增加MAAT4的输出统计

bin/maat.conf

@@ -3,8 +3,10 @@ MAAT_MODE=json
 STAT_SWITCH=1
 PERF_SWITCH=1
 TABLE_INFO=tsgconf/tsg_static_tableinfo.json
-STAT_FILE=tsg_static_maat.status
+STAT_FILE=log/master.maat.status
-EFFECT_INTERVAL_S=1
+EFFECT_INTERVAL_MS=1000
+GARBAGE_COLLECT_MS=30000
+RULE_UPDATE_CHECK_INTERVAL_MS=1000
 REDIS_IP=127.0.0.1
 REDIS_PORT_NUM=1
 REDIS_PORT=7002
@@ -20,7 +22,7 @@ MAAT_MODE=1
 STAT_SWITCH=1
 PERF_SWITCH=1
 TABLE_INFO=tsgconf/app_sketch_tableinfo.conf
-STAT_FILE=app_sketch_maat.status
+STAT_FILE=log/app_sketch.maat.status
 EFFECT_INTERVAL_S=1
 REDIS_IP=127.0.0.1
 REDIS_PORT_NUM=1
@@ -36,7 +38,7 @@ MAAT_MODE=1
 STAT_SWITCH=1
 PERF_SWITCH=1
 TABLE_INFO=tsgconf/capture_packet_tableinfo.conf
-STAT_FILE=capture_packet_maat.status
+STAT_FILE=log/capture_packet.maat.status
 EFFECT_INTERVAL_S=1
 REDIS_IP=192.168.44.72
 REDIS_PORT_NUM=1

bin/main.conf

@@ -1,13 +1,13 @@
 [MAAT]
 LOG_LEVEL=10
-LOG_PATH="./tsglog/maat/maat.log"
+LOG_PATH="log/master.maat.log"
 PROFILE="./tsgconf/maat.conf"
 
 [TSG_LOG]
 MODE=1
 NIC_NAME="lo"
 LOG_LEVEL=10
-LOG_PATH="./tsglog/tsglog"
+LOG_PATH="log/master.kafka"
 SASL_USERNAME="admin"
 SASL_PASSWD="galaxy2019"
 BROKER_LIST="127.0.0.1:9092"
@@ -35,7 +35,7 @@ APP_NAME="security_rule_hits"
 CYCLE=5
 TELEGRAF_PORT=8100
 TELEGRAF_IP="127.0.0.1"
-OUTPUT_PATH="./tsg_statistic.log"
+OUTPUT_PATH="log/master.metrics"
 APP_NAME="network_activity"
 
 [APP_METRIC]
@@ -48,7 +48,7 @@ APP_NAME="app_metric"
 CYCLE=30
 TELEGRAF_PORT=8125
 TELEGRAF_IP="127.0.0.1"
-OUTPUT_PATH="./tsg_stat.log"
+OUTPUT_PATH="log/master.status"
 APP_NAME="tsg_master"
 
 [SYSTEM]
@@ -57,7 +57,7 @@ LOG_LEVEL=10
 SCAN_TIME_INTERVAL=5
 DEFAULT_POLICY_ID=0
 DEFAULT_POLICY_SWITCH=0
-LOG_PATH="./tsglog/tsg_master"
+LOG_PATH="log/master.log"
 APP_BRIDGE_NAME="APP_BRIDGE"
 POLICY_PRIORITY_LABEL="POLICY_PRIORITY"
 L7_RPTOCOL_FILE="./tsgconf/tsg_l7_protocol.conf"

src/tsg_rule.cpp

@@ -1893,7 +1893,9 @@ struct maat *init_maat_feather(const char* conffile, char* instance_name, char *
 {
 	int deferred_load=0;
 	char maat_mode[32]={0};
-	int effect_interval=60;
+	int effect_interval_ms=60000;
+	int rule_update_interval_ms=60000;
+	int garbage_collect_ms=30000;
 	char effective_range_filename[1024]={0};
 	char effective_flag[1024]={0};
 	int output_prometheus=0;
@@ -1938,16 +1940,31 @@ struct maat *init_maat_feather(const char* conffile, char* instance_name, char *
 	MESA_load_profile_int_def(conffile, module,"DEFERRED_LOAD", &(deferred_load), 0);
 	MESA_load_profile_string_def(conffile,module,"TABLE_INFO",table_info, sizeof(table_info), "");
 	MESA_load_profile_string_def(conffile,module,"STAT_FILE",maat_stat_file, sizeof(maat_stat_file), "");
-	MESA_load_profile_int_def(conffile, module,"EFFECT_INTERVAL_S", &(effect_interval), 60);
+	MESA_load_profile_int_def(conffile, module,"EFFECT_INTERVAL_MS", &(effect_interval_ms), 60000);
-	effect_interval*=1000;//convert s to ms
+	MESA_load_profile_int_def(conffile, module,"RULE_UPDATE_CHECK_INTERVAL_MS", &(rule_update_interval_ms), 60000);
+	MESA_load_profile_int_def(conffile, module,"GARBAGE_COLLECT_MS", &(garbage_collect_ms), 60000);
 
 	struct maat_options *opts=maat_options_new();
 	size_t thread_max=(size_t)get_thread_count();
 	maat_options_set_logger(opts, log_path, (enum log_level)_log_level);
 	maat_options_set_caller_thread_number(opts, thread_max);
 	maat_options_set_accept_tags(opts, (const char *)effective_flag);
-	maat_options_set_rule_effect_interval_ms(opts, effect_interval);
+	maat_options_set_rule_effect_interval_ms(opts, effect_interval_ms);
 	maat_options_set_instance_name(opts, instance_name);
+	maat_options_set_foreign_cont_dir(opts, "./alerts_files");
+	maat_options_set_stat_file(opts, maat_stat_file);
+	maat_options_set_rule_update_checking_interval_ms(opts, rule_update_interval_ms);
+	maat_options_set_gc_timeout_ms(opts,  garbage_collect_ms);
+
+	if(maat_stat_on==1)
+	{
+		maat_options_set_stat_on(opts);
+	}
+	if(maat_perf_on)
+	{
+		maat_options_set_perf_on(opts);
+	}
+
 	if(deferred_load==1)
 	{
 		maat_options_set_deferred_load_on(opts);