByTimeRange(
+                LocalDateTime.of(2000, 1, 1, 0, 0), // 很早的时间
+                beforeTime
+        );
+
+        log.info("删除{}天前的日志，共删除{}条", beforeTime, deleted);
+        return deleted;
+    }
+
+    @Override
+    public List<DeviceReceiveLog> getRecentLogs(Integer limit) {
+        if (limit == null || limit < 1) {
+            limit = 50; // 默认返回50条
+        }
+        return deviceReceiveLogMapper.selectRecent(limit);
+    }
+}
\ No newline at end of file
diff --git a/haobang-security-xdr/syslog-serve/src/main/java/com/common/service/impl/DeviceUnknownServiceImpl.java b/haobang-security-xdr/syslog-serve/src/main/java/com/common/service/impl/DeviceUnknownServiceImpl.java
new file mode 100644
index 0000000..c75896a
--- /dev/null
+++ b/haobang-security-xdr/syslog-serve/src/main/java/com/common/service/impl/DeviceUnknownServiceImpl.java
@@ -0,0 +1,286 @@
+package com.common.service.impl;
+
+
+
+import com.common.entity.DeviceUnknown;
+import com.common.mapper.DeviceUnknownMapper;
+import com.common.service.DeviceUnknownService;
+import lombok.RequiredArgsConstructor;
+import lombok.extern.slf4j.Slf4j;
+import org.springframework.cache.annotation.CacheConfig;
+import org.springframework.cache.annotation.Cacheable;
+import org.springframework.cache.annotation.CachePut;
+import org.springframework.stereotype.Service;
+import org.springframework.transaction.annotation.Transactional;
+import org.springframework.util.CollectionUtils;
+import org.springframework.cache.CacheManager;
+import org.springframework.cache.Cache;
+import org.springframework.cache.annotation.Cacheable;
+import java.time.LocalDateTime;
+import java.util.List;
+
+import org.springframework.beans.factory.annotation.Autowired;
+
+@Slf4j
+@Service
+@RequiredArgsConstructor
+@CacheConfig(cacheNames = "deviceunknown")
+public class DeviceUnknownServiceImpl implements DeviceUnknownService {
+
+    private final DeviceUnknownMapper deviceUnknownMapper;
+    @Autowired
+    private CacheManager cacheManager;
+
+    @Override
+    @Transactional
+    public Long createDevice(DeviceUnknown device) {
+        // 设置默认值
+        if (device.getCreatedAt() == null) {
+            device.setCreatedAt(LocalDateTime.now());
+        }
+        if (device.getNetworkProtocol() == null) {
+            device.setNetworkProtocol("TCP");
+        }
+        if (device.getSourceMethod() == null) {
+            device.setSourceMethod("SYSTEM");
+        }
+
+        try {
+            int result = deviceUnknownMapper.insert(device);
+            if (result > 0) {
+                log.info("设备记录创建成功，ID: {}", device.getId());
+                //清除缓存IP:XXXX
+                clearDeviceCache(device.getDeviceIp());
+                List<DeviceUnknown>  devlist=this.getDevicesByIp(device.getDeviceIp());
+                return device.getId();
+            }
+            return null;
+        } catch (Exception e) {
+            log.error("创建设备记录失败: {}", e.getMessage(), e);
+            throw new RuntimeException("创建设备记录失败", e);
+        }
+    }
+    /**
+     * 清除缓存
+     */
+    public void clearDeviceCache(String deviceIp) {
+        Cache cache = cacheManager.getCache("deviceunknown");
+        if (cache != null) {
+            System.out.println("清除缓存"+"ip:" + deviceIp);
+            cache.evict("ip:" + deviceIp);
+        }
+    }
+
+    @Override
+    @Transactional
+    public int batchCreateDevices(List<DeviceUnknown> devices) {
+        if (CollectionUtils.isEmpty(devices)) {
+            return 0;
+        }
+
+        // 设置默认值
+        devices.forEach(device -> {
+            if (device.getCreatedAt() == null) {
+                device.setCreatedAt(LocalDateTime.now());
+            }
+            if (device.getNetworkProtocol() == null) {
+                device.setNetworkProtocol("TCP");
+            }
+            if (device.getSourceMethod() == null) {
+                device.setSourceMethod("SYSTEM");
+            }
+        });
+
+        try {
+            int result = deviceUnknownMapper.batchInsert(devices);
+            log.info("批量插入设备记录成功，数量: {}", result);
+            return result;
+        } catch (Exception e) {
+            log.error("批量插入设备记录失败: {}", e.getMessage(), e);
+            throw new RuntimeException("批量插入设备记录失败", e);
+        }
+    }
+
+    @Override
+    public DeviceUnknown getDeviceById(Long id) {
+        if (id == null || id <= 0) {
+            throw new IllegalArgumentException("设备ID不能为空");
+        }
+
+        try {
+            return deviceUnknownMapper.selectById(id);
+        } catch (Exception e) {
+            log.error("查询设备记录失败，ID: {}, 错误: {}", id, e.getMessage(), e);
+            throw new RuntimeException("查询设备记录失败", e);
+        }
+    }
+    @Cacheable(  key = "'ip:' +#deviceIp")
+    @Override
+    public List<DeviceUnknown> getDevicesByIp(String deviceIp) {
+        if (deviceIp == null || deviceIp.trim().isEmpty()) {
+            throw new IllegalArgumentException("设备IP不能为空");
+        }
+        try {
+            return deviceUnknownMapper.selectByIp(deviceIp);
+        } catch (Exception e) {
+            log.error("根据IP查询设备记录失败，IP: {}, 错误: {}", deviceIp, e.getMessage(), e);
+            throw new RuntimeException("根据IP查询设备记录失败", e);
+        }
+    }
+
+    @Override
+    public List<DeviceUnknown> getDevicesByOrganizationId(Integer organizationId) {
+        if (organizationId == null || organizationId <= 0) {
+            throw new IllegalArgumentException("组织ID不能为空");
+        }
+
+        try {
+            return deviceUnknownMapper.selectByOrganizationId(organizationId);
+        } catch (Exception e) {
+            log.error("根据组织ID查询设备记录失败，组织ID: {}, 错误: {}", organizationId, e.getMessage(), e);
+            throw new RuntimeException("根据组织ID查询设备记录失败", e);
+        }
+    }
+
+    @Override
+    public List<DeviceUnknown> getAllDevices() {
+        try {
+            return deviceUnknownMapper.selectAll();
+        } catch (Exception e) {
+            log.error("查询所有设备记录失败: {}", e.getMessage(), e);
+            throw new RuntimeException("查询所有设备记录失败", e);
+        }
+    }
+
+    @Override
+    public List<DeviceUnknown> getDevicesByPage(int pageNum, int pageSize) {
+        if (pageNum <= 0) {
+            pageNum = 1;
+        }
+        if (pageSize <= 0) {
+            pageSize = 10;
+        }
+
+        int offset = (pageNum - 1) * pageSize;
+
+        try {
+            return deviceUnknownMapper.selectPage(offset, pageSize);
+        } catch (Exception e) {
+            log.error("分页查询设备记录失败，页码: {}, 页大小: {}, 错误: {}",
+                    pageNum, pageSize, e.getMessage(), e);
+            throw new RuntimeException("分页查询设备记录失败", e);
+        }
+    }
+
+    @Override
+    public List<DeviceUnknown> searchDevices(DeviceUnknown device) {
+        try {
+            return deviceUnknownMapper.selectByCondition(device);
+        } catch (Exception e) {
+            log.error("条件查询设备记录失败: {}", e.getMessage(), e);
+            throw new RuntimeException("条件查询设备记录失败", e);
+        }
+    }
+
+    @Override
+    @Transactional
+    public boolean updateDevice(DeviceUnknown device) {
+        if (device == null || device.getId() == null) {
+            throw new IllegalArgumentException("设备信息或ID不能为空");
+        }
+        try {
+            int result = deviceUnknownMapper.updateById(device);
+            if (result > 0) {
+                log.info("更新设备记录成功，ID: {}", device.getId());
+                return true;
+            }
+            log.warn("未找到要更新的设备记录，ID: {}", device.getId());
+            return false;
+        } catch (Exception e) {
+            log.error("更新设备记录失败，ID: {}, 错误: {}", device.getId(), e.getMessage(), e);
+            throw new RuntimeException("更新设备记录失败", e);
+        }
+    }
+
+    @Override
+    @Transactional
+    public boolean updateLastTime(Long id, LocalDateTime lastTime) {
+        if (id == null || lastTime == null) {
+            throw new IllegalArgumentException("设备ID和最后发现时间不能为空");
+        }
+
+        try {
+            int result = deviceUnknownMapper.updateLastTime(id, lastTime);
+            if (result > 0) {
+                log.info("更新设备最后发现时间成功，ID: {}", id);
+                return true;
+            }
+            log.warn("未找到要更新最后发现时间的设备记录，ID: {}", id);
+            return false;
+        } catch (Exception e) {
+            log.error("更新设备最后发现时间失败，ID: {}, 错误: {}", id, e.getMessage(), e);
+            throw new RuntimeException("更新设备最后发现时间失败", e);
+        }
+    }
+
+    @Override
+    @Transactional
+    public boolean deleteDevice(Long id) {
+        if (id == null || id <= 0) {
+            throw new IllegalArgumentException("设备ID不能为空");
+        }
+
+        try {
+            int result = deviceUnknownMapper.deleteById(id);
+            if (result > 0) {
+                log.info("删除设备记录成功，ID: {}", id);
+                return true;
+            }
+            log.warn("未找到要删除的设备记录，ID: {}", id);
+            return false;
+        } catch (Exception e) {
+            log.error("删除设备记录失败，ID: {}, 错误: {}", id, e.getMessage(), e);
+            throw new RuntimeException("删除设备记录失败", e);
+        }
+    }
+
+    @Override
+    @Transactional
+    public int deleteDevicesByOrganizationId(Integer organizationId) {
+        if (organizationId == null || organizationId <= 0) {
+            throw new IllegalArgumentException("组织ID不能为空");
+        }
+
+        try {
+            int result = deviceUnknownMapper.deleteByOrganizationId(organizationId);
+            log.info("根据组织ID删除设备记录成功，组织ID: {}, 删除数量: {}", organizationId, result);
+            return result;
+        } catch (Exception e) {
+            log.error("根据组织ID删除设备记录失败，组织ID: {}, 错误: {}",
+                    organizationId, e.getMessage(), e);
+            throw new RuntimeException("根据组织ID删除设备记录失败", e);
+        }
+    }
+
+    @Override
+    public long getTotalCount() {
+        try {
+            Long count = deviceUnknownMapper.count();
+            return count != null ? count : 0L;
+        } catch (Exception e) {
+            log.error("统计设备总数失败: {}", e.getMessage(), e);
+            throw new RuntimeException("统计设备总数失败", e);
+        }
+    }
+
+    @Override
+    public long getCountByCondition(DeviceUnknown device) {
+        try {
+            Long count = deviceUnknownMapper.countByCondition(device);
+            return count != null ? count : 0L;
+        } catch (Exception e) {
+            log.error("条件统计设备数量失败: {}", e.getMessage(), e);
+            throw new RuntimeException("条件统计设备数量失败", e);
+        }
+    }
+}
\ No newline at end of file
diff --git a/haobang-security-xdr/syslog-serve/src/main/java/com/config/CacheConfig.java b/haobang-security-xdr/syslog-serve/src/main/java/com/config/CacheConfig.java
new file mode 100644
index 0000000..7599012
--- /dev/null
+++ b/haobang-security-xdr/syslog-serve/src/main/java/com/config/CacheConfig.java
@@ -0,0 +1,106 @@
+package com.config;
+
+import org.springframework.cache.CacheManager;
+import org.springframework.data.redis.cache.RedisCacheConfiguration;
+import org.springframework.data.redis.cache.RedisCacheManager;
+import org.springframework.data.redis.connection.RedisConnectionFactory;
+import org.springframework.data.redis.serializer.GenericJackson2JsonRedisSerializer;
+import org.springframework.data.redis.serializer.RedisSerializationContext;
+import org.springframework.data.redis.serializer.StringRedisSerializer;
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+
+import java.time.Duration;
+import java.util.Collections;
+import org.springframework.cache.annotation.EnableCaching;
+import com.fasterxml.jackson.databind.ObjectMapper;
+import com.fasterxml.jackson.datatype.jsr310.JavaTimeModule;
+import com.fasterxml.jackson.databind.jsontype.BasicPolymorphicTypeValidator;
+import com.fasterxml.jackson.databind.jsontype.PolymorphicTypeValidator;
+
+@Configuration
+@EnableCaching  // 启用缓存
+public class CacheConfig {
+
+    /**
+     * 配置支持类型信息的 ObjectMapper
+     */
+    @Bean
+    public ObjectMapper objectMapper() {
+        ObjectMapper mapper = new ObjectMapper();
+
+        // 注册 Java 8 日期时间支持
+        mapper.registerModule(new JavaTimeModule());
+
+        // 禁用将日期序列化为时间戳
+        mapper.disable(com.fasterxml.jackson.databind.SerializationFeature.WRITE_DATES_AS_TIMESTAMPS);
+
+        // 启用类型信息，解决 LinkedHashMap 转换问题
+        PolymorphicTypeValidator ptv = BasicPolymorphicTypeValidator.builder()
+                .allowIfSubType("com.common.entity.")    // 允许你的实体类包
+                .allowIfSubType("java.util.ArrayList")   // 允许 ArrayList
+                .allowIfSubType("java.util.LinkedList")  // 允许 LinkedList
+                .allowIfBaseType("java.util.List")       // 允许 List 接口
+                .allowIfBaseType("java.lang.Object")     // 允许 Object 类型
+                .build();
+
+        // 激活默认类型信息
+        mapper.activateDefaultTyping(
+                ptv,
+                ObjectMapper.DefaultTyping.NON_FINAL,
+                com.fasterxml.jackson.annotation.JsonTypeInfo.As.PROPERTY
+        );
+
+        return mapper;
+    }
+
+
+    /**
+     * Redis 缓存配置
+     */
+    @Bean
+    public RedisCacheConfiguration redisCacheConfiguration() {
+        ObjectMapper mapper = objectMapper();
+        GenericJackson2JsonRedisSerializer serializer = new GenericJackson2JsonRedisSerializer(mapper);
+
+        return RedisCacheConfiguration.defaultCacheConfig()
+                .entryTtl(Duration.ofMinutes(30))
+                .disableCachingNullValues()
+                .serializeKeysWith(RedisSerializationContext.SerializationPair
+                        .fromSerializer(new StringRedisSerializer()))
+                .serializeValuesWith(RedisSerializationContext.SerializationPair
+                        .fromSerializer(serializer));
+    }
+
+    @Bean
+    public CacheManager cacheManager(RedisConnectionFactory factory) {
+        ObjectMapper mapper = objectMapper();
+        GenericJackson2JsonRedisSerializer serializer = new GenericJackson2JsonRedisSerializer(mapper);
+
+        RedisCacheConfiguration deviceConfig = RedisCacheConfiguration.defaultCacheConfig()
+                .entryTtl(Duration.ofHours(1))
+                .serializeKeysWith(RedisSerializationContext.SerializationPair
+                        .fromSerializer(new StringRedisSerializer()))
+                .serializeValuesWith(RedisSerializationContext.SerializationPair
+                        .fromSerializer(serializer));
+
+        RedisCacheConfiguration collectTaskConfig = RedisCacheConfiguration.defaultCacheConfig()
+                .entryTtl(Duration.ofHours(1))
+                .serializeKeysWith(RedisSerializationContext.SerializationPair
+                        .fromSerializer(new StringRedisSerializer()))
+                .serializeValuesWith(RedisSerializationContext.SerializationPair
+                        .fromSerializer(serializer));
+
+        return RedisCacheManager.builder(factory)
+                .cacheDefaults(redisCacheConfiguration())
+                .withInitialCacheConfigurations(Collections.singletonMap(
+                        "device", deviceConfig
+                ))
+                .withInitialCacheConfigurations(Collections.singletonMap(
+
+                        "collectTask",collectTaskConfig
+                ))
+                .transactionAware()
+                .build();
+    }
+}
\ No newline at end of file
diff --git a/haobang-security-xdr/syslog-serve/src/main/java/com/config/RedisConfig.java b/haobang-security-xdr/syslog-serve/src/main/java/com/config/RedisConfig.java
new file mode 100644
index 0000000..fb208c1
--- /dev/null
+++ b/haobang-security-xdr/syslog-serve/src/main/java/com/config/RedisConfig.java
@@ -0,0 +1,58 @@
+package com.config;
+import com.fasterxml.jackson.datatype.jsr310.JavaTimeModule;
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.data.redis.connection.RedisConnectionFactory;
+import org.springframework.data.redis.core.RedisTemplate;
+import org.springframework.data.redis.serializer.Jackson2JsonRedisSerializer;
