You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
219 lines
7.7 KiB
219 lines
7.7 KiB
4 months ago
|
#!/usr/bin/python
|
||
|
# encoding=utf-8
|
||
|
# author: tangwy
|
||
|
|
||
|
import json
|
||
|
import os, re
|
||
|
import codecs
|
||
|
import traceback
|
||
|
from collections import defaultdict
|
||
|
|
||
|
from isoc.utils.esUtil import EsUtil
|
||
|
from isoc.utils.dashboard_data_conversion import ip_summary_data_format, account_summary_data_format, \
|
||
|
interface_summary_data_format, menu_summary_data_format, calculate_time_difference, summary_data_reqs_format
|
||
|
from dataInterface.functions import CFunction
|
||
|
from dataInterface.db.params import CPgSqlParam
|
||
|
|
||
|
from ext_logging import logger
|
||
|
|
||
|
TABLE_NAME = "ueba_logs"
|
||
|
|
||
|
DATA_TYPE = {
|
||
|
"IP": 1,
|
||
|
"ACCOUNT": 2,
|
||
|
"INTERFACE": 3,
|
||
|
"MENU": 4,
|
||
|
}
|
||
|
|
||
|
|
||
|
def pg_get_ip_group_data(startTime, endTime):
|
||
|
"""
|
||
|
IP维度查询
|
||
|
:param startTime: 开始时间,
|
||
|
:param endTime: 结束时间,
|
||
|
"""
|
||
|
result = []
|
||
|
sql = """ select ip, jobnum, sum(count) from {TABLE_NAME}
|
||
|
where logdate >= %s and logate < %s and data_type = %s
|
||
|
group by ip, jobnum""".format(TABLE_NAME=TABLE_NAME)
|
||
|
res = CFunction.execute(CPgSqlParam(sql, params=(startTime, endTime, DATA_TYPE["IP"])))
|
||
|
if res:
|
||
|
for item in res:
|
||
|
result.append({
|
||
|
"ip": item[0],
|
||
|
"jobnum": item[2],
|
||
|
"count": item[3],
|
||
|
})
|
||
|
return result
|
||
|
|
||
|
|
||
|
def pg_get_account_group_data(startTime, endTime):
|
||
|
"""
|
||
|
账号维度查询
|
||
|
:param startTime: 开始时间,
|
||
|
:param endTime: 结束时间,
|
||
|
"""
|
||
|
result = []
|
||
|
sql = """ select account, jobnum, sum(count) from {TABLE_NAME}
|
||
|
where logdate >= %s and logate < %s and data_type = %s
|
||
|
group by account, jobnum""".format(TABLE_NAME=TABLE_NAME)
|
||
|
res = CFunction.execute(CPgSqlParam(sql, params=(startTime, endTime, DATA_TYPE["ACCOUNT"])))
|
||
|
if res:
|
||
|
for item in res:
|
||
|
result.append({
|
||
|
"account": item[0],
|
||
|
"jobnum": item[2],
|
||
|
"count": item[3],
|
||
|
})
|
||
|
return result
|
||
|
|
||
|
|
||
|
def pg_get_interface_group_data(startTime, endTime):
|
||
|
"""
|
||
|
接口维度查询
|
||
|
:param startTime: 开始时间,
|
||
|
:param endTime: 结束时间,
|
||
|
"""
|
||
|
result = []
|
||
|
sql = """ select interface, sip, jobnum, sum(count) from {TABLE_NAME}
|
||
|
where logdate >= %s and logate < %s and data_type = %s
|
||
|
group by interface, ip, jobnum""".format(TABLE_NAME=TABLE_NAME)
|
||
|
res = CFunction.execute(CPgSqlParam(sql, params=(startTime, endTime, DATA_TYPE["INTERFACE"])))
|
||
|
if res:
|
||
|
for item in res:
|
||
|
result.append({
|
||
|
"interface": item[0],
|
||
|
"ip": item[1],
|
||
|
"jobnum": item[2],
|
||
|
"count": item[3],
|
||
|
})
|
||
|
return result
|
||
|
|
||
|
|
||
|
def pg_get_menu_group_data(startTime, endTime):
|
||
|
"""
|
||
|
菜单维度查询
|
||
|
:param startTime: 开始时间,
|
||
|
:param endTime: 结束时间,
|
||
|
"""
|
||
|
result = []
|
||
|
sql = """ select menu, sip, jobnum, sum(count) from {TABLE_NAME}
|
||
|
where logdate >= %s and logate < %s and data_type = %s
|
||
|
group by menu, ip, jobnum""".format(TABLE_NAME=TABLE_NAME)
|
||
|
res = CFunction.execute(CPgSqlParam(sql, params=(startTime, endTime, DATA_TYPE["MENU"])))
|
||
|
if res:
|
||
|
for item in res:
|
||
|
result.append({
|
||
|
"menu": item[0],
|
||
|
"ip": item[1],
|
||
|
"jobnum": item[2],
|
||
|
"count": item[3],
|
||
|
})
|
||
|
return result
|
||
|
|
||
|
|
||
|
def pg_get_previous_company_count(startTime, endTime, data_type):
|
||
|
"""
|
||
|
账号维度查询菜请求次数
|
||
|
:param startTime: 开始时间,
|
||
|
:param endTime: 结束时间,
|
||
|
:param data_type: 公司聚合类型 ACCOUNT or IP ,
|
||
|
"""
|
||
|
result = defaultdict(int)
