Authored by qinchao

恶意ip

@@ -11,7 +11,7 @@ import java.util.Set; @@ -11,7 +11,7 @@ import java.util.Set;
11 */ 11 */
12 public interface MaliciousIpMapper { 12 public interface MaliciousIpMapper {
13 void insertMip(String influxDBName, String ip); 13 void insertMip(String influxDBName, String ip);
14 - void insertMipObj(String influxDBName, String ip,String reason,String duration,String hbaseTime); 14 + void insertMipObj(String influxDBName, String ip,String reason,String duration,String hbaseTime,String createTimeStr);
15 15
16 16
17 Map<String,Map<String,String>> getMaliousIpInfo(Set<String> listMaliciousIp, String cloud); 17 Map<String,Map<String,String>> getMaliousIpInfo(Set<String> listMaliciousIp, String cloud);
@@ -51,13 +51,13 @@ public class MaliciousIpMapperImpl extends InfluxDBQuery implements MaliciousIpM @@ -51,13 +51,13 @@ public class MaliciousIpMapperImpl extends InfluxDBQuery implements MaliciousIpM
51 51
52 //duration 是influxdb关键字,因此字段名称取为dur,保留策略: rp_thirtyweek 52 //duration 是influxdb关键字,因此字段名称取为dur,保留策略: rp_thirtyweek
53 //由于不是默认的保留策略,因此执行查询时,select * from rp_thirtyweek.monitor_malicousips where value= '127.0.0.1'; 53 //由于不是默认的保留策略,因此执行查询时,select * from rp_thirtyweek.monitor_malicousips where value= '127.0.0.1';
54 - public void insertMipObj(String influxDBName, String ip,String reason,String duration,String hbaseTime){ 54 + public void insertMipObj(String influxDBName, String ip,String reason,String duration,String hbaseTime,String createTimeStr){
55 BatchPoints batchPoints = BatchPoints 55 BatchPoints batchPoints = BatchPoints
56 .database(InfluxDBContants.YOMO_MONITOR).retentionPolicy(mip_rpname) 56 .database(InfluxDBContants.YOMO_MONITOR).retentionPolicy(mip_rpname)
57 .build(); 57 .build();
58 Point point = Point.measurement("monitor_malicousips") 58 Point point = Point.measurement("monitor_malicousips")
59 .tag("ip",ip) 59 .tag("ip",ip)
60 - .addField("value", ip).addField("dur",duration).addField("reason",reason).addField("hbasetime",hbaseTime).build(); 60 + .addField("value", ip).addField("dur",duration).addField("reason",reason).addField("hbasetime",hbaseTime).addField("createtime",createTimeStr).build();
61 batchPoints.point(point); 61 batchPoints.point(point);
62 inluxDBSingle.getInfluxDBByName(influxDBName).getInfluxDB() 62 inluxDBSingle.getInfluxDBByName(influxDBName).getInfluxDB()
63 .write(batchPoints); 63 .write(batchPoints);
@@ -98,11 +98,13 @@ public class MaliciousIpMapperImpl extends InfluxDBQuery implements MaliciousIpM @@ -98,11 +98,13 @@ public class MaliciousIpMapperImpl extends InfluxDBQuery implements MaliciousIpM
98 continue; 98 continue;
99 String ip = tags.get("ip");//ip 99 String ip = tags.get("ip");//ip
100 if(s.getValues() == null ) continue; 100 if(s.getValues() == null ) continue;
  101 +
101 for(List<Object> ls : s.getValues()){ 102 for(List<Object> ls : s.getValues()){
102 Map<String,String> m = new HashMap(); 103 Map<String,String> m = new HashMap();
  104 + m.put("createtime",""+ ls.get(s.getColumns().indexOf("createtime"))==null?"":String.valueOf(ls.get(s.getColumns().indexOf("createtime"))));
103 m.put("reason",(String) ls.get(s.getColumns().indexOf("reason"))); 105 m.put("reason",(String) ls.get(s.getColumns().indexOf("reason")));
104 m.put("dur",(String) ls.get(s.getColumns().indexOf("dur"))); 106 m.put("dur",(String) ls.get(s.getColumns().indexOf("dur")));
105 - m.put("time",""+ls.get(s.getColumns().indexOf("time"))); 107 + m.put("hbasetime", ls.get(s.getColumns().indexOf("hbasetime"))==null?"":String.valueOf(ls.get(s.getColumns().indexOf("hbasetime"))));
106 resultMap.put(ip,m); 108 resultMap.put(ip,m);
107 } 109 }
108 } 110 }
@@ -2,15 +2,12 @@ package com.monitor.other.maliciousip.model; @@ -2,15 +2,12 @@ package com.monitor.other.maliciousip.model;
2 2
3 import lombok.Data; 3 import lombok.Data;
4 4
5 -import java.util.List;  
