修正配置文件

bin/maat.conf

@@ -6,7 +6,7 @@ PERF_SWITCH=1
 TABLE_INFO=tsgconf/tsg_static_tableinfo.conf
 STAT_FILE=tsg_static_maat.status
 EFFECT_INTERVAL_S=1
-REDIS_IP=192.168.40.120
+REDIS_IP=127.0.0.1
 REDIS_PORT_NUM=1
 REDIS_PORT=7002
 REDIS_INDEX=0
@@ -22,7 +22,7 @@ PERF_SWITCH=1
 TABLE_INFO=tsgconf/tsg_dynamic_tableinfo.conf
 STAT_FILE=tsg_dynamic_maat.status
 EFFECT_INTERVAL_S=1
-REDIS_IP=192.168.40.120
+REDIS_IP=127.0.0.1
 REDIS_PORT_NUM=1
 REDIS_PORT=7002
 REDIS_INDEX=1

bin/main.conf

@@ -4,18 +4,24 @@ IP_ADDR_TABLE=TSG_OBJ_IP_ADDR
 SUBSCRIBER_ID_TABLE=TSG_OBJ_SUBSCRIBER_ID
 CB_SUBSCRIBER_IP_TABLE=TSG_DYN_SUBSCRIBER_IP
 
-
 [TSG_LOG]
 MODE=1
-NIC_NAME=lo
+NIC_NAME=enp8s0
-MAX_SERVICE=0
+MAX_SERVICE=1
 LOG_LEVEL=10
 LOG_PATH=./tsglog/tsglog
-BROKER_LIST=127.0.0.1:9092
+BROKER_LIST=192.168.40.186:9092
-COMMON_FIELD_FILE=./tsgconf/tsg_log_field.conf
+COMMON_FIELD_FILE=tsgconf/tsg_log_field.conf
+
+[STATISTIC]
+CYCLE=30
+TELEGRAF_PORT=8100
+TELEGRAF_IP=127.0.0.1
+OUTPUT_PATH=./tsg_statistic.log
+APP_NAME=statistic
 
 [FIELD_STAT]
-CYCLE=3
+CYCLE=30
 TELEGRAF_PORT=8125
 TELEGRAF_IP=127.0.0.1
 OUTPUT_PATH=./tsg_stat.log

bin/tsg_log_field.conf

@@ -1,6 +1,7 @@
 #TYPE：1:UCHAR,2:USHORT,3:ULONG,4:ULOG,5:USTRING,6:FILE,7:UBASE64,8:PACKET
 #TYPE	TOPIC	SERVICE
 TOPIC	SECURITY-EVENT-LOG	0
+TOPIC   CONNECTION-RECORD-LOG   1
 
 #TYPE		FIELD		VALUE
 LONG   		common_policy_id	1

bin/tsg_maat.json

@@ -1,11 +1,11 @@
 {
     "compile_table": "TSG_SECURITY_COMPILE",
-    "group_table": "GROUP_COMPILE_RELATION",
+    "group_table": "POLICY_OBJECT",
     "rules": [
-    {
+        {
-	    "compile_id": 172,
+            "compile_id": 1,
             "service": 0,
-            "action": 2,
+            "action": 16,
             "do_blacklist": 0,
             "do_log": 1,
             "effective_rage": 0,
@@ -13,31 +13,72 @@
             "is_valid": "yes",
             "groups": [
                 {
+                    "group_name": "group_1",
                     "regions": [
                         {
-                            "table_type": "ip_plus",
                             "table_name": "TSG_OBJ_IP_ADDR",
+                            "table_type": "ip",
                             "table_content": {
                                 "addr_type": "ipv4",
-                                "saddr_format": "range",
+                                "src_ip": "61.135.169.125",
-                                "src_ip1": "192.168.50.133",
+                                "mask_src_ip": "255.255.255.255",
-                                "src_ip2": "192.168.50.142",
+                                "src_port": "80",
-                                "sport_format": "range",
+                                "mask_src_port": "65535",
-                                "src_port1": "0",
+                                "dst_ip": "192.168.41.228",
-                                "src_port2": "0",
+                                "mask_dst_ip": "255.255.255.255",
-                                "daddr_format": "mask",
+                                "dst_port": "0",
-                                "dst_ip1": "0.0.0.0",
+                                "mask_dst_port": "65535",
-                                "dst_ip2": "255.255.255.255",
-                                "dport_format": "range",
-                                "dst_port1": "0",
-                                "dst_port2": "0",
                                 "protocol": 6,
                                 "direction": "double"
                             }
                         }
                     ]
                 }
-            ]
+            ]    
+        },
+        {
+            "compile_id": 2,
+            "service": 0,
+            "action": 128,
+            "do_blacklist": 0,
+            "do_log": 1,
+            "effective_rage": 0,
+            "user_region": "anything",
+            "is_valid": "yes",
+            "groups": [
+                {
+                    "group_name": "FQDN_SNI",
+                    "regions": [
+                        {
+                            "table_name": "TSG_OBJ_FQDN",
+                            "table_type": "expr",
+                            "table_content": {
+                                "keywords": "baidu.com",
+                                "expr_type": "and",
+                                "match_method": "sub",
+                                "format": "uncase plain"
+                            }
+                        }
+                    ]
+                }
+            ]    
+        },
+	{
+            "compile_id": 3,
+            "service": 0,
+            "action": 128,
+            "do_blacklist": 0,
+            "do_log": 1,
+            "effective_rage": 0,
+            "user_region": "Virtual",
+            "is_valid": "yes",
+            "groups": [
+                {
+			"group_name":"FQDN_SNI",
+                        "virtual_table":"TSG_FIELD_SSL_SNI",
+                        "not_flag" : 0
+                }
+            ]    
         }
     ]
 }

bin/tsg_static_tableinfo.conf

@@ -16,7 +16,7 @@
 5	TSG_OBJ_URL	expr	UTF8	UTF8/GBK	yes	0
 6	TSG_OBJ_FQDN	expr	UTF8	UTF8	yes	0
 6	TSG_OBJ_FQDN_CAT	expr	UTF8	UTF8	yes	0
-7	TSG_OBJ_KEYWORDS	expr	UTF8	UTF8	yes	0
+7	TSG_OBJ_KEYWORDS	expr	UTF8	UTF8/GBK	yes	0
 8	TSG_OBJ_HTTP_SIGNATURE	expr_plus	UTF8	UTF8/GBK	yes	0
 9	TSG_FIELD_HTTP_HOST	virtual	TSG_OBJ_FQDN	--
 10	TSG_FIELD_HTTP_URL	virtual	TSG_OBJ_URL	--