wk233
e6d4a8303c
- 核心功能:监控SSH登录事件,检测root登录 - 日志解析:集成systemd journal实时监控 - 告警系统:支持root登录告警和通道处理 - 项目结构:规范的Go项目布局 - 文档:完善README使用说明"
71 lines
1.5 KiB
Go
71 lines
1.5 KiB
Go
package main
|
|
|
|
import (
|
|
"log"
|
|
"os"
|
|
"time"
|
|
|
|
"github.com/wuko233/sysmonitord/internal/config"
|
|
"github.com/wuko233/sysmonitord/internal/monitor"
|
|
)
|
|
|
|
func main() {
|
|
log.Println("启动sysmonitord...")
|
|
|
|
cfg := &config.SSHMonitor{
|
|
Enabled: true,
|
|
DisplayOnShell: true,
|
|
AlertOnRootLogin: true,
|
|
}
|
|
|
|
log.Printf("加载SSH监控配置: %+v\n", cfg)
|
|
|
|
alertChan := make(chan monitor.Alert, 100)
|
|
|
|
log.Println("初始化SSH监控器...")
|
|
sshMonitor := monitor.NewSSHMonitor(cfg, alertChan)
|
|
|
|
log.Println("启用告警处理...")
|
|
go handleAlerts(alertChan)
|
|
|
|
go func() {
|
|
if err := sshMonitor.Start(); err != nil {
|
|
log.Fatalf("启动SSH监控器失败: %v", err)
|
|
}
|
|
}()
|
|
|
|
time.Sleep(3 * time.Second)
|
|
|
|
log.Println("启动sysmonitord完成.")
|
|
log.Println("sysmonitord正在运行...")
|
|
|
|
log.Println("按Ctrl+C退出...")
|
|
|
|
stopChan := make(chan os.Signal, 1)
|
|
|
|
<-stopChan
|
|
|
|
log.Println("停止SSH监控器...")
|
|
if err := sshMonitor.Stop(); err != nil {
|
|
log.Fatalf("停止SSH监控器失败: %v", err)
|
|
}
|
|
|
|
time.Sleep(1 * time.Second)
|
|
|
|
log.Println("sysmonitord已退出.")
|
|
|
|
}
|
|
|
|
func handleAlerts(alertChan <-chan monitor.Alert) {
|
|
for alert := range alertChan {
|
|
log.Printf("[告警] 类型: %s | 级别: %s | 时间: %s | 消息: %s | 数据: %+v\n",
|
|
alert.Type, alert.Level, alert.Timestamp.Format(time.RFC3339), alert.Message, alert.Data)
|
|
|
|
switch alert.Type {
|
|
case "SSH_ROOT_LOGIN":
|
|
log.Println("ROOT用户登入")
|
|
// Todo: 接入发信接口
|
|
}
|
|
}
|
|
}
|