Changeset 43

Timestamp:

Jul 23, 2008, 5:08:53 PM (16 years ago)

Author:

waue

Message:

HBaseRecordPro.java -> only modified for debuging SnortUploadHbase?.java

SnortParser?.java -> catch a bug and fix it

SnortUploadHbase?.java -> it can run finally ..

Location:

sample/hadoop-0.16/tw/org/nchc/code

Files:

• HBaseRecordPro.java (modified) (1 diff)
• SnortParser.java (modified) (4 diffs)
• SnortUploadHbase.java (modified) (7 diffs)

sample/hadoop-0.16/tw/org/nchc/code/HBaseRecordPro.java

@@ -97 +97 @@
 
   // table name
-  final static String table_name = "HBaseRecord";
+  final static String table_name = "HBaseRecord2";
 
   // separate char
-  final static String sp = ":";
+  final static String sp = ";";
   
   // conf tmp with column qualify

sample/hadoop-0.16/tw/org/nchc/code/SnortParser.java

@@ -3 +3 @@
  * Editor: Waue Chen 
  * From :  NCHC. Taiwn
- * Last Update Date: 07/17/2008
+ * Last Update Date: 07/23/2008
  */
 
@@ -43 +43 @@
     case 1:
       patten_line = Pattern
-          .compile("^\\[\\**\\] \\[([1-9]*):([1-9]*):([1-9]*)\\] ([^\\[]*)\\[\\**\\]$");
+          .compile("^\\[\\**\\] \\[([0-9]*):([0-9]*):([0-9]*)\\] ([^\\[]*)\\[\\**\\]$");
       break;
     case 2:
@@ -80 +80 @@
     int count = 0;
     do {
-      String tmp = fi.readLine();
-      if (tmp == null) {
+      line = fi.readLine();
+      if (line == null) {
         break;
-      } else if (count < 4) {
-        line = tmp;
+      }else if(line.isEmpty()){
+        fw.write(this.logData.toString() + "\n");
+        this.logData = "";
+        count = 0;        
+      }else if (count < 4) {
         // System.out.println(line);
         snortParser(line, count + 1);
         count++;
-      } else if (count == 4) {
+      } else {
         count++;
-      } else if (count == 5) {
-        fw.write(this.logData.toString() + "\n");
-        this.logData = "";
-        count = 0;
-      } else {
-        System.err.print(" Error ! ");
-        return;
       }
     } while (true);
@@ -105 +101 @@
 
   public static void main(String[] args) throws ParseException, Exception {
-    String in = new String("/home/waue/Desktop/alert");
-    String ou = new String("/home/waue/Desktop/bb");
+    String in = new String("/home/waue/Desktop/alert_m");
+    String ou = new String("/tmp/alert_my");
     SnortParser a = new SnortParser(in, ou);
     a.parseToLine();

sample/hadoop-0.16/tw/org/nchc/code/SnortUploadHbase.java

@@ -3 +3 @@
  * Editor: Waue Chen 
  * From :  NCHC. Taiwn
- * Last Update Date: 07/02/2008
+ * Last Update Date: 07/23/2008
  */
 
 /**
  * Purpose : 
- *  First, program would parse your record and create Hbase.\
- *  Then it sets the first line as column qualify \
- *  Finally it stores in HBase automatically.
+ *  The program will parse the log of snort (/var/log/snort/alert)
+ *    into Hbase table "snort".
  * 
  * HowToUse : 
- *  Make sure two thing :
- *  1. source_file must be regular as follow:
- *    first line: qualify1:qualify2:...:qualifyN
- *    other line: records1:records2:...:recordsN
- *  2. source_file path must be correct.
+ *  Run by eclipse ! (dependency by SnortParser.java)
 
  * Check Result:
  *  Go to hbase console, type : 
- *    hql > select * from t1_table; 
+ *    hql > select * from snort; 
 
 
@@ -46 +41 @@
 import org.apache.hadoop.mapred.lib.IdentityReducer;
 
+import com.sun.org.apache.xerces.internal.impl.xpath.regex.ParseException;
+
 public class SnortUploadHbase {
   /* Major parameter */
@@ -56 +53 @@
 
   // table name
-  final static String table_name = "SnortTable";
+  final static String table_name = "Snort";
 
   // separate char
@@ -62 +59 @@
   
   // data source tmp
-  final static String text_tmp = "/tmp/HBaseRecord.text.tmp";
+  final static String text_tmp = "/tmp/alert_my";
 
   // on this sample, map is nonuse, we use reduce to handle
@@ -71 +68 @@
 
       String first_line = "gid;sid;version;alert name;" +
-          "class;priority;year;month;day;hour;min;second;source;" +
-          "destination;type;ttl;tos;id; iplen;dgmlen";
+          "class;priority;month;day;hour;min;second;source;" +
+          "destination;type;ttl;tos;id; iplen;dgmlen;";
 
       // extract cf data
@@ -124 +121 @@
    * Runs the demo.
    */
-  public static void main(String[] args) throws IOException {
+  public static void main(String[] args) throws IOException,ParseException,Exception {
     
     String[] col_family = {column_family};
@@ -131 +128 @@
 //    setup.parseFirstLine(source_file, text_tmp);
 //    System.out.println(first_line);
-    new SnortParser(source_file,text_tmp);
+    SnortParser sp = new SnortParser(source_file,text_tmp);
+    sp.parseToLine();