nanChen/ai-security-xdr
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

1、新增功能探针联动处置、心跳在线检测

Browse Source 
2、syslog-consumer模块拆分 syslog-consumer-rule模块实现日志数据消费、解析、泛化入库。
This commit is contained in:
nanChen
2026-05-28 14:30:06 +08:00
parent 19c563b3f3
commit a360895292
1479 changed files with 116572 additions and 4549 deletions
Download Patch File Download Diff File Expand all files Collapse all files
haobang-security-xdr/syslog-serve/docker-compose/docker-compose-serve-nw.yaml
+79
View File
@@ -0,0 +1,79 @@
# ============================================
# Syslog Serve 部署配置 (探针端)
# ============================================
# 使用方法: docker compose -f docker-compose-serve.yaml up -d
# ============================================
services:
# ============================================
# Syslog Serve - 探针采集服务 (探针端)
# ============================================
syslog-serve:
build:
context: ./syslog-serve
dockerfile: Dockerfile
image: syslog-serve:1.2.0
container_name: syslog-serve
restart: unless-stopped
environment:
# 环境配置
- SPRING_PROFILES_ACTIVE=dev
- TZ=Asia/Shanghai
# 探针标识
- DEVICE_COLLECT_ID=1
# 数据库配置
- spring.datasource.url=jdbc:postgresql://117.72.68.72:54329/ecosys
- spring.datasource.username=postgres
- spring.datasource.password=TnLanWaidYSwTSG5
- spring.datasource.driver-class-name=org.postgresql.Driver
# Redis配置
- spring.redis.host=192.168.222.131
- spring.redis.port=6379
- spring.redis.password=
- spring.redis.database=0
- spring.redis.timeout=2000
- spring.cache.redis.time-to-live=600000
# Kafka配置
- spring.kafka.producer.bootstrap-servers=192.168.222.130:9092
- spring.kafka.producer.topic=test-topic
# 防火墙配置
- firewall.enabled=true
- firewall.api-key=your-secure-api-key
# 联动配置 (syslog-consumer 地址)
- interlocking.enabled=true
- interlocking.api.base-url=http://192.168.222.131:8089/xdrservice/interlocking
- interlocking.api-key=a1b2c3d4e5f6g7h8i9j0k1l2m3n4o5p6
# 探针心跳配置
- probe.heartbeat.enabled=true
- probe.heartbeat.interval-seconds=60
- probe.heartbeat.initial-delay-ms=5000
- probe.collect-id=probe-001
- probe.collect-name=日志采集探针
- probe.app-version=1.0.0
- probe.platform.api-url=http://192.168.222.131:8089/xdrservice/interlocking/probe/heartbeat
- probe.platform.api-key=a1b2c3d4e5f6g7h8i9j0k1l2m3n4o5p6
# 定时任务配置
- spring.task.scheduling.pool.size=5
# JVM配置
- JAVA_OPTS=-Xms256m -Xmx1024m -XX:+UseG1GC
ports:
- "8189:8189" # API端口
- "514:514/udp" # Syslog UDP
- "514:514/tcp" # Syslog TCP
volumes:
- /home/syslog/logs:/app/logs
networks:
- xdr-network
cap_add:
- NET_BIND_SERVICE
privileged: true
# ============================================
# 网络配置
# ============================================
networks:
xdr-network:
driver: bridge
haobang-security-xdr/syslog-serve/docker-compose/docker-compose-serve-prod.yaml
+80
View File
@@ -0,0 +1,80 @@
# ============================================
# Syslog Serve 部署配置 (探针端)
# ============================================
# 使用方法: docker-compose -f docker-compose-serve.yaml up -d
# ============================================
version: '3.8'
services:
# ============================================
# Syslog Serve - 探针采集服务 (探针端)
# ============================================
syslog-serve:
build:
context: ./syslog-serve
dockerfile: Dockerfile
image: syslog-serve:1.0.1
container_name: syslog-serve
restart: unless-stopped
environment:
# 环境配置
- SPRING_PROFILES_ACTIVE=prod
- TZ=Asia/Shanghai
# 探针标识
- DEVICE_COLLECT_ID=probe-001
# 数据库配置
- spring.datasource.url=jdbc:postgresql://117.72.68.72:54329/ecosys
- spring.datasource.username=postgres
- spring.datasource.password=TnLanWaidYSwTSG5
- spring.datasource.driver-class-name=org.postgresql.Driver
# Redis配置
- spring.redis.host=127.0.0.1
- spring.redis.port=6379
- spring.redis.password=
- spring.redis.database=0
- spring.redis.timeout=2000
- spring.cache.redis.time-to-live=600000
# Kafka配置
- spring.kafka.producer.bootstrap-servers=192.168.222.130:9092
- spring.kafka.producer.topic=test-topic
# 防火墙配置
- firewall.enabled=true
- firewall.api-key=your-secure-api-key
# 联动配置 (syslog-consumer 地址)
- interlocking.enabled=true
- interlocking.api.base-url=http://117.72.68.72:8089/xdrservice/interlocking
- interlocking.api-key=a1b2c3d4e5f6g7h8i9j0k1l2m3n4o5p6
# 探针心跳配置
- probe.heartbeat.enabled=true
- probe.heartbeat.interval-seconds=60
- probe.heartbeat.initial-delay-ms=5000
- probe.collect-id=probe-001
- probe.collect-name=日志采集探针
- probe.app-version=1.0.0
- probe.platform.api-url=http://117.72.68.72:8089/xdrservice/interlocking/probe/heartbeat
- probe.platform.api-key=a1b2c3d4e5f6g7h8i9j0k1l2m3n4o5p6
# 定时任务配置
- spring.task.scheduling.pool.size=5