6 -import java.util.Map;  
7 -  
8 /** 5 /**
9 * 恶意ip内容集合 6 * 恶意ip内容集合
10 * @author hui.xu 7 * @author hui.xu
11 * 8 *
12 */ 9 */
13 - 10 +@Data
14 public class MaliciousIp { 11 public class MaliciousIp {
15 12
16 /** 13 /**
@@ -61,106 +58,14 @@ public class MaliciousIp { @@ -61,106 +58,14 @@ public class MaliciousIp {
61 58
62 private long ts; 59 private long ts;
63 60
  61 + private String hbaseTime;
  62 +
64 /**/ 63 /**/
65 /*private List<String> reason; 64 /*private List<String> reason;
66 private List<String> duration;*/ 65 private List<String> duration;*/
67 private String reasonDur; 66 private String reasonDur;
68 67
69 - public String getIp() {  
70 - return ip;  
71 - }  
72 68
73 - public void setIp(String ip) {  
74 - this.ip = ip;  
75 - }  
76 -  
77 - public long getAllCount() {  
78 - return allCount;  
79 - }  
80 -  
81 - public void setAllCount(long allCount) {  
82 - this.allCount = allCount;  
83 - }  
84 -  
85 - public long getQps() {  
86 - return qps;  
87 - }  
88 -  
89 - public void setQps(long qps) {  
90 - this.qps = qps;  
91 - }  
92 -  
93 - public long getImpCount() {  
94 - return impCount;  
95 - }  
96 -  
97 - public void setImpCount(long impCount) {  
98 - this.impCount = impCount;  
99 - }  
100 -  
101 - public double getIpPrecent() {  
102 - return ipPrecent;  
103 - }  
104 -  
105 - public void setIpPrecent(double ipPrecent) {  
106 - this.ipPrecent = ipPrecent;  
107 - }  
108 -  
109 - public double getImpApiPrecent() {  
110 - return impApiPrecent;  
111 - }  
112 -  
113 - public void setImpApiPrecent(double impApiPrecent) {  
114 - this.impApiPrecent = impApiPrecent;  
115 - }  
116 -  
117 - public long getUdidCount() {  
118 - return udidCount;  
119 - }  
120 -  
121 - public void setUdidCount(long udidCount) {  
122 - this.udidCount = udidCount;  
123 - }  
124 -  
125 - public long getNotExsitUdidCount() {  
126 - return notExsitUdidCount;  
127 - }  
128 -  
129 - public void setNotExsitUdidCount(long notExsitUdidCount) {  
130 - this.notExsitUdidCount = notExsitUdidCount;  
131 - }  
132 -  
133 - public String getTimestamp() {  
134 - return timestamp;  
135 - }  
136 -  
137 - public void setTimestamp(String timestamp) {  
138 - this.timestamp = timestamp;  
139 - }  
140 -  
141 - public String getTime() {  
142 - return time;  
143 - }  
144 -  
145 - public void setTime(String time) {  
146 - this.time = time;  
147 - }  
148 -  
149 - public String getReasonDur() {  
150 - return reasonDur;  
151 - }  
152 -  
153 - public void setReasonDur(String reasonDur) {  
154 - this.reasonDur = reasonDur;  
155 - }  
156 -  
157 - public long getTs() {  
158 - return ts;  
159 - }  
160 -  
161 - public void setTs(long ts) {  
162 - this.ts = ts;  
163 - }  
164 69
165 70
166 @Override 71 @Override
@@ -171,6 +171,8 @@ public class MaliciousIpServiceImpl implements MaliciousIpService { @@ -171,6 +171,8 @@ public class MaliciousIpServiceImpl implements MaliciousIpService {
171 //发送拦截短信 171 //发送拦截短信
172 String mobile_yunwei = getUsersInfoUtil.getMobileByAlarmGroup(AlarmGroupContants.GROUP_NAME_MALICIOUS_IP); 172 String mobile_yunwei = getUsersInfoUtil.getMobileByAlarmGroup(AlarmGroupContants.GROUP_NAME_MALICIOUS_IP);
173 173
  174 + SimpleDateFormat sdf = new SimpleDateFormat("yyyy-MM-dd HH:mm:ss");
  175 + String createTimeStr=sdf.format(new Date());
174 for(int i=0;i<ipsObjArray.size();i++){ 176 for(int i=0;i<ipsObjArray.size();i++){
175 JSONObject jo= ipsObjArray.getJSONObject(i); 177 JSONObject jo= ipsObjArray.getJSONObject(i);
176 String ip=jo.getString("ip"); 178 String ip=jo.getString("ip");
@@ -182,7 +184,7 @@ public class MaliciousIpServiceImpl implements MaliciousIpService { @@ -182,7 +184,7 @@ public class MaliciousIpServiceImpl implements MaliciousIpService {
