nanChen/ai-security-xdr
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

1、数据库PG切换为达梦的修改版本。

Browse Source
This commit is contained in:
nanChen
2026-05-28 14:58:00 +08:00
parent a360895292
commit a168f74653
119 changed files with 2758 additions and 2090 deletions
Download Patch File Download Diff File Expand all files Collapse all files
haobang-security-dm/syslog-serve/docker_run.txt
+5 -3
View File
@@ -8,13 +8,15 @@ cd /opt/syslog/docker/serve
--docker build -f /opt/syslog/docker/serve/Dockerfile -t syslog-serve:v1.0
--打包docker image文件 (Dockerfile 当前目录)
docker build -t syslog-serve:v1.X.X .
docker build -t syslog-serve-dm:v1.2.X .
--2.查看运行中容器
docker ps -a
--3.打包docker image文件 (Dockerfile 当前目录)
docker build -t syslog-serve:v1.X.X .
--dameng
docker build -t syslog-serve-dm:v1.2.X .
--4.停止容器 并删除
docker stop ct-syslog-serve && docker rm ct-syslog-serve
@@ -22,8 +24,8 @@ docker rmi
--5.运行docker 文件
docker run --restart unless-stopped -e TZ=Asia/Shanghai -d --name ct-syslog-serve -p 514:514 -p 8189:8189 -v /home/syslog/logs:/app/logs --privileged=true syslog-serve:v1.X.X
docker run --restart unless-stopped -e TZ=Asia/Shanghai -d --name ct-syslog-serve -p 514:514/udp -p 514:514/tcp -p 8189:8189 -v /home/syslog/logs:/app/logs --privileged=true syslog-serve:v1.X.X
docker run --restart unless-stopped -e TZ=Asia/Shanghai -d --name syslog-serve-dm -p 514:514 -p 8189:8189 -v /home/syslog/logs:/app/logs --privileged=true syslog-serve-dm:v1.X.X
docker run --restart unless-stopped -e TZ=Asia/Shanghai -d --name syslog-serve-dm -p 514:514/udp -p 514:514/tcp -p 8189:8189 -v /home/syslog/logs:/app/logs --privileged=true syslog-serve-dm:v1.X.X
ZC CMD
docker run --restart unless-stopped -e TZ=Asia/Shanghai -d --name ct-syslog-serve -p 514:514 -p 8189:8189 -v /data/syslog/logs:/app/logs --privileged=true syslog-serve:v1.X.X
haobang-security-dm/syslog-serve/pom.xml
+10 -1
View File
@@ -122,12 +122,21 @@
<version>${mybatis.version}</version>
</dependency>
<!-- PostgreSQL驱动 -->
<!-- PostgreSQL驱动(已切换至达梦数据库,保留备用) -->
<!--
<dependency>
<groupId>org.postgresql</groupId>
<artifactId>postgresql</artifactId>
<version>${postgresql.version}</version>
</dependency>
-->
<!-- 达梦数据库驱动 JDK1.8 -->
<dependency>
<groupId>com.dameng</groupId>
<artifactId>DmJdbcDriver18</artifactId>
<version>8.1.2.141</version>
</dependency>
<dependency>
<groupId>com.fasterxml.jackson.core</groupId>
haobang-security-dm/syslog-serve/src/main/java/com/config/CacheConfig.java
+37 -1
View File
@@ -13,11 +13,21 @@ import org.springframework.context.annotation.Configuration;
import java.time.Duration;
import java.util.Collections;
import org.springframework.cache.annotation.EnableCaching;
import com.fasterxml.jackson.core.JsonGenerator;
import com.fasterxml.jackson.databind.BeanDescription;
import com.fasterxml.jackson.databind.JsonSerializer;
import com.fasterxml.jackson.databind.ObjectMapper;
import com.fasterxml.jackson.databind.SerializationConfig;
import com.fasterxml.jackson.databind.SerializerProvider;
import com.fasterxml.jackson.databind.jsontype.TypeSerializer;
import com.fasterxml.jackson.databind.module.SimpleModule;
import com.fasterxml.jackson.databind.ser.BeanSerializerModifier;
import com.fasterxml.jackson.datatype.jsr310.JavaTimeModule;
import com.fasterxml.jackson.databind.jsontype.BasicPolymorphicTypeValidator;
import com.fasterxml.jackson.databind.jsontype.PolymorphicTypeValidator;
import java.io.IOException;
@Configuration
@EnableCaching // 启用缓存
public class CacheConfig {
@@ -35,6 +45,33 @@ public class CacheConfig {
// 禁用将日期序列化为时间戳
mapper.disable(com.fasterxml.jackson.databind.SerializationFeature.WRITE_DATES_AS_TIMESTAMPS);
// 注册达梦 JDBC 安全序列化器 — 拦截 dm.jdbc.* 类,直接返回 null 防止循环引用 StackOverflow
SimpleModule dmSafeModule = new SimpleModule("dm-safe");
dmSafeModule.setSerializerModifier(new BeanSerializerModifier() {
@Override
public JsonSerializer<?> modifySerializer(SerializationConfig config,
BeanDescription beanDesc,
JsonSerializer<?> serializer) {
if (beanDesc.getBeanClass().getName().startsWith("dm.jdbc.")) {
return new JsonSerializer<Object>() {
@Override
public void serialize(Object value, JsonGenerator gen,
SerializerProvider serializers) throws IOException {
gen.writeNull();
}
@Override
public void serializeWithType(Object value, JsonGenerator gen,
