package attackevent import ( "bytes" "dt_automate/conn" "dt_automate/tool" "log" "math" "net/url" "strconv" "time" "github.com/Esword618/unioffice/schema/soo/sml" "github.com/Esword618/unioffice/spreadsheet" ) // var cookieStr string // var Counts int //存储总条数 // var err error // 传入cookie func Fw_event(cookieStr string) { ss := spreadsheet.New() sheet := ss.AddSheet() // sheet.SetFrozen(true, false) v := sheet.InitialView() v.SetState(sml.ST_PaneStateFrozen) v.SetXSplit(0) //冻结列 v.SetYSplit(1) //冻结行 // v.SetTopLeft("B2") // // 获取第一个工作表 // sheet, err := ss.GetSheet("Sheet2") // if err != nil { // log.Println(err) // } sheet.Cell("A1").SetString("序号") sheet.Cell("B1").SetString("攻击时间") sheet.Cell("C1").SetString("源安全域") sheet.Cell("D1").SetString("目的安全域") sheet.Cell("E1").SetString("源IP") sheet.Cell("F1").SetString("目的IP") sheet.Cell("G1").SetString("目的端口") sheet.Cell("H1").SetString("威胁名称") sheet.Cell("I1").SetString("攻击类别") sheet.Cell("J1").SetString("攻击子类别") sheet.Cell("K1").SetString("应用协议") sheet.Cell("L1").SetString("域名（host）") //当前时间 EndTime := time.Unix(tool.Timestamp("second"), 0).Format("2006-01-02T15:04:05") //今天0点 StartTime := time.Date(time.Now().Year(), time.Now().Month(), time.Now().Day(), 0, 0, 0, 0, time.Now().Location()).Format("2006-01-02T15:04:05") //昨天23点59分59秒 EndTime_1 := time.Date(time.Now().Year(), time.Now().Month(), time.Now().Day(), 0, 0, 0, 0, time.Now().Location()).Add(-1 * time.Second).Format("2006-01-02T15:04:05") StartTime_1 := time.Date(time.Now().Year(), time.Now().Month(), time.Now().Day(), 0, 0, 0, 0, time.Now().Location()).Add(-8 * time.Hour).Format("2006-01-02T15:04:05") // log.Println(EndTime_1) // log.Println(StartTime_1) // 构建 x-www-form-urlencoded 格式的请求体 //今天0点到现在的攻击事件 values := url.Values{} values.Add("xml", "

1"+StartTime+""+EndTime+"1200{"SrcZoneName":"Untrust","DestZoneName":"Trust"}

") values.Add("req_menu", "M_Monitor/M_AtkLog/M_ThreatLog") //昨天下午16点到晚上23点59分59秒的攻击事件 values_1 := url.Values{} values_1.Add("xml", "

1"+StartTime_1+""+EndTime_1+"1200{"SrcZoneName":"Untrust","DestZoneName":"Trust"}

") values_1.Add("req_menu", "M_Monitor/M_AtkLog/M_ThreatLog") header := map[string]string{ "Content-Type": "application/x-www-form-urlencoded; charset=UTF-8", "referer": "https://11.2.68.146/wnm/frame/index.php", "cookie": cookieStr, } //先查询昨天的事件 body := conn.DT_POST("https://11.2.68.146/wnm/get.j", header, bytes.NewBufferString(values_1.Encode())) // log.Println(string(body)) log.Println(body) var Con int //插入总数 //存储昨日攻击事件 if body.LogPaging[0].TotalCounts > "200" { a, err := strconv.ParseFloat(body.LogPaging[0].TotalCounts, 64) if err != nil { log.Println(err) } log.Println("昨日查询到总条数：", a) totalPages := int(math.Floor(float64(a))/float64(200) + 1) log.Println(totalPages) for i := 1; i < totalPages+1; i++ { // values_1 := url.Values{} // values_1.Add("xml", "

1"+StartTime_1+""+EndTime_1+""+strconv.Itoa(i)+"200{"SrcZoneName":"Untrust","DestZoneName":"Trust"}

