1、kni.conf增加[send_log];2、log_debug支持TCP/UDP协议；3、IPV4/V6_entry中addr_type更正；4、redirect日志更新

2018-12-17 14:48:08 +08:00
parent 9d2cee16ae
commit a011f87f21
6 changed files with 127 additions and 10 deletions
--- a/bin/kniconf/kni.conf
+++ b/bin/kniconf/kni.conf
@@ -53,6 +53,12 @@ table_info_path=./kniconf/maat_table_info.conf
 full_cfg_dir=/home/mesasoft/tango_rules/full/index
 inc_cfg_dir=/home/mesasoft/tango_rules/inc/index

+[send_log]
+send_log_switch=0
+NIC_NAME=eth0
+ENTRANCE_ID=0
+KAFKA_BROKERLIST=192.168.10.73:9092
+


 [Module]
--- a/bin/kniconf/maat_test.json.dnat
+++ b/bin/kniconf/maat_test.json.dnat
@@ -0,0 +1,48 @@
+{
+    "compile_table": "PXY_INTERCEPT_COMPILE",
+    "group_table": "PXY_INTERCEPT_GROUP",
+    "rules": [
+        {
+            "compile_id": 1,
+            "service": 1,
+            "action":48,
+            "do_blacklist": 1,
+            "do_log": 1,
+            "effective_rage": 0,
+            "user_region": "spoofing_ip_pool=10;nat_type=dnat;",
+            "is_valid": "yes",
+            "groups": [
+                {
+                    "group_name": "Untitled",
+                    "regions": [
+                        {
+                            "table_name": "PXY_INTERCEPT_IP",
+                            "table_type": "ip",
+                            "table_content": {
+                                "addr_type": "ipv4",
+                                "src_ip": "192.168.11.80",
+                                "mask_src_ip": "255.255.255.255",
+                                "src_port": "0",
+                                "mask_src_port": "65535",
+                                "dst_ip": "61.135.169.125",
+                                "mask_dst_ip": "255.255.255.255",
+                                "dst_port": "0",
+                                "mask_dst_port": "65535",
+                                "protocol": 0,
+                                "direction": "double"
+                            }
+                        }
+                    ]
+                }
+            ]
+        }
+	],
+    "plugin_table": [
+		{
+		"table_name": "PXY_OBJ_SPOOFING_IP_POOL",
+		"table_content": [
+		"1\t4\t0\t123.57.35.217\t0\t0\t\t0\t0\t1\t123\t10\t{}\t20181217-0:22"
+				]
+			}
+		]
+	}
--- a/bin/kniconf/maat_test.json.snat
+++ b/bin/kniconf/maat_test.json.snat
@@ -0,0 +1,48 @@
+{
+    "compile_table": "PXY_INTERCEPT_COMPILE",
+    "group_table": "PXY_INTERCEPT_GROUP",
+    "rules": [
+        {
+            "compile_id": 1,
+            "service": 1,
+            "action":48,
+            "do_blacklist": 1,
+            "do_log": 1,
+            "effective_rage": 0,
+            "user_region": "spoofing_ip_pool=10;nat_type=snat;",
+            "is_valid": "yes",
+            "groups": [
+                {
+                    "group_name": "Untitled",
+                    "regions": [
+                        {
+                            "table_name": "PXY_INTERCEPT_IP",
+                            "table_type": "ip",
+                            "table_content": {
+                                "addr_type": "ipv4",
+                                "src_ip": "192.168.11.80",
+                                "mask_src_ip": "255.255.255.255",
+                                "src_port": "0",
+                                "mask_src_port": "65535",
+                                "dst_ip": "0.0.0.0",
+                                "mask_dst_ip": "255.255.255.255",
+                                "dst_port": "0",
+                                "mask_dst_port": "65535",
+                                "protocol": 0,
+                                "direction": "double"
+                            }
+                        }
+                    ]
+                }
+            ]
+        }
+	],
+    "plugin_table": [
+		{
+		"table_name": "PXY_OBJ_SPOOFING_IP_POOL",
+		"table_content": [
+		"1\t4\t0\t192.168.11.127\t0\t0\t\t0\t0\t1\t123\t10\t{}\t20181217-0:22"
+				]
+			}
+		]
+	}