commit
315f1470ec
@ -1,38 +1,150 @@ |
||||
{ |
||||
"white_list": { |
||||
"ip": [ |
||||
400000, |
||||
400001 |
||||
510400, |
||||
510401, |
||||
510402, |
||||
510405, |
||||
510406, |
||||
510407, |
||||
510404, |
||||
510403, |
||||
510030, |
||||
510031, |
||||
510009, |
||||
510008, |
||||
510004, |
||||
510408, |
||||
510410, |
||||
510409 |
||||
], |
||||
"account": [ |
||||
400000, |
||||
400001 |
||||
510400, |
||||
510401, |
||||
510402, |
||||
510405, |
||||
510406, |
||||
510407, |
||||
510404, |
||||
510403, |
||||
510030, |
||||
510031, |
||||
510009, |
||||
510008, |
||||
510004, |
||||
510408, |
||||
510410, |
||||
510409 |
||||
], |
||||
"interface": [ |
||||
400000, |
||||
400001 |
||||
510400, |
||||
510401, |
||||
510402, |
||||
510405, |
||||
510406, |
||||
510407, |
||||
510404, |
||||
510403, |
||||
510030, |
||||
510031, |
||||
510009, |
||||
510008, |
||||
510004, |
||||
510408, |
||||
510410, |
||||
510409 |
||||
], |
||||
"menu": [ |
||||
400000, |
||||
400001 |
||||
510400, |
||||
510401, |
||||
510402, |
||||
510405, |
||||
510406, |
||||
510407, |
||||
510404, |
||||
510403, |
||||
510030, |
||||
510031, |
||||
510009, |
||||
510008, |
||||
510004, |
||||
510408, |
||||
510410, |
||||
510409 |
||||
] |
||||
}, |
||||
"grey_list": { |
||||
"ip": [ |
||||
400000, |
||||
400001 |
||||
510400, |
||||
510401, |
||||
510402, |
||||
510405, |
||||
510406, |
||||
510407, |
||||
510404, |
||||
510403, |
||||
510030, |
||||
510031, |
||||
510009, |
||||
510008, |
||||
510004, |
||||
510408, |
||||
510410, |
||||
510409 |
||||
], |
||||
"account": [ |
||||
400000, |
||||
400001 |
||||
510400, |
||||
510401, |
||||
510402, |
||||
510405, |
||||
510406, |
||||
510407, |
||||
510404, |
||||
510403, |
||||
510030, |
||||
510031, |
||||
510009, |
||||
510008, |
||||
510004, |
||||
510408, |
||||
510410, |
||||
510409 |
||||
], |
||||
"interface": [ |
||||
400000, |
||||
400001 |
||||
510400, |
||||
510401, |
||||
510402, |
||||
510405, |
||||
510406, |
||||
510407, |
||||
510404, |
||||
510403, |
||||
510030, |
||||
510031, |
||||
510009, |
||||
510008, |
||||
510004, |
||||
510408, |
||||
510410, |
||||
510409 |
||||
], |
||||
"menu": [ |
||||
400000, |
||||
400001 |
||||
510400, |
||||
510401, |
||||
510402, |
||||
510405, |
||||
510406, |
||||
510407, |
||||
510404, |
||||
510403, |
||||
510030, |
||||
510031, |
||||
510009, |
||||
510008, |
||||
510004, |
||||
510408, |
||||
510410, |
||||
510409 |
||||
] |
||||
} |
||||
} |
@ -1,210 +0,0 @@ |
||||
# coding:utf-8 |
||||
|
||||
import sys |
||||
import uuid |
||||
import json |
||||
import time |
||||
import random |
||||
|
||||
path = str(sys.path[0]) |
||||
home_path = path.split("isop_uebaapiData")[0] |
||||
sys.path.append(home_path) |
||||
from isop_uebaapiData.util import send_logs |
||||
|
||||
def alarm(cookies, api): |
||||
"""2、HTTP日志""" |
||||
inputstr = '''[{"msgtype":1,"hash":"8DE9-BDAB-F622-2FA8","dev_ip":"10.67.5.17","product":"uts"},{"sid":"6004744450036c44f815500016d00a5f5151105430a3ed","timestamp":1567673939,"sip":"10.67.0.52","sport":5624,"dip":"10.67.0.53","dport":80,"protocol":6,"app":3087428650795009,"app_proto":8,"direct":4,"app.detail":{"method":"GET","http_protocol":"1.1","ret_code":200,"host":"10.67.1.1","uri":"/webtest/uploadFile.php","referer":"http://[2222::65]/webtest/","content_type":" multipart/form-data; boundary=----WebKitFormBoundary2zcCUl4lQf1h7A7S","content_type_server":" text/html","server":"Apache/2.4.4 (Win32) OpenSSL/0.9.8y PHP/5.4.19","user_agent":"Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.87 Safari/537.36","link":"","cookies":"loginmainacctid=wangshiguang;operatorId=d2601586;com.huawei.boss.CURRENT_MENUID=BLAR_ChargeCrm3_WEB;","content_encoding":"","location":"","content_length":70080,"content_length_server":200,"set_cookie":"","range":"","connection":"keep-alive","connection_server":"Keep-Alive","x_forwarded_for":"","post_data":"LS0tLS0tV2ViS2l0Rm9ybUJvdW5kYXJ5MnpjQ1VsNGxRZjFoN0E3Uw0KQ29udGVudC1EaXNwb3NpdGlvbjogZm9ybS1kYXRhOyBuYW1lPSJmaWxlIjsgZmlsZW5hbWU9IjAwMDFhZDQ0MWRjYjM4NjIxOGE3Njk5MmFjZjhiNzA1Ig0=","response_body":"VXBsb2FkOiAwMDAxYWQ0NDFkY2IzODYyMThhNzY5OTJhY2Y4YjcwNTxiciAvPlR5cGU6IGFwcGxpY2F0aW9uL29jdGV0LXN0cmVhbTxiciAvPlNpemU6IDY4LjEyNzkyOTY4NzUgS2I8YnIgLz5UZW1wIGZpbGU6IEQ6XHhhbXBwXHRtcFxwaHA2ODI1LnRtcDxiciAvPjAwMDFhZDQ0MWRjYjM4NjIxOGE3Njk5MmFjZjhiNzA1IGFscmVhZHkgZXhpc3RzLiA="}}]''' |
||||
inputarr = json.loads(inputstr, strict=False) |
||||
# 随机生成timestamp |
||||
inputarr[1]["timestamp"] = 1720782138 |
||||
inputarr[1]["sid"] = str(uuid.uuid1()) |
||||
# inputarr[1]["sip"] = "10.67.4.33" |
||||
inputarr[1]["sip"] = generate_random_ip() |
||||
inputarr[1]["dip"] = "10.67.1.1" |
||||
inputarr[1]["dport"] = "8180" |
||||
inputarr[1]["app.detail"]["uri"] = "/alarmtest.action?BMECID=352432757&BMETimestamp=1692788489260&queryNumber=158713459" |
||||
inputarr[1]["app.detail"]["host"] = api |
||||
inputarr[1]["app.detail"]["cookies"] = cookies |
||||
return json.dumps(inputarr) |
||||
|
||||
def generate_random_ip(): |
||||
# 固定前缀 "192.168." |
||||
prefix = "192.168." |
||||
# 生成随机的第三和第四段IP地址 |
||||
third_octet = random.randint(0, 255) |
||||
fourth_octet = random.randint(0, 255) |
||||
# 拼接IP地址 |
||||
ip = "{}{}.{}".format(prefix, third_octet, fourth_octet) |
||||
return ip |
||||
|
||||
def AbIDVisitAPINums510404(): |
||||
datalist = {"TCP_5011": list()} |
||||
ID2Area = { |
||||
"武汉": ["1101820", "1101821", "1101822", "1101823", "1101825"], |
||||
"荆州": ["2001800", "2001801", "2001808"], |
||||
"江汉": ["1801820", "1801810"], |
||||
"省公司市场部": ["1002011", "1002012", "1002013"] |
||||
} |
||||
api_list = ["test.alarm.com/webtest", "alarm.com/testalarm", "business.system..alarmcom", "hhh.alarm.com", |
||||
"good.alarm.com"] |
||||
info_list = [ |
||||
["u-locale=zh_CN;loginmainacctid=zhang3;operatorId=" + ID2Area["武汉"][ |
||||
0] + ";com.huawei.boss.CURRENT_MENUID=BLAR_ChargeCrm3_WEB;", 60], |
||||
["u-locale=zh_CN;loginmainacctid=zhang3;operatorId=" + ID2Area["荆州"][ |
||||
2] + ";com.huawei.boss.CURRENT_MENUID=BLAR_ChargeCrm3_WEB;", 120] |
||||
] |
||||
for i in range(len(info_list)): |
||||
cookies = info_list[i][0] |
||||
count = info_list[i][1] |
||||
for j in range(count): |
||||
api = random.choice(api_list) |
||||
datalist["TCP_5011"].append(alarm(cookies, api)) |
||||
for key in datalist.keys(): |
||||
send_logs(datalist[key]) |
||||
return "510405场景的告警数据已生成" |
||||
|
||||
def get_random_jobnum(): |
||||
# 定义包含不同前缀的字符串数组 |
||||
prefix_strings = [ |
||||
['10243', '10895', '10134', '10781', '10962'], # 10打头的字符串示例 |
||||
['11089', '11057', '11023', '11016', '11030'], # 110打头的字符串示例 |
||||
['14076', '14049', '14098', '14032', '14061'], # 140打头的字符串示例 |
||||
['26054', '26013', '26087', '26029', '26061'], # 260打头的字符串示例 |
||||
['20083', '20015', '20072', '20096', '20048'], # 200打头的字符串示例 |
||||
['19035', '19017', '19049', '19082', '19096'], # 190打头的字符串示例 |
||||
['180237', '180276', '180204', '180295', '180219'] # 1802打头的字符串示例 |
||||
] |
||||
|
||||
# 随机选择一个前缀数组 |
||||