SerializerProvider serializers, TypeSerializer typeSer) throws IOException {
gen.writeNull();
}
};
}
return serializer;
}
});
mapper.registerModule(dmSafeModule);
// 启用类型信息,解决 LinkedHashMap 转换问题
PolymorphicTypeValidator ptv = BasicPolymorphicTypeValidator.builder()
.allowIfSubType("com.common.entity.") // 允许你的实体类包
@@ -50,7 +87,6 @@ public class CacheConfig {
ObjectMapper.DefaultTyping.NON_FINAL,
com.fasterxml.jackson.annotation.JsonTypeInfo.As.PROPERTY
);
return mapper;
}
haobang-security-dm/syslog-serve/src/main/java/com/config/RedisConfig.java
+36 -1
View File
@@ -1,4 +1,13 @@
package com.config;
import com.fasterxml.jackson.core.JsonGenerator;
import com.fasterxml.jackson.databind.BeanDescription;
import com.fasterxml.jackson.databind.JsonSerializer;
import com.fasterxml.jackson.databind.ObjectMapper;
import com.fasterxml.jackson.databind.SerializationConfig;
import com.fasterxml.jackson.databind.SerializerProvider;
import com.fasterxml.jackson.databind.jsontype.TypeSerializer;
import com.fasterxml.jackson.databind.module.SimpleModule;
import com.fasterxml.jackson.databind.ser.BeanSerializerModifier;
import com.fasterxml.jackson.datatype.jsr310.JavaTimeModule;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
@@ -7,7 +16,7 @@ import org.springframework.data.redis.core.RedisTemplate;
import org.springframework.data.redis.serializer.Jackson2JsonRedisSerializer;
import org.springframework.data.redis.serializer.StringRedisSerializer;
import com.fasterxml.jackson.databind.ObjectMapper;
import java.io.IOException;
@Configuration
public class RedisConfig {
@@ -22,6 +31,32 @@ public class RedisConfig {
ObjectMapper mapper = new ObjectMapper();
mapper.registerModule(new JavaTimeModule());
// 注册达梦 JDBC 安全序列化器 — 拦截 dm.jdbc.* 类,直接返回 null 防止循环引用 StackOverflow
SimpleModule dmSafeModule = new SimpleModule("dm-safe");
dmSafeModule.setSerializerModifier(new BeanSerializerModifier() {
@Override
public JsonSerializer<?> modifySerializer(SerializationConfig config,
BeanDescription beanDesc,
JsonSerializer<?> serializer) {
if (beanDesc.getBeanClass().getName().startsWith("dm.jdbc.")) {
return new JsonSerializer<Object>() {
@Override
public void serialize(Object value, JsonGenerator gen,
SerializerProvider serializers) throws IOException {
gen.writeNull();
}
@Override
public void serializeWithType(Object value, JsonGenerator gen,
SerializerProvider serializers, TypeSerializer typeSer) throws IOException {
gen.writeNull();
}
};
}
return serializer;
}
});
mapper.registerModule(dmSafeModule);
mapper.activateDefaultTyping(
mapper.getPolymorphicTypeValidator(),
ObjectMapper.DefaultTyping.NON_FINAL
haobang-security-dm/syslog-serve/src/main/java/com/haobang/config/AppConfig.java
+12
View File
@@ -4,6 +4,7 @@ import com.typesafe.config.Config;
import com.typesafe.config.ConfigFactory;
import java.io.File;
import com.typesafe.config.ConfigValueFactory;
import java.nio.charset.Charset;
import java.util.Map;
public class AppConfig {
@@ -101,6 +102,17 @@ public class AppConfig {
return config.getInt("syslog.buffer.size");
}
/**
* syslog 消息字符编码,默认 GBK(国内安全设备普遍使用 GBK)
* 配置示例: syslog.charset=GBK
*/
public static Charset getSyslogCharset() {
if (config.hasPath("syslog.charset")) {
return Charset.forName(config.getString("syslog.charset"));
}
return Charset.forName("GBK");
}
// app service 配置
public static String getAppServieDeviceId() {
return config.getString("app.service.device_id");
haobang-security-dm/syslog-serve/src/main/java/com/haobang/interlocking/InterlockingService.java
+2 -2
View File
@@ -54,9 +54,9 @@ public class InterlockingService {
/**
* 定时任务:检查并执行待处理的封禁指令
* 每30秒执行一次
* 每60秒执行一次
*/
@Scheduled(fixedDelay = 30000)
@Scheduled(fixedDelay = 60000)
public void processPendingCommands() {
if (!interlockingEnabled) {
return;
haobang-security-dm/syslog-serve/src/main/java/com/netty/SyslogMessageHandler.java
+3 -1
View File
@@ -7,6 +7,7 @@ import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import java.net.InetSocketAddress;
import java.nio.charset.Charset;
import com.kafka.kafkaProducer;
import com.Modules.Device.DeviceProcess;
import com.haobang.util.Sm4Util;
@@ -16,6 +17,7 @@ import com.haobang.config.AppConfig;
*/
public class SyslogMessageHandler extends SimpleChannelInboundHandler<Object> {
private static final Logger logger = LoggerFactory.getLogger(SyslogMessageHandler.class);
