I. Defining a log model
Public classLogger {//Log Number PrivateString ID; //Destination IP PrivateString Targetip; //Destination Port PrivateString Targetport; //Source IP PrivateString sourceIp; //Source Port PrivateString Sourceport; //creation Time Private LongCreatetime; //Asset IP PrivateString Assetsid; PublicList<string>getTags () {returntags; } Public voidSettags (list<string>tags) { This. tags =tags; } Privatelist<string> tags =NewArraylist<string>(); PublicString getId () {returnID; } Public voidsetId (String id) { This. ID =ID; } PublicString Gettargetip () {returnTargetip; } Public voidSettargetip (String targetip) { This. Targetip =Targetip; } PublicString Gettargetport () {returnTargetport; } Public voidSettargetport (String targetport) { This. Targetport =Targetport; } PublicString Getsourceip () {returnsourceIp; } Public voidSetsourceip (String sourceIp) { This. sourceIp =sourceIp; } PublicString Getsourceport () {returnSourceport; } Public voidSetsourceport (String sourceport) { This. Sourceport =Sourceport; } Public LongGetcreatetime () {returnCreatetime; } Public voidSetcreatetime (Longcreatetime) { This. Createtime =Createtime; } PublicString Getassetsid () {returnAssetsid; } Public voidSetassetsid (String assetsid) { This. Assetsid =Assetsid; }}
Second, write rules algorithm file
Import"Logger1" when $logger: Logger (targetip= = "192.168.26.108") then $logger. GetTags (). Add ("test Machine"); System.out.println ("Logger:" +$logger. Gettargetip ()); End
Third, write the drools load code
Importjava.util.Collection;ImportOrg.drools.core.event.DebugAgendaEventListener;ImportOrg.drools.core.event.DebugRuleRuntimeEventListener;Importorg.kie.api.KieServices;ImportOrg.kie.api.io.ResourceType;ImportOrg.kie.api.runtime.KieContainer;Importorg.kie.api.runtime.KieSession;Importorg.kie.internal.KnowledgeBase;Importorg.kie.internal.KnowledgeBaseFactory;ImportOrg.kie.internal.builder.KnowledgeBuilder;Importorg.kie.internal.builder.KnowledgeBuilderFactory;ImportOrg.kie.internal.definition.KnowledgePackage;Importorg.kie.internal.io.ResourceFactory;Importorg.kie.internal.runtime.StatefulKnowledgeSession; Public classLoggertag { Public voidRunrules (string[] rules, object[] facts)throwsException {Knowledgebase Kbase=knowledgebasefactory.newknowledgebase (); Knowledgebuilder Kbuilder=knowledgebuilderfactory. Newknowledgebuilder (); for(inti = 0; i < rules.length; i++) {String rulefile=Rules[i]; System.out.println ("Loading file:" +rulefile); Kbuilder.add (Resourcefactory.newclasspathresource (Rulefile, Loggertag.class), RESOURCETYPE.DRL); } Collection<KnowledgePackage> pkgs =kbuilder.getknowledgepackages (); Kbase.addknowledgepackages (PKGS); Statefulknowledgesession ksession=kbase.newstatefulknowledgesession (); for(inti = 0; i < facts.length; i++) {Object fact=Facts[i]; System.out.println ("Inserting fact:" +fact); Ksession.insert (fact); } ksession.fireallrules (); } }
Iv. Test Code
public class Example1 {public static void main (string[] args) throws Exception {list<logger> loggerlist = Loggerdata . GetLogger (); new Loggertag (). Runrules (new string[] {"LOGGER1.DRL"},loggerlist.toarray ()); if (loggerlist! = null & & Loggerlist.size () > 0) {for (Logger logger:loggerlist) {for (String tag:logger.getTags ()) {System.out.println ("tag:" +tag);}}}}
Drools to label the logs