业务要求:
从日志中找出攻击公司的 ip 等相关信息。
业务实现:
引入依赖
<dependencies>
<dependency>
<groupId>net.sourceforge.jexcelapi</groupId>
<artifactId>jxl</artifactId>
<version>2.6.10</version>
</dependency>
<dependency>
<groupId>org.projectlombok</groupId>
<artifactId>lombok</artifactId>
<version>1.18.10</version>
<scope>provided</scope>
</dependency>
<dependency>
<groupId>junit</groupId>
<artifactId>junit</artifactId>
<version>RELEASE</version>
<scope>compile</scope>
</dependency>
</dependencies>
日志部分文件
2022-06-25 21:37:40.611 INFO 9325 --- [nio-8101-exec-1] com.zaxxer.hikari.HikariDataSource : HikariPool-1 - Starting...
2022-06-25 21:37:40.931 INFO 9325 --- [nio-8101-exec-1] com.zaxxer.hikari.pool.PoolBase : HikariPool-1 - Driver does not support get/set network timeout for connections. (Receiver class oracle.jdbc.driver.T4CConnection does not define or inherit an implementation of the resolved method 'abstract int getNetworkTimeout()' of interface java.sql.Connection.)
2022-06-25 21:37:40.940 INFO 9325 --- [nio-8101-exec-1] com.zaxxer.hikari.HikariDataSource : HikariPool-1 - Start completed.
2022-06-25 21:37:42.134 ERROR 9325 --- [nio-8101-exec-2] c.b.c.hmhribbon.config.AuthInterceptor : 令牌超时,访问IP:112.96.43.66, 127.0.0.1
2022-06-25 21:37:46.044 ERROR 9325 --- [nio-8101-exec-2] c.b.c.hmhribbon.config.AuthInterceptor : 令牌超时,访问IP:14.123.224.227, 127.0.0.1
2022-06-25 21:37:46.782 ERROR 9325 --- [nio-8101-exec-7] c.b.c.hmhribbon.config.AuthInterceptor : 令牌超时,访问IP:120.231.169.31, 127.0.0.1
2022-06-26 20:52:34.509 ERROR 9325 --- [nio-8101-exec-5] c.b.c.h.c.ReservationController : 操作过于频繁,用户标识:822842 ip:183.46.179.145, 127.0.0.1
2022-06-26 20:52:34.530 ERROR 9325 --- [io-8101-exec-11] c.b.c.h.c.ReservationController : 操作过于频繁,用户标识:822842 ip:183.46.179.145, 127.0.0.1
2022-06-26 20:52:34.627 ERROR 9325 --- [nio-8101-exec-4] c.b.c.h.c.ReservationController : 操作过于频繁,用户标识:822408 ip:112.97.86.180, 127.0.0.1
2022-06-26 20:52:34.636 ERROR 9325 --- [nio-8101-exec-7] c.b.c.h.c.ReservationController : 操作过于频繁,用户标识:822842 ip:183.46.179.145, 127.0.0.1
2022-06-26 20:52:34.740 ERROR 9325 --- [nio-8101-exec-5] c.b.c.h.c.ReservationController : 操作过于频繁,用户标识:822842 ip:183.46.179.145, 127.0.0.1
2022-06-26 20:52:34.744 ERROR 9325 --- [io-8101-exec-12] c.b.c.h.c.ReservationController : 操作过于频繁,用户标识:822408 ip:112.97.86.180, 127.0.0.1
2022-06-26 20:52:34.837 ERROR 9325 --- [io-8101-exec-13] c.b.c.h.c.ReservationController : 操作过于频繁,用户标识:822842 ip:183.46.179.145, 127.0.0.1
代码编写:
主业务类
/**
* 统计 ip 地址
*/
public class DocHandler {
public static void main(String[] args) {
DocHandler docHandler = new DocHandler();
Map<String, IpAndError> stringIpAndErrorMap = docHandler.getErrorInfoMap("C:\\Users\\nico\\Desktop\\hugo\\console.txt");
ExportExcel.writeExcel(stringIpAndErrorMap);
}
public Map<String, IpAndError> getErrorInfoMap(String name) {
// 使用ArrayList来存储每行读取到的字符串
ArrayList<String> arrayList = new ArrayList<String>();
Map<String, IpAndError> hashMap = new HashMap<String,IpAndError>();
ArrayList<IpAndError> ipAndErrors = new ArrayList<>();
try {
FileReader fr = new FileReader(name);