private static final Charset SYSLOG_CHARSET = AppConfig.getSyslogCharset();
@Override
protected void channelRead0(ChannelHandlerContext ctx, Object msg) throws Exception {
@@ -27,7 +29,7 @@ public class SyslogMessageHandler extends SimpleChannelInboundHandler<Object> {
if (msg instanceof DatagramPacket) {
// UDP 消息处理
DatagramPacket packet = (DatagramPacket) msg;
message = packet.content().toString(io.netty.util.CharsetUtil.UTF_8);
message = packet.content().toString(SYSLOG_CHARSET);
source_ip=packet.sender().getAddress().getHostAddress();
source_port=packet.sender().getPort();
source = packet.sender().getAddress().getHostAddress() + ":" + packet.sender().getPort();
haobang-security-dm/syslog-serve/src/main/java/com/netty/SyslogTcpChannelInitializer.java
+5 -4
View File
@@ -9,13 +9,14 @@ import io.netty.handler.codec.DelimiterBasedFrameDecoder;
import io.netty.handler.codec.Delimiters;
import io.netty.handler.codec.string.StringDecoder;
import io.netty.handler.codec.string.StringEncoder;
import io.netty.util.CharsetUtil;
import java.nio.charset.Charset;
/**
* TCP 通道初始化器
*/
public class SyslogTcpChannelInitializer extends ChannelInitializer<SocketChannel> {
private static final int MAX_FRAME_LENGTH = AppConfig.getSyslogMaxFrameLength();
private static final Charset SYSLOG_CHARSET = AppConfig.getSyslogCharset();
@Override
protected void initChannel(SocketChannel ch) throws Exception {
@@ -26,9 +27,9 @@ public class SyslogTcpChannelInitializer extends ChannelInitializer<SocketChanne
MAX_FRAME_LENGTH,
Delimiters.lineDelimiter()));
// 添加字符串解码器和编码器
pipeline.addLast("decoder", new StringDecoder(CharsetUtil.UTF_8));
pipeline.addLast("encoder", new StringEncoder(CharsetUtil.UTF_8));
// 添加字符串解码器和编码器(使用可配置的字符集)
pipeline.addLast("decoder", new StringDecoder(SYSLOG_CHARSET));
pipeline.addLast("encoder", new StringEncoder(SYSLOG_CHARSET));
// 添加业务处理器
pipeline.addLast("handler", new SyslogMessageHandler());
haobang-security-dm/syslog-serve/src/main/java/com/netty/SyslogUdpChannelInitializer.java
+7 -4
View File
@@ -1,23 +1,26 @@
package com.netty;
import com.haobang.config.AppConfig;
import io.netty.channel.ChannelInitializer;
import io.netty.channel.ChannelPipeline;
import io.netty.channel.socket.DatagramChannel;
import io.netty.handler.codec.string.StringDecoder;
import io.netty.handler.codec.string.StringEncoder;
import io.netty.util.CharsetUtil;
import java.nio.charset.Charset;
/**
* UDP 通道初始化器
*/
public class SyslogUdpChannelInitializer extends ChannelInitializer<DatagramChannel> {
private static final Charset SYSLOG_CHARSET = AppConfig.getSyslogCharset();
@Override
protected void initChannel(DatagramChannel ch) throws Exception {
ChannelPipeline pipeline = ch.pipeline();
// 添加字符串解码器和编码器
pipeline.addLast("decoder", new StringDecoder(CharsetUtil.UTF_8));
pipeline.addLast("encoder", new StringEncoder(CharsetUtil.UTF_8));
// 添加字符串解码器和编码器(使用可配置的字符集)
pipeline.addLast("decoder", new StringDecoder(SYSLOG_CHARSET));
pipeline.addLast("encoder", new StringEncoder(SYSLOG_CHARSET));
// 添加业务处理器
pipeline.addLast("handler", new SyslogMessageHandler());
haobang-security-dm/syslog-serve/src/main/resources/application-dev.properties
+32 -27
View File
@@ -11,6 +11,8 @@ syslog.tcp.port=514
syslog.udp.port=514
syslog.max.frame.length=262144
syslog.buffer.size=1000
# syslog 消息字符编码,国内安全设备普遍使用 GBK,如需 UTF-8 改为 syslog.charset=UTF-8
syslog.charset=GBK
syslog.sm4.generateKey=f79548ab6fa8a304fc0115e17230358a
# APP Service Configuration
@@ -18,15 +20,17 @@ app.service.device_id=1
app.service.device_name=honeypot
app.service.vendor=changting
app.service.product_name=diting
#采集探针ID
#采集探针ID
app.service.device_collect_id=${DEVICE_COLLECT_ID:1}
app.service.version=${APP_SERVICE_VER:V1.0.0-20260527}
app.service.device_collect_name=${DEVICE_COLLECT_NAME:DevCollect-01}
# syslog message data_type
app.service.data_type=json
# kafka Configuration
spring.kafka.producer.bootstrap-servers=192.168.222.130:9092
spring.kafka.producer.bootstrap-servers=192.168.4.99:9092
spring.kafka.producer.topic =${KAFKA_PRODUCER_TOPIC:agent-syslog-topic}
# kafka Configuration 新增优化配置
# kafka Configuration 新增优化配置
spring.kafka.producer.properties.retries=10
spring.kafka.producer.properties.retry.backoff.ms=500
spring.kafka.producer.properties.connections.max.idle.ms=600000
