/*
* Copyright 2014 Eediom Inc
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.araqne.logparser.krsyslog.pnp;
import java.io.UnsupportedEncodingException;
import java.util.HashMap;
import java.util.Map;
import org.araqne.log.api.V1LogParser;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
/**
*
* @author kyun
*/
public class DbSaferLogParser extends V1LogParser {
private final Logger slog = LoggerFactory.getLogger(DbSaferLogParser.class);
private final int SESSION = 100; // 사용자가 DBMS에 접속정보
private final int SESSION_OUT = 110; // 사용자가 DBMS에 접속종료 정보
private final int QUERY = 200; // 사용자가 DBMS에서 사용한 쿼리 정보
private final int QUERY_STRING = 210; // 쿼리 내용 정보
private final int QUERY_RTN_STR = 230; // 쿼리 실행 결과 메시지 정보
private final int QUERY_RTN = 220; // 쿼리 실행 결과 정보
private final int MANAGERLOG = 900; // 매니저 동작 로그
private final int SYSTEMLOG = 901; // 시스템 동작 로그
private int[] field_length;
private String[] field_name;
@Override
public Map<String, Object> parse(Map<String, Object> log) {
String line = (String) log.get("line");
if (line == null)
return log;
try {
Map<String, Object> m = new HashMap<String, Object>();
m.put("버전", line.substring(8, 10));
m.put("레코드종류", line.substring(10, 13));
switch (getRecordType(line)) {
case SESSION:
parseSession();
break;
case SESSION_OUT:
parseSessionOut();
break;
case QUERY:
parseQuery();
break;
case QUERY_STRING:
parseQueryString();
break;
case QUERY_RTN_STR:
parseQueryRtnStr();
break;
case QUERY_RTN:
parseQueryRtn();
break;
case MANAGERLOG:
parseMngLog();
break;
case SYSTEMLOG:
parseSysLog();
break;
default:
return log;
}
String s = line.substring(13);
int start = 0;
for (int i = 0; i < field_name.length; i++) {
if (field_length[i] < 0) {
field_length[i] *= -1;
int tmpLen = Integer.parseInt(s.substring(start, start + field_length[i]));
start += field_length[i];
field_length[i] = tmpLen;
String tmpVal;
tmpVal = subByteString(s.substring(start), field_length[i]);//
m.put(field_name[i], tmpVal);
start += tmpVal.length();
} else {
m.put(field_name[i], s.substring(start, start + field_length[i]));
start += field_length[i];
}
}
return m;
} catch (Throwable t) {
if (slog.isDebugEnabled())
slog.debug("araqne syslog parser: pnp secure dbsafer parse error - [" + line + "]", t);
return log;
}
}
// SESSION
private void parseSession() {
int[] length = { 32, 14, 15, 15, 5, 10, 20, 1, 1, -4, -4, -4, -4, -4, -4, -4 };
String[] keys = { "세션키", "로그인시간", "사용자ip", "dbms서버ip", "dbms서버port", "서비스번호", "정책번호", "허용여부", "alert유무", "alert등급",
"dbms계정", "프로그램명", "os정보", "인증id", "인증사용자명", "인증기타정보" };
this.field_length = length;
this.field_name = keys;
}
// SESSION_OUT
private void parseSessionOut() {
int[] length = { 32, 14, 14 };//
String[] keys = { "세션키", "로그인시간", "로그아웃시간" };
this.field_length = length;
this.field_name = keys;
}
// QUERY
private void parseQuery() {
int[] length = { 32, 14, 10, 20, 1, 1, -4 };
String[] keys = { "세션키", "쿼리실행시간", "쿼리번호", "정책번호", "허용여부", "alert유무", "alert등급" };
this.field_length = length;
this.field_name = keys;
}
// QUERY_STRING
private void parseQueryString() {
int[] length = { 32, 14, 10, -5 };
String[] keys = { "세션키", "쿼리실행시간", "쿼리번호", "쿼리" };
this.field_length = length;
this.field_name = keys;
}
// QUERY_RTN_STR
private void parseQueryRtnStr() {
int[] length = { 32, 14, 10, -5 };
String[] keys = { "세션키", "쿼리실행시간", "쿼리번호", "결과메시지" };
this.field_length = length;
this.field_name = keys;
}
// QUERY_RTN
private void parseQueryRtn() {
int[] length = { 32, 14, 14, 10, 11, 11 };
String[] keys = { "세션키", "쿼리실행시간", "쿼리종료시간", "쿼리번호", "수행시간", "응답크기" };
this.field_length = length;
this.field_name = keys;
}
// MANAGERLOG
private void parseMngLog() {
int[] length = { 32, 32, 14, 32, 15, -4, 1 };
String[] keys = { "키", "세션키", "로그발생시간", "관리자계정", "접속ip", "내용설명", "성공실패여부" };
this.field_length = length;
this.field_name = keys;
}
// SYSTEMLOG
private void parseSysLog() {
int[] length = { 14, -4 };
String[] keys = { "로그발생시간", "상세내용" };
this.field_length = length;
this.field_name = keys;
}
private int getRecordType(String s) {
return Integer.parseInt(s.substring(10, 13));
}
private String subByteString(String str, int endIndex) throws UnsupportedEncodingException {
if (endIndex < 1)
return "";
StringBuffer sbStr = new StringBuffer(endIndex);
int tmpIndex = 0;
while (endIndex > 0) {
String tmpSub = str.substring(tmpIndex, tmpIndex + (endIndex + 1) / 2);
tmpIndex = tmpIndex + (endIndex + 1) / 2;
sbStr.append(tmpSub);
int t = tmpSub.getBytes("EUC-KR").length;
endIndex -= t;
}
return sbStr.toString();
}
}