+import org.springframework.data.redis.serializer.StringRedisSerializer;
+
+import com.fasterxml.jackson.databind.ObjectMapper;
+ @Configuration
+public class RedisConfig {
+
+
+     @Bean
+     public RedisTemplate<String, Object> redisTemplate(RedisConnectionFactory factory) {
+         RedisTemplate<String, Object> template = new RedisTemplate<>();
+         template.setConnectionFactory(factory);
+
+         // 使用 Jackson2JsonRedisSerializer 并指定类型
+         Jackson2JsonRedisSerializer<Object> serializer = new Jackson2JsonRedisSerializer<>(Object.class);
+
+         ObjectMapper mapper = new ObjectMapper();
+         mapper.registerModule(new JavaTimeModule());
+         mapper.activateDefaultTyping(
+                 mapper.getPolymorphicTypeValidator(),
+                 ObjectMapper.DefaultTyping.NON_FINAL
+         );
+         serializer.setObjectMapper(mapper);
+
+         template.setKeySerializer(new StringRedisSerializer());
+         template.setValueSerializer(serializer);
+         template.setHashKeySerializer(new StringRedisSerializer());
+         template.setHashValueSerializer(serializer);
+         template.afterPropertiesSet();
+
+         return template;
+     }
+/**
+    public RedisTemplate<String, Object> redisTemplate(RedisConnectionFactory connectionFactory) {
+        RedisTemplate<String, Object> template = new RedisTemplate<>();
+        template.setConnectionFactory(connectionFactory);
+
+        // 使用StringRedisSerializer来序列化和反序列化redis的key值
+        template.setKeySerializer(new StringRedisSerializer());
+        // 使用Jackson2JsonRedisSerializer来序列化和反序列化redis的value值
+        Jackson2JsonRedisSerializer<Object> serializer = new Jackson2JsonRedisSerializer<>(Object.class);
+        template.setValueSerializer(serializer);
+
+        // Hash的key和value也分别设置序列化器
+        template.setHashKeySerializer(new StringRedisSerializer());
+        template.setHashValueSerializer(serializer);
+
+        template.afterPropertiesSet();
+        return template;
+    }
+ **/
+}
\ No newline at end of file
diff --git a/haobang-security-xdr/syslog-serve/src/main/java/com/haobang/config/AppConfig.java b/haobang-security-xdr/syslog-serve/src/main/java/com/haobang/config/AppConfig.java
new file mode 100644
index 0000000..86b28e9
--- /dev/null
+++ b/haobang-security-xdr/syslog-serve/src/main/java/com/haobang/config/AppConfig.java
@@ -0,0 +1,132 @@
+package com.haobang.config;
+
+import com.typesafe.config.Config;
+import com.typesafe.config.ConfigFactory;
+import java.io.File;
+import com.typesafe.config.ConfigValueFactory;
+
+import java.util.Map;
+public class AppConfig {
+
+    private static final Config config;
+
+    static {
+        // 加载配置文件
+        File configFile = new File("application.properties");
+        Config loadedConfig;
+
+        if (configFile.exists()) {
+            loadedConfig = ConfigFactory.parseFile(configFile);
+        } else {
+            loadedConfig = ConfigFactory.load("application.properties");
+        }
+
+        // 解析环境变量占位符
+        config = resolveEnvironmentVariables(loadedConfig);
+    }
+
+
+    /**
+     * 解析环境变量占位符
+     */
+    private static Config resolveEnvironmentVariables(Config originalConfig) {
+        Config resolvedConfig = originalConfig;
+
+        // 遍历所有配置项，查找需要解析的占位符
+        for (Map.Entry<String, com.typesafe.config.ConfigValue> entry : originalConfig.entrySet()) {
+            String key = entry.getKey();
+            String value = originalConfig.getString(key);
+
+            if (value.contains("${")) {
+                String resolvedValue = resolvePlaceholder(value);
+                resolvedConfig = resolvedConfig.withValue(
+                        key,
+                        ConfigValueFactory.fromAnyRef(resolvedValue)
+                );
+            }
+        }
+
+        return resolvedConfig;
+    }
+
+    /**
+     * 解析单个占位符值
+     * 格式: ${ENV_VAR:default_value}
+     */
+    private static String resolvePlaceholder(String value) {
+        if (!value.startsWith("${") || !value.endsWith("}")) {
+            return value;
+        }
+
+        String placeholder = value.substring(2, value.length() - 1);
+        String[] parts = placeholder.split(":");
+
+        if (parts.length == 0) {
+            return value; // 无效格式，返回原值
+        }
+
+        String envVarName = parts[0].trim();
+        String defaultValue = parts.length > 1 ? parts[1].trim() : "";
+
+        // 1. 从系统环境变量获取
+        String envValue = System.getenv(envVarName);
+        if (envValue != null && !envValue.trim().isEmpty()) {
+            return envValue.trim();
+        }
+
+        // 2. 从系统属性获取 (java -D参数)
+        String sysValue = System.getProperty(envVarName);
+        if (sysValue != null && !sysValue.trim().isEmpty()) {
+            return sysValue.trim();
+        }
+
+        // 3. 返回默认值
+        return defaultValue;
+    }
+
+    // Syslog 配置
+    public static int getSyslogTcpPort() {
+        return config.getInt("syslog.tcp.port");
+    }
+
+    public static int getSyslogUdpPort() {
+        return config.getInt("syslog.udp.port");
+    }
+
+    public static int getSyslogMaxFrameLength() {
+        return config.getInt("syslog.max.frame.length");
+    }
+
+    public static int getSyslogBufferSize() {
+        return config.getInt("syslog.buffer.size");
+    }
+
+    // app service  配置
+    public static String getAppServieDeviceId() {
+        return config.getString("app.service.device_id");
+    }
+    public static String getAppServieDeviceName() {  return config.getString("app.service.device_name");
+    }
+    public static String  getAppServieVendor() {
+        return config.getString("app.service.vendor");
+    }
+    public static String getAppServieProductName() {
+        return config.getString("app.service.product_name");
+    }
+    public static String getAppServieDataType() {
+        return config.getString("app.service.data_type");
+    }
+    // kafka 配置
+    public static String  getKafkaProducerBootstrap() {
+        return config.getString("spring.kafka.producer.bootstrap-servers");
+    }
+    public static String getKafkaProducerTopic() {
+        return config.getString("spring.kafka.producer.topic");
+    }
+
+    public static int getDeviceCollectId() {
+        return config.getInt("app.service.device_collect_id");
+    }
+
+
+}
diff --git a/haobang-security-xdr/syslog-serve/src/main/java/com/haobang/config/SyslogConfig.java b/haobang-security-xdr/syslog-serve/src/main/java/com/haobang/config/SyslogConfig.java
new file mode 100644
index 0000000..e125fac
--- /dev/null
+++ b/haobang-security-xdr/syslog-serve/src/main/java/com/haobang/config/SyslogConfig.java
@@ -0,0 +1,63 @@
+package com.haobang.config;
+import org.springframework.boot.context.properties.ConfigurationProperties;
+import org.springframework.context.annotation.Bean;
+import org.springframework.stereotype.Component;
+import org.springframework.beans.factory.annotation.Value;
+import org.springframework.context.annotation.PropertySource;
+
+
+@ConfigurationProperties(prefix = "syslog")
+public class SyslogConfig {
+
+    // 读取字符串属性
+    @Value("${syslog.tcp.port}")
+    private int tcpPort;
+    // 读取字符串属性
+    @Value("${syslog.udp.port}")
+    private int udpPort;
+    // 读取字符串属性
+    @Value("${syslog.max.frame.length}")
+    private int maxFrameLength;
+    // 读取字符串属性
+    @Value("${syslog.buffer.size}")
+    private int bufferSize;
+
+    // Getter 和 Setter 方法
+    public int getTcpPort() {
+        return tcpPort;
+    }
+
+    public void setTcpPort(int tcpPort) {
+        this.tcpPort = tcpPort;
+    }
+
+    public int getUdpPort() {
+        return udpPort;
+    }
+
+    public void setUdpPort(int udpPort) {
+        this.udpPort = udpPort;
+    }
+
+    public int getMaxFrameLength() {
+        return maxFrameLength;
+    }
+
+    public void setMaxFrameLength(int maxFrameLength) {
+        this.maxFrameLength = maxFrameLength;
+    }
+
+    public int getBufferSize() {
+        return bufferSize;
+    }
+
+    public void setBufferSize(int bufferSize) {
+        this.bufferSize = bufferSize;
+    }
+
+    @Override
+    public String toString() {
+        return String.format("SyslogConfig[tcpPort=%d, udpPort=%d, maxFrameLength=%d, bufferSize=%d]",
+                tcpPort, udpPort, maxFrameLength, bufferSize);
+    }
+}
\ No newline at end of file
diff --git a/haobang-security-xdr/syslog-serve/src/main/java/com/haobang/syslog/MySyslogClient.java b/haobang-security-xdr/syslog-serve/src/main/java/com/haobang/syslog/MySyslogClient.java
new file mode 100644
index 0000000..aea5801
--- /dev/null
+++ b/haobang-security-xdr/syslog-serve/src/main/java/com/haobang/syslog/MySyslogClient.java
@@ -0,0 +1,40 @@
+package com.haobang.syslog;
+
+import org.graylog2.syslog4j.Syslog;
+import org.graylog2.syslog4j.SyslogIF;
+
+import java.net.URLDecoder;
+import java.util.Date;
+
+public class MySyslogClient {
+    public static void main(String[] args) {
+        try {
+            // 获取syslog的操作类，使用udp协议。syslog支持"udp", "tcp", "unix_syslog", "unix_socket"协议
+            SyslogIF syslog = Syslog.getInstance("udp");
+            // 设置syslog服务器端地址
+            syslog.getConfig().setHost("127.0.0.1");
+            // 设置syslog接收端口，默认514
+            syslog.getConfig().setPort(514);
+            // 拼接syslog日志，这个日志是自己定义的，通常我们定义成符合公司规范的格式就行，方便查询。例如 操作时间：2014年8月1日 操作者ID:张三
+            // 等。信息就是一个字符串。
+            StringBuffer buffer = new StringBuffer();
+            buffer.append("操作时间：" + new Date().toString().substring(4, 20) + ";");
+            buffer.append("操作者ID:" + "张三" + ";");
+            buffer.append("操作时间:" + new Date() + ";");
+            buffer.append("日志类别:" + "22" + ";");
+            buffer.append("执行动作:" + "动作" + ";");
+            buffer.append("备注:" + "<14>2023-06-15 18:30:00|!alarm|!192.168.10.85|!{\"attack_classify_id\": 20000, \"attack_state\": 1, \"dev_id\": \"2D45B4CC\", \"module_type_name\": \"访问恶意文件\", \"status_code\": [206], \"event_desc\": \"发现BITSAdmin下载行为\", \"updated_at\": 1686824955, \"brief\": \"通用文件包含攻击\", \"suffer_branch_id\": 0, \"suffer_country\": \"中国\", \"alert_id\": 217980008, \"reliability\": 2, \"relation\": \"{\\\"cond\\\":{\\\"attack_state\\\":\\\"${attack_state}\\\",\\\"attack_type\\\":\\\"${attack_type}\\\",\\\"dst_ip\\\":\\\"${suffer_ip}\\\",\\\"hole_id\\\":\\\"${hole_ids}\\\",\\\"module_type\\\":\\\"${module_type}\\\",\\\"src_asset_id\\\":\\\"${attack_asset_id}\\\",\\\"sub_attack_type\\\":\\\"${sub_attack_type}\\\"},\\\"from\\\":\\\"ngfw.security\\\",\\\"type\\\":\\\"es\\\"}\", \"is_white\": 0, \"last_time\": 1686789876, \"x_forwarded_for\": [], \"attack_type\": 1, \"sub_attack_type_name\": \"\", \"suggest\": \"1. 请修改应用程序代码，限制在请求参数中包含远程文件。\\\\n\\\\n2. 过滤远程链接地址，防止非法文件链接。\\\\n\\\\n3. 使用下一代防火墙新建一条安全防护策略，启用Web应用防护功能。\", \"suffer_ip\": \"220.181.174.197\", \"tags\": \"发现BITSAdmin下载行为\", \"damage\": \"攻击者可以远程包含一个指定的恶意远程文件并执行。\", \"multi_deal_status\": 0, \"event_evidence\": \"url路径: r4---sn-2x3elnez.gvt1-cn.com/edgedl/release2/update2/frzzivvwnmyuux6g6suhmwmhmy_1.3.36.243/GoogleUpdateSetup.exe?mh=4V&pl=16&shardbypass=sd&redirect_counter=1&rm=sn-j5oe7l&req_id=dc25df16e640d9a4&cms_redirect=yes&cmsv=e&ipbypass=yes&mip=101.40.71.98&mm=28&mn=sn-2x3elnez&ms=nvh&mt=1686789390&mv=m&mvi=4&rmhost=r1---sn-2x3elnez.gvt1-cn.com&smhost=r3---sn-2x3elnee.gvt1-cn.com 状态码: 206 请求头: GET /edgedl/release2/update2/frzzivvwnmyuux6g6suhmwmhmy_1.3.36.243/GoogleUpdateSetup.exe?mh=4V&amp;pl=16&amp;shardbypass=sd&amp;redirect_counter=1&amp;rm=sn-j5oe7l&amp;req_id=dc25df16e640d9a4&amp;cms_redirect=yes&amp;cmsv=e&amp;ipbypass=yes&amp;mip=101.40.71.98&amp;mm=28&amp;mn=sn-2x3elnez&amp;ms=nvh&amp;mt=1686789390&amp;mv=m&amp;mvi=4&amp;rmhost=r1---sn-2x3elnez.gvt1-cn.com&amp;smhost=r3---sn-2x3elnee.gvt1-cn.com HTTP/1.1\\r\\nConnection: Keep-Alive\\r\\nAccept: */*\\r\\nAccept-Encoding: identity\\r\\nIf-Unmodified-Since: Wed, 10 May 2023 17:31:46 GMT\\r\\nRange: bytes=0-1119\\r\\nUser-Agent: Microsoft BITS/7.8\\r\\nX-Old-UID: age=681; cnt=1\\r\\nX-Last-HR: 0x0\\r\\nX-Last-HTTP-Status-Code: 0\\r\\nX-Retry-Count: 0\\r\\nX-HTTP-Attempts: 1\\r\\nHost: r4---sn-2x3elnez.gvt1-cn.com\\r\\n\\r\\n 响应头: HTTP/1.1 206 Partial Content\\r\\nAccept-Ranges: bytes\\r\\nCache-Control: public,max-age=86400\\r\\nContent-Disposition: attachment\\r\\nContent-Length: 1120\\r\\nContent-Security-Policy: default-src 'none'\\r\\nContent-Type: application/octet-stream\\r\\nEtag: \\\"1605112\\\"\\r\\nServer: downloads\\r\\nX-Content-Type-Options: nosniff\\r\\nX-Frame-Options: SAMEORIGIN\\r\\nX-Xss-Protection: 0\\r\\nDate: Wed, 14 Jun 2023 03:38:42 GMT\\r\\nAlt-Svc: h3=\\\":443\\\"; ma=2592000,h3-29=\\\":443\\\"; ma=2592000\\r\\nLast-Modified: Wed, 10 May 2023 17:31:46 GMT\\r\\nContent-Range: bytes 0-1119/1368616\\r\\nConnection: keep-alive\\r\\nVary: Origin\\r\\n\\r\\n 响应体: MZ�\\u0000\\u0003\\u0000\\u0000\\u0000\\u0004\\u0000\\u0000\\u0000�\\u0000\\u0000�\\u0000\\u0000\\u0000\\u0000\\u0000\\u0000\\u0000@\\u0000\\u0000\\u0000\\u0000\\u0000\\u0000\\u0000\\u0000\\u0000\\u0000\\u0000\\u0000\\u0000\\u0000\\u0000\\u0000\\u0000\\u0000\\u0000\\u0000\\u0000\\u0000\\u0000\\u0000\\u0000\\u0000\\u0000\\u0000\\u0000\\u0000\\u0000\\u0000\\u0000\\u0000\\u0000\\b\\u0001\\u0000\\u0000\\u000e\\u001f�\\u000e\\u0000�\\t�!�\\u0001L�!This program cannot be run in DOS mode.\\r\\r\\n$\\u0000\\u0000\\u0000\\u0000\\u0000\\u0000\\u0000Z/\\u000b�\\u001eNe�\\u001eNe�\\u001eNe�<f�\\u0014Ne�<`َNe�<a�\\nNeت$a�\\u000fNeت$f�\\fNeت$`�3Ne�j%l�\\u0018Ne�<d�\\u0013Ne�\\u001eNd�mNe�j%�\\u001fNe�\\u001eN�)Ne�j%g�\\u001fNe�Rich\\u001eNe�\\u0000\\u0000\\u0000\\u0000\\u0000\\u0000\\u0000\\u0000\\u0000\\u0000\\u0000\\u0000\\u0000\\u0000\\u0000\\u0000PE\\u0000\\u0000L\\u0001\\u0005\\u0000!