feat: 优化 SSH 日志获取 (#3348)

Refs #3337
1Panel-dev · Dec 15, 2023 · bcd88c6 · bcd88c6
1 parent 4d279a5
commit bcd88c6
Show file tree

Hide file tree

Showing 9 changed files with 53 additions and 730 deletions.
diff --git a/backend/app/api/v1/ssh.go b/backend/app/api/v1/ssh.go
@@ -131,28 +131,6 @@ func (b *BaseApi) LoadSSHSecret(c *gin.Context) {
 	helper.SuccessWithData(c, data)
 }
 
-// @Tags SSH
-// @Summary Analysis host SSH logs
-// @Description 分析 SSH 登录日志
-// @Accept json
-// @Param request body dto.SearchForAnalysis true "request"
-// @Success 200 {array} dto.SSHLogAnalysis
-// @Security ApiKeyAuth
-// @Router /host/ssh/log/analysis [post]
-func (b *BaseApi) AnalysisLog(c *gin.Context) {
-	var req dto.SearchForAnalysis
-	if err := helper.CheckBindAndValidate(&req, c); err != nil {
-		return
-	}
-
-	data, err := sshService.AnalysisLog(req)
-	if err != nil {
-		helper.ErrorWithDetail(c, constant.CodeErrInternalServer, constant.ErrTypeInternalServer, err)
-		return
-	}
-	helper.SuccessWithData(c, data)
-}
-
 // @Tags SSH
 // @Summary Load host SSH logs
 // @Description 获取 SSH 登录日志

diff --git a/backend/app/dto/ssh.go b/backend/app/dto/ssh.go
@@ -44,26 +44,6 @@ type SSHLog struct {
 	FailedCount     int          `json:"failedCount"`
 }
 
-type SearchForAnalysis struct {
-	PageInfo
-	OrderBy string `json:"orderBy" validate:"required,oneof=Success Failed"`
-}
-
-type AnalysisRes struct {
-	Total           int64            `json:"total"`
-	Items           []SSHLogAnalysis `json:"items"`
-	SuccessfulCount int              `json:"successfulCount"`
-	FailedCount     int              `json:"failedCount"`
-}
-
-type SSHLogAnalysis struct {
-	Address         string `json:"address"`
-	Area            string `json:"area"`
-	SuccessfulCount int    `json:"successfulCount"`
-	FailedCount     int    `json:"failedCount"`
-	Status          string `json:"status"`
-}
-
 type SSHHistory struct {
 	Date     time.Time `json:"date"`
 	DateStr  string    `json:"dateStr"`

diff --git a/backend/app/service/ssh.go b/backend/app/service/ssh.go
@@ -32,7 +32,6 @@ type ISSHService interface {
 	UpdateByFile(value string) error
 	Update(req dto.SSHUpdate) error
 	GenerateSSH(req dto.GenerateSSH) error
-	AnalysisLog(req dto.SearchForAnalysis) (*dto.AnalysisRes, error)
 	LoadSSHSecret(mode string) (string, error)
 	LoadLog(req dto.SearchSSHLog) (*dto.SSHLog, error)
 