|
||
|
if data_type in DATA_TYPE:
|
||
|
data_type = DATA_TYPE[data_type]
|
||
|
sql = """ select jobnum, sum(count) from {TABLE_NAME}
|
||
|
where logdate >= %s and logate < %s and data_type = %s
|
||
|
group by jobnum""".format(TABLE_NAME=TABLE_NAME)
|
||
|
res = CFunction.execute(CPgSqlParam(sql, params=(startTime, endTime, data_type)))
|
||
|
if res:
|
||
|
for item in res:
|
||
|
company = find_region_by_code(item[0], jobnum_region_dict)
|
||
|
result[company] += item[1]
|
||
|
return result
|
||
|
|
||
|
|
||
|
def pg_get_previous_interface_count(startTime, endTime):
|
||
|
"""
|
||
|
接口维度查询请求总次数
|
||
|
:param startTime: 开始时间,
|
||
|
:param endTime: 结束时间,
|
||
|
"""
|
||
|
result = defaultdict(int)
|
||
|
sql = """ select interface, sum(count) from {TABLE_NAME}
|
||
|
where logdate >= %s and logate < %s and data_type = %s
|
||
|
group by interface""".format(TABLE_NAME=TABLE_NAME)
|
||
|
res = CFunction.execute(CPgSqlParam(sql, params=(startTime, endTime, DATA_TYPE["INTERFACE"])))
|
||
|
if res:
|
||
|
for item in res:
|
||
|
result[item[0]] += item[1]
|
||
|
return result
|
||
|
|
||
|
|
||
|
def pg_get_previous_menu_count(startTime, endTime):
|
||
|
"""
|
||
|
菜单维度查询请求总次数
|
||
|
:param startTime: 开始时间,
|
||
|
:param endTime: 结束时间,
|
||
|
"""
|
||
|
result = defaultdict(int)
|
||
|
sql = """ select menu, sum(count) from {TABLE_NAME}
|
||
|
where logdate >= %s and logate < %s and data_type = %s
|
||
|
group by menu""".format(TABLE_NAME=TABLE_NAME)
|
||
|
res = CFunction.execute(CPgSqlParam(sql, params=(startTime, endTime, DATA_TYPE["MENU"])))
|
||
|
if res:
|
||
|
for item in res:
|
||
|
result[item[0]] += item[1]
|
||
|
return result
|
||
|
|
||
|
|
||
|
def entry(data_type, start, end):
|
||
|
# 前一段开始时间
|
||
|
previous_time = calculate_time_difference(start, end)
|
||
|
|
||
|
try:
|
||
|
data = {}
|
||
|
if data_type == "1":
|
||
|
ip_summary_data = pg_get_ip_group_data(start, end)
|
||
|
data = ip_summary_data_format(ip_summary_data)
|
||
|
|
||
|
previous_company_dict = pg_get_previous_company_count(previous_time, start, "IP")
|
||
|
for d in data["summary"]["account"]:
|
||
|
d["trend"] = round(
|
||
|
(d["req_frequency"] - previous_company_dict.get(d["company"], 0)) / previous_company_dict.get(
|
||
|
d["company"], 0), 4)
|
||
|
|
||
|
if data_type == "2":
|
||
|
account_summary_data = pg_get_account_group_data(start, end)
|
||
|
data = account_summary_data_format(account_summary_data)
|
||
|
|
||
|
previous_company_dict = pg_get_previous_company_count(previous_time, start, "ACCOUNT")
|
||
|
for d in data["summary"]["account"]:
|
||
|
d["trend"] = round(
|
||
|
(d["req_frequency"] - previous_company_dict.get(d["company"], 0)) / previous_company_dict.get(
|
||
|
d["company"], 0), 4)
|
||
|
|
||
|
if data_type == "3":
|
||
|
interface_summary_data = pg_get_interface_group_data(start, end)
|
||
|
data = interface_summary_data_format(interface_summary_data)
|
||
|
|
||
|
previous_interface_dict = pg_get_previous_interface_count(previous_time, start)
|
||
|
for d in data["summary"]["account"]:
|
||
|
d["trend"] = round(
|
||
|
(d["req_frequency"] - previous_interface_dict.get(d["company"], 0)) / previous_interface_dict.get(
|
||
|
d["company"], 0), 4)
|
||
|
|
||
|
if data_type == "4":
|
||
|
menu_summary_data = pg_get_menu_group_data(start, end)
|
||
|
data = menu_summary_data_format(menu_summary_data)
|
||
|
|
||
|
previous_menu_dict = pg_get_previous_menu_count(previous_time, start)
|
||
|
for d in data["summary"]["account"]:
|
||
|
d["trend"] = round(
|
||
|
(d["req_frequency"] - previous_menu_dict.get(d["company"], 0)) / previous_menu_dict.get(
|
||
|
d["company"], 0), 4)
|
||
|
return data
|
||
|
except Exception, e:
|
||
|
logger.error("分析结构获取失败, err: {}, traceback: {}".format(str(e), traceback.format_exc()))
|
||
|
raise e
|