初次提交代码

haobang-security-xdr/syslog-client/src/main/java/com/haobang/syslog/ClientClass.java

@@ -0,0 +1,77 @@
+package com.haobang.syslog;
+
+import org.graylog2.syslog4j.Syslog;
+import org.graylog2.syslog4j.SyslogConstants;
+import org.graylog2.syslog4j.SyslogIF;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+import java.net.URLDecoder;
+
+public class ClientClass implements Runnable{
+    private static final Logger logger = LoggerFactory.getLogger(ClientClass.class);
+    //控制循环结束的
+    private boolean flag = true;
+    private static ClientClass ClientClass = null;
+    private ClientClass() {
+    }
+    public static synchronized ClientClass getClient()
+    {
+        if(ClientClass == null)
+    ClientClass = new ClientClass ();
+        return ClientClass ;
+}
+    @Override
+    public void run() {
+        try {
+            //初始化标识位
+            flag = true;
+            //以传输名称的形式来传输实例化的协议类型
+            String prot = Thread.currentThread().getName();
+            //获取syslog的操作类，使用udp协议。syslog支持"udp", "tcp", "unix_syslog", "unix_socket"协议
+            SyslogIF syslog = Syslog.getInstance(prot);
+            //设置syslog服务器端地址   地址为之前你服务器的地址
+            //syslog.getConfig().setHost("192.168.222.131");
+            syslog.getConfig().setHost("0.0.0.0");
+            //设置syslog接收端口，默认514
+            syslog.getConfig().setPort(514);
+            logger.info("设置syslog端口：514");
+            //拼接syslog日志
+           // String str = "operator Protocol sky====> "+ Thread.currentThread().getName();
+           // String str ="<14>1 2025-10-14T05:49:35Z cb5a5f07595c supermario 9 portrait -{\"source\":\"portrait\",\"uuid\":\"1a26ac6e-2d77-4ada-b560-1abbcae1de98\",\"host\":{\"cpuConcurrency\":8,\"fonts\":[\"Rockwell\",\"Calibri\",\"Gadugi\",\"Leelawadee UI\",\"Bahnschrift\",\"DengXian\",\"Roboto\",\"DejaVu Sans Mono\",\"Open Sans\",\"Source Han Serif CN\"],\"hasUnity\":false,\"language\":\"zh-CN\",\"memory\":0,\"os\":\"Windows 10.0\",\"render\":\"ANGLE (Intel, Intel(R) UHD Graphics 620 Direct3D9Ex vs_3_0 ps_3_0, igdumdim32.dll-30.0.101.1338)\",\"screenResolution\":[1366,768],\"timezone\":\"Asia/Shanghai\",\"touchSupport\":true},\"network\":{\"externalIP\":{\"ip\":\"60.190.198.14\"},\"internalIP\":{\"ip\":\"\"},\"realIP\":{\"ip\":\"60.190.198.14\"}},\"browser\":{\"arch\":\"\",\"bitness\":\"\",\"canvasFingerprint\":\"7031cc506eaded347eb1b596677ec7be\",\"canvas_fp\":\"7031cc506eaded347eb1b596677ec7be\",\"canvas_fp2\":\"7031cc506eaded347eb1b596677ec7be\",\"chrome_ext\":[\"Google Office\"],\"fp2\":\"559732dbe9bafced9536c77a6c020f88\",\"is_private\":false,\"mobile\":false,\"model\":\"\",\"name\":\"Chrome\",\"os\":\"Windows 10.0\",\"tid\":\"s:16951889730ae4d6af8-b3b4b-5ede70.22c7306819e72dd14e3e5c5644e49ed42a44d857ca55f6df0acd0460f510f15f\",\"version\":\"94.0.4606.71\",\"versionNumber\":94,\"webgl_fp\":\"487f7b22f68312d2c1bbc93b1aea445b\",\"webgl_fp2\":\"487f7b22f68312d2c1bbc93b1aea445b\"},\"social\":{},\"extra\":{\"version\":\"1.1\"},\"node\":\"AQSE\"}";
