Refactor WAF detection handling in LogConsumerService to improve event generation and error logging

This update replaces direct assignment of WAF detection properties with a new method for generating WAF detections and events, enhancing code clarity and maintainability. Additionally, error handling has been improved to log failures during the generation process, ensuring better visibility into issues that may arise.

Refactor WAF detection handling in LogConsumerService to improve event generation and error logging
This update replaces direct assignment of WAF detection properties with a new method for generating WAF detections and events, enhancing code clarity and maintainability. Additionally, error handling has been improved to log failures during the generation process, ensuring better visibility into issues that may arise.
9d8c640a · qiuqunfeng · eb384897 · 9d8c640a
Commit 9d8c640a authored Jun 12, 2025 by qiuqunfeng
Show whitespace changes
Inline Side-by-side

Showing with 19 additions and 6 deletions

internal/service/log_consumer.go internal/service/log_consumer.go +19 -6

No files found.
--- a/internal/service/log_consumer.go
+++ b/internal/service/log_consumer.go
@@ -25,6 +25,7 @@ const (
 	EsIndexWafDetections      = "waf-detections*"
 	EsIndexWafDetectionsAlias = "waf-detections"
+	ESIndexEvents             = "events"
 )
 var scramAlgo = map[string]scram.Algorithm{
@@ -229,13 +230,25 @@ func (s *LogConsumerService) Handle(ctx context.Context, message []byte) error {
 		if WafDetectionMessage.AttackedLog[i].Action != "pass" {
 			unPassCount++
 		}
-		WafDetections[i].WafDetectionMessageBasic = WafDetectionMessage.WafDetectionMessageBasic
+		// WafDetections[i].WafDetectionMessageBasic = WafDetectionMessage.WafDetectionMessageBasic
-		WafDetections[i].WafDetectionAttackedLog = WafDetectionMessage.AttackedLog[i]
+		// WafDetections[i].WafDetectionAttackedLog = WafDetectionMessage.AttackedLog[i]
-		WafDetections[i].WafDetectionAttackedLog.ID = id.Str()
+		// WafDetections[i].WafDetectionAttackedLog.ID = id.Str()
-		WafDetections[i].CreatedAt = WafDetectionMessage.CreatedAt
+		// WafDetections[i].CreatedAt = WafDetectionMessage.CreatedAt
+		wafDetection, err := s.genWafDetection(WafDetectionMessage, WafDetectionMessage.AttackedLog[i])
+		if err != nil {
+			log.Err(err).Str("message.Value", string(message)).Msg("gen waf detection fails")
+			continue
+		}
+		WafDetections[i] = wafDetection
+		event, err := s.genWafDetectionEvent(WafDetectionMessage)
+		if err != nil {
+			log.Err(err).Str("message.Value", string(message)).Msg("gen waf detection event fails")
+			continue
+		}
 		bulkIndexSignal := es.NewBulkIndexRequest().Index(EsIndexWafDetectionsAlias)
-		bulkableRequests = append(bulkableRequests, bulkIndexSignal.Id(WafDetections[i].WafDetectionAttackedLog.ID).Doc(WafDetections[i]))
+		bulkableRequests = append(bulkableRequests, bulkIndexSignal.Id(wafDetection.WafDetectionAttackedLog.ID).Doc(wafDetection))
+		bulkIndexEvent := es.NewBulkIndexRequest().Index(ESIndexEvents)
+		bulkableRequests = append(bulkableRequests, bulkIndexEvent.Id(event.ID).Doc(event))
 	}
 	s.esStore.Save(ctx, bulkableRequests)