예제 #1
0
    def accesslog_to_sql(self, local=False):
        nad_datas = []
        _accesslog_datas = self.get_latest_accsslog()
        for x in _accesslog_datas:
            obj = x.copy()
            try:
                obj["time_local"] = get_pydt_based_logdt(
                    re.match("(.*?)\s(.*)", obj["time_local"]).group(1))
                obj["timestamp"] = obj["time_local"]

                try:
                    obj["request_id"] = obj["request_id"]
                except:
                    obj["request_id"] = uuid4()

                obj["upstream_response_time"] = "0.01" if obj[
                    "upstream_response_time"] == "-" else "0.0"
                obj["request_time"] = "0.01" if obj[
                    "upstream_response_time"] == "-" else "0.0"
            except:
                logging.error("Error:存在AccessLog日志不一样的正则 " + obj["time_local"])

                continue
            nad_datas.append(obj)
        seccess_insert_num = self.many_insert2_accesslog(nad_datas)

        logging.info("插入【" + str(seccess_insert_num) + "】条新数据到访问日志SQL数据库成功")
    def modseclog_to_sql(self):
        # from datetime import datetime
        # default_time = datetime(1995, 8, 14)
        nad_datas = self.get_latest_modseclog()

        from django.core.paginator import Paginator
        p = Paginator(nad_datas, self.MAX_INSERT_NUM)  # 分页列别
        page_count = p.num_pages  # 总页数
        seccess_insert_num = 0

        from xsqlmb.api.logstash.utils.get_table_columns import get_waf_alert_log_columns
        cols = get_waf_alert_log_columns()

        _columns = "`" + "`, `".join(cols) + "`"
        _keys = cols

        for x in [x + 1 for x in range(page_count)]:
            nad_list = list(p.page(x).object_list)
            try:
                _insert_num = MutiTypesInsets2SqlClass(table_name=WAF_ALERT_LOG_SQL_TABLE).arrays2sql2(
                    nad_list, columns_order=_columns, keys_list=_keys)
                seccess_insert_num += len(_insert_num)
            except:
                logging.error("告警日志格式化存在键值对异常或者重复插入。")

            finally:
                import json
                _detailed_list = [ [x["audit_logid"], json.dumps(x)] for x in nad_list ]
                MutiTypesInsets2SqlClass(table_name=WAF_ALERT_LOG_DETAILED_SQL_TABLE).arrays2sql(
                    _detailed_list, columns_order="`audit_logid`,`detaild`"
                )

        logging.info("插入【" + str(seccess_insert_num) + "】条新数据到告警日志SQL数据库成功")
def convert_auditlog_detaild(audit_logid, audit_logid_datas=None):
    """
    根据日志产生的 audit_logid 获取到所有的日志信息
    :param audit_logid:
    :param audit_logid_datas:
    :return:
    """
    temp = {"audit_logid": audit_logid}
    try:
        alog, blog, flog, hlog = False, False, False, False
        for x in audit_logid_datas:
            # exec("""temp = dict(temp, **modsec_"""+ x["auditlog_signal"] +"""log_extract(x["auditlog_content"]))""")
            if x["auditlog_signal"] == "A":
                temp = dict(temp, **modsec_Alog_extract(re_upgrade_str(x["auditlog_content"])))
                alog = True
            if x["auditlog_signal"] == "B":
                temp = dict(temp, **modsec_Blog_extract(re_upgrade_str(x["auditlog_content"])))
                blog = True
            if x["auditlog_signal"] == "F":
                temp = dict(temp, **modsec_Flog_extract(re_upgrade_str(x["auditlog_content"])))
                flog = True
            if x["auditlog_signal"] == "H":
                temp = dict(temp, **modsec_Hlog_extract(re_upgrade_str(x["auditlog_content"])))
                hlog = True
        if not hlog:
            temp = dict(temp, **dict(msg="Sensitive Url Payload Alert.", category="异常捕获"))

        if alog and blog and flog:
            return temp
    except:
        from xsqlmb.api.logstash.scripts.txt.get_common_logs import logging
        logging.error("extract告警日志错误!" + str(audit_logid))
        return None
예제 #4
0
def sql_action(sql):
    connection = pymysql.connect(**MPP_CONFIG)
    corsor = connection.cursor()

    try:
        corsor.execute(sql)
        connection.commit()
    # print(sql)
    except :
        try:
            from xsqlmb.src.cfgs.logConfig import logging
        except:
            import logging
        logging.error({"query_sql": sql, "stat": 0})
    finally:
        corsor.close()
        connection.close()
    return True
예제 #5
0
def from_sql_get_data(sql):
    # Connect to the database
    connection = pymysql.connect(**MPP_CONFIG)
    corsor = connection.cursor()
    corsor.execute(sql)
    try:
        res = corsor.fetchall()
        try:
            data = {"data": res, "heads": [x[0] for x in corsor.description]}
        except:
            data = None
            try:
                from xsqlmb.src.cfgs.logConfig import logging
            except:
                import logging
            logging.error({"query_sql": sql, "stat": 0})
    finally:
        ## connection.commit()
        corsor.close()
        connection.close()
    return data