| 123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201 |
- using Azure.Storage.Blobs;
- using Azure.Storage.Blobs.Models;
- using Azure.Storage.Blobs.Specialized;
- using System;
- using System.Collections.Generic;
- using System.IO;
- using System.Linq;
- using System.Text;
- using System.Threading.Tasks;
- using TEAMModelOS.SDK.Context.BI;
- using TEAMModelOS.SDK.DI;
- using TEAMModelOS.SDK.Extension;
- using TEAMModelOS.SDK.Models.Cosmos.BI;
- namespace TEAMModelOS.SDK.Models.Service.BI
- {
- public static class BILogAnalyseService
- {
- /// <summary>
- /// 读取全部的防火墙日志文件并分析保存至
- /// </summary>
- /// <param name="_azureStorage"></param>
- /// <param name="site"></param>
- /// <returns></returns>
- public static async Task<(List<RecCnt> recCnts ,List<string> saveUrls)> GetAllLogAnalyse(AzureStorageFactory _azureStorage,string site = null)
- {
- var blobClient = _azureStorage.GetBlobContainerClient($"insights-logs-applicationgatewayfirewalllog", name: BIConst.LogChina);
- if ($"{site}".Equals(BIConst.Global))
- {
- blobClient = _azureStorage.GetBlobContainerClient($"insights-logs-applicationgatewayfirewalllog", name: BIConst.Global);
- }
- List<RecCnt> recCnts = new();
- List<string> urls = new();
- //地址: y={year}/m={month}/d={day}/h={hour}/m=00/PT1H.json
- string logName = "resourceId=/SUBSCRIPTIONS/73B7F9EF-D8B7-4444-9E8D-D80B43BF3CD4/RESOURCEGROUPS/TEAMMODELCHENGDU/PROVIDERS/MICROSOFT.NETWORK/APPLICATIONGATEWAYS/OSFIREWARE";
- await foreach (BlobItem blobItem in blobClient.GetBlobsAsync(BlobTraits.None, BlobStates.None, logName))
- {
- StringBuilder visits = new("[");
- BlobClient tempBlobClient = blobClient.GetBlobClient(blobItem.Name);
- BlobDownloadInfo download = tempBlobClient.Download();
- var content = download.Content;
- string text;
- using (var streamReader = new StreamReader(content))
- {
- while ((text = streamReader.ReadLine()) != null)
- {
- if (streamReader.EndOfStream)
- visits.Append($"{text.ToString()}");
- else
- visits.Append($"{text.ToString()},");
- }
- visits.Append("]");
- streamReader.Close();
- }
- string input = visits.ToString();
- List<AGInfo> aGInfos = input.ToObject<List<AGInfo>>();
- DateTimeOffset dtime = DateTimeOffset.UtcNow;
- string cHour = dtime.ToString("yyyyMMddHH");
- string cDay = dtime.ToString("yyyyMMdd");
- if (aGInfos.Count > 0)
- {
- cHour = aGInfos.Select(s => DateTimeOffset.Parse(s.time).ToString("yyyyMMddHH")).First();
- cDay = aGInfos.Select(s => DateTimeOffset.Parse(s.time).ToString("yyyyMMdd")).First();
- }
- RecCnt saveCnts = new();
- List<RecAppGWInfo> recInfo = aGInfos.Select(s => new RecAppGWInfo { hour = cHour, ip = s.properties.clientIp, api = s.properties.requestUri.Split("?").ToList().Count() > 1 ? s.properties.requestUri.Split("?").ToList()[0] : s.properties.requestUri, hostName = s.properties.hostname }).ToList();
- List<RecApiCnt> apiCnt = recInfo.GroupBy(a => a.api).Select(g => new RecApiCnt { api = g.Key, count = g.Count(), hour = cHour, hostName = g.Select(h => h.hostName).Distinct().ToList(), ip = g.Select(i => i.ip).Distinct().ToList() }).ToList();
- saveCnts.apiCnt = apiCnt;
- List<RecIpCnt> ipCnt = recInfo.GroupBy(a => a.ip).Select(g => new RecIpCnt { ip = g.Key, count = g.Count(), hour = cHour, hostName = g.Select(h => h.hostName).Distinct().ToList(), api = g.Select(i => i.api).Distinct().ToList() }).ToList();
- saveCnts.ipCnt = ipCnt;
- recCnts.Add(saveCnts);
- ////保存存至Blob文件
- var url = await _azureStorage.GetBlobContainerClient("0-public").UploadFileByContainer(saveCnts.ToJsonString(), $"visitCnt/{cDay}", $"{cHour}.json");
- urls.Add(url);
- }
- return (recCnts, urls);
- }
- /// <summary>
- /// 通过路径获取日志文件并分析结果
- /// </summary>
- /// <param name="_azureStorage"></param>
- /// <param name="path">防火墙路径</param>
- /// <param name="connectStr">连接字串</param>
- /// <returns></returns>