# JVM配置
- JAVA_OPTS=-Xms256m -Xmx512m -XX:+UseG1GC
ports:
- "8189:8189" # API端口
- "514:514/udp" # Syslog UDP
- "514:514/tcp" # Syslog TCP
volumes:
- syslog-serve-logs:/app/logs
networks:
- xdr-network
cap_add:
- NET_BIND_SERVICE
privileged: true
# ============================================
# 网络配置
# ============================================
networks:
xdr-network:
driver: bridge
haobang-security-xdr/syslog-serve/docker-compose/docker-compose-serve.yaml
+79
View File
@@ -0,0 +1,79 @@
# ============================================
# Syslog Serve 部署配置 (探针端)
# ============================================
# 使用方法: docker compose -f docker-compose-serve.yaml up -d
# ============================================
services:
# ============================================
# Syslog Serve - 探针采集服务 (探针端)
# ============================================
syslog-serve:
build:
context: ./syslog-serve
dockerfile: Dockerfile
image: syslog-serve:1.0.1
container_name: syslog-serve
restart: unless-stopped
environment:
# 环境配置
- SPRING_PROFILES_ACTIVE=dev
- TZ=Asia/Shanghai
# 探针标识
- DEVICE_COLLECT_ID=1
# 数据库配置
- spring.datasource.url=jdbc:postgresql://117.72.68.72:54329/ecosys
- spring.datasource.username=postgres
- spring.datasource.password=TnLanWaidYSwTSG5
- spring.datasource.driver-class-name=org.postgresql.Driver
# Redis配置
- spring.redis.host=192.168.222.131
- spring.redis.port=6379
- spring.redis.password=
- spring.redis.database=0
- spring.redis.timeout=2000
- spring.cache.redis.time-to-live=600000
# Kafka配置
- spring.kafka.producer.bootstrap-servers=192.168.222.130:9092
- spring.kafka.producer.topic=test-topic
# 防火墙配置
- firewall.enabled=true
- firewall.api-key=your-secure-api-key
# 联动配置 (syslog-consumer 地址)
- interlocking.enabled=true
- interlocking.api.base-url=http://192.168.222.131:8089/xdrservice/interlocking
- interlocking.api-key=a1b2c3d4e5f6g7h8i9j0k1l2m3n4o5p6
# 探针心跳配置
- probe.heartbeat.enabled=true
- probe.heartbeat.interval-seconds=60
- probe.heartbeat.initial-delay-ms=5000
- probe.collect-id=probe-001
- probe.collect-name=日志采集探针
- probe.app-version=1.0.0
- probe.platform.api-url=http://192.168.222.131:8089/xdrservice/interlocking/probe/heartbeat
- probe.platform.api-key=a1b2c3d4e5f6g7h8i9j0k1l2m3n4o5p6
# 定时任务配置
- spring.task.scheduling.pool.size=5
# JVM配置
- JAVA_OPTS=-Xms256m -Xmx1024m -XX:+UseG1GC
ports:
- "8189:8189" # API端口
- "514:514/udp" # Syslog UDP
- "514:514/tcp" # Syslog TCP
volumes:
- /home/syslog/logs:/app/logs
networks:
- xdr-network
cap_add:
- NET_BIND_SERVICE
privileged: true
# ============================================
# 网络配置
# ============================================
networks:
xdr-network:
driver: bridge
haobang-security-xdr/syslog-serve/docker_run.txt
+9 -7
View File
@@ -4,22 +4,24 @@
--0.切换到后端打包目录
cd /opt/syslog/docker/serve
--0.通过Dockerfile文件构建镜像
--1.通过Dockerfile文件构建镜像
--docker build -f /opt/syslog/docker/serve/Dockerfile -t syslog-serve:v1.0
--打包docker image文件 (Dockerfile 当前目录)
docker build -t syslog-serve:v1.X.X .
--1.查看运行中容器
--2.查看运行中容器
docker ps -a
--2.停止容器 并删除
docker stop ct-syslog-serve && docker rm ct-syslog-serve
docker rmi 镜像ID(XXXXX)
--3.打包docker image文件 (Dockerfile 当前目录)
docker build -t syslog-serve:v1.X.X .
--4.运行docker 文件
--4.停止容器 并删除
docker stop ct-syslog-serve && docker rm ct-syslog-serve
docker rmi 镜像ID(XXXXX)
--5.运行docker 文件
docker run --restart unless-stopped -e TZ=Asia/Shanghai -d --name ct-syslog-serve -p 514:514 -p 8189:8189 -v /home/syslog/logs:/app/logs --privileged=true syslog-serve:v1.X.X
docker run --restart unless-stopped -e TZ=Asia/Shanghai -d --name ct-syslog-serve -p 514:514/udp -p 514:514/tcp -p 8189:8189 -v /home/syslog/logs:/app/logs --privileged=true syslog-serve:v1.X.X
haobang-security-xdr/syslog-serve/logs/syslog-serve.log
+15 -13
View File
@@ -1,13 +1,15 @@
2025-12-29 15:11:48.634 [main] INFO o.s.b.t.c.SpringBootTestContextBootstrapper - Neither @ContextConfiguration nor @ContextHierarchy found for test class [com.haobang.syslog.SysjavacollectApplicationTests], using SpringBootContextLoader
2025-12-29 15:11:48.635 [main] INFO o.s.t.c.s.AbstractContextLoader - Could not detect default resource locations for test class [com.haobang.syslog.SysjavacollectApplicationTests]: no resource found for suffixes {-context.xml, Context.groovy}.
2025-12-29 15:11:48.635 [main] INFO o.s.t.c.s.AnnotationConfigContextLoaderUtils - Could not detect default configuration classes for test class [com.haobang.syslog.SysjavacollectApplicationTests]: SysjavacollectApplicationTests does not declare any static, non-private, non-final, nested classes annotated with @Configuration.