@@ -310,19 +309,19 @@ func (u *SSHService) LoadLog(req dto.SearchSSHLog) (*dto.SSHLog, error) {
 			case constant.StatusSuccess:
 				commandItem = fmt.Sprintf("cat %s | grep -a Accepted %s", file.Name, command)
 			case constant.StatusFailed:
-				commandItem = fmt.Sprintf("cat %s | grep -a 'Failed password for' | grep -v 'invalid' %s", file.Name, command)
+				commandItem = fmt.Sprintf("cat %s | grep -a 'Failed password for' %s", file.Name, command)
 			default:
-				commandItem = fmt.Sprintf("cat %s | grep -aE '(Failed password for|Accepted)' | grep -v 'invalid' %s", file.Name, command)
+				commandItem = fmt.Sprintf("cat %s | grep -aE '(Failed password for|Accepted)' %s", file.Name, command)
 			}
 		}
 		if strings.HasPrefix(path.Base(file.Name), "auth.log") {
 			switch req.Status {
 			case constant.StatusSuccess:
 				commandItem = fmt.Sprintf("cat %s | grep -a Accepted %s", file.Name, command)
 			case constant.StatusFailed:
-				commandItem = fmt.Sprintf("cat %s | grep -aE 'Failed password for|Connection closed by authenticating user' | grep -v 'invalid' %s", file.Name, command)
+				commandItem = fmt.Sprintf("cat %s | grep -aE 'Failed password for|Connection closed by authenticating user' %s", file.Name, command)
 			default:
-				commandItem = fmt.Sprintf("cat %s | grep -aE \"(Failed password for|Connection closed by authenticating user|Accepted)\" | grep -v 'invalid' %s", file.Name, command)
+				commandItem = fmt.Sprintf("cat %s | grep -aE \"(Failed password for|Connection closed by authenticating user|Accepted)\" %s", file.Name, command)
 			}
 		}
 		dataItem, successCount, failedCount := loadSSHData(commandItem, showCountFrom, showCountTo, file.Year, qqWry, nyc)
@@ -337,89 +336,6 @@ func (u *SSHService) LoadLog(req dto.SearchSSHLog) (*dto.SSHLog, error) {
 	return &data, nil
 }
 
-func (u *SSHService) AnalysisLog(req dto.SearchForAnalysis) (*dto.AnalysisRes, error) {
-	var fileList []string
-	baseDir := "/var/log"
-	if err := filepath.Walk(baseDir, func(pathItem string, info os.FileInfo, err error) error {
-		if err != nil {
-			return err
-		}
-		if !info.IsDir() && (strings.HasPrefix(info.Name(), "secure") || strings.HasPrefix(info.Name(), "auth")) {
-			if !strings.HasSuffix(info.Name(), ".gz") {
-				fileList = append(fileList, pathItem)
-				return nil
-			}
-			itemFileName := strings.TrimSuffix(pathItem, ".gz")
-			if _, err := os.Stat(itemFileName); err != nil && os.IsNotExist(err) {
-				if err := handleGunzip(pathItem); err == nil {
-					fileList = append(fileList, itemFileName)
-				}
-			}
-		}
-		return nil
-	}); err != nil {
-		return nil, err
-	}
-
-	command := ""
-	sortMap := make(map[string]dto.SSHLogAnalysis)
-	for _, file := range fileList {
-		commandItem := ""
-		if strings.HasPrefix(path.Base(file), "secure") {
-			commandItem = fmt.Sprintf("cat %s | grep -aE '(Failed password for|Accepted)' | grep -v 'invalid' %s", file, command)
-		}
-		if strings.HasPrefix(path.Base(file), "auth.log") {
-			commandItem = fmt.Sprintf("cat %s | grep -aE \"(Connection closed by authenticating user|Accepted)\" | grep -v 'invalid' %s", file, command)
-		}
-		loadSSHDataForAnalysis(sortMap, commandItem)
-	}
-	var sortSlice []dto.SSHLogAnalysis
-	for key, value := range sortMap {
-		sortSlice = append(sortSlice, dto.SSHLogAnalysis{Address: key, SuccessfulCount: value.SuccessfulCount, FailedCount: value.FailedCount, Status: "accept"})
-	}
-	if req.OrderBy == constant.StatusSuccess {
-		sort.Slice(sortSlice, func(i, j int) bool {
-			return sortSlice[i].SuccessfulCount > sortSlice[j].SuccessfulCount
-		})
-	} else {
-		sort.Slice(sortSlice, func(i, j int) bool {
-			return sortSlice[i].FailedCount > sortSlice[j].FailedCount
-		})
-	}
-	qqWry, _ := qqwry.NewQQwry()
-	rules, _ := listIpRules("drop")
-	for i := 0; i < len(sortSlice); i++ {
-		sortSlice[i].Area = qqWry.Find(sortSlice[i].Address).Area
-		for _, rule := range rules {
-			if sortSlice[i].Address == rule {
-				sortSlice[i].Status = "drop"
-				break
-			}
-		}
-	}
-
-	var backData dto.AnalysisRes
-	for _, item := range sortSlice {
-		backData.FailedCount += item.FailedCount
-		backData.SuccessfulCount += item.SuccessfulCount
-	}
-
-	var data []dto.SSHLogAnalysis
-	total, start, end := len(sortSlice), (req.Page-1)*req.PageSize, req.Page*req.PageSize
-	if start > total {
-		data = make([]dto.SSHLogAnalysis, 0)
-	} else {
-		if end >= total {
-			end = total
-		}
-		data = sortSlice[start:end]
-	}
-	backData.Items = data
-	backData.Total = int64(total)
-
-	return &backData, nil
-}
-
 func (u *SSHService) LoadSSHConf() (string, error) {
 	if _, err := os.Stat("/etc/ssh/sshd_config"); err != nil {
 		return "", buserr.New("ErrHttpReqNotFound")
@@ -529,147 +445,62 @@ func loadSSHData(command string, showCountFrom, showCountTo, currentYear int, qq
 	return datas, successCount, failedCount
 }
 
