HillstoneFireWallDeepParser.java

package org.infosec.ismp.manager.syslog.hillstone;

import java.sql.Timestamp;
import java.util.regex.Matcher;
import java.util.regex.Pattern;

import org.infosec.ismp.manager.model.HillStoneFireWall;
import org.infosec.ismp.model.event.EventNormalizationFilter;
import org.infosec.ismp.model.syslog.SyslogDeepParser;
import org.infosec.ismp.model.syslog.SyslogDefs;
import org.infosec.ismp.model.syslog.SyslogEntity;
import org.infosec.ismp.util.ThreadCategory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Component;

@Component
public class HillstoneFireWallDeepParser implements SyslogDeepParser {

	private HillStoneFireWallService hillService;
	private EventNormalizationFilter eventNormalizationFilter;

	@Autowired(required=true)
	public void setHillService(HillStoneFireWallService hillService) {
		this.hillService = hillService;
	}

	@Autowired(required=true)
	public void setEventNormalizationFilter(
			EventNormalizationFilter eventNormalizationFilter) {
		this.eventNormalizationFilter = eventNormalizationFilter;
	}

	@Override
	public Runnable createProcessRunnable(final SyslogEntity syslog) {
		return new Runnable() {

			@Override
			public void run() {
				HillStoneFireWall hillstone = new HillStoneFireWall();

				String msg = syslog.getMsg();
//				String timestamp = syslog.getCreateTime();
				String hostname = syslog.getHostname();

				String ipaddr = syslog.getIpaddr();

				String facility = syslog.getFacility();
				String severity = syslog.getSeverity();
				String domain = syslog.getDomain();
				String logSource = syslog.getNodeid();

				// String msg =
				// "46083603 Traffic@FLOW: srcip 222.72.248.170, srcport 54645, dstip 202.120.200.7, dstport 443, protocol TCP, vr trust-vr, nattype dnat, transip 192.168.16.1, transport 443, ruleid 11";
				// 对msg做解析...并封装为HillStoneFireWall对象入库

				// String msg1 =
				// "44243602 Traffic@SECURITY: srcip 192.168.17.88, srcport 2043, dstip 202.120.200.7, dstport 443, protocol TCP, interface ethernet0/1, policyid 3, action: policy session start";
				Pattern pattern = Pattern
						.compile("^[^@]*@([^:]*):\\ssrcip\\s([^,]*),\\ssrcport\\s([^,]*),\\sdstip\\s([^,]*),\\sdstport\\s([^,]*),\\sprotocol\\s([^,]*),\\s(.*)");

				Matcher matcher = pattern.matcher(msg);
				if (matcher.find()) {
					String[] parsedMessage = new String[matcher.groupCount()];

					for (int k = 0; k < matcher.groupCount(); k++) {
						parsedMessage[k] = matcher.group(k + 1);

						// System.out.println(parsedMessage[k]);
					}

					hillstone.setMessageType(parsedMessage[0]);
					hillstone.setSrcip(parsedMessage[1]);
					hillstone.setSrcport(parsedMessage[2]);
					hillstone.setDestip(parsedMessage[3]);
					hillstone.setDestport(parsedMessage[4]);
					hillstone.setProtocol(parsedMessage[5]);
					hillstone.setMsg(parsedMessage[6]);

				}

				try {
					hillstone.setTimestamp(new Timestamp(syslog.getCreateTime().getTime()));
					hillstone.setHostname(hostname);
					hillstone.setIpaddr(ipaddr);
					hillstone.setLogSourceseQuence(logSource);
					hillstone.setFacility(SyslogDefs.getFacility(facility));
					hillstone.setSeverity(Integer.valueOf(SyslogDefs.getPriority(severity)));
					hillstone.setDomain(domain);

					hillService.saveHillstone(hillstone);
					eventNormalizationFilter.eventFilter(hillstone);
				} catch (Throwable e) {
					log().warn("",e);
				}
			}
		};
	}
	
	ThreadCategory log(){
		return ThreadCategory.getInstance(getClass());
	}
}