2025-12-29 15:11:48.785 [main] INFO o.s.b.t.c.SpringBootTestContextBootstrapper - Found @SpringBootConfiguration com.SyslogServeMainApp for test class com.haobang.syslog.SysjavacollectApplicationTests
2025-12-29 15:11:48.918 [main] INFO o.s.b.t.c.SpringBootTestContextBootstrapper - Loaded default TestExecutionListener class names from location [META-INF/spring.factories]: [org.springframework.boot.test.mock.mockito.MockitoTestExecutionListener, org.springframework.boot.test.mock.mockito.ResetMocksTestExecutionListener, org.springframework.boot.test.autoconfigure.restdocs.RestDocsTestExecutionListener, org.springframework.boot.test.autoconfigure.web.client.MockRestServiceServerResetTestExecutionListener, org.springframework.boot.test.autoconfigure.web.servlet.MockMvcPrintOnlyOnFailureTestExecutionListener, org.springframework.boot.test.autoconfigure.web.servlet.WebDriverTestExecutionListener, org.springframework.boot.test.autoconfigure.webservices.client.MockWebServiceServerTestExecutionListener, org.springframework.test.context.web.ServletTestExecutionListener, org.springframework.test.context.support.DirtiesContextBeforeModesTestExecutionListener, org.springframework.test.context.event.ApplicationEventsTestExecutionListener, org.springframework.test.context.support.DependencyInjectionTestExecutionListener, org.springframework.test.context.support.DirtiesContextTestExecutionListener, org.springframework.test.context.transaction.TransactionalTestExecutionListener, org.springframework.test.context.jdbc.SqlScriptsTestExecutionListener, org.springframework.test.context.event.EventPublishingTestExecutionListener]
2025-12-29 15:11:48.938 [main] INFO o.s.b.t.c.SpringBootTestContextBootstrapper - Using TestExecutionListeners: [org.springframework.test.context.web.ServletTestExecutionListener@479ceda0, org.springframework.test.context.support.DirtiesContextBeforeModesTestExecutionListener@6d07a63d, org.springframework.test.context.event.ApplicationEventsTestExecutionListener@571c5681, org.springframework.boot.test.mock.mockito.MockitoTestExecutionListener@488d1cd7, org.springframework.boot.test.autoconfigure.SpringBootDependencyInjectionTestExecutionListener@68dc098b, org.springframework.test.context.support.DirtiesContextTestExecutionListener@38ba6ce3, org.springframework.test.context.transaction.TransactionalTestExecutionListener@d278d2b, org.springframework.test.context.jdbc.SqlScriptsTestExecutionListener@2d6c53fc, org.springframework.test.context.event.EventPublishingTestExecutionListener@25f4878b, org.springframework.boot.test.mock.mockito.ResetMocksTestExecutionListener@4e423aa2, org.springframework.boot.test.autoconfigure.restdocs.RestDocsTestExecutionListener@7fbdb894, org.springframework.boot.test.autoconfigure.web.client.MockRestServiceServerResetTestExecutionListener@3081f72c, org.springframework.boot.test.autoconfigure.web.servlet.MockMvcPrintOnlyOnFailureTestExecutionListener@3148f668, org.springframework.boot.test.autoconfigure.web.servlet.WebDriverTestExecutionListener@6e005dc9, org.springframework.boot.test.autoconfigure.webservices.client.MockWebServiceServerTestExecutionListener@7ceb3185]
2025-12-29 15:11:49.275 [main] INFO c.h.s.SysjavacollectApplicationTests - Starting SysjavacollectApplicationTests using Java 1.8.0_121 on LAPTOP-ARDUR3N0 with PID 18832 (started by chenc in E:\GIT_GOSAME\haobang-security-xdr\syslog-serve)
2025-12-29 15:11:49.275 [main] INFO c.h.s.SysjavacollectApplicationTests - No active profile set, falling back to 1 default profile: "default"
2025-12-29 15:11:49.301 [background-preinit] INFO o.h.validator.internal.util.Version - HV000001: Hibernate Validator 6.2.5.Final
2025-12-29 15:11:50.763 [main] INFO o.s.d.r.c.RepositoryConfigurationDelegate - Multiple Spring Data modules found, entering strict repository configuration mode
2025-12-29 15:11:50.766 [main] INFO o.s.d.r.c.RepositoryConfigurationDelegate - Bootstrapping Spring Data Redis repositories in DEFAULT mode.
2025-12-29 15:11:50.890 [main] INFO o.s.d.r.c.RepositoryConfigurationDelegate - Finished Spring Data repository scanning in 110 ms. Found 0 Redis repository interfaces.
2025-12-29 15:11:58.435 [main] INFO c.h.s.SysjavacollectApplicationTests - Started SysjavacollectApplicationTests in 9.452 seconds (JVM running for 10.738)
2026-05-19 15:13:34.820 [main] INFO o.s.b.t.c.SpringBootTestContextBootstrapper - Neither @ContextConfiguration nor @ContextHierarchy found for test class [com.haobang.syslog.SysjavacollectApplicationTests], using SpringBootContextLoader
2026-05-19 15:13:34.831 [main] INFO o.s.t.c.s.AbstractContextLoader - Could not detect default resource locations for test class [com.haobang.syslog.SysjavacollectApplicationTests]: no resource found for suffixes {-context.xml, Context.groovy}.
2026-05-19 15:13:34.832 [main] INFO o.s.t.c.s.AnnotationConfigContextLoaderUtils - Could not detect default configuration classes for test class [com.haobang.syslog.SysjavacollectApplicationTests]: SysjavacollectApplicationTests does not declare any static, non-private, non-final, nested classes annotated with @Configuration.
