#!/usr/bin/python # encoding=utf-8 # author: tangwy from __future__ import division import json import os, re import codecs import traceback from datetime import datetime, timedelta from collections import defaultdict from dataInterface.functions import CFunction from dataInterface.db.params import CPgSqlParam from ext_logging import logger TABLE_NAME = "ueba_analysis_schema.logs" DATA_TYPE = { "IP": 1, "ACCOUNT": 2, "INTERFACE": 3, "MENU": 4, } #安全除 def safe_divide(numerator, denominator): if denominator == 0: return else: return numerator / denominator #ip维度 def get_ip_data(startTime, endTime,keyword): """ IP维度查询 :param startTime: 开始时间, :param endTime: 结束时间, """ result = [] sql = """ select ip,jobnum, sum(count) as count from {TABLE_NAME} where logdate >= %s and logdate <= %s and data_type = %s and company = %s group by ip,jobnum order by count desc limit 200""".format(TABLE_NAME=TABLE_NAME) res = json.loads(CFunction.execute(CPgSqlParam(sql, params=(startTime, endTime, DATA_TYPE["IP"],keyword)))) if res: for item in res: result.append({ "req_ip": item[0], "req_jobnum": item[1], "req_frequency": item[2], }) return result #账号维度 def get_account_data(startTime, endTime,keyword): """ IP维度查询 :param startTime: 开始时间, :param endTime: 结束时间, """ result = [] sql = """ select account,jobnum, sum(count) as count from {TABLE_NAME} where logdate >= %s and logdate <= %s and data_type = %s and company = %s group by account,jobnum order by count desc limit 200""".format(TABLE_NAME=TABLE_NAME) res = json.loads(CFunction.execute(CPgSqlParam(sql, params=(startTime, endTime, DATA_TYPE["ACCOUNT"],keyword)))) if res: for item in res: result.append({ "req_account": item[0], "req_jobnum": item[1], "req_frequency": item[2], }) return result #接口维度 def get_interface_data(startTime, endTime,keyword): """ IP维度查询 :param startTime: 开始时间, :param endTime: 结束时间, """ result = [] sql = """select ip,account,jobnum,sum(count) as count from {TABLE_NAME} where logdate >= %s and logdate <= %s and data_type = %s and interface = %s group by ip,account,jobnum order by count desc limit 200""".format(TABLE_NAME=TABLE_NAME) res = json.loads(CFunction.execute(CPgSqlParam(sql, params=(startTime, endTime, DATA_TYPE["INTERFACE"],keyword)))) if res: for item in res: result.append({ "req_ip": item[0], "req_jobnum": item[2], "req_account": item[1], "req_frequency": item[3], "interface_addr":keyword, }) return result #菜单维度 def get_menu_data(startTime, endTime,keyword): """ IP维度查询 :param startTime: 开始时间, :param endTime: 结束时间, """ result = [] sql = """select ip,jobnum,account,sum(count) as count from {TABLE_NAME} where logdate >= %s and logdate <= %s and data_type = %s and menu = %s group by ip,jobnum,account order by count desc limit 200""".format(TABLE_NAME=TABLE_NAME) logger.info(sql) res = json.loads(CFunction.execute(CPgSqlParam(sql, params=(startTime, endTime, DATA_TYPE["MENU"],keyword)))) if res: logger.info(str(len(res))) for item in res: result.append({ "req_ip": item[0], "req_jobnum": item[1], "req_account": item[2], "req_frequency": item[3], "menu_name":keyword, }) return result #入口 def detail_data_entry(startTime, endTime,data_type,keyWord): data = {} if data_type == "1": data=get_ip_data(startTime=startTime,endTime=endTime,keyword=keyWord) if data_type == "2": data=get_account_data(startTime=startTime,endTime=endTime,keyword=keyWord) if data_type == "3": data=get_interface_data(startTime=startTime,endTime=endTime,keyword=keyWord) if data_type == "4": data=get_menu_data(startTime=startTime,endTime=endTime,keyword=keyWord) return data