BufferedReader bf = new BufferedReader(fr);
String str = null;
String sign = null;
String error = null;
Integer times = 1;
//((25[0-5])|(2[0-4]\d)|(1\d\d)|([1-9]\d)|\d)(\.((25[0-5])|(2[0-4]\d)|(1\d\d)|([1-9]\d)|\d)){3}
//"\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}+[,]"
//"([1-9]|[1-9]\\d|1\\d{2}|2[0-4]\\d|25[0-5])(\\.(\\d|[1-9]\\d|1\\d{2}|2[0-4]\\d|25[0-5])){3}"
String ip = "\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}+[,]";
// 按行读取字符串 14.123.224.227,
Pattern p = Pattern.compile(ip);
while ((str = bf.readLine()) != null) {
Matcher m = p.matcher(str);
while (m.find()) { //一定需要先查找再调用group获取电话号码
arrayList.add(str);
String[] split = str.split(":");
String[] desc = split[0].split(" : ");
/**
* 操作过于频繁,用户标识:837905 ip
* 非法访问,访问IP
*/
//操作过于频繁,用户标识:837905 ip
String errors = desc[(desc.length - 1)];
if (errors.split(",").length >= 2) {
error = errors.split(",")[0];
//用户标识:837905 ip
//837905 ip
//837905
if(errors.split(",")[1].split(":").length>=2){
sign = errors.split(",")[1].split(":")[1].split(" ")[0];
}
}
//非法访问,访问IP
if (errors.split(",").length >= 2) {
error = errors.split(",")[0];
}
String ips = split[1].split(",")[0];
//822842 ip:183.46.179.145
if(split[1].split(",")[0].split(":").length>=2){
ips = split[1].split(",")[0].split(":")[1];
sign = split[1].split(",")[0].split(":")[0].split(" ")[0];
}
if(!hashMap.containsKey(ips)){
hashMap.put(ips,new IpAndError(error,sign,times));
}else {
hashMap.get(ips).setTimes((hashMap.get(ips).getTimes()+1));
}
}
}
bf.close();
fr.close();
} catch (IOException e) {
e.printStackTrace();
}
System.out.println(hashMap);
return hashMap;
}
}
实体类
@Data
public class IpAndError {
//错误信息
private String error;
//识别标识
private String sign;
//出现的次数
private int times;
public IpAndError() {
}
public IpAndError(String error,String sign,int times) {
this.times = times;
this.error = error;
this.sign = sign;
}
}
工具类
/**
* 导出数据到 excel 中
*/
public class ExportExcel {
public static void writeExcel(Map<String,IpAndError> hashMap) {
//开始写入excel,创建模型
String[] titleA = {"ip", "error", "sign","times"};
//创建Excel文件,B库CD表文件
File fileA = new File("D:/errorInfo.xls");
if (fileA.exists()) {
//如果文件存在就删除
fileA.delete();
}
try {
fileA.createNewFile();
//创建工作簿
WritableWorkbook workbookA = Workbook.createWorkbook(fileA);
//WritableWorkbook workbookA = null;
//创建sheet
WritableSheet sheetA = workbookA.createSheet("sheet1", 0);
Label labelA = null;
//设置列名
for (int i = 0; i < titleA.length; i++) {
labelA = new Label(i, 0, titleA[i]);
sheetA.addCell(labelA);
}
int k = 1;
for(String key:hashMap.keySet()){
labelA = new Label(0, k, key);
sheetA.addCell(labelA);
labelA = new Label(1, k, hashMap.get(key).getError());
sheetA.addCell(labelA);
labelA = new Label(2, k, hashMap.get(key).getSign());
sheetA.addCell(labelA);
labelA = new Label(3, k, hashMap.get(key).getTimes()+"");
sheetA.addCell(labelA);
k++;
}
workbookA.write(); //写入数据
workbookA.close(); //关闭连接
System.out.println("成功写入文件,请前往d盘查看文件!");
} catch (Exception e) {
System.out.println("文件写入失败,报异常...");
}
}
}
效果展示
扫一扫
560
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
