package models import "gorm.io/gorm" // GetAllModels 数据库迁移用模型列表 func GetAllModels() []interface{} { return []interface{}{ &LogEvent{}, &AlertOutbox{}, &ResourceMapping{}, &ResourceEventDedup{}, &TrapDictionaryEntry{}, &SyslogRule{}, &TrapRule{}, &TrapShield{}, &AuditLog{}, &DangerousOperationApproval{}, } } // InitData 初始化默认规则数据(幂等) func InitData(db *gorm.DB) error { if db == nil { return nil } if err := seedDefaultSyslogRules(db); err != nil { return err } if err := seedDefaultTrapRules(db); err != nil { return err } if err := seedDefaultTrapDictionary(db); err != nil { return err } return nil } func seedDefaultSyslogRules(db *gorm.DB) error { var cnt int64 if err := db.Model(&SyslogRule{}).Count(&cnt).Error; err != nil { return err } if cnt > 0 { return nil } rows := []SyslogRule{ { Name: "默认-系统严重错误", Enabled: true, Priority: 100, DeviceNameContains: "", KeywordRegex: "(?i)(panic|fatal|segmentation fault|kernel panic|out of memory|oom)", AlertName: "Syslog严重错误", SeverityCode: "critical", PolicyID: 0, }, { Name: "默认-链路中断告警", Enabled: true, Priority: 90, DeviceNameContains: "", KeywordRegex: "(?i)(link down|interface .* down|port .* down)", SourceMatch: "", MessageRegex: "(?i)(link down|interface .* down|port .* down|LINK_DOWN)", AlertName: "Syslog链路中断", SeverityCode: "major", SeverityMappingJSON: `{"(?i)(critical|fatal|emergency)":"critical","(?i)(error|LINK_DOWN|down)":"major","(?i)(warning|warn)":"warning"}`, ResourceUIDExtractRegex: `(?i)(?:resource_uid=|resource=)(?P[a-z0-9_-]+:[a-z0-9_.:/-]+)|Interface (?P[A-Za-z0-9/._-]+)`, PolicyID: 0, }, { Name: "H3C-Syslog-接口中断", Enabled: true, Priority: 120, SourceMatch: "h3c", MessageRegex: `(?i)(LINK_DOWN|Interface .* down|port .* down)`, AlertName: "H3C Syslog接口中断", SeverityCode: "major", SeverityMappingJSON: `{"(?i)(LINK_DOWN|down)":"major","(?i)(LINK_UP|up)":"info"}`, ResourceUIDExtractRegex: `(?i)(?:resource_uid=|resource=)(?Pnetwork:[a-z0-9_.:/-]+)|Interface (?P[A-Za-z0-9/._-]+)`, PolicyID: 0, }, } return db.Create(&rows).Error } func seedDefaultTrapRules(db *gorm.DB) error { var cnt int64 if err := db.Model(&TrapRule{}).Count(&cnt).Error; err != nil { return err } if cnt > 0 { return nil } rows := []TrapRule{ { Name: "默认-Trap链路中断", Enabled: true, Priority: 100, OIDPrefix: "1.3.6.1.6.3.1.1.5", VarbindMatchRegex: "(?i)(linkdown|ifdown|down)", AlertName: "SNMP Trap链路中断", SeverityCode: "major", PolicyID: 0, }, } return db.Create(&rows).Error } func seedDefaultTrapDictionary(db *gorm.DB) error { var cnt int64 if err := db.Model(&TrapDictionaryEntry{}).Count(&cnt).Error; err != nil { return err } if cnt > 0 { return nil } rows := []TrapDictionaryEntry{ { Vendor: "H3C", OID: "1.3.6.1.6.3.1.1.5.3", OIDPrefix: "1.3.6.1.6.3.1.1.5.3", Name: "H3C ifDown 接口中断", Title: "ifDown 接口中断", Description: "检测到设备接口状态变为 down。", SeverityCode: "major", SeverityMappingJSON: `{"down":"major","up":"info"}`, ParseExpression: `(?i)(ifName|interface)=?(?P[A-Za-z0-9/._-]+)`, RecoveryMessage: "请检查链路、端口状态和对端设备。", Enabled: true, }, { Vendor: "H3C", OID: "1.3.6.1.6.3.1.1.5.4", OIDPrefix: "1.3.6.1.6.3.1.1.5.4", Name: "H3C ifUp 接口恢复", Title: "ifUp 接口恢复", Description: "检测到设备接口状态恢复为 up。", SeverityCode: "info", SeverityMappingJSON: `{"up":"info"}`, ParseExpression: `(?i)(ifName|interface)=?(?P[A-Za-z0-9/._-]+)`, RecoveryMessage: "接口已恢复,请确认业务连通性。", Enabled: true, }, } return db.Create(&rows).Error }