@@ -35,20 +39,21 @@ spring.kafka.producer.properties.request.timeout.ms=30000
spring.kafka.producer.properties.delivery.timeout.ms=120000
#database Configuration
spring.datasource.url=jdbc:postgresql://117.72.68.72:54329/ecosys
spring.datasource.username=postgres
spring.datasource.password=TnLanWaidYSwTSG5
spring.datasource.driver-class-name=org.postgresql.Driver
spring.datasource.url=jdbc:dm://192.168.4.99:5237
spring.datasource.username=SYSDBA
spring.datasource.password=caZ2TcmXNSW8L2Ap
spring.datasource.driver-class-name=dm.jdbc.driver.DmDriver
spring.datasource.hikari.schema=\"PUBLIC\"
# mybatis Configuration
mybatis.mapper-locations=classpath:mapper/*.xml
mybatis.type-aliases-package=com.common.entity
mybatis.configuration.map-underscore-to-camel-case=true
# 开发环境缓存配置
spring.redis.host=192.168.222.131
# 开发环境缓存配置
spring.redis.host=localhost
spring.redis.port=6379
# 密码(如果没有设置密码,可以省略)
# 密码(如果没有设置密码,可以省略)
spring.redis.password=
spring.redis.database=0
spring.redis.timeout=2000
@@ -57,44 +62,44 @@ spring.redis.lettuce.pool.max-active=8
spring.redis.lettuce.pool.max-wait=-1
spring.redis.lettuce.pool.max-idle=8
spring.redis.lettuce.pool.min-idle=0
# 开发环境缓存时间较短,方便调试
# 开发环境缓存时间较短,方便调试
spring.cache.redis.time-to-live=600000
# 黑名单API配置
# 黑名单API配置
blacklist.api.url= https://103.43.84.11/api/v3/Objects/Blacklist
blacklist.api.username=apt-admin103
blacklist.api.password=C9W2xYgfc%SN1
# 白名单API配置
# 白名单API配置
whitelist.api.url=https://103.43.84.11/api/v3/Policies/GlobalWhitelist
# ============================================
# 探针联动配置
# 探针联动配置
# ============================================
# 是否启用联动功能
# 是否启用联动功能
interlocking.enabled=true
# syslog-consumer API基础URL(安全平台外网映射地址)
interlocking.api.base-url=http://192.168.222.131:8089/xdrservice/interlocking
# API-KEY认证(32位,需与syslog-consumer配置一致)
# syslog-consumer API基础URL(安全平台外网映射地址)
interlocking.api.base-url=http://localhost:8089/xdrservice/interlocking
# API-KEY认证(32位,需与syslog-consumer配置一致)
interlocking.api-key=a1b2c3d4e5f6g7h8i9j0k1l2m3n4o5p6
# 定时任务执行间隔(毫秒),默认30秒
# 定时任务执行间隔(毫秒),默认30秒
interlocking.schedule.interval=30000
# ============================================
# 探针心跳配置
# 探针心跳配置
# ============================================
# 是否启用心跳
# 是否启用心跳
probe.heartbeat.enabled=true
# 心跳发送间隔(秒)
# 心跳发送间隔(秒)
probe.heartbeat.interval-seconds=60
# 心跳发送初始延迟(毫秒)
# 心跳发送初始延迟(毫秒)
probe.heartbeat.initial-delay-ms=5000
# 平台端心跳接收接口URL
probe.platform.api-url=http://192.168.222.131:8089/xdrservice/interlocking/probe/heartbeat
# 平台API Key
# 平台端心跳接收接口URL
probe.platform.api-url=http://localhost:8089/xdrservice/interlocking/probe/heartbeat
# 平台API Key
probe.platform.api-key=a1b2c3d4e5f6g7h8i9j0k1l2m3n4o5p6
# ============================================
# 定时任务配置
# 定时任务配置
# ============================================
spring.task.scheduling.pool.size=5
haobang-security-dm/syslog-serve/src/main/resources/application-prod-zc.properties
+11 -8
View File
@@ -11,6 +11,8 @@ syslog.tcp.port=514
syslog.udp.port=514
syslog.max.frame.length=262144
syslog.buffer.size=1000
# syslog 消息字符编码,国内安全设备普遍使用 GBK,如需 UTF-8 改为 syslog.charset=UTF-8
syslog.charset=GBK
# APP Service Configuration
app.service.device_id=1
@@ -19,7 +21,7 @@ app.service.vendor=changting
app.service.product_name=diting
# syslog message data_type
app.service.data_type=json
#采集探针ID
#采集探针ID
#app.service.device_collect_id=${DEVICE_COLLECT_ID:2}
app.service.device_collect_id=${DEVICE_COLLECT_ID:1}
@@ -28,20 +30,21 @@ spring.kafka.producer.bootstrap-servers=10.11.2.142:9092
spring.kafka.producer.topic =agent-syslog-topic
#database Configuration
spring.datasource.url=jdbc:postgresql://10.11.2.141:5432/ecosys
spring.datasource.username=ecosys
spring.datasource.password=wsYDPjrpNZPrkPrR
spring.datasource.driver-class-name=org.postgresql.Driver
spring.datasource.url=jdbc:dm://192.163.4.99:5237/DM_ecosys
spring.datasource.username=SYSDBA
spring.datasource.password=caZ2TcmXNSW8L2Ap
spring.datasource.driver-class-name=dm.jdbc.driver.DmDriver
spring.datasource.hikari.schema=public
# mybatis Configuration
mybatis.mapper-locations=classpath:mapper/*.xml
mybatis.type-aliases-package=com.common.entity
mybatis.configuration.map-underscore-to-camel-case=true
# 生产环境缓存配置
# 生产环境缓存配置
spring.redis.host=10.11.2.142
spring.redis.port=6379
# 密码(如果没有设置密码,可以省略)
# 密码(如果没有设置密码,可以省略)
spring.redis.password=redis_edP6N6
