Add attack log counting to GetWaf method for current day

This update introduces functionality to count attack logs for the current day within the GetWaf method. It utilizes a boolean query to filter logs based on the service ID and the attack time range, enhancing the WAF service's ability to track and report attack activity accurately.

Add attack log counting to GetWaf method for current day
This update introduces functionality to count attack logs for the current day within the GetWaf method. It utilizes a boolean query to filter logs based on the service ID and the attack time range, enhancing the WAF service's ability to track and report attack activity accurately.
d00530ed · qiuqunfeng · 4d764558 · d00530ed
Commit d00530ed authored Apr 03, 2025 by qiuqunfeng
Hide whitespace changes
Inline Side-by-side

Showing with 20 additions and 0 deletions

internal/service/waf.go internal/service/waf.go +20 -0

No files found.
--- a/internal/service/waf.go
+++ b/internal/service/waf.go
@@ -122,6 +122,26 @@ func (s *wafService) GetWaf(ctx context.Context, regionCode, namespace, gatewayN
 		return nil, fmt.Errorf("failed to get enabled rule count: %v", err)
 	}

+	// Count attack logs for current day
+	now := time.Now()
+	startOfDay := time.Date(now.Year(), now.Month(), now.Day(), 0, 0, 0, 0, now.Location())
+	endOfDay := startOfDay.Add(24 * time.Hour)
+
+	boolQuery := elastic.NewBoolQuery()
+	boolQuery.Must(elastic.NewTermQuery("service_id", wafService.ID))
+	boolQuery.Filter(elastic.NewRangeQuery("attack_time").
+		Gte(startOfDay.UnixMilli()).
+		Lt(endOfDay.UnixMilli()))
+	boolQuery.Filter(elastic.NewBoolQuery().MustNot(elastic.NewTermQuery("action", "pass")))
+
+	result, err := s.elasticClient.Count("waf-detections*").
+		Query(boolQuery).
+		Do(ctx)
+	if err != nil {
+		return nil, fmt.Errorf("failed to count attack logs: %v", err)
+	}
+
+	wafService.AttackNum = int(result)
 	return &WafService{
 		GatewayName: wafService.GatewayName,
 		Mode:        wafService.Mode,