Compare commits
2 Commits
| Author | SHA1 | Date | |
|---|---|---|---|
|
47ddef9bca | ||
|
|
0a6f36393c |
@@ -6,6 +6,7 @@ import java.util.Objects;
|
||||
public class DosEventLog implements Serializable {
|
||||
|
||||
private long log_id;
|
||||
private int common_vsys_id;
|
||||
private long start_time;
|
||||
private long end_time;
|
||||
private String attack_type;
|
||||
@@ -27,6 +28,14 @@ public class DosEventLog implements Serializable {
|
||||
this.log_id = log_id;
|
||||
}
|
||||
|
||||
public int getCommon_vsys_id() {
|
||||
return common_vsys_id;
|
||||
}
|
||||
|
||||
public void setCommon_vsys_id(int common_vsys_id) {
|
||||
this.common_vsys_id = common_vsys_id;
|
||||
}
|
||||
|
||||
public long getStart_time() {
|
||||
return start_time;
|
||||
}
|
||||
@@ -125,8 +134,9 @@ public class DosEventLog implements Serializable {
|
||||
|
||||
@Override
|
||||
public String toString() {
|
||||
return "dosEventLog{" +
|
||||
return "DosEventLog{" +
|
||||
"log_id=" + log_id +
|
||||
", common_vsys_id=" + common_vsys_id +
|
||||
", start_time=" + start_time +
|
||||
", end_time=" + end_time +
|
||||
", attack_type='" + attack_type + '\'' +
|
||||
@@ -152,6 +162,7 @@ public class DosEventLog implements Serializable {
|
||||
}
|
||||
DosEventLog that = (DosEventLog) o;
|
||||
return getLog_id() == that.getLog_id() &&
|
||||
getCommon_vsys_id() == that.getCommon_vsys_id() &&
|
||||
getStart_time() == that.getStart_time() &&
|
||||
getEnd_time() == that.getEnd_time() &&
|
||||
getSession_rate() == that.getSession_rate() &&
|
||||
@@ -168,6 +179,6 @@ public class DosEventLog implements Serializable {
|
||||
|
||||
@Override
|
||||
public int hashCode() {
|
||||
return Objects.hash(getLog_id(), getStart_time(), getEnd_time(), getAttack_type(), getSeverity(), getConditions(), getDestination_ip(), getDestination_country(), getSource_ip_list(), getSource_country_list(), getSession_rate(), getPacket_rate(), getBit_rate());
|
||||
return Objects.hash(getLog_id(), getCommon_vsys_id(), getStart_time(), getEnd_time(), getAttack_type(), getSeverity(), getConditions(), getDestination_ip(), getDestination_country(), getSource_ip_list(), getSource_country_list(), getSession_rate(), getPacket_rate(), getBit_rate());
|
||||
}
|
||||
}
|
||||
|
||||
@@ -148,6 +148,7 @@ public class DosDetection extends RichMapFunction<DosSketchLog, DosEventLog> {
|
||||
private DosEventLog getResult(DosSketchLog value, long base, Severity severity, double percent, int type, String tag) {
|
||||
DosEventLog dosEventLog = new DosEventLog();
|
||||
dosEventLog.setLog_id(SnowflakeId.generateId());
|
||||
dosEventLog.setCommon_vsys_id(1);
|
||||
dosEventLog.setStart_time(value.getSketch_start_time());
|
||||
dosEventLog.setEnd_time(value.getSketch_start_time() + value.getSketch_duration());
|
||||
dosEventLog.setAttack_type(value.getAttack_type());
|
||||
|
||||
@@ -6,6 +6,7 @@ import com.zdjizhi.common.DosDetectionThreshold;
|
||||
import com.zdjizhi.common.DosVsysId;
|
||||
import com.zdjizhi.utils.HttpClientUtils;
|
||||
import com.zdjizhi.utils.JsonMapper;
|
||||
import com.zdjizhi.utils.NacosUtils;
|
||||
import inet.ipaddr.IPAddress;
|
||||
import inet.ipaddr.IPAddressString;
|
||||
import org.apache.flink.shaded.guava18.com.google.common.collect.Range;
|
||||
