加maat扫描日志

2019-06-04 15:38:27 +08:00
parent f89c0cf902
commit 55cd850403
5 changed files with 90 additions and 18 deletions
--- a/conf/kni.conf
+++ b/conf/kni.conf
@@ -5,7 +5,8 @@ tfe_count = 1
 local_eth = enp8s0

 [maat]
-readconf_mode = 2
+#readconf_mode: 0 = iris, 1 = json, 2 = redis
+readconf_mode = 1
 tableinfo_path = ./conf/kni/maat_tableinfo.conf
 maatjson_path = ./conf/kni/maat_test.json
 redis_ip = 192.168.10.120
@@ -14,6 +15,8 @@ redis_index = 4
 tablename_intercept_ip = PXY_INTERCEPT_IP
 tablename_intercept_domain = PXY_INTERCEPT_DOMAIN
 compile_alias = COMPILE_ALIAS
+#default_action: 0x80 = bypass, 0x02 = intercept
+default_action = 128

 [marsio]
 appsym = knifw
@@ -38,7 +41,7 @@ stat_path = ./fs2_kni.status
 [send_logger]
 switch = 1
 kafka_topic = SESSION-RECORD-LOG
-kafka_brokerlist = 192.168.10.121:9092,192.168.10.122:9092,192.168.10.123:9092
+kafka_brokerlist = 192.168.10.119:9092,192.168.10.122:9092,192.168.10.123:9092

 [kafka]
 queue.buffering.max.messages = 1000000
--- a/conf/maat/maat_test.json
+++ b/conf/maat/maat_test.json
@@ -33,7 +33,7 @@
        {
            "compile_id": 1,
            "service": 1,
-            "action":2,
+            "action": 2,
            "do_blacklist": 1,
            "do_log": 1,
            "effective_rage": 0,
@@ -48,7 +48,7 @@
                            "table_type": "ip",
                            "table_content": {
                                "addr_type": "ipv4",
-                                "src_ip": "192.168.11.135",
+                                "src_ip": "192.168.50.156",
                                "mask_src_ip": "255.255.255.255",
                                "src_port": "0",
                                "mask_src_port": "65535",