基于端口和Flink CEP进行恶意登录监控

package commmm

import java.util

import org.apache.flink.cep.PatternSelectFunction
import org.apache.flink.cep.scala.CEP
import org.apache.flink.cep.scala.pattern.Pattern
import org.apache.flink.streaming.api.TimeCharacteristic
import org.apache.flink.streaming.api.functions.timestamps.BoundedOutOfOrdernessTimestampExtractor
import org.apache.flink.streaming.api.scala._
import org.apache.flink.streaming.api.windowing.time.Time
//输入登录事件样类型
case class LoginEvent(userId: Long, ip: String, eventType: String, evenTime: Long)

//输出报警信息类型
case class Warning(userId: Long, firstFailTime: Long, lastFailTime: Long, warningMsg: String)

object Word4 {

def main(args: Array[String]): Unit = {
val env = StreamExecutionEnvironment.getExecutionEnvironment

env.setParallelism(1)

env.setStreamTimeCharacteristic(TimeCharacteristic.EventTime)

val LonginEntStream= env.socketTextStream("hdp222",555)
  .map(data => {
    val dataArray: Array[String] = data.split(",")
    LoginEvent(dataArray(0).trim.toLong, dataArray(1).trim, dataArray(2).trim, dataArray(3).trim.toLong)
  }).assignTimestampsAndWatermarks(new BoundedOutOfOrdernessTimestampExtractor[LoginEvent](Time.seconds(1)) {
  override def extractTimestamp(element: LoginEvent): Long = element.evenTime*1000
})

val loginfailpa = Pattern.begin[LoginEvent]("begin").where(_.eventType=="fail")
  .next("next").where(_.eventType=="fail")
  .within(Time.seconds(2))
val patternStream = CEP.pattern(LonginEntStream, loginfailpa)

patternStream.select(new LonginFailmath()).print("warning")

env.execute("login fail with job")

}

}
class LonginFailmath()extends PatternSelectFunction[LoginEvent,Warning]{
override def select(map: util.Map[String, util.List[LoginEvent]]): Warning = {
//第一个失败事件
val firstFail = map.get(“begin”).iterator().next()
//第二个失败事件
val lasetFail = map.get(“next”).iterator().next()
//包装 输出信息
Warning(firstFail.userId,firstFail.evenTime,lasetFail.evenTime,“在两秒没连续登录梁从失败！”)
}
}