-func loadSSHDataForAnalysis(analysisMap map[string]dto.SSHLogAnalysis, commandItem string) {
-	stdout, err := cmd.Exec(commandItem)
-	if err != nil {
-		return
-	}
-	lines := strings.Split(string(stdout), "\n")
-	for i := len(lines) - 1; i >= 0; i-- {
-		var itemData dto.SSHHistory
-		switch {
-		case strings.Contains(lines[i], "Failed password for"):
-			itemData = loadFailedSecureDatas(lines[i])
-		case strings.Contains(lines[i], "Connection closed by authenticating user"):
-			itemData = loadFailedAuthDatas(lines[i])
-		case strings.Contains(lines[i], "Accepted "):
-			itemData = loadSuccessDatas(lines[i])
-		}
-		if len(itemData.Address) != 0 {
-			if val, ok := analysisMap[itemData.Address]; ok {
-				if itemData.Status == constant.StatusSuccess {
-					val.SuccessfulCount++
-				} else {
-					val.FailedCount++
-				}
-				analysisMap[itemData.Address] = val
-			} else {
-				item := dto.SSHLogAnalysis{
-					Address:         itemData.Address,
-					SuccessfulCount: 0,
-					FailedCount:     0,
-				}
-				if itemData.Status == constant.StatusSuccess {
-					item.SuccessfulCount = 1
-				} else {
-					item.FailedCount = 1
-				}
-				analysisMap[itemData.Address] = item
-			}
-		}
-	}
-}
-
 func loadSuccessDatas(line string) dto.SSHHistory {
 	var data dto.SSHHistory
 	parts := strings.Fields(line)
-	t, err := time.Parse("2006-01-02T15:04:05.999999-07:00", parts[0])
-	if err != nil {
-		if len(parts) < 14 {
-			return data
-		}
-		data = dto.SSHHistory{
-			DateStr:  fmt.Sprintf("%s %s %s", parts[0], parts[1], parts[2]),
-			AuthMode: parts[6],
-			User:     parts[8],
-			Address:  parts[10],
-			Port:     parts[12],
-			Status:   constant.StatusSuccess,
-		}
-	} else {
-		if len(parts) < 12 {
-			return data
-		}
-		data = dto.SSHHistory{
-			DateStr:  t.Format("2006 Jan 2 15:04:05"),
-			AuthMode: parts[4],
-			User:     parts[6],
-			Address:  parts[8],
-			Port:     parts[10],
-			Status:   constant.StatusSuccess,
-		}
-	}
+	index, dataStr := analyzeDateStr(parts)
+	if dataStr == "" {
+		return data
+	}
+	data.DateStr = dataStr
+	data.AuthMode = parts[4+index]
+	data.User = parts[6+index]
+	data.Address = parts[8+index]
+	data.Port = parts[10+index]
+	data.Status = constant.StatusSuccess
 	return data
 }
 
