Esempio n. 1
0
        LogRecord ParserLogLine(string s)
        {
            string[]  ss     = s.Split(' ');
            int       len    = ss.Length;
            LogRecord record = new LogRecord();

            record.ReceiveBytes = 0;
            record.SendBytes    = 0;
            record.Referer      = "";

            for (int i = 0; i < len; i++)
            {
                switch (this.Fields[i])
                {
                case "c-ip":
                    record.ClientIP = ss[i];
                    break;

                case "date":
                    record.Date = ss[i];
                    break;

                case "cs-method":
                    record.Method = ss[i];
                    break;

                case "s-port":
                    record.Port = ss[i];
                    break;

                case "cs-bytes":
                    record.ReceiveBytes = ConvertUtil.ToInt32(ss[i], 0);
                    break;

                case "cs(Referer)":
                    record.Referer = ss[i];
                    break;

                case "sc-bytes":
                    record.SendBytes = ConvertUtil.ToInt32(ss[i], 0);
                    break;

                case "s-ip":
                    record.ServerIP = ss[i];
                    break;

                case "s-sitename":
                    record.SiteName = ss[i];
                    break;

                case "sc-status":
                    record.Status = ss[i];
                    break;

                case "sc-substatus":
                    record.SubStatus = ss[i];
                    break;

                case "time":
                    record.Time = ss[i];
                    break;

                case "cs-uri-query":
                    record.UriQuery = ss[i];
                    break;

                case "cs-uri-stem":
                    record.UriStem = ss[i];
                    break;

                case "cs(User-Agent)":
                    record.UserAgent = ss[i];
                    break;

                case "cs-username":
                    record.UserName = ss[i];
                    break;

                case "sc-win32-status":
                    record.Win32Status = ss[i];
                    break;

                case "cs-host":
                    break;

                case "time-taken":
                    break;

                case "cs-version":
                    break;

                case "s-computername":
                    break;

                case "cs(Cookie)":
                    break;

                default:
                    break;
                }
            }

            ParseExtendField(record);
            return(record);
        }
Esempio n. 2
0
        bool DoFilter(LogRecord record)
        {
            if (filter.Method == 1)
            {
                if (record.Method != "GET")
                {
                    return(false);
                }
            }
            if (filter.Method == 2)
            {
                if (record.Method != "POST")
                {
                    return(false);
                }
            }

            if (filter.AllowQueryByTime)
            {
                if (record.LogTime < filter.BeginTime)
                {
                    return(false);
                }
                if (record.LogTime > filter.EndTime)
                {
                    return(false);
                }
            }

            if (filter.AllowQueryByIP)
            {
                if (filter.IPList.Contains(record.ClientIP) == false)
                {
                    return(false);
                }
            }

            if (filter.AllowQueryByStatus)
            {
                if (filter.StatusList.Contains(record.Status) == false)
                {
                    return(false);
                }
            }

            if (filter.AllowQueryByIPLocation)
            {
                bool flag = false;
                foreach (string s in filter.IPLocationList)
                {
                    if (record.ClientIPLocation.StartsWith(s) == true)
                    {
                        flag = true;
                        break;
                    }
                }
                if (flag == false)
                {
                    return(false);
                }
            }

            if (filter.AllowQueryByReferer)
            {
                bool flag = false;
                foreach (string s in filter.RefererList)
                {
                    if (record.Referer.ToLower().StartsWith(s) == true)
                    {
                        flag = true;
                        break;
                    }
                }
                if (flag == false)
                {
                    return(false);
                }
            }

            if (filter.AllowQueryByUri)
            {
                bool flag = false;
                foreach (string s in filter.UriList)
                {
                    //if (r.UriStem.StartsWith(s) == true)
                    if (record.UriStem.ToLower().Contains(s) == true)
                    {
                        flag = true;
                        break;
                    }
                }
                if (flag == false)
                {
                    return(false);
                }
            }

            if (filter.AllowQueryByUserAgent)
            {
                bool flag = false;
                foreach (string s in filter.UserAgentList)
                {
                    if (record.UserAgent.StartsWith(s) == true)
                    {
                        flag = true;
                        break;
                    }
                }
                if (flag == false)
                {
                    return(false);
                }
            }

            return(true);
        }
Esempio n. 3
0
        //解析扩展字段
        private void ParseExtendField(LogRecord record)
        {
            if (qqWry != null)
            {
                string ipLocation = qqWry.Query(record.ClientIP).Country;
                record.ClientIPLocation = ipLocation;
            }

