Modify: turbovpn新增udp payload识别，需预定义Turbo_UDP

author: 尹姜谊 <[email protected]> 2024-03-14 09:33:45 +0800
committer: 尹姜谊 <[email protected]> 2024-03-14 09:33:45 +0800
commit: b0484623c1e41dcafe9bd28faf01dc95ca091903 (patch)
tree: 7ada8461de2fe4cc84643a8dd865fa49e6caf33b /config24.01.yaml
parent: 56449ee5cd45724329101ac19fddcfd0c584a9b5 (diff)
1 files changed, 2 insertions, 1 deletions
diff --git a/config24.01.yaml b/config24.01.yaml
index 47a7c42..606c8fe 100644
--- a/config24.01.yaml
+++ b/config24.01.yaml
@@ -23,6 +23,7 @@ clickhouse:
     password: galaxy2019
     db_name: tsg_galaxy_v3
     table_name: session_record
+    security_table_name: security_event
 
 mariadb:
     host: 192.168.44.53
@@ -128,7 +129,7 @@ turbovpn:
     plugin_name: turbovpn
     object_type: ip
     confidence: confirmed
-    sql: SELECT server_ip FROM {$db_name}.{$table_name} WHERE {$time_filter} AND server_port IN (66, 109, 8080, 97, 94, 92, 21, 25) GROUP BY server_ip having length(groupUniqArray(server_port))>3
+    sql: SELECT server_ip FROM {$db_name}.{$table_name} WHERE {$time_filter} AND server_port IN (66, 109, 8080, 97, 94, 92, 21, 25) GROUP BY server_ip having length(groupUniqArray(server_port))>3 UNION ALL SELECT server_ip FROM {$db_name}.{$security_table_name} WHERE {$time_filter} AND (app_transition LIKE '%Turbo_UDP%')
 
 
 geckovpn:
author	尹姜谊 <[email protected]>	2024-03-14 09:33:45 +0800
committer	尹姜谊 <[email protected]>	2024-03-14 09:33:45 +0800
commit	b0484623c1e41dcafe9bd28faf01dc95ca091903 (patch)
tree	7ada8461de2fe4cc84643a8dd865fa49e6caf33b /config24.01.yaml
parent	56449ee5cd45724329101ac19fddcfd0c584a9b5 (diff)