Changeset 47 for sample/hadoop-0.16/tw/org/nchc
- Timestamp:
- Aug 8, 2008, 4:37:54 PM (16 years ago)
- Location:
- sample/hadoop-0.16/tw/org/nchc/code
- Files:
-
- 3 edited
Legend:
- Unmodified
- Added
- Removed
-
sample/hadoop-0.16/tw/org/nchc/code/LogParser.java
r31 r47 27 27 private String agent; 28 28 private long timestamp; 29 29 30 30 private static Pattern p = Pattern 31 31 .compile("([^ ]*) ([^ ]*) ([^ ]*) \\[([^]]*)\\] \"([^\"]*)\"" + -
sample/hadoop-0.16/tw/org/nchc/code/SnortBase.java
r46 r47 47 47 package tw.org.nchc.code; 48 48 49 import java.io.File;50 import java.io.FileWriter;51 49 import java.io.IOException; 52 import java.text.ParseException;53 50 import java.text.ParsePosition; 54 51 import java.text.SimpleDateFormat; … … 75 72 import org.apache.hadoop.mapred.Reporter; 76 73 77 78 74 class Log { 79 80 public Log(String data) { 75 String gid, sid, version; 76 77 String alert_name, class_type, priority; 78 79 String source, destination, type; 80 81 // String ttl, tos, id, iplen, dgmlen; 82 83 String srcport, dstport,tmp; 84 public Log(String data) { 81 85 82 86 String[] arr = data.split(";"); 83 84 87 this.gid = arr[0]; 85 88 this.sid = arr[1]; … … 88 91 this.class_type = arr[4]; 89 92 this.priority = arr[5]; 90 this.timestamp = getTime(arr[7] + "/" + arr[6] + ":" + arr[8] 91 + ":" + arr[9] + ":" + arr[10]); 92 // this.timestamp = now.getTime(); 93 this.source = arr[11]; 94 this.destination = arr[12]; 93 this.timestamp = getTime(arr[7] + "/" + arr[6] + ":" + arr[8] + ":" 94 + arr[9] + ":" + arr[10]); 95 this.source = getIP(arr[11]); 96 this.srcport = this.tmp; 97 this.destination = getIP(arr[12]); 98 this.dstport = this.tmp; 95 99 this.type = arr[13]; 96 this.ttl = arr[14]; 97 this.tos = arr[15]; 98 this.id = arr[16]; 99 this.iplen = arr[17]; 100 this.dgmlen = arr[18]; 101 102 } 103 Date now = new Date(); 100 // this.ttl = arr[14]; 101 // this.tos = arr[15]; 102 // this.id = arr[16]; 103 // this.iplen = arr[17]; 104 // this.dgmlen = arr[18]; 105 106 } 104 107 long timestamp; 105 108 106 String gid, sid, version; 107 108 String alert_name, class_type, priority; 109 110 String source, destination, type, ttl, tos, id, iplen, dgmlen; 109 110 String getIP(String str){ 111 String res; 112 int n = str.indexOf(":"); 113 if (n == -1) { 114 res = str; 115 this.tmp = "0"; 116 } else { 117 String[] vec = str.split(":"); 118 res = vec[0]; 119 this.tmp = vec[1]; 120 } 121 return res; 122 } 111 123 112 124 long getTime(String str) { 113 125 SimpleDateFormat sdf = new SimpleDateFormat("dd/MM:HH:mm:ss", 114 126 Locale.TAIWAN); 115 Long timestamp = sdf.parse(str, new ParsePosition(0)).getTime();127 Long timestamp = sdf.parse(str, new ParsePosition(0)).getTime(); 116 128 return timestamp; 117 129 } … … 124 136 public static final String TABLE = "table.name"; 125 137 126 static String tableName = " SnortBase";138 static String tableName = "flex"; 127 139 128 140 static HTable table = null; 129 130 141 131 142 public static class MapClass extends MapReduceBase implements … … 143 154 public void map(WritableComparable key, Text value, 144 155 OutputCollector<Text, Writable> output, Reporter reporter) 145 throws IOException{ 146 147 // try { 148 149 Log log = new Log(value.toString()); 150 151 // 查看value的值 152 FileWriter out = new FileWriter(new File( 153 "/home/waue/Desktop/snort-result.txt")); 154 out.write(value.toString() + "_time=" + log.timestamp + "\n"); 155 out.flush(); 156 out.close(); 157 158 if (table == null) 159 table = new HTable(conf, new Text(tableName)); 160 161 long lockId = table.startUpdate(new Text(log.destination)); 162 table.put(lockId, new Text("id:gid"), log.gid.getBytes()); 163 table.put(lockId, new Text("id:sid"), log.sid.getBytes()); 164 table.put(lockId, new Text("id:version"), log.version 165 .getBytes()); 166 table.put(lockId, new Text("name:name"), log.alert_name 167 .getBytes()); 168 table.put(lockId, new Text("name:class"), log.class_type 169 .getBytes()); 170 table.put(lockId, new Text("index:priority"), log.priority 171 .getBytes()); 172 table.put(lockId, new Text("index:soure"), log.source 173 .getBytes()); 174 table 175 .put(lockId, new Text("payload:type"), log.type 176 .getBytes()); 177 table.put(lockId, new Text("payload:ttl"), log.ttl.getBytes()); 178 table.put(lockId, new Text("payload:tos"), log.tos.getBytes()); 179 table.put(lockId, new Text("payload:id"), log.id.getBytes()); 180 table.put(lockId, new Text("payload:iplen"), log.iplen 181 .getBytes()); 182 table.put(lockId, new Text("payload:dgmlen"), log.dgmlen 183 .getBytes()); 184 table.commit(lockId, log.timestamp); 185 186 // } catch (Exception e) { 187 // e.printStackTrace(); 188 // } 156 throws IOException { 157 158 // try { 159 160 Log log = new Log(value.toString()); 161 162 // 查看value的值 163 // FileWriter out = new FileWriter(new File( 164 // "/home/waue/Desktop/snort-result.txt")); 165 // out.write(value.toString() + "_time=" + log.timestamp + "\n"); 166 // out.flush(); 167 // out.close(); 168 169 if (table == null) 170 table = new HTable(conf, new Text(tableName)); 171 172 long lockId = table.startUpdate(new Text(log.destination)); 173 table.put(lockId, new Text("id:gid"), log.gid.getBytes()); 174 table.put(lockId, new Text("id:sid"), log.sid.getBytes()); 175 table.put(lockId, new Text("id:version"), log.version.getBytes()); 176 table.put(lockId, new Text("name:name"), log.alert_name.getBytes()); 177 table 178 .put(lockId, new Text("name:class"), log.class_type 179 .getBytes()); 180 table.put(lockId, new Text("id:priority"), log.priority 181 .getBytes()); 182 table.put(lockId, new Text("direction:soure"), log.source.getBytes()); 183 table.put(lockId, new Text("direction:srcport"), log.srcport.getBytes()); 184 table.put(lockId, new Text("direction:dstport"), log.dstport.getBytes()); 185 table.put(lockId, new Text("payload:type"), log.type.getBytes()); 186 // table.put(lockId, new Text("payload:ttl"), log.ttl.getBytes()); 187 // table.put(lockId, new Text("payload:tos"), log.tos.getBytes()); 188 // table.put(lockId, new Text("payload:id"), log.id.getBytes()); 189 // table.put(lockId, new Text("payload:iplen"), log.iplen 190 // .getBytes()); 191 // table.put(lockId, new Text("payload:dgmlen"), log.dgmlen 192 // .getBytes()); 193 table.commit(lockId, log.timestamp); 194 195 // } catch (Exception e) { 196 // e.printStackTrace(); 197 // } 189 198 190 199 } … … 212 221 jobConf.set(TABLE, tableName); 213 