selected_prefix_array = random.choice(prefix_strings) |
||||
# 随机选择一个具体的字符串 |
||||
selected_string = random.choice(selected_prefix_array) |
||||
return selected_string |
||||
|
||||
def get_random_person(): |
||||
people_list = [ |
||||
"Alice", "Bob", "Charlie", "David", "Emma", "Frank", "Grace", "Henry", "Isabel", "Jack", |
||||
"Kate", "Liam", "Mia", "Noah", "Olivia", "Patrick", "Quinn", "Rachel", "Samuel", "Taylor", |
||||
"Ursula", "Victor", "Wendy", "Xavier", "Yvonne", "Zachary", "Amelia", "Benjamin", "Catherine", |
||||
"Daniel", "Ella", "Finn", "Gabriella", "Hugo", "Isabella", "Jacob", "Katherine", "Lucas", |
||||
"Madeline", "Nathan", "Olivia", "Peter", "Quincy", "Riley", "Sophia", "Thomas", "Uma", |
||||
"Vincent", "Willa", "Xander", "Yasmine", "Zoe", "Aaron", "Bella", "Connor", "Daisy", "Ethan", |
||||
"Freya", "George", "Hannah", "Isaac", "Julia", "Kevin", "Lily", "Matthew", "Nora", "Owen", |
||||
"Penelope", "Quentin", "Rebecca", "Samantha", "Tristan", "Ursula", "Violet", "Wyatt", "Ximena", |
||||
"Yara", "Zane", "Anna", "Blake", "Charlotte", "David", "Eva", "Felix", "Grace", "Hector", |
||||
"Ivy", "James", "Kylie", "Luna", "Milo", "Natalie", "Oscar", "Paige", "Quinn", "Ruby", |
||||
"Simon", "Tessa", "Uriel", "Victoria", "Wesley", "Xavier", "Yasmine", "Zara" |
||||
# 继续添加更多的名称... |
||||
] |
||||
|
||||
random_person = random.choice(people_list) |
||||
return random_person |
||||
|
||||
def get_random_menu(): |
||||
# 定义系统菜单列表 |
||||
system_menu = [ |
||||
"主页", "设置", "个人资料", "消息", "通知", "帮助", "帐户", "关于", "联系我们", "服务", |
||||
"购物车", "订单", "支付", "地址", "密码", "登出", "登入", "注册", "搜索", "反馈", |
||||
"隐私政策", "条款与条件", "FAQ", "文档", "论坛", "博客", "新闻", "视频", "图片", "音频", |
||||
"下载", "上传", "社交", "分享", "喜欢", "收藏", "评论", "点赞", "订阅", "播放列表", |
||||
"播放历史", "推荐", "推广", "活动", "招聘", "加入我们", "团队", "合作伙伴", "协议", |
||||
"项目", "贡献", "捐赠", "赞助", "开发", "设计", "产品", "技术支持", "客户支持", |
||||
"销售", "市场营销", "业务", "管理", "数据", "分析", "报告", "绩效", "策略", |
||||
"创新", "优化", "测试", "安全", "备份", "恢复", "更新", "版本", "发布", |
||||
"变更日志", "许可证", "授权", "注册码", "订购", "付款方式", "配置", "设置向导", "快捷方式", |
||||
"自定义", "调整", "模板", "样式", "主题", "颜色", "字体", "大小", "布局", |
||||
"格式", "检查更新", "下载中心", "资源", "链接", "网站地图", "计划", "时间表", "日历", |
||||
"事件", "提醒", "警报", "通讯录", "联系人", "目录", "分类", "标签", "搜索结果", |
||||
"页面", "文章", "产品", "服务", "项目", "案例", "作品", "示例", "演示", |
||||
"展示", "参考", "指南", "教程", "培训", "学习", "认证", "证书", "奖章", |
||||
"徽章", "勋章", "成就", "积分", "排名", "比赛", "竞赛", "评估", "评价", |
||||
"考核", "调查", "研究", "分析", "文章", "书籍", "参考文献", "论文", "报告", |
||||
"期刊", "杂志", "图书馆", "书架", "存档", "档案", "历史", "数据", "统计", |
||||
"指标", "指数", "系列", "序列", "集合", "列表", "图表", "图形", "统计", |
||||
"数字", "计数", "数量", "比率", "百分比", "概述", "汇总", "详情", "全球", |
||||
"国家", "地区", "城市", "位置", "地点", "位置", "方向", "距离", "路线", |
||||
"导航", "地图", "位置", "坐标", "GPS", "导航", "位置", "追踪", "监控", |
||||
"控制台", "管理面板", "仪表板", "仪表盘", "仪表板", "仪表盘", "指示灯", "信号", "状态", |
||||
"进度", "完成", "处理", "操作", "任务", "流程", "工作流", "记录", "日志", |
||||
"日志", "评论", "反馈", "意见", "建议", "建议", "改进建议", "问题", "解决方案", |
||||
"答案", "解释", "说明", "描述", "详情", "信息", "数据", "内容", "媒体", |
||||
"文档", "文件", "附件", "图像", "图片", "照片", "图表", "图形", "表格", |
||||
"表单", "输入", "输出", "导入", "导出", "分享", "链接", "电子邮件", "消息", |
||||
"聊天", "对话", "会话", "会议", "通话", "视频", "音频", "音乐", "歌曲", |
||||
"播放", "暂停", "停止", "跳过", "前进", "回放", "录制", "编辑", "剪辑", |
||||
"修剪", "调整", "滤镜", "效果", "转换", "格式", "编码", "解码", "播放器", |
||||
"播放列表", "收藏夹", "书签", "标签", "标签", "评论", "反馈", "评分", "评级", |
||||
"排名", "推荐", "推广", "广告", "宣传", "促销", "优惠", "折扣", "优惠券", |
||||
"礼品卡", "优惠码", "资料", "信息", "内容", "资源", "资产", "库存", "存储", |
||||
"存储", "备份", "还原", "升级", "更新", "版本", "修复", "修复", "故障", |
||||
"错误", "问题", "错误", "故障", "问题", "警告", "异常", "异常", "异常", |
||||
"重试", "恢复", "恢复", "取消", "撤销", "回滚", "复制", "粘贴", "剪切", |
||||
"移动", "重命名", "删除", "清除", "清理", "清除", "清理", "优化", "优化", |
||||
"增加", "增强", "强化", "加强", "改进", "改善", "优化", "优化", "设计", |
||||
"开发", "测试", "部署", "配置", "设置", "安装", "卸载", "升级", "更新", |
||||
"修复", "修正", "修补", "更新", "安全", "保护", "防护", "防御", "防止", |
||||
"检查", "扫描", "监控", "跟踪", "追踪", "审计", "审查", "测试", "测量" |
||||
] |
||||
|
||||
# 随机选择一个菜单项 |
||||
random_menu_item = random.choice(system_menu) |
||||
return random_menu_item |
||||
|
||||
if __name__ == '__main__': |
||||
datalist = {"TCP_5011": list()} |
||||
ID2Area = { |
||||
"武汉": ["1101820", "1101821", "1101822", "1101823", "1101825"], |
||||
"荆州": ["2001800", "2001801", "2001808"], |
||||
"江汉": ["1801820", "1801810"], |
||||
"省公司市场部": ["1002011", "1002012", "1002013"] |
||||
} |
||||
api_list = ["test.alarm.com/webtest", "alarm.com/testalarm", "business.system..alarmcom", "hhh.alarm.com", "good.alarm.com","baidu.com","sohu.com","xinlang.com","erpx.com"] |
||||
info_list = [ |
||||
["u-locale=zh_CN; loginmainacctid="+get_random_person()+"; userticket=209@9889@23223@10.0.1.183@lis8; operatorId=" + get_random_jobnum() + "; com.huawei.boss.CURRENT_MENUID="+get_random_menu()+";", 1000], |
||||
["u-locale=zh_CN; loginmainacctid="+get_random_person()+"; userticket=209@9889@23223@10.0.1.183@lis8; operatorId=" + get_random_jobnum() + "; com.huawei.boss.CURRENT_MENUID="+get_random_menu()+";", 3000], |
||||
["u-locale=zh_CN; loginmainacctid="+get_random_person()+"; userticket=209@9889@23223@10.0.1.183@lis8; operatorId=" + get_random_jobnum() + "; com.huawei.boss.CURRENT_MENUID="+get_random_menu()+";", 3000], |
||||
["u-locale=zh_CN; loginmainacctid="+get_random_person()+"; userticket=209@9889@23223@10.0.1.183@lis8; operatorId=" + get_random_jobnum() + "; com.huawei.boss.CURRENT_MENUID="+get_random_menu()+";", 3000], |
||||
["u-locale=zh_CN; loginmainacctid="+get_random_person()+"; userticket=209@9889@23223@10.0.1.183@lis8; operatorId=" + get_random_jobnum() + "; com.huawei.boss.CURRENT_MENUID="+get_random_menu()+";", 3000], |
||||
["u-locale=zh_CN; loginmainacctid="+get_random_person()+"; userticket=209@9889@23223@10.0.1.183@lis8; operatorId=" + get_random_jobnum() + "; com.huawei.boss.CURRENT_MENUID="+get_random_menu()+";", 3000], |
||||
["u-locale=zh_CN; loginmainacctid="+get_random_person()+"; userticket=209@9889@23223@10.0.1.183@lis8; operatorId=" + get_random_jobnum() + "; com.huawei.boss.CURRENT_MENUID="+get_random_menu()+";", 3000], |
||||
["u-locale=zh_CN; loginmainacctid="+get_random_person()+"; userticket=209@9889@23223@10.0.1.183@lis8; operatorId=" + get_random_jobnum() + "; com.huawei.boss.CURRENT_MENUID="+get_random_menu()+";", 3000], |
||||
["u-locale=zh_CN; loginmainacctid="+get_random_person()+"; userticket=209@9889@23223@10.0.1.183@lis8; operatorId=" + get_random_jobnum() + "; com.huawei.boss.CURRENT_MENUID="+get_random_menu()+";", 3000], |
||||
["u-locale=zh_CN; loginmainacctid="+get_random_person()+"; userticket=209@9889@23223@10.0.1.183@lis8; operatorId=" + get_random_jobnum() + "; com.huawei.boss.CURRENT_MENUID="+get_random_menu()+";", 3000], |
||||
["u-locale=zh_CN; loginmainacctid="+get_random_person()+"; userticket=209@9889@23223@10.0.1.183@lis8; operatorId=" + get_random_jobnum() + "; com.huawei.boss.CURRENT_MENUID="+get_random_menu()+";", 3000], |
||||
