Beispiel #1
0
func DeleteRbsRecord() {
	session, collection := GetSyslogConn()
	defer session.Close()
	interval := g.Config().Duration.MsgRemove_interval
	removeDuration := g.Config().Duration.MsgRemoveDuration
	for {
		t := time.Now().Add(-time.Duration(removeDuration) * time.Hour).Format(time.RFC3339)
		_, err := collection.RemoveAll(bson.M{"msg": bson.M{"$exists": false}, "timereported": bson.M{"$gt": t}})
		CheckErr(err)
		//        Capture_info(fmt.Sprintf("删除无信息日志 %d条", noMessage.Removed))
		_, err = collection.RemoveAll(bson.M{"$text": bson.M{"$search": "sr0:"}, "timereported": bson.M{"$gt": t}})
		CheckErr(err)
		//        Capture_info(fmt.Sprintf("删除垃圾日志 %d条", rubMessage.Removed))
		time.Sleep(time.Duration(interval) * time.Second)
	}
}
Beispiel #2
0
func SendEmailAlarm(mail *models.Mail) {
	mail_server := g.Config().Api.Email

	auth := smtp.PlainAuth("", "*****@*****.**", "ywkf)(@2", "mail.people.cn")
	sendto := strings.Split(mail.Tos, ",")
	var sendList []string
	for _, to := range sendto {
		if to != "" {
			sendList = append(sendList, to)
		}
	}
	subject := mail.Subject
	content := mail.Content
	mailInfo := strings.Replace("From:监控系统(请勿回复)~To:"+mail.Tos+"~Subject:"+subject+"~~", "~", "\r\n", -1) + content
	err := smtp.SendMail(
		mail_server,
		auth,
		"*****@*****.**",
		sendList,
		[]byte(mailInfo),
	)
	if err != nil {
		log.Println(err)
	}
}
Beispiel #3
0
func SendWechatAlarm(msg *models.Wechat) {
	weChatServer := g.Config().Api.Wechat
	var level int
	switch msg.Priority {
	case 0, 1:
		level = 1
	case 2, 3, 4, 5, 6:
		level = 4
	}

	users := strings.Split(msg.ToUsers, ",")
	groups := strings.Split(msg.ToGrops, ",")
	if len(users) >= 1 && users[0] != "" {
		go func() {
			for _, user := range users {
				r := httplib.Post(weChatServer).SetTimeout(5*time.Second, 2*time.Second)
				r.Param("level", strconv.Itoa(level))
				r.Param("content", msg.Content)
				r.Param("user", user)
				_, err := r.String()
				if err != nil {
					log.Println(err)
				}
			}
		}()
	}
	if len(groups) >= 1 && groups[0] != "" {
		go func() {
			for _, group := range groups {
				r := httplib.Post(weChatServer).SetTimeout(5*time.Second, 2*time.Second)
				r.Param("level", strconv.Itoa(level))
				r.Param("content", msg.Content)
				r.Param("group", group)
				_, err := r.String()
				if err != nil {
					log.Println(err)
				}
			}
		}()
	}
}
Beispiel #4
0
func PaddingIp() {
	duration := g.Config().Duration.HostCheck_interval
	session, collection := GetSyslogConn()
	defer session.Close()
	sessionIP, ipCollection := GetIpConn()
	defer sessionIP.Close()
	for {
		var ips []string
		err := collection.Find(nil).Distinct("fromhost-ip", &ips)
		CheckErr(err)
		rSyslog := make([]*Rsyslog, len(ips))
		for index, val := range ips {
			var res Rsyslog
			collection.Find(bson.M{"fromhost-ip": val}).Sort("-_id").Limit(1).One(&res)
			rSyslog[index] = &res
		}
		for _, val := range rSyslog {
			_, err = ipCollection.Upsert(bson.M{"ip": val.Fromhost_ip}, bson.M{"ip": val.Fromhost_ip, "timeStamp": timeFormat(val.Timereported)})
			CheckErr(err)
		}
		checkHostStat()
		time.Sleep(time.Duration(duration) * time.Second)
	}
}
Beispiel #5
0
func CheckAuth() {
	logFile, err := os.OpenFile(outputLog, os.O_RDWR|os.O_CREATE, 0777)
	CheckErr(err)
	defer logFile.Close()
	logger := log.New(logFile, "[INFO]", log.Ldate|log.Ltime)
	interval := g.Config().Duration.AuthCheck_interval
	defer func() {
		if r := recover(); r != nil {
			fmt.Println("panic err continue")
			time.Sleep(2 * time.Second)
			go CheckAuth()
		}
	}()

	for {
		initMap := make(map[string]int)
		rAlarm := make(map[string]int)
		_, err := os.Stat(msgLog)
		if os.IsNotExist(err) {
			time.Sleep(2 * time.Second)
			continue
		}
		file, err := ioutil.ReadFile(msgLog)
		CheckErr(err)
		reFormatedMsg := strings.TrimSpace(string(file))
		splitMsg := strings.Split(reFormatedMsg, "\n")
		Msglen := len(splitMsg)
		if lastCheckNo > Msglen {
			lastCheckNo = 0
		}
		for _, val := range splitMsg[lastCheckNo:] {
			if strings.Contains(val, "failure") && strings.Contains(val, "authentication") {
				logger.Println("failure authentication message is existent")
				parseMsg := strings.Split(val, " ")
				index := strings.Index(val, "rhost:")
				rhost := strings.TrimSpace(strings.Split(val[index+6:], " ")[0])
				key := fmt.Sprintf("%s->%s", rhost, parseMsg[0])
				if count, ok := initMap[key]; ok {
					count++
					initMap[key] = count
					if _, ok = rAlarm[key]; !ok && count >= 5 {
						hosts := strings.Split(key, "->")
						oriHost := hosts[0]
						desHost := hosts[1]
						content := fmt.Sprintf("%s 多次尝试登录主机 %s, please check!!!", oriHost, desHost)
						wechat := &Wechat{ToUsers: "zhanglinshan,dujinliang", ToGrops: "2", Content: content, Priority: 4}
						SendWechatAlarm(wechat)
						rAlarm[key] = 1
					}
				} else {
					initMap = make(map[string]int)
					rAlarm = make(map[string]int)
					initMap[key] = 1
				}
			} else {
				logger.Println("failure authentication message is non-existent")
			}
		}
		lastCheckNo = Msglen - 2
		logger.Println("read end.... continue")
		time.Sleep(time.Duration(interval) * time.Second)
	}
}