222 // 先省略 自動搜尋目錄的功能 214 /* 215 * Path[] in = listPaths(fs, InputDir); if (fs.isFile(InputDir)) { 216 * jobConf.setInputPath(InputDir); } else { for (int i = 0; i < 217 * in.length; i++) { if (fs.isFile(in[i])) { 218 * jobConf.addInputPath(in[i]); } else { Path[] sub = listPaths(fs, 219 * in[i]); for (int j = 0; j < sub.length; j++) { if (fs.isFile(sub[j])) { 220 * jobConf.addInputPath(sub[j]); } } } } } 221 */ 223 // Path InputDir = new Path(inpath); 224 // Path[] in = listPaths(fs, InputDir); 225 // if (fs.isFile(InputDir)) 226 // { 227 // jobConf.setInputPath(InputDir); 228 // } 229 // else{ 230 // for (int i = 0; i < in.length; i++){ 231 // if (fs.isFile(in[i])){ 232 // jobConf.addInputPath(in[i]); 233 // } else 234 // { 235 // Path[] sub = listPaths(fs, in[i]); 236 // for (int j = 0; j < sub.length; j++) 237 // { 238 // if (fs.isFile(sub[j])) 239 // { 240 // jobConf.addInputPath(sub[j]); 241 // } } } } } 242 222 243 jobConf.setInputPath(InputPath); 223 244 jobConf.setOutputPath(tempDir); … … 241 262 tableDesc.addFamily(new HColumnDescriptor("id:")); 242 263 tableDesc.addFamily(new HColumnDescriptor("name:")); 243 tableDesc.addFamily(new HColumnDescriptor(" index:"));264 tableDesc.addFamily(new HColumnDescriptor("direction:")); 244 265 tableDesc.addFamily(new HColumnDescriptor("payload:")); 245 tableDesc.addFamily(new HColumnDescriptor("priority:"));246 266 admin.createTable(tableDesc); 247 267 } else { … … 253 273 public static void main(String[] args) throws IOException, Exception { 254 274 255 String path = "/user/waue/ alert_meta";275 String path = "/user/waue/snort-log/alert_flex_parsed.txt"; 256 276 257 277 // 先省略掉 parse完後自動上傳部份 -
sample/hadoop-0.16/tw/org/nchc/code/SnortParser.java
r45 r47 55 55 case 4: 56 56 patten_line = Pattern 57 .compile("^([^ ]*) TTL:([^ ]*) TOS:([^ ]*) ID:([^ ]*) IpLen:([^ ]*) DgmLen:([^ ]*)$"); 57 .compile("^([^ ]*) [^$]*$"); 58 // .compile("^([^ ]*) TTL:([^ ]*) TOS:([^ ]*) ID:([^ ]*) IpLen:([^ ]*) DgmLen:([^ ]*)$"); 59 58 60 break; 59 61 default: … … 69 71 this.logData += (data[j] + ";"); 70 72 } 71 73 }else if(i ==1 ){ 74 this.logData += "0;0;0;parse error;"; 75 }else if(i == 2){ 76 this.logData += "Port Scan;3;"; 77 }else if(i == 3){ 78 this.logData += "01;01;00;00;00;error;error;"; 79 }else if(i == 4){ 80 this.logData += "0;"; 81 }else{ 82 this.logData = "*FatalError*"; 72 83 } 73 84 … … 83 94 if (line == null) { 84 95 break; 85 } else if(line.isEmpty()){96 } else if (line.isEmpty()) { 86 97 fw.write(this.logData.toString() + "\n"); 87 98 this.logData = ""; 88 count = 0; 89 } else if (count < 4) {99 count = 0; 100 } else if (count < 4) { 90 101 // System.out.println(line); 91 102 snortParser(line, count + 1); … … 100 111 } 101 112 113 // 需搞定icmp ping 的格式問題 102 114 public static void main(String[] args) throws ParseException, Exception { 103 String in = new String("/home/waue/Desktop/alert_ m");104 String ou = new String("/ tmp/alert_SnortBase");115 String in = new String("/home/waue/Desktop/alert_flex.txt"); 116 String ou = new String("/home/waue/Desktop/alert_flex_parsed.txt"); 105 117 SnortParser a = new SnortParser(in, ou); 106 118 a.parseToLine();
Note: See TracChangeset
for help on using the changeset viewer.