["u-locale=zh_CN; loginmainacctid="+get_random_person()+"; userticket=209@9889@23223@10.0.1.183@lis8; operatorId=" + get_random_jobnum() + "; com.huawei.boss.CURRENT_MENUID="+get_random_menu()+";", 3000], |
||||
["u-locale=zh_CN; loginmainacctid="+get_random_person()+"; userticket=209@9889@23223@10.0.1.183@lis8; operatorId=" + get_random_jobnum() + "; com.huawei.boss.CURRENT_MENUID="+get_random_menu()+";", 3000], |
||||
["u-locale=zh_CN; loginmainacctid="+get_random_person()+"; userticket=209@9889@23223@10.0.1.183@lis8; operatorId=" + get_random_jobnum() + "; com.huawei.boss.CURRENT_MENUID="+get_random_menu()+";", 3000], |
||||
["u-locale=zh_CN; loginmainacctid="+get_random_person()+"; userticket=209@9889@23223@10.0.1.183@lis8; operatorId=" + get_random_jobnum() + "; com.huawei.boss.CURRENT_MENUID="+get_random_menu()+";", 3000], |
||||
["u-locale=zh_CN; loginmainacctid="+get_random_person()+"; userticket=209@9889@23223@10.0.1.183@lis8; operatorId=" + get_random_jobnum() + "; com.huawei.boss.CURRENT_MENUID="+get_random_menu()+";", 3000], |
||||
["u-locale=zh_CN; loginmainacctid="+get_random_person()+"; userticket=209@9889@23223@10.0.1.183@lis8; operatorId=" + get_random_jobnum() + "; com.huawei.boss.CURRENT_MENUID="+get_random_menu()+";", 3000], |
||||
["u-locale=zh_CN; loginmainacctid="+get_random_person()+"; userticket=209@9889@23223@10.0.1.183@lis8; operatorId=" + get_random_jobnum() + "; com.huawei.boss.CURRENT_MENUID="+get_random_menu()+";", 3000], |
||||
["u-locale=zh_CN; loginmainacctid="+get_random_person()+"; userticket=209@9889@23223@10.0.1.183@lis8; operatorId=" + get_random_jobnum() + "; com.huawei.boss.CURRENT_MENUID="+get_random_menu()+";", 3000], |
||||
["u-locale=zh_CN; loginmainacctid="+get_random_person()+"; userticket=209@9889@23223@10.0.1.183@lis8; operatorId=" + get_random_jobnum() + "; com.huawei.boss.CURRENT_MENUID="+get_random_menu()+";", 3000], |
||||
["u-locale=zh_CN; loginmainacctid="+get_random_person()+"; userticket=209@9889@23223@10.0.1.183@lis8; operatorId=" + get_random_jobnum() + "; com.huawei.boss.CURRENT_MENUID="+get_random_menu()+";", 5000], |
||||
["u-locale=zh_CN; loginmainacctid="+get_random_person()+"; userticket=209@9889@23223@10.0.1.183@lis8; operatorId=" + get_random_jobnum() + "; com.huawei.boss.CURRENT_MENUID="+get_random_menu()+";", 5000], |
||||
["u-locale=zh_CN; loginmainacctid="+get_random_person()+"; userticket=209@9889@23223@10.0.1.183@lis8; operatorId=" + get_random_jobnum() + "; com.huawei.boss.CURRENT_MENUID="+get_random_menu()+";", 5000], |
||||
["u-locale=zh_CN; loginmainacctid="+get_random_person()+"; userticket=209@9889@23223@10.0.1.183@lis8; operatorId=" + get_random_jobnum() + "; com.huawei.boss.CURRENT_MENUID="+get_random_menu()+";", 2000], |
||||
["u-locale=zh_CN; loginmainacctid="+get_random_person()+"; userticket=209@9889@23223@10.0.1.183@lis8; operatorId=" + get_random_jobnum() + "; com.huawei.boss.CURRENT_MENUID="+get_random_menu()+";", 2000], |
||||
["u-locale=zh_CN; loginmainacctid="+get_random_person()+"; userticket=209@9889@23223@10.0.1.183@lis8; operatorId=" + get_random_jobnum() + "; com.huawei.boss.CURRENT_MENUID="+get_random_menu()+";", 2000], |
||||
["u-locale=zh_CN; loginmainacctid="+get_random_person()+"; userticket=209@9889@23223@10.0.1.183@lis8; operatorId=" + get_random_jobnum() + "; com.huawei.boss.CURRENT_MENUID="+get_random_menu()+";", 2000], |
||||
["u-locale=zh_CN; loginmainacctid="+get_random_person()+"; userticket=209@9889@23223@10.0.1.183@lis8; operatorId=" + get_random_jobnum() + "; com.huawei.boss.CURRENT_MENUID="+get_random_menu()+";", 3000], |
||||
["u-locale=zh_CN; loginmainacctid="+get_random_person()+"; userticket=209@9889@23223@10.0.1.183@lis8; operatorId=" + get_random_jobnum() + "; com.huawei.boss.CURRENT_MENUID="+get_random_menu()+";", 3000], |
||||
["u-locale=zh_CN; loginmainacctid="+get_random_person()+"; userticket=209@9889@23223@10.0.1.183@lis8; operatorId=" + get_random_jobnum() + "; com.huawei.boss.CURRENT_MENUID="+get_random_menu()+";", 1000], |
||||
["u-locale=zh_CN; loginmainacctid="+get_random_person()+"; userticket=209@9889@23223@10.0.1.183@lis8; operatorId=" + get_random_jobnum() + "; com.huawei.boss.CURRENT_MENUID="+get_random_menu()+";", 1000], |
||||
["u-locale=zh_CN; loginmainacctid="+get_random_person()+"; userticket=209@9889@23223@10.0.1.183@lis8; operatorId=" + get_random_jobnum() + "; com.huawei.boss.CURRENT_MENUID="+get_random_menu()+";", 1000], |
||||
["u-locale=zh_CN; loginmainacctid="+get_random_person()+"; userticket=209@9889@23223@10.0.1.183@lis8; operatorId=" + get_random_jobnum() + "; com.huawei.boss.CURRENT_MENUID="+get_random_menu()+";", 1000], |
||||
["u-locale=zh_CN; loginmainacctid="+get_random_person()+"; userticket=209@9889@23223@10.0.1.183@lis8; operatorId=" + get_random_jobnum() + "; com.huawei.boss.CURRENT_MENUID="+get_random_menu()+";", 1000], |
||||
["u-locale=zh_CN; loginmainacctid="+get_random_person()+"; userticket=209@9889@23223@10.0.1.183@lis8; operatorId=" + get_random_jobnum() + "; com.huawei.boss.CURRENT_MENUID="+get_random_menu()+";", 1000], |
||||
["u-locale=zh_CN; loginmainacctid="+get_random_person()+"; userticket=209@9889@23223@10.0.1.183@lis8; operatorId=" + get_random_jobnum() + "; com.huawei.boss.CURRENT_MENUID="+get_random_menu()+";", 1000] |
||||
] |
||||
|
||||
|
||||
for i in range(len(info_list)): |
||||
cookies = info_list[i][0] |
||||
count = info_list[i][1] |
||||
for j in range(count): |
||||
api = random.choice(api_list) |
||||
datalist["TCP_5011"].append(alarm(cookies, api)) |
||||
for key in datalist.keys(): |
||||
send_logs(datalist[key]) |
||||
print "510405场景的告警数据已生成" |
@ -0,0 +1,142 @@ |
||||
# coding:utf-8 |
||||
|
||||
import sys |
||||
import uuid |
||||
import json |
||||
import time |
||||
import random |
||||
|
||||
path = str(sys.path[0]) |
||||
home_path = path.split("isop_uebaapiData")[0] |
||||
sys.path.append(home_path) |
||||
from isop_uebaapiData.util import send_logs |
||||
|
||||
def alarm(cookies, api): |
||||
"""2、HTTP日志""" |
||||
inputstr = '''[{"msgtype":1,"hash":"8DE9-BDAB-F622-2FA8","dev_ip":"10.67.5.17","product":"uts"},{"sid":"6004744450036c44f815500016d00a5f5151105430a3ed","timestamp":1567673939,"sip":"10.67.0.52","sport":5624,"dip":"10.67.0.53","dport":80,"protocol":6,"app":3087428650795009,"app_proto":8,"direct":4,"app.detail":{"method":"GET","http_protocol":"1.1","ret_code":200,"host":"10.67.1.1","uri":"/webtest/uploadFile.php","referer":"http://[2222::65]/webtest/","content_type":" multipart/form-data; boundary=----WebKitFormBoundary2zcCUl4lQf1h7A7S","content_type_server":" text/html","server":"Apache/2.4.4 (Win32) OpenSSL/0.9.8y PHP/5.4.19","user_agent":"Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.87 Safari/537.36","link":"","cookies":"loginmainacctid=wangshiguang;operatorId=d2601586;com.huawei.boss.CURRENT_MENUID=BLAR_ChargeCrm3_WEB;","content_encoding":"","location":"","content_length":70080,"content_length_server":200,"set_cookie":"","range":"","connection":"keep-alive","connection_server":"Keep-Alive","x_forwarded_for":"","post_data":"LS0tLS0tV2ViS2l0Rm9ybUJvdW5kYXJ5MnpjQ1VsNGxRZjFoN0E3Uw0KQ29udGVudC1EaXNwb3NpdGlvbjogZm9ybS1kYXRhOyBuYW1lPSJmaWxlIjsgZmlsZW5hbWU9IjAwMDFhZDQ0MWRjYjM4NjIxOGE3Njk5MmFjZjhiNzA1Ig0=","response_body":"VXBsb2FkOiAwMDAxYWQ0NDFkY2IzODYyMThhNzY5OTJhY2Y4YjcwNTxiciAvPlR5cGU6IGFwcGxpY2F0aW9uL29jdGV0LXN0cmVhbTxiciAvPlNpemU6IDY4LjEyNzkyOTY4NzUgS2I8YnIgLz5UZW1wIGZpbGU6IEQ6XHhhbXBwXHRtcFxwaHA2ODI1LnRtcDxiciAvPjAwMDFhZDQ0MWRjYjM4NjIxOGE3Njk5MmFjZjhiNzA1IGFscmVhZHkgZXhpc3RzLiA="}}]''' |