@@ -113,7 +114,7 @@ public class ParseStaticThreshold {
|
||||
parms.put("pageSize", -1);
|
||||
parms.put("orderBy", "vsysId desc");
|
||||
HttpClientUtils.setUrlWithParams(uriBuilder, CommonConfig.BIFANG_SERVER_POLICY_VSYSID_PATH, parms);
|
||||
String token = CommonConfig.BIFANG_SERVER_TOKEN;
|
||||
String token = NacosUtils.getStringProperty("bifang.server.token");
|
||||
if (!HttpClientUtils.ERROR_MESSAGE.equals(token)) {
|
||||
BasicHeader authorization = new BasicHeader("Authorization", token);
|
||||
BasicHeader authorization1 = new BasicHeader("Content-Type", "application/x-www-form-urlencoded");
|
||||
@@ -153,37 +154,37 @@ public class ParseStaticThreshold {
|
||||
try {
|
||||
// if (vsysId != null){
|
||||
// for (DosVsysId dosVsysId : vsysId) {
|
||||
URIBuilder uriBuilder = new URIBuilder(CommonConfig.BIFANG_SERVER_URI);
|
||||
HashMap<String, Object> parms = new HashMap<>();
|
||||
parms.put("pageSize", -1);
|
||||
parms.put("orderBy", "profileId asc");
|
||||
parms.put("isValid", 1);
|
||||
URIBuilder uriBuilder = new URIBuilder(CommonConfig.BIFANG_SERVER_URI);
|
||||
HashMap<String, Object> parms = new HashMap<>();
|
||||
parms.put("pageSize", -1);
|
||||
parms.put("orderBy", "profileId asc");
|
||||
parms.put("isValid", 1);
|
||||
// parms.put("vsysId", dosVsysId.getVsysId());
|
||||
parms.put("vsysId", 1);
|
||||
HttpClientUtils.setUrlWithParams(uriBuilder, CommonConfig.BIFANG_SERVER_POLICY_THRESHOLD_PATH, parms);
|
||||
String token = CommonConfig.BIFANG_SERVER_TOKEN;
|
||||
if (!HttpClientUtils.ERROR_MESSAGE.equals(token)) {
|
||||
BasicHeader authorization = new BasicHeader("Authorization", token);
|
||||
BasicHeader authorization1 = new BasicHeader("Content-Type", "application/x-www-form-urlencoded");
|
||||
String resposeJsonStr = HttpClientUtils.httpGet(uriBuilder.build(), authorization, authorization1);
|
||||
if (!HttpClientUtils.ERROR_MESSAGE.equals(resposeJsonStr)) {
|
||||
HashMap<String, Object> resposeMap = jsonMapperInstance.fromJson(resposeJsonStr, hashmapJsonType);
|
||||
boolean success = (boolean) resposeMap.get("success");
|
||||
String msg = resposeMap.get("msg").toString();
|
||||
if (success) {
|
||||
HashMap<String, Object> data = jsonMapperInstance.fromJson(jsonMapperInstance.toJson(resposeMap.get("data")), hashmapJsonType);
|
||||
Object list = data.get("list");
|
||||
if (list != null) {
|
||||
thresholds = jsonMapperInstance.fromJson(jsonMapperInstance.toJson(list), thresholdType);
|
||||
logger.info("获取到静态阈值配置{}条", thresholds.size());
|
||||
} else {
|
||||
logger.warn("静态阈值配置为空");
|
||||
}
|
||||
} else {
|
||||
logger.error(msg);
|
||||
}
|
||||
}
|
||||
}
|
||||
parms.put("vsysId", 1);
|
||||
HttpClientUtils.setUrlWithParams(uriBuilder, CommonConfig.BIFANG_SERVER_POLICY_THRESHOLD_PATH, parms);
|
||||
String token = NacosUtils.getStringProperty("bifang.server.token");
|
||||
if (!HttpClientUtils.ERROR_MESSAGE.equals(token)) {
|
||||
BasicHeader authorization = new BasicHeader("Authorization", token);
|
||||
BasicHeader authorization1 = new BasicHeader("Content-Type", "application/x-www-form-urlencoded");
|
||||
String resposeJsonStr = HttpClientUtils.httpGet(uriBuilder.build(), authorization, authorization1);
|
||||
if (!HttpClientUtils.ERROR_MESSAGE.equals(resposeJsonStr)) {
|
||||