2026-05-19 15:13:35.034 [main] INFO o.s.b.t.c.SpringBootTestContextBootstrapper - Found @SpringBootConfiguration com.SyslogServeMainApp for test class com.haobang.syslog.SysjavacollectApplicationTests
2026-05-19 15:13:35.174 [main] INFO o.s.b.t.c.SpringBootTestContextBootstrapper - Loaded default TestExecutionListener class names from location [META-INF/spring.factories]: [org.springframework.boot.test.mock.mockito.MockitoTestExecutionListener, org.springframework.boot.test.mock.mockito.ResetMocksTestExecutionListener, org.springframework.boot.test.autoconfigure.restdocs.RestDocsTestExecutionListener, org.springframework.boot.test.autoconfigure.web.client.MockRestServiceServerResetTestExecutionListener, org.springframework.boot.test.autoconfigure.web.servlet.MockMvcPrintOnlyOnFailureTestExecutionListener, org.springframework.boot.test.autoconfigure.web.servlet.WebDriverTestExecutionListener, org.springframework.boot.test.autoconfigure.webservices.client.MockWebServiceServerTestExecutionListener, org.springframework.test.context.web.ServletTestExecutionListener, org.springframework.test.context.support.DirtiesContextBeforeModesTestExecutionListener, org.springframework.test.context.event.ApplicationEventsTestExecutionListener, org.springframework.test.context.support.DependencyInjectionTestExecutionListener, org.springframework.test.context.support.DirtiesContextTestExecutionListener, org.springframework.test.context.transaction.TransactionalTestExecutionListener, org.springframework.test.context.jdbc.SqlScriptsTestExecutionListener, org.springframework.test.context.event.EventPublishingTestExecutionListener]
2026-05-19 15:13:35.202 [main] INFO o.s.b.t.c.SpringBootTestContextBootstrapper - Using TestExecutionListeners: [org.springframework.test.context.web.ServletTestExecutionListener@7ceb3185, org.springframework.test.context.support.DirtiesContextBeforeModesTestExecutionListener@436c81a3, org.springframework.test.context.event.ApplicationEventsTestExecutionListener@3561c410, org.springframework.boot.test.mock.mockito.MockitoTestExecutionListener@59e32960, org.springframework.boot.test.autoconfigure.SpringBootDependencyInjectionTestExecutionListener@7c214cc0, org.springframework.test.context.support.DirtiesContextTestExecutionListener@5b67bb7e, org.springframework.test.context.transaction.TransactionalTestExecutionListener@609db546, org.springframework.test.context.jdbc.SqlScriptsTestExecutionListener@20f5281c, org.springframework.test.context.event.EventPublishingTestExecutionListener@56c4278e, org.springframework.boot.test.mock.mockito.ResetMocksTestExecutionListener@301eda63, org.springframework.boot.test.autoconfigure.restdocs.RestDocsTestExecutionListener@3d246ea3, org.springframework.boot.test.autoconfigure.web.client.MockRestServiceServerResetTestExecutionListener@341814d3, org.springframework.boot.test.autoconfigure.web.servlet.MockMvcPrintOnlyOnFailureTestExecutionListener@4397ad89, org.springframework.boot.test.autoconfigure.web.servlet.WebDriverTestExecutionListener@59cba5a, org.springframework.boot.test.autoconfigure.webservices.client.MockWebServiceServerTestExecutionListener@1bd39d3c]
2026-05-19 15:13:35.613 [main] INFO c.h.s.SysjavacollectApplicationTests - Starting SysjavacollectApplicationTests using Java 1.8.0_121 on LAPTOP-ARDUR3N0 with PID 35672 (started by chenc in E:\GIT_GOSAME\ai-security-xdr\haobang-security-xdr\syslog-serve)
2026-05-19 15:13:35.614 [main] INFO c.h.s.SysjavacollectApplicationTests - No active profile set, falling back to 1 default profile: "default"
2026-05-19 15:13:35.632 [background-preinit] INFO o.h.validator.internal.util.Version - HV000001: Hibernate Validator 6.2.5.Final
2026-05-19 15:13:37.652 [main] INFO o.s.d.r.c.RepositoryConfigurationDelegate - Multiple Spring Data modules found, entering strict repository configuration mode
2026-05-19 15:13:37.657 [main] INFO o.s.d.r.c.RepositoryConfigurationDelegate - Bootstrapping Spring Data Redis repositories in DEFAULT mode.
2026-05-19 15:13:37.849 [main] INFO o.s.d.r.c.RepositoryConfigurationDelegate - Finished Spring Data repository scanning in 167 ms. Found 0 Redis repository interfaces.
2026-05-19 15:13:47.752 [main] INFO c.h.interlocking.InterlockingService - 探针联动封禁服务初始化完成,探针ID: 1, 启用状态: true
2026-05-19 15:13:50.359 [scheduling-1] INFO c.h.interlocking.InterlockingService - 开始检查待执行的封禁指令...
2026-05-19 15:13:50.369 [main] INFO c.h.s.SysjavacollectApplicationTests - Started SysjavacollectApplicationTests in 15.111 seconds (JVM running for 16.74)
haobang-security-xdr/syslog-serve/pom.xml
+1
View File
@@ -12,6 +12,7 @@
<version>1.0.0</version>
<name>syslog-serve</name>
<description>hb-security-xdr project for Spring Boot</description>
<properties>
<java.version>1.8</java.version>
<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
haobang-security-xdr/syslog-serve/src/main/java/com/haobang/firewall/FirewallApiClient.java
+3 -9
View File
@@ -44,12 +44,6 @@ public class FirewallApiClient {
@Value("${whitelist.api.url:https://103.43.84.11/api/v3/Policies/GlobalWhitelist}")
private String whitelistApiUrl;
@Value("${whitelist.api.username:apt-admin103}")
private String whitelistUsername;
@Value("${whitelist.api.password:C9W2xYgfc%SN1}")
