diff --git a/src/main/java/com/zdjizhi/etl/DosDetection.java b/src/main/java/com/zdjizhi/etl/DosDetection.java index 63960cd..e55c412 100644 --- a/src/main/java/com/zdjizhi/etl/DosDetection.java +++ b/src/main/java/com/zdjizhi/etl/DosDetection.java @@ -35,6 +35,8 @@ public class DosDetection extends RichMapFunction { private final static int BASELINE_CONDITION_TYPE = 2; private final static int SENSITIVITY_CONDITION_TYPE = 3; + private final static int OTHER_BASELINE_TYPE = 3; + @Override public void open(Configuration parameters) { ScheduledExecutorService executorService = new ScheduledThreadPoolExecutor(2, @@ -162,6 +164,7 @@ public class DosDetection extends RichMapFunction { if (dosBaselineThreshold != null) { ArrayList baselines = dosBaselineThreshold.getSession_rate(); Integer defaultVaule = dosBaselineThreshold.getSession_rate_default_value(); + Integer sessionRateBaselineType = dosBaselineThreshold.getSession_rate_baseline_type(); if (baselines != null && baselines.size() == BASELINE_SIZE) { int timeIndex = getCurrentTimeIndex(value.getSketch_start_time()); base = baselines.get(timeIndex); @@ -169,6 +172,9 @@ public class DosDetection extends RichMapFunction { logger.debug("获取到当前IP: {},类型: {} baseline值为0,替换为P95观测值{}", value.getDestination_ip(), value.getAttack_type(), defaultVaule); base = defaultVaule; } + if (sessionRateBaselineType == OTHER_BASELINE_TYPE && base < CommonConfig.STATIC_SENSITIVITY_THRESHOLD){ + base = CommonConfig.STATIC_SENSITIVITY_THRESHOLD; + } } } } catch (Exception e) { diff --git a/src/main/java/com/zdjizhi/etl/ParseSketchLog.java b/src/main/java/com/zdjizhi/etl/ParseSketchLog.java index 16a42a5..d30d1f0 100644 --- a/src/main/java/com/zdjizhi/etl/ParseSketchLog.java +++ b/src/main/java/com/zdjizhi/etl/ParseSketchLog.java @@ -69,7 +69,7 @@ public class ParseSketchLog { dosSketchLog.setSketch_packets(sketchPackets); dosSketchLog.setSketch_bytes(sketchBytes); collector.collect(dosSketchLog); - logger.info("数据解析成功:{}",dosSketchLog.toString()); + logger.debug("数据解析成功:{}",dosSketchLog.toString()); } } } catch (Exception e) { diff --git a/src/main/resources/common.properties b/src/main/resources/common.properties index 43cb54d..5902165 100644 --- a/src/main/resources/common.properties +++ b/src/main/resources/common.properties @@ -11,8 +11,8 @@ kafka.input.parallelism=1 kafka.input.topic.name=DOS-SKETCH-RECORD #输入kafka地址 -kafka.input.bootstrap.servers=192.168.44.12:9094 -#kafka.input.bootstrap.servers=192.168.44.11:9094,192.168.44.14:9094,192.168.44.15:9094 +#kafka.input.bootstrap.servers=192.168.44.12:9094 +kafka.input.bootstrap.servers=192.168.44.11:9094,192.168.44.14:9094,192.168.44.15:9094 #读取kafka group id kafka.input.group.id=2109160928 @@ -22,15 +22,15 @@ kafka.input.group.id=2109160928 kafka.output.metric.parallelism=1 #发送kafka metrics topic名 -#kafka.output.metric.topic.name=TRAFFIC-TOP-DESTINATION-IP-METRICS -kafka.output.metric.topic.name=test +kafka.output.metric.topic.name=TRAFFIC-TOP-DESTINATION-IP-METRICS +#kafka.output.metric.topic.name=test #发送kafka event并行度大小 kafka.output.event.parallelism=1 #发送kafka event topic名 -#kafka.output.event.topic.name=DOS-EVENT -kafka.output.event.topic.name=storm-dos-test +kafka.output.event.topic.name=DOS-EVENT +#kafka.output.event.topic.name=storm-dos-test #kafka输出地址 kafka.output.bootstrap.servers=192.168.44.12:9094