HashMap<String, Object> resposeMap = jsonMapperInstance.fromJson(resposeJsonStr, hashmapJsonType);
|
||||
boolean success = (boolean) resposeMap.get("success");
|
||||
String msg = resposeMap.get("msg").toString();
|
||||
if (success) {
|
||||
HashMap<String, Object> data = jsonMapperInstance.fromJson(jsonMapperInstance.toJson(resposeMap.get("data")), hashmapJsonType);
|
||||
Object list = data.get("list");
|
||||
if (list != null) {
|
||||
thresholds = jsonMapperInstance.fromJson(jsonMapperInstance.toJson(list), thresholdType);
|
||||
logger.info("获取到静态阈值配置{}条", thresholds.size());
|
||||
} else {
|
||||
logger.warn("静态阈值配置为空");
|
||||
}
|
||||
} else {
|
||||
logger.error(msg);
|
||||
}
|
||||
}
|
||||
}
|
||||
// }
|
||||
// }
|
||||
} catch (Exception e) {
|
||||
|
||||
@@ -15,7 +15,7 @@ kafka.input.topic.name=DOS-SKETCH-RECORD
|
||||
kafka.input.bootstrap.servers=192.168.44.11:9094,192.168.44.14:9094,192.168.44.15:9094
|
||||
|
||||
#读取kafka group id
|
||||
kafka.input.group.id=2112080949
|
||||
kafka.input.group.id=dos-detection-job-220816-1
|
||||
#kafka.input.group.id=dos-detection-job-210813-1
|
||||
|
||||
#发送kafka metrics并行度大小
|
||||
@@ -78,19 +78,6 @@ ip.mmdb.path=D:\\data\\dat\\
|
||||
#ip.mmdb.path=/home/bigdata/topology/dat/
|
||||
#ip.mmdb.path=/home/bigdata/wlh/topology/dos-detection/dat/
|
||||
|
||||
##静态敏感阈值,速率小于此值不报警
|
||||
#static.sensitivity.threshold=500
|
||||
#
|
||||
##基线敏感阈值
|
||||
#baseline.sensitivity.threshold=0.2
|
||||
#
|
||||
##基于baseline判定dos攻击的上下限
|
||||
#baseline.sessions.minor.threshold=0.5
|
||||
#baseline.sessions.warning.threshold=1
|
||||
#baseline.sessions.major.threshold=2.5
|
||||
#baseline.sessions.severe.threshold=5
|
||||
#baseline.sessions.critical.threshold=8
|
||||
|
||||
#bifang服务访问地址
|
||||
bifang.server.uri=http://192.168.44.72:80
|
||||
#bifang.server.uri=http://192.168.44.3:80
|
||||
@@ -142,8 +129,8 @@ sasl.jaas.config.password=6MleDyA3Z73HSaXiKsDJ2k7Ys8YWLhEJ
|
||||
sasl.jaas.config.flag=1
|
||||
|
||||
#nacos配置
|
||||
nacos.server.addr=192.168.40.42:8848
|
||||
nacos.namespace=prod
|
||||
nacos.server.addr=192.168.44.12:8848
|
||||
nacos.namespace=test
|
||||
nacos.username=nacos
|
||||
nacos.password=nacos
|
||||
nacos.data.id=dos_detection.properties
|
||||
|
||||
@@ -41,7 +41,7 @@ public class NacosTest {
|
||||
|
||||
private void getProperties() {
|
||||
properties.setProperty(PropertyKeyConst.SERVER_ADDR, "192.168.44.12:8848");
|
||||
properties.setProperty(PropertyKeyConst.NAMESPACE, "flink");
|
||||
properties.setProperty(PropertyKeyConst.NAMESPACE, "test");
|
||||
properties.setProperty(PropertyKeyConst.USERNAME, "nacos");
|
||||
properties.setProperty(PropertyKeyConst.PASSWORD, "nacos");
|
||||
}
|
||||
@@ -56,7 +56,7 @@ public class NacosTest {
|
||||
Properties nacosConfigMap = new Properties();
|
||||
nacosConfigMap.load(new StringReader(content));
|
||||
System.out.println(nacosConfigMap.getProperty("static.sensitivity.threshold"));
|
||||
} catch (NacosException | IOException e) {
|
||||
} catch (Exception e) {
|
||||
e.printStackTrace();
|
||||
}
|
||||
|
||||
@@ -83,7 +83,7 @@ public class NacosTest {
|
||||
System.out.println(configMsg);
|
||||
}
|
||||
});
|
||||
} catch (NacosException e) {
|
||||
} catch (Exception e) {
|
||||
e.printStackTrace();
|
||||
}
|
||||
|
||||
|
||||
Reference in New Issue
Block a user