private String whitelistPassword;
@Value("${firewall.enabled:true}")
private boolean firewallEnabled;
@@ -170,7 +164,7 @@ public class FirewallApiClient {
payload.put("desc", desc != null ? desc : "");
payload.put("addr", addresses);
return doPost(whitelistApiUrl, whitelistUsername, whitelistPassword, payload);
return doPost(whitelistApiUrl, blacklistUsername, blacklistPassword, payload);
}
/**
@@ -185,7 +179,7 @@ public class FirewallApiClient {
}
String deleteUrl = whitelistApiUrl + "/name/" + name;
return doDelete(deleteUrl, whitelistUsername, whitelistPassword);
return doDelete(deleteUrl, blacklistUsername, blacklistPassword);
}
/**
@@ -211,7 +205,7 @@ public class FirewallApiClient {
payload.put("name_list", nameList);
String batchDeleteUrl = whitelistApiUrl + "Batch";
return doDelete(batchDeleteUrl, whitelistUsername, whitelistPassword, payload);
return doDelete(batchDeleteUrl, blacklistUsername, blacklistPassword, payload);
}
/**
haobang-security-xdr/syslog-serve/src/main/java/com/haobang/interlocking/ProbeHeartbeatClient.java
+239
View File
@@ -0,0 +1,239 @@
package com.haobang.interlocking;
import com.fasterxml.jackson.databind.ObjectMapper;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.http.*;
import org.springframework.stereotype.Component;
import org.springframework.web.client.RestTemplate;
import java.net.InetAddress;
import java.net.UnknownHostException;
import java.time.LocalDateTime;
import java.util.HashMap;
import java.util.Map;
import java.util.concurrent.atomic.AtomicInteger;
/**
* 探针心跳客户端
* 定期向平台端发送心跳,支持重试和指数退避
*/
@Component
public class ProbeHeartbeatClient {
private static final Logger logger = LoggerFactory.getLogger(ProbeHeartbeatClient.class);
private final RestTemplate restTemplate = new RestTemplate();
private final ObjectMapper objectMapper = new ObjectMapper();
@Value("${probe.heartbeat.enabled:true}")
private boolean heartbeatEnabled;
@Value("${probe.heartbeat.interval-seconds:60}")
private int heartbeatIntervalSeconds;
@Value("${app.service.device_collect_id:1}")
private String collectId;
@Value("${app.service.device_collect_name:采集探针-01}")
private String collectName;
@Value("${app.service.version:V1.0.0-20260509}")
private String appVersion;
@Value("${probe.platform.api-url:http://localhost:8089/xdrservice/interlocking/probe/heartbeat}")
private String platformApiUrl;
@Value("${interlocking.api-key:a1b2c3d4e5f6g7h8i9j0k1l2m3n4o5p6}")
private String apiKey;
/** 重试次数 */
private final AtomicInteger retryCount = new AtomicInteger(0);
/** 最大重试次数 */
private static final int MAX_RETRIES = 5;
/** 初始重试延迟(毫秒) */
private static final long INITIAL_BACKOFF_MS = 1000;
/** 最大退避延迟(毫秒) */
private static final long MAX_BACKOFF_MS = 60000;
/**
* 发送心跳
* @return 是否成功
*/
public boolean sendHeartbeat() {
if (!heartbeatEnabled) {
logger.debug("心跳发送已禁用");
return false;
}
// 构建心跳数据
Map<String, Object> heartbeatData = buildHeartbeatData();
try {
// 发送HTTP POST请求
HttpHeaders headers = new HttpHeaders();
headers.setContentType(MediaType.APPLICATION_JSON);
headers.set("X-API-KEY", apiKey);
HttpEntity<Map<String, Object>> entity = new HttpEntity<>(heartbeatData, headers);
ResponseEntity<String> response = restTemplate.exchange(
platformApiUrl,
HttpMethod.POST,
entity,
String.class
);
if (response.getStatusCode() == HttpStatus.OK) {
// 重置重试计数
retryCount.set(0);
// 检查响应
String body = response.getBody();
if (body != null && body.contains("\"code\":200")) {
logger.debug("心跳发送成功: collectId={}, timestamp={}", collectId, heartbeatData.get("timestamp"));
return true;
}
}
// 请求失败,准备重试
handleFailure("HTTP " + response.getStatusCodeValue());
return false;
} catch (Exception e) {
handleFailure(e.getMessage());
return false;
}
}
/**
* 发送心跳(简化版,供其他服务调用)
*/
public boolean sendHeartbeat(String alertType, String alertContent) {
// 直接发送普通心跳
return sendHeartbeat();
}
/**
* 构建心跳数据
*/
private Map<String, Object> buildHeartbeatData() {
Map<String, Object> data = new HashMap<>();
// 使用配置的collectId或自动获取
String probeId = collectId;
if (probeId == null || probeId.isEmpty()) {
probeId = getLocalHostIdentifier();
}
data.put("collectId", probeId);
data.put("collectName", collectName != null && !collectName.isEmpty() ? collectName : "SyslogServe");
data.put("deviceIp", getLocalIp());
data.put("appVersion", appVersion);
data.put("timestamp", LocalDateTime.now().toString());
// 添加负载状态(可选)
Map<String, Object> loadStatus = new HashMap<>();
loadStatus.put("memoryUsage", getMemoryUsage());
loadStatus.put("threadCount", Thread.activeCount());
data.put("loadStatus", toJson(loadStatus));
return data;
}
/**
* 获取本地主机标识符
*/
private String getLocalHostIdentifier() {
try {
InetAddress ip = InetAddress.getLocalHost();
return ip.getHostName() + "-" + ip.getHostAddress();
} catch (UnknownHostException e) {
return "unknown-" + System.currentTimeMillis();
}
}
/**
* 获取本地IP地址
*/
private String getLocalIp() {
try {
InetAddress ip = InetAddress.getLocalHost();
return ip.getHostAddress();
} catch (UnknownHostException e) {
return "127.0.0.1";
}
}
/**
* 获取内存使用情况
*/
private double getMemoryUsage() {
Runtime runtime = Runtime.getRuntime();
long totalMemory = runtime.totalMemory();
long freeMemory = runtime.freeMemory();
long usedMemory = totalMemory - freeMemory;