spring.redis.database=0
spring.redis.timeout=5000
@@ -52,5 +55,5 @@ spring.redis.lettuce.pool.max-wait=5000
spring.redis.lettuce.pool.max-idle=10
spring.redis.lettuce.pool.min-idle=5
# 生产环境缓存时间较长
# 生产环境缓存时间较长
spring.cache.redis.time-to-live=3600000
haobang-security-dm/syslog-serve/src/main/resources/application-prod.properties
+29 -26
View File
@@ -11,6 +11,8 @@ syslog.tcp.port=514
syslog.udp.port=514
syslog.max.frame.length=262144
syslog.buffer.size=1000
# syslog 消息字符编码,国内安全设备普遍使用 GBK,如需 UTF-8 改为 syslog.charset=UTF-8
syslog.charset=GBK
syslog.sm4.generateKey=f79548ab6fa8a304fc0115e17230358a
# APP Service Configuration
app.service.device_id=1
@@ -19,15 +21,15 @@ app.service.vendor=changting
app.service.product_name=diting
# syslog message data_type
app.service.data_type=json
#采集探针ID
#采集探针ID
app.service.device_collect_id=${DEVICE_COLLECT_ID:1}
app.service.version=${APP_SERVICE_VER:V1.0.0-20260509}
app.service.version=${APP_SERVICE_VER:V1.0.0-20260527}
app.service.device_collect_name=${DEVICE_COLLECT_NAME:DevCollect-01}
# kafka Configuration
spring.kafka.producer.bootstrap-servers=192.168.4.26:9092
spring.kafka.producer.bootstrap-servers=192.168.4.99:9092
spring.kafka.producer.topic =agent-01-syslog-topic
# kafka Configuration 新增优化配置
# kafka Configuration 新增优化配置
spring.kafka.producer.properties.retries=10
spring.kafka.producer.properties.retry.backoff.ms=500
spring.kafka.producer.properties.connections.max.idle.ms=600000
@@ -35,20 +37,21 @@ spring.kafka.producer.properties.socket.keepalive.enable=true
spring.kafka.producer.properties.request.timeout.ms=30000
spring.kafka.producer.properties.delivery.timeout.ms=120000
#database Configuration
spring.datasource.url=jdbc:postgresql://192.168.4.26:5432/ecosys
spring.datasource.username=postgres
spring.datasource.url=jdbc:dm://192.163.4.99:5237
spring.datasource.username=SYSDBA
spring.datasource.password=caZ2TcmXNSW8L2Ap
spring.datasource.driver-class-name=org.postgresql.Driver
spring.datasource.driver-class-name=dm.jdbc.driver.DmDriver
spring.datasource.hikari.schema=\"PUBLIC\"
# mybatis Configuration
mybatis.mapper-locations=classpath:mapper/*.xml
mybatis.type-aliases-package=com.common.entity
mybatis.configuration.map-underscore-to-camel-case=true
# 生产环境缓存配置
spring.redis.host=192.168.4.26
# 生产环境缓存配置
spring.redis.host=192.168.4.99
spring.redis.port=6379
# 密码(如果没有设置密码,可以省略)
# 密码(如果没有设置密码,可以省略)
spring.redis.password=123456
spring.redis.database=0
spring.redis.timeout=5000
@@ -59,42 +62,42 @@ spring.redis.lettuce.pool.max-wait=5000
spring.redis.lettuce.pool.max-idle=10
spring.redis.lettuce.pool.min-idle=5
# 生产环境缓存时间较长
# 生产环境缓存时间较长
spring.cache.redis.time-to-live=3600000
# 黑名单API配置
# 黑名单API配置
blacklist.api.url= https://103.43.84.11/api/v3/Objects/Blacklist
blacklist.api.username=apt-admin103
blacklist.api.password=C9W2xYgfc%SN1
# 白名单API配置
# 白名单API配置
whitelist.api.url=https://103.43.84.11/api/v3/Policies/GlobalWhitelist
# ============================================
# 探针联动配置
# 探针联动配置
# ============================================
# 是否启用联动功能
# 是否启用联动功能
interlocking.enabled=true
# syslog-consumer API基础URL(安全平台外网映射地址)
interlocking.api.base-url=http://192.168.4.26:8089/xdrservice/interlocking
# API-KEY认证(32位,需与syslog-consumer配置一致)
# syslog-consumer API基础URL(安全平台外网映射地址)
interlocking.api.base-url=http://192.168.4.99:8089/xdrservice/interlocking
# API-KEY认证(32位,需与syslog-consumer配置一致)
interlocking.api-key=a1b2c3d4e5f6g7h8i9j0k1l2m3n4o5p6
# 定时任务执行间隔(毫秒),默认30秒
# 定时任务执行间隔(毫秒),默认30秒
interlocking.schedule.interval=30000
# ============================================
# 探针心跳配置
# 探针心跳配置
# ============================================
# 是否启用心跳
# 是否启用心跳
probe.heartbeat.enabled=true
# 心跳发送间隔(秒)
# 心跳发送间隔(秒)
probe.heartbeat.interval-seconds=60
# 心跳发送初始延迟(毫秒)
# 心跳发送初始延迟(毫秒)
probe.heartbeat.initial-delay-ms=5000
# 平台端心跳接收接口URL
probe.platform.api-url=http://192.168.4.26:8089/xdrservice/interlocking/probe/heartbeat
# 平台端心跳接收接口URL
probe.platform.api-url=http://192.168.4.99:8089/xdrservice/interlocking/probe/heartbeat
# ============================================
# 定时任务配置
# 定时任务配置
# ============================================
spring.task.scheduling.pool.size=5
haobang-security-dm/syslog-serve/src/main/resources/application-test.properties
+18 -15
View File
@@ -11,6 +11,8 @@ syslog.tcp.port=514
syslog.udp.port=514