 func loadFailedAuthDatas(line string) dto.SSHHistory {
 	var data dto.SSHHistory
 	parts := strings.Fields(line)
-	t, err := time.Parse("2006-01-02T15:04:05.999999-07:00", parts[0])
-	if err != nil {
-		if len(parts) < 14 {
-			return data
-		}
-		data = dto.SSHHistory{
-			DateStr:  fmt.Sprintf("%s %s %s", parts[0], parts[1], parts[2]),
-			AuthMode: parts[8],
-			User:     parts[10],
-			Address:  parts[11],
-			Port:     parts[13],
-			Status:   constant.StatusFailed,
-		}
+	index, dataStr := analyzeDateStr(parts)
+	if dataStr == "" {
+		return data
+	}
+	data.DateStr = dataStr
+	if index == 2 {
+		data.User = parts[10]
 	} else {
-		if len(parts) < 12 {
-			return data
-		}
-		data = dto.SSHHistory{
-			DateStr:  t.Format("2006 Jan 2 15:04:05"),
-			AuthMode: parts[6],
-			User:     parts[7],
-			Address:  parts[9],
-			Port:     parts[11],
-			Status:   constant.StatusFailed,
-		}
+		data.User = parts[7]
 	}
+	data.AuthMode = parts[6+index]
+	data.Address = parts[9+index]
+	data.Port = parts[11+index]
+	data.Status = constant.StatusFailed
 	if strings.Contains(line, ": ") {
 		data.Message = strings.Split(line, ": ")[1]
 	}
 	return data
 }
-
 func loadFailedSecureDatas(line string) dto.SSHHistory {
 	var data dto.SSHHistory
 	parts := strings.Fields(line)
-	t, err := time.Parse("2006-01-02T15:04:05.999999-07:00", parts[0])
-	if err != nil {
-		if len(parts) < 14 {
-			return data
-		}
-		data = dto.SSHHistory{
-			DateStr:  fmt.Sprintf("%s %s %s", parts[0], parts[1], parts[2]),
-			AuthMode: parts[6],
-			User:     parts[8],
-			Address:  parts[10],
-			Port:     parts[12],
-			Status:   constant.StatusFailed,
-		}
+	index, dataStr := analyzeDateStr(parts)
+	if dataStr == "" {
+		return data
+	}
+	data.DateStr = dataStr
+	if strings.Contains(line, " invalid ") {
+		data.AuthMode = parts[4+index]
+		index += 2
 	} else {
-		if len(parts) < 12 {
-			return data
-		}
-		index := 0
-		if strings.Contains(line, " invalid user") {
-			index = 2
-		}
-		data = dto.SSHHistory{
-			DateStr:  t.Format("2006 Jan 2 15:04:05"),
-			AuthMode: parts[4],
-			User:     parts[index+6],
-			Address:  parts[index+8],
-			Port:     parts[index+10],
-			Status:   constant.StatusFailed,
-		}
+		data.AuthMode = parts[4+index]
 	}
+	data.User = parts[6+index]
+	data.Address = parts[8+index]
+	data.Port = parts[10+index]
+	data.Status = constant.StatusFailed
 	if strings.Contains(line, ": ") {
 		data.Message = strings.Split(line, ": ")[1]
 	}
@@ -699,3 +530,17 @@ func loadDate(currentYear int, DateStr string, nyc *time.Location) time.Time {
 	}
 	return itemDate
 }
+
+func analyzeDateStr(parts []string) (int, string) {
+	t, err := time.Parse("2006-01-02T15:04:05.999999-07:00", parts[0])
+	if err != nil {
+		if len(parts) < 14 {
+			return 0, ""
+		}
+		return 2, fmt.Sprintf("%s %s %s", parts[0], parts[1], parts[2])
+	}
+	if len(parts) < 12 {
+		return 0, ""
+	}
+	return 0, t.Format("2006 Jan 2 15:04:05")
+}
diff --git a/backend/router/ro_host.go b/backend/router/ro_host.go
@@ -41,7 +41,6 @@ func (s *HostRouter) InitHostRouter(Router *gin.RouterGroup) {
 		hostRouter.POST("/ssh/generate", baseApi.GenerateSSH)
 		hostRouter.POST("/ssh/secret", baseApi.LoadSSHSecret)
 		hostRouter.POST("/ssh/log", baseApi.LoadSSHLogs)
-		hostRouter.POST("/ssh/log/analysis", baseApi.AnalysisLog)
 		hostRouter.POST("/ssh/conffile/update", baseApi.UpdateSSHByfile)
 		hostRouter.POST("/ssh/operate", baseApi.OperateSSH)