return Math.round((double) usedMemory / totalMemory * 100 * 100) / 100.0;
}
/**
* 对象转JSON字符串
*/
private String toJson(Object obj) {
try {
return objectMapper.writeValueAsString(obj);
} catch (Exception e) {
return "{}";
}
}
/**
* 处理发送失败,使用指数退避重试
*/
private void handleFailure(String errorMsg) {
int currentRetry = retryCount.incrementAndGet();
if (currentRetry <= MAX_RETRIES) {
// 计算退避延迟
long backoffMs = Math.min(INITIAL_BACKOFF_MS * (1L << (currentRetry - 1)), MAX_BACKOFF_MS);
logger.warn("心跳发送失败 (尝试 {}/{}): {}, {}ms后将重试",
currentRetry, MAX_RETRIES, errorMsg, backoffMs);
try {
Thread.sleep(backoffMs);
} catch (InterruptedException e) {
Thread.currentThread().interrupt();
}
} else {
logger.error("心跳发送失败,已达到最大重试次数 {}: {}", MAX_RETRIES, errorMsg);
// 重置重试计数,下次将重新开始
retryCount.set(0);
}
}
/**
* 获取配置的心跳间隔
*/
public int getHeartbeatIntervalSeconds() {
return heartbeatIntervalSeconds;
}
/**
* 获取探针ID
*/
public String getCollectId() {
return collectId != null && !collectId.isEmpty() ? collectId : getLocalHostIdentifier();
}
/**
* 检查心跳功能是否启用
*/
public boolean isEnabled() {
return heartbeatEnabled;
}
}
haobang-security-xdr/syslog-serve/src/main/java/com/haobang/schedule/ProbeHeartbeatScheduler.java
+55
View File
@@ -0,0 +1,55 @@
package com.haobang.schedule;
import com.haobang.interlocking.ProbeHeartbeatClient;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.scheduling.annotation.Scheduled;
import org.springframework.stereotype.Component;
/**
* 探针心跳调度器
* 定时向平台端发送心跳
*/
@Component
public class ProbeHeartbeatScheduler {
private static final Logger logger = LoggerFactory.getLogger(ProbeHeartbeatScheduler.class);
@Autowired
private ProbeHeartbeatClient probeHeartbeatClient;
/**
* 定时发送心跳
* 使用动态间隔(根据配置)
* 默认每60秒发送一次
*/
@Scheduled(fixedDelayString = "${probe.heartbeat.interval-ms:60000}", initialDelayString = "${probe.heartbeat.initial-delay-ms:5000}")
public void sendHeartbeat() {
if (!probeHeartbeatClient.isEnabled()) {
logger.debug("探针心跳已禁用,跳过本次心跳");
return;
}
try {
boolean success = probeHeartbeatClient.sendHeartbeat();
if (success) {
logger.debug("探针心跳发送成功, collectId={}", probeHeartbeatClient.getCollectId());
} else {
logger.warn("探针心跳发送失败, collectId={}", probeHeartbeatClient.getCollectId());
}
} catch (Exception e) {
logger.error("探针心跳发送异常: {}", e.getMessage(), e);
}
}
/**
* 手动触发心跳发送
* @return 是否成功
*/
public boolean manualSendHeartbeat() {
logger.info("手动触发探针心跳");
return probeHeartbeatClient.sendHeartbeat();
}
}
haobang-security-xdr/syslog-serve/src/main/resources/application-dev.properties
+30 -21
View File
@@ -25,8 +25,14 @@ app.service.data_type=json
# kafka Configuration
spring.kafka.producer.bootstrap-servers=192.168.222.130:9092
spring.kafka.producer.topic =test-topic
spring.kafka.producer.topic =${KAFKA_PRODUCER_TOPIC:agent-syslog-topic}
# kafka Configuration 新增优化配置
spring.kafka.producer.properties.retries=10
spring.kafka.producer.properties.retry.backoff.ms=500
spring.kafka.producer.properties.connections.max.idle.ms=600000
spring.kafka.producer.properties.socket.keepalive.enable=true
spring.kafka.producer.properties.request.timeout.ms=30000
spring.kafka.producer.properties.delivery.timeout.ms=120000
#database Configuration
spring.datasource.url=jdbc:postgresql://117.72.68.72:54329/ecosys
@@ -40,7 +46,7 @@ mybatis.type-aliases-package=com.common.entity
mybatis.configuration.map-underscore-to-camel-case=true
# 开发环境缓存配置
spring.redis.host=localhost
spring.redis.host=192.168.222.131
spring.redis.port=6379
# 密码(如果没有设置密码,可以省略)
spring.redis.password=
@@ -54,20 +60,6 @@ spring.redis.lettuce.pool.min-idle=0
# 开发环境缓存时间较短,方便调试
spring.cache.redis.time-to-live=600000
#防火墙封堵配置
# 是否启用真实封堵(false时仅打印日志,用于测试)
firewall.enabled=true
# iptables命令路径(通常为 /usr/sbin/iptables
firewall.iptables-path=/usr/sbin/iptables
# 封堵链(常用 INPUT 或 FORWARD
firewall.chain=INPUT
# 封堵策略(DROP 或 REJECT
firewall.target=DROP
# 可选:API访问密钥(若为空则不校验)
firewall.api-key=your-secure-api-key
# 黑名单API配置
blacklist.api.url= https://103.43.84.11/api/v3/Objects/Blacklist
blacklist.api.username=apt-admin103
@@ -75,17 +67,34 @@ blacklist.api.password=C9W2xYgfc%SN1
# 白名单API配置
whitelist.api.url=https://103.43.84.11/api/v3/Policies/GlobalWhitelist
whitelist.api.username=apt-admin103
whitelist.api.password=C9W2xYgfc%SN1
# ============================================
# 探针联动配置
# ============================================
# 是否启用联动功能
interlocking.enabled=true
# syslog-consumer API基础URL(安全平台外网映射地址)
interlocking.api.base-url=http://localhost:8089/xdrservice/interlocking
interlocking.api.base-url=http://192.168.222.131:8089/xdrservice/interlocking
# API-KEY认证(32位,需与syslog-consumer配置一致)
interlocking.api-key=a1b2c3d4e5f6g7h8i9j0k1l2m3n4o5p6
# 定时任务执行间隔(毫秒),默认30秒
interlocking.schedule.interval=30000
# ============================================
# 探针心跳配置
# ============================================
# 是否启用心跳
probe.heartbeat.enabled=true
# 心跳发送间隔(秒)
probe.heartbeat.interval-seconds=60
# 心跳发送初始延迟(毫秒)
probe.heartbeat.initial-delay-ms=5000
# 平台端心跳接收接口URL
probe.platform.api-url=http://192.168.222.131:8089/xdrservice/interlocking/probe/heartbeat
# 平台API Key
probe.platform.api-key=a1b2c3d4e5f6g7h8i9j0k1l2m3n4o5p6
# ============================================
# 定时任务配置
# ============================================
spring.task.scheduling.pool.size=5
