ai-security-xdr/haobang-security-dm/syslog-consumer-rule/target/classes/mapper/DeviceReceiveLogMapper.xml

<?xml version="1.0" encoding="UTF-8" ?>
<!DOCTYPE mapper PUBLIC "-//mybatis.org//DTD Mapper 3.0//EN"
        "http://mybatis.org/dtd/mybatis-3-mapper.dtd">
<mapper namespace="com.common.mapper.DeviceReceiveLogMapper">

    <!-- 结果映射 -->
    <resultMap id="BaseResultMap" type="com.common.entity.DeviceReceiveLog">
        <id column="id" property="id" />
        <result column="created_at" property="createdAt" />
        <result column="device_collect_id" property="deviceCollectId" />
        <result column="device_id" property="deviceId" />
        <result column="device_ip" property="deviceIp" />
        <result column="receive_time" property="receiveTime" />
        <result column="receive_time_str" property="receiveTimeStr" />
        <result column="syslog_message" property="syslogMessage" />
    </resultMap>

    <!-- 插入单条记录 -->
    <insert id="insert" parameterType="com.common.entity.DeviceReceiveLog" useGeneratedKeys="true" keyProperty="id">
        INSERT INTO device_receive_log (
            created_at,
            device_collect_id,
            device_id,
            device_ip,
            receive_time,
            receive_time_str,
            syslog_message
        ) VALUES (
            COALESCE(#{createdAt}, NOW() AT TIME ZONE 'utc'),
            #{deviceCollectId},
            #{deviceId},
            #{deviceIp}::inet,
            #{receiveTime},
            #{receiveTimeStr},
            #{syslogMessage}
        )
    </insert>

    <!-- 批量插入（高性能） -->
    <insert id="batchInsert" parameterType="java.util.List">
        INSERT INTO device_receive_log (
        created_at,
        device_collect_id,
        device_id,
        device_ip,
        receive_time,
        receive_time_str,
        syslog_message
        ) VALUES
        <foreach collection="list" item="item" separator=",">
            (
            COALESCE(#{item.createdAt}, NOW() AT TIME ZONE 'utc'),
            #{item.deviceCollectId},
            #{item.deviceId},
            #{item.deviceIp}::inet,
            #{item.receiveTime},
            #{item.receiveTimeStr},
            #{item.syslogMessage}
            )
        </foreach>
    </insert>

    <!-- 根据ID查询 -->
    <select id="selectById" resultMap="BaseResultMap">
        SELECT * FROM device_receive_log
        WHERE id = #{id}
    </select>

    <!-- 根据设备ID查询 -->
    <select id="selectByDeviceId" resultMap="BaseResultMap">
        SELECT * FROM device_receive_log
        WHERE device_id = #{deviceId}
        ORDER BY receive_time DESC
    </select>

    <!-- 根据采集探针ID查询 -->
    <select id="selectByCollectId" resultMap="BaseResultMap">
        SELECT * FROM device_receive_log
        WHERE device_collect_id = #{collectId}
        ORDER BY receive_time DESC
    </select>

    <!-- 根据IP地址查询（使用PostgreSQL的inet操作符） -->
    <select id="selectByDeviceIp" resultMap="BaseResultMap">
        SELECT * FROM device_receive_log
        WHERE device_ip >>= #{deviceIp}::inet
        ORDER BY receive_time DESC
    </select>

    <!-- 根据时间范围查询（利用created_at索引） -->
    <select id="selectByTimeRange" resultMap="BaseResultMap">
        SELECT * FROM device_receive_log
        WHERE created_at BETWEEN #{startTime} AND #{endTime}
        ORDER BY created_at DESC
    </select>

    <!-- 多条件组合查询（动态SQL） -->
    <select id="selectByCondition" parameterType="com.common.entity.DeviceReceiveLog" resultMap="BaseResultMap">
        SELECT * FROM device_receive_log
        <where>
            <if test="deviceId != null">
                AND device_id = #{deviceId}
            </if>
            <if test="deviceCollectId != null">
                AND device_collect_id = #{deviceCollectId}
            </if>
            <if test="deviceIp != null and deviceIp != ''">
                AND device_ip >>= #{deviceIp}::inet
            </if>
            <if test="receiveTime != null">
                AND receive_time >= #{receiveTime}
            </if>
            <if test="syslogMessage != null and syslogMessage != ''">
                AND syslog_message LIKE CONCAT('%', #{syslogMessage}, '%')
            </if>
        </where>
        ORDER BY created_at DESC
    </select>

    <!-- 统计数量 -->
    <select id="countByCondition" parameterType="com.common.entity.DeviceReceiveLog" resultType="java.lang.Long">
        SELECT COUNT(*) FROM device_receive_log
        <where>
            <if test="deviceId != null">
                AND device_id = #{deviceId}
            </if>
            <if test="deviceCollectId != null">
                AND device_collect_id = #{deviceCollectId}
            </if>
            <if test="deviceIp != null and deviceIp != ''">
                AND device_ip >>= #{deviceIp}::inet
            </if>
            <if test="receiveTime != null">
                AND receive_time >= #{receiveTime}
            </if>
        </where>
    </select>

    <!-- 删除时间范围内的数据 -->
    <delete id="deleteByTimeRange">
        DELETE FROM device_receive_log
        WHERE created_at BETWEEN #{startTime} AND #{endTime}
    </delete>

    <!-- 获取最近N条记录 -->
    <select id="selectRecent" resultMap="BaseResultMap">
        SELECT * FROM device_receive_log
        ORDER BY created_at DESC
        LIMIT #{limit}
    </select>

    <!-- 按设备分组统计 -->
    <select id="countByDeviceGroup" resultType="java.util.Map">
        SELECT
            device_id,
            COUNT(*) as log_count,
            MIN(receive_time) as first_receive_time,
            MAX(receive_time) as last_receive_time
        FROM device_receive_log
        GROUP BY device_id
        ORDER BY log_count DESC
    </select>

</mapper>