本博客主要讲述Center的审计策略表安装和策略添加
使用事务添加
1、开启事务
my->StartTransaction();
2、编写sql语句
//清除原来数据,防止数据污染my->Query("DROP TABLE IF EXISTS `t_strategy`");string sql = "CREATE TABLE `t_strategy` (\`id` INT AUTO_INCREMENT,\`name` VARCHAR(256) CHARACTER SET 'utf8' COLLATE 'utf8_bin',\`strategy` VARCHAR(4096),\PRIMARY KEY(`id`))";bool re= my->Query(sql.c_str());
Query的代码如下 :
bool LXMysql::Query(const char* sql, unsigned long sqllen){if (!mysql)//如果mysql没有初始化好{cerr << "Query failed: mysql is NULL" << endl;return false;}if (sql == NULL){cerr << "sql is NULL" << endl;return false;}if (sqllen <= 0){sqllen = (unsigned long)strlen(sql);//强转}if (sqllen <= 0){cerr << "Query sql is empty or wrong format!" << endl;}int re = mysql_real_query(mysql, sql, sqllen);if (re != 0){cerr << "mysql_real_query fqiled!" << mysql_error(mysql) << endl;return false;}return true;}
3、 如果sql语句添加表格失败的话,直接回滚
if (!re){my->RollBack();return false;}
4、往表格添加数据
{XDATA data;data["name"] = u8"用户登录失败";data["strategy"] = ".*Failed password for (.+) from ([0-9.]+) port ([0-9]+).*";my->Insert(data, "t_strategy");data["name"] = u8"用户登录成功"; //Accepted password for fdd from 192.168.122.128 port 49072 ssh2data["strategy"] = ".*Accepted password for (.+) from ([0-9.]+) port ([0-9]+).*";my->Insert(data, "t_strategy");}
4.1、正则表达式,其实也就是如何将日志的输出写出来,不重要
//正则表达式/*当agent输入密码错误的时候Jan 13 15:29:23 fdd-virtual-machine sshd[2754]: Failed password for fdd from 192.168.122.128 port 43042 ssh2.表示任意字符 *表示0-多个 +表示1-多个 .* 0-多个字符.+ 至少有一个字符Failed password for匹配字符串for (.+) from 取到用户名from ([0-9.]+) port 在port之间取到了IP地址[ ]表示这是那些字符集 */
5、提交事务,关闭事务
my->Commit();my->StopTransaction();
6、事物的函数定义如下:
bool LXMysql::StartTransaction(){//有一个start Transaction的接口,只需要调用另外一个接口,也就是把自动提交return Query("set autocommit=0");}bool LXMysql::StopTransaction(){return Query("set autocommit=1");}bool LXMysql::Commit(){return Query("commit");}bool LXMysql::RollBack(){return Query("rollback");}
完结: