diff --git a/22.08/Develop.postman_environment.json b/22.08/Develop.postman_environment.json new file mode 100644 index 0000000..37825b9 --- /dev/null +++ b/22.08/Develop.postman_environment.json @@ -0,0 +1,270 @@ +{ + "id": "c169cbe6-19fc-4d55-a527-ba2c27a0552c", + "name": "Develop", + "values": [ + { + "key": "start_time", + "value": "2021-12-10 00:00:00", + "enabled": true + }, + { + "key": "end_time", + "value": "2021-12-17 00:00:00", + "enabled": true + }, + { + "key": "qgw_ip", + "value": "192.168.44.12", + "enabled": true + }, + { + "key": "qgw_port", + "value": "9999", + "enabled": true + }, + { + "key": "druid_ip", + "value": "192.168.44.12", + "type": "default", + "enabled": true + }, + { + "key": "druid_port", + "value": "8089", + "enabled": true + }, + { + "key": "hbase_ip", + "value": "192.168.44.12", + "enabled": true + }, + { + "key": "hbase_port", + "value": "50070", + "enabled": true + }, + { + "key": "hos_token", + "value": "c21f969b5f03d33d43e04f8f136e7682", + "enabled": true + }, + { + "key": "hos_ip", + "value": "192.168.44.12", + "enabled": true + }, + { + "key": "hos_port", + "value": "9098", + "enabled": true + }, + { + "key": "clickhouse_ip", + "value": "192.168.44.12", + "enabled": true + }, + { + "key": "clickhouse_port", + "value": "8123", + "enabled": true + }, + { + "key": "clickhouse_database", + "value": "tsg_galaxy_v3", + "enabled": true + }, + { + "key": "clickhouse_user", + "value": "default", + "enabled": true + }, + { + "key": "clickhouse_password", + "value": "ceiec2019", + "enabled": true + }, + { + "key": "arango_ip", + "value": "192.168.44.12", + "enabled": true + }, + { + "key": "arango_port", + "value": "8529", + "enabled": true + }, + { + "key": "kafka_load_ip", + "value": "192.168.44.12", + "enabled": true + }, + { + "key": "kafka_monitor_port", + "value": "9991", + "enabled": true + }, + { + "key": "kafka_merge_ip", + "value": "192.168.44.12", + "enabled": true + }, + { + "key": "Last 5 Minutes Start", + "value": "FROM_UNIXTIME(UNIX_TIMESTAMP(now())-300)", + "enabled": true + }, + { + "key": "now", + "value": "now()", + "enabled": true + }, + { + "key": "Last 1 Hour Start", + "value": "FROM_UNIXTIME(UNIX_TIMESTAMP(now())-3600)", + "enabled": true + }, + { + "key": "Last 12 Hour Start", + "value": "FROM_UNIXTIME(UNIX_TIMESTAMP(now())-43200)", + "enabled": true + }, + { + "key": "Last 24 Hour Start", + "value": "FROM_UNIXTIME(UNIX_TIMESTAMP(now())-86400)", + "enabled": true + }, + { + "key": "Today Start", + "value": "DATE(FROM_UNIXTIME(UNIX_TIMESTAMP(now())))", + "enabled": true + }, + { + "key": "Today End", + "value": "DATE(FROM_UNIXTIME(UNIX_TIMESTAMP(now()) +86400))", + "enabled": true + }, + { + "key": "Today so far Start", + "value": "DATE(FROM_UNIXTIME(UNIX_TIMESTAMP(now())))", + "enabled": true + }, + { + "key": "Yesterday Start", + "value": "DATE(FROM_UNIXTIME(UNIX_TIMESTAMP(now()) -86400))", + "enabled": true + }, + { + "key": "Yesterday End", + "value": "DATE(FROM_UNIXTIME(UNIX_TIMESTAMP(now())))", + "enabled": true + }, + { + "key": "PT5S_RECV_TIME", + "value": "FROM_UNIXTIME(TIME_FLOOR_WITH_FILL(common_recv_time,'PT5s'))", + "enabled": true + }, + { + "key": "PT30S_RECV_TIME", + "value": "FROM_UNIXTIME(TIME_FLOOR_WITH_FILL(common_recv_time,'PT30S'))", + "enabled": true + }, + { + "key": "PT5M_RECV_TIME", + "value": "FROM_UNIXTIME(TIME_FLOOR_WITH_FILL(common_recv_time,'PT5M'))", + "enabled": true + }, + { + "key": "PT30M_RECV_TIME", + "value": "FROM_UNIXTIME(TIME_FLOOR_WITH_FILL(common_recv_time,'PT30M'))", + "enabled": true + }, + { + "key": "PT1H_RECV_TIME", + "value": "FROM_UNIXTIME(TIME_FLOOR_WITH_FILL(common_recv_time,'PT1H'))", + "enabled": true + }, + { + "key": "P1D_RECV_TIME", + "value": "FROM_UNIXTIME(TIME_FLOOR_WITH_FILL(common_recv_time,'P1D'))", + "enabled": true + }, + { + "key": "PT5S_TIME", + "value": "FROM_UNIXTIME(TIME_FLOOR_WITH_FILL(UNIX_TIMESTAMP(__time),'PT5s'))", + "enabled": true + }, + { + "key": "PT30S_TIME", + "value": "FROM_UNIXTIME(TIME_FLOOR_WITH_FILL(UNIX_TIMESTAMP(__time),'PT30S'))", + "enabled": true + }, + { + "key": "PT1M_TIME", + "value": "FROM_UNIXTIME(TIME_FLOOR_WITH_FILL(UNIX_TIMESTAMP(__time),'PT1M'))", + "enabled": true + }, + { + "key": "PT5M_TIME", + "value": "FROM_UNIXTIME(TIME_FLOOR_WITH_FILL(UNIX_TIMESTAMP(__time),'PT5M'))", + "enabled": true + }, + { + "key": "PT30M_TIME", + "value": "FROM_UNIXTIME(TIME_FLOOR_WITH_FILL(UNIX_TIMESTAMP(__time),'PT30M'))", + "enabled": true + }, + { + "key": "PT1H_TIME", + "value": "FROM_UNIXTIME(TIME_FLOOR_WITH_FILL(UNIX_TIMESTAMP(__time),'PT1H'))", + "enabled": true + }, + { + "key": "P1D_TIME", + "value": "FROM_UNIXTIME(TIME_FLOOR_WITH_FILL(UNIX_TIMESTAMP(__time),'P1D'))", + "enabled": true + }, + { + "key": "report_ip", + "value": "192.168.44.12", + "enabled": true + }, + { + "key": "report_port", + "value": "9093", + "enabled": true + }, + { + "key": "domain", + "value": "bsgoal.net.cn", + "enabled": true + }, + { + "key": "client_ip", + "value": "120.77.110.61", + "enabled": true + }, + { + "key": "server_ip", + "value": "120.77.110.61", + "enabled": true + }, + { + "key": "l7_protocol", + "value": "SIP", + "enabled": true + }, + { + "key": "bifang_ip", + "value": "192.168.44.3", + "enabled": true + }, + { + "key": "bifang_port", + "value": "8080", + "enabled": true + } + ], + "_postman_variable_scope": "environment", + "_postman_exported_at": "2022-08-01T06:19:09.650Z", + "_postman_exported_using": "Postman/9.22.2" +} \ No newline at end of file diff --git a/22.08/Galaxy Trouble Shooting API V22.08.postman_collection.json b/22.08/Galaxy Trouble Shooting API V22.08.postman_collection.json new file mode 100644 index 0000000..d3233a5 --- /dev/null +++ b/22.08/Galaxy Trouble Shooting API V22.08.postman_collection.json @@ -0,0 +1,12370 @@ +{ + "info": { + "_postman_id": "868bc69c-c241-4552-859c-24b9f0ad19b4", + "name": "Galaxy Trouble Shooting API V22.08", + "description": "# galaxy-troubleshooting-api\n\n基于Postman Rest API对Galaxy系统进行模块测试,版本发布前全流程验证和生产环境组件健康度检查。\n## Release 22.08 (30 JUL 2022)\n\n###### New Features\n* 其它-查询网关-Live Charts 总带宽流量校验\n* 增加检查数据流-SQL执行计划\n* 增加检查数据流-SQL查看表结构\n* 增加检查数据推荐-推荐IMSI到TEID关系\n* 增加检查数据推荐-推荐IMEI到TEID关系\n* 增加检查数据推荐-推荐Phone Number到TEID关系\n* 增加检查数据推荐-推荐apn到TEID关系\n* 增加检查数据推荐-实时查询任务-提交查询任务(实时统计)\n* 增加检查数据推荐-实时查询任务-获取任务结果(实时统计)\n###### Update\n* 修改安全和代理事件日志默认增加namespace_id查询条件\n\n## Release 22.07 (30 JUL 2022)\n\n###### New Features\n* 增加检查数据推荐-Top Server IP流量概况评估\n* 增加检查数据推荐-Top SNI 流量概况评估\n###### Update\n\n\n## Release 22.06 (30 JUE 2022)\n\n###### New Features\n* 检查数据流-增加存储配额一致性检查\n###### Update\n* 系统报告检查-增加与CM默认VSYSID=1参数\n\n\n## Release 22.05 (31 MAY 2022)\n\n###### New Features\n\n###### Update\n* 检查日志-会话日志/安全事件日志增加RDP类型校验\n\n\n## Release 22.04 (29 APR 2022)\n\n###### New Features\n\n###### Update\n* 预处理检查-是否有数据验证,改为通过console后台打印日志\n* Dashboards Top部分功能增加device_group, data_center维度校验\n\n\n## Release 22.03 (8 APR 2022)\n\n###### New Features\n* 增加数据预处理检查,为每类日志增加多个测试用例,区分功能或无数据问题\n###### Update\n* 其它-评估日志预处理,增加ETL处理时延和写入Kafka时延指标\n* 检查日志模块对会话,安全和代理事件日志基于具体字段查询\n\n###### Delete\n* 删除检查数据流,关于Topic的测试用例\n\n## Release 22.02 (8 MAR 2022)\n\n###### New Features\n\n* 检查数据流-元数据检查 增加schema评价文件事件日志\n \n \n\n## Release 22.01 (27 JAN 2022)\n\n###### New Features\n\n* 检查数据流-TopN计算 增加Application接口验证\n \n\n###### Update\n\n* 重新梳理分类,删除无用接口\n* 重新排列分类,将系统自检放到首位\n \n\n## Release 21.12 (1 Dec 2021)\n\n###### New Features\n\n* 新增数据推荐查询-实时查询任务\n* 新增数据推荐查询-推荐Subscriber ID 到IP关系\n* 新增数据推荐查询-推荐APP活跃客户端IP\n* 新增数据推荐查询-推荐TopN Server IP\n* 新增数据推荐查询-推荐TopN SNI\n* 新增常用快捷功能-查询网关,增加优化查询测试集\n * Top 查询优化\n * Calcite 缓存查询\n * 自定义时间函数补全功能\n\n###### Update\n\n* Dashboard 查询,代理策略命中动作增加Edit Element 统计\n \n\n## Release 21.11 (5 Nov 2021)\n\n###### New Features\n\n* Delete\n* Update\n* 修改报告查询接口(由查询mariadb方式变更为API接口)\n* 修改规范“数据推荐查询”所有接口的命名\n \n\n## Release 21.10 (28 OCT 2021)\n\n###### New Features\n\n* 新增HOS健康状态检测接口\n* Delete\n* 删除原ClickHouse/Druid/ArangoDB 状态检查接口\n \n\n## Release 21.09 (23 SEP 2021)\n\n###### New Features\n\n* Update\n* 删除分布式调度任务,5分钟TOPN校验,交由FLink统计\n* 原始日志表名进行重命名,相关查询接口更新\n* 修正DNS分析的SQL数据集\n \n\n## Release 21.08 (15 AUG 2021)\n\n###### New Features\n\n* 新增“Dashboard查询-DoS Threat Map”功能列表,显示DoS检测地图接口\n* 新增“原始日志查询-DoS事件日志”,显示DoS攻击检测日志\n* 新增“原始日志查询-DoS事件日志-Summary”,显示DoS攻击趋势统计\n* 新增“原始日志查询-DoS事件日志-Destination IP Traffic Trend”,显示受害者IP历史流量趋势\n* Update\n* 迁移“Dashboard查询”liveCharts接口,放到“Live Charts”目录中统一管理。\n* 对DNS分析,增加一些查询样例\n \n\n## Release 21.07 (5 JUL 2021)\n\n###### New Features\n\n* 增加”常用快捷功能-基数统计“,用于分析日志分布情况\n* 增加”常用快捷功能-DNS放大攻击“,查询特征数据集\n* 增加”通用检查-对象存储-获取某个文件“,用于文件获取验证\n \n\n###### Update\n\n* 为所有接口增加Tests脚本,对接口进行批量验证测试\n* 修正部分接口查询异常\n \n\n## Release 21.06 (7 JUN 2021)\n\n###### New Features\n\n* Environments 增加环境变量domain、client_ip、server_ip、l7_protocol和PT1M_TIME\n* 常用快捷功能增加某域名下钻、某IP下钻、协议下钻和DNS分析功能\n \n\n###### Update\n\n* 原始日志查询,基于Druid近1小时日志变化粒度从5分钟改为1分钟。包含通联、策略和代理日志。\n \n\n## Release 21.05 (6 MAY 2021)\n\n###### New Features\n\n* 新增“GTP-C日志”功能,辅助故障诊断\n* 新增“事务日志”功能,辅助故障诊断\n* 新增“活跃会话日志”功能,辅助故障诊断\n* 新增“07.常用快捷功能-评估写入日志量”,查看当前系统的吞吐\n \n\n###### Update\n\n* 修改\"01.通用检查-数据存储检查\",增加事务、活跃及GTP-C 检测\n \n\n## Release 21.04 (3 APR 2021)\n\n###### New Features\n\n* 增加“VoIP日志”功能,辅助故障诊断\n* 增加“元数据检查”分类目录\n* 增加“HOS对象存储”目录,用于定位对象存储\n \n\n###### Update\n\n* 修改“SQL语法检查”为“SQL语法验证”,支持SQL语句的静态分析和数据库语义验证\n* 迁移功能项位置,方便问题定位\n \n\n###### Delete\n\n* 删除“系统检查-查询引擎SQL测试集\\[过时\\]”功能,由“故障诊断-sql性能测试”替代。\n \n\n## Release 21.03 (2 MAR 2021)\n\n###### New Features\n\n* 增加故障诊断-元数据功能,可分析日志字段是否与schema一致\n* 增加故障诊断-sql性能测试,可对查询引擎进行功能性验证和POC性能测试\n \n\n###### Update\n\n* 对查询引擎SQL测试集标记过时\n \n\n## Release 21.02 (1 FEB 2021)\n\n###### Update\n\n* 改善内部测试集,应对新的功能修改\n \n\n## Release 20.11.rc3 (11 DEC 2020)\n\n###### New Features\n\n* 增加常用快捷功能- 安装证书独立客户端IP数据趋势\n* 增加常用快捷功能-访问速度最慢TOP20 域名\n* 增加常用快捷功能-报告预置Metrics\n* 增加原始日志查询-安全策略-动作命中计数\n* 增加原始日志查询-代理策略-动作命中计数\n* 增加原始日志查询-通联-流量计数(now)\n \n\n###### Update\n\n* 改善Dashboard查询-基础统计-新建、活跃(计数)-now\n* 改善Dashboard查询-新建、活跃(趋势)\n* 目录增加编号,便于管理\n* 修改分布式调度任务-5分钟TOPN-hot表验证表名\n* 部分Action为post 改为 get,便于导出命令行", + "schema": "https://schema.getpostman.com/json/collection/v2.1.0/collection.json" + }, + "item": [ + { + "name": "01.系统自检", + "item": [ + { + "name": "组件版本信息", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "pm.test(\"Status code is 200\", function () {", + " pm.response.to.have.status(200);", + "});" + ], + "type": "text/javascript" + } + } + ], + "request": { + "method": "GET", + "header": [], + "url": { + "raw": "http://{{qgw_ip}}:{{qgw_port}}/monitor/info", + "protocol": "http", + "host": [ + "{{qgw_ip}}" + ], + "port": "{{qgw_port}}", + "path": [ + "monitor", + "info" + ] + }, + "description": "查询数据平台各个组件的版本号" + }, + "response": [] + }, + { + "name": "核心组件健康状态", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "pm.test(\"Status code is 200\", function () {", + " pm.response.to.have.status(200);", + "});" + ], + "type": "text/javascript" + } + } + ], + "request": { + "method": "GET", + "header": [], + "url": { + "raw": "http://{{qgw_ip}}:{{qgw_port}}/monitor/health", + "protocol": "http", + "host": [ + "{{qgw_ip}}" + ], + "port": "{{qgw_port}}", + "path": [ + "monitor", + "health" + ] + }, + "description": "查询数据引擎引用的数据库健康状态及目前的配置。" + }, + "response": [] + }, + { + "name": "元数据诊断", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "pm.test(\"Status code is 200\", function () {", + " pm.response.to.have.status(200);", + "});" + ], + "type": "text/javascript" + } + } + ], + "request": { + "method": "GET", + "header": [], + "url": { + "raw": "http://{{qgw_ip}}:{{qgw_port}}/diagnosis/metadata", + "protocol": "http", + "host": [ + "{{qgw_ip}}" + ], + "port": "{{qgw_port}}", + "path": [ + "diagnosis", + "metadata" + ] + } + }, + "response": [] + }, + { + "name": "查询网关SQL自检", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "pm.test(\"Status code is 200\", function () {", + " pm.response.to.have.status(200);", + "});" + ], + "type": "text/javascript" + } + } + ], + "request": { + "method": "GET", + "header": [], + "url": { + "raw": "http://{{qgw_ip}}:{{qgw_port}}/diagnosis/runSql?option=validation", + "protocol": "http", + "host": [ + "{{qgw_ip}}" + ], + "port": "{{qgw_port}}", + "path": [ + "diagnosis", + "runSql" + ], + "query": [ + { + "key": "option", + "value": "validation" + } + ] + } + }, + "response": [] + }, + { + "name": "Apache Druid任务自检", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "pm.test(\"Status code is 200\", function () {", + "", + " pm.response.to.have.status(200);", + "});" + ], + "type": "text/javascript" + } + } + ], + "request": { + "method": "GET", + "header": [], + "url": { + "raw": "http://{{druid_ip}}:{{druid_port}}/druid/indexer/v1/supervisor?state=true", + "protocol": "http", + "host": [ + "{{druid_ip}}" + ], + "port": "{{druid_port}}", + "path": [ + "druid", + "indexer", + "v1", + "supervisor" + ], + "query": [ + { + "key": "state", + "value": "true" + } + ] + }, + "description": "1. 将环境切换至 druid\r\n\r\n2. 执行此接口,如果接口正常返回数据,代表druid服务运行正常" + }, + "response": [] + }, + { + "name": "HOS健康自检", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "pm.test(\"Status code is 200\", function () {", + " pm.response.to.have.status(200);", + "});" + ], + "type": "text/javascript" + } + } + ], + "request": { + "method": "GET", + "header": [], + "url": { + "raw": "http://{{hos_ip}}:{{hos_port}}/admin/verification", + "protocol": "http", + "host": [ + "{{hos_ip}}" + ], + "port": "{{hos_port}}", + "path": [ + "admin", + "verification" + ] + } + }, + "response": [] + } + ] + }, + { + "name": "02.检查数据流", + "item": [ + { + "name": "预处理检查", + "item": [ + { + "name": "会话日志-Topic", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "pm.test(\"Successful request.\", function () {", + " pm.expect(pm.response.code).to.be.oneOf([200,201]);", + "});", + "", + "pm.test(\"Checking traffic records status.\", function () {", + " const text = pm.response.text().split('\\n');", + " for (const v of text) {", + " ", + " if (v.match(\"kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\\\"MessagesInPerSec\\\",topic=\\\"SESSION-RECORD\\\",}\")) {", + " console.log(v);", + " if(v.split(' ')[1]<0.0001) { ", + " console.warn(\"Session Records no data.\"); ", + " }", + " }", + " if (v.match(\"kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\\\"FailedFetchRequestsPerSec\\\",topic=\\\"SESSION-RECORD\\\",}\")) {", + " console.log(v);", + " if(v.split(' ')[1]>100) {", + " pm.response.to.have.status(500);", + " console.error(\"Session Records failed fetch Requests.\"); ", + " }", + " }", + " if (v.match(\"kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\\\"FailedProduceRequestsPerSec\\\",topic=\\\"SESSION-RECORD\\\",}\")) {", + " console.log(v);", + " if(v.split(' ')[1]>100) {", + " pm.response.to.have.status(500);", + " console.error(\"Session Records failed produce Requests.\"); ", + " }", + " }", + "", + " }", + " pm.response.to.be.status(200);", + "", + "});", + "", + "pm.test(\"Checking ETL status.\", function () {", + " const text = pm.response.text().split('\\n');", + " for (const v of text) {", + " ", + " if (v.match(\"kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\\\"MessagesInPerSec\\\",topic=\\\"SESSION-RECORD-COMPLETED\\\",}\")) {", + " console.log(v);", + " if(v.split(' ')[1]<0.0001) { ", + " console.warn(\"ETL Session Records no data.\"); ", + " }", + " }", + " if (v.match(\"kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\\\"FailedFetchRequestsPerSec\\\",topic=\\\"SESSION-RECORD-COMPLETED\\\",}\")) {", + " console.log(v);", + " if(v.split(' ')[1]>100) {", + " pm.response.to.have.status(500);", + " console.error(\"ETL Session Records failed fetch Requests.\");", + " }", + " }", + " if (v.match(\"kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\\\"FailedProduceRequestsPerSec\\\",topic=\\\"SESSION-RECORD-COMPLETED\\\",}\")) {", + " console.log(v);", + " if(v.split(' ')[1]>100) {", + " pm.response.to.have.status(500);", + " console.error(\"ETL Session Records failed produce Requests.\");", + " }", + " }", + "", + " }", + " pm.response.to.be.status(200);", + "", + "});", + "", + "", + "", + "" + ], + "type": "text/javascript" + } + } + ], + "request": { + "method": "GET", + "header": [], + "url": { + "raw": "http://{{kafka_load_ip}}:{{kafka_monitor_port}}", + "protocol": "http", + "host": [ + "{{kafka_load_ip}}" + ], + "port": "{{kafka_monitor_port}}" + }, + "description": "## Kafka Topics\n\n```\n在监控指标结果下,直接复制指标进行查找定位,仅需修改\"topic\"里内容。\n```\n\nTYPE kafka_server_BrokerTopicMetrics_FiveMinuteRate (近5分钟数据情况)\n\n- **判断Topic 写入是否有最新的数据:**\n * kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"ProduceMessageConversionsPerSec\",topic=\"TRAFFIC-METRICS-LOG\",}\n\n * kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"ProduceMessageConversionsPerSec\",topic=\"CONNECTION-RECORD-LOG\",}\n\n * kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"ProduceMessageConversionsPerSec\",topic=\"PROXY-EVENT-LOG\",}\n\n * kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"ProduceMessageConversionsPerSec\",topic=\"SECURITY-EVENT-LOG\",}\n\n- **判断Topic 写入是否异常**\n\n * kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"FailedProduceRequestsPerSec\",topic=\"TRAFFIC-METRICS-LOG\",}\n\n * kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"FailedProduceRequestsPerSec\",topic=\"CONNECTION-RECORD-LOG\",}\n\n * kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"FailedProduceRequestsPerSec\",topic=\"PROXY-EVENT-LOG\",}\n\n * kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"FailedProduceRequestsPerSec\",topic=\"SECURITY-EVENT-LOG\",}\n\n- 判断Topic 读取是否有最新的数据\n\n * kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"FetchMessageConversionsPerSec\",topic=\"TRAFFIC-METRICS-LOG\",}\n * kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"FetchMessageConversionsPerSec\",topic=\"CONNECTION-RECORD-LOG\",}\n * kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"FetchMessageConversionsPerSec\",topic=\"PROXY-EVENT-LOG\",}\n * kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"FetchMessageConversionsPerSec\",topic=\"SECURITY-EVENT-LOG\",}\n\n- 判断Topic 读取是否异常\n\n - kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"FailedFetchRequestsPerSec\",topic=\"TRAFFIC-METRICS-LOG\",}\n - kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"FailedFetchRequestsPerSec\",topic=\"CONNECTION-RECORD-LOG\",}\n - kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"FailedFetchRequestsPerSec\",topic=\"PROXY-EVENT-LOG\",}\n - kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"FailedFetchRequestsPerSec\",topic=\"SECURITY-EVENT-LOG\",}" + }, + "response": [] + }, + { + "name": "过渡会话日志-Topic", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "pm.test(\"Successful request.\", function () {", + " pm.expect(pm.response.code).to.be.oneOf([200,201]);", + "});", + "", + "pm.test(\"Checking traffic records status.\", function () {", + " const text = pm.response.text().split('\\n');", + " for (const v of text) {", + " ", + " if (v.match(\"kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\\\"MessagesInPerSec\\\",topic=\\\"INTERIM-SESSION-RECORD\\\",}\")) {", + " console.log(v);", + " if(v.split(' ')[1]<0.0001) { ", + " console.warn(\"Interim Session Records no data.\"); ", + " }", + " }", + " if (v.match(\"kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\\\"FailedFetchRequestsPerSec\\\",topic=\\\"INTERIM-SESSION-RECORD\\\",}\")) {", + " console.log(v);", + " if(v.split(' ')[1]>100) {", + " pm.response.to.have.status(500);", + " console.error(\"Interim Session Records failed fetch requests.\"); ", + " }", + " }", + " if (v.match(\"kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\\\"FailedProduceRequestsPerSec\\\",topic=\\\"INTERIM-SESSION-RECORD\\\",}\")) {", + " console.log(v);", + " if(v.split(' ')[1]>100) {", + " pm.response.to.have.status(500);", + " console.error(\"Interim Session Records failed produce requests.\"); ", + " }", + " }", + "", + " }", + " pm.response.to.be.status(200);", + "", + "});", + "", + "pm.test(\"Checking ETL status.\", function () {", + " const text = pm.response.text().split('\\n');", + " for (const v of text) {", + " ", + " if (v.match(\"kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\\\"MessagesInPerSec\\\",topic=\\\"INTERIM-SESSION-RECORD-COMPLETED\\\",}\")) {", + " console.log(v);", + " if(v.split(' ')[1]<0.0001) { ", + " console.warn(\"ETL Interim Session Records no data.\");", + " }", + " }", + " if (v.match(\"kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\\\"FailedFetchRequestsPerSec\\\",topic=\\\"INTERIM-SESSION-RECORD-COMPLETED\\\",}\")) {", + " console.log(v);", + " if(v.split(' ')[1]>100) {", + " pm.response.to.have.status(500);", + " console.error(\"ETL Interim Session Records failed fetch requests.\");", + " }", + " }", + " if (v.match(\"kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\\\"FailedProduceRequestsPerSec\\\",topic=\\\"INTERIM-SESSION-RECORD-COMPLETED\\\",}\")) {", + " console.log(v);", + " if(v.split(' ')[1]>100) {", + " pm.response.to.have.status(500);", + " console.error(\"ETL Interim Session Records failed produce requests.\");", + " }", + " }", + "", + " }", + " pm.response.to.be.status(200);", + "", + "});", + "", + "" + ], + "type": "text/javascript" + } + } + ], + "request": { + "method": "GET", + "header": [], + "url": { + "raw": "http://{{kafka_load_ip}}:{{kafka_monitor_port}}", + "protocol": "http", + "host": [ + "{{kafka_load_ip}}" + ], + "port": "{{kafka_monitor_port}}" + }, + "description": "## Kafka Topics\n\n```\n在监控指标结果下,直接复制指标进行查找定位,仅需修改\"topic\"里内容。\n```\n\nTYPE kafka_server_BrokerTopicMetrics_FiveMinuteRate (近5分钟数据情况)\n\n- **判断Topic 写入是否有最新的数据:**\n * kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"ProduceMessageConversionsPerSec\",topic=\"TRAFFIC-METRICS-LOG\",}\n\n * kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"ProduceMessageConversionsPerSec\",topic=\"CONNECTION-RECORD-LOG\",}\n\n * kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"ProduceMessageConversionsPerSec\",topic=\"PROXY-EVENT-LOG\",}\n\n * kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"ProduceMessageConversionsPerSec\",topic=\"SECURITY-EVENT-LOG\",}\n\n- **判断Topic 写入是否异常**\n\n * kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"FailedProduceRequestsPerSec\",topic=\"TRAFFIC-METRICS-LOG\",}\n\n * kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"FailedProduceRequestsPerSec\",topic=\"CONNECTION-RECORD-LOG\",}\n\n * kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"FailedProduceRequestsPerSec\",topic=\"PROXY-EVENT-LOG\",}\n\n * kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"FailedProduceRequestsPerSec\",topic=\"SECURITY-EVENT-LOG\",}\n\n- 判断Topic 读取是否有最新的数据\n\n * kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"FetchMessageConversionsPerSec\",topic=\"TRAFFIC-METRICS-LOG\",}\n * kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"FetchMessageConversionsPerSec\",topic=\"CONNECTION-RECORD-LOG\",}\n * kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"FetchMessageConversionsPerSec\",topic=\"PROXY-EVENT-LOG\",}\n * kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"FetchMessageConversionsPerSec\",topic=\"SECURITY-EVENT-LOG\",}\n\n- 判断Topic 读取是否异常\n\n - kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"FailedFetchRequestsPerSec\",topic=\"TRAFFIC-METRICS-LOG\",}\n - kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"FailedFetchRequestsPerSec\",topic=\"CONNECTION-RECORD-LOG\",}\n - kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"FailedFetchRequestsPerSec\",topic=\"PROXY-EVENT-LOG\",}\n - kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"FailedFetchRequestsPerSec\",topic=\"SECURITY-EVENT-LOG\",}" + }, + "response": [] + }, + { + "name": "事务日志-Topic", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "", + "pm.test(\"Successful request.\", function () {", + " pm.response.to.have.status(200);", + "});", + "", + "pm.test(\"Checking traffic records status.\", function () {", + " const text = pm.response.text().split('\\n');", + " for (const v of text) {", + " ", + " if (v.match(\"kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\\\"MessagesInPerSec\\\",topic=\\\"TRANSACTION-RECORD\\\",}\")) {", + " console.log(v);", + " if(v.split(' ')[1]<0.0001) { ", + " console.warn(\"Transaction Records no data.\"); ", + " }", + " }", + " if (v.match(\"kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\\\"FailedFetchRequestsPerSec\\\",topic=\\\"TRANSACTION-RECORD\\\",}\")) {", + " console.log(v);", + " if(v.split(' ')[1]>100) {", + " pm.response.to.have.status(500);", + " console.error(\"Transaction Records failed fetch requests.\"); ", + "", + " }", + " }", + " if (v.match(\"kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\\\"FailedProduceRequestsPerSec\\\",topic=\\\"TRANSACTION-RECORD\\\",}\")) {", + " console.log(v);", + " if(v.split(' ')[1]>100) {", + " pm.response.to.have.status(500);", + " console.error(\"Transaction Records failed produce requests.\"); ", + " }", + " }", + "", + " }", + " pm.response.to.be.status(200);", + "", + "});", + "", + "pm.test(\"Checking ETL status.\", function () {", + " const text = pm.response.text().split('\\n');", + " for (const v of text) {", + " ", + " if (v.match(\"kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\\\"MessagesInPerSec\\\",topic=\\\"TRANSACTION-RECORD-COMPLETED\\\",}\")) {", + " console.log(v);", + " if(v.split(' ')[1]<0.0001) { ", + " console.warn(\"ETL Transaction Records no data.\");", + " }", + " }", + " if (v.match(\"kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\\\"FailedFetchRequestsPerSec\\\",topic=\\\"TRANSACTION-RECORD-COMPLETED\\\",}\")) {", + " console.log(v);", + " if(v.split(' ')[1]>100) {", + " pm.response.to.have.status(500);", + " console.error(\"ETL Transaction Records failed fetch requests.\");", + "", + " }", + " }", + " if (v.match(\"kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\\\"FailedProduceRequestsPerSec\\\",topic=\\\"TRANSACTION-RECORD-COMPLETED\\\",}\")) {", + " console.log(v);", + " if(v.split(' ')[1]>100) {", + " pm.response.to.have.status(500);", + " console.error(\"ETL Transaction Records failed produce requests.\");", + " }", + " }", + "", + " }", + " pm.response.to.be.status(200);", + "", + "});", + "", + "", + "", + "", + "" + ], + "type": "text/javascript" + } + } + ], + "request": { + "method": "GET", + "header": [], + "url": { + "raw": "http://{{kafka_load_ip}}:{{kafka_monitor_port}}", + "protocol": "http", + "host": [ + "{{kafka_load_ip}}" + ], + "port": "{{kafka_monitor_port}}" + }, + "description": "## Kafka Topics\n\n```\n在监控指标结果下,直接复制指标进行查找定位,仅需修改\"topic\"里内容。\n```\n\nTYPE kafka_server_BrokerTopicMetrics_FiveMinuteRate (近5分钟数据情况)\n\n- **判断Topic 写入是否有最新的数据:**\n * kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"ProduceMessageConversionsPerSec\",topic=\"TRAFFIC-METRICS-LOG\",}\n\n * kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"ProduceMessageConversionsPerSec\",topic=\"CONNECTION-RECORD-LOG\",}\n\n * kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"ProduceMessageConversionsPerSec\",topic=\"PROXY-EVENT-LOG\",}\n\n * kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"ProduceMessageConversionsPerSec\",topic=\"SECURITY-EVENT-LOG\",}\n\n- **判断Topic 写入是否异常**\n\n * kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"FailedProduceRequestsPerSec\",topic=\"TRAFFIC-METRICS-LOG\",}\n\n * kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"FailedProduceRequestsPerSec\",topic=\"CONNECTION-RECORD-LOG\",}\n\n * kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"FailedProduceRequestsPerSec\",topic=\"PROXY-EVENT-LOG\",}\n\n * kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"FailedProduceRequestsPerSec\",topic=\"SECURITY-EVENT-LOG\",}\n\n- 判断Topic 读取是否有最新的数据\n\n * kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"FetchMessageConversionsPerSec\",topic=\"TRAFFIC-METRICS-LOG\",}\n * kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"FetchMessageConversionsPerSec\",topic=\"CONNECTION-RECORD-LOG\",}\n * kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"FetchMessageConversionsPerSec\",topic=\"PROXY-EVENT-LOG\",}\n * kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"FetchMessageConversionsPerSec\",topic=\"SECURITY-EVENT-LOG\",}\n\n- 判断Topic 读取是否异常\n\n - kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"FailedFetchRequestsPerSec\",topic=\"TRAFFIC-METRICS-LOG\",}\n - kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"FailedFetchRequestsPerSec\",topic=\"CONNECTION-RECORD-LOG\",}\n - kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"FailedFetchRequestsPerSec\",topic=\"PROXY-EVENT-LOG\",}\n - kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"FailedFetchRequestsPerSec\",topic=\"SECURITY-EVENT-LOG\",}" + }, + "response": [] + }, + { + "name": "安全事件日志-Topic", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "pm.test(\"Successful request.\", function () {", + " pm.expect(pm.response.code).to.be.oneOf([200,201]);", + "});", + "", + "pm.test(\"Checking traffic records status.\", function () {", + " const text = pm.response.text().split('\\n');", + " for (const v of text) {", + " ", + " if (v.match(\"kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\\\"MessagesInPerSec\\\",topic=\\\"SECURITY-EVENT\\\",}\")) {", + " console.log(v);", + " if(v.split(' ')[1]<0.0001) { ", + " console.warn(\"Security Events no data.\"); ", + " }", + " }", + " if (v.match(\"kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\\\"FailedFetchRequestsPerSec\\\",topic=\\\"SECURITY-EVENT\\\",}\")) {", + " console.log(v);", + " if(v.split(' ')[1]>100) {", + " pm.response.to.have.status(500);", + " console.error(\"Security Events failed fetch requests.\"); ", + "", + " }", + " }", + " if (v.match(\"kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\\\"FailedProduceRequestsPerSec\\\",topic=\\\"SECURITY-EVENT\\\",}\")) {", + " console.log(v);", + " if(v.split(' ')[1]>100) {", + " pm.response.to.have.status(500);", + " console.error(\"Security Events failed produce requests.\"); ", + " }", + " }", + "", + " }", + " pm.response.to.be.status(200);", + "", + "});", + "", + "pm.test(\"Checking ETL status.\", function () {", + " const text = pm.response.text().split('\\n');", + " for (const v of text) {", + " ", + " if (v.match(\"kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\\\"MessagesInPerSec\\\",topic=\\\"SECURITY-EVENT-COMPLETED\\\",}\")) {", + " console.log(v);", + " if(v.split(' ')[1]<0.0001) { ", + " console.warn(\"ETL Security Events no data.\");", + " }", + " }", + " if (v.match(\"kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\\\"FailedFetchRequestsPerSec\\\",topic=\\\"SECURITY-EVENT-COMPLETED\\\",}\")) {", + " console.log(v);", + " if(v.split(' ')[1]>100) {", + " pm.response.to.have.status(500);", + " console.error(\"ETL Security Events failed fetch requests.\");", + "", + " }", + " }", + " if (v.match(\"kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\\\"FailedProduceRequestsPerSec\\\",topic=\\\"SECURITY-EVENT-COMPLETED\\\",}\")) {", + " console.log(v);", + " if(v.split(' ')[1]>100) {", + " pm.response.to.have.status(500);", + " console.error(\"ETL Security Events failed produce requests.\");", + "", + " }", + " }", + "", + " }", + " pm.response.to.be.status(200);", + "", + "});", + "", + "" + ], + "type": "text/javascript" + } + } + ], + "request": { + "method": "GET", + "header": [], + "url": { + "raw": "http://{{kafka_load_ip}}:{{kafka_monitor_port}}", + "protocol": "http", + "host": [ + "{{kafka_load_ip}}" + ], + "port": "{{kafka_monitor_port}}" + }, + "description": "## Kafka Topics\n\n```\n在监控指标结果下,直接复制指标进行查找定位,仅需修改\"topic\"里内容。\n```\n\nTYPE kafka_server_BrokerTopicMetrics_FiveMinuteRate (近5分钟数据情况)\n\n- **判断Topic 写入是否有最新的数据:**\n * kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"ProduceMessageConversionsPerSec\",topic=\"TRAFFIC-METRICS-LOG\",}\n\n * kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"ProduceMessageConversionsPerSec\",topic=\"CONNECTION-RECORD-LOG\",}\n\n * kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"ProduceMessageConversionsPerSec\",topic=\"PROXY-EVENT-LOG\",}\n\n * kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"ProduceMessageConversionsPerSec\",topic=\"SECURITY-EVENT-LOG\",}\n\n- **判断Topic 写入是否异常**\n\n * kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"FailedProduceRequestsPerSec\",topic=\"TRAFFIC-METRICS-LOG\",}\n\n * kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"FailedProduceRequestsPerSec\",topic=\"CONNECTION-RECORD-LOG\",}\n\n * kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"FailedProduceRequestsPerSec\",topic=\"PROXY-EVENT-LOG\",}\n\n * kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"FailedProduceRequestsPerSec\",topic=\"SECURITY-EVENT-LOG\",}\n\n- 判断Topic 读取是否有最新的数据\n\n * kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"FetchMessageConversionsPerSec\",topic=\"TRAFFIC-METRICS-LOG\",}\n * kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"FetchMessageConversionsPerSec\",topic=\"CONNECTION-RECORD-LOG\",}\n * kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"FetchMessageConversionsPerSec\",topic=\"PROXY-EVENT-LOG\",}\n * kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"FetchMessageConversionsPerSec\",topic=\"SECURITY-EVENT-LOG\",}\n\n- 判断Topic 读取是否异常\n\n - kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"FailedFetchRequestsPerSec\",topic=\"TRAFFIC-METRICS-LOG\",}\n - kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"FailedFetchRequestsPerSec\",topic=\"CONNECTION-RECORD-LOG\",}\n - kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"FailedFetchRequestsPerSec\",topic=\"PROXY-EVENT-LOG\",}\n - kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"FailedFetchRequestsPerSec\",topic=\"SECURITY-EVENT-LOG\",}" + }, + "response": [] + }, + { + "name": "代理事件日志-Topic", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "pm.test(\"Successful request.\", function () {", + " pm.expect(pm.response.code).to.be.oneOf([200,201]);", + "});", + "", + "pm.test(\"Checking traffic records status.\", function () {", + " const text = pm.response.text().split('\\n');", + " for (const v of text) {", + " ", + " if (v.match(\"kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\\\"MessagesInPerSec\\\",topic=\\\"PROXY-EVENT\\\",}\")) {", + " console.log(v);", + " if(v.split(' ')[1]<0.0001) { ", + " console.warn(\"Proxy Events no data.\"); ", + " }", + " }", + " if (v.match(\"kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\\\"FailedFetchRequestsPerSec\\\",topic=\\\"PROXY-EVENT\\\",}\")) {", + " console.log(v);", + " if(v.split(' ')[1]>100) {", + " pm.response.to.have.status(500);", + " console.error(\"Proxy Events failed fetch requests.\"); ", + "", + " }", + " }", + " if (v.match(\"kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\\\"FailedProduceRequestsPerSec\\\",topic=\\\"PROXY-EVENT\\\",}\")) {", + " console.log(v);", + " if(v.split(' ')[1]>100) {", + " pm.response.to.have.status(500);", + " console.error(\"Proxy Events failed produce requests.\"); ", + " }", + " }", + "", + " }", + " pm.response.to.be.status(200);", + "", + "});", + "", + "pm.test(\"Checking ETL status.\", function () {", + " const text = pm.response.text().split('\\n');", + " for (const v of text) {", + " ", + " if (v.match(\"kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\\\"MessagesInPerSec\\\",topic=\\\"PROXY-EVENT-COMPLETED\\\",}\")) {", + " console.log(v);", + " if(v.split(' ')[1]<0.0001) { ", + " console.warn(\"ETL Proxy Events no data.\");", + " }", + " }", + " if (v.match(\"kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\\\"FailedFetchRequestsPerSec\\\",topic=\\\"PROXY-EVENT-COMPLETED\\\",}\")) {", + " console.log(v);", + " if(v.split(' ')[1]>100) {", + " pm.response.to.have.status(500);", + " console.error(\"ETL Proxy Events failed fetch requests.\");", + "", + " }", + " }", + " if (v.match(\"kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\\\"FailedProduceRequestsPerSec\\\",topic=\\\"PROXY-EVENT-COMPLETED\\\",}\")) {", + " console.log(v);", + " if(v.split(' ')[1]>100) {", + " pm.response.to.have.status(500);", + " console.error(\"ETL Proxy Events failed produce requests.\");", + "", + " }", + " }", + "", + " }", + " pm.response.to.be.status(200);", + "", + "});", + "", + "" + ], + "type": "text/javascript" + } + } + ], + "request": { + "method": "GET", + "header": [], + "url": { + "raw": "http://{{kafka_load_ip}}:{{kafka_monitor_port}}", + "protocol": "http", + "host": [ + "{{kafka_load_ip}}" + ], + "port": "{{kafka_monitor_port}}" + }, + "description": "## Kafka Topics\n\n```\n在监控指标结果下,直接复制指标进行查找定位,仅需修改\"topic\"里内容。\n```\n\nTYPE kafka_server_BrokerTopicMetrics_FiveMinuteRate (近5分钟数据情况)\n\n- **判断Topic 写入是否有最新的数据:**\n * kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"ProduceMessageConversionsPerSec\",topic=\"TRAFFIC-METRICS-LOG\",}\n\n * kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"ProduceMessageConversionsPerSec\",topic=\"CONNECTION-RECORD-LOG\",}\n\n * kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"ProduceMessageConversionsPerSec\",topic=\"PROXY-EVENT-LOG\",}\n\n * kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"ProduceMessageConversionsPerSec\",topic=\"SECURITY-EVENT-LOG\",}\n\n- **判断Topic 写入是否异常**\n\n * kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"FailedProduceRequestsPerSec\",topic=\"TRAFFIC-METRICS-LOG\",}\n\n * kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"FailedProduceRequestsPerSec\",topic=\"CONNECTION-RECORD-LOG\",}\n\n * kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"FailedProduceRequestsPerSec\",topic=\"PROXY-EVENT-LOG\",}\n\n * kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"FailedProduceRequestsPerSec\",topic=\"SECURITY-EVENT-LOG\",}\n\n- 判断Topic 读取是否有最新的数据\n\n * kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"FetchMessageConversionsPerSec\",topic=\"TRAFFIC-METRICS-LOG\",}\n * kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"FetchMessageConversionsPerSec\",topic=\"CONNECTION-RECORD-LOG\",}\n * kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"FetchMessageConversionsPerSec\",topic=\"PROXY-EVENT-LOG\",}\n * kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"FetchMessageConversionsPerSec\",topic=\"SECURITY-EVENT-LOG\",}\n\n- 判断Topic 读取是否异常\n\n - kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"FailedFetchRequestsPerSec\",topic=\"TRAFFIC-METRICS-LOG\",}\n - kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"FailedFetchRequestsPerSec\",topic=\"CONNECTION-RECORD-LOG\",}\n - kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"FailedFetchRequestsPerSec\",topic=\"PROXY-EVENT-LOG\",}\n - kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"FailedFetchRequestsPerSec\",topic=\"SECURITY-EVENT-LOG\",}" + }, + "response": [] + }, + { + "name": "VoIP日志-Topic", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "pm.test(\"Successful request.\", function () {", + " pm.expect(pm.response.code).to.be.oneOf([200,201]);", + "});", + "", + "pm.test(\"Checking Traffic Records status.\", function () {", + " const text = pm.response.text().split('\\n');", + " for (const v of text) {", + " ", + " if (v.match(\"kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\\\"MessagesInPerSec\\\",topic=\\\"VOIP-RECORD\\\",}\")) {", + " console.log(v);", + " if(v.split(' ')[1]<=0.0001) { ", + " console.warn(\"VoIP Records no data.\"); ", + " }", + " }", + " if (v.match(\"kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\\\"FailedFetchRequestsPerSec\\\",topic=\\\"VOIP-RECORD\\\",}\")) {", + " console.log(v);", + " if(v.split(' ')[1]>100) {", + " pm.response.to.have.status(500);", + " console.error(\"VoIP Records failed fetch Requests.\"); ", + " }", + " }", + " if (v.match(\"kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\\\"FailedProduceRequestsPerSec\\\",topic=\\\"VOIP-RECORD\\\",}\")) {", + " console.log(v);", + " if(v.split(' ')[1]>100) {", + " pm.response.to.have.status(500);", + " console.error(\"VoIP Records failed produce Requests.\"); ", + " }", + " }", + "", + " }", + " pm.response.to.be.status(200);", + "", + "});", + "", + "pm.test(\"Checking ETL status.\", function () {", + " const text = pm.response.text().split('\\n');", + " for (const v of text) {", + " ", + " if (v.match(\"kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\\\"MessagesInPerSec\\\",topic=\\\"VOIP-RECORD-COMPLETED\\\",}\")) {", + " console.log(v);", + " if(v.split(' ')[1]<0.0001) { ", + " console.warn(\"ETL VoIP Records ETL no data.\"); ", + " }", + " }", + " if (v.match(\"kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\\\"FailedFetchRequestsPerSec\\\",topic=\\\"VOIP-RECORD-COMPLETED\\\",}\")) {", + " console.log(v);", + " if(v.split(' ')[1]>100) {", + " pm.response.to.have.status(500);", + " console.error(\"ETL VoIP Records failed fetch Requests.\"); ", + " }", + " }", + " if (v.match(\"kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\\\"FailedProduceRequestsPerSec\\\",topic=\\\"VOIP-RECORD-COMPLETED\\\",}\")) {", + " console.log(v);", + " if(v.split(' ')[1]>100) {", + " pm.response.to.have.status(500);", + " console.error(\"ETL VoIP Records failed produce Requests.\"); ", + " }", + " }", + "", + " }", + " pm.response.to.be.status(200);", + "", + "});", + "", + "pm.test(\"Checking VoIP Conversation status.\", function () {", + " const text = pm.response.text().split('\\n');", + " for (const v of text) {", + " ", + " if (v.match(\"kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\\\"MessagesInPerSec\\\",topic=\\\"VOIP-CONVERSATION-RECORD\\\",}\")) {", + " console.log(v);", + " if(v.split(' ')[1]<0.0001) { ", + " console.warn(\"VoIP Conversation no data.\"); ", + " }", + " }", + " if (v.match(\"kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\\\"FailedFetchRequestsPerSec\\\",topic=\\\"VOIP-CONVERSATION-RECORD\\\",}\")) {", + " console.log(v);", + " if(v.split(' ')[1]>100) {", + " pm.response.to.have.status(500);", + " console.error(\"VoIP Conversation failed fetch Requests.\"); ", + " }", + " }", + " if (v.match(\"kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\\\"FailedProduceRequestsPerSec\\\",topic=\\\"VOIP-CONVERSATION-RECORD\\\",}\")) {", + " console.log(v);", + " if(v.split(' ')[1]>100) {", + " pm.response.to.have.status(500);", + " console.error(\"VoIP Conversation failed produce Requests.\"); ", + " }", + " }", + "", + " }", + " pm.response.to.be.status(200);", + "", + "});", + "" + ], + "type": "text/javascript" + } + } + ], + "request": { + "method": "GET", + "header": [], + "url": { + "raw": "http://{{kafka_load_ip}}:{{kafka_monitor_port}}", + "protocol": "http", + "host": [ + "{{kafka_load_ip}}" + ], + "port": "{{kafka_monitor_port}}" + }, + "description": "## Kafka Topics\n\n```\n在监控指标结果下,直接复制指标进行查找定位,仅需修改\"topic\"里内容。\n```\n\nTYPE kafka_server_BrokerTopicMetrics_FiveMinuteRate (近5分钟数据情况)\n\n- **判断Topic 写入是否有最新的数据:**\n * kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"ProduceMessageConversionsPerSec\",topic=\"TRAFFIC-METRICS-LOG\",}\n\n * kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"ProduceMessageConversionsPerSec\",topic=\"CONNECTION-RECORD-LOG\",}\n\n * kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"ProduceMessageConversionsPerSec\",topic=\"PROXY-EVENT-LOG\",}\n\n * kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"ProduceMessageConversionsPerSec\",topic=\"SECURITY-EVENT-LOG\",}\n\n- **判断Topic 写入是否异常**\n\n * kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"FailedProduceRequestsPerSec\",topic=\"TRAFFIC-METRICS-LOG\",}\n\n * kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"FailedProduceRequestsPerSec\",topic=\"CONNECTION-RECORD-LOG\",}\n\n * kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"FailedProduceRequestsPerSec\",topic=\"PROXY-EVENT-LOG\",}\n\n * kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"FailedProduceRequestsPerSec\",topic=\"SECURITY-EVENT-LOG\",}\n\n- 判断Topic 读取是否有最新的数据\n\n * kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"FetchMessageConversionsPerSec\",topic=\"TRAFFIC-METRICS-LOG\",}\n * kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"FetchMessageConversionsPerSec\",topic=\"CONNECTION-RECORD-LOG\",}\n * kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"FetchMessageConversionsPerSec\",topic=\"PROXY-EVENT-LOG\",}\n * kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"FetchMessageConversionsPerSec\",topic=\"SECURITY-EVENT-LOG\",}\n\n- 判断Topic 读取是否异常\n\n - kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"FailedFetchRequestsPerSec\",topic=\"TRAFFIC-METRICS-LOG\",}\n - kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"FailedFetchRequestsPerSec\",topic=\"CONNECTION-RECORD-LOG\",}\n - kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"FailedFetchRequestsPerSec\",topic=\"PROXY-EVENT-LOG\",}\n - kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"FailedFetchRequestsPerSec\",topic=\"SECURITY-EVENT-LOG\",}" + }, + "response": [] + }, + { + "name": "Radius日志-Topic", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "pm.test(\"Successful request.\", function () {", + " pm.response.to.have.status(200);", + "});", + "", + "pm.test(\"Checking traffic records status.\", function () {", + " const text = pm.response.text().split('\\n');", + " for (const v of text) {", + " if (v.match(\"kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\\\"MessagesInPerSec\\\",topic=\\\"RADIUS-RECORD\\\",}\")) {", + " console.log(v);", + " if(v.split(' ')[1]<0.0001) { ", + " console.warn(\"Radius Records no data.\");", + "", + " }", + " }", + " if (v.match(\"kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\\\"FailedFetchRequestsPerSec\\\",topic=\\\"RADIUS-RECORD\\\",}\")) {", + " console.log(v);", + " if(v.split(' ')[1]>100) {", + " pm.response.to.have.status(500);", + " console.error(\"Radius Records failed fetch requests.\"); ", + "", + " }", + " }", + " if (v.match(\"kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\\\"FailedProduceRequestsPerSec\\\",topic=\\\"RADIUS-RECORD\\\",}\")) {", + " console.log(v);", + " if(v.split(' ')[1]>100) {", + " pm.response.to.have.status(500);", + " console.error(\"Radius Records failed produce requests.\"); ", + " }", + " }", + "", + " }", + " pm.response.to.be.status(200);", + "", + "});", + "", + "pm.test(\"Checking ETL status.\", function () {", + " const text = pm.response.text().split('\\n');", + " for (const v of text) {", + " ", + " if (v.match(\"kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\\\"MessagesInPerSec\\\",topic=\\\"RADIUS-RECORD-COMPLETED\\\",}\")) {", + " console.log(v);", + " if(v.split(' ')[1]<0.0001) { ", + " console.warn(\"ETL Radius Records no data.\");", + "", + " }", + " }", + " if (v.match(\"kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\\\"FailedFetchRequestsPerSec\\\",topic=\\\"RADIUS-RECORD-COMPLETED\\\",}\")) {", + " console.log(v);", + " if(v.split(' ')[1]>100) {", + " pm.response.to.have.status(500);", + " console.error(\"Radius Records failed fetch requests.\"); ", + "", + " }", + " }", + " if (v.match(\"kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\\\"FailedProduceRequestsPerSec\\\",topic=\\\"RADIUS-RECORD-COMPLETED\\\",}\")) {", + " console.log(v);", + " if(v.split(' ')[1]>100) {", + " pm.response.to.have.status(500);", + " console.error(\"Radius Records failed produce requests.\"); ", + " }", + " }", + "", + " }", + " pm.response.to.be.status(200);", + "", + "});", + "", + "" + ], + "type": "text/javascript" + } + } + ], + "request": { + "method": "GET", + "header": [], + "url": { + "raw": "http://{{kafka_load_ip}}:{{kafka_monitor_port}}", + "protocol": "http", + "host": [ + "{{kafka_load_ip}}" + ], + "port": "{{kafka_monitor_port}}" + }, + "description": "## Kafka Topics\n\n```\n在监控指标结果下,直接复制指标进行查找定位,仅需修改\"topic\"里内容。\n```\n\nTYPE kafka_server_BrokerTopicMetrics_FiveMinuteRate (近5分钟数据情况)\n\n- **判断Topic 写入是否有最新的数据:**\n * kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"ProduceMessageConversionsPerSec\",topic=\"TRAFFIC-METRICS-LOG\",}\n\n * kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"ProduceMessageConversionsPerSec\",topic=\"CONNECTION-RECORD-LOG\",}\n\n * kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"ProduceMessageConversionsPerSec\",topic=\"PROXY-EVENT-LOG\",}\n\n * kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"ProduceMessageConversionsPerSec\",topic=\"SECURITY-EVENT-LOG\",}\n\n- **判断Topic 写入是否异常**\n\n * kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"FailedProduceRequestsPerSec\",topic=\"TRAFFIC-METRICS-LOG\",}\n\n * kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"FailedProduceRequestsPerSec\",topic=\"CONNECTION-RECORD-LOG\",}\n\n * kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"FailedProduceRequestsPerSec\",topic=\"PROXY-EVENT-LOG\",}\n\n * kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"FailedProduceRequestsPerSec\",topic=\"SECURITY-EVENT-LOG\",}\n\n- 判断Topic 读取是否有最新的数据\n\n * kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"FetchMessageConversionsPerSec\",topic=\"TRAFFIC-METRICS-LOG\",}\n * kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"FetchMessageConversionsPerSec\",topic=\"CONNECTION-RECORD-LOG\",}\n * kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"FetchMessageConversionsPerSec\",topic=\"PROXY-EVENT-LOG\",}\n * kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"FetchMessageConversionsPerSec\",topic=\"SECURITY-EVENT-LOG\",}\n\n- 判断Topic 读取是否异常\n\n - kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"FailedFetchRequestsPerSec\",topic=\"TRAFFIC-METRICS-LOG\",}\n - kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"FailedFetchRequestsPerSec\",topic=\"CONNECTION-RECORD-LOG\",}\n - kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"FailedFetchRequestsPerSec\",topic=\"PROXY-EVENT-LOG\",}\n - kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"FailedFetchRequestsPerSec\",topic=\"SECURITY-EVENT-LOG\",}" + }, + "response": [] + }, + { + "name": "GTP-C日志-Topic", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "pm.test(\"Successful request.\", function () {", + " pm.expect(pm.response.code).to.be.oneOf([200,201]);", + "});", + "", + "pm.test(\"Checking traffic records status.\", function () {", + " const text = pm.response.text().split('\\n');", + " for (const v of text) {", + " if (v.match(\"kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\\\"MessagesInPerSec\\\",topic=\\\"GTPC-RECORD\\\",}\")) {", + " console.log(v);", + " if(v.split(' ')[1]<0.0001) { ", + " console.warn(\"GTP-C Records no data.\"); ", + " }", + " }", + " if (v.match(\"kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\\\"FailedFetchRequestsPerSec\\\",topic=\\\"GTPC-RECORD\\\",}\")) {", + " console.log(v);", + " if(v.split(' ')[1]>100) {", + " pm.response.to.have.status(500);", + " console.error(\"GTP-C Records failed fetch requests.\"); ", + "", + " }", + " }", + " if (v.match(\"kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\\\"FailedProduceRequestsPerSec\\\",topic=\\\"GTPC-RECORD\\\",}\")) {", + " console.log(v);", + " if(v.split(' ')[1]>100) {", + " pm.response.to.have.status(500);", + " console.error(\"GTP-C Records failed produce requests.\"); ", + " }", + " }", + "", + " }", + " pm.response.to.be.status(200);", + "", + "});", + "", + "pm.test(\"Checking ETL status.\", function () {", + " const text = pm.response.text().split('\\n');", + " for (const v of text) {", + " ", + " if (v.match(\"kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\\\"MessagesInPerSec\\\",topic=\\\"GTPC-RECORD-COMPLETED\\\",}\")) {", + " console.log(v);", + " if(v.split(' ')[1]<0.0001) { ", + " console.warn(\"ETL GTP-C Records no data.\");", + " }", + " }", + " if (v.match(\"kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\\\"FailedFetchRequestsPerSec\\\",topic=\\\"GTPC-RECORD-COMPLETED\\\",}\")) {", + " console.log(v);", + " if(v.split(' ')[1]>100) {", + " pm.response.to.have.status(500);", + " console.error(\"ETL GTP-C Records failed fetch requests.\"); ", + "", + " }", + " }", + " if (v.match(\"kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\\\"FailedProduceRequestsPerSec\\\",topic=\\\"GTPC-RECORD-COMPLETED\\\",}\")) {", + " console.log(v);", + " if(v.split(' ')[1]>100) {", + " pm.response.to.have.status(500);", + " console.error(\"ETL GTP-C Records failed produce requests.\"); ", + "", + " }", + " }", + "", + " }", + " pm.response.to.be.status(200);", + "", + "});", + "" + ], + "type": "text/javascript" + } + } + ], + "request": { + "method": "GET", + "header": [], + "url": { + "raw": "http://{{kafka_load_ip}}:{{kafka_monitor_port}}", + "protocol": "http", + "host": [ + "{{kafka_load_ip}}" + ], + "port": "{{kafka_monitor_port}}" + }, + "description": "## Kafka Topics\n\n```\n在监控指标结果下,直接复制指标进行查找定位,仅需修改\"topic\"里内容。\n```\n\nTYPE kafka_server_BrokerTopicMetrics_FiveMinuteRate (近5分钟数据情况)\n\n- **判断Topic 写入是否有最新的数据:**\n * kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"ProduceMessageConversionsPerSec\",topic=\"TRAFFIC-METRICS-LOG\",}\n\n * kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"ProduceMessageConversionsPerSec\",topic=\"CONNECTION-RECORD-LOG\",}\n\n * kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"ProduceMessageConversionsPerSec\",topic=\"PROXY-EVENT-LOG\",}\n\n * kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"ProduceMessageConversionsPerSec\",topic=\"SECURITY-EVENT-LOG\",}\n\n- **判断Topic 写入是否异常**\n\n * kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"FailedProduceRequestsPerSec\",topic=\"TRAFFIC-METRICS-LOG\",}\n\n * kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"FailedProduceRequestsPerSec\",topic=\"CONNECTION-RECORD-LOG\",}\n\n * kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"FailedProduceRequestsPerSec\",topic=\"PROXY-EVENT-LOG\",}\n\n * kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"FailedProduceRequestsPerSec\",topic=\"SECURITY-EVENT-LOG\",}\n\n- 判断Topic 读取是否有最新的数据\n\n * kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"FetchMessageConversionsPerSec\",topic=\"TRAFFIC-METRICS-LOG\",}\n * kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"FetchMessageConversionsPerSec\",topic=\"CONNECTION-RECORD-LOG\",}\n * kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"FetchMessageConversionsPerSec\",topic=\"PROXY-EVENT-LOG\",}\n * kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"FetchMessageConversionsPerSec\",topic=\"SECURITY-EVENT-LOG\",}\n\n- 判断Topic 读取是否异常\n\n - kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"FailedFetchRequestsPerSec\",topic=\"TRAFFIC-METRICS-LOG\",}\n - kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"FailedFetchRequestsPerSec\",topic=\"CONNECTION-RECORD-LOG\",}\n - kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"FailedFetchRequestsPerSec\",topic=\"PROXY-EVENT-LOG\",}\n - kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"FailedFetchRequestsPerSec\",topic=\"SECURITY-EVENT-LOG\",}" + }, + "response": [] + }, + { + "name": "系统捕包事件日志-Topic", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "pm.test(\"Successful request.\", function () {", + " pm.expect(pm.response.code).to.be.oneOf([200,201]);", + "});", + "", + "pm.test(\"Checking traffic records status.\", function () {", + " const text = pm.response.text().split('\\n');", + " for (const v of text) {", + " if (v.match(\"kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\\\"MessagesInPerSec\\\",topic=\\\"SYS-PACKET-CAPTURE-EVENT\\\",}\")) {", + " console.log(v);", + " if(v.split(' ')[1]<0.0001) { ", + " console.warn(\"Packet Capture Events no data.\");", + " }", + " }", + " if (v.match(\"kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\\\"FailedFetchRequestsPerSec\\\",topic=\\\"SYS-PACKET-CAPTURE-EVENT\\\",}\")) {", + " console.log(v);", + " if(v.split(' ')[1]>100) {", + " pm.response.to.have.status(500);", + " console.error(\"Packet Capture Events failed fetch requests.\"); ", + "", + " }", + " }", + " if (v.match(\"kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\\\"FailedProduceRequestsPerSec\\\",topic=\\\"SYS-PACKET-CAPTURE-EVENT\\\",}\")) {", + " console.log(v);", + " if(v.split(' ')[1]>100) {", + " pm.response.to.have.status(500);", + " console.error(\"Packet Capture Events failed produce requests.\"); ", + "", + " }", + " }", + "", + " }", + " pm.response.to.be.status(200);", + "", + "});", + "", + "pm.test(\"Checking Traffic Records status.\", function () {", + " const text = pm.response.text().split('\\n');", + " for (const v of text) {", + " if (v.match(\"kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\\\"MessagesInPerSec\\\",topic=\\\"SYS-PACKET-CAPTURE-EVENT-COMPLETED\\\",}\")) {", + " console.log(v);", + " if(v.split(' ')[1]<0.0001) { ", + " console.warn(\"ETL Packet Capture Events no data.\");", + " }", + " }", + " if (v.match(\"kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\\\"FailedFetchRequestsPerSec\\\",topic=\\\"SYS-PACKET-CAPTURE-EVENT-COMPLETED\\\",}\")) {", + " console.log(v);", + " if(v.split(' ')[1]>100) {", + " pm.response.to.have.status(500);", + " console.error(\"ETL Packet Capture Events failed fetch requests.\");", + " }", + " }", + " if (v.match(\"kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\\\"FailedProduceRequestsPerSec\\\",topic=\\\"SYS-PACKET-CAPTURE-EVENT-COMPLETED\\\",}\")) {", + " console.log(v);", + " if(v.split(' ')[1]>100) {", + " pm.response.to.have.status(500);", + " console.error(\"ETL Packet Capture Events failed produce requests.\"); ", + "", + " }", + " }", + "", + " }", + " pm.response.to.be.status(200);", + "", + "});", + "" + ], + "type": "text/javascript" + } + } + ], + "request": { + "method": "GET", + "header": [], + "url": { + "raw": "http://{{kafka_load_ip}}:{{kafka_monitor_port}}", + "protocol": "http", + "host": [ + "{{kafka_load_ip}}" + ], + "port": "{{kafka_monitor_port}}" + }, + "description": "## Kafka Topics\n\n```\n在监控指标结果下,直接复制指标进行查找定位,仅需修改\"topic\"里内容。\n```\n\nTYPE kafka_server_BrokerTopicMetrics_FiveMinuteRate (近5分钟数据情况)\n\n- **判断Topic 写入是否有最新的数据:**\n * kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"ProduceMessageConversionsPerSec\",topic=\"TRAFFIC-METRICS-LOG\",}\n\n * kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"ProduceMessageConversionsPerSec\",topic=\"CONNECTION-RECORD-LOG\",}\n\n * kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"ProduceMessageConversionsPerSec\",topic=\"PROXY-EVENT-LOG\",}\n\n * kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"ProduceMessageConversionsPerSec\",topic=\"SECURITY-EVENT-LOG\",}\n\n- **判断Topic 写入是否异常**\n\n * kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"FailedProduceRequestsPerSec\",topic=\"TRAFFIC-METRICS-LOG\",}\n\n * kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"FailedProduceRequestsPerSec\",topic=\"CONNECTION-RECORD-LOG\",}\n\n * kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"FailedProduceRequestsPerSec\",topic=\"PROXY-EVENT-LOG\",}\n\n * kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"FailedProduceRequestsPerSec\",topic=\"SECURITY-EVENT-LOG\",}\n\n- 判断Topic 读取是否有最新的数据\n\n * kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"FetchMessageConversionsPerSec\",topic=\"TRAFFIC-METRICS-LOG\",}\n * kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"FetchMessageConversionsPerSec\",topic=\"CONNECTION-RECORD-LOG\",}\n * kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"FetchMessageConversionsPerSec\",topic=\"PROXY-EVENT-LOG\",}\n * kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"FetchMessageConversionsPerSec\",topic=\"SECURITY-EVENT-LOG\",}\n\n- 判断Topic 读取是否异常\n\n - kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"FailedFetchRequestsPerSec\",topic=\"TRAFFIC-METRICS-LOG\",}\n - kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"FailedFetchRequestsPerSec\",topic=\"CONNECTION-RECORD-LOG\",}\n - kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"FailedFetchRequestsPerSec\",topic=\"PROXY-EVENT-LOG\",}\n - kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"FailedFetchRequestsPerSec\",topic=\"SECURITY-EVENT-LOG\",}" + }, + "response": [] + }, + { + "name": "流量Metrics-Topic", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "pm.test(\"Successful request.\", function () {", + " pm.expect(pm.response.code).to.be.oneOf([200,201]);", + "});", + "", + "pm.test(\"Checking Checking traffic records status.\", function () {", + " const text = pm.response.text().split('\\n');", + " for (const v of text) {", + " if (v.match(\"kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\\\"MessagesInPerSec\\\",topic=\\\"TRAFFIC-METRICS\\\",}\")) {", + " console.log(v);", + " if(v.split(' ')[1]<0.0001) { ", + " console.warn(\"Traffic Metrics no data.\"); ", + "", + " }", + " }", + " if (v.match(\"kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\\\"FailedFetchRequestsPerSec\\\",topic=\\\"TRAFFIC-METRICS\\\",}\")) {", + " console.log(v);", + " if(v.split(' ')[1]>100) {", + " pm.response.to.have.status(500);", + " console.error(\"Traffic Metrics failed fetch requests.\"); ", + "", + " }", + " }", + " if (v.match(\"kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\\\"FailedProduceRequestsPerSec\\\",topic=\\\"TRAFFIC-METRICS\\\",}\")) {", + " console.log(v);", + " if(v.split(' ')[1]>100) {", + " pm.response.to.have.status(500);", + " console.error(\"Traffic Metrics failed produce requests.\"); ", + "", + " }", + " }", + "", + " }", + " pm.response.to.be.status(200);", + "", + "});", + "", + "" + ], + "type": "text/javascript" + } + } + ], + "request": { + "method": "GET", + "header": [], + "url": { + "raw": "http://{{kafka_load_ip}}:{{kafka_monitor_port}}", + "protocol": "http", + "host": [ + "{{kafka_load_ip}}" + ], + "port": "{{kafka_monitor_port}}" + }, + "description": "## Kafka Topics\n\n```\n在监控指标结果下,直接复制指标进行查找定位,仅需修改\"topic\"里内容。\n```\n\nTYPE kafka_server_BrokerTopicMetrics_FiveMinuteRate (近5分钟数据情况)\n\n- **判断Topic 写入是否有最新的数据:**\n * kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"ProduceMessageConversionsPerSec\",topic=\"TRAFFIC-METRICS-LOG\",}\n\n * kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"ProduceMessageConversionsPerSec\",topic=\"CONNECTION-RECORD-LOG\",}\n\n * kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"ProduceMessageConversionsPerSec\",topic=\"PROXY-EVENT-LOG\",}\n\n * kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"ProduceMessageConversionsPerSec\",topic=\"SECURITY-EVENT-LOG\",}\n\n- **判断Topic 写入是否异常**\n\n * kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"FailedProduceRequestsPerSec\",topic=\"TRAFFIC-METRICS-LOG\",}\n\n * kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"FailedProduceRequestsPerSec\",topic=\"CONNECTION-RECORD-LOG\",}\n\n * kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"FailedProduceRequestsPerSec\",topic=\"PROXY-EVENT-LOG\",}\n\n * kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"FailedProduceRequestsPerSec\",topic=\"SECURITY-EVENT-LOG\",}\n\n- 判断Topic 读取是否有最新的数据\n\n * kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"FetchMessageConversionsPerSec\",topic=\"TRAFFIC-METRICS-LOG\",}\n * kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"FetchMessageConversionsPerSec\",topic=\"CONNECTION-RECORD-LOG\",}\n * kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"FetchMessageConversionsPerSec\",topic=\"PROXY-EVENT-LOG\",}\n * kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"FetchMessageConversionsPerSec\",topic=\"SECURITY-EVENT-LOG\",}\n\n- 判断Topic 读取是否异常\n\n - kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"FailedFetchRequestsPerSec\",topic=\"TRAFFIC-METRICS-LOG\",}\n - kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"FailedFetchRequestsPerSec\",topic=\"CONNECTION-RECORD-LOG\",}\n - kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"FailedFetchRequestsPerSec\",topic=\"PROXY-EVENT-LOG\",}\n - kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"FailedFetchRequestsPerSec\",topic=\"SECURITY-EVENT-LOG\",}" + }, + "response": [] + }, + { + "name": "存储配额-Topic", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "pm.test(\"Successful request.\", function () {", + " pm.expect(pm.response.code).to.be.oneOf([200,201]);", + "});", + "", + "pm.test(\"Checking traffic records status.\", function () {", + " const text = pm.response.text().split('\\n');", + " for (const v of text) {", + " if (v.match(\"kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\\\"MessagesInPerSec\\\",topic=\\\"SYS-STORAGE-LOG\\\",}\")) {", + " console.log(v);", + " if(v.split(' ')[1]<0.0001) { ", + " console.warn(\"System storage no data.\"); ", + "", + " }", + " }", + " if (v.match(\"kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\\\"FailedFetchRequestsPerSec\\\",topic=\\\"SYS-STORAGE-LOG\\\",}\")) {", + " console.log(v);", + " if(v.split(' ')[1]>100) {", + " pm.response.to.have.status(500);", + " console.error(\"System storage failed fetch requests.\"); ", + "", + " }", + " }", + " if (v.match(\"kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\\\"FailedProduceRequestsPerSec\\\",topic=\\\"SYS-STORAGE-LOG\\\",}\")) {", + " console.log(v);", + " if(v.split(' ')[1]>100) {", + " pm.response.to.have.status(500);", + " console.error(\"System storage failed produce requests.\"); ", + "", + " }", + " }", + "", + " }", + " pm.response.to.be.status(200);", + "", + "});", + "", + "", + "" + ], + "type": "text/javascript" + } + } + ], + "request": { + "method": "GET", + "header": [], + "url": { + "raw": "http://{{kafka_load_ip}}:{{kafka_monitor_port}}", + "protocol": "http", + "host": [ + "{{kafka_load_ip}}" + ], + "port": "{{kafka_monitor_port}}" + }, + "description": "## Kafka Topics\n\n```\n在监控指标结果下,直接复制指标进行查找定位,仅需修改\"topic\"里内容。\n```\n\nTYPE kafka_server_BrokerTopicMetrics_FiveMinuteRate (近5分钟数据情况)\n\n- **判断Topic 写入是否有最新的数据:**\n * kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"ProduceMessageConversionsPerSec\",topic=\"TRAFFIC-METRICS-LOG\",}\n\n * kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"ProduceMessageConversionsPerSec\",topic=\"CONNECTION-RECORD-LOG\",}\n\n * kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"ProduceMessageConversionsPerSec\",topic=\"PROXY-EVENT-LOG\",}\n\n * kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"ProduceMessageConversionsPerSec\",topic=\"SECURITY-EVENT-LOG\",}\n\n- **判断Topic 写入是否异常**\n\n * kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"FailedProduceRequestsPerSec\",topic=\"TRAFFIC-METRICS-LOG\",}\n\n * kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"FailedProduceRequestsPerSec\",topic=\"CONNECTION-RECORD-LOG\",}\n\n * kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"FailedProduceRequestsPerSec\",topic=\"PROXY-EVENT-LOG\",}\n\n * kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"FailedProduceRequestsPerSec\",topic=\"SECURITY-EVENT-LOG\",}\n\n- 判断Topic 读取是否有最新的数据\n\n * kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"FetchMessageConversionsPerSec\",topic=\"TRAFFIC-METRICS-LOG\",}\n * kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"FetchMessageConversionsPerSec\",topic=\"CONNECTION-RECORD-LOG\",}\n * kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"FetchMessageConversionsPerSec\",topic=\"PROXY-EVENT-LOG\",}\n * kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"FetchMessageConversionsPerSec\",topic=\"SECURITY-EVENT-LOG\",}\n\n- 判断Topic 读取是否异常\n\n - kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"FailedFetchRequestsPerSec\",topic=\"TRAFFIC-METRICS-LOG\",}\n - kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"FailedFetchRequestsPerSec\",topic=\"CONNECTION-RECORD-LOG\",}\n - kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"FailedFetchRequestsPerSec\",topic=\"PROXY-EVENT-LOG\",}\n - kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"FailedFetchRequestsPerSec\",topic=\"SECURITY-EVENT-LOG\",}" + }, + "response": [] + }, + { + "name": "DoS Sketch日志", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "pm.test(\"Successful request.\", function () {", + " pm.expect(pm.response.code).to.be.oneOf([200,201]);", + "});", + "", + "pm.test(\"Checking traffic records status.\", function () {", + " const text = pm.response.text().split('\\n');", + " for (const v of text) {", + " if (v.match(\"kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\\\"MessagesInPerSec\\\",topic=\\\"DOS-SKETCH-RECORD\\\",}\")) {", + " console.log(v);", + " if(v.split(' ')[1]<0.0001) { ", + " console.warn(\"DoS Sketch no data.\");", + " }", + " }", + " if (v.match(\"kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\\\"FailedFetchRequestsPerSec\\\",topic=\\\"DOS-SKETCH-RECORD\\\",}\")) {", + " console.log(v);", + " if(v.split(' ')[1]>100) {", + " pm.response.to.have.status(500);", + " console.error(\"DoS Sketch failed fetch requests.\"); ", + "", + " }", + " }", + " if (v.match(\"kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\\\"FailedProduceRequestsPerSec\\\",topic=\\\"DOS-SKETCH-RECORD\\\",}\")) {", + " console.log(v);", + " if(v.split(' ')[1]>100) {", + " pm.response.to.have.status(500);", + " console.error(\"DoS Sketch failed produce requests.\"); ", + "", + " }", + " }", + "", + " }", + " pm.response.to.be.status(200);", + "", + "});", + "", + "" + ], + "type": "text/javascript" + } + } + ], + "request": { + "method": "GET", + "header": [], + "url": { + "raw": "http://{{kafka_load_ip}}:{{kafka_monitor_port}}", + "protocol": "http", + "host": [ + "{{kafka_load_ip}}" + ], + "port": "{{kafka_monitor_port}}" + }, + "description": "## Kafka Topics\n\n```\n在监控指标结果下,直接复制指标进行查找定位,仅需修改\"topic\"里内容。\n```\n\nTYPE kafka_server_BrokerTopicMetrics_FiveMinuteRate (近5分钟数据情况)\n\n- **判断Topic 写入是否有最新的数据:**\n * kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"ProduceMessageConversionsPerSec\",topic=\"TRAFFIC-METRICS-LOG\",}\n\n * kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"ProduceMessageConversionsPerSec\",topic=\"CONNECTION-RECORD-LOG\",}\n\n * kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"ProduceMessageConversionsPerSec\",topic=\"PROXY-EVENT-LOG\",}\n\n * kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"ProduceMessageConversionsPerSec\",topic=\"SECURITY-EVENT-LOG\",}\n\n- **判断Topic 写入是否异常**\n\n * kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"FailedProduceRequestsPerSec\",topic=\"TRAFFIC-METRICS-LOG\",}\n\n * kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"FailedProduceRequestsPerSec\",topic=\"CONNECTION-RECORD-LOG\",}\n\n * kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"FailedProduceRequestsPerSec\",topic=\"PROXY-EVENT-LOG\",}\n\n * kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"FailedProduceRequestsPerSec\",topic=\"SECURITY-EVENT-LOG\",}\n\n- 判断Topic 读取是否有最新的数据\n\n * kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"FetchMessageConversionsPerSec\",topic=\"TRAFFIC-METRICS-LOG\",}\n * kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"FetchMessageConversionsPerSec\",topic=\"CONNECTION-RECORD-LOG\",}\n * kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"FetchMessageConversionsPerSec\",topic=\"PROXY-EVENT-LOG\",}\n * kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"FetchMessageConversionsPerSec\",topic=\"SECURITY-EVENT-LOG\",}\n\n- 判断Topic 读取是否异常\n\n - kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"FailedFetchRequestsPerSec\",topic=\"TRAFFIC-METRICS-LOG\",}\n - kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"FailedFetchRequestsPerSec\",topic=\"CONNECTION-RECORD-LOG\",}\n - kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"FailedFetchRequestsPerSec\",topic=\"PROXY-EVENT-LOG\",}\n - kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"FailedFetchRequestsPerSec\",topic=\"SECURITY-EVENT-LOG\",}" + }, + "response": [] + }, + { + "name": "DoS事件日志-Topic", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "pm.test(\"Successful request.\", function () {", + " pm.expect(pm.response.code).to.be.oneOf([200,201]);", + "});", + "", + "pm.test(\"Checking detection events status.\", function () {", + " const text = pm.response.text().split('\\n');", + " for (const v of text) {", + " if (v.match(\"kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\\\"MessagesInPerSec\\\",topic=\\\"DOS-EVENT\\\",}\")) {", + " console.log(v);", + " if(v.split(' ')[1]<0.0001) { ", + " console.warn(\"DoS Events no data.\");", + " }", + " }", + " if (v.match(\"kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\\\"FailedFetchRequestsPerSec\\\",topic=\\\"DOS-EVENT\\\",}\")) {", + " console.log(v);", + " if(v.split(' ')[1]>100) {", + " pm.response.to.have.status(500);", + " console.error(\"DoS Events failed fetch requests.\"); ", + "", + " }", + " }", + " if (v.match(\"kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\\\"FailedProduceRequestsPerSec\\\",topic=\\\"DOS-EVENT\\\",}\")) {", + " console.log(v);", + " if(v.split(' ')[1]>100) {", + " pm.response.to.have.status(500);", + " console.error(\"DoS Events failed produce requests.\"); ", + "", + " }", + " }", + "", + " }", + " pm.response.to.be.status(200);", + "", + "});" + ], + "type": "text/javascript" + } + } + ], + "request": { + "method": "GET", + "header": [], + "url": { + "raw": "http://{{kafka_merge_ip}}:{{kafka_monitor_port}}", + "protocol": "http", + "host": [ + "{{kafka_merge_ip}}" + ], + "port": "{{kafka_monitor_port}}" + }, + "description": "## Kafka Topics\n\n```\n在监控指标结果下,直接复制指标进行查找定位,仅需修改\"topic\"里内容。\n```\n\nTYPE kafka_server_BrokerTopicMetrics_FiveMinuteRate (近5分钟数据情况)\n\n- **判断Topic 写入是否有最新的数据:**\n * kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"ProduceMessageConversionsPerSec\",topic=\"TRAFFIC-METRICS-LOG\",}\n\n * kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"ProduceMessageConversionsPerSec\",topic=\"CONNECTION-RECORD-LOG\",}\n\n * kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"ProduceMessageConversionsPerSec\",topic=\"PROXY-EVENT-LOG\",}\n\n * kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"ProduceMessageConversionsPerSec\",topic=\"SECURITY-EVENT-LOG\",}\n\n- **判断Topic 写入是否异常**\n\n * kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"FailedProduceRequestsPerSec\",topic=\"TRAFFIC-METRICS-LOG\",}\n\n * kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"FailedProduceRequestsPerSec\",topic=\"CONNECTION-RECORD-LOG\",}\n\n * kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"FailedProduceRequestsPerSec\",topic=\"PROXY-EVENT-LOG\",}\n\n * kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"FailedProduceRequestsPerSec\",topic=\"SECURITY-EVENT-LOG\",}\n\n- 判断Topic 读取是否有最新的数据\n\n * kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"FetchMessageConversionsPerSec\",topic=\"TRAFFIC-METRICS-LOG\",}\n * kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"FetchMessageConversionsPerSec\",topic=\"CONNECTION-RECORD-LOG\",}\n * kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"FetchMessageConversionsPerSec\",topic=\"PROXY-EVENT-LOG\",}\n * kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"FetchMessageConversionsPerSec\",topic=\"SECURITY-EVENT-LOG\",}\n\n- 判断Topic 读取是否异常\n\n - kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"FailedFetchRequestsPerSec\",topic=\"TRAFFIC-METRICS-LOG\",}\n - kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"FailedFetchRequestsPerSec\",topic=\"CONNECTION-RECORD-LOG\",}\n - kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"FailedFetchRequestsPerSec\",topic=\"PROXY-EVENT-LOG\",}\n - kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"FailedFetchRequestsPerSec\",topic=\"SECURITY-EVENT-LOG\",}" + }, + "response": [] + }, + { + "name": "首次与最近一次加载时间", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "pm.test(\"Status code is 200\", function () {", + " pm.response.to.have.status(200);", + "});" + ], + "type": "text/javascript" + } + } + ], + "request": { + "method": "GET", + "header": [], + "url": { + "raw": "http://{{qgw_ip}}:{{qgw_port}}/?query=select * from (select 'Session Records' as type, from_unixtime(min(common_recv_time) ) as first_time, from_unixtime(max(common_recv_time) ) as last_time from session_record where common_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time < UNIX_TIMESTAMP('{{end_time}}') union all select 'Interim Session Records' as type, from_unixtime(min(common_recv_time) ) as first_time, from_unixtime(max(common_recv_time) ) as last_time from interim_session_record where common_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time < UNIX_TIMESTAMP('{{end_time}}') union all select 'Transaction Records' as type, from_unixtime(min(common_recv_time) ) as first_time, from_unixtime(max(common_recv_time) ) as last_time from transaction_record where common_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time < UNIX_TIMESTAMP('{{end_time}}') union all select 'Security Event' as type, from_unixtime(min(common_recv_time) ) as first_time, from_unixtime(max(common_recv_time) ) as last_time from security_event where common_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time < UNIX_TIMESTAMP('{{end_time}}') union all select 'Proxy Event' as type, from_unixtime(min(common_recv_time) ) as first_time, from_unixtime(max(common_recv_time) ) as last_time from proxy_event where common_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time < UNIX_TIMESTAMP('{{end_time}}') union all select 'Radius' as type, from_unixtime(min(common_recv_time) ) as first_time, from_unixtime(max(common_recv_time) ) as last_time from radius_record where common_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time < UNIX_TIMESTAMP('{{end_time}}') union all select 'GTPC Records' as type, from_unixtime(min(common_recv_time) ) as first_time, from_unixtime(max(common_recv_time) ) as last_time from gtpc_record where common_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time < UNIX_TIMESTAMP('{{end_time}}') ) order by type", + "protocol": "http", + "host": [ + "{{qgw_ip}}" + ], + "port": "{{qgw_port}}", + "path": [ + "" + ], + "query": [ + { + "key": "query", + "value": "select * from (select 'Session Records' as type, from_unixtime(min(common_recv_time) ) as first_time, from_unixtime(max(common_recv_time) ) as last_time from session_record where common_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time < UNIX_TIMESTAMP('{{end_time}}') union all select 'Interim Session Records' as type, from_unixtime(min(common_recv_time) ) as first_time, from_unixtime(max(common_recv_time) ) as last_time from interim_session_record where common_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time < UNIX_TIMESTAMP('{{end_time}}') union all select 'Transaction Records' as type, from_unixtime(min(common_recv_time) ) as first_time, from_unixtime(max(common_recv_time) ) as last_time from transaction_record where common_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time < UNIX_TIMESTAMP('{{end_time}}') union all select 'Security Event' as type, from_unixtime(min(common_recv_time) ) as first_time, from_unixtime(max(common_recv_time) ) as last_time from security_event where common_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time < UNIX_TIMESTAMP('{{end_time}}') union all select 'Proxy Event' as type, from_unixtime(min(common_recv_time) ) as first_time, from_unixtime(max(common_recv_time) ) as last_time from proxy_event where common_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time < UNIX_TIMESTAMP('{{end_time}}') union all select 'Radius' as type, from_unixtime(min(common_recv_time) ) as first_time, from_unixtime(max(common_recv_time) ) as last_time from radius_record where common_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time < UNIX_TIMESTAMP('{{end_time}}') union all select 'GTPC Records' as type, from_unixtime(min(common_recv_time) ) as first_time, from_unixtime(max(common_recv_time) ) as last_time from gtpc_record where common_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time < UNIX_TIMESTAMP('{{end_time}}') ) order by type" + } + ] + }, + "description": "验证原始日志是否有最新的数据" + }, + "response": [] + } + ] + }, + { + "name": "预聚合检查", + "item": [ + { + "name": "Top Client IP", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "pm.test(\"Successful request.\", function () {", + " pm.expect(pm.response.code).to.be.oneOf([200,201]);", + "});", + "", + "pm.test(\"Checking pre-aggregation status.\", function () {", + " const text = pm.response.text().split('\\n');", + " for (const v of text) {", + " if (v.match(\"kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\\\"MessagesInPerSec\\\",topic=\\\"TOP-CLIENT-IP\\\",}\")) {", + " console.log(v);", + " if(v.split(' ')[1]<0.0001) { ", + " console.warn(\"Top Client IPs no data.\"); ", + " }", + " }", + " if (v.match(\"kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\\\"FailedFetchRequestsPerSec\\\",topic=\\\"TOP-CLIENT-IP\\\",}\")) {", + " console.log(v);", + " if(v.split(' ')[1]>100) {", + " pm.response.to.have.status(500);", + " }", + " }", + " if (v.match(\"kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\\\"FailedProduceRequestsPerSec\\\",topic=\\\"TOP-CLIENT-IP\\\",}\")) {", + " console.log(v);", + " if(v.split(' ')[1]>100) {", + " pm.response.to.have.status(500);", + " }", + " }", + "", + " }", + " pm.response.to.be.status(200);", + "", + "});", + "", + "", + "" + ], + "type": "text/javascript" + } + } + ], + "request": { + "method": "GET", + "header": [], + "url": { + "raw": "http://{{kafka_merge_ip}}:{{kafka_monitor_port}}", + "protocol": "http", + "host": [ + "{{kafka_merge_ip}}" + ], + "port": "{{kafka_monitor_port}}" + }, + "description": "## Kafka Topics\n\n```\n在监控指标结果下,直接复制指标进行查找定位,仅需修改\"topic\"里内容。\n```\n\nTYPE kafka_server_BrokerTopicMetrics_FiveMinuteRate (近5分钟数据情况)\n\n- **判断Topic 写入是否有最新的数据:**\n * kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"ProduceMessageConversionsPerSec\",topic=\"TRAFFIC-METRICS-LOG\",}\n\n * kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"ProduceMessageConversionsPerSec\",topic=\"CONNECTION-RECORD-LOG\",}\n\n * kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"ProduceMessageConversionsPerSec\",topic=\"PROXY-EVENT-LOG\",}\n\n * kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"ProduceMessageConversionsPerSec\",topic=\"SECURITY-EVENT-LOG\",}\n\n- **判断Topic 写入是否异常**\n\n * kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"FailedProduceRequestsPerSec\",topic=\"TRAFFIC-METRICS-LOG\",}\n\n * kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"FailedProduceRequestsPerSec\",topic=\"CONNECTION-RECORD-LOG\",}\n\n * kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"FailedProduceRequestsPerSec\",topic=\"PROXY-EVENT-LOG\",}\n\n * kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"FailedProduceRequestsPerSec\",topic=\"SECURITY-EVENT-LOG\",}\n\n- 判断Topic 读取是否有最新的数据\n\n * kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"FetchMessageConversionsPerSec\",topic=\"TRAFFIC-METRICS-LOG\",}\n * kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"FetchMessageConversionsPerSec\",topic=\"CONNECTION-RECORD-LOG\",}\n * kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"FetchMessageConversionsPerSec\",topic=\"PROXY-EVENT-LOG\",}\n * kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"FetchMessageConversionsPerSec\",topic=\"SECURITY-EVENT-LOG\",}\n\n- 判断Topic 读取是否异常\n\n - kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"FailedFetchRequestsPerSec\",topic=\"TRAFFIC-METRICS-LOG\",}\n - kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"FailedFetchRequestsPerSec\",topic=\"CONNECTION-RECORD-LOG\",}\n - kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"FailedFetchRequestsPerSec\",topic=\"PROXY-EVENT-LOG\",}\n - kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"FailedFetchRequestsPerSec\",topic=\"SECURITY-EVENT-LOG\",}" + }, + "response": [] + }, + { + "name": "Top Server IP", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "pm.test(\"Successful request.\", function () {", + " pm.expect(pm.response.code).to.be.oneOf([200,201]);", + "});", + "", + "pm.test(\"Checking pre-aggregation status.\", function () {", + " const text = pm.response.text().split('\\n');", + " for (const v of text) {", + " if (v.match(\"kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\\\"MessagesInPerSec\\\",topic=\\\"TOP-SERVER-IP\\\",}\")) {", + " console.log(v);", + " if(v.split(' ')[1]<0.0001) { ", + " console.warn(\"Top Server IPs no data.\"); ", + " }", + " }", + " if (v.match(\"kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\\\"FailedFetchRequestsPerSec\\\",topic=\\\"TOP-SERVER-IP\\\",}\")) {", + " console.log(v);", + " if(v.split(' ')[1]>100) {", + " pm.response.to.have.status(500);", + " }", + " }", + " if (v.match(\"kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\\\"FailedProduceRequestsPerSec\\\",topic=\\\"TOP-SERVER-IP\\\",}\")) {", + " console.log(v);", + " if(v.split(' ')[1]>100) {", + " pm.response.to.have.status(500);", + " }", + " }", + "", + " }", + " pm.response.to.be.status(200);", + "", + "});", + "", + "", + "" + ], + "type": "text/javascript" + } + } + ], + "request": { + "method": "GET", + "header": [], + "url": { + "raw": "http://{{kafka_merge_ip}}:{{kafka_monitor_port}}", + "protocol": "http", + "host": [ + "{{kafka_merge_ip}}" + ], + "port": "{{kafka_monitor_port}}" + }, + "description": "## Kafka Topics\n\n```\n在监控指标结果下,直接复制指标进行查找定位,仅需修改\"topic\"里内容。\n```\n\nTYPE kafka_server_BrokerTopicMetrics_FiveMinuteRate (近5分钟数据情况)\n\n- **判断Topic 写入是否有最新的数据:**\n * kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"ProduceMessageConversionsPerSec\",topic=\"TRAFFIC-METRICS-LOG\",}\n\n * kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"ProduceMessageConversionsPerSec\",topic=\"CONNECTION-RECORD-LOG\",}\n\n * kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"ProduceMessageConversionsPerSec\",topic=\"PROXY-EVENT-LOG\",}\n\n * kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"ProduceMessageConversionsPerSec\",topic=\"SECURITY-EVENT-LOG\",}\n\n- **判断Topic 写入是否异常**\n\n * kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"FailedProduceRequestsPerSec\",topic=\"TRAFFIC-METRICS-LOG\",}\n\n * kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"FailedProduceRequestsPerSec\",topic=\"CONNECTION-RECORD-LOG\",}\n\n * kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"FailedProduceRequestsPerSec\",topic=\"PROXY-EVENT-LOG\",}\n\n * kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"FailedProduceRequestsPerSec\",topic=\"SECURITY-EVENT-LOG\",}\n\n- 判断Topic 读取是否有最新的数据\n\n * kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"FetchMessageConversionsPerSec\",topic=\"TRAFFIC-METRICS-LOG\",}\n * kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"FetchMessageConversionsPerSec\",topic=\"CONNECTION-RECORD-LOG\",}\n * kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"FetchMessageConversionsPerSec\",topic=\"PROXY-EVENT-LOG\",}\n * kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"FetchMessageConversionsPerSec\",topic=\"SECURITY-EVENT-LOG\",}\n\n- 判断Topic 读取是否异常\n\n - kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"FailedFetchRequestsPerSec\",topic=\"TRAFFIC-METRICS-LOG\",}\n - kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"FailedFetchRequestsPerSec\",topic=\"CONNECTION-RECORD-LOG\",}\n - kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"FailedFetchRequestsPerSec\",topic=\"PROXY-EVENT-LOG\",}\n - kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"FailedFetchRequestsPerSec\",topic=\"SECURITY-EVENT-LOG\",}" + }, + "response": [] + }, + { + "name": "Top Internal IP", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "pm.test(\"Successful request.\", function () {", + " pm.expect(pm.response.code).to.be.oneOf([200,201]);", + "});", + "", + "pm.test(\"Checking pre-aggregation status.\", function () {", + " const text = pm.response.text().split('\\n');", + " for (const v of text) {", + " if (v.match(\"kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\\\"MessagesInPerSec\\\",topic=\\\"TOP-INTERNAL-HOST\\\",}\")) {", + " console.log(v);", + " if(v.split(' ')[1]<0.0001) { ", + " console.warn(\"Top Internal IPs no data.\"); ", + " }", + " }", + " if (v.match(\"kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\\\"FailedFetchRequestsPerSec\\\",topic=\\\"TOP-INTERNAL-HOST\\\",}\")) {", + " console.log(v);", + " if(v.split(' ')[1]>100) {", + " pm.response.to.have.status(500);", + " }", + " }", + " if (v.match(\"kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\\\"FailedProduceRequestsPerSec\\\",topic=\\\"TOP-INTERNAL-HOST\\\",}\")) {", + " console.log(v);", + " if(v.split(' ')[1]>100) {", + " pm.response.to.have.status(500);", + " }", + " }", + "", + " }", + " pm.response.to.be.status(200);", + "", + "});", + "", + "", + "" + ], + "type": "text/javascript" + } + } + ], + "request": { + "method": "GET", + "header": [], + "url": { + "raw": "http://{{kafka_merge_ip}}:{{kafka_monitor_port}}", + "protocol": "http", + "host": [ + "{{kafka_merge_ip}}" + ], + "port": "{{kafka_monitor_port}}" + }, + "description": "## Kafka Topics\n\n```\n在监控指标结果下,直接复制指标进行查找定位,仅需修改\"topic\"里内容。\n```\n\nTYPE kafka_server_BrokerTopicMetrics_FiveMinuteRate (近5分钟数据情况)\n\n- **判断Topic 写入是否有最新的数据:**\n * kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"ProduceMessageConversionsPerSec\",topic=\"TRAFFIC-METRICS-LOG\",}\n\n * kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"ProduceMessageConversionsPerSec\",topic=\"CONNECTION-RECORD-LOG\",}\n\n * kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"ProduceMessageConversionsPerSec\",topic=\"PROXY-EVENT-LOG\",}\n\n * kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"ProduceMessageConversionsPerSec\",topic=\"SECURITY-EVENT-LOG\",}\n\n- **判断Topic 写入是否异常**\n\n * kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"FailedProduceRequestsPerSec\",topic=\"TRAFFIC-METRICS-LOG\",}\n\n * kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"FailedProduceRequestsPerSec\",topic=\"CONNECTION-RECORD-LOG\",}\n\n * kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"FailedProduceRequestsPerSec\",topic=\"PROXY-EVENT-LOG\",}\n\n * kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"FailedProduceRequestsPerSec\",topic=\"SECURITY-EVENT-LOG\",}\n\n- 判断Topic 读取是否有最新的数据\n\n * kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"FetchMessageConversionsPerSec\",topic=\"TRAFFIC-METRICS-LOG\",}\n * kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"FetchMessageConversionsPerSec\",topic=\"CONNECTION-RECORD-LOG\",}\n * kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"FetchMessageConversionsPerSec\",topic=\"PROXY-EVENT-LOG\",}\n * kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"FetchMessageConversionsPerSec\",topic=\"SECURITY-EVENT-LOG\",}\n\n- 判断Topic 读取是否异常\n\n - kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"FailedFetchRequestsPerSec\",topic=\"TRAFFIC-METRICS-LOG\",}\n - kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"FailedFetchRequestsPerSec\",topic=\"CONNECTION-RECORD-LOG\",}\n - kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"FailedFetchRequestsPerSec\",topic=\"PROXY-EVENT-LOG\",}\n - kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"FailedFetchRequestsPerSec\",topic=\"SECURITY-EVENT-LOG\",}" + }, + "response": [] + }, + { + "name": "Top External IP", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "pm.test(\"Successful request.\", function () {", + " pm.expect(pm.response.code).to.be.oneOf([200,201]);", + "});", + "", + "pm.test(\"Checking pre-aggregation status.\", function () {", + " const text = pm.response.text().split('\\n');", + " for (const v of text) {", + " if (v.match(\"kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\\\"MessagesInPerSec\\\",topic=\\\"TOP-EXTERNAL-HOST\\\",}\")) {", + " console.log(v);", + " if(v.split(' ')[1]<0.0001) { ", + " console.warn(\"Top External IPs no data.\"); ", + " }", + " }", + " if (v.match(\"kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\\\"FailedFetchRequestsPerSec\\\",topic=\\\"TOP-EXTERNAL-HOST\\\",}\")) {", + " console.log(v);", + " if(v.split(' ')[1]>100) {", + " pm.response.to.have.status(500);", + " }", + " }", + " if (v.match(\"kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\\\"FailedProduceRequestsPerSec\\\",topic=\\\"TOP-EXTERNAL-HOST\\\",}\")) {", + " console.log(v);", + " if(v.split(' ')[1]>100) {", + " pm.response.to.have.status(500);", + " }", + " }", + "", + " }", + " pm.response.to.be.status(200);", + "", + "});", + "", + "", + "" + ], + "type": "text/javascript" + } + } + ], + "request": { + "method": "GET", + "header": [], + "url": { + "raw": "http://{{kafka_merge_ip}}:{{kafka_monitor_port}}", + "protocol": "http", + "host": [ + "{{kafka_merge_ip}}" + ], + "port": "{{kafka_monitor_port}}" + }, + "description": "## Kafka Topics\n\n```\n在监控指标结果下,直接复制指标进行查找定位,仅需修改\"topic\"里内容。\n```\n\nTYPE kafka_server_BrokerTopicMetrics_FiveMinuteRate (近5分钟数据情况)\n\n- **判断Topic 写入是否有最新的数据:**\n * kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"ProduceMessageConversionsPerSec\",topic=\"TRAFFIC-METRICS-LOG\",}\n\n * kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"ProduceMessageConversionsPerSec\",topic=\"CONNECTION-RECORD-LOG\",}\n\n * kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"ProduceMessageConversionsPerSec\",topic=\"PROXY-EVENT-LOG\",}\n\n * kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"ProduceMessageConversionsPerSec\",topic=\"SECURITY-EVENT-LOG\",}\n\n- **判断Topic 写入是否异常**\n\n * kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"FailedProduceRequestsPerSec\",topic=\"TRAFFIC-METRICS-LOG\",}\n\n * kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"FailedProduceRequestsPerSec\",topic=\"CONNECTION-RECORD-LOG\",}\n\n * kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"FailedProduceRequestsPerSec\",topic=\"PROXY-EVENT-LOG\",}\n\n * kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"FailedProduceRequestsPerSec\",topic=\"SECURITY-EVENT-LOG\",}\n\n- 判断Topic 读取是否有最新的数据\n\n * kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"FetchMessageConversionsPerSec\",topic=\"TRAFFIC-METRICS-LOG\",}\n * kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"FetchMessageConversionsPerSec\",topic=\"CONNECTION-RECORD-LOG\",}\n * kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"FetchMessageConversionsPerSec\",topic=\"PROXY-EVENT-LOG\",}\n * kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"FetchMessageConversionsPerSec\",topic=\"SECURITY-EVENT-LOG\",}\n\n- 判断Topic 读取是否异常\n\n - kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"FailedFetchRequestsPerSec\",topic=\"TRAFFIC-METRICS-LOG\",}\n - kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"FailedFetchRequestsPerSec\",topic=\"CONNECTION-RECORD-LOG\",}\n - kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"FailedFetchRequestsPerSec\",topic=\"PROXY-EVENT-LOG\",}\n - kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"FailedFetchRequestsPerSec\",topic=\"SECURITY-EVENT-LOG\",}" + }, + "response": [] + }, + { + "name": "Top Website Domain", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "pm.test(\"Successful request.\", function () {", + " pm.expect(pm.response.code).to.be.oneOf([200,201]);", + "});", + "", + "pm.test(\"Checking pre-aggregation status.\", function () {", + " const text = pm.response.text().split('\\n');", + " for (const v of text) {", + " if (v.match(\"kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\\\"MessagesInPerSec\\\",topic=\\\"TOP-WEBSITE-DOMAIN\\\",}\")) {", + " console.log(v);", + " if(v.split(' ')[1]<0.0001) { ", + " console.warn(\"Top Website Domains no data.\"); ", + " }", + " }", + " if (v.match(\"kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\\\"FailedFetchRequestsPerSec\\\",topic=\\\"TOP-WEBSITE-DOMAIN\\\",}\")) {", + " console.log(v);", + " if(v.split(' ')[1]>100) {", + " pm.response.to.have.status(500);", + " }", + " }", + " if (v.match(\"kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\\\"FailedProduceRequestsPerSec\\\",topic=\\\"TOP-WEBSITE-DOMAIN\\\",}\")) {", + " console.log(v);", + " if(v.split(' ')[1]>100) {", + " pm.response.to.have.status(500);", + " }", + " }", + "", + " }", + " pm.response.to.be.status(200);", + "", + "});", + "", + "", + "" + ], + "type": "text/javascript" + } + } + ], + "request": { + "method": "GET", + "header": [], + "url": { + "raw": "http://{{kafka_merge_ip}}:{{kafka_monitor_port}}", + "protocol": "http", + "host": [ + "{{kafka_merge_ip}}" + ], + "port": "{{kafka_monitor_port}}" + }, + "description": "## Kafka Topics\n\n```\n在监控指标结果下,直接复制指标进行查找定位,仅需修改\"topic\"里内容。\n```\n\nTYPE kafka_server_BrokerTopicMetrics_FiveMinuteRate (近5分钟数据情况)\n\n- **判断Topic 写入是否有最新的数据:**\n * kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"ProduceMessageConversionsPerSec\",topic=\"TRAFFIC-METRICS-LOG\",}\n\n * kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"ProduceMessageConversionsPerSec\",topic=\"CONNECTION-RECORD-LOG\",}\n\n * kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"ProduceMessageConversionsPerSec\",topic=\"PROXY-EVENT-LOG\",}\n\n * kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"ProduceMessageConversionsPerSec\",topic=\"SECURITY-EVENT-LOG\",}\n\n- **判断Topic 写入是否异常**\n\n * kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"FailedProduceRequestsPerSec\",topic=\"TRAFFIC-METRICS-LOG\",}\n\n * kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"FailedProduceRequestsPerSec\",topic=\"CONNECTION-RECORD-LOG\",}\n\n * kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"FailedProduceRequestsPerSec\",topic=\"PROXY-EVENT-LOG\",}\n\n * kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"FailedProduceRequestsPerSec\",topic=\"SECURITY-EVENT-LOG\",}\n\n- 判断Topic 读取是否有最新的数据\n\n * kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"FetchMessageConversionsPerSec\",topic=\"TRAFFIC-METRICS-LOG\",}\n * kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"FetchMessageConversionsPerSec\",topic=\"CONNECTION-RECORD-LOG\",}\n * kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"FetchMessageConversionsPerSec\",topic=\"PROXY-EVENT-LOG\",}\n * kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"FetchMessageConversionsPerSec\",topic=\"SECURITY-EVENT-LOG\",}\n\n- 判断Topic 读取是否异常\n\n - kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"FailedFetchRequestsPerSec\",topic=\"TRAFFIC-METRICS-LOG\",}\n - kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"FailedFetchRequestsPerSec\",topic=\"CONNECTION-RECORD-LOG\",}\n - kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"FailedFetchRequestsPerSec\",topic=\"PROXY-EVENT-LOG\",}\n - kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"FailedFetchRequestsPerSec\",topic=\"SECURITY-EVENT-LOG\",}" + }, + "response": [] + }, + { + "name": "Top Subscriber ID", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "pm.test(\"Successful request.\", function () {", + " pm.expect(pm.response.code).to.be.oneOf([200,201]);", + "});", + "", + "pm.test(\"Checking pre-aggregation status.\", function () {", + " const text = pm.response.text().split('\\n');", + " for (const v of text) {", + " if (v.match(\"kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\\\"MessagesInPerSec\\\",topic=\\\"TOP-USER\\\",}\")) {", + " console.log(v);", + " if(v.split(' ')[1]<0.0001) { ", + " console.warn(\"Top Subscriber IDs no data.\"); ", + " }", + " }", + " if (v.match(\"kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\\\"FailedFetchRequestsPerSec\\\",topic=\\\"TOP-USER\\\",}\")) {", + " console.log(v);", + " if(v.split(' ')[1]>100) {", + " pm.response.to.have.status(500);", + " }", + " }", + " if (v.match(\"kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\\\"FailedProduceRequestsPerSec\\\",topic=\\\"TOP-USER\\\",}\")) {", + " console.log(v);", + " if(v.split(' ')[1]>100) {", + " pm.response.to.have.status(500);", + " }", + " }", + "", + " }", + " pm.response.to.be.status(200);", + "", + "});", + "", + "" + ], + "type": "text/javascript" + } + } + ], + "request": { + "method": "GET", + "header": [], + "url": { + "raw": "http://{{kafka_merge_ip}}:{{kafka_monitor_port}}", + "protocol": "http", + "host": [ + "{{kafka_merge_ip}}" + ], + "port": "{{kafka_monitor_port}}" + }, + "description": "## Kafka Topics\n\n```\n在监控指标结果下,直接复制指标进行查找定位,仅需修改\"topic\"里内容。\n```\n\nTYPE kafka_server_BrokerTopicMetrics_FiveMinuteRate (近5分钟数据情况)\n\n- **判断Topic 写入是否有最新的数据:**\n * kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"ProduceMessageConversionsPerSec\",topic=\"TRAFFIC-METRICS-LOG\",}\n\n * kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"ProduceMessageConversionsPerSec\",topic=\"CONNECTION-RECORD-LOG\",}\n\n * kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"ProduceMessageConversionsPerSec\",topic=\"PROXY-EVENT-LOG\",}\n\n * kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"ProduceMessageConversionsPerSec\",topic=\"SECURITY-EVENT-LOG\",}\n\n- **判断Topic 写入是否异常**\n\n * kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"FailedProduceRequestsPerSec\",topic=\"TRAFFIC-METRICS-LOG\",}\n\n * kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"FailedProduceRequestsPerSec\",topic=\"CONNECTION-RECORD-LOG\",}\n\n * kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"FailedProduceRequestsPerSec\",topic=\"PROXY-EVENT-LOG\",}\n\n * kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"FailedProduceRequestsPerSec\",topic=\"SECURITY-EVENT-LOG\",}\n\n- 判断Topic 读取是否有最新的数据\n\n * kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"FetchMessageConversionsPerSec\",topic=\"TRAFFIC-METRICS-LOG\",}\n * kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"FetchMessageConversionsPerSec\",topic=\"CONNECTION-RECORD-LOG\",}\n * kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"FetchMessageConversionsPerSec\",topic=\"PROXY-EVENT-LOG\",}\n * kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"FetchMessageConversionsPerSec\",topic=\"SECURITY-EVENT-LOG\",}\n\n- 判断Topic 读取是否异常\n\n - kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"FailedFetchRequestsPerSec\",topic=\"TRAFFIC-METRICS-LOG\",}\n - kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"FailedFetchRequestsPerSec\",topic=\"CONNECTION-RECORD-LOG\",}\n - kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"FailedFetchRequestsPerSec\",topic=\"PROXY-EVENT-LOG\",}\n - kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"FailedFetchRequestsPerSec\",topic=\"SECURITY-EVENT-LOG\",}" + }, + "response": [] + }, + { + "name": "Security and Proxy URLs", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "pm.test(\"Successful request.\", function () {", + " pm.expect(pm.response.code).to.be.oneOf([200,201]);", + "});", + "", + "pm.test(\"Checking pre-aggregation status.\", function () {", + " const text = pm.response.text().split('\\n');", + " for (const v of text) {", + " if (v.match(\"kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\\\"MessagesInPerSec\\\",topic=\\\"TOP-URLS\\\",}\")) {", + " console.log(v);", + " if(v.split(' ')[1]<0.000001) { ", + " console.warn(\"Top URLs no data.\"); ", + " }", + " }", + " if (v.match(\"kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\\\"FailedFetchRequestsPerSec\\\",topic=\\\"TOP-URLS\\\",}\")) {", + " console.log(v);", + " if(v.split(' ')[1]>100) {", + " pm.response.to.have.status(500);", + " }", + " }", + " if (v.match(\"kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\\\"FailedProduceRequestsPerSec\\\",topic=\\\"TOP-URLS\\\",}\")) {", + " console.log(v);", + " if(v.split(' ')[1]>100) {", + " pm.response.to.have.status(500);", + " }", + " }", + "", + " }", + " pm.response.to.be.status(200);", + "", + "});", + "", + "" + ], + "type": "text/javascript" + } + } + ], + "request": { + "method": "GET", + "header": [], + "url": { + "raw": "http://{{kafka_merge_ip}}:{{kafka_monitor_port}}", + "protocol": "http", + "host": [ + "{{kafka_merge_ip}}" + ], + "port": "{{kafka_monitor_port}}" + }, + "description": "## Kafka Topics\n\n```\n在监控指标结果下,直接复制指标进行查找定位,仅需修改\"topic\"里内容。\n```\n\nTYPE kafka_server_BrokerTopicMetrics_FiveMinuteRate (近5分钟数据情况)\n\n- **判断Topic 写入是否有最新的数据:**\n * kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"ProduceMessageConversionsPerSec\",topic=\"TRAFFIC-METRICS-LOG\",}\n\n * kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"ProduceMessageConversionsPerSec\",topic=\"CONNECTION-RECORD-LOG\",}\n\n * kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"ProduceMessageConversionsPerSec\",topic=\"PROXY-EVENT-LOG\",}\n\n * kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"ProduceMessageConversionsPerSec\",topic=\"SECURITY-EVENT-LOG\",}\n\n- **判断Topic 写入是否异常**\n\n * kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"FailedProduceRequestsPerSec\",topic=\"TRAFFIC-METRICS-LOG\",}\n\n * kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"FailedProduceRequestsPerSec\",topic=\"CONNECTION-RECORD-LOG\",}\n\n * kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"FailedProduceRequestsPerSec\",topic=\"PROXY-EVENT-LOG\",}\n\n * kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"FailedProduceRequestsPerSec\",topic=\"SECURITY-EVENT-LOG\",}\n\n- 判断Topic 读取是否有最新的数据\n\n * kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"FetchMessageConversionsPerSec\",topic=\"TRAFFIC-METRICS-LOG\",}\n * kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"FetchMessageConversionsPerSec\",topic=\"CONNECTION-RECORD-LOG\",}\n * kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"FetchMessageConversionsPerSec\",topic=\"PROXY-EVENT-LOG\",}\n * kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"FetchMessageConversionsPerSec\",topic=\"SECURITY-EVENT-LOG\",}\n\n- 判断Topic 读取是否异常\n\n - kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"FailedFetchRequestsPerSec\",topic=\"TRAFFIC-METRICS-LOG\",}\n - kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"FailedFetchRequestsPerSec\",topic=\"CONNECTION-RECORD-LOG\",}\n - kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"FailedFetchRequestsPerSec\",topic=\"PROXY-EVENT-LOG\",}\n - kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"FailedFetchRequestsPerSec\",topic=\"SECURITY-EVENT-LOG\",}" + }, + "response": [] + }, + { + "name": "Application", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "pm.test(\"Successful request.\", function () {", + " pm.expect(pm.response.code).to.be.oneOf([200,201]);", + "});", + "", + "pm.test(\"Checking pre-aggregation status.\", function () {", + " const text = pm.response.text().split('\\n');", + " for (const v of text) {", + " if (v.match(\"kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\\\"MessagesInPerSec\\\",topic=\\\"TRAFFIC-APP-STAT\\\",}\")) {", + " console.log(v);", + " if(v.split(' ')[1]<0.0001) { ", + " console.warn(\"Top Applications no data.\"); ", + " }", + " }", + " if (v.match(\"kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\\\"FailedFetchRequestsPerSec\\\",topic=\\\"TRAFFIC-APP-STAT\\\",}\")) {", + " console.log(v);", + " if(v.split(' ')[1]>100) {", + " pm.response.to.have.status(500);", + " }", + " }", + " if (v.match(\"kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\\\"FailedProduceRequestsPerSec\\\",topic=\\\"TRAFFIC-APP-STAT\\\",}\")) {", + " console.log(v);", + " if(v.split(' ')[1]>100) {", + " pm.response.to.have.status(500);", + " }", + " }", + "", + " }", + " pm.response.to.be.status(200);", + "", + "});" + ], + "type": "text/javascript" + } + } + ], + "request": { + "method": "GET", + "header": [], + "url": { + "raw": "http://{{kafka_merge_ip}}:{{kafka_monitor_port}}", + "protocol": "http", + "host": [ + "{{kafka_merge_ip}}" + ], + "port": "{{kafka_monitor_port}}" + }, + "description": "## Kafka Topics\n\n```\n在监控指标结果下,直接复制指标进行查找定位,仅需修改\"topic\"里内容。\n```\n\nTYPE kafka_server_BrokerTopicMetrics_FiveMinuteRate (近5分钟数据情况)\n\n- **判断Topic 写入是否有最新的数据:**\n * kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"ProduceMessageConversionsPerSec\",topic=\"TRAFFIC-METRICS-LOG\",}\n\n * kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"ProduceMessageConversionsPerSec\",topic=\"CONNECTION-RECORD-LOG\",}\n\n * kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"ProduceMessageConversionsPerSec\",topic=\"PROXY-EVENT-LOG\",}\n\n * kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"ProduceMessageConversionsPerSec\",topic=\"SECURITY-EVENT-LOG\",}\n\n- **判断Topic 写入是否异常**\n\n * kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"FailedProduceRequestsPerSec\",topic=\"TRAFFIC-METRICS-LOG\",}\n\n * kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"FailedProduceRequestsPerSec\",topic=\"CONNECTION-RECORD-LOG\",}\n\n * kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"FailedProduceRequestsPerSec\",topic=\"PROXY-EVENT-LOG\",}\n\n * kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"FailedProduceRequestsPerSec\",topic=\"SECURITY-EVENT-LOG\",}\n\n- 判断Topic 读取是否有最新的数据\n\n * kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"FetchMessageConversionsPerSec\",topic=\"TRAFFIC-METRICS-LOG\",}\n * kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"FetchMessageConversionsPerSec\",topic=\"CONNECTION-RECORD-LOG\",}\n * kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"FetchMessageConversionsPerSec\",topic=\"PROXY-EVENT-LOG\",}\n * kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"FetchMessageConversionsPerSec\",topic=\"SECURITY-EVENT-LOG\",}\n\n- 判断Topic 读取是否异常\n\n - kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"FailedFetchRequestsPerSec\",topic=\"TRAFFIC-METRICS-LOG\",}\n - kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"FailedFetchRequestsPerSec\",topic=\"CONNECTION-RECORD-LOG\",}\n - kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"FailedFetchRequestsPerSec\",topic=\"PROXY-EVENT-LOG\",}\n - kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"FailedFetchRequestsPerSec\",topic=\"SECURITY-EVENT-LOG\",}" + }, + "response": [] + }, + { + "name": "Protocol", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "pm.test(\"Successful request.\", function () {", + " pm.expect(pm.response.code).to.be.oneOf([200,201]);", + "});", + "", + "pm.test(\"Checking pre-aggregation status.\", function () {", + " const text = pm.response.text().split('\\n');", + " for (const v of text) {", + " if (v.match(\"kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\\\"MessagesInPerSec\\\",topic=\\\"TRAFFIC-PROTOCOL-STAT-LOG\\\",}\")) {", + " console.log(v);", + " if(v.split(' ')[1]<0.0001) { ", + " console.warn(\"Top Session Record Metrci - Protcols no data.\"); ", + " }", + " }", + " if (v.match(\"kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\\\"FailedFetchRequestsPerSec\\\",topic=\\\"TRAFFIC-PROTOCOL-STAT-LOG\\\",}\")) {", + " console.log(v);", + " if(v.split(' ')[1]>100) {", + " pm.response.to.have.status(500);", + " }", + " }", + " if (v.match(\"kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\\\"FailedProduceRequestsPerSec\\\",topic=\\\"TRAFFIC-PROTOCOL-STAT-LOG\\\",}\")) {", + " console.log(v);", + " if(v.split(' ')[1]>100) {", + " pm.response.to.have.status(500);", + " }", + " }", + "", + " }", + " pm.response.to.be.status(200);", + "", + "});", + "", + "", + "" + ], + "type": "text/javascript" + } + } + ], + "request": { + "method": "GET", + "header": [], + "url": { + "raw": "http://{{kafka_merge_ip}}:{{kafka_monitor_port}}", + "protocol": "http", + "host": [ + "{{kafka_merge_ip}}" + ], + "port": "{{kafka_monitor_port}}" + }, + "description": "## Kafka Topics\n\n```\n在监控指标结果下,直接复制指标进行查找定位,仅需修改\"topic\"里内容。\n```\n\nTYPE kafka_server_BrokerTopicMetrics_FiveMinuteRate (近5分钟数据情况)\n\n- **判断Topic 写入是否有最新的数据:**\n * kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"ProduceMessageConversionsPerSec\",topic=\"TRAFFIC-METRICS-LOG\",}\n\n * kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"ProduceMessageConversionsPerSec\",topic=\"CONNECTION-RECORD-LOG\",}\n\n * kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"ProduceMessageConversionsPerSec\",topic=\"PROXY-EVENT-LOG\",}\n\n * kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"ProduceMessageConversionsPerSec\",topic=\"SECURITY-EVENT-LOG\",}\n\n- **判断Topic 写入是否异常**\n\n * kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"FailedProduceRequestsPerSec\",topic=\"TRAFFIC-METRICS-LOG\",}\n\n * kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"FailedProduceRequestsPerSec\",topic=\"CONNECTION-RECORD-LOG\",}\n\n * kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"FailedProduceRequestsPerSec\",topic=\"PROXY-EVENT-LOG\",}\n\n * kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"FailedProduceRequestsPerSec\",topic=\"SECURITY-EVENT-LOG\",}\n\n- 判断Topic 读取是否有最新的数据\n\n * kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"FetchMessageConversionsPerSec\",topic=\"TRAFFIC-METRICS-LOG\",}\n * kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"FetchMessageConversionsPerSec\",topic=\"CONNECTION-RECORD-LOG\",}\n * kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"FetchMessageConversionsPerSec\",topic=\"PROXY-EVENT-LOG\",}\n * kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"FetchMessageConversionsPerSec\",topic=\"SECURITY-EVENT-LOG\",}\n\n- 判断Topic 读取是否异常\n\n - kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"FailedFetchRequestsPerSec\",topic=\"TRAFFIC-METRICS-LOG\",}\n - kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"FailedFetchRequestsPerSec\",topic=\"CONNECTION-RECORD-LOG\",}\n - kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"FailedFetchRequestsPerSec\",topic=\"PROXY-EVENT-LOG\",}\n - kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\"FailedFetchRequestsPerSec\",topic=\"SECURITY-EVENT-LOG\",}" + }, + "response": [] + }, + { + "name": "首次与最近一次加载时间", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "pm.test(\"Status code is 200\", function () {", + " pm.response.to.have.status(200);", + "});" + ], + "type": "text/javascript" + } + } + ], + "request": { + "method": "GET", + "header": [], + "url": { + "raw": "http://{{qgw_ip}}:{{qgw_port}}/?query=select 'Traffic Metrics' as type, min(__time) as first_time, max(__time) as last_time from traffic_metrics_log where __time >= '{{start_time}}' and __time < '{{end_time}}' union all select 'Security Policies Hit' as type, min(__time) as first_time, max(__time) as last_time from security_event_hits_log where __time >= '{{start_time}}' and __time < '{{end_time}}' union all select 'Proxy Policies Hit' as type, min(__time) as first_time, max(__time) as last_time from proxy_event_hits_log where __time >= '{{start_time}}' and __time < '{{end_time}}' union all select 'Internal IP' as type, min(__time) as first_time, max(__time) as last_time from top_internal_host_log where __time >= '{{start_time}}' and __time < '{{end_time}}' union all select 'External IP' as type, min(__time) as first_time, max(__time) as last_time from top_external_host_log where __time >= '{{start_time}}' and __time < '{{end_time}}' union all select 'Subscriber ID' as type, min(__time) as first_time, max(__time) as last_time from top_user_log where __time >= '{{start_time}}' and __time < '{{end_time}}' union all select 'Client IP' as type, min(__time) as first_time, max(__time) as last_time from top_client_ip_log union all select 'Server IP' as type, min(__time) as first_time, max(__time) as last_time from top_server_ip_log where __time >= '{{start_time}}' and __time < '{{end_time}}' union all select 'Website Domain' as type, min(__time) as first_time, max(__time) as last_time from top_website_domain_log where __time >= '{{start_time}}' and __time < '{{end_time}}' union all select 'Hit Urls' as type, min(__time) as first_time, max(__time) as last_time from top_urls_log where __time >= '{{start_time}}' and __time < '{{end_time}}' union all select 'Traffic Summary' as type, min(__time) as first_time, max(__time) as last_time from traffic_summary_log where __time >= '{{start_time}}' and __time < '{{end_time}}' union all select 'Traffic Protocol Stat' as type, min(__time) as first_time, max(__time) as last_time from traffic_protocol_stat_log where __time >= '{{start_time}}' and __time < '{{end_time}}' union all select 'Storage Quota' as type, min(__time) as first_time, max(__time) as last_time from sys_storage_log where __time >= '{{start_time}}' and __time < '{{end_time}}'", + "protocol": "http", + "host": [ + "{{qgw_ip}}" + ], + "port": "{{qgw_port}}", + "path": [ + "" + ], + "query": [ + { + "key": "query", + "value": "select 'Traffic Metrics' as type, min(__time) as first_time, max(__time) as last_time from traffic_metrics_log where __time >= '{{start_time}}' and __time < '{{end_time}}' union all select 'Security Policies Hit' as type, min(__time) as first_time, max(__time) as last_time from security_event_hits_log where __time >= '{{start_time}}' and __time < '{{end_time}}' union all select 'Proxy Policies Hit' as type, min(__time) as first_time, max(__time) as last_time from proxy_event_hits_log where __time >= '{{start_time}}' and __time < '{{end_time}}' union all select 'Internal IP' as type, min(__time) as first_time, max(__time) as last_time from top_internal_host_log where __time >= '{{start_time}}' and __time < '{{end_time}}' union all select 'External IP' as type, min(__time) as first_time, max(__time) as last_time from top_external_host_log where __time >= '{{start_time}}' and __time < '{{end_time}}' union all select 'Subscriber ID' as type, min(__time) as first_time, max(__time) as last_time from top_user_log where __time >= '{{start_time}}' and __time < '{{end_time}}' union all select 'Client IP' as type, min(__time) as first_time, max(__time) as last_time from top_client_ip_log union all select 'Server IP' as type, min(__time) as first_time, max(__time) as last_time from top_server_ip_log where __time >= '{{start_time}}' and __time < '{{end_time}}' union all select 'Website Domain' as type, min(__time) as first_time, max(__time) as last_time from top_website_domain_log where __time >= '{{start_time}}' and __time < '{{end_time}}' union all select 'Hit Urls' as type, min(__time) as first_time, max(__time) as last_time from top_urls_log where __time >= '{{start_time}}' and __time < '{{end_time}}' union all select 'Traffic Summary' as type, min(__time) as first_time, max(__time) as last_time from traffic_summary_log where __time >= '{{start_time}}' and __time < '{{end_time}}' union all select 'Traffic Protocol Stat' as type, min(__time) as first_time, max(__time) as last_time from traffic_protocol_stat_log where __time >= '{{start_time}}' and __time < '{{end_time}}' union all select 'Storage Quota' as type, min(__time) as first_time, max(__time) as last_time from sys_storage_log where __time >= '{{start_time}}' and __time < '{{end_time}}'" + } + ] + }, + "description": "验证Apache Druid 统计表是否有最新的数据" + }, + "response": [] + } + ] + }, + { + "name": "系统报告检查", + "item": [ + { + "name": "报告应用健康状态", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "pm.test(\"Status code is 200\", function () {", + " pm.response.to.have.status(200);", + "});" + ], + "type": "text/javascript" + } + } + ], + "request": { + "method": "GET", + "header": [], + "url": { + "raw": "http://{{report_ip}}:{{report_port}}/monitor", + "protocol": "http", + "host": [ + "{{report_ip}}" + ], + "port": "{{report_port}}", + "path": [ + "monitor" + ] + } + }, + "response": [] + }, + { + "name": "当前报告结果列表-JobID", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "", + "pm.test(\"Status code is 200\", function () {", + " pm.response.to.have.status(200);", + "});" + ], + "type": "text/javascript" + } + } + ], + "request": { + "method": "GET", + "header": [ + { + "key": "Authorization", + "value": "ed04b942-7df4-4e3d-b9a9-a881ca98a867", + "type": "text" + }, + { + "key": "Content-Type", + "value": "", + "type": "text" + } + ], + "url": { + "raw": "http://{{bifang_ip}}:{{bifang_port}}/v1/report/offlinejob/result?jobId=8967&vsysId=1", + "protocol": "http", + "host": [ + "{{bifang_ip}}" + ], + "port": "{{bifang_port}}", + "path": [ + "v1", + "report", + "offlinejob", + "result" + ], + "query": [ + { + "key": "option", + "value": "long-term", + "disabled": true + }, + { + "key": "resultId", + "value": "129494", + "disabled": true + }, + { + "key": "jobId", + "value": "8967" + }, + { + "key": "vsysId", + "value": "1" + } + ] + }, + "description": "结果状态status 含义列表,显示>2 的结果列表。\n0\t等待执行,要isvaild字段为1,为0为用户取消\n1\t正在执行\n2\t执行成功\n3\tsql语句报错,一般跟ck和report无关\n4\tsql查询异常,可能ck问题也可能是网关\n5\t写入hbase报错\n6\t网关补全异常\n7\t网关未知异常\n8\treport未知异常\n9\t用户取消 ,在执行过程中将isvalid置为1\n10\t结果写入mysql报错" + }, + "response": [] + }, + { + "name": "查询报告任务运行状态-QueryID", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "pm.test(\"Status code is 200\", function () {", + " pm.response.to.have.status(200);", + "});" + ], + "type": "text/javascript" + } + } + ], + "request": { + "method": "GET", + "header": [], + "url": { + "raw": "http://{{qgw_ip}}:{{qgw_port}}?query=select CAST(type, 'Int8') as type,read_rows,query_duration_ms,query,exception,memory_usage,event_time,result_rows,result_bytes from system.query_log_cluster where type>1 and query_id='' order by event_time desc limit 1", + "protocol": "http", + "host": [ + "{{qgw_ip}}" + ], + "port": "{{qgw_port}}", + "query": [ + { + "key": "option", + "value": "long-term", + "disabled": true + }, + { + "key": "resultId", + "value": "129494", + "disabled": true + }, + { + "key": "query", + "value": "select CAST(type, 'Int8') as type,read_rows,query_duration_ms,query,exception,memory_usage,event_time,result_rows,result_bytes from system.query_log_cluster where type>1 and query_id='' order by event_time desc limit 1" + } + ] + } + }, + "response": [] + } + ] + }, + { + "name": "元数据检查", + "item": [ + { + "name": "元数据查询接口", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "pm.test(\"Status code is 200\", function () {", + " pm.response.to.have.status(200);", + "});" + ], + "type": "text/javascript" + } + } + ], + "request": { + "method": "GET", + "header": [], + "url": { + "raw": "http://{{qgw_ip}}:{{qgw_port}}/metadata/schema/v1/fields/session_record", + "protocol": "http", + "host": [ + "{{qgw_ip}}" + ], + "port": "{{qgw_port}}", + "path": [ + "metadata", + "schema", + "v1", + "fields", + "session_record" + ] + } + }, + "response": [] + }, + { + "name": "Schema-会话日志(已关闭)", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "pm.test(\"Status code is 200\", function () {", + " pm.response.to.have.status(200);", + "});" + ], + "type": "text/javascript" + } + } + ], + "request": { + "method": "GET", + "header": [], + "url": { + "raw": "http://{{qgw_ip}}:{{qgw_port}}/metadata/schema/v1/fields/session_record", + "protocol": "http", + "host": [ + "{{qgw_ip}}" + ], + "port": "{{qgw_port}}", + "path": [ + "metadata", + "schema", + "v1", + "fields", + "session_record" + ] + } + }, + "response": [] + }, + { + "name": "Schema-过渡会话日志(过渡)", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "pm.test(\"Status code is 200\", function () {", + " pm.response.to.have.status(200);", + "});" + ], + "type": "text/javascript" + } + } + ], + "request": { + "method": "GET", + "header": [], + "url": { + "raw": "http://{{qgw_ip}}:{{qgw_port}}/metadata/schema/v1/fields/interim_session_record", + "protocol": "http", + "host": [ + "{{qgw_ip}}" + ], + "port": "{{qgw_port}}", + "path": [ + "metadata", + "schema", + "v1", + "fields", + "interim_session_record" + ] + }, + "description": "security_event_log" + }, + "response": [] + }, + { + "name": "Schema-事务日志", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "pm.test(\"Status code is 200\", function () {", + " pm.response.to.have.status(200);", + "});" + ], + "type": "text/javascript" + } + } + ], + "request": { + "method": "GET", + "header": [], + "url": { + "raw": "http://{{qgw_ip}}:{{qgw_port}}/metadata/schema/v1/fields/transaction_record", + "protocol": "http", + "host": [ + "{{qgw_ip}}" + ], + "port": "{{qgw_port}}", + "path": [ + "metadata", + "schema", + "v1", + "fields", + "transaction_record" + ] + }, + "description": "security_event_log" + }, + "response": [] + }, + { + "name": "Schema-安全事件", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "pm.test(\"Status code is 200\", function () {", + " pm.response.to.have.status(200);", + "});" + ], + "type": "text/javascript" + } + } + ], + "request": { + "method": "GET", + "header": [], + "url": { + "raw": "http://{{qgw_ip}}:{{qgw_port}}/metadata/schema/v1/fields/security_event", + "protocol": "http", + "host": [ + "{{qgw_ip}}" + ], + "port": "{{qgw_port}}", + "path": [ + "metadata", + "schema", + "v1", + "fields", + "security_event" + ] + }, + "description": "security_event_log" + }, + "response": [] + }, + { + "name": "Schema-代理事件", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "pm.test(\"Status code is 200\", function () {", + " pm.response.to.have.status(200);", + "});" + ], + "type": "text/javascript" + } + } + ], + "request": { + "method": "GET", + "header": [], + "url": { + "raw": "http://{{qgw_ip}}:{{qgw_port}}/metadata/schema/v1/fields/proxy_event", + "protocol": "http", + "host": [ + "{{qgw_ip}}" + ], + "port": "{{qgw_port}}", + "path": [ + "metadata", + "schema", + "v1", + "fields", + "proxy_event" + ] + }, + "description": "proxy_event_log" + }, + "response": [] + }, + { + "name": "Schema-VoIP融合日志", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "pm.test(\"Status code is 200\", function () {", + " pm.response.to.have.status(200);", + "});" + ], + "type": "text/javascript" + } + } + ], + "request": { + "method": "GET", + "header": [], + "url": { + "raw": "http://{{qgw_ip}}:{{qgw_port}}/metadata/schema/v1/fields/voip_record", + "protocol": "http", + "host": [ + "{{qgw_ip}}" + ], + "port": "{{qgw_port}}", + "path": [ + "metadata", + "schema", + "v1", + "fields", + "voip_record" + ] + }, + "description": "security_event_log" + }, + "response": [] + }, + { + "name": "Schema-DoS事件", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "pm.test(\"Status code is 200\", function () {", + " pm.response.to.have.status(200);", + "});" + ], + "type": "text/javascript" + } + } + ], + "request": { + "method": "GET", + "header": [], + "url": { + "raw": "http://{{qgw_ip}}:{{qgw_port}}/metadata/schema/v1/fields/dos_event", + "protocol": "http", + "host": [ + "{{qgw_ip}}" + ], + "port": "{{qgw_port}}", + "path": [ + "metadata", + "schema", + "v1", + "fields", + "dos_event" + ] + }, + "description": "security_event_log" + }, + "response": [] + }, + { + "name": "Schema-GTP-C日志", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "pm.test(\"Status code is 200\", function () {", + " pm.response.to.have.status(200);", + "});" + ], + "type": "text/javascript" + } + } + ], + "request": { + "method": "GET", + "header": [], + "url": { + "raw": "http://{{qgw_ip}}:{{qgw_port}}/metadata/schema/v1/fields/gtpc_record", + "protocol": "http", + "host": [ + "{{qgw_ip}}" + ], + "port": "{{qgw_port}}", + "path": [ + "metadata", + "schema", + "v1", + "fields", + "gtpc_record" + ] + }, + "description": "security_event_log" + }, + "response": [] + }, + { + "name": "Schema-评价文件事件", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "pm.test(\"Status code is 200\", function () {", + " pm.response.to.have.status(200);", + "});" + ], + "type": "text/javascript" + } + } + ], + "request": { + "method": "GET", + "header": [], + "url": { + "raw": "http://{{qgw_ip}}:{{qgw_port}}/metadata/schema/v1/fields/assessment_event", + "protocol": "http", + "host": [ + "{{qgw_ip}}" + ], + "port": "{{qgw_port}}", + "path": [ + "metadata", + "schema", + "v1", + "fields", + "assessment_event" + ] + }, + "description": "security_event_log" + }, + "response": [] + }, + { + "name": "元数据-ClickHouse表", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "pm.test(\"Status code is 200\", function () {", + " pm.response.to.have.status(200);", + "});" + ], + "type": "text/javascript" + } + } + ], + "request": { + "method": "GET", + "header": [], + "url": { + "raw": "http://{{qgw_ip}}:{{qgw_port}}/metadata/schema/v1/tables/tsg_galaxy_v3", + "protocol": "http", + "host": [ + "{{qgw_ip}}" + ], + "port": "{{qgw_port}}", + "path": [ + "metadata", + "schema", + "v1", + "tables", + "tsg_galaxy_v3" + ] + } + }, + "response": [] + }, + { + "name": "Schema-Top客户端IP", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "pm.test(\"Status code is 200\", function () {", + " pm.response.to.have.status(200);", + "});" + ], + "type": "text/javascript" + } + } + ], + "request": { + "method": "GET", + "header": [], + "url": { + "raw": "http://{{qgw_ip}}:{{qgw_port}}/metadata/schema/v1/fields/top_client_ip_log", + "protocol": "http", + "host": [ + "{{qgw_ip}}" + ], + "port": "{{qgw_port}}", + "path": [ + "metadata", + "schema", + "v1", + "fields", + "top_client_ip_log" + ] + }, + "description": "security_event_log" + }, + "response": [] + }, + { + "name": "Schema-Top服务端IP", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "pm.test(\"Status code is 200\", function () {", + " pm.response.to.have.status(200);", + "});" + ], + "type": "text/javascript" + } + } + ], + "request": { + "method": "GET", + "header": [], + "url": { + "raw": "http://{{qgw_ip}}:{{qgw_port}}/metadata/schema/v1/fields/top_server_ip_log", + "protocol": "http", + "host": [ + "{{qgw_ip}}" + ], + "port": "{{qgw_port}}", + "path": [ + "metadata", + "schema", + "v1", + "fields", + "top_server_ip_log" + ] + }, + "description": "security_event_log" + }, + "response": [] + }, + { + "name": "Schema-Top域内IP", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "pm.test(\"Status code is 200\", function () {", + " pm.response.to.have.status(200);", + "});" + ], + "type": "text/javascript" + } + } + ], + "request": { + "method": "GET", + "header": [], + "url": { + "raw": "http://{{qgw_ip}}:{{qgw_port}}/metadata/schema/v1/fields/top_internal_host_log", + "protocol": "http", + "host": [ + "{{qgw_ip}}" + ], + "port": "{{qgw_port}}", + "path": [ + "metadata", + "schema", + "v1", + "fields", + "top_internal_host_log" + ] + }, + "description": "security_event_log" + }, + "response": [] + }, + { + "name": "Schema-Top域外IP", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "pm.test(\"Status code is 200\", function () {", + " pm.response.to.have.status(200);", + "});" + ], + "type": "text/javascript" + } + } + ], + "request": { + "method": "GET", + "header": [], + "url": { + "raw": "http://{{qgw_ip}}:{{qgw_port}}/metadata/schema/v1/fields/top_external_host_log", + "protocol": "http", + "host": [ + "{{qgw_ip}}" + ], + "port": "{{qgw_port}}", + "path": [ + "metadata", + "schema", + "v1", + "fields", + "top_external_host_log" + ] + }, + "description": "security_event_log" + }, + "response": [] + }, + { + "name": "Schema-Top Subscribers", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "pm.test(\"Status code is 200\", function () {", + " pm.response.to.have.status(200);", + "});" + ], + "type": "text/javascript" + } + } + ], + "request": { + "method": "GET", + "header": [], + "url": { + "raw": "http://{{qgw_ip}}:{{qgw_port}}/metadata/schema/v1/fields/top_user_log", + "protocol": "http", + "host": [ + "{{qgw_ip}}" + ], + "port": "{{qgw_port}}", + "path": [ + "metadata", + "schema", + "v1", + "fields", + "top_user_log" + ] + }, + "description": "security_event_log" + }, + "response": [] + }, + { + "name": "Schema-Top 域名", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "pm.test(\"Status code is 200\", function () {", + " pm.response.to.have.status(200);", + "});" + ], + "type": "text/javascript" + } + } + ], + "request": { + "method": "GET", + "header": [], + "url": { + "raw": "http://{{qgw_ip}}:{{qgw_port}}/metadata/schema/v1/fields/top_website_domain_log", + "protocol": "http", + "host": [ + "{{qgw_ip}}" + ], + "port": "{{qgw_port}}", + "path": [ + "metadata", + "schema", + "v1", + "fields", + "top_website_domain_log" + ] + }, + "description": "security_event_log" + }, + "response": [] + }, + { + "name": "Schema-Top URLs", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "pm.test(\"Status code is 200\", function () {", + " pm.response.to.have.status(200);", + "});" + ], + "type": "text/javascript" + } + } + ], + "request": { + "method": "GET", + "header": [], + "url": { + "raw": "http://{{qgw_ip}}:{{qgw_port}}/metadata/schema/v1/fields/top_urls_log", + "protocol": "http", + "host": [ + "{{qgw_ip}}" + ], + "port": "{{qgw_port}}", + "path": [ + "metadata", + "schema", + "v1", + "fields", + "top_urls_log" + ] + }, + "description": "security_event_log" + }, + "response": [] + }, + { + "name": "Schema-Top Applications", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "pm.test(\"Status code is 200\", function () {", + " pm.response.to.have.status(200);", + "});" + ], + "type": "text/javascript" + } + } + ], + "request": { + "method": "GET", + "header": [], + "url": { + "raw": "http://{{qgw_ip}}:{{qgw_port}}/metadata/schema/v1/fields/traffic_app_stat_log", + "protocol": "http", + "host": [ + "{{qgw_ip}}" + ], + "port": "{{qgw_port}}", + "path": [ + "metadata", + "schema", + "v1", + "fields", + "traffic_app_stat_log" + ] + }, + "description": "security_event_log" + }, + "response": [] + }, + { + "name": "Schema-流量计数", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "pm.test(\"Status code is 200\", function () {", + " pm.response.to.have.status(200);", + "});" + ], + "type": "text/javascript" + } + } + ], + "request": { + "method": "GET", + "header": [], + "url": { + "raw": "http://{{qgw_ip}}:{{qgw_port}}/metadata/schema/v1/fields/traffic_metrics_log", + "protocol": "http", + "host": [ + "{{qgw_ip}}" + ], + "port": "{{qgw_port}}", + "path": [ + "metadata", + "schema", + "v1", + "fields", + "traffic_metrics_log" + ] + }, + "description": "security_event_log" + }, + "response": [] + }, + { + "name": "Schema-流量汇总分布", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "pm.test(\"Status code is 200\", function () {", + " pm.response.to.have.status(200);", + "});" + ], + "type": "text/javascript" + } + } + ], + "request": { + "method": "GET", + "header": [], + "url": { + "raw": "http://{{qgw_ip}}:{{qgw_port}}/metadata/schema/v1/fields/traffic_summary_log", + "protocol": "http", + "host": [ + "{{qgw_ip}}" + ], + "port": "{{qgw_port}}", + "path": [ + "metadata", + "schema", + "v1", + "fields", + "traffic_summary_log" + ] + }, + "description": "security_event_log" + }, + "response": [] + }, + { + "name": "Schema-安全事件计数", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "pm.test(\"Status code is 200\", function () {", + " pm.response.to.have.status(200);", + "});" + ], + "type": "text/javascript" + } + } + ], + "request": { + "method": "GET", + "header": [], + "url": { + "raw": "http://{{qgw_ip}}:{{qgw_port}}/metadata/schema/v1/fields/security_event_hits_log", + "protocol": "http", + "host": [ + "{{qgw_ip}}" + ], + "port": "{{qgw_port}}", + "path": [ + "metadata", + "schema", + "v1", + "fields", + "security_event_hits_log" + ] + }, + "description": "security_event_log" + }, + "response": [] + }, + { + "name": "Schema-代理事件计数", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "pm.test(\"Status code is 200\", function () {", + " pm.response.to.have.status(200);", + "});" + ], + "type": "text/javascript" + } + } + ], + "request": { + "method": "GET", + "header": [], + "url": { + "raw": "http://{{qgw_ip}}:{{qgw_port}}/metadata/schema/v1/fields/proxy_event_hits_log", + "protocol": "http", + "host": [ + "{{qgw_ip}}" + ], + "port": "{{qgw_port}}", + "path": [ + "metadata", + "schema", + "v1", + "fields", + "proxy_event_hits_log" + ] + }, + "description": "security_event_log" + }, + "response": [] + }, + { + "name": "元数据-Druid表", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "pm.test(\"Status code is 200\", function () {", + " pm.response.to.have.status(200);", + "});" + ], + "type": "text/javascript" + } + } + ], + "request": { + "method": "GET", + "header": [], + "url": { + "raw": "http://{{qgw_ip}}:{{qgw_port}}/metadata/schema/v1/tables/druid", + "protocol": "http", + "host": [ + "{{qgw_ip}}" + ], + "port": "{{qgw_port}}", + "path": [ + "metadata", + "schema", + "v1", + "tables", + "druid" + ] + } + }, + "response": [] + } + ] + }, + { + "name": "HOS对象存储", + "item": [ + { + "name": "hos查询所有的桶", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "pm.test(\"Status code is 200\", function () {", + " pm.response.to.have.status(200);", + "});" + ], + "type": "text/javascript" + } + } + ], + "request": { + "method": "GET", + "header": [ + { + "key": "Token", + "type": "text", + "value": "{{hos_token}}" + } + ], + "url": { + "raw": "http://{{hos_ip}}:{{hos_port}}/hos/", + "protocol": "http", + "host": [ + "{{hos_ip}}" + ], + "port": "{{hos_port}}", + "path": [ + "hos", + "" + ], + "query": [ + { + "key": "AccessKey", + "value": "default", + "disabled": true + } + ] + } + }, + "response": [] + }, + { + "name": "获取对象列表", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "pm.test(\"Status code is 200\", function () {", + " pm.response.to.have.status(200);", + "});" + ], + "type": "text/javascript" + } + } + ], + "request": { + "method": "GET", + "header": [ + { + "key": "Token", + "type": "text", + "value": "{{hos_token}}" + } + ], + "url": { + "raw": "http://{{hos_ip}}:{{hos_port}}/hos/session_record_hos_bucket/?max-keys=1", + "protocol": "http", + "host": [ + "{{hos_ip}}" + ], + "port": "{{hos_port}}", + "path": [ + "hos", + "session_record_hos_bucket", + "" + ], + "query": [ + { + "key": "AccessKey", + "value": "default", + "disabled": true + }, + { + "key": "max-keys", + "value": "1" + } + ] + } + }, + "response": [] + }, + { + "name": "获取对象元数据", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "pm.test(\"Status code is 200\", function () {", + " pm.response.to.have.status(200);", + "});" + ], + "type": "text/javascript" + } + } + ], + "request": { + "method": "GET", + "header": [ + { + "key": "Token", + "type": "text", + "value": "{{hos_token}}" + } + ], + "url": { + "raw": "http://{{hos_ip}}:{{hos_port}}/hos/default/galaxy-hos.txt?metadata=", + "protocol": "http", + "host": [ + "{{hos_ip}}" + ], + "port": "{{hos_port}}", + "path": [ + "hos", + "default", + "galaxy-hos.txt" + ], + "query": [ + { + "key": "metadata", + "value": "" + }, + { + "key": "AccessKey", + "value": "default", + "disabled": true + } + ] + } + }, + "response": [] + }, + { + "name": "获取某个文件", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "pm.test(\"Status code is 200\", function () {", + " pm.response.to.have.status(200);", + "});" + ], + "type": "text/javascript" + } + } + ], + "request": { + "method": "GET", + "header": [ + { + "key": "Token", + "type": "text", + "value": "{{hos_token}}" + } + ], + "url": { + "raw": "http://{{hos_ip}}:{{hos_port}}/hos/default/galaxy-hos.txt", + "protocol": "http", + "host": [ + "{{hos_ip}}" + ], + "port": "{{hos_port}}", + "path": [ + "hos", + "default", + "galaxy-hos.txt" + ], + "query": [ + { + "key": "AccessKey", + "value": "default", + "disabled": true + } + ] + } + }, + "response": [] + } + ] + }, + { + "name": "SQL查询接口", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "pm.test(\"Status code is 200\", function () {", + " pm.response.to.have.status(200);", + "});" + ], + "type": "text/javascript" + } + } + ], + "request": { + "method": "GET", + "header": [], + "url": { + "raw": "http://{{qgw_ip}}:{{qgw_port}}/?query=SELECT toDateTime(min(common_recv_time)) FROM session_record WHERE common_recv_time >=UNIX_TIMESTAMP(parseDateTimeBestEffort('2022-07-29T11:21:40Z')) AND common_recv_time =UNIX_TIMESTAMP(parseDateTimeBestEffort('2022-07-29T11:21:40Z')) AND common_recv_time = UNIX_TIMESTAMP('{{start_time}}') and common_recv_time < UNIX_TIMESTAMP('{{end_time}}') group by http_domain order by sessions desc limit 10", + "protocol": "http", + "host": [ + "{{qgw_ip}}" + ], + "port": "{{qgw_port}}", + "query": [ + { + "key": "query", + "value": "explain select http_domain,count(*) as sessions from session_record where common_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time < UNIX_TIMESTAMP('{{end_time}}') group by http_domain order by sessions desc limit 10" + } + ] + } + }, + "response": [] + }, + { + "name": "SQL查看表结构", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "pm.test(\"Status code is 200\", function () {", + " pm.response.to.have.status(200);", + "});" + ], + "type": "text/javascript" + } + } + ], + "request": { + "method": "GET", + "header": [], + "url": { + "raw": "http://{{qgw_ip}}:{{qgw_port}}?query=describe session_record", + "protocol": "http", + "host": [ + "{{qgw_ip}}" + ], + "port": "{{qgw_port}}", + "query": [ + { + "key": "query", + "value": "describe session_record" + } + ] + } + }, + "response": [] + }, + { + "name": "获取系统存储配额", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "pm.test(\"Status code is 200\", function () {", + " pm.response.to.have.status(200);", + "});" + ], + "type": "text/javascript" + } + } + ], + "request": { + "method": "GET", + "header": [], + "url": { + "raw": "http://{{qgw_ip}}:{{qgw_port}}/sys/storage/deletion", + "protocol": "http", + "host": [ + "{{qgw_ip}}" + ], + "port": "{{qgw_port}}", + "path": [ + "sys", + "storage", + "deletion" + ] + } + }, + "response": [] + }, + { + "name": "存储配额一致性检查", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "pm.test(\"Status code is 200\", function () {", + " pm.response.to.have.status(200);", + "});" + ], + "type": "text/javascript" + } + } + ], + "request": { + "method": "GET", + "header": [], + "url": { + "raw": "http://{{qgw_ip}}:{{qgw_port}}/sys/storage/consistency", + "protocol": "http", + "host": [ + "{{qgw_ip}}" + ], + "port": "{{qgw_port}}", + "path": [ + "sys", + "storage", + "consistency" + ] + } + }, + "response": [] + } + ] + }, + { + "name": "03.检查Dashboards", + "item": [ + { + "name": "DoS Threat Map", + "item": [ + { + "name": "Top Source Countries", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "pm.test(\"Status code is 200\", function () {", + " pm.response.to.have.status(200);", + "});" + ], + "type": "text/javascript" + } + } + ], + "request": { + "method": "GET", + "header": [], + "url": { + "raw": "http://{{qgw_ip}}:{{qgw_port}}/?query=select \n arrayJoin(splitByString(',',source_country_list)) as source_country,\n count(*) as count\nfrom dos_event\nwhere\n start_time >= UNIX_TIMESTAMP('{{start_time}}')\n and start_time = UNIX_TIMESTAMP('{{start_time}}')\n and start_time = UNIX_TIMESTAMP('{{start_time}}')\n and start_time = UNIX_TIMESTAMP('{{start_time}}')\n and start_time = UNIX_TIMESTAMP('{{start_time}}')\n and start_time = UNIX_TIMESTAMP('{{start_time}}')\n and start_time = UNIX_TIMESTAMP('{{start_time}}')\n and start_time = UNIX_TIMESTAMP('{{start_time}}')\n and start_time = UNIX_TIMESTAMP('{{start_time}}')\n and start_time = UNIX_TIMESTAMP('{{start_time}}')\n and start_time = UNIX_TIMESTAMP('{{start_time}}')\n and start_time = UNIX_TIMESTAMP('{{start_time}}')\n and start_time = UNIX_TIMESTAMP('{{start_time}}')\n and start_time = UNIX_TIMESTAMP('{{start_time}}')\n and start_time = '{{start_time}}' and __time < '{{end_time}}'\nand \nprotocol_id in('ETHERNET.IPv4.UDP.DNS','ETHERNET.IPv4.UDP.QUIC.cloudflare')\ngroup by protocol_id", + "protocol": "http", + "host": [ + "{{qgw_ip}}" + ], + "port": "{{qgw_port}}", + "path": [ + "" + ], + "query": [ + { + "key": "query", + "value": "select \n protocol_id,\n sum(c2s_byte_num + s2c_byte_num)/1024/1024 as \"Bytes MB\",\n sum(c2s_pkt_num+s2c_pkt_num) as packets\nfrom traffic_protocol_stat_log\nwhere \n __time >= '{{start_time}}' and __time < '{{end_time}}'\nand \nprotocol_id in('ETHERNET.IPv4.UDP.DNS','ETHERNET.IPv4.UDP.QUIC.cloudflare')\ngroup by protocol_id" + } + ] + } + }, + "response": [] + }, + { + "name": "原始日志协议带宽", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "pm.test(\"Status code is 200\", function () {", + " pm.response.to.have.status(200);", + "});" + ], + "type": "text/javascript" + } + } + ], + "request": { + "method": "GET", + "header": [], + "url": { + "raw": "http://{{qgw_ip}}:{{qgw_port}}/?query=select\n\t'ETHERNET.IPv4.UDP.DNS' as protocol_id,\n\tsum(common_c2s_byte_diff + common_s2c_byte_diff)/ 1024 / 1024 as \"bytes-MB\",\n\tsum(common_c2s_pkt_diff + common_s2c_pkt_diff) as packets\nfrom\n\tsession_record\nwhere\n\tcommon_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time < UNIX_TIMESTAMP('{{end_time}}') \n\tand common_protocol_label = 'ETHERNET.IPv4.UDP'\n\tand common_l7_protocol = 'DNS'\n\tand empty(common_app_label)\nunion ALL \nselect\n\t'ETHERNET.IPv4.UDP.QUIC.cloudflare' as protocol_id,\n\tsum(common_c2s_byte_diff + common_s2c_byte_diff)/ 1024 / 1024 as \"bytes-MB\",\n\tsum(common_c2s_pkt_diff + common_s2c_pkt_diff) as packets\nfrom\n\tsession_record\nwhere\ncommon_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time < UNIX_TIMESTAMP('{{end_time}}') \n\tand common_protocol_label = 'ETHERNET.IPv4.UDP'\n\tand common_l7_protocol = 'QUIC'\n\tand common_app_label = 'cloudflare'\n", + "protocol": "http", + "host": [ + "{{qgw_ip}}" + ], + "port": "{{qgw_port}}", + "path": [ + "" + ], + "query": [ + { + "key": "query", + "value": "select\n\t'ETHERNET.IPv4.UDP.DNS' as protocol_id,\n\tsum(common_c2s_byte_diff + common_s2c_byte_diff)/ 1024 / 1024 as \"bytes-MB\",\n\tsum(common_c2s_pkt_diff + common_s2c_pkt_diff) as packets\nfrom\n\tsession_record\nwhere\n\tcommon_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time < UNIX_TIMESTAMP('{{end_time}}') \n\tand common_protocol_label = 'ETHERNET.IPv4.UDP'\n\tand common_l7_protocol = 'DNS'\n\tand empty(common_app_label)\nunion ALL \nselect\n\t'ETHERNET.IPv4.UDP.QUIC.cloudflare' as protocol_id,\n\tsum(common_c2s_byte_diff + common_s2c_byte_diff)/ 1024 / 1024 as \"bytes-MB\",\n\tsum(common_c2s_pkt_diff + common_s2c_pkt_diff) as packets\nfrom\n\tsession_record\nwhere\ncommon_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time < UNIX_TIMESTAMP('{{end_time}}') \n\tand common_protocol_label = 'ETHERNET.IPv4.UDP'\n\tand common_l7_protocol = 'QUIC'\n\tand common_app_label = 'cloudflare'\n" + } + ] + } + }, + "response": [] + } + ] + }, + { + "name": "基础统计-当前流量(计数)", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "pm.test(\"Status code is 200\", function () {", + " pm.response.to.have.status(200);", + "});" + ], + "type": "text/javascript" + } + } + ], + "request": { + "method": "GET", + "header": [], + "url": { + "raw": "http://{{qgw_ip}}:{{qgw_port}}/?query=select\n\tsum(total_in_bytes)* 8 / 300 as trafficInBits,\n\tsum(total_out_bytes)* 8 / 300 as trafficOutBits,\n\tsum(total_in_bytes + total_out_bytes)* 8 / 300 as trafficTotalBits,\n\tsum(total_in_packets)/ 300 as trafficInPackets,\n\tsum(total_out_packets)/ 300 as trafficOutPackets,\n\tsum(total_in_packets + total_out_packets)/ 300 as trafficTotalPackets,\n\tsum(new_conn_num)/ 300 as sessions\nfrom\n\ttraffic_metrics_log\nwhere\n\t__time >= FROM_UNIXTIME(UNIX_TIMESTAMP(now())-300)", + "protocol": "http", + "host": [ + "{{qgw_ip}}" + ], + "port": "{{qgw_port}}", + "path": [ + "" + ], + "query": [ + { + "key": "query", + "value": "select\n\tsum(total_in_bytes)* 8 / 300 as trafficInBits,\n\tsum(total_out_bytes)* 8 / 300 as trafficOutBits,\n\tsum(total_in_bytes + total_out_bytes)* 8 / 300 as trafficTotalBits,\n\tsum(total_in_packets)/ 300 as trafficInPackets,\n\tsum(total_out_packets)/ 300 as trafficOutPackets,\n\tsum(total_in_packets + total_out_packets)/ 300 as trafficTotalPackets,\n\tsum(new_conn_num)/ 300 as sessions\nfrom\n\ttraffic_metrics_log\nwhere\n\t__time >= FROM_UNIXTIME(UNIX_TIMESTAMP(now())-300)" + } + ] + }, + "description": "最近5分钟" + }, + "response": [] + }, + { + "name": "基础统计-当前新建、活跃(计数)", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "pm.test(\"Status code is 200\", function () {", + " pm.response.to.have.status(200);", + "});" + ], + "type": "text/javascript" + } + } + ], + "request": { + "method": "GET", + "header": [], + "url": { + "raw": "http://{{qgw_ip}}:{{qgw_port}}/?query=select \n sum(new_conn_num)/300 as new_conn_num, \n sum(live_conn_num) as live_conn_num \nfrom (\n select\n sum(new_conn_num) as new_conn_num,\n max(established_conn_num) as live_conn_num \n from traffic_metrics_log \n where __time >= FROM_UNIXTIME(UNIX_TIMESTAMP(now())-300)\n group by device_id)", + "protocol": "http", + "host": [ + "{{qgw_ip}}" + ], + "port": "{{qgw_port}}", + "path": [ + "" + ], + "query": [ + { + "key": "query", + "value": "select \n sum(new_conn_num)/300 as new_conn_num, \n sum(live_conn_num) as live_conn_num \nfrom (\n select\n sum(new_conn_num) as new_conn_num,\n max(established_conn_num) as live_conn_num \n from traffic_metrics_log \n where __time >= FROM_UNIXTIME(UNIX_TIMESTAMP(now())-300)\n group by device_id)" + } + ] + } + }, + "response": [] + }, + { + "name": "基础统计-流量(趋势)", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "pm.test(\"Status code is 200\", function () {", + " pm.response.to.have.status(200);", + "});" + ], + "type": "text/javascript" + } + } + ], + "request": { + "method": "GET", + "header": [], + "url": { + "raw": "http://{{qgw_ip}}:{{qgw_port}}/?query=select\n\tFROM_UNIXTIME(TIME_FLOOR_WITH_FILL(UNIX_TIMESTAMP(__time),\n\t'PT30S',\n\t'zero')) as statisticsTime,\n\tsum(total_in_bytes) as total_in_bytes,\n\tsum(total_out_bytes) as total_out_bytes,\n\tsum(total_in_bytes + total_out_bytes) as total_all_bytes,\n\tsum(total_in_packets) as total_in_packets,\n\tsum(total_out_packets) as total_out_packets,\n\tsum(total_in_packets + total_out_packets) as total_all_packets,\n\tsum(new_conn_num) as sessions\nfrom\n\ttraffic_metrics_log\nwhere\n\t__time >= '{{start_time}}'\n\tand __time < '{{end_time}}'\n\tgroup by FROM_UNIXTIME(TIME_FLOOR_WITH_FILL(UNIX_TIMESTAMP(__time),\n\t'PT30S',\n\t'zero'))\nlimit 50000", + "protocol": "http", + "host": [ + "{{qgw_ip}}" + ], + "port": "{{qgw_port}}", + "path": [ + "" + ], + "query": [ + { + "key": "query", + "value": "select\n\tFROM_UNIXTIME(TIME_FLOOR_WITH_FILL(UNIX_TIMESTAMP(__time),\n\t'PT30S',\n\t'zero')) as statisticsTime,\n\tsum(total_in_bytes) as total_in_bytes,\n\tsum(total_out_bytes) as total_out_bytes,\n\tsum(total_in_bytes + total_out_bytes) as total_all_bytes,\n\tsum(total_in_packets) as total_in_packets,\n\tsum(total_out_packets) as total_out_packets,\n\tsum(total_in_packets + total_out_packets) as total_all_packets,\n\tsum(new_conn_num) as sessions\nfrom\n\ttraffic_metrics_log\nwhere\n\t__time >= '{{start_time}}'\n\tand __time < '{{end_time}}'\n\tgroup by FROM_UNIXTIME(TIME_FLOOR_WITH_FILL(UNIX_TIMESTAMP(__time),\n\t'PT30S',\n\t'zero'))\nlimit 50000" + } + ] + } + }, + "response": [] + }, + { + "name": "基础统计-新建、活跃(趋势)", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "pm.test(\"Status code is 200\", function () {", + " pm.response.to.have.status(200);", + "});" + ], + "type": "text/javascript" + } + } + ], + "request": { + "method": "GET", + "header": [], + "url": { + "raw": "http://{{qgw_ip}}:{{qgw_port}}/?query=select * from (select\nFROM_UNIXTIME(TIME_FLOOR_WITH_FILL(UNIX_TIMESTAMP(__time),\n'PT5m',\n'zero')) as statisticTime,\n'new_conn_num' as type,\nsum(new_conn_num) as sessions\nfrom\ntraffic_metrics_log\nwhere\n__time >= '{{start_time}}'\nand __time < '{{end_time}}'\ngroup by FROM_UNIXTIME(TIME_FLOOR_WITH_FILL(UNIX_TIMESTAMP(__time),\n'PT5m',\n'zero')),'new_conn_num' union all select statisticTime, 'live_conn_num' as type,sum(sessions) as sessions from ( select\nFROM_UNIXTIME(TIME_FLOOR_WITH_FILL(UNIX_TIMESTAMP(__time),\n'PT5m',\n'zero')) as statisticTime,device_id,\nmax(established_conn_num) as sessions\nfrom\ntraffic_metrics_log\nwhere\n__time >= '{{start_time}}'\nand __time < '{{end_time}}' \ngroup by FROM_UNIXTIME(TIME_FLOOR_WITH_FILL(UNIX_TIMESTAMP(__time),\n'PT5m',\n'zero')),device_id) group by statisticTime,'live_conn_num' ) order by statisticTime asc limit 50000", + "protocol": "http", + "host": [ + "{{qgw_ip}}" + ], + "port": "{{qgw_port}}", + "path": [ + "" + ], + "query": [ + { + "key": "query", + "value": "select * from (select\nFROM_UNIXTIME(TIME_FLOOR_WITH_FILL(UNIX_TIMESTAMP(__time),\n'PT5m',\n'zero')) as statisticTime,\n'new_conn_num' as type,\nsum(new_conn_num) as sessions\nfrom\ntraffic_metrics_log\nwhere\n__time >= '{{start_time}}'\nand __time < '{{end_time}}'\ngroup by FROM_UNIXTIME(TIME_FLOOR_WITH_FILL(UNIX_TIMESTAMP(__time),\n'PT5m',\n'zero')),'new_conn_num' union all select statisticTime, 'live_conn_num' as type,sum(sessions) as sessions from ( select\nFROM_UNIXTIME(TIME_FLOOR_WITH_FILL(UNIX_TIMESTAMP(__time),\n'PT5m',\n'zero')) as statisticTime,device_id,\nmax(established_conn_num) as sessions\nfrom\ntraffic_metrics_log\nwhere\n__time >= '{{start_time}}'\nand __time < '{{end_time}}' \ngroup by FROM_UNIXTIME(TIME_FLOOR_WITH_FILL(UNIX_TIMESTAMP(__time),\n'PT5m',\n'zero')),device_id) group by statisticTime,'live_conn_num' ) order by statisticTime asc limit 50000" + } + ] + } + }, + "response": [] + }, + { + "name": "安全命中策略-命中动作连接数(计数)", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "pm.test(\"Status code is 200\", function () {", + " pm.response.to.have.status(200);", + "});" + ], + "type": "text/javascript" + } + } + ], + "request": { + "method": "GET", + "header": [], + "url": { + "raw": "http://{{qgw_ip}}:{{qgw_port}}/?query=select 'Default' as action, sum(default_in_bytes+default_out_bytes) as bytes, sum(default_in_packets+default_out_packets) as packets, sum(default_conn_num) as sessions from traffic_metrics_log where __time >= '{{start_time}}' and __time < '{{end_time}}' union all select 'Allow' as action, sum(allow_in_bytes+allow_out_bytes) as bytes, sum(allow_in_packets+allow_out_packets) as packets, sum(allow_conn_num) as sessions from traffic_metrics_log where __time >= '{{start_time}}' and __time < '{{end_time}}' union all select 'Deny' as action, sum(deny_in_bytes+deny_out_bytes) as bytes, sum(deny_in_packets+deny_out_packets) as packets, sum(deny_conn_num) as sessions from traffic_metrics_log where __time >= '{{start_time}}' and __time < '{{end_time}}' union all select 'Monitor' as action, sum(monitor_in_bytes+monitor_out_bytes) as bytes, sum(monitor_in_packets+monitor_out_packets) as packets, sum(monitor_conn_num) as sessions from traffic_metrics_log where __time >= '{{start_time}}' and __time < '{{end_time}}' union all select 'Intercept' as action, sum(intercept_in_bytes+intercept_out_bytes) as bytes, sum(intercept_in_packets+intercept_out_packets) as packets, sum(intercept_conn_num) as sessions from traffic_metrics_log where __time >= '{{start_time}}' and __time < '{{end_time}}'", + "protocol": "http", + "host": [ + "{{qgw_ip}}" + ], + "port": "{{qgw_port}}", + "path": [ + "" + ], + "query": [ + { + "key": "query", + "value": "select 'Default' as action, sum(default_in_bytes+default_out_bytes) as bytes, sum(default_in_packets+default_out_packets) as packets, sum(default_conn_num) as sessions from traffic_metrics_log where __time >= '{{start_time}}' and __time < '{{end_time}}' union all select 'Allow' as action, sum(allow_in_bytes+allow_out_bytes) as bytes, sum(allow_in_packets+allow_out_packets) as packets, sum(allow_conn_num) as sessions from traffic_metrics_log where __time >= '{{start_time}}' and __time < '{{end_time}}' union all select 'Deny' as action, sum(deny_in_bytes+deny_out_bytes) as bytes, sum(deny_in_packets+deny_out_packets) as packets, sum(deny_conn_num) as sessions from traffic_metrics_log where __time >= '{{start_time}}' and __time < '{{end_time}}' union all select 'Monitor' as action, sum(monitor_in_bytes+monitor_out_bytes) as bytes, sum(monitor_in_packets+monitor_out_packets) as packets, sum(monitor_conn_num) as sessions from traffic_metrics_log where __time >= '{{start_time}}' and __time < '{{end_time}}' union all select 'Intercept' as action, sum(intercept_in_bytes+intercept_out_bytes) as bytes, sum(intercept_in_packets+intercept_out_packets) as packets, sum(intercept_conn_num) as sessions from traffic_metrics_log where __time >= '{{start_time}}' and __time < '{{end_time}}'" + } + ] + } + }, + "response": [] + }, + { + "name": "安全命中策略-命中动作连接数(趋势)", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "pm.test(\"Status code is 200\", function () {", + " pm.response.to.have.status(200);", + "});" + ], + "type": "text/javascript" + } + } + ], + "request": { + "method": "GET", + "header": [], + "url": { + "raw": "http://{{qgw_ip}}:{{qgw_port}}/?query=select\nFROM_UNIXTIME(TIME_FLOOR_WITH_FILL(UNIX_TIMESTAMP(__time),\n\t'PT30S',\n\t'zero')) as statisticTime,\n\tsum(default_in_bytes + default_out_bytes) as default_bytes,\n\tsum(default_in_packets + default_out_packets) as default_packets,\n\tsum(default_conn_num) as default_sessions,\n\tsum(allow_in_bytes + allow_out_bytes) as allow_bytes,\n\tsum(allow_in_packets + allow_out_packets) as allow_packets,\n\tsum(allow_conn_num) as allow_sessions,\n\tsum(deny_in_bytes + deny_out_bytes) as deny_bytes,\n\tsum(deny_in_packets + deny_out_packets) as deny_packets,\n\tsum(deny_conn_num) as deny_sessions,\n\tsum(monitor_in_bytes + monitor_out_bytes) as monitor_bytes,\n\tsum(monitor_in_packets + monitor_out_packets) as monitor_packets,\n\tsum(monitor_conn_num) as monitor_sessions,\n\tsum(intercept_in_bytes + intercept_out_bytes) as intercept_bytes,\n\tsum(intercept_in_packets + intercept_out_packets) as intercept_packets,\n\tsum(intercept_conn_num) as intercept_sessions\nfrom\n\ttraffic_metrics_log\nwhere\n\t__time >= '{{start_time}}'\n\tand __time < '{{end_time}}'\ngroup by\n\tFROM_UNIXTIME(TIME_FLOOR_WITH_FILL(UNIX_TIMESTAMP(__time),\n\t'PT30S',\n\t'zero'))\nlimit 50000", + "protocol": "http", + "host": [ + "{{qgw_ip}}" + ], + "port": "{{qgw_port}}", + "path": [ + "" + ], + "query": [ + { + "key": "query", + "value": "select\nFROM_UNIXTIME(TIME_FLOOR_WITH_FILL(UNIX_TIMESTAMP(__time),\n\t'PT30S',\n\t'zero')) as statisticTime,\n\tsum(default_in_bytes + default_out_bytes) as default_bytes,\n\tsum(default_in_packets + default_out_packets) as default_packets,\n\tsum(default_conn_num) as default_sessions,\n\tsum(allow_in_bytes + allow_out_bytes) as allow_bytes,\n\tsum(allow_in_packets + allow_out_packets) as allow_packets,\n\tsum(allow_conn_num) as allow_sessions,\n\tsum(deny_in_bytes + deny_out_bytes) as deny_bytes,\n\tsum(deny_in_packets + deny_out_packets) as deny_packets,\n\tsum(deny_conn_num) as deny_sessions,\n\tsum(monitor_in_bytes + monitor_out_bytes) as monitor_bytes,\n\tsum(monitor_in_packets + monitor_out_packets) as monitor_packets,\n\tsum(monitor_conn_num) as monitor_sessions,\n\tsum(intercept_in_bytes + intercept_out_bytes) as intercept_bytes,\n\tsum(intercept_in_packets + intercept_out_packets) as intercept_packets,\n\tsum(intercept_conn_num) as intercept_sessions\nfrom\n\ttraffic_metrics_log\nwhere\n\t__time >= '{{start_time}}'\n\tand __time < '{{end_time}}'\ngroup by\n\tFROM_UNIXTIME(TIME_FLOOR_WITH_FILL(UNIX_TIMESTAMP(__time),\n\t'PT30S',\n\t'zero'))\nlimit 50000" + } + ] + } + }, + "response": [] + }, + { + "name": "安全命中策略-策略命中排名", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "pm.test(\"Status code is 200\", function () {", + " pm.response.to.have.status(200);", + "});" + ], + "type": "text/javascript" + } + } + ], + "request": { + "method": "GET", + "header": [], + "url": { + "raw": "http://{{qgw_ip}}:{{qgw_port}}/?query=select policy_id as policyId, sum(hits) as sessions from security_event_hits_log where __time >= '{{start_time}}' and __time < '{{end_time}}' group by policy_id order by sessions desc limit 10", + "protocol": "http", + "host": [ + "{{qgw_ip}}" + ], + "port": "{{qgw_port}}", + "path": [ + "" + ], + "query": [ + { + "key": "query", + "value": "select policy_id as policyId, sum(hits) as sessions from security_event_hits_log where __time >= '{{start_time}}' and __time < '{{end_time}}' group by policy_id order by sessions desc limit 10" + } + ] + } + }, + "response": [] + }, + { + "name": "终端统计信息-活跃源IP排名(会话数)", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "pm.test(\"Status code is 200\", function () {", + " pm.response.to.have.status(200);", + "});" + ], + "type": "text/javascript" + } + } + ], + "request": { + "method": "GET", + "header": [], + "url": { + "raw": "http://{{qgw_ip}}:{{qgw_port}}/?query=select\n\tsource as clientIp,\n\tdevice_group as deviceGroup,\n\tdata_center as dataCenter,\n\tsum(session_num) as sessions,\n\tsum(c2s_byte_num) as sentBytes,\n\tsum(s2c_byte_num) as receivedBytes,\n\tsum(c2s_byte_num + s2c_byte_num) as totalBytes,\n\tsum(c2s_pkt_num) as sentPackets,\n\tsum(s2c_pkt_num) as receivedPackets,\n\tsum(c2s_pkt_num + s2c_pkt_num) as totalPackets\nfrom\n\ttop_client_ip_log\nwhere\n\t__time >= '{{start_time}}' and __time < '{{end_time}}' and order_by = 'sessions'\ngroup by\n\tsource,\n\tdevice_group,\n\tdata_center\norder by\n\tsessions desc\nlimit 10", + "protocol": "http", + "host": [ + "{{qgw_ip}}" + ], + "port": "{{qgw_port}}", + "path": [ + "" + ], + "query": [ + { + "key": "query", + "value": "select\n\tsource as clientIp,\n\tdevice_group as deviceGroup,\n\tdata_center as dataCenter,\n\tsum(session_num) as sessions,\n\tsum(c2s_byte_num) as sentBytes,\n\tsum(s2c_byte_num) as receivedBytes,\n\tsum(c2s_byte_num + s2c_byte_num) as totalBytes,\n\tsum(c2s_pkt_num) as sentPackets,\n\tsum(s2c_pkt_num) as receivedPackets,\n\tsum(c2s_pkt_num + s2c_pkt_num) as totalPackets\nfrom\n\ttop_client_ip_log\nwhere\n\t__time >= '{{start_time}}' and __time < '{{end_time}}' and order_by = 'sessions'\ngroup by\n\tsource,\n\tdevice_group,\n\tdata_center\norder by\n\tsessions desc\nlimit 10" + } + ] + } + }, + "response": [] + }, + { + "name": "终端统计信息-活跃源IP排名(包数)", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "pm.test(\"Status code is 200\", function () {", + " pm.response.to.have.status(200);", + "});" + ], + "type": "text/javascript" + } + } + ], + "request": { + "method": "GET", + "header": [], + "url": { + "raw": "http://{{qgw_ip}}:{{qgw_port}}/?query=select\n\tsource as clientIp,\n\tdevice_group as deviceGroup,\n\tdata_center as dataCenter,\n\tsum(session_num) as sessions,\n\tsum(c2s_byte_num) as sentBytes,\n\tsum(s2c_byte_num) as receivedBytes,\n\tsum(c2s_byte_num + s2c_byte_num) as totalBytes,\n\tsum(c2s_pkt_num) as sentPackets,\n\tsum(s2c_pkt_num) as receivedPackets,\n\tsum(c2s_pkt_num + s2c_pkt_num) as totalPackets\nfrom\n\ttop_client_ip_log\nwhere\n\t__time >= '{{start_time}}'\n\tand __time < '{{end_time}}'\n\tand order_by = 'packets'\ngroup by\n\tsource,\n\tdevice_group,\n\tdata_center\norder by\n\ttotalPackets desc\nlimit 10", + "protocol": "http", + "host": [ + "{{qgw_ip}}" + ], + "port": "{{qgw_port}}", + "path": [ + "" + ], + "query": [ + { + "key": "query", + "value": "select\n\tsource as clientIp,\n\tdevice_group as deviceGroup,\n\tdata_center as dataCenter,\n\tsum(session_num) as sessions,\n\tsum(c2s_byte_num) as sentBytes,\n\tsum(s2c_byte_num) as receivedBytes,\n\tsum(c2s_byte_num + s2c_byte_num) as totalBytes,\n\tsum(c2s_pkt_num) as sentPackets,\n\tsum(s2c_pkt_num) as receivedPackets,\n\tsum(c2s_pkt_num + s2c_pkt_num) as totalPackets\nfrom\n\ttop_client_ip_log\nwhere\n\t__time >= '{{start_time}}'\n\tand __time < '{{end_time}}'\n\tand order_by = 'packets'\ngroup by\n\tsource,\n\tdevice_group,\n\tdata_center\norder by\n\ttotalPackets desc\nlimit 10" + } + ] + } + }, + "response": [] + }, + { + "name": "终端统计信息-活跃源IP排名(字节数)", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "pm.test(\"Status code is 200\", function () {", + " pm.response.to.have.status(200);", + "});" + ], + "type": "text/javascript" + } + } + ], + "request": { + "method": "GET", + "header": [], + "url": { + "raw": "http://{{qgw_ip}}:{{qgw_port}}/?query=select\n\tsource as clientIp,\n\tsum(session_num) as sessions,\n\tsum(c2s_byte_num) as sentBytes,\n\tsum(s2c_byte_num) as receivedBytes,\n\tsum(c2s_byte_num + s2c_byte_num) as totalBytes,\n\tsum(c2s_pkt_num) as sentPackets,\n\tsum(s2c_pkt_num) as receivedPackets,\n\tsum(c2s_pkt_num + s2c_pkt_num) as totalPackets\nfrom\n\ttop_client_ip_log\nwhere\n\t__time >= '{{start_time}}'\n\tand __time < '{{end_time}}'\n\tand order_by = 'bytes'\ngroup by\n\tsource,\n\tdevice_group,\n\tdata_center\norder by\n\ttotalBytes desc\nlimit 10", + "protocol": "http", + "host": [ + "{{qgw_ip}}" + ], + "port": "{{qgw_port}}", + "path": [ + "" + ], + "query": [ + { + "key": "query", + "value": "select\n\tsource as clientIp,\n\tsum(session_num) as sessions,\n\tsum(c2s_byte_num) as sentBytes,\n\tsum(s2c_byte_num) as receivedBytes,\n\tsum(c2s_byte_num + s2c_byte_num) as totalBytes,\n\tsum(c2s_pkt_num) as sentPackets,\n\tsum(s2c_pkt_num) as receivedPackets,\n\tsum(c2s_pkt_num + s2c_pkt_num) as totalPackets\nfrom\n\ttop_client_ip_log\nwhere\n\t__time >= '{{start_time}}'\n\tand __time < '{{end_time}}'\n\tand order_by = 'bytes'\ngroup by\n\tsource,\n\tdevice_group,\n\tdata_center\norder by\n\ttotalBytes desc\nlimit 10" + } + ] + } + }, + "response": [] + }, + { + "name": "终端统计信息-活跃目的IP排名(会话数)", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "pm.test(\"Status code is 200\", function () {", + " pm.response.to.have.status(200);", + "});" + ], + "type": "text/javascript" + } + } + ], + "request": { + "method": "GET", + "header": [], + "url": { + "raw": "http://{{qgw_ip}}:{{qgw_port}}/?query=select\n\tdestination as serverIp,\n\tsum(session_num) as sessions,\n\tsum(c2s_byte_num) as sentBytes,\n\tsum(s2c_byte_num) as receivedBytes,\n\tsum(c2s_byte_num + s2c_byte_num) as totalBytes,\n\tsum(c2s_pkt_num) as sentPackets,\n\tsum(s2c_pkt_num) as receivedPackets,\n\tsum(c2s_pkt_num + s2c_pkt_num) as totalPackets\nfrom\n\ttop_server_ip_log\nwhere\n\t__time >= '{{start_time}}' and __time < '{{end_time}}' and order_by = 'sessions'\ngroup by\n\tdestination,\n\tdevice_group,\n\tdata_center\norder by\n\tsessions desc\nlimit 10", + "protocol": "http", + "host": [ + "{{qgw_ip}}" + ], + "port": "{{qgw_port}}", + "path": [ + "" + ], + "query": [ + { + "key": "query", + "value": "select\n\tdestination as serverIp,\n\tsum(session_num) as sessions,\n\tsum(c2s_byte_num) as sentBytes,\n\tsum(s2c_byte_num) as receivedBytes,\n\tsum(c2s_byte_num + s2c_byte_num) as totalBytes,\n\tsum(c2s_pkt_num) as sentPackets,\n\tsum(s2c_pkt_num) as receivedPackets,\n\tsum(c2s_pkt_num + s2c_pkt_num) as totalPackets\nfrom\n\ttop_server_ip_log\nwhere\n\t__time >= '{{start_time}}' and __time < '{{end_time}}' and order_by = 'sessions'\ngroup by\n\tdestination,\n\tdevice_group,\n\tdata_center\norder by\n\tsessions desc\nlimit 10" + } + ] + } + }, + "response": [] + }, + { + "name": "终端统计信息-活跃目的IP排名(包数)", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "pm.test(\"Status code is 200\", function () {", + " pm.response.to.have.status(200);", + "});" + ], + "type": "text/javascript" + } + } + ], + "request": { + "method": "GET", + "header": [], + "url": { + "raw": "http://{{qgw_ip}}:{{qgw_port}}/?query=select destination as serverIp,sum(session_num) as sessions,sum(c2s_byte_num) as sentBytes,sum(s2c_byte_num) as receivedBytes,sum(c2s_byte_num+s2c_byte_num) as totalBytes,sum(c2s_pkt_num) as sentPackets,sum(s2c_pkt_num) as receivedPackets,sum(c2s_pkt_num+s2c_pkt_num) as totalPackets from top_server_ip_log where __time >= '{{start_time}}' and __time < '{{end_time}}' and order_by='packets' group by destination order by totalPackets desc limit 10", + "protocol": "http", + "host": [ + "{{qgw_ip}}" + ], + "port": "{{qgw_port}}", + "path": [ + "" + ], + "query": [ + { + "key": "query", + "value": "select destination as serverIp,sum(session_num) as sessions,sum(c2s_byte_num) as sentBytes,sum(s2c_byte_num) as receivedBytes,sum(c2s_byte_num+s2c_byte_num) as totalBytes,sum(c2s_pkt_num) as sentPackets,sum(s2c_pkt_num) as receivedPackets,sum(c2s_pkt_num+s2c_pkt_num) as totalPackets from top_server_ip_log where __time >= '{{start_time}}' and __time < '{{end_time}}' and order_by='packets' group by destination order by totalPackets desc limit 10" + } + ] + } + }, + "response": [] + }, + { + "name": "终端统计信息-活跃目的IP排名(字节数)", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "pm.test(\"Status code is 200\", function () {", + " pm.response.to.have.status(200);", + "});" + ], + "type": "text/javascript" + } + } + ], + "request": { + "method": "GET", + "header": [], + "url": { + "raw": "http://{{qgw_ip}}:{{qgw_port}}/?query=select destination as serverIp,sum(session_num) as sessions,sum(c2s_byte_num) as sentBytes,sum(s2c_byte_num) as receivedBytes,sum(c2s_byte_num+s2c_byte_num) as totalBytes,sum(c2s_pkt_num) as sentPackets,sum(s2c_pkt_num) as receivedPackets,sum(c2s_pkt_num+s2c_pkt_num) as totalPackets from top_server_ip_log where __time >= '{{start_time}}' and __time < '{{end_time}}' and order_by='bytes' group by destination order by totalBytes desc limit 10", + "protocol": "http", + "host": [ + "{{qgw_ip}}" + ], + "port": "{{qgw_port}}", + "path": [ + "" + ], + "query": [ + { + "key": "query", + "value": "select destination as serverIp,sum(session_num) as sessions,sum(c2s_byte_num) as sentBytes,sum(s2c_byte_num) as receivedBytes,sum(c2s_byte_num+s2c_byte_num) as totalBytes,sum(c2s_pkt_num) as sentPackets,sum(s2c_pkt_num) as receivedPackets,sum(c2s_pkt_num+s2c_pkt_num) as totalPackets from top_server_ip_log where __time >= '{{start_time}}' and __time < '{{end_time}}' and order_by='bytes' group by destination order by totalBytes desc limit 10" + } + ] + } + }, + "response": [] + }, + { + "name": "终端统计信息-活跃用户排名(会话数)", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "pm.test(\"Status code is 200\", function () {", + " pm.response.to.have.status(200);", + "});" + ], + "type": "text/javascript" + } + } + ], + "request": { + "method": "GET", + "header": [], + "url": { + "raw": "http://{{qgw_ip}}:{{qgw_port}}/?query=select subscriber_id as subscriberid,sum(session_num) as sessions,sum(c2s_byte_num) as sentBytes,sum(s2c_byte_num) as receivedBytes,sum(c2s_byte_num+s2c_byte_num) as totalBytes,sum(c2s_pkt_num) as sentPackets,sum(s2c_pkt_num) as receivedPackets,sum(c2s_pkt_num+s2c_pkt_num) as totalPackets from top_user_log where __time >= '{{start_time}}' and __time < '{{end_time}}' and order_by='sessions' group by subscriber_id order by sessions desc limit 10", + "protocol": "http", + "host": [ + "{{qgw_ip}}" + ], + "port": "{{qgw_port}}", + "path": [ + "" + ], + "query": [ + { + "key": "query", + "value": "select subscriber_id as subscriberid,sum(session_num) as sessions,sum(c2s_byte_num) as sentBytes,sum(s2c_byte_num) as receivedBytes,sum(c2s_byte_num+s2c_byte_num) as totalBytes,sum(c2s_pkt_num) as sentPackets,sum(s2c_pkt_num) as receivedPackets,sum(c2s_pkt_num+s2c_pkt_num) as totalPackets from top_user_log where __time >= '{{start_time}}' and __time < '{{end_time}}' and order_by='sessions' group by subscriber_id order by sessions desc limit 10" + } + ] + } + }, + "response": [] + }, + { + "name": "终端统计信息-活跃用户排名(包数)", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "pm.test(\"Status code is 200\", function () {", + " pm.response.to.have.status(200);", + "});" + ], + "type": "text/javascript" + } + } + ], + "request": { + "method": "GET", + "header": [], + "url": { + "raw": "http://{{qgw_ip}}:{{qgw_port}}/?query=select\n\tsubscriber_id as subscriberid,\n\tsum(session_num) as sessions,\n\tsum(c2s_byte_num) as sentBytes,\n\tsum(s2c_byte_num) as receivedBytes,\n\tsum(c2s_byte_num + s2c_byte_num) as totalBytes,\n\tsum(c2s_pkt_num) as sentPackets,\n\tsum(s2c_pkt_num) as receivedPackets,\n\tsum(c2s_pkt_num + s2c_pkt_num) as totalPackets\nfrom\n\ttop_user_log\nwhere\n\t__time >= '{{start_time}}' and __time < '{{end_time}}' and order_by = 'packets'\ngroup by\n\tsubscriber_id,\n\tdevice_group,\n\tdata_center\norder by\n\ttotalPackets desc\nlimit 10", + "protocol": "http", + "host": [ + "{{qgw_ip}}" + ], + "port": "{{qgw_port}}", + "path": [ + "" + ], + "query": [ + { + "key": "query", + "value": "select\n\tsubscriber_id as subscriberid,\n\tsum(session_num) as sessions,\n\tsum(c2s_byte_num) as sentBytes,\n\tsum(s2c_byte_num) as receivedBytes,\n\tsum(c2s_byte_num + s2c_byte_num) as totalBytes,\n\tsum(c2s_pkt_num) as sentPackets,\n\tsum(s2c_pkt_num) as receivedPackets,\n\tsum(c2s_pkt_num + s2c_pkt_num) as totalPackets\nfrom\n\ttop_user_log\nwhere\n\t__time >= '{{start_time}}' and __time < '{{end_time}}' and order_by = 'packets'\ngroup by\n\tsubscriber_id,\n\tdevice_group,\n\tdata_center\norder by\n\ttotalPackets desc\nlimit 10" + } + ] + } + }, + "response": [] + }, + { + "name": "终端统计信息-活跃用户排名(字节数)", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "pm.test(\"Status code is 200\", function () {", + " pm.response.to.have.status(200);", + "});" + ], + "type": "text/javascript" + } + } + ], + "request": { + "method": "GET", + "header": [], + "url": { + "raw": "http://{{qgw_ip}}:{{qgw_port}}/?query=select subscriber_id as subscriberid,sum(session_num) as sessions,sum(c2s_byte_num) as sentBytes,sum(s2c_byte_num) as receivedBytes,sum(c2s_byte_num+s2c_byte_num) as totalBytes,sum(c2s_pkt_num) as sentPackets,sum(s2c_pkt_num) as receivedPackets,sum(c2s_pkt_num+s2c_pkt_num) as totalPackets from top_user_log where __time >= '{{start_time}}' and __time < '{{end_time}}' and order_by='bytes' group by subscriber_id order by totalBytes desc limit 10", + "protocol": "http", + "host": [ + "{{qgw_ip}}" + ], + "port": "{{qgw_port}}", + "path": [ + "" + ], + "query": [ + { + "key": "query", + "value": "select subscriber_id as subscriberid,sum(session_num) as sessions,sum(c2s_byte_num) as sentBytes,sum(s2c_byte_num) as receivedBytes,sum(c2s_byte_num+s2c_byte_num) as totalBytes,sum(c2s_pkt_num) as sentPackets,sum(s2c_pkt_num) as receivedPackets,sum(c2s_pkt_num+s2c_pkt_num) as totalPackets from top_user_log where __time >= '{{start_time}}' and __time < '{{end_time}}' and order_by='bytes' group by subscriber_id order by totalBytes desc limit 10" + } + ] + } + }, + "response": [] + }, + { + "name": "终端统计信息-活跃网址排名", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "pm.test(\"Status code is 200\", function () {", + " pm.response.to.have.status(200);", + "});" + ], + "type": "text/javascript" + } + } + ], + "request": { + "method": "GET", + "header": [], + "url": { + "raw": "http://{{qgw_ip}}:{{qgw_port}}/?query=select url,sum(session_num) as sessions from top_urls_log where __time >= '{{start_time}}' and __time < '{{end_time}}' group by url order by sessions desc limit 10", + "protocol": "http", + "host": [ + "{{qgw_ip}}" + ], + "port": "{{qgw_port}}", + "path": [ + "" + ], + "query": [ + { + "key": "query", + "value": "select url,sum(session_num) as sessions from top_urls_log where __time >= '{{start_time}}' and __time < '{{end_time}}' group by url order by sessions desc limit 10" + } + ] + } + }, + "response": [] + }, + { + "name": "终端统计信息-活跃域名排名", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "pm.test(\"Status code is 200\", function () {", + " pm.response.to.have.status(200);", + "});" + ], + "type": "text/javascript" + } + } + ], + "request": { + "method": "GET", + "header": [], + "url": { + "raw": "http://{{qgw_ip}}:{{qgw_port}}/?query=select\n\tdomain,\n\tsum(session_num) as sessions,\n\tsum(c2s_byte_num) as sentBytes,\n\tsum(s2c_byte_num) as receivedBytes,\n\tsum(c2s_byte_num + s2c_byte_num) as totalBytes,\n\tsum(c2s_pkt_num) as sentPackets,\n\tsum(s2c_pkt_num) as receivedPackets,\n\tsum(c2s_pkt_num + s2c_pkt_num) as totalPackets\nfrom\n\ttop_website_domain_log\nwhere\n\t__time >= '{{start_time}}' and __time < '{{end_time}}' and order_by = 'sessions'\ngroup by\n\tdomain,\n\tdevice_group,\n\tdata_center\norder by\n\tsessions desc\nlimit 10", + "protocol": "http", + "host": [ + "{{qgw_ip}}" + ], + "port": "{{qgw_port}}", + "path": [ + "" + ], + "query": [ + { + "key": "query", + "value": "select\n\tdomain,\n\tsum(session_num) as sessions,\n\tsum(c2s_byte_num) as sentBytes,\n\tsum(s2c_byte_num) as receivedBytes,\n\tsum(c2s_byte_num + s2c_byte_num) as totalBytes,\n\tsum(c2s_pkt_num) as sentPackets,\n\tsum(s2c_pkt_num) as receivedPackets,\n\tsum(c2s_pkt_num + s2c_pkt_num) as totalPackets\nfrom\n\ttop_website_domain_log\nwhere\n\t__time >= '{{start_time}}' and __time < '{{end_time}}' and order_by = 'sessions'\ngroup by\n\tdomain,\n\tdevice_group,\n\tdata_center\norder by\n\tsessions desc\nlimit 10" + } + ] + } + }, + "response": [] + }, + { + "name": "终端统计信息-APP排名(会话数)", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "pm.test(\"Status code is 200\", function () {", + " pm.response.to.have.status(200);", + "});" + ], + "type": "text/javascript" + } + } + ], + "request": { + "method": "GET", + "header": [], + "url": { + "raw": "http://{{qgw_ip}}:{{qgw_port}}/?query=select\n\tapp_name as app_name,\n\tsum(session_num) as sessions,\n\tsum(c2s_byte_num) as sent_bytes,\n\tsum(s2c_byte_num) as received_bytes,\n\tsum(c2s_byte_num + s2c_byte_num) as bytes,\n\tsum(c2s_pkt_num) as sent_packets ,\n\tsum(s2c_pkt_num) as received_packets,\n\tsum(c2s_pkt_num + s2c_pkt_num) as packets\nfrom\n\ttraffic_app_stat_log\nwhere\n\t__time >= '{{start_time}}'\n\tand __time < '{{end_time}}'\ngroup by\n\tapp_name,\n\tdevice_group,\n\tdata_center\norder by\n\tsessions desc\nlimit 10", + "protocol": "http", + "host": [ + "{{qgw_ip}}" + ], + "port": "{{qgw_port}}", + "path": [ + "" + ], + "query": [ + { + "key": "query", + "value": "select\n\tapp_name as app_name,\n\tsum(session_num) as sessions,\n\tsum(c2s_byte_num) as sent_bytes,\n\tsum(s2c_byte_num) as received_bytes,\n\tsum(c2s_byte_num + s2c_byte_num) as bytes,\n\tsum(c2s_pkt_num) as sent_packets ,\n\tsum(s2c_pkt_num) as received_packets,\n\tsum(c2s_pkt_num + s2c_pkt_num) as packets\nfrom\n\ttraffic_app_stat_log\nwhere\n\t__time >= '{{start_time}}'\n\tand __time < '{{end_time}}'\ngroup by\n\tapp_name,\n\tdevice_group,\n\tdata_center\norder by\n\tsessions desc\nlimit 10" + } + ] + } + }, + "response": [] + }, + { + "name": "终端统计信息-内部主机排名(会话数)", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "pm.test(\"Status code is 200\", function () {", + " pm.response.to.have.status(200);", + "});" + ], + "type": "text/javascript" + } + } + ], + "request": { + "method": "GET", + "header": [], + "url": { + "raw": "http://{{qgw_ip}}:{{qgw_port}}/?query=select\n\tsource as internal_ip,\n\tsum(session_num) as sessions,\n\tsum(c2s_byte_num) as sent_bytes,\n\tsum(s2c_byte_num) as received_bytes,\n\tsum(c2s_byte_num + s2c_byte_num) as bytes,\n\tsum(c2s_pkt_num) as sent_packets ,\n\tsum(s2c_pkt_num) as received_packets,\n\tsum(c2s_pkt_num + s2c_pkt_num) as packets\nfrom\n\ttop_internal_host_log\nwhere\n\t__time >= '{{start_time}}'\n\tand __time < '{{end_time}}'\n\tand order_by = 'sessions'\ngroup by\n\tsource,\n\tdevice_group,\n\tdata_center\norder by\n\tsessions desc\nlimit 10", + "protocol": "http", + "host": [ + "{{qgw_ip}}" + ], + "port": "{{qgw_port}}", + "path": [ + "" + ], + "query": [ + { + "key": "query", + "value": "select\n\tsource as internal_ip,\n\tsum(session_num) as sessions,\n\tsum(c2s_byte_num) as sent_bytes,\n\tsum(s2c_byte_num) as received_bytes,\n\tsum(c2s_byte_num + s2c_byte_num) as bytes,\n\tsum(c2s_pkt_num) as sent_packets ,\n\tsum(s2c_pkt_num) as received_packets,\n\tsum(c2s_pkt_num + s2c_pkt_num) as packets\nfrom\n\ttop_internal_host_log\nwhere\n\t__time >= '{{start_time}}'\n\tand __time < '{{end_time}}'\n\tand order_by = 'sessions'\ngroup by\n\tsource,\n\tdevice_group,\n\tdata_center\norder by\n\tsessions desc\nlimit 10" + } + ] + } + }, + "response": [] + }, + { + "name": "终端统计信息-内部主机排名(包数)", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "pm.test(\"Status code is 200\", function () {", + " pm.response.to.have.status(200);", + "});" + ], + "type": "text/javascript" + } + } + ], + "request": { + "method": "GET", + "header": [], + "url": { + "raw": "http://{{qgw_ip}}:{{qgw_port}}/?query=select\n\tsource as internal_ip,\n\tsum(session_num) as sessions,\n\tsum(c2s_byte_num) as sent_bytes,\n\tsum(s2c_byte_num) as received_bytes,\n\tsum(c2s_byte_num + s2c_byte_num) as bytes,\n\tsum(c2s_pkt_num) as sent_packets ,\n\tsum(s2c_pkt_num) as received_packets,\n\tsum(c2s_pkt_num + s2c_pkt_num) as packets\nfrom\n\ttop_internal_host_log\nwhere\n\t__time >= '{{start_time}}' and __time < '{{end_time}}' and order_by = 'packets'\ngroup by\n\tsource\norder by\n\tpackets desc\nlimit 10", + "protocol": "http", + "host": [ + "{{qgw_ip}}" + ], + "port": "{{qgw_port}}", + "path": [ + "" + ], + "query": [ + { + "key": "query", + "value": "select\n\tsource as internal_ip,\n\tsum(session_num) as sessions,\n\tsum(c2s_byte_num) as sent_bytes,\n\tsum(s2c_byte_num) as received_bytes,\n\tsum(c2s_byte_num + s2c_byte_num) as bytes,\n\tsum(c2s_pkt_num) as sent_packets ,\n\tsum(s2c_pkt_num) as received_packets,\n\tsum(c2s_pkt_num + s2c_pkt_num) as packets\nfrom\n\ttop_internal_host_log\nwhere\n\t__time >= '{{start_time}}' and __time < '{{end_time}}' and order_by = 'packets'\ngroup by\n\tsource\norder by\n\tpackets desc\nlimit 10" + } + ] + } + }, + "response": [] + }, + { + "name": "终端统计信息-内部主机排名(字节数)", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "pm.test(\"Status code is 200\", function () {", + " pm.response.to.have.status(200);", + "});" + ], + "type": "text/javascript" + } + } + ], + "request": { + "method": "GET", + "header": [], + "url": { + "raw": "http://{{qgw_ip}}:{{qgw_port}}/?query=select\n\tsource as internal_ip,\n\tsum(session_num) as sessions,\n\tsum(c2s_byte_num) as sent_bytes,\n\tsum(s2c_byte_num) as received_bytes,\n\tsum(c2s_byte_num + s2c_byte_num) as bytes,\n\tsum(c2s_pkt_num) as sent_packets ,\n\tsum(s2c_pkt_num) as received_packets,\n\tsum(c2s_pkt_num + s2c_pkt_num) as packets\nfrom\n\ttop_internal_host_log\nwhere\n\t__time >= '{{start_time}}' and __time < '{{end_time}}' and order_by = 'bytes'\ngroup by\n\tsource\norder by\n\tbytes desc\nlimit 10", + "protocol": "http", + "host": [ + "{{qgw_ip}}" + ], + "port": "{{qgw_port}}", + "path": [ + "" + ], + "query": [ + { + "key": "query", + "value": "select\n\tsource as internal_ip,\n\tsum(session_num) as sessions,\n\tsum(c2s_byte_num) as sent_bytes,\n\tsum(s2c_byte_num) as received_bytes,\n\tsum(c2s_byte_num + s2c_byte_num) as bytes,\n\tsum(c2s_pkt_num) as sent_packets ,\n\tsum(s2c_pkt_num) as received_packets,\n\tsum(c2s_pkt_num + s2c_pkt_num) as packets\nfrom\n\ttop_internal_host_log\nwhere\n\t__time >= '{{start_time}}' and __time < '{{end_time}}' and order_by = 'bytes'\ngroup by\n\tsource\norder by\n\tbytes desc\nlimit 10" + } + ] + } + }, + "response": [] + }, + { + "name": "终端统计信息-外部主机排名(会话数)", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "pm.test(\"Status code is 200\", function () {", + " pm.response.to.have.status(200);", + "});" + ], + "type": "text/javascript" + } + } + ], + "request": { + "method": "GET", + "header": [], + "url": { + "raw": "http://{{qgw_ip}}:{{qgw_port}}/?query=select\n\tdestination as external_ip,\n\tsum(session_num) as sessions,\n\tsum(c2s_byte_num) as sent_bytes,\n\tsum(s2c_byte_num) as received_bytes,\n\tsum(c2s_byte_num + s2c_byte_num) as bytes,\n\tsum(c2s_pkt_num) as sent_packets ,\n\tsum(s2c_pkt_num) as received_packets,\n\tsum(c2s_pkt_num + s2c_pkt_num) as packets\nfrom\n\ttop_external_host_log\nwhere\n\t__time >= '{{start_time}}' and __time < '{{end_time}}' and order_by = 'sessions'\ngroup by\n\tdestination\norder by\n\tsessions desc\nlimit 10", + "protocol": "http", + "host": [ + "{{qgw_ip}}" + ], + "port": "{{qgw_port}}", + "path": [ + "" + ], + "query": [ + { + "key": "query", + "value": "select\n\tdestination as external_ip,\n\tsum(session_num) as sessions,\n\tsum(c2s_byte_num) as sent_bytes,\n\tsum(s2c_byte_num) as received_bytes,\n\tsum(c2s_byte_num + s2c_byte_num) as bytes,\n\tsum(c2s_pkt_num) as sent_packets ,\n\tsum(s2c_pkt_num) as received_packets,\n\tsum(c2s_pkt_num + s2c_pkt_num) as packets\nfrom\n\ttop_external_host_log\nwhere\n\t__time >= '{{start_time}}' and __time < '{{end_time}}' and order_by = 'sessions'\ngroup by\n\tdestination\norder by\n\tsessions desc\nlimit 10" + } + ] + } + }, + "response": [] + }, + { + "name": "终端统计信息-外部主机排名(包数)", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "pm.test(\"Status code is 200\", function () {", + " pm.response.to.have.status(200);", + "});" + ], + "type": "text/javascript" + } + } + ], + "request": { + "method": "GET", + "header": [], + "url": { + "raw": "http://{{qgw_ip}}:{{qgw_port}}/?query=select\n\tdestination as external_ip,\n\tsum(session_num) as sessions,\n\tsum(c2s_byte_num) as sent_bytes,\n\tsum(s2c_byte_num) as received_bytes,\n\tsum(c2s_byte_num + s2c_byte_num) as bytes,\n\tsum(c2s_pkt_num) as sent_packets ,\n\tsum(s2c_pkt_num) as received_packets,\n\tsum(c2s_pkt_num + s2c_pkt_num) as packets\nfrom\n\ttop_external_host_log\nwhere\n\t__time >= '{{start_time}}' and __time < '{{end_time}}' and order_by = 'packets'\ngroup by\n\tdestination\norder by\n\tpackets desc\nlimit 10", + "protocol": "http", + "host": [ + "{{qgw_ip}}" + ], + "port": "{{qgw_port}}", + "path": [ + "" + ], + "query": [ + { + "key": "query", + "value": "select\n\tdestination as external_ip,\n\tsum(session_num) as sessions,\n\tsum(c2s_byte_num) as sent_bytes,\n\tsum(s2c_byte_num) as received_bytes,\n\tsum(c2s_byte_num + s2c_byte_num) as bytes,\n\tsum(c2s_pkt_num) as sent_packets ,\n\tsum(s2c_pkt_num) as received_packets,\n\tsum(c2s_pkt_num + s2c_pkt_num) as packets\nfrom\n\ttop_external_host_log\nwhere\n\t__time >= '{{start_time}}' and __time < '{{end_time}}' and order_by = 'packets'\ngroup by\n\tdestination\norder by\n\tpackets desc\nlimit 10" + } + ] + } + }, + "response": [] + }, + { + "name": "终端统计信息-外部主机排名(字节数)", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "pm.test(\"Status code is 200\", function () {", + " pm.response.to.have.status(200);", + "});" + ], + "type": "text/javascript" + } + } + ], + "request": { + "method": "GET", + "header": [], + "url": { + "raw": "http://{{qgw_ip}}:{{qgw_port}}/?query=select\n\tdestination as external_ip,\n\tsum(session_num) as sessions,\n\tsum(c2s_byte_num) as sent_bytes,\n\tsum(s2c_byte_num) as received_bytes,\n\tsum(c2s_byte_num + s2c_byte_num) as bytes,\n\tsum(c2s_pkt_num) as sent_packets ,\n\tsum(s2c_pkt_num) as received_packets,\n\tsum(c2s_pkt_num + s2c_pkt_num) as packets\nfrom\n\ttop_external_host_log\nwhere\n\t__time >= '{{start_time}}' and __time < '{{end_time}}' and order_by = 'bytes'\ngroup by\n\tdestination\norder by\n\tbytes desc\nlimit 10", + "protocol": "http", + "host": [ + "{{qgw_ip}}" + ], + "port": "{{qgw_port}}", + "path": [ + "" + ], + "query": [ + { + "key": "query", + "value": "select\n\tdestination as external_ip,\n\tsum(session_num) as sessions,\n\tsum(c2s_byte_num) as sent_bytes,\n\tsum(s2c_byte_num) as received_bytes,\n\tsum(c2s_byte_num + s2c_byte_num) as bytes,\n\tsum(c2s_pkt_num) as sent_packets ,\n\tsum(s2c_pkt_num) as received_packets,\n\tsum(c2s_pkt_num + s2c_pkt_num) as packets\nfrom\n\ttop_external_host_log\nwhere\n\t__time >= '{{start_time}}' and __time < '{{end_time}}' and order_by = 'bytes'\ngroup by\n\tdestination\norder by\n\tbytes desc\nlimit 10" + } + ] + } + }, + "response": [] + }, + { + "name": "代理命中策略-命中动作连接数(计数)", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "pm.test(\"Status code is 200\", function () {", + " pm.response.to.have.status(200);", + "});" + ], + "type": "text/javascript" + } + } + ], + "request": { + "method": "GET", + "header": [], + "url": { + "raw": "http://{{qgw_ip}}:{{qgw_port}}/?query=select 'Allow' as action, sum(intcp_allow_num) as sessions from traffic_metrics_log where __time >= '{{start_time}}' and __time < '{{end_time}}' union all select 'Monitor' as action, sum(intcp_mon_num) as sessions from traffic_metrics_log where __time >= '{{start_time}}' and __time < '{{end_time}}' union all select 'Deny' as action, sum(intcp_deny_num) as sessions from traffic_metrics_log where __time >= '{{start_time}}' and __time < '{{end_time}}' union all select 'Redirect' as action, sum(intcp_rdirt_num) as sessions from traffic_metrics_log where __time >= '{{start_time}}' and __time < '{{end_time}}' union all select 'Replace' as action, sum(intcp_repl_num) as sessions from traffic_metrics_log where __time >= '{{start_time}}' and __time < '{{end_time}}' union all select 'Hijack' as action, sum(intcp_hijk_num) as sessions from traffic_metrics_log where __time >= '{{start_time}}' and __time < '{{end_time}}' union all select 'Insert' as action, sum(intcp_ins_num) as sessions from traffic_metrics_log where __time >= '{{start_time}}' and __time < '{{end_time}}' union all select 'Edit Element' as action, sum(intcp_edit_elem_num) as sessions from traffic_metrics_log where __time >= '{{start_time}}' and __time < '{{end_time}}'", + "protocol": "http", + "host": [ + "{{qgw_ip}}" + ], + "port": "{{qgw_port}}", + "path": [ + "" + ], + "query": [ + { + "key": "query", + "value": "select 'Allow' as action, sum(intcp_allow_num) as sessions from traffic_metrics_log where __time >= '{{start_time}}' and __time < '{{end_time}}' union all select 'Monitor' as action, sum(intcp_mon_num) as sessions from traffic_metrics_log where __time >= '{{start_time}}' and __time < '{{end_time}}' union all select 'Deny' as action, sum(intcp_deny_num) as sessions from traffic_metrics_log where __time >= '{{start_time}}' and __time < '{{end_time}}' union all select 'Redirect' as action, sum(intcp_rdirt_num) as sessions from traffic_metrics_log where __time >= '{{start_time}}' and __time < '{{end_time}}' union all select 'Replace' as action, sum(intcp_repl_num) as sessions from traffic_metrics_log where __time >= '{{start_time}}' and __time < '{{end_time}}' union all select 'Hijack' as action, sum(intcp_hijk_num) as sessions from traffic_metrics_log where __time >= '{{start_time}}' and __time < '{{end_time}}' union all select 'Insert' as action, sum(intcp_ins_num) as sessions from traffic_metrics_log where __time >= '{{start_time}}' and __time < '{{end_time}}' union all select 'Edit Element' as action, sum(intcp_edit_elem_num) as sessions from traffic_metrics_log where __time >= '{{start_time}}' and __time < '{{end_time}}'" + } + ] + } + }, + "response": [] + }, + { + "name": "代理命中策略-命中动作连接数(趋势)", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "pm.test(\"Status code is 200\", function () {", + " pm.response.to.have.status(200);", + "});" + ], + "type": "text/javascript" + } + } + ], + "request": { + "method": "GET", + "header": [], + "url": { + "raw": "http://{{qgw_ip}}:{{qgw_port}}/?query=select FROM_UNIXTIME(TIME_FLOOR_WITH_FILL(UNIX_TIMESTAMP(__time),'PT300S','zero')) as statisticTime, sum(intcp_allow_num) as intercept_allow_conn_num, sum(intcp_mon_num) as intercept_monitor_conn_num, sum(intcp_deny_num) as intercept_deny_conn_num, sum(intcp_rdirt_num) as intercept_redirect_conn_num, sum(intcp_repl_num) as intercept_replace_conn_num, sum(intcp_hijk_num) as intercept_hijack_conn_num, sum(intcp_ins_num) as intercept_insert_conn_num, sum(intcp_edit_elem_num) as intercept_edit_element_num from traffic_metrics_log where __time >= '{{start_time}}' and __time < '{{end_time}}' group by FROM_UNIXTIME(TIME_FLOOR_WITH_FILL(UNIX_TIMESTAMP(__time),'PT300S','zero')) limit 50000", + "protocol": "http", + "host": [ + "{{qgw_ip}}" + ], + "port": "{{qgw_port}}", + "path": [ + "" + ], + "query": [ + { + "key": "query", + "value": "select FROM_UNIXTIME(TIME_FLOOR_WITH_FILL(UNIX_TIMESTAMP(__time),'PT300S','zero')) as statisticTime, sum(intcp_allow_num) as intercept_allow_conn_num, sum(intcp_mon_num) as intercept_monitor_conn_num, sum(intcp_deny_num) as intercept_deny_conn_num, sum(intcp_rdirt_num) as intercept_redirect_conn_num, sum(intcp_repl_num) as intercept_replace_conn_num, sum(intcp_hijk_num) as intercept_hijack_conn_num, sum(intcp_ins_num) as intercept_insert_conn_num, sum(intcp_edit_elem_num) as intercept_edit_element_num from traffic_metrics_log where __time >= '{{start_time}}' and __time < '{{end_time}}' group by FROM_UNIXTIME(TIME_FLOOR_WITH_FILL(UNIX_TIMESTAMP(__time),'PT300S','zero')) limit 50000" + } + ] + } + }, + "response": [] + }, + { + "name": "代理命中策略-Pinning(Not)", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "pm.test(\"Status code is 200\", function () {", + " pm.response.to.have.status(200);", + "});" + ], + "type": "text/javascript" + } + } + ], + "request": { + "method": "GET", + "header": [], + "url": { + "raw": "http://{{qgw_ip}}:{{qgw_port}}/?query=select FROM_UNIXTIME(TIME_FLOOR_WITH_FILL(UNIX_TIMESTAMP(__time),'PT300S','zero')) as statisticTime, sum(not_pinning_num) as sessions from traffic_metrics_log where __time >= '{{start_time}}' and __time < '{{end_time}}' group by FROM_UNIXTIME(TIME_FLOOR_WITH_FILL(UNIX_TIMESTAMP(__time),'PT300S','zero')) limit 100", + "protocol": "http", + "host": [ + "{{qgw_ip}}" + ], + "port": "{{qgw_port}}", + "path": [ + "" + ], + "query": [ + { + "key": "query", + "value": "select FROM_UNIXTIME(TIME_FLOOR_WITH_FILL(UNIX_TIMESTAMP(__time),'PT300S','zero')) as statisticTime, sum(not_pinning_num) as sessions from traffic_metrics_log where __time >= '{{start_time}}' and __time < '{{end_time}}' group by FROM_UNIXTIME(TIME_FLOOR_WITH_FILL(UNIX_TIMESTAMP(__time),'PT300S','zero')) limit 100" + } + ] + } + }, + "response": [] + }, + { + "name": "代理命中策略-Pinning(Maybe)", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "pm.test(\"Status code is 200\", function () {", + " pm.response.to.have.status(200);", + "});" + ], + "type": "text/javascript" + } + } + ], + "request": { + "method": "GET", + "header": [], + "url": { + "raw": "http://{{qgw_ip}}:{{qgw_port}}/?query=select FROM_UNIXTIME(TIME_FLOOR_WITH_FILL(UNIX_TIMESTAMP(__time),'PT300S','zero')) as statisticTime, sum(maybe_pinning_num) as sessions from traffic_metrics_log where __time >= '{{start_time}}' and __time < '{{end_time}}' group by FROM_UNIXTIME(TIME_FLOOR_WITH_FILL(UNIX_TIMESTAMP(__time),'PT300S','zero')) limit 100", + "protocol": "http", + "host": [ + "{{qgw_ip}}" + ], + "port": "{{qgw_port}}", + "path": [ + "" + ], + "query": [ + { + "key": "query", + "value": "select FROM_UNIXTIME(TIME_FLOOR_WITH_FILL(UNIX_TIMESTAMP(__time),'PT300S','zero')) as statisticTime, sum(maybe_pinning_num) as sessions from traffic_metrics_log where __time >= '{{start_time}}' and __time < '{{end_time}}' group by FROM_UNIXTIME(TIME_FLOOR_WITH_FILL(UNIX_TIMESTAMP(__time),'PT300S','zero')) limit 100" + } + ] + } + }, + "response": [] + }, + { + "name": "代理命中策略-Pinning(Yes)", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "pm.test(\"Status code is 200\", function () {", + " pm.response.to.have.status(200);", + "});" + ], + "type": "text/javascript" + } + } + ], + "request": { + "method": "GET", + "header": [], + "url": { + "raw": "http://{{qgw_ip}}:{{qgw_port}}/?query=select FROM_UNIXTIME(TIME_FLOOR_WITH_FILL(UNIX_TIMESTAMP(__time),'PT300S','zero')) as statisticTime, sum(pinning_num) as sessions from traffic_metrics_log where __time >= '{{start_time}}' and __time < '{{end_time}}' group by FROM_UNIXTIME(TIME_FLOOR_WITH_FILL(UNIX_TIMESTAMP(__time),'PT300S','zero')) limit 100", + "protocol": "http", + "host": [ + "{{qgw_ip}}" + ], + "port": "{{qgw_port}}", + "path": [ + "" + ], + "query": [ + { + "key": "query", + "value": "select FROM_UNIXTIME(TIME_FLOOR_WITH_FILL(UNIX_TIMESTAMP(__time),'PT300S','zero')) as statisticTime, sum(pinning_num) as sessions from traffic_metrics_log where __time >= '{{start_time}}' and __time < '{{end_time}}' group by FROM_UNIXTIME(TIME_FLOOR_WITH_FILL(UNIX_TIMESTAMP(__time),'PT300S','zero')) limit 100" + } + ] + } + }, + "response": [] + }, + { + "name": "代理命中策略-策略命中排名", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "pm.test(\"Status code is 200\", function () {", + " pm.response.to.have.status(200);", + "});" + ], + "type": "text/javascript" + } + } + ], + "request": { + "method": "GET", + "header": [], + "url": { + "raw": "http://{{qgw_ip}}:{{qgw_port}}/?query=select policy_id as policyId, sum(hits) as sessions from proxy_event_hits_log where __time >= '{{start_time}}' and __time < '{{end_time}}' group by policy_id order by sessions desc limit 10", + "protocol": "http", + "host": [ + "{{qgw_ip}}" + ], + "port": "{{qgw_port}}", + "path": [ + "" + ], + "query": [ + { + "key": "query", + "value": "select policy_id as policyId, sum(hits) as sessions from proxy_event_hits_log where __time >= '{{start_time}}' and __time < '{{end_time}}' group by policy_id order by sessions desc limit 10" + } + ] + } + }, + "response": [] + }, + { + "name": "新建/活跃连接平均速率", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "pm.test(\"Status code is 200\", function () {", + " pm.response.to.have.status(200);", + "});" + ], + "type": "text/javascript" + } + } + ], + "request": { + "method": "GET", + "header": [], + "url": { + "raw": "http://{{qgw_ip}}:{{qgw_port}}/?query= select\n sum(new_conn_num)/300 as new_conn_num,\n sum(live_conn_num) as live_conn_num from (\n select\n sum(new_conn_num) as new_conn_num,\n max(established_conn_num) as live_conn_num from traffic_metrics_log \n where __time >= {{Last 5 Minutes Start}} \n group by device_id) ", + "protocol": "http", + "host": [ + "{{qgw_ip}}" + ], + "port": "{{qgw_port}}", + "path": [ + "" + ], + "query": [ + { + "key": "query", + "value": " select\n sum(new_conn_num)/300 as new_conn_num,\n sum(live_conn_num) as live_conn_num from (\n select\n sum(new_conn_num) as new_conn_num,\n max(established_conn_num) as live_conn_num from traffic_metrics_log \n where __time >= {{Last 5 Minutes Start}} \n group by device_id) " + } + ] + } + }, + "response": [] + }, + { + "name": "网络带宽平均速率", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "pm.test(\"Status code is 200\", function () {", + " pm.response.to.have.status(200);", + "});" + ], + "type": "text/javascript" + } + } + ], + "request": { + "method": "GET", + "header": [], + "url": { + "raw": "http://{{qgw_ip}}:{{qgw_port}}/?query=\nselect\n\tsum(total_in_bytes)*8/300 as traffic_in_bits,\n\tsum(total_out_bytes)*8/300 as traffic_out_bits\nfrom\n\ttraffic_metrics_log\nwhere \n\t__time >= {{Last 5 Minutes Start}} ", + "protocol": "http", + "host": [ + "{{qgw_ip}}" + ], + "port": "{{qgw_port}}", + "path": [ + "" + ], + "query": [ + { + "key": "query", + "value": "\nselect\n\tsum(total_in_bytes)*8/300 as traffic_in_bits,\n\tsum(total_out_bytes)*8/300 as traffic_out_bits\nfrom\n\ttraffic_metrics_log\nwhere \n\t__time >= {{Last 5 Minutes Start}} " + } + ] + } + }, + "response": [] + }, + { + "name": "网络包数平均速率", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "pm.test(\"Status code is 200\", function () {", + " pm.response.to.have.status(200);", + "});" + ], + "type": "text/javascript" + } + } + ], + "request": { + "method": "GET", + "header": [], + "url": { + "raw": "http://{{qgw_ip}}:{{qgw_port}}/?query=\nselect\n\tsum(total_in_packets)/300 as traffic_in_packets,\n\tsum(total_out_packets)/300 as traffic_out_packets\nfrom\n\ttraffic_metrics_log\nwhere\n\t__time >= {{Last 5 Minutes Start}} ", + "protocol": "http", + "host": [ + "{{qgw_ip}}" + ], + "port": "{{qgw_port}}", + "path": [ + "" + ], + "query": [ + { + "key": "query", + "value": "\nselect\n\tsum(total_in_packets)/300 as traffic_in_packets,\n\tsum(total_out_packets)/300 as traffic_out_packets\nfrom\n\ttraffic_metrics_log\nwhere\n\t__time >= {{Last 5 Minutes Start}} " + } + ] + } + }, + "response": [] + }, + { + "name": "网络会话数量平均速率", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "pm.test(\"Status code is 200\", function () {", + " pm.response.to.have.status(200);", + "});" + ], + "type": "text/javascript" + } + } + ], + "request": { + "method": "GET", + "header": [], + "url": { + "raw": "http://{{qgw_ip}}:{{qgw_port}}/?query=\nselect\n\tsum(new_conn_num)/300 as sessions\nfrom\n\ttraffic_metrics_log\nwhere\n\t__time >= {{Last 5 Minutes Start}} ", + "protocol": "http", + "host": [ + "{{qgw_ip}}" + ], + "port": "{{qgw_port}}", + "path": [ + "" + ], + "query": [ + { + "key": "query", + "value": "\nselect\n\tsum(new_conn_num)/300 as sessions\nfrom\n\ttraffic_metrics_log\nwhere\n\t__time >= {{Last 5 Minutes Start}} " + } + ] + } + }, + "response": [] + } + ], + "description": "# Dashboard 业务\n\nDashboard 为预聚合计数操作,接入数据源有四处(KAFKA TOPIC):\n\n* TRAFFIC-METRICS-LOG : 功能端5秒输出一次\n* CONNECTION-RECORD-COMPLETE-LOG: 数据平台接收CONNECTION-RECORD-LOG 补全后实时输出。\n* PROXY/SECURITY-EVENT-COMPLETE-LOG: 数据平台接收PROXY/SECURITY 命中策略日志补全后实时输出。\n\n## 流量计数Metrics \n\n**功能端 - Kafka(TRAFFIC-METRICS-LOG 每5秒 ) - Druid** \n\n所有基础Metrics(非内容级别的统计)都为功能端提前预聚合输出到TRAFFIC-METRICS-LOG 中,最终数据平台写入Druid 中,供API查询。具体包含:\n\n* System Overview (Traffic 、New、Live)\n* Policy Hits by Action(Security)\n* Policy Hits by Action (proxy) 、Pinning\n\n## TOPN 计算\n\n**流程1:功能端 - Kafka(原始日志) - 补全 - Druid** // 统计安全策略与代理策略结果,每1分钟\n\n**流程2:功能端 - Kafka(原始日志) - 补全 - Druid - 调度任务 - kafka -Druid ** // TOPN 计算,每5分钟\n\n所有内容级别,为数据平台进行实时统计,将指标输出到Druid中,供API进行查询。具体包含:\n\n* Top Hits (security) - 流程1\n\n* Top Hits (proxy) - 流程1\n\n* Endpoints (Active Client/Server/Internal/External , Top Domains, Active Subscriber ID,Top urls) - 流程2\n\n ", + "event": [ + { + "listen": "prerequest", + "script": { + "type": "text/javascript", + "exec": [ + "" + ] + } + }, + { + "listen": "test", + "script": { + "type": "text/javascript", + "exec": [ + "" + ] + } + } + ] + }, + { + "name": "04.检查日志", + "item": [ + { + "name": "会话日志(已关闭)", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "pm.test(\"Status code is 200\", function () {", + " pm.response.to.have.status(200);", + "});" + ], + "type": "text/javascript" + } + } + ], + "request": { + "method": "GET", + "header": [], + "url": { + "raw": "http://{{qgw_ip}}:{{qgw_port}}/?query=select toDateTime(common_recv_time) AS common_recv_time, common_log_id, common_subscriber_id, common_imei, common_imsi, common_phone_number, common_client_ip, common_internal_ip, common_client_port, common_l4_protocol, common_address_type, common_server_ip, common_server_port, common_external_ip, common_direction, common_sled_ip, common_client_location, common_client_asn, common_server_location, common_server_asn, common_sessions, common_c2s_pkt_num, common_s2c_pkt_num, common_c2s_byte_num, common_s2c_byte_num, common_schema_type, common_device_id, common_device_group, common_app_behavior, common_app_label, common_tunnels, common_protocol_label, common_userdefine_app_name, common_l7_protocol, common_service_category, toDateTime(common_start_time) AS common_start_time, toDateTime(common_end_time) AS common_end_time, common_establish_latency_ms, common_con_duration_ms, common_stream_dir, common_stream_trace_id, common_c2s_ipfrag_num, common_s2c_ipfrag_num, common_c2s_tcp_lostlen, common_s2c_tcp_lostlen, common_c2s_tcp_unorder_num, common_s2c_tcp_unorder_num, common_c2s_pkt_retrans, common_s2c_pkt_retrans, common_c2s_byte_retrans, common_s2c_byte_retrans, common_tcp_client_isn, common_tcp_server_isn, toDateTime(common_processing_time) AS common_processing_time, toDateTime(common_ingestion_time) AS common_ingestion_time, http_url, http_host, http_domain, http_request_line, http_response_line, http_request_content_length, http_request_content_type, http_response_content_length, http_response_content_type, http_request_body, http_response_body, http_cookie, http_referer, http_user_agent, http_set_cookie, http_version, http_response_latency_ms, http_session_duration_ms, http_action_file_size, mail_protocol_type, mail_account, mail_from_cmd, mail_to_cmd, mail_from, mail_to, mail_cc, mail_bcc, mail_subject, mail_attachment_name, mail_eml_file, dns_message_id, dns_qr, dns_opcode, dns_aa, dns_tc, dns_rd, dns_ra, dns_rcode, dns_qdcount, dns_ancount, dns_nscount, dns_arcount, dns_qname, dns_qtype, dns_qclass, dns_sub, dns_cname,dns_rr, dns_response_latency_ms, ssl_sni, ssl_cn, ssl_pinningst, ssl_intercept_state, ssl_server_side_latency, ssl_client_side_latency, ssl_server_side_version, ssl_client_side_version, ssl_cert_verify, ssl_error, ssl_con_latency_ms, ssl_ja3_hash, ssl_cert_issuer, ssl_cert_subject, quic_version, quic_sni, quic_user_agent, ftp_account, ftp_url, ftp_content, ftp_link_type, app_extra_info, sip_call_id, sip_originator_description, sip_responder_description, sip_user_agent, sip_server, sip_originator_sdp_connect_ip, sip_originator_sdp_media_port, sip_originator_sdp_media_type, sip_originator_sdp_content, sip_responder_sdp_connect_ip, sip_responder_sdp_media_port, sip_responder_sdp_media_type, sip_responder_sdp_content, sip_duration_s, sip_bye, rtp_payload_type_c2s, rtp_payload_type_s2c, rtp_pcap_path, ssh_version, ssh_auth_success, ssh_client_version, ssh_server_version, ssh_cipher_alg, ssh_mac_alg, ssh_compression_alg, ssh_kex_alg, ssh_host_key_alg, ssh_host_key, ssh_hassh, stratum_cryptocurrency, stratum_mining_pools, stratum_mining_program,rdp_cookie,rdp_security_protocol,rdp_client_channels,rdp_keyboard_layout,rdp_client_version,rdp_client_name,rdp_client_product_id,rdp_desktop_width,rdp_desktop_height,rdp_requested_color_depth,rdp_certificate_type,rdp_certificate_count,rdp_certificate_permanent,rdp_encryption_level,rdp_encryption_method from session_record where common_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time < UNIX_TIMESTAMP('{{end_time}}') order by common_recv_time desc limit 0 , 20", + "protocol": "http", + "host": [ + "{{qgw_ip}}" + ], + "port": "{{qgw_port}}", + "path": [ + "" + ], + "query": [ + { + "key": "query", + "value": "select toDateTime(common_recv_time) AS common_recv_time, common_log_id, common_subscriber_id, common_imei, common_imsi, common_phone_number, common_client_ip, common_internal_ip, common_client_port, common_l4_protocol, common_address_type, common_server_ip, common_server_port, common_external_ip, common_direction, common_sled_ip, common_client_location, common_client_asn, common_server_location, common_server_asn, common_sessions, common_c2s_pkt_num, common_s2c_pkt_num, common_c2s_byte_num, common_s2c_byte_num, common_schema_type, common_device_id, common_device_group, common_app_behavior, common_app_label, common_tunnels, common_protocol_label, common_userdefine_app_name, common_l7_protocol, common_service_category, toDateTime(common_start_time) AS common_start_time, toDateTime(common_end_time) AS common_end_time, common_establish_latency_ms, common_con_duration_ms, common_stream_dir, common_stream_trace_id, common_c2s_ipfrag_num, common_s2c_ipfrag_num, common_c2s_tcp_lostlen, common_s2c_tcp_lostlen, common_c2s_tcp_unorder_num, common_s2c_tcp_unorder_num, common_c2s_pkt_retrans, common_s2c_pkt_retrans, common_c2s_byte_retrans, common_s2c_byte_retrans, common_tcp_client_isn, common_tcp_server_isn, toDateTime(common_processing_time) AS common_processing_time, toDateTime(common_ingestion_time) AS common_ingestion_time, http_url, http_host, http_domain, http_request_line, http_response_line, http_request_content_length, http_request_content_type, http_response_content_length, http_response_content_type, http_request_body, http_response_body, http_cookie, http_referer, http_user_agent, http_set_cookie, http_version, http_response_latency_ms, http_session_duration_ms, http_action_file_size, mail_protocol_type, mail_account, mail_from_cmd, mail_to_cmd, mail_from, mail_to, mail_cc, mail_bcc, mail_subject, mail_attachment_name, mail_eml_file, dns_message_id, dns_qr, dns_opcode, dns_aa, dns_tc, dns_rd, dns_ra, dns_rcode, dns_qdcount, dns_ancount, dns_nscount, dns_arcount, dns_qname, dns_qtype, dns_qclass, dns_sub, dns_cname,dns_rr, dns_response_latency_ms, ssl_sni, ssl_cn, ssl_pinningst, ssl_intercept_state, ssl_server_side_latency, ssl_client_side_latency, ssl_server_side_version, ssl_client_side_version, ssl_cert_verify, ssl_error, ssl_con_latency_ms, ssl_ja3_hash, ssl_cert_issuer, ssl_cert_subject, quic_version, quic_sni, quic_user_agent, ftp_account, ftp_url, ftp_content, ftp_link_type, app_extra_info, sip_call_id, sip_originator_description, sip_responder_description, sip_user_agent, sip_server, sip_originator_sdp_connect_ip, sip_originator_sdp_media_port, sip_originator_sdp_media_type, sip_originator_sdp_content, sip_responder_sdp_connect_ip, sip_responder_sdp_media_port, sip_responder_sdp_media_type, sip_responder_sdp_content, sip_duration_s, sip_bye, rtp_payload_type_c2s, rtp_payload_type_s2c, rtp_pcap_path, ssh_version, ssh_auth_success, ssh_client_version, ssh_server_version, ssh_cipher_alg, ssh_mac_alg, ssh_compression_alg, ssh_kex_alg, ssh_host_key_alg, ssh_host_key, ssh_hassh, stratum_cryptocurrency, stratum_mining_pools, stratum_mining_program,rdp_cookie,rdp_security_protocol,rdp_client_channels,rdp_keyboard_layout,rdp_client_version,rdp_client_name,rdp_client_product_id,rdp_desktop_width,rdp_desktop_height,rdp_requested_color_depth,rdp_certificate_type,rdp_certificate_count,rdp_certificate_permanent,rdp_encryption_level,rdp_encryption_method from session_record where common_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time < UNIX_TIMESTAMP('{{end_time}}') order by common_recv_time desc limit 0 , 20" + } + ] + } + }, + "response": [] + }, + { + "name": "会话最近流量计数(已关闭)", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "pm.test(\"Status code is 200\", function () {", + " pm.response.to.have.status(200);", + "});" + ], + "type": "text/javascript" + } + } + ], + "request": { + "method": "GET", + "header": [], + "url": { + "raw": "http://{{qgw_ip}}:{{qgw_port}}/?query=select\n\tsum(common_s2c_byte_num)* 8 / 300 as trafficInBits,\n\tsum(common_c2s_byte_num)* 8 / 300 as trafficOutBits,\n\tsum(common_s2c_byte_num + common_c2s_byte_num)* 8 / 300 as trafficTotalBits,\n\tsum(common_s2c_pkt_num)/ 300 as trafficInPackets,\n\tsum(common_c2s_pkt_num)/ 300 as trafficOutPackets,\n\tsum(common_s2c_pkt_num + common_c2s_pkt_num)/ 300 as trafficTotalPackets,\n\tsum(common_sessions)/ 300 as sessions\nfrom\n\t session_record\nwhere\n\tcommon_recv_time >= UNIX_TIMESTAMP(now())-300", + "protocol": "http", + "host": [ + "{{qgw_ip}}" + ], + "port": "{{qgw_port}}", + "path": [ + "" + ], + "query": [ + { + "key": "query", + "value": "select\n\tsum(common_s2c_byte_num)* 8 / 300 as trafficInBits,\n\tsum(common_c2s_byte_num)* 8 / 300 as trafficOutBits,\n\tsum(common_s2c_byte_num + common_c2s_byte_num)* 8 / 300 as trafficTotalBits,\n\tsum(common_s2c_pkt_num)/ 300 as trafficInPackets,\n\tsum(common_c2s_pkt_num)/ 300 as trafficOutPackets,\n\tsum(common_s2c_pkt_num + common_c2s_pkt_num)/ 300 as trafficTotalPackets,\n\tsum(common_sessions)/ 300 as sessions\nfrom\n\t session_record\nwhere\n\tcommon_recv_time >= UNIX_TIMESTAMP(now())-300" + } + ] + } + }, + "response": [] + }, + { + "name": "会话日志分布(已关闭, 预聚合)", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "pm.test(\"Status code is 200\", function () {", + " pm.response.to.have.status(200);", + "});" + ], + "type": "text/javascript" + } + } + ], + "request": { + "method": "GET", + "header": [], + "url": { + "raw": "http://{{qgw_ip}}:{{qgw_port}}/?query=select {{PT1M_TIME}} as stat_time, schema_type as type, sum(sessions) as sessions, sum(c2s_byte_num+s2c_byte_num) as bytes, sum(c2s_pkt_num+s2c_pkt_num) as packets from traffic_summary_log where __time >={{Last 1 Hour Start}} and schema_type='BASE' group by {{PT1M_TIME}} , schema_type\nunion all\nselect {{PT1M_TIME}} as stat_time, schema_type as type, sum(sessions) as sessions, sum(c2s_byte_num+s2c_byte_num) as bytes, sum(c2s_pkt_num+s2c_pkt_num) as packets from traffic_summary_log where __time >= {{Last 1 Hour Start}} and schema_type='HTTP' group by {{PT1M_TIME}}, schema_type\nunion all\nselect {{PT1M_TIME}} as stat_time, schema_type as type, sum(sessions) as sessions, sum(c2s_byte_num+s2c_byte_num) as bytes, sum(c2s_pkt_num+s2c_pkt_num) as packets from traffic_summary_log where __time >= {{Last 1 Hour Start}} and schema_type='SSL' group by {{PT1M_TIME}}, schema_type\nunion all\nselect {{PT1M_TIME}} as stat_time, schema_type as type, sum(sessions) as sessions, sum(c2s_byte_num+s2c_byte_num) as bytes, sum(c2s_pkt_num+s2c_pkt_num) as packets from traffic_summary_log where __time >= {{Last 1 Hour Start}} and schema_type='MAIL' group by {{PT1M_TIME}} , schema_type\nunion all\nselect {{PT1M_TIME}} as stat_time, schema_type as type, sum(sessions) as sessions, sum(c2s_byte_num+s2c_byte_num) as bytes, sum(c2s_pkt_num+s2c_pkt_num) as packets from traffic_summary_log where __time >= {{Last 1 Hour Start}} and schema_type='DNS' group by {{PT1M_TIME}}, schema_type\nunion all\nselect {{PT1M_TIME}} as stat_time, schema_type as type, sum(sessions) as sessions, sum(c2s_byte_num+s2c_byte_num) as bytes, sum(c2s_pkt_num+s2c_pkt_num) as packets from traffic_summary_log where __time >= {{Last 1 Hour Start}} and schema_type='APP' group by {{PT1M_TIME}}, schema_type union all\nselect {{PT1M_TIME}} as stat_time, schema_type as type, sum(sessions) as sessions, sum(c2s_byte_num+s2c_byte_num) as bytes, sum(c2s_pkt_num+s2c_pkt_num) as packets from traffic_summary_log where __time >= {{Last 1 Hour Start}} and schema_type='QUIC' group by {{PT1M_TIME}}, schema_type union all\nselect {{PT1M_TIME}} as stat_time, schema_type as type, sum(sessions) as sessions, sum(c2s_byte_num+s2c_byte_num) as bytes, sum(c2s_pkt_num+s2c_pkt_num) as packets from traffic_summary_log where __time >= {{Last 1 Hour Start}} and schema_type='FTP' group by {{PT1M_TIME}}, schema_type union all\nselect {{PT1M_TIME}} as stat_time, schema_type as type, sum(sessions) as sessions, sum(c2s_byte_num+s2c_byte_num) as bytes, sum(c2s_pkt_num+s2c_pkt_num) as packets from traffic_summary_log where __time >= {{Last 1 Hour Start}} and schema_type='SIP' group by {{PT1M_TIME}}, schema_type union all\nselect {{PT1M_TIME}} as stat_time, schema_type as type, sum(sessions) as sessions, sum(c2s_byte_num+s2c_byte_num) as bytes, sum(c2s_pkt_num+s2c_pkt_num) as packets from traffic_summary_log where __time >= {{Last 1 Hour Start}} and schema_type='RTP' group by {{PT1M_TIME}}, schema_type union all\nselect {{PT1M_TIME}} as stat_time, schema_type as type, sum(sessions) as sessions, sum(c2s_byte_num+s2c_byte_num) as bytes, sum(c2s_pkt_num+s2c_pkt_num) as packets from traffic_summary_log where __time >= {{Last 1 Hour Start}} and schema_type='Stratum' group by {{PT1M_TIME}}, schema_type ", + "protocol": "http", + "host": [ + "{{qgw_ip}}" + ], + "port": "{{qgw_port}}", + "path": [ + "" + ], + "query": [ + { + "key": "query", + "value": "select {{PT1M_TIME}} as stat_time, schema_type as type, sum(sessions) as sessions, sum(c2s_byte_num+s2c_byte_num) as bytes, sum(c2s_pkt_num+s2c_pkt_num) as packets from traffic_summary_log where __time >={{Last 1 Hour Start}} and schema_type='BASE' group by {{PT1M_TIME}} , schema_type\nunion all\nselect {{PT1M_TIME}} as stat_time, schema_type as type, sum(sessions) as sessions, sum(c2s_byte_num+s2c_byte_num) as bytes, sum(c2s_pkt_num+s2c_pkt_num) as packets from traffic_summary_log where __time >= {{Last 1 Hour Start}} and schema_type='HTTP' group by {{PT1M_TIME}}, schema_type\nunion all\nselect {{PT1M_TIME}} as stat_time, schema_type as type, sum(sessions) as sessions, sum(c2s_byte_num+s2c_byte_num) as bytes, sum(c2s_pkt_num+s2c_pkt_num) as packets from traffic_summary_log where __time >= {{Last 1 Hour Start}} and schema_type='SSL' group by {{PT1M_TIME}}, schema_type\nunion all\nselect {{PT1M_TIME}} as stat_time, schema_type as type, sum(sessions) as sessions, sum(c2s_byte_num+s2c_byte_num) as bytes, sum(c2s_pkt_num+s2c_pkt_num) as packets from traffic_summary_log where __time >= {{Last 1 Hour Start}} and schema_type='MAIL' group by {{PT1M_TIME}} , schema_type\nunion all\nselect {{PT1M_TIME}} as stat_time, schema_type as type, sum(sessions) as sessions, sum(c2s_byte_num+s2c_byte_num) as bytes, sum(c2s_pkt_num+s2c_pkt_num) as packets from traffic_summary_log where __time >= {{Last 1 Hour Start}} and schema_type='DNS' group by {{PT1M_TIME}}, schema_type\nunion all\nselect {{PT1M_TIME}} as stat_time, schema_type as type, sum(sessions) as sessions, sum(c2s_byte_num+s2c_byte_num) as bytes, sum(c2s_pkt_num+s2c_pkt_num) as packets from traffic_summary_log where __time >= {{Last 1 Hour Start}} and schema_type='APP' group by {{PT1M_TIME}}, schema_type union all\nselect {{PT1M_TIME}} as stat_time, schema_type as type, sum(sessions) as sessions, sum(c2s_byte_num+s2c_byte_num) as bytes, sum(c2s_pkt_num+s2c_pkt_num) as packets from traffic_summary_log where __time >= {{Last 1 Hour Start}} and schema_type='QUIC' group by {{PT1M_TIME}}, schema_type union all\nselect {{PT1M_TIME}} as stat_time, schema_type as type, sum(sessions) as sessions, sum(c2s_byte_num+s2c_byte_num) as bytes, sum(c2s_pkt_num+s2c_pkt_num) as packets from traffic_summary_log where __time >= {{Last 1 Hour Start}} and schema_type='FTP' group by {{PT1M_TIME}}, schema_type union all\nselect {{PT1M_TIME}} as stat_time, schema_type as type, sum(sessions) as sessions, sum(c2s_byte_num+s2c_byte_num) as bytes, sum(c2s_pkt_num+s2c_pkt_num) as packets from traffic_summary_log where __time >= {{Last 1 Hour Start}} and schema_type='SIP' group by {{PT1M_TIME}}, schema_type union all\nselect {{PT1M_TIME}} as stat_time, schema_type as type, sum(sessions) as sessions, sum(c2s_byte_num+s2c_byte_num) as bytes, sum(c2s_pkt_num+s2c_pkt_num) as packets from traffic_summary_log where __time >= {{Last 1 Hour Start}} and schema_type='RTP' group by {{PT1M_TIME}}, schema_type union all\nselect {{PT1M_TIME}} as stat_time, schema_type as type, sum(sessions) as sessions, sum(c2s_byte_num+s2c_byte_num) as bytes, sum(c2s_pkt_num+s2c_pkt_num) as packets from traffic_summary_log where __time >= {{Last 1 Hour Start}} and schema_type='Stratum' group by {{PT1M_TIME}}, schema_type " + } + ] + } + }, + "response": [] + }, + { + "name": "会话日志分布(已关闭,原始)", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "pm.test(\"Status code is 200\", function () {", + " pm.response.to.have.status(200);", + "});" + ], + "type": "text/javascript" + } + } + ], + "request": { + "method": "GET", + "header": [], + "url": { + "raw": "http://{{qgw_ip}}:{{qgw_port}}/?query=select\n {{PT5M_RECV_TIME}} as stat_time,\n common_schema_type as type,\n sum(common_sessions) as sessions,\n sum(common_c2s_byte_num + common_s2c_byte_num) as bytes,\n sum(common_c2s_pkt_num + common_s2c_pkt_num) as packets\nfrom\n session_record\nwhere common_recv_time > {{Last 1 Hour Start}}\ngroup by\n stat_time,\n common_schema_type order by stat_time asc", + "protocol": "http", + "host": [ + "{{qgw_ip}}" + ], + "port": "{{qgw_port}}", + "path": [ + "" + ], + "query": [ + { + "key": "query", + "value": "select\n {{PT5M_RECV_TIME}} as stat_time,\n common_schema_type as type,\n sum(common_sessions) as sessions,\n sum(common_c2s_byte_num + common_s2c_byte_num) as bytes,\n sum(common_c2s_pkt_num + common_s2c_pkt_num) as packets\nfrom\n session_record\nwhere common_recv_time > {{Last 1 Hour Start}}\ngroup by\n stat_time,\n common_schema_type order by stat_time asc" + } + ] + } + }, + "response": [] + }, + { + "name": "会话日志总量(已关闭)", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "pm.test(\"Status code is 200\", function () {", + " pm.response.to.have.status(200);", + "});" + ], + "type": "text/javascript" + } + } + ], + "request": { + "method": "GET", + "header": [], + "url": { + "raw": "http://{{qgw_ip}}:{{qgw_port}}/?query=select count(*) as events from session_record where common_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time = UNIX_TIMESTAMP('{{start_time}}') and common_recv_time = UNIX_TIMESTAMP('{{start_time}}') and common_recv_time < UNIX_TIMESTAMP('{{end_time}}') order by common_recv_time desc limit 0 , 20", + "protocol": "http", + "host": [ + "{{qgw_ip}}" + ], + "port": "{{qgw_port}}", + "path": [ + "" + ], + "query": [ + { + "key": "query", + "value": "select FROM_UNIXTIME(common_recv_time) as common_recv_time, FROM_UNIXTIME(common_start_time) as common_start_time, FROM_UNIXTIME(common_end_time) as common_end_time,* from transaction_record where common_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time < UNIX_TIMESTAMP('{{end_time}}') order by common_recv_time desc limit 0 , 20" + } + ] + } + }, + "response": [] + }, + { + "name": "会话日志(过渡)", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "pm.test(\"Status code is 200\", function () {", + " pm.response.to.have.status(200);", + "});" + ], + "type": "text/javascript" + } + } + ], + "request": { + "method": "GET", + "header": [], + "url": { + "raw": "http://{{qgw_ip}}:{{qgw_port}}/?query=select toDateTime(common_recv_time) AS common_recv_time, common_log_id, common_subscriber_id, common_imei, common_imsi, common_phone_number, common_client_ip, common_internal_ip, common_client_port, common_l4_protocol, common_address_type, common_server_ip, common_server_port, common_external_ip, common_direction, common_sled_ip, common_client_location, common_client_asn, common_server_location, common_server_asn, common_sessions, common_c2s_pkt_num, common_s2c_pkt_num, common_c2s_byte_num, common_s2c_byte_num, common_c2s_pkt_diff, common_s2c_pkt_diff, common_c2s_byte_diff, common_s2c_byte_diff, common_schema_type, common_device_id, common_device_group, common_app_behavior, common_app_label, common_tunnels, common_protocol_label, common_l7_protocol, common_service_category, toDateTime(common_start_time) AS common_start_time, toDateTime(common_end_time) AS common_end_time, common_establish_latency_ms, common_con_duration_ms, common_stream_dir, common_stream_trace_id, common_c2s_ipfrag_num, common_s2c_ipfrag_num, common_c2s_tcp_lostlen, common_s2c_tcp_lostlen, common_c2s_tcp_unorder_num, common_s2c_tcp_unorder_num, common_c2s_pkt_retrans, common_s2c_pkt_retrans, common_c2s_byte_retrans, common_s2c_byte_retrans, common_tcp_client_isn, common_tcp_server_isn, toDateTime(common_processing_time) AS common_processing_time, toDateTime(common_ingestion_time) AS common_ingestion_time, http_url, http_host, http_domain, http_request_line, http_response_line, http_request_content_length, http_request_content_type, http_response_content_length, http_response_content_type, http_request_body, http_response_body, http_cookie, http_referer, http_user_agent, http_set_cookie, http_version, http_response_latency_ms, http_session_duration_ms, http_action_file_size, mail_protocol_type, mail_account, mail_from_cmd, mail_to_cmd, mail_from, mail_to, mail_cc, mail_bcc, mail_subject, mail_attachment_name, mail_eml_file, dns_message_id, dns_qr, dns_opcode, dns_aa, dns_tc, dns_rd, dns_ra, dns_rcode, dns_qdcount, dns_ancount, dns_nscount, dns_arcount, dns_qname,dns_cname,dns_rr, dns_qtype, dns_qclass, dns_sub, dns_response_latency_ms, ssl_sni, ssl_cn, ssl_pinningst, ssl_intercept_state, ssl_server_side_latency, ssl_client_side_latency, ssl_server_side_version, ssl_client_side_version, ssl_cert_verify, ssl_error, ssl_con_latency_ms, ssl_ja3_hash, ssl_cert_issuer, ssl_cert_subject, quic_version, quic_sni, quic_user_agent, ftp_account, ftp_url, ftp_content, ftp_link_type, app_extra_info, sip_call_id, sip_originator_description, sip_responder_description, sip_user_agent, sip_server, sip_originator_sdp_connect_ip, sip_originator_sdp_media_port, sip_originator_sdp_media_type, sip_originator_sdp_content, sip_responder_sdp_connect_ip, sip_responder_sdp_media_port, sip_responder_sdp_media_type, sip_responder_sdp_content, sip_duration_s, sip_bye, rtp_payload_type_c2s, rtp_payload_type_s2c, rtp_pcap_path, rtp_originator_dir, ssh_version, ssh_auth_success, ssh_client_version, ssh_server_version, ssh_cipher_alg, ssh_mac_alg, ssh_compression_alg, ssh_kex_alg, ssh_host_key_alg, ssh_host_key, ssh_hassh, stratum_cryptocurrency, stratum_mining_pools, stratum_mining_program,rdp_cookie,rdp_security_protocol,rdp_client_channels,rdp_keyboard_layout,rdp_client_version,rdp_client_name,rdp_client_product_id,rdp_desktop_width,rdp_desktop_height,rdp_requested_color_depth,rdp_certificate_type,rdp_certificate_count,rdp_certificate_permanent,rdp_encryption_level,rdp_encryption_method from interim_session_record where common_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time < UNIX_TIMESTAMP('{{end_time}}') order by common_recv_time desc limit 0 , 20", + "protocol": "http", + "host": [ + "{{qgw_ip}}" + ], + "port": "{{qgw_port}}", + "path": [ + "" + ], + "query": [ + { + "key": "query", + "value": "select toDateTime(common_recv_time) AS common_recv_time, common_log_id, common_subscriber_id, common_imei, common_imsi, common_phone_number, common_client_ip, common_internal_ip, common_client_port, common_l4_protocol, common_address_type, common_server_ip, common_server_port, common_external_ip, common_direction, common_sled_ip, common_client_location, common_client_asn, common_server_location, common_server_asn, common_sessions, common_c2s_pkt_num, common_s2c_pkt_num, common_c2s_byte_num, common_s2c_byte_num, common_c2s_pkt_diff, common_s2c_pkt_diff, common_c2s_byte_diff, common_s2c_byte_diff, common_schema_type, common_device_id, common_device_group, common_app_behavior, common_app_label, common_tunnels, common_protocol_label, common_l7_protocol, common_service_category, toDateTime(common_start_time) AS common_start_time, toDateTime(common_end_time) AS common_end_time, common_establish_latency_ms, common_con_duration_ms, common_stream_dir, common_stream_trace_id, common_c2s_ipfrag_num, common_s2c_ipfrag_num, common_c2s_tcp_lostlen, common_s2c_tcp_lostlen, common_c2s_tcp_unorder_num, common_s2c_tcp_unorder_num, common_c2s_pkt_retrans, common_s2c_pkt_retrans, common_c2s_byte_retrans, common_s2c_byte_retrans, common_tcp_client_isn, common_tcp_server_isn, toDateTime(common_processing_time) AS common_processing_time, toDateTime(common_ingestion_time) AS common_ingestion_time, http_url, http_host, http_domain, http_request_line, http_response_line, http_request_content_length, http_request_content_type, http_response_content_length, http_response_content_type, http_request_body, http_response_body, http_cookie, http_referer, http_user_agent, http_set_cookie, http_version, http_response_latency_ms, http_session_duration_ms, http_action_file_size, mail_protocol_type, mail_account, mail_from_cmd, mail_to_cmd, mail_from, mail_to, mail_cc, mail_bcc, mail_subject, mail_attachment_name, mail_eml_file, dns_message_id, dns_qr, dns_opcode, dns_aa, dns_tc, dns_rd, dns_ra, dns_rcode, dns_qdcount, dns_ancount, dns_nscount, dns_arcount, dns_qname,dns_cname,dns_rr, dns_qtype, dns_qclass, dns_sub, dns_response_latency_ms, ssl_sni, ssl_cn, ssl_pinningst, ssl_intercept_state, ssl_server_side_latency, ssl_client_side_latency, ssl_server_side_version, ssl_client_side_version, ssl_cert_verify, ssl_error, ssl_con_latency_ms, ssl_ja3_hash, ssl_cert_issuer, ssl_cert_subject, quic_version, quic_sni, quic_user_agent, ftp_account, ftp_url, ftp_content, ftp_link_type, app_extra_info, sip_call_id, sip_originator_description, sip_responder_description, sip_user_agent, sip_server, sip_originator_sdp_connect_ip, sip_originator_sdp_media_port, sip_originator_sdp_media_type, sip_originator_sdp_content, sip_responder_sdp_connect_ip, sip_responder_sdp_media_port, sip_responder_sdp_media_type, sip_responder_sdp_content, sip_duration_s, sip_bye, rtp_payload_type_c2s, rtp_payload_type_s2c, rtp_pcap_path, rtp_originator_dir, ssh_version, ssh_auth_success, ssh_client_version, ssh_server_version, ssh_cipher_alg, ssh_mac_alg, ssh_compression_alg, ssh_kex_alg, ssh_host_key_alg, ssh_host_key, ssh_hassh, stratum_cryptocurrency, stratum_mining_pools, stratum_mining_program,rdp_cookie,rdp_security_protocol,rdp_client_channels,rdp_keyboard_layout,rdp_client_version,rdp_client_name,rdp_client_product_id,rdp_desktop_width,rdp_desktop_height,rdp_requested_color_depth,rdp_certificate_type,rdp_certificate_count,rdp_certificate_permanent,rdp_encryption_level,rdp_encryption_method from interim_session_record where common_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time < UNIX_TIMESTAMP('{{end_time}}') order by common_recv_time desc limit 0 , 20" + } + ] + } + }, + "response": [] + }, + { + "name": "安全事件", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "pm.test(\"Status code is 200\", function () {", + " pm.response.to.have.status(200);", + "});" + ], + "type": "text/javascript" + } + } + ], + "request": { + "method": "GET", + "header": [], + "url": { + "raw": "http://{{qgw_ip}}:{{qgw_port}}/?query=select toDateTime(common_recv_time) AS common_recv_time, common_log_id, common_namespace_id, common_policy_id, common_subscriber_id, common_imei, common_imsi, common_phone_number, common_client_ip, common_internal_ip, common_client_port, common_l4_protocol, common_address_type, common_server_ip, common_server_port, common_external_ip, common_action, common_direction, common_sled_ip, common_client_location, common_client_asn, common_server_location, common_server_asn, common_sessions, common_c2s_pkt_num, common_s2c_pkt_num, common_c2s_byte_num, common_s2c_byte_num, common_schema_type, common_device_id, common_device_group, common_app_behavior, common_app_label, common_tunnels, common_protocol_label, common_userdefine_app_name, common_l7_protocol, common_service_category, toDateTime(common_start_time) AS common_start_time, toDateTime(common_end_time) AS common_end_time, common_establish_latency_ms, common_con_duration_ms, common_stream_dir, common_stream_error, common_stream_trace_id, common_packet_capture_file, common_tcp_client_isn, common_tcp_server_isn, toDateTime(common_processing_time) AS common_processing_time, toDateTime(common_ingestion_time) AS common_ingestion_time, common_mirrored_pkts, common_mirrored_bytes, http_url, http_host, http_domain, http_request_line, http_response_line, http_request_content_length, http_request_content_type, http_response_content_length, http_response_content_type, http_request_body, http_response_body, http_cookie, http_referer, http_user_agent, http_set_cookie, http_version, http_response_latency_ms, http_action_file_size, http_session_duration_ms, mail_protocol_type, mail_account, mail_from_cmd, mail_to_cmd, mail_from, mail_to, mail_cc, mail_bcc, mail_subject, mail_attachment_name, dns_message_id, dns_qr, dns_opcode, dns_aa, dns_tc, dns_rd, dns_ra, dns_rcode, dns_qdcount, dns_ancount, dns_nscount, dns_arcount, dns_qname, dns_qtype, dns_qclass, dns_sub, ssl_sni, ssl_san, ssl_cn, ssl_pinningst, ssl_intercept_state, ssl_passthrough_reason, ssl_server_side_latency, ssl_client_side_latency, ssl_server_side_version, ssl_client_side_version, ssl_cert_verify, ssl_error, ssl_con_latency_ms, ssl_ja3_hash, ssl_cert_issuer, ssl_cert_subject, quic_version, quic_sni, quic_user_agent, ftp_account, ftp_url, ftp_content, ftp_link_type, app_extra_info, sip_call_id, sip_originator_description, sip_responder_description, sip_user_agent, sip_server, sip_originator_sdp_connect_ip, sip_originator_sdp_media_port, sip_originator_sdp_media_type, sip_originator_sdp_content, sip_responder_sdp_connect_ip, sip_responder_sdp_media_port, sip_responder_sdp_media_type, sip_responder_sdp_content, sip_duration_s, sip_bye, rtp_payload_type_c2s, rtp_payload_type_s2c, rtp_pcap_path, ssh_version, ssh_auth_success, ssh_client_version, ssh_server_version, ssh_cipher_alg, ssh_mac_alg, ssh_compression_alg, ssh_kex_alg, ssh_host_key_alg, ssh_host_key, ssh_hassh, stratum_cryptocurrency, stratum_mining_pools, stratum_mining_program, rdp_cookie,rdp_security_protocol,rdp_client_channels,rdp_keyboard_layout,rdp_client_version,rdp_client_name,rdp_client_product_id,rdp_desktop_width,rdp_desktop_height,rdp_requested_color_depth,rdp_certificate_type,rdp_certificate_count,rdp_certificate_permanent,rdp_encryption_level,rdp_encryption_method from security_event where common_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time < UNIX_TIMESTAMP('{{end_time}}') and common_namespace_id in(0,1) order by common_recv_time desc limit 0 , 20", + "protocol": "http", + "host": [ + "{{qgw_ip}}" + ], + "port": "{{qgw_port}}", + "path": [ + "" + ], + "query": [ + { + "key": "query", + "value": "select toDateTime(common_recv_time) AS common_recv_time, common_log_id, common_namespace_id, common_policy_id, common_subscriber_id, common_imei, common_imsi, common_phone_number, common_client_ip, common_internal_ip, common_client_port, common_l4_protocol, common_address_type, common_server_ip, common_server_port, common_external_ip, common_action, common_direction, common_sled_ip, common_client_location, common_client_asn, common_server_location, common_server_asn, common_sessions, common_c2s_pkt_num, common_s2c_pkt_num, common_c2s_byte_num, common_s2c_byte_num, common_schema_type, common_device_id, common_device_group, common_app_behavior, common_app_label, common_tunnels, common_protocol_label, common_userdefine_app_name, common_l7_protocol, common_service_category, toDateTime(common_start_time) AS common_start_time, toDateTime(common_end_time) AS common_end_time, common_establish_latency_ms, common_con_duration_ms, common_stream_dir, common_stream_error, common_stream_trace_id, common_packet_capture_file, common_tcp_client_isn, common_tcp_server_isn, toDateTime(common_processing_time) AS common_processing_time, toDateTime(common_ingestion_time) AS common_ingestion_time, common_mirrored_pkts, common_mirrored_bytes, http_url, http_host, http_domain, http_request_line, http_response_line, http_request_content_length, http_request_content_type, http_response_content_length, http_response_content_type, http_request_body, http_response_body, http_cookie, http_referer, http_user_agent, http_set_cookie, http_version, http_response_latency_ms, http_action_file_size, http_session_duration_ms, mail_protocol_type, mail_account, mail_from_cmd, mail_to_cmd, mail_from, mail_to, mail_cc, mail_bcc, mail_subject, mail_attachment_name, dns_message_id, dns_qr, dns_opcode, dns_aa, dns_tc, dns_rd, dns_ra, dns_rcode, dns_qdcount, dns_ancount, dns_nscount, dns_arcount, dns_qname, dns_qtype, dns_qclass, dns_sub, ssl_sni, ssl_san, ssl_cn, ssl_pinningst, ssl_intercept_state, ssl_passthrough_reason, ssl_server_side_latency, ssl_client_side_latency, ssl_server_side_version, ssl_client_side_version, ssl_cert_verify, ssl_error, ssl_con_latency_ms, ssl_ja3_hash, ssl_cert_issuer, ssl_cert_subject, quic_version, quic_sni, quic_user_agent, ftp_account, ftp_url, ftp_content, ftp_link_type, app_extra_info, sip_call_id, sip_originator_description, sip_responder_description, sip_user_agent, sip_server, sip_originator_sdp_connect_ip, sip_originator_sdp_media_port, sip_originator_sdp_media_type, sip_originator_sdp_content, sip_responder_sdp_connect_ip, sip_responder_sdp_media_port, sip_responder_sdp_media_type, sip_responder_sdp_content, sip_duration_s, sip_bye, rtp_payload_type_c2s, rtp_payload_type_s2c, rtp_pcap_path, ssh_version, ssh_auth_success, ssh_client_version, ssh_server_version, ssh_cipher_alg, ssh_mac_alg, ssh_compression_alg, ssh_kex_alg, ssh_host_key_alg, ssh_host_key, ssh_hassh, stratum_cryptocurrency, stratum_mining_pools, stratum_mining_program, rdp_cookie,rdp_security_protocol,rdp_client_channels,rdp_keyboard_layout,rdp_client_version,rdp_client_name,rdp_client_product_id,rdp_desktop_width,rdp_desktop_height,rdp_requested_color_depth,rdp_certificate_type,rdp_certificate_count,rdp_certificate_permanent,rdp_encryption_level,rdp_encryption_method from security_event where common_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time < UNIX_TIMESTAMP('{{end_time}}') and common_namespace_id in(0,1) order by common_recv_time desc limit 0 , 20" + } + ] + } + }, + "response": [] + }, + { + "name": "安全事件分布(预聚合)", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "pm.test(\"Status code is 200\", function () {", + " pm.response.to.have.status(200);", + "});" + ], + "type": "text/javascript" + } + } + ], + "request": { + "method": "GET", + "header": [], + "url": { + "raw": "http://{{qgw_ip}}:{{qgw_port}}/?query=select {{PT1M_TIME}} as stat_time, 'allow' as type, sum(hits) as events from security_event_hits_log where __time >= {{Last 1 Hour Start}} and action=128 group by {{PT1M_TIME}},'allow'\nunion all\nselect {{PT1M_TIME}} as stat_time, 'deny' as type, sum(hits) as events from security_event_hits_log where __time >= {{Last 1 Hour Start}} and action=16 group by {{PT1M_TIME}},'deny'\nunion all\nselect {{PT1M_TIME}} as stat_time, 'monitor' as type, sum(hits) as events from security_event_hits_log where __time >= {{Last 1 Hour Start}} and action=1 group by {{PT1M_TIME}},'monitor'\nunion all\nselect {{PT1M_TIME}} as stat_time, 'intercept' as type, sum(hits) as events from security_event_hits_log where __time >= {{Last 1 Hour Start}} and action=2 group by {{PT1M_TIME}}, 'intercept'", + "protocol": "http", + "host": [ + "{{qgw_ip}}" + ], + "port": "{{qgw_port}}", + "path": [ + "" + ], + "query": [ + { + "key": "query", + "value": "select {{PT1M_TIME}} as stat_time, 'allow' as type, sum(hits) as events from security_event_hits_log where __time >= {{Last 1 Hour Start}} and action=128 group by {{PT1M_TIME}},'allow'\nunion all\nselect {{PT1M_TIME}} as stat_time, 'deny' as type, sum(hits) as events from security_event_hits_log where __time >= {{Last 1 Hour Start}} and action=16 group by {{PT1M_TIME}},'deny'\nunion all\nselect {{PT1M_TIME}} as stat_time, 'monitor' as type, sum(hits) as events from security_event_hits_log where __time >= {{Last 1 Hour Start}} and action=1 group by {{PT1M_TIME}},'monitor'\nunion all\nselect {{PT1M_TIME}} as stat_time, 'intercept' as type, sum(hits) as events from security_event_hits_log where __time >= {{Last 1 Hour Start}} and action=2 group by {{PT1M_TIME}}, 'intercept'" + } + ] + } + }, + "response": [] + }, + { + "name": "安全事件分布(原始)", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "pm.test(\"Status code is 200\", function () {", + " pm.response.to.have.status(200);", + "});" + ], + "type": "text/javascript" + } + } + ], + "request": { + "method": "GET", + "header": [], + "url": { + "raw": "http://{{qgw_ip}}:{{qgw_port}}/?query=select\n {{PT5M_RECV_TIME}} as stat_time,\n (CASE\n WHEN common_action = 1 THEN 'Monitor'\n WHEN common_action = 2 THEN 'Intercept'\n WHEN common_action = 16 THEN 'Deny'\n WHEN common_action = 48 THEN 'Manipulation'\n WHEN common_action = 128 THEN 'Allow'\n ELSE 'None'\n END) as type,\n count(*) as events\nfrom\n security_event where common_recv_time > {{Last 1 Hour Start}} and common_namespace_id in(0,1) \ngroup by\n stat_time,\n common_action order by stat_time asc", + "protocol": "http", + "host": [ + "{{qgw_ip}}" + ], + "port": "{{qgw_port}}", + "path": [ + "" + ], + "query": [ + { + "key": "query", + "value": "select\n {{PT5M_RECV_TIME}} as stat_time,\n (CASE\n WHEN common_action = 1 THEN 'Monitor'\n WHEN common_action = 2 THEN 'Intercept'\n WHEN common_action = 16 THEN 'Deny'\n WHEN common_action = 48 THEN 'Manipulation'\n WHEN common_action = 128 THEN 'Allow'\n ELSE 'None'\n END) as type,\n count(*) as events\nfrom\n security_event where common_recv_time > {{Last 1 Hour Start}} and common_namespace_id in(0,1) \ngroup by\n stat_time,\n common_action order by stat_time asc" + } + ] + } + }, + "response": [] + }, + { + "name": "安全事件总量", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "pm.test(\"Status code is 200\", function () {", + " pm.response.to.have.status(200);", + "});" + ], + "type": "text/javascript" + } + } + ], + "request": { + "method": "GET", + "header": [], + "url": { + "raw": "http://{{qgw_ip}}:{{qgw_port}}/?query=select count(*) as events from security_event where common_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time = UNIX_TIMESTAMP('{{start_time}}') and common_recv_time = UNIX_TIMESTAMP('{{start_time}}') and common_recv_time = UNIX_TIMESTAMP('{{start_time}}') and common_recv_time = UNIX_TIMESTAMP('{{start_time}}') and common_recv_time < UNIX_TIMESTAMP('{{end_time}}') and common_namespace_id in(0,1) order by common_recv_time desc limit 0 , 20", + "protocol": "http", + "host": [ + "{{qgw_ip}}" + ], + "port": "{{qgw_port}}", + "path": [ + "" + ], + "query": [ + { + "key": "query", + "value": "select FROM_UNIXTIME(common_recv_time) as common_recv_time, FROM_UNIXTIME(common_start_time) as common_start_time, FROM_UNIXTIME(common_end_time) as common_end_time,* from proxy_event where common_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time < UNIX_TIMESTAMP('{{end_time}}') and common_namespace_id in(0,1) order by common_recv_time desc limit 0 , 20" + } + ] + } + }, + "response": [] + }, + { + "name": "代理事件动作命中计数", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "pm.test(\"Status code is 200\", function () {", + " pm.response.to.have.status(200);", + "});" + ], + "type": "text/javascript" + } + } + ], + "request": { + "method": "GET", + "header": [], + "url": { + "raw": "http://{{qgw_ip}}:{{qgw_port}}/?query= select common_sub_action , count(*) as hits from proxy_event where common_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time < UNIX_TIMESTAMP('{{end_time}}') and common_namespace_id in(0,1) group by common_sub_action", + "protocol": "http", + "host": [ + "{{qgw_ip}}" + ], + "port": "{{qgw_port}}", + "path": [ + "" + ], + "query": [ + { + "key": "query", + "value": " select common_sub_action , count(*) as hits from proxy_event where common_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time < UNIX_TIMESTAMP('{{end_time}}') and common_namespace_id in(0,1) group by common_sub_action" + } + ] + } + }, + "response": [] + }, + { + "name": "代理事件分布(预聚合)", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "pm.test(\"Status code is 200\", function () {", + " pm.response.to.have.status(200);", + "});" + ], + "type": "text/javascript" + } + } + ], + "request": { + "method": "GET", + "header": [], + "url": { + "raw": "http://{{qgw_ip}}:{{qgw_port}}/?query=select {{PT1M_TIME}} as stat_time, sub_action as type, sum(hits) as events from proxy_event_hits_log where __time >= {{Last 1 Hour Start}} and sub_action='allow' group by {{PT1M_TIME}}, sub_action\nunion all\nselect {{PT1M_TIME}} as stat_time, sub_action as type, sum(hits) as events from proxy_event_hits_log where __time >= {{Last 1 Hour Start}} and sub_action='monitor' group by {{PT1M_TIME}}, sub_action\nunion all\nselect {{PT1M_TIME}} as stat_time, sub_action as type, sum(hits) as events from proxy_event_hits_log where __time >= {{Last 1 Hour Start}} and sub_action='deny' group by {{PT1M_TIME}}, sub_action\nunion all\nselect {{PT1M_TIME}} as stat_time, sub_action as type, sum(hits) as events from proxy_event_hits_log where __time >= {{Last 1 Hour Start}} and sub_action='redirect' group by {{PT1M_TIME}}, sub_action\nunion all\nselect {{PT1M_TIME}} as stat_time, sub_action as type, sum(hits) as events from proxy_event_hits_log where __time >= {{Last 1 Hour Start}} and sub_action='replace' group by {{PT1M_TIME}}, sub_action\nunion all\nselect {{PT1M_TIME}} as stat_time, sub_action as type, sum(hits) as events from proxy_event_hits_log where __time >= {{Last 1 Hour Start}} and sub_action='hijack' group by {{PT1M_TIME}}, sub_action\nunion all\nselect {{PT1M_TIME}} as stat_time, sub_action as type, sum(hits) as events from proxy_event_hits_log where __time >= {{Last 1 Hour Start}} and sub_action='insert' group by {{PT1M_TIME}}, sub_action\n", + "protocol": "http", + "host": [ + "{{qgw_ip}}" + ], + "port": "{{qgw_port}}", + "path": [ + "" + ], + "query": [ + { + "key": "query", + "value": "select {{PT1M_TIME}} as stat_time, sub_action as type, sum(hits) as events from proxy_event_hits_log where __time >= {{Last 1 Hour Start}} and sub_action='allow' group by {{PT1M_TIME}}, sub_action\nunion all\nselect {{PT1M_TIME}} as stat_time, sub_action as type, sum(hits) as events from proxy_event_hits_log where __time >= {{Last 1 Hour Start}} and sub_action='monitor' group by {{PT1M_TIME}}, sub_action\nunion all\nselect {{PT1M_TIME}} as stat_time, sub_action as type, sum(hits) as events from proxy_event_hits_log where __time >= {{Last 1 Hour Start}} and sub_action='deny' group by {{PT1M_TIME}}, sub_action\nunion all\nselect {{PT1M_TIME}} as stat_time, sub_action as type, sum(hits) as events from proxy_event_hits_log where __time >= {{Last 1 Hour Start}} and sub_action='redirect' group by {{PT1M_TIME}}, sub_action\nunion all\nselect {{PT1M_TIME}} as stat_time, sub_action as type, sum(hits) as events from proxy_event_hits_log where __time >= {{Last 1 Hour Start}} and sub_action='replace' group by {{PT1M_TIME}}, sub_action\nunion all\nselect {{PT1M_TIME}} as stat_time, sub_action as type, sum(hits) as events from proxy_event_hits_log where __time >= {{Last 1 Hour Start}} and sub_action='hijack' group by {{PT1M_TIME}}, sub_action\nunion all\nselect {{PT1M_TIME}} as stat_time, sub_action as type, sum(hits) as events from proxy_event_hits_log where __time >= {{Last 1 Hour Start}} and sub_action='insert' group by {{PT1M_TIME}}, sub_action\n" + } + ] + } + }, + "response": [] + }, + { + "name": "代理事件分布(原始)", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "pm.test(\"Status code is 200\", function () {", + " pm.response.to.have.status(200);", + "});" + ], + "type": "text/javascript" + } + } + ], + "request": { + "method": "GET", + "header": [], + "url": { + "raw": "http://{{qgw_ip}}:{{qgw_port}}/?query=select\n {{PT5M_RECV_TIME}} as stat_time,\n common_sub_action as type,\n count(*) as events\nfrom\n proxy_event where common_recv_time > {{Last 1 Hour Start}} and common_namespace_id in(0,1) \ngroup by\n stat_time,\n common_sub_action order by stat_time asc", + "protocol": "http", + "host": [ + "{{qgw_ip}}" + ], + "port": "{{qgw_port}}", + "path": [ + "" + ], + "query": [ + { + "key": "query", + "value": "select\n {{PT5M_RECV_TIME}} as stat_time,\n common_sub_action as type,\n count(*) as events\nfrom\n proxy_event where common_recv_time > {{Last 1 Hour Start}} and common_namespace_id in(0,1) \ngroup by\n stat_time,\n common_sub_action order by stat_time asc" + } + ] + } + }, + "response": [] + }, + { + "name": "代理事件总量", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "pm.test(\"Status code is 200\", function () {", + " pm.response.to.have.status(200);", + "});" + ], + "type": "text/javascript" + } + } + ], + "request": { + "method": "GET", + "header": [], + "url": { + "raw": "http://{{qgw_ip}}:{{qgw_port}}/?query=select count(*) as events from proxy_event where common_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time = UNIX_TIMESTAMP('{{start_time}}') and common_recv_time = UNIX_TIMESTAMP('{{start_time}}') and common_recv_time < UNIX_TIMESTAMP('{{end_time}}') order by common_recv_time desc limit 0 , 20", + "protocol": "http", + "host": [ + "{{qgw_ip}}" + ], + "port": "{{qgw_port}}", + "path": [ + "" + ], + "query": [ + { + "key": "query", + "value": "select FROM_UNIXTIME(common_recv_time) as common_recv_time, FROM_UNIXTIME(common_start_time) as common_start_time, FROM_UNIXTIME(common_end_time) as common_end_time,* from radius_record where common_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time < UNIX_TIMESTAMP('{{end_time}}') order by common_recv_time desc limit 0 , 20" + } + ] + } + }, + "response": [] + }, + { + "name": "GTP-C日志", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "pm.test(\"Status code is 200\", function () {", + " pm.response.to.have.status(200);", + "});" + ], + "type": "text/javascript" + } + } + ], + "request": { + "method": "GET", + "header": [], + "url": { + "raw": "http://{{qgw_ip}}:{{qgw_port}}/?query=select FROM_UNIXTIME(common_recv_time) as common_recv_time, FROM_UNIXTIME(common_start_time) as common_start_time, FROM_UNIXTIME(common_end_time) as common_end_time,* from gtpc_record where common_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time < UNIX_TIMESTAMP('{{end_time}}') order by common_recv_time desc limit 0 , 20", + "protocol": "http", + "host": [ + "{{qgw_ip}}" + ], + "port": "{{qgw_port}}", + "path": [ + "" + ], + "query": [ + { + "key": "query", + "value": "select FROM_UNIXTIME(common_recv_time) as common_recv_time, FROM_UNIXTIME(common_start_time) as common_start_time, FROM_UNIXTIME(common_end_time) as common_end_time,* from gtpc_record where common_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time < UNIX_TIMESTAMP('{{end_time}}') order by common_recv_time desc limit 0 , 20" + } + ] + } + }, + "response": [] + }, + { + "name": "VoIP融合日志", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "pm.test(\"Status code is 200\", function () {", + " pm.response.to.have.status(200);", + "});" + ], + "type": "text/javascript" + } + } + ], + "request": { + "method": "GET", + "header": [], + "url": { + "raw": "http://{{qgw_ip}}:{{qgw_port}}/?query=select FROM_UNIXTIME(common_recv_time) as common_recv_time, FROM_UNIXTIME(common_start_time) as common_start_time, FROM_UNIXTIME(common_end_time) as common_end_time,* from voip_record where common_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time < UNIX_TIMESTAMP('{{end_time}}') order by common_recv_time desc limit 0 , 20", + "protocol": "http", + "host": [ + "{{qgw_ip}}" + ], + "port": "{{qgw_port}}", + "path": [ + "" + ], + "query": [ + { + "key": "query", + "value": "select FROM_UNIXTIME(common_recv_time) as common_recv_time, FROM_UNIXTIME(common_start_time) as common_start_time, FROM_UNIXTIME(common_end_time) as common_end_time,* from voip_record where common_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time < UNIX_TIMESTAMP('{{end_time}}') order by common_recv_time desc limit 0 , 20" + } + ] + } + }, + "response": [] + }, + { + "name": "VoIP融合日志分布", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "pm.test(\"Status code is 200\", function () {", + " pm.response.to.have.status(200);", + "});" + ], + "type": "text/javascript" + } + } + ], + "request": { + "method": "GET", + "header": [], + "url": { + "raw": "http://{{qgw_ip}}:{{qgw_port}}/?query=select\n {{PT5M_RECV_TIME}} as stat_time,\n common_schema_type as type,\n count(*) as count\nfrom\n voip_record\nwhere common_recv_time > {{Last 1 Hour Start}}\ngroup by\n stat_time,\n common_schema_type order by stat_time asc", + "protocol": "http", + "host": [ + "{{qgw_ip}}" + ], + "port": "{{qgw_port}}", + "path": [ + "" + ], + "query": [ + { + "key": "query", + "value": "select\n {{PT5M_RECV_TIME}} as stat_time,\n common_schema_type as type,\n count(*) as count\nfrom\n voip_record\nwhere common_recv_time > {{Last 1 Hour Start}}\ngroup by\n stat_time,\n common_schema_type order by stat_time asc" + } + ] + } + }, + "response": [] + }, + { + "name": "DoS事件", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "pm.test(\"Status code is 200\", function () {", + " pm.response.to.have.status(200);", + "});" + ], + "type": "text/javascript" + } + } + ], + "request": { + "method": "GET", + "header": [], + "url": { + "raw": "http://{{qgw_ip}}:{{qgw_port}}/?query=select\n log_id,\n attack_type,\n source_country_list,\n source_ip_list,\n destination_ip,\n destination_country,\n severity, \n start_time,\n end_time,\n conditions,\n bit_rate,\n packet_rate,\n session_rate from dos_event where\n start_time >= UNIX_TIMESTAMP('{{start_time}}') and start_time < UNIX_TIMESTAMP('{{end_time}}')\norder by start_time desc \nlimit 0,20", + "protocol": "http", + "host": [ + "{{qgw_ip}}" + ], + "port": "{{qgw_port}}", + "path": [ + "" + ], + "query": [ + { + "key": "query", + "value": "select\n log_id,\n attack_type,\n source_country_list,\n source_ip_list,\n destination_ip,\n destination_country,\n severity, \n start_time,\n end_time,\n conditions,\n bit_rate,\n packet_rate,\n session_rate from dos_event where\n start_time >= UNIX_TIMESTAMP('{{start_time}}') and start_time < UNIX_TIMESTAMP('{{end_time}}')\norder by start_time desc \nlimit 0,20" + } + ] + } + }, + "response": [] + }, + { + "name": "DoS事件分布", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "pm.test(\"Status code is 200\", function () {", + " pm.response.to.have.status(200);", + "});" + ], + "type": "text/javascript" + } + } + ], + "request": { + "method": "GET", + "header": [], + "url": { + "raw": "http://{{qgw_ip}}:{{qgw_port}}/?query=select\n FROM_UNIXTIME(TIME_FLOOR_WITH_FILL(start_time,'PT10M')) as stat_time,\n attack_type as type,\n count(*) as count\nfrom\n dos_event\nwhere start_time >= UNIX_TIMESTAMP('{{start_time}}') and start_time < UNIX_TIMESTAMP('{{end_time}}')\ngroup by\n stat_time,\n attack_type\norder by stat_time asc", + "protocol": "http", + "host": [ + "{{qgw_ip}}" + ], + "port": "{{qgw_port}}", + "path": [ + "" + ], + "query": [ + { + "key": "query", + "value": "select\n FROM_UNIXTIME(TIME_FLOOR_WITH_FILL(start_time,'PT10M')) as stat_time,\n attack_type as type,\n count(*) as count\nfrom\n dos_event\nwhere start_time >= UNIX_TIMESTAMP('{{start_time}}') and start_time < UNIX_TIMESTAMP('{{end_time}}')\ngroup by\n stat_time,\n attack_type\norder by stat_time asc" + } + ] + } + }, + "response": [] + }, + { + "name": "DoS事件目标IP趋势", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "pm.test(\"Status code is 200\", function () {", + " pm.response.to.have.status(200);", + "});" + ], + "type": "text/javascript" + } + } + ], + "request": { + "method": "GET", + "header": [], + "url": { + "raw": "http://{{qgw_ip}}:{{qgw_port}}/?query=select FROM_UNIXTIME(TIME_FLOOR_WITH_FILL(UNIX_TIMESTAMP(__time), 'PT5m', 'zero')) as stat_time, \n\tavg(session_rate) as session_rate,\n avg(packet_rate) as packet_rate,\n avg(bit_rate) as bit_rate\nfrom traffic_top_destination_ip_metrics_log\nwhere __time >= '{{start_time}}'\nand __time < '{{end_time}}' and destination_ip='8.8.8.8' and attack_type='TCP SYN Flood'\ngroup by\tFROM_UNIXTIME(TIME_FLOOR_WITH_FILL(UNIX_TIMESTAMP(__time), 'PT5m', 'zero')) ", + "protocol": "http", + "host": [ + "{{qgw_ip}}" + ], + "port": "{{qgw_port}}", + "path": [ + "" + ], + "query": [ + { + "key": "query", + "value": "select FROM_UNIXTIME(TIME_FLOOR_WITH_FILL(UNIX_TIMESTAMP(__time), 'PT5m', 'zero')) as stat_time, \n\tavg(session_rate) as session_rate,\n avg(packet_rate) as packet_rate,\n avg(bit_rate) as bit_rate\nfrom traffic_top_destination_ip_metrics_log\nwhere __time >= '{{start_time}}'\nand __time < '{{end_time}}' and destination_ip='8.8.8.8' and attack_type='TCP SYN Flood'\ngroup by\tFROM_UNIXTIME(TIME_FLOOR_WITH_FILL(UNIX_TIMESTAMP(__time), 'PT5m', 'zero')) " + } + ] + } + }, + "response": [] + } + ] + }, + { + "name": "05.检查数据推荐", + "item": [ + { + "name": "实时查询任务", + "item": [ + { + "name": "提交查询任务(字段发现)", + "event": [ + { + "listen": "prerequest", + "script": { + "exec": [ + "" + ], + "type": "text/javascript" + } + }, + { + "listen": "test", + "script": { + "exec": [ + "tests[\"Successful POST request\"] = responseCode.code === 200 || responseCode.code === 201;" + ], + "type": "text/javascript" + } + } + ], + "request": { + "method": "POST", + "header": [ + { + "key": "Authorization", + "value": "bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpYXQiOjEuNTkzNTIwMTQyMTI4MTA3OGUrNiwiZXhwIjoxNTk2MTEyMTQyLCJpc3MiOiJhcmFuZ29kYiIsInByZWZlcnJlZF91c2VybmFtZSI6InJvb3QifQ==.6KZ2P32UymePwXgB3QudnufM2ZgnKepGzuYYkQHNF0A=", + "type": "text", + "disabled": true + } + ], + "body": { + "mode": "raw", + "raw": "{\r\n \"query.type\": \"field_discovery\",\r\n \"query.data_source\": \"session_record\",\r\n \"query.sample_ratio\": \"1\",\r\n \"custom.field_discovery.fields\": [\r\n \"common_log_id\",\r\n \"common_action\",\r\n \"common_app_label\",\r\n \"common_client_ip\",\r\n \"common_server_ip\",\r\n \"common_client_port\",\r\n \"common_server_port\",\r\n \"common_internal_ip\",\r\n \"common_external_ip\",\r\n \"common_schema_type\",\r\n \"http_url\",\r\n \"http_domain\"\r\n\r\n ],\r\n \"custom.field_discovery.filter\": \"common_recv_time >=toDateTime('2021-12-01 00:00:00') and common_recv_time <=toDateTime('2021-12-10 01:10:00') \"\r\n}", + "options": { + "raw": { + "language": "json" + } + } + }, + "url": { + "raw": "http://{{qgw_ip}}:{{qgw_port}}/admin/query/jobs", + "protocol": "http", + "host": [ + "{{qgw_ip}}" + ], + "port": "{{qgw_port}}", + "path": [ + "admin", + "query", + "jobs" + ] + } + }, + "response": [] + }, + { + "name": "获取任务结果(字段发现)", + "event": [ + { + "listen": "prerequest", + "script": { + "exec": [ + "" + ], + "type": "text/javascript" + } + }, + { + "listen": "test", + "script": { + "exec": [ + "tests[\"Successful POST request\"] = responseCode.code === 200 || responseCode.code === 201;" + ], + "type": "text/javascript" + } + } + ], + "request": { + "method": "GET", + "header": [ + { + "key": "Authorization", + "value": "bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpYXQiOjEuNTkzNTIwMTQyMTI4MTA3OGUrNiwiZXhwIjoxNTk2MTEyMTQyLCJpc3MiOiJhcmFuZ29kYiIsInByZWZlcnJlZF91c2VybmFtZSI6InJvb3QifQ==.6KZ2P32UymePwXgB3QudnufM2ZgnKepGzuYYkQHNF0A=", + "type": "text", + "disabled": true + } + ], + "url": { + "raw": "http://{{qgw_ip}}:{{qgw_port}}/admin/query/jobs/ed25bab143d786d0-7ba890161f8beeeb/field_discovery", + "protocol": "http", + "host": [ + "{{qgw_ip}}" + ], + "port": "{{qgw_port}}", + "path": [ + "admin", + "query", + "jobs", + "ed25bab143d786d0-7ba890161f8beeeb", + "field_discovery" + ] + } + }, + "response": [] + }, + { + "name": "提交查询任务(实时统计)", + "event": [ + { + "listen": "prerequest", + "script": { + "exec": [ + "" + ], + "type": "text/javascript" + } + }, + { + "listen": "test", + "script": { + "exec": [ + "tests[\"Successful POST request\"] = responseCode.code === 200 || responseCode.code === 201;" + ], + "type": "text/javascript" + } + } + ], + "request": { + "method": "POST", + "header": [ + { + "key": "Authorization", + "value": "bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpYXQiOjEuNTkzNTIwMTQyMTI4MTA3OGUrNiwiZXhwIjoxNTk2MTEyMTQyLCJpc3MiOiJhcmFuZ29kYiIsInByZWZlcnJlZF91c2VybmFtZSI6InJvb3QifQ==.6KZ2P32UymePwXgB3QudnufM2ZgnKepGzuYYkQHNF0A=", + "type": "text", + "disabled": true + } + ], + "body": { + "mode": "raw", + "raw": "{\r\n \"query.type\": \"statistics\",\r\n \"query.data_source\": \"session_record\",\r\n \"custom.statistics.sql\":\"select common_client_ip,count(*) as count from session_record where common_recv_time >= UNIX_TIMESTAMP('2022-07-28 00:00:00') and common_recv_time = '{{start_time}}' and __time < '{{end_time}}' ", + "protocol": "http", + "host": [ + "{{qgw_ip}}" + ], + "port": "{{qgw_port}}", + "path": [ + "" + ], + "query": [ + { + "key": "query", + "value": "SELECT SUM(c2s_pkt_num) as c2s_pkt_num,SUM(s2c_pkt_num) as s2c_pkt_num,SUM(c2s_byte_num) as c2s_byte_num,SUM(s2c_byte_num) as s2c_byte_num,SUM(sessions) as sessions FROM traffic_summary_log WHERE __time >= '{{start_time}}' and __time < '{{end_time}}' " + } + ] + } + }, + "response": [] + }, + { + "name": "ClickHouse All Traffic", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "pm.test(\"Status code is 200\", function () {", + " pm.response.to.have.status(200);", + "});" + ], + "type": "text/javascript" + } + } + ], + "request": { + "method": "GET", + "header": [], + "url": { + "raw": "http://{{qgw_ip}}:{{qgw_port}}/?query=SELECT SUM(common_c2s_pkt_num) as c2s_pkt_num,SUM(common_s2c_pkt_num) as s2c_pkt_num,SUM(common_c2s_byte_num) as c2s_byte_num,SUM(common_s2c_byte_num) as s2c_byte_num,SUM(common_sessions) as sessions FROM session_record sr WHERE common_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time < UNIX_TIMESTAMP('{{end_time}}')", + "protocol": "http", + "host": [ + "{{qgw_ip}}" + ], + "port": "{{qgw_port}}", + "path": [ + "" + ], + "query": [ + { + "key": "query", + "value": "SELECT SUM(common_c2s_pkt_num) as c2s_pkt_num,SUM(common_s2c_pkt_num) as s2c_pkt_num,SUM(common_c2s_byte_num) as c2s_byte_num,SUM(common_s2c_byte_num) as s2c_byte_num,SUM(common_sessions) as sessions FROM session_record sr WHERE common_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time < UNIX_TIMESTAMP('{{end_time}}')" + } + ] + } + }, + "response": [] + }, + { + "name": "Druid Uncategorized Traffic", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "pm.test(\"Status code is 200\", function () {", + " pm.response.to.have.status(200);", + "});" + ], + "type": "text/javascript" + } + } + ], + "request": { + "method": "GET", + "header": [], + "url": { + "raw": "http://{{qgw_ip}}:{{qgw_port}}/?query=SELECT SUM(uncategorized_bytes)/1024/1024 as uncategorized_bytes_mb FROM traffic_summary_log WHERE __time >= '{{start_time}}' and __time < '{{end_time}}' ", + "protocol": "http", + "host": [ + "{{qgw_ip}}" + ], + "port": "{{qgw_port}}", + "path": [ + "" + ], + "query": [ + { + "key": "query", + "value": "SELECT SUM(uncategorized_bytes)/1024/1024 as uncategorized_bytes_mb FROM traffic_summary_log WHERE __time >= '{{start_time}}' and __time < '{{end_time}}' " + } + ] + } + }, + "response": [] + }, + { + "name": "ClickHouse Uncategorized Traffic", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "pm.test(\"Status code is 200\", function () {", + " pm.response.to.have.status(200);", + "});" + ], + "type": "text/javascript" + } + } + ], + "request": { + "method": "GET", + "header": [], + "url": { + "raw": "http://{{qgw_ip}}:{{qgw_port}}/?query=SELECT SUM(common_c2s_byte_num+common_s2c_byte_num)/1024/1024 as uncategorized_bytes_mb FROM session_record sr WHERE common_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time < UNIX_TIMESTAMP('{{end_time}}') AND common_l7_protocol = 'UNCATEGORIZED'", + "protocol": "http", + "host": [ + "{{qgw_ip}}" + ], + "port": "{{qgw_port}}", + "path": [ + "" + ], + "query": [ + { + "key": "query", + "value": "SELECT SUM(common_c2s_byte_num+common_s2c_byte_num)/1024/1024 as uncategorized_bytes_mb FROM session_record sr WHERE common_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time < UNIX_TIMESTAMP('{{end_time}}') AND common_l7_protocol = 'UNCATEGORIZED'" + } + ] + } + }, + "response": [] + } + ] + }, + { + "name": "Kafka Topic 监控指标", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "pm.test(\"Status code is 200\", function () {", + " pm.response.to.have.status(200);", + "});" + ], + "type": "text/javascript" + } + } + ], + "request": { + "method": "GET", + "header": [], + "url": { + "raw": "http://{{kafka_load_ip}}:{{kafka_monitor_port}}", + "protocol": "http", + "host": [ + "{{kafka_load_ip}}" + ], + "port": "{{kafka_monitor_port}}" + }, + "description": "## Kafka Topics\n\n```\n在监控指标结果下,直接复制指标进行查找定位,仅需修改\"topic\"里内容。\n```\n\n- kafka_server_BrokerTopicMetrics_MeanRate\n - Topic 消息传输速率均值,可定位当前Topic平均处理多少消息\n - 每秒接收消息:kafka_server_BrokerTopicMetrics_MeanRate{name=\\\"MessagesInPerSec\\\",topic=\\\"CONNECTION-RECORD-LOG\\\",}\n - 每秒失败的请求数量:kafka_server_BrokerTopicMetrics_MeanRate{name=\\\"FailedFetchRequestsPerSec\\\",topic=\\\"CONNECTION-RECORD-LOG\\\",}\n - 每秒失败的生产数量:kafka_server_BrokerTopicMetrics_MeanRate{name=\\\"FailedProduceRequestsPerSec\\\",topic=\\\"CONNECTION-RECORD-LOG\\\",}\n- kafka_server_BrokerTopicMetrics_OneMinuteRate\n - Topic 1分钟内传输消息速率,可定位最近1分钟有无数据\n - 每秒接收消息:kafka_server_BrokerTopicMetrics_OneMinuteRate{name=\\\"MessagesInPerSec\\\",topic=\\\"CONNECTION-RECORD-LOG\\\",}\n - 每秒失败的请求数量:kafka_server_BrokerTopicMetrics_OneMinuteRate{name=\\\"FailedFetchRequestsPerSec\\\",topic=\\\"CONNECTION-RECORD-LOG\\\",}\n - 每秒失败的生产数量:kafka_server_BrokerTopicMetrics_OneMinuteRate{name=\\\"FailedProduceRequestsPerSec\\\",topic=\\\"CONNECTION-RECORD-LOG\\\",}\n- kafka_server_BrokerTopicMetrics_FiveMinuteRate\n - Topic 5分钟内传输消息速率,可定位最近5分钟有无数据\n - 每秒接收消息:kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\\\"MessagesInPerSec\\\",topic=\\\"CONNECTION-RECORD-LOG\\\",}\n - 每秒失败的请求数量:kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\\\"FailedFetchRequestsPerSec\\\",topic=\\\"CONNECTION-RECORD-LOG\\\",}\n - 每秒失败的生产数量:kafka_server_BrokerTopicMetrics_FiveMinuteRate{name=\\\"FailedProduceRequestsPerSec\\\",topic=\\\"CONNECTION-RECORD-LOG\\\",}\n- kafka_server_BrokerTopicMetrics_FifteenMinuteRate\n - Topic 15分钟内传输消息速率,可定位最近15分钟有无数据\n - 每秒接收消息:kafka_server_BrokerTopicMetrics_FifteenMinuteRate{name=\\\"MessagesInPerSec\\\",topic=\\\"CONNECTION-RECORD-LOG\\\",}\n - 每秒失败的请求数量:kafka_server_BrokerTopicMetrics_FifteenMinuteRate{name=\\\"FailedFetchRequestsPerSec\\\",topic=\\\"CONNECTION-RECORD-LOG\\\",}\n - 每秒失败的生产数量:kafka_server_BrokerTopicMetrics_FifteenMinuteRate{name=\\\"FailedProduceRequestsPerSec\\\",topic=\\\"CONNECTION-RECORD-LOG\\\",}" + }, + "response": [] + }, + { + "name": "评估日志重复ID", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "pm.test(\"Status code is 200\", function () {", + " pm.response.to.have.status(200);", + "});" + ], + "type": "text/javascript" + } + } + ], + "request": { + "method": "GET", + "header": [], + "url": { + "raw": "http://{{qgw_ip}}:{{qgw_port}}?query=select 'Session Records' as type, count(*) as num from (select common_log_id,count(*) as num from session_record where common_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time 1) union all select 'Security Events' as type, count(*) as num from (select common_log_id,count(*) as num from security_event where common_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time 1) union all select 'Proxy Events' as type, count(*) as num from (select common_log_id,count(*) as num from proxy_event where common_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time 1)", + "protocol": "http", + "host": [ + "{{qgw_ip}}" + ], + "port": "{{qgw_port}}", + "query": [ + { + "key": "query", + "value": "select 'Session Records' as type, count(*) as num from (select common_log_id,count(*) as num from session_record where common_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time 1) union all select 'Security Events' as type, count(*) as num from (select common_log_id,count(*) as num from security_event where common_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time 1) union all select 'Proxy Events' as type, count(*) as num from (select common_log_id,count(*) as num from proxy_event where common_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time 1)" + } + ] + } + }, + "response": [] + }, + { + "name": "通联索引表正确性验证", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "pm.test(\"Status code is 200\", function () {", + " pm.response.to.have.status(200);", + "});" + ], + "type": "text/javascript" + } + } + ], + "request": { + "method": "GET", + "header": [], + "url": { + "raw": "http://{{qgw_ip}}:{{qgw_port}}?query= select 'Total' as type, count(*) as logs from session_record where\n\tcommon_recv_time >= UNIX_TIMESTAMP({{Last 24 Hour Start}})\n\tand common_recv_time < UNIX_TIMESTAMP({{now}})\nunion all \nselect 'Client IP' as type, count(*) as logs from session_record_common_client_ip where\n\tcommon_recv_time >= UNIX_TIMESTAMP({{Last 24 Hour Start}})\n\tand common_recv_time < UNIX_TIMESTAMP({{now}})\nunion all\nselect 'Server IP' as type, count(*) as logs from session_record_common_server_ip where\n\tcommon_recv_time >= UNIX_TIMESTAMP({{Last 24 Hour Start}})\n\tand common_recv_time < UNIX_TIMESTAMP({{now}})\nunion all\nselect 'Domain' as type, count(*) as logs from session_record_http_domain where\n\tcommon_recv_time >= UNIX_TIMESTAMP({{Last 24 Hour Start}})\n\tand common_recv_time < UNIX_TIMESTAMP({{now}})\n", + "protocol": "http", + "host": [ + "{{qgw_ip}}" + ], + "port": "{{qgw_port}}", + "query": [ + { + "key": "query", + "value": " select 'Total' as type, count(*) as logs from session_record where\n\tcommon_recv_time >= UNIX_TIMESTAMP({{Last 24 Hour Start}})\n\tand common_recv_time < UNIX_TIMESTAMP({{now}})\nunion all \nselect 'Client IP' as type, count(*) as logs from session_record_common_client_ip where\n\tcommon_recv_time >= UNIX_TIMESTAMP({{Last 24 Hour Start}})\n\tand common_recv_time < UNIX_TIMESTAMP({{now}})\nunion all\nselect 'Server IP' as type, count(*) as logs from session_record_common_server_ip where\n\tcommon_recv_time >= UNIX_TIMESTAMP({{Last 24 Hour Start}})\n\tand common_recv_time < UNIX_TIMESTAMP({{now}})\nunion all\nselect 'Domain' as type, count(*) as logs from session_record_http_domain where\n\tcommon_recv_time >= UNIX_TIMESTAMP({{Last 24 Hour Start}})\n\tand common_recv_time < UNIX_TIMESTAMP({{now}})\n" + } + ] + } + }, + "response": [] + }, + { + "name": "评估日志预处理", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "pm.test(\"Status code is 200\", function () {", + " pm.response.to.have.status(200);", + "});" + ], + "type": "text/javascript" + } + } + ], + "request": { + "method": "GET", + "header": [], + "url": { + "raw": "http://{{qgw_ip}}:{{qgw_port}}?query=select 'session_record' as type, round(count(*)/300,0) as \"logs/sec\", round(avg(common_processing_time-common_ingestion_time),2) as \"avg_etl_latency(s)\", round(avg(common_ingestion_time-common_end_time),2) as \"avg_ingestion_latency(s)\"\nfrom\n\tsession_record crl \nwhere\n\tcommon_recv_time >= UNIX_TIMESTAMP({{Last 5 Minutes Start}})\n\tand common_recv_time < UNIX_TIMESTAMP({{now}}) union all select 'live_session_record' as type, round(count(*)/300,0) as \"logs/sec\", round(avg(common_processing_time-common_ingestion_time),2) as \"avg_etl_latency(s)\", round(avg(common_ingestion_time-common_end_time),2) as \"avg_ingestion_latency(s)\"\nfrom\n\tinterim_session_record crl \nwhere\n\tcommon_recv_time >= UNIX_TIMESTAMP({{Last 5 Minutes Start}})\n\tand common_recv_time < UNIX_TIMESTAMP({{now}}) union all select 'transaction_record' as type, round(count(*)/300,0) as \"logs/sec\", round(avg(common_processing_time-common_ingestion_time),2) as \"etl_latency(s)\" , round(avg(common_ingestion_time-common_end_time),2) as \"avg_ingestion_latency(s)\"\n\tfrom transaction_record crl \nwhere\n\tcommon_recv_time >= UNIX_TIMESTAMP({{Last 5 Minutes Start}})\n\tand common_recv_time < UNIX_TIMESTAMP({{now}}) union all select 'security_event' as type, round(count(*)/300,0) as \"logs/sec\", round(avg(common_processing_time-common_ingestion_time),2) as \"avg_etl_latency(s)\", round(avg(common_ingestion_time-common_end_time),2) as \"avg_ingestion_latency(s)\"\nfrom\n\tsecurity_event crl \nwhere\n\tcommon_recv_time >= UNIX_TIMESTAMP({{Last 5 Minutes Start}})\n\tand common_recv_time < UNIX_TIMESTAMP({{now}})\nunion all select 'proxy_event' as type, round(count(*)/300,0) as \"logs/sec\", round(avg(common_processing_time-common_ingestion_time),2) as \"avg_etl_latency(s)\", round(avg(common_ingestion_time-common_end_time),2) as \"avg_ingestion_latency(s)\"\nfrom\n\tproxy_event crl \nwhere\n\tcommon_recv_time >= UNIX_TIMESTAMP({{Last 5 Minutes Start}})\n\tand common_recv_time < UNIX_TIMESTAMP({{now}})\n union all select 'radius_record' as type, round(count(*)/300,0) as \"logs/sec\", round(avg(common_processing_time-common_ingestion_time),2) as \"avg_etl_latency(s)\", round(avg(common_ingestion_time-common_end_time),2) as \"avg_ingestion_latency(s)\"\nfrom\n\tradius_record crl \nwhere\n\tcommon_recv_time >= UNIX_TIMESTAMP({{Last 5 Minutes Start}})\n\tand common_recv_time < UNIX_TIMESTAMP({{now}}) union all select 'gtpc_record' as type, round(count(*)/300,0) as \"logs/sec\",round(avg(common_processing_time-common_ingestion_time),2) as \"avg_etl_latency(s)\", round(avg(common_processing_time-common_ingestion_time),2) as \"avg_etl_latency(s)\"\nfrom\n\tgtpc_record crl \nwhere\n\tcommon_recv_time >= UNIX_TIMESTAMP({{Last 5 Minutes Start}})\n\tand common_recv_time < UNIX_TIMESTAMP({{now}})", + "protocol": "http", + "host": [ + "{{qgw_ip}}" + ], + "port": "{{qgw_port}}", + "query": [ + { + "key": "query", + "value": "select 'session_record' as type, round(count(*)/300,0) as \"logs/sec\", round(avg(common_processing_time-common_ingestion_time),2) as \"avg_etl_latency(s)\", round(avg(common_ingestion_time-common_end_time),2) as \"avg_ingestion_latency(s)\"\nfrom\n\tsession_record crl \nwhere\n\tcommon_recv_time >= UNIX_TIMESTAMP({{Last 5 Minutes Start}})\n\tand common_recv_time < UNIX_TIMESTAMP({{now}}) union all select 'live_session_record' as type, round(count(*)/300,0) as \"logs/sec\", round(avg(common_processing_time-common_ingestion_time),2) as \"avg_etl_latency(s)\", round(avg(common_ingestion_time-common_end_time),2) as \"avg_ingestion_latency(s)\"\nfrom\n\tinterim_session_record crl \nwhere\n\tcommon_recv_time >= UNIX_TIMESTAMP({{Last 5 Minutes Start}})\n\tand common_recv_time < UNIX_TIMESTAMP({{now}}) union all select 'transaction_record' as type, round(count(*)/300,0) as \"logs/sec\", round(avg(common_processing_time-common_ingestion_time),2) as \"etl_latency(s)\" , round(avg(common_ingestion_time-common_end_time),2) as \"avg_ingestion_latency(s)\"\n\tfrom transaction_record crl \nwhere\n\tcommon_recv_time >= UNIX_TIMESTAMP({{Last 5 Minutes Start}})\n\tand common_recv_time < UNIX_TIMESTAMP({{now}}) union all select 'security_event' as type, round(count(*)/300,0) as \"logs/sec\", round(avg(common_processing_time-common_ingestion_time),2) as \"avg_etl_latency(s)\", round(avg(common_ingestion_time-common_end_time),2) as \"avg_ingestion_latency(s)\"\nfrom\n\tsecurity_event crl \nwhere\n\tcommon_recv_time >= UNIX_TIMESTAMP({{Last 5 Minutes Start}})\n\tand common_recv_time < UNIX_TIMESTAMP({{now}})\nunion all select 'proxy_event' as type, round(count(*)/300,0) as \"logs/sec\", round(avg(common_processing_time-common_ingestion_time),2) as \"avg_etl_latency(s)\", round(avg(common_ingestion_time-common_end_time),2) as \"avg_ingestion_latency(s)\"\nfrom\n\tproxy_event crl \nwhere\n\tcommon_recv_time >= UNIX_TIMESTAMP({{Last 5 Minutes Start}})\n\tand common_recv_time < UNIX_TIMESTAMP({{now}})\n union all select 'radius_record' as type, round(count(*)/300,0) as \"logs/sec\", round(avg(common_processing_time-common_ingestion_time),2) as \"avg_etl_latency(s)\", round(avg(common_ingestion_time-common_end_time),2) as \"avg_ingestion_latency(s)\"\nfrom\n\tradius_record crl \nwhere\n\tcommon_recv_time >= UNIX_TIMESTAMP({{Last 5 Minutes Start}})\n\tand common_recv_time < UNIX_TIMESTAMP({{now}}) union all select 'gtpc_record' as type, round(count(*)/300,0) as \"logs/sec\",round(avg(common_processing_time-common_ingestion_time),2) as \"avg_etl_latency(s)\", round(avg(common_processing_time-common_ingestion_time),2) as \"avg_etl_latency(s)\"\nfrom\n\tgtpc_record crl \nwhere\n\tcommon_recv_time >= UNIX_TIMESTAMP({{Last 5 Minutes Start}})\n\tand common_recv_time < UNIX_TIMESTAMP({{now}})" + } + ] + } + }, + "response": [] + }, + { + "name": "查询clickhouse集群列表", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "tests[\"Successful POST request\"] = responseCode.code === 200 || responseCode.code === 201;" + ], + "type": "text/javascript" + } + } + ], + "request": { + "method": "POST", + "header": [], + "url": { + "raw": "http://{{clickhouse_ip}}:{{clickhouse_port}}?database={{clickhouse_database}}&user={{clickhouse_user}}&password={{clickhouse_password}}&query=SELECT DISTINCT concat(host_address,':','8123') as endpoint FROM system.clusters FORMAT JSON;", + "protocol": "http", + "host": [ + "{{clickhouse_ip}}" + ], + "port": "{{clickhouse_port}}", + "query": [ + { + "key": "database", + "value": "{{clickhouse_database}}" + }, + { + "key": "user", + "value": "{{clickhouse_user}}" + }, + { + "key": "password", + "value": "{{clickhouse_password}}" + }, + { + "key": "query", + "value": "SELECT DISTINCT concat(host_address,':','8123') as endpoint FROM system.clusters FORMAT JSON;" + } + ] + } + }, + "response": [] + }, + { + "name": "Dashboard-活跃连接为0问题", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "pm.test(\"Status code is 200\", function () {", + " pm.response.to.have.status(200);", + "});" + ], + "type": "text/javascript" + } + } + ], + "request": { + "method": "GET", + "header": [], + "url": { + "raw": "http://{{qgw_ip}}:{{qgw_port}}?query=select\n\t\tsum(total_hit_sessions) as total_hit_sessions,\n\t\tsum(total_bytes_transferred) as total_bytes_transferred,\n\t\tsum(total_packets_transferred) as total_packets_transferred,\n\t\tsum(total_new_sessions) as total_new_sessions ,\n\t\tsum(total_close_sessions) as total_close_sessions,\n\t\tsum(average_new_sessions_per_second) as average_new_sessions_per_second ,\n\t\tsum(average_bytes_per_second) as average_bytes_per_second ,\n\t\tsum(average_packets_per_second) as average_packets_per_second ,\n\t\tCOUNT(DISTINCT(device_id)) as device_num,\n\t\tsum(live_sessions) as average_live_sessions\n\tfrom\n\t\t(\n\t\tselect\n\t\t\tdevice_id, \n\t\t\tsum(total_hit_sessions) as total_hit_sessions,\n\t\t\tsum(total_bytes_transferred) as total_bytes_transferred,\n\t\t\tsum(total_packets_transferred) as total_packets_transferred,\n\t\t\tsum(total_new_sessions) as total_new_sessions,\n\t\t sum(total_close_sessions) as total_close_sessions,\n\t\t avg(total_new_sessions)/ 300 as average_new_sessions_per_second,\n\t\t avg(total_bytes_transferred)* 8 / 300 as average_bytes_per_second,\n\t\t avg(total_packets_transferred)/ 300 as average_packets_per_second,\n\t\t\tavg(live_sessions) as live_sessions\n\t\tfrom (select TIME_FLOOR_WITH_FILL(UNIX_TIMESTAMP(__time),'PT5M') as stat_time, device_id, \n\t\t\tsum(intercept_conn_num + monitor_conn_num + deny_conn_num + allow_conn_num) as total_hit_sessions,\n\t\t\tsum(total_in_bytes + total_out_bytes) as total_bytes_transferred,\n\t\t\tsum(total_in_packets + total_out_packets) as total_packets_transferred,\n\t\t\tsum(new_conn_num) as total_new_sessions,\n\t\t sum(close_conn_num) as total_close_sessions,\n\t\t max(established_conn_num) as live_sessions\n from traffic_metrics_log \n \n\t\t group by\n\t\t TIME_FLOOR_WITH_FILL(UNIX_TIMESTAMP(__time),'PT5M'),\tdevice_id\n\t\t )\n\t\n\t\tgroup by\n\t\t device_id)", + "protocol": "http", + "host": [ + "{{qgw_ip}}" + ], + "port": "{{qgw_port}}", + "query": [ + { + "key": "query", + "value": "select\n\t\tsum(total_hit_sessions) as total_hit_sessions,\n\t\tsum(total_bytes_transferred) as total_bytes_transferred,\n\t\tsum(total_packets_transferred) as total_packets_transferred,\n\t\tsum(total_new_sessions) as total_new_sessions ,\n\t\tsum(total_close_sessions) as total_close_sessions,\n\t\tsum(average_new_sessions_per_second) as average_new_sessions_per_second ,\n\t\tsum(average_bytes_per_second) as average_bytes_per_second ,\n\t\tsum(average_packets_per_second) as average_packets_per_second ,\n\t\tCOUNT(DISTINCT(device_id)) as device_num,\n\t\tsum(live_sessions) as average_live_sessions\n\tfrom\n\t\t(\n\t\tselect\n\t\t\tdevice_id, \n\t\t\tsum(total_hit_sessions) as total_hit_sessions,\n\t\t\tsum(total_bytes_transferred) as total_bytes_transferred,\n\t\t\tsum(total_packets_transferred) as total_packets_transferred,\n\t\t\tsum(total_new_sessions) as total_new_sessions,\n\t\t sum(total_close_sessions) as total_close_sessions,\n\t\t avg(total_new_sessions)/ 300 as average_new_sessions_per_second,\n\t\t avg(total_bytes_transferred)* 8 / 300 as average_bytes_per_second,\n\t\t avg(total_packets_transferred)/ 300 as average_packets_per_second,\n\t\t\tavg(live_sessions) as live_sessions\n\t\tfrom (select TIME_FLOOR_WITH_FILL(UNIX_TIMESTAMP(__time),'PT5M') as stat_time, device_id, \n\t\t\tsum(intercept_conn_num + monitor_conn_num + deny_conn_num + allow_conn_num) as total_hit_sessions,\n\t\t\tsum(total_in_bytes + total_out_bytes) as total_bytes_transferred,\n\t\t\tsum(total_in_packets + total_out_packets) as total_packets_transferred,\n\t\t\tsum(new_conn_num) as total_new_sessions,\n\t\t sum(close_conn_num) as total_close_sessions,\n\t\t max(established_conn_num) as live_sessions\n from traffic_metrics_log \n \n\t\t group by\n\t\t TIME_FLOOR_WITH_FILL(UNIX_TIMESTAMP(__time),'PT5M'),\tdevice_id\n\t\t )\n\t\n\t\tgroup by\n\t\t device_id)" + } + ] + } + }, + "response": [] + } + ] + }, + { + "name": "查询网关", + "item": [ + { + "name": "Top查询优化", + "item": [ + { + "name": "可优化-标准Group By", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "pm.test(\"Status code is 200\", function () {", + " pm.response.to.have.status(200);", + "});" + ], + "type": "text/javascript" + } + } + ], + "request": { + "method": "GET", + "header": [], + "url": { + "raw": "http://{{qgw_ip}}:{{qgw_port}}/?query=SELECT common_server_ip ,count(*) AS count, median(common_c2s_byte_num) as median_byte_num,min(common_c2s_byte_num) as min_byte_num,sum(common_c2s_byte_num+common_s2c_byte_num) as bytes FROM tsg_galaxy_v3.session_record AS session_record WHERE common_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time = UNIX_TIMESTAMP('{{start_time}}') and common_recv_time = UNIX_TIMESTAMP('{{start_time}}') and common_recv_time = UNIX_TIMESTAMP('{{start_time}}') and common_recv_time = UNIX_TIMESTAMP('{{start_time}}') and common_recv_time = UNIX_TIMESTAMP('{{start_time}}') and common_recv_time = UNIX_TIMESTAMP('{{start_time}}') and common_recv_time = UNIX_TIMESTAMP('{{start_time}}') and common_recv_time = UNIX_TIMESTAMP('{{start_time}}') and common_recv_time = UNIX_TIMESTAMP('{{start_time}}') and common_recv_time = UNIX_TIMESTAMP('{{start_time}}') and common_recv_time = UNIX_TIMESTAMP('{{start_time}}') and common_recv_time = UNIX_TIMESTAMP('{{start_time}}') and common_recv_time = UNIX_TIMESTAMP('{{start_time}}') and common_recv_time = UNIX_TIMESTAMP('{{start_time}}') and common_recv_time = UNIX_TIMESTAMP('{{start_time}}') and common_recv_time = UNIX_TIMESTAMP('{{start_time}}') and common_recv_time = UNIX_TIMESTAMP('{{start_time}}') and common_recv_time 0 ) {", + " var ptotocl_stat_bytes = responseJson.data[0].total_bytes_gb;", + " var traffic_summary_bytes = responseJson.data[1].total_bytes_gb;", + " if (traffic_summary_bytes > 0){", + " var pertentile =100 - (ptotocl_stat_bytes/traffic_summary_bytes).toFixed(2) * 100;", + " if (pertentile <10 && pertentile > -10) {", + " pm.response.to.be.ok;", + " } else {", + " pm.response.to.be.error;", + " }", + " console.log(\"The pertentile is \" + pertentile + \"%\");", + " pm.response.to.have.status(200);", + " } else if(ptotocl_stat_bytes==0 && traffic_summary_bytes==0) {", + " console.log(\"No data.\");", + " pm.response.to.have.status(200);", + " } else {", + " pm.response.to.be.error;", + " }", + " } else {", + " console.log(\"No data.\");", + " pm.response.to.have.status(200);", + " }", + " ", + "", + "});" + ], + "type": "text/javascript" + } + } + ], + "request": { + "method": "GET", + "header": [], + "url": { + "raw": "http://{{qgw_ip}}:{{qgw_port}}/?query=SELECT sum(c2s_byte_num + s2c_byte_num ) *1.0 / 1024 / 1024 / 1024 as total_bytes_gb,sum(sessions) as sessions\nFROM traffic_protocol_stat_log\nWHERE __time >= FROM_UNIXTIME(UNIX_TIMESTAMP(now())-86400) and protocol_id = 'ETHERNET'\nUNION ALL \nSELECT sum(c2s_byte_num + s2c_byte_num ) *1.0 / 1024/ 1024/ 1024 as total_bytes_gb, sum(sessions) as sessions\nFROM traffic_summary_log\nWHERE __time >= FROM_UNIXTIME(UNIX_TIMESTAMP(now())-86400)", + "protocol": "http", + "host": [ + "{{qgw_ip}}" + ], + "port": "{{qgw_port}}", + "path": [ + "" + ], + "query": [ + { + "key": "query", + "value": "SELECT sum(c2s_byte_num + s2c_byte_num ) *1.0 / 1024 / 1024 / 1024 as total_bytes_gb,sum(sessions) as sessions\nFROM traffic_protocol_stat_log\nWHERE __time >= FROM_UNIXTIME(UNIX_TIMESTAMP(now())-86400) and protocol_id = 'ETHERNET'\nUNION ALL \nSELECT sum(c2s_byte_num + s2c_byte_num ) *1.0 / 1024/ 1024/ 1024 as total_bytes_gb, sum(sessions) as sessions\nFROM traffic_summary_log\nWHERE __time >= FROM_UNIXTIME(UNIX_TIMESTAMP(now())-86400)" + } + ] + } + }, + "response": [] + }, + { + "name": "自定义函数-IP映射", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "pm.test(\"Status code is 200\", function () {", + " pm.response.to.have.status(200);", + "});" + ], + "type": "text/javascript" + } + } + ], + "request": { + "method": "GET", + "header": [], + "url": { + "raw": "http://{{qgw_ip}}:{{qgw_port}}/?query=select IP_TO_GEO(common_server_ip) as geo,IP_TO_COUNTRY(common_server_ip) as country, IP_TO_CITY(common_server_ip) as city from session_record limit 10", + "protocol": "http", + "host": [ + "{{qgw_ip}}" + ], + "port": "{{qgw_port}}", + "path": [ + "" + ], + "query": [ + { + "key": "query", + "value": "select IP_TO_GEO(common_server_ip) as geo,IP_TO_COUNTRY(common_server_ip) as country, IP_TO_CITY(common_server_ip) as city from session_record limit 10" + } + ] + } + }, + "response": [] + } + ] + }, + { + "name": "基数统计", + "item": [ + { + "name": "Total", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "pm.test(\"Status code is 200\", function () {", + " pm.response.to.have.status(200);", + "});" + ], + "type": "text/javascript" + } + } + ], + "protocolProfileBehavior": { + "disableBodyPruning": true + }, + "request": { + "method": "GET", + "header": [], + "body": { + "mode": "formdata", + "formdata": [] + }, + "url": { + "raw": "http://{{qgw_ip}}:{{qgw_port}}/?query=select\n\tround(tcp_logs / logs, 2) as \"TCP Percentage\",\n\tround(udp_logs / logs, 2) as \"UDP Percentage\",\n\tround(egress_bytes / bytes, 2) as \"Egress Percentage\",\n\tround(ingress_bytes / bytes, 2) as \"Ingress Percentage\",\n\ttcp_logs as \"TCP Logs\",\n\tudp_logs as \"UDP Logs\",\n\tlogs as \"Logs\",\n\tegress_bytes as \"Egress Bytes\",\n\tingress_bytes as \"Ingress Bytes\",\n\tbytes as \"Bytes\"\nfrom\n\t(select\n\t\tsum(if(common_l4_protocol in('IPv4_TCP', 'IPv6_TCP'), 1, 0)) as tcp_logs,\n\t\tsum(if(common_l4_protocol in('IPv4_UDP', 'IPv6_UDP'), 1, 0)) as udp_logs,\n\t sum(if(common_direction = 69, common_c2s_byte_num, common_s2c_byte_num)) as egress_bytes,\n\t sum(if(common_direction = 73, common_c2s_byte_num, common_s2c_byte_num)) as ingress_bytes,\n\t\tcount(*) as logs,\n\t\tsum(common_c2s_byte_num + common_s2c_byte_num) as bytes\n\tfrom\n\t\tsession_record as sub_connection where common_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time = UNIX_TIMESTAMP('{{start_time}}') and common_recv_time = UNIX_TIMESTAMP('{{start_time}}') and common_recv_time = UNIX_TIMESTAMP('{{start_time}}') and common_recv_time = UNIX_TIMESTAMP('{{start_time}}') and common_recv_time = UNIX_TIMESTAMP('{{start_time}}') and common_recv_time = UNIX_TIMESTAMP('{{start_time}}') and common_recv_time = UNIX_TIMESTAMP('{{start_time}}') and common_recv_time = UNIX_TIMESTAMP('{{start_time}}') and common_recv_time = UNIX_TIMESTAMP('{{start_time}}') and common_recv_time = UNIX_TIMESTAMP('{{start_time}}') and common_recv_time = UNIX_TIMESTAMP('{{start_time}}') and common_recv_time = UNIX_TIMESTAMP('{{start_time}}') and common_recv_time = UNIX_TIMESTAMP('{{start_time}}') and common_recv_time = UNIX_TIMESTAMP('{{start_time}}') and common_recv_time = UNIX_TIMESTAMP('{{start_time}}') and common_recv_time = UNIX_TIMESTAMP('{{start_time}}') and common_recv_time = UNIX_TIMESTAMP('{{start_time}}') and common_recv_time = UNIX_TIMESTAMP('{{start_time}}') and common_recv_time = UNIX_TIMESTAMP('{{start_time}}') and common_recv_time = UNIX_TIMESTAMP('{{start_time}}') and common_recv_time = UNIX_TIMESTAMP('{{start_time}}') and common_recv_time = UNIX_TIMESTAMP('{{start_time}}') and common_recv_time = UNIX_TIMESTAMP('{{start_time}}') and common_recv_time = UNIX_TIMESTAMP('{{start_time}}') and common_recv_time = UNIX_TIMESTAMP('{{start_time}}') and common_recv_time = UNIX_TIMESTAMP('{{start_time}}') and common_recv_time = UNIX_TIMESTAMP('{{start_time}}') and common_recv_time = UNIX_TIMESTAMP('{{start_time}}') and common_recv_time = UNIX_TIMESTAMP('{{start_time}}') and common_recv_time = UNIX_TIMESTAMP('{{start_time}}') and common_recv_time = UNIX_TIMESTAMP('{{start_time}}') and common_recv_time = UNIX_TIMESTAMP('{{start_time}}') and common_recv_time = UNIX_TIMESTAMP('{{start_time}}') and common_recv_time = UNIX_TIMESTAMP('{{start_time}}') and common_recv_time = UNIX_TIMESTAMP('{{start_time}}') and common_recv_time = UNIX_TIMESTAMP('{{start_time}}') and common_recv_time = UNIX_TIMESTAMP('{{start_time}}') and common_recv_time = UNIX_TIMESTAMP('{{start_time}}') and common_recv_time = UNIX_TIMESTAMP('{{start_time}}') and common_recv_time = UNIX_TIMESTAMP('{{start_time}}') and common_recv_time = UNIX_TIMESTAMP('{{start_time}}') and common_recv_time = UNIX_TIMESTAMP('{{start_time}}') and common_recv_time = UNIX_TIMESTAMP('{{start_time}}') and common_recv_time = UNIX_TIMESTAMP('{{start_time}}') and common_recv_time = UNIX_TIMESTAMP('{{start_time}}') and common_recv_time = UNIX_TIMESTAMP('{{start_time}}') and common_recv_time = UNIX_TIMESTAMP('{{start_time}}') and common_recv_time = UNIX_TIMESTAMP('{{start_time}}') and common_recv_time = UNIX_TIMESTAMP('{{start_time}}') and common_recv_time = UNIX_TIMESTAMP('{{start_time}}') and common_recv_time = UNIX_TIMESTAMP('{{start_time}}') and common_recv_time = UNIX_TIMESTAMP('{{start_time}}') and common_recv_time = UNIX_TIMESTAMP('{{start_time}}') and common_recv_time = UNIX_TIMESTAMP('{{start_time}}') and common_recv_time = UNIX_TIMESTAMP('{{start_time}}') and common_recv_time = UNIX_TIMESTAMP('{{start_time}}') and common_recv_time = UNIX_TIMESTAMP('{{start_time}}') and common_recv_time = UNIX_TIMESTAMP('{{start_time}}') and common_recv_time = UNIX_TIMESTAMP('{{start_time}}') and common_recv_time = UNIX_TIMESTAMP('{{start_time}}') and common_recv_time = UNIX_TIMESTAMP('{{start_time}}') and common_recv_time = UNIX_TIMESTAMP('{{start_time}}') and common_recv_time = UNIX_TIMESTAMP('{{start_time}}') and common_recv_time = UNIX_TIMESTAMP('{{start_time}}') and common_recv_time = UNIX_TIMESTAMP('{{start_time}}') and common_recv_time = UNIX_TIMESTAMP('{{start_time}}') and common_recv_time = UNIX_TIMESTAMP('{{start_time}}') and common_recv_time = UNIX_TIMESTAMP('{{start_time}}') and common_recv_time = UNIX_TIMESTAMP('{{start_time}}') and common_recv_time = UNIX_TIMESTAMP('{{start_time}}') and common_recv_time = UNIX_TIMESTAMP('{{start_time}}') and common_recv_time = UNIX_TIMESTAMP('{{start_time}}') and common_recv_time = UNIX_TIMESTAMP('{{start_time}}') and common_recv_time = UNIX_TIMESTAMP('{{start_time}}') and common_recv_time = UNIX_TIMESTAMP('{{start_time}}') and common_recv_time = UNIX_TIMESTAMP('{{start_time}}') and common_recv_time = UNIX_TIMESTAMP('{{start_time}}') and common_recv_time = UNIX_TIMESTAMP('{{start_time}}') and common_recv_time = UNIX_TIMESTAMP('{{start_time}}') and common_recv_time = UNIX_TIMESTAMP('{{start_time}}') and common_recv_time = UNIX_TIMESTAMP('{{start_time}}') and common_recv_time = UNIX_TIMESTAMP('{{start_time}}') and common_recv_time = UNIX_TIMESTAMP('{{start_time}}') and common_recv_time = toDateTime('2022-07-19 00:00:00'))\n\t\tAND (common_recv_time < toDateTime('2022-07-20 00:00:00'))\n\tGROUP BY\n\t\tstat_time, common_app_label\n) group by common_app_label order by \"AVG Mbits / s\" desc", + "protocol": "http", + "host": [ + "{{qgw_ip}}" + ], + "port": "{{qgw_port}}", + "path": [ + "" + ], + "query": [ + { + "key": "option", + "value": "long-term", + "disabled": true + }, + { + "key": "resultId", + "value": "129494", + "disabled": true + }, + { + "key": "query", + "value": "SELECT\n common_app_label,\t\n round(median(traffic_bytes) * 8 / 1000 / 1000 / 300,2) AS \"Medain Mbits/s\",\n\tround(avg(traffic_bytes) * 8 / 1000 / 1000 / 300,2) AS \"AVG Mbits / s\",\n\tround(QUANTILE(traffic_bytes, 0.95) * 8 / 1000 / 1000 / 300,2) as \"P95 Mbits / s\"\nFROM\n\t(\n\tSELECT\n\t common_app_label,\n\t\ttoDateTime(intDiv(toUInt32(toDateTime(toDateTime(common_recv_time))),300) * 300) as stat_time,\n\t\tround(sum(common_c2s_byte_num + common_s2c_byte_num)/ uniq(common_server_ip),2) as traffic_bytes\n\tFROM\n\t\tsession_record as ss\n\tWHERE\n\t\t(common_recv_time >= toDateTime('2022-07-19 00:00:00'))\n\t\tAND (common_recv_time < toDateTime('2022-07-20 00:00:00'))\n\tGROUP BY\n\t\tstat_time, common_app_label\n) group by common_app_label order by \"AVG Mbits / s\" desc" + } + ] + } + }, + "response": [] + } + ] + }, + { + "name": "存储配额检查", + "item": [ + { + "name": "存储配额-bytes_on_disk(Clickhouse)", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "tests[\"Successful POST request\"] = responseCode.code === 200 || responseCode.code === 201;" + ], + "type": "text/javascript" + } + } + ], + "request": { + "method": "POST", + "header": [], + "url": { + "raw": "http://{{clickhouse_ip}}:{{clickhouse_port}}?database={{clickhouse_database}}&user={{clickhouse_user}}&password={{clickhouse_password}}&query=SELECT SUM(`bytes_on_disk`) FROM system.parts WHERE database ='{{clickhouse_database}}'", + "protocol": "http", + "host": [ + "{{clickhouse_ip}}" + ], + "port": "{{clickhouse_port}}", + "query": [ + { + "key": "database", + "value": "{{clickhouse_database}}" + }, + { + "key": "user", + "value": "{{clickhouse_user}}" + }, + { + "key": "password", + "value": "{{clickhouse_password}}" + }, + { + "key": "query", + "value": "SELECT SUM(`bytes_on_disk`) FROM system.parts WHERE database ='{{clickhouse_database}}'" + } + ] + } + }, + "response": [] + }, + { + "name": "存储配额-total_space(Clickhouse)", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "tests[\"Successful POST request\"] = responseCode.code === 200 || responseCode.code === 201;" + ], + "type": "text/javascript" + } + } + ], + "request": { + "method": "POST", + "header": [], + "url": { + "raw": "http://{{clickhouse_ip}}:{{clickhouse_port}}?database={{clickhouse_database}}&user={{clickhouse_user}}&password={{clickhouse_password}}&query=SELECT SUM(`total_space`) FROM system.disks", + "protocol": "http", + "host": [ + "{{clickhouse_ip}}" + ], + "port": "{{clickhouse_port}}", + "query": [ + { + "key": "database", + "value": "{{clickhouse_database}}" + }, + { + "key": "user", + "value": "{{clickhouse_user}}" + }, + { + "key": "password", + "value": "{{clickhouse_password}}" + }, + { + "key": "query", + "value": "SELECT SUM(`total_space`) FROM system.disks" + } + ] + } + }, + "response": [] + }, + { + "name": "存储配额-昨天的bytes_on_disk(Clickhouse)", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "tests[\"Successful POST request\"] = responseCode.code === 200 || responseCode.code === 201;" + ], + "type": "text/javascript" + } + } + ], + "request": { + "method": "POST", + "header": [], + "url": { + "raw": "http://{{clickhouse_ip}}:{{clickhouse_port}}?database={{clickhouse_database}}&user={{clickhouse_user}}&password={{clickhouse_password}}&query=SELECT SUM(bytes_on_disk) FROM system.parts WHERE database = '{{clickhouse_database}}' AND partition =toString(toYYYYMMDD(yesterday()));", + "protocol": "http", + "host": [ + "{{clickhouse_ip}}" + ], + "port": "{{clickhouse_port}}", + "query": [ + { + "key": "database", + "value": "{{clickhouse_database}}" + }, + { + "key": "user", + "value": "{{clickhouse_user}}" + }, + { + "key": "password", + "value": "{{clickhouse_password}}" + }, + { + "key": "query", + "value": "SELECT SUM(bytes_on_disk) FROM system.parts WHERE database = '{{clickhouse_database}}' AND partition =toString(toYYYYMMDD(yesterday()));" + } + ] + } + }, + "response": [] + }, + { + "name": "存储配额-used_size(Druid)", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "tests[\"Successful POST request\"] = responseCode.code === 200 || responseCode.code === 201;" + ], + "type": "text/javascript" + } + } + ], + "request": { + "method": "POST", + "header": [], + "body": { + "mode": "raw", + "raw": "{\r\n \"query\": \"SELECT SUM(curr_size) AS curr_size FROM sys.servers WHERE server_type = 'historical'\",\r\n \"context\": {\r\n \"skipEmptyBuckets\": \"false\"\r\n },\r\n \"resultFormat\": \"object\"\r\n}", + "options": { + "raw": { + "language": "json" + } + } + }, + "url": { + "raw": "http://{{druid_ip}}:{{druid_port}}/druid/v2/sql", + "protocol": "http", + "host": [ + "{{druid_ip}}" + ], + "port": "{{druid_port}}", + "path": [ + "druid", + "v2", + "sql" + ] + } + }, + "response": [] + }, + { + "name": "存储配额-max_size(Druid)", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "tests[\"Successful POST request\"] = responseCode.code === 200 || responseCode.code === 201;" + ], + "type": "text/javascript" + } + } + ], + "request": { + "method": "POST", + "header": [], + "body": { + "mode": "raw", + "raw": "{\r\n \"query\": \"SELECT SUM(max_size) AS max_size FROM sys.servers WHERE server_type = 'historical'\",\r\n \"context\": {\r\n \"skipEmptyBuckets\": \"false\"\r\n },\r\n \"resultFormat\": \"object\"\r\n}", + "options": { + "raw": { + "language": "json" + } + } + }, + "url": { + "raw": "http://{{druid_ip}}:{{druid_port}}/druid/v2/sql", + "protocol": "http", + "host": [ + "{{druid_ip}}" + ], + "port": "{{druid_port}}", + "path": [ + "druid", + "v2", + "sql" + ] + } + }, + "response": [] + }, + { + "name": "存储配额-diff_size=used_size-当前结果(Druid)", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "tests[\"Successful POST request\"] = responseCode.code === 200 || responseCode.code === 201;" + ], + "type": "text/javascript" + } + } + ], + "request": { + "method": "POST", + "header": [], + "body": { + "mode": "raw", + "raw": "{\"query\":\"SELECT used_size FROM sys_storage_log WHERE log_type = 'Report and Metrics' ORDER BY __time DESC LIMIT 1\",\"context\":{\"skipEmptyBuckets\":\"false\"},\"resultFormat\":\"object\"}", + "options": { + "raw": { + "language": "json" + } + } + }, + "url": { + "raw": "http://{{druid_ip}}:{{druid_port}}/druid/v2/sql", + "protocol": "http", + "host": [ + "{{druid_ip}}" + ], + "port": "{{druid_port}}", + "path": [ + "druid", + "v2", + "sql" + ] + } + }, + "response": [] + }, + { + "name": "查询druid是否有最新数据", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "tests[\"Successful POST request\"] = responseCode.code === 200 || responseCode.code === 201;" + ], + "type": "text/javascript" + } + } + ], + "request": { + "method": "POST", + "header": [], + "body": { + "mode": "raw", + "raw": "{\"query\":\"SELECT version FROM sys.segments WHERE version LIKE '2%' ORDER BY version DESC LIMIT 1\"}", + "options": { + "raw": { + "language": "json" + } + } + }, + "url": { + "raw": "http://{{druid_ip}}:{{druid_port}}/druid/v2/sql", + "protocol": "http", + "host": [ + "{{druid_ip}}" + ], + "port": "{{druid_port}}", + "path": [ + "druid", + "v2", + "sql" + ] + } + }, + "response": [] + }, + { + "name": "查询druid的最早时间", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "tests[\"Successful POST request\"] = responseCode.code === 200 || responseCode.code === 201;" + ], + "type": "text/javascript" + } + } + ], + "request": { + "method": "POST", + "header": [], + "body": { + "mode": "raw", + "raw": "{\r\n \"query\": \"SELECT \\\"start\\\" FROM sys.segments order by \\\"start\\\" limit 1\"\r\n}", + "options": { + "raw": { + "language": "json" + } + } + }, + "url": { + "raw": "http://{{druid_ip}}:{{druid_port}}/druid/v2/sql", + "protocol": "http", + "host": [ + "{{druid_ip}}" + ], + "port": "{{druid_port}}", + "path": [ + "druid", + "v2", + "sql" + ] + } + }, + "response": [] + }, + { + "name": "查询druid ttl,清库的表", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "tests[\"Successful POST request\"] = responseCode.code === 200 || responseCode.code === 201;" + ], + "type": "text/javascript" + } + } + ], + "request": { + "method": "POST", + "header": [], + "body": { + "mode": "raw", + "raw": "{\r\n \"query\": \"SELECT DISTINCT(datasource) FROM sys.tasks WHERE datasource NOT LIKE '%hot%'\",\r\n \"context\": {\r\n \"skipEmptyBuckets\": \"false\"\r\n },\r\n \"resultFormat\": \"object\"\r\n}", + "options": { + "raw": { + "language": "json" + } + } + }, + "url": { + "raw": "http://{{druid_ip}}:{{druid_port}}/druid/v2/sql", + "protocol": "http", + "host": [ + "{{druid_ip}}" + ], + "port": "{{druid_port}}", + "path": [ + "druid", + "v2", + "sql" + ] + } + }, + "response": [] + }, + { + "name": "查询druid hot表", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "tests[\"Successful POST request\"] = responseCode.code === 200 || responseCode.code === 201;" + ], + "type": "text/javascript" + } + } + ], + "request": { + "method": "POST", + "header": [], + "body": { + "mode": "raw", + "raw": "{\r\n \"query\": \"SELECT DISTINCT(datasource) FROM sys.tasks WHERE datasource LIKE '%hot%'\",\r\n \"context\": {\r\n \"skipEmptyBuckets\": \"false\"\r\n },\r\n \"resultFormat\": \"object\"\r\n}", + "options": { + "raw": { + "language": "json" + } + } + }, + "url": { + "raw": "http://{{druid_ip}}:{{druid_port}}/druid/v2/sql", + "protocol": "http", + "host": [ + "{{druid_ip}}" + ], + "port": "{{druid_port}}", + "path": [ + "druid", + "v2", + "sql" + ] + } + }, + "response": [] + }, + { + "name": "查询clickhouse ttl,清库的表", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "tests[\"Successful POST request\"] = responseCode.code === 200 || responseCode.code === 201;" + ], + "type": "text/javascript" + } + } + ], + "request": { + "method": "POST", + "header": [], + "url": { + "raw": "http://{{clickhouse_ip}}:{{clickhouse_port}}?database={{clickhouse_database}}&user={{clickhouse_user}}&password={{clickhouse_password}}&query=SELECT DISTINCT(name) FROM system.tables WHERE database = 'tsg_galaxy_v3' AND engine in ('MergeTree','ReplicatedMergeTree') FORMAT JSON;", + "protocol": "http", + "host": [ + "{{clickhouse_ip}}" + ], + "port": "{{clickhouse_port}}", + "query": [ + { + "key": "database", + "value": "{{clickhouse_database}}" + }, + { + "key": "user", + "value": "{{clickhouse_user}}" + }, + { + "key": "password", + "value": "{{clickhouse_password}}" + }, + { + "key": "query", + "value": "SELECT DISTINCT(name) FROM system.tables WHERE database = 'tsg_galaxy_v3' AND engine in ('MergeTree','ReplicatedMergeTree') FORMAT JSON;" + } + ] + }, + "description": "根据不同的ip查询所有clickhouse的表" + }, + "response": [] + } + ] + }, + { + "name": "某域名下钻", + "item": [ + { + "name": "Domain Entity", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "pm.test(\"Status code is 200\", function () {", + " pm.response.to.have.status(200);", + "});" + ], + "type": "text/javascript" + } + } + ], + "protocolProfileBehavior": { + "disableBodyPruning": true + }, + "request": { + "method": "GET", + "header": [], + "body": { + "mode": "formdata", + "formdata": [] + }, + "url": { + "raw": "http://{{qgw_ip}}:{{qgw_port}}/?query=select FROM_UNIXTIME(min(common_recv_time)) as \"First Seen\" , groupUniqArray(common_l7_protocol) as protocols,FROM_UNIXTIME(max(common_recv_time)) as \"Last Seen\" , median(http_response_latency_ms) as \"Server Processing Time Median(ms)\", count(1) as Responses,round(sum(common_c2s_byte_num+common_s2c_byte_num)/1024/1024/1024,2) as bytes, any(common_server_location) as Location from session_record where http_domain='{{domain}}' and common_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time = UNIX_TIMESTAMP('{{start_time}}') and common_recv_time = UNIX_TIMESTAMP('{{start_time}}') and common_recv_time = UNIX_TIMESTAMP('{{start_time}}') and common_recv_time = UNIX_TIMESTAMP('{{start_time}}') and common_recv_time = UNIX_TIMESTAMP('{{start_time}}') and common_recv_time = UNIX_TIMESTAMP('{{start_time}}') and common_recv_time = UNIX_TIMESTAMP('{{start_time}}') and common_recv_time = UNIX_TIMESTAMP('{{start_time}}') and common_recv_time = UNIX_TIMESTAMP('{{start_time}}') and common_recv_time = UNIX_TIMESTAMP('{{start_time}}') and common_recv_time = UNIX_TIMESTAMP('{{start_time}}') and common_recv_time = UNIX_TIMESTAMP('{{start_time}}') and common_recv_time = UNIX_TIMESTAMP('{{start_time}}') and common_recv_time = UNIX_TIMESTAMP('{{start_time}}') and common_recv_time = UNIX_TIMESTAMP('{{start_time}}') and common_recv_time = UNIX_TIMESTAMP('{{start_time}}') and common_recv_time = UNIX_TIMESTAMP('{{start_time}}') and common_recv_time = UNIX_TIMESTAMP('{{start_time}}') and common_recv_time = UNIX_TIMESTAMP('{{start_time}}') and common_recv_time = UNIX_TIMESTAMP('{{start_time}}') and common_recv_time = UNIX_TIMESTAMP('{{start_time}}') and common_recv_time = UNIX_TIMESTAMP('{{start_time}}') and common_recv_time = UNIX_TIMESTAMP('{{start_time}}') and common_recv_time = UNIX_TIMESTAMP('{{start_time}}') and common_recv_time = UNIX_TIMESTAMP('{{start_time}}') and common_recv_time = UNIX_TIMESTAMP('{{start_time}}') and common_recv_time = UNIX_TIMESTAMP('{{start_time}}') and common_recv_time = UNIX_TIMESTAMP('{{start_time}}') and common_recv_time = UNIX_TIMESTAMP('{{start_time}}') and common_recv_time = UNIX_TIMESTAMP('{{start_time}}') and common_recv_time = UNIX_TIMESTAMP('{{start_time}}') and common_recv_time = UNIX_TIMESTAMP('{{start_time}}') and common_recv_time 0\ngroup by\n\tdns_qname\norder by\n\terros desc\nlimit 50\n", + "protocol": "http", + "host": [ + "{{qgw_ip}}" + ], + "port": "{{qgw_port}}", + "path": [ + "" + ], + "query": [ + { + "key": "option", + "value": "long-term", + "disabled": true + }, + { + "key": "resultId", + "value": "129494", + "disabled": true + }, + { + "key": "query", + "value": "select\n\tdns_qname,\n\tcount(1) as erros,\n\tsum(common_c2s_byte_diff+common_s2c_byte_diff) as total_bytes,\n\tsum(common_c2s_pkt_diff+common_s2c_pkt_diff) as total_packets,\n\tsum(common_c2s_byte_diff) as total_request_bytes,\n\tsum(common_s2c_byte_diff) as total_response_bytes,\n\tsum(common_c2s_pkt_diff) as total_request_packets,\n\tsum(common_s2c_pkt_diff) as total_response_packets\nfrom\n\ttransaction_record\nwhere\n\tcommon_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time 0\ngroup by\n\tdns_qname\norder by\n\terros desc\nlimit 50\n" + } + ] + } + }, + "response": [] + }, + { + "name": "DNS server ip", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "pm.test(\"Status code is 200\", function () {", + " pm.response.to.have.status(200);", + "});" + ], + "type": "text/javascript" + } + } + ], + "protocolProfileBehavior": { + "disableBodyPruning": true + }, + "request": { + "method": "GET", + "header": [], + "body": { + "mode": "formdata", + "formdata": [] + }, + "url": { + "raw": "http://{{qgw_ip}}:{{qgw_port}}/?query=select\n\tcommon_server_ip,\n\tany(common_server_location) as location,\n\tcount(1) as requests,\n\tsum(common_c2s_byte_diff+common_s2c_byte_diff) as total_bytes,\n\tsum(common_c2s_pkt_diff+common_s2c_pkt_diff) as total_packets,\n\tsum(common_c2s_byte_diff) as total_request_bytes,\n\tsum(common_s2c_byte_diff) as total_response_bytes,\n\tsum(common_c2s_pkt_diff) as total_request_packets,\n\tsum(common_s2c_pkt_diff) as total_response_packets\nfrom\n\ttransaction_record\nwhere\n\tcommon_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time = UNIX_TIMESTAMP('{{start_time}}') and common_recv_time = UNIX_TIMESTAMP('{{start_time}}') and common_recv_time 0\ngroup by\n\tcommon_server_ip\norder by\n\terros desc\nlimit 50\n", + "protocol": "http", + "host": [ + "{{qgw_ip}}" + ], + "port": "{{qgw_port}}", + "path": [ + "" + ], + "query": [ + { + "key": "option", + "value": "long-term", + "disabled": true + }, + { + "key": "resultId", + "value": "129494", + "disabled": true + }, + { + "key": "query", + "value": "select\n\tcommon_server_ip,\n\tany(common_server_location) as location,\n\tcount(1) as erros,\n\tsum(common_c2s_byte_diff+common_s2c_byte_diff) as total_bytes,\n\tsum(common_c2s_pkt_diff+common_s2c_pkt_diff) as total_packets,\n\tsum(common_c2s_byte_diff) as total_request_bytes,\n\tsum(common_s2c_byte_diff) as total_response_bytes,\n\tsum(common_c2s_pkt_diff) as total_request_packets,\n\tsum(common_s2c_pkt_diff) as total_response_packets\nfrom\n\ttransaction_record\nwhere\n\tcommon_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time 0\ngroup by\n\tcommon_server_ip\norder by\n\terros desc\nlimit 50\n" + } + ] + } + }, + "response": [] + }, + { + "name": "DNS IP Conversations With Highest Errors", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "pm.test(\"Status code is 200\", function () {", + " pm.response.to.have.status(200);", + "});" + ], + "type": "text/javascript" + } + } + ], + "protocolProfileBehavior": { + "disableBodyPruning": true + }, + "request": { + "method": "GET", + "header": [], + "body": { + "mode": "formdata", + "formdata": [] + }, + "url": { + "raw": "http://{{qgw_ip}}:{{qgw_port}}/?query=select\n\tcommon_client_ip,\n\tcommon_server_ip,\n\tcount(1) as erros,\n\tsum(common_c2s_byte_diff+common_s2c_byte_diff) as total_bytes,\n\tsum(common_c2s_pkt_diff+common_s2c_pkt_diff) as total_packets,\n\tsum(common_c2s_byte_diff) as total_request_bytes,\n\tsum(common_s2c_byte_diff) as total_response_bytes,\n\tsum(common_c2s_pkt_diff) as total_request_packets,\n\tsum(common_s2c_pkt_diff) as total_response_packets\nfrom\n\ttransaction_record\nwhere\n\tcommon_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time 0\ngroup by\n\tcommon_client_ip,\n\tcommon_server_ip\norder by\n\terros desc\nlimit 50\n", + "protocol": "http", + "host": [ + "{{qgw_ip}}" + ], + "port": "{{qgw_port}}", + "path": [ + "" + ], + "query": [ + { + "key": "option", + "value": "long-term", + "disabled": true + }, + { + "key": "resultId", + "value": "129494", + "disabled": true + }, + { + "key": "query", + "value": "select\n\tcommon_client_ip,\n\tcommon_server_ip,\n\tcount(1) as erros,\n\tsum(common_c2s_byte_diff+common_s2c_byte_diff) as total_bytes,\n\tsum(common_c2s_pkt_diff+common_s2c_pkt_diff) as total_packets,\n\tsum(common_c2s_byte_diff) as total_request_bytes,\n\tsum(common_s2c_byte_diff) as total_response_bytes,\n\tsum(common_c2s_pkt_diff) as total_request_packets,\n\tsum(common_s2c_pkt_diff) as total_response_packets\nfrom\n\ttransaction_record\nwhere\n\tcommon_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time 0\ngroup by\n\tcommon_client_ip,\n\tcommon_server_ip\norder by\n\terros desc\nlimit 50\n" + } + ] + } + }, + "response": [] + }, + { + "name": "DNS Requests With Highes Erros", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "pm.test(\"Status code is 200\", function () {", + " pm.response.to.have.status(200);", + "});" + ], + "type": "text/javascript" + } + } + ], + "protocolProfileBehavior": { + "disableBodyPruning": true + }, + "request": { + "method": "GET", + "header": [], + "body": { + "mode": "formdata", + "formdata": [] + }, + "url": { + "raw": "http://{{qgw_ip}}:{{qgw_port}}/?query=select common_client_ip, \n\t\tcommon_server_ip,(CASE\n\t\tWHEN dns_rcode = 0 THEN 'No error'\n\t\tWHEN dns_rcode = 1 THEN 'Format error'\n\t\tWHEN dns_rcode = 2 THEN 'Server failure'\n\t\tWHEN dns_rcode = 3 THEN 'Name Error'\n\t\tWHEN dns_rcode = 4 THEN 'Not Implemented'\n\t\tWHEN dns_rcode = 5 THEN 'Refused'\n\t\tWHEN dns_rcode = 6 THEN 'YXDomain'\n\t\tWHEN dns_rcode = 7 THEN 'YXRRSet'\n\t\tWHEN dns_rcode = 8 THEN 'NXRRSet'\n\t\tWHEN dns_rcode = 9 THEN 'NotAuth'\n\t\tWHEN dns_rcode = 10 THEN 'NotZone'\n\t\tELSE 'Other' END) as \"Response Code\",\n\t\tdns_qname,\n\t\tcount(1) as erros,\n\t\tsum(common_c2s_byte_diff+common_s2c_byte_diff) as total_bytes,\n\tsum(common_c2s_pkt_diff+common_s2c_pkt_diff) as total_packets,\n\tsum(common_c2s_byte_diff) as total_request_bytes,\n\tsum(common_s2c_byte_diff) as total_response_bytes,\n\tsum(common_c2s_pkt_diff) as total_request_packets,\n\tsum(common_s2c_pkt_diff) as total_response_packets \nfrom transaction_record \nwhere common_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time 0 \ngroup by common_client_ip,common_server_ip,dns_rcode,dns_qname order by erros desc limit 50", + "protocol": "http", + "host": [ + "{{qgw_ip}}" + ], + "port": "{{qgw_port}}", + "path": [ + "" + ], + "query": [ + { + "key": "option", + "value": "long-term", + "disabled": true + }, + { + "key": "resultId", + "value": "129494", + "disabled": true + }, + { + "key": "query", + "value": "select common_client_ip, \n\t\tcommon_server_ip,(CASE\n\t\tWHEN dns_rcode = 0 THEN 'No error'\n\t\tWHEN dns_rcode = 1 THEN 'Format error'\n\t\tWHEN dns_rcode = 2 THEN 'Server failure'\n\t\tWHEN dns_rcode = 3 THEN 'Name Error'\n\t\tWHEN dns_rcode = 4 THEN 'Not Implemented'\n\t\tWHEN dns_rcode = 5 THEN 'Refused'\n\t\tWHEN dns_rcode = 6 THEN 'YXDomain'\n\t\tWHEN dns_rcode = 7 THEN 'YXRRSet'\n\t\tWHEN dns_rcode = 8 THEN 'NXRRSet'\n\t\tWHEN dns_rcode = 9 THEN 'NotAuth'\n\t\tWHEN dns_rcode = 10 THEN 'NotZone'\n\t\tELSE 'Other' END) as \"Response Code\",\n\t\tdns_qname,\n\t\tcount(1) as erros,\n\t\tsum(common_c2s_byte_diff+common_s2c_byte_diff) as total_bytes,\n\tsum(common_c2s_pkt_diff+common_s2c_pkt_diff) as total_packets,\n\tsum(common_c2s_byte_diff) as total_request_bytes,\n\tsum(common_s2c_byte_diff) as total_response_bytes,\n\tsum(common_c2s_pkt_diff) as total_request_packets,\n\tsum(common_s2c_pkt_diff) as total_response_packets \nfrom transaction_record \nwhere common_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time 0 \ngroup by common_client_ip,common_server_ip,dns_rcode,dns_qname order by erros desc limit 50" + } + ] + } + }, + "response": [] + } + ] + }, + { + "name": "DNS 放大攻击", + "item": [ + { + "name": "DNS Resolvers", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "pm.test(\"Status code is 200\", function () {", + " pm.response.to.have.status(200);", + "});" + ], + "type": "text/javascript" + } + } + ], + "protocolProfileBehavior": { + "disableBodyPruning": true + }, + "request": { + "method": "GET", + "header": [], + "body": { + "mode": "formdata", + "formdata": [] + }, + "url": { + "raw": "http://{{qgw_ip}}:{{qgw_port}}/?query=SELECT\n\tcount(*) as requests,\n\tuniq(common_client_ip) as client_ips,\n\tsum(common_c2s_byte_diff) as request_bytes,\n\tsum(common_s2c_byte_diff) as response_bytes,\n\tsum(common_c2s_pkt_diff) request_packets,\n\tsum(common_s2c_pkt_diff) as response_packets,\n\tround((response_bytes / if(request_bytes >0,request_bytes,1)),2) as byte_ratio,\n\tcommon_server_ip\nfrom\n\ttransaction_record rc\nwhere\n common_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time 1500\n\tand common_c2s_byte_diff>0\n\tand round((common_s2c_byte_diff / if(common_c2s_byte_diff >0,common_c2s_byte_diff,1)),2) >20\n\tand common_c2s_pkt_diff = 1\n\tand common_s2c_pkt_diff =1\ngroup by\n\tcommon_server_ip\norder by\n\trequests desc", + "protocol": "http", + "host": [ + "{{qgw_ip}}" + ], + "port": "{{qgw_port}}", + "path": [ + "" + ], + "query": [ + { + "key": "option", + "value": "long-term", + "disabled": true + }, + { + "key": "resultId", + "value": "129494", + "disabled": true + }, + { + "key": "query", + "value": "SELECT\n\tcount(*) as requests,\n\tuniq(common_client_ip) as client_ips,\n\tsum(common_c2s_byte_diff) as request_bytes,\n\tsum(common_s2c_byte_diff) as response_bytes,\n\tsum(common_c2s_pkt_diff) request_packets,\n\tsum(common_s2c_pkt_diff) as response_packets,\n\tround((response_bytes / if(request_bytes >0,request_bytes,1)),2) as byte_ratio,\n\tcommon_server_ip\nfrom\n\ttransaction_record rc\nwhere\n common_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time 1500\n\tand common_c2s_byte_diff>0\n\tand round((common_s2c_byte_diff / if(common_c2s_byte_diff >0,common_c2s_byte_diff,1)),2) >20\n\tand common_c2s_pkt_diff = 1\n\tand common_s2c_pkt_diff =1\ngroup by\n\tcommon_server_ip\norder by\n\trequests desc" + } + ] + } + }, + "response": [] + }, + { + "name": "DNS Resolver Amlif Times", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "pm.test(\"Status code is 200\", function () {", + " pm.response.to.have.status(200);", + "});" + ], + "type": "text/javascript" + } + } + ], + "protocolProfileBehavior": { + "disableBodyPruning": true + }, + "request": { + "method": "GET", + "header": [], + "body": { + "mode": "formdata", + "formdata": [] + }, + "url": { + "raw": "http://{{qgw_ip}}:{{qgw_port}}/?=&query=\nselect\n\tcount(*) as sessions,\n\tsum(if(common_s2c_byte_diff / common_c2s_byte_diff <= 1, 1, 0)) as \"1 times\",\n\tsum(if(common_s2c_byte_diff / common_c2s_byte_diff > 1 and common_s2c_byte_diff / common_c2s_byte_diff <= 5, 1, 0)) as \"1-5 times\",\n\tsum(if(common_s2c_byte_diff / common_c2s_byte_diff > 5 and common_s2c_byte_diff / common_c2s_byte_diff <= 10, 1, 0)) as \"5-10 times\",\n\tsum(if(common_s2c_byte_diff / common_c2s_byte_diff > 10 and common_s2c_byte_diff / common_c2s_byte_diff <= 20, 1, 0)) as \"10-20 times\",\n\tsum(if(common_s2c_byte_diff / common_c2s_byte_diff > 20 and common_s2c_byte_diff / common_c2s_byte_diff <= 50, 1, 0)) as \"20-50 times\",\n\tsum(if(common_s2c_byte_diff / common_c2s_byte_diff > 50 and common_s2c_byte_diff / common_c2s_byte_diff <= 100, 1, 0)) as \"50-100 times\",\n\tsum(if(common_s2c_byte_diff / common_c2s_byte_diff > 100, 1, 0)) as \"100 times\"\nfrom\n\t\ttransaction_record as rc\nwhere\n common_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time 0\n\tand common_s2c_byte_diff>0\n\tand common_c2s_pkt_diff =1\n\tand common_s2c_pkt_diff =1\n\tand common_server_port = 53\n\tand common_schema_type = 'DNS'\n\tand common_server_ip = '60.13.251.208'\n", + "protocol": "http", + "host": [ + "{{qgw_ip}}" + ], + "port": "{{qgw_port}}", + "path": [ + "" + ], + "query": [ + { + "key": "option", + "value": "long-term", + "disabled": true + }, + { + "key": "resultId", + "value": "129494", + "disabled": true + }, + { + "key": "", + "value": "" + }, + { + "key": "query", + "value": "\nselect\n\tcount(*) as sessions,\n\tsum(if(common_s2c_byte_diff / common_c2s_byte_diff <= 1, 1, 0)) as \"1 times\",\n\tsum(if(common_s2c_byte_diff / common_c2s_byte_diff > 1 and common_s2c_byte_diff / common_c2s_byte_diff <= 5, 1, 0)) as \"1-5 times\",\n\tsum(if(common_s2c_byte_diff / common_c2s_byte_diff > 5 and common_s2c_byte_diff / common_c2s_byte_diff <= 10, 1, 0)) as \"5-10 times\",\n\tsum(if(common_s2c_byte_diff / common_c2s_byte_diff > 10 and common_s2c_byte_diff / common_c2s_byte_diff <= 20, 1, 0)) as \"10-20 times\",\n\tsum(if(common_s2c_byte_diff / common_c2s_byte_diff > 20 and common_s2c_byte_diff / common_c2s_byte_diff <= 50, 1, 0)) as \"20-50 times\",\n\tsum(if(common_s2c_byte_diff / common_c2s_byte_diff > 50 and common_s2c_byte_diff / common_c2s_byte_diff <= 100, 1, 0)) as \"50-100 times\",\n\tsum(if(common_s2c_byte_diff / common_c2s_byte_diff > 100, 1, 0)) as \"100 times\"\nfrom\n\t\ttransaction_record as rc\nwhere\n common_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time 0\n\tand common_s2c_byte_diff>0\n\tand common_c2s_pkt_diff =1\n\tand common_s2c_pkt_diff =1\n\tand common_server_port = 53\n\tand common_schema_type = 'DNS'\n\tand common_server_ip = '60.13.251.208'\n" + } + ] + } + }, + "response": [] + }, + { + "name": "DNS Resolver Metrics trend", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "pm.test(\"Status code is 200\", function () {", + " pm.response.to.have.status(200);", + "});" + ], + "type": "text/javascript" + } + } + ], + "protocolProfileBehavior": { + "disableBodyPruning": true + }, + "request": { + "method": "GET", + "header": [], + "body": { + "mode": "formdata", + "formdata": [] + }, + "url": { + "raw": "http://{{qgw_ip}}:{{qgw_port}}/?=&query=\nselect \n\ttoDateTime(intDiv(toUInt32(toDateTime(toDateTime(common_recv_time))), 1800)* 1800) as stat_time,\n\tuniq(dns_qname) as uniq_qnames,\n\tuniq(common_client_ip) as uniq_client_ips,\n\tround(sum(common_c2s_byte_diff+common_s2c_byte_diff)*8/1800/1000/1000,2) as \"Mbps\",\n\tround(sum(common_c2s_byte_diff)*8/1800/1000/1000,2) as \"Request Mbps\",\n\tround(sum(common_s2c_byte_diff)*8/1800/1000/1000,2) as \"Response Mbps\",\n\tround(sum(common_c2s_pkt_diff+common_s2c_pkt_diff)/1800/1000,2) as \"Kpps\",\n\tround(sum(common_c2s_pkt_diff)/1800/1000,2) as \"Request Kpps\",\n\tround(sum(common_s2c_pkt_diff)/1800/1000,2) as \"Response Kpps\",\n\tround(count(*)/1800,2) as \"sessions/s\"\nfrom\n\ttransaction_record as ss\nwhere\n\tcommon_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time 0\n\tand common_s2c_byte_diff>0\n\tand common_c2s_pkt_diff =1\n\tand common_s2c_pkt_diff =1\n\tand common_server_port = 53\n\tand common_schema_type = 'DNS'\n\tand common_server_ip = '60.13.217.234'\ngroup by stat_time \norder by stat_time asc\n", + "protocol": "http", + "host": [ + "{{qgw_ip}}" + ], + "port": "{{qgw_port}}", + "path": [ + "" + ], + "query": [ + { + "key": "option", + "value": "long-term", + "disabled": true + }, + { + "key": "resultId", + "value": "129494", + "disabled": true + }, + { + "key": "", + "value": "" + }, + { + "key": "query", + "value": "\nselect \n\ttoDateTime(intDiv(toUInt32(toDateTime(toDateTime(common_recv_time))), 1800)* 1800) as stat_time,\n\tuniq(dns_qname) as uniq_qnames,\n\tuniq(common_client_ip) as uniq_client_ips,\n\tround(sum(common_c2s_byte_diff+common_s2c_byte_diff)*8/1800/1000/1000,2) as \"Mbps\",\n\tround(sum(common_c2s_byte_diff)*8/1800/1000/1000,2) as \"Request Mbps\",\n\tround(sum(common_s2c_byte_diff)*8/1800/1000/1000,2) as \"Response Mbps\",\n\tround(sum(common_c2s_pkt_diff+common_s2c_pkt_diff)/1800/1000,2) as \"Kpps\",\n\tround(sum(common_c2s_pkt_diff)/1800/1000,2) as \"Request Kpps\",\n\tround(sum(common_s2c_pkt_diff)/1800/1000,2) as \"Response Kpps\",\n\tround(count(*)/1800,2) as \"sessions/s\"\nfrom\n\ttransaction_record as ss\nwhere\n\tcommon_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time 0\n\tand common_s2c_byte_diff>0\n\tand common_c2s_pkt_diff =1\n\tand common_s2c_pkt_diff =1\n\tand common_server_port = 53\n\tand common_schema_type = 'DNS'\n\tand common_server_ip = '60.13.217.234'\ngroup by stat_time \norder by stat_time asc\n" + } + ] + } + }, + "response": [] + }, + { + "name": "DNS Resolver rcode", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "pm.test(\"Status code is 200\", function () {", + " pm.response.to.have.status(200);", + "});" + ], + "type": "text/javascript" + } + } + ], + "protocolProfileBehavior": { + "disableBodyPruning": true + }, + "request": { + "method": "GET", + "header": [], + "body": { + "mode": "formdata", + "formdata": [] + }, + "url": { + "raw": "http://{{qgw_ip}}:{{qgw_port}}/?=&query=select\n\t(CASE\n\t\tWHEN dns_rcode = 0 THEN 'No error'\n\t\tWHEN dns_rcode = 1 THEN 'Format error'\n\t\tWHEN dns_rcode = 2 THEN 'Server failure'\n\t\tWHEN dns_rcode = 3 THEN 'Name Error'\n\t\tWHEN dns_rcode = 4 THEN 'Not Implemented'\n\t\tWHEN dns_rcode = 5 THEN 'Refused'\n\t\tWHEN dns_rcode = 6 THEN 'YXDomain'\n\t\tWHEN dns_rcode = 7 THEN 'YXRRSet'\n\t\tWHEN dns_rcode = 8 THEN 'NXRRSet'\n\t\tWHEN dns_rcode = 9 THEN 'NotAuth'\n\t\tWHEN dns_rcode = 10 THEN 'NotZone'\n\t\tELSE 'Other' END) as \"Response Code\",\n\tdns_rcode,\n\tcount(1) as requests,\n\tsum(common_c2s_byte_diff) as total_request_bytes,\n\tsum(common_s2c_byte_diff) as total_response_bytes,\n\tsum(common_c2s_pkt_diff) as total_request_packets,\n\tsum(common_s2c_pkt_diff) as total_response_packets,\n\tmax(common_c2s_byte_diff) as max_request_bytes,\n\tmax(common_s2c_byte_diff) as max_response_bytes,\n\tavg(common_c2s_byte_diff) as avg_request_bytes,\n\tavg(common_s2c_byte_diff) as avg_response_bytes,\n\tmedian(common_c2s_byte_diff) as median_request_bytes,\n\tmedian(common_s2c_byte_diff) as median_response_bytes\nfrom\n\ttransaction_record\nwhere\n\tcommon_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time = UNIX_TIMESTAMP('{{start_time}}') and common_recv_time = UNIX_TIMESTAMP('{{start_time}}') and common_recv_time = UNIX_TIMESTAMP('{{start_time}}') and common_recv_time = UNIX_TIMESTAMP('{{start_time}}') and common_recv_time = UNIX_TIMESTAMP('{{start_time}}') and common_recv_time 0,request_bytes,1)),2) as byte_ratio,\n\tcommon_client_ip\nfrom\n\ttransaction_record\nwhere \n\tcommon_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time 1500\n\tand common_c2s_byte_diff>0\n\tand round((common_s2c_byte_diff / if(common_c2s_byte_diff >0,common_c2s_byte_diff,1)),2) >20\n\tand common_c2s_pkt_diff = 1\n\tand common_s2c_pkt_diff =1 \ngroup by\n\tcommon_client_ip\norder by\n\tbyte_ratio desc\nlimit 10", + "protocol": "http", + "host": [ + "{{qgw_ip}}" + ], + "port": "{{qgw_port}}", + "path": [ + "" + ], + "query": [ + { + "key": "option", + "value": "long-term", + "disabled": true + }, + { + "key": "resultId", + "value": "129494", + "disabled": true + }, + { + "key": "query", + "value": "SELECT\n\tcount(*) as requests,\n\tuniq(common_client_ip) as client_ips,\n\tsum(common_c2s_byte_diff) as request_bytes,\n\tsum(common_s2c_byte_diff) as response_bytes,\n\tsum(common_c2s_pkt_diff) request_packets,\n\tsum(common_s2c_pkt_diff) as response_packets,\n\tround((response_bytes / if(request_bytes >0,request_bytes,1)),2) as byte_ratio,\n\tcommon_client_ip\nfrom\n\ttransaction_record\nwhere \n\tcommon_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time 1500\n\tand common_c2s_byte_diff>0\n\tand round((common_s2c_byte_diff / if(common_c2s_byte_diff >0,common_c2s_byte_diff,1)),2) >20\n\tand common_c2s_pkt_diff = 1\n\tand common_s2c_pkt_diff =1 \ngroup by\n\tcommon_client_ip\norder by\n\tbyte_ratio desc\nlimit 10" + } + ] + } + }, + "response": [] + }, + { + "name": "DNS Resolvers by Victim IP", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "pm.test(\"Status code is 200\", function () {", + " pm.response.to.have.status(200);", + "});" + ], + "type": "text/javascript" + } + } + ], + "protocolProfileBehavior": { + "disableBodyPruning": true + }, + "request": { + "method": "GET", + "header": [], + "body": { + "mode": "formdata", + "formdata": [] + }, + "url": { + "raw": "http://{{qgw_ip}}:{{qgw_port}}/?=&query=SELECT\n\tcount(1) as requests,\n\tsum(common_c2s_byte_diff) as total_request_bytes,\n\tsum(common_s2c_byte_diff) as total_response_bytes,\n\tsum(common_c2s_pkt_diff) as total_request_packets,\n\tsum(common_s2c_pkt_diff) as total_response_packets,\n\tmax(common_c2s_byte_diff) as max_request_bytes,\n\tmax(common_s2c_byte_diff) as max_response_bytes,\n\tavg(common_c2s_byte_diff) as avg_request_bytes,\n\tavg(common_s2c_byte_diff) as avg_response_bytes,\n\tmedian(common_c2s_byte_diff) as median_request_bytes,\n\tmedian(common_s2c_byte_diff) as median_response_bytes,\n\tcommon_server_ip,\n\tgroupUniqArray(common_server_port) as ports,\n\tany(common_server_location) as server_location\nfrom\n\ttransaction_record\nwhere\n\tcommon_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time = UNIX_TIMESTAMP('{{start_time}}') and common_recv_time 1 and byte_ratio <= 5, 1, 0)) as \"1-5 times\",\n\tsum(if(byte_ratio > 5 and byte_ratio <= 10, 1, 0)) as \"5-10 times\",\n\tsum(if(byte_ratio > 10 and byte_ratio <= 20, 1, 0)) as \"10-20 times\",\n\tsum(if(byte_ratio > 20 and byte_ratio <= 50, 1, 0)) as \"20-50 times\",\n\tsum(if(byte_ratio > 50 and byte_ratio <= 100, 1, 0)) as \"50-100 times\",\n\tsum(if(byte_ratio > 100, 1, 0)) as \"100 times\"\nfrom\n\t(\n\tSELECT\n\t\tcommon_server_ip,\n\t\tmedian(common_s2c_byte_diff / common_c2s_byte_diff) as byte_ratio,\n\t\tcount(*) as sessions\n\tfrom\n\t\ttransaction_record\n\twhere\n\t\tcommon_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time 0\n\t\tand common_s2c_byte_diff>0\n\t\tand common_c2s_pkt_diff =1\n\t\tand common_s2c_pkt_diff =1\n\t\tand common_server_port = 53\n\t\tand common_schema_type = 'DNS'\n\tgroup by\n\t\tcommon_server_ip\n)", + "protocol": "http", + "host": [ + "{{qgw_ip}}" + ], + "port": "{{qgw_port}}", + "path": [ + "" + ], + "query": [ + { + "key": "option", + "value": "long-term", + "disabled": true + }, + { + "key": "resultId", + "value": "129494", + "disabled": true + }, + { + "key": "", + "value": "" + }, + { + "key": "query", + "value": "\nselect\n\tcount(*) as ips,\n\tsum(if(byte_ratio <= 1, 1, 0)) as \"1 times\",\n\tsum(if(byte_ratio > 1 and byte_ratio <= 5, 1, 0)) as \"1-5 times\",\n\tsum(if(byte_ratio > 5 and byte_ratio <= 10, 1, 0)) as \"5-10 times\",\n\tsum(if(byte_ratio > 10 and byte_ratio <= 20, 1, 0)) as \"10-20 times\",\n\tsum(if(byte_ratio > 20 and byte_ratio <= 50, 1, 0)) as \"20-50 times\",\n\tsum(if(byte_ratio > 50 and byte_ratio <= 100, 1, 0)) as \"50-100 times\",\n\tsum(if(byte_ratio > 100, 1, 0)) as \"100 times\"\nfrom\n\t(\n\tSELECT\n\t\tcommon_server_ip,\n\t\tmedian(common_s2c_byte_diff / common_c2s_byte_diff) as byte_ratio,\n\t\tcount(*) as sessions\n\tfrom\n\t\ttransaction_record\n\twhere\n\t\tcommon_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time 0\n\t\tand common_s2c_byte_diff>0\n\t\tand common_c2s_pkt_diff =1\n\t\tand common_s2c_pkt_diff =1\n\t\tand common_server_port = 53\n\t\tand common_schema_type = 'DNS'\n\tgroup by\n\t\tcommon_server_ip\n)" + } + ] + } + }, + "response": [] + }, + { + "name": "Ampli Attack Country Distribution", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "pm.test(\"Status code is 200\", function () {", + " pm.response.to.have.status(200);", + "});" + ], + "type": "text/javascript" + } + } + ], + "protocolProfileBehavior": { + "disableBodyPruning": true + }, + "request": { + "method": "GET", + "header": [], + "body": { + "mode": "formdata", + "formdata": [] + }, + "url": { + "raw": "http://{{qgw_ip}}:{{qgw_port}}/?=&query=SELECT\n\tarrayElement(splitByString(',',common_server_location),length(splitByString(',',common_server_location))) as server_location,\n\tcount(*) as ips\nfrom\n\t(\n\tSELECT\n\t\tcommon_server_ip,\n\t\tany(common_server_location) as common_server_location,\n\t\tmedian(common_s2c_byte_diff / common_c2s_byte_diff) as byte_ratio,\n\t\tcount(*) as sessions\n\tfrom\n\t\ttransaction_record\n\twhere\n\t\tcommon_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time 0\n\t\tand common_s2c_byte_diff>0\n\t\tand common_c2s_pkt_diff =1\n\t\tand common_s2c_pkt_diff =1\n\t\tand common_server_port = 53\n\t\tand common_schema_type = 'DNS'\n\tgroup by\n\t\tcommon_server_ip\n\thaving\n\t\tbyte_ratio > 20\n)\ngroup by\n\tserver_location\norder by\n\tips desc", + "protocol": "http", + "host": [ + "{{qgw_ip}}" + ], + "port": "{{qgw_port}}", + "path": [ + "" + ], + "query": [ + { + "key": "option", + "value": "long-term", + "disabled": true + }, + { + "key": "resultId", + "value": "129494", + "disabled": true + }, + { + "key": "", + "value": "" + }, + { + "key": "query", + "value": "SELECT\n\tarrayElement(splitByString(',',common_server_location),length(splitByString(',',common_server_location))) as server_location,\n\tcount(*) as ips\nfrom\n\t(\n\tSELECT\n\t\tcommon_server_ip,\n\t\tany(common_server_location) as common_server_location,\n\t\tmedian(common_s2c_byte_diff / common_c2s_byte_diff) as byte_ratio,\n\t\tcount(*) as sessions\n\tfrom\n\t\ttransaction_record\n\twhere\n\t\tcommon_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time 0\n\t\tand common_s2c_byte_diff>0\n\t\tand common_c2s_pkt_diff =1\n\t\tand common_s2c_pkt_diff =1\n\t\tand common_server_port = 53\n\t\tand common_schema_type = 'DNS'\n\tgroup by\n\t\tcommon_server_ip\n\thaving\n\t\tbyte_ratio > 20\n)\ngroup by\n\tserver_location\norder by\n\tips desc" + } + ] + } + }, + "response": [] + } + ] + }, + { + "name": "DNS NXDOMAIN Flood", + "item": [ + { + "name": "DNS Proxy Server", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "pm.test(\"Status code is 200\", function () {", + " pm.response.to.have.status(200);", + "});" + ], + "type": "text/javascript" + } + } + ], + "protocolProfileBehavior": { + "disableBodyPruning": true + }, + "request": { + "method": "GET", + "header": [], + "body": { + "mode": "formdata", + "formdata": [] + }, + "url": { + "raw": "http://{{qgw_ip}}:{{qgw_port}}/?query=select \n\tcount(1) as requests,\n\tsum(common_c2s_byte_diff) as total_request_bytes,\n\tsum(common_s2c_byte_diff) as total_response_bytes,\n\tsum(common_c2s_pkt_diff) as total_request_packets,\n\tsum(common_s2c_pkt_diff) as total_response_packets,\n\tmax(common_c2s_byte_diff) as max_request_bytes,\n\tmax(common_s2c_byte_diff) as max_response_bytes,\n\tavg(common_c2s_byte_diff) as avg_request_bytes,\n\tavg(common_s2c_byte_diff) as avg_response_bytes,\n\tmedian(common_c2s_byte_diff) as median_request_bytes,\n\tmedian(common_s2c_byte_diff) as median_response_bytes,\n\tcommon_server_ip\nfrom\n\ttransaction_record\nwhere\n\tcommon_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time = UNIX_TIMESTAMP('{{start_time}}') and common_recv_time = UNIX_TIMESTAMP('{{start_time}}') and common_recv_time = UNIX_TIMESTAMP('{{start_time}}') and common_recv_time = '{{start_time}}'\n\t\tand __time <'{{end_time}}'\n\t\t group by\n\t\t FROM_UNIXTIME(TIME_FLOOR_WITH_FILL(UNIX_TIMESTAMP(__time),'PT30S','zero')),\tdevice_id\n\t\t )\n\t\n\t\tgroup by\n\t\t device_id)", + "protocol": "http", + "host": [ + "{{qgw_ip}}" + ], + "port": "{{qgw_port}}", + "query": [ + { + "key": "query", + "value": "select\n\t\tsum(total_hit_sessions) as total_hit_sessions,\n\t\tsum(total_bytes_transferred) as total_bytes_transferred,\n\t\tsum(total_packets_transferred) as total_packets_transferred,\n\t\tsum(total_new_sessions) as total_new_sessions ,\n\t\tsum(total_close_sessions) as total_close_sessions,\n\t\tsum(average_new_sessions_per_second) as average_new_sessions_per_second ,\n\t\tsum(average_bytes_per_second) as average_bytes_per_second ,\n\t\tsum(average_packets_per_second) as average_packets_per_second ,\n\t\tCOUNT(DISTINCT(device_id)) as device_num,\n\t\tsum(live_sessions) as average_live_sessions\n\tfrom\n\t\t(\n\t\tselect\n\t\t\tdevice_id, \n\t\t\tsum(total_hit_sessions) as total_hit_sessions,\n\t\t\tsum(total_bytes_transferred) as total_bytes_transferred,\n\t\t\tsum(total_packets_transferred) as total_packets_transferred,\n\t\t\tsum(total_new_sessions) as total_new_sessions,\n\t\t sum(total_close_sessions) as total_close_sessions,\n\t\t avg(total_new_sessions)/ 5 as average_new_sessions_per_second,\n\t\t avg(total_bytes_transferred)* 8 / 5 as average_bytes_per_second,\n\t\t avg(total_packets_transferred)/ 5 as average_packets_per_second,\n\t\t\tavg(live_sessions) as live_sessions\n\t\tfrom (select FROM_UNIXTIME(TIME_FLOOR_WITH_FILL(UNIX_TIMESTAMP(__time),'PT30S','zero')) as stat_time, device_id, \n\t\t\tsum(intercept_conn_num + monitor_conn_num + deny_conn_num + allow_conn_num) as total_hit_sessions,\n\t\t\tsum(total_in_bytes + total_out_bytes) as total_bytes_transferred,\n\t\t\tsum(total_in_packets + total_out_packets) as total_packets_transferred,\n\t\t\tsum(new_conn_num) as total_new_sessions,\n\t\t sum(close_conn_num) as total_close_sessions,\n\t\t max(established_conn_num) as live_sessions\n from traffic_metrics_log \n where\n\t\t__time >= '{{start_time}}'\n\t\tand __time <'{{end_time}}'\n\t\t group by\n\t\t FROM_UNIXTIME(TIME_FLOOR_WITH_FILL(UNIX_TIMESTAMP(__time),'PT30S','zero')),\tdevice_id\n\t\t )\n\t\n\t\tgroup by\n\t\t device_id)" + } + ] + } + }, + "response": [] + }, + { + "name": "系统报告-Bandwidth Trend", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "pm.test(\"Status code is 200\", function () {", + " pm.response.to.have.status(200);", + "});" + ], + "type": "text/javascript" + } + } + ], + "request": { + "method": "GET", + "header": [], + "url": { + "raw": "http://{{qgw_ip}}:{{qgw_port}}?query=select * from (\n select FROM_UNIXTIME(TIME_FLOOR_WITH_FILL(UNIX_TIMESTAMP(__time),'PT30S','zero')) as stat_time,'Ingress' as type, sum(total_in_bytes) as bytes\n from traffic_metrics_log where __time >= '{{start_time}}'\n\t\tand __time <'{{end_time}}' group by FROM_UNIXTIME(TIME_FLOOR_WITH_FILL(UNIX_TIMESTAMP(__time),'PT30S','zero')), 'Ingress'\nunion all\n select FROM_UNIXTIME(TIME_FLOOR_WITH_FILL(UNIX_TIMESTAMP(__time),\n\t'PT30S',\n\t'zero')) as stat_time,'Egress' as type,sum(total_out_bytes) as bytes\n from traffic_metrics_log where __time >= '{{start_time}}'\n\t\tand __time <'{{end_time}}' group by FROM_UNIXTIME(TIME_FLOOR_WITH_FILL(UNIX_TIMESTAMP(__time),'PT30S','zero')),'Egress' ) order by stat_time asc", + "protocol": "http", + "host": [ + "{{qgw_ip}}" + ], + "port": "{{qgw_port}}", + "query": [ + { + "key": "query", + "value": "select * from (\n select FROM_UNIXTIME(TIME_FLOOR_WITH_FILL(UNIX_TIMESTAMP(__time),'PT30S','zero')) as stat_time,'Ingress' as type, sum(total_in_bytes) as bytes\n from traffic_metrics_log where __time >= '{{start_time}}'\n\t\tand __time <'{{end_time}}' group by FROM_UNIXTIME(TIME_FLOOR_WITH_FILL(UNIX_TIMESTAMP(__time),'PT30S','zero')), 'Ingress'\nunion all\n select FROM_UNIXTIME(TIME_FLOOR_WITH_FILL(UNIX_TIMESTAMP(__time),\n\t'PT30S',\n\t'zero')) as stat_time,'Egress' as type,sum(total_out_bytes) as bytes\n from traffic_metrics_log where __time >= '{{start_time}}'\n\t\tand __time <'{{end_time}}' group by FROM_UNIXTIME(TIME_FLOOR_WITH_FILL(UNIX_TIMESTAMP(__time),'PT30S','zero')),'Egress' ) order by stat_time asc" + } + ] + } + }, + "response": [] + }, + { + "name": "系统报告-Sessions Trend", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "pm.test(\"Status code is 200\", function () {", + " pm.response.to.have.status(200);", + "});" + ], + "type": "text/javascript" + } + } + ], + "request": { + "method": "GET", + "header": [], + "url": { + "raw": "http://{{qgw_ip}}:{{qgw_port}}?query=select\n\tFROM_UNIXTIME(TIME_FLOOR_WITH_FILL(UNIX_TIMESTAMP(__time),'PT30S','zero')) as stat_time,\n\t'New Sessions' as type,\n\tsum(new_conn_num) as sessions\nfrom\n\ttraffic_metrics_log\nwhere\n__time >= '{{start_time}}'\nand __time <'{{end_time}}' \ngroup by FROM_UNIXTIME(TIME_FLOOR_WITH_FILL(UNIX_TIMESTAMP(__time),'PT30S','zero')), 'New Sessions' order by stat_time asc", + "protocol": "http", + "host": [ + "{{qgw_ip}}" + ], + "port": "{{qgw_port}}", + "query": [ + { + "key": "query", + "value": "select\n\tFROM_UNIXTIME(TIME_FLOOR_WITH_FILL(UNIX_TIMESTAMP(__time),'PT30S','zero')) as stat_time,\n\t'New Sessions' as type,\n\tsum(new_conn_num) as sessions\nfrom\n\ttraffic_metrics_log\nwhere\n__time >= '{{start_time}}'\nand __time <'{{end_time}}' \ngroup by FROM_UNIXTIME(TIME_FLOOR_WITH_FILL(UNIX_TIMESTAMP(__time),'PT30S','zero')), 'New Sessions' order by stat_time asc" + } + ] + } + }, + "response": [] + }, + { + "name": "系统报告-预置Metrics(排除0)", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "pm.test(\"Status code is 200\", function () {", + " pm.response.to.have.status(200);", + "});" + ], + "type": "text/javascript" + } + } + ], + "request": { + "method": "GET", + "header": [], + "url": { + "raw": "http://{{qgw_ip}}:{{qgw_port}}?query=select\n\tsum(total_hit_sessions) as total_hit_sessions,\n\tsum(total_bytes_transferred) as total_bytes_transferred,\n\tsum(total_packets_transferred) as total_packets_transferred,\n\tsum(total_new_sessions) as total_new_sessions ,\n\tsum(total_close_sessions) as total_close_sessions,\n\tsum(average_new_sessions_per_second) as average_new_sessions_per_second ,\n\tsum(average_bytes_per_second) as average_bytes_per_second ,\n\tsum(average_packets_per_second) as average_packets_per_second ,\n\tCOUNT(DISTINCT(device_id)) as device_num,\n\tsum(live_sessions) as average_live_sessions\nfrom\n\t(\n\tselect\n\t\tdevice_id,\n\t\tsum(intercept_conn_num + monitor_conn_num + deny_conn_num + allow_conn_num) as total_hit_sessions,\n\t\tsum(total_in_bytes + total_out_bytes) as total_bytes_transferred,\n\t\tsum(total_in_packets + total_out_packets) as total_packets_transferred,\n\t\tsum(new_conn_num) as total_new_sessions,\n\t\tsum(close_conn_num) as total_close_sessions,\n\t\tavg(nullif(new_conn_num,0))/ 5 as average_new_sessions_per_second,\n\t\tavg(nullif(total_in_bytes + total_out_bytes,0))* 8 / 5 as average_bytes_per_second,\n\t\tavg(nullif(total_in_packets + total_out_packets,0))/ 5 as average_packets_per_second,\n\t\tavg(nullif(established_conn_num,0)) as live_sessions\n\tfrom\n\t\ttraffic_metrics_log\n\twhere\n\t\t__time >= '{{start_time}}'\n\t\tand __time <'{{end_time}}'\n\tgroup by\n\t\tdevice_id)", + "protocol": "http", + "host": [ + "{{qgw_ip}}" + ], + "port": "{{qgw_port}}", + "query": [ + { + "key": "query", + "value": "select\n\tsum(total_hit_sessions) as total_hit_sessions,\n\tsum(total_bytes_transferred) as total_bytes_transferred,\n\tsum(total_packets_transferred) as total_packets_transferred,\n\tsum(total_new_sessions) as total_new_sessions ,\n\tsum(total_close_sessions) as total_close_sessions,\n\tsum(average_new_sessions_per_second) as average_new_sessions_per_second ,\n\tsum(average_bytes_per_second) as average_bytes_per_second ,\n\tsum(average_packets_per_second) as average_packets_per_second ,\n\tCOUNT(DISTINCT(device_id)) as device_num,\n\tsum(live_sessions) as average_live_sessions\nfrom\n\t(\n\tselect\n\t\tdevice_id,\n\t\tsum(intercept_conn_num + monitor_conn_num + deny_conn_num + allow_conn_num) as total_hit_sessions,\n\t\tsum(total_in_bytes + total_out_bytes) as total_bytes_transferred,\n\t\tsum(total_in_packets + total_out_packets) as total_packets_transferred,\n\t\tsum(new_conn_num) as total_new_sessions,\n\t\tsum(close_conn_num) as total_close_sessions,\n\t\tavg(nullif(new_conn_num,0))/ 5 as average_new_sessions_per_second,\n\t\tavg(nullif(total_in_bytes + total_out_bytes,0))* 8 / 5 as average_bytes_per_second,\n\t\tavg(nullif(total_in_packets + total_out_packets,0))/ 5 as average_packets_per_second,\n\t\tavg(nullif(established_conn_num,0)) as live_sessions\n\tfrom\n\t\ttraffic_metrics_log\n\twhere\n\t\t__time >= '{{start_time}}'\n\t\tand __time <'{{end_time}}'\n\tgroup by\n\t\tdevice_id)" + } + ] + } + }, + "response": [] + }, + { + "name": "评估单向流", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "pm.test(\"Status code is 200\", function () {", + " pm.response.to.have.status(200);", + "});" + ], + "type": "text/javascript" + } + } + ], + "request": { + "method": "GET", + "header": [], + "url": { + "raw": "http://{{qgw_ip}}:{{qgw_port}}?query=select {{Last 5 Minutes Start}} as start_time, {{now}} as end_time, sum(common_sessions) as sessions,\n sum(if(common_stream_dir <> 3, common_sessions, 0)) as one_side_sessions,\n round(one_side_sessions/sessions, 2) as one_side_percent\nfrom\n\tsession_record crl \nwhere\n\tcommon_recv_time >= UNIX_TIMESTAMP({{Last 5 Minutes Start}})\n\tand common_recv_time < UNIX_TIMESTAMP({{now}})\n", + "protocol": "http", + "host": [ + "{{qgw_ip}}" + ], + "port": "{{qgw_port}}", + "query": [ + { + "key": "query", + "value": "select {{Last 5 Minutes Start}} as start_time, {{now}} as end_time, sum(common_sessions) as sessions,\n sum(if(common_stream_dir <> 3, common_sessions, 0)) as one_side_sessions,\n round(one_side_sessions/sessions, 2) as one_side_percent\nfrom\n\tsession_record crl \nwhere\n\tcommon_recv_time >= UNIX_TIMESTAMP({{Last 5 Minutes Start}})\n\tand common_recv_time < UNIX_TIMESTAMP({{now}})\n" + } + ] + } + }, + "response": [] + }, + { + "name": "通联带宽趋势分析", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "pm.test(\"Status code is 200\", function () {", + " pm.response.to.have.status(200);", + "});" + ], + "type": "text/javascript" + } + } + ], + "request": { + "method": "GET", + "header": [], + "url": { + "raw": "http://{{qgw_ip}}:{{qgw_port}}/?query=select\n\t{{PT30S_RECV_TIME}} as stat_time,\n\tround(sum(common_c2s_byte_num)*8/30/1000/1000,2) as Bytes_Sent_Mbps,\n\tround(sum(common_s2c_byte_num)*8/30/1000/1000,2) as Bytes_Received_Mbps,\n\tround(sum(common_c2s_byte_num + common_s2c_byte_num)*8/30/1000/1000,2) as Mbps,\n\tround(sum(common_c2s_pkt_num + common_s2c_pkt_num)/30/1000,2) as Kpps,\n\tround(sum(common_sessions)/30/1000,2) as \"Ksessions/s\"\nfrom\n\tsession_record\nwhere\n\tcommon_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time = UNIX_TIMESTAMP('{{start_time}}') and common_recv_time = UNIX_TIMESTAMP('{{start_time}}') and common_recv_time 10 )\ngroup by\n\tstat_time\norder by\n\tstat_time", + "protocol": "http", + "host": [ + "{{qgw_ip}}" + ], + "port": "{{qgw_port}}", + "query": [ + { + "key": "query", + "value": "select\n\tstat_time,\n\tuniq(common_client_ip) as client_ips\nfrom\n\t(\n\tselect\n\t\ttoDateTime(intDiv(toUInt32(toDateTime(toDateTime(common_recv_time))), 3600)* 3600) as stat_time, \n\t\tcommon_client_ip, \n\t\tcount(*) as hits\n\tfrom\n\t\tsecurity_event\n\twhere common_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time 10 )\ngroup by\n\tstat_time\norder by\n\tstat_time" + } + ] + } + }, + "response": [] + }, + { + "name": "访问速度最慢的TOP20 域名", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "pm.test(\"Status code is 200\", function () {", + " pm.response.to.have.status(200);", + "});" + ], + "type": "text/javascript" + } + } + ], + "request": { + "method": "GET", + "header": [], + "url": { + "raw": "http://{{qgw_ip}}:{{qgw_port}}?query=select\n\thttp_domain as domain,\n\tround(avg(common_establish_latency_ms),0) avg_establish_latency\nfrom\n\tsession_record\nwhere \n\tcommon_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time = UNIX_TIMESTAMP('{{start_time}}') and common_recv_time = UNIX_TIMESTAMP('{{start_time}}') and common_recv_time 100\norder by\n\tports_num desc limit 50", + "protocol": "http", + "host": [ + "{{qgw_ip}}" + ], + "port": "{{qgw_port}}", + "query": [ + { + "key": "query", + "value": "\nselect\n\tcommon_server_ip,\n\tgroupUniqArray(common_server_port) as ports,\n\tif(notEmpty(ports),length(ports),0) as ports_num\nfrom\n\tsession_record crl\nwhere \tcommon_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time 100\norder by\n\tports_num desc limit 50" + } + ] + } + }, + "response": [] + }, + { + "name": "某服务IP客户端IP变化", + "event": [ + { + "listen": "test", + "script": { + "exec": [ + "pm.test(\"Status code is 200\", function () {", + " pm.response.to.have.status(200);", + "});" + ], + "type": "text/javascript" + } + } + ], + "request": { + "method": "GET", + "header": [], + "url": { + "raw": "http://{{qgw_ip}}:{{qgw_port}}?query=select\n\ttoDateTime(intDiv(toUInt32(toDateTime(toDateTime(common_recv_time))), 3600)* 3600) as stat_time,\n\tuniq(common_client_ip) as client_ips\nfrom\n\tsession_record crl\nwhere \n\tcommon_recv_time >= UNIX_TIMESTAMP('{{start_time}}') and common_recv_time = UNIX_TIMESTAMP('{{start_time}}') and common_recv_time