�[d\\u0000\\u0000\\u0000\\u0000\\u0000\\u0000\\u0000\\u0000�\\u0000\\\"\\u0001\\u000b\\u0001\\u000e\\u0014\\u0000t\\u0001\\u0000\\u0000\\u001e\\u0013\\u0000\\u0000\\u0000\\u0000\\u0000\\u000eO\\u0000\\u0000\\u0000\\u0010\\u0000\\u0000\\u0000�\\u0001\\u0000\\u0000\\u0000@\\u0000\\u0000\\u0010\\u0000\\u0000\\u0000\\u0002\\u0000\\u0000\\u0005\\u0000\\u0001\\u0000\\u0000\\u0000\\u0000\\u0000\\u0005\\u0000\\u0001\\u0000\\u0000\\u0000\\u0000\\u0000\\u0000�\\u0014\\u0000\\u0000\\u0004\\u0000\\u0000�\\u0014\\u0000\\u0002\\u0000@�\\u0000\\u0000\\u0010\\u0000\\u0000\\u0010\\u0000\\u0000\\u0000\\u0000\\u0010\\u0000\\u0000\\u0010\\u0000\\u0000\\u0000\\u0000\\u0000\\u0000\\u0010\\u0000\\u0000\\u0000\\u0000\\u0000\\u0000\\u0000\\u0000\\u0000\\u0000\\u0000P�\\u0001\\u0000x\\u0000\\u0000\\u0000\\u0000 \\u0002\\u00008�\\u0012\\u0000\\u0000\\u0000\\u0000\\u0000\\u0000\\u0000\\u0000\\u0000\\u0000�\\u0014\\u0000(L\\u0000\\u0000\\u0000�\\u0014\\u0000�\\u0011\\u0000\\u0000@�\\u0001\\u0000T\\u0000\\u0000\\u0000\\u0000\\u0000\\u0000\\u0000\\u0000\\u0000\\u0000\\u0000\\u0000\\u0000\\u0000\\u0000\\u0000\\u0000\\u0000\\u0000\\u0000\\u0000\\u0000\\u0000\\u0000\\u0000\\u0000\\u0000�\\u0001\\u0000@\\u0000\\u0000\\u0000\\u0000\\u0000\\u0000\\u0000\\u0000\\u0000\\u0000\\u0000\\u0000�\\u0001\\u0000�\\u0001\\u0000\\u0000\\u0000\\u0000\\u0000\\u0000\\u0000\\u0000\\u0000\\u0000\\u0000\\u0000\\u0000\\u0000\\u0000\\u0000\\u0000\\u0000\\u0000\\u0000\\u0000\\u0000\\u0000\\u0000\\u0000\\u0000.text\\u0000\\u0000\\u0000Cr\\u0001\\u0000\\u0000\\u0010\\u0000\\u0000\\u0000t\\u0001\\u0000\\u0000\\u0004\\u0000\\u0000\\u0000\\u0000\\u0000\\u0000\\u0000\\u0000\\u0000\\u0000\\u0000\\u0000\\u0000\\u0000 \\u0000\\u0000`.rdata\\u0000\\u0000�n\\u0000\\u0000\\u0000�\\u0001\\u0000\\u0000p\\u0000\\u0000\\u0000x\\u0001\\u0000\\u0000\\u0000\\u0000\\u0000\\u0000\\u0000\\u0000\\u0000\\u0000\\u0000\\u0000\\u0000@\\u0000\\u0000@.data\\u0000\\u0000\\u0000�\\u0013\\u0000\\u0000\\u0000\\u0000\\u0002\\u0000\\u0000\\n\\u0000\\u0000\\u0000�\\u0001\\u0000\\u0000\\u0000\\u0000\\u0000\\u0000\\u0000\\u0000\\u0000\\u0000\\u0000\\u0000\\u0000@\\u0000\\u0000�.rsrc\\u0000\\u0000\\u00008�\\u0012\\u0000\\u0000 \\u0002\\u0000\\u0000�\\u0012\\u0000\\u0000�\\u0001\\u0000\\u0000\\u0000\\u0000\\u0000\\u0000\\u0000\\u0000\\u0000\\u0000\\u0000\\u0000\\u0000@\\u0000\\u0000@.reloc\\u0000\\u0000�\\u0011\\u0000\\u0000\\u0000�\\u0014\\u0000\\u0000\\u0012\\u0000\\u0000\\u0000�\\u0014\\u0000\\u0000\\u0000\\u0000\\u0000\\u0000\\u0000\\u0000\\u0000\\u0000\\u0000\\u0000\\u0000@\\u0000\\u0000B\\u0000\\u0000\\u0000\\u0000\\u0000\\u0000\\u0000\\u0000\\u0000\\u0000\\u0000\\u0000\\u0000\\u0000\\u0000\\u0000\\u0000\\u0000\\u0000\\u0000\\u0000\\u0000\\u0000\\u0000\\u0000\\u0000\\u0000\\u0000\\u0000\\u0000\\u0000\\u0000\\u0000\\u0000\\u0000\\u0000\\u0000\\u0000\\u0000\\u0000\\u0000\\u0000\\u0000\\u0000\\u0000\\u0000\\u0000\\u0000\\u0000\\u0000\\u0000\\u0000\\u0000\\u0000\\u0000\\u0000\\u0000\\u0000\\u0000\\u0000\\u0000\\u0000\\u0000\\u0000\\u0000\\u0000\\u0000\\u0000\\u0000\\u0000\\u0000\\u0000\\u0000\\u0000\\u0000\\u0000\\u0000\\u0000\\u0000\\u0000\\u0000\\u0000\\u0000\\u0000\\u0000\\u0000\\u0000\\u0000\\u0000\\u0000\\u0000\\u0000\\u0000\\u0000\\u0000\\u0000\\u0000\\u0000\\u0000\\u0000\\u0000\\u0000\\u0000\\u0000\\u0000\\u0000\\u0000\\u0000\\u0000\\u0000\\u0000\\u0000\\u0000\\u0000\\u0000\\u0000\\u0000\\u0000\\u0000\\u0000\\u0000\\u0000\\u0000\\u0000\\u0000\\u0000\\u0000\\u0000\\u0000\\u0000\\u0000\\u0000\\u0000\\u0000\\u0000\\u0000\\u0000\\u0000\\u0000\\u0000\\u0000\\u0000\\u0000\\u0000\\u0000\\u0000\\u0000\\u0000\\u0000\\u0000\\u0000\\u0000\\u0000\\u0000\\u0000\\u0000\\u0000\\u0000\\u0000\\u0000\\u0000\\u0000\\u0000\\u0000\\u0000\\u0000\\u0000\\u0000\\u0000\\u0000\\u0000\\u0000\\u0000\\u0000\\u0000\\u0000\\u0000\\u0000\\u0000\\u0000\\u0000\\u0000\\u0000\\u0000\\u0000\\u0000\\u0000\\u0000\\u0000\\u0000\\u0000\\u0000\\u0000\\u0000\\u0000\\u0000\\u0000\\u0000\\u0000\\u0000\\u0000\\u0000\\u0000\\u0000\\u0000\\u0000\\u0000\\u0000\\u0000\\u0000\\u0000\\u0000\\u0000\\u0000\\u0000\\u0000\\u0000\\u0000\\u0000\\u0000\\u0000\\u0000\\u0000\\u0000\\u0000\\u0000\\u0000\\u0000\\u0000\\u0000\\u0000\\u0000\\u0000\\u0000\\u0000\\u0000\\u0000\\u0000\\u0000\\u0000\\u0000\\u0000\\u0000\\u0000\\u0000\\u0000\\u0000\\u0000\\u0000\\u0000\\u0000\\u0000\\u0000\\u0000\\u0000\\u0000\\u0000\\u0000\\u0000\\u0000\\u0000\\u0000\\u0000\\u0000\\u0000\\u0000\\u0000\\u0000\\u0000\\u0000\\u0000\\u0000\\u0000\\u0000\\u0000\\u0000\\u0000\\u0000\\u0000\\u0000\\u0000\\u0000\\u0000\\u0000\\u0000\\u0000\\u0000\\u0000\\u0000\\u0000\\u0000\\u0000\\u0000\\u0000\\u0000\\u0000\\u0000\\u0000\\u0000\\u0000\\u0000\\u0000\\u0000\\u0000\\u0000\\u0000\\u0000\\u0000\\u0000\\u0000\\u0000\\u0000�<\\u0013B\\u0000�MV\\u0001\\u0000h9�A\\u0000�A\\u0000\\u0000Y�̸�\\u0013B\\u0000�U�j\\u0000j\\u0000�u\\f�u\\b�\\u0015p�A\\u0000]�U�3�}\\b\\u000e\\u0000\\u0007�j\\u0001\\u000f�H�\\u0005\\u001d\\u0000\\u0000�P�U� \", \"suffer_classify1_id_name\": \"未知\", \"suffer_classify_id\": 50000, \"mining_stage\": 0, \"attack_classify1_id_name\": \"终端\", \"attack_direction\": 1, \"log_ids\": [2849032894365892614], \"hash_id\": \"e16183e8bba1d455b3caf0b8e7017764\", \"engine\": \"攻击利用检测模型库\", \"first_time\": 1686789876, \"attack_port\": 55016, \"emergency\": \"normal\", \"sub_attack_type\": 0, \"attack_province\": \"未知\", \"suffer_branch_name\": \"\", \"is_read\": 1, \"module_type\": 40, \"invasion_stage\": 3, \"attack_ip\": \"192.168.45.57\", \"suffer_port\": 80, \"principle\": \"主机运行的插件中存在参数字段没有进行安全过滤，导致存在远程文件包含漏洞。\", \"ioc\": [], \"attack_branch_id\": 5, \"suffer_classify1_id\": 5, \"suffer_asset_id\": 0, \"count\": 1, \"attack_classify1_id\": 2, \"analyze_suggest\": \"\", \"dev_name\": \"SANGFOR STA(192.168.10.84)\", \"attack_asset_id\": 340, \"asset_direction\": 3, \"created_at\": 1686818698, \"attack_country\": \"未知\", \"misreport\": 0, \"suffer_province\": \"北京市\", \"url\": [\"r4---sn-2x3elnez.gvt1-cn.com/edgedl/release2/update2/frzzivvwnmyuux6g6suhmwmhmy_1.3.36.243/GoogleUpdateSetup.exe?mh=4V&pl=16&shardbypass=sd&redirect_counter=1&rm=sn-j5oe7l&req_id=dc25df16e640d9a4&cms_redirect=yes&cmsv=e&ipbypass=yes&mip=101.40.71.98&mm=28&\"], \"record_date\": 20230615, \"net_action\": 1, \"attack_branch_name\": \"45组\", \"hole_ids\": [13060102], \"attack_type_name\": \"下载恶意文件\", \"linkage_status\": 0}\n");
+            /*
+             * 发送信息到服务器，2表示日志级别 范围为0~7的数字编码，表示了事件的严重程度。0最高，7最低 syslog为每个事件赋予几个不同的优先级：
+             * LOG_EMERG：紧急情况，需要立即通知技术人员。 LOG_ALERT：应该被立即改正的问题，如系统数据库被破坏，ISP连接丢失。
+             * LOG_CRIT：重要情况，如硬盘错误，备用连接丢失。 LOG_ERR：错误，不是非常紧急，在一定时间内修复即可。
+             * LOG_WARNING：警告信息，不是错误，比如系统磁盘使用了85%等。 LOG_NOTICE：不是错误情况，也不需要立即处理。
+             * LOG_INFO：情报信息，正常的系统消息，比如骚扰报告，带宽数据等，不需要处理。
+             * LOG_DEBUG：包含详细的开发情报的信息，通常只在调试一个程序时使用。
+             */
+            syslog.log(0, URLDecoder.decode(buffer.toString(), "utf-8"));
+        } catch (Exception e) {
+        }
+    }
+
+}
\ No newline at end of file
diff --git a/haobang-security-xdr/syslog-serve/src/main/java/com/haobang/syslog/MySyslogServer.java b/haobang-security-xdr/syslog-serve/src/main/java/com/haobang/syslog/MySyslogServer.java
new file mode 100644
index 0000000..5d16a40
--- /dev/null
+++ b/haobang-security-xdr/syslog-serve/src/main/java/com/haobang/syslog/MySyslogServer.java
@@ -0,0 +1,58 @@
+package com.haobang.syslog;
+
+import org.graylog2.syslog4j.SyslogConstants;
+import org.graylog2.syslog4j.server.*;
+
+import java.net.SocketAddress;
+
+public class MySyslogServer {
+    private static final String HOST = "127.0.0.1";
+    private static final int PORT = 514;
+    //514
+
+    private void receiveSyslogMessage() throws InterruptedException {
+        SyslogServerIF server = SyslogServer.getInstance(SyslogConstants.UDP);
+        SyslogServerConfigIF config = server.getConfig();
+        config.setHost(HOST);
+        config.setPort(PORT);
+        config.addEventHandler(new SyslogServerSessionEventHandlerIF() {
+            @Override
+            public Object sessionOpened(SyslogServerIF syslogServerIF, SocketAddress socketAddress) {
+                return null;
+            }
+
+            @Override
+            public void event(Object o, SyslogServerIF syslogServerIF, SocketAddress socketAddress,
+                              SyslogServerEventIF syslogServerEventIF) {
+                System.out.println("receive from:" + socketAddress + "\tmessage" + syslogServerEventIF.getMessage());
+            }
+
+            @Override
+            public void exception(Object o, SyslogServerIF syslogServerIF, SocketAddress socketAddress, Exception e) {
+
+            }
+
+            @Override
+            public void sessionClosed(Object o, SyslogServerIF syslogServerIF, SocketAddress socketAddress, boolean b) {
+
+            }
+
+            @Override
+            public void initialize(SyslogServerIF syslogServerIF) {
+
+            }
+
+            @Override
+            public void destroy(SyslogServerIF syslogServerIF) {
+
+            }
+        });
+        SyslogServer.getThreadedInstance(SyslogConstants.UDP);
+        Thread.sleep(100000);
+    }
+
+
+    public static void main(String[] args) throws InterruptedException {
+        new MySyslogServer().receiveSyslogMessage();
+    }
+}
\ No newline at end of file
diff --git a/haobang-security-xdr/syslog-serve/src/main/java/com/haobang/syslog/TestSyslogServer.java b/haobang-security-xdr/syslog-serve/src/main/java/com/haobang/syslog/TestSyslogServer.java
new file mode 100644
index 0000000..68955b8
--- /dev/null
+++ b/haobang-security-xdr/syslog-serve/src/main/java/com/haobang/syslog/TestSyslogServer.java
@@ -0,0 +1,47 @@
+package com.haobang.syslog;
+
+import java.net.DatagramPacket;
+import java.net.DatagramSocket;
+
+public class TestSyslogServer {
+    public static void main(String[] args) throws Throwable {
+        // TODO Auto-generated method stub
+        DatagramSocket datagramSocket = new DatagramSocket(514);
+        while (true) {
+            DatagramPacket packet = new DatagramPacket(new byte[1000], 1000);
+            try {
+                //不会造成死循环，因为receive是阻塞式方法，若发送方不发送数据，则阻塞在该处
+                datagramSocket.receive(packet);
+                String msg = new String(packet.getData(), 0, packet.getLength());
+                //handelMessage(msg);
+
+                System.out.println(packet.getAddress() + "/" + packet.getPort() + ":" + msg);
+                packet.setData("I am server!!!".getBytes());
+                datagramSocket.send(packet);
+                Thread.sleep(1000);
+            } catch (Exception e) {
+                e.printStackTrace();
+            }
+
+        }
+
+    }
+
+    public static void handelMessage(String messageFragment){
+        StringBuilder currentMessage = new StringBuilder();
+        boolean isSplitMessage = messageFragment.endsWith("..."); // 根据拆分标志判断消息是否被拆分
+
+        if (isSplitMessage) {
+            // 拆分的消息片段，将其合并到当前消息
+            currentMessage.append(messageFragment.substring(0, messageFragment.length() - 3));
+        } else {
+            // 完整的消息，处理并重置当前消息
+            currentMessage.append(messageFragment);
+            handleCompleteMessage(currentMessage.toString());
+            currentMessage.setLength(0);
+        }
+    }
+    public static void handleCompleteMessage(String completeMessage){
+        System.out.println("接收到完整消息：" + completeMessage);
+    }
+}
diff --git a/haobang-security-xdr/syslog-serve/src/main/java/com/haobang/util/DeviceInfoUtil.java b/haobang-security-xdr/syslog-serve/src/main/java/com/haobang/util/DeviceInfoUtil.java
new file mode 100644
index 0000000..40f5a2d
--- /dev/null
+++ b/haobang-security-xdr/syslog-serve/src/main/java/com/haobang/util/DeviceInfoUtil.java
@@ -0,0 +1,118 @@
+package com.haobang.util;
+
+
+import com.common.entity.DeviceDevice;
+import com.fasterxml.jackson.databind.ObjectMapper;
+import com.haobang.config.AppConfig;
+
+import java.util.LinkedHashMap;
+import java.util.Map;
+import java.time.LocalDateTime;
+import java.time.format.DateTimeFormatter;
+public class DeviceInfoUtil {
+
+    /**
+     * 补充设备配置信息 key value值
+     * @param strSyslog
+     * @return
+     */
+    public   static  String  getFullLogString(String strSyslog)
+    {
+        ObjectMapper objectMapper = new ObjectMapper();
+        // 创建设备配置信息MAP
+        // 获取当前时间（精度到毫秒）
+        LocalDateTime now = LocalDateTime.now();
+        // 定义格式化器，包含毫秒
+        DateTimeFormatter formatter = DateTimeFormatter.ofPattern("yyyyMMddHHmmssSSS");
+        // 转换为字符串
+        String timeString = now.format(formatter);
+
+        Map<String, String> map = new LinkedHashMap<>();
+        map.put("receive_time",timeString);
+        map.put("device_id", AppConfig.getAppServieDeviceId());
+        map.put("device_name", AppConfig.getAppServieDeviceName());
+        map.put("vendor", AppConfig.getAppServieVendor());
+        map.put("data_type", AppConfig.getAppServieDataType());
+        map.put("device_collect_id", Long.toString(AppConfig.getDeviceCollectId()));
+
+        String formattedString = formatDeviceInfo(map);
+        //return  formattedString + "" + strSyslog.substring(34);
+
+        //测试环境截取34位之后字符串
+        return  formattedString + strSyslog;
+    }
+    /**
+     * 补充设备配置信息 key value值
+     * @param strSyslog
+     * @return
+     */
+    public   static  String  getFullLogString(DeviceDevice deviceDevice,String strSyslog)
+    {
+        ObjectMapper objectMapper = new ObjectMapper();
+        // 创建设备配置信息MAP
+        // 获取当前时间（精度到毫秒）
+        LocalDateTime now = LocalDateTime.now();
+        // 定义格式化器，包含毫秒
+        DateTimeFormatter formatter = DateTimeFormatter.ofPattern("yyyyMMddHHmmssSSS");
+        // 转换为字符串
+        String timeString = now.format(formatter);
+        Map<String, String> map = new LinkedHashMap<>();
+        map.put("receive_time",timeString);
+        map.put("device_id",deviceDevice.getId().toString());
+        map.put("device_name", deviceDevice.getName());
+        map.put("vendor", deviceDevice.getVendor());
+        map.put("data_type", AppConfig.getAppServieDataType());
+        map.put("device_collect_id", Long.toString(AppConfig.getDeviceCollectId()));
+        String formattedString = formatDeviceInfo(map);
+        //return  formattedString + "" + strSyslog.substring(34);
+        //测试环境截取34位之后字符串
+        return  formattedString + strSyslog;
+    }
+
+    public   static  String  getFullLogString(DeviceDevice deviceDevice,String strSyslog,String receive_time)
+    {
+        ObjectMapper objectMapper = new ObjectMapper();
+        // 创建设备配置信息MAP
+        // 获取当前时间（精度到毫秒）
+        LocalDateTime now = LocalDateTime.now();
+        // 定义格式化器，包含毫秒
+        DateTimeFormatter formatter = DateTimeFormatter.ofPattern("yyyyMMddHHmmssSSS");
+        // 转换为字符串
+        String timeString = now.format(formatter);
+        Map<String, String> map = new LinkedHashMap<>();
+        map.put("receive_time",receive_time);
+        map.put("device_id",deviceDevice.getId().toString());
+        map.put("device_name", deviceDevice.getName());
+        map.put("vendor", deviceDevice.getVendor());
+        map.put("data_type", AppConfig.getAppServieDataType());
+        map.put("device_collect_id", Long.toString(AppConfig.getDeviceCollectId()));
+        String formattedString = formatDeviceInfo(map);
+        //return  formattedString + "" + strSyslog.substring(34);
+        //测试环境截取34位之后字符串
+        return  formattedString + strSyslog;
+    }
+
+
+    public static String formatDeviceInfo(Map<String, String> deviceData) {
+        if (deviceData == null || deviceData.isEmpty()) {
+            return "[]"; // 返回空括号表示无数据
+        }
+        StringBuilder sb = new StringBuilder();
+        sb.append("["); // 开始字符
+
+        // 使用 LinkedHashMap 保持插入顺序
+        boolean firstEntry = true;
+        for (Map.Entry<String, String> entry : deviceData.entrySet()) {
+            if (!firstEntry) {
+                sb.append(" "); // 键值对之间用空格分隔
+            }
+            sb.append(entry.getKey())
+                    .append("=")
+                    .append(entry.getValue());
+            firstEntry = false;
+        }
+        sb.append("]"); // 结束字符
+        return sb.toString();
+    }
+
+}
diff --git a/haobang-security-xdr/syslog-serve/src/main/java/com/haobang/util/SafeCacheUtil.java b/haobang-security-xdr/syslog-serve/src/main/java/com/haobang/util/SafeCacheUtil.java
new file mode 100644
index 0000000..26eef7b
--- /dev/null
+++ b/haobang-security-xdr/syslog-serve/src/main/java/com/haobang/util/SafeCacheUtil.java
@@ -0,0 +1,108 @@
+package com.haobang.util;
+
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.data.redis.core.RedisTemplate;
+import org.springframework.stereotype.Component;
+import com.fasterxml.jackson.databind.ObjectMapper;
+import java.util.concurrent.TimeUnit;
+import java.util.function.Supplier;
+import java.util.LinkedHashMap;
+import  java.util.List ;
+import java.util.stream.Collectors;
+
+@Component
+public class SafeCacheUtil {
+
+    @Autowired
+    private RedisTemplate<String, Object> redisTemplate;
+
+    @Autowired
+    private ObjectMapper objectMapper;
+
+    /**
+     * 安全的缓存获取方法
+     */
+    @SuppressWarnings("unchecked")
+    public <T> T getSafe(String key, Class<T> clazz, Supplier<T> loader) {
+        try {
+            Object cached = redisTemplate.opsForValue().get(key);
+
+            if (cached == null) {
+                // 缓存不存在，从数据源加载
+                T value = loader.get();
+                if (value != null) {
+                    redisTemplate.opsForValue().set(key, value, 30, TimeUnit.MINUTES);
+                }
+                return value;
+            }
+
+            // 类型匹配，直接返回
+            if (clazz.isInstance(cached)) {
+                return (T) cached;
+            }
+
+            // 类型不匹配，尝试转换
+            if (cached instanceof LinkedHashMap) {
+                return objectMapper.convertValue(cached, clazz);
+            }
+
+            // 无法转换，重新加载
+            T value = loader.get();
+            if (value != null) {
+                redisTemplate.opsForValue().set(key, value, 30, TimeUnit.MINUTES);
+            }
+            return value;
+
+        } catch (Exception e) {
+            // 缓存出错，降级到数据源
+            return loader.get();
+        }
+    }
+
+    /**
+     * 安全的列表缓存获取
+     */
+    @SuppressWarnings("unchecked")
+    public <T> List<T> getSafeList(String key, Class<T> elementClass, Supplier<List<T>> loader) {
