func DeleteRbsRecord() {
session, collection := GetSyslogConn()
defer session.Close()
interval := g.Config().Duration.MsgRemove_interval
removeDuration := g.Config().Duration.MsgRemoveDuration
for {
t := time.Now().Add(-time.Duration(removeDuration) * time.Hour).Format(time.RFC3339)
_, err := collection.RemoveAll(bson.M{"msg": bson.M{"$exists": false}, "timereported": bson.M{"$gt": t}})
CheckErr(err)
// Capture_info(fmt.Sprintf("删除无信息日志 %d条", noMessage.Removed))
_, err = collection.RemoveAll(bson.M{"$text": bson.M{"$search": "sr0:"}, "timereported": bson.M{"$gt": t}})
CheckErr(err)
// Capture_info(fmt.Sprintf("删除垃圾日志 %d条", rubMessage.Removed))
time.Sleep(time.Duration(interval) * time.Second)
}
}
func SendEmailAlarm(mail *models.Mail) {
mail_server := g.Config().Api.Email
auth := smtp.PlainAuth("", "*****@*****.**", "ywkf)(@2", "mail.people.cn")
sendto := strings.Split(mail.Tos, ",")
var sendList []string
for _, to := range sendto {
if to != "" {
sendList = append(sendList, to)
}
}
subject := mail.Subject
content := mail.Content
mailInfo := strings.Replace("From:监控系统(请勿回复)~To:"+mail.Tos+"~Subject:"+subject+"~~", "~", "\r\n", -1) + content
err := smtp.SendMail(
mail_server,
auth,
"*****@*****.**",
sendList,
[]byte(mailInfo),
)
if err != nil {
log.Println(err)
}
}
func SendWechatAlarm(msg *models.Wechat) {
weChatServer := g.Config().Api.Wechat
var level int
switch msg.Priority {
case 0, 1:
level = 1
case 2, 3, 4, 5, 6:
level = 4
}
users := strings.Split(msg.ToUsers, ",")
groups := strings.Split(msg.ToGrops, ",")
if len(users) >= 1 && users[0] != "" {
go func() {
for _, user := range users {
r := httplib.Post(weChatServer).SetTimeout(5*time.Second, 2*time.Second)
r.Param("level", strconv.Itoa(level))
r.Param("content", msg.Content)
r.Param("user", user)
_, err := r.String()
if err != nil {
log.Println(err)
}
}
}()
}
if len(groups) >= 1 && groups[0] != "" {
go func() {
for _, group := range groups {
r := httplib.Post(weChatServer).SetTimeout(5*time.Second, 2*time.Second)
r.Param("level", strconv.Itoa(level))
r.Param("content", msg.Content)
r.Param("group", group)
_, err := r.String()
if err != nil {
log.Println(err)
}
}
}()
}
}
func PaddingIp() {
duration := g.Config().Duration.HostCheck_interval
session, collection := GetSyslogConn()
defer session.Close()
sessionIP, ipCollection := GetIpConn()
defer sessionIP.Close()
for {
var ips []string
err := collection.Find(nil).Distinct("fromhost-ip", &ips)
CheckErr(err)
rSyslog := make([]*Rsyslog, len(ips))
for index, val := range ips {
var res Rsyslog
collection.Find(bson.M{"fromhost-ip": val}).Sort("-_id").Limit(1).One(&res)
rSyslog[index] = &res
}
for _, val := range rSyslog {
_, err = ipCollection.Upsert(bson.M{"ip": val.Fromhost_ip}, bson.M{"ip": val.Fromhost_ip, "timeStamp": timeFormat(val.Timereported)})
CheckErr(err)
}
checkHostStat()
time.Sleep(time.Duration(duration) * time.Second)
}
}
func CheckAuth() {
logFile, err := os.OpenFile(outputLog, os.O_RDWR|os.O_CREATE, 0777)
CheckErr(err)
defer logFile.Close()
logger := log.New(logFile, "[INFO]", log.Ldate|log.Ltime)
interval := g.Config().Duration.AuthCheck_interval
defer func() {
if r := recover(); r != nil {
fmt.Println("panic err continue")
time.Sleep(2 * time.Second)
go CheckAuth()
}
}()
for {
initMap := make(map[string]int)
rAlarm := make(map[string]int)
_, err := os.Stat(msgLog)
if os.IsNotExist(err) {
time.Sleep(2 * time.Second)
continue
}
file, err := ioutil.ReadFile(msgLog)
CheckErr(err)
reFormatedMsg := strings.TrimSpace(string(file))
splitMsg := strings.Split(reFormatedMsg, "\n")
Msglen := len(splitMsg)
if lastCheckNo > Msglen {
lastCheckNo = 0
}
for _, val := range splitMsg[lastCheckNo:] {
if strings.Contains(val, "failure") && strings.Contains(val, "authentication") {
logger.Println("failure authentication message is existent")
parseMsg := strings.Split(val, " ")
index := strings.Index(val, "rhost:")
rhost := strings.TrimSpace(strings.Split(val[index+6:], " ")[0])
key := fmt.Sprintf("%s->%s", rhost, parseMsg[0])
if count, ok := initMap[key]; ok {
count++
initMap[key] = count
if _, ok = rAlarm[key]; !ok && count >= 5 {
hosts := strings.Split(key, "->")
oriHost := hosts[0]
desHost := hosts[1]
content := fmt.Sprintf("%s 多次尝试登录主机 %s, please check!!!", oriHost, desHost)
wechat := &Wechat{ToUsers: "zhanglinshan,dujinliang", ToGrops: "2", Content: content, Priority: 4}
SendWechatAlarm(wechat)
rAlarm[key] = 1
}
} else {
initMap = make(map[string]int)
rAlarm = make(map[string]int)
initMap[key] = 1
}
} else {
logger.Println("failure authentication message is non-existent")
}
}
lastCheckNo = Msglen - 2
logger.Println("read end.... continue")
time.Sleep(time.Duration(interval) * time.Second)
}
}