            record.UriStemAlias = "";
            foreach (KeyValuePair<string,string> kvp in dicUriStemAliasMapping)
            {
                if (record.UriStem.Trim().ToLower() == kvp.Key.Trim().ToLower())
                {
                    record.UriStemAlias = kvp.Value;
                    break;
                }
            }
            record.RefererAlias = "";
            foreach (KeyValuePair<string, string> kvp in dicRefererAliasMapping)
            {
                if (record.Referer.ToLower().StartsWith(kvp.Key.ToLower()))
                {
                    record.RefererAlias = kvp.Value;
                    break;
                }
            }
            record.UserAgentAliasList = new List<string>();
            foreach (KeyValuePair<string, string> kvp in dicUserAgentAliasMapping)
            {
                //多次匹配统计,一条日志记录的用户代理字段可以匹配多个别名
                if (record.UserAgent.ToLower().Contains(kvp.Key.ToLower()))
                {
                    record.UserAgentAliasList.Add(kvp.Value);

                    if (dicUserAgentAlias.ContainsKey(kvp.Value))
                    {
                        int val = dicUserAgentAlias[kvp.Value];
                        dicUserAgentAlias[kvp.Value] = val + 1;
                    }
                    else
                    {
                        dicUserAgentAlias.Add(kvp.Value, 1);
                    }
                }
            }
        }
Esempio n. 4
0
        LogRecord ParserLogLine(string s)
        {
            string[] ss = s.Split(' ');
            int len = ss.Length;
            LogRecord record = new LogRecord();
            record.ReceiveBytes = 0;
            record.SendBytes = 0;
            record.Referer = "";

            for (int i = 0; i < len; i++)
            {
                switch (this.Fields[i])
                {
                    case "c-ip":
                        record.ClientIP = ss[i];
                        break;
                    case "date":
                        record.Date = ss[i];
                        break;
                    case "cs-method":
                        record.Method = ss[i];
                        break;
                    case "s-port":
                        record.Port = ss[i];
                        break;
                    case "cs-bytes":
                        record.ReceiveBytes = ConvertUtil.ToInt32(ss[i], 0);
                        break;
                    case "cs(Referer)":
                        record.Referer = ss[i];
                        break;
                    case "sc-bytes":
                        record.SendBytes = ConvertUtil.ToInt32(ss[i], 0);
                        break;
                    case "s-ip":
                        record.ServerIP = ss[i];
                        break;
                    case "s-sitename":
                        record.SiteName = ss[i];
                        break;
                    case "sc-status":
                        record.Status = ss[i];
                        break;
                    case "sc-substatus":
                        record.SubStatus = ss[i];
                        break;
                    case "time":
                        record.Time = ss[i];
                        break;
                    case "cs-uri-query":
                        record.UriQuery = ss[i];
                        break;
                    case "cs-uri-stem":
                        record.UriStem = ss[i];
                        break;
                    case "cs(User-Agent)":
                        record.UserAgent = ss[i];
                        break;
                    case "cs-username":
                        record.UserName = ss[i];
                        break;
                    case "sc-win32-status":
                        record.Win32Status = ss[i];
                        break;

                    case "cs-host":
                        break;
                    case "time-taken":
                        break;
                    case "cs-version":
                        break;
                    case "s-computername":
                        break;
                    case "cs(Cookie)":
                        break;
                    default:
                        break;
                }
            }

            ParseExtendField(record);
            return record;
        }
Esempio n. 5
0
        bool DoFilter(LogRecord record)
        {
            if (filter.Method == 1)
            {
                if (record.Method != "GET") return false;
            }
            if (filter.Method == 2)
            {
                if (record.Method != "POST") return false;
            }

            if (filter.AllowQueryByTime)
            {
                if (record.LogTime < filter.BeginTime) return false;
                if (record.LogTime > filter.EndTime) return false;
            }

            if (filter.AllowQueryByIP)
            {
                if (filter.IPList.Contains(record.ClientIP) == false) return false;
            }

            if (filter.AllowQueryByStatus)
            {
                if (filter.StatusList.Contains(record.Status) == false) return false;
            }

            if (filter.AllowQueryByIPLocation)
            {
                bool flag = false;
                foreach (string s in filter.IPLocationList)
                {
                    if (record.ClientIPLocation.StartsWith(s) == true)
                    {
                        flag = true;
                        break;
                    }
                }
                if (flag == false) return false;
            }

            if (filter.AllowQueryByReferer)
            {
                bool flag = false;
                foreach (string s in filter.RefererList)
                {
                    if (record.Referer.ToLower().StartsWith(s) == true)
                    {
                        flag = true;
                        break;
                    }
                }
                if (flag == false) return false;
            }

            if (filter.AllowQueryByUri)
            {
                bool flag = false;
                foreach (string s in filter.UriList)
                {
                    //if (r.UriStem.StartsWith(s) == true)
                    if(record.UriStem.ToLower().Contains(s) == true)
                    {
                        flag = true;
                        break;
                    }
                }
                if (flag == false) return false;
            }

            if (filter.AllowQueryByUserAgent)
            {
                bool flag = false;
                foreach (string s in filter.UserAgentList)
                {
                    if (record.UserAgent.StartsWith(s) == true)
                    {
                        flag = true;
                        break;
                    }
                }
                if (flag == false) return false;
            }

            return true;
        }