- public static async Task<(List<RecCnt> recCnts, List<string> saveUrls)> GetPathAnalyse(AzureStorageFactory _azureStorage,string path, string connectName)
- {
- List<RecCnt> recCnts = new();
- List<string> urls = new();
- try {
- var blobClient = _azureStorage.GetBlobContainerClient($"insights-logs-applicationgatewayfirewalllog", name: connectName);
- await foreach (BlobItem blobItem in blobClient.GetBlobsAsync(BlobTraits.None, BlobStates.None, path))
- {
- StringBuilder visits = new("[");
- //BlobClient tempBlobClient = blobClient.GetBlobClient(blobItem.Name);
- //BlobDownloadInfo download = tempBlobClient.Download();
- BlobDownloadInfo download = blobClient.GetBlobClient(blobItem.Name).Download();
- var content = download.Content;
- string text;
- using (var streamReader = new StreamReader(content))
- {
- while ((text = streamReader.ReadLine()) != null)
- {
- if (streamReader.EndOfStream)
- visits.Append($"{text.ToString()}");
- else
- visits.Append($"{text.ToString()},");
- }
- visits.Append("]");
- streamReader.Close();
- }
- string input = visits.ToString();
- List<AGInfo> tempAinfos = input.ToObject<List<AGInfo>>();
- List<AGInfo> tempsert = new List<AGInfo>();
- List<AGInfo> aGInfos = new List<AGInfo>();
- tempAinfos.ForEach(item =>
- {
- string requestUri = item.properties.requestUri;
- var isType = StaticValue.suffixName.Where(k => requestUri.Contains(k)).ToList();
- if (isType.Count == 0)
- aGInfos.Add(item);
- });
- //foreach (var item in tempAinfos)
- //{
- // string requestUri = item.properties.requestUri;
- // var isType = type.Where(k => requestUri.Contains(k)).ToList();
- // if (isType.Count == 0)
- // aGInfos.Add(item);
- //}
- DateTimeOffset dtime = DateTimeOffset.UtcNow;
- string cHour = dtime.ToString("yyyyMMddHH");
- string cDay = dtime.ToString("yyyyMMdd");
- if (aGInfos.Count > 0)
- {
- cHour = aGInfos.Select(s => DateTimeOffset.Parse(s.time).ToString("yyyyMMddHH")).First();
- cDay = aGInfos.Select(s => DateTimeOffset.Parse(s.time).ToString("yyyyMMdd")).First();
- }
- RecCnt saveCnts = new();
- List<RecAppGWInfo> recInfo = aGInfos.Select(s => new RecAppGWInfo { hour = cHour, ip = s.properties.clientIp, api = s.properties.requestUri.Split("?").ToList().Count() > 1 ? s.properties.requestUri.Split("?").ToList()[0] : s.properties.requestUri, hostName = s.properties.hostname,minute = DateTimeOffset.Parse(s.time).ToString("yyyyMMddHHmm") }).ToList();
- List<RecApiCnt> apiCnt = recInfo.GroupBy(a => a.api).Select(g => new RecApiCnt { api = g.Key, count = g.Count(), hour = cHour, hostName = g.Select(h => h.hostName).Distinct().ToList(), ip = g.Select(i => i.ip).Distinct().ToList() }).ToList();
- saveCnts.apiCnt = apiCnt;
- List<RecIpCnt> ipCnt = recInfo.GroupBy(a => a.ip).Select(g => new RecIpCnt { ip = g.Key, count = g.Count(), hour = cHour, hostName = g.Select(h => h.hostName).Distinct().ToList(), api = g.Select(i => i.api).Distinct().ToList() }).ToList();
- saveCnts.ipCnt = ipCnt;
- List<MinuteCnt> minCnts = recInfo.GroupBy(a => a.minute).Select(s => new MinuteCnt { minute = s.Key, cnt = s.Count() }).ToList();
- saveCnts.minCnts = minCnts;
- recCnts.Add(saveCnts);
- //保存存至Blob文件
- var url = await _azureStorage.GetBlobContainerClient("0-public").UploadFileByContainer(saveCnts.ToJsonString(), $"visitCnt/{cDay}", $"{cHour}.json");
- urls.Add(url);
- }
- var azureClient = _azureStorage.GetBlobContainerClient("0-public");//获取容器连接地址
- int expireTime = int.Parse(DateTimeOffset.UtcNow.AddDays(-180).ToString("yyyyMMdd"));
- await foreach (var blobItem in azureClient.GetBlobsAsync(BlobTraits.None, BlobStates.None, prefix: "visitCnt"))
- {
- string[] sub_name = blobItem.Name.Split('/');
- if (sub_name.Length > 2)
- {
- if (int.Parse(sub_name[1]) <= expireTime)
- {
- await azureClient.GetBlobBaseClient(blobItem.Name).DeleteIfExistsAsync();
- }
- }
- }
- } catch (Exception ex) { }
- return (recCnts, urls);
- }
- }
- }
|