syslog.max.frame.length=262144
syslog.buffer.size=1000
# syslog 消息字符编码,国内安全设备普遍使用 GBK,如需 UTF-8 改为 syslog.charset=UTF-8
syslog.charset=GBK
syslog.sm4.generateKey=f79548ab6fa8a304fc0115e17230358a
# APP Service Configuration
app.service.device_id=1
@@ -19,14 +21,14 @@ app.service.vendor=changting
app.service.product_name=diting
# syslog message data_type
app.service.data_type=json
#采集探针ID
#采集探针ID
app.service.device_collect_id=${DEVICE_COLLECT_ID:7}
app.service.version=${APP_SERVICE_VER:V1.0.0-20260509}
# kafka Configuration
spring.kafka.producer.bootstrap-servers=${KAFKA_PRODUCER_SERVERS:120.238.245.132:32718}
spring.kafka.producer.topic =${KAFKA_PRODUCER_TOPIC:agent-syslog-topic}
# kafka Configuration 新增优化配置
# kafka Configuration 新增优化配置
spring.kafka.producer.properties.retries=10
spring.kafka.producer.properties.retry.backoff.ms=500
spring.kafka.producer.properties.connections.max.idle.ms=600000
@@ -34,20 +36,21 @@ spring.kafka.producer.properties.socket.keepalive.enable=true
spring.kafka.producer.properties.request.timeout.ms=30000
spring.kafka.producer.properties.delivery.timeout.ms=120000
#database Configuration
spring.datasource.url=jdbc:postgresql://120.238.245.132:31777/ecosys
spring.datasource.username=postgres
spring.datasource.url=jdbc:dm://192.163.4.99:5237
spring.datasource.username=SYSDBA
spring.datasource.password=caZ2TcmXNSW8L2Ap
spring.datasource.driver-class-name=org.postgresql.Driver
spring.datasource.driver-class-name=dm.jdbc.driver.DmDriver
spring.datasource.hikari.schema=\"PUBLIC\"
# mybatis Configuration
mybatis.mapper-locations=classpath:mapper/*.xml
mybatis.type-aliases-package=com.common.entity
mybatis.configuration.map-underscore-to-camel-case=true
# 生产环境缓存配置
# 生产环境缓存配置
spring.redis.host=localhost
spring.redis.port=6379
# 密码(如果没有设置密码,可以省略)
# 密码(如果没有设置密码,可以省略)
spring.redis.password=
spring.redis.database=0
spring.redis.timeout=5000
@@ -58,27 +61,27 @@ spring.redis.lettuce.pool.max-wait=5000
spring.redis.lettuce.pool.max-idle=10
spring.redis.lettuce.pool.min-idle=5
# 生产环境缓存时间较长
# 生产环境缓存时间较长
spring.cache.redis.time-to-live=3600000
# 黑名单API配置
# 黑名单API配置
blacklist.api.url= https://103.43.84.11/api/v3/Objects/Blacklist
blacklist.api.username=apt-admin103
blacklist.api.password=C9W2xYgfc%SN1
# 白名单API配置
# 白名单API配置
whitelist.api.url=https://103.43.84.11/api/v3/Policies/GlobalWhitelist
whitelist.api.username=apt-admin103
whitelist.api.password=C9W2xYgfc%SN1
# ============================================
# 探针联动配置
# 探针联动配置
# ============================================
# 是否启用联动功能
# 是否启用联动功能
interlocking.enabled=true
# syslog-consumer API基础URL(安全平台外网映射地址)
# syslog-consumer API基础URL(安全平台外网映射地址)
interlocking.api.base-url=http://120.238.245.132:32720/xdrservice/interlocking
# API-KEY认证(32位,需与syslog-consumer配置一致)
# API-KEY认证(32位,需与syslog-consumer配置一致)
interlocking.api-key=a1b2c3d4e5f6g7h8i9j0k1l2m3n4o5p6
# 定时任务执行间隔(毫秒),默认30秒
# 定时任务执行间隔(毫秒),默认30秒
interlocking.schedule.interval=30000
haobang-security-dm/syslog-serve/src/main/resources/application.properties
+29 -26
View File
@@ -11,6 +11,8 @@ syslog.tcp.port=514
syslog.udp.port=514
syslog.max.frame.length=262144
syslog.buffer.size=1000
# syslog 消息字符编码,国内安全设备普遍使用 GBK,如需 UTF-8 改为 syslog.charset=UTF-8
syslog.charset=GBK
syslog.sm4.generateKey=f79548ab6fa8a304fc0115e17230358a
# APP Service Configuration
app.service.device_id=1
@@ -19,15 +21,15 @@ app.service.vendor=changting
app.service.product_name=diting
# syslog message data_type
app.service.data_type=json
#采集探针ID
#采集探针ID
app.service.device_collect_id=${DEVICE_COLLECT_ID:1}
app.service.version=${APP_SERVICE_VER:V1.0.0-20260509}
app.service.version=${APP_SERVICE_VER:V1.0.0-20260527}
app.service.device_collect_name=${DEVICE_COLLECT_NAME:DevCollect-01}
# kafka Configuration
spring.kafka.producer.bootstrap-servers=192.168.4.26:9092
spring.kafka.producer.bootstrap-servers=192.168.4.99:9092
spring.kafka.producer.topic =agent-01-syslog-topic
# kafka Configuration 新增优化配置
# kafka Configuration 新增优化配置
spring.kafka.producer.properties.retries=10
spring.kafka.producer.properties.retry.backoff.ms=500
spring.kafka.producer.properties.connections.max.idle.ms=600000
@@ -35,20 +37,21 @@ spring.kafka.producer.properties.socket.keepalive.enable=true
spring.kafka.producer.properties.request.timeout.ms=30000
spring.kafka.producer.properties.delivery.timeout.ms=120000
#database Configuration
spring.datasource.url=jdbc:postgresql://192.168.4.26:5432/ecosys
spring.datasource.username=postgres
spring.datasource.url=jdbc:dm://192.163.4.99:5237
spring.datasource.username=SYSDBA
spring.datasource.password=caZ2TcmXNSW8L2Ap
spring.datasource.driver-class-name=org.postgresql.Driver
spring.datasource.driver-class-name=dm.jdbc.driver.DmDriver
spring.datasource.hikari.schema=\"PUBLIC\"
# mybatis Configuration
mybatis.mapper-locations=classpath:mapper/*.xml
mybatis.type-aliases-package=com.common.entity
mybatis.configuration.map-underscore-to-camel-case=true
# 生产环境缓存配置
spring.redis.host=192.168.4.26
# 生产环境缓存配置
spring.redis.host=192.168.4.99
spring.redis.port=6379
# 密码(如果没有设置密码,可以省略)
# 密码(如果没有设置密码,可以省略)
spring.redis.password=123456
spring.redis.database=0
spring.redis.timeout=5000
@@ -59,42 +62,42 @@ spring.redis.lettuce.pool.max-wait=5000
spring.redis.lettuce.pool.max-idle=10
spring.redis.lettuce.pool.min-idle=5
# 生产环境缓存时间较长
# 生产环境缓存时间较长
spring.cache.redis.time-to-live=3600000
# 黑名单API配置
# 黑名单API配置
blacklist.api.url= https://103.43.84.11/api/v3/Objects/Blacklist
blacklist.api.username=apt-admin103
blacklist.api.password=C9W2xYgfc%SN1
# 白名单API配置
# 白名单API配置
whitelist.api.url=https://103.43.84.11/api/v3/Policies/GlobalWhitelist
# ============================================
# 探针联动配置
# 探针联动配置
# ============================================
# 是否启用联动功能
# 是否启用联动功能
interlocking.enabled=true
# syslog-consumer API基础URL(安全平台外网映射地址)
interlocking.api.base-url=http://192.168.4.26:8089/xdrservice/interlocking
# API-KEY认证(32位,需与syslog-consumer配置一致)
# syslog-consumer API基础URL(安全平台外网映射地址)
interlocking.api.base-url=http://192.168.4.99:8089/xdrservice/interlocking
# API-KEY认证(32位,需与syslog-consumer配置一致)
interlocking.api-key=a1b2c3d4e5f6g7h8i9j0k1l2m3n4o5p6
# 定时任务执行间隔(毫秒),默认30秒
# 定时任务执行间隔(毫秒),默认30秒
interlocking.schedule.interval=30000
# ============================================
# 探针心跳配置
# 探针心跳配置
# ============================================
# 是否启用心跳
# 是否启用心跳
probe.heartbeat.enabled=true
# 心跳发送间隔(秒)
# 心跳发送间隔(秒)
probe.heartbeat.interval-seconds=60
# 心跳发送初始延迟(毫秒)
# 心跳发送初始延迟(毫秒)
probe.heartbeat.initial-delay-ms=5000
# 平台端心跳接收接口URL
probe.platform.api-url=http://192.168.4.26:8089/xdrservice/interlocking/probe/heartbeat
# 平台端心跳接收接口URL
probe.platform.api-url=http://192.168.4.99:8089/xdrservice/interlocking/probe/heartbeat
# ============================================
# 定时任务配置
# 定时任务配置
# ============================================
spring.task.scheduling.pool.size=5
haobang-security-dm/syslog-serve/src/main/resources/logback.xml
+2 -2
View File
@@ -14,10 +14,10 @@
<!-- 文件输出,每天滚动 -->
<appender name="FILE" class="ch.qos.logback.core.rolling.RollingFileAppender">
<file>logs/syslog-serve.log</file>
<file>logs/syslog-serve-dm.log</file>
<rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
<!-- 每天滚动 -->
<fileNamePattern>logs/syslog-serve.%d{yyyy-MM-dd}.log</fileNamePattern>
<fileNamePattern>logs/syslog-serve-dm.%d{yyyy-MM-dd}.log</fileNamePattern>
<!-- 保留的日志文件的最大天数 -->
<maxHistory>1</maxHistory>
<!-- 所有归档日志文件的总大小上限 -->
haobang-security-dm/syslog-serve/src/main/resources/mapper/DeviceDeviceMapper.xml
+4 -4
View File
@@ -46,11 +46,11 @@
<!-- 基础查询列 -->
<sql id="Base_Column_List">
id, created_at::timestamp , updated_at::timestamp, deleted_at::timestamp, name, ip, device_group, device_type,
vendor, product_name, organization_id, last_receive_time::timestamp, agent_id, detail_id,
control_agent_id, license_start_time::timestamp, license_end_time::timestamp, is_monitoring,
id, created_at, updated_at, deleted_at, name, ip, device_group, device_type,
vendor, product_name, organization_id, last_receive_time, agent_id, detail_id,
control_agent_id, license_start_time, license_end_time, is_monitoring,
security_scope_id, owner_id, ssh_config_id, status, created_by_id, decode_type,
miss_policy, tenant_id, create_time::timestamp, update_time::timestamp, create_by, update_by, del_flag,
miss_policy, tenant_id, create_time, update_time, create_by, update_by, del_flag,
manager_name, today_parse_count, today_non_log_count, create_dept, device_collect_id
</sql>
haobang-security-dm/syslog-serve/src/main/resources/mapper/DeviceReceiveLogMapper.xml
+8 -8
View File
@@ -28,10 +28,10 @@
syslog_message,
push_success
) VALUES (
COALESCE(#{createdAt}, NOW() AT TIME ZONE 'utc'),