+        try {
+            Object cached = redisTemplate.opsForValue().get(key);
+
+            if (cached == null) {
+                List<T> value = loader.get();
+                if (value != null && !value.isEmpty()) {
+                    redisTemplate.opsForValue().set(key, value, 30, TimeUnit.MINUTES);
+                }
+                return value;
+            }
+
+            // 已经是正确的类型
+            if (cached instanceof List &&
+                    !((List<?>) cached).isEmpty() &&
+                    elementClass.isInstance(((List<?>) cached).get(0))) {
+                return (List<T>) cached;
+            }
+
+            // 需要转换
+            if (cached instanceof List) {
+                List<LinkedHashMap> rawList = (List<LinkedHashMap>) cached;
+                List<T> convertedList = rawList.stream()
+                        .map(item -> objectMapper.convertValue(item, elementClass))
+                        .collect(Collectors.toList());
+
+                // 更新缓存为正确格式
+                redisTemplate.opsForValue().set(key, convertedList, 30, TimeUnit.MINUTES);
+                return convertedList;
+            }
+
+            // 无法处理，重新加载
+            List<T> value = loader.get();
+            if (value != null && !value.isEmpty()) {
+                redisTemplate.opsForValue().set(key, value, 30, TimeUnit.MINUTES);
+            }
+            return value;
+
+        } catch (Exception e) {
+            return loader.get();
+        }
+    }
+}
\ No newline at end of file
diff --git a/haobang-security-xdr/syslog-serve/src/main/java/com/haobang/util/SpringContextUtil.java b/haobang-security-xdr/syslog-serve/src/main/java/com/haobang/util/SpringContextUtil.java
new file mode 100644
index 0000000..7af13d1
--- /dev/null
+++ b/haobang-security-xdr/syslog-serve/src/main/java/com/haobang/util/SpringContextUtil.java
@@ -0,0 +1,34 @@
+package com.haobang.util;
+
+import org.springframework.beans.BeansException;
+import org.springframework.context.ApplicationContext;
+import org.springframework.context.ApplicationContextAware;
+import org.springframework.stereotype.Component;
+
+@Component
+public class SpringContextUtil implements ApplicationContextAware {
+
+    private static ApplicationContext applicationContext;
+
+    @Override
+    public void setApplicationContext(ApplicationContext applicationContext) throws BeansException {
+        SpringContextUtil.applicationContext = applicationContext;
+    }
+
+    public static ApplicationContext getApplicationContext() {
+        return applicationContext;
+    }
+
+    public static <T> T getBean(Class<T> clazz) {
+        return applicationContext.getBean(clazz);
+    }
+
+    public static <T> T getBean(String name, Class<T> clazz) {
+        return applicationContext.getBean(name, clazz);
+    }
+
+    // 专门获取 Mapper 的方法
+    public static <T> T getMapper(Class<T> mapperClass) {
+        return applicationContext.getBean(mapperClass);
+    }
+}
\ No newline at end of file
diff --git a/haobang-security-xdr/syslog-serve/src/main/java/com/haobang/util/TimeUtils.java b/haobang-security-xdr/syslog-serve/src/main/java/com/haobang/util/TimeUtils.java
new file mode 100644
index 0000000..0b391aa
--- /dev/null
+++ b/haobang-security-xdr/syslog-serve/src/main/java/com/haobang/util/TimeUtils.java
@@ -0,0 +1,45 @@
+package com.haobang.util;
+
+import java.time.LocalDateTime;
+import java.time.format.DateTimeFormatter;
+
+public class TimeUtils {
+
+    private static final DateTimeFormatter DEFAULT_FORMATTER =
+            DateTimeFormatter.ofPattern("yyyy-MM-dd HH:mm:ss.SSS");
+
+    /**
+     * 获取当前时间的字符串表示（包含毫秒）
+     */
+    public static String getCurrentTimeString() {
+        return LocalDateTime.now().format(DEFAULT_FORMATTER);
+    }
+
+    /**
+     * 获取指定格式的当前时间字符串
+     */
+    public static String getCurrentTimeString(String pattern) {
+        DateTimeFormatter formatter = DateTimeFormatter.ofPattern(pattern);
+        return LocalDateTime.now().format(formatter);
+    }
+
+    /**
+     * 获取时间戳格式的字符串（无分隔符）
+     */
+    public static String getTimestampString() {
+        return getCurrentTimeString("yyyyMMddHHmmssSSS");
+    }
+    /**
+     * 获取当前时间戳（毫秒）
+     */
+    public static long getCurrentTimestamp() {
+        return System.currentTimeMillis();
+    }
+
+    // 使用示例
+    public static void main(String[] args) {
+        System.out.println("默认格式: " + getCurrentTimeString());
+        System.out.println("时间戳格式: " + getTimestampString());
+        System.out.println("自定义格式: " + getCurrentTimeString("yyyy/MM/dd HH:mm:ss.SSS"));
+    }
+}
\ No newline at end of file
diff --git a/haobang-security-xdr/syslog-serve/src/main/java/com/kafka/kafkaConsumer.java b/haobang-security-xdr/syslog-serve/src/main/java/com/kafka/kafkaConsumer.java
new file mode 100644
index 0000000..ce53729
--- /dev/null
+++ b/haobang-security-xdr/syslog-serve/src/main/java/com/kafka/kafkaConsumer.java
@@ -0,0 +1,62 @@
+package com.kafka;
+import org.apache.kafka.clients.consumer.*;
+import org.apache.kafka.common.serialization.StringDeserializer;
+import java.time.Duration;
+import java.util.Collections;
+import java.util.Properties;
+
+
+public class kafkaConsumer {
+
+
+    public static void main(String[] args) {
+        // 配置消费者属性
+        Properties props = new Properties();
+        props.put(ConsumerConfig.BOOTSTRAP_SERVERS_CONFIG, "192.168.222.130:9092");
+        props.put(ConsumerConfig.GROUP_ID_CONFIG, "test-group");
+        props.put(ConsumerConfig.KEY_DESERIALIZER_CLASS_CONFIG, StringDeserializer.class.getName());
+        props.put(ConsumerConfig.VALUE_DESERIALIZER_CLASS_CONFIG, StringDeserializer.class.getName());
+
+        // 可选配置
+        props.put(ConsumerConfig.AUTO_OFFSET_RESET_CONFIG, "earliest"); // 从最早的消息开始消费
+        props.put(ConsumerConfig.ENABLE_AUTO_COMMIT_CONFIG, "true"); // 自动提交偏移量
+        props.put(ConsumerConfig.AUTO_COMMIT_INTERVAL_MS_CONFIG, "1000"); // 自动提交间隔
+
+        // 创建消费者实例
+        Consumer<String, String> consumer = new KafkaConsumer<>(props);
+
+        try {
+            // 订阅主题
+            consumer.subscribe(Collections.singletonList("test-topic"));
+
+            System.out.println("开始消费消息...");
+
+            // 持续消费消息
+            while (true) {
+                // 拉取消息（等待最多100毫秒）
+                ConsumerRecords<String, String> records = consumer.poll(Duration.ofMillis(100));
+
+                for (ConsumerRecord<String, String> record : records) {
+                    System.out.printf(
+                            "收到消息: 主题=%s, 分区=%d, 偏移量=%d, 键=%s, 值=%s%n",
+                            record.topic(),
+                            record.partition(),
+                            record.offset(),
+                            record.key(),
+                            record.value()
+                    );
+
+                    // 这里可以添加业务处理逻辑
+                }
+
+                // 手动提交偏移量（如果禁用自动提交）
+                // consumer.commitSync();
+            }
+        } catch (Exception e) {
+            e.printStackTrace();
+        } finally {
+            // 关闭消费者
+            consumer.close();
+        }
+    }
+}
diff --git a/haobang-security-xdr/syslog-serve/src/main/java/com/kafka/kafkaProducer.java b/haobang-security-xdr/syslog-serve/src/main/java/com/kafka/kafkaProducer.java
new file mode 100644
index 0000000..74ddcce
--- /dev/null
+++ b/haobang-security-xdr/syslog-serve/src/main/java/com/kafka/kafkaProducer.java
@@ -0,0 +1,170 @@
+package com.kafka;
+import com.common.entity.DeviceDevice;
+import org.apache.kafka.clients.producer.*;
+import org.apache.kafka.common.serialization.StringSerializer;
+
+import java.util.LinkedHashMap;
+import java.util.Properties;
+
+import com.haobang.config.AppConfig;
+import com.fasterxml.jackson.databind.ObjectMapper;
+import java.util.Map;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import com.haobang.util.DeviceInfoUtil;
+
+
+public class kafkaProducer {
+
+    private static final Logger logger = LoggerFactory.getLogger(kafkaProducer.class);
+
+    public static void main(String[] args) {
+       // System.out.println(getFullLogString("syslogmessage"));
+
+
+
+        // 配置生产者属性
+        Properties props = new Properties();
+        //props.put(ProducerConfig.BOOTSTRAP_SERVERS_CONFIG, "192.168.222.130:9092");
+        props.put(ProducerConfig.BOOTSTRAP_SERVERS_CONFIG, AppConfig.getKafkaProducerBootstrap());
+        props.put(ProducerConfig.KEY_SERIALIZER_CLASS_CONFIG, StringSerializer.class.getName());
+        props.put(ProducerConfig.VALUE_SERIALIZER_CLASS_CONFIG, StringSerializer.class.getName());
+
+        // 可选配置：提高可靠性
+        props.put(ProducerConfig.ACKS_CONFIG, "all");
+        props.put(ProducerConfig.RETRIES_CONFIG, 3);
+        props.put(ProducerConfig.ENABLE_IDEMPOTENCE_CONFIG, true);
+
+        // 创建生产者实例
+        Producer<String, String> producer = new KafkaProducer<>(props);
+
+        try {
+            // 发送10条消息
+            //for (int i = 0; i < 1; i++) {
+                String key = "key-" + "1";
+                String value = "message-" +  "1" + " at " + System.currentTimeMillis();
+
+                // 创建生产者记录
+                ProducerRecord<String, String> record =
+                        new ProducerRecord<>(AppConfig.getKafkaProducerTopic(), key, value);
+
+                // 发送消息（异步方式）
+                producer.send(record, new Callback() {
+                    @Override
+                    public void onCompletion(RecordMetadata metadata, Exception exception) {
+                        if (exception == null) {
+                            System.out.println("消息发送成功: " +
+                                    "主题=" + metadata.topic() +
+                                    ", 分区=" + metadata.partition() +
+                                    ", 偏移量=" + metadata.offset());
+                                                    } else {
+                            System.err.println("消息发送失败: " + exception.getMessage());
+                        }
+                    }
+                });
+                // 同步发送方式（如果需要）
+                // RecordMetadata metadata = producer.send(record).get();
+                // System.out.println("同步发送成功: " + metadata.offset());
+           // }
+        } catch (Exception e) {
+            e.printStackTrace();
+        } finally {
+            // 关闭生产者
+            producer.close();
+        }
+    }
+
+    /**
+     *      * syslog 文本消息
+     *      * @param strSyslog
+     */
+
+    public static void  messagePush(DeviceDevice deviceDevice, String  strSyslog,String strReceiveTime)
+    {
+        // 配置生产者属性
+        Properties props = new Properties();
+        props.put(ProducerConfig.BOOTSTRAP_SERVERS_CONFIG, AppConfig.getKafkaProducerBootstrap());
+        props.put(ProducerConfig.KEY_SERIALIZER_CLASS_CONFIG, StringSerializer.class.getName());
+        props.put(ProducerConfig.VALUE_SERIALIZER_CLASS_CONFIG, StringSerializer.class.getName());
+
+        // 可选配置：提高可靠性
+        props.put(ProducerConfig.ACKS_CONFIG, "all");
+        props.put(ProducerConfig.RETRIES_CONFIG, 3);
+        props.put(ProducerConfig.ENABLE_IDEMPOTENCE_CONFIG, true);
+
+        // 创建生产者实例
+        Producer<String, String> producer = new KafkaProducer<>(props);
+        try {
+
+                String key = "key-" + System.currentTimeMillis();
+                //String value = DeviceInfoUtil.getFullLogString(strSyslog);
+                //采用动态获取Syslog 请求的设备信息
+                String value = DeviceInfoUtil.getFullLogString(deviceDevice,strSyslog,strReceiveTime);
+                // 创建生产者记录
+                ProducerRecord<String, String> record =
+                        new ProducerRecord<>(AppConfig.getKafkaProducerTopic(), key, value);
+
+                // 发送消息（异步方式）
+                producer.send(record, new Callback() {
+                    @Override
+                    public void onCompletion(RecordMetadata metadata, Exception exception) {
+                        if (exception == null) {
+                            System.out.println("消息发送成功: " +
+                                    "主题=" + metadata.topic() +
+                                    ", 分区=" + metadata.partition() +
+                                    ", 偏移量=" + metadata.offset());
+                        } else {
+                            System.err.println("消息发送失败: " + exception.getMessage());
+                            logger.error("消息发送失败: " + exception.getMessage());
+                        }
+                    }
+                });
+
+                // 同步发送方式（如果需要）
+                // RecordMetadata metadata = producer.send(record).get();
+                // System.out.println("同步发送成功: " + metadata.offset());
+
+        } catch (Exception e) {
+            e.printStackTrace();
+        } finally {
+            // 关闭生产者
+            producer.close();
+        }
+    }
+
+    /**
+     * 生成json字符串，补充设备配置信息
+     * @param strSyslog
+     * @return
+     */
+    private  static  String  getLogJsonString(String strSyslog)
+    {
+        ObjectMapper objectMapper = new ObjectMapper();
+        // 创建设备配置信息MAP
+        Map<String, Object> map = new LinkedHashMap<>();
+        map.put("device_id",AppConfig.getAppServieDeviceId() );
+        map.put("device_name", AppConfig.getAppServieDeviceName());
+        map.put("vendor", AppConfig.getAppServieVendor());
+        map.put("data_type", AppConfig.getAppServieDataType());
+        // 添加syslogMessage
+        map.put("syslogMessage", strSyslog);
+        try {
+            //生成json消息字符串
+            String json = objectMapper.writeValueAsString(map);
+            return json;
+        }
+        catch(Exception ex)
+        {
+            logger.error("kafkaProducer getLogJsonString(）生成json字符串 异常: syslog: "+ strSyslog);
+            logger.error("Exception: : "+ ex.getMessage());
+        }
+        return null;
+    }
+
+
+
+
+}
+
+
+
diff --git a/haobang-security-xdr/syslog-serve/src/main/java/com/netty/SyslogMessage.java b/haobang-security-xdr/syslog-serve/src/main/java/com/netty/SyslogMessage.java
new file mode 100644
index 0000000..89fadda
--- /dev/null
+++ b/haobang-security-xdr/syslog-serve/src/main/java/com/netty/SyslogMessage.java
@@ -0,0 +1,75 @@
+package com.netty;
+
+import java.util.Date;
+
+/**
+ * Syslog 消息实体类
+ */
+public class SyslogMessage {
+    private Integer facility;
+    private Integer severity;
+    private Date timestamp;
+    private String hostname;
+    private String message;
+
+    // 构造函数
+    public SyslogMessage() {}
+
+    // Getter 和 Setter 方法
+    public Integer getFacility() {
+        return facility;
+    }
+
+    public void setFacility(Integer facility) {
+        this.facility = facility;
+    }
+
+    public Integer getSeverity() {
+        return severity;
+    }
+
+    public void setSeverity(Integer severity) {
+        this.severity = severity;
+    }
+
+    public Date getTimestamp() {
+        return timestamp;
+    }
+
+    public void setTimestamp(String timestamp) {
+        // 这里可以添加时间戳解析逻辑
+        // 简化实现，直接使用当前时间
+        this.timestamp = new Date();
+    }
+
+    public void setTimestamp(Date timestamp) {
+        this.timestamp = timestamp;
+    }
+
+    public String getHostname() {
+        return hostname;
+    }
+
+    public void setHostname(String hostname) {
+        this.hostname = hostname;
+    }
+
+    public String getMessage() {
+        return message;
+    }
+
+    public void setMessage(String message) {
+        this.message = message;
+    }
+
+    @Override
+    public String toString() {
+        return "SyslogMessage{" +
+                "facility=" + facility +
+                ", severity=" + severity +
+                ", timestamp=" + timestamp +
+                ", hostname='" + hostname + '\'' +
+                ", message='" + message + '\'' +
+                '}';
+    }
+}
\ No newline at end of file
diff --git a/haobang-security-xdr/syslog-serve/src/main/java/com/netty/SyslogMessageHandler.java b/haobang-security-xdr/syslog-serve/src/main/java/com/netty/SyslogMessageHandler.java