+
+            //String str="<14>1 2025-10-21T03:00:00Z e731cb058e44 supermario 8 scanner-{    \"source\": \"scanner\",    \"id\": \"1efbe83b4eb1bdd8c3aede950a7cecda\",    \"time\": \"2025-10-21T03:00:00Z\",    \"proto\": \"tcp\",    \"start_time\": \"2025-10-21T03:02:40.635861443Z\",  \"end_time\": \"2025-10-21T03:02:41.830497611Z\",    \"src_ip\": \"165.227.62.247\",    \"src_port\": \"29011\",    \"dest_ip\": \"172.21.7.10\",    \"dest_port\": [        8888    ],    \"src_mac\": \"\",    \"pcap_file\": null,    \"events\": [        {            \"dest_port\": \"8888\",            \"scan_type\": [                \"unknown_conn\",                \"TCP-Syn\"            ],            \"start_time\": 1761015760.635861,            \"end_time\": 1761015761.830498,            \"dumb_captures\": null        }    ],    \"scantypes\": [        \"unknown_conn\",        \"TCP-Syn\"    ],    \"send_email\": true,    \"agent_id\": \"110edf34-6a68-4853-bdaf-2991c5f837f0\",    \"node\": \"N3zA\"}";
+            String str="{\"source\":\"honeypot\",\"id\":\"0b1f271b-8a9a-4005-b86d-74b594962a5a\",\"start_time\":\"2023-07-24T07:24:24.040214306Z\",\"time\":\"2023-07-24T07:24:24.072782762Z\",\"risk_level\":4,\"connection\":\"8c404933-dbb5-4f85-b995-439b46ee5a17\",\"file_info\":null,\"extra\":{\"payload\":{\"format\":\"line\",\"name\":{\"cn\":\"攻击载荷\",\"en\":\"payload\"},\"value\":\"\"},\"uid\":{\"format\":\"line\",\"name\":{\"cn\":\"\",\"en\":\"\"},\"uid\":\"00f854a8-87f1-4421-9f1d-bc282352e161\",\"value\":\"\"}},\"type\":\"WEB_ATTACK_SCANNER\",\"agent_sn\":\"4b10fa4c-f9ef-47d5-b5c7-e30e0093412d\",\"agent_name\":\"agent_211\",\"honeypot_id\":\"9591b17cc30d9b54780d32541b9e4a9f4322134369a18cd444c1ec61135ac4e7\",\"honeypot_name\":\"fastjson\",\"src_ip\":\"10.2.3.122\",\"src_port\":36414,\"src_mac\":\"\",\"dest_ip\":\"10.9.32.211\",\"dest_port\":60035,\"proxy_ip\":null,\"node\":\"p3zZ\"}";
+           // String str ="2021-09-23T08:53:10+08:00 14b52b9261e0 supermario[9]: {\"source\":\"honeypot\",\"id\":\"ee0dceca-a598-49bf-be30-9aae9e941969\",\"start_time\":\"2021-09-23T08:53:09.068027625Z\",\"time\":\"2021-09-23T08:53:10.746983324Z\",\"risk_level\":2,\"connection\":\"202c56f9-24e9-4246-8f2a-14994ce6564b\",\"file_info\":null,\"extra\":{\"note\":{\"format\":\"line\",\"name\":{\"cn\":\"登陆详情\",\"en\":\"Extra Note\"},\"value\":\"user public key not allowed\"},\"success\":{\"format\":\"line\",\"name\":{\"cn\":\"登录是否成功\",\"en\":\"Success or