COALESCE(#{createdAt}, SYSDATE),
#{deviceCollectId},
#{deviceId},
#{deviceIp}::inet,
#{deviceIp},
#{receiveTime},
#{receiveTimeStr},
#{syslogMessage},
@@ -53,10 +53,10 @@
) VALUES
<foreach collection="list" item="item" separator=",">
(
COALESCE(#{item.createdAt}, NOW() AT TIME ZONE 'utc'),
COALESCE(#{item.createdAt}, SYSDATE),
#{item.deviceCollectId},
#{item.deviceId},
#{item.deviceIp}::inet,
#{item.deviceIp},
#{item.receiveTime},
#{item.receiveTimeStr},
#{item.syslogMessage},
@@ -85,10 +85,10 @@
ORDER BY receive_time DESC
</select>
<!-- 根据IP地址查询(使用PostgreSQL的inet操作符) -->
<!-- 根据IP地址查询 -->
<select id="selectByDeviceIp" resultMap="BaseResultMap">
SELECT * FROM device_receive_log
WHERE device_ip >>= #{deviceIp}::inet
WHERE device_ip = #{deviceIp}
ORDER BY receive_time DESC
</select>
@@ -110,7 +110,7 @@
AND device_collect_id = #{deviceCollectId}
</if>
<if test="deviceIp != null and deviceIp != ''">
AND device_ip >>= #{deviceIp}::inet
AND device_ip = #{deviceIp}
</if>
<if test="receiveTime != null">
AND receive_time >= #{receiveTime}
@@ -136,7 +136,7 @@
AND device_collect_id = #{deviceCollectId}
</if>
<if test="deviceIp != null and deviceIp != ''">
AND device_ip >>= #{deviceIp}::inet
AND device_ip = #{deviceIp}
</if>
<if test="receiveTime != null">
AND receive_time >= #{receiveTime}
haobang-security-dm/syslog-serve/src/main/resources/mapper/DeviceUnknownMapper.xml
+16 -16
View File
@@ -31,10 +31,10 @@
network_protocol,
source_method
) VALUES (
COALESCE(#{createdAt}, NOW() AT TIME ZONE 'utc'),
COALESCE(#{createdAt}, SYSDATE),
#{deviceCollectId},
#{deviceCollectName},
#{deviceIp}::inet,
#{deviceIp},
#{firstTime},
#{lastTime},
#{organizationId},
@@ -58,10 +58,10 @@
) VALUES
<foreach collection="devices" item="device" separator=",">
(
COALESCE(#{device.createdAt}, NOW() AT TIME ZONE 'utc'),
COALESCE(#{device.createdAt}, SYSDATE),
#{device.deviceCollectId},
#{device.deviceCollectName},
#{device.deviceIp}::inet,
#{device.deviceIp},
#{device.firstTime},
#{device.lastTime},
#{device.organizationId},
@@ -78,7 +78,7 @@
created_at,
device_collect_id,
device_collect_name,
device_ip::text as device_ip,
device_ip,
first_time,
last_time,
organization_id,
@@ -95,14 +95,14 @@
created_at,
device_collect_id,
device_collect_name,
device_ip::text as device_ip,
device_ip,
first_time,
last_time,
organization_id,
network_protocol,
source_method
FROM device_unknown
WHERE device_ip = #{deviceIp}::inet
WHERE device_ip = #{deviceIp}
ORDER BY last_time DESC
</select>
@@ -113,7 +113,7 @@
created_at,
device_collect_id,
device_collect_name,
device_ip::text as device_ip,
device_ip,
first_time,
last_time,
organization_id,
@@ -131,7 +131,7 @@
created_at,
device_collect_id,
device_collect_name,
device_ip::text as device_ip,
device_ip,
first_time,
last_time,
organization_id,
@@ -148,7 +148,7 @@
created_at,
device_collect_id,
device_collect_name,
device_ip::text as device_ip,
device_ip,
first_time,
last_time,
organization_id,
@@ -167,7 +167,7 @@
created_at,
device_collect_id,
device_collect_name,
device_ip::text as device_ip,
device_ip,
first_time,
last_time,
organization_id,
@@ -179,10 +179,10 @@
AND device_collect_id = #{deviceCollectId}
</if>
<if test="deviceCollectName != null and deviceCollectName != ''">
AND device_collect_name ILIKE CONCAT('%', #{deviceCollectName}, '%')
AND UPPER(device_collect_name) LIKE UPPER(CONCAT('%', #{deviceCollectName}, '%'))
</if>
<if test="deviceIp != null and deviceIp != ''">
AND device_ip = #{deviceIp}::inet
AND device_ip = #{deviceIp}
</if>
<if test="organizationId != null">
AND organization_id = #{organizationId}
@@ -214,7 +214,7 @@
device_collect_name = #{deviceCollectName},
</if>
<if test="deviceIp != null and deviceIp != ''">
device_ip = #{deviceIp}::inet,
device_ip = #{deviceIp},
</if>
<if test="firstTime != null">
first_time = #{firstTime},
@@ -268,10 +268,10 @@
AND device_collect_id = #{deviceCollectId}
</if>
<if test="deviceCollectName != null and deviceCollectName != ''">
AND device_collect_name ILIKE CONCAT('%', #{deviceCollectName}, '%')
AND UPPER(device_collect_name) LIKE UPPER(CONCAT('%', #{deviceCollectName}, '%'))
</if>
<if test="deviceIp != null and deviceIp != ''">
AND device_ip = #{deviceIp}::inet
AND device_ip = #{deviceIp}
</if>
<if test="organizationId != null">
AND organization_id = #{organizationId}