new file mode 100644
index 0000000..d4bf729
--- /dev/null
+++ b/haobang-security-xdr/syslog-serve/src/main/java/com/netty/SyslogMessageHandler.java
@@ -0,0 +1,149 @@
+package com.netty;
+
+import io.netty.channel.ChannelHandlerContext;
+import io.netty.channel.SimpleChannelInboundHandler;
+import io.netty.channel.socket.DatagramPacket;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+import java.net.InetSocketAddress;
+import com.kafka.kafkaProducer;
+import com.Modules.Device.DeviceProcess;
+/**
+ * Syslog 消息处理器
+ */
+public class SyslogMessageHandler extends SimpleChannelInboundHandler<Object> {
+    private static final Logger logger = LoggerFactory.getLogger(SyslogMessageHandler.class);
+
+    @Override
+    protected void channelRead0(ChannelHandlerContext ctx, Object msg) throws Exception {
+        String message;
+        String source;
+        String source_ip;
+        String networkProtocol;
+        int source_port;
+        if (msg instanceof DatagramPacket) {
+            // UDP 消息处理
+            DatagramPacket packet = (DatagramPacket) msg;
+            message = packet.content().toString(io.netty.util.CharsetUtil.UTF_8);
+            source_ip=packet.sender().getAddress().getHostAddress();
+            source_port=packet.sender().getPort();
+            source = packet.sender().getAddress().getHostAddress() + ":" + packet.sender().getPort();
+            networkProtocol="UDP";
+            logger.info("Received syslog from {}: {}", source, message);
+        } else if (msg instanceof String) {
+            // TCP 消息处理
+            message = (String) msg;
+            InetSocketAddress remoteAddress = (InetSocketAddress) ctx.channel().remoteAddress();
+            source = remoteAddress.getAddress().getHostAddress() + ":" + remoteAddress.getPort();
+            source_ip=remoteAddress.getAddress().getHostAddress();
+            source_port=remoteAddress.getPort();
+            networkProtocol="TCP";
+            logger.info("Received syslog from {}: {}", source, message);
+        } else {
+            logger.warn("Received unknown message type: {}", msg.getClass().getName());
+            return;
+        }
+        DeviceProcess deviceProcess   = new DeviceProcess(source_ip);
+        try {
+            //日志推送的设备信息进行鉴权处理
+            int deviceId = deviceProcess.getDeviceID(source_ip);
+            if (deviceId < 0) {
+                logger.info("syslog message 的请求设备IP:{}非系统注册，暂不做处理！",source_ip);
+                //创建未知设备
+                deviceProcess.saveDeviceUnknow(networkProtocol);
+                return;
+            }
+            if (!deviceProcess.IsBelongDeviceCollectTask()) {
+                logger.info("syslog message 的请求设备IP:{}不归属当前采集探针，暂不做处理！",source_ip);
+                return;
+            }
+            //插入PG库接收记录
+            deviceProcess.saveDeviceReceiveLog(message,true);
+            kafkaProducer.messagePush(deviceProcess.getDeviceDevice(), message, deviceProcess.getDeviceReceiveLog().getReceiveTimeStr());
+
+        } catch (Exception e) {
+            //记录日志推送失败
+            deviceProcess.saveDeviceReceiveLog(message,false);
+            logger.warn("Failed to Push syslog message",  e);
+
+        }
+        // 处理 Syslog 消息
+        //processSyslogMessage(message.trim(), source);
+    }
+
+    private void processSyslogMessage(String message, String source) {
+        // 这里可以添加 Syslog 消息解析逻辑
+        // 根据 RFC 3164 或 RFC 5424 解析消息
+        System.out.println("Received syslog from "+  source +", msg:"+ message);
+        logger.info("Received syslog from {}: {}", source, message);
+
+
+        try {
+            SyslogMessage syslogMsg = parseSyslogMessage(message);
+            logger.info("Parsed syslog - Facility: {}, Severity: {}, Timestamp: {}, Host: {}, Message: {}",
+                    syslogMsg.getFacility(),
+                    syslogMsg.getSeverity(),
+                    syslogMsg.getTimestamp(),
+                    syslogMsg.getHostname(),
+                    syslogMsg.getMessage());
+
+            // 这里可以添加消息存储或其他处理逻辑
+            // storeToDatabase(syslogMsg);
+
+        } catch (Exception e) {
+            logger.warn("Failed to parse syslog message: {}", message, e);
+        }
+    }
+
+    /**
+     * 简单的 Syslog 消息解析（RFC 3164 格式）
+     */
+    private SyslogMessage parseSyslogMessage(String message) {
+        SyslogMessage syslogMsg = new SyslogMessage();
+
+        // 尝试解析 PRI 部分
+        if (message.startsWith("<")) {
+            int priEnd = message.indexOf(">");
+            if (priEnd > 0) {
+                String priStr = message.substring(1, priEnd);
+                try {
+                    int pri = Integer.parseInt(priStr);
+                    int facility = pri >> 3;
+                    int severity = pri & 0x07;
+
+                    syslogMsg.setFacility(facility);
+                    syslogMsg.setSeverity(severity);
+
+                    message = message.substring(priEnd + 1).trim();
+                } catch (NumberFormatException e) {
+                    // 忽略 PRI 解析错误
+                }
+            }
+        }
+
+        // 尝试解析时间戳和主机名
+        // 这是一个简化的解析，实际实现可能需要更复杂的逻辑
+        String[] parts = message.split(" ", 5);
+        if (parts.length >= 4) {
+            // 假设前三个部分是时间戳，第四个部分是主机名
+            String timestamp = parts[0] + " " + parts[1] + " " + parts[2];
+            syslogMsg.setTimestamp(timestamp);
+            syslogMsg.setHostname(parts[3]);
+
+            if (parts.length == 5) {
+                syslogMsg.setMessage(parts[4]);
+            }
+        } else {
+            syslogMsg.setMessage(message);
+        }
+
+        return syslogMsg;
+    }
+
+    @Override
+    public void exceptionCaught(ChannelHandlerContext ctx, Throwable cause) {
+        logger.error("Exception in channel handler", cause);
+        ctx.close();
+    }
+}
\ No newline at end of file
diff --git a/haobang-security-xdr/syslog-serve/src/main/java/com/netty/SyslogServer.java b/haobang-security-xdr/syslog-serve/src/main/java/com/netty/SyslogServer.java
new file mode 100644
index 0000000..8b3dd45
--- /dev/null
+++ b/haobang-security-xdr/syslog-serve/src/main/java/com/netty/SyslogServer.java
@@ -0,0 +1,84 @@
+package com.netty;
+
+import io.netty.bootstrap.Bootstrap;
+import io.netty.bootstrap.ServerBootstrap;
+import io.netty.channel.ChannelFuture;
+import io.netty.channel.ChannelOption;
+import io.netty.channel.EventLoopGroup;
+import io.netty.channel.nio.NioEventLoopGroup;
+import io.netty.channel.socket.nio.NioDatagramChannel;
+import io.netty.channel.socket.nio.NioServerSocketChannel;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+/**
+ * Syslog 服务器主类，支持 TCP 和 UDP 协议
+ */
+public class SyslogServer {
+    private static final Logger logger = LoggerFactory.getLogger(SyslogServer.class);
+
+    private final int tcpPort;
+    private final int udpPort;
+
+    public SyslogServer(int tcpPort, int udpPort) {
+        this.tcpPort = tcpPort;
+        this.udpPort = udpPort;
+    }
+
+    public void start() throws InterruptedException {
+
+        // 启动 TCP 服务器
+        startTcpServer();
+        // 启动 UDP 服务器
+        startUdpServer();
+    }
+
+    private void startTcpServer() throws InterruptedException {
+        EventLoopGroup bossGroup = new NioEventLoopGroup(1);
+        EventLoopGroup workerGroup = new NioEventLoopGroup();
+
+        try {
+            ServerBootstrap b = new ServerBootstrap();
+            b.group(bossGroup, workerGroup)
+                    .channel(NioServerSocketChannel.class)
+                    .childHandler(new SyslogTcpChannelInitializer())
+                    .option(ChannelOption.SO_BACKLOG, 128)
+                    .childOption(ChannelOption.SO_KEEPALIVE, true);
+
+            ChannelFuture f = b.bind(tcpPort).sync();
+            logger.info("TCP Syslog server started on port {}", tcpPort);
+
+            f.channel().closeFuture().sync();
+        } finally {
+            workerGroup.shutdownGracefully();
+            bossGroup.shutdownGracefully();
+        }
+    }
+
+    private void startUdpServer() throws InterruptedException {
+        EventLoopGroup group = new NioEventLoopGroup();
+
+        try {
+            Bootstrap b = new Bootstrap();
+            b.group(group)
+                    .channel(NioDatagramChannel.class)
+                    .handler(new SyslogUdpChannelInitializer())
+                    .option(ChannelOption.SO_BROADCAST, true);
+
+            ChannelFuture f = b.bind(udpPort).sync();
+            logger.info("UDP Syslog server started on port {}", udpPort);
+
+            f.channel().closeFuture().sync();
+        } finally {
+            group.shutdownGracefully();
+        }
+    }
+
+    public static void main(String[] args) throws Exception {
+        int tcpPort = args.length > 0 ? Integer.parseInt(args[0]) : 514;
+        int udpPort = args.length > 1 ? Integer.parseInt(args[1]) : 514;
+
+        SyslogServer server = new SyslogServer(tcpPort, udpPort);
+        server.start();
+    }
+}
\ No newline at end of file
diff --git a/haobang-security-xdr/syslog-serve/src/main/java/com/netty/SyslogServerBoth.java b/haobang-security-xdr/syslog-serve/src/main/java/com/netty/SyslogServerBoth.java
new file mode 100644
index 0000000..a5cb32b
--- /dev/null
+++ b/haobang-security-xdr/syslog-serve/src/main/java/com/netty/SyslogServerBoth.java
@@ -0,0 +1,202 @@
+package com.netty;
+
+import io.netty.bootstrap.Bootstrap;
+import io.netty.bootstrap.ServerBootstrap;
+import io.netty.channel.ChannelFuture;
+import io.netty.channel.ChannelOption;
+import io.netty.channel.EventLoopGroup;
+import io.netty.channel.nio.NioEventLoopGroup;
+import io.netty.channel.socket.nio.NioDatagramChannel;
+import io.netty.channel.socket.nio.NioServerSocketChannel;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+import java.util.concurrent.CountDownLatch;
+import java.util.concurrent.ExecutorService;
+import java.util.concurrent.Executors;
+
+/**
+ * Syslog 服务器主类，支持 TCP 和 UDP 协议
+ */
+public class SyslogServerBoth {
+    private static final Logger logger = LoggerFactory.getLogger(SyslogServer.class);
+
+    private final int tcpPort;
+    private final int udpPort;
+
+    // 共享的EventLoopGroup以优化资源使用
+    private EventLoopGroup bossGroup;
+    private EventLoopGroup workerGroup;
+    private EventLoopGroup udpGroup;
+
+    private ChannelFuture tcpChannelFuture;
+    private ChannelFuture udpChannelFuture;
+
+    private final ExecutorService serverExecutor = Executors.newFixedThreadPool(2);
+
+    public SyslogServerBoth(int tcpPort, int udpPort) {
+        this.tcpPort = tcpPort;
+        this.udpPort = udpPort;
+    }
+
+    public void start() throws InterruptedException {
+        logger.info("Starting Syslog server with TCP port {} and UDP port {}", tcpPort, udpPort);
+
+        // 创建共享的EventLoopGroup
+        bossGroup = new NioEventLoopGroup(1);
+        workerGroup = new NioEventLoopGroup();
+        udpGroup = new NioEventLoopGroup();
+
+        final CountDownLatch latch = new CountDownLatch(2);
+
+        try {
+            // 启动UDP服务器（使用独立的线程）
+            serverExecutor.submit(() -> {
+                try {
+                    startUdpServer();
+                    latch.countDown();
+                } catch (Exception e) {
+                    logger.error("UDP server failed to start", e);
+                    latch.countDown();
+                    throw new RuntimeException(e);
+                }
+            });
+
+            // 启动TCP服务器（使用独立的线程）
+            serverExecutor.submit(() -> {
+                try {
+                    startTcpServer();
+                    latch.countDown();
+                } catch (Exception e) {
+                    logger.error("TCP server failed to start", e);
+                    latch.countDown();
+                    throw new RuntimeException(e);
+                }
+            });
+
+            // 等待两个服务器都启动完成
+            latch.await();
+            logger.info("Both TCP and UDP Syslog servers are running");
+
+            // 注册关闭钩子
+            Runtime.getRuntime().addShutdownHook(new Thread(this::shutdown));
+
+            // 保持主线程运行
+            Thread.currentThread().join();
+
+        } catch (Exception e) {
+            logger.error("Failed to start servers", e);
+            shutdown();
+        }
+    }
+
+    private void startTcpServer() throws InterruptedException {
+        ServerBootstrap b = new ServerBootstrap();
+        b.group(bossGroup, workerGroup)
+                .channel(NioServerSocketChannel.class)
+                .childHandler(new SyslogTcpChannelInitializer())
+                .option(ChannelOption.SO_BACKLOG, 128)
+                .childOption(ChannelOption.SO_KEEPALIVE, true);
+
+        tcpChannelFuture = b.bind(tcpPort).sync();
+        logger.info("TCP Syslog server started on port {}", tcpPort);
+
+        // 添加关闭监听器
+        tcpChannelFuture.channel().closeFuture().addListener(future -> {
+            if (future.isSuccess()) {
+                logger.info("TCP server channel closed");
+            }
+        });
+    }
+
+    private void startUdpServer() throws InterruptedException {
+        Bootstrap b = new Bootstrap();
+        b.group(udpGroup)
+                .channel(NioDatagramChannel.class)
+                .handler(new SyslogUdpChannelInitializer())
+                .option(ChannelOption.SO_BROADCAST, true);
+
+        udpChannelFuture = b.bind(udpPort).sync();
+        logger.info("UDP Syslog server started on port {}", udpPort);
+
+        // 添加关闭监听器
+        udpChannelFuture.channel().closeFuture().addListener(future -> {
+            if (future.isSuccess()) {
+                logger.info("UDP server channel closed");
+            }
+        });
+    }
+
+    /**
+     * 优雅关闭服务器
+     */
+    public void shutdown() {
+        logger.info("Shutting down Syslog servers...");
+
+        try {
+            // 关闭TCP服务器
+            if (tcpChannelFuture != null) {
+                tcpChannelFuture.channel().close().sync();
+            }
+
+            // 关闭UDP服务器
+            if (udpChannelFuture != null) {
+                udpChannelFuture.channel().close().sync();
+            }
+
+            // 关闭EventLoopGroup
+            if (bossGroup != null) {
+                bossGroup.shutdownGracefully().sync();
+            }
+            if (workerGroup != null) {
+                workerGroup.shutdownGracefully().sync();
+            }
+            if (udpGroup != null) {
+                udpGroup.shutdownGracefully().sync();
+            }
+
+            // 关闭线程池
+            serverExecutor.shutdown();
+
+            logger.info("Syslog servers shutdown complete");
+        } catch (Exception e) {
+            logger.error("Error during shutdown", e);
+        }
+    }
+
+    /**
+     * 检查服务器是否在运行
+     */
+    public boolean isRunning() {
+        return (tcpChannelFuture != null && tcpChannelFuture.channel().isActive()) ||
+                (udpChannelFuture != null && udpChannelFuture.channel().isActive());
+    }
+
+    public static void main(String[] args) throws Exception {
+        int tcpPort = 514;
+        int udpPort = 514;
+
+        // 解析命令行参数
+        if (args.length >= 1) {
+            tcpPort = Integer.parseInt(args[0]);
+        }
+        if (args.length >= 2) {
+            udpPort = Integer.parseInt(args[1]);
+        }
+
+        // 如果两个端口相同，UDP端口自动+1避免冲突
+        if (tcpPort == udpPort) {
+            udpPort = tcpPort + 1;
+            logger.warn("TCP and UDP ports cannot be the same. UDP port changed to {}", udpPort);
+        }
+
+        SyslogServerBoth server = new SyslogServerBoth(tcpPort, udpPort);
+
+        // 注册全局异常处理器
+        Thread.setDefaultUncaughtExceptionHandler((t, e) -> {
+            logger.error("Uncaught exception in thread {}", t.getName(), e);
+        });
+
+        server.start();
+    }
+}
\ No newline at end of file
diff --git a/haobang-security-xdr/syslog-serve/src/main/java/com/netty/SyslogTcpChannelInitializer.java b/haobang-security-xdr/syslog-serve/src/main/java/com/netty/SyslogTcpChannelInitializer.java
