fix: 调整 stream_id 获取方式，改为 zeek 解析获取 stream_id 字段，之后按协议补充 tcp_stream,udp_stream

2024-08-29 10:39:17 +08:00
parent 9e206505e5
commit 66214087d5
1 changed files with 1 additions and 3 deletions
--- a/src/main/java/net/geedge/asw/module/runner/util/PcapParserThread.java
+++ b/src/main/java/net/geedge/asw/module/runner/util/PcapParserThread.java
@@ -127,7 +127,6 @@ public class PcapParserThread implements Runnable {
        // add custom field
        String pcapId = pcapEntity.getId();
        String pcapName = pcapEntity.getName();
-        Long tcpStream = 0L, udpStream = 0L;

        String sharkdApiHostAddr = properties.getProperty("sharkdApiHostAddr", "127.0.0.1");
        for (Object obj : jsonArray) {
@@ -136,13 +135,12 @@ public class PcapParserThread implements Runnable {
            pojo.put("pcap.name", pcapName);

            String proto = T.MapUtil.getStr(pojo, "proto", "");
+            Long streamId = T.MapUtil.getLong(pojo, "stream_id");
            if (T.StrUtil.equalsIgnoreCase("tcp", proto)) {
-                Long streamId = tcpStream++;
                pojo.put("pcap.tcp_stream", streamId);
                pojo.put("pcap.stream_url", String.format("http://%s/navi/pcap/%s/tcp/%s", sharkdApiHostAddr, pcapId, streamId));
            }
            if (T.StrUtil.equalsIgnoreCase("udp", proto)) {
-                Long streamId = udpStream++;
                pojo.put("pcap.udp_stream", streamId);
                pojo.put("pcap.stream_url", String.format("http://%s/navi/pcap/%s/udp/%s", sharkdApiHostAddr, pcapId, streamId));
            }