haobang-security-xdr/syslog-serve/src/main/resources/application-prod.properties
+30 -20
View File
@@ -21,11 +21,19 @@ app.service.product_name=diting
app.service.data_type=json
#采集探针ID
app.service.device_collect_id=${DEVICE_COLLECT_ID:1}
app.service.version=${APP_SERVICE_VER:V1.0.0-20260509}
app.service.device_collect_name=${DEVICE_COLLECT_NAME:DevCollect-01}
# kafka Configuration
spring.kafka.producer.bootstrap-servers=192.168.4.26:9092
spring.kafka.producer.topic =agent-syslog-topic
spring.kafka.producer.topic =agent-01-syslog-topic
# kafka Configuration 新增优化配置
spring.kafka.producer.properties.retries=10
spring.kafka.producer.properties.retry.backoff.ms=500
spring.kafka.producer.properties.connections.max.idle.ms=600000
spring.kafka.producer.properties.socket.keepalive.enable=true
spring.kafka.producer.properties.request.timeout.ms=30000
spring.kafka.producer.properties.delivery.timeout.ms=120000
#database Configuration
spring.datasource.url=jdbc:postgresql://192.168.4.26:5432/ecosys
spring.datasource.username=postgres
@@ -54,28 +62,13 @@ spring.redis.lettuce.pool.min-idle=5
# 生产环境缓存时间较长
spring.cache.redis.time-to-live=3600000
#防火墙封堵配置
# 是否启用真实封堵(false时仅打印日志,用于测试)
firewall.enabled=true
# iptables命令路径(通常为 /usr/sbin/iptables
firewall.iptables-path=/usr/sbin/iptables
# 封堵链(常用 INPUT 或 FORWARD
firewall.chain=INPUT
# 封堵策略(DROP 或 REJECT
firewall.target=DROP
# 可选:API访问密钥(若为空则不校验)
firewall.api-key=your-secure-api-key
# 黑名单API配置
blacklist.api.url= https://103.43.84.11/api/v3/Objects/Blacklist
blacklist.api.username=apt-admin103
blacklist.api.password=C9W2xYgfc%SN1
# 白名单API配置
whitelist.api.url=https://103.43.84.11/api/v3/Policies/GlobalWhitelist
whitelist.api.username=apt-admin103
whitelist.api.password=C9W2xYgfc%SN1
whitelist.api.url=https://103.43.84.11/api/v3/Policies/GlobalWhitelist
# ============================================
# 探针联动配置
@@ -83,8 +76,25 @@ whitelist.api.password=C9W2xYgfc%SN1
# 是否启用联动功能
interlocking.enabled=true
# syslog-consumer API基础URL(安全平台外网映射地址)
interlocking.api.base-url=http://localhost:8089/xdrservice/interlocking
interlocking.api.base-url=http://192.168.4.26:8089/xdrservice/interlocking
# API-KEY认证(32位,需与syslog-consumer配置一致)
interlocking.api-key=a1b2c3d4e5f6g7h8i9j0k1l2m3n4o5p6
# 定时任务执行间隔(毫秒),默认30秒
interlocking.schedule.interval=30000
# ============================================
# 探针心跳配置
# ============================================
# 是否启用心跳
probe.heartbeat.enabled=true
# 心跳发送间隔(秒)
probe.heartbeat.interval-seconds=60
# 心跳发送初始延迟(毫秒)
probe.heartbeat.initial-delay-ms=5000
# 平台端心跳接收接口URL
probe.platform.api-url=http://192.168.4.26:8089/xdrservice/interlocking/probe/heartbeat
# ============================================
# 定时任务配置
# ============================================
spring.task.scheduling.pool.size=5
haobang-security-xdr/syslog-serve/src/main/resources/application-test.properties
+42 -17
View File
@@ -1,4 +1,4 @@
#Server Configuration
#Server Configuration [192.168.4.26]
server.port=8189
server.servlet.context-path=/syslogserve
#server.address=0.0.0.0
@@ -9,10 +9,9 @@ server.error.include-binding-errors=always
# Syslog Server Configuration
syslog.tcp.port=514
syslog.udp.port=514
syslog.max.frame.length=65536
syslog.max.frame.length=262144
syslog.buffer.size=1000
syslog.sm4.generateKey=f79548ab6fa8a304fc0115e17230358a
# APP Service Configuration
app.service.device_id=1
app.service.device_name=honeypot
@@ -21,19 +20,23 @@ app.service.product_name=diting
# syslog message data_type
app.service.data_type=json
#采集探针ID
app.service.device_collect_id=1
app.service.device_collect_id=${DEVICE_COLLECT_ID:7}
app.service.version=${APP_SERVICE_VER:V1.0.0-20260509}
# kafka Configuration
spring.kafka.producer.bootstrap-servers=192.168.4.32:9092
spring.kafka.producer.topic =agent-syslog-topic
spring.kafka.producer.bootstrap-servers=${KAFKA_PRODUCER_SERVERS:120.238.245.132:32718}
spring.kafka.producer.topic =${KAFKA_PRODUCER_TOPIC:agent-syslog-topic}
# kafka Configuration 新增优化配置
spring.kafka.producer.properties.retries=10
spring.kafka.producer.properties.retry.backoff.ms=500
spring.kafka.producer.properties.connections.max.idle.ms=600000
spring.kafka.producer.properties.socket.keepalive.enable=true
spring.kafka.producer.properties.request.timeout.ms=30000
spring.kafka.producer.properties.delivery.timeout.ms=120000
#database Configuration
spring.datasource.url=jdbc:postgresql://192.168.4.32:5432/ecosys
spring.datasource.username=user_eSER8N
spring.datasource.password=password_QCYKj6
spring.datasource.url=jdbc:postgresql://120.238.245.132:31777/ecosys
spring.datasource.username=postgres
spring.datasource.password=caZ2TcmXNSW8L2Ap
spring.datasource.driver-class-name=org.postgresql.Driver
# mybatis Configuration
@@ -42,10 +45,10 @@ mybatis.type-aliases-package=com.common.entity
mybatis.configuration.map-underscore-to-camel-case=true
# 生产环境缓存配置
spring.redis.host=192.168.4.32
spring.redis.host=localhost
spring.redis.port=6379
# 密码(如果没有设置密码,可以省略)
spring.redis.password=password_QCYKj6
spring.redis.password=
spring.redis.database=0
spring.redis.timeout=5000
#spring.redis.password=${REDIS_PASSWORD:default_prod_password}
@@ -56,4 +59,26 @@ spring.redis.lettuce.pool.max-idle=10