new file mode 100644
index 0000000..44ec9f3
--- /dev/null
+++ b/haobang-security-xdr/syslog-serve/src/main/java/com/netty/SyslogTcpChannelInitializer.java
@@ -0,0 +1,36 @@
+package com.netty;
+
+
+import com.haobang.config.AppConfig;
+import io.netty.channel.ChannelInitializer;
+import io.netty.channel.ChannelPipeline;
+import io.netty.channel.socket.SocketChannel;
+import io.netty.handler.codec.DelimiterBasedFrameDecoder;
+import io.netty.handler.codec.Delimiters;
+import io.netty.handler.codec.string.StringDecoder;
+import io.netty.handler.codec.string.StringEncoder;
+import io.netty.util.CharsetUtil;
+
+/**
+ * TCP 通道初始化器
+ */
+public class SyslogTcpChannelInitializer extends ChannelInitializer<SocketChannel> {
+    private static final int MAX_FRAME_LENGTH = AppConfig.getSyslogMaxFrameLength();
+
+    @Override
+    protected void initChannel(SocketChannel ch) throws Exception {
+        ChannelPipeline pipeline = ch.pipeline();
+
+        // 添加基于分隔符的帧解码器，处理以换行符结尾的 Syslog 消息
+        pipeline.addLast("framer", new DelimiterBasedFrameDecoder(
+                MAX_FRAME_LENGTH,
+                Delimiters.lineDelimiter()));
+
+        // 添加字符串解码器和编码器
+        pipeline.addLast("decoder", new StringDecoder(CharsetUtil.UTF_8));
+        pipeline.addLast("encoder", new StringEncoder(CharsetUtil.UTF_8));
+
+        // 添加业务处理器
+        pipeline.addLast("handler", new SyslogMessageHandler());
+    }
+}
\ No newline at end of file
diff --git a/haobang-security-xdr/syslog-serve/src/main/java/com/netty/SyslogUdpChannelInitializer.java b/haobang-security-xdr/syslog-serve/src/main/java/com/netty/SyslogUdpChannelInitializer.java
new file mode 100644
index 0000000..04be298
--- /dev/null
+++ b/haobang-security-xdr/syslog-serve/src/main/java/com/netty/SyslogUdpChannelInitializer.java
@@ -0,0 +1,25 @@
+package com.netty;
+
+import io.netty.channel.ChannelInitializer;
+import io.netty.channel.ChannelPipeline;
+import io.netty.channel.socket.DatagramChannel;
+import io.netty.handler.codec.string.StringDecoder;
+import io.netty.handler.codec.string.StringEncoder;
+import io.netty.util.CharsetUtil;
+
+/**
+ * UDP 通道初始化器
+ */
+public class SyslogUdpChannelInitializer extends ChannelInitializer<DatagramChannel> {
+    @Override
+    protected void initChannel(DatagramChannel ch) throws Exception {
+        ChannelPipeline pipeline = ch.pipeline();
+
+        // 添加字符串解码器和编码器
+        pipeline.addLast("decoder", new StringDecoder(CharsetUtil.UTF_8));
+        pipeline.addLast("encoder", new StringEncoder(CharsetUtil.UTF_8));
+
+        // 添加业务处理器
+        pipeline.addLast("handler", new SyslogMessageHandler());
+    }
+}
\ No newline at end of file
diff --git a/haobang-security-xdr/syslog-serve/src/main/resources/application-dev.properties b/haobang-security-xdr/syslog-serve/src/main/resources/application-dev.properties
new file mode 100644
index 0000000..3180144
--- /dev/null
+++ b/haobang-security-xdr/syslog-serve/src/main/resources/application-dev.properties
@@ -0,0 +1,57 @@
+#Server Configuration
+server.port=8189
+server.servlet.context-path=/syslogserve
+#server.address=0.0.0.0
+server.tomcat.uri-encoding=UTF-8
+server.error.include-message=always
+server.error.include-binding-errors=always
+
+# Syslog Server Configuration
+syslog.tcp.port=514
+syslog.udp.port=514
+syslog.max.frame.length=262144
+syslog.buffer.size=1000
+
+
+# APP Service Configuration
+app.service.device_id=1
+app.service.device_name=honeypot
+app.service.vendor=changting
+app.service.product_name=diting
+#�ɼ�̽��ID
+app.service.device_collect_id=${DEVICE_COLLECT_ID:1}
+# syslog message data_type
+app.service.data_type=json
+
+# kafka Configuration
+spring.kafka.producer.bootstrap-servers=192.168.222.130:9092
+spring.kafka.producer.topic =test-topic
+
+
+#database Configuration
+spring.datasource.url=jdbc:postgresql://117.72.68.72:54329/ecosys
+spring.datasource.username=postgres
+spring.datasource.password=TnLanWaidYSwTSG5
+spring.datasource.driver-class-name=org.postgresql.Driver
+
+# mybatis Configuration
+mybatis.mapper-locations=classpath:mapper/*.xml
+mybatis.type-aliases-package=com.common.entity
+mybatis.configuration.map-underscore-to-camel-case=true
+
+# ����������������
+spring.redis.host=localhost
+spring.redis.port=6379
+# ���루���û���������룬����ʡ�ԣ�
+spring.redis.password=
+spring.redis.database=0
+spring.redis.timeout=2000
+
+spring.redis.lettuce.pool.max-active=8
+spring.redis.lettuce.pool.max-wait=-1
+spring.redis.lettuce.pool.max-idle=8
+spring.redis.lettuce.pool.min-idle=0
+# ������������ʱ��϶̣��������
+spring.cache.redis.time-to-live=600000
+
+
diff --git a/haobang-security-xdr/syslog-serve/src/main/resources/application-prod-zc.properties b/haobang-security-xdr/syslog-serve/src/main/resources/application-prod-zc.properties
new file mode 100644
index 0000000..9574fec
--- /dev/null
+++ b/haobang-security-xdr/syslog-serve/src/main/resources/application-prod-zc.properties
@@ -0,0 +1,56 @@
+#Server Configuration [zhongcheng]
+server.port=8189
+server.servlet.context-path=/syslogserve
+#server.address=0.0.0.0
+server.tomcat.uri-encoding=UTF-8
+server.error.include-message=always
+server.error.include-binding-errors=always
+
+# Syslog Server Configuration
+syslog.tcp.port=514
+syslog.udp.port=514
+syslog.max.frame.length=262144
+syslog.buffer.size=1000
+
+# APP Service Configuration
+app.service.device_id=1
+app.service.device_name=honeypot
+app.service.vendor=changting
+app.service.product_name=diting
+# syslog message data_type
+app.service.data_type=json
+#�ɼ�̽��ID
+#app.service.device_collect_id=${DEVICE_COLLECT_ID:2}
+app.service.device_collect_id=${DEVICE_COLLECT_ID:1}
+
+# kafka Configuration
+spring.kafka.producer.bootstrap-servers=10.11.2.142:9092
+spring.kafka.producer.topic =agent-syslog-topic
+
+#database Configuration
+spring.datasource.url=jdbc:postgresql://10.11.2.141:5432/ecosys
+spring.datasource.username=ecosys
+spring.datasource.password=wsYDPjrpNZPrkPrR
+spring.datasource.driver-class-name=org.postgresql.Driver
+
+# mybatis Configuration
+mybatis.mapper-locations=classpath:mapper/*.xml
+mybatis.type-aliases-package=com.common.entity
+mybatis.configuration.map-underscore-to-camel-case=true
+
+# ����������������
+spring.redis.host=10.11.2.142
+spring.redis.port=6379
+# ���루���û���������룬����ʡ�ԣ�
+spring.redis.password=redis_edP6N6
+spring.redis.database=0
+spring.redis.timeout=5000
+#spring.redis.password=${REDIS_PASSWORD:default_prod_password}
+
+spring.redis.lettuce.pool.max-active=20
+spring.redis.lettuce.pool.max-wait=5000
+spring.redis.lettuce.pool.max-idle=10
+spring.redis.lettuce.pool.min-idle=5
+
+# ������������ʱ��ϳ�
+spring.cache.redis.time-to-live=3600000
\ No newline at end of file
diff --git a/haobang-security-xdr/syslog-serve/src/main/resources/application-prod.properties b/haobang-security-xdr/syslog-serve/src/main/resources/application-prod.properties
new file mode 100644
index 0000000..15a8d16
--- /dev/null
+++ b/haobang-security-xdr/syslog-serve/src/main/resources/application-prod.properties
@@ -0,0 +1,55 @@
+#Server Configuration [192.168.4.26]
+server.port=8189
+server.servlet.context-path=/syslogserve
+#server.address=0.0.0.0
+server.tomcat.uri-encoding=UTF-8
+server.error.include-message=always
+server.error.include-binding-errors=always
+
+# Syslog Server Configuration
+syslog.tcp.port=514
+syslog.udp.port=514
+syslog.max.frame.length=262144
+syslog.buffer.size=1000
+
+# APP Service Configuration
+app.service.device_id=1
+app.service.device_name=honeypot
+app.service.vendor=changting
+app.service.product_name=diting
+# syslog message data_type
+app.service.data_type=json
+#�ɼ�̽��ID
+app.service.device_collect_id=${DEVICE_COLLECT_ID:1}
+
+# kafka Configuration
+spring.kafka.producer.bootstrap-servers=192.168.4.26:9092
+spring.kafka.producer.topic =agent-syslog-topic
+
+#database Configuration
+spring.datasource.url=jdbc:postgresql://192.168.4.26:5432/ecosys
+spring.datasource.username=postgres
+spring.datasource.password=caZ2TcmXNSW8L2Ap
+spring.datasource.driver-class-name=org.postgresql.Driver
+
+# mybatis Configuration
+mybatis.mapper-locations=classpath:mapper/*.xml
+mybatis.type-aliases-package=com.common.entity
+mybatis.configuration.map-underscore-to-camel-case=true
+
+# ����������������
+spring.redis.host=192.168.4.26
+spring.redis.port=6379
+# ���루���û���������룬����ʡ�ԣ�
+spring.redis.password=123456
+spring.redis.database=0
+spring.redis.timeout=5000
+#spring.redis.password=${REDIS_PASSWORD:default_prod_password}
+
+spring.redis.lettuce.pool.max-active=20
+spring.redis.lettuce.pool.max-wait=5000
+spring.redis.lettuce.pool.max-idle=10
+spring.redis.lettuce.pool.min-idle=5
+
+# ������������ʱ��ϳ�
+spring.cache.redis.time-to-live=3600000
\ No newline at end of file
diff --git a/haobang-security-xdr/syslog-serve/src/main/resources/application-test.properties b/haobang-security-xdr/syslog-serve/src/main/resources/application-test.properties
new file mode 100644
index 0000000..657eecc
--- /dev/null
+++ b/haobang-security-xdr/syslog-serve/src/main/resources/application-test.properties
@@ -0,0 +1,59 @@
+#Server Configuration
+server.port=8189
+server.servlet.context-path=/syslogserve
+#server.address=0.0.0.0
+server.tomcat.uri-encoding=UTF-8
+server.error.include-message=always
+server.error.include-binding-errors=always
+
+# Syslog Server Configuration
+syslog.tcp.port=514
+syslog.udp.port=514
+syslog.max.frame.length=65536
+syslog.buffer.size=1000
+
+
+# APP Service Configuration
+app.service.device_id=1
+app.service.device_name=honeypot
+app.service.vendor=changting
+app.service.product_name=diting
+# syslog message data_type
+app.service.data_type=json
+#�ɼ�̽��ID
+app.service.device_collect_id=1
+
+# kafka Configuration
+spring.kafka.producer.bootstrap-servers=192.168.4.32:9092
+spring.kafka.producer.topic =agent-syslog-topic
+
+
+
+
+#database Configuration
+spring.datasource.url=jdbc:postgresql://192.168.4.32:5432/ecosys
+spring.datasource.username=user_eSER8N
+spring.datasource.password=password_QCYKj6
+spring.datasource.driver-class-name=org.postgresql.Driver
+
+# mybatis Configuration
+mybatis.mapper-locations=classpath:mapper/*.xml
+mybatis.type-aliases-package=com.common.entity
+mybatis.configuration.map-underscore-to-camel-case=true
+
+# ����������������
+spring.redis.host=192.168.4.32
+spring.redis.port=6379
+# ���루���û���������룬����ʡ�ԣ�
+spring.redis.password=password_QCYKj6
+spring.redis.database=0
+spring.redis.timeout=5000
+#spring.redis.password=${REDIS_PASSWORD:default_prod_password}
+
+spring.redis.lettuce.pool.max-active=20
+spring.redis.lettuce.pool.max-wait=5000
+spring.redis.lettuce.pool.max-idle=10
+spring.redis.lettuce.pool.min-idle=5
+
+# ������������ʱ��ϳ�
+spring.cache.redis.time-to-live=3600000
\ No newline at end of file
diff --git a/haobang-security-xdr/syslog-serve/src/main/resources/application.properties b/haobang-security-xdr/syslog-serve/src/main/resources/application.properties
new file mode 100644
index 0000000..3180144
--- /dev/null
+++ b/haobang-security-xdr/syslog-serve/src/main/resources/application.properties
@@ -0,0 +1,57 @@
+#Server Configuration
+server.port=8189
+server.servlet.context-path=/syslogserve
+#server.address=0.0.0.0
+server.tomcat.uri-encoding=UTF-8
+server.error.include-message=always
+server.error.include-binding-errors=always
+
+# Syslog Server Configuration
+syslog.tcp.port=514
+syslog.udp.port=514
+syslog.max.frame.length=262144
+syslog.buffer.size=1000
+
+
+# APP Service Configuration
+app.service.device_id=1
+app.service.device_name=honeypot
+app.service.vendor=changting
+app.service.product_name=diting
+#�ɼ�̽��ID
+app.service.device_collect_id=${DEVICE_COLLECT_ID:1}
+# syslog message data_type
+app.service.data_type=json
+
+# kafka Configuration
+spring.kafka.producer.bootstrap-servers=192.168.222.130:9092
+spring.kafka.producer.topic =test-topic
+
+
+#database Configuration
+spring.datasource.url=jdbc:postgresql://117.72.68.72:54329/ecosys
+spring.datasource.username=postgres
+spring.datasource.password=TnLanWaidYSwTSG5
+spring.datasource.driver-class-name=org.postgresql.Driver
+
+# mybatis Configuration
+mybatis.mapper-locations=classpath:mapper/*.xml
+mybatis.type-aliases-package=com.common.entity
+mybatis.configuration.map-underscore-to-camel-case=true
+
+# ����������������
+spring.redis.host=localhost
+spring.redis.port=6379
+# ���루���û���������룬����ʡ�ԣ�
+spring.redis.password=
+spring.redis.database=0
+spring.redis.timeout=2000
+
+spring.redis.lettuce.pool.max-active=8
+spring.redis.lettuce.pool.max-wait=-1
+spring.redis.lettuce.pool.max-idle=8
+spring.redis.lettuce.pool.min-idle=0
+# ������������ʱ��϶̣��������
+spring.cache.redis.time-to-live=600000
+
+
diff --git a/haobang-security-xdr/syslog-serve/src/main/resources/logback.xml b/haobang-security-xdr/syslog-serve/src/main/resources/logback.xml
new file mode 100644
index 0000000..0b4ad03
--- /dev/null
+++ b/haobang-security-xdr/syslog-serve/src/main/resources/logback.xml
@@ -0,0 +1,55 @@
+<?xml version="1.0" encoding="UTF-8"?>
+
+<configuration >
+
+    <!-- 定义日志输出格式 -->
+    <property name="LOG_PATTERN" value="%d{yyyy-MM-dd HH:mm:ss.SSS} [%thread] %-5level %logger{36} - %msg%n" />
+
+    <!-- 控制台输出 -->
+    <appender name="CONSOLE" class="ch.qos.logback.core.ConsoleAppender">
+        <encoder>
+            <pattern>${LOG_PATTERN}</pattern>
+        </encoder>
+    </appender>
+
+    <!-- 文件输出，每天滚动 -->
+    <appender name="FILE" class="ch.qos.logback.core.rolling.RollingFileAppender">
+        <file>logs/syslog-serve.log</file>
+        <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
+            <!-- 每天滚动 -->
+            <fileNamePattern>logs/syslog-serve.%d{yyyy-MM-dd}.log</fileNamePattern>
+            <!-- 保留的日志文件的最大天数 -->
+            <maxHistory>1</maxHistory>
+            <!-- 所有归档日志文件的总大小上限 -->
+            <totalSizeCap>15GB</totalSizeCap>
+            <!-- 启动时是否清理过期日志 -->
+            <cleanHistoryOnStart>true</cleanHistoryOnStart>
+        </rollingPolicy>
+        <encoder>
+            <pattern>${LOG_PATTERN}</pattern>
+        </encoder>
+    </appender>
+
+    <!-- 设置日志级别 -->
+    <root level="INFO">
+        <appender-ref ref="CONSOLE" />
+        <appender-ref ref="FILE" />
+    </root>
+
+    <!-- 可以设置特定包的日志级别 -->
+    <!-- 例如，将com.example包的日志级别设置为DEBUG -->
+
+    <!-- 专门屏蔽ProducerConfig的INFO日志 -->
+    <logger name="org.apache.kafka.clients.producer.ProducerConfig" level="WARN"/>
+    <!-- 更通用地屏蔽整个Kafka客户端包的INFO日志 -->
+    <logger name="org.apache.kafka.clients" level="WARN"/>
+
+    <!-- 方法1: 设置 Kafka 相关包为 WARN 级别 -->
+    <logger name="org.apache.kafka" level="WARN"/>
+    <logger name="kafka" level="WARN"/>
+
+    <!-- 方法2: 更精确地控制特定类 -->
+    <logger name="org.apache.kafka.common.utils.AppInfoParser" level="ERROR"/>
+    <logger name="org.apache.kafka.common.metrics.Metrics" level="ERROR"/>
+
+</configuration>
\ No newline at end of file
diff --git a/haobang-security-xdr/syslog-serve/src/main/resources/mapper/DeviceCollectTaskMapper.xml b/haobang-security-xdr/syslog-serve/src/main/resources/mapper/DeviceCollectTaskMapper.xml
new file mode 100644
index 0000000..f224846
--- /dev/null
+++ b/haobang-security-xdr/syslog-serve/src/main/resources/mapper/DeviceCollectTaskMapper.xml
@@ -0,0 +1,67 @@
+<?xml version="1.0" encoding="UTF-8" ?>
+<!DOCTYPE mapper PUBLIC "-//mybatis.org//DTD Mapper 3.0//EN"
+        "http://mybatis.org/dtd/mybatis-3-mapper.dtd">
+
+<mapper namespace="com.common.mapper.DeviceCollectTaskMapper">
+
+    <resultMap id="BaseResultMap" type="com.common.entity.DeviceCollectTask">
+        <id column="id" property="id" />
+        <result column="created_at" property="createdAt" />
+        <result column="updated_at" property="updatedAt" />
+        <result column="deleted_at" property="deletedAt" />
+        <result column="device_id" property="deviceId" />
+        <result column="method" property="method" />
+        <result column="task_name" property="taskName" />
+        <result column="first_time" property="firstTime" />
+        <result column="last_success_time" property="lastSuccessTime" />
