/// <summary>
/// IIS日志分析器
/// </summary>
/// <param name="filepath"></param>
public static void IISlogAnalyzer(string filepath, Func<IISLogEvent, bool> express, Func<IISLogEvent, bool> whiteExpress, string rulename, int cnt = 1000)
{
List<IISLogEvent> logs = new List<IISLogEvent>();
using (ParserEngine parser = new ParserEngine(filepath))
{
while (parser.MissingRecords)
{
logs = parser.ParseLog().ToList();
}
List<string> ipList = new List<string>();
string hostIp = logs.Select(g => g.sIp).FirstOrDefault();
string expireTS = ConfigurationManager.AppSettings["expirets"].ToString();
ResetFireWallBlackIp(rulename, hostIp, expireTS);//清除防火墙中过期的黑名单Ip
ipList = logs.Where(whiteExpress).Where(express).Select(i => i.cIp).Distinct().ToList();
ipList = ipList.Union(logs.Where(whiteExpress).GroupBy(item => item.cIp).Select(g => new { cip = g.Key, cnt = g.Count() }).Where(g => g.cnt > cnt).Select(i => i.cip).ToList()).ToList();
SaveToDB(hostIp, ipList);
string ips = string.Join(",", ipList);
if (!string.IsNullOrEmpty(ips))
{
LogHelper.WriteLog("warnning", "IISlogAnalyzer", "发现异常IP:" + ips);
PutFireWall(rulename, ips);
}
}
}
/// <summary>
/// 加入防火墙黑名单
/// </summary>
/// <param name="ip"></param>
public static void PutFireWall(string ruleName, string ip)
{
try
{
INetFwPolicy2 firewallPolicy = (INetFwPolicy2)Activator.CreateInstance(Type.GetTypeFromProgID("HNetCfg.FwPolicy2"));
var rule = firewallPolicy.Rules.Item(ruleName);
rule.RemoteAddresses += "," + ip;
}
catch (Exception ex)
{
LogHelper.WriteLog("error", "防火墙操作", ex.ToString());
}
}
【推荐】国内首个AI IDE,深度理解中文开发场景,立即下载体验Trae
【推荐】编程新体验,更懂你的AI,立即体验豆包MarsCode编程助手
【推荐】抖音旗下AI助手豆包,你的智能百科全书,全免费不限次数
【推荐】轻量又高性能的 SSH 工具 IShell:AI 加持,快人一步
· 分享4款.NET开源、免费、实用的商城系统
· 全程不用写代码,我用AI程序员写了一个飞机大战
· MongoDB 8.0这个新功能碉堡了,比商业数据库还牛
· 白话解读 Dapr 1.15:你的「微服务管家」又秀新绝活了
· 上周热点回顾(2.24-3.2)