nanChen/ai-security-xdr
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

1、修改算子运算结果后入库BUG

Browse Source 
2、根据设备ID获取设备IP、设备厂商、设备名称 信息补全标准化表
3、完善告警表字段内容:syslog_normal_alarm: http_url ->alarm: victim_web_url
This commit is contained in:
nanChen
2026-01-26 15:20:46 +08:00
parent 6603c6f4a1
commit cf6b89ea94
23 changed files with 1941 additions and 52 deletions
Download Patch File Download Diff File Expand all files Collapse all files
haobang-security-xdr/syslog-consumer/src/main/java/com/Modules/NormalData/LogNormalProcessor.java
+47 -5
View File
@@ -36,6 +36,9 @@ import com.common.service.LogDataFilterService;
import com.common.service.LogDataCompleteService;
import com.common.service.DeviceCollectTaskService;
import com.common.entity.DeviceCollectTask;
import com.common.entity.DeviceDevice;
import com.common.util.TimeConversionUtils;
import com.common.service.DeviceDeviceService;
public class LogNormalProcessor {
private static final Logger logger = LoggerFactory.getLogger(LogNormalProcessor.class);
@@ -65,7 +68,8 @@ public class LogNormalProcessor {
private LogDataCompleteService logDataCompleteService= SpringContextUtil.getBean(LogDataCompleteService.class);
@Autowired
private DeviceCollectTaskService deviceCollectTaskService= SpringContextUtil.getBean(DeviceCollectTaskService.class);
@Autowired
private DeviceDeviceService deviceDeviceService= SpringContextUtil.getBean(DeviceDeviceService.class);
@Autowired
SyslogNonNormalMessage syslogNonNormalMessage=new SyslogNonNormalMessage();
@@ -433,15 +437,26 @@ public class LogNormalProcessor {
//匹配并获取映射枚举值
normalColumMap.put("dest_field_value",getMappingValue(action_param ,entry.getValue().toString() ));
}
else if(((HashMap<String, Object>)map.get("action")).get("type").equals("time\""))
else if(((HashMap<String, Object>)map.get("action")).get("type").equals("time"))
{
//time 类型
normalColumMap.put("dest_field_value",entry.getValue() );
//normalColumMap.put("dest_field_value",entry.getValue() );
normalColumMap.put("action_param",((HashMap<String, Object>)map.get("action")).get("param") );
HashMap<String, Object> action_param=(HashMap<String, Object>)((HashMap<String, Object>)map.get("action")).get("param") ;
//匹配时间格式并转成换整型格式
try {
long longTime = TimeConversionUtils.convertToMillis(entry.getValue().toString(), action_param.get("timezone").toString());
normalColumMap.put("dest_field_value", longTime);
} catch (Exception e) {
logger.error("时间类型转换错误,源值:" + entry.getValue().toString() + ",java_date_format:" + action_param.get("java_date_format").toString());
e.printStackTrace();
}
}
columnlist.add((HashMap<String, Object>)normalColumMap);
//System.out.println( "normalColumMap: " +normalColumMap);
break;
//存在源字段配置多个目标字段,使用continue,而不是break
continue;
}
}
}
@@ -499,6 +514,9 @@ public class LogNormalProcessor {
return ;
}
Map<String, Object> columnMap = logColumnMap;
//补全设备信息字段
CompletionDeviceInfo(columnMap, deviceId);
columnMap.put("device_id", deviceId);
columnMap.put("log_time", logtime);
columnMap.put("id", UUID.randomUUID().toString());
@@ -519,6 +537,30 @@ public class LogNormalProcessor {
}
}
/**
* 补全设备信息字段
* @param columnMap
* @param deviceID
*/
public void CompletionDeviceInfo(Map<String, Object> columnMap ,Long deviceID)
{
try {
DeviceDevice devInfo = deviceDeviceService.getByIdSafely( Long.valueOf(deviceID).intValue() );
if (devInfo != null) {
columnMap.put("device_ip", devInfo.getIp());
columnMap.put("device_manufacturer", devInfo.getVendor());
columnMap.put("device_name", devInfo.getName());
}
} catch (Exception e) {
logger.error("CompletionDeviceInfo 失败!ID"+deviceID );
}
}
/**
* 保存非标日志记录
* @param deviceId
* @param logtime
*/
public void SaveNonNormalMessage(long deviceId , DateTime logtime)
{
try {