not\"},\"value\":\"no\"},\"username\":{\"format\":\"line\",\"name\":{\"cn\":\"用户名\",\"en\":\"Username\"},\"value\":\"root\"}},\"type_id\":\"key_login\",\"agent_sn\":\"5f32e437-ba85-4b15-a646-f6f4ca3fe6c3\",\"agent_name\":\"abc\",\"honeypot_id\":\"3e9bce4eef09405941284fdd1a91124c01bcd9186440798a9ace96b7f7493330\",\"honeypot_name\":\"ssh\",\"src_ip\":\"172.16.96.1\",\"src_port\":56854,\"src_mac\":\"8a:e9:fe:38:71:64\",\"dest_ip\":\"172.16.96.64\",\"dest_port\":1234,\"proxy_ip\":null}";
+            //String str ="<14>1 2025-10-14T11:52:26Z 5f46d3be75e1 supermario 128 honeypot_event - {\"source\":\"honeypot\",\"id\":\"f6a13c35-bf9d-4da6-a181-50ce23e7ef6a\",\"start_time\":\"2023-09-03T11:07:02.50167643Z\",\"time\":\"2023-09-03T11:16:18.883885281Z\",\"risk_level\":4,\"connection\":\"b18f3fbe-3fbf-4495-815f-ff26f6fb0bdf\",\"file_info\":null,\"extra\":{\"payload\":{\"format\":\"line\",\"name\":{\"cn\":\"攻击载荷\",\"en\":\"payload\"},\"value\":\"\"},\"uid\":{\"format\":\"line\",\"name\":{\"cn\":\"\",\"en\":\"\"},\"uid\":\"b4cbc73c-25d0-4429-ae1b-a856cdf1a651\",\"value\":\"\"}},\"type\":\"WEB_ATTACK_SCANNER\",\"agent_sn\":\"caa7da42-0cca-4cb1-b501-1f1eb2b588d5\",\"agent_name\":\" 教育局蜜罐探针\",\"honeypot_id\":\"11a9ac6bdf38ae2aaa49ec4f1b4a921bff71952cb9f175bdd8ee1f0497057bc6\",\"honeypot_name\":\"茂名市中小学管理平台管理后台-test\",\"src_ip\":\"117.50.189.7\",\"src_port\":58512,\"src_mac\":\"\",\"dest_ip\":\"192.168.222.2\",\"dest_port\":9200,\"proxy_ip\":null,\"node\":\"WRx3\"}" ;
+
+            //String str ="<14>1 2023-09-06T02:02:39Z 48ec296b34c7 supermario 85 agent - {\"sn\":\"8cf9a388-578e-4b30-ac4b-098a46dde642\",\"name\":\"茂名市住房和城乡建设局蜜罐探针\",\"send\":true,\"host\":\"172.25.142.16\",\"type\":\"agent_connect\",\"event_type_display_name\":{\"en\":\"Agent Connect Event\",\"cn\":\"探针连接建立\"},\"node\":\"WRx3\"}";
+
+
+            System.out.println("+++++++++++++start++++++++++++");
+            System.out.println("syslog message push: "+str );
+            syslog.log(SyslogConstants.LEVEL_DEBUG, URLDecoder.decode(str,"utf-8"));
+            /*while(flag) {
+                //等级为debug
+                syslog.log(SyslogConstants.LEVEL_DEBUG, URLDecoder.decode(str,"utf-8"));
+                //给程序缓冲时间，没有缓冲时间接受不到数据
+                Thread.sleep(100);
+            }*/
+            syslog.shutdown();
+            System.out.println(Thread.currentThread().getName()+" end");
+        } catch (Exception e) {
+            System.err.println("出错了");
+            e.printStackTrace();
+        }
+    }
+    public void shutdown() {
+        try {
+            //线程停止
+            Thread.sleep(2000);
+            //改变标识位
+            flag = false;
+        } catch (InterruptedException e) {
+            e.printStackTrace();
+        }
+    }
+}

