diff --git a/bin/maat.conf b/bin/maat.conf index d63a3e6..b43e9ac 100644 --- a/bin/maat.conf +++ b/bin/maat.conf @@ -6,7 +6,7 @@ PERF_SWITCH=1 TABLE_INFO=tsgconf/tsg_static_tableinfo.conf STAT_FILE=tsg_static_maat.status EFFECT_INTERVAL_S=1 -REDIS_IP=192.168.40.120 +REDIS_IP=127.0.0.1 REDIS_PORT_NUM=1 REDIS_PORT=7002 REDIS_INDEX=0 @@ -22,7 +22,7 @@ PERF_SWITCH=1 TABLE_INFO=tsgconf/tsg_dynamic_tableinfo.conf STAT_FILE=tsg_dynamic_maat.status EFFECT_INTERVAL_S=1 -REDIS_IP=192.168.40.120 +REDIS_IP=127.0.0.1 REDIS_PORT_NUM=1 REDIS_PORT=7002 REDIS_INDEX=1 diff --git a/bin/main.conf b/bin/main.conf index 8a5c46c..99b2392 100644 --- a/bin/main.conf +++ b/bin/main.conf @@ -4,18 +4,24 @@ IP_ADDR_TABLE=TSG_OBJ_IP_ADDR SUBSCRIBER_ID_TABLE=TSG_OBJ_SUBSCRIBER_ID CB_SUBSCRIBER_IP_TABLE=TSG_DYN_SUBSCRIBER_IP - [TSG_LOG] MODE=1 -NIC_NAME=lo -MAX_SERVICE=0 +NIC_NAME=enp8s0 +MAX_SERVICE=1 LOG_LEVEL=10 LOG_PATH=./tsglog/tsglog -BROKER_LIST=127.0.0.1:9092 -COMMON_FIELD_FILE=./tsgconf/tsg_log_field.conf +BROKER_LIST=192.168.40.186:9092 +COMMON_FIELD_FILE=tsgconf/tsg_log_field.conf + +[STATISTIC] +CYCLE=30 +TELEGRAF_PORT=8100 +TELEGRAF_IP=127.0.0.1 +OUTPUT_PATH=./tsg_statistic.log +APP_NAME=statistic [FIELD_STAT] -CYCLE=3 +CYCLE=30 TELEGRAF_PORT=8125 TELEGRAF_IP=127.0.0.1 OUTPUT_PATH=./tsg_stat.log diff --git a/bin/tsg_log_field.conf b/bin/tsg_log_field.conf index 17e8c11..a01e439 100644 --- a/bin/tsg_log_field.conf +++ b/bin/tsg_log_field.conf @@ -1,6 +1,7 @@ #TYPE:1:UCHAR,2:USHORT,3:ULONG,4:ULOG,5:USTRING,6:FILE,7:UBASE64,8:PACKET #TYPE TOPIC SERVICE TOPIC SECURITY-EVENT-LOG 0 +TOPIC CONNECTION-RECORD-LOG 1 #TYPE FIELD VALUE LONG common_policy_id 1 diff --git a/bin/tsg_maat.json b/bin/tsg_maat.json index 90cb922..a592c25 100644 --- a/bin/tsg_maat.json +++ b/bin/tsg_maat.json @@ -1,11 +1,11 @@ { "compile_table": "TSG_SECURITY_COMPILE", - "group_table": "GROUP_COMPILE_RELATION", + "group_table": "POLICY_OBJECT", "rules": [ - { - "compile_id": 172, + { + "compile_id": 1, "service": 0, - "action": 2, + "action": 16, "do_blacklist": 0, "do_log": 1, "effective_rage": 0, @@ -13,31 +13,72 @@ "is_valid": "yes", "groups": [ { + "group_name": "group_1", "regions": [ { - "table_type": "ip_plus", "table_name": "TSG_OBJ_IP_ADDR", + "table_type": "ip", "table_content": { "addr_type": "ipv4", - "saddr_format": "range", - "src_ip1": "192.168.50.133", - "src_ip2": "192.168.50.142", - "sport_format": "range", - "src_port1": "0", - "src_port2": "0", - "daddr_format": "mask", - "dst_ip1": "0.0.0.0", - "dst_ip2": "255.255.255.255", - "dport_format": "range", - "dst_port1": "0", - "dst_port2": "0", + "src_ip": "61.135.169.125", + "mask_src_ip": "255.255.255.255", + "src_port": "80", + "mask_src_port": "65535", + "dst_ip": "192.168.41.228", + "mask_dst_ip": "255.255.255.255", + "dst_port": "0", + "mask_dst_port": "65535", "protocol": 6, "direction": "double" } } ] } - ] + ] + }, + { + "compile_id": 2, + "service": 0, + "action": 128, + "do_blacklist": 0, + "do_log": 1, + "effective_rage": 0, + "user_region": "anything", + "is_valid": "yes", + "groups": [ + { + "group_name": "FQDN_SNI", + "regions": [ + { + "table_name": "TSG_OBJ_FQDN", + "table_type": "expr", + "table_content": { + "keywords": "baidu.com", + "expr_type": "and", + "match_method": "sub", + "format": "uncase plain" + } + } + ] + } + ] + }, + { + "compile_id": 3, + "service": 0, + "action": 128, + "do_blacklist": 0, + "do_log": 1, + "effective_rage": 0, + "user_region": "Virtual", + "is_valid": "yes", + "groups": [ + { + "group_name":"FQDN_SNI", + "virtual_table":"TSG_FIELD_SSL_SNI", + "not_flag" : 0 + } + ] } ] } diff --git a/bin/tsg_static_tableinfo.conf b/bin/tsg_static_tableinfo.conf index d9d2863..44b57dc 100644 --- a/bin/tsg_static_tableinfo.conf +++ b/bin/tsg_static_tableinfo.conf @@ -16,7 +16,7 @@ 5 TSG_OBJ_URL expr UTF8 UTF8/GBK yes 0 6 TSG_OBJ_FQDN expr UTF8 UTF8 yes 0 6 TSG_OBJ_FQDN_CAT expr UTF8 UTF8 yes 0 -7 TSG_OBJ_KEYWORDS expr UTF8 UTF8 yes 0 +7 TSG_OBJ_KEYWORDS expr UTF8 UTF8/GBK yes 0 8 TSG_OBJ_HTTP_SIGNATURE expr_plus UTF8 UTF8/GBK yes 0 9 TSG_FIELD_HTTP_HOST virtual TSG_OBJ_FQDN -- 10 TSG_FIELD_HTTP_URL virtual TSG_OBJ_URL --