||||
inputarr = json.loads(inputstr, strict=False) |
||||
# 随机生成timestamp |
||||
inputarr[1]["timestamp"] = int(time.time()) |
||||
inputarr[1]["sid"] = str(uuid.uuid1()) |
||||
# inputarr[1]["sip"] = "10.67.4.33" |
||||
inputarr[1]["sip"] = generate_random_ip() |
||||
inputarr[1]["dip"] = "10.67.1.1" |
||||
inputarr[1]["dport"] = "8180" |
||||
inputarr[1]["app.detail"]["uri"] = "/alarmtest.action?BMECID=352432757&BMETimestamp=1692788489260&queryNumber=158713459" |
||||
inputarr[1]["app.detail"]["host"] = api |
||||
inputarr[1]["app.detail"]["cookies"] = cookies |
||||
return json.dumps(inputarr) |
||||
|
||||
def generate_random_ip(): |
||||
# 固定前缀 "192.168." |
||||
prefix = "192.168." |
||||
# 生成随机的第三和第四段IP地址 |
||||
third_octet = 1 |
||||
fourth_octet = random.randint(0, 50) |
||||
# 拼接IP地址 |
||||
ip = "{}{}.{}".format(prefix, third_octet, fourth_octet) |
||||
return ip |
||||
|
||||
def AbIDVisitAPINums510404(): |
||||
datalist = {"TCP_5011": list()} |
||||
ID2Area = { |
||||
"武汉": ["1101820", "1101821", "1101822", "1101823", "1101825"], |
||||
"荆州": ["2001800", "2001801", "2001808"], |
||||
"江汉": ["1801820", "1801810"], |
||||
"省公司市场部": ["1002011", "1002012", "1002013"] |
||||
} |
||||
api_list = ["test.alarm.com/webtest", "alarm.com/testalarm", "business.system..alarmcom", "hhh.alarm.com", |
||||
"good.alarm.com"] |
||||
info_list = [ |
||||
["u-locale=zh_CN;loginmainacctid=zhang3;operatorId=" + ID2Area["武汉"][ |
||||
0] + ";com.huawei.boss.CURRENT_MENUID=BLAR_ChargeCrm3_WEB;", 60], |
||||
["u-locale=zh_CN;loginmainacctid=zhang3;operatorId=" + ID2Area["荆州"][ |
||||
2] + ";com.huawei.boss.CURRENT_MENUID=BLAR_ChargeCrm3_WEB;", 120] |
||||
] |
||||
for i in range(len(info_list)): |
||||
cookies = info_list[i][0] |
||||
count = info_list[i][1] |
||||
for j in range(count): |
||||
api = random.choice(api_list) |
||||
datalist["TCP_5011"].append(alarm(cookies, api)) |
||||
for key in datalist.keys(): |
||||
send_logs(datalist[key]) |
||||
return "510405场景的告警数据已生成" |
||||
|
||||
def get_random_jobnum(): |
||||
# 定义包含不同前缀的字符串数组 |
||||
prefix_strings = [ |
||||
['10243', '10895', '10134', '10781', '10962'], # 10打头的字符串示例 |
||||
['11089', '11057', '11023', '11016', '11030'], # 110打头的字符串示例 |
||||
['14076', '14049', '14098', '14032', '14061'], # 140打头的字符串示例 |
||||
['26054', '26013', '26087', '26029', '26061'], # 260打头的字符串示例 |
||||
['20083', '20015', '20072', '20096', '20048'], # 200打头的字符串示例 |
||||
['19035', '19017', '19049', '19082', '19096'], # 190打头的字符串示例 |
||||
['180237', '180276', '180204', '180295', '180219'] # 1802打头的字符串示例 |
||||
] |
||||
|
||||
# 随机选择一个前缀数组 |
||||
selected_prefix_array = random.choice(prefix_strings) |
||||
# 随机选择一个具体的字符串 |
||||
selected_string = random.choice(selected_prefix_array) |
||||
return selected_string |
||||
|
||||
def get_random_person(): |
||||
people_list = [ |
||||
"Alice", "Bob", "Charlie", "David", "Emma", "Frank", "Grace", "Henry", "Isabel", "Jack", |
||||
"Kate", "Liam", "Mia", "Noah", "Olivia" |
||||
# 继续添加更多的名称... |
||||
] |
||||
|
||||
random_person = random.choice(people_list) |
||||
return random_person |
||||
|
||||
def get_random_menu(): |
||||
# 定义系统菜单列表 |
||||
system_menu = [ |
||||
"主页", "设置", "个人资料", "消息", "通知", "帮助", "帐户", "关于", "联系我们", "服务", |
||||
"购物车", "订单", "支付", "地址", "密码" |
||||
] |
||||
|
||||
# 随机选择一个菜单项 |
||||
random_menu_item = random.choice(system_menu) |
||||
return random_menu_item |
||||
|
||||
if __name__ == '__main__': |
||||
datalist = {"TCP_5011": list()} |
||||
ID2Area = { |
||||
"武汉": ["1101820", "1101821", "1101822", "1101823", "1101825"], |
||||
"荆州": ["2001800", "2001801", "2001808"], |
||||
"江汉": ["1801820", "1801810"], |
||||
"省公司市场部": ["1002011", "1002012", "1002013"] |
||||
} |
||||
api_list = ["test.alarm.com/webtest", "alarm.com/testalarm", "business.system..alarmcom", "hhh.alarm.com", "good.alarm.com","baidu.com","sohu.com","xinlang.com","erpx.com"] |
||||
info_list = [ |
||||
["u-locale=zh_CN; loginmainacctid="+get_random_person()+"; userticket=209@9889@23223@10.0.1.183@lis8; operatorId=" + get_random_jobnum() + "; com.huawei.boss.CURRENT_MENUID="+get_random_menu()+";", 1000], |
||||
["u-locale=zh_CN; loginmainacctid="+get_random_person()+"; userticket=209@9889@23223@10.0.1.183@lis8; operatorId=" + get_random_jobnum() + "; com.huawei.boss.CURRENT_MENUID="+get_random_menu()+";", 3000], |
||||
["u-locale=zh_CN; loginmainacctid="+get_random_person()+"; userticket=209@9889@23223@10.0.1.183@lis8; operatorId=" + get_random_jobnum() + "; com.huawei.boss.CURRENT_MENUID="+get_random_menu()+";", 3000], |
||||
["u-locale=zh_CN; loginmainacctid="+get_random_person()+"; userticket=209@9889@23223@10.0.1.183@lis8; operatorId=" + get_random_jobnum() + "; com.huawei.boss.CURRENT_MENUID="+get_random_menu()+";", 3000], |
||||
["u-locale=zh_CN; loginmainacctid="+get_random_person()+"; userticket=209@9889@23223@10.0.1.183@lis8; operatorId=" + get_random_jobnum() + "; com.huawei.boss.CURRENT_MENUID="+get_random_menu()+";", 3000], |
||||
["u-locale=zh_CN; loginmainacctid="+get_random_person()+"; userticket=209@9889@23223@10.0.1.183@lis8; operatorId=" + get_random_jobnum() + "; com.huawei.boss.CURRENT_MENUID="+get_random_menu()+";", 3000], |
||||
["u-locale=zh_CN; loginmainacctid="+get_random_person()+"; userticket=209@9889@23223@10.0.1.183@lis8; operatorId=" + get_random_jobnum() + "; com.huawei.boss.CURRENT_MENUID="+get_random_menu()+";", 3000], |
||||
["u-locale=zh_CN; loginmainacctid="+get_random_person()+"; userticket=209@9889@23223@10.0.1.183@lis8; operatorId=" + get_random_jobnum() + "; com.huawei.boss.CURRENT_MENUID="+get_random_menu()+";", 3000], |
||||
["u-locale=zh_CN; loginmainacctid="+get_random_person()+"; userticket=209@9889@23223@10.0.1.183@lis8; operatorId=" + get_random_jobnum() + "; com.huawei.boss.CURRENT_MENUID="+get_random_menu()+";", 3000], |
||||
["u-locale=zh_CN; loginmainacctid="+get_random_person()+"; userticket=209@9889@23223@10.0.1.183@lis8; operatorId=" + get_random_jobnum() + "; com.huawei.boss.CURRENT_MENUID="+get_random_menu()+";", 3000], |
||||
["u-locale=zh_CN; loginmainacctid="+get_random_person()+"; userticket=209@9889@23223@10.0.1.183@lis8; operatorId=" + get_random_jobnum() + "; com.huawei.boss.CURRENT_MENUID="+get_random_menu()+";", 3000], |
||||
["u-locale=zh_CN; loginmainacctid="+get_random_person()+"; userticket=209@9889@23223@10.0.1.183@lis8; operatorId=" + get_random_jobnum() + "; com.huawei.boss.CURRENT_MENUID="+get_random_menu()+";", 3000], |
||||
