syslog
/* * To change this license header, choose License Headers in Project Properties. * To change this template file, choose Tools | Templates * and open the template in the editor. */ package com.ndkey.auditproxy.paloalto; import com.ndkey.auditproxy.AuditProxy; import com.ndkey.auditproxy.AuditProxyException; import com.ndkey.auditproxy.LoginRequest; import com.ndkey.auditproxy.LogoutRequest; import com.ndkey.auditproxy.config.HostAddressConfig; import com.ndkey.auditproxy.config.PortConfig; import com.ndkey.config.ConfigType; import com.ndkey.exception.DkRuntimeException; import com.ndkey.net.MacAddress; import java.util.HashMap; import java.util.LinkedList; import java.util.List; import java.util.Map; import java.util.UUID; import org.apache.commons.codec.binary.Hex; import org.apache.commons.lang.time.FastDateFormat; import org.productivity.java.syslog4j.SyslogIF; import org.productivity.java.syslog4j.impl.message.structured.StructuredSyslogMessage; import org.productivity.java.syslog4j.impl.net.udp.UDPNetSyslogConfig; import org.slf4j.Logger; import org.slf4j.LoggerFactory; /** * * @author zxf */ public class PaloaltoProxy implements AuditProxy { private static final FastDateFormat DATE_FORMAT = FastDateFormat.getInstance("yyyy-MM-dd' 'HH:mm:ss"); private final Logger _logger = LoggerFactory.getLogger(this.getClass()); private static final List<ConfigType> CONFIG_TYPES = new LinkedList<ConfigType>(); private Map<String, String> configs = new HashMap<String, String>(); private SyslogIF syslog; static { CONFIG_TYPES.add(new HostAddressConfig()); CONFIG_TYPES.add(new PortConfig()); } public String getHostAddress() { return HostAddressConfig.getValue(configs); } public int getPort() { return PortConfig.getValue(configs); } @Override public String getName() { return "Syslog审计代理"; } @Override public void init() throws AuditProxyException { UDPNetSyslogConfig config = new UDPNetSyslogConfig(getHostAddress(), getPort()); try { syslog = (SyslogIF) config.getSyslogClass().newInstance(); syslog.initialize("udp", config); } catch (ReflectiveOperationException ex) { _logger.error("Failed to create syslog", ex); throw new DkRuntimeException(ex); } } @Override public void destroy() { try { syslog.shutdown(); } catch (Exception e) { _logger.error(e.getMessage(), e); } } @Override public List<ConfigType> getConfigTypes() { return CONFIG_TYPES; } @Override public Map<String, String> getConfigs() { return configs; } @Override public void setConfigs(Map<String, String> configs) { this.configs = configs; for (ConfigType type : getConfigTypes()) { if (!this.configs.containsKey(type.getUuid())) { this.configs.put(type.getUuid(), type.getDefaultValue()); } } } @Override public void auditLogin(LoginRequest request) throws AuditProxyException { Map structMap = new HashMap(); Map<String, String> map = new HashMap<String, String>(); map.put("type", "login"); map.put("username", request.getUserName()); if (!request.getRoles().isEmpty()) { map.put("role", request.getRoles().get(0)); } map.put("IP", request.getUserIp().getHostAddress()); if (request.getUserMac().length > 0) { String userMac = MacAddress.parseMacAddress(Hex.encodeHexString(request.getUserMac())).getAddress(); map.put("MAC", userMac); } String time = DATE_FORMAT.format(request.getTime()); map.put("time", time); structMap.put("map", map); StructuredSyslogMessage message = new StructuredSyslogMessage(UUID.randomUUID().toString(), structMap, "from DKEYAM"); syslog.log(1, message); } @Override public void auditLogout(LogoutRequest request) throws AuditProxyException { Map structMap = new HashMap(); Map<String, String> map = new HashMap<String, String>(); map.put("type", "logout"); map.put("username", request.getUserName()); map.put("IP", request.getUserIp().getHostAddress()); String time = DATE_FORMAT.format(request.getTime()); map.put("time", time); structMap.put("map", map); StructuredSyslogMessage message = new StructuredSyslogMessage(UUID.randomUUID().toString(), structMap, "from DKEYAM"); syslog.log(1, message); } }
世上无难事,只要肯登攀。