182 alarmMsgService.sendSms("MaliciousIp", smsStr, mobile_yunwei); 184 alarmMsgService.sendSms("MaliciousIp", smsStr, mobile_yunwei);
183 185
184 try { 186 try {
185 - maliciousIpMapper.insertMipObj(influxDBStr, ip, reason, duration,hbaseTime); 187 + maliciousIpMapper.insertMipObj(influxDBStr, ip, reason, duration,hbaseTime,createTimeStr);
186 } catch (Exception e) { 188 } catch (Exception e) {
187 logger.error("writeMipsObjToOpsReids insert mip into influxdb failed", e); 189 logger.error("writeMipsObjToOpsReids insert mip into influxdb failed", e);
188 } 190 }
@@ -359,6 +361,8 @@ public class MaliciousIpServiceImpl implements MaliciousIpService { @@ -359,6 +361,8 @@ public class MaliciousIpServiceImpl implements MaliciousIpService {
359 long ts=0l; 361 long ts=0l;
360 String insertTime=""; 362 String insertTime="";
361 String insertTime2=""; 363 String insertTime2="";
  364 + String hbaseTime="";
  365 + String hbaseTime2="";
362 for(String mipKey : mipKeys){ 366 for(String mipKey : mipKeys){
363 MaliciousIp mip = new MaliciousIp(); 367 MaliciousIp mip = new MaliciousIp();
364 mip.setIp(mipKey); 368 mip.setIp(mipKey);
@@ -368,7 +372,8 @@ public class MaliciousIpServiceImpl implements MaliciousIpService { @@ -368,7 +372,8 @@ public class MaliciousIpServiceImpl implements MaliciousIpService {
368 if( awsIpInfo.get(mipKey) != null){ 372 if( awsIpInfo.get(mipKey) != null){
369 Map<String,String> awsInfo = awsIpInfo.get(mipKey); 373 Map<String,String> awsInfo = awsIpInfo.get(mipKey);
370 String reason=awsInfo.get("reason"); 374 String reason=awsInfo.get("reason");
371 - insertTime=awsInfo.get("time"); 375 + insertTime=awsInfo.get("createtime");
  376 + hbaseTime=awsInfo.get("hbasetime");
372 try{ 377 try{
373 MaliciousIpModel model=JSON.parseObject(reason,MaliciousIpModel.class); 378 MaliciousIpModel model=JSON.parseObject(reason,MaliciousIpModel.class);
374 reason=model.toHtmlString(); 379 reason=model.toHtmlString();
@@ -386,7 +391,8 @@ public class MaliciousIpServiceImpl implements MaliciousIpService { @@ -386,7 +391,8 @@ public class MaliciousIpServiceImpl implements MaliciousIpService {
386 reasonDur += "</br>"; 391 reasonDur += "</br>";
387 } 392 }
388 String reason=qcloudInfo.get("reason"); 393 String reason=qcloudInfo.get("reason");
389 - insertTime2=qcloudInfo.get("time"); 394 + insertTime2=qcloudInfo.get("createtime");
  395 + hbaseTime2=qcloudInfo.get("hbasetime");
390 try{ 396 try{
391 MaliciousIpModel model=JSON.parseObject(reason,MaliciousIpModel.class); 397 MaliciousIpModel model=JSON.parseObject(reason,MaliciousIpModel.class);
392 reason=model.toHtmlString(); 398 reason=model.toHtmlString();
@@ -414,15 +420,23 @@ public class MaliciousIpServiceImpl implements MaliciousIpService { @@ -414,15 +420,23 @@ public class MaliciousIpServiceImpl implements MaliciousIpService {
414 }*/ 420 }*/
415 mip.setTs(ts); 421 mip.setTs(ts);
416 if(StringUtils.isNotBlank(insertTime)&&StringUtils.isNotBlank(insertTime2)){ 422 if(StringUtils.isNotBlank(insertTime)&&StringUtils.isNotBlank(insertTime2)){
417 - try{  
418 if(insertTime.compareTo(insertTime2)>0){ 423 if(insertTime.compareTo(insertTime2)>0){
419 - mip.setTime(insertTime.substring(0,10)+" "+insertTime.substring(11,19)); 424 + mip.setTime(insertTime);
420 }else{ 425 }else{
421 - mip.setTime(insertTime2.substring(0,10)+" "+insertTime2.substring(11,19)); 426 + mip.setTime(insertTime2);
  427 + }
422 } 428 }
423 - }catch (Exception e){  
424 429
  430 + if(StringUtils.isNotBlank(hbaseTime)&&StringUtils.isNotBlank(hbaseTime2)){
  431 + if(hbaseTime.compareTo(hbaseTime2)>0){
  432 + mip.setHbaseTime(hbaseTime);
  433 + }else{
  434 + mip.setHbaseTime(hbaseTime2);
425 } 435 }
  436 + }else if(StringUtils.isNotBlank(hbaseTime2)){
  437 + mip.setHbaseTime(hbaseTime);
  438 + }else{
  439 + mip.setHbaseTime(hbaseTime2);
426 } 440 }
427 441
428 listMaliciousIp.add(mip); 442 listMaliciousIp.add(mip);