") // values_1.Add("req_menu", "M_Monitor/M_AtkLog/M_ThreatLog") body := conn.DT_POST("https://11.2.68.146/wnm/get.j", header, bytes.NewBufferString(values_1.Encode())) log.Println(values_1, i) for v, k := range body.LogPaging { Con = v + 2 sheet.Cell("A" + strconv.Itoa(Con)).SetString(strconv.Itoa(Con)) // 第一列 (A1) sheet.Cell("B" + strconv.Itoa(Con)).SetString(k.OutputJSON.Time) sheet.Cell("C" + strconv.Itoa(Con)).SetString(k.OutputJSON.SrcZoneName) sheet.Cell("D" + strconv.Itoa(Con)).SetString(k.OutputJSON.DestZoneName) sheet.Cell("E" + strconv.Itoa(Con)).SetString(k.OutputJSON.SrcIPAddr) sheet.Cell("F" + strconv.Itoa(Con)).SetString(k.OutputJSON.DestIPAddr) sheet.Cell("G" + strconv.Itoa(Con)).SetString(k.OutputJSON.DestPort) sheet.Cell("H" + strconv.Itoa(Con)).SetString(k.OutputJSON.ThreatName) sheet.Cell("I" + strconv.Itoa(Con)).SetString(k.OutputJSON.MethodNameCN) sheet.Cell("J" + strconv.Itoa(Con)).SetString(k.OutputJSON.MethodSubNameCN) sheet.Cell("K" + strconv.Itoa(Con)).SetString(k.OutputJSON.Application) sheet.Cell("L" + strconv.Itoa(Con)).SetString(k.OutputJSON.HttpHost) } } } Con = Con + 1 //存储今日攻击事件 body_1 := conn.DT_POST("https://11.2.68.146/wnm/get.j", header, bytes.NewBufferString(values_1.Encode())) if body_1.LogPaging[0].TotalCounts > "200" { a, err := strconv.ParseFloat(body_1.LogPaging[0].TotalCounts, 64) if err != nil { log.Println(err) } log.Println("今日查询到总条数：", a) totalPages := int(math.Floor(float64(a))/float64(200) + 1) log.Println(totalPages) for i := 1; i < totalPages+1; i++ { // values_1 := url.Values{} // values_1.Add("xml", "

1"+StartTime+""+EndTime+""+strconv.Itoa(i)+"200{"SrcZoneName":"Untrust","DestZoneName":"Trust"}

") // values_1.Add("req_menu", "M_Monitor/M_AtkLog/M_ThreatLog") body_1 := conn.DT_POST("https://11.2.68.146/wnm/get.j", header, bytes.NewBufferString(values.Encode())) log.Println(values_1, i) for v, k := range body_1.LogPaging { Con = v + Con sheet.Cell("A" + strconv.Itoa(Con)).SetString(strconv.Itoa(Con)) // 第一列 (A1) sheet.Cell("B" + strconv.Itoa(Con)).SetString(k.OutputJSON.Time) sheet.Cell("C" + strconv.Itoa(Con)).SetString(k.OutputJSON.SrcZoneName) sheet.Cell("D" + strconv.Itoa(Con)).SetString(k.OutputJSON.DestZoneName) sheet.Cell("E" + strconv.Itoa(Con)).SetString(k.OutputJSON.SrcIPAddr) sheet.Cell("F" + strconv.Itoa(Con)).SetString(k.OutputJSON.DestIPAddr) sheet.Cell("G" + strconv.Itoa(Con)).SetString(k.OutputJSON.DestPort) sheet.Cell("H" + strconv.Itoa(Con)).SetString(k.OutputJSON.ThreatName) sheet.Cell("I" + strconv.Itoa(Con)).SetString(k.OutputJSON.MethodNameCN) sheet.Cell("J" + strconv.Itoa(Con)).SetString(k.OutputJSON.MethodSubNameCN) sheet.Cell("K" + strconv.Itoa(Con)).SetString(k.OutputJSON.Application) sheet.Cell("L" + strconv.Itoa(Con)).SetString(k.OutputJSON.HttpHost) } } } // 保存修改后的 Excel 文件 if err := ss.Validate(); err != nil { log.Fatalf("验证文件时出错: %s", err) } if err := ss.SaveToFile("防火墙安全事件.xlsx"); err != nil { log.Fatalf("保存文件时出错: %s", err) } }