["u-locale=zh_CN; loginmainacctid="+get_random_person()+"; userticket=209@9889@23223@10.0.1.183@lis8; operatorId=" + get_random_jobnum() + "; com.huawei.boss.CURRENT_MENUID="+get_random_menu()+";", 3000], |
||||
["u-locale=zh_CN; loginmainacctid="+get_random_person()+"; userticket=209@9889@23223@10.0.1.183@lis8; operatorId=" + get_random_jobnum() + "; com.huawei.boss.CURRENT_MENUID="+get_random_menu()+";", 3000], |
||||
["u-locale=zh_CN; loginmainacctid="+get_random_person()+"; userticket=209@9889@23223@10.0.1.183@lis8; operatorId=" + get_random_jobnum() + "; com.huawei.boss.CURRENT_MENUID="+get_random_menu()+";", 3000], |
||||
["u-locale=zh_CN; loginmainacctid="+get_random_person()+"; userticket=209@9889@23223@10.0.1.183@lis8; operatorId=" + get_random_jobnum() + "; com.huawei.boss.CURRENT_MENUID="+get_random_menu()+";", 3000] |
||||
] |
||||
|
||||
|
||||
for i in range(len(info_list)): |
||||
cookies = info_list[i][0] |
||||
count = info_list[i][1] |
||||
for j in range(count): |
||||
api = random.choice(api_list) |
||||
datalist["TCP_5011"].append(alarm(cookies, api)) |
||||
for key in datalist.keys(): |
||||
send_logs(datalist[key]) |
||||
print "510405场景的告警数据已生成" |
@ -1,44 +0,0 @@ |
||||
{ |
||||
"ip":[ |
||||
{ |
||||
"ip":"192.168.1.1", |
||||
"jobnum":"1122222", |
||||
"count":212 |
||||
}, |
||||
{ |
||||
"ip":"192.168.2.1", |
||||
"jobnum":"1122222", |
||||
"count":212 |
||||
} |
||||
], |
||||
"account":[ |
||||
{ |
||||
"account":"zhangs", |
||||
"jobnum":"1122222", |
||||
"count":212 |
||||
}, |
||||
{ |
||||
"account":"zhang3", |
||||
"jobnum":"112222", |
||||
"count":211 |
||||
} |
||||
], |
||||
"interface":[ |
||||
{ |
||||
"interface":"www.baidu.com/user", |
||||
"jobnum":"1122222", |
||||
"account":"zhangs", |
||||
"ip":"192.168.1.1", |
||||
"count":212 |
||||
} |
||||
], |
||||
"menu":[ |
||||
{ |
||||
"menu":"菜单1", |
||||
"jobnum":"1122222", |
||||
"account":"zhangs", |
||||
"ip":"192.168.1.1", |
||||
"count":212 |
||||
} |
||||
] |
||||
} |
@ -1,13 +1,24 @@ |
||||
[ |
||||
{ |
||||
"task_name": "ueba_corn", |
||||
"task_name": "ueba_cron", |
||||
"task_type": 1, |
||||
"exec_cmd": "python /home/master/ISOP/apps/uebaMetricsAnalysis/corn/ueba_corn.py", |
||||
"exec_cmd": "python /home/master/ISOP/apps/uebaMetricsAnalysis/cron/ueba_cron_pg.py", |
||||
"task_owner": "uebaMetricsAnalysis", |
||||
"run_mode": 1, |
||||
"duration_args": "*/2 * * * * *", |
||||
"retry_nums": 5, |
||||
"duration_args": "0 */1 * * * ?", |
||||
"retry_nums": 0, |
||||
"is_enable": 1, |
||||
"task_description": "每天执行一次 清洗数据到es-ueba索引" |
||||
"task_description": "每分钟执行一次数据清洗" |
||||
}, |
||||
{ |
||||
"task_name": "ueba_cron_data_insert", |
||||
"task_type": 1, |
||||
"exec_cmd": "python /home/master/ISOP/apps/uebaMetricsAnalysis/cron/ueba_cron_data_insert.py", |
||||
"task_owner": "uebaMetricsAnalysis", |
||||
"run_mode": 1, |
||||
"duration_args": "0 0 3 * * ?", |
||||
"retry_nums": 0, |
||||
"is_enable": 1, |
||||
"task_description": "每天执行一次 将汇总数据写入pg" |
||||
} |
||||
] |
@ -0,0 +1,221 @@ |
||||
{ |
||||
"summary": { |
||||
"ip": [ |
||||
{ |
||||
"company": "孝感分公司", |
||||
"req_frequency": 122, |
||||
"frequency_rate": 0.2, |
||||
"ip_count": 323, |
||||
"ip_rate": 0.3, |
||||
"ip_avg": 0.43, |
||||
"trend": 0.3 |
||||
}, |
||||
{ |
||||
"company": "宜昌分公司", |
||||
"req_frequency": 122, |
||||
"frequency_rate": 0.2, |
||||
"ip_count": 323, |
||||
"ip_rate": 0.3, |
||||
"ip_avg": 0.43, |
||||
"trend": 0.3 |
||||
}, |
||||
{ |
||||
"company": "随州分公司", |
||||
"req_frequency": 122, |
||||
"frequency_rate": 0.2, |
||||
"ip_count": 323, |
||||
"ip_rate": 0.3, |
||||
"ip_avg": 0.43, |
||||
"trend": 0.3 |
||||
}, |
||||
{ |
||||
"company": "黄冈分公司", |
||||
"req_frequency": 122, |
||||
"frequency_rate": 0.2, |
||||
"ip_count": 323, |
||||
"ip_rate": 0.3, |
||||
"ip_avg": 0.43, |
||||
"trend": 0.3 |
||||
}, |
||||
{ |
||||
"company": "省公司", |
||||
"req_frequency": 122, |
||||
"frequency_rate": 0.2, |
||||
"ip_count": 323, |
||||
"ip_rate": 0.3, |
||||
"ip_avg": 0.43, |
||||
"trend": 0.3 |
||||
} |
||||
], |
||||
"account": [ |
||||
{ |
||||
"company": "湖北公司", |
||||
"req_frequency": 122, |
||||
"frequency_rate": 0.2, |
||||
"account_count": 323, |
||||
"account_rate": 0.3, |
||||
"account_avg": 0.43, |
||||
"trend": 0.3 |
||||
}, |
||||
{ |
||||
"company": "宜昌公司", |
||||
"req_frequency": 122, |
||||
"frequency_rate": 0.2, |
||||
"account_count": 323, |
||||
"account_rate": 0.3, |
||||
"account_avg": 0.43, |
||||
"trend": 0.3 |
||||
} |
||||
], |
||||
"interface": [ |
||||
{ |
||||
"interface_addr": "/getuser", |
||||
"req_frequency": 122, |
||||
"frequency_rate": 0.2, |
||||
"frequency_avg": 0.43, |
||||
"trend": 0.3 |
||||
}, |
||||
{ |
||||
"interface_addr": "/getcpminfo", |
||||
"req_frequency": 122, |
||||
"frequency_rate": 0.2, |
||||
"frequency_avg": 0.43, |
||||
"trend": 0.3 |
||||
} |
||||
], |
||||
"menu": [ |
||||
{ |
||||
"menu_name": "接口地址", |
||||
"req_frequency": 122, |
||||
"frequency_rate": 0.2, |
||||
"frequency_avg": 0.43, |
||||
"trend": 0.3 |
||||
}, |
||||
{ |
||||
"menu_name": "接口地址", |
||||
"req_frequency": 122, |
||||
"frequency_rate": 0.2, |
||||
"frequency_avg": 0.43, |
||||
"trend": 0.3 |
||||
} |
||||
] |
||||
}, |
||||
"detail": { |
||||
"ip": { |
||||
"湖北公司": [ |
||||
{ |
||||
"req_ip": "xxx.xx.xx.x", |
||||
"req_frequency": 22 |
||||
}, |
||||
{ |
||||
"req_ip": "xx1x.xx.xx.x", |
||||
"req_frequency": 21 |
||||
} |
||||
], |
||||
"宜昌公司": [ |
||||
{ |
||||
"req_ip": "xxx.xx.xx.x", |
||||
"req_frequency": 22 |
||||
}, |
||||
{ |
||||
"req_ip": "xx1x.xx.xx.x", |
||||
"req_frequency": 21 |
||||
} |
||||
] |
||||
}, |
||||
"account": { |
||||
"湖北公司": [ |
||||
{ |
||||
"req_account": "admin", |
||||
"req_frequency": 22, |
||||
"req_jobnum": 98799 |
||||
}, |
||||
{ |
||||
"req_account": "admin", |
||||
"req_frequency": 22, |
||||
"req_jobnum": 98799 |
||||
} |
||||
], |
||||
"宜昌公司": [ |
||||
{ |
||||
"req_account": "admin", |
||||
"req_frequency": 22, |
||||
"req_jobnum": 98799 |
||||
}, |
||||
{ |
||||
"req_account": "admin", |
||||
"req_frequency": 22, |
||||
"req_jobnum": 98799 |
||||
} |
||||
] |
||||
}, |
||||
"interface": { |
||||
"接口1": [ |
||||
{ |
||||
"interface_addr": "接口地址", |
||||
"req_frequency": 122, |
||||
"req_ip": "xxx.xx.xx.x", |
||||
"req_account": 0.2, |
||||
"req_jobnum": 0.2 |
||||
}, |
||||
{ |
||||
"interface_addr": "接口地址", |
||||
"req_frequency": 122, |
||||
"req_ip": "xxx.xx.xx.x", |
||||
"req_account": 0.2, |
||||
"req_jobnum": 0.2 |
||||
} |
||||
], |
||||
"接口2": [ |
||||
{ |
||||
"interface_addr": "接口地址", |
||||
"req_frequency": 122, |
||||
"req_ip": "xxx.xx.xx.x", |
||||
"req_account": 0.2, |
||||
"req_jobnum": 0.2 |
||||
}, |
||||
{ |
||||
"interface_addr": "接口地址", |
||||
"req_frequency": 122, |
||||
"req_ip": "xxx.xx.xx.x", |
||||
"req_account": 0.2, |
||||
"req_jobnum": 0.2 |
||||
} |
||||
] |
||||
}, |
||||
"menu": { |
||||
"菜单1": [ |
||||
{ |
||||
"menu_name": "接口地址", |
||||
"req_frequency": 122, |
||||
"req_ip": "xxx.xx.xx.x", |
||||
"req_account": 0.2, |
||||
"req_jobnum": 0.2 |
||||
}, |
||||
{ |
||||
"menu_name": "接口地址", |
||||