spring.redis.lettuce.pool.min-idle=5
# 生产环境缓存时间较长
spring.cache.redis.time-to-live=3600000
spring.cache.redis.time-to-live=3600000
# 黑名单API配置
blacklist.api.url= https://103.43.84.11/api/v3/Objects/Blacklist
blacklist.api.username=apt-admin103
blacklist.api.password=C9W2xYgfc%SN1
# 白名单API配置
whitelist.api.url=https://103.43.84.11/api/v3/Policies/GlobalWhitelist
whitelist.api.username=apt-admin103
whitelist.api.password=C9W2xYgfc%SN1
# ============================================
# 探针联动配置
# ============================================
# 是否启用联动功能
interlocking.enabled=true
# syslog-consumer API基础URL(安全平台外网映射地址)
interlocking.api.base-url=http://120.238.245.132:32720/xdrservice/interlocking
# API-KEY认证(32位,需与syslog-consumer配置一致)
interlocking.api-key=a1b2c3d4e5f6g7h8i9j0k1l2m3n4o5p6
# 定时任务执行间隔(毫秒),默认30秒
interlocking.schedule.interval=30000
haobang-security-xdr/syslog-serve/src/main/resources/application.properties
+47 -38
View File
@@ -1,4 +1,4 @@
#Server Configuration
#Server Configuration [192.168.4.26]
server.port=8189
server.servlet.context-path=/syslogserve
#server.address=0.0.0.0
@@ -12,26 +12,32 @@ syslog.udp.port=514
syslog.max.frame.length=262144
syslog.buffer.size=1000
syslog.sm4.generateKey=f79548ab6fa8a304fc0115e17230358a
# APP Service Configuration
app.service.device_id=1
app.service.device_name=honeypot
app.service.vendor=changting
app.service.product_name=diting
#采集探针ID
app.service.device_collect_id=${DEVICE_COLLECT_ID:1}
# syslog message data_type
app.service.data_type=json
#采集探针ID
app.service.device_collect_id=${DEVICE_COLLECT_ID:1}
app.service.version=${APP_SERVICE_VER:V1.0.0-20260509}
app.service.device_collect_name=${DEVICE_COLLECT_NAME:DevCollect-01}
# kafka Configuration
spring.kafka.producer.bootstrap-servers=192.168.222.130:9092
spring.kafka.producer.topic =test-topic
spring.kafka.producer.bootstrap-servers=192.168.4.26:9092
spring.kafka.producer.topic =agent-01-syslog-topic
# kafka Configuration 新增优化配置
spring.kafka.producer.properties.retries=10
spring.kafka.producer.properties.retry.backoff.ms=500
spring.kafka.producer.properties.connections.max.idle.ms=600000
spring.kafka.producer.properties.socket.keepalive.enable=true
spring.kafka.producer.properties.request.timeout.ms=30000
spring.kafka.producer.properties.delivery.timeout.ms=120000
#database Configuration
spring.datasource.url=jdbc:postgresql://117.72.68.72:54329/ecosys
spring.datasource.url=jdbc:postgresql://192.168.4.26:5432/ecosys
spring.datasource.username=postgres
spring.datasource.password=TnLanWaidYSwTSG5
spring.datasource.password=caZ2TcmXNSW8L2Ap
spring.datasource.driver-class-name=org.postgresql.Driver
# mybatis Configuration
@@ -39,44 +45,30 @@ mybatis.mapper-locations=classpath:mapper/*.xml
mybatis.type-aliases-package=com.common.entity
mybatis.configuration.map-underscore-to-camel-case=true
# 开发环境缓存配置
spring.redis.host=localhost
# 生产环境缓存配置
spring.redis.host=192.168.4.26
spring.redis.port=6379
# 密码(如果没有设置密码,可以省略)
spring.redis.password=
spring.redis.password=123456
spring.redis.database=0
spring.redis.timeout=2000
spring.redis.timeout=5000
#spring.redis.password=${REDIS_PASSWORD:default_prod_password}
spring.redis.lettuce.pool.max-active=8
spring.redis.lettuce.pool.max-wait=-1
spring.redis.lettuce.pool.max-idle=8
spring.redis.lettuce.pool.min-idle=0
# 开发环境缓存时间较短,方便调试
spring.cache.redis.time-to-live=600000
#防火墙封堵配置
# 是否启用真实封堵(false时仅打印日志,用于测试)
firewall.enabled=true
# iptables命令路径(通常为 /usr/sbin/iptables
firewall.iptables-path=/usr/sbin/iptables
# 封堵链(常用 INPUT 或 FORWARD
firewall.chain=INPUT
# 封堵策略(DROP 或 REJECT
firewall.target=DROP
# 可选:API访问密钥(若为空则不校验)
firewall.api-key=your-secure-api-key
spring.redis.lettuce.pool.max-active=20
spring.redis.lettuce.pool.max-wait=5000
spring.redis.lettuce.pool.max-idle=10
spring.redis.lettuce.pool.min-idle=5
# 生产环境缓存时间较长
spring.cache.redis.time-to-live=3600000
# 黑名单API配置
blacklist.api.url= https://103.43.84.11/api/v3/Objects/Blacklist
blacklist.api.username=apt-admin103
blacklist.api.password=C9W2xYgfc%SN1
# 白名单API配置
whitelist.api.url=https://103.43.84.11/api/v3/Policies/GlobalWhitelist
whitelist.api.username=apt-admin103
whitelist.api.password=C9W2xYgfc%SN1
whitelist.api.url=https://103.43.84.11/api/v3/Policies/GlobalWhitelist
# ============================================
# 探针联动配置
@@ -84,8 +76,25 @@ whitelist.api.password=C9W2xYgfc%SN1
# 是否启用联动功能
interlocking.enabled=true
# syslog-consumer API基础URL(安全平台外网映射地址)
interlocking.api.base-url=http://localhost:8089/xdrservice/interlocking
interlocking.api.base-url=http://192.168.4.26:8089/xdrservice/interlocking
# API-KEY认证(32位,需与syslog-consumer配置一致)
interlocking.api-key=a1b2c3d4e5f6g7h8i9j0k1l2m3n4o5p6
# 定时任务执行间隔(毫秒),默认30秒
interlocking.schedule.interval=30000
# ============================================
# 探针心跳配置
# ============================================
# 是否启用心跳
probe.heartbeat.enabled=true
# 心跳发送间隔(秒)
probe.heartbeat.interval-seconds=60
# 心跳发送初始延迟(毫秒)
probe.heartbeat.initial-delay-ms=5000
# 平台端心跳接收接口URL
probe.platform.api-url=http://192.168.4.26:8089/xdrservice/interlocking/probe/heartbeat
# ============================================
# 定时任务配置
# ============================================
spring.task.scheduling.pool.size=5