+        <result column="last_failed_time" property="lastFailedTime" />
+        <result column="detail_id" property="detailId" />
+        <result column="epm" property="epm" />
+        <result column="epm_peak" property="epmPeak" />
+        <result column="process_architecture" property="processArchitecture" />
+        <result column="task_count" property="taskCount" />
+        <result column="recent_discover_time" property="recentDiscoverTime" />
+        <result column="epm_upper_limit" property="epmUpperLimit" />
+    </resultMap>
+
+    <sql id="Base_Column_List">
+        id, created_at, updated_at, deleted_at, device_id, method, task_name,
+        first_time, last_success_time, last_failed_time, detail_id, epm, epm_peak,
+        process_architecture, task_count, recent_discover_time, epm_upper_limit
+    </sql>
+
+    <!-- 多条件组合查询 -->
+    <select id="selectByCondition" parameterType="com.common.entity.DeviceCollectTask" resultMap="BaseResultMap">
+        SELECT <include refid="Base_Column_List" />
+        FROM device_collect_task
+        <where>
+            <if test="deviceId != null">
+                AND device_id = #{deviceId}
+            </if>
+            <if test="method != null">
+                AND method = #{method}
+            </if>
+            <if test="taskName != null and taskName != ''">
+                AND task_name LIKE CONCAT('%', #{taskName}, '%')
+            </if>
+            <if test="detailId != null">
+                AND detail_id = #{detailId}
+            </if>
+            <if test="processArchitecture != null">
+                AND process_architecture = #{processArchitecture}
+            </if>
+            <if test="epmUpperLimit != null">
+                AND epm_upper_limit = #{epmUpperLimit}
+            </if>
+            <!-- 时间范围查询 -->
+            <if test="firstTime != null">
+                AND first_time >= #{firstTime}
+            </if>
+            <if test="lastSuccessTime != null">
+                AND last_success_time >= #{lastSuccessTime}
+            </if>
+        </where>
+        ORDER BY updated_at DESC
+    </select>
+
+</mapper>
\ No newline at end of file
diff --git a/haobang-security-xdr/syslog-serve/src/main/resources/mapper/DeviceDeviceMapper.xml b/haobang-security-xdr/syslog-serve/src/main/resources/mapper/DeviceDeviceMapper.xml
new file mode 100644
index 0000000..e6f8c47
--- /dev/null
+++ b/haobang-security-xdr/syslog-serve/src/main/resources/mapper/DeviceDeviceMapper.xml
@@ -0,0 +1,238 @@
+<?xml version="1.0" encoding="UTF-8" ?>
+<!DOCTYPE mapper PUBLIC "-//mybatis.org//DTD Mapper 3.0//EN"
+        "http://mybatis.org/dtd/mybatis-3-mapper.dtd">
+
+<mapper namespace="com.common.mapper.DeviceDeviceMapper">
+
+    <!-- 基础结果映射 -->
+    <resultMap id="BaseResultMap" type="com.common.entity.DeviceDevice">
+        <id column="id" property="id" />
+        <result column="created_at" property="createdAt" />
+        <result column="updated_at" property="updatedAt" />
+        <result column="deleted_at" property="deletedAt" />
+        <result column="name" property="name" />
+        <result column="ip" property="ip" />
+        <result column="device_group" property="deviceGroup" />
+        <result column="device_type" property="deviceType" />
+        <result column="vendor" property="vendor" />
+        <result column="product_name" property="productName" />
+        <result column="organization_id" property="organizationId" />
+        <result column="last_receive_time" property="lastReceiveTime" />
+        <result column="agent_id" property="agentId" />
+        <result column="detail_id" property="detailId" />
+        <result column="control_agent_id" property="controlAgentId" />
+        <result column="license_start_time" property="licenseStartTime" />
+        <result column="license_end_time" property="licenseEndTime" />
+        <result column="is_monitoring" property="isMonitoring" />
+        <result column="security_scope_id" property="securityScopeId" />
+        <result column="owner_id" property="ownerId" />
+        <result column="ssh_config_id" property="sshConfigId" />
+        <result column="status" property="status" />
+        <result column="created_by_id" property="createdById" />
+        <result column="decode_type" property="decodeType" />
+        <result column="miss_policy" property="missPolicy" />
+        <result column="tenant_id" property="tenantId" />
+        <result column="create_time" property="createTime" />
+        <result column="update_time" property="updateTime" />
+        <result column="create_by" property="createBy" />
+        <result column="update_by" property="updateBy" />
+        <result column="del_flag" property="delFlag" />
+        <result column="manager_name" property="managerName" />
+        <result column="today_parse_count" property="todayParseCount" />
+        <result column="today_non_log_count" property="todayNonLogCount" />
+        <result column="create_dept" property="createDept" />
+        <result column="device_collect_id" property="deviceCollectId" />
+    </resultMap>
+
+    <!-- 基础查询列 -->
+    <sql id="Base_Column_List">
+        id, created_at::timestamp , updated_at::timestamp, deleted_at::timestamp, name, ip, device_group, device_type,
+        vendor, product_name, organization_id, last_receive_time::timestamp, agent_id, detail_id,
+        control_agent_id, license_start_time::timestamp, license_end_time::timestamp, is_monitoring,
+        security_scope_id, owner_id, ssh_config_id, status, created_by_id, decode_type,
+        miss_policy, tenant_id, create_time::timestamp, update_time::timestamp, create_by, update_by, del_flag,
+        manager_name, today_parse_count, today_non_log_count, create_dept, device_collect_id
+    </sql>
+
+    <!-- 根据ID查询 -->
+    <select id="selectById" parameterType="java.lang.Integer" resultMap="BaseResultMap">
+        SELECT
+        <include refid="Base_Column_List" />
+        FROM device_device
+        WHERE id = #{id}
+    </select>
+
+    <!-- 查询所有设备 -->
+    <select id="selectAll" resultMap="BaseResultMap">
+        SELECT
+        <include refid="Base_Column_List" />
+        FROM device_device
+    </select>
+
+    <!-- 根据IP查询 -->
+    <select id="selectByIp" parameterType="java.lang.String" resultMap="BaseResultMap">
+        SELECT
+        <include refid="Base_Column_List" />
+        FROM device_device
+        WHERE ip = #{ip} and   del_flag='0'
+    </select>
+
+    <!-- 根据名称模糊查询 -->
+    <select id="selectByNameLike" parameterType="java.lang.String" resultMap="BaseResultMap">
+        SELECT
+        <include refid="Base_Column_List" />
+        FROM device_device
+        WHERE name LIKE CONCAT('%', #{name}, '%')
+    </select>
+
+    <!-- 根据设备组查询 -->
+    <select id="selectByDeviceGroup" parameterType="java.lang.Integer" resultMap="BaseResultMap">
+        SELECT
+        <include refid="Base_Column_List" />
+        FROM device_device
+        WHERE device_group = #{deviceGroup}
+    </select>
+
+    <!-- 根据设备类型查询 -->
+    <select id="selectByDeviceType" parameterType="java.lang.Integer" resultMap="BaseResultMap">
+        SELECT
+        <include refid="Base_Column_List" />
+        FROM device_device
+        WHERE device_type = #{deviceType}
+    </select>
+
+    <!-- 根据组织ID查询 -->
+    <select id="selectByOrganizationId" parameterType="java.lang.Integer" resultMap="BaseResultMap">
+        SELECT
+        <include refid="Base_Column_List" />
+        FROM device_device
+        WHERE organization_id = #{organizationId}
+    </select>
+
+    <!-- 根据状态查询 -->
+    <select id="selectByStatus" parameterType="java.lang.Short" resultMap="BaseResultMap">
+        SELECT
+        <include refid="Base_Column_List" />
+        FROM device_device
+        WHERE status = #{status}
+    </select>
+
+    <!-- 多条件组合查询 -->
+    <select id="selectByCondition" parameterType="com.common.entity.DeviceDevice" resultMap="BaseResultMap">
+        SELECT
+        <include refid="Base_Column_List" />
+        FROM device_device
+        <where>
+            <if test="name != null and name != ''">
+                AND name LIKE CONCAT('%', #{name}, '%')
+            </if>
+            <if test="ip != null and ip != ''">
+                AND ip = #{ip}
+            </if>
+            <if test="deviceGroup != null">
+                AND device_group = #{deviceGroup}
+            </if>
+            <if test="deviceType != null">
+                AND device_type = #{deviceType}
+            </if>
+            <if test="vendor != null and vendor != ''">
+                AND vendor = #{vendor}
+            </if>
+            <if test="organizationId != null">
+                AND organization_id = #{organizationId}
+            </if>
+            <if test="status != null">
+                AND status = #{status}
+            </if>
+            <if test="isMonitoring != null">
+                AND is_monitoring = #{isMonitoring}
+            </if>
+        </where>
+        ORDER BY created_at DESC
+    </select>
+
+    <!-- 动态条件查询 -->
+    <select id="selectByMap" parameterType="java.util.Map" resultMap="BaseResultMap">
+        SELECT
+        <include refid="Base_Column_List" />
+        FROM device_device
+        <where>
+            <if test="name != null">
+                AND name LIKE CONCAT('%', #{name}, '%')
+            </if>
+            <if test="ip != null">
+                AND ip = #{ip}
+            </if>
+            <if test="deviceGroup != null">
+                AND device_group = #{deviceGroup}
+            </if>
+            <if test="status != null">
+                AND status = #{status}
+            </if>
+            <if test="vendor != null">
+                AND vendor = #{vendor}
+            </if>
+            <if test="startTime != null">
+                AND created_at >= #{startTime}
+            </if>
+            <if test="endTime != null">
+                AND created_at &lt;= #{endTime}
+            </if>
+        </where>
+    </select>
+
+    <!-- 分页查询 -->
+    <select id="selectByPage" resultMap="BaseResultMap">
+        SELECT
+        <include refid="Base_Column_List" />
+        FROM device_device
+        ORDER BY id
+        LIMIT #{limit} OFFSET #{offset}
+    </select>
+
+    <!-- 统计总数 -->
+    <select id="count" resultType="java.lang.Long">
+        SELECT COUNT(*) FROM device_device
+    </select>
+
+    <!-- 根据条件统计 -->
+    <select id="countByCondition" parameterType="com.common.entity.DeviceDevice" resultType="java.lang.Long">
+        SELECT COUNT(*) FROM device_device
+        <where>
+            <if test="name != null and name != ''">
+                AND name LIKE CONCAT('%', #{name}, '%')
+            </if>
+            <if test="status != null">
+                AND status = #{status}
+            </if>
+            <if test="isMonitoring != null">
+                AND is_monitoring = #{isMonitoring}
+            </if>
+        </where>
+    </select>
+
+    <!-- 查询监控中的设备 -->
+    <select id="selectMonitoringDevices" resultMap="BaseResultMap">
+        SELECT
+        <include refid="Base_Column_List" />
+        FROM device_device
+        WHERE is_monitoring = true
+    </select>
+
+    <!-- 查询未删除的设备 -->
+    <select id="selectActiveDevices" resultMap="BaseResultMap">
+        SELECT
+        <include refid="Base_Column_List" />
+        FROM device_device
+        WHERE del_flag = '0'
+    </select>
+
+    <!-- 根据厂商查询 -->
+    <select id="selectByVendor" parameterType="java.lang.String" resultMap="BaseResultMap">
+        SELECT
+        <include refid="Base_Column_List" />
+        FROM device_device
+        WHERE vendor = #{vendor}
+    </select>
+
+</mapper>
\ No newline at end of file
diff --git a/haobang-security-xdr/syslog-serve/src/main/resources/mapper/DeviceReceiveLogMapper.xml b/haobang-security-xdr/syslog-serve/src/main/resources/mapper/DeviceReceiveLogMapper.xml
new file mode 100644
index 0000000..28163b7
--- /dev/null
+++ b/haobang-security-xdr/syslog-serve/src/main/resources/mapper/DeviceReceiveLogMapper.xml
@@ -0,0 +1,175 @@
+<?xml version="1.0" encoding="UTF-8" ?>
+<!DOCTYPE mapper PUBLIC "-//mybatis.org//DTD Mapper 3.0//EN"
+        "http://mybatis.org/dtd/mybatis-3-mapper.dtd">
+<mapper namespace="com.common.mapper.DeviceReceiveLogMapper">
+
+    <!-- 结果映射 -->
+    <resultMap id="BaseResultMap" type="DeviceReceiveLog">
+        <id column="id" property="id" />
+        <result column="created_at" property="createdAt" />
+        <result column="device_collect_id" property="deviceCollectId" />
+        <result column="device_id" property="deviceId" />
+        <result column="device_ip" property="deviceIp" />
+        <result column="receive_time" property="receiveTime" />
+        <result column="receive_time_str" property="receiveTimeStr" />
+        <result column="syslog_message" property="syslogMessage" />
+        <result column="push_success" property="pushSuccess" />
+    </resultMap>
+
+    <!-- 插入单条记录 -->
+    <insert id="insert" parameterType="DeviceReceiveLog" useGeneratedKeys="true" keyProperty="id">
+        INSERT INTO device_receive_log (
+            created_at,
+            device_collect_id,
+            device_id,
+            device_ip,
+            receive_time,
+            receive_time_str,
+            syslog_message,
+            push_success
+        ) VALUES (
+            COALESCE(#{createdAt}, NOW() AT TIME ZONE 'utc'),
+            #{deviceCollectId},
+            #{deviceId},
+            #{deviceIp}::inet,
+            #{receiveTime},
+            #{receiveTimeStr},
+            #{syslogMessage},
+            #{pushSuccess}
+        )
+    </insert>
+
+    <!-- 批量插入（高性能） -->
+    <insert id="batchInsert" parameterType="java.util.List">
+        INSERT INTO device_receive_log (
+        created_at,
+        device_collect_id,
+        device_id,
+        device_ip,
+        receive_time,
+        receive_time_str,
+        syslog_message,
+        push_success
+        ) VALUES
+        <foreach collection="list" item="item" separator=",">
+            (
+            COALESCE(#{item.createdAt}, NOW() AT TIME ZONE 'utc'),
+            #{item.deviceCollectId},
+            #{item.deviceId},
+            #{item.deviceIp}::inet,
+            #{item.receiveTime},
+            #{item.receiveTimeStr},
+            #{item.syslogMessage},
+            #{item.pushSuccess}
+            )
+        </foreach>
+    </insert>
+
+    <!-- 根据ID查询 -->
+    <select id="selectById" resultMap="BaseResultMap">
+        SELECT * FROM device_receive_log
+        WHERE id = #{id}
+    </select>
+
+    <!-- 根据设备ID查询 -->
+    <select id="selectByDeviceId" resultMap="BaseResultMap">
+        SELECT * FROM device_receive_log
+        WHERE device_id = #{deviceId}
+        ORDER BY receive_time DESC
+    </select>
+
+    <!-- 根据采集探针ID查询 -->
+    <select id="selectByCollectId" resultMap="BaseResultMap">
+        SELECT * FROM device_receive_log
+        WHERE device_collect_id = #{collectId}
+        ORDER BY receive_time DESC
+    </select>
+
+    <!-- 根据IP地址查询（使用PostgreSQL的inet操作符） -->
+    <select id="selectByDeviceIp" resultMap="BaseResultMap">
+        SELECT * FROM device_receive_log
+        WHERE device_ip >>= #{deviceIp}::inet
+        ORDER BY receive_time DESC
+    </select>
+
+    <!-- 根据时间范围查询（利用created_at索引） -->
+    <select id="selectByTimeRange" resultMap="BaseResultMap">
+        SELECT * FROM device_receive_log
+        WHERE created_at BETWEEN #{startTime} AND #{endTime}
+        ORDER BY created_at DESC
+    </select>
+
+    <!-- 多条件组合查询（动态SQL） -->
+    <select id="selectByCondition" parameterType="DeviceReceiveLog" resultMap="BaseResultMap">
+        SELECT * FROM device_receive_log
+        <where>
+            <if test="deviceId != null">
+                AND device_id = #{deviceId}
+            </if>
+            <if test="deviceCollectId != null">
+                AND device_collect_id = #{deviceCollectId}
+            </if>
+            <if test="deviceIp != null and deviceIp != ''">