"req_frequency": 122, |
||||
"req_ip": "xxx.xx.xx.x", |
||||
"req_account": 0.2, |
||||
"req_jobnum": 0.2 |
||||
} |
||||
], |
||||
"菜单2": [ |
||||
{ |
||||
"menu_name": "接口地址", |
||||
"req_frequency": 122, |
||||
"req_ip": "xxx.xx.xx.x", |
||||
"req_account": 0.2, |
||||
"req_jobnum": 0.2 |
||||
}, |
||||
{ |
||||
"menu_name": "接口地址", |
||||
"req_frequency": 122, |
||||
"req_ip": "xxx.xx.xx.x", |
||||
"req_account": 0.2, |
||||
"req_jobnum": 0.2 |
||||
} |
||||
] |
||||
} |
||||
} |
||||
} |
@ -1,292 +0,0 @@ |
||||
#encoding=utf-8 |
||||
import json |
||||
import time,datetime |
||||
import traceback |
||||
from datetime import datetime, timedelta |
||||
import calendar |
||||
from esUtil import EsUtil |
||||
import pytz |
||||
|
||||
size = 1000# 可以根据实际情况调整 |
||||
##01 创建索引 |
||||
def createIndex(index): |
||||
map={ |
||||
"data_type":"keyword", |
||||
"req_account":"keyword", |
||||
"req_frequency":"integer", |
||||
"req_jobnum":"keyword", |
||||
"interface_addr":"keyword", |
||||
"req_ip":"ip", |
||||
"menu_name":"keyword", |
||||
"date_time":"date" |
||||
} |
||||
es_util_instance = EsUtil() |
||||
reqs = es_util_instance.is_index_exist(index) |
||||
if reqs =="false": |
||||
try: |
||||
res = es_util_instance.create_index_simple(index,map) |
||||
except Exception,e: |
||||
print e.message |
||||
## IP维度 |
||||
def get_ip_group_data(index,startTime,endTime): |
||||
try: |
||||
query_body={ |
||||
"size": 0, |
||||
"query": { |
||||
"range": {"timestamp": {"gte": startTime,"lte": endTime}} |
||||
}, |
||||
"aggs": { |
||||
"composite_buckets": { |
||||
"composite": { |
||||
"size": size, |
||||
"sources": [ |
||||
{"sip": { "terms": {"field": "sip"} }}, |
||||
{"trojan_type": { "terms": { "field": "trojan_type"}}} |
||||
] |
||||
} |
||||
} |
||||
} |
||||
} |
||||
after_key = None |
||||
es_util_instance = EsUtil() |
||||
datas=[] |
||||
while True: |
||||
if after_key: |
||||
query_body["aggs"]["composite_buckets"]["composite"]["after"] = after_key |
||||
try: |
||||
response = es_util_instance.search(index,query_body) |
||||
except Exception,e: |
||||
print "err" |
||||
for bucket in response["aggregations"]["composite_buckets"]["buckets"]: |
||||
data = { |
||||
"data_type": "ip", |
||||
"req_account": "", |
||||
"req_frequency": bucket['doc_count'], |
||||
"req_jobnum": bucket['key']['trojan_type'] , |
||||
"interface_addr": "", |
||||
"req_ip":bucket['key']['sip'] , |
||||
"menu_name": "", |
||||
"date_time": int(time.time() * 1000) # 当前时间,使用isoformat格式化 |
||||
} |
||||
datas.append(data) |
||||
after_key = bucket["key"] |
||||
|
||||
if not response["aggregations"]["composite_buckets"].get("after_key"): |
||||
break |
||||
|
||||
after_key = response["aggregations"]["composite_buckets"]["after_key"] |
||||
except Exception,e: |
||||
print "x_err:"+e.message |
||||
return datas |
||||
|
||||
|
||||
## 账号维度 |
||||
def get_account_group_data(index,startTime,endTime): |
||||
query_body={ |
||||
"size": 0, |
||||
"query": { |
||||
"range": {"timestamp": {"gte": startTime,"lte": endTime}} |
||||
}, |
||||
"aggs": { |
||||
"composite_buckets": { |
||||
"composite": { |
||||
"size": size, |
||||
"sources": [ |
||||
{"account": { "terms": {"field": "account"} }}, |
||||
{"trojan_type": { "terms": { "field": "trojan_type"}}} |
||||
] |
||||
} |
||||
} |
||||
} |
||||
} |
||||
after_key = None |
||||
es_util_instance = EsUtil() |
||||
datas=[] |
||||
while True: |
||||
if after_key: |
||||
query_body["aggs"]["composite_buckets"]["composite"]["after"] = after_key |
||||
response = es_util_instance.search(index,query_body) |
||||
for bucket in response["aggregations"]["composite_buckets"]["buckets"]: |
||||
#print(bucket['key']['sip'] + ":" + str(bucket['doc_count'])) |
||||
data = { |
||||
"data_type": "account", |
||||
"req_account": bucket['key']['account'], |
||||
"req_frequency": bucket['doc_count'], |
||||
"req_jobnum": bucket['key']['trojan_type'] , |
||||
"interface_addr": "", |
||||
"req_ip":"0.0.0.0" , |
||||
"menu_name": "", |
||||
"date_time": int(time.time() * 1000) # 当前时间,使用isoformat格式化 |
||||
} |
||||
datas.append(data) |
||||
after_key = bucket["key"] |
||||
|
||||
if not response["aggregations"]["composite_buckets"].get("after_key"): |
||||
break |
||||
|
||||
after_key = response["aggregations"]["composite_buckets"]["after_key"] |
||||
|
||||
return datas |
||||
|
||||
## 接口维度 |
||||
def get_interface_group_data(index,startTime,endTime): |
||||
query_body={ |
||||
"size": 0, |
||||
"query": { |
||||
"range": {"timestamp": {"gte": startTime,"lte": endTime}} |
||||
}, |
||||
"aggs": { |
||||
"composite_buckets": { |
||||
"composite": { |
||||
"size": size, |
||||
"sources": [ |
||||
{"interface": { "terms": {"field": "interface"} }}, |
||||
{"sip": { "terms": { "field": "sip"}}}, |
||||
{"account": { "terms": { "field": "account"}}}, |
||||
{"trojan_type": { "terms": { "field": "trojan_type"}}}, |
||||
] |
||||
} |
||||
} |
||||
} |
||||
} |
||||
after_key = None |
||||
es_util_instance = EsUtil() |
||||
datas=[] |
||||
while True: |
||||
if after_key: |
||||
query_body["aggs"]["composite_buckets"]["composite"]["after"] = after_key |
||||
response = es_util_instance.search(index,query_body) |
||||
for bucket in response["aggregations"]["composite_buckets"]["buckets"]: |
||||
#print(bucket['key']['sip'] + ":" + str(bucket['doc_count'])) |
||||
data = { |
||||
"data_type": "interface", |
||||
"req_account": bucket['key']['account'], |
||||
"req_frequency": bucket['doc_count'], |
||||
"req_jobnum": bucket['key']['trojan_type'] , |
||||
"interface_addr": bucket['key']['interface'] , |
||||
"req_ip":bucket['key']['sip'], |
||||
"menu_name": "", |
||||
"date_time": int(time.time() * 1000) # 当前时间,使用isoformat格式化 |
||||
} |
||||
datas.append(data) |
||||
after_key = bucket["key"] |
||||
|
||||
if not response["aggregations"]["composite_buckets"].get("after_key"): |
||||
break |
||||
|
||||
after_key = response["aggregations"]["composite_buckets"]["after_key"] |
||||
|
||||
return datas |
||||
|
||||
|
||||
|
||||
## 菜单维度 |
||||
def get_menu_group_data(index,startTime,endTime): |
||||
query_body={ |
||||
"size": 0, |
||||
"query": { |
||||
"range": {"timestamp": {"gte": startTime,"lte": endTime}} |
||||
}, |
||||
"aggs": { |
||||
"composite_buckets": { |
||||
"composite": { |
||||
"size": size, |
||||
"sources": [ |
||||
{"worm_family": { "terms": {"field": "worm_family"} }}, |
||||
{"sip": { "terms": { "field": "sip"}}}, |
||||
{"account": { "terms": { "field": "account"}}}, |
||||
{"trojan_type": { "terms": { "field": "trojan_type"}}}, |
||||
] |
||||
} |
||||
} |
||||
} |
||||
} |
||||
after_key = None |
||||
es_util_instance = EsUtil() |
||||
datas=[] |
||||
while True: |
||||
if after_key: |
||||
query_body["aggs"]["composite_buckets"]["composite"]["after"] = after_key |
||||
response = es_util_instance.search(index,query_body) |
||||
for bucket in response["aggregations"]["composite_buckets"]["buckets"]: |
||||
#print(bucket['key']['sip'] + ":" + str(bucket['doc_count'])) |
||||
data = { |
||||
"data_type": "menu", |
||||
"req_account": bucket['key']['account'], |
||||
"req_frequency": bucket['doc_count'], |
||||
"req_jobnum": bucket['key']['trojan_type'] , |
||||
"interface_addr": "" , |
||||
"req_ip":bucket['key']['sip'], |
||||
"menu_name": bucket['key']['worm_family'], |
||||
"date_time": int(time.time() * 1000) # 当前时间,使用isoformat格式化 |
||||
} |
||||
datas.append(data) |
||||
after_key = bucket["key"] |
||||
if not response["aggregations"]["composite_buckets"].get("after_key"): |
||||
break |
||||
after_key = response["aggregations"]["composite_buckets"]["after_key"] |
||||
|
||||
return datas |
||||
|
||||
##03 数据写入 |
||||
def data_insert(index,data): |
||||
es_util_instance = EsUtil() |
||||
response = es_util_instance.bulk_insert(index,data) |
||||
return response |
||||
|
||||
def clean_data(write_index,read_index,start,end): |
||||
data_ip = get_ip_group_data(read_index,start,end) |
||||
print "data_ip:"+str(len(data_ip)) |
||||
data_account = get_account_group_data(read_index,start,end) |
||||
print "data_ip:"+str(len(data_account)) |
||||
data_interface = get_interface_group_data(read_index,start,end) |
||||
print "data_ip:"+str(len(data_interface)) |
||||
data_menu = get_menu_group_data(read_index,start,end) |
||||
print "data_ip:"+str(len(data_menu)) |
||||
res_data = data_ip+data_account+data_interface+data_menu |
||||
response = data_insert(write_index,res_data) |
||||
print json.dumps(response) |
||||
|
||||
#入口 |
||||
def entry(write_index,read_index,start,end): |
||||
createIndex(write_index) |
||||
clean_data(write_index,read_index,start,end) |
||||
|
||||
|
||||
#前一天的0点0分0秒 |
||||
def get_start_end_time(hour,minute,second): |
||||
# 获取当前日期时间 |
||||
now = datetime.now() |
||||
|
||||
# 计算昨天的日期时间 |
||||
yesterday = now - timedelta(days=1) |
||||
|
||||
# 将时间部分设为 00:00:00 |
||||
yesterday_midnight = yesterday.replace(hour=hour, minute=minute, second=second, microsecond=0) |
||||
|
||||
# 使用 pytz 来获取 UTC 时区对象 |
||||
utc = pytz.utc |
||||
# 将时间对象本地化为 UTC 时区 |
||||
yesterday_midnight_utc = utc.localize(yesterday_midnight) |
||||
|
||||
# 格式化为带时区的字符串(ISO 8601格式) |
||||
formatted_date = yesterday_midnight_utc.strftime("%Y-%m-%dT%H:%M:%SZ") |
||||
return formatted_date |
||||
|
||||
def index(): |
||||
try: |
||||
#写入的索引 按月创建,注意跨天的场景 |
||||
write_index= "b_ueba_2024_07" |
||||
read_index ="bsa_traffic*" |
||||
#任务执行时间是每天 凌晨12点 |
||||
#查询的范围 开始时间前一天的0点0分0秒,结束时间是 前一天的23.59.59秒 |
||||
|
||||
start = "2024-06-02T00:00:00Z"#get_start_end_time(0,0,0) |
||||
end = get_start_end_time(23,59,59) |
||||
print start +":"+ end |
||||
entry(write_index,read_index,start,end) |
||||
except Exception ,e: |
||||
print "定时任务执行失败:"+traceback.format_exc() |
||||
# logger.error("定时任务执行失败:".format(str(e), traceback.format_exc())) |
||||
|
||||
index() |
@ -1,281 +0,0 @@ |
||||
#!/usr/bin/python |
||||
#encoding=utf-8 |
||||
# author: tangwy |
||||
|
||||
import json |
||||
import os,re |
||||
import codecs |
||||
import traceback |
||||
from isoc.utils.esUtil import EsUtil |
||||
from dashboard_data_conversion import ip_summary_data_format, account_summary_data_format, \ |
||||
interface_summary_data_format, menu_summary_data_format |
||||
from ext_logging import logger |
||||
## IP维度 |
||||
def es_get_ip_group_data(index,startTime,endTime): |
||||
page_size = 9000 #可以根据实际情况调整 |
||||
query_body={ |
||||
"query": { |
||||
"bool": { |
||||
"filter": [ |
||||
{ "term": { "data_type": "ip" } }, |
||||
{"range":{ |
||||
"date_time": { |
||||
"gte": startTime, |
||||
"lte": endTime |
||||
} |
||||
}} |
||||
] |
||||
} |
||||
}, |
||||
"aggs": { |
||||
"composite_buckets": { |
||||
"composite": { |
||||
"size" : page_size, |
||||
"sources": [ |
||||
{ "req_ip": { "terms": { "field": "req_ip" } } }, |
||||
{ "req_jobnum": { "terms": { "field": "req_jobnum" } } } |
||||
] |
||||
}, |
||||
"aggregations": { |
||||
"total_count": { |
||||
"sum": { |
||||
"field": "req_frequency" |
||||
} |
||||
} |
||||
} |
||||
} |
||||
} |
||||
} |
||||
after_key = None |
||||
es_util_instance = EsUtil() |
||||
datas = [] |
||||
while True: |
||||
if after_key: |
||||
query_body["aggs"]["composite_buckets"]["composite"]["after"] = after_key |
||||
response = es_util_instance.search(index,query_body) |
||||
buckets = response.get("aggregations", {}).get("composite_buckets", {}).get("buckets", []) |
||||
for bucket in buckets: |
||||
data= { |
||||
"ip":bucket['key']['req_ip'], |
||||
"jobnum":bucket['key']['req_jobnum'], |
||||
"count":bucket['total_count']['value'] |
||||
} |
||||
datas.append(data) |
||||
after_key = bucket["key"] |
||||
if not response["aggregations"]["composite_buckets"].get("after_key"): |
||||
break |
||||
after_key = response["aggregations"]["composite_buckets"]["after_key"] |
||||
return datas |
||||
|
||||
|
||||
## 账号维度 |
||||
def es_get_account_group_data(index,startTime,endTime): |
||||
page_size = 9000 #可以根据实际情况调整 |
||||
query_body={ |
||||
"size": 0, |
||||
"query": { |
||||
"bool": { |
||||
"filter": [ |
||||
{ "term": { "data_type": "account" } }, |
||||
{"range":{ |
||||
"date_time": { |
||||
"gte": startTime, |
||||
"lte": endTime |
||||
} |
||||
}} |
||||
] |
||||
} |
||||
}, |
||||
"aggs": { |
||||
"composite_buckets": { |
||||
"composite": { |
||||
"size" : page_size, |
||||
"sources": [ |
||||
{ "req_account": { "terms": { "field": "req_account" } } }, |
||||
{ "req_jobnum": { "terms": { "field": "req_jobnum" } } } |
||||
] |
||||
}, |
||||
"aggregations": { |
||||
"total_count": { |
||||
"sum": { |
||||
"field": "req_frequency" |
||||
} |
||||
} |
||||
} |
||||
} |
||||
} |
||||
} |
||||
after_key = None |
||||
es_util_instance = EsUtil() |
||||
datas = [] |
||||
while True: |
||||
if after_key: |
||||
query_body["aggs"]["composite_buckets"]["composite"]["after"] = after_key |
||||
response = es_util_instance.search(index,query_body) |
||||
buckets = response.get("aggregations", {}).get("composite_buckets", {}).get("buckets", []) |
||||
for bucket in buckets: |
||||
data= { |
||||
"account":bucket['key']['req_account'], |
||||
"jobnum":bucket['key']['req_jobnum'], |
||||
"count":bucket['total_count']['value'] |
||||
} |
||||
datas.append(data) |
||||
after_key = bucket["key"] |
||||
if not response["aggregations"]["composite_buckets"].get("after_key"): |
||||
break |
||||
after_key = response["aggregations"]["composite_buckets"]["after_key"] |
||||
return datas |
||||
|
||||
|
||||
## 菜单维度 |
||||
def es_get_menu_group_data(index,startTime,endTime): |
||||
page_size = 9000 #可以根据实际情况调整 |
||||
query_body={ |
||||
"size": 0, |
||||
"query": { |
||||
"bool": { |
||||
"filter": [ |
||||
{ "term": { "data_type": "menu" } }, |
||||
{"range":{ |
||||
"date_time": { |
||||
"gte": startTime, |
||||
"lte": endTime |
||||
} |
||||
}} |
||||
] |
||||
} |
||||
}, |
||||
"aggs": { |
||||
"composite_buckets": { |
||||
"composite": { |
||||
"size" : page_size, |
||||
"sources": [ |
||||
{ "menu_name": { "terms": { "field": "menu_name" } } }, |
||||
{ "req_account": { "terms": { "field": "req_account" } } }, |
||||
