def accesslog_to_sql(self, local=False):
nad_datas = []
_accesslog_datas = self.get_latest_accsslog()
for x in _accesslog_datas:
obj = x.copy()
try:
obj["time_local"] = get_pydt_based_logdt(
re.match("(.*?)\s(.*)", obj["time_local"]).group(1))
obj["timestamp"] = obj["time_local"]
try:
obj["request_id"] = obj["request_id"]
except:
obj["request_id"] = uuid4()
obj["upstream_response_time"] = "0.01" if obj[
"upstream_response_time"] == "-" else "0.0"
obj["request_time"] = "0.01" if obj[
"upstream_response_time"] == "-" else "0.0"
except:
logging.error("Error:存在AccessLog日志不一样的正则 " + obj["time_local"])
continue
nad_datas.append(obj)
seccess_insert_num = self.many_insert2_accesslog(nad_datas)
logging.info("插入【" + str(seccess_insert_num) + "】条新数据到访问日志SQL数据库成功")
def modsec_Alog_extract(content_str):
matched1 = re.match(
"\[(.*?) \+0[8|0]00\] (\d+\.\d+) (.*?) (\d+) (.*?) (\d+).*?",
content_str.replace("\n", ""))
## 这个位置谨防告警日期格式存在其他情况; 后续再增加正则匹配
if matched1:
res = dict(
audit_time=get_pydt_based_logdt(matched1.group(1)),
uniq_id=matched1.group(2),
src_ip=matched1.group(3),
logsize=matched1.group(4),
src_host=matched1.group(5),
server_port=matched1.group(6),
)
return res
print("==============1============")
print(content_str)
print("==============2============")
return dict(
audit_time=str(datetime.now()),
uniq_id="-",
src_ip="121.121.121.121",
logsize=0,
src_host="-",
server_port="0",
)