+                AND device_ip >>= #{deviceIp}::inet
+            </if>
+            <if test="receiveTime != null">
+                AND receive_time >= #{receiveTime}
+            </if>
+            <if test="syslogMessage != null and syslogMessage != ''">
+                AND syslog_message LIKE CONCAT('%', #{syslogMessage}, '%')
+            </if>
+            <if test="pushSuccess != null and pushSuccess != ''">
+                AND push_success  =  #{pushSuccess}
+            </if>
+        </where>
+        ORDER BY created_at DESC
+    </select>
+
+    <!-- 统计数量 -->
+    <select id="countByCondition" parameterType="DeviceReceiveLog" resultType="java.lang.Long">
+        SELECT COUNT(*) FROM device_receive_log
+        <where>
+            <if test="deviceId != null">
+                AND device_id = #{deviceId}
+            </if>
+            <if test="deviceCollectId != null">
+                AND device_collect_id = #{deviceCollectId}
+            </if>
+            <if test="deviceIp != null and deviceIp != ''">
+                AND device_ip >>= #{deviceIp}::inet
+            </if>
+            <if test="receiveTime != null">
+                AND receive_time >= #{receiveTime}
+            </if>
+            <if test="pushSuccess != null">
+                AND push_success >= #{pushSuccess}
+            </if>
+        </where>
+    </select>
+
+    <!-- 删除时间范围内的数据 -->
+    <delete id="deleteByTimeRange">
+        DELETE FROM device_receive_log
+        WHERE created_at BETWEEN #{startTime} AND #{endTime}
+    </delete>
+
+    <!-- 获取最近N条记录 -->
+    <select id="selectRecent" resultMap="BaseResultMap">
+        SELECT * FROM device_receive_log
+        ORDER BY created_at DESC
+        LIMIT #{limit}
+    </select>
+
+    <!-- 按设备分组统计 -->
+    <select id="countByDeviceGroup" resultType="java.util.Map">
+        SELECT
+            device_id,
+            COUNT(*) as log_count,
+            MIN(receive_time) as first_receive_time,
+            MAX(receive_time) as last_receive_time
+        FROM device_receive_log
+        GROUP BY device_id
+        ORDER BY log_count DESC
+    </select>
+
+</mapper>
\ No newline at end of file
diff --git a/haobang-security-xdr/syslog-serve/src/main/resources/mapper/DeviceUnknownMapper.xml b/haobang-security-xdr/syslog-serve/src/main/resources/mapper/DeviceUnknownMapper.xml
new file mode 100644
index 0000000..846e881
--- /dev/null
+++ b/haobang-security-xdr/syslog-serve/src/main/resources/mapper/DeviceUnknownMapper.xml
@@ -0,0 +1,294 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE mapper PUBLIC "-//mybatis.org//DTD Mapper 3.0//EN"
+        "http://mybatis.org/dtd/mybatis-3-mapper.dtd">
+<mapper namespace="com.common.mapper.DeviceUnknownMapper">
+
+    <!-- 通用查询结果映射 -->
+    <resultMap id="BaseResultMap" type="com.common.entity.DeviceUnknown">
+        <id column="id" property="id" jdbcType="BIGINT"/>
+        <result column="created_at" property="createdAt" jdbcType="TIMESTAMP"/>
+        <result column="device_collect_id" property="deviceCollectId" jdbcType="INTEGER"/>
+        <result column="device_collect_name" property="deviceCollectName" jdbcType="VARCHAR"/>
+        <result column="device_ip" property="deviceIp" jdbcType="VARCHAR"/>
+        <result column="first_time" property="firstTime" jdbcType="TIMESTAMP"/>
+        <result column="last_time" property="lastTime" jdbcType="TIMESTAMP"/>
+        <result column="organization_id" property="organizationId" jdbcType="INTEGER"/>
+        <result column="network_protocol" property="networkProtocol" jdbcType="VARCHAR"/>
+        <result column="source_method" property="sourceMethod" jdbcType="VARCHAR"/>
+    </resultMap>
+
+    <!-- 插入设备记录 -->
+    <insert id="insert" parameterType="com.common.entity.DeviceUnknown"
+            useGeneratedKeys="true" keyProperty="id" keyColumn="id">
+        INSERT INTO device_unknown (
+            created_at,
+            device_collect_id,
+            device_collect_name,
+            device_ip,
+            first_time,
+            last_time,
+            organization_id,
+            network_protocol,
+            source_method
+        ) VALUES (
+            COALESCE(#{createdAt}, NOW() AT TIME ZONE 'utc'),
+            #{deviceCollectId},
+            #{deviceCollectName},
+            #{deviceIp}::inet,
+            #{firstTime},
+            #{lastTime},
+            #{organizationId},
+            #{networkProtocol},
+            #{sourceMethod}
+        )
+    </insert>
+
+    <!-- 批量插入设备记录 -->
+    <insert id="batchInsert" parameterType="java.util.List">
+        INSERT INTO device_unknown (
+        created_at,
+        device_collect_id,
+        device_collect_name,
+        device_ip,
+        first_time,
+        last_time,
+        organization_id,
+        network_protocol,
+        source_method
+        ) VALUES
+        <foreach collection="devices" item="device" separator=",">
+            (
+            COALESCE(#{device.createdAt}, NOW() AT TIME ZONE 'utc'),
+            #{device.deviceCollectId},
+            #{device.deviceCollectName},
+            #{device.deviceIp}::inet,
+            #{device.firstTime},
+            #{device.lastTime},
+            #{device.organizationId},
+            #{device.networkProtocol},
+            #{device.sourceMethod}
+            )
+        </foreach>
+    </insert>
+
+    <!-- 根据ID查询设备 -->
+    <select id="selectById" resultMap="BaseResultMap">
+        SELECT
+            id,
+            created_at,
+            device_collect_id,
+            device_collect_name,
+            device_ip::text as device_ip,
+            first_time,
+            last_time,
+            organization_id,
+            network_protocol,
+            source_method
+        FROM device_unknown
+        WHERE id = #{id}
+    </select>
+
+    <!-- 根据IP查询设备 -->
+    <select id="selectByIp" resultMap="BaseResultMap">
+        SELECT
+            id,
+            created_at,
+            device_collect_id,
+            device_collect_name,
+            device_ip::text as device_ip,
+            first_time,
+            last_time,
+            organization_id,
+            network_protocol,
+            source_method
+        FROM device_unknown
+        WHERE device_ip = #{deviceIp}::inet
+        ORDER BY last_time DESC
+    </select>
+
+    <!-- 根据组织ID查询设备 -->
+    <select id="selectByOrganizationId" resultMap="BaseResultMap">
+        SELECT
+            id,
+            created_at,
+            device_collect_id,
+            device_collect_name,
+            device_ip::text as device_ip,
+            first_time,
+            last_time,
+            organization_id,
+            network_protocol,
+            source_method
+        FROM device_unknown
+        WHERE organization_id = #{organizationId}
+        ORDER BY last_time DESC
+    </select>
+
+    <!-- 查询所有设备 -->
+    <select id="selectAll" resultMap="BaseResultMap">
+        SELECT
+            id,
+            created_at,
+            device_collect_id,
+            device_collect_name,
+            device_ip::text as device_ip,
+            first_time,
+            last_time,
+            organization_id,
+            network_protocol,
+            source_method
+        FROM device_unknown
+        ORDER BY last_time DESC
+    </select>
+
+    <!-- 分页查询设备 -->
+    <select id="selectPage" resultMap="BaseResultMap">
+        SELECT
+            id,
+            created_at,
+            device_collect_id,
+            device_collect_name,
+            device_ip::text as device_ip,
+            first_time,
+            last_time,
+            organization_id,
+            network_protocol,
+            source_method
+        FROM device_unknown
+        ORDER BY last_time DESC
+        LIMIT #{limit} OFFSET #{offset}
+    </select>
+
+    <!-- 根据条件查询设备 -->
+    <select id="selectByCondition" parameterType="com.common.entity.DeviceUnknown"
+            resultMap="BaseResultMap">
+        SELECT
+        id,
+        created_at,
+        device_collect_id,
+        device_collect_name,
+        device_ip::text as device_ip,
+        first_time,
+        last_time,
+        organization_id,
+        network_protocol,
+        source_method
+        FROM device_unknown
+        <where>
+            <if test="deviceCollectId != null">
+                AND device_collect_id = #{deviceCollectId}
+            </if>
+            <if test="deviceCollectName != null and deviceCollectName != ''">
+                AND device_collect_name ILIKE CONCAT('%', #{deviceCollectName}, '%')
+            </if>
+            <if test="deviceIp != null and deviceIp != ''">
+                AND device_ip = #{deviceIp}::inet
+            </if>
+            <if test="organizationId != null">
+                AND organization_id = #{organizationId}
+            </if>
+            <if test="networkProtocol != null and networkProtocol != ''">
+                AND network_protocol = #{networkProtocol}
+            </if>
+            <if test="sourceMethod != null and sourceMethod != ''">
+                AND source_method = #{sourceMethod}
+            </if>
+            <if test="firstTime != null">
+                AND first_time >= #{firstTime}
+            </if>
+            <if test="lastTime != null">
+                AND last_time >= #{lastTime}
+            </if>
+        </where>
+        ORDER BY last_time DESC
+    </select>
+
+    <!-- 根据ID更新设备信息 -->
+    <update id="updateById" parameterType="com.common.entity.DeviceUnknown">
+        UPDATE device_unknown
+        <set>
+            <if test="deviceCollectId != null">
+                device_collect_id = #{deviceCollectId},
+            </if>
+            <if test="deviceCollectName != null and deviceCollectName != ''">
+                device_collect_name = #{deviceCollectName},
+            </if>
+            <if test="deviceIp != null and deviceIp != ''">
+                device_ip = #{deviceIp}::inet,
+            </if>
+            <if test="firstTime != null">
+                first_time = #{firstTime},
+            </if>
+            <if test="lastTime != null">
+                last_time = #{lastTime},
+            </if>
+            <if test="organizationId != null">
+                organization_id = #{organizationId},
+            </if>
+            <if test="networkProtocol != null and networkProtocol != ''">
+                network_protocol = #{networkProtocol},
+            </if>
+            <if test="sourceMethod != null and sourceMethod != ''">
+                source_method = #{sourceMethod},
+            </if>
+        </set>
+        WHERE id = #{id}
+    </update>
+
+    <!-- 更新最后发现时间 -->
+    <update id="updateLastTime">
+        UPDATE device_unknown
+        SET last_time = #{lastTime}
+        WHERE id = #{id}
+    </update>
+
+    <!-- 根据ID删除设备 -->
+    <delete id="deleteById">
+        DELETE FROM device_unknown
+        WHERE id = #{id}
+    </delete>
+
+    <!-- 根据组织ID删除设备 -->
+    <delete id="deleteByOrganizationId">
+        DELETE FROM device_unknown
+        WHERE organization_id = #{organizationId}
+    </delete>
+
+    <!-- 统计设备数量 -->
+    <select id="count" resultType="java.lang.Long">
+        SELECT COUNT(*) FROM device_unknown
+    </select>
+
+    <!-- 根据条件统计设备数量 -->
+    <select id="countByCondition" parameterType="com.common.entity.DeviceUnknown"
+            resultType="java.lang.Long">
+        SELECT COUNT(*) FROM device_unknown
+        <where>
+            <if test="deviceCollectId != null">
+                AND device_collect_id = #{deviceCollectId}
+            </if>
+            <if test="deviceCollectName != null and deviceCollectName != ''">
+                AND device_collect_name ILIKE CONCAT('%', #{deviceCollectName}, '%')
+            </if>
+            <if test="deviceIp != null and deviceIp != ''">
+                AND device_ip = #{deviceIp}::inet
+            </if>
+            <if test="organizationId != null">
+                AND organization_id = #{organizationId}
+            </if>
+            <if test="networkProtocol != null and networkProtocol != ''">
+                AND network_protocol = #{networkProtocol}
+            </if>
+            <if test="sourceMethod != null and sourceMethod != ''">
+                AND source_method = #{sourceMethod}
+            </if>
+            <if test="firstTime != null">
+                AND first_time >= #{firstTime}
+            </if>
+            <if test="lastTime != null">
+                AND last_time >= #{lastTime}
+            </if>
+        </where>
+    </select>
+
+</mapper>
\ No newline at end of file
diff --git a/haobang-security-xdr/syslog-serve/src/test/java/com/haobang/syslog/SysjavacollectApplicationTests.java b/haobang-security-xdr/syslog-serve/src/test/java/com/haobang/syslog/SysjavacollectApplicationTests.java
new file mode 100644
index 0000000..238afed
--- /dev/null
+++ b/haobang-security-xdr/syslog-serve/src/test/java/com/haobang/syslog/SysjavacollectApplicationTests.java
@@ -0,0 +1,13 @@
+package com.haobang.syslog;
+
+import org.junit.jupiter.api.Test;
+import org.springframework.boot.test.context.SpringBootTest;
+
+@SpringBootTest
+class SysjavacollectApplicationTests {
+
+    @Test
+    void contextLoads() {
+    }
+
+}
diff --git a/haobang-security-xdr/syslog-serve/start-syslog-serve.sh b/haobang-security-xdr/syslog-serve/start-syslog-serve.sh
new file mode 100644
index 0000000..6652544
--- /dev/null
+++ b/haobang-security-xdr/syslog-serve/start-syslog-serve.sh
@@ -0,0 +1,56 @@
+#!/bin/bash
+
+# 必须使用 root 权限运行
+if [ "$(id -u)" -ne 0 ]; then
+    echo "此脚本需要 root 权限运行"
+    echo "请使用: sudo $0"
+    exit 1
+fi
+
+# 设置时区
+export TZ="Asia/Shanghai"
+
+# 应用配置
+APP_NAME="syslog-serve"
+JAR_FILE="syslog-serve-1.0.0.jar"
+LOG_DIR="/data/syslog/logs"
+
+# 创建日志目录
+# mkdir -p ${LOG_DIR}
+
+# 允许绑定低端口
+sysctl -w net.ipv4.ip_unprivileged_port_start=0 2>/dev/null || true
+
+# JVM 参数
+JVM_OPTS="-server -Xms512m -Xmx1024m -XX:+UseG1GC -Duser.timezone=Asia/Shanghai"
+
+# 应用参数
+APP_OPTS="--syslog.port=514"
+APP_OPTS="${APP_OPTS} --server.port=8189"
+APP_OPTS="${APP_OPTS} --logging.file.path=${LOG_DIR}"
+APP_OPTS="${APP_OPTS} --app.privileged=true"
+
+echo "========================================"
+echo "启动 ${APP_NAME}"
+echo "Syslog 端口: 514 (UDP/TCP)"
+echo "管理端口: 8189 (HTTP)"
+echo "日志目录: ${LOG_DIR}"
+echo "时区: ${TZ}"
+echo "========================================"
+
+# 启动应用
+nohup java ${JVM_OPTS} -jar ${JAR_FILE} ${APP_OPTS} > ${LOG_DIR}/syslog-serve-console.log 2>&1 &
+
+# 记录 PID
+PID=$!
+echo ${PID} > /tmp/${APP_NAME}.pid
+echo "应用启动成功，PID: ${PID}"
+echo ""
+echo "查看日志:"
+echo "  tail -f ${LOG_DIR}/syslog-serve.log"
+echo ""
+echo "测试 Syslog:"
+echo "  logger -n 127.0.0.1 -P 514 '测试消息'"
+echo ""
+echo "访问管理界面:"
+echo "  http://localhost:8189"
\ No newline at end of file
diff --git a/haobang-security-xdr/syslog-serve/stop-syslog-serve.sh b/haobang-security-xdr/syslog-serve/stop-syslog-serve.sh
new file mode 100644
index 0000000..6ada61f
--- /dev/null
+++ b/haobang-security-xdr/syslog-serve/stop-syslog-serve.sh
@@ -0,0 +1,48 @@
+#!/bin/bash
+
+# 快速停止脚本 - 无需确认
+
+if [ "$(id -u)" -ne 0 ]; then
+    echo "需要 root 权限，请使用: sudo $0"
+    exit 1
+fi
+
+APP_NAME="syslog-serve"
+PID_FILE="/tmp/${APP_NAME}.pid"
+PORTS=(514 8189)
+
+echo "停止 ${APP_NAME}..."
+
+# 1. 通过 PID 文件停止
+if [ -f "$PID_FILE" ]; then
+    PID=$(cat $PID_FILE)
+    if kill -0 $PID 2>/dev/null; then
+        echo "停止进程 $PID..."
+        kill -15 $PID
+        sleep 3
+
+        if kill -0 $PID 2>/dev/null; then
+            echo "强制停止..."
+            kill -9 $PID
+        fi
+    fi
+    rm -f $PID_FILE
+fi
+
+# 2. 停止所有监听端口的 Java 进程
+for port in ${PORTS[@]}; do
+    PIDS=$(lsof -ti:$port 2>/dev/null)
+    if [ ! -z "$PIDS" ]; then
+        for pid in $PIDS; do
+            if ps -p $pid | grep -q "java"; then
+                echo "停止监听端口 $port 的进程 $pid..."
+                kill -9 $pid 2>/dev/null
+            fi
+        done
+    fi
+done
+
+# 3. 停止所有包含应用名的进程
+pkill -f "java.*syslog-serve" 2>/dev/null
+
+echo "停止完成"
\ No newline at end of file