{ "req_ip": { "terms": { "field": "req_ip" } } }, |
||||
{ "req_jobnum": { "terms": { "field": "req_jobnum" } } } |
||||
] |
||||
}, |
||||
"aggregations": { |
||||
"total_count": { |
||||
"sum": { |
||||
"field": "req_frequency" |
||||
} |
||||
} |
||||
} |
||||
} |
||||
} |
||||
} |
||||
after_key = None |
||||
es_util_instance = EsUtil() |
||||
datas = [] |
||||
while True: |
||||
if after_key: |
||||
query_body["aggs"]["composite_buckets"]["composite"]["after"] = after_key |
||||
response = es_util_instance.search(index,query_body) |
||||
buckets = response.get("aggregations", {}).get("composite_buckets", {}).get("buckets", []) |
||||
for bucket in buckets: |
||||
data= { |
||||
"menu":bucket['key']['menu_name'], |
||||
"ip":bucket['key']['req_ip'], |
||||
"account":bucket['key']['req_account'], |
||||
"jobnum":bucket['key']['req_jobnum'], |
||||
"count":bucket['total_count']['value'] |
||||
} |
||||
datas.append(data) |
||||
after_key = bucket["key"] |
||||
if not response["aggregations"]["composite_buckets"].get("after_key"): |
||||
break |
||||
after_key = response["aggregations"]["composite_buckets"]["after_key"] |
||||
return datas |
||||
|
||||
|
||||
## 接口维度 |
||||
def es_get_interface_group_data(index,startTime,endTime): |
||||
page_size = 9999 #可以根据实际情况调整 |
||||
query_body={ |
||||
"query": { |
||||
"bool": { |
||||
"filter": [ |
||||
{ "term": { "data_type": "interface" } }, |
||||
{"range":{ |
||||
"date_time": { |
||||
"gte": startTime, |
||||
"lte": endTime |
||||
} |
||||
}} |
||||
] |
||||
} |
||||
}, |
||||
"aggs": { |
||||
"group_by_menu": { |
||||
"composite": { |
||||
"size" : page_size, |
||||
"sources": [ |
||||
{ "interface_addr": { "terms": { "field": "interface_addr" } } }, |
||||
{ "req_account": { "terms": { "field": "req_account" } } }, |
||||
{ "req_ip": { "terms": { "field": "req_ip" } } }, |
||||
{ "req_jobnum": { "terms": { "field": "req_jobnum" } } } |
||||
] |
||||
}, |
||||
"aggregations": { |
||||
"total_count": { |
||||
"sum": { |
||||
"field": "req_frequency" |
||||
} |
||||
} |
||||
} |
||||
} |
||||
} |
||||
} |
||||
after_key = None |
||||
es_util_instance = EsUtil() |
||||
datas = [] |
||||
while True: |
||||
if after_key: |
||||
query_body["aggs"]["composite_buckets"]["composite"]["after"] = after_key |
||||
response = es_util_instance.search(index,query_body) |
||||
buckets = response.get("aggregations", {}).get("composite_buckets", {}).get("buckets", []) |
||||
for bucket in buckets: |
||||
data= { |
||||
"interface":bucket['key']['interface_addr'], |
||||
"ip":bucket['key']['req_ip'], |
||||
"account":bucket['key']['req_account'], |
||||
"jobnum":bucket['key']['req_jobnum'], |
||||
"count":bucket['total_count']['value'] |
||||
} |
||||
datas.append(data) |
||||
after_key = bucket["key"] |
||||
if not response["aggregations"]["composite_buckets"].get("after_key"): |
||||
break |
||||
after_key = response["aggregations"]["composite_buckets"]["after_key"] |
||||
return datas |
||||
|
||||
def entry(data_type,start,end): |
||||
base_index = 'c_ueba_001' |
||||
# es_util_instance = EsUtil() |
||||
# res=es_util_instance.get_available_index_name(start,end,base_index) |
||||
# if len(res)==0: |
||||
# return |
||||
# index =",".join(res) |
||||
|
||||
index=base_index |
||||
|
||||
try: |
||||
data = {} |
||||
if data_type == "1": |
||||
ip_summary_data = es_get_ip_group_data(index, start, end) |
||||
data = ip_summary_data_format(ip_summary_data) |
||||
if data_type == "2": |
||||
account_summary_data = es_get_account_group_data(index, start, end) |
||||
data = account_summary_data_format(account_summary_data) |
||||
if data_type == "3": |
||||
interface_summary_data = es_get_interface_group_data(index, start, end) |
||||
data = interface_summary_data_format(interface_summary_data) |
||||
if data_type == "4": |
||||
menu_summary_data = es_get_menu_group_data(index, start, end) |
||||
data = menu_summary_data_format(menu_summary_data) |
||||
return data |
||||
except Exception, e: |
||||
logger.error(traceback.format_exc()) |
||||
raise e |
@ -1,90 +0,0 @@ |
||||
#!/usr/bin/python |
||||
#encoding=utf-8 |
||||
# author: tangwy |
||||
|
||||
import json |
||||
import os,re |
||||
import codecs |
||||
import csv |
||||
import ConfigParser |
||||
from isoc.utils.esUtil import EsUtil |
||||
|
||||
|
||||
print json.dumps(es_host_list) |
||||
# conf_path = os.path.join(os.path.dirname(os.path.dirname(__file__)), 'conf') |
||||
# ini_path = os.path.join(conf_path, 'conf.ini') |
||||
# config = ConfigParser.ConfigParser() |
||||
# config.read(ini_path) |
||||
|
||||
# ES_HOST = config.get('COMMON', 'es_host') |
||||
# ES_PER_COUNT = config.get('COMMON', 'es_per_count') |
||||
# ES_INDEX_NAME = config.get('COMMON', 'es_index_name') |
||||
# CSV_FILE_PATH = config.get('COMMON', 'csv_file_path') |
||||
|
||||
|
||||
|
||||
def createIndex(): |
||||
es = Elasticsearch(es_host_list) |
||||
es.create(index="urba_analyse_2024_06", ignore=400) |
||||
|
||||
map={ |
||||
"ip1": "text", |
||||
"ip2": "text", |
||||
"ip3": "text", |
||||
"ip4": "text", |
||||
} |
||||
es_instance = EsUtil() |
||||
res = es_instance.create_index_simple("urba_analyse_2024_06") |
||||
return res |
||||
|
||||
|
||||
|
||||
|
||||
|
||||
# def generate_ip_range(start_ip, end_ip): |
||||
# start_parts = list(map(int, start_ip.split('.'))) |
||||
# end_parts = list(map(int, end_ip.split('.'))) |
||||
# ip_range = [] |
||||
|
||||
# while start_parts < end_parts: |
||||
# ip_range.append('.'.join(map(str, start_parts))) |
||||
# start_parts[3] += 1 |
||||
# for i in range(3, 0, -1): |
||||
# if start_parts[i] == 256: |
||||
# start_parts[i] = 0 |
||||
# start_parts[i-1] += 1 |
||||
|
||||
# ip_range.append('.'.join(map(str, start_parts))) # 添加结束IP地址 |
||||
# return ip_range |
||||
|
||||
# # scroll查询数据 |
||||
# def get_ip_summary_data(start_time,end_time,query_body): |
||||
# es = Elasticsearch(ES_HOST) |
||||
# msg = es.search(index=ES_INDEX_NAME,scroll="3m",size=ES_PER_COUNT,_source_includes= ["cookies","url","sip","dip"], query=query_body) |
||||
|
||||
# result = msg['hits']['hits'] |
||||
# total = msg['hits']['total'] |
||||
# scroll_id = msg['_scroll_id'] |
||||
|
||||
# for i in range(0,int(total["value"]/ES_PER_COUNT)+1): |
||||
# query_scroll = es.scroll(scroll_id=scroll_id, scroll='3m')["hits"]["hits"] |
||||
# result += query_scroll |
||||
# return result |
||||
|
||||
# # 读取csv文件 获取ip归属地 |
||||
# def get_ip_area_relation(csv_file_path): |
||||
# iprange_map = {} |
||||
# with codecs.open(csv_file_path, mode='r',encoding='utf-8') as file: |
||||
# csv_reader = csv.reader(file) |
||||
# for row in csv_reader: |
||||
# headers = next(csv_reader) |
||||
# ip_start = headers[0] |
||||
# ip_end = headers[1] |
||||
# ip_range = generate_ip_range(ip_start, ip_end) |
||||
# ip_area = headers[5] |
||||
# print (ip_area) |
||||
# for ip in ip_range: |
||||
# iprange_map[ip] = ip_area |
||||
# return iprange_map |
||||
|
||||
# get_ip_area_relation("/tmp/data/ip_area_relation.csv") |
Loading…
Reference in new issue