haobang-security-xdr/syslog-client/src/main/java/com/haobang/syslog/MySyslogClient.java

@@ -0,0 +1,38 @@
+package com.haobang.syslog;
+
+import com.alibaba.fastjson2.JSONObject;
+import org.graylog2.syslog4j.Syslog;
+import org.graylog2.syslog4j.SyslogConstants;
+import org.graylog2.syslog4j.SyslogIF;
+
+import java.io.UnsupportedEncodingException;
+import java.net.URLDecoder;
+import java.util.Date;
+
+public class MySyslogClient {
+    private static final String HOST = "127.0.0.1";
+    private static final int PORT = 514;
+
+    public void generate() {
+        SyslogIF syslog = Syslog.getInstance(SyslogConstants.UDP);
+        syslog.getConfig().setHost(HOST);
+        syslog.getConfig().setPort(PORT);
+
+        StringBuffer buffer = new StringBuffer();
+        buffer.append("约会时间:" + new Date().toString().substring(4,20) + ";")
+                .append("羞答答的美女:" + "我是阿南啦" + ";")
+                .append("暗号:" + "万般皆下品，唯有编码屌88888223346" + ";");
+        JSONObject jsonObject = new JSONObject();
+        jsonObject.put("message", buffer.toString());
+        try {
+            syslog.log(0, URLDecoder.decode(jsonObject.toString(), "utf-8"));
+        } catch (UnsupportedEncodingException e) {
+            System.out.println("generate log get exception " + e);
+        }
+        System.out.println("哎呀，老娘的第N次dating，竟然还得先搭讪!");
+    }
+
+    public static void main(String[] args) {
+        new MySyslogClient().generate();
+    }
+}

haobang-security-xdr/syslog-client/src/main/java/com/haobang/syslog/syslogClientApplication.java

@@ -0,0 +1,26 @@
+package com.haobang.syslog;
+
+
+import org.springframework.boot.SpringApplication;
+import org.springframework.boot.autoconfigure.SpringBootApplication;
+
+@SpringBootApplication
+public class syslogClientApplication {
+
+
+
+    public static void main(String[] args) {
+        SpringApplication.run(syslogClientApplication.class, args);
+
+        //获取UDP客户端线程
+        // Thread UDPClient = new Thread(ClientClass.getClient(),"UDP");
+        //获取TCP客户端线程
+        Thread TCPClient = new Thread(ClientClass.getClient(),"TCP");
+        //启动线程
+        TCPClient.start();
+
+    }
+}
+
+
+

haobang-security-xdr/syslog-client/src/main/resources/application.properties

@@ -0,0 +1 @@
+

haobang-security-xdr/syslog-client/src/main/resources/logback.xml

@@ -0,0 +1,42 @@
+<?xml version="1.0" encoding="UTF-8"?>
+
+<configuration >
+
+    <!-- 定义日志输出格式 -->
+    <property name="LOG_PATTERN" value="%d{yyyy-MM-dd HH:mm:ss.SSS} [%thread] %-5level %logger{36} - %msg%n" />
+
+    <!-- 控制台输出 -->
+    <appender name="CONSOLE" class="ch.qos.logback.core.ConsoleAppender">
+        <encoder>
+            <pattern>${LOG_PATTERN}</pattern>
+        </encoder>
+    </appender>
+
+
+    <!-- 文件输出，每天滚动 -->
+    <appender name="FILE" class="ch.qos.logback.core.rolling.RollingFileAppender">
+        <file>logs/syslog-client.log</file>
+        <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
+            <!-- 每天滚动 -->
+            <fileNamePattern>logs/syslog-client.%d{yyyy-MM-dd}.log</fileNamePattern>
+            <!-- 保留30天的历史 -->
+            <maxHistory>30</maxHistory>
+        </rollingPolicy>
+        <encoder>
+            <pattern>${LOG_PATTERN}</pattern>
+        </encoder>
+    </appender>
+
+    <!-- 设置日志级别 -->
+    <root level="INFO">
+        <appender-ref ref="CONSOLE" />
+        <appender-ref ref="FILE" />
+    </root>
+
+    <!-- 可以设置特定包的日志级别 -->
+    <!-- 例如，将com.example包的日志级别设置为DEBUG -->
+    <!--
+    <logger name="com.example" level="DEBUG" />
+    -->
+
+</configuration>

haobang-security-xdr/syslog-client/src/test/java/com/haobang/syslog/SysjavacollectApplicationTests.java

@@ -0,0 +1,13 @@
+package com.haobang.syslog;
+
+import org.junit.jupiter.api.Test;
+import org.springframework.boot.test.context.SpringBootTest;
+
+@SpringBootTest
+class SysjavacollectApplicationTests {
+
+    @Test
+    void contextLoads() {
+    }
+
+}